Re: OpenWrt 21.02 and 19.07 minor release

[Josef Schlehofer]

Hello guys,

On 14. 02. 22 21:00, Hauke Mehrtens wrote:

Is there anything else missing? 


I am not sure if I am not late to this discussion, but would it be 
possible to get there backported 802.11ax support [1] for rpcd? This is 
required to detect ax modes and more HT modes for mini PCIe Wi-Fi card: 
MT7915E 802.11ax PCI Express Wireless Network Adapter. It can be 
reproduced before and after applying the PR by using following commands:


a) iwinfo device htmodelist

b) ubus call iwinfo info '{"device":"radio2"}'

Tested on Turris Omnia/mvebu.

[1] https://github.com/openwrt/openwrt/pull/5043

Regards,

Josef



smime.p7s
Description: S/MIME Cryptographic Signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

dnsmasq CVE fixes for 19.07 [Was: Re: OpenWrt 21.02 and 19.07 minor release]

[Petr Štetiar]

Seo Suchan  [2022-02-15 13:29:06]:

Hi,

> I just noticed 19.07 still looks at dnsmasq 2.80: which was effeced by
> series of vulnerablity CVE-2020-25681
>  ~25685 and need to bumped
> at least to 2.85 like 21.02 as CVE-2021-3448
>  is fixed by 2.85rc1 - would
> just copying 21.02's dnsmasq makefiles (and patches) be enough to fix this?

thank you for checking, those should be fixed via 
https://git.openwrt.org/8055e38794741313f8f4e6059f83c71dc0ab1d1c

Cheers,

Petr

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: OpenWrt 21.02 and 19.07 minor release

[Seo Suchan]

I just noticed 19.07 still looks at dnsmasq 2.80: which was effeced by 
series of vulnerablity CVE-2020-25681 
 ~25685 and need to 
bumped at least to 2.85 like 21.02 as CVE-2021-3448 
 is fixed by 2.85rc1 - 
would just copying 21.02's dnsmasq makefiles (and patches) be enough to 
fix this?


2022-02-13 오전 9:26에 Hauke Mehrtens 이(가) 쓴 글:


Thanks for that information. Do you know about some official statement 
about this?


I fixed some other problems in OpenWrt 21.02:
* Linux: update to latests minor version
* hostapd: backport the patches
* wolfssl: update to recent version
* tcpdump: backport a patch
* mbedtls: update to new LTS version
* glibc: Update to latest minor version

Hauke

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: OpenWrt 21.02 and 19.07 minor release

[Rosen Penev]

On Mon, Feb 14, 2022 at 12:00 PM Hauke Mehrtens  wrote:
>
> On 2/13/22 01:26, Hauke Mehrtens wrote:
> > On 2/10/22 16:12, Seo Suchan wrote:
> >> looks like those dnsmasq exploits aren't real
> >>
> >> bugs never looked by human (no commit related by it), but bots
> >> confirmed that thoses look fixed by commit
> >> 011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06
> >>
> >> https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq=202112300601:202201020605
> >> 
> >>
> >>
> >> when I read that commit it looks like 2.86 had bug that faild to build
> >> on gcc 4.8 and it caused fuzzer to get immediately crash, producing
> >> bunch of 'exploits'
> >
> > Thanks for that information. Do you know about some official statement
> > about this?
> >
> > I fixed some other problems in OpenWrt 21.02:
> > * Linux: update to latests minor version
> > * hostapd: backport the patches
> > * wolfssl: update to recent version
> > * tcpdump: backport a patch
> > * mbedtls: update to new LTS version
> > * glibc: Update to latest minor version
>
> The OpenWrt 21.02 and 19.07 branches are looking fine to me.
> I am still waiting for some LuCI backports from Jo and would like to tag
> and build the next minor releases tomorrow or some days later depending
> on when Jo finishes the backports.
>
> @Rosen: You wanted to update ksmbd in the feeds. Is there already a pull
> request and will you merge it or should I merge it shortly before tagging?
https://github.com/openwrt/packages/pull/17866
>
> I asked on the dnsmasq mailing list about the CVEs we saw. My current
> plan is to ignore them.
>
> Is there anything else missing?
>
> Hauke

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: OpenWrt 21.02 and 19.07 minor release

[Hauke Mehrtens]

On 2/13/22 01:26, Hauke Mehrtens wrote:

On 2/10/22 16:12, Seo Suchan wrote:

looks like those dnsmasq exploits aren't real

bugs never looked by human (no commit related by it), but bots 
confirmed that thoses look fixed by commit 
011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06


https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq=202112300601:202201020605 
 



when I read that commit it looks like 2.86 had bug that faild to build 
on gcc 4.8 and it caused fuzzer to get immediately crash, producing 
bunch of 'exploits'


Thanks for that information. Do you know about some official statement 
about this?


I fixed some other problems in OpenWrt 21.02:
* Linux: update to latests minor version
* hostapd: backport the patches
* wolfssl: update to recent version
* tcpdump: backport a patch
* mbedtls: update to new LTS version
* glibc: Update to latest minor version


The OpenWrt 21.02 and 19.07 branches are looking fine to me.
I am still waiting for some LuCI backports from Jo and would like to tag 
and build the next minor releases tomorrow or some days later depending 
on when Jo finishes the backports.


@Rosen: You wanted to update ksmbd in the feeds. Is there already a pull 
request and will you merge it or should I merge it shortly before tagging?


I asked on the dnsmasq mailing list about the CVEs we saw. My current 
plan is to ignore them.


Is there anything else missing?

Hauke

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: OpenWrt 21.02 and 19.07 minor release

[Hauke Mehrtens]

On 2/10/22 16:12, Seo Suchan wrote:

looks like those dnsmasq exploits aren't real

bugs never looked by human (no commit related by it), but bots confirmed 
that thoses look fixed by commit 011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06


https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq=202112300601:202201020605 
 



when I read that commit it looks like 2.86 had bug that faild to build 
on gcc 4.8 and it caused fuzzer to get immediately crash, producing 
bunch of 'exploits'


Thanks for that information. Do you know about some official statement 
about this?


I fixed some other problems in OpenWrt 21.02:
* Linux: update to latests minor version
* hostapd: backport the patches
* wolfssl: update to recent version
* tcpdump: backport a patch
* mbedtls: update to new LTS version
* glibc: Update to latest minor version

Hauke

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: OpenWrt 21.02 and 19.07 minor release

[Seo Suchan]

looks like those dnsmasq exploits aren't real

bugs never looked by human (no commit related by it), but bots confirmed 
that thoses look fixed by commit 011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06


https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq=202112300601:202201020605 



when I read that commit it looks like 2.86 had bug that faild to build 
on gcc 4.8 and it caused fuzzer to get immediately crash, producing 
bunch of 'exploits'



2022-02-10 오전 7:58에 Hauke Mehrtens 이(가) 쓴 글:> On 1/25/22 00:07, 
Hauke Mehrtens wrote:

>> On 1/24/22 22:53, Hauke Mehrtens wrote:
>>> Hi,
>>>
>>> I would like to tag a new 21.02 and 19.07 minor release in about one
>>> week. I am not aware of a severe security problem, it was just some
>>> time since the last release.
>>>
>>> Are there any known regressions in the current stable branches
>>> compared to the last release and should we fix them?
>>>
>>> If we should backport some changes from master please just answer to
>>> this mail with the commit and a reason why you need it.
>>>
>>> There are already some pull requests on github:
>>> 
https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F21.02 


>>>
>>>
>>> 
https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F19.07 


>>>
>>>
>>> Hauke
>>
>> There are some security patches available for hostapd. Is someone
>> working on backporting them to OpenWrt 21.02 or 19.07?
>> https://w1.fi/security/2022-1/
>>
>> Dnsmasq also has some new CVEs assigned.
>> Is someone working on backporting these fixes?
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45951
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45952
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45953
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45954
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45955
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45956
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45957
>>
>> Hauke
>
> Hi,
>
> Sorry for the delay, I haven't found the time to take care of these
> CVEs yet and I would like to get them fixed before the release.
>
> There are also some CVEs fixed in wolfssl:
> https://github.com/openwrt/openwrt/pull/4910
> This will probably break the ABI again.
>
> It would be nice if someone could tak over one component to get this
> fixed faster.
>
> Hauke
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: OpenWrt 21.02 and 19.07 minor release

[Hauke Mehrtens]

On 1/25/22 00:07, Hauke Mehrtens wrote:

On 1/24/22 22:53, Hauke Mehrtens wrote:

Hi,

I would like to tag a new 21.02 and 19.07 minor release in about one 
week. I am not aware of a severe security problem, it was just some 
time since the last release.


Are there any known regressions in the current stable branches 
compared to the last release and should we fix them?


If we should backport some changes from master please just answer to 
this mail with the commit and a reason why you need it.


There are already some pull requests on github:
https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F21.02 



https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F19.07 



Hauke


There are some security patches available for hostapd. Is someone 
working on backporting them to OpenWrt 21.02 or 19.07?

https://w1.fi/security/2022-1/

Dnsmasq also has some new CVEs assigned.
Is someone working on backporting these fixes?
https://nvd.nist.gov/vuln/detail/CVE-2021-45951
https://nvd.nist.gov/vuln/detail/CVE-2021-45952
https://nvd.nist.gov/vuln/detail/CVE-2021-45953
https://nvd.nist.gov/vuln/detail/CVE-2021-45954
https://nvd.nist.gov/vuln/detail/CVE-2021-45955
https://nvd.nist.gov/vuln/detail/CVE-2021-45956
https://nvd.nist.gov/vuln/detail/CVE-2021-45957

Hauke


Hi,

Sorry for the delay, I haven't found the time to take care of these CVEs 
yet and I would like to get them fixed before the release.


There are also some CVEs fixed in wolfssl: 
https://github.com/openwrt/openwrt/pull/4910

This will probably break the ABI again.

It would be nice if someone could tak over one component to get this 
fixed faster.


Hauke

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: OpenWrt 21.02 and 19.07 minor release

[Hauke Mehrtens]

On 1/24/22 22:53, Hauke Mehrtens wrote:

Hi,

I would like to tag a new 21.02 and 19.07 minor release in about one 
week. I am not aware of a severe security problem, it was just some time 
since the last release.


Are there any known regressions in the current stable branches compared 
to the last release and should we fix them?


If we should backport some changes from master please just answer to 
this mail with the commit and a reason why you need it.


There are already some pull requests on github:
https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F21.02 



https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F19.07 



Hauke


There are some security patches available for hostapd. Is someone 
working on backporting them to OpenWrt 21.02 or 19.07?

https://w1.fi/security/2022-1/

Dnsmasq also has some new CVEs assigned.
Is someone working on backporting these fixes?
https://nvd.nist.gov/vuln/detail/CVE-2021-45951
https://nvd.nist.gov/vuln/detail/CVE-2021-45952
https://nvd.nist.gov/vuln/detail/CVE-2021-45953
https://nvd.nist.gov/vuln/detail/CVE-2021-45954
https://nvd.nist.gov/vuln/detail/CVE-2021-45955
https://nvd.nist.gov/vuln/detail/CVE-2021-45956
https://nvd.nist.gov/vuln/detail/CVE-2021-45957

Hauke

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

OpenWrt 21.02 and 19.07 minor release

[Hauke Mehrtens]

Hi,

I would like to tag a new 21.02 and 19.07 minor release in about one 
week. I am not aware of a severe security problem, it was just some time 
since the last release.


Are there any known regressions in the current stable branches compared 
to the last release and should we fix them?


If we should backport some changes from master please just answer to 
this mail with the commit and a reason why you need it.


There are already some pull requests on github:
https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F21.02 



https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F19.07

Hauke

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel