华硕RT-AC87U路由 梅林固件 380.65_4 2017-03-29

Asuswrt-Merlin Changelog ======================== 380.65_4 (28-Mar-2017) - FIXED: Various LAN/WAN issues with the RT-AC3200 due to incorrect GMAC state checks (Asus bug) (patch by john9527) - FIXED: Some models would sometime randomly fail to start one of their wifi radio, possibly due to a hardware design issue. Partly revert the 380.65 changes that removed the automatic reboot if one radio was disabled at boot time, but reduced the maximum number of reboots to 1. 380.65_2 (10-Mar-2017) - FIXED: CVE-2017-6549 (implemented temporary workaround, until a proper fix from Asus) - FIXED: CVE-2017-6548 (backport from GPL 7266) - FIXED: WOL page fails to load if adding a client with a quote in its name. - FIXED: Couldn't add a DHCP reservation client if its name contained a quote. 380.65 (3-Feb-2017) - NEW: Merged with parts of Asus GPL 380_4180, left out most of it because of too many bugs in it. - NEW: Upgraded to OpenVPN 2.4.0, and implemented support for many of its new features: * GCM ciphers * LZ4 compression * tls-crypt (uses the Static Key field) * Cipher negotiation (NCP), with (optional) fallback to legacy "cipher" parameter when an OpenVPN 2.3 client connects to the router's 2.4 server. Please refer to the OpenVPN 2.4 documentation for more info on these new features. You will be warned if any server setting would generate an exportable ovpn file that would be incompatible with older clients. Existing client config shouldn't need to be changed, unless you modify the router's server configuration. - NEW: Upgraded Busybox to 1.25.1 (patch by theMIROn) - NEW: Added the following Busybox applets: ntpd, time, uniq, xargs and getopt, for feature parity with John's fork. - NEW: Option on Media Server page to enable minidlna's built-in status web page. Default URL is http://router.asus.com:8200 . - NEW: Support for Vodafone R226 USB LTE (patch by Gernot Pansy) - NEW: New "update-notification" user script, that gets run when a scheduled firmware check detects a new version is available. - CHANGED: Removed support for all RC ciphers on OpenVPN. DES is staying for now, but should still be avoided whenever possible. - CHANGED: Updated openssl to 1.0.2k - CHANGED: Updated tor to 0.2.9.9 (0.2.9.x patch by blackfuel) - CHANGED: Updated nano to 2.7.4. - CHANGED: hosts file will now give a higher priority to the user-configured hostname for the router ahead of hardcoded ones (like router.asus.com). - CHANGED: Create a system log entry if a new firmware version is available. - CHANGED: Display name and icon for clients configured on the Tor page. - CHANGED: Streamlined miniupnpd stop/start events during boot, so there are fewer of them now. - FIXED: Invalid DUID used when requesting an IPv6 prefix for some of the newer router models, which would prevent them from getting working IPv6 (Asus bug) - FIXED: Network Service Firewall rules not applied under certain configurations - FIXED: Port triggering wasn't working if traffic had been whitelisted by Network Service Firewall - FIXED: Avahi wasn't rejecting connections from secondary WAN interface - FIXED: Sorting clients by connection time would incorrectly treat 10 hours as shorter than 9 hours, as it was handling it as a string (Asus bug) - FIXED: Exported ovpn client file wouldn't use the user-configured hostname when using DDNS custom mode. - FIXED: Exported OpenVPN client config didn't work when using static key authentication. - FIXED: Exported OpenVPN client config wasn't editable with Notepad, the default editor used by Windows's OpenVPN GUI. - FIXED: OpenVPN was killed too quickly on disconnection, causing issues when using explicit-exit-notify (patch by john9527) - FIXED: OpenVPN client/server instances weren't properly restarted on a WAN restart (patch by john9527) - FIXED: Some models (N66/AC66/AC5300) would reboot 3 times if one of the radios was found disabled by the user while booting (Asus bug). - FIXED: Webui layout was broken under Chrome 56. 380.64_2 (8-Jan-2017) - FIXED: IPv6 client list failing to properly show hostnames (regression in 64_1) - FIXED: A few potential buffer overruns in httpd 380.64_1 (6-Jan-2017) - FIXED: Security issues in httpd (backport from GPL 4180 + additional fixes of my own) 380.64 (16-Dec-2016) - NEW: New firmware availability notification. The router will notify you if a new firmware is available, and will also let you view the changelog before sending you to the download page (the update process remains manual). Note that the automated check will only report new final releases. The Check button on the Firmware Upgrade will immediately check for final releases or beta (if you select that option), but not both at the same time. - NEW: Added iptables MASK support on MIPS kernel (patch by john9527) - NEW: Webui warning shown in the notification area if running low on free nvram. - CHANGED: Updated nano to 2.7.1. - CHANGED: Updated OpenVPN to 2.3.14. - CHANGED: Updated curl to 7.51.0, resolving numerous security and stability issues. - CHANGED: Tor clients will now route other TCP ports than just 80/443, and drop UDP and ICMP traffic (patch by blackfuel) - CHANGED: QoS Stats info will automatically refresh every 3 seconds (user-configurable) - CHANGED: IPTraffic charts now show sorted slices, so the clients with the least traffic will get grouped under "Others" if truncating the list of shown clients. - CHANGED: Enabled IPv6 support in curl. - CHANGED: Improved webui performance, by caching large static Javascript files such as jquery, and increased cache life from 5 mins to 1 hour. - CHANGED: No longer include Download Master packages in the firmware for those models that still included them, reducing firmware size by a few megabytes. Those were always outdated, the router will download the latest versions from Asus's servers at install time. - CHANGED: Improved webui protection against CSS/XSS attacks (backport from GPL 4164) - FIXED: Web server crash if importing an ovpn file with an invalid key or certificate (Asus bug) - FIXED: App icon at the top wouldn't work on Firefox, generating a Javascript error (Asus bug) - FIXED: Firefox would sometime fail to display the client list, reporting a JSON parsing error in the console. - FIXED: HMAC setting not properly set when importing an ovpn file for a config based on TLS authentication mode. (backport from GPL 4164) 380.63_2 (12-Nov-2016) - CHANGED: Added detection for iPhone 7 models in networkmap (patch by Andrei Coman). - CHANGED: Enabled --dns-loop-detect support in dnsmasq - CHANGED: Move Dual WAN static routes to a lower priority, so VPN