OpenWrt 22.03.0-rc5 Changelog

This changelog lists all commits done in OpenWrt since the v21.03.0-rc4 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 22.03.0-rc5 release.

See also the release notes that provide a more accessible overview of the main changes in 22.03.0-rc5.

8a3fb45 netfilter: kmod-nft-xfrm (+13)
7e223a8 prereq-build: add additional git detection (+2,-1)
63b4881 include/prereq-build.mk: macOS cross build improvements (+6,-1)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)
50db012 kernel: bump 5.10 to 5.10.123 (+2,-2)
f2f0354 kernel: bump 5.10 to 5.10.124 (+93,-93)
2b8021d kernel: bump 5.10 to 5.10.125 (+5,-5)
66da295 kernel: bump 5.10 to 5.10.126 (+2,-2)
6b44a6e kernel: bump 5.10 to 5.10.127 (+20,-20)

c1868ef tools/libressl: update to version 3.4.3 (+2,-2)

3cfe050 kernel: crypto: add kmod-crypto-chacha20poly1305 (+12)
8a3fb45 netfilter: kmod-nft-xfrm (+13)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)
f2f0354 kernel: bump 5.10 to 5.10.124 (+93,-93)
e4caacc kernel: add missing symbol to 5.10 config (+1)
993b70a kernel: fix variable erasesize patch (+64,-208)
6b44a6e kernel: bump 5.10 to 5.10.127 (+20,-20)
ee67afe kernel: Refresh patches for all targets (+79,-155)
bfd070e kernel: Add missing mediatek configuration options (+3,-2)

68a6d7a uboot-mvebu: add patch to enable setexpr for clearfog boards (+31)
b65e4d7 uboot-mvebu: remove enabled CONFIG_CMD_SETEXPR (-7)
3a02b8a uboot-mvebu: update to version v2022.04 (+2,-524)
fa56db5 uboot-mediatek: update UniFi 6 LR board name (+1,-1)

f393581 hostapd: add owe_transition_ifname (+3,-1)
43fd8f4 libusb: fix missing link (+1,-1)
d8f8c78 464xlat: delete SNATed conntracks on interface teardown (+4,-1)
d989124 broadcom-wl: Fix compilation with kernel 5.10 (+50,-8)
f91b0d7 wolfssl: disable AES-NI by default for x86_64 (+6,-1)
d8d8b82 dropbear: cherry-pick upstream commit 544f28a0 (+134)
fb3b927 iptables: default to ip(6)tables-nft (+12,-19)
1edf306 firewall4: bump to git HEAD (+3,-3)
⇒ 11f5c7b fw4.uc: fix zone helper assignment (+6,-3)
⇒ b9d35ff fw4.uc: don't skip zone for unavailable helper (+1,-2)
⇒ e35e26b tests: add test for zone helpers (+374)
⇒ a063317 ruleset: fix conntrack helpers (+387,-265)
⇒ e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps (+301,-38)
⇒ 11410b8 ruleset: reorder declarations & output tweaks (+96,-108)
⇒ 880dd31 fw4: fix skipping invalid IPv6 ipset entries (+1,-1)
⇒ 5994466 fw4: simplify `is_loopback_dev()` (+19,-12)
⇒ 53886e5 fw4: fix crash in parse_cthelper() if no helpers are present (+1,-1)
⇒ 11256ff fw4: add support for configurable includes (+199,-2)
⇒ 3b5a033 tests: add test coverage for firewall includes (+506)
⇒ d79911c fw4: support sets with timeout capability but without default expiry (+10,-2)
⇒ 15c3831 fw4: add support for `option log` in rule and redirect sections (+22,-1)
5c7aed8 openssl: bump to 1.1.1p (+2,-2)

267f86a wireless-regdb: bump to 2022.06.06 (+3,-3)
3e38bd1 ipq-wifi: remove packaged BDF-s for MikroTik devices (+4,-14)

618ab57 base-files: allow ignoring minor compat-version check (+5)

a4390ea apm821xx: WNDAP660: fix ethernet port ordering (+13,-13)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
6b44a6e kernel: bump 5.10 to 5.10.127 (+20,-20)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
ee67afe kernel: Refresh patches for all targets (+79,-155)

2b4fba8 ath79: D-Link DAP-2680: select QCA9984 firmware (+1,-1)
b9d67e2 ath79: fix rootfs padding for D-Link DAP-2xxx (+2,-1)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)
fbbc127 ath79: mikrotik: add rw soft_config to extra devices (-2)
d6a06e1 ath79: add support for RouterBOARD mAP (+134)
ee67afe kernel: Refresh patches for all targets (+79,-155)

8f393cf bcm27xx/bcm2710: enable asm crypto algorithms (+8)
4101c81 bcm27xx/bcm2711: enable asm crypto algorithms (+8)
ee67afe kernel: Refresh patches for all targets (+79,-155)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

51f1480 bcm4908: enable armv8-CE crypto algorithms (+8)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

d929abb bcm53xx: remove 07_set_preinit_iface_bcm53xx (-14)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
344ecf4 ipq40xx: mikrotik: make RouterBoot partition writeable (-5)
80602d4 ipq40xx: mikrotik: provide BDF-s on demand (+23)
3e38bd1 ipq-wifi: remove packaged BDF-s for MikroTik devices (+4,-14)
973ff0b ipq40xx: mikrotik: dont include ath10k-board-qca4019 by default (+1)
85b5bad ipq40xx: cut ath10k board file for mikrotik subtarget (+2,-2)
ee67afe kernel: Refresh patches for all targets (+79,-155)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)

33dd466 layerscape/armv8_64b: enable armv8-CE crypto algos (+11)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

049093b mediatek: UniFi 6 LR: disable RTC (+6)
2b8021d kernel: bump 5.10 to 5.10.125 (+5,-5)
e459a87 mediatek/mt7629: Activate CONFIG_ARM_ARCH_TIMER_EVTSTREAM (+2)
5a81e00 mediatek: mt7622: fix banana pi r64 wps button (+40)
2bea35c mediatek: remove crypto-hw-mtk package (-23)
1d96f68 mediatek: build ubnt-ledbar as a module (+18,-4)
8f0d886 mediatek: new target mt7622-ubnt-unifi-6-lr-v1 (+35,-31)
d815e1f mediatek: new target ubnt_unifi-6-lr-v1-ubootmod (+6,-5)
d302839 mediatek: add Ubiquiti UniFi 6 LR v2 targets (+239)
6b78bf1 mediatek: mt7622: fix white dome LED of UniFi 6 LR (+1,-3)
bfd070e kernel: Add missing mediatek configuration options (+3,-2)

19f3ee5 mpc85xx: enable error reporting for RAM and PCIe (+4)
4130e7e mpc85xx: p2020: add RTC ds1307 to kernel (+1)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)

23bc97c mvebu/cortexa53: refresh kernel 5.10 config (+7,-1)
cd25cc0 mvebu/cortexa53: enable armv8-CE crypto algos (+11)
75ffc99 mvebu/cortexa72: refresh kernel 5.10 config (+4,-1)
9ff2e7d mvebu/cortexa72: enable armv8-CE crypto algos (+11)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
5a82803 mvebu: cortexa72: fix ImageBuilder for IEI Puzzle devices (-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

7f44677 octeontx: add armv8-CE version of CRC T10 (+1)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
ee67afe kernel: Refresh patches for all targets (+79,-155)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
88101fa qoriq: use KERNEL_SUFFIX in Build/sdcard-img (+1,-1)
7c240ee qoriq: use FIT uImage for Firebox M300 kernel (+5,-1)
c767362 qoriq: define leds for Firebox M300 (+22,-1)
04091ff qoriq: define reset button for Firebox M300 (+13,-1)
c944828 qoriq: 02_network fix sweth globbing logic (+1,-1)
9296d89 qoriq: disable CONFIG_COMPAT (-8)
e222660 qoriq: enable HARDENED_USERCOPY (-1)
7d6b8f5 qoriq: enable Book-E Watchdog Timer (+2)

8f7e0cb ramips: fix RT-AC57U button level (+1,-1)
2726c8c ramips: fix booting on ZyXEL NBG-419N v2 (+1)
d01e374 ramips: force ZyXEL NR7101 to boot from "Kernel" partition (+1)
7bc1d76 ramips: mt7621-dts: fix claiming rgmii2 pin group for EdgeRouter X SFP (+7,-5)
d65ad3e ramips: decrease SPI frequency for Phicomm K2P (+1,-2)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)
f2f0354 kernel: bump 5.10 to 5.10.124 (+93,-93)
2b8021d kernel: bump 5.10 to 5.10.125 (+5,-5)
158a5af ramips: improve YunCore AX820 LEDs (+26,-6)

bbf8651 realtek: add support for power LED on Netgear GS308Tv1 (+27)
515404a realtek: add support for power LED on Netgear GS108Tv3 (+27)
c32dfc7 realtek: make Netgear GS1xx u-boot env partition writable (-1)
daa8d7e realtek: make "u-boot-env" partition writable for Netgear 3xx series (-1)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
ee67afe kernel: Refresh patches for all targets (+79,-155)

83dfa41 rockchip/armv8: enable armv8-CE crypto algorithms (+9)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

23f0fea sunxi/cortexa53: enable armv8-CE crypto algorithms (+10)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
2b39238 x86: fix damaged config 5.10 refresh (+3,-3)
656036a x86: 64: Add kmod-igc to default packages (+1,-1)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

52a6475 ath10k-ct: update to 2022-05-13 (+22,-22)
⇒ f808496 ath10k-ct: Add patch from Robert Marko to 5.10+ (+92.2K,-39)

76c5c95 Revert "mac80211: add a bug fix for a rare crash" (-38)
aab535d mac80211: add airtime fairness improvements (+1.7K,-3)
08e1812 mac80211: increase airtime scheduler quantum (+53)
02cfd1f mac80211: ath10k: backport bus and device specific API 1 BDF selection (+65)
a3946a7 mac80211: fix mesh queue selection issue (+28)

f608779 mt76: update to the latest version (+3,-3)
⇒ 65042bf mt76: mt7915: introduce 802.11ax multi-bss support (+70,-5)
⇒ e756ea3 mt76: fix wrong HE data rate in sniffer tool (+8,-4)
⇒ 47b6413 mt76: mt7921: don't enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR i... (+10,-3)
⇒ 7a05f46 mt76: fix monitor rx FCS error in DFS channel (+6,-3)
⇒ 104dd5c mt76: mt7915: fix DBDC default band selection on MT7915D (+2)
⇒ a7805e4 mt76: reduce tx queue lock hold time (+8,-6)
⇒ 0b1deb9 mt76: dma: use kzalloc instead of devm_kzalloc for txwi (+4,-2)
⇒ 2e51013 mt76: dma: reduce lock contention in mt76_dma_tx_cleanup (+23,-3)
⇒ c96fbb8 mt76: mt7915: rework hardware/phy initialization (+78,-43)
⇒ c2bb44c mt76: mt7915: accept rx frames with non-standard VHT MCS10-11 (+1,-1)
⇒ 36c23a4 mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (+1,-1)
⇒ 5b7dd09 mt76: fix use-after-free by removing a non-RCU wcid pointer (+13,-12)
⇒ c692aac mt76: fix MBSS index condition in DBDC mode (+17,-17)
⇒ fd65419 mt76: mt7921u: add suspend/resume support (+72,-4)
⇒ 201b33c mt76: mt7921: rely on mt76_dev rxfilter in mt7921_configure_filter (+14,-16)
⇒ 9666c08 mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (+2,-2)
⇒ + 107 more...
32e9095 mt76: update to the latest version (+3,-3)
⇒ c07f459 firmware: update mt7622 firmware to version 20220630 ()
⇒ af406a2 mt76: do not use skb_set_queue_mapping for internal purposes (+24,-20)
fcd6293 mt76: update to the latest version (+3,-3)
⇒ 93e3fce mt76: pass original queue id from __mt76_tx_queue_skb to the driver (+19,-18)

Description: [Zyxel NBG-419n v2 / 21.02.x boot fails / bootloop
Link: https://github.com/openwrt/openwrt/issues/9842
Commits:
2726c8c ramips: fix booting on ZyXEL NBG-419N v2 (+1)

Description: git prereq detection is fragile; broken on Guix
Link: https://github.com/openwrt/openwrt/issues/9986
Commits:
7e223a8 prereq-build: add additional git detection (+2,-1)

Description: Intel igc driver needed for default installs
Link: https://github.com/openwrt/openwrt/issues/10064
Commits:
656036a x86: 64: Add kmod-igc to default packages (+1,-1)

Description: wndap660 switch port to physical label and indicator LED mapping incorrect
Link: https://github.com/openwrt/openwrt/issues/10111
Commits:
a4390ea apm821xx: WNDAP660: fix ethernet port ordering (+13,-13)

Description: YunCore AX820: GPIO LED not correct
Link: https://github.com/openwrt/openwrt/issues/10131
Commits:
158a5af ramips: improve YunCore AX820 LEDs (+26,-6)

Description: The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
Commits:
5c7aed8 openssl: bump to 1.1.1p (+2,-2)

Description: In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
Commits:
5c7aed8 openssl: bump to 1.1.1p (+2,-2)