v2017.1.3.rst 2.9 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. Gluon 2017.1.3
  2. ==============
  3. The LEDE base of Gluon has been updated to v17.01.3, including various updates,
  4. stability improvements and security fixes. This includes some critical fixes
  5. to core packages like dnsmasq (see below for details); upgrading all Gluon
  6. nodes to v2017.1.3 is highly recommended.
  7. Bugfixes
  8. ~~~~~~~~
  9. * dnsmasq has been upgraded to v2.78, fixing CVE-2017-13704, CVE-2017-14491,
  10. CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495 and
  11. 2017-CVE-14496
  12. While many of the most severe (remote code execution) vulnarabilities are in
  13. the DHCP component of dnsmasq, which is not active on a Gluon node unless in
  14. Config Mode, CVE-2017-14491 does affect us. An attacker can cause memory
  15. corruption and possibly remote code execution by deploying a malicious DNS
  16. server and tricking a node into querying this server.
  17. * The Linux kernel has been upgraded to v4.4.89
  18. * Multiple security issues have been fixed in packages that are not usually part
  19. of the Gluon build, including tcpdump, curl and mbedtls
  20. Please refer to the
  21. `LEDE commit log <https://git.lede-project.org/?p=source.git;a=shortlog;h=refs/heads/lede-17.01>`_
  22. for details.
  23. * Filtering of multicast packages between the mesh and the *local-node* interface
  24. has been fixed (`#1230 <https://github.com/freifunk-gluon/gluon/issues/1230>`_)
  25. This issue was causing gluon-radvd to send a router advertisement to the local
  26. clients whenever a router solicitation from the mesh was received. In busy
  27. meshes, it would continuously send router advertisements every 3 seconds.
  28. * Reject autoupdater mirror URLs not starting with ``http://`` during build
  29. (`9ab93992d1fc <https://github.com/freifunk-gluon/gluon/commit/9ab93992d1fca1b9cfa09c54d39cc92d3699055a>`_)
  30. * Fix MAC addresses on TP-Link TL-WR1043ND v4 when installing Gluon over newer
  31. stock firmwares (`#1223 <https://github.com/freifunk-gluon/gluon/issues/1223>`_)
  32. Known issues
  33. ~~~~~~~~~~~~
  34. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  35. Reducing the TX power in the Advanced Settings is recommended.
  36. * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  37. This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
  38. * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  39. The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
  40. * Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
  41. (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
  42. The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
  43. segfaults, but did not make them disappear completely.