OpenWrt 21.02 and 19.07 minor release

Seo Suchan tjtncks at gmail.com
Thu Feb 10 07:12:09 PST 2022


looks like those dnsmasq exploits aren't real

bugs never looked by human (no commit related by it), but bots confirmed 
that thoses look fixed by commit 011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06

https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605 
<https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605>

when I read that commit it looks like 2.86 had bug that faild to build 
on gcc 4.8 and it caused fuzzer to get immediately crash, producing 
bunch of 'exploits'


2022-02-10 오전 7:58에 Hauke Mehrtens 이(가) 쓴 글:> On 1/25/22 00:07, 
Hauke Mehrtens wrote:
 >> On 1/24/22 22:53, Hauke Mehrtens wrote:
 >>> Hi,
 >>>
 >>> I would like to tag a new 21.02 and 19.07 minor release in about one
 >>> week. I am not aware of a severe security problem, it was just some
 >>> time since the last release.
 >>>
 >>> Are there any known regressions in the current stable branches
 >>> compared to the last release and should we fix them?
 >>>
 >>> If we should backport some changes from master please just answer to
 >>> this mail with the commit and a reason why you need it.
 >>>
 >>> There are already some pull requests on github:
 >>> 
https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F21.02 

 >>>
 >>>
 >>> 
https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F19.07 

 >>>
 >>>
 >>> Hauke
 >>
 >> There are some security patches available for hostapd. Is someone
 >> working on backporting them to OpenWrt 21.02 or 19.07?
 >> https://w1.fi/security/2022-1/
 >>
 >> Dnsmasq also has some new CVEs assigned.
 >> Is someone working on backporting these fixes?
 >> https://nvd.nist.gov/vuln/detail/CVE-2021-45951
 >> https://nvd.nist.gov/vuln/detail/CVE-2021-45952
 >> https://nvd.nist.gov/vuln/detail/CVE-2021-45953
 >> https://nvd.nist.gov/vuln/detail/CVE-2021-45954
 >> https://nvd.nist.gov/vuln/detail/CVE-2021-45955
 >> https://nvd.nist.gov/vuln/detail/CVE-2021-45956
 >> https://nvd.nist.gov/vuln/detail/CVE-2021-45957
 >>
 >> Hauke
 >
 > Hi,
 >
 > Sorry for the delay, I haven't found the time to take care of these
 > CVEs yet and I would like to get them fixed before the release.
 >
 > There are also some CVEs fixed in wolfssl:
 > https://github.com/openwrt/openwrt/pull/4910
 > This will probably break the ABI again.
 >
 > It would be nice if someone could tak over one component to get this
 > fixed faster.
 >
 > Hauke
 >
 > _______________________________________________
 > openwrt-devel mailing list
 > openwrt-devel at lists.openwrt.org
 > https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list