LEDE v17.01.4 Changelog

This changelog lists all commits done in LEDE since the v17.01.3 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.4 release.

Build System / Buildroot (2 changes)

2ce9c84 build: add a darwin sitefile to deal with macOS 10.12 + Xcode 9 build errors (+7)
444add1 LEDE v17.01.4: adjust config defaults (+11,-9)

Build System / Feeds (1 change)

444add1 LEDE v17.01.4: adjust config defaults (+11,-9)

Build System / Host Utilities (1 change)

0672213 cmake: fix build error with Xcode 9 on macOS 12 (+15)

Build System / Toolchain (2 changes)

a999f91 gcc: fix build error with macOS + Xcode 9 (+10)
f67c22e toolchain/gdb: update to version 8.0.1 (+5,-5)

Kernel (2 changes)

8ad1b09 kernel: add fix for bgmac with B50212E B1 PHY (+98,-3)
fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12)

Packages / Common (5 changes)

63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)
907d870 wireguard: add wireguard to base packages (+308)
b6c3931 hostapd: backport extra changes related to KRACK (+730)
d501786 hostapd: add wpa_disable_eapol_key_retries option (+6,-1)
79f57e4 wireguard: version bump to 0.0.20171017 (+2,-2)

Packages / LEDE base files (1 change)

444add1 LEDE v17.01.4: adjust config defaults (+11,-9)

Target / ar71xx (1 change)

94aa2b8 ar71xx: add rssileds to WA850RE v1 image (+1)

Target / bcm53xx (1 change)

baa8eaa bcm53xx: backport DTS changes up to the first 4.15 queued commits (+662)

Target / brcm2708 (1 change)

fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12)

Target / cns3xxx (1 change)

fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12)

Target / oxnas (1 change)

fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12)

Target / ramips (4 changes)

f9a849c ramips: mt7620: do not pad sysupgrade Archer images (+3,-3)
c1023c8 mt76: sync with version 878456caf60d from master (+38,-52)
2e9f3c6 ramips: fix typo in MT7621 NAND driver (+1,-1)
e6fd17d ramips: fix compile warning in MT7621 NAND driver (+1,-1)

Target / x86 (5 changes)

f52b404 x86/generic: use HIGHMEM64G instead of HIGHMEM4G to fix PAE and Xen (+4,-1)
da0219e x86: Fix xen serial console by removing conflicting PATA driver (-2)
cabf775 x86: Refresh subtargets kernel config (+16,-14)
cdd093b x86/64: add xen DomU support (+58,-1)
46e29bd x86: partly revert cabf775 (+12,-1)

Wireless / Common (3 changes)

bff1630 brcmfmac: backport length check in brcmf_cfg80211_escan_handler() (+63)
707305a mac80211: Update wireless-regdb to master-2017-03-07 (+19,-12)
a5e1f7f mac80211: backport kernel fix for CVE-2017-13080 (+81)

Wireless / MT76 (1 change)

c1023c8 mt76: sync with version 878456caf60d from master (+38,-52)

#787

Description: no console in Xen-DomU guests
Link: https://bugs.lede-project.org/index.php?do=details&task_id=787
Commits:
da0219e x86: Fix xen serial console by removing conflicting PATA driver (-2)

#908

Description: x86: Xen support broken in 17.01.2 and later
Link: https://bugs.lede-project.org/index.php?do=details&task_id=908
Commits:
f52b404 x86/generic: use HIGHMEM64G instead of HIGHMEM4G to fix PAE and Xen (+4,-1)

#1025

Description: lede-17.01.2-ramips-mt7620-ArcherC50-squashfs-sysupgrade.bin does not fit on device
Link: https://bugs.lede-project.org/index.php?do=details&task_id=1025
Commits:
f9a849c ramips: mt7620: do not pad sysupgrade Archer images (+3,-3)

#1039

Description: lede-17.01.3-ramips-mt7620-ArcherC50-squashfs-sysupgrade.bin wont fit (7.63 Mb - 7.62 left)
Link: https://bugs.lede-project.org/index.php?do=details&task_id=1039
Commits:
f9a849c ramips: mt7620: do not pad sysupgrade Archer images (+3,-3)

#1043

Description: WA850RE v1 leds
Link: https://bugs.lede-project.org/index.php?do=details&task_id=1043
Commits:
94aa2b8 ar71xx: add rssileds to WA850RE v1 image (+1)

CVE-2017-0786

Description: A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0786
Commits:
bff1630 brcmfmac: backport length check in brcmf_cfg80211_escan_handler() (+63)

CVE-2017-9778

Description: GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9778
Commits:
f67c22e toolchain/gdb: update to version 8.0.1 (+5,-5)

CVE-2017-12153

Description: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12153
Commits:
fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12)

CVE-2017-12154

Description: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12154
Commits:
fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12)

CVE-2017-13077

Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077
Commits:
63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)

CVE-2017-13078

Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
Commits:
63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)

CVE-2017-13079

Description: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
Commits:
63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)

CVE-2017-13080

Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
Commits:
63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)
a5e1f7f mac80211: backport kernel fix for CVE-2017-13080 (+81)

CVE-2017-13081

Description: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
Commits:
63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)

CVE-2017-13082

Description: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
Commits:
63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)

CVE-2017-13086

Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086
Commits:
63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)

CVE-2017-13087

Description: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
Commits:
63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)

CVE-2017-13088

Description: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
Commits:
63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10)

CVE-2017-1000252

Description: The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000252
Commits:
fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12)