diff --git a/modules b/modules
index 2ed26f02..0b535a55 100644
--- a/modules
+++ b/modules
@@ -6,7 +6,7 @@ OPENWRT_COMMIT=29b4104d69bf91db17764dd885e9e111a373f08c
 
 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git
 PACKAGES_PACKAGES_BRANCH=openwrt-19.07
-PACKAGES_PACKAGES_COMMIT=03425a0d2f5967639d15a3ef1f0407859768917d
+PACKAGES_PACKAGES_COMMIT=a2673dc53c4689798c1d70d7342cb3efadb0af74
 
 PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git
 PACKAGES_ROUTING_BRANCH=openwrt-19.07
diff --git a/patches/packages/packages/0001-fastd-update-to-v19.patch b/patches/packages/packages/0001-fastd-update-to-v19.patch
index b478e8e1..d572dee0 100644
--- a/patches/packages/packages/0001-fastd-update-to-v19.patch
+++ b/patches/packages/packages/0001-fastd-update-to-v19.patch
@@ -27,7 +27,7 @@ index 3350eb3099a26c870d70373c0712a8b59881ee5c..e6440075e561093c86543943cb982d01
  config FASTD_ENABLE_CIPHER_NULL
  	bool "Enable the null cipher"
 diff --git a/net/fastd/Makefile b/net/fastd/Makefile
-index 44b37b6ca300ba43f15d7a116fb654ccd0a69e99..8eabc34db6f3b906ddb1b5df5c232309e85d2ffb 100644
+index f4890b56931a75849229d25fe78720e19d493383..8eabc34db6f3b906ddb1b5df5c232309e85d2ffb 100644
 --- a/net/fastd/Makefile
 +++ b/net/fastd/Makefile
 @@ -8,13 +8,13 @@
@@ -35,7 +35,7 @@ index 44b37b6ca300ba43f15d7a116fb654ccd0a69e99..8eabc34db6f3b906ddb1b5df5c232309
  
  PKG_NAME:=fastd
 -PKG_VERSION:=18
--PKG_RELEASE:=4
+-PKG_RELEASE:=5
 +PKG_VERSION:=19
 +PKG_RELEASE:=1
  
@@ -163,3 +163,51 @@ index b576a987369e93f3cd14fbc83f3c4bffe5cc97d1..00000000000000000000000000000000
 --- 
 -2.23.0
 -
+diff --git a/net/fastd/patches/0003-receive-fix-buffer-leak-when-receiving-invalid-packe.patch b/net/fastd/patches/0003-receive-fix-buffer-leak-when-receiving-invalid-packe.patch
+deleted file mode 100644
+index b67a85c4e4f8ca1ef72d3216afa1ad4e9370cd02..0000000000000000000000000000000000000000
+--- a/net/fastd/patches/0003-receive-fix-buffer-leak-when-receiving-invalid-packe.patch
++++ /dev/null
+@@ -1,42 +0,0 @@
+-From f6a2651fa91c472d04cb34264718f761669c8aa1 Mon Sep 17 00:00:00 2001
+-Message-Id: <f6a2651fa91c472d04cb34264718f761669c8aa1.1603136280.git.mschiffer@universe-factory.net>
+-From: Matthias Schiffer <mschiffer@universe-factory.net>
+-Date: Mon, 19 Oct 2020 21:08:16 +0200
+-Subject: [PATCH] receive: fix buffer leak when receiving invalid packets
+-
+-For fastd versions before v20, this was just a memory leak (which could
+-still be used for DoS, as it's remotely triggerable). With the new
+-buffer management of fastd v20, this will trigger an assertion failure
+-instead as soon as the buffer pool is empty.
+-
+-(cherry picked from commit 737925113363b6130879729cdff9ccc46c33eaea)
+----
+- src/receive.c | 10 ++++++++++
+- 1 file changed, 10 insertions(+)
+-
+---- a/src/receive.c
+-+++ b/src/receive.c
+-@@ -186,6 +186,11 @@ static inline void handle_socket_receive
+- 
+- 	case PACKET_HANDSHAKE:
+- 		fastd_handshake_handle(sock, local_addr, remote_addr, peer, buffer);
+-+		break;
+-+
+-+	default:
+-+		fastd_buffer_free(buffer);
+-+		pr_debug("received packet with invalid type from %P[%I]", peer, remote_addr);
+- 	}
+- }
+- 
+-@@ -211,6 +216,11 @@ static inline void handle_socket_receive
+- 
+- 	case PACKET_HANDSHAKE:
+- 		fastd_handshake_handle(sock, local_addr, remote_addr, NULL, buffer);
+-+		break;
+-+
+-+	default:
+-+		fastd_buffer_free(buffer);
+-+		pr_debug("received packet with invalid type from unknown address %I", remote_addr);
+- 	}
+- }
+- 
diff --git a/patches/packages/packages/0003-fastd-update-to-v21.patch b/patches/packages/packages/0003-fastd-update-to-v21.patch
new file mode 100644
index 00000000..67df745b
--- /dev/null
+++ b/patches/packages/packages/0003-fastd-update-to-v21.patch
@@ -0,0 +1,25 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Mon, 19 Oct 2020 21:52:43 +0200
+Subject: fastd: update to v21
+
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
+
+diff --git a/net/fastd/Makefile b/net/fastd/Makefile
+index 4645b290d1e49330f79b035d2b66d2b6d1c17604..c7ab056a9ae005a75a75911658607e64d6228aac 100644
+--- a/net/fastd/Makefile
++++ b/net/fastd/Makefile
+@@ -8,12 +8,12 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=fastd
+-PKG_VERSION:=20
++PKG_VERSION:=21
+ 
+ PKG_MAINTAINER:=Matthias Schiffer <mschiffer@universe-factory.net>
+ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+ PKG_SOURCE_URL:=https://github.com/NeoRaider/fastd/releases/download/v$(PKG_VERSION)
+-PKG_HASH:=56cab8639218d63237d9a5508fb2bf6fa637374d53fb7fa55b7e92e4d4dfeb00
++PKG_HASH:=942f33bcd794bcb8e19da4c30c875bdfd4d0f1c24ec4dcdf51237791bbfb0d4c
+ 
+ PKG_LICENSE:=BSD-2-Clause
+ PKG_LICENSE_FILES:=COPYRIGHT