1.0.2.106SF: 1. Toolchain: Go is upgraded 1.21.3->1.21.5. 2. Toolchain: gdb is upgraded to 13.2. 3. Toolchain: enable 'XATTR' for uClibc (needed to compile 'libcap-ng'). 4. samba36: add patches to fix CVE: CVE-2015-5330, CVE-2017-11103, CVE-2017-2619, CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16860, CVE-2019-10218, CVE-2019-3880, CVE-2020-10745, CVE-2020-14303 5. jq package is upgraded 1.7->1.7.1 (fixing CVE-2023-50246, CVE-2023-50268). https://nvd.nist.gov/vuln/detail/CVE-2023-50246 (score 5.5, Medium) https://nvd.nist.gov/vuln/detail/CVE-2023-50268 (score 5.5, Medium) 6. OpenVPN is upgraded 2.5.9->2.6.8. 7. Add 'libcap-ng' package (needed to compile OpenVPN 2.6.x). 8. OpenVPN server: set default cipher to 'CHACHA20-POLY1305' for client config ('download' script). 9. net-cgi: change messages 'OpenVPN 2.5.x'->'OpenVPN 2.6.x'. 10. proftpd package is upgraded 1.3.8a->1.3.8b. 11. ethtool package is upgraded 6.5->6.6. 12. curl package is upgraded 8.4.0->8.5.0. 13. sysstat package is upgraded 12.7.4->12.7.5. 14. iperf3 package is upgraded 3.15->3.16. 15. ubus package is upgraded 2023-06-05->2023-11-28. 16. libubox package is upgraded 2023-05-23->2023-12-04.1. 17. unbound package (used in stubby) is upgraded 1.18.0->1.19.0. 18. libgcrypt package is upgraded 1.10.2->1.10.3. 19. libxml2 package is upgraded 2.11.5->2.11.6. 20. ffmpeg (minidlna) package is upgraded 6.0->6.1. 21. libid3tag (minidlna) package is upgraded 0.16.2->0.16.3. 22. iproute2: change the 'ip' utility from 'full' to 'tiny' to save space. 23. Several packages: '-Os' optimization to avoid oversize. 24. Remove 'dni-openvpn-client' package (unused). 25. Host tools: upgrade mkimage/u-boot to 2023.10. 26. Host tools: upgrade xz to 5.4.5. 27. Host tools: upgrade UPX to 4.2.1. 1.0.2.105SF: 1. Toolchain: binutils version is upgraded 2.40->2.41. 2. Toolchain: Go is upgraded 1.21.0->1.21.3. 3. curl package is upgraded 8.2.1->8.4.0 (fixing CVE-2023-38545, CVE-2023-38546). https://phoenix.security/vulnerability-curl/ CVE-2023-38545: high severity vulnerability CVE-2023-38546: low severity vulnerability 4. netatalk package is upgraded 3.1.15->3.1.18 (fixing CVE-2022-22995, CVE-2023-42464, CVE-2022-23121, CVE-2022-23123). https://nvd.nist.gov/vuln/detail/CVE-2022-22995 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2023-42464 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2022-23121 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2022-23123 (score 9.8, Critical) 5. OpenSSL v. 1.1.1 package is upgraded 1.1.1v->1.1.1w (fixing CVE-2023-4807). https://nvd.nist.gov/vuln/detail/CVE-2023-4807 (score 7.8, High, but actually is not related to router firmware) 6. ethtool package is upgraded 6.4->6.5. 7. ipset package is upgraded 7.17->7.19. 8. proftpd package is upgraded 1.3.8->1.3.8a. 9. coreutils package (sort/gnu-date) is upgraded 9.3->9.4. 10. sysstat package is upgraded 12.7.2->12.7.4. 11. zlib package is upgraded 1.2.13->1.3. 12. unbound package (used in stubby) is upgraded 1.17.1->1.18.0. 13. dbus package is upgraded 1.14.8->1.14.10. 14. jq package is upgraded 1.6->1.7. 15. iperf3 package is upgraded 3.14->3.15. 16. minidlna: libjpeg 9e package is replaced with libjpeg-turbo 2.1.5.1. 17. Kernel: Linux kernel patch to fix build with binutils >= 2.41. 18. Host tools: upgrade xz to 5.4.4. 19. Host tools: upgrade mpfr to 4.2.1. 20. Host tools: add Python3 patch to ipkg-utils. 1.0.2.104SF: 1. Toolchain: GCC is upgraded 13.1.0->13.2.0. 2. Toolchain: Go is upgraded 1.20.5->1.21.0. 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1u->1.1.1v (fixing CVE-2023-3817, CVE-2023-3446). https://nvd.nist.gov/vuln/detail/CVE-2023-3817 (score 5.3, Medium) https://nvd.nist.gov/vuln/detail/CVE-2023-3446 (score 5.3, Medium) 4. DNSCrypt Proxy v.2 is upgraded 2.1.4->2.1.5. 5. curl package is upgraded 8.1.2->8.2.1. 6. ethtool package is upgraded 6.3->6.4. 7. dbus package is upgraded 1.14.6->1.14.8. 8. ubus package is upgraded 2022-06-15->2023-06-05. 9. uci package is upgraded 2023-03-05->2023-08-10. 10. iperf3 package is upgraded 3.13->3.14. 11. tar package is upgraded 1.34->1.35. 12. libxml2 package is upgraded 2.11.4->2.11.5. 13. libjson-c package is upgraded 0.16->0.17. 14. libflac package is upgraded 1.4.2->1.4.3. 15. '-O3' optimization for ppp. 16. Boost of kernel ('-O3' compilation option for the whole kernel). 17. Change building EXT4_FS as a module (kernel). 18. Enable EXT4_USE_FOR_EXT23 (kernel). 19. Host tools: upgrade UPX to 4.1.0. 20. Host tools: upgrade mklibs to 0.1.45. 21. Host tools: upgrade gmp to 6.3.0. 1.0.2.103SF: 1. Toolchain: Go is upgraded 1.20.3->1.20.5. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1t->1.1.1u (fixing CVE-2023-0466, CVE-2023-0465, CVE-2023-0464). https://nvd.nist.gov/vuln/detail/CVE-2023-0466 (score 5.3, Medium) https://nvd.nist.gov/vuln/detail/CVE-2023-0465 (score 5.3, Medium) https://nvd.nist.gov/vuln/detail/CVE-2023-0464 (score 7.5, High) 3. netatalk package is upgraded 3.1.14->3.1.15 (fixing CVE-2022-43634, CVE-2022-45188). https://nvd.nist.gov/vuln/detail/CVE-2022-43634 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2022-45188 (score 7.8, High) 4. minidlna package is upgraded 1.3.2->1.3.3 (fixing CVE-2023-33476). https://nvd.nist.gov/vuln/detail/CVE-2023-33476 (score 9.8, Critical) 5. ffmpeg (minidlna) package is upgraded 5.1.3->6.0. 6. sqlite (minidlna) package is upgraded 3410100->3410200. 7. wget package is upgraded 1.21.3->1.21.4. 8. ethtool package is upgraded 6.2->6.3. 9. curl package is upgraded 8.0.1->8.1.2. 10. libubox package is upgraded 2022-09-27->2023-05-23. 11. libxml2 package is upgraded 2.10.4->2.11.4. 12. util-linux: add 'dmesg' utility instead of busybox version. 13. Host tools: upgrade xz to 5.4.3. 1.0.2.102SF: 1. Toolchain: GCC is upgraded 12.2.0->13.1.0. 2. Toolchain: Go is upgraded 1.20.2->1.20.3. 3. libxml2 package is upgraded 2.10.3->2.10.4 (fixing CVE-2023-29469, CVE-2023-28484). https://access.redhat.com/security/cve/CVE-2023-29469 (score 5.9, Medium) https://access.redhat.com/security/cve/CVE-2023-28484 (score 5.9, Medium) 4. tcpdump package is upgraded 4.99.3->4.99.4 (fixing CVE-2023-1801). https://nvd.nist.gov/vuln/detail/CVE-2023-1801 (score 6.5, Medium) 5. libpcap package is upgraded 1.10.3->1.10.4, old libpcap is renamed to libpcap-qos (used by QoS). 6. libgcrypt package is upgraded 1.10.1->1.10.2. 7. libgpg-error package is upgraded 1.46->1.47. 8. curl package is upgraded 7.88.1->8.0.1. 9. coreutils package (sort/gnu-date) is upgraded 9.1->9.3. 10. e2fsprogs package is upgraded 1.46.6->1.47.0. 11. ffmpeg (minidlna) package is upgraded 5.1.2->5.1.3. 12. busybox: enable COMMAND_SAVEHISTORY for shell. 13. Remove pcre (unused). 14. wget: remove libpcre dependency. 15. readline: split to 'libreadline' and 'libhistory', disable 'libhistory' in 'defconfig' (unused). 16. Selective optimization '-O3' of kernel components/drivers (slight boost). 17. Host tools: upgrade xz to 5.4.2. 18. Host tools: upgrade squashfs4 to 4.6.1. 19. Host tools: upgrade mkimage/u-boot to 2023.04. 20. Host tools: upgrade e2fsprogs to 1.47.0. 21. Host tools: upgrade mpc to 1.3.1. 22. Host tools: synchronize squashfs3-lzma and lzma-old with OpenWRT. 1.0.2.101SF: 1. Toolchain: Go is upgraded 1.19.5->1.20.2. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1s->1.1.1t (fixing CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286). https://www.openssl.org/news/openssl-1.1.1-notes.html CVE-2023-0286, High severity. CVE-2023-0215, Moderate severity. CVE-2022-4450, Moderate severity. CVE-2022-4304, Moderate severity. 3. OpenSSL 1.0.2: create and add patches to fix CVE-2023-0215/CVE-2023-0286. https://nvd.nist.gov/vuln/detail/CVE-2023-0215 (score 7.5, High) https://nvd.nist.gov/vuln/detail/CVE-2023-0286 (score 7.4, High) 4. e2fsprogs package is upgraded 1.46.5->1.46.6 (fixing CVE-2022-1304). https://nvd.nist.gov/vuln/detail/cve-2022-1304 (score 7.8, High) 5. libid3tag package is upgraded 0.15.1b->0.16.2 (fixing CVE-2017-11550). https://nvd.nist.gov/vuln/detail/CVE-2017-11550 (score 5.5, Medium) 6. OpenVPN is upgraded 2.5.8->2.5.9. 7. DNSCrypt Proxy v.2 is upgraded 2.1.2->2.1.4. 8. dbus package is upgraded 1.14.4->1.14.6. 9. curl package is upgraded 7.87.0->7.88.1. 10. iperf3 package is upgraded 3.12->3.13. 11. proftpd package is upgraded 1.3.7f->1.3.8. 12. ethtool package is upgraded 6.1->6.2. 13. uci package is upgraded 2021-10-22->2023-03-05. 14. ca-certificates package is upgraded 20211016->20230311. 15. sqlite (minidlna) package is upgraded 3400000->3410100. 16. netatalk package is upgraded 2.2.6->3.1.14. To disable AppleFilingProtocol/TimeMachine/netatalk at all use the following commands: nvram set noafp=1 nvram commit reboot 17. netatalk-utility package is upgraded 1.0.0->1.0.1 (needed to support netatalk 3.1.4). 18. util-linux: add 'blkid' utility (needed to support netatalk-utility 1.0.1). 19. Remove libltdl (unused). 20. dnsmasq: add changes from the stock V1.0.2.92. 21. Make an order in kernel modules to build. 22. Upgrade libevent2 to 2.1.12, rename previous libevent2 to libevent2-qos (used by QoS). 23. transmission: change Makefile to support new version of libevent2. 24. samba-scripts: change 'update_user' script. 25. ethtool: split into 'tiny' and 'full' options and choose 'ethtool-tiny' in default config. 26. Replace prebuilt kmod-qca-nss-drv and kmod-qca-nss-drv-qdisc (using binutils 2.40). 27. Host tools: upgrade e2fsprogs to 1.46.6 (fixing CVE-2022-1304). https://nvd.nist.gov/vuln/detail/cve-2022-1304 (score 7.8, High) 28. Host tools: upgrade libtool to 2.4.7. 29. Host tools: change Makefile to use new libtool. 1.0.2.100SF: 1. Toolchain: binutils version is upgraded 2.39->2.40. 2. Toolchain: Go is upgraded 1.18.9->1.19.5. 3. ipset package is upgraded 7.16->7.17. 4. curl package is upgraded 7.86.0->7.87.0. 5. unbound package (used in stubby) is upgraded 1.17.0->1.17.1. 6. getdns package (used in stubby) is upgraded 1.7.2->1.7.3. 7. stubby package is upgraded 0.4.2->0.4.3. 8. ncurses package is upgraded 6.3->6.4. 9. libpcap package is upgraded 1.10.1->1.10.3. 10. tcpdump package is upgraded 4.99.1->4.99.3. 11. ethtool package is upgraded 6.0->6.1. 12. ubus package is upgraded 2022-06-01->2022-06-15. 13. nano package is upgraded 7.1->7.2. 14. sysstat package is upgraded 12.7.1->12.7.2. 15. Upgrade WebGUI LG_VERSION. 16. Selective optimization '-O3' of kernel components/drivers (slight boost). 17. Host tools: upgrade mkimage/u-boot to 2023.01. 18. Host tools: upgrade genext2fs to 1.5.0. 19. Host tools: upgrade xz to 5.4.1. 20. Host tools: upgrade mpfr to 4.2.0. 21. Host tools: upgrade UPX to 4.0.2. 1.0.2.99SF: 1. Toolchain: Go is upgraded 1.18.7->1.18.9. 2. zlib package is upgraded 1.2.12->1.2.13 (fixing CVE-2022-37434). https://nvd.nist.gov/vuln/detail/CVE-2022-37434 (score 9.8, Critical) 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1q->1.1.1s. 4. OpenVPN is upgraded 2.5.7->2.5.8. 5. dropbear package is upgraded 2022.82->2022.83. 6. proftpd package is upgraded 1.3.7e->1.3.7f. 7. ipset package is upgraded 7.15->7.16. 8. dbus package is upgraded 1.13.22->1.14.4. 9. sysstat package is upgraded 12.6.0->12.7.1. 10. logrotate package is upgraded 3.20.1->3.21.0. 11. nano package is upgraded 6.4->7.1. 12. libusb-compat package is upgraded 0.1.7->0.1.8. 13. ffmpeg (minidlna) package is upgraded 4.3.5->5.1.2. 14. sqlite (minidlna) package is upgraded 3370000->3400000. 15. ssmtp: cosmetic changes. 16. popt: add patch to fix compilation issue (new 'gettext' version). 17. Host tools: upgrade xz to 5.2.10. 18. Host tools: upgrade sed to 4.9. 19. Host tools: upgrade mpfr to 4.1.1. 20. Host tools: upgrade UPX to 4.0.1. 1.0.2.98SF: 1. Toolchain: Go is upgraded 1.18.5->1.18.7. 2. Toolchain: GDB is upgraded 11.2->12.1. 3. zlib: add patch to fix CVE-2022-37434. https://nvd.nist.gov/vuln/detail/CVE-2022-37434 (score 9.8, Critical) 4. expat package is upgraded 2.4.8->2.5.0 (fixing CVE-2022-40674, CVE-2022-43680). https://nvd.nist.gov/vuln/detail/CVE-2022-40674 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2022-43680 (score 7.5, High) 5. OpenSSL 1.0.2u: add patches to fix CVE-2020-1971/CVE-2021-23841/CVE-2021-3712/CVE-2022-0778: https://nvd.nist.gov/vuln/detail/CVE-2020-1971 (score 5.9, Medium) https://nvd.nist.gov/vuln/detail/CVE-2021-23841 (score 5.9, Medium) https://nvd.nist.gov/vuln/detail/CVE-2021-3712 (score 7.4, High) https://nvd.nist.gov/vuln/detail/CVE-2022-0778 (score 7.5, High) 6. unbound package (used in stubby) is upgraded 1.16.2->1.17.0 (fixing CVE-2022-3204). https://nvd.nist.gov/vuln/detail/CVE-2022-3204 (score 7.5, High) 7. libxml2 package is upgraded 2.10.0->2.10.3 (fixing CVE-2022-40303, CVE-2022-40304). https://access.redhat.com/security/cve/cve-2022-40303 (score 8.2, High) https://access.redhat.com/security/cve/cve-2022-40304 (score 8.2, High) 8. stubby package is upgraded 0.4.0->0.4.2. 9. curl package is upgraded 7.84.0->7.86.0. 10. ethtool package is upgraded 5.18->6.0. 11. libflac package is upgraded 1.3.4->1.4.2. 12. ffmpeg package is upgraded 4.3.4->4.3.5. 13. minidlna package is upgraded 1.3.1->1.3.2. 14. libnl-tiny package is upgraded 2022-05-17->2022-05-23. 15. libubox package is upgraded 2022-05-15->2022-09-27. 16. libgpg-error package is upgraded 1.45->1.46. 17. popt package is upgraded 1.18->1.19. 18. libreadline package is upgraded 8.1.2->8.2. 19. gettext package is upgraded 0.21->0.21.1. 20. iperf3 package is upgraded 3.11->3.12. 21. hfsprogs is upgraded 332.25->540.1. 22. Host tools: upgrade xz to 5.2.7. 23. Host tools: upgrade mkimage/u-boot to 2022.10. 1.0.2.97SF: 1. Toolchain: GCC is upgraded 12.1.0->12.2.0. 2. Toolchain: binutils version is upgraded 2.38->2.39. 3. Toolchain: Go is upgraded 1.18.4->1.18.5. 4. libxml2 package is upgraded 2.9.14->2.10.0 (fixing CVE-2022-2309, score 7.5, High). https://nvd.nist.gov/vuln/detail/CVE-2022-2309 5. DNSCrypt Proxy v.2 is upgraded 2.1.1->2.1.2. 6. unbound package (used in stubby) is upgraded 1.16.1->1.16.2. 7. getdns package (used in stubby) is upgraded 1.7.0->1.7.2. 8. lz4 package is upgraded 1.9.3->1.9.4. 9. proftpd package is upgraded 1.3.7d->1.3.7e. 10. util-linux package is upgraded 2.38->2.38.1. 11. nano package is upgraded 6.3->6.4. 12. tcpdump: add UPX packing. 13. Default congestion control algorithm is changed to 'illinois'. 14. Remove 'fbwifi' utility. 15. Host tools: upgrade mkimage/u-boot to 2022.07. 16. Host tools: upgrade xz to 5.2.6. 1.0.2.96SF: 1. Toolchain: add patch to uClibc to fix CVE-2022-30295, score 6.5, Medium (Use predictable DNS transaction IDs that may lead to DNS cache poisoning). https://nvd.nist.gov/vuln/detail/CVE-2022-30295 2. Toolchain: Go is upgraded 1.18.3->1.18.4. 3. OpenSSL v. 1.1.1 package: change the compiler flag '-fvect-cost-model=unlimited'->'-fvect-cost-model=dynamic'. 4. OpenSSL v. 1.1.1 package is upgraded 1.1.1o->1.1.1q. 5. curl package is upgraded 7.83.1->7.84.0. 6. tcpdump package is upgraded 4.9.3->4.99.1. 7. unbound package (used in stubby) is upgraded 1.16.0->1.16.1. 8. ethtool package is upgraded 5.17->5.18. 9. OpenSSL 0.9.8 package is upgraded 0.9.8zg->0.9.8zh. 10. iptables: add 'tee' support (iptables-mod-tee/kmod-ipt-tee packages). 1.0.2.95SF: 1. Toolchain: GCC is upgraded 11.3.0->12.1.0. 2. Toolchain: Go is upgraded 1.18.1->1.18.3. 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1n->1.1.1o (fixing CVE-2022-1292, score 9.8, Critical). https://nvd.nist.gov/vuln/detail/CVE-2022-1292 4. libxml2 package is upgraded 2.9.13->2.9.14 (fixing CVE-2022-29824, score 6.5, Medium). https://nvd.nist.gov/vuln/detail/CVE-2022-29824 5. OpenVPN is upgraded 2.5.6->2.5.7. 6. unbound package (used in stubby) is upgraded 1.15.0->1.16.0. 7. curl package is upgraded 7.82.0->7.83.1. 8. libubox package is upgraded 2021-11-20->2022-05-15. 9. ubus package is upgraded 2022-02-28->2022-06-01. 10. sysstat package is upgraded 12.5.6->12.6.0. 11. logrotate package is upgraded 3.19.0->3.20.1. 12. OpenSSL 0.9.8 package is upgraded 0.9.8p->0.9.8zg. 13. nano package is upgraded 6.2->6.3. 14. Slight boost adding '-ftree-vectorize' and '-fvect-cost-model=unlimited' flags to compilation options (speed up). 15. proftpd package is upgraded 1.3.7c->1.3.7d. 16. amule: add UPX packing. 17. Upgrade WebGUI LG_VERSION. 1.0.2.94SF: 1. Toolchain: GCC is upgraded 11.2.0->11.3.0. 2. Toolchain: Go is upgraded 1.18->1.18.1. 3. Toolchain: GDB is upgraded 11.1->11.2. 4. libmnl package is upgraded 1.0.4->1.0.5. 5. libnfnetlink package is upgraded 1.0.1->1.0.2. 6. libreadline package is upgraded 8.1->8.1.2. 7. libjson-c package is upgraded 0.15->0.16. 8. libgcrypt package is upgraded 1.9.4->1.10.1. 9. libgpg-error package is upgraded 1.43->1.45. 10. popt package is upgraded 1.16->1.18. 11. libusb package is upgraded 1.0.25->1.0.26. 12. gdbm package is upgraded 1.19.1->1.23. 13. at package is upgraded 3.1.23->3.2.5. 14. haveged package is upgraded 1.9.17->1.9.18. 15. coreutils package (sort/gnu-date) is upgraded 9.0->9.1. 16. logrotate package is upgraded 3.17.0->3.19.0. 17. sysstat package is upgraded 12.4.5->12.5.6. 18. ffmpeg package is upgraded 4.3.3->4.3.4. 19. sqlite package is upgraded 3330000->3370000. 20. Upgrade 'detcable' binary from the stock V1.0.2.90. 21. Synchronize 'lua' patches and Makefile. 22. Host tools: upgrade quilt to 0.67. 23. Host tools: upgrade missing-macros to 11. 1.0.2.93SF: 1. Toolchain: Go is upgraded 1.17.7->1.18. 2. OpenVPN is upgraded 2.5.5->2.5.6 (fixing CVE-2022-0547, score 9.8, Critical). https://nvd.nist.gov/vuln/detail/CVE-2022-0547 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1m->1.1.1n (fixing CVE-2022-0778, score 7.5, High). https://nvd.nist.gov/vuln/detail/CVE-2022-0778 4. minidlna package is upgraded 1.3.0->1.3.1 (fixing CVE-2022-26505, score 7.4, High). https://nvd.nist.gov/vuln/detail/CVE-2022-26505 5. libxml2 package is upgraded 2.9.12->2.9.13 (fixing CVE-2022-23308, score 7.5, High). https://nvd.nist.gov/vuln/detail/CVE-2022-23308 6. libpcap package is upgraded 1.1.1->1.10.1 many CVE fixes (v1.1.1 is kept as well, it is used exclusevily by QCA QoS). https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libpcap 7. expat package is upgraded 2.4.4->2.4.8 Relax fix to CVE-2022-25236 (introduced with release 2.4.5). 8. dropbear package is upgraded 2020.81->2022.82. 9. zlib package is upgraded 1.2.11->1.2.12. 10. libgpg-error package is upgraded 1.42->1.43. 11. curl package is upgraded 7.81.0->7.82.0. 12. wget package is upgraded 1.21.2->1.21.3. 13. ethtool package is upgraded 5.16->5.17. 14. util-linux package is upgraded 2.37.4->2.38. 15. ubus package is upgraded 2021-08-90->2022-02-28. 16. dbus package is upgraded 1.13.20->1.13.22. 17. libflac package is upgraded 1.3.3->1.3.4. 18. libogg package is upgraded 1.3.4->1.3.5. 19. sysstat package is upgraded 12.4.3->12.4.5. 20. usbmode package is updated 2017-12-19->2022-02-24. 21. libjpeg package is upgraded 9d->9e. 22. Fix NG/DNI 'igmpproxy' modified codes (to provide compatibility with 'libpcap'). 23. Make an order in various Makefiles. 24. Host tools: upgrade mkimage/u-boot to 2022.01. 1.0.2.92SF: 1. Toolchain: binutils version is upgraded 2.37->2.38. 2. Toolchain: Go is upgraded 1.17.6->1.17.7. 3. Funjsq service is wiped out. 4. util-linux package is upgraded 2.37.2->2.37.4 (fixing CVE-2021-3995, CVE-2021-3996, CVE-2022-0563). 5. expat package is upgraded 2.4.3->2.4.4 (fixing CVE-2022-23852, CVE-2022-23990). 6. aws-iot: add possibility to disable Amazon Alexa (@NetBytes, @spocko): nvram set noaws=1 nvram commit reboot 7. iptables: add patch to disable exit if no library for match (@HELLO_wORLD). 8. dnscrypt-proxy-2: change startup priority to 98 (@microchip). 9. unbound package (used in stubby) is upgraded 1.14.0->1.15.0. 10. libusb package is upgraded 1.0.24->1.0.25. 11. ethtool package is upgraded 5.15->5.16. 12. iperf3 package is upgraded 3.10.1->3.11. 13. libnetfilter_conntrack package is upgraded 1.0.8->1.0.9. 14. nano package is upgraded 6.0->6.2. 15. '-O3' optimization for part of drivers (kernel level). 1.0.2.91.1SF: 1. expat package is upgraded 2.4.2->2.4.3 (fixing CVE-2021-45960, CVE-2021-46143, from CVE-2022-22822 to CVE-2022-22827). Base Scores: 7.5, 7.8/8.1, 9.8, 9.8, 9.8, 8.8, 8.8, 8.8. https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes 2. nano: add UTF-8 support. 1.0.2.91SF: 1. Toolchain: Go is upgraded 1.17.5->1.17.6. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1l->1.1.1m. 3. OpenVPN is upgraded 2.5.4->2.5.5. 4. fcgi: fix QoS Internet Download/Upload display issue. 5. unbound package (used in stubby) is upgraded 1.13.2->1.14.0. 6. getdns package (used in stubby) is upgraded 1.5.2->1.7.0. 7. Add 'check' package ('getdns' dependency). 8. stubby package is upgraded 0.3.0->0.4.0. 9. curl package is upgraded 7.80.0->7.81.0. 10. libnl-tiny package is upgraded 2020-08-05->2021-11-21. 11. libexif package is upgraded 0.6.22->0.6.24. 12. e2fsprogs package is upgraded 1.46.4->1.46.5. 13. haveged package is upgraded 1.9.15->1.9.17. 14. expat package is upgraded 2.4.1->2.4.2. 15. dbus package is upgraded 1.13.18->1.13.20. 16. nano package is upgraded 5.9->6.0. 17. hd-idle package is upgraded 1.04->1.05. 18. redis package: optimize for a size. 19. dnscrypt-proxy-2: add UPX packing. 20. Host tools: upgrade e2fsprogs to 1.46.5. 21. Host tools: upgrade scons to 3.1.2. 22. Host tools: upgrade mkimage/u-boot to 2021.10. 1.0.2.90SF: 1. Toolchain: Go is upgraded 1.17.2->1.17.5. 2. Toolchain: gdb is upgraded 10.1->11.1. 3. Typo in dnsmasq startup init file is fixed. 4. dnsmasq: startup init file is changed to allow disabling dnsmasq only in AP mode. 5. curl package is upgraded 7.79.1->7.80.0. 6. fcgi package is upgraded 2.4.0->2.4.2. 7. iproute2 package is upgraded 3.3.0->4.4.0. 8. xtables-addons package is upgraded 1.42->1.47.1. 9. libubox package is upgraded 2021-08-19->2021-11-20. 10. ethtool package is upgraded 5.14->5.15. 11. ncurses package is upgraded 6.2->6.3. 12. ca-certificates package is upgraded 20210119->20211016. 13. transmission-web-control package is upgraded 2020-09-26->2021-09-25. 14. Default congestion control algorithm is changed to 'highspeed'. 15. HTCP congestion control algorithm is added. 16. Making an order in mtd-utils package (patches, Makefile). 17. Host tools: various updates. 1.0.2.89SF: 1. Toolchain: Go is upgraded 1.17->1.17.2. 2. DNSCrypt Proxy v.2 is upgraded 2.1.0->2.1.1. 3. OpenVPN is upgraded 2.5.3->2.5.4. 4. wget package is upgraded 1.21.1->1.21.2. 5. proftpd package is upgraded 1.3.7b->1.3.7c. 6. bridge-utils package is upgraded 1.7->1.7.1. 7. curl package is upgraded 7.78.0->7.79.1. 8. gdbm package is upgraded 1.19->1.19.1. 9. libexif package is upgraded 0.6.22->0.6.23. 10. libgcrypt package is upgraded 1.9.3->1.9.4. 11. coreutils package (sort/gnu-date) is upgraded 8.32->9.0. 12. haveged package is upgraded 1.9.14->1.9.15. 13. ethtool package is upgraded 5.13->5.14. 14. nano package is upgraded 5.8->5.9. 15. jansson package is upgraded 2.13.1->2.14. 16. ffmpeg package is upgraded 4.3.2->4.3.3. 17. uci package is upgraded 2021-04-14->2021-10-22. 18. ubus package is upgraded 2021-06-30->2021-08-09. 19. Change WebGUI logo. 20. Fix build by GCC 10.x (Host Debian Buster->Host Debian Bullseye). 21. Kernel level optimization. 22. Host tools: upgrade bison to 3.8.2. 1.0.2.88SF: 1. Toolchain: Go is upgraded 1.16.6->1.17. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1k->1.1.1l (fixing CVE-2021-3711, CVE-2021-3712). Base Scores (SUSE): 9.8 and 5.3. 3. DNSCrypt Proxy v.2 is upgraded 2.0.45->2.1.0. See https://github.com/DNSCrypt/dnscrypt-proxy/releases re: what to change in your config 4. Fix typo in '/sbin/cmdupnp' (thanks to kamoj). 5. ipset package is upgraded 7.14->7.15. 6. procps-ng package is upgraded 3.3.16->3.3.17. 7. pcre package is upgraded 8.44->8.45. 8. util-linux package is upgraded 2.37.1->2.37.2. 9. unbound package (used in stubby) is upgraded 1.13.1->1.13.2. 10. e2fsprogs package is upgraded 1.46.3->1.46.4. 11. libubox package is upgraded 2021-05-16->2021-08-19. 12. OpenVPN client init script: fix bash style comparison '==' -> '='. 13. Host tools (e2fsprogs): is upgraded to 1.46.4. 1.0.2.87SF: 1. Toolchain: GCC is upgraded 11.1.0->11.2.0. 2. Toolchain: binutils version is upgraded 2.36.1->2.37. 3. Toolchain: Go is upgraded 1.16.5->1.16.6. 4. Fix cmdupnp issue (to avoid miniupnpd startup if UPnP is disabled). 5. ubus package is upgraded 2021-06-03->2021-06-30. 6. curl package is upgraded 7.77.0->7.78.0. 7. gettext package is upgraded 0.19.8.1->0.21. 8. ethtool package is upgraded 5.12->5.13. 9. ipset package is upgraded 7.11->7.14. 10. e2fsprogs package is upgraded 1.46.2->1.46.3. 11. util-linux package is upgraded 2.37->2.37.1. 12. Host tools (e2fsprogs): is upgraded to 1.46.3. 1.0.2.86SF: 1. Toolchain: Go is upgraded 1.16.4->1.16.5. 2. curl package is upgraded 7.76.1->7.77.0 (fixing CVE-2021-22897, CVE-2021-22898, CVE-2021-22901). 3. expat package is upgraded 2.2.10->2.4.1 (fixing CVE-2013-0340). 4. OpenVPN is upgraded 2.5.2->2.5.3. 5. proftpd package is upgraded 1.3.7a->1.3.7b. 6. util-linux package is upgraded 2.36.2->2.37. 7. libubox package is upgraded 2021-03-02->2021-05-16. 8. ubus package is upgraded 2021-02-15->2021-06-03. 9. libxml2 package is upgraded 2.9.10->2.9.12. 10. iperf3 package is upgraded 3.9->3.10.1. 11. nano package is upgraded 5.7->5.8. 1.0.2.85SF: 1. Toolchain: GCC is upgraded 10.3.0->11.1.0. 2. Toolchain: Go is upgraded 1.16.3->1.16.4. 3. OpenVPN is upgraded 2.5.1->2.5.2. 4. curl package is upgraded 7.76.0->7.76.1. 5. uci package is upgraded 2020-10-06->2021-04-14. 6. libgcrypt package is upgraded 1.8.7->1.9.3. 7. libgpg-error package is upgraded 1.39->1.42. 8. nano package is upgraded 5.6.1->5.7. 9. ethtool package is upgraded 5.10->5.12. 10. netatalk-utility: fix error message for '/etc/init.d/forked-daapd start|stop' if there is no such file. 11. amule, libcrypto++, wxWidgets: add support of compilation by GCC 11. 12. samba-scripts: add possibility to use custom user's config '/etc/config/samba/user.conf'. (Now it is possible to use custom user's config for samba. Just save your custom config as '/etc/config/samba/user.conf' and it will be used instead of generation of the new config) 1.0.2.84SF: 1. Toolchain: GCC is upgraded 10.2.0->10.3.0. 2. Toolchain: Go is upgraded 1.16.2->1.16.3. 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1j->1.1.1k (fixing CVE-2021-3449, CVE-2021-3450). 4. Add OpenSSL 1.1.1 conf file (/etc/ssl/openssl.cnf). 5. curl package is upgraded 7.75.0->7.76.0 (fixing CVE-2021-22876, CVE-2021-22890). 6. libxml2: add CVE-2019-20388, CVE-2020-24977, CVE-2020-7595 patches. 7. dbus package is upgraded 1.13.12->1.13.18 (fixing CVE-2020-12049, CVE-2020-35512). 8. unzip: add security patches. 9. haveged package is upgraded 1.9.13->1.9.14. 10. Upgrade zebra/ripngd to quagga-zebra/quagga-ripngd v. 1.2.4 (HELLO_wORLD). 11. ipset: Kernel modules optimization '-O3'. 12. Toolchain: add optimization patch to uClibc. 1.0.2.83SF: 1. Toolchain: Go is upgraded 1.15.8->1.16.2. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1i->1.1.1j (fixing CVE-2021-23840 and CVE-2021-23841). https://nvd.nist.gov/vuln/detail/CVE-2021-23840 https://nvd.nist.gov/vuln/detail/CVE-2021-23841 3. OpenVPN is upgraded 2.5.0->2.5.1. 4. ipset package is upgraded 7.10->7.11. 5. iptables: add iptables-mod-rpfilter plugin (HELLO_wORLD). 6. libubox package is upgraded 2020-12-12->2021-03-02. 7. e2fsprogs package is upgraded 1.45.6->1.46.2. 8. unbound package (used in stubby) is upgraded 1.13.0->1.13.1. 9. tar package is upgraded 1.32->1.34. 10. nano package is upgraded 5.5->5.6.1. 11. sysstat package is upgraded 12.4.2->12.4.3. 12. gdbm package is upgraded 1.18.1->1.19. 13. ffmpeg package is upgraded 4.3.1->4.3.2. 14. libjpeg package is upgraded 9c->9d. 15. Default congestion control algorithm is changed to 'yeah'. 16. Kernel config: Add IP_NF_MATCH_RPFILTER/IP6_NF_MATCH_RPFILTER (iptables-mod-rpfilter). 17. Kernel config: Disable SOUND support (not needed, saving space). 18. Selective optimization '-O3' of kernel components/modules (slight boost). 19. Host tools (e2fsprogs): is upgraded to 1.46.2. 1.0.2.82.2SF: 1. Toolchain: Go is upgraded 1.15.7->1.15.8. 2. Toolchain: binutils version is upgraded 2.36->2.36.1. 3. Fix NG/DNI bug in net-lan for ReadyCLOUD ('alish.sh'->'alias.sh') (thanks to kamoj). 4. util-linux package is upgraded 2.36.1->2.36.2. 5. ubus package is upgraded 2020-12-04->2021-02-15. 1.0.2.82.1SF: 1. Toolchain: Go is upgraded 1.15.6->1.15.7. 2. Toolchain: binutils version is upgraded 2.35.1->2.36. 3. wget package is upgraded 1.20.3->1.21.1. 4. ca-certificates package is upgraded 20200601->20210119. 5. curl package is upgraded 7.74.0->7.75.0. 6. net-wall script: special processing IPv6 option 'net-wall -6 start' or 'net-wall -6 restart' (thanks to HELLO_wORLD). 7. iprange 1.0.4 package is added (Aegis, HELLO_wORLD). 1.0.2.82SF: 1. DNSCrypt Proxy v.2 is upgraded 2.0.44->2.0.45. (see https://github.com/DNSCrypt/dnscrypt-proxy/releases for details and changes in config). 2. iptables package is upgraded 1.8.6->1.8.7. 3. ipset package is upgraded 7.9->7.10. 4. libnetfilter_conntrack package is upgraded 0.9.1->1.0.8. 5. tcpdump package is upgraded 3.9.8->4.9.3. 6. ethtool package is upgraded 5.9->5.10. 7. libusb package is upgraded 1.0.23->1.0.24. 8. sysstat package is upgraded 12.4.1->12.4.2. 9. nano package is upgraded 5.4->5.5. 10. libreadline package is upgraded 8.0->8.1. 1.0.2.81.1SF: 1. Fix AP mode issue (files: '/etc/init.d/opmode', '/etc/init.d/qca-nss-ecm', '/www/cgi-bin/firewall_function.sh', C codes of: 'qca-nss-ecm' package). 2. \libubox package is upgraded 2020-08-06->2020-12-12. 3. libgcrypt package: optimize for a size. 4. tar package: optimize for a size. 5. Add procps-ng package utilities ('ps', 'top'). (run '/usr/bin/top-procps-ng' or '/usr/bin/ps-procps-ng -aux' from console to check them). 1.0.2.81SF: 1. Toolchain: Go is upgraded 1.15.5->1.15.6. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1h->1.1.1i (fixing CVE-2020-1971). 3. curl package is upgraded 7.73.0->7.74.0 (fixing CVE-2020-8284, CVE-2020-8285, CVE-2020-8286). 4. OpenVPN is upgraded 2.4.9->2.5.0. 5. proftpd package is upgraded 1.3.6e->1.3.7a. 6. transmission package is upgraded 2.94->3.00. 7. unbound package (used in stubby) is upgraded 1.12.0->1.13.0. 8. nano package is upgraded 5.3->5.4. 9. ubus package is upgraded 2020-10-25->2020-12-04. 10. ffmpeg package is upgraded 3.4.8->4.3.1. 11. logrotate package is upgraded 3.16.0->3.17.0. 12. libcryptoxx final size is reduced to save a space (LTO optimization). 13. Change WebGUI info for OpenVPN 2.4.x->2.5.x. 14. OpenVPN server: add 'CHACHA20-POLY1305' cipher to 'ncp-ciphers' option and change the cipher of downloaded config for Windows clients to 'CHACHA20-POLY1305'. (Important: it is highly recommended to use 'CHACHA20-POLY1305' if your client is based on v. 2.5.x, much faster, change your non-Windows client config if possible). 1.0.2.80.7SF: 1. Toolchain: Go is upgraded 1.15.2->1.15.5. 2. Toolchain: gdb is upgraded to 10.1. 3. Toolchain: make an order in binutils patches. 4. Fix NG/DNI bug/issue: 'config commits' -> 'config commit' (check_fwupgrade script). 5. iptables package is upgraded 1.8.5->1.8.6. 6. ipset package is upgraded 7.6+ [2020-03-09]->7.9. 7. unbound package (used in stubby) is upgraded 1.11.0->1.12.0. 8. util-linux package is upgraded 2.36->2.36.1. 9. lz4 package is upgraded 1.9.2->1.9.3. 10. ethtool package is upgraded 5.8->5.9. 11. libgcrypt package is upgraded 1.8.6->1.8.7. 12. libgpg-error package is upgraded 1.37->1.39. 13. curl package is upgraded 7.72.0->7.73.0. 14. sysstat package is upgraded 12.4.0->12.4.1 (also change of 'date'->'gnu-date' to fix an issue). 15. minidlna package is upgraded 1.2.1-2019-12-09->1.3.0. 16. libexif package is upgraded 0.6.21->0.6.22. 17. Host tools: upgrade bison to 3.7.4. 18. Host tools: upgrade gmp to 6.2.1. 19. Host tools: upgrade mpc to 1.2.1. 1.0.2.80.5SF: 1. Fix busybox issue: 'date -r' command is fixed. 2. coreutils version of 'date' is available now as '/usr/bin/gnu-date'. 3. dropbear package is upgraded 2020.80->2020.81. 4. uci package is upgraded 2020-04-24->2020-10-06. 5. sysstat is changed to use 'gnu-date now' (sa2: 'gnu-date --date=yesterday'). 6. ubus init script is changed to create directory '/var/run/ubus' (/var/run/ubus.sock -> /var/run/ubus/ubus.sock). 7. TZ environment variable is set by /etc/profile. 1.0.2.80.4SF: 1. Toolchain: Go is upgraded 1.15.1->1.15.2. 2. Toolchain: binutils version is upgraded 2.35->2.35.1. 3. Add ARM acceleration to kernel crypto SHA1. 4. OpenSSL v. 1.1.1 package is upgraded 1.1.1g->1.1.1h. 5. jansson package is upgraded 2.12->2.13.1. 6. libjson-c package is upgraded 0.14->0.15. 7. expat package is upgraded 2.2.9->2.2.10. 8. nano package is upgraded 5.2->5.3. 9. transmission-web-control package is upgraded 2019-07-24->1.6.1+ (2020-09-26). 10. Change SAMBA config generation (for Android/iOS gadgets, issue reported by Rustypouch). 11. Make an order in samba36 Makefile. 12. Fix proftpd issue: change cmdftp (thanks to R. Gerrits). 13. Fix proftpd issue: display size of large file (thanks to R. Gerrits). 1.0.2.80SF: 1. Toolchain: Go is upgraded 1.14.6->1.15.1. 2. Toolchain: binutils version is upgraded 2.34->2.35. 3. OpenSSL v. 1.0.2 package: change default config directory. 4. net-lan init script bug is fixed (thanks to kamoj). 5. qcawifi.sh: Fix for guest Wi-Fi allowing DNS over TCP (thanks to R. Gerrits). 6. uhttpd: Fix of TLS 1.0/1.1 issue. 7. renice utility is added (needed for kamoj add-on). 8. util-linux package is upgraded 2.35.2->2.36. 9. unbound package (used in stubby) is upgraded 1.10.1->1.11.0. 10. libubox package is upgraded 2020-07-11->2020-08-06. 11. nano package is upgraded 4.9.3->5.2. 12. curl package is upgraded 7.71.1->7.72.0 (fixing CVE-2020-8231). 13. SAMBA: Update SAMBA config generation. 14. sysstat package is upgraded 12.2.2->12.4.0. 15. sqlite package is upgraded 3320100->3330000. 16. ethtool package is upgraded 5.4->5.8. 17. iperf3 package is upgraded 3.8.1->3.9. 18. ez-ipupdate package build (internal developmet issue) is fixed. 19. radvd package build (internal developmet issue) is fixed. 20. phddns package build (internal developmet issue) is fixed. 21. Host tools: upgrade bison to 3.7.1. 22. Host tools: upgrade mpfr to 4.1.0. 23. Host tools: upgrade mpc to 1.2.0. 1.0.2.79SF: 1. Toolchain: GCC is upgraded 9.3.0->10.2.0. 2. Toolchain: Go is upgraded 1.14.4->1.14.6. 3. dropbear package is upgraded 2020.79->2020.80. 4. libjson-c package is upgraded 0.13.1->0.14 (including fix of CVE-2020-12762). 5. curl package is upgraded 7.71.0->7.71.1. 6. proftpd package is upgraded 1.3.6d->1.3.6e. 7. iperf3 package is upgraded 3.7->3.8.1. 8. stubby package is upgraded 0.2.6->0.3.0. 9. yaml package (used in stubby) is upgraded 0.2.4->0.2.5. 10. haveged package is upgraded 1.9.12->1.9.13. 11. libubox package is upgraded 2020-05-25->2020-07-11. 12. logrotate package is upgrader 3.15.0->3.16.0. 13. libgcrypt package is upgraded 1.8.5->1.8.6. 14. ffmpeg package is upgraded 3.4.7->3.4.8. 15. libvorbis package is upgraded 1.3.6->1.3.7. 16. bridge-utils package is upgraded 1.6->1.7. 17. px5g package: Makefile is changed to provide compilation by GCC 10.2.0 1.0.2.78SF: 1. dropbear package is upgraded 2019.78->2020.79 (scp fix for CVE-2018-20685: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685 support of ed25519 hostkeys and authorized_keys, adding chacha20-poly1305 authenticated cipher etc). 2. iptables package is upgraded 1.8.4->1.8.5. 3. ca-certificates package is upgraded 20190110->20200601. 4. DNSCrypt Proxy v.2 is upgraded 2.0.42->2.0.44. 5. curl package is upgraded 7.70.0->7.71.0. 6. haveged package is upgraded 1.9.8->1.9.12. 7. proftpd package is upgraded 1.3.6c->1.3.6d. 8. pcre package is upgraded 7.6->8.44. 9. sqlite package is upgraded 3320000->3320100. 10. sysstat package is upgraded 12.1.1->12.2.2. 11. transmission package: optimize for a size. 12. db4 package: optimize for a size. 13. Toolchain: Go is upgraded 1.14.3->1.14.4. 1.0.2.77SF: 1. net-wall script is fixed for ppp0 connection and modifyed to provide more safety (OpenVPN/WireGuard client, thanks to R. Gerrits). 2. OpenVPN: vpn-firewall.sh script is fixed (thanks to R. Gerrits). 3. DNSCrypt Proxy v.2 init script is fixed (time synchronization, thanks to kamoj). 4. ipset package is upgraded 6.24->7.6+ [2020-03-09] (thanks to HELLO_wORLD for testing). 5. iptables package is upgraded 1.4.10->1.8.4 (thanks to HELLO_wORLD for testing). 6. curl package is upgraded 7.69.1->7.70.0. 7. dbus package is upgraded 1.12.12->1.13.12. 8. libubox package is upgraded 2020-02-27->2020-05-25. 9. ubus package is upgraded 2020-01-05->2020-02-05. 10. uci package is upgraded 2020-01-27->2020-04-24. 11. unbound package (used in stubby) is upgraded 1.9.6->1.10.1. 12. yaml package (used in stubby) is upgraded 0.2.2->0.2.4. 13. util-linux package is upgraded 2.35.1->2.35.2. 14. libreadline package is upgraded 6.3->8.0. 15. sqlite package is upgraded 3310100->3320000. 16. nano package is upgraded 4.9.2->4.9.3. 17. Toolchain: Go is upgraded 1.14.1->1.14.3. 1.0.2.76.1SF: 1. OpenSSL v. 1.1.1 package is upgraded 1.1.1f->1.1.1g (CVE-2020-1967). https://nvd.nist.gov/vuln/detail/CVE-2020-1967 1.0.2.76SF: 1. OpenVPN is upgraded 2.4.8->2.4.9 (CVE--2020-11810). https://openvpn.net/community-downloads/ 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1e->1.1.1f. 3. DNSCrypt Proxy v.2 is upgraded 2.0.41->2.0.42. 4. nano package is upgraded 4.9->4.9.2. 5. libxml2 package is upgraded 2.9.9->2.9.10. 6. ethtool package is upgaded 4.19->5.4. 7. coreutils package (sort) is upgraded 8.31->8.32. 8. Host tools (e2fsprogs): is upgraded to 1.45.6. 9. Host tools (xz): is upgraded to 5.2.5. 10. Host tools (mm-macros): is upgraded to 1.0.0. 1.0.2.75.2SF: 1. NG/DNI bug in radvd is fixed (reported by microchip) 1.0.2.75.1SF: 1. Toolchain: GCC is upgraded 4.8.5->9.3.0. 2. Toolchain: binutils version is upgraded 2.32->2.34. 3. Toolchain: Go is upgraded 1.13.8->1.14.1. 4. nano package is added (editor). 5. redis package: build scheme is changed. 6. NG/DNI bug in UPG_upgrade.htm is fixed (by Kamoj). 7. NG/DNI bug in dnibusybox "date" command is fixed (reported by Kamoj, fixed by Voxel). 8. transmission package is changed to use OpenSSL v. 1.0.2 (attept to fix https issue). 9. hotplug2: changes for upcoming WireGuard-Go add-on (config from USB flash, dos2unix). 10. libgcrypt sqlite3 wget packages: optimize for a size. 11. OpenSSL v. 1.1.1 package is upgraded 1.1.1d->1.1.1e. 12. DNSCrypt Proxy v.2 is upgraded 2.0.39->2.0.41. 13. bc package is upgraded 1.06->1.06.95. 14. libreadline package is upgraded 5.2->6.3. 15. libdevmapper package is upgraded 2.02.91->2.02.119. 16. e2fsprogs package is upgraded 1.45.5->1.45.6. 17. usbmode data is updated to v. 20191128. 18. Changes in the Linux kernel and in many packages to provide compilation by GCC 9.3.0. 1.0.2.74.4SF: 1. PPP vulnerability CVE-2020-8597 is fixed (score of 9.8/10). https://nvd.nist.gov/vuln/detail/CVE-2020-8597 2. fdisk utility is added. 3. resize2fs utility is addded. 4. proftpd package is upgraded 1.3.6->1.3.6c. 5. curl package is upgraded 7.68.0->7.69.1. 6. libubox package is upgraded 2020-01-20->2020-02-27. 7. minidlna package is upgraded 1.2.1-2018-04-10->1.2.1-2019-12-09. 8. libusb package is upgraded 1.0.22->1.0.23. 9. libusb-compat package is upgraded 0.1.5->0.1.7. 10. avahi package is upgraded 0.7->0.8. 11. ncurses package is upgraded 6.1->6.2. 12. util-linux package: optimize for a size. 13. libiconv: make an order in patches. 1.0.2.74.3SF: 1. Firewall: Quick fix. Changes in firewall for OpenVPN servers in 1.0.2.74.2SF are (temporary) disabled. 2. Firewall: Add support of upcoming WireGuard-Go add-on. 1.0.2.74.2SF: 1. Changes in firewall to allow accessing LAN devices when using OpenVPN TUN server. 2. HiLink LTE modem support changes: optimization. 3. tune2fs utility is added to allow tuning ext2/3/4 FS features (-O ^metadata_csum,^64bit). 4. hotplug2 package: add support of upcoming WireGuard-Go add-on (config from USB flash). 5. DNSCrypt Proxy v.2 build scheme is changed (compilation by Go, dynamic GCC libs). Should work faster. 6. DNSCrypt Proxy v.2 is upgraded 2.0.36->2.0.39. 7. libubox package is upgraded 2019-12-28->2020-01-20. 8. util-linux package is upgraded 2.34->2.35.1. 9. sqlite package is upgraded 3300100->3310100. 10. uci package is upgraded 2019-12-12->2020-01-27. 11. sysstat package is upgraded 12.0.5->12.2.1. 12. libgpg-error package is upgraded 1.36->1.37. 13. coreutils package (sort) is upgraded 8.30->8.31. 14. libxml2 package: optimization for a size. 15. Host tools (gmp): is upgraded to 6.2.0. 16. Host tools (sed): is upgraded to 4.8. 17. Host tools (bison): is upgraded to 3.5.1. 18. Host tools (quilt): is upgraded to 0.66. 19. Toolchain: Go (used for DNSCrypt Proxy v. 2) is upgraded to 1.13.8. 1.0.2.74.1SF: 1. Partial selective integration of changes from the stock v. 1.0.2.68 to support FCC channels 136, 140, and 144. 2. Default ReadyCLOUD version is upgraded 20180619->20191014. 3. ubus package is upgraded 2019-12-27->2020-01-05. 4. e2fsprogs package is upgraded 1.44.5->1.45.5. 5. curl package is upgraded 7.67.0->7.68.0. 6. Host tools (e2fspogs): is upgraded to 1.45.5. 1.0.2.74SF: 1. OpenSSL v. 1.0.2 package is upgraded 1.0.2t->1.0.2u. 2. uci package is upgraded 2019-11-14->2019-12-12. 3. libubox package is upgraded 2019-11-24->2019-12-28. 4. ubus package is upgraded 2018-10-06->2019-12-27. 5. DNSCrypt Proxy v.2 is upgraded 2.0.35->2.0.36. 6. logrotate package is upgrader 3.8.1->3.15.0. 7. ffmpeg package is upgraded 3.4.6->3.4.7. 8. Happy New Year! 1.0.2.73SF: 1. OpenVPN is upgraded 2.4.7->2.4.8. 2. curl package is upgraded 7.66.0->7.67.0. 3. DNSCrypt Proxy v.2 is upgraded 2.0.28->2.0.35. 4. stubby config is changed (not so strict requirements to the server). 5. unbound package (used in stubby) is upgraded 1.9.4->1.9.6. 6. e2fsprogs: CVE-2019-5094 patch is added. 7. libubox package is upgraded 2019-10-21->2019-11-24. 8. uci package is upgraded 2019-09-01->2019-11-14. 9. iperf3 package is added. 10. net-wall script is fixed to support IPv6. 11. HiLink LTE modem support: moved to package hilink-modem (optimization). 12. Host tools (e2fspogs): is upgraded to 1.45.4. 13. Host tools (quilt): is upgraded to 0.66. 1.0.2.72SF: 1. minidlna package is upgraded 1.2.1->1.2.1-2018-04-10. 2. (minidlna) ffmpeg package configuration is changed (to provide more stable support of the FLAC files). 3. (minidlna) ffmpeg compilation flag conflict is fixed (now it is pure Cortex-A15 target). 4. (minidlna) libogg package is upgraded 1.3.3->1.3.4. 5. (minidlna) sqlite package is upgraded 3290000->3300100. 6. expat package is upgraded 2.2.7->2.2.9 (CVE-2019-15903). 7. unbound package (used in stubby) is upgraded 1.9.3->1.9.4 (CVE-2019-16866). 8. DNSCrypt Proxy v.2 is upgraded 2.0.27->2.0.28. 9. dnsmasq package is upgraded 2.78->2.80. 10. curl package is upgraded 7.65.3->7.66.0. 11. haveged package is upgraded 1.9.6->1.9.8. 12. libubox package is upgraded 2019-06-16->2019-10-21. 13. transmission-web-control package is upgraded 2019-04-16->2019-07-24. 14. dropbear package is changed: to allow ssh forwarding. 15. e2fsprogs package: optimization for a size. 16. patch package is added (kamoj add-on, replacement of a busybox analog). 17. coreutils sort package is added (kamoj add-on, replacement of a busybox analog). 18. etherwake package is added (kamoj add-on). 19. busybox: sort and patch are disabled. 20. OpenSSL 1.0.2/1.1.1: make an order with patches. 21. Host tools (mtd-utils): Add: glibc >= 2.28 compatibility patch. 22. Host tools (m4): Add: glibc >= 2.28 compatibility patch. 23. Host tools (squashfs4): Add: glibc >= 2.28 compatibility patch. 24. Toolchain: gdb is upgraded. 25. Development platform is changed (Debian9->Debian10: glib 2.24->2.28; gcc 6.3.0->8.3.0; etc). 26. Support of new certificates for https. 1.0.2.70SF: 1. proftpd package is upgraded from specific version with NG changes to 1.3.6 + CVE-2019-12815 security patch. (Plus some changes in its behavior. Issue alarmed by kamoj) 2. DNSCrypt Proxy v.2 is upgraded 2.0.25->2.0.27 (Firefox workaround). 3. OpenSSL v. 1.0.2 package is upgraded 1.0.2s->1.0.2t. (see https://www.openssl.org/news/openssl-1.0.2-notes.html for details) 4. OpenSSL v. 1.0.2 package: patch to strip cflags from resulting binary is added. 5. OpenSSL v. 1.1.1 package is upgraded 1.1.1c->1.1.1d. (see https://www.openssl.org/news/openssl-1.1.1-notes.html for details) 6. haveged package is upgraded 1.9.4->1.9.6. 7. uci package is upgraded 2019-05-17->2019-09-01. 8. unbound package (used in stubby) is upgraded 1.9.2->1.9.3. 9. libgcrypt package is upgraded 1.8.4->1.8.5. 10. libcharset package is removed (not needed, saving space). 11. Duplication of old/new versions of libyaml package is fixed. 1.0.2.69SF: 1. libreadline: fixing read-only attribute for target libraries to provide strip of binary (saving space). 2. amule, libcrypto++, wxWidgets: optimization of size (saving space). 3. libunistring is removed (not needed, saving space). 4. libogg is removed (not needed, saving space). 5. Transmission: change of GUI. transmission-web-control package is added and standard transmission-web package is removed. 6. OpenSSL package: unification of Makefile (identical with R9000 version). 7. lz4 package is upgraded 1.9.1->1.9.2 8. lz4 package: unification of Makefile (identical with R9000 version). 9. lzo package: unification of Makefile (identical with R9000 version). 10. OpenVPN package: unification of Makefile (identical with R9000 version). 11. dropbear package: unification of Makefile (identical with R9000 version). 12. libflac package is upgraded 1.3.2->1.3.3. 13. libflac package optimization (sync with OpenWRT version). 14. curl package is upgraded 7.65.1->7.65.3. 15. expat package is upgraded 2.2.6->2.2.7. 16. sqlite package is upgraded 3270200->3290000. 17. Host tools: two components are upgraded (e2fsprogs, scons). 1.0.2.68SF: 1. Kernel vulnerability: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 are fixed. https://nvd.nist.gov/vuln/detail/CVE-2019-11477 https://nvd.nist.gov/vuln/detail/CVE-2019-11478 https://nvd.nist.gov/vuln/detail/CVE-2019-11479 2. unbound package (used in stubby) is upgraded 1.9.1->1.9.2. 3. yaml package (used in stubby) is upgraded 0.2.1->0.2.2. 4. libjson-c package is upgraded 0.12.1->0.13.1. 5. liblz4 package is upgraded 1.8.3->1.9.1. 6. util-linux package is upgraded 2.33.1->2.34. 7. sysstat package is upgraded 11.6.4->12.0.5. 8. gdbm package is upgraded 1.11->1.18.1. 9. uClibc: sync with GNU C library patch is added. 10. zlib package is optimized. 11. ReadyCLOUD install script is changed (cosmetic changes). 12. Host tools: three components are upgraded (bison, mpfr, scons). 1.0.2.67.1SF: 1. curl package: revert to OpenSSL 1.0.2 (to provide compatibility with ReadyCLOUD). 2. opkg package: revert to OpenSSL 1.0.2 (because of using libcurl p.1). 3. curl package is upgraded 7.65.0->7.65.1. 4. libubox package is upgraded 2019-02-27->2019-06-16. 5. DNSCrypt Proxy v.2 is upgraded 2.0.23->2.0.25. 6. ReadyCLOUD startup script is simplified to avoid potential problems from NG updates. 1.0.2.67SF: 1. OpenSSL v. 1.1.1c package is added. 2. OpenSSL v. 1.0.2 package is upgraded 1.0.2r->1.0.2s. 3. OpenVPN package is changed to use OpenSSL v. 1.1.1. 4. OpenVPN server(s) is(are) slightly optimized. 5. OpenVPN client now could be used simultaneously with OpenVPN server(s) (no necessity to disable server(s) from GUI). 6. unbound package (used in stubby) is changed to use OpenSSL v. 1.1.1. 7. getdns package (used in stubby) is changed to use OpenSSL v. 1.1.1. 8. Because of "6." and "7.": stubby is set to support TLSv1.3 with cloudflare (DoT). 9. wget package is changed to use OpenSSL v. 1.1.1. 10. transmission package is changed to use OpenSSL v. 1.1.1. 11. curl package is upgraded 7.64.1->7.65.0. 12. curl package is changed to use OpenSSL v. 1.1.1. 13. opkg package is changed to use OpenSSL v. 1.1.1. 14. uci package is upgraded 2018-08-11->2019-05-17. 15. openssh-client add-on is changed to use OpenSSL v. 1.1.1. 1.0.2.66SF: 1. wget package is upgraded 1.20.1->1.20.3. 2. sqlite package is upgraded 3260000->3270200. 3. getdns package (used in stubby) is upgraded 1.5.0->1.5.2. 4. stubby package is upgraded 0.2.4->0.2.6. 5. DNSCrypt Proxy v.2 is upgraded 2.0.22->2.0.23. 6. usb-modeswitch package is upgraded 2014-08-26->2017-12-19. 7. usb-modeswitch-data is upgraded 20150115->20170806. 8. proftpd: typo bug is fixed. 9. OpenVPN client: lacking "default turbo mode" issue is fixed (reported by kamoj). 10. congestion control algorithm is changed to westwood+. 11. rmem_max/wmem_max/defaults values are decreased to avoid bufferbloat issues (note: use QoS and limit your max speed for good results in dslreports). 12. DNSCryps Proxy V1 and its dependence libsodium are removed. 13. CDC/RNDIS USB LTE modem (HiLink) support scheme is significantly changed. 14. OpenSSH client is available for downloading as an addon (useful for Reverse SSH Tunneling, much faster than dropbear). installation: "/bin/opkg install openssh-client_8.0p1-1_ipq806x.ipk" 1.0.2.65SF: 1. dropbear package is upgraded 2018.76->2019.78. 2. OpenSSL package is upgraded 1.0.2q->1.0.2r. 3. DNSCrypt Proxy v.2 is upgraded 2.0.19->2.0.22. 4. unbound package (used in stubby) is upgraded 1.9.0->1.9.1. 5. curl package is upgraded 7.64.0->7.64.1. 6. util-linux package is upgraded 2.33->2.33.1. 7. ca-certificates package is upgraded 20180409->20190110. 8. libubox package is upgraded 2018-11-16->2019-02-27. 9. tar package is upgraded 1.31->1.32. 10. libgpg-error package is upgraded 1.34->1.36. 11. ffmpeg package is upgraded 3.4.5->3.4.6. 12. proftpd: read access issue for admin user is fixed (NG bug). 13. Toolchain: binutils version is upgraded to 2.32. 1.0.2.64SF: 1. Attempt to fix the issue with ReadyCLOUD in AP mode. 2. Default ReadyCLOUD version is upgraded 20170914->20180619. 3. Fixing the issue with OpenVPN server (WebGUI). 4. OpenVPN is upgraded 2.4.6->2.4.7. list of changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 5. tar package is upgraded 1.30->1.31. 6. curl package is upgraded 7.63.0->7.64.0. 7. unbound package (used in stubby) is upgraded 1.8.3->1.9.0. 8. getdns package (used un stubby) is upgraded 1.4.2->1.5.0. 9. stubby package is upgraded 0.2.3->0.2.4. 10. libsodium package (used in dnscrypt-proxy v.1) is upgraded 1.0.16->1.0.17. 11. libvorbis package is upgraded 1.3.5->1.3.6. 12. ffmpeg package is upgraded 3.2.12->3.4.5. 13. busybox package: patch command is added. 14. busybox package: dos2unix/unix2dos commands are added. 15. Host tools: two components are upgraded (bison, sed). 1.0.2.63SF: 1. Integration of changes from the stock v. 1.0.2.62 including: - a login password enhancement in the router web interface to support a more secure password (no saving passwords in NVRAM in plain text form). - fixing the issue where the speed test in the QoS page always displays a zero number. - 22 QoS packages are changed to provide synchronization with a latest version (so even if your QoS page displays "Release Date: October 23, 2017": de facto there are a lot of changes in the QoS internals). 2. dropbear: security issue CVE-2018-15599 is fixed: https://nvd.nist.gov/vuln/detail/CVE-2018-15599 3. curl package is upgraded 7.62.0->7.63.0. 4. dbus package is upgraded 1.12.10->1.12.12. 5. e2fsprogs package is upgraded 1.44.4->1.44.5. 6. jansson package is upgraded 2.11->2.12. 7. libgpg-error package is upgraded 1.32->1.34. 8. libxml2 package is upgraded 2.9.8->2.9.9. 9. sqlite package is upgraded 3250300->3260000. 10. wget package is upgraded 1.20->1.20.1. 11. dnsmasq: synchronization of codes with stock 1.0.2.62 (R9000 codes were used in my previous version). 12. OpenSSL: old libraries 0.9.8 are added to fix NG bug (/bin/fbwifi). 13. NG Downloader: ftp/http downloading issue is fixed. 14. NG bugs corrections fixed in my previous versions are included. 15. NG version of OpenVPN client is removed (conflicting with my version of OpenVPN client). 16. Funjsq service is removed (guys from China really sorry, please use the stock version if you need exactly this version of OpenVPN client, my knowledge of Chinese is close to zero to understand this service description/feature from this: https://www.funjsq.com/). 17. Toolchain: gdb is upgraded to 8.2.1. 18. Host tools: two components are upgraded. 1.0.2.62SF: 1. OpenSSL package is upgraded 1.0.2p->1.0.2q. 2. DNSCrypt Proxy v.2 (2.0.19) is included into firmware: to enable DNSCrypt Proxy v.2 run the commands from telnet/ssh console: nvram set dnscrypt2=1 nvram commit and reboot your router; to disable DNSCrypt Proxy v.2 run the commands from telnet/ssh console: nvram set dnscrypt2=0 nvram commit and reboot your router. 3. ipset package and its dependences are added into firmware. 4. unbound package (used in stubby) is upgraded 1.8.1->1.8.3. 5. wget package is upgraded 1.19.5->1.20. 6. util-linux package is upgraded 2.32.1->2.33. 7. haveged package is upgraded 1.9.2->1.9.4. 8. ethtool package is upgaded 4.18->4.19. 9. libjpeg package is upgraded 9a->9c. 10. curl package is upgraded 7.61.1->7.62.0. 11. libgcrypt package is upgraded 1.8.3->1.8.4. 12. libubox package is upgraded 2018-07-25->2018-11-16. 13. sqlite package is upgraded 3240000->3250300. 14. jq package is upgraded 1.5->1.6. 1.0.2.61SF: 1. stubby package is added to provide DNS-over-TLS support: to enable stubby run the commands from telnet/ssh console: nvram set stubby=1 nvram commit and reboot your router; to disable stubby run the commands from telnet/ssh console: nvram set stubby=0 nvram commit and reboot your router. 2. getdns, unbound, yaml, ca-certificates packages are added (stubby dependences). 3. sqlite3 package is upgraded 3230100->3240000. 4. liblz4 package is upgraded 1.8.2->1.8.3. 5. sysstat package is upgraded 11.0.4->11.6.4. 6. ubus package is upgraded 2018-07-26->2018-10-06-221ce7e7. 7. libevent2-pthreads packages is removed (not used). 8. Toolchain: binutils version is upgraded to 2.31.1. 9. Host tools: two components are upgraded. 1.0.2.60SF: 1. Partial rollback: integrated binaries and kernel objects from the stock 1.0.2.58 are reverted back to 1.0.2.52 (except net-cgi, trafficmeter, ookla, greendownload) to avoid probelms with Wi-Fi stability. 2. expat package is upgraded 2.2.5->2.2.6. 3. at package is upgraded 3.1.20->3.1.23. 4. curl package is upgraded 7.61.0->7.61.1. 5. ethtool package is upgaded 4.17->4.18. 1.0.2.59SF: 1. Integration of changes from the stock v. 1.0.2.58. 2. OpenSSL is upgraded 1.0.2o->1.0.2p (CVE-2018-0732, CVE-2018-0737). 3. dnsmasq: dnsmasq.conf options optimized. 4. ntpclient: init script is changed (automatization of setting date for OpenVPN client). 5. dbus package is upgraded 1.12.8->1.12.10. 6. ubus package is upgraded 2018-01-16->2018-07-26. 7. libubox package is upgraded 2018-06-07->2018-07-25. 8. uci package is upgraded 2018-03-24->2018-08-11. 9. e2fsprogs package is upgraded 1.43.9->1.44.4. 10. util-linux package is upgraded 2.32->2.32.1. 11. ffmpeg package is upgraded 3.2.10->3.2.12. 12. libgpg-error package is upgraded 1.27->1.32 13. Firewall: user can keep own iptables seetings in /opt/scripts/firewall-start.sh 14. /sbin/cloud Changes of PATH. 15. Temporary fix for NG's bug (Attached Device List) is removerd (is working now). 16. /etc/profile default profile is changed (no PATH for /opt/bin:/opr/sbin). Entware users should set the PATH for Entware in /root/.profile file. 1.0.2.55SF: (internal release) 1.0.2.54SF: 1. dnsmasq: dnsmasq.conf options are changed (compliance with v. 2.78, use of /etc/hosts). 2. OpenVPN client optimization (thanks to kamoj). 3. miniupnpd is corrected to avoid its startup if disabled. 4. ethtool package is upgaded 4.16->4.17. 5. dbus package is upgraded 1.10.4->1.12.8. 6. curl package is upgraded 7.60.0->7.61.0. 7. avahi version is upgraded 0.6.32->0.7. 8. libubox package is upgraded 2018-04-12->2018-06-07. 9. jansson package is upgraded 2.10->2.11. 10. libgcrypt package is upgraded 1.6.6->1.8.3. 11. libogg packages is upgraded 1.3.2->1.3.3. 1.0.2.53SF-KF: 1. Kamoj Fix for Attached Device Names. 1.0.2.53SF: 1. Integration of changes from the stock v. 1.0.2.52. 2. Several NG bugs are fixed. 3. NG version of OpenVPN client is removed (use my version if necessary). 4. Changes from kamoj for OpenVPN client are included (speed improvements/stability, thanks to kamoj). 5. ntpclient init script is changed (setting date for OpenVPN client). 6. OpenVPN is upgraded 2.4.5->2.4.6. 7. liblz4 package is upgraded 1.8.1.2->1.8.2 (general speed improvements, see https://github.com/lz4/lz4/releases). 8. New samba CVE patches. 9. dnsmasq package is upgraded 2.39->2.78 (with NG specific changes). 10. at package is upgraded 3.1.13->3.1.20. 11. libubox package is upgraded 2018-03-21->2018-04-12. 12. sqlite package is upgraded 3210000->3230100. 13. wget package is upgraded 1.19.2->1.19.5. 14. curl package is upgraded 7.59.0->7.60.0. 15. ethtool package is upgraded 4.15->4.16. 16. haveged package is upgraded 1.9.1->1.9.2. 17. libusb package is upgraded 1.0.21->1.0.22. 18. transmission package is upgraded 2.93->2.94. 19. Host tools: several components are upgraded. 1.0.2.50SF: 1. OpenVPN client additional speed up (thanks to kamoj for his help). 2. WebGUI: syncronization of lang version with stock 1.0.2.46. 3. OpenSSL is upgraded 1.0.2n->1.0.2o. 4. curl package is upgraded 7.58.0->7.59.0. 5. ffmpeg package is upgraded 3.2.9->3.2.10. 6. libubox package is upgraded 2018-02-08->2018-03-21. 7. uci package is upgraded 2018-01-01->2018-03-24. 8. ncurses package is upgraded 6.0->6.1. 9. util-linux package is upgraded 2.31.1-2.32. 10. Toolchain: binutils version is upgraded to 2.30 1.0.2.49SF: 1. OpenVPN client optimization (boost speed, waiting for DNS, thanks to kamoj for his hints). 2. NTP client init script is changed to provide time/date setting if needed for OpenVPN client. 3. OpenSSL configuration is changed to provide more compatibility with ReadyCLOUD. 4. OpenVPN is upgraded 2.4.4->2.4.5. 5. dropbear package is upgraded 2017.75->2018.76. 6. util-linux package is upgraded 2.30.2->2.31.1. 7. transmission package is upgraded 2.92+git->2.93. 8. libxml2 package is upgraded 2.9.7->2.9.8. 9. Host tools: three components are upgraded. 1.0.2.47SF: 1. Latest QoS DB is included into firmware (23 Oct 2017). 2. Disk mount scheme is changed to correct problems with folder browser in NETGEAR Downloader (reported by cordezz). 3. e2fsprogs package is upgraded 1.43.8->1.43.9. 4. ethtool package is upgaded 4.13->4.15. 5. libubox package is upgraded 2018-01-07->2018-02-08. 6. netatalk package is upgraded 2.2.1->2.2.6 7. Some "clip-art" changes in WebGUI. 1.0.2.46SF: 1. Integration of changes from the latest stock v. 1.0.2.44. 2. Correction of several bugs introduced with the stock v. 1.0.2.44. 3. OpenVPN client changes: it is forced to use core 0 (affinity). 4. OpenVPN client changes: net-wall script is corrected to process "restart" argument (thanks to kamoj). 5. ubus package is upgraded 2017-11-13->2018-01-16. 6. curl package is upgraded 7.57.0->7.58.0. 7. liblz4 package is upgraded 1.8.0->1.8.1.2. 1.0.2.45SF: 1. Integration of changes from the latest stock v. 1.0.2.40: Security fixes: PSV-2016-0131 https://kb.netgear.com/000053137/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2016-0131 1.0.2.40 Release Notes: https://kb.netgear.com/000053068/R7800-Firmware-Version-1-0-2-40 2. Correction of NG bug in cron setting for logrotate and QoS monitoring (found by kamoj). 3. tar pckage is upgraded 1.29->1.30. 4. uci package is upgraded 2017-09-29->2018-01-01. 5. libubox package is upgraded 2017-10-06->2018-01-07. 6. e2fsprogs package is upgraded 1.43.7->1.43.8. 7. dnscrypt-resolvers.csv is updated. 1.0.2.44SF: 1. irqbalance package is removed. 2. Added manual spreading some interrupts between cores. 3. QoS DB included into firmware is downgraded to the version used in the stock firmware. You may update it from WebGUI. 4. Changes in OpenVPN cient startup script. 5. Changes in NTP client startup script. 6. avahi package is changed to use dbus. 7. libsodium package is upgraded 1.0.15->1.0.16. 8. CVE-2017-15275 patch is added to samba. 9. net-wall script is corrected to add possibility using own /root/firewall-start.sh script. 1.0.2.43SF: 1. Integration of changes from the latest stock v. 1.0.2.38. 2. Correction of new bugs in the stock 1.0.2.38. * Bug in WebGUI: BASIC->ReadySHARE->ReadyCLOUD (404 page not found). * Bug in WebGUI: ADVANCED->ReadySHARE->Media Server (iTunes server control exists, but package itself is removed). * avahi service: lack of adisk.service template. * etc. (several repeated in each release of stock firmware) 3. forked-daapd package (iTunes Server) is removed, the same removal as in the stock 1.0.2.38. 4. libconfuse, libmxml, libantlr3c, libplist, libasound are removed (were used solely by forked-daapd, not needed now). 5. haveged package is added to feed the kernel entropy pool. 6. QoS: redis server/client package is upgraded 2.6.13->2.6.17 (i.e. to latest stable 2.6.x), its memory management scheme is changed. 7. OpenSSL is upgraded 1.0.2m->1.0.2n. Major changes (OpenSSL changelog): Read/write after SSL object in error state (CVE-2017-3737) rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) 8. ubus package is upgraded 2017-11-06->2017-11-13. 9. ffmpeg package is upgraded 0.11.2->3.2.9. 10. curl package is upgraded 7.56.1->7.57.0. 11. default congestion control is changed back to yeah, rmem_max/wmem_max values are increased. 12. dnscrypt-resolvers.csv is updated. 13. Several additional packages are optimized to minimize resulting size. 1.0.2.42SF: (Internal release) 1.0.2.41SF: 1. redis package (client/server) revert back 4.0.2->2.6.13 (used in QoS). 1.0.2.40SF: 1. OpenSSL is upgraded 1.0.2l->1.0.2m. Fixes (OpenSSL changelog): * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736). * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735). 2. Changes in OpenVPN client: * "--cd $OPENVPN_CONF_DIR" option is added to startup script. 3. ReadyCLOUD is upgraded 20161026->20170914, startup/upgrade script is optimized. 4. redis package (client/server) is upgraded 2.6.13->4.0.2 (used in QoS). 5. libubox package is upgraded 2017-09-29->2017-10-06. 6. ubus package is upgraded 2017-02-18->2017-11-06. 7. libxml package is upgraded 2.9.6->2.9.7. 8. sqlite package is upgraded 3200100->3210000. 9. expat package is upgraded 2.2.4->2.2.5. 10. Several packages are optimized to decrease resulting size. 1.0.2.39SF: 1. Most important: samba write speed is imporved (thanks to RMerlin for his tip (affinity)). 2. Changes in OpenVPN servers startup script (first is now using core0, second: core1). 3. Changes in OpenVPN client (now it is using core1). 4. taskset utility is added. 5. e2fsprogs package is upgraded 1.43.6->1.43.7. 6. curl package is upgraded 7.55.1->7.56.1. 7. ethtool package is upgaded 4.11->4.13. 8. wget package is upgraded 1.19.1->1.19.2. 9. Host tools: three components are upgraded. 10. Toolchain: Patch is added to compiler (to support compilation by gcc 6.3.0). 1.0.2.38SF: 1. OpenVPN is upgraded 2.4.3->2.4.4. 2. minidlna is upgraded 1.2.0->1.2.1. 3. sqlite package is upgraded 3190300->3200100. 4. libxml2 package is upgraded 2.9.5->2.9.6. 5. libubox ackage is upgraded 2017-06-17->2017-09-29. 6. uci package is upgraded 2017-04-12->2017-09-29. 7. util-linux package is upgraded 2.30.1->2.30.2. 8. curl package is upgraded 7.54.1->7.55.1. 9. libsodium package is upgraded 1.0.13->1.0.15. 10. dnscrypt-resolvers.csv is updated. 11. Host tools: mpfr is upgraded. 12. Toolchain: binutils is upgraded to version 2.29.1. 13. Samba user "root" is added (allows mapping drive with root permissions). 14. powerctl init script is changed. 15. Minor bug in dbus is fixed. 16. Experimental: -funsafe-math-optimizations option is added. 1.0.2.37SF: 1. libxml2 package is upgraded 2.9.4->2.9.5. 2. expat package is upgraded 2.2.3->2.2.4. 3. confuse package is upgraded 3.2->3.2.1. 4. wget package is upgraded 1.18->1.19.1. 5. libubox package is upgraded 2017-02-24->2017-06-17. 6. curl/libcurl is synchronized with OpenWRT/LEDE. 7. CIFS kernel modules are added (possibility to mount remote shared disks from console). 8. Host tools: several patches are added (genext2fs lzma m4 mkimage). 1.0.2.36SF: 1. Most important: samba is upgaded 3.0.24->3.6.25 (with all security patches). 2. ncurses package is upgraded 5.9->6.0. 3. util-linux package is upgraded 2.28->2.30.1. 4. liblz4 package is upgraded 1.7.5->1.8.0. 5. e2fsprogs package is upgraded 1.43.5->1.43.6. 6. Host tools: e2fsprogs is upgraded too. 1.0.2.35SF: 1. ReadyCLOUD GUI access problem is fixed (problem reported by janthony6). 2. expat package is upgraded 2.2.2->2.2.3. 3. e2fsprogs package is upgraded 1.43.4->1.43.5. 4. irqbalance-1.2.0 package is added. 5. OpenVPN clinet startup script is optimized. 6. Kernel sources are synchronized with latest stock firmware. 7. dnscrypt-resolvers.csv is updated. 8. Host tools: one component is upgraded. 9. Some other changes. 1.0.2.34SF: 1. sqlite package is upgraded 3190200->3190300. 2. uci package is upgraded 2016-07-04->2017-04-12. 3. confuse package is upgraded 3.0->3.2. 4. curl package is upraded 7.29.0->7.54.1. 5. expat package is upgraded 2.2.0->2.2.2 6. bridge-utils package is upgraded 1.5->1.6. 7. libsodium package is upgraded 1.0.12->1.0.13. 8. dnscrypt-resolvers.csv is updated. 9. Host tools: two components are upgraded to most recent versions. 10. Changes from stock 1.0.2.32 are integrated to this release. 11. Default congestion control is set to "cubic" (unification with R9000). 12. /etc/init.d/optware script is removed (unification with R9000, see entware-cortex-a15-3x-initial.tar.gz, i.e. how to start Entware services). 13. Some other changes. 1.0.2.33SF: 1. OpenVPN is upgraded 2.4.2->2.4.3. 2. OpenVPN client behavior is changed. Now If it fails to connect to server, WAN LED will be amber. In case of success it will be white. Also it is possible for users to modify OpenVPN client UP and DOWN scripts to add own reaction e.g. in the case of lost connection (/etc/openvpn/ovpnclient-up.sh and /etc/openvpn/ovpnclient-down.sh). Thanks to kamoj for his help and testing. 3. NETGEAR Downloader: added new patch to Transmission 2.92+. Now NETGEAR Downloader displays filenames and their size correctly. 4. minidlna is upgraded 1.1.5->1.2.0. 5. dnscrypt-proxy is compiled with plugins support (request from Charles). 6. dnscrypt-resolvers.csv is updated. 7. Host tools: one component is upgraded to most recent versions. 1.0.2.32SF: 1. dropbear package is upgraded 2016.74->2017.75. 2. OpenSSL is upgraded 1.0.2k->1.0.2l. 3. dnscrypt-proxy package is upgraded 1.9.4->1.9.5. 4. mxml package is upgraded 2.9->2.10. 5. p0f package is upgraded 3.06b->3.09b. 6. libgpg-error package is upgraded 1.25->1.27. 7. sqlite package is upgraded 3170000->3190200. 8. alsa-lib package is upgraded 1.1.3->1.1.4.1. 9. jq package is upgraded 1.3->1.5. 10. ethtool package is upgraded 4.10->4.11. 11. dnscrypt-resolvers.csv is updated. 12. libavl package is removed to save space (not used). 13. ngrep package is removed to save space (not used). 14. Recent patches are added to some packages (syncronize with OpenWRT/LEDE). 15. Host tools: one component is upgraded to most recent versions. 1.0.2.31SF: 1. OpenVPN client support is added (see readme.docx for details). 2. Latest QoS DB is included into firmware. 3. ubus package is upgraded 2016-01-26->2017-02-18. 4. libubox package is upgraded 2016-02-26->2017-02-24. 5. uci package is upgraded 2016-02-02->2016-07-04. 6. jansson package is upgraded 2.4->2.10. 7. transmission package is upgraded 2.92->2.92+git. 8. sqlite3 package is upgraded 3160000->3170000. 9. flack package is upgraded 1.3.1->1.3.2. 10. libsodium package is upgraded 1.0.11->1.0.12. 11. OpenVPN is upgraded 2.4.1->2.4.2 12. dnscrypt-resolvers.csv is updated. 13. Host tools: two components are upgraded to most recent versions. 1.0.2.30SF 1. Bridge mode is working now (bug in stock GPL source codes (git_home/qca-hostap.git). 2. OpenVPN is upgraded 2.4.0->2.4.1. 3. ethtool is upgraded 4.8->4.10. 4. Synchronization of other binaries with the stock firmware to avoid bridge mode bug. 5. OpenVPN init script is changed to avoid problems with some clients. 6. Some internal optimization. 1.0.2.29SF 1. Integration of changes with stock v. 1.0.2.28: http://kb.netgear.com/000037848/R7800-Firmware-Version-1-0-2-28 (but miniupnpd is still the same as in all previous versions of stock firmware, so it is strongly recommended to disable UPnP if you do not have real needs in UPnP) 1.0.2.25SF 1. sqlite3 package is upgraded 3130000->3160000. 2. libgcrypt package is upgraded 1.5.0->1.6.6. 3. libgpg-error package is upgraded 1.9->1.25. 4. sysstat package is upgraded 10.1.7->11.0.4. 5. lzo package is upgraded 2.09->2.10. 6. dbus package is upgraded 1.4.14->1.10.4. 7. libubox package is upgraded 2013-07-04->2016-02-26. 8. ubus package is upgraded 2013-01-13->2016-01-26. 9. libjson package is upgraded to libjson-c 0.9->0.12.1. 10. uci package is upgraded 2013-01-04->2016-02-02. 11. usbmode package moved to build tree. 12. dnscrypt-resolvers.csv is updated. 13. Host tools: four components are upgraded to most recent versions. 14. Toolchain: binutils is upgraded to version 2.28. 1.0.2.24SF 1. OpenVPN init script is updated (fixing bug reported by staticfree). 2. e2fsprogs package is upgraded 1.43.3->1.43.4. 3. e2fsprogs host tool is upgraded 1.43.3->1.43.4. 4. alsa-libs package is upgraded 1.1.0->1.1.3. 5. xz host tool is upgraded 5.2.2->5.2.3. 1.0.2.23SF 1. WebGUI is changed to allow selection of OpenVPN 2.4.x clients. 2. WebGUI is changed to allow deselection of "Respond to Ping on Internet Port" after enabling OpenVPN server (WAN settings, thanks to staticfree). 3. External liblz4 v. 1.7.5 package is added (used in OpenVPN for LZ4 compression). 4. libusb package is upgraded 1.0.20->1.0.21. 5. libusb-compat package is upgraded 0.1.4->0.1.5. 6. zlib package is upgraded 1.2.9->1.2.11 (several fixes and improvement). 7. dnscrypt-proxy package is upgraded 1.7.0->1.9.4 8. dnscrypt-resolvers.csv is updated. 9. bridge-utils package is upgraded 1.5->1.6. 10. mtd-utils package is upgraded 1.5.0->1.5.2 11. Latest QoS Optimization DB is included into firmware. 12. Host tools: three components are upgraded to most recent versions (gmp, gperf and pkg-config). 1.0.2.22SF 1. OpenSSL version is upgraded 1.0.2j->1.0.2k 2. OpenVPN version is upgraded 2.3.14->2.4.0. 3. gettext version is upgraded 0.19.6->0.19.8.1. 4. confuse version is upgraded 2.7->3.0. 5. expat version is upgraded 2.1.0->2.2.0. 6. avahi version is upgraded 0.6.31->0.6.32. 7. gdbm version is upgraded 1.8.3->1.11. 8. libyaml is removed to save a space (not used). 9. dnscrypt-resolvers.csv is updated. 10. Host tools: mpfr version is upgraded 3.1.3->3.1.5. 11. Toolchain: two components are upgraded. 1.0.2.21SF 1. Integration with stock 1.0.2.20. From Netgear notes to 1.0.2.12: New Features and Enhancements: * Opens the DFS channel for Japan. * Supports the access control feature when the router operates in AP mode. Bug Fixes: * Fixes the issue in which the IPV6 SPI-filter doesn't work when IPv6 use same PPPoE session as IPv4. * Fixed some minor bugs. Additional changes (found during my integration): * ReadyCLOUD version is upgraded. * Qualcomm drivers (firmware) are upgraded (5GHz). * GPIO driver is changed (kernel level). * Kernel signal scheme (interaction with Busybox) is added. * WebGUI is optimized a bit. * Netgear Downloader is optimized a bit. 2. ethtool version is upgraded 3.4.1->4.8. 3. e2fsprogs versinon is upgraded 1.43.1->1.43.3. 4. Changes several scripts to use direct path to firmware /bin/opkg (to avoid conflicts with opkg from Entware). 5. Bug with HiLink modem mode switch is correctd (tested by Vladlenas with Huawei E3372 HiLink modem). 6. Minor Netgear's bugs are fixed. 1.0.2.16SF (Internal release) 1.0.2.15SF 1. Samba: config file is optimized. 2. OpenVPN: version is upgraded 2.3.13->2.3.14. 3. Toolchain: GCC compiler version is changed and its most recent OpenWRT & Debian patches are used. 4. Toolchain: uClibc most recent patches are added. 5. Toolchain: several host tools are upgraded. 6. Uhttpd: cyassl is changed to openssl (speed). 7. Cyassl: lib is removed to save space (not used now). 8. Transmission: bug in /etc/init.d/transmission is fixed. 9. Transmission: now user can use own config files in directory "transmission" kept on the root of external disk or in /etc/transmission. 10. Kernel codes are a bit optimized (acpuclock-ipq806x.c acpuclock-krait.c acpuclock.h). 11. If /.nocloud or /.nokwilt files are present, update and install of ReadyCLOUD/Kwilt will be disabled. 12. Several Netgear's minor bugs are fixed. 1.0.2.14SF (internal release) 1.0.2.13SF 1. Integration with stock 1.0.2.12. From Netgear notes to 1.0.2.12: New Features and Enhancements: * Added WiFi 5G band support for FCC DFS channels 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140. * Upgraded OpenSSL cryptography library from V1.0.0 to v1.0.2h. Bug Fixes: * Fixes security issue in which TCP port 80 and port 443 were always opened in IPv6 environment. * Fixes security issue in which remote management interface still could be accessed even if it was disabled when the request * Fixes security issue in which R7800 reboots when using $(reboot) as user name to register ReadyCLOUD. * Fixes the issue in which the flash drive connected to USB port2 cannot be added into approved USB devices list. * Fixes the issue in which the desktop genie was unable to access R7800 remotely. * Fixed other minor bug fixes. 2. New Netgear's ReadyCLOUD installer archive is moved from FW to external download to save space (installed automatically from Google drive). 3. OpenVPN version is updated 2.3.12->2.3.13. 4. zipsplit/zipnote/zipcloack are removed to save space (not used). 5. sqlite-cli package is removed to save space (not used). 6. libvorbisenc/libvorbisfile are removed to save space (not used). 7. /bin/config and /bin/readycloud_nvram are now symlinks to /bin/nvram 8. dnscrypt-resolvers.csv is updated. 9. Added possibility to use UVC webcam (changes in kernel header). 1.0.2.12SF 1. QoS script is updated to allow settings own download/upload limits (problem reported by UK Sentinel). 2. Missing patch in Netgear's GPL is added to fcgi package, extracted from old stock 1.0.0.40 (the same QoS problems). 1.02.11SF (Internal release, 2 versions) 1. TCP congestion control is changed back to YeAH (more fast accordingto my tests). 2. ntpclient is changed to support LTE modem connection. 3. sqlite version is updated. 3120200->3130000 4. tar version is updated. 1.28->1.29 5. libusb version is updated. 1.0.19->1.0.20 6. libxml version is updated. 2.9.3->2.9.4 7. wget version is updated. 1.17.1->1.18 8. dnsmasq.conf is changed to allow use of /etc/hosts file. 9. dnscrypt-resolver.csv is updated. 10. Cosmetic changes: now /etc/dnscrypt.conf and /etc/netwall.conf can be used instead of /root/dnscrypt-list and /root/netwall-rules. Similar use. 11. Changed logic of LTE modem detection. 1.0.2.10SF 1. TCP congestion controls: a. Now the following algorithms are available, user can select: westwood+ reno cubic vegas yeah Illinois. b. Default algorithm is weswood+. 2. Some minor bugs made by Netgear are corrected. 3. OpenSSL version is updated. 1.0.2h->1.0.2j 4. OpenVPN version is updated. 2.3.11->2.3.12 5. Beta support of LTE modem in hostless mode, i.e. HiLink (when plugged into your computer, it appears as an Ethernet device rather than a USB device). I.e. you use your browser to control this modem by its WebGUI, not "Connection Manager" To use it you should attach modem to USB port. If no LTE modem is attached, router will operate as usual. 6. minidlna: The string "root_container=B" is added to default minidlna.conf. 7. Correction of problem with ReadyCLOUD reported by Zeljko1234. 8. I updated build tools to more fresh version. It is internal purposes (to build firmware). But might be something will be more stable. 1.0.2.09SF (Internal release, partial changes for public release) 1.0.2.08SF (Internal release, partial changes for public release) 1.0.2.07SF 1. swapon/swapoff/mkswap utilities are added to firmware. Now it is not necessary to install Entware-ng to make and enable swap file for Transmission, so you can use Transmission w/o Entware-ng installed. Swap file is enabled automatically if it is in: /opt/swap or /mnt/sda1/swap or /mnt/sdb1/swap (i.e. in the root of you external drive or in /opt). Independence from Entware-ng :-) 2. Cache is added to dnsmasq config file (thanks to Robysax for his suggestion). 3. dropbear version is updated (a lot of security fixes). 2016.73->2016.74 4. OpenVPN version is updated. 2.3.10->2.3.11 5. e2fsprogs version is updated to most fresh version (June 2016). 6. sysctl is updated with the sting: net.ipv4.tcp_congestion_control = yeah 1.0.2.06SF (First public release based on stock 1.0.2.04). 1. Integration with stock 1.0.2.04 GPL. 2. Added use of own CA/KEY/DH with OpenVPN server. 3. Packages misssed in 1.0.2.04 GPL are restored (extracted from binary FW). 1.0.1.32SF (Initial internal release based on stock 1.0.1.30). 1. Kernel codes are patched to remove "777-access" problem of Netgear. 2. 44 packages total are updated to new versions including fresh build tools (compiler, gdb, binutils etc). 3. Compilation flags are changed to use optimization of IPQ806x CPU and general optimization (-O2) 4. Several new packages are added including dropbear, transmission, dnscrypt-proxy etc. 5. WebGUI bug (incorrect TZ) is corrected. 6. Support of Entware. 7. A lot of chages similar to changes for R7500v1.