Porteus Kiosk

Porteus Kiosk version 20250302

- upgraded to linux-6.6.80, intel-microcode-20250211_p20250211

- upgraded to libffi-3.4.6-r3, alsa-ucm-conf-1.2.13, hwdata-0.391, timezone-data-2025a-r1, nettle-3.10.1, tiff-4.7.0-r1, openssl-3.3.3, libgcrypt-1.11.0-r2, alsa-lib-1.2.13-r2, gnutls-3.8.8, sqlite-3.47.2-r1, alsa-utils-1.2.13-r2, libXt-1.3.1-r1, xinit-1.4.3, util-linux-2.40.4, systemd-utils-255.15-r1, e2fsprogs-1.47.2, rsyslog-8.2412.0, dhcpcd-10.1.0-r1, freetds-1.4.24, libwacom-2.14.0, libinput-1.27.1, nghttp2-1.64.0, curl-8.11.1-r2, xf86-input-synaptics-1.10.0, xf86-video-ast-1.2.0

- major Chrome upgrade upgraded to google-chrome-133.0.6943.126

- new feature added support for skipping updates for certain day(s) in a week: link

- upgraded to tcl-8.6.15, tk-8.6.15, ppp-2.5.2, wpa_supplicant-2.10-r6

- upgraded to openssh-9.9_p2

Porteus Kiosk version 20250119

- security fix libxml2-2.12.9: Regression in consumer protection from CVE-2012-0037 (CVE-2024-40896) #943198

- security fix rsync-3.3.0-r2: Multiple vulnerabilities (CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747) #948106

- security fix openssl-3.3.2-r1: Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143) #941643

- security fix expat-2.6.4: NULL pointer dereference through function XML_ResumeParser (CVE-2024-50602) #942969

- upgraded to glibc-2.40-r5, gcc-14.2.1_p20241116, glib-2.80.5-r1, alsa-plugins-1.2.12, hwdata-0.390, pacparser-1.4.5, ethtool-6.10, libgpg-error-1.51, libcap-2.7, libXau-1.0.12, libxshmfence-1.3.3, libICE-1.1.2, libSM-1.2.5, procps-4.0.4-r2, libgcrypt-1.11.0-r1, nspr-4.36, sshpass-1.10, libX11-1.8.10-r1, libXrender-0.9.12, libXt-1.3.1, libXcursor-1.2.3, libXxf86vm-1.1.6, libXv-1.0.13, xrandr-1.5.3, xcompmgr-1.1.10, lsof-4.99.4, rsyslog-8.2404.0-r3, xfsprogs-6.11.0, iptables-1.8.11-r1, pixman-0.44.2, libxcvt-0.1.3, usbutils-018, curl-8.10.1-r2, libltdl-2.5.4, libwacom-2.13.0, libinput-1.27.0, at-spi2-core-2.52.0, lm-sensors-3.6.2, freetype-2.13.3, harfbuzz-10.1.0, xorg-server-21.1.15-r99, tigervnc-1.14.1-r3, gdk-pixbuf-2.42.12, xf86-input-wacom-1.2.3, xf86-video-fbdev-0.5.1, xf86-video-nouveau-1.0.18, librsvg-2.58.5, gtk+-3.24.42-r1, adwaita-icon-theme-46.2

- upgraded to libssh-0.11.1-r1, xdg-utils-1.2.1-r8, json-glib-1.10.6

Porteus Kiosk version 20241222

- upgraded to linux-6.6.67, intel-microcode-20241112_p20241103, sof-firmware-2024.09.2

- security fix mozilla-firefox-128.5.2 Changelog: link

Porteus Kiosk version 20241124

- security fix wget-1.25.0: Vulnerability with shorthand FTP URLs (CVE-2024-10524) #943275

- upgraded to baselayout-2.17, libpng-1.6.44, elfutils-0.191-r2, libXi-1.8.2, util-linux-2.40.2, xfsprogs-6.10.1, libxml2-2.12.8, dhcpcd-10.1.0, libxslt-1.1.39-r1, libevdev-1.13.3, xkeyboard-config-2.43, tigervnc-1.14.0-r2, curl-8.10.1-r1, abseil-cpp-20240722.0, libinput-1.26.2, wayland-1.23.1, cairo-1.18.2-r1, xorg-server-21.1.14-r99, librsvg-2.57.3-r2, xf86-input-evdev-2.11.0, xf86-input-libinput-1.5.0, xf86-video-mga-2.1.0, xf86-video-r128-6.13.0

- upgraded to net-snmp-5.9.4-r1, cups-2.4.11, hplip-3.24.4

Porteus Kiosk version 20241020

- upgraded to linux-6.6.57, intel-microcode-20240910_p20240915, sof-firmware-2024.06

- security fix curl-8.9.1: ASN.1 date parser overread (CVE-2024-7264) #937125

- upgraded to alsa-ucm-conf-1.2.12, libgpg-error-1.50, openssl-3.3.2, kmod-33, alsa-lib-1.2.12, libgcrypt-1.11.0, gnutls-3.8.7.1-r1, userspace-rcu-0.14.1, sqlite-3.46.1, alsa-utils-1.2.12, nss-3.101.2, systemd-utils-254.17, dhcpcd-10.0.10, libjpeg-turbo-3.0.3-r1, fontconfig-2.15.0-r1, harfbuzz-9.0.0, imlib2-1.12.3, pango-1.52.2, feh-3.10.3

- security fix mozilla-firefox-128.3.1 Changelog: link

- major Chrome upgrade upgraded to google-chrome-130.0.6723.58

- upgraded to wireless-regdb-20240508, tcl-8.6.14, libnl-3.10.0, wpa_supplicant-2.10-r5, iw-6.7

- upgraded to libsodium-1.0.20, libssh-0.10.6-r1

- upgraded to openssh-9.8_p1-r2

- security fix openjpeg-2.5.2: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb (CVE-2021-3575) #832007

- security fix cups-2.4.10-r1: Missing PPD attribute validation #940316

- upgraded to libpaper-2.1.3, jbig2dec-0.20, libjpeg-turbo-3.0.3-r1, qpdf-11.9.1, lcms-2.16-r1, poppler-24.08.0

Porteus Kiosk version 20240915

- upgraded to linux-6.6.51, intel-microcode-20240813_p20240815, sof-firmware-2024.03

- upgraded AMD CPU microcode to latest version from git

- security fix openssl-3.0.14: Checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603) #932317

- security fix expat-2.6.3: multiple vulnerabilities (CVE-2024-45490, CVE-2024-45491, CVE-2024-45492) #938894

- upgraded to libffi-3.4.6, nettle-3.10, libpcre2-10.44-r1, compose-tables-1.8.10, libX11-1.8.10, libXtst-1.2.5, logrotate-3.22.0, shadow-4.14.8, abseil-cpp-20240116.2-r4, libgudev-238-r2, libwacom-2.12.2, wayland-1.23.0-r1, libXfont2-2.0.7, speech-dispatcher-0.11.5, tigervnc-1.14.0-r1

- security fix ghostscript-gpl-10.03.1: Multiple vulnerabilities (CVE-2023-52722, CVE-2024-29510, CVE-2024-33869, CVE-2024-33870, CVE-2024-33871) #932125

- security fix net-snmp-5.9.4: multiple vulnerabilities (CVE-2022-44792, CVE-2022-44793) #880231

- upgraded to perl-5.40.0, libieee1284-0.2.11-r9, poppler-24.06.1

Porteus Kiosk version 20240818

- upgraded to hwdata-0.383, ethtool-6.9, sqlite-3.46.0, rsync-3.3.0-r1, elfutils-0.191-r1, util-linux-2.39.4-r1, e2fsprogs-1.47.1, rsyslog-8.2404.0-r1, pciutils-3.13.0, xfsprogs-6.8.0, libevdev-1.13.2, xkeyboard-config-2.42, libwacom-2.11.0, libinput-1.26.1, libxkbcommon-1.7.0-r1, nghttp2-1.62.1, curl-8.8.0-r1, gtk+-3.24.41-r1

- security fix mozilla-firefox-128.1.0 Changelog: link

- upgraded to icaclient-24.5.0.76

Porteus Kiosk version 20240720

- upgraded to llvm-17.0.6, mesa-24.0.9, mesa-progs-9.0.0, gmmlib-22.3.19, libdrm-2.4.121, libva-2.21, libva-utils-2.21.0, libva-intel-media-driver-24.1.5

- added speech-dispatcher-0.11.4-r2

- major Firefox ESR release mozilla-firefox-128.0 changelog: 116.0 117.0 118.0 119.0 120.0 121.0 122.0 123.0 124.0 125.0 126.0 127.0 128.0

- kiosk fix disabled webpage translation popup by default for the Firefox browser

- new feature sync the time automatically when making a connection to porteus-kiosk.org server during system installation. Display a message that time must be set manually in the wizard if it's not correct (case where the NTP protocol/server is blocked in the network).

Porteus Kiosk version 20240707

- upgraded to linux-6.6.37, intel-microcode-20240514_p20240514

- kernel config: added support for PCI based UFS host controllers which are used in some laptops and miniPCs

- security fix libxml2-2.12.7: Buffer overread with xmllint --htmlout #931977

- security fix procps-4.0.4: ps buffer overflow (CVE-2023-4016) #931408

- security fix coreutils-9.5: chmod -R TOCTOU vulnerability #928062

- upgraded to hwdata-0.38, nettle-3.9.1-r1, libcap-2.70, kmod-32-r2, dhcpcd-10.0.8, harfbuzz-8.5.0

- major Chrome upgrade upgraded to google-chrome-126.0.6478.126

- kiosk fix fixed screensaver slideshow/webpage/video incompatibility with 'onscreen buttons'

- kiosk fix disabled 'Reading mode' feature for the Chrome browser

- kiosk fix disabled 'In Product help' Chrome popup related to the settings menu

- upgraded to libsodium-1.0.19_p20240117, remmina-1.4.35-r2

- security fix openssh-9.7_p1-r6: Remote code execution (CVE-2024-6387) #935271

Porteus Kiosk version 20240616

- security fix wget-1.24.5: cookie leakage with HSTS and subdomains #930041

- upgraded to libgpg-error-1.49, pacparser-1.4.3, dmidecode-3.6, rsync-3.3.0, systemd-utils-254.13, pciutils-3.12.0, xfsprogs-6.6.0-r1, iptables-1.8.10-r1, html-xml-utils-8.6, libcec-6.0.2-r2, fontconfig-2.15.0, harfbuzz-8.4.0, openbox-3.6.1-r9

- added abseil-cpp-20230125.3-r3

- security fix mozilla-firefox-115.12.0 Changelog: link

- upgraded to wvdial-1.61-r1, libnl-3.9.0

Porteus Kiosk version 20240519

- upgraded to linux-6.6.30, intel-microcode-20240312_p20240312, sof-firmware-2023.12.1

- security fix glibc-2.38-r13: Multiple vulnerabilities in nscd (CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, GLIBC-SA-2024-0005, GLIBC-SA-2024-0006, GLIBC-SA-2024-0007, GLIBC-SA-2024-0008) #930667

- security fix glib-2.78.6: Signal subscription vulnerabilities (CVE-2024-3439) #931507

- upgraded to gcc-13.2.1_p20240210, alsa-ucm-conf, alsa-lib-1.2.11, alsa-utils-1.2.11, ncurses-6.4_p20240414, sysvinit-3.09, zlib-1.3.1-r1, sqlite-3.45.3, libpcre2-10.43, zstd-1.5.6, kmod-32-r1, libxml2-2.12.6, libpciaccess-0.18.1, libgpg-error-1.48, libusb-1.0.27-r1, ca-certificates-20240203.3.98, libevdev-1.13.1-r1, libwacom-2.10.0, curl-8.7.1-r4, libxkbcommon-1.7.0, mtdev-1.1.7, libX11-1.8.9, libepoxy-1.5.10-r3, rsyslog-8.2404.0, librsvg-2.57.3, libxcb-1.17.0, libXmu-1.2.1, xf86-input-wacom-1.2.2

- added alsa-plugins-1.2.7.1-r1, libpulse-17.0, pulseaudio-daemon-17.0-r1, libltdl-2.4.7-r1, libsndfile-1.2.2-r2, speexdsp-1.2.1, webrtc-audio-processing-1.3-r3

- kiosk fix removed the 1 pixel white line at the top of the kiosk screen which was visible when Firefox displayed the screensaver webpage

- new feature switched the sound subsystem from ALSA to PulseAudio. 'default_sound_card=' and 'default_microphone=' parameters are now obsolete. If they are present in the kiosk config then system falls back to using ALSA.

Porteus Kiosk version 20240421

- upgraded to timezone-data-2024a-r1, ethtool-6.7, libunistring-1.2, attr-2.5.2-r1, libpng-1.6.43, openssl-3.0.13-r2, sqlite-3.45.1-r1, coreutils-9.4-r1, libxcrypt-4.4.36-r3, libXdmcp-1.1.5, util-linux-2.39.3-r7, systemd-utils-254.10-r1, libxcb-1.16.1, libXext-1.3.6, at-spi2-core-2.50.2, ca-certificates-20230311.3.97, libpciaccess-0.18, libxkbfile-1.1.3, pixman-0.43.4, xkeyboard-config-2.41, libfontenc-1.1.8, nss-3.99, rsyslog-8.2402.0, inih-58, libXcursor-1.2.2, dhcpcd-10.0.6-r2, startup-notification-0.12-r2, libXaw-1.0.16, xev-1.2.6, iptables-1.8.10, xkbcomp-1.4.7, libXaw3d-1.6.6, nghttp2-1.61.0, curl-8.7.1-r2, pango-1.52.1, gtk+-3.24.41, imlib2-1.11.0, xorg-server-21.1.13-r99, conky-1.19.8, xf86-input-elographics-1.4.4, xf86-input-wacom-1.2.1

- major Chrome upgrade upgraded to google-chrome-124.0.6367.60

- security fix mozilla-firefox-115.10.0 Changelog: link

- kiosk fix disabled "In Product Help" popup which appears when password is saved in Chrome for the first time in the password manager

- kiosk fix disabled "In Product Help" popup which appears when you select "Search this page with Google" option in the Chrome's 3 dot settings menu

- upgraded to ppp-2.5.0-r7, wpa_supplicant-2.10-r4

- upgraded to libsodium-1.0.19-r2, freerdp-2.11.5-r10, remmina-1.4.35-r1

Porteus Kiosk version 20240328

- updated init script to use overlayfs instead of aufs

- kernel config: enabled overlayfs support and removed aufs as it causes 'kernel panic' during boot on certain PC models and kernel 6.6.x

- kiosk fix temporary disable transparency when starting default (ripples) screensaver otherwise it cannot load a screenshot image

- kiosk fix removed 'print test page' function from the wizard as we cannot inject printing module on the fly to the virtual filesystem after switching to overlayfs

Porteus Kiosk version 20240317

- mount aufs with 'udba=none' flag by default as writable branch is not accessible anyway after switching to /union, that should also give some small boost in aufs performance

- major kernel upgrade upgraded to linux-6.6.21

- upgraded to sof-firmware-2023.12, upgraded kernel firmware to latest version from git

- upgraded to gmmlib-22.3.17, libva-intel-media-driver-24.1.3, xorg-server-21.1.11-r99

- new security feature added support for individual SSL certificates and passwords when connecting to PK Server

- new feature added a 3rd party patch to xorg-server to use the 'modesetting' driver by default on Intel GPUs gen 4 and newer

- new feature added a 3rd party patch to xorg-server to enable the 'TearFree' feature for the 'modesetting' GPU driver

- new feature added a wrapper which should automatically fix the video output names in the 'screen_settings=' parameter after switching to the modesetting driver (no need to manually update the kiosk configs)

- kiosk fix import certificates before 'run_command=' parameter so is possible to download files from webpages configured with self-signed certs if you add a private key to the imported CA cert. Remote config still must be protected by a valid SSL cert, hosted on a PK Server "Premium" or plain http/ftp server (without SSL).

Porteus Kiosk version 20240310

- upgraded to linux-6.1.78

- major Chrome upgrade upgraded to google-chrome-122.0.6261.111

- kiosk security fix always verify SSL certificate on all connections. If you host remote config or kiosk files (e.g. wallpaper) on a web server then please ensure that SSL certificate is valid otherwise the 'remote management' function will not work. This rule applies also to the intranet deployments. Please ensure that the NTP protocol is not blocked in your network as the system time must be correct when validating the SSL certificate.

- kiosk security fix skip proxy when making connections to updates server, Porteus Kiosk Server and remote config server (relevant IPs are added to proxy exceptions by default) as we dont want the sensitive traffic to be intercepted or manipulated by anybody

- kiosk security fix never upload VNC passwords on PK server by default, server will download them from the client when initializing the VNC connection

- new security feature if 'root_password=' is not set in the kiosk config then generate a random one during each kiosk boot. Clients can still be accessed over SSH protocol using PK Server "Premium" which uses SSH keys and not passwords when communicating with the clients. Do not remove 'root_password=' parameter from your kiosk config if you plan to connect to your kiosk directly using e.g. Putty app. If you use PK Server "Premium" then its recommended to remove the root password from the kiosk configs in order to enchance the security on the clients.

- new security feature if 'vnc_password=' is not set in the kiosk config then generate a random one during each kiosk boot. Clients can still be accessed over VNC protocol using PK Server "Premium" which copies VNC password over SSH when initializing the VNC connection to the client. Do not remove 'vnc_password=' parameter from your kiosk config if you plan to connect to your kiosk directly using any VNC client e.g. TigerVNC. If you use PK Server "Premium" then its recommended to remove the VNC password from the kiosk configs in order to enchance the security on the clients.

- kiosk fix ignore "default_sound_card=0.0" parameter as it breaks the sound output in Chrome

- kiosk fix show up to 20 messages on the screen so its possible to see them all during system update

Porteus Kiosk version 20240303

- security fix glibc-2.38-r10: Multiple vulnerabilities (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, GLIBC-SA-2024-0001, GLIBC-SA-2024-0002, GLIBC-SA-2024-0003) #923352

- security fix openssl-3.0.13: multiple vulnerabilities (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237) #921684

- upgraded to libffi-3.4.4-r4, libcap-2.69-r1, libbsd-0.11.8, bzip2-1.0.8-r5, libpcre2-10.42-r2, sqlite-3.44.2-r2, libxcb-1.16-r1, rsync-3.2.7-r4, e2fsprogs-1.47.0-r3, pixman-0.43.2, zstd-1.5.5-r1, libinput-1.25.0, curl-8.5.0-r3, libdrm-2.4.120, libva-utils-2.20.1, libXaw3d-1.6.5-r1

- security fix mozilla-firefox-115.8 Changelog: link

- upgraded to libidn2-2.3.7, json-glib-1.8.0

- upgraded to libpaper-2.1.2, libidn-1.42, openjpeg-2.5.0-r6, qpdf-11.7.0, ghostscript-gpl-10.02.1, poppler-24.02.0, cups-2.4.7-r2

Porteus Kiosk version 20240211

- security fix curl-8.5.0: Multiple vulnerabilities (CVE-2023-42619, CVE-2023-46218) #919325

- upgraded to libffi-3.4.4-r3, baselayout-2.14-r2, timezone-data-2023d, traceroute-2.1.5, popt-1.19-r1, rsync-3.2.7-r3, zlib-1.3-r4, libxml2-2.12.5, systemd-utils-254.8, rsyslog-8.2312.0, ca-certificates-20230311.3.96.1, dhcpcd-10.0.6-r1, lsof-4.99.3, conky-1.19.6-r2, feh-3.10.2, libgcrypt-1.10.3-r1

- security fix mozilla-firefox-115.7 Changelog: link

- upgraded to libidn2-2.3.4-r2, shared-mime-info-2.4-r1, libvncserver-0.9.14-r2

- upgraded to libvncserver-0.9.14-r2

Porteus Kiosk version 20240121

- upgraded to linux-6.1.74, sof-firmware-2023.09.2

- upgraded to llvm-16.0.6, ethtool-6.6, sysvinit-3.08, coreutils-9.4, libXaw-1.0.15-r1, libxml2-2.11.5-r1, at-spi2-core-2.50.1, shadow-4.14.2, libglvnd-1.7.0, inih-57-r1, ca-certificates-20230311.3.95, ntp-4.2.8_p17-r1, usbutils-017, gmmlib-22.3.14, libdrm-2.4.118, libva-2.20.0, libva-intel-media-driver-23.4.3, libva-utils-2.20.0, mesa-23.2.1, libnotify-0.8.3, pango-1.51.0, gtk+-3.24.39, librsvg-2.57.0, libXfont2-2.0.6-r1, xorg-server-21.1.11

- added lsof-4.99

Porteus Kiosk version 20240107

- security fix cairo-1.18.0: Multiple vulnerabilities (CVE-2019-6461, CVE-2019-6462) #717778

- security fix traceroute-2.1.3: improper command line parsing (CVE-2023-46316) #917769

- upgraded to glib-2.78.3, libffi-3.4.4-r2, timezone-data-2023c-r1, alsa-ucm-conf-1.2.10-r1, hwdata-0.376, gmp-6.3.0-r1, zlib-1.3-r2, openssl-3.0.12, util-linux-2.38.1-r3, sqlite-3.44.2-r1, kmod-31, libxslt-1.1.39, systemd-utils-254.7, elfutils-0.190, tiff-4.6.0, alsa-lib-1.2.10-r2, libgpg-error-1.47-r1, xkeyboard-config-2.40-r1, ca-certificates-20230311.3.93, dhcpcd-10.0.5-r1, alsa-utils-1.2.10-r1, stunnel-5.71, libwacom-2.8.0, harfbuzz-8.3.0, openbox-3.6.1-r8, feh-3.10.1

- upgraded to google-chrome-120.0.6099.199

- security fix libssh-0.10.6 : terrapin vulnerability #920291

- upgraded to freerdp-2.11.1, remmina-1.4.31-r1

- security fix openssh-9.6_p1: ProxyCommand Unexpected Code Execution Vulnerability (CVE-2023-51385) #920722

Porteus Kiosk version 20231217

- major Chrome upgrade upgraded to google-chrome-120.0.6099.109

- kiosk fix disabled 'Featured experiments' button in the Chrome's UI (navigation bar)

- kiosk fix disabled 'In Product Help' popups in Chrome which appears when you perform certain actions for the first time with private mode disabled: open new tab, play video file, download file

- kiosk fix disabled 'NEW' flag on Google Password Manager in the 3-dot Chrome settings menu

- new feature updated Chrome flags for the 'hardware_video_decode=' parameter. Google switched to a new "Vaapi Video Decoder" which supports additional codecs: h265 and AV1. Right now it works only for Intel Broadwell GPUs and newer. If you use another GPU (e.g. AMD or older Intel) and need hardware video decode feature then you should switch to a Firefox browser as it supports all GPUs which are capable of accelerated video playback.

- new feature added udev rule to allow user 'guest' using the Yubikey products

Porteus Kiosk version 20231125

- upgraded to linux-6.1.63, intel-microcode-20231114_p20231114, sof-firmware-2023.09.1

- upgraded to c-ares-1.21.0, hwdata-0.375, dmidecode-3.5-r3, zlib-1.3-r1, libXrandr-1.5.4, systemd-utils-254.5-r2, xkeyboard-config-2.40, rsyslog-8.2310.0, libxkbcommon-1.6.0, xf86-video-siliconmotion-1.7.10

- security fix mozilla-firefox-115.5 Changelog: link

Porteus Kiosk version 20231104

- upgraded to linux-6.1.61

- upgraded AMD microcode to the latest version

- security fix xorg-server-21.1.9 Multiple vulnerabilities (CVE-2023-5367, CVE-2023-5380) #916254

- security fix zlib-1.2.13-r2: Buffer overflow (CVE-2023-45853) #916484

- upgraded to hwdata-0.374, ethtool-6.5, acpid-2.0.34-r1, sqlite-3.43.2, harfbuzz-8.2.0

- security fix mozilla-firefox-115.4 Changelog: link

- kiosk fix when the address bar is disabled in the Firefox browser then do not allow opening a new tab by double clicking on the empty space in the tab bar area

- kiosk fix removed the 1 pixel white line at the top of the kiosk screen when Firefox works with the navigation bar disabled

- kiosk fix re-enabled 'hinting-slight' feature (previously it broke our gtkdialog apps and had to be disabled) so fonts in kiosk should look much better now

- upgraded to libidn2-2.3.4-r1, libsodium-1.0.19-r1, libvncserver-0.9.14-r1

Porteus Kiosk version 20231015

- security fix glibc-2.37-r7 Local Privilege Escalation in ld.so (CVE-2023-4911) #915127

- security fix libxml2-2.11.5-r1: Use-after-free if memory allocation fails (CVE-2023-45322) #915351

- security fix libX11-1.8.7: Multiple vulnerabilities (CVE-2023-43785, CVE-2023-43786, CVE-2023-43787) #915129

- security fix libXpm-3.5.17: Multiple vulnerabilities (CVE-2023-43788, CVE-2023-43789) #915130

- security fix lua-5.4.6: heap buffer overflow in recursive errors (CVE-2022-33099) #856463

- security fix nghttp2-1.57.0: HTTP/2 Rapid Reset vulnerability #915554

- security fix curl-8.4.0: security stabilisation #915569

- upgraded to gcc-13.2.1_p20230826, openssl-3.0.11, nss-3.91, elfutils-0.189-r4, systemd-utils-253.11-r1, libxcb-1.16, libgcrypt-1.10.2, dhcpcd-10.0.3, sshpass-1.09-r1, libinput-1.24.0, freetype-2.13.2, fontconfig-2.14.2-r3, xf86-input-libinput-1.4.0

- upgraded to libnl-3.8.0

- upgraded to openssh-9.4_p1-r1

- security fix cups-2.4.7: Buffer overflow when reading Postscript in PPD files (CVE-2023-4504) #914781

- security fix cups-filters-1.28.17-r2: RCE via beh filter (CVE-2023-24805, GHSA-gpxc-v2m8-fr3x) #906944

- upgraded to python-3.10.13, qpdf-11.5.0, ghostscript-gpl-10.02.0

Porteus Kiosk version 20230930

- security fix mozilla-firefox-115.3.1 Changelog: link

- upgraded to wpa_supplicant-2.10-r3, tcl-8.6.13-r1, ppp-2.5.0-r4, crda-4.15-r2

- security fix openssh-9.3_p2: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408) #910553

Porteus Kiosk version 20230909

- security fix tiff-4.5.1: multiple vulnerabilities (CVE-2023-1916, CVE-2023-25434, CVE-2023-26965, CVE-2023-2731) #904424

- upgraded to alsa-ucm-conf-1.2.9, hwdata-0.373, libmd-1.1.0, cronbase-0.3.7-r10, ethtool-6.4, gmp-6.3.0, libpcre-8.45-r2, libpng-1.6.40-r1, gnutls-3.8.0, iw-5.19, libxcrypt-4.4.36, coreutils-9.3-r3, alsa-lib-1.2.9, elfutils-0.189-r1, mtr-0.95-r1, alsa-utils-1.2.9, systemd-utils-253.6, xkeyboard-config-2.39, inih-57, curl-8.1.2, dhcpcd-10.0.2, xfsprogs-6.4.0, libjpeg-turbo-3.0.0, glib-2.76.4, libgudev-238-r1, libwacom-2.7.0, libepoxy-1.5.10-r2, harfbuzz-8.0.1, xorg-server-21.1.8-r2, conky-1.19.2-r1, librsvg-2.56.3, lua-5.4.4-r103

- upgraded to perl-5.38.0-r1, poppler-data-0.4.12, lcms-2.15, poppler-23.08.0, libpaper-2.1.0

Porteus Kiosk version 20230820

- upgraded to linux-6.1.46, intel-microcode-20230808_p20230804

- new kernel and microcode versions fixes important vulnerabilities: Intel Downfall, AMD Inception and AMD Zen 1 "Divide By Zero" bug

- upgraded VAAPI stack which is required by new Chrome: libva-2.19.0, libva-utils-2.19.0, gmmlib-22.3.7, libva-intel-media-driver-23.2.4

- major Chrome upgrade upgraded to google-chrome-115.0.5790.170

- kiosk fix disabled 'High Efficiency' mode for the Chrome browser to prevent discarding of tabs after a certain period of time

- kiosk fix disabled DRI3 support for VAAPI library when hardware video decode is enabled for the Chrome browser (otherwise hardware acceleration wont work)

Porteus Kiosk version 20230805

- kiosk fix fixed a bug where the watchdog daemon prevented kiosk reconfiguration on a fast booting systems

- upgraded to linux-6.1.42, intel-microcode-20230613_p20230520, sof-firmware-2.2.6

- upgraded AMD CPU firmware to latest version from git to fix 'Zenbleed' vulnerabilities

- major Firefox ESR release mozilla-firefox-115.1.0 changelog: 103.0 104.0 105.0 106.0 107.0 108.0 109.0 110.0 111.0 112.0 113.0 114.0 115.0

- kiosk fix removed extensions button from the Firefox UI as it allows to list installed extensions and report them to Mozilla

- kiosk fix removed 'Firefox view' button from the Firefox UI as its not needed for kiosk purposes

- kiosk fix removed 'minimize, restore down, close' buttons when Firefox works with 'autohide_navigation_bar=yes' parameter

- kiosk fix start Firefox in kiosk mode (instead of fullscreen) when displaying the screensaver video or screensaver URL

- new feature upgraded Firefox plugins to latest available versions

Porteus Kiosk version 20230715

- security fix libX11-1.8.6: Buffer overflows in InitExt.c (CVE-2023-3138) #908549

- security fix shadow-4.13-r4: possible password leak during passwd(1) change #908613

- upgraded to procps-3.3.17-r2, libunistring-1.1-r1, nettle-3.9.1, e2fsprogs-1.47.0-r2, ca-certificates-20230311.3.90, libxml2-2.11.4:2, ntp-4.2.8_p17, libxslt-1.1.38, fribidi-1.0.13, glib-2.76.3, at-spi2-core-2.48.3, librsvg-2.56.1, gtk+-3.24.38

- upgraded to remmina-1.4.31

- security fix cups-2.4.6: Use-after-free when logging warnings during cupsdAcceptClient failure (CVE-2023-34241) #909018

- security fix ghostscript-gpl-10.01.2: Code execution vulnerability (CVE-2023-36664) #910294

- upgraded to libpaper-2.0.12, perl-5.36.1-r3, net-snmp-5.9.3-r3, libusb-compat-0.1.8, openjpeg-2.5.0-r5, poppler-23.05.0, python-3.10.12, sane-backends-1.2.1

Porteus Kiosk version 20230625

- security fix c-ares-1.19.1: Multiple vulnerabilities (CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067) #906964

- upgraded to hwdata-0.371, dmidecode-3.5-r2, ethtool-6.3, sysvinit-3.07, coreutils-9.3-r2, wget-1.21.4, sqlite-3.42.0, nspr-4.35-r2, pciutils-3.10.0, xfsprogs-6.3.0, dhcpcd-9.5.1, libjpeg-turbo-2.1.5.1

- security fix mozilla-firefox-102.12.0 Changelog: link

- upgraded to libgpg-error-1.47, freerdp-2.10.0-r3

Porteus Kiosk version 20230604

- security fix openssl-1.1.1u: Possible DoS translating ASN.1 object identifiers (CVE-2023-2650) #907413

- security fix libcap-2.69: Multiple vulnerabilities (CAP-CR-23-02, CVE-2023-2602, CVE-2023-2603, LCAP-CR-23-01) #906461

- security fix libXpm-3.5.16: multiple vulnerabilities (CVE-2022-44617, CVE-2022-46285, CVE-2022-4883) #891209

- upgraded to ncurses-6.4_p20230401, hwdata-0.369, tiff-4.5.0-r2, libfastjson-1.2304.0, libXi-1.8.1, setxkbmap-1.3.4, xinput-1.6.4, coreutils-9.3-r1, rsyslog-8.2304.0, ca-certificates-20230311.3.89.1, gmmlib-22.3.5, libpciaccess-0.17-r1, libevdev-1.13.1, libXaw3d-1.6.5, libva-intel-media-driver-23.1.6, mesa-amber-21.3.9-r1, fontconfig-2.14.2-r2, harfbuzz-7.3.0, libXft-2.3.8, conky-1.17.0-r1, feh-3.10, xf86-video-ati-22.0.0, gtk+-2.24.33-r3

- security fix ppp-2.5.0: out-of-bounds read (CVE-2022-4603) #887017

- security fix libssh-0.10.5: Multiple vulnerabilities (CVE-2023-1667, CVE-2023-2283, GHSL-2023-085) #905746

- upgraded to freerdp-2.10.0-r2, remmina-1.4.30

Porteus Kiosk version 20230514

- security fix freetype-2.13.0: integer overflow vulnerability (CVE-2023-2004) #881443

- security fix libxml2-2.10.4: Multiple vulnerabilities (CVE-2023-28484, CVE-2023-29469) #904202

- security fix dmidecode-3.5: root privilege escalation via file overwrite (CVE-2023-30630) #905093

- security fix curl-8.0.1: Multiple vulnerabilities (CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538) #902801

- upgraded to libffi-3.4.4-r1, timezone-data-2023c, ethtool-6.2, rsync-3.2.7-r2, libcap-2.68, libfastjson-0.99.9.1, userspace-rcu-0.14.0, libXfixes-6.0.1, libXt-1.3.0, systemd-utils-252.9, zstd-1.5.5, rsyslog-8.2302.0, libcec-6.0.2-r1, iptables-1.8.9, libinput-1.23.0, at-spi2-core-2.48.0, wayland-1.22.0, pango-1.50.14, conky-1.17.0, feh-3.9.1-r1, librsvg-2.56.0, xf86-input-libinput-1.3.0, xf86-input-wacom-1.2.0, openbox-3.6.1-r5

- security fix mozilla-firefox-102.11.0 Changelog: link

- upgraded to ppp-2.4.9-r9

Porteus Kiosk version 20230423

- security fix xorg-server-21.1.8 Privilege escalation via use-after-free (CVE-2023-1393) #903547

- security fix shadow-4.13-r3 shadow file manipulation via chfn (CVE-2023-29383) #904518

- upgraded to hwdata-0.367, dmidecode-3.4-r1, libxcrypt-4.4.33, sqlite-3.41.2-r1, libX11-1.8.4-r1, nss-3.79.4, openssl-1.1.1t-r3, util-linux-2.38.1-r2, e2fsprogs-1.47.0-r1, ca-certificates-20211016.3.88.1, stunnel-5.68, curl-7.88.1-r2, xkeyboard-config-2.38, zstd-1.5.4-r3, glib-2.74.6, libnotify-0.8.2, cairo-1.17.8, pango-1.50.13, xf86-video-intel-2.99.917_p20230201, tigervnc-1.13.1, gtk+-3.24.37

- upgraded to google-chrome-112.0.5615.121

Porteus Kiosk version 20230408

- upgraded to intel-microcode-20230214_p20230212

- kernel config: compiled DAX driver directly to the vmlinuz image as it's required by PCs which initialize device mapper early during boot

- major Chrome upgrade upgraded to google-chrome-112.0.5615.49

Tagged as Porteus Kiosk 5.5.0 release

Main features of this release are listed here.

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

Porteus Kiosk version 20230318

- major kernel upgrade upgraded to linux-6.1.20

- kernel config: enabled watchdog drivers, switched to voluntary kernel preemption, other changes

- upgraded to sof-firmware-2.2.3

- added watchdog-5.16

- upgraded to gmmlib-22.3.3, mesa-22.3.7-r1, libva-intel-media-driver-22.6.6

- security fix mozilla-firefox-102.9.0 Changelog: link

Porteus Kiosk version 20230312

- start watchdog as soon as possible if its enabled in the kiosk's configuration

- upgraded to alsa-ucm-conf-1.2.8, alsa-utils-1.2.8-r2, alsa-lib-1.2.8-r1, alsa-plugins-1.2.7.1-r1, ca-certificates-20211016.3.87-r1, ethtool-6.1, popt-1.19, sysvinit-3.06-r1, kmod-30-r1, compose-tables-1.8.4, libX11-1.8.4, systemd-utils-252.7, xfsprogs-6.1.1, logrotate-3.21.0, usbutils-015, libdrm-2.4.115, libwacom-2.6.0, libinput-1.22.1, libxkbcommon-1.5.0, mesa-22.3.6, freetype-2.12.1-r2, fontconfig-2.14.2, cairo-1.17.6-r1, xf86-video-amdgpu-23.0.0, xf86-video-qxl-0.1.6, xf86-video-vmware-13.4.0, tigervnc-1.13.0

- kiosk fix PXE boot: properly export remote config name so it can be displayed in the Administration Panel of Porteus Kiosk Server

- new feature display the current resolution at the top of available resolutions in the 'monitor settings' application

- upgraded to libgcrypt-1.10.1-r3, remmina-1.4.29-r2

- upgraded to x11vnc-0.9.16-r8

Porteus Kiosk version 20230226

- upgraded to linux-5.15.96

- security fix tiff-4.5.0: multiple vulnerabilities (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2953, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970) #856478

- upgraded to nspr-4.35-r1, stunnel-5.65-r2, libbsd-0.11.7-r2

- kiosk fix fixed bug where mouse cursor was visible on the kiosk's screen with 'disable_input_devices=yes' and 'hide_mouse=yes' parameters enabled

- security fix openssh-9.2_p1: Pre-authentication double-free (CVE-2023-25136) #892936

- upgraded to python-3.10.9-r1, libpaper-2.0.4, lcms-2.14-r4, poppler-23.01.0, hplip-3.22.10

Porteus Kiosk version 20230219

- security fix xorg-server-21.1.7: Use-after-free in DeepCopyPointerClasses (CVE-2023-0494) #893438

- security fix openssl-{1.1.1t, 3.0.8}: Multiple vulnerabilities (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401) #893446

- upgraded to gmp-6.2.1-r5, libpcre2-10.42-r1, systemd-utils-251.10-r1, shadow-4.13-r2, e2fsprogs-1.46.5-r4, nghttp2-1.51.0, rsyslog-8.2210.0-r2, ntp-4.2.8_p15-r6, glib-2.74.5

- added 'mktemp' utility from the 'coreutils' package as it supports extra flags which are required by the 'update-ca-certificates' script

- kiosk fix resolved a bug where UEFI component was booting the (old) kiosk system which was installed on the hard drive rather than booting the (new) installation ISO from removable device

- kiosk fix fixed testing of foomatic printer drivers and directly connected printers in the Kiosk Wizard

- new feature start the Xorg session on tty1/VT1 rather than traditionally on VT7 to avoid flipping between VTs (faster and smoother boot experience)

- security fix libvncserver-0.9.14: multiple vulnerabilities #887067

- security fix libvncserver-0.9.14: multiple vulnerabilities #887067

- upgraded to libsecret-0.20.5-r3, libvorbis-1.3.7-r1, speex-1.2.1, libogg-1.3.5-r1, icaclient-23.2.0.10

- upgraded to grub-2.06-r5

Porteus Kiosk version 20230129

- security fix ca-certificates-20211016.3.86: TrustCor removal (CVE-2022-23491) #884805

- upgraded to gcc-12.2.1_p20230121-r1, hwdata-0.366, coreutils-9.1-r2, libICE-1.1.1-r1, libXau-1.0.11, libXdmcp-1.1.4-r2, libxshmfence-1.3.2, libfontenc-1.1.7, libSM-1.2.4, compose-tables-1.8.3, xcb-util-0.4.1, libxkbfile-1.1.2, libXrandr-1.5.3, libXcomposite-0.4.6, libXdamage-1.1.6, libXScrnSaver-1.2.4, libXv-1.0.12, libXres-1.2.2, xset-1.2.5, xrandr-1.5.2, xcompmgr-1.1.9, xinit-1.4.2, curl-7.87.0-r2, libXpm-3.5.14, wayland-1.21.0-r1, xkbcomp-1.4.6, libglvnd-1.6.0, harfbuzz-6.0.0, xlockmore-5.71, xf86-input-elographics-1.4.3, xf86-video-ast-1.1.6, xf86-video-r128-6.12.1, xf86-video-vesa-2.6.0

- security fix mozilla-firefox-102.7.0 Changelog: link

- kiosk fix updated chrome/firefox startup scripts to properly handle '&' characters which may be provided from command line as a part of the URL

Porteus Kiosk version 20230108

- security fix xorg-server-21.1.6 (CVE-2022-4283, CVE-2022-46283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344) #885825

- security fix ncurses-6.3_p20220423: segfaulting OOB read (CVE-2022-29458) #839351

- security fix cairo-1.17.6: buffer overwrite vulnerability (CVE-2020-35492) #777123

- security fix glib-2.74.4: Multiple vulnerabilities #887807

- security fix sqlite-3.40.1: insufficient sandboxing of "safe" script execution (CVE-2022-46908) #886029

- security fix curl-7.87.0: multiple vulnerabilities (CVE-2022-43551, CVE-2022-43552) #887745

- upgraded to timezone-data-2022g, libpng-1.6.39, elfutils-0.188, libxcrypt-4.4.28-r2, util-linux-2.38.1, systemd-utils-251.10, shadow-4.13-r1, gmmlib-22.3.0, pciutils-3.9.0, mesa-22.2.5, imlib2-1.9.1-r1, xlockmore-5.69, pango-1.50.12, gtk+-3.24.35, sshpass-1.09

- upgraded to google-chrome-108.0.5359.124-r1

- upgraded to libidn2-2.3.4, libpsl-0.21.1-r1

- upgraded to lcms-2.13.1-r3, sane-backends-1.1.1-r13, ghostscript-gpl-10.0.0-r5, perl-5.36.0-r1

Porteus Kiosk version 20221218

- security fix libpcre2-10.40: multiple vulnerabilities (CVE-2022-1586, CVE-2022-1587) #845195

- security fix curl-7.86.0: multiple vulnerabilities (CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916) #878365

- upgraded to libffi-3.4.4, timezone-data-2022f-r1, libmnl-1.0.5, libbsd-0.11.7, nettle-3.8.1, openssl-1.1.1s, coreutils-9.1-r1, zlib-1.2.13-r1, ntp-4.2.8_p15-r1, gnutls-3.7.8, libjpeg-turbo-2.1.4, tiff-4.4.0-r2, rsyslog-8.2210.0-r1, xfsprogs-6.0.0, libxml2-2.10.3-r1, libxslt-1.1.37-r1, libpciaccess-0.17, gdk-pixbuf-2.42.10-r1, pixman-0.42.2, libevdev-1.13.0, libwacom-2.5.0, xkeyboard-config-2.37, libXau-1.0.10, libdrm-2.4.114, libxshmfence-1.3.1, libfontenc-1.1.6, libXfont2-2.0.6, xcb-util-renderutil-0.3.10, xcb-util-keysyms-0.4.1, xcb-util-wm-0.4.2, libXext-1.3.5, libXrender-0.9.11, libxkbfile-1.1.1, libXmu-1.1.4, libXft-2.3.6, libXinerama-1.1.5, libglvnd-1.5.0, libXxf86vm-1.1.5, imlib2-1.7.5-r1, libXtst-1.2.4, libXaw3d-1.6.4, xsetroot-1.1.3, systemd-utils-251.8-r1, llvm-15.0.5, mesa-22.2.3, xcb-util-image-0.4.1, xcb-util-cursor-0.1.4

- upgraded to libnl-3.7.0

- upgraded to python-3.8.16, net-snmp-5.9.3-r1, qpdf-10.6.3-r1, lcms-2.13.1-r2, openjpeg-2.5.0-r4, sane-backends-1.1.1-r7, cups-2.4.2-r6, ghostscript-gpl-10.0.0-r4, poppler-22.11.0-r1

- added poppler-data-0.4.11-r2.tbz2

Porteus Kiosk version 20221204

- upgraded to linux-5.15.81, intel-microcode-20221108_p20221102

- major Chrome upgrade upgraded to google-chrome-108.0.5359.94

- kiosk fix revomed obsolete Chrome flags which are no longed needed for hardware video decode

- kiosk fix keep the 'mesa-amber' EGL vendor config empty otherwise modesetting driver cannot be used with upgraded 'mesa' package

Porteus Kiosk version 20221120

- security fix ntfs3g-2022.10.3: code execution via malicious filesystem (CVE-2022-40284) #878885

- security fix nss-3.79.2: tstclnt crash when accessing gnutls server without user cert #877169

- security fix curl-7.85.0: control code in cookie denial of service (CVE-2022-35252) #867679

- upgraded to timezone-data-2022f, hwdata-0.364, libpng-1.6.38, zstd-1.5.2-r3, elfutils-0.187-r2, libcap-2.66, acpid-2.0.34, libva-2.16.0, libva-utils-2.16.0, libva-intel-driver-2.4.1-r4, libva-intel-media-driver-22.5.4, feh-3.9.1, stunnel-5.64-r2, rsyslog-8.2208.0-r1, iptables-1.8.8-r5, glibc-2.36-r5, ca-certificates-20211016.3.83, lm-sensors-3.6.0-r1, gmmlib-22.2.1, glib-2.74.1-r1, libwacom-2.4.0, xf86-input-wacom-1.1.0, conky-1.13.1, gdk-pixbuf-2.42.10, harfbuzz-5.3.1-r1, pango-1.50.11, librsvg-2.55.1, at-spi2-core-2.46.0, adwaita-icon-theme-43_p1

- added c-ares-1.18.1

- security fix mozilla-firefox-102.5. Changelog: link

- security fix freerdp-2.9.0: multiple vulnerabilities (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-39347, CVE-2022-41877) #8815225

- upgraded to libgpg-error-1.46-r1, libgcrypt-1.10.1-r2, libsoup-2.74.3

- security fix ghostscript-gpl-9.56.1: null pointer dereference (CVE-2022-2085) #852944

- upgraded to lcms-2.13.1-r1, perl-5.34.1-r4, pnm2ppa-1.13-r2

Porteus Kiosk version 20221030

- upgraded to expat-2.5.0, nspr-4.35, imlib2-1.7.5, e2fsprogs-1.46.5-r3, xfsprogs-5.18.0-r1, libxml2-2.10.3

- upgraded to freerdp-2.8.1

Porteus Kiosk version 20221016

- upgraded to linux-5.15.74

- security fix this release fixes several critically important wifi stack vulnerabilities in the linux kernel: link

- kernel config: added DRM driver for Hyper-V Gen2 VMs. Gen1 machines cause troubles and still default to the framebuffer driver. DRM driver offers much faster 2D scrolling and allows setting a custom screen resolution (you are not longer forced to use FullHD resolution).

- upgraded to sqlite-3.39.4, libxml2-2.10.2, libxslt-1.1.37, gmmlib-22.1.8, lua-5.3.6-r102, libva-intel-driver-2.4.1-r3, cairo-1.16.0-r6, librsvg-2.54.4-r1, gtk+-3.24.34-r1, gtk+-2.24.33-r2

- upgraded to libsodium-1.0.18_p20220618

- upgraded to liberation-fonts-2.1.5

Porteus Kiosk version 20221002

- upgraded to sysvinit-3.05, expat-2.4.9, zstd-1.5.2-r2, userspace-rcu-0.13.2, nss-3.79.1, systemd-utils-251.4-r2, rsyslog-8.2206.0-r1

- security fix mozilla-firefox-102.3. Changelog: link

- upgraded to libvncserver-0.9.13-r1, libssh-0.10.4

Porteus Kiosk version 20220918

- upgraded to bzip2-1.0.8-r3, timezone-data-2022c, hwdata-0.361, dmidecode-3.4, zstd-1.5.2-r1, attr-2.5.1-r2, libcap-2.65, kmod-30, nspr-4.34.1, systemd-utils-251.4-r1, ca-certificates-20211016.3.80, inih-56-r1, iptables-1.8.8-r4, libnotify-0.8.1, libva-2.15.0, libva-utils-2.15.0, libva-intel-media-driver-22.4.4, freetype-2.12.1-r1, harfbuzz-5.1.0, pango-1.50.9

- upgraded to libidn2-2.3.3, libgcrypt-1.9.4-r2, remmina-1.4.27, libdbusmenu-16.04.0-r2

- security fix cups-2.4.2: Bad certificate verification for local authorisation (CVE-2022-26691) #847625

- security fix poppler-22.09.0: JBIG2 integer overflow to code execution (CVE-2021-30860, CVE-2022-38784) #867958

- upgraded to libidn-1.41, net-snmp-5.9.3, openjpeg-2.5.0-r2, ghostscript-gpl-9.55.0-r2

Porteus Kiosk version 20220904

- added missing wireless firmware: iwlwifi-Qu-c0-jf-b0-66.ucode

- security fix zlib-1.2.12-r3: buffer overread in inflateGetHeader() (CVE-2022-37434) #863851

- security fix gnutls-3.7.7: Double free in PKCS7 signature verification (CVE-2022-2509) #861803

- security fix libtasn1-4.19.0: Out of bounds read #866237

- upgraded to libffi-3.4.2-r2, timezone-data-2022a, shadow-4.12.3, html-xml-utils-7.8-r1, gmmlib-22.1.7, dbus-1.14.0-r4, lua-5.3.6-r5, glib-2.72.3, wmctrl-1.07-r3, freetype-2.12.1, pango-1.50.8

- new feature 'homepage_append=' parameter will properly add requested info to homepage URLs which already have the query arguments, sample: "https://domain.com?argument=1" becomes "https://domain.com?argument=1&kiosk=hostname"

Porteus Kiosk version 20220814

- upgraded to linux-5.15.60, intel-microcode-20220809_p20220809

- kernel config: enabled bluetooth support, userspace still needs the firmware and bluetooth manager application for pairing devices (must be added through the ISO customization)

- major Chrome upgrade upgraded to google-chrome-104.0.5112.79-r1

- kiosk fix disabled autoupdate of Chrome internal components (e.g. widevine plugin) as without persistence enabled it causes the updated components to be downloaded during every session restart

- kiosk fix disabled 'Share this page' button in the Chrome URL's bar

- kiosk fix disabled 'Bookmark this tab' button in the Chrome URL's bar

- new feature added support for 'MD5' authentication protocol in 802.1x wired networks ('wired_authentication=eapol' parameter)

Porteus Kiosk version 20220806

- security fix openssl-1.1.1q broken AES-OCB encryption on x86 (CVE-2022-2097) #856592

- security fix sqlite-3.39.2: buffer overflow (CVE-2022-35737) #863431

- security fix rsyslog-8.2206.0: Potential heap buffer overflow in TCP syslog server (receiver) components (CVE-2022-24903) #842846

- security fix logrotate-3.20.0: Unprivileged DoS via state file (CVE-2022-1348) #847382

- security fix xorg-server-21.1.4 security stabilisation #858140

- upgraded to glibc-2.35-r8, alsa-lib-1.2.7.2, alsa-ucm-conf-1.2.7.2, alsa-utils-1.2.7-r1, alsa-plugins-1.2.7.1, libxcrypt-4.4.28-r1, wget-1.21.3-r1, stunnel-5.64-r1, libxcb-1.15-r1, compose-tables-1.8.1, libX11-1.8.1, gmmlib-22.1.4, pciutils-3.8.0-r1, xmodmap-1.0.11, xev-1.2.5, libxcvt-0.1.2, libdrm-2.4.112, xcb-util-cursor-0.1.3-r4, wayland-1.21.0, libepoxy-1.5.10-r1, mesa-progs-8.5.0, tigervnc-1.12.0-r7, harfbuzz-4.4.1, xf86-input-synaptics-1.9.2, xf86-video-mga-2.0.1

- kiosk fix properly handle the URLs containing the '&' character when browser is started by another app (e.g. Zoom's authorization through Google) or from the command line

Porteus Kiosk version 20220724

- upgraded to linux-5.15.55

- kernel config: enabled ASUS WMI driver, enabled hardware monitoring support for NVME bus so device temperatures can be viewed in the debug log or by executing the 'sensors' command over SSH

- major Firefox ESR release mozilla-firefox-102.0.1 changelog: 92.0 93.0 94.0 95.0 96.0 97.0 98.0 99.0 100.0 101.0 102.0

- kiosk fix disabled autoupdate of Firefox plugins. Without persistence enabled it causes the updated plugins to be downloaded during every session restart.

- kiosk fix fixed a bug where Firefox would not open on an entire screen when running with navigation bar disabled and was restarted from Porteus Kiosk Server or over SSH ('killall firefox' command)

- kiosk fix disabled 'Open previous tabs' popup which appears in the Firefox browser when persistence is enabled and the kiosk PC is rebooted or powered off (unclean shutdown)

- kiosk fix hide the PDF download button in the Firefox's PDF viewer when downloads are disabled in the system

- new feature added support for downloading components and updates from our domian mirrors. System installation and update time should be shorter now. Please ensure that your company network allows connecting to the mirror servers - update/reconfiguration process will notify about this when needed.

Porteus Kiosk version 20220710

- security fix curl-7.84.0: multiple vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208) #854708

- upgraded to traceroute-2.1.0-r2, elfutils-0.187, acpid-2.0.33, rsync-3.2.4-r3, nspr-4.34, tiff-4.4.0, systemd-utils-250.7, nghttp2-1.47, rsyslog-8.2112.0-r1, dbus-1.12.22-r2, gmmlib-22.1.3, glib-2.72.2, libinput-1.21.0-r1, libnotify-0.7.12, libva-intel-media-driver-22.4.3, fontconfig-2.14.0-r1, harfbuzz-4.3.0, librsvg-2.54.4

- security fix mozilla-firefox-91.11.0. Changelog: link

Porteus Kiosk version 20220619

- security fix pacparser-1.4.0: Memory overwrite vulnerability #844736

- security fix zlib-1.2.12-r2: security stabilisation #836303

- upgraded to upgraded to glibc-2.34-r13, libffi-3.4.2-r1, libltdl-2.4.7, gnutls-3.7.6, libfastjson-0.99.9-r1, libestr-0.1.11-r1, sqlite-3.38.5, rsyslog-8.2112.0, libxcb-1.15, xkeyboard-config-2.36, libxkbcommon-1.4.1, libdrm-2.4.111, llvm-14.0.4, mesa-22.0.5, mesa-amber-21.3.9, harfbuzz-4.2.1, xorg-server-21.1.3-r3, tigervnc-1.12.0-r6, xf86-input-libinput-1.2.1, adwaita-icon-theme-42.0_p2

- upgraded to wireless-regdb-2022060, ppp-2.4.9-r8

- added tcl-8.6.12

- upgraded to libgpg-error-1.45, vte-0.68.0

- upgraded to perl-5.34.1-r3, qpdf-10.6.3, python-3.8.13, poppler-22.05.0, lcms-2.13.1

Porteus Kiosk version 20220605

- upgraded to linux-5.15.44, intel-microcode-20220510_p20220508

- kernel config: added support for storage devices formatted with an exFAT filesystem

- security fix rsync-3.2.4: Vulnerability in bundled zlib #838724

- security fix libxml2-2.9.14: Integer overflows in xmlBuf and xmlBuffer #842261

- security fix ntfs3g-2022.5.17 multiple vulnerabilities (CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789) #847598

- upgraded to expat-2.4.8, libbsd-0.11.6, userspace-rcu-0.13.1, sqlite-3.38.3, nss-3.68.4, libjpeg-turbo-2.1.3, fribidi-1.0.12, atk-2.38.0, glib-2.72.1, pango-1.50.7, at-spi2-core-2.44.1, librsvg-2.54.3, gtk+-3.24.34, adwaita-icon-theme-42.0, libusb-1.0.26

- added systemd-utils-250.6

- removed udev-249.6-r2

Porteus Kiosk version 20220522

- security fix openssl-1.1.1o: Multiple vulnerabilities #842489

- security fix ncurses-6.3_p20220423: segfaulting OOB read (CVE-2022-29458) #839351

- upgraded to sqlite-3.38.2, compose-tables-1.7.5, libX11-1.7.5, libXcursor-1.2.1, curl-7.83.1, dbus-1.12.22-r1, libevdev-1.12.1, xkeyboard-config-2.35.1, libxkbcommon-1.4.0, setxkbmap-1.3.3, libdrm-2.4.110, e2fsprogs-1.46.5-r1, libva-2.14.0, mesa-22.0.3, libepoxy-1.5.10, libva-intel-media-driver-22.3.1, xorg-server-21.1.3-r2, xf86-video-amdgpu-22.0.0, tigervnc-1.12.0-r5, hwdata-0.358, wget-1.21.3, pciutils-3.8.0, libtasn1-4.18.0, inih-55, libva-utils-2.14.0, libcap-2.64

- added mesa-amber-21.3.8, libunwind-1.6.2

- security fix mozilla-firefox-91.9.1. Changelog: link

- security fix libpcre2-10.40: multiple vulnerabilities (CVE-2022-1586, CVE-2022-1587) #845195

- security fix freerdp-2.7.0: multiple vulnerabilities (CVE-2022-24882, CVE-2022-24883) #842231

- security fix openssh-8.9_p1-r2: Command injection via scp (CVE-2020-15778) #733802

Porteus Kiosk version 20220508

- upgraded to intel-microcode-20220419_p20220421

- kernel config: compiled 'vmd' driver directly into kernel to allow booting from the NVME drives which are managed by the VDM controller

- major Chrome upgrade upgraded to google-chrome-101.0.4951.54

WARNING: if you use 'browser_preferences=' parameter then you may need to update your preferences file as number of Chrome policies have been depreciated in Chrome 101:

ExtensionInstallWhitelist replaced by ExtensionInstallAllowlist

ExtensionInstallBlacklist replaced by ExtensionInstallBlocklist

URLWhitelist replaced by URLAllowlist

URLBlacklist replaced by URLBlocklist

- kiosk fix disabled 'show side panel' button on Chrome UI by default

Porteus Kiosk version 20220501

- security fix libinput-1.20.1: format string vulnerability when using xf86-input-libinput (CVE-2022-1215) #839729

- security fix freetype-2.12.0: multiple vulnerabilities (CVE-2022-27404, CVE-2022-27405, CVE-2022-27406) #840224

- upgraded to ncurses-6.3_p20211106, alsa-topology-conf-1.2.5.1, alsa-ucm-conf-1.2.6.3, alsa-lib-1.2.6.1, alsa-utils-1.2.6, alsa-plugins-1.2.6, sqlite-3.38.1, dhcpcd-9.4.1, gmmlib-22.1.2, harfbuzz-3.4.0-r1, xf86-video-vmware-13.3.0-r1

- kiosk fix whitelist 'zoommtg' protocol for Chrome by default otherwise zoom connections cannot be established using the web client

- upgraded to libpcre2-10.39-r1, shared-mime-info-2.2, freerdp-2.6.1, remmina-1.4.25

Porteus Kiosk version 20220410

- upgraded to linux-5.15.33

- security fix nss-3.68.3: Memory safety issues with PKCS#11 tokens #836386

- upgraded to libpcre-8.45-r1, sysvinit-3.01, sqlite-3.38.0, curl-7.79.1-r1, libplatform-2.1.0.1-r2, libvdpau-1.5, iptables-1.8.7-r2, freetype-2.11.1

- added traceroute-2.1.0-r1

- security fix mozilla-firefox-91.8.0. Changelog: link

- upgraded to wireless-regdb-20220408

Tagged as Porteus Kiosk 5.4.0 release

Main features of this release are listed here.

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

Porteus Kiosk version 20220326

- security fix mozilla-firefox-91.7.1. Changelog: link

- kiosk fix switching to a secondary keyboard layout will no longer allow using keyboard combinations which are blocked in the system by default

- new feature added support for remote config URLs which contains an append parameters, e.g. https://domain.com/kiosk-config.php?device=nuc&sound=0.3

Porteus Kiosk version 20220320

- security fix openssl-1.1.1n: infinite loop when using invalid curve parameters in BN_mod_sqrt() (CVE-2022-0778) #835343

- upgraded to expat-2.4.7, libcap-2.63, nss-3.68.2-r1, gnutls-3.7.3-r1, fribidi-1.0.11, glib-2.70.4, at-spi2-core-2.42.0, mesa-21.3.7, libva-intel-media-driver-22.1.0-r1, xorg-server-21.1.3-r1, pango-1.50.4, librsvg-2.52.6, pangomm-2.46.2, gtk+-3.24.31, adwaita-icon-theme-41.0

- security fix mozilla-firefox-91.7.1. Changelog: link

- upgraded to wpa_supplicant-2.10-r1

- upgraded to vte-0.66.2

- upgraded to qpdf-10.5.0, sane-backends-1.1.1-r2, poppler-22.01.0

- upgraded to libsecret-0.20.5, icaclient-22.3.0.24

Porteus Kiosk version 20220312

- major kernel upgrade upgraded to linux-5.15.28

- upgraded to sof-firmware-1.9.3-r1

Porteus Kiosk version 20220305

- security fix gnutls-3.7.3: Memory corruption in gnutls_x509_trust_list_verify_crt2() (GNUTLS-SA-2022-01-17) #831573

- security fix libxml2-2.9.13: multiple vulnerabilities (CVE-2022-23308) #833809

- security fix libxslt-1.1.35: use-after-free in xsltApplyTemplates (CVE-2021-30560) #833508

- upgraded to timezone-data-2021e, hwdata-0.354, zstd-1.5.2, expat-2.4.6, libxcrypt-4.4.27, openssl-1.1.1m, ntfs3g-2021.8.22-r3, gmmlib-22.0.2, logrotate-3.19.0, libva-intel-media-driver-22.1.0

- added libcec-6.0.2, libplatform-2.1.0.1-r1

- major Chrome upgrade upgraded to google-chrome-98.0.4758.102

- kiosk fix disabled 'share this page' button on the Chrome's URL bar by default

Porteus Kiosk version 20220219

- upgraded to linux-5.10.101, intel-microcode-20220207_p20220207

- security fix util-linux-2.37.4: Partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline (CVE-2022-0563) #833365

- upgraded to nspr-4.33, mtr-0.95, libICE-1.0.10-r1, libXdmcp-1.1.3-r1, mesa-21.3.5

- security fix mozilla-firefox-91.6.0. Changelog: link

- kiosk fix Firefox browser will open URLs which require domain authentication without asking for an user confirmation

Porteus Kiosk version 20220206

- security fix expat-2.4.4: multiple vulnerabilities (CVE-2022-23852, CVE-2022-23990) #831918

- security fix util-linux-2.37.3: multiple vulnerabilities (CVE-2021-3995, CVE-2021-3996) #831978

- security fix shadow-4.11.1: TOCTOU race condition in usermod/userdel (CVE-2013-4235) #830486

- upgraded to sqlite-3.37.2, nss-3.68.2, gmmlib-21.3.5, libinput-1.19.3, elogind-246.10-r2, libva-intel-media-driver-21.4.3, harfbuzz-3.2.0, gtk+-3.24.30, glib-2.70.2

- new feature if default GPU driver fails during the Xorg server initialization then automatically use other drivers in the following order: modesetting, fbdev, vesa until the desktop is started properly

- upgraded to json-glib-1.6.6-r1, libsoup-2.74.2, remmina-1.4.23-r1

Porteus Kiosk version 20220123

- security fix expat-2.4.3: multiple vulnerabilities (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) #830422

- upgraded to glibc-2.33-r7, compose-tables-1.7.3, libX11-1.7.3, wget-1.21.2, libevdev-1.12.0, libglvnd-1.4.0, libdrm-2.4.109, wayland-1.20.0, libva-2.13.0-r2, mesa-21.3.4, feh-3.7.2, xorg-server-21.1.3

- added libxcrypt-4.4.25-r1, libxcvt-0.1.1

- security fix mozilla-firefox-91.5.0. Changelog: link

- security fix libgcrypt-1.9.4: ElGamal plaintext recovery (CVE-2021-40528) #811900

- upgraded to libidn-1.38-r1, perl-5.34.0-r6, qpdf-10.4.0, sane-backends-1.0.32, cups-2.3.3_p2-r3, ghostscript-gpl-9.55.0-r1, poppler-21.11.0, cups-filters-1.28.10-r1, foomatic-db-engine-4.0.12-r1, python-3.8.12_p1-r1, dbus-python-1.2.18, hplip-3.21.10

Porteus Kiosk version 20220109

- upgraded to e2fsprogs-libs-1.46.4-r1, ethtool-5.15, elfutils-0.186, libcap-2.62, xfsprogs-5.14.2, shadow-4.9-r4, gcc-11.2.0

- added userspace-rcu-0.13.0

- security fix openssh-8.8_p1: Multiple vulnerabilities #815010

Porteus Kiosk version 20211219

- use native 'vboxvideo' driver instead of 'vesafb' for displaying the splash screen when booting on the VirtualBox platform

- use 'vesafb' driver for displaying the splash screen when the proprietary nVidia driver is available in the system (custom builds only)

- kiosk fix mainstain firmware symlinks according to the WHENCE file

- security fix ntfs3g-2021.8.22: Multiple vulnerabilities (CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263) #811156

- upgraded to libmd-1.0.4, libpciaccess-0.16-r1, gmmlib-21.3.3, libwacom-1.12, harfbuzz-3.1.1, udev-249.6-r2, pciutils-3.7.0-r2, usbutils-014-r1, gmp-6.2.1-r2, openssl-1.1.1l-r1, xdotool-3.20211022.1, mesa-21.2.6, imlib2-1.7.1-r2, xorg-server-1.20.14

- added hwdata-0.353

- removed hwids-20210613-r2

- upgraded to google-chrome-96.0.4664.110

- security fix mozilla-firefox-91.4.0. Changelog: link

- upgraded to ppp-2.4.9-r5, wpa_supplicant-2.9-r8

- upgraded to remmina-1.4.21, libpcre2-10.39

- upgraded to openssh-8.7_p1-r3

Porteus Kiosk version 20211128

- security fix rsync-3.2.3-r5: improper TLS validation in rsync-ssl script (CVE-2020-14387) #792576

- upgraded to dbus-1.12.20-r4, hwids-20210613-r2, libva-2.13.0-r1, libva-utils-2.13.0, libva-intel-media-driver-21.3.5

- added udev-249-r3

- removed eudev-3.2.10-r1

- major Chrome upgrade upgraded to google-chrome-96.0.4664.45

Porteus Kiosk version 20211114

- upgraded to ncurses-6.2_p20210619, nspr-4.32, nss-3.70, libXi-1.8, libxslt-1.1.34-r2, nghttp2-1.45.1-r1, shadow-4.9-r3, llvm-13.0.0, gmmlib-21.3.1, libglvnd-1.3.4, libxkbcommon-1.3.1, xkeyboard-config-2.34, libinput-1.19.2, mesa-21.2.5, libepoxy-1.5.9-r1, libva-intel-driver-2.4.1-r1, mesa-progs-8.4.0-r1, cairo-1.16.0-r5, libXft-2.3.4, libXfont2-2.0.5, pango-1.48.10-r1, xf86-input-libinput-1.2.0, xf86-video-amdgpu-21.0.0

- security fix mozilla-firefox-91.3.0. Changelog: link

- upgraded to freerdp-2.4.1-r1

Porteus Kiosk version 20211030

- upgraded to linux-5.10.76

Tagged as Porteus Kiosk 5.3.0 release

Wizard 5.3.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

Porteus Kiosk version 20211016

- upgraded to linux-5.10.73

- security fix libjpeg-turbo-2.1.1: Out of bounds read (CVE-2021-37972) #814206

- security fix curl-7.79.0: Multiple vulnerabilities (CVE-2021-22945, CVE-2021-22946, CVE-2021-22947) #813270

- upgraded to e2fsprogs-libs-1.46.4, e2fsprogs-1.46.4, compose-tables-1.7.2-r1, mtr-0.94-r1, nghttp2-1.44.0-r1, shadow-4.9-r2, gmmlib-21.2.1, xdotool-3.20210903.1, stunnel-5.59, util-linux-2.37.2-r1, libusb-1.0.24-r2, pciutils-3.7.0-r1, usbutils-014, glib-2.68.4, libgudev-237-r1, libnotify-0.7.9-r1, freetype-2.11.0-r1, harfbuzz-2.9.1, pango-1.48.10

- security fix mozilla-firefox-91.2.0. Changelog: link

- security fix libssh-0.9.6: Heap buffer overflow (CVE-2021-3634) #810517

- security fix libgcrypt-1.8.8: ElGamal sidechannel leak (CVE-2021-33560) #795480

- upgraded to libidn2-2.3.2, shared-mime-info-2.1, remmina-1.4.20-r1

- security fix ghostscript-gpl-9.54.0-r1: arbitrary code execution vulnerability (CVE-2021-3781) #812509

- security fix perl-5.34.0-r2: perl-core/Encode-3.120: Encode.pm loads code from outside expected @INC (CVE-2021-36770) #807307

- upgraded to net-snmp-5.9.1-r1, gutenprint-5.3.4-r2

Porteus Kiosk version 20211002

- added libinput-1.18.1, xf86-input-libinput-1.1.0

Porteus Kiosk version 20210918

- upgraded to linux-5.10.63, intel-microcode-20210608_p20210830

- major Chrome upgrade upgraded to google-chrome-93.0.4577.82

- major Firefox ESR release mozilla-firefox-91.1.0 changelog: 79.0 80.0 81.0 82.0 83.0 84.0 85.0 86.0 87.0 88.0 89.0 90.0 91.0

- *removed* as Firefox 91 ESR do not support flash NPAPI plugin anymore. Flash standalone applications can be still supported through the customized kiosk builds.

Porteus Kiosk version 20210828

- security fix openssl-1.1.1l: multiple vulnerabilities (CVE-2021-3711, CVE-2021-3712) #809980

- upgraded to libxdg-basedir-1.2.3, libbsd-0.11.3, eudev-3.2.10-r1, libxml2-2.9.12-r5, dbus-1.12.20-r3, dbus-glib-0.112, at-spi2-core-2.40.3, libwacom-1.11, libva-2.12.0, mesa-21.1.7, libva-utils-2.12.0, harfbuzz-2.8.2-r1, pango-1.48.7-r1, imlib2-1.6.1-r2

- security fix mozilla-firefox-78.13.0. Changelog: link

- upgraded to usb_modeswitch-2.6.1

Porteus Kiosk version 20210814

- security fix curl-7.78.0: Multiple vulnerabilities (CVE-2021-22922, CVE-2021-22923, CVE-2021-22925, CVE-2021-22926) #803308

- upgraded to upgraded to kmod-29, llvm-12.0.1, libtasn1-4.17.0, gnutls-3.7.2, libdrm-2.4.107, xkeyboard-config-2.33, mesa-21.1.6, xorg-server-1.20.13-r1, conky-1.12.2, tigervnc-1.9.0-r2

- upgraded to libpcre2-10.37-r2, libsodium-1.0.18_p20210617, freerdp-2.3.2, remmina-1.4.20

- added libappindicator-12.10.1_p20200706, libdbusmenu-16.04.0-r1

Porteus Kiosk version 20210731

- upgraded to cronbase-0.3.7-r8, zstd-1.5.0, openssl-1.1.1k-r1, util-linux-2.36.2-r1, libpcre-8.45, procps-3.3.17-r1, nghttp2-1.43.0-r2, shadow-4.8.1-r4, logrotate-3.18.1-r1

- upgraded to perl-5.34.0, libidn-1.37, libpaper-1.1.28, qpdf-10.3.2, net-snmp-5.9-r5, cups-2.3.3_p2-r2, poppler-21.07.0

Porteus Kiosk version 20210718

- security fix glibc-2.33-r1: Use-after-free in mq_notify (CVE-2021-33574) #792261

- upgraded to elfutils-0.185, libdrm-2.4.106, libX11-1.7.2, llvm-12.0.0, mesa-21.1.4, at-spi2-core-2.40.2, glib-2.68.3-r1, pango-1.48.7, librsvg-2.50.7

- upgraded to ppp-2.4.9-r4

- upgraded to remmina-1.4.18, vte-0.64.2

- upgraded to libogg-1.3.5

Porteus Kiosk version 20210703

- upgraded to timezone-data-2021a-r1, sqlite-3.35.5, hwids-20210613-r1, libjpeg-turbo-2.1.0-r2

- upgraded to wvstreams-4.6.1_p14-r2, ppp-2.4.9-r3

- upgraded to x11vnc-0.9.16-r7

Porteus Kiosk version 20210620

- upgraded to linux-5.10.45, intel-microcode-20210608_p20210608

- upgraded to elfutils-0.184, glib-2.68.2-r1, libxml2-2.9.12-r3, hwids-20210613, nghttp2-1.41.0-r2, curl-7.77.0-r1, pango-1.48.5-r1

- major Chrome upgrade upgraded to google-chrome-91.0.4472.114

- upgraded to wpa_supplicant-2.9-r5

- upgraded to libidn2-2.3.1, libgpg-error-1.42, libsoup-2.72.0-r1, opus-1.3.1-r2

- upgraded to icaclient-21.3.0.38

Porteus Kiosk version 20210606

- security fix libX11-1.7.1: missing request length checks (CVE-2021-31535) #790824

- security fix curl-7.77.0: multiple vulnerabilities (CVE-2021-22898, CVE-2021-22901) #792192

- upgraded to glibc-2.33, alsa-topology-conf-1.2.4, alsa-ucm-conf-1.2.4, expat-2.4.1, attr-2.5.1, zlib-1.2.11-r4, alsa-lib-1.2.4, libdrm-2.4.105, ca-certificates-20210119.3.66, libxml2-2.9.12-r2, glib-2.68.2, shadow-4.8.1-r3, rsync-3.2.3-r4, wget-1.21.1, libwacom-1.9, xkeyboard-config-2.32, nss-3.63.1-r1, alsa-utils-1.2.4, libxkbcommon-1.3.0, libXfixes-6.0.0, libjpeg-turbo-2.1.0-r1, libglvnd-1.3.3, xkbcomp-1.4.5, libXres-1.2.1, libXaw-1.0.14, gdk-pixbuf-2.42.6, at-spi2-core-2.40.1, elogind-246.10-r1, mesa-21.0.3, harfbuzz-2.8.1, pango-1.48.5, xf86-input-wacom-0.40.0, gtk+-3.24.29, gtk+-2.24.33, libcap-2.49, adwaita-icon-theme-40.1.1m, tiff-4.3.0

- security fix mozilla-firefox-78.11.0. Changelog: link

- upgraded to wireless-regdb-20210421

- upgraded to libpcre2-10.36-r1, usbredir-0.9.0, libsoup-2.72.0, vte-0.64.1

- security fix openssh-8.6_p1: theoretical sandbox escape in rare logging configuration #784896

- upgraded to lcms-2.12, qpdf-10.3.1, net-snmp-5.9-r3, sane-backends-1.0.31-r2, poppler-21.05.0, perl-5.32.1

Porteus Kiosk version 20210523

- upgraded to linux-5.10.38, intel-microcode-20210216_p20210514, sof-firmware-1.6.1

- upgraded to dmidecode-3.3, sysvinit-2.99, inih-53, e2fsprogs-libs-1.46.2, libxml2-2.9.12, gnutls-3.7.1, iptables-1.8.7, dhcpcd-9.4.0-r1, usbutils-013-r1, ntfs3g-2017.3.23.5-r1, e2fsprogs-1.46.2, conky-1.12.1-r1

Porteus Kiosk version 20210509

- security fix curl-7.76.1: multiple vulnerabilities (CVE-2021-{22876,22890}) #779535

- upgraded to ethtool-5.10, libusb-1.0.24-r1, logrotate-3.18.0, xlockmore-5.66

- upgraded to json-glib-1.6.2, remmina-1.4.13

- upgraded to liberation-fonts-2.1.3

Porteus Kiosk version 20210425

- security fix xorg-server-1.20.11 - Input validation failures in X server XInput extension #782679

- upgraded to sysvinit-2.98-r1, util-linux-2.36.2, rsync-3.2.3-r3, fribidi-1.0.10, xinit-1.4.1-r1, nss-3.63.1, gdk-pixbuf-2.42.4, ca-certificates-20210119.3.64

- added dmidecode-3.2

- upgraded to ppp-2.4.9-r2, usb_modeswitch-2.6.0

- upgraded to x11vnc-0.9.16-r5

Porteus Kiosk version 20210411

- major kernel upgrade upgraded to linux-5.10.29, intel-microcode-20210216_p20210221

- added sof-firmware-1.5.1

- security fix stunnel-5.58: Multiple vulnerabilities (CVE-2021-20230) #772146

- security fix nettle-3.7.2: potential incorrect validation (CVE-2021-20305) #78483

- upgraded to gmp-6.2.1-r1, nspr-4.30, nss-3.63, libfastjson-0.99.9, rsyslog-8.2102.0, pciutils-3.7.0, procps-3.3.17, mesa-20.3.5, gtk+-3.24.26

- security fix mozilla-firefox-78.9.0. Changelog: link

- upgraded to remmina-1.4.12

- security fix openssh-8.5_p1: Double-free in ssh-agent (CVE-2021-28041) #774090

Porteus Kiosk version 20210328

- security fix openssl-1.1.1k: multiple vulnerabilities (CVE-2021-3449, CVE-2021-3450) #777681

- security fix libxml2-2.9.10-r5: Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c (CVE-2020-24977) #749849

- upgraded to bzip2-1.0.8-r1, zstd-1.4.9, libunistring-0.9.10-r1, elfutils-0.183, sqlite-3.34.1, ca-certificates-20210119.3.62, xset-1.2.4-r1, xlockmore-5.65-r1, xsetroot-1.1.2-r1, xrefresh-1.0.6-r1, llvm-11.1.0, xf86-video-qxl-0.1.5_p20200205

- upgraded to libgpg-error-1.41, libgcrypt-1.8.7

Tagged as Porteus Kiosk 5.2.0 release

Main features of this release are listed here.

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

Porteus Kiosk version 20210314

- security fix glibc-2.32-r7: buffer overread in iconv (CVE-2019-25013) #764176

- upgraded to dosfstools-4.2, libdrm-2.4.104, rsync-3.2.3-r2, e2fsprogs-libs-1.45.7, libXt-1.2.1, libevdev-1.11.0, dhcpcd-9.3.4, e2fsprogs-1.45.7, libgudev-234, at-spi2-core-2.38.0, at-spi2-atk-2.38.0, libva-2.10.0, libva-utils-2.10.0, mesa-20.3.4, libepoxy-1.5.5, harfbuzz-2.7.4, xf86-video-nouveau-1.0.17, librsvg-2.50.3, adwaita-icon-theme-3.38

- added gmmlib-20.4.1, libva-intel-media-driver-20.4.5

- security fix mozilla-firefox-78.8.0. Changelog: link

- upgraded to json-glib-1.6.0, vte-0.62.3, remmina-1.4.11

- upgraded to qpdf-10.1.0, poppler-21.02.0

Porteus Kiosk version 20210228

- security fix openssl-1.1.1j: multiple vulnerabilities (CVE-2021-23840, CVE-2021-23841) #769785

- security fix glib-2.66.7: Integer overflow (CVE-2021-27218, CVE-2021-27219, GHSL-2021-045) #768753

- upgraded to timezone-data-2021a, llvm-11.0.1

- upgraded to wireless-regdb-20201120, iw-5.9

- security fix openjpeg-2.4.0: Multiple vulnerabilities (CVE-2019-12973, CVE-2020-15389, CVE-2020-27814, CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27844, CVE-2020-27845) #718918

- upgraded to cups-2.3.3-r2, ghostscript-gpl-9.53.3-r5, cups-filters-1.28.7

Porteus Kiosk version 20210214

- upgraded to glibc-2.32-r6, timezone-data-2020f, feh-3.6.1, kmod-28, eudev-3.2.10, xorg-server-1.20.10-r2, volumeicon-0.5.1-r2, gtkdialog-0.8.3_p20200202

- upgraded to jimtcl-0.78-r2

- upgraded to liberation-fonts-2.1.2

Porteus Kiosk version 20210131

- security fix freetds-1.2.18: Buffer overflow (CVE-2019-13508) #718950

- upgraded to timezone-data-2020e, expat-2.2.10, zlib-1.2.11-r3, tiff-4.2.0, e2fsprogs-libs-1.45.6, libvdpau-1.4, logrotate-3.17.0, lua-5.3.6-r2, dhcpcd-8.1.9-r1, xfsprogs-5.10.0-r1, xlockmore-5.50-r1, e2fsprogs-1.45.6, conky-1.11.6-r2, mesa-20.2.6, xf86-video-intel-2.99.917_p20201215

- added inih-52

- upgraded to ppp-2.4.8-r1

- upgraded to shared-mime-info-2.0-r2, remmina-1.4.10

- upgraded to openssh-8.4_p1-r3

Porteus Kiosk version 20210117

- major Chrome upgrade upgraded to google-chrome-87.0.4280.141

- security fix mozilla-firefox-78.6.1. Changelog: link

- downgraded to adobe-flash-32.0.0.330 as this version still works despite of being EOL-ed by Adobe

Porteus Kiosk version 20210103

- security fix dbus-1.12.20: use after free if duplicate UIDs #755392

- security fix curl-7.74.0: Multiple vulnerabilities (CVE-2020-8284, CVE-2020-8285, CVE-2020-8286) #759259

- security fix gdk-pixbuf-2.42.2: infinite loop in GIF handling (CVE-2020-29385) #759094

- upgraded to glibc-2.32-r3, zstd-1.4.5, gmp-6.2.1, elfutils-0.182, usbutils-013, libjpeg-turbo-2.0.6, feh-3.6, hsetroot-1.0.5

- upgraded to upgraded to lz4-1.9.3

- upgraded to openssh-8.4_p1-r2

- security fix x11vnc-0.9.16-r4: Insecure permissions on shm (CVE-2020-29074) #756841

- upgraded to jbig2dec-0.19, qpdf-10.0.4, poppler-20.11.0, ghostscript-gpl-9.53.3-r4, dymo-cups-drivers-1.4.0-r2, gutenprint-5.3.3-r2, cups-filters-1.28.3

- added libidn-1.36

- upgraded to speex-1.2.0-r2

Porteus Kiosk version 20201213

- upgraded to linux-5.4.82, intel-microcode-20201112_p20201116-r1

- security fix openssl-1.1.1i: Denial of service in X509 parser (CVE-2020-1971) #759079

- security fix xorg-server-1.20.10: Multiple vulnerabilities (CVE-2020-14360, CVE-2020-25712) #757882

- upgraded to timezone-data-2020d, hwids-20201207, libxml2-2.9.10-r4, libXau-1.0.9-r1, libxshmfence-1.3-r2, libevdev-1.10.0, libdrm-2.4.103, xkeyboard-config-2.31, libX11-1.7.0, libxkbcommon-1.0.3, xkbcomp-1.4.4, libXtst-1.2.3-r2, mesa-20.2.4, xf86-video-vesa-2.5.0, adwaita-icon-theme-3.36.1-r1

- added compose-tables-1.7.0

Porteus Kiosk version 20201129

- upgraded to popt-1.18, libpng-1.6.37-r2, sysvinit-2.97, libusb-1.0.23-r1, rsyslog-8.2008.0, llvm-11.0.0, mesa-20.2.3, dbus-1.12.20

- security fix mozilla-firefox-78.5.0. Changelog: link

- security fix libssh-0.9.5: Null pointer dereference (CVE-2020-16135)#734624

Porteus Kiosk version 20201115

- upgraded to linux-5.4.77, intel-microcode-20201110_p20201110

- security fix nss-3.58: Tighten CCS handling for middlebox compatibility mode in TLS 1.3 handshake (CVE-2020-25648) #750254

- upgraded to gcc-9.3.0-r1, glibc-2.32-r2, attr-2.4.48-r4, nspr-4.29, libXfixes-5.0.3-r3, libXrender-0.9.10-r2, libXv-1.0.11-r2, libXinerama-1.1.4-r1, libSM-1.2.3-r1, libXxf86vm-1.1.4-r2, fontconfig-2.13.1-r2

Porteus Kiosk version 20201101

- security fix freetype-2.10.3-r1: Heap buffer overflow in malformed ttf files (CVE-2020-15999) #750275

- upgraded to alsa-topology-conf-1.2.3, alsa-ucm-conf-1.2.3, alsa-lib-1.2.3.2-r1, alsa-utils-1.2.3, rsync-3.2.3-r1, libjpeg-turbo-2.0.5-r2

- upgraded to lcms-2.11, libieee1284-0.2.11-r8, net-snmp-5.9-r2, poppler-0.90.1

Porteus Kiosk version 20201018

- upgraded to linux-5.4.72

- upgraded to libva-intel-driver-2.4.1, elfutils-0.181, nspr-4.28, nss-3.56, libglvnd-1.3.2-r2, acpid-2.0.32-r2, mesa-20.1.10

- security fix mozilla-firefox-78.3.1. Changelog: link

- upgraded to adobe-flash-32.0.0.445

Tagged as Porteus Kiosk 5.1.0 release

Main features of this release are listed here.

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

Porteus Kiosk version 20201004

- upgraded to linux-5.4.69, intel-microcode-20200616_p20200921

- upgraded to sqlite-3.33.0, kmod-27-r2, libxml2-2.9.10-r3, llvm-10.0.1, libglvnd-1.3.2-r1, harfbuzz-2.7.2, libva-2.7.1, mesa-20.1.8

- upgraded to google-chrome-85.0.4183.121

- upgraded to libnl-3.5.0

Porteus Kiosk version 20200920

- security fix gnutls-3.6.15: Null-pointer deref in TLS 1.3 client (CVE-2020-24659) #740390

- upgraded to ethtool-5.8-r1, xcb-util-renderutil-0.3.9-r3, xcb-util-keysyms-0.4.0-r2, xcb-util-wm-0.4.1-r3, xcb-util-0.4.0-r2, xcb-util-image-0.4.0-r2, xcb-util-cursor-0.1.3-r3, xev-1.2.4, libevdev-1.9.1, xf86-video-fbdev-0.5.0-r1, mesa-20.1.7

- added libglvnd-1.3.2, wayland-1.18.0

- upgraded to google-chrome-85.0.4183.102

- upgraded to adobe-flash-32.0.0.433

- upgraded to libogg-1.3.4, libvorbis-1.3.7

Porteus Kiosk version 20200902

- security fix libX11-1.6.12: Double free in locale handling (CVE-2020-14363) #738984

- security fix libxml2-2.9.10: multiple vulnerabilities (CVE-2019-20388, CVE-2020-7595) #710748

- security fix curl-7.72.0: May use wrong connection to submit data if CURLOPT_CONNECT_ONLY (CVE-2020-8231) #737990

- security fix libpcre-8.44: Multiple vulnerabilities (CVE-2019-20838, CVE-2020-14155) #717920

- upgraded to coreutils-8.32-r1, ethtool-5.8, libjpeg-turbo-2.0.5-r1, rsync-3.2.3, procps-3.3.16-r2, iptables-1.8.5, libxslt-1.1.34-r1, shadow-4.8-r5, atk-2.36.0, at-spi2-core-2.36.0, librsvg-2.48.8, gtk+-3.24.22, adwaita-icon-theme-3.36.1, glib-2.64.5, libnotify-0.7.9

- major Chrome upgrade upgraded to google-chrome-85.0.4183.83

- upgraded to libgpg-error-1.38, libgcrypt-1.8.6, libpcre2-10.35, vte-0.60.3

- upgraded to openssh-8.1_p1-r4

Porteus Kiosk version 20200816

- security fix nss-3.55: Multiple vulnerabilities (CVE-2020-12400, CVE-2020-12401, CVE-2020-12403) #734986

- security fix nspr-4.26: Multiple vulnerabilities (CVE-2020-12400, CVE-2020-12401, CVE-2020-12403) #734986

- security fix libX11-1.6.10: Multiple vulnerabilities (CVE-2020-14344) #734974

- security fix libxml2-2.9.10: multiple vulnerabilities (CVE-2019-20388, CVE-2020-7595) #710748

- security fix libxslt-1.1.34: multiple vulnerabilities (CVE-2019-20388, CVE-2020-7595) #710748

- upgraded to glibc-2.31-r6, libffi-3.3-r2, hwids-20200813.1

- security fix freerdp-2.2.0: Integer overflow in rdpegfx channel (CVE-2020-15103) #733328

- upgraded to adobe-flash-32.0.0.414

- security fix jbig2dec-0.18: Buffer overflow in jbig2_image_compose (CVE-2020-12268) #729730

- security fix ghostscript-gpl-9.52: Multiple vulnerabilities (CVE-2020-15900, CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538) #734322

- upgraded to net-snmp-5.8.1_pre1-r1, python-2.7.18-r1, sane-backends-1.0.30-r2

Porteus Kiosk version 20200802

- upgraded to linux-5.4.55

- security fix sqlite-3.32.3-r1: Multiple vulnerabilities #732604

- upgraded to elfutils-0.180, rsync-3.2.2-r1, freetype-2.10.2-r1, rsyslog-8.2004.0, libdrm-2.4.102, libxkbcommon-0.10.0-r1, xkeyboard-config-2.30, cairo-1.16.0-r4, xorg-server-1.20.8-r1

- major Firefox ESR release mozilla-firefox-78.1 changelog: 69.0 70.0 71.0 72.0 73.0 74.0 75.0 76.0 77.0 78.0

- new feature "silent_printing=yes" parameter is working again for the Firefox browser after fixing relevant function by Mozilla

- upgraded to wireless-tools-30_pre9-r1

- upgraded to adobe-flash-32.0.0.403

Porteus Kiosk version 20200718

- upgraded to linux-5.4.52

Porteus Kiosk version 20200711

- security fix curl-7.71.0: Multiple vulnerabilities (CVE-2020-8169, CVE-2020-8177) #729374

- security fix ntp-4.2.8_p15: Memory leak allowing denial of service (CVE-2020-15025) #729458

- upgraded to llvm-10.0.0, nettle-3.6-r2, util-linux-2.35.2, pciutils-3.6.4, usbutils-012, harfbuzz-2.6.7, gtk+-3.24.20

- kiosk fix Remove 'og' permissions from the CUPS usb backed as some printers can not be discovered otherwise.

- security fix perl-5.30.3: multiple vulnerabilities (CVE-2020-10543, CVE-2020-10878, CVE-2020-12723) #723792

- security fix openldap-2.4.50: Denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243) #719960

- upgraded to net-snmp-5.8-r5, python-2.7.18, dbus-python-1.2.16, poppler-0.88.0-r1, cups-filters-1.27.4, cups-2.3.3-r1

Porteus Kiosk version 20200628

- upgraded to linux-5.4.49, intel-microcode-20200616_p20200617

- security fix dbus-1.12.18: Denial of service via file descriptor leak (CVE-2020-12049) #727104

- security fix libjpeg-turbo-2.0.4-r1 Buffer overflow in get_rgb_row() via malformed PPM file (CVE-2020-13790) #727010

- upgraded to html-xml-utils-7.7, rsync-3.2.0-r1, iw-5.4, pixman-0.40.0, mesa-20.0.8, xorg-server-1.20.8

- kiosk fix start the "hide mouse" process with a 5 second delay to have the Xorg session fully set

- security fix libvncserver-0.9.13: Multiple vulnerabilities (CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405) #728594

- upgraded to remmina-1.4.5

- security fix libvncserver-0.9.13: Multiple vulnerabilities (CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405) #728594

Porteus Kiosk version 20200614

- upgraded to linux-5.4.46, intel-microcode-20200609_p20200601

- security fix gnutls-3.6.14: Flaw in TLS session ticket key construction (CVE-2020-13777)#727108

- security fix nss-3.52.1: Timing attack on DSA signatures (CVE-2020-12399)#726842

- upgraded to pacparser-1.3.7-r1, libtasn1-4.16.0, ca-certificates-20200601.3.53, xf86-video-intel-2.99.917_p20200515

- upgraded to google-chrome-83.0.4103.97

- critical security fix mozilla-firefox-68.9.0. Changelog: link

- kiosk fix 'shutdown_menu=' parameter: activate lock function only when session or root password are set

- thinclient fix create pty nodes by default as they are needed for Remmina SSH connection

- upgraded to freerdp-2.1.1-r1

- upgraded to adobe-flash-32.0.0.387

- upgraded to icaclient-20.04.0.21

- kiosk fix ctxusb daemon is disbled by default as some users experience random session disconnects because of it

Porteus Kiosk version 20200531

- upgraded to linux-5.4.43, intel-microcode-20200508_p20200508

- upgraded to harfbuzz-2.6.5, conky-1.10.8-r9

- major Chrome upgrade upgraded to google-chrome-83.0.4103.61

- kiosk fix disabled Ctrl+Shift+d keyboard shortcut by default

- security fix freerdp-2.1.1: Multiple vulnerabilities (CVE-2020-13396, CVE-2020-13397, CVE-2020-13398)#724380

- upgraded to remmina-1.4.3

Porteus Kiosk version 20200517

- security fix ncurses-6.2: multiple vulnerabilities (CVE-2019-17594, CVE-2019-17595) #698210

- security fix ntp-4.2.8_p14: Multiple vulnerabilities (CVE-2020-11868) #717798

- upgraded to timezone-data-2020a, alsa-topology-conf-1.2.2, alsa-ucm-conf-1.2.2, alsa-lib-1.2.2-r1, alsa-utils-1.2.2, ethtool-5.4, nettle-3.5.1-r1, wget-1.20.3-r3, xvkbd-4.1, util-linux-2.35.1-r2, openbox-3.6.1-r3

- critical security fix mozilla-firefox-68.8.0. Changelog: link

- security fix freerdp-2.1.0: Multiple vulnerabilities (CVE-2020-11017, CVE-2020-11018, CVE-2020-11019, CVE-2020-11038, CVE-2020-11039, CVE-2020-11040, CVE-2020-11041, CVE-2020-11042, CVE-2020-11043, CVE-2020-11044, CVE-2020-11045, CVE-2020-11046, CVE-2020-11047, CVE-2020-11048, CVE-2020-11049, CVE-2020-11058, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523, CVE-2020-11524, CVE-2020-11525, CVE-2020-11526)#716830

- upgraded to adobe-flash-32.0.0.371

Porteus Kiosk version 20200503

- upgraded to linux-5.4.36, intel-microcode-20191115_p20200429

- upgraded to glibc-2.30-r8, openssl-1.1.1g, nettle-3.5.1, fribidi-1.0.9, libpcre-8.43, dhcpcd-8.1.9, ntfs3g-2017.3.23-r3, glib-2.62.6, atk-2.34.1, at-spi2-core-2.34.0, at-spi2-atk-2.34.2

- kiosk fix disabled completion panel on the virtual keyboard by default as it may reveal passwords which user enters during the session

- upgraded to libsoup-2.70.0, freerdp-2.0.0-r1, vte-0.58.3

Porteus Kiosk version 20200419

- upgraded to openssl-1.1.1f, libxcb-1.14, curl-7.69.1, gnutls-3.6.13, libevdev-1.9.0, fuse-2.9.9-r1, feh-3.3, gtk+-3.24.16, xf86-video-intel-2.99.917_p20200310

- critical security fix mozilla-firefox-68.7. Changelog: link

- security fix libvncserver-0.9.12-r5: heap buffer overflow in HandleCursorShape() (CVE-2019-15690) #714054

- upgraded to libssh-0.9.4, libpcre2-10.34

- upgraded to adobe-flash-32.0.0.363

- security fix libvncserver-0.9.12-r5: heap buffer overflow in HandleCursorShape() (CVE-2019-15690) #714054

- upgraded to icaclient-19.12.0.19

- enabled microphone and webcam in the Citrix session by default

Porteus Kiosk version 20200404

- upgraded to linux-5.4.30

- kernel config: enabled EFI stub support which is needed to boot the kiosk on some HP PCs equipped with the EFI firmware

Porteus Kiosk version 20200329

- upgraded to linux-5.4.28

- kernel config: the busybox's modprobe applet does not load PHY drivers which are need to initialize NICs. Compiled broadcom and realtek PHY drivers directly into kernel to resolve PXE booting issues.

- upgraded to gmp-6.2.0-r1, nspr-4.25, shadow-4.8-r4, nss-3.51, libjpeg-turbo-2.0.4

- upgraded to google-chrome-80.0.3987.149

- upgraded to crda-4.14

- security fix libidn2-2.2.0: Improper roundtrip checks when converting A-labels to U-labels (CVE-2019-12290) #697752

- upgraded to usbredir-0.8.0

- upgraded to liberation-fonts-2.1.0

- upgraded to dbus-python-1.2.14, openjpeg-2.3.1-r1, poppler-0.85.0

- security fix libvorbis-1.3.6-r1: multiple vulnerabilities (CVE-2018-10392, CVE-2018-10393) #699862

Porteus Kiosk version 20200315

- upgraded to linux-5.4.25

- upgraded to coreutils-8.31-r1, kmod-26-r5, mtdev-1.1.6, sqlite-3.31.1, libxkbcommon-0.10.0, shadow-4.8-r3, hwids-20200306, curl-7.68.0, xkeyboard-config-2.29, xkbcomp-1.4.3, libwacom-1.1, llvm-9.0.1, mesa-19.3.5, xorg-server-1.20.7, xf86-input-wacom-0.39.0, xf86-video-intel-2.99.917_p20191209

- upgraded to google-chrome-80.0.3987.132

- upgraded to ppp-2.4.8

- upgraded to adobe-flash-32.0.0.344

- upgraded to openssh-8.1_p1-r3

Tagged as Porteus Kiosk 5.0.0 release

Wizard 5.0.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

Porteus Kiosk version 20200301

- major kernel upgrade upgraded to linux-5.4.23

- security fix glib-2.60.7-r2: Mishandling of proxy_addr field in GSocketClient may lead to proxy being ignored (CVE-2020-6750) #710514

- upgraded to xfsprogs-5.4.0-r1, acpid-2.0.32-r1, librsvg-2.40.21

- upgraded to google-chrome-80.0.3987.122

- upgraded to mozilla-firefox-68.5.0

- new feature added support for displaying TIFF files in the Firefox browser. TIFF files are converted to the PDF format first so its possible to view them directly in the browser. This function requires 'enable_file_protocol=yes' parameter present in the kiosk config.

- upgraded to openssh-8.1_p1-r2

- upgraded to python-2.7.17-r1, gutenprint-5.3.3

Porteus Kiosk version 20200216

- upgraded to linux-4.19.102, 20191115_p20200209

- security fix openssl: rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551) #702176

- security fix e2fsprogs-1.45.5: out of bounds write on filesystem check (CVE-2019-5188) #709374

- upgraded to gcc-9.2.0-r2, libffi-3.3-r1

- major Chrome upgrade upgraded to google-chrome-80.0.3987.100

- kiosk fix disabled 'browser reset prompt' by default in the Firefox browser. This prompt may appear when full persistence is enabled and the kiosk was not used for a while.

- new feature added virtual keyboard to the 'session password' windows its possible to start the kiosk session without physical keyboard

- new feature sync NTP time every day to keep the system clock updated for kiosks which are not rebooted for a long time (e.g. 6 months).

- upgraded to wpa_supplicant-2.9-r2

- upgraded to lz4-1.9.2

- upgraded to adobe-flash-32.0.0.330

- upgraded to hplip-3.18.12-r1, net-snmp-5.8-r3, python-2.7.17, libpaper-1.1.24_p5

Porteus Kiosk version 20200202

- upgraded to linux-4.19.101

- upgraded to alsa-lib-1.2.1.2, alsa-utils-1.2.1, imlib2-1.6.1, glib-2.60.7-r1, gtk+-3.24.13

- added alsa-topology-conf-1.2.1, alsa-ucm-conf-1.2.1.2

- kiosk fix fix mouse events on ncurses apps (mc, alsamixer) when logging to the kiosk over SSH from the 'xterm-256color' terminal

- new feature give the user 60 seconds to perform an action in order to stop shutting down the PC when the 'halt_idle=' parameter is used

- upgraded to libvncserver-0.9.12-r4

- upgraded to adobe-flash-32.0.0.314

- upgraded to libvncserver-0.9.12-r4

Porteus Kiosk version 20200118

- kiosk fix disable Chrome update popup also on browser instance which is used for displaying the screensaver video/webpage

- kiosk fix ensure to kill only the browser process when screensaver webpage is running and Xorg session is restarted

Porteus Kiosk version 20200111

- upgraded to linux-4.19.94

- security fix fribidi-1.0.8: stack buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c (CVE-2019-18397) #699338

- upgraded to rsyslog-8.1911.0-r1, xfsprogs-5.4.0, libxml2-2.9.9-r3, libXpm-3.5.13, libvdpau-1.3, mesa-19.2.8, libepoxy-1.5.4, xorg-server-1.20.6, xf86-input-wacom-0.38.0

- critical security fix mozilla-firefox-68.4.1. Changelog: link

- kiosk fix 'persistence=full' parameter: remove Chrome's SingletonLock file by default to avoid 'Chrome profile' locked message when hostname is changed

- kiosk fix reuse Chrome profile in full for screensaver video/webpage purposes. Some extensions can be forced through global policies as we want to keep their settings in the new Chrome instance which is used to play the screensaver.

- kiosk fix recompiled openssh package with support for obsolete keys as many kiosk users still use older SSH clients

Porteus Kiosk version 20191221

- upgraded to glibc-2.29-r7, ncurses-6.1_p20190609, gnutls-3.6.7-r1, fribidi-1.0.7, nss-3.47.1-r1, glib-utils-2.60.7, glib-2.60.7, gdk-pixbuf-2.40.0, atk-2.32.0, at-spi2-core-2.32.1, at-spi2-atk-2.32.0, gtk+-3.24.11, adwaita-icon-theme-3.32.0

- kiosk fix 'volume_level=' parameter: set the sound level for every audio device present in the system and not just the first one

- upgraded to libssh-0.9.3, libsoup-2.66.4, vte-0.56.4

- upgraded to adobe-flash-32.0.0.303

Porteus Kiosk version 20191208

- security fix nss-3.47.1: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) #701840

- upgraded to elfutils-0.177, sqlite-3.30.1, stunnel-5.55, libxml2-2.9.9-r2

- critical security fix mozilla-firefox-68.3.0. Changelog: link

- security fix tiff-4.1.0: multiple vulnerabilities (CVE-2018-19210, CVE-2019-17546, CVE-2019-6128) #699868

- upgraded to poppler-0.82.0, perl-5.30.1

Porteus Kiosk version 20191124

- upgraded to linux-4.19.86, intel-microcode-20191115_p20191110

- security fix libjpeg-turbo-2.0.3: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images (CVE-2019-2201) #699830

- upgraded to kmod-26-r3, attr-2.4.48-r3, libbsd-0.10.0, libxkbcommon-0.9.1, libdrm-2.4.100, libX11-1.6.9, xkeyboard-config-2.28, rsyslog-8.1910.0-r1, harfbuzz-2.6.4, libnotify-0.7.8, xf86-video-ati-19.1.0, xf86-video-amdgpu-19.1.0, mesa-19.1.8, volumeicon-0.5.1-r1

- thinclient fix fixed Citrix standalone application by switching to latest 'selfservice' utility which utilize webkitgtk2 package, also added all required dependencies

- upgraded to remmina-1.3.6-r1, shared-mime-info-1.10-r1

- added libsodium-1.0.18

- upgraded to adobe-flash-32.0.0.293

- security fix libvncserver-0.9.12-r3: memory leak allows attacker to read stack memory (CVE-2019-15681) #699036

Porteus Kiosk version 20191109

- security fix curl-7.66.0: multiple vulnerabilities (CVE-2019-5481, CVE-2019-5482) #694020

- upgraded to kmod-26-r2, eudev-3.2.9, libgudev-233-r1, libusb-1.0.21-r1, pciutils-3.5.6-r1

- security fix wpa_supplicant-2.9-r1: multiple vulnerabilities (CVE-2019-{13377,16275}) #696030

- security fix libpcre2-10.33-r1: multiple vulnerabilities #699052

- security fix ghostscript-gpl-9.50 multiple vulnerabilities (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817) #693002

- upgraded to qpdf-9.0.2, jbig2dec-0.17-r1, cups-filters-1.25.11

Porteus Kiosk version 20191027

- upgraded to linux-4.19.80

- security fix rsyslog-8.1910.0: multiple vulnerabilities (CVE-2019-17041, CVE-2019-17042) #697464

- upgraded to timezone-data-2019c, sqlite-3.29.0, hwids-20191025, gdk-pixbuf-2.38.1-r1

- major Chrome upgrade upgraded to google-chrome-78.0.3904.70

- critical security fix mozilla-firefox-68.2.0. Changelog: link

- kiosk fix added '-noxdamage' flag to the x11vnc startup script to prevent VNC crashes on some kiosks

- security fix libgcrypt-1.8.5: ECDSA side-channel attack (CVE-2019-13627) #693108

- upgraded to adobe-flash-32.0.0.270

- upgraded to openssh-8.0_p1-r4

- upgraded to openldap-2.4.48, python-2.7.16

Porteus Kiosk version 20191005

- upgraded to linux-4.19.77

- security fix e2fsprogs-1.45.4: maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck (CVE-2019-5094) #695522

- upgraded to libffi-3.3_rc0, e2fsprogs-libs-1.45.4

- kiosk fix hide the Firefox's tab bar when 'toggle_tabs=' parameter is used. Regression introduced after upgrading to Firefox 68.x.

Porteus Kiosk version 20190921

- upgraded to linux-4.19.75, intel-microcode-20190918_p20190918

- security fix openssl-1.0.2t: multiple vulnerabilities (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563) #694162

- security fix expat-2.2.8: Heap buffer overread (CVE-2019-15903) #694362

- upgraded to gmp-6.1.2-r1, libpciaccess-0.16, libICE-1.0.10, libevdev-1.8.0, libXfont2-2.0.4, setxkbmap-1.3.2, xinput-1.6.3, xrandr-1.5.1, libdrm-2.4.99, llvm-8.0.1, mesa-19.1.7

- upgraded to adobe-flash-32.0.0.255

Tagged as Porteus Kiosk 4.9.0 release

Wizard 4.9.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

Porteus Kiosk version 20190908

- upgraded to feh-3.2.1, nspr-4.22, nss-3.46, rsyslog-8.1904.0-r1, xvkbd-4.0, glib-2.60.6, harfbuzz-2.6.1, libwacom-0.33, gtk+-3.24.10

- critical security fix mozilla-firefox-68.1.0. Changelog: link

- new feature enable dictionary on the xvkbd virtual keyboard by default

- new feature 'homepage_check=' parameter will restart network service approx every 10 minutes if homepage is not found

- new feature if 'session_idle=' parameter is enabled then users have up to 30 seconds to cancel session restart/lock instead of 5 seconds

- new feature when 'session_idle_forced=' parameter is used then no 'session restart' notification will be displayed as this parameter is used mostly for digital signage

- security fix tiff-4.0.10-r2: Integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973) #693394

- security fix openjpeg-2.3.1: Multiple vulnerabilities (CVE-2018-5727, CVE-2018-5785, CVE-2018-6616) #646774

- upgraded to poppler-0.79.0-r1

- upgraded to icaclient-19.8.0.29

xorg-server-1.20.x fullscreen issue seems to be fixed now in latest Citrix package so we have removed our own tweaks for emulating the fullscreen mode

Porteus Kiosk version 20190825

- upgraded to linux-4.19.68, intel-microcode-20190618_p20190819

- security fix pango-1.42.4-r2: Buffer overflow (CVE-2019-1010238) #692110

- upgraded to timezone-data-2019b-r1, hwids-20190818, libva-2.5.0-r1, libva-intel-driver-2.3.0

- upgraded to google-chrome-76.0.3809.100

- critical security fix mozilla-firefox-68.0.2. Changelog: link

- kiosk fix 'client_id=automatic' - ensure the port is not already used by other kiosk or process when registering new client ID

- security fix wpa_supplicant-2.8: Improper fragmentation reassembly state validation in EAP peer leading to DoS (CVE-2019-11555) #685860

- upgraded to remmina-1.3.4, libssh-0.9.0

- upgraded to adobe-flash-32.0.0.238

- upgraded to openssh-8.0_p1-r2

WARNING: We have changed default key type from RSA to newer Ed25519 (faster and more secure) in OpenSSH version 8.x.

Please reboot Porteus Kiosk Server ASAP in order to upgrade the system and OpenSSH package specifically. This is to avoid connectivity issues with kiosk clients which already upgraded to system 8version '20190825' and higher.

Porteus Kiosk version 20190803

- upgraded to linux-4.19.63, intel-microcode-20190618_p20190722

- security fix glib-2.58.3-r1: file_copy_fallback does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450) #690498

- upgraded to dhcpcd-7.2.3, xfsprogs-4.19.0

- major Chrome upgrade upgraded to google-chrome-76.0.3809.87

- major Firefox ESR release mozilla-firefox-68.0 changelog: 53.0 54.0 55.0 56.0 57.0 58.0 59.0 60.0 61.0 62.0 63.0 64.0 65.0 66.0 67.0 68.0

- *broken parameter* Mozilla still did not fix the 'silent_printing=' parameter in Firefox 68. We could not wait any longer with a Firefox upgrade so please switch to Chrome if you need this feature.

- kiosk fix disabled middle mouse click by default when browser works with navigation bar disabled so its not possible to open new tabs when clicking on the hyperlinks

- kiosk fix disabled hidden files from viewing through the file protocol in the Firefox browser

- kiosk fix run 'grep' utility with a '-w' flag to properly find and reuse client IDs from deleted kiosks when 'client_id=automatic' parameter is used

- kiosk fix disabled 'Ctrl+0' (zoom reset) keyboard shortcut when 'disable_zoom_controls=' parameter is used. This is to prevent the case when zoom level is changed by the admin and kiosk users should not reset it back to default value.

- new feature 'managed_bookmarks=' parameter will work even when when navigation bar is disabled in the Firefox browser

- *removed* as Firefox 68 do not support java NPAPI plugin anymore. Java .jnlp files are rare nowadays and can be still supported through the customized builds.

Porteus Kiosk version 20190721

- upgraded to linux-4.19.60

- upgraded to ncurses-6.1_p20181020, timezone-data-2019a, ca-certificates-20190110.3.43, e2fsprogs-libs-1.45.2, e2fsprogs-1.45.2, libX11-1.6.8, libevdev-1.7.0, xkeyboard-config-2.27, libXt-1.2.0, libXi-1.7.10, xinit-1.4.1, mesa-19.0.8, libepoxy-1.5.3-r1, xorg-server-1.20.5, xf86-input-elographics-1.4.2

- kiosk fix screensaver video: detect screen size properly for the video outputs which are marked as 'primary' in the xrandr output

- upgraded to libvncserver-0.9.12-r2

- upgraded to adobe-flash-32.0.0.223

- upgraded to libvncserver-0.9.12-r2

Porteus Kiosk version 20190707

- upgraded to linux-4.19.57, intel-microcode-20190514_p20190623

- security fix dbus-1.12.16: authentication bypass through manipulated symlinks (CVE-2019-12749) #687900

- security fix expat-2.2.7 stable request due to denial-of-service vulnerability in <2.2.7 (CVE-2018-20843) #688734

- upgraded to elfutils-0.176-r1

Porteus Kiosk version 20190623

- upgraded to linux-4.19.54, intel-microcode-20190514_p20190608

- upgraded to util-linux-2.33.2, wget-1.20.3-r1, rsyslog-8.1904.0

- upgraded to adobe-flash-32.0.0.207

- security fix icedtea-bin-3.12.0: Multiple vulnerabilties #685480

Porteus Kiosk version 20190609

- upgraded to linux-4.19.49, intel-microcode-20190514_p20190525

upgraded to google-chrome-74.0.3729.169

- upgraded to wireless-regdb-20190603

- upgraded to x11vnc-0.9.16-r2

- security fix cups-2.2.11: Linux session cookies use a predictable random number seed (CVE-2018-4700) #672742

- upgraded to poppler-0.77.0

Porteus Kiosk version 20190526

- upgraded to linux-4.19.46, intel-microcode-20190514_p20190512

- security fix sqlite-3.28.0: use-after-free in window function leading to remote code execution (CVE-2019-5018) #685838

- security fix libxslt-1.1.33-r1: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068) #684206

- security fix curl-7.65.0: multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436) #686050

- upgraded to llvm-7.1.0, libvdpau-1.2, usbutils-010-r1

- upgraded to crda-3.18-r3

- upgraded to adobe-flash-32.0.0.192

- upgraded to libvncserver-0.9.12

- upgraded to net-snmp-5.8-r1, gutenprint-5.3.1, perl-5.28.2-r1

Porteus Kiosk version 20190512

- upgraded to linux-4.19.42

- kernel config: set Hyper-V framebuffer to FullHD resolution by default as userspace can not control the screen size on Hyper-V virtual machines

- security fix dhcpcd-7.1.1-r3 - dhcpv6: potential read overflow with D6_OPTION_PD_EXCLUDE #685264

- upgraded to libxml2-2.9.9-r1, libcroco-0.6.13, at-spi2-core-2.30.1, gdk-pixbuf-2.38.1, pango-1.42.4-r1, atk-2.30.0, librsvg-2.40.20, at-spi2-atk-2.30.1, gtk+-3.24.8, adwaita-icon-theme-3.30.1

- major Chrome upgrade upgraded to google-chrome-74.0.3729.131

- new feature added user guest to the cdrom group by default so its possible to play DVDs/Audio CDs in kiosk

- upgraded to libsoup-2.64.2, vte-0.54.4

- added libpsl-0.21.0, libidn2-2.1.1a-r1

Porteus Kiosk version 20190428

- upgraded to linux-4.19.37, intel-microcode-20180807a_p20190420

- security fix libpng-1.6.37: use-after-free vulnerability in png_image_free (CVE-2018-14048, CVE-2018-14550, CVE-2019-7317) #683366

- security fix dhcpcd-7.1.1-r2 - multiple vulnerabilities #684430

- upgraded to bzip2-1.0.6-r11, libcap-2.26-r2, sqlite-3.27.2, pixman-0.38.4, libXau-1.0.9, libXdmcp-1.1.3, xkeyboard-config-2.26-r1, libfontenc-1.1.4, libxkbcommon-0.8.4, ntfs3g-2017.3.23-r2, libXext-1.3.4, libxkbfile-1.1.0, xmodmap-1.0.10, libXcomposite-0.4.5, libXrandr-1.5.2, libXdamage-1.1.5, libXmu-1.1.3, libXcursor-1.2.0, xev-1.2.3, xdotool-3.20160805.1, libXft-2.3.3, xorg-server-1.20.4, gtk+-3.24.4-r1, xf86-video-nouveau-1.0.16, xf86-video-ati-19.0.1, xf86-video-amdgpu-19.0.1, xf86-video-intel-2.99.917_p20190301

- upgraded to libgpg-error-1.36, libpcre2-10.32

- security fix tiff-4.0.10: potential out-of-bounds write in JBIGDecode() (CVE-2018-18557) #669948

- upgraded to jbig2dec-0.14

Porteus Kiosk version 20190414

- never clear the screen when booting with 'kernel_parameters=debug' enabled. It allows to see kernel oopses and crashes caused by drivers loaded later in the booting process by udev.

- upgraded to linux-4.19.34

- security fix wget-1.20.3: buffer overflow vulnerability (CVE-2019-5953) #682994

- security fix cairo-1.16.0-r3: invalid free in cairo_ft_apply_variations (CVE-2018-19876) #672908

- security fix elfutils-0.173-r1: dwfl_segment_report_module doesn't check whether the dyn data read from core (CVE-2019-7150) #676974

- security fix gnutls-3.6.7: multiple vulnerabilities (CVE-2019-3829, CVE-2019-3836, GNUTLS-SA-2019-03-27) #681846

- upgraded to glibc-2.28-r6, libdrm-2.4.97, glib-2.58.3, curl-7.64.1, stunnel-5.50-r1, dhcpcd-7.1.1-r1, mesa-18.3.6, mesa-progs-8.4.0

- new feature if remote management is enabled then report remote config name to Porteus Kiosk Server

- upgraded to adobe-flash-32.0.0.171

- upgraded to grub-2.03 from git. Latest verion is needed to boot some CoffeLake and GeminiLake systems which supports EFI firmware only.

Porteus Kiosk version 20190331

- upgraded to linux-4.19.32

- upgraded to glibc-2.28-r5, alsa-lib-1.1.8, alsa-utils-1.1.8, nettle-3.4.1, hwids-20190316, gnutls-3.6.6, harfbuzz-2.3.1

- upgraded to ppp-2.4.7-r7

- upgraded to opus-1.3

Porteus Kiosk version 20190317

- upgraded to linux-4.19.29, intel-microcode-20180807a_p20190309

- security fix openssl-1.0.2r - undisclosed vulnerabilities (CVE-2019-1559) #678564

- security fix ntp-4.2.8_p13: Crafted null dereference attack in authenticated mode 6 packet (CVE-2019-8936) #679742

- upgraded to ethtool-4.19, sysvinit-2.93, feh-3.1.1, rsyslog-8.1901.0

- upgraded to lz4-1.8.3

- upgraded to adobe-flash-32.0.0.156

- security fix openssh-7.9_p1-r4: multiple vulnerabilities (CVE-2019-{6109,6110,6111}) #675522

- security fix poppler-0.73.0: a reachable abort in FileSpec::FileSpec in FileSpec.cc (CVE-2018-20650) #674666

- upgraded to sane-backends-1.0.27-r3

Porteus Kiosk version 20190309

This is an emergency update which covers Chrome browser 'zero-day' vulnerability: link

- upgraded to google-chrome-72.0.3626.121

Porteus Kiosk version 20190302

- upgraded to linux-4.19.26

- security fix libxml2-2.9.8-r1: Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872) #618110

- upgraded to libpcre-8.42, xf86-video-intel-2.99.917_p20180214-r2, dbus-1.12.12-r1

- upgraded to google-chrome-72.0.3626.109

- upgraded to wireless-regdb-20190301

- upgraded to libertine-5.3.0.20120702-r3

Porteus Kiosk version 20190217

- upgraded to linux-4.19.23, intel-microcode-20180807a_p20190204

- security fix curl-7.64.0 - multiple vulnerabilities (CVE-2018-16890, CVE-2019-3822, CVE-2019-3823) #677346

- upgraded to kmod-25, mc-4.8.22, lm_sensors-3.5.0, expat-2.2.6

- major Chrome upgrade upgraded to google-chrome-72.0.3626.96, pepperflash-32.0.0.114

- upgraded to adobe-flash-32.0.0.142

- upgraded to cups-filters-1.21.6, qpdf-8.2.1, sane-backends-1.0.27-r2

- upgraded to icaclient-19.1.0.9

Porteus Kiosk version 20190203

- upgraded to linux-4.19.19

- upgraded to hwids-20180917, pixman-0.36.0, libevdev-1.6.0, xinit-1.4.0-r1, cairo-1.16.0-r2, xf86-video-mga-2.0.0, nss-3.40.1-r1

- kiosk fix added guest user to the 'usb' and 'plugdev' groups so it's possible to connect to the mobile phones and photo cameras in order to download the files from them

- security fix icedtea-bin-3.10.0: Multiple vulnerabilties #676152

Tagged as Porteus Kiosk 4.8.0 release

Wizard 4.8.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

Porteus Kiosk version 20190119

- major kernel upgrade upgraded to linux-4.19.16

- upgraded to intel-microcode-20180807a_p20181215

- upgraded to conky-1.10.8-r4, coreutils-8.30, harfbuzz-2.0.2-r1, e2fsprogs-1.44.5, e2fsprogs-libs-1.44.5, libunistring-0.9.10

- new feature ask for confirmation when restarting kiosk wizard, this is to prevent accidental restarts and losses of wizard choices

Porteus Kiosk version 20190113

- busybox: added aliases support to the 'ash' shell

- upgraded to linux-4.14.93

- security fix openssl-1.0.2q: side-channel vulnerability (CVE-2018-5407) #673056

- security fix wget-1.20.1: password and metadata leak via extended filesystem attributes (CVE-2018-20483) #674170

- security fix glib-2.56.4: multiple vulnerabilities #668474

- security fix ntp-4.2.8_p12: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) #658576

- upgraded to mc-4.8.20-r1, timezone-data-2018i, xvkbd-3.9, ca-certificates-20180409.3.37, util-linux-2.33-r1, tint2-16.6.1, mesa-18.2.8

- added xcompmgr-1.1.7-r1, xf86-video-vboxvideo-1.0.0

- kiosk fix added mc="mc -u" alias to disable subshell otherwise midnight commander starts slowly on the ash shell

- upgraded to adobe-flash-32.0.0.114

- security fix poppler-0.68.0: multiple vulnerabilities #659828

- upgraded to openjpeg-2.3.0-r1, hplip-3.18.12, perl-5.26.2

Porteus Kiosk version 20181222

- upgraded to linux-4.14.90, intel-microcode-20180807a_p20181215

- upgraded to acpid-2.0.31, libestr-0.1.11, rsyslog-8.40.0-r1, timezone-data-2018g-r1

- kiosk fix added support for xterm-256color terminals for ncurses based apps (alsamixer, midnight commander, etc) which can be run over SSH

Porteus Kiosk version 20181216

- upgraded to linux-4.14.88

- upgraded to atk-2.28.1, curl-7.62.0, libpng-1.6.35-r1, nspr-4.20, nss-3.40.1, sqlite-3.25.3, sysvinit-2.91-r1, tofrodos-1.7.13, rsyslog-8.38.0-r2, fribidi-1.0.5, at-spi2-core-2.26.2, at-spi2-atk-2.26.2, harfbuzz-2.0.2, gtk+-2.24.32-r1, gtk+-3.24.1, fuse-2.9.8, mesa-18.2.7

- kiosk fix kiosk wizard: make proxy.pac file working in case when it returns the 'DIRECT' connection (no proxy used)

- security fix wpa_supplicant-2.6-r10: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526) #663172

- upgraded to json-glib-1.4.4

- upgraded to adobe-flash-32.0.0.101

Porteus Kiosk version 20181202

- upgraded to linux-4.14.85

- upgraded to google-chrome-70.0.3538.110

- kiosk fix start VNC service with 10 seconds delay to allow clipboard copying between the host and the VNC clients

- kiosk fix delete caches folder when screensaver webpage and video is closed to free up the space in the RAM

- kiosk fix 'session_idle=' parameter must kill also the Ctirix session

- security fix freerdp-2.0.0_rc4: multiple vulnerabilities (CVE-2018-{8784,8785,8786,8787,8788,8789}) #672010

- upgraded to adobe-flash-31.0.0.153

- security fix openldap-2.4.45: Double free vulnerability in servers/slapd/back-mdb/search.c (CVE-2017-9287) #620204

- security fix ghostscript-gpl-9.26: 1Policy operator gives access to .forceput (CVE-2018-18284) #668846

- major Citrix Receiver upgrade upgraded to icaclient-18.10.0.11

- kiosk fix run Citrix window in maximized mode instead of fullscreen as it causes 100% CPU usage with xorg server 1.20.x. Unfortunately all Citrix versions are affected by this bug and its 5 months old already so we are not sure when it will be fixed by upstream: link

Porteus Kiosk version 20181118

- upgraded to linux-4.14.81, intel-microcode-20180807a_p20181117

- upgraded to baselayout-2.6-r1, timezone-data-2018g, openssl-1.0.2p-r1, wget-1.19.5-r1, mesa-18.2.5, tigervnc-1.9.0-r1

- upgraded to google-chrome-70.0.3538.102

- kiosk fix fixed calibration not working for touch controllers containing 'Ⓡ' symbol in their name

- kiosk fix wait 4 seconds before rotating the touch input as some screens are slow to initialize

- kiosk fix wait up to 120 seconds for the gateway as some setups require starting the local server first and many times the kiosk is faster

- upgraded to spice-gtk-0.35

- added lz4-1.8.2

- upgraded to adobe-flash-31.0.0.148

Porteus Kiosk version 20181104

- upgraded to linux-4.14.79, intel-microcode-20180807a_p20181027

- added wifi firmware needed for Surface Pro 2s laptop

- major Xorg upgrade upgraded xorg-server to version 1.20.3 and bumped whole Xorg stack: libdrm-2.4.96, libSM-1.2.3, libX11-1.6.7, libepoxy-1.5.3, mesa-18.2.4, xkeyboard-config-2.25, xf86-video-r128-6.12.0, xf86-video-ati-18.1.0, xf86-video-amdgpu-18.1.0

- upgraded to glibc-2.27-r6, sshpass-1.06, acpid-2.0.30, rsyslog-8.38.0-r1

- upgraded to google-chrome-70.0.3538.77

- kiosk fix fallback to the 'iw' utility for scanning for available wireless networks when there are 100+ Access Points in range

- upgraded to wireless-regdb-20181024

- added iw-4.9

Porteus Kiosk version 20181021

- upgraded to linux-4.14.72, intel-microcode-20180807a_p20180922

- upgraded to alsa-lib-1.1.6-r1, alsa-utils-1.1.6, lm_sensors-3.4.0_p20180923, apulse-0.1.12-r4, harfbuzz-1.9.0, libnotify-0.7.7-r1

- major Chrome upgrade upgraded to google-chrome-70.0.3538.67, pepperflash-31.0.0.122

- kiosk fix fixed full persistence not working when kiosk was installed on some eMMC and NVME devices (/dev/mmcblk2 and /dev/nvme0n2 nodes)

- kiosk fix fixed calibration not working for touch controllers containing additional spaces in their names. Example: "ELO Touch Solutions ELO Touch Solutions AccuTouch 2218" has two spaces between "Solutions" and "ELO" strings.

- security fix libssh-0.8.4: Authentication bypass vulnerability in the server code (CVE-2018-10933) #668788

- upgraded to adobe-flash-31.0.0.122

- security fix icedtea-bin-3.9.0: Multiple vulnerabilties #667920

Porteus Kiosk version 20181007

- upgraded to libbsd-0.9.1, libxcb-1.13.1, rsyslog-8.38.0, dosfstools-4.1, dbus-glib-0.110, mesa-18.1.9

- added librsvg-2.40.18, libcroco-0.6.12-r1

- upgraded to remmina-1.2.31.3

- added json-glib-1.2.8, libsoup-2.58.2

- security fix ghostscript-gpl-9.25: Multiple vulnerabilities (CVE-2018-{15908,15909,15910,15911,16509,16510,16511,16513,16539,16540,16541,16542,16543,16585,16802}) #635426

Porteus Kiosk version 20180923

- do not search for the GPU driver if PCI bus in not available (Hyper-V Gen2 platform and some ARM boxes)

- upgraded to linux-4.14.71, intel-microcode-20180807a_p20180916

- kernel config: enabled support for Hyper-V Gen2 platform

- security fix libxkbcommon-0.8.2: multiple vulnerabilities (CVE-2018-{15853,15854,15855,15856,15857,15858,15859,15861,15862,15863,15864}) #665702

- upgraded to nspr-4.19, nss-3.37.3, xfsprogs-4.17.0-r1

- upgraded to adobe-flash-31.0.0.108

- security fix python-2.7.15: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c (CVE-2018-1000030) #647862

- security fix tiff-4.0.9-r4: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes crash (CVE-2017-18013) #645982

- upgraded to cups-filters-1.20.4

Porteus Kiosk version 20180909

- security fix openssl-1.0.2o-r6: Client DoS due to large DH parameter (CVE-2018-0732) #663654

- security fix curl-7.61.1: NTLM password overflow via integer overflow (CVE-2018-14618) #665292

- upgraded to timezone-data-2018e

- kiosk fix Remmina: remember connection passwords (SSH, VNC, RDP, etc) when persistence is set to full

- upgraded to wireless-regdb-20180907

Porteus Kiosk version 20180825

- security fix libjpeg-turbo-1.5.3-r2: Denial of Service (CVE-2018-1152, CVE-2018-11813) #658624

- security fix libX11-1.6.6: Multiple vulnerabilities (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600) #664184

- security fix pango-1.42.4: assertion which can be triggered by invalid Unicode sequences #664108

- upgraded to bzip2-1.0.6-r10, fontconfig-2.13.0-r4, libdrm-2.4.93, gnutls-3.5.19, libevdev-1.5.9-r1, pciutils-3.5.6, llvm-6.0.1, libXinerama-1.1.4, libXScrnSaver-1.2.3, libwacom-0.30, libXaw3d-1.6.3, sqlite-3.24.0, xkbcomp-1.4.2, xf86-video-fbdev-0.5.0, mesa-18.1.6, xf86-video-vmware-13.3.0

- added fribidi-0.19.7

- upgraded to adobe-flash-30.0.0.154

- security fix openssh-7.7_p1-r9: User enumeration via malformed packets in authentication requests (CVE-2018-15473) #664264

Porteus Kiosk version 20180812

- upgraded to linux-4.14.62, intel-microcode-20180807_p20180808-r1

- added localization files from 'libX11' package so Citrix Receiver can work correctly with non english keyboard layouts

- upgraded to google-chrome-68.0.3440.105

- kiosk fix 'screensaver_video' and 'screensaver_webpage' parameters will properly handle URLs containing '&' sign

- new feature allow 'screensaver_webpage' to work with webpage stored on a local filesystem, e.g. 'screensaver_webpage=file:///opt/www/index.html'

Porteus Kiosk version 20180728

- upgraded to intel-microcode-20180721-r1

- major Chrome upgrade upgraded to google-chrome-68.0.3440.75

- kiosk fix set the timezone before rsyslogd is started

- new feature added remote kiosk config name to the debug report. For security reasons we cant reveal full kiosk config location, however - config name itself should be enough for the admins to figure out which remote config the kiosk is currently using.

- upgraded to adobe-flash-30.0.0.134

Porteus Kiosk version 20180715

- upgraded to linux-4.14.55, intel-microcode-20180703

- security fix curl-7.61.0: Heap-based Buffer Overflow (CVE-2018-0500) #660894

- upgraded to coreutils-8.29-r1, libcap-2.25, util-linux-2.32-r4, imlib2-1.5.1, rsyslog-8.35.0-r1, harfbuzz-1.8.1, gtk+-3.22.30, gtk+-2.24.32

- critical security fix mozilla-firefox-52.9.0. Changelog: link

Porteus Kiosk version 20180701

- upgraded to linux-4.14.52

- upgraded to ntfs3g-2017.3.23-r1, zlib-1.2.11-r2

- upgraded to libnl-3.4.0

- upgraded to icedtea-web-1.6.2

- upgraded to icaclient-13.10.0.20

Porteus Kiosk version 20180623

IMPORTANT:

GCC 7.3.0 is finally stable now in upstream Gentoo project. This is important as linux kernel compiled with this compiler version provides full mitigation for Spectre v2 vulnerability. Check below is performed on Intel m3-6Y30 CPU which is fully protected with this update:

root@tablet:~# dmesg | grep microcode

[ 0.000000] microcode: microcode updated early to revision 0xc6, date = 2018-04-17




root@tablet:~# grep . /sys/devices/system/cpu/vulnerabilities/*

/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI

/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp

/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization

/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW

- upgraded to linux-4.14.51, intel-microcode-20180616

- upgraded to gcc-7.3.0-r3

- upgraded to openssh-7.7_p1-r5

Porteus Kiosk version 20180616

Tagged as Porteus Kiosk 4.7.0 release

Wizard 4.7.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

- upgraded to linux-4.14.50

- upgraded to: acpid-2.0.29-r1, llvm-5.0.2, xf86-input-wacom-0.36.0-r2

- critical security fix mozilla-firefox-52.8.1. Changelog: link

- kiosk fix system upgrade/reconfiguration notification will be visible all the time so users can know there is an action happening in the backgroud

- security fix ppp-2.4.7-r6: Buffer Overflow in pppd EAP-TLS implementation (CVE-2018-11574) #657656

- upgraded to libgcrypt-1.8.3, libgpg-error-1.29

- major flashplayer upgrade upgraded to adobe-flash-30.0.0.113

- security fix icedtea-bin-3.8.0: Multiple vulnerabilties #657704

- upgraded to openssh-7.7_p1-r4

Porteus Kiosk version 20180603

- upgraded to linux-4.14.47, intel-microcode-20180527-r1

- security fix procps-3.3.15: multiple vulnerabilities (qualys audit) (CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124) #656022

- upgraded to: glibc-2.26-r7, timezone-data-2018d, stunnel-5.43, conky-1.10.8-r1, openssl-1.0.2o-r3, xf86-input-synaptics-1.9.1, xf86-input-evdev-2.10.6

- kiosk fix enable flashplayer by default for Chrome browser when 'screensaver_url=' parameter is used

- upgraded to wireless-regdb-20180531

Porteus Kiosk version 20180521

- upgraded to linux-4.14.42

- kernel config: enabled touchpad compatibility layer for older hardware

- security fix wget-1.19.5: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494) #655216

- security fix curl-7.60.0: multiple vulnerabilities (CVE-2018-1000300, CVE-2018-1000301) #655266

- security fix libidn-1.34 - multiple vulnerabilities #655668

- security fix freetype-2.9.1: crash with certain malformed variation fonts (CVE-2018-6942) #654696

- upgraded to: e2fsprogs-libs-1.43.9, libpciaccess-0.14, libxshmfence-1.3, xkeyboard-config-2.23.1-r1, libevdev-1.5.9, rsyslog-8.34.0, usbutils-009, libxkbcommon-0.8.0, e2fsprogs-1.43.9, libdrm-2.4.91, libxcb-1.13, libxkbfile-1.0.9-r1, xkbcomp-1.4.1, xinit-1.4.0, tigervnc-1.8.0-r3, libepoxy-1.5.1, xorg-server-1.19.5-r2, xf86-video-vesa-2.4.0, xf86-input-wacom-0.36.0, xf86-video-intel-2.99.917_p20180214, xf86-video-ati-18.0.1, xf86-video-amdgpu-18.0.1

- upgraded to google-chrome-66.0.3359.181, pepper-flash-29.0.0.171

- critical security fix mozilla-firefox-52.8. Changelog: link

- kiosk fix replaced '--start-fullscreen' with '--kiosk' flag for Chrome screensaver to get rid of 'Press F11 to exit fullscreen' notification

- kiosk fix made 'Cancel' button same size as other buttons in shutdown menu so its easier to press this button on touchscreens

- new feature enabled "DRI3" and "TearFree" features on Intel DDX driver by default

- upgraded to wireless-regdb-20180509

- upgraded to freerdp-2.0.0_rc2-r1

- upgraded to adobe-flash-29.0.0.171

- upgraded to cups-2.2.7, gutenprint-5.2.13

Porteus Kiosk version 20180506

- upgraded to linux-4.14.39

- kernel config: added support for DM-Crypt so its possible to encrypt partitions or files with cryptsetup

- security fix shadow-4.6: unprivileged user can drop supplementary groups (CVE-2018-7169) #647790

- upgraded to: conky-1.10.8, libxml2-2.9.8, libxslt-1.1.32, harfbuzz-1.7.6, gdk-pixbuf-2.36.12, gtk+-3.22.29, mesa-17.3.9

- added haveged-1.9.2-r1

- major Chrome upgrade upgraded to google-chrome-66.0.3359.139

- new feature allow redirecting USB devices to the Citrix session by default

Porteus Kiosk version 20180422

- security fix openssl-1.0.2o: multiple vulnerabilities (CVE-2018-0733, CVE-2018-0739) #651730

- security fix sqlite-3.23.1: Denial of Service vulnerability through corrupted schemas (CVE-2018-8740) #650952

- upgraded to: ca-certificates-20170717.3.36.1, ethtool-4.13, gnutls-3.5.18, libpng-1.6.34, logrotate-3.14.0, nettle-3.4

- upgraded to wpa_supplicant-2.6-r6

- upgraded to adobe-flash-29.0.0.140

Porteus Kiosk version 20180408

- upgraded to linux-4.14.33

- security fix glibc-2.25-r11: Heap pointer deference vulnerability on powerpc (CVE-2018-6551) #646492

- security fix ncurses-6.1: Stack buffer overflow vulnerability (CVE-2017-16879) #639706

- security fix libtasn1-4.13: CVE-2018-6003: stack overflow due to unbounded recursion/DOS #647012

- upgraded to: libdrm-2.4.89, mesa-17.3.8, pango-1.40.14-r1, rsyslog-8.32.0-r4

- critical security fix mozilla-firefox-52.7.3. Changelog: link

- kiosk fix wizard: repeat calibration twice for touch devices with swapped axes. This is needed to get accurate calibration data.

- kiosk fix unblock 'Ctrl + left mouse click' during installation so its possible to select multiple devices for calibration in the wizard

- kiosk fix kill old VNC connections before restarting vnc service

- upgraded to usb_modeswitch-2.5.2

- security fix libvorbis-1.3.6: out of bounds write (CVE-2018-5146) #650654

- upgraded to icaclient-13.9.1.6

Porteus Kiosk version 20180325

- upgraded to linux-4.14.30

- upgraded to intel-microcode-20180312

- security fix curl-7.59.0: multiple vulnerabilities (CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122) #650056

- security fix ntp-4.2.8_p11: multiple vulnerabilities (CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185) #649612

- security fix ncurses-6.1: Stack buffer overflow vulnerability (CVE-2017-16879) #639706

- upgraded to: dbus-1.10.24, dhcpcd-7.0.1

- new feature wizard: do not ask for the client ID, SSH and VNC details when pointing kiosk to existing remote config hosted on Porteus Kiosk Server. These details does not matter at the installation stage as kiosk will be reconfigured anyway as per remote config settings. Installation of multiple clients should be faster now.

- upgraded to usb_modeswitch-2.4.0-r1

- security fix spice-gtk-0.34: Denial of Service/RCE vulnerability through malicious messages #650878

- new feature Chrome browser: associate ".ica" files with Citrix Receiver. Receiver standalone application opens now automatically after clicking on the ".ica" file.

- upgraded to freerdp-2.0.0_rc1-r1

- upgraded to adobe-flash-29.0.0.113

- security fix tiff-4.0.9: Heap-based buffer overflow in tiff2pdf (CVE-2017-11335) #645980

- added libogg-1.3.3, libvorbis-1.3.5, speex-1.2.0-r1

Porteus Kiosk version 20180311

- upgraded to linux-4.14.25

- upgraded to: sqlite-3.22.0, util-linux-2.30.2-r1, xorg-server-1.19.5-r1, xset-1.2.4, xsetroot-1.1.2

- kiosk fix default to first proxy IP in case when multiple proxies are returned for automatic proxy configuration (proxy PAC files) for cli utilities respecting 'http_proxy=' variable

- kiosk fix rotate touch input if at least one screen is rotated

- upgraded to: opus-1.2.1

- security fix icedtea-bin-3.7.0: Multiple vulnerabilties #649968

Porteus Kiosk version 20180225

- security fix rsync-3.1.3: Security bypass vulnerability (CVE-2018-5764) #646818

- upgraded to: cairo-1.14.12, dhcpcd-6.11.5, glibc-2.25-r10, hwids-20171003, rsyslog-8.32.0-r3, sqlite-3.21.0

- upgraded to google-chrome-64.0.3282.186

- upgraded to poppler-0.62.0-r1

Porteus Kiosk version 20180208

- upgraded to linux-4.14.18

- downgraded to intel-microcode-20171117-r1 as per Intel recommendations #646646

- upgraded to adobe-flash-28.0.0.161

Porteus Kiosk version 20180206

- upgraded to linux-4.14.17

- security fix curl-7.58.0: multiple vulnerabilities (CVE-2018-1000005, CVE-2018-1000007) #645698

- upgraded to: libfastjson-0.99.8, rsyslog-8.32.0-r1, eudev-3.2.5

IMPORTANT:

This release brings mitigations against web-exploitable Spectre flaw enabled on the application level.

- major Chrome upgrade upgraded to google-chrome-64.0.3282.140

- kiosk fix make stunnel aware of 'proxy_exceptions=' parameter when connecting to PK Server

- kiosk fix fixed 'managed_bookmarks=' parameter being ignored in the PCID section of remote config

- new feature list SDIO devices in the debug report

- upgraded to wireless-regdb-20171223-r1

Porteus Kiosk version 20180125

- upgraded to linux-4.14.15

- kernel config: enabled retpoline support. Spectre V2 mitigation is still not complete as we are waiting on GCC compiler update from upstream (Spectre V1 is not even touched yet).

- security fix gdk-pixbuf-2.36.11: Integer overflow in io-gif.c:gif_get_lzw() can lead to memory corruption and potential code execution (CVE-2017-1000422) #644770

- security fix libidn-1.33-r2: Integer overflow results in denial of service (CVE-2017-14062) #631130

- upgraded to: kmod-24, glib-2.52.3, libxml2-2.9.7, adwaita-icon-theme-3.24.0, at-spi2-core-2.24.1, atk-2.24.0, pango-1.40.14, at-spi2-atk-2.24.1

- critical security fix mozilla-firefox-52.6.0. Changelog: link

- upgraded to: remmina-1.2.0_rc24, vte-0.48.4

- upgraded to adobe-flash-28.0.0.137

- added corefonts-1-r7

- security fix qpdf-7.0.0: multiple infinite loop (CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, CVE-2017-11627, CVE-2017-9208, CVE-2017-9209, CVE-2017-9210) #626446

- upgraded to cups-filters-1.17.9

- upgraded to icaclient-13.8.0.10299729

Porteus Kiosk version 20180110

IMPORTANT:

This system revision fixes Meltdown attack for the Intel CPUs (AMD is not affected) and partially mitigates Spectre vulnerability for the Firefox browser. Chrome users should enable Site Isolation for Chrome 63.x using 'browser_preferences=' parameter unless they are affected by some known issues of this feature (thats why enterprise policies are not enabled by default).

More patches to come as Meltdown/Spectre bugs are still a work in progress. Pushing what we have right now as first exploits are available publicly already.

Tagged as Porteus Kiosk 4.6.0 release

Wizard 4.6.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

- enabled busybox applet: strings

- major kernel upgrade upgraded to linux-4.14.13

- kernel config: compiled Intel and AMD microcode directly into kernel so its loaded early in the booting process (required for Haswell CPUs and never)

- upgraded to intel-microcode-20180108

- upgraded to expat-2.2.5, iptables-1.6.1-r2, libpcre-8.41-r1, lm_sensors-3.4.0_p20170901, xfsprogs-4.14.0

- upgraded to google-chrome-63.0.3239.132

- critical security fix mozilla-firefox-52.5.3. Changelog: link

- new feature make sure kernel version matches kernel modules version before performing system upgrade

- moved wifi firmware to 000-kernel.xzm module

Porteus Kiosk version 20171226

- upgraded to sqlite-3.20.1-r1, gdk-pixbuf-2.36.10-r2, gtk+-3.22.19, hicolor-icon-theme-0.17, libdrm-2.4.88, libgudev-232, libusb-1.0.21, libxml2-2.9.6, llvm-4.0.1-r1, mesa-17.2.7, pango-1.40.12, procps-3.3.12-r1, shared-mime-info-1.9, timezone-data-2017c

- upgraded to google-chrome-63.0.3239.108

- kiosk fix make full persistence working when kiosk is installed on NVME devices

- kiosk fix skip gateway check for modem connections

- kiosk fix for dialup connections default to first MAC address found (even from wired NIC) when reporting to PK Server as ppp0 interface does not have a MAC addess itself

- major flashplayer upgrade upgraded to adobe-flash-28.0.0.126

Porteus Kiosk version 20171212

- security fix openssl-1.0.2n: multiple vulnerabilities (CVE-2017-{3737,3738}) #640172

- security fix rsync-3.1.2-r2: Multiple vulnerabilities (CVE-2017-{17433,17434}) #640570

- security fix harfbuzz-1.7.2: Use-of-uninitialized-value in OT::RangeRecord::cmp #621644

- critical security fix mozilla-firefox-52.5.2. Changelog: link

- kiosk fix switched i915 Mesa (3D) driver from gallium to classic version as gallium one causes Firefox tabs to crash on Intel Alviso (gen3) GPUs on certain websites, e.g. https://www.seznam.cz

Porteus Kiosk version 20171210

- security fix curl-7.57.0: Multiple vulnerabilities (CVE-2017-8816, CVE-2017-8817, CVE-2017-8818) #638734

- security fix libXfont2-2.0.3: Open files with O_NOFOLLOW (symlink attack) (CVE-2017-16611) #639064

- security fix libXcursor-1.1.15: Heap overflows when parsing malicious files (CVE-2017-16612) #639062

- security fix libxslt-1.1.30: integer overflow (CVE-2017-5029) #612194

- upgraded to elfutils-0.170-r1, gmp-6.1.2, html-xml-utils-7.1, libdrm-2.4.82, mesa-17.1.10

- added xvkbd-3.8

- major Chrome upgrade upgraded to google-chrome-63.0.3239.84

- kiosk fix mirror the screens properly when 'screen_settings=' parameter is used

- kiosk fix source (rather than execute) 'persistence' script in rc.S to make sure it completes before moving to runlevel 3

- kiosk fix allow flash content by default on all websites for Chrome browser

- security fix poppler-0.57.0-r1: Null pointer dereference in the JPXStream::readUByte function #619558

- upgraded to hplip-3.17.10-r1, python-2.7.14-r1

Porteus Kiosk version 20171126

- Mention 'Win32DiskImager' and 'dd' utilities directly in the 'Error - kiosk data not found' info

- recompiled with gcc-6.4.0

- security fix rsync-3.1.2-r1: Heap-based buffer over-read in receive_xattr function (CVE-2017-16548) #636714

- upgraded to coreutils-8.28-r1, gcc-6.4.0, logrotate-3.13.0

- new feature added 'search for printer' function to the printer list in the wizard

- security fix adobe-flash-27.0.0.187: Multiple vulnerabilities (CVE-2017-11213, CVE-2017-11215, CVE-2017-11225, CVE-2017-3112, CVE-2017-3114) #637630

- security fix openssh-7.5_p1-r3: sftp-server was incorrectly permitting creation of zero-length files #633428

- security fix lcms-2.9: Heap-buffer-overflow in TetrahedralInterpFloat #628478

- upgraded to hplip-3.17.10

Porteus Kiosk version 20171112

- copy modules to RAM one by one rather than in parallel, it should resolve occasional MD5 sum mismatches seen on some devices

- upgraded to linux-4.12.14

- security fix openssl-1.0.2m: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) #636264

- upgraded to glibc-2.25-r9, util-linux-2.30.2

- major Chrome upgrade upgraded to google-chrome-62.0.3202.89

- kiosk fix disabled "Control + left mouse click" and "Control + Shift + left mouse click" shortcuts as they open URLs as new tabs. This is unwanted when navigation bar is disabled.

- kiosk fix disabled 'captive portals check' function for Firefox as it slows down booting for offline kiosks (browser waits till connection times out)

- security fix icedtea-bin-3.6.0: Multiple vulnerabilties #636522

- security fix sane-backends-1.0.27: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server (CVE-2017-6318) #622422

- upgraded to libieee1284-0.2.11-r6, python-2.7.14

Porteus Kiosk version 20171030

- security fix net-misc/wget-1.19.1-r2: multiple vulnerabilities (CVE-2017-13089, CVE-2017-13090) #635496

- security fix curl-7.56.1: IMAP FETCH response out of bounds read (CVE-2017-1000257) #635140

- security fix libXfont2-2.0.2: multiple vulnerabilities (CVE-2017-13720, CVE-2017-13722) #634044

- upgraded to libidn-1.33-r1

- kiosk fix determine IP address and MAC of default NIC just before sending data to the server

- upgraded to adobe-flash-27.0.0.183

Porteus Kiosk version 20171023

- security fix xorg-server-1.19.5: multiple vulnerabilities (CVE-2017-13721, CVE-2017-13723) #633910

- upgraded to e2fsprogs-libs-1.43.6, e2fsprogs-1.43.6, gnutls-3.5.15, xinit-1.3.4-r3

- critical security fix mozilla-firefox-52.4.1. Changelog: link

- new feature set window title in PS1 prompt, helps finding e.g. to which kiosk you are connected over ssh

- security fix wpa_supplicant-2.6-r3: WPA packet number reuse with replayed messages and key reinstallation #634436

- upgraded to adobe-flash-27.0.0.170

- security fix perl-5.24.3: multiple vulnerabilities (CVE-2017-12837, CVE-2017-12883) #630610

Porteus Kiosk version 20171011

- kernel config: compiled pinctrl drivers directly into kernel otherwise its not possible to initialize some MMC devices and boot from them

- upgraded to baselayout-2.4.1-r2, coreutils-8.26, libbsd-0.8.6, logrotate-3.12.3-r1, oxygen-gtk-1.4.6-r1

- new feature play sound when battery capacity reaches 10% and display notification with emergency status (must be clicked to disappear)

- upgraded to noto-20170403

- security fix poppler-0.57.0: buffer over-read in the GfxImageColorMap::getGray function (CVE-2017-9865) #627390

- upgraded to cups-filters-1.16.4, libieee1284-0.2.11-r5

Porteus Kiosk version 20170927

- kiosk fix wait 20 seconds and if gateway is not found during boot then start network initialization script once again to catch all devices which are slow to initialize, e.g. usb wifi dongles

- kiosk fix remove 'new tab' button from Firefox interface when address bar is disabled

Porteus Kiosk version 20170914

- major kernel upgrade upgraded to linux-4.12.12

- security fix libtasn1-4.12-r1: Denial of Service Vulnerability (NULL pointer dereference) (CVE-2017-10790) #627014

- security fix gdk-pixbuf-2.36.9: multiple vulnerabilities (CVE-2017-6311, CVE-2017-6312, CVE-2017-6313, CVE-2017-6314) #611390

- new feature added 'show desktop' launcher to Server/Cloud/ThinClient systems by default

- security fix libgcrypt-1.8.1: Side channel attack on Curve25519 (CVE-2017-0379) #629160

- major flashplayer upgrade upgraded to adobe-flash-27.0.0.130

- upgraded to icedtea-bin-3.5.1

Porteus Kiosk version 20170831

Tagged as Porteus Kiosk 4.5.0 release

Wizard 4.5.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

- upgraded to linux-4.9.45

- security fix curl-7.55.0: Multiple vulnerabilities (CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101) #626776

- security fix libpcre-8.41: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) (CVE-2017-7245, CVE-2017-7246) #614052

- security fix libxml2-2.9.4-r3: Missing validation for external entities in xmlParsePEReference (CVE-2017-7375) #623206

- upgraded to openssl-1.0.2l

- major Chrome upgrade upgraded to google-chrome-60.0.3112.113

- kiosk fix keep bookmarks visible in Firefox when managed bookmarks are enabled and navigation bar is set to autohide

- kiosk fix parameter 'client_id=automatic' wont cause new ID to be assigned to the client when default NIC (MAC address) changes

- new feature run wpa_supplicant against all available wireless network interfaces and not only the first one. This is handy e.g. if your internal wifi card does not work (hardware failure, weak connection, mising driver/firmware) and you want to use a wifi dongle.

- new feature Kiosk Wizard: present available network interfaces in a dropdown list which makes easier to find interface names

- security fix libpcre2-10.30: pcre2_match.c out of bounds write (CVE-2017-8399) #617944

- upgraded to freerdp-2.0.0_rc0, net-misc/remmina-1.2.0_rc19

- security fix openjpeg-2.2.0: Multiple vulnerabilities (CVE-2016-1626, CVE-2016-1628, CVE-2016-9112) #602180

- upgraded to dbus-python-1.2.4

Porteus Kiosk version 20170816

- security fix shadow-4.5: newusers tool could be made to manipulate internal data structures (CVE-2017-12424) #627044

- upgraded to ca-certificates-20161130.3.30.2, libfastjson-0.99.6, rsyslog-8.28.0

- upgraded to adobe-flash-26.0.0.151

Porteus Kiosk version 20170808

- upgraded to linux-4.9.41

- upgraded to libwacom-0.25, pacparser-1.3.7, nettle-3.3-r2

- critical security fix mozilla-firefox-52.3.0. Changelog: link

- upgraded to wpa_supplicant-2.6-r2

- added wifi firmware needed for Surface Pro 4 laptop

- new feature disable system-tray applet for Remmina, this is needed for auto looping Remmina connections

Porteus Kiosk version 20170729

- enabled busybox applet: setsid

- upgraded to linux-4.9.40

- upgraded to pepperflash-26.0.0.137

- kiosk fix do not override existing user.js when adding Firefox preferences through 'browser_preferences=' parameter

- kiosk fix rotate touch with 2 seconds delay after rotating the screen otherwise some touchscreens wont rotate the touch input properly

- kiosk fix full persistence: do not overwrite hash file for PepperFlash as it may be upgraded in the background by Chrome

- new feature start tunneling service as a daemon so its not restarted when Xorg session is closed or system runlevel is changed

- upgraded to icaclient-13.6.0.10243651

This release fixes few issues like standalone Receiver application crashing upon start and smartcards not being redirected to Ctirix session properly.

Porteus Kiosk version 20170718

- upgraded to linux-4.9.38, intel-microcode-20170707

- security fix elfutils-0.169-r1: multiple vulnerabilities (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613) #618004

- upgraded to libpng-1.6.29, sqlite-3.19.3, xfsprogs-4.9.0, harfbuzz-1.4.6-r2, libgudev-231, pango-1.40.6, gtk+-3.22.16

- upgraded to vte-0.46.2

- security fix adobe-flash-26.0.0.137: multiple vulnerabilities (APSB17-21, CVE-2017-3080, CVE-2017-3099, CVE-2017-3100) #624620

Porteus Kiosk version 20170706

- display 'Device not ready' message not earlier than 10 seconds after boot

- upgraded to linux-4.9.35, intel-microcode-20170511

- upgraded to dbus-glib-0.108, liblogging-1.0.6, rsyslog-8.27.0-r1

- major Chrome upgrade upgraded to 59.0.3071.115

- kiosk fix removed 16 characters password limit for the 'session_password=' parameter

- kiosk fix enable capture channels for the microphone during system start

- kiosk fix toggle tabs function should not prevent restarting the browser when 'session_idle_forced=' parameter is used

- added more brcm sdio firmware

- security fix libgcrypt-1.7.8: flush+reload side-channel attack on RSA secret keys: "Sliding right into disaster" (CVE-2017-7526) #623006

Porteus Kiosk version 20170621

- upgraded to linux-4.9.33

- security fix curl-7.54.0: --write-out out of buffer read (CVE-2017-7407) #615870

- security fix expat-2.2.1: External entity infinite loop DoS (CVE-2017-9233) #622046

- security fix glibc-2.23-r4: arbitrary code execution through crafted LD_LIBRARY_PATH values (CVE-2017-1000366) #622220

- security fix ntp-4.2.8_p10: multiple vulnerabilities (CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464) #613550

- security fix tigervnc-1.8.0: multiple vulnerabilities (CVE-2017-7392, CVE-2017-7393, CVE-2017-7394, CVE-2017-7395, CVE-2017-7396) #614742

- critical security fix mozilla-firefox-52.2.0. Changelog: link

- new feature removed shutdown, reboot and sleep options from the bottom panel's 'exit menu' of the Cloud and ThinClient systems. If you need to have them present then please add 'shutdown_menu=yes' parameter to your kiosk config.

- upgraded to wpa_supplicant-2.6-r1

- security fix libgcrypt-1.7.7: Possible timing attack on EdDSA session key #621218

- upgraded to adobe-flash-26.0.0.131

- security fix openssh-7.5_p1: Multiple Vulnerabilities (CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012) #603100

- security fix jbig2dec-0.13-r4 : multiple integer overflow (CVE-2017-7885, CVE-2017-7975, CVE-2017-7976) #616464

- security fix gnutls-3.5.13: Crash upon receiving well-formed status_request extension #622038

- security fix ghostscript-gpl-9.21 : Memory corruption / type confusion (CVE-2017-8291) #616814

Porteus Kiosk version 20170607

- upgraded to linux-4.9.31

- security fix bzip2-1.0.6-r8: heap use after free in bzip2recover (CVE-2016-3189) #620466

- upgraded to logrotate-3.12.2, libdrm-2.4.80, libevdev-1.5.7, xkbcomp-1.4.0, libxkbcommon, mesa-17.0.6, libepoxy-1.4.2, xorg-server-1.19.3, xf86-video-amdgpu-1.3.0, xf86-video-nouveau-1.0.15, xf86-video-openchrome-0.6.0, xf86-video-intel-2.99.917_p20170313, xf86-video-ati-7.9.0

- security fix icu-58.2-r1 : heap overflow (CVE-2017-7867, CVE-2017-7868) #616468

- security fix perl-5.24.1-r2: chmod() logic in rmtree() and remove_tree() functions can be abused (CVE-2017-6512) #620304

- security fix libtasn1-4.10-r2: asn1_find_node() based stackoverflow (CVE-2017-6891) #619686

- upgraded to cups-filters-1.13.5

Porteus Kiosk version 20170526

Tagged as Porteus Kiosk 4.4.0 release

Wizard 4.4.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

- enabled busybox applet: stat

- upgraded to linux-4.9.30

- security fix freetype-2.8: multiple overflows (CVE-2016-10328, CVE-2017-7857, CVE-2017-7858, CVE-2017-7864, CVE-2017-8105, CVE-2017-8287) #616730

- upgraded to gtk+-3.22.15, libjpeg-turbo-1.5.1, rsyslog-8.26.0-r1

- major Chrome upgrade upgraded to 58.0.3029.110

- critical security fix mozilla-firefox-52.1.2. Changelog: link

- kiosk fix timeout connecting to the server after 60 seconds when trying to download files from it. Kiosk can still boot even is server in not accessible at the moment.

- new feature start screensaver immediately when idle time is set to 0

- new feature added support for storing SSL certificate on the server through the 'import_certificates=server://certificate.crt' parameter

- new feature added proxy auto configuration support for stunnel so clients behind proxy can connect to Porteus Kiosk Server

- upgraded to libssh-0.7.4

- security fix icedtea-bin-3.4.0: Multiple vulnerabilties (CVE-2017-{3509,3511,3512,3514,3526,3533,3539,3544}) #618874

- added crippled 'java-config' utility to keep java plugin quiet in the logs

- security fix tiff-4.0.8: Multiple Vulnerabilities (CVE-2017-7592, CVE-2017-7593, CVE-2017-7594) #618610

- upgraded to gnutls-3.5.12

- added libunistring-0.9.7

Porteus Kiosk version 20170513

- upgraded to linux-4.9.27

- kiosk fix use hp backend for HP printers connected directly to kiosk

- kiosk fix decorate Chrome popup windows by default so its possible to close them

- kiosk fix ignore lines starting with space/tabs in kiosk config as they break PCID sections

- new feature enable CloudPrinting by default for Cloud/ThinClient variants with Chrome browser

- upgraded to spice-gtk-0.33-r2

- upgraded to adobe-flash-25.0.0.171

Porteus Kiosk version 20170506

- upgraded to linux-4.9.25

- kernel config: compiled nvme driver directly into kernel so its possible to install kiosk on NVME devices, added support for loading Intel/AMD microcode by the kernel

- added microcode firmware needed by some Intel/AMD CPUs

- security fix dbus-1.10.16: two symlink attacks #611392

- security fix feh-2.18.3: Integer overflow in wallpaper.c while receiving an IPC message (CVE-2017-7875) #616470

- security fix nss-3.29.5: Out-of-bounds write in Base64 encoding in NSS (CVE-2017-5461) #616032

- upgraded to apulse-0.1.10, gdk-pixbuf-2.36.6, pango-1.40.5, gtk+-3.22.12

- kiosk fix regenerate playlist and restart screensaver slideshow when online zip archive was updated

- kiosk fix refresh ripples screensaver every 10 minutes to avoid background picture distortions

- kiosk fix process only connected displays for 'screen_settings=' parameter

- kiosk fix display a warning message and skip installation/reconfiguration/upgrade if generated kiosk ISO is larger than system partition (900 MB)

- upgraded to usbredir-0.7.1_p20170503

Porteus Kiosk version 20170422

- upgraded to harfbuzz-1.4.5

- added apulse-0.1.9

- major Firefox ESR release mozilla-firefox-52.1.0 changelog: 46.0 47.0 48.0 49.0 50.0 51.0 52.0

- upgraded to adobe-flash-25.0.0.148

- upgraded to perl-5.24.1-r1

Porteus Kiosk version 20170408

- upgraded to linux-4.9.21

- upgraded to atk-2.22.0, ethtool-4.8, gdk-pixbuf-2.36.5, glib-2.50.3-r1, hwids-20170328, libnotify-0.7.7, llvm-3.9.1-r1, nettle-3.3-r1, pango-1.40.4, rsyslog-8.24.0-r2, sqlite-3.17.0

- upgraded to google-chrome-57.0.2987.133

- kiosk fix fixed the case when 'persistence=none' parameter was preventing the booting media to be powered off

- upgraded to at-spi2-core-2.22.1, at-spi2-atk-2.22.0, adwaita-icon-theme-3.22.0, gtk+-3.22.11, vte-0.46.1

- added libpcre2-10.22

- upgraded to gutenprint-5.2.12, foomatic-db-4.0.20170331

Porteus Kiosk version 20170328

- new feature added support for 'kernel_parameters=boot_from_usb' which forces booting the system from removable device even if second kiosk installation is available on the hard drive. This is useful e.g. if you want to test new kiosk version on specific PC using usb stick before updaing main system installation on the hard drive.

- upgraded to linux-4.9.17

- security fix wget-1.19.1-r1: CRLF injection in the url_parse function in url.c (CVE-2017-6508) #612326

- security fix freetype-2.7.1-r2: parse_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name #612192

- security fix libpcre-8.40-r1: OOB read / application crash (CVE-2017-6004) #609592

- major Xorg upgrade upgraded xorg-server to version 1.19.2 and bumped whole Xorg stack: libdrm-2.4.75, libevdev-1.5.6, xkeyboard-config-2.20, libICE-1.0.9-r1, libxcb-1.12-r2, libXfont2-2.0.1, libX11-1.6.5, libXi-1.7.9, mesa-13.0.5, xauth-1.0.10, libepoxy-1.4.1, cairo-1.14.8, xorg-server-1.19.2, xf86-video-r128-6.10.2, xf86-video-vmware-13.2.1, xf86-video-trident-1.3.8, xf86-video-amdgpu-1.2.0, xf86-video-openchrome-0.5.0, xf86-video-nouveau-1.0.13, xf86-video-tdfx-1.4.7, xf86-video-sisusb-0.9.7, xf86-video-glint-1.2.9, xf86-video-savage-2.3.9, xf86-input-synaptics-1.9.0, xf86-video-mga-1.6.5, xf86-video-sis-0.10.9, xf86-video-siliconmotion-1.7.9, xf86-video-qxl-0.1.5, xf86-video-chips-1.2.7, xf86-input-evdev-2.10.5, xf86-video-intel-2.99.917_p20170216, xf86-video-ati-7.8.0, libwacom-0.24, xf86-input-wacom-0.34.0

- upgraded to timezone-data-2017a, wmctrl-1.07-r2, xdotool-3.20150503.1-r1, tint2-0.12.12, rsyslog-8.24.0-r1

- added libxkbcommon-0.6.0, xf86-video-virtualbox

- major Chrome upgrade upgraded to google-chrome-google-chrome-57.0.2987.110

- kiosk fix copy client files recursively and bind two ports with one ssh command when initializing a tunnel to the PK Server. This is to avoid unnecessary connections and lower server overhead when multiple clients are starting at the same time.

- kiosk fix force opening Chrome on webpage(s) defined in the "RestoreOnStartupURLs" policy. This is to resolve an issue where Chrome started with a blank page when 'persistence=full' was enabled and kiosk was not shutdown cleanly, e.g. due to a power cut.

- kiosk fix set 'kiosk-printer' globally as default printer through the lpoptions command. Seems that Chrome-55.x and up respect this setting now instead of a local one included in the master preferences file.

- kiosk fix Alt-Home and Alt-KP_Home keyboard shortcuts are allowed when Chrome works with navigation bar disabled

- kiosk fix fixed the case where parameter 'shared_printer=no' was still initializing shared printing

- new feature all plugins for Chrome are enabled by default including "Widevine Content Decryption Module" so its possible to watch e.g. Netfilx movies

- new feature check if at least one video output is active in the VNC startup script, if not then create virtual mode with 1920x1080 size and assign it to a disconnected output. This way VNC service can work properly on kiosks which have no monitor attached.

- recompiled libssh with gcrypt and ssh1 support

- upgraded to libgpg-error-1.27-r1, libgcrypt-1.7.6

- upgraded to adobe-flash-25.0.0.127

Porteus Kiosk version 20170312

Tagged as Porteus Kiosk 4.3.0 release

Wizard 4.3.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

- upgraded to linux-4.9.14

- security fix shadow-4.4-r2: su: user can send SIGKILL with root privileges to other processes (CVE-2017-2616) #610804

- security fix nss-3.28: multiple vulnerabilities (CVE-2016-{5285,8635,9074}) #604916

- security fix curl-7.53.0: SSL_VERIFYSTATUS ignored (CVE-2017-2629) #610572

- upgraded to sqlite-3.16.2

- critical security fix mozilla-firefox-45.8.0. Changelog: link

- kiosk fix rotate /var/log/x11vnc.log every day so it wont grow in size too much

- kiosk fix skip system reconfiguration/upgrade if ISO is burned on an optical media

- kiosk fix skip system reconfiguration/upgrade if ISO was manually burned on a partition (e.g. /dev/sda1) while it should be burned on a device (e.g. /dev/sda)

- new feature use OpenDNS as secondary DNS server in the installation wizard for static IP configuration

- upgraded to wireless-regdb-20170307

- security fix lcms-2.8-r1: Out-of-bounds read in Type_MLU_Read() (CVE-2016-10165) #591452

- security fix jbig2dec-0.13-r1: Heap-buffer overflow due to Integer overflow in jbig2_image_new function #607188

- upgraded to libtasn1-4.10

Porteus Kiosk version 20170219

- upgraded to linux-4.9.11

- upgraded to libbsd-0.8.3, gtk+-2.24.31-r1

- upgraded to adobe-flash-24.0.0.221

- security fix ghostscript-gpl-9.20-r1: Multiple vulnerabilities (CVE-2016-7976, CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602) #596576

- added openjpeg-2.1.1_p20160922

Porteus Kiosk version 20170211

- major kernel upgrade upgraded to linux-4.9.9

- security fix ntfs3g-2016.2.22-r2: incorrect filtering of environment variables leading to privilege escalation (CVE-2017-0358) #607912

- new feature added warning when there may be not enough RAM available on the PC to perform system installation. Kiosks with 512MB of RAM may fail the installation if there large in size components enabled, e.g. java.

- upgraded wifi firmware to match new kernel

- major flashplayer upgrade upgraded to adobe-flash-24.0.0.194

- security fix icedtea-bin-3.3.0: Multiple vulnerabilties (CVE-2016-{2183,5546,5547,5548,5549,5552}, CVE-2017-{3231,3241,3252,3253,3260,3261,3272,3289}) #607676

Porteus Kiosk version 20170129

- upgraded to linux-4.4.45

- security fix openssl-1.0.2k: Multiple vulnerabilities (CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732) #607318

- security fix lua-5.1.5-r4: overflow flaw in vararg functions (CVE-2014-5461) #520480

- upgraded to kmod-23, util-linux-2.28.2

- major Chrome upgrade upgraded to google-chrome-55.0.2883.87

- critical security fix mozilla-firefox-45.7.0. Changelog: link

- kiosk fix removed obsolete Chrome policies: DisableSpdy, DnsPrefetchingEnabled

- new feature activate 'serial' backend for CUPS as some usb printers require it for direct connection

- new feature if kiosk installation fails then debug info will be displayed in the browser in order to help identifying the problem, e.g. I/O errors on target media

- security fix opus-1.1.3-r1: Memory corruption during media file and data processing (CVE-2017-0381) #605894

- security fix libvncserver-0.9.11: multiple vulnerabilities (CVE-2016-9941, CVE-2016-9942) #605326

- upgraded to openldap-2.4.44

Porteus Kiosk version 20170115

- upgraded to linux-4.4.42

- security fix glibc-2.23-r3: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption #576726

- security fix libxml2-2.9.4-r1: NULL pointer deref in XPointer range-to #597116

- security fix ibpng-1.6.27: NULL pointer dereference (CVE-2016-10087) #604082

- upgraded to ca-certificates-20161102.3.27.2-r2, acpid-2.0.28, libfastjson-0.99.4, zlib-1.2.11, logrotate-3.11.0, curl-7.52.1-r1, libva-1.7.3, libva-intel-driver

- security fix fmpeg-2.8.10: multiple vulnerabilities #596760

- kiosk fix configure input devices first and then screen settings so rotated touchscreen devices are calibrated properly

- kiosk fix set hostname before starting rsyslog so proper kiosk hostname is saved in the logs (especially important when logs are transported to Kiosk Server)

- new feature paramter 'client_id=automatic' will automatically asign the client ID to the kiosk - no need for manual configuration. Following range will be used for automatic IDs: 2000 - 4999.

- security fix gnutls-3.3.26: two memory corruption vulnerabilities (CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, GNUTLS-SA-2017-1, GNUTLS-SA-2017-2) #605238

Porteus Kiosk version 20161229

- upgraded to linux-4.4.39

- security fix curl-7.52.1: uninitialized random (CVE-2016-9594) #603574

- upgraded to alsa-lib-1.1.2, alsa-utils-1.1.2, conky-1.10.4, lm_sensors-3.4.0_p20160725, stunnel-5.36

- added mtr-0.87

- critical security fix mozilla-firefox-45.6.0. Changelog: link

- new feature if bookmark name is not defined in the 'managed_bookmarks=' parameter and the page title is not available then default to the raw URL for the bookmark name

- upgraded to libnl-3.2.28

- upgraded to opus-1.1.3, freerdp-2.0.0_pre20161219

- security fix perl-5.22.3_rc4: unsafe module load path (CVE-2016-1238) #589680

- upgraded to libieee1284-0.2.11-r4, libtasn1-4.9-r1, sane-backends-1.0.25-r1

Porteus Kiosk version 20161212

- upgraded to linux-4.4.38

- security fix ntfs3g-2016.2.22 [-external-fuse]: incorrect filtering of environment variables could cause privilege escalation (CVE-2015-3202) #550970

- upgraded to e2fsprogs-1.43.3-r1, e2fsprogs-libs-1.43.3, feh-2.18, libpcre-8.39, ncurses-6.0-r1, procps-3.3.12

- kiosk fix fixed the list of foomatic drivers which was generated incorrectly for 4.2.0 release

- security fix ppp-2.4.7-r3: buffer overflow in radius plug-in's rc_mksid() (CVE-2015-3310) #546554

- upgraded to x11vnc-0.9.14_p20161013

- upgraded to qpdf-5.1.1-r1

Porteus Kiosk version 20161203

Tagged as Porteus Kiosk 4.2.0 release

Wizard 4.2.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

- upgraded to linux-4.4.36

- security fix expat-2.2.0-r1: Undefined behavior and pointer overflows (CVE-2016-4472) #585510

- security fix ntp-4.2.8_p9: Multiple vulnerabilities (CVE-2016-{7426,7427,7429,7428,7431,7434,7433,9310,9311,9312}) #600430

- upgraded to coreutils-8.25, libpng-1.6.25, rsyslog-8.19.0

- critical security fix mozilla-firefox-45.5.1. Changelog: link

- security fix icu-58.1: Stack based buffer overflow in locid.cpp (CVE-2016-7415) #594494

- security fix icedtea-bin-3.2.0: Multiple vulnerabilties (CVE-2016-{5542,5554,5568,5573,5582,5597}) #600224

- upgraded to x11vnc-0.9.14-r1

- security fix libtasn1-4.8: infinite loop while parsing DER certificates #579748

- security fix openldap-2.4.43: ber_get_next denial of service vulnerability #560424

- security fix python-2.7.12: smtplib StartTLS stripping attack (CVE-2016-0772) #585946

- security fix tiff-4.0.7: Multiple vulnerabilities #599746

Porteus Kiosk version 20161115

- upgraded to linux-4.4.32

- security fix curl-7.51.0: Multiple vulnerabilities (CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625) #597760

- upgraded to hwids-20161103, libXi-1.7.8, timezone-data-2016h

- major Chrome upgrade upgraded to google-chrome-54.0.2840.100

- critical security fix mozilla-firefox-45.5.0. Changelog: link

- kiosk fix disable 'C++' and 'C--' keyboard shortcuts properly when 'disable_zoom_controls=yes' parameter is used

- upgraded to libwebp-0.4.2, remmina-1.2.0_rc16, vte-0.44.3

- security fix adobe-flash-11.2.202.644: Multiple vulnerabilities (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865) #599204

- security fix openssh-7.3_p1-r7: Memory exhaustion due to unregistered KEXINIT handler after receiving message(CVE-2016-8858) #597360

- upgraded to cups-2.1.4, foomatic-db-4.0.20161101

Porteus Kiosk version 20161023

- upgraded to linux-4.4.27

- security fix libX11-1.6.4, libXfixes-5.0.3, libXi-1.7.7, libXrandr-1.5.1, libXrender-0.9.10, libXtst-1.2.3, libXv-1.0.11, libXvMC-1.0.10 - Multiple vulnerabilities #596182

- security fix dbus-1.10.12: format string vulnerability #596772

- security fix wpa_supplicant-2.6: Multiple vulnerabilities (CVE-2015-5310, CVE-2015-5315, CVE-2015-5316, CVE-2016-4477) #596042

- security fix adobe-flash-11.2.202.637: Multiple vulnerabilities (APSB16-32, CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992) #596896

- upgraded to icaclient-13.4.0.10109380-r1

Porteus Kiosk version 20161003

- kiosk fix recompiled xf86-video-intel driver without DRI3 support which causes issues on Intel Alviso (gen3) GPUs

- upgraded to cronbase-0.3.7-r4, gtkdialog-0.8.3-r2, mesa-12.0.3

- kiosk fix make parameter 'vga_driver=modesetting' working

Porteus Kiosk version 20161001

- upgraded to linux-4.4.23

- security fix openssl-1.0.2j: Multiple vulnerabilities (CVE-2016-6309, CVE-2016-7052) #595186

- upgraded to acpid-2.0.27, atk-2.20.0, cronbase-0.3.7-r3, cronie-1.5.0-r1, dhcpcd-6.11.3, fuse-2.9.7, gdk-pixbuf-2.34.0, glib-2.48.2, gtk+-2.24.31, harfbuzz-1.3.1, libgudev-230-r1, logrotate-3.10.0, pango-1.40.3, sqlite-3.13.0

- upgraded to at-spi2-atk-2.20.1, at-spi2-core-2.20.2, gtk+-3.20.9, libgpg-error-1.24, libsoup-2.54.1-r1, vte-0.44.2

- security fix openssh-7.3_p1-r6: Remote pre-auth crash #595342

- security fix gnutls-3.3.24-r1: OCSP validation issue (CVE-2016-7444) #594738

- upgraded to gmp-6.1.0, net-snmp-5.7.3-r5

Porteus Kiosk version 20160923

- security fix curl-7.50.3: escape and unescape integer overflows (CVE-2016-7167) #593716

- security fix openssl-1.0.2i: Multiple vulnerabilities (CVE-2016-2180, CVE-2016-2183, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308) #594500

- major Xorg upgrade upgraded xorg-server to version 1.18.4 and bumped whole Xorg stack: libdrm-2.4.70, libXdmcp-1.1.2-r1, pixman-0.34.0, libevdev-1.5.2, libxcb-1.12, libXfixes-5.0.2, libXi-1.7.6, xkbcomp-1.3.1, xkeyboard-config-2.17, xrandr-1.5.0, mesa-12.0.1, mesa-progs-8.3.0, xorg-server-1.18.4, xf86-video-r128-6.10.1, xf86-input-evdev-2.10.3, xf86-video-amdgpu-1.1.0, xf86-input-synaptics-1.8.3, xf86-video-nouveau-1.0.12, xf86-input-aiptek-1.4.1-r1, xf86-video-openchrome-0.4.0, xf86-video-intel-2.99.917_p20160621-r1, xf86-video-ati-7.7.0, xf86-input-wacom-0.33.0

- added libbsd-0.8.2

- upgraded to google-chrome-53.0.2785.116

- critical security fix mozilla-firefox-45.4.0. changelog: link

- security fix adobe-flash-11.2.202.635 Multiple vulnerabilities (APSB16-29) #593684

Porteus Kiosk version 20160914

- upgraded to linux-4.4.20

- security fix curl-7.50.2: Incorrect reuse of client certificates (CVE-2016-7141) #592974

- major Chrome upgrade upgraded to google-chrome-53.0.2785.113

- kiosk fix make sure SSH tunnel connection is established fully before trying to download remote config from Porteus Kiosk Server

- upgraded to noto-20160531

- upgraded to perl-5.22.2

Porteus Kiosk version 20160904

Tagged as Porteus Kiosk 4.1.0 release

Wizard 4.1.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

- upgraded to linux-4.4.19

- upgraded to libestr-0.1.10

- kiosk fix clients behind the proxy can connect to Porteus Kiosk Server properly

- new feature screensaver slideshow will sort the pictures according to their filename

- upgraded to gutenprint-5.2.11

Porteus Kiosk version 20160819

- upgraded to linux-4.4.18

- security fix curl-7.50.1: multiple vulnerabilities #590482

- upgraded to dejavu-2.37

- kiosk fix keep cron logs in a separate file so they wont be flooding main system log

- kiosk fix disabled geolocation and OCSP services for Firefox as they make troubles for kiosks which uses proxies with authentication (long wait for a timeout when connecting to Mozilla services)

- new feature report kernel version to the Server

- security fix icedtea{,-bin}-{7.2.6.7,3.1.0}: Multiple vulnerabilties (CVE-2016-{3458,3485,3500,3508,3550,3587,3598,3606,3610}) #590590

- security fix nettle-3.2-r1 : RSA code is vulnerable to cache-timing related attacks #590484

Porteus Kiosk version 20160806

- enabled busybox applet: mktemp

- do not start splash if 'debug' kernel parameter is used

- upgraded to linux-4.4.16

- added c_rehash-1.7-r1, hicolor-icon-theme-0.15

- upgraded to hwids-20160801, timezone-data-2016e

- upgraded to google-chrome-52.0.2743.116

- critical security fix mozilla-firefox-45.3.0. changelog: link

- kiosk fix escape '?' character for Firefox's whitelist/blacklist functions so URLs containing this characters are handled correctly

- kiosk fix make sure that ssh tunnel was established properly before forwarding client's data to the Server. This is to avoid 'password not found' error which could appear when establishing VNC connection from Administration Panel to the client.

- added sane-backends-1.0.24-r6, net-snmp-5.7.3-r3

- recompiled hplip with scanner and fax support

- upgraded to poppler-0.45.0

- new feature linked /opt/Citrix/ICAClient/keystore/cacerts directory to /etc/ssl/certs so system certificates could be used

Porteus Kiosk version 20160724

- upgraded to linux-4.4.15

- upgraded to llvm-3.7.1-r3

- major Chrome upgrade upgraded to google-chrome-52.0.2743.82

- kiosk security fix do not mount removable device and start the browser if session is locked by the "session password" window

- kiosk security fix blocked Shift+Enter key combination by default as it was opening a new Firefox window when user clicked on download link and then pressed Shift+Enter

- kiosk fix browser idle: prevent very first browser restart if no user activity was detected

- kiosk fix update DNS properly when dialup connection is used

- kiosk fix block 'Ctrl+p' key combination if printing component is not enabled

- kiosk fix stunnel: reduced logging level from "warning" to "critical" to get rid of warning entries flooding the log when remote server is down

- new feature enable bootsplash by default for post installation ISO

- new feature default search engine is set to Google, you may change it to DuckDuckGo with 'search_engine=duckduckgo' parameter

- new feature shutdown menu: restart session is back, all services are aware that Xorg session can be restarted

- new feature browser idle: notify the user that user activity was detected and session wont be restarted

- security fix adobe-flash-11.2.202.632 - Multiple vulnerabilities (CVE-2016-{4217,4218,4219,4220,4221,4222,4223,4224,4225,4226,4227,4228,4229,4230,4231,4232,4233,4234,...,4249}) #588738

Porteus Kiosk version 20160710

- enabled busybox applet: eject

- security fix expat-2.1.1-r2: Using XML_Parse before rand() results in non-random output (CVE-2016-5300) #577928

- security fix libpcre-8.38-r1: stack buffer overflow for (*ACCEPT) with deeply nested parentheses #575546

- security fix openssl-1.0.2h-r2: Non-constant time codepath followed for certain operations in DSA implementation (CVE-2016-2178) #585276

- security fix wget-1.18: Lack of filename checking allows arbitrary file upload via FTP redirect (CVE-2016-4971) #585926

- security fix libjpeg-turbo-1.5.0: Out-of-Bounds Read via unusually long Blocks in MCU #585782

- added: json-c-0.12, libestr-0.1.9, liblogging-1.0.5, rsyslog-8.16.0-r1, startup-notification-0.12-r1

- upgraded to stunnel-5.34-r1

- new feature rsyslog replaces metalog as default logging daemon - its more configurable and supports remote logging

- new feature if association with Kiosk Server is enabled then bind remote rsyslog port locally (over SSL tunnel). System logs in severity warning and above will be logged on the Server side - useful for proactive support.

- new feature if hostname is not specified and if Kiosk Server association is enabled then use client_id as hostname

- new feature automatically eject optical disc after successful installation

- upgraded to wireless-regdb-20160610

- security fix gnutls-3.3.24: Certificate verification issue when used with the p11-kit trust module (GNUTLS-SA-2016-2) #588306

- recompiled poppler with cairo support

- upgraded to cups-2.1.3-r1

Porteus Kiosk version 20160625

- mention Win32DiskImager explicitly in the booting failure message

- upgraded to linux-4.4.14

- upgraded to gtk+-2.24.30, harfbuzz-1.2.7, libxml2-2.9.4, timezone-data-2016d

- upgraded to google-chrome-51.0.2704.106

- kiosk fix fixed character conversion issue for Citrix Receiver

- kiosk fix make sure that authorized_keys file was copied correctly from Porteus Kiosk Server

- kiosk fix add '--disable-pinch' to Chrome flags if 'disable_zoom=yes' parameter is used

- kiosk fix make signons work again for Chrome

- kiosk fix removed 'restart session' option from shutdown menu as its causing troubled in certain situations. Please use 'reboot' option instead.

- new feature kiosk config can be hosted on FTP servers

- new feature list touch devices in debug report

- security fix adobe-flash-11.2.202.626 - Critical vulnerability (CVE-2016-{4120,4171}) #586044

Porteus Kiosk version 20160610

- added quirk for nVidia GPUs

- upgraded to linux-4.4.13

- security fix expat-2.1.1-r1: Expat XML Parser Crashes on Malformed Input (CVE-2016-0718) #583268

- security fix ntp-4.2.8_p8: Multiple vulnerabilities (CVE-2016-{4953,4954,4955,4956,4957}) #584954

- security fix ntfs3g-2015.3.14 [-external-fuse]: incorrect filtering of environment variables could cause privilege escalation (CVE-2015-3202) #550970

- upgraded to cairo-1.14.6, dosfstools-4.0-r1, elfutils-0.166, nss-3.23, sysvinit-2.88-r9, xfsprogs-4.5.0

- major Chrome upgrade upgraded to google-chrome-51.0.2704.84

- critical security fix mozilla-firefox-45.2.0. changelog: link

- kiosk security fix if ssh service is enabled then allow login to Porteus Kiosk Server as kiosk user only from localhost interface (force using SSL tunnel)

- kiosk fix when multiple homepages are defined and 'homepage_check=' parameter is enabled then query only first homepage to prevent "homepage is not available" message

- kiosk fix fixed 'scheduled_actions=' parameter not working correctly when hour or minute was staring with '0' number (e.g. 09:04)

Porteus Kiosk version 20160528

Tagged as Porteus Kiosk 4.0.0 release

Wizard 4.0.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

- use 'uvesafb' driver to display splash screen during boot when native framebuffer driver is not available

- when booting fails show an info how to burn the kiosk ISO correctly on the usb sticks

- upgraded to linux-4.4.11

- security fix curl-7.49.0: TLS certificate check bypass with mbedTLS/PolarSSL (CVE-2016-3739) #583394

- upgraded to bzip2-1.0.6-r7, freetype-2.6.3-r1, hwids-20160421, libpng-1.6.21, procps-3.3.11-r3, pciutils-3.4.1, wget-1.17.1-r1

- kiosk security fix disabled access to four chrome:// facilities which slipped through our blacklist filter. Vulnerability reported by Blaze Information Security - thank you!

- kiosk fix enabled logging for x11vnc daemon

- added libertine-5.3.0.20120702-r2, noto-20160305-r1 packages

- upgraded to dejavu-2.35, liberation-fonts-2.00.1-r2

Porteus Kiosk version 20160519

- upgraded to linux-4.4.10

- security fix imlib2-1.4.9: integer overflow resulting in insufficient heap allocation #580038

- upgraded to glib-2.46.2-r3, kmod-22, timezone-data-2016c

- added dosfstools-4.0, mesa-progs-8.2.0

- upgraded to google-chrome-50.0.2661.102

- kiosk fix fixed installation on SD cards which broke after switching to the GRUB bootloader

- kiosk fix disabled 'horizontal overscroll' in Chrome as this feature may cause privacy concerns

- new feature added OpenGL info to debug report

- upgraded to crda-3.18-r1

- security fix adobe-flash-11.2.202.621 - many vulnerabilities (CVE-2016-{1096,1097,1098,1099,1100,1101,1102,1103,1104,1105,1106,1107,1108,1109,1110,...,4117}) #582670

- major Java upgrade upgraded to icedtea-bin-3.0.1 (java-1.8.x)

- upgraded to icedtea-web-1.6.1-r1

- security fix poppler-0.42.0: heap buffer overflow #579752

- recompiled tiff with jpeg support

- upgraded to foomatic-db-4.0.20160504

Porteus Kiosk version 20160505

- upgraded to linux-4.4.9

- security fix openssl-1.0.2h: Multiple vulnerabilities (CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176) #581234

- security fix mozilla-firefox-45.1.1

- upgraded to wireless-regdb-20160502

Porteus Kiosk version 20160501

- upgraded to linux-4.4.8

- security fix ntp-4.2.8_p7: multiple vulnerabilities #581528

- critical security fix mozilla-firefox-45.1.0. changelog: link

- upgraded to google-chrome-50.0.2661.94

- kiosk fix 'persistence=session' parameter should not depend on 'disable_private_mode=yes'

- kiosk fix allow for filepicker in Chrome when support for removable media is enabled

- new feature display /media location in the filepicker left side panel so its easier to find where removable media were mounted

- new feature enable shared VNC access by default

- security fix icedtea-bin-7.2.6.6: Multiple vulnerabilties (CVE-2016-{0686,0687,0695,3425,3427}) #581028

Porteus Kiosk version 20160417

- upgraded to busybox-1.24.2

- upgraded to linux-4.4.7

- kernel config: enabled x86_64 architecture by default - we are dropping support for 32bit CPUs. Enabled drivers for hardware monitoring, PVSCSI SCSI Controller and added support for POSIX Message Queues

- security fix glibc-2.22-r4: nss_dns: Stack overflow in getnetbyname implementation (CVE-2016-3075) #578602

- security fix sqlite-3.12.0: Buffer overread, buffer overflow, integer overflow #578940

- new feature upgraded userland (all kiosk modules) to 64bit architecture. We are droping support for 32bit CPUs.

- upgraded to gdk-pixbuf-2.32.3, libwacom-0.18, openbox-3.6.1, timezone-data-2016a, stunnel-5.30

- added lm_sensors-3.3.5, tslib-1.0-r3, xev-1.2.2, xf86-input-tslib-0.0.6-r3

- major Chrome upgrade upgraded to google-chrome-50.0.2661.75

- kiosk fix when in debug mode unset homepage_append parameter so debug report can be displayed in the browser correctly

- kiosk fix keep screensaver window on top when browser works with navigation bar disabled and is restarted by 'browser_idle=' parameter

- security fix adobe-flash-11.2.202.616 Arbitrary code execution vulnerability (APSA16-01, CVE-2016-1019) #579166

- security fix icedtea-bin-7.2.6.5: unspecified vulnerability (CVE-2016-0636) #578300

Porteus Kiosk version 20160318

- upgraded to linux-4.4.6-porteus

- security fix openssl-1.0.2g-r2: Multiple vulnerabilities (CVE-2016-{0702,0703,0704,0705,0797,0798,0799,0800}) #575548

- security fix ntp-4.2.8_p6: multiple vulnerabilities (CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158) #572452

- security fix sqlite-3.11.1: arbitrary code execution on databases with malformed schema, buffer overreads (CVE-2015-7036) #574420

- security fix nss-3.22.2 : multiple vulnerabilities (CVE-2016-{1950..1979}, CVE-2016-{2790..2802}) #576862

- security fix imlib2-1.4.7: multiple vulnerabilities (CVE-2014-9762) #572884

- added following packages: conky-1.9.0-r3, cronbase-0.3.7-r1, cronie-1.5.0, e2fsprogs-1.42.13, e2fsprogs-libs-1.42.13, fuse-2.9.4, gsimplecal-1.6, libpcre-8.38, logrotate-3.9.2, mc-4.8.14, metalog-3-r1, ncurses-5.9-r5, popt-1.16-r2, rsync-3.1.2, tint2-0.12.3, volumeicon-0.4.6, xcb-util-0.4.0, xf86-video-fbdev-0.4.4, xfsprogs-3.2.4

- upgraded to gtk+-2.24.29

- security fix ffmpeg-2.8.6: Multiple vulnerabilities (CVE-2016-{2213,2328,2329,2330}) #577458

- kiosk fix wizard: remote management 'test config' button downloads the config using wget and displays in gtkdialog window rather than the browser.

- security fix adobe-flash-11.2.202.577: Multiple vulnerabilities (APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010) #576980

- security fix openssh-7.2_p2: Multiple vulnerabilities (CVE-2016-1908, CVE-2016-3115) #576954

- security fix tiff-4.0.6: Buffer overflow (CVE-2013-4243) #484542

Porteus Kiosk version 20160310

- removed Broadcom BCM57780 quirk

- upgraded to linux-4.4.5

- upgraded to atk-2.18.0, glib-2.46.2-r2, gtk+-2.24.28-r1, harfbuzz-1.1.3, libnotify-0.7.6-r3, libxml2-2.9.3, pango-1.38.1

- major Firefox ESR release mozilla-firefox-45.0 changelog: 39.0 40.0 41.0 42.0 43.0 44.0 45.0

- new feature welcome wizard: display link quality info after AP name in the scanning result

- added missing mt7601u.bin firmware

Porteus Kiosk version 20160228

Tagged as Porteus Kiosk 3.7.0 release

Wizard 3.7.0 features: all new features implemented on the wizard level can be found here

Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.

Long live Porteus Kiosk!

- upgraded to linux-4.4.3-porteus.

- kiosk fix blacklist drm kernel modules when 'gpu_driver=vesa' parameter is used

Porteus Kiosk version 20160222

- do not load uvesafb as it broke with 4.4 kernel

- upgraded to linux-4.4.2-porteus. Moving early to kernel 4.4.x LTS as we need proper support for Intel Skylake processors.

- kernel config: added support for Microsoft Hyper-V virtualization platform

- security fix glibc-2.21-r2: stack overflow in getaddrinfo (CVE-2015-7547) #574880

- security fix dhcpcd-6.10.0: two vulnerabilities (CVE-2016-{1503,1504}) #571152

- upgraded to libva-1.6.2, libva-intel-driver-1.6.2

- kiosk fix fixed kiosk client -> Porteus Kiosk Server communication when ssh services are working on non default ssh port

- kiosk fix generate system report only once when debug mode is enabled

- upgraded to ca-certificates-20151214.3.21, wpa_supplicant-2.5-r1

- added liberation-fonts-2.00.1-r1 package

Porteus Kiosk version 20160214

- do not count modules when copying to RAM as we want quieter booting

- upgraded to linux-4.1.17

- kernel config: switched to UVESA which is a modern replacement for VESA

- security fix nss-3.21-r2: Weak RSA-MD5 signature allows attack on client certificate authentication (part of SLOTH attack), miscalculations in bignum lib (CVE-2015-7575, CVE-2016-1938) #571086

- added 'synclient' utility so its possible to configure touchpads

- added following packages: v86d-0.1.10, fbv-1.0b

- upgraded to libusb-1.0.19-r1, timezone-data-2015g

- critical security fix mozilla-firefox-38.6.1. changelog: link

- kiosk fix managed bookmarks: if bookmark title is not discovered automatically then use URL as a title instead of the generic 'Bookmark' name

- kiosk fix eliminated fault conditions when underscore sign was used in kiosk parameters

- new feature 'import_certificates=' parameter: added support for downloading and injecting standalone certificate to browser cert8.db/cert9.db. Sample: import_certificates=http://domain.com/files/certificate-1.crt http://domain.com/files/certificate-2.crt

- upgraded to wireless-regdb-20160208

- security fix adobe-flash-11.2.202.569 : Multiple vulnerabilities (APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985) #574284

- security fix nettle-3.2: Miscalculations of elliptic curve multiplications (CVE-2015-8803,CVE-2015-8804,CVE-2015-8805) #573646

Porteus Kiosk version 20160129

- upgraded to linux-4.1.16

- security fix openssl-1.0.2f: Multiple vulnerabilities (CVE-2015-3197,CVE-2016-0701) #572854

- critical security fix mozilla-firefox-38.6.0. changelog: link

- security fix ffmpeg-2.8.5: stealing local files with HLS+concat (CVE-2016-{1897,1898}) #571868

- kiosk fix kill hhpc process properly when exiting screensaver slideshow/video

- kiosk fix fixed touchscreen calibration/rotating for touch controllers which reports two input devices (e.g. PQLabs EN320006897)

- new feature disabled system notification messages in order to achieve quiet boot and shutdown. Messages appears only when there is an issue or when kiosk reconfigures/upgrades itself.

- upgraded to usb_modeswitch-2.2.6

- security fix icedtea-bin-7.2.6.4: Mulitple vulnerabilities (CVE-2015-{7575,8126,8472}, CVE-2016-{0402,0448,0466,0483,0494}) #572716