OpenWrt 22.03.3 third service release

Sun Jan 8 17:04:54 PST 2023

Hi,

The OpenWrt community is proud to announce the newest stable release of 
the OpenWrt 22.03 stable version series. It fixes security issues, 
improves device support, and brings a few bug fixes.

Download firmware images using the OpenWrt Firmware Selector:
  * https://firmware-selector.openwrt.org/?version=22.03.3
Download firmware images directly from our download servers:
  * https://downloads.openwrt.org/releases/22.03.3/targets/

Main changes between OpenWrt 22.03.2 and OpenWrt 22.03.3:
========================================================

Security fixes
==============

   * CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's
     awk applet
   * CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-
     after-free flaw in dnsmasq DHCPv6 server
   * CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability
     was found in e2fsprogs 1.46.5
   * CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-
     After-Free Remote Code Execution Vulnerability
   * CVE-2022-46393: mbedtls: Fix potential heap buffer overread and
     overwrite
   * CVE-2022-46392: mbedtls: An adversary with access to precise enough
     information about memory accesses can recover an RSA private key
   * CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS
     macro is set when building wolfSSL, there is a potential heap over
     read of 5 bytes when handling TLS 1.3 client connections.

Device support
==============

   * Support for the following devices was added:
     * Ruckus ZoneFlex 7372
     * Ruckus ZoneFlex 7321
     * ZTE MF289F
     * TrendNet TEW-673GRU
     * Linksys EA4500 v3
     * Wavlink WS-WN572HP3 4G
   * Fix reboot loop by using LZMA loader. This affects the following
     devices:
     * NETGEAR EX6150
     * HiWiFi HC5962
     * ASUS RT-N56U B1
     * Belkin F9K1109v1
     * D-Link DIR-645
     * D-Link DIR-860L B1
     * NETIS WF2881
     * ZyXEL WAP6805
   * Fix WAN mac address assignment. This affects the following devices:
     * UniElec U7621-01
     * UniElec U7621-06
     * TP-Link AR7241
     * TP-Link TL-WR740N
     * TP-Link TL-WR741ND v4
     * Teltonika RUT230
     * Luma Home WRTQ-329ACN
   * mvebu: Disable devices using broken mv88e6176 switch. This affects
     the following devices:
     * CZ.NIC Turris Omnia
     * Linksys WRT1200AC
     * Linksys WRT1900ACS
     * Linksys WRT1900AC v1
     * Linksys WRT1900AC v2
     * Linksys WRT3200ACM
     * Linksys WRT32X
     * Linksys WRT3200ACM
     * SolidRun ClearFog Pro
   * lantiq/xrx200: Enable interrupts on second VPE
   * layerscape: Fix SPI-NOR issues with vendor patches
   * RouterBoard 912UAG: Fix reference clock
   * TP-Link RE200 v3/v4: Fix LED configuration
   * GL.iNet GL-MT1300: Fix flash access by reducing SPI clock
   * Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over
     vendor web UI
   * D-Link DIR-825 B1: Add factory image recipe
   * D-Link DIR-825-B1: Expand rootfs
   * D-Link DGS-1210-10P: Add support for extra buttons and LEDs
   * Asus RT-AC88U: Include Broadcom 4366b1 firmware by default
   * AVM FRITZ!Box 7430: Include USB driver by default
   * HAOYU Electronics MarsBoard A10: Include sound driver by default
   * Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys
     factory firmware

Various fixes and improvements
==============================

   * firewall4: Fix boot hang with firewall4 and loadfile
   * Added the following kernel packages:
     * kmod-sched-prio (extracted from kmod-sched)
     * kmod-sched-red (extracted from kmod-sched)
     * kmod-sched-act-police (extracted from kmod-sched)
     * kmod-sched-act-ipt (extracted from kmod-sched)
     * kmod-sched-pie (extracted from kmod-sched)
     * kmod-sched-drr
     * kmod-sched-fq-pie
     * kmod-sched-act-sample
     * kmod-nvme
     * kmod-phy-marvell
     * kmod-hwmon-sht3x
     * kmod-netconsole
     * kmod-btsdio
   * Added firmware files for mt7916 and mt7921 devices
   * ucode: lexer: Fixes for regex literal parsing
   * hostapd: Remove dtim_period option from device, it is already a BSS
     property
   * procd: Service: pass all arguments to service
   * ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
   * comgt-ncm: Add support for quectel modem EC200T-EU
   * umbim: Allow roaming and partner connections
   * kernel: Add support for EON EN25QX128A spi nor flash
   * iwinfo: Many bugfixes and improvements:
     * improvements in showing the used band, ht mode and hw mode
     * Added support for HE (Wifi 6) modes
     * Added support for new devices (MT7921AU, MT7986 WiSoC)
     * Add support for CCMP-256 and GCMP-256 ciphers
   * uhttpd: Fix incorrectly emitting HTTP 413 for certain content
     lengths
   * gcc: Import patch fixing asm machine directive for powerpc

Core components update
======================

   * Update Linux kernel from 5.10.146 to 5.10.161
   * Update mac80211 backports from 5.15.58-1 to 5.15.81-1
   * Update strace from 5.16 to 5.19
   * Update mbedtls from 2.28.1 to 2.28.2
   * Update openssl from 1.1.1q to 1.1.1s
   * Update wolfssl from 5.5.1 to 5.5.4
   * Update util-linux from 2.37.3 to 2.37.4
   * Update firewall4 from 2022-10-14 to 2022-10-18
   * Update odhcpd from 2022-03-22 to 2023-01-02
   * Update uhttpd from 2022-08-12 to 2022-10-31
   * Update iwinfo from 2022-08-19 to 2022-12-15
   * Update ucode from 2022-10-07 to 2022-12-02

-----------------

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/22.03/notes-22.03.3

In particular, make sure to read the regressions and known issues before 
upgrading:
https://openwrt.org/releases/22.03/notes-22.03.3#known_issues

For a detailed list of all changes since 22.03.2, refer to
https://openwrt.org/releases/22.03/changelog-22.03.3

To download the 22.03.3 images, navigate to:
https://downloads.openwrt.org/releases/22.03.3/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org/?version=22.03.3

As always, a big thank you goes to all our active package maintainers,
testers, documenters and supporters.

Have fun!

The OpenWrt Community

---

To stay informed of new OpenWrt releases and security advisories, there
are new channels available:

  * a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce

  * a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14

  * other announcement channels (such as RSS feeds) might be added in the
    future, they will be listed at https://openwrt.org/contact
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x93DD20630910B515.asc
Type: application/pgp-keys
Size: 15497 bytes
Desc: OpenPGP public key
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20230109/7a51e6f9/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20230109/7a51e6f9/attachment-0001.sig>