1.0.4.86HF: 1. Toolchain: GCC is upgraded 15.2.0->16.1.0. 2. Toolchain: Go is upgraded 1.25.8->1.25.10. 3. OpenVPN is upgraded 2.6.19->2.7.4 (fixing CVE-2026-40215, CVE-2026-35058). 4. dropbear package is upgraded 2024.89->2025.91 (fixing CVE-2019-6111, CVE-2026-35385). 5. OpenSSL v. 3.0.x package is upgraded 3.0.19->3.0.20 (fixing CVE-2026-31790, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789). 6. expat package is upgraded 2.7.4->2.8.1 (fixing CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-41080, CVE-2026-45186). 7. libexif package is upgraded 0.6.25->0.6.26 (fixing CVE-2026-40386, CVE-2026-40385, CVE-2026-32775). 8. unbound package (used in stubby) is upgraded 1.24.2->1.25.1 (fixing CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390, CVE-2026-44608). 9. haveged package is upgraded 1.9.19->1.9.21 (fixing CVE-2026-41054). 10. libubox package is upgraded 2026-03-13->2026-05-03. 11. libcap-ng package is upgraded 0.9.1->0.9.3. 12. libgcrypt package is upgraded 1.12.1->1.12.2. 13. libgpg-error package is upgraded 1.59->1.61. 14. libusb package is upgraded 1.0.29->1.0.30. 15. libusb-compat package is upgraded 0.1.8->0.1.9. 16. sqlite (minidlna) package is upgraded 3500400->3530100). 17. ffmpeg (minidlna) package is upgraded 6.1.3->6.1.4. 18. util-linux package is upgraded 2.41.3->2.42.1. 19. proftpd package is upgraded 1.3.9->1.3.9a. 20. nano package is upgraded 8.7.1->9.0. 21. iperf3 package is upgraded 3.20->3.21. 22. pciutils package is upgraded 3.14.0->3.15.0. 23. Host tools: upgrade mkimage/u-boot to 2026.04. 24. Host tools: upgrade xz to 5.8.3. 25. Host tools: upgrade mtd-utils to 2.3.1. 1.0.4.85HF: 1. Toolchain: Go is upgraded 1.25.5->1.25.8. 2. OpenSSL v. 3.0.x package is upgraded 3.0.18->3.0.19 (fixing CVE-2025-15467, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796). 3. expat package is upgraded 2.4.3->2.4.4 (fixing CVE-2026-24515, CVE-2026-25210). 4. libpcap package is upgraded 1.10.5->1.10.6 (fixing CVE-2025-11961, CVE-2025-11964). 5. tcpdump package is upgraded 4.99.5->4.99.6. 6. OpenVPN is upgraded 2.6.17->2.6.19 7. cifs-utils package is upgraded 7.4->7.5. 8. e2fsprogs package is upgraded 1.47.3->1.47.4. 9. ethtool package is upgraded 6.15->6.19. 10. wireguard-tools package is upgraded 1.0.20250521->1.0.20260223. 11. zlib package is upgraded 1.3.1->1.3.2. 12. libtalloc package is upgraded 2.4.3->2.4.4. 13. ncurses package is upgraded 6.5->6.6. 14. libubox package is upgraded 2025-12-08->2026-03-13. 15. libcap-ng package is upgraded 0.8.5->0.9.1. 16. libiconv-full package is upgraded 1.18->1.19. 17. libid3tag (minidlna) package is upgraded 0.16.3->0.16.4. 18. libgcrypt package is upgraded 1.11.1->1.12.1. 19. libgpg-error package is upgraded 1.58->1.59. 20. nano package is upgraded 8.7->8.7.1. 21. less package is upgraded 685->692. 22. ca-certificates package is upgraded 20250419->20260223. 23. Upgrade QCA firmware to the latest stock. 24. TM iQoS: upgrade sample.bin to the latest stock. 25. Host tools: upgrade mkimage/u-boot to 2026.01. 26. Host tools: upgrade squashfs4 to 4.7.5. 27. Host tools: upgrade e2fsprogs to 1.47.4. 1.0.4.84HF: 1. Toolchain: binutils is upgraded 2.45->2.45.1. 2. Toolchain: Go is upgraded 1.25.3->1.25.5. 3. dropbear package is upgraded 2024.88->2025.89 (fixing CVE-2025-14282, CVE-2019-6111). 4. OpenVPN is upgraded 2.6.15->2.6.17 (fixing CVE-2025-13086, CVE-2025-13751). 5. unbound package (used in stubby) is upgraded 1.24.0->1.24.2 (fixing CVE-2025-11411). 6. fcgi package is upgraded 2.4.6->2.4.7 (additional fixing CVE-2025-23016). 7. DNSCrypt Proxy v.2 is upgraded 2.1.14->2.1.15. 8. curl package is upgraded 8.16.0->8.17.0. 9. util-linux package is upgraded 2.41.2->2.41.3. 10. libubox package is upgraded 2025-10-04->2025-12-08. 11. uci package is upgraded 2025-10-05->2025-12-02. 12. ubus package is upgraded 2025-10-04->2025-12-02. 13. libnl-tiny package is upgraded 2025-10-03->2025-12-02. 14. libgpg-error package is upgraded 1.56->1.58. 15. nano package is upgraded 8.6->8.7. 16. iperf3 package is upgraded 3.19.1->3.20. 17. less package is upgraded 668->685. 18. sysstat package is upgraded 12.7.8->12.7.9. 19. ffmpeg (minidlna) package is upgraded 6.1.3->6.1.4. 20. Host tools: upgrade xz to 5.8.2. 21. Host tools: upgrade mtd-utils to 2.3.0. 22. Host tools: upgrade squashfs4 to 4.7.4. 1.0.4.83HF: 1. Toolchain: GCC is upgraded 15.1.0->15.2.0. 2. Toolchain: Go is upgraded 1.24.6->1.25.3. 3. OpenSSL v. 3.0.x package is upgraded 3.0.17->3.0.18 (fixing CVE-2025-9230, CVE-2025-9232). 4. expat package is upgraded 2.7.1->2.7.3 (fixing CVE-2025-59375, CVE-2025-59375, CVE-2024-8176). 5. DNSCrypt Proxy v.2 is upgraded 2.1.12->2.1.14. 6. OpenVPN is upgraded 2.6.14->2.6.15. 7. util-linux package is upgraded 2.41.1->2.41.2. 8. curl package is upgraded 8.15.0->8.16.0. 9. libubox package is upgraded 2025-07-23->2025-10-04. 10. uci package is upgraded 2024-11-26->2025-10-05. 11. ubus package is upgraded 2025-07-02->2025-10-04. 12. unbound package (used in stubby) is upgraded 1.23.1->1.24.0. 13. libnl-tiny package is upgraded 2025-03-19->2025-10-03. 14. ffmpeg (minidlna) package is upgraded 6.1.2->6.1.3. 15. nano package is upgraded 8.5->8.6. 16. iw package is upgraded 6.9->6.17. 17. Host tools: upgrade mkimage/u-boot to 2025.10. 18. Host tools: upgrade squashfs4 to 4.7.2. 19. Host tools: fix firmware-utils compilation. 20. Host tools: add patch to libtool. 21. Host tools: remove libelf (not used). 1.0.4.82HF: 1. Toolchain: binutils is upgraded 2.44->2.45. 2. Toolchain: Go is upgraded 1.24.4->1.24.6. 3. unbound package (used in stubby) is upgraded 1.23.0->1.23.1 (fixing CVE-2025-5994). 4. jq package is upgraded 1.7.1->1.8.1 (fixing CVE-2025-49014, CVE-2024-23337, CVE-2024-53427, CVE-2025-48060). 5. iperf3 package is upgraded 3.19->3.19.1 (fixing CVE-2025-54349, CVE-2025-54350, CVE-2025-54351). 6. curl package is upgraded 8.14.1->8.15.0. 7. cifs-utils package is upgraded 7.3->7.4. 8. ethtool package is upgraded 6.14->6.15. 9. util-linux package is upgraded 2.41->2.41.1. 10. e2fsprogs package is upgraded 1.47.2->1.47.3. 11. sysstat package is upgraded 12.7.7->12.7.8. 12. ubus package is upgraded 2025-05-16->2025-07-02. 13. pciutils package is upgraded 3.13.0->3.14.0. 14. nano package is upgraded 8.4->8.5. 15. libogg package is upgraded 1.3.5->1.3.6. 16. libreadline package is upgraded 8.2->8.3. 17. ncurses package is upgraded 6.4->6.5. 18. libubox package is upgraded 2024-12-19->2025-07-23. 19. gdbm package is upgraded 1.25->1.26. 20. sqlite (minidlna) package is upgraded 3490100->3500400. 21. Host tools: upgrade mkimage/u-boot to 2025.07. 22. Host tools: upgrade e2fsprogs to 1.47.3. 1.0.4.81HF: 1. Toolchain: GCC is upgraded 14.2.0->15.1.0. 2. Toolchain: Go is upgraded 1.24.2->1.24.4. 3. dropbear package is upgraded 2024.87->2025.88 (fixing CVE-2025-47203). 4. fcgi package is upgraded 2.4.4->2.4.6 (fixing CVE-2025-23016). 5. DNSCrypt Proxy v.2 is upgraded 2.1.8->2.1.12. 6. wireguard-tools package is upgraded 1.0.20210914->1.0.20250521. 7. curl package is upgraded 8.13.0->8.14.1. 8. coreutils package (sort/gnu-date) is upgraded 9.6->9.7. 9. ca-certificates package is upgraded 20241223->20250419. 10. sqlite (minidlna) package is upgraded 3460100->3490100. 11. unbound package (used in stubby) is upgraded 1.22.0->1.23.0. 12. ethtool package is upgraded 6.11->6.14. 13. ubus package is upgraded 2025-01-02->2025-05-16. 14. iperf3 package is upgraded 3.18->3.19. 15. libiconv-full package is upgraded 1.17->1.18. 16. libubox package is upgraded 2024.03.29->2024-12-19. 17. libusb package is upgraded 1.0.28->1.0.29. 18. Multiple packages: get ready to compile by gcc 15.1.0 compiler. 19. Change 'run-ramfs' script to use 'libiconv.so.2.7.0' (libiconv-full 1.18). 20. Host tools: upgrade libtool to 2.5.4. 21. Host tools: upgrade m4 to 1.4.20. 22. Host tools: upgrade quilt to 0.69. 23. Host tools: upgrade mpfr to 4.2.2. 24. Host tools: synchronize bison with OpenWRT. 1.0.4.80HF: 1. Toolchain: Go is upgraded 1.23.5->1.24.2. 2. OpenVPN is upgraded 2.6.13->2.6.14 (fixing CVE-2025-2704). 3. OpenSSL v. 3.0.x package is upgraded 3.0.15->3.0.16 (fixing CVE-2024-13176, CVE-2024-9143). 4. expat package is upgraded 2.6.4->2.7.1 (fixing CVE-2024-8176). 5. DNSCrypt Proxy v.2 is upgraded 2.1.7->2.1.8. 6. dropbear package is upgraded 2024.86->2025.87. 7. cifs-utils package is upgraded 7.1->7.3. 8. util-linux package is upgraded 2.40.4->2.41. 9. curl package is upgraded 8.12.0->8.13.0. 10. proftpd package is upgraded 1.3.8c->1.3.9. 11. fcgi package is upgraded 2.4.2->2.4.4. 12. nano package is upgraded 8.3->8.4. 13. coreutils package (sort/gnu-date) is upgraded 9.5->9.6. 14. patch package is upgraded 2.7.6->2.8. 15. jansson package is upgraded 2.14->2.14.1. 16. gdbm package is upgraded 1.24->1.25. 17. libusb package is upgraded 1.0.27->1.0.28. 18. libnl-tiny package is upgraded 2023-12-05->2025-03-19. 19. libtalloc package is upgraded 2.4.2->2.4.3. 20. libflac package is upgraded 1.4.3->1.5.0. 21. Host tools: upgrade xz to 5.8.1 (fixing CVE-2025-31115). 1.0.4.79HF: 1. Toolchain: binutils is upgraded 2.43.1->2.44. 2. Toolchain: Go is upgraded 1.23.4->1.23.6. 3. OpenVPN is upgraded 2.6.12->2.6.13. 4. DNSCrypt Proxy v.2 is upgraded 2.1.5->2.1.7. 5. util-linux package is upgraded 2.40.2->2.40.4. 6. e2fsprogs package is upgraded 1.47.1->1.47.2. 7. proftpd package is upgraded 1.3.8b->1.3.8c. 8. curl package is upgraded 8.11.1->8.12.0. 9. ca-certificates package is upgraded 20240203->20241223. 10. sysstat package is upgraded 12.7.6->12.7.7. 11. iperf3 package is upgraded 3.17.1->3.18. 12. nano package is upgraded 8.2->8.3. 13. ubus package is upgraded 2024-10-20->2025-01-02. 14. uci package is upgraded 2024-11-26->2025-01-20. 15. libexif package is upgraded 0.6.24->0.6.25. 16. Host tools: upgrade mkimage/u-boot to 2025.01. 17. Host tools: upgrade e2fsprogs to 1.47.2. 18. Host tools: upgrade xz to 5.6.4. 19. Host tools: upgrade quilt to 0.68. 1.0.4.78HF: 1. Toolchain: Go is upgraded 1.22.6->1.23.4. 2. expat package is upgraded 2.6.3->2.6.4 (fixing CVE-2024-50602). 3. dropbear package is upgraded 2024.85->2024.86. 4. curl package is upgraded 8.10.1->8.11.1. 5. cifs-utils package is upgraded 7.0->7.1. 6. wget package is upgraded 1.24.5->1.25.0. 7. ethtool package is upgraded 6.10->6.11. 8. ubus package is upgraded 2023-11-28->2024-10-20. 9. unbound package (used in stubby) is upgraded 1.21.0->1.22.0. 10. less package is upgraded 661->668. 11. uci package is upgraded 2023-08-10->2024-11-26. 12. libgpg-error package is upgraded 1.50->1.51. 13. Add 'libtalloc' package. 14. samba36: add a dependency on libtalloc. 15. tcpdump: add patches to support tcpdump-mini and to remove pcap debug. 16. Host tools: upgrade mtd-utils to 2.2.1. 1.0.4.77HF: 1. Toolchain: binutils is upgraded 2.43->2.43.1. 2. Toolchain: Go is upgraded 1.22.6->1.23.2. 3. OpenSSL v. 3.0.x package is upgraded 3.0.14->3.0.15 (fixing CVE-2024-6119, CVE-2024-5535). 4. expat package is upgraded 2.6.2->2.6.3 (fixing CVE-2024-45490, CVE-2024-45491, CVE-2024-45492). 5. libpcap package is upgraded 1.10.4->1.10.5 (fixing CVE-2023-7256, CVE-2024-8006). 6. tcpdump package is upgraded 4.99.4->4.99.5. 7. curl package is upgraded 8.9.1->8.10.1. 8. ethtool package is upgraded 6.9->6.10. 9. unbound package (used in stubby) is upgraded 1.20.0->1.21.0. 10. haveged package is upgraded 1.9.18->1.9.19. 11. netatalk package is upgraded 3.2.5->3.2.10. 12. sqlite (minidlna) package is upgraded 3410200->3460100. 13. libjson-c package is upgraded 0.17->0.18. 14. nano package is upgraded 8.1->8.2. 15. Host tools: upgrade xz to 5.6.3. 1.0.4.76HF: 1. Toolchain: GCC is upgraded 14.1.0->14.2.0. 2. Toolchain: binutils is upgraded 2.42->2.43. 3. Toolchain: Go is upgraded 1.22.5->1.22.6. 4. OpenVPN is upgraded 2.6.11->2.6.12 (fixing CVE-2024-5594). 5. less package is upgraded 643->661. 6. util-linux package is upgraded 2.38.1->2.40.2. 7. curl package is upgraded 8.8.0->8.9.1. 8. netatalk package is upgraded 3.2.2->3.2.5. 9. nano package is upgraded 8.0->8.1. 10. ffmpeg (minidlna) package is upgraded 6.1.1->6.1.2. 11. lz4 package is upgraded 1.9.1->1.10.0 (multithreading support). 12. libreadline package is upgraded 8.2->8.2.13. 13. ipset: add patch to fix json output format for IPSET_OPT_IP. 14. Host tools: upgrade mtd-utils to 2.2.0. 15. Host tools: upgrade xz to 5.6.2. 1.0.4.75HF: 1. Toolchain: Go is upgraded 1.22.3->1.22.5. 2. OpenVPN is upgraded 2.6.10->2.6.11 (fixing CVE-2024-4877, CVE-2024-5594, CVE-2024-28882). 3. OpenSSL v. 3.0.x package is upgraded 3.0.13->3.0.14 (fixing CVE-2024-4741, CVE-2024-2511). 4. netatalk package is upgraded 3.1.18->3.2.2 (fixing CVE-2024-38439, CVE-2024-38440, CVE-2024-38441). 5. ethtool package is upgraded 6.7->6.9. 6. sysstat package is upgraded 12.7.5->12.7.6. 7. pciutils package is upgraded 3.12.0->3.13.0. 8. gdbm package is upgraded 1.23->1.24. 9. libgcrypt package is upgraded 1.10.3->1.11.0. 10. libgpg-error package is upgraded 1.49->1.50. 11. logrotate package is upgraded 3.21.0->3.22.0. 12. Add support for CD/DVD-ROM mounting. Example: mount /dev/sr0 /mnt/cdrom/ -o utf8 13. Host tools: upgrade mkimage/u-boot to 2024.07. 1.0.4.74HF: 1. Toolchain: GCC is upgraded 13.2.0->14.1.0. 2. Toolchain: Go is upgraded 1.22.2->1.22.3. 3. dropbear package is upgraded 2022.83->2024.85 (fixing CVE-2023-48795). https://nvd.nist.gov/vuln/detail/CVE-2023-48795 (score 5.9. Medium) 4. unbound package (used in stubby) is upgraded 1.19.3->1.20.0 (fixing CVE-2024-33655). https://access.redhat.com/security/cve/CVE-2024-33655 (score 3.7, Low) 5. OpenSSL v. 1.1.1 package is upgraded to OpenSSL v. 3.0.x 1.1.1w->3.0.13. 6. curl package is upgraded 8.7.1->8.8.0. 7. libubox package is upgraded 2024-01-26->2024.03.29. 8. libcap-ng package is upgraded 0.8.4->0.8.5. 9. libgpg-error package is upgraded 1.48->1.49. 10. e2fsprogs package is upgraded 1.47.0->1.47.1. 11. iperf3 package is upgraded 3.16->3.17.1. 12. nano package is upgraded 7.2->8.0. 13. pciutils package is upgraded 3.11.1->3.12.0. 14. iw package is upgraded 6.7->6.9. 15. Add 'libatomic' package. 16. Multiple packages: fix compilation by gcc 14.1.0 compiler. 17. Host tools: upgrade e2fsprogs to 1.47.1. 18. Host tools: upgrade UPX to 4.2.4. 1.0.4.73HF: 1. Toolchain: binutils is upgraded 2.41->2.42. 2. Toolchain: Go is upgraded 1.21.5->1.22.2. 3. expat package is upgraded 2.5.0->2.6.2 (fixing CVE-2023-52425, CVE-2023-52426, CVE-2024-28757). https://nvd.nist.gov/vuln/detail/CVE-2023-52425 (score 7.5, High) https://nvd.nist.gov/vuln/detail/CVE-2023-52426 (score 5.5, Medium) https://www.suse.com/security/cve/CVE-2024-28757.html (score 7.5, High) 4. unbound package (used in stubby) is upgraded 1.19.0->1.19.3 (fixing CVE-2023-50387, CVE-2023-50868, CVE-2024-1931). https://nvd.nist.gov/vuln/detail/CVE-2023-50387 (score 7.5, High) https://access.redhat.com/security/cve/CVE-2023-50868 (score 7.5, High) https://nvd.nist.gov/vuln/detail/CVE-2024-1931 (score 7.5, High) 5. dropbear: add patch to fix CVE-2023-48795. https://nvd.nist.gov/vuln/detail/CVE-2023-48795 (score 5.9. Medium) 6. lua: add patch to fix CVE-2014-5461. https://www.suse.com/security/cve/CVE-2014-5461.html (score 5.0. Medium) 7. OpenVPN is upgraded 2.6.8->2.6.10. 8. curl package is upgraded 8.5.0->8.7.1. 9. ethtool package is upgraded 6.6->6.7. 10. iw package is upgraded 5.19->6.7. 11. ipset package is upgraded 7.19->7.21. 12. wget package is upgraded 1.21.4->1.24.5. 13. coreutils package (sort/gnu-date) is upgraded 9.4->9.5. 14. pciutils package is upgraded 3.10.0->3.11.1. 15. ffmpeg (minidlna) package is upgraded 6.1->6.1.1. 16. zlib package is upgraded 1.3->1.3.1. 17. libubox package is upgraded 2023-12-04.1->2024-01-26. 18. libusb package is upgraded 1.0.26->1.0.27. 19. libgpg-error package is upgraded 1.47->1.48. 20. ca-certificates package is upgraded 20230311->20240203. 21. Host tools: upgrade mkimage/u-boot to 2024.01. 22. Host tools: upgrade xz to 5.4.6. 23. Host tools: upgrade UPX to 4.2.3. 1.0.4.72HF: 1. Toolchain: Go is upgraded 1.21.3->1.21.5. 2. Toolchain: gdb is upgraded to 13.2. 3. Toolchain: enable 'XATTR' for uClibc (needed to compile 'libcap-ng'). 4. samba36: add patches to fix CVE: CVE-2015-5330, CVE-2017-11103, CVE-2017-2619, CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16860, CVE-2019-10218, CVE-2019-3880, CVE-2020-10745, CVE-2020-14303 5. jq package is upgraded 1.7->1.7.1 (fixing CVE-2023-50246, CVE-2023-50268). https://nvd.nist.gov/vuln/detail/CVE-2023-50246 (score 5.5, Medium) https://nvd.nist.gov/vuln/detail/CVE-2023-50268 (score 5.5, Medium) 6. OpenVPN is upgraded 2.5.9->2.6.8. 7. Add 'libcap-ng' package (needed to compile OpenVPN 2.6.x). 8. OpenVPN server: set default cipher to 'CHACHA20-POLY1305' for client config ('download' script). 9. net-cgi: change messages 'OpenVPN 2.5.x'->'OpenVPN 2.6.x'. 10. proftpd package is upgraded 1.3.8a->1.3.8b. 11. ethtool package is upgraded 6.5->6.6. 12. curl package is upgraded 8.4.0->8.5.0. 13. sysstat package is upgraded 12.7.4->12.7.5. 14. iperf3 package is upgraded 3.15->3.16. 15. ubus package is upgraded 2023-06-05->2023-11-28. 16. libubox package is upgraded 2023-05-23->2023-12-04.1. 17. unbound package (used in stubby) is upgraded 1.18.0->1.19.0. 18. libgcrypt package is upgraded 1.10.2->1.10.3. 19. libnl-tiny package is upgraded 2023-07-27->2023-12-05. 20. ffmpeg (minidlna) package is upgraded 6.0->6.1. 21. libid3tag (minidlna) package is upgraded 0.16.2->0.16.3. 22. iproute2: change the 'ip' utility from 'full' to 'tiny' to save space. 23. Remove 'dni-openvpn-client' package (unused). 24. Host tools: upgrade mkimage/u-boot to 2023.10. 25. Host tools: upgrade xz to 5.4.5. 26. Host tools: upgrade UPX to 4.2.1. 1.0.4.71HF: 1. Toolchain: binutils version is upgraded 2.40->2.41. 2. Toolchain: Go is upgraded 1.21.0->1.21.3. 3. curl package is upgraded 8.2.1->8.4.0 (fixing CVE-2023-38545, CVE-2023-38546). https://phoenix.security/vulnerability-curl/ CVE-2023-38545: high severity vulnerability CVE-2023-38546: low severity vulnerability 4. netatalk package is upgraded 3.1.15->3.1.18 (fixing CVE-2022-22995, CVE-2023-42464, CVE-2022-23121, CVE-2022-23123). https://nvd.nist.gov/vuln/detail/CVE-2022-22995 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2023-42464 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2022-23121 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2022-23123 (score 9.8, Critical) 5. OpenSSL v. 1.1.1 package is upgraded 1.1.1v->1.1.1w (fixing CVE-2023-4807). https://nvd.nist.gov/vuln/detail/CVE-2023-4807 (score 7.8, High, but actually is not related to router firmware) 6. ethtool package is upgraded 6.4->6.5. 7. ipset package is upgraded 7.17->7.19. 8. proftpd package is upgraded 1.3.8->1.3.8a. 9. coreutils package (sort/gnu-date) is upgraded 9.3->9.4. 10. sysstat package is upgraded 12.7.2->12.7.4. 11. zlib package is upgraded 1.2.13->1.3. 12. unbound package (used in stubby) is upgraded 1.17.1->1.18.0. 13. dbus package is upgraded 1.14.8->1.14.10. 14. jq package is upgraded 1.6->1.7. 15. iperf3 package is upgraded 3.14->3.15. 16. less package is upgraded 633->643. 17. minidlna: libjpeg 9e package is replaced with libjpeg-turbo 2.1.5.1. 18. Kernel: Linux kernel patch to fix build with binutils >= 2.41. 19. Host tools: upgrade xz to 5.4.4. 20. Host tools: upgrade mpfr to 4.2.1. 21. Host tools: add Python3 patch to ipkg-utils. 1.0.4.70HF: 1. Toolchain: GCC is upgraded 13.1.0->13.2.0. 2. Toolchain: Go is upgraded 1.20.5->1.21.0. 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1u->1.1.1v (fixing CVE-2023-3817, CVE-2023-3446). https://nvd.nist.gov/vuln/detail/CVE-2023-3817 (score 5.3, Medium) https://nvd.nist.gov/vuln/detail/CVE-2023-3446 (score 5.3, Medium) 4. DNSCrypt Proxy v.2 is upgraded 2.1.4->2.1.5. 5. curl package is upgraded 8.1.2->8.2.1. 6. ethtool package is upgraded 6.3->6.4. 7. dbus package is upgraded 1.14.6->1.14.8. 8. ubus package is upgraded 2022-06-15->2023-06-05. 9. uci package is upgraded 2023-03-05->2023-08-10. 10. iperf3 package is upgraded 3.13->3.14. 11. tar package is upgraded 1.34->1.35. 12. libjson-c package is upgraded 0.16->0.17. 13. libnl-tiny package is upgraded 2023-04-02->2023-07-27. 14. libflac package is upgraded 1.4.2->1.4.3. 15. Boost of kernel (add '-ftree-vectorize' and '-fvect-cost-model=dynamic' options). 16. Enable EXT4_USE_FOR_EXT23 (kernel). 17. Disable MINIX_FS (kernel). 18. Host tools: upgrade UPX to 4.1.0. 19. Host tools: upgrade mklibs to 0.1.45. 20. Host tools: upgrade gmp to 6.3.0. 1.0.4.69HF: 1. Toolchain: Go is upgraded 1.20.3->1.20.5. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1t->1.1.1u (fixing CVE-2023-0466, CVE-2023-0465, CVE-2023-0464). https://nvd.nist.gov/vuln/detail/CVE-2023-0466 (score 5.3, Medium) https://nvd.nist.gov/vuln/detail/CVE-2023-0465 (score 5.3, Medium) https://nvd.nist.gov/vuln/detail/CVE-2023-0464 (score 7.5, High) 3. netatalk package is upgraded 3.1.14->3.1.15 (fixing CVE-2022-43634, CVE-2022-45188). https://nvd.nist.gov/vuln/detail/CVE-2022-43634 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2022-45188 (score 7.8, High) 4. minidlna package is upgraded 1.3.2->1.3.3 (fixing CVE-2023-33476). https://nvd.nist.gov/vuln/detail/CVE-2023-33476 (score 9.8, Critical) 5. ffmpeg (minidlna) package is upgraded 5.1.3->6.0. 6. sqlite (minidlna) package is upgraded 3410100->3410200. 7. wget package is upgraded 1.21.3->1.21.4. 8. ethtool package is upgraded 6.2->6.3. 9. curl package is upgraded 8.0.1->8.1.2. 10. dbus package is upgraded 1.14.6->1.14.8. 11. pciutils package is upgraded 3.8.0->3.10.0. 12. less package is upgraded 608->633. 13. libubox package is upgraded 2022-09-27->2023-05-23. 14. util-linux: add 'dmesg' utility instead of busybox version. 15. Host tools: upgrade xz to 5.4.3. 1.0.4.68HF: 1. Toolchain: GCC is upgraded 12.2.0->13.1.0. 2. Toolchain: Go is upgraded 1.20.2->1.20.3. 3. tcpdump package is upgraded 4.99.3->4.99.4 (fixing CVE-2023-1801). https://nvd.nist.gov/vuln/detail/CVE-2023-1801 (score 6.5, Medium) 4. libpcap package is upgraded 1.10.3->1.10.4. 5. libgcrypt package is upgraded 1.10.1->1.10.2. 6. libgpg-error package is upgraded 1.46->1.47. 7. libnl-tiny package is upgraded 2022-11-01->2023-04-02. 8. curl package is upgraded 7.88.1->8.0.1. 9. coreutils package (sort/gnu-date) is upgraded 9.1->9.3. 10. e2fsprogs package is upgraded 1.46.6->1.47.0. 11. ffmpeg (minidlna) package is upgraded 5.1.2->5.1.3. 12. busybox: enable COMMAND_SAVEHISTORY for shell. 13. Remove libxml2 (unused). 14. wget: remove libpcre dependency. 15. readline: split to 'libreadline' and 'libhistory', disable 'libhistory' in 'defconfig' (unused). 16. Selective optimization '-O3' of kernel components/drivers (slight boost). 17. Host tools: upgrade xz to 5.4.2. 18. Host tools: upgrade squashfs4 to 4.6.1. 19. Host tools: upgrade mkimage/u-boot to 2023.04. 20. Host tools: upgrade e2fsprogs to 1.47.0. 21. Host tools: upgrade mpc to 1.3.1. 22. Host tools: synchronize squashfs3-lzma and lzma-old with OpenWRT. 1.0.4.67HF: 1. Toolchain: Go is upgraded 1.19.5->1.20.2. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1s->1.1.1t (fixing CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286). https://www.openssl.org/news/openssl-1.1.1-notes.html CVE-2023-0286, High severity. CVE-2023-0215, Moderate severity. CVE-2022-4450, Moderate severity. CVE-2022-4304, Moderate severity. 3. OpenSSL 1.0.2: create and add patches to fix CVE-2023-0215/CVE-2023-0286. https://nvd.nist.gov/vuln/detail/CVE-2023-0215 (score 7.5, High) https://nvd.nist.gov/vuln/detail/CVE-2023-0286 (score 7.4, High) 4. e2fsprogs package is upgraded 1.46.5->1.46.6 (fixing CVE-2022-1304). https://nvd.nist.gov/vuln/detail/cve-2022-1304 (score 7.8, High) 5. OpenVPN is upgraded 2.5.8->2.5.9. 6. DNSCrypt Proxy v.2 is upgraded 2.1.2->2.1.4. 7. dbus package is upgraded 1.14.4->1.14.6. 8. curl package is upgraded 7.87.0->7.88.1. 9. iperf3 package is upgraded 3.12->3.13. 10. proftpd package is upgraded 1.3.7f->1.3.8. 11. ethtool package is upgraded 6.1->6.2. 12. uci package is upgraded 2021-10-22->2023-03-05. 13. ca-certificates package is upgraded 20211016->20230311. 14. sqlite (minidlna) package is upgraded 3400000->3410100. 15. netatalk package is upgraded 2.2.6->3.1.14. To disable AppleFilingProtocol/TimeMachine/netatalk at all use the following commands: nvram set noafp=1 nvram commit reboot 16. netatalk-utility package is upgraded 1.0.0->1.0.1 (needed to support netatalk 3.1.4). 17. Add 'less' package, disable busybox 'less'. 18. util-linux: add 'dmesg' utility instead of busybox version. 19. Remove libltdl (unused). 20. Optimize router performance if 802.11ad Wi-Fi is disabled. 21. dnsmasq: add changes from the stock V1.0.5.42. 22. samba-scripts: change 'update_user' script. 23. ethtool: split into 'tiny' and 'full' options and choose 'ethtool-tiny' in default config. 24. '-O3' optimization for part of kernel components (kernel level). 25. Host tools: upgrade e2fsprogs to 1.46.6 (fixing CVE-2022-1304). https://nvd.nist.gov/vuln/detail/cve-2022-1304 (score 7.8, High) 26. Host tools: upgrade libtool to 2.4.7. 27. Host tools: change Makefile to use new libtool. 1.0.4.66HF: 1. Toolchain: binutils version is upgraded 2.39->2.40. 2. Toolchain: Go is upgraded 1.18.9->1.19.5. 3. libid3tag package is upgraded 0.15.1b->0.16.2 (fixing CVE-2017-11550). https://nvd.nist.gov/vuln/detail/CVE-2017-11550 (score 5.5, Medium) 4. ipset package is upgraded 7.16->7.17. 5. curl package is upgraded 7.86.0->7.87.0. 6. unbound package (used in stubby) is upgraded 1.17.0->1.17.1. 7. getdns package (used in stubby) is upgraded 1.7.2->1.7.3. 8. stubby package is upgraded 0.4.2->0.4.3. 9. ncurses package is upgraded 6.3->6.4. 10. libpcap package is upgraded 1.10.1->1.10.3. 11. tcpdump package is upgraded 4.99.1->4.99.3. 12. ethtool package is upgraded 6.0->6.1. 13. ubus package is upgraded 2022-06-01->2022-06-15. 14. nano package is upgraded 7.1->7.2. 15. sysstat package is upgraded 12.7.1->12.7.2. 16. Host tools: upgrade mkimage/u-boot to 2023.01. 17. Host tools: upgrade genext2fs to 1.5.0. 18. Host tools: upgrade xz to 5.4.1. 19. Host tools: upgrade mpfr to 4.2.0. 20. Host tools: upgrade UPX to 4.0.2. 1.0.4.65HF: 1. Toolchain: Go is upgraded 1.18.7->1.18.9. 2. zlib package is upgraded 1.2.12->1.2.13 (fixing CVE-2022-37434). https://nvd.nist.gov/vuln/detail/CVE-2022-37434 (score 9.8, Critical) 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1q->1.1.1s. 4. OpenVPN is upgraded 2.5.7->2.5.8. 5. dropbear package is upgraded 2022.82->2022.83. 6. proftpd package is upgraded 1.3.7e->1.3.7f. 7. ipset package is upgraded 7.15->7.16. 8. dbus package is upgraded 1.13.22->1.14.4. 9. sysstat package is upgraded 12.6.0->12.7.1. 10. logrotate package is upgraded 3.20.1->3.21.0. 11. nano package is upgraded 6.4->7.1. 12. libnl-tiny package is upgraded 2022-05-23->2022-11-01. 13. libusb-compat package is upgraded 0.1.7->0.1.8. 14. ffmpeg (minidlna) package is upgraded 4.3.5->5.1.2. 15. sqlite (minidlna) package is upgraded 3370000->3400000. 16. Cosmetic changes: 'R7800' -> 'R9000'. 17. popt: add patch to fix compilation issue (new 'gettext' version). 18. Host tools: upgrade xz to 5.2.10. 19. Host tools: upgrade sed to 4.9. 20. Host tools: upgrade mpfr to 4.1.1. 21. Host tools: upgrade UPX to 4.0.1. 1.0.4.64HF: 1. Toolchain: Go is upgraded 1.18.5->1.18.7. 2. Toolchain: GDB is upgraded 11.2->12.1. 3. zlib: add patch to fix CVE-2022-37434. https://nvd.nist.gov/vuln/detail/CVE-2022-37434 (score 9.8, Critical) 4. expat package is upgraded 2.4.8->2.5.0 (fixing CVE-2022-40674, CVE-2022-43680). https://nvd.nist.gov/vuln/detail/CVE-2022-40674 (score 9.8, Critical) https://nvd.nist.gov/vuln/detail/CVE-2022-43680 (score 7.5, High) 5. OpenSSL 1.0.2u: add patches to fix CVE-2020-1971/CVE-2021-23841/CVE-2021-3712/CVE-2022-0778: https://nvd.nist.gov/vuln/detail/CVE-2020-1971 (score 5.9, Medium) https://nvd.nist.gov/vuln/detail/CVE-2021-23841 (score 5.9, Medium) https://nvd.nist.gov/vuln/detail/CVE-2021-3712 (score 7.4, High) https://nvd.nist.gov/vuln/detail/CVE-2022-0778 (score 7.5, High) 6. unbound package (used in stubby) is upgraded 1.16.2->1.17.0 (fixing CVE-2022-3204). https://nvd.nist.gov/vuln/detail/CVE-2022-3204 (score 7.5, High) 7. libxml2 package is upgraded 2.10.0->2.10.3 (fixing CVE-2022-40303, CVE-2022-40304). https://access.redhat.com/security/cve/cve-2022-40303 (score 8.2, High) https://access.redhat.com/security/cve/cve-2022-40304 (score 8.2, High) 8. stubby package is upgraded 0.4.0->0.4.2. 9. curl package is upgraded 7.84.0->7.86.0. 10. ethtool package is upgraded 5.18->6.0. 11. libflac package is upgraded 1.3.4->1.4.2. 12. ffmpeg package is upgraded 4.3.4->4.3.5. 13. minidlna package is upgraded 1.3.1->1.3.2. 14. libnl-tiny package is upgraded 2022-05-17->2022-05-23. 15. libubox package is upgraded 2022-05-15->2022-09-27. 16. libgpg-error package is upgraded 1.45->1.46. 17. popt package is upgraded 1.18->1.19. 18. libreadline package is upgraded 8.1.2->8.2. 19. gettext package is upgraded 0.21->0.21.1. 20. iperf3 package is upgraded 3.11->3.12. 21. Host tools: upgrade xz to 5.2.7. 22. Host tools: upgrade mkimage/u-boot to 2022.10 1.0.4.63HF: 1. Toolchain: GCC is upgraded 12.1.0->12.2.0. 2. Toolchain: binutils version is upgraded 2.38->2.39. 3. Toolchain: Go is upgraded 1.18.4->1.18.5. 4. libxml2 package is upgraded 2.9.14->2.10.0 (fixing CVE-2022-2309, score 7.5, High). https://nvd.nist.gov/vuln/detail/CVE-2022-2309 5. Upgrade QCA drivers. 6. TM iQoS DB is upgraded to 1.126. 7. DNSCrypt Proxy v.2 is upgraded 2.1.1->2.1.2. 8. unbound package (used in stubby) is upgraded 1.16.1->1.16.2. 9. getdns package (used in stubby) is upgraded 1.7.0->1.7.2. 10. lz4 package is upgraded 1.9.3->1.9.4. 11. proftpd package is upgraded 1.3.7d->1.3.7e. 12. util-linux package is upgraded 2.38->2.38.1. 13. cifs-utils package is upgraded 6.15->7.0. 14. nano package is upgraded 6.3->6.4. 15. tcpdump: add UPX packing. 16. Default congestion control algorithm is changed to 'illinois'. 17. Remove 'fbwifi' utility. 18. Host tools: upgrade mkimage/u-boot to 2022.07. 1.0.4.62HF: 1. Toolchain: add patch to uClibc to fix CVE-2022-30295, score 6.5, Medium (Use predictable DNS transaction IDs that may lead to DNS cache poisoning). https://nvd.nist.gov/vuln/detail/CVE-2022-30295 2. Toolchain: Go is upgraded 1.18.3->1.18.4. 3. wireguard package is upgraded 1.0.20211208->1.0.20220627. 4. OpenSSL v. 1.1.1 package: change the compiler flag '-fvect-cost-model=unlimited'->'-fvect-cost-model=dynamic'. 5. OpenSSL v. 1.1.1 package is upgraded 1.1.1o->1.1.1q. 6. curl package is upgraded 7.83.1->7.84.0. 7. tcpdump package is upgraded 4.9.3->4.99.1. 8. unbound package (used in stubby) is upgraded 1.16.0->1.16.1. 9. ethtool package is upgraded 5.17->5.18. 10. OpenSSL 0.9.8 package is upgraded 0.9.8zg->0.9.8zh. 11. iptables: add 'tee' support (iptables-mod-tee/kmod-ipt-tee packages). 1.0.4.61HF: 1. Toolchain: GCC is upgraded 11.3.0->12.1.0. 2. Toolchain: Go is upgraded 1.18.1->1.18.3. 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1n->1.1.1o (fixing CVE-2022-1292, score 9.8, Critical). https://nvd.nist.gov/vuln/detail/CVE-2022-1292 4. libxml2 package is upgraded 2.9.13->2.9.14 (fixing CVE-2022-29824, score 6.5, Medium). https://nvd.nist.gov/vuln/detail/CVE-2022-29824 5. cifs-utils package is upgraded 6.14->6.15 (fixing CVE-2022-27239, score 7.8, High, CVE-2022-29869, score 5.3, Medium). https://nvd.nist.gov/vuln/detail/CVE-2022-27239 https://nvd.nist.gov/vuln/detail/CVE-2022-29869 6. OpenVPN is upgraded 2.5.6->2.5.7. 7. unbound package (used in stubby) is upgraded 1.15.0->1.16.0. 8. curl package is upgraded 7.82.0->7.83.1. 9. libubox package is upgraded 2021-11-20->2022-05-15. 10. ubus package is upgraded 2022-02-28->2022-06-01. 11. libnl-tiny package is upgraded 2021-11-21->2022-05-17. 12. libiconv-full package is upgraded 1.16-1.17. 13. iw package is upgraded 5.16->5.19. 14. sysstat package is upgraded 12.5.6->12.6.0. 15. logrotate package is upgraded 3.19.0->3.20.1. 16. OpenSSL 0.9.8 package is upgraded 0.9.8p->0.9.8zg. 17. nano package is upgraded 6.2->6.3. 18. Slight boost adding '-ftree-vectorize' and '-fvect-cost-model=unlimited' flags to compilation options (speed up). 19. '-O3' optimization for part of kernel components (kernel level). 20. Kernel config: disable mouse/keyboard support. 21. Upgrade WebGUI LG_VERSION. 1.0.4.60HF: 1. Toolchain: GCC is upgraded 11.2.0->11.3.0. 2. Toolchain: Go is upgraded 1.18->1.18.1. 3. Toolchain: GDB is upgraded 11.1->11.2. 4. libmnl package is upgraded 1.0.4->1.0.5. 5. libreadline package is upgraded 8.1->8.1.2. 6. libjson-c package is upgraded 0.15->0.16. 7. libgcrypt package is upgraded 1.9.4->1.10.1. 8. libgpg-error package is upgraded 1.43->1.45. 9. popt package is upgraded 1.16->1.18. 10. libusb package is upgraded 1.0.25->1.0.26. 11. gdbm package is upgraded 1.19.1->1.23. 12. pciutils package is upgraded 3.7.0->3.8.0. 13. at package is upgraded 3.2.2->3.2.5. 14. haveged package is upgraded 1.9.17->1.9.18. 15. coreutils package (sort/gnu-date) is upgraded 9.0->9.1. 16. sysstat package is upgraded 12.4.5->12.5.6. 17. proftpd package is upgraded 1.3.7c->1.3.7d. 18. ffmpeg package is upgraded 4.3.3->4.3.4. 19. sqlite package is upgraded 3330000->3370000. 20. Add 'logrotate' package. 21. Add 'hd-idle' package. 22. Synchronize 'lua' patches and Makefile. 23. Remove 'liblua' package leaving only dev support (unused). 24. Host tools: upgrade quilt to 0.67. 25. Host tools: upgrade missing-macros to 11. 1.0.4.59HF: 1. Toolchain: Go is upgraded 1.17.7->1.18. 2. OpenVPN is upgraded 2.5.5->2.5.6 (fixing CVE-2022-0547, score 9.8, Critical). https://nvd.nist.gov/vuln/detail/CVE-2022-0547 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1m->1.1.1n (fixing CVE-2022-0778, score 7.5, High). https://nvd.nist.gov/vuln/detail/CVE-2022-0778 4. minidlna package is upgraded 1.3.0->1.3.1 (fixing CVE-2022-26505, score 7.4, High). https://nvd.nist.gov/vuln/detail/CVE-2022-26505 5. libxml2 package is upgraded 2.9.12->2.9.13 (fixing CVE-2022-23308, score 7.5, High). https://nvd.nist.gov/vuln/detail/CVE-2022-23308 6. expat package is upgraded 2.4.6->2.4.8 Relax fix to CVE-2022-25236 (introduced with release 2.4.5). 7. dropbear package is upgraded 2020.81->2022.82. 8. zlib package is upgraded 1.2.11->1.2.12. 9. libgpg-error package is upgraded 1.42->1.43. 10. curl package is upgraded 7.81.0->7.82.0. 11. wget package is upgraded 1.21.2->1.21.3. 12. ethtool package is upgraded 5.16->5.17. 13. util-linux package is upgraded 2.37.4->2.38. 14. ubus package is upgraded 2021-08-90->2022-02-28. 15. dbus package is upgraded 1.13.20->1.13.22. 16. libflac package is upgraded 1.3.3->1.3.4. 17. libogg package is upgraded 1.3.4->1.3.5. 18. sysstat package is upgraded 12.4.3->12.4.5. 19. libjpeg package is upgraded 9d->9e. 20. Make an order in various Makefiles. 21. Host tools: upgrade mkimage/u-boot to 2022.01. 1.0.4.58HF: 1. Toolchain: binutils version is upgraded 2.37->2.38. 2. Toolchain: Go is upgraded 1.17.6->1.17.7. 3. util-linux package is upgraded 2.37.2->2.37.4 (fixing CVE-2021-3995, CVE-2021-3996, CVE-2022-0563). 4. expat package is upgraded 2.4.3->2.4.6 (fixing CVE-2022-23852, CVE-2022-23990). 5. aws-iot: add possibility to disable Amazon Alexa (@NetBytes, @spocko): nvram set noaws=1 nvram commit reboot 6. iptables: add patch to disable exit if no library for match (@HELLO_wORLD). 7. dnscrypt-proxy-2: change startup priority to 98 (@microchip). 8. exfat-nofuse package is upgraded 2017-06-20->2018-04-17. 9. unbound package (used in stubby) is upgraded 1.14.0->1.15.0. 10. libusb package is upgraded 1.0.24->1.0.25. 11. ethtool package is upgraded 5.15->5.16. 12. iperf3 package is upgraded 3.10.1->3.11. 13. libxml2 package is upgraded 2.9.12->2.9.13. 14. nano package is upgraded 6.0->6.2. 1.0.4.57.1HF: 1. expat package is upgraded 2.4.2->2.4.3 (fixing CVE-2021-45960, CVE-2021-46143, from CVE-2022-22822 to CVE-2022-22827). Base Scores: 7.5, 7.8/8.1, 9.8, 9.8, 9.8, 8.8, 8.8, 8.8. https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes 2. nano: add UTF-8 support. 1.0.4.57HF: 1. Toolchain: Go is upgraded 1.17.5->1.17.6. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1l->1.1.1m. 3. OpenVPN is upgraded 2.5.4->2.5.5. 4. fcgi: fix possible QoS Internet Download/Upload display issue. 5. unbound package (used in stubby) is upgraded 1.13.2->1.14.0. 6. getdns package (used in stubby) is upgraded 1.5.2->1.7.0. 7. Add 'check' package ('getdns' dependency). 8. stubby package is upgraded 0.3.0->0.4.0. 9. curl package is upgraded 7.80.0->7.81.0. 10. libnl-tiny package is upgraded 2020-08-05->2021-11-21. 11. libexif package is upgraded 0.6.22->0.6.24. 12. e2fsprogs package is upgraded 1.46.4->1.46.5. 13. haveged package is upgraded 1.9.15->1.9.17. 14. expat package is upgraded 2.4.1->2.4.2. 15. dbus package is upgraded 1.13.18->1.13.20. 16. nano package is upgraded 5.9->6.0. 17. hd-idle package is upgraded 1.04->1.05. 18. Integration of 'cmddlna' script from the latest stock firmware. 19. dnscrypt-proxy-2: add UPX packing. 20. Host tools: upgrade e2fsprogs to 1.46.5. 21. Host tools: upgrade scons to 3.1.2. 22. Host tools: upgrade mkimage/u-boot to 2021.10. 1.0.4.56HF: 1. Toolchain: Go is upgraded 1.17.2->1.17.5. 2. Toolchain: gdb is upgraded 10.1->11.1. 3. TM QoS database is upgraded to v1.112. 4. 'pot' package: issue is fixed (NG/DNI bug in old GPL sources). 5. wireguard package is upgraded 1.0.20210606->1.0.20211208. 6. curl package is upgraded 7.79.1->7.80.0. 7. fcgi package is upgraded 2.4.0->2.4.2. 8. iproute2 package is upgraded 3.3.0->4.4.0. 9. libubox package is upgraded 2021-08-19->2021-11-20. 10. ethtool package is upgraded 5.14->5.15. 11. iw package is upgraded 5.9->5.16. 12. ncurses package is upgraded 6.2->6.3. 13. ca-certificates package is upgraded 20210119->20211016. 14. transmission-web-control package is upgraded 2020-09-26->2021-09-25. 15. Default congestion control algorithm is changed to 'highspeed'. 16. HTCP congestion control algorithm is added. 17. Making an order in mtd-utils package (patches, Makefile). 18. 'xtables-addons' package: added autoload of kernel modules to '/etc/modules.d'. 19. Host tools: various updates. 1.0.4.55HF: 1. Toolchain: Go is upgraded 1.17->1.17.2. 2. Plex Media Server is upgraded to v1.22.3. 3. TM QoS database is upgraded to v1.108. 4. wireguard-tools package is upgraded 1.0.20210424->1.0.20210914. 5. DNSCrypt Proxy v.2 is upgraded 2.1.0->2.1.1. 6. OpenVPN is upgraded 2.5.3->2.5.4. 7. wget package is upgraded 1.21.1->1.21.2. 8. proftpd package is upgraded 1.3.7b->1.3.7c. 9. bridge-utils package is upgraded 1.7->1.7.1. 10. curl package is upgraded 7.78.0->7.79.1. 11. gdbm package is upgraded 1.19->1.19.1. 12. libexif package is upgraded 0.6.22->0.6.23. 13. libgcrypt package is upgraded 1.9.3->1.9.4. 14. cifs-utils package is upgraded 6.13->6.14. 15. coreutils package (sort/gnu-date) is upgraded 8.32->9.0. 16. haveged package is upgraded 1.9.14->1.9.15. 17. ethtool package is upgraded 5.13->5.14. 18. nano package is upgraded 5.8->5.9. 19. ffmpeg package is upgraded 4.3.2->4.3.3. 20. uci package is upgraded 2021-04-14->2021-10-22. 21. ubus package is upgraded 2021-06-30->2021-08-09. 22. at package is upgraded 3.1.23->3.2.2. 23. libiconv package is upgraded to libiconv-full 1.11.1->1.16. 24. Change WebGUI logo. 25. jansson package is removed (not needed). 26. Fix build by GCC 10.x (Host Debian Buster->Host Debian Bullseye). 27. Fix wrong call of detplc from uhttpd init script. 28. Kernel level optimization. 29. Host tools: upgrade bison to 3.8.2. 1.0.4.54HF: 1. Toolchain: Go is upgraded 1.16.6->1.17. 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1k->1.1.1l (fixing CVE-2021-3711, CVE-2021-3712). Base Scores (SUSE): 9.8 and 5.3. 3. DNSCrypt Proxy v.2 is upgraded 2.0.45->2.1.0. See https://github.com/DNSCrypt/dnscrypt-proxy/releases re: what to change in your config 4. libpcap package is upgraded 1.10.0->1.10.1. 5. pcre package is upgraded 8.44->8.45. 6. util-linux package is upgraded 2.37.1->2.37.2. 7. unbound package (used in stubby) is upgraded 1.13.1->1.13.2. 8. e2fsprogs package is upgraded 1.46.3->1.46.4. 9. libubox package is upgraded 2021-05-16->2021-08-19. 10. OpenVPN client init script: fix bash style comparison '==' -> '='. 11. Host tools (e2fsprogs): is upgraded to 1.46.4. 1.0.4.53HF: 1. Toolchain: GCC is upgraded 11.1.0->11.2.0. 2. Toolchain: binutils version is upgraded 2.36.1->2.37. 3. Toolchain: Go is upgraded 1.16.5->1.16.6. 4. wireguard-tools: add PresharedKey support to WireGuard client. 5. Fix cmdupnp issue (to avoid miniupnpd startup if UPnP is disabled). 6. curl package is upgraded 7.77.0->7.78.0. 7. gettext package is upgraded 0.19.8.1->0.21. 8. ethtool package is upgraded 5.12->5.13. 9. ipset package is upgraded 7.11->7.15. 10. e2fsprogs package is upgraded 1.46.2->1.46.3. 11. util-linux package is upgraded 2.37->2.37.1. 12. procps-ng package is upgraded 3.3.16->3.3.17. 13. Host tools (e2fsprogs): is upgraded to 1.46.3. 1.0.4.52HF: 1. Toolchain: Go is upgraded 1.16.4->1.16.5. 2. Fix of PLEX startup script issue (NG/DNI bug). 3. curl package is upgraded 7.76.1->7.77.0 (fixing CVE-2021-22897, CVE-2021-22898, CVE-2021-22901). 4. expat package is upgraded 2.2.10->2.4.1 (fixing CVE-2013-0340). 5. wireguard package is upgraded 1.0.20210424->1.0.20210606. 6. OpenVPN is upgraded 2.5.2->2.5.3. 7. proftpd package is upgraded 1.3.7a->1.3.7b. 8. util-linux package is upgraded 2.36.2->2.37. 9. libubox package is upgraded 2021-03-02->2021-05-16. 10. ubus package is upgraded 2021-02-15->2021-06-03. 11. libxml2 package is upgraded 2.9.10->2.9.12. 12. iperf3 package is upgraded 3.9->3.10.1. 13. nano package is upgraded 5.7->5.8. 1.0.4.51HF: 1. Toolchain: GCC is upgraded 10.3.0->11.1.0. 2. Toolchain: Go is upgraded 1.16.3->1.16.4. 3. wireguard package is upgraded 1.0.20210219->1.0.20210424. 4. wireguard-tools package is upgraded 1.0.20210315->1.0.20210424. 5. OpenVPN is upgraded 2.5.1->2.5.2. 6. cifs-utils package is upgraded 6.12->6.13. 7. libubox package is upgraded 2021-03-02->2021-05-16. 8. libgcrypt package is upgraded 1.8.7->1.9.3. 9. libgpg-error package is upgraded 1.39->1.42. 10. nano package is upgraded 5.6.1->5.7. 11. ethtool package is upgraded 5.10->5.12. 12. netatalk-utility: fix error message for '/etc/init.d/forked-daapd start|stop' if there is no such file. 13. amule, libcrypto++, wxWidgets: add support of compilation by GCC 11. 14. samba-scripts: add possibility to use custom user's config '/etc/config/samba/user.conf'. (Now it is possible to use custom user's config for samba. Just save your custom config as '/etc/config/samba/user.conf' and it will be used instead of generation of the new config) 1.0.4.50HF: 1. Toolchain: GCC is upgraded 10.2.0->10.3.0. 2. Toolchain: Go is upgraded 1.16.2->1.16.3. 3. OpenSSL v. 1.1.1 package is upgraded 1.1.1j->1.1.1k (fixing CVE-2021-3449, CVE-2021-3450). 4. curl package is upgraded 7.75.0->7.76.1 (fixing CVE-2021-22876, CVE-2021-22890). 5. dbus package is upgraded 1.13.12->1.13.18 (fixing CVE-2020-12049, CVE-2020-35512). 6. unzip: add security patches. 7. uci package is upgraded 2020-10-06->2021-04-14. 8. haveged package is upgraded 1.9.13->1.9.14. 9. Upgrade zebra/ripngd to quagga-zebra/quagga-ripngd v. 1.2.4 (HELLO_wORLD). 10. ipset: Kernel modules optimization '-O3'. 11. kernel level optimization: '-O3' optimization (kernel lib). 12. Disable ARM acceleration (kernel crypto AES/SHA1) to avoid conflicts with AL crypto device. 13. Toolchain: add optimization patch to uClibc. 1.0.4.49HF: 1. Toolchain: Go is upgraded 1.16->1.16.2. 2. iptables: add iptables-mod-rpfilter plugin (HELLO_wORLD). 3. wireguard package is upgraded 1.0.20210124->1.0.20210219. 4. wireguard-tools package is upgraded 1.0.20200827->1.0.20210315. 5. OpenVPN is upgraded 2.5.0->2.5.1. 6. ipset package is upgraded 7.10->7.11. 7. cifs-utils package is upgraded 6.11->6.12. 8. libubox package is upgraded 2020-12-12->2021-03-02. 9. libpcap package is upgraded 1.9.1->1.10.0. 10. e2fsprogs package is upgraded 1.45.6->1.46.2. 11. inotify-tools package is upgraded 3.14->3.20.11.0. 12. tar package is upgraded 1.32->1.34. 13. nano package is upgraded 5.5->5.6.1. 14. sysstat package is upgraded 12.4.2->12.4.3. 15. gdbm package is upgraded 1.18.1->1.19. 16. ffmpeg package is upgraded 4.3.1->4.3.2. 17. libjpeg package is upgraded 9c->9d. 18. libxml package: add security fix patches. 19. Kernel config: Add IP_NF_MATCH_RPFILTER/IP6_NF_MATCH_RPFILTER (iptables-mod-rpfilter). 20. Selective optimization '-O3' of kernel components/modules (slight boost). 21. Host tools (e2fsprogs): is upgraded to 1.46.2. 1.0.4.48.1HF: 1. Toolchain: Go is upgraded 1.15.7->1.16. 2. Toolchain: binutils version is upgraded 2.36->2.36.1. 3. Fix NG/DNI bug in net-lan for ReadyCLOUD ('alish.sh'->'alias.sh') (thanks to kamoj). 4. TM iQoS DB is upgraded to 1.94. 5. OpenSSL v. 1.1.1 package is upgraded 1.1.1i->1.1.1j. 6. util-linux package is upgraded 2.36.1->2.36.2. 7. ubus package is upgraded 2020-12-04->2021-02-15. 8. unbound package (used in stubby) is upgraded 1.13.0->1.13.1. 1.0.4.48HF: 1. Toolchain: Go is upgraded 1.15.6->1.15.7. 2. Toolchain: binutils version is upgraded 2.35.1->2.36. 3. wireguard package is upgraded 1.0.20201221->1.0.20210124. 4. iptables package is upgraded 1.8.6->1.8.7. 5. wget package is upgraded 1.20.3->1.21.1. 6. ca-certificates package is upgraded 20200601->20210119. 7. curl package is upgraded 7.74.0->7.75.0. 8. libreadline package is upgraded 8.0->8.1. 9. nano package is upgraded 5.4->5.5. 10. net-wall script: special processing IPv6 option 'net-wall -6 start' or 'net-wall -6 restart' (thanks to HELLO_wORLD). 11. iprange 1.0.4 package is added (Aegis, HELLO_wORLD). 1.0.4.47HF: 1. wireguard package is upgraded 20201112->1.0.20201221. 2. DNSCrypt Proxy v.2 is upgraded 2.0.44->2.0.45. (see https://github.com/DNSCrypt/dnscrypt-proxy/releases for details and changes in config). 3. ipset package is upgraded 7.9->7.10. 4. ethtool package is upgraded 5.9->5.10. 5. libubox package is upgraded 2020-08-06->2020-12-12. 6. libusb package is upgraded 1.0.23->1.0.24. 7. sysstat package is upgraded 12.4.1->12.4.2. 8. tcpdump package is upgraded 3.9.8->4.9.3. 9. libpcap package is upgraded 1.1.1->1.9.1. 10. Fix NG/DNI 'igmpproxy' modified source codes (to provide compatibility with 'libpcap'). 11. Fix NG/DNI bug in cmdupnp (thanks to arabesc). 12. libgcrypt package: optimize for a size. 13. tar package: optimize for a size. 14. Add procps-ng package utilities ('ps', 'top'). (run '/usr/bin/top-procps-ng' or '/usr/bin/ps-procps-ng -aux' from console to check them). 1.0.4.46HF: 1. Toolchain: Go is upgraded 1.15.3->1.15.6. 2. Toolchain: gdb is upgraded to 10.1. 3. Toolchain: make an order in binutils patches. 4. OpenSSL v. 1.1.1 package is upgraded 1.1.1h->1.1.1i (fixing CVE-2020-1971). 5. curl package is upgraded 7.72.0->7.74.0 (fixing CVE-2020-8284, CVE-2020-8285, CVE-2020-8286). 6. OpenVPN is upgraded 2.4.9->2.5.0. 7. lz4 package is upgraded 1.9.2->1.9.3. 8. wireguard package is upgraded 1.0.20200908->20201112. 9. util-linux package is upgraded 2.36->2.36.1. 10. iptables package is upgraded 1.8.5->1.8.6. 11. ipset package is upgraded 7.6+ [2020-03-09]->7.9. 12. ethtool package is upgraded 5.8->5.9. 13. iw package is upgraded 5.8->5.9. 14. libnl-tiny package is upgraded 2019-10-29->2020-08-05. 15. libgcrypt package is upgraded 1.8.6->1.8.7. 16. libgpg-error package is upgraded 1.37->1.39. 17. sysstat package is upgraded 12.4.0->12.4.1. 18. minidlna package is upgraded 1.2.1-2019-12-09->1.3.0. 19. ffmpeg package is upgraded 3.4.8->4.3.1. 20. libexif package is upgraded 0.6.21->0.6.22. 21. ubus package is upgraded 2020-10-25->2020-12-04. 22. proftpd package is upgraded 1.3.6e->1.3.7a. 23. nano package is upgraded 5.3->5.4. 24. unbound package (used in stubby) is upgraded 1.11.0->1.13.0. 25. transmission package is upgraded 2.94->3.00. 26. Change WebGUI info for OpenVPN 2.4.x->2.5.x. 27. libcryptoxx final size is reduced to save a space (LTO optimization). 28. Host tools: upgrade bison to 3.7.4. 29. Host tools: upgrade gmp to 6.2.1. 30. Host tools: upgrade mpc to 1.2.1. 31. OpenVPN server: add 'CHACHA20-POLY1305' cipher to 'ncp-ciphers' option and change the cipher of downloaded config for Windows clients to 'CHACHA20-POLY1305'. (Important: it is highly recommended to use 'CHACHA20-POLY1305' if your client is based on v. 2.5.x, much faster, change your non-Windows client config if possible). 1.0.4.45.2HF: 1. Fix busybox issue: 'date -r' command is fixed, 'date' applet is restored (workable now). 2. coreutils version of 'date' is available now as '/usr/bin/gnu-date'. 3. dropbear package is upgraded 2020.80->2020.81. 4. uci package is upgraded 2020-04-24->2020-10-06. 5. sysstat is changed to use 'gnu-date now' (sa2: 'gnu-date --date=yesterday'). 6. ubus init script is changed to create directory '/var/run/ubus' (/var/run/ubus.sock -> /var/run/ubus/ubus.sock). 1.0.4.45.1HF: 1. Fix busybox issue: coreutils version of 'date' is added (instead of a busybox analog, issue reported by kamoj). 2. ubus package is upgraded 2020-02-05->2020-10-25. 1.0.4.45HF: 1. Toolchain: Go is upgraded 1.14.8->1.15.3. 2. Toolchain: binutils version is upgraded 2.35->2.35.1. 3. Kernel level acceleration (cifs module, -march=armv7-a -> -mcpu=cortex-a15, etc.). 4. Update iQoS database version to 1.0.90. 5. Change Plex Media Server update (Support of Plex media server version 1.19.5). 6. wireguard package is upgraded 1.0.20200829.->1.0.20200908. 7. OpenSSL v. 1.1.1 package is upgraded 1.1.1g->1.1.1h. 8. iperf3 package is upgraded 3.8.1->3.9. 9. cifs-utils package is upgraded 6.10->6.11. 10. jansson package is upgraded 2.12->2.13.1. 11. libjson-c package is upgraded 0.14->0.15. 12. expat package is upgraded 2.2.9->2.2.10. 13. iw package is upgraded 5.4->5.8. 14. transmission-web-control package is upgraded 2019-07-24->1.6.1+ (2020-09-26). 15. nano package is upgraded 5.2->5.3. 16. Change SAMBA config generation (for Android/iOS gadgets, issue reported by Rustypouch). 17. Make an order in samba36 Makefile. 18. Fix proftpd issue: change cmdftp (thanks to R. Gerrits). 19. Fix proftpd issue: display size of large file (thanks to R. Gerrits). 20. Fix uhttpd issue: TLS 1.0/1.1. 1.0.4.44HF: 1. Toolchain: Go is upgraded 1.14.6->1.14.8. 2. Toolchain: binutils is upgraded 2.34-> 2.35. 3. OpenSSL v. 1.1.1 package: Dynamic engine loading support (Cryptographic Hardware Accelerators). 4. OpenSSL v. 1.0.2 package: change default config directory. 5. Kernel: OpenBSD Cryptographic Framework (OCF) devcrypto support is added (/dev/crypto, kernel-space). 6. Kernel: afalg engine support is added (Cryptographic Hardware Acceleration, user-space). 7. renice utility is added (needed for kamoj add-on). 8. util-linux package is upgraded 2.35.2->2.36. 9. wireguard package is upgraded 1.0.20200712->1.0.20200829. 10. wireguard-tools package is upgraded 1.0.20200513->1.0.20200827. 11. unbound package (used in stubby) is upgraded 1.10.1->1.11.0. 12. libubox package is upgraded 2020-07-11->2020-08-06. 13. nano package is upgraded 4.9.3->5.2. 14. qcawifi.sh: Fix for guest Wi-Fi allowing DNS over TCP (thanks to R. Gerrits). 15. curl package is upgraded 7.71.1->7.72.0 (fixing CVE-2020-8231). 16. SAMBA: Update SAMBA config generation & starting use affinity for SAMBA daemon (goal: slight boost). 17. sysstat package is upgraded 12.2.2->12.4.0. 18. sqlite package is upgraded 3320100->3330000. 19. ethtool package is upgraded 5.4->5.8. 20. ez-ipupdate package build (internal developmet issue) is fixed. 21. radvd package build (internal developmet issue) is fixed. 22. Host tools: upgrade bison to 3.7.1. 23. Host tools: upgrade mpfr to 4.1.0. 24. Host tools: upgrade mpc to 1.2.0. 1.0.4.43HF: 1. Toolchain: GCC is upgraded 9.3.0->10.2.0. 2. Toolchain: Go is upgraded 1.14.4->1.14.6. 3. QoS DB is updated to 1.80 (Mar. 2020). 4. net-lan init script bug is fixed (thanks to kamoj). 5. wireguard package is upgraded 1.0.20200623->1.0.20200712. 6. libjson-c package is upgraded 0.13.1->0.14 (including fix of CVE-2020-12762). 7. proftpd package is upgraded 1.3.6d->1.3.6e. 8. iperf3 package is upgraded 3.7->3.8.1. 9. stubby package is upgraded 0.2.6->0.3.0. 10. haveged package is upgraded 1.9.12->1.9.13. 11. sysstat package is upgraded 12.2.1->12.2.2. 12. libubox package is upgraded 2020-05-25->2020-07-11. 13. libgcrypt package is upgraded 1.8.5->1.8.6. 14. libevent package is upgraded 2.1.11-2.1.12. 15. ffmpeg package is upgraded 3.4.7->3.4.8. 16. libvorbis package is upgraded 1.3.6->1.3.7. 17. bridge-utils package is upgraded 1.6->1.7. 18. px5g package: Makefile is changed to provide compilation by GCC 10.2.0 19. transmission package: Makefile is changed to use libevent 2.1.12. 1.0.4.42.1HF: 1. dropbear package is upgraded 2020.79->2020.80. 2. curl package is upgraded 7.70.0->7.71.1. 3. yaml package (used in stubby) is upgraded 0.2.4->0.2.5. 4. wireguard package is upgraded 1.0.20200611->1.0.20200623. 5. IEEE 802.3ad Dynamic link aggregation issue is fixed. 1.0.4.42HF: 1. dropbear package is upgraded 2019.78->2020.79 (scp fix for CVE-2018-20685: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685 support of ed25519 hostkeys and authorized_keys, adding chacha20-poly1305 authenticated cipher etc). 2. iptables package is upgraded 1.8.4->1.8.5. 3. ca-certificates package is upgraded 20190110->20200601. 4. DNSCrypt Proxy v.2 is upgraded 2.0.42->2.0.44. 5. haveged package is upgraded 1.9.8->1.9.12. 6. wireguard package is upgraded 1.0.20200520->1.0.20200611. 7. wireguard init script is changed (allowing to use LocalIP scope such as e.g. 10.0.xxx.xxx/24). 8. proftpd package is upgraded 1.3.6c->1.3.6d. 9. pciutils package is upgraded 3.4.1->3.7.0. 10. PCI ID's DB is updated to 2020.05.29 11. Toolchain: Go is upgraded 1.14.3->1.14.4. 1.0.4.41HF: 1. net-wall script is fixed for ppp0 connection and modifyed to provide more safety (OpenVPN/WireGuard client, thanks to R. Gerrits). 2. OpenVPN: vpn-firewall.sh script is fixed (thanks to R. Gerrits). 3. DNSCrypt Proxy v.2 init script is fixed (time synchronization, thanks to kamoj). 4. ipset package is upgraded 7.4->7.6+ [2020-03-09] (thanks to HELLO_wORLD for testing). 5. iptables package is upgraded 1.4.21->1.8.4 (thanks to HELLO_wORLD for testing). 6. wireguard package is upgraded 1.0.20200413->1.0.20200520. 7. wireguard-tools package is upgraded 1.0.20200319->1.0.20200513. 8. curl package is upgraded 7.69.1->7.70.0. 9. dbus package is upgraded 1.12.12->1.13.12. 10. libubox package is upgraded 2020-02-27->2020-05-25. 11. uci package is upgraded 2020-01-27->2020-04-24. 12. unbound package (used in stubby) is upgraded 1.9.6->1.10.1. 13. yaml package (used in stubby) is upgraded 0.2.2->0.2.4. 14. util-linux package is upgraded 2.35.1->2.35.2. 15. sqlite package is upgraded 3310100->3320100. 16. nano package is upgraded 4.9.2->4.9.3. 17. Toolchain: Go is upgraded 1.14.1->1.14.3. 1.0.4.40HF: 1. OpenVPN is upgraded 2.4.8->2.4.9 (CVE-2020-11810). https://openvpn.net/community-downloads/ 2. OpenSSL v. 1.1.1 package is upgraded 1.1.1e->1.1.1g (CVE-2020-1967). https://nvd.nist.gov/vuln/detail/CVE-2020-1967 3. ipset package v. 7.4 is added (including kernel modules). 4. wireguard package is upgraded 0.0.20200318->1.0.20200413. 5. iw package is upgraded 3.15->5.4. 6. libnl-tiny package is upgraded 0.1->2019-10-29. 7. ethtool package is upgraded 4.19->5.4. 8. ubus package is upgraded 2020-01-05->2020-02-05. 9. libevent package is upgraded 2.1.8->2.1.11. 10. libxml2 package is upgraded 2.9.9->2.9.10. 11. libreadline package is upgraded 6.3->8.0. 12. nano package is upgraded 4.9->4.9.2. 13. coreutils (sort) package is upgraded 8.31->8.32. 14. Host tools (e2fsprogs): is upgraded to 1.45.6. 15. Host tools (xz): is upgraded to 5.2.5. 16. Host tools (mm-macros): is upgraded to 1.0.0. 17. Toolchain: Go is upgraded 1.14.1->1.14.2. 1.0.4.39.1HF: 1. Toolchain: GCC is upgraded 4.8.5->9.3.0. 2. Toolchain: binutils version is upgraded 2.32->2.34. 3. Toolchain: Go is upgraded 1.13.8->1.14.1. 4. NG/DNI bug in radvd is fixed (reported by microchip) 5. nano package is added (editor). 6. NG/DNI bug in UPG_upgrade.htm is fixed (by Kamoj). 7. transmission package is changed to use OpenSSL v. 1.0.2 (attept to fix https issue). 8. wireguard package is upgraded 0.0.20200215->0.0.20200318. 9. wireguard-tools package is upgraded 1.0.20200206->1.0.20200319. 10. libgcrypt sqlite3 wget packages: optimize for a size. 11. OpenSSL v. 1.1.1 package is upgraded 1.1.1d->1.1.1e. 12. DNSCrypt Proxy v.2 is upgraded 2.0.39->2.0.42. 13. bc package is upgraded 1.06->1.06.95. 14. libreadline package is upgraded 5.2->6.3. 15. libdevmapper package is upgraded 2.02.91->2.02.119. 16. e2fsprogs package is upgraded 1.45.5->1.45.6. 17. Changes in the Linux kernel and in many packages to provide compilation by GCC 9.3.0. 1.0.4.38.3HF: 1. PPP vulnerability CVE-2020-8597 is fixed (score of 9.8/10). https://nvd.nist.gov/vuln/detail/CVE-2020-8597 2. curl package is upgraded 7.68.0->7.69.1. 3. libiconv: make an order in patches. 1.0.4.38.1HF: 1. wireguard package is upgraded 0.0.20200121->0.0.20200215. 2. wireguard-tools package is upgraded 1.0.20200121->1.0.20200206. 3. DNSCrypt Proxy v.2 is upgraded 2.0.36->2.0.39. 4. QoS DB is updated to 1.74 (Dec. 2019). 5. util-linux package is upgraded 2.34->2.35.1. 6. coreutils package (sort) is upgraded 8.30->8.31. 7. sqlite package is upgraded 3300100->3310100. 8. minidlna package is upgraded 1.2.1-2018-04-10->1.2.1-2019-12-09. 9. uci package is upgraded 2019-12-12->2020-01-27. 10. libubox package is upgraded 2020-01-20->2020-02-27. 11. sysstat package is upgraded 12.0.5->12.2.1. 12. libgpg-error package is upgraded 1.36->1.37. 13. cifs-utils package is upgraded 6.9->6.10. 14. proftpd package is upgraded 1.3.6->1.3.6c. 15. libusb package is upgraded 1.0.22->1.0.23. 16. libusb-compat package is upgraded 0.1.5->0.1.7. 17. avahi package is upgraded 0.7->0.8. 18. ncurses package is upgraded 6.1->6.2. 19. fdisk utility is added. 20. tune2fs utility is added. 21. resize2fs utility is addded. 22. Host tools (quilt): is upgraded to 0.66. 23. Host tools (gmp): is upgraded to 6.2.0. 24. Host tools (sed): is upgraded to 4.8. 25. Host tools (bison): is upgraded to 3.5.1. 1.0.4.38HF: 1. WireGuard client support is added (tested with Integrity VPN, thanks to KW.). 2. net-wall firewall is changed to support WireGuard client. 3. hotplug2 package is changed to support automatic WireGuard client config copy from USB drive. 4. wireguard package is upgraded 0.0.20191226->0.0.20200121. 5. wireguard-tools package is upgraded 1.0.20191226->1.0.20200121. 6. ubus package is upgraded 2019-12-27->2020-01-05. 7. e2fsprogs package is upgraded 1.44.5->1.45.5. 8. curl package is upgraded 7.67.0->7.68.0. 9. DNSCrypt Proxy v.2 build scheme is changed (compilation by Go, dynamic GCC libs). Should work faster. 10. libubox package is upgraded 2019-12-28->2020-01-20. 11. Default ReadyCLOUD version is upgraded to 20190805. 12. Host tools (e2fspogs): is upgraded to 1.45.5. 13. Host tools (bison): is upgraded to 3.5. 1.0.4.37HF: 1. WireGuard package is upgraded 20191212->20191226 (plus changes in build tree). 2. OpenSSL v. 1.0.2 package is upgraded 1.0.2t->1.0.2u. 3. uci package is upgraded 2019-11-14->2019-12-12. 4. libubox package is upgraded 2019-11-24->2019-12-28. 5. ubus package is upgraded 2018-10-06->2019-12-27. 6. DNSCrypt Proxy v.2 is upgraded 2.0.35->2.0.36. 7. unbound package (used in stubby) is upgraded 1.9.5->1.9.6. 8. logrotate package is upgrader 3.8.1->3.15.0. 9. ffmpeg package is upgraded 3.4.6->3.4.7. 10. Happy New Year! 1.0.4.36HF: 1. WireGuard v. 20191212 is added (kernel module + "wg" utility). 2. libmnl package version 1.0.4 is added (used in WireGuard). 3. OpenVPN is upgraded 2.4.7->2.4.8. 4. curl package is upgraded 7.66.0->7.67.0. 5. DNSCrypt Proxy v.2 is upgraded 2.0.28->2.0.35. 6. stubby config is changed (not so strict requirements to the server). 7. unbound package (used in stubby) is upgraded 1.9.4->1.9.5. 8. e2fsprogs: CVE-2019-5094 patch is added. 9. libubox package is upgraded 2019-10-21->2019-11-24. 10. uci package is upgraded 2019-09-01->2019-11-14. 11. net-wall script is fixed to support IPv6. 12. Host tools (e2fspogs): is upgraded to 1.45.4. 1.0.4.35HF: 1. minidlna package is upgraded 1.2.1->1.2.1-2018-04-10. 2. (minidlna) ffmpeg package configuration is changed (to provide more stable support of the FLAC files). 3. (minidlna) ffmpeg compilation flag conflict is fixed (now it is pure Cortex-A15 target). 4. (minidlna) libogg package is upgraded 1.3.3->1.3.4. 5. (minidlna) sqlite package is upgraded 3290000->3300100. 6. expat package is upgraded 2.2.7->2.2.9 (CVE-2019-15903). 7. unbound package (used in stubby) is upgraded 1.9.3->1.9.4 (CVE-2019-16866). 8. DNSCrypt Proxy v.2 is upgraded 2.0.27->2.0.28. 9. dnsmasq package is upgraded 2.78->2.80. 10. curl package is upgraded 7.65.3->7.66.0. 11. haveged package is upgraded 1.9.6->1.9.8. 12. libubox package is upgraded 2019-06-16->2019-10-21. 13. transmission-web-control package is upgraded 2019-04-16->2019-07-24. 14. dropbear package is changed: to allow ssh forwarding. 15. e2fsprogs package: optimization for a size. 16. patch package is added (kamoj add-on, replacement of a busybox analog). 17. coreutils sort package is added (kamoj add-on, replacement of a busybox analog). 18. etherwake package is added (kamoj add-on). 19. busybox: sort and patch are disabled. 20. OpenSSL 1.0.2/1.1.1: make an order with patches. 21. Host tools (mtd-utils): Add: glibc >= 2.28 compatibility patch. 22. Host tools (m4): Add: glibc >= 2.28 compatibility patch. 23. Host tools (squashfs4): Add: glibc >= 2.28 compatibility patch. 24. Toolchain: gdb is upgraded. 25. Development platform is changed (Debian9->Debian10: glib 2.24->2.28; gcc 6.3.0->8.3.0; etc). 26. Support of new certificates for https. 27. QoS could be updated to v1.64 Oct 23, 2019 (press [Update Now] button in GUI). 28. Plex could be updated to v.1.18.0.1913-e5cc93306 Jul 16, 2019. 1.0.4.34HF: 1. proftpd package is upgraded from specific version with NG changes to 1.3.6 + CVE-2019-12815 security patch. (Plus some changes in its behavior. Issue alarmed by kamoj) 2. DNSCrypt Proxy v.2 is upgraded 2.0.25->2.0.27 (Firefox workaround). 3. OpenSSL v. 1.0.2 package is upgraded 1.0.2s->1.0.2t. (see https://www.openssl.org/news/openssl-1.0.2-notes.html for details) 4. OpenSSL v. 1.0.2 package: patch to strip cflags from resulting binary is added. 5. OpenSSL v. 1.1.1 package is upgraded 1.1.1c->1.1.1d. (see https://www.openssl.org/news/openssl-1.1.1-notes.html for details) 6. haveged package is upgraded 1.9.4->1.9.6. 7. uci package is upgraded 2019-05-17->2019-09-01. 8. unbound package (used in stubby) is upgraded 1.9.2->1.9.3. 9. libgcrypt package is upgraded 1.8.4->1.8.5. 1.0.4.33HF: 1. QoS DB is updated to v1.58 2. libreadline: fixing read-only attribute for target libraries to provide strip of binary (saving space). 3. amule, libcrypto++, wxWidgets: optimization of size (saving space). 4. libunistring is removed (not needed, saving space). 5. libogg is removed (not needed, saving space). 6. Transmission: change of GUI. transmission-web-control package is added and standard transmission-web is removed. 7. OpenSSL package: unification of Makefile (identical with R7800 version). 8. lz4 package is upgraded 1.9.1->1.9.2 9. lz4 package: unification of Makefile (identical with R7800 version). 10. lzo package: unification of Makefile (identical with R7800 version). 11. OpenVPN package: unification of Makefile (identical with R7800 version). 12. dropbear package: unification of Makefile (identical with R7800 version). 13. libflac package is upgraded 1.3.2->1.3.3. 14. libflac package optimization (sync with OpenWRT version). 15. curl package is upgraded 7.65.1->7.65.3. 16. expat package is upgraded 2.2.6->2.2.7. 17. sqlite package is upgraded 3270200->3290000. 18. Host tools: two components are upgraded (e2fsprogs, scons). 1.0.4.32HF: 1. Kernel vulnerability: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 are fixed. https://nvd.nist.gov/vuln/detail/CVE-2019-11477 https://nvd.nist.gov/vuln/detail/CVE-2019-11478 https://nvd.nist.gov/vuln/detail/CVE-2019-11479 2. yaml package (used in stubby) is upgraded 0.2.1->0.2.2. 3. lz4 package is upgraded 1.8.3->1.9.1. 4. util-linux package is upgraded 2.33.1->2.34. 5. sysstat package is upgraded 11.6.4->12.0.5. 6. gdbm package is upgraded 1.11->1.18.1. 7. uClibc: sync with GNU C library patch is added. 8. zlib package is optimized. 9. Host tools: three components are upgraded (bison, mpfr, scons). 1.0.4.31.1HF: 1. curl package: revert to OpenSSL 1.0.2 (to provide compatibility with ReadyCLOUD). 2. opkg package: revert to OpenSSL 1.0.2 (because of using libcurl p.1). 3. curl package is upgraded 7.65.0->7.65.1. 4. libubox package is upgraded 2019-02-27->2019-06-16. 5. DNSCrypt Proxy v.2 is upgraded 2.0.23->2.0.25. 6. unbound package (stubby) is upgraded 1.9.1->1.9.2. 7. libjson-c package is upgraded 0.12.1->0.13.1. 1.0.4.31HF: 1. OpenSSL v. 1.1.1c package is added. 2. OpenSSL v. 1.0.2 package is upgraded 1.0.2r->1.0.2s. 3. OpenVPN package is changed to use OpenSSL v. 1.1.1. 4. OpenVPN server(s) is(are) slightly optimized. 5. OpenVPN client now could be used simultaneously with OpenVPN server(s) (no necessity to disable server(s) from GUI). 6. unbound package (used in stubby) is changed to use OpenSSL v. 1.1.1. 7. getdns package (used in stubby) is changed to use OpenSSL v. 1.1.1. 8. Because of "6." and "7.": stubby is set to support TLSv1.3 with cloudflare (DoT). 9. wget package is changed to use OpenSSL v. 1.1.1. 10. transmission package is changed to use OpenSSL v. 1.1.1. 11. curl package is upgraded 7.64.1->7.65.0. 12. curl package is changed to use OpenSSL v. 1.1.1. 13. opkg package is changed to use OpenSSL v. 1.1.1. 14. uci package is upgraded 2018-08-11->2019-05-17. 15. util-linux package is upgraded 2.33->2.33.1. 16. openssh-client add-on is changed to use OpenSSL v. 1.1.1. 1.0.4.30HF/1.0.4.30HF-HW: 1. ffmpeg package is upgraded 3.4.5->3.4.6. 2. cifs-utils package is upgraded 6.8->6.9. 3. wget package is upgraded 1.20.1->1.20.3. 4. sqlite package is upgraded 3260000->3270200. 5. getdns package (used in stubby) is upgraded 1.5.0->1.5.2. 6. stubby package is upgraded 0.2.4->0.2.6. 7. DNSCrypt Proxy v.2 is upgraded 2.0.22->2.0.23. 8. curl package is upgraded 7.64.0->7.64.1. 9. HW version: mbedtls package is upgraded 2.16.0->2.16.1. 10. libusb package is added (v. 1.0.22). 11. libusb-compat package is added (v. 0.1.5). 12. mp707 package is added (v. 1.0.2-20171025). 13. Typo bug in OpenVPN client (led control in ovpnclient-down.sh script) is fixed. 14. congestion control algorithm is changed to westwood+. 15. rmem_max/wmem_max/defaults values are decreased to avoid bufferbloat issues (note: use QoS and limit your max speed for good results in dslreports). 16. DNSCryps Proxy V1 and its dependence libsodium are removed. 17. net-wall: cosmetic changes. 18. cmdftp: cosmetic changes. 19. Host tools: now default host cmake is used. 1.0.4.29HF/1.0.4.29HF-HW: 1. Integration of changes from the stock v. 1.0.4.28. 2. dropbear package is upgraded 2018.76->2019.78. 3. OpenSSL package is upgraded 1.0.2q->1.0.2r. 4. OpenVPN is upgraded 2.4.6->2.4.7. 5. DNSCrypt Proxy v.2 is upgraded 2.0.19->2.0.22. 6. unbound package (used in stubby) is upgraded 1.9.0->1.9.1. 7. ca-certificates package is upgraded 20180409->20190110. 8. libubox package is upgraded 2018-11-16->2019-02-27. 9. tar package is upgraded 1.31->1.32. 10. libgpg-error package is upgraded 1.34->1.36. 11. busybox package: dos2unix/unix2dos commands are added. 12. proftpd: read access issue for admin user is fixed (NG bug). 13. Toolchain: binutils version is upgraded to 2.32. 1.0.4.27HF/1.0.4.27HF-HW: 1. Integration of changes from the stock v. 1.0.4.26 including: - a login password enhancement in the router web interface to support a more secure password (no saving passwords in NVRAM in plain text form). - fixing the issue where the speed test in the QoS page always fails. - Dynamic QoS database v1.46 update. 2. tar package is upgraded 1.30->1.31. 3. curl package is upgraded 7.63.0->7.64.0. 4. unbound package (used in stubby) is upgraded 1.8.3->1.9.0. 5. libvorbis package is upgraded 1.3.5->1.3.6. 6. ffmpeg package is upgraded 3.2.12->3.4.5. 7. libsodium package is upgraded 1.0.16->1.0.17. 8. busybox package: patch command is added. 9. Host tools: two components are upgraded. 1.0.4.16HF/1.0.4.16HF-HW: 1. dropbear: security issue CVE-2018-15599 is fixed, see: https://nvd.nist.gov/vuln/detail/CVE-2018-15599 for details. 2. curl package is upgraded 7.62.0->7.63.0. 3. dbus package is upgraded 1.12.10->1.12.12. 4. e2fsprogs package is upgraded 1.44.4->1.44.5. 5. jansson package is upgraded 2.11->2.12. 6. libgpg-error package is upgraded 1.32->1.34. 7. libxml2 package is upgraded 2.9.8->2.9.9. 8. sqlite package is upgraded 3250300->3260000. 9. wget package is upgraded 1.20->1.20.1. 10. jq package is upgraded 1.5->1.6. 11. getdns package (used un stubby) is upgraded 1.4.2->1.5.0. 12. unbound package (used in stubby) is upgraded 1.8.2->1.8.3. 13. stubby package is upgraded 0.2.3->0.2.4. 14. HW version: mbedtls package is upgraded 2.13.0->2.16.0. 15. HW version: cryptodev-linux package is upgraded 1.9.git-2018-11-02->1.10. 16. Toolchain: gdb is upgraded to 8.2.1. 17. Host tools: two components are upgraded. 1.0.4.15HF/1.0.4.15HF-HW: 1. OpenSSL package is upgraded 1.0.2p->1.0.2q. 2. DNSCrypt Proxy v.2 (2.0.19) is included into firmware: to enable DNSCrypt Proxy v.2 run the commands from telnet/ssh console: nvram set dnscrypt2=1 nvram commit and reboot your router; to disable DNSCrypt Proxy v.2 run the commands from telnet/ssh console: nvram set dnscrypt2=0 nvram commit and reboot your router. 3. unbound package (used in stubby) is upgraded 1.8.1->1.8.2. 4. wget package is upgraded 1.19.5->1.20. 5. util-linux package is upgraded 2.32.1->2.33. 6. haveged package is upgraded 1.9.2->1.9.4. 7. ethtool package is upgaded 4.18->4.19. 8. libjpeg package is upgraded 9a->9c. 9. curl package is upgraded 7.61.1->7.62.0. 10. libgcrypt package is upgraded 1.8.3->1.8.4. 11. libubox package is upgraded 2018-07-25->2018-11-16. 12. sqlite package is upgraded 3240000->3250300. 13. HW version: cryptodev-linux package is upgraded 1.9.git-2017-10-04->1.9.git-2018-11-02. 1.0.4.14HF/1.0.4.14HF-HW: 1. Partial rollback: most of integrated binaries and kernel objects from the stock 1.0.4.12 are reverted back to CountryIE version. (to provide stability of Wi-Fi connection) 2. ubus package is upgraded 2018-07-26->2018-10-06-221ce7e7. 3. libevent2 package is upgraded 2.0.22-1->2.1.8. 4. libevent-core and libevent2-pthreads packages are removed (not used). 5. unbound package is upgraded 1.8.0->1.8.1. 6. NG Downloader: fixing problems with http/ftp downloads. 7. Toolchain: binutils version is upgraded to 2.31.1. 1.0.4.13HF/1.0.4.13HF-HW: 1. Integration of changes from the stock v. 1.0.4.12. 2. stubby package is added (with all needed dependences) to provide DNS-over-TLS support: to enable stubby run the commands from telnet/ssh console: nvram set stubby=1 nvram commit and reboot your router; to disable stubby run the commands from telnet/ssh console: nvram set stubby=0 nvram commit and reboot your router. 3. Temporary fix for NG's bug (Attached Device List) is removerd (is working now). 4. dnsmasq: dnsmasq.conf options optimized. 5. dbus package is upgraded 1.12.8->1.12.10. 6. expat package is upgraded 2.2.5->2.2.6. 7. lz4 package is upgraded 1.8.2->1.8.3. 8. ethtool package is upgaded 4.17->4.18. 9. curl package is upgraded 7.61.0->7.61.1. 10. at package is upgraded 3.1.20->3.1.23. 11. sqlite package is upgraded 3230100->3240000. 12. sysstat package is upgraded 11.0.4->11.6.4. 13. HW version: mbedtls package is upgraded 2.12.0->2.13.0. 14. plexmedia package: some re-order. 15. Host tools: several components are upgraded. 16. /etc/profile default profile is changed (no PATH for /opt/bin:/opr/sbin). Entware users should set the PATH for Entware in /root/.profile file. 1.0.4.6HF/1.0.4.6HF-HW: 1. uhttpd: Fix for Attached Device Names is included (similar to R7800). 2. OpenVPN client optimization. 3. OpenSSL is upgraded 1.0.2o->1.0.2p (CVE-2018-0732, CVE-2018-0737). 4. dnsmasq: dnsmasq.conf options optimized. 5. ntpclient: init script is changed (automatization of setting date for OpenVPN client). 6. avahi package is upgraded 0.6.32->0.7. 7. ubus package is upgraded 2018-01-16->2018-07-26. 8. libubox package is upgraded 2018-06-07->2018-07-25. 9. uci package is upgraded 2018-03-24->2018-08-11. 10. e2fsprogs package is upgraded 1.43.9->1.44.4. 11. util-linux package is upgraded 2.32->2.32.1. 12. ffmpeg package is upgraded 3.2.10->3.2.12. 13. libgpg-error package is upgraded 1.27->1.32 14. HW version: mbedtls package is upgraded 2.11.0->2.12.0. 1.0.4.5HF/1.0.4.5HF-HW: 1. dnsmasq: dnsmasq.conf options are changed (compliance with v. 2.78). 2. OpenVPN client optimization. 3. ethtool package is upgaded 4.16->4.17. 4. iperf3 package is upgraded 3.5->3.6. 5. haveged package is upgraded 1.9.1->1.9.2. 6. transmission package is upgraded 2.93->2.94. 7. dbus package is upgraded 1.10.4->1.12.8. 8. curl package is upgraded 7.60.0->7.61.0. 9. libubox package is upgraded 2018-04-12->2018-06-07. 10. jansson package is upgraded 2.10->2.11. 11. libgcrypt package is upgraded 1.6.6->1.8.3. 12. libogg packages is upgraded 1.3.2->1.3.3. 13. HW version: mbedtls package is upgraded 2.7.0->2.11.0. 1.0.4.4HF/1.0.4.4HF-HW: 1. CountryIE integration. 1.0.4.3HF/1.0.4.3HF-HW: 1. Integration of changes from the stock v. 1.0.3.16/1.0.4.2. 2. NG version of OpenVPN client is removed (use my version if necessary). 3. Several NG bugs are corrected. 4. New samba CVE patches. 5. OpenVPN is upgraded 2.4.5->2.4.6. 6. lz4 package is upgraded 1.8.1.2->1.8.2 (general speed improvements, see https://github.com/lz4/lz4/releases). 7. at package is upgraded 3.1.13->3.1.20. 8. libubox package is upgraded 2018-03-21->2018-04-12. 9. ca-certificates package is upgraded 20170717->20180409. 10. sqlite package is upgraded 3210000->3230100. 11. wget package is upgraded 1.19.2->1.19.5. 12. curl package is upgraded 7.59.0->7.60.0. 13. ethtool package is upgaded 4.15->4.16. 14. cifs-utils package is upgraded 6.6->6.8. 15. Host tools: several components are upgraded. 1.0.3.12HF/1.0.3.12HF-HW: 1. Some yet another minor NG bugs are corrected. 2. OpenSSL is upgraded 1.0.2n->1.0.2o. 3. curl package is upgraded 7.58.0->7.59.0. 4. ffmpeg package is upgraded 3.2.9->3.2.10. 5. libubox package is upgraded 2018-02-08->2018-03-21. 6. uci package is upgraded 2018-01-01->2018-03-24. 7. ncurses package is upgraded 6.0->6.1. 8. util-linux package is upgraded 2.31.1-2.32. 9. libxml2 package is upgraded 2.9.7->2.9.8. 10. iperf3 package is upgraded 3.4->3.5. 11. Host tools: three components are upgraded. 12. Toolchain: binutils version is upgraded to 2.30 1.0.3.11HF/1.0.3.11HF-HW: 1. Integration of changes from the stock v. 1.0.3.10. PSV-2017-3170 http://kb.netgear.com/en_US/000055194/ PSV-2017-3167 http://kb.netgear.com/en_US/000055193/ PSV-2017-3093 http://kb.netgear.com/en_US/000055191/ NOTE: reset is needed! 2. Some NG bugs are corrected. 3. OpenVPN client is optimized. 4. OpenSSL configuration is changed to provide compatibility with ReadyCLOUD 20170711. 5. OpenVPN is upgraded 2.4.4->2.4.5. 6. dropbear package is upgraded 2017.75->2018.76. 7. util-linux package is upgraded 2.30.2->2.31.1. 8. iperf package is upgraded to iperf3 2.0.10->3.4. 9. Beta support of R8900. 1.0.3.9HF/1.0.3.9HF-HW: 1. e2fsprogs package is upgraded 1.43.8->1.43.9. 2. ethtool package is upgaded 4.13->4.15. 3. libubox package is upgraded 2018-01-07->2018-02-08. 4. netatalk package is upgraded 2.2.1->2.2.6. 5. lz4 package is upgraded 1.8.0->1.8.1.2. 6. curl package is upgraded 7.57.0->7.58.0. 7. forked-daapd package (iTunes Server) is removed (sync with R7800 version). 8. libconfuse, libmxml, libantlr3c, libplist, libasound are removed (were used solely by forked-daapd, not needed now). 9. ffmpeg package is upgraded 0.11.2->3.2.9. 10. OpenVPN client changes: net-wall script is corrected to process "restart" argument (thanks to kamoj). 11. transmission package is upgraded 2.92+git->2.93. 12. HW version: transmission is changed OpenSSL version->mbed TLS version (fix kernel panic in HW version). 13. HW version: libmbedtls package is added for transmission (mbed TLS version). 14. Some "clip-art" changes in WebGUI. 15. Toolchain is changed (sync with R7800 version). 16. Some NG bugs are corrected. 1.0.3.8HF/1.0.3.8HF-HW: 1. WIGIG firmware (AD driver) is reverted back to previous version (fixing problems with 802.11ad). 2. Bug in ReadySHARE GUI (Advanced Settings, Apply button) is fixed, problem reported by tech960. 3. ubus package is upgraded 2017-11-13->2018-01-16. 4. HW version: cryptodev-linux package is upgraded 1.9.git-2017-05-29->1.9.git-2017-10-04. 1.0.3.7HF/1.0.3.7HF-HW: 1. Integration of changes from the stock v. 1.0.3.6. 2. Several bugs in the stock v. 1.0.3.6 are corrected (ReadyCLOUD link in WebGUI, aws-iot, etc.). 1.0.2.54HF/1.0.2.54HF-HW: 1. Integration of changes from the stock v. 1.0.2.52: Security fixes: PSV-2016-0131 https://kb.netgear.com/000053137/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2016-0131 Plus other changes including new versions of QCA drivers and TM QoS. 2. CVE-2017-15275 patch is added to samba. 3. Small improvements in samba config to increase the speed. 4. net-wall script is corrected to add possibility using own /root/firewall-start.sh script. 5. cron table potential problem is corrected (/etc/crontabs is now symlink to /tmp/etc/crontabs). 6. libsodium package is upgraded 1.0.15->1.0.16. 7. tar pckage is upgraded 1.29->1.30. 8. uci package is upgraded 2017-09-29->2018-01-01. 9. libubox package is upgraded 2017-10-06->2018-01-07. 10. e2fsprogs package is upgraded 1.43.7->1.43.8. 11. dnscrypt-resolvers.csv is updated. 1.0.2.47HF/1.0.2.47HF-HW: 1. haveged package is added to feed the kernel entropy pool. 2. OpenSSL is upgraded 1.0.2m->1.0.2n. Major changes (OpenSSL changelog): Read/write after SSL object in error state (CVE-2017-3737) rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) 3. ubus package is upgraded 2017-11-06->2017-11-13. 4. curl package is upgraded 7.56.1->7.57.0. 5. alsa-lib package is upgraded 1.1.4.1->1.1.5. 6. ReadyCLOUD version is downgraded 20170711->20170214 (problem reported by tech960). 7. default congestion control is changed to yeah, rmem_max/wmem_max values are increased. 8. dnscrypt-resolvers.csv is updated. 9. Several packages are optimized to minimize resulting size. 1.0.2.46HF/1.0.2.46HF-HW: 1. OpenSSL is upgraded 1.0.2l->1.0.2m. Fixes (OpenSSL changelog): * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736). * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735). 2. Changes in OpenVPN client: * Now Power LED is blinking if router fails to connect to OpenVPN server. * "--cd $OPENVPN_CONF_DIR" option is added to startup script. 3. Bug in openvpn-easy-rsa package is fixed (cert files regeneration, OpenSSL 0.9.8->1.0.0). 4. e2fsprogs package is upgraded 1.43.6->1.43.7. 5. curl package is upgraded 7.55.1->7.56.1. 6. ethtool package is upgaded 4.11->4.13. 7. wget package is upgraded 1.19.1->1.19.2. 8. iperf package is upgraded 2.0.9a->2.0.10. 9. libubox package is upgraded 2017-09-29->2017-10-06. 10. ubus package is upgraded 2017-02-18->2017-11-06. 11. libxml package is upgraded 2.9.6->2.9.7. 12. sqlite package is upgraded 3200100->3210000. 13. expat package is upgraded 2.2.4->2.2.5. 14. dnscrypt-resolvers.csv is updated. 15. Host tools: three components are upgraded. 16. Toolchain: Patch is added to compiler (to support compilation by gcc 6.3.0). 1.0.2.45HF/1.0.2.45HF-HW: 1. OpenVPN is upgraded 2.4.3->2.4.4. 2. minidlna is upgraded 1.2.0->1.2.1. 3. sqlite package is upgraded 3190300->3200100. 4. libxml2 package is upgraded 2.9.5->2.9.6. 5. libubox ackage is upgraded 2017-06-17->2017-09-29. 6. uci package is upgraded 2017-04-12->2017-09-29. 7. util-linux package is upgraded 2.30.1->2.30.2. 8. curl package is upgraded 7.54.1->7.55.1. 9. libsodium package is upgraded 1.0.13->1.0.15. 10. dnscrypt-resolvers.csv is updated. 11. Host tools: mpfr is upgraded. 12. Toolchain: binutils is upgraded to version 2.29.1. 13. Samba user "root" is added (allows mapping drive with root permissions). 14. Minor bug in dbus is fixed. 15. Experimental: -funsafe-math-optimizations option is added. 1.0.2.44HF/1.0.2.44HF-HW: 1. Problem with Plex reported by Bartman is fixed (util-linux "taskset" was lost, missed in LEDE Makefile). 2. libxml2 package is upgraded 2.9.4->2.9.5. 3. expat package is upgraded 2.2.3->2.2.4. 4. confuse package is upgraded 3.2->3.2.1. 5. wget package is upgraded 1.18->1.19.1. 6. libubox package is upgraded 2017-02-24->2017-06-17. 7. curl/libcurl is synchronized with OpenWRT/LEDE. 8. Some changes in kernel config for SMB2. 9. Host tools: several patches are added (genext2fs lzma m4 mkimage). 1.0.2.43HF/1.0.2.43HF-HW: 1. Most important: samba is upgaded 3.0.24->3.6.25 (with all security patches). 2. ncurses package is upgraded 5.9->6.0. 3. util-linux package is upgraded 2.28->2.30.1. 4. lz4 package is upgraded 1.7.5->1.8.0. 5. e2fsprogs package is upgraded 1.43.5->1.43.6. 6. WebGUI: font size for logs is increased. 7. Host tools: e2fsprogs is upgraded too. 8. Toolchain: uClibc, several patches are added (needed for compilation util-linux). 1.0.2.42HF/1.0.2.42HF-HW: 1. ReadyCLOUD GUI access problem is fixed (problem reported by Bartman). 2. ReadyCLOUD version is upgraded 20170214->20170711. 3. expat package is upgraded 2.2.2->2.2.3. 4. e2fsprogs package is upgraded 1.43.4->1.43.5. 5. OpenVPN clinet startup script is optimized. 6. Host tools: one component is upgraded. 1.0.2.41HF/1.0.2.41HF-HW: 1. sqlite package is upgraded 3190200->3190300. 2. uci package is upgraded 2016-07-04->2017-04-12. 3. confuse package is upgraded 3.0->3.2. 4. curl package is upraded 7.29.0->7.54.1. 5. expat package is upgraded 2.2.0->2.2.2 6. bridge-utils package is upgraded 1.5->1.6. 7. libsodium package is upgraded 1.0.12->1.0.13. 8. dnscrypt-resolvers.csv is updated. 9. Host tools: two components are upgraded to most recent versions. 10. cryptodev-linux package is added (HW version, OpenSSL hardware acceleration). 11. OpenSSL is changed to support hardware acceleration (HW version). 12. Changes from stock 1.0.2.40 are integrated to this release. 13. ReadyCLOUD version is changed from 20161111 to 20170214 14. Some other changes. 1.0.2.35HF-HW: (internal release) 1.0.2.34HF: (internal release) 1.0.2.33HF: The following packages are upgraded/added vs stock 1.0.2.32 (not all are listed, but main): alsa-lib-1.1.4.1.tar.bz2 autoconf-2.69.tar.xz avahi-0.6.32.tar.gz binutils-2.28.tar.bz2 bison-3.0.4.tar.xz dbus-1.10.4.tar.gz dnscrypt-proxy-1.9.5.tar.bz2 dropbear-2017.75.tar.bz2 e2fsprogs-1.43.4.tar.gz ethtool-4.11.tar.xz flac-1.3.2.tar.xz flex-2.6.4.tar.gz gcc-4.8.5.tar.bz2 gdb-7.12.1.tar.xz gdbm-1.11.tar.gz gettext-0.19.8.1.tar.xz gmp-6.1.2.tar.xz iperf-2.0.9a.tar.gz jansson-2.10.tar.bz2 jpegsrc.v9a.tar.gz jq-1.5.tar.gz json-c-0.12.1-nodoc.tar.gz libcrypto++_5.6.4.orig.tar.xz libevent-2.0.22-stable.tar.gz libexif-0.6.21.tar.bz2 libgcrypt-1.6.6.tar.bz2 libgpg-error-1.27.tar.bz2 libiconv-1.11.1.tar.gz libogg-1.3.2.tar.xz libubox-2017-02-24-96305a3c.tar.xz libvorbis-1.3.5.tar.xz libxml2-2.9.4.tar.gz lua-5.1.5.tar.gz lz4-1.7.5.tar.gz lzo-2.10.tar.gz m4-1.4.18.tar.xz minidlna-1.2.0.tar.gz mklibs_0.1.35.tar.gz mm-common-0.9.10.tar.xz mpc-1.0.3.tar.gz mpfr-3.1.5.tar.xz mtd-utils-1.5.2.tar.gz mxml-2.10.tar.gz ncurses-5.9.tar.gz openssl-1.0.2l.tar.gz openvpn-2.4.3.tar.xz pkg-config-0.29.1.tar.gz popt-1.16.tar.gz proftpd-1.3.5b.tar.gz quilt-0.65.tar.gz scons-2.5.1.tar.gz sed-4.4.tar.xz sysstat-11.0.4.tar.xz tar-1.29.tar.bz2 transmission-2.92+git.tar.gz u-boot-2014.10.tar.bz2 ubus-2017-02-18-34c6e818.tar.xz unzip60.tar.gz util-linux-2.28.tar.xz wget-1.18.tar.xz xz-5.2.3.tar.bz2 zip30.tar.gz zlib-1.2.11.tar.gz Plus bugs correction, optimization, acceleration.