[Release] Asuswrt-Merlin 384.9 is now available

[bitmonster]

Read the changelog, thanks! I'll sit back and wait a bit to see how it's working for others, this looks like a major update. Anyone using the 86u and how's it working so far? Little concerned about this IPS event logging bug but as Merlin says, it 'should' still be working. That looks like the most significant issue so far?

Also, the perpetual question (sorry if asked a thousand times already) - any update from Asus re: AIMesh?

 

[JohnSmith]

Upgrade AC3100 from V384.9_beta1 to V384.9_Final, via dirty flash. All appears to be working, except for the following ASUS issue (NOT RMerlin's, as noted in his Changelog), that was re-introduced for the AC3100 in V384.9 Alpha builds, and still present in Final build (last known working firmware for Networkmap listing for AC3100 was V384.8_2 Final).

• Networkmap listing may be unreliable. (Bug in Asus's code) - RMerlin's Changelog

 

[consorts]

Networkmap listing may be unreliable. (Bug in Asus's code) - RMerlin's Changelog

if the asus code since 384.9.x has this reporting issue,

then why bother updating past 384.8_2 ?

i mean everything else i use on my ac3100 seems to be working fine.

 

[skeal]

if the asus code since 384.9.x has this reporting issue,

then why bother updating past 384.8_2 ?

i mean everything else i use on my ac3100 seems to be working fine.

Do what you want. I update for security and function.

 

[JohnSmith]

if the asus code since 384.9.x has this reporting issue,

then why bother updating past 384.8_2 ?

i mean everything else i use on my ac3100 seems to be working fine.

The reason to update from V384.8_2 As per Merlin's Changelog:

384.9 (2-Feb-2019)
o Other models: Merged GPL 384_45149.

The security updates included in Build 45149 from ASUS, in my opinion, far outweigh the networkmap listing issue....

Security
- Fixed CVE-2018-14710, CVE-2018-14711, CVE-2018-14712, CVE-2018-14713, CVE-2018-14714. Thanks for Rick Ramgattie's contribution.
- Fixed AiCloud/ Samba account vulnerability. Thanks for Matthew Cundari's contribution.
- Fixed DoS vulnerability. Thanks for Ruikai Liu's contribution.
- Fixed CVE-2018-17020, CVE-2018-17021, CVE-2018-17022.
- Fixed stored XSS vulnerability. Thanks for Duda Przemyslaw's contribution.
- Updated OpenSSL library.

 

[MDM]

Upgraded from 384.9_beta1 to 384.9 as follows: dirty flash, saved config, initialized, and restored config.
All good except known issues; and same as beta weird issue if network monitoring (DNS query and/or ping) values changed from default, I have no more internet (red light, connection down warning...).

 

[skeal]

I wrote a script for backing up files and nvram customizations. Perhaps you can modify and run it for yours.
Change myusbdrive to yours.
Change the backup directory to yours.
Change the list of files.
Change the list of nvram variables.
Make the script executable "chmod 755 mybackup.sh"
Run it "./mybackup.sh"

# cat mybackup.sh
#!/bin/sh
#
umask 022
myusbdrive="/tmp/mnt/SamsungT5"
mybackupdir=${myusbdrive}/backup
#
for myfile in ${myusbdrive}/entware/etc/stubby/stubby.yml ${myusbdrive}/entware/share/diversion/list/blacklist ${myusbdrive}/entware/share/diversion/list/wc_blacklist ${myusbdrive}/entware/share/diversion/list/whitelist /jffs/scripts/dnsmasq.postconf
do
        echo "==============================================================================================="
        ls -la ${myfile}
        cp ${myfile} ${mybackupdir}
        echo "#"
        echo "Copied ${myfile} to ${mybackupdir}"
done
#
for mynvram in custom_clientlist dhcp_staticlist sshd_authkeys
do
        echo "==============================================================================================="
        nvram get ${mynvram}
        nvram get ${mynvram} > ${mybackupdir}/${mynvram}
        echo "#"
        echo "Backed up nvram variable ${mynvram} to ${mybackupdir}/${mynvram}"
done
echo "==============================================================================================="
#

If all goes well, then I can copy the backups to the Samba share directory where I can copy to my Windows laptop.
The syntax to restore an nvram variable is, from the directory of the backup:

nvram set variable="`cat variablefile`"
nvram commit

Hey my friend I'm trying to run this on my AC3100 but I get these two errors:

/jffs/scripts/mybackup.sh: umask: line 3: illegal mode: 022
/jffs/scripts/mybackup.sh: line 8: syntax error: unexpected word (expecting "do")

 

[skeal]

Hey my friend I'm trying to run this on my AC3100 but I get these two errors:

/jffs/scripts/mybackup.sh: umask: line 3: illegal mode: 022
/jffs/scripts/mybackup.sh: line 8: syntax error: unexpected word (expecting "do")

The second error is weird because line 8 does have "do".

Edit: I don't want to hijack this thread can you please pm me?

 

[tiko]

I cannot seem to be able to update my AC87U from the 384.9beta to the final, i have redownloaded the file several times and tried but no luck. My AC68U did upgrade just fine

 

[unsynaps]

FIXED: Cannot upload JFFS backup on HND models

THANK YOU
This has been a bug in my butt for a long while now.

 

[taffeys]

Do what you want. I update for security and function.

If a manufacturer forces me to choose between enhanced security with reduced (from advertised and expected) functionality and reduced security with acceptable functionality I believe it is time to seek another solution from a more competent provider. ASUS is a very good hardware manufacturer; it appears they are no longer a very good software/firmware provider. And sadly, Eric is no longer able to help correct their shortcomings and outright errors. There are many alternative solutions out there. Looks like I am being forced by ASUS to move away from an all-in-one solution from them, I have the hardware to do so and the software is easily sourced so that is what I am now pursuing.

 

[consorts]

security updates included in Build 45149 from ASUS

understood, i hadn't realized asus had not put out more security patches since august,

and that merlin had caught up with the december security update so quickly, thanks

i'll just have to set aside extra time on the off chance i'll have to rebuild all over again.

 

[Frankflash]

If a manufacturer forces me to choose between enhanced security with reduced (from advertised and expected) functionality and reduced security with acceptable functionality I believe it is time to seek another solution from a more competent provider. ASUS is a very good hardware manufacturer; it appears they are no longer a very good software/firmware provider. There are many alternate solutions out there. Looks like I am being forced by ASUS to move away from an all-in-one solution from them, I have the hardware to do so and the software is easily sourced so that is what I am now pursuing.

you are write firmware is not as good as it used to be edge router firmware is way better and miles a head than asus is and its starting to show it broadcom are just as bad and part of the problem

 

[galen2]

That page lists everything that is tracked by the Trend Micro DPI engine, I have no control over what it tracks.

Then your new code on that tab with the list of conections for people with iptv is a no way, because makes the tab freeze 99% time and works 1%, only way to see something is set autorefresh to no refresh and u have 2-3sg to do that because passed that time again freeze 20sg and how that setting is not saved if u go again to the tab again is 30sg freeze first time and them 3sg working and 20sg freeze and 3sg working 20 freeze... if i cant filter the 200/300 connections that my iptv have all time (that list show as untraked) that list is usseless because freeze the tab, can u set one option to disable it?

I flashed again 384.8_2 because i can see that tab properly without freezes.

 

[Deleted member 62525]

Read the changelog, thanks! I'll sit back and wait a bit to see how it's working for others, this looks like a major update. Anyone using the 86u and how's it working so far? Little concerned about this IPS event logging bug but as Merlin says, it 'should' still be working. That looks like the most significant issue so far?

Also, the perpetual question (sorry if asked a thousand times already) - any update from Asus re: AIMesh?

Installed this morning on my 86U and it works perfectly. I have AMTM, diversion and skynet running, VPN client and QoS. Getting very good performance and stable for 10 hours. I like this release. No issues to report.

 

[Frankflash]

If a manufacturer forces me to choose between enhanced security with reduced (from advertised and expected) functionality and reduced security with acceptable functionality I believe it is time to seek another solution from a more competent provider. ASUS is a very good hardware manufacturer; it appears they are no longer a very good software/firmware provider. And sadly, Eric is no longer able to help correct their shortcomings and outright errors. There are many alternate solutions out there. Looks like I am being forced by ASUS to move away from an all-in-one solution from them, I have the hardware to do so and the software is easily sourced so that is what I am now pursuing.

yeap and asus dont care one little bit how good their firmware is they should just stick to making mother boards etc

 

[bitmonster]

yeap and asus dont care one little bit how good their firmware is they should just stick to making mother boards etc

Isn't this the whole point of Merlin? I thought it overcame many of the limitations or flaws.

Yes it looks like Asus and Broadcom have dropped the ball in some areas but that's not Merlin's fault. Still a great solution even with the flaws.

I'll sit tight for a little and watch before upgrading, although reports are good so far, so thanks to Merlin!

 

[taffeys]

yeap and asus dont care one little bit how good their firmware is they should just stick to making mother boards etc

Just to be clear, I am not here to bash ASUS. I have been purchasing ASUS hardware since they first entered the US market. Their hardware has always been 1st-class (except for the RT-AC87U). I'm just very disappointed with their current support, or lack of, for their wireless router platforms. I really believe they are no longer capable of effectively supporting all the platforms they have in the global market. D-link hit that point a very long time ago with really poor hardware too. For me it is just a sad situation that I am now forced to confront.

 

[bitmonster]

Upgrade AC3100 from V384.9_beta1 to V384.9_Final, via dirty flash. All appears to be working, except for the following ASUS issue (NOT RMerlin's, as noted in his Changelog), that was re-introduced for the AC3100 in V384.9 Alpha builds, and still present in Final build (last known working firmware for Networkmap listing for AC3100 was V384.8_2 Final).

• Networkmap listing may be unreliable. (Bug in Asus's code) - RMerlin's Changelog

Is this impacting all devices or just the AC3100? If so, then there should be no issue upgrading my 86u.

 

[taffeys]

Isn't this the whole point of Merlin? I thought it overcame many of the limitations or flaws.

Yes it looks like Asus and Broadcom have dropped the ball in some areas but that's not Merlin's fault. Still a great solution even with the flaws.

I'll sit tight for a little and watch before upgrading, although reports are good so far, so thanks to Merlin!

As I said it is all on ASUS and the closed-source issues that Merlin cannot correct or fix like he used to be able to do. Merlin can only fix what he has access to; the current flaws are inexcusable in my opinion and Merlin cannot correct them. I fully support Eric's efforts but ASUS has really failed with the current firmware releases, in my opinion.