OpenWrt 25.12 and 24.10 security release
Rosen Penev
rosenp at gmail.com
Mon May 4 14:21:30 PDT 2026
On Mon, May 4, 2026 at 1:53 AM Hauke Mehrtens <hauke at hauke-m.de> wrote:
>
> Hi,
>
> I think we should soon do a minor release to fix the copy.fail
> (CVE-2026-31431) problem.
>
> It is not so urgent from my point of view, because copy.fail only works
> when CONFIG_CRYPTO_USER_API is activated. This only gets included with
> the kmod-crypto-user package and always on the starfive target. If you
> are not on the starfive target and do not have kmod-crypto-user
> installed you are not affected by copy.fail. Both are uncommon options.
>
> All supported branches are fixed now.
>
> I want to get a fixes for the WPA3 SAE configuration and a mac80211
> update into 25.12 too:
> https://github.com/openwrt/openwrt/pull/23209
> https://github.com/openwrt/openwrt/pull/23011
> There are already people complaining about the WPA3 SAE configuration
> improvements causing new problems in main branch.
>
> There are also some other PRs:
> https://github.com/openwrt/openwrt/pulls?q=is%3Apr+sort%3Aupdated-desc+label%3Arelease%2F25.12+is%3Aopen
Additional ones:
https://github.com/openwrt/openwrt/pull/23121
https://github.com/openwrt/openwrt/pull/22463#issuecomment-4357981512
https://github.com/openwrt/openwrt/pull/22459
https://github.com/openwrt/openwrt/pull/22705
>
> I am also looking into some fixes by an AI for random problems in our
> OpenWrt components and some of them are looking like real security
> relevant bugs.
>
> I am between these two options.
>
> 1. Release 25.12 and 24.10 now with the current state.
> 2. Get WPA3 SAE configuration improvements and mac80211 updates in and
> release then.
>
> Currently I would tend to option 1 now and do an other release of 25.12
> in about 3 weeks with some more fixes.
>
> As we rebuild the packages continuously the WPA3 SAE configuration
> improvements would automatically go to the uses as soon as they are
> committed, the mac80211 update needs a new release.
>
> Hauke
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list