OpenWrt 23.05.0-rc3 - Third Release Candidate

Release and security announcements
1

Hi,

The OpenWrt community is proud to announce the third release candidate of the upcoming OpenWrt 23.05 stable series.
OpenWrt 23.05.0-rc3 incorporates over 4200 commits since branching the previous OpenWrt 22.03 release and has been under development for over one year.

This is just a release candidate and not the final release yet.

Download firmware images using the OpenWrt Firmware Selector:

Changes between OpenWrt 23.05.0-rc2 and 23.05.0-rc3

Changes in this release candidate since the previous 23.05.0-rc2 release candidate are:

  • New devices
    • ath79: MikroTik RB951G-2HnD
    • ipq40xx: Teltonika RUTX50
    • ipq40xx: ZTE MF287+ aka DreiNeo
    • layerscape: Traverse Ten64 NAND variant
    • mediatek: Acer Predator W6
    • mediatek: H3C Magic NX30 Pro
    • mediatek: Mercusys MR90X v1
    • mediatek: Netgear EX6250v2 series (no wifi support)
    • mediatek: Xiaomi WR30U
    • mediatek: ZyXEL NWA50AX Pro
    • ramips: Sercomm S1500 devices
    • ramips: TP-Link EAP613 v1
    • realtek: HPE 1920-8g-poe+
  • Updated components:
    • hostapd: update to 2023-06-22
    • mt76: update to 2023-07-26
    • ath11k-firmware: update to stable WLAN.HK.2.9.0.1-01837
    • openssl: update to 3.0.10
    • mbedtls: Update to 2.28.4
    • wolfssl: update to 5.6.3
    • intel-microcode: update to 20230808
    • linux-firmware: update to 20230804
    • kernel: bump 5.15 to 5.15.127
  • ramips: mt7621: disable the cpufreq driver (performance increase)
  • ramips: mt7621: disable highmem support and remove highmem offset patch (performance increase)
  • uqmi: support split-APN IPv4 and IPv6 dual-stack
  • iwinfo/rpcd: update byte counter to 64bit
  • x86: Activate CONFIG_PCIEASPM
  • x86: Add virtualization time sync support
  • armsr: activate many new configuration options
  • kernel: modules: add xdp-sockets-diag support
  • ipq40xx: meraki: define DTB load address
  • ath79: move ubnt-xm 64M RAM boards back to generic
  • lua: fix integer overflow in LNUM patch

Many other changes in all parts of OpenWrt, see Chnagelog for details.

Highlights in OpenWrt 23.05.0:

Many new devices added

OpenWrt 23.05 supports over 1794 devices. Support for over 200 new devices was added in addition to the device support by OpenWrt 22.03.

  • The ipq807x target for the Qualcomm IPQ807x Wifi 6 SoCs was added
  • The mediatek/filogic subtarget for the Mediatek Filogic 830 and 630 SoCs was added
  • The sifiveu target for the HiFive RISC-V Unleashed and Unmatched boards

Highlights of device support

  • Switched ipq40xx target to DSA
  • VDSL support on AVM FRITZ!Box 7530
  • Support for devices with 2.5G PHYs
    • Acer Predator W6 (MT7986A)
    • Mercusys MR90X v1 (MT7986BLA)
    • Netgear WAX206 (MT7622)
    • Netgear WAX220 (MT7986)
    • ZyXEL NWA50AX Pro (MT7981)
    • Asus (TUF Gaming) AX4200 (MT7986A)
    • Netgear WAX218 (IPQ8074)
    • Xiaomi AX9000 (IPQ8074)
    • Dynalink DL-WRX36 (IPQ8074)
  • 2 Gbps WAN/LAN NAT Routing on ramips MT7621 devices
  • Improved DSL statistics on ubus and in LuCI

Switch from wolfssl to mbedtls as default

OpenWrt switched the default cryptographic library from wolfssl to mbedtls. This library is used for HTTPS/TLS in the Webserver providing LuCI and for the cryptographic operations in hostapd. mbedtls provides security updates in their LTS branch without changing the application binary interface (ABI) of the library. wolfssl provides a stable ABI only for a very limited subset of functions. mbedtls allows us to update only mbedtls without the need to recompile and upgrade all users of mbedtls.

Core components update

Core components have the following versions in 23.05.0-rc3:

  • Updated toolchain:
    • musl libc 1.2.4
    • glibc 2.37
    • gcc 12.3.0
    • binutils 2.40
  • Updated Linux kernel
    • 5.15.127 for all targets
  • Network:
    • hostapd master snapshot from June 2023
    • dnsmasq 2.89
    • dropbear 2022.82
  • cfg80211/mac80211 from kernel 6.1.24
  • System userland:
    • busybox 1.36.1

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/23.05/notes-23.05.0-rc3

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/23.05/notes-23.05.0-rc3#known_issues

For a detailed list of all changes since 23.05.0-rc2, refer to
https://openwrt.org/releases/23.05/changelog-23.05.0-rc3

To download the 23.05.0-rc3 images, navigate to:
https://downloads.openwrt.org/releases/23.05.0-rc3/targets/
Use OpenWrt Firmware Selector to download:
https://firmware-selector.openwrt.org/?version=23.05.0-rc3

As always, a big thank you goes to all our active package maintainers, testers, documenters and supporters.

Have fun!

The OpenWrt Community

35 Likes
3

Thank you Developers & Testers :blush:

9 Likes
4

Can't install wget-ssl on WRT1900ACS v1:

opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.0-rc3/packages/arm_cortex-a9_vfpv3-d16/packages/wget-ssl_1.21.3-2_arm_cortex-a9_vfpv3-d16.ipk, wget returned 8.

wget package files are missing. Without wget DynamicDNS doesn't function.

1 Like
5

works well on minimalist low energy ea3500 security router. will test later on dozen other routers and switches comprising home/office network w/ ruckus master switch & ap's.

6

After a 55 day uptime with rc2 just flashed rc3 on my WRT32X. Installed a lot of typical packages: SQM, Samba, Simple-Adblock, Advanced-Reboot, etc. All working great.

The Overview screen with new Port Status looks nice too.

Interestingly an SQM Cake bufferbloat test showed load fairly balanced across CPU0 and CPU1 than I remember looking at htop. It's 30-50% load on both cores during max download. This is a good thing, I recall most load being on CPU0 with mvebu, and CPU1 having far less. Anyway I'll keep an eye on it (I know the new sqm-scripts didn't make it in but that wouldn't affect this).
[https://www.waveform.com/tools/bufferbloat?test-id=7f54025b-a6aa-4191-aa19-18d0ef64b58a]

Anyway, thanks devs for the great release!

5 Likes
7

Anyone facing issues with IPv6? My Redmi AX6 is not able to assign IPv6 to devices. Same was issue on RC-2 when i updated ath11k.

8

Hello
Same comment that I have already done since rc1. Please add in the release note that upgrading Linksys EA8300, MR8300, EA6350v3 and WHW01 can not be done unless changing a boot variable. Otherwise upgrading will lead to soft bricking. Please link to instructions.
Thank you.

8 Likes
9

Maybe. My Redmi AX6S needed Set Static and Save. Then after a minute or two started working?

10

fixed or not in this release? that solution was working with custom-built by DragonBluep.

11

Where can I follow the Lantiq/xrx200 target DSA driver error messages issue?
I have a spare BT Home Hub 5 that I may be able to use for testing.

Regards,
Alistair

12

Maybe https://github.com/openwrt/openwrt/pull/12515 . There doesn't seem to be much traction.

1 Like
13

Thanks guys for this great release. OpenWrt is the best router OS!

3 Likes
14

Thank you.
Regards,
Alistair

1 Like
15

There is a notable change between rc2 and rc3 for the realtek target, observed on Netgear GS108T v3 and Zyxel GS1900-48:

All switch ports lose their individual MAC address and use a constant (default?) MAC address of 80:00:50:00:00:00 (GS1900-48) instead.

There is one difference in dmesg between -rc2 and -rc3:

$ grep "MAC" *dmesg.txt
rc2-dmesg.txt:[    0.766403] Using MAC 0000800050000000
rc2-dmesg.txt:[   22.640265] Using MAC 0000b8eca3afeb7f
rc3-dmesg.txt:[    0.765801] Using MAC 0000800050000000

Notice the second "Using MAC" is missing on -rc3.

1 Like
16

I installed rc3 to Xiaomi AX9000, I had to replace the board-2.bin to get the radio3 working. Everything seems to be ok. 802.11s and batman, adguardhome.

I installled rc3 also to thwo ax3600, 802.11s, batman. Also working.

1 Like
17

Let me report a successful test on a Netgear WAX202 used as a WDS repeater. Note that in my configuration, I need to replace wpad-basic-mbedtls with wpad-mbedtls to enable the following options: wnm_sleep_mode, wnm_sleep_mode_no_keys, bss_transition. DAWN apparently "works" and interoperates with the version in OpenWrt 22.03.5, but in reality, the FT does not happen:

Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: authentication OK (open system)
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-AUTHENTICATE.indication(c8:51:42:23:d4:0c, OPEN_SYSTEM)
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-DELETEKEYS.request(c8:51:42:23:d4:0c)
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: association OK (aid 1)
Wed Aug 23 14:54:59 2023 daemon.info hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: authenticated
Wed Aug 23 14:54:59 2023 daemon.info hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: associated (aid 1)
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-ASSOCIATE.indication(c8:51:42:23:d4:0c)
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-DELETEKEYS.request(c8:51:42:23:d4:0c)
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: binding station to interface 'phy0-ap0'
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: event 1 notification
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: start authentication
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.1X: unauthorizing port
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: sending 1/4 msg of 4-Way Handshake
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: EAPOL-Key timeout
Wed Aug 23 14:54:59 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: sending 1/4 msg of 4-Way Handshake
Wed Aug 23 14:55:00 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: EAPOL-Key timeout
Wed Aug 23 14:55:00 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: sending 1/4 msg of 4-Way Handshake
Wed Aug 23 14:55:00 2023 cron.err crond[1712]: USER root pid 4067 cmd scp root@192.168.10.1:/tmp/dhcp.leases /tmp/dhcp.leases.new && mv /tmp/dhcp.leases.new /tmp/dhcp.leases
Wed Aug 23 14:55:01 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: EAPOL-Key timeout
Wed Aug 23 14:55:01 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: sending 1/4 msg of 4-Way Handshake
Wed Aug 23 14:55:02 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: EAPOL-Key timeout
Wed Aug 23 14:55:02 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: PTKSTART: Retry limit 4 reached
Wed Aug 23 14:55:02 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: event 3 notification
Wed Aug 23 14:55:02 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.1X: unauthorizing port
Wed Aug 23 14:55:03 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-DEAUTHENTICATE.indication(c8:51:42:23:d4:0c, 15)
Wed Aug 23 14:55:03 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-DELETEKEYS.request(c8:51:42:23:d4:0c)
Wed Aug 23 14:55:07 2023 daemon.info hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: deauthenticated due to local deauth request
Wed Aug 23 14:55:10 2023 daemon.notice hostapd: Beacon request: c8:51:42:23:d4:0c is not connected
Wed Aug 23 14:55:10 2023 daemon.warn dawn: Client / BSSID = C8:51:42:23:D4:0C / 34:98:B5:19:B6:18: BEACON REQUEST failed
Wed Aug 23 14:55:13 2023 daemon.notice hostapd: Beacon request: c8:51:42:23:d4:0c is not connected
Wed Aug 23 14:55:13 2023 daemon.warn dawn: Client / BSSID = C8:51:42:23:D4:0C / EA:9F:80:D4:9E:C5: BEACON REQUEST failed
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: authentication OK (open system)
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-AUTHENTICATE.indication(c8:51:42:23:d4:0c, OPEN_SYSTEM)
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-DELETEKEYS.request(c8:51:42:23:d4:0c)
Wed Aug 23 14:55:16 2023 daemon.info hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: authenticated
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: association OK (aid 1)
Wed Aug 23 14:55:16 2023 daemon.info hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: associated (aid 1)
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-ASSOCIATE.indication(c8:51:42:23:d4:0c)
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c MLME: MLME-DELETEKEYS.request(c8:51:42:23:d4:0c)
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.11: binding station to interface 'phy0-ap0'
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: event 1 notification
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: start authentication
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.1X: unauthorizing port
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: sending 1/4 msg of 4-Way Handshake
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: received EAPOL-Key frame (2/4 Pairwise)
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: sending 3/4 msg of 4-Way Handshake
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: received EAPOL-Key frame (4/4 Pairwise)
Wed Aug 23 14:55:16 2023 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED c8:51:42:23:d4:0c auth_alg=open
Wed Aug 23 14:55:16 2023 daemon.debug hostapd: phy0-ap0: STA c8:51:42:23:d4:0c IEEE 802.1X: authorizing port
Wed Aug 23 14:55:16 2023 daemon.info hostapd: phy0-ap0: STA c8:51:42:23:d4:0c RADIUS: starting accounting session FB9326A66F3140EE
Wed Aug 23 14:55:16 2023 daemon.info hostapd: phy0-ap0: STA c8:51:42:23:d4:0c WPA: pairwise key handshake completed (RSN)
Wed Aug 23 14:55:16 2023 daemon.notice hostapd: phy0-ap0: EAPOL-4WAY-HS-COMPLETED c8:51:42:23:d4:0c
Wed Aug 23 14:55:30 2023 daemon.notice hostapd: phy0-ap0: BEACON-REQ-TX-STATUS c8:51:42:23:d4:0c 1 ack=1
Wed Aug 23 14:55:33 2023 daemon.notice hostapd: phy0-ap0: BEACON-REQ-TX-STATUS c8:51:42:23:d4:0c 2 ack=1

While at it, please note that the description of the wpad package is no longer accurate:

wpad - 2023-06-22-599d00be-1.2 - This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS Authenticator and Supplicant

In 2023, a version of wpad without support for SAE should not be called "full-featured".

18

Still not available on https://sysupgrade.openwrt.org/.

Has someone else issues with the performance of luci (timeouts? I've observed this on two devices (Fritzbox 7320 and 7330). Before the upgrade to rc3 both devices were on 22.03.x. So I would like to test it with an other device that was already on rc2.

19

Rc3 running here on a EA8300.
Ad block
Advanced reboot
Attended System upgrade

All are functioning and as expected, will work well.

Good job devs!

2 Likes
20

This package still can't be installed.