OpenWrt 25.12 and 24.10 security release
Hauke Mehrtens
hauke at hauke-m.de
Mon May 4 16:34:41 PDT 2026
On 5/4/26 23:21, Rosen Penev wrote:
> On Mon, May 4, 2026 at 1:53 AM Hauke Mehrtens <hauke at hauke-m.de> wrote:
>>
>> Hi,
>>
>> I think we should soon do a minor release to fix the copy.fail
>> (CVE-2026-31431) problem.
>>
>> It is not so urgent from my point of view, because copy.fail only works
>> when CONFIG_CRYPTO_USER_API is activated. This only gets included with
>> the kmod-crypto-user package and always on the starfive target. If you
>> are not on the starfive target and do not have kmod-crypto-user
>> installed you are not affected by copy.fail. Both are uncommon options.
>>
>> All supported branches are fixed now.
>>
>> I want to get a fixes for the WPA3 SAE configuration and a mac80211
>> update into 25.12 too:
>> https://github.com/openwrt/openwrt/pull/23209
>> https://github.com/openwrt/openwrt/pull/23011
>> There are already people complaining about the WPA3 SAE configuration
>> improvements causing new problems in main branch.
>>
>> There are also some other PRs:
>> https://github.com/openwrt/openwrt/pulls?q=is%3Apr+sort%3Aupdated-desc+label%3Arelease%2F25.12+is%3Aopen
>> Additional ones:
> https://github.com/openwrt/openwrt/pull/23121
This is not even merged into main branch yet.
> https://github.com/openwrt/openwrt/pull/22463#issuecomment-4357981512
Thanks, I cherry picked this
> https://github.com/openwrt/openwrt/pull/22459
Thanks, I cherry picked this
> https://github.com/openwrt/openwrt/pull/22705
This is bigger, I will take it later for the next release.
In addition I also merged and cherry picked this one:
https://github.com/openwrt/openwrt/pull/23066
The release is tagged and the builds were started.
Hauke
More information about the openwrt-devel
mailing list