OpenWrt 23.05 released with MbedTLS by default, Rust packages, over 1,790 supported devices

OpenWrt 23.05 open-source Linux operating system for routers and resource-constrained headless embedded systems has just been released with over 4300 commits since the release of OpenWrt 22.03 a little over a year ago.

The new release now supports over 1790 devices or about over 200 new devices compared to the OpenWrt 22.03 release with notable new targets including the ipq807x target for the Qualcomm IPQ807x WiFi 6 SoCs, the mediatek/filogic subtarget for the Mediatek Filogic 830 and 630 SoCs, and the sifiveu target for the HiFive Unleashed and Unmatched RISC-V development boards.

OpenWrt 23.05

OpenWrt 23.05 switches from wolfSSL to MbedTLS as default because the latter has a much smaller footprint and offers a more stable ABI (application binary interface) and LTS releases, but it does lack support for TLS 1.3, so users who need the latter may still switch to wolfSSL if needed.

Another highlight of the new OpenWrt release is support for packages written with the Rust programming language, and some examples include bottom, maturin, aardvark-dns, and ripgrep.

Core components have been updated with Linux 5.15.134 now used for all targets as well as busybox 1.36.1, an upgraded toolchain relying on musl libc 1.2.4, glibc 2.37, gcc 12.3.0, and inutils 2.40, and for networking OpenWrt 23.05 now uses hostapd master snapshot from September 2023, dnsmasq 2.89, dropbear 2022.82, and cfg80211/mac80211 from kernel 6.1.24.

The migration from migrated from swconfig to DSA configuration that took place in OpenWrt 21.02 and OpenWrt 22.03, is not an issue anymore in OpenWrt 23.05, and most people should be able to upgrade from OpenWrt 22.03 through the sysupgrade utility which will do its best to preserve the configuration. The developers still recommend backing up the configuration before going ahead with the upgrade just in case. You can also download binary images for your target(s) for a new installation.

Further details may be found in the official announcement.

Via Phoronix

Share this:

Support CNX Software! Donate via cryptocurrencies or become a Patron on Patreon

ROCK Pi 4C Plus
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
11 Comments
oldest
newest
itchy n scratchy
itchy n scratchy
4 months ago

Great news!

Still 2 things I don’t understand:

Why would you choose for a router a default TLS implementation that lacks the most modern issue of the standard and thus presumably the most secure implementation?

Why staying with an old kernel and backporting large chunks from a newer kernel instead of directly using an up to date kernel? I would understand falling back to an older kernel for some architectures not supporting a modern kernel, but taking all platforms hostage??

JJJ
JJJ
4 months ago

I think a lot of people would take issue with “more modern = more secure” – the counter argument is that people have had such a long time to look at the old one, so it’s more likely that any issues have been discovered.

Also, the 5.15 kernel is receiving updates until oct 2026. So they are again choosing long-term stability over new features. For a router this makes sense to me.

Tom
Tom
4 months ago

Yes peope had more time to look at Version 1.2 of the TLS Protocoll, and thats why they decided to create a new version of the protocoll to improve upon the older version. TLS 1.3 is likely much more secure as it removes things like DES and MD5 from the specification.

itchy n scratchy
itchy n scratchy
4 months ago

Well TLS 1.3 definitely should have got enough scrutiny by now. It’s well introduced in the net…

Well obviously 5.15 doesn’t cut the cake, else noone would back port the 802.11 subsystem from a newer kernel.

As TLS mentioned it below, it must again be due to the usual suspects amongst the SOC suppliers working with “smelly BSPs” as TKaiser calls them.

TLS
TLS
4 months ago

Yeah, router are something of a special case and back in the bad old days, you couldn’t even update from one major kernel to another. We got screwed that way by a router SoC maker when I worked at a router manufacturer. They promised kernel 3.x and then we were told that “oh, no, we didn’t mean you could update from 2.x to 3.x, the 3.x kernel has to be factory installed”. Also, routers tend to be a generation or two behind kernel wise and it’s often impossible to use drivers for an older kernel with a later kernel, which… Read more »

itchy n scratchy
itchy n scratchy
4 months ago

Well seeing continuous mainlining efforts on some SOCs I’d expect a bleeding edge kernel to be more promising, at least I got that impression while following the bringing up of some semi recent IPQ based router. There the main issues came IMHO from the outdated openWRT kernel backporting orgy…

Benjamin Hojnik
4 months ago

Now the 10$ question is… Will this release finally fix constant WiFi drops on some mediatek based devices.

maurer
maurer
4 months ago

nope – still there at least for me

Jerry
Jerry
3 months ago

Another $1 question is, does this finally have the DVB drivers for the tvheadend package they’re providing via opkg. It’s silly that you can install the package but need to build your own custom kernel to use it.

bluepuma77
bluepuma77
4 months ago

One thing I don’t understand: Why is a GL.iNet GL-MT3000 not listed in the “Table of Hardware” (1), but it does have an image to download (2).

  1. https://openwrt.org/toh/start?dataflt%5BBrand*%7E%5D=GL.iNet
  2. https://downloads.openwrt.org/releases/23.05.0/targets/mediatek/filogic/
Ray Knight
Ray Knight
4 months ago

The Table Of Hardware is user maintained. No user has added it yet. Only some developers take the time to update their submissions to the Wiki. I sometimes update the Table Of Hardware when I notice missing items, but have not had time recently.

Khadas VIM4 SBC