Not sure why you'd want to inject possible issues or recommend this, but to each their own. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Mar 15, 2023 14:54 Post subject:
yep no idea why Entware switched from 1.1.1s to 3.0.8-2 otherwise with Stubby/GetDNS, things are working...ok, I need to test DNScrypt-proxy v2xx too, but later..
Sadly Entware updates are Synch with OpenWRT in regards to updates...so, no idea why they switched those versions...for 1.1.1s and than for 1.1.1t i put a request long time ago https://github.com/Entware/Entware/issues/909 (just changed the versions)..
new 3.1.0 came yesterday, so may be things are fixed..but sadly Entware remains under-updated..
p.s. 3.0.8-2 was patched to 3.0.8-2a shorty after... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Sat Mar 18, 2023 11:46; edited 1 time in total
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Wed Mar 15, 2023 16:24 Post subject:
Debian 11 with current security patches / updates
Code:
user@sandie:~$ ssh -V
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
Next release will be v 3.0.x openssl for Debian, it seems. To clarify version of openssl above, it's "1.1.1n-0+deb11u3". Debian has a long history of patching packages, but not necessarily updating the version number.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Wed Mar 15, 2023 19:57 Post subject:
kernel-panic69 wrote:
Debian 11 with current security patches / updates
Code:
user@sandie:~$ ssh -V
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
Next release will be v 3.0.x openssl for Debian, it seems. To clarify version of openssl above, it's "1.1.1n-0+deb11u3". Debian has a long history of patching packages, but not necessarily updating the version number.
yep my Parrot (debian fork) is also still on 1.1.1n patched, it seems Entware also picked
v 3.0.8-2 openssl instead of 3.1.0 or even 1.1.1t ... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Wed Mar 15, 2023 20:27 Post subject:
The only 'Debian' box I have that has current upstream version / patched Debian packages installed is running Progeny and a Linux 3.x.x kernel. Original kernel was 2.2.x and a revival to Progeny 2.0 development ending in release candidates included 2.4 and 2.6 kernels, and eventually led to Progeny 3.0 preview release versions with the 2.6 kernel.
Progeny begat Ubuntu (and probably other Debian-based componentized distros). It was Ian Murdock's idea of combining the Anaconda (RedHat) installer and Debian, more or less. Quite honestly, what Canonical did ... well, I don't want to set this forum on fire with my opinion, lol. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Thu Mar 16, 2023 2:39 Post subject:
Aforementioned PC running a heavily hacked version of Progeny 3.0-Preview 2 is not Internet-aware, but managed to bump ssh version to latest:
Code:
user@morpheus:~$ ssh -V
OpenSSH_9.3p1 Debian-1, OpenSSL 1.1.1t 7 Feb 2023
It originally started life as a Pentium III-500 and is now on last-gen Pentium 4 hardware. SATA SSDs make life better. And you thought you ran old ass dog hardware, @mrjcd _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
It originally started life as a Pentium III-500 and is now on last-gen Pentium 4 hardware. SATA SSDs make life better. And you thought you ran old ass dog hardware, @mrjcd
yeahuh that's kinda old stuff
SSDs do make things better/faster ...I run a few of them
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Sat Mar 25, 2023 12:32 Post subject:
mrjcd wrote:
yeahuh that's kinda old stuff
SSDs do make things better/faster ...I run a few of them
Unlike spinning hard disks, you need to power on SSDs periodically, or the data would vanish.
Traditional hard disks might still have the problem of bit rot.
30-May-2023 OpenSSL 1.1.1u is now available, including bug and security fixes
I also tried to contact Entware guys to update if possible...(i guess we have to wait for it) _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 08 May 2018 Posts: 14249 Location: Texas, USA
Posted: Sun Jun 04, 2023 11:54 Post subject:
You're welcome. I'm pretty sure I'm not the only person who emailed Sebastian, but I definitely was quite hesitant about it considering past responses to such emails. Please be considerate of others, thanks. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sun Jun 04, 2023 12:26 Post subject:
kernel-panic69 wrote:
You're welcome. I'm pretty sure I'm not the only person who emailed Sebastian, but I definitely was quite hesitant about it considering past responses to such emails. Please be considerate of others, thanks.
I didn't want to email him, nor i posted at the SVN, like some others do...
Just decided to use the old thread..instead...and it worked out (magic)
and yes, it may require some testing before the public build is out..
have a wonderful day !
DDWRT
OpenSSL is updated to 1.1.1u
Entware updated too, despite they dont run the very last OpenSSL they claimed the patch came form OpenWRT synch ... 3.0.8-9 (well that was quick) thanks to all !!!
Upgrading libopenssl on root from 3.0.8-2a to 3.0.8-9...
Downloading https://bin.entware.net/armv7sf-k3.2/libopenssl_3.0.8-9_armv7-3.2.ipk _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913