[FireBrick-Announce] 1.48.101 Avarelli

Adrian Kennard a at k.gg
Sat Jun 23 06:32:10 BST 2018


Sorry it has taken so long, but the ACME release is finally issued.



Release notes from Factory release 1.47.100 to Factory release 1.48.101

ACME

Install root certificates for use with Let's Encrypt and ACME
Better error logging
Full ACME system to work with Let's Encrypt
BGP

Updates BGP refresh options including sending refresh request
Additional BGP shutdown subcodes added
Some additional debug for BGP
Config

Config top level attributes now include username and ip of last update
Config top level attributes now include serial number and version, but
normal edit screen no longer has xmlns and xsi
IP groups can now reference subnets by name (including DHCP client subnets)
Crypto

New key generation logic in place for ACME and related functions
Avoid crash soon after startup following auto key generation
Ethernet

Fix crash on packet reception when collecting entropy
Firewall

Added a block/prefix mapping feature to firewall logic
https

Self signed certificates as fallback for initial set up via https
IP

Increase pending ARP cache and drop if overloaded rather than sending
spurious ICMP errors
IPv6

Change some logic to reduce use of 2002:: 6over4 address usage as source
addresses where possible
L2TP/RADIUS

Tweaks to expected timeouts on RADIUS (e.g. for L2TP or session
steering) and change default to min timeout 2 seconds total
More control of RADIUS timeouts for ad-hoc RADIUS from RADIUS response
for L2TP session steering
Improve outgoing L2TP handling where target is hostname
Logging

Change to outgoing email timeout (spam scans and the like can take a
while) RFC5321 4.5.3.2
Colour on web log not always correct
Monitoring

LED faults (open/short-circuit) are now reported in UI/CLI monitoring
section and logged to flash
OS

Fix occasional lockup/crash during stream processing
PPP

Send NAK asking for MD5 on receipt of non MD5 CHAP request
RADIUS

RADIUS client allowing fixed source-ip, and for ad-hoc L2TP steering
uses L2TP source IP if set
Fix L2TP relay steering RADIUS min/max timeouts (5/20 not 20/5)
RNG

Additional stats for entropy collection
UI monitoring

Fix incorrect display of negative temperature
VoIP

Fix nc to 1 as we don't store/re-use nonce values. Some systems don't
just look for duplicates but actually expect a 1
Not picking up media started until something that is not perfect silence
is sent as some systems do that!
Better handling of overlapping INVITE replies where server is very slow
or over long latency links
VRRP

Config check for duplicate VRRP MAC in use on different interfaces
Web control pages

Change layout of rule-set
Changed logic for self signed certificates, and made more transient in
certificate store
Limit number of self signed certificates to reduce clutter, and avoid
possible "make millions of certificates" attacks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.firebrick.co.uk/archive/lists.firebrick.co.uk/firebrick-announce/attachments/20180623/63580a15/attachment.sig>


More information about the FireBrick-Announce mailing list