Firmware-update: FreshTomato 2025.5
FreshTomato versie 2025.5 is uitgekomen. FreshTomato is van Tomato afgeleide firmware voor verschillende op Arm of MIPS gebaseerde routers van Asus, D-Link, Huawei, Linksys, Netgear, Tenda en Xiaomi. Het kan gezien worden als de voortzetting van 'Tomato by Shibby' sinds deze ontwikkelaar, MichaĆ Rupental, zijn tijd aan andere projecten wil besteden. De FreshTomato-firmware voegt ten opzichte van de originele firmware van de fabrikant diverse extra opties toe, zoals een realtime-bandbreedtemonitor en uitgebreide instelmogelijkheden. De firmware is beschikbaar voor routers met een Arm- of MIPS-cpu.
Changes in version 2025.5Warning: due to changes in the naming of some nvram variables, users of PPTP Client should review their settings.openssl: update to 3.0.18openvpn: update to 2.6.17tor: update to 0.4.8.21php: update to 8.3.28pcre2: update to 10.47nginx: update to 1.29.4libxml2: update to 2.15.1sqlite: update to 3.51.1adminer: update to adminneo-5.2.1libcurl: update to 8.17.0nano: update to 8.7iperf: update to 3.20dnsmasq: update to v2.92rc3libpng: update to 1.6.53tinc: update to 1.1pre18-242-g940d15c4meson: update to 1.10.0libjpeg-turbo: update to 3.1.3dropbear: update to 2025.89GUI: Port Forwarding: Basic: fix sort by Int AddressGUI: Admin: SNMP: add 'Name' and 'Description' fieldsGUI: status-overview.asp - Only displaying unsecured WiFi warning in AP modeAdd Bridge Gateway Isolation + UI (IPv4 only atm), IPv6 bridge isolation, and IPv6-aware advanced-access.aspImproved IPv6 supportIPv6 (DHCPv6 with PD): add option to adjust Identity Association for Non-temporary Addresses ID and Identity Association for Prefix Delegation IDbuild: e2fsprogs: tune recipe, add patch to make libmagic optionalbuild: also install ebtables-restorebuild: add update overlayadblock: delay start by 10 seconds on router restart/rebootmymotd: add date of build and by whoKill-Switch: introduce and use a helper script to add FQDNs to the firewall if they're not added immediately on FW restartopenssl-1.1: add fix for CVE-2025-9230openvpn: vpnrouting.sh: do not restart routing here, it will be reloaded anyway when restarting the firewallOpenVPN/kill-switch/adblock-v2/mwwatchdog: add to nvram and use default IP (Cloudflare) for connection checkinghttpd: upgrade.c: only copy needed images on upgradeothers: switch4g: refactoring, simplifying and shortening taking into account the specifics of sh in busyboxothers: switch3g: refactoring, simplifying and shortening taking into account the specifics of sh in busyboxothers: mwwatchdog: refactoring, simplifying and shortening taking into account the specifics of sh in busyboxothers: mwwatchdog: fix operator precedence bug that could add cron job when mwan_cktime=0rc: fix modprobe ip_set orderrc: move BUF_SIZE definition to shared.hrc: dnsmasq.c: fix DNSSEC regression (in 2025.4): "Revert use SIGHUP instead of mistakenly used SIGINT in reload_dnsmasq()"rc: firewall.c: increase hitcount limit for remote GUI accessrc: network.c: do_static_routes(): fix typo in 9de506a (close #156)rc: openvpn.c: fix buffer size in ovpn_setup_watchdog() (close #150)rc: openvpn.c: add error handling for fopen(), fappend(), opendir() and chdir(); more loggingrc: openvpn.c: do not remove OVPN_DNS_DIR directory when client stopsrc: openvpn.c: add error message when tunnel interface cannot be createdrc: openvpn.c: fix interface name in ovpn_setup_watchdog()rc: openvpn.c: fix off-by-one error in start_ovpn_eas()rc: rc.c: add more loggingrc: rc.c: kill_switch(): do not add rules if given WAN is disabledrc: rc.c: kill_switch(): make the function independent of run_vpn_firewall_scripts()rc: rc.c: kill_switch(): validate IPv4 or IPv4 range before adding it; also (finally) fix adding IPv4 range as "From Source IP" typerc: rc.c: kill_switch(): integrate with firewall to eliminate leaksrc: rc.c: fix to ipv6_enabled()rc: wan.c: move start_adblock() downrc: wireguard.c: fix a small leak on fopen error in wg_build_routingrc: wireguard.c: add error handling for fappend() in wg_quick_iface()rc: wireguard.c: add error handling for fopen() in wg_set_iface_privkey() and wg_set_peer_psk()rc: wireguard.c: fix several memory leaksrc: wireguard.c: use proper buffer as fwmark in wg_set_iface_fwmark()rc: wireguard.c: fix args order in wg_remove_peer(); cosmeticrc: wireguard.c: reset file pointer to beginning before adding domains not found in filerc: wireguard.c: fix bad logic and memory leak in wg_route_peer_allowed_ips()rc: wireguard.c: add error handling for fappend() in write_wg_dnsmasq_config(); add more loggingrc: wireguard.c: use strdup() safely; cosmeticrom: update mullvad.net DOH serversrom: update CA bundle to 2025-12-02rom: add new dnsmasq anchorshared: misc.c: iterate over MWAN_MAX to get WAN string/numbershared: misc.c: get rid of TCONFIG_MULTIWAN and iterate over MWAN_MAX/BRIDGE_COUNTshared: misc.c: increase ifnames buffer size depending on bridge countwww: add to the header of each page information about a new firmware version ready for downloadwww: convert spin icon from gif to svgwww: use only one asp script to manage upgrade/reboot/restoring defaultswww: admin-snmp.asp: remove whitespaces from 'Allowed Remote IP Address'www: admin-snmp.asp: better handle 'Allowed Remote IP Address'www: basic-ipv6.asp: adjust/extend Commit b49bf16 (Improved IPv6 support) and remove IAID configuration option againwww: saved.asp: get rid of unnecessary waiting when saving configuration on Admin -> Access when the httpd daemon starts up faster than the countdown indicateswww: about.asp: reorganize pagewww: tomato.js: fix adding range of IPswww: tomato.js: searchOUI: use '--no-check-certificate' in wget if the image is built without stubbywww: advanced-mac.asp fixed typo LLA vs. LAA button and noteswww: vpn-wireguard.asp: fix error display on "Routing Policy" tab; cosmeticwww: vpn-wireguard.asp: copy values from the fields on savewww: vpn-wireguard.asp: never hide Routing Policy tablewww: vpn-client.asp: never hide Routing Policy table
Warning: due to changes in the naming of some nvram variables, users of PPTP Client should review their settings.openssl: update to 3.0.18openvpn: update to 2.6.17tor: update to 0.4.8.21php: update to 8.3.28pcre2: update to 10.47nginx: update to 1.29.4libxml2: update to 2.15.1sqlite: update to 3.51.1adminer: update to adminneo-5.2.1libcurl: update to 8.17.0nano: update to 8.7iperf: update to 3.20dnsmasq: update to v2.92rc3libpng: update to 1.6.53tinc: update to 1.1pre18-242-g940d15c4meson: update to 1.10.0libjpeg-turbo: update to 3.1.3dropbear: update to 2025.89GUI: Port Forwarding: Basic: fix sort by Int AddressGUI: Admin: SNMP: add 'Name' and 'Description' fieldsGUI: status-overview.asp - Only displaying unsecured WiFi warning in AP modeAdd Bridge Gateway Isolation + UI (IPv4 only atm), IPv6 bridge isolation, and IPv6-aware advanced-access.aspImproved IPv6 supportIPv6 (DHCPv6 with PD): add option to adjust Identity Association for Non-temporary Addresses ID and Identity Association for Prefix Delegation IDbuild: e2fsprogs: tune recipe, add patch to make libmagic optionalbuild: also install ebtables-restorebuild: add update overlayadblock: delay start by 10 seconds on router restart/rebootmymotd: add date of build and by whoKill-Switch: introduce and use a helper script to add FQDNs to the firewall if they're not added immediately on FW restartopenssl-1.1: add fix for CVE-2025-9230openvpn: vpnrouting.sh: do not restart routing here, it will be reloaded anyway when restarting the firewallOpenVPN/kill-switch/adblock-v2/mwwatchdog: add to nvram and use default IP (Cloudflare) for connection checkinghttpd: upgrade.c: only copy needed images on upgradeothers: switch4g: refactoring, simplifying and shortening taking into account the specifics of sh in busyboxothers: switch3g: refactoring, simplifying and shortening taking into account the specifics of sh in busyboxothers: mwwatchdog: refactoring, simplifying and shortening taking into account the specifics of sh in busyboxothers: mwwatchdog: fix operator precedence bug that could add cron job when mwan_cktime=0rc: fix modprobe ip_set orderrc: move BUF_SIZE definition to shared.hrc: dnsmasq.c: fix DNSSEC regression (in 2025.4): "Revert use SIGHUP instead of mistakenly used SIGINT in reload_dnsmasq()"rc: firewall.c: increase hitcount limit for remote GUI accessrc: network.c: do_static_routes(): fix typo in 9de506a (close #156)rc: openvpn.c: fix buffer size in ovpn_setup_watchdog() (close #150)rc: openvpn.c: add error handling for fopen(), fappend(), opendir() and chdir(); more loggingrc: openvpn.c: do not remove OVPN_DNS_DIR directory when client stopsrc: openvpn.c: add error message when tunnel interface cannot be createdrc: openvpn.c: fix interface name in ovpn_setup_watchdog()rc: openvpn.c: fix off-by-one error in start_ovpn_eas()rc: rc.c: add more loggingrc: rc.c: kill_switch(): do not add rules if given WAN is disabledrc: rc.c: kill_switch(): make the function independent of run_vpn_firewall_scripts()rc: rc.c: kill_switch(): validate IPv4 or IPv4 range before adding it; also (finally) fix adding IPv4 range as "From Source IP" typerc: rc.c: kill_switch(): integrate with firewall to eliminate leaksrc: rc.c: fix to ipv6_enabled()rc: wan.c: move start_adblock() downrc: wireguard.c: fix a small leak on fopen error in wg_build_routingrc: wireguard.c: add error handling for fappend() in wg_quick_iface()rc: wireguard.c: add error handling for fopen() in wg_set_iface_privkey() and wg_set_peer_psk()rc: wireguard.c: fix several memory leaksrc: wireguard.c: use proper buffer as fwmark in wg_set_iface_fwmark()rc: wireguard.c: fix args order in wg_remove_peer(); cosmeticrc: wireguard.c: reset file pointer to beginning before adding domains not found in filerc: wireguard.c: fix bad logic and memory leak in wg_route_peer_allowed_ips()rc: wireguard.c: add error handling for fappend() in write_wg_dnsmasq_config(); add more loggingrc: wireguard.c: use strdup() safely; cosmeticrom: update mullvad.net DOH serversrom: update CA bundle to 2025-12-02rom: add new dnsmasq anchorshared: misc.c: iterate over MWAN_MAX to get WAN string/numbershared: misc.c: get rid of TCONFIG_MULTIWAN and iterate over MWAN_MAX/BRIDGE_COUNTshared: misc.c: increase ifnames buffer size depending on bridge countwww: add to the header of each page information about a new firmware version ready for downloadwww: convert spin icon from gif to svgwww: use only one asp script to manage upgrade/reboot/restoring defaultswww: admin-snmp.asp: remove whitespaces from 'Allowed Remote IP Address'www: admin-snmp.asp: better handle 'Allowed Remote IP Address'www: basic-ipv6.asp: adjust/extend Commit b49bf16 (Improved IPv6 support) and remove IAID configuration option againwww: saved.asp: get rid of unnecessary waiting when saving configuration on Admin -> Access when the httpd daemon starts up faster than the countdown indicateswww: about.asp: reorganize pagewww: tomato.js: fix adding range of IPswww: tomato.js: searchOUI: use '--no-check-certificate' in wget if the image is built without stubbywww: advanced-mac.asp fixed typo LLA vs. LAA button and noteswww: vpn-wireguard.asp: fix error display on "Routing Policy" tab; cosmeticwww: vpn-wireguard.asp: copy values from the fields on savewww: vpn-wireguard.asp: never hide Routing Policy tablewww: vpn-client.asp: never hide Routing Policy table
Source:
Tweakers.net