AnyRover Release Management
AnyRover V3 Changelog
Stable 2.0 / 2.1
Changes from v2.1.2 to v2.1.3 (13 jun 2024)
Bugfixes:
SCEP: fix to make SCEP renewal with TPM based cert authentication work again (broken since 2.1.0)
SCEP: remove temporary files in ramdisk in case of failure
Factory config: fix min/hour mixup in crontab example
New features:
Add support for ExFAT filesystem, used by large SD-Cards
Changes from v2.1.1 to v2.1.2 (22 may 2024)
Bugfixes:
Tools: update expat tool
Tools: Add missing modules to NetSNMP (broken since 2.1.0)
Changes from v2.1.0 to v2.1.1 (15 mar 2024)
Bugfixes:
DNS: Resolve problems because servers of previous connections are used
SSH: Message of the day is not shown
SSH: Login delay due to reverse DNS lookup
Error messages during config user login fixed
Changes from v2.0.21 to v2.1.0 (6 feb 2024)
Bugfixes:
Workaround for Sunrise CNA SIM cards require long to register to LTE home network problem
SCEP: Fix SAN quoting in one case
SCEP: Remove expiring CA certificates
SCEP: Remove certificate from TPM in case of error
New features:
Huge system update due to changing the build system to Buildroot, as used for the AnyRover V3+
Linux kernel update to v6.1.76
Bootloader update to v2020.07
Bondix S.A.NE tunnels with TPM certificates added
Local network parameter for Bondix S.A.NE tunnels added
Changes from v2.0.20 to v2.0.21 (21 jul 2023)
Bugfixes:
PPP Hooks: fix unwanted early script termination
SCEP script: Fix if SAN is IP or email address
SCEP script: improve logging in case of failure
*_target: send GPTXT messages even if no GPS receiver present
ifren: fix potential security problem
SSH: update ssh server
DHCP: Fix DHCP server starting when multiple SSID are set on one WLAN AP
New features:
Pelix: allow to send alarms with different "crit" values
Bondix: update to current client version
Add SFTP server, so current Linux systems don't need "scp -O" anymore.
Changes from v2.0.19 to v2.0.20 (6 mar 2023)
Bugfixes:
SMS: fix handling when sender is a name (Bug introduced in 2.0.19)
New features:
Support for optional Battery Backup Unit (BBU)
ADC: add support to adjust voltage values with scale and offset
PIC update: allow to specify file name with path for upd_pic.sh
show ntp: do not try to reverse lookup IP addresses
Changes from v2.0.18 to v2.0.19 (3 feb 2023)
Bugfixes:
Fix a rare case of WLAN crash
DHCP server: fix option sipsrv
SCEP: Fix DNS altname handling
Python 3.10: add lots of missing files
Modem handling: modem 2 broke when modem 1 did a restart
Phone calls: improve code and fix a case that lead to deadlock
WLAN: fix BSSID handling for AP mode
New features:
DHCP server: add option "Captive Portal", both for RFC7710 and RFC8910
Ping: modify to not abort sending pings on "Network Unreachable"
Bondix: add support for native encryption
Bondix: update to version 20230119
Changes from v2.0.17 to v2.0.18 (9 dec 2022)
Bugfixes:
SCEP client: do not quote IP address in certificate altname
*_target: fix corner case where target could be lost
DHCP server: do no tdelte lease files in /etc/udhcpd/
WLAN recovery: fix rare case where it did not wait long enough
Bondix: allow to set [cert] sections for certificates, not only files
Config: add some plausibility checks for several attributes
canbus tool: do not log "detecting ..." every 10s if no device present
New features:
add certmgr script to import and export certs and keys to and from TPM
remove dss host key, add ecdsa host key
Bondix: optimize startup script and add some plausibility checks
Bondix: update client version to 20220905
Python: update from 3.4 to 3.10.7
Curl: add support for https protocol
IPsec: add support for transport mode
SMS tool: allow to get success/failure info when sending SMS
SCEP: add hook to restart bondix tunnel on cert renewal
Changes from v2.0.16 to v2.0.17 (14 aug 2022)
Bugfixes:
Switch: Port plug in event detection fixed again (bug introduced in in 2.0.16)
GPIO: Fix event detection on GPI ports (bug introduced in in 2.0.16)
Factory config: replace default nameservers with working ones
Bonding Proxy: fix scripts to redirect traffic to proxy
DHCP server: set default lease time to 1 day, not 10 days
DHCP server: remove support for some really old options
DHCP server: some options that may appear multiple times were not handled correctly
udp_target: fix occasional connection loss
New Features:
Firewall: Enable REDIRECT target, needed for Bondix
Bondix: allow to configure bondix proxy
Changes from v2.0.15 to v2.0.16 (21 jul 2022)
Bugfixes:
Voltage control script: did not run because of missing executable flag
GPS messages: remove jitter in passing them on
Bondix: add hook scripts to restart IPsec
GPS: add plausibility check before setting time
SMS: fix parsing to allow the word "OK" to appear in messages
udhcpd: do not print error about non-existing device
Reset button: improve reliability of button event detection
OpenVPN: removed deprecated option ns-cert-type from basic file
Modem: fix occasional collision when using two modems that prevented links
Kernel: remove debug messages about out of order packages
New features:
Send information about bondix to AnyControl
OpenVPN: allow to configure HMAC algorithm
OpenVPN: allow to configure additional TLS auth key when using certificates
DHCP server: allow to configure prefix instead of netmask
DHCP server: allow to configure location of leases file
Bondix: update saneclient to version 20220524
Changes from v2.0.14 to v2.0.15 (28 jan 2022)
Bugfixes:
bondix: fix bonding proxy configuration
Startup openconnect: fix typo in script; did not parse config
Startup Pelix: fix chksum list
New features:
Voltage monitor: add script to monitor input voltage and perform action
bondix: make certificate authentication configurable
bondix: New saneclient version 202201121411
sysd: add new tool for user show commands
Changes from v2.0.12 to v2.0.14 (2 nov 2021)
Bugfixes:
WLAN recovery: after WLAN crash, wait for interface before starting DHCP client
AnyTracker functions: correctly parse "setpos(1:2:3;100)"
Startup bondix: do not try to start saneclient if [bondix]start=no
eeprom-tool: fix mem leaks when cmd line options are given multiple times
gpio_daemon: switch off GPS receiver if [gps] start=no
gpio_daemon: open libserial before doing GPS receiver management
New features:
Bondix: configure option bonding proxy
busybox: make it possible to become root user from another user with su
show eeprom: new function "show eeprom FIELD"
gpio_daemon: new function to call phone numbers
gpio_daemon: cablynxctrl: allow to run command with '-c "CMD"'
eeprom-tool: new option to only read one value from eeprom
Changes from v2.0.11 to v2.0.12 (30 july 2021)
New features:
Bondix: new saneclient Software for channel bonding
Bridge configuration: allow interfaces to be comma separated
DHCP server: allow to configure location of DHCP leases file
IPsec: add additional algorithms for DH and PFS groups
cert script: always set subjectKeyIdentifier and authorityKeyIdenfier
Changes from v2.0.10 to v2.0.11 (22 oct 2020)
Bugfixes:
show tech: use correct path
rngd: fix message on shutdown
firewall: empty entry "policy=" caused routing table corruption
pelix: make program directly restartable, not only after 2 min
SMS console: fix problem with console enabling
certificate script: Client certificates had wrong nsCertType
Fix Config copy via USB stick on boot
startup: do not hang on TPM problem, but finish boot process
gpio_daemon: fix crash on using "CBCTL:cmd args"
Documentation: fix some Example configs
firewall: new_chain did not work if no position given
SCEP: improve to work with some special cases in CAs
New features:
Pelix: implement alarm messages
Firewall: new_chain can contain conditions
Kernel: Upgrade to 4.14.186
DHCP Client: new parameter sendhostname to submit hostname to DHCP server
DHCP Client: add parameter clientid to submit some ID to DHCP server
DHCP Client: add parameter require to request attributes from DHCP server
VLANs: allow to configure VLAN without a local interface
GRE: add support for GRETAP tunnels
SNMP: make algorithms for SNMPv3 users configurable
wget.sh: add possibility to choose TLS version to use
SCEP: allow to set key label in PKCS#11 store
SCEP: attribute to automatically store certificate in PKCS#11 store too.
SNMP: add some new flags to set for SNMPv3 users.
SNMP: add views to restrict user access to multiple OIDs
Changes from v2.0.9 to v2.0.10 (10 dec 2019)
Bugfixes:
PIC communications: try 3 times, not only once.
PIC communications: remove debugging messages
RADIUS / TACACS login: user was never deleted on logout
RADIUS / TACACS login: fix user creation on login
(tcp|udp)_target: fix sending with large intervals (first messages took some time)
Remove several (non-working) binaries still for ARv2
Modem: fix Soft-Reset after connection terminates
Certificates: allow multiple certificates in one [certificate] section
IPsec with certs: add some info to config file wrt FQDN/IP addr ID.
SCEP: make it work (again) without subjectAltName
multi-switch script: do not do DNS reverse lookups
IPsec: fix pkcs11= to accept ID containing ':'
gpio_daemon: prevent SIGPIPE when terminating while IPsec tunnel open
802.1x: fix IP address setting when run on eth0 interface
gpio_daemon: prevent error message "Interrupted system call"
DHCP server: correctly handle multiple instances of options (e.g. ntpsrv)
Firewall: add missing module for bridge firewalling (was present in ARv2)
OpenVPN: make default client config file work
gpio_daemon: fix segfault on shutdown
Get clock from GPS: adjust local clock only if 5 consecutive GPS messages show a difference. Jump both forward and backward. (Instead of only jumping forward on first time difference, which occasionally jumped somewhere into the future)
SCEP: Check RA certificates for expiry too, and properly delete expired CA certs
gpio_daemon: randomize watchdog feeding interval by 0-1s to prevent occasional regular collisions of PIC communication
ADC read: try twice if PIC was already locked from other program
Config file: Fix [variables] handling when value contains a '='
Fix occasional ADC read failure in GPTXT messages (bug was in gpio_daemon).
New Features:
Update Kernel to 4.14.138
Update Wireless Networking tools (hostapd/wpa_supplicant) to 2.9
RADIUS login: new blacklist for RADIUS users
WLAN client: add support for PKCS#11 (TPM) certificates
Config variables: allow definitions of the form {{run:CMD}} in [variables] section to get runtime information
Update documentation
WLAN client: allow regular rescanning.
802.1x: allow to define internal RADIUS server with users.
802.1x: add support for PKCS#11 (TPM) based certificates for supplicant
Modems: add support for Telit LM960 modem
WLAN / 802.1X: add anonymous_identity parameter
Manual: add config examples for SCEP and wired 802.1x
System Updates: check signature and version the update is make for
New tools sha256sum and sha512sum
cablynxctrl: new function nmeaquery to read current message rates
DHCP server: add option sipserver, vendor class identifier
Firewall: make TARGET_CHAIN rules possible for NAT chains.
multi-switch script: fix LED handling, add support for OpenVPN
GPS: supervise GPS receiver and send cold start when GSV has data but GGA no fix.
show:
show eeprom
show power (for power management)
Changes from v2.0.8 to v2.0.9 (15 feb 2019)
Bugfixes:
PIC: fix access locking
gpio_deamon: trigger connection removal on tcp read failure
Watchdog: improve watchdog feeding; try again immediately on failure
SCEP: remove old certs only after new ones are successfully stored
SCEP: plausibility check on args before deleting old certificates
Huawei modem: do not power cycle but do software reset on ppp down
New features:
Update kernel to 4.14.96
PIC: allow to set/get/restore NVRAM value: Software version 5.1.1
PIC / Watchdog: allow to read remaining tim until reboot
DHCP: new attribute noarp to make client not check lease using ARP
Firewall: allow to specify chain for [ds]nat attributes
Firewall: allow to create new chains with jump rule in other chain
Changes from v2.0.7 to v2.0.8 (3 dec 2018)
Bugfixes:
SCEP: make renewal work by overwriting existing files
SNMP: make it recognize config update when restarting services
Huawei modem: correctly enable modem LED
Firewall: make conntrack -L work again (needed for IPsec)
OpenVPN: fix wrong path to helper program
AnyTracker emulator: reset both dist and time when sending message
AnyTracker emulator: no messages were generated between 00:00 and 02:00
SCEP: fix cert handling using TPM
SCEP: allow updates from file based to TPM based certs and vice versa
IPsec / clock: set clock from modem before starting IPsec
SIM: fix IMSI checker
New features:
implement RUAG protocol to send position data
cablynxctrl: new commands filter_reset and rules_debug
(tcp|udp)_target: try to resubmit for 5s if sending failed
PIC: lock access to prevent concurrent writes
system update: add support for TPM based certificates
SCEP: add support for SHA2 family of algorithms
Kernel update to 4.14.84
Changes from v2.0.6 to v2.0.7 (2 oct 2018)
Bugfixes:
sms_config.sh: fix "attr=value", do not insert additional white space
Target filters: replace existing rules on insert
show dual modem status correctly all the time
Shutdown: do no print error message if no user was logged in
AnyControl: make modem selection work with MobileIP
Config reload: reload services if only parameters in [variables] section changed
New features:
Kernel: Upgrade to 4.14.67
Add CRDA tool to allow (again) WLAN access points in 5GHz range
SCEP Startup: remove old certificates when config changes
SNMP: add parameter sysdescr (System description)
GPI handling: add hysteresis so single measurements do not trigger an action
Modem connection: check for registration before setting up connection
DNS: allow to set search domain for local DNS lookups
New functions to be able to send AnyTracker like messages {ID|FUNC|...}
SCEP: add possibility to authenticate for renewal with current certificates
Changes from v2.0.5 to v2.0.6 (13 jul 2018)
Bugfixes:
Update scripts: correctly pass arguments to sub scripts
Do not start switch if [switch] start=no
Fix time sync between modem and system time for all modem types.
Kernel: upgrade from 4.14.22 to 4.14.54
Improve support for 2 modems (gptxt_handlers.sh)
PPP: only remove NAT rule for modem that went down, not both
IPsec: fix script that depended on variable no longer present
SCEP: fix cron job to regularly check certificates
Config: allow empty address or port in (tcp|udp)_target
New features:
Wrapper for wget to allow TPM based https authentication
IPsec: allow certificate to be read from TPM (key was already supported)
anyscep.sh: new parameter to make it only create CSR, but not submit it.
Update: new parameter to prevent update script from reloading config.
pty tool: improvements
OpenSSL: fix to make s_client evaluate SSL_CONFIG variable
Modem: allow to disable LED animation for modem clock sync
Allow to run scripts on system shutdown ([daemons] stop=)
IPsec: new parameter closeaction to run scripts on tunnel shutdown
LED signal pegel: make display confiurable
ntp: new parameters localaccess and ntp_option
EEPROM: new tool to manage EEPROM data
Add support for new Quectel LTE Band 6 modems (EP06)
cablynxctrl: new function fakesms
cablynxctrl: add support for odometer in GPS receiver
new parameters to filter messages to (tcp|udp)_targets
Show:
new: show ntp
Changes from v2.0.4 to v2.0.5 (27 feb 2018)
Bugfixes:
Filesystem: make /root 0700
Update dnsmasq. Fixes CVE-2017-14491 and CVE-2017-13704
Kernel: make kernel preemptible
dot1x.sh: make script executable
SMS handling: fix memory leak on incoming SMS
IPsec / AnyControl: send correct status
cablynxctrl: esfalg shows correct values and angles
SMS handling: fix crash on 2nd received SMS (different bug than in 2.0.4)
SMS handling: speed up parsing if multiple SMS are received
show log: fix if using non default log file
modem: fix fatal errors during modem connection if no signal for long time
SMS handling: fix mem leak when starting child process.
gpio_daemon: fix memory leak on GPRMC checking for clock sync
SMS phone number check: fix if SenderID contains spaces (yup, can happen)
boa webserver: correctly start so that it can be stopped again.
GPI: improve reading. Probably fixes bogus reset button event (only observed on AnyRover Mini).
gpio_daemon: improve reading answers from modem.
WLAN AP: parameter dump_file no longer needed, remove.
WLAN AP: Fix multiple SSID on single WLAN card with WPA-EAP auth.
Library fix to make socat work again.
Properly set LEDs on boot.
Recovery mechanism for occasional WLAN crash.
IPsec: Tunnel setup did not work with IKEv2 sometimes.
New Features:
GPS module: add health check
Dual modem: allow changing active modem through AnyControl.
Datcom: configurable interval and input to send more than one string.
New PIC firmware 5.0.3, fixes occasional PIC deadlock.
Cert script: show KeyID for PKCS11 keys.
WLAN: add new parameter txpower to reduce signal.
Shut off unused WLAN modules.
Update WLAN module firmware.
Upgrade kernel to version 4.14.22.
Changes from v2.0.3 to v2.0.4 (21 sep 2017)
Bugfixes:
SCEP: DN entries appeared twice
SCEP: improve logging
SMS: do not crash on reception of second SMS
Modem handling: improve recovery when modem does not answer
gpio_daemon: some internal timers were sometimes not handled
PIC tool: return error code upon failure
New features:
New script to manage 802.1X
Webserver: new parameters default_mime and option
Pelix: new parameter source to set source address
GPS: write GPGGA message to gptxt outfile
Modem: new GPTXT string with modem information
Other changes:
Improve explanations to OpenVPN encryption in config file
Several code cleanups with no functional change
Changes from v2.0.2 to v2.0.3 (17 aug 2017)
Wired 802.1x: allow authenticator to run on physical interfaces of a bridge.
New command "show boot"
Extend "show firewall"
IPsec: new parameter ph1_prf if PRF does not match hash algorithm.
IPsec: new parameter ph{1|2}_strict to help connect to unknown peers (debug only)
Standalone RADIUS: allow to bind to specific address (instead of 0.0.0.0)
802.1X authenticator: Allow to set source address for RADIUS communication.
first official version: v2.0.2