Ukukhutshwa okutsha okubalulekileyo kokusasazwa kwe-OpenWrt 21.02.0 kuye kwaqaliswa, okujoliswe ekusetyenzisweni kwizixhobo ezahlukeneyo zenethiwekhi ezifana nee-router, iiswitshi kunye neendawo zokufikelela. I-OpenWrt ixhasa amaqonga amaninzi ahlukeneyo kunye noyilo lwezakhiwo kwaye inenkqubo yokuhlanganisa evumela ukuba kube lula kwaye kulula ukuhlanganisa ukudibanisa, kubandakanywa amacandelo ahlukeneyo kwindibano, eyenza kube lula ukwenza i-firmware esele yenziwe okanye umfanekiso wedisk kunye neseti efunekayo ye-pre- iipakethe ezifakiweyo ezilungiselelwe imisebenzi ethile. Iindibano zenzelwe amaqonga angama-36 ekujoliswe kuwo.
Phakathi kotshintsho kwi-OpenWrt 21.02.0 oku kulandelayo kuphawulwe:
- Ubuncinci beemfuno zehardware zonyusiwe. Kulwakhiwo olungagqibekanga, ngenxa yokufakwa kwe-Linux kernel subsystems ezongezelelweyo, usebenzisa i-OpenWrt ngoku ifuna isixhobo esine-8 MB Flash kunye ne-64 MB RAM. Ukuba unqwenela, usenokwenza eyakho indibano ekhutshiweyo enokusebenza kwizixhobo ezine-4 MB Flash kunye ne-32 MB RAM, kodwa ukusebenza kwendibano enjalo kuya kuthintelwa, kwaye uzinzo lokusebenza aluqinisekiswanga.
- Iphakheji eyisiseko ibandakanya iiphakheji zokuxhasa iteknoloji yokhuseleko lwenethiwekhi ye-WPA3 engenazintambo, ekhoyo ngoku ngokungagqibekanga zombini xa usebenza kwimodi yomxhasi kwaye xa udala indawo yokufikelela. I-WPA3 ibonelela ngokhuseleko kuhlaselo lokuqikelela igama lokugqitha (akuyi kuvumela ukuqikelela igama lokugqitha kwimo engasebenziyo) kwaye isebenzisa iprothokholi yoqinisekiso ye-SAE. Ukukwazi ukusebenzisa i-WPA3 kubonelelwe kubaqhubi abaninzi bezixhobo ezingenazingcingo.
- Iphakheji yesiseko ibandakanya inkxaso ye-TLS kunye ne-HTTPS ngokungagqibekanga, ekuvumela ukuba ufikelele kwi-interface ye-LuCI Web phezu kwe-HTTPS kwaye usebenzise izinto eziluncedo ezifana ne-wget kunye ne-opkg ukubuyisela ulwazi kwiindlela zonxibelelwano ezifihliweyo. Iiseva apho iipakethe ezikhutshelwayo nge-opkg zihanjiswa zikwatshintshelwa ekuthumeleni ulwazi nge-HTTPS ngokungagqibekanga. Ithala leencwadi le-mbedTLS elisetyenziselwa uguqulelo oluntsonkothileyo lithathelwe indawo yiwolfSSL (ukuba kukho imfuneko, unokufaka ngesandla i-mbedTLS kunye namathala eencwadi e-OpenSSL, aqhubeka nokubonelelwa njengokhetho). Ukuqwalasela ukuthunyelwa ngokuzenzekelayo kwi-HTTPS, ujongano lwewebhu lunikeza ukhetho "uhttpd.main.redirect_https=1".
- Inkxaso yokuqala iphunyeziwe kwi-DSA (i-Distributed Switch Architecture) i-kernel subsystem, ebonelela ngezixhobo zokuqwalasela nokulawula i-cascade yokutshintshwa kwe-Ethernet edibeneyo, usebenzisa iindlela ezisetyenziselwa ukuqwalasela i-interfaces yenethiwekhi eqhelekileyo (iproute2, ifconfig). I-DSA ingasetyenziselwa ukuqwalasela izibuko kunye ne-VLAN endaweni yesixhobo se-swconfig esinikeziwe ngaphambili, kodwa ayingabo bonke abaqhubi abatshintshayo abaxhasa i-DSA okwangoku. Kukhupho olucetywayo, i-DSA yenziwe ukuba i-ath79 (TP-Link TL-WR941ND), bcm4908, gemini, kirkwood, mediatek, mvebu, octeon, ramips (mt7621) kunye nabaqhubi berealtek.
- Utshintsho lwenziwe kwi-syntax yeefayile zoqwalaselo ezibekwe kwi/etc/config/network. Kwibhloko ye-"config interface", i-"ifname" i-option iye yabizwa ngokuba yi-"device", kwaye kwibhloko ye-"config device", i-"bridge" kunye ne-"ifname") iinketho ziye zabizwa ngokuba yi-"ports". Ufakelo olutsha, iifayile ezihlukeneyo kunye nezicwangciso zezixhobo (uluhlu lwe-2, ibhloko ye "config device") kunye ne-interfaces yenethiwekhi (i-3, ibhloko ye-"config interface") yenziwe ngoku. Ukugcina ukuhambelana komva, inkxaso ye-syntax endala igcinwa, okt. izicwangciso ezenziwe ngaphambili aziyi kufuna utshintsho. Kule meko, kwi-interface yewebhu, ukuba i-syntax endala ifunyenwe, isiphakamiso sokufudukela kwi-syntax entsha siya kuboniswa, okuyimfuneko ukuhlela izicwangciso ngokusebenzisa ujongano lwewebhu.
Umzekelo wolungelelwaniso olutsha: igama lokhetho lwesixhobo soqwalaselo 'br-lan' uhlobo lokukhetha 'ibhulorho' ukhetho macaddr '00:01:02:XX:XX:XX' uluhlu lwamazibuko 'lan1' uluhlu lwamazibuko 'lan2' uluhlu lwamazibuko 'lan3' uluhlu lwamazibuko 'lan4' ujongano loqwalaselo 'lan' isixhobo sokhetho 'br-lan' ukhetho proto 'static' ukhetho ipaddr '192.168.1.1' ukhetho netmask '255.255.255.0' ukhetho ip6assign '60' configuration isixhobo igama ukhetho 'eth1' ukhetho macaddr '00 :01:02:YY:YY:YY' ujongano loqwalaselo 'wan' isixhobo sokhetho 'eth1' ukhetho lweproto 'dhcp' ujongano loqwalaselo 'wan6' isixhobo sokhetho 'eth1' ukhetho lweproto 'dhcpv6'
Ngokufanisa kunye neefayile zokucwangcisa /etc/config/network, amagama entsimi ebhodini.json atshintshiwe ukusuka "igama lomfanekiso" ukuya "kwisixhobo".
- Iqonga elitsha elithi "realtek" longezwe, livumela i-OpenWrt ukuba isetyenziswe kwizixhobo ezinenani elikhulu leechweba ze-Ethernet, ezifana ne-D-Link, i-ZyXEL, i-ALLNET, i-INABA kunye ne-NETGEAR Ethernet switch.
- Kongezwe i-bcm4908 entsha kunye namaqonga e-rockchip kwizixhobo ezisekelwe kwi-Broadcom BCM4908 kunye ne-Rockchip RK33xx SoCs. Imiba yenkxaso yesixhobo iye yasonjululwa kumaqonga axhasiweyo ngaphambili.
- Inkxaso yeqonga le-ar71xx liphelisiwe, endaweni yoko kufuneka kusetyenziswe iqonga le-ath79 (kwizixhobo ezisekelwe kwi-ar71xx, kuyacetyiswa ukuba ubuyisele i-OpenWrt ukusuka ekuqaleni). Inkxaso ye-cns3xxx (i-Cavium Networks CNS3xxx), i-rb532 (i-MikroTik RB532) kunye ne-samsung (SamsungTQ210) iiplatifomu nazo ziye zayekiswa.
- Iifayile eziphunyeziweyo zezicelo ezibandakanyekayo ekuqhubeni uxhulumaniso lwenethiwekhi ziqulunqwe kwimodi ye-PIE (i-Position-Independent Executables) kunye nenkxaso epheleleyo ye-address space randomization (ASLR) ukwenza kube nzima ukuxhaphaza ubuthathaka kwizicelo ezinjalo.
- Xa kusakhiwa i-Linux kernel, iinketho zenziwe ngokungagqibekanga ukuxhasa ubuchwephesha bokubekelwa bucala kwezikhongozeli, ukuvumela i-LXC toolkit kunye nemowudi ye-procd-ujail ukuba isetyenziswe kwi-OpenWrt kumaqonga amaninzi.
- Ikhono lokwakha ngenkxaso yenkqubo yokulawula ukufikelela kwi-SELinux inikwe (ikhutshaziwe ngokungagqibekanga).
- Iinguqulelo zephakheji ezihlaziyiweyo, kuquka ukukhutshwa okucetywayo musl libc 1.1.24, glibc 2.33, gcc 8.4.0, binutils 2.34, hostapd 2020-06-08, dnsmasq 2.85, dropbear 2020.81, busybox1.33.1. I-Linux kernel ihlaziywe kwinguqulo ye-5.4.143, ifaka i-cfg80211/mac80211 isitaki esingenazingcingo esivela kwi-5.10.42 kernel kunye nenkxaso ye-Wireguard VPN.
umthombo: opennet.ru