Real time changelog for Porteus Kiosk with automatic updates enabled


Each new kiosk version (like e.g. 20140605) triggers an action on the client side to pull updated component from our server. After short downtime the kiosk is ready to use with all security fixes, updates and new features merged into the ISO. Everthing is done automatically without any user action. More info about this service can be found on the automatic updates page.

We encourage everybody to subscribe to an automatic updates service as it lets you be safe all the time.

Porteus Kiosk version 20170816

  • 001-core.xzm:

  • - security fix shadow-4.5: newusers tool could be made to manipulate internal data structures (CVE-2017-12424) #627044

    - upgraded to ca-certificates-20161130.3.30.2, libfastjson-0.99.6, rsyslog-8.28.0

  • 05-flash.xzm:

  • - upgraded to adobe-flash-26.0.0.151

    Porteus Kiosk version 20170808

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.41-kiosk

  • 001-core.xzm:

  • - upgraded to libwacom-0.25, pacparser-1.3.7, nettle-3.3-r2

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.3.0. Changelog: link

  • 004-wifi.xzm:

  • - upgraded to wpa_supplicant-2.6-r2

    - added wifi firmware needed for Surface Pro 4 laptop

  • 005-thinclient.xzm:

  • - new feature disable system-tray applet for Remmina, this is needed for auto looping Remmina connections

    Porteus Kiosk version 20170729

  • initrd:

  • - enabled busybox applet: setsid

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.40-kiosk

  • 002-chrome.xzm:

  • - upgraded to pepperflash-26.0.0.137

  • 003-settings.xzm:

  • - kiosk fix do not override existing user.js when adding Firefox preferences through 'browser_preferences=' parameter

    - kiosk fix rotate touch with 2 seconds delay after rotating the screen otherwise some touchscreens wont rotate the touch input properly

    - kiosk fix full persistence: do not overwrite hash file for PepperFlash as it may be upgraded in the background by Chrome

    - new feature start tunneling service as a daemon so its not restarted when Xorg session is closed or system runlevel is changed

  • 11-citrix.xzm:

  • - upgraded to icaclient-13.6.0.10243651

    This release fixes few issues like standalone Receiver application crashing upon start and smartcards not being redirected to Ctirix session properly.

    Porteus Kiosk version 20170718

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.38-kiosk, intel-microcode-20170707

  • 001-core.xzm:

  • - security fix elfutils-0.169-r1: multiple vulnerabilities (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613) #618004

    - upgraded to libpng-1.6.29, sqlite-3.19.3, xfsprogs-4.9.0, harfbuzz-1.4.6-r2, libgudev-231, pango-1.40.6, gtk+-3.22.16

  • 005-thinclient.xzm:

  • - upgraded to vte-0.46.2

  • 05-flash.xzm:

  • - security fix adobe-flash-26.0.0.137: multiple vulnerabilities (APSB17-21, CVE-2017-3080, CVE-2017-3099, CVE-2017-3100) #624620

    Porteus Kiosk version 20170706

  • initrd:

  • - display 'Device not ready' message not earlier than 10 seconds after boot

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.35-kiosk, intel-microcode-20170511

  • 001-core.xzm:

  • - upgraded to dbus-glib-0.108, liblogging-1.0.6, rsyslog-8.27.0-r1

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to 59.0.3071.115

  • 003-settings.xzm:

  • - kiosk fix removed 16 characters password limit for the 'session_password=' parameter

    - kiosk fix enable capture channels for the microphone during system start

    - kiosk fix toggle tabs function should not prevent restarting the browser when 'session_idle_forced=' parameter is used

  • 004-wifi.xzm:

  • - added more brcm sdio firmware

  • 005-thinclient.xzm:

  • - security fix libgcrypt-1.7.8: flush+reload side-channel attack on RSA secret keys: "Sliding right into disaster" (CVE-2017-7526) #623006

    Porteus Kiosk version 20170621

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.33-kiosk

  • 001-core.xzm:

  • - security fix curl-7.54.0: --write-out out of buffer read (CVE-2017-7407) #615870

    - security fix expat-2.2.1: External entity infinite loop DoS (CVE-2017-9233) #622046

    - security fix glibc-2.23-r4: arbitrary code execution through crafted LD_LIBRARY_PATH values (CVE-2017-1000366) #622220

    - security fix ntp-4.2.8_p10: multiple vulnerabilities (CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464) #613550

    - security fix tigervnc-1.8.0: multiple vulnerabilities (CVE-2017-7392, CVE-2017-7393, CVE-2017-7394, CVE-2017-7395, CVE-2017-7396) #614742

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.2.0. Changelog: link

  • 003-settings.xzm:

  • - new feature removed shutdown, reboot and sleep options from the bottom panel's 'exit menu' of the Cloud and ThinClient systems. If you need to have them present then please add 'shutdown_menu=yes' parameter to your kiosk config.

  • 004-wifi.xzm:

  • - upgraded to wpa_supplicant-2.6-r1

  • 005-thinclient.xzm:

  • - security fix libgcrypt-1.7.7: Possible timing attack on EdDSA session key #621218

  • 05-flash.xzm:

  • - upgraded to adobe-flash-26.0.0.131

  • 08-ssh.xzm:

  • - security fix openssh-7.5_p1: Multiple Vulnerabilities (CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012) #603100

  • 10-printing.xzm:

  • - security fix jbig2dec-0.13-r4 : multiple integer overflow (CVE-2017-7885, CVE-2017-7975, CVE-2017-7976) #616464

    - security fix gnutls-3.5.13: Crash upon receiving well-formed status_request extension #622038

    - security fix ghostscript-gpl-9.21 : Memory corruption / type confusion (CVE-2017-8291) #616814

    Porteus Kiosk version 20170607

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.31-kiosk

  • 001-core.xzm:

  • - security fix bzip2-1.0.6-r8: heap use after free in bzip2recover (CVE-2016-3189) #620466

    - upgraded to logrotate-3.12.2, libdrm-2.4.80, libevdev-1.5.7, xkbcomp-1.4.0, libxkbcommon, mesa-17.0.6, libepoxy-1.4.2, xorg-server-1.19.3, xf86-video-amdgpu-1.3.0, xf86-video-nouveau-1.0.15, xf86-video-openchrome-0.6.0, xf86-video-intel-2.99.917_p20170313, xf86-video-ati-7.9.0

  • 005-thinclient.xzm:

  • - security fix icu-58.2-r1 : heap overflow (CVE-2017-7867, CVE-2017-7868) #616468

  • 10-printing.xzm:

  • - security fix perl-5.24.1-r2: chmod() logic in rmtree() and remove_tree() functions can be abused (CVE-2017-6512) #620304

    - security fix libtasn1-4.10-r2: asn1_find_node() based stackoverflow (CVE-2017-6891) #619686

    - upgraded to cups-filters-1.13.5

    Porteus Kiosk version 20170526


    Tagged as Porteus Kiosk 4.4.0 release


    Wizard 4.4.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • initrd:

  • - enabled busybox applet: stat

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.30-kiosk

  • 001-core.xzm:

  • - security fix freetype-2.8: multiple overflows (CVE-2016-10328, CVE-2017-7857, CVE-2017-7858, CVE-2017-7864, CVE-2017-8105, CVE-2017-8287) #616730

    - upgraded to gtk+-3.22.15, libjpeg-turbo-1.5.1, rsyslog-8.26.0-r1

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to 58.0.3029.110

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.1.2. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix timeout connecting to the server after 60 seconds when trying to download files from it. Kiosk can still boot even is server in not accessible at the moment.

    - new feature start screensaver immediately when idle time is set to 0

    - new feature added support for storing SSL certificate on the server through the 'import_certificates=server://certificate.crt' parameter

    - new feature added proxy auto configuration support for stunnel so clients behind proxy can connect to Porteus Kiosk Server

  • 005-thinclient.xzm:

  • - upgraded to libssh-0.7.4

  • 07-java.xzm:

  • - security fix icedtea-bin-3.4.0: Multiple vulnerabilties (CVE-2017-{3509,3511,3512,3514,3526,3533,3539,3544}) #618874

    - added crippled 'java-config' utility to keep java plugin quiet in the logs

  • 10-printing.xzm:

  • - security fix tiff-4.0.8: Multiple Vulnerabilities (CVE-2017-7592, CVE-2017-7593, CVE-2017-7594) #618610

    - upgraded to gnutls-3.5.12

    - added libunistring-0.9.7

    Porteus Kiosk version 20170513

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.27-kiosk

  • 003-settings.xzm:

  • - kiosk fix use hp backend for HP printers connected directly to kiosk

    - kiosk fix decorate Chrome popup windows by default so its possible to close them

    - kiosk fix ignore lines starting with space/tabs in kiosk config as they break PCID sections

    - new feature enable CloudPrinting by default for Cloud/ThinClient variants with Chrome browser

  • 005-thinclient.xzm:

  • - upgraded to spice-gtk-0.33-r2

  • 05-flash.xzm:

  • - upgraded to adobe-flash-25.0.0.171

    Porteus Kiosk version 20170506

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.25-kiosk

    - kernel config: compiled nvme driver directly into kernel so its possible to install kiosk on NVME devices, added support for loading Intel/AMD microcode by the kernel

    - added microcode firmware needed by some Intel/AMD CPUs

  • 001-core.xzm:

  • - security fix dbus-1.10.16: two symlink attacks #611392

    - security fix feh-2.18.3: Integer overflow in wallpaper.c while receiving an IPC message (CVE-2017-7875) #616470

    - security fix nss-3.29.5: Out-of-bounds write in Base64 encoding in NSS (CVE-2017-5461) #616032

    - upgraded to apulse-0.1.10, gdk-pixbuf-2.36.6, pango-1.40.5, gtk+-3.22.12

  • 003-settings.xzm:

  • - kiosk fix regenerate playlist and restart screensaver slideshow when online zip archive was updated

    - kiosk fix refresh ripples screensaver every 10 minutes to avoid background picture distortions

    - kiosk fix process only connected displays for 'screen_settings=' parameter

    - kiosk fix display a warning message and skip installation/reconfiguration/upgrade if generated kiosk ISO is larger than system partition (900 MB)

  • 005-thinclient.xzm:

  • - upgraded to usbredir-0.7.1_p20170503

    Porteus Kiosk version 20170422

  • 001-core.xzm:

  • - upgraded to harfbuzz-1.4.5

    - added apulse-0.1.9

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-52.1.0 changelog: 46.0 47.0 48.0 49.0 50.0 51.0 52.0

  • 05-flash.xzm:

  • - upgraded to adobe-flash-25.0.0.148

  • 10-printing.xzm:

  • - upgraded to perl-5.24.1-r1

    Porteus Kiosk version 20170408

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.21-kiosk

  • 001-core.xzm:

  • - upgraded to atk-2.22.0, ethtool-4.8, gdk-pixbuf-2.36.5, glib-2.50.3-r1, hwids-20170328, libnotify-0.7.7, llvm-3.9.1-r1, nettle-3.3-r1, pango-1.40.4, rsyslog-8.24.0-r2, sqlite-3.17.0

  • 002-chrome.xzm:

  • - upgraded to google-chrome-57.0.2987.133

  • 003-settings.xzm:

  • - kiosk fix fixed the case when 'persistence=none' parameter was preventing the booting media to be powered off

  • 005-thinclient.xzm:

  • - upgraded to at-spi2-core-2.22.1, at-spi2-atk-2.22.0, adwaita-icon-theme-3.22.0, gtk+-3.22.11, vte-0.46.1

    - added libpcre2-10.22

  • 10-printing.xzm:

  • - upgraded to gutenprint-5.2.12, foomatic-db-4.0.20170331

    Porteus Kiosk version 20170328

  • initrd.xz:

  • - new feature added support for 'kernel_parameters=boot_from_usb' which forces booting the system from removable device even if second kiosk installation is available on the hard drive. This is useful e.g. if you want to test new kiosk version on specific PC using usb stick before updaing main system installation on the hard drive.

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.17-kiosk

  • 001-core.xzm:

  • - security fix wget-1.19.1-r1: CRLF injection in the url_parse function in url.c (CVE-2017-6508) #612326

    - security fix freetype-2.7.1-r2: parse_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name #612192

    - security fix libpcre-8.40-r1: OOB read / application crash (CVE-2017-6004) #609592

    - major Xorg upgrade upgraded xorg-server to version 1.19.2 and bumped whole Xorg stack: libdrm-2.4.75, libevdev-1.5.6, xkeyboard-config-2.20, libICE-1.0.9-r1, libxcb-1.12-r2, libXfont2-2.0.1, libX11-1.6.5, libXi-1.7.9, mesa-13.0.5, xauth-1.0.10, libepoxy-1.4.1, cairo-1.14.8, xorg-server-1.19.2, xf86-video-r128-6.10.2, xf86-video-vmware-13.2.1, xf86-video-trident-1.3.8, xf86-video-amdgpu-1.2.0, xf86-video-openchrome-0.5.0, xf86-video-nouveau-1.0.13, xf86-video-tdfx-1.4.7, xf86-video-sisusb-0.9.7, xf86-video-glint-1.2.9, xf86-video-savage-2.3.9, xf86-input-synaptics-1.9.0, xf86-video-mga-1.6.5, xf86-video-sis-0.10.9, xf86-video-siliconmotion-1.7.9, xf86-video-qxl-0.1.5, xf86-video-chips-1.2.7, xf86-input-evdev-2.10.5, xf86-video-intel-2.99.917_p20170216, xf86-video-ati-7.8.0, libwacom-0.24, xf86-input-wacom-0.34.0

    - upgraded to timezone-data-2017a, wmctrl-1.07-r2, xdotool-3.20150503.1-r1, tint2-0.12.12, rsyslog-8.24.0-r1

    - added libxkbcommon-0.6.0, xf86-video-virtualbox

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-google-chrome-57.0.2987.110

  • 003-settings.xzm:

  • - kiosk fix copy client files recursively and bind two ports with one ssh command when initializing a tunnel to the PK Server. This is to avoid unnecessary connections and lower server overhead when multiple clients are starting at the same time.

    - kiosk fix force opening Chrome on webpage(s) defined in the "RestoreOnStartupURLs" policy. This is to resolve an issue where Chrome started with a blank page when 'persistence=full' was enabled and kiosk was not shutdown cleanly, e.g. due to a power cut.

    - kiosk fix set 'kiosk-printer' globally as default printer through the lpoptions command. Seems that Chrome-55.x and up respect this setting now instead of a local one included in the master preferences file.

    - kiosk fix Alt-Home and Alt-KP_Home keyboard shortcuts are allowed when Chrome works with navigation bar disabled

    - kiosk fix fixed the case where parameter 'shared_printer=no' was still initializing shared printing

    - new feature all plugins for Chrome are enabled by default including "Widevine Content Decryption Module" so its possible to watch e.g. Netfilx movies

    - new feature check if at least one video output is active in the VNC startup script, if not then create virtual mode with 1920x1080 size and assign it to a disconnected output. This way VNC service can work properly on kiosks which have no monitor attached.

  • 005-thinclient.xzm:

  • - recompiled libssh with gcrypt and ssh1 support

    - upgraded to libgpg-error-1.27-r1, libgcrypt-1.7.6

  • 05-flash.xzm:

  • - upgraded to adobe-flash-25.0.0.127

    Porteus Kiosk version 20170312


    Tagged as Porteus Kiosk 4.3.0 release


    Wizard 4.3.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.14-kiosk

  • 001-core.xzm:

  • - security fix shadow-4.4-r2: su: user can send SIGKILL with root privileges to other processes (CVE-2017-2616) #610804

    - security fix nss-3.28: multiple vulnerabilities (CVE-2016-{5285,8635,9074}) #604916

    - security fix curl-7.53.0: SSL_VERIFYSTATUS ignored (CVE-2017-2629) #610572

    - upgraded to sqlite-3.16.2

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.8.0. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix rotate /var/log/x11vnc.log every day so it wont grow in size too much

    - kiosk fix skip system reconfiguration/upgrade if ISO is burned on an optical media

    - kiosk fix skip system reconfiguration/upgrade if ISO was manually burned on a partition (e.g. /dev/sda1) while it should be burned on a device (e.g. /dev/sda)

    - new feature use OpenDNS as secondary DNS server in the installation wizard for static IP configuration

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20170307

  • 10-printing.xzm:

  • - security fix lcms-2.8-r1: Out-of-bounds read in Type_MLU_Read() (CVE-2016-10165) #591452

    - security fix jbig2dec-0.13-r1: Heap-buffer overflow due to Integer overflow in jbig2_image_new function #607188

    - upgraded to libtasn1-4.10

    Porteus Kiosk version 20170219

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.11-kiosk

  • 001-core.xzm:

  • - upgraded to libbsd-0.8.3, gtk+-2.24.31-r1

  • 05-flash.xzm:

  • - upgraded to adobe-flash-24.0.0.221

  • 10-printing.xzm:

  • - security fix ghostscript-gpl-9.20-r1: Multiple vulnerabilities (CVE-2016-7976, CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602) #596576

    - added openjpeg-2.1.1_p20160922

    Porteus Kiosk version 20170211

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-4.9.9-kiosk

  • 001-core.xzm:

  • - security fix ntfs3g-2016.2.22-r2: incorrect filtering of environment variables leading to privilege escalation (CVE-2017-0358) #607912

  • 003-settings.xzm:

  • - new feature added warning when there may be not enough RAM available on the PC to perform system installation. Kiosks with 512MB of RAM may fail the installation if there large in size components enabled, e.g. java.

  • 004-wifi.xzm:

  • - upgraded wifi firmware to match new kernel

  • 05-flash.xzm:

  • - major flashplayer upgrade upgraded to adobe-flash-24.0.0.194

  • 07-java.xzm:

  • - security fix icedtea-bin-3.3.0: Multiple vulnerabilties (CVE-2016-{2183,5546,5547,5548,5549,5552}, CVE-2017-{3231,3241,3252,3253,3260,3261,3272,3289}) #607676

    Porteus Kiosk version 20170129

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.45-kiosk

  • 001-core.xzm:

  • - security fix openssl-1.0.2k: Multiple vulnerabilities (CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732) #607318

    - security fix lua-5.1.5-r4: overflow flaw in vararg functions (CVE-2014-5461) #520480

    - upgraded to kmod-23, util-linux-2.28.2

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-55.0.2883.87

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.7.0. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix removed obsolete Chrome policies: DisableSpdy, DnsPrefetchingEnabled

    - new feature activate 'serial' backend for CUPS as some usb printers require it for direct connection

    - new feature if kiosk installation fails then debug info will be displayed in the browser in order to help identifying the problem, e.g. I/O errors on target media

  • 005-thinclient.xzm:

  • - security fix opus-1.1.3-r1: Memory corruption during media file and data processing (CVE-2017-0381) #605894

  • 09-x11vnc.xzm:

  • - security fix libvncserver-0.9.11: multiple vulnerabilities (CVE-2016-9941, CVE-2016-9942) #605326

  • 10-printing.xzm:

  • - upgraded to openldap-2.4.44

    Porteus Kiosk version 20170115

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.42-kiosk

  • 001-core.xzm:

  • - security fix glibc-2.23-r3: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption #576726

    - security fix libxml2-2.9.4-r1: NULL pointer deref in XPointer range-to #597116

    - security fix ibpng-1.6.27: NULL pointer dereference (CVE-2016-10087) #604082

    - upgraded to ca-certificates-20161102.3.27.2-r2, acpid-2.0.28, libfastjson-0.99.4, zlib-1.2.11, logrotate-3.11.0, curl-7.52.1-r1, libva-1.7.3, libva-intel-driver

  • 002-firefox.xzm:

  • - security fix fmpeg-2.8.10: multiple vulnerabilities #596760

  • 003-settings.xzm:

  • - kiosk fix configure input devices first and then screen settings so rotated touchscreen devices are calibrated properly

    - kiosk fix set hostname before starting rsyslog so proper kiosk hostname is saved in the logs (especially important when logs are transported to Kiosk Server)

    - new feature paramter 'client_id=automatic' will automatically asign the client ID to the kiosk - no need for manual configuration. Following range will be used for automatic IDs: 2000 - 4999.

  • 10-printing.xzm:

  • - security fix gnutls-3.3.26: two memory corruption vulnerabilities (CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, GNUTLS-SA-2017-1, GNUTLS-SA-2017-2) #605238

    Porteus Kiosk version 20161229

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.39-kiosk

  • 001-core.xzm:

  • - security fix curl-7.52.1: uninitialized random (CVE-2016-9594) #603574

    - upgraded to alsa-lib-1.1.2, alsa-utils-1.1.2, conky-1.10.4, lm_sensors-3.4.0_p20160725, stunnel-5.36

    - added mtr-0.87

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.6.0. Changelog: link

  • 003-settings.xzm:

  • - new feature if bookmark name is not defined in the 'managed_bookmarks=' parameter and the page title is not available then default to the raw URL for the bookmark name

  • 004-wifi.xzm:

  • - upgraded to libnl-3.2.28

  • 005-thinclient.xzm:

  • - upgraded to opus-1.1.3, freerdp-2.0.0_pre20161219

  • 10-printing.xzm:

  • - security fix perl-5.22.3_rc4: unsafe module load path (CVE-2016-1238) #589680

    - upgraded to libieee1284-0.2.11-r4, libtasn1-4.9-r1, sane-backends-1.0.25-r1

    Porteus Kiosk version 20161212

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.38-kiosk

  • 001-core.xzm:

  • - security fix ntfs3g-2016.2.22 [-external-fuse]: incorrect filtering of environment variables could cause privilege escalation (CVE-2015-3202) #550970

    - upgraded to e2fsprogs-1.43.3-r1, e2fsprogs-libs-1.43.3, feh-2.18, libpcre-8.39, ncurses-6.0-r1, procps-3.3.12

  • 003-settings.xzm:

  • - kiosk fix fixed the list of foomatic drivers which was generated incorrectly for 4.2.0 release

  • 004-wifi.xzm:

  • - security fix ppp-2.4.7-r3: buffer overflow in radius plug-in's rc_mksid() (CVE-2015-3310) #546554

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.14_p20161013

  • 10-printing.xzm:

  • - upgraded to qpdf-5.1.1-r1

    Porteus Kiosk version 20161203


    Tagged as Porteus Kiosk 4.2.0 release


    Wizard 4.2.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.36-kiosk

  • 001-core.xzm:

  • - security fix expat-2.2.0-r1: Undefined behavior and pointer overflows (CVE-2016-4472) #585510

    - security fix ntp-4.2.8_p9: Multiple vulnerabilities (CVE-2016-{7426,7427,7429,7428,7431,7434,7433,9310,9311,9312}) #600430

    - upgraded to coreutils-8.25, libpng-1.6.25, rsyslog-8.19.0

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.5.1. Changelog: link

  • 005-thinclient.xzm:

  • - security fix icu-58.1: Stack based buffer overflow in locid.cpp (CVE-2016-7415) #594494

  • 07-java.xzm:

  • - security fix icedtea-bin-3.2.0: Multiple vulnerabilties (CVE-2016-{5542,5554,5568,5573,5582,5597}) #600224

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.14-r1

  • 10-printing.xzm:

  • - security fix libtasn1-4.8: infinite loop while parsing DER certificates #579748

    - security fix openldap-2.4.43: ber_get_next denial of service vulnerability #560424

    - security fix python-2.7.12: smtplib StartTLS stripping attack (CVE-2016-0772) #585946

    - security fix tiff-4.0.7: Multiple vulnerabilities #599746

    Porteus Kiosk version 20161115

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.32-kiosk

  • 001-core.xzm:

  • - security fix curl-7.51.0: Multiple vulnerabilities (CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625) #597760

    - upgraded to hwids-20161103, libXi-1.7.8, timezone-data-2016h

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-54.0.2840.100

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.5.0. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix disable 'C++' and 'C--' keyboard shortcuts properly when 'disable_zoom_controls=yes' parameter is used

  • 005-thinclient.xzm:

  • - upgraded to libwebp-0.4.2, remmina-1.2.0_rc16, vte-0.44.3

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.644: Multiple vulnerabilities (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865) #599204

  • 08-ssh.xzm:

  • - security fix openssh-7.3_p1-r7: Memory exhaustion due to unregistered KEXINIT handler after receiving message(CVE-2016-8858) #597360

  • 10-printing.xzm:

  • - upgraded to cups-2.1.4, foomatic-db-4.0.20161101

    Porteus Kiosk version 20161023

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.27-kiosk

  • 001-core.xzm:

  • - security fix libX11-1.6.4, libXfixes-5.0.3, libXi-1.7.7, libXrandr-1.5.1, libXrender-0.9.10, libXtst-1.2.3, libXv-1.0.11, libXvMC-1.0.10 - Multiple vulnerabilities #596182

    - security fix dbus-1.10.12: format string vulnerability #596772

  • 004-wifi.xzm:

  • - security fix wpa_supplicant-2.6: Multiple vulnerabilities (CVE-2015-5310, CVE-2015-5315, CVE-2015-5316, CVE-2016-4477) #596042

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.637: Multiple vulnerabilities (APSB16-32, CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992) #596896

  • 11-citrix.xzm:

  • - upgraded to icaclient-13.4.0.10109380-r1

    Porteus Kiosk version 20161003

  • 001-core.xzm:

  • - kiosk fix recompiled xf86-video-intel driver without DRI3 support which causes issues on Intel Alviso (gen3) GPUs

    - upgraded to cronbase-0.3.7-r4, gtkdialog-0.8.3-r2, mesa-12.0.3

  • 003-settings.xzm:

  • - kiosk fix make parameter 'vga_driver=modesetting' working

    Porteus Kiosk version 20161001

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.23-kiosk

  • 001-core.xzm:

  • - security fix openssl-1.0.2j: Multiple vulnerabilities (CVE-2016-6309, CVE-2016-7052) #595186

    - upgraded to acpid-2.0.27, atk-2.20.0, cronbase-0.3.7-r3, cronie-1.5.0-r1, dhcpcd-6.11.3, fuse-2.9.7, gdk-pixbuf-2.34.0, glib-2.48.2, gtk+-2.24.31, harfbuzz-1.3.1, libgudev-230-r1, logrotate-3.10.0, pango-1.40.3, sqlite-3.13.0

  • 005-thinclient.xzm:

  • - upgraded to at-spi2-atk-2.20.1, at-spi2-core-2.20.2, gtk+-3.20.9, libgpg-error-1.24, libsoup-2.54.1-r1, vte-0.44.2

  • 08-ssh.xzm:

  • - security fix openssh-7.3_p1-r6: Remote pre-auth crash #595342

  • 10-printing.xzm:

  • - security fix gnutls-3.3.24-r1: OCSP validation issue (CVE-2016-7444) #594738

    - upgraded to gmp-6.1.0, net-snmp-5.7.3-r5

    Porteus Kiosk version 20160923

  • 001-core.xzm:

  • - security fix curl-7.50.3: escape and unescape integer overflows (CVE-2016-7167) #593716

    - security fix openssl-1.0.2i: Multiple vulnerabilities (CVE-2016-2180, CVE-2016-2183, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308) #594500

    - major Xorg upgrade upgraded xorg-server to version 1.18.4 and bumped whole Xorg stack: libdrm-2.4.70, libXdmcp-1.1.2-r1, pixman-0.34.0, libevdev-1.5.2, libxcb-1.12, libXfixes-5.0.2, libXi-1.7.6, xkbcomp-1.3.1, xkeyboard-config-2.17, xrandr-1.5.0, mesa-12.0.1, mesa-progs-8.3.0, xorg-server-1.18.4, xf86-video-r128-6.10.1, xf86-input-evdev-2.10.3, xf86-video-amdgpu-1.1.0, xf86-input-synaptics-1.8.3, xf86-video-nouveau-1.0.12, xf86-input-aiptek-1.4.1-r1, xf86-video-openchrome-0.4.0, xf86-video-intel-2.99.917_p20160621-r1, xf86-video-ati-7.7.0, xf86-input-wacom-0.33.0

    - added libbsd-0.8.2

  • 002-chrome.xzm:

  • - upgraded to google-chrome-53.0.2785.116

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.4.0. changelog: link

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.635 Multiple vulnerabilities (APSB16-29) #593684

    Porteus Kiosk version 20160914

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.20-kiosk

  • 001-core.xzm:

  • - security fix curl-7.50.2: Incorrect reuse of client certificates (CVE-2016-7141) #592974

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-53.0.2785.113

  • 003-settings.xzm:

  • - kiosk fix make sure SSH tunnel connection is established fully before trying to download remote config from Porteus Kiosk Server

  • 06-fonts.xzm:

  • - upgraded to noto-20160531

  • 10-printing.xzm:

  • - upgraded to perl-5.22.2

    Porteus Kiosk version 20160904


    Tagged as Porteus Kiosk 4.1.0 release


    Wizard 4.1.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.19-kiosk

  • 001-core.xzm:

  • - upgraded to libestr-0.1.10

  • 003-settings.xzm:

  • - kiosk fix clients behind the proxy can connect to Porteus Kiosk Server properly

    - new feature screensaver slideshow will sort the pictures according to their filename

  • 10-printing.xzm:

  • - upgraded to gutenprint-5.2.11

    Porteus Kiosk version 20160819

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.18-kiosk

  • 001-core.xzm:

  • - security fix curl-7.50.1: multiple vulnerabilities #590482

    - upgraded to dejavu-2.37

  • 003-settings.xzm:

  • - kiosk fix keep cron logs in a separate file so they wont be flooding main system log

    - kiosk fix disabled geolocation and OCSP services for Firefox as they make troubles for kiosks which uses proxies with authentication (long wait for a timeout when connecting to Mozilla services)

    - new feature report kernel version to the Server

  • 07-java.xzm:

  • - security fix icedtea{,-bin}-{7.2.6.7,3.1.0}: Multiple vulnerabilties (CVE-2016-{3458,3485,3500,3508,3550,3587,3598,3606,3610}) #590590

  • 10-printing.xzm:

  • - security fix nettle-3.2-r1 : RSA code is vulnerable to cache-timing related attacks #590484

    Porteus Kiosk version 20160806

  • initrd:

  • - enabled busybox applet: mktemp

    - do not start splash if 'debug' kernel parameter is used

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.16-kiosk

  • 001-core.xzm:

  • - added c_rehash-1.7-r1, hicolor-icon-theme-0.15

    - upgraded to hwids-20160801, timezone-data-2016e

  • 002-chrome.xzm:

  • - upgraded to google-chrome-52.0.2743.116

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.3.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix escape '?' character for Firefox's whitelist/blacklist functions so URLs containing this characters are handled correctly

    - kiosk fix make sure that ssh tunnel was established properly before forwarding client's data to the Server. This is to avoid 'password not found' error which could appear when establishing VNC connection from Administration Panel to the client.

  • 10-printing.xzm:

  • - added sane-backends-1.0.24-r6, net-snmp-5.7.3-r3

    - recompiled hplip with scanner and fax support

    - upgraded to poppler-0.45.0

  • 11-citrix.xzm:

  • - new feature linked /opt/Citrix/ICAClient/keystore/cacerts directory to /etc/ssl/certs so system certificates could be used

    Porteus Kiosk version 20160724

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.15-kiosk

  • 001-core.xzm:

  • - upgraded to llvm-3.7.1-r3

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-52.0.2743.82

  • 003-settings.xzm:

  • - kiosk security fix do not mount removable device and start the browser if session is locked by the "session password" window

    - kiosk security fix blocked Shift+Enter key combination by default as it was opening a new Firefox window when user clicked on download link and then pressed Shift+Enter

    - kiosk fix browser idle: prevent very first browser restart if no user activity was detected

    - kiosk fix update DNS properly when dialup connection is used

    - kiosk fix block 'Ctrl+p' key combination if printing component is not enabled

    - kiosk fix stunnel: reduced logging level from "warning" to "critical" to get rid of warning entries flooding the log when remote server is down

    - new feature enable bootsplash by default for post installation ISO

    - new feature default search engine is set to Google, you may change it to DuckDuckGo with 'search_engine=duckduckgo' parameter

    - new feature shutdown menu: restart session is back, all services are aware that Xorg session can be restarted

    - new feature browser idle: notify the user that user activity was detected and session wont be restarted

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.632 - Multiple vulnerabilities (CVE-2016-{4217,4218,4219,4220,4221,4222,4223,4224,4225,4226,4227,4228,4229,4230,4231,4232,4233,4234,...,4249}) #588738

    Porteus Kiosk version 20160710

  • initrd:

  • - enabled busybox applet: eject

  • 001-core.xzm:

  • - security fix expat-2.1.1-r2: Using XML_Parse before rand() results in non-random output (CVE-2016-5300) #577928

    - security fix libpcre-8.38-r1: stack buffer overflow for (*ACCEPT) with deeply nested parentheses #575546

    - security fix openssl-1.0.2h-r2: Non-constant time codepath followed for certain operations in DSA implementation (CVE-2016-2178) #585276

    - security fix wget-1.18: Lack of filename checking allows arbitrary file upload via FTP redirect (CVE-2016-4971) #585926

    - security fix libjpeg-turbo-1.5.0: Out-of-Bounds Read via unusually long Blocks in MCU #585782

    - added: json-c-0.12, libestr-0.1.9, liblogging-1.0.5, rsyslog-8.16.0-r1, startup-notification-0.12-r1

    - upgraded to stunnel-5.34-r1

  • 003-settings.xzm:

  • - new feature rsyslog replaces metalog as default logging daemon - its more configurable and supports remote logging

    - new feature if association with Kiosk Server is enabled then bind remote rsyslog port locally (over SSL tunnel). System logs in severity warning and above will be logged on the Server side - useful for proactive support.

    - new feature if hostname is not specified and if Kiosk Server association is enabled then use client_id as hostname

    - new feature automatically eject optical disc after successful installation

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20160610

  • 10-printing.xzm:

  • - security fix gnutls-3.3.24: Certificate verification issue when used with the p11-kit trust module (GNUTLS-SA-2016-2) #588306

    - recompiled poppler with cairo support

    - upgraded to cups-2.1.3-r1

    Porteus Kiosk version 20160625

  • initrd:

  • - mention Win32DiskImager explicitly in the booting failure message

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.14-kiosk

  • 001-core.xzm:

  • - upgraded to gtk+-2.24.30, harfbuzz-1.2.7, libxml2-2.9.4, timezone-data-2016d

  • 002-chrome.xzm:

  • - upgraded to google-chrome-51.0.2704.106

  • 003-settings.xzm:

  • - kiosk fix fixed character conversion issue for Citrix Receiver

    - kiosk fix make sure that authorized_keys file was copied correctly from Porteus Kiosk Server

    - kiosk fix add '--disable-pinch' to Chrome flags if 'disable_zoom=yes' parameter is used

    - kiosk fix make signons work again for Chrome

    - kiosk fix removed 'restart session' option from shutdown menu as its causing troubled in certain situations. Please use 'reboot' option instead.

    - new feature kiosk config can be hosted on FTP servers

    - new feature list touch devices in debug report

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.626 - Critical vulnerability (CVE-2016-{4120,4171}) #586044

    Porteus Kiosk version 20160610

  • initrd:

  • - added quirk for nVidia GPUs

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.13-kiosk

  • 001-core.xzm:

  • - security fix expat-2.1.1-r1: Expat XML Parser Crashes on Malformed Input (CVE-2016-0718) #583268

    - security fix ntp-4.2.8_p8: Multiple vulnerabilities (CVE-2016-{4953,4954,4955,4956,4957}) #584954

    - security fix ntfs3g-2015.3.14 [-external-fuse]: incorrect filtering of environment variables could cause privilege escalation (CVE-2015-3202) #550970

    - upgraded to cairo-1.14.6, dosfstools-4.0-r1, elfutils-0.166, nss-3.23, sysvinit-2.88-r9, xfsprogs-4.5.0

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-51.0.2704.84

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.2.0. changelog: link

  • 003-settings.xzm:

  • - kiosk security fix if ssh service is enabled then allow login to Porteus Kiosk Server as kiosk user only from localhost interface (force using SSL tunnel)

    - kiosk fix when multiple homepages are defined and 'homepage_check=' parameter is enabled then query only first homepage to prevent "homepage is not available" message

    - kiosk fix fixed 'scheduled_actions=' parameter not working correctly when hour or minute was staring with '0' number (e.g. 09:04)

    Porteus Kiosk version 20160528


    Tagged as Porteus Kiosk 4.0.0 release


    Wizard 4.0.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • initrd:

  • - use 'uvesafb' driver to display splash screen during boot when native framebuffer driver is not available

    - when booting fails show an info how to burn the kiosk ISO correctly on the usb sticks

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.11-kiosk

  • 001-core.xzm:

  • - security fix curl-7.49.0: TLS certificate check bypass with mbedTLS/PolarSSL (CVE-2016-3739) #583394

    - upgraded to bzip2-1.0.6-r7, freetype-2.6.3-r1, hwids-20160421, libpng-1.6.21, procps-3.3.11-r3, pciutils-3.4.1, wget-1.17.1-r1

  • 003-settings.xzm:

  • - kiosk security fix disabled access to four chrome:// facilities which slipped through our blacklist filter. Vulnerability reported by Blaze Information Security - thank you!

    - kiosk fix enabled logging for x11vnc daemon

  • 06-fonts.xzm:

  • - added libertine-5.3.0.20120702-r2, noto-20160305-r1 packages

    - upgraded to dejavu-2.35, liberation-fonts-2.00.1-r2

    Porteus Kiosk version 20160519

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.10-kiosk

  • 001-core.xzm:

  • - security fix imlib2-1.4.9: integer overflow resulting in insufficient heap allocation #580038

    - upgraded to glib-2.46.2-r3, kmod-22, timezone-data-2016c

    - added dosfstools-4.0, mesa-progs-8.2.0

  • 002-chrome.xzm:

  • - upgraded to google-chrome-50.0.2661.102

  • 003-settings.xzm:

  • - kiosk fix fixed installation on SD cards which broke after switching to the GRUB bootloader

    - kiosk fix disabled 'horizontal overscroll' in Chrome as this feature may cause privacy concerns

    - new feature added OpenGL info to debug report

  • 004-wifi.xzm:

  • - upgraded to crda-3.18-r1

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.621 - many vulnerabilities (CVE-2016-{1096,1097,1098,1099,1100,1101,1102,1103,1104,1105,1106,1107,1108,1109,1110,...,4117}) #582670

  • 07-java.xzm:

  • - major Java upgrade upgraded to icedtea-bin-3.0.1 (java-1.8.x)

    - upgraded to icedtea-web-1.6.1-r1

  • 10-printing.xzm:

  • - security fix poppler-0.42.0: heap buffer overflow #579752

    - recompiled tiff with jpeg support

    - upgraded to foomatic-db-4.0.20160504

    Porteus Kiosk version 20160505

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.9-kiosk

  • 001-core.xzm:

  • - security fix openssl-1.0.2h: Multiple vulnerabilities (CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176) #581234

  • 002-firefox.xzm:

  • - security fix mozilla-firefox-45.1.1

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20160502

    Porteus Kiosk version 20160501

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.8-kiosk

  • 001-core.xzm:

  • - security fix ntp-4.2.8_p7: multiple vulnerabilities #581528

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.1.0. changelog: link

  • 002-chrome.xzm:

  • - upgraded to google-chrome-50.0.2661.94

  • 003-settings.xzm:

  • - kiosk fix 'persistence=session' parameter should not depend on 'disable_private_mode=yes'

    - kiosk fix allow for filepicker in Chrome when support for removable media is enabled

    - new feature display /media location in the filepicker left side panel so its easier to find where removable media were mounted

    - new feature enable shared VNC access by default

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.6.6: Multiple vulnerabilties (CVE-2016-{0686,0687,0695,3425,3427}) #581028

    Porteus Kiosk version 20160417

  • initrd and initrdpxe.xz:

  • - upgraded to busybox-1.24.2

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.7-kiosk

    - kernel config: enabled x86_64 architecture by default - we are dropping support for 32bit CPUs. Enabled drivers for hardware monitoring, PVSCSI SCSI Controller and added support for POSIX Message Queues

  • 001-core.xzm:

  • - security fix glibc-2.22-r4: nss_dns: Stack overflow in getnetbyname implementation (CVE-2016-3075) #578602

    - security fix sqlite-3.12.0: Buffer overread, buffer overflow, integer overflow #578940

    - new feature upgraded userland (all kiosk modules) to 64bit architecture. We are droping support for 32bit CPUs.

    - upgraded to gdk-pixbuf-2.32.3, libwacom-0.18, openbox-3.6.1, timezone-data-2016a, stunnel-5.30

    - added lm_sensors-3.3.5, tslib-1.0-r3, xev-1.2.2, xf86-input-tslib-0.0.6-r3

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-50.0.2661.75

  • 003-settings.xzm:

  • - kiosk fix when in debug mode unset homepage_append parameter so debug report can be displayed in the browser correctly

    - kiosk fix keep screensaver window on top when browser works with navigation bar disabled and is restarted by 'browser_idle=' parameter

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.616 Arbitrary code execution vulnerability (APSA16-01, CVE-2016-1019) #579166

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.6.5: unspecified vulnerability (CVE-2016-0636) #578300

    Porteus Kiosk version 20160318

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.6-porteus-kiosk

  • 001-core.xzm:

  • - security fix openssl-1.0.2g-r2: Multiple vulnerabilities (CVE-2016-{0702,0703,0704,0705,0797,0798,0799,0800}) #575548

    - security fix ntp-4.2.8_p6: multiple vulnerabilities (CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158) #572452

    - security fix sqlite-3.11.1: arbitrary code execution on databases with malformed schema, buffer overreads (CVE-2015-7036) #574420

    - security fix nss-3.22.2 : multiple vulnerabilities (CVE-2016-{1950..1979}, CVE-2016-{2790..2802}) #576862

    - security fix imlib2-1.4.7: multiple vulnerabilities (CVE-2014-9762) #572884

    - added following packages: conky-1.9.0-r3, cronbase-0.3.7-r1, cronie-1.5.0, e2fsprogs-1.42.13, e2fsprogs-libs-1.42.13, fuse-2.9.4, gsimplecal-1.6, libpcre-8.38, logrotate-3.9.2, mc-4.8.14, metalog-3-r1, ncurses-5.9-r5, popt-1.16-r2, rsync-3.1.2, tint2-0.12.3, volumeicon-0.4.6, xcb-util-0.4.0, xf86-video-fbdev-0.4.4, xfsprogs-3.2.4

    - upgraded to gtk+-2.24.29

  • 002-firefox.xzm:

  • - security fix ffmpeg-2.8.6: Multiple vulnerabilities (CVE-2016-{2213,2328,2329,2330}) #577458

  • 003-settings.xzm:

  • - kiosk fix wizard: remote management 'test config' button downloads the config using wget and displays in gtkdialog window rather than the browser.

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.577: Multiple vulnerabilities (APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010) #576980

  • 08-ssh.xzm:

  • - security fix openssh-7.2_p2: Multiple vulnerabilities (CVE-2016-1908, CVE-2016-3115) #576954

  • 10-printing.xzm:

  • - security fix tiff-4.0.6: Buffer overflow (CVE-2013-4243) #484542

    Porteus Kiosk version 20160310

  • initrd:

  • - removed Broadcom BCM57780 quirk

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.5-porteus-kiosk

  • 001-core.xzm:

  • - upgraded to atk-2.18.0, glib-2.46.2-r2, gtk+-2.24.28-r1, harfbuzz-1.1.3, libnotify-0.7.6-r3, libxml2-2.9.3, pango-1.38.1

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-45.0 changelog: 39.0 40.0 41.0 42.0 43.0 44.0 45.0

  • 003-settings.xzm:

  • - new feature welcome wizard: display link quality info after AP name in the scanning result

  • 004-wifi.xzm:

  • - added missing mt7601u.bin firmware

    Porteus Kiosk version 20160228


    Tagged as Porteus Kiosk 3.7.0 release


    Wizard 3.7.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.3-porteus-kiosk.

  • 003-settings.xzm:

  • - kiosk fix blacklist drm kernel modules when 'gpu_driver=vesa' parameter is used

    Porteus Kiosk version 20160222

  • initrd:

  • - do not load uvesafb as it broke with 4.4 kernel

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.2-porteus-kiosk. Moving early to kernel 4.4.x LTS as we need proper support for Intel Skylake processors.

    - kernel config: added support for Microsoft Hyper-V virtualization platform

  • 001-core.xzm:

  • - security fix glibc-2.21-r2: stack overflow in getaddrinfo (CVE-2015-7547) #574880

    - security fix dhcpcd-6.10.0: two vulnerabilities (CVE-2016-{1503,1504}) #571152

    - upgraded to libva-1.6.2, libva-intel-driver-1.6.2

  • 003-settings.xzm:

  • - kiosk fix fixed kiosk client -> Porteus Kiosk Server communication when ssh services are working on non default ssh port

    - kiosk fix generate system report only once when debug mode is enabled

  • 004-wifi.xzm:

  • - upgraded to ca-certificates-20151214.3.21, wpa_supplicant-2.5-r1

  • 06-fonts.xzm:

  • - added liberation-fonts-2.00.1-r1 package

    Porteus Kiosk version 20160214

  • initrd:

  • - do not count modules when copying to RAM as we want quieter booting

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.17-porteus-kiosk

    - kernel config: switched to UVESA which is a modern replacement for VESA

  • 001-core.xzm:

  • - security fix nss-3.21-r2: Weak RSA-MD5 signature allows attack on client certificate authentication (part of SLOTH attack), miscalculations in bignum lib (CVE-2015-7575, CVE-2016-1938) #571086

    - added 'synclient' utility so its possible to configure touchpads

    - added following packages: v86d-0.1.10, fbv-1.0b

    - upgraded to libusb-1.0.19-r1, timezone-data-2015g

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.6.1. changelog: link

  • 003-settings.xzm:

  • - kiosk fix managed bookmarks: if bookmark title is not discovered automatically then use URL as a title instead of the generic 'Bookmark' name

    - kiosk fix eliminated fault conditions when underscore sign was used in kiosk parameters

    - new feature 'import_certificates=' parameter: added support for downloading and injecting standalone certificate to browser cert8.db/cert9.db. Sample: import_certificates=http://domain.com/files/certificate-1.crt http://domain.com/files/certificate-2.crt

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20160208

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.569 : Multiple vulnerabilities (APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985) #574284

  • 10-printing.xzm:

  • - security fix nettle-3.2: Miscalculations of elliptic curve multiplications (CVE-2015-8803,CVE-2015-8804,CVE-2015-8805) #573646

    Porteus Kiosk version 20160129

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.16-porteus-kiosk

  • 001-core.xzm:

  • - security fix openssl-1.0.2f: Multiple vulnerabilities (CVE-2015-3197,CVE-2016-0701) #572854

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.6.0. changelog: link

    - security fix ffmpeg-2.8.5: stealing local files with HLS+concat (CVE-2016-{1897,1898}) #571868

  • 003-settings.xzm:

  • - kiosk fix kill hhpc process properly when exiting screensaver slideshow/video

    - kiosk fix fixed touchscreen calibration/rotating for touch controllers which reports two input devices (e.g. PQLabs EN320006897)

    - new feature disabled system notification messages in order to achieve quiet boot and shutdown. Messages appears only when there is an issue or when kiosk reconfigures/upgrades itself.

  • 004-wifi.xzm:

  • - upgraded to usb_modeswitch-2.2.6

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.6.4: Mulitple vulnerabilities (CVE-2015-{7575,8126,8472}, CVE-2016-{0402,0448,0466,0483,0494}) #572716

  • 10-printing.xzm:

  • - security fix cups-filters-1.5.0: foomatic-rip - consider the back tick as an illegal shell escape character (CVE-2015-{8327,8560}) #567286

    Porteus Kiosk version 20160121

  • initrd:

  • - enabled busybox applets: gzip, gunzip, tty, zcat

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: enabled support for CIFS protocol (Windows network shares) and VESA framebuffer

  • 002-chrome.xzm:

  • - upgraded to google-chrome-47.0.2526.111_p1

  • 003-settings.xzm:

  • - kiosk fix remote config: allow for [[GLOBAL]] and [[PCID]] strings with no space between the bracket and data

    - kiosk fix 'browser_preferences=' parameter should append to user.js rather than overwrite it

    - kiosk fix fixed time calculation in the screensaver script - it can run now continuously for 11 500 days

    - kiosk fix remove whitespaces at the end of the parameters in the kiosk config prior to parsing. This bug was breaking for example 'printer_connection=' parameter.

    - kiosk fix wizard: save manual edits to kiosk config when user clicks on the 'save config' button

    - new feature wizard: added 'Back' button so you can restart it if you want to redo kiosk configuration

    - new feature wizard: added video tutorial button presenting how to save and load kiosk config/ISO from removable device

    - new feature added 'Raw Queue' printer driver for models which uses their own drivers

    - new feature use 1MB for the block size when burning the ISO during installation/reconfiguration/upgrade making this operation significantly faster

  • 08-ssh.xzm:

  • - security fix openssh-7.1_p2: Multiple vulnerabilities related to roaming (CVE-2016-{0777,0778}) #571892

  • uefi.zip:

  • - upgraded to Grub 2.02 beta2 and patched its sources for quiet boot

    Porteus Kiosk version 20160103

  • initrd and initrdpxe.xz:

  • - went back to wget applet from busybox and added SSL helper as statically linked wget for some reasons does not perform hostname resolution correctly

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: enabled i586 architecture by default. We are dropping support for i486 CPUs.

  • 001-core.xzm:

  • - security fix libjpeg-turbo-1.4.2: buffer overflow #531418

    - new feature recompiled userland with 'march=i586' compiler flag which seems to be a minimum requirement for latest Mesa ('march=i486' causes system hangs on Intel GPUs). We are droping support for i486 CPUs.

    - upgraded to mesa-11.0.6

  • 002-chrome.xzm:

  • - upgraded to google-chrome-47.0.2526.106_p1

  • 003-settings.xzm:

  • - kiosk fix run wget with '-U Mozilla' flag when doing the homepage check as some http servers reject connection when user agent is not set for the client

    - kiosk fix Chrome: disable 'pinch to zoom' touch gesture when navigation bar is disabled

    - kiosk fix handle displays with dash in name (e.g. VGA-0) properly when 'screen_settings=' parameter is provided and screen positioning function is used

    - kiosk fix recompiled openbox without xinerama support so applications get maximized across all available screens in mulit seat setup (e.g. video wall)

    - new feature added md5sum check of main system components after burning the ISO on the storage media. If md5sum does not match then burning is repeated up to 3 times.

  • 004-wifi.xzm:

  • - upgraded to libnl-3.2.27

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.559: Multiple vulnerabilities (CVE-2015-{8459,8460,8634,8635,8636,8638,8639,8640,8641,8642,8643,8644,8645,8646,8647,8648,8649,8650,8651}) #570040

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.14

    - added libvncserver-0.9.10-r3

  • 10-printing.xzm:

  • - security fix libpcre-8.38: Heap Overflow Vulnerability in find_fixedlength() (CVE-2015-5073) #553300

    Porteus Kiosk version 20151215

  • initrd and initrdpxe.xz:

  • - replaced busybox 'wget' applet with full wget application to allow downloading files from SSL protected sites

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.15-porteus-kiosk

    - kernel config: enabled IP Multicast feature which is needed for receiving RTP/UDP video streams, compiled MPT drivers into kernel so its possible to install kiosk on SCSI/SAS hard drives in VMware and VirtualBox

    - configured ath10k driver to never search for a file containing wifi parameters otherwise network cant be initialized until this file is provided (its specific to each unit so there is no chance to make everyone happy)

  • 001-core.xzm:

  • - security fix openssl-1.0.2e: Multiple vulnerabilities (CVE-2015-{1794,3193,3194,3195,3196}) #567476

    - major Xorg upgrade upgraded xorg-server to version 1.17.4 and bumped whole Xorg stack: libX11-1.6.3, libXdmcp-1.1.2, libXi-1.7.5, libXrandr-1.5.0, libXrender-0.9.9, libXt-1.1.5, libdrm-2.4.65, libepoxy-1.3.1, libevdev-1.4.4, libfontenc-1.1.3, libpciaccess-0.13.4, libxcb-1.11.1, libxkbfile-1.0.9, setxkbmap-1.3.1, sqlite-3.9.2, udev-225, xf86-input-evdev-2.9.2, xf86-input-synaptics-1.8.2, xf86-input-wacom-0.31.0, xf86-video-ast-1.1.5, xf86-video-intel-2.99.917-r2, xf86-video-mga-1.6.4, xf86-video-qxl-0.1.4, xf86-video-r128-6.10.0, xf86-video-vesa-2.3.4, xinit-1.3.4-r1, xinput-1.6.2, xkeyboard-config-2.16, xmodmap-1.0.9, xorg-server-1.17.4

    - added attr-2.4.47-r2, libcap-2.24-r2, wmctrl-1.07-r1, xf86-video-amdgpu-0.0.01_pre20150814

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-47.0.2526.80_p1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.5.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix inject 'file:///tmp' to the whitelist automatically if 'screensaver_video=' parameter is used

    - kiosk fix start screensaver video with 'always on top' attribute so its not covered by restarted browser when 'browser_idle=' function is active

    - kiosk fix Firefox: disabled 'restore previous session' feature which shows up when persistence is enabled and browser crashes or is restarted by the 'browser_idle=' parameter

  • 004-wifi.xzm:

  • - added qualcomm ath10k firmware

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.554: Multiple vulnerabilities #567838

    - upgraded to curl-7.45.0

  • 05-flash_legacy.xzm:

  • - upgraded to curl-7.45.0

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.6.3: Vulnerability (CVE-2015-4871) #567850

    Porteus Kiosk version 20151126


    Tagged as Porteus Kiosk 3.6.0 release


    Wizard 3.6.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - kernel config: added support for VMware virtual machines

  • 001-core.xzm:

  • - security fix libpng-1.6.19: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions #565678

    - added elfutils-0.163, libepoxy-1.2, libva-1.6.1, libva-intel-driver-1.6.1, libvdpau-1.1.1, llvm-3.5.0, mesa-10.3.7-r1, xf86-video-vmware

  • 002-firefox.xzm:

  • - added ffmpeg-2.6.3

  • 003-settings.xzm:

  • - kiosk fix run the screensaver slideshow with 'always on top' attribute so its never covered by other windows (e.g. browser could be automatically restarted through the browser_idle* parameter and cover the slideshow)

    - new feature Firefox preferences: enabled support for h264 playback in the html5 video tag

    - new feature added /etc/rc.d/local_shutdown.d for local commands which should be executed during system reboot/shutdown: killing processes gracefully, stopping LAMP services, unmounting remote share or persistent storage

    - new feature compare kernel and kernel modules version and stop booting when they do not match as networking would not be initialized anyway

  • 07-java.xzm:

  • - security fix icedtea-bin7.2.6.2: Multiple vulnerabilities (CVE-2015-4734,4803,4805,4806,4835,4840,4842,4843,4844,4860,4872,4881,4882,4883,4893,4903,4911}) #565842

  • 10-printing.xzm:

  • - upgraded to hplip-3.15.11

  • 11-citrix.xzm:

  • - upgraded to icaclient-13.2.1.328635

    Porteus Kiosk version 20151112

  • initrd:

  • - display OS version during PXE boot

    - create /dev/shm by default

    - upgraded to busybox-1.24.1

    - enabled busybox applets: reset, time, arping, uptime, pgrep

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.13-porteus-kiosk

  • 001-core.xzm:

  • - security fix libxml2-2.9.2-r4: Out-of-bounds memory access when parsing unclosed HTML comment #560524

    - security fix nspr-4.10.10: use-after-poison, buffer overflow, integer overflow (CVE-2015-{7181,7182,7183}) #564834

    - security fix nss-3.20.1: use-after-poison, buffer overflow, integer overflow (CVE-2015-{7181,7182,7183}) #564834

    - upgraded to glib-2.44.1-r1, kmod-4.21, pango-1.36.8-r1, procps-3.3.10-r1, stunnel-5.24, xf86-video-rendition-4.2.6

  • 002-chrome.xzm:

  • - upgraded to google-chrome-46.0.2490.86_p1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.4.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix improved compatibility of old wifi drivers and WPA2 Enterprise encryption scheme

  • 08-ssh.xzm:

  • - security fix openssh-7.1_p1-r2: MaxAuthTries bypass attack Vulnerability (CVE-2015-5600) #555518

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.548: multiple vulnerabilities #565318

    Porteus Kiosk version 20151101

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.12-porteus-kiosk

    - kernel config: added NFS client support

  • 001-core.xzm:

  • - upgraded to glibc-2.21-r1

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-46.0.2490.80_p1

  • 003-settings.xzm:

  • - kiosk fix blocked Shift+F8 key combination by default

    - kiosk fix start "scheduled tasks" with 40 sec delay to avoid situation when system is restarted twice within the same minute (kiosk reboots very fast)

    - kiosk fix use default network interface instead of first one listed in /sys/class/net when determining MAC addres for the 'homepage_append=mac' function

    - new feature display warning when battery reaches 10% and repeat every 60 secs until AC is connected

    - new feature added /etc/rc.d/local_net.d for local scripts which should be run once networking is initialized

  • 04-wfi.xzm:

  • upgraded to wireless-regdb-20151022

    Porteus Kiosk version 20151019

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.10-porteus-kiosk

  • 001-core.xzm:

  • - security fix gdk-pixbuf-2.32.1: Heap overflow when scaling a GIF file (CVE-2015-7674) #562878

    - added stunnel-5.20, sshpass-1.05, xf86-video-virtualbox

    - upgraded to gtkdialog-0.8.3-r1, html-xml-utils-6.9, libpng-1.6.18, timezone-data-2015f

  • 003-settings.xzm:

  • - kiosk fix fixed Google Chrome not starting during PXE boot

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.540: Multiple vulnerabilities (APSB15-27) (CVE-2015-{7645,7646,7647,7648}) #563172

  • 10-printing.xzm:

  • - upgraded to gmp-6.0.0a

    Porteus Kiosk version 20151001

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.8-porteus-kiosk

  • 001-core.xzm:

  • - upgraded to pixman-0.32.8, util-linux-2.26.2, xf86-video-s3virge-1.10.7, xf86-video-chips-1.2.6

  • 002-chrome.xzm:

  • - upgraded to google-chrome-45.0.2454.101_p1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.3.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix fixed the 'homepage check' function preventing the browser from starting in some rare cases

    - new feature wizard/updates: restart network service after 5 failed download attempts of the additional components

  • 004-wifi.xzm:

  • - upgraded to libnl-3.2.26, wireless-regdb-20150925

    - added iwlwifi-7265D-13.ucode firmware

  • 05-flash.xzm:

  • - security fix flashplayer-plugin-11.2.202.521

  • 10-printing.xzm:

  • - upgraded to gnutls-3.3.17.1, nettle-3.1.1, python-2.7.10

    Porteus Kiosk version 20150918

  • 003-settings.xzm:

  • - kiosk fix removed user agent parameter from wget flags ('-U Mozilla') as it breaks dropbox.com compatibility with remote management

    - upgraded to wget-1.16.3-r1

  • 004-wifi.xzm:

  • - added rtl8812aefw.bin and rtl8812aefw_wowlan.bin firmware

    Porteus Kiosk version 20150916

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.7-porteus-kiosk

  • 001-core.xzm:

  • - security fix openssl-1.0.2d: Alternate chains certificate forgery (CVE-2015-1793) #554172

    - security fix gdk-pixbuf-2.30.8-r2: heap overflow and DoS #556314

    - added xf86-video-sis-0.10.8 package

    - upgraded to atk-2.16.0-r1, dhcpcd-6.9.3, harfbuzz-0.9.41, glib-2.44.1

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-45.0.2454.93_p1

  • 003-settings.xzm:

  • - kiosk fix 'localhost' is resolved to '127.0.0.1' address properly

    - kiosk fix added 'localhost,127.0.0.1' to proxy exceptions by default to resolve printing problems when proxy is used

    - new feature added support for remote management when kiosk is booted over network (PXE boot)

    - new feature wizard: added possibility to test printing before burning the ISO

    - new feature wizard: added new window which appears after setting up the network with 4 buttons: a) launch wizard (first run - no previous kiosk config exist), b) point device to existing remote kiosk configuration, c) load config from the network, d) load config from removable device

    - new feature wizard: added support for nested configurations when loading the config from the network/removable device

  • 07-java.xzm:

  • - upgraded to icedtea-bin-7.2.6.1

    Porteus Kiosk version 20150902


    Tagged as Porteus Kiosk 3.5.0 release


    Wizard 3.5.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - kernel config: added support for userspace parallel port printer drivers (required by hplip)

  • 001-core.xzm:

  • - upgraded to dhcpcd-6.9.2 to resolve PXE boot issues

  • 003-settings.xzm:

  • - kiosk fix if removable media are enabled then whitelist file:///media automatically

    - kiosk fix fixed custom sound level feature which got broken in 3.4.0 release

    - kiosk fix remove all non printable characters before parsing remote configs

    - new feature implemented support for nested configurations in remote management

    Porteus Kiosk version 20150830

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.6-porteus-kiosk

  • 001-core.xzm:

  • - upgraded to nss-3.20

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-44.0.2403.157_p1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.2.1. changelog: link

  • 003-settings.xzm:

  • - kiosk fix generate all required ssh keys automatically with 'ssh-keygen -A' command

    - new feature when private mode is disabled and Google Chrome is used then following functions will be enabled by default: form autofilling, editing bookmarks (bookmark bar is always enabled), Chrome applications, spellcheck, sync, translate, signing into the profile

    - new feature added foomatic printing database with support for over 4k of new drivers

    - new feature remote config is downloaded with PC ID string appended to the kiosk config URL. This way you can find out in the server logs which kiosk downloaded it.

  • 10-printing.xzm:

  • - added support for Bixolon thermal printers

    - added foomatic-db-4.0.20150819, foomatic-db-engine-4.0.12, perl-5.20.2 packages

    - upgraded to hplip-3.15.7

    Porteus Kiosk version 20150815

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-4.1.5-porteus-kiosk

    - kernel config: added Virtio support

  • 001-core.xzm:

  • - security fix gdk-pixbuf-2.30.8-r1: heap overflow and DoS #556314

    - added feh-2.9.3, giblib-1.2.4, html-xml-utils-6.8, xinput_calibrator-0.7.5 packages

    - upgraded to pciutils-3.3.1, timezone-data-2015e

  • 003-settings.xzm:

  • - new feature in case of touchscreens rotate the touch input automatically to the position of the screen

    - new feature activate touch gestures in Chrome if touch capable device is found

  • 05-flash.xzm:

  • - security fix flashplayer-plugin-11.2.202.508

  • 10-printing.xzm:

  • - security fix cups-2.0.3: multiple vulnerabilities (CVE-2015-{1158,1159}) #551846

    - added pygobject-2.28.6-r55 package

    Porteus Kiosk version 20150802

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.0.9-porteus-kiosk

  • 001-core.xzm:

  • - security fix expat-2.1.0-r5: Heap-buffer-overflow (CVE-2015-1283) #555642

    - upgraded to dunst-1.1.0

  • 003-settings.xzm:

  • - kiosk security fix blocked access to Firefox preferences through 'about:preferences#preferences' URL

    - kiosk fix remote management: if kiosk is signed to the 'automatic updates' service then download components directly from such channel to avoid double reburn.

    - kiosk fix fixed download progress bar not showing on slow networks (20 KB/s and below)

    - kiosk fix do not download uefi.zip during installation if booting from UEFI ISO

    - kiosk fix apply proxy/proxypac settings straight during installation so its possible to use browsers as normal

    - new feature wizard: added 'setup keyboard layout' button on the very first screen. Handy in case you are using different layout then English (US)

    - new feature wizard: added 'time setup' utility on the wifi configuration screen as wifi may fail to connect if system clock is set incorrectly

    - new feature wizard: display wireless MAC address on the wifi configuration screen (some wireless networks are filtered per MAC and this info is needed to allow the kiosk to connect)

    - new feature wizard: added possibility for testing default sound card and custom sound level

    - new feature wizard: show the list of printer manufacturers on first screen and then display relevant printer models (list is shorter so its easier to find desired model)

    - new feature wizard: save in real time to the kiosk config when doing manual edits (*Save Edits* button is no longer needed)

  • 08-ssh.xzm:

  • - security fix openssh-6.9_p1-r2: two security issues (CVE-2015-5352) #553724

  • 10-printing.xzm:

  • - security fix cups-filters-1.0.71: Incorrect fix for heap-based buffer overflow (CVE-2015-3279) #553836

    - added support for Zebra and Star thermal printers

    - added pnm2ppa-1.13-r1 (support for HP Deskjet 710, 712, 720, 722, 820, 1000 series)

    Porteus Kiosk version 20150719

  • 001-core.xzm:

  • - critical security fix nss-3.19.2: Multiple vulnerabilities (CVE-2015-{2721,4000}) #550288

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.134_p1

  • 05-flash.xzm:

  • - critical security fix adobe-flash-11.2.202.491: Multiple vulnerabilities allowing for ACE and DoS (CVE-2015-{5122,5123}) #554882

    Porteus Kiosk version 20150712

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.0.8-porteus-kiosk

  • 001-core.xzm:

  • - security fix openssl-1.0.1p: Alternate chains certificate forgery (CVE-2015-1793) #554172

    - security fix ntp-4.2.8_p3: remote code execution in some configs, and a leap second issue (CVE-2015-5146) #553682

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.132_p1

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.481: use after free / "hackingteam" vuln (CVE-2015-5119) #554220

    - security fix curl-7.43.0: Multiple vulnerabilities (CVE-2015-{3236,3237}) #552618

  • 05-flash_legacy.xzm:

  • - security fix curl-7.43.0: Multiple vulnerabilities (CVE-2015-{3236,3237}) #552618

    Porteus Kiosk version 20150704

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.0.7-porteus-kiosk

  • 001-core.xzm:

  • - upgraded to gtk+-2.24.28-r1, sqlite-3.8.10.2

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.130_p1

    - 'kiosk-printer' is set as default instead of the 'Save as PDF' option

    - new feature enabled native 'print preview' window for Chrome

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.1.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix do not prefer gutenprint drivers over other ones as they could offer more functions or better print quality (e.g. Xerox proprietary drivers)

    - kiosk fix removed workaround to the '100% CPU load' cups bug as its fixed upsteream now #549732

    - kiosk fix when homepage is not defined then default to porteus-kiosk.org to avoid showing of the welcome page in Chrome browser

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.468: heap buffer overflow (CVE-2015-3113) #552946

  • 10-printing.xzm:

  • - security fix cups-filters-1.0.70: remote code execution (CVE-2015-3258) #553644

    - upgraded to cups-2.0.2-r2

  • uefi.zip:

  • - 32bit EFI support: renamed bootx32.efi to bootia32.efi to make possible direct booting from isohybrid images (no need for EFI shell workaround)

    Porteus Kiosk version 20150619

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: added support for namespaces (NET_NS, PID_NS, USER_NS) which are required for Google Chrome sandbox to work

  • 001-core.xzm:

  • - security fix openssl-1.0.1o: - multiple vulnerabilities (CVE-2014-8176,CVE-2015-{1788,1789,1790,1791,1792,4000}) #551832

    - added xdotool-2.20110530.1 package

    - upgraded to ethtool-3.18

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.125_p1

    Google Chrome got better locking so it works now in a similar way to Firefox:

    - removed default Chrome profile (/home/guest/.config/google-chrome) as all preferences are managed now through the Group Policy Objects, master_preferences and chrome-flags.conf (saved in 003-settings.xzm/opt/google/chrome folder)

    - locked down all Chrome settings (including chrome://*) so its not possible to change enything even when navigation bar is enabled

    - when user create an application shortcut (Chrome menu -> More Tools -> Create application shortcuts) then it will be opened as decorated and maximized

    - popup windows will open as maximized and decorated so its possible to close them

    - disabled downloads, bookmarks, password manager and profile syncing (guest mode is forced)

    - disabled developer tools

    - disabled print preview

    - disabled following plugins by default: Chrome Remote Desktop Viewer, Native Client, Widevine Content Decryption Module

    - form autofilling is possible when private mode is disabled

    - new feature enabled controling of the 'file://' protocol through the 'enable_file_protocol=yes' kiosk setting. If your kiosks are managed centrally then you may add this parameter to your remote config.

    - new feature enabled blacklisting/whitelisting through the 'blacklist=' and 'whitelist=' kiosk settings. If your kiosks are managed centrally then you may add these parameters to your remote config.

  • 003-settings.xzm:

  • - kiosk security fix blocked 'view-source:' protocol in Firefox which was giving an access to some system files (the ones readable by the user 'guest') despite of the 'file://' protocol being disabled. Blocked accessing the Firefox menu through the 'Alt' key when new browser window is opened with the tab dragging gesture. Both issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program. Thank you.

    Porteus Kiosk version 20150611

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-4.0.5-porteus-kiosk

    - kernel config: added support for Qemu virtual machines and enabled Tun/Tap driver (required for example by OpenVPN)

  • 001-core.xzm:

  • - added xf86-video-qxl-0.1.3 package

    - upgraded to acpid-2.0.23, dhcpcd-6.9.0, ntfs3g-2014.2.15-r, usbutils-008-r1

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.124_p1

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-38.0.1 changelog: 32.0 33.0 34.0 35.0 36.0 37.0 38.0

    - browser is started as maximized rather than fullscreen by default. This allows to launch HTML5 apps like pdf viewer, youtube video player and other in real fullscreen with no firefox navigation bar visible at the top. To restart the browser you have to close its last tab - same as in Google Chrome.

    - stop/refresh buttons are back in their original position (right side of the URL bar).

    - disabled openh264 plugin which is needed only for video chats (Firefox Hello communication client) and would have to be downloaded during every browser restart due to license restrictions

    - disabled Enhanced Tiles by default

    - disabled HeartBeat rating system and Google SafeBrowsing service

  • 003-settings.xzm:

  • - kiosk fix Google Chrome - fixed handling of homepages containing '&' sign

    - kiosk fix close 'shutdown menu' when going back from sleep

    - kiosk fix removed Chinese/Japanese/Korean layouts from the keyboard mapping list in the wizard as they need external input method application not supported in kiosk by default

    - new feature when private mode is disabled then open new tab as 'about:newtab' rather than 'about:blank'

  • 04-wifi.xzm:

  • - upgraded to wireless-regdb-20150605

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.466: multiple vulnerabilities (CVE-2015-{3096,3097,3098,3099,3100,3101,3102,3103,3104,3105,3106,3107,3108}) #551658

  • 10-printing.xzm:

  • - upgraded to ghostscript-gpl-9.15-r1, libpcre-8.36

    Porteus Kiosk version 20150531


    Tagged as Porteus Kiosk 3.4.0 release


    Wizard 3.4.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.14-porteus-kiosk

    - kernel config: added many new drivers for better support of the tablets and x86 embedded devices

  • 001-core.xzm:

  • - added ntfs3g-2014.2.15, nspr-4.10.8 and nss-3.17.4 packages

    - upgraded to alsa-lib-1.0.29, alsa-utils-1.0.29, cairo-1.14.2, xf86-video-geode-2.11.17, xf86-video-mach64-6.9.5

  • 002-chrome.xzm:

  • - added google-chrome-43.0.2357.81. Welcome Google Chrome!

  • 002-firefox.xzm:

  • - removed libs doubled in 001-core.xzm (from nss and nspr packages)

  • 003-settings.xzm:

  • - kiosk fix scale only connected and initialized video outputs (skip cases when crtc cant be find)

    - kiosk fix no matter what user selects in the wizard - keep navigation/address bar enabled when in debug mode

    - new feature set custom resolution on all active displays and not just the first one

  • 04-wifi.xzm:

  • - security fix wpa_supplicant-2.4-r3: EAP-pwd missing payload length validation (CVE - Pending) #548742

    - upgraded to jimtcl-0.76

  • 10-printing.xzm:

  • - security fix gnutls-3.3.15: MD5-based ServerKeyExchange signature accepted by default (GNUTLS-SA-2015-2) #548636

    - security fix libtasn1-4.5: invalid memory access (CVE-2015-3622) #548252

    - upgraded to nettle-2.7.1-r4

    Porteus Kiosk version 20150519

  • initrd:

  • - when kiosk data is not found then display debug info and drop to the shell only after key press (wait 10 secs for it). If no action is taken by the user then shutdown the PC.

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: compiled XFS into kernel as its not loaded automatically when mounting device formatted with this filesystem

  • 001-core.xzm:

  • - upgraded to openssl-1.0.1m

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.7.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix whitelisted 'about:blank' by default so 'access denied' image is not shown on a new tab

    - kiosk fix set default sound level to 90% as 75% may be too low

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.460: multiple vulnerabilities (CVE-2015-{3044,3077,3078,3079,3080,3081,3082,3083,3084,3085,3086,3087,3088,3089,3090,3091,3092,3093) #546706

    - security fix curl-7.42.1: sensitive HTTP server headers also sent to proxies (CVE-2015-3153) #548130

  • 05-flash_legacy.xzm:

  • - security fix curl-7.42.1: sensitive HTTP server headers also sent to proxies (CVE-2015-3153) #548130

  • 07-java.xzm:

  • - upgraded to icedtea-bin-7.2.5.5

  • uefi.zip:

  • - added support for PCs equipped with 32bit EFI firmware. Some implementations do not support booting from isohybrid ISOs and its necessary to setup 'Internal EFI shell' as default for booting.

    Porteus Kiosk version 20150510

  • initrd:

  • - PXE boot: default to port 80 if PORT variable is missing in the 'http_server=' parameter

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.13-porteus-kiosk

  • 001-core.xzm:

  • - upgraded to kmod-20, xf86-video-cirrus-1.5.3, xf86-video-neomagic-1.2.9, xf86-video-savage-2.3.8, xf86-video-siliconmotion-1.7.8

  • 003-settings.xzm:

  • - kiosk fix fixed handling of SSIDs with whitespaces in name

    - new feature automatic updates: inject PC ID to /etc/version so its possible to identify the kiosk through it

    - new feature if 'shutdown menu' is not enabled then allow powering off the PC by pressing the power button. If user has a physical access to it then can force kiosk shutdown by holding the button for 5 secs anyway

  • 04-wifi.xzm:

  • - security fix wpa_supplicant-2.4: action script execution vulnerability (CVE-2014-3686) #524928

  • 05-flash.xzm:

  • - security fix curl-7.42.0: Multiple vulnerabilities (CVE-2015-{3143,3144,3145,3148}) #547376

  • 05-flash_legacy.xzm:

  • - security fix curl-7.42.0: Multiple vulnerabilities (CVE-2015-{3143,3144,3145,3148}) #547376

  • 06-fonts.xzm:

  • - upgraded to wqy-zenhei-0.9.46

    Porteus Kiosk version 20150423

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.12-porteus-kiosk

  • 001-core.xzm:

  • - security fix libxml2-2.9.2-r1: denial of service processing a crafted XML document #546720

    - upgraded to dbus-glib-0.102, expat-2.1.0-r4, glibc-2.20-r2, harfbuzz-0.9.38, hwids-20150129, libnotify-0.7.6-r1, timezone-data-2015b

  • 003-settings.xzm:

  • - kiosk fix fixed default permissions for ntfs so its possible now to mount NTFS formatted removable media

    - new feature allow access to 'about:config' when in debug mode

    - new feature run all custom scripts from /etc/rc.d/local_cli.d (when in runlevel 3) and /etc/rc.d/local_gui.d (when in runlevel 4) during startup

  • 04-wifi.xzm:

  • - upgraded to usb_modeswitch-2.2.0_p20140529, wpa_supplicant-2.2-r1

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.457: multiple vulnerabilities (CVE-2015-{0346,0347,0348,0349,0350,0351,0352,0353,0354,0355,0356,0357,0358,0359,0360,3038,3039,3040,3041,3042,3043,3044}) #546706

  • 10-printing.xzm:

  • - upgraded to cups-2.0.2-r1, hplip-3.15.4

    Porteus Kiosk version 20150413

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.11-porteus-kiosk

  • 003-settings.xzm:

  • - kiosk fix timeout after 10 secs when waiting on wifi interface so other NICs can be initialized by dhcpcd (wired connection can be used as a fallback for wifi)

    - kiosk fix initialize brightness by default on all supported outputs to resolve 'dark screen' bug affecting some Intel GPUs

    - kiosk fix installation/reconfguration/upgrade: timeout downloading of components after 20 secs when connection to the server is lost (wget waits 15 mins by default)

    - new feature save current time to hardware clock if ntpdate succeeded pulling the date from the internet

  • 06-fonts.xzm:

  • - upgraded to thaifonts-scalable-0.6.1

  • 10-printing.xzm:

  • - security fix poppler-0.32.0: segmentation fault in XRef::getEntry at XRef.cc:1317 #542220

    Porteus Kiosk version 20150403

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.10-porteus-kiosk

    - kernel config: added UDF filesystem support required for mounting of some optical media

  • 001-core.xzm:

  • - upgraded to util-linux-2.25.2-r2, xf86-video-trident-1.3.7, libwacom-0.11

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.6.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix setup automatic proxy configuration separately for kiosk config and wallpaper URLs as they may be handled by proxy exceptions

    - kiosk fix setup sound level later in the boot process to allow slow sound devices initialize properly

    - new feature automount iso9660 and udf formatted CDs and DVDs when 'removable devices' support is enabled

  • 04-wifi.xzm:

  • - upgraded to libnl-3.2.25, ca-certificates-20140927.3.17.2

  • 10-printing.xzm:

  • - security fix libtasn1-4.4: stack overflow in DER decoder (CVE-2015-2806) #544922

    Porteus Kiosk version 20150322

  • vmlinuz and 000-kernel.xzm:

  • - various updates to the kernel config

  • 001-core.xzm:

  • - security fix openssl-1.0.1l-r1: Multiple vulnerabilities (CVE-2015-0204,0207,0208,0209,0285,0287,0288,0289,0290,0291,0292,0293,1787) #543552

    - security fix libXfont-1.5.1: BDF file parsing issues (CVE-2015-1802) #543630

    - new feature switched to 'ripples' screensaver which looks nicer and does not leave any distortions on the screen when running for longer

    - upgraded to timezone-data-2015a, glib-2.42.2, atk-2.14.0, gtk+-2.24.27

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.5.3. changelog: link

  • 003-settings.xzm:

  • - kiosk fix fixed 'remote management' not working with UEFI PCs

    - kiosk fix fixed a bug which prevented having address bar disabled and navigation bar hidden at the same time

    - kiosk fix removed tiny white line displayed on top of the screen when navigation bar was disabled

    - kiosk fix restart vnc service automatically in case it crashes

    - kiosk fix changed default font size to 12 for system messages

    - new feature scale smaller screen automatcally when second monitor is connected and there is a mismatch in resolution between internal/external outputs

    - new feature disabled 'search for text when i start typing' in firefox preferences so kiosk can work with bar code scanners out of the box

    - new feature screensaver runs now in fullscreen mode rather than maximized+undecorated, this allows to have all other applications decorated in kiosk

  • 04-wifi.xzm:

  • - upgraded to wireless-regdb-20150313

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.451: multiple vulnerabilities (CVE-2015-{0332,0333,0334,0335,0336,0337,0338,0339,0340,0341,0342}) #543112

  • 10-printing.xzm:

  • - security fix cups-filters-1.0.66: remove_bad_chars() bypass #542158

    Porteus Kiosk version 20150308

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.9-porteus-kiosk

  • 001-core.xzm:

  • - added pacparser-1.3.1 package required for proxy auto configuration

  • 003-settings.xzm:

  • - kiosk fix fixed downloading of kiosk remote configs/wallpapers from some SSL protected sites

    - kiosk fix apply settings from proxy pac files to all applications and not only firefox

    - kiosk fix export 'https_proxy=' and 'ftp_proxy=' environmental variables properly

    - kiosk fix fixed discovering of some usb wifi dongles in the welcome wizard

    - kiosk fix clear booting screen so system version is not visible when Xorg is restarted through the shutdown menu

    - kiosk fix run ntpdate even when clock is set to Factory

    - added 'shutdown' utility wrapper

  • 04-wifi.xzm:

  • - added rtl8188eufw.bin firmware

    Porteus Kiosk version 20150302


    Tagged as Porteus Kiosk 3.3.0 release


    Wizard 3.3.0 features: all new features implemented on the wizard level can be found here and here.

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • initrd:

  • - upgraded to busybox-0.23.1

    - enabled busybox applets: dirname, fgrep, nohup, pkill, printenv, printf, pwd, realpath, seq, touch, uniq, usleep, which, whoami, xargs

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-3.18.8-porteus-kiosk and aufs 3.18-20150223

    - upgraded firmware to relevant kernel version

  • 001-core.xzm:

  • - security fix freetype-2.5.5: Multiple vulnerabilities (CVE-2014-{9656,9657,9658,9659,9660,9661,9662,9663,9664,9665,9666,9667,9668,9669,9670,9671,9672,9673,9674,9675}) #539796

    - added libevdev-1.3 and xf86-video-s3-0.6.5-r1 packages

    - major Xorg upgrade upgraded xorg-server to version 1.16.4 and bumped whole Xorg stack: cairo-1.12.18-r1, libdrm-2.4.59, libICE-1.0.9, libpciaccess-0.13.3, libxcb-1.11-r1, libXext-1.3.3, libXfont-1.5.0, libXft-2.3.2, libXi-1.7.4, libXxf86vm, libxshmfence-1.2, mtdev-1.1.5, pixman-0.32.6, xf86-input-evdev-2.9.1, xf86-input-synaptics-1.8.1, xf86-input-wacom-0.24.0, xf86-video-ast-1.0.1, xf86-video-ati-7.5.0, xf86-video-i740-1.3.5, xf86-video-intel-2.99.917, xf86-video-modesetting-0.9.0, xf86-video-nouveau-1.0.11, xf86-video-tdfx-1.4.6, xinit-1.3.3-r1, xkbcomp-1.3.0, xkeyboard-config-2.14, xorg-server-1.16.4, xrandr-1.4.3

    - upgraded to dhcpcd-6.6.7, oxygen-gtk-1.4.6, timezone-data-2014j, xscreensaver-5.32

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.5.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix removed hplip version from the driver name in the wizard (allows hplip package upgrades in the 'automatic updates' channel)

    - kiosk fix fixed handling of WPA passwords containing spaces

    - kiosk fix fixed race condition between ssh/vnc services during kiosk startup

    - new feature allow outgoing traffic in the firewall on all ports by default. Incoming/forwarded traffic is still blocked as before. This is needed for proxy autoconfiguration service, browsing ftp shares, flovplayer video support, etc ...

    - new fature switched to system wide proxy so all applications can use it and not only firefox

    - new fature rotate screen on all connected displays and not only on default one

  • 04-wireless.xzm:

  • - added jimtcl-0.73, ppp-2.4.7, usb_modeswitch-2.1.0_p20140129, wvdial-1.61, wvstreams-4.6.1-r3 which are needed for dialup support in kiosk

  • 10-printing.xzm:

  • - added gmp-5.1.3-r1, gnutls-3.3.10-r2, libtasn1-4.2, nettle-2.7.1-r1 which are the new dependencies for the cups package (openssl support has been replaced with gnutls for making secure connections)

    - upgraded to cups-2.0.1-r1, hplip-3.15.2

    Porteus Kiosk version 20150213

  • initrd:

  • - enabled 'env' busybox applet required by hplip (hp printers)

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.33-porteus-kiosk

    - kernel config: enabled support for more than 4 com ports

  • 001-core.xzm:

  • - security fix freetype-2.5.4-r1: Multiple vulnerabilities (CVE-2014-{9656,9657,9658,9659,9660,9661,9662,9663,9664,9665,9666,9667,9668,9669,9670,9671,9672,9673,9674,9675}) #539796

    - security fix dbus-1.8.16: denial of service in dbus >= 1.4 systemd activation (CVE-2015-0245) #539482

  • 003-settings.xzm:

  • - kiosk fix automatic updates - check for kiosk server accessibility before performing system update

    - kiosk fix wizard - do not accept VNC passwords longer than 8 characters (upstream limit) and keep asking until shorter one is provided

    - kiosk fix firefox UI - reintroduced 'back/forward' buttons when address bar is disabled

    - kiosk fix firefox config - allow insecure ntlm authentication (disabled by upstream in firefox 30.x)

    - new fature firefox UI - moved home button on the right side of the URL bar as it fits better there

    - new fature firefox config - enable all firefox plugins (vlc, libreoffice, mozplugin, npica, etc) even if they are not available in kiosk by default

  • 10-printing.xzm:

  • - added python-2.7.9 and dbus-python-1.2.0-r1 required by hplip (hp printers)

    Porteus Kiosk version 20150208

  • initrd:

  • - save kiosk version in /etc/version so it can be checked through ssh or from URL bar (if file:// protocol is enabled)

  • 003-settings.xzm:

  • - kiosk fix wizard installer - fixed listing of devices with white spaces in name

  • 004-wireless.xzm:

  • - added ca-certificates-20130906-r1 required for WPA/WPA2 Enterprise support

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.442: Multiple vulnerabilities (CVE-2015-{0314,0315,0316,0317,0318,0319,0320,0321,0322,0323,0324,0325,0326,0327,0328,0329,0330}) #538982

    Porteus Kiosk version 20150128

  • 003-settings.xzm:

  • - kiosk fix do not start firewall in the background as printing exceptions may be not initialized

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.440: remote code execution (CVE-2015-0311) #537426

    Porteus Kiosk version 20150126

  • initrd:

  • - added 'readlink' busybox applet

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.29-porteus-kiosk

    - kernel config: added back usblp kernel module which is needed by some non standard CUPS drivers

  • 001-core.xzm:

  • - upgraded to procps-3.3.9-r2, kmod-19, libxdg-basedir-1.2.0-r1

  • 003-settings.xzm:

  • - kiosk fix improved handling of network interfaces which are showing late in the system (e.g.: usb wifi dongle)

    - kiosk fix set volume on all audio channels except for "*Mic*" and "*Boost*" to prevent unwanted noise from the speakers

    - new feature 'automatic updates' trial - display a warning that kiosk needs to be reconfigured during the last 10 days of the trial

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.438: some vulnerability (CVE-2015-0310) #537738

    Porteus Kiosk version 20150115

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.28-porteus-kiosk

    - kernel config: increased kernel log buffer size, enabled PAT support which improves 2D/3D performance in some cases, enabled PPP protocol which is needed for 3g connections, enabled USB serial drivers

  • 001-core.xzm:

  • - security fix openssl-1.0.1k: multiple vulnerabilities (CVE-2014-{3569,3570,3571,3572,8275},CVE-2015-{0204,0205,0206}) #536042

    - critical security fix xorg-server-1.15.2-r1: multiple vulnerabilities (CVE-2014-{8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8102,8103}) #532086

    - added tofrodos-1.7.12a package

    - upgraded to dejavu-2.34, fontconfig-2.11.1-r2

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.4.0. changelog: link

  • 003-settings.xzm:

  • - disabled 'slow script' dialog window in firefox preferences

    - list MTRR registers in debug report

  • 004-wireless.xzm:

  • - upgraded to crda-1.1.3-r1, wireless-regdb-20141118

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.429: multiple vulnerabilities (CVE-2015-{0301,0302,0303,0304,0305,0306,0307,0308,0309}) #536562

  • 06-fonts.xzm:

  • - upgraded to dejavu-2.34

  • 10-printing.xzm:

  • - upgraded to poppler-0.26.5

    Porteus Kiosk version 20141228

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.27-porteus-kiosk

    - kernel config: added support for 2TB+ drives

  • 001-core.xzm:

  • - security fix ntp-4.2.8-r1: Multiple vulnerabilities (CVE-2014-{9293,9294,9295,9296}) #533076

    - security fix libpng-1.6.16: heap overflow #533358

    - added rfkill utility

    - upgraded to glib-2.40.2, gtk+-2.24.25, pango-1.36.8

  • 003-settings.xzm:

  • - kiosk fix unblock all wifi devices during boot with rfkill

    - kiosk fix clear also /tmp folder on each firefox restart to make sure that nothing persists there

    - kiosk fix hide status bar when navigation bar is disabled

    - new feature do not create new ISO prior to installation but burn it 'on the fly'. This allows to install base kiosk ISO (no extra modules added) on a PCs with as little as 128MB of RAM

    - new feature set system localization to en-US.UTF8

    - new feature allow HTML5 fullscreen api on all pages by default

    - new feature first run wizard - notify user when never version of Porteus Kiosk ISO is available for download

    Porteus Kiosk version 20141212

    We have got some great responses after 3.2.0 release so aside of usual security fixes and upgrades delivered by upstream this version brings esential fixes to the kiosk itself. Thanks a lot for your feedback!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.26-porteus-kiosk

    - kernel config: added support debug messages and printk. Adds about 1MB of size to the ISO but Porteus Kiosk grows rapidly in popularity and we need more debugging info to resolve hardware problems

  • 001-core.xzm:

  • - security fix libpng-1.6.15: out of bounds memory access #532264

    - security fix libxml2-2.9.2: expansion attach (CVE-2014-3660) #525656

    - added 'dmesg' applet to busybox and full 'lspci' and 'lsusb' utilities along with pci/usb ids database - needed for debugging

    - upgraded to libdrm-2.4.58

  • 003-settings.xzm:

  • - kiosk fix 'automatic updates' - made it "fool-proof" so random files which (possibly) are added by Windows burning utilities wont break updating process

    - kiosk fix fixed bug where homepage could not be set to a page chapter: 'homepage://some_url/#tag

    - kiosk fix updated 'disable navigation bar' function which finally works around an age old fullscreen + html video fullscreen issue. Still not resolved by upstream: link

    - kiosk fix 'Welcome' wizard - fixed bug when wifi interface was named as eth1 (ipw220 driver) and kiosk could not initialize wireless connection

    - kiosk fix remove /var/log/Xorg.0.log as it contains some important system informations: kernel, Xorg, DDX driver version

    - new feature added function which discovers and switches wifi interface automatically if hardware configuration has changed (e.g.: wifi 'eth1' becomes 'wlan0'). Works only if 'dhcpcd' is selected in the wizard.

  • 004-wireless.xzm:

  • - added iwconfig utility

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.425: multiple vulnerabilities (CVE-2014-{0580,0587,8443,9162,9163,9164}) #532074

  • 10-printing.xzm:

  • - moved libusb to core as it's needed by 'lsusb' utility

    Porteus Kiosk version 20141204


    Tagged as Porteus Kiosk 3.2.0 release


    Wizard 3.2.0 features: all new features implemented on the wizard level can be found here and here.

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - kernel config: added ath6k wifi drivers, minor configuration changes

  • 001-core.xzm:

  • - upgraded to libSM-1.2.2-r1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.3.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix fixed a bug when wifi connection could not be establish in some cases

    - added generic PDF, PostScript and text-only drivers to the printer models list

  • 004-wireless.xzm:

  • - added ath6k firmware

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.424: additional hardening against CVE-2014-8439 (CVE-2014-8439) #530692

  • 08-ssh.xzm:

  • - security fix openssh-6.7_p1: openssh client does not check SSHFP if server offers certificate (CVE-2014-2653) #505942

    Porteus Kiosk version 20141122

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.25-porteus-kiosk and aufs 3.14.21+-20141110

    - kernel config: disabled an option for loading firmware through userspace as udev-217 dropped this possibility

  • initrd.xz:

  • - kiosk fix make sure that only .xzm modules are mounted to /union (aufs) and not other files or folders

  • 001-core.xzm:

  • - security fix dbus-1.8.10: denial of service via incomplete fix for CVE-2014-3636 #528900

    - added xinput and xf86-video-openchrome packages

    - upgraded to timezone-data-2014i-r1, xscreensaver-5.30

  • 003-settings.xzm:

  • - new feature added support for basic authentication for the homepage, e.g.: http://user:name@domain.org

    - new feature display notification that unauthorized component has been added to the ISO and kiosk can't be upgraded

    - new feature disabled updates of firefox addons by default, we have none in kiosk but this setting comes handy when ISO is customized manually

    - maintenance: updated system caches as all packages were recompiled with gcc-4.8.3

  • 004-wireless.xzm:

  • - added crda and wireless-regdb packages for better wifi support

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.418: multiple vulnerabilities (CVE-2014-{0573,0574,0576,0577,0581,0582,0583,0584,0585,0586,0588,0589,0590,8437,8438,8440,8441,8442}) #529088

    - security fix curl-7.39.0: libcurl duphandle read out of bounds (CVE-2014-3707) #528840

  • 05-flash_legacy.xzm:

  • - security fix curl-7.39.0: libcurl duphandle read out of bounds (CVE-2014-3707) #528840

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.5.3: multiple vulnerabilities #524560

  • 10-printing.xzm:

  • - added hplip package with support for over 900 HP printers

    - upgraded to libusb-1.0.19

    Porteus Kiosk version 20141103

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.23-porteus-kiosk and aufs 3.14.21+-20141020

    - kernel config: added support for uinput and other miscellaneous input drivers; added support for eMMC cards

  • 001-core.xzm:

  • - upgraded to alsa-lib-1.0.28, alsa-utils-1.0.28

  • 003-settings.xzm:

  • - security fix wget-1.16: arbitrary file creation through ftp symlinks (CVE-2014-4877) #527056

    - new feature display 'System is up to date' notification when kiosk works in it's latest version

  • 07-java.xzm:

  • - upgraded to icedtea-web-1.5.1-r1

  • 10-printing.xzm:

  • - security fix lcms-2.6-r1: insufficient ICC profile version validation (CVE-2014-0459) #507788

    Porteus Kiosk version 20141023

  • 001-core.xzm:

  • - critical security fix openssl-1.0.1j: multiple vulnerabilities (CVE-2014-{3513,3515,3567,3568}) #525468

    - kiosk fix added missing /usr/lib/libgudev-1.0.so library required by /usr/lib/libwacom.so

    - upgraded to timezone-data-2014g

  • 003-settings.xzm:

  • - kiosk fix final fix for the BCM chipset issue. bug: link

    - kiosk fix fixed handling of the lpd:// printer URI containing authorization string. bug: link

    Porteus Kiosk version 20141016

  • initrd.xz:

  • - added a quirk for loading 'broadcom' driver during PXE boot when BCM57780 chipset is found. bug: link

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.22-porteus-kiosk and aufs 3.14.21+-20141013

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.2.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix updated 'xzm download' function to resolve remaining md5sum issues. After this upgrade you should never experience them anymore (they may still occur only when there is something wrong with your connection).

    - added a quirk for loading 'broadcom' driver during normal boot when BCM57780 chipset is found. bug: link

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.411: multiple vulnerabilities (CVE-2014-{0558,0564,0569}) #525430

    Porteus Kiosk version 20141001

  • 001-core.xzm:

  • - security fix dhcpcd-6.4.7: fast stabilization due to the 'shellshock' issue #523900

    - added libwacom-0.7.1 required by xf86-input-wacom package

    - upgraded to util-linux-2.24.1-r3

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.1.1. changelog: link

  • 07-java.xzm:

  • - upgraded to icedtea-web-1.4.2-r1

    Porteus Kiosk version 20140918

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.19-porteus-kiosk and aufs 3.14.x-20140915

  • 001-core.xzm:

  • - security fix dbus-1.8.8: Multiple vulnerabilities (CVE-2014-{3635,3636,3637,3638,3639) #522982

    - upgraded to udev-216

  • 003-settings.xzm:

  • - updated printers list: number of supported printers increased from 1756 to 2483. read more: link

    - updated keyboard layout list: added Moldovian and Wolof layouts, removed Catalonian

  • 004-wifi.xzm:

  • - brought back 'iwlist' utility from the 'wireless-tools' package as it's needed for scanning local SSIDs in the first run wizard

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.406: Multiple vulnerabilities (CVE-2014-{0547,0548,0549,0550,0551,0552,0553,0554,0555,0556,0557,0559}) #522448

  • 10-printing.xzm:

  • - security fix cups-1.7.5: two vulnerabilities (CVE-2014-5030) #519792

    - upgraded to gutenprint-5.2.10

    - added dymo-cups-drivers-1.4.0, splix-2.0.0_p20130826, xerox-drivers-0_p20080123

    Porteus Kiosk version 20140908

  • initrd.xz:

  • - new feature display the OS version during boot

    - clean the screen properly after counting (modules/seconds)

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.18-porteus-kiosk and aufs 3.14.x-20140825

    - kernel config: added 'CONFIG_EFI_FB=y'

  • 001-core.xzm:

  • - added xf86-input-hyperpen-1.4.1, xf86-input-fpit-1.4.0

    - recompiled 'pixman' package with MMX CPU instruction support

    - removed 'xrefresh' package as it's not needed anymore

    - upgraded to timezone-data-2014f

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.1.0. changelog: link

  • 003-settings.xzm:

  • - switched to MAC based authorization for dhcpcd which is persistent (MAC never changes) unlike duid in kiosk

    - upgraded to mkisofs-3.01a24

  • 004-wifi.xzm:

  • - removed 'wireless-tools' package as was never really needed

  • 08-ssh.xzm:

  • - recompiled 'openssh' package with X11 forwarding support

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.13-r1

    Porteus Kiosk version 20140812

  • 001-core.xzm:

  • - security fix openssl-1.0.1i: Multiple vulnerabilities (CVE-2014-{3505,3506,3507,3509,3510,3511,3512,5139}) #519264

    - security fix dhcpcd-6.4.3: Denial of service #518596

    - upgraded to glibc-2.19-r1, timezone-data-2014d, xscreensaver-5.29

  • 003-settings.xzm:

  • - welcome wizard: fixed support for hidden wifi SSIDs

    - maintenance: updated system caches due to upgraded glibc package

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.400: multiple code execution or security bypass flaws (APSB14-18) (CVE-{2014-0538,0540,0541,0542,0543,0544,0545}) #519790

    - upgraded to curl-7.36.0

  • 05-flash_legacy.xzm:

  • - upgraded to curl-7.36.0

    Porteus Kiosk version 20140727

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.13-porteus-kiosk

    - upgraded to aufs 3.14.x-20140720

    - kernel config: added 'CONFIG_FHANDLE=y' required by latest udev.

    - kernel config: removed 'CONFIG_USB_PRINTER=m' as usb printers are now handled by libusb.

  • 001-core.xzm:

  • - security fix openssl-1.0.1h-r2: Multiple vulnerabilities (CVE-2010-5298,CVE-2014-{0195,0198,0221,0224,3470}) #512506

    - security fix freetype-2.5.3-r1: CFF Fonts Stem Hints Processing Buffer Overflow Vulnerability (CVE-2014-2240) #504088

    - new feature added 'ntpdate' utlity to sync hardware clock with remote ntp server (pool.ntp.org) if timezone was enabled in the wizard. Outgoing udp traffic on port 123 is enabled in the firewall config.

    - upgraded to atk-2.12.0-r1, gdk-pixbuf-2.30.8, glib-2.40.0-r1, gtk+-2.24.24, harfbuzz-0.9.28, imlib2-1.4.6-r2, libglade-2.6.4-r2, libpng-1.6.12, pango-1.36.5

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-31.0. changelog: 25.0 26.0 27.0 28.0 29.0 30.0 31.0

    - firefox config: moved refresh/stop buttons on the left side of the address bar.

    - firefox config: removed '100%' button from zoom controls to make them smaller.

    - firefox config: allowed java plugin by default so it wont ask for confirmation before running.

  • 003-settings.xzm:

  • - kiosk wizard: display wpa password and wep key on the welcome wizard config page.

    - maintenance: updated system caches.

  • 07-java.xzm:

  • - upgraded to cups-1.7.3

  • 10-printing.xzm:

  • - upgraded to cups-1.7.3, gtk+-2.24.24

    Porteus Kiosk version 20140715

  • 001-core.xzm:

  • - upgraded to kmod-18-r1, udev-215

  • 003-settings.xzm:

  • - kiosk security fix disabled 'Ctrl+Shift+h' keybinding which displays firefox history menu (nothing there as kiosk runs in 'private mode' by default but still we dont need this menu in kiosk) and 'Ctrl+`' keybinding which allows to display prevoius kiosk notifications.

    - added empty and non-executable /etc/rc.d/rc.local so users can put their startup commands into it.

  • 05-flash:

  • - security fix adobe-flash-11.2.202.394: multiple vulnerabilities (CVE-2014-{0537,0539,4671}) #516750

  • 10-printing:

  • - upgraded to libpcre-8.35

    Porteus Kiosk version 20140707

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.11-porteus-kiosk as 3.14.x kernel line obtained a 'Long Term Support' status: link

    - upgraded to aufs 3.14.x-20140630

  • 001-core.xzm:

  • - critical security fix dbus-1.8.6: two local DoS vulnerabilities in dbus-daemon (CVE-2014-{3532,3533}) #516080

    - critical security fix libXfont-1.4.8: integer overflow, unchecked buffer (CVE-2014-{0209,0210,0211}) #510250

    - upgraded to iptables-1.4.21-r1

  • 003-settings.xzm:

  • - kiosk security fix disabled 'Shift + left mouse button' combination to prevent opening new firefox windows when clicked on hyperlinks. This binding is especially dangerous when the navigation bar is disabled as there is no possibility to close any windows in this mode. Multiple firefox instances could slow down the kiosk or even make it unusable.

    - kiosk fix once kiosk is fully booted delete unneeded and potentially risky for the kiosk stability utilities like 'wget' or 'dd'.

    - new feature if swap support is not enabled in the wizard - spin down all the block media (hd, CD, usb, SD/MMC cards) to save energy and make the kiosk environment friendly.

  • 10-printing:

  • - recompiled cups-filters against upgraded qpdf libraries

    - upgraded to qpdf-5.1.1

    Porteus Kiosk version 20140611

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.12.22-porteus-kiosk

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-24.6.0. changelog: link

  • 003-settings.xzm:

  • - bugfix: Alt+Ctrl+Del combination will kill only previous instance of the 'kiosk shutdown' utility and not every gtkdialog application (like e.g. welcome wizard).

  • 004-wifi.xzm:

  • - removed unneeded bluetooth firmware.

  • 05-flash:

  • - security fix adobe-flash-11.2.202.378: multiple vulnerabilities (CVE-2014-{0531,0532,0533,0534,0535,0536}) #512888

    Porteus Kiosk version 20140605

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.12.21-porteus-kiosk

    - upgraded to aufs 3.12.x-20140602

  • 001-core.xzm:

  • - critical security fix openssl-1.0.1h-r2: SSL/TLS MITM vulnerability (CVE-2014-{0224,0221,0195,0198,3470},CVE-2010-5298) #512506

  • 003-settings.xzm:

  • - bugfix: always put wifi interface up before scanning for available networks in the first run wizard.

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.4.7: multiple vulnerabilities #508270

    - security fix icedtea-web-1.4.2: insecure temporary directory use #501472

    Porteus Kiosk version 20140530

  • 003-settings.xzm:

  • - bugfix: export SSID as 'ssid_name=some-name' in the welcome wizard otherwise wifi networking wont be initialized. bug #link

    Porteus Kiosk version 20140523


    Tagged as Porteus Kiosk 3.1.0 release