What's new

Voxel Custom firmware build for R9000/R8900 v. 1.0.4.61HF

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Voxel

Part of the Furniture
Continuation of:

https://www.snbforums.com/threads/custom-firmware-build-for-r9000.40125/
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-59hf.78320/
https://www.snbforums.com/threads/custom-firmware-build-for-r9000-r8900-v-1-0-4-60hf.78675/

New version of my custom firmware build: 1.0.4.61HF.

Changes (vs 1.0.4.60HF):

1. Toolchain: GCC is upgraded 11.3.0->12.1.0.
2. Toolchain: Go is upgraded 1.18.1->1.18.3.
3. OpenSSL v. 1.1.1 package is upgraded 1.1.1n->1.1.1o (fixing CVE-2022-1292, score 9.8, Critical).
4. libxml2 package is upgraded 2.9.13->2.9.14 (fixing CVE-2022-29824, score 6.5, Medium).
5. cifs-utils package is upgraded 6.14->6.15 (fixing CVE-2022-27239, score 7.8, High, CVE-2022-29869, score 5.3, Medium).
6. OpenVPN is upgraded 2.5.6->2.5.7.
7. unbound package (used in stubby) is upgraded 1.15.0->1.16.0.
8. curl package is upgraded 7.82.0->7.83.1.
9. libubox package is upgraded 2021-11-20->2022-05-15.
10. ubus package is upgraded 2022-02-28->2022-06-01.
11. libnl-tiny package is upgraded 2021-11-21->2022-05-17.
12. libiconv-full package is upgraded 1.16-1.17.
13. iw package is upgraded 5.16->5.19.
14. sysstat package is upgraded 12.5.6->12.6.0.
15. logrotate package is upgraded 3.19.0->3.20.1.
16. OpenSSL 0.9.8 package is upgraded 0.9.8p->0.9.8zg.
17. nano package is upgraded 6.2->6.3.
18. Slight boost adding '-ftree-vectorize' and '-fvect-cost-model=unlimited' flags to compilation options (speed up).
19. '-O3' optimization for part of kernel components (kernel level).
20. Kernel config: disable mouse/keyboard support.
21. Upgrade WebGUI LG_VERSION.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.
 
Hi Voxel

I am having an issue with OpenVPN and version 1.0.4.61HF

Upgraded from V 60HF (Kamoj addon V5.5b21) to V61 & Kamoj addon V5.5b24 and was unable to connect VPN (Surfshark) –(I also tried with another VPN provider in case it was something to do with Surfshark config). Kamoj Router info showed:

OpenVPN Clients Available: (7) Milan-84.17.58.136surfshark_openvpn_udp.ovpn, us-boston.prod.surfshark.comsurfshark_openvpn_udp.ovpn, London-5.226.139.225surfshark_openvpn_udp.ovpn, Rome-82.102.26.117surfshark_openvpn_udp.ovpn + 3 more

OpenVPN Client Status: Not started tun21. No .ovpn configuration found

After trying various things (including a complete clean reinstall) everything works OK with 1.0.4.60HF & Kamoj V5.5b21 & V5.5b24.

It seems that the upgrade of SSL may be the cause (my guess so may well be wrong)


Extracts from the V60 (Kamoj b24) session log show:

2022-06-12 15:04:05 OpenSSL: error:1012606B:lib(16):func(294):reason(107)

2022-06-12 15:04:05 OpenSSL: error:100AF010:lib(16):func(175):reason(16)

2022-06-12 15:04:05 OpenSSL: error:100AE081:lib(16):func(174):reason(129)

2022-06-12 15:04:05 OpenSSL: error:100C508D:lib(16):func(197):reason(141)

2022-06-12 15:04:05 OpenSSL: error:141A413A:lib(20):func(420):reason(314)

2022-06-12 15:04:05 TLS_ERROR: BIO read tls_read_plaintext error

2022-06-12 15:04:05 TLS Error: TLS object -> incoming plaintext read error

2022-06-12 15:04:05 TLS Error: TLS handshake failed

2022-06-12 15:04:05 SIGUSR1[soft,tls-error] received, process restarting

2022-06-12 15:04:05 Restart pause, 5 second(s)


(full session log attached. Can send you a comparison V60 Kamoj b24 session log if you need it)


Have reverted to V1.04.60HF with Kamoj addon V5.5b24 for now as I do not have the knowledge to take it any further


Thanks for all your work

Panner
 

Attachments

  • 20220612 Voxel V1.0.4.61HF Kamoj V5.5b24 VPN session log.pdf
    12.2 KB · Views: 90
SnapShot version V1.0.4.61.2HF:

1. Toolchain: add patch to uClibc to fix CVE-2022-30295, score 6.5, Medium (Use predictable DNS transaction IDs that may lead to DNS cache poisoning).
2. wireguard package is upgraded 1.0.20211208->1.0.20220627.
3. OpenSSL v. 1.1.1 package: change the compiler flag '-fvect-cost-model=unlimited'->'-fvect-cost-model=dynamic'.
4. OpenSSL v. 1.1.1 package is upgraded 1.1.1o->1.1.1p.
5. curl package is upgraded 7.83.1->7.84.0
6. iptables: add 'tee' support (iptables-mod-tee/kmod-ipt-tee packages).
7. ethtool package is upgraded 5.17->5.18.

Voxel.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top