forked from pedro0311/freshtomato-arm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
2961 lines (2816 loc) · 185 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
===========================
FreshTomato-ARM Changelog
===========================
(for full changelog, see: https://bitbucket.org/pedro311/freshtomato-arm/src/arm-master/CHANGELOG)
2024.3 2024.08.04
---------------------------
- SDK7: allow to build images with older wl drivers (Year 2020 & 2021) - deault is current Year 2023 wl driver (no change) [M_ars]
- php: update to 8.3.9
- libjpeg-turbo: update to 3.0.3
- libxml2: update to 2.13.3
- sqlite: update to 3.46.0
- libcurl: update to 8.9.1
- libsodium: update to latest 1.0.20-stable
- nginx: update to 1.27.0
- e2fsprogs: update to 1.47.1
- pptpd: update to 1.5.0
- libnetfilter_conntrack: update to 1.0.9
- libnetfilter_log: update to 1.0.2
- libnetfilter_queue: update to 1.0.5
- conntrack-tools: update to 1.4.8
- openssl-3.0: update to 3.0.14
- meson: update to 1.5.1
- openvpn: update to 2.6.12
- wolfssl: update to 5.7.2-stable
- nano: update to 8.1
- nettle: update to 3.10
- miniupnpd: update to 2.3.7
- pcre2: update to 10.44
- lz4: update to 1.10.0
- dnscrypt-proxy: update to latest git (security fix, fix usage with latest libsodium, ref: https://github.com/dyne/dnscrypt-proxy)
- adminer: update to 4.8.4
- build: add OpenSSL 3.0.13 to the tree
- build: add OpenSSL 3.0.x recipes, add patches and update needed scripts
- build: switch to openssl 3.0
- build: add wolfSSL 5.7.0 to the tree
- build: wolfSSL: add recipe, needed patches and configuration
- build: add wolfssl support for mssl
- build: add wolfssl support for httpd
- build: add wolfssl support for mdu
- build: add wolfssl support for openvpn
- build: add wolfssl support for libcurl
- build: add wolfssl support for transmission
- build: add wolfssl support for nginx
- build: openvpn_plugin_auth_nvram: add wolfssl support
- build: compile nocat with glib2 instead of glib
- build: update libfoo.pl and Makefile to latest OpenSSL 3.0.x; also adapt libfoo.pl to be one version for ARM and MIPS - use it also on ARM
- build: Makefile: libnfnetlink: is only needed when target is built with CONNTRACK_TOOLS
- build: Makefile: libpcre2-posix: add library to image only for AIO target
- build: Makefile: libffi library is only needed when target is built with IRQBALANCE
- build: Makefile/www: tune openssl options
- build: Makefile: libevent: we don't need ssl here, so let's remove it from the recipe
- build: Makefile: libcurl: use default value for 'with-random'
- build: Makefile: libzip: do not add insecure support for in-php AES zip encryption
- build: Makefile: openssl: always compile with no-cms
- build: Makefile: openssl: always compile with no-ec2m
- build: Makefile: openvpn: disable unit tests (2.5, 2.6), add lz4 flags (2.5)
- build: Makefile: openvpn (2.5, 2.6): enable smaller executable size (disable OCC, usage message, and verb 4 parm list) for non-AIO MIPS targets
- build: openvpn (all): do not compile with lzo support (security)
- build: Makefile: php: remove curl support
- build: Makefile: tincd is now built using the shared liblz4 library
- build: Makefile: transmission: add gnu99 std to CFLAGS
- build: Makefile: do not compile lz4 for the smallest targets
- build: Makefile: use cmake for pcre2 recipe
- build: Makefile: use cmake in libxml2 recipe
- build: Makefile: libevent: only install shared library if target built with BBT or TOR
- build: remove unneeded libnetfilter_cttimeout package from the tree
- build: stubby: fix log level (see: https://www.linksysinfo.org/index.php?threads/stubby-doesnt-log.78729/)
- build: transmission: patches: add ARC4 implementation inside transmission, disable it in openssl
- build: transmission: patches: disable webseeding, it causes 100% CPU usage in certain situations; apply DSCP to UDP sockets too - backport patch from the upstream
- build: wolfssl: add patch to fix compilation of 5.7.2 on MIPS
- GUI: advanced-ctnf.asp: refined page layout [rs232]
- GUI: Basic: DDNS: move Service dropdown to top
- GUI: Basic: Network: only display the wireless connection (WAN) types that are available for a given branch (fix ARM #328)
- GUI: basic-network.asp: fix saving in case wl radio order is not ascending (ex. normal order wl0, wl1, wl2, ... ) [Version 2] [M_ars]
- GUI: Basic: Time: layout improvement and some renaming [rs232]
- GUI: QoS: Classification: Adaptation for CAKE [rs232]
- GUI: QoS: Classification: Display warning on the qos-classify page if classification has been nvram disabled, where QoS is enabled and set to HTB mode [rs232]
- GUI: QoS: Basic Settings: Cleaning and CAKE tweaking [rs232]
- GUI: Status: Overview: fix Signal Quality icon in wireless client mode
- GUI: Tools: Wireless Survey: Discouraging certain WiFi security protocols [rs232]
- GUI: Tools: Wireless Survey: Changed default table sorting by RSSI Descending (strongest to weakest) [rs232]
- GUI: Tools: Wireless Survey: Added SNR (Signal to Noise) to the table [rs232]
- GUI: Tools: Wireless Survey: added filter by frequency [rs232]
- GUI: VPN: Wireguard: fix layout for advanced themes
- adblock-v2: add internet connectivity test as a running condition [rs232]
- adblock-v2: use Internet test target from nvram mwan_chdst content if this contains any usable FQDN; if not default to google.com [rs232]
- adblock-v2: skip Internet test if no lists are defined (covers the case where domains are only defined locally) [rs232]
- adblock-v2: further improvement to the Internet test: running condition: also check if at least one list is enabled [rs232]
- httpd: openvpn.c: initialize buffer before use; also log static/dhparam key creation
- nvram_ops: add centralised console font & background color definition [rs232]
- nvram_ops: added ${reset} and corrected typo [rs232]
- rc: ddns.c: enable DDNS client 3 & 4
- rc: network.c: set the wireless virtual interface hwaddr according to nvram and wait up to 100 ms to check the result [M_ars]
- rc: nginx.c: fix permissions for socket in case when run as 'nobody'
- rc: nocat.c: touch lease file if it doesn't exist yet
- rc: nocat.c: Use BRIDGE_COUNT to iterate through the lans [lancethepants]
- rc: service.c: miniupnpd: follow changes in config naming, also change default upnp_ssdp_interval to 900s
- rc: services.c: stop_services(): do not stop ntpd during router restart/upgrade
- rom: remove authorityKeyIdentifier from the Server cert generation [lancethepants]
- rom: also remove authorityKeyIdentifier for usr_cert [lancethepants]
- rom: update CA bundle to 2024-07-02
- transmission: dht: fix incorrect handling of want in find_closest_nodes
- www: add rel version to each .js script call
- www: add rel version to each .jsz script call
- www: add rel version to each .css script call
- www: advanced-ctnf.asp: fix appearance on advanced themes
- www: basic-ddns.asp: fix availability of external IP checker when using WET/Media Bridge/etc WAN mode
- www: tomato.css: tweaks centrally indent 1 & 2 (no need to add manually indent: 2 to every page now) and adds options for indent 3 & 4 [rs232]
- www: Makefile: fix display of QR Code when image is build without wireguard
2024.2 2024.05.19
---------------------------
- SDK: nand: Adjust/fix Winbond manufacturer ID
- SDK: small update for Broadcom 53xx RoboSwitch device driver
- SDK: bcmrobo.c: simplify Switch Register Access Bridge Registers SRAB_ENAB()
- SDK6: update PCI-Express driver
- kernel: mtd: nand: add Macronix manufacturer
- kernel: mtd: nand: Add Winbond manufacturer
- toolchain: refresh toolchain on Debian 12 with newer version of gmp, m4 and mpfr
- zlib: update to 1.3.1
- libcurl: update to 8.7.1
- libpng: update to 1.6.43
- libxml2: update to 2.12.6
- tinc: update to d9e42fa (2024-04-07) snapshot
- dnsmasq: update to b8ff4bb (2024-02-22) snapshot
- expat: update to 2.6.2
- busybox: updates from the upstream
- spawn-fcgi: update to 1.6.5
- php: update to 8.3.6
- nginx: update to 1.26.0
- meson: update to 1.4.0
- libffi: update to 3.4.6
- openvpn: update to 2.6.10
- tor: update to 0.4.7.16 - the last one that actually compiles on our ancient toolset
- sqlite: update to 3.45.3
- irqbalance: update to 1.9.4
- gettext-tiny: update to 86d9b99 (2024-01-21) snapshot
- miniupnpd: update to 2.3.6
- dropbear: update to 2024.85
- libcap-ng: update to 0.8.5
- libsodium: update to latest 1.0.19-stable
- util-linux: update to 2.39.4
- build: add Netgear EX7000 support [WIP]
- build: Makefile: use libzip for php compilation
- build: Makefile: tune libcurl recipe (remove not used stuff - smaller size)
- build: Makefile: tune apcupsd recipe (smaller size)
- build: Makefile: mysql: at last build it with system zlib; do not waste time for mysql-test, support-files, sql-bench and man subdirs
- build: Makefile: minidlna: disable NLS support
- build: Makefile: clean more targets before every compilation
- build: Makefile: util-linux: disable nls
- build: switch to php-8.3.1
- build: add pcre2-10.37 to the tree
- build: update glib to 2.74.7 with openwrt patches; add/change recipes; integrate updated/added glib and pcre2
- build: add haveged-1.9.18 to the tree
- build: implement haveged
- build: add TOR again to the o (Custom) target
- build: Update Dockerfile to Debian 12
- GUI: Administration: Admin Access: exclude ports 80 and 443 for remote GUI access for security reasons
- GUI: Administration: Admin Access: fix preparing url of redirect page in case of remote connection
- GUI: admin-access.asp - Add option to enable/disable httpd listening on IPv6 and VLAN interfaces
- GUI: basic-network.asp - fix saving in case wl radio order is not ascending (ex. normal order wl0, wl1, wl2, ... )
- GUI: tools-survey.asp - fix Wireless Site Survey if SSID contains a single quote (fix #323)
- GUI: VPN: OpenVPN Client: add note about strict Kill Switch
- GUI: Status: Overview: fix Watchdog status display
- GUI: USB and NAS: Media Server: fix behaviour of the LAN boxes
- busybox: always add flock applet
- DHCPC: optionally prevent classless routes. Since this is used for iptv it cannot be disabled by default; recommended to turn it off when not using iptv, see CVE-2024-3661
- getdns: fix for broken trust anchor files are silently ignored
- openssl-1.1: add patches for CVE-2023-5678 and CVE-2024-0727
- php8: use php-fpm instead of spawn-fcgi
- udpxy: Fixed uninitialized source address
- DDNS: multiWAN aware (fix #65)
- ddns: increase the number of errors allowed before entering standby from 3 to 10
- discobery.sh: supports for any CIDR (no dependency to /24 any more) - network and broadcast IPs are now always excluded from the polling - works when brX IP address is not the first in the subnet
- httpd: config.c: do not close temp file created by mkstemp before using it
- httpd: upgrade.c: use mkstemp instead of dangerous mktemp; check for available memory first; correct argument in waitpid(); fix a few other issues
- httpd: etherstates - detect port info in one sscanf
- httpd: httpd.c - fix/add IPv6 listeners for MultiLAN setups (do not try to add IPv4 listeners twice)
- httpd: devlist.c: Loop through dhcp enabled interfaces using BRIDGE_COUNT
- httpd: wl.c - Add central channel for future updates to the GUI Wireless Survey
- httpd: wl.c - Add 802.11N+AC BSS capabilities for future updates to the GUI Wireless Survey
- mdu: in case of curl, also use a while loop to use more than one IP checker during a failed host check
- mdu: use getaddrinfo instead of the deprecated gethostbyname when building without libcurl
- mdu: also test for IP change if "Force next update" is checked
- mdu: support special case, when ifname is set to 'none' or proto is 'disabled' - use default WAN
- mdu: remove ieserver.net from the list of available services (down)
- mdu: remove DyNS from the list of available services (down)
- nvram: fix behavior of 'convert' option
- ntpd: try to monitor and restart it when it dies or doesn't start at all
- others: sysinfo: fix WL adapter name for 3rd wireless
- others: improve cru locking to prevent concurrent updates
- others: switch4: fix PIN status recognition on some modems
- others: switch4g: correct checking of CPIN status
- others: switch3g: fix PIN checker
- patches: nginx: fix little endian recognition, solve other issues
- rc: always enable 3G modem support and remove that option from the GUI
- rc: arpbind.c: stop_arpbind(): Skip header of /proc/net/arp
- rc: buttons.c: Limit WLAN button maximum duration to 120 seconds
- rc: bwlimit.c: refactor code to loop using BRIDGE_COUNT
- rc: firewall.c: fix remote administration (www/ssh) when DMZ is enabled
- rc: firewall.c: Use BRIDGE_COUNT to iterate throuh interfaces
- rc: ftpd.c: close fp before bailing when f fails to open
- rc: init.c: do not run remove_usb_module() [remove_usb_all_modules() now] on halt/reboot; some changes in order of removed services
- rc: nfs.c: Also free(buf) when returning on failed fopen
- rc: nginx.c: always try to kill php-cgi at nginx stop
- rc: openvpn.c: start_ovpn_client(): Initialize route_mode variable
- rc: services.c: start_ipv6_tunnel(): Fix undefined behavior in snprintf
- rc: services.s: use get_wanface() to properly check WAN ifaces in generate_mdns_config()
- rc: services.c: block Apple private relay
- rc: tor.c: refactor code to loop using BRIDGE_COUNT
- rc: usb.c: do not run remove_usb_modem_modules() by default - it may cause kernel panic (at least on MIPS RT-AC), enable it by setting 'remove_modem_modules' nvram variable
- rc: wan.c: restart DDNS not only on primary WAN
- rom: update CA bundle to 2024-03-11
- www: advanced-vlan.asp: wipe out relevant fields for inactive or just disabled WAN - needed in various places for the proper operation of FW
- www: advanced-vlan.asp: after editing, just reset mwan_num to 1 to avoid problems
- www: adminer.php: fix error message "Trying to access array offset on null" on php 8
- www: basic-time.asp: Show ntp info
- www: qos-{ctrate,qos-detailed}: Additional filter options
- www: tools-survey.asp - v1.01 - 11/05/24 - rs232
- Asus RT-AC5300: allow to disable/shut down broken wireless radios
2024.1 2024.02.14
---------------------------
- kernel: wireguard: update module to 1.0.20220627
- dnsmasq: update to aa9e965 (2024-01-21) snapshot
- libcurl: update to 8.5.0
- libcap-ng: update to 0.8.4
- libpng: update to 1.6.41
- libjpeg-turbo: update to 3.0.2
- libid3tag: update to 0.16.3
- dropbear: update to 41a6abc (2023-12-31) snapshot
- miniupnpd: update to 2.3.4
- ntfs-3g: update to 75dcdc2 (2023-06-13) snapshot
- busybox: updates from the upstream
- wsdd2: update from the upstream
- uqmi: update to c3488b8 (2024-01-16) snapshot
- sqlite: update to 3.45.1
- libxml2: update to 2.12.4
- libsodium: update to latest 1.0.19-stable
- wireguard-tools: update to 1.0.20210914
- libubox: update to 6339204 (2023-12-18) snapshot
- build: Makefile: fix libcurl issue with http auth
- build: Makefile: fix compilation on Debian 12
- build: kernel: fix kernel warnings at generated shared_ksyms.c
- build: Makefile: on %-clean, do not forget to remove staged dirs
- GUI: advanced-wireless.asp - add Inactivity Timer option for Media Bridge Mode (60 up to 3600 sec)
- GUI: VPN: Tinc: tune a little status page
- mdu: use libcurl for all ARM images
- mwwatchdog: tune cktracert() checker once again - it needs max hop value set to ~10
- rc: snmpd.c: log start/stop events
- rc: restrict.c: web netfilter module not supported for IPv6 on arm
- switch4g/wwansignal: add timeouts to uqmi calls
- wireguard: wg-quick: fix syntax error (see: https://www.linksysinfo.org/index.php?threads/wireguard-on-freshtomato.76295/page-19#post-347565)
- wireguard: working (finally) GUI, firewall, etc for Internal type connections (external to the provider will be added [probably] in the next release)
- www: tomato.js: restore compatibility with older browsers
- www: tools-shell.asp: switch to our addEvent() function for better compatibility
2023.5 2023.12.21
---------------------------
- iperf: update to 3.15
- openssl-1.1: update to 1.1.1w
- libcurl: update to 8.4.0
- dnsmasq: update to cd4db82 (2023-11-30) snapshot
- libsodium: update to latest 1.0.19-stable
- sqlite: update to 3.44.2
- libjpeg-turbo: update to 3.0.1
- nginx: update to 1.25.3
- uqmi: update to eea2924 (2023-10-28) snapshot
- openvpn: update to 2.6.8
- irqbalance: update to 1.9.3
- libxml2: update to 2.11.6
- util-linux: update to 2.39.3
- add initial Netgear R6200v2 router support
- build: Makefile: shrink again AIO_Lite target (remove ZFS, SNMP and NANO)
- build: rename TCONFIG_TUXERA_HFS symbol to TCONFIG_TUX_HFS to avoid problems when building without it; cosmetic
- build: Makefile: shrink r1do target (remove BTCLIENT and TR_EXTRAS)
- build: add fsck.* symlinks for ntfs and zfs
- build: Makefile: align the images filename for each release to contain the relevant ARM version in the filename
- build: Makefile: init files don't have to contain openssl, openvpn, or proxy
- build: Makefile: split into different files for easier maintenance; tune a little versioning
- build: Makefile: compile rp-pppoe and pppd with -Os (for small images) or -O2 flag (other images like VPN, AIO, AIO_Lite, Mega)
- build: Makefile: compile OpenVPN using -O2 flag (for ARM branch)
- build: Makefile: add NANO instead of UPS in AIO_Lite target (y)
- build: fix zfs python minor version detection
- build: Makefile: fix pcre-install recipe
- build: Makefile: fix php recipe - build it with our pcre and also correct libjpeg-turbo support
- busybox: add lsof applet to images
- BSD (wireless band steering): add bsd nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- dropbear: fix CVE-2023-36328
- GUI: basic-network.asp - allow Group Key Renewal from 0 (disabled) up to 30 days (2592000 sec)
- GUI: Status: Device List: add Wake on LAN for Media icon
- GUI: add an optional 'toggle to dark' switch
- GUI: Advanced: Routing: allow to add 'default' as a Destination (fix #301)
- GUI: Status: Overview: count reclaimable slab memory as a free memory (according to 'free')
- GUI: Port Forwarding: Basic/Basic IPv6/Triggered: fix tables width in Advanced themes and some html/css inconsistency; cosmetic
- GUI: Port Forwarding: Basic: sort "Src Address" and Int Address" columns by text like on Basic IPv6
- httpd: openvpn.c: remove the status from the generated OpenVPN client configuration - this may cause problems in some cases
- Media Bridge Mode (SDK6/SDK7/SDK714): reinitialize wl radio in case of connectivity loss (v2)
- nvram: add possibility to convert config backup file to readable nvram text file
- others: mwwatchdog: tune cktracert() a little
- rc: services.c: start rstats/cstats later and stop them earlier (should fix #213)
- rc/httpd: use tomato_version variable instead of nvram 'os_version'
- rc: Drastically improve slow boot times caused by USB mass storage
- rom: update CA bundle to 2023-12-12
- switch4g: add more complex PIN check for QMI modems; also some more fixes
- switch4g: do not use setpin.gcom script from gcom (comgt) package
- wanuptime: improve buffer validation (snprintf/strlcpy)
- WET / Media Bridge Mode: allow to use/enable Debug Mode for dnsmasq (via advanced-dhcpdns.asp)
- WET / Media Bridge Mode: allow to use/enable Adblock feature
- www: status-data.jsx: fix a small bug in displaying DNS addresses
- www: admin-iptraffic.asp: restart the firewall when enabling/disabling cstats
- www: status-data.jsx: DNS: make message about used DNS more precise
- www: wireguard GUI and wg-quick script
2023.4 2023.09.10
---------------------------
- kernel: drivers: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
- SDK6: update wireless driver (dual core)
- SDK714: update wireless driver
- SDK5 (USBAP only): Speed up boot-up time (only cosmstic in this case / for documentation)
- SDK7: Speed up boot-up time (~round about 23 sec) (and align to SDK714)
- libsodium: update to latest 1.0.18-stable
- minidlna: update to 1.3.3
- libcurl: update to 8.2.1
- tor: update to 0.4.7.14
- iperf: update to 3.14
- libjpeg-turbo: update to 3.0.0
- rom: update CA bundle to 2023-08-22
- gmp: update to 6.3.0
- libjson-c: update to 0.17-20230812
- nginx: update to 1.25.2
- sqlite: update to 3.43.0
- libxml2: update to 2.11.5
- openssl: update to 1.1.1v
- zlib: update to 1.3
- libpng: update to 1.6.40
- snmp: update to 5.9.4
- flac: update to 1.4.3
- openvpn: update to 2.6.6
- util-linux: update to 2.39.2
- dnsmasq: update to 3b5ddf3 (2023-09-02) snapshot
- ffmepg: update to 0.11.5 (resolves ARM #239)
- libffi: update to 3.4.4
- build: Makefile: compile Tenda N60 (n60) without PROXY enabled to save space
- build: get rid of pdureader - full of bugs, it's enough that comgt has its issues
- build: Makefile: compile rp-pppoe and pppd with -Os flag only if we need smaller image (ie. for 4MB routers)
- build: Makefile: compile openssl-1.1 with -Os flag only if we need smaller images (example for 4 or 8 MByte routers) - arm branch/mips MEGA & AIO will use O3
- build: Makefile: add target AIO_Lite (y) for some routers with insufficient flash size
- build: Makefile: add stubby to target e (VPN) instead of little used conntrack tools and mdns
- build: Makefile: add target VPN for Netgear Router Group AC1450, R6300v2, R6250
- build: Makefile: glib2: use already compiled pcre (in case of TCONFIG_NGINX) not the one embedded in glib2
- Adblock (DNS filtering): remove default domain blacklist URLs and save NVRAM space for all routers (no matter if 32, 64 or 128 KB)
- dnsmasq: set the default maximum DNS UDP packet size to 1232
- IPv6: show option6 dns-server (RDNSS) (GUI: advanced-dhcpdns.asp)
- Media Bridge Mode (SDK6/SDK7/SDK714): add ARPING (default 180 sec cycle) and improve stability
- mdu: fix Cloudflare DDNS when using curl (resolves ARM #292)
- QoS: remove default Outbound Direction configuration and save NVRAM space for all routers (no matter if 32, 64 or 128 KB)
- GUI: Administration: Access: move "Remote Web Port Protection" to "Admin Restrictions" section; also enable it by default
- GUI: Administration: Bandwidth Monitoring: add current date/router model/FW version to backup file
- GUI: Administration: IP Traffic Monitoring: add current date/router model/FW version to backup file
- GUI: Advanced: DHCP/DNS/TFTP: Add option to Show/Hide Stubby's resolvers
- GUI: Advanced: DHCP/DNS/TFTP: hide 'IPv6 DNS Server' forms when IPv6 is disabled
- GUI: Advanced: DHCP/DNS/TFTP: hide the rest of IPv6 options if IPv6 is disabled
- GUI: Status: Overview: add current operator to WWAN Modem Status also for QMI modems
- GUI: Advanced: DHCP/DNS/TFTP: hide "DHCP IPv6 lease time" options in case DHCPv6 PD
- GUI: USB and NAS: Media Server: fix correct port in status window link when using minidlna with random port
- GUI: Status: Overview: do not display days if they are equal to zero
- GUI: basic-ddns.asp - provide an additional variable for the IPv6 address in custom URLs for DDNS
- Revert "rc: services.c: start_ntpd(): run ntpd at high priority"
- httpd: improve buffer validation (strlcpy)
- httpd: iperf.c: sanitize host name
- others: wwansignal: start querying the modem only if the DIAGS file exists (it means that modem is detected with diags and probably already connected)
- others: switch4g: fix listing TTYs in QMI mode
- others: switch4g: extend waiting time for modem switching and its redetection
- others: use shorter /dev/null redirection
- others: rename watchdog script to mwwatchdog to avoid confusion with the busybox applet
- rc: dhcp.c - adjust/improve bound event and avoid memory sharing issues
- rc: ftpd.c: Change the default ftpd admin login to 'root' to be consistent with the default router login
- rc: dhcp.c - adjust renew event and do not restart dnsmasq for WAN side route changes (resolves ARM #287)
- rc: init.c: remove "os_name" from nvram
- rc: ppp.c - adjust/improve code to avoid memory sharing issues
- rc: services.c: dnscrypt-proxy: in case of EDNS packet size is set lower than 1252 in dnsmasq, set it also here
- rc: services.c: we don't need extra logging when minidlna logs to syslog
- rc: wan.c - adjust/improve code to avoid memory sharing issues (+add some more comments)
- rom: Makefile: Escape single quotes (') in dnscrypt-resolvers.csv
- switch4g: move cdc_ether module to the end of the list
- Wireless Survey: optimize code for wl survey (GUI: tools-survey) - Part 2
- wsdd2: Update patch with new location of smb.conf
- WWAN: improve display of SINR values for QMI modems
- www: advanced-dhcpdns.asp: remove dupe from Notes section
- www: advanced-vlan-r1.asp: add modification to enable Native VLAN support (allow one untagged vlan per port) by default
- www: tomato.js: allow to use onclick in elements (appended after verifyFields() essentially) created by the createFieldsTable() function
2023.3 2023.06.25
---------------------------
- kernel: usbnet: optimize usbnet_bh() to reduce CPU load
- busybox: update to 1.36.1
- openvpn: update to 2.6.5
- libcurl: update to 8.1.2
- sqlite: update to 3.42.0
- libxml2: update to 2.11.4
- nginx: update to 1.25.1
- openssl-1.1: update to 1.1.1u
- libsodium: update to latest 1.0.18-stable
- libubox: update to 75a3b87 (2023-05-23) snapshot
- dnsmasq: update to 9bbf098 (2023-05-26) snapshot
- nettle: update to 3.9.1
- util-linux: update to 2.39
- libusb: update to d5bb64b (2020-01-24) snapshot
- adblock v2: update to 2.72b
- dhcp6c: add signal handling of SIGINT and fflush
- getdns/stubby: fix the IP of one of the OpenDNS servers
- stubby: add getdnsapi.net DNS to the resolver list
- stubby: remove Surfnet/Sinodun DNS from the list - it doesn't work anymore (resolves #279)
- rstats (Bandwidth Monitoring): add rstats nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- cstats (IP Traffic Monitoring): add cstats nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- FTP Server: add ftp nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- SNMP: add snmp nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- UPnP: add upnp nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- httpd: improve buffer handling
- httpd: increase buffer for get_wl_tempsense(); also use proper site_t buffer in snprintf
- shared/rc/httpd: improve buffer validation (strlcat_r)
- bsd/eapd/wlconf: fix build break (strlcat_r)
- mdu: fix compilation in case if built without libcurl; avoid compiler warnings
- mdu: fix segfault in curl_headers() when adding more than one header at a time
- mdu: add addtional headers for wget()
- mdu: fix basic auth in update_wget() when built with libcurl
- mdu: mdu.c: improve buffer handling
- mdu: allow the user to specify a custom polling period for External IP address checker
- mdu: rewrite the part responsible for obtaining the external IP address
- GUI: Basic: DHCP Reservation: properly initialize 'Static lease time' on page load
- GUI: admin-iptraffic.asp - add note about IPv4 only (no support for IPv6)
- GUI: advanced-wireless.asp - add Optimized for Xbox option
- GUI: Advanced: DHCP/DNS/TFTP: allow to ignore DHCP requests from unknown devices on each bridge individually
- GUI: Basic: Network: fix visibility of 'AP MAC Address to connect' option
- GUI: bwlimit.asp - add checks for Multi-LAN setups
- GUI: Basic: DDNS Client: use ajax to refresh info on page
- GUI: VPN Tunneling: OpenVPN Client: Routing Policy: add more thorough domain validation (resolves #285)
- shared: misc.c: get_dns(): really add received DNS servers to the static DNS server list
- Revert "rp-pppoe: update to 3c0f6c02 (2023-02-08) snapshot"
- rc: init.c: fix restart of some services when using SIGHUP on init (resolves #284)
- rc: transmission.c: fix port forwarding for IPv6
- rc: wan.c: fix restart of some services in WET mode
- rc: do not waste time and resources if IPv6 is disabled
- rc: jffs2.c - do not delete (automatically) jffs if mounting fails (show error only)
- rc: ddns.c: distinguish addrcache and dump file depending on the unit number
- rc: ftpd.c: fix bug where in some cases FW rules to open WAN port were not removed
- rc: nginx.c: fix bug where in some cases FW rule to open WAN port was not removed
- rc: mysql.c: Fix copying adminer.php to nginx_docroot
- rom: update CA bundle to 2023-05-30
- WL (SDK6 and up!): show & provide all valid WiFi 5 (AC / 80 MHz) control channels (lower-lower [LL], lower-upper [LU], upper-lower [UL], upper-upper [UU])
- Linksys EA6200: fix wl config (nvram wl0_nband) - 5 GHz radio first
- Belkin F9K1113v2: fix wl config (nvram wl0_nband) - 5 GHz radio first
- Xiaomi MiWiFi: fix wl config (nvram wl0_nband) - 5 GHz radio first
2023.2 2023.03.18
---------------------------
- kernel: net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem
- kernel: net: usb: rndis_host: Secure rndis_query check against int overflow
- SDK6: update wireless driver (dual core)
- WL Client / Media Bridge / Wireless Ethernet Bridge: add AP MAC (xx:xx:xx:xx:xx:xx) to scan and join (--> try to connect to that specific MAC with SSID "ABCDEF")
- libcurl: update to 7.88.1
- libjpeg-turbo: update to 2.1.5.1
- libsodium: update to latest 1.0.18-stable
- miniupnpd: update to 2.3.3
- rp-pppoe: update to 3c0f6c02 (2023-02-08) snapshot
- sqlite: update to 3.41.1
- e2fsprogs: update to 1.47.0
- openvpn: update to 2.6.1
- dnscrypt-proxy: update resolvers csv file
- adblock v2: update to 2.71u
- rom: update CA bundle to 2023-01-10
- dnsmasq: add safe-mode + TFTP (resolves #263)
- build: scripts: added PATH directive to avoid conflicts with entware/optware
- build: Makefile: r1do (Xiaomi R1D): do not build with IRQBALANCE due to too large image size
- GUI: vpn-server.asp: corrected "Uncrypted" for "Unencrypted"
- GUI: VPN Tunneling: add Wireguard page (for now only with link to the wiki howto)
- GUI: DHCP / DNS / TFTP: clean-up
- Revert "GUI: add new default theme"
- others: entware-install-MIPS.sh: use the full path when calling programs
- rc: fix logdrop bevaviour (if enabled)
- rc: transmission.c: fix port forwarding (UDP) (resolves #270)
- rc: transmission.c: revert changes from 4c4f653 - everything works just fine
- rc: wan.c: fix commit 80a7e66 (resolves #275)
2023.1 2023.02.17
---------------------------
- kernel: usb: update ch341 driver
- SDK6: rename all images from "XXX-ARM-NG-YYY" to "XXX-ARM-YYY"
- SDK7/SDK714: update wireless driver
- busybox: update to 1.36.0
- libpng: update to 1.6.39
- libsodium: update to latest 1.0.18-stable
- nano: update to 7.2
- tor: update to 0.4.7.13
- nginx: update to 1.23.3
- ffmpeg: update to 0.7.17
- libjpeg-turbo: add clean sources of 2.1.4
- dropbear: updates from the upstream
- sqlite: update to 3.40.1
- pppd: update to 2.4.9
- adblock: update to 2.71e
- libcurl: update to 7.87.0
- e2fsprogs: update to 1.46.6; remove no more needed patch
- getdns: update to 1.7.3; refresh patches
- libubox: update to eac92a4 (2023-01-03) snapshot
- miniupnpd: update to 2.3.2; refresh patches
- libncurses: update to 6.4
- OpenVPN: update to 2.6.0; fix recipes
- dnsmasq: update to 2.89
- openssl-1.1: update to 1.1.1t
- build: add libcap-ng 0.8.3 to the tree, required by OpenVPN 2.6
- build: Makefile: libcap-ng: add recipe
- build: add recipes and integrate with libjpeg-turbo
- build: remove no more needed jpeg package from the tree
- GUI: add "Scroll to bottom" also at the bottom of the status-log page
- GUI: adjusting "Refresh Every" to "One off"
- GUI: Advanced: Firewall: add note about custom config file for igmpproxy
- GUI: advanced-wireless.asp - remove afterburner option (for SDK6 and up!)
- GUI: advanced-wireless.asp - adjust TurboQAM / NitroQAM label (New: Modulation Scheme)
- GUI: USB and NAS: BitTorrent Client: extend character limit on the input field for blocklist url to 256 (resolves #269)
- GUI: USB and NAS: Media Server: fixes/improvements (resolves #243)
- GUI: USB and NAS: File Sharing: use checkboxes to select interfaces; also change location of samba configuration file (/etc/samba/smb.conf)
- Media Bridge Mode (SDK6/SDK7/SDK714): add & set inactivity timer value to 0 [disabled] (wl driver default is: 600 sec)
- minidlna: use syslog instead of a log file; added as a patch
- others: Makefile: also add ntp2ip script when image is built with dnscrypt-proxy but without stubby
- rc: openvpn.c: remove ignoring directives for IPv6 for OpenVPN client (resolves #268)
- rc: samba.c: correct 'server string' (resolves #188)
- rc: services.c: start_media_server(): correct friendly_name, album_art_names; add model_name
- rc: service.c: start_upnp(): correct friendly_name
- rc: transmission.c: only add bind to generated config if it's not already added in custom config (resolves #265)
- www: tomato.js: allow the hostname to be all digits as per RFC
- www: add new favicon (thanks @rs232)
2022.7 2022.12.20
---------------------------
Note: the upgrade is highly recommended for users using Routing Policy in the OpenVPN client due to a major issue related to it.
- kernel (all): updates/fixes from the upstream
- SDK7: small update for pcie and adjust commit 286447b244974a3beb40b37e
- busybox: update to 1.35.0
- dropbear: update to 2022.83
- tor: update to 0.4.7.11
- zlib: update to 1.2.13
- xl2tpd: update to 1.3.18
- sqlite: update to 3.40.0
- libpng: update to 1.6.38
- nano: update to 7.0
- minidlna: update to 1.3.2; refresh patches, remove no more needed
- dnsmasq: update to v2.88
- build: Makefile: fix compilation in case if minidlna is built as static
- build: kernel (all): enable compilation of ch341 usb driver
- GUI: Status: Overview: fix Signal Quality icon in wireless client mode when RSSI is equal zero
- GUI: Basic: Time: add option to serve also NTP on the WAN (resolves #234)
- GUI: VPN Tunneling: Tinc Daemon: better format Tinc output in Advanced themes
- GUI: Administration: TomatoAnon: grammar fix (resolves #260)
- GUI: Status: Device List: add frequency to Moise Floor interfaces list
- busybox: awk: fix use after free (CVE-2022-30065)
- dropbear: disable DSS key support
- dropbear: use Os flag for Libtommath and smallest targets
- e2fsprogs: add two patches from openwrt
- httpd/mssl: add support of elliptic curves in mssl_cert_key_match (resolves #250)
- httpd: switch self-signed certificate from RSA to ECC
- rc: adjust start/stop of miniupnpd
- rc: adjust/add stop for miniupnp in case of single-wan
- rc: firewall: move ftpd FW rules (remote access/ftplimit) to ftpd.c script
- rc: interface.c: log errors only on failed interface addition
- rc: nocat.c: only run start_wan() if nocat was really started
- rc: openvpn.c: check first if firewall script is executable
- rc: openvpn.c: workaround for problems when adding iptables rules
- rc: rc.c: run_del_firewall_script(): correct temp file permissions
- rc: services.c: start_igmp_proxy(): drop privileges after startup
- rc: services.c: improve buffer handling
- rc: services.c: exec_service: do not re-use buffer
- rc: services.c: do_service(): increase waiting time (from 15 to 20 secs), because almost all services are now serialized when started/stopped; more verbose logging
- rc: services: move ftpd support to outer file
- rc: wan.c: restarting httpd service here is completely redundant
- rc: telssh.c: avoid problems while starting/stopping in the GUI (and also in other cases)
- stubby: add Mullvad DNS to the list (resolves #233)
- router: shared: cache the model detection result for safe multiple use
- Netgear R7900 / R8000: help arm issue #258
- Netgear ARM Router Family: set cal data for wl radios and improve wl performance (get infos at board_data --> router specifc)
2022.6 2022.11.06
---------------------------
- SDK714: initial commit
- SDK714: update to 2022 (from 2018)
- libcurl: update to 7.86.0
- nano: update to 6.4
- nettle: update to 3.8.1
- sqlite: update to 3.39.4
- tor: update to 0.4.7.10
- dnsmasq: update to 2.87 final
- tinc: update to the latest commit. 4c6a9a9; update to meson build system. Add lz4 support to tinc
- dnscrypt-proxy: update resolvers csv file
- getdns: update to 1.7.2
- openssl-1.1: update to 1.1.1s
- igmpproxy: update to 0.4
- libsodium: update to latest version of 1.0.18-stable
- nginx: update to 1.23.2
- ntfs-3g: update to 2022.10.3
- miniupnpd: update to 2.3.1
- openvpn: update to 2.5.8
- flac: update to 1.4.2
- libxml2: update to 2.10.3
- libcurl: update CA certificate bundle as of 2022-10-11
- meson: add clean source for version 0.63.0
- lz4: add clean source for version 1.9.3
- lz4: update to 1.9.4
- util-linux: update to 2.38.1
- irqbalance: update to 1.9.2
- zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)
- zlib: backport null dereference fix
- nocat: import some patches found in debian
- SDK7: check wireless driver max client tuneable value
- build: add Asus RT-AC5300 support
- build: add Asus RT-AC3100 support
- build: add Asus RT-AC88U support (only 4 LAN + 1 WAN port)
- build: merge all branches together
- build: sync up DockerFile to current build process
- build: samba3: update Makefile; in ARM we have already realpath() with support for NULL argument. So change that option
- build: SDK6/7: clean-up flags for Tri-Band router
- build: Netgear R7900 / R8000: build image without TRX KEY
- GUI: advanced-misc.asp - Make it possible to save settings without rebooting
- GUI: Wireless Survey: check for Channel Spec BW 160 / 8080 MHz (SDK6 and up)
- GUI: VPN Tunneling: Tinc Daemon: fix javascript error
- GUI: NAS: Media Server: fix allowed port range
- GUI: Basic: Network: remove unnecessary javascript alert
- GUI: move IPSec Passthrough from Firewall to Conntrack/Netfilter
- GUI: Advanced: Routing: increase route metric limit from 10 to 4294967295
- GUI: Status: Overview: add link to DHCP/DNS page when using stubby/dnscrypt-proxy
- GUI: basic-ddns.asp - do not show the DDNS password (resolves #202)
- GUI: basic-network.asp - Option: Automatic IP --> give some more Infos to the FT user about changing IP address (DHCP client on/off)
- GUI: fix start/stop button behaviour, when there is an error in config file
- GUI: add new default theme
- GUI: USB and NAS: Media Server: fix the operation of the 'Rescan on the next run' button
- GUI: Administration: Admin Access: add 'Notes' section about dropbear additional configuration files
- GUI: Status: Overview: add current operator to WWAN Modem Status
- Access Point Mode / WET / Media Bridge Mode: Allow to obtain a LAN IP via DHCP
- firewall: check GUI IPSec config first (small fix for operator priority)
- httpd: misc.c: asp_notice(): sanitize file name
- httpd: log.c: wo_viewlog(): sanitize search string more aggressively
- IPv6: add/use function to extract prefix from configured IPv6 address
- nvram: remove no more needed variables (dhcp_start, dhcp_num)
- Revert "GUI: Advanced: DHCP / DNS Client: remove 'Reduce packet size' option - no more available in udhcpc from busybox"; 'Reduce packet size' option is available via patch!
- rc: firewall: move nginx FW rules (remote access) to nginx.c script
- rc: openvpn.c: rewrite openvpn FW rules
- rc: tinc.c: rewrite tinc FW rules
- rc: transmission.c: rewrite transmission FW rules and watchdog script
- rc: mysql: rewrite, to get rid of shell scripts
- rc: pptpd.c: rewrite pptpd FW rules
- rc/shared: introduce and use killall_and_waitpid()
- rc: tune stop_stubby function
- rc: fix call to restart_nas_services() - to restart it needs stop/start, not only start
- watchdog: use 1.1.1.1 as a 2nd target instead of microsoft.com
- www: tools-qr.asp: fix bug when certain characters are in ssid or PSK
- www: status-log.asp: add maxlength to find input element
- Netgear R6400 (v1) / R6400v2 / R6700v3 / XR300 : fix USB Power supply in some cases (cfe/board_data dependency) - fixes #244
- Dlink DIR868L: fix USB Power supply in some cases (cfe/board_data dependency)
- Wireless Ethernet Bridge Mode: Block all IPv6 traffic to avoid wl driver crash in some cases (only arm)
2022.5 2022.08.06
---------------------------
Note: mainly bugfixes release.
- nginx: update to 1.23.1
- sqlite: update to 3.39.2
- meson: add clean source for version 0.63.0
- meson: add arm-cross.txt file
- lz4: add clean source for version 1.9.3
- tinc: update to meson build system. Add lz4 support to tinc
- tinc: update to the latest commit. 4c6a9a9
- libcurl: update CA certificate bundle as of 2022-07-19
- build: dhcpv6: sync to MIPS (chmod), additionally add #ifdef to have one version for ARM and MIPS
- GUI: fix copy-paste for advanced-dhcpdns.asp
- GUI: Advanced: DHCP/DNS: 'Solve .onion' checkbox should be available regardless of tor status
- GUI: basic-ipv6.asp - fix problems with saving IPv6 setting
- GUI: Advanced: DHCP/DNS: rename option
- dhcpv6: Improve log messages when a REPLY message arrives. The old ones were confusing
- dhcpv6: Add a new script event "EXIT", which is invoked when dhcp6c exits
2022.4 2022.07.31
---------------------------
Note: because of changes in GUI, clean your browser cache and/or use Ctrl+F5 (FF) to avoid artifacts.
- toolchain: brcm-arm-toolchains update; uClibc 0.9.33.2 with CVE-2022-30295, CVE-2021-43523 and CVE-2016-6264 fixes. Also other fixes/patches included. Enable support for AI_ADDRCONFIG
- kernel: drivers: net: updates from the upstream (for details see full changelog)
- kernel: drivers: usb: updates from the upstream (for details see full changelog)
- SDK6/SDK7: enable USB2 and USB3 power at boot up by default
- SDK7: check wireless driver max client tuneable value
- SDK7: update ctf (part 2 + part 3)
- iptables: update to 1.8.8
- irqbalance: update to 1.9.0
- libcurl: update to 7.84.0
- libxml2: update to 2.9.14
- libiconv: update to 1.17
- flac: update to 1.3.4
- openvpn: update to 2.5.7
- ntfs-3g: update to 2022.5.17
- libsodium: update to 1.0.18-stable
- nettle: update to 3.8
- tor: update to 0.4.7.8
- zlib: update to 1.2.12 (add two fixes from the develop tree)
- libubox: update to d2223ef (2022-05-15) snapshot
- uqmi: update to 56cb2d4 (2022-05-04) snapshot
- openssl: update to 1.1.1q
- sqlite: update to 3.39.0
- nginx: update to 1.23.0
- dnsmasq: update to 2022.07.07 (20b4a4e) snapshot
- build: add Netgear R7900 support (almost the same like R8000)
- build: router: Makefile: also install zlib when samba is added to the (not AIO) image - fix build break
- build: only include adblock when image is built with TCONFIG_HTTPS (all (or most) servers from the adblock list are now redirecting to https, so wget can't download them without OpenSSL)
- build: add flag to detect AIO target (the same way like in MIPS branch)
- build: add target ARM architecture/target ARM processor
- build: add flag to build image without TRX KEY
- GUI: Administration: Configuration: fix date in the filename of saved config file
- GUI: Administration: NFS Server: correct link to the NFS website
- GUI: Advanced: Firewall: change link for Efficient Multicast Forwarding option
- GUI: Advanced: Tor: add daemon status, add start/stop button
- GUI: advanced-vlan.asp - use nvram t_model_name for R8000 detection
- GUI: advanced-wireless.asp - Set bss_maxassoc same as global max clients
- GUI: advanced-wireless.asp - adjust/improve saving country/rev selection
- GUI: Status: Logs: implement maximum filter level
- GUI: Status: Overview: clearly explain what the WL enable/disable buttons are for
- GUI: Tools: Wireless Survey: add a note for ARM routers, that WL survey doesn't work when WL filter is turned on in 'permit only' mode (workaround for #224)
- GUI: USB and NAS: FTP/Samba/FTPD/BT: add daemon status, add re-start button (unify to nginx/mysql page)
- GUI: VPN Tunneling: OpenVPN Client: also allow range of IP addresses as a source IP
- GUI: fix backup filename date
- adblock: convert all lists to https; additionally add Steven Black list
- apcupsd: add PCNET and SNMP support in AIO targets; allow to use custom config
- dhcpv6: Add a no release option '-n'. This prevents a release signal from being sent to the ISP causing a new PD or address to be allocated
- dhcpv6: Remove the PID file just before dhcp6c actually exits
- dhcpv6: Add a signal handler for SIGUSR1 to forcibly exit without releasing the obtained addresses
- dhcpv6: Set a DHCPv6 state keyword to an environment variable "REASON"
- dhcpv6: reload config on SIGHUP
- dropbear: add login limits
- dropbear: fix MAX_UNAUTH_CLIENTS regression - fix from the upstream
- dropbear: patches: add DEFAULT_ROOT_PATH
- httpd: misc.c: use utf8 in asp_rrule()
- IPv6: add DUID type selection (currently only DUID-LL (default) OR DUID-LLT)
- IPv6: extend GUI status page (status-overview.asp) - show DUID
- IPv6: add GUI option (basic-ipv6.asp) to start DHCP6 Client in debug mode (only for RT-N+ router)
- IPv6: add GUI option (basic-ipv6.asp) for DHCP6 client to prevent prefix/address release on exit
- IPv6: check environment variable "REASON" which is passed to the client script when receiving a REPLY message (only for DEBUG currently)
- JFFS: do not start if router model is unknown
- others: linkagg: fix warning messages, cosmetic
- rc: serialize (re-)starts from GUI, avoid zombies
- rc: do not (re)start services during upgrade/reboot
- rc: firewall: add IPv4 IPSEC passthrough
- rc: gpio.c - extend gpio poll up to 32 pins
- rc: openvpn.c: also abort when can not create tap/tun interface
- rc: openvpn.c: fix parsing of pidof result in watchdog script
- rc: services.c: start_ntpd(): correct verbose option
- rc: services.c: start_ntpd(): run ntpd at high priority
- rc: services: move samba support to outer file
- rc: transmission: rewrite, to get rid of shell scripts
- router: httpd: wl.c - adjust and correct scan params for wireless survey (GUI: tools-survey)
- shared: wlscan.h - increase buffer for wireless survey (SDK6 and up)
- stubby: add Cisco Umbrella/OpenDNS DoT Servers to Stubby Options
- wireless ethernet bridge AND media bridge mode: use dnsmasq (provide DNS service)
- Wireless Survey: rework / optimize code for wl survey (GUI: tools-survey)
- www: tomato.js: fix id in TomatoGrid.prototype.createEditor
- Netgear R6400/R6700/R6900/R7000/XR300 series router: adjust led setup in case wan is disabled (router only in AP mode) - resolves #21
- Tenda AC15 / AC18: build image without TRX KEY
2022.3 2022.05.12
---------------------------
- SDK6: allow upgrade from AsusWRT to FreshTomato via GUI
- SDK7: allow upgrade from AsusWRT to FreshTomato via GUI
- SDK7: remove 256 MB DRAM limit
- Initial add NETGEAR ac1450
- Initial add DSL-AC68U
- dnsmasq: update to 2022-03-31 (03345ec) snaphot (fix for CVE-2022-0934)
- libcurl: update to 7.83.0
- sqlite: update to 3.38.5
- ebtables: fix the 'static' build target (update from upstream)
- libsodium: update to latest 1.0.18-stable
- libnfnetlink: update to 1.0.2
- libmnl: update to 1.0.5
- wsdd2: update to 1.8.7
- util-linux: update to 2.38
- libjson-c: update to 0.16-20220414
- nano: update to 6.3
- openssl: update to 1.1.1o
- tor: update to 0.4.7.7
- irqbalance: update to 1.8.0
- libcurl: update CA certificate bundle as of 2022-04-26
- build: Makefile: only build an image for RT-N18U in NOSMP version
- GUI: fix display of 'beta' tag on Advanced themes
- GUI: Administration: Admin Access: update links to TTB themes list and gallery
- GUI: Advanced: DHCP/DNS: add the choice of EDNS packet size - default: 1280, no change (resolves #214)
- GUI: Web Server: add buttons for nginx/MySQL that open their interfaces in the new tab/page
- GUI: VPN Tunneling: Tinc Daemon: fix javascript error
- GUI: VPN Tunneling: Tinc Daemon: fix version number display
- README: add info about github mirror
- httpd: cgi.c: use logmsg()
- httpd: cgi.c: improve buffer handling
- httpd: cgi.c: fix for CVE-2022-28665 (TALOS-2022-1509): FreshTomato httpd unescape memory corruption vulnerability
- mssl: disable TLS 1.0 & 1.1 support for images with OpenSSL 1.1
- rc: network.c - fix IPv6 forwarding in case of 4 LANs (resolves #216)
- watchdog: fix regex which trigger dhcpFix
- Netgear R8000: correct size for board_data partition
- E4200v1 / Belkin F9K1102 (v1/v3): remove band selection (2,4 GHz OR 5 GHz) for second radio module at the GUI (basic-network)
2022.2 2022.04.07
---------------------------
Note: mainly bugfixes release.
- SDK6: update wireless driver (dual core)
- SDK7: fix 128K nvram support for RT-AC3200
- openvpn: update to 2.5.6
- openssl: update to 1.1.1n
- sqlite: update to 3.38.2
- dropbear: update to 2022.82
- uqmi: update to 2022.03.12 (44dd095) snapshot
- libcurl: update CA certificate bundle as of 2022-03-29
- build: fix 512M DRAM flagspec
- build: prevent php and miniupnpd from picking up build system libraries
- GUI: Advanced: Routing: fix adding new entries in Static Routing Table
- GUI: Advanced: Virtual Wireless: add a warning in the Notes section to not use 'virtual interfaces' on interface in Wireless Ethernet Bridge or Media Bridge modes due to possible problems
- GUI: Advanced: Virtual Wireless: add missing code for tri-band router (SDK7)
- GUI: Advanced: Virtual Wireless: also add frequency to interface drop down list when editing
- GUI: Basic: Network: also set wanX_proto to 'disabled' if given WAN is (set to) inactive
- GUI: Wake on LAN/Menu: use one notation for consistency
- GUI: Web Server: MySQL Server: add daemon status, add start/stop button (unify to nginx page)s
- others: btcheck: fix regex for checking if transmission-daemon is up (it never worked...)
- others: mycheck: simplify regex for checking if mysqld is up
- others: switch4g: simplify regex for checking if uqmi is up
- others: switch4g: only use nvram commit if it's needed
- others: watchdog: simplify regex and fix how mwanroute is called (detach)
- others: watchdog: fix regex for checking if orphaned connect-on-demand listen process is up (it never worked...)
- others: watchdog: fix for LTE proto
- others: wwansignal: simplify regex for checking if uqmi is up
- rc: nginx: align the way how it's called to other services (note: name of the service has changed from 'enginex'/'nginxfp' to 'nginx'/'nginxgui')
- rc: use nvram variables instead of globals to skip some steps during upgrade/reboot procedure; also include watchdog in that process
- rc: some fixes regarding MultiWAN + add more debug log
- rc: tinc.c: add/fix watchdog
- shared: defaults.c: initialize wanX_proto (except the 1st one) as 'disabled'
- www: tomato.js: improve error handling in displayOUI()
2022.1 2022.03.13
---------------------------
Note: DDNS Cloudflare now is using only the new method for auth - please update your settings.
- kernel: USB: serial: option: add support for Novatel USB730L enterprise mode
- kernel: HID: ignore Novatel USB730L modem
- kernel: drivers: net: usb: update ipheth module
- kernel: drivers: net: usb: ipheth: fix iOS14 tethering issues
- kernel: netfilter: xt_hashlimit: fix namespace destroy path
- kernel: netfilter: x_table: speedup compat operations
- Revert "kernel: make xt_recent built-in instead of module"
- SDK6: update wireless driver (dual core)
- kernel: ppp_generic.c - add one more check for CTF
- SDK6/SDK7: implement newer Asus TRX header
- nginx: update to 1.21.6
- tor: update to 0.4.6.10
- e2fsprogs: update to 1.46.5
- sqlite: update to 3.38.0
- miniupnpd: update to 2.3.0
- avahi: update to 0.8
- libubox: update to f2d6752 (2022-02-11) snapshot
- uqmi: update to 2022.02.02 (f254fc5) snapshot
- libcurl: update to 7.82.0
- libsodium: update to latest 1.0.18-stable
- libxml2: update to 2.9.13
- nano: update to 6.2
- xl2tpd: update to 1.3.17
- dnsmasq: update to 2022.02.25 (4732aa6) snapshot
- libcurl: update CA certificate bundle as of 2022-02-01
- build: add Linksys EA6350v2 support
- build: always add libutil to the image
- build: router: Makefile: correct when installation of zlib and sqlite is needed
- build: router: Makefile: openvpn doesn't use zlib at all...
- build: router: Makefile: explicitly specify when zlib should be added to the image
- build: Makefile: build dnsmasq with DUMPFILE option for ARM routers
- build: correct build size to 32M for R8000, correct partition offsets and size
- build: RT-AC3200: improve/change LED table if router is in Media Bridge Mode
- build: Buffalo WZR-1750DHP: add flag for 512M DRAM support
- build: Buffalo WZR-1750DHP: adjust partitions
- build: Buffalo WZR-1750DHP: rely on cfe default / init parameter (for each router)
- GUI: link wiki documentation to each relevant page - resolves #172
- GUI: advanced-mac.asp - fix saving default WAN mac addr (starting with FT 2021-8 / latest VLAN-fixes)
- GUI: (css): fix grayed out elements that cannot be modified
- GUI: advanced-misc.asp: add confirmation before rebooting the router
- GUI: add notes on pages where functionality is disabled when CTF/Broadcom FastNAT is turned on; also disable automagically QoS and BWL when CTF is enabled or BWL when Broadcom FastNAT is enabled; add notes that using QoS or Access Restriction disables Broadcom FastNAT module
- GUI: tools-wol.asp: fix typo
- GUI: advanced-mac.asp - align default wireless mac addr to wlconf setup AND FreshTomato initial mac setup (note: repair GUI wl mac setup --> GUI default and initial mac are the same now)
- GUI: Advanced: Firewall: fix IGMP proxy custom configuration textarea bahaviour
- GUI: Advanced: Routing: correct display of interfaces in Static Routing Table
- GUI: Admin: Debugging: improvements to the Debugging page (resolves #184)
- GUI: status-overview - improve ethstate if WAN port is moved to primary LAN (part 2)
- GUI: Advanced: Firewall: add 'Allow DHCP responses' option; also correct name of nvram variable/value
- GUI: Advanced: Firewall: add smart MTU black hole detection and enable it by default
- GUI: VPN Tunneling: OpenVPN Server Configuration: enlarge 'Common Name' text area to 30 chars
- GUI: change the menu labels: WOL -> WoL, Trace -> Traceroute, IPerf -> iPerf
- GUI: IP Traffic: Last 24 Hours: fix initialization of 'IPs currently on graphic' dropdown list when loading the page
- GUI: admin-access.asp: add option to enable/disable the brute force mitigation rule on port defined for GUI remote access
- GUI: USB and NAS: BitTorrent Client: correct drop down list description
- GUI: Basic: Network: fix problems with Wireless Client mode (again)
- GUI: Basic: Network: hide 'Wireless Client Mode' drop down list when given WAN is disabled
- GUI: Advanced: DHCP / DNS Client: remove 'Reduce packet size' option - no more available in udhcpc from busybox
- GUI: Administration: Admin Access: correct display order of 'Allow Remote Upgrade'
- GUI: Administration: Admin Access: change regex for 'Authorized Keys' to allow also pasting keys that start, for example, with some command
- GUI: add as an Admin option: unmount JFFS automatically as part of the upgrade process
- GUI: Overview: Device List: fix some potential problems
- GUI: Basic: Network: fix more issues when switching i.e. from 2 WANs to 1 WAN
- GUI: USB and NAS: USB Support: disable drop-down lists of NTFS and HFS/HFS+ Drivers, when support for these file systems is not checked
- GUI: advanced-vlan.asp - add Asus RT-AC56S (single-core (NOSMP) clone of RT-AC56U)
- Add ability to run custom script with start and stop of QoS: /etc/wan_qos.custom start|stop wannum
- Add more QoS overhead options for PPPoE in PTM mode and with VLAN (VDSL2)
- Add flagspec for 512M DRAM, seperate build for xr300/r6700v3 with 512M DRAM
- Correct Memory mapping for 512M DRAM (part 2) (resolves #180)
- Correct Partition and JFFS space NETGEAR routers
- IPv6: rc: services.c - add check for SLAAC and/or DHCPv6 before using global address and not link-local address for IPv6 DNS
- OpenVPN: do not add 'duplicate-cn' to server config automatically
- PPTP Server: bypass CTF (if enabled)
- WL: add roaming assistant (see GUI advanced-wireless.asp) as an option - fixes #77 (note: disabled by default; disabled for wireless client, wireless ehternet bridge and media bridge mode; recommendation: do not use bandsteering and roaming assistant features at the same time)
- adblock: filter also ipv6 addresses (resolves #200)
- avahi: cleanup: ensure entries are dead for at least 1s (fix from the upstream)
- avahi: fixed dns_sd segfaults, initialization issues, and added NDEBUGs (fix from the upstream)
- avahi: use monotonic timer when possible (fix from the upstream)
- avahi: use internal type for timers (fix from the upstream)
- avahi: do not disable timeout cleanup on watch cleanup (fix from the upstream)
- e2fsprogs: modify mke2fs.conf - default ^metadata_csum for ext4 (resolves #182)
- getdns/stubby: rdata not correctly written for validation for certain RR types (fix from the upstream)
- httpd: openvpn.c: add "route <netaddr> <netmask>" directive to downloaded OpenVPN config file when static keys are in use (because the route cannot be pushed from the "server" when using static keys)
- httpd: check key and cert pair, if they are mismatched, regenerate key and cert
- mdu: cloudflare: use new API token instead of email/globalAPIkey for auth
- multiwan/watchdog: fix even more issues including lack of default route when all WANs are down - now in such cases, default route is added to the WAN with the heighest weight
- nginx: change default server name to 'FreshTomato'
- rc: buttons.c - increase button sample time (now 500 ms) and improve robustness
- rc: dhcpc-event: fix selection of the correct prefix for two consecutive WANs
- rc: firewall.c: check more variables before applying FW rules (in some cases, there was no firewall at all)
- rc: cifs.c: fix condition for recognition when the cifs is mounted
- rc: init.c: on halt/reboot, stop syslog before removing storage/usb to avoid problems
- snmp: add patch to change snmp interface cache timeout to 1 second for realtime monitoring
- usbmodeswitch: fix for Novatel USB730L modem
- www: tomato.js: add placeholder support for <textarea> and <input>
2021.8 2021.12.25
---------------------------
- kernel: [SCSI] sd: Fix overflow with big physical blocks
- tor: update to 0.4.6.8
- nano: update to 6.0
- libncurses: update to 6.3
- libsodium: update to latest version of 1.0.18-stable
- nginx: update to 1.21.4
- util-linux: update to 2.37.2
- mysql: update to 5.5.62
- libexif: update to 0.6.24
- libcurl: update to 7.80.0
- sqlite: update to 3.37.0
- openssl-1.1: update to 1.1.1m
- openvpn: update to 2.5.5
- libcurl: update CA certificate bundle as of 2021-10-26
- build: Makefile: rp-pppoe: remove debugging information, add -Wall instead
- build: Makefile: libsodium: add CFLAGS/LDFLAGS to recipe
- build: Makefile: pass EXTRACFLAGS also to openssl/mysql/php, ensure that optimization is complete
- build: fix program memory size too small for STOCK NETGEAR firmware
- build: fix cryptic BAD TRX HEADER with actual error message that means something
- build: libsodium: build as static library
- build: add irqbalance tool with needed libraries for multi-core routers; add irqbalance to all multi-core targets
- build: busybox: compile with CONFIG_FEATURE_WGET_LONG_OPTIONS enabled
- build: patches: diskdev_cmds-332.25: add path to libcrypto.so.1.1 library, so mkfs.hfs can be linked to it instead of the old one from toolchain
- build: use --no-check-certificate for wget in scripts only when CA cert is not installed
- build: router: Makefile: transmission: do not try to built with libiconv