OpenWrt 22.03.0-rc5 Changelog

This changelog lists all commits done in OpenWrt since the v21.03.0-rc4 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 22.03.0-rc5 release.

See also the release notes that provide a more accessible overview of the main changes in 22.03.0-rc5.

8a3fb45 netfilter: kmod-nft-xfrm (+13)
7e223a8 prereq-build: add additional git detection (+2,-1)
63b4881 include/prereq-build.mk: macOS cross build improvements (+6,-1)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)
50db012 kernel: bump 5.10 to 5.10.123 (+2,-2)
f2f0354 kernel: bump 5.10 to 5.10.124 (+93,-93)
2b8021d kernel: bump 5.10 to 5.10.125 (+5,-5)
66da295 kernel: bump 5.10 to 5.10.126 (+2,-2)
6b44a6e kernel: bump 5.10 to 5.10.127 (+20,-20)

c1868ef tools/libressl: update to version 3.4.3 (+2,-2)

3cfe050 kernel: crypto: add kmod-crypto-chacha20poly1305 (+12)
8a3fb45 netfilter: kmod-nft-xfrm (+13)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)
f2f0354 kernel: bump 5.10 to 5.10.124 (+93,-93)
e4caacc kernel: add missing symbol to 5.10 config (+1)
993b70a kernel: fix variable erasesize patch (+64,-208)
6b44a6e kernel: bump 5.10 to 5.10.127 (+20,-20)
ee67afe kernel: Refresh patches for all targets (+79,-155)
bfd070e kernel: Add missing mediatek configuration options (+3,-2)

68a6d7a uboot-mvebu: add patch to enable setexpr for clearfog boards (+31)
b65e4d7 uboot-mvebu: remove enabled CONFIG_CMD_SETEXPR (-7)
3a02b8a uboot-mvebu: update to version v2022.04 (+2,-524)
fa56db5 uboot-mediatek: update UniFi 6 LR board name (+1,-1)

f393581 hostapd: add owe_transition_ifname (+3,-1)
43fd8f4 libusb: fix missing link (+1,-1)
d8f8c78 464xlat: delete SNATed conntracks on interface teardown (+4,-1)
d989124 broadcom-wl: Fix compilation with kernel 5.10 (+50,-8)
f91b0d7 wolfssl: disable AES-NI by default for x86_64 (+6,-1)
d8d8b82 dropbear: cherry-pick upstream commit 544f28a0 (+134)
fb3b927 iptables: default to ip(6)tables-nft (+12,-19)
1edf306 firewall4: bump to git HEAD (+3,-3)
11f5c7b fw4.uc: fix zone helper assignment (+6,-3)
b9d35ff fw4.uc: don't skip zone for unavailable helper (+1,-2)
e35e26b tests: add test for zone helpers (+374)
a063317 ruleset: fix conntrack helpers (+387,-265)
e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps (+301,-38)
11410b8 ruleset: reorder declarations & output tweaks (+96,-108)
880dd31 fw4: fix skipping invalid IPv6 ipset entries (+1,-1)
5994466 fw4: simplify `is_loopback_dev()` (+19,-12)
53886e5 fw4: fix crash in parse_cthelper() if no helpers are present (+1,-1)
11256ff fw4: add support for configurable includes (+199,-2)
3b5a033 tests: add test coverage for firewall includes (+506)
d79911c fw4: support sets with timeout capability but without default expiry (+10,-2)
15c3831 fw4: add support for `option log` in rule and redirect sections (+22,-1)
5c7aed8 openssl: bump to 1.1.1p (+2,-2)

267f86a wireless-regdb: bump to 2022.06.06 (+3,-3)
3e38bd1 ipq-wifi: remove packaged BDF-s for MikroTik devices (+4,-14)

618ab57 base-files: allow ignoring minor compat-version check (+5)

a4390ea apm821xx: WNDAP660: fix ethernet port ordering (+13,-13)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
6b44a6e kernel: bump 5.10 to 5.10.127 (+20,-20)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
ee67afe kernel: Refresh patches for all targets (+79,-155)

2b4fba8 ath79: D-Link DAP-2680: select QCA9984 firmware (+1,-1)
b9d67e2 ath79: fix rootfs padding for D-Link DAP-2xxx (+2,-1)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)
fbbc127 ath79: mikrotik: add rw soft_config to extra devices (-2)
d6a06e1 ath79: add support for RouterBOARD mAP (+134)
ee67afe kernel: Refresh patches for all targets (+79,-155)

8f393cf bcm27xx/bcm2710: enable asm crypto algorithms (+8)
4101c81 bcm27xx/bcm2711: enable asm crypto algorithms (+8)
ee67afe kernel: Refresh patches for all targets (+79,-155)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

51f1480 bcm4908: enable armv8-CE crypto algorithms (+8)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

d929abb bcm53xx: remove 07_set_preinit_iface_bcm53xx (-14)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
344ecf4 ipq40xx: mikrotik: make RouterBoot partition writeable (-5)
80602d4 ipq40xx: mikrotik: provide BDF-s on demand (+23)
3e38bd1 ipq-wifi: remove packaged BDF-s for MikroTik devices (+4,-14)
973ff0b ipq40xx: mikrotik: dont include ath10k-board-qca4019 by default (+1)
85b5bad ipq40xx: cut ath10k board file for mikrotik subtarget (+2,-2)
ee67afe kernel: Refresh patches for all targets (+79,-155)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)

33dd466 layerscape/armv8_64b: enable armv8-CE crypto algos (+11)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

049093b mediatek: UniFi 6 LR: disable RTC (+6)
2b8021d kernel: bump 5.10 to 5.10.125 (+5,-5)
e459a87 mediatek/mt7629: Activate CONFIG_ARM_ARCH_TIMER_EVTSTREAM (+2)
5a81e00 mediatek: mt7622: fix banana pi r64 wps button (+40)
2bea35c mediatek: remove crypto-hw-mtk package (-23)
1d96f68 mediatek: build ubnt-ledbar as a module (+18,-4)
8f0d886 mediatek: new target mt7622-ubnt-unifi-6-lr-v1 (+35,-31)
d815e1f mediatek: new target ubnt_unifi-6-lr-v1-ubootmod (+6,-5)
d302839 mediatek: add Ubiquiti UniFi 6 LR v2 targets (+239)
6b78bf1 mediatek: mt7622: fix white dome LED of UniFi 6 LR (+1,-3)
bfd070e kernel: Add missing mediatek configuration options (+3,-2)

19f3ee5 mpc85xx: enable error reporting for RAM and PCIe (+4)
4130e7e mpc85xx: p2020: add RTC ds1307 to kernel (+1)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)

23bc97c mvebu/cortexa53: refresh kernel 5.10 config (+7,-1)
cd25cc0 mvebu/cortexa53: enable armv8-CE crypto algos (+11)
75ffc99 mvebu/cortexa72: refresh kernel 5.10 config (+4,-1)
9ff2e7d mvebu/cortexa72: enable armv8-CE crypto algos (+11)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
5a82803 mvebu: cortexa72: fix ImageBuilder for IEI Puzzle devices (-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

7f44677 octeontx: add armv8-CE version of CRC T10 (+1)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
ee67afe kernel: Refresh patches for all targets (+79,-155)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
88101fa qoriq: use KERNEL_SUFFIX in Build/sdcard-img (+1,-1)
7c240ee qoriq: use FIT uImage for Firebox M300 kernel (+5,-1)
c767362 qoriq: define leds for Firebox M300 (+22,-1)
04091ff qoriq: define reset button for Firebox M300 (+13,-1)
c944828 qoriq: 02_network fix sweth globbing logic (+1,-1)
9296d89 qoriq: disable CONFIG_COMPAT (-8)
e222660 qoriq: enable HARDENED_USERCOPY (-1)
7d6b8f5 qoriq: enable Book-E Watchdog Timer (+2)

8f7e0cb ramips: fix RT-AC57U button level (+1,-1)
2726c8c ramips: fix booting on ZyXEL NBG-419N v2 (+1)
d01e374 ramips: force ZyXEL NR7101 to boot from "Kernel" partition (+1)
7bc1d76 ramips: mt7621-dts: fix claiming rgmii2 pin group for EdgeRouter X SFP (+7,-5)
d65ad3e ramips: decrease SPI frequency for Phicomm K2P (+1,-2)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
81530d6 kernel: bump 5.10 to 5.10.121 (+64,-64)
4faf889 kernel: bump 5.10 to 5.10.122 (+58,-58)
f2f0354 kernel: bump 5.10 to 5.10.124 (+93,-93)
2b8021d kernel: bump 5.10 to 5.10.125 (+5,-5)
158a5af ramips: improve YunCore AX820 LEDs (+26,-6)

bbf8651 realtek: add support for power LED on Netgear GS308Tv1 (+27)
515404a realtek: add support for power LED on Netgear GS108Tv3 (+27)
c32dfc7 realtek: make Netgear GS1xx u-boot env partition writable (-1)
daa8d7e realtek: make "u-boot-env" partition writable for Netgear 3xx series (-1)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
ee67afe kernel: Refresh patches for all targets (+79,-155)

83dfa41 rockchip/armv8: enable armv8-CE crypto algorithms (+9)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

23f0fea sunxi/cortexa53: enable armv8-CE crypto algorithms (+10)
9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)
2b39238 x86: fix damaged config 5.10 refresh (+3,-3)
656036a x86: 64: Add kmod-igc to default packages (+1,-1)

9c60908 generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM] (+107,-2)

52a6475 ath10k-ct: update to 2022-05-13 (+22,-22)
f808496 ath10k-ct: Add patch from Robert Marko to 5.10+ (+92.2K,-39)

76c5c95 Revert "mac80211: add a bug fix for a rare crash" (-38)
aab535d mac80211: add airtime fairness improvements (+1.7K,-3)
08e1812 mac80211: increase airtime scheduler quantum (+53)
02cfd1f mac80211: ath10k: backport bus and device specific API 1 BDF selection (+65)
a3946a7 mac80211: fix mesh queue selection issue (+28)

f608779 mt76: update to the latest version (+3,-3)
65042bf mt76: mt7915: introduce 802.11ax multi-bss support (+70,-5)
e756ea3 mt76: fix wrong HE data rate in sniffer tool (+8,-4)
47b6413 mt76: mt7921: don't enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR i... (+10,-3)
7a05f46 mt76: fix monitor rx FCS error in DFS channel (+6,-3)
104dd5c mt76: mt7915: fix DBDC default band selection on MT7915D (+2)
a7805e4 mt76: reduce tx queue lock hold time (+8,-6)
0b1deb9 mt76: dma: use kzalloc instead of devm_kzalloc for txwi (+4,-2)
2e51013 mt76: dma: reduce lock contention in mt76_dma_tx_cleanup (+23,-3)
c96fbb8 mt76: mt7915: rework hardware/phy initialization (+78,-43)
c2bb44c mt76: mt7915: accept rx frames with non-standard VHT MCS10-11 (+1,-1)
36c23a4 mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (+1,-1)
5b7dd09 mt76: fix use-after-free by removing a non-RCU wcid pointer (+13,-12)
c692aac mt76: fix MBSS index condition in DBDC mode (+17,-17)
fd65419 mt76: mt7921u: add suspend/resume support (+72,-4)
201b33c mt76: mt7921: rely on mt76_dev rxfilter in mt7921_configure_filter (+14,-16)
9666c08 mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (+2,-2)
⇒ + 107 more...
32e9095 mt76: update to the latest version (+3,-3)
c07f459 firmware: update mt7622 firmware to version 20220630 ()
af406a2 mt76: do not use skb_set_queue_mapping for internal purposes (+24,-20)
fcd6293 mt76: update to the latest version (+3,-3)
93e3fce mt76: pass original queue id from __mt76_tx_queue_skb to the driver (+19,-18)

#9842

Description: [Zyxel NBG-419n v2 / 21.02.x boot fails / bootloop
Link: https://github.com/openwrt/openwrt/issues/9842
Commits:
2726c8c ramips: fix booting on ZyXEL NBG-419N v2 (+1)

#9986

Description: git prereq detection is fragile; broken on Guix
Link: https://github.com/openwrt/openwrt/issues/9986
Commits:
7e223a8 prereq-build: add additional git detection (+2,-1)

#10064

Description: Intel igc driver needed for default installs
Link: https://github.com/openwrt/openwrt/issues/10064
Commits:
656036a x86: 64: Add kmod-igc to default packages (+1,-1)

#10111

Description: wndap660 switch port to physical label and indicator LED mapping incorrect
Link: https://github.com/openwrt/openwrt/issues/10111
Commits:
a4390ea apm821xx: WNDAP660: fix ethernet port ordering (+13,-13)

#10131

Description: YunCore AX820: GPIO LED not correct
Link: https://github.com/openwrt/openwrt/issues/10131
Commits:
158a5af ramips: improve YunCore AX820 LEDs (+26,-6)

CVE-2022-1292

Description: The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
Commits:
5c7aed8 openssl: bump to 1.1.1p (+2,-2)

CVE-2022-2068

Description: In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
Commits:
5c7aed8 openssl: bump to 1.1.1p (+2,-2)

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2022/07/06 22:46
  • by hauke