af3ae2ae84
New upstream release. Debian changelog: * New upstream microcode datafile 20250812 (closes: #1110983, #1112168) - Mitgations for INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Intel also disclosed that several processors models had already received this mitigation on the previous microcode release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel TDX): CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processors with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-21090: Missing reference to active allocated resource for some Intel Xeon processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-24305: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel Xeon processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Fixes for unspecified functional issues on several Intel Core and Intel Xeon processor models. * Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc (Intel N150 PC) Signed-off-by: John Audia <therealgraysky@proton.me> Link: https://github.com/openwrt/openwrt/pull/20045 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
Sunshine!
Download
Built firmware images are available for many architectures and come with a package selection to be used as WiFi home router. To quickly find a factory image usable to migrate from a vendor stock firmware to OpenWrt, try the Firmware Selector.
If your device is supported, please follow the Info link to see install instructions or consult the support resources listed below.
An advanced user may require additional or specific package. (Toolchain, SDK, ...) For everything else than simple firmware download, try the wiki download page:
Development
To build your own firmware you need a GNU/Linux, BSD or macOS system (case sensitive filesystem required). Cygwin is unsupported because of the lack of a case sensitive file system.
Requirements
You need the following tools to compile OpenWrt, the package names vary between distributions. A complete list with distribution specific packages is found in the Build System Setup documentation.
binutils bzip2 diff find flex gawk gcc-6+ getopt grep install libc-dev libz-dev
make4.1+ perl python3.7+ rsync subversion unzip which
Quickstart
-
Run
./scripts/feeds update -ato obtain all the latest package definitions defined in feeds.conf / feeds.conf.default -
Run
./scripts/feeds install -ato install symlinks for all obtained packages into package/feeds/ -
Run
make menuconfigto select your preferred configuration for the toolchain, target system & firmware packages. -
Run
maketo build your firmware. This will download all sources, build the cross-compile toolchain and then cross-compile the GNU/Linux kernel & all chosen applications for your target system.
Related Repositories
The main repository uses multiple sub-repositories to manage packages of
different categories. All packages are installed via the OpenWrt package
manager called opkg. If you're looking to develop the web interface or port
packages to OpenWrt, please find the fitting repository below.
-
LuCI Web Interface: Modern and modular interface to control the device via a web browser.
-
OpenWrt Packages: Community repository of ported packages.
-
OpenWrt Routing: Packages specifically focused on (mesh) routing.
-
OpenWrt Video: Packages specifically focused on display servers and clients (Xorg and Wayland).
Support Information
For a list of supported devices see the OpenWrt Hardware Database
Documentation
Support Community
- Forum: For usage, projects, discussions and hardware advise.
- Support Chat: Channel
#openwrton oftc.net.
Developer Community
- Bug Reports: Report bugs in OpenWrt
- Dev Mailing List: Send patches
- Dev Chat: Channel
#openwrt-develon oftc.net.
License
OpenWrt is licensed under GPL-2.0