What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

MerlinAU MerlinAU v1.4.8 - The Ultimate Firmware Auto-Updater (WEBUI + GNUTON SUPPORT!)

I think just managed to re-create your issue. Seems to actually be within the _CIDR_IPaddrBlockContainsIPaddr_ function.
I think it might be possible the function is failing due to integer overflows with 32-bit arithmetic? Will try to adjust for 64-bit arithmetic and using awk.

If that is correct it would be a similar issue to our cron-job "time calculator" we originally had some problems with.
Will investigate a bit more in the weeds now.

I am sorry to disappoint you, but script doesn't even hit this fuction at all - litterary. It finishes at the line, which I have written Yesterday at 8:12 PM. - leaving it empty and then hitting warning text return 1 bellow finishing _CheckWebGUILoginAccessOK_() function.

I am glad to see your code improvemnt in above mentioned function towards the math approach, and in the same sorry, that I was unable to persuade you to look earlier in the code.
 
I am sorry to disappoint you, but script doesn't even hit this fuction at all - litterary. It finishes at the line, which I have written Yesterday at 8:12 PM. - leaving it empty and then hitting warning text return 1 bellow finishing _CheckWebGUILoginAccessOK_() function.

I am glad to see your code improvemnt in above mentioned function towards the math approach, and in the same sorry, that I was unable to persuade you to look earlier in the code.

Do you still have a device pending an update to 3006?

Can you retest the Changelog function while your testing. Thanks!
 
Hi @kriukas

Please run this to test the latest version:
Code:
curl --retry 3 "https://raw.githubusercontent.com/ExtremeFiretop/MerlinAutoUpdate-Router/refs/heads/Fix-Web-Access-Restrictions/MerlinAU.sh" -o "/jffs/scripts/MerlinAU.sh" && chmod +x "/jffs/scripts/MerlinAU.sh"

Please report the results.
Hi dear @ExtremeFiretop,

I PM you the debug. As we both might be running in circles all this week long for no effect ;-)
 
Do you still have a device pending an update to 3006?

Sure. Woun't let it slip half-backed.

Can you retest the Changelog function while your testing. Thanks!

Yes. But don't know what was intended in 1st place...? Care some doc link to read? Wouln't want to guess for myself.

At his very moment:

1. Changelog loads. But still old one.
2. "Approve change" is dissabled&cleared and doesn't seem to enter any other state - enable-ticked, enable-empty. (Install script update - also). All 4 buttons - enabled - working = pop-ups confirmation dialogs on click.
3. Changelog text is now keyboard-enabled for navigation with UP/DOWN arrows (thus slowly). Page Up/Down still moves whole page contents in the dimmed background.
 
Sure. Woun't let it slip half-backed.

Leave it pending the jump from 3004 to 3006 until I fully digest your debug you sent me, I'm currently at the office and will check into it a bit later.

3. Changelog text is now keyboard-enabled for navigation with UP/DOWN arrows (thus slowly). Page Up/Down still moves whole page contents in the dimmed background.

Perfect happy to hear this is working for you. I'll investigate the fact that it grabs the old Changelog next
 
Leave it pending the jump from 3004 to 3006 until I fully digest your debug you sent me, I'm currently at the office and will check into it a bit later.



Perfect happy to hear this is working for you. I'll investigate the fact that it grabs the old Changelog next

Hi @kriukas

Find the below changes, the debug helped a lot.
1. Implemented code for the jump from 3004 to 3006 with the changelog function

1747794069424.png
1747794241325.png


2. Made some more changes related to web access restrictions; as you can see I now have it enabled, with large overlapping /12 ranges and it still detects it correctly.

1747794203396.png


Please test again and advise, sorry about the back and forth.
If this is still somehow an issue I'll call in the big guns that made that function originally @Martinski

And as you know I implemented the keyboard navigation for the changelog in the WebUI.
 
Last edited:
Hi @kriukas

Find the below changes, the debug helped a lot.
1. Implemented code for the jump from 3004 to 3006 with the changelog function

As I already gave the feedback. I can confirm:

1A. Changelog reading is completely OK both CLI and WebUI versions.
1B. Cannot tell anything about Changelog "approval" procedure, if there is one. I know nothing about that and don't want to guess without having a link to any king of the documentation, "how it should/must be implemented" POV.
2. F/W jump I will try ASAP, when we both agree to close any unfinished test scenarios, requiring "pending jump 3004=>3006" state.

2. Made some more changes related to web access restrictions; as you can see I now have it enabled, with large overlapping /12 ranges and it still detects it correctly.

View attachment 65886

Please test again and advise, sorry about the back and forth.
If this is still somehow an issue I'll call in the big guns that made that function originally @Martinski

With all due respect and gratefullness of the solution for Mr. @ExtremeFiretop, to anyone who it might concern, I can confirm that:

1. the "block", which negated my personal case, to set password, test login and get a success OK from the script test is lifted. SImply said - typical end-user with high probability will be allowed to proceed with flash when IP restricition are set and there is a least one rule covering its "home" subnet.

2. After actual F/W upgrade execution I will be able to ellaborate more.

3. To my best understanding, despite *current dev level* script implementation as non-blocker, script itself is inconsistent at determining the truthnes/falseness of router's LAN IP belonging to the mathematical set IPs, and one can easy find corner cases, when scripts thinks (and passes!) as OK, but is wrong.

All this section of functionality needs careful evaluation before dev=>stable approval.

And as you know I implemented the keyboard navigation for the changelog in the WebUI.

Working perfect, as I said.

I thought, that ChangeLog approvall will be implement in current-times "standard", when TOS / PRIVACY is only allowed to be accepted as "read", when user scrolls to the end of text.
 
As I already gave the feedback. I can confirm:

1A. Changelog reading is completely OK both CLI and WebUI versions.

Happy to hear this is working for you now with the jump from 3004 to 3006.

1B. Cannot tell anything about Changelog "approval" procedure, if there is one. I know nothing about that and don't want to guess without having a link to any king of the documentation, "how it should/must be implemented" POV.

Read the Wiki documentation starting at Question 11 and Question 12:

2. F/W jump I will try ASAP, when we both agree to close any unfinished test scenarios, requiring "pending jump 3004=>3006" state.

I thought thats what you just confirmed in 1A. above? Can you clarify what you mean?
This is the only thing I need you to test and have requested you test on your router pending the 3006 update.

With all due respect and gratefullness of the solution for Mr. @ExtremeFiretop, to anyone who it might concern, I can confirm that:

3. To my best understanding, despite *current dev level* script implementation as non-blocker, script itself is inconsistent at determining the truthnes/falseness of router's LAN IP belonging to the mathematical set IPs, and one can easy find corner cases, when scripts thinks (and passes!) as OK, but is wrong.

If it's a pass; then the script is not wrong; the script is actually logging into the WebUI and giving you a pass/fail result, the only bug would be if it thinks it's unable to login when it should be able too and pass.
But if it thinks it can login and it does; then the script is not wrong.

I thought, that ChangeLog approvall will be implement in current-times "standard", when TOS / PRIVACY is only allowed to be accepted as "read", when user scrolls to the end of text.

No. Find the Wiki link mentioned above
 
Read the Wiki documentation starting at Question 11 and Question 12:

OK, I missed that, and I am sorry for a newbie mistake - not reading FAQ :-(.

Without me guessing (I have oppinion), is upgrade from 3004 to 3006 considered a high risk or not?

I thought thats what you just confirmed in 1A. above? Can you clarify what you mean?
This is the only thing I need you to test and have requested you test on your router pending the 3006 update.

I meant, that the correct ChangeLog loading and reading is perfectly OK. As I have not understood C-L approval procedure from FAQ No. 12, I stayed on 3004 for now.

If it's a pass; then the script is not wrong; the script is actually logging into the WebUI and giving you a pass/fail result, the only bug would be if it thinks it's unable to login when it should be able too and pass.
But if it thinks it can login and it does; then the script is not wrong.

As I have mentioned - before - we are both right, but in different dimensions: yours beeing from end-user functionallity perhaps around 99,9% case,s me being correct from IP-binary-math's POV. Both can coexist peacifully until someone with exotic IP setup will jump in math's hole.
 
OK, I missed that, and I am sorry for a newbie mistake - not reading FAQ :-(.

Without me guessing (I have oppinion), is upgrade from 3004 to 3006 considered a high risk or not?

The high-risk phrases are listed in the FAQ but for reference I pasted them below:

  • features are disabled
  • factory default reset
  • break backward compatibility
  • must be manually
  • strongly recommended

So in short; if you open the changelog on your router on 3004 (pending the jump to 3006) and read the latest changelog release notes; do you see it say those exact phrases anywhere?
If so; then it's a bug and it should pause the update until you approve it.

Otherwise, if you do not see those "exact words in that order" (a.k.a those "phrases) in the changelog note; then the approval feature is working as expected and will remain DISABLED until it finds these "high-risk words / phrases"

I meant, that the correct ChangeLog loading and reading is perfectly OK. As I have not understood C-L approval procedure from FAQ No. 12, I stayed on 3004 for now.

Perfect. As long as the correct changelog is loading (3006) on your 3004 router; we can call this cased closed and another bug report solved.
But the fact is I think you were waiting on 3004 for the changelog "approval" feature which is not something I am investigating because there is no bug reports at this time.

As I have mentioned - before - we are both right, but in different dimensions: yours beeing from end-user functionallity perhaps around 99,9% case,s me being correct from IP-binary-math's POV. Both can coexist peacifully until someone with exotic IP setup will jump in math's hole.

No worries; the day that the web restrictions change we may need to change the script again, but in the world of "does it work now?" it seems like does; which is all I really care about honestly and truthfully.
 
Last edited:
OK, I missed that, and I am sorry for a newbie mistake - not reading FAQ :-(.

Without me guessing (I have oppinion), is upgrade from 3004 to 3006 considered a high risk or not?



I meant, that the correct ChangeLog loading and reading is perfectly OK. As I have not understood C-L approval procedure from FAQ No. 12, I stayed on 3004 for now.



As I have mentioned - before - we are both right, but in different dimensions: yours beeing from end-user functionallity perhaps around 99,9% case,s me being correct from IP-binary-math's POV. Both can coexist peacifully until someone with exotic IP setup will jump in math's hole.

So looking at your message here:


I can clearly see the router is doing a jump from 3004.388.8_4 to 3006.102.4
And looking at those changelogs for 3006.102.4 I do not see high-risk phrases, so the feature is working as expected.
However if you were jumping from 388_4 to 3006.102.1 or 3006.102.3 then it would have paused the update pending approval as those include the high risk phrase:

1747854645521.png
1747854650069.png
 
Current catch: CLI version - OK - EUT, WebUI - notorious EUT - which one will prevail? ;)

View attachment 65893

I can tell you for sure if there is no cron job it won't run and the webUI data is being mis-displayed.
But it is a good catch :) Thank you!
 
From the same opera cosmetical one: postponement bump 3 –> 30 d., WebUI EUT states the same:
61.png

EDIT: P.S. I get it, that until Update-Check doesn't execute, this calc won't either. Yet, some sleepless user/admin might get an unnecessary trigger...
 
Working tirelessly behind the scenes, I can personally confirm, that @ExtremeFiretop is excelent bug-catcher, and in mutual cooperation, the more we go into the forest - the more "trees" we get ;). Stay tuned...
From the same opera cosmetical one: postponement bump 3 –> 30 d., WebUI EUT states the same:
View attachment 65894

EDIT: P.S. I get it, that until Update-Check doesn't execute, this calc won't either. Yet, some sleepless user/admin might get an unnecessary trigger...
After latests @ExtremeFiretop dev changes, still from old opera another one cosmetical one on "new F/W update" (2nd in row) e-mail:

View attachment 65895

Hi @kriukas

Every single one of your 7 bug reports (listed below) have been resolved
  1. Added missing changelog patch from previous PR to force 3006 changelogs in an upgrade from 3004 to 3006
  2. Fix Web Access Restrictions by modifying the regex to accept subnets larger than /20
  3. Fix Web Access Restriction being unable to break out of that 8‑bit last‑octet for large /5 ranges for example.
  4. Fix Changelog Verification for firmware jumps from 3004 to 3006.. Previously only checks between 2 matching firmware versions, which won't exist between firmware jumps in changelog 388.8 and 3006.
    Also previously did not flatten the content so word wraps are missed such as:
    "any additionnal GN must be
    manually reconfigured."
  5. Set "Firmware Run Estimates" to TBD when disabling "built-in firmware update checks"
  6. Previously changing the postpone period in the WebUI did not correctly recalculate the new estimate flash time. Now we force it too.
  7. Fixed emails showing an estimated date when the "Enable Automatic F/W Update Checks" is DISABLED
In my latest PR: https://github.com/ExtremeFiretop/MerlinAutoUpdate-Router/pull/476
Not to mention your feature requests for the WebUI navigation.

Pending review and approval from @Martinski
 
Last edited:
Hi @kriukas
  1. Set "Firmware Run Estimates" to TBD when disabling "built-in firmware update checks"
  2. Previously changing the postpone period in the WebUI did not correctly recalculate the new estimate flash time. Now we force it too.
  3. Fixed emails showing an estimated date when the "Enable Automatic F/W Update Checks" is DISABLED
In my latest PR: https://github.com/ExtremeFiretop/MerlinAutoUpdate-Router/pull/476
Not to mention your feature requests for the WebUI navigation.

Pending review and approval from @Martinski

Dear @ExtremeFiretop , @Martinski.

Hope I wouldn't make Friday evening bad, but I was testing this latest Latest Commit - if I D/L the correct one. And here I am testing the GUI Workflow in both realms:

As I do not know the idea behind workflow (if there is one documented), I have found out (from my perspective only), that I do not know, what would happen; what in fact would take the priority:

A. Disregarding the "Changelog Approval" block and proceed immediatelly to the flash.

OR

B. There would be a Changelog block in effect, which would on the second step (choosing yY or OK), would cancel the flash?
B1. If this branch is taken in effect - then why does "ChangeLog Block" hasn't canceled/interrupted the "Run F/W Update Check Now" in the first place (like sub-net check)?


64.png


depending of the feedback, I would have an additional info.

EDIT: P.S. all this might be off-road from my side, as I do not know the design idea behind the workflow. Moderator may cancel this post anytime with PM about this. A short feedback message would be nice thought. Thanks!
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top