1.0.0/release notes

From VyOS
Jump to: navigation, search

Overview

1.0.0 release ("hydrogen" branch) is the first release after VC6.6 source code fork.

Release date: 2013 Dec 22

Download: http://mirror.vyos.net/iso/release/1.0.0

Security

Resolved issues:

New features

Upgrade notes

Vyatta Core installations can be upgraded by usual means, with "add system image", although digital signature verification will not be possible due to missing key in default VC setup. The solution is to add the public key manually.

VyOS images added from Vyatta Core are named "VyOS" without the version part in GRUB menu. It is a cosmetic problem and does not affect functionality.

Adding Vyatta Core images from VyOS may break the boot configuration and is not supported.

CLI changes

Configuration mode

No existing configuration commands were modified or removed. For new commands see pages from "New features" section.

Operational mode

Command Status Comment
show hardware scsi [detail] Added Lists SCSI devices
show hardware usb [detail] Changed Used to be "show system usb"
show users recent Added Displays recently logged in users


Behaviour changes

  • "show system memory" now displays buffer-adjusted ("intuitive") values. Use "show system memory detail" to view detailed information.
  • Config file now can be selected at boot time with "vyos-config=/path/to/file" kernel option. See boot options documentation for details.
  • Default timezome is now UTC.
  • Default password hashing algorithm is SHA512 instead of MD5.
  • NAT and firewall monitor commands issue a warning on attempt to monitor a rule that does not have "log enable" (as monitor is searching for specific message pattern in logs, those commands do not give any results for rules with disabled logging).

Resolved issues

Bug ID Severity Title Contributor
Bug #3 Enhancement "show system memory" should show human-readable buffer/cache-adjusted figures Daniil Baturin
Bug #5 Enhancement Add Ldap/Active Directory support to webproxy Vyatta (Daniil Baturin)
Bug #24 Enhancement "show users recent" command to show recent logins Daniil Baturin
Bug #25 Enhancement Ability to use Vyatta CLI command set from within scripts, non-interactive SSH sessions, cron jobs, etc Vyatta (John Southworth, Daniil Baturin)
Bug #31 Text During ISO boot, VGA screen changes to white Daniil Baturin
Bug #51 Minor /etc/timezone is not set correctly resulting in cron using UTC rather than system time Daniil Baturin
Bug #55 Minor Recovering lost Admin Password does not work as expected Tom Martinson
Bug #56 Enhancement Add option to select config at boot time Daniil Baturin
Bug #57 Minor Ensure correct switching between release and development builds Daniil Baturin
Bug #58 Major BGP config does not load properly with peer-groups Daniil Baturin
Bug #62 Major dhcpv6-relay not configuring relay address Ubiquiti Networks (Stig Thormodsrud)
Bug #65 Enhancement Make package repos used for image build configurable Daniil Baturin
Bug #66 Enhancement Remove dependencies on libsablot Daniil Baturin
Bug #69 Enhancement "show system usb" should be "show hardware usb" Daniil Baturin
Bug #70 Enhancement Add command to view SCSI devices Daniil Baturin
Bug #76 Enhancement Add task scheduler support Daniil Baturin
Bug #77 Major CVE-2013-6075: Remote DoS and privilege escalation in StrongSWAN Martin Willi (pulled from StrongSWAN)
Bug #79 Enhancement Replace original "one repo per branch" layout with debian-like "distribution per branch" Daniil Baturin
Bug #81 Enhancement Update dhcp server version to upstream ISC, merging and reintegrating patches—Mikhail Vasiliev
Bug #89 Enhancement Unused dependencies on package vyatta-strongswan Kim Hagen
Bug #91 Enhancement Change password hashing algorithm from MD5 to SHA512 Ubiquiti Networks (Stig Thormodsrud)
Bug #92 Enhancement Change default timezone from GMT to UTC Daniil Baturin
Bug #93 Minor Set distribution in default config to the current release branch instead of 'stable' to prevent accidental upgrade to different release Daniil Baturin
Bug #95 Enhancement "monitor nat ... rule" and "monitor firewall ... rule" commands should issue a warning if logging is not enabled for that rule Daniil Baturin
Bug #96 Trivial Image version is not displayed in GRUB menu Daniil Baturin

Development environment changes

Build system now allows to select package mirrors that will be used for image build with "--with-debian-bootstrap-mirror=", "--with-debian-mirror=", and "--with-vyos-mirror=" configure options.

Maintenance releases

1.0.1

Release date: 2014 Jan 19

Download: http://mirror.vyos.net/iso/release/1.0.1

Bug ID Severity Title Contributor
Bug #98 Minor "add system image" doesn't work with HTTP redirects Daniil Baturin
Bug #113 Major Syntax error in LimiterClass.pm Chris Wadge
Bug #121 Minor Warning on "show dhcp server leases" when failover is configured Roman, Daniil Baturin

1.0.2

Release date: 2014 Feb 04

Download: http://mirror.vyos.net/iso/release/1.0.2

Bug ID Severity Title Contributor
Bug #135 Major ipsec.secrets always put 0.0.0.0 peers at top of the list Ubiquiti Networks (Stig Thormodsrud)
Bug #133 Major snmp v3 user settings lost after reboot Vyatta

Experimental VMWare OVA added.

1.0.3

Release date: 2014 May 09

Download: http://mirror.vyos.net/iso/release/1.0.3/

Security

This release fixes two security problems:

  • DSA-2922: remote DoS in StrongSWAN [1]
  • CVE-2014-2338: authentication bypass vulnerability in IKEv2 in StrongSWAN [2]

Known issues

Because of mistake in merging branches, an important fix for SSH keys fetching on AWS platform did not get into release. This will be corrected by a new maintenance release shortly.

Resolved issues

Bug ID Severity Title Contributor
Bug #144 Major VyOS configure will fail to load if using policy route with firewall groups Cesar Fazan
Bug #146 Enhancement Account RemoteIP sessions to a radius Calling-Station-Id (PPTP and and L2TP) Toni Cunyat
Bug #148 Text 'ping' does ipv6 too, but help only mentions IPv4 Mark Schouten
Bug #151 Minor "show openvpn server status" displays incorrect tunnel IPs Paul Gear
Bug #156 Minor "show version" displays "unknown kernel version" error on *-vyos kernels Daniil Baturin
Bug #157 Text "show version" displays "Intel 64bit" system type regardless of actual CPU vendor Daniil Baturin
Bug #169 Major unable to add domain to url-filterering squidguard Daniil Baturin
Bug #172 Major OpenVPN configuration failure with concatenated CA file Ryan Robertson
Bug #180 Minor save config using scp fails Hiroyuki Sato
Bug #183 Minor VTI will not be up automatic when IPsec SA up Masakazu Asama
Bug #185 Minor Conntrack logging fails to start on boot Kim Hagen
Bug #187 Text initramfs scripts suggest to report a bug to debian Daniil Baturin
Bug #199 Major DSA-2922-1: remote DoS vulnerability in StrongSWAN Tobias Brunner (pulled from StrongSWAN)
Bug #201 Minor CVE-2014-2338: authentication bypass vulnerability in IKEv2 Martin Willi (pulled from StrongSWAN)

1.0.4

Release date: 2014 June 16

Download: http://packages.vyos.net/iso/release/1.0.4/

Security

Security issues resolved:

Resolved issues

Bug ID Severity Title Contributor
Bug #207 Minor Standard packages in vyos from debian squeeze need updating Debian developers
Bug #214 Minor Tasks with h and d prefixes run more often than they should mjpcomp
Bug #217 Minor CLI allows interval values longer than the natural interval (e.g. over 60 minutes) Daniil Baturin
Bug #232 Major task-scheduler: delete on 1 task, deletes them all Stig Thormodsrud

1.0.5

Release date: 2014 September 26

Download: http://packages.vyos.net/iso/release/1.0.5/

If you are using Amazon Web Services, pick the vyos-1.0.5-amd64.iso image.

Security

Security issues resolved:

Known issues

On Amazon Web Services you may not be able to modify the config after first boot when you deploy the AMI. If you get "set failed" error in response to configuration commands, reboot the machine.

The issue does not affect subsequent operations. Will be fixed in the upcoming 1.1.0 release.