OpenWrt v22.03.5 Changelog

This changelog lists all commits done in OpenWrt since the v22.03.4 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 22.03.5 release.

See also the release notes that provide a more accessible overview of the main changes in 22.03.5.

eeff8b3 tools/ccache: update to 4.6.1 (+3,-3)
80653f0 tools/ccache: update to 4.6.2 (+5,-5)
c1ccae5 ccache: update to 4.6.3 (+3,-35)

074db57 kernel: backport fix for recently introduced UBI bug (+71,-2)

b6cbab1 openssl: fix CVE-2023-464 and CVE-2023-465 (+263,-1)

9af29da uclient: update to Git version 2023-04-13 (+3,-3)
dc54d2b tests: add certificate check against letsencrypt.org (+4)
644d3c7 ci: improve wolfSSL test coverage (+53,-7)
007d945 uclient: cancel state change timeout in uclient_disconnect() (+1)

bf81a92 ath79: create Aruba AP-105 APBoot compatible image (+6)

31b1366 ramips: fix lzma-loader for buffalo_WSR_600DHP (+1)
5f15225 ramips: reduce Archer AX23 / MR70X SPI-frequency (+2,-2)

#11919

Description: WSR-600DHP boot looping after upgrading to 22.03
Link: https://github.com/openwrt/openwrt/issues/11919
Commits:
31b1366 ramips: fix lzma-loader for buffalo_WSR_600DHP (+1)

#12232

Description: snapshot builds do not install correctly - Mar 2023 builds
Link: https://github.com/openwrt/openwrt/issues/12232
Commits:
074db57 kernel: backport fix for recently introduced UBI bug (+71,-2)

CVE-2023-0464

Description: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
Commits:
b6cbab1 openssl: fix CVE-2023-464 and CVE-2023-465 (+263,-1)

CVE-2023-0465

Description: Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
Commits:
b6cbab1 openssl: fix CVE-2023-464 and CVE-2023-465 (+263,-1)

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2023/05/01 18:00
  • by hauke