Wydanie OpenWrt 22.03.3 przyniosło dużo zmian związanych z poprawkami bezpieczeństwa oraz ulepszeniami wsparcia dla niektórych urządzeń.
Poniżej informacja o wydaniu (EN):
Cytuj:
The OpenWrt community is proud to announce the newest stable release of the OpenWrt 22.03 stable version series. It fixes security issues, improves device support, and brings a few bug fixes.
Download firmware images using the OpenWrt Firmware Selector:
* https://firmware-selector.openwrt.org/?version=22.03.3
Download firmware images directly from our download servers:
* https://downloads.openwrt.org/releases/22.03.3/targets/
Main changes between OpenWrt 22.03.2 and OpenWrt 22.03.3:
========================================================
Security fixes
==============
* CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk applet
* CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server
* CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
* CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
* CVE-2022-46393: mbedtls: Fix potential heap buffer overread and verwrite
* CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key
* CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.
Device support
==============
* Support for the following devices was added:
* Ruckus ZoneFlex 7372
* Ruckus ZoneFlex 7321
* ZTE MF289F
* TrendNet TEW-673GRU
* Linksys EA4500 v3
* Wavlink WS-WN572HP3 4G
* Fix reboot loop by using LZMA loader. This affects the following devices:
* NETGEAR EX6150
* HiWiFi HC5962
* ASUS RT-N56U B1
* Belkin F9K1109v1
* D-Link DIR-645
* D-Link DIR-860L B1
* NETIS WF2881
* ZyXEL WAP6805
* Fix WAN mac address assignment. This affects the following devices:
* UniElec U7621-01
* UniElec U7621-06
* TP-Link AR7241
* TP-Link TL-WR740N
* TP-Link TL-WR741ND v4
* Teltonika RUT230
* Luma Home WRTQ-329ACN
* mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices:
* CZ.NIC Turris Omnia
* Linksys WRT1200AC
* Linksys WRT1900ACS
* Linksys WRT1900AC v1
* Linksys WRT1900AC v2
* Linksys WRT3200ACM
* Linksys WRT32X
* Linksys WRT3200ACM
* SolidRun ClearFog Pro
* lantiq/xrx200: Enable interrupts on second VPE
* layerscape: Fix SPI-NOR issues with vendor patches
* RouterBoard 912UAG: Fix reference clock
* TP-Link RE200 v3/v4: Fix LED configuration
* GL.iNet GL-MT1300: Fix flash access by reducing SPI clock
* Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over vendor web UI
* D-Link DIR-825 B1: Add factory image recipe
* D-Link DIR-825-B1: Expand rootfs
* D-Link DGS-1210-10P: Add support for extra buttons and LEDs
* Asus RT-AC88U: Include Broadcom 4366b1 firmware by default
* AVM FRITZ!Box 7430: Include USB driver by default
* HAOYU Electronics MarsBoard A10: Include sound driver by default
* Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys factory firmware
Various fixes and improvements
==============================
* firewall4: Fix boot hang with firewall4 and loadfile
* Added the following kernel packages:
* kmod-sched-prio (extracted from kmod-sched)
* kmod-sched-red (extracted from kmod-sched)
* kmod-sched-act-police (extracted from kmod-sched)
* kmod-sched-act-ipt (extracted from kmod-sched)
* kmod-sched-pie (extracted from kmod-sched)
* kmod-sched-drr
* kmod-sched-fq-pie
* kmod-sched-act-sample
* kmod-nvme
* kmod-phy-marvell
* kmod-hwmon-sht3x
* kmod-netconsole
* kmod-btsdio
* Added firmware files for mt7916 and mt7921 devices
* ucode: lexer: Fixes for regex literal parsing
* hostapd: Remove dtim_period option from device, it is already a BSS property
* procd: Service: pass all arguments to service
* ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
* comgt-ncm: Add support for quectel modem EC200T-EU
* umbim: Allow roaming and partner connections
* kernel: Add support for EON EN25QX128A spi nor flash
* iwinfo: Many bugfixes and improvements:
* improvements in showing the used band, ht mode and hw mode
* Added support for HE (Wifi 6) modes
* Added support for new devices (MT7921AU, MT7986 WiSoC)
* Add support for CCMP-256 and GCMP-256 ciphers
* uhttpd: Fix incorrectly emitting HTTP 413 for certain content lengths
* gcc: Import patch fixing asm machine directive for powerpc
Core components update
======================
* Update Linux kernel from 5.10.146 to 5.10.161
* Update mac80211 backports from 5.15.58-1 to 5.15.81-1
* Update strace from 5.16 to 5.19
* Update mbedtls from 2.28.1 to 2.28.2
* Update openssl from 1.1.1q to 1.1.1s
* Update wolfssl from 5.5.1 to 5.5.4
* Update util-linux from 2.37.3 to 2.37.4
* Update firewall4 from 2022-10-14 to 2022-10-18
* Update odhcpd from 2022-03-22 to 2023-01-02
* Update uhttpd from 2022-08-12 to 2022-10-31
* Update iwinfo from 2022-08-19 to 2022-12-15
* Update ucode from 2022-10-07 to 2022-12-02
-----------------
Full release notes and upgrade instructions are available at https://openwrt.org/releases/22.03/notes-22.03.3
In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/22.03/note ... own_issues
For a detailed list of all changes since 22.03.2, refer to https://openwrt.org/releases/22.03/changelog-22.03.3
To download the 22.03.3 images, navigate to: https://downloads.openwrt.org/releases/22.03.3/targets/
Use OpenWrt Firmware Selector to download: https://firmware-selector.openwrt.org/?version=22.03.3
As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.
Have fun!
The OpenWrt Community
---
To stay informed of new OpenWrt releases and security advisories, there are new channels available:
* a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listi ... t-announce
* a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14
* other announcement channels (such as RSS feeds) might be added in the
future, they will be listed at https://openwrt.org/contact
Download firmware images using the OpenWrt Firmware Selector:
* https://firmware-selector.openwrt.org/?version=22.03.3
Download firmware images directly from our download servers:
* https://downloads.openwrt.org/releases/22.03.3/targets/
Main changes between OpenWrt 22.03.2 and OpenWrt 22.03.3:
========================================================
Security fixes
==============
* CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x's awk applet
* CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server
* CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
* CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
* CVE-2022-46393: mbedtls: Fix potential heap buffer overread and verwrite
* CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key
* CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.
Device support
==============
* Support for the following devices was added:
* Ruckus ZoneFlex 7372
* Ruckus ZoneFlex 7321
* ZTE MF289F
* TrendNet TEW-673GRU
* Linksys EA4500 v3
* Wavlink WS-WN572HP3 4G
* Fix reboot loop by using LZMA loader. This affects the following devices:
* NETGEAR EX6150
* HiWiFi HC5962
* ASUS RT-N56U B1
* Belkin F9K1109v1
* D-Link DIR-645
* D-Link DIR-860L B1
* NETIS WF2881
* ZyXEL WAP6805
* Fix WAN mac address assignment. This affects the following devices:
* UniElec U7621-01
* UniElec U7621-06
* TP-Link AR7241
* TP-Link TL-WR740N
* TP-Link TL-WR741ND v4
* Teltonika RUT230
* Luma Home WRTQ-329ACN
* mvebu: Disable devices using broken mv88e6176 switch. This affects the following devices:
* CZ.NIC Turris Omnia
* Linksys WRT1200AC
* Linksys WRT1900ACS
* Linksys WRT1900AC v1
* Linksys WRT1900AC v2
* Linksys WRT3200ACM
* Linksys WRT32X
* Linksys WRT3200ACM
* SolidRun ClearFog Pro
* lantiq/xrx200: Enable interrupts on second VPE
* layerscape: Fix SPI-NOR issues with vendor patches
* RouterBoard 912UAG: Fix reference clock
* TP-Link RE200 v3/v4: Fix LED configuration
* GL.iNet GL-MT1300: Fix flash access by reducing SPI clock
* Youku YK-L2 and YK-L1: Allow installing initramfs-kernel.bin over vendor web UI
* D-Link DIR-825 B1: Add factory image recipe
* D-Link DIR-825-B1: Expand rootfs
* D-Link DGS-1210-10P: Add support for extra buttons and LEDs
* Asus RT-AC88U: Include Broadcom 4366b1 firmware by default
* AVM FRITZ!Box 7430: Include USB driver by default
* HAOYU Electronics MarsBoard A10: Include sound driver by default
* Linksys EA6350v3, EA8300, MR8300 and WHW01: Allow flashing Linksys factory firmware
Various fixes and improvements
==============================
* firewall4: Fix boot hang with firewall4 and loadfile
* Added the following kernel packages:
* kmod-sched-prio (extracted from kmod-sched)
* kmod-sched-red (extracted from kmod-sched)
* kmod-sched-act-police (extracted from kmod-sched)
* kmod-sched-act-ipt (extracted from kmod-sched)
* kmod-sched-pie (extracted from kmod-sched)
* kmod-sched-drr
* kmod-sched-fq-pie
* kmod-sched-act-sample
* kmod-nvme
* kmod-phy-marvell
* kmod-hwmon-sht3x
* kmod-netconsole
* kmod-btsdio
* Added firmware files for mt7916 and mt7921 devices
* ucode: lexer: Fixes for regex literal parsing
* hostapd: Remove dtim_period option from device, it is already a BSS property
* procd: Service: pass all arguments to service
* ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
* comgt-ncm: Add support for quectel modem EC200T-EU
* umbim: Allow roaming and partner connections
* kernel: Add support for EON EN25QX128A spi nor flash
* iwinfo: Many bugfixes and improvements:
* improvements in showing the used band, ht mode and hw mode
* Added support for HE (Wifi 6) modes
* Added support for new devices (MT7921AU, MT7986 WiSoC)
* Add support for CCMP-256 and GCMP-256 ciphers
* uhttpd: Fix incorrectly emitting HTTP 413 for certain content lengths
* gcc: Import patch fixing asm machine directive for powerpc
Core components update
======================
* Update Linux kernel from 5.10.146 to 5.10.161
* Update mac80211 backports from 5.15.58-1 to 5.15.81-1
* Update strace from 5.16 to 5.19
* Update mbedtls from 2.28.1 to 2.28.2
* Update openssl from 1.1.1q to 1.1.1s
* Update wolfssl from 5.5.1 to 5.5.4
* Update util-linux from 2.37.3 to 2.37.4
* Update firewall4 from 2022-10-14 to 2022-10-18
* Update odhcpd from 2022-03-22 to 2023-01-02
* Update uhttpd from 2022-08-12 to 2022-10-31
* Update iwinfo from 2022-08-19 to 2022-12-15
* Update ucode from 2022-10-07 to 2022-12-02
-----------------
Full release notes and upgrade instructions are available at https://openwrt.org/releases/22.03/notes-22.03.3
In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/22.03/note ... own_issues
For a detailed list of all changes since 22.03.2, refer to https://openwrt.org/releases/22.03/changelog-22.03.3
To download the 22.03.3 images, navigate to: https://downloads.openwrt.org/releases/22.03.3/targets/
Use OpenWrt Firmware Selector to download: https://firmware-selector.openwrt.org/?version=22.03.3
As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.
Have fun!
The OpenWrt Community
---
To stay informed of new OpenWrt releases and security advisories, there are new channels available:
* a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listi ... t-announce
* a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14
* other announcement channels (such as RSS feeds) might be added in the
future, they will be listed at https://openwrt.org/contact
