What's new

Custom firmware build for R9000 v. 1.0.4.32HF

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Voxel

Part of the Furniture
Continuation of:

https://www.snbforums.com/threads/custom-firmware-build-for-r9000.40125/
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-v-1-0-4-30hf-1-0-4-30hf-hw.56653/
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-v-1-0-4-31hf-1-0-4-31-1hf.56941/

New version of my custom firmware build: 1.0.4.32HF.

Changes (vs 1.0.4.31.1HF):

1. Kernel vulnerability: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 are fixed.
2. yaml package (used in stubby) is upgraded 0.2.1->0.2.2.
3. liblz4 package is upgraded 1.8.3->1.9.1.
4. util-linux package is upgraded 2.33.1->2.34.
5. sysstat package is upgraded 11.6.4->12.0.5.
6. gdbm package is upgraded 1.11->1.18.1.
7. uClibc: sync with GNU C library patch is added.
8. zlib package is optimized.
9. Host tools: three components are upgraded (bison, mpfr, scons).

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

P.S. Main accent of this release is fixing CVE-2019-11477, CVE-2019-11478, CVE-2019-11479. The rest is maintenance movement (keeping up-to-date).

Voxel.
 
@Voxel

Netgear just released a hotfix for the R9000. Did they simply patch the same security vulnerabilities as you?

link:
R9000 Firmware Version 1.0.4.36 - Hot Fix

Here are the release notes for your viewing pleasure:

Bug Fixes:
  • Fixes security vulnerability issues.

I do not know. NG is not very informative in release notes. And there are no GPL sources:

https://kb.netgear.com/2649/NETGEAR-Open-Source-Code-for-Programmers-GPL

Usually sources for beta are not published.

See this thread re how to test CVE fixing:

https://www.snbforums.com/threads/netgear-r7800-firmware-1-0-2-63-beta-hot-fix.57430/#post-505104

Voxel.
 
Have I missed something recently as I've noticed there's no H/W version anymore?

HW version:
https://www.snbforums.com/threads/c...-4-31hf-1-0-4-31-1hf.56941/page-2#post-503142

Would this be suitable with a VPN?
Yes, sure.

I did intensive testing about months ago with iperf on the test stand with 1Gbps connection of my OpenVPN server to R9000 WAN port. And non-HW version is faster. The reason of this I think is specific of R9000 crypto device (it is PCI device, so bottleneck is RAM<->PCI).

Voxel.
 
I appreciate Voxel efforts.

After I update 1.0.4.32HF, vpncmon.sh does not work. I use it to check VPN connection. It reset the VPN connection every hour. I found there is no tun0 in /proc/net/dev. It is tun21.
 
I do not know. NG is not very informative in release notes. And there are no GPL sources:

https://kb.netgear.com/2649/NETGEAR-Open-Source-Code-for-Programmers-GPL

Usually sources for beta are not published.

See this thread re how to test CVE fixing:

https://www.snbforums.com/threads/netgear-r7800-firmware-1-0-2-63-beta-hot-fix.57430/#post-505104

Voxel.

Thx for the link. The output doesn't contain "net.ipv4.tcp_min_snd_mss = 48" so the CVE fixes haven't been applied in this version... nor in the more recently (although with a smaller build/version number) released 1.0.4.34 firmware:

R9000 Firmware Version 1.0.4.34

Release Notes:

New Features and Enhancements:

  • Updates the dynamic QoS database to v1.58
Bug Fixes:

  • Fixes security vulnerability issues
 
I think that this firmware fixed my problems with uTorrent seeding from a Qnap Ts-451A NAS!

I thought that this was a problem with the Qnap firmware I'm running (I run Qnap os v.4.4.1.0998 Public Beta 3 build 20190715)

I would get a lot of errors on my seeding torrents, I have tried everything, I even upgraded my uTorrent client to the latest beta, but nothing helped...

I have now been running your firmware for a couple of hours, and all my torrents just stay green, that means I am happy!

Edit: I've now let it run for some more hours, and some of my seeding torrents were stopped, due to network error - cannot read file... So I guess i have to research this error even more....
 
Last edited:
@Voxel : Any idea why this happens? I used a flash drive to enable ssh then switched to a hard drive for optware. It's mounted to sdb1 but in reality it's sda1.

Code:
root@R9000:~$ mount
...
/dev/sda1 on /tmp/mnt/sdb1 type ext4 (rw,nodev,noatime,nobarrier,data=writeback)

root@R9000:~$ ls -l /tmp/mnt
lrwxrwxrwx    1 root     root            4 Jul 17 10:49 optware -> sdb1
drwxr-xr-x    5 root     root         4096 Aug  2 17:57 sdb1
 
@Voxel : Any idea why this happens? I used a flash drive to enable ssh then switched to a hard drive for optware. It's mounted to sdb1 but in reality it's sda1.

Code:
root@R9000:~$ mount
...
/dev/sda1 on /tmp/mnt/sdb1 type ext4 (rw,nodev,noatime,nobarrier,data=writeback)

root@R9000:~$ ls -l /tmp/mnt
lrwxrwxrwx    1 root     root            4 Jul 17 10:49 optware -> sdb1
drwxr-xr-x    5 root     root         4096 Aug  2 17:57 sdb1

It is design of NG related to Plex mediaserver. I.e Plex disk should be always mounted to the point (e.g. to /mnt/sda1) as it was mounted first time. Some Plex specific. In general attached USB drive could be either /dev/sda1 or /dev/sdb1 (random). But it is bad for Plex such randomization.


Voxel.
 
So, basically, working as designed? No way to change the mismatch?
 
So, basically, working as designed? No way to change the mismatch?
Yes such design.

To change there should be some manual cleaning work. Remove all USB drives (temporary). Then (if I am not mistaken) you should clean the stored value in nvram. Check from telnet/ssh:

Code:
nvram get plex_select_usb

You should e.g. remove or change this value.

And check this file: /tmp/plexmediaserver/.usb_map_table. As far as I remember it is enough to remove this file.

After this: reboot and insert your USB.

Voxel.
 
Thanks, this fixed it. I knew there had to be some values being saved somewhere and you knew exactly what they were! :)

Code:
rm -f /tmp/plexmediaserver/.usb_map_table
nvram set plex_select_usb=
nvram commit
reboot

root@R9000:~$ mount
...
/dev/sda1 on /tmp/mnt/sda1 type ext4 (rw,nodev,noatime,nobarrier,data=writeback)

root@R9000:~$ ls -l /tmp/mnt
lrwxrwxrwx    1 root     root            4 Jul 17 13:49 optware -> sda1
drwxr-xr-x    6 root     root         4096 Aug  2 22:07 sda1
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top