OpenWrt v19.07.8 Changelog

This changelog lists all commits done in OpenWrt since the v19.07.7 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 19.07.8 release.

See also the release notes that provide a more accessible overview of the main changes in 19.07.8.

0a08a9a build: fix checks for GCC11 (+4,-4)
33df82b build: package-ipkg: avoid calling wildcard twice (+8,-2)
1fcd833 build: call ipkg-remove using xargs if #args>=512 (+11,-1)
afdd5dc build: reduce number of files passed to ipk-remove (+8,-11)
dce6b11 scripts: bundle-libraries.sh: fix broken SDK compiler (+18,-1)
5bec393 prereq-build: test for perl's Data::Dumper (+4)
ded3ad3 Extend checks on build prerequisites for building OpenWRT core (+12,-1)

a2728a8 tplink-safeloader: fix C7v5 factory flashing from vendor fw > v1.1.x (+1,-1)
a1ee0eb tools/mklibs: Fix compile with GCC 11 (+1)

b4a4d04 kernel: bump 4.14 to 4.14.222 (+16,-16)
55e9d87 kernel: bump 4.14 to 4.14.223 (+51,-51)
3402334 kernel: bump 4.14 to 4.14.224 (+6,-6)
c43c434 kernel: bump 4.14 to 4.14.227 (+75,-75)
273ded6 kernel: bump 4.14 to 4.14.228 (+32,-32)
7f3ec4c kernel: bump 4.14 to 4.14.229 (+11,-11)
2c46ba4 kernel: backport fix for flexcan bug (+50)
906f560 kernel: bump 4.14 to 4.14.230 (+33,-83)
4398a35 kernel: bump 4.14 to 4.14.231 (+10,-10)
f342de4 kernel: bump 4.14 to 4.14.232 (+7,-7)
e108301 generic: platform/mikrotik: release mtd device after use (+4,-1)
ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)
bdd7fac kernel: bump 4.14 to 4.14.236 (+2,-2)
e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

6bf5bfc openssl: bump to 1.1.1j (+2,-2)
e9c0c50 hostapd: backport ignoring 4addr mode enabling error (+79,-1)
4b19b2d hostapd: P2P: Fix a corner case in peer addition based on PD Request (+46,-1)
c64742a wolfssl: bump to v4.7.0-stable (+4,-92)
c336db7 mbedtls: update to 2.16.10 (+13,-13)
6165bb0 openssl: sync package download URLs with master (+5,-3)
81266d9 openssl: bump to 1.1.1k (+23,-24)
8788e86 ppp/pppoe-discovery: fix -W option (+60)
f82ddf9 openvpn: update to 2.4.8 (+129,-6)
a8beddc openvpn: update to 2.4.9 (+4,-4)
7198ae4 openvpn: update to 2.4.11 (+3,-3)
a883e3a dropbear: Fix CVE-2020-36254 (+21)
c07c98d openwrt-keyring: add OpenWrt 21.02 GPG/usign keys (+3,-3)
⇒ bc4d80f gpg: add OpenWrt 21.02 signing key (+53)
⇒ 4928391 usign: add 21.02 release build pubkey (+2)
84c5dbc openwrt-keyring: Only copy sign key for 19.07 and 21.02 (+5,-2)

86aeac4 base-files: source functions.sh in /lib/functions/system.sh (+3,-1)
a5672f6 Revert "base-files: source functions.sh in /lib/functions/system.sh" (+1,-3)
c88bdb8 base-files: fix zoneinfo support (+9,-7)
71fa524 base-files: fix /tmp/TZ when zoneinfo not installed (+4,-7)

1153773 ubox: fix init script validation of log_ip option (+2,-2)
92e341d ubus: backport SOVERSION support (+5,-3)
796bf50 ubus: update to version 2021-06-03 (+4,-4)
⇒ 9ec9cfc lua: avoid truncation of large numeric values (+4,-1)
⇒ ef9950c ubusd: convert tx_queue to linked list (+34,-31)
⇒ 8e66b5b ubusd: add per-client tx queue limit (+8)
⇒ fe029ae ubusd: protect against too-short messages (+2)
⇒ 90fb56c cmake: add a possibility to set library version (+4)
ef56c85 ubus: update to version 2021-07-01 (+3,-3)
⇒ 38c7fdd ubusd: fix tx_queue linked list usage (+2,-1)

c43c434 kernel: bump 4.14 to 4.14.227 (+75,-75)
e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

55e9d87 kernel: bump 4.14 to 4.14.223 (+51,-51)
ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)
e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

55e9d87 kernel: bump 4.14 to 4.14.223 (+51,-51)
ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)
e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

b4a4d04 kernel: bump 4.14 to 4.14.222 (+16,-16)
ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)
e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)

ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)

e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

c43c434 kernel: bump 4.14 to 4.14.227 (+75,-75)

e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

6aef4bc lantiq: fritz7320: enable USB power supply (+46)
ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)

55e9d87 kernel: bump 4.14 to 4.14.223 (+51,-51)
c43c434 kernel: bump 4.14 to 4.14.227 (+75,-75)
273ded6 kernel: bump 4.14 to 4.14.228 (+32,-32)
906f560 kernel: bump 4.14 to 4.14.230 (+33,-83)
ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)
e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

55e9d87 kernel: bump 4.14 to 4.14.223 (+51,-51)
c43c434 kernel: bump 4.14 to 4.14.227 (+75,-75)
7f3ec4c kernel: bump 4.14 to 4.14.229 (+11,-11)
ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)
e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

55e9d87 kernel: bump 4.14 to 4.14.223 (+51,-51)
c43c434 kernel: bump 4.14 to 4.14.227 (+75,-75)
e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

a36d2ee ramips: remove factory image for TP-Link Archer C20 v1 (-1)
3402334 kernel: bump 4.14 to 4.14.224 (+6,-6)
c43c434 kernel: bump 4.14 to 4.14.227 (+75,-75)
718e97c ramips: mt7530 swconfig: fix race condition in register access (+10,-6)
08ef207 ramips: backport unlocked mdiobus accessors (+141)
ccc5055 kernel: bump 4.14 to 4.14.235 (+40,-58)
e902d11 kernel: bump 4.14 to 4.14.241 (+131,-115)

c43c434 kernel: bump 4.14 to 4.14.227 (+75,-75)
f342de4 kernel: bump 4.14 to 4.14.232 (+7,-7)

273ded6 kernel: bump 4.14 to 4.14.228 (+32,-32)

3402334 kernel: bump 4.14 to 4.14.224 (+6,-6)

ceb8821 ath10k-ct: add security fixes (+35,-74)
⇒ eb2b716 ath10k-ct: Fix fw_regs endian issue, attempt to work around FW hangs better. (+32,-14)
⇒ fd878b7 ath10k-ct: Debugging, fix 160Mhz, tweaks to WMI timeout handling for 5.2 (+138,-49)
⇒ b78bb75 ath10k-ct-4.19: prefer rate inject over arvif values (+24,-25)
⇒ cb2d8f3 ath10k-ct-4.19: add HT rate injection support (+15,-6)
⇒ e7dcae2 ath10k-ct: Add inject ht rates patches from pull request 104 (+33,-25)
⇒ 080cd78 Add ath10k-ct 5.4 driver. (+87.0K)
⇒ 002c0fe 5.4: Make sure tx-done is initialized. (+1,-1)
⇒ dc025dc ath10k: Pull in upstream 5.4 patch, improve firmware crash handling for 5.2,... (+92,-18)
⇒ 3e3d0ad ath10k-ct: Support better RSSI measurements. (+907,-52)
⇒ b7297ab ath10k-ct: Support enabling all valid MCS in wave-1 ath10k-ct firmware. (+92)
⇒ dae7cdd ath10k-ct: Enable AP VLAN on recent CT firmwares. (+4,-1)
⇒ bed49a5 ath10k-ct: Support vlans on 10.1 firmware. (+30,-5)
⇒ 8df0a7f ath10k-ct: Pull in recent 5.4 stable, etc (+152,-76)
⇒ 3d173a4 ath10k-ct: Fix 5-sec flushing hang on wave-1 ath10k-ct firmware. (+68,-19)
⇒ 5ef6fd5 Add patch needed for upstream kernel compile. (+39)
⇒ c1b6fa6 ath10k-ct: workaround TX rate code firmware bug (+20,-1)
⇒ + 19 more...

cc0b704 mac80211: backport upstream fixes (+354,-1)
1b5a45a mac80211: Update to backports version 4.19.189-1 (+146,-499)
ffd4452 mac80211: Update to backports version 4.19.193-test1 (+58,-58)
1561270 mac80211: distance config: allow "auto" as a value (+2,-1)

616fff2 mwlwifi: add PKG_FLAGS:=nonshared (+1)

ec76c36 gitignore: add .ccache folder (+1)

Description: listing more than ~230 objects fails (ubusd discards messages when tx queue is full)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1525
Commits:
796bf50 ubus: update to version 2021-06-03 (+4,-4)
⇒ 9ec9cfc lua: avoid truncation of large numeric values (+4,-1)
⇒ ef9950c ubusd: convert tx_queue to linked list (+34,-31)
⇒ 8e66b5b ubusd: add per-client tx queue limit (+8)
⇒ fe029ae ubusd: protect against too-short messages (+2)
⇒ 90fb56c cmake: add a possibility to set library version (+4)

Description: AVM FITZ!Box 7320 USB ports have no power (fix)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3624
Commits:
6aef4bc lantiq: fritz7320: enable USB power supply (+46)

Description: In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685
Commits:
a883e3a dropbear: Fix CVE-2020-36254 (+21)

Description: An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
Commits:
a8beddc openvpn: update to 2.4.9 (+4,-4)

Description: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15078
Commits:
7198ae4 openvpn: update to 2.4.11 (+3,-3)

Description: A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25670
Commits:
4398a35 kernel: bump 4.14 to 4.14.231 (+10,-10)

Description: A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25671
Commits:
4398a35 kernel: bump 4.14 to 4.14.231 (+10,-10)

Description: A memory leak vulnerability was found in Linux kernel in llcp_sock_connect

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25672
Commits:
4398a35 kernel: bump 4.14 to 4.14.231 (+10,-10)

Description: scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36254
Commits:
a883e3a dropbear: Fix CVE-2020-36254 (+21)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2839
Commits:
6bf5bfc openssl: bump to 1.1.1j (+2,-2)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2840
Commits:
6bf5bfc openssl: bump to 1.1.1j (+2,-2)

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-2841
Commits:
6bf5bfc openssl: bump to 1.1.1j (+2,-2)

Description: DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3336
Commits:
c64742a wolfssl: bump to v4.7.0-stable (+4,-92)

Description: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
Commits:
81266d9 openssl: bump to 1.1.1k (+23,-24)

Description: The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450
Commits:
81266d9 openssl: bump to 1.1.1k (+23,-24)

Description: A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564
Commits:
bdd7fac kernel: bump 4.14 to 4.14.236 (+2,-2)

Description: A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23133
Commits:
f342de4 kernel: bump 4.14 to 4.14.232 (+7,-7)

Description: A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27803
Commits:
4b19b2d hostapd: P2P: Fix a corner case in peer addition based on PD Request (+46,-1)