-
rc/2022060875c0794d · rm test flag ·
Moin Moin, Ich habe heute eine neue Firmware gebaut. Basisdaten: * Firmware-Version: 20220608 * Gluon-Version: v2021.1.x * Commit ID: 595abcf8cb2dc794801c6ed5f1641783fccf5806 * Download: https://firmware.ffnw.de/l2tp/20220608/ Folgende Gluon spezifischen Änderungen gab es unter anderen: * The Linux kernel was updated to version 4.14.275 * The mac80211 wireless driver stack was updated to a version based on kernel 4.19.237 * [SECURITY] Autoupdater: Fix signature verification. * [SECURITY] Config Mode: Prevent Cross-Site Request Forgery (CSRF). * Config Mode: Fix occasionally hanging page load after submitting the configuration wizard causing the reboot message and VPN key not to be displayed. * Config Mode (OSM): Update default OpenLayers source URL. * Config Mode (OSM): Fix error when using " character in attribution text. * respondd-module-airtime: Fix respondd crash on devices with disabled WLAN interfaces. * ipq40xx: Fix bad WLAN performance on Plasma Cloud PA1200 and PA2200 devices. * Fix occasional build failure in “perl” package with high number of threads (-j32 or higher). * status page: WLAN channel display does not require the respondd- module-airtime package anymore. * status page: The “gateway nexthop” label now links to the status page of the nexthop node. * status page: The timeout to retrieve information from neighbour nodes was increased, making the display of the name of overloaded, slow or otherwise badly reachable nodes more likely to succeed. Die upstream Änderungen findet ihr hier: https://github.com/freifunk-gluon/gluon/compare/2dad91bdcb315474cb311c892fc08570c567eab0...595abcf8cb2dc794801c6ed5f1641783fccf5806 Folgende Comunnity spezifischen Änderungen gab es im siteconf repo: Die Änderungen an der Siteconf können im Siteconf-Repo hier eingesehen werden: https://git.ffnw.de/ffnw-firmware/siteconf/-/compare/rc%2F20211030...rc%2F20220608 Ich bitte euch die Änderungen zu prüfen und die Firmware im Anschluss zu signieren. Die Dokumentation zum Signaturprozess findet ihr im Wiki unter: https://wiki.ffnw.de/Firmware/Releaseprozess#Firmware_signieren Ein Script zum vereinfachten signieren findet ihr hier: https://git.ffnw.de/lrnzo/firmware-signing-made-easy Viele Grüße Jan-Tarek Butt
-
20210915
Sign Request 20210915 Moin Moin, Ich habe heute eine neue Firmware gebaut. Basisdaten: * Firmware-Version: 20210915 * Gluon-Version: v2021.1.x * Commit ID: 0622764ed123beb7cee8e06ed49d20afd6d906be * Download: https://firmware.ffnw.de/l2tp/20210915/ Folgende Gluon spezifischen Änderungen gab es unter anderen: Added hardware support: ath79-generic * Plasma Cloud - PA300 - PA300E * TP-Link - Archer C2 v3 - Archer D50 v1 * Joy-IT - JT-OR750i ipq40xx-generic * AVM - FRITZ!Box 7530 * Plasma Cloud - PA1200 - PA2200 ramips-mt7620 * Netgear - EX3700 - EX3800 ramips-mt76x8 * Xiaomi - Mi Router 4A (100M Edition) Major changes: Multicast optimizations (batman-adv): In this release, we reenable the multicast optimizations, that have gone through another round of bug squashing upstream. With this feature batman-adv will distribute IPv6 link-local multicast packets via individual unicast packets instead of flooding them through the whole mesh as long as the number of subscribed nodes does not exceed 16. This reduces layer 2 overhead, especially for IPv6 Neighbour Discovery. We also relaxed the firewall for IPv6 multicast packets: Instead of always dropping non-essential multicast packets we now allow all IPv6 link-local multicast packets to pass when the destination group has up to 16 subscribers Status page: The status page has received much attention in this release and now exposes many more details that help to understand a node's setup remotely. Among other things, we now expose wireless client count per radio, the mac80211 identifiers, the frequencies radios are tuned to, as well as information about the VPN provider and details on the mesh protocol stack. gluon-switch-domain utility: The ``gluon-switch-domain`` utility has been introduced to allow for a standard way to encapsulate the steps required for safely switching between domains. Existing packages like the hoodselector and the scheduled-domain-switch have been tied in with gluon-switch-domain. It has an experimental ``--no-reboot`` flag that requires further testing, to ensure it doesn't accidentally bridge separate domains. Other changes: - The private WLAN interface is now assigned the interface name `wan_radioX` where X is the phy index. - Linux kernel has been updated to 4.14.235 - The kernel's mac80211 stack has been updated to 4.19.193-test1 to mitigate the `FragAttacks <https://www.fragattacks.com/>`_ vulnerabilities - OpenSSL has been updated to 1.1.1l, fixing CVE-2021-3449 and CVE-2021-3450 - openssl: use --cross-compile-prefix in Configure - Dropbear has been patched against mishandling of special filenames in its scp component (CVE-2020-36524) - kernel: bump 4.14 to 4.14.245 Bugfixes: - The firmware partition lookup in gluon-web-admin's firmware update page was using an old partition label and therefore failed to look up the available flash size. This resulted in misleading error messages in case the uploaded firmware file exceeds the flash size. - Android 9 and higher do not properly wake up to renew their MLD subscriptions, therefore dropping out of the Neighbor Discovery MLD group, which leads to broken IPv6 connectivity after the device has slept for a while. A workaround has been deployed to wake these devices up in regular intervals to prevent this regression. - Missing bandwith limit settings resulted in a respondd crash for v2021.1. - The Tunneldigger VPN provider was not registered with the Gluon VPN backend, resulting in broken Tunneldigger configurations. - Disabling Radio interfaces in v2021.1 could lead to nullpointer dereferences in the respondd airtime module, as the survey returns no data in this case. Internal: Mesh-VPN Abstraction Layer: In preparation for the introduction of new tunneling protocols, the gluon-mesh-vpn framework has been modularized. This allows for providers to use a standard interface and keep their implementation details in a dedicated package. Continuous Integration: * GitHub Actions - GitHub actions is now enabled for the Gluon project, build-testing all available targets. - CI jobs are now run based on which paths have been modified. - Linters for lua and shell scripts have been integrated. Die upstream Änderungen findet ihr hier: https://github.com/freifunk-gluon/gluon/compare/197e44da8ba47104ac088aedac73cde35135db67...0622764ed123beb7cee8e06ed49d20afd6d906be Folgende Comunnity spezifischen Änderungen gab es im siteconf repo: * Das Buildscript kann nun builddir cleanups über alle Architekturen. * ein RC autoupdater branch ist eingerichtet um das testen von release canidates zu vereinfachen. * Alle Domains bekommen ein zusätzliches neues IPv6 Präfix. * Die Domain Delmenhorst wurde westlicher von Delmenhost verschoben und heißt jetzt Landkreis Oldenburg. Hinzugekommen ist die Domain Bremen. * Teile der Domain landkreis_osnabrueck wurden in die Domain bad_iburg verschoben um Domain grenzen weniger durch Ortschaften laufen zu lassen und die Anzahl der Router pro Domain anzugleichen. * Die Domain landkreis_wittmund wurde in landkreis_wittmund_nord und landkreis_wittmund_sued geteilt. * Der Patch 0004-patches-openwrt-add-0016-ath9k-check-for-deaf-rx-pat.patch wurde entfernt. * eine Outdoor channel liste wurde hinzugefügt. Die Änderungen an der Siteconf können im Siteconf-Repo hier eingesehen werden: https://git.ffnw.de/ffnw-firmware/siteconf/-/compare/rc%2F20210427...rc%2F20210915 Ich bitte euch die Änderungen zu prüfen und die Firmware im Anschluss zu signieren. Die Dokumentation zum Signaturprozess findet ihr im Wiki unter: https://wiki.ffnw.de/Firmware/Releaseprozess#Firmware_signieren Ein Script zum vereinfachten signieren findet ihr hier: https://git.ffnw.de/lrnzo/firmware-signing-made-easy Viele Grüße Jan-Tarek Butt _______________________________________________ Dev mailing list -- dev@lists.ffnw.de To unsubscribe send an email to dev-leave@lists.ffnw.de
-
20210427
Sign Request 20210427 Moin Moin, Ich habe heute eine neue Firmware gebaut. Basisdaten: * Firmware-Version: 20210427 * Gluon-Version: v2020.2.x * Commit ID: 197e44da8ba47104ac088aedac73cde35135db67 * Download: https://firmware.ffnw.de/l2tp/20210427/ Folgende Gluon spezifischen Änderungen gab es unter anderen: - LEDs on the ASUS RT-AC51 are now fully functional. - Netgear EX6150v1 randomly booting into failsafe mode has been fixed. This happened dependant on the state of the mode setting switch. - Dnsmasq has been patched against multiple security issues in its DNS response validation. See the OpenWrt advisory at https://openwrt.org/advisory/2021-01-19-1 Other changes ------------- - Linux kernel has been updated to 4.14.224 - batman-adv fixes were backported from its 2021.0 release - OpenSSL has been updated to 1.1.1k Die upstream Änderungen findet ihr hier: https://github.com/freifunk-gluon/gluon/compare/90d0e33c619cef9e0af928ef4d6477f6c1bdc0de...197e44da8ba47104ac088aedac73cde35135db67 Folgende Comunnity spezifischen Änderungen gab es im siteconf repo: * romove package ffnw-vxlan-switch * activate VXLAN for domain: leer, lohne, oldenburg2, osnabrueck, osnabrueck2, rastede, suedost, tossens und wilhelmshaven alle domains haben nun vxlan aktiviert. Die Änderungen an der Siteconf können im Siteconf-Repo hier eingesehen werden: https://git.ffnw.de/ffnw-firmware/siteconf/-/compare/rc%2F20210103...rc%2F20210427 Ich bitte euch die Änderungen zu prüfen und die Firmware im Anschluss zu signieren. Die Dokumentation zum Signaturprozess findet ihr im Wiki unter: https://wiki.ffnw.de/Firmware/Releaseprozess#Firmware_signieren Ein Script zum vereinfachten signieren findet ihr hier: https://git.ffnw.de/lrnzo/firmware-signing-made-easy Viele Grüße Jan-Tarek Butt _______________________________________________ Dev mailing list -- dev@lists.ffnw.de To unsubscribe send an email to dev-leave@lists.ffnw.de
-
rc/20210915
Moin Moin, Ich habe heute eine neue Firmware gebaut. Basisdaten: * Firmware-Version: 20210915 * Gluon-Version: v2021.1.x * Commit ID: 0622764ed123beb7cee8e06ed49d20afd6d906be * Download: https://firmware.ffnw.de/l2tp/20210915/ Folgende Gluon spezifischen Änderungen gab es unter anderen: Added hardware support: ath79-generic * Plasma Cloud - PA300 - PA300E * TP-Link - Archer C2 v3 - Archer D50 v1 * Joy-IT - JT-OR750i ipq40xx-generic * AVM - FRITZ!Box 7530 * Plasma Cloud - PA1200 - PA2200 ramips-mt7620 * Netgear - EX3700 - EX3800 ramips-mt76x8 * Xiaomi - Mi Router 4A (100M Edition) Major changes: Multicast optimizations (batman-adv): In this release, we reenable the multicast optimizations, that have gone through another round of bug squashing upstream. With this feature batman-adv will distribute IPv6 link-local multicast packets via individual unicast packets instead of flooding them through the whole mesh as long as the number of subscribed nodes does not exceed 16. This reduces layer 2 overhead, especially for IPv6 Neighbour Discovery. We also relaxed the firewall for IPv6 multicast packets: Instead of always dropping non-essential multicast packets we now allow all IPv6 link-local multicast packets to pass when the destination group has up to 16 subscribers Status page: The status page has received much attention in this release and now exposes many more details that help to understand a node's setup remotely. Among other things, we now expose wireless client count per radio, the mac80211 identifiers, the frequencies radios are tuned to, as well as information about the VPN provider and details on the mesh protocol stack. gluon-switch-domain utility: The ``gluon-switch-domain`` utility has been introduced to allow for a standard way to encapsulate the steps required for safely switching between domains. Existing packages like the hoodselector and the scheduled-domain-switch have been tied in with gluon-switch-domain. It has an experimental ``--no-reboot`` flag that requires further testing, to ensure it doesn't accidentally bridge separate domains. Other changes: - The private WLAN interface is now assigned the interface name `wan_radioX` where X is the phy index. - Linux kernel has been updated to 4.14.235 - The kernel's mac80211 stack has been updated to 4.19.193-test1 to mitigate the `FragAttacks <https://www.fragattacks.com/>`_ vulnerabilities - OpenSSL has been updated to 1.1.1l, fixing CVE-2021-3449 and CVE-2021-3450 - openssl: use --cross-compile-prefix in Configure - Dropbear has been patched against mishandling of special filenames in its scp component (CVE-2020-36524) - kernel: bump 4.14 to 4.14.245 Bugfixes: - The firmware partition lookup in gluon-web-admin's firmware update page was using an old partition label and therefore failed to look up the available flash size. This resulted in misleading error messages in case the uploaded firmware file exceeds the flash size. - Android 9 and higher do not properly wake up to renew their MLD subscriptions, therefore dropping out of the Neighbor Discovery MLD group, which leads to broken IPv6 connectivity after the device has slept for a while. A workaround has been deployed to wake these devices up in regular intervals to prevent this regression. - Missing bandwith limit settings resulted in a respondd crash for v2021.1. - The Tunneldigger VPN provider was not registered with the Gluon VPN backend, resulting in broken Tunneldigger configurations. - Disabling Radio interfaces in v2021.1 could lead to nullpointer dereferences in the respondd airtime module, as the survey returns no data in this case. Internal: Mesh-VPN Abstraction Layer: In preparation for the introduction of new tunneling protocols, the gluon-mesh-vpn framework has been modularized. This allows for providers to use a standard interface and keep their implementation details in a dedicated package. Continuous Integration: * GitHub Actions - GitHub actions is now enabled for the Gluon project, build-testing all available targets. - CI jobs are now run based on which paths have been modified. - Linters for lua and shell scripts have been integrated. Die upstream Änderungen findet ihr hier: https://github.com/freifunk-gluon/gluon/compare/197e44da8ba47104ac088aedac73cde35135db67...0622764ed123beb7cee8e06ed49d20afd6d906be Folgende Comunnity spezifischen Änderungen gab es im siteconf repo: * Das Buildscript kann nun builddir cleanups über alle Architekturen. * ein RC autoupdater branch ist eingerichtet um das testen von release canidates zu vereinfachen. * Alle Domains bekommen ein zusätzliches neues IPv6 Präfix. * Die Domain Delmenhorst wurde westlicher von Delmenhost verschoben und heißt jetzt Landkreis Oldenburg. Hinzugekommen ist die Domain Bremen. * Teile der Domain landkreis_osnabrueck wurden in die Domain bad_iburg verschoben um Domain grenzen weniger durch Ortschaften laufen zu lassen und die Anzahl der Router pro Domain anzugleichen. * Die Domain landkreis_wittmund wurde in landkreis_wittmund_nord und landkreis_wittmund_sued geteilt. * Der Patch 0004-patches-openwrt-add-0016-ath9k-check-for-deaf-rx-pat.patch wurde entfernt. * eine Outdoor channel liste wurde hinzugefügt. Die Änderungen an der Siteconf können im Siteconf-Repo hier eingesehen werden: https://git.ffnw.de/ffnw-firmware/siteconf/-/compare/rc%2F20210427...rc%2F20210915 Ich bitte euch die Änderungen zu prüfen und die Firmware im Anschluss zu signieren. Die Dokumentation zum Signaturprozess findet ihr im Wiki unter: https://wiki.ffnw.de/Firmware/Releaseprozess#Firmware_signieren Ein Script zum vereinfachten signieren findet ihr hier: https://git.ffnw.de/lrnzo/firmware-signing-made-easy Viele Grüße Jan-Tarek Butt
-
-
-
-
-
-
-
-
20201102
Release 20201102