MerlinAU MerlinAU v1.4.8 - The Ultimate Firmware Auto-Updater (WEBUI + GNUTON SUPPORT!)

[kriukas]

I think just managed to re-create your issue. Seems to actually be within the _CIDR_IPaddrBlockContainsIPaddr_ function.
I think it might be possible the function is failing due to integer overflows with 32-bit arithmetic? Will try to adjust for 64-bit arithmetic and using awk.

If that is correct it would be a similar issue to our cron-job "time calculator" we originally had some problems with.
Will investigate a bit more in the weeds now.

I am sorry to disappoint you, but script doesn't even hit this fuction at all - litterary. It finishes at the line, which I have written Yesterday at 8:12 PM. - leaving it empty and then hitting warning text return 1 bellow finishing _CheckWebGUILoginAccessOK_() function.

I am glad to see your code improvemnt in above mentioned function towards the math approach, and in the same sorry, that I was unable to persuade you to look earlier in the code.

 

[ExtremeFiretop]

I am sorry to disappoint you, but script doesn't even hit this fuction at all - litterary. It finishes at the line, which I have written Yesterday at 8:12 PM. - leaving it empty and then hitting warning text return 1 bellow finishing _CheckWebGUILoginAccessOK_() function.

I am glad to see your code improvemnt in above mentioned function towards the math approach, and in the same sorry, that I was unable to persuade you to look earlier in the code.

Do you still have a device pending an update to 3006?

Can you retest the Changelog function while your testing. Thanks!

 

[kriukas]

Hi @kriukas

Please run this to test the latest version:

curl --retry 3 "https://raw.githubusercontent.com/ExtremeFiretop/MerlinAutoUpdate-Router/refs/heads/Fix-Web-Access-Restrictions/MerlinAU.sh" -o "/jffs/scripts/MerlinAU.sh" && chmod +x "/jffs/scripts/MerlinAU.sh"

Please report the results.

Hi dear @ExtremeFiretop,

I PM you the debug. As we both might be running in circles all this week long for no effect ;-)

 

[ExtremeFiretop]

Hi dear @ExtremeFiretop,

I PM you the debug. As we both might be running in circles all this week long for no effect ;-)

Yes that will be extremely helpful. Thank you.

 

[kriukas]

Do you still have a device pending an update to 3006?

Sure. Woun't let it slip half-backed.

Can you retest the Changelog function while your testing. Thanks!

Yes. But don't know what was intended in 1st place...? Care some doc link to read? Wouln't want to guess for myself.

At his very moment:

1. Changelog loads. But still old one.
2. "Approve change" is dissabled&cleared and doesn't seem to enter any other state - enable-ticked, enable-empty. (Install script update - also). All 4 buttons - enabled - working = pop-ups confirmation dialogs on click.
3. Changelog text is now keyboard-enabled for navigation with UP/DOWN arrows (thus slowly). Page Up/Down still moves whole page contents in the dimmed background.

 

[ExtremeFiretop]

Sure. Woun't let it slip half-backed.

Leave it pending the jump from 3004 to 3006 until I fully digest your debug you sent me, I'm currently at the office and will check into it a bit later.

3. Changelog text is now keyboard-enabled for navigation with UP/DOWN arrows (thus slowly). Page Up/Down still moves whole page contents in the dimmed background.

Perfect happy to hear this is working for you. I'll investigate the fact that it grabs the old Changelog next

 

[ExtremeFiretop]

Leave it pending the jump from 3004 to 3006 until I fully digest your debug you sent me, I'm currently at the office and will check into it a bit later.



Perfect happy to hear this is working for you. I'll investigate the fact that it grabs the old Changelog next

Hi @kriukas

Find the below changes, the debug helped a lot.
1. Implemented code for the jump from 3004 to 3006 with the changelog function

2. Made some more changes related to web access restrictions; as you can see I now have it enabled, with large overlapping /12 ranges and it still detects it correctly.

Please test again and advise, sorry about the back and forth.
If this is still somehow an issue I'll call in the big guns that made that function originally @Martinski

And as you know I implemented the keyboard navigation for the changelog in the WebUI.

 

[kriukas]

Hi @kriukas

Find the below changes, the debug helped a lot.
1. Implemented code for the jump from 3004 to 3006 with the changelog function

As I already gave the feedback. I can confirm:

1A. Changelog reading is completely OK both CLI and WebUI versions.
1B. Cannot tell anything about Changelog "approval" procedure, if there is one. I know nothing about that and don't want to guess without having a link to any king of the documentation, "how it should/must be implemented" POV.
2. F/W jump I will try ASAP, when we both agree to close any unfinished test scenarios, requiring "pending jump 3004=>3006" state.

2. Made some more changes related to web access restrictions; as you can see I now have it enabled, with large overlapping /12 ranges and it still detects it correctly.

View attachment 65886

Please test again and advise, sorry about the back and forth.
If this is still somehow an issue I'll call in the big guns that made that function originally @Martinski

With all due respect and gratefullness of the solution for Mr. @ExtremeFiretop, to anyone who it might concern, I can confirm that:

1. the "block", which negated my personal case, to set password, test login and get a success OK from the script test is lifted. SImply said - typical end-user with high probability will be allowed to proceed with flash when IP restricition are set and there is a least one rule covering its "home" subnet.

2. After actual F/W upgrade execution I will be able to ellaborate more.

3. To my best understanding, despite *current dev level* script implementation as non-blocker, script itself is inconsistent at determining the truthnes/falseness of router's LAN IP belonging to the mathematical set IPs, and one can easy find corner cases, when scripts thinks (and passes!) as OK, but is wrong.

All this section of functionality needs careful evaluation before dev=>stable approval.

And as you know I implemented the keyboard navigation for the changelog in the WebUI.

Working perfect, as I said.

I thought, that ChangeLog approvall will be implement in current-times "standard", when TOS / PRIVACY is only allowed to be accepted as "read", when user scrolls to the end of text.

 

[ExtremeFiretop]

As I already gave the feedback. I can confirm:

1A. Changelog reading is completely OK both CLI and WebUI versions.

Happy to hear this is working for you now with the jump from 3004 to 3006.

1B. Cannot tell anything about Changelog "approval" procedure, if there is one. I know nothing about that and don't want to guess without having a link to any king of the documentation, "how it should/must be implemented" POV.

Read the Wiki documentation starting at Question 11 and Question 12:

Home

Merlin(A)uto(U)pdate is a Merlin router script which allows you to remotely identify a stable firmware update for an ASUS Merlin router, and automatically download and update via an unattended meth...

github.com

2. F/W jump I will try ASAP, when we both agree to close any unfinished test scenarios, requiring "pending jump 3004=>3006" state.

I thought thats what you just confirmed in 1A. above? Can you clarify what you mean?
This is the only thing I need you to test and have requested you test on your router pending the 3006 update.

With all due respect and gratefullness of the solution for Mr. @ExtremeFiretop, to anyone who it might concern, I can confirm that:

3. To my best understanding, despite *current dev level* script implementation as non-blocker, script itself is inconsistent at determining the truthnes/falseness of router's LAN IP belonging to the mathematical set IPs, and one can easy find corner cases, when scripts thinks (and passes!) as OK, but is wrong.

If it's a pass; then the script is not wrong; the script is actually logging into the WebUI and giving you a pass/fail result, the only bug would be if it thinks it's unable to login when it should be able too and pass.
But if it thinks it can login and it does; then the script is not wrong.

I thought, that ChangeLog approvall will be implement in current-times "standard", when TOS / PRIVACY is only allowed to be accepted as "read", when user scrolls to the end of text.

No. Find the Wiki link mentioned above

 

[kriukas]

Read the Wiki documentation starting at Question 11 and Question 12:

Home

Merlin(A)uto(U)pdate is a Merlin router script which allows you to remotely identify a stable firmware update for an ASUS Merlin router, and automatically download and update via an unattended meth...

github.com

OK, I missed that, and I am sorry for a newbie mistake - not reading FAQ :-(.

Without me guessing (I have oppinion), is upgrade from 3004 to 3006 considered a high risk or not?

I thought thats what you just confirmed in 1A. above? Can you clarify what you mean?
This is the only thing I need you to test and have requested you test on your router pending the 3006 update.

I meant, that the correct ChangeLog loading and reading is perfectly OK. As I have not understood C-L approval procedure from FAQ No. 12, I stayed on 3004 for now.

If it's a pass; then the script is not wrong; the script is actually logging into the WebUI and giving you a pass/fail result, the only bug would be if it thinks it's unable to login when it should be able too and pass.
But if it thinks it can login and it does; then the script is not wrong.

As I have mentioned - before - we are both right, but in different dimensions: yours beeing from end-user functionallity perhaps around 99,9% case,s me being correct from IP-binary-math's POV. Both can coexist peacifully until someone with exotic IP setup will jump in math's hole.

 

[ExtremeFiretop]

OK, I missed that, and I am sorry for a newbie mistake - not reading FAQ :-(.

Without me guessing (I have oppinion), is upgrade from 3004 to 3006 considered a high risk or not?

The high-risk phrases are listed in the FAQ but for reference I pasted them below:

• features are disabled
• factory default reset
• break backward compatibility
• must be manually
• strongly recommended

So in short; if you open the changelog on your router on 3004 (pending the jump to 3006) and read the latest changelog release notes; do you see it say those exact phrases anywhere?
If so; then it's a bug and it should pause the update until you approve it.

Otherwise, if you do not see those "exact words in that order" (a.k.a those "phrases) in the changelog note; then the approval feature is working as expected and will remain DISABLED until it finds these "high-risk words / phrases"

I meant, that the correct ChangeLog loading and reading is perfectly OK. As I have not understood C-L approval procedure from FAQ No. 12, I stayed on 3004 for now.

Perfect. As long as the correct changelog is loading (3006) on your 3004 router; we can call this cased closed and another bug report solved.
But the fact is I think you were waiting on 3004 for the changelog "approval" feature which is not something I am investigating because there is no bug reports at this time.

As I have mentioned - before - we are both right, but in different dimensions: yours beeing from end-user functionallity perhaps around 99,9% case,s me being correct from IP-binary-math's POV. Both can coexist peacifully until someone with exotic IP setup will jump in math's hole.

No worries; the day that the web restrictions change we may need to change the script again, but in the world of "does it work now?" it seems like does; which is all I really care about honestly and truthfully.

 

[ExtremeFiretop]

OK, I missed that, and I am sorry for a newbie mistake - not reading FAQ :-(.

Without me guessing (I have oppinion), is upgrade from 3004 to 3006 considered a high risk or not?



I meant, that the correct ChangeLog loading and reading is perfectly OK. As I have not understood C-L approval procedure from FAQ No. 12, I stayed on 3004 for now.



As I have mentioned - before - we are both right, but in different dimensions: yours beeing from end-user functionallity perhaps around 99,9% case,s me being correct from IP-binary-math's POV. Both can coexist peacifully until someone with exotic IP setup will jump in math's hole.

So looking at your message here:

MerlinAU - MerlinAU v1.4.6 - The Ultimate Firmware Auto-Updater (WEBUI + GNUTON SUPPORT!)

Sorry, I missed tht memo. Its all good! No worries. Looking at the messaging it's not clear either that the script update function can work 2 ways. So I will probably adjust the wording as well , hopefully between that and the checkbox being grayed out it will make more sense why it auto...

www.snbforums.com

I can clearly see the router is doing a jump from 3004.388.8_4 to 3006.102.4
And looking at those changelogs for 3006.102.4 I do not see high-risk phrases, so the feature is working as expected.
However if you were jumping from 388_4 to 3006.102.1 or 3006.102.3 then it would have paused the update pending approval as those include the high risk phrase:

 

[kriukas]

Working tirelessly behind the scenes, I can personally confirm, that @ExtremeFiretop is excelent bug-catcher, and in mutual cooperation, the more we go into the forest - the more "trees" we get . Stay tuned...

 

[kriukas]

Current catch: CLI version - OK - EUT, WebUI - notorious EUT - which one will prevail?

 

[ExtremeFiretop]

Current catch: CLI version - OK - EUT, WebUI - notorious EUT - which one will prevail?

View attachment 65893

I can tell you for sure if there is no cron job it won't run and the webUI data is being mis-displayed.
But it is a good catch Thank you!

 

[kriukas]

I can tell you for sure if there is no cron job it won't run and the webUI data is being mis-displayed.
But it is a good catch Thank you!

I knew it and yet renamed .sh file just in case

 

[kriukas]

From the same opera cosmetical one: postponement bump 3 –> 30 d., WebUI EUT states the same:


EDIT: P.S. I get it, that until Update-Check doesn't execute, this calc won't either. Yet, some sleepless user/admin might get an unnecessary trigger...

 

[kriukas]

After latests @ExtremeFiretop dev changes, still from old opera another one cosmetical one on "new F/W update" (2nd in row) e-mail:

 

[ExtremeFiretop]

Working tirelessly behind the scenes, I can personally confirm, that @ExtremeFiretop is excelent bug-catcher, and in mutual cooperation, the more we go into the forest - the more "trees" we get . Stay tuned...

From the same opera cosmetical one: postponement bump 3 –> 30 d., WebUI EUT states the same:
View attachment 65894

EDIT: P.S. I get it, that until Update-Check doesn't execute, this calc won't either. Yet, some sleepless user/admin might get an unnecessary trigger...

After latests @ExtremeFiretop dev changes, still from old opera another one cosmetical one on "new F/W update" (2nd in row) e-mail:

View attachment 65895

Hi @kriukas

Every single one of your 7 bug reports (listed below) have been resolved

1. Added missing changelog patch from previous PR to force 3006 changelogs in an upgrade from 3004 to 3006
2. Fix Web Access Restrictions by modifying the regex to accept subnets larger than /20
3. Fix Web Access Restriction being unable to break out of that 8‑bit last‑octet for large /5 ranges for example.
4. Fix Changelog Verification for firmware jumps from 3004 to 3006.. Previously only checks between 2 matching firmware versions, which won't exist between firmware jumps in changelog 388.8 and 3006.
   Also previously did not flatten the content so word wraps are missed such as:
   "any additionnal GN must be
   manually reconfigured."
5. Set "Firmware Run Estimates" to TBD when disabling "built-in firmware update checks"
6. Previously changing the postpone period in the WebUI did not correctly recalculate the new estimate flash time. Now we force it too.
7. Fixed emails showing an estimated date when the "Enable Automatic F/W Update Checks" is DISABLED

In my latest PR: https://github.com/ExtremeFiretop/MerlinAutoUpdate-Router/pull/476
Not to mention your feature requests for the WebUI navigation.

Pending review and approval from @Martinski

 

[kriukas]

Hi @kriukas

1. Set "Firmware Run Estimates" to TBD when disabling "built-in firmware update checks"
2. Previously changing the postpone period in the WebUI did not correctly recalculate the new estimate flash time. Now we force it too.
3. Fixed emails showing an estimated date when the "Enable Automatic F/W Update Checks" is DISABLED

In my latest PR: https://github.com/ExtremeFiretop/MerlinAutoUpdate-Router/pull/476
Not to mention your feature requests for the WebUI navigation.

Pending review and approval from @Martinski

Dear @ExtremeFiretop , @Martinski.

Hope I wouldn't make Friday evening bad, but I was testing this latest Latest Commit - if I D/L the correct one. And here I am testing the GUI Workflow in both realms:

As I do not know the idea behind workflow (if there is one documented), I have found out (from my perspective only), that I do not know, what would happen; what in fact would take the priority:

A. Disregarding the "Changelog Approval" block and proceed immediatelly to the flash.

OR

B. There would be a Changelog block in effect, which would on the second step (choosing yY or OK), would cancel the flash?
B1. If this branch is taken in effect - then why does "ChangeLog Block" hasn't canceled/interrupted the "Run F/W Update Check Now" in the first place (like sub-net check)?

depending of the feedback, I would have an additional info.

EDIT: P.S. all this might be off-road from my side, as I do not know the design idea behind the workflow. Moderator may cancel this post anytime with PM about this. A short feedback message would be nice thought. Thanks!