OpenWrt 23.05.3 - Service Release

Hauke Mehrtens hauke at hauke-m.de
Sun Mar 24 17:34:37 PDT 2024


Hi,

The OpenWrt community is proud to announce the newest stable release of 
the OpenWrt 23.05 stable series. It improves device support and brings a 
few bug fixes including security fixes.

Download firmware images using the OpenWrt Firmware Selector:
   * https://firmware-selector.openwrt.org/?version=23.05.3
Download firmware images directly from our download servers:
   * https://downloads.openwrt.org/releases/23.05.3/targets/

Main changes between OpenWrt 23.05.2 and OpenWrt 23.05.3
========================================================

Security fixes
==============

   * CVE-2023-36328: dropbear: Integer Overflow vulnerability in mp_grow
     in libtommath
   * CVE-2023-48795: dropbear: The SSH transport protocol with certain
     OpenSSH extensions, found in OpenSSH before 9.6 and other products,
     allows remote attackers to bypass integrity checks such that some
     packets are omitted
   * CVE-2023-50868: dnsmasq: The Closest Encloser Proof aspect of the
     DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows
     remote attackers to cause a denial of service (CPU consumption for
     SHA-1 computations) via DNSSEC responses in a random subdomain
     attack


Device support
==============

   *  Support for the following devices was added:
      * ath79: UniFi UK-Ultra
      * mediatek: Acelink EW-7886CAX
      * mediatek: ASUS RT-AX59U
      * mediatek: ASUS TUF AX6000
      * mediatek: Buffalo WSR-3200AX4S
      * mediatek: Cetron CT3003
      * mediatek: Confiabits MT7981
      * mediatek: Cudy RE3000 v1
      * mediatek: D-Link EAGLE PRO AI M32
      * mediatek: GL.iNet GL-MT6000
      * mediatek: JCG Q30 PRO
      * mediatek: Routerich AX3000
      * mediatek: TP-Link EAP225v5
      * mediatek: Ubiquiti UniFi 6 Plus
      * mediatek: Zbtlink ZBT-Z8102AX
      * mediatek: ZyXEL EX5700 (Telenor)
      * ramips: Cudy WR1300 v3
      * ramips: D-Link COVR-X1860 A1
      * ramips: Rostelecom RT-FE-1A
      * ramips: Rostelecom RT-FL-1 (Serсomm RT-FL-1)
      * ramips: Rostelecom S1010 (Serсomm S1010.RT)
      * ramips: TP-Link EX220 v1
      * ramips: YunCore G720
      * ramips: Z-ROUTER ZR-2660
   * ath79: Nanostation Loco M5 XW: Fix read only jffs2 partition
   * ath79: TP-Link TL-WDR3600 and TL-WDR4300: Fix spurious reboot hangs
   * ath79: ubnt-bullet-m-xw: fix Ethernet PHY traffic
   * ipq807x: edgecore EAP102: fix lan/wan
   * kirkwood: Ctera C200 V1: fix ubi part name
   * lantiq: xway: disable SMP: fix boot on some Danube boards and NAT
     performance
   * mediatek: MT7981/MT7986: fix Ethernet rx hang issue
   * meidatek: Mercusys MR90X v1: fix eeprom loading
   * mpc85xx: Extreme Networks WS-AP3825i: increase available RAM
   * mvebu: IEI-World Puzzle M90x: fix RTC
   * ramips: improve mtk_eth_soc resets
   * ramips: rt305x: Use default uart in lzma-loader
   * ramips: Sercomm NA502: Fix bootup problem
   * ramips: Unielec u7621-01: Correct the PCIe port number
   * realtek: d-link dgs-1210-10p: improve sfp support
   * realtek: Netgear GS110TPP: fix OEM install
   * rockchip: Orange Pi R1 Plus LTS: improve Ethernet stability


Various fixes and improvements
==============================

   * mt76: Add mt7922 firmware
   * mwlwifi: Add support for WPA3
   * dropbear: Increase scp transfer speed
   * kernel: fix bridge proxyarp issue with some broken DHCP clients
   * mac80211: fix min_tx_power setting
   * kernel: add Aquantia PHY firmware loader patches
   * hostapd: fix FILS AKM selection with EAP-192
   * hostapd: fix 11r defaults when using SAE
   * hostapd: fix 11r defaults when using WPA
   * hostapd: ACS: Fix typo in bw_40 frequency array on channel 118


Core components update
======================

   * Update Linux from 5.15.137 to 5.15.150
   * Update mwlwifi from 2023-04-29 to 2023-11-20
   * Update mt76 from 2023-08-14 to 2023-09-11
   * Update netifd from 2023-11-10 to 2024-01-04
   * Update jsonfilter from 2018-02-04 to 2024-01-23
   * Update bcm27xx-gpu-fw from 2022-05-16 to 2024-01-11
   * Update mbedtls from 2.28.5 to 2.28.7
   * Update openssl from 3.0.12 to 3.0.13
   * Update wireless-regdb from 2023.09.01 to 2024.01.23
   * Update intel-microcode from 20230808 to 20240312
   * Update dnsmasq from 2.89 to 2.90


Upgrading to 23.05.3
================

Sysupgrade can be used to upgrade a device from 22.03 to 23.05, and 
configuration will be preserved in most cases.

  * Sysupgrade from 21.02 to 23.05 is not officially supported.
  * ipq40xx EA6350v3, EA8300, MR8300 and WHW01 require tweak to the
    U-Boot environment on update from 22.03 to 23.05. Refer to the Device
    wiki or the instruction on sysupgrade on how to do this change.
    Config needs to be reset on sysupgrade.


Known issues
============

   * lantiq/xrx200 target shows error messages in DSA switch
     configuration of the integrated GSWIP switch. (see:
     https://github.com/openwrt/openwrt/pull/13200)
   * OpenWrt 23.05.3 was signed with the wrong signing keys. The keys
     from OpenWrt snapshot were used for OpenWrt 23.05.3, OpenWrt
     23.05.2, OpenWrt 23.05.0 and the release candidates. A later OpenWrt
     23.05 service release will use a different key.

See up to date information here:
https://openwrt.org/releases/23.05/notes-23.05.3#known_issues


-----------------

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/23.05/notes-23.05.3

In particular, make sure to read the regressions and known issues before 
upgrading:
https://openwrt.org/releases/23.05/notes-23.05.3#known_issues

For a detailed list of all changes since 23.05.2, refer to
https://openwrt.org/releases/23.05/changelog-23.05.3

To download the 23.05.3 images, navigate to:
https://downloads.openwrt.org/releases/23.05.3/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org/?version=23.05.3

As always, a big thank you goes to all our active package maintainers, 
testers, documenters and supporters.

Have fun!

The OpenWrt Community

---

To stay informed of new OpenWrt releases and security advisories, there 
are new channels available:

   * a low-volume mailing list for important announcements:
https://lists.openwrt.org/mailman/listinfo/openwrt-announce

   * a dedicated "announcements" section in the forum:
https://forum.openwrt.org/c/announcements/14

   * other announcement channels (such as RSS feeds) might be added in 
the future, they will be listed at https://openwrt.org/contact



More information about the openwrt-announce mailing list