Release-Notes fli4l Version 2.1.9 =================== ## translated from german by Felix Eckhofer ## While fli4l version 2.1.8 focused mainly on the boot process, in this release the build process has undergone major changes. Details can be found in the section "base" below and the fli4l documentation. Additionally to the following list of changes, all bugfixes published for fli4l 2.1.8 were incorporated in version 2.1.9. ----------------------------------------------------------------------- Following is a detailed list of changes: Kernel: ======= - Update to kernel version 2.4.27 + netdev random Patch + ignore_ksoftirq Patch + ebtables Patch + advanced routing Patch Unfortunately a new kernel causes problems with external opt-packages that contain kernel modules. Maintainers should update affected packages accordingly. - kernel-support for APIC APIC reduces latency time on interrupt requests (IRQ) which are sent by NICs or ISDN-cards and reduces the risk of possible conflicts with shared IRQs. Because of many mainboards implementing this feature incorrectly it is disabled by default. To enable it, you will have to remove the word 'noapic' from the APPEND-line in img/syslinux.tml: APPEND load_ramdisk=1 initrd=rootfs.tgz root=/dev/tmpfs TAG you will have to create a new diskette/update your hd-install for the changes to take effect. Library: ======= - no changes! uClibC Version 0.9.26 is still used for all programs. base: ===== - removes scripts: mkfloppy.[sh|bat], mkopt.[sh|bat], mknetboot.sh, mkiso.sh - new scripts: mkfli4l.[sh|cmd], mkfli4l-win9x.bat "mkfloppy is gone? So how do I create a diskette then?" The build process (= creating the boot medium) has been changed. For Linux, Win9x (incl. ME) and NT (incl. W2k, WinXP) there is only one single script. Using the variable BOOT_TYPE set in /base.txt the user can decide which action should be taken: - Create the boot diskette - Create a bootable ISO-Image - Create the fli4l-files for use with a remote-update - and others... The file /mkfli4l.conf is new as well. It has the same structure as the fli4l configuration files and controls the mkfli4l* scripts (e.g. specify alternative directories). For more detailed information please the documentation, chapter "Creating the fli4l boot medium" (up-to-date version only available in german for now) . - Corrected problem with 1680kb diskettes. - In prerouting-list you will have to specify wheter you want dynamic or static portforwarding. This has been formerly decided automatically using the target IP. It was assumed to be static, if there was none. Otherwise, the portforwarding was created on dial-in. This however does not allow certain configurations like transparent proxy and was therefore abandoned. - DMZ-Support -- 2.1.9 comes with the first version of a simple DMZ-Support. advanced_networking: ================= - 802.1D bridge support has been moved to this package. Additionally some smaller changes were made and parameter checks were extended. http://bridge.sourceforge.net/ - VLAN support acording to 802.1Q. Please pay attention to the hints regarding possibly necessary MTU-changes. http://www.candelatech.com/~greear/vlan.html - Bonding support to combine several network cards to one connection. http://sourceforge.net/projects/bonding/ - Initial support for EBTables. Using this program, a transparent packet filter can be implemented. Because of its complexity there is no fli4l-specific configuration facility (yet). With other words: Only use, if you know what you are doing. http://ebtables.sourceforge.net/ bridge: ======= - removed! This package has been integrated into the new package advanced_networking. chrony: ======= - new variable: CHRONY_TIMESERVICE Additionally to the NTP-protocoll the package chrony can now also use the TIME-protocoll according to RFC 868. CHRONY can now completely replace the TIME package. - CHRONY works correctly with ethernet-only routers now (i.e. no DSL, ISDN or DHCP-client). base_dhcp: ========== - new (experimental) This package contains the most up-to-date version of the "dnsmasq" DNS-server, which comes with an integrated DHCP-server. Configuration should be self-explaining (see documentation of package DHCP if it isn't). dsl: ==== - new driver for: FRITZ!Card DSL SL USB - PPPOE_TYPE is now 'in_kernel' by default. httpd: ===== - The httpd-password is now encrypted on creation of the boot diskette. The crypt-function is no longer available on the router. sshd: ===== - Update to dropbear 0.44 and introduction of dbclient as ssh client. isdn: ===== - new: Support for cbcp lpdsrv: ======= - new: Support for IRQ and DMA modes - removed variable: LPDSRV_PARPORT_x replaced by: LPDSRV_PARPORT_x_IO tools: ====== +++++++++++++++++++++ Attention +++++++++++++++++++++++++++++++ A bug in wget could lead to arbitrary file deletion or creation +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ The wget-program used for non-interactive file downloads via HTTP, HTTPS und FTP z.B. contains a bug. Files below the directory tree that wget has been called from could be created or overwritten. see: http://cert.uni-stuttgart.de/archive/bugtraq/2004/12/msg00106.html The package TOOLS contains wget version 1.5.3 - this version most likely is affected by this problem. fli4l itself does not use wget, but external packages probably do. usb: ==== - new version of eagle-usb driver: 2.0.0 vpn: ==== - new version of OpenVPN: 2.0rc7 - The method how packetfilter rules are created has changed completely. Every VPN-connection uses a filterchain of its own. That way it is possible to log rejected packages for each VPN-tunnel seperately. - OpenVPN is started a user nobody in an empty chroot-environment again. - The default settings for OPENVPN_x_LINK_MTU OPENVPN_x_MSSFIX OPENVPN_x_FRAGMENT have changed, so you might run into problems connecting to older OpenVPN-versions or you might experience connection drops. Further information can be found in the documentation, chapter "Zusammenarbeit unterschiedlicher OpenVPN Versionen" (only german unforunately atm). - Some OpenVPN configuration options have been removed (for example OPENVPN_DEFAULT_PACKETFILTER) and several options have been added, for example: OPENVPN_DEFAULT_OPEN_OVPNPORT OPENVPN_DEFAULT_ALLOW_ICMPPING OPENVPN_DEFAULT_INPUT_LOG OPENVPN_DEFAULT_INPUT_POLICY OPENVPN_DEFAULT_FORWARD_LOG OPENVPN_DEFAULT_FORWARD_POLICY wlan: ===== - new version of hostap, hostapd und wpa_supplicant driver: 0.2.5 - new version of prism54 driver