1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Custom firmware build for R9000 v. 1.0.4.32HF

Discussion in 'NETGEAR AC Wireless' started by Voxel, Jul 18, 2019.

Tags:
  1. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,329
    Continuation of:

    https://www.snbforums.com/threads/custom-firmware-build-for-r9000.40125/
    . . .
    https://www.snbforums.com/threads/custom-firmware-build-for-r9000-v-1-0-4-30hf-1-0-4-30hf-hw.56653/
    https://www.snbforums.com/threads/custom-firmware-build-for-r9000-v-1-0-4-31hf-1-0-4-31-1hf.56941/

    New version of my custom firmware build: 1.0.4.32HF.

    Changes (vs 1.0.4.31.1HF):

    1. Kernel vulnerability: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 are fixed.
    2. yaml package (used in stubby) is upgraded 0.2.1->0.2.2.
    3. liblz4 package is upgraded 1.8.3->1.9.1.
    4. util-linux package is upgraded 2.33.1->2.34.
    5. sysstat package is upgraded 11.6.4->12.0.5.
    6. gdbm package is upgraded 1.11->1.18.1.
    7. uClibc: sync with GNU C library patch is added.
    8. zlib package is optimized.
    9. Host tools: three components are upgraded (bison, mpfr, scons).

    The link is:

    https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

    P.S. Main accent of this release is fixing CVE-2019-11477, CVE-2019-11478, CVE-2019-11479. The rest is maintenance movement (keeping up-to-date).

    Voxel.
     
    ecsjjgg, vladlenas, farenheit and 6 others like this.
  2. kc6108

    kc6108 Regular Contributor

    Joined:
    Jan 23, 2012
    Messages:
    119
    Location:
    Kansas, USA
    @Voxel

    Netgear just released a hotfix for the R9000. Did they simply patch the same security vulnerabilities as you?

    link:
    R9000 Firmware Version 1.0.4.36 - Hot Fix

    Here are the release notes for your viewing pleasure:

    Bug Fixes:
    • Fixes security vulnerability issues.
     
  3. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,329
    I do not know. NG is not very informative in release notes. And there are no GPL sources:

    https://kb.netgear.com/2649/NETGEAR-Open-Source-Code-for-Programmers-GPL

    Usually sources for beta are not published.

    See this thread re how to test CVE fixing:

    https://www.snbforums.com/threads/netgear-r7800-firmware-1-0-2-63-beta-hot-fix.57430/#post-505104

    Voxel.
     
  4. farenheit

    farenheit Regular Contributor

    Joined:
    Jul 11, 2018
    Messages:
    63
    Have I missed something recently as I've noticed there's no H/W version anymore?
    Would this be suitable with a VPN?

    Sent from my GM1903 using Tapatalk
     
  5. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,329
    HW version:
    https://www.snbforums.com/threads/c...-4-31hf-1-0-4-31-1hf.56941/page-2#post-503142

    Yes, sure.

    Voxel.
     
    farenheit likes this.
  6. sim akana

    sim akana New Around Here

    Joined:
    Aug 13, 2018
    Messages:
    3
    I appreciate Voxel efforts.

    After I update 1.0.4.32HF, vpncmon.sh does not work. I use it to check VPN connection. It reset the VPN connection every hour. I found there is no tun0 in /proc/net/dev. It is tun21.
     
  7. kc6108

    kc6108 Regular Contributor

    Joined:
    Jan 23, 2012
    Messages:
    119
    Location:
    Kansas, USA
    Thx for the link. The output doesn't contain "net.ipv4.tcp_min_snd_mss = 48" so the CVE fixes haven't been applied in this version... nor in the more recently (although with a smaller build/version number) released 1.0.4.34 firmware:

    R9000 Firmware Version 1.0.4.34

    Release Notes:

    New Features and Enhancements:

    • Updates the dynamic QoS database to v1.58
    Bug Fixes:

    • Fixes security vulnerability issues
     
  8. ecsjjgg

    ecsjjgg New Around Here

    Joined:
    Apr 10, 2014
    Messages:
    6
    I think that this firmware fixed my problems with uTorrent seeding from a Qnap Ts-451A NAS!

    I thought that this was a problem with the Qnap firmware I'm running (I run Qnap os v.4.4.1.0998 Public Beta 3 build 20190715)

    I would get a lot of errors on my seeding torrents, I have tried everything, I even upgraded my uTorrent client to the latest beta, but nothing helped...

    I have now been running your firmware for a couple of hours, and all my torrents just stay green, that means I am happy!

    Edit: I've now let it run for some more hours, and some of my seeding torrents were stopped, due to network error - cannot read file... So I guess i have to research this error even more....
     
    Last edited: Jul 27, 2019
  9. Starrbuck

    Starrbuck Regular Contributor

    Joined:
    Aug 6, 2011
    Messages:
    64
    Location:
    DFW, TX
    @Voxel : Any idea why this happens? I used a flash drive to enable ssh then switched to a hard drive for optware. It's mounted to sdb1 but in reality it's sda1.

    Code:
    [email protected]:~$ mount
    ...
    /dev/sda1 on /tmp/mnt/sdb1 type ext4 (rw,nodev,noatime,nobarrier,data=writeback)
    
    [email protected]:~$ ls -l /tmp/mnt
    lrwxrwxrwx    1 root     root            4 Jul 17 10:49 optware -> sdb1
    drwxr-xr-x    5 root     root         4096 Aug  2 17:57 sdb1
     
  10. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,329
    It is design of NG related to Plex mediaserver. I.e Plex disk should be always mounted to the point (e.g. to /mnt/sda1) as it was mounted first time. Some Plex specific. In general attached USB drive could be either /dev/sda1 or /dev/sdb1 (random). But it is bad for Plex such randomization.


    Voxel.
     
  11. Starrbuck

    Starrbuck Regular Contributor

    Joined:
    Aug 6, 2011
    Messages:
    64
    Location:
    DFW, TX
    So, basically, working as designed? No way to change the mismatch?
     
  12. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,329
    Yes such design.

    To change there should be some manual cleaning work. Remove all USB drives (temporary). Then (if I am not mistaken) you should clean the stored value in nvram. Check from telnet/ssh:

    Code:
    nvram get plex_select_usb
    
    You should e.g. remove or change this value.

    And check this file: /tmp/plexmediaserver/.usb_map_table. As far as I remember it is enough to remove this file.

    After this: reboot and insert your USB.

    Voxel.
     
    Starrbuck likes this.
  13. Starrbuck

    Starrbuck Regular Contributor

    Joined:
    Aug 6, 2011
    Messages:
    64
    Location:
    DFW, TX
    Thanks, this fixed it. I knew there had to be some values being saved somewhere and you knew exactly what they were! :)

    Code:
    rm -f /tmp/plexmediaserver/.usb_map_table
    nvram set plex_select_usb=
    nvram commit
    reboot
    
    [email protected]:~$ mount
    ...
    /dev/sda1 on /tmp/mnt/sda1 type ext4 (rw,nodev,noatime,nobarrier,data=writeback)
    
    [email protected]:~$ ls -l /tmp/mnt
    lrwxrwxrwx    1 root     root            4 Jul 17 13:49 optware -> sda1
    drwxr-xr-x    6 root     root         4096 Aug  2 22:07 sda1
     
    anhrzg and Voxel like this.
  14. Bockrocker

    Bockrocker New Around Here

    Joined:
    Aug 18, 2019
    Messages:
    1
    Voxel, Gar and kamoj like this.
  15. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,329
    OK.

    Voxel.
     
    kamoj likes this.