diff --git a/README.md b/README.md index d015362b..a2204654 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ the future development of Gluon. Please refrain from using the `master` branch for anything else but development purposes! Use the most recent release instead. You can list all releases by running `git tag` -and switch to one by running `git checkout v2017.1.2 && make update`. +and switch to one by running `git checkout v2017.1.3 && make update`. If you're using the autoupdater, do not autoupdate nodes with anything but releases. If you upgrade using random master commits the nodes *will break* eventually. diff --git a/docs/index.rst b/docs/index.rst index 97d6b09d..a1b93c9d 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -66,6 +66,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre :caption: Releases :maxdepth: 1 + releases/v2017.1.3 releases/v2017.1.2 releases/v2017.1.1 releases/v2017.1 diff --git a/docs/releases/v2017.1.3.rst b/docs/releases/v2017.1.3.rst new file mode 100644 index 00000000..7eb27e8b --- /dev/null +++ b/docs/releases/v2017.1.3.rst @@ -0,0 +1,65 @@ +Gluon 2017.1.3 +============== + +The LEDE base of Gluon has been updated to v17.01.3, including various updates, +stability improvements and security fixes. This includes some critical fixes +to core packages like dnsmasq (see below for details); upgrading all Gluon +nodes to v2017.1.3 is highly recommended. + + +Bugfixes +~~~~~~~~ + +* dnsmasq has been upgraded to v2.78, fixing CVE-2017-13704, CVE-2017-14491, + CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495 and + 2017-CVE-14496 + + While many of the most severe (remote code execution) vulnarabilities are in + the DHCP component of dnsmasq, which is not active on a Gluon node unless in + Config Mode, CVE-2017-14491 does affect us. An attacker can cause memory + corruption and possibly remote code execution by deploying a malicious DNS + server and tricking a node into querying this server. + +* The Linux kernel has been upgraded to v4.4.89 + +* Multiple security issues have been fixed in packages that are not usually part + of the Gluon build, including tcpdump, curl and mbedtls + + Please refer to the + `LEDE commit log `_ + for details. + +* Filtering of multicast packages between the mesh and the *local-node* interface + has been fixed (`#1230 `_) + + This issue was causing gluon-radvd to send a router advertisement to the local + clients whenever a router solicitation from the mesh was received. In busy + meshes, it would continuously send router advertisements every 3 seconds. + +* Reject autoupdater mirror URLs not starting with ``http://`` during build + (`9ab93992d1fc `_) + +* Fix MAC addresses on TP-Link TL-WR1043ND v4 when installing Gluon over newer + stock firmwares (`#1223 `_) + + +Known issues +~~~~~~~~~~~~ + +* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) + + Reducing the TX power in the Advanced Settings is recommended. + +* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 `_) + + This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed). + +* Inconsistent respondd API (`#522 `_) + + The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while. + +* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx + (`#1157 `_) + + The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of + segfaults, but did not make them disappear completely. diff --git a/docs/user/getting_started.rst b/docs/user/getting_started.rst index 691c488c..7a97feab 100644 --- a/docs/user/getting_started.rst +++ b/docs/user/getting_started.rst @@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting started with Gluon we recommend to use the latest stable release of Gluon. Take a look at the `list of gluon releases`_ and notice the latest release, -e.g. *v2017.1.2*. Always get Gluon using git and don't try to download it +e.g. *v2017.1.3*. Always get Gluon using git and don't try to download it as a Zip archive as the archive will be missing version information. Please keep in mind that there is no "default Gluon" build; a site configuration @@ -43,7 +43,7 @@ Building the images ------------------- To build Gluon, first check out the repository. Replace *RELEASE* with the -version you'd like to checkout, e.g. *v2017.1.2*. +version you'd like to checkout, e.g. *v2017.1.3*. ::