Firmware Update: OpenWrt 19.07.5

A fifth update for version 19.07 of OpenWrt has been released. OpenWrt is an alternative open source firmware for a large number various routers and embedded devices. By means of the opkg package management system there is the possibility to determine for yourself what the router can and cannot do. Also on GoT there are several people actively working on it, see this topic. You can simply update the version with sysupgrade from the web interface. The main improvements made in this release are listed below.

Main changes from OpenWrt 19.07.4

Only the main changes are listed below. see changelog-19.07.5 for the full changelog.

Security fixes

• Security Advisory 2020-12-09-2 – libuci import heap use after free (CVE-2020-28951)
• Security Advisory 2020-12-09-1 – Linux kernel – ICMP rate limiting can be used to facilitate DNS poisoning attack (CVE-2020-25705)
• musl: fix possible destination buffer overflow in some applications (CVE-2020-28928)
• Various security fixes in packages

Note: security fixes for most packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface. Nevertheless, we encourage all users to upgrade their devices to OpenWrt 19.07.5 or later versions whenever possible.

Major bug fixes

• Fix regression in 19.07.4 causing transmit timeout and packet loss on mt7620 devices: FS#3332
• Fix regression in 19.07.4 where VLAN tagging no longer works on ipq40xx devices: FS#3239
• Fix long-standing stability issue on Ethernet link on several ath79 devices: FS#2216, FS#2730, FS#3225

Device support

• Various fixes for My Net Range Extender, PowerCloud Systems CAP324, D-Link DIR-645, Quad-E4G
• Support newer version of Turris Omnia
• Fix ath9k firmware extraction for UniFi AP
• Fix MAC address assignment on UniFi AC family (UniFi AC Mesh, UniFi AC LR, UniFi Lite)
• Allow booting espressobin with a mainline firmware

Various fixes and improvements

• Fix support for 3G USB modems
• uhttpd: fix spurious keepalive connection timeouts
• firewall: fix parsing or boolean attributes
• mac80211: do not allow bigger VHT MPDUs than the hardware supports

see addressed_bugs for a complete list of bug fixes.

LuCI web interface

• Set the fallback default of rollback timeout to 90s
• luci-app-firewall: fix removing networks from zone (GH#4523, GH#4573)
• rpcd-mod-luci: handle lease files from all dnsmasq/odhcpd sections (GH#911, GH#4303, GH#4308)
• luci-app-firewall: rules: add ICMPv6 Packet Too Big (Type 2)
• Update translations from website
• Several additional bug fixes and improvements

Core components

• Update Linux kernel from 4.14.195 to 4.14.209
• Update intel microcode from 20190918 to 2020616
• Update amd microcode from 20180524 to 20191218

Regressions

No regression known so far.

Known issues

• Transition to ath79: some devices that are supported in ar71xx are not yet supported in ath79: this is a community effort. Helping to port devices to ath79 to make them available in future releases is very welcome.
• Device support: images for some device became too big to support a persistent overlay, causing such devices to lose configuration after a reboot. If you experience this problem, please report the affected device in the forum and consider downgrading to OpenWrt 18.06 or using the Image Builder to pack a smaller custom image
• Device support: conversely, certain images for devices with small flash (4 MB) are no longer built for the release