Home Explore Help
Register Sign In
FreifunkHochstift
/
gluon
6
0
Fork 0
Files Issues 0 Pull Requests 0
Branch: master
Branches Tags
gluon
/
docs
/
releases
/
v2017.1.3.rst

v2017.1.3.rst 2.9 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 
  1. Gluon 2017.1.3
    2. 

  2. ==============
    3. 

  3. 

  4. The LEDE base of Gluon has been updated to v17.01.3, including various updates,
    5. 

  5. stability improvements and security fixes. This includes some critical fixes
    6. 

  6. to core packages like dnsmasq (see below for details); upgrading all Gluon
    7. 

  7. nodes to v2017.1.3 is highly recommended.
    8. 

  8. 

  9. 

  10. Bugfixes
    11. 

  11. ~~~~~~~~
    12. 

  12. 

  13. * dnsmasq has been upgraded to v2.78, fixing CVE-2017-13704, CVE-2017-14491,
    14. 

  14.   CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495 and
    15. 

  15.   2017-CVE-14496
    16. 

  16. 

  17.   While many of the most severe (remote code execution) vulnarabilities are in
    18. 

  18.   the DHCP component of dnsmasq, which is not active on a Gluon node unless in
    19. 

  19.   Config Mode, CVE-2017-14491 does affect us. An attacker can cause memory
    20. 

  20.   corruption and possibly remote code execution by deploying a malicious DNS
    21. 

  21.   server and tricking a node into querying this server.
    22. 

  22. 

  23. * The Linux kernel has been upgraded to v4.4.89
    24. 

  24. 

  25. * Multiple security issues have been fixed in packages that are not usually part
    26. 

  26.   of the Gluon build, including tcpdump, curl and mbedtls
    27. 

  27. 

  28.   Please refer to the
    29. 

  29.   `LEDE commit log <https://git.lede-project.org/?p=source.git;a=shortlog;h=refs/heads/lede-17.01>`_
    30. 

  30.   for details.
    31. 

  31. 

  32. * Filtering of multicast packets between the mesh and the *local-node* interface
    33. 

  33.   has been fixed (`#1230 <https://github.com/freifunk-gluon/gluon/issues/1230>`_)
    34. 

  34. 

  35.   This issue was causing gluon-radvd to send a router advertisement to the local
    36. 

  36.   clients whenever a router solicitation from the mesh was received. In busy
    37. 

  37.   meshes, it would continuously send router advertisements every 3 seconds.
    38. 

  38. 

  39. * Reject autoupdater mirror URLs not starting with ``http://`` during build
    40. 

  40.   (`9ab93992d1fc <https://github.com/freifunk-gluon/gluon/commit/9ab93992d1fca1b9cfa09c54d39cc92d3699055a>`_)
    41. 

  41. 

  42. * Fix MAC addresses on TP-Link TL-WR1043ND v4 when installing Gluon over newer
    43. 

  43.   stock firmwares (`#1223 <https://github.com/freifunk-gluon/gluon/issues/1223>`_)
    44. 

  44. 

  45. 

  46. Known issues
    47. 

  47. ~~~~~~~~~~~~
    48. 

  48. 

  49. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
    50. 

  50. 

  51.   Reducing the TX power in the Advanced Settings is recommended.
    52. 

  52. 

  53. * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
    54. 

  54. 

  55.   This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
    56. 

  56. 

  57. * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
    58. 

  58. 

  59.   The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
    60. 

  60. 

  61. * Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
    62. 

  62.   (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
    63. 

  63. 

  64.   The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
    65. 

  65.   segfaults, but did not make them disappear completely.
    66.