OpenWrt v21.02.0-rc2 Changelog

This change log lists all commits done in preparation of OpenWrt 21.02.0-rc2 since OpenWrt 21.02.0-rc1.

Commits are roughly grouped by subsystem and chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 21.02.0-rc2 release.

567ad2d Extend checks on build prerequisites for building OpenWRT core (+12,-1)
0b0e978 kernel-defaults: fix external kernel build when user_headers is missing (+3,-1)
4419c3d build/json: generate json file for initramfs (+34,-1)
bb8fd58 build: avoid generating JSON info on missing image (+2,-2)

10a535a tplink-safeloader: fix product_name of TP-Link AD7200 (+1,-1)
a52842a ccache: Build with ENABLE_DOCUMENTATION=OFF (+3)
a162fe9 fakeroot: Alpine linux libc.musl build error fix (+34)

f25dc53 imagebuilder: unset BINARY_FOLDER and DOWNLOAD_FOLDER in final archive (+2)

930e9c0 sdk: unset BINARY_FOLDER and DOWNLOAD_FOLDER in final archives (+7,-1)

25d81e9 glibc: update to latest 2.33 HEAD (bug 27744) (+2,-2)

6f053e5 kernel: drop the conntrack rtcache patch (+8,-566)
438718b kernel: bump 5.4 to 5.4.114 (+122,-111)
04579a5 kernel: bump 5.4 to 5.4.117 (+3,-3)
4b89b90 kernel: fix parsing fixed subpartitions (+84,-8)
2f0ab93 generic: platform/mikrotik: release mtd device after use (+10,-2)
f49d4ae kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4 (+150,-117)
9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)
4dcdded kernel: backport "mvmdio avoid error message for optional IRQ" (+33)
1a2ebb8 generic: mt7530: fix EEE patch (+1,-1)

51a5053 lantiq: enable G.INP retransmission counters (+7,-3)
dd43fae lantiq: use ActualNetDataRate for speed reporting (+6,-1)
15cd9a5 ltq-vdsl-app: extent dsl metrics with state_num and power_state_num (+58,-14)
a641502 busybox: backport fix for CVE-2021-28831 (+53,-1)
08cfc7a ltq-dsl-base: Make package nonshared to fix image builder (+2)
d1a056f dnsmasq: Update to version 2.85 (+6,-92)
c6ce041 busybox: add SRV support to nslookup_lede.c patch (+22,-2)
0e49178 busybox: update to 1.33.1 (+3,-132)
003fbfb openwrt-keyring: Only copy sign key for 21.02 (+3,-2)
b62fa74 busybox: disable PREFER_IPV4_ADDRESS (+1,-1)
abc2fff treewide: Mark packages nonshared if they depend on @TARGET_ (+24)
6b6bcca busybox: use $(AUTORELEASE) and SPDX (+3,-6)
4b69107 busybox: show reproducible timestamp (+80,-4)

3ce7f1e ipq40xx: add MikroTik hAP ac2 support (+316,-1)
701d25b ipq40xx: add support for MikroTik SXTsq 5 ac (+271,-3)
abc2fff treewide: Mark packages nonshared if they depend on @TARGET_ (+24)

faf9528 base-files: shinit: properly handle dashes in service names (+1,-1)
d9603bb base-files: use "ports" array in board.json network for bridges (+20,-7)
892fc7c base-files: generate "device" UCI type section for bridge (+8,-2)
0d90023 base-files: generate bridge device sections with br- name prefix (+2,-2)
fc605c0 base-files: support setting bridge MAC address (+2)
77d96e9 base-files: fix configuration generation of network if "bridge" exists (+3,-2)
16ccf88 base-files: generate network config with "device" options (+22,-22)
c2139ee base-files: simplify setting device MAC (+8,-11)

4d9f3ae uqmi: fix network registration loop (+27,-10)
bc2225f uclient: update to Git version 2021-04-03 (+3,-3)
⇒ 83efca2 tests: fix possibly longer start of HTTP server (+2,-1)
⇒ 64e00d6 uclient-fetch: document missing options (+8,-5)
bbbc01e uclient: update to Git version 2021-05-14 (+3,-3)
⇒ c5fc04b tests: fix help usage test (+8,-5)
⇒ 19571e4 tests: fix help usage test for uclient built with sanitizer (+8,-5)
⇒ 6a6011d uclient-http: set eof mark when content-length is 0 (+2,-1)
5b16484 netifd: add a udhcpc.user placeholder script (+6,-1)
252660b netifd: update to git HEAD (+3,-3)
⇒ 09632d4 device: remove left-over comment (-3)
⇒ b22f83d handler: add mechanism to generate external device handler stubs (+119)
⇒ 80bf9d7 extdev: add support for external device handlers (+1.4K,-1)
⇒ 44c0f40 system-linux: reorder sysctl functions (+5,-5)
⇒ c84f3b0 system-linux: add device options used by wpad (+156)
f3a0f90 netifd: update to Git version 2021-04-03 (+3,-3)
⇒ f8899b9 netifd: bridge: set default value for igmp_snoop (+2)
⇒ 327da98 netifd: add possibility to switch off route config (+5)
ef14916 netifd: read udhcpc user scripts from directory (+6,-1)
e78ef58 netifd: update to the latest version (+4,-4)
⇒ 02dd2f2 fix unannotated fall-through warnings (+5,-4)
⇒ 3052f2f extdev: remove unused function (-7)
⇒ 2a97fd0 device: add support for configuring devices with external auth handler (+113,-23)
⇒ 87e469b wireless: fix memory corruption bug when using vlans/station entries in the c... (+2,-1)
⇒ 7277764 bridge: rename "ifname" attribute to "ports" (+30,-9)
83d07db netifd: update to the latest master (+3,-3)
⇒ 42c1930 config: fix ifname->ports compat rename (+11,-4)
bab7a11 netifd: update to the latest master (+3,-3)
⇒ 62e3cb5 scripts/netifd-wireless.sh: add support for specifying the operating band (+14,-14)
⇒ 899c2a4 interface: support "device" attribute and deprecate "ifname" (+16,-11)

dee89d4 procd: update to git HEAD (+3,-3)
⇒ 2be57ed cosmetics: provide compatible system info on Aarch64 (+8)
⇒ 37eed13 system: expose if system was booted from initramfs (+9,-1)
21a3599 libubox: update to git HEAD (+3,-3)
⇒ 5bc0146 utils: simplify mkdir_p boolean conditions (+2,-2)
⇒ 2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE) (+2,-2)
834167b libubox: update to the latest version (+3,-3)
⇒ 870acee tests: cram: test_base64: fix failing tests (+2,-2)
⇒ 4d8995e tests: cram: test_base64: really fix failing tests (+3,-7)
⇒ 551d75b libubox: tests: add more blobmsg/json test cases (+453)
⇒ a0dbcf8 tests: add blob-buffer overflow test (+40)
⇒ b36a3a9 blob: fix exceeding maximum buffer length (+2)
⇒ b8abed7 utils.h: add fallthrough macro (+12)
⇒ b14c468 json_script: fix unannotated fall-through warning (+1,-1)
0bc3f51 ubox: fix init script validation of log_ip option (+2,-2)

9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)

3f5109f arc770: set device vendor and model variables (+2)

c4926a4 archs38: set device vendor and model variables (+2)

f49d4ae kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4 (+150,-117)

a524a0d ath79: mikrotik: enable SFP on RB922UAGS-5HPaCD (+51,-2)
d57e480 ath79: mikrotik: swap RB922UAGS-5HPaCD eth0/1 MACs (+5)
438718b kernel: bump 5.4 to 5.4.114 (+122,-111)
62099d9 ath79: fix USB power on TP-Link TL-WR810N v1 (+1)
d7fd690 ath79: force SGMII SerDes mode to MAC operation (+14)
f49d4ae kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4 (+150,-117)
9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)

04579a5 kernel: bump 5.4 to 5.4.117 (+3,-3)
9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)

9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)

f49d4ae kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4 (+150,-117)
9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)
7a39781 bcm63xx: Remove patch already applied upstream (-34)

16ccf88 base-files: generate network config with "device" options (+22,-22)

438718b kernel: bump 5.4 to 5.4.114 (+122,-111)
3ce7f1e ipq40xx: add MikroTik hAP ac2 support (+316,-1)
701d25b ipq40xx: add support for MikroTik SXTsq 5 ac (+271,-3)
f001bd2 ipq40xx: fix hard_config partition size on MikroTik hAP-ac2 (+1)

0b0bec5 ipq806x: improve system latency (+17)

4b89b90 kernel: fix parsing fixed subpartitions (+84,-8)

438718b kernel: bump 5.4 to 5.4.114 (+122,-111)
4b89b90 kernel: fix parsing fixed subpartitions (+84,-8)
f49d4ae kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4 (+150,-117)
9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)

438718b kernel: bump 5.4 to 5.4.114 (+122,-111)
9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)

438718b kernel: bump 5.4 to 5.4.114 (+122,-111)

438718b kernel: bump 5.4 to 5.4.114 (+122,-111)
4b89b90 kernel: fix parsing fixed subpartitions (+84,-8)
c287500 mvebu: Remove patch only needed for kernel 5.10 (-29)
9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)
d5ea756 mvebu: 5.4 fix DVFS caused random boot crashes (+107)

438718b kernel: bump 5.4 to 5.4.114 (+122,-111)
ceeaf0b ramips: fix mac addresses of Youku YK1 (+4,-3)
f49d4ae kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4 (+150,-117)
9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)
f9b0215 ramips: fix SUPPORTED_DEVICES for ALFA Network devices (+5)

9d21ecc kernel: bump 5.4 to 5.4.119 (+47,-172)
16ccf88 base-files: generate network config with "device" options (+22,-22)

f066ee2 mac80211: minstrel_ht: fix issue in calculating success probability (+21)
ce41fc3 mac80211: Update to version 5.10.34-1 (+48,-188)
c99f037 mac80211/rtl: backport a rtl8192cu AP mode fix (+118)
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

43e4ba5 mt76: update to the latest version (+3,-3)
⇒ 186af01 mt76: mt7921: introduce MCU_EVENT_LP_INFO event parsing (+86,-1)
⇒ 93b5c28 mt76: mt7921: add rcu section in mt7921_mcu_tx_rate_report (+5,-1)
⇒ a8e89c5 mt76: testmode: add support to send larger packet (+131,-35)
⇒ a0cc9a9 mt76: mt7915: rework mt7915_tm_set_tx_len() (+5,-17)
⇒ c8b9663 mt76: mt7915: fix rate setting of tx descriptor in testmode (+19,-6)
⇒ 22fd295 mt76: mt7615: fix memleak when mt7615_unregister_device() (+1,-2)
⇒ 7401e0d mt76: mt7915: fix memleak when mt7915_unregister_device() (+1,-2)
⇒ c365626 mt76: mt7915: only free skbs after mt7915_dma_reset() when reset happens (+3,-3)
⇒ 0ce955b mt76: mt7615: only free skbs after mt7615_dma_reset() when reset happens (+3,-3)
⇒ b03d1e6 mt76: mt7615: use ieee80211_free_txskb() in mt7615_tx_token_put() (+6,-2)
⇒ 5ac02e2 mt76: flush tx status queue on DMA reset (+10)
⇒ c71f609 mt76: sync with upstream changes (+611,-160)
⇒ 23ecadd mt76: mt7615: fix hardware error recovery for mt7663 (+53,-11)
⇒ 57a899e mt76: mt7615: fix entering driver-own state on mt7663 (+10,-2)
⇒ 42a2ddd mt76: mt7615: load ROM patch before checking patch semaphore status (+16,-14)
⇒ cf0e406 mt76: mt7915: add support for applying pre-calibration data (+199,-10)
⇒ + 98 more...

Description: sysntp does not resolves IPv6 when IPv6 only stack
Link: https://bugs.openwrt.org/index.php?do=details&task_id=84
Commits:
b62fa74 busybox: disable PREFER_IPV4_ADDRESS (+1,-1)

Description: sysntpd cannot acquire time on IPv6 only network
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2608
Commits:
b62fa74 busybox: disable PREFER_IPV4_ADDRESS (+1,-1)

Description: [imagebuilder] cannot find proper ltq-vdsl-app for VR200v
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3773
Commits:
08cfc7a ltq-dsl-base: Make package nonshared to fix image builder (+2)

Description: Lantiq xrx200 Imagebuilder fails with incompatible architecture
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3774
Commits:
08cfc7a ltq-dsl-base: Make package nonshared to fix image builder (+2)

Description: service function in shinit fails if service name contains a dash
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3801
Commits:
faf9528 base-files: shinit: properly handle dashes in service names (+1,-1)

Description: Request for cherry-pick of procd commit for 21.02
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3806
Commits:
dee89d4 procd: update to git HEAD (+3,-3)
⇒ 2be57ed cosmetics: provide compatible system info on Aarch64 (+8)
⇒ 37eed13 system: expose if system was booted from initramfs (+9,-1)

Description: 21.02.0-rc1 build is broken for raspberry pi 3b
Link: https://bugs.openwrt.org/index.php?do=details&task_id=3826
Commits:
abc2fff treewide: Mark packages nonshared if they depend on @TARGET_ (+24)

Description: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)
43e4ba5 mt76: update to the latest version (+3,-3)
⇒ 186af01 mt76: mt7921: introduce MCU_EVENT_LP_INFO event parsing (+86,-1)
⇒ 93b5c28 mt76: mt7921: add rcu section in mt7921_mcu_tx_rate_report (+5,-1)
⇒ a8e89c5 mt76: testmode: add support to send larger packet (+131,-35)
⇒ a0cc9a9 mt76: mt7915: rework mt7915_tm_set_tx_len() (+5,-17)
⇒ c8b9663 mt76: mt7915: fix rate setting of tx descriptor in testmode (+19,-6)
⇒ 22fd295 mt76: mt7615: fix memleak when mt7615_unregister_device() (+1,-2)
⇒ 7401e0d mt76: mt7915: fix memleak when mt7915_unregister_device() (+1,-2)
⇒ c365626 mt76: mt7915: only free skbs after mt7915_dma_reset() when reset happens (+3,-3)
⇒ 0ce955b mt76: mt7615: only free skbs after mt7615_dma_reset() when reset happens (+3,-3)
⇒ b03d1e6 mt76: mt7615: use ieee80211_free_txskb() in mt7615_tx_token_put() (+6,-2)
⇒ 5ac02e2 mt76: flush tx status queue on DMA reset (+10)
⇒ c71f609 mt76: sync with upstream changes (+611,-160)
⇒ 23ecadd mt76: mt7615: fix hardware error recovery for mt7663 (+53,-11)
⇒ 57a899e mt76: mt7615: fix entering driver-own state on mt7663 (+10,-2)
⇒ 42a2ddd mt76: mt7615: load ROM patch before checking patch semaphore status (+16,-14)
⇒ cf0e406 mt76: mt7915: add support for applying pre-calibration data (+199,-10)
⇒ + 98 more...

Description: An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26140
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26141
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26142
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26143
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26144
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26145
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26146
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147
Commits:
5869423 mac80211: backport upstream fixes for FragAttacks (+1.5K,-7)

Description: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3448
Commits:
d1a056f dnsmasq: Update to version 2.85 (+6,-92)

Description: decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831
Commits:
a641502 busybox: backport fix for CVE-2021-28831 (+53,-1)
0e49178 busybox: update to 1.33.1 (+3,-132)