Asus RT-AC68U

歡迎開開心心齊吹水
Post Reply
User avatar
iHD
Posts: 85
Joined: Wed Jun 10, 2015 11:14 am

Re: Asus RT-AC68U

Post by iHD »

380.64_1 (6-Jan-2017)

Code: Select all

- FIXED: Security issues in httpd (backport from GPL 4180 + 
            additional fixes of my own)
User avatar
iHD
Posts: 85
Joined: Wed Jun 10, 2015 11:14 am

Re: Asus RT-AC68U

Post by iHD »

380.64_2 (8-Jan-2017)

Code: Select all

   - FIXED: IPv6 client list failing to properly show hostnames
            (regression in 64_1)
   - FIXED: A few potential buffer overruns in httpd
User avatar
RCHK
Posts: 773
Joined: Thu Oct 30, 2014 12:34 pm

Re: Asus RT-AC68U

Post by RCHK »

380.65 Beta 1 (15-Jan-2017)

Code: Select all

- NEW: Merged with Asus GPL 380_4180 (and fixed its broken
          Network Tools/Connections/etc... pages)
   - NEW: Upgraded to OpenVPN 2.4.0, and implemented support
          for many of its new features:
            * GCM ciphers
            * LZ4 compression
            * tls-crypt (uses the Static Key field)
            * Cipher negotiation (NCP), with (optional)
              fallback to legacy "cipher" parameter when
              an OpenVPN 2.3 client connects to the
              router's 2.4 server.
          Please refer to the OpenVPN 2.4 documentation for
          more info on these new features.

          You will be warned if any server setting would
          generate an exportable ovpn file that would be
          incompatible with older clients.

          Existing client config shouldn't need to be changed,
          unless you modify the router's server configuration.

   - NEW: Upgraded Busybox to 1.25.1 (patch by theMIROn)
   - NEW: Added the following Busybox applets: ntpd, time, uniq,
          xargs and getopt, for feature parity with John's fork.
   - NEW: Option on Media Server page to enable minidlna's
          built-in status web page.  Default URL is
          http://router.asus.com:8200 .
   - NEW: Support for Vodafone R226 USB LTE (patch by
          Gernot Pansy)
   - NEW: New "update-notification" user script, that gets run
          when a scheduled firmware check detects a new version
          is available.

   - CHANGED: Removed support for all RC ciphers on OpenVPN.
              DES is staying for now, but should still be avoided
              whenever possible.
   - CHANGED: Updated Tor to 0.2.9.8 (patch by blackfuel)
   - CHANGED: Updated nano to 2.7.4.
   - CHANGED: hosts file will now give a higher priority to the
              user-configured hostname for the router ahead of
              hardcoded ones (like router.asus.com).
   - CHANGED: Create a system log entry if new firmware is available.
   - FIXED: Invalid DUID used when requesting an IPv6 prefix
            for some of the newer router models, which would
            prevent them from getting working IPv6 (Asus bug)
   - FIXED: Network Service Firewall rules not applied
            under certain configurations
   - FIXED: Port triggering wasn't working if traffic had
            been whitelisted by Network Service Firewall
   - FIXED: Avahi wasn't rejecting connections from
            secondary WAN interface
   - FIXED: Sorting clients by connection time would incorrectly
            treat 10 hours as longer than 9 hours, as it was
            handling it as a string (Asus bug)
   - FIXED: Exported ovpn client file wouldn't use the
            user-configured hostname when using DDNS custom mode.
   - FIXED: Exported OpenVPN client config didn't work when
            using static key authentication.
   - FIXED: Exported OpenVPN client config wasn't editable with
            Notepad, the default editor used by Windows's
            OpenVPN GUI.
   - FIXED: OpenVPN was killed too quickly on disconnection,
            causing issues when using explicit-exit-notify
            (patch by john9527)
   - FIXED: OpenVPN client/server instances weren't properly
            restarted on a WAN restart (patch by john9527)
   - FIXED: Some models (N66/Ac66/AC5300) would reboot 3 times
            if one of the radios was found disabled by the user
            while booting (Asus bug).
User avatar
RCHK
Posts: 773
Joined: Thu Oct 30, 2014 12:34 pm

Re: Asus RT-AC68U

Post by RCHK »

380.65 Beta 2 (22-Jan-2017)

Code: Select all

- CHANGED: Display name and icon for clients configured on the
              Tor page.
- CHANGED: Improvement to OpenVPN Client page behaviour
User avatar
RCHK
Posts: 773
Joined: Thu Oct 30, 2014 12:34 pm

Re: Asus RT-AC68U

Post by RCHK »

380.65 (3-Feb-2017)

Code: Select all

- NEW: Merged with parts of Asus GPL 380_4180, left out
          most of it because of too many bugs in it.
   - NEW: Upgraded to OpenVPN 2.4.0, and implemented support
          for many of its new features:
            * GCM ciphers
            * LZ4 compression
            * tls-crypt (uses the Static Key field)
            * Cipher negotiation (NCP), with (optional)
              fallback to legacy "cipher" parameter when
              an OpenVPN 2.3 client connects to the
              router's 2.4 server.
          Please refer to the OpenVPN 2.4 documentation for
          more info on these new features.

          You will be warned if any server setting would
          generate an exportable ovpn file that would be
          incompatible with older clients.

          Existing client config shouldn't need to be changed,
          unless you modify the router's server configuration.

   - NEW: Upgraded Busybox to 1.25.1 (patch by theMIROn)
   - NEW: Added the following Busybox applets: ntpd, time, uniq,
          xargs and getopt, for feature parity with John's fork.
   - NEW: Option on Media Server page to enable minidlna's
          built-in status web page.  Default URL is
          http://router.asus.com:8200 .
   - NEW: Support for Vodafone R226 USB LTE (patch by
          Gernot Pansy)
   - NEW: New "update-notification" user script, that gets run
          when a scheduled firmware check detects a new version
          is available.

   - CHANGED: Removed support for all RC ciphers on OpenVPN.
              DES is staying for now, but should still be avoided
              whenever possible.
   - CHANGED: Updated openssl to 1.0.2k
   - CHANGED: Updated tor to 0.2.9.9 (0.2.9.x patch by blackfuel)
   - CHANGED: Updated nano to 2.7.4.
   - CHANGED: hosts file will now give a higher priority to the
              user-configured hostname for the router ahead of
              hardcoded ones (like router.asus.com).
   - CHANGED: Create a system log entry if a new firmware 
              version is available.
   - CHANGED: Display name and icon for clients configured on the
              Tor page.
   - CHANGED: Streamlined miniupnpd stop/start events during boot,
              so there are fewer of them now.
   - FIXED: Invalid DUID used when requesting an IPv6 prefix
            for some of the newer router models, which would
            prevent them from getting working IPv6 (Asus bug)
   - FIXED: Network Service Firewall rules not applied
            under certain configurations
   - FIXED: Port triggering wasn't working if traffic had
            been whitelisted by Network Service Firewall
   - FIXED: Avahi wasn't rejecting connections from
            secondary WAN interface
   - FIXED: Sorting clients by connection time would incorrectly
            treat 10 hours as shorter than 9 hours, as it was
            handling it as a string (Asus bug)
   - FIXED: Exported ovpn client file wouldn't use the
            user-configured hostname when using DDNS custom mode.
   - FIXED: Exported OpenVPN client config didn't work when
            using static key authentication.
   - FIXED: Exported OpenVPN client config wasn't editable with
            Notepad, the default editor used by Windows's
            OpenVPN GUI.
   - FIXED: OpenVPN was killed too quickly on disconnection,
            causing issues when using explicit-exit-notify
            (patch by john9527)
   - FIXED: OpenVPN client/server instances weren't properly
            restarted on a WAN restart (patch by john9527)
   - FIXED: Some models (N66/AC66/AC5300) would reboot 3 times
            if one of the radios was found disabled by the user
            while booting (Asus bug).
   - FIXED: Webui layout was broken under Chrome 56.
User avatar
SKA
Posts: 180
Joined: Tue Oct 28, 2014 6:00 pm

Re: Asus RT-AC68U

Post by SKA »

其實...呢D咩嚟... :onion114:
User avatar
RCHK
Posts: 773
Joined: Thu Oct 30, 2014 12:34 pm

Re: Asus RT-AC68U

Post by RCHK »

SKA wrote: 其實...呢D咩嚟... :onion114:
http://asuswrt.lostrealm.ca/" onclick="window.open(this.href);return false;
Welcome to the official website for the Asuswrt-Merlin firmware project, a third party alternative firmware for Asus routers, with a special emphasis on tweaks and fixes rather than radical changes or collecting as many features as possible.
User avatar
RCHK
Posts: 773
Joined: Thu Oct 30, 2014 12:34 pm

Re: Asus RT-AC68U

Post by RCHK »

380.66 (12-May-2017)

Code: Select all

- NEW: Merged with GPL 380_7378
         Notable changes:
            * Port forwards can select a specific source IP
            * Security fixes for CVE-2017-5891, CVE-2017-5892
              and CVE-2017-6547
         Note:
            * If you are experiencing new wifi stability
              issues, try disabling Airtime Fairness on
              the Wireless -> Professional page (on all
              bands).

  - NEW: Option to disable Wanduck's constant DNS probing
         for WAN state (Tools -> Other Settings)
  - NEW: Allow disabling the use of DH, by entering
         "none" in the DH field for OpenVPN server config.
  - NEW: Added new Internet redirection mode to OpenVPN clients
         called "Policy Rule (Strict)".  The difference from the
         existing "Policy Rule" mode is that in strict mode,
         only rules that specifically target the tunnel's
         interface will be used.  This ensures that you don't
         leak traffic through global or other tunnel routes,
         however it also means any static route you might have
         defined at the WAN level will not be copied either.
  - CHANGED: Ovpn importer now recognizes the "port" and
             "reneg-sec" parameters.
  - CHANGED: Ovpn importer now support a third argument for
             the "remote" parameter, allowing to specify the
             protocol.
  - CHANGED: Updated Tor to 0.2.9.10
  - CHANGED: Updated nano to 2.8.1
  - CHANGED: Updated OpenVPN to 2.4.2
  - CHANGED: Updated LZ4 to 1.7.5 (used by OpenVPN)
  - CHANGED: SSL certificate generated for httpds will now
             contain SANs for hostname, router.asus.com, IP
             and DDNS hostname.
  - CHANGED: Make minidlna always use the same uuid, based on
             the LAN MAC (original patch by john9527)
  - CHANGED: Better feedback provided when an ovpn file upload
             generates a problem due to a key/cert that's
             not provided inline.  Inform the user which of
             these he will need to manually provide.
  - CHANGED: Disable bridge multicast_snooping, as this should be
             unnecessary, and it could interfere with EMF, UPNP and
             other multicast applications.  Can be re-enabled from
             the Tools -> Other Settings page.
  - REMOVED: The Virtual Server page no longer allows users to
             edit existing port forwards (our existing code is
             incompatible with Asus's newer webui code and will
             need to be re-implemented.)
  - FIXED: WOL page fails to load if adding a client with a
           quote in its name.
  - FIXED: Couldn't add a DHCP reservation client if its name
           contained a quote.
  - FIXED: New outbound connections weren't logged if firewall
           logging was enabled.
  - FIXED: OpenVPN server didn't always work properly in udp mode
           when in a dual stack IPv4/IPv6 environment (backport
           from GPL 382_9736)
  - FIXED: When disabling NCP support in OpenVPN, the router
           could still be trying to use it if the remote end
           had it enabled.
  - FIXED: Potential CVE-2016-10229 security issue in kernel
           (unsure whether our kernel was vulnerable or not)
  - FIXED: ovpn file import would fail to import auth hash or
           cipher if they weren't uppercase.
  - FIXED: Couldn't edit SMB permissions if the disk had
           multiple partitions (Asus bug) (patch by
           Jeremy Goss)
  - FIXED: Exporting a client.ovpn file with no existing CA
           could generate garbled output in the generated
           file.
User avatar
iHD
Posts: 85
Joined: Wed Jun 10, 2015 11:14 am

Re: Asus RT-AC68U

Post by iHD »

380.66_2 (16_May-2017)

Code: Select all

   - FIXED: AiCloud fail to start on RT-N66U and RT-AC66U.
   - FIXED: The generated key/cert for httpds and AiCloud could
            sometimes be invalid due to a timing problem.
User avatar
iHD
Posts: 85
Joined: Wed Jun 10, 2015 11:14 am

Re: Asus RT-AC68U

Post by iHD »

380.66_4 (26-May-2017)

Code: Select all

   - CHANGED: Updated dropbear to 2017.75
   - FIXED: Security issue CVE-2017-7494 in Samba.
Post Reply