OpenWrt 19.07.10 service release

Release and security announcements
1

Hi,

The OpenWrt community is proud to announce the newest service release of OpenWrt 19.07. It fixes security issues, improves device support, and brings a few bug fixes.

:warning: OpenWrt 19.07.10 is the final release of the 19.07 release branch, this branch is now end of life and we will not fix problems on this branch any more, not even severe security problems. We encourage all users still using OpenWrt 19.07 to upgrade to OpenWrt 21.02 or more recent OpenWrt versions.

Download firmware images via the Firmware Selector or directly from our download servers:

The main changes from OpenWrt 19.07.9 are:

Security fixes

  • wolfssl: Fix multiple security problems (CVE-2022-25638, CVE-2022-25640)
  • openssl: Fix security problem (CVE-2022-0778)
  • zlib: Backport security fix for a reproducible crash in compressor

Device support

  • OCEDO Raccoon: Fix link for long cables with
  • MikroTik wAP: Fix device detection

Various fixes and improvements

  • imagebuilder: Fix broken image generation with external targets
  • imagebuilder: Fix partition signature
  • patchelf: Backport fix for rpath endianness
  • base-files: Call “sync” after initial setup
  • ubus: backport Fixes for UAF and other issues

Core components

  • Update Linux kernel from 4.14.167 to 4.14.275
  • Update mac80211 from 4.19.221-1 to 4.19.237-1
  • Update openssl from 1.1.1m to 1.1.1n
  • Update wolfssl from 4.7.0 to 5.2.0

Regressions

  • at91 images are not created any more because the build needs Python.h which is not installed on the build bots.
    • To fix this issue export the missing environmental variable before using the ImageBuilder: export SOURCE_DATE_EPOCH=1
  • oxnas/ox820 images are not created any more because of a build problem

Full release notes and upgrade instructions are available at
https://openwrt.org/releases/19.07/notes-19.07.10

In particular, make sure to read the regressions and known issues before upgrading:
https://openwrt.org/releases/19.07/notes-19.07.10#regressions

For a very detailed list of all changes since 19.07.9, refer to
https://openwrt.org/releases/19.07/changelog-19.07.10

For latest information about the 19.07 series, refer to the wiki at:
https://openwrt.org/releases/19.07/

To download a OpenWrt 19.07.10 firmware image for your device, head to the Table of Hardware:
https://openwrt.org/toh/start

Or use the new firmware selector:
https://firmware-selector.openwrt.org/

You can also navigate directly in the list of firmware images:
https://downloads.openwrt.org/releases/19.07.10/targets/

As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters.

Have fun!

The OpenWrt Community

To stay informed of new OpenWrt releases and security advisories, there are new channels available:

5 Likes
3

Updating my WRT3200ACM soon

4

Many thanks for this release.
Upgraded Archer A7v5 successfully.

5

Thanks update/preform reset on my MikroTik

Summary

openwrt-19.07.10-ar71xx-mikrotik-rb-nor-flash-16M-squashfs-sysupgrade.bin
Hostname Dachshund
Model MikroTik RouterBOARD 951Ui-2nD
Architecture Qualcomm Atheros QCA9533 ver 2 rev 0
Firmware Version OpenWrt 19.07.10 r11427-9ce6aa9d8d / LuCI openwrt-19.07 branch git-22.099.58928-786ebc9
Kernel Version 4.14.275

6

Sorry, I am curious.

Why people use 19.07.10 instead of 21.02.3?

All my devices run on 21.02.3, I not know the reason why I should use 19.07.10

7

Some probably want to avoid the change from swconfig to DSA a while longer.

8

@Naftali
Only ar71xx vs ath79 support, or flash size restriction?

9

Because for some of us 21.02 just does not work (believe me i tried for days). I have a Linksys WRT1900ACS and because the wifi drivers are no longer supported so 19.07 is the best option as it just works.

2 Likes
10

I am also staying on 19 for my WRT3200ACM.

11

I heard they fixed the problem in previous version of 21.02.

12

It was 21.02.2 I was fighting with. I tried for days, every suggestion I could find. In the end 19.07 just worked no issues. Really hesitant to try 21.02.3 as it is all running so well. But no more security updates now is concerning

13

For me, it's to avoid

Known issues

  • Some IPv6 packets are dropped when software flow offloading is used: FS#3373

    • As a workaround, do not activate software flow offloading, it is deactivate by default.

And I'm not installing an RC1 on my home router.

14

Hopefully this may soon be resolved:

1 Like
15

Because many targets were dropped with the release of 21.02.

I call a bunch of devices my own that just "stuck" on 19.07 and don't got a image for 21.02 - encouraging is nice but does sadly not help in this case.

I'm not sure if there is any statistic but I guess many devices lost support between 19.07 and 21.02 (I guess all devices with only 4MB of flash and all devices with 16MB - maybe even 32MB of RAM)?

16

32mb RAM is the sticking point, I've got dozens of perfectly decent devices with the ram limitation.

8 mikrotik rb941
2 mikrotik rb750up
Tplink wr703n

I'm hoping ath79 tiny will give something to work with

1 Like
17

Indeed. I have bunch of ramips (rt305x) warriors which are 4/32 and they just go strong. Sometimes I have the feeling they are more robust than other devices with 8/128 I call my own.

Just lifted some of them to 19.07.10 (with the typical Saving firmware space and RAM tricks) and they are rock solid.

Even-though 19.07 is EOL I find it somewhat sad to read this very line here:

as it wouldn't hurt to say something like that instead:

we might fix severe security problems in the future - but absolutely no guarantee on that.

Because the only solution presented:

just doesn't work for most of the people when they are forced to stick with the (for them) newest version 19.x because there devices never got any newer release. :frowning:

I know that openwrt isn't in charge at all for the devices - and many lived already much longer than the manufactures supported them just because of openwrt - but still just indirectly suggesting dumping :put_litter_in_its_place: (hardware wise) perfect working devices is just very sad...

18

It is a free software project. If there’s enough interest and need you could consider founding your own „OpenWrt longterm support“ project which carries 19.07 forward for selected targets.

1 Like
19

@MangoMan there is also this thread https://forum.openwrt.org/t/openwrt-21-02-x-ath79-tiny-luci/
I can help compile some similar builds for you to test as dont have any rt305x devices left. Just let me know

1 Like
20

Sure - I'm happy to test any build! As target the wr512-3g-4M would be probably the best because it has serial pins broken out (pin headers soldered already) and I just need to open the device (nothing clipped but just 4 good old screws :screwdriver:) to get access.

This device might be interesting also because of the fact (for some reason) it has less usable space available compared to it's "siblings" (like a mpr-a1 with the same soc,ram and flash size) and was already "discard" from the official 19.07 builds while still available in the image builder.

I build with this recipe :cook:

make image PROFILE="wr512-3gn-4M" PACKAGES="base-files busybox dnsmasq dropbear firewall fstools ip6tables iptables kmod-gpio-button-hotplug kmod-gpio-button-hotplug kmod-ipt-offload kmod-leds-gpio kmod-leds-gpio kmod-ledtrig-netdev kmod-rt2800-soc kmod-usb-core kmod-usb-ohci kmod-usb2 libc libgcc logd mtd netifd odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe swconfig swconfig uci uclient-fetch urandom-seed urngd wpad-mini -ppp -ppp-mod-pppoe -ip6tables -odhcp6c -kmod-ip6tables -odhcpd-ipv6only -iptables uhttpd uhttpd-mod-ubus libiwinfo-lua luci-base luci-app-firewall luci-mod-admin-full luci-theme-bootstrap"

and got a working build with 3670255 bytes out of it which is (important!) able to save settings. :muscle:

In case it matters this device has 1 ethernet port and 1 usb port beside featuring two buttons :control_knobs: and the sane amount of 8 leds :vertical_traffic_light: