TLSv1.2 for older ReadyNAS systems (RAIDiator 4.2.x & 5.x)

I was made aware of the fact that the last browser updates finally broke access to the ReadyNAS web UI on systems still running RAIDiator 4.x and 5.x. The problem is that the Apache web server on these boxes doesn’t support TLSv1.2 and all modern browsers by now have dropped support for anything below that. I already built a patch set with an updated version of Apache and an update OpenSSL package some two years ago but since I closed the add-on section for RAIDiator 4 and 5 on this web site they’re no longer accessible.

Since I don’t want to bring back the old parts of the web site I decided to put the patches on GitHub:

RAIDiator 4.2 TLSv1.2 update (x86 only)

RAIDiator 5 TLSv1.2 update (ARM)

Use at your own risk. They work for me – your mileage may vary. If you encounter any problems with these add-ons please report them in the “Issues” section on GitHub.

Note: If you do a factory reset or an OS reinstall you need to also install the update again.

Latest Samba updates from NTGR broken

First off: If you’re not updating your ReadyNAS from the command line you’re most likely not affected.
Also, if you never logged into your ReadyNAS using SSH, you’re most likely not affected.

However, if you’re updating your ReadyNAS from the SSH command line using something along the lines of apt update && apt full-upgrade chances are that you received the latest, broken updates to the samba packages, identified by the extension netgear4 to their version number.

This update by NTGR should provide a fix for CVE-2021-44142. However, in the process this fix seems to have broken the connection between the samba daemons and the central system daemon that monitors whether a service is running or not. As a result your SMB services won’t start anymore. Or to be more precise: they will start but since they can’t report back their status to systemd they’ll be killed again right away by systemd.

The quick fix

To fix this and revert to the old versions of samba without the broken fix you need to

  • log into your ReadyNAS using SSH as the user “root”
  • run the following command
    apt install samba=2:4.8.0-12.netgear3 \
    samba-common-bin=2:4.8.0-12.netgear3 \
    samba-common=2:4.8.0-12.netgear3 \
    samba-libs=2:4.8.0-12.netgear3 \
    libwbclient0=2:4.8.0-12.netgear3 \
    samba-vfs-modules=2:4.8.0-12.netgear3 \
    winbind=2:4.8.0-12.netgear3 \
    libnss-winbind=2:4.8.0-12.netgear3 \

I have no idea why NTGR published the broken samba packages seemingly without proper testing. Most likely their dev environment doesn’t exhibit the problem between samba and systemd.

Fix for the “LetsEncrypt problem”

As you may know, one of the Root-CAs that are used by LetsEncrypt expired on September 30, 2021. Unfortunately this not only affects older browsers but also the ReadyNAS, mainly because the package ca-certificates of its underlying operating system never got updated and still uses the the expired Root-CA.

This affects all tools on the NAS that have to connect to external systems that use certificates from LetsEncrypt – and of course some add-ons like Nextcloud that regularly try to connect to external sites for updates.

To fix the problem I backported the ca-certificates package from the current Debian distribution (“bullseye”) to the ReadyNAS. I also rebuilt the most affected tools like curl, wget, gnutls and openssl. The complete package is available as a free add-on:

To install, make sure your ReadyNAS has a working internet connection (check the DNS settings) and just upload as you would with a normal add-on.

Note: After installation the add-on will NOT show up in the list of installed add-ons. This is done on purpose to not clutter the interface. If in doubt just install again, no harm there.

If you find the add-on useful, please consider a donation:

MySQL Installer 1.0.5 (R6all)

If you’re a programmer you know the feeling when you squashed a bug and by doing so created another. Haven’t been there for quite a while but just learned that I did exactly that with the MySQL Installer 1.0.4. And unfortunately it took me a while to find and fix the newly introduced bug. But I did and here we go now with the latest incarnation of the MySQL installer, namely version 1.0.5. All those who already own an older version can download the update from the “My Account” page.

What it does is:

  • Install MariaDB 10.0.38 (or newer, depending on what is current in the repository)
  • Copy existing data over to the /apps location
  • Enable the “one file per table” feature for InnoDB
  • Enable the “Barracude” format for InnoDB
  • Allows to enable/disable the MySQL daemon from the “Installed Apps” window

Caveat: While the app does copy existing data to the new location it will not copy it back on uninstall. So make sure to have a backup if you ever decide to remove the app again, otherwise you’ll be stuck with the data you had when you installed it (as said: the app copies the data, it doesn’t move it). Now, if you’re still interested, here’s finally the link to the app:

NTGR repos broken for 6.10.2 (hold your updates)

Hi everyone,

Firmware 6.10.2 is out and unfortunately NTGR seems to have broken their package repositories with this release. From here it looks like there was a manual push of an updated package to the repos:

Get:2 6.10.2/main armel linux-libc-dev armel [774 kB]
Err:2 6.10.2/main armel linux-libc-dev armel
Writing more data than expected (774020 > 773886)
E: Failed to fetch Writing more data than expected (774020 > 773886)

E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

This affects many if not all new app installations but may also have a negative impact on firmware upgrades where the ReadyNAS tries to get updated packages from its known repositories. In the worst case this error prevents the ReadyNAS from updating properly which in turn may trigger an automatic cleanup procedure which then starts to remove packages and by doing so breaks some apps. I already informed NTGR about the problem but today being Sunday I don’t expect any immediate action.

For the moment please either don’t upgrade to 6.10.2 or if you already did and ran into problems please be patient until the situation is resolved by NTGR.