-
Notifications
You must be signed in to change notification settings - Fork 6
/
CHANGELOG
2888 lines (2725 loc) · 183 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
===========================
FreshTomato-MIPS Changelog
===========================
(for full changelog, see: https://bitbucket.org/pedro311/freshtomato-mips/src/mips-master/CHANGELOG)
2024.5 2024.12.24
---------------------------
- Note: mainly a bug fix release
- nginx: update to 1.27.3
- sqlite: update to 3.47.2
- dnsmasq: update to v2.91test2
- libcurl: update to 8.11.1
- meson: update to 1.6.1
- libjpeg-turbo: update to 3.1.0
- rom: update CA bundle to 2024-11-26
- GUI: QoS: Basic Settings: fix displaying warnings on Advanced themes
- busybox: revert changes to ntpd applet in 1.37.0 (ntpd server returns bogus data), added as a patch
- miniupnpd: Init IPv6 firewall correctly and compile daemon with IGDv2 but disable it at runtime
- miniupnpd: restart daemon if IPv6 address changes OR new (Case DHCPv6)
- pppd: use pptp plugin maintaned by openwrt team instead of the one from accel-pptp
2024.4 2024.11.26
---------------------------
- busybox: update to 1.37.0
- php: update to 8.3.13
- nginx: update to 1.27.2
- sqlite: update to 3.47.0
- expat: update to 2.6.4
- dnsmasq: update to f006be7 (2024.10.04) snapshot
- libsodium: update to latest 1.0.20-stable
- nano: update to 8.2
- openssl-3.0: update to 3.0.15
- libcurl: update to 8.11.0
- rom: update CA bundle to 2024-09-24
- libjson-c: update to 0.18-20240915
- libjpeg-turbo: update to 3.0.4
- meson: update to 1.6.0
- libxml2: update to 2.13.5
- libpng: update to 1.6.44
- libzip: update to 1.11.2
- libubox: update to eb9bcb6 (2024-03-29) snapshot
- uqmi: update to 28b48a1 (2024-08-25) snapshot
- haveged: update to 1.9.19
- dropbear: update to 2024.86
- rp-pppoe: update to 4.0
- pppd: update to 2.5.1
- build: always install librt
- build: Makefile: openvpn: fix plugin support
- build: Makefile: tune e2fsprogs recipe
- build: Makefile: openvpn do not disable debug if TOMATO_EXPERIMENTAL flag is set
- build: Makefile: fix miniupnpd recipe for MIPS branch
- build: Makefile: set default mode for C/C++ depending on toolchain
- build: introduce EXTRA_CXXFLAGS
- GUI: Dynamic menu and Misc category
- GUI: basic-network.asp align table style for enable/disabled options (like the VLAN page)
- GUI: advanced-wlanvifs.asp - align table style for Enabled/Disabled options
- GUI: vpn-tinc.asp - align table style for Enable/Disable options
- GUI: status-data.jsx - tweaked thresholds for Amber and Red as they triggered too early
- GUI: Basic: DDNS: add form for custom interface name for "External IP Checker" in case of non-WAN mode (fix ARM #337)
- GUI: VPN: OpenVPN server: add ability to generate 2048 byte Diffie-Hellman parameters
- GUI: VPN: OpenVPN server: add support for ECDH key generation
- GUI: VPN: OpenVPN server: set ECDH key generation as default
- GUI: VPN: OpenVPN *: fix issue with (re)starting clients/servers when saving a page but clients/servers are down
- GUI: Port Forwarding: Basic: use ajax to refresh info on page
- GUI: Port Forwarding: Basic IPv6: use ajax to refresh info on page
- GUI: Basic: IPv6: use ajax to refresh info on page
- GUI: Administration: CIFS Client: use ajax to refresh info on page
- GUI: Port Forwarding: DMZ: use ajax to refresh info on page
- GUI: Misc: Access Restriction: use ajax to refresh info on page
- GUI: QoS: Classification: use ajax to refresh info on page
- GUI: Administration: JFFS: use ajax to refresh info on page; also some fixes
- GUI: Improve UPnP IGD & PCP/NAT-PMP
- accel-pptp: add support for pppd 2.5.x
- dnsmasq: update DNS records after pruning DHCP leases (added as a patch)
- httpd: add rel version to each .css script call
- libncurses: update recipe, add patches from openwrt
- minidlna: add patches from debian
- mwwatchdog - remove console warning when mwwatchdog_debug is set to NULL
- openvpn: enable (back) management on AIO or ARM images
- openvpn: show data & control channel handshakes only above log level 3 (verb 3); added as a patch
- pppd: remove patch 390 (MIPS only) as librt is now always added to the target
- pptpd: do not build plugins; tune recipe
- rc: transmission.c: correctly remove the blocklist directory on startup. Also tune tcp_adv_win_scale
- rom: openssl.cnf: add default commonName
- samba3: move recipes to router/Makefile and tune them
- samba: add clean sources of 3.6.25 and one patch instead
- switch4g: add weird PIN_STATUS because sometimes it happens
- transmission: patches: revert commit 66dbc261 (add ARC4 implementation inside transmission, disable it in openssl)
- www: tomato.css: define size of Ethernet Ports State (fix ARM #311)
- vpnrouting.sh: do not use nslookup
- vpnrouting.sh: fix order in stopRouting()
2024.3 2024.08.04
---------------------------
- libjpeg-turbo: update to 3.0.3
- libxml2: update to 2.13.3
- sqlite: update to 3.46.0
- libcurl: update to 8.9.1
- libsodium: update to latest 1.0.20-stable
- nginx: update to 1.27.0
- pptpd: update to 1.5.0
- openssl-3.0: update to 3.0.14
- meson: update to 1.5.1
- openvpn-2.5: update to 2.5.11
- wolfssl: update to 5.7.2-stable
- nano: update to 8.1
- nettle: update to 3.10
- miniupnpd: update to 2.3.7
- lz4: update to 1.10.0
- dnscrypt-proxy: update to latest git (security fix, fix usage with latest libsodium, ref: https://github.com/dyne/dnscrypt-proxy)
- openssl-1.1: add fixes for: kcs1-implicit-rejection, CVE-2024-2511, CVE-2024-4741, CVE-2024-5535
- adminer: update to 4.8.4
- build: add OpenSSL 3.0.13 to the tree
- build: add OpenSSL 3.0.x recipes, add patches and update needed scripts
- build: switch to openssl-3.0 only for AIO targets (RT-AC)
- build: add wolfSSL 5.7.0 to the tree
- build: wolfSSL: add recipe, needed patches and configuration
- build: add wolfssl support for mssl
- build: add wolfssl support for httpd
- build: add wolfssl support for mdu
- build: add wolfssl support for openvpn
- build: add wolfssl support for libcurl
- build: add wolfssl support for transmission
- build: add wolfssl support for nginx
- build: openvpn_plugin_auth_nvram: add wolfssl support
- build: update libfoo.pl and Makefile to latest OpenSSL 3.0.x; also adapt libfoo.pl to be one version for ARM and MIPS - use it also on ARM
- build: Makefile: libnfnetlink: is only needed when target is built with CONNTRACK_TOOLS
- build: Makefile/www: tune openssl options
- build: Makefile: libevent: we don't need ssl here, so let's remove it from the recipe
- build: Makefile: libcurl: use default value for 'with-random'
- build: Makefile: libzip: do not add insecure support for in-php AES zip encryption
- build: Makefile: openssl: always compile with no-cms
- build: Makefile: openssl: always compile with no-ec2m
- build: Makefile: openvpn: disable unit tests (2.5, 2.6), add lz4 flags (2.5)
- build: Makefile: openvpn (2.5, 2.6): enable smaller executable size (disable OCC, usage message, and verb 4 parm list) for non-AIO MIPS targets
- build: openvpn (all): do not compile with lzo support (security)
- build: Makefile: php: remove curl support
- build: Makefile: tincd is now built using the shared liblz4 library
- build: Makefile: transmission: add gnu99 std to CFLAGS
- build: Makefile: do not compile lz4 for the smallest targets
- build: Makefile: use cmake in libxml2 recipe
- build: Makefile: libevent: only install shared library if target built with BBT or TOR
- build: remove DONT_OPTIMIZE_SIZE for target Mega-VPN
- build: remove DONT_OPTIMIZE_SIZE for target Mega-VPN (RT-AC)
- build: remove openvpn 2.4 from the tree - MiniVPN is now compiled with openvpn 2.5
- build: stubby: fix log level (see: https://www.linksysinfo.org/index.php?threads/stubby-doesnt-log.78729/)
- build: transmission: patches: add ARC4 implementation inside transmission, disable it in openssl
- build: transmission: patches: disable webseeding, it causes 100% CPU usage in certain situations; apply DSCP to UDP sockets too - backport patch from the upstream
- build: wolfssl: add patch to fix compilation of 5.7.2 on MIPS
- build: fix compilation of php7 when libxml2 is installed on host
- GUI: advanced-ctnf.asp: refined page layout [rs232]
- GUI: Basic: DDNS: move Service dropdown to top
- GUI: Basic: Network: only display the wireless connection (WAN) types that are available for a given branch (fix ARM #328)
- GUI: basic-network.asp: fix saving in case wl radio order is not ascending (ex. normal order wl0, wl1, wl2, ... ) [Version 2] [M_ars]
- GUI: Basic: Time: layout improvement and some renaming [rs232]
- GUI: QoS: Classification: Display warning on the qos-classify page if classification has been nvram disabled, where QoS is enabled and set to HTB mode [rs232]
- GUI: Status: Overview: fix Signal Quality icon in wireless client mode
- GUI: Tools: Wireless Survey: Discouraging certain WiFi security protocols [rs232]
- GUI: Tools: Wireless Survey: Changed default table sorting by RSSI Descending (strongest to weakest) [rs232]
- GUI: Tools: Wireless Survey: Added SNR (Signal to Noise) to the table [rs232]
- GUI: Tools: Wireless Survey: added filter by frequency [rs232]
- adblock-v2: add internet connectivity test as a running condition [rs232]
- adblock-v2: use Internet test target from nvram mwan_chdst content if this contains any usable FQDN; if not default to google.com [rs232]
- adblock-v2: skip Internet test if no lists are defined (covers the case where domains are only defined locally) [rs232]
- adblock-v2: further improvement to the Internet test: running condition: also check if at least one list is enabled [rs232]
- httpd: openvpn.c: initialize buffer before use; also log static/dhparam key creation
- nvram_ops: add centralised console font & background color definition [rs232]
- nvram_ops: added ${reset} and corrected typo [rs232]
- rc: ddns.c: enable DDNS client 3 & 4
- rc: init.c: WNDR3400v2/v3 edit [txnative]
- rc: init.c: E3200 edit [txnative]
- rc: init.c: F9K1102 Edit/Remove [txnative]
- rc: network.c: set the wireless virtual interface hwaddr according to nvram and wait up to 100 ms to check the result [M_ars]
- rc: nginx.c: fix permissions for socket in case when run as 'nobody'
- rc: nocat.c: touch lease file if it doesn't exist yet
- rc: nocat.c: Use BRIDGE_COUNT to iterate through the lans [lancethepants]
- rc: service.c: miniupnpd: follow changes in config naming, also change default upnp_ssdp_interval to 900s
- rc: services.c: stop_services(): do not stop ntpd during router restart/upgrade
- rom: remove authorityKeyIdentifier from the Server cert generation [lancethepants]
- rom: also remove authorityKeyIdentifier for usr_cert [lancethepants]
- rom: update CA bundle to 2024-07-02
- transmission: dht: fix incorrect handling of want in find_closest_nodes
- www: add rel version to each .js script call
- www: add rel version to each .jsz script call
- www: add rel version to each .css script call
- www: advanced-ctnf.asp: fix appearance on advanced themes
- www: basic-ddns.asp: fix availability of external IP checker when using WET/Media Bridge/etc WAN mode
- www: tomato.css: tweaks centrally indent 1 & 2 (no need to add manually indent: 2 to every page now) and adds options for indent 3 & 4 [rs232]
- www: Makefile: fix display of QR Code when image is build without wireguard
2024.2 2024.05.19
---------------------------
- toolchain: add support for *at functions (haveged)
- toolchain: correct build script and replace ctype.h file with correct one after building toolchain
- toolchain: fix build break on Debian 11/12
- toolchain: build with MIPSR2 optimization for RT-N and RT-AC branch
- toolchain: update with latest changes to build scripts/options (MIPSR2 optimization)
- zlib: update to 1.3.1
- libcurl: update to 8.7.1
- libpng: update to 1.6.43
- libxml2: update to 2.12.6
- tinc: update to d9e42fa (2024-04-07) snapshot
- dnsmasq: update to b8ff4bb (2024-02-22) snapshot
- expat: update to 2.6.2
- busybox: updates from the upstream
- spawn-fcgi: update to 1.6.5
- nginx: update to 1.26.0
- meson: update to 1.4.0
- openvpn-2.5: update to 2.5.10
- tor: update to 0.4.7.16 - the last one that actually compiles on our ancient toolset
- sqlite: update to 3.45.3
- miniupnpd: update to 2.3.6
- dropbear: update to 2024.85
- libsodium: update to latest 1.0.19-stable
- libzip: update to 1.10.1
- libatomic_ops: update to 7.4.20
- build: Makefile: tune libcurl recipe (remove not used stuff - smaller size)
- build: Makefile: tune apcupsd recipe (smaller size)
- build: Makefile: mysql: at last build it with system zlib; do not waste time for mysql-test, support-files, sql-bench and man subdirs
- build: Makefile: minidlna: disable NLS support
- build: Makefile: clean more targets before every compilation
- build: Makefile: fix ntfs-3g recipe after latest changes to toolchain
- build: add haveged-1.9.18 to the tree
- build: add haveged to all MIPS RT-AC routers
- build: add haveged to RT-N66U and WNR3500Lv2 for RT-N branch
- build: add haveged to some Linksys E-Series targets with 60KB nvram
- build: add haveged to 32KB nvram Mega-VPN & AIO target at RT-N branch
- build: switch to php-7.2.34; use libzip for php compilation
- build: Makefile: php: do not build opcache module
- build: Makefile: php: do not build phpdbg module
- build: add TOR again to the o (Custom) target
- build: Update Dockerfile to Debian 12
- GUI: Administration: Admin Access: exclude ports 80 and 443 for remote GUI access for security reasons
- GUI: Administration: Admin Access: fix preparing url of redirect page in case of remote connection
- GUI: admin-access.asp - Add option to enable/disable httpd listening on IPv6 and VLAN interfaces
- GUI: basic-network.asp - fix saving in case wl radio order is not ascending (ex. normal order wl0, wl1, wl2, ... )
- GUI: tools-survey.asp - fix Wireless Site Survey if SSID contains a single quote (fix ARM #323)
- GUI: VPN: OpenVPN Client: add note about strict Kill Switch
- GUI: Status: Overview: fix Watchdog status display
- GUI: USB and NAS: Media Server: fix behaviour of the LAN boxes
- busybox: always add flock applet
- busybox: remove patch 160 because of updated toolchain (commit fc6df68)
- DHCPC: optionally prevent classless routes. Since this is used for iptv it cannot be disabled by default; recommended to turn it off when not using iptv, see CVE-2024-3661
- getdns: fix for broken trust anchor files are silently ignored
- openssl-1.1: add patches for CVE-2023-5678 and CVE-2024-0727
- php-7.2.34: add openwrt patches
- udpxy: Fixed uninitialized source address
- DDNS: multiWAN aware (fix ARM #65)
- ddns: increase the number of errors allowed before entering standby from 3 to 10
- discobery.sh: supports for any CIDR (no dependency to /24 any more) - network and broadcast IPs are now always excluded from the polling - works when brX IP address is not the first in the subnet
- httpd: config.c: do not close temp file created by mkstemp before using it
- httpd: upgrade.c: use mkstemp instead of dangerous mktemp; check for available memory first; correct argument in waitpid(); fix a few other issues
- httpd: etherstates - detect port info in one sscanf
- httpd: httpd.c - fix/add IPv6 listeners for MultiLAN setups (do not try to add IPv4 listeners twice)
- httpd: devlist.c: Loop through dhcp enabled interfaces using BRIDGE_COUNT
- httpd: wl.c - Add central channel for future updates to the GUI Wireless Survey
- httpd: wl.c - Add 802.11N+AC BSS capabilities for future updates to the GUI Wireless Survey
- mdu: in case of curl, also use a while loop to use more than one IP checker during a failed host check
- mdu: use getaddrinfo instead of the deprecated gethostbyname when building without libcurl
- mdu: also test for IP change if "Force next update" is checked
- mdu: support special case, when ifname is set to 'none' or proto is 'disabled' - use default WAN
- mdu: remove ieserver.net from the list of available services (down)
- mdu: remove DyNS from the list of available services (down)
- nvram: fix behavior of 'convert' option
- ntpd: try to monitor and restart it when it dies or doesn't start at all
- others: sysinfo: fix WL adapter name for 3rd wireless
- others: improve cru locking to prevent concurrent updates
- others: switch4: fix PIN status recognition on some modems
- others: switch4g: correct checking of CPIN status
- others: switch3g: fix PIN checker
- patches: nginx: fix little endian recognition, solve other issues
- rc: always enable 3G modem support and remove that option from the GUI
- rc: arpbind.c: stop_arpbind(): Skip header of /proc/net/arp
- rc: buttons.c: Limit WLAN button maximum duration to 120 seconds
- rc: bwlimit.c: refactor code to loop using BRIDGE_COUNT
- rc: firewall.c: fix remote administration (www/ssh) when DMZ is enabled
- rc: firewall.c: Use BRIDGE_COUNT to iterate throuh interfaces
- rc: ftpd.c: close fp before bailing when f fails to open
- rc: init.c: do not run remove_usb_module() [remove_usb_all_modules() now] on halt/reboot; some changes in order of removed services
- rc: init.c: current all parameters are no longer needed for both WNDR3400v2/v3 models, they lower wifi performance
- rc: nfs.c: Also free(buf) when returning on failed fopen
- rc: nginx.c: always try to kill php-cgi at nginx stop
- rc: openvpn.c: start_ovpn_client(): Initialize route_mode variable
- rc: services.c: start_ipv6_tunnel(): Fix undefined behavior in snprintf
- rc: services.s: use get_wanface() to properly check WAN ifaces in generate_mdns_config()
- rc: services.c: block Apple private relay
- rc: tor.c: refactor code to loop using BRIDGE_COUNT
- rc: usb.c: do not run remove_usb_modem_modules() by default - it may cause kernel panic (at least on MIPS RT-AC), enable it by setting 'remove_modem_modules' nvram variable
- rc: wan.c: restart DDNS not only on primary WAN
- rom: update CA bundle to 2024-03-11
- www: advanced-vlan.asp: wipe out relevant fields for inactive or just disabled WAN - needed in various places for the proper operation of FW
- www: advanced-vlan.asp: after editing, just reset mwan_num to 1 to avoid problems
- www: basic-time.asp: Show ntp info
- www: qos-{ctrate,qos-detailed}: Additional filter options
- www: tools-survey.asp - v1.01 - 11/05/24 - rs232
- Asus RT-N12 HP: fix saving country/rev selection starting with release 2022.4/5 (GUI: advanced-wireless.asp)
2024.1 2024.02.14
---------------------------
- dnsmasq: update to aa9e965 (2024-01-21) snapshot
- libcurl: update to 8.5.0
- libcap-ng: update to 0.8.4
- libpng: update to 1.6.41
- libjpeg-turbo: update to 3.0.2
- libid3tag: update to 0.16.3
- dropbear: update to 41a6abc (2023-12-31) snapshot
- miniupnpd: update to 2.3.4
- ntfs-3g: update to 75dcdc2 (2023-06-13) snapshot
- busybox: updates from the upstream
- wsdd2: update from the upstream
- uqmi: update to c3488b8 (2024-01-16) snapshot
- sqlite: update to 3.45.1
- libxml2: update to 2.12.4
- libsodium: update to latest 1.0.19-stable
- wireguard-tools: update to 1.0.20210914
- libubox: update to 6339204 (2023-12-18) snapshot
- build: Makefile: fix libcurl issue with http auth
- build: Makefile: fix compilation on Debian 12
- build: kernel: fix kernel warnings at generated shared_ksyms.c
- build: Makefile: on %-clean, do not forget to remove staged dirs
- GUI: advanced-wireless.asp - add Inactivity Timer option for Media Bridge Mode (60 up to 3600 sec)
- GUI: VPN: Tinc: tune a little status page
- mwwatchdog: tune cktracert() checker once again - it needs max hop value set to ~10
- rc: snmpd.c: log start/stop events
- switch4g/wwansignal: add timeouts to uqmi calls
- www: tomato.js: restore compatibility with older browsers
- www: tools-shell.asp: switch to our addEvent() function for better compatibility
2023.5 2023.12.21
---------------------------
- iperf: update to 3.15
- openssl-1.1: update to 1.1.1w
- libcurl: update to 8.4.0
- dnsmasq: update to 63ba726 (2023-12-03) snapshot
- libsodium: update to latest 1.0.19-stable
- sqlite: update to 3.44.2
- libjpeg-turbo: update to 3.0.1
- nginx: update to 1.25.3
- uqmi: update to eea2924 (2023-10-28) snapshot
- openvpn: update to 2.6.8
- irqbalance: update to 1.9.3
- libxml2: update to 2.11.6
- build: advanced themes for router with 4MB flash is just too much - shrink e1000v2i (Linksys E1000v2-v2.1/Cisco M10v2 MiniIPv6) and e1200v1i (Linksys E1200v1 MiniIPv6) targets
- build: libfoo.pl: fix path to libjpeg library
- build: Makefile: do not waste time installing libatomic_ops
- build: Makefile: use custom build without OpenVPN for n60 (Tenda N60) target (fixes #96 ARM)
- build: Makefile: align the images filename for each release to contain the relevant ARM version in the filename
- build: Makefile: split into different files for easier maintenance; tune a little versioning
- build: Makefile: compile rp-pppoe and pppd with -Os (for small images) or -O2 flag (other images like VPN, AIO, AIO_Lite, Mega)
- build: Makefile: fix pcre-install recipe
- build: Makefile: fix php recipe - build it with our pcre and also correct libjpeg-turbo support
- build: Makefile: compile smaller initial files
- busybox: add lsof applet to images
- dropbear: fix CVE-2023-36328
- GUI: basic-network.asp - allow Group Key Renewal from 0 (disabled) up to 30 days (2592000 sec)
- GUI: Status: Device List: add Wake on LAN for Media icon
- GUI: add an optional 'toggle to dark' switch
- GUI: Advanced: Routing: allow to add 'default' as a Destination (fix #301 ARM)
- GUI: Status: Overview: count reclaimable slab memory as a free memory (according to 'free')
- GUI: Port Forwarding: Basic/Basic IPv6/Triggered: fix tables width in Advanced themes and some html/css inconsistency; cosmetic
- GUI: Port Forwarding: Basic: sort "Src Address" and Int Address" columns by text like on Basic IPv6
- httpd: openvpn.c: remove the status from the generated OpenVPN client configuration - this may cause problems in some cases
- Media Bridge Mode (SDK6/SDK7/SDK714): reinitialize wl radio in case of connectivity loss (v2)
- nvram: add possibility to convert config backup file to readable nvram text file
- others: mwwatchdog: tune cktracert() a little
- rc: services.c: start rstats/cstats later and stop them earlier (should fix #213 ARM)
- rc/httpd: use tomato_version variable instead of nvram 'os_version'
- rc: Drastically improve slow boot times caused by USB mass storage
- rom: update CA bundle to 2023-12-12
- switch4g: add more complex PIN check for QMI modems; also some more fixes
- switch4g: do not use setpin.gcom script from gcom (comgt) package
- wanuptime: improve buffer validation (snprintf/strlcpy)
- WET / Media Bridge Mode: allow to use/enable Debug Mode for dnsmasq (via advanced-dhcpdns.asp)
- WET / Media Bridge Mode: allow to use/enable Adblock feature
- www: status-data.jsx: fix a small bug in displaying DNS addresses
- www: admin-iptraffic.asp: restart the firewall when enabling/disabling cstats
- www: status-data.jsx: DNS: make message about used DNS more precise
2023.4 2023.09.10
---------------------------
- libsodium: update to latest 1.0.18-stable
- minidlna: update to 1.3.3
- libcurl: update to 8.2.1
- tor: update to 0.4.7.14
- iperf: update to 3.14
- libjpeg-turbo: update to 3.0.0
- rom: update CA bundle to 2023-08-22
- gmp: update to 6.3.0
- libjson-c: update to 0.17-20230812
- nginx: update to 1.25.2
- sqlite: update to 3.43.0
- libxml2: update to 2.11.5
- openssl: update to 1.1.1v
- zlib: update to 1.3
- libpng: update to 1.6.40
- snmp: update to 5.9.4
- flac: update to 1.4.3
- dnsmasq: update to 3b5ddf3 (2023-09-02) snapshot
- ffmepg: update to 0.11.5 (resolves ARM #239)
- others: switch4g: extend waiting time for modem switching and its redetection
- Wireless Survey: optimize code for wl survey (GUI: tools-survey) - Part 2
- build: Makefile: compile Tenda N60 (n60) without PROXY enabled to save space
- build: get rid of pdureader - full of bugs, it's enough that comgt has its issues
- build: Makefile: adding F9K1102-init target
- build: Makefile: compile rp-pppoe and pppd with -Os flag only if we need smaller image (ie. for 4MB routers)
- build: Makefile: compile openssl-1.1 with -Os flag only if we need smaller images (example for 4 or 8 MByte routers) - arm branch/mips MEGA & AIO will use O3
- Adblock (DNS filtering): remove default domain blacklist URLs and save NVRAM space for all routers (no matter if 32, 64 or 128 KB)
- dnsmasq: set the default maximum DNS UDP packet size to 1232
- IPv6: show option6 dns-server (RDNSS) (GUI: advanced-dhcpdns.asp)
- Media Bridge Mode (SDK6/SDK7/SDK714): add ARPING (default 180 sec cycle) and improve stability
- mdu: fix Cloudflare DDNS when using curl
- QoS: remove default Outbound Direction configuration and save NVRAM space for all routers (no matter if 32, 64 or 128 KB)
- GUI: Administration: Access: move "Remote Web Port Protection" to "Admin Restrictions" section; also enable it by default
- GUI: Administration: Bandwidth Monitoring: add current date/router model/FW version to backup file
- GUI: Administration: IP Traffic Monitoring: add current date/router model/FW version to backup file
- GUI: Advanced: DHCP/DNS/TFTP: Add option to Show/Hide Stubby's resolvers
- GUI: Advanced: DHCP/DNS/TFTP: hide 'IPv6 DNS Server' forms when IPv6 is disabled
- GUI: Advanced: DHCP/DNS/TFTP: hide the rest of IPv6 options if IPv6 is disabled
- GUI: Status: Overview: add current operator to WWAN Modem Status also for QMI modems
- GUI: Advanced: DHCP/DNS/TFTP: hide "DHCP IPv6 lease time" options in case DHCPv6 PD
- GUI: USB and NAS: Media Server: fix correct port in status window link when using minidlna with random port
- GUI: Status: Overview: do not display days if they are equal to zero
- GUI: basic-ddns.asp - provide an additional variable for the IPv6 address in custom URLs for DDNS
- Revert "rc: services.c: start_ntpd(): run ntpd at high priority"
- httpd: improve buffer validation (strlcpy)
- httpd: iperf.c: sanitize host name
- others: wwansignal: start querying the modem only if the DIAGS file exists (it means that modem is detected with diags and probably already connected)
- others: switch4g: fix listing TTYs in QMI mode
- others: use shorter /dev/null redirection
- others: rename watchdog script to mwwatchdog to avoid confusion with the busybox applet
- rc: dhcp.c - adjust/improve bound event and avoid memory sharing issues
- rc: ftpd.c: Change the default ftpd admin login to 'root' to be consistent with the default router login
- rc: dhcp.c - adjust renew event and do not restart dnsmasq for WAN side route changes (resolves ARM #287)
- rc: init.c: remove "os_name" from nvram
- rc: ppp.c - adjust/improve code to avoid memory sharing issues
- rc: services.c: dnscrypt-proxy: in case of EDNS packet size is set lower than 1252 in dnsmasq, set it also here
- rc: services.c: we don't need extra logging when minidlna logs to syslog
- rc: wan.c - adjust/improve code to avoid memory sharing issues (+add some more comments)
- rom: Makefile: Escape single quotes (') in dnscrypt-resolvers.csv
- switch4g: move cdc_ether module to the end of the list
- wsdd2: Update patch with new location of smb.conf
- WWAN: improve display of SINR values for QMI modems
- www: advanced-dhcpdns.asp: remove dupe from Notes section
- www: advanced-vlan-r1.asp: add modification to enable Native VLAN support (allow one untagged vlan per port) by default
- www: tomato.js: allow to use onclick in elements (appended after verifyFields() essentially) created by the createFieldsTable() function
- Netgear WNDR3400v3: adjust default values for wl_txq_thresh, et_txq_thresh and wl_rpcq_rxthresh (--> explicitly for WiFi modules)
- Netgear WNDR3400v2: adjust default values for wl_txq_thresh, et_txq_thresh and wl_rpcq_rxthresh (--> explicitly for WiFi modules)
- Linksys E3200: adjust default values for wl_txq_thresh, et_txq_thresh and wl_rpcq_rxthresh (--> not explicitly for WiFi modules)
- Belkin F9K1102(v3): adjust default values for wl_txq_thresh, et_txq_thresh and wl_rpcq_rxthresh (--> explicitly for WiFi modules)
2023.3 2023.06.25
---------------------------
- busybox: update to 1.36.1
- libcurl: update to 8.1.2
- sqlite: update to 3.42.0
- libxml2: update to 2.11.4
- nginx: update to 1.25.1
- openssl-1.1: update to 1.1.1u
- libsodium: update to latest 1.0.18-stable
- libubox: update to 75a3b87 (2023-05-23) snapshot
- dnsmasq: update to 9bbf098 (2023-05-26) snapshot
- nettle: update to 3.9.1
- util-linux: update to 2.39
- libusb: update to d5bb64b (2020-01-24) snapshot
- adblock v2: update to 2.72b
- dhcp6c: add signal handling of SIGINT and fflush
- getdns/stubby: fix the IP of one of the OpenDNS servers
- stubby: add getdnsapi.net DNS to the resolver list
- stubby: remove Surfnet/Sinodun DNS from the list - it doesn't work anymore
- rstats (Bandwidth Monitoring): add rstats nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- cstats (IP Traffic Monitoring): add cstats nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- FTP Server: add ftp nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- SNMP: add snmp nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- UPnP: add upnp nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- httpd: improve buffer handling
- httpd: increase buffer for get_wl_tempsense(); also use proper site_t buffer in snprintf
- shared/rc/httpd: improve buffer validation (strlcat_r)
- bsd/eapd/wlconf: fix build break (strlcat_r)
- mdu: fix compilation in case if built without libcurl; avoid compiler warnings
- mdu: fix segfault in curl_headers() when adding more than one header at a time
- mdu: add addtional headers for wget()
- mdu: fix basic auth in update_wget() when built with libcurl
- mdu: mdu.c: improve buffer handling
- mdu: allow the user to specify a custom polling period for External IP address checker
- mdu: rewrite the part responsible for obtaining the external IP address
- GUI: Basic: DHCP Reservation: properly initialize 'Static lease time' on page load
- GUI: admin-iptraffic.asp - add note about IPv4 only (no support for IPv6)
- GUI: advanced-wireless.asp - add Optimized for Xbox option
- GUI: Advanced: DHCP/DNS/TFTP: allow to ignore DHCP requests from unknown devices on each bridge individually
- GUI: Basic: Network: fix visibility of 'AP MAC Address to connect' option
- GUI: bwlimit.asp - add checks for Multi-LAN setups
- GUI: Basic: DDNS Client: use ajax to refresh info on page
- GUI: VPN Tunneling: OpenVPN Client: Routing Policy: add more thorough domain validation
- shared: misc.c: get_dns(): really add received DNS servers to the static DNS server list
- Revert "rp-pppoe: update to 3c0f6c02 (2023-02-08) snapshot"
- rc: init.c: fix restart of some services when using SIGHUP on init (resolves #284)
- rc: transmission.c: fix port forwarding for IPv6
- rc: wan.c: fix restart of some services in WET mode (resolves #91)
- rc: do not waste time and resources if IPv6 is disabled
- rc: jffs2.c - do not delete (automatically) jffs if mounting fails (show error only)
- rc: ddns.c: distinguish addrcache and dump file depending on the unit number
- rc: ftpd.c: fix bug where in some cases FW rules to open WAN port were not removed
- rc: nginx.c: fix bug where in some cases FW rule to open WAN port was not removed
- rc: mysql.c: Fix copying adminer.php to nginx_docroot
- rom: update CA bundle to 2023-05-30
- WL (SDK6 and up!): show & provide all valid WiFi 5 (AC / 80 MHz) control channels (lower-lower [LL], lower-upper [LU], upper-lower [UL], upper-upper [UU])
2023.2 2023.03.18
---------------------------
- WL Client / Media Bridge / Wireless Ethernet Bridge: add AP MAC (xx:xx:xx:xx:xx:xx) to scan and join (--> try to connect to that specific MAC with SSID "ABCDEF")
- libcurl: update to 7.88.1
- libjpeg-turbo: update to 2.1.5.1
- libsodium: update to latest 1.0.18-stable
- miniupnpd: update to 2.3.3
- rp-pppoe: update to 3c0f6c02 (2023-02-08) snapshot
- sqlite: update to 3.41.1
- e2fsprogs: update to 1.47.0
- openvpn-2.5: update to 2.5.9
- dnscrypt-proxy: update resolvers csv file
- rom: update CA bundle to 2023-01-10
- dnsmasq: add safe-mode + TFTP
- build: scripts: added PATH directive to avoid conflicts with entware/optware
- build: sync to MIPS RT-N/AC & ARM branch (WL Client / Media Bridge / Wireless Ethernet Bridge: add AP MAC (xx:xx:xx:xx:xx:xx) to scan and join)
- GUI: vpn-server.asp: corrected "Uncrypted" for "Unencrypted"
- GUI: VPN Tunneling: add Wireguard page (for now only with link to the wiki howto)
- GUI: DHCP / DNS / TFTP: clean-up
- Revert "GUI: add new default theme"
- others: entware-install-MIPS.sh: use the full path when calling programs
- rc: fix logdrop bevaviour (if enabled)
- rc: init.c: wndr3400v2/v3 add missing QTD params
- rc: transmission.c: fix port forwarding (UDP)
- rc: transmission.c: revert changes from 4c4f653 - everything works just fine
- rc: wan.c: fix commit 80a7e66
- shared: led.c: wndr3400v2 set active high for AOSS
2023.1 2023.02.17
---------------------------
- busybox: update to 1.36.0
- libpng: update to 1.6.39
- libsodium: update to latest 1.0.18-stable
- nano: update to 7.2
- tor: update to 0.4.7.13
- nginx: update to 1.23.3
- ffmpeg: update to 0.7.17
- libjpeg-turbo: add clean sources of 2.1.4
- dropbear: updates from the upstream
- sqlite: update to 3.40.1
- pppd: update to 2.4.9
- adblock: update to 2.71e
- libcurl: update to 7.87.0
- getdns: update to 1.7.3; refresh patches
- libubox: update to eac92a4 (2023-01-03) snapshot
- miniupnpd: update to 2.3.2; refresh patches
- libncurses: update to 6.4
- dnsmasq: update to 2.89
- openssl-1.1: update to 1.1.1t
- build: remove no more needed jpeg package from the tree
- GUI: add "Scroll to bottom" also at the bottom of the status-log page
- GUI: adjusting "Refresh Every" to "One off"
- GUI: Advanced: Firewall: add note about custom config file for igmpproxy
- GUI: advanced-wireless.asp - remove afterburner option (for SDK6 and up!)
- GUI: USB and NAS: BitTorrent Client: extend character limit on the input field for blocklist url to 256
- GUI: USB and NAS: Media Server: fixes/improvements
- GUI: USB and NAS: File Sharing: use checkboxes to select interfaces; also change location of samba configuration file (/etc/samba/smb.conf)
- minidlna: use syslog instead of a log file; added as a patch
- others: Makefile: also add ntp2ip script when image is built with dnscrypt-proxy but without stubby (resolves #90)
- rc: openvpn.c: remove ignoring directives for IPv6 for OpenVPN client
- rc: samba.c: correct 'server string'
- rc: services.c: start_media_server(): correct friendly_name, album_art_names; add model_name
- rc: service.c: start_upnp(): correct friendly_name
- rc: transmission.c: only add bind to generated config if it's not already added in custom config
- www: tomato.js: allow the hostname to be all digits as per RFC
- www: add new favicon (thanks @rs232)
- init.c: E2500 update/modify nvram defaults
2022.7 2022.12.20
---------------------------
Note: the upgrade is highly recommended for users using Routing Policy in the OpenVPN client due to a major issue related to it.
- busybox: update to 1.35.0
- dropbear: update to 2022.83
- tor: update to 0.4.7.11
- zlib: update to 1.2.13
- xl2tpd: update to 1.3.18
- sqlite: update to 3.40.0
- libpng: update to 1.6.38
- nano: update to 7.0
- minidlna: update to 1.3.2; refresh patches, remove no more needed
- dnsmasq: update to v2.88
- build: Makefile: fix compilation in case if minidlna is built as static
- GUI: Status: Overview: fix Signal Quality icon in wireless client mode when RSSI is equal zero
- GUI: Basic: Time: add option to serve also NTP on the WAN
- GUI: VPN Tunneling: Tinc Daemon: better format Tinc output in Advanced themes
- GUI: Administration: TomatoAnon: grammar fix
- GUI: Status: Device List: add frequency to Moise Floor interfaces list
- busybox: awk: fix use after free (CVE-2022-30065)
- dropbear: disable DSS key support
- dropbear: use Os flag for Libtommath and smallest targets
- e2fsprogs: add two patches from openwrt
- httpd/mssl: add support of elliptic curves in mssl_cert_key_match
- httpd: switch self-signed certificate from RSA to ECC
- rc: adjust start/stop of miniupnpd
- rc: adjust/add stop for miniupnp in case of single-wan
- rc: firewall: move ftpd FW rules (remote access/ftplimit) to ftpd.c script
- rc: interface.c: log errors only on failed interface addition
- rc: nocat.c: only run start_wan() if nocat was really started
- rc: openvpn.c: check first if firewall script is executable
- rc: openvpn.c: workaround for problems when adding iptables rules
- rc: rc.c: run_del_firewall_script(): correct temp file permissions
- rc: services.c: start_igmp_proxy(): drop privileges after startup
- rc: services.c: improve buffer handling
- rc: services.c: exec_service: do not re-use buffer
- rc: services.c: do_service(): increase waiting time (from 15 to 20 secs), because almost all services are now serialized when started/stopped; more verbose logging
- rc: services: move ftpd support to outer file
- rc: wan.c: restarting httpd service here is completely redundant
- rc: telssh.c: avoid problems while starting/stopping in the GUI (and also in other cases)
- stubby: add Mullvad DNS to the list
- router: shared: cache the model detection result for safe multiple use
- Wireless Ethernet Bridge: fix Boot-Loop for MIPS RT-AC branch router/images
2022.6 2022.11.06
---------------------------
- toolchain: fix support for realpath() - allow a NULL argument; causing segfault in ie. nano
- libcurl: update to 7.86.0
- nano: update to 6.4
- nettle: update to 3.8.1
- sqlite: update to 3.39.4
- tor: update to 0.4.7.10
- dnsmasq: update to 2.87 final
- tinc: update to the latest commit. 4c6a9a9; update to meson build system. Add lz4 support to tinc
- dnscrypt-proxy: update resolvers csv file
- getdns: update to 1.7.2
- openssl-1.1: update to 1.1.1s
- igmpproxy: update to 0.4
- libsodium: update to latest version of 1.0.18-stable
- nginx: update to 1.23.2
- ntfs-3g: update to 2022.10.3
- miniupnpd: update to 2.3.1
- openvpn: update to 2.5.8
- flac: update to 1.4.2
- libxml2: update to 2.10.3
- libcurl: update CA certificate bundle as of 2022-10-11
- meson: add clean source for version 0.63.0
- lz4: add clean source for version 1.9.3
- lz4: update to 1.9.4
- zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)
- zlib: backport null dereference fix
- nocat: import some patches found in debian
- build: sync up DockerFile to current build process
- build: Makefile: clean-up Linksys E-Series with 64k Nvram/8MB Flash (E800/E900/E1200v2/E1500) - two targets possible now (VPN & Max image)
- build: Makefile: add back original target recipe, make help for wndr3400 v2/v3
- build: Makefile: edit e3200 target recipe and make help menu. - changing from mega-vpn to vpn
- build: samba3: update Makefile; due to the recent changes to the toolchain, we now have realpath() with support for NULL argument. So change that option
- GUI: advanced-misc.asp - Make it possible to save settings without rebooting
- GUI: Wireless Survey: check for Channel Spec BW 160 / 8080 MHz (SDK6 and up)
- GUI: VPN Tunneling: Tinc Daemon: fix javascript error
- GUI: NAS: Media Server: fix allowed port range
- GUI: Basic: Network: remove unnecessary javascript alert
- GUI: move IPSec Passthrough from Firewall to Conntrack/Netfilter
- GUI: Advanced: Routing: increase route metric limit from 10 to 4294967295
- GUI: Status: Overview: add link to DHCP/DNS page when using stubby/dnscrypt-proxy
- GUI: basic-ddns.asp - do not show the DDNS password
- GUI: Asus RT-N16: fix saving country/rev selection starting with release 2022.4/5 (GUI: advanced-wireless.asp)
- GUI: basic-network.asp - Option: Automatic IP --> give some more Infos to the FT user about changing IP address (DHCP client on/off)
- GUI: fix start/stop button behaviour, when there is an error in config file
- GUI: add new default theme
- GUI: USB and NAS: Media Server: fix the operation of the 'Rescan on the next run' button
- GUI: Administration: Admin Access: add 'Notes' section about dropbear additional configuration files
- GUI: Status: Overview: add current operator to WWAN Modem Status
- Access Point Mode / WET / Media Bridge Mode: Allow to obtain a LAN IP via DHCP
- firewall: check GUI IPSec config first (small fix for operator priority)
- httpd: misc.c: asp_notice(): sanitize file name
- httpd: log.c: wo_viewlog(): sanitize search string more aggressively
- IPv6: add/use function to extract prefix from configured IPv6 address
- nvram: remove no more needed variables (dhcp_start, dhcp_num)
- Revert "GUI: Advanced: DHCP / DNS Client: remove 'Reduce packet size' option - no more available in udhcpc from busybox"; 'Reduce packet size' option is available via patch!
- rc: firewall: move nginx FW rules (remote access) to nginx.c script
- rc: openvpn.c: rewrite openvpn FW rules
- rc: tinc.c: rewrite tinc FW rules
- rc: transmission.c: rewrite transmission FW rules and watchdog script
- rc: mysql: rewrite, to get rid of shell scripts
- rc: pptpd.c: rewrite pptpd FW rules
- rc/shared: introduce and use killall_and_waitpid()
- rc: tune stop_stubby function
- rc: fix call to restart_nas_services() - to restart it needs stop/start, not only start
- watchdog: use 1.1.1.1 as a 2nd target instead of microsoft.com
- www: tools-qr.asp: fix bug when certain characters are in ssid or PSK
- www: status-log.asp: add maxlength to find input element
- Netgear WNDR3400 v2/v3: skip enable switch leds at bcmrobo
- Linksys E3200: modify init (default) values
- WNDR3400v2 / WNDR3400v3: modify init (default) values
- Share Max N300 (F7D3301/F7D7301) v1 and Share N300 (F7D3302/F7D7302) v1: fix saving country/rev selection starting with release 2022.4/5 (GUI: advanced-wireless.asp)
- F9K1102: init.c: modify variables, parameters same as E3200
2022.5 2022.08.06
---------------------------
Note: mainly bugfixes release.
- nginx: update to 1.23.1
- sqlite: update to 3.39.2
- libcurl: update CA certificate bundle as of 2022-07-19
- build: dhcpv6: add #ifdef to have one version for ARM and MIPS
- build: Makefile: remove IPSEC support from 'm' (Max) target to save some space
- GUI: fix copy-paste for advanced-dhcpdns.asp
- GUI: Advanced: DHCP/DNS: 'Solve .onion' checkbox should be available regardless of tor status
- GUI: basic-ipv6.asp - fix problems with saving IPv6 setting
- GUI: Advanced: DHCP/DNS: rename option
- dhcpv6: Improve log messages when a REPLY message arrives. The old ones were confusing
- dhcpv6: Add a new script event "EXIT", which is invoked when dhcp6c exits
2022.4 2022.07.31
---------------------------
Note: because of changes in GUI, clean your browser cache and/or use Ctrl+F5 (FF) to avoid artifacts.
- toolchain: hndtools-mipsel-uclibc update; uClibc 0.9.30.1 with CVE-2022-30295 and CVE-2016-6264 fixes
- toolchain: add support for be64toh/htobe64 (iperf); ULLONG_MAX/LLONG_MAX/LLONG_MIN defs were unavailable for compiler (e2fsprogs)
- libcurl: update to 7.84.0
- libxml2: update to 2.9.14
- libiconv: update to 1.17
- flac: update to 1.3.4
- openvpn: update to 2.5.7
- ntfs-3g: update to 2022.5.17
- libsodium: update to 1.0.18-stable
- nettle: update to 3.8
- tor: update to 0.4.7.8
- zlib: update to 1.2.12 (add two fixes from the develop tree)
- libubox: update to d2223ef (2022-05-15) snapshot
- uqmi: update to 56cb2d4 (2022-05-04) snapshot
- openssl-1.1: update to 1.1.1q
- sqlite: update to 3.39.0
- nginx: update to 1.23.0
- dnsmasq: update to 2022.07.07 (20b4a4e) snapshot
- build: Makefile: Asus RT-N53: this model only supports 100Mbps WAN/LAN, so remove bcmnat from recipe
- build: Makefile: Linksys E2500: this model only supports 100Mbps WAN/LAN, so remove bcmnat from recipe
- build: Makefile: Netgear WNDR3400v2/v3: this model only supports 100Mbps WAN/LAN, so remove bcmnat from recipe
- build: Makefile: sync Asus RT-N53 and Linksys E2500v2 targets (almost the same)
- build: router: Makefile: also install zlib when samba is added to the (not AIO) image - fix build break
- build: only include adblock when image is built with TCONFIG_HTTPS (all (or most) servers from the adblock list are now redirecting to https, so wget can't download them without OpenSSL)
- build: Makefile: WNDR3400V2/V3: change NVRAM size to 32K (issue with 5GHz WL driver and disappearing settings) - workaround for #82
- GUI: Administration: Configuration: fix date in the filename of saved config file
- GUI: Administration: NFS Server: correct link to the NFS website
- GUI: Advanced: Firewall: change link for Efficient Multicast Forwarding option
- GUI: Advanced: Tor: add daemon status, add start/stop button
- GUI: advanced-wireless.asp - make it possible to select country rev also for newer SDK5 wl driver 5.100.x and up
- GUI: advanced-wireless.asp - Set bss_maxassoc same as global max clients
- GUI: advanced-wireless.asp - adjust/improve saving country/rev selection
- GUI: Status: Logs: implement maximum filter level
- GUI: Status: Overview: clearly explain what the WL enable/disable buttons are for
- GUI: status-overview.asp - Show WL Radio Temperatures (if available) for MIPS Router (SDK5 RT-N and up)
- GUI: Tools: Wireless Survey: add a note for ARM routers, that WL survey doesn't work when WL filter is turned on in 'permit only' mode
- GUI: USB and NAS: FTP/Samba/FTPD/BT: add daemon status, add re-start button (unify to nginx/mysql page)
- GUI: VPN Tunneling: OpenVPN Client: also allow range of IP addresses as a source IP
- GUI: fix backup filename date
- adblock: convert all lists to https; additionally add Steven Black list
- apcupsd: add PCNET and SNMP support in AIO targets; allow to use custom config
- dhcpv6: Add a no release option '-n'. This prevents a release signal from being sent to the ISP causing a new PD or address to be allocated
- dhcpv6: Remove the PID file just before dhcp6c actually exits
- dhcpv6: Add a signal handler for SIGUSR1 to forcibly exit without releasing the obtained addresses
- dhcpv6: Set a DHCPv6 state keyword to an environment variable "REASON"
- dhcpv6: reload config on SIGHUP
- dropbear: add login limits
- dropbear: fix MAX_UNAUTH_CLIENTS regression - fix from the upstream
- dropbear: patches: add DEFAULT_ROOT_PATH
- httpd: misc.c: use utf8 in asp_rrule()
- IPv6: add DUID type selection (currently only DUID-LL (default) OR DUID-LLT)
- IPv6: extend GUI status page (status-overview.asp) - show DUID
- IPv6: add GUI option (basic-ipv6.asp) to start DHCP6 Client in debug mode (only for RT-N+ router)
- IPv6: add GUI option (basic-ipv6.asp) for DHCP6 client to prevent prefix/address release on exit
- IPv6: check environment variable "REASON" which is passed to the client script when receiving a REPLY message (only for DEBUG currently)
- JFFS: do not start if router model is unknown
- others: linkagg: fix warning messages, cosmetic
- rc: serialize (re-)starts from GUI, avoid zombies
- rc: do not (re)start services during upgrade/reboot
- rc: firewall: add IPv4 IPSEC passthrough
- rc: gpio.c - extend gpio poll up to 32 pins
- rc: openvpn.c: also abort when can not create tap/tun interface
- rc: openvpn.c: fix parsing of pidof result in watchdog script
- rc: services.c: start_ntpd(): correct verbose option
- rc: services.c: start_ntpd(): run ntpd at high priority
- rc: services: move samba support to outer file
- rc: transmission: rewrite, to get rid of shell scripts
- router: httpd: wl.c - adjust and correct scan params for wireless survey (GUI: tools-survey)
- shared: wlscan.h - increase buffer for wireless survey (SDK6 and up)
- stubby: add Cisco Umbrella/OpenDNS DoT Servers to Stubby Options
- SDK5: USB AP Router: adjust loading USB driver
- SDK5: use wl driver USB AP 5.110.27.20012 (March 2018)
- wireless ethernet bridge AND media bridge mode: use dnsmasq (provide DNS service)
- Wireless Survey: rework / optimize code for wl survey (GUI: tools-survey)
- Wireless Survey: optimize code for wl survey (GUI: tools-survey) and keep wl up while using survey tool (SDK5 RT-N and up)
- www: tomato.js: fix id in TomatoGrid.prototype.createEditor
2022.3 2022.05.12
---------------------------
- SDK6 (mips RT-AC branch): allow upgrade from AsusWRT to FreshTomato via GUI
- dnsmasq: update to 2022-03-31 (03345ec) snaphot (fix for CVE-2022-0934)
- libcurl: update to 7.83.0
- sqlite: update to 3.38.5
- ebtables: fix the 'static' build target (update from upstream)
- libsodium: update to latest 1.0.18-stable
- libnfnetlink: update to 1.0.2
- libmnl: update to 1.0.5
- wsdd2: update to 1.8.7
- libjson-c: update to 0.16-20220414
- nano: update to 6.3
- openssl-1.1: update to 1.1.1o
- tor: update to 0.4.7.7
- libcurl: update CA certificate bundle as of 2022-04-26
- build: Makefile: only build an image for RT-N18U in NOSMP version
- GUI: fix display of 'beta' tag on Advanced themes
- GUI: Administration: Admin Access: update links to TTB themes list and gallery
- GUI: Advanced: DHCP/DNS: add the choice of EDNS packet size - default: 1280, no change (resolves #214)
- GUI: Web Server: add buttons for nginx/MySQL that open their interfaces in the new tab/page
- GUI: VPN Tunneling: Tinc Daemon: fix javascript error
- GUI: VPN Tunneling: Tinc Daemon: fix version number display
- README: add info about github mirror
- httpd: cgi.c: use logmsg()
- httpd: cgi.c: improve buffer handling
- httpd: cgi.c: fix for CVE-2022-28664 (TALOS-2022-1509): FreshTomato httpd unescape memory corruption vulnerability
- mssl: disable TLS 1.0 & 1.1 support for images with OpenSSL 1.1
- rc: network.c - fix IPv6 forwarding in case of 4 LANs (resolves #216)
- watchdog: fix regex which trigger dhcpFix
- E4200v1 / Belkin F9K1102 (v1/v3): remove band selection (2,4 GHz OR 5 GHz) for second radio module at the GUI (basic-network)
2022.2 2022.04.07
---------------------------
Note: mainly bugfixes release.
- SDK5: update bcmrobo
- openvpn: update to 2.5.6
- openvpn-2.4: update to 2.4.12
- openssl-1.1: update to 1.1.1n
- sqlite: update to 3.38.2
- dropbear: update to 2022.82
- uqmi: update to 2022.03.12 (44dd095) snapshot
- libcurl: update CA certificate bundle as of 2022-03-29
- build: prevent php and miniupnpd from picking up build system libraries
- GUI: Advanced: Routing: fix adding new entries in Static Routing Table
- GUI: Advanced: Virtual Wireless: add a warning in the Notes section to not use 'virtual interfaces' on interface in Wireless Ethernet Bridge or Media Bridge modes due to possible problems
- GUI: Advanced: Virtual Wireless: also add frequency to interface drop down list when editing
- GUI: Basic: Network: fix javascript error
- GUI: Basic: Network: also set wanX_proto to 'disabled' if given WAN is (set to) inactive
- GUI: Wake on LAN/Menu: use one notation for consistency
- GUI: Web Server: MySQL Server: add daemon status, add start/stop button (unify to nginx page)s
- others: btcheck: fix regex for checking if transmission-daemon is up (it never worked...)
- others: mycheck: simplify regex for checking if mysqld is up
- others: switch4g: simplify regex for checking if uqmi is up
- others: switch4g: only use nvram commit if it's needed
- others: watchdog: simplify regex and fix how mwanroute is called (detach)
- others: watchdog: fix regex for checking if orphaned connect-on-demand listen process is up (it never worked...)
- others: watchdog: fix for LTE proto
- others: wwansignal: simplify regex for checking if uqmi is up
- patches: dropbear: removed algos/keys not supported by old openssl
- rc: nginx: align the way how it's called to other services (note: name of the service has changed from 'enginex'/'nginxfp' to 'nginx'/'nginxgui')
- rc: use nvram variables instead of globals to skip some steps during upgrade/reboot procedure; also include watchdog in that process
- rc: some fixes regarding MultiWAN + add more debug log
- rc: tinc.c: add/fix watchdog
- shared: defaults.c: initialize wanX_proto (except the 1st one) as 'disabled'
- www: tomato.js: improve error handling in displayOUI()
- Belkin F9K1102 (v1/v3): adjust LED table
- Belkin F9K1102 (v1/v3): skip enable switch leds at bcmrobo
- Belkin F9K1102 (v1/v3): restore all buttons (Reset & WPS)
2022.1 2022.03.13
---------------------------
Note: DDNS Cloudflare now is using only the new method for auth - please update your settings.
Note2: to use a new WL feature (WL roaming assistant), clean install is needed.
- kernel: USB: serial: option: add support for Novatel USB730L enterprise mode
- kernel: HID: ignore Novatel USB730L modem
- kernel: drivers: net: usb: update ipheth module
- kernel: drivers: net: usb: ipheth: fix iOS14 tethering issues
- Revert "kernel: make xt_recent built-in instead of module"
- nginx: update to 1.21.6
- tor: update to 0.4.6.10
- e2fsprogs: update to 1.46.5
- sqlite: update to 3.38.0
- miniupnpd: update to 2.3.0
- avahi: update to 0.8
- libubox: update to f2d6752 (2022-02-11) snapshot
- uqmi: update to 2022.02.02 (f254fc5) snapshot
- libcurl: update to 7.82.0
- libsodium: update to latest 1.0.18-stable
- libxml2: update to 2.9.13
- nano: update to 6.2
- xl2tpd: update to 1.3.17
- dnsmasq: update to 2022.02.25 (4732aa6) snapshot
- libcurl: update CA certificate bundle as of 2022-02-01
- build: always add libutil to the image
- build: router: Makefile: correct when installation of zlib and sqlite is needed
- build: router: Makefile: openvpn doesn't use zlib at all...
- build: router: Makefile: explicitly specify when zlib should be added to the image
- build: Makefile: add SNMP to e2500 target; rename description to 'Custom' because it isn't really 'Max' image (resolves #77)
- build: Makefile: build dnsmasq with DUMPFILE option for ARM routers
- GUI: advanced-mac.asp - fix saving default WAN mac addr (starting with FT 2021-8 / latest VLAN-fixes)
- GUI: (css): fix grayed out elements that cannot be modified
- GUI: advanced-misc.asp: add confirmation before rebooting the router
- GUI: add notes on pages where functionality is disabled when CTF/Broadcom FastNAT is turned on; also disable automagically QoS and BWL when CTF is enabled or BWL when Broadcom FastNAT is enabled; add notes that using QoS or Access Restriction disables Broadcom FastNAT module
- GUI: tools-wol.asp: fix typo
- GUI: advanced-mac.asp - align default wireless mac addr to wlconf setup AND FreshTomato initial mac setup (note: repair GUI wl mac setup --> GUI default and initial mac are the same now)
- GUI: Advanced: Firewall: fix IGMP proxy custom configuration textarea bahaviour
- GUI: Advanced: Routing: correct display of interfaces in Static Routing Table
- GUI: Admin: Debugging: improvements to the Debugging page
- GUI: status-overview - improve ethstate if WAN port is moved to primary LAN (part 2)
- GUI: Advanced: Firewall: add 'Allow DHCP responses' option; also correct name of nvram variable/value
- GUI: Advanced: Firewall: add smart MTU black hole detection and enable it by default
- GUI: VPN Tunneling: OpenVPN Server Configuration: enlarge 'Common Name' text area to 30 chars
- GUI: change the menu labels: WOL -> WoL, Trace -> Traceroute, IPerf -> iPerf
- GUI: IP Traffic: Last 24 Hours: fix initialization of 'IPs currently on graphic' dropdown list when loading the page
- GUI: admin-access.asp: add option to enable/disable the brute force mitigation rule on port defined for GUI remote access
- GUI: USB and NAS: BitTorrent Client: correct drop down list description
- GUI: Basic: Network: fix problems with Wireless Client mode (again)
- GUI: Basic: Network: hide 'Wireless Client Mode' drop down list when given WAN is disabled
- GUI: Advanced: DHCP / DNS Client: remove 'Reduce packet size' option - no more available in udhcpc from busybox
- GUI: Administration: Admin Access: correct display order of 'Allow Remote Upgrade'
- GUI: Administration: Admin Access: change regex for 'Authorized Keys' to allow also pasting keys that start, for example, with some command
- GUI: add as an Admin option: unmount JFFS automatically as part of the upgrade process
- GUI: Overview: Device List: fix some potential problems
- GUI: Basic: Network: fix more issues when switching i.e. from 2 WANs to 1 WAN
- Add ability to run custom script with start and stop of QoS: /etc/wan_qos.custom start|stop wannum
- IPv6: rc: services.c - add check for SLAAC and/or DHCPv6 before using global address and not link-local address for IPv6 DNS
- OpenVPN: do not add 'duplicate-cn' to server config automatically
- PPTP Server: bypass CTF (if enabled)
- WL: add roaming assistant (see GUI advanced-wireless.asp) as an option (note: disabled by default)
- adblock: filter also ipv6 addresses
- avahi: cleanup: ensure entries are dead for at least 1s (fix from the upstream)
- avahi: fixed dns_sd segfaults, initialization issues, and added NDEBUGs (fix from the upstream)
- avahi: use monotonic timer when possible (fix from the upstream)
- avahi: use internal type for timers (fix from the upstream)
- avahi: do not disable timeout cleanup on watch cleanup (fix from the upstream)
- getdns/stubby: rdata not correctly written for validation for certain RR types (fix from the upstream)
- httpd: openvpn.c: add "route <netaddr> <netmask>" directive to downloaded OpenVPN config file when static keys are in use (because the route cannot be pushed from the "server" when using static keys)
- httpd: check key and cert pair, if they are mismatched, regenerate key and cert
- mdu: cloudflare: use new API token instead of email/globalAPIkey for auth
- multiwan/watchdog: fix even more issues including lack of default route when all WANs are down - now in such cases, default route is added to the WAN with the heighest weight
- nginx: change default server name to 'FreshTomato'
- rc: buttons.c - increase button sample time (now 500 ms) and improve robustness
- rc: dhcpc-event: fix selection of the correct prefix for two consecutive WANs
- rc: firewall.c: check more variables before applying FW rules (in some cases, there was no firewall at all)
- snmp: add patch to change snmp interface cache timeout to 1 second for realtime monitoring
- usbmodeswitch: fix for Novatel USB730L modem
- www: tomato.js: add placeholder support for <textarea> and <input>
- Belkin F5D / F7D Series: adjust wl mac setup and wl default config to arm branch (note: erase all data in NVRAM memory (thorough) to get the new setup/config)
- Netgear R6300 V1 / WNDR4500 V1 & V2: adjust wl mac setup and wl default config to arm branch (note: erase all data in NVRAM memory (thorough) to get the new setup/config)
- DIR-865L: adjust wl mac setup and wl default config to arm branch (note: erase all data in NVRAM memory (thorough) to get the new setup/config)
- RT-N66U / RT-AC66U: adjust wl mac setup and wl default config to arm branch (note: erase all data in NVRAM memory (thorough) to get the new setup/config)
2021.8 2021.12.25
---------------------------
- kernel: fix from upstream for CVE-2019-11478 (tcp: tcp_fragment() should apply sane memory limits)
- kernel: tcp: refine memory limit test in tcp_fragment()
- kernel: [SCSI] sd: Use SCSI read/write(16) with > 32-bit LBA drives
- kernel: [SCSI] sd: revive sd_index_lock
- kernel: Validate size of EFI GUID partition entries
- kernel: netfilter: ipt_account: make allocation dynamic to save on stack usage
- tor: update to 0.4.6.8
- nano: update to 6.0
- libncurses: update to 6.3
- libsodium: update to latest version of 1.0.18-stable
- nginx: update to 1.21.4
- util-linux: update to 2.37.2
- mysql: update to 5.5.62
- libexif: update to 0.6.24