User Tools

Site Tools


releases:18.06:changelog-18.06.2

OpenWrt v18.06.2 Changelog

This changelog lists all commits done in OpenWrt since the v18.06.1 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 18.06.2 release.

Build System / Buildroot (32 changes)

686c6c5 scripts: bundle-libraries: prevent loading host locales (FS#1803) (+21,-5)
3315558 scripts: bundle-libraries: fix logic flaw (+6,-7)
b3c6479 build: use CMAKE_SOURCE_SUBDIR variable to cmake.mk (+2,-2)
55d078b script: ipkg-build: honour $SOURCE_DATE_EPOCH (+5,-1)
d40e909 rules.mk: add INSTALL_SUID macro (+1)
06a20af rules.mk: fix syntax error (+1,-1)
2b51cac scripts: Replace obsolete POSIX tmpnam in slugimage.pl with File::Temp function (+4,-4)
7408cda netfilter: add bpf match support (+3)
ef7a6a4 base-files: add menuconfig option for HOME_URL (+12,-1)
3b9bfe8 build: include package directory in sha256sums when running on buildbot (+3,-2)
becdd2b build: ASLR hardening use $(FPIC) (+1,-1)
24bf0c6 fixup-makefile.pl: fixup when PKG_SOURCE is defined elsewhere (+1,-1)
6d5a6c5 verbose.mk: quote SUBMAKE options (+1,-1)
f8750b1 build: prereq-build.mk: fix gcc/g++ SetupHostCommand invocation (+2,-2)
c0673db build: do not override CCACHE_DIR when ccache is disabled (+2,-2)
f1b086b include/verbose.mk: Add sc to failure message (+1,-1)
1c833e7 base-files: fix HOME_URL replace (+1,-1)
b4454ca build: remove GNU time dependency (+43,-6)
2890abb scripts: time.pl: avoid hard Time::HiRes dependency (+27,-4)
7772a5b build: Unset CDPATH to avoid problems (+2)
42dafa0 build: add support for enabling the rootfs/boot partition size option via tar... (+10,-2)
f5cf9b2 scripts/metadata.pm: avoid adding dup names in provides list (+1)
fa3805f scripts/ipkg-build: quash error messages when conffiles.resolved is empty (+4,-2)
6bcafab rules.mk: add ESED command (+1)
ca05fd5 build: fix kernel headers install for uml (+1,-1)
868a4cf build: insert blank line after KernelPackage template to allow chaining calls... (+1)
8b07cd6 build: remove obsolete -rc kernel testing rewrites (+1,-2)
9885d3a build: Introduce building of artifacts (+18)
c756d66 scripts: update config.guess and config.sub (+1.6K,-1.6K)
75d4465 include/rootfs.mk: remove boot directory (+1)
b98b55a build: fix STAGING_DIR cleaning for packages (+5,-4)
d4178c8 build: fix umask detection bashism (+1,-1)

Build System / Host Utilities (18 changes)

24984b0 tools/bison: Update to 3.0.5 (+10,-32)
a02d9a7 tools: tplink-safeloader: add C7v5 EU SupportList (+5,-1)
bc6c4fc tools/cmake: update to 3.11.4 (+3,-3)
0291b76 tools/ccache: update to 3.4.2 (+5,-5)
15a023a tools/expat: fix docbook2man error on some systems (+3)
16f4057 build: fix libressl build on x32 (amd64ilp32) host (+4)
ed32045 patch: apply upstream cve fixes (+226)
1adb3b2 tools: patch: make patch build depend on automake (+1)
a10c67b tools: patch: Fix build by not modifing Makefile.am (-55)
27528d4 tools: patch: Add missing CVE-2018-6951 fix (+33,-12)
b2df807 tools/patch: Add fedora patch for crashing git style patches (+54,-1)
ae16d0f tools/libressl: Add PKG_CPE_ID for proper CVE tracking (+2)
1249e6d tools/xz: Add PKG_CPE_ID for proper CVE tracking (+1)
5324991 tools/ccache: update to 3.5 (+3,-3)
0340d3a flex: Add a lex symlink (+5)
4921741 tools/e2fsprogs: Update to 1.44.2 (+2,-2)
0cef35f tools/firmware-utils: fix sysupgrade typo in mkdapimg (+1,-1)
d58c6ae tools/firmware-utils: fix sysupgrade typo in mkdapimg2 (+1,-1)

Build System / Image Builder (1 change)

4db4444 imagebuilder: manifest function show stderr (+2,-2)

Build System / SDK (1 change)

cc8e875 sdk: find kernel modules when KDIR is a symlink (+1,-1)

Build System / Toolchain (3 changes)

e60be11 toolchain/glibc: update to latest 2.26 commit (+2,-2)
cb352a7 build: drop buildbot toolchain rebuild check when not using git (+2)
f5e33b9 toolchain: gdb: enable TUI (+1,-1)

Kernel (78 changes)

c3be3c0 kernel: bump 4.9 to 4.9.122 (+6,-6)
705262f kernel: bump 4.14 to 4.14.65 (+2,-2)
a5ccdc0 kernel: bump 4.9 to 4.9.123 (+19,-19)
82f9ef6 kernel: bump 4.14 to 4.14.66 (+14,-14)
6118db3 generic: revert workarounds for AR8337 switch (+1,-62)
5fde931 kernel: bump 4.9 to 4.9.124 (+19,-19)
def9d21 kernel: bump 4.14 to 4.14.67 (+14,-38)
81d73ae kernel: bump 4.9 to 4.9.125 (+14,-20)
55bbd82 kernel: bump 4.14 to 4.14.68 (+163,-240)
b4f672c kernel: bump 4.9 to 4.9.127 for 18.06 (+16,-16)
de76cef kernel: bump 4.14 to 4.14.70 for 18.06 (+102,-6)
0d8d63c kernel: bump 4.9 to 4.9.128 (+6,-6)
492bd8d kernel: bump 4.14 to 4.14.71 (+40,-40)
05606de kernel: pick earlycon regression fixes from the stable-queue.git (+85,-33)
2e946ca kernel: bump 4.9 to 4.9.129 (+21,-41)
81b2bf8 kernel: bump 4.14 to 4.14.72 (+18,-434)
23bd33c kernel: bump 4.9 to 4.9.130 (+6,-6)
670f14c kerneL: bump 4.14 to 4.14.73 (+7,-103)
d837c93 kernel: bump 4.9 to 4.9.131 (+11,-11)
149dcc2 kernel: bump 4.14 to 4.14.74 (+14,-14)
ae2a3a1 kernel: enable memory compaction (+5,-10)
86a3d26 kernel: bump 4.9 to 4.9.132 (+3,-3)
bba7434 kernel: bump 4.14 to 4.14.75 (+100,-100)
70cb2d2 netfilter: add missing dependency for kernel 4.14 (+1,-1)
235148b kernel: bump 4.9 to 4.9.133 (+5,-5)
9ac7eb4 kernel: bump 4.14 to 4.14.76 (+8,-8)
dbd0670 kernel: bump 4.9 to 4.9.134 (+52,-52)
47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)
4dc42ef kernel: bump 4.9 to 4.9.135 (+6,-6)
270b9d3 kernel: bump 4.14 to 4.14.78 (+5,-5)
f1a2b5b kernel: tolerate using UBI/UBIFS on MLC flash (FS#1830) (+26)
f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)
aa0aa47 kernel: Add support for Winbond w25q128jv SPI NOR flash (+86,-18)
eb89dca kernel: bump 4.14 to 4.14.80 (+3,-3)
6f388ad kernel: bump 4.9 to 4.9.137 (+104,-115)
4db74fb kernel: bump 4.14 to 4.14.81 (+30,-77)
dd6d554 kernel: fix ubifs loosing O_TMPFILE data after power cut (+89)
07ef8b7 kernel: bump 4.9 to 4.9.138 (+5,-5)
216c04f kernel: bump 4.14 to 4.14.82 (+8,-8)
bcd7644 kernel: bump 4.9 to 4.9.143 (+48,-40)
2213b20 kernel: bump 4.14 to 4.14.86 (+43,-43)
b2f2433 kernel: bump 4.9 to 4.9.144 (+4,-4)
6f74e26 kernel: bump 4.14 to 4.14.87 (+5,-5)
85f42a7 kernel: bump 4.9 to 4.9.145 (+15,-15)
40e1450 kernel: bump 4.14 to 4.14.88 (+12,-12)
903ef9a kernel: merge kmod-fbcon with kmod-fb (+14,-36)
3a507b2 kernel: avoid flow offload for connections with xfrm on the dst entry (should... (+6,-3)
7408cda netfilter: add bpf match support (+3)
b06665b kernel: adjust bridge port isolate patch to match upstream attribute naming (+4,-4)
e68e498 kernel: replace bridge port isolate hack with upstream patch backport on 4.14 (+150,-82)
edc2af2 kernel: improve ubi auto attach code readability (+62,-52)
e694526 kernel: handle bad blocks in ubi auto attach code (+36,-8)
031d5cf kernel: don't auto attach ubi on read error (+20,-10)
7939cd4 include: add netdev family support for nftables (+20)
38d4ba4 kernel: package x86-optimized crypto-misc modules (+50,-2)
8ec7ad0 kernel: fix kmod-gpio-mcp23s08 for linux 4.14 (+7,-3)
9afbe27 kernel: add kmod-tcp-bbr (+40)
69d6da1 kernel: generic: Fix nftables inet table breakage (+1.2K,-42)
63b867a kernel: fix build of nftables (+67)
991e43c kernel: re-enable MIPS VDSO (-23)
217219e kernel: Activate VDSO on MIPS again (-23)
386a57d kernel: bump 4.9 to 4.9.146 (+4,-4)
7b0e1d2 kernel: bump 4.14 to 4.14.89 (+151,-151)
2f11a9e cns3xxx: fix writing to wrong PCI registers (+158)
1a3c129 kernel: add missing dependency to regmap to kmod-gpio-mcp23s08 (+1,-1)
c1e53d2 kernel: build support for NFSv4 in nfsd (+5,-1)
a29fe94 kernel: Add missing config option for NFSDv4 (+1)
0439280 kernel: support gcc-optimized inlining on all architectures (+143,-2)
afcdf09 kernel: fix f2fs on big endian machines (+102)
b9dcf2d kernel: bump 4.9 to 4.9.148 (+10,-14)
367ccf7 kernel: bump 4.14 to 4.14.91 (+16,-109)
c3fef26 cns3xxx: use actual size reads for PCIe (+102)
cae2632 kernel: bump 4.9 to 4.9.150 (+46,-101)
939fa07 kernel: bump 4.14 to 4.14.93 (+57,-112)
455bfd1 kernel: bump 4.9 to 4.9.151 (+2,-2)
7603775 kernel: bump 4.14 to 4.14.94 (+2,-2)
dd5fa21 kernel: bump 4.9 to 4.9.152 (+37,-34)
11bfb39 kernel: bump 4.14 to 4.14.95 (+25,-273)

Packages / Boot Loaders (4 changes)

a0569f5 grub2: Fix CVE-2015-8370 (+45,-1)
a662d6f grub2: rebase patches (+4,-8)
0b99f08 uboot-lantiq: fix compatibility with gcc7 (+142)
91d3b87 uboot-fritz4040: fix crash caused by interaction with gcc 7.1+ (+137)

Packages / Common (117 changes)

8bb9d05 dropbear: backport upstream fix for CVE-2018-15599 (+224,-3)
159a52e comgt: increase timeout on runcommands (+1,-1)
30758ee bzip2: Fix CVE-2016-3189 (+12,-1)
da9fe5a libjson-c: add host build (for libblobmsg-json) (+2)
0320fea libjson-c: fix host-build (+1)
c571627 libjson-c: Update package URL (+1,-1)
549eb9b libjson-c: set HOST_BUILD_PREFIX (+2,-1)
5c8d61d dnsmasq: allow dnsmasq variants to be included in image (+2)
f14c321 kmod-sched-cake: bump to 20180728 optional gso split (+3,-3)
ce7076e sch_cake: Make gso-splitting configurable from userspace (+7,-6)
b2a042b iproute2: cake: make gso/gro splitting configurable (+11,-2)
f6bd1b3 kmod-sched-cake: bump to 20180827 (+3,-3)
e678b38 Temporary fix for kernel panics with flow filters - just disables offending f... (+1,-1)
b6c21ad Reinstate TC filter flow mapping override and expand it to hosts as well (+19,-4)
9f052d9 Move the hash override a bit earlier (+8,-8)
a883e28 Fix pre-4.3 builds (+6,-4)
42175bf Fix pre-3.18 builds (+2)
ae12852 kmod-sched-cake: fix 6in4/gso performance issue (+3,-3)
42e87f1 Add workaround for wrong skb->mac_len values after splitting GSO (+8)
1fdf3b4 iproute2: update cake man page (+81,-3)
a57062a iproute2: q_cake: Add printing of no-split-gso option (+4,-2)
4f6ad3c iproute2: q_cake: Also print nonat, nowash and no-ack-filter keywords (+7,-3)
cd12c91 kmod-sched-cake: don't gso fixup on fixed kernels (+23,-1)
fca87a9 kmod-sched-cake: bump to 20181002 (+4,-26)
ddf4c95 Revert "Add workaround for wrong skb->mac_len values after splitting GSO" (-8)
0dbe3d2 iperf: fix --daemon option (+205,-1)
46a700e e2fsprogs: fix glibc compile issue (FS#1749,FS#1796) (+2)
3a9aed2 dnsmasq: bump to v2.80 (+25,-137)
76574f1 tcpdump: explicitly disable libcap-ng support (+1)
d5afaa4 openvpn: re-add option comp_lzo (+2,-1)
2f2055d ebtables: update to latest git 2018-05-15 (+16,-5)
b1cdae8 extensions: Add string filter to ebtables (+359,-5)
9fff3d5 include: Fix musl libc compatibility (+1)
66a9701 ebtables: Fix build errors and warnings (+14,-15)
1e43299 libnftnl: bump to 1.1.0 (+3,-1.7K)
25f58ed nftables: bump to 0.8.5 version (+8,-1.6K)
fbd8407 package sysfsutils: add support for sysfs settings at boot (+83)
49487b0 wolfssl: update to version 3.14.4 (+6,-149)
2273987 wolfssl: add PKG_CONFIG_DEPENDS symbols (+10,-1)
4212199 wolfssl: change defaults to cover wpa_supplicant needs (+10,-10)
a35f243 hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl (+627,-325)
3dfccf7 tests: sigma_dut DPP/QR initiator as Enrollee (SAE) (+48)
e5b0b58 tests: DPP and SAE AKMs (+42)
d6d7deb Fix wpa_supplicant build with CONFIG_NO_WPA (+3,-2)
d5906fb mesh: Properly handle sae_password (+7,-3)
f75ed52 tests: wpa_supplicant secure mesh using sae_password (+23,-1)
a2ab373 Fix sae_password documentation in wpa_supplicant to refer correct field (+3,-3)
ba3658c Fix build with LibreSSL 2.7 (+26,-9)
dee566d OpenSSL: Skip SSL_OP_NO_TLSv1_3 if not defined to fix LibreSSL build (+2)
4b603f0 DPP: Fix X509_ALGOR_get0() use with LibreSSL (+1,-1)
5ecdf06 DPP: Fix build with LibreSSL v2.5 (+3,-1)
4449efe Fix building nt_password_hash with gnutls (+2,-3)
f875da0 nl80211: Add MLME auth work-around for -EEXIST errno (+4,-4)
2dd5fbb wpa_supplicant: Rename wpas_event_*() to wpas_ap_event_*() (+26,-25)
37547ad wpa_supplicant: Increase authentication timeout if CAC is started (+108,-10)
6a8a04d HS 2.0: Add fetching of Operator Icon Metadata ANQP-element (+16)
0e450db HS 2.0: Allow configuration of operator icons (+99,-21)
⇒ + 105 more…
0d08c67 hostapd: convert ssl provider build options to variants (+285,-85)
000a3fe hostapd: update packaging and patches (+366,-445)
5826efd hostapd: properly build hostapd-only SSL variants (+11,-11)
0d3bdf7 curl: Use ca-bundle for all TLS libraries. (+6,-4)
60b29c9 curl: Add ca-bundle dependency (+1,-1)
3e02d19 ca-certificates: ca-bundle: add symlink for openssl default setting (+2)
b7beb89 nettle: bump to 3.4 (+2,-2)
a6b561d ebtables: update to latest git 2018-06-06 (+3,-3)
e6359ee build: update ebtables.h from kernel and drop local unused copy (+20,-295)
5699354 extensions: fix build failure on fc28 (+1,-1)
1e0db69 hostapd: make cli treat UNKNOWN COMMAND as failing (+11)
cd116c6 libnftnl: bump to version 1.1.1 (+2,-2)
6d59535 nftables: bump to version 0.9.0 (+2,-2)
fe19336 busybox: update to 1.28.4 (+3,-3)
32b18f6 busybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fix (+1,-1)
9f8f5d4 dropbear: let opkg manage symlinks of ssh, scp (+5,-3)
7408cda netfilter: add bpf match support (+3)
66353bd samba36: Disable external libtdb and libtevent (+3,-1)
3e3b286 usbutils: Switch to Fedora usbutils (+5,-5)
3341376 ebtables: update to latest git 2018-06-27 (+5,-5)
53d7e7a extensions: ebt_string: take action if snprintf discards data (+3,-1)
48cff25 build: drop install -o/-g root (+12,-12)
fa112bc librpc: add host build to install h files needed for nfs-kernel-server to get... (+9)
0282d04 openvpn: increase procd termination timeout to 15s (+2,-1)
775473c hostapd: cleanup package definition (+48,-46)
4e4d124 hostapd: fix conflicts hell (+47,-95)
e5c46a1 hostapd: remove unused struct hostapd_ubus_iface (+1,-16)
8dd91b5 brcm2708: Update brcm2708-gpu-fw package (+7,-7)
de3e415 igmpproxy: add a silent logging option (+6,-5)
eb7ab27 igmpproxy: drop SSDP packets (+13,-1)
08e73c9 ncurses: install lib on host build (+2)
eb9ac25 openvpn-easy-rsa: update to 3.0.4 (+29,-6)
30d7924 wolfssl: remove myself as maintainer (-1)
34e3a4a wolfssl: disable broken shipped Job server macro (+21)
e005bee samba36: Enable umdnsd support (+2,-1)
97fddb2 dropbear: backport upstream fix for CVE-2018-15599 (+1,-1)
39420c3 libbsd: Update to 0.8.7 (+272,-45)
62e7ad1 ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values (+2,-2)
69f28f3 hostapd: fix build of wpa-supplicant-p2p (+1)
0dbafc3 strace: fix build on aarch64 (+4)
3dbdd40 hostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIs (+35)
376e929 usbutils: Update usb.ids to 0.315 (+5,-5)
a3446cb lldpd: inhibit linking of libbsd on !GLIBC (+4)
9a01ff5 dante: disable sched_getscheduler() - not implemented in musl (+4,-3)
38e99cb gettext-full: host compile with -fpic (+2)
d5b045b ncurses: use default host install (-6)
b3cc304 iptables: fix dependency for libip6tc on IPV6 (+2,-2)
4e165fb wireguard: bump to 0.0.20180802 (+3,-3)
b920285 wireguard: bump to 0.0.20180809 (+2,-2)
686f707 wireguard: bump to 0.0.20180904 (+2,-2)
9f9f8db wireguard: bump to 0.0.20180910 (+2,-2)
113dadc wireguard: bump to 0.0.20180918 (+2,-2)
fbce302 wireguard: bump to 0.0.20180925 (+2,-2)
8bf1a35 hostapd: fix MAC filter related log spam (+78,-11)
c1a856b hostapd: add support for client taxonomy in the full config (+29,-5)
46fa245 hostapd: expose device taxonomy signature via ubus (+6)
ac7c307 zram-swap: remove trailing whitespaces in init script (+2,-2)
afd6460 zram-swap: Shell cosmetic (+4,-4)
5ff4ea6 zram-swap: compression algorithm configuration option (+18)
9a55097 zram-swap: fix zram dev reset for multicore cpu devices (+10,-12)
2d4b527 zram-swap: fix number of created zram devices for multicore CPU's (+29,-45)
2432658 zram-swap: Add "max compression streams" configuration option (+14)
52e9f03 zram-swap: bump pkg version (+1,-1)
ea08a29 ipset: update to 6.38 (+2,-27)
0609ea0 iw: add iw-full package without size reduction hacks (+43,-20)
ab1b468 iw: fix filtering linked object files for iw-tiny (+1,-1)
dc78c70 iw: strip a few more non-essential features from iw-tiny (+46,-1)
3d4eb56 wolfssl: update to version 3.15.3-stable (+3,-3)
e2637a4 Revert "iptables: fix dependency for libip6tc on IPV6" (+2,-2)
e78aa6f strace: Update to 4.22 (+3,-3)
ec9e3e6 mbedtls: Cosmetic cleanups (+1,-1)
2f97b40 ethtool: Update to 4.16 (+2,-2)
44979a3 ethtool: Update to 4.17 (+2,-2)
83cbf4c ethtool: Update to 4.18 (+2,-2)
1f7504b ethtool: update to 4.19 (+2,-2)
a74369a wireguard: bump to 0.0.20181006 (+2,-2)
a6a3abe wireguard: bump to 0.0.20181007 (+2,-2)
6319242 wireguard: bump to 0.0.20181018 (+2,-2)
6de9491 wireguard: bump to 0.0.20181115 (+2,-2)
753531d wireguard: bump to 0.0.20181119 (+2,-2)
61323d2 dropbear: fix dropbear startup issue (+10,-2)
baa00b2 brcm2708-gpu-fw: update to git HEAD (+7,-7)
abd0f79 kmod-sched-cake: bump to latest cake (+3,-3)
581967c Makefile: Hook into Kbuild/Kconfig infrastructure (+18,-3)
331ac70 Correctly update parent qlen when splitting GSO packets (+3,-2)
e789bd2 opkg: drop argument from check_signature in opkg.conf (+2,-2)
fafd769 opkg: update to latest Git head (+4,-4)
e3d7330 libopkg: don't print unresolved dependencies twice (+8,-3)
18740e6 opkg_download: print error when fork() fails (+3,-1)
34571ba libopkg: consider provided packages in pkg_vec_mark_if_matches() (+12)
89fe77c libopkg: check installed reverse dependencies upon install/upgrade (+117,-19)
9dd9a07 libopkg: fix segmentation fault when traversing conflicts (+14,-31)
d217daf libopkg: fix replacelist parsing and writing (+5,-6)
1504d35 libopkg: accept alternative notation for "Replaces" control field (+1,-1)
fa137c2 Revert "libopkg: check installed reverse dependencies upon install/upgrade" (+19,-117)
7708a01 Revert "libopkg: accept alternative notation for "Replaces" control field" (+1,-1)
1447924 mbedtls: update to 2.14.1 for 18.06 (+56,-29)
8c105c6 wireguard: Update to snapshot 0.0.20181218 (+2,-2)
4f2199f wireguard: bump to 0.0.20190123 (+2,-2)
80ed6eb dnsmasq: backport upstream static lease fix (+55,-1)
39c3b51 openssl: bump to 1.0.2q (+2,-2)
e6162b2 dnsmasq: backport missing braces fix (+6,-3)

Packages / Firmware (4 changes)

2e7e60f ath10k-firmware: Update QCA988X firmware to the latest version (+4,-4)
db4341d ath10k-firmware: Fix mirror hash sum (+1,-1)
31f935e ath10k-firmware: Fix QCA6174 support (+14,-2)
806b570 ath10k: update QCA4019 firmware (+1,-1)

Packages / OpenWrt base files (19 changes)

234b893 base-files: Reintroduce sysupgrade_pre_upgrade hook (+3)
709d080 base-files: fix unkillable processes after restart (+1)
d40de11 base-files: fix prerm return value, align with postinst code (+10,-5)
21bcc90 base-files: exit if mtd write command fails during sysupgrade (+1)
ef7a6a4 base-files: add menuconfig option for HOME_URL (+12,-1)
aa3e4d5 base-files: fix wrong sysctl parameter order (+1,-1)
c58c31b base-files: sysupgrade: abort if config backup fails (+6,-1)
63a87b4 base-files: do not add relevant sections & options except when ipv6 is suppor... (+26,-16)
a2b2a9c base-files: make wifi report unknown command (+3,-2)
54278df base-files: use consistent coding style (+4,-8)
d93bd72 base-files: add function to get mac as text from flash (+23)
57f3a57 base-files: create /etc/ethers by default (+7)
87a6aad base-files: provide more tolerant xterm detection (+5,-1)
4b5e062 base-files: /etc/services: add missing 'rpcbind' alias (+2,-2)
85c7730 base-files: fix postinstall uci-defaults removal (+3,-4)
0ccf009 base-files: add network_get_metric() to /lib/functions/network.sh (+6,-1)
f7a97a2 base-files: sysupgrade: Allow downloading of firmware images using HTTPS (+2,-1)
4c0e15f base-files: install missing /etc/iproute2/ematch_map (+8)
cddd7b4 base-files: config_get: prevent filename globbing (+2,-2)

Packages / OpenWrt network userland (36 changes)

cd49f57 uqmi: wait for the control device too (+2,-2)
9e319b7 odhcp6c: add client fqdn and reconfigure options (+9,-3)
7347ea7 uqmi: pass-through ipXtable to child interfaces (+5,-2)
f3753a9 netifd: fix segfault (FS#1875) (+3,-3)
d0fa124 iprule: fix segfault (FS#1875) (+2,-6)
5337319 uclient: update to latest Git head (+3,-3)
3ba74eb uclient-http: properly handle HTTP redirects via proxy connections (+9,-2)
5435e80 ustream-ssl: fix build against wolfSSL (+3,-3)
189cd38 don't use SSL_CTX_set_ecdh_auto with wolfSSL (+1,-1)
fc0907b netifd: drop conflicting 'device' interface property (+1,-5)
c388a92 swconfig: fix un-initialized return value (+3,-2)
e89126d swconfig: swlib_map_settings(): change return type to void (+1,-1)
43c96e8 iwinfo: update to latest Git HEAD (+3,-3)
a514139 build: compile with -ffunction-sections, -fdata-sections and LTO (+2,-2)
3c30b17 wl: only invoke nvram executable if it exists (+11,-4)
65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO" (+2,-2)
cc6da6f ustream-ssl: update to latest git HEAD (+3,-3)
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility (+74,-35)
450ada0 ustream-ssl: Revised security on mbedtls (+23,-26)
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list (+54,-6)
7a52e0a odhcp6c: apply IPv6/ND configuration earlier (+9,-8)
1e06b02 firewall: bump to git HEAD (+3,-3)
12a7cf9 Add support for DSCP matches and target (+126,-18)
06fa692 defaults: use a generic check_kmod() function (+9,-6)
1c4d5bc defaults: fix check_kmod() function (+1,-1)
8cac88a odhcpd: bump to git HEAD (detect broken hostnames) (+4,-4)
3e17fd9 config: fix odhcpd_attrs array size (+1,-1)
881f66b odhcpd: detect broken hostnames (+64,-8)
d9f845f odhcpd: enable ipv6 server mode only when it is supported (+2,-2)
f6eab3c ds-lite: drop default encaplimit value (+2,-2)
6f50d5c map: drop default encaplimit value (+2,-2)
468a4b5 netifd: do not validate relevant section when ipv6 is not supported (+2,-2)
0ca423d netifd: update to latest git HEAD (+3,-3)
115a694 interface-ip: always override downstream IPv6 mtu (+5,-2)
522456b device: gracefully handle device names exceeding IFNAMESIZ (+77,-21)
de394b3 interface: ensure NO_DEVICE error is always reported (+2,-2)
b9d5a8c interface: extend interface error messages in interface_set_up() (+20,-16)
32f11a8 interface: make __interface_set_down() static (+1,-2)
7454d12 interface: let interface_set_down() return void (+2,-4)
0059335 CMakeList: Check that compiler supports -Wimplicit-fallthrough (+11,-1)
23941d7 system-linux: enable by default ignore encaplimit for ip6 tunnels (+5,-2)
3c8ac1c netifd: fix wpa mixed mode matching (+1,-1)
94e156f scripts: fix previous commit (+1,-1)
aeec2a0 iprule: fix segfault (FS#1875) (+2,-6)
83428fa iprule: coding style fixes (+16,-15)
22476ff wireless: Add Simultaneous Authentication of Equals (SAE) (+7,-1)
c6c3a0d wireless: Add Opportunistic Wireless Encryption (OWE) (+4,-1)
a117e41 wireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise) (+7,-1)
125cbee system-linux: fix a typo in gre tunnel data parsing logic (+1,-1)
⇒ + 1 more…
b1cc8c8 netifd: update to latest git HEAD (+3,-3)
2f7ef7d interface: rework code to get rid of interface_set_dynamic (+27,-28)
d9872db interface: fix removal of dynamic interfaces (+13,-3)
70506bf treewide: make some functions static (+7,-11)
4b83102 treewide: switch to C-code style comments (+36,-32)
d275b30 odhcpd-ipv6only: fix dependency for IPV6 (+2,-1)
d5dd3b1 odhcpd: update to latest git HEAD (FS#1853) (+4,-4)
ee7472a router: don't leak RA message in relay mode (FS#1853) (+1,-1)
402c274 dhcpv6: check return code of dhcpv6_ia_init() (+1,-2)
57f639e odhcpd: make DHCPv6/RA/NDP support optional (+22,-8)
1c56c3d gre: make encaplimit support configurable (+4,-2)
5d80404 uqmi: fix indenting (+16,-16)
860e2da uqmi: redirect uqmi commands output to /dev/null (+12,-12)
251f4fd uqmi: add timeout option value (+5,-2)
5c10aaa uqmi: fix variable initilization for timeout handling (+2)
1e012fd uqmi: do not block proto handler if modem is unable to registrate (+10,-1)
5a3810b uqmi: do not block proto handler if SIM is uninitialized (+9,-1)
4f02bee uqmi: evaluate pin-status output in qmi_setup function (+49,-7)
bcf824a uqmi: stop proto handler if verify pin count is not 3 (+7)
b64622b uqmi: update PKG_RELEASE version (+1,-1)
016a71a odhcpd: backport prefix filter/NETEV_ADDR6LIST_CHANGE event fixes (+4,-4)
ae6cf80 config: correctly break string for prefix filter (+5,-4)
d404c7e netlink: fix triggering of NETEV_ADDR6LIST_CHANGE event (+2,-1)
62ddfaf odhcpd: filter routes based on prefix_filter (+4,-4)
96694ab router: filter route information option (+6,-1)
c5c20f5 odhcpd: noop to fix PKG_SOURCE_DATE (+1,-1)
7f98cd8 odhcpd: fix onlink IA check (FS#2060) (+4,-4)
c70d5cf dhcpv6-ia: fix onlink IA check (FS#2060) (+2,-2)
ae16950 dhcpv6-ia: fix compiler warning (+2,-1)

Packages / OpenWrt system userland (18 changes)

011e7cb ugps: Add option disabled (+4)
27e6d71 ugps: Update to fix position calculation (+3,-3)
928cb53 ugps: Only convert lat and lon to negative after parsing (+5,-5)
0a337da libubox: make sure blobmsg-json is included in host-build (+2,-1)
456f883 libubox: set HOST_BUILD_PREFIX (+1)
13dccfc libubox: set RPATH for host build (+3)
fede6df uhttpd: update to latest Git head (+3,-3)
30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods (+25)
952bf9d build: use _DEFAULT_SOURCE (+2)
7a8b753 uhttpd: support multiple Lua prefixes (+32,-21)
b741dec lua: support multiple Lua prefixes (+100,-27)
a8b292a uhttpd: update to latest Git head (+3,-3)
77b774b build: avoid redefining _DEFAULT_SOURCE (+8,-2)
fa5fd45 file: fix CPP syntax error (+1,-1)
2ed3341 help: document -A option (+1)
0bba1ce uhttpd: fix building without TLS and Lua support (+4)
cdfc902 cgi: escape url in 403 error output (+8,-1)
629073e rpcd: update to latest Git head (+10,-4)
ecd1660 exec: increase maximum execution time to 120s (+19,-3)
2cc4b99 file: use global exec timeout instead of own hardcoded limit (+1,-2)
c79ef22 main: fix logic bug when not specifying a timeout option (+2,-4)
ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout (+6,-6)
7235f34 plugin: store pointer to exec timeout value in the ops structure (+2)
3aa81d0 file: access exec timeout via daemon ops structure (+5,-1)
0d8ef97 ubus: update to latest git HEAD (+3,-3)
0327a91 ubus/lua: add support for BLOBMSG_TYPE_DOUBLE (+13)
73bd847 ubusd_event: move strmatch_len to ubus_common.h (+10,-10)
c035bab ubusd_acl: rework wildcard support (+69,-42)
da503db ubusd_acl: event listen access list support (+24)
221ce7e ubusd_acl: event send access list support (+24)
ab64f9d ugps: update to latest git HEAD (+3,-3)
cdc1478 remove deprication warning (+2,-2)
ccabdf6 nmea.c: Add null byte to nmea fields (+2,-2)
b88037b check timegm return code (+4,-2)
07528d4 nmea.c: set _BSD_SOURCE to have timegm() & stime() on musl (+1)
dfa9d4a fstools: update to latest git HEAD (+3,-3)
242248c fstools: allow to compress the filesystem (+11,-1)
dd02dad fstools: allow the mounting with full access time accounting (+10,-1)
3af64dd fstools: Add the new options available in the menuconfig (+16)
e0daa62 fstools: Install mount.hotplug and 10-fstab.defaults as 600 (+3,-3)
d7275c0 fstools: filter unknown action in mount.hotplug script (+2,-2)
3b4e779 fstools: update to git HEAD (+3,-3)
29e53af fstools: add ntfs support (+8,-1)
069fda7 fstools: update to the latest master branch (+3,-3)
091aa3d fstools: guard usage of WEXITSTATUS (+3,-1)
e12c0d6 fstools: use EXIT_FAILURE when indicating error on exit (+6,-6)
b86bd6e block: fix formatting & indent in the mount_device() (+18,-16)
2971779 block: move blockd_notify() call out of the conditional blocks (+7,-9)
5dc631d block: simplify code picking mount target directory (+4,-3)
a778468 block: don't duplicate mounting code in the mount_device() (+20,-29)
6b445fa block: make umount_device() function more generic (+17,-20)
1913fea block: don't duplicate unmounting code in the mount_action() (+1,-11)
f6a9686 blockd: don't unmount device when removing it from the list (+2,-24)
dc6a462 blockd: don't reparse blob msg in the vlist callbacks (+3,-13)
30f5096 block: validate amount of arguments for the "autofs" command (+4)
71c2bde block: generate hotplug.d mount events (+33)
f1bb762 block: make blockd_notify() return an int instead of void (+8,-3)
c8c7ca5 block: cleanup handling "start" action of the "autofs" command (+9,-5)
28753b3 block: remove target directory after unmounting (+4,-2)
3bb3352 blockd: unmount device explicitly when it disappears (+12,-1)
⇒ + 1 more…
e5a0b6c uhttpd: disable concurrent requests by default (+2,-2)

Target / apm821xx (9 changes)

81b2bf8 kernel: bump 4.14 to 4.14.72 (+18,-434)
9ac7eb4 kernel: bump 4.14 to 4.14.76 (+8,-8)
270b9d3 kernel: bump 4.14 to 4.14.78 (+5,-5)
26ebcc8 apm821xx: wndr4700: restore sd-card media detection (+1,-1)
9671a2d apm821xx: MBL: load kernel/dtb from SATA 0:1 first (+3,-3)
2213b20 kernel: bump 4.14 to 4.14.86 (+43,-43)
40e1450 kernel: bump 4.14 to 4.14.88 (+12,-12)
8a9b0b9 apm821xx: switch MX60(W)'s recovery images to multi-image method (+2,-5)
367ccf7 kernel: bump 4.14 to 4.14.91 (+16,-109)

Target / ar71xx (17 changes)

e302272 ar71xx/generic: enable Zyxel NBG6616 in kernel config again (+1)
4bff3f3 ar71xx: WNR612v2: fix kernel panic due to wrong Wifi LED init (+2,-2)
5fde931 kernel: bump 4.9 to 4.9.124 (+19,-19)
3444638 ar71xx: fix QCA955X SGMII link loss (+127)
6a4f059 ar71xx: allow to override at803x sgmii aneg status (+43)
81d73ae kernel: bump 4.9 to 4.9.125 (+14,-20)
2e946ca kernel: bump 4.9 to 4.9.129 (+21,-41)
23bd33c kernel: bump 4.9 to 4.9.130 (+6,-6)
8baadec ar71xx: flag FritzBox 4020 buttons as active low (+2,-2)
95e2da8 ar71xx: Fix installation of fw_setenv in sysupgrade ramdisk (+6,-6)
486dc75 ar71xx: fix mtd corruption (+67,-3)
dbd0670 kernel: bump 4.9 to 4.9.134 (+52,-52)
0d54927 ar71xx: fix TP-Link Archer C7 v5 switch LEDs (+15,-3)
50789ac ar71xx: add support for UniFi-AC-Mesh-Pro (+21,-8)
dd5fa21 kernel: bump 4.9 to 4.9.152 (+37,-34)
2c7a1cc ar71xx: Add usb drivers in Archer C7 v4/v5 images (+1,-1)
e6c2f3f ar71xx: use correct wan mac address for the TP-Link Archer C7 v4 (+11,-7)

Target / armvirt (2 changes)

ae2a3a1 kernel: enable memory compaction (+5,-10)
47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)

Target / at91 (2 changes)

ae2a3a1 kernel: enable memory compaction (+5,-10)
bcd7644 kernel: bump 4.9 to 4.9.143 (+48,-40)

Target / ath25 (1 change)

f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)

Target / bcm53xx (18 changes)

def9d21 kernel: bump 4.14 to 4.14.67 (+14,-38)
05606de kernel: pick earlycon regression fixes from the stable-queue.git (+85,-33)
81b2bf8 kernel: bump 4.14 to 4.14.72 (+18,-434)
1e2164a kernel: add missing symbol for target bcm53xx (+1)
2db4015 bcm53xx: replace SPI revert with a fix sent upstream (+42,-146)
4fb73b6 bcm53xx: use upstream SPI controller fix (+5,-3)
f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)
aa0aa47 kernel: Add support for Winbond w25q128jv SPI NOR flash (+86,-18)
e6971b8 bcm53xx: add pending pinctrl driver (+427)
f9e50a9 bcm53xx: update pinctrl driver (+39)
33731cc bcm53xx: add DT patch describing pins mux controller (+73)
4db74fb kernel: bump 4.14 to 4.14.81 (+30,-77)
2213b20 kernel: bump 4.14 to 4.14.86 (+43,-43)
40e1450 kernel: bump 4.14 to 4.14.88 (+12,-12)
81541d9 bcm53xx: exit if writing kernel during sysupgrade fails (+2,-2)
eef6bd3 bcm53xx: update pinctrl driver & use its new DT binding (+130)
dbbba84 bcm53xx: rename dts backport patches changing their prefixes ()
5af6b79 bcm53xx: backport DTS changes queued for the 4.21 (+241,-5)

Target / brcm2708 (6 changes)

2e946ca kernel: bump 4.9 to 4.9.129 (+21,-41)
235148b kernel: bump 4.9 to 4.9.133 (+5,-5)
6f388ad kernel: bump 4.9 to 4.9.137 (+104,-115)
bcd7644 kernel: bump 4.9 to 4.9.143 (+48,-40)
85f42a7 kernel: bump 4.9 to 4.9.145 (+15,-15)
cae2632 kernel: bump 4.9 to 4.9.150 (+46,-101)

Target / brcm47xx (8 changes)

81d73ae kernel: bump 4.9 to 4.9.125 (+14,-20)
55bbd82 kernel: bump 4.14 to 4.14.68 (+163,-240)
0d8d63c kernel: bump 4.9 to 4.9.128 (+6,-6)
492bd8d kernel: bump 4.14 to 4.14.71 (+40,-40)
6f388ad kernel: bump 4.9 to 4.9.137 (+104,-115)
4db74fb kernel: bump 4.14 to 4.14.81 (+30,-77)
40ca437 brcm47xx: Enable USB power on WNDR3400v3 (+39)
939fa07 kernel: bump 4.14 to 4.14.93 (+57,-112)

Target / brcm63xx (1 change)

f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)

Target / cns3xxx (5 changes)

50dbaee cns3xxx: fix mtu setting with kernel 4.14 (+1,-10)
def9d21 kernel: bump 4.14 to 4.14.67 (+14,-38)
47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)
367ccf7 kernel: bump 4.14 to 4.14.91 (+16,-109)
939fa07 kernel: bump 4.14 to 4.14.93 (+57,-112)

Target / imx6 (2 changes)

47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)
44084d8 imx6: fix DMA transaction errors (+2,-23)

Target / ipq40xx (7 changes)

def9d21 kernel: bump 4.14 to 4.14.67 (+14,-38)
81b2bf8 kernel: bump 4.14 to 4.14.72 (+18,-434)
47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)
f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)
fbadfec ipq40xx: fix openmesh sysupgrade with tar content out of order (+3,-3)
2213b20 kernel: bump 4.14 to 4.14.86 (+43,-43)
7b0e1d2 kernel: bump 4.14 to 4.14.89 (+151,-151)

Target / ipq806x (7 changes)

def9d21 kernel: bump 4.14 to 4.14.67 (+14,-38)
81b2bf8 kernel: bump 4.14 to 4.14.72 (+18,-434)
149dcc2 kernel: bump 4.14 to 4.14.74 (+14,-14)
bba7434 kernel: bump 4.14 to 4.14.75 (+100,-100)
47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)
f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)
4db74fb kernel: bump 4.14 to 4.14.81 (+30,-77)

Target / ixp4xx (2 changes)

a5ccdc0 kernel: bump 4.9 to 4.9.123 (+19,-19)
b4f672c kernel: bump 4.9 to 4.9.127 for 18.06 (+16,-16)

Target / lantiq (9 changes)

5fde931 kernel: bump 4.9 to 4.9.124 (+19,-19)
def9d21 kernel: bump 4.14 to 4.14.67 (+14,-38)
86a3d26 kernel: bump 4.9 to 4.9.132 (+3,-3)
bba7434 kernel: bump 4.14 to 4.14.75 (+100,-100)
f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)
07ef8b7 kernel: bump 4.9 to 4.9.138 (+5,-5)
216c04f kernel: bump 4.14 to 4.14.82 (+8,-8)
575621e lantiq/basefiles: use shutdown instead of stop when the system goes down (+1,-1)
11bfb39 kernel: bump 4.14 to 4.14.95 (+25,-273)

Target / layerscape (15 changes)

5fde931 kernel: bump 4.9 to 4.9.124 (+19,-19)
81d73ae kernel: bump 4.9 to 4.9.125 (+14,-20)
b4f672c kernel: bump 4.9 to 4.9.127 for 18.06 (+16,-16)
2e946ca kernel: bump 4.9 to 4.9.129 (+21,-41)
23bd33c kernel: bump 4.9 to 4.9.130 (+6,-6)
d837c93 kernel: bump 4.9 to 4.9.131 (+11,-11)
ae2a3a1 kernel: enable memory compaction (+5,-10)
dbd0670 kernel: bump 4.9 to 4.9.134 (+52,-52)
4dc42ef kernel: bump 4.9 to 4.9.135 (+6,-6)
aa0aa47 kernel: Add support for Winbond w25q128jv SPI NOR flash (+86,-18)
6f388ad kernel: bump 4.9 to 4.9.137 (+104,-115)
bcd7644 kernel: bump 4.9 to 4.9.143 (+48,-40)
386a57d kernel: bump 4.9 to 4.9.146 (+4,-4)
cae2632 kernel: bump 4.9 to 4.9.150 (+46,-101)
dd5fa21 kernel: bump 4.9 to 4.9.152 (+37,-34)

Target / mediatek (10 changes)

81b2bf8 kernel: bump 4.14 to 4.14.72 (+18,-434)
149dcc2 kernel: bump 4.14 to 4.14.74 (+14,-14)
ae2a3a1 kernel: enable memory compaction (+5,-10)
9ac7eb4 kernel: bump 4.14 to 4.14.76 (+8,-8)
47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)
f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)
2213b20 kernel: bump 4.14 to 4.14.86 (+43,-43)
40e1450 kernel: bump 4.14 to 4.14.88 (+12,-12)
7b0e1d2 kernel: bump 4.14 to 4.14.89 (+151,-151)
939fa07 kernel: bump 4.14 to 4.14.93 (+57,-112)

Target / mpc85xx (1 change)

f741357 mpc85xx: add migration script for TP-Link TL-WDR4900 v1 WLAN PCI paths (+63)

Target / mvebu (4 changes)

492bd8d kernel: bump 4.14 to 4.14.71 (+40,-40)
670f14c kerneL: bump 4.14 to 4.14.73 (+7,-103)
47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)
4db74fb kernel: bump 4.14 to 4.14.81 (+30,-77)

Target / mxs (1 change)

bba7434 kernel: bump 4.14 to 4.14.75 (+100,-100)

Target / octeon (1 change)

0d6eaa0 octeon: fix typo in platform.sh (+1,-1)

Target / octeontx (1 change)

ae2a3a1 kernel: enable memory compaction (+5,-10)

Target / omap (1 change)

47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)

Target / oxnas (4 changes)

ae2a3a1 kernel: enable memory compaction (+5,-10)
4f40d4c oxnas: squash-pick commits from master branch (+56,-111)
4db74fb kernel: bump 4.14 to 4.14.81 (+30,-77)
367ccf7 kernel: bump 4.14 to 4.14.91 (+16,-109)

Target / pistachio (2 changes)

f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)
aa0aa47 kernel: Add support for Winbond w25q128jv SPI NOR flash (+86,-18)

Target / ramips (19 changes)

4ffed01 ramips: drop not existing groups from pinmux (+10,-10)
446dccc ramips: fix GL-MT300N-V2 SoC compatible (+1,-1)
f1c3b54 ramips: fix compatibles in SoC dtsi (+3,-3)
79518b7 ramips: mt7620: add dir-810l network config (+1)
def9d21 kernel: bump 4.14 to 4.14.67 (+14,-38)
0f3ec67 ramips: only limit lzma dictionary size on mt7621 (+2,-1)
de76cef kernel: bump 4.14 to 4.14.70 for 18.06 (+102,-6)
3a783e5 ramips: ex2700: actually remove kmod-mt76* (+1,-1)
e4678c6 ramips: fix Archer C20 sysupgrade (-1)
149dcc2 kernel: bump 4.14 to 4.14.74 (+14,-14)
bba7434 kernel: bump 4.14 to 4.14.75 (+100,-100)
f9c7994 kernel: bump 4.14 to 4.14.79 (+55,-55)
aa0aa47 kernel: Add support for Winbond w25q128jv SPI NOR flash (+86,-18)
1cd945e ramips: fix leds on GL.iNet GL-MT300N-V2 (+2,-1)
cc7fa7f ramips: fix reboot with W25Q256 with 4-address-mode enabled (+73)
b81774c ramips: mt7621: fix mtu setting with kernel 4.14 (+7,-11)
b1c42ef ramips: fix wizfi630a swapped lan/wan port (+1,-1)
7b0e1d2 kernel: bump 4.14 to 4.14.89 (+151,-151)
3603c23 ramips: mt7621: fix 5GHz WiFi LED on ZBT WG3526 (+4)

Target / sunxi (5 changes)

5fde931 kernel: bump 4.9 to 4.9.124 (+19,-19)
ae2a3a1 kernel: enable memory compaction (+5,-10)
dbd0670 kernel: bump 4.9 to 4.9.134 (+52,-52)
47f68ca kernel: bump 4.14 to 4.14.77 (+42,-33)
b0d08ec sunxi: remove kernel 4.9 support (-21.2K)

Target / x86 (9 changes)

ae2a3a1 kernel: enable memory compaction (+5,-10)
4424fa9 x86: add UHCI and XHCI USB host drivers to 4.14 (+5,-1)
ac7b9ca x86/geode: enable X86_INTEL_LPSS to select PINCTRL (+10,-1)
7d00815 x86: geode: Add missing config options (+2,-2)
741f03b x86/64: enable X86_INTEL_LPSS to select PINCTRL (+10,-1)
0439280 kernel: support gcc-optimized inlining on all architectures (+143,-2)
dab5305 x86: mount writable bootfs (+4,-8)
6b0bafb x86: add packages files to image bootfs (+2)
fc38aad x86: make sysupgrade.tgz reachable again (+1,-1)

Wireless / Common (20 changes)

5a07b4e mac80211: mwl8k: Expand non-DFS 5G channels (+37)
1a7471a mac80211: brcmfmac: backport 4.19 patches preparing monitor mode support (+383,-1)
d3e9c88 mac80211: brcmfmac: backport patch for per-firmware features (+84)
6f0ede5 mac80211: brcmfmac: backport CYW89342 support & fixes from 4.20 (+208)
f506de2 ath9k: fix unloading the module (+10,-15)
8a006c2 mac80211: backport upstream fixes (+702,-55)
609707c mac80211: fix tx queue allocation for active monitor interfaces (+26)
b115fca mac80211: fix management frame protection issue with mt76 (and possibly other... (+25)
4fa4b5e mac80211: fix A-MSDU packet handling with TCP retransmission (+31)
779b89c ath9k: fix dynack in IBSS mode (+309)
156f6e6 mac80211: add iw command wrapper with error logging (+4)
5195136 mac80211: brcmfmac: rename 4.20 backport patches ()
941256c mac80211: brcmfmac: backport the latest 4.20 changes (+244)
2e54de4 mac80211: brcmutil: backport chanspec debugging patch (+83)
0578930 mac80211: backport sg_init_marker() (+30)
3589915 kernel: backport and include linux/overflow.h (+322)
e4b0704 mac80211: backport firmware_request_nowarn and firmware_request_cache (+19)
f2a6d39 mac80211: brcmfmac: add 2 more recent changes (+112)
9d07678 mac80211: fix spurious disconnections with powersave clients (+26)
a8cc06c mac80211: brcmfmac: backport firmware loading changes & fix memory bugs (+620,-15)

Wireless / MT76 (10 changes)

14580aa mt76: update to the latest version (+3,-3)
7daf962 mt7603: add survey support (+56)
980c606 mt7603: add fix for CCA signal configuration (+7)
30b8371 mt7603: fix BAR rate (+2,-2)
ca1d6c7 mt76: fix tx power issue for mt76x2 (+3,-3)
6e1898d mt76x2: fix tx power configuration for VHT mcs 9 (+2,-2)
9f3cce2 mt76: update to the latest version from the 18.06 branch (+3,-3)
497c304 mt7603: fix wcid for frames sent via drv_tx (+19)
27af7a5 mt76: fix handling ps-poll frames (+6)
c3dba28 mt76: check aggregation sequence number for frames sent via drv_tx (+25,-11)
2163b49 mt76: update to the latest version, fixes mt76x2 beacon issue (+3,-3)
53e1110 mt76: mt76x2: fix multi-interface beacon configuration (+1,-2)
7998963 mt76: update to the latest version (+3,-3)
199d6bf mt76x2: skip station tx status for non-sta wcid entries (+1,-1)
d83ac6e mt76: only override control->sta on sw-encrypted tx (+6,-2)
23abe5d mt76: add support for reporting tx status with skb (+208,-57)
f8ce59e mt7603: use common tx status handling code (+10,-153)
24ca1cd mt76: update to the latest version (+3,-3)
71b7a4a mt76: fix regression in tx status handling (+4,-1)
91a8bc1 Revert "mt76: update to the latest version" (+3,-3)
514ad05 mt76: update to the latest version, sync with master (+147,-10)
d220f43 Revert "mt76x2: reset HW before probe" (+1,-4)
0853d79 Revert "mt76x2: add functions for setting extended MAC address registers" (+1,-28)
8ba17b1 Revert "mt76: use a per rx queue page fragment cache" (+7,-10)
3f0ac35 mt76x2: init: disable APCLI by default (-2)
38014de mt76x2: remove unnecessary break in mt76x2_mac_process_tx_rate() (-1)
fbf4791 mt76x2: fix TXD_INFO bitmask definition (+3,-4)
d00c616 mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status() (+2,-4)
0d42d22 mt76: introduce mt76_{incr,decr} utility routines (+12)
0f6379a mt76x2: dfs: add sw event ring buffer (+163,-3)
df8071f mt76x2: dfs: add sw pattern detector (+260,-1)
016df9c mt76x2: debugfs: add sw pulse statistics to dfs debugfs (+25,-1)
a6915cb mt76: move MT_TXD_INFO, MT_MCU_MSG and MT_RX_FCE_INFO defs in dma.h (+38,-38)
911e6aa mt76x2: move mt76x2_fw_header and mt76x2_patch_header definitions in mcu.h (+17,-17)
c55d29b mt76x2: move utility routines in mt76x2.h (+40,-37)
d08ea82 mt76x2: introduce mt76x2_init_device routine (+33,-26)
6a1e809 mt76x2: move interface_modes definition in mt76x2_init (+16,-8)
⇒ + 156 more…
f34ad1a mt76: update to the latest version (+5,-5)
6745830 mt76: fix race condition in station removal (+4,-3)
7e5c819 mt76: add mt76_sta_remove helper (+24,-9)
75aa36e mt7603: use wcid/wcid_mask from struct mt76_dev (+11,-13)
fd85ff9 mt7603: use mt76_sta_remove helper (+1,-14)
0848d2d mt7603: simplify mt7603_mcu_msg_send, remove skb_ret handling (+14,-17)
83a80ca mt76: request tx status for powersave released EOSP packet (+2,-1)
df5c797 mt76: fix uninitialized mutex access setting rts threshold (+2,-3)
0bfa98e mt76: introduce mt76x02_config_mac_addr_list routine (+27,-15)
4248446 mt76x0: pci: enable VHT rates in IBSS mode (+2,-3)
f75efd8 mt76x2u: phy: add TX_SHAPING calibration (+1)
c1d67b4 mt76x2u: phy: run phy_channel_calibrate after channel switch (+15,-9)
9fe0fe8 mt76x2u: main: use mt76x02_bss_info_changed utility routine (+3,-20)
3fc95d7 mt76x2u: init: remove mt76x2u_init_beacon_offsets routine (-10)
88f6883 mt76: remove wait argument from mt76x02_mcu_calibrate (+36,-39)
009ab91 mt76: clean up more unused EXPORT_SYMBOLs (+1,-10)
963768d mt76x02: fix regression in tx station race condition fix (+1)
⇒ + 87 more…
6e16dd1 mt76: update to the latest version (+3,-3)
d273ddd mt7603: fix number of frames limit in .release_buffered_frames (+1)
63bf183 mt76: add channel switch announcement support (+66,-2)
e45db12 mt7603: fix tx status info (+9,-30)
9d11596 mt7603: discard bogus tx status data (+6,-1)
4bcb2f9 mt7603: fix txd q_idx field value (+7,-1)
4206db7 mt76: set IEEE80211_HW_NEEDS_UNIQUE_STA_ADDR flag (+1)
c4e4982 mt7603: set IEEE80211_HW_TX_STATUS_NO_AMPDU_LEN (+9)
702f557 mt7603: use maximum tx count for buffered multicast packets (+2,-2)
158529d mt7603: fix PSE reset retry sequence (+3,-5)
fc31457 mt7603: implement support for SMPS (+18)
3e9a7d5 Revert "mt7603: fix txd q_idx field value" (+1,-7)
815fd03 mt7603: fix CCA timing values (+9,-6)
b35cc8e mt7603: set timing on channel change before starting MAC (+1,-1)
79b337c mt7603: move CF-End rate update to mt7603_mac_set_timing (+8,-10)
3df341d mt7603: avoid redundant MAC timing updates (+6,-2)
1c751f3 mt76: avoid scheduling tx queues for powersave stations (+5)
⇒ + 10 more…

Wireless / Mwlwifi (6 changes)

a009d4c mwlwifi: Update to 10.3.8.0-20180810 (+3,-3)
226036d Used an array to map rx antenna number for HT cap. (+5,-7)
c2f82f1 Annoucement of mesh interface if mesh is supported. (+4)
d9daa1d Added code to support BF for MU-MIMO. (+306,-13)
b0a1586 Upgrade 88W8997 firmware to 8.4.0.43. ()
2929b70 Modified the code to work with firmware of 88W8997. (+9,-3)
f5869c0 Added code to make sure headroom is enough. (+10,-2)
561f1b2 Removed warning message. (+2,-1)
bf22f64 Change driver version to 10.3.8.0-20180716. (+1,-1)
d9c8c59 Removed unnecessary information message. (-1)
40c0abb Upgrade 88W8997 firmware to 8.4.0.46. ()
3ac5e2d Added code to load power table for 88W8997. (+327,-81)
92eb3f8 Fixed the code to load calibration data. (+12,-5)
7537480 Change driver version to 10.3.8.0-20180810. (+1,-1)
bbc0c4d mwlwifi: driver version to 10.3.8.0-20180920 (+3,-3)
649b8f6 Added debugfs file dfs_test for DFS test. (+62)
757340a Fixed bad signal of scan results for 88W8964. (+7,-2)
1db017c Corrected received signal of 88W8997. (+11,-2)
c03b10e Upgrade 88W8997 firmware to 8.4.0.48. ()
1b45f06 Assigned BSSID for updated FW API of 88W8997. (+4)
51a2100 Corrected WMM parameters element. (+2,-1)
ec0adbf Change driver version to 10.3.8.0-20180906. (+1,-1)
a037b56 Changed the way to destroy BA. (+17,-3)
3c7e8f2 Upgrade 88W8997 firmware to 8.4.0.49. ()
5649723 Added LED control for 88W8997. (+143)
4a98c2b Change driver version to 10.3.8.0-20180920. (+1,-1)
2046cd2 mwlwifi: driver version to 10.3.8.0-20181008 (+3,-3)
acaec0a Fixed hidden SSID problem of 88W8997. (+8,-1)
34db09e Changed slot time if needed for 88W8997. (+16,-4)
97689fd Upgrade 88W8997 firmware to 8.4.0.51. ()
3520811 Change driver version to 10.3.8.0-20181008. (+1,-1)
ebe02f7 mwlwifi: driver version to 10.3.8.0-20181022 (+3,-3)
ccdb4fa Modified the code to protect tx queues. (+14,-6)
7b8942d Fixed crash problem when module is removed. (+14,-13)
9be9274 Added vendor events. (+33,-1)
ecfc93d Removed unnecessary firmware settings. (+44,-16)
d077590 Upgrade 88W8997 firmware to 8.4.0.52. ()
fac1da8 Change driver version to 10.3.8.0-20181022. (+1,-1)
66ff4e4 mwlwifi: update to version 10.3.8.0-20181029 (+3,-3)
369d99c Added code to synchronize module removal. (+8,-3)
f485714 Added code to dump commands set to firmware. (+9,-4)
6cdddfa Removed unnecessary firmware settings. (+13,-6)
060ddea Upgrade 88W8997 firmware to 8.4.de.52. ()
5ddf4c2 Change driver version to 10.3.8.0-20181026-debug. (+1,-1)
4f18df4 Print out really success of BA creation. (+5,-3)
183b66d Added debugfs file dump_hostcmd to control hostcmd dumping. (+63,-2)
ce6a9ca Fixed security mode won't work after "wifi up". (+17,-13)
1da7366 Change driver version to 10.3.8.0-20181027-debug. (+1,-1)
753e165 Upgrade 88W8997 firmware to 8.4.0.53. ()
917a4ed Change driver version to 10.3.8.0-20181027. (+1,-1)
d3ac6d7 Corrected print out message for 'dump_hostcmd'. (+1,-1)
2f160bb Shorten the time to check command timeout. (+1,-1)
f01e9fa Added code to correctly parse EAPOL and forbidden packet out. (+27,-8)
382700c Change driver version to 10.3.8.0-20181029. (+1,-1)
0f5b8a9 mwlwifi: update to version 10.3.8.0-20181114 (+3,-3)
a23a558 Upgrade 88W8997 firmware to 8.4.4.1. ()
8f3abe9 Change driver version to 10.3.8.0-20181031. (+1,-1)
e899ccb Upgrade 88W8997 firmware to 24.4.4.1. ()
ff758d5 Change driver version to 10.3.8.0-20181102-debug. (+1,-1)
b2872f9 Upgrade 88W8997 firmware to 24.5.4.1. ()
430b15c Change driver version to 10.3.8.0-20181103. (+1,-1)
7ecb390 Upgrade 88W8997 firmware to 8.4.4.2. ()
dbf1fee Change driver version to 10.3.8.0-20181105. (+1,-1)
906cfa5 Added debugfs file heartbeat. (+91,-3)
1c83cb3 Change driver version to 10.3.8.0-20181105-debug. (+1,-1)
e4c74d6 Change driver version to 10.3.8.0-20181106. (+1,-1)
c0d0c9f Added code to avoid some packets to do AMSDU. (+49,-4)
d10d2c5 Added debugfs file dump_probe. (+69)
4931318 Change driver version to 10.3.8.0-20181109. (+1,-1)
da6e7e3 Enabled uAPSD. (+1)
e5e0700 Change driver version to 10.3.8.0-20181112. (+1,-1)
⇒ + 2 more…

Addressed bugs

#859

Description: OpenVPN is beeing killed with "service openvpn stop" due to short timeout
Link: https://bugs.openwrt.org/index.php?do=details&task_id=859
Commits:
0282d04 openvpn: increase procd termination timeout to 15s (+2,-1)

#1021

Description: uhttpd-mod-ubus: error in postinst script
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1021
Commits:
85c7730 base-files: fix postinstall uci-defaults removal (+3,-4)

#1123

Description: base-files: os-release: HOME_URL not settable / set to LEDE_DEVICE_MANUFACTURER_URL
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1123
Commits:
ef7a6a4 base-files: add menuconfig option for HOME_URL (+12,-1)

#1468

Description: hostapd spams log
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1468
Commits:
8bf1a35 hostapd: fix MAC filter related log spam (+78,-11)

#1664

Description: Unable to use wan port (dhcp or static ip is not working)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1664
Commits:
6118db3 generic: revert workarounds for AR8337 switch (+1,-62)

#1715

Description: Mikrotik: unrecognized SPI NOR flash chip (JEDEC id: ef, 70, 18)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1715
Commits:
aa0aa47 kernel: Add support for Winbond w25q128jv SPI NOR flash (+86,-18)

#1749

Description: e2fsprogs without --disable-threads needs -lpthread
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1749
Commits:
46a700e e2fsprogs: fix glibc compile issue (FS#1749,FS#1796) (+2)

#1796

Description: e2fsprogs does not compile against glibc
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1796
Commits:
46a700e e2fsprogs: fix glibc compile issue (FS#1749,FS#1796) (+2)

#1797

Description: AR670w upgrade fails with 'platform_check_image'
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1797
Commits:
0f3ec67 ramips: only limit lzma dictionary size on mt7621 (+2,-1)

#1803

Description: mcopy/mmd included with openwrt-imagebuilder-18.06.1 fail with error in _nl_intern_locale_data
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1803
Commits:
686c6c5 scripts: bundle-libraries: prevent loading host locales (FS#1803) (+21,-5)

#1830

Description: Mikrotik: sysupgrade fails due to ubifs dropped support for MLC NAND flash
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1830
Commits:
f1a2b5b kernel: tolerate using UBI/UBIFS on MLC flash (FS#1830) (+26)

#1853

Description: odhcpd: Router Advertisement message leaks to WAN in relay mode when stopping the service
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1853
Commits:
d5dd3b1 odhcpd: update to latest git HEAD (FS#1853) (+4,-4)
ee7472a router: don't leak RA message in relay mode (FS#1853) (+1,-1)
402c274 dhcpv6: check return code of dhcpv6_ia_init() (+1,-2)
57f639e odhcpd: make DHCPv6/RA/NDP support optional (+22,-8)

#1875

Description: netifd: segmentation fault when using _network rules_
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1875
Commits:
f3753a9 netifd: fix segfault (FS#1875) (+3,-3)
d0fa124 iprule: fix segfault (FS#1875) (+2,-6)

#2060

Description: Axis IP cameras do not get stateful IPv6 addresses anymore
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2060
Commits:
7f98cd8 odhcpd: fix onlink IA check (FS#2060) (+4,-4)
c70d5cf dhcpv6-ia: fix onlink IA check (FS#2060) (+2,-2)
ae16950 dhcpv6-ia: fix compiler warning (+2,-1)

Security fixes

CVE-2015-8370

Description: Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370
Commits:
a0569f5 grub2: Fix CVE-2015-8370 (+45,-1)
a662d6f grub2: rebase patches (+4,-8)

CVE-2016-3189

Description: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189
Commits:
30758ee bzip2: Fix CVE-2016-3189 (+12,-1)

CVE-2017-18269

Description: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18269
Commits:
e60be11 toolchain/glibc: update to latest 2.26 commit (+2,-2)

CVE-2018-0734

Description: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
Commits:
39c3b51 openssl: bump to 1.0.2q (+2,-2)

CVE-2018-5407

Description: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
Commits:
39c3b51 openssl: bump to 1.0.2q (+2,-2)

CVE-2018-6951

Description: An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6951
Commits:
27528d4 tools: patch: Add missing CVE-2018-6951 fix (+33,-12)

CVE-2018-6952

Description: A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952
Commits:
ed32045 patch: apply upstream cve fixes (+226)

CVE-2018-7755

Description: An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755
Commits:
d837c93 kernel: bump 4.9 to 4.9.131 (+11,-11)
149dcc2 kernel: bump 4.14 to 4.14.74 (+14,-14)

CVE-2018-10880

Description: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10880
Commits:
d837c93 kernel: bump 4.9 to 4.9.131 (+11,-11)

CVE-2018-10883

Description: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10883
Commits:
4dc42ef kernel: bump 4.9 to 4.9.135 (+6,-6)

CVE-2018-11236

Description: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11236
Commits:
e60be11 toolchain/glibc: update to latest 2.26 commit (+2,-2)

CVE-2018-14625

Description: A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14625
Commits:
85f42a7 kernel: bump 4.9 to 4.9.145 (+15,-15)
40e1450 kernel: bump 4.14 to 4.14.88 (+12,-12)

CVE-2018-15473

Description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473
Commits:
8bb9d05 dropbear: backport upstream fix for CVE-2018-15599 (+224,-3)
97fddb2 dropbear: backport upstream fix for CVE-2018-15599 (+1,-1)

CVE-2018-15599

Description: The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15599
Commits:
8bb9d05 dropbear: backport upstream fix for CVE-2018-15599 (+224,-3)
97fddb2 dropbear: backport upstream fix for CVE-2018-15599 (+1,-1)

CVE-2018-19608

Description: Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608
Commits:
1447924 mbedtls: update to 2.14.1 for 18.06 (+56,-29)

CVE-2018-1000156

Description: GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156
Commits:
ed32045 patch: apply upstream cve fixes (+226)

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
releases/18.06/changelog-18.06.2.txt · Last modified: 2019/01/30 12:55 by jow