OpenWrt v18.06.1 Changelog

This changelog lists all commits done in OpenWrt since the v18.06.0 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 18.06.1 release.

5f23d0f include/feeds.mk: fix distfeeds.conf without per-feed repos (+1,-1)
e3ab280 kernel: remove linux 3.18 support (+1,-41.4K)
4017c52 kernel: remove linux 4.4 support (+1,-42.1K)

c448f79 tools: m4: fix compilation with glibc 2.28 (+118)
9866622 tools: findutils: fix compilation with glibc 2.28 (+104)

4f30825 sdk: bundle usbip userspace sources (+4)
2589f85 sdk: include arch/arm/ Linux includes along with arch/arm64/ ones (+7,-1)

20c64da kernel: re-add patch for AT8032 Ethernet PHY (+81,-11)
d700eb1 kernel: remove duplicate #define's in at803x Ethernet PHY driver (+14,-20)
f766833 Re-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address (+4,-4)
f8e57f4 kernel: backport mtd patches with Broadcom of_match_table-s (+168,-19)
b5b5f5d kernel: backport mtd support for subpartitions in DT (+402,-36)
9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
e3ab280 kernel: remove linux 3.18 support (+1,-41.4K)
4017c52 kernel: remove linux 4.4 support (+1,-42.1K)
1e5bd42 kernel: usb: dwc2 DMA alignment fixes (+176)
d101899 linux: update license tag to use correct SPDX tag (+1,-1)
eb06fa6 kernel: generic: fix problem with w1-gpio-custom (+86)
0990dfc Revert "kernel: usb: dwc2 DMA alignment fixes" (-176)
ca3174e kernel: bump 4.9 to 4.9.118 (+19,-18)
16d89ef kernel: bump 4.14 to 4.14.61 (+4,-4)
fb5f026 kernel: backport upstream fix for CVE-2018-5390 (+76)
ae1ae07 kernel: remove stray 4.4 references (-2)
bd451d4 kernel: add pending e1000e fixes (+331)
9fe68b4 kernel: move e1000e patches to backports ()
e4a5750 kernel: bump 4.9 to 4.9.119 (+18,-109)
67f91df kernel: bump 4.14 to 4.14.62 (+5,-10)
bfc9a44 kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)
033472e kernel: bump kernel 4.9 to version 4.9.120 (+2,-67)

93782d5 ca-certificates[18.06]]: remove myself as PKG_MAINTAINER (+1,-1)
7d15f96 iperf: bump to 2.0.12 (+2,-2)
c3df07a kernel: gpio-nct5104d remove boardname check (-5)
8139438 dropbear: close all active clients on shutdown (+5)
7e03be7 kernel: leds-apu2 remove boardname check (-12)
25cb85a wwan: Fix teardown for sierra_net driver (+1,-1)
fe90d14 libevent2: Don't build tests and samples (+13)
6603a0c mbedtls: Deactivate platform abstraction (+9)
69c75f0 mbedtls: cleanup config patch (+32,-40)
0d5a041 mbedtls: Activate the session cache (-9)
ea22e3d mbedtls: Update to 2.12.0 (+123,-33)
8d903be curl: Fix CVE-2018-0500 (+33,-1)
2a8d8ad Revert "libevent2: Don't build tests and samples" (-13)
433c94f wpa_supplicant: fix CVE-2018-14526 (+48)
e11df1e openssl: update to version 1.0.2p (+4,-4)

c61f543 firmware: amd64-microcode: update to 20180524 (+2,-2)
aeec1dd firmware: intel-microcode: bump to 20180703 (+6,-6)

da9a7a9 basefiles: Reword sysupgrade message (+1,-1)
6a27c2f base-files: drop fwtool_pre_upgrade (-7)

8be3af9 uclient: update to latest git HEAD (+3,-3)
f2573da uclient-fetch: use package name pattern in message for missing SSL library (+1,-1)
9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename (+6)
f41ff60 uclient-http: basic auth: Handle memory allocation failure (+7,-2)
a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures (+34,-9)
66fb58d uclient-http: Handle memory allocation failure (+3)
2ac991b uclient: Handle memory allocation failure for url (+3)
63beea4 uclient-http: Implement error handling for header-sending (+24,-13)
eb850df uclient-utils: Handle memory allocation failure for url file name (+1,-1)
ae1c656 uclient-http: Close ustream file handle only if allocated (+2,-1)
23d4f66 netifd: update to latest git HEAD (+3,-3)
c1f6a82 system-linux: add autoneg and link-partner output (+6)
e9eff34 system-linux: extend link mode speed definitions (+22,-6)
d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming (+3,-3)
03785fb system-linux: fix build error on older kernels (+2)
57f87ad Introduce new interface event "create" (IFEV_CREATE) (+4)
5cf7975 iprule: rework interface based rules to handle dynamic interfaces (+164,-21)
60293a7 replace fall throughs in switch/cases where possible with simple code changes (+19,-16)
b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy (+2,-1)
908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags (+1,-1)
291ccbb ubus: display correct prefix size for IPv6 prefix address (+1,-1)
263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name() (+4,-2)
a2f952d iprule: fix broken in_dev/out_dev checks (+2,-2)
b8c1bca iprule: remove bogus assert calls (-3)
ca97097 netifd: make sure the vlan ifname fits into the buffer (+3)
75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668) (+2,-2)
a0a1e52 fix compile error (-1)
ea22e3d mbedtls: Update to 2.12.0 (+123,-33)
1e4b5c8 ustream-ssl: update to version 2018-05-22 (+4,-4)
e8a1469 mbedtls: Add support for a session cache (+21)
5322f9d mbedtls: Fix setting allowed cipher suites (+12,-15)

5742a2b libubox: fix mirror hash (+1,-1)
508adbd uci: bump to source date 2018-08-11 (+3,-3)
4c8b4d6 delta: fix parsing malformed delta lines (+38)
5eb0553 rpcd: update to latest git HEAD (+3,-3)
51980c6 uci: reject invalid section and option names (+74)
948bb51 uci: tighten uci add operation error handling (+40,-9)
c2c612b uci: tighten uci set operation error handling (+45,-14)
f91751b uci: tighten uci delete operation error handling (+33,-10)
41333ab uci: tighten uci reorder operation error handling (+15,-3)

9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

e3ab280 kernel: remove linux 3.18 support (+1,-41.4K)

20c64da kernel: re-add patch for AT8032 Ethernet PHY (+81,-11)
9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
ca3174e kernel: bump 4.9 to 4.9.118 (+19,-18)

6c07577 kernel: add missing ARM64_SSBD symbol (+6)

9cc774f at91: do not build image for at91-q5xr5 (+1,-1)

1fe7a17 ath25: Do not build images for ubnt2 and ubnt5 (+2,-2)

f8e57f4 kernel: backport mtd patches with Broadcom of_match_table-s (+168,-19)
9c110b9 bcm53xx: backport DT fix for I2C controller interrupt (+24)
f7e647c bcm53xx: switch USB 3.0 PHY DT description to use MDIO bus (+459,-1)
5828113 bcm53xx: backport BCM5301X/BCM53573 dts commits from 4.19+ (+475,-104)
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
be4ab7e brcm2708: fix w1 patch (+23,-34)
e4a5750 kernel: bump 4.9 to 4.9.119 (+18,-109)

9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
5b1c657 brcm47xx: cosmetic fix in model detection (+1,-1)

b5b5f5d kernel: backport mtd support for subpartitions in DT (+402,-36)
9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

bfc9a44 kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)

9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)

9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)

9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
e4a5750 kernel: bump 4.9 to 4.9.119 (+18,-109)

9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
6c07577 kernel: add missing ARM64_SSBD symbol (+6)
16d89ef kernel: bump 4.14 to 4.14.61 (+4,-4)
bfc9a44 kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)

9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
6c07577 kernel: add missing ARM64_SSBD symbol (+6)

6c07577 kernel: add missing ARM64_SSBD symbol (+6)

9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)
f634635 ramips: fix gigabit switch PHY access on MDIO (+2,-1)
b40316c mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible (+6)
cb043ad Revert "mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible" (-6)
75e4d2d ramips: add missing USB packages into ASL26555-16M (+1,-1)

9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)
6c07577 kernel: add missing ARM64_SSBD symbol (+6)
ca3174e kernel: bump 4.9 to 4.9.118 (+19,-18)

ec1c66f mwlwifi: update to version 10.3.8.0-20180615 (+13,-4)
ccdc1ba Added firmware for 88W8997 (version 8.4.0.11). ()
f325db2 Added code to support 88W8997. (+718,-187)
f0d4733 Enlarged minimum head room from 64 to 128. (+7,-1)
5bc9659 Fixed problem: ack socket buffer is not correct. (+1,-1)
7799b5a Added code to calculate tx init rate. (+75)
9271457 Added code to support mesh. (+137,-2)
de93530 Corrected channel setting for KF2. (+17,-2)
deffe2b Corrected station adding for KF2. (+6,-3)
97dbb61 Corrected power setting for KF2. (+101,-22)
b7a314a Modified the code to avoid warning from mac80211. (+4,-2)
cdaeb32 Added code to display channel definition for vif. (+14)
c61e3a4 Added code to display mesh IEs of mesh vif. (+21,-12)
04b3d0d Added host command set slot time for KF2. (+50)
c6b4541 Added host command EDMAC control for KF2. (+68)
6714fc6 Added extra HW feature for KF2. (+3)
a6dd207 Removed non-ported features for KF2. (-8)
⇒ + 19 more...

888cc05 build: Update README & github help (+22,-17)
5a430bd build: README punctuation pendantry (+2,-2)

#1367

Description: Crash in dwc2_lowlevel_hw_disable when using Huawei E3372
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1367
Commits:
1e5bd42 kernel: usb: dwc2 DMA alignment fixes (+176)

#1541

Description: Invalid Kernel logspam : sit: non-ECT from <various IPs, Invalid IPs>
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1541
Commits:
9e1530b kernel: bump 4.9 to 4.9.117 for 18.06 (+319,-575)

#1571

Description: netifd does not honor rules when using network.lan.enabled=0|1
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1571
Commits:
5cf7975 iprule: rework interface based rules to handle dynamic interfaces (+164,-21)

#1668

Description: netifd: ip6ifaceid='eui64' broken when type is not bridge
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1668
Commits:
23d4f66 netifd: update to latest git HEAD (+3,-3)
c1f6a82 system-linux: add autoneg and link-partner output (+6)
e9eff34 system-linux: extend link mode speed definitions (+22,-6)
d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming (+3,-3)
03785fb system-linux: fix build error on older kernels (+2)
57f87ad Introduce new interface event "create" (IFEV_CREATE) (+4)
5cf7975 iprule: rework interface based rules to handle dynamic interfaces (+164,-21)
60293a7 replace fall throughs in switch/cases where possible with simple code changes (+19,-16)
b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy (+2,-1)
908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags (+1,-1)
291ccbb ubus: display correct prefix size for IPv6 prefix address (+1,-1)
263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name() (+4,-2)
a2f952d iprule: fix broken in_dev/out_dev checks (+2,-2)
b8c1bca iprule: remove bogus assert calls (-3)
ca97097 netifd: make sure the vlan ifname fits into the buffer (+3)
75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668) (+2,-2)
a0a1e52 fix compile error (-1)

#1669

Description: Luci Interface Status showing incorrect ipv6 subnet size
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1669
Commits:
291ccbb ubus: display correct prefix size for IPv6 prefix address (+1,-1)

#1707

Description: libubox PKG_MIRROR_HASH is wrong
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1707
Commits:
5742a2b libubox: fix mirror hash (+1,-1)

#1725

Description: Wireguard & Wireguard-Tools not built for aarch64_cortex-a53 (raspberry pi 3)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1725
Commits:
2589f85 sdk: include arch/arm/ Linux includes along with arch/arm64/ ones (+7,-1)

CVE-2017-5715

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
Commits:
c61f543 firmware: amd64-microcode: update to 20180524 (+2,-2)

CVE-2018-0497

Description: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497
Commits:
ea22e3d mbedtls: Update to 2.12.0 (+123,-33)

CVE-2018-0498

Description: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498
Commits:
ea22e3d mbedtls: Update to 2.12.0 (+123,-33)

CVE-2018-0500

Description: Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500
Commits:
8d903be curl: Fix CVE-2018-0500 (+33,-1)

CVE-2018-0732

Description: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
Commits:
e11df1e openssl: update to version 1.0.2p (+4,-4)

CVE-2018-0737

Description: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
Commits:
e11df1e openssl: update to version 1.0.2p (+4,-4)

CVE-2018-3620

Description: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
Commits:
bfc9a44 kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)
033472e kernel: bump kernel 4.9 to version 4.9.120 (+2,-67)

CVE-2018-3639

Description: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
Commits:
6c07577 kernel: add missing ARM64_SSBD symbol (+6)
aeec1dd firmware: intel-microcode: bump to 20180703 (+6,-6)

CVE-2018-3640

Description: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640
Commits:
aeec1dd firmware: intel-microcode: bump to 20180703 (+6,-6)

CVE-2018-3646

Description: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
Commits:
bfc9a44 kernel: bump kernel 4.14 to version 4.14.63 (+6,-107)
033472e kernel: bump kernel 4.9 to version 4.9.120 (+2,-67)

CVE-2018-5390

Description: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5390
Commits:
fb5f026 kernel: backport upstream fix for CVE-2018-5390 (+76)

CVE-2018-10876

Description: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10876
Commits:
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

CVE-2018-10877

Description: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10877
Commits:
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

CVE-2018-10879

Description: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10879
Commits:
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

CVE-2018-10880

Description: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10880
Commits:
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

CVE-2018-10881

Description: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10881
Commits:
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

CVE-2018-10882

Description: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10882
Commits:
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

CVE-2018-10883

Description: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10883
Commits:
9ce7aa3 kernel: bump 4.14 to 4.14.60 for 18.06 (+164,-660)

CVE-2018-14526

Description: An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526
Commits:
433c94f wpa_supplicant: fix CVE-2018-14526 (+48)

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2018/08/16 16:32
  • by jow