freshtomato-arm/CHANGELOG

===========================
FreshTomato-ARM Changelog
===========================
(for full changelog, see: https://bitbucket.org/pedro311/freshtomato-arm/src/arm-master/CHANGELOG)



2024.3          2024.08.04
---------------------------

- SDK7: allow to build images with older wl drivers (Year 2020 & 2021) - deault is current Year 2023 wl driver (no change) [M_ars]
- php: update to 8.3.9
- libjpeg-turbo: update to 3.0.3
- libxml2: update to 2.13.3
- sqlite: update to 3.46.0
- libcurl: update to 8.9.1
- libsodium: update to latest 1.0.20-stable
- nginx: update to 1.27.0
- e2fsprogs: update to 1.47.1
- pptpd: update to 1.5.0
- libnetfilter_conntrack: update to 1.0.9
- libnetfilter_log: update to 1.0.2
- libnetfilter_queue: update to 1.0.5
- conntrack-tools: update to 1.4.8
- openssl-3.0: update to 3.0.14
- meson: update to 1.5.1
- openvpn: update to 2.6.12
- wolfssl: update to 5.7.2-stable
- nano: update to 8.1
- nettle: update to 3.10
- miniupnpd: update to 2.3.7
- pcre2: update to 10.44
- lz4: update to 1.10.0
- dnscrypt-proxy: update to latest git (security fix, fix usage with latest libsodium, ref: https://github.com/dyne/dnscrypt-proxy)
- adminer: update to 4.8.4
- build: add OpenSSL 3.0.13 to the tree
- build: add OpenSSL 3.0.x recipes, add patches and update needed scripts
- build: switch to openssl 3.0
- build: add wolfSSL 5.7.0 to the tree
- build: wolfSSL: add recipe, needed patches and configuration
- build: add wolfssl support for mssl
- build: add wolfssl support for httpd
- build: add wolfssl support for mdu
- build: add wolfssl support for openvpn
- build: add wolfssl support for libcurl
- build: add wolfssl support for transmission
- build: add wolfssl support for nginx
- build: openvpn_plugin_auth_nvram: add wolfssl support
- build: compile nocat with glib2 instead of glib
- build: update libfoo.pl and Makefile to latest OpenSSL 3.0.x; also adapt libfoo.pl to be one version for ARM and MIPS - use it also on ARM
- build: Makefile: libnfnetlink: is only needed when target is built with CONNTRACK_TOOLS
- build: Makefile: libpcre2-posix: add library to image only for AIO target
- build: Makefile: libffi library is only needed when target is built with IRQBALANCE
- build: Makefile/www: tune openssl options
- build: Makefile: libevent: we don't need ssl here, so let's remove it from the recipe
- build: Makefile: libcurl: use default value for 'with-random'
- build: Makefile: libzip: do not add insecure support for in-php AES zip encryption
- build: Makefile: openssl: always compile with no-cms
- build: Makefile: openssl: always compile with no-ec2m
- build: Makefile: openvpn: disable unit tests (2.5, 2.6), add lz4 flags (2.5)
- build: Makefile: openvpn (2.5, 2.6): enable smaller executable size (disable OCC, usage message, and verb 4 parm list) for non-AIO MIPS targets
- build: openvpn (all): do not compile with lzo support (security)
- build: Makefile: php: remove curl support
- build: Makefile: tincd is now built using the shared liblz4 library
- build: Makefile: transmission: add gnu99 std to CFLAGS
- build: Makefile: do not compile lz4 for the smallest targets
- build: Makefile: use cmake for pcre2 recipe
- build: Makefile: use cmake in libxml2 recipe
- build: Makefile: libevent: only install shared library if target built with BBT or TOR
- build: remove unneeded libnetfilter_cttimeout package from the tree
- build: stubby: fix log level (see: https://www.linksysinfo.org/index.php?threads/stubby-doesnt-log.78729/)
- build: transmission: patches: add ARC4 implementation inside transmission, disable it in openssl
- build: transmission: patches: disable webseeding, it causes 100% CPU usage in certain situations; apply DSCP to UDP sockets too - backport patch from the upstream
- build: wolfssl: add patch to fix compilation of 5.7.2 on MIPS
- GUI: advanced-ctnf.asp: refined page layout [rs232]
- GUI: Basic: DDNS: move Service dropdown to top
- GUI: Basic: Network: only display the wireless connection (WAN) types that are available for a given branch (fix ARM #328)
- GUI: basic-network.asp: fix saving in case wl radio order is not ascending (ex. normal order wl0, wl1, wl2, ... ) [Version 2] [M_ars]
- GUI: Basic: Time: layout improvement and some renaming [rs232]
- GUI: QoS: Classification: Adaptation for CAKE [rs232]
- GUI: QoS: Classification: Display warning on the qos-classify page if classification has been nvram disabled, where QoS is enabled and set to HTB mode [rs232]
- GUI: QoS: Basic Settings: Cleaning and CAKE tweaking [rs232]
- GUI: Status: Overview: fix Signal Quality icon in wireless client mode
- GUI: Tools: Wireless Survey: Discouraging certain WiFi security protocols [rs232]
- GUI: Tools: Wireless Survey: Changed default table sorting by RSSI Descending (strongest to weakest) [rs232]
- GUI: Tools: Wireless Survey: Added SNR (Signal to Noise) to the table [rs232]
- GUI: Tools: Wireless Survey: added filter by frequency [rs232]
- GUI: VPN: Wireguard: fix layout for advanced themes
- adblock-v2: add internet connectivity test as a running condition [rs232]
- adblock-v2: use Internet test target from nvram mwan_chdst content if this contains any usable FQDN; if not default to google.com [rs232]
- adblock-v2: skip Internet test if no lists are defined (covers the case where domains are only defined locally) [rs232]
- adblock-v2: further improvement to the Internet test: running condition: also check if at least one list is enabled [rs232]
- httpd: openvpn.c: initialize buffer before use; also log static/dhparam key creation
- nvram_ops: add centralised console font & background color definition [rs232]
- nvram_ops: added ${reset} and corrected typo [rs232]
- rc: ddns.c: enable DDNS client 3 & 4
- rc: network.c: set the wireless virtual interface hwaddr according to nvram and wait up to 100 ms to check the result [M_ars]
- rc: nginx.c: fix permissions for socket in case when run as 'nobody'
- rc: nocat.c: touch lease file if it doesn't exist yet
- rc: nocat.c: Use BRIDGE_COUNT to iterate through the lans [lancethepants]
- rc: service.c: miniupnpd: follow changes in config naming, also change default upnp_ssdp_interval to 900s
- rc: services.c: stop_services(): do not stop ntpd during router restart/upgrade
- rom: remove authorityKeyIdentifier from the Server cert generation [lancethepants]
- rom: also remove authorityKeyIdentifier for usr_cert [lancethepants]
- rom: update CA bundle to 2024-07-02
- transmission: dht: fix incorrect handling of want in find_closest_nodes
- www: add rel version to each .js script call
- www: add rel version to each .jsz script call
- www: add rel version to each .css script call
- www: advanced-ctnf.asp: fix appearance on advanced themes
- www: basic-ddns.asp: fix availability of external IP checker when using WET/Media Bridge/etc WAN mode
- www: tomato.css: tweaks centrally indent 1 & 2 (no need to add manually indent: 2 to every page now) and adds options for indent 3 & 4 [rs232]
- www: Makefile: fix display of QR Code when image is build without wireguard


2024.2          2024.05.19
---------------------------

- SDK: nand: Adjust/fix Winbond manufacturer ID
- SDK: small update for Broadcom 53xx RoboSwitch device driver
- SDK: bcmrobo.c: simplify Switch Register Access Bridge Registers SRAB_ENAB()
- SDK6: update PCI-Express driver
- kernel: mtd: nand: add Macronix manufacturer
- kernel: mtd: nand: Add Winbond manufacturer
- toolchain: refresh toolchain on Debian 12 with newer version of gmp, m4 and mpfr
- zlib: update to 1.3.1
- libcurl: update to 8.7.1
- libpng: update to 1.6.43
- libxml2: update to 2.12.6
- tinc: update to d9e42fa (2024-04-07) snapshot
- dnsmasq: update to b8ff4bb (2024-02-22) snapshot
- expat: update to 2.6.2
- busybox: updates from the upstream
- spawn-fcgi: update to 1.6.5
- php: update to 8.3.6
- nginx: update to 1.26.0
- meson: update to 1.4.0
- libffi: update to 3.4.6
- openvpn: update to 2.6.10
- tor: update to 0.4.7.16 - the last one that actually compiles on our ancient toolset
- sqlite: update to 3.45.3
- irqbalance: update to 1.9.4
- gettext-tiny: update to 86d9b99 (2024-01-21) snapshot
- miniupnpd: update to 2.3.6
- dropbear: update to 2024.85
- libcap-ng: update to 0.8.5
- libsodium: update to latest 1.0.19-stable
- util-linux: update to 2.39.4
- build: add Netgear EX7000 support [WIP]
- build: Makefile: use libzip for php compilation
- build: Makefile: tune libcurl recipe (remove not used stuff - smaller size)
- build: Makefile: tune apcupsd recipe (smaller size)
- build: Makefile: mysql: at last build it with system zlib; do not waste time for mysql-test, support-files, sql-bench and man subdirs
- build: Makefile: minidlna: disable NLS support
- build: Makefile: clean more targets before every compilation
- build: Makefile: util-linux: disable nls
- build: switch to php-8.3.1
- build: add pcre2-10.37 to the tree
- build: update glib to 2.74.7 with openwrt patches; add/change recipes; integrate updated/added glib and pcre2
- build: add haveged-1.9.18 to the tree
- build: implement haveged
- build: add TOR again to the o (Custom) target
- build: Update Dockerfile to Debian 12
- GUI: Administration: Admin Access: exclude ports 80 and 443 for remote GUI access for security reasons
- GUI: Administration: Admin Access: fix preparing url of redirect page in case of remote connection
- GUI: admin-access.asp - Add option to enable/disable httpd listening on IPv6 and VLAN interfaces
- GUI: basic-network.asp - fix saving in case wl radio order is not ascending (ex. normal order wl0, wl1, wl2, ... )
- GUI: tools-survey.asp - fix Wireless Site Survey if SSID contains a single quote (fix #323)
- GUI: VPN: OpenVPN Client: add note about strict Kill Switch
- GUI: Status: Overview: fix Watchdog status display
- GUI: USB and NAS: Media Server: fix behaviour of the LAN boxes
- busybox: always add flock applet
- DHCPC: optionally prevent classless routes. Since this is used for iptv it cannot be disabled by default; recommended to turn it off when not using iptv, see CVE-2024-3661
- getdns: fix for broken trust anchor files are silently ignored
- openssl-1.1: add patches for CVE-2023-5678 and CVE-2024-0727
- php8: use php-fpm instead of spawn-fcgi
- udpxy: Fixed uninitialized source address 
- DDNS: multiWAN aware (fix #65)
- ddns: increase the number of errors allowed before entering standby from 3 to 10
- discobery.sh: supports for any CIDR (no dependency to /24 any more) - network and broadcast IPs are now always excluded from the polling - works when brX IP address is not the first in the subnet
- httpd: config.c: do not close temp file created by mkstemp before using it
- httpd: upgrade.c: use mkstemp instead of dangerous mktemp; check for available memory first; correct argument in waitpid(); fix a few other issues
- httpd: etherstates - detect port info in one sscanf
- httpd: httpd.c - fix/add IPv6 listeners for MultiLAN setups (do not try to add IPv4 listeners twice)
- httpd: devlist.c: Loop through dhcp enabled interfaces using BRIDGE_COUNT
- httpd: wl.c - Add central channel for future updates to the GUI Wireless Survey
- httpd: wl.c - Add 802.11N+AC BSS capabilities for future updates to the GUI Wireless Survey
- mdu: in case of curl, also use a while loop to use more than one IP checker during a failed host check
- mdu: use getaddrinfo instead of the deprecated gethostbyname when building without libcurl
- mdu: also test for IP change if "Force next update" is checked
- mdu: support special case, when ifname is set to 'none' or proto is 'disabled' - use default WAN
- mdu: remove ieserver.net from the list of available services (down)
- mdu: remove DyNS from the list of available services (down)
- nvram: fix behavior of 'convert' option
- ntpd: try to monitor and restart it when it dies or doesn't start at all
- others: sysinfo: fix WL adapter name for 3rd wireless
- others: improve cru locking to prevent concurrent updates
- others: switch4: fix PIN status recognition on some modems
- others: switch4g: correct checking of CPIN status
- others: switch3g: fix PIN checker
- patches: nginx: fix little endian recognition, solve other issues
- rc: always enable 3G modem support and remove that option from the GUI
- rc: arpbind.c: stop_arpbind(): Skip header of /proc/net/arp
- rc: buttons.c: Limit WLAN button maximum duration to 120 seconds
- rc: bwlimit.c: refactor code to loop using BRIDGE_COUNT
- rc: firewall.c: fix remote administration (www/ssh) when DMZ is enabled 
- rc: firewall.c: Use BRIDGE_COUNT to iterate throuh interfaces
- rc: ftpd.c: close fp before bailing when f fails to open
- rc: init.c: do not run remove_usb_module() [remove_usb_all_modules() now] on halt/reboot; some changes in order of removed services
- rc: nfs.c: Also free(buf) when returning on failed fopen
- rc: nginx.c: always try to kill php-cgi at nginx stop
- rc: openvpn.c: start_ovpn_client(): Initialize route_mode variable
- rc: services.c: start_ipv6_tunnel(): Fix undefined behavior in snprintf
- rc: services.s: use get_wanface() to properly check WAN ifaces in generate_mdns_config()
- rc: services.c: block Apple private relay
- rc: tor.c: refactor code to loop using BRIDGE_COUNT
- rc: usb.c: do not run remove_usb_modem_modules() by default - it may cause kernel panic (at least on MIPS RT-AC), enable it by setting 'remove_modem_modules' nvram variable
- rc: wan.c: restart DDNS not only on primary WAN
- rom: update CA bundle to 2024-03-11
- www: advanced-vlan.asp: wipe out relevant fields for inactive or just disabled WAN - needed in various places for the proper operation of FW
- www: advanced-vlan.asp: after editing, just reset mwan_num to 1 to avoid problems
- www: adminer.php: fix error message "Trying to access array offset on null" on php 8
- www: basic-time.asp: Show ntp info
- www: qos-{ctrate,qos-detailed}: Additional filter options
- www: tools-survey.asp - v1.01 - 11/05/24 - rs232
- Asus RT-AC5300: allow to disable/shut down broken wireless radios


2024.1          2024.02.14
---------------------------

- kernel: wireguard: update module to 1.0.20220627
- dnsmasq: update to aa9e965 (2024-01-21) snapshot
- libcurl: update to 8.5.0
- libcap-ng: update to 0.8.4
- libpng: update to 1.6.41
- libjpeg-turbo: update to 3.0.2
- libid3tag: update to 0.16.3
- dropbear: update to 41a6abc (2023-12-31) snapshot
- miniupnpd: update to 2.3.4
- ntfs-3g: update to 75dcdc2 (2023-06-13) snapshot
- busybox: updates from the upstream
- wsdd2: update from the upstream
- uqmi: update to c3488b8 (2024-01-16) snapshot
- sqlite: update to 3.45.1
- libxml2: update to 2.12.4
- libsodium: update to latest 1.0.19-stable
- wireguard-tools: update to 1.0.20210914
- libubox: update to 6339204 (2023-12-18) snapshot
- build: Makefile: fix libcurl issue with http auth
- build: Makefile: fix compilation on Debian 12
- build: kernel: fix kernel warnings at generated shared_ksyms.c
- build: Makefile: on %-clean, do not forget to remove staged dirs
- GUI: advanced-wireless.asp - add Inactivity Timer option for Media Bridge Mode (60 up to 3600 sec)
- GUI: VPN: Tinc: tune a little status page
- mdu: use libcurl for all ARM images 
- mwwatchdog: tune cktracert() checker once again - it needs max hop value set to ~10
- rc: snmpd.c: log start/stop events
- rc: restrict.c: web netfilter module not supported for IPv6 on arm
- switch4g/wwansignal: add timeouts to uqmi calls
- wireguard: wg-quick: fix syntax error (see: https://www.linksysinfo.org/index.php?threads/wireguard-on-freshtomato.76295/page-19#post-347565)
- wireguard: working (finally) GUI, firewall, etc for Internal type connections (external to the provider will be added [probably] in the next release)
- www: tomato.js: restore compatibility with older browsers
- www: tools-shell.asp: switch to our addEvent() function for better compatibility


2023.5          2023.12.21
---------------------------

- iperf: update to 3.15
- openssl-1.1: update to 1.1.1w
- libcurl: update to 8.4.0
- dnsmasq: update to cd4db82 (2023-11-30) snapshot
- libsodium: update to latest 1.0.19-stable
- sqlite: update to 3.44.2
- libjpeg-turbo: update to 3.0.1
- nginx: update to 1.25.3
- uqmi: update to eea2924 (2023-10-28) snapshot
- openvpn: update to 2.6.8
- irqbalance: update to 1.9.3
- libxml2: update to 2.11.6
- util-linux: update to 2.39.3
- add initial Netgear R6200v2 router support
- build: Makefile: shrink again AIO_Lite target (remove ZFS, SNMP and NANO)
- build: rename TCONFIG_TUXERA_HFS symbol to TCONFIG_TUX_HFS to avoid problems when building without it; cosmetic
- build: Makefile: shrink r1do target (remove BTCLIENT and TR_EXTRAS)
- build: add fsck.* symlinks for ntfs and zfs
- build: Makefile: align the images filename for each release to contain the relevant ARM version in the filename
- build: Makefile: init files don't have to contain openssl, openvpn, or proxy
- build: Makefile: split into different files for easier maintenance; tune a little versioning
- build: Makefile: compile rp-pppoe and pppd with -Os (for small images) or -O2 flag (other images like VPN, AIO, AIO_Lite, Mega)
- build: Makefile: compile OpenVPN using -O2 flag (for ARM branch)
- build: Makefile: add NANO instead of UPS in AIO_Lite target (y)
- build: fix zfs python minor version detection
- build: Makefile: fix pcre-install recipe
- build: Makefile: fix php recipe - build it with our pcre and also correct libjpeg-turbo support
- busybox: add lsof applet to images
- BSD (wireless band steering): add bsd nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- dropbear: fix CVE-2023-36328
- GUI: basic-network.asp - allow Group Key Renewal from 0 (disabled) up to 30 days (2592000 sec)
- GUI: Status: Device List: add Wake on LAN for Media icon
- GUI: add an optional 'toggle to dark' switch
- GUI: Advanced: Routing: allow to add 'default' as a Destination (fix #301)
- GUI: Status: Overview: count reclaimable slab memory as a free memory (according to 'free')
- GUI: Port Forwarding: Basic/Basic IPv6/Triggered: fix tables width in Advanced themes and some html/css inconsistency; cosmetic
- GUI: Port Forwarding: Basic: sort "Src Address" and Int Address" columns by text like on Basic IPv6
- httpd: openvpn.c: remove the status from the generated OpenVPN client configuration - this may cause problems in some cases
- Media Bridge Mode (SDK6/SDK7/SDK714): reinitialize wl radio in case of connectivity loss (v2)
- nvram: add possibility to convert config backup file to readable nvram text file
- others: mwwatchdog: tune cktracert() a little
- rc: services.c: start rstats/cstats later and stop them earlier (should fix #213)
- rc/httpd: use tomato_version variable instead of nvram 'os_version'
- rc: Drastically improve slow boot times caused by USB mass storage
- rom: update CA bundle to 2023-12-12
- switch4g: add more complex PIN check for QMI modems; also some more fixes
- switch4g: do not use setpin.gcom script from gcom (comgt) package
- wanuptime: improve buffer validation (snprintf/strlcpy)
- WET / Media Bridge Mode: allow to use/enable Debug Mode for dnsmasq (via advanced-dhcpdns.asp)
- WET / Media Bridge Mode: allow to use/enable Adblock feature
- www: status-data.jsx: fix a small bug in displaying DNS addresses
- www: admin-iptraffic.asp: restart the firewall when enabling/disabling cstats
- www: status-data.jsx: DNS: make message about used DNS more precise
- www: wireguard GUI and wg-quick script


2023.4          2023.09.10
---------------------------

- kernel: drivers: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
- SDK6: update wireless driver (dual core)
- SDK714: update wireless driver
- SDK5 (USBAP only): Speed up boot-up time (only cosmstic in this case / for documentation)
- SDK7: Speed up boot-up time (~round about 23 sec) (and align to SDK714)
- libsodium: update to latest 1.0.18-stable
- minidlna: update to 1.3.3
- libcurl: update to 8.2.1
- tor: update to 0.4.7.14
- iperf: update to 3.14
- libjpeg-turbo: update to 3.0.0
- rom: update CA bundle to 2023-08-22
- gmp: update to 6.3.0
- libjson-c: update to 0.17-20230812
- nginx: update to 1.25.2
- sqlite: update to 3.43.0
- libxml2: update to 2.11.5
- openssl: update to 1.1.1v
- zlib: update to 1.3
- libpng: update to 1.6.40
- snmp: update to 5.9.4
- flac: update to 1.4.3
- openvpn: update to 2.6.6
- util-linux: update to 2.39.2
- dnsmasq: update to 3b5ddf3 (2023-09-02) snapshot
- ffmepg: update to 0.11.5 (resolves ARM #239)
- libffi: update to 3.4.4
- build: Makefile: compile Tenda N60 (n60) without PROXY enabled to save space
- build: get rid of pdureader - full of bugs, it's enough that comgt has its issues
- build: Makefile: compile rp-pppoe and pppd with -Os flag only if we need smaller image (ie. for 4MB routers)
- build: Makefile: compile openssl-1.1 with -Os flag only if we need smaller images (example for 4 or 8 MByte routers) - arm branch/mips MEGA & AIO will use O3
- build: Makefile: add target AIO_Lite (y) for some routers with insufficient flash size
- build: Makefile: add stubby to target e (VPN) instead of little used conntrack tools and mdns
- build: Makefile: add target VPN for Netgear Router Group AC1450, R6300v2, R6250
- build: Makefile: glib2: use already compiled pcre (in case of TCONFIG_NGINX) not the one embedded in glib2
- Adblock (DNS filtering): remove default domain blacklist URLs and save NVRAM space for all routers (no matter if 32, 64 or 128 KB)
- dnsmasq: set the default maximum DNS UDP packet size to 1232
- IPv6: show option6 dns-server (RDNSS) (GUI: advanced-dhcpdns.asp)
- Media Bridge Mode (SDK6/SDK7/SDK714): add ARPING (default 180 sec cycle) and improve stability
- mdu: fix Cloudflare DDNS when using curl (resolves ARM #292)
- QoS: remove default Outbound Direction configuration and save NVRAM space for all routers (no matter if 32, 64 or 128 KB)
- GUI: Administration: Access: move "Remote Web Port Protection" to "Admin Restrictions" section; also enable it by default
- GUI: Administration: Bandwidth Monitoring: add current date/router model/FW version to backup file
- GUI: Administration: IP Traffic Monitoring: add current date/router model/FW version to backup file
- GUI: Advanced: DHCP/DNS/TFTP: Add option to Show/Hide Stubby's resolvers
- GUI: Advanced: DHCP/DNS/TFTP: hide 'IPv6 DNS Server' forms when IPv6 is disabled
- GUI: Advanced: DHCP/DNS/TFTP: hide the rest of IPv6 options if IPv6 is disabled
- GUI: Status: Overview: add current operator to WWAN Modem Status also for QMI modems
- GUI: Advanced: DHCP/DNS/TFTP: hide "DHCP IPv6 lease time" options in case DHCPv6 PD
- GUI: USB and NAS: Media Server: fix correct port in status window link when using minidlna with random port
- GUI: Status: Overview: do not display days if they are equal to zero
- GUI: basic-ddns.asp - provide an additional variable for the IPv6 address in custom URLs for DDNS
- Revert "rc: services.c: start_ntpd(): run ntpd at high priority"
- httpd: improve buffer validation (strlcpy)
- httpd: iperf.c: sanitize host name
- others: wwansignal: start querying the modem only if the DIAGS file exists (it means that modem is detected with diags and probably already connected)
- others: switch4g: fix listing TTYs in QMI mode
- others: switch4g: extend waiting time for modem switching and its redetection
- others: use shorter /dev/null redirection
- others: rename watchdog script to mwwatchdog to avoid confusion with the busybox applet
- rc: dhcp.c - adjust/improve bound event and avoid memory sharing issues
- rc: ftpd.c: Change the default ftpd admin login to 'root' to be consistent with the default router login
- rc: dhcp.c - adjust renew event and do not restart dnsmasq for WAN side route changes (resolves ARM #287)
- rc: init.c: remove "os_name" from nvram
- rc: ppp.c - adjust/improve code to avoid memory sharing issues
- rc: services.c: dnscrypt-proxy: in case of EDNS packet size is set lower than 1252 in dnsmasq, set it also here
- rc: services.c: we don't need extra logging when minidlna logs to syslog
- rc: wan.c - adjust/improve code to avoid memory sharing issues (+add some more comments)
- rom: Makefile: Escape single quotes (') in dnscrypt-resolvers.csv
- switch4g: move cdc_ether module to the end of the list 
- Wireless Survey: optimize code for wl survey (GUI: tools-survey) - Part 2
- wsdd2: Update patch with new location of smb.conf
- WWAN: improve display of SINR values for QMI modems
- www: advanced-dhcpdns.asp: remove dupe from Notes section
- www: advanced-vlan-r1.asp: add modification to enable Native VLAN support (allow one untagged vlan per port) by default
- www: tomato.js: allow to use onclick in elements (appended after verifyFields() essentially) created by the createFieldsTable() function


2023.3          2023.06.25
---------------------------

- kernel: usbnet: optimize usbnet_bh() to reduce CPU load
- busybox: update to 1.36.1
- openvpn: update to 2.6.5
- libcurl: update to 8.1.2
- sqlite: update to 3.42.0
- libxml2: update to 2.11.4
- nginx: update to 1.25.1
- openssl-1.1: update to 1.1.1u
- libsodium: update to latest 1.0.18-stable
- libubox: update to 75a3b87 (2023-05-23) snapshot
- dnsmasq: update to 9bbf098 (2023-05-26) snapshot
- nettle: update to 3.9.1
- util-linux: update to 2.39
- libusb: update to d5bb64b (2020-01-24) snapshot
- adblock v2: update to 2.72b
- dhcp6c: add signal handling of SIGINT and fflush
- getdns/stubby: fix the IP of one of the OpenDNS servers
- stubby: add getdnsapi.net DNS to the resolver list
- stubby: remove Surfnet/Sinodun DNS from the list - it doesn't work anymore (resolves #279)
- rstats (Bandwidth Monitoring): add rstats nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- cstats (IP Traffic Monitoring): add cstats nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- FTP Server: add ftp nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- SNMP: add snmp nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- UPnP: add upnp nvram variables only if feature is enabled (clean-up nvram at boot/re-boot)
- httpd: improve buffer handling
- httpd: increase buffer for get_wl_tempsense(); also use proper site_t buffer in snprintf
- shared/rc/httpd: improve buffer validation (strlcat_r)
- bsd/eapd/wlconf: fix build break (strlcat_r)
- mdu: fix compilation in case if built without libcurl; avoid compiler warnings
- mdu: fix segfault in curl_headers() when adding more than one header at a time
- mdu: add addtional headers for wget()
- mdu: fix basic auth in update_wget() when built with libcurl
- mdu: mdu.c: improve buffer handling
- mdu: allow the user to specify a custom polling period for External IP address checker
- mdu: rewrite the part responsible for obtaining the external IP address
- GUI: Basic: DHCP Reservation: properly initialize 'Static lease time' on page load
- GUI: admin-iptraffic.asp - add note about IPv4 only (no support for IPv6)
- GUI: advanced-wireless.asp - add Optimized for Xbox option 
- GUI: Advanced: DHCP/DNS/TFTP: allow to ignore DHCP requests from unknown devices on each bridge individually
- GUI: Basic: Network: fix visibility of 'AP MAC Address to connect' option
- GUI: bwlimit.asp - add checks for Multi-LAN setups
- GUI: Basic: DDNS Client: use ajax to refresh info on page
- GUI: VPN Tunneling: OpenVPN Client: Routing Policy: add more thorough domain validation (resolves #285)
- shared: misc.c: get_dns(): really add received DNS servers to the static DNS server list
- Revert "rp-pppoe: update to 3c0f6c02 (2023-02-08) snapshot"
- rc: init.c: fix restart of some services when using SIGHUP on init (resolves #284)
- rc: transmission.c: fix port forwarding for IPv6
- rc: wan.c: fix restart of some services in WET mode
- rc: do not waste time and resources if IPv6 is disabled
- rc: jffs2.c - do not delete (automatically) jffs if mounting fails (show error only)
- rc: ddns.c: distinguish addrcache and dump file depending on the unit number
- rc: ftpd.c: fix bug where in some cases FW rules to open WAN port were not removed
- rc: nginx.c: fix bug where in some cases FW rule to open WAN port was not removed
- rc: mysql.c: Fix copying adminer.php to nginx_docroot
- rom: update CA bundle to 2023-05-30
- WL (SDK6 and up!): show & provide all valid WiFi 5 (AC / 80 MHz) control channels (lower-lower [LL], lower-upper [LU], upper-lower [UL], upper-upper [UU])
- Linksys EA6200: fix wl config (nvram wl0_nband) - 5 GHz radio first
- Belkin F9K1113v2: fix wl config (nvram wl0_nband) - 5 GHz radio first
- Xiaomi MiWiFi: fix wl config (nvram wl0_nband) - 5 GHz radio first


2023.2          2023.03.18
---------------------------

- kernel: net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem
- kernel: net: usb: rndis_host: Secure rndis_query check against int overflow
- SDK6: update wireless driver (dual core)
- WL Client / Media Bridge / Wireless Ethernet Bridge: add AP MAC (xx:xx:xx:xx:xx:xx) to scan and join (--> try to connect to that specific MAC with SSID "ABCDEF")
- libcurl: update to 7.88.1
- libjpeg-turbo: update to 2.1.5.1
- libsodium: update to latest 1.0.18-stable
- miniupnpd: update to 2.3.3
- rp-pppoe: update to 3c0f6c02 (2023-02-08) snapshot
- sqlite: update to 3.41.1
- e2fsprogs: update to 1.47.0
- openvpn: update to 2.6.1
- dnscrypt-proxy: update resolvers csv file
- adblock v2: update to 2.71u
- rom: update CA bundle to 2023-01-10
- dnsmasq: add safe-mode + TFTP (resolves #263)
- build: scripts: added PATH directive to avoid conflicts with entware/optware
- build: Makefile: r1do (Xiaomi R1D): do not build with IRQBALANCE due to too large image size
- GUI: vpn-server.asp: corrected "Uncrypted" for "Unencrypted"
- GUI: VPN Tunneling: add Wireguard page (for now only with link to the wiki howto)
- GUI: DHCP / DNS / TFTP: clean-up
- Revert "GUI: add new default theme"
- others: entware-install-MIPS.sh: use the full path when calling programs
- rc: fix logdrop bevaviour (if enabled)
- rc: transmission.c: fix port forwarding (UDP) (resolves #270)
- rc: transmission.c: revert changes from 4c4f653 - everything works just fine
- rc: wan.c: fix commit 80a7e66 (resolves #275)


2023.1          2023.02.17
---------------------------

- kernel: usb: update ch341 driver
- SDK6: rename all images from "XXX-ARM-NG-YYY" to "XXX-ARM-YYY"
- SDK7/SDK714: update wireless driver
- busybox: update to 1.36.0
- libpng: update to 1.6.39
- libsodium: update to latest 1.0.18-stable
- nano: update to 7.2
- tor: update to 0.4.7.13
- nginx: update to 1.23.3
- ffmpeg: update to 0.7.17
- libjpeg-turbo: add clean sources of 2.1.4
- dropbear: updates from the upstream
- sqlite: update to 3.40.1
- pppd: update to 2.4.9
- adblock: update to 2.71e
- libcurl: update to 7.87.0
- e2fsprogs: update to 1.46.6; remove no more needed patch
- getdns: update to 1.7.3; refresh patches
- libubox: update to eac92a4 (2023-01-03) snapshot
- miniupnpd: update to 2.3.2; refresh patches
- libncurses: update to 6.4
- OpenVPN: update to 2.6.0; fix recipes
- dnsmasq: update to 2.89
- openssl-1.1: update to 1.1.1t
- build: add libcap-ng 0.8.3 to the tree, required by OpenVPN 2.6
- build: Makefile: libcap-ng: add recipe
- build: add recipes and integrate with libjpeg-turbo
- build: remove no more needed jpeg package from the tree
- GUI: add "Scroll to bottom" also at the bottom of the status-log page
- GUI: adjusting "Refresh Every" to "One off"
- GUI: Advanced: Firewall: add note about custom config file for igmpproxy
- GUI: advanced-wireless.asp - remove afterburner option (for SDK6 and up!)
- GUI: advanced-wireless.asp - adjust TurboQAM / NitroQAM label (New: Modulation Scheme)
- GUI: USB and NAS: BitTorrent Client: extend character limit on the input field for blocklist url to 256 (resolves #269)
- GUI: USB and NAS: Media Server: fixes/improvements (resolves #243)
- GUI: USB and NAS: File Sharing: use checkboxes to select interfaces; also change location of samba configuration file (/etc/samba/smb.conf)
- Media Bridge Mode (SDK6/SDK7/SDK714): add & set inactivity timer value to 0 [disabled] (wl driver default is: 600 sec)
- minidlna: use syslog instead of a log file; added as a patch
- others: Makefile: also add ntp2ip script when image is built with dnscrypt-proxy but without stubby
- rc: openvpn.c: remove ignoring directives for IPv6 for OpenVPN client (resolves #268)
- rc: samba.c: correct 'server string' (resolves #188)
- rc: services.c: start_media_server(): correct friendly_name, album_art_names; add model_name
- rc: service.c: start_upnp(): correct friendly_name
- rc: transmission.c: only add bind to generated config if it's not already added in custom config (resolves #265)
- www: tomato.js: allow the hostname to be all digits as per RFC
- www: add new favicon (thanks @rs232)


2022.7          2022.12.20
---------------------------

Note: the upgrade is highly recommended for users using Routing Policy in the OpenVPN client due to a major issue related to it.

- kernel (all): updates/fixes from the upstream
- SDK7: small update for pcie and adjust commit 286447b244974a3beb40b37e 
- busybox: update to 1.35.0
- dropbear: update to 2022.83
- tor: update to 0.4.7.11
- zlib: update to 1.2.13
- xl2tpd: update to 1.3.18
- sqlite: update to 3.40.0
- libpng: update to 1.6.38
- nano: update to 7.0
- minidlna: update to 1.3.2; refresh patches, remove no more needed
- dnsmasq: update to v2.88
- build: Makefile: fix compilation in case if minidlna is built as static
- build: kernel (all): enable compilation of ch341 usb driver
- GUI: Status: Overview: fix Signal Quality icon in wireless client mode when RSSI is equal zero
- GUI: Basic: Time: add option to serve also NTP on the WAN (resolves #234)
- GUI: VPN Tunneling: Tinc Daemon: better format Tinc output in Advanced themes
- GUI: Administration: TomatoAnon: grammar fix (resolves #260)
- GUI: Status: Device List: add frequency to Moise Floor interfaces list
- busybox: awk: fix use after free (CVE-2022-30065)
- dropbear: disable DSS key support
- dropbear: use Os flag for Libtommath and smallest targets
- e2fsprogs: add two patches from openwrt
- httpd/mssl: add support of elliptic curves in mssl_cert_key_match (resolves #250)
- httpd: switch self-signed certificate from RSA to ECC
- rc: adjust start/stop of miniupnpd
- rc: adjust/add stop for miniupnp in case of single-wan
- rc: firewall: move ftpd FW rules (remote access/ftplimit) to ftpd.c script
- rc: interface.c: log errors only on failed interface addition
- rc: nocat.c: only run start_wan() if nocat was really started
- rc: openvpn.c: check first if firewall script is executable
- rc: openvpn.c: workaround for problems when adding iptables rules
- rc: rc.c: run_del_firewall_script(): correct temp file permissions
- rc: services.c: start_igmp_proxy(): drop privileges after startup
- rc: services.c: improve buffer handling
- rc: services.c: exec_service: do not re-use buffer
- rc: services.c: do_service(): increase waiting time (from 15 to 20 secs), because almost all services are now serialized when started/stopped; more verbose logging
- rc: services: move ftpd support to outer file
- rc: wan.c: restarting httpd service here is completely redundant
- rc: telssh.c: avoid problems while starting/stopping in the GUI (and also in other cases)
- stubby: add Mullvad DNS to the list (resolves #233)
- router: shared: cache the model detection result for safe multiple use
- Netgear R7900 / R8000: help arm issue #258
- Netgear ARM Router Family: set cal data for wl radios and improve wl performance (get infos at board_data --> router specifc)


2022.6          2022.11.06
---------------------------

- SDK714: initial commit
- SDK714: update to 2022 (from 2018)
- libcurl: update to 7.86.0
- nano: update to 6.4
- nettle: update to 3.8.1
- sqlite: update to 3.39.4
- tor: update to 0.4.7.10
- dnsmasq: update to 2.87 final
- tinc: update to the latest commit. 4c6a9a9; update to meson build system. Add lz4 support to tinc
- dnscrypt-proxy: update resolvers csv file
- getdns: update to 1.7.2
- openssl-1.1: update to 1.1.1s
- igmpproxy: update to 0.4
- libsodium: update to latest version of 1.0.18-stable
- nginx: update to 1.23.2
- ntfs-3g: update to 2022.10.3
- miniupnpd: update to 2.3.1
- openvpn: update to 2.5.8
- flac: update to 1.4.2
- libxml2: update to 2.10.3
- libcurl: update CA certificate bundle as of 2022-10-11
- meson: add clean source for version 0.63.0
- lz4: add clean source for version 1.9.3
- lz4: update to 1.9.4
- util-linux: update to 2.38.1
- irqbalance: update to 1.9.2
- zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)
- zlib: backport null dereference fix
- nocat: import some patches found in debian
- SDK7: check wireless driver max client tuneable value
- build: add Asus RT-AC5300 support
- build: add Asus RT-AC3100 support
- build: add Asus RT-AC88U support (only 4 LAN + 1 WAN port)
- build: merge all branches together
- build: sync up DockerFile to current build process
- build: samba3: update Makefile; in ARM we have already realpath() with support for NULL argument. So change that option
- build: SDK6/7: clean-up flags for Tri-Band router
- build: Netgear R7900 / R8000: build image without TRX KEY
- GUI: advanced-misc.asp - Make it possible to save settings without rebooting
- GUI: Wireless Survey: check for Channel Spec BW 160 / 8080 MHz (SDK6 and up)
- GUI: VPN Tunneling: Tinc Daemon: fix javascript error
- GUI: NAS: Media Server: fix allowed port range
- GUI: Basic: Network: remove unnecessary javascript alert
- GUI: move IPSec Passthrough from Firewall to Conntrack/Netfilter
- GUI: Advanced: Routing: increase route metric limit from 10 to 4294967295
- GUI: Status: Overview: add link to DHCP/DNS page when using stubby/dnscrypt-proxy
- GUI: basic-ddns.asp - do not show the DDNS password (resolves #202) 
- GUI: basic-network.asp - Option: Automatic IP --> give some more Infos to the FT user about changing IP address (DHCP client on/off)
- GUI: fix start/stop button behaviour, when there is an error in config file
- GUI: add new default theme
- GUI: USB and NAS: Media Server: fix the operation of the 'Rescan on the next run' button
- GUI: Administration: Admin Access: add 'Notes' section about dropbear additional configuration files
- GUI: Status: Overview: add current operator to WWAN Modem Status
- Access Point Mode / WET / Media Bridge Mode: Allow to obtain a LAN IP via DHCP
- firewall: check GUI IPSec config first (small fix for operator priority)
- httpd: misc.c: asp_notice(): sanitize file name
- httpd: log.c: wo_viewlog(): sanitize search string more aggressively
- IPv6: add/use function to extract prefix from configured IPv6 address
- nvram: remove no more needed variables (dhcp_start, dhcp_num)
- Revert "GUI: Advanced: DHCP / DNS Client: remove 'Reduce packet size' option - no more available in udhcpc from busybox"; 'Reduce packet size' option is available via patch!
- rc: firewall: move nginx FW rules (remote access) to nginx.c script
- rc: openvpn.c: rewrite openvpn FW rules
- rc: tinc.c: rewrite tinc FW rules
- rc: transmission.c: rewrite transmission FW rules and watchdog script
- rc: mysql: rewrite, to get rid of shell scripts
- rc: pptpd.c: rewrite pptpd FW rules
- rc/shared: introduce and use killall_and_waitpid()
- rc: tune stop_stubby function
- rc: fix call to restart_nas_services() - to restart it needs stop/start, not only start
- watchdog: use 1.1.1.1 as a 2nd target instead of microsoft.com
- www: tools-qr.asp: fix bug when certain characters are in ssid or PSK
- www: status-log.asp: add maxlength to find input element
- Netgear R6400 (v1) / R6400v2 / R6700v3 / XR300 : fix USB Power supply in some cases (cfe/board_data dependency) - fixes #244
- Dlink DIR868L: fix USB Power supply in some cases (cfe/board_data dependency) 
- Wireless Ethernet Bridge Mode: Block all IPv6 traffic to avoid wl driver crash in some cases (only arm)


2022.5          2022.08.06
---------------------------

Note: mainly bugfixes release.

- nginx: update to 1.23.1
- sqlite: update to 3.39.2
- meson: add clean source for version 0.63.0
- meson: add arm-cross.txt file
- lz4: add clean source for version 1.9.3
- tinc: update to meson build system. Add lz4 support to tinc
- tinc: update to the latest commit. 4c6a9a9
- libcurl: update CA certificate bundle as of 2022-07-19
- build: dhcpv6: sync to MIPS (chmod), additionally add #ifdef to have one version for ARM and MIPS
- GUI: fix copy-paste for advanced-dhcpdns.asp
- GUI: Advanced: DHCP/DNS: 'Solve .onion' checkbox should be available regardless of tor status
- GUI: basic-ipv6.asp - fix problems with saving IPv6 setting
- GUI: Advanced: DHCP/DNS: rename option
- dhcpv6: Improve log messages when a REPLY message arrives. The old ones were confusing
- dhcpv6: Add a new script event "EXIT", which is invoked when dhcp6c exits


2022.4          2022.07.31
---------------------------

Note: because of changes in GUI, clean your browser cache and/or use Ctrl+F5 (FF) to avoid artifacts.

- toolchain: brcm-arm-toolchains update; uClibc 0.9.33.2 with CVE-2022-30295, CVE-2021-43523 and CVE-2016-6264 fixes. Also other fixes/patches included. Enable support for AI_ADDRCONFIG
- kernel: drivers: net: updates from the upstream (for details see full changelog)
- kernel: drivers: usb: updates from the upstream (for details see full changelog)
- SDK6/SDK7: enable USB2 and USB3 power at boot up by default
- SDK7: check wireless driver max client tuneable value
- SDK7: update ctf (part 2 + part 3)
- iptables: update to 1.8.8
- irqbalance: update to 1.9.0
- libcurl: update to 7.84.0
- libxml2: update to 2.9.14
- libiconv: update to 1.17
- flac: update to 1.3.4
- openvpn: update to 2.5.7
- ntfs-3g: update to 2022.5.17
- libsodium: update to 1.0.18-stable
- nettle: update to 3.8
- tor: update to 0.4.7.8
- zlib: update to 1.2.12 (add two fixes from the develop tree)
- libubox: update to d2223ef (2022-05-15) snapshot
- uqmi: update to 56cb2d4 (2022-05-04) snapshot
- openssl: update to 1.1.1q
- sqlite: update to 3.39.0
- nginx: update to 1.23.0
- dnsmasq: update to 2022.07.07 (20b4a4e) snapshot
- build: add Netgear R7900 support (almost the same like R8000) 
- build: router: Makefile: also install zlib when samba is added to the (not AIO) image - fix build break
- build: only include adblock when image is built with TCONFIG_HTTPS (all (or most) servers from the adblock list are now redirecting to https, so wget can't download them without OpenSSL)
- build: add flag to detect AIO target (the same way like in MIPS branch)
- build: add target ARM architecture/target ARM processor
- build: add flag to build image without TRX KEY
- GUI: Administration: Configuration: fix date in the filename of saved config file
- GUI: Administration: NFS Server: correct link to the NFS website
- GUI: Advanced: Firewall: change link for Efficient Multicast Forwarding option
- GUI: Advanced: Tor: add daemon status, add start/stop button
- GUI: advanced-vlan.asp - use nvram t_model_name for R8000 detection
- GUI: advanced-wireless.asp - Set bss_maxassoc same as global max clients
- GUI: advanced-wireless.asp - adjust/improve saving country/rev selection
- GUI: Status: Logs: implement maximum filter level
- GUI: Status: Overview: clearly explain what the WL enable/disable buttons are for
- GUI: Tools: Wireless Survey: add a note for ARM routers, that WL survey doesn't work when WL filter is turned on in 'permit only' mode (workaround for #224)
- GUI: USB and NAS: FTP/Samba/FTPD/BT: add daemon status, add re-start button (unify to nginx/mysql page)
- GUI: VPN Tunneling: OpenVPN Client: also allow range of IP addresses as a source IP
- GUI: fix backup filename date
- adblock: convert all lists to https; additionally add Steven Black list
- apcupsd: add PCNET and SNMP support in AIO targets; allow to use custom config
- dhcpv6: Add a no release option '-n'. This prevents a release signal from being sent to the ISP causing a new PD or address to be allocated
- dhcpv6: Remove the PID file just before dhcp6c actually exits
- dhcpv6: Add a signal handler for SIGUSR1 to forcibly exit without releasing the obtained addresses
- dhcpv6: Set a DHCPv6 state keyword to an environment variable "REASON"
- dhcpv6: reload config on SIGHUP
- dropbear: add login limits
- dropbear: fix MAX_UNAUTH_CLIENTS regression - fix from the upstream
- dropbear: patches: add DEFAULT_ROOT_PATH
- httpd: misc.c: use utf8 in asp_rrule()
- IPv6: add DUID type selection (currently only DUID-LL (default) OR DUID-LLT)
- IPv6: extend GUI status page (status-overview.asp) - show DUID
- IPv6: add GUI option (basic-ipv6.asp) to start DHCP6 Client in debug mode (only for RT-N+ router)
- IPv6: add GUI option (basic-ipv6.asp) for DHCP6 client to prevent prefix/address release on exit
- IPv6: check environment variable "REASON" which is passed to the client script when receiving a REPLY message (only for DEBUG currently)
- JFFS: do not start if router model is unknown 
- others: linkagg: fix warning messages, cosmetic
- rc: serialize (re-)starts from GUI, avoid zombies
- rc: do not (re)start services during upgrade/reboot
- rc: firewall: add IPv4 IPSEC passthrough
- rc: gpio.c - extend gpio poll up to 32 pins
- rc: openvpn.c: also abort when can not create tap/tun interface
- rc: openvpn.c: fix parsing of pidof result in watchdog script
- rc: services.c: start_ntpd(): correct verbose option
- rc: services.c: start_ntpd(): run ntpd at high priority
- rc: services: move samba support to outer file
- rc: transmission: rewrite, to get rid of shell scripts
- router: httpd: wl.c - adjust and correct scan params for wireless survey (GUI: tools-survey)
- shared: wlscan.h - increase buffer for wireless survey (SDK6 and up)
- stubby: add Cisco Umbrella/OpenDNS DoT Servers to Stubby Options
- wireless ethernet bridge AND media bridge mode: use dnsmasq (provide DNS service)
- Wireless Survey: rework / optimize code for wl survey (GUI: tools-survey) 
- www: tomato.js: fix id in TomatoGrid.prototype.createEditor
- Netgear R6400/R6700/R6900/R7000/XR300 series router: adjust led setup in case wan is disabled (router only in AP mode) - resolves #21
- Tenda AC15 / AC18: build image without TRX KEY


2022.3          2022.05.12
---------------------------

- SDK6: allow upgrade from AsusWRT to FreshTomato via GUI
- SDK7: allow upgrade from AsusWRT to FreshTomato via GUI
- SDK7: remove 256 MB DRAM limit
- Initial add NETGEAR ac1450
- Initial add DSL-AC68U
- dnsmasq: update to 2022-03-31 (03345ec) snaphot (fix for CVE-2022-0934)
- libcurl: update to 7.83.0
- sqlite: update to 3.38.5
- ebtables: fix the 'static' build target (update from upstream)
- libsodium: update to latest 1.0.18-stable
- libnfnetlink: update to 1.0.2
- libmnl: update to 1.0.5
- wsdd2: update to 1.8.7
- util-linux: update to 2.38
- libjson-c: update to 0.16-20220414
- nano: update to 6.3
- openssl: update to 1.1.1o
- tor: update to 0.4.7.7
- irqbalance: update to 1.8.0
- libcurl: update CA certificate bundle as of 2022-04-26
- build: Makefile: only build an image for RT-N18U in NOSMP version
- GUI: fix display of 'beta' tag on Advanced themes
- GUI: Administration: Admin Access: update links to TTB themes list and gallery
- GUI: Advanced: DHCP/DNS: add the choice of EDNS packet size - default: 1280, no change (resolves #214)
- GUI: Web Server: add buttons for nginx/MySQL that open their interfaces in the new tab/page
- GUI: VPN Tunneling: Tinc Daemon: fix javascript error
- GUI: VPN Tunneling: Tinc Daemon: fix version number display
- README: add info about github mirror
- httpd: cgi.c: use logmsg()
- httpd: cgi.c: improve buffer handling
- httpd: cgi.c: fix for CVE-2022-28665 (TALOS-2022-1509): FreshTomato httpd unescape memory corruption vulnerability
- mssl: disable TLS 1.0 & 1.1 support for images with OpenSSL 1.1
- rc: network.c - fix IPv6 forwarding in case of 4 LANs (resolves #216)
- watchdog: fix regex which trigger dhcpFix
- Netgear R8000: correct size for board_data partition
- E4200v1 / Belkin F9K1102 (v1/v3): remove band selection (2,4 GHz OR 5 GHz) for second radio module at the GUI (basic-network)


2022.2          2022.04.07
---------------------------

Note: mainly bugfixes release.

- SDK6: update wireless driver (dual core)
- SDK7: fix 128K nvram support for RT-AC3200
- openvpn: update to 2.5.6
- openssl: update to 1.1.1n
- sqlite: update to 3.38.2
- dropbear: update to 2022.82
- uqmi: update to 2022.03.12 (44dd095) snapshot
- libcurl: update CA certificate bundle as of 2022-03-29
- build: fix 512M DRAM flagspec
- build: prevent php and miniupnpd from picking up build system libraries
- GUI: Advanced: Routing: fix adding new entries in Static Routing Table
- GUI: Advanced: Virtual Wireless: add a warning in the Notes section to not use 'virtual interfaces' on interface in Wireless Ethernet Bridge or Media Bridge modes due to possible problems
- GUI: Advanced: Virtual Wireless: add missing code for tri-band router (SDK7)
- GUI: Advanced: Virtual Wireless: also add frequency to interface drop down list when editing
- GUI: Basic: Network: also set wanX_proto to 'disabled' if given WAN is (set to) inactive
- GUI: Wake on LAN/Menu: use one notation for consistency
- GUI: Web Server: MySQL Server: add daemon status, add start/stop button (unify to nginx page)s
- others: btcheck: fix regex for checking if transmission-daemon is up (it never worked...)
- others: mycheck: simplify regex for checking if mysqld is up
- others: switch4g: simplify regex for checking if uqmi is up
- others: switch4g: only use nvram commit if it's needed
- others: watchdog: simplify regex and fix how mwanroute is called (detach)
- others: watchdog: fix regex for checking if orphaned connect-on-demand listen process is up (it never worked...)
- others: watchdog: fix for LTE proto
- others: wwansignal: simplify regex for checking if uqmi is up
- rc: nginx: align the way how it's called to other services (note: name of the service has changed from 'enginex'/'nginxfp' to 'nginx'/'nginxgui')
- rc: use nvram variables instead of globals to skip some steps during upgrade/reboot procedure; also include watchdog in that process
- rc: some fixes regarding MultiWAN + add more debug log
- rc: tinc.c: add/fix watchdog
- shared: defaults.c: initialize wanX_proto (except the 1st one) as 'disabled'
- www: tomato.js: improve error handling in displayOUI()


2022.1          2022.03.13
---------------------------

Note: DDNS Cloudflare now is using only the new method for auth - please update your settings.

- kernel: USB: serial: option: add support for Novatel USB730L enterprise mode
- kernel: HID: ignore Novatel USB730L modem
- kernel: drivers: net: usb: update ipheth module
- kernel: drivers: net: usb: ipheth: fix iOS14 tethering issues
- kernel: netfilter: xt_hashlimit: fix namespace destroy path
- kernel: netfilter: x_table: speedup compat operations
- Revert "kernel: make xt_recent built-in instead of module"
- SDK6: update wireless driver (dual core)
- kernel: ppp_generic.c - add one more check for CTF
- SDK6/SDK7: implement newer Asus TRX header
- nginx: update to 1.21.6
- tor: update to 0.4.6.10
- e2fsprogs: update to 1.46.5
- sqlite: update to 3.38.0
- miniupnpd: update to 2.3.0
- avahi: update to 0.8
- libubox: update to f2d6752 (2022-02-11) snapshot
- uqmi: update to 2022.02.02 (f254fc5) snapshot
- libcurl: update to 7.82.0
- libsodium: update to latest 1.0.18-stable
- libxml2: update to 2.9.13
- nano: update to 6.2
- xl2tpd: update to 1.3.17
- dnsmasq: update to 2022.02.25 (4732aa6) snapshot
- libcurl: update CA certificate bundle as of 2022-02-01
- build: add Linksys EA6350v2 support
- build: always add libutil to the image
- build: router: Makefile: correct when installation of zlib and sqlite is needed
- build: router: Makefile: openvpn doesn't use zlib at all...
- build: router: Makefile: explicitly specify when zlib should be added to the image
- build: Makefile: build dnsmasq with DUMPFILE option for ARM routers
- build: correct build size to 32M for R8000, correct partition offsets and size
- build: RT-AC3200: improve/change LED table if router is in Media Bridge Mode
- build: Buffalo WZR-1750DHP: add flag for 512M DRAM support
- build: Buffalo WZR-1750DHP: adjust partitions
- build: Buffalo WZR-1750DHP: rely on cfe default / init parameter (for each router)
- GUI: link wiki documentation to each relevant page - resolves #172
- GUI: advanced-mac.asp - fix saving default WAN mac addr (starting with FT 2021-8 / latest VLAN-fixes)
- GUI: (css): fix grayed out elements that cannot be modified
- GUI: advanced-misc.asp: add confirmation before rebooting the router
- GUI: add notes on pages where functionality is disabled when CTF/Broadcom FastNAT is turned on; also disable automagically QoS and BWL when CTF is enabled or BWL when Broadcom FastNAT is enabled; add notes that using QoS or Access Restriction disables Broadcom FastNAT module
- GUI: tools-wol.asp: fix typo
- GUI: advanced-mac.asp - align default wireless mac addr to wlconf setup AND FreshTomato initial mac setup (note: repair GUI wl mac setup --> GUI default and initial mac are the same now)
- GUI: Advanced: Firewall: fix IGMP proxy custom configuration textarea bahaviour
- GUI: Advanced: Routing: correct display of interfaces in Static Routing Table
- GUI: Admin: Debugging: improvements to the Debugging page (resolves #184)
- GUI: status-overview - improve ethstate if WAN port is moved to primary LAN (part 2)
- GUI: Advanced: Firewall: add 'Allow DHCP responses' option; also correct name of nvram variable/value
- GUI: Advanced: Firewall: add smart MTU black hole detection and enable it by default
- GUI: VPN Tunneling: OpenVPN Server Configuration: enlarge 'Common Name' text area to 30 chars
- GUI: change the menu labels: WOL -> WoL, Trace -> Traceroute, IPerf -> iPerf
- GUI: IP Traffic: Last 24 Hours: fix initialization of 'IPs currently on graphic' dropdown list when loading the page
- GUI: admin-access.asp: add option to enable/disable the brute force mitigation rule on port defined for GUI remote access
- GUI: USB and NAS: BitTorrent Client: correct drop down list description
- GUI: Basic: Network: fix problems with Wireless Client mode (again)
- GUI: Basic: Network: hide 'Wireless Client Mode' drop down list when given WAN is disabled
- GUI: Advanced: DHCP / DNS Client: remove 'Reduce packet size' option - no more available in udhcpc from busybox
- GUI: Administration: Admin Access: correct display order of 'Allow Remote Upgrade'
- GUI: Administration: Admin Access: change regex for 'Authorized Keys' to allow also pasting keys that start, for example, with some command
- GUI: add as an Admin option: unmount JFFS automatically as part of the upgrade process
- GUI: Overview: Device List: fix some potential problems
- GUI: Basic: Network: fix more issues when switching i.e. from 2 WANs to 1 WAN
- GUI: USB and NAS: USB Support: disable drop-down lists of NTFS and HFS/HFS+ Drivers, when support for these file systems is not checked
- GUI: advanced-vlan.asp - add Asus RT-AC56S (single-core (NOSMP) clone of RT-AC56U)
- Add ability to run custom script with start and stop of QoS: /etc/wan_qos.custom start|stop wannum
- Add more QoS overhead options for PPPoE in PTM mode and with VLAN (VDSL2)
- Add flagspec for 512M DRAM, seperate build for xr300/r6700v3 with 512M DRAM
- Correct Memory mapping for 512M DRAM (part 2) (resolves #180)
- Correct Partition and JFFS space NETGEAR routers
- IPv6: rc: services.c - add check for SLAAC and/or DHCPv6 before using global address and not link-local address for IPv6 DNS
- OpenVPN: do not add 'duplicate-cn' to server config automatically
- PPTP Server: bypass CTF (if enabled)
- WL: add roaming assistant (see GUI advanced-wireless.asp) as an option - fixes #77 (note: disabled by default; disabled for wireless client, wireless ehternet bridge and media bridge mode; recommendation: do not use bandsteering and roaming assistant features at the same time)
- adblock: filter also ipv6 addresses (resolves #200)
- avahi: cleanup: ensure entries are dead for at least 1s (fix from the upstream)
- avahi: fixed dns_sd segfaults, initialization issues, and added NDEBUGs (fix from the upstream)
- avahi: use monotonic timer when possible (fix from the upstream)
- avahi: use internal type for timers (fix from the upstream)
- avahi: do not disable timeout cleanup on watch cleanup (fix from the upstream)
- e2fsprogs: modify mke2fs.conf - default ^metadata_csum for ext4 (resolves #182)
- getdns/stubby: rdata not correctly written for validation for certain RR types (fix from the upstream)
- httpd: openvpn.c: add "route <netaddr> <netmask>" directive to downloaded OpenVPN config file when static keys are in use (because the route cannot be pushed from the "server" when using static keys)
- httpd: check key and cert pair, if they are mismatched, regenerate key and cert
- mdu: cloudflare: use new API token instead of email/globalAPIkey for auth
- multiwan/watchdog: fix even more issues including lack of default route when all WANs are down - now in such cases, default route is added to the WAN with the heighest weight
- nginx: change default server name to 'FreshTomato'
- rc: buttons.c - increase button sample time (now 500 ms) and improve robustness
- rc: dhcpc-event: fix selection of the correct prefix for two consecutive WANs
- rc: firewall.c: check more variables before applying FW rules (in some cases, there was no firewall at all)
- rc: cifs.c: fix condition for recognition when the cifs is mounted
- rc: init.c: on halt/reboot, stop syslog before removing storage/usb to avoid problems
- snmp: add patch to change snmp interface cache timeout to 1 second for realtime monitoring
- usbmodeswitch: fix for Novatel USB730L modem
- www: tomato.js: add placeholder support for <textarea> and <input>


2021.8          2021.12.25
---------------------------

- kernel: [SCSI] sd: Fix overflow with big physical blocks
- tor: update to 0.4.6.8
- nano: update to 6.0
- libncurses: update to 6.3
- libsodium: update to latest version of 1.0.18-stable
- nginx: update to 1.21.4
- util-linux: update to 2.37.2
- mysql: update to 5.5.62
- libexif: update to 0.6.24
- libcurl: update to 7.80.0
- sqlite: update to 3.37.0
- openssl-1.1: update to 1.1.1m
- openvpn: update to 2.5.5
- libcurl: update CA certificate bundle as of 2021-10-26
- build: Makefile: rp-pppoe: remove debugging information, add -Wall instead
- build: Makefile: libsodium: add CFLAGS/LDFLAGS to recipe
- build: Makefile: pass EXTRACFLAGS also to openssl/mysql/php, ensure that optimization is complete
- build: fix program memory size too small for STOCK NETGEAR firmware
- build: fix cryptic BAD TRX HEADER with actual error message that means something
- build: libsodium: build as static library
- build: add irqbalance tool with needed libraries for multi-core routers; add irqbalance to all multi-core targets
- build: busybox: compile with CONFIG_FEATURE_WGET_LONG_OPTIONS enabled
- build: patches: diskdev_cmds-332.25: add path to libcrypto.so.1.1 library, so mkfs.hfs can be linked to it instead of the old one from toolchain
- build: use --no-check-certificate for wget in scripts only when CA cert is not installed
- build: router: Makefile: transmission: do not try to built with libiconv
- build: router: Makefile: add appropriate flags when building packages to prevent use of incorrect or old headers/libraries (fixes #174)
- build: correct 128K crash partition creation
- build: correct Memory mapping for 512M DRAM
- GUI / httpd: misc.c - speed up status-overview (part 2)
- GUI: fix the display of SMS and signal level (RSSI) in some cases
- GUI: Status: Logs: escape HTML characters in log entries
- GUI: Basic: DHCP Reservation: do not allow duplicate IP - causes dnsmasq fail to start
- GUI: Basic: DHCP Reservation: allow 'dot' to be used in DHCP reservation hostname - useful for setting static records for external hosts
- GUI: Advanced: DHCP/DNS: dnscrypt-proxy: add dynamically to the page drop-down list of resolvers, so it's now possible to use alternative/downloaded file (/etc/dnscrypt-resolvers-alt.csv); also add DNSSEC and NOLOGS info to the list
- GUI: status-overview - improve ethstate if WAN port is moved to primary LAN
- GUI: status-overview - repair/show correct wireless infos (only for some Router like R6400, DIR868L ...)
- GUI: basic-network - add more options for wireless mode (AC-Only, N/AC Mixed)
- GUI: Status: Device List: change name and title of the button for 'DHCP Reservation'
- dhcpv6: remove debug info - save some space; remove unneeded file
- httpd: misc.c: fix condition for recognition when the JFFS2 partition is mounted (only for RT-AC branch)
- mdu: use 'PUT' instead of 'POST' for cloudfare to update DNS record (closes #141)
- nginx: compile with ngx_http_realip_module enabled
- patches: getnds/stubby: also add tls_ca_file to yml quote check (broken in 0.4.0)
- pdureader: avoid SIGSEGV caused by improper gcom (comgt) response
- rc: pbr.c: replace depreciated gethostbyname() with getaddrinfo()
- rc: pptp_client.c: replace depreciated gethostbyname() with getaddrinfo()
- rc: do not stop ntpd on WAN stop - only stop it on stop_services()
- rc: mwan.c: fix multiWAN routing
- rc: network.c - repair/improve function for wireless restart/start (only)
- rc: nginx.c: fix php config file
- rc: nginx: make h5ai support optional - it breaks autoindex if enabled but not used
- rc: services.c: dnsmasq: replace Asus patched max EDNS packet size with proper config file setting
- rc: services.c: also prevent Windows' DDR (Designated Discovery of Resolver) when blocking auto DoH promotion
- rc: services.c: do not add 'trust-anchors.conf' to dnsmasq config file when built without DNSSEC
- toolchain: remove unneeded libraries
- VLAN: repair vlan setup/config and adjust to FT logic (ID mapping)
- VLAN: extend/fix vlan setups
- vsftpd: remove legacy capability warning (added as a patch)
- vsftpd: restore OpenSSL-1.0 support (added as a patch)


2021.7          2021.10.15
---------------------------

Note: mainly bugfixes release.

- busybox: update to 1.34.1
- libcurl: update CA certificate bundle as of 2021-09-30
- dnscrypt-proxy: update resolvers csv file
- GUI: correct display (center) of some checkbox in tables
- GUI: Status: Overview: display 'Click to view SMS' link also for hw-ether (MIPS) module modem type
- GUI: Status: Overview: fix minor problem with reported multiWAN status
- GUI: Status: Overview: fix javascript error caused by the lack of 'wanX_ifnames' nvram values
- GUI: add blinking to Time status when it's unavailable
- httpd: openvpn.c: fix adding correct keys for client config file
- rc: dhcp.c: buffer overflow protection (snprintf) + cosmetic
- rc: dhcp.c: start_dhcpc(): use _eval() with pid to start udhcpc
- rc: firewall.c: change condition for source in 'Intercept NTP/DNS client traffic' FW rules
- rc: services.c: add 'force' to dnsmasq dhcp-option 42
- rc: service: start_ntpd(): fix start of ntpd when more arguments are given
- www: admin-config.asp: also replace '/' to '_' in filename
- www: tomato.js: fix createFieldTable() function


2021.6          2021.10.12
---------------------------

Note1: because of changes in GUI, clean your browser cache and/or use Ctrl+F5 (FF) to avoid artifacts.
Note2: because of changes in nvram variables, check your settings on 'Advanced -> DHCP/DNS -> Client (WAN)' page.

- kernel: ipv6: send NEWLINK on RA managed/otherconf changes (fix from upstream https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a394eef562d781f37a50d99cf1dfe596dc1ed96d)
- kernel: ipv6: send only one NEWLINK when RA causes changes (fix from upstream https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2053aeb69a53224717296db31b13d5b45b4f1a0e)
- openssl-1.1: update to 1.1.1l
- e2fsprogs: update to 1.46.4
- nginx: update to 1.21.3
- ntfs-3g: update to 2021.8.22
- tor: update to 0.4.6.7
- miniupnpd: update to 2.2.3
- dnsmasq: update to 2.86 
- libcurl: update to 7.79.1
- libexif: update to 0.6.23
- openvpn: update to 2.5.4
- Add Media Bridge Mode (for SDK6 and up)
- WL SDK (RT-N branch and up): turn On wl setting STBC RX
- Correct JFFS and crash memory storage R6400/R6400v2 NVRAM_128K
- build: Makefile: nettle: compile with --disable-fat
- build: Makefile: dnsmasq: switch to nettle for crypto backend
- build: allow to build dnssec and stubby independently
- GUI: Administration: Access: show 'Allow Remote Upgrade' regardless of 'Remote Access' state
- GUI: Status: Device List: fix javascript error in targets without network discovery helper
- GUI: Status: Overview: add missing space between unit and flash size/cpu clock
- GUI: OpenVPN Server: fix the case in which after removing the CA key in GUI, re-generating keys will use its old version from nvram
- GUI: OpenVPN Server: fix generation of the correct CA Key previously caused clients errors. In order to work properly, the key must be generated again both for the server and client(s).
- GUI: Status: Overview: fix toggle of WAN and Virtual Wireless nodes
- GUI: Improvements to Advanced MAC page; closes #125
- GUI: add WiFi QR Code generator to 'z' (AIO) targets
- GUI: Admin: Logging: add minimum log level watched for syslogd
- GUI: Admin: Debugging: rename console log level into Kernel printk log level (it has better meaning); add a reboot after changing log level, since we setup klogd only at init, so it is required to reboot; add Notes
- GUI: add new, improved log viewer
- GUI: Basic: Network: fix javascript freezing when more than 1 WAN has been set
- GUI: Status: Overview: fix WL label issue on some routers
- GUI: Advanced: DHCP/DNS: move some options from Client to Server section
- GUI: Admin: Configuration: add current date to backup file (closes #156)
- GUI: Status: Overview: add MultiWAN Status and button to force watchdog check manually
- GUI: advanced-wireless: - add one more example for USA country setup (Q2 / 96)
- GUI: advanced-wireless - add Protected Management Frames option
- adblock: remove inactive list (http://www.malwaredomainlist.com/hostslist/hosts.txt)
- adblock: correct url of DOH servers list
- ebtables: libebtc: fix malloc usage (fix from upstream)
- httpd: log.c: fix a bug not showing all logs when external log is configured
- OpenVPN: Server: add generated keys for client also to .ovpn configuration file
- PPTP Server: bypass CTF (if enabled)
- Revert "rc: do not restart nas services/wsdd2 on WAN up"
- rc: network.c - repair function restart_wl() and do not start radio join (again) 
- rc: services.c: start_ntpd(): eval() will wait until process quits, so use _eval() with pid; otherwise, start_ntpd() never returns
- watchdog/multiwan: fix a whole bunch of problems
- www: at.css: add icons to Connect/Disconnect buttons for Advanced themes
- www: advanced-wlanvifs.asp: fix bug causing js error


2021.5          2021.08.14
---------------------------

Note: because of changes in GUI, clean your browser cache and/or use Ctrl+F5 (FF) to avoid artifacts.

- Add mDNS (Avahi) support (https://github.com/lathiat/avahi)
- Add ZFS support for 'z' (AIO) targets (@lancethepants)
- kernel: fix from upstream for CVE-2021-22555
- Wireless Client Mode: repair that operation mode for SDK6 and up!
- SDK6: update ctf (part 3) (for single and dual-core)
- SDK7: help multiSSID setups
- WL SDK6/SDK7: turn On wl setting "probresp_sw" for wireless band steering (BSD)
- openvpn: update to 2.5.3
- getdns/stubby: update to 1.7.0/0.4.0
- ntfs-3g: update to 2021.04.05 (added handling of Windows 8/Windows 10 file systems)
- tor: update to 0.4.6.6
- tinc: update to 1.1pre18
- nano: update to 5.8
- sqlite: update to 3.36.0
- pcre: update to 8.45
- nginx: update to 1.21.1
- iperf: update to 3.10
- nettle: update to 3.7.3
- libogg: update to 1.3.5
- libpng: update to 1.6.37
- libvorbis: update to 1.3.7
- e2fsprogs: update to 1.46.3
- libcurl: update to 7.78.0
- wsdd2: update to 1.8.6
- vsftpd: update to 3.0.5
- libcurl: update CA certificate bundle as of 2021-07-05
- GUI: Admin: Access: tweaks Web Admin panel, reorder (thanks @rs232)
- GUI: advanced-wireless - adjust name/label for wl country "GB" to GREAT BRITAIN
- GUI: Advanced: Virtual Wireless: add Interface status in Details table
- GUI: Basic: Network: allow 0.0.0.0 as a valid address (in special cases) for all bridges
- GUI: NAS: File Sharing: limit samba workgroup name to 15 chars
- GUI: Tools: WOL: also show in the table devices from other than primary bridge
- GUI: Status: Device List: fix some issues with disconnected WL devices
- GUI: Status: Device List: fix some issues with WDS devices
- GUI: Status: Device List: improve IPv6 support
- GUI: Status: Device List: add images to Noise Floor level
- GUI: Status: Device List: add additional confirmation when deleting lease
- GUI: Status: Device List: display Virtual Wireless Interface reference within parentheses like bridges and vlans
- GUI: Status: Overview: do not display any virtual interface linked to the chip/frequency that is disabled
- GUI: Status: Overview: add a graphic bars to CQI1 and CQI2 LTE strenght indicator
- GUI: Status: Overview: switch 'Free' to 'Used', change order
- GUI: Status: Overview: add progress bars (thanks @rs232)
- GUI: fix a bug when scaling size is less than 10KB
- Fix container build on updated Debian 10
- busybox: add CONFIG_DIFF to configuration
- httpd: buffer overflow protection (snprintf)
- httpd: make asp_lanip() multi-lan aware
- OpenVPN: bypass CTF (if enabled)
- rstats: make it multiwan aware for daily/weekly/monthly history
- tinc: run firewall rules after bringing up the vpn. If adding custom routes into the firewall rules, the interface needs to pre-exist
- transmission: fix when runned without auth
- TTB: v3.02 change default URLs and add URL redundancy/randomisation; thanks to @rs232
- rc: do not restart nas services/wsdd2 on WAN up (fixed in recent wsdd2 update)
- rc: firewall.c: make NAT loopback work if CTF is enabled
- rc: init.c: set unique machine-id during init
- rc: mwan.c: don't log multiwan status update continually
- rc: nginx.c: add svg/svgz support
- rc: nginx.c: add h5ai support (https://larsjung.de/h5ai/)
- rc: transmission.c: TCP buffers tune, lost in one of the previous commits
- rc: services.c: add logging when starting/stopping httpd
- rc: services.c: avahi: improve generated config
- Netgear R6250 - adjust LED table (logic fix for logo LED, was inverted) 
- Netgear R6300v2 - adjust LED table (logic fix for logo LED, was inverted)


2021.3          2021.06.05
--------------------------

- SDK6: update wireless driver (dual core) - fix for FragAttacks
- kernel: drivers: net: ppp_generic.c: check pointer first
- busybox: update to 1.33.1
- tor: update to 0.4.5.8
- sqlite: update to 3.35.5
- dnsmasq: update to 2021.04.10 (3573ca0) snapshot
- openvpn: update to 2.5.2
- libcurl: update to 7.76.1
- nettle: update to 3.7.2
- nginx: update to 1.19.10
- tinc: update to d100eb0 (2021.04.15) snaphot
- nano: update to 5.7
- rp-pppoe: update to 3.15
- miniupnpd: update to 2.2.2
- adminer: update to 4.8.1-mysql-en
- libxml2: update to 2.9.12
- iperf2: update to 3.9
- minidlna: update to 1.3.0
- vsftpd: update to 3.0.4
- libcurl: update CA certificate bundle as of 2021-04-13
- getdns: fixes from upstream
- ebtables: fixes from upstream
- build: add Asus RT-AC68U V3 support
- build: add Asus RT-AC1750 B1 support
- build: add Asus RT-AC1900U support
- build: add Netgear R6900 support
- build: Makefile: switch to tinc instead of SNMP for 'e' (VPN) image
- build: Makefile: tor: compile without zstd and systemd
- build: Makefile: nano: add -fsi to autoreconf
- build: Makefile: use 'printf' command instead of 'echo', fix formatting
- build: Makefile: add libmnl to PKG_CONFIG_PATCH in libnetfilter_queue, libnetfilter_conntrack and conntrack-tools recipies
- build: common.mak: add (export) PKG_CONFIG_DIR/PKG_CONFIG_LIBDIR/PKG_CONFIG_SYSROOT_DIR env variables
- GUI: update all icons; thanks to @rs232
- GUI improvements: add interface/bridge info to the device list page and other changes; fixes #106
- GUI: Admin: Bandwidth Monitoring: fix the availability of some forms when enabling/disabling
- GUI: Advanced: DHCP/DNS: exclude ipv6 only servers if ipv6 not enabled
- GUI: Advanced: DHCP/DNS: when built with stubby add option to choose between dnsmasq and stubby for DNSSEC validation
- GUI: Advanced: DHCP/DNS: add option to force minimum acceptable TLS version to 1.3 for Stubby (required OpenSSL >= 1.1.1)
- GUI: Advanced: DHCP/DNS: fix visibility of 'DNSSEC validation method' radio group
- GUI: Advanced: DHCP/DNS: Add option to generate a name for DHCP clients which do not otherwise have one; useful for e.g. Device List page
- GUI: Advanced: DHCP/DNS: always show the 'Prevent client auto DoH' option regardless of whether the image is built with or without Stubby
- GUI: Advanced: DHCP/DNS: make 'dnsmasq custom configuration' textarea automatically stretched vertically
- GUI: Bandwidth: Last 24 Hours: fix bridge naming
- GUI: Bandwidth: WAN Bandwidth - Daily: flip from/to dates
- GUI: Basic: DHCP Reservation: do not allow multiple hostnames for a device when only associate to a MAC address (causing dnsmasq failed to start)
- GUI: basic-ipv6.asp - hide option tun mtu for case 6RD Relay (not used)
- GUI: basic-ipv6.asp - show option tun ttl for case 6rd from DHCPv4 (Option 212)
- GUI: DHCP Reservation: allow definition of hostnames for devices without static DHCP assignment (resolves #127)
- GUI: Display NETGEAR CFE version on status page
- GUI: status-devices.asp - extend IPv6 support
- GUI: Status: Device List: add network discovery helper; thanks to @rs232 for the bash script and the idea
- GUI: Status: Overview: fix displaying of static DNS when in AP mode
- GUI: Tools: Wireless Site Survey: add/change OUI search like this one on Device List page. Also, calculate the signal quality as on that page
- GUI: Virtual Wireless: add frequency to interface drop down list
- Adblock: add DoH servers to Adblock blacklist (disabled)
- BWL: add the ability to enable/disable rule and enter the description
- BWL: fix bwlimit filter conflicts due to priority value
- busybox: build with CONFIG_FEATURE_TOP_INTERACTIVE
- dnsmasq: patches: fix patch 110 - compilation error when building an image without openssl1.1 support
- cstats: replace date check with nvram ntp check instead
- flac: do not build docs, test and utility
- httpd: devlist.c: also add hostname to devlist()
- IPv6: for case DHCPv6 PD use IPv6 preferred lifetime provided by your ISP/Server for LAN0-3 (IPv6 lease time); Note: get back IPv6 connectivity faster with IPv6 addr/prefix changes. (Some ISPs provide really very low lifetimes)
- IPv6: for case DHCPv6 PD use first ethernet for DUID-LL (LLT) (and not ifb0); fixes #113; DUID used by a client or server should not change over time, therefore we use eth0 (constant) now
- IPv6: help IPv6 and advertise the link MTU in router advertisement messages
- miniupnpd: patches: remove SO_REUSEPORT option for SSDP - causing build error
- OpenVPN: Server: fix generating keys
- OpenVPN: implement kill-switch for routing policy
- PPPoE: Allow MTU up to 1500 for ISPs that support RFC 4638; Note: Jumbo frame needs to be enabled and supported (Gigabit-LAN) for the router. Clamping can be disabled manually via nvram value "tcp_clamp_disable"
- QoS: extend qos_irates and qos_orates nvram variables to 256 characters for multiwan images
- rstats: replace date check with nvram ntp check instead
- rstats: remove old history format
- stubby: only include IPv6 resolvers if needed
- transmission: add missing file in prepackaged source build for tr 3.00
- TTB: increase the time interval when trying to download the theme to 5 minutes when there are network problems
- vsftpd: add fix for CVE-2015-1419
- httpd: httpd.c: use logmsg(); add 'X-Frame-Options' in httpd response headers for better protection; more verbose logging; code improvements
- httpd: upgrade.c: erase flash file when it's not needed anymore to release more memory; clearly specify the directory from which the (www) files used later are copied - also in some color schemes .png files are needed; a few minor changes in .asp file
- httpd: wl.c - align country list code/way and sync SDK7 to newer SDK6 code
- rc: introduce new functions that remove kernel modules (grouped by type), used when disabling/removing USB support or on reboot/upgrade the router
- rc: add g_upgrade global variable - used to skip several unnecessary delay and redundant steps during upgrade procedure
- rc: do not stop inactive services, also mute unwanted log messages about it
- rc: dhcpd: discard old format of dhcpd_static
- rc: dnsmasq: add the ability to forward local domain queries to upstream DNS (default disabled)
- rc: firewall: rate limit ipv6 ping when allow ping request disabled
- rc: init.c: try to write all pending modifications/cache data before reboot
- rc: init.c: give at least 30 secs instead of only 20 secs before enforcing a system reset during reboot
- rc: init.c: kill all instances of pppd/xl2tpd on reboot/halt
- rc: services.c: dnsmasq: disable negative caching
- rc: transmission.c: fix issue while stopping daemon (resolves #131)
- samba: enable pthread
- shared: id.c: cosmetic for RT-AC67U detection details/infos
- switch3g: add search for every possible visible usb device as a last resort when vendor/product is not available
- switch4g: add search for every possible visible usb device as a last resort when vendor/product is not available
- www: advanced-dhcpdns.asp: fix javascript error in case when the image is built without IPv6 support
- www: basic-static.asp: abandon the old nvram dhcpd_static format; Note: the allowed notation of the IP address also changes (one octet => full IP), ie "200" => "192.168.1.200" (to be synced with other places), so if using the old one, re-enter reservations again
- www: basic-network.asp: fix page when WL module is removed
- www: bwm.c: extend allowed size of restored cstats/rstats backup file
- www: at*.css: align "About" description to the left
- www: tomato.js: fix problems with refresh time, when using more than one refresher
- www: wireless.jsx: fix the radio frequency display (2.4 / 5GHz) for dual-band WL devices
- www: small fixes for older browsers


2021.2          2021.03.28
--------------------------

- SDK6: update wireless driver (dual core); 6.37 RC14.126 wl0: Feb  4 2021 16:49:59 version 6.37.14.126 (r561982)
- e2fsprogs: update to 1.46.2
- nano: update to 5.6.1
- nfs-utils: update to 1.3.5-rc6
- nginx: update to 1.19.7
- openssl: update to 1.1.1k
- openvpn: update to 2.5.1
- pppd: update to 2.4.8
- tor: update to 0.4.5.6
- sqlite: update to 3.34.01
- libcurl: update CA certificate bundle as of 2021-01-19
- build: Makefile: enable CRASHLOG by default on AIO targets
- GUI: Admin: Logging: add 'Drop duplicates' option
- GUI: Admin: Debugging: add the ability to disable cache in the httpd daemon
- GUI: Advanced: DHCP/DNS: add warning to dnscrypt-proxy/Stubby priority option regarding possible DNS leak
- GUI: Advanced: Wireless: remove 'AP Isolation' option because it's already on 'Virtual Wireless' page (where it's also possible to use this option with virtual interfaces)
- GUI: Advanced: VLAN: improvement to the page; fixes #104
- GUI: Advanced: VLAN: add marking that the given WL is turned off
- GUI: Advanced: VLAN: use the same port order as on Overview page
- GUI: Basic: Network: disable DNS and set to Auto if dnscrypt/Stubby with No-Resolv is enabled (except for static proto); fix variable in for loop
- GUI: basic-network.asp - in case wan disabled (for ex. wireless bridge) make sure to use static dns
- GUI: Basic: Network: fix LTE/3G fields checker (this mode can only be set to one WAN)
- GUI: Basic: Network: fix problems with Wireless Client mode
- GUI: Status: Overview: correct Connect/Disconnect buttons behaviour; fixes #103
- GUI: Status: Overview: correctly display used DNS
- GUI: change default colours of all speed graphs to Blue & Orange
- GUI: modification to QoS and Bandwidth/IP-Traffic pages; fixes #79
- GUI: update signal bar and ethernet images; thanks to @rs232
- GUI: change of naming convention for WANs and LANs; also for WLs
- adblock: fix the issue when only a custom black list is added (without any URL defined), dnsmasq restarts every 5 minutes
- busybox: ntpd: fix the case where two replies received at once and first one causes a step; fix from upstream
- busybox: enable CONFIG_FEATURE_SYSLOGD_DUP
- busybox: ntpd: add -t switch to disable rfc4330 cross-check, parameters tuning
- busybox: use CLOCK_MONOTONIC instead of gettimeofday
- dhcp6c: use monotonic time if possible
- ebtables: libebtc: Open the lockfile with O_CLOEXEC; fix from upstream
- httpd: some changes to gencert.sh and httpd.c
- httpd: add IP when logging bad password attempt; fix incorrect sizeof() in strlcpy() (line 820+)
- iptables: fix default location of l7-protocols of iptables userspace components
- iptables: fix save formatting for libipt_layer7
- iptables: fix save formatting for libipt_ipp2p
- openvpn: vpnrouting.sh: fix removal of firewall rules
- pppd: use monotonic time if possible
- QoS: statistics and classification not available in Cake mode
- rp-pppoe: use monotonic time if possible, added as a patch
- rc: nfs: add threads support
- rc: openvpn.c: don't allow duplicate-cn while in non-exclusive config-dir mode
- rc: openvpn.c: only add 'username-as-common-name' to server config if user/pass auth only is checked
- rc: further tweaks to ntpd handling on wanup
- rc: services.c: also restart httpd on ntp sync
- rc: adjust new ntpd handling for case wan disabled (time was not working after boot up; bridge mode and AP only)
- stubby: update resolvers file
- stubby: add location of alternative configuration file (/etc/stubby/stubby.alt) to bypass stubby UI configuration; fixes #108
- tomatoanon: fix script
- watchdog: fix problems with DHCP on multiwan
- watchdog: also use temporary added route for WAN check in case of failover
- www: advanced-dhcpdns.asp: fix javascript error on images without OpenVPN
- www: .asp: fix potential problem with _service input field
- www: basic-time.asp: fix potential problem with _service input field; display Router Time (almost) in real time
- www: add Status_Router.asp with current IP (only WAN) for ddclient; use '-use=linksys-wrt854g' as a supported router (https://sourceforge.net/p/ddclient/git/ci/master/tree/ddclient)
- IPv6: adjust linux setup and make it more stable


2021.1          2021.02.20
--------------------------

- kernel/kernel sdk7: net sched: Pass the skb into change so it can access NETLINK_CB
- kernel/kernel sdk7: pkt_sched: namespace aware act_mirred
- kernel/kernel sdk7: ifb: dont hard code inet_net use
- kernel/kernel sdk7: backport CAKE SQM scheduler and needed kernel functions
- kernel/kernel sdk7: add wireguard support
- kernel/kernel sdk7: add Wireguard v1.0.20201221
- busybox: update to 1.32.1
- iptables: update to 1.8.7
- nano: update to 5.5
- igmpproxy: update to 0.3
- nettle: update to 3.7
- nginx: update to 1.19.6
- miniupnpd: update to 2.2.1
- dnsmasq: update to 2.84
- tor: update to 0.4.4.7
- adminer: update to 4.8.0
- e2fsprogs: update to 1.46.1
- libsodium: update to 1.0.18-stable
- build: add support for Netgear XR300
- build: add support for Belkin F9K1113v2 router
- build: docker: add docker image for building
- build: add Wireguard tools
- build: SDK6: small update/addendum for new wireless drivers (single- and dual-core) *.126 Year 2020
- build: SDK6: update wireless driver (dual core)
- build: Makefile: e2fsprogs: include badblocks applet in image
- GUI: move stubby, dnscrypt-proxy and some other options to Advanced -> DHCP/DNS
- GUI: use Advanced/VLAN instead of Basic/Network for WAN bridging; - the old method only caused bugs in the GUI and confusion
- GUI: Status: Overview: corrections and fixes; - display more info in real-time; - in case of Wireless Client mode, stick to Signal Quality (like on Device List page), not SNR (signal value to the noise value)
- GUI: change default colours of speed graphs to Blue & Orange
- GUI: Bandwidth & IP Traffic - make it possible to show (save) values up to 500 Mbit/s (for last 24 hours, Daily, ...)
- GUI: advanced-dhcpdns.asp - add Fast RA mode option
- GUI: Web Server: Nginx & PHP: use ajax to Start/Stop button
- GUI: Status: Overview: use ajax for all buttons
- GUI: Admin Access: use ajax for Start/Stop sshd and telnetd buttons
- GUI: Advanced: Firewall: add the ability to configure udpxy upstream interface
- GUI: USB and NAS: Media Server: use ajax for all buttons
- GUI: VPN Tunneling: Tinc: use ajax for all buttons
- GUI: VPN Tunneling: PPTP Client: use ajax for Start/Stop button
- GUI: Port Forwarding: UPnP/NAT-PMP: use ajax for all buttons
- GUI: VPN Tunneling: OpenVPN Client: use ajax for all buttons; also refresh status tile automatically
- GUI: VPN Tunneling: OpenVPN Server: use ajax for all buttons; also refresh status tile automatically
- GUI: Tunneling: OpenVPN Server: allow empty string as a static key in case it's located elsewhere
- GUI: Tunneling: OpenVPN Server: add auth file (if needed) for generated client configuration; fix client number in generated certificate; some code improvements
- GUI: remove unneeded footer messages when using Start/Stop/etc. buttons
- GUI: implement GUI and nvram variables for CAKE AQM QoS
- DDNS: add Duck DNS support
- iproute2: tc: cross-port cake support to tc from tc-adv project
- Major QoS improvements. Harmonize all uses of firewall marks between VPN, wan PBR, BWLimit and QoS
- miniupnpd: only build miniupnpd exe; also build with HAVE_IP_MREQN
- multiwan: reduce and flush the route cache to ensure a more synchronous load-balancing across multiwan
- multiwan: also allow to init state file with value "1" instead of "0" - it could speed up connection process in some cases
- multiwan: improvements for GUI and connection time; - show real WAN status on Status->Overview page; - time needed to connect WANs (traffic) has been reduced twice
- busybox: enable CONFIG_FEATURE_SWAPONOFF_LABEL
- openvpn: masquerade all client outbound traffic regardless of source subnet
- openvpn: ignore unsupported ipv6 push configurations for ovpn client
- QoS: re-enable View Details without having to enable QoS itself; - it works actually only on MIPS routers; - in ARM: TBD (now need to enable/disable QoS for it to work)
- SNMP: tune recipe: add 2 more modules, set default snmp level to 2, set enable-mfd-rewrites
- stubby: add full GUI support; based on @RMerlin work (thanks!)
- stubby: tweak config: tls_query_padding_blocksize and idle_timeout
- rc: log when calling a nonexistent service
- rc: add logger to QoS and BW Limiter
- rc: restart nas services/wsdd2 on WAN up; - temp workaround for issue with wsdd2
- rc: bwlimit.c: add start/stop options and in only one exe file (like in QoS)
- rc: firewall.c: tune some params in NAT performance tweaks
- rc: interface.c: add possibility to set mtu in _ifconfig()
- rc: misc.c - adjust killall_tk_period_wait() (100 ms instead of 1 sec)
- rc: network.c: adjust and update host DHCP relay code
- rc: openvpn.c: enable multihome for UDP servers when in multiwan mode (required as the router has multiple interfaces and we don't bind to a specific one)
- rc: openvpn.c: fix firewall rules for ovpn server when [udp/tcp]4/6 is selected
- rc: openvpn.c: another attempt to obtain an automatic restart after the client/server dies
- rc: services.c: name of the service could be "jffs" or "jffs2"
- rc: wan.c: do not send user/password when empty in PPP3G proto
- IPv6: rc: services.c - use global address and not link-local address for DNS 
- rc: do not restart WAN for changes on BW Limiter page when nocat is disabled
- rc: remove redundant parameter from start_wan() and start_wan_if() functions
- shared: shared.h - adjust preprocessor conditons for SDK7
- rc/shared: do not redefine functions in different folders! It already cost me a lot of time... Also move killall_tk_period_wait() to libshared
- www: advanced-dhcpdns.asp: fix javascript error in VPN builds
- www: advanced-dhcpdns.asp: fix javascript error if image built without dnscrypt-proxy
- www: restrict-edit.asp: change wait time to 3 secs; cosmetic
- www: tomato.js: fix wrongly treated input delay value in TomatoRefresh.initPage
- www: qos-settings.asp: restart BW Limiter automatically when disabling QoS, also show/hide notice when needed
- www: qos-settings.asp: automate fq_codel enabling when using only SQM
- www: qos-settings.asp: improved 'Classify traffic' checkbox
- R1D Xiaomi: change/fix LED table


2020.8          2020.12.19
--------------------------

- kernel SDK6: small update for bridge (sync with asus src)
- kernel SDK6: netfilter: nf_conntrack_core.c - small update and add one more check; Note: align/sync with asus src
- kernel sdk7: QoS: fix definitely ingress system; two modules needed for operation were not built; mirred sched needed patch
- kernel: netfilter: ebtables: convert BUG_ONs to WARN_ONs
- kernel: netfilter: ebtables: fix a memory leak bug in compat
- kernel: netfilter: ebtables: compat: reject all padding in matches/watchers
- kernel: net_sched: fix datalen for ematch
- SDK6: update wireless driver (dual core) - 6.37 RC14.126 wl0: Aug 10 2020 17:00:56 version 6.37.14.126 (r561982)
- SDK6: small update for et (sync with asus src); Note: ARP skip ctf
- SDK6: update ctf (part 2) (for single and dual-core) 
- SDK6: update NAS / Network Authentication Server
- SDK7: update NAS / Network Authentication Server; Note: only binary blob
- SDK7: router: wlconf: use src files / compile from src
- SDK7: GUI: keep the current wireless noise floor value(s) on device list page - now it's supported
- SDK7: update wl util; Note: GPL 300438252287 / only blob
- SDK7: update emf / igs; Note: GPL 300438252287 / only blob
- openssl-1.1: update to 1.1.1i
- openvpn: update to 2.5.0
- nano: update to 5.4
- nginx: udpate to 1.19.5
- php: update to 7.2.34
- dropbear: update to 2020.81
- xl2tpd: update to 1.3.16
- iptables: update to 1.8.6
- busybox: update to 1.31.1
- tor: update to 0.4.4.6
- SNMP: update to 5.9; clean sources, add patches instead
- igmpproxy: update to 78eda58 (2020-09-05) snapshot
- udpxy: update to 1.0-25.1
- miniupnpd: update to 2.2.0
- adminer: update to 4.7.8
- gmp: update to 6.2.1
- sqlite: update to 3.34.0
- uqmi: update to 2020.11.22 (0a19b5b) snapshot
- wsdd2: update to 2020.11.19 (e0cf50d) snapshot
- libcurl: update CA certificate bundle as of 2020-10-14
- build: add wireless band steering feature (turned off by default); WARNING: if someone wants to enable this feature - should do a clean update (or adjust the values manually)
- build: add Netgear R6700v1 support
- build: add Asus RT-AC67U Support
- build: add Asus RT-N66U C1 support (almost the same like RT-AC66U B1)
- build: correct R6400, R6400v2 and R6700v3 board_data partition offset and size to fix board data from being overwritten by jffs
- build: harmonize BW Limiter filenames, service name, variables names, etc., also in NVRAM; it was a real mess...; Note: those using BW Limiter must either manually rename the variables in NVRAM or enter the values from scratch
- build: update R1D leds Blue for Internet as original fw, Red for diag
- build: changes in patch_files macro
- build: librt is required on every target with USB support (for e2fsprogs)
- IPv6: extend GUI status page (status-overview.asp) - show IPv6 WAN DNS addresses
- IPv6: send ICMPv6 RSes only when RAs are accepted; see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v3.19&id=026359bc6eddfdc2d2e684bf0b51691649b90f33
- IPv6: unify logic evaluating inet6_dev's accept_ra property; see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v3.19&id=aeaf6e9d2f49d793d3eb8c1af4095cf25e061b94
- IPv6: make 'addrconf_rs_timer' send Router Solicitations (and re-arm itself) if Router Advertisements are accepted; see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v3.19&id=9ba2add3cf5c103b7236f82a023c8ee05a51e4d1
- IPv6: split IPv6 / IPv4 up and down logic (they work independent of each other now)
- GUI: openvpn: remove option to enable/disable NCP (deprecated)
- GUI: openvpn: make Data Ciphers (ncp-ciphers) editable
- GUI: openvpn: only use the old --cipher setting in static key mode; remove obsolete hmac digests from server options (leave them in client for compatibility)
- GUI: openvpn: add stub/stub-v2 compression support to OpenVPN client
- GUI: openvpn: implement tls-crypt-v2 support
- GUI: openvpn server: fix bug with generating client configuration in 'secret' mode; also add some more checks
- GUI: openvpn server: implement 'Serial number' for generated client configuration in 'tls' mode
- GUI: openvpn server: implement CRL file
- GUI: openvpn client: distinguish between remote-cert-tls and verify-x509-name options
- GUI: openvpn: fix formatting
- GUI: advanced-wlanvifs.asp - add AP Isolation setting also for VIFs
- GUI: Admin: Debugging: add Clear Cache link (removes all Storage Object item for domain/IP address)
- GUI: also add localStorage.clear() on admin-upgrade and admin-access pages
- GUI: basic-network.asp - repair scan button function and provide control channel at wireless survey
- GUI: improvement to shutdown() - added 2nd pop-up with confirmation
- GUI: Advanced: DHCP/DNS: extend allowed dnsmasq custom configuration text area to 4096 characters
- GUI: MultiWAN Routing: extend Domain field to 70 characters
- GUI: QoS Graphs: fix displaying correct number of connections for the lowest priority class in BW Distribution
- GUI: tinc: properly format the display of information on the Status page; fixes #71
- GUI: Admin: Debugging: add possibility to enable segfault logging to syslog
- GUI: Advanced: Firewall: simplify the part with WAN behavior for ping and traceroute
- GUI: advanced-wireless - restrict tx power range (for very low values); Via GUI we allow a tx power range in mW from 5 to 1000 or default value 0 (-1 will be used for the wl driver) --> AVOID 1-4 mW area; see latest findings https://www.linksysinfo.org/index.php?threads/tenda-ac15-ac1900-tomato-firmware-support.71709/page-14#post-321389
- adblock: update blacklist URLs
- busybox: add time and getopt applets
- dnsmasq: add default edns_pktsz
- dropbear: use common random source for ltm
- dropbear: libtommath: enable fixed cutoffs as size-optimization
- firewall: allow incoming IPv6 from br0 to br3 (and align also to IPv4); fix issue #75
- firewall: adjust limit connection attempts (ssh/telnet) for IPv6 (and align to IPv4 --> remove incoming device, apply to all)
- getdns: listeners reply returned wireformat (fix from upstream, issue #430)
- iproute2: updates from upstream
- MOTD: only display Wireless info if that radio is enabled
- MOTD: fix motd and remove ethstate leftovers
- multiwan: in case of multiwan, don't set default gateway route. mwanroute script will handle this
- multiwan: mwan_load_balance: if connection is down, clear old mwan state
- multiwan: make watchdog less destructive to the routing table (only modify route of test hosts); change default checker to curl
- watchdog: new method of checking without breaking existing connections to the check hosts
- watchdog: fix incorrect ISPPPD check and condition
- ntp: implement ntp server properly
- openvpn: extend data-cipher length as per the ovpn documentation
- openvpn: switch to the subnet topology, instead of the deprecated net30 topology; Ref: https://community.openvpn.net/openvpn/wiki/Topology#Topologysubnet
- openvpn: ensure DHCP doesn't override our default route (fixes TAP+DHCP)
- openvpn: hide build date
- openvpn: add 'mode p2p' option to generated client config if auth mode is static
- openssl: conf: add extendedKeyUsage also to usr_cert section
- pppd: fix/correction for commit IPv6: split IPv6 / IPv4 up and down logic (see https://bitbucket.org/pedro311/freshtomato-arm/commits/d365748b8f458a196a6351849f0aa985263bd1b0); fix for: PPTP Server and Client not working anymore
- pppd: add two patches from openwrt: retain foreign default routes on Linux, remove runtime kernel checks
- vpnrouting: do not add local routes if in PBR strict mode; also use 'via $route_vpn_gateway' if available
- vsftpd: add native support for basic ftp_tls using router httpd cert/key
- httpd: openvpn.c: fix generation of client configuration file for user&pass/user&pass only Auth
- httpd: fix problems with server.pem key when using HTTPS
- httpd: ctnf.c: use ifb instead of imq for ARM, as a ingress system not only for default WAN
- httpd: use UTF-8 decoding for SSIDs
- www: vpn-tinc.asp: fix typo (also fixes #60)
- www: fix escapeCGI to properly encode unicode
- defaults.c : disable IP Traffic (cstats) Monitoring feature by default and save cpu workload; In additon disabling cstats avoids the waring/note at basic-network.asp that netmask should have at least 22 bits (255.255.252.0); fix issue #72
- rc: firewall.c: use REDIRECT target instead of DNAT to intercept dns traffic, as it's more efficient
- rc: firewall.c: raise a little allowed hit count in BF protection for remote GUI access (part 2 for IPv6)
- rc: firewall.c: only intercept udp requests to port 123, ntpd does not listen to tcp
- rc: firewall.c: be more restrictive, only allow ICMP messages we need
- rc: openvpn.c: add keepalive to client config
- rc: openvpn.c: client: fix ineffective "route" directives when PBR active; discussion: https://www.linksysinfo.org/index.php?threads/openvpn-client-bug-flaw-ineffective-route-directives-when-pbr-active.75941/
- rc: ppp.c: - set nvram "wan_iface" also in case IPv6 link up (function ip6up_main()); fix for: ipup_main() not yet (or later) called --> nvram variable "wan_iface" needed for function start_dhcp6c()
- rc: pptp.c - small fix for SDK Update
- rc: services: adjust function start_dnsmasq() and check wireless bridge after stop_dnsmasq(); fix for: in wireless ethernet bridge mode, router time not working anymore
- rc: qos.c: fix typo in DEV name
- rc: qos.c: fix illegal match, no SELECTOR like ipv6
- rc: wan.c - adjust function config_pppd() and start/add IPv6 only for "wan" (no IPv6 multiwan support)


2020.6          2020.09.25
--------------------------

Note: due to the WL (re)tuning and new WL drivers, users with WIFI problems after upgrading to 2020.6, should use clean install (clean NVRAM, no backups, see "important" in 2020.3 section)

- SDK7: update part 1 Note: sync SDK7 with ASUS SRC and also stay closer to SDK6
- SDK6: update wireless driver to fix Kr00k (single core)
- SDK6: update wireless driver to fix Kr00k (dual core)
- SDK6/SDK7: merge (missing) CTF fixes/changes (part 1)
- kernel SDK7: update drivers to SDK6 versions
- kernel: netfilter: xt_recent: add address masking option (ported from upstream)
- kernel: netfilter: xt_recent: fix namespace destroy path
- kernel: netfilter: xt_recent: avoid high order page allocations
- kernel: make xt_recent built-in instead of module
- kernel: update ipt_webmon module, so it works also for https connections
- kernel: drivers: net: usb: qmi_wwan: fixes/updates from upstream
- kernel: drivers: net: usbnet: Fix -Wcast-function-type
- kernel: drivers: net: usb: updates from upstream 
- kernel sdk7: hso: fix memory leak in hso_create_rfkill()
- kernel sdk6: drivers: net: pppoe.c: apply patch from SDK7 branch
- kernel: usb: remove unused bitmap #define from hcd.h
- kernel sdk6: net: bridge: br_multicast.c - Disable bridge multicast_snooping by default because it can interfere with EMF and other multicast things
- kernel: include: dst.c: disable WARN_ON_ONCE()
- kernel: net: core: dev.c: updates from upstream; fix compiler warnings
- busybox: clean sources of 1.25.1, add patches instead
- dnsmasq: update to 2.82
- libcurl: update to 7.72.0
- libjson: udpdate to 0.15 (20200726)
- nano: update to 5.2
- nginx: update to 1.19.2
- php: update to 7.2.33
- sqlite: update to 3.33.0
- openvpn: update to 2.5_rc1
- tor: update to 0.4.4.5
- transmission: update to 3.00
- libcurl: update CA certificate bundle as of 2020-07-22
- system: add option to adjust tcp/udp buffers and thresholds
- build: update logic how to apply patches
- build: rom: use a local copy of ca-certificates file when unable to download
- build: disable JFFS support for target 'r6400e/z' (R6400/R6400v2/R6700v3) because of problems
- build: e2fsprogs: tune recipe; add more tools (tune2fs, badblocks); add config file for e2fsck; move them to /usr/sbin, where they should be
- make: build the modules needed by apcupsd standalone - the way it is done so far only (unnecessarily) increases the kernel size, and we don't need amazing performance here and I bet 95% of users don't use it
- WL: add clm data for documentation (definition of channels, regions, ...)
- for routers with amplifiers, increase possible range to 1000 mW (30 dBm)
- implement option to prevent Firefox's automatic usage of DoH
- DNS: fix the bug even when WAN DNS server is set to Auto, still using what was previously entered in the Manual DNS field
- router: fix build of libFLAC in some cases
- remove libuuid checking in miniupnpd build
- fix building router/conf on GCC 10 compiler on host 
- MULTIWAN: rc: dhcp.c: call function mwan_table_del(prefix) for dual WAN and multi WAN setups
- MULTIWAN: rc: dhcp.c: call function mwan_load_balance() for dual WAN and multi WAN setups
- IPv6: adjust start and stop logic
- GUI: Status: Device List: also deauthenticate device when deleting DHCP lease
- GUI: advanced-wireless.as - reboot the router if the user wants to change the wireless country
- GUI: status-devices.asp - show RX / TX values (again)
- GUI: SDK6: keep the current wireless noise floor value(s) on device list page
- GUI: Device List: better match the pictures to the signal level
- GUI: advanced-wireless.asp - make it possible to select country rev
- GUI: advanced-wireless.asp: when changing country settings for the wireless driver, also change bootloader default values (long version; short version already in place)
- GUI: advanced-wireless.asp - hide option Bluetooth Coexistence for 5 GHz wireless interfaces
- GUI: advanced-wireless.asp - hide option Turbo QAM for 5 GHz wireless interfaces
- GUI: include AdvancedTomato font into the css stylesheet
- iptables: fix save formatting for libipt_webst, libipt_account, ROUTE target, TRIGGER target
- iptables: fix list formatting for ROUTE target
- iptables: fix match for ipt_account
- iptables: fix handling ICMPv6 reject --with-tcp-reset
- httpd: update the way how failed GUI login attempts are added to log
- rc: firewall.c: raise a little allowed hit count in BF protection for remote GUI access
- rc: network.c: do not unload the wifi driver by default Note: avoid reboot problems
- rc: fix segfault in dhcpc-release and dhcpc-renew when run without arguments
- rc: dnsmasq: reject wpad hostname (protect against VU#598349)
- rc: mwan.c: adjust function mwan_table_del() and remove only active and valid DNS
- rc: wan.c: do not restart wireless at function start_wan()
- rom: Makefile: fix downloading dnscrypt-proxy resolvers file
- shared: defaults.c: adjust redial period to 20 seconds; note: this (minimum) waiting time helps with dual-stack to get a fresh IPv6 setup
- shared: defaults.c: don't prioritize AES-256 over AES-128 (no AES acceleration)
- openvpn: try to use CHACHA20-POLY1305 (if supported by the remote end) on routers without AES acceleration
- openvpn: disable compression by default
- openvpn: update config file generation for OpenVPN 2.5 (also fixes #57)
- www: tomato.js: add SameSite=Lax also when deleting cookies
- Remove Board ID for Charter specific routers, only have OEM board ID
- Add Charter specific board ID for initial file, update make file to generate init file
- update version (in cfg file) to "V1.0.12.99" due to NETGEAR mandating no downgrades and having a limit on how high the new version can be
- R8000: do not enable air time fairness by default (note: user can enable/disable it at the GUI)
- Asus RT-AC56R: provide 80 MHz channels for USA default country
- All Router (SDK6/SDK7): change country default setup


2020.5          2020.07.17
--------------------------

Note: mainly bugfixes (see *)

- kernel: r2q change message from priority WARNING to priority DEBUG
- WL: update wireless driver for SDK7 to GPL 382.52287 (Kr00k)
- (*) firewall: fix commit 31a8eb0 (brute force mitigation rule on port defined for GUI remote access) - increase hitcount / lower period of time (hardcoded)
- libevent: update to 2.1.12-stable
- tor: update to 0.4.3.6
- libcurl: update to 7.71.1
- (*) GUI: advanced-wireless.asp: when changing country for WL driver, also change its short version - 'ccode'
- httpd: add to log failed GUI login attempts
- www: tomato.js: add SameSite=Lax when creating cookies
- (*) www: clearcookies.asp: remove the comment left when debugging
- (*) Netgear Router (all supported): Raise revision level (again)
- (*) Asus RT-AC56R: improve/fix support with new wifi driver (*.126)
- (*) Asus RT-AC56U/R: do not unload wifi driver


2020.4          2020.07.10
--------------------------

Note: Users with WIFI problems after upgrading to 2020.3, should use clean install here again (clean NVRAM, no backups, see "important" in 2020.3 log); this also applies to all upgrading from earlier versions.

- kernel: backport support for setting a default qdisc
- kernel/kernel sdk7: enable kernel network namespaces and veth for AIO targets
- kernel/kernel sdk7: netns: Deduplicate and fix copy_net_ns when !CONFIG_NET_NS 
- kernel/kernel sdk7: net: huawei_cdc_ncm: remove redundant assignment to variable ret 
- kernel/kernel sdk7: net: usb: qmi_wwan: remove redundant assignment to variable status
- toolchain: brcm-arm-toolchains update; newer uClibc 0.9.33.2 with NPTL enabled
- build: kernel: enable HIDRAW for UPS support in apcupsd
- SDK6: update EMF / IGS and utilities finally - use src files / compile from src
- add and enable Conntrack Userspace Tool for VPN/AIO targets (Thanks to @Not Sure)
- add diskdev_cmds-332.25 (hfsprogs) to the tree with patches
- add HFS/HFS+ support (also with tuxera driver)
- enable Open HFS/HFS+ driver on all targets
- enable Tuxera HFS/HFS+ driver on targets: ac68e/ac68z (RT-N18U, RT-AC56U, RT-AC68U, RT-AC68R, RT-AC68P, RT-AC66U_B1, RT-AC1900P VPN/AIO); ac15e (Tenda AC15 VPN); ac18e/ac18z (Tenda AC18 VPN/AIO)
- enable crash log by taking space from the end of the jffs2 partition (as an option)
- fix panic due to incorrect check of error pointer when proc_ns_fget fails
- enable Tuxera HFS/HFS+ driver on all ac3200_ (RT-AC3200) targets
- adminer: update to 4.7.7
- libyaml: update to 0.2.5
- php: update to 7.2.31
- tor: update to 0.4.3.5
- libcurl: update to 7.71.0
- e2fsprogs: update to 1.45.6
- nettle: update to 3.6
- iptables: update to 1.8.5; add conditional compilation with libnetfilter_conntrack to enable <20>connlabel match<63> support
- libnetfilter_conntrack: update to 1.0.8
- conntrack-tools: update to 1.4.6
- libexif: update to 0.6.22
- nano: update to 4.9.3
- nginx: update to 1.19.0
- sqlite: update to 3.32.3
- rp-pppoe: update to 3.14
- libnfsidmap: update to 0.27
- libjson-c: update to 1c6086a (2020.05.31) snapshot
- dropbear: update to 2020.80; remove patch 102-fix-cbc_mode-cant-be-fully-disabled - already in upstream
- portmap: update to 4836a4a (2014-06-23) snapshot; remove unneeded patch - already in upstream
- iproute2: clean sources of 3.19.0, add patches instead
- accel-pptp: clean sources of 0.8.5 add patches instead
- switch4g: fix modem reset, it works at last
- SNMP: add device name and FW version to nsExtendOutput table
- MDU: send User-Agent also in case of Custom url
- samba: add protocol selection options (SMBv1, SMBv2, SMBv1 + SMBv2); make SMBv2 + SMBv1 the default (no change)
- samba: configuration tune up
- dropbear: strip version from ident
- firewall: openvpn: fix duplicate openvpn rules on wan/openvpn restart
- firewall: retry failed iptables-restore in a few secs
- firewall: add a brute force mitigation rule on port defined for GUI remote access
- openvpn: fix multiple issues in stopping vpn services
- openvpn: set up firewall in correct order - before starting openvpn but after stopping it
- openvpn: shutdown all running servers/clients on wan stop and remove tunnel modules
- openvpn: ensure duplicate-cn is set as default if not specified
- openvpn: no longer dump stats to system log
- openvpn: in case of openvpn unexpectedly dies - flush tun IF, otherwise openvpn will not re-start (required by iproute2)
- GUI: advanced-wireless.asp: set interference mitigation mode correctly for ARM
- GUI: advanced-wireless.asp: adjust note/comment for transmit power option
- GUI: advanced-wireless.asp: hide wifi option Turbo QAM for NON-AC hardware modules
- GUI: extend advanced-wireless.asp / Wireless Multicast Forwarding (no new GUI options)
- GUI: Admin Restrictions: change permitted value for Limit Connections Attempts (fixes #44)
- GUI: Advanced: Wireless: changes for new default settings; Thanks to @rs232
- GUI: Advanced: Wireless: check TxBF support (v2); note: Turn off and hide TxBF options if needed!
- GUI: Admin Access: SSH Daemon: add ed25519/ecdsa to the allowed authentication keys; also fix the regexp/code to check the entire field, not just the first line
- GUI: Administration: Upgrade: fix missing css when loading reboot.asp
- GUI: NAS: USB support: add info on how to create an ext4 file system that will be compatible with FreshTomato ARM
- GUI: basic-network.asp - hide and disable wan options/settings if the user selects/enables wireless bridge mode
- router: Makefile: snmp: tune recipe; add only needed mibs; enable logging (/var/log/snmpd.log)
- router: Makefile: OpenVPN: use the iproute2 ip tool instead of ifconfig
- router: httpd: limit SSL certificate to 13 months if clock has been set; new Apple initiative to force removal of possibly compromised certs 
- router: rc: network.c: change/adjust requirements for vhtmode and vht_features
- router: rc: mtd.c: skip bad blocks during erase
- router: shared: defaults: change wifi radio powersave mode; turn it off by default now (align to ASUS)
- router: shared: defaults: change wifi rxchain powersave mode; turn it off by default now
- router: shared: update ifaddrs.c
- router: www: advanced-routing.asp: remove Mode option - it has <20>undocumented<65> secondary effects
- rom: simplify ca-bundle update (also fixes #43)
- EA6200: set nvram value "band" correct for this router (5 GHz module first)
- DIR868L: Workaround to show 32 KB threshold at the GUI that should not be crossed right now!
- R7000: do not enable air time fairness by default
- DIR868L rev a/b/c: adjust default wifi country to SG (note: avoid using wildcard #a)
- R6400v2 / R6700v3: improve/fix support for SDK6 (no change for other routers) 
- DIR868L: do not enable vhtmode and vht_features for 2G wifi module (Note: prevent/avoid problems on older/cost optimized/partly NON-AC hardware)
- R6400v1: do not enable vhtmode and vht_features for 2G wifi module
- EA6350v1 / EA6200: do not enable vhtmode and vht_features for 2G wifi module
- Netgear R6250: do not enable vhtmode and vht_features for 2G wifi module
- Netgear R6300v2: do not enable vhtmode and vht_features for 2G wifi module
- Netgear R6400v2 / R6700v3: do not enable vhtmode and vht_features for 2G wifi module
- Xiaomi R1D: do not enable vhtmode and vht_features for 2G wifi module
- Asus RT-AC56U: do not enable vhtmode and vht_features for 2G wifi module
- EA6400 / EA6500v2 / EA6700: do not enable vhtmode and vht_features for 2G wifi module


2020.3          2020.05.09
--------------------------

!!!IMPORTANT (applies to all routers)!!!
- Due to the new WL driver and the required changes in NVRAM, for the update process select a new image AND CHECK "Delete all data from NVRAM after flashing". DO NOT use backups!

- kernel: cdc_ncm: Implement the 32-bit version of NCM Transfer Block; Fix the build warning; Add skb_put_zero() to include/linux/skbuff.h
- SDK6: add/update missing dpsta/proxy things; Hint: We (will) need it<69> (also for possible future updates) 
- SDK6: update wifi driver (for single and dual-core) to 6.37.14.126 (r561982)
- SDK7: repair merge with arm-master branch after SDK6 driver update, to solve client connection problems with sdk7 routers
- add wsdd2. wsdd2 is a small daemon that can service WSD/LLMNR queries. It allows the router to be visible in Windows's Network list without requiring SMB1 support
- openssl-1.1: update to 1.1.1g
- miniupnpd: update to 2.1.20200329
- adminer: update to 4.7.6
- dnsmasq: update to 2.81
- tor: update to 0.4.2.7
- nano: update to 4.9
- libcurl: update to 7.69.1
- nginx: update to 1.17.10
- nano: update to 4.9.2
- libyaml: update to 0.2.3
- iperf: update to 3.7
- openvpn: update to 2.4.9
- libncurses: update to 6.2
- libjson-c: update to 0.14 (2020.04.19); due to autoconf support removed for CMake, Makefile recipes have been updated
- dropbear: update to 90cfbe1 (2020.03.27) snapshot
- dnsmasq: remove 19036 trust anchor, now expired
- miniupnpd: revert previous upstream changes that prevented the use of a private IP on the WAN interface
- libcurl: smtp: set auth correctly
- adblock: switch URL for Windows 10 blacklist
- adblock: a few changes so that it doesn<73>t start simultaneously; correction in the blacklist address
- Revert "busybox: wget: openssl11: fix ssl when built with OpenSSL-1.1.x" No more needed - we have symlink to openssl11 now
- Allow a custom autorefresh status script for each wan and output its HTML in the overview page for USB targets
- Add xterm-256color terminal This solves a problem with message <20>Error opening terminal: xterm-256color<6F> when user tries to run nano on some platforms
- dropbear: disable 3DES and CBC
- dropbear: Fix CBC_MODE can't be fully disabled
- MDU: update for Cloudflare DDNS, fixes #30
- Use strip instead of gcc to determine toolchain path to allow using ccache
- GUI: Administration: BWM/IPT: fix html (inability to backup stats)
- GUI: Admin Access: restart sshd if password is changed (otherwise, the old will be used until reboot)
- GUI: Admin: JFFS: add more info about possible errors, fix minor html problems
- GUI: Tools: IPerf: two modifications move initialization to earlyInit() to avoid flickering when loading the page enable background images for 'Start/Stop test' button 
- GUI: OpenVPN Client: also 'Policy Routing (strict)' should be impossible to select if interface is TAP
- build: apcupsd: omit check for shutdown file; needed if compiled with ccache
- build: add JFFS support on BRCM Nand Flash Partition
- build: enable JFFS Support on BRCM Nand Flash Partition for target n18e, n18z, ac68e, ac68z (RT-N18U, RT-AC56U, RT-AC68U, RT-AC68R, RT-AC68P, RT-AC66U_B1, RT-AC1900P)
- build: enable JFFS Support on BRCM Nand Flash Partition for target ac3200e, ac3200z, ac3200-128e, ac3200-128z (RT-AC3200 VPN/AIO 64K/128K)
- build: enable JFFS support on BRCM Nand Flash Partition for target r8000e and r8000z (Netgear R8000 VPN/AIO)
- Makefile: one file/image for all RT-AC68U versions (A1,A2,B1,B2,C1,E1)/R/P
- Makefile: add option -fno-delete-null-pointer-checks
- router: Makefile: openssl/openssl-1.1: fix typo in recipe
- router: Makefile: avoid building libcurl more than once
- router: Makefile: avoid building nettle (and gmp) if not needed
- router: Makefile: tune to work on Debian 10.x as a host
- router: Makefile: add -fPIC where needed also as CFLAGS
- router: httpd: bwm.c: extend allowed IPT backup size
- router: httpd: openvpn.c: generating a CSR request does not require the -days parameter
- router: others: tomatoanon: change URL for version checker to freshtomato.org; cosmetics
- router: rc: init.c - enable or disable jumbo_frame and set jumbo frame size for ARM branch
- router: rc: init.c - remove start_nas()/stop_nas() (already done at start_services()/stop_services())
- router: rc: jffs2.c: fix the error appearing after proper jffs formatting
- router: rc: network.c: do not unload (reload) wifi driver for some older routers (Linksys EA6200 / EA6350v1 and Netgear R6250)
- router: shared: misc.c: add function nvram_set_int()
- router: shared: shutils.c: fix for function get_pid_by_name (add missing closedir)
- router: shared: shutils.c: fix for function nvifname_to_osifname (check pointer first<73>)
- router: www: vpn-pptp.asp: fix typo (in commit 5452cea) causing JS error; fixes #24
- WL: update wireless driver for SDK7 to GPL 382.51939
- EA6200: small addendum/correction for new wl driver


2020.2          2020.03.20
--------------------------

Note: Because of changes in GUI it is recommended to clear the browser cache, or use Ctrl+F5

- Add Asus RT-AC68U B2 support (almost the same like AC1900P) 
- kernel: tcp: avoid infinite loop in tcp_splice_read() Splicing from TCP socket is vulnerable when a packet with URG flag is received and stored into receive queue
- kernel: net: don't call strlen() on the user buffer in packet_bind_spkt() KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of uninitialized memory in packet_bind_spkt()
- kernel: netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently IPv6 conntrack marked invalid packets as INVALID and let the user drop those by an explicit rule, while IPv4 conntrack dropped such packets itself
- kernel: netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
- kernel: ipv6: do not increment mac header when it's unset Otherwise we'll overflow the integer. This occurs when layer 3 tunneled packets are handed off to the IPv6 layer
- kernel: ipv6: Allow IPv4-mapped address as next-hop Made kernel accept IPv6 routes with IPv4-mapped address as next-hop
- gmp: update to 6.2.0
- nginx: update to 1.17.9
- php: update to 7.2.28
- spawn-fcgi: update to 3c1b01c (2019.08.25) snapshot; clean sources, add patch instead, cosmetic in router/Makefile
- sqlite: update to 3.31.1
- libcurl: update to 7.69.0
- dnsmasq: update to 2.81rc3
- libexif: update to 54b6f7f (2020.02.29) snapshot
- nano: update to 4.8
- pcre: update to 8.44
- tor: update to 0.4.2.6
- getdns/stubby: update to 1.6.0/0.3.0
- pppd: fixes from upstream (pppd: Fix bounds check in EAP code; pppd: Ignore received EAP messages when not doing EAP)
- libcurl: update CA certificate bundle as of 2020-01-01
- GUI: TOR: add an option to resolve only .onion/.exit domains without having to configure anything else
- GUI: Fix Issue #15 to allow configuring remote access in router mode
- GUI: Admin Access: fix info about default web username
- GUI: Admin Access: delete the unnecessary http_root variable (Allow web login as "root") - now the username is 'root' if it's not entered, no need to check/uncheck something
- GUI: overview: fix the order of the enable/disable wifi buttons for routers with three radios
- GUI: overview: fix issue when warning about unsecured wifi appears, even if this radio is temporarily disabled by <20>Disable<6C> button on this page
- GUI: Admin Access: do not restart sshd if there are no configuration changes
- GUI: Basic Network: fix the order in which the wifi interfaces are selected when setting Wireless Client Mode bug similar to that on the Overview page fd06410
- GUI: clean-up; the first step to sorting out this mess
- GUI: add AdvancedTomato-like themes: red, blue, green and dark
- GUI: nas-samba.asp - add option to enable/disable GRO (Default Off <20>> like before)
- GUI: OpenVPN client: extend <20>To Domain<69> field to 50 chars
- GUI: support showing status of hilink modem reachable from any WAN
- router: Makefile: clean-up; remove unused scsi-idle package from the tree
- router: Makefile: fix some configure/compiler warnings, clean-up
- router: Makefile: there is no libyaml to install
- router: Makefile: remove FULL_OPENSSL var
- router: Makefile: always build and install zlib
- router: Makefile: samba3: build with libiconv if available
- router: Makefile: transmission: fix compiler warnings (partially); don<6F>t build utils/cli; clean-up recipe
- router: Makefile: add symlink to openssl
- router: httpd: misc.c: change memory format specifiers to unsigned integer, fixes #9 (there was an overflow in displaying memory sizes above 2GB)
- router: mdu: Makefile: build openssl11 with pthread
- router: others: secure adblock with lock file; cosmetic in Makefile
- router: others: mymotd: fix <20>bad number<65> bug when wanX is disabled
- router: rc: services.c: add warning to syslog when dnsmasq is skipped because of WEB mode enabled
- router: rc: init.c - adjust et and wl thresh value after reset (for wifi-driver and et_linux.c)
- router: rc: init.c - init variable restore_defaults to 0 and also use it to reset/adjust beamforming parameter
- router: rc: network.c - rework start and stop of emf/lan/wl - fix/correct start and stop of EMF (stop failed almost every time and also router stuck/hung sometimes at reboot via GUI!) - make EMF multi-lan aware - give feedback about start and stop EMF - rework basic start and stop of start_lan / start_lan_wl / start_wl / start_wireless
- router: rc: usb.c - improve/extend detection to activate the USB LED for Router with only one USB LED
- router: rc: network.c - bring down loopback interface if we stop lan (and some cosmetic) 
- router: rc: init.c - remove start_nas()/stop_nas() (already done at start_services()/stop_services()) 
- router: rc: blink_br.c - exit / stop blink_br for router with more than one LAN LED (we do not need blink_br in that case <20>> save memory/cpu load)
- router: rc: init.c - reboot automatically when the kernel panics and set waiting time (3 sec now)
- router: rc: init.c - set overcommit_memory and overcommit_ratio
- router: rc: network.c - unload/load wifi driver only with start_lan() and stop_lan()
- router: rc: network.c - make sure to validate/restore all per wl-interface related variables for sdk7
- router: rc: init.c - load wifi driver for sdk7 at sysinit Hint: sdk7 seems to be a special case
- router: rc: services.c: simplify if statement
- router: www: vpn-tinc.asp: fix some bugs, add link to the tutorial, clean-up
- router: www: status-overview.asp: add missing 10Mb port icons, add set of half-duplex icons, code optimization/reduce size, clean-up
- RT-AC3200: improve/change LED table if router is in WiFi bridge mode
- Huawei WS880: disable wifi blink by default for WS880, causing problems (This is a workaround for now!)
- Huawei WS880: change LED table


2020.1          2020.01.20
--------------------------

- openssl: update to 1.0.2u
- nano: update to 4.7
- tinc: update to de7d5a0 (2019.07.17) snapshot
- dnsmasq: update to ab53883 (2020.01.11) snapshot
- e2fsprogs: update to 1.45.5
- libcurl: update to 7.68.0
- openssl-1.1: move folder to openssl-1.1
- openssl11: Enable OpenSSL 1.1.1 in router/Makefile
- openssl11: add patch
- openssl11: tor: enable OpenSSL 1.1.x support
- openssl11: OpenVPN: enable OpenSSL 1.1.x support
- openssl11: getdns/stubby: enable OpenSSL 1.1.x support
- openssl11: vsftpd: enable OpenSSL 1.1.x support
- openssl11: enable OpenSSL 1.1.x for libcurl, mdu (if built with libcurl), transmission
- openssl11: tinc: enable OpenSSL 1.1.x support
- openssl11: nginx: enable OpenSSL 1.1.x support
- openssl11: mysql: enable OpenSSL 1.1.x support
- openssl11: enable OpenSSL 1.1.1 for httpd, mssl, mdu (if built with mssl)
- openssl11: dnsmasq: add openssl backend for DNSSEC 
- openssl11: Add OPENSSL_PREFER_CHACHA_OVER_GCM option
- openssl11: priorize CHACHA over GCM for models with no AES acceleration
- openssl11: don<6F>t build test and fuzz to shorten build time
- openssl11: enable OpenSSL 1.1.x on all targets
- GUI: FTP Server Configuration: add usage notes
- GUI: advanced-vlan.asp - make it possible to create a VLAN with all ports (including tag on!)
- GUI: Static DHCP/ARP/IPT: also restart dnsmasq when saving
- GUI: Advanced: DHCP / DNS Server (LAN): change the <20>DHCPC Options<6E> format to a 256 character textarea
- vsftpd: clean 3.0.3 sources, add patch instead
- mdu: fix some bugs (again)
- stubby: add syslog support
- pppd: restore the use of libcrypt to support DES instead of OpenSSL (commit #5c08f06 introduced an upstream change: 'Use openssl for DES instead of libcrypt / glibc', with no choice of libcrypt (only libdes and OpenSSL). It requires OpenSSL 1.0.2 and prevents compilation with OpenSSL 1.1. This commit fixes it))
- pppd: fixes from upstream (pppd.h: Add missing headers; pppd: Don't free static string; pppd: Limit memory accessed by string formats with max length specified; pppd: Make sure word read from options file is null-terminated; pppd: Avoid use of strnlen (and strlen) in vslprintf)
- miniupnpd: get rid of OpenSSL dependencies in miniupnpd
- vpnrouting: fix the extraction of foreign options from the OpenVPN server, add a warning if the option is enabled but nothing was received from the server, change firewall restart - move to the very end
- busybox: wget: openssl11: fix ssl when built with OpenSSL-1.1.x
- NFS: allow selection of protocol version; optimization and clean-up; move code from nfs.rc script to nfs.c
- router: Makefile: correct/adjust/fix emf & igs targets 
- router: wlconf: use src files / compile from sources
- router: shared: defaults.c: align type1 nvram settings to Asus SRC
- router: shared: defaults: add nvram acs variables (align to Asus SRC)
- router: shared: defaults: add limit for association retries (align to Asus SRC)
- Asus RT-AC1900P: fix detection
- RT-AC68U: extend stealth mode (add / turn off Asus Logo LED also)


2019.4          2019.12.29
--------------------------

- Add AC1900P Router Support (thanks Don Bushway aka snowman58)
- openssl11: add OpenSSL 1.1.1d to the tree
- dnsmasq: update to 7d04e17 (2019.12.12) snapshot
- pptpd: update poptop to 3b7a80c (2019.10.14) snapshot
- ebtables: up version to 2.0.11
- libusb: fixes from upstream
- tor: update to 0.4.2.5
- nano: update to 4.6
- php: update to 7.2.26
- libjson-c: update to d6b968d (2019.12.13) snapshot
- libexif: update to da025b3 (2019.12.13) snapshot
- libubox: update to 07413cc (2019.11.24) snapshot
- usb-modeswitch: update to 2.6.0
- usb_modeswitch: update data package to 20191128
- pppd: fixes/updates from upstream
- adminer: update to 4.7.5
- openssl11: add build recipes
- busybox: enable TAC command 
- busybox: enable support for lspci. Enable lsusb, CONFIG_FEATURE_WGET_STATUSBAR, and CONFIG_FEATURE_VERBOSE_USAGE in config_base instead of Makefile
- build: update libfoo.pl for OpenSSL 1.1.x
- GUI: PPTP Client Configuration: fix problems with <20>Start/Stop Now<6F> button
- GUI: OpenVPN Client: cosmetic as suggested by @rs232: https://www.linksysinfo.org/index.php?threads/fork-freshtomato-arm-development-thread.74117/post-309967
- GUI: add Model Name to the header
- TTBv2 - add local storage and custom URL support
- NFS: fix connection problems: "nfsd: unable to resolve ANYADDR:nfs: Servname not supported for ai_socktype"; (fixes issue #3)
- VPN PPTP Client: changes and improvements - tested on 2 ARM routers as client and server, working (both: lan and internet access)
- VPN PPTP: changes and improvements (part 2) - tested on Android and MIPS/ARM routers in different configurations, working (both: lan access and internet)
- mdu: use libcurl if available for DDNS
- mdu: Add dns.he.net DDNS support
- mdu: fixes and improvements
- nvram utility: fix unwanted new line in output when variable in nvram is set but empty (fixes problems with e.g: <20>nvram get VAR | wc -l<>)
- pppd: merge patches 109-fixes-from-upstream and 110-various-fixes-for-errors-found-by-coverity-static-analysis with the sources
- Makefile: clearly identify the AC68U (C1 E1) model in the image name
- patches: portmap: fix patch
- patches: ebtables: fix patch
- httpd: gencert.sh: add emailAddress attribute to generated certificate
- httpd: gencert.sh: use openssl11 when available for certificate generation; replace deprecated genrsa command with genpkey 
- router: Makefile: openssl: openssl11: tweak build recipes; removed unused ciphers
- router: Makefile: do not add /rom/etc/vpn to image
- router: mdu: fix missing User-Agent curl header
- router: accel-pptp: fix some warnings from code analyzer
- router: others: sysinfo: add -p switch to netstat (thanks @tvlz)
- router: rc: mdu: mdu.c: cosmetic, stay as close as possible to MIPS version
- router: rc: pptpd.c: add interface ppp1* to dnsmasq config (only for DNS); (fix for: PPTP Client Android 9 cellphone/smartphone can now successfully connect and use the tunnel)
- router: rc: pptpd.c: add interfaces vlan* and eth* to dnsmasq config (only for DNS); (fix for: PPTP Client Android 9 cellphone/smartphone can now successfully connect and can access local lan / samba / et cetera)
- router: rc: pptp_client.c: fix the inability to enable pptp when <20>Start with WAN<41> is unchecked
- router: rc: services.c: c: Add WPAD DHCP option for Win7/8 by default if dhcpd_auth >=0 is fixed in nvram
- router: rc: usb.c: set USB LED(s) after saving settings (case web admin)
- router: utils: use src files / compile from src
- router: www: vpn-pptp.asp: fix annoying bug that clicking <20>Start Now<6F> causing pop-up window with warning <20>Unsaved changes will be lost. Continue anyway?"
- router: www: tomato.js: cosmetic (thanks @tvlz)
- router: www: tools-survey.asp: cosmetic (thanks @tvlz)
- Revert <20>nocat: Attempts to make Captive Portal work<72>
- DIR868L: add libutil to all builds, including the special build for DIR868L Router A1/B1/C1 (PPPoE working again)


2019.3          2019.11.23
--------------------------

- SDK6 update (as new branch: arm-ng): Add support for C0 CPU (based on the work of Don Bushway aka snowman58)
- Add Netgear R6400v2 support
- Add Netgear R6700v3 support (same like R6400v2)
- Add Asus RT-AC66U B1 / RT-AC68U (C1/E1) support
- kernel (all): drivers: net: usb: usbnet: sanity checking of packet sizes and device mtu
- kernel (all): drivers: net: usb: cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize 
- kernel (all): drivers: net: usb: usbnet: ignore endpoints with invalid wMaxPacketSize
- kernel (all): drivers: net: usb: cdc_ncm: handle incomplete transfer of MTU
- kernel (all): drivers: net: usb: fixes/additions from upstream (cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size(); qmi_wwan: add support for Cinterion CLS8 devices; qmi_wwan: add Telit 0x1050 composition; qmi_wwan: add support for DW5821e with eSIM support; qmi_wwan: add support for Foxconn T77W968 LTE modules)
- miniupnpd: update to 2.1.20191006
- dnsmasq: update to 936bd82 snapshot
- sqlite: update to 3.30.1
- e2fsprogs: update to 1.45.4
- nano: update to 4.5
- php: update to 7.2.24
- xl2tpd: update to 1.3.15
- libogg: update to 1.3.4
- openvpn: update to 2.4.8
- libxml2: update to 2.9.10
- libcurl: update to 7.67.0
- flac: update to 1.3.3
- libcurl: Updated CA certificate bundle as of 2019-10-16
- WL: update wireless driver for SDK7 to GPL 382.51640
- GUI: OpenVPN server: extend Username field to 25 chars
- GUI: Report CFE version on status-overview.asp page
- GUI: rename <20>Enable SYN cookies<65> to <20>Enable TCP SYN cookies<65>
- GUI: reading webmon logs from end to beginning to repair display
- GUI: Hide references to TOR on advanced-dhcpdns.asp if image was built without it
- TTB: fix memory leak, when WAN or tomatothemebase.eu is down (bug present from the very beginning)
- Modified prompt of nvram utility
- hiding nvram size summary when displaying mymotd
- RTCONFIG_FANCTRL not defined or used, TCONFIG_FANCTRL is used
- Makefile: we need to distinguish arm-ng images with names in relation to the arm-master
- router: httpd: misc.c: tune-up function get_cfeversion()
- router: httpd/shared: remove unused variable <20>trunk_vlan_so<73>
- router: others: mymotd: fix typo in #0f5379b
- router: others: wwansignal: simplify checkPid(), cause we have only low priority process here
- router: rc: firewall.c: fix compiler warning
- router: rc: nginx.c: clean-up, code optimization - size reduced by almost 4kB
- router: rc: openvpn.c: fix typo causing wrong netmask to be added to the nat for bridges 2 - 4
- router: rc: openvpn.c: clean-up, code optimization - size reduced by almost 4kB
- router: rc: services.c: make reading stubby version more secure
- router: rc: services.c: clean-up, code optimization - size reduced by almost 3kB
- router: rc/shared: fix compiler warnings
- router: shared: id.c: do call check_hw_type() only once (only cosmetic / optimization <20>> save cpu work/load) 
- router: www: about.asp: add BT donation address to the page + cosmetics
- router: www: status-overview.asp: fix CPU temperature refreshing
- Tenda AC15: correct/fix detection, caused by (earlier) commit
- Tenda AC15: rely on tenda cfe default / init parameter (for each router)
- Tenda AC18: use variable 1:boardnum=AC18_5G to determine Tenda AC18 (and add some more infos)
- Tenda AC18: rely on tenda cfe default / init parameter (for each router)
- R6400v2 / R6700v3: align extra default parameter for Wifi modules to values from dd wrt
- Revert include/ctf files from commit c943223. Causing boot loop
- Updated bcmrobo.c and bcmdevs.h to fix R6400v2 WAN LED not working
- Updated led.c to work with updated bcmrobo.c
- Update bcmrobo to support R7000, R6400v2 and update led.c . WAN led support now in bcmrobo
- EA6200 / EA6350v1: rely on linksys cfe default / init parameter (for each router)
- Update bcmrobo to support R8000. Switch not being properly initialized for WAN led. Update led.c to fix WAN led color from amber to white
- AC66U_B1 being identified as a U68 C1 rearranged checks
- RT-AC66U B1: change/fix LED table (not the same like RT-AC68U)
- RT-AC66U B1: clean-up button setup and remove wifi button


2019.3.220-beta - 2019.09.29
----------------------------

Recommendations:
- clear your NVRAM after upgrade! (Erase all data in NVRAM memory (thorough))

- Add Cisco Linksys EA6350v1 support
- Add Tenda AC18 support
- Add Cisco Linksys EA6200 support
- kernel: tcp: refine memory limit test in tcp_fragment()
- kernel: support Huawei CDC NCM driver (backported from newer kernels)
- kernel: drivers: net: usb: fixes/additions from the upstream
- nettle: update to 3.5.1
- uqmi: update to 2019.06.27 (1965c71) snapshot
- sqlite: update to 3.29.0
- php: update to 7.2.22
- nfs-utils: update to 1.3.4
- e2fsprogs: update to 1.45.3
- ffmpeg: update to 0.6.7
- nginx: update to 1.16.1
- nano: update to 4.4
- tor: update to 0.4.1.5
- miniupnpd: update to 2.1.20190902
- dnsmasq: update to 2.80-e24abf2 snapshot
- openssl: update to 1.0.2t
- tor: update to 0.4.1.6
- Updated adminer from 4.7.2 to 4.7.3 2019-08-27
- portmap: clean-sources 6.0, add patch instead
- libxml2: update to 2.9.9 + libs optimization
- libpng: update to 1.2.59 + libs optimization
- libubox: update to 2019.06.16 (ecf5617) snapshot
- libjson-c: update to 2019.06.09 (07ea04e) snaphot
- libexif: update to 2019.06.15 (a0c04d9) snaphot
- libiconv: update to 1.16 + libs optimization
- libnfnetlink: update to 2018.05.11 (5087de4) snapshot
- libmnl: update to 2019.05.06 (5937dfc) snaphot
- libevent: update to 2.1.11-stable + libs optimization
- libcurl: update to 7.66.0 + libs optimization
- libusb: update to 1.0.23
- libcurl: Updated CA certificate bundle as of 2019-08-28
- pcre: reduce size
- lzo: set optimize flag also for CPP
- ebtables: build ipv6 extension only if needed
- Move disabling of rp_filter from mwan to firewall and make it multiwan aware
- Test and fix wwansignal with all possible modes of Huawei E8372
- Fix race condition starting wireless WAN causing route addition failure.
- Add Cloudflare DDNS support
- Fix undefined function reference in wwan_parser.js
- Revert "libcurl: disable proxy and libcurl output options"
- httpd: gencert.sh: add "TLS Web Server Authentication" to certificate's extended attributes
- httpd: limit SSL certificate to 2 years if clock is accurate
- OpenVPN: add Strict Mode to client's Routing Policy
- Make solving domain .onion using Tor optional
- GUI: admin-buttons.asp - add option to turn on/off blink for WiFi LEDs (and some cosmetic)
- GUI: advanced-wireless.asp - add Turbo QAM option (Default: On --> like before/no change)
- GUI: advanced-wireless.asp - add options for TX Beamforming (align to Asus SRC)
- GUI: advanced-wireless.asp - add option Air Time Fairness (remove restriction only for R7000 / R8000)
- GUI: fix/add conditional OpenVPN client restart, if the entry was removed from Routing Policy table only by clicking the "x" sign
- router: Makefile: cosmetics in libmnl recipe
- router: Makefile: fix/tune OpenVPN recipe
- router: wanuptime: fix compiler warnings
- router: others: -clean-up and remove obsolete (mips) stealthMode script completely from ARM branch
- router: others: mymotd: remove unused stealthmode support + cosmetics
- router: shared: led.c add function set_gpio() and replace system calls (and also at rc: inti.c)
- router: rc: init.c - remove blink_wl for R8000 because it is now turned on by default (sync with sdk6)
- router: rc: / shared: clean-up and remove MIPS hardware and router completely from ARM branch
- router: rc: usb.c: replace xstart() calls with set_gpio()
- switch4g: also try to reset modem in QMI mode
- RT-N18U / RT-AC56U / RT-AC68U: set boot_wait=on (default for Asus) and set wait_time=3
- R6250/R6300v2/R6400/R7000: set boot_wait=on and set wait_time=3
- DIR868L / WS880: set boot_wait=on and set wait_time=3
- R1D / EA6400 / EA6700 / EA6900 / WZR-1750DHP: set boot_wait=on and set wait_time=3 (10 for R1D)
- R7000: setup/init Wifi modules with extra default parameter - split up Netgear R Series Router to init WiFi modules parameter (not the same for all models...) - clean up, remove 5 GHz WiFi parameter from 2,4 GHz init/setup - clean up, remove 2,4 GHz WiFi parameter from 5 GHz init/setup - align to dd wrt default values
- R7000: fix overlapping MAC addresses with more than one VIF per WiFi module
- R6400 / R6300v2 / R6250: fix overlapping MAC addresses with more than one VIF per WiFi module
- RT-N18U / RT-AC56U / RT-AC68U: fix identical MAC addresses for LAN and WiFi module
- Tenda A15 / AC18: assign unique MAC addresses for WAN, LAN and WiFi modules
- DIR868L / WS880: assign unique MAC addresses for WAN, LAN and WiFi modules
- Xiaomi MiWiFi R1D: fix overlapping MAC addresses with more than one VIF per WiFi module
- Buffalo WZR-1750DHP: assign unique MAC addresses for WAN, LAN and WiFi modules
- R6300v2: setup/init Wifi modules with extra default parameter - split up Netgear R Series Router to init WiFi modules parameter (not the same for all models...) - clean up, remove 5 GHz WiFi parameter from 2,4 GHz init/setup - clean up, remove 2,4 GHz WiFi parameter from 5 GHz init/setup - align to dd wrt default values
- RT-AC56U: small change for init of Wifi modules (align to values of dd wrt and some cosmetic/alignment to other tomato router)
- RT-N18U / RT-AC68U: small change for init of Wifi modules (align to other tomato router)
- R6400: setup/init Wifi modules with extra default parameter - split up Netgear R Series Router to init WiFi modules parameter (not the same for all models...) - clean up, remove 5 GHz WiFi parameter from 2,4 GHz init/setup - clean up, remove 2,4 GHz WiFi parameter from 5 GHz init/setup - align to dd wrt default values
- R6250: setup/init Wifi modules with extra default parameter - split up Netgear R Series Router to init WiFi modules parameter (not the same for all models... Last one! :-) ) - clean up, remove 5 GHz WiFi parameter from 2,4 GHz init/setup - clean up, remove 2,4 GHz WiFi parameter from 5 GHz init/setup - align to dd wrt default values
- RT-N18U: make sure to enable gpio 13 for WiFi IC after re-/boot (only for safety)
- EA6200: extend/fix support - show correct name at GUI - load correct cfe default parameter/config (fix for initial support)
- DIR868L rev C1: improve support - load correct cfe default parameter for rev C1 (not the same like for rev A1/B1) - small change for init of Wifi modules (align to other tomato router)
- RT-AC56U: extend LED table (add missing 2.4 GHz WLAN Led finally!)
- EA6200 / EA6350v1: rebranding - boxes/units are shipped with "AC1200 Linksys EA6350v1" and "AC900 Linksys EA6200" (remove Cisco, only Linksys)
- RT-N18U: modify/adjust 2,4 GHz WiFi setup/init parameter (align to Asus 384)
- Xiaomi R1D: automatic fanctrl rework
- RT-AC3200 / R8000: set boot_wait=on and set wait_time=3
- RT-AC3200: fix identical MAC addresses for LAN and 2,4 GHz WiFi module (eth2)
- R8000: fix overlapping MAC addresses with more than one VIF per WiFi module


2019.3.118-beta - 2019.07.06
----------------------------

Recommendations:
- clear your NVRAM after upgrade!
- users using OpenVPN client: check your settings!
- GUI problems: use Ctrl+F5 and/or clean your browser cache.

- openssl: update to 1.0.2s
- nano: update to 4.3
- sqlite: update to 3.28.0
- miniupnpd: update to 2.1.20190630
- php: update to 7.2.19
- tor: update to 0.4.0.5
- nginx: update to 1.16.0 - Stable Branch
- pcre: update to 8.43
- xl2tpd: update to v1.3.14les
- libcurl: update to 7.65.1
- libcurl: update CA certificate bundle as of 2019-05-15
- e2fsprogs: update to 1.45.2
- ebtables: update to 2019.06.28 snapshot
- pppd: various fixes for errors found by coverity static analysis
- patches: update patch for xl2tpd + cosmetics
- patches: cosmetics in php patch
- patches: ebtables: build ipv6 extension only if needed
- patches: fixes in pppd patches
- kernel: XZ: fix incorrect XZ_BUF_ERROR
- kernel: Backport ida_simple_* kernel functions
- kernel: improve sack handling and resource usage
- kernel: xfrm: Return error on unknown encap_type in init_state
- kernel: netfilter: ebtables: Revert "fix wrong name length while copying to user-space" (it breaks ebtables totally...)
- kernel: update netfilter_bridge headers
- kernel sdk7: XZ: fix incorrect XZ_BUF_ERROR
- kernel sdk7: Backport ida_simple_* kernel functions
- kernel sdk7: improve sack handling and resource usage
- kernel sdk7: update netfilter_bridge headers
- kernel sdk7: fix for CVE-2011-0726
- switch4g: Fix 4g wan restart causing wrong restart of wan1 due to dhcpc-event bound event behavior and missing wanX_iface nvram var
- switch4g: cosmetics and fix minor display bug
- wwansignal: fix problems with signal level and LAC value on some modems (ie. Huawei E8372)
- watchdog/redial: Fix race condition between ppp watchdog and redial (for keepalive mode)
- MultiWAN: Add routes for all LAN bridges when creating multiwan routing tables
- MultiWAN: Improve code layout, merge if branches
- MultiWAN: Disable rp_filter on multiwan routing add to allow policy-based routing to work
- MultiWAN: Implement MultiWAN Up script (WAN number passed as $1) that runs regardless of which one is considered the "primary" one
- IPv6: fix IPv6 6to4 tunnel (if remote host was on 6to4, the packets were dropped because of wrong routing and tunnel settings; this fixes issue #51; Reference: http://tomatousb.org/forum/t-461151/6to4-tunnel-in-tomatousb-is-done-wrong)
- IPv4: ip_input.c / ip_output.c - sync sdk7 with sdk6
- OpenVPN: fix generating an openvpn client configuration on server with TLS authorization [2]
- OpenVPN: key generation: add also "key-direction" in the second case
- OpenVPN: use of the OpenVPN scripting engine
- OpenVPN: rename files and functions from vpn to ovpn/openvpn for better consistency
- OpenVPN: configurable inbound allow/drop firewall policy for clients
- OpenVPN: fix the visibility of the Routing Policy table and when the rules are to be applied
- OpenVPN: "Manage Client-Specific Options" Fix bug when more than one subnet per client is defined in ccd (only the last one was stored in ccd)
- OpenVPN: Client: also run up/down script for Static Key auth
- OpenVPN: Client: move back firewall rules to vpn.c script
- OpenVPN: Client: split updown script
- OpenVPN: Client: simplify use of Routing Policy (remove route-nopull and route-noexec options, add in "Redirect Internet traffic" option "Routing Policy" instead, remove unused variables from NVRAM, fix links to OpenVPN howtos)
- OpenVPN: Client/Server: add tls-crypt as an option - encrypt and authenticate all control channel packets with the key
- OpenVPN: Routing Policy: copy routes from the main table to the alternate routing table
- OpenVPN: some improvements: updown-client.sh: remove unneeded dnsmasq restart, vpnrouting.sh: add a FW restart instead of a simple local script call - when kill switch will be ready, it can be change back
- OpenVPN: Fix password validation to actually accept 70 characters
- OpenVPN: Integrate OpenVPN 2.4.7 Tunnelblick XOR patch (allows using obfuscated servers)
- OpenVPN: Adjust OpenVPN policy routing priority to come before multiwan rules
- OpenVPN: Fix OpenVPN policy based routing in case of using route-nopull or no pushed routes
- OpenVPN: When OpenVPN inbound firewall is enabled, adjust fw rules to allow reply packets
- OpenVPN: move loading of the policy routing modules (hash:ip) to openvpn.c script
- GUI: fix removal of the WWAN SMS
- GUI: fix undefined Modem Type on "WWAN Modem Status" (also lack of link to view WWAN SMS) when modem on different wan than the first one
- GUI: OpenVPN Client: extend password field to 70 characters
- GUI: add "Wifi Security Disabled" warning on Status Overview page
- GUI: advanced-dhcpdns.asp - add DHCP IPv6 lease time option
- GUI: advanced-firewall.asp - add IGMP proxy option quickleave
- GUI: advanced-firewall.asp - Add note for hidden IGMP proxy settings
- GUI: admin-buttons.asp - add/show Startup LED
- GUI: admin-buttons.asp - remove brau mask (not needed/used at ARM branch)
- GUI: status-overview.asp - extend Ethernet Ports State - distinguish all possible speed modes (1000 FD/HD, 100 FD/HD, 10 FD/HD and Auto
- www: vpn-server.asp: cosmetics
- www: basic-ipv6.asp: cosmetics
- www: vpn-client.asp: fix missing </div>
- www: basic-time.asp: fix javascript error
- router: clean-up of unused files and variables
- router: Makefile: save space in NVRAM for routers with 32k NVRAM
- router: Makefile: cosmetics
- router: Makefile: fix logic in applying/unapplaying the patches
- router: Makefile: remove the patches in reverse order
- router: Makefile: clean-up and simplify libcurl recipe
- router: Makefile: php: remove deprecated option - --without-mcrypt
- router: Makefile: libcurl: fix build break
- router: Makefile: dnsmasq: skip gost validation with nettle, it's not supported anyway
- router: config: config.in: cosmetics
- router: ebtables: restore original #include in ebt_ip.c
- router: shared: led.c: remove not needed comments
- router: shared: led.c: cosmectic for function do_led() - add some comments - prepare for non GPIO LEDs
- router: shared: led.c: remove/clean-up MIPS Router at function do_led() (--> not needed at ARM branch) and make LED table much smaller (--> save space/memory)
- router: shared: led.c: do call get_model() only once (only cosmetic / optimization)
- router: shared: led.c: extend LED table and make it possible to turn on/off bridge LEDs for most Router (R6400, R7000, RT-AC68U, EA6400, EA6500v2, EA6700, EA6900, AC15)
- router: shared: led.c: adjust LED table LED_AOSS (used for Power LED, active LOW) for Asus Router RT-AC3200
- router: shared: led.c: adjust LED table LED_AOSS (used for Power LED, active LOW) for Asus Router RT-N18U, RT-AC56U, RT-AC68U
- router: shared: led.c: add conditional compilation and some cosmetic
- router: shared: led.c: avoid compiler warning because of unused variable wzr1750
- router: shared: defaults.c: cosmetics
- router: shared: shared.h: remove not used define LED_BLINK (and cosmetic)
- router: rc: optimizing code, cosmetics - (mainly for openvpn part; based on @RMerlin - thanks!)
- router: rc/shared: led.c: corrections for sdk7 - add case for second 5 GHz WLAN and special case for LED AOSS
- router: rc: vpn.c: add missing closedir() in write_vpn_dnsmasq_config() function
- router: rc: vpn.c: cosmetics, clean-up
- router: rc: openvpn.c: Make firewall rules consistent in both IPv4 and IPv6
- router: rc: init.c / rc: button.c / shared: led.c - do some clean-up - use LED_ON and LED_OFF - cosmetic
- router: rc: rc.c / init.c / wan.c - remove obsolete SET_LED() and defines - clean-up
- router: rc: led.c: add/show a note if stealth mode is turned ON (and some cosmetic)
- router: rc: led.c: small optimization for led_main(), compare (full) led name only once
- router: rc: led.c: extend led cmd to react properly with blink turned on
- router: rc: led.c: extend led cmd to react properly with blink_br turned on
- router: rc: led.c: add special case for ASUS Router with FreshTomato: LED_AOSS is used for Power LED (active LOW, inverted! --> see LED table at shared/led.c )
- router: rc: button.c: do some clean-up/cosmetic - use LED_ON and LED_OFF - call get_model() only once - add some comments
- router: rc: button.c: remove/clean-up MIPS Router (--> not needed at ARM branch) and remove brau mask (not needed/used at ARM branch)
- router: rc: button.c: turn on Power LED again (LED_AOSS) after WPS- OR WLAN- Button has been pressed
- router: rc: blink.c: remove/clean-up unused variables - some cosmetic - adjust sleep time between checks
- router: rc: blink.c: add checks for rate and threshold command line parameters
- router: rc: blink.c: prevent the start of blink for non GPIO leds and/or unknown LEDs
- router: rc: blink_br.c: do call get_model() only once (only cosmetic / optimization)
- router: others: watchdog: Cosmetics
- SDK7 dhd logging: turn off/suppress dhd debug messages
- R8000: add wifi button - reset button gpio 6 active LOW (no change) - wifi button gpio 4 active LOW (change assignment) - wps button gpio 5 active LOW (new/change)
- R8000: fix stealth mode, Power LED was still turned on
- R7000: add wifi button - reset button gpio 6 active LOW (no change) - wifi button gpio 5 active LOW (change assignment) - wps button gpio 4 active LOW (new/change)
- R6400: add wifi button - reset button gpio 5 active LOW (no change) - wifi button gpio 4 active LOW (change assignment) - wps button gpio 3 active LOW (new/change)
- RT-AC3200: add wifi button - reset button gpio 11 active LOW (no change) - wps button gpio 7 active LOW (no change) - wifi button gpio 4 active LOW (new/cange)
- RT-AC3200: change LED table - catch up to RT-N18U / RT-AC56U / RT-AC68U LED FT behavior
- RT-AC3200: extend LED table - assign return value 254 (non GPIO) for 2.4/5.0/5.0(second) GHz WLAN LEDs - add the ability to control/set all WLAN LEDs on/off
- RT-AC3200: extend stealth mode (part 1)
- RT-AC68U: add wifi button - reset button gpio 11 active LOW (no change) - wps button gpio 7 active LOW (no change) - wifi button gpio 15 active LOW (new/change)
- RT-AC68U: extend LED table - assign return value 254 (non GPIO) for 2.4/5.0 GHz WLAN LEDs - add the ability to conrol/set both WLAN LEDs on/off
- RT-AC56U: add wifi button - reset button gpio 11 active LOW (no change) - wps button gpio 15 active LOW (no change) - wifi button gpio 7 active LOW (new/change)
- RT-N18U: add some comments for buttons (only cosmetic) - reset button gpio 7 active LOW (no change) - wps button gpio 11 active LOW (no change)
- RT-N18U: extend LED table - assign WLAN return value 254 (non GPIO)
- R6250 / R6300v2: add wifi button - reset button gpio 6 active LOW (no change) - wifi button gpio 5 active LOW (change assignment) - wps button gpio 4 active LOW (new/change)
- EA6500v2: add new/extra LED table for that router - assign GPIO pin 6 for LED_WHITE (active LOW)
- EA6500v2: add to stealth mode (extended --> Logo LED was missing)
- DIR868L: Use LED Diag (toggle green / amber) for feedback if a button is pushed (and some cosmetic)
- DIR868L: enable 5 GHz WLAN radio after full NVRAM erase
- WZR-1750DHP: add reset button and use LED_DIAG for feedback (was missing so far)
- WZR-1750DHP: add to stealth mode
- WZR-1750DHP: change LED table
- WZR-1750DHP: change LED table (Part 2) - assign GPIO 0 with color blue for LED_USB / USB LED (active HIGH)
- AC15: change LED table and button feedback - add support for 2.4 GHz LED (non GPIO) - turn on WPS LED again (LED_AOSS) after WPS- OR WLAN- Button has been pressed
- AC15: enable blink for 5 GHz Wifi
- AC15: adjust GUI Ethernet Ports State - start with LAN Port 1 now (fix for Issue #60) (LAN Port 4 ==> Show "NOSUPPORT" for the not available Port)
- README: DIR868L: add supported rev (A1/B1/C1)


2019.2 - 2019.04.20
----------------------------

- openssl: update to 1.0.2r
- SQLite: update to 3.27.2
- php: update to 7.2.17
- dnsmasq: update to 2.80-343b7b4 snapshot
- libcurl: update to 7.64.1
- nano: update to 4.0
- dropbear: update to 2019.78
- pppd: clean sources 2.4.5, add patches instead
- pppd: update to 2.4.6
- pppd: update to 2.4.7
- pppd: fixes from upstream
- miniupnpd: update to 2.1.20190408
- libyaml: update to 0.2.2
- getdns: update to 1.5.2 + upstream build error fix
- getdns: add patch to fix missing define for log_warn
- libubox: update to eeef7b5 snapshot
- patches: miniupnpd: fix naming, cosmetics
- patches: libcurl: cosmetics
- ebtables: add 2 patches (Check -C parameters correctly, Check port range correctly)
- OpenVPN: change the default order of Negotiable Ciphers
- OpenVPN: fix generating an openvpn client configuration on server with TLS authorization (enable remote-cert-tls)
- router: Makefile: build openssl with no SSLv2 and SSLv3 support
- router: Makefile: clean-up openvpn recipe
- router: Makefile: clean-up miniupnpd build recipe
- router: Makefile: build dnsmasq with HAVE_AUTH flag
- router: Makefile: fix emf install
- router: rc: misc.c: clean-up
- router: rc: usb.c: add support for Router with two USB LEDs / Ports (according to LED table at shared/led.c)
- router: rc: usb.c: change R8000 assignment for USB2/USB3 (and some cosmetic)
- router: rc: usb.c: some cosmetic at function usbled_proc(...) / align to sdk7
- router: rc: usb.c: change R7000 assignment for USB2/USB3 (only cosmetic)
- router: rc: services.c/network.c/usb.c: clean-up and cosmetics
- router: rc: services.c: add function disable_led_wanlan() to have more compact code
- router: rc: services.c: add stealth mode also for R8000 and AC3200
- router: rc: network.c - change blink behaviour / start
- router: rc: services.c: add some logging when starting/stopping services
- router: rc: services.c: change the way how "serial" and "uuid" are created in minidlna config
- router: rc: services.c: cosmetics
- router: rc: rc.h - add missing prototype declaration for function start_phy_tempsense() and stop_phy_tempsense()
- router: shared: misc.c: correct insufficient number of snprintf arguments
- router: rc: change the name of the ntpc service to ntpd + some code changes, in accordance with other start/stop functions
- router: rc: blink_br.c - small fix for the Router RT-AC56U - distinguish two cases right now: LAN Port 0-1-2-3 or 1-2-3-4
- router: rc: init.c: change back to where the start_wan() function is called
- router: rc: init.c: Reverted "Change back to where the start_wan () function is called"
- router: rc: init.c: change min_free_kbytes setting - catch up to AsusWRT / Merlin and also Netgear (case 20 MByte right now, was 14 MByte)
- router: rc: init.c: tune SMP
- router: rc: vpn.c: fix client/server start on NOSMP routers
- router: rc: vpn.c: increase interface queue length from 100 to 1000 bytes
- router: rc: clean-up (cosmetics)
- router: rc: services.c and shared: led.c: do some cleanup and cosmetic - move all functions for LEDs into led.c - rename start_led_setup() to led_setup - add function enable_led_wanlan()
- router: others: wwansignal: fix showing the 3G signal level
- router: others: switch3g/switch4g/wwansignal: some improvements/fixes
- router: www: tools-shell.asp: support of multiple lines pasted into termlib window
- router: www: status-overview.asp: a few W3C fixes
- router: www: Makefile: remove more obsolete stuff from html
- router: www: qos-graphs.asp: fix W3C again
- router: www: another W3C fixes
- router: httpd/rc: vpn.c: replace &buffer[0] (and &buffer2[0], &buf[0]) references in openvpn with straight buffer, for better readability and reduced risk of errors
- router: httpd: correct generation of HTTPS certificate
- router: httpd: wwan.c: fix compiler warning
- router: nvram: defaults.c: cosmetics - rebranding ;)
- router: pdureader: fix compiler warning
- router: utils: robocfg.c - catch up to AsusWRT / Merlin (thx) - one file for both, ARM and MIPS
- GUI: Reverted "Wireless Settings: remove obsolete settings"
- GUI: Wireless Settings: remove obsolete settings (antennas)
- GUI: PPTP Client: increase max length of "server address" to 50 chararacters
- GUI: QOS: fix JS error on View Details page, when view in given class
- GUI: QOS: fix (again) some problems on View Details page
- GUI: QOS: fix table sorting by "Protocol" on View Details page
- GUI: OpenVPN: remove support for the RC ciphers. DES is kept for now, for legacy reasons
- GUI: OpenVPN: Fix vpn-server.asp visible key fields
- GUI: fix at last Wireless Ethernet Bridge mode - just refresh (Ctrl + F5) Basic -> Network page, and click "Save"
- GUI: fix ports order caused by commit #7cb2220 + clean-up
- GUI: add support of WWAN modem signal - use a minimum of 10 seconds of refresh time for best readings on Status -> Overview page
- GUI: add support of multi WAN in modem status
- GUI: add support of SMS inbox for 4G non-hilink/3G modems
- GUI: advanced-routing.asp - add option to force IGMPv2 - cosmetic
- R6250: change LED table + LED table cleanup
- R6300v2: change LED table + LED table cleanup
- R6400: change LED table + LED table cleanup
- R7000: change LED table + LED table cleanup
- R8000: change LED table + LED table cleanup
- WS880: change LED table + LED table cleanup
- RT-N18U: change LED table + LED table cleanup
- RT-AC56U: change LED table + LED table cleanup
- RT-AC68U: change LED table + LED table cleanup
- EA6400: change LED table + LED table cleanup
- EA6700: change LED table + LED table cleanup
- EA6900: change LED table + LED table cleanup
- DIR868L: change LED table + LED table cleanup
- LEDs: stealth mode (part 1) - extend already existing stealth mode and turn off GPIO LEDs - do not start blink / blink_br with stealth mode turned on
- LEDs: stealth mode (part 2) - extend already existing stealth mode and turn off WAN & LAN Port LEDs at the ethernet connectors or front panel/case - reboot is requiered right now after enabling stealth mode! - code/stealth mode will be extended...
- R6250/R6300v2/AC15U/DIR868L: add to stealth mode
- Add support for D-Link DIR868L rev C
- WL: update wireless driver for SDK7 to GPL 382.51374
- Raise revision level to allow initial files install from stock NETGEAR
- Raise revision level to allow initial files install from stock NETGEAR (for SDK7)


2019.1 - 2019.02.27
----------------------------

- OpenVPN: update to 2.4.7
- tor: updated to 0.3.5.8
- dnsmasq: update to 2.80-28cfe36 snapshot (add back ability to compile without IPv6 support to minimize size of dnsmasq (as a patch), cosmetics in other patches, little cleanup in router/Makefile)
- miniupnpd: update to 2.1.20190210
- patches: cosmetics in miniupnpd
- SQLite: update to 3.27.1
- php: update to 7.2.15
- libcurl: update to 7.64.0
- libcurl: Updated CA certificate bundle as of 2019-01-23
- nettle: update to 3.4.1
- adminer: update from 4.7.0 to 4.7.1 2019-01-24
- getdns: update to 1.5.1 (stubby 0.2.5)
- stubby: change round_robin_upstreams to 1
- stubby: add Google DNSoTLS (ipv4/ipv6) to stubby.yml
- tinc: revert: Use git describe to populate autoconf's VERSION
- kernel: drivers: net: usb: rndis_host.c: fix init of the module
- kernel: drivers: net: usb: rndis_host: Set valid random MAC on buggy devices
- kernel: drivers: net: usb: rndis_host: support Novatel Verizon USB730L
- kernel: etherdevice: Use ether_addr_copy to copy an Ethernet address
- kernel: net: netfilter: nf_conntrack_proto_tcp.c: reduce TCP_CONNTRACK_ESTABLISHED default value to 20 minutes
- DDNS: opendns requires now HTTP 1.1 in request header
- router: httpd: fix warnings in compiler; clean-up
- router: httpd: tomato.c: additional commit for #0660a82 and #c1d1c76
- router: httpd: misc.c: cosmetics
- router: mdu: mdu.c: clean-up & simplify some if conditions
- router: mdu: fix compiler warnings
- router: mdu: remove no more needed functions/files/includes
- router: rc: fix warnings in compiler; clean-up
- router: rc: init.c: enable blink on R8000
- router: rc: network.c: include 2nd 5Ghz radio for Wifi LED status for Netgear R8000
- router: rc: network.c: tweak blink startup code for 2nd 5Ghz LED
- router: rc: network.c: turn on/off WiFi status LED according to the overall radio statuses
- router: rc: network.c: tweak conditional for blink startup on 5Ghz radio
- router: rc: network.c: clean-up
- router: rc: network.c: cosmetics
- router: rc: dhcp.c: remove unused variable
- router: rc: dhcp.c: clean-up
- router: rc: ppp.c: add missing TRACE_PT("end\n")
- router: rc: wan.c: cleanup WAN LED control
- router: rc: blink_5g.c: old blink 5g code is obsolete
- router: rc: blink_5g.c: fix popen/pclose
- router: rc: pbr.c: cosmetics
- router: rc: vpn.c: make instance run code handle more than 1 CPU core
- router: rom: etc: remove unneeded .gitignore file
- router: Makefile: add build progress indicator
- router: Makefile: mv huawei_ether to extras if needed, remove unneeded call to patch for nano
- router: Makefile: clean-up, remove unused ntpclient and ntpc
- router: Makefile: add missing pcre make
- router: Makefile: build mysql --without-docs
- router: Makefile: remove unused libsub
- router: Makefile: move udpxy build
- router: Makefile: add pptpd make part
- router: Makefile: add missing make notices
- router: Makefile: move kernel modules to proper directory
- router: Makefile: pptp-client: remove (forgotten) obsolete sh ip scripts
- router: Makefile: don't ln /usr/share to /tmp when samba3 is installed
- router: Makefile: build nginx with http v2 module
- router: Makefile: fix tor build failures
- router: shared: fix warnings in compiler
- router: shared: fix warnings in compiler; clean-up
- router: shared: misc.c: correction of the "if" condition
- router: shared: misc.c: add/fix missing fclose(...) and some cosmetic
- router: shared: misc.c: change/fix function wan_led(int mode) --> call by value
- router: shared: misc.c: fix a few typos (wrong type, pointer by mistake) at function wan_led_off(...) and check_wanup(...)
- router: shared: misc.c: add 2nd 5Ghz LED for R8000
- router: shared: misc.c: tweak behavior of WLAN/5G LEDs
- router: shared: misc.c: cosmetic / optimization
- router: shared: misc.c: fix popen/pclose
- router: shared: led.c: increase value related to gpio indexing limit scheme to cater for Netgears R8000
- router: shared: led.c: extend GPIO pin support from 0-15 to 0-31
- router: shared: led.c: clean-up; remove unused code
- router: shared: shared.h: add missing prototype declaration for function wan_led(...) and wan_led_off(...)
- router: www: basic-ddns.asp: clean-up of vars, remove unneeded js code
- router: www: vpn-client.asp: change allowed server address length to 60 characters (it's amazing that such long addresses exist ...)
- router: www: about.asp: Cosmetics
- vpnrouting: fix cleaning of routing after stopping the OpenVPN client with "Redirect through VPN" checked - not working from the very beginning (commit that adds this function, also responsible for the error: https://bitbucket.org/pedro311/freshtomato-mips/commits/4c75d36f6fb2c1da1de8d7db33e2a91714d045e8)
- switch4g: fix path for DIAG device in qmi_wwan mode
- switch4g: add support for rndis protocol
- DDNS: FreeDNS: add possibility to update IP with custom value as on other services, add https
- DDNS: HE.net IPv6 Tunnel Broker uses now Dyn DNS Update API http://dyn.com/support/developers/api/
- GUI: Wireless Settings: remove obsolete settings
- GUI: Wireless Filter: add a warning about the number of MAC addresses supported + cosmetics
- GUI: fix IPv6 mask matches
- GUI: fix generate vpn client config
- GUI: QOS: hide View Details when QOS is disabled
- GUI: OpenVPN: increase max length of client common name to 255 chararacters
- GUI: add option for OpenVPN server to force IPv4 or IPv6 for connection
- GUI: add option for OpenVPN client to choose IPv4 or IPv6 only connection
- GUI: OpenVPN ServerX & ClientX - restrict option/setting "Poll Interval" to 0-30 minutes (values > 30 are not usefull)
- Add support for Asus RT-AC3200 with 128k NVRAM - new targets: ac3200-128e and ac3200-128z, use CFE, Asus Firmware Restoration, tftp, DD-WRT fw page update, to upload the firmware to the router on Asus OFW (with already changed NVRAM size to 128k)
- R8000: change LED table
- R6400: change LED table
- R7000: change LED table
- R7000 / R6400: WLAN LED cleanup
- EA6700: enable/activate WAN LED
- WS880: WLAN LED cleanup - use blink for WLAN LED (same like for Netgear R7000)
- Improved a little bit build progress indicator


2019.1.015-beta - 2019.01.10
----------------------------

- kernel: ipv6: use ND_REACHABLE_TIME and ND_RETRANS_TIMER instead of magic number
- kernel: ipv6: drop packets when source address is multicast
- kernel: ipv6: don't accept multicast traffic with scope 0
- kernel: ipv6: don't accept node local multicast traffic from the wire
- kernel: ipv6: drop non loopback packets claiming to originate from ::1
- kernel: ipv6: ip6_forward: perform skb->pkt_type check at the beginning
- kernel: ipv6: drop frames with attached skb->sk in forwarding
- kernel: ipv4: ip_forward: perform skb->pkt_type check at the beginning
- kernel: ipv4: ip_forward: Drop frames with attached skb->sk
- kernel: net: ipv4: igmp.c: bonding: fix to rejoin multicast groups immediately
- kernel: net: ipv4: igmp.c: igmp: Reduce Unsolicited report interval to 1s when using IGMPv3
- kernel: net: ipv4: igmp.c: Make igmp group member RFC 3376 compliant
- udpxy: update to 1.0.23-12, clean sources
- udpxy: fix start with PPP connection
- udpxy: extend GUI function (advanced-firewall.asp)
- e2fsprogs: update to 1.44.5
- miniupnpd: update to git snapshot from 20181218
- miniupnpd: do not disable port forwarding when in double NAT / CGNAT
- GUI: adblock: update lists immediately, if called from the GUI
- GUI: MultiWAN Routing: increase the maximum number of digits to 80 for Port
- GUI: tinc: fix errors caused by commits #eadba155 and #9a391ecc
- GUI: basic-ipv6.asp - only small cosmetic changes/corrections
- router: shared: misc.c: make function check_wanup_time() mwan-ready; small change/adjustment to rstats & cstats to use the new function; cosmetic for rstats & cstats at function calc(): add typecast (long) to meet variable wanuptime (long)
- router: httpd: misc.c: use function check_wanup_time(char *prefix) for void asp_link_uptime(int argc, char **argv) to get the link uptime (wanX)
- router: rc: vpn.c: cosmetics - as close as possible to MIPS version
- router: rc: wan.c: cosmetics - stay as close as possible to MIPS version
- router: rc: wnas.c: cosmetics - stay as close as possible to MIPS
- router: rc: tomatoanon.c: cosmetics - stay as close as possible to MIPS version
- router: rc: tinc.c: cosmetics
- dnsmasq: fix router reboots, when connected to wifi with specific configuration (it's (theoretically) only needed in MIPS branch, but who knows)


2018.5 - 2018.12.21
----------------------------

- openssl: updated to 1.0.2q
- openssl: make proper call to openssl Configure script
- gmp: Move .gitignore to proper directory
- adminer: Updated to 4.7.0
- SQLite: Updated to 3.26.0
- xl2tpd: Updated to 1.3.13
- php: updated to 7.2.13
- nginx: updated to 1.14.2
- rp-pppoe: updated to 3.13
- miniupnpd: updated to git snapshot from 20181206
- libcurl: updated to 7.63.0
- libcurl: updated CA certificate bundle as of 2018-12-05
- comgt: clean sources of v 0.32, add patches instead
- GUI: new termlib based tools-shell.asp
- GUI: simple workaround for supporting cd in tools-shell
- router: httpd: tomato.c: fix the correct length of wanX_modem_dev variables
- router: httpd: vpn.c: use system() instead run_program()
- router: www: admin-access.asp: change allowed password length to 60 characters
- router: www: vpn-client.asp: change allowed server address length to 40 characters
- router: www: about.asp: Cosmetics
- router: www: fixes for W3C + some cosmetics
- router: www: qos-classify.asp: change allowed port length to 130 characters
- router: rom: Makefile: decrease number of tries to 1 for wget. It's already in loop
- router: rc: firewall.c: allow responses from the dhcpv6 server (Port 547) to the client (Port 546) (--> add Server Port 547)
- switch4g: fix variable initialization in modemReset() function
- switch3g/switch4g: add info to log about successful PIN verification
- IPv6: extend GUI status page (status-overview.asp) - show IPv6 addresses for interface wan, br0, br1, br2 and br3
- IPv6: DHCPv6 PD: small corrections - fix visibility for "Request /64 subnet for" --> right now only applicable for DHCPv6 with PD (and not for Native/Static IPv6) - cosmetic for ipv6_pdonly visibility
- IPv6: DHCPv6 PD: - override the default EUI-64 address selection and create a very userfriendly address for br0...br3 (--> ends with ::1 now) - cosmetic - add some comments
- IPv6: small change for DNSMASQ DHCPv6 start address (new ::2 up to ::FFFF:FFFF); leave ::1 address for the router interface brX --> used with DHCPv6-PD (WIDE-DHCPv6) now
- WIDE-DHCPv6: Fix manpages This patch fixes wide-dhcpv6 manpages (paths, typos, ...)
- WIDE-DHCPv6: Don't strip binaries This patch prevents wide-dhcpv6 build system from stripping built binaries
- WIDE-DHCPv6: Make sla-len config optional
- WIDE-DHCPv6: Make sla-id config optional
- WIDE-DHCPv6: cflag patch
- WIDE-DHCPv6: Fix parallel make race condition
- WIDE-DHCPv6: Adding ifid option to the dhcp6c.conf prefix-interface statement
- kernel: netfilter: ip6_tables: fix information leak to userspace
- kernel: ipv6: Warn users if maximum number of routes is reached
- kernel: ipv6: fix overlap check for fragments
- kernel: netfilter: ipv6: fix overlap check for fragments
- kernel: bridge: Fix IPv6 multicast snooping by storing correct protocol type
- kernel: bridge: Fix IPv6 multicast snooping by correcting offset in MLDv2
- kernel: bridge: Add missing ntohs()s for MLDv2 report parsing
- kernel: inet6: prevent network storms caused by linux IPv6 routers
- kernel: ipv6: udp: fix the wrong headroom check
- kernel: bridge: mcast snooping, fix length check of snooped MLDv1/2
- kernel: ipv4: correct IGMP behavior on v3 query during v2-compatibility mode
- Revert "leds and stealth mode rework", it should be checked and tested with given router models first
- Updated README.md, "HOW TO COMPILE"


2018.5.083-beta - 2018.11.25
----------------------------

- kernel: drivers: net: usb: qmi_wwan.c: fix CVE-2017-16650
- kernel: net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
- kernel: net: ipv6: accept RA and send RS while configured as router
- kernel: proc/sysctl: fix the int overflow for jiffies conversion
- OpenVPN: add TLS keys generator in GUI for VPN Server. Add ability to generate VPN client configuration for TLS
- dnsmasq: change default dns priority to 'no-resolv'
- dnsmasq: improve insecure ds syslog to handle servers that really do not support dnssec
- dnsmasq: update to 2.80
- stubby: make tls_authentication REQUIRED
- nf_conntrack_rtsp and nf_nat_rtsp: update to version 0.7, correcting nat_rtsp's behavour so it now will strip destination addresses that are not a stunaddr and replace with the masquerade IP of the host.
- tor: Updated to 0.3.4.9
- tor: make tor fully functional, so users can solve xxx.onion website dns and visit tor sites
- nano: Updated to 3.2
- php: updated to 7.2.12
- miniupnpd: update to git snapshot from 20181031 (includes PCP fix)
- tinc: Updated to 1.1pre17
- SQLite: Updated to 3.25.3
- nginx: updated to 1.14.1
- snmpd: Updated to 5.8
- uqmi: update to uqmi-01944dd
- apcupsd: update to 3.14.14
- libubox: update to libubox-c83a84a, clean sources, add patch instead
- libcurl: Updated to 7.62.0
- libcurl: Updated CA certificate bundle as of 2018-10-17
- dropbear: fix from upstream for CVE-2018-15599
- Remove residues in the code after ARIA2
- nano: bindings: when Ctrl+Shift+Delete has no keycode, don't use KEY_BSP
- mssl: Updated cipher list
- mssl: fix ssl context ciphers & options wasn't applied
- mssl: fix CVE-2009-3555, various security improvements
- mdu/mssl: add TLS SNI support
- mdu: fix warnings in compiler + cosmetics
- adblock: clean-up, fixes, improvements
- adblock: decrease timeout for wget to a reasonable value
- adblock: fix race condition when wan is up
- IGMP: Resolve CVE-2012-0207 - Resolve potential for divide by 0, allowing remote attackers to cause a denial of service via IGMP packets
- router: preparation of variables for new version of switch4g/switch3g
- router: preparation of variables for new version of switch4g/switch3g part 2
- router: Makefile: Fix nano not working on dir868l target due to missing library
- router: Makefile: add libnfnetlink-clean target
- router: Makefile: add stubby to targets o (R1D) and dir868l
- router: Makefile: Filter support for PHP needs to be enabled for h5ai
- router: Makefile: fix typo
- btools: libfoo.pl: fix typo
- router: www: qos-graphs.asp: Hide "Zoom Graphs" because it doesn't work anyway
- router: www: status-devices.asp: fix the freeze in Vivaldi browser 
- router: www: vpn-tinc.asp: small js fix
- router: www: basic-ipv6.asp AND rc: dhcp.c - some cosmetic - add missing verifcation for lanX_ipv6 - add/change comments (also at file httpd/tomato.c) - add additional check before we request a prefix for br1/br2/br3
- router: www: tomato.js: small fixes
- router: www: red.css: cosmetics
- router: www: Makefile: small fix regarding remove of obsolete stuff from html
- router: www: Makefile: cleanup comments more aggressively
- router: www: Makefile: cosmetics
- router: httpd: increase HTTP_MAX_LISTENERS to 16
- router: httpd: wl.c: fix popen/pclose
- router: httpd: vpn.c: cosmetics
- router: httpd: tomato.c: sync NVRAM variables sequence of OpenVPN Server 1 and Server 2 - add missing default-values for variables "vpn_server1_userpass" and "vpn_server1_nocert"
- router: httpd: tomato.c: cosmetics
- router: httpd: iperf.c: change the location of the pid file
- router: rc: vpn.c: add some comments -protection/cosmetic within function start_vpn_eas() and stop_vpn_eas: add check that i (counter for Server X/Client Y) will always be < 4 before write value to nums[i]
- router: rc: led.c: fix led applet - use proper led in case usb3
- router: rc: init.c: cosmetics
- router: rc: services.c: fix: Static DNS settings broken with WAN disabled (i.e. operating as AP)
- router: rc: network.c: Do not enable IPv6 for 'all', 'eth0', 'eth1', 'eth2' (ethX) - IPv6 will live on the bridged instances
- router: dhcp.c: add some comments -cosmetic -change *lanif to const char (pointer can be changed but not char), because of getifaddr return value (const char*) -remove semicolon after some if-conditions
- router: shared: led.c: also for USB GPIO values in case AC56/68U
- router: shared: defaults.c: change default value for ntp_updates (Auto Update Time) to 1 (Auto interval)
- router: shared: defaults.c: small fix for vpn ca key
- router: config_base: add missing TCONFIG_IPERF
- router: mssl: mssl.c: fix build break on dir868l target
- small fix for IPv6 accept_ra: make it possible to change accept_ra value for WAN and LAN(br0...br3) without reboot/restart of the router
- IPv6: restrict Accept RA from LAN option (with dnsmasq)
- IPv6: small fix/changes for DHCPv6 with Prefix Delegation - let IPv6 RA via WAN take care of adding the default route
- switch3g: change sleep time for switching modem
- switch3g: rework (1/2)
- switch4g: change the sleep time for 2nd type non-hilink modem, before send any command (some devices need this, otherwise they hang)
- switch4g: add more possible options to Network Type and Roaming for 2nd type (qmi-wwan) non-hilink modems
- switch4g: rework
- switch4g: do not search all DIAGS every time - use already found for given device in searchDiag()
- vpnrouting: cosmetics
- GUI: adblock: add warning
- GUI: stubby: add the ability to choose the level of logging
- GUI: add CPU / WL temperature readings in Fahrenheit degrees
- GUI: add feature to generate VPN static key from GUI
- GUI: add warning on OpenVPN server page about needed free NVRAM space
- GUI: add option for OpenVPN LZ4-V2 compression
- GUI: Add IPERF bandwidth test tool with as an option
- GUI: Generation of iperf commandline
- GUI: IPerf: fix some minor JS bugs
- Fix build when valgrind is installed on host
- www: W3C never-ending-story
- Final clean-up of UI files according to the Web Consortium W3C standard
- Fix PHP build when libicu is installed
- Fix build when LZMA is installed on host
- Fix "cannot run test program while cross compiling"
- patches: fix mysql re-check patch
- cosmetic and small updates for IPv6
- Stealth Mode switch for LEDs
- LEDs and stealth mode rework


2018.4 - 2018.09.12
----------------------------

- Preliminary support for Stubby (DNS-over-TLS)
- dnsmasq: Updated to 2.80test6
- openssl: updated to 1.0.2p
- php: Updated to 7.2.9
- tor: Updated to 0.3.3.9
- tinc: Updated to 1.1pre16
- libcurl: Updated to 7.61.1
- libcurl: Fix build failures
- e2fsprogs: Updated to 1.44.4
- libcurl: Updated CA certificate bundle as of 2018-06-20
- adminer: Updated to 4.6.3
- miniupnpd: Updated to 2.1.20180706
- libjson-c: Updated to 0.13.1
- samba: enable PARALLEL_BUILD directive for components
- gmp: optimize gmp build (fix compilation with different autotools version, allow parallel make, don't build demos and doc)
- mdadm: skip building mdadm man pages
- igmpproxy: fix compiler flags, change code optimization to -O3
- dnscrypt-proxy: Updated resolvers csv to 20180709
- Increase the maximum size that is used when reading the ssh-host-key (to 4096 bits)
- OpenVPN: make IPv6 connection possible if IPv6 is enabled
- OpenVPN: extend Server GUI functionality - add option to push LAN(br0)...LAN4(br3) (only if available) - push the suitable DNS Server LAN IP
- radvd: remove leftovers at file router/rc/rc.h (Tomato uses dnsmasq)
- GUI: only include curl as a connection checker, if it's built
- GUI: openvpn: add AES-*-GCM ciphers to the available legacy ciphers
- GUI: add a needed include file for code utilizing bwm-common.js
- GUI: bwm-common.js: fix erroneous change in commit 3e650c1
- GUI: wireless.js: fix erroneous change in commit fe53904
- GUI: do not display rt bw graphs if monitoring has been disabled
- router: Makefile: compile dnsmasq with NO_ID, NO_AUTH and NO_GMP directive + some cosmetics
- router/rc/wan.c: start miniupnpd after httpd/later to avoid disabling IPv6 at miniupnpd startup (does happen sometimes with 2018.3, solves miniupnpd warning "no HTTP IPv6 address, disabling IPv6" at reboot/restart)
- router/rc/transmission.c: sysctl binary is not included in TomatoUSB, write values directly instead
- router/rc/rc.h: fix ARM builds WITHOUT IPv6 support (there is no freshtomato ARM build with IPv4 support only)
- router/rc/firewall.c and rc.h - add function "enable_ndp_proxy()" - Enable NDP Proxy for IPv6 builds - add missing conditional compilation
- watchdog: increase waittime to 3 and max_ttl to 4 in traceroute to reduce false positives
- nocat: Retiring Captive Portal feature
- kernel: netfilter: fix u32 match
- kernel: netfilter: nf_conntrack: fix count leak in error path of __nf_conntrack_alloc
- kernel: netfilter: nf_conntrack: set conntrack templates again if we return NF_REPEAT
- kernel: netfilter: nf_conntrack: fix early_drop with reliable event delivery
- kernel: netfilter: nf_conntrack: fix ct refcount leak in l4proto->error() (Tomato doesn't have icmp module, but this fix is still relevant)
- kernel: netfilter: nf_conntrack: fix event flooding in GRE protocol tracker
- kernel: netfilter: ip6_route_output() never returns NULL. ip6_route_output() never returns NULL, so it is wrong to check if the return value is NULL
- kernel: netfilter: ip4 ip_queue: Fix small leak in ipq_build_packet_message()
- kernel: netfilter: ip6 ip_queue: Fix small leak in ipq_build_packet_message()
- kernel: netfilter: ipset: dumping error triggered removing references twice
- kernel: netfilter: ebtables: fix wrong name length while copying to user-space
- kernel: logfs: Prevent memory corruption
- kernel: cifs: fix possible memory corruption in CIFSFindNext
- kernel: ARM: 6891/1: prevent heap corruption in OABI semtimedop
- kernel: ext3: Fix error handling on inode bitmap corruption
- kernel: ext2: Fix error handling on inode bitmap corruption
- kernel: mac80211: fix conn_mon_timer running after disassociate
- patches: dnsmasq: log packet resize reports at debug level instead of warning since they are too frequent
- WL: update wireless driver for SDK7 to GPL 382.50470
- Fixing the `uname -r` issue in readme


2018.3 - 2018.06.22
----------------------------

- php: updated to 7.2.7
- dnsmasq: update to 2.80test2
- iptables: updated to to 1.6.2
- libcurl: updated to 7.60.0
- nano: updated to 2.9.8
- sqlite: updated to 3.24.0
- tor: Updated to 0.3.3.7
- xl2tpd: Updated to 1.3.12
- entware: download installer scripts over https
- dnscrypt-proxy: remove unneeded public-resolvers.md file from build
- dnscrypt-proxy: define own timeout and number of tries for wget to use local copy of server list much quicker than with defaults
- www: tools-wol.asp: WOL bugfix
- www/status-overview.asp: fix wireless show/hide state retension
- www: advanced-vlan.asp: cosmetics
- www: status-overview.asp: cosmetics
- router/www: advanced-tor.asp: fix search for specified words
- router/www: advanced-tor.asp: allow to enter "SocksPort" also in Custom Configuration
- router/Makefile: add PARALLEL_BUILD directive to dhcpv6
- router: httpd/rc: fix warnings in compiler
- router: rc: fix warnings in compiler
- kernel: tweak input class modules, removing mouse/joystick support


2018.3.018-beta - 2018.05.27
----------------------------

- OpenVPN: updated to 2.4.6
- php: updated to 7.2.6
- miniupnpd: updated to 2.1
- dnsmasq: updated to 2.80test2
- ipset: updated to 6.38
- nginx: updated to 1.14.0
- nano: updated to 2.9.7
- transmission: updated to 2.94
- snmpd: updated to 5.8.rc2
- e2fsprogs: updated to 1.44.2
- tor: updated to 0.3.3.6
- EBTABLES: updated to master-head as at May 25, 2018
- BRIDGE-UTILS: updated to 1.6 (plus commits in master as at May 7, 2018)
- ntpclient: updated to 2017_246
- Switch from ntpc to ntpclient - Added code to handle previous issues (not update on reboot, etc)
- Transition from using ntpclient (or ntpc) to Busybox ntpd
- Clean ups in ntp start proc
- igmpproxy: update to 0.2.1
- allow IGMPv3 for LAN
- IGMP proxy: add the possiblity for a custom config (instead of the tomato default)
- change label/description "Efficient Multicast Forwarding" at advanced-routing.asp to "Efficient Multicast Forwarding (IGMP Snooping)"
- add function init() to advanced-firewall.asp (use class attribute for IGMP proxy links to open a new tab/window)
- fix typo at IGMP proxy notes section (wrong example value for downstream threshold) --> default to 1
- update for emf-files and igs-files up to Asus 378_4585
- pptpd: clean sources, add patch instead: change number of default connections to 6, fix for wrong location of binaries
- rp-pppoe: clean sources 3.12, add (forgotten) patch instead
- busybox: enable TEE command
- Revert "QOS: fix the # number of Rule doesn't show in QOS Details view."
- router/Makefile: Added symlink to iptables-save command
- router/Makefile: add "--ipv6" to miniupnpd-config AND fix compilation for ARM bring back IPv6 support
- Revert "router/rc/init.c: R8000: invert the default order of ports"
- router/shared/defaults.c: add missing "ipv6_dhcpd" at router/shared/defaults.c and set it to "1" (Enable DHCPv6)
- router/shared/defaults.c: disable "nf_sip" by default (GUI @ Tracking / NAT Helpers SIP - Option Off)
- www: Modified Bandwidth Limiter warnings
- www.tomato.js: fix typo
- www: about.asp: Cosmetics
- BWL: Manipulate waniface only if QoS is Disabled
- fpkg: remove unused variable
- rc/init.c: improve invalid_mac check
- rc/services.c: remove forgotten reference to stop_zebra()
- root dhcp6c: do not open a routing socket that's never used
- dhcpv6: RENEW: ignore advertise messages with none of requested data and missed status codes
- dhcpv6: small code cleanup
- dhcpv6: ignore advertise messages with none of requested data and missed status codes
- dhcpv6: close file descriptors on exec
- dhcpv6: no need for sizeoff(char)
- dhcpv6: Fix a number of resource/memory leaks
- Fixing use of memset
- Fix dhcp6 parallel build failure with poudriere on FreeBSD, by implementing patch from bug 38: https://sourceforge.net/p/wide-dhcpv6/bugs/38/
- Resolve bind(control sock): Address already in use error Patch #1 from: https://sourceforge.net/p/wide-dhcpv6/bugs/36/
- Resolve bind(control sock): Address already in use issue Patch #2 from https://sourceforge.net/p/wide-dhcpv6/bugs/36/
- IGMP - Resolve CVE-2012-0207 - Resolve potential for divide by 0, allowing remote attackers to cause a denial of service via IGMP packets
- Fix potential FILE * resource leak
- Fix bad memset in auth.c
- Allow for NULL termination on variable partname by increasing its size from 16 to 17
- Rework save_variables procedure so that sprintf is not writing to the same variable, in which case the results are considered undefined
- Fix potential FILE * leak in nvram_commit
- minidlna: patch: add missing if() statement MIA/fix in patch
- IPROUTE - Fix a few resource leaks
- fix some build warnings
- Cleanup tree
- Added Dlink DIR868L and Xiaomi R1D to compilation


2018.2 - 2018.04.17
----------------------------

- fix problem with passing Tagged/UNtagged on same port when using default vlan


2018.1 - 2018.04.14
----------------------------

- php: updated to 7.2.4
- php: 'mysql' option is no longer supported in PHP7, changed to 'mysqli'
- OpenVPN: updated to 2.4.5
- openssl: updated to 1.0.2o
- miniupnpd: updated to 2.0.20180412
- miniupnpd: changed the coding to use an interface name instead of an IP/netmask
- nginx: updated to 1.13.12
- Adminer: updated to 4.6.2
- dnsmasq: update to 2.80test1
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=log
- dnscrypt: change update-resolvers script to process v2 resolvers format
- libncurses: updated to 6.1
- nettle: updated to 3.4
- sqlite: updated to 3.23.1
- MiniDLNA: updated to 1.2.1
- New wireless driver for SDK7 (Fixed KRACK vulnerability)
- e2fsprogs: updated to 1.44.1
- nano: updated to 2.9.5
- fixed FTP data connection fails from WAN side when port is not 21
- transmission: updated to 2.93
- ipset: updated to 6.36
- libcurl: updated to 7.59.0
- libcurl: updated CA certificate bundle as of 2018-03-07
- libusb: update to 1.0.22
- usb_modeswitch: updated to 2.52
- libvorbis: updated to 1.3.6
- tor: updated to 0.3.2.10
- dropbear: updated to 2018.76
- xl2tpd: updated to 1.3.11
- pcre: Updated to 8.42
- busybox: changed uname
- router/rc/wan.c: removed "bump wan state file on connect (don't wait watchdog result)"
- router/rc/wan.c: dnsmasq process was receiving a second SIGINT signal. Instead of triggering another DNSSEC time checking, it was killing process
- router/rc/init.c: R7000/R8000: enable Air Time Fairness by default
- router/rc/services.c: fixes issues with httpd
- router/rc/services.c: SIGINT seems to be issued too soon against dnsmasq - wait one second before doing so
- rc/services.c: Connect On Demand could no longer work as designed, due to address 1.1.1.1 becoming a legit recursive DNS server, so a different IP address was chosen for this purpose
- router/Makefile: enabled mini-gmp, saves 4KB
- router/Makefile: disable RAID (mdadm binary)
- Several kernel patches in SDK6 & SDK7
- Changed Tomato versioning
- kernel: updated drivers/net/ modules:
https://bitbucket.org/kille72/tomato-arm-kille72/commits/72befb92d9bf2671de800c2841a583e2c58e9374
https://bitbucket.org/kille72/tomato-arm-kille72/commits/fb421ca0b97e0dedd4e0a2360fd98a1761e80209
- LED: Preliminary support for 2nd 5Ghz LED on R8000
- multiwan: forgotten kernel updates for sdk7
- busybox: add CONFIG_FEATURE_NETSTAT_PRG to configuration, for netstat -p functionality
- GUI: Air Time Fairness support for R7000/R8000
- RT-AC3200: invert the default order of ports
- R8000: invert the default order of ports
- entware: updated installation script
- watchdog: increase curl timeout from 3 to 5 seconds in ckcurl function - on heavy loaded 3G connection it could make false positives
- GUI: fix channel scan function for WiFi
- GUI: fix problem with passing Tagged/UNtagged on same port when using default vlan
- GUI: basic-network.asp: LCP Echo (Interval|Link fail limit) is used also with PPTP, L2TP and PPP3G so let's make it possible to modify
- GUI: add possibility to change default IP (198.51.100.1) where DNS queries send to trigger connect-on-demand
https://bitbucket.org/kille72/tomato-arm-kille72/commits/6d47b63eae4e35f5cbf2375914a2113af61e8d6e
- cstats: fix excess I/O, reduce console spam
https://bitbucket.org/kille72/tomato-arm-kille72/commits/709e23e7f1d6cbb07f125a4227cbe995f2118f88
- libid3tag: fix build/link error on Ubuntu + some additional fixes
- Fixed TOR build on some systems
- Cleanup of unused components from the tree and Makefiles
- www: default theme - original 'usbblue'
- Rebranding to FreshTomato :)