Hauke Mehrtens <ha...@hauke-m.de> schreef op 22 oktober 2019 15:59:04 CEST: >On 10/11/19 12:59 PM, Jo-Philipp Wich wrote: >> Hi Bjørn, >> >>> Or: Start discussing the release blockers here and now. Thanks. >> >> 1) Blocker: LuCI master needs to be backported to 19.07 >> Time estimate: 2-3 weeks >> >> 2) Blocker: All relevant sub-components for WPA-3 + GUI support, such >as >> hostapd, iwinfo etc. need to be backported to 19.07 >> Time estimate: 2 weeks > >ynezz has a branch here and I am fine with also backporting hostapd >from >master to 19.07, the security fixes are already in. >https://git.openwrt.org/?p=openwrt/staging/ynezz.git;a=shortlog;h=refs/heads/upstream/19.07/hostapd-backports
Thanks for pointing to it, test-driving it as we speak. Only commit 02fd26b77a0c59e2f44380aaee8c90c66b0f4f59 needed a minor adjustment in order to apply to present 19.07 HEAD, all other patches applied as-is. I assume one does not need a 'matching' LuCI for this to work, right? Unless one starts changing wireless settings through LuCI? Stijn > >> 3) Blocker: Some weaknesses in libustream-ssl client certificate >> handling need to be addressed, which can only be solved by an API >> redesign. Band-aid fixes available but not merged, nobody worked >> on API redesign yet >> Time estimate: 1 week >> >> 4) Blocker: Need to assert the state of the Dragonblood WPA3 >> vulnerabilities in 19.07's hostapd >> Time estimate: a few days I guess > >All the patches listed here are already backported to hostapd 2.7 from >openwrt 19.07: >https://w1.fi/security/ >As hostapd on master seams to work, I have no problem with backporting >hostapd 2.9 to openwrt 19.07, this should make it easier for us to >handle later security problems. > >Hauke _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
