_______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.3, r20028-43d71ad93e
 -----------------------------------------------------

OpenWrt 22.03.3

The OpenWrt community is proud to announce the newest stable release of the OpenWrt 22.03 stable version series. It fixes security issues, improves device support, and brings a few bug fixes.

Get OpenWrt Firmware at:

• https://firmware-selector.openwrt.org
• https://downloads.openwrt.org/releases/22.03.3/
• https://sysupgrade.openwrt.org

Main changes between OpenWrt 22.03.2 and OpenWrt 22.03.3

Only the main changes are listed below. See changelog-22.03.3 for the full changelog.

Security fixes

• CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk applet
• CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server
• CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
• CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
• CVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwrite
• CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key
• CVE-2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.

Device support

• Support for the following devices was added:
  • Ruckus ZoneFlex 7372
  • Ruckus ZoneFlex 7321
  • ZTE MF289F
  • TrendNet TEW-673GRU
  • Linksys EA4500 v3
  • Wavlink WS-WN572HP3 4G
• Fix reboot loop by using LZMA loader. This affects the following devices:
  • NETGEAR EX6150
  • HiWiFi HC5962
  • ASUS RT-N56U B1
  • Belkin F9K1109v1
  • D-Link DIR-645
  • D-Link DIR-860L B1
  • NETIS WF2881
  • ZyXEL WAP6805
• Fix WAN mac address assignment. This affects the following devices:
  • UniElec U7621-01
  • UniElec U7621-06
  • TP-Link AR7241
  • TP-Link TL-WR740N
  • TP-Link TL-WR741ND v4
  • Teltonika RUT230
  • Luma Home WRTQ-329ACN
• mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices:
  • CZ.NIC Turris Omnia
  • Linksys WRT1200AC
  • Linksys WRT1900ACS
  • Linksys WRT1900AC v1
  • Linksys WRT1900AC v2
  • Linksys WRT3200ACM
  • Linksys WRT32X
  • Linksys WRT3200ACM
  • SolidRun ClearFog Pro
• lantiq/xrx200: Enable interrupts on second VPE
• layerscape: Fix SPI-NOR issues with vendor patches
• RouterBoard 912UAG: Fix reference clock
• TP-Link RE200 v3/v4: Fix LED configuration
• GL.iNet GL-MT1300: Fix flash access by reducing SPI clock
• Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over vendor web UI
• D-Link DIR-825 B1: Add factory image recipe
• D-Link DIR-825-B1: Expand rootfs
• D-Link DGS-1210-10P: Add support for extra buttons and LEDs
• Asus RT-AC88U: Include Broadcom 4366b1 firmware by default
• AVM FRITZ!Box 7430: Include USB driver by default
• HAOYU Electronics MarsBoard A10: Include sound driver by default
• Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys factory firmware

Various fixes and improvements

• firewall4: Fix boot hang with firewall4 and loadfile
• Added the following kernel packages:
  • kmod-sched-prio (extracted from kmod-sched)
  • kmod-sched-red (extracted from kmod-sched)
  • kmod-sched-act-police (extracted from kmod-sched)
  • kmod-sched-act-ipt (extracted from kmod-sched)
  • kmod-sched-pie (extracted from kmod-sched)
  • kmod-sched-drr
  • kmod-sched-fq-pie
  • kmod-sched-act-sample
  • kmod-nvme
  • kmod-phy-marvell
  • kmod-hwmon-sht3x
  • kmod-netconsole
  • kmod-btsdio
• Added firmware files for mt7916 and mt7921 devices
• hostapd: Remove dtim_period option from device, it is already a BSS property
• procd: Service: pass all arguments to service
• ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
• comgt-ncm: Add support for quectel modem EC200T-EU
• umbim: Allow roaming and partner connections
• kernel: Add support for EON EN25QX128A spi nor flash
• iwinfo: Many bugfixes and improvements:
  • improvements in showing the used band, ht mode and hw mode
  • Added support for HE (Wifi 6) modes
  • Added support for new devices (MT7921AU, MT7986 WiSoC)
  • Add support for CCMP-256 and GCMP-256 ciphers
• uhttpd: Fix incorrectly emitting HTTP 413 for certain content lengths
• gcc: Import patch fixing asm machine directive for powerpc

Core components update

• Update Linux kernel from 5.10.146 to 5.10.161
• Update mac80211 backports from 5.15.58-1 to 5.15.81-1
• Update strace from 5.16 to 5.19
• Update mbedtls from 2.28.1 to 2.28.2
• Update openssl from 1.1.1q to 1.1.1s
• Update wolfssl from 5.5.1 to 5.5.4
• Update util-linux from 2.37.3 to 2.37.4
• Update firewall4 from 2022-10-14 to 2022-10-18
• Update odhcpd from 2022-03-22 to 2023-01-02
• Update uhttpd from 2022-08-12 to 2022-10-31
• Update iwinfo from 2022-08-19 to 2022-12-15
• Update ucode from 2022-10-07 to 2022-12-02

Upgrading to 22.03.3

Sysupgrade can be used to upgrade a device from OpenWrt 21.02 or 22.03 to 22.03.3 and configuration will be preserved in most cases.

Warning Sysupgrade from 19.07 to 22.03 is not supported.

Warning There is no migration path for targets that switched from swconfig to DSA. In that case, sysupgrade will refuse to proceed with an appropriate error message: Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

Known issues

None so far. Please report bugs and issues!