LEDE v17.01.2 Changelog

This changelog lists all commits done in LEDE since the v17.01.1 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.2 release.

Build System / Buildroot (7 changes)

7ee0937 feeds: add option to force feed update despite modified files (+26,-9)
37cf921 build: fix symlinked .config handling (+1,-1)
dbaaeae image.mk: Generate cpiogz with root-owned files (+1,-1)
a44d7bf build: fix possible issue with kmod package having multiple AutoLoad's (+12,-9)
4053c4f include/toplevel: set env GIT_ASKPASS=/bin/true (+1)
65eec8b build: ensure that flock is available for make download (+1,-1)
2da512e LEDE v17.01.2: adjust config defaults (+11,-9)

Build System / Feeds (1 change)

2da512e LEDE v17.01.2: adjust config defaults (+11,-9)

Build System / Host Utilities (2 changes)

dfe2cea firmware-utils: tplink-safeloader: add support for Archer C5 V2 (+34)
f709597 automake: import upstream fix for perl 5.26 (+30)

Build System / Image Builder (1 change)

379155d imagebuilder: fix bundling of DTS sources (+3,-2)

Build System / Toolchain (1 change)

dfecce6 toolchain/gdb: update to version 7.12.1 (+2,-2)

Kernel (7 changes)

1ab4126 kernel: use skb_cow_head() to deal with cloned skbs (+267)
3bfe7ee generic: keep module aliases inside .modinfo (+4,-12)
215c1d0 kernel: update kernel 4.4 to 4.4.69 (+143,-474)
9c2bd3d backlight-pwm: fix module description (+1,-1)
2f92622 kernel: fix autoloading arch-specific modules (+9,-9)
e02b12c kernel: update kernel 4.4 to 4.4.70 (+7,-7)
4fbd072 kernel: update kernel 4.4 to 4.4.71 (+5,-5)

Packages / Common (29 changes)

449880e busybox: Move libresolv detection to LEDE Makefile (+6,-18)
5feb4f0 busybox: fix build of nslookup_lede applet without IPv6 (#728) (+33,-9)
72fcdb6 openssl: Use mkhash for STAMP_CONFIGURED (+1,-1)
a2ee9b7 busybox: nslookup_lede: fix compatibility with v1.25 (+7,-6)
fe0b171 busybox: nslookup_lede: mimic output format of old Busybox applet (+61,-22)
ae0e167 busybox: revert accidential version bump (+1,-1)
d8cfeba dnsmasq: support dhcp_option config as a list (+22,-4)
bc58099 openvpn: move list of params and bools to a separate file (+205,-30)
98491a9 openvpn: add extra respawn parameters (+3)
d40e2ef OpenVPN: Update to 2.4.1 (+12,-20)
53e751e openvpn: add myself as maintainer (+1,-1)
aba1b3c openvpn: update to v2.4.2 (+2,-2)
da4992f om-watchdog: cleanup Makefile (-8)
38367c5 om-watchdog: cosmetic code style fixes (+31,-31)
9423cf3 om-watchdog: add support for Teltonika RUT5xx (ramips) (+10,-1)
1165c0a umdns: update to the version 2017-05-22 (+3,-3)
64f78f1 Rename mdns_hostname variable to the umdns_host_label (+15,-8)
ff09d9a Rename service_name function to the service_instance_name (+13,-4)
920c62a Store instance name in the struct service (+7,-5)
26ce7dc Allow filtering with instance name in service_reply (+9,-6)
49fdb9f Support PTR queries for a specific service (+12,-9)
0e8b948 Support specifying instance name in JSON file (+8,-2)
51db1f5 samba: fix CVE-2017-7494 (+33,-4)
dd19a41 dropbear: bump to 2017.75 (+13,-17)
d179aa8 util-linux: fix build with uclibc (+24)
d1a0fc3 binutils: fix build with host gcc < 4.9 (+1.3K)
e194e1b hostapd: add legacy_rates option to disable 802.11b data rates. (+20,-8)
4bd3b8f mac80211, hostapd: always explicitly set beacon interval (+10,-9)
22478bf samba: bump PKG_RELEASE (+1,-1)
78edfff dnsmasq: don't point --resolv-file to default location unconditionally (+3,-3)
ebf46d2 dnsmasq: use logical interface name for dhcp relay config (+2,-1)
9e20cc5 dnsmasq: make tftp root if not existing (+1,-1)
cdfc678 dnsmasq: bump to 2.77 (+22,-393)
e78a641 umdns: remove superfluous include in init script (-2)
8a42d4d mwlwifi: update to version 10.3.4.0 / 2017-06-06 (+3,-3)
5fac04c Upgrade 88W8964 firmware to 9.1.2.5. ()
7b96b8a Modification of the code to load firmware 9.1.2.5. (+1.0K)
f834af0 Re-architecture mwlwifi. (+2.5K,-2.1K)
618bbc0 Change driver version to 10.3.4.0-20170216. (+1,-1)
ce31432 Added draft version for new data path. (+2.5K,-313)
25b90b1 Added debugfs "ratetable" to get rate table. (+392,-116)
ca699af Connected rx antenna setting for 88W8964. (+20,-5)
87b163f Fixed problem: restart mwlwifi to let AP work. (+11,-4)
374afe9 Added functions to check/dump arp/icmp packet. (+285,-124)
7b07491 Corrected receive sequence number for slow data. (+34,-21)
6457434 Added code to bypass duplicate check of mac80211. (+3,-13)
80e1a1a Added code to bypass ampdu reorder of mac80211. (+4,-2)
a7cb7ca Added code to ack (re)assoc resp immediately. (+22,-1)
217ad84 Won't reset sequence number of Tx BA stream. (+60,-11)
ef239c5 Fixed problem: iperf Tx can't work. (+76,-69)
12185a6 Fixed problem: "wifi up" will destroy data path. (+64,-68)
⇒ + 31 more…

Packages / Firmware (1 change)

0e31ce7 ath10k-firmware: do not select the qca988x by default (-1)

Packages / LEDE base files (5 changes)

0c8f726 base-files: implement ucidef_set_hostname(), ucidef_set_ntpserver() (+20)
524ed50 base-files: always set proto passed to _ucidef_set_interface() (+1,-1)
df4363b base-files: network.sh: properly report local IPv6 addresses (+14,-18)
e5db08e base-files: network.sh: fix a number of IPv6 logic flaws (+48,-17)
2da512e LEDE v17.01.2: adjust config defaults (+11,-9)

Packages / LEDE network userland (3 changes)

c266641 odhcpd: update to version 2017-04-21 (+3,-3)
adc8f62 dhcpv6-ia: create assignment for unknown IA in rebind messages (+9,-4)
4e579c4 dhcpv6-ia: simplify logic to write statefile and dhcpv6 logging (+165,-123)
570069d ubus: rework dumping IPv6 and IPv4 leases (+73,-49)
503e496 odhcpd: update to version 2017-04-28 (FS#595) (+3,-3)
c0e9dbf ubus: don't segfault when there're no leases (+3,-3)
a54afb5 dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file (+1,-1)
7dff5b4 ndp: fix wrong interface name in syslog message (+2,-2)
2b3355f ndp: fix adding proxy neighbor entries (+4,-4)
9268ca6 ndp: don't trigger IPv6 ping when neighbor entry is invalid (+1,-22)
757353c firewall: resync with master (+4,-4)

Packages / LEDE system userland (6 changes)

2bc8d5e ubox: bump to version 2017-03-10 (+3,-3)
acc48b5 kmodloader: Fix typo in error message (+1,-1)
db070f1 ubox: Fix some memory leaks (+10,-4)
8488bb5 ubox: Initialize conditionally uninitialized variabled (+15,-8)
eacc426 kmodloader: remove redundant glob wildcard char (+1,-1)
46a4b5f kmodloader: log to kmsg when loading directories of modules (+4,-2)
a62c946 kmodloader: modprobe: skip possible command line arguments (+9,-2)
9371411 kmodloader: fix out-of-bound access when parsing .modinfo (+6,-2)
6e3c6dc kmodloader: add module alias awareness (+129,-23)
14839f0 kmodloader: make insert_module() idempotent (+4,-1)
f8d3d16 ubox: Add an option for more accurate timestamps in log (+21,-4)
ac2d43e kmodloader: support '-q' quiet option (+29,-10)
fce9382 cmake: Check for getrandom system call (+11,-4)
8973576 kmodloader: fix not being able to find some modules (+7,-4)
c553354 cmake: fix typo (+1,-1)
3dc78a4 kmodloader: don't store aliases info in struct module (+4,-28)
21a4bd0 kmodloader: modprobe: return 0 for loaded modules (+1,-1)
⇒ + 1 more…
e200c66 rpcd: Explicitly link with lcrypt (+2)
0bef8f8 fstools: backport regression fix for volume_identify (+57)
7c1e588 usbmode: Update to latest HEAD (+3,-3)
8a47c4b add TargetClass support (+11)
2769852 cmake: Find libubox/blobmsg_json.h (+3)
61fdf7e cmake: Search for libjson-c (+2,-1)
22f041e Extend StandardEject sequence to include LUN 1 (+6)
4baf0ea usbmode: update to latest version (+3,-3)
453da8e convert-modeswitch.pl: fix message indices (+1,-1)
fe5e343 usbmode: update usb-modeswitch-data to 20170205 (+2,-2)

Target / apm821xx (1 change)

e02b12c kernel: update kernel 4.4 to 4.4.70 (+7,-7)

Target / ar71xx (8 changes)

3dbc417 ar71xx: add TP-LINK TL-WR841N/ND v12 image (+7,-1)
1d1935b ar71xx: fix minor syntax error in /lib/upgrade/platform.sh (+1,-1)
58ec566 ar71xx: select ATH79_NVRAM only by boards actually use it (+5,-4)
8011215 ar71xx: enable nand-utils in the mikrotik subtarget to ensure it makes it to ... (+4,-2)
215c1d0 kernel: update kernel 4.4 to 4.4.69 (+143,-474)
a412350 ar71xx: fix GE interface support in Wallys DR344 (+8,-30)
21a7e40 ar71xx: set GE interface as wan by default in Wallys DR344 (+1,-1)
b1257d8 ar71xx: fix Wallys DR344 GPIO-connected LEDs and button (+33,-10)

Target / bcm53xx (5 changes)

ad145e0 bcm53xx: prepare for building Archer C5 V2 image (+9)
3ff31f8 bcm53xx: parepare for building more Linksys images (+16,-1)
9437fbb bcm53xx: backport BCM5301X patches (+975,-2)
d1e0cc8 bcm53xx: backport DT patches for serial, thermal and MDIO (+288,-1)
74100f3 bcm53xx: add support for TP-LINK Archer C5 V2 (+36,-2)

Target / brcm2708 (2 changes)

215c1d0 kernel: update kernel 4.4 to 4.4.69 (+143,-474)
e02b12c kernel: update kernel 4.4 to 4.4.70 (+7,-7)

Target / brcm63xx (3 changes)

bf534e4 brcm63xx: Add Observa VH4032N support (+193)
d90ff22 brcm63xx: fix invalid Asmax AR 1004g DTS reference (+1,-1)
215c1d0 kernel: update kernel 4.4 to 4.4.69 (+143,-474)

Target / cns3xxx (1 change)

105d5b6 cns3xxx: use proper macro's for ID handling (+3,-3)

Target / ipq806x (4 changes)

bc0de27 ipq806x: fix EA8500 switch configuration (+1,-1)
215c1d0 kernel: update kernel 4.4 to 4.4.69 (+143,-474)
784ceba treewide: select ath10k firmware explicit (+1,-1)
20198f7 ipq806x: fix Netgear X4 R7500 ath10k firmware selection (+1,-1)

Target / lantiq (6 changes)

d49920e lantiq: fix avm fritz box mac addresses (+17,-9)
215c1d0 kernel: update kernel 4.4 to 4.4.69 (+143,-474)
254bf79 lantiq: xrx200: use vlan for ethernet wan port (+9,-39)
4186d73 lantiq: use the P2812HNUF* wan port as wan (+1,-1)
36ccbbd lantiq: select kmod-mt7603 instead of kmod-mt76 for WBMR-300HPD (+1,-1)
bf6216e lantiq: fix broadcasts and vlans in two iface mode (+6,-5)

Target / mediatek (1 change)

215c1d0 kernel: update kernel 4.4 to 4.4.69 (+143,-474)

Target / oxnas (1 change)

215c1d0 kernel: update kernel 4.4 to 4.4.69 (+143,-474)

Target / ramips (24 changes)

9117ef8 ramips: update DEVICE_PACKAGES for Ubiquiti EdgeRouter X (+1,-1)
dbd2212 ramips: WN3000RPv3: do not setup switch (+1)
26f07f6 ramips: fixed sms led polarity into dwr-512 DT (+1,-1)
0f3c2d0 ramips: Clean duplicated status property for Omega2 WMAC in dtsi (-4)
846457f ramips: fix mac address of miwifi-mini (+5,-1)
1aee42c ramips: add support for Netgear WN3000RPv3 (+163,-2)
85bca2d ramips: correct keenetic-series switch index (+1,-1)
9494825 ramips: ZyXEL Keenetic Omni align factory images (+2,-2)
a12655a ramips: ZyXEL Keenetic series update wan mac (+3,-1)
0405851 ramips: fix EX2700 wireless mac (+11,-13)
a666236 ramips: add ip17xx support to WLI-TX4-AG300N (+1)
5b2624d ramips: ZyXEL Keenetic Viva: export gpio usb power (+11)
fd693bc ramips: ZyXEL Keenetic Viva: align factory images (+1,-1)
28d6265 ramips: ZyXEL Keenetic Omni/Omni2: export gpio usb power (+22)
6aa0a85 ramips: remove DT pcie nodes for GL-MT300A/N (-26)
f1f0b92 ramips: cleanup SPI flash device tree properties usage (+6,-116)
88cc06a ramips: remove Planex CS-QR10 sound device tree node (-11)
7e2ad9c ramips: fix Sercomm NA930 compatible string (+1,-1)
49ce6d0 ramips: add support for Sanlinking D240 (+175)
8b9f7bd ramips: WN3000RPv3: do not setup switch (-1)
79cd141 ramips: enable ramdisk for mt7621 (+1,-1)
8619683 ramips: add factory firmware for Tp-Link C20i/C50 (+4)
7f3ec01 ramips: fixup-mac-address: add missing include (+1)
4bd98e9 ramips: add om-watchdog to rut5xx DEVICE_PACKAGES (+1)

Target / sunxi (1 change)

215c1d0 kernel: update kernel 4.4 to 4.4.69 (+143,-474)

Target / x86 (3 changes)

af1d1eb x86: enable 4G high memory support for generic (32bit) subtarget (+8,-3)
b78bcdf x86: disable X2APIC support for legacy subtargets (+2)
443d705 Add missing APU1 reference to x86 board.d (+2,-2)

Wireless / Common (10 changes)

a972879 ath: do not apply broken power limits with ATH_USER_REGD (+44,-12)
5ac51ad ath9k: fix power limits on init (+47)
ceefe61 mac80211: add rt2x00 debug symbols to PKG_CONFIG_DEPENDS (+2)
4314646 rt2x00: mt7620: yet another beauty session (+524,-171)
ab7087e rt2x00: mt7620: make fixes requested upstream (+674,-170)
5b91d2b mac80211: rt2x00: import upstream changes and rebase our patches (+1.7K,-189)
820a396 mac80211: rt2x00: fix MT7620 LNA gain and VCO-after-ALC (+88)
64fa4ea mac80211: rt2800: fix mt7620 vco calibration registers (+50)
eb11207 mac80211: rt2800: fix mt7620 E2 channel registers (+41)
4bd3b8f mac80211, hostapd: always explicitly set beacon interval (+10,-9)

#285

Description: Kernel panic on ebox-3300 (Vortex86DX CPU)
Link: https://bugs.lede-project.org/index.php?do=details&task_id=285
Commits:
b78bcdf x86: disable X2APIC support for legacy subtargets (+2)

#359

Description: kirkwood: kernel does not recognize rootfs in ubi
Link: https://bugs.lede-project.org/index.php?do=details&task_id=359
Commits:
a666236 ramips: add ip17xx support to WLI-TX4-AG300N (+1)

#548

Description: firewall3: Timezone problems, UTC used always despite UTC Time not checked
Link: https://bugs.lede-project.org/index.php?do=details&task_id=548
Commits:
757353c firewall: resync with master (+4,-4)

#572

Description: OpenSSL STAMP_CONFIGURED can lead to filename too long
Link: https://bugs.lede-project.org/index.php?do=details&task_id=572
Commits:
72fcdb6 openssl: Use mkhash for STAMP_CONFIGURED (+1,-1)

#595

Description: odhcpd in relay mode floods network with NS packets
Link: https://bugs.lede-project.org/index.php?do=details&task_id=595
Commits:
503e496 odhcpd: update to version 2017-04-28 (FS#595) (+3,-3)
c0e9dbf ubus: don't segfault when there're no leases (+3,-3)
a54afb5 dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file (+1,-1)
7dff5b4 ndp: fix wrong interface name in syslog message (+2,-2)
2b3355f ndp: fix adding proxy neighbor entries (+4,-4)
9268ca6 ndp: don't trigger IPv6 ping when neighbor entry is invalid (+1,-22)

#619

Description: mac80211: AP+11s VIFs broken
Link: https://bugs.lede-project.org/index.php?do=details&task_id=619
Commits:
4bd3b8f mac80211, hostapd: always explicitly set beacon interval (+10,-9)

#640

Description: Undocumented / unnamed firewall rules installed by default
Link: https://bugs.lede-project.org/index.php?do=details&task_id=640
Commits:
757353c firewall: resync with master (+4,-4)

#658

Description: umdns init error during build
Link: https://bugs.lede-project.org/index.php?do=details&task_id=658
Commits:
e78a641 umdns: remove superfluous include in init script (-2)

#684

Description: bug in kmod-can
Link: https://bugs.lede-project.org/index.php?do=details&task_id=684
Commits:
2bc8d5e ubox: bump to version 2017-03-10 (+3,-3)
acc48b5 kmodloader: Fix typo in error message (+1,-1)
db070f1 ubox: Fix some memory leaks (+10,-4)
8488bb5 ubox: Initialize conditionally uninitialized variabled (+15,-8)
eacc426 kmodloader: remove redundant glob wildcard char (+1,-1)
46a4b5f kmodloader: log to kmsg when loading directories of modules (+4,-2)
a62c946 kmodloader: modprobe: skip possible command line arguments (+9,-2)
9371411 kmodloader: fix out-of-bound access when parsing .modinfo (+6,-2)
6e3c6dc kmodloader: add module alias awareness (+129,-23)
14839f0 kmodloader: make insert_module() idempotent (+4,-1)
f8d3d16 ubox: Add an option for more accurate timestamps in log (+21,-4)
ac2d43e kmodloader: support '-q' quiet option (+29,-10)
fce9382 cmake: Check for getrandom system call (+11,-4)
8973576 kmodloader: fix not being able to find some modules (+7,-4)
c553354 cmake: fix typo (+1,-1)
3dc78a4 kmodloader: don't store aliases info in struct module (+4,-28)
21a4bd0 kmodloader: modprobe: return 0 for loaded modules (+1,-1)
⇒ + 1 more…

#728

Description: BusyBox/nslookup_lede compile error when build without IPV6 support
Link: https://bugs.lede-project.org/index.php?do=details&task_id=728
Commits:
5feb4f0 busybox: fix build of nslookup_lede applet without IPv6 (#728) (+33,-9)

#745

Description: kmod-crypto-sha256 unknown symbols
Link: https://bugs.lede-project.org/index.php?do=details&task_id=745
Commits:
2f92622 kernel: fix autoloading arch-specific modules (+9,-9)

#754

Description: BenNanoNote hostname setting broken?
Link: https://bugs.lede-project.org/index.php?do=details&task_id=754
Commits:
0c8f726 base-files: implement ucidef_set_hostname(), ucidef_set_ntpserver() (+20)

#758

Description: factory image for ubnt er-x missing
Link: https://bugs.lede-project.org/index.php?do=details&task_id=758
Commits:
79cd141 ramips: enable ramdisk for mt7621 (+1,-1)

#766

Description: Intermittent SIGSEGV crash of dnsmasq-full
Link: https://bugs.lede-project.org/index.php?do=details&task_id=766
Commits:
cdfc678 dnsmasq: bump to 2.77 (+22,-393)

#774

Description: fixup-mac-address script is broken
Link: https://bugs.lede-project.org/index.php?do=details&task_id=774
Commits:
7f3ec01 ramips: fixup-mac-address: add missing include (+1)

#806

Description: Does not equal iptables rule not working
Link: https://bugs.lede-project.org/index.php?do=details&task_id=806
Commits:
757353c firewall: resync with master (+4,-4)

#811

Description: r4214 - iptables (?) not read properly /etc/config/firewall
Link: https://bugs.lede-project.org/index.php?do=details&task_id=811
Commits:
757353c firewall: resync with master (+4,-4)

#829

Description: network.sh incorrectly hardcodes IPv6 address suffix
Link: https://bugs.lede-project.org/index.php?do=details&task_id=829
Commits:
df4363b base-files: network.sh: properly report local IPv6 addresses (+14,-18)

CVE-2017-7478

Description: OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7478
Commits:
aba1b3c openvpn: update to v2.4.2 (+2,-2)

CVE-2017-7479

Description: OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7479
Commits:
aba1b3c openvpn: update to v2.4.2 (+2,-2)

CVE-2017-7494

Description: Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
Commits:
51db1f5 samba: fix CVE-2017-7494 (+33,-4)

CVE-2017-8890

Description: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Commits:
4fbd072 kernel: update kernel 4.4 to 4.4.71 (+5,-5)

CVE-2017-9074

Description: The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Commits:
4fbd072 kernel: update kernel 4.4 to 4.4.71 (+5,-5)

CVE-2017-9075

Description: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Commits:
4fbd072 kernel: update kernel 4.4 to 4.4.71 (+5,-5)

CVE-2017-9076

Description: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Commits:
4fbd072 kernel: update kernel 4.4 to 4.4.71 (+5,-5)

CVE-2017-9077

Description: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Commits:
4fbd072 kernel: update kernel 4.4 to 4.4.71 (+5,-5)

CVE-2017-9078

Description: The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9078
Commits:
dd19a41 dropbear: bump to 2017.75 (+13,-17)

CVE-2017-9079

Description: Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9079
Commits:
dd19a41 dropbear: bump to 2017.75 (+13,-17)

CVE-2017-9242

Description: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Commits:
4fbd072 kernel: update kernel 4.4 to 4.4.71 (+5,-5)