Voxel Custom firmware build for R7800 v. 1.0.2.97SF

[Voxel]

Continuation of

. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-95sf.79173/
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-96sf.79813/

New version of my custom firmware build: 1.0.2.97SF.

Changes (vs 1.0.2.96SF):

1. Toolchain: GCC is upgraded 12.1.0->12.2.0.
2. Toolchain: binutils version is upgraded 2.38->2.39.
3. Toolchain: Go is upgraded 1.18.4->1.18.5.
4. libxml2 package is upgraded 2.9.14->2.10.0 (fixing CVE-2022-2309, score 7.5, High).

https://nvd.nist.gov/vuln/detail/CVE-2022-2309​

5. DNSCrypt Proxy v.2 is upgraded 2.1.1->2.1.2.
6. unbound package (used in stubby) is upgraded 1.16.1->1.16.2.
7. getdns package (used in stubby) is upgraded 1.7.0->1.7.2.
8. lz4 package is upgraded 1.9.3->1.9.4.
9. proftpd package is upgraded 1.3.7d->1.3.7e.
10. util-linux package is upgraded 2.38->2.38.1.
11. nano package is upgraded 6.3->6.4.
12. tcpdump: add UPX packing.
13. Default congestion control algorithm is changed to 'illinois'.
14. Remove 'fbwifi' utility.
15. Host tools: upgrade mkimage/u-boot to 2022.07.
16. Host tools: upgrade xz to 5.2.6.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.

 

[Rouvax]

Installed upgrade, so far so good no issue.

 

[StarCaller]

Like always, works perfekt!
I'm just wondering what's the reason you switched the default congestion control to 'Illinois'?

 

[Luizk]

thank you so much

 

[LeKeiser]

New firmware installed. So far, so good. I'm not surprised
Thanx a LOT @Voxel again and again and again

 

[Voxel]

I'm just wondering what's the reason you switched the default congestion control to 'Illinois'?

Oh, you know, I'm sick with covid right now, it works on my head, that's why 'illinois'...

P.S.
In all seriousness, 'illinois' (vs others congestion control algorithms) shows slightly more stable results in my test cable and wireless environment. Just a little bit.

Voxel.

 

[kokishin]

@Voxel

Just installed 97sf.

No fuss, no muss. It just works!

As always, thanks!

 

[NetBytes]

@Voxel
Thank you very much.

 

[Kitsap]

Dirty update from v1.0.2.96SF via an Ethernet connection with Firefox on Windows 10.

Smooth update with no "older firmware" warning. So far so good.

@Voxel Thank you!

 

[LeKeiser]

Hello everyone

Everything Is working great but I still have :

"V1.0.2.97SF (2022-08-21) (Voxel). Kamoj Add-on:220714-121533-5.5b26. New Voxel Release:Not found/slow Internet"

I've had that before but it would disappear over time. Not this time though. Any thoughts ?

Thanx for your insights

EDIT : and the warning disapeared this morning. I haven't done anything. So it's cool

 

[romanstardust]

Are there any plans to add WPA3 to the R7800 in the future? OpenWRT seems to support it on this model and so does the Synology router which is based on similar hardware

 

[scooter2765]

Awesome Thanks Voxel!

 

[Remy561]

Another smooth upgrade, thank you! <3

 

[zabolots]

This is my first time doing an in-place upgrade of Voxel firmware. Is it normal/expected to lose the SSH key setup done in the previous version and to have to re-do the setssh process with a USB stick to get my personal keys installed?

 

[microchip]

This is my first time doing an in-place upgrade of Voxel firmware. Is it normal/expected to lose the SSH key setup done in the previous version and to have to re-do the setssh process with a USB stick to get my personal keys installed?

Yes, a firmware upgrade wipes out almost everything on the flash partitions

 

[fossil]

This is my first time doing an in-place upgrade of Voxel firmware. Is it normal/expected to lose the SSH key setup done in the previous version and to have to re-do the setssh process with a USB stick to get my personal keys installed?

If you prepared the usb stick as per instructions mentioned in voxel's readme using setssh.tar. You can automate this process by keeping the usb stick plugged into the router. It will copy files/keys on next firmware upgrade automatically.

post-mount.sh script in setsssh.tar copies files/keys to the router only if they do not exist on the router.

 

[zabolots]

post-mount.sh script in setsssh.tar copies files/keys to the router only if they do not exist on the router.

This is not correct. The script checks to see if the files to be copied exist on the flash drive and, if so, copies them to the correct location on the router. Here's a little snippet from the script:

# Copy ECDSA dropbear server private key
if [ -f /tmp/mnt/$1/dropbear_ecdsa_host_key ]; then
        cp -p -f /tmp/mnt/$1/dropbear_ecdsa_host_key /etc/dropbear
        chown root.root /etc/dropbear/dropbear_ecdsa_host_key
        chmod 0600 /etc/dropbear/dropbear_ecdsa_host_key
fi

So while you are correct that leaving the flash drive plugged in should update things automatically after the next FW upgrade, it will also update them any time the autorun script is executed (ever reboot perhaps?).

 

[fossil]

This is not correct. The script checks to see if the files to be copied exist on the flash drive and, if so, copies them to the correct location on the router. Here's a little snippet from the script:

# Copy ECDSA dropbear server private key
if [ -f /tmp/mnt/$1/dropbear_ecdsa_host_key ]; then
        cp -p -f /tmp/mnt/$1/dropbear_ecdsa_host_key /etc/dropbear
        chown root.root /etc/dropbear/dropbear_ecdsa_host_key
        chmod 0600 /etc/dropbear/dropbear_ecdsa_host_key
fi

Thanks for the correction. I looked at the post-mount.sh script that I use. I added those checks in that script to only copy files to the router if they do not exist or different, there are many ways for doing this.

This is the one I use:

# Copy Router SSH Key
if [[ -f /tmp/mnt/$1/keys/authorized_keys -a ! -d /root/.ssh ]]; then
    mkdir /root/.ssh
    cp -p -f /tmp/mnt/$1/keys/authorized_keys /root/.ssh
    chown root.root /root/.ssh/authorized_keys
    chmod 0600 /root/.ssh/authorized_keys
fi

# Copy ECDSA Dropbear Private Host Key
if [ -f /tmp/mnt/$1/keys/dropbear_ecdsa_host_key ]; then
    if ! diff -q /tmp/mnt/$1/keys/dropbear_ecdsa_host_key /etc/dropbear/dropbear_ecdsa_host_key >/dev/null; then
        cp -p -f /tmp/mnt/$1/keys/dropbear_ecdsa_host_key /etc/dropbear
        chown root.root /etc/dropbear/dropbear_ecdsa_host_key
        chmod 0600 /etc/dropbear/dropbear_ecdsa_host_key
    fi
fi

# Copy RSA Dropbear Private Host Key
if [ -f /tmp/mnt/$1/keys/dropbear_rsa_host_key ]; then
    if ! diff -q /tmp/mnt/$1/keys/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key >/dev/null; then
        cp -p -f /tmp/mnt/$1/keys/dropbear_rsa_host_key /etc/dropbear
        chown root.root /etc/dropbear/dropbear_rsa_host_key
        chmod 0600 /etc/dropbear/dropbear_rsa_host_key
    fi
fi

# Copy ECDSA Dropbear Public Key
if [ -f /tmp/mnt/$1/keys/ssh_host_ecdsa_key.pub ]; then
    if ! diff -q /tmp/mnt/$1/keys/ssh_host_ecdsa_key.pub /etc/dropbear/ssh_host_ecdsa_key.pub >/dev/null; then
        cp -p -f /tmp/mnt/$1/keys/ssh_host_ecdsa_key.pub /etc/dropbear
        chown root.root /etc/dropbear/ssh_host_ecdsa_key.pub
        chmod 0644 /etc/dropbear/ssh_host_ecdsa_key.pub
    fi
fi

# Copy RSA Dropbear Public Key
if [ -f /tmp/mnt/$1/keys/ssh_host_rsa_key.pub ]; then
    if ! diff -q /tmp/mnt/$1/keys/ssh_host_rsa_key.pub /etc/dropbear/ssh_host_rsa_key.pub >/dev/null; then
        cp -p -f /tmp/mnt/$1/keys/ssh_host_rsa_key.pub /etc/dropbear
        chown root.root /etc/dropbear/ssh_host_rsa_key.pub
        chmod 0644 /etc/dropbear/ssh_host_rsa_key.pub
    fi
fi

So while you are correct that leaving the flash drive plugged in should update things automatically after the next FW upgrade, it will also update them any time the autorun script is executed (ever reboot perhaps?).

Yes default script updates files at every reboot.

 

[Voxel]

SnapShot version 1.0.2.97.1SF is available:

1. Toolchain: Go is upgraded 1.18.5->1.18.6.
2. Toolchain: GDB is upgraded 11.2->12.1.
3. OpenSSL 1.0.2u: add patches to fix CVE-2020-1971/CVE-2021-23841/CVE-2021-3712/CVE-2022-0778:

https://nvd.nist.gov/vuln/detail/CVE-2020-1971​

(score 5.9, Medium)​

https://nvd.nist.gov/vuln/detail/CVE-2021-23841​

(score 5.9, Medium)​

https://nvd.nist.gov/vuln/detail/CVE-2021-3712​

(score 7.4, High)​

https://nvd.nist.gov/vuln/detail/CVE-2022-0778​

(score 7.5, High)​

4. curl package is upgraded 7.84.0->7.85.0.
5. libxml2 package is upgraded 2.10.0->2.10.1.
6. ethtool package is upgraded 5.18->5.19.

Voxel.

 

[Kitsap]

Dirty update from v1.0.2.97SF to v1.0.2.97.1SF via an Ethernet connection with Firefox on Windows 10.

Smooth update with no "older firmware" warning. So far so good.

@Voxel Thank you!