OpenWrt 22.03.3 - Service Release - 9 January 2023

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.3, r20028-43d71ad93e
 -----------------------------------------------------

The OpenWrt community is proud to announce the newest stable release of the OpenWrt 22.03 stable version series. It fixes security issues, improves device support, and brings a few bug fixes.

Download firmware images via the Firmware Selector or directly from our download servers:

• Download firmware image for your device (firmware selector)
• Download firmware images directly from OpenWrt download servers

An upgrade from OpenWrt 21.02 or 22.03 to OpenWrt 22.03.3 is supported in many cases with the help of the sysupgrade utility which will also attempt to preserve the configuration. A configuration backup is advised nonetheless when upgrading to OpenWrt 22.03. (see “Upgrading” below).

The OpenWrt Project is a Linux operating system targeting embedded devices. It is a complete replacement for the vendor-supplied firmware of a wide range of wireless routers and non-network devices. See the Table of Hardware for supported devices. For more information about OpenWrt project organization, see the About OpenWrt pages.

Do you want to be informed about important changes such as new releases and security fixes?

We have a new mailing list for this, as well as RSS options: see Important changes and announcements.

Only the main changes are listed below. See changelog-22.03.3 for the full changelog.

• CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk applet
• CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server
• CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
• CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
• CVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwrite
• CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key
• CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.

• Support for the following devices was added:
  • Ruckus ZoneFlex 7372
  • Ruckus ZoneFlex 7321
  • ZTE MF289F
  • TrendNet TEW-673GRU
  • Linksys EA4500 v3
  • Wavlink WS-WN572HP3 4G
• Fix reboot loop by using LZMA loader. This affects the following devices:
  • NETGEAR EX6150
  • HiWiFi HC5962
  • ASUS RT-N56U B1
  • Belkin F9K1109v1
  • D-Link DIR-645
  • D-Link DIR-860L B1
  • NETIS WF2881
  • ZyXEL WAP6805
• Fix WAN mac address assignment. This affects the following devices:
  • UniElec U7621-01
  • UniElec U7621-06
  • TP-Link AR7241
  • TP-Link TL-WR740N
  • TP-Link TL-WR741ND v4
  • Teltonika RUT230
  • Luma Home WRTQ-329ACN
• mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices (See broken_mv88e6176_switch):
  • CZ.NIC Turris Omnia
  • Linksys WRT1200AC
  • Linksys WRT1900ACS
  • Linksys WRT1900AC v1
  • Linksys WRT1900AC v2
  • Linksys WRT3200ACM
  • Linksys WRT32X
  • Linksys WRT3200ACM
  • SolidRun ClearFog Pro
• lantiq/xrx200: Enable interrupts on second VPE
• layerscape: Fix SPI-NOR issues with vendor patches
• RouterBoard 912UAG: Fix reference clock
• TP-Link RE200 v3/v4: Fix LED configuration
• GL.iNet GL-MT1300: Fix flash access by reducing SPI clock
• Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over vendor web UI
• D-Link DIR-825 B1: Add factory image recipe
• D-Link DIR-825-B1: Expand rootfs
• D-Link DGS-1210-10P: Add support for extra buttons and LEDs
• Asus RT-AC88U: Include Broadcom 4366b1 firmware by default
• AVM FRITZ!Box 7430: Include USB driver by default
• HAOYU Electronics MarsBoard A10: Include sound driver by default
• Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys factory firmware

• firewall4: Fix boot hang with firewall4 and loadfile
• Added the following kernel packages:
  • kmod-sched-prio (extracted from kmod-sched)
  • kmod-sched-red (extracted from kmod-sched)
  • kmod-sched-act-police (extracted from kmod-sched)
  • kmod-sched-act-ipt (extracted from kmod-sched)
  • kmod-sched-pie (extracted from kmod-sched)
  • kmod-sched-drr
  • kmod-sched-fq-pie
  • kmod-sched-act-sample
  • kmod-nvme
  • kmod-phy-marvell
  • kmod-hwmon-sht3x
  • kmod-netconsole
  • kmod-btsdio
• Added firmware files for mt7916 and mt7921 devices
• hostapd: Remove dtim_period option from device, it is already a BSS property
• procd: Service: pass all arguments to service
• ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
• comgt-ncm: Add support for quectel modem EC200T-EU
• umbim: Allow roaming and partner connections
• kernel: Add support for EON EN25QX128A spi nor flash
• iwinfo: Many bugfixes and improvements:
  • improvements in showing the used band, ht mode and hw mode
  • Added support for HE (Wifi 6) modes
  • Added support for new devices (MT7921AU, MT7986 WiSoC)
  • Add support for CCMP-256 and GCMP-256 ciphers
• uhttpd: Fix incorrectly emitting HTTP 413 for certain content lengths
• gcc: Import patch fixing asm machine directive for powerpc

• Update Linux kernel from 5.10.146 to 5.10.161
• Update mac80211 backports from 5.15.58-1 to 5.15.81-1
• Update strace from 5.16 to 5.19
• Update mbedtls from 2.28.1 to 2.28.2
• Update openssl from 1.1.1q to 1.1.1s
• Update wolfssl from 5.5.1 to 5.5.4
• Update util-linux from 2.37.3 to 2.37.4
• Update firewall4 from 2022-10-14 to 2022-10-18
• Update odhcpd from 2022-03-22 to 2023-01-02
• Update uhttpd from 2022-08-12 to 2022-10-31
• Update iwinfo from 2022-08-19 to 2022-12-15
• Update ucode from 2022-10-07 to 2022-12-02

Sysupgrade can be used to upgrade a device from OpenWrt 21.02 or 22.03 to 22.03.3 and configuration will be preserved in most cases.

Sysupgrade from 19.07 to 22.03 is not supported.

There is no migration path for targets that switched from swconfig to DSA. In that case, sysupgrade will refuse to proceed with an appropriate error message:
Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

See reporting bugs if you encounter issues with this release.

Devices featuring the MV88E6176 integrated switch are currently broken in 22.03: the switch behaves as a hub, meaning network packets will be sent to all ports. This bug is documented in (FS#11077). This problem is only seen with kernel 5.10. OpenWrt 21.02 and OpenWrt master are not affected.