Table of Contents

OpenWrt 23.05.0-rc3 Changelog

This changelog lists all commits done in OpenWrt since the v23.05.0-rc2 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 23.05.0-rc3 release.

See also the release notes that provide a more accessible overview of the main changes in 23.05.0-rc3.

Build System / Buildroot (16 changes)

c719dfd kernel: bump 5.15 to 5.15.119 (+131,-131)
27f68a3 kernel: fix KernelPackage when all KCONFIG are versioned (+1,-1)
5678bb8 kernel: bump 5.15 to 5.15.120 (+8,-8)
977ee43 image: add additional fields to Netgear encrypted image (+26,-2)
50507f5 scripts/mkits.sh: DT overlays don't need a loadaddr (-7)
4ab8abf build: fix generation of large .vdi images (+8,-2)
476bf13 mediatek: add support for ZyXEL NWA50AX Pro (+298,-1)
5ded0a3 scripts: use sep-char for hash nodes (+10,-10)
7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)
795a5dd kernel: bump 5.15 to 5.15.124 (+46,-41)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)
a23aa1c kernel: bump 5.15 to 5.15.126 (+11,-7)
c57275d scripts: qemustart: Fix x86/legacy bootup (+2,-2)
097d689 kernel: bump 5.15 to 5.15.127 (+26,-26)
6eb6a75 kernel: modules: add xdp-sockets-diag support (+32)
2c69d3e kernel: default ARM_PMU on for armsr/armv8 (+1)

Build System / Host Utilities (2 changes)

2cece6e firmware-utils: bump to git HEAD (+3,-3)
1d42292 tplink-safeloader: Add TP-Link Archer A6 V3.20 (+3,-1)
3338f53 tplink-safeloader: add TL-WPA8635P v3 (+4,-3)
17ca5ee tplink-safeloader: add TL-WPA8631P v4 (+1)
f730ad2 bcmblob: new tool for reading Broadcom's BLOBs (+456)
cb1ddac firmware-utils: fix typo in error message when no OpenSSL library found (+1,-1)
9166331 bcmclm: new tool for reading Broadcom's CLM data (+338)
a2d49fb tplink-safeloader: add RU support-list entry for Archer C6U v1 (+2,-1)
bb12cf5 tplink-safeloader: Add support for TP-Link Deco M5 The special_id values are ... (+81)
9e2de85 tplink-safeloader: add EAP610 v3 and EAP613 v1 (+33)
f147569 patchelf: Revert "tools/patchelf: update to 0.18.0" (+2,-2)

Build System / Image Builder (1 change)

b58955e ib: split out processing user provided packages (+3,-1)

Build System / SDK (1 change)

b52cfba sdk: rename README + update Makefile (+1,-1)

Build System / Toolchain (1 change)

26093cb fortify-headers: add __extension__ mark to strings.h (+29)

Kernel (20 changes)

c719dfd kernel: bump 5.15 to 5.15.119 (+131,-131)
0d324c6 generic: filter out CONFIG_FRAME_WARN (+1)
5678bb8 kernel: bump 5.15 to 5.15.120 (+8,-8)
ac2d6cf kernel: sort generic configuration (+1,-1)
f4e1f99 kernel: net: phy: realtek: fix rtl822x_probe on unsupported devices (+5,-21)
ef7d800 kernel: backport NVMEM patches queued for the v6.5 (+920,-1)
a210fce kernel: bgmac: fix regressed support for BCM53573 SoCs (+45)
339e71c kernel: drop mips highmem offset start overrides (-38)
21f0ab5 kernel: move NXP DPAA2 SFP patches to generic patches (+2,-2)
7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)
e723cb6 kernel: netdevices: add driver for Marvell 10G Ethernet PHYs (+18)
795a5dd kernel: bump 5.15 to 5.15.124 (+46,-41)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)
40f9514 kernel: Autoload nvme at preinit time (+1,-1)
320cfa7 kernel: netsupport: Add kmod-sched-skbprio (+12)
0ecf7a3 generic: 5.15: rename patches to match correct version ()
b59d02b generic: backport fix for Winbond SPI NAND (+49)
a23aa1c kernel: bump 5.15 to 5.15.126 (+11,-7)
097d689 kernel: bump 5.15 to 5.15.127 (+26,-26)
6eb6a75 kernel: modules: add xdp-sockets-diag support (+32)

Packages / Boot Loaders (22 changes)

42c9978 uboot-envtools: Add u-boot env config for GL-MT3000 (+3)
7ff9577 mediatek: add support for Mercusys MR90X v1 (+361)
436ef37 ramips: add support for Sercomm S1500 devices (+568,-8)
4a79a94 mxs: rework image generation (+65,-103)
23d6474 mediatek: add support for Netgear EX6250v2 series (+281,-1)
f7daeec uboot-mediatek: add H3C Magic NX30 Pro support (+454)
5bd5be0 uboot-mediatek: support classic uImage.FIT with internal images in imszb (+3,-4)
68a4c60 layerscape: armv8_64b: add Traverse Ten64 NAND variant (+93,-1)
cef98ca layerscape: remove Traverse LS1043 boards (-739)
017827e uboot-mvebu: update to version 2023.07.02 (+2,-2)
d0fc9e9 uboot-mediatek: add support for Xiaomi WR30U (+471)
34d8913 mediatek: filogic: add specific layout for WR30U (+44)
6ad85a6 arm-trusted-firmware-tools: update to version 2.9 (+2,-2)
513ab38 arm-trusted-firmware-mediatek: update to sources of 2023-07-24 (+142,-5)
67a8a5c fix(morello): dts: fix stdout-path target (+1,-1)
30df890 fix(morello): dts: add model names (+4,-2)
5016ee4 fix(morello): dts: fix SMMU IRQ ordering (+6,-6)
fba729b fix(morello): dts: fix DP SMMU IRQ ordering (+3,-3)
3169572 fix(morello): dts: use documented DPU compatible string (+1,-1)
8aeb1fc fix(morello): dts: fix SCMI shmem/mboxes grouping (+4,-4)
41c310b fix(morello): dts: fix DT node naming (+8,-8)
982f258 fix(morello): dts: fix GICv3 compatible string (+1,-1)
f33e113 fix(morello): dts: remove #a-c and #s-c from memory node (-8)
a78b3b3 feat(gicv3): validate multichip data for GIC-700 (+117,-5)
7d9648d fix(ufs): fix slot base address computation (+1,-1)
9d6d1a9 fix(ufs): init utrlba/utrlbau with desc_base (+10,-17)
dddf428 feat(bl): add interface to query TF-A semantic ver (+16,-3)
df56e9d fix(bl31): pass the EA bit to 'delegate_sync_ea' (+1,-5)
4d879e1 fix(lib/psa): update measured boot handle (+1,-5)
14a6fed fix(errata): workaround for Neoverse-V1 erratum 1618635 (+98)
⇒ + 1304 more...
ecfb961 arm-trusted-firmware-mediatek: fix PKG_MIRROR_HASH (+1,-1)
6553b1c uboot-mediatek: update to version 2023.07.02 (+117,-459)
b7e9445 uboot-mediatek: add patches for MT7988 and builds for RFB (+9.0K,-13)
0415aba uboot-mediatek: add missing 'memory' nodes to downstream boards (+36,-6)
d25b543 uboot-mediatek: fix build for MT7629 (+47)
f241408 arm-trusted-firmware-tools: fix build on macOS/Darwin (+21)
dd00bcb uboot-mediatek: bpi-r3: prepare for larger FIT structures (+4,-4)
4e066f1 uboot-envtools: add u-boot env config for Xiaomi mi-mini (+4)

Packages / Common (18 changes)

f9fadb8 libnl-tiny: update to latest git HEAD (+3,-3)
d433990 Make struct nla_policy and struct nlattr const (+41,-41)
f2a9897 wolfssl: update to 5.6.3 (+31,-6)
8d7d9aa hostapd: update to 2023-06-22 (+162,-202)
bb45602 Add QCA vendor attribute to configure list of allowed frequencies for AP (+27)
44c38af Add QCA vendor interface to get connected channels utilization (+17)
302d761 Add QCA vendor feature flag for allowed frequency list (+4)
921f82c Sync with wireless-next.git include/uapi/linux/nl80211.h (+23,-1)
8f1d384 RNR: Skip interfaces on the same radio for MBSSID (+4,-2)
5d06ace RNR: Add elements by default for EMA AP (+136,-22)
ac54b61 nl80211: Support for RNR elements (+22)
07a7bcd WMM: Advertise support for 16 PTKSA replay counters for non-AP STA (+32,-5)
9bad3c9 tests: Update server and user certificates (2023) (+315,-307)
9932ff3 Allowed frequency list configuration for AP operation (+94,-7)
e891245 Export wpa_supplicant config item 'he' for external configuration (+2,-1)
f8931fc hostapd: Restore the flow of set beacon and WPA key init (+3,-3)
c70405c MLD STA: Do not fail on unknown IEs in Authentication frames (+2,-2)
6002fe8 SAE: Fix expected AP MLD address info in a debug print (+2,-1)
b171c5e Update QCA LL_STATS vendor command (+68,-15)
c858a63 Add a vendor specific roam status of background scan abort (+3)
⇒ + 107 more...
2f71a7e libnftnl: update to 1.2.6 (+3,-3)
0b08707 nftables: update to 1.0.8 (+2,-2)
b607cd3 libbpf: Update to v1.2.2 (+3,-3)
e4d3827 libbpf: only reset sec_def handler when necessary (+19,-8)
dfc9c8b libbpf: v1.2.1 bug fix version bump (+1,-1)
4c98b37 libbpf: Fix realloc API handling in zero-sized edge cases (+16,-4)
1728e3e libbpf: v1.2.2 bug fix version bump (+1,-1)
476bf13 mediatek: add support for ZyXEL NWA50AX Pro (+298,-1)
ee910d1 dropbear: add ed25519 for failsafe key (+3,-2)
77b8ce6 libnl-tiny: update to latest Git HEAD (+6,-6)
bc92a28 build: allow passing SOVERSION value for dynamic library (+5)
e0d5621 openssl: opt-out of lto usage (+2,-2)
11b0c43 openssl: update to 3.0.10 (+4,-4)
4a3c66a e2fsprogs: do not symlink tune2fs to findfs (-1)
a5b03a3 lua: fix integer overflow in LNUM patch (+16,-16)
e997456 util-linux: enable colrm util as package (+17)
1a33e4b perf: opt-out of lto usage (+2,-2)
58d838d mbedtls: Update to version 2.28.4 (+5,-5)
482c57a hostapd: add fix for dealing with VHT 160 MHz via ext nss bw (+156,-15)
5deed17 hostapd: revert upstream commit to fix #13156 (+63)

Packages / Firmware (8 changes)

023a885 ipq4019: add support for ZTE MF287+ aka DreiNeo (+410)
c54ec81 linux-firmware: ibt-firmware: install sfi/ddc files for AX210 card (+3,-1)
894b208 ipq-wifi: fix upstream board-2.bin ZTE M289F snafu (+4,-2)
57e7188 linux-firmware: update to 20230625 (+3,-3)
23953cf ath11k-firmware: update to stable WLAN.HK.2.9.0.1-01837 (+5,-5)
fa3a56a linux-firmware: update to 20230804 (+2,-2)
9d10944 firmware: intel-microcode: update to 20230808 (+2,-2)
1aeb247 linux-firmware: Update Intel AX200 and AX210 firmware (+2,-2)

Packages / OpenWrt network userland (3 changes)

2b889aa uqmi: support split-APN IPv4 and IPv6 dual-stack (+11,-6)
e54e5bc uqmi: do not start 464xlat for dual-stack configurations (+1)
a88795a iwinfo: update to latest git HEAD (+4,-4)
d1f07cf devices: add device id for Atheros AR9287 and AR9380 (+2)
65ea345 nl80211: constify a few arrays (+14,-14)
ca79f64 lib: report byte counters as 64 bit values (+12,-4)

Packages / OpenWrt system userland (4 changes)

6984add procd: update to latest git HEAD (+3,-3)
122a5e3 Revert "sysupgrade: print errno on failure" (+1,-3)
2db8365 system: add RISC-V CPU info (+6)
b52b6c5 rpcd: update to latest git HEAD (+3,-3)
31c3907 file: strengthen exec access control (+5,-2)
2650ae4 rpcd: update to latest git HEAD (+3,-3)
c07ab2f iwinfo: update byte counter to 64bit (+2,-2)
0904059 uci: update to git HEAD (+3,-3)
3cda251 file: Fix uci -m import command (+1,-1)
5781664 remove internal usage of redundant uci_ptr.last (+32,-65)

Target / airoha (1 change)

ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / armsr (18 changes)

62496e9 armsr: v8: fix NVMEM_IMX_OCOTP_ELE build error (+1)
21f0ab5 kernel: move NXP DPAA2 SFP patches to generic patches (+2,-2)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)
79d669d armsr: remove redundant phy-marvell-10g module (-11)
e306e46 armsr: armv8: sync Arm64 erratum options with kernel defconfig (+28)
88e7fe8 armsr: armv8: enable KVM host (+6)
f517d8a armsr: armv8: sync CPU features, EFI, CMA and scheduler options with Linux de... (+44,-1)
14f7254 armsr: enable ACPI_BUTTON (+1)
cb0534d armsr: armv8: enable CONFIG_ARCH_RENESAS (+67)
24b35fd armsr: armv8: enable Broadcom arch'es (+60)
daf99a1 armsr: armv8: synchronize PCIE related options with arm64 defconfig (+20)
dfb159c armsr: armv8: enable AHCI/SATA controllers for mvebu,qoriq,juno (+3)
80d1eb4 armsr: armv8: add Broadcom GENET and MDIO modules (+22)
3477c79 armsr: armv8: add bcmgenet (Raspberry Pi 4 GENET) to profile (+2,-1)
2a46bd9 armsr: add Marvell (Cavium) ThunderX2 network driver (+21,-3)
3c316f3 armsr: armv8: package and select MDIO driver for Thunder SoC's (+13,-1)
cebed31 armsr: armv8: fix invalid symbol value for FSL_ENETC_QOS (+1,-1)
a506859 armsr: add kmod-sfp to default device profile (+1,-1)

Target / ath25 (1 change)

ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / ath79 (9 changes)

c719dfd kernel: bump 5.15 to 5.15.119 (+131,-131)
fbb4aac zbt-wd323: add GPIO WDT support (+8)
7bb616d ath79: mikrotik: extract common bits for RB951x-2HnD devices (+83,-80)
98b397d ath79: add support for MikroTik RB951G-2HnD (+70)
b7fac1b ath79: DTS improvement for buzzer on RB951G-2HnD (+6)
7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)
795a5dd kernel: bump 5.15 to 5.15.124 (+46,-41)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)
ac34f64 ath79: move ubnt-xm 64M RAM boards back to generic (+33,-31)

Target / bcm27xx (3 changes)

c719dfd kernel: bump 5.15 to 5.15.119 (+131,-131)
7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)
795a5dd kernel: bump 5.15 to 5.15.124 (+46,-41)

Target / bcm47xx (2 changes)

e341d51 bcm47xx: fix bgmac MTU patch filename ()
7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)

Target / bcm4908 (2 changes)

7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)
a23aa1c kernel: bump 5.15 to 5.15.126 (+11,-7)

Target / bcm53xx (5 changes)

a4792d7 bcm53xx: backport DT changes from v6.5 (+4.6K,-9)
b32a4bc bcm53xx: backport DT changes queued for v6.6 (+450,-4)
3bac348 bcm53xx: add BCM53573 Ethernet fix sent upstream for v6.6 (+28)
e0c4da1 bcm53xx: backport more DT changes queued for v6.6 (+290,-28)
7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)

Target / bcm63xx (2 changes)

c719dfd kernel: bump 5.15 to 5.15.119 (+131,-131)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / bmips (1 change)

ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / imx (1 change)

ef7d800 kernel: backport NVMEM patches queued for the v6.5 (+920,-1)

Target / ipq40xx (10 changes)

a9c92b9 ipq40xx: Enable gpio-restart in kernel configuration (+1)
023a885 ipq4019: add support for ZTE MF287+ aka DreiNeo (+410)
894b208 ipq-wifi: fix upstream board-2.bin ZTE M289F snafu (+4,-2)
1face85 ipq40xx: move Teltonika RUT STM32 IO to specific DTS (+37,-37)
897d55b ipq40xx: add support for Teltonika RUTX50 (+203,-2)
680a4c7 ipq4019: fix support for AVM FRITZ!Repeater 3000 (+3)
7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)
73aa78c ipq40xx: commonize Meraki recipe (+7,-8)
5cecf9a ipq40xx: meraki: remove swconfig in DEVICE_PACKAGES (+1,-1)
4956ff4 ipq40xx: meraki: define DTB load address (+1,-2)

Target / ipq806x (1 change)

ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / ipq807x (1 change)

7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)

Target / lantiq (2 changes)

9d15bae lantiq: add patches headers (+129,-32)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / layerscape (5 changes)

ef7d800 kernel: backport NVMEM patches queued for the v6.5 (+920,-1)
68a4c60 layerscape: armv8_64b: add Traverse Ten64 NAND variant (+93,-1)
cef98ca layerscape: remove Traverse LS1043 boards (-739)
6a89cfa layerscape: base-files: remove redundant RAMFS_COPY_* additions (+2,-2)
795a5dd kernel: bump 5.15 to 5.15.124 (+46,-41)

Target / mediatek (26 changes)

7ff9577 mediatek: add support for Mercusys MR90X v1 (+361)
fa1822a mediatek: define NMBM management region for WAX220 (+5)
5678bb8 kernel: bump 5.15 to 5.15.120 (+8,-8)
977ee43 image: add additional fields to Netgear encrypted image (+26,-2)
23d6474 mediatek: add support for Netgear EX6250v2 series (+281,-1)
cf81850 mediatek: filogic: add H3C Magic NX30 Pro support (+278)
0af05cd mediatek: dts: mt7988a: wire-up mediatek,pio for PHY LEDs (+2,-1)
6092c39 mediatek: use backported Ethernet PHY driver also for 5.15 (+1.4K,-1.3K)
f94cda0 mediatek: dts: mt7988a: remove boottrap hack (-5)
40a2623 mediatek: replace hack for MaxLinear 2.5G PHY (+63,-166)
b28d740 mediatek: filogic: set DEVICE_DTS_LOADADDR for BPi-R3 (+1)
476bf13 mediatek: add support for ZyXEL NWA50AX Pro (+298,-1)
65c1f41 kernel: update patches for mediatek filogic (+1,-1)
7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)
c697057 mediatek: add support for Acer Predator W6 (+579)
0f0ea10 mediatek: filogic: add support for Xiaomi WR30U (+366,-3)
34d8913 mediatek: filogic: add specific layout for WR30U (+44)
5ae1b90 mediatek: filogic: fix broken sysupgrade script (+1)
34cd471 mediatek: filogic: enable driver for MediaTek XS-PHY (+1,-1)
830bb57 mediatek: filogic: sync pinctrl-mt7988 with MediaTek SDK (+300,-115)
c072069 mediatek: filogic: update MT7988 device tree (+394,-166)
ad2fa6b mediatek: filogic: restore non-const type in pinctrl-mt7988 driver (+17,-17)
795a5dd kernel: bump 5.15 to 5.15.124 (+46,-41)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)
452e4f0 mediatek: filogic: mt7988: mark RTC clock as critical (+8,-1)
a23aa1c kernel: bump 5.15 to 5.15.126 (+11,-7)

Target / mvebu (3 changes)

795a5dd kernel: bump 5.15 to 5.15.124 (+46,-41)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)
57bf52c mvebu: mcbin-singleshot: enable hearbeat LED by default (+22)

Target / mxs (1 change)

4a79a94 mxs: rework image generation (+65,-103)

Target / octeon (4 changes)

00d4a31 octeon: ubnt-edgerouter-e300: fix LED settings (+2,-2)
abe659e octeon: ubnt-edgerouter-e300: fix missing MTD partition (+22,-16)
345bce7 octeon: ubnt-edgerouter-4/6p: devicetree cleanup (+10,-30)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / octeontx (1 change)

7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)

Target / oxnas (1 change)

ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / ramips (12 changes)

5399d03 ramips: sercomm.mk: preparation for Sercomm s1500 devices support (+9,-5)
436ef37 ramips: add support for Sercomm S1500 devices (+568,-8)
cd878b1 ramips: mt7621: add TP-Link EAP613 v1 (+166)
c49654f ramips/mt7621: disable the cpufreq driver (+3,-7)
977ee43 image: add additional fields to Netgear encrypted image (+26,-2)
e5dea9e ramips: mt7621: disable highmem support and remove highmem offset patch (+19,-3)
339e71c kernel: drop mips highmem offset start overrides (-38)
3ac300c ramips: backport upstream mt762x PCIe driver error log fixes (+102)
ead5860 ramips: do not print error log when mdio bus is disabled (+1,-1)
7efec0a kernel: bump 5.15 to 5.15.123 (+214,-571)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)
5569b92 ramips: improve Xiaomi mi-mini indications (+4,-5)

Target / realtek (3 changes)

4ebba8a realtek: add support for HPE 1920-8g-poe+ (+154,-108)
795a5dd kernel: bump 5.15 to 5.15.124 (+46,-41)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / uml (1 change)

ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)

Target / x86 (4 changes)

e4d7917 x86: set CONFIG_X86_AMD_PLATFORM_DEVICE (+2,-2)
ec0ff92 kernel: bump 5.15 to 5.15.125 (+41,-39)
f28a2a5 x86: Activate CONFIG_PCIEASPM (+15)
dd30399 x86: Add virtualization time sync support (+10)

Wireless / Ath10k CT (1 change)

8d6a905 mac80211: partly revert force-mac80211 loss detection (+56,-36)

Wireless / Common (1 change)

8d6a905 mac80211: partly revert force-mac80211 loss detection (+56,-36)

Wireless / MT76 (5 changes)

649d9e3 mt76: update to the latest version (+4,-4)
2c9c8ff wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (+3)
3365c80 wifi: mt76: connac: fix stats->tx_bytes calculation (+3,-2)
b69d821 wifi: mt76: connac: do not check WED status for non-mmio devices (+3)
1f9cd65 wifi: mt76: mt7921e: fix probe timeout after reboot (+3,-3)
42dace9 wifi: mt76: mt7921: Fix use-after-free in fw features query. (+5,-2)
540adbb wifi: mt76: mt7921: add Netgear AXE3000 (A8000) support (+3)
150e2d0 wifi: mt76: mt7996: fix possible NULL pointer dereference in mt7996_mac_write... (+12,-7)
5b7519b wifi: mt76: mt7996: fix endianness of MT_TXD6_TX_RATE (+1,-1)
40f6e43 wifi: mt76: mt76x02: remove WEP support (-13)
84ea1a2 mt76: mt7921: don't assume adequate headroom for SDIO headers (+4)
5c28e17 wifi: mt76: mt7996: fix header translation logic (+9,-4)
2386cec wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (+38,-7)
748d4a2 wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (+40)
458ad0a wifi: mt76: enable UNII-4 channel 177 support (+1)
7fb0460 wifi: mt76: mt7915: fix background radar event being blocked (+1,-1)
d2a77a9 wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (+39,-13)
⇒ + 55 more...
7be76a9 mt76: fix download hash (+1,-1)
a70d030 mt76: update to the latest version (+3,-3)
f704e4f mt76: mt7915: fix copy&paste issue on capability check rework (+9,-8)
dc370ad mt76: update to the latest version (+3,-3)
bb3937d wifi: mt76: mt7915: remove VHT160 capability on MT7915 (-1)
4d88031 mt76: update to the latest version (+3,-3)
53edfc7 wifi: mt76: mt7603: fix beacon interval after disabling a single vif (+2,-1)
7ef4dd1 wifi: mt76: mt7603: fix tx filter/flush function (+28,-7)
152608a wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (+3,-3)
cacac39 wifi: mt76: split get_of_eeprom in subfunction (+35,-16)
cd3dfe3 wifi: mt76: add support for providing eeprom in nvmem cells (+37,-1)

Addressed bugs

FS#3527 (#8558)

Description: On-Board Intel Bluetooth firmware not working due to two missing files
Link: https://github.com/openwrt/openwrt/issues/8558
Commits:
c54ec81 linux-firmware: ibt-firmware: install sfi/ddc files for AX210 card (+3,-1)

#12661

Description: MT7921u drivers hangs when starts access point
Link: https://github.com/openwrt/openwrt/issues/12661
Commits:
8d7d9aa hostapd: update to 2023-06-22 (+162,-202)
bb45602 Add QCA vendor attribute to configure list of allowed frequencies for AP (+27)
44c38af Add QCA vendor interface to get connected channels utilization (+17)
302d761 Add QCA vendor feature flag for allowed frequency list (+4)
921f82c Sync with wireless-next.git include/uapi/linux/nl80211.h (+23,-1)
8f1d384 RNR: Skip interfaces on the same radio for MBSSID (+4,-2)
5d06ace RNR: Add elements by default for EMA AP (+136,-22)
ac54b61 nl80211: Support for RNR elements (+22)
07a7bcd WMM: Advertise support for 16 PTKSA replay counters for non-AP STA (+32,-5)
9bad3c9 tests: Update server and user certificates (2023) (+315,-307)
9932ff3 Allowed frequency list configuration for AP operation (+94,-7)
e891245 Export wpa_supplicant config item 'he' for external configuration (+2,-1)
f8931fc hostapd: Restore the flow of set beacon and WPA key init (+3,-3)
c70405c MLD STA: Do not fail on unknown IEs in Authentication frames (+2,-2)
6002fe8 SAE: Fix expected AP MLD address info in a debug print (+2,-1)
b171c5e Update QCA LL_STATS vendor command (+68,-15)
c858a63 Add a vendor specific roam status of background scan abort (+3)
⇒ + 107 more...

#12886

Description: [23.05-rc1] ipq40xx: zte_mf289f: ath10k_ahb: could not probe fw (-110)
Link: https://github.com/openwrt/openwrt/issues/12886
Commits:
894b208 ipq-wifi: fix upstream board-2.bin ZTE M289F snafu (+4,-2)

#13056

Description: Error building VDI image on latest Arch Linux
Link: https://github.com/openwrt/openwrt/issues/13056
Commits:
4ab8abf build: fix generation of large .vdi images (+8,-2)

#13082

Description: Trying to install anything that has libnl-tiny as dependency fails
Link: https://github.com/openwrt/openwrt/issues/13082
Commits:
77b8ce6 libnl-tiny: update to latest Git HEAD (+6,-6)
bc92a28 build: allow passing SOVERSION value for dynamic library (+5)

#13102

Description: patchelf failed to compile with gcc-10.2
Link: https://github.com/openwrt/openwrt/issues/13102
Commits:
f147569 patchelf: Revert "tools/patchelf: update to 0.18.0" (+2,-2)

#13156

Description: [23.05-SNAPSHOT] filogic: WPA2+WPA3 Unable to connect periodically
Link: https://github.com/openwrt/openwrt/issues/13156
Commits:
5deed17 hostapd: revert upstream commit to fix #13156 (+63)

#13248

Description: r8169 ASPM issues on x86
Link: https://github.com/openwrt/openwrt/issues/13248
Commits:
f28a2a5 x86: Activate CONFIG_PCIEASPM (+15)

#13277

Description: Hyper-V integration degraded in 23.05.0 RCs, hv_utils not loaded
Link: https://github.com/openwrt/openwrt/issues/13277
Commits:
dd30399 x86: Add virtualization time sync support (+10)

Security fixes

CVE-2022-40982

Description: Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982
Commits:
9d10944 firmware: intel-microcode: update to 20230808 (+2,-2)

CVE-2022-41804

Description: Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41804
Commits:
9d10944 firmware: intel-microcode: update to 20230808 (+2,-2)

CVE-2023-2975

Description: Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2975
Commits:
11b0c43 openssl: update to 3.0.10 (+4,-4)

CVE-2023-3446

Description: Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
Commits:
11b0c43 openssl: update to 3.0.10 (+4,-4)

CVE-2023-3817

Description: Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
Commits:
11b0c43 openssl: update to 3.0.10 (+4,-4)

CVE-2023-23908

Description: Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23908
Commits:
9d10944 firmware: intel-microcode: update to 20230808 (+2,-2)