TLSv1.2 for older ReadyNAS systems (RAIDiator 4.2.x & 5.x)

I was made aware of the fact that the last browser updates finally broke access to the ReadyNAS web UI on systems still running RAIDiator 4.x and 5.x. The problem is that the Apache web server on these boxes doesn’t support TLSv1.2 and all modern browsers by now have dropped support for anything below that. I already built a patch set with an updated version of Apache and an update OpenSSL package some two years ago but since I closed the add-on section for RAIDiator 4 and 5 on this web site they’re no longer accessible.

Since I don’t want to bring back the old parts of the web site I decided to put the patches on GitHub:

RAIDiator 4.2 TLSv1.2 update (x86 only)

RAIDiator 5 TLSv1.2 update (ARM)

Use at your own risk. They work for me – your mileage may vary. If you encounter any problems with these add-ons please report them in the “Issues” section on GitHub.

Note: If you do a factory reset or an OS reinstall you need to also install the update again.

Latest Samba updates from NTGR broken

First off: If you’re not updating your ReadyNAS from the command line you’re most likely not affected.
Also, if you never logged into your ReadyNAS using SSH, you’re most likely not affected.

However, if you’re updating your ReadyNAS from the SSH command line using something along the lines of apt update && apt full-upgrade chances are that you received the latest, broken updates to the samba packages, identified by the extension netgear4 to their version number.

This update by NTGR should provide a fix for CVE-2021-44142. However, in the process this fix seems to have broken the connection between the samba daemons and the central system daemon that monitors whether a service is running or not. As a result your SMB services won’t start anymore. Or to be more precise: they will start but since they can’t report back their status to systemd they’ll be killed again right away by systemd.

The quick fix

To fix this and revert to the old versions of samba without the broken fix you need to

  • log into your ReadyNAS using SSH as the user “root”
  • run the following command
    apt install samba=2:4.8.0-12.netgear3 \
    samba-common-bin=2:4.8.0-12.netgear3 \
    samba-common=2:4.8.0-12.netgear3 \
    samba-libs=2:4.8.0-12.netgear3 \
    libwbclient0=2:4.8.0-12.netgear3 \
    samba-vfs-modules=2:4.8.0-12.netgear3 \
    winbind=2:4.8.0-12.netgear3 \
    libnss-winbind=2:4.8.0-12.netgear3 \
    smbclient=2:4.8.0-12.netgear3

I have no idea why NTGR published the broken samba packages seemingly without proper testing. Most likely their dev environment doesn’t exhibit the problem between samba and systemd.

Gitea 1.15.7 (ReadyNAS OS 6 x86 / ARM)

I update Gitea more or less continuously, although without announcing every update. So as a short heads-up: Gitea is now available in version 1.15.7 for ReadyNAS OS 6 (x86 & ARM):

RNAirPrint Print Server is back (v21.12.04)

While earlier versions of ReadyNAS came with support for USB and network printers ReadyNAS OS 6 sadly is lacking that functionality. The RNAirPrint add-on brings back support for USB and network printers and it even makes those printers available to iOS and Android devices on your network. Check it out here:

Note: Not all printers are supported, some may need special drivers from their manufacturer. For detailed instructions see RNAirPrint Configuration.

Gitea 1.15.6 (ReadyNAS OS 6 x86 / ARM)

I update Gitea more or less continuously, although without announcing every update. So as a short heads-up: Gitea is now available in version 1.15.6 for ReadyNAS OS 6 (x86 & ARM):