Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
releases:22.03:notes-22.03.3 [2023/01/03 21:28] – created haukereleases:22.03:notes-22.03.3 [2023/01/09 00:59] – UniElec hauke
Line 1: Line 1:
-====== OpenWrt 22.03.3 - Service Release - January 2023 ======+====== OpenWrt 22.03.3 - Service Release - January 2023 ======
  
 <code> <code>
Line 13: Line 13:
  
 /* Uncomment when the release is still work-in-progress */ /* Uncomment when the release is still work-in-progress */
-{{page>meta:infobox:attention_wiprelease&noheader&nofooter&noeditbtn}}+/* {{page>meta:infobox:attention_wiprelease&noheader&nofooter&noeditbtn}} */
  
  
Line 46: Line 46:
 ==== Security fixes ==== ==== Security fixes ====
  
-  * +  * CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk applet 
 +  * CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server 
 +  * CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5 
 +  * CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability 
 +  * CVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwrite 
 +  * CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key 
 +  * CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.  
  
 ==== Device support ==== ==== Device support ====
  
-  *  +  * Support for the following devices was added: 
 +    * Ruckus ZoneFlex 7372 
 +    * Ruckus ZoneFlex 7321 
 +    * ZTE MF289F 
 +    * TrendNet TEW-673GRU 
 +    * Linksys EA4500 v3 
 +    * Wavlink WS-WN572HP3 4G 
 +  * Fix reboot loop by using LZMA loader. This affects the following devices: 
 +    * NETGEAR EX6150 
 +    * HiWiFi HC5962 
 +    * ASUS RT-N56U B1 
 +    * Belkin F9K1109v1 
 +    * D-Link DIR-645 
 +    * D-Link DIR-860L B1 
 +    * NETIS WF2881 
 +    * ZyXEL WAP6805 
 +  * Fix WAN mac address assignment. This affects the following devices: 
 +    * UniElec U7621-01 
 +    * UniElec U7621-06 
 +    * TP-Link AR7241 
 +    * TP-Link TL-WR740N 
 +    * TP-Link TL-WR741ND v4 
 +    * Teltonika RUT230  
 +    * Luma Home WRTQ-329ACN 
 +  * mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices: 
 +    * CZ.NIC Turris Omnia 
 +    * Linksys WRT1200AC 
 +    * Linksys WRT1900ACS 
 +    * Linksys WRT1900AC v1 
 +    * Linksys WRT1900AC v2 
 +    * Linksys WRT3200ACM 
 +    * Linksys WRT32X 
 +    * Linksys WRT3200ACM 
 +    * SolidRun ClearFog Pro 
 +  * lantiq/xrx200: Enable interrupts on second VPE 
 +  * layerscape: Fix SPI-NOR issues with vendor patches 
 +  * RouterBoard 912UAG: Fix reference clock 
 +  * TP-Link RE200 v3/v4: Fix LED configuration 
 +  * GL.iNet GL-MT1300: Fix flash access by reducing SPI clock 
 +  * Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over vendor web UI 
 +  * D-Link DIR-825 B1: Add factory image recipe 
 +  * D-Link DIR-825-B1: Expand rootfs 
 +  * D-Link DGS-1210-10P: Add support for extra buttons and LEDs 
 +  * Asus RT-AC88U: Include Broadcom 4366b1 firmware by default 
 +  * AVM FRITZ!Box 7430: Include USB driver by default 
 +  * HAOYU Electronics MarsBoard A10: Include sound driver by default 
 +  * Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys factory firmware
  
 ==== Various fixes and improvements ==== ==== Various fixes and improvements ====
  
-  * +  * firewall4: Fix boot hang with firewall4 and loadfile 
 +  * Added the following kernel packages: 
 +    * kmod-sched-prio (extracted from kmod-sched) 
 +    * kmod-sched-red (extracted from kmod-sched) 
 +    * kmod-sched-act-police (extracted from kmod-sched) 
 +    * kmod-sched-act-ipt (extracted from kmod-sched) 
 +    * kmod-sched-pie (extracted from kmod-sched) 
 +    * kmod-sched-drr 
 +    * kmod-sched-fq-pie 
 +    * kmod-sched-act-sample 
 +    * kmod-nvme 
 +    * kmod-phy-marvell 
 +    * kmod-hwmon-sht3x 
 +    * kmod-netconsole 
 +    * kmod-btsdio 
 +  * Added firmware files for mt7916 and mt7921 devices 
 +  * hostapd: Remove dtim_period option from device, it is already a BSS property  
 +  * procd: Service: pass all arguments to service 
 +  * ustream-openssl: Disable renegotiation in TLSv1.2 and earlier 
 +  * comgt-ncm: Add support for quectel modem EC200T-EU 
 +  * umbim: Allow roaming and partner connections 
 +  * kernel: Add support for EON EN25QX128A spi nor flash 
 +  * iwinfo: Many bugfixes and improvements: 
 +    * improvements in showing the used band, ht mode and hw mode 
 +    * Added support for HE (Wifi 6) modes 
 +    * Added support for new devices (MT7921AU, MT7986 WiSoC) 
 +    * Add support for CCMP-256 and GCMP-256 ciphers 
 +  * uhttpd: Fix incorrectly emitting HTTP 413 for certain content lengths 
 +  * gcc: Import patch fixing asm machine directive for powerpc
  
 ==== Core components update ==== ==== Core components update ====
  
-  * +  * Update Linux kernel from 5.10.146 to 5.10.161 
 +  * Update mac80211 backports from 5.15.58-1 to 5.15.81-1 
 +  * Update strace from 5.16 to 5.19 
 +  * Update mbedtls from 2.28.1 to 2.28.2 
 +  * Update openssl from 1.1.1q to 1.1.1s 
 +  * Update wolfssl from 5.5.1 to 5.5.4 
 +  * Update util-linux from 2.37.3 to 2.37.4 
 +  * Update firewall4 from 2022-10-14 to 2022-10-18 
 +  * Update odhcpd from 2022-03-22 to 2023-01-02 
 +  * Update uhttpd from 2022-08-12 to 2022-10-31  
 +  * Update iwinfo from 2022-08-19 to 2022-12-15 
 +  * Update ucode from 2022-10-07 to 2022-12-02
  
 ===== Upgrading to 22.03.3 =====  ===== Upgrading to 22.03.3 ===== 
Line 71: Line 163:
 ===== Known issues ===== ===== Known issues =====
  
-  * **Boot hang with firewall4 and loadfile:** When using a firewall configuration declaring ''config ipset'' sections in conjunction with an ''option loadfile'' entry, the ''fw4'' process will hang and prevent the system startup to complete. To solve this issue, boot the system into [[docs:guide-user:troubleshooting:failsafe_and_factory_reset#entering_failsafe_mode|failsafe mode]] and temporarily disable any ''loadfile'' option. Proceed with a normal system reboot, upgrade the ''firewall4'' package to version "2022-10-18-7ae5e14b-1" or later using ''opkg update; opkg upgrade firewall4'' and re-enable any previously disabled ''option loadfile'' entries.+None so far
  
 See [[:bugs|reporting bugs]] if you encounter issues with this release. See [[:bugs|reporting bugs]] if you encounter issues with this release.
  • Last modified: 2023/01/10 19:53
  • by hauke