OpenWrt v19.07.3 Changelog

This changelog lists all commits done in OpenWrt since the v19.07.2 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 19.07.3 release.

See also the release notes that provide a more accessible overview of the main changes in 19.07.3.

66cbfee build: add GCC 10 version detection (+6,-4)
a08394b build: prereq: tidy gcc version checks (-16)
96d280c scripts/download: add sources CDN as first mirror (+1)

e7fae8f ath79: add support for TP-Link Archer C60 v3 (+145,-12)
79b60d8 squashfskit4/Makefile: introduce PKG_RELEASE=1 (+1,-1)
45b586c tools: squashfskit4: fix build with GCC10 (+44,-1)
96092a8 mkrasimage: fix segmentation fault (+10,-9)

06f5a8d kernel: bump 4.14 to 4.14.172 (+20,-20)
6e4453a kernel: backport out-of-memory fix for non-Ethernet devices (+71)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)
f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)
0974d59 kernel: backport fix for non-regular inodes on f2fs (+69)
e678cb1 kernel: bump 4.14 to 4.14.179 (+2,-2)
d9244a1 generic: ar8216: fix unknown packet flooding for ar8229/ar8236 (+16,-7)
2efcfb1 kernel: bump 4.14 to 4.14.180 (+2,-2)
ddae86c generic: routerboot sysfs platform driver (+717)
511859d generic: mikrotik platform build bits (+39)
fa2369e generic: platform/mikrotik: support LZOR encoding (+261,-1)
85e04e9 generic: platform/mikrotik: fix LZOR support (+36,-21)

35ea808 uboot-kirkwood: fix ethernet and usb (+39,-1)

b32129d rssileds: add dependencies based on LDFLAGS (+1,-1)
798ff37 openssl: add configuration example for afalg-sync (+31,-2)
d5b1f44 openssl: update to 1.1.1e (+22,-41)
3940564 dnsmasq: add 'scriptarp' option (+3,-1)
eea3a96 openssl: revert EOF detection change in 1.1.1 (+81,-1)
83381ce readline: needs host depend on ncurses to build (+2)
96ee7c8 libpcap: Update shared-lib patch from Debian to fix linking problems (+156,-48)
36373c5 openssl: bump to 1.1.1f (+3,-83)
55c29c3 busybox: enable truncate on bcm53xx target (+1)
02c6dea mbedtls: update to version 2.16.5 (+2,-2)
3b6f079 mbedtls: update to 2.16.6 (+2,-2)
55312cc binutils: add ALTERNATIVES for strings (FS#3001) (+2,-1)
ef3df27 umdns: suppress address-of-packed-member warning (+2,-2)
b6d8119 umdns: update to the version 2020-04-05 (+4,-4)
⇒ 45c4953 dns: explicitly endian-convert all fields in header and question (+9,-13)
⇒ ab7a39a umdns: fix unused error (+2)
b71c7c2 umdns: update to version 2020-04-20 (+4,-4)
⇒ e74a3f9 dns.c: improve input validation (+3,-2)
efe837d openssl: bump to 1.1.1g (+2,-2)
6c02057 libpcap: fix build breakage with very high number of simultaneous jobs (+1,-1)
c2efc97 dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574) (+3,-4)
4e5a298 umdns: update to version 2020-04-25 (+3,-3)
⇒ cdac046 dns.c: fix input validation fix (+1,-1)
55591e6 curl: backport fix for CVE-2019-15601 (+45,-1)
f141cdd hostapd: unconditionally enable ap/mesh for wpa-cli (+8,-2)
2df0ea0 wpad-wolfssl: fix crypto_bignum_sub() (+26)
5f0e25d perf: build with NO_LIBCAP=1 (+1)
ee480c5 dante: Fix compile with glibc (+54,-1)
429e449 libpcap: fix library packaging issues (+5,-1)
b956f6b wireguard: bump to 20191226 (+61,-34)
81f3f65 wireguard: bump to 1.0.20200506 (+2,-2)
7e9d84e opkg: update to latest Git HEAD (+3,-3)
⇒ 206ebae file_util.c: fix possible bad memory access in file_read_line_alloc() (+2,-5)
⇒ 60b9af2 file_util.c: refactor and fix checksum_hex2bin() (+14,-16)
⇒ b6f1967 libopkg: use xsystem() to spawn opkg-key (+3,-23)
⇒ 2a0210f opkg-cl: don't read feeds on opkg update (+2,-1)
⇒ cf4554d libopkg: support passing callbacks to feed parsing functions (+23,-18)
⇒ f2166a8 libopkg: implement lightweight package listing logic (+98,-20)
4cd9ae4 libjson-c: backport security fixes (+117,-2)

54b6683 wireless-regdb: backport three upstream fixes (+935)
844b892 ath10k-firmware: fix mirror hash (+1,-1)

1df49d9 relayd: bump to version 2020-04-20 (+3,-3)
5b4e4a3 relayd: bump to version 2020-04-25 (+3,-3)
⇒ 796da66 dhcp.c: improve input validation & length checks (+6,-2)
⇒ f4d759b dhcp.c: further improve validation (+4,-1)
ac5d5d8 ustream-ssl: update to 19.07 Git HEAD (+4,-4)
⇒ 77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning (+1,-1)
⇒ 30cebb4 ustream-ssl: mbedtls: fix ssl client verification (-7)
⇒ 40b563b ustream-openssl: clear error stack before SSL_read/SSL_write (+12,-2)
5e8b50d odhcpd: fix lan host reachibility due to identical RIO and PIO prefixes (FS#3... (+3,-3)
⇒ 49e4949 router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3... (+11,-1)
c61fbdd odhcpd: fix PKG_SOURCE_DATE (+1,-1)
a8c92e9 opkg: Fix PKG_MIRROR_HASH (+1,-1)

f6f0cd5 rpcd: update to latest Git HEAD (+3,-3)
⇒ aaa0836 file: extend exec acl checks to commands with arguments (+28,-2)
e7f1313 rpcd: add respawn param (+2,-1)
794fd4c procd: turn error into debug message for missing ujail binary (+3,-3)
⇒ 09b9bd8 instance: turn error into debug message for missing ujail binary (+1,-1)
bf5ea2a rpcd: fix respawn settings (+1,-1)
55ccb04 upgs: Remove extra _DEFAULT_SOURCE definition (-4)
5c6dfb5 fstools: update to the latest version (+3,-3)
⇒ f5c7c18 fstools: Add support to read-only MTD partitions (eg. recovery images) (+15,-4)
⇒ deb745f Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)" (+4,-15)
⇒ 84965b9 blockd: print symlink error code and string message (+2,-2)
⇒ 62c578c blockd: report "target" path as "mount" for autofs available mounts (+2)
⇒ d1f1f2b block: remove mount target file if it's a link (+3)
⇒ 830441d blockd: remove symlink linkpath file if it's a dir or link (+7)
⇒ c80f700 libfstools/mtd: attempt to read from OOB data if empty space is found (+12,-4)
8fa4ed9 fstools: update to the latest version (+3,-3)
⇒ 0b93429 Revert "block: mount_action: handle mount/umount deps" (+13,-30)
⇒ 32db27d Revert "block: support hierarchical mount/umount" (+51,-101)
⇒ d70774d block: add some basic extroot documentation (+16)
⇒ 37c9148 block: simplify check_extroot() a bit (+47,-42)
⇒ 8b9e601 block: always use st_dev (device ID) of / when looking for root (+11,-15)
3b9e4d6 fstools: update to the latest version (+3,-3)
⇒ cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20) (+4,-2)
⇒ 4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount (+85,-51)
⇒ 9ab936d block(d): always call hotplug.d "mount" scripts from blockd (+87,-36)
⇒ eec16e2 blockd: add optional "device" parameter to "info" ubus method (+51,-21)
a6caa8f uhttpd: update to 19.07 Git HEAD (+3,-3)
⇒ d062f85 file: poke ustream after starting deferred program (+1)
⇒ 975dce2 client: allow keep-alive for POST requests (+1,-2)
d2ee15e fstools: blockd: fix segfault triggered by non-autofs mounts (+3,-3)
⇒ 8426903 blockd: fix segfault triggered by non-autofs mounts (+1,-1)

06f5a8d kernel: bump 4.14 to 4.14.172 (+20,-20)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)

ef39179 ar71xx: correct AVM FRITZ Repeater 450E WPS button flag (+1,-1)
1713707 ar71xx: add missing LED migration for Archer C7 (+3)
6835199 ar71xx/ath79: ew-dorin, fix the trigger level for WPS button (+2,-2)
83f1015 ar71xx: fix swapped LAN/WAN MAC address for Archer C60 v1/v2 (+5,-5)
e4107e3 ar71xx: remove wrong MAC address adjustment for Archer C60 v2 (+1,-2)
76c1c1d ar71xx: fix port order on TP-Link Archer C60 v1/v2 (+2,-6)
27e7792 ar71xx: use status led for GL.iNet GL-AR750S (+1)
f5b3cd1 ar71xx: Fix gigabit switch support for Mikrotik RB951G-2HnD (+2)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)
f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)
612b64e ar71xx: enable mikrotik platform driver (+2)
b36aa16 ar71xx: mikrotik: ath10k: use new sysfs driver (+2,-2)
3fecb06 ar71xx: mikrotik: bypass id check in __rb_get_wlan_data() (+3,-7)
4cd44e5 ar71xx: mikrotik: mach-rbspi.c remove wlan id (+7,-7)
6ffd4d8 ar71xx: remove hard-coded folder name from Mikrotik RB upgrade (+6,-1)

6835199 ar71xx/ath79: ew-dorin, fix the trigger level for WPS button (+2,-2)
9f024d3 ath79: fix swapped LAN/WAN MAC address for Archer C60 v1/v2 (+1,-1)
f1a3a6b ath79: fix port order on TP-Link Archer C60 v1/v2 (+2,-6)
7ae345e ath79: add support for TP-Link TL-WR740N v5 (+19)
e7fae8f ath79: add support for TP-Link Archer C60 v3 (+145,-12)
456e1c6 ath79: add support for TP-Link WDR3500 v1 (+238,-132)
2e6bfab ath79: add support for TP-Link TL-WA850RE v1 (+180)
bdbda30 ath79: add support for TP-Link TL-WA860RE v1 (+84,-1)
470f7c0 ath79: add support for TP-Link TL-WDR4310 v1 (+23,-1)
286c407 ath79: add SUPPORTED_DEVICES for TP-Link TL-WA901ND v2 (+1)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)
f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)
65cf72d ath79: add SUPPORTED_DEVICES based on ar71xx for some devices (+13)
f40947a ath79: indicate boot/failsafe/upgrade for NanoBeam/Nanostation AC (+14,-2)
ecea10f ath79: dts: add missing 'serial0' alias for TP-Link TL-MR3040v2 (+1)

a89731a bcm53xx: fix ASUS firmwares to use vendor format (+12,-2)
35413b0 bcm53xx: sysupgrade: optimize building UBI image (+3,-3)
ab3549a bcm53xx: refactor board.d code in 02_network (+95,-94)
5b9b833 bcm53xx: add support for Luxul FullMAC WiFi devices (+36,-1)

06f5a8d kernel: bump 4.14 to 4.14.172 (+20,-20)
81264eb brcm2708: fix build failure (+2,-2)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)
f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)

f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)

06f5a8d kernel: bump 4.14 to 4.14.172 (+20,-20)

06f5a8d kernel: bump 4.14 to 4.14.172 (+20,-20)

74a8e36 layerscape: add kmod-i2c-mux to DEVICE_PACKAGES for traverse-ls1043 (+1,-1)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)
f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)

06f5a8d kernel: bump 4.14 to 4.14.172 (+20,-20)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)

06f5a8d kernel: bump 4.14 to 4.14.172 (+20,-20)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)
d8e0b01 mvebu: backport ClearFog SPI enablement (+50)
67ed408 mvebu: cortexa9: correct cpu subtype (+1,-1)

f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)

0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)

06f5a8d kernel: bump 4.14 to 4.14.172 (+20,-20)
2bd9d2e oxnas: backport patch fixing hang after reboot (+77)
cf4520d oxnas: backport another fix for irqchip (+58)
168acbb oxnas: yet another irqchip related patch (+55)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)
bfe652c oxnas: move service file to correct place ()
f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)

14c8ea0 ramips: use full 8MB flash on ZyXEL Keenetic (+2,-2)
01b624e Revert "ramips: disable ZyXel Keenetic by default" (-1)
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)
b80a98a ramips: remove unnecessary DEVICE_PACKAGES for Belkin F7C027 (-1)
5feb0df ramips: remove memory node for ZBT MT7621 devices (-15)
f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)

dee8fcf tegra: correct cpu subtype (+1,-1)

dba6f41 mac80211: fix brcmfmac monitor interface crash (+101,-1)
c6c3f6b mac80211: Update to version 4.19.112 (+65,-365)
ec6cb33 mac80211: backport fix for an no-ack tx status issue (+83,-1)
005adba mac80211: ath10k: increase rx buffer size to 2048 (+37)
607809d mac80211: Update to version 4.19.120 (+63,-63)

9da31d0 mt76: update to the latest version (+3,-3)
⇒ 8682e0d mt76: speed up usb bulk copy (+19,-7)
⇒ 884c25e mt76: usb: use max packet length for m76u_copy (+22,-14)
⇒ 1ad98b9 mt76: mt76u: rely only on data buffer for usb control messagges (+4,-5)
⇒ 3d49160 mt76: fix array overflow on receiving too many fragments for a packet (+6,-3)
⇒ 9792a62 mt76: set dma-done flag for flushed descriptors (+3,-1)
⇒ 53233cd mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw (+8,-1)
⇒ a4ae921 mt76: dma: do not write cpu_idx on rx queue reset until after refill (+8,-7)
⇒ 1198fa5 mt76: mt7603: increase dma mcu rx ring size (+2,-1)
⇒ 91cd5be mt76: avoid extra RCU synchronization on station removal (+22,-3)
⇒ 7d7fb26 mt76: mt76x2: avoid starting the MAC too early (+1,-1)
⇒ aac6098 mt76: fix LED link time failure (+2,-1)
⇒ 18627db mt76: mt76x0u: add support to TP-Link T2UHP (+1)
⇒ 5ecfdb1 mt76: mt76x02: fix handling MCU timeouts during hw restart (+31,-13)
⇒ f7e9be8 mt76: mt7603: add upper limit for dynamic sensitivity minimum receive power (+6,-1)
⇒ 23b8344 mt76: mt7603: enable dynamic sensitivity adjustment by default (+1)
⇒ 08054d5 mt76: mt76x02: reset MCU timeout counter earlier in watchdog reset (+1,-4)

Description: Keenetic problems
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2487
Commits:
14c8ea0 ramips: use full 8MB flash on ZyXEL Keenetic (+2,-2)

Description: busybox ntpd: NTP + DNSSEC chicken-and-egg problem at boot
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2574
Commits:
c2efc97 dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574) (+3,-4)

Description: multicast ff02::2 not responding since 19.07
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2848
Commits:
d9244a1 generic: ar8216: fix unknown packet flooding for ar8229/ar8236 (+16,-7)

Description: wireless-regdb is outdated and faulty for at least "CH" and "LI"
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2880
Commits:
54b6683 wireless-regdb: backport three upstream fixes (+935)

Description: tcpdump error loading shared libraray libpcap.so.1
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2970
Commits:
429e449 libpcap: fix library packaging issues (+5,-1)

Description: [busybox] collision with binutils
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3001
Commits:
55312cc binutils: add ALTERNATIVES for strings (FS#3001) (+2,-1)

Description: Error building libpcap with very high number of simultaneous jobs
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3010
Commits:
6c02057 libpcap: fix build breakage with very high number of simultaneous jobs (+1,-1)

Description: Error updating to TP-LINK TL-WR842ND firmware to 19.07.2
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3017
Commits:
65cf72d ath79: add SUPPORTED_DEVICES based on ar71xx for some devices (+13)

Description: system.ntp.enabled is not set
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3022
Commits:
c2efc97 dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574) (+3,-4)

Description: ZBT WE3526 256MB Variant Soft Bricks Because of ZBT-WE3526.dts
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3053
Commits:
5feb0df ramips: remove memory node for ZBT MT7621 devices (-15)

Description: odhcpd: "on-link" Router Information Options pollution in Router Advertisements
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3056
Commits:
5e8b50d odhcpd: fix lan host reachibility due to identical RIO and PIO prefixes (FS#3... (+3,-3)
⇒ 49e4949 router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3... (+11,-1)
c61fbdd odhcpd: fix PKG_SOURCE_DATE (+1,-1)

Description: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551
Commits:
d5b1f44 openssl: update to 1.1.1e (+22,-41)

Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15601
Commits:
55591e6 curl: backport fix for CVE-2019-15601 (+45,-1)

Description: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
Commits:
efe837d openssl: bump to 1.1.1g (+2,-2)

Description: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8647
Commits:
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)

Description: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8648
Commits:
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)

Description: There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8649
Commits:
0232f57 kernel: bump 4.14 to 4.14.176 (+130,-368)

Description: An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10932
Commits:
3b6f079 mbedtls: update to 2.16.6 (+2,-2)

Description: An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11669
Commits:
f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11750
Commits:
b71c7c2 umdns: update to version 2020-04-20 (+4,-4)
⇒ e74a3f9 dns.c: improve input validation (+3,-2)
4e5a298 umdns: update to version 2020-04-25 (+3,-3)
⇒ cdac046 dns.c: fix input validation fix (+1,-1)

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11752
Commits:
1df49d9 relayd: bump to version 2020-04-20 (+3,-3)
5b4e4a3 relayd: bump to version 2020-04-25 (+3,-3)
⇒ 796da66 dhcp.c: improve input validation & length checks (+6,-2)
⇒ f4d759b dhcp.c: further improve validation (+4,-1)

Description: A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12114
Commits:
f9ef0c5 kernel: bump 4.14 to 4.14.178 (+65,-198)

Description: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12762
Commits:
4cd9ae4 libjson-c: backport security fixes (+117,-2)