OpenWrt v21.02.2 Changelog

This changelog lists all commits done in OpenWrt since the v21.02.1 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 21.02.2 release.

See also the release notes that provide a more accessible overview of the main changes in 21.02.2.

8166bbf ccache: update to 4.2.1 (+3,-3)
b59f3b0 firmware-utils: tplink-safeloader: fix Archer A7v5 factory flashing from vend... (+1,-1)
83bf22b tools/fakeroot: explicitly pass CPP variable (+2,-1)
c8d6a7c tools/fakeroot: fix build on MacOS arm64 (+86)
5d553d8 tools/fakeroot: fix unresolved symbols on arm64 macOS (+43,-10)
b7af850 tools/mtools: update to 4.0.35 (+2,-2)

6d266ef imagebuilder: fix local packages/ folder (+16,-1)

de948a0 glibc: update to latest 2.33 HEAD (+3,-3)

0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
5414aa8 kernel: backport the upstream implementation of threaded NAPI to 5.4 (+692,-376)
32c7455 kernel: bump 5.4 to 5.4.168 (+56,-56)
739e359 kernel: backport support for multicolor & RGB LEDs to 5.4 (+153)
bc37a69 kernel: add kmod-leds-uleds (+14)
aa2de44 kernel: fix AutoLoad parameter for uleds module (+1,-1)
77ee281 kernel: add kmod-ledtrig-pattern (+16)
6ced8ca kernel: backport workaround for Realtek RTL8672 and RTL9601C chips (+392,-37)
43d105e kernel: bump 5.4 to 5.4.171 (+32,-32)
c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)
adb6500 kernel: backport fix for initializing skb->cb in the bridge code to 5.4 (+30,-2)

c744798 uboot-lantiq: danube: fix hanging lzma kernel uncompression (+48)
36848e2 uboot-lantiq: danube: fix hanging lzma kernel uncompression #2 (+9)
18b10db arm-trusted-firmware-bcm63xx: add ATF for Broadcom devices (+42)

f441be3 iproute2: m_xt.so depends on dynsyms.list (+2,-1)
6fe4b7a gpio-button-hotplug: convert to gpio descriptor (gpiod_) API (+63,-79)
6ec5dbd libpcap: add rpcapd as package (+20,-1)
aae63bb iw: enable print wpa ie for scan (+25,-19)
c5ef1ce mac80211: backport support for BSS color changes (+1.1K,-29)
62fa301 hostapd: add patch for disabling automatic bridging of vlan interfaces (+40,-3)
46aa34e hostapd: enable airtime policy for the -basic variants (+1,-1)
e480a09 hostapd: fix civic location option (+1,-1)
7d1c464 hostapd: add extra options for hotspot 2.0 / interworking (+25,-4)
ce7a170 hostapd: add additional radius options (+17,-2)
93dc876 hostapd: configure inter-AP communication interface for 802.11r (+39)
c75d176 hostapd: make the snooping interface (for proxyarp) configurable (+38)
aada4d0 hostapd: fix a segfault on sta disconnect with proxy arp enabled (+19)
23909a8 hostapd: make proxyarp work with libnl-tiny (+275)
345f8fc hostapd: respect fixed channel BW in HE20 mode (+1,-1)
4a53adb hostapd: let netifd set bridge port attributes for snooping (+30,-1)
d9373c5 hostapd: fix max_oper_chwidth setting for HE (+3,-3)
9b660c6 hostapd: fix a race condition on adding AP mode wds sta interfaces (+26,-4)
5a8988b hostapd: refresh patches (+35,-45)
6ac1b91 hostapd: support qos_map_set without CONFIG_INTERWORKING (+112)
0b75372 hostapd: add wmm qos map set by default (+6,-1)
75f7269 hostapd: fix use after free bugs (+6,-6)
1f5155d hostapd: add support for configuring rts threshold (+4,-1)
32b047e hostapd: add support for configuring the beacon rate (+3,-1)
21eb0a5 hostapd: add default values for r0kh/r1kh (+7)
28b30ae hostapd: add eap_server support (+21,-4)
0243f09 hostapd: add support for providing vendor specific IE elements (+4,-1)
c254d83 hostapd: enable ht40 in wpa_supplicant when using wider HE modes (+1,-1)
dec9e83 hostapd: fix goto loop for ubus assoc handler (+5,-5)
9127e51 hostapd: bump PKG_RELEASE (+1,-1)
77667a7 hostapd: add a patch that allows processing auth requests for peers in blocke... (+43,-9)
5124b96 busybox: update to 1.33.2 bugfix release (+2,-2)
3d05cd4 otrx: use firmware-utils.git to avoid code duplication (+10,-603)
2912bba otrx: update to the latest master (+3,-3)
⇒ 19110e6 firmware-utils: replace GPL 2.0 boilerplate/reference with SPDX (+36,-218)
⇒ 42b95f9 firmware-utils: replace GPL 2.0+ boilerplate/reference with SPDX (+28,-314)
⇒ 7374118 firmware-utils: seama: replace BSD-3-Clause boilerplate with SPDX (+1,-31)
⇒ 3a537a4 firmware-utils: tplink-safeloader: replace BSD-2-Clause boilerplate with SPDX (+1,-20)
⇒ d220b73 firmware-utils: add GPL 2.0 SPDX to files with no license info (+13)
⇒ 0e0b7cd firmware-utils: mkmerakifw-old: replace GPL-2.0-only boilerplate with SPDX (+1,-5)
⇒ 2454b42 firmware-utils: mkmylofw: replace GPL-2.0-or-later boilerplate with SPDX (+1,-16)
⇒ 173b9c5 firmware-utils: osbridge-crc: replace GPL-2.0-only boilerplate with SPDX (+1,-5)
⇒ 31dc99d firmware-utils: trx: replace GPL-2.0-or-later boilerplate with SPDX (+1,-14)
⇒ e385314 firmware-utils: nand_ecc: replace GPL boilerplate with SPDX (+1,-15)
⇒ 48c10eb firmware-utils: add support for ZyXEL ZLD firmware (+831)
⇒ ed222d4 firmware-utils: fix build on not Linux (+1,-1)
⇒ 1487e97 firmware-utils: mkmerakifw-old: Add le32 support (+41,-22)
⇒ 8a1ea44 ath79: add support for TP-Link TL-WA1201 v2 (+44,-1)
⇒ 9003dc1 firmware-utils: seama.h: replace LGPL-2.1-or-later boilerplate with SPDX (+1,-15)
⇒ cf73a89 firmware-utils: tplink-safeloader: use revision field (+2)
⇒ + 18 more...
f24e745 bcm63xx-cfe: update to the latest master (+4,-4)
⇒ e5050f3 linksys: ea9500-v2: add cferam file ()
1d1c695 bcm4908img: store offset of tail data (+14,-11)
2c1f27b bcm4908img: detect Linksys images (+23,-1)
d655eea hostapd: only attempt to set qos map if supported by the driver (+13,-1)
4dddb7c tcpdump: libpcap: Remove http://www.us.tcpdump.org mirror (+2,-4)
ce5d037 dtc: import package for dtc & fdt from packages feed (+92)
1d4a28d dtc: support printing binary data with fdtget (+137)
b6ed264 busybox: backport dd support for iflag=count_bytes (+140)
5beaa75 openssl: bump to 1.1.1m (+3,-3)
32d50a1 mbedtls: Update to version 2.16.12 (+2,-2)
5ea2e1d wolfssl: enable ECC Curve 25519 by default (+1,-1)
7d376e6 libs/wolfssl: add SAN (Subject Alternative Name) support (+8,-2)
5b13b0b wolfssl: update to 5.1.1-stable (+6,-144)
0c0db6e hostapd: Apply SAE/EAP-pwd side-channel attack update 2 (+268,-1)
59e7ae8 tcpdump: Fix CVE-2018-16301 (+102,-1)

4b0f877 wireless-regdb: update to version 2021.08.28 (+2,-2)
a20e947 cypress-nvram: fix firmware is not exist for raspberry pi compute 4 (+3)
2ed471a firmware: intel-microcode: update to 20210608 (+4,-4)
209c77e linux-firmware: ath10k: add support for Qualcomm Atheros QCA9377 (+17)
d0b0ebf linux-firmware: update to version 20210315 and trim down broadcom FW (+6,-33)
7306b9e linux-firmware: update to 20210511 (+2,-2)
6003752 linux-firmware: Update to version 20211216 (+3,-9)
47a5b97 linux-firmware: amd: consolidate amd's linux-firmware entries (+29,-65)

2f04012 base-files: chmod 1777 /var/lock (+3,-2)
e81dd8a base-files: upgrade: fix efi partitions size calculation (+1,-1)
dbe2a63 base-files: fix service_running check (+3,-3)

df36376 netifd: fix deletion of ip tunnels (FS#4058) (+3,-3)
⇒ a68e805 system-linux: fix deletion of ip tunnels (FS#4058) (+23,-48)
be55e7d netifd: update to the master branch (+3,-3)
⇒ 94170ae device: extend device settings flags to 64 bit (+35,-35)
⇒ 1eb0faf device: add support for configuring device link speed/duplex (+72)
⇒ ed84473 bridge: memset bst->config by default to avoid stale config values (+1)
⇒ 6519cf3 bridge: add support for an external STP daemon (+94,-3)
⇒ 454e9c3 bridge: tune default stp parameters (+19,-28)
⇒ d590fbd wireless: always enable bpdu filter for AP interfaces and VLANs (+11)
⇒ f8ff6d8 system-linux: remove copy&paste from /proc and /sys path names (+149,-140)
⇒ 300b122 wireless: improve reliability of proxyarp support (+20,-4)
⇒ 5ba9744 device: add support for configuring bonding devices (+914,-1)
⇒ 6fa9b04 wireless: only apply wireless device attributes to the base vif interface (+2,-2)
⇒ 06d11bb wireless: only enable proxyarp/isolate for AP vifs (+7,-3)
⇒ 08e954e bonding: claim the port device before creating the bonding device (+6,-5)
⇒ 5a4ac30 netifd: rework/fix device free handling (+30,-76)
⇒ 4d0c2ad wireless: fix applying wireless devices attributes on hotplug events (+1,-1)
⇒ 186f6ea wireless: display log messages for setup/teardown/retry (+6,-2)
⇒ fac471c wireless: process and close script file descriptor when rerunning setup (+3)
⇒ + 9 more...
cd5ba0c ustream-ssl: variants conflict with each other (+3,-1)
4108d02 ustream-ssl: update to Git version 2022-01-16 (+4,-4)
⇒ 868fd88 ustream-openssl: wolfSSL: Add compatibility for wolfssl >= 5.0 (+2)

015f170 procd: update to git HEAD (+3,-3)
⇒ 64e9f3a procd: fix compilation with newer musl (+1,-1)
1472a8f procd: update to git HEAD (+3,-3)
⇒ 945d0d7 utils: fix C style in header file (+1,-1)
⇒ 2cfc26f inittab: detect active console from kernel if no console= specified (+31)
97b95ef uci: update to the latest master (+3,-3)
⇒ 4b3db11 cli: add option for changing save path (+5,-1)

0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
a8ad881 apm821xx: fix WD MyBook Live DUO USB-Port (+32,-1)
32c7455 kernel: bump 5.4 to 5.4.168 (+56,-56)
43d105e kernel: bump 5.4 to 5.4.171 (+32,-32)

06547e0 ath79: add support for Xiaomi AIoT Router AC2350 (+199,-1)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
1db8474 ath79: rb912: fix pll init issues (+4)
a4c0c03 ath79: Add support for OpenMesh OM5P-AC v2 (+104,-34)

0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
32c7455 kernel: bump 5.4 to 5.4.168 (+56,-56)
43d105e kernel: bump 5.4 to 5.4.171 (+32,-32)
c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)

4607f55 bcm4908: fix calculation of new cferam index (+2,-2)
027dd3c bcm4908: start work on images for devices using U-Boot (+36)
570c26f bcm4908: add watchdog support (+77)
1da38bb bcm4908: backport upstream DT commits (+234,-8)
97b76de bcm4908: continue work on images for U-Boot based devices (+96)
76ccf10 bcm4908: enable MTD_CMDLINE_PARTS (+1)
d5f9c67 bcm4908: start working on Netgear RAXE500 image (+36)
052619a bcm4908: build chk image for Netgear RAXE500 (+1,-1)
6292d1e bcm4908: sysupgrade: refactor handling different firmware formats (+76,-32)
4cd5d11 bcm4908: add fdt-utils to default packages (+1,-1)
7e4485f bcm4908: add uboot-envtools to default packages (+1,-1)
608c7dc bcm4908: sysupgrade: add pkgtb format support (+183,-2)
93842b2 bcm4908: include ATF in bootfs images (+16)
e6aaa06 bcm4908: backport BCM4908 pinctrl driver (+747)
e6a7182 bcm4908: backport bcm_sf2 patch for better LED registers support (+211,-2)
87b9ba9 bcm4908: backport first 5.18 DTS changes (+211,-19)
230ec4c bcm4908: backport watchdog and I2C changes (+141,-13)

14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
6f9e9d9 bcm53xx: fix Luxul XWR-3150 LAN ports numbering (+1,-1)
67978e4 bcm53xx: backport the latest upstream DT changes (+386,-1)
0ebf62e bcm53xx: enable Linksys EA6300 & EA9200 builds (-3)
29f73a7 bcm53xx: sysupgrade: simplify extracting image from Seama seal (+3,-15)
c808c55 bcm53xx: sysupgrade: refactor handling different firmware formats (+123,-165)
5a8faa4 bcm53xx: sysupgrade: fix support for Luxul's legacy firmware format (+3,-1)

14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)

5414aa8 kernel: backport the upstream implementation of threaded NAPI to 5.4 (+692,-376)
a008540 ipq40xx: specify FritzBox 7530 LAN port label numbers (+1,-1)
c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)

0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)

0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
4172a8e lantiq: set maximum kernel size for P2812HNUF3 (+2)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
6eced97 lantiq: flag FritzBox 7360 family buttons active-low (+2,-2)

0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
32c7455 kernel: bump 5.4 to 5.4.168 (+56,-56)
c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)

14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)

0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
32c7455 kernel: bump 5.4 to 5.4.168 (+56,-56)
24e564d mvebu: backport Turris Omnia DTS changes to 5.4 (+249,-3)
5e2a2b0 mvebu: Turris Omnia: use SFP module, if present (+16,-1)
99a1e88 mvebu: puzzle-m902: add driver for MCU driving LEDs, fan and buzzer (+2.5K,-1)
1e5df4d mvebu: puzzle-mcu: improve led driver (+75,-51)
280bb7c mvebu: puzzle-m902: add GPIO reset button (+11)
a03840a mvebu: puzzle-m901: add LEDs, fan and reset button (+84)
ee57500 mvebu: import patch enabling AQR112 and AQR412 PHY (+144)
daf4301 mvebu: import patch enabling AQR113 PHY (+43)
164ed60 mvebu: add id for AQR112 Ethernet phy variants (+55)
47d82f0 mvebu: enable Aquantia phy driver for Puzzle devices (+16,-15)
104774c mvebu: puzzle: wan LED and fix default network (+21,-1)
96b5962 mvebu: remove patch that was applied into linux stable (+1,-51)
c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)

c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)

14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)

0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
32c7455 kernel: bump 5.4 to 5.4.168 (+56,-56)

b4c40a7 ramips: minew g1-c: Allow dynamic RAM sizes (-5)
0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
c67509e ramips: fix tl-mr3020-v3 switch topology to configure vlans via luci (+4,-1)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)
c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)
bf0c965 ramips: fix NAND flash driver ECC bit position mask (+1,-1)

0b73113 kernel: bump 5.4 to 5.4.158 (+73,-133)
14940ae kernel: bump 5.4 to 5.4.163 (+260,-847)

d0b0ebf linux-firmware: update to version 20210315 and trim down broadcom FW (+6,-33)

c6ddf8d kernel: bump 5.4 to 5.4.179 (+153,-420)

d0b3383 mac80211: make use of the new 'band' option (+31,-14)
7a2405e mac80211: rework default config script (+85,-20)
b535ec2 mac80211: set hostapd op_class for 6 GHz (+8)
42d542e mac80211: fix center freq selection for 6 GHz (+20,-6)
8133d59 mac80211: add more HE capabilities (+81,-5)
4edda0c mac80211: fix detecting VHT capabilities when generating the default config (+1,-1)
8e3b3fa mac80211: do not enable VHT in the default config on 2.4 GHz (+1,-1)
7b7b494 mac80211: fix typo (+1,-1)
cdb867b mac80211: fix processing HE capabilities (FS#3871) (+1,-1)
4a70b93 mac80211: fix HT40 mode for 6G band (+4,-3)
27e4c5c mac80211: allow retry of wifi setup if an iw interface add command fails (+1,-1)
91ba22e mac80211: fix IBSS/adhoc mode for brcmfmac (+1)
c20f4e2 mac80211: set beamformer/beamformee number of antennas in VHT caps (+16)
68886f3 mac80211: merge the virtual time based airtime scheduler (+1.4K,-3)
5230073 mac80211: backport SAR power limit support (+455,-6)
bb5da05 mac80211: add missing change for encap offload on devices with sw rate control (+51,-18)
c5ef1ce mac80211: backport support for BSS color changes (+1.1K,-29)
2007d4e mac80211: backport AP mode TWT support (+689,-1)
fb98c8a mac80211: backport a few trivial patches (+617)
ee5b593 mac80211: fix crash in drivers relying on mac80211 retransmitting packets for... (+35)
ea91ebe mac80211: fix regression in SSN handling of addba tx (+46,-2)
36c3103 mac80211: add a fix for kernel warnings when forwarding packets in mesh mode (+73,-11)
4679c4a mac80211: bump PKG_RELEASE (+1,-1)
0e01920 mac80211: backport fix for dealing with stripped IV on rx (+37,-11)
b1e684f mac80211: fix queue assignment of aggregation start requests (+28)
1276ef9 mac80211: fix tx aggregation locking issue (+79)
efc76b1 mac80211: bump PKG_RELEASE (+1,-1)
4b52d89 mac80211: Update toversion 5.10.85 (+65,-140)
e1b79b1 mac80211: optimize airtime fairness code to reduce cpu usage (+60)
27225e3 kernel: ath10k: provide a build variant for small RAM devices (+82,-4)

fb98c8a mac80211: backport a few trivial patches (+617)
2982f1e mt76: update to the latest version (+67,-167)
⇒ 624c681 mt76: mt7921: enable VHT BFee capability (+5,-1)
⇒ a27dfcb mt76: connac: fix UC entry is being overwritten (+23,-19)
⇒ 6b691e6 mt76: connac: add mt76_connac_power_save_sched in mt76_connac_pm_unref (+16,-12)
⇒ b14365b mt76: mt7921: wake the device before dumping power table (+3)
⇒ 82af16b mt76: mt7921: make mt7921_set_channel static (+1,-2)
⇒ b24598b mt76: connac: add mt76_connac_mcu_get_nic_capability utility routine (+80,-1)
⇒ 5954e33 mt76: testmode: move chip-specific stats dump before common stats (+8,-3)
⇒ fd5b612 mt76: mt7915: fix rx fcs error count in testmode (+19,-2)
⇒ d9d26a2 mt76: connac: fix the maximum interval schedule scan can support (+5,-4)
⇒ ed39c88 mt76: reduce rx buffer size to 2048 (+10,-19)
⇒ 60f3d3a mt76: move mt76_get_next_pkt_id in mt76.h (+15,-18)
⇒ 67ed4d9 mt76: connac: check band caps in mt76_connac_mcu_set_rate_txpower (+13,-4)
⇒ 23c6ec4 mt76: make mt76_update_survey() per phy (+47,-57)
⇒ 5ca602f mt76: mt7915: introduce mt7915_mcu_set_txbf() (+50,-53)
⇒ c13df42 mt76: mt7915: improve MU stability (+64,-51)
⇒ dee7dcd mt76: use SPDX header file comment style (+2,-2)
⇒ + 49 more...
462ccf9 mt76: update to the latest version (+3,-3)
⇒ a6451fe mt76: mt7615: improve wmm index allocation (+3,-5)
⇒ 1911486 mt76: mt7915: improve wmm index allocation (+3,-5)
⇒ 7998a41 mt76: clear sta powersave flag after notifying driver (+4,-2)
⇒ 6644755 mt76: mt7603: introduce SAR support (+27,-8)
⇒ 5c0da39 mt76: mt7915: introduce SAR support (+27,-4)
⇒ 77fc6c4 mt76: mt7603: improve reliability of tx powersave filtering (+3,-2)
⇒ 094b3d8 firmware: update mt7663 rebb firmware to 20200904171623 ()
⇒ 25237b1 mt76: eeprom: tolerate corrected bit-flips (+1,-1)
⇒ 1463cb4 mt76: mt7921: fix boolreturn.cocci warning (+1,-1)
⇒ 586bad6 mt76: mt7921: use correct iftype data on 6GHz cap init (+1,-1)
⇒ 8ec95c9 mt76: mt7921s: fix bus hang with wrong privilege (+11)
⇒ 688e30c firmware: update mt7921 firmware to version 20211014 ()
⇒ 6fad970 mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi (+10,-12)
⇒ 95acf97 mt76: fix 802.3 RX fail by hdr_trans (+2,-2)
⇒ 3f402b0 mt76: mt7921s: fix possible kernel crash due to invalid Rx count (+4)
⇒ 929a03a mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band (+5,-5)
266890b mt76: update to the latest version (+3,-3)
⇒ 71e0847 mt76: eeprom: fix return code on corrected bit-flips (+3,-1)
⇒ 9a8fc66 mt76: move sar_capa configuration in common code (+16,-20)
⇒ 7cdbea1 mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr (+3,-2)
⇒ 678071e mt76: mt7615: clear mcu error interrupt status on mt7663 (+1)

3b14ddf build: fix opkg install step for large package selection (+4,-2)

Description: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301
Commits:
59e7ae8 tcpdump: Fix CVE-2018-16301 (+102,-1)

Description: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15126
Commits:
d0b0ebf linux-firmware: update to version 20210315 and trim down broadcom FW (+6,-33)

Description: Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0543
Commits:
2ed471a firmware: intel-microcode: update to 20210608 (+4,-4)

Description: Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8695
Commits:
2ed471a firmware: intel-microcode: update to 20210608 (+4,-4)

Description: Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8696
Commits:
2ed471a firmware: intel-microcode: update to 20210608 (+4,-4)

Description: Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8698
Commits:
2ed471a firmware: intel-microcode: update to 20210608 (+4,-4)

Description: Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24489
Commits:
2ed471a firmware: intel-microcode: update to 20210608 (+4,-4)

Description: Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24511
Commits:
2ed471a firmware: intel-microcode: update to 20210608 (+4,-4)

Description: Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24512
Commits:
2ed471a firmware: intel-microcode: update to 20210608 (+4,-4)

Description: Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24513
Commits:
2ed471a firmware: intel-microcode: update to 20210608 (+4,-4)

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3998
Commits:
de948a0 glibc: update to latest 2.33 HEAD (+3,-3)

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
Commits:
de948a0 glibc: update to latest 2.33 HEAD (+3,-3)

Description: Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44732
Commits:
32d50a1 mbedtls: Update to version 2.16.12 (+2,-2)

Description: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23218
Commits:
de948a0 glibc: update to latest 2.33 HEAD (+3,-3)

Description: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219
Commits:
de948a0 glibc: update to latest 2.33 HEAD (+3,-3)

Description: The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23303
Commits:
0c0db6e hostapd: Apply SAE/EAP-pwd side-channel attack update 2 (+268,-1)

Description: The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23304
Commits:
0c0db6e hostapd: Apply SAE/EAP-pwd side-channel attack update 2 (+268,-1)