OpenWrt 23.05 open-source Linux operating system for routers and resource-constrained headless embedded systems has just been released with over 4300 commits since the release of OpenWrt 22.03 a little over a year ago.
The new release now supports over 1790 devices or about over 200 new devices compared to the OpenWrt 22.03 release with notable new targets including the ipq807x target for the Qualcomm IPQ807x WiFi 6 SoCs, the mediatek/filogic subtarget for the Mediatek Filogic 830 and 630 SoCs, and the sifiveu target for the HiFive Unleashed and Unmatched RISC-V development boards.
OpenWrt 23.05 switches from wolfSSL to MbedTLS as default because the latter has a much smaller footprint and offers a more stable ABI (application binary interface) and LTS releases, but it does lack support for TLS 1.3, so users who need the latter may still switch to wolfSSL if needed.
Another highlight of the new OpenWrt release is support for packages written with the Rust programming language, and some examples include bottom, maturin, aardvark-dns, and ripgrep.
Core components have been updated with Linux 5.15.134 now used for all targets as well as busybox 1.36.1, an upgraded toolchain relying on musl libc 1.2.4, glibc 2.37, gcc 12.3.0, and inutils 2.40, and for networking OpenWrt 23.05 now uses hostapd master snapshot from September 2023, dnsmasq 2.89, dropbear 2022.82, and cfg80211/mac80211 from kernel 6.1.24.
The migration from migrated from swconfig to DSA configuration that took place in OpenWrt 21.02 and OpenWrt 22.03, is not an issue anymore in OpenWrt 23.05, and most people should be able to upgrade from OpenWrt 22.03 through the sysupgrade utility which will do its best to preserve the configuration. The developers still recommend backing up the configuration before going ahead with the upgrade just in case. You can also download binary images for your target(s) for a new installation.
Further details may be found in the official announcement.
Via Phoronix
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
Great news!
Still 2 things I don’t understand:
Why would you choose for a router a default TLS implementation that lacks the most modern issue of the standard and thus presumably the most secure implementation?
Why staying with an old kernel and backporting large chunks from a newer kernel instead of directly using an up to date kernel? I would understand falling back to an older kernel for some architectures not supporting a modern kernel, but taking all platforms hostage??
I think a lot of people would take issue with “more modern = more secure” – the counter argument is that people have had such a long time to look at the old one, so it’s more likely that any issues have been discovered.
Also, the 5.15 kernel is receiving updates until oct 2026. So they are again choosing long-term stability over new features. For a router this makes sense to me.
Yes peope had more time to look at Version 1.2 of the TLS Protocoll, and thats why they decided to create a new version of the protocoll to improve upon the older version. TLS 1.3 is likely much more secure as it removes things like DES and MD5 from the specification.
Well TLS 1.3 definitely should have got enough scrutiny by now. It’s well introduced in the net…
Well obviously 5.15 doesn’t cut the cake, else noone would back port the 802.11 subsystem from a newer kernel.
As TLS mentioned it below, it must again be due to the usual suspects amongst the SOC suppliers working with “smelly BSPs” as TKaiser calls them.
Yeah, router are something of a special case and back in the bad old days, you couldn’t even update from one major kernel to another. We got screwed that way by a router SoC maker when I worked at a router manufacturer. They promised kernel 3.x and then we were told that “oh, no, we didn’t mean you could update from 2.x to 3.x, the 3.x kernel has to be factory installed”. Also, routers tend to be a generation or two behind kernel wise and it’s often impossible to use drivers for an older kernel with a later kernel, which… Read more »
Well seeing continuous mainlining efforts on some SOCs I’d expect a bleeding edge kernel to be more promising, at least I got that impression while following the bringing up of some semi recent IPQ based router. There the main issues came IMHO from the outdated openWRT kernel backporting orgy…
Now the 10$ question is… Will this release finally fix constant WiFi drops on some mediatek based devices.
nope – still there at least for me
Another $1 question is, does this finally have the DVB drivers for the tvheadend package they’re providing via opkg. It’s silly that you can install the package but need to build your own custom kernel to use it.
One thing I don’t understand: Why is a GL.iNet GL-MT3000 not listed in the “Table of Hardware” (1), but it does have an image to download (2).
The Table Of Hardware is user maintained. No user has added it yet. Only some developers take the time to update their submissions to the Wiki. I sometimes update the Table Of Hardware when I notice missing items, but have not had time recently.