From 1e4b9ef5ef13581c8f8f1db3bfa9d39e859dd5e6 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 29 Nov 2020 12:50:36 +0100 Subject: release-notes: update with 1.2.5, 1.2.6 and 1.2.6-S1 release --- docs/appendix/releasenotes.rst | 158 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 156 insertions(+), 2 deletions(-) diff --git a/docs/appendix/releasenotes.rst b/docs/appendix/releasenotes.rst index d2601c2c..f08786a0 100644 --- a/docs/appendix/releasenotes.rst +++ b/docs/appendix/releasenotes.rst @@ -6,6 +6,160 @@ Release notes 1.2 (Crux) ========== +1.2.6-S1 +-------- + +1.2.6-S1 is a security release release made in September 2020. + +Resolved issues +^^^^^^^^^^^^^^^ + +VyOS 1.2.6 release was found to be suspectible to CVE-2020-10995. It's a low- +impact vulnerability in the PowerDNS recursor that allows an attacker to cause +performance degradation via a specially crafted authoritative DNS server reply. + +* `2899 `_ remote syslog server migration error on update + +1.2.6 +----- + +1.2.6 is a maintenance release made in September 2019. + +Resolved issues +^^^^^^^^^^^^^^^ + +* `103 `_ DHCP server prepends shared network name to hostnames +* `125 `_ Missing PPPoE interfaces in l2tp configuration +* `1194 `_ cronjob is being setup even if not saved +* `1205 `_ module pcspkr missing +* `1219 `_ Redundant active-active configuration, asymmetric routing and conntrack-sync cache +* `1220 `_ Show transceiver information from plugin modules, e.g SFP+, QSFP +* `1221 `_ BGP - Default route injection is not processed by the specific route-map +* `1241 `_ Remove of policy route throws CLI error +* `1291 `_ Under certain conditions the VTI will stay forever down +* `1463 `_ Missing command `show ip bgp scan` appears in command completion +* `1575 `_ `show snmp mib ifmib` crashes with IndexError +* `1699 `_ Default net.ipv6.route.max_size 32768 is too low +* `1729 `_ PIM (Protocol Independent Multicast) implementation +* `1901 `_ Semicolon in values is interpreted as a part of the shell command by validators +* `1934 `_ Change default hostname when deploy from OVA without params. +* `1938 `_ syslog doesn't start automatically +* `1949 `_ Multihop IPv6 BFD is unconfigurable +* `1953 `_ DDNS service name validation rejects valid service names +* `1956 `_ PPPoE server: support PADO-delay +* `1973 `_ Allow route-map to match on BGP local preference value +* `1974 `_ Allow route-map to set administrative distance +* `1982 `_ Increase rotation for atop.acct +* `1983 `_ Expose route-map when BGP routes are programmed in to FIB +* `1985 `_ pppoe: Enable ipv6 modules without configured ipv6 pools +* `2000 `_ strongSwan does not install routes to table 220 in certain cases +* `2021 `_ OSPFv3 doesn't support decimal area syntax +* `2062 `_ Wrong dhcp-server static route subnet bytes +* `2091 `_ swanctl.conf file is not generated properly is more than one IPsec profile is used +* `2131 `_ Improve syslog remote host CLI definition +* `2224 `_ Update Linux Kernel to v4.19.114 +* `2286 `_ IPoE server vulnerability +* `2303 `_ Unable to delete the image version that came from OVA +* `2305 `_ Add release name to "show version" command +* `2311 `_ Statically configured name servers may not take precedence over ones from DHCP +* `2327 `_ Unable to create syslog server entry with different port +* `2332 `_ Backport node option for a syslog server +* `2342 `_ Bridge l2tpv3 + ethX errors +* `2344 `_ PPPoE server client static IP assignment silently fails +* `2385 `_ salt-minion: improve completion helpers +* `2389 `_ BGP community-list unknown command +* `2398 `_ op-mode "dhcp client leases interface" completion helper misses interfaces +* `2402 `_ Live ISO should warn when configuring that changes won't persist +* `2443 `_ NHRP: Add debugging information to syslog +* `2448 `_ `monitor protocol bgp` subcommands fail with 'command incomplete' +* `2458 `_ Update FRR to 7.3.1 +* `2476 `_ Bond member description change leads to network outage +* `2478 `_ login radius: use NAS-IP-Address if defined source address +* `2482 `_ Update PowerDNS recursor to 4.3.1 for CVE-2020-10995 +* `2517 `_ vyos-container: link_filter: No such file or directory +* `2526 `_ Wake-On-Lan CLI implementation +* `2528 `_ "update dns dynamic" throws FileNotFoundError excepton +* `2536 `_ "show log dns forwarding" still refers to dnsmasq +* `2538 `_ Update Intel NIC drivers to recent release (preparation for Kernel >=5.4) +* `2545 `_ Show physical device offloading capabilities for specified ethernet interface +* `2563 `_ Wrong interface binding for Dell VEP 1445 +* `2605 `_ SNMP service is not disabled by default +* `2625 `_ Provide generic Library for package builds +* `2686 `_ FRR: BGP: large-community configuration is not applied properly after upgrading FRR to 7.3.x series +* `2701 `_ `vpn ipsec pfs enable` doesn't work with IKE groups +* `2728 `_ Protocol option ignored for IPSec peers in transport mode +* `2734 `_ WireGuard: fwmark CLI definition is inconsistent +* `2757 `_ "show system image version" contains additional new-line character breaking output +* `2797 `_ Update Linux Kernel to v4.19.139 +* `2822 `_ Update Linux Kernel to v4.19.141 +* `2829 `_ PPPoE server: mppe setting is implemented as node instead of leafNode +* `2831 `_ Update Linux Kernel to v4.19.142 +* `2852 `_ rename dynamic dns interface breaks ddclient.cache permissions +* `2853 `_ Intel QAT acceleration does not work + + +1.2.5 +----- + +1.2.5 is a maintenance release made in April 2019. + +Resolved issues +^^^^^^^^^^^^^^^ + +* `1020 `_ OSPF Stops distributing default route after a while +* `1228 `_ pppoe default-route force option not working (Rel 1.2.0-rc11) +* `1301 `_ bgp peer-groups don't work when "no-ipv4-unicast" is enabled. +* `1341 `_ Adding rate-limiter for pppoe server users +* `1376 `_ Incorrect DHCP lease counting +* `1392 `_ Large firewall rulesets cause the system to lose configuration and crash at startup +* `1416 `_ 2 dhcp server run in failover mode can't sync hostname with each other +* `1452 `_ accel-pppoe - add vendor option to shaper +* `1490 `_ BGP configuration (is lost|not applied) when updating 1.1.8 -> 1.2.1 +* `1780 `_ Adding ipsec ike closeaction +* `1803 `_ Unbind NTP while it's not requested... +* `1821 `_ "authentication mode radius" has no effect for PPPoE server +* `1827 `_ Increase default gc_thresh +* `1828 `_ Missing completion helper for "set system syslog host 192.0.2.1 facility all protocol" +* `1832 `_ radvd adding feature DNSSL branch.example.com example.com to existing package +* `1837 `_ PPPoE unrecognized option 'replacedefaultroute' +* `1851 `_ wireguard - changing the pubkey on an existing peer seems to destroy the running config. +* `1858 `_ l2tp: Delete depricated outside-nexthop and add gateway-address +* `1864 `_ Lower IPSec DPD timeout lower limit from 10s -> 2s +* `1879 `_ Extend Dynamic DNS XML definition value help strings and validators +* `1881 `_ Execute permissions are removed from custom SNMP scripts at commit time +* `1884 `_ Keeping VRRP transition-script native behaviour and adding stop-script +* `1891 `_ Router announcements broken on boot +* `1900 `_ Enable SNMP for VRRP. +* `1902 `_ Add redistribute non main table in bgp +* `1909 `_ Incorrect behaviour of static routes with overlapping networks +* `1913 `_ "system ipv6 blacklist" command has no effect +* `1914 `_ IPv6 multipath hash policy does not apply +* `1917 `_ Update WireGuard to Debian release 0.0.20191219-1 +* `1934 `_ Change default hostname when deploy from OVA without params. +* `1935 `_ NIC identification and usage problem in Hyper-V environments +* `1936 `_ pppoe-server CLI control features +* `1964 `_ SNMP Script-extensions allows names with spaces, but commit fails +* `1967 `_ BGP parameter "enforce-first-as" does not work anymore +* `1970 `_ Correct adding interfaces on boot +* `1971 `_ Missing modules in initrd.img for PXE boot +* `1998 `_ Update FRR to 7.3 +* `2001 `_ Error when router reboot +* `2032 `_ Monitor bandwidth bits +* `2059 `_ Set source-validation on bond vif don't work +* `2066 `_ PPPoE interface can be created multiple times - last wins +* `2069 `_ PPPoE-client does not works with service-name option +* `2077 `_ ISO build from crux branch is failing +* `2079 `_ Update Linux Kernel to v4.19.106 +* `2087 `_ Add maxfail 0 option to pppoe configuration. +* `2100 `_ BGP route adverisement wih checks rib +* `2120 `_ "reset vpn ipsec-peer" doesn't work with named peers +* `2197 `_ Cant add vif-s interface into a bridge +* `2228 `_ WireGuard does not allow ports < 1024 to be used +* `2252 `_ HTTP API add system image can return '504 Gateway Time-out' +* `2272 `_ Set system flow-accounting disable-imt has syntax error +* `2276 `_ PPPoE server vulnerability + + 1.2.4 ----- @@ -33,7 +187,7 @@ Resolved issues * `T1578 `_ completion offers "show table", but show table does not exist * `T1593 `_ Support ip6gre * `T1597 `_ /usr/sbin/rsyslogd after deleting "system syslog" -* `T1638 `_ vyos-hostsd not setting system domain name +* `T1638 `_ vyos-hostsd not setting system domain name * `T1678 `_ hostfile-update missing line feed * `T1694 `_ NTPd: Do not listen on all interfaces by default * `T1701 `_ Delete domain-name and domain-search won't work @@ -60,7 +214,7 @@ Resolved issues * `T1800 `_ Update Linux Kernel to v4.19.84 * `T1809 `_ Wireless: SSID scan does not work in AP mode * `T1811 `_ Upgrade from 1.1.8: Config file migration failed: module=l2tp -* `T1812 `_ DHCP: hostnames of clients not resolving after update v1.2.3 -> 1.2-rolling +* `T1812 `_ DHCP: hostnames of clients not resolving after update v1.2.3 -> 1.2-rolling * `T1819 `_ Reboot kills SNMPv3 configuration * `T1822 `_ Priority inversion wireless interface dhcpv6 * `T1836 `_ import-conf-mode-commands in vyos-1x/scripts fails to create an xml -- cgit v1.2.3