From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 0CBCB21F1C6 for ; Sat, 19 Apr 2014 13:01:43 -0700 (PDT) Received: by mail-wi0-f171.google.com with SMTP id q5so627512wiv.4 for ; Sat, 19 Apr 2014 13:01:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=TW1zpNNwqjx0sBh89n/VB3m2MDm2ydezDrE09AX0z6M=; b=xQhbr/5NkDFsJelILJ6K5tMhMcl1eOjsJksmy6KgmweSSgM/aqOGgpiApwZqKBDq+C 0xtEGpCcXwy/m9romN8AVdNyfN+SzhQw0zd4MIgQLwusOz+Q5xAT03BoGfOMCZQrdKlM 170iUOVbvckr7BhjYiWyX/ob500TVTfrf0rEpVIg1LmIpg3PUwNVhEmZfZWyiwLpSLHz m9b5Dx7Y3AM9WHPaJDbD7WOAa57UD1xW7ZYRf/oHIgFl9JgouEQcwXa9m3lnPJ06mc6x zouiHUN+tR9LtL6woWHONotXJ1l1ocRXCDvqyss6l4E4eynYB0D4RivBD2+MaW2o8YWf ndVw== MIME-Version: 1.0 X-Received: by 10.194.87.163 with SMTP id az3mr444720wjb.63.1397937701899; Sat, 19 Apr 2014 13:01:41 -0700 (PDT) Received: by 10.216.177.10 with HTTP; Sat, 19 Apr 2014 13:01:41 -0700 (PDT) Date: Sat, 19 Apr 2014 13:01:41 -0700 Message-ID: From: Dave Taht To: "cerowrt-devel@lists.bufferbloat.net" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] cerowrt-3.10.36-6 released X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Apr 2014 20:01:44 -0000 + felix's wifi patch for bug #442 added please break wifi. + debloat qlens reduced again to 12 for be and bk wifi queues + heartbleed fix from -3 forward I note that nearly every "secured"-by-openssl network facing daemon has bee= n shown vulnerable to heartbleed. The hole in openvpn bit *me*, in particular. I've updated, rekeyed and re-certified the vpns I have in place, and you should too for any openvpn servers and clients you have too. It was a real PITA for me, and I only had a few boxes on it. For more details, see: http://community.openvpn.net/openvpn/wiki/heartbleed For more details on the daemons potentially affected by heartbleed in cerowrt, openwrt, and others, see the advisory at: http://www.bufferbloat.net/news/50 + resync with openwrt notably there were updates to netifd, and a fix for a strongswan CVE + dnscrypt added as an optional package (thx stephen walker and "mailjoe") + snort added as an optional package +/- full dnssec - upgrade to httping 2.x broke - no sqm autotuning yet - neither snort nor dnscrypt tested If you are not experiencing problems with wifi or with heartbleed there are few reasons to update to this release. I wanted to note to those that use sysupgrade without a clean reflash, in that the /etc/opkg.conf file is not re-written in this case, and still points to the old repository. If you wish to install additional packages after an inplace upgrade, you will have to also update /etc/opkg.conf to point to the right place. --=20 Dave T=C3=A4ht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_= indecent.article