OpenWrt 21.02 and 19.07 minor release

Hauke Mehrtens hauke at hauke-m.de
Wed Feb 9 14:58:44 PST 2022


On 1/25/22 00:07, Hauke Mehrtens wrote:
> On 1/24/22 22:53, Hauke Mehrtens wrote:
>> Hi,
>>
>> I would like to tag a new 21.02 and 19.07 minor release in about one 
>> week. I am not aware of a severe security problem, it was just some 
>> time since the last release.
>>
>> Are there any known regressions in the current stable branches 
>> compared to the last release and should we fix them?
>>
>> If we should backport some changes from master please just answer to 
>> this mail with the commit and a reason why you need it.
>>
>> There are already some pull requests on github:
>> https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F21.02 
>>
>>
>> https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F19.07 
>>
>>
>> Hauke
> 
> There are some security patches available for hostapd. Is someone 
> working on backporting them to OpenWrt 21.02 or 19.07?
> https://w1.fi/security/2022-1/
> 
> Dnsmasq also has some new CVEs assigned.
> Is someone working on backporting these fixes?
> https://nvd.nist.gov/vuln/detail/CVE-2021-45951
> https://nvd.nist.gov/vuln/detail/CVE-2021-45952
> https://nvd.nist.gov/vuln/detail/CVE-2021-45953
> https://nvd.nist.gov/vuln/detail/CVE-2021-45954
> https://nvd.nist.gov/vuln/detail/CVE-2021-45955
> https://nvd.nist.gov/vuln/detail/CVE-2021-45956
> https://nvd.nist.gov/vuln/detail/CVE-2021-45957
> 
> Hauke

Hi,

Sorry for the delay, I haven't found the time to take care of these CVEs 
yet and I would like to get them fixed before the release.

There are also some CVEs fixed in wolfssl: 
https://github.com/openwrt/openwrt/pull/4910
This will probably break the ABI again.

It would be nice if someone could tak over one component to get this 
fixed faster.

Hauke



More information about the openwrt-devel mailing list