OpenWrt v19.07.0-rc2 Changelog
This change log lists all commits done in preparation of OpenWrt 19.07.0-rc2 since OpenWrt 19.07.0-rc1.
Commits are roughly grouped by subsystem and chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 19.07.0-rc2 release.
Build System / Buildroot (5 changes)
785d4f3
build: fixup python SetupHostCommand to use python2 (+3,-3)
799de7c
build: cleanup possibly dangling Python 3 host symlink (+14)
15ce616
build: add PKG_SOURCE_URL_FILE support (+1)
7581a7b
config: kernel: fix typo in HFSPLUG_FS_POSIX_ACL (+1,-1)
628e996
OpenWrt v19.07.0-rc2: adjust config defaults (+11,-9)
Build System / Feeds (1 change)
628e996
OpenWrt v19.07.0-rc2: adjust config defaults (+11,-9)
Build System / Host Utilities (3 changes)
b3514e3
ar71xx: improve support for TP-Link CPE510 v2 (+87,-23)
9943506
tools/e2fsprogs: Update to version 1.45.4 (+2,-2)
502c4a8
expat: Update to version 2.2.9 (+2,-2)
Build System / Toolchain (1 change)
dd284c6
toolchain/gcc: bump to 7.5.0 (+3,-3)
Kernel (11 changes)
9834c3d
kernel: fix LED netdev trigger on interface rename (+49)
6ac1aa1
kernel: bump 4.14 to 4.14.152 (+13,-124)
2117f63
kernel: fix typo in fb-sys-fops autoload (+1,-1)
3c5c49a
kernel: bump 4.14 to 4.14.154 (+143,-158)
db34522
kernel: bump 4.14 to 4.14.155 (+99,-204)
ad0463c
kernel: Add missing configuration option (+1)
436dbf1
kernel: nf_conntrack_rtcache: fix cleanup on netns delete and rmmod (+13,-1)
2a2f9ff
kernel: nf_conntrack_rtcache: fix WARNING on forward path (+1,-11)
7c321e0
kernel: nf_conntrack_rtcache: fix WARNING on rmmod (+1,-3)
953d9c3
kernel: bump 4.14 to 4.14.156 (+67,-67)
db8345d
generic ar8xxx: increase VLAN table for AR83x7 (+13,-9)
Packages / Boot Loaders (8 changes)
0803b62
uboot-envtools: Add TARGET_LDFLAGS to fix PIE and RELRO (+9,-11)
c9e5979
ar71xx: update uboot-envtools for Netgear WNR routers (+10,-1)
d1fbaa3
ath79: update uboot-envtools for Netgear WNR routers (+4)
496489e
uboot-fritz4040: update to latest HEAD (+3,-3)
⇒ e4c857c
add machtype override hack (+7)
⇒ d651302
enable support for Atheros AR8033 PHY (+3,-1)
⇒ f92be9d
add support for AVM FRITZ!Repeater 1200 (+131)
6160f77
ipq40xx: add support for AVM FRITZ!Repeater 1200 (+287,-6)
939dfe6
uboot-envtools: ramips: add support for ALFA Network R36M-E4G (+1)
a0897f8
uboot-envtools: ramips: add support for ALFA Network Quad-E4G (+1)
1859391
uboot-envtools: ath79: add support for YunCore XD4200 and A782 (+3,-1)
Packages / Common (20 changes)
569bec1
curl: bump to 7.66.0 (+4,-4)
963cee1
xfsprogs: Fix compilation with newer musl (+49,-6)
69dcd89
strace: Fix build on PowerPC (-17)
9be3501
wolfssl: allow building with hw-crytpo and AES-CCM (+160,-21)
6cabbe9
wolfssl: update to v4.2.0-stable (+4,-142)
0473292
hostapd: adjust removed wolfssl options (-4)
0fcf02d
hostapd: revert signature change in patch (+1,-1)
eba6834
hostapd: declare struct wpa_bss early (+19)
3e9b3d0
hostapd: fix OWE settings in client mode (+2,-1)
e185481
hostapd: mirror ieee80211w ap mode defaults in station mode (+10,-1)
80b58a9
hostapd: Update to version 2.8 (2019-04-21) (+532,-5.7K)
⇒ 368c9dc
The master branch is now used for v2.8 development (+1,-1)
⇒ f2973fa
FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y (-2)
⇒ 9da196a
VLAN: Warn about interface name truncation (+29,-11)
⇒ 11adf76
EAP-TLS server: Update user information based on serial number (+19)
⇒ 6ff4241
HS 2.0 server: Include phase2=0 users for TLS in the user list (+1,-1)
⇒ 34341b0
HS 2.0 server: Do not set phase2=1 for certificate-based users (+7,-10)
⇒ 2166651
HS 2.0 server: Clear remediation requirement for certificate credentials (+48,-2)
⇒ d726f4d
HS 2.0 server: Document client certificate related Apache configuration (+5)
⇒ 7183467
HS 2.0 server: Client certificate reenrollment (+197,-16)
⇒ 0e1ab32
HS 2.0 server: Fix couple of memory leaks (+7,-1)
⇒ f81e655
WPS NFC: Fix potential NULL pointer dereference on an error path (+2,-1)
⇒ 4b1ae27
tests: Connect to WPS AP with NFC connection handover (local failure) (+25)
⇒ 4c02242
Define spectral scaling parameters as QCA vendor specific attributes (+35)
⇒ 678d841
Move send_probe_response parameter to BSS specific items (+6,-4)
⇒ 891e166
hostapd: Update HE Capabilities and Operation element definition (+15,-20)
⇒ 17adac9
FILS: Do not process FILS HLP request again while previous one is pending (+26)
⇒ + 817 more...
5e8d1b5
hostapd: Update to version 2.9 (2019-08-08) (+272,-639)
⇒ 516cced
The master branch is now used for v2.9 development (+1,-1)
⇒ 2ed2b52
DPP: Add configuration structure to dpp_global_init() (+20,-4)
⇒ 9ffec2e
DPP: Make pkhash available in bootstrapping info (+7,-2)
⇒ 88a78bd
DPP2: Protocol exchange over TCP using Controller/Relay (+1.4K)
⇒ e00f780
DPP2: hostapd as TCP Relay (+154,-7)
⇒ c02dd10
DPP2: wpa_supplicant as Controller over TCP (+32)
⇒ 2a5a068
DPP2: wpa_supplicant as TCP initiator (+56,-12)
⇒ 5fbefcc
tests: DPP over TCP using Controller/Relay (+125,-1)
⇒ cfde99a
Add 802.11 reason code strings into wpa_supplicant messages (+82,-7)
⇒ 4be17ff
Replace int status/reason_code with u16 variable (+38,-38)
⇒ 9c95124
Add 802.11 status code strings (+122,-10)
⇒ 95f556f
Make channel switch started event available over control interface (+67,-14)
⇒ fa33592
wpa_cli: Make CTRL-EVENT-CHANNEL-SWITCH available to action scripts (+2)
⇒ 64c20a8
tests: Channel switch started/completed events (+29)
⇒ 1b90aae
nl80211: Remove QCA vendor specific HE capability handling (-101)
⇒ 5b3940d
nl80211: Add driver HE capabilities parsing support (+86,-4)
⇒ + 346 more...
90a0daf
hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR (+4,-16)
8190862
hostapd: Remove unneeded patch (+14,-28)
0e85b63
hostapd: use getrandom syscall (+7,-7)
f6111db
hostapd: Add mesh support for wpad full (+2,-2)
a6e7f68
hostapd: add IEEE 802.11k support (+13)
e68d589
e2fsprogs: Fix CVE-2019-5094 in libsupport (+204,-1)
5cb845e
mtd: Activate LTO compile option (+2,-1)
cde7095
busybox: add glibc dependency for vi regex option (+2,-1)
Packages / Firmware (11 changes)
a6b30f9
firmware: intel-microcode: bump to 20190514 (+2,-2)
8cd24d3
firmware: intel-microcode: bump to 20190618 (+2,-2)
5e1864d
firmware: intel-microcode: bump to 20190918 (+2,-2)
f2ef9b4
wireless-regdb: update to 2019.06.03 (+8,-260)
53d8de0
wireless-regdb: Make it build with python2 (+58)
e8d528a
wireless-regdb: prefer python provided by make variable (+1,-1)
0a4071b
wireless-regdb: set PKGARCH:=all (+1)
d6ecadb
wireless-regdb: fix Makefile indentation (+5,-5)
2751c5c
wireless-regdb: fix patch fuzz (+1,-1)
538ca42
wireless-regdb: fix build when python2 from package feeds exists (+1,-1)
63b1e8f
ipq-wifi: add AVM FRITZ!Repeater 1200 bdf (+2)
Packages / LEDE base files (3 changes)
d5f5098
base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2 (+1,-1)
a2d9de2
base-files: config_generate: split macaddr with multiple ifaces (+11,-7)
628e996
OpenWrt v19.07.0-rc2: adjust config defaults (+11,-9)
Packages / LEDE network userland (5 changes)
2a09f43
ustream-ssl: Update to latest git HEAD (+5,-5)
⇒ 79d91aa
Remove CyaSSL, WolfSSL < 3.10.4 support (+15,-53)
⇒ 33308ee
ustream-io-cyassl.c: fix client-mode connections (+20,-2)
⇒ 1c38fd8
wolfssl: enable CN validation (+14,-4)
⇒ 3b06c65
Update example certificate & key, fix typo (+44,-17)
⇒ 465f8dc
wolfssl: adjust to new API in v4.2.0 (+6,-2)
58db9be
ustream-ssl: update to latest Git HEAD (+3,-59)
⇒ c9b6668
ustream-ssl: skip writing pending data if .eof is true after connect (+20)
b416195
firewall: update to latest git HEAD (+3,-3)
⇒ daed0cf
utils: fix resource leak (+1)
b0adf79
firewall: update to latest Git HEAD (+3,-3)
⇒ 72a486f
zones: fix emitting match rules for zones with only "extra" options (+1,-1)
⇒ 8174814
utils: persist effective extra_src and extra_dest options in state file (+16)
1fc05c3
swconfig: Activate LTO compile option (+3)
Packages / LEDE system userland (2 changes)
42aa51a
rpcd: update to latest Git HEAD (+3,-3)
⇒ 77ad0de
plugin: avoid truncating numeric values (+72,-2)
a4d798e
usign: Activate LTO compile option (+3)
Target / ar71xx (14 changes)
b3514e3
ar71xx: improve support for TP-Link CPE510 v2 (+87,-23)
3d840ee
ar71xx: fix tl-wdr3320-v2 upgrade (+1,-1)
8a21bc3
ar71xx: fix MAC addresses for Archer C5 v1, C7 v1/v2, WDR4900 v2 (+2,-3)
e945c43
ar71xx: fix MAC address setup for TL-WDR4900 v2 (+6,-3)
3c65c47
ar71xx: fix LED setup for TL-WDR4900 v2 (+36,-2)
8fac0b3
ar71xx: fix buttons for TP-Link TL-WDR4900 v2 (+13,-2)
3a5e28b
ar71xx: ubnt-(xm,xw): add rssileds package (+8,-2)
1793bae
ar71xx: disable Netgear WNR612 v2 by default (+1)
c65f09b
ar71xx: disable TP-Link TL-WA850RE v2 by default (+1)
6af348f
ar71xx: disable On Networks N150R by default (+1)
0686418
ar71xx: disable Netgear WNR2000v4 by default (+1)
531ab59
ar71xx: disable TP-Link TL-WA850RE by default (+1)
7232d92
ramips: disable TP-Link TL-WA750RE by default (+1)
eb836ea
ar71xx: disable TP-Link TL-WA855RE by default (+1)
Target / ath79 (12 changes)
5fc63ec
ath79: disable building future NAND images for GL-AR300M/GL-AR750S (+3,-3)
cc598c9
ath79: fix identifier for Nanostation M in ath9k caldata extraction (+1,-1)
ab29ffb
ath79: fix SUPPORTED_DEVICES for TP-Link TL-WR1043ND v3 (+1,-1)
b50177d
ath79: remap D-Link DIR-859 A1 WPS button to WPS (+1,-1)
fe82c71
ath79: include rssileds package for ubnt devices with LEDs (+8,-3)
a8b2935
ath79: fix sysupgrade from ar71xx for WNDR3700 V2 and WNDR3800(CH) (+2,-2)
f97d235
ath79: remove ath10k drivers from Archer C7 v1 profile (+1,-1)
1cb763c
ath79: add PoE passthrough switch for Ubiquiti Nanostation (XM/XW) (+6)
70233e3
ath79: Add support for TP-Link Archer C60 v1 (+183,-1)
449433d
ath79: Add support for TP-Link Archer C60 v2 (+78,-2)
83a18ae
ath79: add support for YunCore TFTP image generation (+15)
45c9923
ath79: add support for YunCore XD4200 and A782 (+211,-1)
Target / brcm2708 (2 changes)
Target / brcm47xx (2 changes)
db34522
kernel: bump 4.14 to 4.14.155 (+99,-204)
59ef47a
brcm47xx: disable Linksys E1000 v1 by default (+1)
Target / brcm63xx (1 change)
db34522
kernel: bump 4.14 to 4.14.155 (+99,-204)
Target / cns3xxx (2 changes)
3685f86
cns3xxx: use proper macros for defining partition regions (+8,-6)
953d9c3
kernel: bump 4.14 to 4.14.156 (+67,-67)
Target / gemini (1 change)
953d9c3
kernel: bump 4.14 to 4.14.156 (+67,-67)
Target / ipq40xx (4 changes)
3c5c49a
kernel: bump 4.14 to 4.14.154 (+143,-158)
ca3339c
ipq40xx: fix build error (+10,-11)
db34522
kernel: bump 4.14 to 4.14.155 (+99,-204)
6160f77
ipq40xx: add support for AVM FRITZ!Repeater 1200 (+287,-6)
Target / ipq806x (3 changes)
3c5c49a
kernel: bump 4.14 to 4.14.154 (+143,-158)
db34522
kernel: bump 4.14 to 4.14.155 (+99,-204)
953d9c3
kernel: bump 4.14 to 4.14.156 (+67,-67)
Target / lantiq (1 change)
953d9c3
kernel: bump 4.14 to 4.14.156 (+67,-67)
Target / layerscape (5 changes)
6ac1aa1
kernel: bump 4.14 to 4.14.152 (+13,-124)
3c5c49a
kernel: bump 4.14 to 4.14.154 (+143,-158)
db34522
kernel: bump 4.14 to 4.14.155 (+99,-204)
b1ef0e4
layerscape: Fix kernel patch (+1,-1)
953d9c3
kernel: bump 4.14 to 4.14.156 (+67,-67)
Target / mediatek (2 changes)
Target / mvebu (1 change)
3c5c49a
kernel: bump 4.14 to 4.14.154 (+143,-158)
Target / mxs (1 change)
953d9c3
kernel: bump 4.14 to 4.14.156 (+67,-67)
Target / oxnas (1 change)
953d9c3
kernel: bump 4.14 to 4.14.156 (+67,-67)
Target / ramips (22 changes)
5d30ff1
ramips: correct R6220 button flag (+3,-3)
079b202
ramips: fix MAC address setup for Samsung CY-SWR1100 (+3,-3)
60f41c6
ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES of CY-SWR1100 (+2,-1)
a1ff175
ramips: rt3833: fix build breakage (+1,-1)
1bd280b
ramips: disable D-Link DIR-300 B1 by default (+1)
960de44
ramips: assign correct key-code to wps buttons (+2,-2)
3c5c49a
kernel: bump 4.14 to 4.14.154 (+143,-158)
b6c80f8
ramips: set uImage name of WeVO 11AC NAS and W2914NS v2 (+2)
3806899
ramips: use upstream RAW_APPENDED_DTB instead of our OWRTDTB (+15,-86)
ee71837
ramips: refresh all subtargets kernel configs (+40,-5)
7a62e90
ramips: support dual image feature on ALFA Network boards (+27,-3)
c515cd7
ramips: add support for ALFA Network R36M-E4G (+238,-4)
71469ca
ramips: add support for ALFA Network Quad-E4G (+265,-13)
953d9c3
kernel: bump 4.14 to 4.14.156 (+67,-67)
4b759ca
ramips: disable ASUS RT-N10+ B1 by default (+1)
02fc43b
ramips: disable D-Link DIR-300 B5/B6/B7 by default (+1)
2607c02
ramips: disable D-Link DIR-645 by default (+1)
6a124ef
ramips: disable Sitecom WL-351 by default (+1)
634db79
ramips: disable TP-Link TL-WR840N v5 by default (+1)
67aca5f
ramips: disable A5-V11 by default (+1)
432a349
ramips: disable WR512-3GN 4MB variant by default (+1)
c38074d
ramips: disable ZyXel Keenetic by default (+1)
Target / x86 (1 change)
3c5c49a
kernel: bump 4.14 to 4.14.154 (+143,-158)
Wireless / Common (7 changes)
2b4d9b6
mac80211 ath9k: force QCA953x clock to 25MHz (+13,-6)
d3e11e8
mac80211: Fix dependencies of kmod-rsi91x-usb (+2,-2)
67957cd
mac80211: brcmfmac: fix PCIe reset crash and WARNING (+85,-1)
17d8e47
mac80211: Adapt to changes to skb_get_hash_perturb() (+68)
75d11f6
mac80211: backport upstream fixes (+205)
e30ca0d
mac80211: update to version 4.19.85 (+76,-421)
b177b18
mac80211: add default value for noscan (+3,-1)
Miscellaneous (1 change)
0c9be4f
gitignore: ignore patches in OpenWrt root directory (+1)
Addressed bugs
#408
Description: Archer C7 has incorrect default bssid addresses for wifi networks
Link: https://bugs.openwrt.org/index.php?do=details&task_id=408
Commits:
8a21bc3
ar71xx: fix MAC addresses for Archer C5 v1, C7 v1/v2, WDR4900 v2 (+2,-3)
#1472
Description: Stopping lxc container results in kernel oops
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1472
Commits:
436dbf1
kernel: nf_conntrack_rtcache: fix cleanup on netns delete and rmmod (+13,-1)
#1743
Description: Archer C7 v1.1 is soft bricked with the 18.06 release
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1743
Commits:
f97d235
ath79: remove ath10k drivers from Archer C7 v1 profile (+1,-1)
#2193
Description: netdev LED Trigger for pppoe-wan
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2193
Commits:
9834c3d
kernel: fix LED netdev trigger on interface rename (+49)
#2239
Description: Internet LED on W8970 Not Working (18.06-SNAPSHOT r7737-6ac061f319)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2239
Commits:
9834c3d
kernel: fix LED netdev trigger on interface rename (+49)
#2353
Description: CPU: 0 PID: 11550 Comm: kworker/u2:3 Not tainted 4.14.131 #0 / Workqueue: netns cleanup_net
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2353
Commits:
436dbf1
kernel: nf_conntrack_rtcache: fix cleanup on netns delete and rmmod (+13,-1)
#2426
Description: X86 platform kernel error report
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2426
Commits:
436dbf1
kernel: nf_conntrack_rtcache: fix cleanup on netns delete and rmmod (+13,-1)
#2510
Description: WNDR3700v2, WNDR3800 unable to update from ar71xx-generic to ath79
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2510
Commits:
a8b2935
ath79: fix sysupgrade from ar71xx for WNDR3700 V2 and WNDR3800(CH) (+2,-2)
#2585
Description: Strace fails to build on powerpc8540 - error: invalid use of undefined type 'struct pt_regs'
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2585
Commits:
69dcd89
strace: Fix build on PowerPC (-17)
#2606
Description: D-Link DIR-300 B1: not enough space for jffs2
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2606
Commits:
1bd280b
ramips: disable D-Link DIR-300 B1 by default (+1)
#2624
Description: [19.07] wired LAN crashes repeatedly after backport commit r10733-436dbf12aa
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2624
Commits:
2a2f9ff
kernel: nf_conntrack_rtcache: fix WARNING on forward path (+1,-11)
Security fixes
CVE-2018-12126
Description: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126
Commits:
a6b30f9
firmware: intel-microcode: bump to 20190514 (+2,-2)
8cd24d3
firmware: intel-microcode: bump to 20190618 (+2,-2)
CVE-2018-12127
Description: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127
Commits:
a6b30f9
firmware: intel-microcode: bump to 20190514 (+2,-2)
8cd24d3
firmware: intel-microcode: bump to 20190618 (+2,-2)
CVE-2018-12130
Description: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130
Commits:
a6b30f9
firmware: intel-microcode: bump to 20190514 (+2,-2)
8cd24d3
firmware: intel-microcode: bump to 20190618 (+2,-2)
CVE-2019-5094
Description: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094
Commits:
9943506
tools/e2fsprogs: Update to version 1.45.4 (+2,-2)
e68d589
e2fsprogs: Fix CVE-2019-5094 in libsupport (+204,-1)
CVE-2019-5101
Description: An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function __ustream_ssl_poll, which is used to dispatch the read/write events
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5101
Commits:
58db9be
ustream-ssl: update to latest Git HEAD (+3,-59)
⇒ c9b6668
ustream-ssl: skip writing pending data if .eof is true after connect (+20)
CVE-2019-5102
Description: An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5102
Commits:
58db9be
ustream-ssl: update to latest Git HEAD (+3,-59)
⇒ c9b6668
ustream-ssl: skip writing pending data if .eof is true after connect (+20)
CVE-2019-5481
Description: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481
Commits:
569bec1
curl: bump to 7.66.0 (+4,-4)
CVE-2019-5482
Description: Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482
Commits:
569bec1
curl: bump to 7.66.0 (+4,-4)
CVE-2019-11091
Description: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091
Commits:
a6b30f9
firmware: intel-microcode: bump to 20190514 (+2,-2)
8cd24d3
firmware: intel-microcode: bump to 20190618 (+2,-2)
CVE-2019-15651
Description: wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15651
Commits:
6cabbe9
wolfssl: update to v4.2.0-stable (+4,-142)
CVE-2019-15903
Description: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
Commits:
502c4a8
expat: Update to version 2.2.9 (+2,-2)
CVE-2019-16748
Description: In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16748
Commits:
6cabbe9
wolfssl: update to v4.2.0-stable (+4,-142)