This changelog lists all commits done in OpenWrt since the v22.03.3 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 22.03.4 release.
See also the release notes that provide a more accessible overview of the main changes in 22.03.4.
aa5023b scripts/dl_github_archieve.py: fix generating unreproducible tar (+1,-1)
a8025bc kernel: bump 5.10 to 5.10.162 (+3,-3)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
10c7941 kernel: bump 5.10 to 5.10.164 (+9,-9)
83a13b7 kernel: bump 5.10 to 5.10.165 (+12,-12)
71cbc95 kernel: bump 5.10 to 5.10.166 (+63,-63)
98b8507 bpf: check llvm version only when used (+2)
f7541ae bpf: ignore missing LLVM bins on package for non compile steps (+1,-1)
a66e53d kernel: bump 5.10 to 5.10.167 (+2,-2)
55a48b0 kernel: bump 5.10 to 5.10.168 (+37,-37)
26cc831 kernel: bump 5.10 to 5.10.169 (+109,-11)
cb91aa4 kernel: bump 5.10 to 5.10.170 (+2,-2)
a88c655 kernel: bump 5.10 to 5.10.172 (+4,-102)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
6b19d24 kernel: bump 5.10 to 5.10.174 (+2,-2)
a4212b7 kernel: bump 5.10 to 5.10.175 (+142,-142)
f61c5cf kernel: bump 5.10 to 5.10.176 (+36,-36)
f677302 build: fix for sourcing targets image config installed via feeds (+1)
3bc6d2a tools/dosfstools: fix PKG_SOURCE (+2,-2)
807483d dosfstools: switch to AC_CHECK_LIB (+28)
28e1770 tools/mkimage: build uboot with NO_SDL=1 (+1)
a507243 firmware-utils: tplink-safeloader: add TP-Link Archer AX23 v1 (+122)
c58959d firmware-utils: tplink-safeloader: add Mercusys MR70X (+96,-1)
38ccc47 imagebuilder: allow to specific ROOTFS_PARTSIZE (+3,-1)
7531ef7 sdk: expose PATENTED an NLS build options (+17)
c0b4303 toolchaini/gcc: fix libstdc++ dual abi model (+1,-1)
c1a2634 Revert "toolchaini/gcc: fix libstdc++ dual abi model" (+1,-1)
9aaeaa8 toolchain: musl: Fix symbol loading in gdb (+61)
1f32774 kernel: mtk-bmt: fix usage of _oob_read (+8,-2)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
83a13b7 kernel: bump 5.10 to 5.10.165 (+12,-12)
428d720 kernel: backport some mv88e6xxx devlink patches (+374)
71cbc95 kernel: bump 5.10 to 5.10.166 (+63,-63)
55a48b0 kernel: bump 5.10 to 5.10.168 (+37,-37)
cfce8ab kernel: can: fix MCP251x CAN controller module autoload (+1,-1)
7b05a8d kernel: fix mtk dsa tag padding (+2,-3)
ea6fb9c generic: MIPS: Add barriers between dcache & icache flushes (+71)
0a32f66 generic: remove patch for unused kernel version (-21)
26cc831 kernel: bump 5.10 to 5.10.169 (+109,-11)
a88c655 kernel: bump 5.10 to 5.10.172 (+4,-102)
36bf158 kernel: tcindex classifier has been retired (+1,-3)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
a4212b7 kernel: bump 5.10 to 5.10.175 (+142,-142)
f61c5cf kernel: bump 5.10 to 5.10.176 (+36,-36)
c233103 kernel: remove obsolete netfilter tcp window size check bypass patch (-73)
05ec70f kernel: add support for XMC XM25QH64C (+22)
d2f3422 kernel: filter out pahole version (+1)
788a0cf mpc85xx: add support for Watchguard Firebox T10 (+410,-1)
21a121a uboot-envtools: add support for ramips Asus RX-AX53U (+1)
aca915e ksmbd: update to 3.4.6 (+2,-55)
e88e0ac ksmbd: Fix ZDI-CAN-18259 (+100,-1)
9a12afc mbedtls: move source modification to patch (+15,-3)
3167f7c openssl: bump to 1.1.1t (+2,-2)
b573a78 ncm: add error check and retry mechanism for gcom call (+19,-4)
5909b6c comgt: add quirk for Mikrotik modems based on Mikrotik R11e-LTE6 (+4,-2)
ff22a20 comgt: ncm: support Mikrotik R11e-LTE6 modem (+12)
5030620 dnsmasq: add dhcphostsfile to ujail sandbox (+1)
51cf5aa hostapd: add missing return code for the bss_mgmt_enable ubus method (+2)
4ed9884 ksmbd: update to 3.4.7 (+4,-103)
13d3fb3 bpf-headers: fix package category (+1,-1)
2faa7ff openssl: fix variable reference in conffiles (+3,-3)
fea7478 iproute2: add missing libbpf dependency (+1,-1)
99fddbe wireless-regdb: update to 2023.02.13 (+2,-2)
066ac40 netifd: strip mask from IP address in DHCP client params (+1,-1)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
71cbc95 kernel: bump 5.10 to 5.10.166 (+63,-63)
52564e6 at91: sama7: fix racy SD card image generation (+1,-1)
7370479 at91: sam9x,sama5: fix racy SD card image generation (+2,-2)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
a8025bc kernel: bump 5.10 to 5.10.162 (+3,-3)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
0657576 ath79: add LTE led for GL.iNet GL-XE300 (+1)
2702ef9 ath79: add label-mac-device for GL-XE300 (+4)
2601873 ath79: add LTE packages for GL-XE300 (+2,-1)
55a48b0 kernel: bump 5.10 to 5.10.168 (+37,-37)
26cc831 kernel: bump 5.10 to 5.10.169 (+109,-11)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
541be7d ath79: Refresh patches (+1,-1)
70d2e8b ath79: Fix glinet ar300m usb not working (+8,-13)
0636d6b ath79: use lzma-loader for Senao initramfs images (+1)
b2db4fa ath79: tiny: Do not build TPLink WPA8630Pv2 by default (+1)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
10c7941 kernel: bump 5.10 to 5.10.164 (+9,-9)
83a13b7 kernel: bump 5.10 to 5.10.165 (+12,-12)
71cbc95 kernel: bump 5.10 to 5.10.166 (+63,-63)
55a48b0 kernel: bump 5.10 to 5.10.168 (+37,-37)
a88c655 kernel: bump 5.10 to 5.10.172 (+4,-102)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
a4212b7 kernel: bump 5.10 to 5.10.175 (+142,-142)
26cc831 kernel: bump 5.10 to 5.10.169 (+109,-11)
836e3d1 bcm4908: backport v6.4 pending DTS changes (+791,-1)
28e5045 bcm4908: include usbport trigger (+2,-1)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
b7c031d ipq40xx: Linksys MR8300: fix the USB port power (+11,-1)
f61c5cf kernel: bump 5.10 to 5.10.176 (+36,-36)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
71cbc95 kernel: bump 5.10 to 5.10.166 (+63,-63)
26cc831 kernel: bump 5.10 to 5.10.169 (+109,-11)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
a4212b7 kernel: bump 5.10 to 5.10.175 (+142,-142)
4b7f9e4 lantiq-xrx200: fix wan LED on o2 box 6431 (+4,-1)
1bead4c lantiq: xrx200: Fix wifi LED on o2 box 6431 (+1,-1)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
354ad10 lantiq: nand: don't yield while holding spinlock (+38)
50d707e lantiq: fix lzma-loader for Netgear DGN 3500(B) (+18,-5)
788a0cf mpc85xx: add support for Watchguard Firebox T10 (+410,-1)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
212c3ff octeontx: add sqaushfs and ramdisk to features (+1,-1)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
15b9c02 kernel: bump 5.10 to 5.10.163 (+151,-217)
3fd3d99 ramips: mt7621-dts: fix phy-mode of external phy on GB-PC2 (+1,-1)
3c6692b ramips: add support for TP-Link Archer AX23 v1 (+223)
c1bfb70 ramips: fix Archer AX23 WiFi MAC address conflict (+1,-4)
f5db04e ramips: add support for Mercusys MR70X (+183,-4)
96e3fee ramips: fix 5g mac for TOTOLINK X5000R (+4)
0170bc1 ramips: mt7621: enable lzma-loader for AFOUNDRY EW1200 (+1)
24d84a1 kernel: bump 5.10 to 5.10.173 (+289,-346)
a4212b7 kernel: bump 5.10 to 5.10.175 (+142,-142)
3014c69 ramips: add support for read/write uboot env to Asus RX-AX53U (+11,-2)
a3fbeb2 ramips: add missing LEDs to Asus RT-AX53U (+19,-3)
85b6a7a ramips: Alternative name Asus RT-AX1800U for Asus RT-AX53U (+2)
fc1750b ramips: mt7621: ASUS RT-AX53U add NMBM, nest firmware (+26,-7)
50d37b0 ramips: rt5350: enable lzma-loader for ALLNET ALL5003 (+1)
c6b6cab ramips: mt7621: mikrotik 760igs (hEX S) fix SFP (+1)
2a4a637 ramips: lower re305-v3 spi-max-frequency (+1,-1)
711e45e ramips: add support for D-Link DAP-X1860 A1 (+234)
deafcf9 ramips: define remapping-range for DAP-X1860 (+7)
71cbc95 kernel: bump 5.10 to 5.10.166 (+63,-63)
999cb95 x86: fix deprecated CONFIG_MICROCODE_OLD_INTERACE (+1,-1)
ddeeb35 mac80211: use 802.11ax iw modes (+3,-3)
863288b mac80211: Update to version 5.15.92-1 (+3,-3)
4ae854d mac80211, mt76: add fixes for recently discovered security issues (+660)
6035401 mac80211: fix invalid calls to drv_sta_pre_rcu_remove (+25)
4ae854d mac80211, mt76: add fixes for recently discovered security issues (+660)
7c10b7b CI: build: fix external toolchain use with release tag tests (+1,-1)
Description: LEDs for WLAN and DSL do not work right.
Link: https://github.com/openwrt/openwrt/issues/7757
Commits:
4b7f9e4 lantiq-xrx200: fix wan LED on o2 box 6431 (+4,-1)
Description: IPROUTE2: package/network/utils/iproute2 failed to build (build variant: tcfull). LIBBPF_FORCE=on set, but couldn't find a usable libbpf
Link: https://github.com/openwrt/openwrt/issues/9491
Commits:
fea7478 iproute2: add missing libbpf dependency (+1,-1)
Description: tools: dosfstools 4.2 fix url
Link: https://github.com/openwrt/openwrt/issues/10871
Commits:
3bc6d2a tools/dosfstools: fix PKG_SOURCE (+2,-2)
Description: Netgear DGN 3500(B) image 22.03.x bricks router
Link: https://github.com/openwrt/openwrt/issues/11701
Commits:
50d707e lantiq: fix lzma-loader for Netgear DGN 3500(B) (+18,-5)
Description: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
Commits:
3167f7c openssl: bump to 1.1.1t (+2,-2)
Description: The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
Commits:
3167f7c openssl: bump to 1.1.1t (+2,-2)
Description: The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47522
Commits:
4ae854d mac80211, mt76: add fixes for recently discovered security issues (+660)
Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47938
Commits:
aca915e ksmbd: update to 3.4.6 (+2,-55)
Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47939
Commits:
aca915e ksmbd: update to 3.4.6 (+2,-55)
Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47940
Commits:
aca915e ksmbd: update to 3.4.6 (+2,-55)
Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47941
Commits:
aca915e ksmbd: update to 3.4.6 (+2,-55)
Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47942
Commits:
aca915e ksmbd: update to 3.4.6 (+2,-55)
Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47943
Commits:
aca915e ksmbd: update to 3.4.6 (+2,-55)
Description: The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
Commits:
3167f7c openssl: bump to 1.1.1t (+2,-2)
Description: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
Commits:
3167f7c openssl: bump to 1.1.1t (+2,-2)