OpenWrt v22.03.5 Changelog
This changelog lists all commits done in OpenWrt since the v22.03.4 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 22.03.5 release.
See also the release notes that provide a more accessible overview of the main changes in 22.03.5.
Build System / Host Utilities (3 changes)
eeff8b3
tools/ccache: update to 4.6.1 (+3,-3)
80653f0
tools/ccache: update to 4.6.2 (+5,-5)
c1ccae5
ccache: update to 4.6.3 (+3,-35)
Kernel (1 change)
074db57
kernel: backport fix for recently introduced UBI bug (+71,-2)
Packages / Common (1 change)
b6cbab1
openssl: fix CVE-2023-464 and CVE-2023-465 (+263,-1)
Packages / OpenWrt network userland (1 change)
9af29da
uclient: update to Git version 2023-04-13 (+3,-3)
⇒ dc54d2b
tests: add certificate check against letsencrypt.org (+4)
⇒ 644d3c7
ci: improve wolfSSL test coverage (+53,-7)
⇒ 007d945
uclient: cancel state change timeout in uclient_disconnect() (+1)
Target / ath79 (1 change)
bf81a92
ath79: create Aruba AP-105 APBoot compatible image (+6)
Target / ramips (2 changes)
31b1366
ramips: fix lzma-loader for buffalo_WSR_600DHP (+1)
5f15225
ramips: reduce Archer AX23 / MR70X SPI-frequency (+2,-2)
Addressed bugs
#11919
Description: WSR-600DHP boot looping after upgrading to 22.03
Link: https://github.com/openwrt/openwrt/issues/11919
Commits:
31b1366
ramips: fix lzma-loader for buffalo_WSR_600DHP (+1)
#12232
Description: snapshot builds do not install correctly - Mar 2023 builds
Link: https://github.com/openwrt/openwrt/issues/12232
Commits:
074db57
kernel: backport fix for recently introduced UBI bug (+71,-2)
Security fixes
CVE-2023-0464
Description: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
Commits:
b6cbab1
openssl: fix CVE-2023-464 and CVE-2023-465 (+263,-1)
CVE-2023-0465
Description: Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
Commits:
b6cbab1
openssl: fix CVE-2023-464 and CVE-2023-465 (+263,-1)