CONTENTS DELETED
The author has deleted this message.
|
Administrator
|
First, use the latest fw_upgrade script version that forces TLS1.0 connections and above: http://itus.accessinnov.com/Update-script-fw-upgrade-td43.html
Second, update your openSSL version to 1.0.2g: In /etc/opkg.conf add these lines at the end: arch cn70xx 100 arch octeon 200 arch all 300 Download the new version from here: https://downloads.openwrt.org/chaos_calmer/15.05/octeon/generic/packages/base/openssl-util_1.0.2g-1_octeon.ipk Update it: opkg install ../openssl-util_1.0.2g-1_octeon.ipk
Running the latest OpenWrt stable release
|
Hi
I followed you instructions and get the following .ipk was download to root and run with opkg install ../openssl-util_1.0.2g-1_octeon.ipk from root bin overlay dev proc etc ramfs include rom init root lib sbin lib64 sys lost+found tmp mnt usr openssl-util_1.0.2g-1_octeon.ipk var opt www root@Shield:/# opkg install ../openssl-util_1.0.2g-1_octeon.ipk Installing openssl-util (1.0.2g-1) to root... Configuring openssl-util. Collected errors: * resolve_conffiles: Existing conffile /etc/ssl/openssl.cnf is different from the conffile in the new package. The new conffile will be placed at /etc/ssl/openssl.cnf-opkg. root@Shield:/# cd etc/ root@Shield:/etc# cd ssl root@Shield:/etc/ssl# ls certs openssl.cnf openssl.cnf-opkg private what do i have to do now or is this ok roadrunnere42 |
This post was updated on .
I tried the same steps but stuck right now. openssl.cnf-opkg and openssl.cnf are exactly the same according to a file compare now I am getting root@Shield:/etc/ssl# openvpn Usage message not available root@Shield:/etc/ssl# openvpn --help Usage message not available root@Shield:/etc/ssl# openvpn version Options error: In [CMD-LINE]:1: Error opening configuration file: version Use --help for more information. root@Shield:/etc/ssl# openssl -ash: openssl: not found I made the change in my active shield - not my sandbox Any way to restore it (besides factory reset)? root@Shield:/etc/ssl# openssl OpenSSL> version OpenSSL 1.0.2d 9 Jul 2015 OpenSSL> help openssl:Error: 'help' is an invalid command. Standard commands asn1parse ca ciphers cms crl ....
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
CONTENTS DELETED
The author has deleted this message.
|
Administrator
|
Odd. You don't get that unless the files are different. Here is that file on my box: openssl.cnf
You shouldn't have to downgrade, just reinstall it again. Delete the new .cnf-opkg file, it may conflict. Try the force reinstall option switch and reinstall: opkg install --force-reinstall
Running the latest OpenWrt stable release
|
This is what is happening: root@Shield:/etc/ssl# mv openssl.cnf openssl.cnf__ root@Shield:/etc/ssl# cd / root@Shield:/# opkg install --force-reinstall openssl-util_1.0.2g-1_octeon.ipk No packages removed. Installing openssl-util (1.0.2g-1) to root... Configuring openssl-util. root@Shield:/# openssl -ash: openssl: not found it is not the path root@Shield:/# env SSH_CLIENT=x.x.x.x 1235 22 USER=root SHLVL=1 OLDPWD=/etc/ssl HOME=/root SSH_TTY=/dev/pts/0 PS1=\u@\h:\w\$ LOGNAME=root TERM=xterm PATH=/usr/bin:/usr/sbin:/bin:/sbin SHELL=/bin/ash PWD=/ SSH_CONNECTION=x.x.x.y 1235 x.x.x.x 22
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Administrator
|
What are you getting on this?
opkg info openssl-util
Running the latest OpenWrt stable release
|
CONTENTS DELETED
The author has deleted this message.
|
In reply to this post by user8446
I removed the file as you said and ran the following
opkg install --force-reinstall ./openssl-util_1.0.2g-1_octeon.ipk No packages removed. Installing openssl-util (1.0.2g-1) to root... Collected errors: * check_data_file_clashes: Package openssl-util wants to install file /usr/bin/openssl But that file is already provided by package * ohns * opkg_install_cmd: Cannot install package openssl-util. I then ran opkg info openssl-util Package: openssl-util Version: 1.0.2g-1 Depends: libc, libopenssl Status: install prefer,user not-installed Architecture: octeon Conffiles: /etc/ssl/openssl.cnf 06baa8f15992bacd3e5b113cd571d828c0 so am i running 1.02g-1 already roadrunnere42 |
This is what I got on a 1.51SP1 clean (!) router-mode shield: root@Shield:/# cat /etc/opkg.conf dest root / dest ram /tmp lists_dir ext /var/opkg-lists option overlay_root /overlay src/gz chaos_calmer_base http://downloads.openwrt.org/chaos_calmer/15.05-rc3/octeon/generic/packages/base src/gz chaos_calmer_luci http://downloads.openwrt.org/chaos_calmer/15.05-rc3/octeon/generic/packages/luci src/gz chaos_calmer_management http://downloads.openwrt.org/chaos_calmer/15.05-rc3/octeon/generic/packages/management src/gz chaos_calmer_packages http://downloads.openwrt.org/chaos_calmer/15.05-rc3/octeon/generic/packages/packages src/gz chaos_calmer_routing http://downloads.openwrt.org/chaos_calmer/15.05-rc3/octeon/generic/packages/routing src/gz chaos_calmer_telephony http://downloads.openwrt.org/chaos_calmer/15.05-rc3/octeon/generic/packages/telephony # src/gz chaos_calmer_targets http://downloads.openwrt.org/chaos_calmer/15.05-rc3/octeon/generic/packages/targets #option check_signature 1 arch cn70xx 100 arch octeon 200 arch all 300 root@Shield:/# openssl version OpenSSL 1.0.2d 9 Jul 2015 root@Shield:/# curl -k https://downloads.openwrt.org/chaos_calmer/15.05/octeon/generic/packages/base/openssl-util_1.0.2g-1_octeon.ipk -o openssl-util_1.0.2g-1_octeon.ipk % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 188k 100 188k 0 0 119k 0 0:00:01 0:00:01 --:--:-- 120k root@Shield:/# ls -al drwxr-xr-x 17 root root 4096 Nov 26 03:01 . drwxr-xr-x 17 root root 4096 Nov 26 03:01 .. drwxr-xr-x 2 root root 4096 Nov 26 03:01 bin drwxr-xr-x 5 root root 11280 Nov 26 03:00 dev drwxrwxr-x 26 root root 4096 Nov 26 03:01 etc drwxr-xr-x 3 root root 4096 Nov 26 03:01 include -rwxrwxr-x 1 root root 1647 May 4 2015 init drwxr-xr-x 12 root root 4096 Nov 10 05:39 lib lrwxrwxrwx 1 root root 3 Nov 26 03:01 lib64 -> lib drwx------ 2 root root 16384 Nov 26 03:01 lost+found drwxr-xr-x 2 root root 4096 May 4 2015 mnt -rw-r--r-- 1 root root 193192 Nov 26 03:01 openssl-util_1.0.2g-1_octeon.ipk dr-xr-xr-x 73 root root 0 Jan 1 1970 proc drwxrwxr-x 2 root root 4096 Nov 26 03:01 rom drwxr-xr-x 2 root root 4096 May 4 2015 root drwxr-xr-x 2 root root 4096 Nov 26 03:01 sbin dr-xr-xr-x 11 root root 0 Jan 1 1970 sys drwxrwxrwt 18 root root 480 Nov 26 03:01 tmp drwxr-xr-x 8 root root 4096 Aug 20 03:18 usr lrwxrwxrwx 1 root root 4 Nov 26 03:01 var -> /tmp drwxrwxr-x 6 root root 4096 Nov 26 03:01 www root@Shield:/# opkg install ./openssl-util_1.0.2g-1_octeon.ipk root@Shield:/# openssl version OpenSSL 1.0.2d 9 Jul 2015 root@Shield:/# env SHLVL=2 OLDPWD=/overlay HOME=/root PS1=\u@\h:\w\$ TERM=linux serial#=my_sandbox PATH=/usr/bin:/usr/sbin:/bin:/sbin numcores=2 PWD=/ root@Shield:/# env root@Shield:/# opkg install ./openssl-util_1.0.2g-1_octeon.ipk Upgrading openssl-util on root from 1.0.2a-0 to 1.0.2g-1... Configuring openssl-util. root@Shield:/# openssl version /bin/ash: openssl: not found root@Shield:/# opkg install --force-reinstall ./openssl-util_1.0.2g-1_octeon.ipk No packages removed. Installing openssl-util (1.0.2g-1) to root... Collected errors: * check_data_file_clashes: Package openssl-util wants to install file /usr/bin/openssl But that file is already provided by package * o_Velho * opkg_install_cmd: Cannot install package openssl-util. root@Shield:/# openssl version /bin/ash: openssl: not found
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Administrator
|
In that case a --force-overwrite should do the trick.
Running the latest OpenWrt stable release
|
This post was updated on .
OpenSSL has been updated to 1.0.2h due to vulnerabilities in prior versions...
The Chaos Calmer repo has not been updated yet.
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
|
Administrator
|
You can now get 1.0.2h in the snapshot openwrt repo:
https://downloads.openwrt.org/snapshots/trunk/octeon/generic/packages/base/openssl-util_1.0.2h-1_octeon.ipk
Running the latest OpenWrt stable release
|
Thanks - installed very quickly and simply for me:
root@Shield:/tmp/ramdisk# opkg install openssl-util_1.0.2h-1_octeon.ipk Upgrading openssl-util on root from 1.0.2g-1 to 1.0.2h-1... Configuring openssl-util. root@Shield:/tmp/ramdisk# opkg info openssl-util Package: openssl-util Version: 1.0.2h-1 Depends: libc, libopenssl Status: install user installed Architecture: octeon Conffiles: /etc/ssl/openssl.cnf 06baa8f15992bacd3e5b113cd571d828c0 Installed-Time: 1462973213
OpenWrt SNAPSHOT, r10391-3d8d528939
|
In reply to this post by Wisiwyg
Hi Wisiwyg
very easy to upgrade and thanks for the reminder roadrunnere42 |
Free forum by Nabble | Edit this page |