Versie 23.05.3 van OpenWrt is uitgekomen. OpenWrt is alternatieve opensourcefirmware voor een groot aantal verschillende routers en embedded devices. Door middel van het opkg-package management system is er de mogelijkheid om zelf te bepalen wat de router allemaal wel en niet kan. Ook op GoT zijn er diverse mensen actief mee bezig; zie daarvoor dit topic. Bijwerken van de versie kan gewoon met sysupgrade vanuit de webinterface. De changelog voor deze uitgave kan hieronder worden gevonden.
Security fixesDevice support
- CVE-2023-36328: dropbear: Integer Overflow vulnerability in mp_grow in libtommath
- CVE-2023-48795: dropbear: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted
- CVE-2023-50868: dnsmasq: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack
Various fixes and improvements
- Support for the following devices was added:
- ath79: UniFi UK-Ultra
- mediatek: Acelink EW-7886CAX
- mediatek: ASUS RT-AX59U
- mediatek: ASUS TUF AX6000
- mediatek: Buffalo WSR-3200AX4S
- mediatek: Cetron CT3003
- mediatek: Confiabits MT7981
- mediatek: Cudy RE3000 v1
- mediatek: D-Link EAGLE PRO AI M32
- mediatek: GL.iNet GL-MT6000
- mediatek: JCG Q30 PRO
- mediatek: Routerich AX3000
- mediatek: TP-Link EAP225v5
- mediatek: Ubiquiti UniFi 6 Plus
- mediatek: Zbtlink ZBT-Z8102AX
- mediatek: ZyXEL EX5700 (Telenor)
- ramips: Cudy WR1300 v3
- ramips: D-Link COVR-X1860 A1
- ramips: Rostelecom RT-FE-1A
- ramips: Rostelecom RT-FL-1 (Serсomm RT-FL-1)
- ramips: Rostelecom S1010 (Serсomm S1010.RT)
- ramips: TP-Link EX220 v1
- ramips: YunCore G720
- ramips: Z-ROUTER ZR-2660
- ath79: Nanostation Loco M5 XW: Fix read only jffs2 partition
- ath79: TP-Link TL-WDR3600 and TL-WDR4300: Fix spurious reboot hangs
- ath79: ubnt-bullet-m-xw: fix Ethernet PHY traffic
- ipq807x: edgecore EAP102: fix lan/wan
- kirkwood: Ctera C200 V1: fix ubi part name
- lantiq: xway: disable SMP: fix boot on some Danube boards and NAT performance
- mediatek: MT7981/MT7986: fix Ethernet rx hang issue
- meidatek: Mercusys MR90X v1: fix eeprom loading
- mpc85xx: Extreme Networks WS-AP3825i: increase available RAM
- mvebu: IEI-World Puzzle M90x: fix RTC
- ramips: improve mtk_eth_soc resets
- ramips: rt305x: Use default uart in lzma-loader
- ramips: Sercomm NA502: Fix bootup problem
- ramips: Unielec u7621-01: Correct the PCIe port number
- realtek: d-link dgs-1210-10p: improve sfp support
- realtek: Netgear GS110TPP: fix OEM install
- rockchip: Orange Pi R1 Plus LTS: improve Ethernet stability
Core components update
- mt76: Add mt7922 firmware
- mwlwifi: Add support for WPA3
- dropbear: Increase scp transfer speed
- kernel: fix bridge proxyarp issue with some broken DHCP clients
- mac80211: fix min_tx_power setting
- kernel: add Aquantia PHY firmware loader patches
- hostapd: fix FILS AKM selection with EAP-192
- hostapd: fix 11r defaults when using SAE
- hostapd: fix 11r defaults when using WPA
- hostapd: ACS: Fix typo in bw_40 frequency array on channel 118
- Update Linux from 5.15.137 to 5.15.150
- Update mwlwifi from 2023-04-29 to 2023-11-20
- Update mt76 from 2023-08-14 to 2023-09-11
- Update netifd from 2023-11-10 to 2024-01-04
- Update jsonfilter from 2018-02-04 to 2024-01-23
- Update bcm27xx-gpu-fw from 2022-05-16 to 2024-01-11
- Update mbedtls from 2.28.5 to 2.28.7
- Update openssl from 3.0.12 to 3.0.13
- Update wireless-regdb from 2023.09.01 to 2024.01.23
- Update intel-microcode from 20230808 to 20240312
- Update dnsmasq from 2.89 to 2.90