Changelog.txt

Asuswrt-Merlin Changelog
========================

380.70 (8-Apr-2018)
  - NOTE: This will be the final 380.xx release for
          all models.  The RT-N66U and RT-AC66U
          support will be dropped, and all other
          models have been migrated to the new gen
          branch, as of release 384.4.

          People who wish to keep getting updates for
          these two older models should look at the
          john9527 fork: https://bit.ly/2EV5Oat

  - CHANGED: Tightened security around some config files.
  - CHANGED: Samba protocol support can now be set to
             SMBv1, SMBv2, or SMBv1 + SMBv2 (the new default).
             This will result in a performance drop on all
             models, but will be more secure.
             Ideally, people should change it to SMBv2 only,
             and then reboot all their client devices to start
             using only the new protocol.
             If performance is more important than security to
             you, then you can switch it back to SMBv1, which is
             the old default behaviour.
  - CHANGED: Switched to the new Entware repo for armv7 models.
             To upgrade, run the following commands TWICE:

             opkg update; opkg upgrade

  - FIXED: Apply button not working on the OpenVPN
           Client page.
  - FIXED: Potential racing condition that could lead to two
           instances of miniupnpd running at boot time.
  - FIXED: Broken FAQ links (backport from 380_8120)
  - FIXED: Security issue in httpd (CVE-2018-8879).
  - FIXED: Security issues in httpd (backports from 380_8228)


380.69_2 (28-Jan-2018)
  - NOTE: The official IRC channel has moved to
          Freenode (#asuswrt).

  - CHANGED: Quantenna watchdog is less likely now to
             incorrectly assume the QTN CPU has crashed
             (which can lead to router reboots). (RT-AC87U)
  - FIXED: IE11 field validation issues on OpenVPN and
           DHCP pages.
  - FIXED: Router crash when importing an OpenVPN certificate
           longer than 3499 characters (the supported limit)
  - FIXED: Users were allowed to enter invalid characters on
           some of the OpenVPN client page fields.
  - FIXED: CVE-2018-5999 in httpd (backport from 384_10007)
  - FIXED: CVE-2018-5721 in httpd (Merlin & theMIROn)


380.69 (11-Dec-2017)
  - NEW: Added option to disable the Asus NAT tunnel service under
         Other Settings -> Tweak.  Not quite sure what this
         partly closed source service is for, but it eats a
         fair amount of CPU and RAM (backport from 382)

  - CHANGED: Updated odhcp6c to be in sync with upstream
             (patch by theMIRon)
  - CHANGED: Updated libogg to 1.3.3 and libvorbis to 1.3.5.
  - CHANGED: Updated wget to 1.19.2 (fixing connectivity to some
             TLS 1.2 servers)
  - CHANGED: Updated RT-N66U and RT-AC66U SDK to GPL 380_8120's
             (fixing KRACK in repeater/bridge mode)
  - CHANGED: Updated openssl to 1.0.2n.
  - CHANGED: Updated tor to 0.2.9.14.
  - FIXED: allow IA_NA mode downgrade with forced IA_PD
           (for ISPs with broken IPv6 support)
           (patch by theMIRon)
  - FIXED: Trend Micro signature check might randomly fail the
           RSA validation.
  - FIXED: Security issues CVE-2017-15275, CVE-2017-12163
           and CVE-2017-12150 (backported to Samba 3.6 and 3.5)
  - FIXED: Httpd crash when accessing certain webui pages with
           no connected Ethernet clients
  - FIXED: DNSFILTER rules would have priority over OPENVPN Client
           rules (when client has DNS set to Exclusive mode).
  - FIXED: traffic routing from the router itself would fail when
           restarting the firewall while using an ovpn client with
           policy rules in effect.


380.68_4 (4-Oct-2017)
  - CHANGED: Updated dnsmasq to 2.78 (contains a number of
             security fixes).
  - FIXED: rstats could crash at start time in some situations.
  - FIXED: QOS Scheduler would revert back to sfq after you had
           re-enabled QOS while (fq_)codel was already selected.
  - FIXED: Missing tabs on the Parental Control page.
  - FIXED: Realtek port status wouldn't auto-refresh on the Sysinfo
           page.
  - FIXED: Incorrect sort by remaining time on the DHCP Lease page.
  - FIXED: Some LAN clients couldn't be added to the TOR redirected
           client list.


380.68_2 (12-Sept-2017)
  - FIXED: Some models would show the wrong menu options while in
           Repeater mode.
  - FIXED: USB modem page not displayed if WAN type was set to USB.
  - FIXED: CVE-2017-12754 security issue.
  - FIXED: Incorrect LAN ports order on Networkmap (RT-AC3200)
           (Asus bug)
  - FIXED: Extra OpenVPN CA not properly handled for OpenVPN
           clients 3, 4 and 5.
  - FIXED: Invalid txrate shown on Wireless Client page if client
           isn't authenticated yet


380.68 (18-Aug-2017)
  - IMPORTANT: due to major webui changes, you will need to
               either flush your browser cache, or force it
               to reload the page (shift-reload) the first time
               you access the webui after upgrading to 380.68.

  - NEW: Merged GPL 380_7743 binary blobs for the RT-N66U.
  - NEW: Backported Ethernet port status report on the Network Map
         from GPL 382.
  - NEW: Description field added to OpenVPN client configuration
  - NEW: Added missing hash types to ipset_arm (Patch by john9527)
  - NEW: Added hostname Busybox applet, used by some Entware packages
  - NEW: Added TPROXY netfilter target module (ARM only)
  - CHANGED: Switched webui menu generation code to GPL 382 code.
             This new code is easier for me to maintain.
  - CHANGED: Used webui menu icons from GPL 382.
  - CHANGED: Re-organized VPN pages, merging some together.
  - CHANGED: Reworked VPNStatus page, will now refresh itself every
             5 seconds.  It will also report a client's local
             and public IP addresses.
  - CHANGED: Re-designed webui interface for managing SSL
             certificate.  Added Upload button, and revamped
             certificate info display (includes some backports
             from GPL 382)
  - CHANGED: Removed option to enable/disable persistent webui
             certificate - they are now always persistent.
  - CHANGED: Reworked Tools -> Sysinfo page, dynamic data will
             refresh itself every 3 seconds, also port
             ordering will be more consistent, and display based
             on the new tableAPI from GPL 382.
  - CHANGED: Backported system log page from GPL 382: moved logging
             settings to it, added option to set a remote syslog
             server's port, and shown log will auto refresh.
  - CHANGED: Re-designed DHCP Lease log page to use the new
             tableAPI, with sortable fields (defaults to IP sort)
  - CHANGED: Do not alternate between ntp server from webui and
             the one hardcoded in nvram - use webui one, unless
             it's empty - then use the second server set in nvram.
  - CHANGED: Moved App icon out of the notification area and into
             the footer of the page, with other links.
  - CHANGED: Updated Curl to 7.54.1
  - CHANGED: Updated nano to 2.8.6
  - CHANGED: Re-designed the way the Tor database gets backed up,
             so it won't grow stale by never being updated.
  - CHANGED: Define and forward a small range of ports
             (57535-57565) for use for passive FTP (needed for
             TLS over WAN).
  - CHANGED: Reduce the amount of logging done while configuring
             policy-based routing for an OpenVPN client when
             using the default log verbosity level of 3.
  - FIXED: Duplicate LAN port 1 shown for the RT-AC87U on
           the Sysinfo page.
  - FIXED: Port forward/UPNP issues with CTF enabled depending on
           selected NAT loopback mode.
  - FIXED: URL filtering wasn't working over IPv4.
  - FIXED: OpenVPN instances could potentially start too early at
           boot time (before clock was set)
  - FIXED: When multiple OpenVPN clients are connected to the router,
           their username wouldn't show as Connected.
  - FIXED: Progress report would go to 200% if you changed a setting
           and started or stopped an OpenVPN client or server.
  - FIXED: Security issues CVE-2017-11344, CVE-2017-11345 and
           CVE-2017-11420 in networkmap (patches by
           Kilo Foxtrot Papa)
  - FIXED: Webui self-generated certificate could sometime be
           invalid due to a race condition between the SSL and
           non-SSL httpd instances starting at the same time.
  - FIXED: Tor would fail to start if there was a backed up
           database in /jffs/.tordb, due to bad permissions.
  - FIXED: SMB sharing without user authentication would fail if
           router's admin username was changed from "admin"
           (Asus bug)
  - FIXED: SMB sharing without user authentication would cause
           SMB2 to downgrade to SMB1.
  - FIXED: 5GHz-2 would show an "undefined" channel on the
           Wireless-> General and in the wifi popup if
           5GHz-1 was disabled (Asus bug).


380.67 (16-July-2017)
  - NEW: Merged with GPL 380_7743 code, with binary blobs from
         7378 for N66U
  - NEW: Custom config support for quagga/ripd.
  - NEW: Webui SSL certificate can now be saved so it gets reused
         instead of a new one being constantly generated.  It will
         be stored under /jffs/ssl/, you can also easily provide
         your own by storing cert.pem and key.pem in that location.
         Settings to control this can be found under
         Administration -> System.
  - NEW: TLS support in vsftpd.  Key and certs are automatically
         generated, and can also be replaced by your own, as
         ftp.key and ftp.crt under /jffs/ssl/
  - NEW: fq_codel and configurable overhead support in Adaptive QoS.
  - NEW: PEAP/MSCHAPv2 support via 802.1x on WAN interface, in
         addition to existing MD5 support (patch by Rafi Khardalian)
  - CHANGED: Remember chosen sort method on DHCP static reservations
             page.
  - CHANGED: Updated minidlna to 1.2.0.
  - CHANGED: Updated nano to 2.8.5.
  - CHANGED: Updated openssl to 1.0.2l.
  - CHANGED: Updated ipset (ARM) to 6.32.
  - CHANGED: Upgraded from vsftpd 2.0.4 to 3.0.3.  You might need to
             revise any custom configuration you have done (if any).
  - CHANGED: Moved SMB2 support switch to the main samba page.
  - CHANGED: Optimized all webui images for size
  - CHANGED: Tor now runs as a limited user instead of as root
  - CHANGED: Limited number of supported OpenVPN clients to 2 on
             the RT-AC3200, to save on nvram.
  - CHANGED: Removed tweak that allowed to disable/enable bridge
             multicast snooping, as Asus now disables it upstream
             at the kernel level.
  - FIXED: OpenVPN client would be shown as having failed to connect
           if a reconnect attempt initially failed to authenticate,
           but succesfully connected afterward.
  - FIXED: Quagga's log could fill up RAM, reduced the amount of
           logging generated by it.
  - FIXED: NFS sometimes failing to start properly (patch by john9527)
  - FIXED: Layout issue of the status bar under Chrome when window
           is larger than 1800px (patch by Cyrus Dargahi)
  - FIXED: UPNP and SNMP issues in Dual WAN mode.
  - FIXED: NAT Loopback (merlin mode) in Dual WAN mode wasn't supported.
  - FIXED: Internal and external port specifications were swapped in
           miniupnpd's config file (Asus/Tomato bug)
  - FIXED: Enabling policy-based routing for a client connecting to
           a server that doesn't push a redirect-gateway would fail
           to properly route traffic (for instance with StrongVPN)
  - FIXED: Invalid port trigger rules when specifying a port range
           (patch by John Bacho)
  - FIXED: OpenVPN client with a password containing an "&" could get
           corrupted when re-editing that client's config.
  - FIXED: Some remote syslogd would choke on syslog entries sent by
           the router if there were spaces in the tag parameter.
           Removed spaces where this was the case.


380.66_6 (22-June-2017)
  - CHANGED: Updated OpenVPN to 2.4.3
  - FIXED: Corrupted firewall rules if enabling SSHD brute-force
           protection and Respond to WAN Ping at the same time
           while in Dual WAN mode.


380.66_4 (26-May-2017)
  - CHANGED: Updated dropbear to 2017.75
  - FIXED: Security issue CVE-2017-7494 in Samba.


380.66_2 (16-May-2017)
  - FIXED: AiCloud fail to start on RT-N66U and RT-AC66U.
  - FIXED: The generated key/cert for httpds and AiCloud could
           sometimes be invalid due to a timing probblem.


380.66 (12-May-2017)
  - NEW: Merged with GPL 380_7378
         Notable changes:
            * Port forwards can select a specific source IP
            * Security fixes for CVE-2017-5891, CVE-2017-5892
              and CVE-2017-6547
         Note:
            * If you are experiencing new wifi stability
              issues, try disabling Airtime Fairness on
              the Wireless -> Professional page (on all
              bands).

  - NEW: Option to disable Wanduck's constant DNS probing
         for WAN state (Tools -> Other Settings)
  - NEW: Allow disabling the use of DH, by entering
         "none" in the DH field for OpenVPN server config.
  - NEW: Added new Internet redirection mode to OpenVPN clients
         called "Policy Rule (Strict)".  The difference from the
         existing "Policy Rule" mode is that in strict mode,
         only rules that specifically target the tunnel's
         interface will be used.  This ensures that you don't
         leak traffic through global or other tunnel routes,
         however it also means any static route you might have
         defined at the WAN level will not be copied either.
  - CHANGED: Ovpn importer now recognizes the "port" and
             "reneg-sec" parameters.
  - CHANGED: Ovpn importer now support a third argument for
             the "remote" parameter, allowing to specify the
             protocol.
  - CHANGED: Updated Tor to 0.2.9.10
  - CHANGED: Updated nano to 2.8.1
  - CHANGED: Updated OpenVPN to 2.4.2
  - CHANGED: Updated LZ4 to 1.7.5 (used by OpenVPN)
  - CHANGED: SSL certificate generated for httpds will now
             contain SANs for hostname, router.asus.com, IP
             and DDNS hostname.
  - CHANGED: Make minidlna always use the same uuid, based on
             the LAN MAC (original patch by john9527)
  - CHANGED: Better feedback provided when an ovpn file upload
             generates a problem due to a key/cert that's
             not provided inline.  Inform the user which of
             these he will need to manually provide.
  - CHANGED: Disable bridge multicast_snooping, as this should be
             unnecessary, and it could interfere with EMF, UPNP and
             other multicast applications.  Can be re-enabled from
             the Tools -> Other Settings page.
  - REMOVED: The Virtual Server page no longer allows users to
             edit existing port forwards (our existing code is
             incompatible with Asus's newer webui code and will
             need to be re-implemented.)
  - FIXED: WOL page fails to load if adding a client with a
           quote in its name.
  - FIXED: Couldn't add a DHCP reservation client if its name
           contained a quote.
  - FIXED: New outbound connections weren't logged if firewall
           logging was enabled.
  - FIXED: OpenVPN server didn't always work properly in udp mode
           when in a dual stack IPv4/IPv6 environment (backport
           from GPL 382_9736)
  - FIXED: When disabling NCP support in OpenVPN, the router
           could still be trying to use it if the remote end
           had it enabled.
  - FIXED: Potential CVE-2016-10229 security issue in kernel
           (unsure whether our kernel was vulnerable or not)
  - FIXED: ovpn file import would fail to import auth hash or
           cipher if they weren't uppercase.
  - FIXED: Couldn't edit SMB permissions if the disk had
           multiple partitions (Asus bug) (patch by
           Jeremy Goss)
  - FIXED: Exporting a client.ovpn file with no existing CA
           could generate garbled output in the generated
           file.


380.65_4 (28-Mar-2017)
   - FIXED: Various LAN/WAN issues with the RT-AC3200 due to
            incorrect GMAC state checks (Asus bug) (patch
            by john9527)
   - FIXED: Some models would sometime randomly fail to start one
            of their wifi radio, possibly due to a hardware design
            issue.  Partly revert the 380.65 changes that removed
            the automatic reboot if one radio was disabled at boot
            time, but reduced the maximum number of reboots to 1.


380.65_2 (10-Mar-2017)
   - FIXED: CVE-2017-6549 (implemented temporary workaround,
            until a proper fix from Asus)
   - FIXED: CVE-2017-6548 (backport from GPL 7266)
   - FIXED: WOL page fails to load if adding a client with a
            quote in its name.
   - FIXED: Couldn't add a DHCP reservation client if its name
            contained a quote.


380.65 (3-Feb-2017)
   - NEW: Merged with parts of Asus GPL 380_4180, left out
          most of it because of too many bugs in it.
   - NEW: Upgraded to OpenVPN 2.4.0, and implemented support
          for many of its new features:
            * GCM ciphers
            * LZ4 compression
            * tls-crypt (uses the Static Key field)
            * Cipher negotiation (NCP), with (optional)
              fallback to legacy "cipher" parameter when
              an OpenVPN 2.3 client connects to the
              router's 2.4 server.
          Please refer to the OpenVPN 2.4 documentation for
          more info on these new features.

          You will be warned if any server setting would
          generate an exportable ovpn file that would be
          incompatible with older clients.

          Existing client config shouldn't need to be changed,
          unless you modify the router's server configuration.

   - NEW: Upgraded Busybox to 1.25.1 (patch by theMIROn)
   - NEW: Added the following Busybox applets: ntpd, time, uniq,
          xargs and getopt, for feature parity with John's fork.
   - NEW: Option on Media Server page to enable minidlna's
          built-in status web page.  Default URL is
          http://router.asus.com:8200 .
   - NEW: Support for Vodafone R226 USB LTE (patch by
          Gernot Pansy)
   - NEW: New "update-notification" user script, that gets run
          when a scheduled firmware check detects a new version
          is available.

   - CHANGED: Removed support for all RC ciphers on OpenVPN.
              DES is staying for now, but should still be avoided
              whenever possible.
   - CHANGED: Updated openssl to 1.0.2k
   - CHANGED: Updated tor to 0.2.9.9 (0.2.9.x patch by blackfuel)
   - CHANGED: Updated nano to 2.7.4.
   - CHANGED: hosts file will now give a higher priority to the
              user-configured hostname for the router ahead of
              hardcoded ones (like router.asus.com).
   - CHANGED: Create a system log entry if a new firmware 
              version is available.
   - CHANGED: Display name and icon for clients configured on the
              Tor page.
   - CHANGED: Streamlined miniupnpd stop/start events during boot,
              so there are fewer of them now.
   - FIXED: Invalid DUID used when requesting an IPv6 prefix
            for some of the newer router models, which would
            prevent them from getting working IPv6 (Asus bug)
   - FIXED: Network Service Firewall rules not applied
            under certain configurations
   - FIXED: Port triggering wasn't working if traffic had
            been whitelisted by Network Service Firewall
   - FIXED: Avahi wasn't rejecting connections from
            secondary WAN interface
   - FIXED: Sorting clients by connection time would incorrectly
            treat 10 hours as shorter than 9 hours, as it was
            handling it as a string (Asus bug)
   - FIXED: Exported ovpn client file wouldn't use the
            user-configured hostname when using DDNS custom mode.
   - FIXED: Exported OpenVPN client config didn't work when
            using static key authentication.
   - FIXED: Exported OpenVPN client config wasn't editable with
            Notepad, the default editor used by Windows's
            OpenVPN GUI.
   - FIXED: OpenVPN was killed too quickly on disconnection,
            causing issues when using explicit-exit-notify
            (patch by john9527)
   - FIXED: OpenVPN client/server instances weren't properly
            restarted on a WAN restart (patch by john9527)
   - FIXED: Some models (N66/AC66/AC5300) would reboot 3 times
            if one of the radios was found disabled by the user
            while booting (Asus bug).
   - FIXED: Webui layout was broken under Chrome 56.


380.64_2 (8-Jan-2017)
   - FIXED: IPv6 client list failing to properly show hostnames
            (regression in 64_1)
   - FIXED: A few potential buffer overruns in httpd


380.64_1 (6-Jan-2017)
   - FIXED: Security issues in httpd (backport from GPL 4180 +
            additional fixes of my own)


380.64 (16-Dec-2016)
   - NEW: New firmware availability notification.  The router will
          notify you if a new firmware is available, and will also
          let you view the changelog before sending you to the
          download page (the update process remains manual).

          Note that the automated check will only report new
          final releases.  The Check button on the Firmware Upgrade
          will immediately check for final releases or beta (if you
          select that option), but not both at the same time.
   - NEW: Added iptables MASK support on MIPS kernel (patch
          by john9527)
   - NEW: Webui warning shown in the notification area if running
          low on free nvram.
   - CHANGED: Updated nano to 2.7.1.
   - CHANGED: Updated OpenVPN to 2.3.14.
   - CHANGED: Updated curl to 7.51.0, resolving numerous security
              and stability issues.
   - CHANGED: Tor clients will now route other TCP ports than just
              80/443, and drop UDP and ICMP traffic (patch by
              blackfuel)
   - CHANGED: QoS Stats info will automatically refresh every
              3 seconds (user-configurable)
   - CHANGED: IPTraffic charts now show sorted slices, so the
              clients with the least traffic will get grouped
              under "Others" if truncating the list of shown
              clients.
   - CHANGED: Enabled IPv6 support in curl.
   - CHANGED: Improved webui performance, by caching large static
              Javascript files such as jquery, and increased cache
              life from 5 mins to 1 hour.
   - CHANGED: No longer include Download Master packages in the
              firmware for those models that still included them,
              reducing firmware size by a few megabytes.
              Those were always outdated, the router will download
              the latest versions from Asus's servers at install
              time.
   - CHANGED: Improved webui protection against CSS/XSS attacks
              (backport from GPL 4164)
   - FIXED: Web server crash if importing an ovpn file with an
            invalid key or certificate (Asus bug)
   - FIXED: App icon at the top wouldn't work on Firefox,
            generating a Javascript error (Asus bug)
   - FIXED: Firefox would sometime fail to display the client
            list, reporting a JSON parsing error in the console.
   - FIXED: HMAC setting not properly set when importing an ovpn
            file for a config based on TLS authentication mode.
            (backport from GPL 4164)


380.63_2 (12-Nov-2016)
   - CHANGED: Added detection for iPhone 7 models in networkmap
              (patch by Andrei Coman).
   - CHANGED: Enabled --dns-loop-detect support in dnsmasq
   - CHANGED: Move Dual WAN static routes to a lower priority, so VPN
              policy rules will have priority over them
   - FIXED: Traditional QoS labels were off by one on the Stats page.
   - FIXED: Adaptive QoS upload stats couldn't be retrieved because
            qosd seems to be hardcoded to always set up classes on eth0
            rather than on the real WAN interface.
   - FIXED: USB driver was removed too early at shutdown time on the
            RT-AC56U and RT-AC87U (fix by john9527)


380.63 (6-Nov-2016)
   - NEW: QoS Statistics page, showing the amount of traffic assigned to
          each available classes, as well as the current throughput.
   - NEW: Charts added to various Traffic Monitor pages.
          Note that you can click on legend items to reveal/hide the
          DL/UL data.  Hovering over a bar or a pie slice will
          display the exact value for that item.
   - NEW: Added pc_delete() to the helper script (patch by john95287)
   - NEW: IPv6 firewall now supports fixed interface ID (EUI64) ipv6
          destination addresses (Patch by john9527)
   - CHANGED: Updated Tor to 0.2.8.9
   - CHANGED: Updated OUI database.
   - CHANGED: ipset was updated to version 6.29 on ARM models.
              IMPORTANT: this means you will probably need to
              update your script to the new syntax.  You need to
              load the xt_set.ko module at the start of your script.
              There has been no change to MIPS models, due to their
              older kernel.  (original code by Shibby and Victek,
              Asuswrt port by john9527) (ARM only)
  - CHANGED: OpenVPN policy rules now start at prio 10000 instead of 1000
  - CHANGED: Added help popups to various settings that are unique to
             Asuswrt-Merlin.
  - FIXED: Custom group/shadow/passwd weren't applied at boot time.
  - FIXED: CVE-2016-5195 (Dirty COW) vulnerability in kernel
           (patches by blackfuel and Joseph A. Yasi)
  - FIXED: Network Service Filter rules would only apply to clients
           under Parental Control if that was enabled (original
           debugging by john9527) (Asus bug)
  - FIXED: A few memory leaks in httpd and rc services.



380.62_1 (29-Sept-2016)
   - CHANGED: Updated OpenSSL to 1.0.2j


380.62 (23-Sept-2016)
   - NEW: Added nano 2.7.0 (user-friendly text editor)
          Documentation: https://www.nano-editor.org/dist/v2.6/nano.html
          Note that for space reasons, some of its features are disabled
          for the RT-N66U and RT-AC66U.  Entware users might want to
          uninstall the Entware version if they had it installed and want
          to use the built-in version instead.
   - NEW: Option to toggle the display of passwords on the PPTPD and
          OpenVPN server pages.
   - NEW: Allow providing a vendor class on the WAN page (DHCP option 60)
   - NEW: Add option to disable sending a RELEASE request when odhcp6c
          exits, allowing you to retain your received prefix with some
          ISPs.
   - CHANGED: Updated nettle to 3.2 (used for dnssec) and increased
              optimization level.
   - CHANGED: Updated minidlna to 1.1.6
   - CHANGED: Updated OpenVPN to 2.3.12
   - CHANGED: Updated OpenSSL to 1.0.2i
   - CHANGED: Revamped the Wireless Log page:
                - Merged some columns to gain more horizontal space
                - Longer hostname shown (truncated names are now
                  shown in a tooltip)
                - Display clients' IPv6 if they have one
   - CHANGED: Accept up to 250 characters for OpenVPN client's
              username and password (one provider needs 64).
   - CHANGED: Hide the WPA key on the Wireless config page, and only
              reveal it when you click on the field to edit it.
   - FIXED: OpenVPN client shouldn't display policy routing settings
            when using a TAP interface.
   - FIXED: DSL/ATM overhead setting was visible on MIPS models, which
            don't support it.
   - FIXED: Editing OpenVPN or PPTP users with any value longer than
            32 chars could lead to corruption of the user list.
   - FIXED: Custom config file for igmpproxy wasn't working.
   - FIXED: After turning off a Guest network, the next visit to the
            Wireless Settings page would show that guest network's settings
            instead of the parent band settings (Asus bug)
   - FIXED: Smart Connect rules didn't apply on the RT-AC88U (backported
            fix from 380_3941).
   - FIXED: Numerous memory leaks in the networkmap service. (Asus bug)
   - FIXED: Potential buffer overrun in the networkmap service. (Asus bug)
   - FIXED: Broken IPv6 connectivity if enabling SSH brute force
            protection (only MIPS models were affected)
   - FIXED: 5G LED would fail to turn back on when exiting stealth mode.
   - FIXED: Only hostname was used as remote server in an exported
            OpenVPN client config when using Namecheap DDNS.
   - FIXED: Security vulnerability (XSS/CSR) in httpd (backported
            fix from 380_4005).
   - FIXED: Chrome would try to autofill some fields (such as on the
            DDNS configuration page), which could be problematic.
   - FIXED: IPTraffic database was no longer properly named after
            the router's MAC address on the AC88/AC3100/AC5300.
            If you recently enabled it, you will need to either
            re-create a new database, or rename the existing
            database from tomato_cstats_000000000000.gz to
            tomato_cstats_XXXXXXXXXXXX.gz, where "XXXXXXXXXXXX" is
            your MAC as found with "nvram get et2macaddr", in
            lowercase (AC88/AC3100/AC5300 only).

            Regular traffic monitoring (stored in
            tomato_rstats_XXXXXXXXXXXX.gz) is fine.


380.61 (4-Aug-2016)
   - FIXED: Connected OpenVPN clients reporting as disconnected
            on the status page following any wireless config change
            (Asus bug)
   - FIXED: OpenVPN server would report being "Initializing"
            while it already was ready, following any
            wireless config change (Asus bug)
   - FIXED: Various stability issues with minidlna (reverted some
            of Asus's customizations)


380.61 Beta 1 (31-July-2016)
   - NEW: Merged with GPL 3831.
   - CHANGED: updated dropbear to 2016.74.
   - FIXED: Do not enforce b/g mode as "auto" if wireless mode
            is also set to Auto.


380.60
    There was no non-beta release, due to limited model support
    and unsolved WAN stability issues.


380.60 Beta 2 (5-July-2016)
    IMPORTANT: The firmware image file format was changed by Asus.
               Starting with 380.60, you will no longer be able to
               flash versions older than 380.60, or Asus versions
               older than 3.0.0.4.380_3000.

               You can currently downgrade by using Firmware Recovery
               mode, but there's not guarantee that this will keep
               working in the future.

    - NEW: Merged with GPL 3479.  This includes the new file format
           required for certification purposes.
    - NEW: Option to enable overhead calculation on Traditional QoS
           for DSL users (ARM-only)
    - NEW: Option on System page to disable the new forced 
           redirection to router.asus.com (defaults to disabled)
    - CHANGED: Updated OpenVPN to 2.3.11
    - CHANGED: Allow to specify IPv6 prefixes up to 126 on the IPv6 config
    - CHANGED: Networkmap will now announce itself as "Asuswrt/networkmap"
               when connecting to LAN's web services.
    - FIXED: OpenVPN server instances weren't properly reporting
             if an error occurred at start time.
    - FIXED: wget was unable to access https site due to not
             having a CA bundle to verify certificates
    - FIXED: odhcp6c was sending bogus preferred prefixes, so
             anything larger than 64 could result in an invalid
             prefix
    - FIXED: Language selector is missing on router set for the
             JP region (reverted Asus change)
    - FIXED: Client names with single quotes couldn't be edited
             in the networkmap client popup (Asus bug)
    - FIXED: Router wouldn't run SMB to provide browser master
             or Wins services if no USB disk was plugged
    - FIXED: Router would sometime fail to renew a WAN DHCP lease.
             (fix by theMIROn)


380.59 (10-May-2016)
    - NEW: Merged with 380_2697 GPL.  This includes beta MU-MIMO support for 
           the RT-AC87U/AC88U/AC3100/AC5300, and IPTV fixes.
    - NEW: Option on OpenVPN client/server page to reset them back to the 
           factory default settings.
    - EXPERIMENTAL: Added support for codel and fq_codel to ARM models
                    (RT-AC56U and newer).

                    When enabling Traditional QoS or Bandwidth Limiter,
                    you can now change from the default sfq queue 
                    discipline to codel or fq_codel.
                    (based on Kyle Sanderson's Tomato backport)

                    NOTE: Traditional QoS is currently broken on the
                          newer models (RT-AC88U and up).  This is a known
                          issue in recent Asus releases.

    - CHANGED: WAN -> NAT Passthrough now allows you to determine whether or 
               not to load the NAT helper module for h323, rtsp and sip.  
               Asus's old behaviour is "Enabled + NAT Helper".
    - CHANGED: DNSFilter client dropdown now uses Asus's new one integrated 
               with networkmap.
    - CHANGED: minidlna now supports refreshing an existing database, so the 
               Tweak setting was updated accordingly
    - CHANGED: Enable SPNEGO support in Samba
    - CHANGED: Integrated Asus's networkmap into the DHCP reservations page
    - CHANGED: Updated Tor to 0.2.7.6
    - CHANGED: SSH WAN access will also work over IPv6
    - CHANGED: Updated miniupnpd to 2.0
    - CHANGED: Fields on the DHCP static lease page are now sortable
               (original patch by Allan Jensen)
    - CHANGED: Updated openssl to 1.0.2h
    - FIXED: Daily/Monthly traffic monitoring shows invalid values on the 
             RT-AC88U/3100/5300, even with CTF disabled.  Implemented a 
             temporary workaround.
    - FIXED: WPS wasn't working on the RT-AC3200
    - FIXED: Backported security fixes from OpenWRT to Samba 3.6.25, 
             addressing the following: 
             CVE-2015-5252, CVE-2015-5370, CVE-2015-5296, 
             CVE-2015-5299, CVE-2015-7560, CVE-2016-2110, 
             CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, 
             CVE-2016-2118.
   - FIXED: OpenVPN clients set to policy-based routing and Exclusive
            DNS mode were still adding the tunnel nameservers to 
            dnsmasq, causing both routed and non-routed clients to use 
            them.


380.58 (20-Mar-2016)
    - NEW: Merged with 380_1354 GPL
    - NEW: Added Tweaks and Hacks settings to Tools -> Other Settings.
           These are UNSUPPORTED tweaks, intended mostly for 
           experimentation, or very specific situations.  If unsure how
           to apply these, manually reboot after changing them.
           One of new settings there lets you disable hourly network
           rescans, to resolve issues with NAS/printers coming out
           of sleep every hour.
    - NEW: Added setting to configure OpenVPN's auth digest algo.
    - NEW: Added setting to configure OpenVPN's logging verbosity.
           Note that this setting is global to all clients/servers.
    - CHANGED: Updated OpenVPN to 2.3.10
    - CHANGED: Updated openssl to 1.0.2g
    - CHANGED: Updated miniupnpd to 1.9.20160222
    - CHANGED: Updated udpxy to 1.0-build 23-10 (backport from GPL 
               380_2345)
    - CHANGED: if you set an OpenVPN client DNS mode to "Exclusive"
               and you enable policy-based routing, then those policies
               will also determine which DNS to use (the tunnel's or
               the ISP's).  This is based on DNSFilter's technology.
               You no longer need to use DNSFilter to control
               the DNS used by your OpenVPN clients.
    - CHANGED: Made OpenVPN traffic bypass CTF, which resolves
               some throughput issues with it
    - CHANGED: Disabled X11 Forwarding support in Dropbear,
               for security reasons.
    - FIXED: PPTP static route handling script was broken
    - FIXED: minidlna would check for the wrong database filename
             at start time
    - FIXED: Wrong status shown for VPN Client 3
    - FIXED: OpenVPN clients were run on the wrong CPU cores.
             Now, odd instances correctly run on the second core.
    - FIXED: Using DNSFilter with default mode set to "router" would
             prevent using the router for IPv6 lookups.
    - FIXED: Account limit wasn't properly allowing up to 10 
             clients for SMB/FTP (patch by vit9696)
    - FIXED: Having multiple OpenVPN clients configured with
             multiple "Accept DNS configuration" modes would
             only apply the last client's setting.  Now, we
             apply the most restrictive setting of all
             configured clients.
    - FIXED: RT-AC68U 2.4 GHz was broken if CTF was disabled
             (downgraded wifi driver to  6.37.14.105)
    - FIXED: Diasbling the SIP NAT helper would also drop all port 5060 
             traffic.  Some users need to keep the SIP helper disabled 
             with their SIP client.  Reverted that GPL 858 change.


380.57 (24-Dec-2015)
    - NEW: Merged with 380_1031 GPL
    - NEW: Added RT-AC3100 and RT-AC5300 support
    - NEW: Added RT-AC68U HW Revision C1 support
    - NEW: Backup/Restore of the content of the JFFS
           partition (under Administration Restore/Save Settings)
    - NEW: Added DNSSEC support.  Can be enabled under LAN -> DHCP.
    - NEW: Added custom/postconf support for igmpproxy.conf.
    - CHANGED: Increased user account limit from 16 to 32 on
               the VPN server pages.
    - CHANGED: Updated e2fsprogs to 1.42.13
    - CHANGED: Increased maximum entries in Parental Control
               (time scheduler) to 32.
    - CHANGED: Updated miniupnpd to 1.9.20151119.
    - CHANGED: Updated Openssl to 1.0.2e.
    - CHANGED: Downgraded Dropbear to 2014.66, too many issues in
               the newer releases.
    - CHANGED: Improvements to VPN Status page
    - FIXED: CTF not automatically disabled when enabling IPTraffic.
    - FIXED: Openvpn clients 3 through 5 were all run on the first
             CPU core.  They are now properly alternated like the
             first two (odd on CPU1, even on CPU0)
    - FIXED: smb.log generated by networkmap could fill up RAM
    - FIXED: upnpc_xml.log generated by miniupnpc could fill up RAM
    - FIXED: Inconsistant names used on IPTraffic and Sysinfo page.
             Now, we give priority to any description manually entered
             on the networkmap, followed by static hostname, then any
             current (lease) hostname.
   - FIXED: MAC queries sent to the OUI database were broken due to
            changes on the IEEE website
   - FIXED: Applying changes to OpenVPN client page would start the
            client even if it was disabled/stopped.


378.56_2 (2-Nov-2015)
    - CHANGED: Reverted the memory buffering optimization
               for ARM devices, as people keep panicking
               over the lower amount of free RAM.  You can 
               manually re-enable the optimization by setting
               "drop_caches=0" in nvram.
    - CHANGED: Allow using a port < 1024 for http(s) webui
               interface.
    - FIXED: EMF wasn't working on AC56/AC68/AC87.
    - FIXED: Couldn't connect to ISPs using VLANs (RT-AC87U)
    - FIXED: Editing Port Forward entry with ellipsis in
             the description or the port range would
             still edit the shortened version instead 
             of the full content.
    - FIXED: Debug log from mDNSNetMonitor could gradually
             fill up RAM - disabled it.
    - FIXED: Router crash if pasting SSH key > 2047
             characters.
    - FIXED: Editing an entry on the networkmap would
             clear the hostname if entry existed in
             the DHCP static list.
    - FIXED: OpenVPN server in secret key mode 
             would fail to start.
    - FIXED: Couldn't add entries to the MAC Filter list
             of Guest Networks (reverted our previous
             implementation which conflicted with
             Asus's new one).
    - FIXED: NTP failing to refresh for some cases.
             Implemented temporary workaround.
    - FIXED: Some services not properly starting at
             boot time (like Parental Control or Tor)


378.56 (25-Oct-2015)
     NOTE: There is no 378.56 build for the RT-N66U at
           this time, as Asus hasn't released updated 
           source code for this model yet, and there are
           new closed source binary components that are
           necessary for this new release.

           Make sure to read the changelog of the two
           previous betas for the complete list of
           changes since 378.55.

   - CHANGED: Nameserver handling is more resilient to
              scenarios where dnsmasq fails to start due
              to a broken configuration
   - FIXED: PPTP/L2TP client page broken on French locale
   - FIXED: Entries on the Virtual Server page with ellipsis 
            in their name or port range weren't properly 
            copied to the Add fields when edited.
   - FIXED: Additional fixes to truncated hostnames related
            to networkmap


378.56 Beta 2 (18-Oct-2015)
   - CHANGED: Increased Guest MAC filter entries limit to 64.
   - CHANGED: DHCP query logging no longer override configured
              syslog level, and option was renamed to "Hide queries"
              to be more intuitive in regard to the level logging
              configured.
   - CHANGED: Enabling Hide DHCP queries also silences any RA 
              routine event.
   - CHANGED: Reverted networkmap's printer detection change
              as it didn't resolve the printer wakeups.
   - CHANGED: Reorganized settings on the System page
   - FIXED: QoS page layout in Firefox
   - FIXED: curl wasn't using the firmware's CA list (regression)
   - FIXED: Models with 128 KB support were only reporting 64 KB
            in the nvram userspace tool
   - FIXED: Traditional QoS not working when IPv6 is enabled
            (patch by charlie2alpha)
   - FIXED: Smart Connect page fails to save interface policies
   - FIXED: VPNStatus page was broken on French locale


378.56 Beta 1 (12-Oct-2015)
   - NEW: Merged with GPL 9177.
   - NEW: Added support for the RT-AC88U.
   - NEW: Support for Russian ISP Telenet (code by theMIROn)
   - NEW: ipset support in dnsmasq (patch by ryzhov_al)
   - NEW: default loglevel is now configurable and defaults to 
          5 (notice) instead of 0 (emergency)
   - NEW: local syslogd loglevel is now configurable through the webui.
   - NEW: Support for extra-certs in OpenVPN
   - NEW: Editable DHCP static leases list, virtual servers, port triggers.
   - NEW: IP addresses on the Network Service Filter page can now be 
          subnets in CIDR format (i.e. 10.0.0.0/24)
   - CHANGED: Updated miniupnpd to 20150723 snapshot
   - CHANGED: Updated openvpn to 2.3.8
   - CHANGED: Updated dropbear to 2015.68 + upstream patches
   - CHANGED: Updated minidlna to 1.1.5.
   - CHANGED: Support up to 5 different OpenVPN clients (to match Asus)
   - CHANGED: Maximum openvpn policy rules reduced from 128 to 100, fewer
              priority slots wasted in the RPDB tables (could have been a
              problem with the increase in the number of supported clients)
   - CHANGED: Improvements to VPN Status page
   - CHANGED: Connection failure reason shown on the OpenVPN client
              configuration page.
   - FIXED: Router crash when an invalid or corrupted DH parameter
            is used on an OpenVPN server configuration.
   - FIXED: 2.4 GHz temperature would be missing on the Sysinfo
            page when disabling the 5 GHz radio on the RT-AC3200.
   - FIXED: Max tracked connection limit wasn't user-editable
   - FIXED: Resource leaks in ez-ipupdate if an update failed
   - FIXED: Networked printers coming out of sleep every time 
            networkmap queried their LPR service
   - FIXED: Resource leak in networkmap when scanning for
            printer servers
   - REMOVED: Regulation mode setting on Wireless -> Professional.
              This can't be adjusted anymore, as it was moved to
              a closed source component.


378.55 (17-July-2015)
   - FIXED: DHCP lease page could get confused by IPv6 clients on
            the LAN.


378.55 Beta 2 (11-July-2015)
   - CHANGED: Updated dnsmasq to 2.73 RC9 (backport from GPL 6975)
   - CHANGED: Updated odhcp6c to newer version (backport from GPL 6975)
   - CHANGED: Updated openssl to 1.0.2d (fixes CVE-2015-1793, only present
              in Beta 1 - 54_2 was not affected)
   - CHANGED: Display existing key/certs on the OpenVPN pages once
              they've been migrated to JFFS.
   - FIXED: Time scheduler-related features (Parental Control & Wifi 
            scheduler) were broken (backported fix from Asus's GPL 6975)
            (beta 1 regression)
   - FIXED: QTN firmware was still being copied to RAM rather than rely
            on the symlink to flash added in Beta 1, to save 4 MB of RAM.
            (AC87U)
   - FIXED: Dropbox cloud sync would fail on some setups (backport
            from GPL 6975)
   - FIXED: Entware-setup script would generate an invalid services-start
            script
   - FIXED: Duplicate zoneedit entry on the DDNS service list.


378.55 Beta 1 (3-July-2015)
   - NEW: Merged with GPL 6117.  Notable changes from Asus:
             o New token-based webui authentication (more secure)
             o OpenVPN certificates moved to JFFS2, saving nvram.
               key/cert fields will show up empty on the webui,
               any new key/cert you paste will be written back
               to /jffs/openvpn/ .  This means that if you revert
               back to a previous version, your key/certs will
               no longer be in nvram, so OpenVPN instances will
               fail to start.
             o New network client list on the network map
             o CTF support for PPTP/L2TP WAN (Russian ISPs) (ARM)

  - NEW: Reformatted DHCP lease list under System Log.
  - NEW: Reformatted Port Forward page under System Log.
  - NEW: Reformatted Route Table page under System Log.
  - NEW: Reformatted IPv6 Status page under System Log.
  - NEW: Display more details about UPNP/NAT-PMP/PCP redirections
         on the Port Forward page.
  - CHANGED: The JFFS2 partition is now always enabled, as it is
             required by various firmware functions.  The options
             to format it or to enable/disable user config/scripts
             remain configurable.
  - CHANGED: Updated OpenVPN to 2.3.7.
  - CHANGED: Updated OpenSSL to 1.0.2c.
  - CHANGED: Use a pre-generated 2048-bit DH from RFC 3526 instead of 
             generating our own when doing the first time setup for 
             OpenVPN servers.  This is necessary as openssl 1.0.2b and 
             up now reject 512-bit DHs, and generating a 1024-bit
             would take far too long on a router.
             The end-user still has the possibility of providing his
             own - as long it's 1024-bit or stronger.
  - CHANGED: Updated minidlna to upstream Git snapshot from 2015-06-26,
             and switched to the newer build system.
  - CHANGED: Upgraded ffmpeg from 0.6.0 to 0.7.17.
  - CHANGED: Accept DHCP lease duration of up to 31 days on the DHCP page
  - CHANGED: No longer regularly flush caches from memory on ARM
             router.  This will mean a lower amount of free memory is
             shown, however that memory gets freed whenever something
             actually needs it, so this is normal. (ARM)
  - CHANGED: Display the size of cache memory on the Tools -> Sysinfo page
  - CHANGED: Improvements to the Networkmap (ability to remove an entry,
             removed the alert() from modifying an existing entry)
  - CHANGED: Save over 4 MB of RAM on the RT-AC87U by not copying
             the QTN firmware to RAM (RT-AC87)
  - FIXED: Wireless Log page would fail to load if the SSID
           contained certain characters
  - FIXED: Wireless Log page would fail to load when in Media Bridge
           mode on the RT-AC87U
  - FIXED: DDNS page would complain about an empty account field
           when setting it to CUSTOM with no prior value in that field.
  - FIXED: Automatically generated DH was too weak (512-bit) and 
           preventing clients based on newer OpenSSL releases from 
           connecting.  We automatically replace any weak PEM with our 
           2048-bit one.
  - FIXED: minidlna could get stuck building its database (reverted
           Asus's recent memory optimizations)


378.54_2 (10-June-2015)
  - FIXED: The exported opvn config for clients had the incorrect port
           value.
  - FIXED: Busybox's zcip was missing a patch from 378_4950, preventing
           it from working (and in turn preventing igmpproxy from working
           for people with PPPoE connections where their modem does not
           provide any DHCP lease to the physical WAN interface)



378.54_1 (8-June-2015)
   - Some of the builds were unstable, did a complete recompile of all
     releases.  There was no code change.



378.54 (7-June-2015)
   IMPORTANT: if you were previously using the AiProtection ad blocker, you
              will need to manually disable it over SSH after flashing this
              release, by running the following commands:

                  nvram set wrs_adblock_popup=0
                  nvram set wrs_adblock_stream=0
                  nvram commit

   - NEW: Merged with Asus GPL 378_5134.
   - NEW: OpenVPN policy rules can now be set to route matching traffic
          through either the tunnel, or to your ISP (allowing you to 
          create exceptions to your tunnelling rules)
   - NEW: Added OpenVPN server setting to let the OS manage
          socket buffers (by inserting rcvbuf 0 and sndbuf 0 in
          the server configuration)
   - CHANGED: Upgraded OpenSSL to 1.0.2a, adding new tls ciphers
              to OpenVPN and the https webui
   - CHANGED: Updated miniupnpd to 1.9.20150430
   - CHANGED: Reverted kernel backport of the parallel printer support,
              and reintroduced fix in lprng.  This should hopefully fix
              the recent printing breakage issues.
   - CHANGED: Removed AiProtection's ad blocker, as it's too buggy to
              be usable, breaking numerous mobile applications,
              and not being configurable in any way.
   - CHANGED: OpenVPN policy routing rules are now applied at boot 
              time (when WAN comes up), so clients who are blocked while 
              a tunnel is down will immediately be blocked until 
              the tunnel comes up.
   - CHANGED: Upgraded Quantenna firmware to 378_6065 release (AC87)
   - FIXED: Router DNS weren't reverted to their original values
            when shutting down an OpenVPN client with "explicit-
            exit-notify" enabled.  Now we manually clean it up
            after the user manually terminates the client - it might
            still not be cleaned up after an unexpected shutdown however.
            Ideally, users should try avoiding using this setting when 
            possible.
  - FIXED: Some legitimate VPN packets could get dropped due to their
           conntrack state.  Now, only INVALID packets coming from the
           WAN interface are dropped.
  - FIXED: OpenVPN client would sometime try to connect before the clock had
           been set by NTP at boot time, preventing it from connecting.
  - FIXED: AiProtection security check would fail to load when Dual WAN is 
           enabled
  - FIXED: Various fields would allow you to enter a single quote character,
           which could break the webui.  Now these fields re-validate the
           content after you deactivate the text field.
  - FIXED: Switching between All Traffic and Policy Mode OpenVPN routing while
           the option to block traffic when the tunnel goes down wasn't 
           properly removing those rules, so a tunnel going down in 
           All Traffic would still block policed clients.
  - FIXED: EMF wasn't working on ARM models (missing userspace tool)



378.53 (26-Apr-2015)
   - NEW: Merged with Asus GPL 378_4980 (with pieces from 378_4850 for AC56/AC68
          and 378_5183 beta for AC87)
   - NEW: OpenVPN policy routing.  You can select client IPs or destination
          IPs which you want to route through your VPN tunnel.  You can enter
          a single IP (192.168.0.1) or a whole subnet in CIDR format (for 
          example 74.125.226.112/30).
          You can optionally block WAN access to these as well when the
          tunnel goes down.
   - NEW: Ad blocker based on Trend Micro's Web Reputation System (WRS).
          This is an EXPERIMENTAL feature implemented by Asus but that
          isn't enabled in the stock firmware.
   - CHANGED: Updated Tor to 0.2.5.12
   - CHANGED: Those providing a signed SSL certificate for httpd can now 
              provide chain certificate.  The three PEMs must be in
              that order: client, intermediate, CA.  (Patch by sasoiliev)
   - CHANGED: The setting to enable the neighbour solication filter rule
              for Comcast's request flooding was changed to "ipv6_ns_drop",
              and now defaults to "0" as this hack causes issues with
              other ISPs.
   - CHANGED: Backported dnsmasq patch that reverts a fix for Windows 8
              clients as it could cause issues with other clients.
   - FIXED: DNSFilter would fail if you had it set to "Router", and didn't
            have a DNS IP entered on the WAN page.
   - FIXED: MSS clamping wasn't applied to traffic in both direction, moved
            it to the mangle table.
   - FIXED: OpenVPN client firewall "external" mode does not exist - removed
            from the webui.
   - FIXED: PPTP account list could become corrupted after removing an entry
            on the PPTP server page.



378.52_2 (5-Apr-2015)
   - CHANGED: Updated AiCloud prebuilt binaries for MIPS models
   - CHANGED: Applied kernel patch for MIPS kernel ported from 376_3861,
              related to CTF support
   - FIXED: AiCloud would fail to start unless you had HTTPS enabled for 
            the webui (causing the key/cert to be missing)
   - FIXED: DDNS hostname would become corrupted after backing up
            your router configuration (Asus bug)


378.52 (3-Apr-2015)
   - NEW: Merged with Asus GPL 378_4608
   - NEW: Added ECDHE support to the webui (when accessed over HTTPS)
   - NEW: The DHCP server can now provide a second DNS to its clients
   - NEW: You can tell the router not to advertise itself as a DNS
   - NEW: Experimental Tor support (feature originally developed by
          Asus, but not available yet on stock firmware).  You can
          enable it in the VPN section of the webui.
   - CHANGED: Updated miniupnpd to 1.9.20150309
   - CHANGED: You can no longer disable the JFFS2 partition if
              Traffic Analyzer is enabled.  Likewise, you can
              no longer enable Traffic Analyzer if the JFFS2
              partition is disabled.
   - CHANGED: The selected refresh rate of the Wireless Clients
              page will be saved to a cookie
   - CHANGED: Removed obsolete (non-safe) ciphers such as RC4
              from the router's https webui
   - CHANGED: Updated OpenSSL to 1.0.0r
   - CHANGED: Removed Turbo button support from webui, as that feature
              doesn't work with the current bootloader everyone is
              using now (RT-AC68)
   - CHANGED: Performance optimization to the httpd, dropbear 
              and rc services
   - FIXED: 2.4 GHz and 5 GHz-1 clients were swapped on the
            Sysinfo page (RT-AC3200 only)
   - FIXED: Wifi PSK wasn't blurred until activated (regression
            from 378.51)
   - FIXED: Samba's custom config/postconf were ignoring the
            state of the global option to enable them (they
            would always be used)
   - FIXED: Samba's custom config/postconf usage wasn't logged
   - FIXED: Some services would fail on their first attempt
            to start at boot time due to the QTN subsystem
            taking too long.  Implemented patch from Asus 
            which eliminates the long QTN stall at boot  
            time.  This resolves the issue where some users 
            had trouble connecting their WAN at boot time (RT-AC87U)
   - FIXED: NAT rules could occasionally fail to be applied
            (patch by john9527)
   - FIXED: The Apply button on the Adaptive Bandwidth page
            had a clickable area so wide that it even covered
            part of the left side menu.  (Asus bug)
   - FIXED: USB menu was removed instead of Parental Control on
            DPI-enabled models
   - FIXED: QoS page was still available on the AP/RP modes on
            DPI-enabled models
   - FIXED: Error on OpenVPN Server page if using a DHCP pool for
            connected clients.
   - FIXED: UPNP would be reported as enabled on the security report
            if it was enabled on the secondary WAN even if Dual WAN
            itself wasn't enabled.  Now we check that Dual WAN itself 
            is also enabled before reporting so.  (Asus bug)
   - FIXED: mtd-erase was unable to erase the brcmnand partition, which
            is used as the JFFS2 partition starting with the RT-AC66U
             (patch by benoitm974)
   - FIXED: JFFS2 partition couldn't be formatted for all routers but
            the RT-N66U (wrong partition name).  Also resolved the case
            where a second reboot was required to mount it.
   - FIXED: RT-AC3200 port numbering was reversed on the Sysinfo page.


378.51 (6-Mar-2015)
   - CHANGED: Updated OpenSSL to 1.0.0q (no real code change)
   - CHANGED: Split the changelog into a separate file
   - CHANGED: Added logging on custom config/script execution.
              An error message will also be logged if those
              are disabled while such a file is found.
   - CHANGED: Allow pasting the password in some fields that would
              disable it (patch by gfairchild)
   - FIXED: RSSI not reported for guest clients (beta 1 regression)
   - FIXED: DM failing to install on RT-AC66U (beta 1 regression)


378.51 Beta 1 (28-Feb-2015)
   - IMPORTANT: The RT-N16 is no longer officially supported.  The increased
                number of separate router platforms is becoming too much of
                a burden for one single developer, as some features must be 
                implemented 2-3 separate times for different architectures.  
                The RT-N16 support will remain in the source code, so other
                developers can still compile their own builds, and possibly
                take over for supporting this older platform.  However, no new
                features will be implemented, and it will no longer get 
                tested.  I still welcome external contributions if 
                someone else wants to take care of testing and providing 
                fixes to new issues.
   - NEW: Added support for the RT-AC3200.
   - NEW: ARM support for Entware, using Zyxmon's Qnapware repository.
   - NEW: Re-designed Wireless Log page displaying connected wireless
          clients.  The new page uses Ajax to automatically update
          itself at a user-selected frequency, for near realtime
          monitoring of your connected wifi clients.
   - NEW: NAT loopback can now be chosen between Disable, Asus's original,
          and Merlin's own (based on Phuzi0n's original DD-WRT design).  The
          option can be found on the Firewall page.
   - CHANGED: Reverted RT-AC66U driver to previous version as some users
              were experiencing stability issues with the 3754 version.
   - CHANGED: Updated p910nd to 0.97 to resolve incomplete print jobs
              (patch by stsichler)
   - CHANGED: Updated Samba to 3.6.25
   - CHANGED: The Entware setup scripts will now backup any existing
              installation rather than remove it (patch by TeHashX)
   - CHANGED: Re-implemented our original NAT loopback code, with attempts 
              at reconfiguring it whenever the DPI engine is restarted.
              This is still experimental, as most of the DPI engine is 
              closed source, so unsure if the loopback gets re-enabled 
              in every regular DPI restart scenarios.
   - CHANGED: Disabled the offline default error page.  Clear your offline
              content in your browser to fully get rid of it.
   - CHANGED: Removed security warnings if FTP/Samba are configured to
              allow unauthenticated users.
   - FIXED: Issues when connecting with Russian ISPs relying on DHCP+VPN 
            (such as Beeline)
   - FIXED: When enabling WAN access to webui, the router would always
            forward both http and https ports regardless of if either of
            these were disabled.
   - FIXED: Shared printers over LPRng would sometime fail to 
            completely print the last page (patch by stsichler)
   - FIXED: CVE-2015-0240 security issue in Samba 3.5.8 (used by
            AiCloud).  The main Samba daemon was patched by the
            update to 3.6.25.


378.50 (7-Feb-2015)
   - IMPORTANT: You must do a factory default reset, and manually
                reconfigure your setting if coming from a version
                older than 378.50.  Failure to do so can
                lead to various issues with wifi, OpenVPN,
                and the new AC68U bootloader.

   - IMPORTANT: Please read this changelog, especially the changes
                related to jffs, user scripts/config and OpenVPN in
                the previous 378.50 betas.

   - NEW: Merged with Asus GPL 378_4129 code.
   - CHANGED: Reverted back to vsftpd 2.x, as 3.0.2 doesn't work properly
              on MIPS architectures (and possibly other particular
              scenarios as well).
   - CHANGED: Added warning to the DDNS page if you set the type
              to Custom and either JFFS or custom script support isn't
              enabled
   - FIXED: A few unescaped quotes in the French dict breaking VPN pages
   - FIXED: MAC list would get corrupted when removing and re-adding
            entries on the MAC filter list
   - FIXED: AC68U CFE update wasn't written to flash due to permission
            issues
   - FIXED: Static Key field wasn't visible when using HMAC authentication
   - FIXED: syslogd was always enforcing the -S switch
   - FIXED: When setting a static DHCP from the networkmap, the user-entered
            name wouldn't be used.  Now it gets used, and we rely on the rc
            daemon to properly handle it if it's not a valid hostname (it will
            simply not provide it to dnsmasq's static name list).


378.50 Beta 2 (31-Jan-2015)
   - NEW: Added custom config and postconf support for avahi, netatalk 
          and mt-daapd (iTunes server).
   - CHANGED: Moved the AC68U CFE update process to the same location
              as in GPL 3626 to see if it works more consistently.
   - FIXED: Non-DPI build of AC56U had incompatible Tuxera modules
   - FIXED: vsftpd wouldn't start if you had IPv6 enabled.
   - FIXED: Asus had disabled the NAT loopback fix on MIPS's iptables
            in GPL 3762.  Re-enabled.
   - FIXED: Wireless clients that hadn't communicated in a while wouldn't
            be properly shown on the Wireless log (patch by pinwing)
   - FIXED: QoS rules weren't applied properly when IPv6 was enabled
            (was changed in recent GPL - reverted it)
   - FIXED: Can't apply a Custom DDNS if you don't have something entered
            in the username/password fields (shown in other DDNS services)
   - FIXED: NFS page wasn't properly loading


378.50 Beta 1 (25-Jan-2015)
   - IMPORTANT: You must do a factory default reset, and manually
                reconfigure your setting.  Failure to do so can 
                lead to various issues with wifi, OpenVPN,
                and the new AC68U bootloader.

   - IMPORTANT: Please read this changelog, especially the changes 
                related to jffs, user scripts/config and OpenVPN.

   - NEW: Merged with Asus 378_3913 GPL code.  Most notable changes:
            * Trend Micro DPI engine for RT-AC68U
            * Updated Trend Micro engine for RT-AC87U
            * Updated Quantenna firmware/driver
            * Various updates to 3G/4G support and Dual WAN

   - NEW: ddns-start user script, executed after the DDNS update 
          was launched (can be used to update additional services)
   - NEW: Custom DDNS (handled through ddns-start script)
          See the documentation for how to create such
          a script.
   - NEW: Option to enable support for custom scripts and
          config files.  This option is disabled by default, so 
          if you have a broken script that prevents the router from 
          booting, doing a factory default reset will ensure that the 
          broken script won't be executed, and recover access to the
          router.  This is necessary since the JFFS2 partition is
          now enabled by default.
   - CHANGED: Added logo to DNSFilter on the AiProtection
              homepage (contributed by Piterel)
   - CHANGED: Updated Openssl to 1.0.0p
   - CHANGED: Merged Asus's newer NTP update code, with a fix
              to prevent hourly log spam from the update process
              when in a DST enabled timezone.
   - CHANGED: Updated vsftpd to 3.0.2 (newer version used by
              Asus on their Qualcomm-based routers)
   - CHANGED: the qos-start script will be passed an argument
              that will contain "init" (when setting up tc)
              or "rules" (when setting up iptables).
   - CHANGED: JFFS2 partition is now enabled by default, to be in
              sync with Asus, who are starting to make use of this
              partition.
   - CHANGED: The Local IP in an IPv6 firewall rule can now be
              left empty.
   - CHANGED: Download Master will now be downloaded at install time 
              rather than included in the firmware, to increase the
              amount of space available to JFFS - this matches
              the AC56/AC68. (N16, N66)
   - FIXED: Under certain conditions, the OpenVPN server page 
            would report an initializing state when it was 
            already running.
   - FIXED: First OpenVPN client/server instance wasn't properly
            run on the second CPU core, resulting in lower
            performance (AC56/AC68/AC87)
   - FIXED: Router IP wasn't advertised through DHCP as WINS
            server if WINS was enabled
   - FIXED: OpenVPN would crash if specifying "None" as
            the cipher (regression in OpenVPN 2.3.6)
   - FIXED: The "empty" category was removed by Asus a
            few months ago, preventing you from removing
            an assigned priority on the Adaptive QoS
            page.  Re-added it.
  - FIXED: Port triggers weren't written to the correct
           iptables chain (Asus bug)
  - FIXED: When moving from stock to this firmware, the OpenVPN
           Server 1 instance gets automatically enabled because 
           Asus hardcodes "1" into the nvram setting that handles
           start at wan.  Changed to a different nvram to resolve
           this conflict.  This means everyone must re-enable their
           OpenVPN server instance after upgrading from any version
           before 376.50.
  - FIXED: dnsmasq would run out of available leases if you had a 
           very small DHCP pool combined with many out-of-pool 
           reservations.  Now the limit will be either 253 or the 
           pool size, whichever is the largest (Asus issue)
  - FIXED: SSHD port forwarding couldn't be enabled/disabled
  - FIXED: DHCP log spam when using IPv6 with a Windows 8
           client (patch by pinwing)
  - FIXED: snmp exposes a lot of sensitive information such as
           login credentials, therefore all the custom Asus MIBs
           have been disabled.
  - FIXED: Very long SSIDs with special characters/spaces in them 
           would be shown as "undefined" in the banner.
  - FIXED: Curl would fail to access SSL sites due to lack of
           a CA bundle.


376.49_5 (9-Jan-2015)
   - FIXED: Vulnerability in infosvr (CVE-2014-9583) (Asus bug)
   - FIXED: Additional security issue in infosvr (incorrect memcpy()
            call) (Asus bug)


376.49_4 (27-Dec-2014)
   - FIXED: WAN page error when entering a hostname, and broken 
            UPNP FAQ link
   - FIXED: OpenVPN Server wasn't showing the Advertize DNS to
            Client option (regression from 3677 merge)
   - FIXED: bootloop when enabling Traditional QoS (or any other
            feature that forces CTF to be disabled) due to 
            FA being left enabled (Asus bug) (AC87)


376.49_2 (23-Dec-2014)
   - FIXED: Asus DDNS couldn't be configured on the webui
   - FIXED: OpenVPN server wouldn't let you edit user accounts
   - FIXED: Missing DLNA icon on clients (Asus bug) (N66, AC66)


376.49 (21-Dec-2014)
   - NEW: Merged with Asus GPL 376_3677.  This new code
          includes a lot of changes related to USB modem
          support.
  - NEW: IPv6 handling based on dnsmasq + odhcp6c.  This new
         code which has been developped by Asus these past few
         months but kept disabled so far has been enabled.
         Initial tests show much better reliability with
         different ISPs.
  - NEW: Added IPv6 support to DNSFilter (currently only 
         Yandex has IPv6 servers).  Note that unlike IPv4
         filtering, we cannot automatically NAT queries
         to the desire server, so the current implementation
         works like Asus's YandexDNS service, where IPv6 servers
         are simply returned to DHCPv6/RA client queries,
         and ip6tables ensures that you cannot override
         them, by rejecting connection to other DNS servers.
  - CHANGED: Merged newer DPI engine from 378_3123 beta
             (AC87)
  - CHANGED: Removed SSLv2 and v3 support from OpenSSL
             (we had already stopped using these in
             376.48, so this removes unused code)
  - CHANGED: The VPN webui is now a bit closer to Asus's code.
             This will mostly make it easier to keep in
             sync with future changes to that UI by
             Asus (they rearranged the layout a bit in
             376_36xx).
  - CHANGED: Updated OpenVPN to 2.3.6
  - CHANGED: Reverted to Asus's max-lease number calculation
             for dnsmasq
  - CHANGED: Hide wireless key on settings page unless field
             has focus (patch by John9527)
  - CHANGED: Ported USB 3.0 (XHCI) kernel driver from
             Netgear GPL (which seems to have in turn
             backported it from upstream kernel 3.x)
  - CHANGED: Updated Quantenna to v36.7.3.23 (AC87)
  - FIXED: vsftpd wasn't properly compiled with SSL
           support.
  - FIXED: MAC filtering couldn't be disabled on Guest
           networks (Asus bug) (Patch by John9527)
  - FIXED: Various fixes and tweaks to the new IPv6
           code from Pinwing and saintdev
  - FIXED: Editing a client on the networkmap would 
           cause any matching DHCP reservation entry to
           lost its hostname
  - REMOVED: The web redirection control setting was
             removed, as it is being replaced by the
             (simpler) redirection setting Asus added
             to the System page.


376.48_3 (20-Nov-2014)
   - FIXED: NAT loopback was broken on MIPS devices
            (backported Asus fix from 376_3626)


376.48_2 (8-Nov-2014)
   - FIXED: Samba would fail to start on the RT-N16 due to a
            missing library.


376.48_1 (7-Nov-2014)
   - FIXED: Max-lease calculation Asus introduced in 376_2769 is
            broken - re-hardcode it to 253 like they used to do in
            previous release.  Will be properly fixed once they
            release a newer GPL with this issue resolved.
            (Asus bug)

376.48 (7-Nov-2014)
   - NEW: Added the RT-AC68P to the list of supported devices
   - CHANGED: Use sha256 checksums instead of MD5 for improved
              security when validating your downloads.
              (note: checksums are also posted on the support
              forum at SmallNetBuilder)
   - CHANGED: Switched my fix for unmounted/hidden partition
              support with Asus's own fix from GPL 3561.
   - FIXED: Samba would fail to start if the router admin username contained
            upper case characters.  Samba was modified to have it try to
            local the UNIX user as provided (it was previously only
            trying upper and lower case versions) (Samba 3.6 bug)


376.48 Beta 3 (02-Nov-2014)
   - CHANGED: Updated miniupnpd to release 1.9 (plus upstream PCP fix)
   - FIXED: Couldn't edit share permissions for Samba if your disk
            contained an unmounted/hidden partition (Asus bug in 2769)
   - FIXED: Couldn't edit share permissions for Samba for the RT-N66U
            internal SDcard reader (Asus bug in 2769)
   - FIXED: Missing Max User field to Samba page (Asus bug)


376.48 Beta 2 (26-Oct-2014)
   - NEW: Added logo to the webui header
   - CHANGED: Samba 3.6 will now use libiconv to handle
              charset conversion (will resolve CP850
              warnings amongst other things)
  - CHANGED: Updated miniupnpd to 20141023 code from Github.
  - CHANGED: Updated dropbear to 2014.66.
  - CHANGED: Reverted NTP update code to GPL 2678 in hopes of
             resolving the few cases where it didn't work anymore.
  - FIXED: minidlna is once again able to use inotify for updates.
           A temporary workaround has been implemented where
           minidlna will be staticly linked with a threadsafe
           build of sqlite3, while BWDPI will continue to use
           the shared non-threadsafe library. (Asus bug)


376.48 Beta 1 (18-Oct-2014)
   - NEW: Merged with Asus 376_2769 AC87 GPL
   - NEW: Enabled numerous modules in net-snmp (based on the list
          used by OpenWRT)
   - NEW: Added postconf and custom config support for snmpd.conf
   - NEW: Added HID support to ARM kernel (AC56,AC68,AC87)
   - CHANGED: Reverted NAT loopback code to Asus's, since our own
              code is currently broken by recent FW code changes.
   - CHANGED: Updated openssl to 1.0.0o, resolving a few security issues.
   - CHANGED: Disabled SSLv2 and SSLv3 support for https access to the
              router webui.  IE6 users, your time is up - upgrade.
              TLS 1.0 is now the only supported protocol.
   - CHANGED: upgraded main Samba server from 3.0.x to 3.6.24.  This might
              cause a slight drop in performance, but should improve
              both reliability and security.
   - FIXED: DNSFilter client list dropdown would sometime be empty.
   - FIXED: DNS queries run on the router were forwarded to upstream
            nameservers instead of the local dnsmasq
   - FIXED: Re-added the USB HID kernel module needed for UPS monitoring
            (patch by ryzhov_al)
   - FIXED: Incorrect top margin on some pages such as AiCloud, and
            stretched font on the progress splash (Asus bug)
   - FIXED: URL and keyword filtering wasn't working under certain
            situations when CTF was enabled
   - FIXED: Mac Filtering wasn't working with Guest networks
            (Asus bug) (Patch by saintdev)
   - FIXED: Chosing a client on the MAC Filter page wasn't properly
            filling the Name field.  Also reorganized layout a bit.


376.47 (20-Sept-2014)
   - NEW: Added sha256 and sha512 HMAC support to dropbear (SSH)
   - CHANGED: Moved OpenVPN postconf scripts right before server/client
              gets started, so you can also use them to modify the other 
              generated files such as the exported ovpn config file.
  - FIXED: SSHD options visibility (patch by pinwing)
  - FIXED: EMF/IGMP settings were reverting to the select profile
           default (Asus bug introduced in GPL 2678)
  - FIXED: PPTP account list failed to display (regression in Beta 1)
  - FIXED: VPN server page was switching back to PPTP when changing
           OpenVPN unit and you were initially on the PPTP page
  - FIXED: Activity indicator wasn't shown during a networkmap
           scan


376.47 Beta 1 (14-Sept-2014)
   - NEW: Merged with Asus GPL 2678 (AC87)
   - NEW: Report Quantenna FW version on Sysinfo page
   - NEW: Enabled experimental FTP and Samba Cloud Sync support in AiCloud.
          This feature is still in development by Asus, so it might not be
          fully functional yet.
   - NEW: Enabled experimental SNMPD support, under Administration -> SNMP.
          This feature is still in development by Asus, so it might not be
          fully functional yet. (not available on the RT-N16)
   - NEW: Added option to enable WAN access to SNMPD, defaults to disabled.
          (Asus's implementation has it open to the WAN by default)
   - CHANGED: Re-increased max allowed FTP user limit to 10 (was reverted
              to 5 in the GPL merge when the setting was moved to the
              FTP page)
   - FIXED: PPTPD was getting enabled every time you clicked Apply while on 
            the PPTPD VPN Server page


376.46 (26-Aug-2014)
   - NEW: Merged with Asus GPL 2061.  This is essentially
          the new QTN driver for the AC87.
   - FIXED: Various webui issues with IE10/IE11 (patch by pinwing)
   - FIXED: OpenVPN Client page was visible on the RT-N16
   - FIXED: DHCP pool validation error on VPN Server advanced page.
   - FIXED: Couldn't edit the first VPN Client entry due to broken
            duplicate check (Asus bug)


376.45 (17-Aug-2014)
   - NEW: Compiled vsftpd with SSL support (must be manually
          configured if you intend to use it)
   - NEW: Report FA state (Level 2 CTF) on Sysinfo page.
   - CHANGED: Updated dropbear to 2014.65.
   - CHANGED: Updated openssl to 1.0.0n (numerous
              security fixes)
   - CHANGED: Updated lzo to 2.08
   - CHANGED: Reworked VPN Server pages to be more intuitive
   - FIXED: Garbled client dropdown selector on DNSFilter page
   - FIXED: The Comcast neighbour solicitation block wasn't
            enabled anymore (regression in 376.44) (Patch by
            Sinshiva)
   - FIXED: 5 GHz N+AC mode was incorrectly setting router to
            N-only mode (Asus bug, fix backported from 2381,
            additional fix by me for AC66)
   - FIXED: PControl page failing to display on French and
            Italian locales (Asus bug)
   - FIXED: IPv6 can occasionally fail to work properly when
            using a PPPoE WAN interface (patch by pinwing)


376.44 (3-Aug-2014)
   IMPORTANT: Make a backup of your JFFS partition if upgrading
              an RT-AC56U or RT-AC68U and you have stored files
              on that partition!  The partition layout has been 
              changed.

   - NEW: Merged with Asus's 376_2044 GPL.
          Summary of changes:
            * New networkmap, lets users edit device names,
              assign icons to devices, etc...
            * Reworked IPv6 support
            * New filesystem driver provider for NTFS/HFS+/FAT
            * Webui visual update
            * Updated components (minidlna, radvd, dnsmasq)
 
  - NEW: Added support for RT-AC87U.
  - CHANGED: Updated N66U wireless driver to Asus's 1071 build
  - CHANGED: Updated miniupnpd to Git head (as of 20140731)
  - CHANGED: The JFFS partition on ARM devices now uses
             Asus's code, which means the whole unused space
             is now used for the JFFS partition.
             (AC56, AC68)
  - CHANGED: Made all ARM models use the new filesystem drivers from Tuxera, 
             resulting in general improved USB disk performance (and 
             hopefully improved reliability as well) (AC56, AC68)
  - CHANGED: The wifi notification icon will now report
             channel and channel width for the 5 GHz band,
             as the extension channel wasn't always accurately
             reported.
  - CHANGED: Reworked layout of SSH settings on System page (based 
             on Asus's own WIP)
  - CHANGED: Allow FQDN (hostname + domain) rather than just
             hostnames on the WAN page (some ISPs require that)
  - FIXED: Missing mDNSResponder daemon preventing mt-daapd
           from working on MIPS devices (N16,N66,AC66)
  - FIXED: System Log wouldn't properly be positioned
           at the bottom (Patch by John9527)
  - FIXED: DNSFilter clients configured to bypass DNSFilter
           would still be prevented from using an IPv6 DNS.
  - FIXED: Incorrect IPv6 prefix if not a multiple of 8
           (patch by NickZ)
  - FIXED: OpenVPN firewall cleanup was missing rules
           (patch by sinshiva)
  - FIXED: Minidlna issues with Philips smart TVs
  - FIXED: SSHD brute force protection wasn't working if
           Dual WAN was enabled and set to LB mode.
  - FIXED: Miniupnpd error flood in Syslog when using a
           Plex server on your LAN (fix from upstream)
  - REMOVED: Reverted various IPv6-related patches as they
             conflicted with Asus's own changes.  These might
             make it back at a later time if deemed
             necessary.
  - REMOVED: Removed layer7 filtering support in Netfilter from 
             ARM devices due to compatibility issues (AC56,AC68)
  - REMOVED: Removed IPsec support from ARM devices due to
             compatibility issues (AC56, AC68)


374.43_2 (7-June-2014)
   - FIXED: NTFS disks couldn't be mounted (Paragon driver not
            loading due to a kernel change) (AC56, AC68)


374.43 (6-June-2014)
   - NEW: User-configurable refresh period to trigger a DDNS
          update after a certain number of days.
   - CHANGED: dnsmasq option 252 now defaults to an empty string,
              to silence broken clients such as Win7.
              Important: if you were previously using a customized
              252 reply (to use with a valid wpad/pac file), you 
              will need to use a postconf script to change the
              default config instead of appending your own
              config.
              If you use DNS-based WPAD setting, you will need
              to remove the 252 option using postconf, as IE will
              not query for the DNS entry if there is a 252
              option through DHCP, even if it fails to connect to it.

   - CHANGED: Updated miniupnpd to 1.8.20140523.
   - CHANGED: Updated openssl to 1.0.0m.
   - CHANGED: More backports from OpenSSL 1.0.2, improving SHA
              performance on ARM routers.
   - CHANGED: The JFFS2 partition is now disabled by default after
              a factory default reset.
   - FIXED: Media server page wouldn't let you enable the iTunes
            server unless you also enabled DLNA (Asus bug)
   - FIXED: Restricted guests still had access to the router (Asus
            bug introduced in GPL 4887)
   - FIXED: 6in4 traffic wasn't bypassing CTF if dualwan mode was
            either disabled or set to failover mode (AC56/AC68)
   - FIXED: Single character workgroups were rejected as invalid
            (Asus bug)
   - FIXED: Networks with SSIDs containing single quotes
            would break the client list (Asus bug)
   - FIXED: Traffic Monitor results are wrong on PPPoE connections
            (Asus bug) (Patch by pinwing, additional debugging 
            by fantom1)
   - FIXED: Crash if entering close to 64 MACs plus their names on
            the MAC filter page.


374.42_2 (16-May-2014)
   - FIXED: Time Machine support (AC56, AC68)


374.42 (9-May-2014)
   - NEW: Merged with Asus's 374_5656 GPL.
   - NEW: Added Comodo Secure DNS to supported DNSFilter services
   - FIXED: Download2 folder wasn't selectable anymore on the
            Media Server page.
   - FIXED: Pass correct valid and preferred lifetime to radvd when
            using DHCPv6-PD (Patch by pinwing)
   - FIXED: IPv6 connectivity could be lost after 1-2 hours due
            to the time shift caused by NTP at boot time
            (Patch by pinwing)
   - FIXED: Various IPv6 connectivity issues related to services
            being (re)started at the wrong time, or twice.
            (Patch by pinwing)
   - FIXED: Build system would sometime try to use the local system's
            header/libs - use a pkg-config wrapper to avoid this
            issue (Patch by ppuryear)
   - FIXED: Erratic 5G led blinking behaviour as the watchdog's software-
            based blinking was constantly writing to the wireless chip's 
            registers for led control. (AC68)
   - FIXED: LEDs weren't all turning back on when coming out of
            Stealth Mode (AC56)
   - CHANGED: Make the router use dnsmasq for internal name
              resolution rather than directly using the WAN DNS.
   - CHANGED: Upgraded OpenVPN to 2.3.4.
   - CHANGED: Upgraded miniupnpd to 1.8.20140422 (PCP-related fixes)


374.41 (18-Apr-2014)
   - NEW: Merged with Asus's 374_5047 GPL.  Notable changes:
       * Fixed RT-AC68U random reboots
       * Additionnal security fixes
       * Improved Media server, SMB and FTP webui
       * minidlna and radvd updates

   - NEW: PCP support (Port Control Protocol)
   - NEW: Option to allow/deny FTP access from WAN.  Default is to
          reject WAN connections.  The option can be found on the
          USB Servers -> FTP Share
   - NEW: Option to control web redirection while Internet is 
          down (configurable on the WAN page).
   - CHANGED: Upgraded miniupnpd to 1.8.20140401.
   - CHANGED: Disk idle exclusion now supports up to 9 disks.
   - FIXED: WOL wasn't working (Asus bug in 4887/5047)
   - FIXED: Replaced webui glue with permanent concrete.  It won't
            fall again.
   - FIXED: Language dropdown not properly shown with 8-bit 
            characters.
   - FIXED: Comcast's IPv6 network would flood the LAN with
            neighbour solicitation packets, which should normally
            not cross beyond their modem.  There is now an ip6tables
            rule to filter out those packets, preventing your log
            from being spammed with table overflows.  The filter is
            is enabled by default and can be disabled by setting the 
            "ipv6_neighsol_drop" nvram setting to "0". (rule suggested
            by diplomat7)
  - FIXED: EMF wasn't properly configured after wireless was
           restarted (patch from Vahur)
  - FIXED: Router crashing when more than around 30 static routes 
           were entered
  - FIXED: webui would die for some users when accessing the VPN Server 
           config page and there were connected OpenVPN clients
  - FIXED: Added missing iptables-save on ARM platform (AC56, AC68)
  - FIXED: nvram factory default reset would sometime fail on MIPS
           devices (N16, N66, AC66) (Patch by ryzhov_al)
  - FIXED: Under a certain situation the router could lose track of
           whether an OpenVPN server/client instance was running or not.
           This could result in the webui trying to restart it, and
           returning an error message because it was already running.
  - REMOVED: The Media server database location is no longer
             configurable, as we've switched to Asus's new 
             automatic location selection.
  - REMOVED: Removed the Run Cmd page as it was a security
             risk.  This is also needed to keep in line with 
             recent security fixes Asus applied to the
             httpd backend to limit what external processes
             it can run, otherwise any malicious page could
             run arbitrary commands on your router if you
             were currently logged on a separate tab.


374.40 (6-March-2014)
   - KNOWN ISSUE: Some people are experiencing random reboots
     with the RT-AC68U running firmwares based on recent Asus GPL.
     If you are are affected, please revert to 374.40 alpha4 for now.
     Asus are looking into the issue, which affects this model since
     374_4422.

   - FIXED: Asuswrt was calling wl_defaults() every time the
            wifi was restarted, causing Regulation Mode to be
            overwritten.  Now we force it to h mode if the
            router model and region requires DFS compliance
            (same as Asus's code, except we won't enforce 
            it to off in other scenarios, and will only do
            so if it was previously set to off).
   - FIXED: Advanced wireless page broken on Internet Explorer, due
            to missing Array.IndexOf() support in IE (Asus bug)
   - FIXED: Incorrect model detection prevented CPU temperature
            from being shown on the Sysinfo page on the "R" SKUs.


374.40 Beta 2 (5-March-2014)
   - FIXED: Numerous buffer overruns in networkmap that would result
            in crashes or empty/incomplete device list.  Was often 
            visible on networks hosting a Windows Home Server machine.
            (Asus bug)
   - FIXED: Site survey was reporting 5G as being disabled on RT-N16.
   - FIXED: Various issues related to the helper.sh script for postconf
   - FIXED: The OpenVPN instance wasn't restarted if it was currently 
            stopped due to a syntax error in its config and you had 
            just corrected it.
   - FIXED: Restarting the wireless service would stop emf/igs snooping
            until they were manually restarted/recconfigured. (Asus bug)
   - FIXED: Channels above 153 were missing on 5 GHz band if width
            is set to 40 MHz (Asus bug)
   - FIXED: reg_mode was being enforced to "h" (EU region) or "off"
            (others) since GPL 4422.  We now stick again to what's 
            set in the webui by the end user.
   - FIXED: Allow LAN traffic while dualwan mode is set to lb (issue
            caused by the default policy fix in beta 1)


374.40 Beta 1 (1-March-2014)
   - NEW: Merged with Asus's 374_4561 GPL.  Notable changes:
       * Various security-related fixes
       * Redesigned Parental Control webui
       * Notification in case of insecure configuration

   - NEW: Added OpenDNS Family Shield support to DNSFilter
   - NEW: Added support for up to three user-defined servers to DNSFilter
   - NEW: Added option to force DNSfilter clients to always use the DNS
          provided to them by the router's DHCP server (which will be
          the router itself if you didn't change it on the DHCP 
          webui page)
   - NEW: Option to disable the DHCP6 Server (code contributed by
          kdarbyshirebryant)
   - CHANGED: The RT-N66U is now compiled with EM enabled
              by default.  That means there will no longer be a separate
              experimental build for this.
   - CHANGED: Updated dropbear to 2014.63
   - CHANGED: New type of glue for the webui header
   - CHANGED: Switched to a shorter version numbering scheme
   - FIXED: RT-N16 firmware (missing files were obtained from
            the new GPL release Asus made for this model)
   - FIXED: Last24 page wasn't properly displaying the 
            Avg value (regression in 374.39)
   - FIXED: Clients with a configured IPv6 DNS would bypass
            DNSFilter.  DNSFilter-enabled clients will now 
            be prevented from using IPv6 nameservers, forcing 
            them through the (IPv4-only) filtering nameserver
   - FIXED: DNSFilter clients set to "None" would still be
            forced through your WAN-configured nameservers,
            preventing nameservers configured on the clients
            from working.  Now they will fully ignore the DNSFilter 
            settings.
   - FIXED: The global DNSFilter would sometime not get properly
            configured in the firewall.
   - FIXED: When the firewall was disabled, the FORWARD chain
            policy was still left to "DROP" - changed to "ACCEPT".
   - FIXED: typo in SMB config ("use spne go") (Asus bug)
   - FIXED: PPPoE with an MTU of 1500 requires the WAN interface 
            to have its MTU set at 1508 (patch by pinwing)
   - FIXED: IPv6 Prefix Delegation issues (patch by pinwing)
   - FIXED: MTU setting on IPv6 connections (patch by pinwing)


3.0.0.4.374.39 (31-Jan-2014)
   This version isn't available for the RT-N16 as support for the 
   SDK5 platform is currently broken in the latest GPL sources. 

   - NEW: Merged with Asus 374_583 GPL.  Notable changes:
      * USB hub support
   - NEW: DNS-based filtering.  Under Parental Control there is
          now a new tab called DNS Filter where you can enable 
          a DNS-based filtering service, and apply a specific 
          filter both globally and on a per-client basis.  Supported
          are: OpenDNS, Norton Connect Safe and YandexDNS.
   - NEW: helper.sh script, to simplify creation of postconf
          scripts.  See the postconf section for details.
   - CHANGED: Discontinued SDK5 builds for the RT-N66U.  The new EM
              builds resolved wifi range issues by running the SDK6
              driver set in Engineering Mode (driver provided by Asus).
              Look in the Experimental folder for the EM build - it will 
              eventually become the standard build for the N66U once
              it gets sufficiently tested.  You might need to do a 
              factory default reset after switching to an EM build,
              for best results.
  - CHANGED: Re-switched back to rp-pppoe 3.11 since nobody confirmed 
             that 3.10 worked better for them.
  - CHANGED: Allow PPPoE MTU up to 1500, for ISPs that support RFC 4638.
  - CHANGED: Additional webui performance improvement by caching CSS.
  - FIXED: DHCPv6 client failing to start if the router username was 
           changed from "admin" (Asus bug) (patch from Saintdev)
  - FIXED: DHCPv6 client failing to request an IP with some ISPs 
           such as Comcast (Asus bug) (patch from Saintdev)
  - FIXED: SMB shares were accessible over WAN, bypassing Netfilter
           (Asus bug) (AC56/AC68)
  - FIXED: USB read speed would be limited by the QoS upstream
           configuration (Asus bug) (AC56/AC68)
  - FIXED: Resolution of local machines with domain appended would fail 
           when using a nameserver that does not return nxdomain errors 
           (such as OpenDNS) (Asus bug)

           The new behaviour is configurable on the LAN-> DHCP page, 
           in case you run your own nameserver which is expected to 
           handle both local and remote domains.  Default is to not
           forward these (to allow OpenDNS to work properly).

  - FIXED: OpenVPN Client page - changing the local IP wouldn't always be 
           properly saved.
  - FIXED: Well-known services not properly applying settings on the
           Network Services Filtering page (Asus bug)
  - FIXED: Webui crash when importing an ovpn with invalid cert/keys
  - FIXED: resolv.conf not reverted to its original content after an 
           OpenVPN client that gets DNS pushed to it would disconnect.
  - FIXED: The average rates on the realtime traffic page would be 
           calculated based on the max number of samples (300) instead of 
           the currently collected number of samples (Asus bug)
  - REMOVED: YandexDNS has been removed, since its functionality is now
             provided by the new DNSFilter.


3.0.0.4.374.38_2 (17-Jan-2014):
   - CHANGED: Improved webui responsiveness by instructing the browser 
              to cache images.
   - CHANGED: Reverted minidlna to 374.37 code.  While the latest code 
              brings some fixes, it seems to also break functionality 
              for a small number of users.  Too many low-level changes 
              from the minidlna author to make it easy to debug.
   - FIXED: Syntax error in DHCPv6 client config (Asus bug)
   - FIXED: Domain field wasn't clearly identified on the webui 
            when DDNS set to Namecheap (Saintdev)
   - FIXED: Missing carriage return in dnsmasq.conf when PPTP VPN
            is enabled, causing LAN name resolution issues.
            (Asus bug)
   - FIXED: A few unescaped quotes in the French dict would break
            some webui pages (such as the Wireless page).
            (Asus bug)
   - FIXED: OpenVPN server export would always export the first 
            server instance configuration.
   - FIXED: Bogus "Config file is missing" error logged by pptpd when 
            it was starting (Asus bug)
   - FIXED: "Advertise DNS" wasn't visible if the page was loaded and 
            "Respond to DNS" was already enabled.


3.0.0.4.374.38_1 (12-Jan-2014):
   - FIXED: Tools -> Run Cmd page wasn't working (regression
            in 374.38)
   - FIXED: Router getting stuck on various webui changes due 
            to a broken precompiled emf module (AC56/AC68)


3.0.0.4.374.38 (11-Jan-2014):
   This version isn't available for the RT-N16 or the SDK5 build 
   of the RT-N66U as support for the SDK5 platform is currently 
   broken.  Please stick to 374.36 Beta 1 for the time being on 
   these two platforms.

   Note that the RT-N66U did get a newer wifi driver, so give it a 
   try, as it might have resolved or at least improved on the wifi 
   range issues.

   Remember to do a factory default reset if switching from SDK5 to 
   SDK6 builds!  Keep a backup of your existing settings in case you 
   decide to revert back to an SDK5 build.

   - NEW: Merged with 374_2078 GPL provided by Asus (From RT-N66U).
          Notable changes:
      * Updated SDK for MIPS devices - 6.30.163.2002 (r382208)
      * PPPoE HW acceleration should be fixed by the new SDK
      * Updated AiCloud closed source components (MIPS)

   - CHANGED: Reverted Parental Control code to our fixed code, 
              as I see Asus is still making fixes to their own 
              code past version 2078.
   - CHANGED: Updated AC56 and AC68U wifi driver and CTF to
              January 3rd builds (provided by Asus)
   - FIXED: emf/igs userspace tools were missing on ARM devices
   - FIXED: USB devices missing on MIPS devices (regression
            in 374.37)
   - FIXED: Wifi stability on ARM devices (regression in
            374.37)


3.0.0.4.374.37 (31-Dec-2013):
   * This build was pulled due to numerous issues *

   - NEW: Merged with Asus 374_501 GPL (from RT-AC68U).
          Notable changes in this version:
          * New SDK (wireless driver and CTF) for AC56/AC68
          * dnsmasq updated to 2.68
          * radvd updated to 1.9.5
          * Improved IPv6 support
          * Fixed Parental Control (A-M's own fix was replaced with
            this new one for consistency)
          * More details shown on Wireless Log page (their changes
            were merged with our own changes)
   - CHANGED: Dropbear default path will now include the locations
              inside /opt
   - CHANGED: Don't include a cert/key section in exported .ovpn if the
              router has "User authentication only" enabled
   - CHANGED: Display in which chain a given port forward rule is, on the
              Port Forwarding page.  Allows to distinguish manual forwards
              from upnp forwards.
   - CHANGED: The state of PPTP/L2TP client connections will be reported 
              on the VPN Status page.
   - CHANGED: Removed the display of global OpenVPN statistics on the
              VPN Status page.
   - CHANGED: Upgraded AiCloud binary components on MIPS routers to
              374_1631 build (N16/N66/AC66)
   - FIXED: OpenVPN clients with DNS set to "Strict" weren't properly
            setting dnsmasq to use "strict-order"
   - FIXED: Garbled resolv.conf generated when adding an OpenVPN client DNS
            to it
   - FIXED: OpenVPN Client static key was incorrectly processed when shown
            on the webui.


3.0.0.4.374.36 Beta 1 (23-Dec-2013):
   - NEW: Added ECDSA key support for SSH
   - NEW: postconf scripts.  This allow you to modify a generated
          config file (for example, smb.conf) before the service
          using it gets started.
   - NEW: layer7 Netfilter module on ARM devices (AC56, AC68).
          Note: traffic accounting must be manually enabled on
          these devices (see the Layer7 section in the FW's README)
   - CHANGED: Updated dropbear to 2013.62
   - CHANGED: Improved rendering of the VPN Status page
   - CHANGED: Extended retry period for WAN DHCP queries to 160 secs
              in Normal DHCP mode to give time to Charter to 
              unblacklist customers being accidentally blocked by them.
   - CHANGED: Downgraded rp-pppoe from 3.11 to 3.10 to see if it's
              more stable for some PPPoE users
   - FIXED: Some VPN client username/passwords were incorrectly handled
   - FIXED: When disabling Dual WAN, WAN unit wasn't being reset to 
            unit 0, preventing users from editing the correct unit 
            (Asus bug)
   - FIXED: If you replaced the Asus generated CA with your own, the 
            exported ovpn file would contain your CA with the 
            Asus-signed client cert/key.  Now, we only insert the 
            client cert/key if it was signed by the current CA.
   - FIXED: MSS clamping for clients connecting to the PPTPD server 
            (Asus bug)
   - FIXED: networkmap's DLNA detection was broken with some devices,
            and could result in very long delays during scan (Asus bug)
   - FIXED: Adjusted various timings in networkmap which should help 
            with device lists being incomplete especially after a 
            reboot.

  
3.0.0.4.374.35_4 (30-Nov-2013):
   - CHANGED: Added a VPN mode selector on the VPN Server Details page.
   - FIXED: JS error on the VPN Server Details page related to PPTP
   - FIXED: Clicking on "Apply" on VPN Details page would fail to
            apply your new settings to a running OpenVPN server.
   - FIXED: Some port forward rules were incorrectly generated when
            in load-balancing mode (Asus bug)
   - FIXED: After adding/removing a user to OpenVPN Server, the password
            file was not immediately updated.  Note that this fix will
            break backward compatibility with Asus as the nvram value
            storing the list of OpenVPN user/pass had to be renamed
            (so not to be instanced).
  - FIXED: VPN client not working on MIPS devices (N66/AC66).
  - FIXED: Various formatting issues with generated client.ovpn file


3.0.0.4.374.35_2 (24-Nov-2013):
   - FIXED: updown.sh script location was changed in
            339, causing issues with OpenVPN clients


3.0.0.4.374.35 (24-Nov-2013):
   - NEW: Merged with Asus 374_339 GPL (from RT-AC68U).
          Asus added some new features in this release:
          * Support for HFS+ and Time Machine (AC56/AC68U only)
          * OpenVPN support.  Their implementation uses the backend
            code from Asuswrt-Merlin but with a more
            simplistic, novice-friendly webui.  This required 
            adapting the current webui to be able to retain some 
            of their improvements without sacrificing the 
            flexibility of being able to have two separate server 
            and client configurations.

   - NEW: Support for Namecheap DDNS (Patch provided by saintdev)
   - NEW: Added qos-start user script
   - FIXED: Incorrect range validation for UPnP ports on WAN page.
   - FIXED: Accidentaly lock out of webui due to software hammering
            the router's webui without valid login credentials
   - FIXED: NAT Loopback broken with CTF enabled (AC56/AC68) (Asus bug)
   - FIXED: Backing up your settings would return an empty CFG file.
   - FIXED: Kernel panic when inserting ebtables rule (AC56/AC68,
            fix backported from kernel 2.6.37)
   - FIXED: If an IP/CIDR on the IPv6 firewall page was long enough
            to be shortened with "..." it would be incorrectly saved.
   - CHANGED: IPTraffic will now account for traffic going through
              an OpenVPN tunnel
   - CHANGED: VPN webui is now an hybrid of our original webui,
              along with Asus's own.  This allows the addition
              of these features developed by Asus:
              * Ability to export an ovpn config file to give to
                your clients
              * Support for username/password authentcation on
                the built-in server
              * Ability to import a tunnel provider's .ovpn
                config file to configure a client connection
                on the router


3.0.0.4.374.34_2 (01-Nov-2013):
   - FIXED: DNS resolution not working for VPN clients
            (bug in Asus 374_979)
   - FIXED: USB disk detection on AC56/AC68.
   - FIXED: Turbo mode option couldn't be saved (RT-AC68)


3.0.0.4.374.34 (30-Oct-2013):
   - NEW: Merged with Asus 374_979 (from RT-N66U).  
          AC56/AC68 AiCloud components taken from 374_217.
   - NEW: Added RT-AC68U support.
   - NEW: Added IPSec support to the kernel.  Userspace tools 
          such as StrongWAN must be installed from Optware/Entware,
          and manually configured.  (Patch provided by saintdev)
   - NEW: Adjustable MTU for DHCP/static IP WAN users
   - NEW: WAN interface name passed as argument to firewall-start
   - NEW: Configurable min/max ports allowed to be redirected by UPNP.
          This allows WHS users to change the min allowed port from 
          the default value of 1024 to allow UPNP forwarding of 
          HTTP/HTTPS.
   - NEW: Display CPU temperature on Sysinfo page (AC56 and AC68)
   - NEW: Display CPU chart on Performance page (AC56 and AC68)
   - CHANGED: UPnP rules will now be processed after manual 
              forwards and port trigger rules.
   - CHANGED: Site Survey now reports supported protocol.
   - CHANGED: Updated Dropbear to 2013.60.
   - CHANGED: Updated dnsmasq to 2.67 final.
   - FIXED: Some Traffic Monitor pages were missing the page tabs.
   - FIXED: The webui would allow you to enable SSHD while not 
            setting an authkey or enabling password-based authentication.
   - FIXED: 802.11h options should only be available on the 5 GHz band.
   - FIXED: Wifi icon hover would report 5G channel as undefined if
            2.4GHz radio was disabled.
   - FIXED: IPv6 clients list failed to properly merge IPs from similar 
            MACs (Asus bug)
   - FIXED: Minor layout issues with the Clients list
   - FIXED: Samba wasn't started at boot time if browser master or WINS
            was enabled and we had no USB disk plugged in.
   - FIXED: Router/minidlna crashes when processing very large image
            collections - various memory leaks plugged.
            (patches provided by Paulo Capani)
   - FIXED: Buffer overrun when entering more than 35 MACs on the
            filter list.  We now support up to 64 MACs.


3.0.0.4.374.33 (3-Oct-2013):
 * IMPORTANT *: RT-N66U users must revert back to factory defaults and
                manually reconfigure their settings if coming from a FW
                older than 3.0.0.4.374.xxx (applies to both Asus or
                Asuswrt-Merlin).

   - NEW: Merged with Asus 374_726 code from RT-AC66U GPL.  Notable changes:
            * RT-N66U now based on the SDK6 driver.  This resolved the
              numerous connectivity issues, at the expense of a shorter
              range (a separate SDK5 build based on driver 5.100 is 
              available in the Experimental folder as an alternative).
            * AiCloud 2.0
   - NEW: Added bonding.ko kernel module.
   - NEW: Repeater mode moved into regular builds.
   - NEW: Dual WAN moved into regular builds.
          Note that there are still a few issues left, such as recovery
          from failover mode when the primary WAN comes back up.
   - NEW: YandexDNS support moved into regular builds.  This is
          a DNS-based filter list, which can be configured under 
          Parental Control.
   - NEW: Added support for last seen devices on Ethernet port status 
          (Tools-> Sysinfo) for RT-AC56U.
   - NEW: Option to control 802.11 extensions that deal with
          regulations.  On the Wireless Professional page
          you can now enable 802.11d and 802.11h support.
   - CHANGED: robocfg now (almost) completely supports the
              Northstar platform (RT-AC56U)
   - CHANGED: Enabled Syn Cookies for ARM devices (RT-AC56U)
   - CHANGED: Allow selecting the Download2 folder for media server
              location.
   - CHANGED: MIPS builds optimized for mips32r2 code generation, which
              should improve general performance. (N16/N66/AC66)
   - CHANGED: More openssl backports from 1.0.2, adding
              mips32r2 support, improving performance
              especially for sha1 (RT-N16/N66/AC66)
   - CHANGED: Increased OpenVPN crt/key fields to allow up to 3499 
              characters - enough to accomodate even a 4096 bits key.
   - CHANGED: Removed the firewall rules for acsd since it no longer
              listens on a TCP socket.
   - FIXED: Samba binding to WAN interface would cause warnings
            about WINS/master browser (regression in 374)
   - FIXED: The ARM kernel was missing the Advanced IP Routing option,
            preventing some of the "ip" command functions from
            working (was breaking Astrill's plugin) (RT-AC56U)
   - FIXED: With FW 374 Asus changed the Samba priority from too high to
            too low (-19), resulting in poor sharing performance.
            I changed it to a priority of 0, providing more balanced 
            performance. (N16/N66/AC66)
   - FIXED: Some fields would allow invalid characters (such as
           single quotes) which might break the webui JS.  There might 
           still be a few unprotected fields.
   - FIXED: Memory leak in httpd service (Asus bug)
   - FIXED: Parental Control not working with certain schedules
            (patch provided by Makkie2002)
   - FIXED: Potential key truncation in httpd if one was to use very 
            large OpenVPN keys and certs in all fields of all four 
            instances.
   - FIXED: Samba would start sharing local disks even if all you 
            wanted was its WINS/Browser services.
   - FIXED: The JFFS formatting code could encounter a case
            where it wouldn't write back its cleared
            format flag.
   - FIXED: Restarting the wireless service would break
            stealth mode.
   - FIXED: The new thumbnail cache code Asus added in build 720's
            minidlna will prevent scanning from completing on very
            large collections.  Reverted that code for now.
   - FIXED: Wireless key field was automatically activated on
            page load, which could lead to accidental changes
            (issue introduced in 374_720).
   - FIXED: Router believed that NTP wasn't properly working after a
            LAN or wireless service restart (issue introduced in
            374_720).
   - FIXED: IPv6 client list was incorrectly displayed if a client
            didn't have a known hostname (Asus bug)


3.0.0.4.374.32 (24-Aug-2013):
   - NEW: Merged with Asus 374_168 GPL code.
   - NEW: wan-start script will get passed the WAN unit number as 
          argument
   - NEW: Webui option to select the location of the DLNA database 
          (patch by VinceV)
   - NEW: IPv6 firewalling.  Originally, Asuswrt would allow any IPv6 
          traffic to be forwarded to your LAN devices.  This new option 
          (enabled by default) will prevent traffic forwarding to LAN 
          devices.  You can also create firewall rules to allow inbound 
          traffic to specific hosts.  The firewall configuration can be 
          accessed through the "Firewall -> IPv6 Firewall" page.
   - CHANGED: Upgraded OpenVPN to 2.3.2
   - CHANGED: Implemented IPTraffic support in DualWAN - Load balanced
              mode (Experimental builds)
   - CHANGED: Updated miniupnpd to 20130730
   - CHANGED: Updated some prebuilt binaries (RT-AC56U)
   - CHANGED: Updated 2.6.36 kernel to the latest code used
              in 372_184 (RT-AC56U), includes some changes
              related to USB3, and PPP/CTF.
   - CHANGED: Smarter location selection for the DLNA database
              location to reduce the chances of having it in
              RAM if left to default location, filling it up 
              (patch by VinceV)
   - CHANGED: Updated e2fsprogs to 1.42.8 to be in sync with Asus
   - FIXED: Web server would crash if you entered too much data in
            OpenVPN key/cert fields.
   - FIXED: The ACSD service could be exploited by a LAN user to
            gain shell access to the router.  TCP connections to
            ACSD are now blocked by the firewall.
   - FIXED: You could not define time periods on the Parental
            Control calendar under IE.
   - FIXED: Wireless client list would sometime return incorrect
            hostname or be missing IP.
   - FIXED: Security issue with Samba and symlinks


3.0.0.4.372.31_2 (28-July-2013):
   - FIXED: Samba wouldn't start due to missing symlink (RT-AC56U)


3.0.0.4.372.31 (24-July-2013:
   - NEW: Merged with 372_1393 code from Asus.  Notes:
      * Beamforming support for RT-AC66U/RT-AC56U
      * RT-N66U driver still downgraded to build 270 (which
        means no HW acceleration for PPP, but more reliable
        connectivity on the 5 GHz band)
      * Minidlna was updated to 1.1.0
      * AiCloud security hole fixed
      * Parental Control ui still broken under IE10 (use Fx or Chrome
        for now)

   - NEW: YandexDNS.  Asus is currently implementing support in the
          firmware for this DNS-based filter.  This can be
          found under Parental Control.  See http://dns.yandex.ru/
          for more info (go go Google translate!).
          (Experimental builds only)
   - NEW: User-provided client config files (ccd) for OpenVPN server.
          See the OpenVPN and Custom Config sections of the firmware's
          documentation for more info.
   - CHANGED: Connections list under System Log will now progressively
              display the result while the router is still
              resolving IPs (if that option was enabled).
   - CHANGED: OpenVPN client password hidden by default (and added
              checkbox to display it similar to what Asus added
              to the System page)
   - FIXED: Sysinfo page was reporting IPv6 as reason for
            CTF to be disabled - since 372 that is only true
            for ARM devices.
   - FIXED: OpenVPN Server in TAP mode + DHCP wasn't routing
            properly (DHCP was overruling the default GW)


3.0.0.4.372_30_3 (11-July-2013):
   - NEW: Added support for newest RT-N66U hardware revision.
          This router has a new model of flash, you can NOT
          use any older FW on these. (RT-N66U)


3.0.0.4.372.30_2 (7-July-2013):
      (note: since people always thought adding a "b" meant "beta' 
       rather than revision "b", I am switching to Asus's new 
       numbering scheme, hence "30_2" for this revised 372.30.)

   - FIXED: NAT loopback (invalid iptable rules was silently accepted
            by iptables)
   - FIXED: Removed empty Yandex tab
   - FIXED: Entware setup script missing from all builds
   - FIXED: pptpd failing to start (was missing from build)
   - FIXED: OpenVPN server not starting if using a static key
   - FIXED: Disks plugged to USB 2.0 port weren't getting mounted
            (RT-AC56U)


3.0.0.4.372.30 (5-July-2013):
   - NEW: Merged with preliminary 372 code provided by Asus
          (initialy meant for the ARM environment)
   - NEW: RT-AC56U support.  Various bugs have been fixed 
          over the original FW that initially shipped with these routers.
          Thanks to Asus for providing a development sample.
   - NEW: Added JFFS support to RT-AC56U.
   - CHANGED: Downgraded wireless driver + CTF to build 270 version
              (RT-N66U, fixes 5 GHz stability issues).  Note that this
              means that HW acceleration for PPPoE is no longer 
              available for the RT-N66U, as it was new in the 5.110 SDK.
   - CHANGED: Updated iptables-1.4.x to 1.4.14 (RT-AC56U)
   - CHANGED: Brought back the Connection page under System Logs
   - CHANGED: Updated e2fsprogs to 1.42.7.  Amongst other things
              this new version is more memory-efficient on large
              filesystems.
   - CHANGED: Renamed Advanced (Per IP) Traffic monitoring for
              IPTraffic (to match the Tomato name for that same
              functionality)
   - FIXED: GRO kills upload speed if CTF is disabled (patch provided 
            by Asus, RT-AC56U)
   - FIXED: Buffer overrun in NVRAM handling, leading to random crashes
            (Asus bug, RT-AC56U)
   - FIXED: NVRAM values getting corrupted or disappearing if using more
            than 32 KB (Asus bug, RT-AC56U)
   - FIXED: Reapply layout fixes to Guest network and DHCP page (were 
            lost in a recent webui update)
   - FIXED: JFFS2 could get reformated again at each subsequent reboots.
   - FIXED: Devices with a NetBIOS name of 15 chars long would have 
            their name merged with the next device's.
   - FIXED: Empty Site Survey list if there was only one AP found
   - FIXED: Saved settings might fail to restore if they contained 
            OpenVPN or SSHD keys with CRLF line endings.  You should
            access the OpenVPN Keys page, click on Apply to re-save 
            them, then re-create any backup you had of your router 
            settings.
   - FIXED: Numerous bugs in ipt_account for Kernel 2.6.36 (RT-AC56U)


3.0.0.4.354.29 Beta 1 (17-May-2013):
   - KNOWN ISSUE: 5 GHz 40 MHz is unreliable with some wireless
                  cards (RT-N66U)
   - NEW: RT-N16 is no longer an experimentally supported device.
          Thanks to Mike from Sapphyre Software for providing
          me with an RT-N16.
   - NEW: Report currently used channels when mousing over
          the wifi icon at the top of the webui
   - NEW: Sysinfo: Ethernet port state will report each port's VLAN ID.
   - CHANGED: Merged with webui content from 3.0.0.4.364
   - CHANGED: Increased list height on Site Survey page
   - CHANGED: Warn if trying to do a site survey with either
              radios disabled.
   - CHANGED: Updated to miniupnpd 1.8.20130426
   - CHANGED: Updated to dropbear 2013.58
   - FIXED: Syslogd must be restarted if we had to adjust its log 
            level for DHCP query logging.
   - FIXED: br0 would change MAC address when starting an OpenVPN server 
            with a tap interface.
   - FIXED: Sysinfo: Port numbering order (RT-N16)
   - FIXED: Sysinfo: 5G radio infos weren't hidden if the 
            router did not support that band (RT-N16)
   - FIXED: Wifi status icon would remain half-lit if 2.4 GHz was
            disabled on a router without 5 GHz support (RT-N16)
   - FIXED: Various fixes related to site survey display
   - FIXED: Improved compatibility with USB disks > 2 TB
            (must use ext2 or ext3)
   - FIXED: Unable to clear DMZ IP (fixed in 364 webui files)
   - FIXED: PPTP/L2TP Internet connection unable to connect at boot 
            (bug introduced in 358.28)
   - FIXED: PPTP/L2TP Internet connection unable to reconnect after  
            going down (unsure if Asus bug or 358.28 bug)
   - FIXED: Numerous bugs in the Per IP traffic monitoring causing 
            inaccurate traffic accounting if there was too much 
            traffic, or if update requests occured in a too short 
            period of time.
   - FIXED: Asking for traffic monitoring (regular and Per IP) database 
            to be re-created would re-create it again on next reboot if 
            in the mean time you didn't change any other settings, 
            causing the flag not to be cleared on the mtd partition.


3.0.0.4.354.28 Beta 1 (19-Apr-2013):
   - KNOWN ISSUE: 5 GHz 40 MHz is unreliable with some wireless 
                  cards (RT-N66U)
   - KNOWN ISSUE: Sort order is sometimes wrong on the Site Survey page
   - NEW: Wireless site survey (on the Wireless tab)
   - NEW: openvpn-event user script that gets run when a tunnel goes 
          up/down.  Read the OpenVPN documentation on the "up" and 
          "down" events for more on how to use this script, and to use 
          the passed parameters.
   - NEW: Enabled sftp support in Dropbear (the sftp server must be
          installed from Entware)
   - NEW: Option to prevent SSH port hammering (patch submited by dodava)
   - CHANGED: Merged with webui pages extract from the Asus released FW, 
              as they were more recent than the GPL ones
   - CHANGED: Port state on Sysinfo page now uses the new OUI lookup 
              code from Asus
   - CHANGED: Try to report on Sysinfo what is forcing HW acceleration 
              to be disabled
   - FIXED: Build 354 reduced minimum syslog level to WARNING - bumped 
            back to INFO as in previous versions (resolves DHCP events 
            not being logged).  Also ensured we readjusted it if DHCP 
            logging is enabled, to handle routers that got upgraded 
            with the new loglevel already set.
   - FIXED: Port numbering on the Sysinfo page for devices that has 
            them backward (untested) (RT-N16)
   - FIXED: Client list wasn't using the new OUI code from Asus (was 
            missing from the GPL archive)
   - FIXED: LAN traffic going through the NAT loopback would be counted 
            in the Per IP traffic monitoring.
   - FIXED: IE rendering of the Other Settings page when toggling Per 
            IP monitoring
   - FIXED: Cannot set webui to HTTPS-only (causes port conflict error) 
            (Asus bug in 354)
   - FIXED: Cannot create/modify folders in AiDisk
   - FIXED: Couldn't resolve LAN hostnames if WAN was down (the web 
            redirection would hijack all DNS queries).  Now, we let 
            dnsmasq handle both LAN and redirected queries.
  - FIXED: Fixed support for Broadcom Wimax devices
  - FIXED: smbpasswd wasn't properly updated when deleting a user 
           (Asus bug)
  - FIXED: Aicloud: handling of disks with multiple partitions on the 
           webui (Asus bug) (fix submitted by hshang)


3.0.0.4.354.27 Beta 1 (31-Mar-2013):
   - NEW: Merged with 3.0.0.4.354.  Notable changes:
            * New wireless driver
            * New Network Tools
            * WOL (Under Network Tools
            * HW acceleration support for PPPoE
            * DHCP Normal/aggressive behaviour.  Similar to the 270.25 
              implementation, except it can be enabled/disabled

          Asus considers build 354 to still be beta, so be advised that 
          there might still be some issues left (there are known issues 
          related to 3G/4G dongles for instance).

   - CHANGED: Removed WOL webui - Asus added their own WOL support  on 
              the Network Tools page.  You will have  to re-add your 
              WOL entries.
   - CHANGED: Removed System Log -> Connections page, and integrated it 
              into the new Network Tools -> Netstat page from Asus (as 
              NAT Connections)
   - CHANGED: Removed wol binary, since Asus's WOL page uses ether-wake.
   - CHANGED: Removed option to control SIP helper on Firewall page 
              (use the new Asus option from WAN - NAT PAssthrough page 
              instead)
   - CHANGED: WPS button when set as a radio toggle will now behave the 
              same way as Asus's firmware: pressing it will fully 
              enable/disable both radios in the webui, rather than just 
              toggle the state of the enabled radios.  This means the 
              button will override the webui, and radio states will 
              survive reboots.
   - FIXED: Avoid duplicate shares when using simpler share naming 
            using Asus's code from 354)
   - FIXED: Improved fdisk support for 4KB sector size
   - FIXED: openvpn: Client-specific entries weren't properly parsed
   - FIXED: dnsmasq warning in syslog if DHCP static leases are disabled


3.0.0.4.270.26b (17-Mar-2013):
   - FIXED: Volume labels with spaces were rejected (Asus used the same 
            code to validate hostnames and volume labels)


3.0.0.4.270.26 (15-Mar-2013):
   - NEW: ipset Netfilter support + userspace tool to create ipset lists.
   - CHANGED: Router's hostname is now set all the time, regardless of
              telnet/ssh states (and including in AP mode)
   - CHANGED: Added device name field on the LAN page, since it's now 
              relevant to the router's hostname (not just SMB).  Left 
              it on the SMB page as well, for those used to see it there.
   - CHANGED: Router will supply its device name when requesting an IP 
              while in AP mode.
   - CHANGED: Various webui lists were increased from 32 to 128 entries 
              allowed.
   - CHANGED: Improved networkmap:
               * Will also use DHCP hostnames and user-defined static
                 names instead of just NetBIOS names
               * Client list will show an animation while networkmap is
                 still busy scanning and resolving device names
               * Dropdown menus that use Networkmap to build a list
                 of devices will also display names in addition to IP/MAC.
   - CHANGED: Don't restart the whole network if you only changed DHCP 
              reservations (LAN -> DHCP page)
   - FIXED: Openvpn: Non-CBC ciphers weren't working (their use is still 
            not recommended)
   - FIXED: Proxy auto-configuration support (Asus bug)


3.0.0.4.270.25b (3-Mar-2013):
   - FIXED: Disabling DHCP logging would cause a syntax error in 
            dnsmasq's configuration (regression from dnsmasq update)
   - FIXED: Outbound VPN client traffic was dropped (regression from 
            firewall_2 fix)


3.0.0.4.270.25
   - NEW: NFS folder sharing.  Webui can be found on the 
          USB Applications -> Servers Center page (NFS Exports tab)
   - NEW: dhcpc-event and zcip-event scripts (called on WAN events)
   - NEW: Ccustom configs: group.add, gshadow.add, passwd.add, 
          shadow.add, exports.add
   - NEW: New script that will setup Entware for you (written by 
          ryzhov_al).  Run "entware-setup.sh" through SSH/Telnet to 
          launch the install process.
   - CHANGED: Added a folder picker to the Tools Other Settings page to 
              select a location to store your traffic data files.
   - CHANGED: Updated dnsmasq to 2.65 (backported from 3.0.0.4.334)
   - CHANGED: Enabled additional optimizations for openssl and openvpn 
              for a significant performance gain
   - CHANGED: Reverted wireless driver to build 220 (RT-AC66U only)
   - FIXED: Added missing badblocks program
   - FIXED: Timing issues under IE where resolved device names would 
            not display on certain pages (such as the Sysinfo page)
   - FIXED: VPN client "common name" wasn't getting saved
   - FIXED: DHCP client will be less aggressive in attempting to obtain
            a lease (wait 2 mins instead of 20 secs between attempts),
            should help with ISPs like Charter who will blacklist you 
            if you send too many Discovery packets in a short period of 
            time.
   - FIXED: Made profile.add be run after any Optware profile, so the 
            user changes will have priority over anything else.
   - FIXED: WOL list corruption when removing an entry in some browsers
   - FIXED: No longer forward packets with a LAN IP as destination
            (Asus bug, fixed CDRouter test firewall_2)
   - FIXED: IPv6 WAN would have the wrong prefix length (Asus bug, patch 
            submitted by PiotrKa)



3.0.0.4.270.24 (13-Feb-2013):
   - NEW: Rebased on 3.0.0.4.270.  Notable changes:
      o New driver builds (these are NOT the new major versions that
        Asus are still working on)
      o NTP-related changes
   - NEW: Report CTF (HW Acceleration) state on Sysinfo page.
   - NEW: Display Ethernet port states on the Sysinfo page.
   - NEW: Replaced Busybox fsck/mkfs tools with those from e2fsprogs, 
          should be more reliable.
   - CHANGED: Temperatures on Sysinfo page will now auto-update every 3 
              seconds.
   - CHANGED: Connections page now uses Ajax for slightly better rendering
   - CHANGED: Improved name resolution on traffic monitor page, now uses
              a device's hostname if it reported one.
   - CHANGED: Client List now uses our improved name resolution code,
              will overwrite names with those entered on the DHCP static
              lease page.
   - CHANGED: Updated to OpenVPN 2.3.0 and lzo 2.06.
   - CHANGED: Updated Busybox to 1.20.2 (with Oleg/wl500g patches 
              re-applied).  Lots of fixes, including GPT support in 
              fdisk.
   - CHANGED: Updated Miniupnpd to version 1.8.  NOTE: previous 
              versions were NOT affected by the recent UPNP exploit 
              disclosure.  This is just as an added security precaution.
   - FIXED: Temperature on Performance Tuning page would fail to update 
            if a radio was disabled.
   - FIXED: Various timing issues causing some TrafficMonitoring and the
            Sysinfo pages to often fail loading under IE.
   - FIXED: JS error on the Per Device pages if FW failed to load the 
            traffic history.
   - FIXED: ebtables were still broken, fixed by a complete rebuild.
   - FIXED: Some OpenVPN fields rejected -1 as being valid.
   - FIXED: Hide 5G radio info from Sysinfo page if router is \
            single band (RT-N16)
   - FIXED: Master Browser/WINS would not work if there was no USB disk 
            plugged.
   - FIXED: Samba would bind to the WAN interface while in router mode 
            (Asus bug)
   - FIXED: Backported various kernel fixes from Oleg/WL500G, Tomato 
            and Kernel.org to help improve HDD > 2 TB support (still 
            not perfect, some USB enclosures are simply not Linux 
            compatible)
   - FIXED: Display of Connections under IE
   - FIXED: Trying to apply settings on the System page with a username 
            containing a non-alphanum would incorrectly assume you just 
            tried to change to an account name that already existed 
            (Asus bug).
   - FIXED: Wouldn't enable wins in Samba if you had a WINS IP entered 
            on the DHCP configuration page.


3.0.0.4.266.23b (31-Dec-2012):
   - FIXED: The IE fix ended up breaking Firefox (and meanwhile, Chrome 
            worked fine no matter which method was used to build that 
            dropdown).

3.0.0.4.266.23 (31-Dec-2012):
   - NEW: Rebased on 3.0.0.4.266 (from the RT-AC66U GPL)
   - NEW: Tools icon contributed by Maximilian Czarnecki.
   - FIXED: Skip bad blocks while erasing MTD partition (fixes RT-AC66U
            failing to format JFFS2 partition due to bad blocks)
   - FIXED: Router would have no hostname if you enabled ssh but kept
            telnet disabled.
   - FIXED: Couldn't add new ebtables rules (regression in 264.22)
   - FIXED: customized minidlna.conf
   - FIXED: Traffic monitoring per IP is unreliable if HW acceleration
            is enabled.  Do not load CTF if booting with cstats enabled.
   - FIXED: Per Device traffic monitor pages missing under IE


3.0.0.4.264.22 (15-Dec-2012):
   - NEW: Rebased on 3.0.0.4.264 (from the RT-N53 GPL).
   - NEW: Traffic monitoring per IP added to the Traffic Monitor section.
          Based on the Tomato IPTraffic implementation by Teaman.
   - NEW: Option to disable the Netfilter SIP helper (Firewall page), 
          allows people to manually forward port 5060 to their own SIP 
          server
   - NEW: Option to enable/disable logging DHCP client queries 
          (LAN->DHCP page)
   - FIXED: Tabs would disappear while on the Monthly traffic page.
   - FIXED: Really fixed Firefox issue (the fix wasn't merged
            in release 260.21).
   - FIXED: Router crash if the list of MAC filters + their names got 
            too long.
   - FIXED: OpenVPN webui: TLS Reneg and Connection Retry wouldn't let 
            you enter -1 as value.
   - FIXED: Layout issues on the DHCP page (one in Asus code, another 
            in Merlin code)
   - FIXED: Beeline Corbina was unable to connect to PPTP/L2TP server 
            due to DNS issues.
   - CHANGED: System log starts at the bottom (backported from GPL 314)
   - CHANGED: Dual WAN is no longer enabled in regular builds - too many 
              issues with it at this point.  Regular USB failover 
              still works.


3.0.0.4.260.21 (5-Dec-2012):
   - NEW: Rebased on 3.0.0.4.260.  This version should
          resolve issues with some Russian ISPs.  Note that
          the RT-N66U build still uses the wireless driver
          from release 220, as this seems to be the most stable
          at this time.
   - NEW: Option to force the router into becoming the SMB Master Browser.
   - NEW: Option to make the router act as a WINS server.
   - NEW: Option to control Spanning-Tree Protocol
   - NEW: fstab custom config file
   - FIXED: Firefox compatibility issues on the DHCP static and 
            MAC filter name fields.
   - FIXED: Wifi status icon wasn't accurately reporting states if they
            were changed by a radio schedule.
   - FIXED: QIS would report newer firmwares, potentially overwriting
            Asuswrt-Merlin with an original Asus firmware.
   - FIXED: Wifi LEDs would turn back on if radios were enabled while
            in Stealth Mode (now they turn back off after a few seconds)
   - FIXED: Webui would break if a network device had an invalid
            NetBIOS name (such as the Sonos Dock).


3.0.0.4.246.20 (14-Nov-2012):
   - NEW: Wifi status icon will be half colored if only one radio is 
          enabled.
   - NEW: Wifi status icon popup will report the state of each radios.
   - NEW: upnp custom config file for miniupnpd
   - NEW: unmount user script
   - NEW: led_ctrl and makemime (for use in conjunction with sendmail) 
          applets.
   - NEW: Implemented control for network switch LEDs (all four at once)
   - NEW: Stealth Mode: option to disable all LEDs
   - NEW: Added CONFIG_IP_NF_RAW and CONFIG_NETFILTER_XT_TARGET_NOTRACK 
          modules.
   - FIXED: Radio toggle through WPS button would be overriden by a 
            scheduled radio.  Reverted "switch" to "toggle" code to 
            prevent this.
   - FIXED: You couldn't disable DMZ by clearing the IP field.
   - FIXED: You couldn't edit entered text in DHCP/MAC/etc name field
   - FIXED: clientid passing for some ISPs requiring it (like Sky UK)
            was broken with the DHCP client change of build 220.
   - FIXED: No longer reboot the router three times during boot time if 
            one of the radios is disabled by the user. (RT-N66U)
   - FIXED: Changing the router login name to anything other than "admin"
            would prevent radvd, ecmh and the cru script from working 
            properly - they all assumed "admin".  Made then use
            http_username instead (which is tied to the superuser)
   - CHANGED: Improved SMB and vsftpd read performance by up to 30%


3.0.0.4.246.19b (26-Oct-2012):
   - FIXED: Reverted wireless driver to build 220 version as the new 
            one caused various connection issues for some (RT-N66U).


3.0.0.4.246.19 (23-Oct-2012):
   - NEW: Rebased on 3.0.0.4.246.  Some notable changes:
            o New "Enhanced interference management" option under 
              Wireless -> Professional.
            o Improved AiCloud webui
            o dnsmasq updated to 2.64

   - NEW: Option to enable simpler share names.  When enabled, the folder
          Share will be shared as "Share" instead of "Share (on sda1)".
          The option can be found on the Misc tab, under USB Application.
   - NEW: User customized config files for various services.  Those custom
          config entries can either be appended, or completely replace the 
          config file generated by the firmware.
   - NEW: Added Name field to the Wireless ACL page.
   - NEW: Added service applet to rc.  For example, "service restart_samba" will 
          restart the Samba service.  For advanced usage/debugging only.
   - NEW: Backported OpenSSL ASM optimization from 1.0.1, for significant performance
          improvements in applications such as OpenVPN or SSH when using AES.
   - NEW: Report the current CFE/Bootloader version on the Sysinfo page.
   - FIXED: Minor tweaks to the AiCloud pages so they can fit on a 15" laptop screen
            (some close buttons at the bottom were unreachable)
   - FIXED: Enabling SSH access from WAN didn't work if DualWAN
            was set to load-balancing.
   - FIXED: Removed MAC Filter page, as it doesn't work (not compatible
            with Parental Control).
   - FIXED: OpenVPN Client "Username Auth only" option was broken.
   - FIXED: Limit valid characters in a DHCP/WOL description to prevent 
            breaking the webui by using invalid ones such as quotes.
   - FIXED: OpenVPN Client wasn't properly applying DNS settings that
            the server was pushing to us.
   - FIXED: Wireless client list alignment in AP mode.
   - CHANGED: Less strict rules when validating user-entered MAC hwaddr.



3.0.0.4.220.18b (25-Sept-2012):
   - NEW: Report both rx and tx rates on wifi connections
   - FIXED: Handle cases where the wireless driver returns a speed of -1
   - FIXED: Removed rssi retrieval retries, as it would make the first access to
            the wireless page take forever if you had multiple connected clients.
            You will have to manually refresh the page the first time you access it
            if the RSSI is reported as "??".


3.0.0.4.220.18 (23-Sept-2012):
   - NEW: Added OpenVPN logging verbosity setting (vpn_loglevel, must be
          manually set to a value between 0 and 15, with 3 being the default).
   - FIXED: Buffer overrun in init code that would crash the router when 
            too many features were enabled at compile time.
   - FIXED: Re-enabled DualWAN (RT-N66U, RT-AC66U)
   - FIXED: Re-enabled Beceem (Wimax) support in RT-AC66U.
   - FIXED: OpenVPN 'Start with WAN' and 'Respond to DNS' settings were 
            not properly saved.
   - FIXED: First time a client's rssi is polled it would return 0.
   - FIXED: post-mount user script wasn't executed (regression in 220.17)
   - CHANGED: Added some info to the OpenVPN server and client pages.
   - CHANGED: Improved load time of the VPN Status page.


3.0.0.4.220.17 (18-Sept-2012):
   - NEW: Rebased on 3.0.0.4.220, which includes:
            * Fixes to IPv6 6rd
            * Fixes to AC66U Wifi + QoS
            * AiCloud
            * Interference mode once again enabled
  - NEW: Display last received rate and rssi for each clients on Wireless Log page.
  - FIXED: dnsmasq not listening to DNS requests from OpenVPN clients
           if you had just enabled the option on the webui.
  - FIXED: PPTP clients not always showing on VPN Status page.
  - CHANGED: Disabled DualWAN as it's currently broken in 220.
  - CHANGED: Disabled Beceem Wimax support in RT-AC66U as it bricks
             the router.
  - CHANGED: Removed firmware update checker to avoid accidental
             revert to original FW.


3.0.0.3.178.16 Beta:
   - NEW: (RT-N66U, RT-AC66U) Implemented OpenVPN, based on code written by
          Keith Moyer (from the Tomato project).
   - NEW: Added crontab command
   - FIXED: (RT-AC66U) Would crash when accessing a LAN device through either 
            VPN or the NAT Loopback (GRO is now disabled for that device)
   - FIXED: dnsmasq was listening to all interfaces by default, allowing 
            even dhcp requests to be serviced from the wan side if you
            had the firewall disabled (Asus bug) (fixed by dev0id)
   - FIXED: Default disk idle spindown now set to 0 (disabled).
   - FIXED: Corrupted WOL list when using IE.
   - CHANGED: Upgraded openssl to 1.0.0j.
   - CHANGED: Included fully functional openssl command (will allow you to
              create keypairs and certificates from the router).
   - CHANGED: Removed power adjustments from the Performance page, as they
              are redundant, and not as reliable.
   - CHANGED: (RT-N16) Disabled Dual WAN, as it exhibited many issues, and I 
              am unable to work on them without an actual router.


3.0.0.3.178.15 (17-Aug-2012):
   - NEW: Rebased on 3.0.0.3.178.  Notable fixes by Asus:
           * Radio turns back on based on schedule
           * Reorganized QoS pages
           * Turning WAN DHCP connection off will first release current DHCP lease
   - NEW: RT-AC66U officialy supported, with all the same features as the RT-N66U.
   - NEW: (RT-AC66U) Implemented JFFS support.  Limiting partition to 32 MB
          max, as using the whole 90+ MB available makes little sense for 
          JFFS, and was also displaying some issues.
   - NEW: Added nat-start user script, as NAT rules get applied separately from
          other firewall rules (firewall-start changes to the nat table are 
          being overwritten when the router starts NAT)
   - NEW: Added additional info to Sysinfo page
   - NEW: Added chroot applet
   - NEW: Option to allow SSH access from WAN
   - NEW: Option to exclude specific devices from idle spindown
   - FIXED: Performance page now uses the new Sysinfo API, and is now able
            to deal with cases where radios are disabled.


3.0.0.3.162.14b:
   - FIXED: Web server would crash for some people when accessing
            the Wireless Log page.


3.0.0.3.162.14:
   - NEW: Spin down disks after (user-configurable) inactivity timeout
          (using Jeff Gibbons' sd-idle-2.6)
   - NEW: System information page under the Tools menu.
   - NEW: Station list on the Wireless Log page will now report associated
          IP and hostnames (when possible).
   - CHANGED: Upgraded to MiniDLNA 1.0.25 (changelog:
              http://sourceforge.net/projects/minidlna/files/minidlna/1.0.25/)
   - CHANGED: Better integration of the Run Cmd page.
   - FIXED: Incorrect left menu rendering when under the Tools menu.


3.0.0.3.162.13:
   - NEW: Rebased on 3.0.0.3.162.
   - CHANGED: Switched to WPS radio toggle code Asus added,
              now on the Administration -> System tab.


3.0.0.3.157.12 Beta:
This is based on unreleased Asus code, which they have 
graciously provided me with.

   - NEW: Rebased on 3.0.0.3.157.  Notable changes from Asus:
      . IPv6 tunnel memory leak fixed
      . They fixed many issues, making some of my patches 
        no longer necessary, such as timezone DST, https auth, etc...
      . Upgraded radvd
   - NEW: Added link to the command shell page in Tools menu.
   - NEW: (RT-N16) Enabled power settings (EXPERIMENTAL)
   - NEW: Added "tee" command.
   - FIXED: NAT loopback rules would actually NAT every lan to lan
            connections instead of only those needing the loopback
            (bug in Asus's code).  Replaced with new code based on a
            suggestion from Phuzi0n on the DD-WRT forums.
   - FIXED: Accessing the WOL page would make it resend the last
            WOL request.
   - FIXED: 'cru' was using 'root' instead of 'admin'
   - CHANGED: Re-enabled Dual WAN (EXPERIMENTAL)
   - CHANGED: Made tracked connections load async from rest of the page
   - CHANGED: Increased hostname width on Connection status page
   - CHANGED: Improved WOL page functionality.


3.0.0.3.144.11 Beta (6-July-2012):
   - NEW: Name field added to DHCP reservation list
   - NEW: Webui option to enable resolving IPs on the Connections tab
   - NEW: Store a list of computer MACs to use as WOL targets
   - CHANGED: Increased dhcp options from 32 to 128 characters
   - FIXED: Brought max PPTPD password lenght back to 32 chars (Asus had reduced
     it to 16 in recent versions)
   - FIXED: Retrieve dhcpc options for the correct wan interface


3.0.0.3.144.10 (30-June-2012):
   - NEW: Rebased on 3.0.0.3.144.
   - NEW: Support for 64K NVRAM enabled.  ***First flash will
          wipe out ALL your settings!  And you cannot restore 
          from saved settings - you must manually reconfigure 
          everything.  Be warned!***
   - NEW: Enabled support for Broadcom Wimax devices
   - NEW: Added cifs kernel module (for mounting remote SMB shares)
   - NEW: Added layer7 iptables matching
   - NEW: Added user-options for DHCP on the WAN page
   - FIXED: Router crashing when connecting to it over Wifi
            and running the newer QoS code (disabled GRO)
   - FIXED: Router crashing when connecting to a network 
            device behind the router from over a VPN
            connection (disabled GRO).
   - FIXED: Incorrect timezone set unless enabling
            manual DST.


3.0.0.3.130.9 (10-June-2012):
   - NEW: Enabled new Dual WAN support from Asus
   - FIXED: no-ip DDNS entry would revert to Asus DDNS on webui


3.0.0.3.130.8 (8-June-2012):
*** Reverting to factory defaults BEFORE and AFTER flashing
this version is strongly recommended!  The newer Asus code base 
seems to have changed quite a few settings, so you'll want to 
not only start with the new default values, but also get rid 
of obsolete settings.  Otherwise you will be wasting a 
good amount of the limited available nvram. ***

   - KNOWN ISSUE: Memory leak when using IPv6 (bug in Asus's code 
                  and/or kernel code)

   - KNOWN ISSUE: PPTP VPN can randomly reboot the router if accessing 
                  a LAN device behind the router.  Workaround is to 
                  use an IP range outside of the local LAN
                  (i.e. 10.0.0.0 instead of 192.168.1.0), and either 
                  set your VPN to use the VPN tunnel as default 
                  gateway, or manually add a route to your VPN 
                  client.

   - NEW: Rebased patches on 3.0.0.4.130 (RT-N53U sources).
          Build 130 brings various code changes to IPv6, not sure 
          what else (as I have no changelog between 112 and 130).
          The QoS code remains from build 108, as build 130 is 
          unstable.
   - NEW: Added "diff" utility
   - NEW: Keyword-based filter (new in 130)
   - FIXED: Firmware/settings can now be uploaded over HTTPS
            (bug fixed by Asus)
   - FIXED: Buffer overflow in networkmap that would cause garbled 
            device names to appear on the clists list (bug in
            Asus's code)
   - FIXED: Firewall would break when applying a game preset that 
            had multiple ports separated by a "," (bug in Asus's
            code)
   - FIXED: WOL through webui wasn't working when IPv6 is enabled
   - FIXED: Memory leak in sit.ko (backported from Linux 2.6.25.3)
   - IMPROVED: /jffs/scripts/ will be created automatically if it
               doesn't exist (you must still make any new script 
               executable using "chmod a+rx script_filename")


3.0.0.3.108.7 (27-May-2012):
   - NEW: Added no-ip.com support to DDNS (patch submitted by Igor Pavlov)
   - NEW: Added webui page under System Log to display active/tracked
          network connections.
   - NEW: Added netstat-nat command.
   - NEW: Added pre-mount and post-mount user scripts (patch submitted by 
          Shantanu Goel)
   - NEW: Allows tweaking TCP/UDP connection tracking timeouts
   - FIXED: Removed check in Asus's code that would reject txpower > 80
            unless you clicked three times on Apply (?!).
            NOTE: Still not sure power setting even works, as I get
            -80db from the other end of the house no matter if I use 
            40 or 500 mW.


3.0.0.3.108.6 (14-May-2012):
   - NEW: HTTP access list (backported from build 112)
   - NEW: PPTP VPN encryption options (backported from build 112)
   - FIXED: Traffic history location was't properly saved
            when changed in webui.
   - FIXED: Disabled traffic history saving to nvram for now,
            to avoid people accidentally filling their limited nvram space.
   - FIXED: Missing bottom pixels from the bottom of General menu
   - FIXED: Removed invalid CSS attribute
   - FIXED: typo in VPN iptables entries (bug in Asus's code)


3.0.0.3.108.5 (5-May-2012):
   - NEW: Crond starts at boot time.
   - NEW: init-start is a new user script that will be run early on
          at boot time (right after jffs is mounted, and before any 
          service gets started)
  - NEW: Can save traffic history to a custom location (USB or 
         JFFS, for instance) to preserve it between reboots.
  - NEW: Added Monthly traffic page (ported from Tomato)
  - NEW: Added the Performance Tuning page (with temperature).
  - FIXED: Webui authentication was bypassed by the web server (bug in
           Asus's code)
  - FIXED: Httpd crash when uploading a FW or settings file over
           https - should simply fail now.  For now you have to 
           use http for flashing the FW or restoring your settings
           from a saved config file.


3.0.0.3.108.4 (28-Apr-2012):
   - NEW: Clicking on the MAC address of an unidentified client will do a lookup in
          the OUI database (ported from DD-WRT).
   - NEW: Added HTTPS access to web interface (configurable under Administration)
   - NEW: Option to turn the WPS button into a radio on/off toggle (under Administration)
  - FIXED: sshd would start even if disabled
   - CHANGE: Switched back to wol, as people report better compatibility with it.
             ether-wake remains available over Telnet.


3.0.0.3.108.3 (18-Apr-2012):
   - NEW: JFFS support (mounted under /jffs)
   - NEW: services-start, services-stop, wan-start and firewall-start user scripts,
          must be located in /jffs/scripts/ .
   - NEW: SSHD support
   - IMPROVED: Fleshed out this documentation, updated Contact info with SNB forum URL
   - CHANGE: Removed wol binary, and switched to ether-wake (from busybox) instead.
   - CHANGE: Added "Merlin build" next to the firmware version on web interface.
   
          
3.0.0.3.108.2 (14-Apr-2012):
   - NEW: Added WakeOnLan web page

   
3.0.0.3.108.1 (5-Apr-2012):
   - Initial release.