OpenHarmony 3.0.5 LTS
Version Description
OpenHarmony 3.0.5 LTS is a maintenance version of OpenHarmony 3.0 LTS. This version has rectified certain issues detected in OpenHarmony 3.0.3 LTS and provides the following capability updates.
Enhanced capabilities for the small system
The DFX subsystem supports native crash information collection and device restart fault locating. The communication subsystem supports basic STA capabilities.
Version Mapping
Table 1 Version mapping of software and tools
Software/Tool | Version | Remarks |
---|---|---|
OpenHarmony | 3.0.5 LTS | NA |
(Optional) HUAWEI DevEco Studio | 3.0 Beta1 | Recommended for developing OpenHarmony applications |
(Optional) HUAWEI DevEco Device Tool | 2.2 Beta2 | Recommended for developing OpenHarmony smart devices |
Source Code Acquisition
Prerequisites
-
Register your account with Gitee.
-
Register an SSH public key for access to Gitee.
-
Install the git client and git-lfs, and configure user information.
git config --global user.name "yourname" git config --global user.email "your-email-address" git config --global credential.helper store
-
Run the following commands to install the repo tool:
curl -s https://gitee.com/oschina/repo/raw/fork_flow/repo-py3 > /usr/local/bin/repo # If you do not have the permission, download the tool to another directory and configure it as an environment variable by running the chmod a+x /usr/local/bin/repo command. pip3 install -i https://repo.huaweicloud.com/repository/pypi/simple requests
Acquiring Source Code Using the repo Tool
Method 1 (recommended): Use the repo tool to download the source code over SSH. (You must have an SSH public key for access to Gitee.)
repo init -u git@gitee.com:openharmony/manifest.git -b refs/tags/OpenHarmony-v3.0.5-LTS --no-repo-verify
repo sync -c
repo forall -c 'git lfs pull'
Method 2: Use the repo tool to download the source code over HTTPS.
repo init -u https://gitee.com/openharmony/manifest.git -b refs/tags/OpenHarmony-v3.0.5-LTS --no-repo-verify
repo sync -c
repo forall -c 'git lfs pull'
Acquiring Source Code from Mirrors
Table 2 Mirrors for acquiring source code
LTS Code | Version | Mirror | SHA-256 Checksum |
---|---|---|---|
Full code base (for mini, small, and standard systems) | 3.0.5 | Download | Download |
Standard system Hi3516 solution (binary) | 3.0.5 | Download | Download |
Mini system Hi3861 solution (binary) | 3.0.5 | Download | Download |
Small system Hi3516 solution - LiteOS (binary) | 3.0.5 | Download | Download |
Small system Hi3516 solution - Linux (binary) | 3.0.5 | Download | Download |
What's New
Feature Updates
Table 3 New and enhanced features
Subsystem | Standard System | Mini and Small Systems |
---|---|---|
Communication | NA | Added basic STA capabilities for small-system devices (Linux). The following requirements are involved: I5AAFQ Supporting STA features such as scanning, connection, and automatic reconnection I5AAFQ Dynamically obtaining IPv4 addresses for STA connections |
DFX | NA | Added native crash information collection and device restart fault locating for small-system devices (Linux). The following requirements are involved: I57I8Y/I57TOE Collecting native crash information I5C0QR Locating device restart faults on Linux 5.10 |
API Updates
This version does not involve API updates.
Chip and Development Board Adaptation
For details about the adaptation status, see SIG_DevBoard.
Resolved Issues
Table 4 Resolved issues
Issue No. | Description |
---|---|
I4YBB0 | No image is generated and the recorded video cannot be played when the system camera is used to take a photo and record a video. This issue occurs only for the Hi3516D V300 development board running on a small-system device (Linux). |
I4YB87 | No image is generated when the system camera is used to take a photo. This issue occurs only for the Hi3516D V300 development board running on a small-system device (Linux). |
I4YAGS | A blue screen is displayed when the system camera is accessed. This issue occurs only for the Hi3516D V300 development board running on a small-system device (Linux). |
I59FZ7 | Test cases of the telephony subsystem fail to run on standard-system devices. |
I4Z2MI | All test cases of the actsWifiJSApiTest, ActsHotSpotJSApiTest, and ActsP2PJSApiTest modules fail to run on standard-system devices. |
Fixed Security Vulnerabilities
The following vulnerabilities are reported by the project teams. For details about the affected versions and patches released to fix the vulnerabilities, see Security Vulnerability Disclosure.
Table 5 Fixed security vulnerabilities
Vulnerability ID | Description | Impact | Affected Repository |
---|---|---|---|
OpenHarmony-SA-2022-0501 | The DSoftBus subsystem has a heap overflow vulnerability. | Attackers can launch attacks locally, causing out-of-bounds memory access and obtaining system control rights. | communication_dsoftbus |
OpenHarmony-SA-2022-0502 | The DSoftBus subsystem has a heap overflow vulnerability when receiving TCP messages. | Attackers can launch attacks on the LAN to remotely execute code and obtain system control rights. | communication_dsoftbus |
OpenHarmony-SA-2022-0503 | The DSoftBus subsystem has an out-of-bounds access vulnerability when processing device synchronization messages. | Attackers can launch DoS attacks on the LAN, causing out-of-bounds memory access. | communication_dsoftbus |
OpenHarmony-SA-2022-0504 | A pointer member contained in the Lock class is repeatedly released. | Attackers can launch attacks locally to obtain system control rights. | global_resmgr_standard |
OpenHarmony-SA-2022-0601 | The common event and notification subsystem has an authentication bypass vulnerability when deserializing objects. | Attackers can launch attacks locally to bypass permissions, causing server process breakdown. | notification_ces_standard |
OpenHarmony-SA-2022-0602 | The common event and notification subsystem has a verification bypass vulnerability, which can initiate SA relay attacks. | Attackers can launch attacks locally to bypass verification and obtain system control rights. | notification_ces_standard |
OpenHarmony-SA-2022-0603 | The update module has a verification bypass vulnerability, which can initiate SA relay attacks. | Attackers can launch attacks locally to bypass verification and obtain system control rights. | update_updateservice |
OpenHarmony-SA-2022-0604 | The multimedia subsystem has a verification bypass vulnerability, which can initiate SA relay attacks. | Attackers can launch attacks locally to bypass verification and obtain system control rights. | multimedia_media_standard |