OpenWrt 19.07

OpenWrt 19.07.10 — Service Release · 20 April 2022

Main changes from OpenWrt 19.07.9

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.10 for the full changelog.

Security fixes

• wolfssl: Fix multiple security problems (CVE-2022-25638, CVE-2022-25640)
• openssl: Fix security problem (CVE-2022-0778)
• zlib: Backport security fix for a reproducible crash in compressor

Major bug fixes

No major bug fixes in this release

Device support

• OCEDO Raccoon: Fix link for long cables with
• MikroTik wAP: Fix device detection

Various fixes and improvements

• imagebuilder: Fix broken image generation with external targets
• imagebuilder: Fix partition signature
• patchelf: Backport fix for rpath endianness
• base-files: Call “sync” after initial setup
• ubus: backport Fixes for UAF and other issues

Core components

• Update Linux kernel from 4.14.167 to 4.14.275
• Update mac80211 from 4.19.221-1 to 4.19.237-1
• Update openssl from 1.1.1m to 1.1.1n
• Update wolfssl from 4.7.0 to 5.2.0

Regressions

• at91 images are not created any more because the build needs Python.h which is not installed on the build bots.
  • To fix this issue export the missing environmental variable before using the ImageBuilder: export SOURCE_DATE_EPOCH=1
• oxnas/ox820 images are not created any more because of a build problem

Known issues

• Transition to ath79: some devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: conversely, certain images for devices with small flash (4 MB) are no longer built for the release

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.9 — Service Release · 25 February 2022

Main changes from OpenWrt 19.07.8

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.9 for the full changelog.

Security fixes

• hostapd: Apply SAE/EAP-pwd side-channel attack update 2 (CVE-2022-23303, CVE-2022-23304)
• mbedtls: Update to version 2.16.12 to fix CVE-2021-44732
• tcpdump: fix CVE-2018-16301
• openssl: fix SM2 Decryption Buffer Overflow (CVE-2021-3711) and Read buffer overruns processing ASN.1 strings (CVE-2021-3712)

Major bug fixes

No major bug fixes in this release

Device support

• uboot-lantiq: danube: fix hanging lzma kernel uncompression
• ar71xx: mikrotik: rb91x: fix 10M ethernet link speed

Various fixes and improvements

• Update wireless-regdb to account for new regulatory rules (6 GHz, 60 GHz, and various other fixes)
• sdk: fix missing include directories
• Various fixes when building with GCC 10

See https://openwrt.org/releases/19.07/releases/19.07/changelog-19.07.9#addressed_bugs for a complete list of bug fixes.

Core components

• Update Linux kernel from 4.14.241 to 4.14.267
• Update mac80211 from 4.19.193-1 to 4.19.221-1
• Update openssl from 1.1.1k to 1.1.1m
• Update mbedtls from 2.16.10 to 2.16.12

Regressions

• at91 images are not created any more because the build needs Python.h which is not installed on the build bots.
  • To fix this issue export the missing environmental variable before using the ImageBuilder: export SOURCE_DATE_EPOCH=1

Known issues

• Transition to ath79: some devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: conversely, certain images for devices with small flash (4 MB) are no longer built for the release

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.8 — Service Release · 7 August 2021

OpenWrt firmware selector

We have a new tool, the Firmware Selector, that makes it easy to find the appropriate firmware image for your device.

Try it at: https://firmware-selector.openwrt.org/

Feedback is welcome on the dedicated forum thread.

Main changes from OpenWrt 19.07.7

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.8 for the full changelog.

Security fixes

• Fix FragAttacks (fragmentation and aggregation attacks) vulnerabilities in cfg80211, mac80211, ath10k and ath10k-ct
  • We are not sure if some closed source firmware files are still affected by these problems.
• Security Advisory 2021-08-01-1 - XSS via missing input validation of host names displayed (CVE-2021-32019)
• Security Advisory 2021-08-01-2 - Stored XSS in hostname UCI variable (CVE-2021-33425)
• Security Advisory 2021-08-01-3 - luci-app-ddns: Multiple authenticated RCEs (CVE-2021-28961)
• Various security fixes in packages

Note: security fixes for most packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.

Nevertheless, we encourage all users to upgrade their devices to OpenWrt 19.07.8 or later versions whenever possible.

Major bug fixes

• Minor bugfixes to support GCC 11 as host compiler

Device support

• TP-Link C7v5 allow flashing from vendor firmware bigger than v1.1
• FRIZZ!Box 7320 Activate power supply to USB ports.

Various fixes and improvements

• Only pack the signing keys for OpenWrt 19.07 and 21.02 and not the personal keys any more.

See https://openwrt.org/releases/19.07/releases/19.07/changelog-19.07.8#addressed_bugs for a complete list of bug fixes.

Core components

• Update Linux kernel from 4.14.221 to 4.14.241
• Update mac80211 from 4.19.161-1 to 4.19.193-1
• Update ath10k-ct 4.19 driver from 2019-09-09 to 2021-06-03
• Update OpenVPN from 2.4.7 to 2.4.11
• Update openssl from 1.1.1i to 1.1.1k
• Update mbedtls from 2.16.9 to 2.16.10
• Update wolfssl from 4.6.0 to 4.7.0

Regressions

• at91 images are not created any more because the build needs Python.h which is not installed on the build bots.

Known issues

• Transition to ath79: some devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: conversely, certain images for devices with small flash (4 MB) are no longer built for the release

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.7 — Service Release · 18 February 2021

OpenWrt firmware selector

We have a new tool, the Firmware Selector, that makes it easy to find the appropriate firmware image for your device.

Try it at: https://firmware-selector.openwrt.org/

Feedback is welcome on the dedicated forum thread.

Main changes from OpenWrt 19.07.6

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.7 for the full changelog.

Security fixes

• Security Advisory 2021-02-02-1 - netifd and odhcp6c routing loop on IPv6 point to point links (CVE-2021-22161)
• Security Advisory 2021-02-02-2 - wolfSSL heap buffer overflow in RsaPad_PSS (CVE-2020-36177)
• Various security fixes in packages

Note: security fixes for most packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.

Nevertheless, we encourage all users to upgrade their devices to OpenWrt 19.07.7 or later versions whenever possible.

Major bug fixes

• Fix dnsmasq error messages such as failed to send packet: Network unreachable or failed to send packet: Address family not supported by protocol that could be filling up logs. This was a regression caused by the dnsmasq update in 19.07.6.
• Fix opkg so that it purges obsolete packages from its local cache. This fixes a long-standing issue in the ImageBuilder where a manual cleanup was needed before rebuilding: FS#2690

Device support

• Improve stability of mediatek Ethernet switch (affects many mt7621 devices): FS#2628
• Fix Wi-Fi band detection on some Broadcom-based devices
• Fix poor 2.4 GHz Wi-Fi performance on TP-Link Archer C50 v4 due to a missing EEPROM chip ID: FS#2781
• Make initramfs image usable out-of-the-box on Turris Omnia
• Use full flash size on Nucom R5010UN v2
• Fix support for TP-Link TL-WR810N v1 in ath79: FS#3522
• Remove broken factory image for TP-Link Archer C2 v1
• Fix unintended failsafe mode during boot on Netgear EX6150: FS#3590

Various fixes and improvements

• The ImageBuilder no longer requires compilers (gcc, g++) and libncurses-dev. This was partially implemented in 19.07.6 but one part was missing to make it actually work.
• Update to a new major version of ksmbd to fix several bugs. This breaks compatibility with previous versions of OpenWrt (19.07.0 to 19.07.6): it is no longer possible to install a working version of ksmbd-tools on previous versions of OpenWrt. Existing installations will keep working, but ksmbd-tools should not be upgraded with opkg. PR#14647

See https://openwrt.org/releases/19.07/releases/19.07/changelog-19.07.7#addressed_bugs for a complete list of bug fixes.

LuCI web interface

• Fix array sorting on Chrome: GH#4792
• Add nextdns.io and quad 101 providers to luci-app-https-dns-proxy package
• Update translations from weblate
• Several additional bug fixes and improvements

Core components

• Update Linux kernel from 4.14.215 to 4.14.221
• Update wolfssl from 4.5.0 to 4.6.0

Regressions

• kmod-fs-ksmbd has a dependency to the not existing package kmod-crypto-arc4. Installing kmod-fs-ksmbd returns this:
  • Run this to force the installation: GH#14771 to force the installation.

Known issues

• Transition to ath79: some devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: conversely, certain images for devices with small flash (4 MB) are no longer built for the release

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.6 — Service Release · 19 January 2021

OpenWrt firmware selector

We have a new tool, the Firmware Selector, that makes it easy to find the appropriate firmware image for your device.

Try it at: https://firmware-selector.openwrt.org/

Feedback is welcome on the dedicated forum thread.

Main changes from OpenWrt 19.07.5

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.6 for the full changelog.

Security fixes

• Security Advisory 2021-01-19-1 - dnsmasq multiple vulnerabilities (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687, CVE-2020-25684, CVE-2020-25685 and CVE-2020-25686)
• openssl: NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS attack. (CVE-2020-1971)
• Various security fixes in packages

Note: security fixes for most packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.

Nevertheless, we encourage all users to upgrade their devices to OpenWrt 19.07.6 or later versions whenever possible.

Major bug fixes

• Fix iOS 14 tethering problem

Device support

• Enable LED VCC for Asus RT-AC51U

LuCI web interface

• luci-mod-system: properly handle SSH pubkeys with options (GH#4684)
• luci-mod-network: properly handle wireless netdevs when creating interfaces
• Update translations from weblate
• Several additional bug fixes and improvements

Core components

• Update Linux kernel from 4.14.209 to 4.14.215
• Update mac80211 and wifi drivers from 4.19.137-1 to 4.19.161-1
• Update wireless-regdb from 2019.06.03 to 2020.11.20
• Update mbedtls from 2.16.8 to 2.16.9
• Update openssl from 1.1.1h to 1.1.1i

Regressions

• dnsmasq can print many error messages to the log, such as failed to send packet: Network unreachable or failed to send packet: Address family not supported by protocol. This will be fixed in 19.07.7.

Known issues

• Transition to ath79: some devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: conversely, certain images for devices with small flash (4 MB) are no longer built for the release

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.5 — Service Release · 9 December 2020

OpenWrt firmware selector

We have a new tool, the Firmware Selector, that makes it easy to find the appropriate firmware image for your device.

Try it at: https://firmware-selector.openwrt.org/

Feedback is welcome on the dedicated forum thread.

Main changes from OpenWrt 19.07.4

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.5 for the full changelog.

Security fixes

• Security Advisory 2020-12-09-2 - libuci import heap use after free (CVE-2020-28951)
• Security Advisory 2020-12-09-1 - Linux kernel - ICMP rate limiting can be used to facilitate DNS poisoning attack (CVE-2020-25705)
• musl: fix possible destination buffer overflow in some applications (CVE-2020-28928)
• Various security fixes in packages

Note: security fixes for most packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.

Nevertheless, we encourage all users to upgrade their devices to OpenWrt 19.07.5 or later versions whenever possible.

Major bug fixes

• Fix regression in 19.07.4 causing transmit timeout and packet loss on mt7620 devices: FS#3332
• Fix regression in 19.07.4 where VLAN tagging no longer works on ipq40xx devices: FS#3239
• Fix long-standing instability issue on Ethernet link on several ath79 devices: FS#2216, FS#2730, FS#3226

Device support

• Various fixes for My Net Range Extender, PowerCloud Systems CAP324, D-Link DIR-645, Quad-E4G
• Support newer version of Turris Omnia
• Fix ath9k firmware extraction for UniFi AP
• Fix MAC address assignment on UniFi AC family (UniFi AC Mesh, UniFi AC LR, UniFi Lite)
• Allow booting espressobin with a mainline firmware

Various fixes and improvements

• Fix support for 3G USB modems
• uhttpd: fix spurious keepalive connection timeouts
• firewall: fix parsing of boolean attributes
• mac80211: do not allow bigger VHT MPDUs than the hardware supports

See https://openwrt.org/releases/19.07/releases/19.07/changelog-19.07.5#addressed_bugs for a complete list of bug fixes.

LuCI web interface

• Set the fallback default of rollback timeout to 90s
• luci-app-firewall: fix removing networks from zone (GH#4523, GH#4573)
• rpcd-mod-luci: handle lease files from all dnsmasq/odhcpd sections (GH#911, GH#4303, GH#4308)
• luci-app-firewall: rules: add ICMPv6 Packet Too Big (Type 2)
• Update translations from weblate
• Several additional bug fixes and improvements

Core components

• Update Linux kernel from 4.14.195 to 4.14.209
• Update intel-microcode from 20190918 to 20200616
• Update amd-microcode from 20180524 to 20191218

Regressions

No regression known so far.

Known issues

• Transition to ath79: some devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: conversely, certain images for devices with small flash (4 MB) are no longer built for the release

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.4 — Service Release · 10 September 2020

Main changes from OpenWrt 19.07.3

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.4 for the full changelog.

Security fixes

• Various security fixes

Note: security fixes for packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.

Nevertheless, we encourage all users to upgrade their devices to OpenWrt 19.07.4 or later versions whenever possible.

Major bug fixes

• libubox: fix regression that could cause procd to fail to start or restart some services (FS#3177)
• musl: fix locking synchronization bug
• kernel: fix hardware flow offload
• firewall: fix TCP MSS clamping that was only applied on one direction (FS#3231)

Device support

New devices

• Backported support for several 4/32 devices in ath79: TP-Link TL-WR802N v1/v2, TL-WR940N v3/v4/v6, TL-WR941ND v6, TL-MR3420 v2, TL-WA701ND v1, TL-WA730RE v1, TL-WA830RE v1, TL-WA801ND v1/v3/v4, TL-WA901ND v1/v4/v5
• Add new device in ath79: TP-Link TL-WR710N v2.1

Existing devices

• Fix wifi range and throughput for WNDR3700, WNDR3800 (FS#3088)
• Fix broken support for TP-Link TL-WR902AC v1 (FS#3118), Pirelli A226M-FWB, Linksys EA8500, brcm63xx (Huawei EchoLife HG556a, Livebox, BCM6348/BCM6358 FS#2202)
• Fix network hang for all ipq4018 and ipq4019 devices, caused by buggy TCP segmentation offload support for IPv6
• Fix factory installation for Ubiquiti WA/XC devices and for TP-Link Archer C6 v2
• Improve SATA stability on oxnas devices
• Fix USB detection on all rt305x devices
• Various fixes for ELECOM WRC-1900GST and WRC-2533GST, GL.inet GL-AR150, Netgear DGND3700 v1, Netgear DGND3800B, Netgear WNR612 v2, TP-Link TL-WR802N v1/v2, TP-Link TL-MR3020, TP-Link TL-WR841ND v8, TP-Link CPE210 v3, Linksys WRT610N v2, mt7621 devices, ZyXEL P-2601HN-Fx, Astoria Networks ARV7518PW and ARV7510PW22, Arcor 802, Pogoplug v4, Fritzbox 3370, Fritzbox 7360, Fritzbox 7362, Xiaomi MiWiFi Mini, ZyXEL NBG6616, WIZnet WizFi630S, ClearFog Base/Pro, Arduino Yun, UniElec U7623
• Disable build by default for TP-Link devices with 4 MB of flash, because the default package set is too large (they have never been built successfully for 19.07.x beforehand anyway)

Various fixes and improvements

• build: create JSON files containing image information. This is useful for firmware wizards or any other tool that needs to process the list of built firmware images (TODO: link to documentation)
• wolfssl: Fix very time-consuming bignum operations that could cause WPA3/SAE operations to timeout
• Fix locking issue when calling /etc/init.d/network with broadcom-wl

See https://openwrt.org/releases/19.07/releases/19.07/changelog-19.07.4#addressed_bugs for a complete list of bug fixes.

LuCI web interface

• Reload ACL rules after installing LuCI packages
• Fix a regression in menu rendering, where a logout/login cycle or device reboot was required to make additional menu items appear after package installation (GH#4077)
• Allow themes to override the sysauth.htm template to customize authentication
• Update translations from weblate
• Several additional bug fixes and improvements

Core components

• Update Linux kernel from 4.14.180 to 4.14.195
• Update mac80211 from 4.19.120 to 4.19.137
• Update mbedtls from 2.16.6 to 2.16.8
• Update wolfssl from 4.3.0 to 4.5.0
• Update wireguard to 1.0.20200611
• Update ath10k-ct-firmware

Regressions

• Transmit timeout and packet loss on mt7620 devices (FS#3332). Already patched for the next service release.
• VLAN tagging no longer works on ipq40xx devices (FS#3239)
• Possible stability issue on ramips: report 1, report 2, report 3, FS#3338

Known issues

• Transition to ath79: some devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: conversely, certain images for devices with small flash (4 MB) are no longer built for the release
• Device support: unstable Ethernet link with atheros switch for some users on some ath79 devices (such as TL-WR841N): FS#2216, FS#2730
• LuCI web interface: some optional GUI packages crash with an error about missing “cbi.lua”, install the luci-compat package to fix these

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.3 — Service Release · 20 May 2020

Main changes from OpenWrt 19.07.2

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.3 for the full changelog.

Security fixes

• Security Advisory 2020-05-06-2 - relayd out-of-bounds reads of heap data and possible buffer overflow (CVE-2020-11752)
• Security Advisory 2020-05-06-1 - umdns out-of-bounds reads of heap data and possible buffer overflow (CVE-2020-11750)
• libjson-c: fix out of bounds write vulnerability (CVE-2020-12762)
• Other security fixes

Note: security fixes for packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.

Nevertheless, we encourage all users to upgrade their devices to OpenWrt 19.07.3 whenever possible.

Bug fixes

• opkg: reduce memory usage: this should fix “Out of memory” issues when running opkg update, see FS#2734
• Services: respawn rpcd automatically if it crashes or stops
• Services: fix DNSSEC+NTP chicken-and-egg workaround in dnsmasq

Device support

New devices

• Add support for Luxul XAP-1610 and Luxul XWR-3150
• Add support for more devices in ath79: TP-Link TL-WR740N v5, TP-Link Archer C60 v3, TP-Link WDR3500 v1, TP-Link TL-WA850RE v1, TP-Link TL-WA860RE v1, TP-Link TL-WDR4310 v1

Existing devices

• Fix ar71xx - ath79 sysupgrade for some devices: TP-Link TL-WA901ND v2, TP-Link TL-WDR4900 v2, TP-Link TL-WR810N v1/v2, TP-Link TL-WR842N/ND v1, TP-Link TL-WR740N v1/v2/v3/v4/v5, TP-Link TL-WR741N/ND v1/v2, TP-Link TL-WR743ND v1, TP-Link TL-WR841N/ND v5/v6, TP-Link TL-WR941N/ND v2/v3/v4
• Various fixes and improvements for several devices: AVM FRITZ Repeater 450E, TP-Link Archer C7, TP-Link Archer C60 v1/v2, TP-Link TL-MR3040 v2, GL.iNet GL-AR750S, Mikrotik RB951G-2HnD, ZyXEL Keenetic, Embedded Wireless Dorin, Traverse LS1043, SolidRun ClearFog
• Fix “Illegal instruction” issues on some mvebu (Marvell Armada 370 CPU) and tegra2 devices: Globalscale Mirabox, CompuLab TrimSlice, possibly others
• Fix factory images for bcm53xx-based Asus devices
• Fix hang after reboot on OXNAS devices
• Fix multicast traffic not reaching the CPU for devices with a ar8229/ar8236 switch (FS#2848)
• Fix support for the 256M variant of ZBT MT7621
• Improve extraction of wireless calibration data (ath9k/ath10k) on Mikrotik devices
• Optimise sysupgrade process on bcm53xx to save space on tmpfs

Various fixes and improvements

• Services: add scriptarp option to dnsmasq that allows to run scripts in /etc/hotplug.d/neigh/ on arp-add and arp-del events
• Kernel: backport out-of-memory fix for non-Ethernet devices
• Build: fix build with GCC 10

See https://openwrt.org/releases/19.07/releases/19.07/changelog-19.07.3#addressed_bugs for a complete list of bug fixes.

LuCI web interface

• Greatly improve loading performance when using LuCI with HTTPS (see uhttpd commit for details)
• Allow to configure WPA3 modes for Wi-Fi (#3363)
• Improve internationalisation by introducing support for plural translations and context
• Update translations from weblate
• Many additional bug fixes and improvements

Core components

• Update Linux kernel from 4.14.171 to 4.14.180
• Update mac80211 to version 4.19.120
• Update https://openwrt.org/releases/19.07/docs/techref/driver.wlan/mt76 Wi-Fi driver to latest version
• Update wireless-regdb
• Update fstools to latest version
• Update openssl to 1.1.1g
• Update mbedtls to 2.16.6

Regressions

• libubox regression: procd may fail to start or restart some services due to a regression in libubox (thread)

Known issues

• Transition to ath79: several devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: unstable Ethernet link with atheros switch on some ath79 devices (such as TL-WR841N): FS#2216, FS#2730
• LuCI web interface: some optional GUI packages crash with an error about missing “cbi.lua”, install the luci-compat package to fix these
• LuCI web interface: due to changes in menu rendering, a logout/login cycle or device reboot might be required to make additional menu items appears after package installation (GH#4077)

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.2 — Service Release · 6 March 2020

Main changes from OpenWrt 19.07.1

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.2 for the full changelog.

Security fixes

• Security Advisory 2020-02-21-1 - ppp buffer overflow vulnerability (CVE-2020-8597)
• Other security fixes

Bug fixes and improvements

• Services: fix a libubox regression in 19.07.1 that caused umdns to stop working (FS#2833)

Device support

• Fix ar71xx - ath79 sysupgrade for some devices: fritz300e
• Add ar71xx - ath79 migration for wireless configuration of all ar93xx/qca95xx devices
• Add support for more devices in ath79: Ubiquiti Nanostation Loco M (XM & XW), Picostation M (XM)
• Add support for Luxul ABR-4500 and XBR-4500
• Fix CPU performance issues on ipq806x
• Re-enable images for D-Link DIR-645
• Various fixes and improvements for several devices: TP-Link TL-MR3020 v3, TL-WA801ND v5, TL-WR841N/ND v8, TL-WR842N v2, WDR3600/WDR4300, Mikrotik RB912UAG-5HPnD r2, Netis WF-2881

LuCI web interface

• uhttpd: improve reliability of HTTPS requests under heavy load (there was a deadlock leading to timeouts). There may remain residual issues.
• Fix support for the optional nginx integration
• Update translations from weblate

Core components

• Update Linux kernel from 4.14.167 to 4.14.171
• Update mac80211 for brcm to latest 5.6 backports

Regressions

• libubox regression: procd may fail to start or restart some services due to a regression in libubox (thread)

Known issues

• Transition to ath79: several devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: unstable Ethernet link with atheros switch on some ath79 devices (such as TL-WR841N): FS#2216, FS#2730
• LuCI web interface: some optional GUI packages crash with an error about missing “cbi.lua”, install the luci-compat package to fix these

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.1 — First Service Release · 31 January 2020

Main changes from OpenWrt 19.07.0

Only the main changes are listed below. See https://openwrt.org/releases/19.07/changelog-19.07.1 for the full changelog.

Security fixes

• Security Advisory 2020-01-31-1 - Opkg susceptible to MITM (CVE-2020-7982)
• Security Advisory 2020-01-31-2 - libubox tagged binary data JSON serialization vulnerability (CVE-2020-7248)
• Other security fixes

Bug fixes and improvements

• Fix 5 GHz Wi-Fi performance issue (FS#2679, FS#2563, FS#2682)
• Fix memory leak when using flow offload with lots of connections

Device support

• Fix ar71xx - ath79 sysupgrade for several devices: TL-MR3220 v1, TL-MR3420 v1, TL-WR2543 v1, TL-WR741ND v4, TL-WR841N/ND, UniFi AC Mesh, UniFi AC Mesh Pro, UniFi AC Pro
• Add support for more devices in ath79: TP-Link CPE220 v3, TL-WR841N/ND v10 and v12
• Various fixes and improvements for several devices: Ubiquiti Rocket M Titanium, Netgear WN2500RP v1, Zyxel NSA325, Netgear WNR3500 V2, Archer C6 v2, Ubiquiti EdgeRouter-X, Archer C20 v4, Archer C50 v4 Archer MR200, TL-WA801ND v5, HiWiFi HC5962, Xiaomi Mi Router 3 Pro, Netgear R6350

LuCI web interface

• Firewall: add support for configuring SNAT and MASQUERADE rules
• Fix detection of VLAN and switch configuration for some devices
• Update translations from weblate

Core components

• Update Linux kernel from 4.14.162 to 4.14.167
• Update mac80211 from 4.19.85 to 4.19.98
• Update https://openwrt.org/releases/19.07/docs/techref/procd to 2020-01-24
• Update https://openwrt.org/releases/19.07/docs/techref/libubox to 2020-01-20
• Update ucert to 2019-12-19
• Update opkg to 2020-01-25

Known issues

• Transition to ath79: several devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: unstable Ethernet link with atheros switch on some ath79 devices (such as TL-WR841N): FS#2216, FS#2730
• LuCI web interface: some optional GUI packages crash with an error about missing “cbi.lua”, install the luci-compat package to fix these
• LuCI web interface: broken support for the nginx variant (not installed by default): #10134, #11197

See also: active bug reports for openwrt-19.07

Highlights in OpenWrt 19.07

OpenWrt 19.07.0 — First Stable Release · 6 January 2020

Highlights in OpenWrt 19.07

With the 19.07 major release, the OpenWrt project brings all supported targets back to a single common kernel version and further refines and broadens existing device support. It also introduces a new ath79 target and brings support for WPA3.

Target transition from ar71xx to ath79

The 19.07 major release provides initial support for the new ath79 target, the future device tree based successor of the popular ar71xx target. For 19.07, both targets are still built, but it is recommended to switch to the ath79 target whenever possible: future releases of OpenWrt will drop support for the ar71xx target. See the ath79 technical reference for rationale about the transition.

To perform the upgrade, please follow the instructions from Upgrading from ar71xx to ath79. Functionality for a given device should be equivalent between the two targets: if this is not the case, please report the issue and revert back to ar71xx if needed.

WPA3 support

The 19.07 major release brings initial support for WPA3. However, WPA3 is not enabled by default and requires installing specific packages: to run WPA3 as an access point, hostapd-openssl is needed. For use as a Wi-Fi station, you need either wpa-supplicant-openssl (station support only) or wpad-openssl (AP + station). Due to their large size, these packages are not installed by default, and it is impossible to install them on devices with less than 8MB flash.

It should also be noted that many existing client devices will never support WPA3, and that there are client devices that support WPA2 but cannot connect to an AP configured with WPA2+WPA3 mixed mode. Please only file bugs if you are sure the problem is not client related.

To configure your device as a WPA3 access point, see https://openwrt.org/releases/19.07/docs/guide-user/network/wifi/basic#wpa_modes

Client-side rendering of the LuCI web interface

The new version of LuCI, the integrated web interface for OpenWrt, implements client-side rendering of views. This improves performance by offloading some work that was done on the device (Lua code) to the client browser (Javascript code)

The LuCI ecosystem is large, and not all LuCI apps have been adapted to this change, which may result in crashes involving cbi.lua. In that case, install the luci-compat package.

If LuCI is loading slowly, consider installing uhttpd-mod-ubus, close and reopen the browser tab to start a new LuCI session.

With this step, Lua usage in LuCI is reduced and LuCI effectively comes closer to the goals of the experimental LuCI2 without having to rewrite everything from scratch.

Known issues

Here is a selection of known issues with 19.07.0:

• Sysupgrade from ar71xx to ath79 and vice versa is not officially supported and will not work on all devices, please see Upgrading from ar71xx to ath79.
• Several devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future 19.07.X releases is very welcome.
• Images for some device became too big to support a persistent overlay, causing such models to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Some optional GUI packages crash with an error about missing “cbi.lua”, install the luci-compat package to fix these
• Possible Wi-Fi performance issues on 5 GHz. If you encounter such an issue, please see existing bug reports (FS#2679, FS#2563, FS#2682) or file a new bug report against openwrt-19.07. Please make sure the issue is not caused by WPA3. If you are using WPA3 and run into problems, revert to the encryption settings you used before upgrading to 19.07.
• Unstable Ethernet link with atheros switch on some ath79 devices (such as TL-WR841N): FS#2216, FS#2730

Other potential issues can be found in the bug reports.

Main changes in OpenWrt 19.07.0

The main changes in this release since the previous OpenWrt 18.06 version are:

• Updated toolchain:
  • musl libc 1.1.24
  • uClibc-ng 1.0.31
  • glibc 2.27
  • gcc 7.5.0
  • binutils 2.31.1
• Updated Linux kernel
  • 4.14.162 for all targets
  • Flow offloading bugfixes
• Network userland:
  • hostapd 2.9, dnsmasq 2.80, dropbear 2019.78
  • Fixes in network and wireless configuration handling
  • Bugfixes in DHCPv6 client and server
  • WPA3 configuration support
    • Install wpad-openssl for WPA3 support
    • Documentation: https://openwrt.org/releases/19.07/docs/guide-user/network/wifi/basic#wpa_modes
• System userland:
  • busybox 1.30.1
  • Sysupgrade support for backup and upgrade capability checks
  • Contains urngd, non-physical true random number generator daemon based on timing jitter
  • Bugfixes in the process manager, system message bus, embedded web server and the configuration management library
• Platform and Driver Support
  • Dropped adm5120, adm8668, ar7, au1000, ixp4xx, mcs814x, omap24xx, ppc40x, ppc44x and xburst target
  • New ath79 target that will replace the popular ar71xx target
  • Updates and new device support across all targets
• LuCI web interface:
  • Client side rendering of views for improved performance
  • Security fixes

A full list of all changes and security fixes is available in the detailed changelog.

As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.

OpenWrt 19.07.0-rc2 — Second Release Candidate · 30 November 2019

OpenWrt 19.07.0-rc1 — First Release Candidate · 6 November 2019