Using OpenWrt 19.07.7 what are benefits and pitfalls of upgrading?

Title says it all, I am Using OpenWrt 19.07.7, what are benefits and pitfalls of upgrading?

The benefit is that you will get a version that is actually supported, i.e. security holes in which will be patched. In 19.07.7, there are known holes in WiFi drivers, exploitable over the air, and they won't be fixed.

On the other hand, newer versions are slower.

Why will these not be fixed?

Can these be patched while remaining in 19.07.7?

This was one of my concerns which is why I hate upgrading anything, software developers should always be given the slowest device on the planet!

Is it slower to use as as router or slower to run UI?

I mostly run on an R7800

Why will these not be fixed?

Developer decision to stop supporting and fixing old versions.

Can these be patched while remaining in 19.07.7?

No. Only by somebody finding the fixes, adapting them to the old version (which is increasingly hard as the "backport distance" becomes larger), and recompiling everything from source. Developers decided that they won't do this, because versions 21.02 and 22.03 exist, and they are supported. You can hire somebody to do this for you unofficially (and that's possible only due to the project being open-source) - but that's expensive.

Is it slower to use as as router or slower to run UI?

Slower as a router.

Thanks, so best to run on 21.02 to remain supported, are there any issues with that?

Any idea why when I try to make another post I get 404 error?

Thanks, so best to run on 21.02 to remain supported, are there any issues with that?

I would say, try both 21.02 and 22.03 versions. There were some WiFi latency optimizations that went into 22.03, but it also comes with a new implementation of the firewall, and not every package has been adapted. Although installing iptables-nft and ip6tables-nft on 22.03 is enough to fix what I use.

Apart from the ones in binary blobs (which OpenWrt cannot patch themselves), which ones are you referring to? 19.07 isn't affected by the recent CVEs which saw patches in 21.02 and 22.03. It appears those only affect kernel 5.1 and up.

OK, sorry then - I assumed that the WiFi CVEs apply farther in the past than they really do.

Still, there is CVE-2022-39173 (WolfSSL bug) that is not mentioned.

1 Like

19.07 is officially EOL, especially with a powerful device like the R7800 there's no reason to not run the latest stable release.

Does anyone know why I get this error if I try to create a new post?

404 error

So just to be clear, 19.07.7 is not affected by recent issues with LATER versions but is affected by something called WolfSSL that I do not have installed and if I did the way to fix if is on this page:

and if I keep my current install it will be faster than if I upgrade to the later versions.

Well... no.

First of all, please double-check whether you have WolfSSL installed. It is not something that a user would install directly, but something that is installed automatically as a mandatory dependency of other packages.

opkg list-installed '*wolfssl*'

Second, the instructions how to update it using the command line work only if the updated WolfSSL is available in the repository for your OpenWRT version. There is a separate package repository for each OpenWRT version. I have checked, and the timestamp of various packages related to WolfSSL in https://downloads.openwrt.org/releases/packages-19.07/aarch64_cortex-a53/base/ is Sun May 8 07:23:08 2022, which indicates that none of them has the fix - so the manual fix instructions cannot work.

Thanks, don't have it installed but I will keep an eye out and check if it arrives covertly via another addition although unlikely as I am pretty much happy with the install.

I still have this 404 error when I try to make a new post on this forum

404 error