Firmware-update: OpenWrt 23.05.3

Versie 23.05.3 van OpenWrt is uitgekomen. OpenWrt is alternatieve opensourcefirmware voor een groot aantal verschillende routers en embedded devices. Door middel van het opkg-package management system is er de mogelijkheid om zelf te bepalen wat de router allemaal wel en niet kan. Ook op GoT zijn er diverse mensen actief mee bezig; zie daarvoor dit topic. Bijwerken van de versie kan gewoon met sysupgrade vanuit de webinterface. De changelog voor deze uitgave kan hieronder worden gevonden.

Security fixes

CVE-2023-36328: dropbear: Integer Overflow vulnerability in mp_grow in libtommathCVE-2023-48795: dropbear: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omittedCVE-2023-50868: dnsmasq: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack

CVE-2023-36328: dropbear: Integer Overflow vulnerability in mp_grow in libtommath

CVE-2023-48795: dropbear: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted

CVE-2023-50868: dnsmasq: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack

Device support

Support for the following devices was added:ath79: UniFi UK-Ultramediatek: Acelink EW-7886CAXmediatek: ASUS RT-AX59Umediatek: ASUS TUF AX6000mediatek: Buffalo WSR-3200AX4Smediatek: Cetron CT3003mediatek: Confiabits MT7981mediatek: Cudy RE3000 v1mediatek: D-Link EAGLE PRO AI M32mediatek: GL.iNet GL-MT6000mediatek: JCG Q30 PROmediatek: Routerich AX3000mediatek: TP-Link EAP225v5mediatek: Ubiquiti UniFi 6 Plusmediatek: Zbtlink ZBT-Z8102AXmediatek: ZyXEL EX5700 (Telenor)ramips: Cudy WR1300 v3ramips: D-Link COVR-X1860 A1ramips: Rostelecom RT-FE-1Aramips: Rostelecom RT-FL-1 (Serсomm RT-FL-1)ramips: Rostelecom S1010 (Serсomm S1010.RT)ramips: TP-Link EX220 v1ramips: YunCore G720ramips: Z-ROUTER ZR-2660ath79: Nanostation Loco M5 XW: Fix read only jffs2 partitionath79: TP-Link TL-WDR3600 and TL-WDR4300: Fix spurious reboot hangsath79: ubnt-bullet-m-xw: fix Ethernet PHY trafficipq807x: edgecore EAP102: fix lan/wankirkwood: Ctera C200 V1: fix ubi part namelantiq: xway: disable SMP: fix boot on some Danube boards and NAT performancemediatek: MT7981/MT7986: fix Ethernet rx hang issuemeidatek: Mercusys MR90X v1: fix eeprom loadingmpc85xx: Extreme Networks WS-AP3825i: increase available RAMmvebu: IEI-World Puzzle M90x: fix RTCramips: improve mtk_eth_soc resetsramips: rt305x: Use default uart in lzma-loaderramips: Sercomm NA502: Fix bootup problemramips: Unielec u7621-01: Correct the PCIe port numberrealtek: d-link dgs-1210-10p: improve sfp supportrealtek: Netgear GS110TPP: fix OEM installrockchip: Orange Pi R1 Plus LTS: improve Ethernet stability

Support for the following devices was added:ath79: UniFi UK-Ultramediatek: Acelink EW-7886CAXmediatek: ASUS RT-AX59Umediatek: ASUS TUF AX6000mediatek: Buffalo WSR-3200AX4Smediatek: Cetron CT3003mediatek: Confiabits MT7981mediatek: Cudy RE3000 v1mediatek: D-Link EAGLE PRO AI M32mediatek: GL.iNet GL-MT6000mediatek: JCG Q30 PROmediatek: Routerich AX3000mediatek: TP-Link EAP225v5mediatek: Ubiquiti UniFi 6 Plusmediatek: Zbtlink ZBT-Z8102AXmediatek: ZyXEL EX5700 (Telenor)ramips: Cudy WR1300 v3ramips: D-Link COVR-X1860 A1ramips: Rostelecom RT-FE-1Aramips: Rostelecom RT-FL-1 (Serсomm RT-FL-1)ramips: Rostelecom S1010 (Serсomm S1010.RT)ramips: TP-Link EX220 v1ramips: YunCore G720ramips: Z-ROUTER ZR-2660

ath79: UniFi UK-Ultramediatek: Acelink EW-7886CAXmediatek: ASUS RT-AX59Umediatek: ASUS TUF AX6000mediatek: Buffalo WSR-3200AX4Smediatek: Cetron CT3003mediatek: Confiabits MT7981mediatek: Cudy RE3000 v1mediatek: D-Link EAGLE PRO AI M32mediatek: GL.iNet GL-MT6000mediatek: JCG Q30 PROmediatek: Routerich AX3000mediatek: TP-Link EAP225v5mediatek: Ubiquiti UniFi 6 Plusmediatek: Zbtlink ZBT-Z8102AXmediatek: ZyXEL EX5700 (Telenor)ramips: Cudy WR1300 v3ramips: D-Link COVR-X1860 A1ramips: Rostelecom RT-FE-1Aramips: Rostelecom RT-FL-1 (Serсomm RT-FL-1)ramips: Rostelecom S1010 (Serсomm S1010.RT)ramips: TP-Link EX220 v1ramips: YunCore G720ramips: Z-ROUTER ZR-2660

ath79: UniFi UK-Ultra

mediatek: Acelink EW-7886CAX

mediatek: ASUS RT-AX59U

mediatek: ASUS TUF AX6000

mediatek: Buffalo WSR-3200AX4S

mediatek: Cetron CT3003

mediatek: Confiabits MT7981

mediatek: Cudy RE3000 v1

mediatek: D-Link EAGLE PRO AI M32

mediatek: GL.iNet GL-MT6000

mediatek: JCG Q30 PRO

mediatek: Routerich AX3000

mediatek: TP-Link EAP225v5

mediatek: Ubiquiti UniFi 6 Plus

mediatek: Zbtlink ZBT-Z8102AX

mediatek: ZyXEL EX5700 (Telenor)

ramips: Cudy WR1300 v3

ramips: D-Link COVR-X1860 A1

ramips: Rostelecom RT-FE-1A

ramips: Rostelecom RT-FL-1 (Serсomm RT-FL-1)

ramips: Rostelecom S1010 (Serсomm S1010.RT)

ramips: TP-Link EX220 v1

ramips: YunCore G720

ramips: Z-ROUTER ZR-2660

ath79: Nanostation Loco M5 XW: Fix read only jffs2 partition

ath79: TP-Link TL-WDR3600 and TL-WDR4300: Fix spurious reboot hangs

ath79: ubnt-bullet-m-xw: fix Ethernet PHY traffic

ipq807x: edgecore EAP102: fix lan/wan

kirkwood: Ctera C200 V1: fix ubi part name

lantiq: xway: disable SMP: fix boot on some Danube boards and NAT performance

mediatek: MT7981/MT7986: fix Ethernet rx hang issue

meidatek: Mercusys MR90X v1: fix eeprom loading

mpc85xx: Extreme Networks WS-AP3825i: increase available RAM

mvebu: IEI-World Puzzle M90x: fix RTC

ramips: improve mtk_eth_soc resets

ramips: rt305x: Use default uart in lzma-loader

ramips: Sercomm NA502: Fix bootup problem

ramips: Unielec u7621-01: Correct the PCIe port number

realtek: d-link dgs-1210-10p: improve sfp support

realtek: Netgear GS110TPP: fix OEM install

rockchip: Orange Pi R1 Plus LTS: improve Ethernet stability

Various fixes and improvements

mt76: Add mt7922 firmwaremwlwifi: Add support for WPA3dropbear: Increase scp transfer speedkernel: fix bridge proxyarp issue with some broken DHCP clientsmac80211: fix min_tx_power settingkernel: add Aquantia PHY firmware loader patcheshostapd: fix FILS AKM selection with EAP-192hostapd: fix 11r defaults when using SAEhostapd: fix 11r defaults when using WPAhostapd: ACS: Fix typo in bw_40 frequency array on channel 118

mt76: Add mt7922 firmware

mwlwifi: Add support for WPA3

dropbear: Increase scp transfer speed

kernel: fix bridge proxyarp issue with some broken DHCP clients

mac80211: fix min_tx_power setting

kernel: add Aquantia PHY firmware loader patches

hostapd: fix FILS AKM selection with EAP-192

hostapd: fix 11r defaults when using SAE

hostapd: fix 11r defaults when using WPA

hostapd: ACS: Fix typo in bw_40 frequency array on channel 118

Core components update

Update Linux from 5.15.137 to 5.15.150Update mwlwifi from 2023-04-29 to 2023-11-20Update mt76 from 2023-08-14 to 2023-09-11Update netifd from 2023-11-10 to 2024-01-04Update jsonfilter from 2018-02-04 to 2024-01-23Update bcm27xx-gpu-fw from 2022-05-16 to 2024-01-11Update mbedtls from 2.28.5 to 2.28.7Update openssl from 3.0.12 to 3.0.13Update wireless-regdb from 2023.09.01 to 2024.01.23Update intel-microcode from 20230808 to 20240312Update dnsmasq from 2.89 to 2.90

Update Linux from 5.15.137 to 5.15.150

Update mwlwifi from 2023-04-29 to 2023-11-20

Update mt76 from 2023-08-14 to 2023-09-11

Update netifd from 2023-11-10 to 2024-01-04

Update jsonfilter from 2018-02-04 to 2024-01-23

Update bcm27xx-gpu-fw from 2022-05-16 to 2024-01-11

Update mbedtls from 2.28.5 to 2.28.7

Update openssl from 3.0.12 to 3.0.13

Update wireless-regdb from 2023.09.01 to 2024.01.23

Update intel-microcode from 20230808 to 20240312

Update dnsmasq from 2.89 to 2.90

Source: Tweakers.net