OpenWrt 21.02 and 19.07 minor release

Hauke Mehrtens hauke at hauke-m.de
Mon Feb 14 12:00:24 PST 2022


On 2/13/22 01:26, Hauke Mehrtens wrote:
> On 2/10/22 16:12, Seo Suchan wrote:
>> looks like those dnsmasq exploits aren't real
>>
>> bugs never looked by human (no commit related by it), but bots 
>> confirmed that thoses look fixed by commit 
>> 011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06
>>
>> https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605 
>> <https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605> 
>>
>>
>> when I read that commit it looks like 2.86 had bug that faild to build 
>> on gcc 4.8 and it caused fuzzer to get immediately crash, producing 
>> bunch of 'exploits'
> 
> Thanks for that information. Do you know about some official statement 
> about this?
> 
> I fixed some other problems in OpenWrt 21.02:
> * Linux: update to latests minor version
> * hostapd: backport the patches
> * wolfssl: update to recent version
> * tcpdump: backport a patch
> * mbedtls: update to new LTS version
> * glibc: Update to latest minor version

The OpenWrt 21.02 and 19.07 branches are looking fine to me.
I am still waiting for some LuCI backports from Jo and would like to tag 
and build the next minor releases tomorrow or some days later depending 
on when Jo finishes the backports.

@Rosen: You wanted to update ksmbd in the feeds. Is there already a pull 
request and will you merge it or should I merge it shortly before tagging?

I asked on the dnsmasq mailing list about the CVEs we saw. My current 
plan is to ignore them.

Is there anything else missing?

Hauke



More information about the openwrt-devel mailing list