forked from RMerl/asuswrt-merlin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangelog.txt
2123 lines (1902 loc) · 107 KB
/
Changelog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Asuswrt-Merlin Changelog
========================
378.56 (xx-xxxx-2015)
- NEW: Merged with GPL 7838.
- NEW: Support for Russian ISP Telenet (code by theMIROn)
- NEW: ipset support in dnsmasq (patch by ryzhov_al)
- NEW: default loglevel is now configurable and defaults to
5 (notice) instead of 0 (emergency)
- NEW: local syslogd loglevel is now configurable through the webui.
- NEW: Support for extra-certs in OpenVPN
- CHANGED: Updated miniupnpd to 20150723 snapshot
- CHANGED: Updated openvpn to 2.3.8
- CHANGED: Updated dropbear to 2015.68
- FIXED: Router crash when an invalid or corrupted DH parameter
is used on an OpenVPN server configuration.
- FIXED: 2.4 GHz temperature would be missing on the Sysinfo
page when disabling thee 5 GHz radio on the RT-AC3200.
- FIXED: Max tracked connection limit wasn't user-editable
- FIXED: Resource leaks in ez-ipupdate if an update failed
378.55 (17-July-2015)
- FIXED: DHCP lease page could get confused by IPv6 clients on
the LAN.
378.55 Beta 2 (11-July-2015)
- CHANGED: Updated dnsmasq to 2.73 RC9 (backport from GPL 6975)
- CHANGED: Updated odhcp6c to newer version (backport from GPL 6975)
- CHANGED: Updated openssl to 1.0.2d (fixes CVE-2015-1793, only present
in Beta 1 - 54_2 was not affected)
- CHANGED: Display existing key/certs on the OpenVPN pages once
they've been migrated to JFFS.
- FIXED: Time scheduler-related features (Parental Control & Wifi
scheduler) were broken (backported fix from Asus's GPL 6975)
(beta 1 regression)
- FIXED: QTN firmware was still being copied to RAM rather than rely
on the symlink to flash added in Beta 1, to save 4 MB of RAM.
(AC87U)
- FIXED: Dropbox cloud sync would fail on some setups (backport
from GPL 6975)
- FIXED: Entware-setup script would generate an invalid services-start
script
- FIXED: Duplicate zoneedit entry on the DDNS service list.
378.55 Beta 1 (3-July-2015)
- NEW: Merged with GPL 6117. Notable changes from Asus:
o New token-based webui authentication (more secure)
o OpenVPN certificates moved to JFFS2, saving nvram.
key/cert fields will show up empty on the webui,
any new key/cert you paste will be written back
to /jffs/openvpn/ . This means that if you revert
back to a previous version, your key/certs will
no longer be in nvram, so OpenVPN instances will
fail to start.
o New network client list on the network map
o CTF support for PPTP/L2TP WAN (Russian ISPs) (ARM)
- NEW: Reformatted DHCP lease list under System Log.
- NEW: Reformatted Port Forward page under System Log.
- NEW: Reformatted Route Table page under System Log.
- NEW: Reformatted IPv6 Status page under System Log.
- NEW: Display more details about UPNP/NAT-PMP/PCP redirections
on the Port Forward page.
- CHANGED: The JFFS2 partition is now always enabled, as it is
required by various firmware functions. The options
to format it or to enable/disable user config/scripts
remain configurable.
- CHANGED: Updated OpenVPN to 2.3.7.
- CHANGED: Updated OpenSSL to 1.0.2c.
- CHANGED: Use a pre-generated 2048-bit DH from RFC 3526 instead of
generating our own when doing the first time setup for
OpenVPN servers. This is necessary as openssl 1.0.2b and
up now reject 512-bit DHs, and generating a 1024-bit
would take far too long on a router.
The end-user still has the possibility of providing his
own - as long it's 1024-bit or stronger.
- CHANGED: Updated minidlna to upstream Git snapshot from 2015-06-26,
and switched to the newer build system.
- CHANGED: Upgraded ffmpeg from 0.6.0 to 0.7.17.
- CHANGED: Accept DHCP lease duration of up to 31 days on the DHCP page
- CHANGED: No longer regularly flush caches from memory on ARM
router. This will mean a lower amount of free memory is
shown, however that memory gets freed whenever something
actually needs it, so this is normal. (ARM)
- CHANGED: Display the size of cache memory on the Tools -> Sysinfo page
- CHANGED: Improvements to the Networkmap (ability to remove an entry,
removed the alert() from modifying an existing entry)
- CHANGED: Save over 4 MB of RAM on the RT-AC87U by not copying
the QTN firmware to RAM (RT-AC87)
- FIXED: Wireless Log page would fail to load if the SSID
contained certain characters
- FIXED: Wireless Log page would fail to load when in Media Bridge
mode on the RT-AC87U
- FIXED: DDNS page would complain about an empty account field
when setting it to CUSTOM with no prior value in that field.
- FIXED: Automatically generated DH was too weak (512-bit) and
preventing clients based on newer OpenSSL releases from
connecting. We automatically replace any weak PEM with our
2048-bit one.
- FIXED: minidlna could get stuck building its database (reverted
Asus's recent memory optimizations)
378.54_2 (10-June-2015)
- FIXED: The exported opvn config for clients had the incorrect port
value.
- FIXED: Busybox's zcip was missing a patch from 378_4950, preventing
it from working (and in turn preventing igmpproxy from working
for people with PPPoE connections where their modem does not
provide any DHCP lease to the physical WAN interface)
378.54_1 (8-June-2015)
- Some of the builds were unstable, did a complete recompile of all
releases. There was no code change.
378.54 (7-June-2015)
IMPORTANT: if you were previously using the AiProtection ad blocker, you
will need to manually disable it over SSH after flashing this
release, by running the following commands:
nvram set wrs_adblock_popup=0
nvram set wrs_adblock_stream=0
nvram commit
- NEW: Merged with Asus GPL 378_5134.
- NEW: OpenVPN policy rules can now be set to route matching traffic
through either the tunnel, or to your ISP (allowing you to
create exceptions to your tunnelling rules)
- NEW: Added OpenVPN server setting to let the OS manage
socket buffers (by inserting rcvbuf 0 and sndbuf 0 in
the server configuration)
- CHANGED: Upgraded OpenSSL to 1.0.2a, adding new tls ciphers
to OpenVPN and the https webui
- CHANGED: Updated miniupnpd to 1.9.20150430
- CHANGED: Reverted kernel backport of the parallel printer support,
and reintroduced fix in lprng. This should hopefully fix
the recent printing breakage issues.
- CHANGED: Removed AiProtection's ad blocker, as it's too buggy to
be usable, breaking numerous mobile applications,
and not being configurable in any way.
- CHANGED: OpenVPN policy routing rules are now applied at boot
time (when WAN comes up), so clients who are blocked while
a tunnel is down will immediately be blocked until
the tunnel comes up.
- CHANGED: Upgraded Quantenna firmware to 378_6065 release (AC87)
- FIXED: Router DNS weren't reverted to their original values
when shutting down an OpenVPN client with "explicit-
exit-notify" enabled. Now we manually clean it up
after the user manually terminates the client - it might
still not be cleaned up after an unexpected shutdown however.
Ideally, users should try avoiding using this setting when
possible.
- FIXED: Some legitimate VPN packets could get dropped due to their
conntrack state. Now, only INVALID packets coming from the
WAN interface are dropped.
- FIXED: OpenVPN client would sometime try to connect before the clock had
been set by NTP at boot time, preventing it from connecting.
- FIXED: AiProtection security check would fail to load when Dual WAN is
enabled
- FIXED: Various fields would allow you to enter a single quote character,
which could break the webui. Now these fields re-validate the
content after you deactivate the text field.
- FIXED: Switching between All Traffic and Policy Mode OpenVPN routing while
the option to block traffic when the tunnel goes down wasn't
properly removing those rules, so a tunnel going down in
All Traffic would still block policed clients.
- FIXED: EMF wasn't working on ARM models (missing userspace tool)
378.53 (26-Apr-2015)
- NEW: Merged with Asus GPL 378_4980 (with pieces from 378_4850 for AC56/AC68
and 378_5183 beta for AC87)
- NEW: OpenVPN policy routing. You can select client IPs or destination
IPs which you want to route through your VPN tunnel. You can enter
a single IP (192.168.0.1) or a whole subnet in CIDR format (for
example 74.125.226.112/30).
You can optionally block WAN access to these as well when the
tunnel goes down.
- NEW: Ad blocker based on Trend Micro's Web Reputation System (WRS).
This is an EXPERIMENTAL feature implemented by Asus but that
isn't enabled in the stock firmware.
- CHANGED: Updated Tor to 0.2.5.12
- CHANGED: Those providing a signed SSL certificate for httpd can now
provide chain certificate. The three PEMs must be in
that order: client, intermediate, CA. (Patch by sasoiliev)
- CHANGED: The setting to enable the neighbour solication filter rule
for Comcast's request flooding was changed to "ipv6_ns_drop",
and now defaults to "0" as this hack causes issues with
other ISPs.
- CHANGED: Backported dnsmasq patch that reverts a fix for Windows 8
clients as it could cause issues with other clients.
- FIXED: DNSFilter would fail if you had it set to "Router", and didn't
have a DNS IP entered on the WAN page.
- FIXED: MSS clamping wasn't applied to traffic in both direction, moved
it to the mangle table.
- FIXED: OpenVPN client firewall "external" mode does not exist - removed
from the webui.
- FIXED: PPTP account list could become corrupted after removing an entry
on the PPTP server page.
378.52_2 (5-Apr-2015)
- CHANGED: Updated AiCloud prebuilt binaries for MIPS models
- CHANGED: Applied kernel patch for MIPS kernel ported from 376_3861,
related to CTF support
- FIXED: AiCloud would fail to start unless you had HTTPS enabled for
the webui (causing the key/cert to be missing)
- FIXED: DDNS hostname would become corrupted after backing up
your router configuration (Asus bug)
378.52 (3-Apr-2015)
- NEW: Merged with Asus GPL 378_4608
- NEW: Added ECDHE support to the webui (when accessed over HTTPS)
- NEW: The DHCP server can now provide a second DNS to its clients
- NEW: You can tell the router not to advertise itself as a DNS
- NEW: Experimental Tor support (feature originally developed by
Asus, but not available yet on stock firmware). You can
enable it in the VPN section of the webui.
- CHANGED: Updated miniupnpd to 1.9.20150309
- CHANGED: You can no longer disable the JFFS2 partition if
Traffic Analyzer is enabled. Likewise, you can
no longer enable Traffic Analyzer if the JFFS2
partition is disabled.
- CHANGED: The selected refresh rate of the Wireless Clients
page will be saved to a cookie
- CHANGED: Removed obsolete (non-safe) ciphers such as RC4
from the router's https webui
- CHANGED: Updated OpenSSL to 1.0.0r
- CHANGED: Removed Turbo button support from webui, as that feature
doesn't work with the current bootloader everyone is
using now (RT-AC68)
- CHANGED: Performance optimization to the httpd, dropbear
and rc services
- FIXED: 2.4 GHz and 5 GHz-1 clients were swapped on the
Sysinfo page (RT-AC3200 only)
- FIXED: Wifi PSK wasn't blurred until activated (regression
from 378.51)
- FIXED: Samba's custom config/postconf were ignoring the
state of the global option to enable them (they
would always be used)
- FIXED: Samba's custom config/postconf usage wasn't logged
- FIXED: Some services would fail on their first attempt
to start at boot time due to the QTN subsystem
taking too long. Implemented patch from Asus
which eliminates the long QTN stall at boot
time. This resolves the issue where some users
had trouble connecting their WAN at boot time (RT-AC87U)
- FIXED: NAT rules could occasionally fail to be applied
(patch by john9527)
- FIXED: The Apply button on the Adaptive Bandwidth page
had a clickable area so wide that it even covered
part of the left side menu. (Asus bug)
- FIXED: USB menu was removed instead of Parental Control on
DPI-enabled models
- FIXED: QoS page was still available on the AP/RP modes on
DPI-enabled models
- FIXED: Error on OpenVPN Server page if using a DHCP pool for
connected clients.
- FIXED: UPNP would be reported as enabled on the security report
if it was enabled on the secondary WAN even if Dual WAN
itself wasn't enabled. Now we check that Dual WAN itself
is also enabled before reporting so. (Asus bug)
- FIXED: mtd-erase was unable to erase the brcmnand partition, which
is used as the JFFS2 partition starting with the RT-AC66U
(patch by benoitm974)
- FIXED: JFFS2 partition couldn't be formatted for all routers but
the RT-N66U (wrong partition name). Also resolved the case
where a second reboot was required to mount it.
- FIXED: RT-AC3200 port numbering was reversed on the Sysinfo page.
378.51 (6-Mar-2015)
- CHANGED: Updated OpenSSL to 1.0.0q (no real code change)
- CHANGED: Split the changelog into a separate file
- CHANGED: Added logging on custom config/script execution.
An error message will also be logged if those
are disabled while such a file is found.
- CHANGED: Allow pasting the password in some fields that would
disable it (patch by gfairchild)
- FIXED: RSSI not reported for guest clients (beta 1 regression)
- FIXED: DM failing to install on RT-AC66U (beta 1 regression)
378.51 Beta 1 (28-Feb-2015)
- IMPORTANT: The RT-N16 is no longer officially supported. The increased
number of separate router platforms is becoming too much of
a burden for one single developer, as some features must be
implemented 2-3 separate times for different architectures.
The RT-N16 support will remain in the source code, so other
developers can still compile their own builds, and possibly
take over for supporting this older platform. However, no new
features will be implemented, and it will no longer get
tested. I still welcome external contributions if
someone else wants to take care of testing and providing
fixes to new issues.
- NEW: Added support for the RT-AC3200.
- NEW: ARM support for Entware, using Zyxmon's Qnapware repository.
- NEW: Re-designed Wireless Log page displaying connected wireless
clients. The new page uses Ajax to automatically update
itself at a user-selected frequency, for near realtime
monitoring of your connected wifi clients.
- NEW: NAT loopback can now be chosen between Disable, Asus's original,
and Merlin's own (based on Phuzi0n's original DD-WRT design). The
option can be found on the Firewall page.
- CHANGED: Reverted RT-AC66U driver to previous version as some users
were experiencing stability issues with the 3754 version.
- CHANGED: Updated p910nd to 0.97 to resolve incomplete print jobs
(patch by stsichler)
- CHANGED: Updated Samba to 3.6.25
- CHANGED: The Entware setup scripts will now backup any existing
installation rather than remove it (patch by TeHashX)
- CHANGED: Re-implemented our original NAT loopback code, with attempts
at reconfiguring it whenever the DPI engine is restarted.
This is still experimental, as most of the DPI engine is
closed source, so unsure if the loopback gets re-enabled
in every regular DPI restart scenarios.
- CHANGED: Disabled the offline default error page. Clear your offline
content in your browser to fully get rid of it.
- CHANGED: Removed security warnings if FTP/Samba are configured to
allow unauthenticated users.
- FIXED: Issues when connecting with Russian ISPs relying on DHCP+VPN
(such as Beeline)
- FIXED: When enabling WAN access to webui, the router would always
forward both http and https ports regardless of if either of
these were disabled.
- FIXED: Shared printers over LPRng would sometime fail to
completely print the last page (patch by stsichler)
- FIXED: CVE-2015-0240 security issue in Samba 3.5.8 (used by
AiCloud). The main Samba daemon was patched by the
update to 3.6.25.
378.50 (7-Feb-2015)
- IMPORTANT: You must do a factory default reset, and manually
reconfigure your setting if coming from a version
older than 378.50. Failure to do so can
lead to various issues with wifi, OpenVPN,
and the new AC68U bootloader.
- IMPORTANT: Please read this changelog, especially the changes
related to jffs, user scripts/config and OpenVPN in
the previous 378.50 betas.
- NEW: Merged with Asus GPL 378_4129 code.
- CHANGED: Reverted back to vsftpd 2.x, as 3.0.2 doesn't work properly
on MIPS architectures (and possibly other particular
scenarios as well).
- CHANGED: Added warning to the DDNS page if you set the type
to Custom and either JFFS or custom script support isn't
enabled
- FIXED: A few unescaped quotes in the French dict breaking VPN pages
- FIXED: MAC list would get corrupted when removing and re-adding
entries on the MAC filter list
- FIXED: AC68U CFE update wasn't written to flash due to permission
issues
- FIXED: Static Key field wasn't visible when using HMAC authentication
- FIXED: syslogd was always enforcing the -S switch
- FIXED: When setting a static DHCP from the networkmap, the user-entered
name wouldn't be used. Now it gets used, and we rely on the rc
daemon to properly handle it if it's not a valid hostname (it will
simply not provide it to dnsmasq's static name list).
378.50 Beta 2 (31-Jan-2015)
- NEW: Added custom config and postconf support for avahi, netatalk
and mt-daapd (iTunes server).
- CHANGED: Moved the AC68U CFE update process to the same location
as in GPL 3626 to see if it works more consistently.
- FIXED: Non-DPI build of AC56U had incompatible Tuxera modules
- FIXED: vsftpd wouldn't start if you had IPv6 enabled.
- FIXED: Asus had disabled the NAT loopback fix on MIPS's iptables
in GPL 3762. Re-enabled.
- FIXED: Wireless clients that hadn't communicated in a while wouldn't
be properly shown on the Wireless log (patch by pinwing)
- FIXED: QoS rules weren't applied properly when IPv6 was enabled
(was changed in recent GPL - reverted it)
- FIXED: Can't apply a Custom DDNS if you don't have something entered
in the username/password fields (shown in other DDNS services)
- FIXED: NFS page wasn't properly loading
378.50 Beta 1 (25-Jan-2015)
- IMPORTANT: You must do a factory default reset, and manually
reconfigure your setting. Failure to do so can
lead to various issues with wifi, OpenVPN,
and the new AC68U bootloader.
- IMPORTANT: Please read this changelog, especially the changes
related to jffs, user scripts/config and OpenVPN.
- NEW: Merged with Asus 378_3913 GPL code. Most notable changes:
* Trend Micro DPI engine for RT-AC68U
* Updated Trend Micro engine for RT-AC87U
* Updated Quantenna firmware/driver
* Various updates to 3G/4G support and Dual WAN
- NEW: ddns-start user script, executed after the DDNS update
was launched (can be used to update additional services)
- NEW: Custom DDNS (handled through ddns-start script)
See the documentation for how to create such
a script.
- NEW: Option to enable support for custom scripts and
config files. This option is disabled by default, so
if you have a broken script that prevents the router from
booting, doing a factory default reset will ensure that the
broken script won't be executed, and recover access to the
router. This is necessary since the JFFS2 partition is
now enabled by default.
- CHANGED: Added logo to DNSFilter on the AiProtection
homepage (contributed by Piterel)
- CHANGED: Updated Openssl to 1.0.0p
- CHANGED: Merged Asus's newer NTP update code, with a fix
to prevent hourly log spam from the update process
when in a DST enabled timezone.
- CHANGED: Updated vsftpd to 3.0.2 (newer version used by
Asus on their Qualcomm-based routers)
- CHANGED: the qos-start script will be passed an argument
that will contain "init" (when setting up tc)
or "rules" (when setting up iptables).
- CHANGED: JFFS2 partition is now enabled by default, to be in
sync with Asus, who are starting to make use of this
partition.
- CHANGED: The Local IP in an IPv6 firewall rule can now be
left empty.
- CHANGED: Download Master will now be downloaded at install time
rather than included in the firmware, to increase the
amount of space available to JFFS - this matches
the AC56/AC68. (N16, N66)
- FIXED: Under certain conditions, the OpenVPN server page
would report an initializing state when it was
already running.
- FIXED: First OpenVPN client/server instance wasn't properly
run on the second CPU core, resulting in lower
performance (AC56/AC68/AC87)
- FIXED: Router IP wasn't advertised through DHCP as WINS
server if WINS was enabled
- FIXED: OpenVPN would crash if specifying "None" as
the cipher (regression in OpenVPN 2.3.6)
- FIXED: The "empty" category was removed by Asus a
few months ago, preventing you from removing
an assigned priority on the Adaptive QoS
page. Re-added it.
- FIXED: Port triggers weren't written to the correct
iptables chain (Asus bug)
- FIXED: When moving from stock to this firmware, the OpenVPN
Server 1 instance gets automatically enabled because
Asus hardcodes "1" into the nvram setting that handles
start at wan. Changed to a different nvram to resolve
this conflict. This means everyone must re-enable their
OpenVPN server instance after upgrading from any version
before 376.50.
- FIXED: dnsmasq would run out of available leases if you had a
very small DHCP pool combined with many out-of-pool
reservations. Now the limit will be either 253 or the
pool size, whichever is the largest (Asus issue)
- FIXED: SSHD port forwarding couldn't be enabled/disabled
- FIXED: DHCP log spam when using IPv6 with a Windows 8
client (patch by pinwing)
- FIXED: snmp exposes a lot of sensitive information such as
login credentials, therefore all the custom Asus MIBs
have been disabled.
- FIXED: Very long SSIDs with special characters/spaces in them
would be shown as "undefined" in the banner.
- FIXED: Curl would fail to access SSL sites due to lack of
a CA bundle.
376.49_5 (9-Jan-2015)
- FIXED: Vulnerability in infosvr (CVE-2014-9583) (Asus bug)
- FIXED: Additional security issue in infosvr (incorrect memcpy()
call) (Asus bug)
376.49_4 (27-Dec-2014)
- FIXED: WAN page error when entering a hostname, and broken
UPNP FAQ link
- FIXED: OpenVPN Server wasn't showing the Advertize DNS to
Client option (regression from 3677 merge)
- FIXED: bootloop when enabling Traditional QoS (or any other
feature that forces CTF to be disabled) due to
FA being left enabled (Asus bug) (AC87)
376.49_2 (23-Dec-2014)
- FIXED: Asus DDNS couldn't be configured on the webui
- FIXED: OpenVPN server wouldn't let you edit user accounts
- FIXED: Missing DLNA icon on clients (Asus bug) (N66, AC66)
376.49 (21-Dec-2014)
- NEW: Merged with Asus GPL 376_3677. This new code
includes a lot of changes related to USB modem
support.
- NEW: IPv6 handling based on dnsmasq + odhcp6c. This new
code which has been developped by Asus these past few
months but kept disabled so far has been enabled.
Initial tests show much better reliability with
different ISPs.
- NEW: Added IPv6 support to DNSFilter (currently only
Yandex has IPv6 servers). Note that unlike IPv4
filtering, we cannot automatically NAT queries
to the desire server, so the current implementation
works like Asus's YandexDNS service, where IPv6 servers
are simply returned to DHCPv6/RA client queries,
and ip6tables ensures that you cannot override
them, by rejecting connection to other DNS servers.
- CHANGED: Merged newer DPI engine from 378_3123 beta
(AC87)
- CHANGED: Removed SSLv2 and v3 support from OpenSSL
(we had already stopped using these in
376.48, so this removes unused code)
- CHANGED: The VPN webui is now a bit closer to Asus's code.
This will mostly make it easier to keep in
sync with future changes to that UI by
Asus (they rearranged the layout a bit in
376_36xx).
- CHANGED: Updated OpenVPN to 2.3.6
- CHANGED: Reverted to Asus's max-lease number calculation
for dnsmasq
- CHANGED: Hide wireless key on settings page unless field
has focus (patch by John9527)
- CHANGED: Ported USB 3.0 (XHCI) kernel driver from
Netgear GPL (which seems to have in turn
backported it from upstream kernel 3.x)
- CHANGED: Updated Quantenna to v36.7.3.23 (AC87)
- FIXED: vsftpd wasn't properly compiled with SSL
support.
- FIXED: MAC filtering couldn't be disabled on Guest
networks (Asus bug) (Patch by John9527)
- FIXED: Various fixes and tweaks to the new IPv6
code from Pinwing and saintdev
- FIXED: Editing a client on the networkmap would
cause any matching DHCP reservation entry to
lost its hostname
- REMOVED: The web redirection control setting was
removed, as it is being replaced by the
(simpler) redirection setting Asus added
to the System page.
376.48_3 (20-Nov-2014)
- FIXED: NAT loopback was broken on MIPS devices
(backported Asus fix from 376_3626)
376.48_2 (8-Nov-2014)
- FIXED: Samba would fail to start on the RT-N16 due to a
missing library.
376.48_1 (7-Nov-2014)
- FIXED: Max-lease calculation Asus introduced in 376_2769 is
broken - re-hardcode it to 253 like they used to do in
previous release. Will be properly fixed once they
release a newer GPL with this issue resolved.
(Asus bug)
376.48 (7-Nov-2014)
- NEW: Added the RT-AC68P to the list of supported devices
- CHANGED: Use sha256 checksums instead of MD5 for improved
security when validating your downloads.
(note: checksums are also posted on the support
forum at SmallNetBuilder)
- CHANGED: Switched my fix for unmounted/hidden partition
support with Asus's own fix from GPL 3561.
- FIXED: Samba would fail to start if the router admin username contained
upper case characters. Samba was modified to have it try to
local the UNIX user as provided (it was previously only
trying upper and lower case versions) (Samba 3.6 bug)
376.48 Beta 3 (02-Nov-2014)
- CHANGED: Updated miniupnpd to release 1.9 (plus upstream PCP fix)
- FIXED: Couldn't edit share permissions for Samba if your disk
contained an unmounted/hidden partition (Asus bug in 2769)
- FIXED: Couldn't edit share permissions for Samba for the RT-N66U
internal SDcard reader (Asus bug in 2769)
- FIXED: Missing Max User field to Samba page (Asus bug)
376.48 Beta 2 (26-Oct-2014)
- NEW: Added logo to the webui header
- CHANGED: Samba 3.6 will now use libiconv to handle
charset conversion (will resolve CP850
warnings amongst other things)
- CHANGED: Updated miniupnpd to 20141023 code from Github.
- CHANGED: Updated dropbear to 2014.66.
- CHANGED: Reverted NTP update code to GPL 2678 in hopes of
resolving the few cases where it didn't work anymore.
- FIXED: minidlna is once again able to use inotify for updates.
A temporary workaround has been implemented where
minidlna will be staticly linked with a threadsafe
build of sqlite3, while BWDPI will continue to use
the shared non-threadsafe library. (Asus bug)
376.48 Beta 1 (18-Oct-2014)
- NEW: Merged with Asus 376_2769 AC87 GPL
- NEW: Enabled numerous modules in net-snmp (based on the list
used by OpenWRT)
- NEW: Added postconf and custom config support for snmpd.conf
- NEW: Added HID support to ARM kernel (AC56,AC68,AC87)
- CHANGED: Reverted NAT loopback code to Asus's, since our own
code is currently broken by recent FW code changes.
- CHANGED: Updated openssl to 1.0.0o, resolving a few security issues.
- CHANGED: Disabled SSLv2 and SSLv3 support for https access to the
router webui. IE6 users, your time is up - upgrade.
TLS 1.0 is now the only supported protocol.
- CHANGED: upgraded main Samba server from 3.0.x to 3.6.24. This might
cause a slight drop in performance, but should improve
both reliability and security.
- FIXED: DNSFilter client list dropdown would sometime be empty.
- FIXED: DNS queries run on the router were forwarded to upstream
nameservers instead of the local dnsmasq
- FIXED: Re-added the USB HID kernel module needed for UPS monitoring
(patch by ryzhov_al)
- FIXED: Incorrect top margin on some pages such as AiCloud, and
stretched font on the progress splash (Asus bug)
- FIXED: URL and keyword filtering wasn't working under certain
situations when CTF was enabled
- FIXED: Mac Filtering wasn't working with Guest networks
(Asus bug) (Patch by saintdev)
- FIXED: Chosing a client on the MAC Filter page wasn't properly
filling the Name field. Also reorganized layout a bit.
376.47 (20-Sept-2014)
- NEW: Added sha256 and sha512 HMAC support to dropbear (SSH)
- CHANGED: Moved OpenVPN postconf scripts right before server/client
gets started, so you can also use them to modify the other
generated files such as the exported ovpn config file.
- FIXED: SSHD options visibility (patch by pinwing)
- FIXED: EMF/IGMP settings were reverting to the select profile
default (Asus bug introduced in GPL 2678)
- FIXED: PPTP account list failed to display (regression in Beta 1)
- FIXED: VPN server page was switching back to PPTP when changing
OpenVPN unit and you were initially on the PPTP page
- FIXED: Activity indicator wasn't shown during a networkmap
scan
376.47 Beta 1 (14-Sept-2014)
- NEW: Merged with Asus GPL 2678 (AC87)
- NEW: Report Quantenna FW version on Sysinfo page
- NEW: Enabled experimental FTP and Samba Cloud Sync support in AiCloud.
This feature is still in development by Asus, so it might not be
fully functional yet.
- NEW: Enabled experimental SNMPD support, under Administration -> SNMP.
This feature is still in development by Asus, so it might not be
fully functional yet. (not available on the RT-N16)
- NEW: Added option to enable WAN access to SNMPD, defaults to disabled.
(Asus's implementation has it open to the WAN by default)
- CHANGED: Re-increased max allowed FTP user limit to 10 (was reverted
to 5 in the GPL merge when the setting was moved to the
FTP page)
- FIXED: PPTPD was getting enabled every time you clicked Apply while on
the PPTPD VPN Server page
376.46 (26-Aug-2014)
- NEW: Merged with Asus GPL 2061. This is essentially
the new QTN driver for the AC87.
- FIXED: Various webui issues with IE10/IE11 (patch by pinwing)
- FIXED: OpenVPN Client page was visible on the RT-N16
- FIXED: DHCP pool validation error on VPN Server advanced page.
- FIXED: Couldn't edit the first VPN Client entry due to broken
duplicate check (Asus bug)
376.45 (17-Aug-2014)
- NEW: Compiled vsftpd with SSL support (must be manually
configured if you intend to use it)
- NEW: Report FA state (Level 2 CTF) on Sysinfo page.
- CHANGED: Updated dropbear to 2014.65.
- CHANGED: Updated openssl to 1.0.0n (numerous
security fixes)
- CHANGED: Updated lzo to 2.08
- CHANGED: Reworked VPN Server pages to be more intuitive
- FIXED: Garbled client dropdown selector on DNSFilter page
- FIXED: The Comcast neighbour solicitation block wasn't
enabled anymore (regression in 376.44) (Patch by
Sinshiva)
- FIXED: 5 GHz N+AC mode was incorrectly setting router to
N-only mode (Asus bug, fix backported from 2381,
additional fix by me for AC66)
- FIXED: PControl page failing to display on French and
Italian locales (Asus bug)
- FIXED: IPv6 can occasionally fail to work properly when
using a PPPoE WAN interface (patch by pinwing)
376.44 (3-Aug-2014)
IMPORTANT: Make a backup of your JFFS partition if upgrading
an RT-AC56U or RT-AC68U and you have stored files
on that partition! The partition layout has been
changed.
- NEW: Merged with Asus's 376_2044 GPL.
Summary of changes:
* New networkmap, lets users edit device names,
assign icons to devices, etc...
* Reworked IPv6 support
* New filesystem driver provider for NTFS/HFS+/FAT
* Webui visual update
* Updated components (minidlna, radvd, dnsmasq)
- NEW: Added support for RT-AC87U.
- CHANGED: Updated N66U wireless driver to Asus's 1071 build
- CHANGED: Updated miniupnpd to Git head (as of 20140731)
- CHANGED: The JFFS partition on ARM devices now uses
Asus's code, which means the whole unused space
is now used for the JFFS partition.
(AC56, AC68)
- CHANGED: Made all ARM models use the new filesystem drivers from Tuxera,
resulting in general improved USB disk performance (and
hopefully improved reliability as well) (AC56, AC68)
- CHANGED: The wifi notification icon will now report
channel and channel width for the 5 GHz band,
as the extension channel wasn't always accurately
reported.
- CHANGED: Reworked layout of SSH settings on System page (based
on Asus's own WIP)
- CHANGED: Allow FQDN (hostname + domain) rather than just
hostnames on the WAN page (some ISPs require that)
- FIXED: Missing mDNSResponder daemon preventing mt-daapd
from working on MIPS devices (N16,N66,AC66)
- FIXED: System Log wouldn't properly be positioned
at the bottom (Patch by John9527)
- FIXED: DNSFilter clients configured to bypass DNSFilter
would still be prevented from using an IPv6 DNS.
- FIXED: Incorrect IPv6 prefix if not a multiple of 8
(patch by NickZ)
- FIXED: OpenVPN firewall cleanup was missing rules
(patch by sinshiva)
- FIXED: Minidlna issues with Philips smart TVs
- FIXED: SSHD brute force protection wasn't working if
Dual WAN was enabled and set to LB mode.
- FIXED: Miniupnpd error flood in Syslog when using a
Plex server on your LAN (fix from upstream)
- REMOVED: Reverted various IPv6-related patches as they
conflicted with Asus's own changes. These might
make it back at a later time if deemed
necessary.
- REMOVED: Removed layer7 filtering support in Netfilter from
ARM devices due to compatibility issues (AC56,AC68)
- REMOVED: Removed IPsec support from ARM devices due to
compatibility issues (AC56, AC68)
374.43_2 (7-June-2014)
- FIXED: NTFS disks couldn't be mounted (Paragon driver not
loading due to a kernel change) (AC56, AC68)
374.43 (6-June-2014)
- NEW: User-configurable refresh period to trigger a DDNS
update after a certain number of days.
- CHANGED: dnsmasq option 252 now defaults to an empty string,
to silence broken clients such as Win7.
Important: if you were previously using a customized
252 reply (to use with a valid wpad/pac file), you
will need to use a postconf script to change the
default config instead of appending your own
config.
If you use DNS-based WPAD setting, you will need
to remove the 252 option using postconf, as IE will
not query for the DNS entry if there is a 252
option through DHCP, even if it fails to connect to it.
- CHANGED: Updated miniupnpd to 1.8.20140523.
- CHANGED: Updated openssl to 1.0.0m.
- CHANGED: More backports from OpenSSL 1.0.2, improving SHA
performance on ARM routers.
- CHANGED: The JFFS2 partition is now disabled by default after
a factory default reset.
- FIXED: Media server page wouldn't let you enable the iTunes
server unless you also enabled DLNA (Asus bug)
- FIXED: Restricted guests still had access to the router (Asus
bug introduced in GPL 4887)
- FIXED: 6in4 traffic wasn't bypassing CTF if dualwan mode was
either disabled or set to failover mode (AC56/AC68)
- FIXED: Single character workgroups were rejected as invalid
(Asus bug)
- FIXED: Networks with SSIDs containing single quotes
would break the client list (Asus bug)
- FIXED: Traffic Monitor results are wrong on PPPoE connections
(Asus bug) (Patch by pinwing, additional debugging
by fantom1)
- FIXED: Crash if entering close to 64 MACs plus their names on
the MAC filter page.
374.42_2 (16-May-2014)
- FIXED: Time Machine support (AC56, AC68)
374.42 (9-May-2014)
- NEW: Merged with Asus's 374_5656 GPL.
- NEW: Added Comodo Secure DNS to supported DNSFilter services
- FIXED: Download2 folder wasn't selectable anymore on the
Media Server page.
- FIXED: Pass correct valid and preferred lifetime to radvd when
using DHCPv6-PD (Patch by pinwing)
- FIXED: IPv6 connectivity could be lost after 1-2 hours due
to the time shift caused by NTP at boot time
(Patch by pinwing)
- FIXED: Various IPv6 connectivity issues related to services
being (re)started at the wrong time, or twice.
(Patch by pinwing)
- FIXED: Build system would sometime try to use the local system's
header/libs - use a pkg-config wrapper to avoid this
issue (Patch by ppuryear)
- FIXED: Erratic 5G led blinking behaviour as the watchdog's software-
based blinking was constantly writing to the wireless chip's
registers for led control. (AC68)
- FIXED: LEDs weren't all turning back on when coming out of
Stealth Mode (AC56)
- CHANGED: Make the router use dnsmasq for internal name
resolution rather than directly using the WAN DNS.
- CHANGED: Upgraded OpenVPN to 2.3.4.
- CHANGED: Upgraded miniupnpd to 1.8.20140422 (PCP-related fixes)
374.41 (18-Apr-2014)
- NEW: Merged with Asus's 374_5047 GPL. Notable changes:
* Fixed RT-AC68U random reboots
* Additionnal security fixes
* Improved Media server, SMB and FTP webui
* minidlna and radvd updates
- NEW: PCP support (Port Control Protocol)
- NEW: Option to allow/deny FTP access from WAN. Default is to
reject WAN connections. The option can be found on the
USB Servers -> FTP Share
- NEW: Option to control web redirection while Internet is
down (configurable on the WAN page).
- CHANGED: Upgraded miniupnpd to 1.8.20140401.
- CHANGED: Disk idle exclusion now supports up to 9 disks.
- FIXED: WOL wasn't working (Asus bug in 4887/5047)
- FIXED: Replaced webui glue with permanent concrete. It won't
fall again.
- FIXED: Language dropdown not properly shown with 8-bit
characters.
- FIXED: Comcast's IPv6 network would flood the LAN with
neighbour solicitation packets, which should normally
not cross beyond their modem. There is now an ip6tables
rule to filter out those packets, preventing your log
from being spammed with table overflows. The filter is
is enabled by default and can be disabled by setting the
"ipv6_neighsol_drop" nvram setting to "0". (rule suggested
by diplomat7)
- FIXED: EMF wasn't properly configured after wireless was
restarted (patch from Vahur)
- FIXED: Router crashing when more than around 30 static routes
were entered
- FIXED: webui would die for some users when accessing the VPN Server
config page and there were connected OpenVPN clients
- FIXED: Added missing iptables-save on ARM platform (AC56, AC68)
- FIXED: nvram factory default reset would sometime fail on MIPS
devices (N16, N66, AC66) (Patch by ryzhov_al)
- FIXED: Under a certain situation the router could lose track of
whether an OpenVPN server/client instance was running or not.
This could result in the webui trying to restart it, and
returning an error message because it was already running.
- REMOVED: The Media server database location is no longer
configurable, as we've switched to Asus's new
automatic location selection.
- REMOVED: Removed the Run Cmd page as it was a security
risk. This is also needed to keep in line with
recent security fixes Asus applied to the
httpd backend to limit what external processes
it can run, otherwise any malicious page could
run arbitrary commands on your router if you
were currently logged on a separate tab.
374.40 (6-March-2014)
- KNOWN ISSUE: Some people are experiencing random reboots
with the RT-AC68U running firmwares based on recent Asus GPL.
If you are are affected, please revert to 374.40 alpha4 for now.
Asus are looking into the issue, which affects this model since
374_4422.
- FIXED: Asuswrt was calling wl_defaults() every time the
wifi was restarted, causing Regulation Mode to be
overwritten. Now we force it to h mode if the
router model and region requires DFS compliance
(same as Asus's code, except we won't enforce
it to off in other scenarios, and will only do
so if it was previously set to off).
- FIXED: Advanced wireless page broken on Internet Explorer, due
to missing Array.IndexOf() support in IE (Asus bug)
- FIXED: Incorrect model detection prevented CPU temperature
from being shown on the Sysinfo page on the "R" SKUs.
374.40 Beta 2 (5-March-2014)
- FIXED: Numerous buffer overruns in networkmap that would result
in crashes or empty/incomplete device list. Was often
visible on networks hosting a Windows Home Server machine.
(Asus bug)
- FIXED: Site survey was reporting 5G as being disabled on RT-N16.
- FIXED: Various issues related to the helper.sh script for postconf
- FIXED: The OpenVPN instance wasn't restarted if it was currently
stopped due to a syntax error in its config and you had
just corrected it.
- FIXED: Restarting the wireless service would stop emf/igs snooping
until they were manually restarted/recconfigured. (Asus bug)
- FIXED: Channels above 153 were missing on 5 GHz band if width
is set to 40 MHz (Asus bug)
- FIXED: reg_mode was being enforced to "h" (EU region) or "off"
(others) since GPL 4422. We now stick again to what's
set in the webui by the end user.
- FIXED: Allow LAN traffic while dualwan mode is set to lb (issue
caused by the default policy fix in beta 1)
374.40 Beta 1 (1-March-2014)
- NEW: Merged with Asus's 374_4561 GPL. Notable changes:
* Various security-related fixes
* Redesigned Parental Control webui
* Notification in case of insecure configuration
- NEW: Added OpenDNS Family Shield support to DNSFilter
- NEW: Added support for up to three user-defined servers to DNSFilter
- NEW: Added option to force DNSfilter clients to always use the DNS
provided to them by the router's DHCP server (which will be
the router itself if you didn't change it on the DHCP
webui page)
- NEW: Option to disable the DHCP6 Server (code contributed by
kdarbyshirebryant)
- CHANGED: The RT-N66U is now compiled with EM enabled
by default. That means there will no longer be a separate
experimental build for this.
- CHANGED: Updated dropbear to 2014.63
- CHANGED: New type of glue for the webui header
- CHANGED: Switched to a shorter version numbering scheme
- FIXED: RT-N16 firmware (missing files were obtained from
the new GPL release Asus made for this model)
- FIXED: Last24 page wasn't properly displaying the
Avg value (regression in 374.39)
- FIXED: Clients with a configured IPv6 DNS would bypass
DNSFilter. DNSFilter-enabled clients will now
be prevented from using IPv6 nameservers, forcing
them through the (IPv4-only) filtering nameserver
- FIXED: DNSFilter clients set to "None" would still be
forced through your WAN-configured nameservers,
preventing nameservers configured on the clients
from working. Now they will fully ignore the DNSFilter
settings.
- FIXED: The global DNSFilter would sometime not get properly
configured in the firewall.
- FIXED: When the firewall was disabled, the FORWARD chain
policy was still left to "DROP" - changed to "ACCEPT".
- FIXED: typo in SMB config ("use spne go") (Asus bug)
- FIXED: PPPoE with an MTU of 1500 requires the WAN interface
to have its MTU set at 1508 (patch by pinwing)
- FIXED: IPv6 Prefix Delegation issues (patch by pinwing)
- FIXED: MTU setting on IPv6 connections (patch by pinwing)
3.0.0.4.374.39 (31-Jan-2014)
This version isn't available for the RT-N16 as support for the
SDK5 platform is currently broken in the latest GPL sources.
- NEW: Merged with Asus 374_583 GPL. Notable changes:
* USB hub support
- NEW: DNS-based filtering. Under Parental Control there is
now a new tab called DNS Filter where you can enable
a DNS-based filtering service, and apply a specific
filter both globally and on a per-client basis. Supported
are: OpenDNS, Norton Connect Safe and YandexDNS.
- NEW: helper.sh script, to simplify creation of postconf
scripts. See the postconf section for details.
- CHANGED: Discontinued SDK5 builds for the RT-N66U. The new EM
builds resolved wifi range issues by running the SDK6
driver set in Engineering Mode (driver provided by Asus).
Look in the Experimental folder for the EM build - it will
eventually become the standard build for the N66U once
it gets sufficiently tested. You might need to do a
factory default reset after switching to an EM build,
for best results.
- CHANGED: Re-switched back to rp-pppoe 3.11 since nobody confirmed
that 3.10 worked better for them.
- CHANGED: Allow PPPoE MTU up to 1500, for ISPs that support RFC 4638.
- CHANGED: Additional webui performance improvement by caching CSS.
- FIXED: DHCPv6 client failing to start if the router username was
changed from "admin" (Asus bug) (patch from Saintdev)
- FIXED: DHCPv6 client failing to request an IP with some ISPs
such as Comcast (Asus bug) (patch from Saintdev)