NEWS

5.1.0
-----


5.0.0
-----

* Based on latest OpenWrt 19.07 and Linux 4.14
* New features for reForis including remote control and snapshots integration
* Add secondary DNS servers and enable TLS for Google DNS
* Replaced Vixie-cron with cronie
* Webapps: Forward to HTTPS if possible
* Updater: Drop compatibility for releases before v4.0-beta2
* MOX: I2C-1 on GPIO pinheader is now enabled

4.0.6
-----

* updater: fix packages provides and modify virtual packages behavior
* kernel: updated to version 4.14.167
* zerotier: add /etc/config/zerotier as configuration file
* avrdude: fix GPIO path building
* mbedtls: updated to version 2.16.4
  Fixes: CVE-2019-18222
* tiff: updated to version 4.1.0
  Fixes: CVE-2019-14973, CVE-2019-17546, CVE-2019-7663, CVE-2019-6128

4.0.5
-----

* Based on the latest OpenWrt 18.06.6
* kernel: update to version 4.14.162
* python3: update to version 3.6.10
* wget: fix CVE-2019-5953
* unbound: update to version 1.9.6
* php7: update to version 7.2.26
  Fixes: CVE-2019-11044, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11050
* nano: update to version 4.7
* openssl: update to version 1.0.2u
* bird: update to version 1.6.8
* reforis: update to the latest development version, adds openvpn-plugin
* ffmpeg: update to version 4.0.5
  Fixes: CVE-2019-12730, CVE-2019-17539, CVE-2019-17542
* e2fsprogs: fix CVE-2019-5094
* christmas: removed from default installation

4.0.4
-----

* Not found

4.0.3
-----

* Merry Christmas!
🔔🔔🔔
* kernel: updated to version 4.14.158
* foris-controller-subordinates-module: limit custom name length
* tvheadend: ensure the first setup works
* libvpx: fix CVE-2019-9232, CVE-2019-9325, CVE-2019-9371, CVE-2019-9433
* git: updated to version 2.16.6, fix multiple CVEs

4.0.2
-----

* Based on the latest OpenWrt 18.06.5
* added missing hardening package list
* fixed autodetection of router address in Foris OpenVPN
* irssi: updated to version 1.2.2, fix CVE-2019-15717
* sudo: updated to version 1.8.28p1, fix CVE-2019-14287
* bind: updated to version 9.11.13, fix CVE-2019-6477
* openldap: updated to version 2.4.48, fix CVE-2019-13565
* kernel: updated to version 4.14.156
* libpcap: updated to version 1.9.1, fix CVE-2019-1516{1,2,3,4,5}
* tcpdump: updated to version 4.9.3, fix multiple CVEs
* python: updated to version 2.7.17
* php7: updated to version 7.2.25, fix CVE-2019-11043, CVE-2019-11042
* mariadb: updated to version 10.4.10, fix CVE-2019-2974, CVE-2019-2938
* foris: updated to version 100.6
* foris-controller: updated to version 1.0.6
* python[3]-cryptography: fix CVE-2018-10903
* ustream-ssl: CVE-2019-5101, CVE-2019-5102
* unbound: updated to version 1.9.5, fix CVE-2019-18934
* haproxy: updated to version 1.8.23, fix CVE-2019-19330
* lxc: fix CVE-2019-5736
* tor: updated to version 4.1.6
* nano: updated to version 4.6
* libiconv: updated to version 1.16
* enable RTC NVMEM access for Turris 1.x
* luci-compat, lmdb: new packages

4.0.1
-----

* include eeprom drive in Omnia medkits (used in some tests)
* fix reForis dependencies
* expat: updated to version 2.2.9, fix CVE-2018-20843, CVE-2019-15903
* python[2,3]: fix CVE-2019-16056, CVE-2019-16935
* libgcrypt: fix CVE-2019-13627
* mosquitto: updated to version 1.5.9, fix CVE-2019-11779
* python-crypto: fix CVE-2013-7459 and CVE-2018-6594
* security fix for Foris translation
* unbound: update to version 1.9.4, fix CVE-2019-16866
* haveged: update to version 1.9.8
* nextcloud: update to version 16.0.5
* nano: update to version 4.5
* python3-pip: fix shebang

4.0
---

* experimental support for multiple drives in storage plugin
* hostapd: fix CVE-2019-16275
* zmq: fix CVE-2019-13132
* django: updated to version 1.8.19, fix CVE-2018-753{6,7}

4.0-beta11
----------

* mariadb: updated to version 10.4.8

4.0-beta10
----------

* haveged: updated to version 1.9.6
* keepalived: update to version 1.4.5, fix CVE-2018-19115
* lighttpd: updated to version 1.4.54, fix CVE-2019-11072
* libarchive: updated to version 3.4.0, multiple CVE fixes
* bind: updated to version 9.11.10, multiple CVE fixes
* dovecot: updated to version 2.2.36.4, fix CVE-2019-7524
* pigeonhole: updated to version 0.4.24.2, fix CVE-2019-11500
* nano: updated to version 4.4
* unbound: updated to version 1.9.3
* nextcloud: updated to version 16.0.4
* bzip2: fix CVE-2019-12900
* wget: fix CVE-2018-20483
* wolfssl: fix CVE-2018-16870, CVE-2019-13628
* iptables: fix CVE-2019-11360
* tar: fix CVE-2018-20482, CVE-2019-9923
* musl: fix CVE-2019-14697
* patch: fix CVE-2019-1363{6,8}
* apinger: updated to the latest git revision
* speedtest-netperf: new package

4.0-beta9
---------

* golang: fix for CVE-2018-1687{3,4,5}, CVE-2019-6486
* squid: update to version 3.5.28
* foris: fix AttributeError password_set

4.0-beta8
---------

* nextcloud: updated to version 16.0.3
* mariadb: updated to version 10.4.7
* unbound: updated to version 1.9.2
* nodogsplash: updated to version 4.0.1
* libaio: updated to version 0.3.112
* libdouble-conversion: updated to version 3.1.4
* subversion: fix for CVE-2018-11782, CVE-2019-0203, CVE-2018-11803
* kernel: fix for CVE-2019-3846, CVE-2019-3900

4.0-beta7
---------

* python3: updated to version 3.6.9
* python2: updated to version 2.7.16
* python{2,3}: fix for CVE-2018-20852

4.0-beta6
---------

* Based on latest OpenWrt 18.06.4
* Fixed Foris error manifesting in network tab in some configurations
* irssi: CVE-2019-13045
* asterisk{13,15}: fix AST-2019-003

4.0-beta5
---------

* Initial support for Nextcloud setup from Foris
* Storage plugin is now part of the base installation
* Added CESNET feed with Nemea
* znc: CVE-2019-12816
* Fixed kernel panic sometimes occurring on Omnia

4.0-beta4
---------

* foris: fixed issue when English was the only language
* php7: updated to 7.2.17
* libxml2: updated to 2.9.9, fixed CVE-2018-14404
* hostapd: fixed CVE-2019-949{4,5,6,7,8,9}, CVE-2019-11555
* block-mount: fix restart of fstab service

4.0-beta3
---------

* improved netboot to support remote management
* syslog-ng service stop fix
* updater: packages removal happens now at the same time as packages installation
* fosquitto: simplified init and respawn
* knot 2.7.7
* kernel: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479

4.0-beta2
---------

* New implementation of dev-detect which does not depend on Pakon (experimental)
* Fixed default encryption method for passwd from package shadow. Reset your
  system user's passwords (including root) if you set them by passwd.
* LXC fixes for systemd based hosts
* Foris: packages lists UI reworked
* Foris: improved "no link" message in WAN tab
* Netmetr: fixed initial setup
* Nextcloud: dropped duplicate Referrer-Policy and updated to 16.0.1
* Commit hash replaced with router name in banner
* Suricata updated to version 4.0.7
* kmod-usb2 is now part of base installation
* ACL enabled for BTRFS
* libxslt: CVE-2019-11068
* prosody: CVE-2018-10847
* python-urllib3: CVE-2019-9740, CVE-2019-11324

4.0-beta1
---------

* New version of updater-ng with completely rewritten network backend which
  dramatically decreases memory consumption during update.
* Fixed problem in updater-supervisor which caused updater to behave as
  deactivated even if user set it otherwise.
* Nextcloud updated to latest version (15.0.7)
* Fixed crash on time tab in Foris on devices without Wi-Fi
* switch-branch now reinstalls all packages on branch switch to mitigate problems
  when switching to and from HBD (OpenWRT master <-> OpenWRT 18.06).
* Default setting of IPv6 in Foris is now DHCPv6
* Fixed IPv6 prefix delegation in default installation
* Foris now correctly displays steps in initial setup guide
* Fix rainbow in Luci on Omnia
* Do not use ath10k-ct on Omnia
* Improved LXC support and fixes (some issues still remain)
* System logs and lograte changed to limit logs size
* Added basic support for Turris OS 3.x migration
* Python3 updated to 3.6.8
* Repository path on repo.turris.cz changed (in compatible way)
* Production addresses for CZ.NICs ODVR including DNS over TLS support

4.0-alpha5
----------

* Fixed Foris updater tab crash on new installation
* Fixed crash when Pakon was invoked with empty database
* libssl2 CVE fixes
* Mozilla IOT gateway updated to 0.6.0
* added uboot mkimage package
* Nextcloud updated to 15.0.5
* fixed some issues with peridot and sfp

4.0-alpha4
----------

* Fixed compilation of Tvheadend that was missing in alpha3
* Fixed problem with notifications containing _() if no language was installed
* atsha204 fix for potential security issue

4.0-alpha3
----------

* Added support for Mox OTP (command mox-otp)
* Fixed LEDs on Omnia (rainbow)
* SFP on Omnia can be now used by changing used device tree
* Updater-ng should now require less memory to update system
* Domains of DHCP clients in DNS were fixed
* Various packages updates and new Luci theme called Rosy

4.0-alpha2
----------

* Based on latest OpenWRT 18.06.2
* New Updater configuration (requires updater reconfiguration!)
* Packages lists cleaned up and some unmaintained ones were dropped
* New version of Foris with new backend bus based on MQTT
* Upstream versions for some primary packages were backported
* Fixed compilation for most of the packages
* And other small fixes in a lot of system utilities

4.0-alpha1
----------

* Rebased on latest OpenWRT
* Turris 1.x migrated to musl libc