[Cerowrt-devel] cerowrt-3.10.36-6 released

Dave Taht dave.taht at gmail.com
Sat Apr 19 16:01:41 EDT 2014

+ felix's wifi patch for bug #442 added
   please break wifi.

+ debloat qlens reduced again to 12 for be and bk wifi queues
+ heartbleed fix from -3 forward

I note that nearly every "secured"-by-openssl network facing daemon has been
shown vulnerable to heartbleed. The hole in openvpn bit *me*, in
particular. I've updated, rekeyed and re-certified the vpns I have in
place, and you should too for any openvpn servers and clients you have

It was a real PITA for me, and I only had a few boxes on it.

For more details, see: http://community.openvpn.net/openvpn/wiki/heartbleed

For more details on the daemons potentially affected by heartbleed in
cerowrt, openwrt, and others, see the advisory at:


+ resync with openwrt
   notably there were updates to netifd, and a fix for a strongswan CVE

+ dnscrypt added as an optional package (thx stephen walker and "mailjoe")
+ snort added as an optional package

+/- full dnssec
- upgrade to httping 2.x broke
- no sqm autotuning yet
- neither snort nor dnscrypt tested

If you are not experiencing problems with wifi or with heartbleed
there are few reasons to update to this release.

I wanted to note to those that use sysupgrade without a clean reflash,
in that the
/etc/opkg.conf file is not re-written in this case, and still points
to the old repository.
If you wish to install additional packages after an inplace upgrade,
you will have
to also update /etc/opkg.conf to point to the right place.

Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article

More information about the Cerowrt-devel mailing list