OpenWrt 19.07.9 - Service Release - 25 February 2022

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 19.07.9, r11405-2a3558b0de
 -----------------------------------------------------

The OpenWrt community is proud to announce the newest service release of OpenWrt 19.07. It fixes security issues, improves device support, and brings a few bug fixes.

The OpenWrt project is a Linux operating system targeting embedded devices. It is a complete replacement for the vendor-supplied firmware of a wide range of wireless routers and non-network devices. See the Table of Hardware for supported devices. For more information about OpenWrt project organization, see the About OpenWrt pages.

Get OpenWrt firmware images at: https://downloads.openwrt.ifw.cn/releases/ or use the firmware selector at: https://firmware-selector.openwrt.ifw.cn/

On February 9th 2022, OpenWrt switched to https://github.com/openwrt/openwrt/issues/ for bug tracking.

All bugs have been migrated, and the old service https://bugs.openwrt.ifw.cn will be made read-only or decommissioned.

We have a new tool, the Firmware Selector, that makes it easy to find the appropriate firmware image for your device.

Try it at: https://firmware-selector.openwrt.ifw.cn/

Feedback is welcome on the dedicated forum thread.

Do you want to be informed about important changes such as new releases and security fixes?

We have a new mailing list for this, as well as RSS options: see Important changes and announcements.

Only the main changes are listed below. See changelog-19.07.9 for the full changelog.

  • hostapd: Apply SAE/EAP-pwd side-channel attack update 2 (CVE-2022-23303, CVE-2022-23304)
  • mbedtls: Update to version 2.16.12 to fix CVE-2021-44732
  • tcpdump: fix CVE-2018-16301
  • openssl: fix SM2 Decryption Buffer Overflow (CVE-2021-3711) and Read buffer overruns processing ASN.1 strings (CVE-2021-3712)

No major bug fixes in this release

  • uboot-lantiq: danube: fix hanging lzma kernel uncompression
  • ar71xx: mikrotik: rb91x: fix 10M ethernet link speed
  • Update wireless-regdb to account for new regulatory rules (6 GHz, 60 GHz, and various other fixes)
  • sdk: fix missing include directories
  • Various fixes when building with GCC 10

See addressed_bugs for a complete list of bug fixes.

  • Update Linux kernel from 4.14.241 to 4.14.267
  • Update mac80211 from 4.19.193-1 to 4.19.221-1
  • Update openssl from 1.1.1k to 1.1.1m
  • Update mbedtls from 2.16.10 to 2.16.12
  • at91 images are not created any more because the build needs Python.h which is not installed on the build bots.
    • To fix this issue export the missing environmental variable before using the ImageBuilder: export SOURCE_DATE_EPOCH=1
  • Transition to ath79: some devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
  • Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
  • Device support: conversely, certain images for devices with small flash (4 MB) are no longer built for the release

See also: active bug reports for openwrt-19.07

Upgrading from previous OpenWrt 19.07 versions is straightforward thanks to the sysupgrade utility: sysupgrade from web interface or sysupgrade from command-line.

An upgrade from OpenWrt 18.06 to OpenWrt 19.07 is supported in many cases, including preserving configuration. A configuration backup is advised nonetheless when upgrading from OpenWrt 18.06.

With the 19.07 major release, the OpenWrt project brings all supported targets back to a single common kernel version and further refines and broadens existing device support. It also introduces a new ath79 target and brings support for WPA3.

The 19.07 major release provides initial support for the new ath79 target, the future device tree based successor of the popular ar71xx target. For 19.07, both targets are still built, but it is recommended to switch to the ath79 target whenever possible: future releases of OpenWrt will drop support for the ar71xx target. See the ath79 technical reference for rationale about the transition.

To perform the upgrade, please follow the instructions from Upgrading from ar71xx to ath79. Functionality for a given device should be equivalent between the two targets: if this is not the case, please report the issue and revert back to ar71xx if needed.

The 19.07 major release brings initial support for WPA3. However, WPA3 is not enabled by default and requires installing specific packages: to run WPA3 as an access point, hostapd-openssl is needed. For use as a Wi-Fi station, you need either wpa-supplicant-openssl (station support only) or wpad-openssl (AP + station). Due to their large size, these packages are not installed by default, and it is impossible to install them on devices with less than 8MB flash.

It should also be noted that many existing client devices will never support WPA3, and that there are client devices that support WPA2 but cannot connect to an AP configured with WPA2+WPA3 mixed mode. Please only file bugs if you are sure the problem is not client related.

To configure your device as a WPA3 access point, see wpa_modes

The new version of LuCI, the integrated web interface for OpenWrt, implements client-side rendering of views. This improves performance by offloading some work that was done on the device (Lua code) to the client browser (Javascript code)

The LuCI ecosystem is large, and not all LuCI apps have been adapted to this change, which may result in crashes involving cbi.lua. In that case, install the luci-compat package.

If LuCI is loading slowly, consider installing uhttpd-mod-ubus, close and reopen the browser tab to start a new LuCI session.

With this step, Lua usage in LuCI is reduced and LuCI effectively comes closer to the goals of the experimental LuCI2 without having to rewrite everything from scratch.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2022/03/03 09:30
  • by aparcar