OpenHarmony 3.0.5 LTS

Version Description

OpenHarmony 3.0.5 LTS is a maintenance version of OpenHarmony 3.0 LTS. This version has rectified certain issues detected in OpenHarmony 3.0.3 LTS and provides the following capability updates.

Enhanced capabilities for the small system

The DFX subsystem supports native crash information collection and device restart fault locating. The communication subsystem supports basic STA capabilities.

Version Mapping

Table 1 Version mapping of software and tools

Software/Tool Version Remarks
OpenHarmony 3.0.5 LTS NA
(Optional) HUAWEI DevEco Studio 3.0 Beta1 Recommended for developing OpenHarmony applications
(Optional) HUAWEI DevEco Device Tool 2.2 Beta2 Recommended for developing OpenHarmony smart devices

Source Code Acquisition

Prerequisites

  1. Register your account with Gitee.

  2. Register an SSH public key for access to Gitee.

  3. Install the git client and git-lfs, and configure user information.

    git config --global user.name "yourname"
    git config --global user.email "your-email-address"
    git config --global credential.helper store
    
  4. Run the following commands to install the repo tool:

    curl -s https://gitee.com/oschina/repo/raw/fork_flow/repo-py3 > /usr/local/bin/repo  # If you do not have the permission, download the tool to another directory and configure it as an environment variable by running the chmod a+x /usr/local/bin/repo command.
    pip3 install -i https://repo.huaweicloud.com/repository/pypi/simple requests
    

Acquiring Source Code Using the repo Tool

Method 1 (recommended): Use the repo tool to download the source code over SSH. (You must have an SSH public key for access to Gitee.)

repo init -u git@gitee.com:openharmony/manifest.git -b refs/tags/OpenHarmony-v3.0.5-LTS --no-repo-verify
repo sync -c
repo forall -c 'git lfs pull'

Method 2: Use the repo tool to download the source code over HTTPS.

repo init -u https://gitee.com/openharmony/manifest.git -b refs/tags/OpenHarmony-v3.0.5-LTS --no-repo-verify
repo sync -c
repo forall -c 'git lfs pull'

Acquiring Source Code from Mirrors

Table 2 Mirrors for acquiring source code

LTS Code Version Mirror SHA-256 Checksum
Full code base (for mini, small, and standard systems) 3.0.5 Download Download
Standard system Hi3516 solution (binary) 3.0.5 Download Download
Mini system Hi3861 solution (binary) 3.0.5 Download Download
Small system Hi3516 solution - LiteOS (binary) 3.0.5 Download Download
Small system Hi3516 solution - Linux (binary) 3.0.5 Download Download

What's New

Feature Updates

Table 3 New and enhanced features

Subsystem Standard System Mini and Small Systems
Communication NA Added basic STA capabilities for small-system devices (Linux).
The following requirements are involved:
I5AAFQ Supporting STA features such as scanning, connection, and automatic reconnection
I5AAFQ Dynamically obtaining IPv4 addresses for STA connections
DFX NA Added native crash information collection and device restart fault locating for small-system devices (Linux).
The following requirements are involved:
I57I8Y/I57TOE Collecting native crash information
I5C0QR Locating device restart faults on Linux 5.10

API Updates

This version does not involve API updates.

Chip and Development Board Adaptation

For details about the adaptation status, see SIG_DevBoard.

Resolved Issues

Table 4 Resolved issues

Issue No. Description
I4YBB0 No image is generated and the recorded video cannot be played when the system camera is used to take a photo and record a video. This issue occurs only for the Hi3516D V300 development board running on a small-system device (Linux).
I4YB87 No image is generated when the system camera is used to take a photo. This issue occurs only for the Hi3516D V300 development board running on a small-system device (Linux).
I4YAGS A blue screen is displayed when the system camera is accessed. This issue occurs only for the Hi3516D V300 development board running on a small-system device (Linux).
I59FZ7 Test cases of the telephony subsystem fail to run on standard-system devices.
I4Z2MI All test cases of the actsWifiJSApiTest, ActsHotSpotJSApiTest, and ActsP2PJSApiTest modules fail to run on standard-system devices.

Fixed Security Vulnerabilities

The following vulnerabilities are reported by the project teams. For details about the affected versions and patches released to fix the vulnerabilities, see Security Vulnerability Disclosure.

Table 5 Fixed security vulnerabilities

Vulnerability ID Description Impact Affected Repository
OpenHarmony-SA-2022-0501 The DSoftBus subsystem has a heap overflow vulnerability. Attackers can launch attacks locally, causing out-of-bounds memory access and obtaining system control rights. communication_dsoftbus
OpenHarmony-SA-2022-0502 The DSoftBus subsystem has a heap overflow vulnerability when receiving TCP messages. Attackers can launch attacks on the LAN to remotely execute code and obtain system control rights. communication_dsoftbus
OpenHarmony-SA-2022-0503 The DSoftBus subsystem has an out-of-bounds access vulnerability when processing device synchronization messages. Attackers can launch DoS attacks on the LAN, causing out-of-bounds memory access. communication_dsoftbus
OpenHarmony-SA-2022-0504 A pointer member contained in the Lock class is repeatedly released. Attackers can launch attacks locally to obtain system control rights. global_resmgr_standard
OpenHarmony-SA-2022-0601 The common event and notification subsystem has an authentication bypass vulnerability when deserializing objects. Attackers can launch attacks locally to bypass permissions, causing server process breakdown. notification_ces_standard
OpenHarmony-SA-2022-0602 The common event and notification subsystem has a verification bypass vulnerability, which can initiate SA relay attacks. Attackers can launch attacks locally to bypass verification and obtain system control rights. notification_ces_standard
OpenHarmony-SA-2022-0603 The update module has a verification bypass vulnerability, which can initiate SA relay attacks. Attackers can launch attacks locally to bypass verification and obtain system control rights. update_updateservice
OpenHarmony-SA-2022-0604 The multimedia subsystem has a verification bypass vulnerability, which can initiate SA relay attacks. Attackers can launch attacks locally to bypass verification and obtain system control rights. multimedia_media_standard