OpenWrt 21.02 and 19.07 minor release
Hauke Mehrtens
hauke at hauke-m.de
Wed Feb 9 14:58:44 PST 2022
On 1/25/22 00:07, Hauke Mehrtens wrote:
> On 1/24/22 22:53, Hauke Mehrtens wrote:
>> Hi,
>>
>> I would like to tag a new 21.02 and 19.07 minor release in about one
>> week. I am not aware of a severe security problem, it was just some
>> time since the last release.
>>
>> Are there any known regressions in the current stable branches
>> compared to the last release and should we fix them?
>>
>> If we should backport some changes from master please just answer to
>> this mail with the commit and a reason why you need it.
>>
>> There are already some pull requests on github:
>> https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F21.02
>>
>>
>> https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F19.07
>>
>>
>> Hauke
>
> There are some security patches available for hostapd. Is someone
> working on backporting them to OpenWrt 21.02 or 19.07?
> https://w1.fi/security/2022-1/
>
> Dnsmasq also has some new CVEs assigned.
> Is someone working on backporting these fixes?
> https://nvd.nist.gov/vuln/detail/CVE-2021-45951
> https://nvd.nist.gov/vuln/detail/CVE-2021-45952
> https://nvd.nist.gov/vuln/detail/CVE-2021-45953
> https://nvd.nist.gov/vuln/detail/CVE-2021-45954
> https://nvd.nist.gov/vuln/detail/CVE-2021-45955
> https://nvd.nist.gov/vuln/detail/CVE-2021-45956
> https://nvd.nist.gov/vuln/detail/CVE-2021-45957
>
> Hauke
Hi,
Sorry for the delay, I haven't found the time to take care of these CVEs
yet and I would like to get them fixed before the release.
There are also some CVEs fixed in wolfssl:
https://github.com/openwrt/openwrt/pull/4910
This will probably break the ABI again.
It would be nice if someone could tak over one component to get this
fixed faster.
Hauke
More information about the openwrt-devel
mailing list