docs, README: import v2017.1.3 release notes

This commit is contained in:
Matthias Schiffer 2017-10-04 22:53:30 +02:00
parent cc1f6555c8
commit 36c940c11d
No known key found for this signature in database
GPG Key ID: 16EF3F64CB201D9C
4 changed files with 69 additions and 3 deletions

View File

@ -19,7 +19,7 @@ the future development of Gluon.
Please refrain from using the `master` branch for anything else but development purposes!
Use the most recent release instead. You can list all releases by running `git tag`
and switch to one by running `git checkout v2017.1.2 && make update`.
and switch to one by running `git checkout v2017.1.3 && make update`.
If you're using the autoupdater, do not autoupdate nodes with anything but releases.
If you upgrade using random master commits the nodes *will break* eventually.

View File

@ -66,6 +66,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
:caption: Releases
:maxdepth: 1
releases/v2017.1.3
releases/v2017.1.2
releases/v2017.1.1
releases/v2017.1

View File

@ -0,0 +1,65 @@
Gluon 2017.1.3
==============
The LEDE base of Gluon has been updated to v17.01.3, including various updates,
stability improvements and security fixes. This includes some critical fixes
to core packages like dnsmasq (see below for details); upgrading all Gluon
nodes to v2017.1.3 is highly recommended.
Bugfixes
~~~~~~~~
* dnsmasq has been upgraded to v2.78, fixing CVE-2017-13704, CVE-2017-14491,
CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495 and
2017-CVE-14496
While many of the most severe (remote code execution) vulnarabilities are in
the DHCP component of dnsmasq, which is not active on a Gluon node unless in
Config Mode, CVE-2017-14491 does affect us. An attacker can cause memory
corruption and possibly remote code execution by deploying a malicious DNS
server and tricking a node into querying this server.
* The Linux kernel has been upgraded to v4.4.89
* Multiple security issues have been fixed in packages that are not usually part
of the Gluon build, including tcpdump, curl and mbedtls
Please refer to the
`LEDE commit log <https://git.lede-project.org/?p=source.git;a=shortlog;h=refs/heads/lede-17.01>`_
for details.
* Filtering of multicast packages between the mesh and the *local-node* interface
has been fixed (`#1230 <https://github.com/freifunk-gluon/gluon/issues/1230>`_)
This issue was causing gluon-radvd to send a router advertisement to the local
clients whenever a router solicitation from the mesh was received. In busy
meshes, it would continuously send router advertisements every 3 seconds.
* Reject autoupdater mirror URLs not starting with ``http://`` during build
(`9ab93992d1fc <https://github.com/freifunk-gluon/gluon/commit/9ab93992d1fca1b9cfa09c54d39cc92d3699055a>`_)
* Fix MAC addresses on TP-Link TL-WR1043ND v4 when installing Gluon over newer
stock firmwares (`#1223 <https://github.com/freifunk-gluon/gluon/issues/1223>`_)
Known issues
~~~~~~~~~~~~
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
(`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
segfaults, but did not make them disappear completely.

View File

@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
started with Gluon we recommend to use the latest stable release of Gluon.
Take a look at the `list of gluon releases`_ and notice the latest release,
e.g. *v2017.1.2*. Always get Gluon using git and don't try to download it
e.g. *v2017.1.3*. Always get Gluon using git and don't try to download it
as a Zip archive as the archive will be missing version information.
Please keep in mind that there is no "default Gluon" build; a site configuration
@ -43,7 +43,7 @@ Building the images
-------------------
To build Gluon, first check out the repository. Replace *RELEASE* with the
version you'd like to checkout, e.g. *v2017.1.2*.
version you'd like to checkout, e.g. *v2017.1.3*.
::