[Cerowrt-devel] Fwd: OpenWrt 21.02.4 fourth service release

[Dave Taht <dave.taht@gmail.com>]

Both the current and prior openwrt releases had some CVEs. If you are
running the gui, you should upgrade...

I just turn the darn gui off, myself. I don't think but am unsure, if
these cve's effect ssh at all.

---------- Forwarded message ---------
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Wed, Oct 12, 2022 at 3:22 PM
Subject: OpenWrt 21.02.4 fourth service release
To: <openwrt-announce@lists.openwrt.org>, OpenWrt Development List
<openwrt-devel@lists.openwrt.org>


Hi,

The OpenWrt community is proud to announce the newest stable release of
the OpenWrt 21.02 stable version series. It fixes security issues,
improves device support, and brings a few bug fixes.

Download firmware images using the OpenWrt Firmware Selector:
  * https://firmware-selector.openwrt.org/?version=21.02.4
Download firmware images directly from our download servers:
  * https://downloads.openwrt.org/releases/21.04.4/targets/

The OpenWrt 21.02 stable series is in security maintenance only mode. It
is projected to go end of life on 6. April 2023 following the OpenWrt
Security support guidelines. We encourage all users of the OpenWrt 21.02
stable series to upgrade to OpenWrt 22.03.
https://openwrt.org/docs/guide-developer/security#support_status


Main changes between OpenWrt 21.02.3 and OpenWrt 21.02.4:
========================================================

Security fixes
==============

  * wolfssl: Fix security problem (CVE-2022-34293, CVE-2022-38152,
                                   CVE-2022-38153 and CVE-2022-39173)
    * See Security Advisory 2022-10-04-1
  * zlib: Fix security problem (CVE-2022-37434)
  * openssl: Fix security problem (CVE-2022-1292, CVE-2022-2068 and
                                   CVE-2022-2097)


Device support
==============

  * Support for the following devices was added:
    * Wavlink WL-WN579X3
    * Sitecom WLR-4100 v1 002
    * Banana Pi M2 Berry
    * YunCore AX820/HWAP-AX820
    * MikroTik RouterBOARD hAP ac lite
    * MikroTik RouterBOARD mAP
  * Youku YK1: speed up spi frequency for YK-L1, split YK1 to YK-L1
    and YK-L1c
  * ZBTLink ZBT-WG2626: add reset GPIO for PCIe port 1
  * ZBTLink ZBT-WE1026 5G: fix watchdog reset
  * Asus RT-AC57U: fix WPS button level
  * Archer VR2600: fix switch ports numbering
  * ZyXEL NBG-419N v2: Fix booting
  * Linksys MR8300: add WAN port
  * ramips: several fixes and improvements to mt7620 Ethernet
  * bcm53xx:
    * Disable GRO by default at kernel level
    * Enable & setup packet steering
  * ipq40xx: fix ar40xx driver
  * bcm4908:
    * Enable NVMEM U-Boot env data driver
    * Backport mtd parser for Broadcom's U-Boot partition
    * fix -EPROBE_DEFER support in bcm4908_enet


Various fixes and improvements
==============================

  * kernel:
    * Fix IPv6 flow offloading (FS#3373)
    * Backport LEDs driver for BCMBCA devices
    * Backport mtd dynamic partition patch
    * Fix possible mtd NULL pointer dereference
  * mac80211: fix QCA9561 PA bias
  * mac80211: disable ft-over-ds by default
  * mt76: backport fix encap offload ethernet type check
  * hostapd fixes and improvements:
    * Add support for enabling link measurements
    * Fix uninitialized pointer
  * zlib: backport null dereference fix
  * build system:
    * Switch from xxd tool to xxdi.pl script
    * Check TLS certificates by default when downloading over HTTPS
    * feeds: use git-src-full to allow Git versioning
    * Fix build warnings with grep-3.8
    * Add compatibility with Python 3.11


Core components
===============

  * Update Linux kernel from 5.4.188 to 5.4.215
  * Update openssl from 1.1.1n to 1.1.1q
  * Update wolfssl from 5.2.0 to 5.5.1
  * Update wireless-regdb from 2021.08.28 to 2022.08.12
  * Update intel-microcode from 20210608 to 20220809
  * Update exfat from 5.12.3 to 5.19.1
  * Update iwinfo from 2021-04-30 to 2022-04-26

-----------------

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/21.02/notes-21.02.4

In particular, make sure to read the regressions and known issues before
upgrading:
https://openwrt.org/releases/21.02/notes-21.02.4#known_issues

For a detailed list of all changes since 21.02.3, refer to
https://openwrt.org/releases/21.02/changelog-21.02.4

To download the 21.02.4 images, navigate to:
https://downloads.openwrt.org/releases/21.02.4/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org/?version=21.02.4

As always, a big thank you goes to all our active package maintainers,
testers, documenters and supporters.

Have fun!

The OpenWrt Community

---

To stay informed of new OpenWrt releases and security advisories, there
are new channels available:

  * a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce

  * a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14

  * other announcement channels (such as RSS feeds) might be added in the
    future, they will be listed at https://openwrt.org/contact

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


-- 
This song goes out to all the folk that thought Stadia would work:
https://www.linkedin.com/posts/dtaht_the-mushroom-song-activity-6981366665607352320-FXtz
Dave Täht CEO, TekLibre, LLC