OpenWrt v22.03.6 Changelog

This changelog lists all commits done in OpenWrt since the v22.03.5 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 22.03.6 release.

See also the release notes that provide a more accessible overview of the main changes in 22.03.6.

dcdd8e9 kernel: bump 5.10 to 5.10.177 (+29,-28)
5cc1bd5 kernel: bump 5.10 to 5.10.178 (+50,-119)
2677220 kernel: bump 5.10 to 5.10.179 (+9,-9)
80a99d9 build: escape whitespaces in VERSION_DIST for Netgear images (+2,-2)
6bca11f kernel: bump 5.10 to 5.10.180 (+59,-105)
171b515 kernel: bump 5.10 to 5.10.181 (+32,-32)
ac5e37f kernel: bump 5.10 to 5.10.182 (+2,-2)
920f2d9 kernel: bump 5.10 to 5.10.183 (+27,-26)
287303b kernel: bump 5.10 to 5.10.184 (+68,-69)
0344144 kernel: bump 5.10 to 5.10.185 (+27,-59)
fbc23f6 kernel: bump 5.10 to 5.10.186 (+17,-17)
cc54e19 build: fix generation of large .vdi images (+8,-2)
77f7f69 kernel: bump 5.10 to 5.10.187 (+2,-2)
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)
419218a kernel: bump 5.10 to 5.10.190 (+14,-14)
866badc kernel: bump 5.10 to 5.10.191 (+31,-31)
49639b2 kernel: bump 5.10 to 5.10.192 (+12,-44)
188c49b kernel: bump 5.10 to 5.10.194 (+10,-10)
3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)
057bf8f kernel: bump 5.10 to 5.10.197 (+9,-9)
38ee41a image: Fix the CONFIG_EXTERNAL_CPIO logic (+1,-1)
f3a78af kernel: bump 5.10 to 5.10.198 (+22,-22)
8525157 kernel: bump 5.10 to 5.10.199 (+48,-48)
bb2b55f build: export GIT_CEILING_DIRECTORIES for package builds (+2)
86124a1 scripts/getver.sh: prevent asking for negative rev-parse (+1,-1)
9bac24e scan.mk: do not silence output of dump phase (+2,-1)
3555a29 treewide: fix shell errors during dump stage (+9)
7dabd7a scripts/dump-target-info.pl: add new function to DUMP devices (+79,-1)
3e511a7 kernel: bump 5.10 to 5.10.200 (+25,-25)
f85a79b kernel: bump 5.10 to 5.10.201 (+8,-55)

9d71dc9 tools: assign PKG_CPE_ID (+6)
e453767 tools/zlib: switch to configure script (+14,-15)
35fd776 tools/expat: build with autotools again (+15,-16)
d8aa8ae tools/cmake: Build without some included libs (+46,-3)
e4a70c9 tools: fix firmware-utils depends (+1,-1)

1c79f93 ib: split out processing user provided packages (+3,-1)

8a1ba96 sdk: rename README + update Makefile (+1,-1)

4d66384 fortify-headers: fix inconsistent time_t version of ppoll (+12,-1)
30fca54 fortify-headers: fix build error when _REDIR_TIME64 is not defined (+2,-2)
6a2d19c toolchain: assign PKG_CPE_ID (+6)
32e32d5 toolchain: musl: add PKG_CPE_ID (+1)
4ad0f92 toolchain: Update glibc 2.34 to recent HEAD (+2,-2)
de2162d toolchain: gcc: backport v11.3.0 fix for false positive VLA params warnings (+192)

dcdd8e9 kernel: bump 5.10 to 5.10.177 (+29,-28)
5cc1bd5 kernel: bump 5.10 to 5.10.178 (+50,-119)
2677220 kernel: bump 5.10 to 5.10.179 (+9,-9)
6bca11f kernel: bump 5.10 to 5.10.180 (+59,-105)
171b515 kernel: bump 5.10 to 5.10.181 (+32,-32)
e908856 kernel: mtd: bcm-wfi: add cferam name support (+14,-2)
920f2d9 kernel: bump 5.10 to 5.10.183 (+27,-26)
287303b kernel: bump 5.10 to 5.10.184 (+68,-69)
2034387 netfilter: fix typo in nf-socket and nf-tproxy kconfig (+2,-2)
0344144 kernel: bump 5.10 to 5.10.185 (+27,-59)
fbc23f6 kernel: bump 5.10 to 5.10.186 (+17,-17)
04b4d79 kernel: bgmac: fix regressed support for BCM53573 SoCs (+45)
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)
419218a kernel: bump 5.10 to 5.10.190 (+14,-14)
866badc kernel: bump 5.10 to 5.10.191 (+31,-31)
49639b2 kernel: bump 5.10 to 5.10.192 (+12,-44)
188c49b kernel: bump 5.10 to 5.10.194 (+10,-10)
3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)
057bf8f kernel: bump 5.10 to 5.10.197 (+9,-9)
f3a78af kernel: bump 5.10 to 5.10.198 (+22,-22)
8525157 kernel: bump 5.10 to 5.10.199 (+48,-48)
3e511a7 kernel: bump 5.10 to 5.10.200 (+25,-25)
f85a79b kernel: bump 5.10 to 5.10.201 (+8,-55)

656e411 ramips: add support for Keenetic Lite III rev. A (+165,-1)
6870041 uboot-bcm4908: update to the latest generic (+3,-3)
4435700 Remove redundant YYLOC global declaration (-1)
0a1dc00 treewide: Add extra CPE identifier (+4)
e7b3414 ramips: add support for SNR-CPE-W4N-MT router (+149)

ce32068 ca-certificates: Update to version 20230311 (+9,-13)
afb4422 openssl: bump to 1.1.1u (+3,-265)
4a9eb94 bpf-headers: fix compilation with LLVM_IAS=1 (+1,-1)
17f6001 restool: update source.codeaurora.org repository link (+1,-1)
70e3f4e openssl: passing cflags to configure (+2,-1)
681baab wolfssl: update to 5.6.3 (+30,-5)
503aa7f dropbear: add ed25519 for failsafe key (+3,-2)
c29390b lua: fix integer overflow in LNUM patch (+16,-16)
df994cc mbedtls: Update to version 2.28.3 (+2,-24)
b62dace mbedtls: Update to version 2.28.4 (+2,-2)
de29f15 openssl: bump to 1.1.1v (+3,-3)
aeb1221 urngd: update to the latest master (+3,-3)
7aefb47 jitterentropy-rngd: update to the v1.2.0 (+1,-1)
3a7143f packages: assign PKG_CPE_ID for all missing packages (+13)
0a1dc00 treewide: Add extra CPE identifier (+4)
f6fa7b5 openssl: update to version 1.1.1w (+2,-2)
64907f3 hostapd: fix broke noscan option for mesh (+3,-3)
fcdecb5 hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUS (+1,-1)
3af93be bsdiff: Add patches for CVEs (+433,-13)
72d940d mbedtls: Update to version 2.28.5 (+2,-2)
0c7c87a urngd: update to version 2023-11-01 (+3,-3)
44365eb Deactivate _FORTIFY_SOURCE in jitterentropy-base.c (+5,-2)
545807d wolfssl: update to 5.6.4 (+3,-28)

e500494 wireless-regdb: update to 2023.05.03 (+2,-2)
8da1ba2 linux-firmware: Update to version 20220509 (+2,-2)
f3ccdf7 linux-firmware: take linux-firmware.git's qca99x0 boardfile (+1,-12)
9c54ac6 linux-firmware: Update to version 20220610 (+2,-2)
d136562 linux-firmware: update to 20220815 (+2,-2)
91de737 linux-firmware: update to 20220913 (+2,-2)
ad3d63b linux-firmware: update to 20221012 (+2,-2)
d59e095 linux-firmware: update to 20221109 (+2,-2)
5fc704c linux-firmware: update to 20221214 (+2,-2)
b3ddc09 linux-firmware: disable stripping (+4,-1)
320c919 linux-firmware: update to 20230117 (+3,-3)
d2cc4ad linux-firmware: update to 20230310 (+2,-2)
9466152 linux-firmware: update to 20230515 (+2,-2)
728afd1 linux-firmware: move firmware file for mt7601u (+3,-3)
b5a5751 ipq40xx: R619AC: replace space with - separator in variant string (+2,-2)
3235300 ipq-wifi: drop custom board-2.bins (+22,-98)
2c96dd6 firmware: intel-microcode: update to 20221108 (+2,-2)
f4e4f55 firmware: intel-microcode: update to 20230512 (+3,-3)
ca669b7 ls-dpl: update source.codeaurora.org repository link (+1,-1)
80a6b0a ipq-wifi: fix upstream board-2.bin ZTE M289F snafu (+7,-4)
68c6608 linux-firmware: update to 20230625 (+2,-2)
08a7820 linux-firmware: update to 20230804 (+2,-2)
8c7b03a firmware: intel-microcode: update to 20230808 (+2,-2)
3a7143f packages: assign PKG_CPE_ID for all missing packages (+13)
b87913e wireless-regdb: update to 2023.09.01 (+2,-2)

c1181a5 uhttpd: update to latest Git HEAD (+3,-3)
6341357 ucode: respect all arguments passed to send() (+14,-12)
47561aa mimetypes: add audio/video support for apple airplay (+3)
1dbbd0f uhttpd: update to latest git HEAD (+3,-3)
34a8a74 uhttpd/file: fix string out of buffer range on uh_defer_script (+2,-2)

5cc1bd5 kernel: bump 5.10 to 5.10.178 (+50,-119)
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
8525157 kernel: bump 5.10 to 5.10.199 (+48,-48)

5cc1bd5 kernel: bump 5.10 to 5.10.178 (+50,-119)
6bca11f kernel: bump 5.10 to 5.10.180 (+59,-105)
920f2d9 kernel: bump 5.10 to 5.10.183 (+27,-26)
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)

59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)

920f2d9 kernel: bump 5.10 to 5.10.183 (+27,-26)
287303b kernel: bump 5.10 to 5.10.184 (+68,-69)
0344144 kernel: bump 5.10 to 5.10.185 (+27,-59)
fbc23f6 kernel: bump 5.10 to 5.10.186 (+17,-17)
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)
419218a kernel: bump 5.10 to 5.10.190 (+14,-14)
92a0dd2 ath79: fix packetloss on some WLR-7100 (+2)
3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)
9e8c959 ath79: wpj563: enable 2nd USB controller (+8)
8bc8db9 ath79: increase the rfkill debounce interval for TP-Link Archer C7 v2 (+2,-1)
f3a78af kernel: bump 5.10 to 5.10.198 (+22,-22)
7901fec ath79: image: allow changing kernel option in mkubntimage (+1,-1)
3e511a7 kernel: bump 5.10 to 5.10.200 (+25,-25)

dcdd8e9 kernel: bump 5.10 to 5.10.177 (+29,-28)
5cc1bd5 kernel: bump 5.10 to 5.10.178 (+50,-119)
6bca11f kernel: bump 5.10 to 5.10.180 (+59,-105)
171b515 kernel: bump 5.10 to 5.10.181 (+32,-32)
920f2d9 kernel: bump 5.10 to 5.10.183 (+27,-26)
287303b kernel: bump 5.10 to 5.10.184 (+68,-69)
0344144 kernel: bump 5.10 to 5.10.185 (+27,-59)
fbc23f6 kernel: bump 5.10 to 5.10.186 (+17,-17)
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
49639b2 kernel: bump 5.10 to 5.10.192 (+12,-44)
188c49b kernel: bump 5.10 to 5.10.194 (+10,-10)
3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)
057bf8f kernel: bump 5.10 to 5.10.197 (+9,-9)
8525157 kernel: bump 5.10 to 5.10.199 (+48,-48)
3e511a7 kernel: bump 5.10 to 5.10.200 (+25,-25)
f85a79b kernel: bump 5.10 to 5.10.201 (+8,-55)

e17f9fd bcm47xx: revert bgmac back to the old limited max frame size (+33)
cf256cf bcm47xx: fix bgmac MTU patch filename ()
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
188c49b kernel: bump 5.10 to 5.10.194 (+10,-10)

419218a kernel: bump 5.10 to 5.10.190 (+14,-14)
057bf8f kernel: bump 5.10 to 5.10.197 (+9,-9)
8525157 kernel: bump 5.10 to 5.10.199 (+48,-48)

5cc1bd5 kernel: bump 5.10 to 5.10.178 (+50,-119)
e3d0c70 bcm53xx: backport DT changes from v6.5 (+4.6K,-11)
a7867e0 bcm53xx: backport DT changes queued for v6.6 (+474,-1)
c39a3f1 bcm53xx: add BCM53573 Ethernet fix sent upstream for v6.6 (+28)
1ec274a bcm53xx: backport more DT changes queued for v6.6 (+290,-28)
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)
2adf034 bcm53xx: backport DT changes for ASUS RT-AC3100 queued for v6.6 (+432,-1)
0e23d24 bcm53xx: add support for ASUS RT-AC3100 (+8)
20a046e bcm53xx: build a single device per profile (+1)
ff9a115 bcm53xx: simplify patch adding switch ports (+15,-128)
297484a bcm53xx: backport DT changes queued for v6.7 (+686,-1)
829fc38 bcm53xx: disable unused switch ports in downstream patch (+135,-15)
c292104 bcm53xx: backport 1 more late DT patch accepted for v6.7 (+63,-44)
8525157 kernel: bump 5.10 to 5.10.199 (+48,-48)
f71ab69 bcm53xx: refresh kernel config (+1)

4b44bfe bcm63xx: fix NETGEAR DGND3700v2 boot loop (+1)
fbc23f6 kernel: bump 5.10 to 5.10.186 (+17,-17)
59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)

dcdd8e9 kernel: bump 5.10 to 5.10.177 (+29,-28)
1a5e7d3 bmips: fix NETGEAR DGND3700v2 boot loop (+1)
59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)

b5a5751 ipq40xx: R619AC: replace space with - separator in variant string (+2,-2)
3235300 ipq-wifi: drop custom board-2.bins (+22,-98)
287303b kernel: bump 5.10 to 5.10.184 (+68,-69)
80a6b0a ipq-wifi: fix upstream board-2.bin ZTE M289F snafu (+7,-4)
1fa6b26 ipq40xx: switch to performance governor by default (+2,-2)

5cc1bd5 kernel: bump 5.10 to 5.10.178 (+50,-119)
3235300 ipq-wifi: drop custom board-2.bins (+22,-98)
6bca11f kernel: bump 5.10 to 5.10.180 (+59,-105)
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)

59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)
3e511a7 kernel: bump 5.10 to 5.10.200 (+25,-25)

0344144 kernel: bump 5.10 to 5.10.185 (+27,-59)
3555a29 treewide: fix shell errors during dump stage (+9)

6bca11f kernel: bump 5.10 to 5.10.180 (+59,-105)
f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)
f3a78af kernel: bump 5.10 to 5.10.198 (+22,-22)
3555a29 treewide: fix shell errors during dump stage (+9)

0344144 kernel: bump 5.10 to 5.10.185 (+27,-59)
59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)

3c895dd octeon: ubnt-edgerouter-e300: fix LED settings (+2,-2)
4959dcd octeon: ubnt-edgerouter-e300: fix missing MTD partition (+22,-16)
0567428 octeon: ubnt-edgerouter-4/6p: devicetree cleanup (+10,-30)

f6b6d4b kernel: bump 5.10 to 5.10.188 (+65,-186)
3e511a7 kernel: bump 5.10 to 5.10.200 (+25,-25)

59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)
057bf8f kernel: bump 5.10 to 5.10.197 (+9,-9)

3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)

749cc6f ramips: Cudy X6 fixes / improvements (+19,-16)
5f583d3 ramips: mt7621: add support for Cudy X6 v2 (+145,-51)
dcdd8e9 kernel: bump 5.10 to 5.10.177 (+29,-28)
80fbad1 ramips: correct page read return value of the mt7621 nand driver (+9,-5)
656e411 ramips: add support for Keenetic Lite III rev. A (+165,-1)
0344144 kernel: bump 5.10 to 5.10.185 (+27,-59)
59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)
3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)
e7b3414 ramips: add support for SNR-CPE-W4N-MT router (+149)

5cc1bd5 kernel: bump 5.10 to 5.10.178 (+50,-119)
2677220 kernel: bump 5.10 to 5.10.179 (+9,-9)
0344144 kernel: bump 5.10 to 5.10.185 (+27,-59)
59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)
419218a kernel: bump 5.10 to 5.10.190 (+14,-14)

49639b2 kernel: bump 5.10 to 5.10.192 (+12,-44)

0344144 kernel: bump 5.10 to 5.10.185 (+27,-59)
3598545 kernel: bump 5.10 to 5.10.196 (+186,-437)

59dce3b kernel: bump 5.10 to 5.10.189 (+37,-35)
3fe2875 x86: geode: fix hwrng register accesses (+47)
f85a79b kernel: bump 5.10 to 5.10.201 (+8,-55)

6e77f51 mac80211: fix not set noscan option for wpa_supplicant (+2,-2)

76b1e56 mt76: update to the latest version from the 22.03 branch (+3,-328)
94eb0bc wifi: mt76: testmode: use random payload for tx packets (+6,-2)
f8ece81 wifi: mt76: add rx_check callback for usb devices (+28)
67fbdb7 wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (+14,-4)
a9b09dd wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (+9,-4)
ee3eb0d wifi: mt76: mt7921u: fix race issue between reset and suspend/resume (+24,-4)
9706cce wifi: mt76: mt7921u: remove unnecessary MT76_STATE_SUSPEND (-4)
74a29eb wifi: mt76: mt7921: move mt7921_rx_check and mt7921_queue_rx_skb in mac.c (+119,-157)
f49e06c wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (+2,-2)
3226561 wifi: mt76: sdio: poll sta stat when device transmits data (+1,-1)
dee0a3c wifi: mt76: mt7915: fix an uninitialized variable bug (+1,-1)
9dd7be2 wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() (+4,-1)
0ad02c9 wifi: mt76: sdio: add rx_check callback for sdio devices (+17,-7)
fe85e5c wifi: mt76: sdio: fix transmitting packet hangs (+1,-1)
206c7eb wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_... (+4)
bf79f5d wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (+6,-4)
c4132ab wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nest... (+4,-2)
⇒ + 48 more...
8da4e8f mt76: update to the latest version from the 22.03 branch (+3,-3)
bdf8ea7 mt76: mt7921: don't assume adequate headroom for SDIO headers (+4)

695a22a build: generate index.json (+4)

FS#3325 (#8184)

Description: MT7628an: lose radio whilst downloading jarge data
Link: https://github.com/openwrt/openwrt/issues/8184
Commits:
76b1e56 mt76: update to the latest version from the 22.03 branch (+3,-328)
94eb0bc wifi: mt76: testmode: use random payload for tx packets (+6,-2)
f8ece81 wifi: mt76: add rx_check callback for usb devices (+28)
67fbdb7 wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (+14,-4)
a9b09dd wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (+9,-4)
ee3eb0d wifi: mt76: mt7921u: fix race issue between reset and suspend/resume (+24,-4)
9706cce wifi: mt76: mt7921u: remove unnecessary MT76_STATE_SUSPEND (-4)
74a29eb wifi: mt76: mt7921: move mt7921_rx_check and mt7921_queue_rx_skb in mac.c (+119,-157)
f49e06c wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (+2,-2)
3226561 wifi: mt76: sdio: poll sta stat when device transmits data (+1,-1)
dee0a3c wifi: mt76: mt7915: fix an uninitialized variable bug (+1,-1)
9dd7be2 wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() (+4,-1)
0ad02c9 wifi: mt76: sdio: add rx_check callback for sdio devices (+17,-7)
fe85e5c wifi: mt76: sdio: fix transmitting packet hangs (+1,-1)
206c7eb wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_... (+4)
bf79f5d wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (+6,-4)
c4132ab wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nest... (+4,-2)
⇒ + 48 more...

FS#3338 (#8314)

Description: TL-WR841N v13 (ramips) unstable Ethernet and WiFi in 19.07.4
Link: https://github.com/openwrt/openwrt/issues/8314
Commits:
76b1e56 mt76: update to the latest version from the 22.03 branch (+3,-328)
94eb0bc wifi: mt76: testmode: use random payload for tx packets (+6,-2)
f8ece81 wifi: mt76: add rx_check callback for usb devices (+28)
67fbdb7 wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (+14,-4)
a9b09dd wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (+9,-4)
ee3eb0d wifi: mt76: mt7921u: fix race issue between reset and suspend/resume (+24,-4)
9706cce wifi: mt76: mt7921u: remove unnecessary MT76_STATE_SUSPEND (-4)
74a29eb wifi: mt76: mt7921: move mt7921_rx_check and mt7921_queue_rx_skb in mac.c (+119,-157)
f49e06c wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (+2,-2)
3226561 wifi: mt76: sdio: poll sta stat when device transmits data (+1,-1)
dee0a3c wifi: mt76: mt7915: fix an uninitialized variable bug (+1,-1)
9dd7be2 wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() (+4,-1)
0ad02c9 wifi: mt76: sdio: add rx_check callback for sdio devices (+17,-7)
fe85e5c wifi: mt76: sdio: fix transmitting packet hangs (+1,-1)
206c7eb wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_... (+4)
bf79f5d wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (+6,-4)
c4132ab wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nest... (+4,-2)
⇒ + 48 more...

FS#3740 (#8757)

Description: MT7688 wireless signal disappears under heavy load
Link: https://github.com/openwrt/openwrt/issues/8757
Commits:
76b1e56 mt76: update to the latest version from the 22.03 branch (+3,-328)
94eb0bc wifi: mt76: testmode: use random payload for tx packets (+6,-2)
f8ece81 wifi: mt76: add rx_check callback for usb devices (+28)
67fbdb7 wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (+14,-4)
a9b09dd wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (+9,-4)
ee3eb0d wifi: mt76: mt7921u: fix race issue between reset and suspend/resume (+24,-4)
9706cce wifi: mt76: mt7921u: remove unnecessary MT76_STATE_SUSPEND (-4)
74a29eb wifi: mt76: mt7921: move mt7921_rx_check and mt7921_queue_rx_skb in mac.c (+119,-157)
f49e06c wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (+2,-2)
3226561 wifi: mt76: sdio: poll sta stat when device transmits data (+1,-1)
dee0a3c wifi: mt76: mt7915: fix an uninitialized variable bug (+1,-1)
9dd7be2 wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() (+4,-1)
0ad02c9 wifi: mt76: sdio: add rx_check callback for sdio devices (+17,-7)
fe85e5c wifi: mt76: sdio: fix transmitting packet hangs (+1,-1)
206c7eb wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_... (+4)
bf79f5d wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (+6,-4)
c4132ab wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nest... (+4,-2)
⇒ + 48 more...

FS#4238 (#9219)

Description: TL-WR841N v13 (SoC MT7628AN) wifi disappears after some usage
Link: https://github.com/openwrt/openwrt/issues/9219
Commits:
76b1e56 mt76: update to the latest version from the 22.03 branch (+3,-328)
94eb0bc wifi: mt76: testmode: use random payload for tx packets (+6,-2)
f8ece81 wifi: mt76: add rx_check callback for usb devices (+28)
67fbdb7 wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (+14,-4)
a9b09dd wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (+9,-4)
ee3eb0d wifi: mt76: mt7921u: fix race issue between reset and suspend/resume (+24,-4)
9706cce wifi: mt76: mt7921u: remove unnecessary MT76_STATE_SUSPEND (-4)
74a29eb wifi: mt76: mt7921: move mt7921_rx_check and mt7921_queue_rx_skb in mac.c (+119,-157)
f49e06c wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (+2,-2)
3226561 wifi: mt76: sdio: poll sta stat when device transmits data (+1,-1)
dee0a3c wifi: mt76: mt7915: fix an uninitialized variable bug (+1,-1)
9dd7be2 wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() (+4,-1)
0ad02c9 wifi: mt76: sdio: add rx_check callback for sdio devices (+17,-7)
fe85e5c wifi: mt76: sdio: fix transmitting packet hangs (+1,-1)
206c7eb wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_... (+4)
bf79f5d wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (+6,-4)
c4132ab wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nest... (+4,-2)
⇒ + 48 more...

#12587

Description: Unable to build package/libs/libusb
Link: https://github.com/openwrt/openwrt/issues/12587
Commits:
30fca54 fortify-headers: fix build error when _REDIR_TIME64 is not defined (+2,-2)

#12866

Description: openssl fails to compile for mips64_octeonplus
Link: https://github.com/openwrt/openwrt/issues/12866
Commits:
70e3f4e openssl: passing cflags to configure (+2,-1)

#12886

Description: [23.05-rc1] ipq40xx: zte_mf289f: ath10k_ahb: could not probe fw (-110)
Link: https://github.com/openwrt/openwrt/issues/12886
Commits:
80a6b0a ipq-wifi: fix upstream board-2.bin ZTE M289F snafu (+7,-4)

#13056

Description: Error building VDI image on latest Arch Linux
Link: https://github.com/openwrt/openwrt/issues/13056
Commits:
cc54e19 build: fix generation of large .vdi images (+8,-2)

#13260

Description: kernel size not a multiple of block size on Ubiquiti Routerstation image
Link: https://github.com/openwrt/openwrt/issues/13260
Commits:
7901fec ath79: image: allow changing kernel option in mkubntimage (+1,-1)

#13283

Description: SSID from Wi-Fi list disappears during download
Link: https://github.com/openwrt/openwrt/issues/13283
Commits:
76b1e56 mt76: update to the latest version from the 22.03 branch (+3,-328)
94eb0bc wifi: mt76: testmode: use random payload for tx packets (+6,-2)
f8ece81 wifi: mt76: add rx_check callback for usb devices (+28)
67fbdb7 wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (+14,-4)
a9b09dd wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (+9,-4)
ee3eb0d wifi: mt76: mt7921u: fix race issue between reset and suspend/resume (+24,-4)
9706cce wifi: mt76: mt7921u: remove unnecessary MT76_STATE_SUSPEND (-4)
74a29eb wifi: mt76: mt7921: move mt7921_rx_check and mt7921_queue_rx_skb in mac.c (+119,-157)
f49e06c wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (+2,-2)
3226561 wifi: mt76: sdio: poll sta stat when device transmits data (+1,-1)
dee0a3c wifi: mt76: mt7915: fix an uninitialized variable bug (+1,-1)
9dd7be2 wifi: mt76: mt7921: fix use after free in mt7921_acpi_read() (+4,-1)
0ad02c9 wifi: mt76: sdio: add rx_check callback for sdio devices (+17,-7)
fe85e5c wifi: mt76: sdio: fix transmitting packet hangs (+1,-1)
206c7eb wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_... (+4)
bf79f5d wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (+6,-4)
c4132ab wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nest... (+4,-2)
⇒ + 48 more...

#13572

Description: bcm53xx: build fails with default config
Link: https://github.com/openwrt/openwrt/issues/13572
Commits:
20a046e bcm53xx: build a single device per profile (+1)

#13649

Description: IPQ4019 ethernet
Link: https://github.com/openwrt/openwrt/issues/13649
Commits:
1fa6b26 ipq40xx: switch to performance governor by default (+2,-2)

#13776

Description: CONFIG_EXTERNAL_CPIO is ignored if CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE
Link: https://github.com/openwrt/openwrt/issues/13776
Commits:
38ee41a image: Fix the CONFIG_EXTERNAL_CPIO logic (+1,-1)

CVE-20-2014

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20-2014
Commits:
3af93be bsdiff: Add patches for CVEs (+433,-13)

CVE-33-2020

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-33-2020
Commits:
3af93be bsdiff: Add patches for CVEs (+433,-13)

CVE-2014-9862

Description: Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862
Commits:
3af93be bsdiff: Add patches for CVEs (+433,-13)

CVE-2020-14315

Description: A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14315
Commits:
3af93be bsdiff: Add patches for CVEs (+433,-13)

CVE-2022-21216

Description: Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21216
Commits:
f4e4f55 firmware: intel-microcode: update to 20230512 (+3,-3)

CVE-2022-33196

Description: Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33196
Commits:
f4e4f55 firmware: intel-microcode: update to 20230512 (+3,-3)

CVE-2022-33972

Description: Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33972
Commits:
f4e4f55 firmware: intel-microcode: update to 20230512 (+3,-3)

CVE-2022-38090

Description: Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38090
Commits:
f4e4f55 firmware: intel-microcode: update to 20230512 (+3,-3)

CVE-2022-40982

Description: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982
Commits:
8c7b03a firmware: intel-microcode: update to 20230808 (+2,-2)

CVE-2022-41804

Description: Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41804
Commits:
8c7b03a firmware: intel-microcode: update to 20230808 (+2,-2)

CVE-2023-0464

Description: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
Commits:
afb4422 openssl: bump to 1.1.1u (+3,-265)

CVE-2023-0465

Description: Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
Commits:
afb4422 openssl: bump to 1.1.1u (+3,-265)

CVE-2023-0466

Description: The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
Commits:
afb4422 openssl: bump to 1.1.1u (+3,-265)

CVE-2023-2650

Description: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
Commits:
afb4422 openssl: bump to 1.1.1u (+3,-265)

CVE-2023-3446

Description: Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
Commits:
de29f15 openssl: bump to 1.1.1v (+3,-3)

CVE-2023-3817

Description: Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
Commits:
de29f15 openssl: bump to 1.1.1v (+3,-3)

CVE-2023-4806

Description: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4806
Commits:
4ad0f92 toolchain: Update glibc 2.34 to recent HEAD (+2,-2)

CVE-2023-4807

Description: Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4807
Commits:
f6fa7b5 openssl: update to version 1.1.1w (+2,-2)

CVE-2023-4911

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911
Commits:
4ad0f92 toolchain: Update glibc 2.34 to recent HEAD (+2,-2)

CVE-2023-5156

Description: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5156
Commits:
4ad0f92 toolchain: Update glibc 2.34 to recent HEAD (+2,-2)

CVE-2023-23908

Description: Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23908
Commits:
8c7b03a firmware: intel-microcode: update to 20230808 (+2,-2)

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2023/12/03 19:31
  • by hauke