========================================================= === ChangeLog Information for AstLinux 1.x === === === docs/ChangeLog.txt ========================================================= Additions for AstLinux 1.3.7: ============================= Released 2019-11-05 ** System -- Linux Kernel 3.16.74 (version bump), security and bug fixes -- RUNNIX, version bump to runnix-0.5.10, with Linux Kernel 3.16.74, e2fsprogs 1.45.4 -- igb, version bump to 5.3.5.39, Intel Gigabit Ethernet Network Driver -- e1000e version bump to 3.6.0 Intel PCI-Express PRO/1000 Ethernet Linux driver -- genx86_64-vm board type, version bump VMware Tools to open-vm-tools 10.3.10 -- expat, version bump to 2.2.9, security fix: CVE-2019-15903 -- libpcap, version bump to 1.9.1, security fixes: CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165, CVE-2018-16301 -- libsrtp, version bump to 2.2.0, adds OpenSSL 1.1 compatibility -- libyaml, version bump to 0.2.2 -- php, major version bump to 7.2.23, adds OpenSSL 1.1 compatibility -- sqlite, version bump to 3.29.0 -- strace, version bump to 5.3 -- e2fsprogs, version bump to 1.45.4, security fix: CVE-2019-5094 -- libusb, version bump to 1.0.23 -- acme-client, version 2.8.1, add upstream patch from 2.8.3 to fix Let's Encrypt CDN changes. -- acpid, version bump to 2.0.32 -- ethtool, version bump to 5.2 -- iprange, version 1.0.4, new command, a tool capable of managing sets of IPs -- logrotate, version bump to 3.15.1 -- ne, version bump to 3.2.1 -- nut, version 2.7.4, using "Buildroot" patch for OpenSSL 1.1 compatibility -- Fossil, major version bump to 2.9, adds numerous enhancements to the look and feel of the web interface -- Monit, version bump to 5.26.0, security and bug fixes. -- rng-tools, version 6.5, jitterentropy version bump to 2.2.0 -- screen, version bump to 4.7.0 -- sudo, version bump to 1.8.28p1, security fix: CVE-2019-14287 -- zabbix, version bump to 3.0.28 -- ca-certificates, update trusted root certificates 2019-10-16 -- Time Zone Database update, tzdata2019c and php-timezonedb-2019.3 -- mac2vendor, oui.txt database snapshot 2019-07-12 -- (Custom Build Only) flashrom, version bump to 1.1 ** Networking -- OpenSSL, major version bump to 1.1.1d, security fixes: CVE-2019-1549, CVE-2019-1563, CVE-2019-1547 -- OpenSSH, version 8.1p1, adds OpenSSL 1.1 compatibility -- WireGuard VPN, version bump to 0.0.20191012 -- libcurl (curl) version bump to 7.66.0, security fixes: CVE-2019-5481, CVE-2019-5482 -- ipsec-tools, version 0.8.2, using "Buildroot" patch for OpenSSL 1.1 compatibility -- iksemel, revert to version 1.4, (using Debian patches) without OpenSSL support -- iperf3, version bump to 3.7 -- keepalived, version bump to 2.0.18 -- lighttpd, add /admin/wiki/ alias to /mnt/kd/wiki/ for 'staff' or 'admin' users Optionally, replace /mnt/kd/wiki/index.html (or index.php) with a custom wiki web page. -- luasec, version bump to 0.8.2, adds OpenSSL 1.1 compatibility -- msmtp, version bump to 1.8.6 -- mtr, version bump to 0.93 -- netsnmp, version bump to 5.8, adds OpenSSL 1.1 compatibility -- openldap, version bump to 2.4.48 -- tarsnap, add /mnt/kd/acme to the default included directories -- tcpdump, version bump to 4.9.3, security fixes: 27 CVE's -- whois, version bump to 5.5.2 -- unbound (host), version bump to 1.9.4 -- arnofw (AIF), reload-blocklist-netset cron script, add new netset types asterisk: Aggregate multiple Asterisk/SIP/VoIP blacklists, including blocklist_de_sip. custom: Use variable BLOCKLIST_CUSTOM_URLS containing one or more (space/newline separated) URLs. customv6: Use variable BLOCKLIST_CUSTOMV6_URLS containing one or more (space/newline separated) URLs. More info: http://doc.astlinux-project.org/userdoc:tt_firewall_external_block_list#updating_netset_blocklists -- arnofw (AIF), wireguard-vpn plugin, add support for WG->Local TCP/UDP INPUT policy firewall rules. New rc.conf variables: WIREGUARD_HOST_OPEN_TCP, WIREGUARD_HOST_OPEN_UDP, WIREGUARD_HOST_DENY_TCP, WIREGUARD_HOST_DENY_UDP More info: http://doc.astlinux-project.org/userdoc:tt_wireguard_vpn#wireguard_configuration_options -- WAN Failover, add optional support for a script called before any Secondary -> Primary WAN link change. The exit value of the optional /mnt/kd/wan-failover-exit.script determines when the failover exits to primary. More info: http://doc.astlinux-project.org/userdoc:tt_wan_failover#exit_action_script_optional -- (Custom Build Only) autossh, auto-restart ssh connections - typically reverse proxies, version 1.4g Warning: No public repository for development, only private. -- (Custom Build Only) mosquitto, MQTT client, version 1.6.7 ** Asterisk -- Asterisk 13.23.1 ('13se' version) Older than latest Asterisk 13.x version but more tested, built --without-pjproject Add json-integer-overflow patches. Add security patches for: AST-2019-002, AST-2019-003 -- Asterisk 13.29.1 (version bump) and 16.6.1 (version bump) New modules: app_attended_transfer.so, app_blind_transfer.so -- DAHDI, dahdi-linux 2.10.2 (no change) and dahdi-tools 2.10.2 (no change) -- pjsip 2.9 (version bump) -- FOP2, available version bump to 2.31.26 Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade ** Web Interface -- Core, disable PHP output buffering for file downloads using readfile(). Fixes issue with very large files. -- Prefs, System and Staff tabs, add support for Backup Exclude Suffixes Example, in Prefs tab -> System & Staff Tab Options: Backup Exclude Suffixes: | rom,bin,fwu | This will exclude all *.rom, *.bin and *.fwu files in all backup types in the System/Staff tabs. -- Edit tab, add support for CodeMirror text editing. Keyboard Actions: (after clicking text edit area) Note: Windows users, use Ctrl instead of Cmd Cmd-f -> Find Cmd-g -> Find Next Cmd-/ -> Toggle Comment Cmd-. -> Toggle Comment Tab -> Toggle between "fullscreen" (full-window) mode and normal Esc -> Return to normal, "fullscreen" (full-window) mode off More info: http://doc.astlinux-project.org/userdoc:tt_web_interface_edit_codemirror_key_map -- Prefs tab -> Edit Tab Options: _x_ CodeMirror Editor uncheck to use the standard HTML text editor. Theme: [ default ] select the desired theme for CodeMirror. Tip: [solarized], [seti-mks] and [zenburn] are worth a look. -- Tweak to eliminate PHP 7 Warning and Deprecated errors. -- Edit tab, add [Apply user.conf variables] as the first selector to { Reload/Restart }. Additionally a basic syntax check is performed on the resulting /etc/rc.conf file. -- Edit tab, add Reload/Restart menu selection hints to be context-sensitive. -- All tabs, add a 'Goto Top' button on the upper-right when scrolled down such that tabs are not shown. -- WireGuard sub-tab, add WG->Local TCP/UDP firewall rules support. More info: http://doc.astlinux-project.org/userdoc:tt_wireguard_vpn#wireguard_configuration_options -- Prefs tab, add "Show Wiki Tab" and "External Wiki Link" options. The Wiki Link may be an external site or access the local Wiki using /mnt/kd/wiki/ with: External Wiki Link: https://localhost/admin/wiki/ Note: Only 'staff' or 'admin' web users are allowed to access the local Wiki. More info: http://doc.astlinux-project.org/userdoc:tt_web_interface_wiki Additions for AstLinux 1.3.6: ============================= Released 2019-07-02 ** System -- Linux Kernel 3.16.69, security and bug fixes, including MDS (ZombieLoad) and SACK Panic mitigation support. -- linux, add kernel patch to the 'k10temp' kernel module adding support for the HPE ProLiant MicroServer Gen10 -- RUNNIX, version bump to runnix-0.5.9, with Linux Kernel 3.16.69, busybox 1.30.1, e2fsprogs 1.45.2 -- e1000e version bump to 3.4.2.4 Intel PCI-Express PRO/1000 Ethernet Linux driver -- busybox, major version bump to 1.30.1, security and bug fixes. -- libedit, version bump to 20190324-3.1 -- expat, version bump to 2.2.7, security fixes -- libpng, version bump to 1.6.37 -- libsodium, version bump to 1.0.18 -- acme-client, version bump to 2.8.1 -- e2fsprogs, version bump to 1.45.2 -- ethtool, version bump to 5.1 -- htop, major version bump to 2.2.0 -- ne, new package, version 3.1.2, the nice editor, an excellent alternative to nano ne is easy to use for the beginner, but powerful and fully configurable for the wizard. Includes syntax checking for: asterisk, conf, ini, perl, sh More Info: http://ne.di.unimi.it/ -- pcre, version bump to 8.43 -- sqlite, version bump to 3.28.0 -- strace, version bump to 5.1 -- Monit, version bump to 5.25.3, security and bug fixes. -- system-vendor, update system-vendor.ids -- ca-certificates, update trusted root certificates 2019-05-15 -- Time Zone Database update, tzdata2019a and php-timezonedb-2019.1 -- mac2vendor, oui.txt database snapshot 2019-04-23 -- (Custom Build Only) flashrom, version bump to 1.0.1 ** Networking -- OpenSSL, version bump to 1.0.2s, security fixes: CVE-2019-1559 -- OpenVPN, version bump to 2.4.7 -- WireGuard VPN, version bump to 0.0.20190601 Add "service wireguard reload" support. This allows WireGuard peers to be edited, added, and/or removed with minimal impact to active tunnels. -- libcurl (curl) version bump to 7.65.1, security fixes: CVE-2018-16890, CVE-2019-3822, CVE-2019-3823 CVE-2019-5435, CVE-2019-5436 -- shellinabox, version 2.20, add DoS security fix. -- avahi, version 0.6.32, security fix: CVE-2017-6519 (CVE-2018-1000845) -- chrony, version bump to 3.5 -- darkstat, add NETSTAT_EXTIF rc.conf variable to specify the External Interface, defaults to the $EXTIF interface. -- fping, version bump to 4.2 -- getdns/stubby, version bump to 1.5.2/0.2.6 -- keepalived, version bump to 2.0.16 -- msmtp, version bump to 1.8.4 -- stunnel, version bump to 5.54 -- unbound (host), version bump to 1.9.2 -- whois, version bump to 5.4.3 -- (Custom Build Only) sipp, version bump to 3.6.0 ** Asterisk -- Asterisk 11.x, no longer included, officially EOL 2017-10-25 -- Asterisk 13.23.1 (new '13se' version) Older than latest Asterisk 13.x version but more tested, built --without-pjproject Adds: When a Dial() has a B() option 'Return(IgnoreNoAnswerCDR)' ignore unanswered events -- Asterisk 13.27.0 (version bump) and 16.4.0 (new version) Adds: res_mwi_devstate.so, MWI Device State Subscriptions Adds: When a Dial() has a B() option 'Return(IgnoreNoAnswerCDR)' ignore unanswered events -- DAHDI, dahdi-linux 2.10.2 (no change) and dahdi-tools 2.10.2 (no change) -- pjsip 2.8 (no change) -- FOP2, available version bump to 2.31.23. Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade ** Web Interface -- Network tab, add NETSTAT_EXTIF support -- Network tab, change Outbound SMTP defaults to Port 465, Auth "plain", TLS/SSL and Check Cert. -- Network, Edit tabs, add "Reload WireGuard VPN" support to apply peer changes/additions/deletions. -- Status tab, add "ChangeLog" link to display changes since AstLinux 1.2.0 using local file storage. Additions for AstLinux 1.3.5.2: =============================== Released 2019-02-19 ** System -- Linux Kernel 3.16.61, security and bug fixes -- RUNNIX, version bump to runnix-0.5.7, with Linux Kernel 3.16.61, kexec 2.0.18 -- igb, version bump to 5.3.5.22, Intel Gigabit Ethernet Network Driver -- e1000e version bump to 3.4.2.3 Intel PCI-Express PRO/1000 Ethernet Linux driver -- genx86_64-vm board type, version bump QEMU Guest Agent to qemu-ga 3.1.0 -- liburiparser, version bump to 0.9.1, security fixes -- libqrencode, version 4.0.2, new package used to generate QR codes. Securely transfer credentials to mobile devices. -- libpng, version 1.6.36, new package used by qrencode. -- libedit, version bump to 20181209-3.1 -- libsodium, version bump to 1.0.17 -- libxml2, version bump to 2.9.9 -- e2fsprogs, version bump to 1.44.5 -- ethtool, version bump to 4.19 -- kexec, version bump to 2.0.18 -- logrotate, version bump to 3.15.0 -- jansson, version bump to 2.12 (Asterisk 13) -- lm-sensors, version bump to 3.5.0 -- ncurses, major version bump to 6.1 -- pciutils, version bump to 3.6.2 -- php, version bump to 5.6.40 -- sqlite, version bump to 3.25.3 -- strace, version bump to 4.26 -- sudo, version bump to 1.8.27 -- tiff, version bump to 4.0.10 -- fossil, new feature to optionally send commit notifications via email while using 'fossil-commit'. New rc.conf variable FOSSIL_NOTIFY must be defined (via user.conf) as To: email address to enable. Additional new, optional rc.conf variables: FOSSIL_NOTIFY_FROM, FOSSIL_HOSTNAME -- alert, on boot create a /etc/motd MOTD (Message of the Day) file containing system information. The MOTD is displayed at post-login by ssh, console and web interface CLI tab login. New rc.conf variable ENABLE_MOTD, display MOTD at post-login, "yes" or "no", defaults to "yes" -- system-vendor, update system-vendor.ids -- ca-certificates, update trusted root certificates 2019-01-23 -- Time Zone Database update, tzdata2018i and php-timezonedb-2018.9 -- mac2vendor, oui.txt database snapshot 2018-10-21 ** Networking -- OpenSSL, version bump to 1.0.2q, security fixes: CVE-2018-0734, CVE-2018-5407 -- WireGuard VPN, version bump to 0.0.20190123 -- WireGuard VPN, add wireguard-mobile-client script to manage mobile clients. Also used by the web interface. New rc.conf variables WIREGUARD_HOSTNAME and WIREGUARD_CLIENT_ROUTING -- OpenSSH, version 7.5p1, security fix: CVE-2018-20685 -- libcurl (curl) version bump to 7.63.0, security fixes: CVE-2018-16839, CVE-2018-16840, CVE-2018-16842 -- prosody, version bump to 0.10.3 -- dnsmasq, version bump to 2.80 -- getdns/stubby, version bump to 1.5.1/0.2.5 -- fping, major version bump to 4.1 Note: Now handles both IPv4 and IPv6 via a single binary, fping6 is a sym-link for backward compatibility. -- iperf, version bump to 2.0.13 -- wol-host, new command to send Wake-on-LAN packet to specified host, by IP or DNS name. Example: wol-host --ping 192.168.101.13 More info: wol-host --help -- lighttpd, version bump to 1.4.51, bug and security fixes -- keepalived, version bump to 2.0.12 -- arnofw (AIF), various upstream fixes and tweaks -- arnofw (AIF), add WIREGUARD_ALLOW_OPENVPN rc.conf variable, Allow WireGuard tunnel to OpenVPN tunnel(s), disabled by default. Add OVPN_CLIENT_ISOLATION and WIREGUARD_PEER_ISOLATION rc.conf variables, OpenVPN and WireGuard plugins, disabled by default. Add WIREGUARD_REDIRECT_PORTS rc.conf variable, WireGuard plugin, disabled by default. -- ngrep, version bump to 1.47 -- openldap, version bump to 2.4.47 -- sngrep, version bump to 1.4.6 -- unbound (host), version bump to 1.8.3 -- whois, version bump to 5.4.0 -- wide-dhcpv6, when no suitable internal interfaces are defined to receive a prefix delegation, use a dummy interface named 'ip6pd'. -- network, udhcpc.script, add support for 'leasefail' condition If no DHCP lease is established, generate a temporary 169.254/16 (RFC 3927) IPv4 Link-Local address ** Asterisk -- Asterisk 11.25.3 (no change) and 13.24.1 (version bump) -- DAHDI, dahdi-linux 2.10.2 (no change) and dahdi-tools 2.10.2 (no change) -- pjsip 2.8 (version bump) -- FOP2, available version bump to 2.31.21. Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade ** Web Interface -- OpenVPN Server and Client sub-tabs, Disable Compression by default -- Firewall sub-tab, add WIREGUARD_ALLOW_OPENVPN rc.conf variable support -- WireGuard VPN sub-tab, add "Mobile Client Defaults" and "Mobile Client Credentials" sections. Mobile clients can be added and deleted, configurations edited and credentials (including a QR code) downloaded. -- Status tab, improve layout of "WireGuard VPN Status" section. -- OpenVPN Server and WireGuard VPN sub-tabs, add "Client Isolation" and "Peer Isolation" firewall options. -- WireGuard VPN sub-tab, add "Redirect Ports" firewall option. -- CSS style sheet, add 'Menlo' to included monospace font-family. Additions for AstLinux 1.3.4: ============================= Released 2018-10-04 ** System -- Linux Kernel 3.16.57, security and bug fixes -- RUNNIX, version bump to runnix-0.5.6, with Linux Kernel 3.16.57, e2fsprogs 1.44.4 Added kernel drivers: virtio-blk -- igb, version bump to 5.3.5.20, Intel Gigabit Ethernet Network Driver -- e1000e version bump to 3.4.2.1 Intel PCI-Express PRO/1000 Ethernet Linux driver -- genx86_64-vm board type, add support for virtio-blk as a bootable disk driver, also added to RUNNIX. Tested via Proxmox and Vultr (hosted). -- genx86_64-vm board type, add support for QEMU Guest Agent (qemu-ga 2.12.0). New rc.conf variable QEMU_GUEST_AGENT must be set to "yes" to enable. -- rng-tools, new package, version 6.5, Random Number Generator (RNG) daemon Enabled by default to increase the available entropy for the kernel's "random" sources. Uses one of 3 sources, in order: 1) /dev/hwrng (typically via virtio-rng for the genx86_64-vm board type) 2) Intel RDRAND instruction on supported CPU's 3) jitterentropy, Hardware RNG based on CPU timing jitter New rc.conf variable HWRNG_MODULE can be set to "no" to disable. -- acme-client, version bump to 2.7.9 -- php, version bump to 5.6.38 -- busybox, enable "timeout" command -- e2fsprogs, version bump to 1.44.4 -- sqlite, version bump to 3.25.2 -- libedit, version bump to 20180525-3.1 -- expat, version bump to 2.2.6 -- jansson, version bump to 2.11 (Asterisk 13) -- liburiparser, version bump to 0.8.6 -- luabitop, version 1.0.2, new Lua module for prosody -- libusb-compat, version bump 0.1.7 -- acpid, version bump to 2.0.30 -- ethtool, version bump to 4.18 -- Monit, version bump to 5.25.2, now uses SMTP client to 127.0.0.1:25 for email notifications -- netcalc, version bump to 2.1.4 -- pciutils, version bump to 3.6.1 -- strace, version bump to 4.24 -- sudo, version bump to 1.8.25p1 -- unixodbc, version bump to 2.3.7 -- system-vendor, update system-vendor.ids -- ca-certificates, update trusted root certificates 2018-06-20 -- core system, generate a /etc/os-release file. More info: https://www.freedesktop.org/software/systemd/man/os-release.html ** Networking -- OpenSSL, version bump to 1.0.2p, security fixes: CVE-2018-0732, CVE-2018-0737 -- libcurl (curl) version bump to 7.61.1, security fixes: CVE-2018-1000300, CVE-2018-1000301, CVE-2018-0500, CVE-2018-14618 -- prosody, major version bump to 0.10.2, security fixes. Uses added luabitop 'lua bit' module -- WireGuard VPN, version bump to 0.0.20180925 -- lighttpd, version bump to 1.4.50, many bug and security fixes -- strongSwan, version 5.5.3, security fixes: CVE-2018-10811, CVE-2018-5388, CVE-2018-16151, CVE-2018-16152, CVE-2018-17540 -- ipsec-tools, version 0.8.2, security fix: CVE-2016-10396 -- libpcap, version bump to 1.9.0 -- keepalived, new package, version 2.0.7, VRRP High Availability daemon More info: http://doc.astlinux-project.org/userdoc:tt_high_availability -- stunnel, version bump to 5.49 -- chrony, version bump to 3.4 -- iperf3, major version bump to 3.6 -- miniupnpd, version bump to 2.1 -- msmtp, version bump to 1.8.0 Added msmtpd SMTP localhost daemon to forward 127.0.0.1:25 to "sendmail", enabled by default. Required for Monit and Keepalived email alerts. Disable with new rc.conf variable SMTP_LOCALHOST_SERVER="no" -- unbound (host), version bump to 1.8.0 -- whois, version bump to 5.3.2 -- (Custom Build Only) sipp, version bump to 3.5.2 ** Asterisk -- Asterisk 11.25.3 (no change) and 13.23.1 (version bump) -- DAHDI, dahdi-linux 2.10.2 (no change) and dahdi-tools 2.10.2 (no change) -- pjsip 2.7.2 (version bump) -- phoneprov-tools, new rc.conf variable PHONEPROV_GW_IP, explicitly define the gateway IPv4 address. -- asterisk, add patch, chan_sip: suppress comfort noise frame warnings ** Web Interface -- Prefs tab -> System & Staff Tab Options: add independent option for genx86_64-vm images which defaults to "checked" for genx86_64-vm images, "unchecked" for all other image types. _x_ Disable faster "kernel-reboot" System Reboot -- Network, Edit tabs, add "Restart Keepalived" support, and edit /mnt/kd/keepalived/keepalived.conf -- PhoneProv tab, display user.conf PHONEPROV_GW_IP if defined. Additions for AstLinux 1.3.3: ============================= Released 2018-05-16 ** System -- Linux Kernel 3.16.54, security and bug fixes, including CVE-2018-8897 -- RUNNIX, version bump to runnix-0.5.4, with Linux Kernel 3.16.54, e2fsprogs 1.44.1, util-linux 2.28.2 -- igb, version bump to 5.3.5.18, add patch from upstream Linux kernel: Use smp_rmb rather than read_barrier_depends -- genx86_64-vm board type, version bump VMware Tools to open-vm-tools 10.1.15 -- Fossil, version bump to 2.5, adds numerous enhancements to the look and feel of the web interface -- zabbix, version bump to 3.0.14, adds TLS encryption support Note: Now requires a Zabbix server with version 3.0 or greater. -- beep, security fix: CVE-2018-0492 -- php, version bump to 5.6.36, security fix: CVE-2018-7584 -- sqlite, version bump to 3.23.1 -- sqliteodbc, version bump to 0.9996 -- libidn, version bump to 1.34 -- libjpeg, version bump to 9c -- libusb, version bump to 1.0.22 -- libxml2, version bump to 2.9.8 -- libyaml, version bump to 0.1.7, used by stubby -- pcre, version bump to 8.42 -- e2fsprogs, version bump to 1.44.1 -- util-linux, major version bump to 2.28.2 -- perl, version bump to 5.24.4 using perlcross 1.1.9 -- acpid, version bump to 2.0.29 -- ethtool, version bump to 4.16 -- logrotate, version bump to 3.14.0 -- screen, version bump to 4.6.2 -- strace, version bump to 4.22 -- sudo, version bump to 1.8.22 -- unixodbc, version bump to 2.3.6 -- system-vendor, new command to identify common hardware. The system-vendor command is automatically called at startup to create the /tmp/etc/system-vendor file, symlinked as /etc/system-vendor . Note: If 'system-vendor' shows no output, issue 'system-vendor XYZ Hardware Model' and a fingerprint will be generated, contact the developers to include the entry in future /usr/share/system-vendor.ids files. -- ca-certificates, update trusted root certificates 2018-03-07 -- Time Zone Database update, tzdata2018e and php-timezonedb-2018.5 -- mac2vendor, oui.txt database snapshot 2018-02-22 -- core system, start long running processes with start-stop-daemon to isolate from the lighttpd/php fastcgi subsystem. -- (Custom Build Only) flashrom, version bump to 1.0 ** Networking -- OpenSSL, version bump to 1.0.2o, security fix: CVE-2018-0739 -- libcurl (curl) version bump to 7.59.0, security fixes: CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122 -- rsync, version bump to 3.1.3, security fix: CVE-2018-5764 -- prosody, version bump to 0.9.13, security fixes. -- WireGuard VPN, version bump to 0.0.20180513 -- OpenVPN, version bump to 2.4.6 -- chrony, version bump to 3.3 -- lighttpd, version bump to 1.4.49 -- iperf3, major version bump to 3.5 -- ipset, version bump to 6.38 -- sngrep, version bump to 1.4.5 -- openldap, version bump to 2.4.46 -- getdns/stubby, new package, version 1.4.2/0.2.3, encrypts local DNS queries forwarded to upstream recursive DNS-TLS servers New rc.conf variables: DNS_TLS_PROXY, DNS_TLS_DNSSEC, DNS_TLS_QUERY_ALL, DNS_TLS_SERVERS -- unbound (host), version bump to 1.7.0, security fix: CVE-2017-15105 -- miniupnpd, version bump to 2.0.20180203 -- whois, version bump to 5.3.0 -- wide-dhcpv6, add Debian patches, including "dhcpv6-ignore-advertise-messages-with-none-of-reques" fix -- (Custom Build Only) sipp, new package, version 3.5.1; SIPp - a SIP protocol testing tool ** Asterisk -- Asterisk 11.25.3 (no change) and 13.20.0 (version bump) -- DAHDI, dahdi-linux 2.10.2 (no change) and dahdi-tools 2.10.2 (no change) -- pjsip 2.7.1 (version bump) -- FOP2, available version bump to 2.31.17. Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade ** Web Interface -- Status tab, add Hardware: system-vendor info when available. -- Network tab, DNSCrypt sub-tab, add support for Import sdns:// Stamp Public Resolvers: https://download.dnscrypt.info/dnscrypt-resolvers/v2/public-resolvers.md More Info: http://doc.astlinux-project.org/userdoc:tt_dnscrypt_proxy -- Network -> "DNS-TLS Proxy Server Configuration" sub-tab, add support for DNS over TLS (stubby). More info: http://doc.astlinux-project.org/userdoc:tt_dns_tls_proxy -- Status tab, performance improvement using asynchronous system calls. -- All tabs, low-level performance improvements. Additions for AstLinux 1.3.2: ============================= Released 2018-01-12 ** System -- Linux Kernel 3.16.51, security and bug fixes. -- RUNNIX, version bump to runnix-0.5.2, with Linux Kernel 3.16.51, e2fsprogs 1.43.7 -- e1000e version bump to 3.4.0.2 Intel PCI-Express PRO/1000 Ethernet Linux driver -- sqlite, version bump to 3.21.0, security fixes: CVE-2017-13685, CVE-2017-15286 -- php, version bump to 5.6.33, security fixes. -- busybox, lineedit: do not tab-complete any strings which have control characters: CVE-2017-16544 bunzip2: fix runCnt overflow: CVE-2017-15873 unlzma: fix SEGV: CVE-2017-15874 -- empty, version 0.6.20b, new package; similar functionality to 'expect', allows scripting interactive sessions -- acme-client, add --deploy-hook 'custom' which executes the script "/mnt/kd/acme-deploy-custom.script". Arguments: acme-deploy-custom.script domain key_file cert_file ca_file fullchain_file -- e2fsprogs, version bump to 1.43.7 -- libsodium, version bump to 1.0.16 -- libxml2, version bump to 2.9.6 -- expat, version bump to 2.2.5 -- tiff, version bump to 4.0.9, security fixes. -- Monit, version bump to 5.25.1 -- netcalc, version bump to 2.1.3 -- logrotate, version bump to 3.13.0 -- ethtool, version bump to 4.13, 75% smaller executable using --disable-pretty-dump -- pciutils, version bump to 3.5.6 -- strace, version bump to 4.20 -- smartctl, version bump to 6.6, updated drivedb.h database -- ca-certificates, update trusted root certificates 2017-09-20 -- Time Zone Database update, tzdata2017c and php-timezonedb-2017.3 -- Update build system tools: == automake, version bump to 1.15.1 ** Networking -- OpenSSL, version bump to 1.0.2n, security fixes: CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738 -- OpenVPN, version bump to 2.4.4, security fix: CVE-2017-12166 -- libcurl (curl) version bump to 7.57.0, security fixes: CVE-2017-1000254, CVE-2017-1000257, CVE-2017-8816 CVE-2017-8817, CVE-2017-8818 -- dnsmasq, version bump to 2.78, security fixes: CVE-2017-13704, CVE-2017-14491, CVE-2017-14492, CVE-2017-14493 CVE-2017-14494, CVE-2017-14496, CVE-2017-14495 -- rsync, security fixes: CVE-2017-17433, CVE-2017-17434, CVE-2017-16548 -- WireGuard VPN, version 0.0.20171221, new package; an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. New rc.conf variables: WIREGUARD_IP, WIREGUARD_NM, WIREGUARD_IPV6, WIREGUARD_ROUTES, WIREGUARD_AUTO_ROUTES WIREGUARD_IF, WIREGUARD_MTU, WIREGUARD_LISTEN_PORT, WIREGUARD_ALLOWLAN, WIREGUARD_TUNNEL_HOSTS WIREGUARD_DNS_UPDATE More info: http://doc.astlinux-project.org/userdoc:tt_wireguard_vpn -- ipset, version bump to 6.34 -- unbound (host), version bump to 1.6.7 -- sngrep, version bump to 1.4.4 -- stunnel, version bump to 5.44 -- miniupnpd, version bump to 2.0.20171212 -- whois, version bump to 5.2.20 ** Asterisk -- Asterisk 11.25.3 (no change) and 13.18.5 (version bump) -- DAHDI, dahdi-linux 2.10.2 (no change) and dahdi-tools 2.10.2 (no change) -- pjsip 2.6 (no change) -- FOP2, available version bump to 2.31.16. Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade ** Web Interface -- Status, Network, Edit, Prefs tabs, add support for WireGuard VPN, new WireGuard sub-tab. -- Firewall sub-tab, add WIREGUARD_ALLOWLAN rc.conf variable support. -- Edit and System tab, include all /mnt/kd/*.script files for editing and backup/restore. Additions for AstLinux 1.3.1: ============================= Released 2017-09-23 ** IMPORTANT NOTICE -- The AstLinux Project has moved to GitHub, both 'svn checkout' and 'git clone' are supported. Note: The Sourgeforge mailing lists [astlinux-users] and [astlinux-devel] will continue to be used as before. More info: https://github.com/astlinux-project/astlinux ** System -- Linux Kernel 3.16.47, security and bug fixes. -- RUNNIX, version bump to runnix-0.5.1, with Linux Kernel 3.16.47, e2fsprogs 1.43.5 -- e1000e version bump to 3.3.6 Intel PCI-Express PRO/1000 Ethernet Linux driver -- sqlite, version bump to 3.20.1 -- acme-client, add DuckDNS DNS validation support -- e2fsprogs, version bump to 1.43.6, enable e2fsck progress indicator when filesystem is not 'clean' on boot. -- libxml2, version bump to 2.9.5, security fixes: CVE-2017-9049, CVE-2017-9050, CVE-2017-9047, CVE-2017-9048, CVE-2017-5969 -- libidn, version bump to 1.33, and add patch for CVE-2017-14062 -- expat, version bump to 2.2.4 -- strace, version bump to 4.19 -- sudo, version bump to 1.8.21p2 ** Networking -- tarsnap, version 1.0.39, new package; remote, online, "Trust No One" encrypted backups using the Tarsnap Backup service. New rc.conf variables: BACKUP_KD_DEFAULTS, BACKUP_KD_INCLUDE_DIRS, BACKUP_KD_INCLUDE_FILES BACKUP_ASTURW_DEFAULTS, BACKUP_ASTURW_INCLUDE_DIRS, BACKUP_ASTURW_INCLUDE_FILES BACKUP_PRUNE_AGE_DAYS, BACKUP_NOTIFY, BACKUP_NOTIFY_FROM More info: http://doc.astlinux-project.org/userdoc:tt_tarsnap_online_backup -- libcurl (curl) version bump to 7.55.1 -- unbound (host), version bump to 1.6.5 -- ddclient, ddclient-curl version 3.8.3-05, adds DuckDNS support for both IPv4 and IPv6 -- tcpdump, version bump to 4.9.2, security fixes: 92 CVE's -- chrony, version bump to 3.2 -- whois, version bump to 5.2.18 -- iperf, version bump to 2.0.10 -- OpenVPN, /usr/sbin/openvpn-tls-verify script, optionally source gui.openvpn.conf allowing the latest OVPN_VALIDCLIENTS from the web interface to be used without restarting OpenVPN server. -- arnofw (AIF), reload-blocklist-netset cron script, update using new FireHOL URL's ** Asterisk -- Asterisk 11.25.3 (version bump) and 13.17.2 (version bump) -- DAHDI, dahdi-linux 2.10.2 (no change) and dahdi-tools 2.10.2 (no change) -- pjsip 2.6 (no change) -- FOP2, available version bump to 2.31.14. Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade ** Web Interface -- Network tab, add DuckDNS Dynamic DNS menu item -- Network tab, add Data Backup / Tarsnap Backup Options sub-tab. Used with CLI tarsnap-backup. Additions for AstLinux 1.3.0: ============================= Released 2017-08-11 ** IMPORTANT NOTICE -- "net5501" and "alix" board types have reached end-of-life. AstLinux 1.2.10 was the last supported version. A custom build can still be used to generate 'run' images for "net5501" and "alix" board types. -- Current supported board types are: "geni586", "geni586-serial", "genx86_64", "genx86_64-serial" and "genx86_64-vm" -- The default serial baud rate is now 115200 instead of the previous 19200. Upgrading RUNNIX will default to 115200. ** System -- Linux Kernel 3.16.44 (major bump) -- RUNNIX, version bump to runnix-0.5-8405, with Linux Kernel 3.16.44, dropbear 2017.75 Added kernel drivers: virtio_net, virtio-scsi and vmw_pvscsi Note: Now uses a PAE kernel for full RAM support -- igb, version bump to 5.3.5.4, Intel Gigabit Ethernet Network Driver -- r8168 version bump to 8.044.02 RealTek PCI-Express Gigabit Ethernet Linux driver -- genx86_64-vm board type, add support for VMware Tools (open-vm-tools 10.1.5). -- genx86_64-vm board type, add support for virtio-scsi as a bootable disk driver, also added to RUNNIX. -- genx86_64-vm board type, add support for vmw_pvscsi as a bootable disk driver, also added to RUNNIX. ESXi Config: SCSI Controller [ VMware Paravirtual ] More info: http://doc.astlinux-project.org/userdoc:guest_vm_vmware_vsphere -- linux, add kernel patch 'x86: HPET force enable for e6xx based systems', for Soekris net6501 and other e6xx based non-ACPI systems, HPET will now get enabled resulting in a usable clocksource. -- core system, mount /dev/shm on tmpfs to support POSIX named semaphores (DAHDI uses them). -- php, version bump to 5.6.31, security fixes. -- perl, version bump to 5.24.2 using perlcross 1.1.6 -- libsodium, version bump to 1.0.13 -- sqlite, version bump to 3.19.3 -- tiff, version bump to 4.0.8, security fixes: 13 CVE's and CVE-2017-10688 -- expat, version bump to 2.2.3, security fixes: CVE-2016-9063, CVE-2017-9233 -- pcre, version bump to 8.41 -- sudo, version bump to 1.8.20p2, security fix: CVE-2017-1000367 -- Monit, version bump to 5.23.0 -- ethtool, version bump to 4.11 -- dialog, version bump to 1.3-20170509 -- logrotate, version bump to 3.12.3 -- pciutils, version bump to 3.5.5 -- strace, version bump to 4.18 -- jansson, version bump to 2.10 (Asterisk 13) -- acme-client, new command to generate Let's Encrypt certificates using the ACME protocol. The acme-client command is a front-end to the core acme.sh script, version 2.7.2. New rc.conf variables: ACME_SERVICE and ACME_ACCOUNT_EMAIL More info: http://doc.astlinux-project.org/userdoc:tt_acme_certificates -- ca-certificates, update trusted root certificates 2017-06-07 -- mac2vendor, oui.txt database snapshot 2017-07-24 ** Networking -- OpenSSL, version bump to 1.0.2l, security fixes: none -- OpenVPN, version bump to 2.4.3, security fixes: CVE-2017-7521, CVE-2017-7522 -- libcurl (curl) version bump to 7.55.0, security fixes: CVE-2017-9502, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101 -- strongSwan, version bump to 5.5.3, security fixes: CVE-2017-9022, CVE-2017-9023 -- stunnel, version bump to 5.42 -- dnscrypt-proxy, version bump to 1.9.5 -- openldap, version bump to 2.4.45 -- unbound (host), version bump to 1.6.4 -- mtr, version bump to 0.92 -- tcpdump, version bump to 4.9.1, security fix: CVE-2017-11108 -- ngrep and sipgrep, add fix for IPv6 support. -- whois, version bump to 5.2.17 -- network, DHCPv6 Prefix Delegation, previously any Network tab -> 'IPv6 Autoconfig: [enabled]' received a Prefix Delegation (PD). Now the added selection 'IPv6 Autoconfig: [Assign GUA Prefix]' is required for the interface to receive a Prefix Delegation via the DHCPv6 client. This is a change. "Assign GUA Prefix" only applies if Network tab -> Connection Type: includes DHCPv6. New rc.conf variable: IPV6_PREFIX_DELEGATION More info: http://doc.astlinux-project.org/userdoc:tt-dhcpv6-prefix-delegation -- arnofw (AIF), version bump to 2.0.2, added support for properly attaching nf_conntrack helpers. As such net.netfilter.nf_conntrack_helper=0 and the the needed CT targets are created. New Parasitic Network plugin, allows "clients" on the same subnet to use this device as a gateway upstream. -- arnofw (AIF), added "net-prefix-translation" plugin. Provides NPTv6 (Network Prefix Translation) for IPv6 More info: http://doc.astlinux-project.org/userdoc:tt_ipv6_ula_nptv6_config -- arnofw (AIF), "traffic-shaper" plugin, use fq_codel (Fair Queueing CoDel) for both 'htb' and 'hfsc' types. -- wide-dhcpv6, by default generate a syslog and reload the "net-prefix-translation" plugin (if enabled) on a prefix change. The optional script '/mnt/kd/dhcp6c.script' can add additional actions. -- ddclient, configuration update of 'pairNIC' to 'pairDomains' ** Asterisk -- Asterisk 11.25.1 (no change) and 13.17.0 (version bump) -- DAHDI, dahdi-linux 2.10.2 (version bump) and dahdi-tools 2.10.2 (version bump) -- pjsip 2.6 (no change) -- FOP2, available version bump to 2.31.12. Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade -- rhino, version bump to 0.99.7 ** Web Interface -- Status tab, RAM Memory, replaced "Free" with "Available" as per /proc/meminfo . -- Network tab, IPv6 Autoconfig, add selectable interfaces for Prefix Delegation by selecting "Assign GUA Prefix" Note: "Assign GUA Prefix" only applies if Network tab -> Connection Type: includes DHCPv6. More info: http://doc.astlinux-project.org/userdoc:tt-dhcpv6-prefix-delegation -- Network tab, add "ACME (Let's Encrypt) Certificate" section with topic help info. More info: http://doc.astlinux-project.org/userdoc:tt_acme_certificates -- Status tab, add optional "ACME Certificates" section, show via Prefs tab. -- System tab, add "english-nz" (New Zealand) sound language. Additions for AstLinux 1.2.10: ============================= Released 2017-05-20 ** System -- Linux Kernel 3.2.88 (minor bump) -- genx86_64-vm board type, add support for Hyper-V VM's with hv_netvsc and hv_utils kernel drivers. More info: http://doc.astlinux-project.org/userdoc:guest_vm_hyperv -- rbash, new command (part of bash package), a restricted login shell /bin/rbash for non-root users. More info: http://doc.astlinux-project.org/userdoc:tt_restricted_user_login -- netcalc, version 2.1.2, new command, IPv4 and IPv6 network calculator. Also used by dnsmasq init.d script. -- core system, usbtty, automatically spawn getty for selected usb tty serial devices. Supported USB-serial adapters include FTDI and PL2303 and must register as /dev/ttyUSB0, ttyUSB1, etc. New rc.conf variables: USBTTY, USBTTY_BAUD_RATE and USBTTY_TERM_TYPE More info: http://doc.astlinux-project.org/userdoc:usbtty_serial_login -- unique-local-ipv6, new command to generate a pseudo-random IPv6 ULA (Unique Local Address) /48 Prefix for local, VPN, etc. use. These prefixes are not globally routable without some Network Prefix Translation (NPTv6). -- bash, add support for the loadable builtin 'sleep', automatically used in various background scripts. -- sqlite, version bump to 3.18.0 -- Fossil, version bump to 2.0, adds a hardened SHA1 implementation and understands SHA3-256 hashes. -- Monit, version bump to 5.22.0 -- zabbix, version bump to 2.2.18 -- pcre, version bump to 8.40, security fixes: CVE-2017-6004, CVE-2017-7186 -- e2fsprogs, version bump to 1.43.4 -- busybox, syslogd: increase SYSLOGD_READ_BUFFER_SIZE from 256 to 512 to support longer log entries. -- logrotate, version bump to 3.12.1 -- nano, version bump to 2.7.5 -- screen, version bump to 4.5.1 -- strace, version bump to 4.16 -- pciutils, version bump to 3.5.4 -- jansson, version bump to 2.9 (Asterisk 13) -- Time Zone Database update, tzdata2017a and php-timezonedb-2017.1 ** Networking -- OpenSSL, version bump to 1.0.2k, security fixes: CVE-2017-3731, CVE-2017-3732 -- OpenSSH, version bump to 7.5p1, allow PubkeyAcceptedKeyTypes 'ssh-dss' for backward compatibility. Updated /etc/ssh/moduli DH group parameters file, starting with 2048-bit length. -- OpenVPN, version bump to 2.4.2, security fixes: CVE-2017-7478, CVE-2017-7479 Add rc.conf variable OVPNC_REMOTE_CERT_TLS to replace deprecated OVPNC_NSCERTTYPE -- libcurl (curl) version bump to 7.54.0, security fixes: CVE-2017-2629, CVE-2017-7468 -- lighttpd, add runtime configuration 'server.stream-response-body = 2' to prevent buffering in /var/tmp/ . -- gntp-send, version 0.3.4, new package, CLI tool for sending Growl (GNTP) notifications. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk_call_notify -- sngrep, version 1.4.3, new package, tool for displaying SIP call message flows from a terminal. -- ddclient, switch to ddclient-curl version 3.8.3-03, adds IPv6 and Hurricane Electric support Cloudflare, FreeDNS, and HE Free DNS (Hurricane Electric) now support mixed IPv4/IPv6 DNS updates. Added script get-ipv6-from-ipv4 to retrieve a neighboring IPv6 address to be published as an AAAA record. New rc.conf variable: DDGETIPV6, DDGETIPV6="" or DDGETIPV6="no" -> IPv6 dynamic DNS is disabled More info: http://doc.astlinux-project.org/userdoc:tt_dynamic_dns_client -- tcpdump, version bump to 4.9.0 Fixes many CVE vulnerabilities that might of resulted in denial of service or the execution of arbitrary code. -- vsftpd, add FTPD_WRITE rc.conf variable to select read/write or read-only access. Note: The FTP server (vsftpd) is no longer enabled by default for new installs, use the Network tab to enable it. -- When a Static IPv6 external interface is defined (EXTIPV6) with an undefined IPv6 Gateway entry (EXTGWIPV6), now automatically use Router Advertisements to set the default route. -- network, add PHYETH_DISABLE_OFFLOAD rc.conf variable to disable hardware network interface offloading, disabled by default. Example: PHYETH_DISABLE_OFFLOAD="tso gso gro" -- wide-dhcpv6, add support for optional script '/mnt/kd/dhcp6c.script', enabled if it exists and is executable. More info: http://doc.astlinux-project.org/userdoc:tt-dhcpv6-prefix-delegation#dhcpv6_client_action_script -- chrony, version bump to 3.1 -- miniupnpd, version bump to 2.0.20170421 -- fping, version bump to 3.16 -- ipset, version bump to 6.32 -- strongSwan, version bump to 5.5.2 -- stunnel, version bump to 5.40 -- unbound (host), version bump to 1.6.2 -- whois, version bump to 5.2.15 -- arnofw (AIF), added "dyndns-ipv6-forward" plugin. Provides EXT->LAN firewall 'ipv6-forward' rules using hostnames (via periodic DNS lookups) rather than static IPv6 addresses. Should the hostname resolve to multiple IPv6 addresses, a rule for each address will be opened. IPv6 only. Note: A custom ddclient config may be used to publish local servers with dynamic DNS AAAA records. -- arnofw (AIF), added "dyndns-ipv6-open" plugin. Provides EXT->Local firewall 'ipv6-open' rules using hostnames (via periodic DNS lookups) rather than static IPv6 addresses. Should the hostname resolve to multiple IPv6 addresses, a rule for each address will be opened. IPv6 only. Note: Similar functionality as the IPv4 dyndns-host-open plugin except using IPv6 with AAAA DNS records. ** Asterisk -- Asterisk 11.25.1 (no change) and 13.15.1 (version bump) -- Asterisk 11 and 13, backport Asterisk 14 "followme" application feature "enable_callee_prompt". -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- pjsip 2.6 (version bump) including Asterisk security fixes: AST-2017-002 and AST-2017-003 -- libpri, version bump to 1.6.0 -- FOP2, available version bump to 2.31.08. Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade -- (Custom Build Only) wanpipe, version 7.0.20 (no change) ** Web Interface -- Network tab, Dynamic DNS Update: == Add "HE Free DNS" Dynamic DNS Service Type and "checkip.dns.he.net" DNS Get IP selection. == Add support for "DNS Get IPv6 Address:" using DDGETIPV6 rc.conf variable. == Add button to edit "/mnt/kd/ddclient.conf" if it exists. More info: http://doc.astlinux-project.org/userdoc:tt_dynamic_dns_client -- Network and Edit tab, FTP Server: == Add Restart FTP Server menu item. == Add FTPD_WRITE rc.conf variable suppport with read/write, read-only menu. == Add button to edit "/mnt/kd/vsftpd.conf" if it exists. -- CLI tab, add support for "staff" user when Prefs tab has unchecked: Disable CLI Tab for "staff" user. -- CLI tab, add user selectable styles; Black, White or Green on White or Black background, right-click for menu. -- Network -> OpenVPN Client sub-tab, generate OVPNC_REMOTE_CERT_TLS instead of the deprecated OVPNC_NSCERTTYPE -- Follow-Me tab, add support for enable_callee_prompt, adding "Single number without callee prompt" dial method. -- Status tab, add IPv6 Prefixes and IPv6 Address in a row, when applicable. Additions for AstLinux 1.2.9: ============================= Released 2017-01-26 ** IMPORTANT NOTICE -- Sangoma Wanpipe card support is no longer supplied in the standard AstLinux images. Use a custom build to enable 'wanpipe' support. ** System -- Linux Kernel 3.2.84 (minor bump) -- RUNNIX, version bump to runnix-0.4-8057, with Linux Kernel 3.2.84, dropbear 2016.74, kexec 2.0.14 -- php, version bump to 5.6.30 -- sqlite, version bump to 3.16.2 -- sqliteodbc, version bump to 0.9995 -- Monit, version bump to 5.20.0 -- logrotate, version bump to 3.11.0 -- libxml2, security fixes: CVE-2016-5131, CVE-2016-4658 -- libusb, version bump to 1.0.21 -- libcap, version 2.25, new package, user-space library for POSIX 1003.1e capabilities available in Linux kernels. -- libedit, version 20160903-3.1, new package, commonly used instead of the somewhat bloated readline (no longer enabled). Utilized by commands: asterisk -r, sqlite3, chronyc, sftp, bc -- zlib, version bump to 1.2.11 -- lzo, version bump to 2.09 -- tiff, version bump to 4.0.7, security fixes: 11 CVE's -- kexec, version bump to 2.0.14 -- nano, version bump to 2.7.4 -- strace, version bump to 4.15 -- sudo, version bump to 1.8.19p2 -- reload-blocklist-netset (optional CRON script), add 'firehol_webclient' blocklist support. -- ca-certificates, update trusted root certificates 2017-01-18 -- Time Zone Database update, tzdata2016j and php-timezonedb-2016.10 ** Networking -- OpenSSL, quasi-major version bump to 1.0.2j, LTS series. -- libcurl (curl) version bump to 7.52.1, security fixes: CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586 -- strongSwan, version 5.5.1, new package, a more feature rich alternative for IPsec VPN support. New rc.conf variables are: IPSEC_ALLOWED_ENDPOINTS and IPSEC_ALLOWED_VPN_NETS More info: http://doc.astlinux-project.org/userdoc:tt_ipsec_vpn_strongswan -- chrony, version 3.0, new package to replace 'ntpd' as the NTP daemon, NTPv4 client and server. Note: No configuration change for most users, though if you had a custom /mnt/kd/ntpd.conf file you will have to generate a new /mnt/kd/chrony.conf file with similar but different syntax. More info: http://doc.astlinux-project.org/userdoc:tt_ntp_client_server -- OpenVPN, major version bump to 2.4.0, new features include AEAD (GCM) cipher and Elliptic Curve DH key exchange support. -- prosody, version bump to 0.9.12 -- ipset, version bump to 6.30 -- lighttpd, version bump to 1.4.45 New rc.conf variable: HTTPSCHAIN, optional path to the CA file for support of chained certificates. -- ddclient, add Cloudflare dynamic DNS service support using API v4, DDSERVICE="cloudflare". -- dnscrypt-proxy, version bump to 1.9.1 -- unbound (host), version bump to 1.6.0 -- libpcap, version bump to 1.8.1 -- tcpdump, version bump to 4.8.1 -- stunnel, version bump to 5.39 -- shellinabox, version bump to 2.20 -- avahi, now runs with 'avahi' user/group permissions using the new libcap support, for added security. -- miniupnpd, version bump to 2.0.20161216 -- msmtp, version bump to 1.6.6 -- iproute2 (ip, tc, bridge, etc.) version bump to version 3.16.0, now including the 'bridge' utility. No longer use 'brctl' for managing bridge interfaces, instead use iproute2 tools. -- whois, version 5.2.14, new package to perform Whois lookups for domains and IP's. -- arnofw (AIF), "adaptive-ban" plugin, asterisk filter, add chan_sip 'Not a local domain' regex and chan_pjsip 'No matching endpoint found' regex. -- arnofw (AIF), add support for BLOCKED_HOST_LOG inbound/outbound selectively. ** Asterisk -- Asterisk 11.25.1 (version bump) and 13.12.2 (version bump) -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- pjsip 2.5.5 (no change) -- (Custom Build Only) wanpipe, version 7.0.20 (no change) -- FOP2, available version bump to 2.31.07. Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade ** Web Interface -- Network and Edit tab, add support for strongSwan IPsec VPN. Note: "IPsec strongSwan" can only be enabled when "IPsec Peers" and "IPsec Mobile" are both disabled. More info: http://doc.astlinux-project.org/userdoc:tt_ipsec_vpn_strongswan -- Status tab, display "ipsec status" output in IPsec Associations (strongSwan). -- Status, Network, Edit, Prefs, System tabs, add support for 'chrony' instead of 'ntp' for network time. -- System tab, add View System Files: [ IPsec strongSwan log ] -- Firewall sub-tab, add "Log Denied attempts by a blocked host" inbound/outbound selectively. -- Network tab, add Cloudflare dynamic DNS service support. Additions for AstLinux 1.2.8: ============================= Released 2016-11-01 ** Build System -- host-squashfs, version bump to 4.3, only build what we need (gzip) ** System -- linux, fix "Dirty COW" privilege escalation vulnerability, security fix: CVE-2016-5195 -- linux, tcp: make challenge acks less predictable, security fix: CVE-2016-5696 -- linux, enable NETFILTER_XT_SET=m and IP_SET=m for the 'ipset' userspace utility -- linux, enable 8139CP=m for the Realtek '8139cp' NIC driver, used in old Watchguard appliances -- e1000e version bump to 3.3.5 Intel PCI-Express PRO/1000 Ethernet Linux driver -- php, major version bump to 5.6.27, bug and security fixes -- perl, version bump to 5.24.0 using perlcross 1.0.3 -- sqlite, version bump to 3.15.0 -- ethtool, version bump to 4.8 -- sudo, version bump to 1.8.18p1 -- pciutils, version bump to 3.5.2 -- nano, version bump to 2.7.0 -- acpid, version bump to 2.0.28 -- logrotate, version bump to 3.10.0 -- screen, version bump to 4.4.0 -- strace, version bump to 4.14 -- zabbix, version bump to 2.2.15 -- libsodium, version bump to 1.0.11 -- reload-blocklist-netset (optional CRON script), new command added to generate .netset files for the firewall blocklist. More Info: http://doc.astlinux-project.org/userdoc:tt_firewall_external_block_list -- ca-certificates, update trusted root certificates 2016-09-14 -- mac2vendor, oui.txt database snapshot 2016-08-21 -- Time Zone Database update, tzdata2016g and php-timezonedb-2016.7 ** Networking -- OpenSSL, version bump to 1.0.1u, security fixes: CVE-2016-6304, and 10 "Low" Severity CVE's -- Added a 4th LAN Interface configuration entry -- arnofw (AIF), version bump to 2.0.1g, added support for 'ipset' -- libcurl (curl) version bump to 7.50.3, security fixes: CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7167 -- unbound (host), version bump to 1.5.10 -- lighttpd, version bump to 1.4.41, web interface, force HTTPS for /admin/ Authentication -- OpenVPN, version bump to 2.3.12 -- stunnel, version bump to 5.36 -- dnscrypt-proxy, version bump to 1.7.0 -- luasec, version bump to 0.5.1 (luasec-prosody) -- iperf, version bump to 2.0.9, now using maintained iperf2 project -- mtr, version bump to 0.87 -- ipset, version 6.29, new package to store multiple IP addresses and match against the collection by iptables at one swoop -- dnsmasq, enabled 'ipset' support -- msmtp, add a functional "/bin/mail" script to emulate mail/mailx for sending email via sendmail. Particularly useful for sending file attachment(s) via email. Issue "mail --help" for details. Example (end of iOS section): http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-ssl -- msmtp, an undefined SMTP_CA rc.conf variable will now default to the system ca-bundle.crt -- wide-dhcpv6, add upstream Debian patches 0011, 0012 and 0015, build fixes and handle OPTION_RECONF_ACCEPT(20) More Info: http://doc.astlinux-project.org/userdoc:tt-dhcpv6-prefix-delegation -- tcpdump, version bump to 4.8.0 ** Asterisk -- Asterisk 1.8.32.3 (no change), 11.23.1 (version bump) and 13.11.2 (version bump) -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- pjsip 2.5.5 (version bump) -- SILK CODEC, version bump to 1.0.3, now supports Asterisk 13 as well as Asterisk 11 -- neon, version bump to 0.30.2, used for Asterisk Calendar Support -- wanpipe, version bump to 7.0.20 -- FOP2, available version bump to 2.31.04. Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade ** Web Interface -- Network tab, add 4th LAN Interface. Added 4th LAN support to Firewall sub-tab and PhoneProv tab. -- Network -> Firewall sub-tab, add "Deny LAN to DMZ" option for specified LAN Interfaces. -- Network -> Firewall sub-tab, add Block Host/CIDR using *.netset file(s) in the directory /mnt/kd/blocklists . More Info: http://doc.astlinux-project.org/userdoc:tt_firewall_external_block_list -- Network tab, SMTP Mail Relay, allow an empty "SMTP Cert File" which will default to the system ca-bundle.crt . -- Edit tab, add "Reload Firewall Blocklist" action menu item, along with editing special .netset files. -- Status tab, check for known default "admin" password and issue a warning if the default. Additions for AstLinux 1.2.7: ============================= Released 2016-07-06 ** IMPORTANT NOTICE -- The AstLinux Project's cloud infrastructure has changed from 'mirror.astlinux.org' to 'mirror.astlinux-project.org' == The web interface "Prefs tab -> Repository URL:" needs to be changed accordingly unless you are using a private repository. ** Build System -- Added support for x86_64 KVM/Xen VM's and Virtio paravirtualized drivers with the new board type genx86_64-vm -- Now use pkgconf 0.9.12 for pkg-config package. ** System -- Linux Kernel 3.2.80 (minor bump) -- RUNNIX, version bump to runnix-0.4-7671, with Linux Kernel 3.2.80, dropbear 2016.72, USB 3.0 support -- linux, add kernel patch to the 'k10temp' kernel module adding support for the PC Engines APU2 board -- linux, enable CONFIG_USB_XHCI_HCD=y across all kernel configs to support USB 3.0 hardware -- Firmware and RUNNIX upgrades now support https:// URL's. Additionally, URL's with the host 'mirror.astlinux-project.org' will be automatically redirected to the proper HTTPS host using https:// . -- igb, version bump to 5.3.5.3, Intel Gigabit Ethernet Network Driver -- php, version bump to 5.5.37, bug and security fixes -- Fossil, version bump to 1.35 -- sqlite, version bump to 3.13.0 -- sqliteodbc, version bump to 0.9994 -- Monit, version bump to 5.17.1 -- nut, version bump to 2.7.4 -- sudo, version bump to 1.8.16 -- ethtool, version bump to 4.5 -- pciutils, version bump to 3.5.1 -- nano, version bump to 2.5.3 -- smartctl, version bump to 6.5, add drivedb.h entry for Phison S9 SSD: PC Engines msata16d, MyDigitalSSD Super-Boot-Drive mSATA -- pcre, version bump to 8.39, security fixes: CVE-2016-1283, CVE-2016-3191 -- libxml2, version bump to 2.9.4, security fixes: CVE-2016-1762, CVE-2016-1834, CVE-2016-3705 -- libsodium, version bump to 1.0.10 -- expat, version bump to 2.2.0 -- bc, version bump to 1.06.95 -- Time Zone Database update, tzdata2016e and php-timezonedb-2016.5 -- (Custom Build Only) flashrom, version bump to 0.9.9 ** Networking -- OpenSSL, version bump to 1.0.1t, security fixes: CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176 -- busybox, udhcp: fix a SEGV on malformed RFC1035-encoded domain name: CVE-2016-2148 -- iperf3, version bump to 3.0.12, security fix: CVE-2016-4303 (ESNET-SECADV-2016-0001) -- OpenVPN, version bump to 2.3.11 -- ca-certificates, added trusted root certificates 2016-04-20, single file bundle, to allow authenticated HTTPS connections. -- libcurl (curl) version bump to 7.49.1 -- unbound, new package adding the libunbound library and unbound-host command. A symlink of 'host' -> 'unbound-host' is also added. Unbound is a validating, recursive, and caching DNS resolver. -- avahi, new package adding mDNS/DNS-SD Service Discovery (Bonjour). Replaces the old mdnsresponder package. Enable mDNS/DNS-SD by setting AVAHI_ENABLE="yes", manual configuration stored in /mnt/kd/avahi/ symlinked from /etc/avahi/ . More Info: http://doc.astlinux-project.org/userdoc:tt_avahi_mdns -- ntpd/sntp, version bump to 4.2.8p8, security fixes: 15 low/medium-severity vulnerabilities Now only include the "LOCAL" Reference Clock driver, which reduces the ntpd binary size buy 30% . -- msmtp, version bump to 1.6.5 -- stunnel, version bump to 5.31 -- miniupnpd, version bump to 2.0, also make the UPnP leases file survive a reboot using '/mnt/kd/upnp.leases'. -- arnofw (AIF), add NAT_FOREIGN_NETWORK rc.conf variable to support a downstream router with NAT disabled. More Info: http://doc.astlinux-project.org/userdoc:tt-internal-downstream-router -- arnofw (AIF), add support for LAN_LAN_HOST_OPEN_xxx firewall rules. -- Email Notifications, now automatically define a 'a@b.tld' From header in the form: "-" The current values are: SIP, Asterisk, Monit, Test, UPS, WAN ** Asterisk -- Asterisk 1.8.32.3 (no change), 11.22.0 (version bump) and 13.9.1 (version bump) -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- pjsip 2.4.5 (no change) -- libpri, version bump to 1.5.0 -- wanpipe, version bump to 7.0.19 ** Web Interface -- Automatically don't use kernel-reboot with 'genx86_64-vm' builds, use reboot instead. -- Network and Edit tab, add support for Avahi mDNS/DNS-SD Service Discovery. More Info: http://doc.astlinux-project.org/userdoc:tt_avahi_mdns -- Network -> Firewall sub-tab, add support for "Pass LAN->LAN" action Example: Allow any LAN subnet access to a LAN printer at 192.168.101.8 serving LPD, IPP and JetDirect == Action: Pass LAN->LAN | Protocol: TCP | Source: 0/0 | Destination: 192.168.101.8 | Port: 515,631,9100 -- Add HTML meta "viewport" tag to be "mobile friendly". Additions for AstLinux 1.2.6.1: ============================== Released 2016-03-23 rp-pppoe, PPPoE client, fix a build issue where the generated helper scripts failed to start. Additions for AstLinux 1.2.6: ============================= Released 2016-02-26 ** System -- eglibc 2.18 (patched), security fixes: CVE-2015-7547, CVE-2015-1472, CVE-2014-9402, CVE-2015-1781, CVE-2014-8121 -- RUNNIX, version bump to runnix-0.4-7549, enable 'vmxnet3' NIC driver, dropbear version bump to 2015.71, eglibc security patches -- php, version bump to 5.5.32, bug and security fixes -- htop, new command is an interactive process viewer, aka a better 'top' -- Monit, version bump to 5.16 -- libsrtp, version bump to 1.5.4 -- liburiparser, version bump to 0.8.4 -- nano, version bump to 2.5.2 -- Time Zone Database update, tzdata2016a and php-timezonedb-2016.1 ** Networking -- OpenSSH, new SSH Server rc.conf variables: == SSHD_PASS_AUTH (PasswordAuthentication), yes|no, defaults to "yes" == SSHD_ALLOW_USERS (AllowUsers), space separated list of users, defaults to any user -- libcurl (curl) version bump to 7.47.1 -- openldap, version bump to 2.4.44 -- dnscrypt-proxy, version bump to 1.6.1 -- ddclient, now the only dynamic DNS client support, enable SSL updates in configs, remove 'inadyn' support. -- arp-scan, new command for ethernet device discovery. -- miniupnpd, version bump to 1.9.20160216 ** Asterisk -- Asterisk 1.8.32.3 (security patches), 11.21.2 (version bump) and 13.7.2 (version bump) -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- pjsip 2.4.5 (version bump) -- wanpipe, version bump to 7.0.16 -- bfdetect, version bump, CLI command that detects beroNet devices ** Web Interface -- Network tab, remove 'inadyn' dynamic DNS client support, add a few more "DNS Service Type" entries. -- Prefs tab, new options under "Show Network Tab", checked by default: _x_ Disable DNS Hosts Tab for "staff" user _x_ Disable XMPP Users Tab for "staff" user When unchecked, new tabs are presented for "staff" users. Additions for AstLinux 1.2.5: ============================= Released 2016-02-10 ** Build System -- Added 64-bit support for x86_64 CPU's with new board types genx86_64 and genx86_64-serial ** System -- RUNNIX, version bump to runnix-0.4-7419, updated /runnix script and kexec 2.0.11 -- linux, add kernel patch allowing Geode LX (alix and net5501) to use tsc clocksource instead of pit clocksource -- igb, version bump to 5.3.3.5, Intel Gigabit Ethernet Network Driver -- e1000e version bump to 3.3.1 Intel PCI-Express PRO/1000 Ethernet Linux driver -- tg3, version bump to 3.137k, Broadcom NetLink 10/100/1000 Mbps PCI/PCI-X/PCI Express Ethernet Linux driver -- Fossil, version bump to 1.34 -- Monit, version bump to 5.15 -- zabbix, version bump to 2.2.11 -- php, version bump to 5.5.31, bug and security fixes -- perl, version bump to 5.22.1 using perlcross 1.0.2 -- pcre, version bump to 8.38, security fixes: https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html -- sudo, version bump to 1.8.15 -- sqlite, version bump to 3.10.2 -- sqliteodbc, version bump to 0.9993 -- libsrtp, version bump to 1.5.3, security fix: CVE-2015-6360 -- libxml2, version bump to 2.9.3, security fixes: CVE-2015-1819, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035 CVE-2015-5312, CVE-2015-7497, CVE-2015-7500, CVE-2015-8242 -- libsodium, version bump to 1.0.8 -- libjpeg, version bump to 9b -- ethtool, version bump to 4.2 -- kexec, version bump to 2.0.11 -- kernel-reboot, new command performs a reboot via kexec just as RUNNIX does, all changes to the run images and versions are honored. Reboots are 30-40 seconds faster using kernel-reboot. The kernel-reboot command replaces the sreboot script that has been removed. -- pciutils, version bump to 3.4.1 -- nano, version bump to 2.5.1 -- acpid, version bump to 2.0.26 -- strace, version bump to 4.11 -- mac2vendor, oui.txt database snapshot 2016-01-17 ** Networking -- OpenSSL, version bump to 1.0.1r, security fixes: CVE-2015-3194, CVE-2015-3195, CVE-2015-3197 -- OpenSSH, "UseRoaming" security fixes: CVE-2016-0777, CVE-2016-0778 -- prosody, version bump to 0.9.10, security fixes: CVE-2016-1231, CVE-2016-1232, CVE-2016-0756 -- ntpd/sntp, version bump to 4.2.8p6, security fixes: CVE-2015-7871, CVE-2015-5300 plus 21 other low/medium-severity vulnerabilities -- rsync, version bump to 3.1.2, security fix. -- wide-dhcpv6, new package, added support for DHCPv6 using dhcp6c for External and WAN Failover interfaces. New rc.conf variables are: DHCPV6_CLIENT_ENABLE, DHCPV6_CLIENT_REQUEST_ADDRESS, DHCPV6_CLIENT_REQUEST_PREFIX, DHCPV6_CLIENT_PREFIX_LEN, DHCPV6_CLIENT_PREFIX_HINT, EXT2DHCPV6_CLIENT_ENABLE More Info: http://doc.astlinux-project.org/userdoc:tt-dhcpv6-prefix-delegation -- dnsmasq, added optional DHCP_LEASETIME rc.conf variable, defaults to "24" hours as before. Applies to both DHCP and IPv6 Autoconfig. -- iperf3, new package, iperf3 is becomming more common, sits along side the old iperf since they are not compatible -- OpenVPN, version bump to 2.3.10 -- lighttpd, version bump to 1.4.39 -- libcurl (curl) version bump to 7.46.0 -- openldap, version bump to 2.4.43 -- miniupnpd, version bump to 1.9.20160113 -- msmtp, version bump to 1.6.3 -- fping, version bump to 3.13 -- sipgrep, version bump to 2.1.0 -- stunnel, version bump to 5.29 -- shellinabox, version bump to 2.19, new supported repository -- arnofw (AIF), added upstream patch for Issue #21, Leave the IPv6 sysctl accept_ra setting alone when forwarding=1 -- arnofw (AIF), added "pptp-vpn-passthrough" plugin, for when PPTP VPN clients have NAT between them and the PPTP VPN server. -- arnofw (AIF), "adaptive-ban" plugin, added 'racoon' analysis type. -- arnofw (AIF), "traffic-shaper" plugin, automatically disable ethernet offloading on the shaper interface (EXTIF). -- (Custom Build Only) kamailio, version bump to 4.1.9 -- (Custom Build Only) tinyproxy, version bump to 1.8.4, security fix: CVE-2012-3505 ** Asterisk -- Asterisk 1.8.32.3 (no change), 11.19.0 (no change) and 13.5.0 (no change) -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- pjsip 2.4 (no change) -- wanpipe, version bump to 7.0.15, added the 'wanpipemon' CLI tool. ** Web Interface -- Network tab and and WAN Failover sub-tab, add DHCPv6 support with Connection Type: [DHCP/DHCPv6] and Connection Type: [Static IPv4/DHCPv6] == External Interface supports Prefix Delegation and Request IPv6 Address == WAN Failover Interface does not support Prefix Delegation, only Request IPv6 Address -- Network tab -> "External DHCPv6 Client Settings:" adds External Interface DHCPv6 configuration options. -- Network tab, new certificate creation, add Signature Algorithm: [ SHA-1, SHA-256 ] option, defaults to SHA-256. Applies only to new certificates: == SIP-TLS certificate (shared with other packages as well) == OpenVPN server certificate == IPsec server certificate == HTTPS web server certificate (only SHA-256 for new certificates) -- Network tab -> IPsec Configuration, add all supported "DH Group:" and "PFS Group:" choices. -- CLI tab, set terminal background to 'white' and remove unnecessary title header. -- Status tab, add system architecture string to 'AstLinux Release:' -- Network and System tabs, now use "/sbin/kernel-reboot" if available for a faster reboot. Use classic reboot method by checking Prefs tab option 'Disable faster "kernel-reboot" System Reboot'. -- Status tab, allow empty lines within a Custom Asterisk Command output. -- Staff tab, add 'Restart FOP2' support if installed and (AES encrypted) 'Primary /mnt/kd/ files' Backup choice. -- Network tab -> Dynamic DNS Update, add "nsupdate.info" service type. -- dialproxy, support GET/POST variables 'phone' and 'exten' synonymous for 'num' and 'ext' to be compatible with the Asterisk Click2Call extension for Google Chrome and possibly others. Additions for AstLinux 1.2.4.1: =============================== Released 2015-10-28 ** System -- igb, version bump to 5.3.3.2, Intel Gigabit Ethernet Network Driver -- e1000e version bump to 3.2.7.1 Intel PCI-Express PRO/1000 Ethernet Linux driver -- Fossil, version 1.33, new package, a simple, high-reliability, distributed software configuration management system. New rc.conf variables are: FOSSIL_SERVER, FOSSIL_DEFAULT_DIRS, FOSSIL_DEFAULT_FILES, FOSSIL_INCLUDE_DIRS, FOSSIL_INCLUDE_FILES More Info: http://doc.astlinux-project.org/userdoc:tt_fossil -- expat, add security patch for CVE-2015-1283 -- php, version bump to 5.5.30, bug and security fixes -- perl, version 5.20.2 using perlcross 0.9.7 -- sudo, version bump to 1.8.14p3 -- lm-sensors, version bump to 3.4.0 -- nano, version bump to 2.4.2 -- logrotate, version bump to 3.9.1 -- dosfstools, version bump to 3.0.28 -- ncurses, version bump to 5.9 -- unixodbc, version bump to 2.3.4 -- tiff, version bump to 4.0.6 -- pciutils, version bump to 3.4.0 -- libusb, version bump to 1.0.20 -- parse-csv, new command, parse a comma-seperated-value string like an Asterisk CDR line and output each value followed by a new-line. Fields may be quoted with double-quotes and a quoted quote is encoded as two double-quotes. -- Time Zone Database update, tzdata2015g and php-timezonedb-2015.7 ** Networking -- OpenSSL, version bump to 1.0.1p, security fix: CVE-2015-1793 -- lighttpd, version bump to 1.4.37, security fix: CVE-2015-3200 Note: SSLv3 is now disabled by default, clients must support TLS. Note: The underscore '_' character is no longer allowed in the server.name (HOSTNAME), per RFC2396 section 3.2.2 -- OpenVPN, version bump to 2.3.8 -- arnofw (AIF), version bump to 2.0.1f -- iptables, version bump to 1.4.21 -- libpcap, version bump to 1.7.4 -- libcurl (curl) version bump to 7.45.0 -- ntpd/sntp, version bump to 4.2.8p3 -- openldap, version bump to 2.4.42 -- vsftpd, version bump to 3.0.3 -- stunnel, version bump to 5.24 -- dnsmasq, version bump to 2.75 -- sipsak, version 0.9.6-1, new package known as SIP-swiss-army-knife. More Info: https://web.archive.org/web/20130728223800/http://sipsak.org/ (via the Wayback Machine) More Info: http://linux.die.net/man/1/sipsak -- dnscrypt-proxy, version bump to 1.6.0, add support for ephemeral-keys and an optional secondary proxy server. New rc.conf variables are: DNSCRYPT_EPHEMERAL_KEYS, DNSCRYPT_2SERVER_ADDRESS, DNSCRYPT_2PROVIDER_NAME, DNSCRYPT_2PROVIDER_KEY -- links, command-line text-only web browser is removed, a better approach is to use SSH as a local Web Browser Proxy via AstLinux. More Info: http://doc.astlinux-project.org/userdoc:tt-web-browser-proxy ** Asterisk -- Asterisk 1.8.32.3 (no change), 11.19.0 (version bump) and 13.5.0 (version bump) -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- pjsip 2.4 (no change) -- phoneprov-tools, new default templates: == Polycom UCS, polycom.conf, thanks to Darrick and Ian of DJH Solutions LLC. ** Web Interface -- Add Fossil support == Network tab -> Fossil - Software Configuration Management: == Fossil tab -> Fossil Web Interface == Network and Edit tabs allow Fossil to be Restarted == Prefs tab, "Show Fossil Tab" - unchecked by default == Edit tab -> "Fossil Commands" button when Fossil tab is shown More Info: http://doc.astlinux-project.org/userdoc:tt_fossil -- System and Staff tabs, Configuration/File Backup: exclude /stat/var/www/cache/ files from unionfs backup. -- Network -> "DNSCrypt Proxy Server Configuration" sub-tab, add support for "Ephemeral Keys" and optional "Secondary Server" configuration. More Info: http://doc.astlinux-project.org/userdoc:tt_dnscrypt_proxy -- PhoneProv tab, add real-time links for "Status", "Reload" and "Reboot" == Status retrieves "sip show peer " and displays a few useful lines. == Reload issues "sip notify " using the model or vendor to determine the argument == Reboot issues "sip notify " using the model or vendor to determine the argument -- SQL-Data tab, version bump to phpLiteAdmin 1.9.6, modified for AstLinux Additions for AstLinux 1.2.4: ============================= Not released due to last-second issue discovered with Asterisk 11.20.0 and 13.6.0 More Info: https://issues.asterisk.org/jira/browse/ASTERISK-25476 Additions for AstLinux 1.2.3: ============================= Released 2015-07-06 ** System -- Linux patch, crypto: aesni - fix memory usage in GCM decryption, Security fix: CVE-2015-3331 -- igb, version 5.3.2, Intel Gigabit Ethernet Network Driver -- e1000e version bump to 3.2.4.2 Intel PCI-Express PRO/1000 Ethernet Linux driver -- tg3, version bump to 3.137h, Broadcom NetLink 10/100/1000 Mbps PCI/PCI-X/PCI Express Ethernet Linux driver -- php, version bump to 5.5.26, major version change, bug and security fixes -- perl, version bump to 5.20.2 using perlcross 0.9.6 -- pcre, version bump to 8.37, security fixes: CVE-2014-8964, CVE-2015-2325, CVE-2015-2326 -- sudo, version bump to 1.8.13, security fix: CVE-2014-9680 -- e2fsprogs, version bump to 1.42.13, many bug fixes and security fix: CVE-2015-1572 -- tiff, version bump to 4.0.4, security fix: CVE-2014-8128 -- Monit, version bump to 5.14, added IPv6 support -- zabbix, version bump to 2.2.9 -- sox, version bump to 14.4.2 -- nano, version bump to 2.4.1 -- logrotate, version bump to 3.8.7 -- pciutils, version bump to 3.3.1 -- sqlite, version bump to 3.8.9 -- sqliteodbc, version bump to 0.9992 -- nut, version bump to 2.7.3 -- libsrtp, version bump to 1.5.2 -- libsodium, version bump to 1.0.3 -- smartctl, version bump to 6.4, drivedb.h 4105 2015-06-03 -- ethtool, version bump to 4.0 -- Kernel runtime parameters, add support for /etc/sysctl.conf via either /mnt/kd/sysctl.conf or the rc.conf variable KERNEL_SYSCTL, disabled by default. Example: KERNEL_SYSCTL="kernel.panic=3 vm.min_free_kbytes=8192" -- mac2vendor, database update at 2015-06-11 -- Time Zone Database update, tzdata2015e and php-timezonedb-2015.5 -- (Custom Build Only) flashrom, version bump to 0.9.8, no longer requires dmidecode ** Networking -- OpenSSL, version bump to 1.0.1o, security fixes: CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791 -- prosody, version bump to 0.9.8, security fix: CVE-2015-2059 -- ntpd/sntp, version bump to 4.2.8p2, security fixes: CVE-2014-9297, CVE-2014-9298, CVE-2015-1798, CVE-2015-1799 -- netsnmp, version bump to 5.7.3, security fix: CVE-2014-2285 -- vsftpd, add security fix: CVE-2015-1419 and fix segfault with incorrect password. -- dnsmasq, add upstream security fix: CVE-2015-3294 -- dnscrypt-proxy, version bump to 1.5.0 -- miniupnpd, version bump to 1.9.20150430, adds 'Port Control Protocol' NAT-PMP/PCP support. -- libpcap / tcpdump, version bump to 1.7.3 / 4.7.4, security and build fixes. -- libcurl (curl) version bump to 7.43.0, security fixes: CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3143, CVE-2015-3153, CVE-2015-3236, CVE-2015-3237 -- OpenVPN, version bump to 2.3.7 -- darkstat, version bump to 3.0.719 -- stunnel, version bump to 5.19 -- msmtp, version bump to 1.6.2 -- ddclient (dynamicdns), version bump to 3.8.3 -- lighttpd / stunnel, the default /etc/ssl/default_https.pem file, is now auto-generated and ultimately stored in /mnt/kd/ssl/default_https.pem, a symlink for /etc/ssl/mini_httpd.pem to default_https.pem is also provided for backward compatibility. A well-known PEM file is no longer provided for security reasons. -- (Custom Build Only) kamailio, version bump to 4.1.8 ** Asterisk -- Asterisk 1.8.32.3 (version bump), 11.18.0 (version bump) and 13.4.0 (version bump) == chan_sip, add patch(es) to increase the verbosity level needed for 'Extension Changed' logs, from 2 to 5 -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- pjsip 2.4 (version bump), and now built with proper SSL/TLS suport. -- wanpipe, version bump to 7.0.14 -- Asterisk-gui, removed for all Asterisk versions. Digium: "Asterisk GUI is no longer maintained and should not be used" https://wiki.asterisk.org/wiki/display/AST/Asterisk+GUI ** Web Interface -- Prefs and System tab, set default "Repository URL" to use Asterisk 13 if installed. -- Status and Network tab, change NAT-PMP to NAT-PMP/PCP labels adding 'Port Control Protocol' support. -- CDR Log tab, new "Export CDR.csv" button which exports the CDR data currently displayed with any search criteria applied. Additions for AstLinux 1.2.2: ============================= Released 2015-02-12 ** System -- Build system update: crosstool-NG 1.20.0, gcc 4.8.3, eglibc 2.18 Security fix: CVE-2015-0235 (GHOST: glibc gethostbyname buffer overflow) -- Linux Kernel 3.2.66 (minor bump) -- RUNNIX, version bump to runnix-0.4-6956, with Linux Kernel 3.2.66, dropbear 2015.67 -- igb, version 5.2.15, Intel Gigabit Ethernet Network Driver -- Monit, version 5.11, new package, easily configured monitoring system with web status interface More Info: http://doc.astlinux-project.org/userdoc:tt_monit_monitoring -- jansson, new package for Asterisk 13, version 2.7 -- liburiparser, new package for Asterisk 13, version 0.8.1 -- ethtool, version bump to 3.18 -- usbutils, version bump to 007 -- sqlite, version bump to 3.8.7.4 -- sqliteodbc, version bump to 0.9991 -- libidn, version bump to 1.29 -- libsodium, version bump to 1.0.2 -- kexec, version bump to 2.0.8 -- Time Zone Database update, tzdata2015a and tzcode2015a -- Update build system tools: == autoconf, version bump to 2.69 == automake, version bump to 1.15 == libtool, version bump to 2.4.4 == flex, version bump to 2.5.37 == bison, version bump to 3.0.4 == xz, version bump to 5.2.0 ** Networking -- OpenSSL, version bump to 1.0.1k (security fixes: CVE-2014-3571, CVE-2015-0206, et al.) -- libcurl (curl) version bump to 7.40.0, (security fixes: CVE-2014-8150, CVE-2014-8151) -- ntpd/sntp, version bump to 4.2.8 -- dnscrypt-proxy, version bump to 1.4.3, and 'max-active-requests' increased to 520 -- stunnel, version bump to 5.09 -- msmtp, version bump to 1.6.1 -- mtr, version bump to 0.86 plus upstream fixes -- links, version bump to 2.9 -- radvd, removed, the same functionality is now configured in dnsmasq for IPv6 router advertisements -- dnsmasq, new defaults of cache-size=4096 and dns-forward-max=512 Allow /mnt/kd/dnsmasq.static ( /etc/dnsmasq.static ) to override either default if specified. ** Asterisk -- Asterisk 1.8.32.2 (version bump), 11.15.1 (version bump) and 13.1.1 (new version for testing) -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- pjsip, new package for Asterisk 13, version 2.3 -- phoneprov-tools, add support for pjsip_file and pjsip_path for new [pjsip] context. Add support for optional '/mnt/kd/phoneprov-reload.script' action script when 'Reload Dialplan/SIP' is checked. More Info: http://doc.astlinux-project.org/userdoc:tt_ip_phone_provisioning#reload_action_script_optional -- Asterisk 'agi-bin' now includes the 'custom-agi' sub-directory path which is automatically symlinked to the /mnt/kd/custom-agi directory if it exists. The dialplan must use "AGI(custom-agi/foobar.agi,...)" to use any such AGI scripts. The /mnt/kd/custom-agi directory is now part of the basic backup/restore. Note: All previously existing AGI scripts will continue to work as before. ** Web Interface -- Add Monit support == Network tab -> Network Services: Monit Monitoring: { Configure Monit } == Monit tab -> Monit Service Management == Network, Edit and Monit Config tabs allow Monit to be Restarted == Prefs tab, "Show Monit Tab" - unchecked by default More Info: http://doc.astlinux-project.org/userdoc:tt_monit_monitoring -- ConfBridge tab, added Asterisk 13 support -- Remove "radvd" support as "dnsmasq" is now used for IPv6 router advertisements Additions for AstLinux 1.2.1: ============================= Released 2014-12-26 ** System -- RUNNIX, version bump to runnix-0.4-6752 -- r8168 revert to previous 8.038.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- bash, version bump to 4.1.17, bug and security fixes -- libxml2, version bump to 2.9.2 (security fixes: CVE-2014-3660, CVE-2014-0191) -- libsrtp, version bump to 1.5.0, now using the Cisco repo with OpenSSL support -- smartctl, version 6.3, new command to monitor S.M.A.R.T enabled SSD's smart-status, new command, Usage: smart-status attr[ibutes]|ATTR[IBUTES]|health|info -- zabbix, version bump to 2.2.7 -- libsodium, version bump to 1.0.1 -- pcre, version bump to 8.36 -- pciutils, version bump to 3.3.0 -- mac2vendor, database update at 2014-11-12 -- Time Zone Database update, tzdata2014j and tzcode2014j ** Networking -- OpenSSL, version bump to 1.0.1j (security fixes: CVE-2014-3513, CVE-2014-3567, CVE-2014-3568) -- WAN Failover, new feature allowing a network failover method via an interface or specified gateway address. A background script monitors selected hosts and triggers a failover when criterion is met. The optional /mnt/kd/wan-failover.script executable script will be called to allow for service adjustments. More info: http://doc.astlinux-project.org/userdoc:tt_wan_failover -- External interface DHCP client enhancements to better handle 'primary' and 'secondary' external DHCP interfaces. A DHCP client 'renew' no longer flushes and rebuilds the IPv4 interface settings if no change is requested. -- libcurl (curl) version bump to 7.39.0, bug and security fix: CVE-2014-3707 -- OpenVPN, version bump to 2.3.6 (security fix: CVE-2014-8104) -- prosody, version bump to 0.9.7 -- openldap, version bump to 2.4.40 -- radvd, version bump to 2.8 -- stunnel, version bump to 5.07 -- (Custom Build Only) kamailio, version bump to 4.1.7 ** Asterisk -- Asterisk 1.8.32.1 (version bump) and 11.14.2 (version bump) -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- wanpipe, version bump to 7.0.12 -- neon, version bump to 0.30.1, used for Asterisk Calendar Support -- FOP2, available version bump to 2.28. New CLI command option: "service fop2 test" Note: If you have a license, you may need to purchase an "Annual Software Maintenance" license if you upgrade. More info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2-upgrade ** Web Interface -- System -> Add-On Packages: add action "Check for New" and "Show Installed" works for all packages, or now just the selected package. -- Status tab, added "S.M.A.R.T Monitoring", disabled by default and can be enabled via the Prefs tab. -- Status tab, added "WAN Failover Status", and can be hidden via the Prefs tab. -- Network tab, added "External Failover Interface:" section with new sub-tab { WAN Failover Configuration } Note: EXT2* rc.conf variables can now be defined via the web interface. More info: http://doc.astlinux-project.org/userdoc:tt_wan_failover -- Network -> OpenVPN Server -> Server Hostname(s): may now contain a space separated list of hosts which will add multiple "remote" entries to the .ovpn profile for failover. Additions for AstLinux 1.2.0: ============================= Released 2014-10-02 ** System -- Linux Kernel 3.2.62 (major bump) -- RUNNIX, version bump to runnix-0.4-6630, with Linux Kernel 3.2.62 -- igb, version 5.2.9.3, Intel Gigabit Ethernet Network Driver, including Intel i210 and i354 support. -- tg3, version bump to 3.136h, Broadcom NetLink 10/100/1000 Mbps PCI/PCI-X/PCI Express Ethernet Linux driver -- r8168 version bump to 8.039.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- unionfs, version bump to 2.6 -- bash, version bump to 4.1.14, including "ShellShock" security fix: CVE-2014-6271, CVE-2014-7169 Note: AstLinux's bash now includes an additional patch to disable importing functions by default as NetBSD (original patch by Christos Zoulas) and FreeBSD, et al. . -- php, version bump to 5.3.29, bug and security fixes -- php, dynamically define /etc/php.ini so 'date.timezone' is always specified using the TIMEZONE variable. The php.ini can be manually defined if /mnt/kd/php.ini.conf exists, copy from /stat/etc/php.ini.conf if desired. Changes to /mnt/kd/php.ini.conf must be applied using the CLI with the commands: == service lighttpd stop service lighttpd init == Additionally, 'display_errors' is now "Off" by default. -- libsodium, version bump to 0.7.0 -- spandsp, version bump to 0.0.6 (official) -- jpeg, version bump to 9a -- e2fsprogs, version bump to 1.42.12 -- dosfstools, version bump to 3.0.26 -- ethtool, version bump to 3.16 -- nano, version bump to 2.3.6 -- acpid, version bump to 2.0.23 -- sqlite, version bump to 3.8.6 -- sqliteodbc, version bump to 0.999 -- Time Zone Database update, tzdata2014g and tzcode2014g ** Networking -- OpenSSL, version bump to 1.0.1i (security fixes: CVE-2014-3512, CVE-2014-3511, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3509, CVE-2014-5139, CVE-2014-3508) -- OpenSSL, use 'linux-elf' configure option for i586 and i686 architectures, adds run-time optimizations for CPU features including AES-NI. -- (Custom Build Only) kamailio, version 4.1.6, new package to support a very powerful, full featured SIP server. Includes rtpproxy for use when WITH_NAT is defined in the kamailio configuration. More info: http://doc.astlinux-project.org/userdoc:tt_kamailio -- sipgrep, version 2.0.0, new package very similar to 'ngrep' but tweaked for viewing SIP packets. -- libcurl (curl) version bump to 7.38.0, bug and security fixes: CVE-2014-3613, CVE-2014-3620 -- msmtp, added configuration support for "aliases" when the file /mnt/kd/msmtp-aliases.conf exists. More Info: http://doc.astlinux-project.org/userdoc:tt_smtp_aliases -- AIF, add new "sip-user-agent" plugin. This plugin monitors inbound (EXT->Local) SIP sessions on specified ports, and can either 'whitelist' or 'blacklist' SIP session packets by inspecting the User-Agent: field. More Info: http://doc.astlinux-project.org/userdoc:tt_firewall_plugins#sip-user-agent -- AIF, "adaptive-ban" plugin, added 'kamailio' analysis type. Note: Requires 'WITH_ANTIFLOOD' enabled in kamailio for the logs to be generated -- dnscrypt-proxy, version bump to 1.4.1 -- dnsmasq, version bump to 2.71, automatically set 'proxy-dnssec' when DNSCrypt is enabled. -- pppd, version bump to 2.4.7, security fix CVE-2014-3158 -- stunnel, version bump to 5.03 -- radvd, version bump to 2.7 -- rsync, version bump to 3.1.1 -- libpcap / tcpdump, version bump to 1.6.2 / 4.6.2 -- openldap, ldap-phone-name-lookup and ldap-phone-num-lookup scripts, added 'o' (organization) as a searchable entry. ** Asterisk -- Asterisk 1.8.30.0 (version bump) and 11.12.1 (version bump) -- Asterisk Voicemail, back-port Asterisk 13 patch to support multiple email entries separated by |'s -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- Added rc.conf variable ASTERISK_DAHDI_DISABLE, disable Asterisk and DAHDI when set to "yes", defaults to "no". ** Web Interface -- Network -> Outbound SMTP Mail Relay: SMTP Local Aliases: { Edit Local Aliases } is shown if the file /mnt/kd/msmtp-aliases.conf exists. More Info: http://doc.astlinux-project.org/userdoc:tt_smtp_aliases -- Users tab, add support for multiple email entries separated by |'s, longer email entries and sanitize input more strictly. -- Network and Edit tabs, add "Kamailio SIP Server" support for /mnt/kd/kamailio/ . Additionally, added "Restart Kamailio" menu entries. -- Status tab, added "Kamailio SIP Server Status", and can be hidden via the Prefs tab. Additions for AstLinux 1.1.7: ============================= Released 2014-07-19 ** System -- RUNNIX, version bump to 0.4-6527, enable ACPI and APIC in kernel, use IO-APIC for interrupt routing -- linux, n_tty: Fix n_tty_write crash when echoing in raw mode, (security fix: CVE-2014-0196) -- initrd, increase the tmpfs asturo limit from 128 MB to 192 MB. Additionally, resize the asturo mount to match the 'used' space so no free space remains. -- lzo, version bump to 2.08, potential integer overflow (security fix: CVE-2014-4607) -- e1000e version bump to 3.1.0.2 Intel PCI-Express PRO/1000 Ethernet Linux driver -- ethtool, version bump to 3.14 -- kexec, version bump to 2.0.6 -- pcre, version bump to 8.35 -- nut, version bump to 2.7.2 -- acpid, version bump to 2.0.22 -- sqlite, version bump to 3.8.4.2 -- sqliteodbc, version bump to 0.997 -- unixodbc, version bump to 2.3.2 -- libusb, version bump to 1.0.19 -- libsodium, version bump to 0.6.0 -- zabbix, version bump to 2.2.4 Note: The remote zabbix_server must be version 2.2.x or greater. -- mac2vendor, database update at 2014-04-28 -- Time Zone Database update, tzdata2014d and tzcode2014d ** Networking -- OpenSSL, version bump to 1.0.1h (security fixes: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470, CVE-2014-0198, CVE-2010-5298) -- OpenSSH, version bump to 6.6p1 (security fix: CVE-2014-2532). Adds new "Ed25519" public key type, based on Daniel Bernstein's Curve25519. -- OpenVPN, version bump to 2.3.4 -- dnscrypt-proxy, version bump to 1.4.0 -- stunnel, version bump to 5.02 -- p910nd, version bump to 0.97 -- fping, version bump to 3.10 -- libcurl (curl) version bump to 7.37.0, bug fixes. -- ddclient (dynamicdns), add support for 'ssl=yes' by using /usr/bin/curl instead of the perl module Net/SSLeay. By default ZoneEdit, DNS-O-MATIC and pairNIC now use HTTPS for updates. ** Asterisk -- Asterisk 1.8.28.2 (version bump) and 11.10.2 (version bump) -- DAHDI, dahdi-linux 2.8.0.1 (no change) and dahdi-tools 2.8.0 (no change) -- LibPRI, version bump to 1.4.15 -- phoneprov-tools, new default templates: == Grandstream GXP1400, gxp1400.conf, thanks to Michael Keuter. -- phoneprov-tools, new "sql_enable=yes" (default) template option, automatically creates a 'phoneprov' SQLite3 table in the file "/mnt/kd/asterisk-odbc.sqlite3" which can be used for func_odbc dialplan functions. More Info: http://doc.astlinux-project.org/userdoc:tt_asterisk-odbc ** Web Interface -- Network -> Dynamic DNS Update: [ disabled ] option added to provide a simple method to disable Dynamic DNS without deleteing a working configuration. -- Network -> Firewall sub-tab, add support for multiple "Allow OpenVPN" LAN interfaces. -- Actionlist tab, added larger User Data field. -- Status tab, add "Show PPPoE Logs" button to display filtered pppd logs. Additions for AstLinux 1.1.6: ============================= Released 2014-04-24 ** System -- Build system update: crosstool-NG 1.19.0, gcc 4.4.7, eglibc 2.15 -- RUNNIX, version bump to runnix-0.4-6376, Linux Kernel 2.6.35.14, gcc 4.4.7, eglibc 2.15 and package upgrades. -- linux, build the SENSORS_K10TEMP module 'k10temp' for the PC Engines APU board -- e1000e version bump to 3.0.4.1 Intel PCI-Express PRO/1000 Ethernet Linux driver -- tg3, version bump to 3.133d Broadcom NetLink 10/100/1000 Mbps PCI/PCI-X/PCI Express Ethernet Linux driver -- r8168 version bump to 8.038.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- busybox version bump to 1.19.4, new setserial command Note: Mounting remote NFS shares is no longer supported -- perl, version bump to 5.18.2 using perlcross 0.8.5 -- php, enable SimpleXML support for default builds -- pcre, version bump to 8.34 -- libxml2, version bump to 2.9.1 -- lm-sensors, version bump to 3.3.5 -- libusb / libusb-compat, version bump to 1.0.18 / 0.1.5 respectively -- dosfstools, version bump to 3.0.25 -- kexec, version bump to 2.0.4 -- initrd and /etc/rc, On boot use 'e2fsck -y' instead of 'e2fsck -p' since common disk corruption will not be automatically fixed with '-p'. Thanks to Martin Sunstrum for demonstrating the problem and testing. ** Networking -- OpenSSL, major version bump to 1.0.1g including "heartbleed" security fix: CVE-2014-0160 -- OpenSSH 6.4p1 (security and bug fixes) -- lighttpd, version bump to 1.4.35, (security fixes: CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324) and bug fixes. -- libcurl (curl) version bump to 7.36.0, (security fixes: CVE-2014-0015, CVE-2014-0005, CVE-2014-0319, CVE-2014-1263, CVE-2014-2522) and bug fixes. -- stunnel, version bump to 5.01, (security fix: CVE-2014-0016) -- AIF, version bump to 2.0.1e, added DMZ logging options, the TRACE feature is removed resulting in an 8% speed improvement. -- dnscrypt-proxy, version 1.3.3, new package together with new libsodium 0.4.5 package, implements an optional feature providing an encrypted tunnel for upstream DNS. Useful with OpenDNS and others supporting DNSCrypt (dnscrypt-wrapper). New rc.conf variables: DNSCRYPT_PROXY, DNSCRYPT_VERBOSITY, DNSCRYPT_SERVER_ADDRESS, DNSCRYPT_PROVIDER_NAME, DNSCRYPT_PROVIDER_KEY More Info: http://doc.astlinux-project.org/userdoc:tt_dnscrypt_proxy -- netsnmp, version bump to 5.7.2.1, (security fix: CVE-2014-2284) and bug fixes. -- ipsec-tools, version bump to 0.8.2 -- prosody, version bump to 0.9.4 with luaexpat version bump to 1.3.0 -- openldap, version bump to 2.4.39 ldap-phone-name-lookup and ldap-phone-num-lookup scripts, added debug option so that by default no PHP errors are displayed. -- darkstat, version bump to 3.0.718 -- radvd, version bump to 1.9.9 -- fping, version bump to 3.9 -- iftop, version bump to 1.0pre4, Note: now installed in the standard location of /usr/sbin/iftop instead of /usr/bin/iftop . -- mtr, version bump to 0.85 plus upstream fixes, unofficial 0.85.1 -- rsync, version bump to 3.0.9 -- msmtp, version bump to 1.4.32 ** Asterisk -- Asterisk 1.8.26.1 (version bump) and 11.8.1 (version bump) -- Asterisk Sounds 1.4.25 (version bump) available, as well as 'it' and 'en_GB' core sound files. -- DAHDI, dahdi-linux 2.8.0.1 (version bump) and dahdi-tools 2.8.0 (version bump) -- wanpipe, version bump to 7.0.10 -- rhino, version bump to 0.99.6b4 -- phoneprov-tools, new package. A set of scripts and configuration templates designed to generate IP Phone provisioning files as well as Asterisk sip.conf and extensions.conf includes files. Special thanks to Michael Keuter. New rc.conf variables: PHONEPROV_BASE_DIR, PHONEPROV_GW_IF More Info: http://doc.astlinux-project.org/userdoc:tt_ip_phone_provisioning ** Web Interface -- Network -> Firewall sub-tab, add "Log Denied DMZ interface packets" option, defaults to "unchecked" to not log denied packets (IPv4 broadcasts for example) in the DMZ. -- Network tab, added Network Services: DNSCrypt Proxy Server: { Configure DNSCrypt }, to support dnscrypt-proxy. More Info: http://doc.astlinux-project.org/userdoc:tt_dnscrypt_proxy -- Added "PhoneProv Tab" using phoneprov-tools, Show/Hide and number of Extensions Displayed in Prefs tab. More Info: http://doc.astlinux-project.org/userdoc:tt_ip_phoneprov_howto -- Edit tab, support to edit /mnt/kd/phoneprov/templates/*.conf files. -- ConfBridge tab, fully support user mute with latest Asterisk 11 fixes. -- System tab, add "english-gb" (Great Britain) sound language. Additions for AstLinux 1.1.5: ============================= Not released due to the OpenSSL "heartbleed" security issue: CVE-2014-0160 Since AstLinux 1.1.5 was already tagged and vulnerable before the fix, 1.1.5 was not released to eliminate any possible confusion. AstLinux versions 1.1.4 and earlier used the OpenSSL 0.9.8 series which is not affected by the "heartbleed" security vulnerability. Additions for AstLinux 1.1.4: ============================= Released 2014-01-22 ** System -- r8168 version bump to 8.037.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- php, version bump to 5.3.28, (security fixes: CVE-2013-4073, CVE-2013-6420) -- ethtool, version bump to 3.12.1 -- openldap, version bump to 2.4.38 -- sqlite, version bump to 3.8.0.2 -- sqliteodbc, version bump to 0.995 -- mysql_client, version bump to 5.1.73 -- nano, version bump to 2.3.2 -- pciutils, version bump to 3.2.1 -- vcard-export, new command to generate ldif files from vcard files, suitable to 'ldapadd' into the LDAP addressbook -- nut, version 2.7.1, new package to monitor uninterruptible power supplies. This package replaces the previous apcupsd package. New rc.conf variables: UPS_DRIVER, UPS_DRIVER_PORT, UPS_LISTEN_ALL, UPS_LISTEN_PORT, UPS_MONITOR_HOST, UPS_MONITOR_USER, UPS_MONITOR_PASS More Info: http://doc.astlinux-project.org/userdoc:tt_ups_monitoring -- Added rc.conf variable DIALING_PREFIX_NUMBERS referenced by dialproxy.php for International E.164 numbering. More Info: http://doc.astlinux-project.org/userdoc:tt_dialproxy -- Update /etc/services entries. -- mac2vendor, database update at 2013-11-20 -- Time Zone Database update, tzdata2013h and tzcode2013h ** Networking -- ddclient, version 3.8.2, Dynamic DNS now adds "ddclient" support along with the old "inadyn" client. The variable DDCLIENT="ddclient" enables it, the default is "inadyn". -- slapd, added LDAP server, automatic configuration for ou=addressbook to be used by IP Phones and various LDAP clients. Note: Admin user is cn=admin, Staff read/write user is cn=staff,ou=users and Directory read-only user is cn=directory,ou=users Be certain you understand the default password settings for the various users before deployment. More Info: http://doc.astlinux-project.org/userdoc:tt-ldap-server -- openldap, added scripts ldap-phone-name-lookup and ldap-phone-num-lookup to easily enable LDAP lookups via Asterisk and shell scripts. Note: the "LDAP Client System Defaults" -> LDAP Server URI(s) must be defined for these scripts to be enabled. More Info: http://doc.astlinux-project.org/userdoc:tt_ldap_client -- darkstat, new addition to provide Network Statistics via a web browser using "https://pbx/admin/netstat/" and a new NetStat tab in the web interface. This feature is disabled by default. Variables: NETSTAT_SERVER, NETSTAT_CAPTURE, and advanced NETSTAT_FILTER, NETSTAT_PROMISCUOUS -- libcurl (curl) version bump to 7.34.0, (security fixes: CVE-2013-1944, CVE-2013-2174, CVE-2013-4545) and bug fixes. -- lighttpd, version bump to 1.4.33, (upstream security fixes: CVE-2013-4559, CVE-2013-4560) and bug fixes. -- dnsmasq, version bump to 2.68, new feature allows "enable-tftp=" to define allowed interfaces for TFTP. More Info: View file "/stat/etc/dnsmasq.static" for syntax and make changes to "/mnt/kd/dnsmasq.static". -- prosody, version bump to 0.9.2 -- radvd, version bump to 1.9.7 -- libpcap / tcpdump, version bump to 1.4.0 / 4.4.0 ** Asterisk -- Asterisk 1.8.25.0 (version bump) and 11.7.0 (version bump) Note: New "live_dangerously" option in asterisk.conf, consider setting "live_dangerously = no". https://issues.asterisk.org/jira/browse/ASTERISK-22905 -- DAHDI, dahdi-linux 2.6.2 (no change) and dahdi-tools 2.6.2 (no change) Note: dahdi-linux 2.8.0.1 / dahdi-tools 2.8.0 is available via a custom build without wanpipe and without rhino. -- FOP2, our mirror has been updated to the latest fop2-2.27 "final". Use the web interface "System tab -> Add-On Packages:" or the CLI command "upgrade-package fop2 upgrade" to upgrade to the latest version if you previously installed it. Note: If you purchased a license, you will need to re-apply your registration code via the FOP2 Panel or after you upgrade, using the CLI: cp /stat/var/packages/fop2-OLD/server/fop2.lic /stat/var/packages/fop2/server/ ** Web Interface -- Network tab, add support for both "inadyn" and "ddclient" Dynamic DNS. In addition to the standard pre-defined services, ddclient also supports user defined services for: easydns, dnspark, namecheap, changeip, and dtdns -- Network tab, add Network Services: LDAP Server, Directory Information { Configure LDAP Server } -- Network and Edit tabs, add Restart LDAP Server menu entry. -- phone-ldap-dir.php, now supports multiple tags for type=yealink -- LDAP-AB tab, new addition for managing the LDAP Address Book, export LDIF files and import LDIF and vCard files. -- dialproxy.php, add support for POST method and number filtering using DIALING_PREFIX_NUMBERS user.conf variable. More Info: http://doc.astlinux-project.org/userdoc:tt_dialproxy -- Added "NetStat Tab" using darkstat, Show/Hide in Prefs tab. Requires 'admin' or 'staff' permissions. The new Network tab option "NetStat Server" must be enabled for the NetStat tab to function, restart via "Restart NetStat Server". The option "NetStat Interfaces" determines which interface(s) capture statistics, "External" by default. -- "Restart" services now displays "is Running" or "is Stopped" results when possible. -- SQL-Data tab, for 'staff' user, disable actions: table_create, view_create, table_drop, view_drop, table_empty -- Network tab, UPS Monitoring now uses NUT instead of apcupsd. New added options support APC plus many other manufacturers. Note: UPS Monitoring must be re-enabled if it was previously enabled. More Info: http://doc.astlinux-project.org/userdoc:tt_ups_monitoring Additions for AstLinux 1.1.3: ============================= Released 2013-09-27 ** System -- e1000e version bump to 2.5.4 Intel PCI-Express PRO/1000 Ethernet Linux driver -- r8168 version bump to 8.036.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- php, version bump to 5.3.27, enable the 'zlib' module -- perl, version bump to 5.16.3 using perlcross 0.7.4, ('rehashing flaw' fix: CVE-2013-1667) -- ex-vi (vi), enable multi-byte (UTF-8) support, use set-locale to define locale if desired. -- logrotate, version 3.8.6, new package enabled by default to manage non-syslog log files. logrotate is automatically called via cron, once a day at 04:00. Packages whose logs are managed by logrotate are: asterisk (not CDR's), lighttpd, openvpn and prosody. -- syslogd, added new netsyslogd service to handle SYSLOGHOST remote syslog when defined. The syslogd service is now local only, syslogd is started earlier so network startup can log to syslog - such as udhcpc, ifplugd and PPPoE's pppd. -- sox, version bump to 14.4.1, *much* newer from previous 12.17.9 Note: Some sox options have changed over the years, if you use sox in scripts adjust as needed. For example, encoded sample size option '-w' is now '-b 16' -- zabbix, version bump to 2.0.8 -- mysql_client, version bump to 5.1.71 -- zlib, version bump to 1.2.8 -- pcre, version bump to 8.33 -- e2fsprogs, version bump to 1.42.8 ** Networking -- network, increase the number of attempts udhcp tries to get an IP address on startup. Previously the default was to try 3 times, 3 seconds apart, now we try 6 times, 2 seconds apart. Some NIC's take a few seconds to become available on startup. -- prosody, version bump to 0.9.1, IPv6 support, add log_auth for Adaptive Ban support. Added pubsub support, new variables: XMPP_PUBSUB, XMPP_PUBSUB_ADMINS and XMPP_PUBSUB_AUTOCREATE -- luasec, version bump to 0.5 (luasec-prosody) -- luasocket, version bump to 3.0-rc1 -- AIF, "adaptive-ban" plugin. Don't ban IPv4 127.0.0.1, the IPv6 ::1 was previously properly ignored. Additionally, add support for 'prosody' and remove old 'mini_httpd' support. ** Asterisk -- Asterisk 1.8.23.1 (version bump) and 11.5.1 (version bump) (security fixes: AST-2013-004 and AST-2013-005) -- DAHDI, dahdi-linux 2.6.2 (no change) and dahdi-tools 2.6.2 (no change) -- New package 'asterisk-fop2', adds the framework for supporting the 'Flash Operator Panel 2' (free for 15 buttons, reasonable for unlimited). The actual 'fop2' code is downloaded on ASTURW as a 'package' using the new CLI command 'upgrade-package'. More Info: http://doc.astlinux-project.org/userdoc:tt_asterisk-fop2 ** Web Interface -- Add Asterisk FOP2 support == System tab, new "Add-On Packages" feature. == All tabs, show FOP2 link when "fop2" Add-On Package is installed. == Prefs tab, add "External FOP2 Link: __ Use HTTPS" option. == Edit and Network tabs, Restart and Reload Asterisk FOP2. == Edit tab, support to edit /mnt/kd/fop2/*.cfg files. -- Prefs tab, add "__ Backup filename uses both Hostname and Domain" option. -- Network -> Configure DNS Hosts sub-tab, force unique IP's so dnsmasq always restarts properly. Note: The interface layout has changed for the DNS Hosts sub-tab, the IP Address appears on the left instead of the Host Name. If you want to define more than one DNS host name to an IP address the Host Name field may contain a space separated list of host names or FQDN's. Only the first host name will be used with the MAC address (if any) for DHCP. -- Voicemail tab, support FOP2 UserEvent: FOP2RELOADVOICEMAIL to sync mailbox status. -- All tabs, use charset encoding 'utf-8' instead of 'iso-8859-1', allows Edit tab to edit UTF-8 characters. -- XMPP sub-tab, add support for XMPP_PUBSUB, XMPP_PUBSUB_ADMINS and XMPP_PUBSUB_AUTOCREATE variables. -- Edit tab, add shortcut support defined via Prefs tab. Shortcuts: are defined as a return (CR) separated list of filenames, optionally with a trailing ~Label . Example: /mnt/kd/rc.conf.d/user.conf /etc/asterisk/sip.conf /etc/asterisk/extensions.conf~Asterisk_Dialplan Additions for AstLinux 1.1.2: ============================= Released 2013-07-01 ** System -- RUNNIX, version bump to runnix-0.4-6112, Linux Kernel 2.6.35.14 and many package upgrades. -- tg3, version 3.124c Broadcom NetLink 10/100/1000 Mbps PCI/PCI-X/PCI Express Ethernet Linux driver -- alert, add new variable ALERT_SOUNDS_OCTAVE to increase the ALERT_SOUNDS alert tones by 1, 2 or 3 octaves (x2, x4 or x8 frequency). Useful for boards with smaller high frequency piezo-speakers or noisy environments. -- Enable kernel module CONFIG_USB_ACM, per Dominko Vrljic on the mailing list and Arduino board integration. -- php, version bump to 5.3.26, enable basic XML support using libxml2 and enable LDAP support using openldap. -- sqlite, version bump to 3.7.17.0 -- sqliteodbc, version bump to 0.993 -- ethtool, version bump to 3.9 -- lm-sensors, version bump to 3.3.4 -- util-linux, version bump to 2.22.2 -- e2fsprogs, version bump to 1.42.7 -- dosfstools, version bump to 3.0.16 ** Networking -- openldap, added libraries and shell commands ldapsearch and ldapwhoami for LDAP client queries. Added LDAP_* rc.conf variables to set the "LDAP Client System Defaults" via the "/etc/openldap/ldap.conf" system file. -- network, unify network configuration to use ip (iproute2). Users with custom /mnt/kd/rc.elocal and rc.local scripts performing network configuration are urged to make the similar changes (ifconfig, route -> ip), though not required. -- ntpd, when NTPBROADCAST=yes clarify in the rc.conf comments that the IPv4 multicast only applies to the 1st LAN Interface. -- ifplugd, new daemon added, when udhcpc is enabled (External Connection Type: DHCP) ifplugd monitors the ethernet link status and calls the udhcpc.action script to immediately (4-5 seconds) restart udhcpc when the link is back up. Note: The link must be down for at least 4-5 seconds before the script is called. Shorter durations are intentionally ignored. -- AIF, add new "time-schedule-host-block" plugin. This selectively blocks outgoing connections by MAC or IP address based on a local time schedule and day-of-week. Useful for blocking guest WiFi access during off-hours, children's curfew, etc. . -- netsnmp, version bump to 5.7.2, change build options to enable Unix transport and agentx to support Asterisk's res_snmp. -- OpenVPN, version bump to 2.3.2 -- radvd, version bump to 1.9.3 -- dnsmasq, version bump to 2.66 -- msmtp, version bump to 1.4.31 ** Asterisk -- Asterisk 1.8.22.0 (version bump) and 11.4.0 (version bump) -- DAHDI, dahdi-linux 2.6.2 (no change) and dahdi-tools 2.6.2 (no change) -- Enable Asterisk res_snmp.so module when netsnmp is enabled (standard) used together with the snmpd service. Includes ASTERISK-MIB.txt and DIGIUM-MIB.txt mib files. More Info: http://doc.astlinux-project.org/userdoc:tt_asterisk_snmp_monitoring -- Asterisk 11, fixed an issue when res_xmpp is active and unwanted debug log /tmp/refs grows without limit. More Info: https://issues.asterisk.org/jira/browse/ASTERISK-21785 -- Automatically add symlink /var/spool/asterisk/meetme -> /mnt/kd/monitor/meetme so recordings without MEETME_RECORDINGFILE defined will be saved on persistent storage, and located such that the Monitor tab may be used to manage them. -- When the directory /mnt/kd/dictate exists, add symlink /var/spool/asterisk/dictate -> /mnt/kd/dictate so the dialplan Dictate() application files will be placed on persistent storage. ** Web Interface -- ConfBridge tab, new ConfBridge tab has been added, hidden by default. Similar to the MeetMe tab. -- Network tab, allow static IPv6 when DHCP is specified for IPv4 on external interface. -- Prefs tab, allow "staff" user to access SQL-Data tab, disabled by default. -- Network and Edit tabs, add "SNMP Agent Server" support for "/mnt/kd/snmp/snmpd.conf". Additionally, added "Restart SNMP Server" menu entries. -- System tab, add the "/mnt/kd/snmp/" directory to the Basic Configuration Backup. -- Network tab, added "LDAP Client System Defaults" support for LDAP_* rc.conf variables. Edit tab, added "LDAP Client System Defaults" support for optional /mnt/kd/ldap.conf file. Additionally, Network and Edit tabs, added "Reload LDAP Client" menu entries. -- A new "phone-ldap-dir.php" cgi script, similar to the "phone-dir.php cgi script", but uses the "LDAP Client System Defaults" settings to query the data. Only 'anonymous' queries are supported by the standard cgi script. Note: The Network tab "LDAP Server URI(s):" entry must be defined for this cgi script to be enabled. More Info: http://doc.astlinux-project.org/userdoc:tt_ldap_client Additions for AstLinux 1.1.1: ============================= Released 2013-04-17 ** System -- e1000e version bump to 2.3.2 Intel PCI-Express PRO/1000 Ethernet Linux driver -- Timezone, add "/etc/timezone" file support defined as the validated TIMEZONE variable. -- unixodbc, new package, adds ODBC database interface. -- sqliteodbc, new package, adds SQLite3 driver for the unixodbc ODBC database interface. Note: The Asterisk database is located at "/mnt/kd/asterisk-odbc.sqlite3" with DSN=asterisk The CDR ODBC database is located at "/mnt/kd/cdr-sqlite3/cdr-odbc.sqlite3" with DSN=asterisk-cdr -- php, version bump to 5.3.23. Additionally, PDO SQLite(3) is enabled. (security fixes: CVE-2013-1635 and CVE-2013-1643) -- sudo, version bump to 1.8.6p7, (security fixes: CVE-2013-1775 and CVE-2013-1776) -- zabbix, version bump to 2.0.5, many bug fixes -- build system, various fixes and additions from the upstream Buildroot including: host-fakeroot, host-makedevs and automatically define --program-prefix= when calling ./configure ** Networking -- OpenSSL, version bump to 0.9.8y (security fixes: CVE-2013-0169, CVE-2012-2686 and CVE-2013-0166) -- libcurl (curl) version bump to 7.29.0, (security fix: CVE-2013-0249) and bug fixes. Additionally enable IPv6. -- stunnel, version bump to 4.56, (security fix: CVE-2013-1762) -- sendxmpp, an XMPP Client command line tool to send Jabber/XMPP messages has been added. (based on the "clix" Lua tool by Matthew Wild, uses the same Lua runtime environment as Prosody) This allows Asterisk 1.8 users to use Jabber/XMPP from the dialplan with the Prosody XMPP server. More Info: http://doc.astlinux-project.org/userdoc:tt-xmpp-server#xmpp_command_line_client More Info: sendxmpp --help -- OpenVPN, version bump to 2.3.1, Remove easy-rsa scripts. == New Server rc.conf variables: OVPN_AUTH, OVPN_TA, OVPN_SERVERV6 and OVPN_TOPOLOGY == New Client rc.conf variables: OVPNC_AUTH, OVPNC_TA and OVPNC_USER_PASS -- dnsmasq, for very special situations such as in a VM, added an rc.conf variable EXTDHCP="yes" to allow a single, static, non-PPPoE external interface to act as a DHCP server. Obviously EXTDHCP="no" by default. More Info: http://doc.astlinux-project.org/userdoc:tt-ext-dhcp-server -- reload-spamhaus-drop (optional CRON script), add support for the new 'edrop' list, used along with AIF More Info: http://www.spamhaus.org/drop/ ** Asterisk -- Asterisk 1.8.21.0 (version bump) and 11.3.0 (version bump) (security fixes: CVE-2013-2264, CVE-2013-2685 and CVE-2013-2686) -- DAHDI, dahdi-linux 2.6.2 (version bump) and dahdi-tools 2.6.2 (version bump) -- rhino, version bump to 0.99.6b3 -- Asterisk 1.8 and 11 builds now support ODBC database functionality. Most interesting is the "func_odbc" module. By default the ODBC features are disabled until enabled for [asterisk] and optionally [asterisk-cdr] in "res_odbc.conf". New CDR logging options are available, most interesting is the "cdr_adaptive_odbc" module, use with DSN=asterisk-cdr . Note: The Asterisk database is located at "/mnt/kd/asterisk-odbc.sqlite3" with DSN=asterisk The CDR ODBC database is located at "/mnt/kd/cdr-sqlite3/cdr-odbc.sqlite3" with DSN=asterisk-cdr More Info: http://doc.astlinux-project.org/userdoc:tt_asterisk-odbc ** Web Interface -- OpenVPN Server sub-tab == Either IPv4 or IPv6 may be used for transport, and dual IPv4/IPv6 tunnels == Added TLS-Auth support == Added Auth HMAC selections of SHA1 and SHA256 == Added Topology selections == Downloaded credentials now contain client.ovpn configurations for the OpenVPN Client App More info: http://doc.astlinux-project.org/userdoc:tt_openvpn_server More info: http://doc.astlinux-project.org/userdoc:tt_openvpn_client_networks -- OpenVPN Client sub-tab == Added User/Pass authentication support == Added TLS-Auth support == Added Auth HMAC selections of SHA1 and SHA256 -- SQL-Data tab, new tab, not shown by default == Prefs tab, SQL-Data Tab Options: and Show SQL-Data Tab == Manages SQL data in "/mnt/kd/asterisk-odbc.sqlite3" used by func_odbc in Asterisk. == Manages SQL data in "/mnt/kd/cdr-sqlite3/cdr-odbc.sqlite3" if it exists, created by cdr_adaptive_odbc or cdr_odbc. == Manages SQL data in "/mnt/kd/cdr-sqlite3/master.db" if it exists, created by cdr_sqlite3_custom. Note: The SQL-Data tab is a customized variation of phpLiteAdmin: http://code.google.com/p/phpliteadmin/ -- Edit tab support for editing existing OpenVPN files in "/mnt/kd/openvpn/ccd/" -- Prefs and System tabs, add the Asterisk 11 Repository URL to the list of defaults. -- All tabs, prefer the "/etc/timezone" file as the souce of the Timezone, if it exists. -- Network tab, validate Timezone setting and display an error if invalid. -- Firewall tab, Traffic Shaping - Downlink Speed, set "Disabled" by default and make the setting more obvious. -- All tabs, sanitize text input data used for rc.conf variable configuration. Input characters: double-quote ("), dollar-sign ($), grave-accent (`) and backslash (\) will be ignored. Asterisk astDB stored data will ignore the double-quote (") and backslash (\) characters. Note: The single-quote (') character is allowed. Additions for AstLinux 1.1.0: ============================= Released 2013-02-07 ** IMPORTANT NOTICE -- "via[-serial]" and "viac7[-serial]" board types will be automatically redirected to "geni586[-serial]" board types. Since the release of AstLinux 1.x using a unified kernel config across all boards, the usefulness of special "via" and "viac7" board types has been eliminated. Users do not have to do anything special, upgrading with "upgrade-run-image" or the web interface System tab is all that is required. -- "net4801" and "wrap" board types have reached end-of-life. AstLinux 1.0.6 was the last supported version. -- Current supported board types are: "geni586", "geni586-serial", "alix" and "net5501" ** System -- Linux Kernel 2.6.35.14 (minor bump) Info: http://lwn.net/Articles/453757/ -- unionfs, version bump to 2.5.11 -- e1000e version bump to 2.2.14 Intel PCI-Express PRO/1000 Ethernet Linux driver -- r8168 version bump to 8.035.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- Lua, a simple, efficient programming language is now supported, version 5.1.5. Additional Lua Modules: luafilesystem, luasocket, luaexpat, luasec More Info: http://www.lua.org/ -- perl, version bump to 5.16.2. No longer use "microperl", now using "miniperl" which is a cross-compiled version of full perl using perlcross. While compiled modules are now supported, only a limited set of perl modules are included because of our small image size design. Note: The directory "/mnt/kd/perl" will be searched for additional perl modules, such as Asterisk::AGI. Issue 'perl -V' from the CLI for more details including the --only-mod= modules. Issue 'find /usr/lib/perl -name "*.pm"' to show all installed perl modules. -- php, version bump to 5.3.21 -- sqlite, version bump to 3.7.15.2 -- mysql_client, version bump to 5.1.67 -- pciutils, version bump to 3.1.10 -- usbutils, version bump to 006 -- udev, enable use of usb.ids and pci.ids hwdb -- ethtool, version bump to 3.7 -- acpid, version bump to 2.0.17 -- tiff, version bump to 4.0.3 (security fixes: CVE-2012-3401 and CVE-2012-3386) -- pcre, version bump to 8.32 -- zlib, version bump to 1.2.7 -- libusb / libusb-compat, version bump to 1.0.9 / 0.1.4 respectively -- libpcap, version bump to 1.3.0 -- libxml2, version bump to 2.9.0 -- mac2vendor, database update -- Time Zone Database, tzdata2012j and tzcode2012j Additionally, install zone.tab and iso3166.tab, required by libical. ** Networking -- prosody, an XMPP Server supporting Messaging and Presence has been added. New XMPP_* rc.conf variables and web interface configuration support. Special thanks to Michael Keuter for the idea and development. -- prosodycmd, a new CLI command to communicate with the XMPP prosody console. With no arguments, prosodycmd establishes a telnet session to the localhost prosody console. With arguments, prosodycmd issues commands to the localhost prosody console, and exits. Example: prosodycmd 'server:uptime()' 'module:list()' More Info: http://prosody.im/doc/console -- vsftpd, version bump to 3.0.2, added new vsftpd.conf 'allow_writeable_chroot=YES' config option. Note: If you have a custom "/mnt/kd/vsftpd.conf" file the 'allow_writeable_chroot=YES' option will be automatically added to your configuration if it is missing. -- dnsmasq, version bump to 2.65 -- links, version bump to 2.7 -- tcpdump, version bump to 4.3.0 -- iptables, version bump to 1.4.17 -- OpenSSH, version bump to 6.1p1 -- libcurl (curl) version 7.28.1, security fix (CVE-2012-0036) and bug fixes -- shellinaboxd, version bump to 2.14 -- AIF traffic-shaping, the EXTDOWN variable or "Firewall -> Downlink Speed:" may be set to "0" to disable incoming (ingress) traffic shaping. -- AIF traffic-shaping, incoming (ingress) traffic shaping now uses "avrate" for more accurate shaping. Note: This new approach is somewhat more aggressive than previously, increasing the limit may be desired. ** Asterisk -- Asterisk 1.8.20.1 (version bump), Testing: 11.2.1 (version bump), Deprecated: 1.4.44 (no change) -- DAHDI, dahdi-linux 2.6.1 (no change) and dahdi-tools 2.6.1 (no change) Note: The commands 'dahdi_genconf' and 'dahdi_hardware' now work with the new installed perl. -- LibPRI, version bump to 1.4.14 -- Added Asterisk Calendar Support: CalDAV, iCalendar(.ics), MS Exchange and MS Exchange Web Service New system libraries 'neon' (libneon) and 'libical' are added to enabled this feature. -- Asterisk AGI scripts using "perl" are better supported, for example Asterisk::AGI is supported if the "/mnt/kd/perl" directory contains Asterisk.pm and Asterisk/AGI.pm . More Info: http://search.cpan.org/~jamesgol/asterisk-perl-1.03/lib/Asterisk/AGI.pm -- app_notify, previously marked as deprecated, not provided in Asterisk 11 Example Dialplan Code to replace Notify() application: http://doc.astlinux-project.org/userdoc:tt_asterisk_call_notify ** Web Interface -- XMPP Server (Prosody) is supported as a sub-tab from the Network tab: Network tab -> Network Services: XMPP Server, Messaging and Presence { Configure XMPP } More Info: http://doc.astlinux-project.org/userdoc:tt-xmpp-server -- Network and Edit tabs allow the XMPP Server to be Restarted. -- Status tab, added "Show XMPP Server Status", and can be hidden via the Prefs tab. -- OpenVPN Server sub-tab, added a new "Private Key Size:" entry, 1024 or 2048 Bits. Future generated keys/certificates will use the private key size value. -- CLI tab, fix issue with Firefox 15+ ignoring the '-' and '_' keys. (shellinaboxd related) -- Staff tab, added { Restart Asterisk } as an allowed operation. Additions for AstLinux 1.0.6: ============================= Released 2012-12-14 ** System -- RUNNIX, version bump to 0.4-5781, adds support for VMware/VirtualBox 'lsilogic' SCSI driver (CONFIG_FUSION_SPI) -- php, version bump to 5.3.19 -- sqlite, version bump to 3.7.14.1 -- mysql_client, version bump to 5.1.66, multiple bug fixes. -- r8168 version bump to 8.034.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- lm-sensors, version bump to 3.3.3 -- libsrtp, 1.4.4 patch, fix crash on rtcp_decode, Thanks Michael Keuter -- zabbix, version bump to 2.0.4, many bug fixes -- set-locale, new AstLinux specific command to manage locales stored via unionfs (ASTURW)... Usage: set-locale install xx_XX[.UTF-8] [locale_repository_url] Usage: set-locale list [locale_repository_url] Usage: set-locale remove|show Example: set-locale install de_DE Then, in /etc/asterisk/voicemail.conf, define: == charset=UTF-8 locale=de_DE.UTF-8 == Then Asterisk voicemail emails will contain dates/time in German. -- ldate, new AstLinux specific 'date' command supporting UTF-8 locales installed via set-locale. Custom generated emails and such may use 'ldate' to provide a locale specific date string. -- A console welcome message is now generated on startup, showing versions, interfaces, IP's, etc. . ** Networking -- msmtp, version bump to 1.4.30 -- lighttpd, version bump to 1.4.32, security fix (CVE-2012-5533) and bug fixes -- iptables, version bump to 1.4.16.3 -- lighttpd, add new variable PHONEPROV_ALLOW to limit access to /phoneprov/ by IP address when the directory "/mnt/kd/phoneprov/" exists. Additionally, PCRE is now enabled in lighttpd. -- AIF, version bump to 2.0.1d, new features including: == Added nat-loopback plugin for local nets using existing NAT_FORWARD_TCP and NAT_FORWARD_UDP rules. == Added outbound-snat plugin to support when a NAT'ed external interface has multiple IPv4 addresses, it may be desirable to specify which internal IP's or CIDR's use which external IPv4 addresses for outbound connections. -- AIF, add new "openvpn-server" plugin. This now provides consistency for all three VPN types. This plugin behaves just like the "ipsec-vpn" and "pptp-vpn" plugins do, they are automatically enabled/disabled when the VPN service is enabled/disabed. Additionally, the OpenVPN Server UDP/TCP and port number configuration is automatically used in the firewall rule. By default, the equivalent of the Firewall sub-tab rule: "Pass EXT->Local UDP 0/0 1194" is created by the openvpn-server plugin. The default 0/0 (AnyHost) allowed external host can be overridden with the new web interface "Network -> OpenVPN Server -> Firewall Options: External Hosts:" field (or OVPN_TUNNEL_HOSTS variable). Note: If you previously restricted OpenVPN Server external hosts, be sure to define the External Hosts: field. Additionally, any manual OpenVPN server related Firewall sub-tab rule(s) can be deleted. ** Asterisk -- Asterisk 1.8.18.1 (version bump), Testing: 11.0.2 (version bump), Deprecated: 1.4.44 (no change) -- DAHDI, dahdi-linux 2.6.1 (no change) and dahdi-tools 2.6.1 (no change) -- LibPRI, version bump to 1.4.13 -- Asterisk 11 builds now support the SILK CODEC using an x86 binary, licensed by Skype/Microsoft via Digium. -- Added patch for the wcfxo module, newer clone X100P cards support additional 'global line standard settings'. These different modes are selected with the opermode=N option set in /etc/modprobe.d/options.conf . Thanks to Frank Collingwood for the patch and info. More info: http://collingwood.me.uk/blog/index.php/adding-complex-impedance-support-to-an-x100p-fxo-card/ ** Web Interface -- Network tab, Firewall Plugins: list is now marked as: == [Active] if the plugin is currently active. == [Enabled] if the plugin will be active on next Restart Firewall. == [Disabled] if the plugin will not be active on next Restart Firewall. -- Network tab, add support for the new PHONEPROV_ALLOW variable, under Network Services: HTTP & HTTPS /phoneprov/ Allowed IP's: __________ (10.1.2.* 2001:db8:1:*) More info: http://doc.astlinux-project.org/userdoc:tt_ip_phone_provisioning -- Network tab, add new, Network Services: Asterisk SIP-TLS Server Certificate { SIP-TLS Certificate } This new sub-tab creates TLS certificates similar to what the Asterisk "ast_tls_cert" script does. After clicking { Create New }, the following Asterisk sip.conf settings will enable SIP-TLS support. == sip.conf == tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/mnt/kd/ssl/sip-tls/keys/server.crt tlsprivatekey=/mnt/kd/ssl/sip-tls/keys/server.key tlscipher=ALL tlsclientmethod=tlsv1 == Then for each applicable sip.conf peer add "transport=tls" and optionally "encryption=yes" for SRTP. More info: https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial -- OpenVPN Server sub-tab, add External Hosts field to support the new AIF openvpn-server plugin. The External Hosts field may contain a space separated list of IP addresses or CIDR's. By default, 0/0 allows any external host to access the OpenVPN Server. -- Status tab, updated "Show Licenses" information. Additions for AstLinux 1.0.5: ============================= Released 2012-10-20 ** System -- php, version bump to 5.3.17 (security fixes: CVE-2012-2688 and CVE-2012-3365) -- bash, version bump to 4.1.11 -- sqlite, version bump to 3.7.14 -- spandsp, version bump to 0.0.6pre21 -- e1000e version bump to 2.1.4 Intel PCI-Express PRO/1000 Ethernet Linux driver -- r8168 version bump to 8.032.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- zabbix, version bump to 2.0.2, zabbix_proxy support added and IPv6 support enabled New variables have been added to support zabbix_proxy, see /stat/etc/rc.conf for details. Note: enabling zabbix_proxy requires a remote zabbix_server version 2.x Added support for zabbix_agentd Include= if the file /mnt/kd/zabbix_agentd.userparams.conf exists. -- The default limit of the /var tmpfs size is increased from 5 MB to 10 MB. /tmp remains at 10 MB. -- Now uses 'devtmpfs' mounted by the kernel for /dev . ** Networking -- msmtp, version bump to 1.4.29, and add new variable SMTP_HOST_DOMAIN which when defined sets the hostname used by the SMTP EHLO (or LMTP LHLO) command, the default is to use 'localhost'. -- netsnmp, version bump to 5.7.1 (LTS) (security fix: CVE-2012-2141) and IPv6 support enabled -- stunnel, version bump to 4.53, fixed crash on termination. Fixed permissions issue so running as 'nobody' now always works. Added new variables to support both inbound servers and now also outbound clients. New variables: STUNNEL_SERVERS, STUNNEL_CLIENTS, STUNNEL_SERVER_CERT and STUNNEL_CLIENT_CERT Deprecated (but still work) variables: STUNNELSERVS and STUNNELCERT -- fping, new ping-like command, fping and fping6 version 3.4. Required for proper zabbix_proxy support. More info: http://fping.org/ -- pppoe, version bump to 3.11 -- ntp, when ntpd fails to startup, often when the server is unreachable, it will now automatically retry via a background process after 2 minutes, and again every 5 minutes until successful. ** Asterisk -- Asterisk 1.8.16.0 (version bump), 1.4.44 (no change) -- DAHDI, dahdi-linux 2.6.1 (no change) and dahdi-tools 2.6.1 (no change) -- wanpipe, version bump to 3.5.28 ** Web Interface -- Add support for Zabbix 2.0: == Network tab -> Network Services: Zabbix Monitoring: { Configure Zabbix } == Status tab -> Zabbix Monitoring Status - when Zabbix is enabled. == Network, Edit and Zabbix tabs allow Zabbix to be Restarted. == System tab -> View System Files: allows both Agent and Proxy log files to be viewed. == Zabbix sub-tab allows Monitoring to be disabled without deleting the Server entry. Note: For existing Zabbix configurations via user.conf, update by first clicking { Configure Zabbix } from the Network tab, the existing Zabbix settings should be automatically imported. Then click { Save Settings } in the Zabbix sub-tab to save them. Finally edit your user.conf file via { Edit User Variables } from the Network tab and remove all Zabbix variable definitions, and click { Save Changes } . -- Network and Edit tabs allow Stunnel Proxy to be Restarted. -- Users tab, honors a new Prefs tab -> "Users Tab Options": ___ Remove User Voicemail Data when User is Deleted When checked, the user's local file voicemail storage will be removed when a user is deleted. -- Voicemail tab, now automatically creates the "Old" voicemail folder if it doesn't exist. -- Edit tab, if unsaved edits exist a dialog will warn the user before leaving. -- Status and Prefs tab, add support for a custom Asterisk command. The Name and custom Asterisk command are defined in the Prefs tab. -- Status and Prefs tab, add support for Adaptive Ban Plugin Status. -- Status and Prefs tab, the "Latest System Logs" section in the Status tab can now be hidden via the Prefs tab. Additionally a new feature "Hide Log Words" in the Prefs tab is a list of space separated "words" that if matched on a log line it will not be displayed. For example: Hide Log Words: dnsmasq crond Will not display dnsmasq or crond log entries. Note: The regex special characters of '.' and '*' are honored in the "words", and the character matching is not case sensitive. Additions for AstLinux 1.0.4: ============================= Released 2012-08-04 ** System -- php, version bump to 5.3.14 (security fixes: CVE-2012-1823, CVE-2012-2311 and CVE-2012-2143) -- mysql_client, version bump to 5.1.63, security fixes. -- sqlite, version bump to 3.7.13 -- libxml2, version bump to 2.8.0, (security fixes: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3919 and CVE-2012-0841) -- e1000e version bump to 2.0.0.1 Intel PCI-Express PRO/1000 Ethernet Linux driver -- r8168 version bump to 8.031.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- setconsole-speed-tty, new command to change the serial console speed/tty, not only currently but also automatically after upgrades. Usage: setconsole-speed-tty [ show|reset|help ] 9600|19200|38400|57600|115200 [ ttySn ] More info: http://doc.astlinux-project.org/userdoc:tt_serial_console_speed_tty ** Networking -- OpenSSL, version bump to 0.9.8x (security fixes: CVE-2012-2333) -- lighttpd, version bump to 1.4.31 -- AIF, version bump to 2.0.1c plus upstream r647 and r650 patches. -- radvd, version bump to 1.9.1, now uses libdaemon to fix a previous issue. -- miniupnpd, new package added to support Universal Plug'n'Play for both NAT-PMP and UPnP. Much thanks to David Kerr for performing the majority of the work required to implement miniupnpd. WARNING: Enabling either NAT-PMP or UPnP has security implications! More info: http://doc.astlinux-project.org/userdoc:tt_universal_plug_play -- IPsec XAuth, new rc.conf variable IPSECM_XAUTH_LOCAL_GW which defines a client local gateway for IPsec XAuth clients, defaults to INTIP. Remote IPsec XAuth clients then use INTIP (or IPSECM_XAUTH_LOCAL_GW) as the Asterisk server, any AstLinux-local server for that matter. -- mtr, new command, network diagnostic tool that is a fancy screen-based traceroute + ping combo. Try it: mtr google.com -- dhcpdump, new command to help debug DHCP packets, useful for IP phones and provisioning. Example: dhcpdump -i eth1 -h '^00:15:65' Monitor DHCP packets on interface 'eth1' for MAC addresses starting with 00:15:65 (Yealink phones) ** Asterisk -- Asterisk 1.4.44 and 1.8.14.1 -- DAHDI, dahdi-linux 2.6.1 and dahdi-tools 2.6.1 -- libPRI, upstream patch, Add layer 2 persistence option to customize the layer 2 behavior on BRI PTMP lines. Thanks to Michael Keuter. http://svnview.digium.com/svn/libpri?view=revision&sortby=log&revision=2273 -- wanpipe, version bump to 3.5.27 -- rhino, version bump to 0.99.6b2, Rhino PCI card support is now (again) enabled in the standard, default builds. -- (Custom Build Only) fonulator, new package to support the installation and configuration of the Redfone foneBRIDGE (PRI-to-Ethernet bridge) using TDM-over-Ethernet to Asterisk. Much thanks to Michael Keuter for performing the majority of the work required to implement fonulator. More info: http://doc.astlinux-project.org/userdoc:fonebridge -- safe_asterisk script, add restart limits so endless restarts/emails won't be generated -- cdr-sqlite3, if the directory "/mnt/kd/cdr-sqlite3" exists, the master.db file will be placed on persistent storage at "/mnt/kd/cdr-sqlite3/master.db". ** Web Interface -- Network -> Firewall sub-tab added features: == New 'Pass LAN->EXT' and 'Pass DMZ->EXT' rule actions. Useful when broad 'Deny LAN->EXT' or 'Deny DMZ->EXT' rule actions are also defined, or with the new Default Policies feature with "Deny". == New options to define the outbound Default Policies for LAN->EXT and DMZ->EXT. Note: The defaults are 'Pass LAN->EXT' and 'Pass DMZ->EXT' -- MeetMe tab, added a new MeetMe tab to manage Conferences. The Prefs tab allows the MeetMe tab to be shown, as well as supporting MeetMe Tab Options. Special thanks to James Babiak for the blueprint. -- Universal Plug'n'Play support added: == Status tab shows "Universal Plug'n'Play Leases" section when the miniupnpd daemon is enabled. == Network tab allows "Universal Plug'n'Play" to be enabled and restarted. == Edit tab allows "Universal Plug'n'Play" to be restarted. Additions for AstLinux 1.0.3: ============================= Released 2012-05-25 ** System -- e1000e version bump to 1.10.6 Intel PCI-Express PRO/1000 Ethernet Linux driver -- r8168 version bump to 8.029.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- lm-sensors, version bump to 3.3.2 -- sqlite, version bump to 3.7.11 ** Networking -- OpenSSL, version bump to 0.9.8w (security fixes: CVE-2012-0884, CVE-2011-4619, CVE-2012-2110 and CVE-2012-2131) -- Added rc.conf variables EXTIP_ALIAS and EXT2IP_ALIAS to support alias (virtual) external interfaces for static addressing. See /stat/etc/rc.conf for more details. -- IPsec Mobile, added support for XAuth, specifically support for Apple iOS IPsec VPN client. Special thanks to Ingmar Schraub for demonstrating how this could be done. Example IPsec VPN for Apple iOS: (AstLinux 1.0.3 and later) http://doc.astlinux-project.org/userdoc:tt_ipsec_vpn_apple_ios -- OpenVPN Server, added optional support for User/Pass authentication in addition to the certificate. -- lighttpd (configuration), added a new feature when the directory "/mnt/kd/phoneprov/" exists. After a reboot, both HTTP and HTTPS will be served from that directory provided the URL directory path begins with /phoneprov/ . Independent from the general HTTP/HTTPS root directory(s). Example IP Phone provisioning: (AstLinux 1.0.3 and later) http://doc.astlinux-project.org/userdoc:tt_ip_phone_provisioning -- AIF, version bump to 2.0.1b -- inadyn (Dynamic DNS), add support for pairNIC, use DDSERVICE="default@pairnic.com" -- inadyn (Dynamic DNS), ZoneEdit, allow an error code of 702 'Too many updates' as a valid response, essentially the same as a 707 response. Otherwise it will fail to run if it was recently updated. -- iproute2 (ip, tc) change to version 2.6.35 to match our kernel, previously iproute2 2.6.39. -- iptables, version bump to 1.4.13 ** Asterisk -- Asterisk 1.4.44 and 1.8.11.1 -- DAHDI, dahdi-linux 2.6.0 and dahdi-tools 2.6.0 Note: dahdi_hfcs is now supported in this release for Asterisk 1.8 builds. Note: Rhino PCI card support is no longer enabled in the standard, default builds. Rhino support may be enabled via a custom build, automatically forcing DAHDI 2.5.x -- wanpipe, version bump to 3.5.25, DAHDI 2.6.x support -- (Custom Build Only) added support for mysql modules: cdr_mysql, app_mysql and res_config_mysql Enable by setting: BR2_PACKAGE_MYSQL_CLIENT=y -- (Custom Build Only) added support for app_voicemail module with IMAP_STORAGE Enable by setting: BR2_PACKAGE_UW_IMAP=y ** Web Interface -- Network tab, added IPsec Mobile XAuth support, which adds improved VPN client interoperability. -- Network tab, added OpenVPN Server User/Pass support, which adds an optional layer of authentication. -- Network tab, added dynamic DNS Service Type: pairNIC -- Prefs tab and CDR Log tab, added support for Display 'uniqueid' CDR value -- Prefs tab and Speed Dial tab, added support for Digits: '00 to 999' -- Firewall sub-tab, for [ NAT EXT->LAN ] and [ NAT EXT->DMZ ] actions, allow to restrict the NAT to a single IPv4 external address. When an IPv4 address is defined, NAT EXT: |_________| in the NAT EXT: text field, only packets arriving on the external interface with that destination IPv4 address will be NAT'ed by the rule. This feature allows multiple public IPv4 addresses to be individually NAT'ed to private internal addresses by port or range of ports. The default value, 0/0 (or empty), remains as previous, any packet arriving on the external interface will be NAT'ed by the rule. -- Firewall sub-tab, the Protocol menu now includes an ICMP entry, useful when NAT'ing. Note that all ICMP types will be allowed. Additions for AstLinux 1.0.2: ============================= Released 2012-02-27 ** System -- php, version bump to 5.3.10 (security fixes: CVE-2011-4885, CVE-2011-4566, CVE-2012-0830) -- e1000e version bump to 1.9.5 Intel PCI-Express PRO/1000 Ethernet Linux driver -- r8168 version bump to 8.028.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- vmxnet3, VMware Ethernet Linux driver is now a kernel module that must be included in /etc/rc.modules to be enabled. -- unionfs, version bump to 2.5.9.2 -- pciutils, version bump to 3.1.9 -- usbutils, version bump to 004 -- ethtool, version bump to 3.2 -- libpcap, version bump to 1.2.1 -- apcupsd, version bump to 3.14.10 -- spandsp, version bump to 0.0.6pre20 -- dialog, version bump to 1.1-20111020 -- zlib, version bump to 1.2.6 -- tiff, version bump to 3.9.5 -- jpeg, version bump to 8d -- sqlite, version bump to 3.7.10 -- zabbix, version bump to 1.8.10 -- sudo, version bump to 1.7.8p1 -- ex-vi (vi), increase the maximum columns supported from 160 to 320 columns. Also support Page-Up and Page-Down keyboard keys. ** Networking -- OpenSSL, version bump to 0.9.8t (security fixes: CVE-2012-0050/CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577 and CVE-2011-4619) -- OpenVPN, version bump to 2.2.2 -- iptables, version bump to 1.4.12.2 -- msmtp, version bump to 1.4.27 -- ntpd/sntp, version bump to 4.2.6p5 -- stunnel, version bump to 4.52 -- iftop, version bump to 1.0pre2 -- p910nd, version bump to 0.95 -- links, version bump to 2.5 -- tcpdump, version bump to 4.2.1 -- nc, enable netcat 1.10 compatibility, see Asterisk app_notify below for more info. -- dnsmasq, added rc.conf variable LOCALDNS_LOCAL_DOMAIN to enable/disable local-only lookups for DOMAIN. See /stat/etc/rc.conf for more details. -- Add support for environment variables, http_proxy, https_proxy and ftp_proxy via rc.conf variables using HTTP_PROXY, HTTPS_PROXY and FTP_PROXY respectively. This effects commands such as curl and wget that honor these environment variables. -- testmail, new comand to test SMTP settings and report basic configuration. Usage: testmail TO_email_address [ FROM_email_address ] ** Asterisk -- Asterisk 1.4.43 and 1.8.9.2 -- DAHDI, dahdi-linux 2.5.0.2 and dahdi-tools 2.5.0.2 Note: zaphfc is not supported in this release since zaphfc does not support DAHDI 2.5.x an upcoming release will support dahdi_hfcs using DAHDI 2.6.x -- wanpipe, version bump to 3.5.24, build libsangoma, DAHDI 2.5.x support The Sangoma BRI/Hybrid cards A500 + B700 are now supported via DAHDI -- rhino, version bump to 0.99.5b1, DAHDI 2.5.x support -- app_notify, mark as deprecated, offer replacement code, to be removed in AstLinux 1.1.x or so Example Dialplan Code to replace Notify() application: (AstLinux 1.0.2 and later) http://doc.astlinux-project.org/userdoc:tt_asterisk_call_notify ** Web Interface -- Prefs tab and System tab, if the "Repository URL:" has not been defined (ex. initial configuration), the default value will be based on the installed Asterisk version. -- Status tab, DAHDI Status can display Sangoma status commands "wanrouter status" or "wanrouter summary" if defined in Prefs tab -> DAHDI Status Command -- Network tab, added support for LOCALDNS_LOCAL_DOMAIN variable, 'Local Domain' -- Network tab, added "Test SMTP Mail Relay" sub-tab located by "Outbound SMTP Mail Relay:". The "To Email:" and "From Email:" addresses may be specifed, defaulting to existing settings from the Network tab. The test email does not use the mail queue, any error results are displayed. Clicking "Test SMTP Mail Relay" will automatically "Save Settings" and the msmtp settings will be automatically applied when "Send Test Email" is clicked. Additions for AstLinux 1.0.1: ============================= Released 2012-01-14 ** System -- IDE drives are now handled via 'libata', so all drives appear as /dev/sd[a-h] By default, DMA is disabled on CF drives, but enabled on disk drives. It is recommended to upgrade to the latest RUNNIX which now functions the same way. Note: This fixes a boot issue with HP Thin Client T5710 hardware -- RUNNIX, version bump to 0.4-5339 -- set-kcmd, new command to set libata.dma=N kernel option values, type 'set-kcmd' without an argument to see the options supported. -- upgrade-run-image, now propagates the libata.dma=N kernel option on upgrades. -- Removed DMA_DEV variable support, given the new libata.dma=N kernel support. -- sqlite, version bump to 3.7.9 -- ethtool, version bump to 3.0 -- nano, version bump to 2.3.1 -- dosfstools, version bump to 3.0.12 -- acpid, version bump to 2.0.14 -- Time Zone Database, tzdata2011n and tzcode2011i ** Networking -- AIF, version bump to 2.0.1 Note: This version of AIF offers much better sanity checking for firewall input variables, so existing configurations could possibly now display a warning when the firewall is restarted. If so, via the CLI "arno-iptables-firewall restart" will now clearly show which variable is improperly formatted. -- lighttpd, version bump to 1.4.30, security fix -- stunnel, version bump to 4.44, fix to generate proper default PID file -- dnsmasq, version bump to 2.59 -- ipsec-tools, version bump to 0.8.0 -- iptables, version bump to 1.4.12.1 ** Asterisk -- Asterisk 1.4.43 and 1.8.8.1 -- Add support for the iLBC CODEC in Asterisk ** Web Interface -- Status tab, added "Jabber Status" section. Enabled via Prefs tab "Show Jabber Status". -- Updated AstLinux Packages License Information. Additions for AstLinux 1.0.0: ============================= Released 2011-12-16 ** IMPORTANT NOTICE -- AstLinux 1.0 is a major upgrade from the previous 0.7 series. Most notable is much newer: Linux Kernel, BusyBox and supporting packages. In addition the C Library is generated via eglibc, which is binary compatable with other glibc executables. Glibc compatibility adds support for binary addons, such as Digium's G.729 CODEC, among others. -- Features no longer supported in AstLinux 1.0 == Native Wireless (WiFi) is no longer supported. == mISDNv1, chan_misdn is no longer supported due to the newer kernel. == The astmanproxy package is no longer supported. == The sfdisk command removed and tftpd now supported via dnsmasq. -- The RUNNIX bootloader, version 0.4 is required. The easiest is to start fresh with an AstLinux 1.0 flash image, containing both the new RUNNIX bootloader and AstLinux 1.0 core. In addition users may upgrade existing systems with both runnix-0.4 and Astlinux 1.0, see documentation. -- Buildroot 2011-08 and Crosstool-NG 1.12.3 are the foundation of the AstLinux 1.0 build platform. ** System -- Linux Kernel 2.6.35.13 (major bump) -- e1000 version 8.0.35 and e1000e version 1.6.3 Intel PRO/1000 Ethernet Linux drivers -- r8168 version 8.025.00 RealTek PCI-Express Gigabit Ethernet Linux driver -- SMP is enabled for geni586 and geni586-serial boards, SMP is not enabled for all other boards for the best performance. Custom builds may enable/disable SMP for any board. -- BusyBox version 1.18.5 -- ex-vi (vi) version 050325, replaces BusyBox vi -- acpid, version 2.0.7 -- libpcap, version 1.1.1 -- libusb, version 1.0.8 -- libxml2, version 2.7.8 -- module-init-tools (modprobe) version 3.12 -- nano, version 2.2.6 -- pciutils, version 3.1.7 -- sqlite, version 3070603 -- udev, version 173 -- usbutils, version 003 -- zabbix, version 1.8.8, added rc.conf variable support, setting ZABBIX_SERVER will enable zabbix with defaults. See /stat/etc/rc.conf for more options. -- beep, version 1.3, new command that allows tone sequences to be generated on the board. A new rc.conf variable, ALERT_SOUNDS allows sounds to be generated for startup and/or shutdown for geni586 and geni586-serial boards. -- rc.local.stop, added support for optional /mnt/kd/rc.local.stop script, if the script exists and executable it will be one of the first scripts to run when the box is restarted or halted. ** Networking -- shellinaboxd, revision 239, added to provide CLI (Command Line Interface) 'login' via a web browser using "https://pbx/admin/cli/" and a new CLI tab in the web interface. This feature is disabled by default. -- lighttpd, version 1.4.29, added new variables, HTTP_ACCESSLOG and HTTPS_ACCESSLOG to control if http(s) access is logged or not. By default no access logging, a change from previous versions. -- curl (libcurl) version 7.21.7 -- iproute2 (ip, tc) version 2.6.39 -- iptables, version 1.4.12 -- msmtp, version 1.4.25 -- ntpd/sntp, version 4.2.6p4 -- netsnmp, version 5.6.1 -- radvd, version 1.8.3 -- rsync, version 3.0.8 ** Asterisk -- Asterisk 1.4.42 and 1.8.7.1 -- DAHDI, dahdi-linux 2.4.1.1 and dahdi-tools 2.4.1 -- LibPRI 1.4.12 -- Jabber/GTalk support added, res_jabber and chan_gtalk built for Asterisk 1.4/1.8 plus chan_jingle for Asterisk 1.8 -- Added zaphfc DAHDI driver for single port HFC ISDN cards, included in Asterisk 1.8 ** Web Interface -- Added "CLI Tab", Show/Hide in Prefs tab. Requires 'admin' permissions. The new Network tab option "CLI Proxy Server" must be enabled for the CLI tab to function. If it is prefered to have the "shellinabox" in a new windows, use the Prefs tab "External CLI Link" option and define it to 'https://localhost/admin/cli/'. -- Network tab, added support for HTTP_ACCESSLOG and HTTPS_ACCESSLOG variables. -- Edit tab, Active DNSmasq Leases file, "/mnt/kd/dnsmasq.leases" may be editied. -- Prefs and System tab, make http://mirror.astlinux.org/ast18-firmware-1.x the default Repository URL. -- Prefs tab, new option General Options -> External CLI Link. When defined with a URL, typically something like "ssh://root@pbx", a "CLI" link will appear at the upper-rightmost of all pages with 'admin' privileges. A special case, a host of '@localhost' will be replaced with the same host as the web interface. Note: Not all browsers on all operating systems support the ssh:// URL type. ========================================================= === ChangeLog Information for AstLinux 0.7 === === === ChangeLog.txt ========================================================= Additions for AstLinux 0.7.10: ============================== Released 2011-10-23 ** System -- Add "shutdown" command to call Busybox reboot and poweroff commands. -- apcupsd, version 3.14.9, a daemon for APC UPS's, supporting monitoring and powerfail shutdown. USB, ethernet and serial cables are supported. The configuration will be auto-generated using the variables UPSTYPE, UPSCABLE and UPSDEVICE. If the file "/mnt/kd/apcupsd/apcupsd.conf" exists it will be used as a manual configuration. Read-only supporting scripts are localed in the "/stat/etc/apcupsd/" directory, but may be superseded by custom scripts located in the "/mnt/kd/apcupsd/" directory. Email alerts will be sent if UPS_NOTIFY contains one or more email addresses. UPS_NOTIFY_FROM may be optionally set to define the From: email header. -- php, major version bump to 5.3.8, including the same modules as in previous versions. -- bridge-utils, (brctl) version bump to 1.5, added hairpin support. ** Networking -- AIF, core version bump to 2.0.0c -- pptpd, fix to maintain other ppp chap-secrets while starting/stopping PPTP Server. This fixes an issue when enabling both PPPoE and PPTP Server. -- OpenSSH, version bump to 5.8p2, security fixes. -- sshd, fixed an issue when both a persistent /root (ie. "/mnt/kd/root/" directory exists) and the "/mnt/kd/ssh_keys/" directory exists. The "/root/.ssh/authorized_keys" file no longer gets appended with the "/mnt/kd/ssh_keys/" if "/root/.ssh/authorized_keys" already exists. -- sshd, add support for root user keys, which permits publickey authentication for outbound ssh sessions as user 'root'. The directory "/mnt/kd/ssh_root_keys/" is automatically created and populated with id_dsa and id_ecdsa public/private keys. These keys are automatically copied to the "/root/.ssh/" directory if they don't already exist. -- pppoe, add "/usr/sbin/pppoe-restart" script called by the web interface or manually via cron if necessary. A new variable, PPPOE_RESTART_DELAY is supported. -- OpenVPN, version bump to 2.2.1, bug fixes. -- lighttpd, version bump to 1.4.29, ssl improvements. -- curl, version bump to 7.21.7, many bug fixes and two security fixes. -- radvd, version bump to 1.8.1, bug fixes and new features. ** Asterisk -- Asterisk 1.4.42 and 1.8.6.0 ** Web Interface -- Add support for APC UPS Monitoring and Shutdown. The Status tab displays info and recent UPS events. The Prefs tab may hide the Status tab section if desired. The Network tab adds a "APC UPS Monitoring & Shutdown" section to configure options. If the file "/mnt/kd/apcupsd/apcupsd.conf" exists a { UPS Configuration } button will be displayed instead to manually edit the configuration. Email notifications will be sent if "Notify Email Addresses To:" is defined with one or more email addresses. "Notify Email Address From:" is optional. Note: A USB configuration requires an empty "Device:" field. -- Network and Edit tabs, add "Restart UPS Daemon" in the Restart menu. -- Edit tab adds support for editing "/etc/asterisk/includes/*.conf" files. -- System tab, include the "/mnt/kd/ssh_keys/" directory (containing public ssh keys automatically added to /root/.ssh/authorized_keys) in a Basic Configuration Backup and Restore. -- Status and Network tab, Restart PPPoE uses "/usr/sbin/pppoe-restart" if available. Additions for AstLinux 0.7.9: ============================= Released 2011-07-14 ** System -- statserial, new command that displays a table of the signals on a standard 9-pin or 25-pin serial port, and indicates the status of the handshaking lines. It can be useful for debugging serial ports, for example external voicemail indicators for Asterisk. -- touch, fix an issue with the -t option. ** Networking -- AIF, adaptive-ban plugin, add support for 'Dialplan Noted Suspicious IP Address' syslog -- lighttpd, add 'server.name' directive to the autogenerated lighttpd.conf so the PHP value of $_SERVER['SERVER_NAME'] is properly defined. This fixes a couple minor cosmetic issues in the web inteface. -- inadyn (Dynamic DNS), added a patch to make 'getip' more compatible with various web servers. Added both Host: and User-Agent: headers following the GET to obtain the public IP address. ** Asterisk -- Asterisk 1.4.42 and 1.8.4.4 -- Asterisk-gui, version bump to SVN 5217 -- LibPRI 1.4.12 for all Asterisk versions -- asterisk-sip-monitor, new feature to optionally monitor Asterisk SIP trunks and peers. Additionally, asterisk-sip-monitor-ctrl is used to start/stop asterisk-sip-monitor. See: MONITOR_ASTERISK_SIP_TRUNKS and MONITOR_ASTERISK_SIP_PEERS variables in /stat/etc/rc.conf ** Web Interface -- Network tab, "Safe Asterisk & SIP Monitoring" (previously "Safe Asterisk") adds the following: Monitor SIP Trunks: |___| Monitor SIP Peers: |___| A "SIP FAILURE" email will be generated when a trunk/peer goes offline and a "SIP OK" email will be generated after all trunks/peers return online. Monitor SIP Status Emails following SIP Failure Email: [ disabled/enabled ] When enabled, any trunk/peer status change will generate an email until the "SIP OK" email. == Example: Status tab, SIP Trunk Registrations: chiv1.voippath.com:5060 xxxx 135 Registered Sat, 21 May 2011 10:21:11 inbound18.bigtel.net:5060 xxxx 45 Registered Sat, 21 May 2011 10:22:42 Monitor SIP Trunks: | chiv1.voippath.com inbound18.bigtel.net | == Example: Status tab, SIP Peer Status: voippath/homer-simpson 64.x.x.xx 5060 OK (67 ms) bigtel-inbound/homer1 64.x.x.xx 5060 Unmonitored bigtel-outbound/homer1 64.x.x.xx 5060 OK (42 ms) Monitor SIP Peers: | voippath bigtel-outbound | == Note: Only peers with qualify=yes may be monitored. -- Users tab, honors a new Prefs tab -> Users Tab Options: ___ Hide Passwords for Voicemail Users Mailboxes When checked, mailbox passwords are not displayed in the Users tab list. -- System tab and Edit tab adds support for viewing/editing files in "/mnt/kd/docs/". The AstLinux system does not use these files, but is intended for general and site-specific documentation added by the administrator. Additions for AstLinux 0.7.8: ============================= Released 2011-05-18 ** System -- Linux Kernel 2.6.27.57 (minor bump) -- unionfs, version bump to 2.5.9 -- RUNNIX, version bump to 0.3.3, including a new "CF + USB Combo Booting" feature. More info: http://doc.astlinux-project.org/userdoc:tt_cf_usb_combo_booting -- Upgrades performed with either the upgrade-run-image CLI command or via the web interface adds a new feature of automatically propagating certain KCMD options. In particular, KCMD options: noram, rootdelay=, and reboot= are added to the new os/astlinux-xxxx.run.conf file on upgrades if the option(s) existed in the previous os/astlinux-xxxx.run.conf file. -- Timezone, tzcode2011g and tzdata2011g ** Networking -- Change web server to lighttpd 1.4.28 from mini_httpd. Also support fastcgi for PHP. -- dnsmasq, version bump to 2.57, IPv6 TFTP support and bug fixes. -- AIF, core version bump to 2.0.0b -- AIF, adaptive-ban plugin, add support for 'lighttpd' analysis type. -- AIF, dyndns-host-open plugin, re-written for AstLinux. Provides EXT->Local firewall 'host-open' rules using hostnames (via periodic DNS lookups) rather than static IP addresses. Should the hostname resolve to multiple IPv4 addresses, a rule for each address will be opened. IPv4 only. Note: If users had made the previous dyndns-host-open plugin work by adding a CRON, etc., there is no CRON necessary with the new dyndns-host-open plugin. -- tftpd server, always use dnsmasq for the tftpd server. Backward compatibility is maintained for the deprecated 'tftpd' and 'inetd' values for the TFTPD variable. -- ftpd server, always use vsftpd standalone for the ftpd server. Backward compatibility is maintained for the deprecated 'inetd' value for the FTPD variable. -- vsftpd, version bump to 2.3.4, bug fixes. -- stunnel, version bump to 4.35, add IPv6 support. Note: The STUNNELSERVS variable now uses a tilde (~) delimiter instead of the previous colon (:). -- OpenSSL, version bump to 0.9.8r (security fixes: CVE-2010-4252, CVE-2010-4180 and CVE-2011-0014) ** Asterisk -- Asterisk 1.4.41 and 1.8.4 Note: A known problem exists with Cisco 79xx SIP phones not registering https://issues.asterisk.org/view.php?id=18951 -- DAHDI, version bump to dahdi-linux 2.4.1.1 and dahdi-tools 2.4.1 -- wanpipe, version bump to 3.5.19 -- wanpipe, include "wan_ec_client" utility to support hardware echo cancellation -- Asterisk 1.8 build, include ast_tls_cert script for SIP TLS configurations https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial -- Asterisk-gui, version bump to SVN 5209 ** Web Interface -- Internal changes to support lighttpd with fastcgi PHP. -- Network tab, add HTTP/HTTPS _x_ Allow Listing for HTTP_LISTING and HTTPS_LISTING variables. Removed deprecated, mini_httpd related, HTTP/HTTPS user permissions options. -- Network tab, FTP and TFTP Servers now only have 'disabled' and 'enabled' options. -- Prefs tab, add support for HTTP-only voicemail/monitor playback while the connection is HTTPS. Some devices, such as iOS, currently require media connections to be HTTP. Additionally, with the change to lighttpd in this version, any iOS device may play Voicemail and Monitor recordings via the web interface. -- System tab, added support for Russian core sound files. -- Status tab, added DAHDI Status and Hardware Monitoring sections. Enable via the Prefs tab. -- Network tab, allow passwords for PPPoE, SMTP and Dynamic DNS to contain special characters. Additions for AstLinux 0.7.7: ============================= Released 2011-03-03 ** System -- No changes ** Networking -- OpenSSH, version bump to 5.8p1. Security fix and ECDSA key support. Note: If a /mnt/kd/sshd.conf file exists to manually generate /etc/ssh/sshd_config, the previous UseQoS option must be renamed to IPQoS, otherwise sshd will fail to start. Fortunately the default is to automatically generate /etc/ssh/sshd_config using IPQoS. -- iftop, version bump to 1.0pre1, IPv6 support and bug fixes. -- Added pptpd, PPTP VPN support. Added AIF pptp-vpn plugin. -- AIF, adaptive ban plugin, added 'pptpd' analysis type. -- dnsmasq, the default dynamic DHCP address range is reduced to .100-.220 in order to leave room for possible PPTP VPN addresses. As always, setting the DHCPRANGE variable overrides the default range. ** Asterisk -- Asterisk 1.4.40 and 1.8.3 -- Asterisk-gui, added patch to configure OSLEC echo canceler. Thanks Rob Hillis. ** Web Interface -- Added PPTP VPN sub-tab to the Network tab VPN Type. Various other tweaks for PPTP VPN support. Additions for AstLinux 0.7.6: ============================= Released 2011-02-12 ** System -- php5, version bump to 5.2.17 -- Added mac2vendor package, providing "Vendor Name" from an ethernet MAC address or autoconf IPv6 address. -- perl (microperl) fixed to properly locate library with a few basic modules now included. ** Networking -- msmtp, version bump to 1.4.23 ** Asterisk -- Asterisk 1.4.39.1 and 1.8.2.3 -- Added optional safe_asterisk 'wrapper' customized for AstLinux. When enabled, if asterisk were to crash, asterisk will be automatically restarted, optionally notifying via email. -- DAHDI, dahdi-linux 2.4.0 and dahdi-tools 2.4.0 -- rhino, version bump to 0.99.4rc1 with DAHDI 2.4 compatibility -- wanpipe, version bump to 3.5.18 with DAHDI 2.4 compatibility. Additionally, configuration utilities wancfg and wancfg_dahdi are now supported. -- dahdi-linux, add dahdi_echocan_oslec support. Enable by adding 'dahdi_echocan_oslec' to the DAHDIMODS variable. -- Asterisk-gui, version bump to SVN 5154 ** Web Interface -- Status tab, DHCP Leases, added Vendor information derived from the MAC address if available. -- System tab, added 'RUNNIX Bootloader Upgrade' support. -- Network tab, added 'Safe Asterisk' support and email notifications on asterisk crash. -- Added search support particularly for Yealink Phones in the phone-dir.php script (thanks Rob Hillis) Additions for AstLinux 0.7.5: ============================= Released 2011-01-05 ** System -- Added 'upgrade-RUNNIX-image' command, see ADDENDUM below -- Added support for more SATA devices, and allow booting to a SATA device, see ADDENDUM below -- Fixed a rare condition, a dirty filesystem required a reboot, but the reboot did not happen -- Added support for alternate console keyboard mappings. If the file os/console.kmap exists on the vFAT boot partition and a non-serial console is used, both RUNNIX and AstLinux will use the keyboard map. For more info: http://doc.astlinux-project.org/userdoc:tt_console-kmap -- dosfstools, version bump to 3.0.10 -- php5, version bump to 5.2.16 ** Networking -- IPsec, added IPsec Mobile (Road-Warrior) support, allowing remote peers with dynamic IP addresses. -- IPsec, added certificate support to IPsec Peers (racoon VPN type) -- Dynamic DNS client, add support for DNS-O-Matic, use DDSERVICE="default@dnsomatic.com" -- AIF, version bump to 2.0.0a -- AIF, traffic-shaper plugin, added SHAPER_P2P_HOSTS variable to specify hosts (local or remote) that all outbound traffic will be given the lowest priority. A local file server backing up remotely would be an example. -- p910nd, version bump to 0.94 ** Asterisk -- Asterisk 1.4.36 and 1.8.1.1 -- Added 'bfdetect' CLI command that detects a Beronet Berofix card -- mISDN/mISDNuser, update to use Digium's supported version 1.1.3 in their thirdparty repository ** Web Interface -- Added IPsec Mobile sub-tab accessed via the Network tab, VPN Type. -- IPsec Peers sub-tab adds certificates, Phase 1/Phase 2 lifetimes, and Auto-Establish-IP options. -- Network tab, add DNS Service Type: DNS-O-Matic -- Status tab, add "Runnix Release:" information -- Added XML directory support for Yealink Phones in the phone-dir.php script (thanks Rob Hillis) ** ADDENDUM ** The AstLinux bootloader, RUNNIX, has been updated to runnix-0.3.2, previously runnix-0.2.1. This is considered an 'optional' upgrade at this time, and AstLinux 0.7.5 does not require runnix-0.3.2. If you currently have problems booting with a SATA drive, or just want the latest features, after you upgrade to 0.7.5, and with internet connectivity, you may upgrade RUNNIX from the CLI by typing: $ upgrade-RUNNIX-image check (if the response looks good, then type) $ upgrade-RUNNIX-image upgrade (patiently wait, do not interrupt) After a reboot, you will see the text below, you have 5 seconds to type a character, otherwise the normal boot will automatically proceed. ################################## # RUNNIX - AstLinux bootloader # ################################## runnix) RUNNIX boot (default) shell) Run shell instead of booting ssh) Run shell and enable ssh instead of booting xrunnix) Use previous RUNNIX image (if any) memtest) Run Memtest86+ v4.10 Additions for AstLinux 0.7.4: ============================= Released 2010-11-26 ** System -- Compiled with gcc-4.2 -- Fixed uClibc DNS resolver code that caused a segmentation fault on certain lookups -- added FIRSTRUN default runlevel to help automate version to version upgrades -- added jpeg, tiff and spandsp support for Fax2Mail functionality -- added libxml2 support for XML Documentation functionality in Asterisk 1.8 -- added libsrtp support for Secure-RTP (SRTP) functionality in Asterisk 1.8 -- updated zlib (libz) to version 1.2.5 -- updated libpri to versions 1.4.11.5 and 1.4.12-beta3 ** Networking -- IPv6 support, allowing routing/firewalling for mixed IPv4/IPv6 as well as providing IPv6 services -- AIF 2.0.0 for mixed IPv4/IPv6 support and bug fixes -- IPv6 6in4-static and 6to4-relay tunnel support over IPv4 -- radvd 1.6 with added init.d script support -- msmtp, added 'mime-pack' script to create MIME attachments to pass to 'sendmail -t' -- made ntpd IPv4-only to solve problems with IPv6 -- mini_httpd, fix bug where the HTTPCGI variable value was ignored -- IPsec, added IPv6 support, version bump to ipsec-tools 0.7.3 -- vsftpd, version bump to 2.3.2 -- sshd, use rc.conf variables to automatically generate sshd_config (as previously) unless /mnt/kd/sshd.conf exists, then manually generate sshd_config using that file. -- OpenVPN, version bump to 2.1.4 (bug fix) -- OpenSSL, version bump to 0.9.8p (security fix) ** Asterisk -- Asterisk 1.4.36 and 1.8.0 -- bump Asterisk-gui to SVN 5120 -- Added support for English (Australian Accent) core sound files, en_AU. ** Web Interface -- Firewall sub-tab, added IPv6 support, added new protocol support, added new rule actions. -- Network tab, added IPv6 support for External and Internal interfaces, tunnel support -- DNS Forwarder Hosts sub-tab, allow IPv6 addresses -- System tab, added support for English (Australian Accent) core sound files, english-au. -- System tab and Staff tab, Configuration/File Backup, when including unionfs files, the asterisk sounds and moh files will not be included in the backup. -- Status tab, added a License: "Show Licenses" link to the new Licenses sub-tab. Additions for AstLinux 0.7.3: ============================= Released 2010-09-29 ** System -- Linux Kernel 2.6.27.49 (minor bump) -- PHP 5.2.14 (security and bug fixes) -- p910nd mDNS support via P910ND_ADNAME0 rc.conf variable. ** Networking -- DNSmasq 2.55 (bug fixes and new features) -- hostap 0.7.2 -- curl 7.21.0 (bug fixes and new features) -- OpenSSH 5.6p1 (security and bug fixes) -- OpenSSL 0.9.8o (security and bug fixes) -- OpenVPN 2.1.2 (bug fixes and new features) -- msmtp 1.4.21 (minor bug fixes) -- tzdata2010l; tzcode2010l (updates) ** Asterisk -- Asterisk 1.4.36 (bug fixes) -- LibPRI 1.4.11.4 ** Web Interface -- OpenVPN Server and OpenVPN Client adds "QoS Passthrough" support. Additions for AstLinux 0.7.2: ============================= Released 2010-05-08 ** System -- Added persistent mail queue for msmtp, msmtpqueue. The msmtpqueue command, without arguemnts (or -p) will display the current mail queue. The persistent mail directory is /mnt/kd/mail/ . Mail sent via sendmail will use the queue. Mail sent directly via msmtp will not use the queue. -- Added show-union command. Usage: show-union [ system kd asterisk_sounds all ] Without arguments (or system) the unionfs (ASTURW partition) system files will be displayed. Useful for troubleshooting and determining if base files are superseded with unionfs files. -- Fixed a configuration issue with the sftp server ** Networking -- Firewall, Arno's iptables script v1.9.2k -- Firewall, Adaptive Ban Plugin is added. The operation is similar to how fail2ban ( www.fail2ban.org ) functions by constantly inspecting the syslog file for failed authentication attempts and remote IP address for common services. When the number of log failures exceed a preset number, the IP address will be banned, and all traffic will be dropped from the banned host. Supported services: sshd, asterisk and mini_httpd ** Asterisk -- Asterisk 1.4.31 (Asterisk 1.6.2.7 with a custom build) (bug fixes) -- DAHDI, dahdi-linux 2.3.0 and dahdi-tools 2.3.0 -- upgrade-asterisk-sounds, support Digium's new MOH file names in their repository ** Web Interface -- Network tab adds SMTP Encryption support via TLS/STARTTLS and SSL/SMTP -- Network and Edit tab, the {Reboot/Restart} and {Reload/Restart} buttons have a new menu item [ Restart SMTP Mail ]. When acted upon, the SMTP settings will be applied without requiring a reboot. -- Prefs tab, the "Distinguished Name" section adds 'Country', 'State/Province', and 'Locality' Name entries. This effects future certificates that are created. If the entries are empty, default values of C=US, ST=Nebraska, L=Omaha will be used. -- Voicemail tab, if both .wav (PCM) and .WAV (GSM) voicemail files are created, the better quality and more commonly supported .wav (PCM) file will be played. Additionally, the Prefs tab adds support for the inline HTML5 tag. -- Added small, transparent AstLinux logo to all pages. Custom branding can be achieved by replacing the logo in common/logo-small.gif which must be width="113" height="23", or it will be scaled to that. Custom GIF's with white backgrounds should be made transparent for best results. -- A new Prefs tab option, under "Directory Tab Options:" ___ Require Authentication for Directory Tab When unchecked (the default), anyone can view the Directory tab. Additions for AstLinux 0.7.1: ============================= Released 2010-03-26 ** System -- Linux Kernel 2.6.27.42 (minor bump) -- Timezone, tzcode2010c and tzdata2010e -- PHP 5.2.13 (security and bug fixes) -- p910nd 0.93 (improved performance over wireless) ** Networking -- Firewall, Arno's iptables script v1.9.2j (upgraded traffic shaper) -- NTP 4.2.4p8 (security fix) -- OpenVPN 2.1.1 (major upgrade, backward compatible settings for the most part) -- OpenSSH 5.4p1 -- DNSmasq 2.52 (bug fixes and new features) -- hostap 0.7.1 ** Asterisk -- Asterisk 1.4.30 (bug fixes) -- DAHDI, dahdi-linux 2.2.1 and dahdi-tools 2.2.1 -- Asterisk Sounds Packages are no longer included in the base image, instead a new script "upgrade-asterisk-sounds" is included to manage core, extra and moh sounds. By default, the URL http://downloads.asterisk.org/pub/telephony/sounds is used retrieve the sounds packages. A private URL may also be used with the same file format. ** Web Interface -- System tab adds the "Asterisk Sounds Packages" section where sounds and moh sound packages may be upgraded/installed or removed. The Sounds Pkg URL used to retrieve the files can be defined in the Prefs tab. The script "upgrade-asterisk-sounds" is used to do the work. Additions for AstLinux 0.7.0: ============================= Released 2010-01-18 ** System -- Linux Kernel 2.6.27.29 -- Embedded i586 support: net4801, net5501, wrap, alix, via, viac7 and generic geni586. -- TZ_TIMEZONE variable no longer needs to be defined, it is now automatically derived via the TIMEZONE variable data. -- LED status light support for all applicable embedded platforms. -- Watchdog support for all applicable embedded platforms with WDMODULE="auto". -- OCF hardware acceleration for applicable embedded platforms. -- Curl is now standard, along with Asterisk func_curl(). -- Many, many build environment enhancements to generate this goodness. ** Networking -- Firewall (Arno's iptables script v1.9.2g): Much improved from previous v1.8.x series. -- IPsec: Additional configuration options. Automatic firewall integration via a plugin. -- OpenVPN: Added OpenVPN client support to the existing OpenVPN server. Additional configuration options for both client and server. Automatic firewall integration. -- The concept of single interface PBX-only mode has been removed, the firewall and DNS forwarding may now be enabled with a single (external) interface. Dnsmasq is now always started. -- Now defaults to always using local DNS cacheing via dnsmasq. -- Dynamic-DNS now uses a patched version of inadyn, which fixes a ZoneEdit problem and adds support for allowing the public IP address to be obtained from the EXTIF interface. -- astfw has been removed ** Asterisk -- Asterisk 1.4.29 (Asterisk 1.6.2.1 available with custom build) -- DAHDI 2.2.0.2 replaces ZAPTEL (ZAPTEL still available with custom build) -- DEVICE_STATE Backport, http://www.asterisk.org/node/48325 ** Web Interface -- Many coordinated changes to Arno's Firewall and the Firewall sub-tab. -- dialproxy.php script added. The purpose is to trigger a call by first dialing a selected extension, when answered, the script completes and an outgoing call is initiated to the num= number. The actionlist "DIALPROXY-value" key is used to define the extension and options. A call could be triggered by any application which can call an URL, for example: $ curl --insecure "https://pbx/dialproxy.php?num=2223334444&ext=value" The actionlist "DIALPROXY-value" key provides the security to limit access, disabled by default. -- IPsec Configuration sub-tab supports the new IPSEC_PSK_ASSOCIATIONS v2 format. The previous IPSEC_PSK_ASSOCIATIONS v1 format will be automatically imported. -- Integrate the CDR Log tab to the Caller*ID tab by adding links in the CID Number column to the Caller*ID tab. -- Integrate the Caller*ID tab to the Blacklist and Whitelist tabs by adding Blacklist:NUM and Whitelist:NUM links to the respective tabs. -- Added Actionlist Tab. The asterisk astdb database is used with family "actionlist". 'admin' and 'staff' users can access the Actionlist tab. The Actionlist tab is a more general variation of the Blacklist and Whitelist tabs, requiring asterisk support via the extensions.conf dialplan. -- CDR Log tab has been redesigned to support multiple 'pages' that can easily be viewed. The number of most recent CDR records to view and page size can be defined. Currently up to 5000 records may be viewed, 5x greater than previously. -- The OpenVPN server credentials adds a README.txt file documenting the credential files. The automatically generated password to the PKCS#12 file is contained in the README.txt file. -- Network tab adds support for Dynamic DNS "DNS Get IP Address". AstLinux 0.7 uses a patched version of inadyn that optionally supports obtaining the public IP address from the external interface. The default method remains querying getip.krisk.org . -- The "ZoneEdit [generic]" has been removed since it is no longer required to work around an inadyn problem. The ZoneEdit item should work for all ZoneEdit users. -- The Edit tab now groups the editable files in three sections, System Configuration, Asterisk Configuration and Firewall Plugins. More system files are editable. -- The Network tab now supports the Arno firewall with a single, external interface. The firewall can now be enabled or disabled, regardless of the number of internal interfaces. -- Network tab now supports the selection of either [DNS & DHCP] or [DNS only] for each internal network. This applies to internal networks with interfaces defined. -- The System tab has a new option "Restore Basic Configuration". Any Backup download that is 8 MBytes or smaller can be used to restore the configuration of basic settings. -- A new OpenVPN Client sub-tab has been added to the Network tab. Both OpenVPN client and server are now fully supported in the web interface. -- General layout changes and improvements. More web interface info at: http://lonnie.abelbeck.com/astlinux/altweb-changelog.txt