OpenWrt 21.02 and 19.07 minor release
Hauke Mehrtens
hauke at hauke-m.de
Mon Feb 14 12:00:24 PST 2022
On 2/13/22 01:26, Hauke Mehrtens wrote:
> On 2/10/22 16:12, Seo Suchan wrote:
>> looks like those dnsmasq exploits aren't real
>>
>> bugs never looked by human (no commit related by it), but bots
>> confirmed that thoses look fixed by commit
>> 011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06
>>
>> https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605
>> <https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605>
>>
>>
>> when I read that commit it looks like 2.86 had bug that faild to build
>> on gcc 4.8 and it caused fuzzer to get immediately crash, producing
>> bunch of 'exploits'
>
> Thanks for that information. Do you know about some official statement
> about this?
>
> I fixed some other problems in OpenWrt 21.02:
> * Linux: update to latests minor version
> * hostapd: backport the patches
> * wolfssl: update to recent version
> * tcpdump: backport a patch
> * mbedtls: update to new LTS version
> * glibc: Update to latest minor version
The OpenWrt 21.02 and 19.07 branches are looking fine to me.
I am still waiting for some LuCI backports from Jo and would like to tag
and build the next minor releases tomorrow or some days later depending
on when Jo finishes the backports.
@Rosen: You wanted to update ksmbd in the feeds. Is there already a pull
request and will you merge it or should I merge it shortly before tagging?
I asked on the dnsmasq mailing list about the CVEs we saw. My current
plan is to ignore them.
Is there anything else missing?
Hauke
More information about the openwrt-devel
mailing list