Code: Select all
- FIXED: Security issues in httpd (backport from GPL 4180 +
additional fixes of my own)
Code: Select all
- FIXED: IPv6 client list failing to properly show hostnames
(regression in 64_1)
- FIXED: A few potential buffer overruns in httpdCode: Select all
- NEW: Merged with Asus GPL 380_4180 (and fixed its broken
Network Tools/Connections/etc... pages)
- NEW: Upgraded to OpenVPN 2.4.0, and implemented support
for many of its new features:
* GCM ciphers
* LZ4 compression
* tls-crypt (uses the Static Key field)
* Cipher negotiation (NCP), with (optional)
fallback to legacy "cipher" parameter when
an OpenVPN 2.3 client connects to the
router's 2.4 server.
Please refer to the OpenVPN 2.4 documentation for
more info on these new features.
You will be warned if any server setting would
generate an exportable ovpn file that would be
incompatible with older clients.
Existing client config shouldn't need to be changed,
unless you modify the router's server configuration.
- NEW: Upgraded Busybox to 1.25.1 (patch by theMIROn)
- NEW: Added the following Busybox applets: ntpd, time, uniq,
xargs and getopt, for feature parity with John's fork.
- NEW: Option on Media Server page to enable minidlna's
built-in status web page. Default URL is
http://router.asus.com:8200 .
- NEW: Support for Vodafone R226 USB LTE (patch by
Gernot Pansy)
- NEW: New "update-notification" user script, that gets run
when a scheduled firmware check detects a new version
is available.
- CHANGED: Removed support for all RC ciphers on OpenVPN.
DES is staying for now, but should still be avoided
whenever possible.
- CHANGED: Updated Tor to 0.2.9.8 (patch by blackfuel)
- CHANGED: Updated nano to 2.7.4.
- CHANGED: hosts file will now give a higher priority to the
user-configured hostname for the router ahead of
hardcoded ones (like router.asus.com).
- CHANGED: Create a system log entry if new firmware is available.
- FIXED: Invalid DUID used when requesting an IPv6 prefix
for some of the newer router models, which would
prevent them from getting working IPv6 (Asus bug)
- FIXED: Network Service Firewall rules not applied
under certain configurations
- FIXED: Port triggering wasn't working if traffic had
been whitelisted by Network Service Firewall
- FIXED: Avahi wasn't rejecting connections from
secondary WAN interface
- FIXED: Sorting clients by connection time would incorrectly
treat 10 hours as longer than 9 hours, as it was
handling it as a string (Asus bug)
- FIXED: Exported ovpn client file wouldn't use the
user-configured hostname when using DDNS custom mode.
- FIXED: Exported OpenVPN client config didn't work when
using static key authentication.
- FIXED: Exported OpenVPN client config wasn't editable with
Notepad, the default editor used by Windows's
OpenVPN GUI.
- FIXED: OpenVPN was killed too quickly on disconnection,
causing issues when using explicit-exit-notify
(patch by john9527)
- FIXED: OpenVPN client/server instances weren't properly
restarted on a WAN restart (patch by john9527)
- FIXED: Some models (N66/Ac66/AC5300) would reboot 3 times
if one of the radios was found disabled by the user
while booting (Asus bug).Code: Select all
- CHANGED: Display name and icon for clients configured on the
Tor page.
- CHANGED: Improvement to OpenVPN Client page behaviourCode: Select all
- NEW: Merged with parts of Asus GPL 380_4180, left out
most of it because of too many bugs in it.
- NEW: Upgraded to OpenVPN 2.4.0, and implemented support
for many of its new features:
* GCM ciphers
* LZ4 compression
* tls-crypt (uses the Static Key field)
* Cipher negotiation (NCP), with (optional)
fallback to legacy "cipher" parameter when
an OpenVPN 2.3 client connects to the
router's 2.4 server.
Please refer to the OpenVPN 2.4 documentation for
more info on these new features.
You will be warned if any server setting would
generate an exportable ovpn file that would be
incompatible with older clients.
Existing client config shouldn't need to be changed,
unless you modify the router's server configuration.
- NEW: Upgraded Busybox to 1.25.1 (patch by theMIROn)
- NEW: Added the following Busybox applets: ntpd, time, uniq,
xargs and getopt, for feature parity with John's fork.
- NEW: Option on Media Server page to enable minidlna's
built-in status web page. Default URL is
http://router.asus.com:8200 .
- NEW: Support for Vodafone R226 USB LTE (patch by
Gernot Pansy)
- NEW: New "update-notification" user script, that gets run
when a scheduled firmware check detects a new version
is available.
- CHANGED: Removed support for all RC ciphers on OpenVPN.
DES is staying for now, but should still be avoided
whenever possible.
- CHANGED: Updated openssl to 1.0.2k
- CHANGED: Updated tor to 0.2.9.9 (0.2.9.x patch by blackfuel)
- CHANGED: Updated nano to 2.7.4.
- CHANGED: hosts file will now give a higher priority to the
user-configured hostname for the router ahead of
hardcoded ones (like router.asus.com).
- CHANGED: Create a system log entry if a new firmware
version is available.
- CHANGED: Display name and icon for clients configured on the
Tor page.
- CHANGED: Streamlined miniupnpd stop/start events during boot,
so there are fewer of them now.
- FIXED: Invalid DUID used when requesting an IPv6 prefix
for some of the newer router models, which would
prevent them from getting working IPv6 (Asus bug)
- FIXED: Network Service Firewall rules not applied
under certain configurations
- FIXED: Port triggering wasn't working if traffic had
been whitelisted by Network Service Firewall
- FIXED: Avahi wasn't rejecting connections from
secondary WAN interface
- FIXED: Sorting clients by connection time would incorrectly
treat 10 hours as shorter than 9 hours, as it was
handling it as a string (Asus bug)
- FIXED: Exported ovpn client file wouldn't use the
user-configured hostname when using DDNS custom mode.
- FIXED: Exported OpenVPN client config didn't work when
using static key authentication.
- FIXED: Exported OpenVPN client config wasn't editable with
Notepad, the default editor used by Windows's
OpenVPN GUI.
- FIXED: OpenVPN was killed too quickly on disconnection,
causing issues when using explicit-exit-notify
(patch by john9527)
- FIXED: OpenVPN client/server instances weren't properly
restarted on a WAN restart (patch by john9527)
- FIXED: Some models (N66/AC66/AC5300) would reboot 3 times
if one of the radios was found disabled by the user
while booting (Asus bug).
- FIXED: Webui layout was broken under Chrome 56.
http://asuswrt.lostrealm.ca/" onclick="window.open(this.href);return false;SKA wrote: 其實...呢D咩嚟...
Welcome to the official website for the Asuswrt-Merlin firmware project, a third party alternative firmware for Asus routers, with a special emphasis on tweaks and fixes rather than radical changes or collecting as many features as possible.
Code: Select all
- NEW: Merged with GPL 380_7378
Notable changes:
* Port forwards can select a specific source IP
* Security fixes for CVE-2017-5891, CVE-2017-5892
and CVE-2017-6547
Note:
* If you are experiencing new wifi stability
issues, try disabling Airtime Fairness on
the Wireless -> Professional page (on all
bands).
- NEW: Option to disable Wanduck's constant DNS probing
for WAN state (Tools -> Other Settings)
- NEW: Allow disabling the use of DH, by entering
"none" in the DH field for OpenVPN server config.
- NEW: Added new Internet redirection mode to OpenVPN clients
called "Policy Rule (Strict)". The difference from the
existing "Policy Rule" mode is that in strict mode,
only rules that specifically target the tunnel's
interface will be used. This ensures that you don't
leak traffic through global or other tunnel routes,
however it also means any static route you might have
defined at the WAN level will not be copied either.
- CHANGED: Ovpn importer now recognizes the "port" and
"reneg-sec" parameters.
- CHANGED: Ovpn importer now support a third argument for
the "remote" parameter, allowing to specify the
protocol.
- CHANGED: Updated Tor to 0.2.9.10
- CHANGED: Updated nano to 2.8.1
- CHANGED: Updated OpenVPN to 2.4.2
- CHANGED: Updated LZ4 to 1.7.5 (used by OpenVPN)
- CHANGED: SSL certificate generated for httpds will now
contain SANs for hostname, router.asus.com, IP
and DDNS hostname.
- CHANGED: Make minidlna always use the same uuid, based on
the LAN MAC (original patch by john9527)
- CHANGED: Better feedback provided when an ovpn file upload
generates a problem due to a key/cert that's
not provided inline. Inform the user which of
these he will need to manually provide.
- CHANGED: Disable bridge multicast_snooping, as this should be
unnecessary, and it could interfere with EMF, UPNP and
other multicast applications. Can be re-enabled from
the Tools -> Other Settings page.
- REMOVED: The Virtual Server page no longer allows users to
edit existing port forwards (our existing code is
incompatible with Asus's newer webui code and will
need to be re-implemented.)
- FIXED: WOL page fails to load if adding a client with a
quote in its name.
- FIXED: Couldn't add a DHCP reservation client if its name
contained a quote.
- FIXED: New outbound connections weren't logged if firewall
logging was enabled.
- FIXED: OpenVPN server didn't always work properly in udp mode
when in a dual stack IPv4/IPv6 environment (backport
from GPL 382_9736)
- FIXED: When disabling NCP support in OpenVPN, the router
could still be trying to use it if the remote end
had it enabled.
- FIXED: Potential CVE-2016-10229 security issue in kernel
(unsure whether our kernel was vulnerable or not)
- FIXED: ovpn file import would fail to import auth hash or
cipher if they weren't uppercase.
- FIXED: Couldn't edit SMB permissions if the disk had
multiple partitions (Asus bug) (patch by
Jeremy Goss)
- FIXED: Exporting a client.ovpn file with no existing CA
could generate garbled output in the generated
file.Code: Select all
- FIXED: AiCloud fail to start on RT-N66U and RT-AC66U.
- FIXED: The generated key/cert for httpds and AiCloud could
sometimes be invalid due to a timing problem.Code: Select all
- CHANGED: Updated dropbear to 2017.75
- FIXED: Security issue CVE-2017-7494 in Samba.