OpenWrt 23.05.3

Versie 23.05.3 van OpenWrt is uitgekomen. OpenWrt is alternatieve opensourcefirmware voor een groot aantal verschillende routers en embedded devices. Door middel van het opkg-package management system is er de mogelijkheid om zelf te bepalen wat de router allemaal wel en niet kan. Ook op GoT zijn er diverse mensen actief mee bezig; zie daarvoor dit topic. Bijwerken van de versie kan gewoon met sysupgrade vanuit de webinterface. De changelog voor deze uitgave kan hieronder worden gevonden.

Security fixes

• CVE-2023-36328: dropbear: Integer Overflow vulnerability in mp_grow in libtommath
• CVE-2023-48795: dropbear: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted
• CVE-2023-50868: dnsmasq: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack

Device support

• Support for the following devices was added:
  • ath79: UniFi UK-Ultra
  • mediatek: Acelink EW-7886CAX
  • mediatek: ASUS RT-AX59U
  • mediatek: ASUS TUF AX6000
  • mediatek: Buffalo WSR-3200AX4S
  • mediatek: Cetron CT3003
  • mediatek: Confiabits MT7981
  • mediatek: Cudy RE3000 v1
  • mediatek: D-Link EAGLE PRO AI M32
  • mediatek: GL.iNet GL-MT6000
  • mediatek: JCG Q30 PRO
  • mediatek: Routerich AX3000
  • mediatek: TP-Link EAP225v5
  • mediatek: Ubiquiti UniFi 6 Plus
  • mediatek: Zbtlink ZBT-Z8102AX
  • mediatek: ZyXEL EX5700 (Telenor)
  • ramips: Cudy WR1300 v3
  • ramips: D-Link COVR-X1860 A1
  • ramips: Rostelecom RT-FE-1A
  • ramips: Rostelecom RT-FL-1 (Serсomm RT-FL-1)
  • ramips: Rostelecom S1010 (Serсomm S1010.RT)
  • ramips: TP-Link EX220 v1
  • ramips: YunCore G720
  • ramips: Z-ROUTER ZR-2660
• ath79: Nanostation Loco M5 XW: Fix read only jffs2 partition
• ath79: TP-Link TL-WDR3600 and TL-WDR4300: Fix spurious reboot hangs
• ath79: ubnt-bullet-m-xw: fix Ethernet PHY traffic
• ipq807x: edgecore EAP102: fix lan/wan
• kirkwood: Ctera C200 V1: fix ubi part name
• lantiq: xway: disable SMP: fix boot on some Danube boards and NAT performance
• mediatek: MT7981/MT7986: fix Ethernet rx hang issue
• meidatek: Mercusys MR90X v1: fix eeprom loading
• mpc85xx: Extreme Networks WS-AP3825i: increase available RAM
• mvebu: IEI-World Puzzle M90x: fix RTC
• ramips: improve mtk_eth_soc resets
• ramips: rt305x: Use default uart in lzma-loader
• ramips: Sercomm NA502: Fix bootup problem
• ramips: Unielec u7621-01: Correct the PCIe port number
• realtek: d-link dgs-1210-10p: improve sfp support
• realtek: Netgear GS110TPP: fix OEM install
• rockchip: Orange Pi R1 Plus LTS: improve Ethernet stability

Various fixes and improvements

• mt76: Add mt7922 firmware
• mwlwifi: Add support for WPA3
• dropbear: Increase scp transfer speed
• kernel: fix bridge proxyarp issue with some broken DHCP clients
• mac80211: fix min_tx_power setting
• kernel: add Aquantia PHY firmware loader patches
• hostapd: fix FILS AKM selection with EAP-192
• hostapd: fix 11r defaults when using SAE
• hostapd: fix 11r defaults when using WPA
• hostapd: ACS: Fix typo in bw_40 frequency array on channel 118

Core components update

• Update Linux from 5.15.137 to 5.15.150
• Update mwlwifi from 2023-04-29 to 2023-11-20
• Update mt76 from 2023-08-14 to 2023-09-11
• Update netifd from 2023-11-10 to 2024-01-04
• Update jsonfilter from 2018-02-04 to 2024-01-23
• Update bcm27xx-gpu-fw from 2022-05-16 to 2024-01-11
• Update mbedtls from 2.28.5 to 2.28.7
• Update openssl from 3.0.12 to 3.0.13
• Update wireless-regdb from 2023.09.01 to 2024.01.23
• Update intel-microcode from 20230808 to 20240312
• Update dnsmasq from 2.89 to 2.90