Erstellt vor 4 Jahren

Geschlossen vor 4 Jahren

Zuletzt geändert vor 19 Monaten

#2455 closed task (fixed)

Drop support for as many old firmwares as possible (for maintenance & security reasons)

Erstellt von: er13 Verantwortlicher: er13
Priorität: normal Meilenstein: freetz-next
Komponente: other Version: devel
Stichworte: Beobachter:
Product Id: Firmware Version:

Beschreibung

I was thinking of all 05.2X firmwares except for those AVM provided security fixes for.

Please raise your concenrs in this ticket as to why it should NOT be done.

Änderungshistorie (16)

comment:1 Geändert vor 4 Jahren durch er13

In 11976:

EWE 05.2x:

  • drop the (de-facto missing) support for EWE 05.2x firmwares
  • refs #2455

comment:2 Geändert vor 4 Jahren durch oliver

Perhaps we can use a two step process…

First we hide the firmwares from menuconfig. And if nobody complains within 4-6 weeks we remove them completely?

Is it possible to post a complete list of the affected firmwares with little effort?

comment:3 Geändert vor 4 Jahren durch er13

cat FIRMWARES | grep -E "[.]05[.]2[0-9] " | grep -Ev "(54|74|84|99)[.]05"
	* 67.05.21 rev22227
	* 96.05.21 rev22227
	* 96.05.23 rev22968 (International)
	* 103.05.21 rev22533
	* 103.05.23 rev22845 (International)
	* 108.05.27 rev23542
	* 105.05.27 rev23567
	* 105.05.24 rev22786 (International)
	* 73.05.22 rev22574
	* 117.05.23 rev22847
	* 100.05.22 rev22574
	* 107.05.22 rev22574
	* 107.05.24 rev23190 (International)
	* 116.05.22 rev22574
	* 111.05.24 rev22845 (International)
	* 124.05.22 rev22574
	* 109.05.22 rev22574

Alles Revisions < 27349, also von der Sicherheitslücke betroffen.

comment:4 Geändert vor 4 Jahren durch dileks

Recent changes to the kernel-wiki do not list boxes with AR7 kernel-layout.
Thus, my question: Does the Freetz project support these boxes - for security reasons: 1. ancient linux-2.6.13.x 2. rudimental IPv6 support, 3. etc.?

Thanks in advance for answering.

Zuletzt geändert vor 4 Jahren von dileks (vorher) (Diff)

comment:5 Geändert vor 4 Jahren durch er13

We still support boxes with ar7/ohio layout. We do not plan to drop support for them, we however also do not plan to put any effort into improving IPv6-support on these boxes (you're however welcome to provide tested and working patches).

The only reason these boxes are not listed on the kernel wiki page is that no one had time to do it. You're welcome to compare the published sources and update the page accordingly.

comment:6 Geändert vor 4 Jahren durch er13

In 12099:

3272 (experimental):

  • drop support for (insecure) 05.5x-de-firmware
  • refs #2455

comment:7 Geändert vor 4 Jahren durch er13

In 12100:

6810 (experimental):

  • drop incomplete (i.e. de-facto missing) support for (insecure) 05.2x-de-firmware
  • drop support for (insecure) 05.5x-de-firmware
  • refs #2455

comment:8 Geändert vor 4 Jahren durch er13

In 12101:

6842 (experimental):

  • drop support for (insecure) 05.5x-de-firmware
  • refs #2455

comment:9 Geändert vor 4 Jahren durch er13

In 12102:

7272 (experimental):

  • drop support for (insecure) 05.5x-de-firmware
  • refs #2455

comment:10 Antwort: Geändert vor 4 Jahren durch er13

In 12254:

05.2x firmware series:

  • drop support for all 05.2x-firmwares with no security fix from AVM (as of now by just disabling them in menuconfig, provided no complaints come up within the next 4 weeks we will also drop the corresponding code base)
  • refs #2455

comment:11 als Antwort auf: ↑ 10 Geändert vor 4 Jahren durch hippie2000

Replying to er13:

In 12254:

provided no complaints come up within the next 4 weeks we will also drop the corresponding code basis)
 * refs #2455

I hereby want to complain. The existing fixed WDS firmwares were released upon request - short after the huge fix. AVM may add more models once they have time.

Unfixed WDS Firmwares should be hidden (ie: real developer flag) and not removed.

If AVM does not offer them upon another request there may still be an alien solution.

Don't remove this chance / any code base.

comment:12 Geändert vor 4 Jahren durch er13

  • Lösung auf fixed gesetzt
  • Status von new nach closed geändert
  • Verantwortlicher auf er13 gesetzt

In 12340:

  • restore support for all firmwares disabled in r12254 (two user complaints - #1, #2)
  • in case vulnerable firmware is selected provide a BIG FAT WARNING pointing that out
  • closes #2455

comment:13 Geändert vor 19 Monaten durch er13

In 14091:

Fritz!OS 05.2x:

  • drop support for all vulnerable 05.2x firmwares ("vulnerable" stands here for "affected by Feb.2014 vulnerability")
  • 05.2x is still supported for 7270v2/7270v3-de/en, 7340-en, 7390-de/en, and 7240_7270-alien
  • refs #2455

comment:14 Geändert vor 19 Monaten durch er13

In 14093:

  • remove W500V_7150-alien related code (never finished, commented out since years)
  • refs #2455

comment:15 Geändert vor 19 Monaten durch er13

In 14097:

Fritz!OS 05.5x:

  • drop support for all vulnerable 05.5x firmwares ("vulnerable" stands here for "affected by Feb.2014 vulnerability")
  • drop support for all 05.5x firmwares for AR9(7312, 7320, 7330, 7330SL) und VR9(3370, 3390, 6840, 7360v1, 7360v2, 7360sl, 7362sl, 7490) boxes
  • refs #2455

comment:16 Geändert vor 19 Monaten durch er13

In 14100:

Fritz!OS-6.0x, Fritz!OS-6.2x/6.3x:

  • merge international & Belgian firmware lists (Belgian releases are regular international releases with some fixes for Belgian providers)
  • from now on no be - international/belgian menuconfig option is offered anymore, Belgian users should select en - international to get support for their boxes
  • refs #2455
Hinweis: Hilfe zur Verwendung von Tickets finden Sie in TracTickets.