OpenWrt 22.03.3 third service release

Release and security announcements
1

Hi,

The OpenWrt community is proud to announce the newest stable release of the OpenWrt 22.03 stable version series. It fixes security issues, improves device support, and brings a few bug fixes.

Download firmware images using the OpenWrt Firmware Selector:

Download firmware images directly from our download servers:

Main changes between OpenWrt 22.03.2 and OpenWrt 22.03.3:

Security fixes

  • CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk applet
  • CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server
  • CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
  • CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
  • CVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwrite
  • CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key
  • CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.

Device support

  • Support for the following devices was added:
    • Ruckus ZoneFlex 7372
    • Ruckus ZoneFlex 7321
    • ZTE MF289F
    • TrendNet TEW-673GRU
    • Linksys EA4500 v3
    • Wavlink WS-WN572HP3 4G
  • Fix reboot loop by using LZMA loader. This affects the following devices:
    • NETGEAR EX6150
    • HiWiFi HC5962
    • ASUS RT-N56U B1
    • Belkin F9K1109v1
    • D-Link DIR-645
    • D-Link DIR-860L B1
    • NETIS WF2881
    • ZyXEL WAP6805
  • Fix WAN mac address assignment. This affects the following devices:
    • UniElec U7621-01
    • UniElec U7621-06
    • TP-Link AR7241
    • TP-Link TL-WR740N
    • TP-Link TL-WR741ND v4
    • Teltonika RUT230
    • Luma Home WRTQ-329ACN
  • mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices (See mvebubroken_mv88e6176_switch, and #11077):
    • CZ.NIC Turris Omnia
    • Linksys WRT1200AC
    • Linksys WRT1900ACS
    • Linksys WRT1900AC v1
    • Linksys WRT1900AC v2
    • Linksys WRT3200ACM
    • Linksys WRT32X
    • Linksys WRT3200ACM
    • SolidRun ClearFog Pro
  • lantiq/xrx200: Enable interrupts on second VPE
  • layerscape: Fix SPI-NOR issues with vendor patches
  • RouterBoard 912UAG: Fix reference clock
  • TP-Link RE200 v3/v4: Fix LED configuration
  • GL.iNet GL-MT1300: Fix flash access by reducing SPI clock
  • Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over vendor web UI
  • D-Link DIR-825 B1: Add factory image recipe
  • D-Link DIR-825-B1: Expand rootfs
  • D-Link DGS-1210-10P: Add support for extra buttons and LEDs
  • Asus RT-AC88U: Include Broadcom 4366b1 firmware by default
  • AVM FRITZ!Box 7430: Include USB driver by default
  • HAOYU Electronics MarsBoard A10: Include sound driver by default
  • Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys factory firmware

Various fixes and improvements

  • firewall4: Fix boot hang with firewall4 and loadfile
  • Added the following kernel packages:
    • kmod-sched-prio (extracted from kmod-sched)
    • kmod-sched-red (extracted from kmod-sched)
    • kmod-sched-act-police (extracted from kmod-sched)
    • kmod-sched-act-ipt (extracted from kmod-sched)
    • kmod-sched-pie (extracted from kmod-sched)
    • kmod-sched-drr
    • kmod-sched-fq-pie
    • kmod-sched-act-sample
    • kmod-nvme
    • kmod-phy-marvell
    • kmod-hwmon-sht3x
    • kmod-netconsole
    • kmod-btsdio
  • Added firmware files for mt7916 and mt7921 devices
  • ucode: lexer: Fixes for regex literal parsing
  • hostapd: Remove dtim_period option from device, it is already a BSS property
  • procd: Service: pass all arguments to service
  • ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
  • comgt-ncm: Add support for quectel modem EC200T-EU
  • umbim: Allow roaming and partner connections
  • kernel: Add support for EON EN25QX128A spi nor flash
  • iwinfo: Many bugfixes and improvements:
    • improvements in showing the used band, ht mode and hw mode
    • Added support for HE (Wifi 6) modes
    • Added support for new devices (MT7921AU, MT7986 WiSoC)
    • Add support for CCMP-256 and GCMP-256 ciphers
  • uhttpd: Fix incorrectly emitting HTTP 413 for certain content lengths
  • gcc: Import patch fixing asm machine directive for powerpc

Core components update

  • Update Linux kernel from 5.10.146 to 5.10.161
  • Update mac80211 backports from 5.15.58-1 to 5.15.81-1
  • Update strace from 5.16 to 5.19
  • Update mbedtls from 2.28.1 to 2.28.2
  • Update openssl from 1.1.1q to 1.1.1s
  • Update wolfssl from 5.5.1 to 5.5.4
  • Update util-linux from 2.37.3 to 2.37.4
  • Update firewall4 from 2022-10-14 to 2022-10-18
  • Update odhcpd from 2022-03-22 to 2023-01-02
  • Update uhttpd from 2022-08-12 to 2022-10-31
  • Update iwinfo from 2022-08-19 to 2022-12-15
  • Update ucode from 2022-10-07 to 2022-12-02

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/22.03/notes-22.03.3

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/22.03/notes-22.03.3#known_issues

For a detailed list of all changes since 22.03.2, refer to
https://openwrt.org/releases/22.03/changelog-22.03.3

To download the 22.03.3 images, navigate to:
https://downloads.openwrt.org/releases/22.03.3/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org/?version=22.03.3

As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.

Have fun!

The OpenWrt Community

To stay informed of new OpenWrt releases and security advisories, there are new channels available:

33 Likes
3

Do we have details on this? Looking at the MR8300 page (https://openwrt.org/toh/linksys/mr8300), it doesn't say specifically how to do this. Perhaps it's just uploading the factory firmware image to sysupgrade?

1 Like
4

committ comment

2 Likes
5

Regarding "mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices", what issue is occuring? I have an WRT1900ACS running 22.03.2. I haven't noticed anything and it appears to be functioning correctly. As it stands I can't upgrade for the security issues.

4 Likes
6

commit where disabled, working on 5.15 though (master).

2 Likes
7

I wonder if going back to the 21.x release would work? Anyone know if that is a real option? Or, is the marvell_a385... usable?

8

Looking into the bug, it seems that in some cases the switch behaves more like a hub (sending packets to all ports regardless of where they are supposed to go).

I have not investigated very much, but I don't think that every use case is affected. Say, I have not personally observed the issue in my setup after spending a few minutes trying to confirm it.

The image for my device (wrt1200ac) isn't built by default anymore, but it still builds find using the imagebuilder. I was already building custom images for my own use, so I'll just keep doing that.

9

Only oddity seen so far coming from 21.02.5 (WNDR3800) is repeated:

"daemon.info vnstatd[4317]: Error: Database load failed even when using backup (Invalid argument). Aborting"

Which of course meant that Vnstat didn't work, even after restarting it. So I had to delete the database for whatever reason. Not something that I've seen happen before and am not sure if it's expected coming from 21.02 given the changes.

10

Xiaomi Redmi AC2100.
upnp function stops from work starting from 22.03.rc6. in rc5 it was fine.
in 22.03.3 it is the same. Applications complain no upnp support, and when enable extra log,
"xxx is not a IGD pinhole" is shown. Something like this:

 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: level=0 type=8
 daemon.debug miniupnpd[24166]: ifindex = 10  192.168.57.99
 daemon.info miniupnpd[24166]: Received UDP Packet (IPv6)
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: level=0 type=8
 daemon.debug miniupnpd[24166]: ifindex = 10  192.168.57.99
 daemon.info miniupnpd[24166]: Received UDP Packet (IPv6)
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: level=0 type=8
 daemon.debug miniupnpd[24166]: ifindex = 10  192.168.57.99
 daemon.info miniupnpd[24166]: Received UDP Packet (IPv6)
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole
 daemon.debug miniupnpd[24166]: rule with label 'a9301fd0' is not a IGD pinhole


config upnpd 'config'
	option upload '512'
	option internal_iface 'lan2 lan'
	option port '5000'
	option upnp_lease_file '/var/run/miniupnpd.leases'
	option enabled '1'
	option uuid 'nocli'
	option download '10240'
	option clean_ruleset_interval '86400'

config perm_rule
	option action 'allow'
	option ext_ports '1024-65535'
	option int_addr '0.0.0.0/0'
	option int_ports '1024-65535'
	option comment 'Allow high ports'

config perm_rule
	option action 'deny'
	option ext_ports '0-65535'
	option int_addr '0.0.0.0/0'
	option int_ports '0-65535'
	option comment 'Default deny'

Github issue here but no update in 2 months...
No one is using upnp here??

1 Like
11

no one is using upnp 10+ years already, somehow upnp live only in France, but not rest of the EU/Russia/China/USA so i guess nobody cares to fix it

12

Can anyone suggest recommended action for users of the above mvebu devices such as myself. It seems this pretty serious issue affects previous stable builds as well. It would be good to get some sort of official announcement on this with recommended actions given the popularity of the device and severity of the issue.

7 Likes
13

21.02.x or snapshots (master)[0].

--
[0] or working on finding- and backporting the changes that fixed kernel v5.15 to v5.10, so the next openwrt-23.03 release after those (potential) backports got merged can be fixed

1 Like
14

I wonder what that means ...
Does 'sending packets to all ports' aka acting like a hub include the WAN port?
Is there any recommendation? Buy a new router? Will there be a fix in future or is the device broken (I haven't seen any problems so far)?

2 Likes
15

Hello. The build for the x86_64 target ends with various errors. I had to exclude (kmod-button-hotplug, kmod-ath10k, kmod-mac80211, kmod-cfg80211, flashrom, pciutils). Device PC Engines APU2.

kg/include -I/home/debian/apu2/staging_dir/target-x86_64_musl/host/include -Wall -Wmissing-prototypes -Wstrict-prototypes" CROSS_COMPILE="x86_64-openwrt-linux-musl-" ARCH="x86" KBUILD_HAVE_NLS=no KBUILD_BUILD_USER="" KBUILD_BUILD_HOST="" KBUILD_BUILD_TIMESTAMP="Tue Jan  3 00:24:21 2023" KBUILD_BUILD_VERSION="0" HOST_LOADLIBES="-L/home/debian/apu2/staging_dir/host/lib" KBUILD_HOSTLDLIBS="-L/home/debian/apu2/staging_dir/host/lib" CONFIG_SHELL="bash" V=''  cmd_syscalls= KBUILD_EXTRA_SYMBOLS="/home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/symvers/gpio-button-hotplug.symvers /home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/symvers/gpio-nct5104d.symvers" KERNELRELEASE=5.10.161 M="/home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/button-hotplug" EXTRA_CFLAGS=" -DCONFIG_BUTTON_HOTPLUG=1  " CONFIG_BUTTON_HOTPLUG=m modules
make[4]: Entering directory '/home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/linux-5.10.161'
make[5]: *** No rule to make target '/home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/button-hotplug/button-hotplug.o', needed by '/home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/button-hotplug/button-hotplug.mod'.  Stop.
make[4]: *** [Makefile:1837: /home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/button-hotplug] Error 2
make[4]: Leaving directory '/home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/linux-5.10.161'
make[3]: *** [Makefile:53: /home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/button-hotplug/.built] Error 2
make[3]: Leaving directory '/home/debian/apu2/package/kernel/button-hotplug'
time: package/kernel/button-hotplug/compile#0.39#0.03#0.41
    ERROR: package/kernel/button-hotplug failed to build.
make[2]: *** [package/Makefile:116: package/kernel/button-hotplug/compile] Error 1
make[2]: Leaving directory '/home/debian/apu2'
make[1]: *** [package/Makefile:110: /home/debian/apu2/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/debian/apu2'
make: *** [/home/debian/apu2/include/toplevel.mk:230: world] Ошибка 2

make[8]: 'conf' is up to date.
boolean symbol CRYPTO_LIB_ARC4 tested for 'm'? test forced to 'n'
#
# configuration written to .config
#
Building backport-include/backport/autoconf.h ... done.
make[9]: *** No rule to make target '/home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/backports-5.15.81-1/compat/main.o', needed by '/home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/backports-5.15.81-1/compat/compat.o'.  Stop.
make[8]: *** [scripts/Makefile.build:503: /home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/backports-5.15.81-1/compat] Error 2
make[7]: *** [Makefile:1837: /home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/backports-5.15.81-1] Error 2
make[6]: *** [Makefile.build:13: modules] Error 2
make[5]: *** [Makefile.real:93: modules] Error 2
make[4]: *** [Makefile:121: modules] Error 2
make[4]: Leaving directory '/home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/backports-5.15.81-1'
make[3]: *** [Makefile:559: /home/debian/apu2/build_dir/target-x86_64_musl/linux-x86_64/backports-5.15.81-1/.built] Error 2
make[3]: Leaving directory '/home/debian/apu2/package/kernel/mac80211'
time: package/kernel/mac80211/regular/compile#0.47#0.03#0.46
    ERROR: package/kernel/mac80211 failed to build (build variant: regular).
make[2]: *** [package/Makefile:116: package/kernel/mac80211/compile] Error 1
make[2]: Leaving directory '/home/debian/apu2'
make[1]: *** [package/Makefile:110: /home/debian/apu2/staging_dir/target-x86_64_musl/stamp/.package_compile] Error 2
make[1]: Leaving directory '/home/debian/apu2'
make: *** [/home/debian/apu2/include/toplevel.mk:230: world] Ошибка 2

        But that file is already provided by package  * busybox
 * opkg_install_cmd: Cannot install package pciutils.
make[2]: *** [package/Makefile:70: package/install] Error 255
make[2]: Leaving directory '/home/debian/apu2'
make[1]: *** [package/Makefile:111: /home/debian/apu2/staging_dir/target-x86_64_musl/stamp/.package_install] Error 2
make[1]: Leaving directory '/home/debian/apu2'
make: *** [/home/debian/apu2/include/toplevel.mk:230: world] Ошибка 2
16

Kernel 5.15 does not show this behavior, so the issue will likely 'fix itself' once OpenWrt switches to a new kernel. TurrisOS did exactly that and switched to 5.15.x evon for its OpenWrt21 based TOS 6 version.
Howebrr unless someone finds what fixed the isdue between kernel 5.10 and 5.15 and backports these changes if possible it is likely that OpenWrt 22 will not support mvebu.
I have a feeling disabling mvebu was partially intended to increase the motivation to get this fixed properly, but have my doubts whether it will work out.
For what it is worth, I run my mvebu turris omnia under turrisOS as I bought it in big parts for the automatic update feature (I happen to trust team turris). So I am unlikely to help in fixing OpenWrt22, since again TOS does not show the issue.

1 Like
17

I'm still unsure about the implications?
Is this making mvebu unusable as packtes also go out on wan? Should we stopusing mvebu devices (I have a WRT3200ACM) until this is fixed?
As it seems this is not always happening: is there some info how to detect if this hub bevaviour occures? Mayby some log statements?

5 Likes
18

The package bind-dig seems to have disappeared in this release. image builder says: Unknown package 'bind-dig'.

I don't see any source changes (https://github.com/openwrt/packages/tree/master/net/bind) that would cause this though.

19

Really think there ought to be an official announcement on this with an explanation of the implications and suggested actions rather than burying the fact these devices have been disabled in a changelog. Many will not realise that this is an issue unless they read all the way through the changelog and even if they do there is no context given around the situation. Fairly disappointed in the way this has been handled...

10 Likes
20

Due to changes in quite other packages, which caused bind to detect an additional library, causing build breakage due to missing dependency.

Fix is coming:

1 Like