OpenWrt v19.07.7 released: Linux operating system targeting embedded devices

The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned. In 2016, the LEDE project was founded as a spin-off of the OpenWrt project and shared many of the same goals. The project aimed at building an embedded Linux distribution that makes it easy for developers, system administrators or other Linux enthusiasts to build and customize software for embedded devices, especially wireless routers. The name LEDE stood for Linux Embedded Development Environment.

People install LEDE because they believe it works better than the stock firmware from their vendor. They find it is more stable, offers more features, is more secure and has better support.

• Extensibility: LEDE provides many capabilities found only in high-end devices. Its 3000+ application packages are standardized, so you can easily replicate the same setup on any supported device, including two (or even five) year old routers. More…

• Security: LEDE’s standard installation is secure by default, with Wi-Fi disabled, no poor passwords or backdoors. LEDE’s software components are kept up-to-date, so vulnerabilities get closed shortly after they are discovered. More…

• Performance and Stability: LEDE firmware is made of standardized modules used in all supported devices. This means each module will likely receive more testing and bug fixing than stock firmware which can be tweaked for each product line and never touched again. More…

• Strong Community Support: LEDE team members are regular participants on the LEDE Forum, LEDE Developer and LEDE Admin mailing lists, and LEDE’s IRC channels. You can interact directly with developers, volunteers managing the software modules and with other long-time LEDE users, drastically increasing the chances you will solve the issue at hand. More…

• Research: Many teams use LEDE as a platform for their research into network performance. This means that the improvements of their successful experiments will be available in LEDE first, well before it gets incorporated into mainline, vendor firmware. More…

• Open Source/No additional cost: LEDE is provided without any monetary cost. It has been entirely created by a team of volunteers: developers and maintainers, individuals and companies. If you enjoy using LEDE, consider contributing some effort to help us improve it for others! All of the above is possible because LEDE is part of the Open Source community, and powered by the Linux kernel. Get the source code…

openwrt v19.07.7 release.

Changelog

Security fixes

• Security Advisory 2021-02-02-1 – netifd and odhcp6c routing loop on IPv6 point to point links (CVE-2021-22161)
• Security Advisory 2021-02-02-2 – wolfSSL heap buffer overflow in RsaPad_PSS (CVE-2020-36177)
• Various security fixes in packages

Note: security fixes for most packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.

Nevertheless, we encourage all users to upgrade their devices to OpenWrt 19.07.7 or later versions whenever possible.

Major bug fixes

• Fix dnsmasq error messages such as failed to send packet: Network unreachable or failed to send packet: Address family not supported by protocol that could be filling up logs. This was a regression caused by the dnsmasq update in 19.07.6.
• Fix opkg so that it purges obsolete packages from its local cache. This fixes a long-standing issue in the ImageBuilder where a manual cleanup was needed before rebuilding: FS#2690

Device support

• Improve stability of mediatek Ethernet switch (affects many mt7621 devices): FS#2628
• Fix Wi-Fi band detection on some Broadcom-based devices
• Fix poor 2.4 GHz Wi-Fi performance on TP-Link Archer C50 v4 due to a missing EEPROM chip ID: FS#2781
• Make initramfs image usable out-of-the-box on Turris Omnia
• Use full flash size on Nucom R5010UN v2
• Fix support for TP-Link TL-WR810N v1 in ath79: FS#3522
• Remove broken factory image for TP-Link Archer C2 v1
• Fix unintended failsafe mode during boot on Netgear EX6150: FS#3590

Various fixes and improvements

• The ImageBuilder no longer requires compilers (gcc, g++) and libncurses-dev. This was partially implemented in 19.07.6 but one part was missing to make it actually work.
• Update to a new major version of ksmbd to fix several bugs. This breaks compatibility with previous versions of OpenWrt (19.07.0 to 19.07.6): it is no longer possible to install a working version of ksmbd-tools on previous versions of OpenWrt. Existing installations will keep working, but ksmbd-tools should not be upgraded with opkg. PR#14647

See addressed_bugs for a complete list of bug fixes.

LuCI web interface

• Fix array sorting on Chrome: GH#4792
• Add nextdns.io and quad 101 providers to luci-app-https-dns-proxy package
• Update translations from weblate
• Several additional bug fixes and improvements

Core components

• Update Linux kernel from 4.14.215 to 4.14.221
• Update wolfssl from 4.5.0 to 4.6.0

Regressions

• kmod-fs-ksmbd has a dependency to the not existing package kmod-crypto-arc4. Installing kmod-fs-ksmbd returns this:

   * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-fs-ksmbd:
   * 	kmod-crypto-arc4
   * opkg_install_cmd: Cannot install package kmod-fs-ksmbd.

  • Run this to force the installation: GH#14771

    opkg install --force-depends kmod-fs-ksmbd

    to force the installation.

Download