Reference10:Release Notes Linux Application Platform

From innovaphone wiki
Jump to navigation Jump to search
There are also other versions of this article available: Reference9 | Reference10 (this version)

These release notes describe the V10 (that is, Reference10:Concept_Linux_Application_Platform based) linux application platform.

This article contains the link to the new project lists replacing the release notes. Do not edit!
Please click the link to continue.

Please see the disclaimer before using the information presented here!

Linux Application Platform V10

V10 Service Release 1 (100062)

3669 - Logrotation didn't work due to updated logrotate package

Ticket #103856. The updated packages required permission changes on and in some files.

3649 - Removed obsolete NTP client for successfull NTP updates

Ticket #103291. There were two NTP clients started, which caused the NTP daemon to crash on startup.
Now one of these clients has been deleted.

V10 Service Release 2 (100067)

3686 - Allow non default HTTP port for device after initial Linux installation

Ticket #104360. Now the IP address and an optional port can be entered for the device, where Linux is running, e.g.

3706 - NTP server handling reworked and cleaned up some files

Ticket #104632. This simplifies debugging and prevents init script from failure. NTP servers are correctly synced with NTP servers from DHCP.

V10 Service Release 3 (100079)

3796 - Correctly parse server ssl certificates for reject list

Ticket #106838. Now ignoring an openssl return code > 0 and instead try to parse the response for certificates.

3833 - Include SSL certificate in curl requests to support servers with activated MTLS

Ticket #107938. Otherwise the Linux application platform can't be authenticated.

3750 - Linux: create certificate signing requests and self-signed certificates

Ticket #106083. It is now possible to create such application certificates.

3756 - Linux: do not execute apt-get update after installation of hotfixes

Ticket #106159. This command attempts to connect to internet and download some files. If there is a bad internet connection or no connection at all, the command may hang a while.

3757 - Linux: V10 application hotfix could be installed on V1 application platform

Ticket #106160. check that major versions match before installing a hotfix for an application.

3785 - Mutual TLS support

Ticket #106653. Linux now supports mutual TLS. You can configure a port for MTLS connections.

V10 Service Release 4 (100083)

3862 - LDAP: rebind needed to follow referrals

Ticket #108647. If we try to follow the referrals we need to re-authenticate. If not done the LDAP library attempts with anonymous and the server responds with an error.

V10 Service Release 5 (100086)

3947 - Fax server: Support for charset of plain text

Ticket #111310. Now the fax server converts the plain text of an email to UTF-8 with the given charset in the email header.

V10 Service Release 6 (100088)

3988 - Increased number of relay cdr files from 6 to 10

Ticket #112413.

4031 - Linux: execute backup script only once per hour

Ticket #113390. the script must be executed only once per hour but there was a bug and it was executed every "poll timeout" minutes.

V10 Service Release 7 (100097)

4056 - Completely shutdown Linux VM on Diagnostics->Reset "Shutdown"

Ticket #114370. Now the VM shutdowns completely.

4057 - Prevent usage of a backslash inside public web/webdav urls

Ticket #114374. Otherwise the lighttpd webserver couldn't be restarted.

4060 - Rotate system log files on 5MB size

Ticket #114414. Some logfiles have been rotated after 1GB under certain circumstances.

V10 Service Release 8 (100105)

4065 - Create webdav install directory if not existant

Ticket #114637. If a customer deleted the webdav install directory, it will be recreated now.

4117 - Linux: copy init_install.log to root partition

Ticket #116002. in case something goes wrong during linux installation

4126 - Linux: error parsing certificates

Ticket #116188. we assumed an specific format for PEM files but these files could contain some additional information.

4091 - Updated translations

Ticket #115368. Updated translations of Linux and its applications.

V10 Service Release 9 (100111)

4183 - auth.log increasing due to unnecessary sudo system call

Ticket #117527. The system log file auth.log has been growing quite fast due to a sudo system call inside a PHP file which was not necessary.
This call is now only done if really needed.

4159 - Linux: application platform monitoring

Ticket #117112. there is a new php script which returns a xml file containing the output from the most relevant commands used for monitoring, free, ps, top, ss.

4135 - Linux: increase swap partition to 512 MB

Ticket #116414. avoid a crash if memory and swap get full.

4136 - Linux: performance statistics

Ticket #116418. result from uptime and free commands will be shown under Diagnostics/Status.

4182 - Rotate system log files without weekly/daily condition and use of correct PATH

Ticket #117512. Otherwise these log files might get too big.
The postrotate script hasn't been executed as the wrong PATH variable has been used.

4199 - Update OpenSSL due to OpenSSL Heartbleed bug

Ticket #118148. Integrated latest openssl package.

V10 Service Release 10 (100114)

4243 - More checks for the first time installation

Ticket #119770. The first time installation might fail on different points.
Now it is checked if the new file system is in a good state and the copy operation didn't cause errors.
Also the web server start after a reboot has been delayed.

4217 - Removed timestamp from manual backup filenames

Ticket #118740. Removed the timestamp from manual backup filenames, which makes them easier to use for software.

V10 Service Release 11 (100118)

V10 Service Release 12 (100124)

4347 - Enabled support for basic authentication for backup script retrieval

Ticket #123064. Before only save authentication methods have been allowed, now basic is also enabled, which is still safe with TLS.

4335 - Updated translations

Ticket #122668. Updated translations.

V10 Service Release 13 (100127)

4350 - Fax server: Unrecognised PDF document with mail from Apple Client

Ticket #123303. If a mail with a PDF document is sent from an Apple client, the PDF document isn't attached to the fax document. This is fixed now.

4358 - Fixed potential failure on first install of the image

Ticket #123728. There had been a small chance that the initial install sript has been executed twice at once which caused the installation procedure to fail.

4357 - Increased PHP memory limit on VM

Ticket #123725. We doubled the PHP memory limit for the linux VM. This is e.g. usefull for huge faxes.

V10 Service Release 14 (100136)

4400 - Linux: CDRs are not URL decoded if reporting is not installed

Ticket #125895. CDRs were not URL decoded before writing them to disk.

4402 - Linux: logrotate should not restart the Webserver

Ticket #125937. There is another way to rotate the lighttpd log files without restarting the webserver.

V10 Service Release 15 (100147)

4419 - Linux: Email address validation

Ticket #126805. Email addresses with e.g. '=' aren't accepted, used by the fax server application. The email address validation function is fixed now.

4448 - Run database vacuum only at night

Ticket #127681. It is not needed to be run multiple times a day and it also consumed to much resources.

4465 - Support for PBX CDRs: New info-from/info-to tags, to get dialed number

Ticket #128145. The numbers in conn-from/conn-to could be adjusted by a received "connected number"

4444 - Updated bash package due to bashbleed/shellshock bug

Ticket #127581.

V10 Service Release 16 (100154)

4510 - Added Polish translation

Ticket #130261. We added the Polish translation.
Mainly innovaphone Reporting has been translated, but innovaphone Faxserver and innovaphone Exchange Calendar Connector are also mostly translated.

The innovaphone application platform itself still remains untranslated for Polish.

4483 - Disable SSL 3.0 in web server due to POODLE bug

Ticket #128951. Since ssl 3.0 is insecure, we disabled its support inside the webserver of the Linux AP (lighttpd)

4479 - Suppress duplicate call entries in myPBX call list

Ticket #128862. A user with multiple devices might have experienced duplicate call entries in the myPBX call list under certain conditions.

4486 - Validation check for email adresses

Ticket #129306. A new validation check also checked DNS records for the email domain which produced false results.

V10 Service Release 17 (100157)

4561 - Do not return a server error 500 on CDR XML parse errors

Ticket #132424. Otherwise the PBX always tries to send the same CDR again.
Instead ignore this CDR and set up an event on the PBX with the failed XML.

4530 - Linux: Country field was missing in the signing request

Ticket #131440. This field was not included.

4565 - Updated Polish translation

Ticket #132464. The Polish translation has been updated.

V10 Service Release 18 (100160)

4576 - Destroy session data for php scripts which are not used within web UI

Ticket #133075. This reduces the amount of session files and speeds up the session cleanup script.

4560 - Linux: memory leak in process.fcgi

Ticket #132413. some memory was not freed.

4584 - Updated translations

Ticket #133817. Some translations have been updated.

V10 Service Release 19 (100163)

4604 - Updated translations

Ticket #134808.

V10 Service Release 20 (100168)

4668 - Linux: ntp server not removed from ntp dhcp config file

Ticket #139616. the ntp server was not removed from this file.

4661 - Too many log files caused broken log downloads

Ticket #139476. Downloading of log archives hasn't been possible with too many log files.
This is fixed now.

V10 Service Release 21 (100173)

4760 - Correct handling of missing msg/time attribute in CDR xml

Ticket #141662. A missing msg attribute could have caused a trap of an application on the Linux AP.

4783 - LDAP: requests done for all cdr events

Ticket #142486. although the external numbers were equal for the different events, LDAP requests were carried out.


4782 - Optimized query for missed calls in myPBX with Reporting

Ticket #142479. The query for missed calls might have taken quite long, so that other call list request got stuck and caused "Call list not available" errors in myPBX.

4770 - Relay Host: UI description changed

Ticket #141932. UI description of the relay host configuration is changed.

4738 - Updated openssl packages

Ticket #141055. The package updates fix some security issues.

V10 Service Release 22 (100174)

4847 - DER certificate download had wrong file ending

Ticket #144960. The DER certificate download file name on the Linux Application Platform now ends with '.der'. Now windows recognizes the file as installable certificate.

4815 - Removed windows line break in install script

Ticket #143943. The script contained a windows line break which caused a confusing (but harmless) log message.

V10 Service Release 23 (100176)

4884 - Write access to webdav broken with public root access without write flag

Ticket #145946. If the root has been configured as a public webdav path without the write flag, further folders with the write flag have been ignored.

V10 Service Release 24 (100178)

4968 - Concurrent myPBX client call list requests may caused empty reports

Ticket #148271. Due to a non thread safe function call, multiple concurrent call list requests may have produced empty reports.

4970 - Reporting/myPBX: handling of calls to unregistered users

Ticket #148399. These calls were shown as missed calls although they just contained setup und release events without an alert event.

Now these calls are not shown as missed call in myPBX anymore although the call itself will be still shown in the call list.
In the call details, the call will be shown with an error symbol.

Cause Codes:
18 == No User Responding
19 == No Response from User

V10 Service Release 25 (100181)

5070 - Added French, Russian and Czech translations to Linux and its applications

Ticket #151956. French, Russian and Czech translations are now integrated.

V10 Service Release 26 (100183)

5163 - Alarms on CF card/hard disk error detection

Ticket #154546. The kernel itself mounts the partition as read-only if it detects issues with a CF card/hard disk.

A script now checks every 30 minutes, if write operations are still possible.

Another check tries to find bad blocks on CF cards (VM is ignored). This can be only done in read-only mode, as the partition is mounted, so the check might not find bad sectors before it is too late.

An alarm server must be configured to receive these alarms!

5167 - LDAP: server active flag was ignored

Ticket #154749. LDAP servers are checked although they are inactive.

V10 Service Release 27 (100090)

5201 - Better webdav support for LAP

Ticket #156134. The lighttpd of the LAP is now compatible with WinSCP and Webdav.

5247 - Do not show connected calls from WQs as missed call in myPBX

Ticket #158104. This was caused by a previous hotfix.

5232 - Fixed some date formats of certain languages in the calendar note

Ticket #157536. Some date formats haven't been correctly "translated".

5217 - lighttpd delivers whole certificate chain now

Ticket #156607. As long as the uploaded server certificate contains the whole certificate chain, the lighttpd web server will now deliver the whole chain.

V10 Service Release 28 (100193)

5230 - Possible deadlock with CDRs and database reindex

Ticket #157441. The deadlock itself can't be avoided, but the database connection itself went bad.
Now, the database connection is restarted in such a situation.

V10 Service Release 29 (100194)

5339 - Speedup CDR deletion and database cleanup afterwards

Ticket #163231. A separate REINDEX of the database is not neccessary anymore since PostgreSQL 9.0.
Additionally more RAM is now assigned to the process which cleans the database.
RAM is calculated based on free RAM with a minimum value of 32MB.

The general setting of maintenance_work_mem has been changed according to the total system RAM (5%).

A warning is now shown that CDR deletion might prevent CDRs from being written to the database.

V10 Service Release 30 (100195)

V10 Service Release 31 (100199)

5385 - Add link to the audio converter on the official innovaphone homepage

Ticket #166858. The LAP audio converter does not offer as many codecs and lacks a wider input file support.

5395 - LAP support of IPx11 platform

Ticket #167135.

V10 Service Release 32 (100210)

5436 - Do not perform vacuum full after CDR cleanup

Ticket #169045. VACUUM FULL requires too much additional disk space.
Without the FULL option, freed disk space cannot be reclaimed by the OS, but PostgreSQL will still reuse it for further CDRs.

5449 - Updated packages due to bug in glibc getaddrinfo CVE-2015-7547

Ticket #169484.

Updated packages:

V10 Service Release 33 (100215)

5483 - Fixed installation of the LAP VM on greater hard disks

Ticket #170771. The installation of the LAP failed on hard disk with greater sizes.

5498 - LDAP: process.fcgi may crash if connection to database is not available

Ticket #171521. pointer will be null if the database is not available

V10 Service Release 34 (100218)

5520 - Added new innovaphone device CA certificate to trusted MTLS CA certificates

Ticket #172150. The second innovaphone device CA certificate now works with MTLS on the LAP

5540 - Fixed php handling of lighttpd

Ticket #172935. PHP hasn't been handled correctly in all circumstances.

V10 Service Release 35 (100221)

8608 - Fixed cleanup of temporary lighttpd upload files

Files under /var/tmp/lighttpd haven't been correctly deleted if too many of them existed.

V10 Service Release 36 (100225)

8736 - Just reload postgresql instead of restart on remote access IP changes

use /etc/init.d/postgresql reload instead of restart after IP configuration changes.

V10 Service Release 37 (100227)

V10 Service Release 38 (100234)

13798 - Reporting: LDAP Request with H323-Name

New checkbox 'Use H323 as Search Base'.
If the checkbox is set I use the h323 field inside the CDR Tag as base for the LDAP Filter.
If not, I take what it is defined inside the Base field of Reporting.

V10 Service Release 39 (100235)

V10 Service Release 40 (100238)

V10 Service Release 41 (100239)

V10 Service Release 42 (100241)

V10 Service Release 43 (100242)

V10 Service Release 44 (100243)

22216 - Blacklist kernel moduel n_hdlc due to kernel bug CVE-2017-2636

We now blacklist the kernel module n_hdlc, so that this module can't be loaded anymore due to a kernel bug CVE-2017-2636.
Due to this bug an unprivileged user could gain privileged access to the system.
This bug can't affect our ARM platform, as this kernel module is not installed there, just on I386 virtual machines.

V10 Service Release 45 (100246)

V10 Service Release 46 (100247)

26694 - Fixed logrotate issues

The logrotate script didn't contain the correct PATH, so that some binaries haven't been found during logrotation.
This may cause increasing logfiles instead of correctly rotated logfiles.

V10 Service Release 47 (100249)

V10 Service Release 48 (100251)

V10 Service Release 49 (10025300)

35932 - Fax Server Incoming Mails: Behavior with wrong date format

If an incoming mail has a wrong date format, the mail can't be read. Used by the fax server and it stops working.

V10 Service Release 50 (100254)

V10 Service Release 51 (100256)

39233 - Fixed parsing of Web Server PEM Certificate for postgresql Public Key

If the PEM certificate contained the certificate request, the resulting postgresql public key was broken and the database didn't run anymore.

V10 Service Release 52 (100257)

40768 - Correctly parse certificates without newline at the end of the file

V10 Service Release 53 (100258)

V10 Service Release 54 (100259)

V10 Service Release 55 (100260)

V10 Service Release 56 (10026300)

V10 Service Release 57 (100264)

58834 - Fixed arbitrary file read vulnerability in log file functionality

The logfile download functionality could be missused to download any system file. As you had to be logged in as admin user anyway to use this functionality, this is considered as a minor vulnerability .

Now just log files under /var/log and /var/www can be downloaded.

58837 - Fixed command injection in log file clear functionality

The logfile clear functionality could be missused to execute system calls. As you had to be logged in as admin user anyway to use this functionality, this is considered as a minor vulnerability .

Now the logfile parameter must start with /var/log or /var/www and the parameter is internally enclosed in quotes.

V10 Service Release 58 (100265)

V10 Service Release 58 (100265)

V10 Service Release 59 (100266)

V10 Service Release 60 (100267)

V10 Service Release 61 (100268)

V10 Service Release 62 (100269)

V10 Service Release 63 (100270)

75245 - V10 Faxserver - add unoconv patchfile for update to stretch

75211 - V10 Faxserver - unoconv.patch file not working

The patchfile for unoconv after a dist-upgrade to Debian 8 will not work.
File moved to "unoconv_jessie.patch

V10 Service Release 64 (100271)

V10 Service Release 65