This page is not fully translated, yet. Please help completing the translation.
(remove this paragraph once the translation is finished)
OpenWrt 21.02.0-rc2 - 第二个发行候选版 - 2021 年 5 月 31 日
_______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- OpenWrt 21.02.0-rc2, r16122-c2139eef27 -----------------------------------------------------
OpenWrt是一个为嵌入式设备设计的一款Linux操作系统,它可以用于替换庞大数量的无线路由器 以及非网络设备的原厂固件。查看硬件支持表格获取更多 关于硬件支持的信息。如果你想知道更多关于OpenWrt项目的细节,可以查看 关于OpenWrt的页面。
在大部分情况下,使用系统升级工具可以将 OpenWrt 19.07 顺利的升级到 OpenWrt 21.02 并保留 配置文件,但我们还是建议您在升级之前备份一下您的配置。(参见下方的“升级”章节)
你可以在此下载到 OpenWrt 固件: https://downloads.openwrt.org/releases/21.02.0-rc2/
OpenWrt 21.02.0-rc1 到 21.02.0-rc2 的变更
OpenWrt社区在此非常自豪地发布 OpenWrt 21.02 系列的首个发行候选版。这个版本相对于之前的 OpenWrt 19.07 做出了超过 5800 次修改,并已经持续开发了一年半。
此候选发行版相对于之前的 21.02.0-rc1 候选发行版 的变更为:
已知问题
- LuCI
网络
迁移工具不会迁移自定义桥接的MAC地址。你需要手动设置设备的MAC地址。
新网络配置文件语法
/etc/config/network
文件的网络配置语法有一些改动:
config interface
中的选项ifname
重命名至device
(因其本身定义的就是一个设备(device)
)config device
中的类型bridge
和ifname
重命名至ports
- 安装自动生成的配置文件现在将第二层(
config device
)和第三层(config interface
)的配置分开了。
为保证兼容性,旧语法的配置文件依旧支持,且不会在升级过程中自动转换。
但 LuCI 网络界面会尝试检测旧语法并将其转换为新的语法,因为 LuCI 只支持新语法配置文件的编辑。
新的配置文件范例:
config device option name 'br-lan' option type 'bridge' option macaddr '00:01:02:XX:XX:XX' list ports 'lan1' list ports 'lan2' list ports 'lan3' list ports 'lan4' config interface 'lan' option device 'br-lan' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' config device option name 'eth1' option macaddr '00:01:02:YY:YY:YY' config interface 'wan' option device 'eth1' option proto 'dhcp' config interface 'wan6' option device 'eth1' option proto 'dhcpv6'
在此范例中,DSA 设备使用了 lanX
接口名称,而非 DSA 设备将会继续使用老的 ethX
接口名称。
LuCI 更新
LuCI 更新支持了新的网络配置文件语法(并在需要的时候能自动转换旧语法)。在部分情况下,自动转换过程需要两步。
添加了配置设备(config device
)的支持。此配置可以用于设置二层网络的配置(如MTU和MAC地址),也支持桥接设备(包括VLAN标签的设置)。
LuCI HTTPS
LuCI 现在可以同时通过 HTTP 和 HTTPS 访问了。
从 OpenWrt 19.07 升级到 OpenWRrt 21.02 的话,HTTP 请求会被重定向到 HTTPS。但如果是全新安装 OpenWrt 21.02,则不会启用重定向。你可以使用以下命令手动关闭重定向:
uci set uhttpd.main.redirect_https=0 uci commit uhttpd service uhttpd reload
软件更新
- Linux kernel updated to version 5.4.119 (from 5.4.111 in v21.02.0-rc1)
- mac80211 updated to version 5.10.34-1 (from 5.10.16-1 in v21.02.0-rc1)
- mac80211 backport upstream fixes for the new FragAttacks vulnerabilities in 802.11
- mt76 updated to latest version
- dnsmasq updated to version 2.85 (from 2.84 in v21.02.0-rc1)
- busybox updated to version 1.33.1 (from 1.33.0 in v21.02.0-rc1)
其他变更
- Linux kernel fix parsing fixed subpartitions
- Linux kernel Activate FORTIFY_SOURCE for MIPS kernel 5.4
- busybox add SRV support to nslookup_lede.c patch
- busybox disable PREFER_IPV4_ADDRESS
- openwrt-keyring only copy sign key for 21.02
- sdk, imagebuilder unset BINARY_FOLDER and DOWNLOAD_FOLDER in final archives
- uqmi fix network registration loop
设备支持
- Lantiq DSL multiple backports for DSL statistics
- New devices MikroTik SXTsq 5 ac, MikroTik hAP ac2
- Device fixes for ALFA Network devices, Youku YK1, TP-Link AD7200, TP-Link EAP-225, TP-Link TL-WR810N v1, MikroTik RB922UAGS-5HPaCD
OpenWrt 21.02.0 中的亮点
默认支持 WPA3
我们在 19.07 版本中引入了 WPA3 支持,但其并没有预装到出厂镜像中。
现在在 21.02 版本中,我们默认预装了这些 WPA3 所需的软件包。
默认支持 TLS 与 HTTPS
TLS support is now provided by default in OpenWrt images including the trusted CA certificates from Mozilla. It means that wget
and opkg
now support fetching resources over HTTPS out-of-the-box.
The opkg
download server is accessed through HTTPS by default.
OpenWrt switched from mbed TLS to wolfSSL as the default SSL library, mbed TLS and OpenSSL are still available and can be installed manually.
初步的 DSA 支持
DSA stands for Distributed Switch Architecture and is the Linux standard to deal with configurable Ethernet switches.
OpenWrt 21.02 comes with initial support for DSA, which replaces the swconfig
system that OpenWrt was using up until now.
Not all targets have been ported: some devices still use swconfig
while some devices already switched to DSA.
This is a significant change to how switch ports and VLANs are managed. As such, sysupgrade will not be able to convert existing swconfig
configuration to DSA configuration (see “Upgrading” below).
以下设备在 OpenWrt 21.02 中会使用 DSA 管理的交换机:
最低硬件需求增加: 8 MB 存储, 64 MB 内存
Due to new features being introduced and the general size increase of the Linux kernel, devices now need at least 8 MB of flash and 64 MB of RAM to run a default build of OpenWrt. More flash space is recommended for extensibility, see 8/64 warning
It is still possible to build custom OpenWrt images (e.g. using the ImageBuilder) that may fit devices with 4 MB of flash or 32 MB of RAM. However, the level of functionality will be reduced and there is no guarantee to stability. See OpenWrt on 4/32 devices for more details and guidance.
新设备支持
A new realtek target has been added, which is often found in managed switches. As a result, it is now possible to run OpenWrt on devices with a significant number of Ethernet ports. See supported devices for realtek.
In addition, new bcm4908 and rockchip targets have been added.
Support for many new boards was added to the existing targets.
不再支持的设备
The ar71xx target was deprecated in OpenWrt 19.07 and has been gradually replaced by ath79, see ar71xx-ath79 migration.
With OpenWrt 21.02, the ar71xx has now been removed and users must use ath79 instead. If you are still running with the ar71xx target, it is recommended to reinstall OpenWrt 21.02 from scratch. Users already on the ath79 target can use sysupgrade to upgrade to OpenWrt 21.02.
Other targets were also removed: cns3xxx, rb532 and samsung.
启用了 ASLR(地址空间配置随机加载)
Network exposed user space applications are linked as position-independent executable (PIE) to allow full Address Space Layout Randomization (ASLR) support. This makes it harder for attackers to exploit OpenWrt. See Hardening build options for more details.
Linux 内核启用容器支持
Multiple Linux kernel compile options, needed for Linux Containers (LXC) and procd-ujail are activated by default for most targets. This allows to use LXC and ujail with the normal release builds.
SELinux 支持
It is possible to compile OpenWrt with SELinux support. This is currently not activated by default.
核心部件更新
: this should be updated for the final 21.02.0 release.
Core components have the following versions in 21.02.0:
- Updated toolchain:
- musl libc 1.1.24
- glibc 2.33
- gcc 8.4.0
- binutils 2.34
- Updated Linux kernel
- 5.4.119 for all targets
- Network:
- hostapd 2020-06-08, dnsmasq 2.85, dropbear 2020.81
- cfg80211/mac80211 from kernel 5.10.34
- wireguard backport from upstream Linux kernel
- System userland:
- busybox 1.33.1
In addition to the listed applications, many others were also updated.
升级到 21.02.0-rc2
Sysupgrade can be used to upgrade a device from 19.07 to 21.02, and configuration will be preserved in most cases.
不支持从 18.06 升级到 21.02
There is no migration path for targets that switched from swconfig to DSA. In that case, sysupgrade will refuse to proceed with an appropriate error message:
Image version mismatch. image 1.1 device 1.0 Please wipe config during upgrade (force required) or reinstall. Config cannot be migrated from swconfig to DSA Image check failed
The default root file system partition size changed for targets/devices relying on booting from mass storage (HDD, USB flash, SD card, etc.), so MBR will change and any additional partition will be deleted when sysupgrading.
后记
一如既往的衷心感谢各位活动的软件包维护者、测试者、文档编写者和支持者的贡献。
祝各位用得开心!
OpenWrt 社区