<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: OpenWrt-19.04 missing CVE fixes in Layerscape</title>
    <link>https://community.nxp.com/t5/Layerscape/OpenWrt-19-04-missing-CVE-fixes/m-p/1149587#M6594</link>
    <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/52411"&gt;@yipingwang&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;&lt;P&gt;Thanks for replying.&lt;/P&gt;&lt;P&gt;I was asking as I don't understand the release schedule.&amp;nbsp; For example what is gating the 25 September release (open wrt release cycle / annual NXP release cycle) and how do I know that I am going to have the latest bug / security fixes available?&lt;/P&gt;&lt;P&gt;Would moving to a different recommended layerscape distribution provide more timely fixes&amp;nbsp; (e.g. debian)?&lt;/P&gt;&lt;P&gt;John&lt;/P&gt;</description>
    <pubDate>Mon, 07 Sep 2020 08:59:30 GMT</pubDate>
    <dc:creator>john_beckett</dc:creator>
    <dc:date>2020-09-07T08:59:30Z</dc:date>
    <item>
      <title>OpenWrt-19.04 missing CVE fixes</title>
      <link>https://community.nxp.com/t5/Layerscape/OpenWrt-19-04-missing-CVE-fixes/m-p/1147659#M6583</link>
      <description>&lt;P&gt;From the resolution to&amp;nbsp;&lt;A href="https://community.nxp.com/t5/Layerscape/LS1021A-TWR-UDP-packet-loss/m-p/1093227" target="_blank"&gt;https://community.nxp.com/t5/Layerscape/LS1021A-TWR-UDP-packet-loss/m-p/1093227&lt;/A&gt;&amp;nbsp;it was recommended that for the Layerscape I use&amp;nbsp;OpenWrt-19.04 from&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;A href="https://source.codeaurora.org/external/qoriq/qoriq-components/openwrt" target="_blank"&gt;https://source.codeaurora.org/external/qoriq/qoriq-components/openwrt&lt;/A&gt;&lt;/P&gt;&lt;P&gt;There do not seem to be any new commits which resolve issues on openwrt's security advisories:&lt;BR /&gt;&lt;A href="https://openwrt.org/docs/guide-developer/security" target="_blank"&gt;https://openwrt.org/docs/guide-developer/security&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;Taking the first issue as an example:&lt;BR /&gt;&lt;A href="https://openwrt.org/advisory/2020-05-06-2" target="_blank"&gt;https://openwrt.org/advisory/2020-05-06-2&lt;/A&gt;&amp;nbsp;updates&amp;nbsp;package/network/services/relayd/Makefile to take commit "&lt;SPAN&gt;f4d759be54ceb37714e9a6ca320d5b50c95e9ce9" instead of "ad0b25ad74345d367c62311e14b279f5ccb8ef13" for the relayd source.&lt;BR /&gt;&lt;BR /&gt;&lt;/SPAN&gt;From looking at the code I am evaluating it is still using the vulnerable version.&lt;BR /&gt;&lt;BR /&gt;Taking a look at openwrt-19.07 the LSDK commits do not at first glance appear to have been upstreamed.&lt;BR /&gt;&lt;BR /&gt;&lt;STRONG&gt;Is there a variant of open wrt that has the latest LSDK support and is actively maintained i.e.&amp;nbsp; latest bugfixes / security patching?&lt;/STRONG&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 04 Sep 2020 10:27:26 GMT</pubDate>
      <guid>https://community.nxp.com/t5/Layerscape/OpenWrt-19-04-missing-CVE-fixes/m-p/1147659#M6583</guid>
      <dc:creator>john_beckett</dc:creator>
      <dc:date>2020-09-04T10:27:26Z</dc:date>
    </item>
    <item>
      <title>Re: OpenWrt-19.04 missing CVE fixes</title>
      <link>https://community.nxp.com/t5/Layerscape/OpenWrt-19-04-missing-CVE-fixes/m-p/1149422#M6590</link>
      <description>&lt;P&gt;We have a new version OpenWrt will be released on September 25th, I have uploaded the internal version in the following link, you could have reference.&lt;/P&gt;
&lt;P&gt;&lt;A href="https://drive.google.com/file/d/1l1opSntkpVxssKFUKbXvabrEN-HB1AN0/view?usp=sharing" target="_blank"&gt;https://drive.google.com/file/d/1l1opSntkpVxssKFUKbXvabrEN-HB1AN0/view?usp=sharing&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Mon, 07 Sep 2020 04:06:04 GMT</pubDate>
      <guid>https://community.nxp.com/t5/Layerscape/OpenWrt-19-04-missing-CVE-fixes/m-p/1149422#M6590</guid>
      <dc:creator>yipingwang</dc:creator>
      <dc:date>2020-09-07T04:06:04Z</dc:date>
    </item>
    <item>
      <title>Re: OpenWrt-19.04 missing CVE fixes</title>
      <link>https://community.nxp.com/t5/Layerscape/OpenWrt-19-04-missing-CVE-fixes/m-p/1149587#M6594</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/52411"&gt;@yipingwang&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;&lt;P&gt;Thanks for replying.&lt;/P&gt;&lt;P&gt;I was asking as I don't understand the release schedule.&amp;nbsp; For example what is gating the 25 September release (open wrt release cycle / annual NXP release cycle) and how do I know that I am going to have the latest bug / security fixes available?&lt;/P&gt;&lt;P&gt;Would moving to a different recommended layerscape distribution provide more timely fixes&amp;nbsp; (e.g. debian)?&lt;/P&gt;&lt;P&gt;John&lt;/P&gt;</description>
      <pubDate>Mon, 07 Sep 2020 08:59:30 GMT</pubDate>
      <guid>https://community.nxp.com/t5/Layerscape/OpenWrt-19-04-missing-CVE-fixes/m-p/1149587#M6594</guid>
      <dc:creator>john_beckett</dc:creator>
      <dc:date>2020-09-07T08:59:30Z</dc:date>
    </item>
    <item>
      <title>Re: OpenWrt-19.04 missing CVE fixes</title>
      <link>https://community.nxp.com/t5/Layerscape/OpenWrt-19-04-missing-CVE-fixes/m-p/1150015#M6599</link>
      <description>&lt;P&gt;Hello&amp;nbsp;&lt;SPAN&gt;John,&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;NXP released OpenWrt is ready for customers on September 25th.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I have uploaded this version OpenWrt to you again, which includes git commit information.&lt;/P&gt;
&lt;P&gt;&lt;A href="https://drive.google.com/file/d/1uxTNZzrc6Fu-wjaEL5arYe_QjSRnOp-Q/view?usp=sharing" target="_blank"&gt;https://drive.google.com/file/d/1uxTNZzrc6Fu-wjaEL5arYe_QjSRnOp-Q/view?usp=sharing&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;After typing "git log" command, you will find&amp;nbsp;&lt;SPAN&gt;security related patches mentioned by you have been applied in this version OpenWrt.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Please refer to the attached git commit information.&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Thanks,&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;Yiping&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 08 Sep 2020 03:45:21 GMT</pubDate>
      <guid>https://community.nxp.com/t5/Layerscape/OpenWrt-19-04-missing-CVE-fixes/m-p/1150015#M6599</guid>
      <dc:creator>yipingwang</dc:creator>
      <dc:date>2020-09-08T03:45:21Z</dc:date>
    </item>
  </channel>
</rss>

