<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-1x.git/src/system, branch rolling</title>
<subtitle>VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-1x.git/atom?h=rolling</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-1x.git/atom?h=rolling'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/'/>
<updated>2026-06-15T15:24:03+00:00</updated>
<entry>
<title>password-reset: T8985: Fix unbounded `sed` ranges corrupting other user blocks</title>
<updated>2026-06-15T15:24:03+00:00</updated>
<author>
<name>Oleksandr Kuchmystyi</name>
<email>o.kuchmystyi@vyos.io</email>
</author>
<published>2026-06-15T14:00:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=e3b946e34b109406f38bfa5f78eb9a2ec7502bc9'/>
<id>urn:sha1:e3b946e34b109406f38bfa5f78eb9a2ec7502bc9</id>
<content type='text'>
`sed` ranges keyed on a field name (`plaintext-password`, `encrypted-password`,
`authentication {`) are not bounded to the target user's block. When the
field is absent the range stays open past the user's closing brace and
matches the first occurrence of that field in a later account.
</content>
</entry>
<entry>
<title>password-reset: T8346: Fix password recovery when only `plaintext-password` is set</title>
<updated>2026-06-04T10:47:11+00:00</updated>
<author>
<name>Oleksandr Kuchmystyi</name>
<email>o.kuchmystyi@vyos.io</email>
</author>
<published>2026-06-03T12:11:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=1e4be728442a782e3dbfaa877104e879c9022f61'/>
<id>urn:sha1:1e4be728442a782e3dbfaa877104e879c9022f61</id>
<content type='text'>
When a user account was provisioned with only `plaintext-password` (e.g.
via cloud-init), the password recovery tool failed to persist the new
password across reboots. On the next boot, VyOS would re-apply the
`plaintext-password` from config.boot, silently overwriting the recovered
encrypted password.
</content>
</entry>
<entry>
<title>snmp: T8538: Persist engineBoots counter across reboots</title>
<updated>2026-05-22T14:50:22+00:00</updated>
<author>
<name>Oleksandr Kuchmystyi</name>
<email>o.kuchmystyi@vyos.io</email>
</author>
<published>2026-05-19T09:09:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=81e8f14c5b9b322a998e6530184b07e9e9187ff5'/>
<id>urn:sha1:81e8f14c5b9b322a998e6530184b07e9e9187ff5</id>
<content type='text'>
Per RFC 3414 section 2.2 (Replay Protection), the `snmpEngineBoots`
counter must be stored in non-volatile storage and incremented on
every snmpd restart. VyOS was not persisting this value, causing
it to reset to 1 after every reboot.

SNMP managers cache the engineBoots value from previous sessions.
When VyOS resets the counter to 1 after reboot, managers reject
incoming SNMPv3 trap packets as "too old", producing errors such as:

```
  usm: Message too old.
  reboot count invalid
```

This change introduces `/config/snmp/engineboots.count` as a disk-backed
persist file and it uses to sync the counter into snmpd's conf
before the daemon starts.
</content>
</entry>
<entry>
<title>T8410: Fix typos and mistakes for comments and messages</title>
<updated>2026-03-27T15:00:17+00:00</updated>
<author>
<name>Viacheslav Hletenko</name>
<email>v.gletenko@vyos.io</email>
</author>
<published>2026-03-27T14:43:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=139b0841f8242a5c6ebdafb37380c1fb78342aae'/>
<id>urn:sha1:139b0841f8242a5c6ebdafb37380c1fb78342aae</id>
<content type='text'>
Fix typos and mistakes
No functional changes
</content>
</entry>
<entry>
<title>update-check: T7945: Improve reliability during early boot and error handling</title>
<updated>2026-02-10T13:29:06+00:00</updated>
<author>
<name>Oleksandr Kuchmystyi</name>
<email>o.kuchmystyi@vyos.io</email>
</author>
<published>2026-02-10T13:29:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=8262f78e0013291f747203e0b3768bb412bf1aed'/>
<id>urn:sha1:8262f78e0013291f747203e0b3768bb412bf1aed</id>
<content type='text'>
During early boot not all resources are ready for HTTP request, so
`vyos.version.get_remote_version` may fail once and the update check is then
delayed for 12 hours, leaving the router unaware of updates.

Fix by adding retries/backoff and improved error handling so transient startup
network failures don't suppress update checks for the next interval.
</content>
</entry>
<entry>
<title>misc: T8008: remove the last remnants of pmacct</title>
<updated>2025-11-12T16:29:05+00:00</updated>
<author>
<name>Daniil Baturin</name>
<email>daniil@baturin.org</email>
</author>
<published>2025-11-12T16:27:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=b327ec35caac1d62bda15144dcc14727b4b63c6a'/>
<id>urn:sha1:b327ec35caac1d62bda15144dcc14727b4b63c6a</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Merge pull request #4739 from roedie/T7852</title>
<updated>2025-10-02T14:27:19+00:00</updated>
<author>
<name>Daniil Baturin</name>
<email>daniil@vyos.io</email>
</author>
<published>2025-10-02T14:27:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=55a95ce60e3f4f32316875dca37ee96b323671f4'/>
<id>urn:sha1:55a95ce60e3f4f32316875dca37ee96b323671f4</id>
<content type='text'>
T7852: Switch to yescrypt password encryption</content>
</entry>
<entry>
<title>kea: T7854: Use helper for Kea VRF systemd units</title>
<updated>2025-09-23T17:55:17+00:00</updated>
<author>
<name>sarthurdev</name>
<email>965089+sarthurdev@users.noreply.github.com</email>
</author>
<published>2025-09-23T13:23:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=cdf9fe4c9cfd4572c49207936c2304162e91e7b1'/>
<id>urn:sha1:cdf9fe4c9cfd4572c49207936c2304162e91e7b1</id>
<content type='text'>
</content>
</entry>
<entry>
<title>T7852: Switch to yescypt for password encryption</title>
<updated>2025-09-20T19:43:09+00:00</updated>
<author>
<name>roedie</name>
<email>github@roedie.nl</email>
</author>
<published>2025-09-20T19:43:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=44e12a001b21d6e0250466e252d61c805ba004df'/>
<id>urn:sha1:44e12a001b21d6e0250466e252d61c805ba004df</id>
<content type='text'>
Accidentally slipped in 2 whitespace corrections
</content>
</entry>
<entry>
<title>Merge pull request #4508 from davi2367/vrf-dhcp</title>
<updated>2025-08-19T14:25:31+00:00</updated>
<author>
<name>Daniil Baturin</name>
<email>daniil@vyos.io</email>
</author>
<published>2025-08-19T14:25:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=731e2193322867a89b8ea2c2fd755c174149e9b3'/>
<id>urn:sha1:731e2193322867a89b8ea2c2fd755c174149e9b3</id>
<content type='text'>
kea: T6211: add VRF support for KEA dhcp server</content>
</entry>
</feed>
