forked from RMerl/asuswrt-merlin
-
Notifications
You must be signed in to change notification settings - Fork 37
/
Changelog.txt
2678 lines (2196 loc) · 134 KB
/
Changelog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Source: https://github.com/john9527/asuswrt-merlin : branch 374.43_2-update
NOTE: [*] Indicated fork unique change
Changelog
---------
374.43_52E7j9527 (19-December-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: nettle: update to 3.7.3
* CHANGED: curl: update to 7.79.1
* CHANGED: make: enable additional ipv6 conntrack modules (MIPS)
* CHANGED: kernel: enable additional ipv6 modules (MIPS)
* CHANGED: qos: cannot support ipv6 qos on mips
* FIXED: firewall: initialize all protection server rule chains
* FIXED: shared: unlink parent leases if ext data option disabled
* FIXED: iptables: mips: fix output formatting of timestart/timestop rules
* FIXED: repo: add repo missing files
* FIXED: httpd: Enable POST/GET handling for **.js
374.43_52E3j9527 (20-October-2021) ARM SDK, MIPS,ARM KRACK
* FIXED: webui: fix ipv6 setup page error
374.43_52E2j9527 (18-October-2021) ARM SDK, MIPS,ARM KRACK
* NEW: webui: support openwrt-orion for enhanced ap data (webui)
* CHANGED: Revert "usb: wsdd: allow multiple listening interfaces via nvram"
* CHANGED: rndis_host: support Novatel Verizon USB730L (MIPS)
* CHANGED: rndis_host: support Novatel Verizon USB730L (ARM)
* CHANGED: webui: update jquery.xdomainajax.js to 1.0.0
* CHANGED: openvpn: update to 2.5.4
* FIXED: stubby: update open logfile with append; don't redirect stdout (reapply)
374.43_51D7j9527 (25-September-2021) ARM SDK, MIPS,ARM KRACK
* NEW: shared: support openwrt for enhanced ap data (function)
* CHANGED: dnsmasq: update to 2.86
* CHANGED: watchdog: change http check disable covers both http/httpd
* CHANGED: usb: wsdd: allow multiple listening interfaces via nvram
* FIXED: webui: remove orphan call to deprecated wan uptime function
* FIXED: webui: openvpn: set client off flag when resetting client
374.43_51D6j9527 (12-September-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: samba: only enable dns proxy w/wins if dnsmasq started
* CHANGED: webui: remove auto redirect to static routes from DHCP server page
* CHANGED: webui: webui: reboot all except ac68U when disabling native ipv6
* CHANGED: getdns: revert upstream Record and guard UDP max payload size with servers 6cb1593
* FIXED: services: dnsmasq: smbd_wins sets lan ipaddr insted of wildcard addr
* FIXED: services: dnsmasq: smbd_wins not used if url filter active
374.43_51D4j9527 (09-September-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: webui: add javascript jquery to wireless status
* CHANGED: webui: (backport) update dst start/stop data
* CHANGED: webui: fix hang when changing static routes
374.43_51E3j9527 (28-August-2021) ARM SDK, MIPS,ARM KRACK
* Equivalent to 51D3j9527
* CHANGED: Revert "nvram: nvram_get return static ptr instead of mmap ptr"
374.43_51D2j9527 (26-August-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: openssl11: update to 1.1.1l
* CHANGED: getdns/stubby: update to 1.7.0/0/4.0
* CHANGED: stubby fork customizations
* CHANGED: curl: update to 7.78.0
374.43_50DAj9527 (11-August-2021) ARM SDK, MIPS,ARM KRACK
* FIXED: webui: add jQuery.noConflict to wireless status page
* CHANGED: watchdog: shorten timeout for httpd_check
* CHANGED: ncurses: rename directory to sync with merlinng
* CHANGED: make: update nano/ncurses build recipes
* CHANGED: watchdog: remove FUNCTION refs from wireless/reboot syslogs
* CHANGED: Revert "make: remove bwdpi override for nf_conntrack_events"
374.43_50D9j9527 (1-August-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: watchdog: add nvram switch to disable auto restart
374.43_50E8j9527 (21-July-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: webui: improve method of getting dnsmasq leases in ap mode
* CHANGED: webui: get parent leases in ap mode via gui instead of inline
* CHANGED: networkmap: check local hosts file to resolve hostnames
374.43_50D7j9527 (10-July-2021) ARM SDK, MIPS,ARM KRACK
* NEW: webui: add tools option for get parent data in ap mode
* CHANGED: networkmap: get parent leases file when in ap mode
* CHANGED: shared: clear parent leases file before refresh
* CHANGED: avahi: (upstream) cleanup: ensure entries are dead for at least 1s
* CHANGED: webui: allow 64 chars for url filter
* CHANGED: dnsmasq: urlfilter: implement dns blocking for url filter
* CHANGED: firewall: urlfilter: add ipv6 support for url filter
374.43_50D3j9527 (25-June-2021) ARM SDK, MIPS,ARM KRACK
* NEW: mdns: samba: add option to broadcast sharing via avahi (arm only)
* NEW: webui: retrieve parent leases for wireless log in ap mode
* CHANGED: avahi: add required nogroup to group system file
* CHANGED: services: update start/stop_mdns in service functions
* CHANGED: openvpn: update to 2.5.3
* FIXED: wireless: show ap isolate status/link when in ap mode
374.43_50D1j9527 (19-June-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: watchdog: reboot scheduler set SIGTERM instead of linux reboot
* CHANGED: watchdog: add syslog for reboot scheduler events
* CHANGED: wireless: add syslog for radio scheduler events
* CHANGED: watchdog: ensure watchdog shut down during reboot
* CHANGED: ntp: optimize restart of dns services
* CHANGED: services: stubby: do not restart during reboot
* CHANGED: services: dnsmasq: check for reboot earlier during start
* CHANGED: services: remove unnecessary stop_dnscrypt/stubby from service functions
* FIXED: init: pass reboot global to sighandler via nvram
374.43_49D6j9527 (07-June-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: wl_arm: fragattack patches to wireless driver (ac68u)
* CHANGED: smb: make config compatible with avahi smb.service
374.43_49D5j9527 (28-May-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: webui: update chart.min.js to 2.9.4
* CHANGED: webui: (backport) allow OpenVPN CommonName up to 64 chars long for server clientlist
* CHANGED: nano: update to 5.7
* CHANGED: curl: update to 7.76.1
* CHANGED: webui: update ASUS ouiDB; add missing TP-LINK entries
* CHANGED: webui: cache ouiDB.js for faster response
* CHANGED: avahi: improve generated config
* FIXED: dnsmasq: (upstream) fix bug in TCP process handling
374.43_49E4j9527 (2-May-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: others: openvpn: improve script processing; add fix for server sequencing (eibgrad)
* CHANGED: openvpn: run update_vpnrouting as blocking script
* CHANGED: firewall: rate limit ipv6 ping when allow ping request disabled
* CHANGED: webui: add validator.js for merlin addon compatibility
* CHANGED: avahi: (user) don't conflict with self #309
* CHANGED: webui: change performance tuning labels to more accurate temperature refs
* CHANGED: openvpn: update to 2.5.2
* CHANGED: dnsmasq: update to 2.85
* CHANGED: nettle: update to 3.7.2
* FIXED: webui: limit samba workgroup name to 15 chars
374.43_48E7j9527 (1-April-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: others: (backport) update amtm to 3.1.9 rev5; increase curl timeout
* CHANGED: others: updown: automatically route private pushed vpn dns servers
* CHANGED: openssl11: asuswrt-merlin customization for 1.1.x
* CHANGED: make: clean up openssl11 recipe
* CHANGED: Revert "arm: (backport) performance optimization"
* CHANGED: rc: force restart stubby at first sync
* CHANGED: getdns: (upstream) only check for and process read/write events if status is success
* CHANGED: getdns: (upstream) build: fix exporting symbols for extension libraries
* CHANGED: getdns: (upstream) build: fix naming of extension libraries
* CHANGED: getdns: (upstream) Fix typo in cmakeconfig.h.in files
374.43_48D6j9527 (25-March-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: make: remove bwdpi override for nf_conntrack_events
* CHANGED: kernel: add additional conntrack/netlink modules
* CHANGED: openssl11: update to 1.1.1k
374.43_48D5j9527 (20-March-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: nano: update to 5.6.1
* CHANGED: ncurses: update to 6.0
* CHANGED: make: update ncurses build recipe
* CHANGED: others: add acme.sh uninstall script
* CHANGED: webui: update release and beta firmware links
* CHANGED: kernel: pppoe: (openwrt) only process PADT targeted at local interfaces
* CHANGED: services: increase wait time for ntpc start to 1min
374.43_48D4j9527 (14-March-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: nvram: nvram_get return static ptr instead of mmap ptr
* CHANGED: webui: add ipaddr and port to openvpn running status
* CHANGED: openssl: update CA bundle to 2021 March 9th version
* CHANGED: webui: update timezone data
* FIXED: webui: fix dst time zone setting
374.43_48D3j9527 (10-March-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: make: openssl: make openssl11 the cli default
* CHANGED: others: link getrealip to getextip for Merlin compatibility
* CHANGED: others: make getextip.sh pppoe aware
* CHANGED: openvpn: set vpn_client off state on stop_vpnclient
374.43_48E2j9527 (7-March-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: openvpn: update to 2.5.1
* CHANGED: others: do not refresh autov6 address for hosts not responding to ping
* CHANGED: others: add ip2cidr function to helper.sh
* CHANGED: firewall: move udp ctf bypass (fw_pt_stun) to mangle/prerouting chain
374.43_48E1j9527 (4-March-2021) ARM SDK, MIPS,ARM KRACK
* CHANGED: Revert "wl_arm: update wireless prebuilts for AC68U V3 support"
* CHANGED: Revert "rc: shared: add mainline support for AC68U V3"
* CHANGED: Revert "init: make sure RT68U V3 odmpid set"
374.43_47EBj9527 (1-March-2021) ARM SDK, MIPS,ARM KRACK, KROOK
* NEW: others: add acme.sh (letsencrypt) cli install
* CHANGED: openssl11: update to 1.1.1j
* CHANGED: openssl11: asuswrt-merlin customization for 1.1.x
* CHANGED: make: update openssl11 and openvpn build recipes
* CHANGED: build: updates for socat cross compile
* CHANGED: socat: add release 1.7.4.1
* CHANGED: rc: cstats: eliminate waits based on time(now) tests
* CHANGED: make: update version info displayed by motd
* CHANGED: haveged: update to 1.9.2
* CHANGED: haveged: misc upstream commits
* CHANGED: others: just log result of renew-acme.sh without pipe to syslog
* CHANGED: webui: add empty field markers in wireless log
374.43_47DAj9527 (13 February-2021) ARM SDK, MIPS,ARM KRACK, KROOK
* CHANGED: init: make sure RT68U V3 odmpid set
* CHANGED: rc: shared: add mainline support for AC68U V3
* CHANGED: wl_arm: update wireless prebuilts for AC68U V3 support
* CHANGED: nfs: usb: add thread support to mountd
* CHANGED: nfs: arm: use updated nfs-utils; always enable mountd V2 support
* CHANGED: nfs-utils: arm: add release 1.3.5-rc6
* CHANGED: portmap: update to 6.0-20140623 snapshot
* CHANGED: stubby: update stubby-resolvers.csv
* CHANGED: nano: update to 5.5
* CHANGED: rc: start ntp client/wait for valid time before starting ddns
* FIXED: rc: cstats: update time checks based on new default system time
374.43_46E9j9527 (1 February-2021) ARM SDK, MIPS,ARM KRACK
Rollup of 47D builds without RT-AC68U V3 support
* NEW: dnsfilter: add WAN DNS 1/2 to filter selection list
* CHANGED: dnsmasq: update to 2.84 final (dnspooq)
* CHANGED: nettle: update to 3.7
* CHANGED: others: (backport) remove legacy entware-setup.sh symlink
* CHANGED: rc: (backport) limit fq_codel queues to 1000 packets instead of the default 10240
* CHANGED: httpd: (backport) cache require.min.js and jquery-ui.js browser-side
* CHANGED: openvpn: (backport) enable multihome for UDP servers
* CHANGED: wsdd2: (backport) identify as ASUSWRT WSD rather than NETGEAR WSD
* CHANGED: services: move forced ntpc start from dnsmasq to http/httpd
* CHANGED: wsdd2: start on lan connected instead of internet up
* CHANGED: dns: fallback to VPN strict instead of exclusive when disabling DoT with VPN DoT set
* CHANGED: webui: add stubby/dnssec enabled warning to ipv6 dns settings
* CHANGED: rc: update default system time (RC_BUILDTIME) to 01 Jan 2020
* CHANGED: httpd: convert apps.c to linux line endings
* CHANGED: webui: update html attributes for wireless psk
* CHANGED: httpd: buffer overflow protection strncpy/strlcpy (p2)
* CHANGED: httpd: buffer overflow protection snprintf (p2)
* FIXED: openvpn: do not add openvpn dns server when accept dns disable
* FIXED: webui: fix enumeration of selected stubby servers
* FIXED: webui: fix tools/wireless clients stats when radio is off
374.43_46E8j9527 (23-December-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: openssl: update CA bundle to 2020 December 9th version
* CHANGED: openssl11: update to 1.1.1i
* CHANGED: stubby: add quad9 edns servers
* CHANGED: webui: update printer server utility download link
* CHANGED: others: vpnrouting: allow private address routing to tunnel in table main
* CHANGED: openvpn: ignore unsupported ipv6 push configurations for ovpn client
374.43_46D7j9527 (29-November-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: make: ipset7 remove unrecognized option disable-rpath
* CHANGED: make: remove old libmnl and ipset_arm recipes
374.43_46D6j9527 (29-November-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: make: update for ipset-7
- CHANGED: ipset7: add 7.6
- CHANGED: libnfnetlink: add 1.0.1
- CHANGED: libmnl: add 1.0.4
374.43_46D5j9527 (22-November-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: openvpn: httpd: webui: (backport) implement stub/stub-v2 support
- CHANGED: openvpn: httpd: webui: (backport) implement tls-crypt-v2 support
- CHANGED: make: update for lz4 support
- CHANGED: lz4: add 1.9.2
- CHANGED: webui: openvpn: (backport) limit max data-ciphers length to 127 chars per OpenVPN doc
- CHANGED: openvpn: (backport) try to use CHACHA20-POLY1305 if supported by the remote end
* CHANGED: openvpn: asus-merlin customizations 2.5.x
* CHANGED: openvpn: update to 2.5.0
* CHANGED: openvpn: new cipher option naming
* CHANGED: wsdd: move start to watchdog to wait for internet up (needed for soap xml)
374.43_45EDj9527 (6-December-2020) ARM SDK, MIPS,ARM KRACK
* NEW: ntp: nvram option to attempt ntp sync without internet access (pass 2)
374.43_45ECj9527 (18-November-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: init: set unique machine-id during init
- CHANGED: doc: update fork options file
- CHANGED: services: mdns: do not restart avahi during reboot shutdown
- FIXED: others: fix typo in saving ifs state in jffs/nvram scripts
- FIXED: webui: update asus vpn faq web links
- FIXED: Revert "stubby: update resolvers csv with adguard changes (20201006)"
- FIXED: services: dnsfilter: fixed array error introduced with adguard servers
374.43_45EBj9527 (8-November-2020) ARM SDK, MIPS,ARM KRACK
* FIXED: webui: suppress ntp server sync reminder when ntp_update disabled
* FIXED: e2fsprogs: revert mke2fs.conf.in due to unsupported 64bit and metadata_csum options for ext4
374.43_45EAj9527 (29-October-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: webui: (backport) increase number of addons mount points to 20
- CHANGED: shared: (backport) add shared network_utility functions
374.43_45E9j9527 (17-October-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: nano: update to 5.2
- CHANGED: curl: update to 7.72.0
- CHANGED: zlib: update to 1.2.11
- CHANGED: e2fsprogs: update to 1.45.6
* CHANGED: e2fsprogs: define missing ULLONG_MAX on mips (from nano)
374.43_45E8j9527 (6-October-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: (backport) masquerade all client outbound traffic regardless of source subnet
- CHANGED: rc: (backport) suppress logging of failed modprobes
* CHANGED: dnsfilter: add adguard servers
* CHANGED: stubby: update resolvers csv with adguard changes (20201006)
* CHANGED: openssl11: update to 1.1.1h
374.43_45D7j9527 (25-August-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: aidisk: increase max number of samba/ftp user accounts to 15
374.43_45E6j9527 (16-August-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: webui: color code each guest wireless network in wireless log
* FIXED: openvpn: fix kill switch (block routed clients)
374.43_45D5j9527 (13-August-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: getdns: (upstream) Issue #430 listeners reply returned wireformat
* CHANGED: wl: don't set obss_coex for fixed 20M bandwidth
* FIXED: wl: workaround auto bandwidth bug in wireless bringup
374.43_45D4j9527 (8-August-2020) ARM SDK, MIPS,ARM KRACK
* NEW: lan: add support for lan-start custom script
* CHANGED: services: change services-start, services-stop to blocking scripts
* CHANGED: services: kill watchdog02 during reboot
* FIXED: ipv6: return null instead of empty string when wan6 interface disabled
374.43_45D3j9527 (28-July-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: dnsmasq: update to 2.82
* CHANGED: webui: restart_allnet instead off restart_net when changing static routes
- FIXED: other: fix am_get_webui_page() returning new mount point before matching existing file
* FIXED: webui: hide disable avahi option on mips routers
* FIXED: firewall: properly initialize start and stop vars for nsf
* FIXED: ddns: check certificate when updating googledns
374.43_45D2j9527 (20-July-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: make: dnsmasq: add default edns_pktsz
- CHANGED: busybox: sync config options with merlin
- CHANGED: make: busybox: update build recipe; set permissions on install
* CHANGED: build: arm: enable proc_page_monitor for top memory report
374.43_44EBj9527 (18-July-2020) ARM SDK, MIPS,ARM KRACK
* FIXED: webui: update state.js with fixed timezone test; remove local copy from Admin page
374.43_44EAj9527 (12-July-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: miniupnpd: (upstream) update upnpstun.c to 2.2RC1
* CHANGED: miniupnpd: webui: rc: add support for stun resolve of external address
* CHANGED: miniupnpd: allow port forwarding on any successful STUN server response
* CHANGED: miniupnpd: add config file option to set log_level
* CHANGED: miniupnpd: change default stun server to google
* FIXED: miniupnpd: use correct path for iptables
* FIXED: webui: fix openvpn stats for configs which do not return compression data
* FIXED: rc: wan: avoid unnecessary upnp restart during boot
374.43_44D9j9527 (06-July-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: miniupnpd: (backport) update to 20190824; allow cgnat wan address
* CHANGED: miniupnpc: update to 20200605 snapshot
* CHANGED: webui: truncate long port forward descriptions with ellipsis
374.43_44D8j9527 (1-July-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: webui: disable autologout for temp monitor
- CHANGED: rc: (backport) rework dns stub CVE-2018-20336
* FIXED: openvpn: fix removal of firewall rules on stop server/client
374.43_44E7j9527 (27-June-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: busybox: (backport) updated a few options to match upstream settings
* CHANGED: webui: (backport) add support for default DST/TDT timezone change data
* CHANGED: webui: add protection for locale parsing error in vpnstatus
* CHANGED: openssl: update CA bundle to 2020 June 1st version
- CHANGED: nano: (backport) update to 4.9.3
- CHANGED: www: (backport) update oui database
* FIXED: webui: limit computername in samba ui to 15 chars
* FIXED: webui: do not alert on open wifi if media bridge mode or radio disabled
374.43_44D6j9527 (29-May-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: dropbear: (backport) add Chacha20-Poly1305 authenticated encryption
- CHANGED: dropbear: (backport) fix ssh client connection with Chacha20-Poly1305
- CHANGED: dropbear: (backport) fix short packet validation in AEAD mode
* CHANGED: webui: (backport) update base timezone data
* FIXED: dropbear: fix ChaCha20 on 32-bit platforms
374.43_44E5j9527 (27-May-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: Revert "dropbear: (backport) add Chacha20-Poly1305 authenticated encryption"
* CHANGED: Revert "dropbear: (backport) fix short packet validation in AEAD mode"
* CHANGED: Revert "dropbear: (backport) fix ssh client connection with Chacha20-Poly1305"
374.43_44E4j9527 (24-May-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: dropbear: (backport) add Chacha20-Poly1305 authenticated encryption
- CHANGED: dropbear: (backport) disable 3des & cbc, tune fastopen options
- CHANGED: others: (backport) update amtm to 3.1.7
* CHANGED: nettle: update to 3.6
* CHANGED: curl: update to 7.77.0
- FIXED: dropbear: (backport) fix ssh client connection with Chacha20-Poly1305
- FIXED: dropbear: (backport) fix short packet validation in AEAD mode
- FIXED: dropbear: (backport) fix CBC_MODE can't be fully disabled
374.43_44D3j9527 (20-May-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: rc: ssh: (backport) add ed25519 key generation
* CHANGED: dropbear: (backport) sync accepted ed25519 support from upstream
* CHANGED: dropbear: (backport) add support for ed25519 as a public key type
* FIXED: webui: fix timezone test where date() contains a dash in description
* FIXED: make: fix segfault in hub-ctrl
374.43_44D2j9527 (08-May-2020) ARM SDK, MIPS,ARM KRACK
* NEW: build: add udp-broadcast-relay-redux
374.43_44D1j9527 (28-April-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: wanduck: add nvram enable for wanduck debug
* CHANGED: httpd: optimize debug; standardize debug variable name
* CHANGED: init: disable usb modem at start if not in use
* CHANGED: webui: add single/dual wan select for usb modem
* CHANGED: webui: update modem page for android tethering/services
* CHANGED: usbmodeswitch: update to 2.4.0 (v2)
* CHANGED: usb: update usb_device support (384.16)
374.43_43E9j9527 (28-April-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: rc: avahi: update to 0.7
* CHANGED: firewall: always load nat rules for primary wan
* CHANGED: webui: don't attempt restart when disabling mdns
* CHANGED: rc: avahi: wait for daemon stop; gen configs only if active
* FIXED: firewall: openvpn: fix duplicate openvpn rules on wan/openvpn restart
374.43_43E8j9527 (24-April-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: openvpn: update to 2.4.9
* CHANGED: openssl11: update to 1.1.1g
* CHANGED: others: update amtm to 3.1.6
* CHANGED: webui: update chart.min.js to 2.9.3
* CHANGED: nano: update to 4.9.2
* FIXED: wsdd2: only bind ipv6 based on linklocal address
* FIXED: curl: (upstream) smtp: set auth correctly
374.43_43D7j9527 (20-April-2020) ARM SDK, MIPS,ARM KRACK
* NEW: udhcpc: add continuous mode wan dhcp query (experimental)
* CHANGED: services: webui: add enable/disable option for avahi mdns
* CHANGED: webui: show mdns enabled with itunes server or timemachine
* CHANGED: services: webui: add switch for enable/disable lpd server
* CHANGED: stubby: update resolvers csv (20200417)
374.43_43E6j9527 (15-April-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: dnsmasq: update to 2.81 final
* CHANGED: others: limit check-log max lines to save to 200
* CHANGED: firewall: allow setting ttl spoof value; default to 65
* CHANGED: webui: unhide ddns password when selected
* CHANGED: others: v6hosts: check all neighbors for valid link-local addresses
* FIXED: webui: workaround onblur loop in chrome browser
374.43_43E5j9527 (12-April-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: other: v6hosts: clean up log formatting
* CHANGED: stubby: change log format to date/localtime
* CHANGED: stubby: update open logfile with append; don't redirect stdout
* CHANGED: rc: stubby: delete existing logfile on start
* CHANGED: radvd: use shared ifaddrs.c & system ifaddrs.h
* CHANGED: webui: cleanup addons title array call/naming
* CHANGED: webui: increase wait time for changing static routes
* CHANGED: others: add optional line count parameter to check-log
* FIXED: webui: fix typo in state.js user array
* FIXED: make: fix etc/ssl link to ca-bundle location
374.43_43D3j9527 (9-April-2020) ARM SDK, MIPS,ARM KRACK
* NEW: webui: support custom user addon gui integration
* FIXED: others: fix v6hosts handling of multiple ip6 neighbors; improve logging
374.43_43D1j9527 (6-April-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: radvd: update to 2.18
* CHANGED: radvd: add missing ifaddrs functions; add radvdump
* CHANGED: make: radvd: disable fstack-protector for MIPS builds
* CHANGED: radvd: supply missing defs for MIPS builds
* CHANGED: radvd: (upstream) fix segfault because of accessing NULL pointer
* CHANGED: radvd: (upstream) cleanups in send.c
* CHANGED: radvd: (upstream) crash on SIGHUP when config file removed
* CHANGED: radvd: (upstream) don't force -fstack-protector, the toolchain might lack support for it
* CHANGED: radvd: (upstream) fix wrong assignment of struct msghdr
* CHANGED: webui: (backport) include base64.js
* FIXED: services: disable stubby and dnscrypt if not in router mode
* FIXED: webui: do not allow invalid lan gateway during AP setup
* FIXED: others: fix logging option for autov6
374.43_42E9j9527 (5-April-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: jquery: update to 3.4.1
* CHANGED: webui: remove use of manifest.appcache now deprecated
* CHANGED: firewall: eliminate unnecessary ftp dnat rule when wan access not enabled
* CHANGED: watchdog: add disable switch for httpd check; check uses httpd_check.htm
* CHANGED: dropbear: (backport) strip version from ident
* CHANGED: httpd: (backport) add recv & send timeouts
* CHANGED: httpd: limit SSL certificate to 13 months if clock has been set
- CHANGED: firewall: (backport) add support for TTL spoofing
* CHANGED: make: clean up openssl/openssl11 install recipes
* CHANGED: stubby: dnsmasq: add support for nextdns id's and analytics
* CHANGED: stubby: dnsmasq: prevent setting nextdns analytics if other provider also selected
* CHANGED: dnsfilter: update service providers
* CHANGED: openssl11: update to 1.1.1f
- FIXED: httpd: allow single quote in usb device name
* FIXED: httpd: ensure all http requests are set in the tracking nvram var
* FIXED: webui: fix misc problems flagged by browser console
374.43_42E7j9527 (26-March-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: firewall: vsftpd: add nat rule for TLS/PASV when other FTP server defined
* CHANGED: www: add descriptive text to help in setting ftp port
* CHANGED: www: restart ftp/samba if enabled when changing vts rules
* CHANGED: www: restart firewall if changing ftp_tls state
* CHANGED: www: only show ftp port selection if vts conflict
* CHANGED: www: move ftp port selection to usb/ftp page and add ftp pasv port selection
* CHANGED: www: restart ftp/samba when changing wan access state
* CHANGED: openssl11: update to 1.1.1e
* CHANGED: rc: dnsmasq: remove 19036 trust anchor, now expired
* CHANGED: others: correctly handle comments in stubby resolvers
* CHANGED: others: add ms onedrive failure check to stubby-update-resolvers.sh
* CHANGED: openssl: (backport) update allowed ciphers
* CHANGED: pppd: (backport) fix bounds check in EAP code
* CHANGED: vsftpd: add native support for basic ftp_tls using router httpd cert/key
* CHANGED: vsftpd: rel 3.0 components compatible with common libdisk
* CHANGED: libdisk: update to last merlin 380 release
- CHANGED: vsftpd: (backport) misc ftp support
- CHANGED: vsftpd: backport vsftpd-3.x Makefile
- CHANGED: vsftpd: (backport) disable process isolation under MIPS
- CHANGED: vsftpd: (backport) apply ipv6 listen fix
- CHANGED: make: add support/default to vsftpd-3.x
- CHANGED: vsftpd: add release 3.0.3
* CHANGED: make: nettle: add autoreconf for future releases
* FIXED: nettle: corresponding fix to configure for false __builtin_bswap64
* FIXED: nettle: upstream fix configure check for __builtin_bswap64 commit 9f4180d6
* CHANGED: make: nettle: disable openssl benchmarks
* CHANGED: nettle: update to 3.5.1
- CHANGED: dnsmasq: make: (backport) support and enable NO_GOST compile flag
* CHANGED: dnsmasq: update to 2.81rc4-g3f60ecd
* CHANGED: dnsmasq: ASUS/Merlin custom modifications 2.81
* CHANGED: dnsmasq: rebase to 2.81rc3-g1627d57
* CHANGED: stubby: update resolvers csv
* CHANGED: stubby: add cron job for auto logfile management
* CHANGED: others: add check-log script for pruning logfiles
* FIXED: others: fix command error in check-log
* FIXED: others: update stubby-update-resolvers.sh due to changes in ms onedrive
* CHANGED: stubby: do not enforce tls-min 1.3 (closes #5)
* FIXED: getdns: revert upstream Record and guard UDP max payload size with servers 6cb1593
* CHANGED: stubby: remove cipher definitons not supported with openssl11 using api 1.0.0
- CHANGED: getdns: update Makefile for CMAKE
* CHANGED: stubby: disable TCP_FASTOPEN_CONNECT in runtime
- FIXED: getdns: fix ATTR_UNUSED detection
- FIXED: getdns: fix build with older gcc
- CHANGED: stubby: update to getdns 1.6.0/stubby 0.3.0
* CHANGED: stubby: dnscrypt: move resolvers csv source to rom directory
374.43_41EAj9527 (6-March-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: nano: update to 4.8
- CHANGED: curl: update to 7.69.0
- CHANGED: others: (backport) update amtm to 3.1.4
- CHANGED: busybox: (backport) add false applet
* CHANGED: rc: change unknown rc event log to info and account for possible custom events by script authors
- FIXED: httpd: (backport) fix host header parsing
* FIXED: vsftpd: fix segfault with openssl11 (error in backport)
374.43_41E9j9527 (15-February-2020) ARM SDK, MIPS,ARM KRACK
* FIXED: httpd: gencert: correctly set common work directory for key/cert gen
374.43_41E8j9527 (13-February-2020) ARM SDK, MIPS,ARM KRACK
* FIXED: webui: fix for formatting problem in Chrome layoutNG
374.43_41E7j9527 (12-February-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: other: (backport) update get_webui_page(), add functions to get/set addon settings
- CHANGED: others: (backport) replace Entware setup script with link to amtm
- CHANGED: others: (backport) added amtm script merlinng 384.15
- CHANGED: httpd: (backport) improve connection acceptance and handling
- CHANGED: httpd: (backport) fix malformed 200 OK status
* FIXED: others: fix script permissions
374.43_41E6j9527 (22-Janary-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: rc: (backport) add am_addons RC flag to denote support for third party addons
* FIXED: firewall: fix bad nvram nat_tuning reference
374.43_41E5j9527 (07-Janary-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: wget: enable openssl11
* CHANGED: vsftpd: enable openssl11
- CHANGED: email: enable openssl11; (backport) fix forced tls 1.0 connections
- CHANGED: netatalk: (backport) patch for OpenSSL 1.1.x support
* CHANGED: netatalk: enable openssl11
* CHANGED: ez-ipupdate: enable openssl11
* CHANGED: httpd: enable openssl11
* CHANGED: httpd: additional includes for openssl11
- CHANGED: httpd: (backport) use openssl11 when available for certificate generation
* CHANGED: https: enable openssl11
* CHANGED: mssl: enable openssl11
* CHANGED: samba3: enable lpthread
374.43_41E4j9527 (07-Janary-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: rc: (backport) use openssl11 when available for generating OpenVPN's certs
* CHANGED: openvpn: make: link to openvpn11
* CHANGED: openssl11: make: shared compile
- CHANGED: httpd: (backport) update location of openssl.cnf in gencert.sh script
- CHANGED: openssl: openssl11: (backport) set OpenSSL's default location to /etc/ssl/ and provide a link to the CA bundle
374.43_41E3j9527 (07-Janary-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: openssl: openssl11: change directory naming conventions
- CHANGED: openvpn: add errno status reporting
* CHANGED: openvpn: update build recipe
* CHANGED: easyrsa: add default openssl.cnf
* FIXED: stubby: re-add getaddrinfo workaround for MIPS dropped in last release
* FIXED: www: fix initialization of openvpn client dns privacy option
374.43_41D2j9527 (05-Janary-2020) ARM SDK, MIPS,ARM KRACK
* CHANGED: openssl: update to 1.0.2u
374.43_41D1j9527 (02-Janary-2020) ARM SDK, MIPS,ARM KRACK
- NEW: webui: (backport) add support for user-provided webui pages
- NEW: webui: (backport) add support for jsonc
- CHANGED: rc: (backport) only intercept udp requests to port 123, ntpd does not listen to tcp
374.43_40EDj9527 (02-Janary-2020) ARM SDK, MIPS,ARM KRACK
- CHANGED: updown: (backport) do not run openvpn-event if custom scripts are disabled
- CHANGED: rc: (backport) implement wan-event
- CHANGED: others: update stun servers used by getextip.sh
- CHANGED: curl: update to 7.67.0; fix build with CURL_DISABLE_DOH
- CHANGED: wsdd2: only retrieve missing parameters from smb.conf, in case one was already provided at runtime
- CHANGED: wsdd2: implement -N and -G parameters from upstream
- CHANGED: wsdd2: fix listening on dynamic interfaces
* CHANGED: shared: add 120sec timeout when running blocking scripts
374.43_40ECj9527 (12-December-2019) ARM SDK, MIPS,ARM KRACK
* FIXED: https: workaround for logon failure in chrome browser
374.43_40EBj9527 (21-November-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: dnsmasq: update to 2.80-g456a319
374.43_40EAj9527 (11-November-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: openvpn: update to 2.4.8
- FIXED: webui: allow empty local IP for IPv6 firewall rule
374.43_40E9j9527 (20-October-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: rc: openvpn: (backport) only re-generate server CA if it's missing, ignore server key/cert
- FIXED: httpd: (backport) fix incorrect mimetype for wcdma_list.js and help_content.js
- FIXED: openvpn: (backport) properly extract instance number in updown script
374.43_40E8j9527 (9-October-2019) ARM SDK, MIPS,ARM KRACK
- NEW: dns: (backport) implement option to prevent Firefox's automatic usage of DoH
- CHANGED: nano: update to 4.4
- CHANGED: curl: updated to 7.66.0; updated install recipe for library version 4.6.0
374.43_40E7j9527 (9-October-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: openssl11: update to 1.1.1d
- CHANGED: ssl: update root certificates to October 9th 2019 version
* CHANGED: openssl: update to 1.0.2t
374.43_40E6j9527 (13-September-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: miniupnpd: updated to 20190604 (git 765156b)
- CHANGED: nano: update to 4.2
- CHANGED: httpd: (backport) fix out-of-bounds read in handle_request()
- CHANGED: kernel-arm: tcp: (backport) refine memory limit test in tcp_fragment()
374.43_40E5j9527 (13-September-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: webui: (backport) update OUI database to 2018-08-17 version
- CHANGED: httpd: (backport) add "TLS Web Server Authentication" to certificate's extended attributes
- CHANGED: curl: (backport) update to 7.65.3
* CHANGED: dnsmasq: update to e24abf2 snapshot
374.43_40E4j9527 (17-August-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: gencert: (backport) replace deprecated genrsa command with genpkey
- CHANGED: rc: (backport) add service-event-end custom script support
- CHANGED: iptables: (backport) fix handling IPCMv6 reject --with-tcp-reset
- CHANGED: miniupnpd: (backport) fix ssdp notify on wrong interfaces
- CHANGED: rc: firewall: (backport) define VUPNP and PUPNP chains in repeater nat_settings
- CHANGED: sqlite3: (backport) add sqlite3 CLI command to firmware
374.43_40E3j9527 (16-August-2019) ARM SDK, MIPS,ARM KRACK
- NEW: wsdd: (backport) add support for windows ws device discovery
* CHANGED: wsdd: work around function differences in merlin vs fork
* CHANGED: wsdd: add nvram wsdd_enable
- CHANGED: shared: update ifaddrs.c to 384.13
- CHANGED: kernel: (backport) fix squashfs false-positive decode error
- CHANGED: kernel 2.6.36: (backport) improve sack handling and resource usage
374.43_40E2j9527 (14-August-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: make: ensure openssl lib link order correct for all components
* CHANGED: make: update recipes for openssl11 and getdns
- CHANGED: openssl11: The SHA256 is not a mandatory digest for DSA.
- CHANGED: openssl11: issue-8998: Ensure that the alert is generated and reaches the remote
- CHANGED: openssl11: Revert the DEVRANDOM_WAIT feature
- CHANGED: openssl11: update to 1.1.1c
374.43_40E1j9527 (14-August-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: openssl: update to 1.0.2s
- CHANGED: stubby: update to 0.2.6
* CHANGED: getdns: use upstream accepted typedef fix
* CHANGED: stubby: add logfile support when run as daemon
* CHANGED: getdns: add missing define for log_warn
* CHANGED: getdns: fix build errors with disable-dnssec-roadblock-avoidance
- CHANGED: getdns: update to 1.5.2
* CHANGED: make: remove deprecated enable-old-getaddrinfo define from getdns
* CHANGED: v6hosts: skip address verification if wireless client in powersave mode
374.43_39D4j9527 (18-April-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: webui: change label for ntp filter to SNTP
* CHANGED: webui: do not refresh dnscrypt/stubby server list when changing non-server options
374.43_39E3j9527 (17-April-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: shared: move custom script subroutines to shared directory
- CHANGED: samba: use common subroutines for custom scripts
* CHANGED: common: issue log for custom scripts which are not marked executable
* CHANGED: make: misc makefile cleanup
- FIXED: httpd: (backport) fix potential buffer overrun in alloc_string() - 384_45708
- FIXED: httpd: (backport) fix potential buffer overrun in ej_select_list
374.43_39D2j9527 (9-April-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: watchdog: force jffs syslog copy to be updated if earlier timestamp
374.43_39E1j9527 (5-April-2019) ARM SDK, MIPS,ARM KRACK
- CHANGED: rc: (backport) provide filesystem type as second argument to pre-mount script
- CHANGED: curl: update to 7.64.1
- CHANGED: nano: update to 4.0
- CHANGED: dropbear: update to 2019.78
- CHANGED: openvpn: (backport) increase interface queue length from 100 to 1000 bytes
- CHANGED: openssl: update CA bundle to 2019 January 23rd version
* CHANGED: dnsmasq: update to g5c464ef snapshot
374.43_38E6j9527 (15-March-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: webui: add port info to stubby selected servers list
* FIXED: webui: add public key to criteria for marking selected stubby servers
* FIXED: webui: capture ctrl-a in stubby servers selection
* FIXED: webui: correctly filter stubby ipv6 servers
* FIXED: webui: use correct resolver index when updating stubby server selection
* FIXED: webui: fix saving selected stubby servers on apply
* FIXED: stubby: fix bad addresses and reorder resolver csv
374.43_38E4j9527 (5-March-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: watchdog: check both stubby and dnsmasq in new dns_check
* FIXED: watchdog: prevent reboot scheduler from firing multiple times
* FIXED: services: fix handling of force mode in start_stubby
* FIXED: web: show DoT ipv6 dns servers on ipv6 system log page
* FIXED: webui: mark admin user disabled for mips openvpn server instead of removing entry
374.43_38E3j9527 (28-February-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: curl: update to 7.64.0
* CHANGED: nano: update to 3.2
* FIXED: wps: fix build env to correctly point to openssl dirs
* FIXED: openssl: properly specify rehash working directories
* FIXED: lan: fix error in dfs enable for AC66/N66
374.43_38E2j9527 (28-February-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: openssl-1.1.x: update to 1.1.1b
* CHANGED: openssl: update to 1.0.2r
* CHANGED: openvpn: update to 2.4.7
* CHANGED: dnsmasq: update to g162e5e0 snapshot
* CHANGED: arm: (backport) performance optimization
* CHANGED: openvpn: (backport) remove OFB ciphers from client, not supported by current OpenSSL build
* CHANGED: openvpn: (backport) drop CFB ciphers from client as they are never really used
* FIXED: phddns: (backport) use sizeof in fgets to reduce risk of buffer over runs
* FIXED: phddns: (backport) don't risk over running the buffer
* FIXED: ebtables: (backport) check -C parameters correctly
* FIXED: pppd: (backport) don't compare the pointer, compare the value
374.43_38E1j9527 (12-February-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: webui: do not add default http user for openvpn server on MIPS
- FIXED: infosvr: (backport) correct order of memset parameters
* FIXED: services: remove duplicate openvpn users from shadow
374.43_38D3j9527 (10-January-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: stubby: force tls1.3 and customer ciphers with openssl 1.1.x
* CHANGED: make: disable multi-thread support for openssl 1.1.1 on MIPS
* FIXED: webui: restart dnsmasq if changing state of sntp server
374.43_38D2j9527 (9-January-2019) ARM SDK, MIPS,ARM KRACK
* NEW: openssl: add 1.1.1a source
* CHANGED: make: static link openssl 1.1.x for getdns/stubby
* CHANGED: stubby: update yml gen to support new 0.2.4 dnssec extension
374.43_38D1j9527 (24-December-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: stubby: add logfile support when run as daemon
* CHANGED: make: getdns: use enable-old-getaddrinfo for MIPS compile
* CHANGED: getdns: add enable-old-getaddrinfo compile flag for older linux releases
* CHANGED: getdns: update to 1.50 final dist
* FIXED: getdns: fix build errors with disable-dnssec-roadblock-avoidance
* FIXED: getdns: add missing define for log_warn
374.43_37EAj9527 (8-January-2019) ARM SDK, MIPS,ARM KRACK
* CHANGED: dnsmasq: add dhcp-option 42 if router ntpd server is enabled
* FIXED: openvpn: correct error in vpn resolv.conf gen introduced by b30b11d32
374.43_37E9j9527 (15-December-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: miniupnpc: update to 20180507
- CHANGED: miniupnpd: update to 20181205
* CHANGED: init: stop logger after unmounting usb
- CHANGED: iptables: add TEE module for ARM routers
- CHANGED: openvpn: (backport) push LAN domain to clients if we have one set
- CHANGED: openvpn: (backport) implement support for server-pushed search domains
* FIXED: dnsmasq: only sighup to dnsmasq main process for autov6 updates
374.43_37E6j9527 (8-December-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: services: do not start dnsmasq/stubby/dnscrypt if in reboot
- CHANGED: httpd: (backport) made some sysinfo() calls more robust against malformed requests
* FIXED: httpd: fix CVE-2018-17022 buffer overflow exposure
374.43_37E5j9527 (30-November-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: stubby: update stubby-resolvers.csv
* FIXED: dnsmasq: re-apply some dnsmasq customizations dropped in last version update
* FIXED: getdns: (upstream) bugfix getdnsapi/stubby#140 fallback on getentropy failure
374.43_37E4j9527 (25-November-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: openssl: update to 1.0.2q
* CHANGED: openvpn: increase allowable key/cert size to 4999 bytes
- CHANGED: webui: limit SSHD auth key field to 2999 characters matching Merlin limit
374.43_37E2j9527 (23-November-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: dnssec: add server only validation option for DoT
* CHANGED: wanduck: failsafe restart dns encryption during wan start
* FIXED: qos: fix quantum calc for fq_codel
* FIXED: webui: fix saving of ddns internal/external option
* FIXED: webui: change text space to html nbsp in waiting prompts
* FIXED: webui: only display dnsmasq strict dnssec option when available
374.43_37E1j9527 (21-November-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: dnssec: add DoT option to select dnssec validator
* CHANGED: webui: add alert warning when disabling strict dnssec
* CHANGED: samba: add min protocal statement for SMB1+SMB2 option
374.43_37B4j9527 (6-November-2018) ARM SDK, MIPS,ARM KRACK
- CHANGED: avahi: (backport) no longer run as root, drop privs to nobody
- CHANGED: openvpn: (backport) replace OPENSSL_SSL_* and OPENSSL_CRYPTO_* with OPENSSL_LIBS and OPENSSL_CFLAGS
* CHANGED: openssl: (backport) clean up 1.0.2p build
* CHANGED: dnsmasq: update to 2.80-122392e snapshot
* CHANGED: getdns: (upstream) X509_get_notAfter not in OpenSSL 1.1.1 anymore
- CHANGED: udpxy: misc updates to 380.70
- CHANGED: udpxy: update to build 23
- FIXED: openssl: apply openwrt 180-fix_link_segfault.patch
374.43_37B3j9527 (5-November-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: openvpn: no longer default block ipv6 dns for client
* FIXED: getdns: (upstream) DS is always a delegation and never at the apex
* FIXED: getdns: (upstream) Fix finding signer of NSEC and NSEC3s
* FIXED: getdns: (upstream) Bugfix #399: Reinclude <linux/sysctl.h> in getentropy_linux.c
* FIXED: getdns: fix build errors with --disable-dnssec-roadblock-avoidance
374.43_37B2j9527 (4-November-2018) ARM SDK, MIPS,ARM KRACK
374.43_37B1j9527 (1-November-2018) ARM SDK, MIPS,ARM KRACK
* NEW: ddns: add ez-ipupdate support for external ip (double NAT)
* CHANGED: webui: always show stubby selected servers span, including when round-robin mode
* CHANGED: openssl: update CA bundle to 2018 October 17th version
374.43_36EAj9527 (1-November-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: nettle: update to 3.4
* CHANGED: dnssec: use stubby dnssec if stubby proxy enabled
* CHANGED: hosts: move computername hosts entry before defaults; add ipv6 computername entry
- CHANGED: nano: update to 3.1
- CHANGED: miniupnpd: updated to 20180907 (includes PCP fix)
* CHANGED: miniupnpd: change fail to info msg only for reserved/private ext addresses
* FIXED: iptables: fix iptables list formatting for ROUTE target
* FIXED: iptables: fix iptables-save for ROUTE target
* FIXED: udhcpc: prevent orphan instances of udhcpc on wan failure
* FIXED: openvpn: fix error in backport of lz4-v2 support
* FIXED: openvpn: fix username/password auth on MIPS
* FIXED: openvpn: also move ca.key to/from jffs/nvram via move scripts
* FIXED: make: add missing recipe for phddns
374.43_36E9j9527 (27-October-2018) ARM SDK, MIPS,ARM KRACK
- CHANGED: dropbear: Wait to fail invalid usernames (backport from upstream)
- CHANGED: openvpn: (backport) add option for lz4-v2
* CHANGED: webui: get default port forwarding desc from services file if defined
374.43_36E8j9527 (19-October-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: dnsmasq: update to 2.80 final including custom mods
374.43_36E7j9527 (5-October-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: afp: add support for merlin custom scripts
* CHANGED: dnsmasq: (backport) theMiron custom modifications
* CHANGED: dnsmasq: add wpad to valid_hostname check
374.43_36E6j9527 (3-October-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: dnsmasq: update to 2.80test7
* CHANGED: dnsmasq: reject wpad hostname (protect against VU#598349)
374.43_36E5j9527 (3-October-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: udhcpc: parse lan dns servers into individual server nvram vars
* CHANGED: webui: display 3rd lan dns server if automatic and not router mode
* CHANGED: dnsmasq: improve insecure dnssec log, ratelimit generic failure log msgs
* CHANGED: stubby: add nvram for stubby timeout and connection retries
* FIXED: openvpn: fix setting script-security without username/password auth on MIPS
374.43_36E4j9527 (27-September-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: Revert "wanduck: restart stubby/dnscrypt on WAN restore"
* CHANGED: openvpn: add global status for vpn server/client enabled
* CHANGED: webui: wan: only update vpn client dns mode on dns change if client enabled
* CHANGED: webui: openvpn: reset dns mode to exclusive on start if proxy selected but not active
* FIXED: wan: ensure dnscrypt/stubby/dnsmasq are properly restarted if required
* FIXED: services: fix memory leak in dnscrypt and stubby start
374.43_36E3j9527 (23-September-2018) ARM SDK, MIPS,ARM KRACK
* NEW: iptables: add tproxy module for ARM routers
* CHANGED: openvpn: MIPS: replace openvpn server username/password auth plugin with custom script
* CHANGED: openpam: (upstream) changeset 877 - memory leak in openpam_readlinev.c
* CHANGED: openpam: (upstream) backports from 20170430
374.43_36E2j9527 (22-September-2018) ARM SDK, MIPS,ARM KRACK
* CHANGED: wanduck: restart stubby/dnscrypt on WAN restore
* CHANGED: make: misc updates for stubby
* CHANGED: make: re-add usr directories to configure options for openpam
* CHANGED: make: remove openvpn deprecated disable-socks option, add openvpn missing libraries
* FIXED: getdns: add missing define for log_warn
374.43_36E1j9527 (19-September-2018) ARM SDK, MIPS,ARM KRACK !!!Repository Reset!!!
- NEW: dnsmasq: implement dns rebind protection
* NEW: firewall: add ntpd filter