OpenWrt 22.03.4 service release

aparcar · April 14, 2023, 9:10pm

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.4, r20123-38ccc47687
 -----------------------------------------------------

OpenWrt 22.03.4

The OpenWrt community is proud to announce the newest point release of the
OpenWrt 22.03 stable version series. It fixes security issues, improves device
support, and brings a few bug fixes.

Get OpenWrt Firmware at:

Main changes between OpenWrt 22.03.3 and OpenWrt 22.03.4

Only the main changes are listed below. See changelog-22.03.4 for the full changelog.

Security fixes

CVE-2022-4304
CVE-2022-4450
CVE-2022-47522
CVE-2022-47938
CVE-2022-47939
CVE-2022-47940
CVE-2022-47941
CVE-2022-47942
CVE-2022-47943
CVE-2023-0215
CVE-2023-0286

Added devices

05ec70f kernel: add support for XMC XM25QH64C
0657576 ath79: add LTE led for GL.iNet GL-XE300
788a0cf mpc85xx: add support for Watchguard Firebox T10
3c6692b ramips: add support for TP-Link Archer AX23 v1
f5db04e ramips: add support for Mercusys MR70X
711e45e ramips: add support for D-Link DAP-X1860 A1

Fixed issues

#7757 via 4b7f9e4 lantiq-xrx200: fix wan LED on o2 box 6431
#9491 via fea7478 iproute2: add missing libbpf dependency
#10871 via 3bc6d2a tools/dosfstools: fix PKG_SOURCE
#11701 via 50d707e lantiq: fix lzma-loader for Netgear DGN 3500(B)

Improvements

38ccc47 imagebuilder: allow to specific ROOTFS_PARTSIZE
7531ef7 sdk: expose PATENTED an NLS build options*

Core components update

f61c5cf kernel: bump 5.10 to 5.10.176
863288b mac80211: Update to version 5.15.92-1
7c10b7b CI: build: fix external toolchain use with release tag tests

Upgrading to 22.03.4

Sysupgrade can be used to upgrade a device from OpenWrt 21.02 or 22.03 to
22.03.4 and configuration will be preserved in most cases.

Warning
Sysupgrade from 19.07 to 22.03.x is not supported.

Warning There is no migration path for targets that switched from swconfig
to DSA. In that case,
sysupgrade will refuse to proceed with an appropriate error message: Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

Known issues

#12232 Linksys MR8300 may break after the update, wait for the next service release!

badulesia · April 14, 2023, 9:23pm

Hi.
Several ipq40xx devices (MR8300, EA8300, EA6350) don't boot under 22.03.4 due to a kernel regression. Please read this : OpenWrt SNAPSHOT r22302 on MR8300
This may also impact other devices from the same target. Don't upgrade to 22.03.4 until a solution is found.

openrouterman · April 14, 2023, 9:24pm

Just updated xiaomi router 4a gigabit V1
Without any error...

Specimen · April 14, 2023, 9:25pm

Linksys MR8300/EA8300 images fail to boot.
Please remove these images so users don't run into problems.

More info here: https://forum.openwrt.org/t/openwrt-snapshot-r22302-on-mr8300/154878
This problem has been known for almost a month.

aparcar · April 14, 2023, 9:36pm

Is this the issue to track it?

badulesia · April 14, 2023, 9:37pm

Yes.
It seems that the issue if on both kernels 5.10 (22.03) and 5.15 (master).

anomeome · April 14, 2023, 9:44pm

apparent resolution, but have not seen an patch submitted.

Specimen · April 14, 2023, 9:49pm

Yes, but it's a duplicate of: https://github.com/openwrt/openwrt/issues/12232

Pico · April 14, 2023, 10:59pm

I had to google it. If anyone else needs a quick overview of the situation:

CVE-2022-4304 openSSL
CVE-2022-4450 openSSL
CVE-2022-47522 wifi client isolation bypasses
CVE-2022-47938 ksmbd
CVE-2022-47939 ksmbd
CVE-2022-47940 ksmbd
CVE-2022-47941 ksmbd
CVE-2022-47942 ksmbd
CVE-2022-47943 ksmbd
CVE-2023-0215 openSSL
CVE-2023-0286 openSSL

Synerworks · April 15, 2023, 12:14am

The issue that is affecting UBI based MTD devices breaking 22.03.and snapshot release due to the kernel 5.10.x and 5.15.x still has the bug and the dev team should have just applied the emergency roll-back or corrective patch already widely known and confirmed to work over the past month, every expected stable releases is broken now.

account4538 · April 15, 2023, 1:22am

And details if anyone wants to dig into it:

patrakov · April 15, 2023, 1:29am

Upgraded Netgear WAX202 serving as a WDS client, using attended sysupgrade, from 22.03.3, almost successfully. The only trouble is that the browser never told me that the upgrade is actually successful, it stuck on the "please wait, do not disconnect the power" page.

patrakov · April 15, 2023, 1:32am

I don't fully understand, is Linksys E8450 (UBI) safe to upgrade?

Naftali · April 15, 2023, 3:12am

Huge Thanks to the devs and community

What does this new option?

Allow overwriting conflicting package files

mrgspeed · April 15, 2023, 3:27am

so this release doesn't cover xiaomi ax3600 either ?
are there any plans to include that device too ?

hnyman · April 15, 2023, 3:46am

This is just a maintenance release to the year-old 22.03 branch, not a new full release. There is no ath11k or ipq807x support in 22.03.

Those will be part of the full release, 23.0x.0

hnyman · April 15, 2023, 3:58am

That has always been available in opkg as --force-overwrite
Now it is just exposed to LuCI GUI.
It allows overwriting files from other packages (without uninstalling the other package).

useful e.g. when testing alternative WiFi firmware blobs ath10k vs. ath10k-ct, as you can install the other similarly named alternative blob without formally removing the old package.

openrouterman · April 15, 2023, 4:06am

Just updated another mi 4a gig v1 and successful.

ed8 · April 15, 2023, 5:02am

Updated successfully via attended sysupgrade 22.03.3 => 22.03.4 after 95 days uptime:

EAP615-WALL access point
RPI4 router

Many thanks to the devs!

Lynx · April 15, 2023, 7:29am

I upgraded and all seems fine with my RT3200s.

But it seems like rather a blunder that this service release results in failure on a pretty popular device.

I wonder how this happened and what steps will be taken to help safeguard against this for future service releases?

Was this issue:

github.com/openwrt/openwrt

ipq40xx: Linksys MR8300: fix propagated error since 22.03.x snapshot r20071 still works with the 5.10.168 kernel and has been propagated to other merge

opened 07:47PM - 06 Apr 23 UTC

closed 02:26AM - 15 Apr 23 UTC

roblad

bug

### Describe the bug I noticed error with update new version of snapshot Al…so people have been experienced the same issue Initially it was discovered in the forum threat https://forum.openwrt.org/t/openwrt-snapshot-r22302-on-mr8300/154878/37 and suggested that it may be a recent kernel modification. Once that modification has been merged, it may bugs both 5.10 and 5.15 kernels. We already know that 5.15 snapshots don't boot, so there is now a possibility that the next 22.03.4 won't boot either. On Github, [@clauded](https://forum.openwrt.org/u/clauded) posted this link [https://lore.kernel.org/lkml/20230306013308.3884777-1-chengzhihao1@huawei.com/t/ 5](https://lore.kernel.org/lkml/20230306013308.3884777-1-chengzhihao1@huawei.com/t/) ### OpenWrt version OpenWrt 22.03-SNAPSHOT r20068-788a0cf15c ### OpenWrt target/subtarget SNAPSHOT ### Device MR8300 v. 1.1 ### Image kind Self-built image ### Steps to reproduce just install EKO1 build https://dl.eko.one.pl/luci/openwrt-22.03/ipq40xx/generic/luci-22.03-snapshot-r20090-c2331038b2-ipq40xx-generic-linksys_mr8300-squashfs-factory.bin ### Actual behaviour Stop boot after upgrade flashed factory, overwrite second partition after sysupgrade ### Expected behaviour flash factory bin with success ### Additional info there is EKO1 threat I wrote https://eko.one.pl/forum/viewtopic.php?pid=283918#p283918 ### Diffconfig ```text N/A ``` ### Terms - [X] I am reporting an issue for OpenWrt, not an unsupported fork.

not already active at the time the 22.03.4 service release was issued?