ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

OpenWrt-19.04 missing CVE fixes

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

OpenWrt-19.04 missing CVE fixes

‎09-04-2020 03:27 AM
672件の閲覧回数
john_beckett
Contributor II

From the resolution to https://community.nxp.com/t5/Layerscape/LS1021A-TWR-UDP-packet-loss/m-p/1093227 it was recommended that for the Layerscape I use OpenWrt-19.04 from 

https://source.codeaurora.org/external/qoriq/qoriq-components/openwrt

There do not seem to be any new commits which resolve issues on openwrt's security advisories:
https://openwrt.org/docs/guide-developer/security

Taking the first issue as an example:
https://openwrt.org/advisory/2020-05-06-2 updates package/network/services/relayd/Makefile to take commit "f4d759be54ceb37714e9a6ca320d5b50c95e9ce9" instead of "ad0b25ad74345d367c62311e14b279f5ccb8ef13" for the relayd source.

From looking at the code I am evaluating it is still using the vulnerable version.

Taking a look at openwrt-19.07 the LSDK commits do not at first glance appear to have been upstreamed.

Is there a variant of open wrt that has the latest LSDK support and is actively maintained i.e.  latest bugfixes / security patching?

0 件の賞賛
返信
3 返答(返信)

‎09-06-2020 09:06 PM
661件の閲覧回数
yipingwang
NXP TechSupport
NXP TechSupport

We have a new version OpenWrt will be released on September 25th, I have uploaded the internal version in the following link, you could have reference.

https://drive.google.com/file/d/1l1opSntkpVxssKFUKbXvabrEN-HB1AN0/view?usp=sharing

0 件の賞賛
返信

‎09-07-2020 01:59 AM
654件の閲覧回数
john_beckett
Contributor II

Hi @yipingwang ,

Thanks for replying.

I was asking as I don't understand the release schedule.  For example what is gating the 25 September release (open wrt release cycle / annual NXP release cycle) and how do I know that I am going to have the latest bug / security fixes available?

Would moving to a different recommended layerscape distribution provide more timely fixes  (e.g. debian)?

John

0 件の賞賛
返信

‎09-07-2020 08:45 PM
646件の閲覧回数
yipingwang
NXP TechSupport
NXP TechSupport

Hello John,

NXP released OpenWrt is ready for customers on September 25th. 

I have uploaded this version OpenWrt to you again, which includes git commit information.

https://drive.google.com/file/d/1uxTNZzrc6Fu-wjaEL5arYe_QjSRnOp-Q/view?usp=sharing

After typing "git log" command, you will find security related patches mentioned by you have been applied in this version OpenWrt.

Please refer to the attached git commit information.

Thanks,

Yiping

gitlog.zip
0 件の賞賛
返信