OpenWrt v18.06.9 Changelog
This changelog lists all commits done in OpenWrt since the v18.06.8 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 18.06.9 release.
See also the release notes that provide a more accessible overview of the main changes in 18.06.9.
Build System / Buildroot (4 changes)
401fe1a build: adjust gcc/g++ version checks for newer apple compilers (+2,-2)
e1d4612 build: add GCC 10 version detection (+6,-4)
7b3ada8 build: prereq: tidy gcc version checks (-16)
6d94a6e scripts: getver.sh: fix version based on stable branch (+1,-1)
Build System / Host Utilities (3 changes)
6b1f2e6 squashfs: Fix compile with GCC 10 (+25)
95dc2f5 tools/cmake: fix typo in parallel make patch (+2,-1)
910ac64 tools/squashfs4: fix bugs of xz compress options (+3,-3)
Build System / Toolchain (1 change)
b20a95f musl: fix locking synchronization bug (+69)
Kernel (20 changes)
4c14dbf kernel: bump 4.9 to 4.9.215 (+24,-24)
e38f355 kernel: bump 4.14 to 4.14.172 (+15,-15)
08ad7a3 kernel: backport out-of-memory fix for non-Ethernet devices (+71)
489fc23 kernel: add missing symbol for Kernel 4.14 (+1)
82c8170 kernel: bump 4.9 to 4.9.219 (+72,-72)
1f0679f kernel: bump 4.14 to 4.14.176 (+79,-260)
5faccaf kernel: bump 4.9 to 4.9.223 (+15,-15)
7b49c0b kernel: bump 4.14 to 4.14.180 (+18,-18)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
0f07496 kernel: Update kernel 4.9 to version 4.9.229 (+74,-78)
35e9edc kernel: Update kernel 4.14 to version 4.14.193 (+21,-21)
f9ffdf8 kernel: update kernel 4.9 to version 4.9.232 (+33,-109)
b8336eb kernel: Update kernel 4.14 to version 4.14.195 (+51,-51)
3ad44fc kernel: Update kernel 4.9 to version 4.9.234 (+46,-46)
1da8cc1 kernel: Update kernel 4.14 to version 4.14.199 (+187,-187)
f402571 kernel: Update kernel 4.9 to version 4.9.237 (+62,-62)
edda06c kernel: Update kernel 4.9 to version 4.9.240 (+55,-55)
5d01d05 kernel: Update kernel 4.14 to version 4.14.202 (+34,-34)
9cdc02b kernel: Update kernel 4.14 to version 4.14.206 (+18,-18)
3a8cfab kernel: Update kernel 4.9 to version 4.9.243 (+56,-56)
Packages / Boot Loaders (1 change)
3667693 uboot-envtools: ar71xx: add ZyXEL NBG6616 uboot env support (+1)
Packages / Common (14 changes)
7ebc51a umdns: suppress address-of-packed-member warning (+2,-2)
cffd5ae umdns: update to the version 2020-04-05 (+4,-4)
⇒ 45c4953 dns: explicitly endian-convert all fields in header and question (+9,-13)
⇒ ab7a39a umdns: fix unused error (+2)
b076243 umdns: update to version 2020-04-20 (+4,-4)
⇒ e74a3f9 dns.c: improve input validation (+3,-2)
77063bb umdns: update to version 2020-04-25 (+3,-3)
⇒ cdac046 dns.c: fix input validation fix (+1,-1)
d5118bb wireguard: bump to 20191226 (+61,-34)
2a9c2c0 wireguard: bump to 1.0.20200506 (+2,-2)
15d73a2 libjson-c: backport security fixes (+117,-2)
d3af501 mbedtls: update to version 2.16.5 (+4,-4)
b37a1e4 mbedtls: update to 2.16.6 (+4,-4)
b98bfd4 ca-certificates: update to version 20200601 (+3,-3)
8ae74cc wireguard: bump to 1.0.20200611 (+2,-2)
fec2888 mbedtls: update to 2.16.7 (+38,-38)
bf78cd3 lua: lnum: fix strtoul based number parsing (+90,-1)
3d77160 mbedtls: update to 2.16.8 (+36,-36)
Packages / OpenWrt network userland (4 changes)
b65550e relayd: bump to version 2020-04-20 (+3,-3)
1a30fe1 relayd: bump to version 2020-04-25 (+3,-3)
⇒ 796da66 dhcp.c: improve input validation & length checks (+6,-2)
⇒ f4d759b dhcp.c: further improve validation (+4,-1)
7bd437c firewall: backport patch for mss clamping in both directions (+34,-1)
27677af firewall: options: fix parsing of boolean attributes (+39,-1)
Packages / OpenWrt system userland (6 changes)
2ed2512 usign: update to latest Git HEAD (+3,-3)
⇒ f34a383 main: fix some resource leaks (+10,-2)
aba01f7 usign: update to latest git HEAD (+3,-3)
⇒ f1f6502 Always pad fingerprints to 16 characters (+3,-3)
ff6c312 rpcd: update to latest openwrt-18.06 Git HEAD (+4,-4)
⇒ abbc302 uci: reset uci_ptr flags when merging set operations (+1)
⇒ dd46d6d uci: free configs list memory on return (+4)
⇒ 662d034 uci: reset uci_ptr flags when merging options during section add (+1)
⇒ 53a0952 session: deny access if password login is disabled (+1,-1)
⇒ d80f70e plugin: fix leaking invoked method name for exec plugins (+3,-3)
⇒ 5cd4f4e plugin: exec: properly free memory on parse error (+7,-2)
⇒ 29c9c11 exec: properly free memory on rpc_exec() error (+12,-4)
⇒ 16de3fa plugin: do not free method name separately (+1,-4)
⇒ c7bb956 plugin: fix double free in finish callback (-1)
⇒ 71b00ab file: rpc_file_exec_run: fix potential memory leak and integer overflow (+16,-4)
⇒ efbcedb file: remove unused members from struct rpc_file_exec_context (-4)
⇒ cd09c5f file: patch process stdin to /dev/null (+8,-1)
⇒ 313964c file: avoid closing stdio descriptors in rpc_file_exec_run (+12,-5)
⇒ 7be1f17 file: exec: properly free memory on error (+18,-3)
2dcf46b libubox: backport additional length-checking fixes (+284,-1)
e6bcfdf fstools: backport: fix ntfs uuid (+57,-1)
5625f5b uci: Backport security fixes (+164,-1)
Target / apm821xx (5 changes)
e38f355 kernel: bump 4.14 to 4.14.172 (+15,-15)
1f0679f kernel: bump 4.14 to 4.14.176 (+79,-260)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
35e9edc kernel: Update kernel 4.14 to version 4.14.193 (+21,-21)
b8336eb kernel: Update kernel 4.14 to version 4.14.195 (+51,-51)
Target / ar7 (1 change)
f402571 kernel: Update kernel 4.9 to version 4.9.237 (+62,-62)
Target / ar71xx (19 changes)
3ef8465 ar71xx: ew-dorin, fix the trigger level for WPS button (+1,-1)
302170d ar71xx: fix swapped LAN/WAN MAC address for Archer C60 v1/v2 (+5,-5)
9831250 ar71xx: remove wrong MAC address adjustment for Archer C60 v2 (+1,-2)
10c04b4 ar71xx: fix port order on TP-Link Archer C60 v1/v2 (+2,-6)
c3c6cc9 ar71xx: use status led for GL.iNet GL-AR750S (+1)
ad01cb5 Revert "ar71xx: use status led for GL.iNet GL-AR750S" (-1)
5faccaf kernel: bump 4.9 to 4.9.223 (+15,-15)
0f07496 kernel: Update kernel 4.9 to version 4.9.229 (+74,-78)
030fe10 ar71xx: Fix mikrotik NAND compile problem (+1,-1)
2ba95d2 ar71xx: Fix mikrotik NAND compile problem (+1,-1)
dd79314 ar71xx: fix sysupgrade for Arduino Yun (+1,-1)
b18e3ea ar71xx: enable ethernet LED of Arduino Yun (+1,-2)
f9ffdf8 kernel: update kernel 4.9 to version 4.9.232 (+33,-109)
5af8762 ar71xx: change u-boot-env to read-write for ZyXEL NBG6616 (+1,-1)
2628ec9 ar71xx: fix ZyXEL NBG6616 wifi switch (+2,-2)
3ad44fc kernel: Update kernel 4.9 to version 4.9.234 (+46,-46)
f402571 kernel: Update kernel 4.9 to version 4.9.237 (+62,-62)
edda06c kernel: Update kernel 4.9 to version 4.9.240 (+55,-55)
ac56d25 ar71xx: mikrotik: bypass id check in __rb_get_wlan_data() (+1,-7)
Target / armvirt (1 change)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
Target / brcm2708 (7 changes)
4c14dbf kernel: bump 4.9 to 4.9.215 (+24,-24)
82c8170 kernel: bump 4.9 to 4.9.219 (+72,-72)
5faccaf kernel: bump 4.9 to 4.9.223 (+15,-15)
0f07496 kernel: Update kernel 4.9 to version 4.9.229 (+74,-78)
f9ffdf8 kernel: update kernel 4.9 to version 4.9.232 (+33,-109)
f402571 kernel: Update kernel 4.9 to version 4.9.237 (+62,-62)
3a8cfab kernel: Update kernel 4.9 to version 4.9.243 (+56,-56)
Target / brcm47xx (2 changes)
1da8cc1 kernel: Update kernel 4.14 to version 4.14.199 (+187,-187)
f402571 kernel: Update kernel 4.9 to version 4.9.237 (+62,-62)
Target / brcm63xx (9 changes)
488751e bcm63xx: refresh kernel config (+1)
b9daff6 bcm63xx: bcm6362: fix pinctrl bug (+11)
a9eebf6 bcm63xx: redboot: fix warning (+1,-1)
183e984 bcm63xx: periph_intc: fix warning (+20)
8e2201e bcm63xx: ext_intc: fix warning (+28)
a7e9159 bcm63xx: mask interrupts on init (+12)
d37f8a6 bcm63xx: a226m-fwb: fix linux partition offset (+4,-4)
1da8cc1 kernel: Update kernel 4.14 to version 4.14.199 (+187,-187)
f402571 kernel: Update kernel 4.9 to version 4.9.237 (+62,-62)
Target / cns3xxx (3 changes)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
b8336eb kernel: Update kernel 4.14 to version 4.14.195 (+51,-51)
9cdc02b kernel: Update kernel 4.14 to version 4.14.206 (+18,-18)
Target / ipq40xx (5 changes)
e38f355 kernel: bump 4.14 to 4.14.172 (+15,-15)
d6bbfc8 ipq40xx: essedma: Disable TCP segmentation offload for IPv6 (+46)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
b8336eb kernel: Update kernel 4.14 to version 4.14.195 (+51,-51)
5d01d05 kernel: Update kernel 4.14 to version 4.14.202 (+34,-34)
Target / ipq806x (2 changes)
e38f355 kernel: bump 4.14 to 4.14.172 (+15,-15)
9cdc02b kernel: Update kernel 4.14 to version 4.14.206 (+18,-18)
Target / ixp4xx (3 changes)
82c8170 kernel: bump 4.9 to 4.9.219 (+72,-72)
f402571 kernel: Update kernel 4.9 to version 4.9.237 (+62,-62)
edda06c kernel: Update kernel 4.9 to version 4.9.240 (+55,-55)
Target / lantiq (5 changes)
82c8170 kernel: bump 4.9 to 4.9.219 (+72,-72)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
f9ffdf8 kernel: update kernel 4.9 to version 4.9.232 (+33,-109)
1da8cc1 kernel: Update kernel 4.14 to version 4.14.199 (+187,-187)
f402571 kernel: Update kernel 4.9 to version 4.9.237 (+62,-62)
Target / layerscape (10 changes)
4c14dbf kernel: bump 4.9 to 4.9.215 (+24,-24)
82c8170 kernel: bump 4.9 to 4.9.219 (+72,-72)
5faccaf kernel: bump 4.9 to 4.9.223 (+15,-15)
0f07496 kernel: Update kernel 4.9 to version 4.9.229 (+74,-78)
f9ffdf8 kernel: update kernel 4.9 to version 4.9.232 (+33,-109)
3ad44fc kernel: Update kernel 4.9 to version 4.9.234 (+46,-46)
f402571 kernel: Update kernel 4.9 to version 4.9.237 (+62,-62)
edda06c kernel: Update kernel 4.9 to version 4.9.240 (+55,-55)
3a8cfab kernel: Update kernel 4.9 to version 4.9.243 (+56,-56)
28a85b8 layerscape: update kernel patch to fix build (+18)
Target / mediatek (9 changes)
e38f355 kernel: bump 4.14 to 4.14.172 (+15,-15)
1f0679f kernel: bump 4.14 to 4.14.176 (+79,-260)
7b49c0b kernel: bump 4.14 to 4.14.180 (+18,-18)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
35e9edc kernel: Update kernel 4.14 to version 4.14.193 (+21,-21)
b8336eb kernel: Update kernel 4.14 to version 4.14.195 (+51,-51)
1da8cc1 kernel: Update kernel 4.14 to version 4.14.199 (+187,-187)
5d01d05 kernel: Update kernel 4.14 to version 4.14.202 (+34,-34)
9cdc02b kernel: Update kernel 4.14 to version 4.14.206 (+18,-18)
Target / mvebu (4 changes)
e38f355 kernel: bump 4.14 to 4.14.172 (+15,-15)
1f0679f kernel: bump 4.14 to 4.14.176 (+79,-260)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
9cdc02b kernel: Update kernel 4.14 to version 4.14.206 (+18,-18)
Target / mxs (1 change)
7b49c0b kernel: bump 4.14 to 4.14.180 (+18,-18)
Target / octeon (2 changes)
9cdc02b kernel: Update kernel 4.14 to version 4.14.206 (+18,-18)
3a8cfab kernel: Update kernel 4.9 to version 4.9.243 (+56,-56)
Target / octeontx (1 change)
1f0679f kernel: bump 4.14 to 4.14.176 (+79,-260)
Target / oxnas (7 changes)
e38f355 kernel: bump 4.14 to 4.14.172 (+15,-15)
2051edf oxnas: move service file to correct place ()
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
1da8cc1 kernel: Update kernel 4.14 to version 4.14.199 (+187,-187)
5d01d05 kernel: Update kernel 4.14 to version 4.14.202 (+34,-34)
d94c59f oxnas: fix qc_prep return in sata driver after kernel 4.14.200 (+3,-1)
9cdc02b kernel: Update kernel 4.14 to version 4.14.206 (+18,-18)
Target / pistachio (1 change)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
Target / ramips (10 changes)
027950f ramips: use full 8MB flash on ZyXEL Keenetic (+2,-2)
1f0679f kernel: bump 4.14 to 4.14.176 (+79,-260)
f77708d ramips: remove unnecessary DEVICE_PACKAGES for Belkin F7C027 (-1)
7b49c0b kernel: bump 4.14 to 4.14.180 (+18,-18)
6ee6496 ramips: drop non-existant ralink,port-map for Ravpower WD03 (-1)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
526c1dd ramips: remove patches for USB-dwc2 (-29)
f4b3c35 ramips: add kmod-usb-dwc2 to ZyXEL Keenetic image (+2,-1)
35e9edc kernel: Update kernel 4.14 to version 4.14.193 (+21,-21)
5d01d05 kernel: Update kernel 4.14 to version 4.14.202 (+34,-34)
Target / rb532 (1 change)
3a8cfab kernel: Update kernel 4.9 to version 4.9.243 (+56,-56)
Target / uml (1 change)
edda06c kernel: Update kernel 4.9 to version 4.9.240 (+55,-55)
Target / x86 (3 changes)
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
0f07496 kernel: Update kernel 4.9 to version 4.9.229 (+74,-78)
0c25ece x86: Add CONFIG_EFI_CUSTOM_SSDT_OVERLAYS (+1)
Wireless / Common (3 changes)
8e89e1c mac80211: Backport fixes for Kr00k vulnerabilities (+131,-1)
1238a22 mac80211: Fix potential endless loop (+31)
7cbbab7 mac80211: Fix brcmfmac compile on layerscape/armv8_64b (+22)
Addressed bugs
#2487
Description: Keenetic problems
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2487
Commits:
027950f ramips: use full 8MB flash on ZyXEL Keenetic (+2,-2)
#2738
Description: [ramips] dwc2 no longer sees device with 0032-USB-dwc2-add-device_reset.patch
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2738
Commits:
526c1dd ramips: remove patches for USB-dwc2 (-29)
#2964
Description: ZyXEL Keenetic - USB port is not working in v18.06.2 and later
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2964
Commits:
526c1dd ramips: remove patches for USB-dwc2 (-29)
#3104
Description: tools/squashfs does not compile on gcc 10
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3104
Commits:
6b1f2e6 squashfs: Fix compile with GCC 10 (+25)
#3119
Description: Can not build 19.07
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3119
Commits:
6b1f2e6 squashfs: Fix compile with GCC 10 (+25)
#3177
Description: procd fails to start rpcd on 18.06.8 because of a libubox regression
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3177
Commits:
2dcf46b libubox: backport additional length-checking fixes (+284,-1)
#3284
Description: firewall3 parses boolean options as false
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3284
Commits:
27677af firewall: options: fix parsing of boolean attributes (+39,-1)
Security fixes
CVE-2020-8647
Description: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8647
Commits:
82c8170 kernel: bump 4.9 to 4.9.219 (+72,-72)
1f0679f kernel: bump 4.14 to 4.14.176 (+79,-260)
CVE-2020-8648
Description: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8648
Commits:
82c8170 kernel: bump 4.9 to 4.9.219 (+72,-72)
1f0679f kernel: bump 4.14 to 4.14.176 (+79,-260)
CVE-2020-8649
Description: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8649
Commits:
82c8170 kernel: bump 4.9 to 4.9.219 (+72,-72)
1f0679f kernel: bump 4.14 to 4.14.176 (+79,-260)
CVE-2020-10757
Description: A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10757
Commits:
1f8d9f7 kernel: Update kernel 4.14 to version 4.14.187 (+80,-137)
0f07496 kernel: Update kernel 4.9 to version 4.9.229 (+74,-78)
CVE-2020-10932
Description: An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932
Commits:
b37a1e4 mbedtls: update to 2.16.6 (+4,-4)
CVE-2020-11669
Description: An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11669
Commits:
7b49c0b kernel: bump 4.14 to 4.14.180 (+18,-18)
CVE-2020-11750
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11750
Commits:
b076243 umdns: update to version 2020-04-20 (+4,-4)
⇒ e74a3f9 dns.c: improve input validation (+3,-2)
77063bb umdns: update to version 2020-04-25 (+3,-3)
⇒ cdac046 dns.c: fix input validation fix (+1,-1)
CVE-2020-11752
Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11752
Commits:
b65550e relayd: bump to version 2020-04-20 (+3,-3)
1a30fe1 relayd: bump to version 2020-04-25 (+3,-3)
⇒ 796da66 dhcp.c: improve input validation & length checks (+6,-2)
⇒ f4d759b dhcp.c: further improve validation (+4,-1)
CVE-2020-12114
Description: A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12114
Commits:
5faccaf kernel: bump 4.9 to 4.9.223 (+15,-15)
7b49c0b kernel: bump 4.14 to 4.14.180 (+18,-18)
CVE-2020-12762
Description: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12762
Commits:
15d73a2 libjson-c: backport security fixes (+117,-2)