OpenWrt 22.03.4 service release

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.4, r20123-38ccc47687
 -----------------------------------------------------

OpenWrt 22.03.4

The OpenWrt community is proud to announce the newest point release of the
OpenWrt 22.03 stable version series. It fixes security issues, improves device
support, and brings a few bug fixes.

Get OpenWrt Firmware at:

Main changes between OpenWrt 22.03.3 and OpenWrt 22.03.4

Only the main changes are listed below. See changelog-22.03.4 for the full changelog.

Security fixes

  • CVE-2022-4304
  • CVE-2022-4450
  • CVE-2022-47522
  • CVE-2022-47938
  • CVE-2022-47939
  • CVE-2022-47940
  • CVE-2022-47941
  • CVE-2022-47942
  • CVE-2022-47943
  • CVE-2023-0215
  • CVE-2023-0286

Added devices

  • 05ec70f kernel: add support for XMC XM25QH64C
  • 0657576 ath79: add LTE led for GL.iNet GL-XE300
  • 788a0cf mpc85xx: add support for Watchguard Firebox T10
  • 3c6692b ramips: add support for TP-Link Archer AX23 v1
  • f5db04e ramips: add support for Mercusys MR70X
  • 711e45e ramips: add support for D-Link DAP-X1860 A1

Fixed issues

  • #7757 via 4b7f9e4 lantiq-xrx200: fix wan LED on o2 box 6431
  • #9491 via fea7478 iproute2: add missing libbpf dependency
  • #10871 via 3bc6d2a tools/dosfstools: fix PKG_SOURCE
  • #11701 via 50d707e lantiq: fix lzma-loader for Netgear DGN 3500(B)

Improvements

  • 38ccc47 imagebuilder: allow to specific ROOTFS_PARTSIZE
  • 7531ef7 sdk: expose PATENTED an NLS build options*

Core components update

  • f61c5cf kernel: bump 5.10 to 5.10.176
  • 863288b mac80211: Update to version 5.15.92-1
  • 7c10b7b CI: build: fix external toolchain use with release tag tests

Upgrading to 22.03.4

Sysupgrade can be used to upgrade a device from OpenWrt 21.02 or 22.03 to
22.03.4 and configuration will be preserved in most cases.

Warning
Sysupgrade from 19.07 to 22.03.x is not supported.

Warning There is no migration path for targets that switched from swconfig
to DSA. In that case,
sysupgrade will refuse to proceed with an appropriate error message: Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed

Known issues

  • #12232 Linksys MR8300 may break after the update, wait for the next service release!
19 Likes

Hi.
Several ipq40xx devices (MR8300, EA8300, EA6350) don't boot under 22.03.4 due to a kernel regression. Please read this : OpenWrt SNAPSHOT r22302 on MR8300
This may also impact other devices from the same target. Don't upgrade to 22.03.4 until a solution is found.

5 Likes

Just updated xiaomi router 4a gigabit V1
Without any error...

2 Likes

Linksys MR8300/EA8300 images fail to boot.
Please remove these images so users don't run into problems.

More info here: https://forum.openwrt.org/t/openwrt-snapshot-r22302-on-mr8300/154878
This problem has been known for almost a month.

6 Likes

Is this the issue to track it?

Yes.
It seems that the issue if on both kernels 5.10 (22.03) and 5.15 (master).

1 Like

apparent resolution, but have not seen an patch submitted.

2 Likes

Yes, but it's a duplicate of: https://github.com/openwrt/openwrt/issues/12232

I had to google it. If anyone else needs a quick overview of the situation:

  • CVE-2022-4304 openSSL
  • CVE-2022-4450 openSSL
  • CVE-2022-47522 wifi client isolation bypasses
  • CVE-2022-47938 ksmbd
  • CVE-2022-47939 ksmbd
  • CVE-2022-47940 ksmbd
  • CVE-2022-47941 ksmbd
  • CVE-2022-47942 ksmbd
  • CVE-2022-47943 ksmbd
  • CVE-2023-0215 openSSL
  • CVE-2023-0286 openSSL
6 Likes

The issue that is affecting UBI based MTD devices breaking 22.03.and snapshot release due to the kernel 5.10.x and 5.15.x still has the bug and the dev team should have just applied the emergency roll-back or corrective patch already widely known and confirmed to work over the past month, every expected stable releases is broken now.

2 Likes

And details if anyone wants to dig into it:

Upgraded Netgear WAX202 serving as a WDS client, using attended sysupgrade, from 22.03.3, almost successfully. The only trouble is that the browser never told me that the upgrade is actually successful, it stuck on the "please wait, do not disconnect the power" page.

3 Likes

I don't fully understand, is Linksys E8450 (UBI) safe to upgrade?

1 Like

Huge Thanks to the devs and community

What does this new option?

Allow overwriting conflicting package files

so this release doesn't cover xiaomi ax3600 either ? :frowning:
are there any plans to include that device too ?

1 Like

This is just a maintenance release to the year-old 22.03 branch, not a new full release. There is no ath11k or ipq807x support in 22.03.

Those will be part of the full release, 23.0x.0

3 Likes

That has always been available in opkg as --force-overwrite
Now it is just exposed to LuCI GUI.
It allows overwriting files from other packages (without uninstalling the other package).

useful e.g. when testing alternative WiFi firmware blobs ath10k vs. ath10k-ct, as you can install the other similarly named alternative blob without formally removing the old package.

3 Likes

Just updated another mi 4a gig v1 and successful.

Updated successfully via attended sysupgrade 22.03.3 => 22.03.4 after 95 days uptime:

  • EAP615-WALL access point
  • RPI4 router

Many thanks to the devs!

1 Like

I upgraded and all seems fine with my RT3200s.

But it seems like rather a blunder that this service release results in failure on a pretty popular device.

I wonder how this happened and what steps will be taken to help safeguard against this for future service releases?

Was this issue:

not already active at the time the 22.03.4 service release was issued?

4 Likes