Real time changelog for Porteus Kiosk clients


Each new system version (like e.g. 20140605) triggers an action on the client side to pull updated component from our update servers. After short downtime the system is ready to use with all security fixes, updates and new features merged into the ISO. Everthing is done automatically without any user action.

Porteus Kiosk version 20241020

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.6.57, intel-microcode-20240910_p20240915, sof-firmware-2024.06

  • 001-core:

  • - security fix curl-8.9.1: ASN.1 date parser overread (CVE-2024-7264) #937125

    - upgraded to alsa-ucm-conf-1.2.12, libgpg-error-1.50, openssl-3.3.2, kmod-33, alsa-lib-1.2.12, libgcrypt-1.11.0, gnutls-3.8.7.1-r1, userspace-rcu-0.14.1, sqlite-3.46.1, alsa-utils-1.2.12, nss-3.101.2, systemd-utils-254.17, dhcpcd-10.0.10, libjpeg-turbo-3.0.3-r1, fontconfig-2.15.0-r1, harfbuzz-9.0.0, imlib2-1.12.3, pango-1.52.2, feh-3.10.3

  • 002-firefox:

  • - security fix mozilla-firefox-128.3.1 Changelog: link

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-130.0.6723.58

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20240508, tcl-8.6.14, libnl-3.10.0, wpa_supplicant-2.10-r5, iw-6.7

  • 005-thinclient.xzm:

  • - upgraded to libsodium-1.0.20, libssh-0.10.6-r1

  • 08-ssh.xzm:

  • - upgraded to openssh-9.8_p1-r2

  • 10-printing.xzm:

  • - security fix openjpeg-2.5.2: Heap-buffer-overflow in color.c:379:42 in sycc420_to_rgb (CVE-2021-3575) #832007

    - security fix cups-2.4.10-r1: Missing PPD attribute validation #940316

    - upgraded to libpaper-2.1.3, jbig2dec-0.20, libjpeg-turbo-3.0.3-r1, qpdf-11.9.1, lcms-2.16-r1, poppler-24.08.0

    Porteus Kiosk version 20240915

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.6.51, intel-microcode-20240813_p20240815, sof-firmware-2024.03

    - upgraded AMD CPU microcode to latest version from git

  • 001-core:

  • - security fix openssl-3.0.14: Checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603) #932317

    - security fix expat-2.6.3: multiple vulnerabilities (CVE-2024-45490, CVE-2024-45491, CVE-2024-45492) #938894

    - upgraded to libffi-3.4.6, nettle-3.10, libpcre2-10.44-r1, compose-tables-1.8.10, libX11-1.8.10, libXtst-1.2.5, logrotate-3.22.0, shadow-4.14.8, abseil-cpp-20240116.2-r4, libgudev-238-r2, libwacom-2.12.2, wayland-1.23.0-r1, libXfont2-2.0.7, speech-dispatcher-0.11.5, tigervnc-1.14.0-r1

  • 10-printing.xzm:

  • - security fix ghostscript-gpl-10.03.1: Multiple vulnerabilities (CVE-2023-52722, CVE-2024-29510, CVE-2024-33869, CVE-2024-33870, CVE-2024-33871) #932125

    - security fix net-snmp-5.9.4: multiple vulnerabilities (CVE-2022-44792, CVE-2022-44793) #880231

    - upgraded to perl-5.40.0, libieee1284-0.2.11-r9, poppler-24.06.1

    Porteus Kiosk version 20240818

  • 001-core:

  • - upgraded to hwdata-0.383, ethtool-6.9, sqlite-3.46.0, rsync-3.3.0-r1, elfutils-0.191-r1, util-linux-2.39.4-r1, e2fsprogs-1.47.1, rsyslog-8.2404.0-r1, pciutils-3.13.0, xfsprogs-6.8.0, libevdev-1.13.2, xkeyboard-config-2.42, libwacom-2.11.0, libinput-1.26.1, libxkbcommon-1.7.0-r1, nghttp2-1.62.1, curl-8.8.0-r1, gtk+-3.24.41-r1

  • 002-firefox:

  • - security fix mozilla-firefox-128.1.0 Changelog: link

  • 11-citrix.xzm:

  • - upgraded to icaclient-24.5.0.76

    Porteus Kiosk version 20240720

  • 001-core:

  • - upgraded to llvm-17.0.6, mesa-24.0.9, mesa-progs-9.0.0, gmmlib-22.3.19, libdrm-2.4.121, libva-2.21, libva-utils-2.21.0, libva-intel-media-driver-24.1.5

    - added speech-dispatcher-0.11.4-r2

  • 002-firefox:

  • - major Firefox ESR release mozilla-firefox-128.0 changelog: 116.0 117.0 118.0 119.0 120.0 121.0 122.0 123.0 124.0 125.0 126.0 127.0 128.0

  • 003-settings.xzm:

  • - kiosk fix disabled webpage translation popup by default for the Firefox browser

    - new feature sync the time automatically when making a connection to porteus-kiosk.org server during system installation. Display a message that time must be set manually in the wizard if it's not correct (case where the NTP protocol/server is blocked in the network).

    Porteus Kiosk version 20240707

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.6.37, intel-microcode-20240514_p20240514

    - kernel config: added support for PCI based UFS host controllers which are used in some laptops and miniPCs

  • 001-core:

  • - security fix libxml2-2.12.7: Buffer overread with xmllint --htmlout #931977

    - security fix procps-4.0.4: ps buffer overflow (CVE-2023-4016) #931408

    - security fix coreutils-9.5: chmod -R TOCTOU vulnerability #928062

    - upgraded to hwdata-0.38, nettle-3.9.1-r1, libcap-2.70, kmod-32-r2, dhcpcd-10.0.8, harfbuzz-8.5.0

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-126.0.6478.126

  • 003-settings.xzm:

  • - kiosk fix fixed screensaver slideshow/webpage/video incompatibility with 'onscreen buttons'

    - kiosk fix disabled 'Reading mode' feature for the Chrome browser

    - kiosk fix disabled 'In Product help' Chrome popup related to the settings menu

  • 005-thinclient.xzm:

  • - upgraded to libsodium-1.0.19_p20240117, remmina-1.4.35-r2

  • 08-ssh.xzm:

  • - security fix openssh-9.7_p1-r6: Remote code execution (CVE-2024-6387) #935271

    Porteus Kiosk version 20240616

  • 001-core:

  • - security fix wget-1.24.5: cookie leakage with HSTS and subdomains #930041

    - upgraded to libgpg-error-1.49, pacparser-1.4.3, dmidecode-3.6, rsync-3.3.0, systemd-utils-254.13, pciutils-3.12.0, xfsprogs-6.6.0-r1, iptables-1.8.10-r1, html-xml-utils-8.6, libcec-6.0.2-r2, fontconfig-2.15.0, harfbuzz-8.4.0, openbox-3.6.1-r9

    - added abseil-cpp-20230125.3-r3

  • 002-firefox:

  • - security fix mozilla-firefox-115.12.0 Changelog: link

  • 004-wifi.xzm:

  • - upgraded to wvdial-1.61-r1, libnl-3.9.0

    Porteus Kiosk version 20240519

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.6.30, intel-microcode-20240312_p20240312, sof-firmware-2023.12.1

  • 001-core:

  • - security fix glibc-2.38-r13: Multiple vulnerabilities in nscd (CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, GLIBC-SA-2024-0005, GLIBC-SA-2024-0006, GLIBC-SA-2024-0007, GLIBC-SA-2024-0008) #930667

    - security fix glib-2.78.6: Signal subscription vulnerabilities (CVE-2024-3439) #931507

    - upgraded to gcc-13.2.1_p20240210, alsa-ucm-conf, alsa-lib-1.2.11, alsa-utils-1.2.11, ncurses-6.4_p20240414, sysvinit-3.09, zlib-1.3.1-r1, sqlite-3.45.3, libpcre2-10.43, zstd-1.5.6, kmod-32-r1, libxml2-2.12.6, libpciaccess-0.18.1, libgpg-error-1.48, libusb-1.0.27-r1, ca-certificates-20240203.3.98, libevdev-1.13.1-r1, libwacom-2.10.0, curl-8.7.1-r4, libxkbcommon-1.7.0, mtdev-1.1.7, libX11-1.8.9, libepoxy-1.5.10-r3, rsyslog-8.2404.0, librsvg-2.57.3, libxcb-1.17.0, libXmu-1.2.1, xf86-input-wacom-1.2.2

    - added alsa-plugins-1.2.7.1-r1, libpulse-17.0, pulseaudio-daemon-17.0-r1, libltdl-2.4.7-r1, libsndfile-1.2.2-r2, speexdsp-1.2.1, webrtc-audio-processing-1.3-r3

  • 003-settings.xzm:

  • - kiosk fix removed the 1 pixel white line at the top of the kiosk screen which was visible when Firefox displayed the screensaver webpage

    - new feature switched the sound subsystem from ALSA to PulseAudio. 'default_sound_card=' and 'default_microphone=' parameters are now obsolete. If they are present in the kiosk config then system falls back to using ALSA.

    Porteus Kiosk version 20240421

  • 001-core:

  • - upgraded to timezone-data-2024a-r1, ethtool-6.7, libunistring-1.2, attr-2.5.2-r1, libpng-1.6.43, openssl-3.0.13-r2, sqlite-3.45.1-r1, coreutils-9.4-r1, libxcrypt-4.4.36-r3, libXdmcp-1.1.5, util-linux-2.39.3-r7, systemd-utils-254.10-r1, libxcb-1.16.1, libXext-1.3.6, at-spi2-core-2.50.2, ca-certificates-20230311.3.97, libpciaccess-0.18, libxkbfile-1.1.3, pixman-0.43.4, xkeyboard-config-2.41, libfontenc-1.1.8, nss-3.99, rsyslog-8.2402.0, inih-58, libXcursor-1.2.2, dhcpcd-10.0.6-r2, startup-notification-0.12-r2, libXaw-1.0.16, xev-1.2.6, iptables-1.8.10, xkbcomp-1.4.7, libXaw3d-1.6.6, nghttp2-1.61.0, curl-8.7.1-r2, pango-1.52.1, gtk+-3.24.41, imlib2-1.11.0, xorg-server-21.1.13-r99, conky-1.19.8, xf86-input-elographics-1.4.4, xf86-input-wacom-1.2.1

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-124.0.6367.60

  • 002-firefox:

  • - security fix mozilla-firefox-115.10.0 Changelog: link

  • 003-settings.xzm:

  • - kiosk fix disabled "In Product Help" popup which appears when password is saved in Chrome for the first time in the password manager

    - kiosk fix disabled "In Product Help" popup which appears when you select "Search this page with Google" option in the Chrome's 3 dot settings menu

  • 004-wifi.xzm:

  • - upgraded to ppp-2.5.0-r7, wpa_supplicant-2.10-r4

  • 005-thinclient.xzm:

  • - upgraded to libsodium-1.0.19-r2, freerdp-2.11.5-r10, remmina-1.4.35-r1

    Porteus Kiosk version 20240328

  • initrd:

  • - updated init script to use overlayfs instead of aufs

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: enabled overlayfs support and removed aufs as it causes 'kernel panic' during boot on certain PC models and kernel 6.6.x

  • 003-settings.xzm:

  • - kiosk fix temporary disable transparency when starting default (ripples) screensaver otherwise it cannot load a screenshot image

    - kiosk fix removed 'print test page' function from the wizard as we cannot inject printing module on the fly to the virtual filesystem after switching to overlayfs

    Porteus Kiosk version 20240317

  • initrd:

  • - mount aufs with 'udba=none' flag by default as writable branch is not accessible anyway after switching to /union, that should also give some small boost in aufs performance

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-6.6.21

    - upgraded to sof-firmware-2023.12, upgraded kernel firmware to latest version from git

  • 001-core:

  • - upgraded to gmmlib-22.3.17, libva-intel-media-driver-24.1.3, xorg-server-21.1.11-r99

  • 003-settings.xzm:

  • - new security feature added support for individual SSL certificates and passwords when connecting to PK Server

    - new feature added a 3rd party patch to xorg-server to use the 'modesetting' driver by default on Intel GPUs gen 4 and newer

    - new feature added a 3rd party patch to xorg-server to enable the 'TearFree' feature for the 'modesetting' GPU driver

    - new feature added a wrapper which should automatically fix the video output names in the 'screen_settings=' parameter after switching to the modesetting driver (no need to manually update the kiosk configs)

    - kiosk fix import certificates before 'run_command=' parameter so is possible to download files from webpages configured with self-signed certs if you add a private key to the imported CA cert. Remote config still must be protected by a valid SSL cert, hosted on a PK Server "Premium" or plain http/ftp server (without SSL).

    Porteus Kiosk version 20240310

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.1.78

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-122.0.6261.111

  • 003-settings.xzm:

  • - kiosk security fix always verify SSL certificate on all connections. If you host remote config or kiosk files (e.g. wallpaper) on a web server then please ensure that SSL certificate is valid otherwise the 'remote management' function will not work. This rule applies also to the intranet deployments. Please ensure that the NTP protocol is not blocked in your network as the system time must be correct when validating the SSL certificate.

    - kiosk security fix skip proxy when making connections to updates server, Porteus Kiosk Server and remote config server (relevant IPs are added to proxy exceptions by default) as we dont want the sensitive traffic to be intercepted or manipulated by anybody

    - kiosk security fix never upload VNC passwords on PK server by default, server will download them from the client when initializing the VNC connection

    - new security feature if 'root_password=' is not set in the kiosk config then generate a random one during each kiosk boot. Clients can still be accessed over SSH protocol using PK Server "Premium" which uses SSH keys and not passwords when communicating with the clients. Do not remove 'root_password=' parameter from your kiosk config if you plan to connect to your kiosk directly using e.g. Putty app. If you use PK Server "Premium" then its recommended to remove the root password from the kiosk configs in order to enchance the security on the clients.

    - new security feature if 'vnc_password=' is not set in the kiosk config then generate a random one during each kiosk boot. Clients can still be accessed over VNC protocol using PK Server "Premium" which copies VNC password over SSH when initializing the VNC connection to the client. Do not remove 'vnc_password=' parameter from your kiosk config if you plan to connect to your kiosk directly using any VNC client e.g. TigerVNC. If you use PK Server "Premium" then its recommended to remove the VNC password from the kiosk configs in order to enchance the security on the clients.

    - kiosk fix ignore "default_sound_card=0.0" parameter as it breaks the sound output in Chrome

    - kiosk fix show up to 20 messages on the screen so its possible to see them all during system update

    Porteus Kiosk version 20240303

  • 001-core:

  • - security fix glibc-2.38-r10: Multiple vulnerabilities (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, GLIBC-SA-2024-0001, GLIBC-SA-2024-0002, GLIBC-SA-2024-0003) #923352

    - security fix openssl-3.0.13: multiple vulnerabilities (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237) #921684

    - upgraded to libffi-3.4.4-r4, libcap-2.69-r1, libbsd-0.11.8, bzip2-1.0.8-r5, libpcre2-10.42-r2, sqlite-3.44.2-r2, libxcb-1.16-r1, rsync-3.2.7-r4, e2fsprogs-1.47.0-r3, pixman-0.43.2, zstd-1.5.5-r1, libinput-1.25.0, curl-8.5.0-r3, libdrm-2.4.120, libva-utils-2.20.1, libXaw3d-1.6.5-r1

  • 002-firefox:

  • - security fix mozilla-firefox-115.8 Changelog: link

  • 005-thinclient.xzm:

  • - upgraded to libidn2-2.3.7, json-glib-1.8.0

  • 10-printing.xzm:

  • - upgraded to libpaper-2.1.2, libidn-1.42, openjpeg-2.5.0-r6, qpdf-11.7.0, ghostscript-gpl-10.02.1, poppler-24.02.0, cups-2.4.7-r2

    Porteus Kiosk version 20240211

  • 001-core:

  • - security fix curl-8.5.0: Multiple vulnerabilities (CVE-2023-42619, CVE-2023-46218) #919325

    - upgraded to libffi-3.4.4-r3, baselayout-2.14-r2, timezone-data-2023d, traceroute-2.1.5, popt-1.19-r1, rsync-3.2.7-r3, zlib-1.3-r4, libxml2-2.12.5, systemd-utils-254.8, rsyslog-8.2312.0, ca-certificates-20230311.3.96.1, dhcpcd-10.0.6-r1, lsof-4.99.3, conky-1.19.6-r2, feh-3.10.2, libgcrypt-1.10.3-r1

  • 002-firefox:

  • - security fix mozilla-firefox-115.7 Changelog: link

  • 005-thinclient.xzm:

  • - upgraded to libidn2-2.3.4-r2, shared-mime-info-2.4-r1, libvncserver-0.9.14-r2

  • 09-x11vnc.xzm:

  • - upgraded to libvncserver-0.9.14-r2

    Porteus Kiosk version 20240121

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.1.74, sof-firmware-2023.09.2

  • 001-core:

  • - upgraded to llvm-16.0.6, ethtool-6.6, sysvinit-3.08, coreutils-9.4, libXaw-1.0.15-r1, libxml2-2.11.5-r1, at-spi2-core-2.50.1, shadow-4.14.2, libglvnd-1.7.0, inih-57-r1, ca-certificates-20230311.3.95, ntp-4.2.8_p17-r1, usbutils-017, gmmlib-22.3.14, libdrm-2.4.118, libva-2.20.0, libva-intel-media-driver-23.4.3, libva-utils-2.20.0, mesa-23.2.1, libnotify-0.8.3, pango-1.51.0, gtk+-3.24.39, librsvg-2.57.0, libXfont2-2.0.6-r1, xorg-server-21.1.11

    - added lsof-4.99

    Porteus Kiosk version 20240107

  • 001-core:

  • - security fix cairo-1.18.0: Multiple vulnerabilities (CVE-2019-6461, CVE-2019-6462) #717778

    - security fix traceroute-2.1.3: improper command line parsing (CVE-2023-46316) #917769

    - upgraded to glib-2.78.3, libffi-3.4.4-r2, timezone-data-2023c-r1, alsa-ucm-conf-1.2.10-r1, hwdata-0.376, gmp-6.3.0-r1, zlib-1.3-r2, openssl-3.0.12, util-linux-2.38.1-r3, sqlite-3.44.2-r1, kmod-31, libxslt-1.1.39, systemd-utils-254.7, elfutils-0.190, tiff-4.6.0, alsa-lib-1.2.10-r2, libgpg-error-1.47-r1, xkeyboard-config-2.40-r1, ca-certificates-20230311.3.93, dhcpcd-10.0.5-r1, alsa-utils-1.2.10-r1, stunnel-5.71, libwacom-2.8.0, harfbuzz-8.3.0, openbox-3.6.1-r8, feh-3.10.1

  • 002-chrome:

  • - upgraded to google-chrome-120.0.6099.199

  • 005-thinclient.xzm:

  • - security fix libssh-0.10.6 : terrapin vulnerability #920291

    - upgraded to freerdp-2.11.1, remmina-1.4.31-r1

  • 08-ssh.xzm:

  • - security fix openssh-9.6_p1: ProxyCommand Unexpected Code Execution Vulnerability (CVE-2023-51385) #920722

    Porteus Kiosk version 20231217

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-120.0.6099.109

  • 003-settings.xzm:

  • - kiosk fix disabled 'Featured experiments' button in the Chrome's UI (navigation bar)

    - kiosk fix disabled 'In Product Help' popups in Chrome which appears when you perform certain actions for the first time with private mode disabled: open new tab, play video file, download file

    - kiosk fix disabled 'NEW' flag on Google Password Manager in the 3-dot Chrome settings menu

    - new feature updated Chrome flags for the 'hardware_video_decode=' parameter. Google switched to a new "Vaapi Video Decoder" which supports additional codecs: h265 and AV1. Right now it works only for Intel Broadwell GPUs and newer. If you use another GPU (e.g. AMD or older Intel) and need hardware video decode feature then you should switch to a Firefox browser as it supports all GPUs which are capable of accelerated video playback.

    - new feature added udev rule to allow user 'guest' using the Yubikey products

    Porteus Kiosk version 20231125

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.1.63, intel-microcode-20231114_p20231114, sof-firmware-2023.09.1

  • 001-core:

  • - upgraded to c-ares-1.21.0, hwdata-0.375, dmidecode-3.5-r3, zlib-1.3-r1, libXrandr-1.5.4, systemd-utils-254.5-r2, xkeyboard-config-2.40, rsyslog-8.2310.0, libxkbcommon-1.6.0, xf86-video-siliconmotion-1.7.10

  • 002-firefox:

  • - security fix mozilla-firefox-115.5 Changelog: link

    Porteus Kiosk version 20231104

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.1.61

    - upgraded AMD microcode to the latest version

  • 001-core:

  • - security fix xorg-server-21.1.9 Multiple vulnerabilities (CVE-2023-5367, CVE-2023-5380) #916254

    - security fix zlib-1.2.13-r2: Buffer overflow (CVE-2023-45853) #916484

    - upgraded to hwdata-0.374, ethtool-6.5, acpid-2.0.34-r1, sqlite-3.43.2, harfbuzz-8.2.0

  • 002-firefox:

  • - security fix mozilla-firefox-115.4 Changelog: link

  • 003-settings.xzm:

  • - kiosk fix when the address bar is disabled in the Firefox browser then do not allow opening a new tab by double clicking on the empty space in the tab bar area

    - kiosk fix removed the 1 pixel white line at the top of the kiosk screen when Firefox works with the navigation bar disabled

    - kiosk fix re-enabled 'hinting-slight' feature (previously it broke our gtkdialog apps and had to be disabled) so fonts in kiosk should look much better now

  • 005-thinclient.xzm:

  • - upgraded to libidn2-2.3.4-r1, libsodium-1.0.19-r1, libvncserver-0.9.14-r1

    Porteus Kiosk version 20231015

  • 001-core:

  • - security fix glibc-2.37-r7 Local Privilege Escalation in ld.so (CVE-2023-4911) #915127

    - security fix libxml2-2.11.5-r1: Use-after-free if memory allocation fails (CVE-2023-45322) #915351

    - security fix libX11-1.8.7: Multiple vulnerabilities (CVE-2023-43785, CVE-2023-43786, CVE-2023-43787) #915129

    - security fix libXpm-3.5.17: Multiple vulnerabilities (CVE-2023-43788, CVE-2023-43789) #915130

    - security fix lua-5.4.6: heap buffer overflow in recursive errors (CVE-2022-33099) #856463

    - security fix nghttp2-1.57.0: HTTP/2 Rapid Reset vulnerability #915554

    - security fix curl-8.4.0: security stabilisation #915569

    - upgraded to gcc-13.2.1_p20230826, openssl-3.0.11, nss-3.91, elfutils-0.189-r4, systemd-utils-253.11-r1, libxcb-1.16, libgcrypt-1.10.2, dhcpcd-10.0.3, sshpass-1.09-r1, libinput-1.24.0, freetype-2.13.2, fontconfig-2.14.2-r3, xf86-input-libinput-1.4.0

  • 004-wifi.xzm:

  • - upgraded to libnl-3.8.0

  • 08-ssh.xzm:

  • - upgraded to openssh-9.4_p1-r1

  • 10-printing.xzm:

  • - security fix cups-2.4.7: Buffer overflow when reading Postscript in PPD files (CVE-2023-4504) #914781

    - security fix cups-filters-1.28.17-r2: RCE via beh filter (CVE-2023-24805, GHSA-gpxc-v2m8-fr3x) #906944

    - upgraded to python-3.10.13, qpdf-11.5.0, ghostscript-gpl-10.02.0

    Porteus Kiosk version 20230930

  • 002-firefox:

  • - security fix mozilla-firefox-115.3.1 Changelog: link

  • 004-wifi.xzm:

  • - upgraded to wpa_supplicant-2.10-r3, tcl-8.6.13-r1, ppp-2.5.0-r4, crda-4.15-r2

  • 08-ssh.xzm:

  • - security fix openssh-9.3_p2: Remote code execution in ssh-agent PKCS#11 support (CVE-2023-38408) #910553

    Porteus Kiosk version 20230909

  • 001-core:

  • - security fix tiff-4.5.1: multiple vulnerabilities (CVE-2023-1916, CVE-2023-25434, CVE-2023-26965, CVE-2023-2731) #904424

    - upgraded to alsa-ucm-conf-1.2.9, hwdata-0.373, libmd-1.1.0, cronbase-0.3.7-r10, ethtool-6.4, gmp-6.3.0, libpcre-8.45-r2, libpng-1.6.40-r1, gnutls-3.8.0, iw-5.19, libxcrypt-4.4.36, coreutils-9.3-r3, alsa-lib-1.2.9, elfutils-0.189-r1, mtr-0.95-r1, alsa-utils-1.2.9, systemd-utils-253.6, xkeyboard-config-2.39, inih-57, curl-8.1.2, dhcpcd-10.0.2, xfsprogs-6.4.0, libjpeg-turbo-3.0.0, glib-2.76.4, libgudev-238-r1, libwacom-2.7.0, libepoxy-1.5.10-r2, harfbuzz-8.0.1, xorg-server-21.1.8-r2, conky-1.19.2-r1, librsvg-2.56.3, lua-5.4.4-r103

  • 10-printing.xzm:

  • - upgraded to perl-5.38.0-r1, poppler-data-0.4.12, lcms-2.15, poppler-23.08.0, libpaper-2.1.0

    Porteus Kiosk version 20230820

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.1.46, intel-microcode-20230808_p20230804

    - new kernel and microcode versions fixes important vulnerabilities: Intel Downfall, AMD Inception and AMD Zen 1 "Divide By Zero" bug

  • 001-core:

  • - upgraded VAAPI stack which is required by new Chrome: libva-2.19.0, libva-utils-2.19.0, gmmlib-22.3.7, libva-intel-media-driver-23.2.4

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-115.0.5790.170

  • 003-settings.xzm:

  • - kiosk fix disabled 'High Efficiency' mode for the Chrome browser to prevent discarding of tabs after a certain period of time

    - kiosk fix disabled DRI3 support for VAAPI library when hardware video decode is enabled for the Chrome browser (otherwise hardware acceleration wont work)

    Porteus Kiosk version 20230805

  • initrd:

  • - kiosk fix fixed a bug where the watchdog daemon prevented kiosk reconfiguration on a fast booting systems

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-6.1.42, intel-microcode-20230613_p20230520, sof-firmware-2.2.6

    - upgraded AMD CPU firmware to latest version from git to fix 'Zenbleed' vulnerabilities

  • 002-firefox:

  • - major Firefox ESR release mozilla-firefox-115.1.0 changelog: 103.0 104.0 105.0 106.0 107.0 108.0 109.0 110.0 111.0 112.0 113.0 114.0 115.0

  • 003-settings.xzm:

  • - kiosk fix removed extensions button from the Firefox UI as it allows to list installed extensions and report them to Mozilla

    - kiosk fix removed 'Firefox view' button from the Firefox UI as its not needed for kiosk purposes

    - kiosk fix removed 'minimize, restore down, close' buttons when Firefox works with 'autohide_navigation_bar=yes' parameter

    - kiosk fix start Firefox in kiosk mode (instead of fullscreen) when displaying the screensaver video or screensaver URL

    - new feature upgraded Firefox plugins to latest available versions

    Porteus Kiosk version 20230715

  • 001-core:

  • - security fix libX11-1.8.6: Buffer overflows in InitExt.c (CVE-2023-3138) #908549

    - security fix shadow-4.13-r4: possible password leak during passwd(1) change #908613

    - upgraded to procps-3.3.17-r2, libunistring-1.1-r1, nettle-3.9.1, e2fsprogs-1.47.0-r2, ca-certificates-20230311.3.90, libxml2-2.11.4:2, ntp-4.2.8_p17, libxslt-1.1.38, fribidi-1.0.13, glib-2.76.3, at-spi2-core-2.48.3, librsvg-2.56.1, gtk+-3.24.38

  • 005-thinclient.xzm:

  • - upgraded to remmina-1.4.31

  • 10-printing.xzm:

  • - security fix cups-2.4.6: Use-after-free when logging warnings during cupsdAcceptClient failure (CVE-2023-34241) #909018

    - security fix ghostscript-gpl-10.01.2: Code execution vulnerability (CVE-2023-36664) #910294

    - upgraded to libpaper-2.0.12, perl-5.36.1-r3, net-snmp-5.9.3-r3, libusb-compat-0.1.8, openjpeg-2.5.0-r5, poppler-23.05.0, python-3.10.12, sane-backends-1.2.1

    Porteus Kiosk version 20230625

  • 001-core:

  • - security fix c-ares-1.19.1: Multiple vulnerabilities (CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067) #906964

    - upgraded to hwdata-0.371, dmidecode-3.5-r2, ethtool-6.3, sysvinit-3.07, coreutils-9.3-r2, wget-1.21.4, sqlite-3.42.0, nspr-4.35-r2, pciutils-3.10.0, xfsprogs-6.3.0, dhcpcd-9.5.1, libjpeg-turbo-2.1.5.1

  • 002-firefox:

  • - security fix mozilla-firefox-102.12.0 Changelog: link

  • 005-thinclient.xzm:

  • - upgraded to libgpg-error-1.47, freerdp-2.10.0-r3

    Porteus Kiosk version 20230604

  • 001-core:

  • - security fix openssl-1.1.1u: Possible DoS translating ASN.1 object identifiers (CVE-2023-2650) #907413

    - security fix libcap-2.69: Multiple vulnerabilities (CAP-CR-23-02, CVE-2023-2602, CVE-2023-2603, LCAP-CR-23-01) #906461

    - security fix libXpm-3.5.16: multiple vulnerabilities (CVE-2022-44617, CVE-2022-46285, CVE-2022-4883) #891209

    - upgraded to ncurses-6.4_p20230401, hwdata-0.369, tiff-4.5.0-r2, libfastjson-1.2304.0, libXi-1.8.1, setxkbmap-1.3.4, xinput-1.6.4, coreutils-9.3-r1, rsyslog-8.2304.0, ca-certificates-20230311.3.89.1, gmmlib-22.3.5, libpciaccess-0.17-r1, libevdev-1.13.1, libXaw3d-1.6.5, libva-intel-media-driver-23.1.6, mesa-amber-21.3.9-r1, fontconfig-2.14.2-r2, harfbuzz-7.3.0, libXft-2.3.8, conky-1.17.0-r1, feh-3.10, xf86-video-ati-22.0.0, gtk+-2.24.33-r3

  • 004-wifi.xzm:

  • - security fix ppp-2.5.0: out-of-bounds read (CVE-2022-4603) #887017

  • 005-thinclient.xzm:

  • - security fix libssh-0.10.5: Multiple vulnerabilities (CVE-2023-1667, CVE-2023-2283, GHSL-2023-085) #905746

    - upgraded to freerdp-2.10.0-r2, remmina-1.4.30

    Porteus Kiosk version 20230514

  • 001-core:

  • - security fix freetype-2.13.0: integer overflow vulnerability (CVE-2023-2004) #881443

    - security fix libxml2-2.10.4: Multiple vulnerabilities (CVE-2023-28484, CVE-2023-29469) #904202

    - security fix dmidecode-3.5: root privilege escalation via file overwrite (CVE-2023-30630) #905093

    - security fix curl-8.0.1: Multiple vulnerabilities (CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538) #902801

    - upgraded to libffi-3.4.4-r1, timezone-data-2023c, ethtool-6.2, rsync-3.2.7-r2, libcap-2.68, libfastjson-0.99.9.1, userspace-rcu-0.14.0, libXfixes-6.0.1, libXt-1.3.0, systemd-utils-252.9, zstd-1.5.5, rsyslog-8.2302.0, libcec-6.0.2-r1, iptables-1.8.9, libinput-1.23.0, at-spi2-core-2.48.0, wayland-1.22.0, pango-1.50.14, conky-1.17.0, feh-3.9.1-r1, librsvg-2.56.0, xf86-input-libinput-1.3.0, xf86-input-wacom-1.2.0, openbox-3.6.1-r5

  • 002-firefox:

  • - security fix mozilla-firefox-102.11.0 Changelog: link

  • 004-wifi.xzm:

  • - upgraded to ppp-2.4.9-r9

    Porteus Kiosk version 20230423

  • 001-core:

  • - security fix xorg-server-21.1.8 Privilege escalation via use-after-free (CVE-2023-1393) #903547

    - security fix shadow-4.13-r3 shadow file manipulation via chfn (CVE-2023-29383) #904518

    - upgraded to hwdata-0.367, dmidecode-3.4-r1, libxcrypt-4.4.33, sqlite-3.41.2-r1, libX11-1.8.4-r1, nss-3.79.4, openssl-1.1.1t-r3, util-linux-2.38.1-r2, e2fsprogs-1.47.0-r1, ca-certificates-20211016.3.88.1, stunnel-5.68, curl-7.88.1-r2, xkeyboard-config-2.38, zstd-1.5.4-r3, glib-2.74.6, libnotify-0.8.2, cairo-1.17.8, pango-1.50.13, xf86-video-intel-2.99.917_p20230201, tigervnc-1.13.1, gtk+-3.24.37

  • 002-chrome:

  • - upgraded to google-chrome-112.0.5615.121

    Porteus Kiosk version 20230408

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to intel-microcode-20230214_p20230212

    - kernel config: compiled DAX driver directly to the vmlinuz image as it's required by PCs which initialize device mapper early during boot

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-112.0.5615.49


    Tagged as Porteus Kiosk 5.5.0 release


    Main features of this release are listed here.

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


    Porteus Kiosk version 20230318

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-6.1.20

    - kernel config: enabled watchdog drivers, switched to voluntary kernel preemption, other changes

    - upgraded to sof-firmware-2.2.3

    - added watchdog-5.16

  • 001-core:

  • - upgraded to gmmlib-22.3.3, mesa-22.3.7-r1, libva-intel-media-driver-22.6.6

  • 002-firefox:

  • - security fix mozilla-firefox-102.9.0 Changelog: link

    Porteus Kiosk version 20230312

  • initrd:

  • - start watchdog as soon as possible if its enabled in the kiosk's configuration

  • 001-core:

  • - upgraded to alsa-ucm-conf-1.2.8, alsa-utils-1.2.8-r2, alsa-lib-1.2.8-r1, alsa-plugins-1.2.7.1-r1, ca-certificates-20211016.3.87-r1, ethtool-6.1, popt-1.19, sysvinit-3.06-r1, kmod-30-r1, compose-tables-1.8.4, libX11-1.8.4, systemd-utils-252.7, xfsprogs-6.1.1, logrotate-3.21.0, usbutils-015, libdrm-2.4.115, libwacom-2.6.0, libinput-1.22.1, libxkbcommon-1.5.0, mesa-22.3.6, freetype-2.12.1-r2, fontconfig-2.14.2, cairo-1.17.6-r1, xf86-video-amdgpu-23.0.0, xf86-video-qxl-0.1.6, xf86-video-vmware-13.4.0, tigervnc-1.13.0

  • 003-settings.xzm:

  • - kiosk fix PXE boot: properly export remote config name so it can be displayed in the Administration Panel of Porteus Kiosk Server

    - new feature display the current resolution at the top of available resolutions in the 'monitor settings' application

  • 005-thinclient.xzm:

  • - upgraded to libgcrypt-1.10.1-r3, remmina-1.4.29-r2

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.16-r8

    Porteus Kiosk version 20230226

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.15.96

  • 001-core:

  • - security fix tiff-4.5.0: multiple vulnerabilities (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2953, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970) #856478

    - upgraded to nspr-4.35-r1, stunnel-5.65-r2, libbsd-0.11.7-r2

  • 003-settings.xzm:

  • - kiosk fix fixed bug where mouse cursor was visible on the kiosk's screen with 'disable_input_devices=yes' and 'hide_mouse=yes' parameters enabled

  • 08-ssh.xzm:

  • - security fix openssh-9.2_p1: Pre-authentication double-free (CVE-2023-25136) #892936

  • 10-printing.xzm:

  • - upgraded to python-3.10.9-r1, libpaper-2.0.4, lcms-2.14-r4, poppler-23.01.0, hplip-3.22.10

    Porteus Kiosk version 20230219

  • 001-core:

  • - security fix xorg-server-21.1.7: Use-after-free in DeepCopyPointerClasses (CVE-2023-0494) #893438

    - security fix openssl-{1.1.1t, 3.0.8}: Multiple vulnerabilities (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401) #893446

    - upgraded to gmp-6.2.1-r5, libpcre2-10.42-r1, systemd-utils-251.10-r1, shadow-4.13-r2, e2fsprogs-1.46.5-r4, nghttp2-1.51.0, rsyslog-8.2210.0-r2, ntp-4.2.8_p15-r6, glib-2.74.5

    - added 'mktemp' utility from the 'coreutils' package as it supports extra flags which are required by the 'update-ca-certificates' script

  • 003-settings.xzm:

  • - kiosk fix resolved a bug where UEFI component was booting the (old) kiosk system which was installed on the hard drive rather than booting the (new) installation ISO from removable device

    - kiosk fix fixed testing of foomatic printer drivers and directly connected printers in the Kiosk Wizard

    - new feature start the Xorg session on tty1/VT1 rather than traditionally on VT7 to avoid flipping between VTs (faster and smoother boot experience)

  • 005-thinclient.xzm:

  • - security fix libvncserver-0.9.14: multiple vulnerabilities #887067

  • 09-x11vnc.xzm:

  • - security fix libvncserver-0.9.14: multiple vulnerabilities #887067

  • 11-citrix.xzm:

  • - upgraded to libsecret-0.20.5-r3, libvorbis-1.3.7-r1, speex-1.2.1, libogg-1.3.5-r1, icaclient-23.2.0.10

  • uefi.zip:

  • - upgraded to grub-2.06-r5

    Porteus Kiosk version 20230129

  • 001-core:

  • - security fix ca-certificates-20211016.3.86: TrustCor removal (CVE-2022-23491) #884805

    - upgraded to gcc-12.2.1_p20230121-r1, hwdata-0.366, coreutils-9.1-r2, libICE-1.1.1-r1, libXau-1.0.11, libXdmcp-1.1.4-r2, libxshmfence-1.3.2, libfontenc-1.1.7, libSM-1.2.4, compose-tables-1.8.3, xcb-util-0.4.1, libxkbfile-1.1.2, libXrandr-1.5.3, libXcomposite-0.4.6, libXdamage-1.1.6, libXScrnSaver-1.2.4, libXv-1.0.12, libXres-1.2.2, xset-1.2.5, xrandr-1.5.2, xcompmgr-1.1.9, xinit-1.4.2, curl-7.87.0-r2, libXpm-3.5.14, wayland-1.21.0-r1, xkbcomp-1.4.6, libglvnd-1.6.0, harfbuzz-6.0.0, xlockmore-5.71, xf86-input-elographics-1.4.3, xf86-video-ast-1.1.6, xf86-video-r128-6.12.1, xf86-video-vesa-2.6.0

  • 002-firefox:

  • - security fix mozilla-firefox-102.7.0 Changelog: link

  • 003-settings.xzm:

  • - kiosk fix updated chrome/firefox startup scripts to properly handle '&' characters which may be provided from command line as a part of the URL

    Porteus Kiosk version 20230108

  • 001-core:

  • - security fix xorg-server-21.1.6 (CVE-2022-4283, CVE-2022-46283, CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344) #885825

    - security fix ncurses-6.3_p20220423: segfaulting OOB read (CVE-2022-29458) #839351

    - security fix cairo-1.17.6: buffer overwrite vulnerability (CVE-2020-35492) #777123

    - security fix glib-2.74.4: Multiple vulnerabilities #887807

    - security fix sqlite-3.40.1: insufficient sandboxing of "safe" script execution (CVE-2022-46908) #886029

    - security fix curl-7.87.0: multiple vulnerabilities (CVE-2022-43551, CVE-2022-43552) #887745

    - upgraded to timezone-data-2022g, libpng-1.6.39, elfutils-0.188, libxcrypt-4.4.28-r2, util-linux-2.38.1, systemd-utils-251.10, shadow-4.13-r1, gmmlib-22.3.0, pciutils-3.9.0, mesa-22.2.5, imlib2-1.9.1-r1, xlockmore-5.69, pango-1.50.12, gtk+-3.24.35, sshpass-1.09

  • 002-chrome:

  • - upgraded to google-chrome-108.0.5359.124-r1

  • 005-thinclient.xzm:

  • - upgraded to libidn2-2.3.4, libpsl-0.21.1-r1

  • 10-printing.xzm:

  • - upgraded to lcms-2.13.1-r3, sane-backends-1.1.1-r13, ghostscript-gpl-10.0.0-r5, perl-5.36.0-r1

    Porteus Kiosk version 20221218

  • 001-core:

  • - security fix libpcre2-10.40: multiple vulnerabilities (CVE-2022-1586, CVE-2022-1587) #845195

    - security fix curl-7.86.0: multiple vulnerabilities (CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916) #878365

    - upgraded to libffi-3.4.4, timezone-data-2022f-r1, libmnl-1.0.5, libbsd-0.11.7, nettle-3.8.1, openssl-1.1.1s, coreutils-9.1-r1, zlib-1.2.13-r1, ntp-4.2.8_p15-r1, gnutls-3.7.8, libjpeg-turbo-2.1.4, tiff-4.4.0-r2, rsyslog-8.2210.0-r1, xfsprogs-6.0.0, libxml2-2.10.3-r1, libxslt-1.1.37-r1, libpciaccess-0.17, gdk-pixbuf-2.42.10-r1, pixman-0.42.2, libevdev-1.13.0, libwacom-2.5.0, xkeyboard-config-2.37, libXau-1.0.10, libdrm-2.4.114, libxshmfence-1.3.1, libfontenc-1.1.6, libXfont2-2.0.6, xcb-util-renderutil-0.3.10, xcb-util-keysyms-0.4.1, xcb-util-wm-0.4.2, libXext-1.3.5, libXrender-0.9.11, libxkbfile-1.1.1, libXmu-1.1.4, libXft-2.3.6, libXinerama-1.1.5, libglvnd-1.5.0, libXxf86vm-1.1.5, imlib2-1.7.5-r1, libXtst-1.2.4, libXaw3d-1.6.4, xsetroot-1.1.3, systemd-utils-251.8-r1, llvm-15.0.5, mesa-22.2.3, xcb-util-image-0.4.1, xcb-util-cursor-0.1.4

  • 004-wifi.xzm:

  • - upgraded to libnl-3.7.0

  • 10-printing.xzm:

  • - upgraded to python-3.8.16, net-snmp-5.9.3-r1, qpdf-10.6.3-r1, lcms-2.13.1-r2, openjpeg-2.5.0-r4, sane-backends-1.1.1-r7, cups-2.4.2-r6, ghostscript-gpl-10.0.0-r4, poppler-22.11.0-r1

    - added poppler-data-0.4.11-r2.tbz2

    Porteus Kiosk version 20221204

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.15.81, intel-microcode-20221108_p20221102

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-108.0.5359.94

  • 003-settings.xzm:

  • - kiosk fix revomed obsolete Chrome flags which are no longed needed for hardware video decode

    - kiosk fix keep the 'mesa-amber' EGL vendor config empty otherwise modesetting driver cannot be used with upgraded 'mesa' package

    Porteus Kiosk version 20221120

  • 001-core:

  • - security fix ntfs3g-2022.10.3: code execution via malicious filesystem (CVE-2022-40284) #878885

    - security fix nss-3.79.2: tstclnt crash when accessing gnutls server without user cert #877169

    - security fix curl-7.85.0: control code in cookie denial of service (CVE-2022-35252) #867679

    - upgraded to timezone-data-2022f, hwdata-0.364, libpng-1.6.38, zstd-1.5.2-r3, elfutils-0.187-r2, libcap-2.66, acpid-2.0.34, libva-2.16.0, libva-utils-2.16.0, libva-intel-driver-2.4.1-r4, libva-intel-media-driver-22.5.4, feh-3.9.1, stunnel-5.64-r2, rsyslog-8.2208.0-r1, iptables-1.8.8-r5, glibc-2.36-r5, ca-certificates-20211016.3.83, lm-sensors-3.6.0-r1, gmmlib-22.2.1, glib-2.74.1-r1, libwacom-2.4.0, xf86-input-wacom-1.1.0, conky-1.13.1, gdk-pixbuf-2.42.10, harfbuzz-5.3.1-r1, pango-1.50.11, librsvg-2.55.1, at-spi2-core-2.46.0, adwaita-icon-theme-43_p1

    - added c-ares-1.18.1

  • 002-firefox:

  • - security fix mozilla-firefox-102.5. Changelog: link

  • 005-thinclient.xzm:

  • - security fix freerdp-2.9.0: multiple vulnerabilities (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-39347, CVE-2022-41877) #8815225

    - upgraded to libgpg-error-1.46-r1, libgcrypt-1.10.1-r2, libsoup-2.74.3

  • 10-printing.xzm:

  • - security fix ghostscript-gpl-9.56.1: null pointer dereference (CVE-2022-2085) #852944

    - upgraded to lcms-2.13.1-r1, perl-5.34.1-r4, pnm2ppa-1.13-r2

    Porteus Kiosk version 20221030

  • 001-core:

  • - upgraded to expat-2.5.0, nspr-4.35, imlib2-1.7.5, e2fsprogs-1.46.5-r3, xfsprogs-5.18.0-r1, libxml2-2.10.3

  • 005-thinclient.xzm:

  • - upgraded to freerdp-2.8.1

    Porteus Kiosk version 20221016

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.15.74

    - security fix this release fixes several critically important wifi stack vulnerabilities in the linux kernel: link

    - kernel config: added DRM driver for Hyper-V Gen2 VMs. Gen1 machines cause troubles and still default to the framebuffer driver. DRM driver offers much faster 2D scrolling and allows setting a custom screen resolution (you are not longer forced to use FullHD resolution).

  • 001-core:

  • - upgraded to sqlite-3.39.4, libxml2-2.10.2, libxslt-1.1.37, gmmlib-22.1.8, lua-5.3.6-r102, libva-intel-driver-2.4.1-r3, cairo-1.16.0-r6, librsvg-2.54.4-r1, gtk+-3.24.34-r1, gtk+-2.24.33-r2

  • 005-thinclient.xzm:

  • - upgraded to libsodium-1.0.18_p20220618

  • 06-fonts.xzm:

  • - upgraded to liberation-fonts-2.1.5

    Porteus Kiosk version 20221002

  • 001-core:

  • - upgraded to sysvinit-3.05, expat-2.4.9, zstd-1.5.2-r2, userspace-rcu-0.13.2, nss-3.79.1, systemd-utils-251.4-r2, rsyslog-8.2206.0-r1

  • 002-firefox:

  • - security fix mozilla-firefox-102.3. Changelog: link

  • 005-thinclient.xzm:

  • - upgraded to libvncserver-0.9.13-r1, libssh-0.10.4

    Porteus Kiosk version 20220918

  • 001-core:

  • - upgraded to bzip2-1.0.8-r3, timezone-data-2022c, hwdata-0.361, dmidecode-3.4, zstd-1.5.2-r1, attr-2.5.1-r2, libcap-2.65, kmod-30, nspr-4.34.1, systemd-utils-251.4-r1, ca-certificates-20211016.3.80, inih-56-r1, iptables-1.8.8-r4, libnotify-0.8.1, libva-2.15.0, libva-utils-2.15.0, libva-intel-media-driver-22.4.4, freetype-2.12.1-r1, harfbuzz-5.1.0, pango-1.50.9

  • 005-thinclient.xzm:

  • - upgraded to libidn2-2.3.3, libgcrypt-1.9.4-r2, remmina-1.4.27, libdbusmenu-16.04.0-r2

  • 10-printing.xzm:

  • - security fix cups-2.4.2: Bad certificate verification for local authorisation (CVE-2022-26691) #847625

    - security fix poppler-22.09.0: JBIG2 integer overflow to code execution (CVE-2021-30860, CVE-2022-38784) #867958

    - upgraded to libidn-1.41, net-snmp-5.9.3, openjpeg-2.5.0-r2, ghostscript-gpl-9.55.0-r2

    Porteus Kiosk version 20220904

  • vmlinuz and 000-kernel.xzm:

  • - added missing wireless firmware: iwlwifi-Qu-c0-jf-b0-66.ucode

  • 001-core:

  • - security fix zlib-1.2.12-r3: buffer overread in inflateGetHeader() (CVE-2022-37434) #863851

    - security fix gnutls-3.7.7: Double free in PKCS7 signature verification (CVE-2022-2509) #861803

    - security fix libtasn1-4.19.0: Out of bounds read #866237

    - upgraded to libffi-3.4.2-r2, timezone-data-2022a, shadow-4.12.3, html-xml-utils-7.8-r1, gmmlib-22.1.7, dbus-1.14.0-r4, lua-5.3.6-r5, glib-2.72.3, wmctrl-1.07-r3, freetype-2.12.1, pango-1.50.8

  • 003-settings.xzm:

  • - new feature 'homepage_append=' parameter will properly add requested info to homepage URLs which already have the query arguments, sample: "https://domain.com?argument=1" becomes "https://domain.com?argument=1&kiosk=hostname"

    Porteus Kiosk version 20220814

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.15.60, intel-microcode-20220809_p20220809

    - kernel config: enabled bluetooth support, userspace still needs the firmware and bluetooth manager application for pairing devices (must be added through the ISO customization)

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-104.0.5112.79-r1

  • 003-settings.xzm:

  • - kiosk fix disabled autoupdate of Chrome internal components (e.g. widevine plugin) as without persistence enabled it causes the updated components to be downloaded during every session restart

    - kiosk fix disabled 'Share this page' button in the Chrome URL's bar

    - kiosk fix disabled 'Bookmark this tab' button in the Chrome URL's bar

    - new feature added support for 'MD5' authentication protocol in 802.1x wired networks ('wired_authentication=eapol' parameter)

    Porteus Kiosk version 20220806

  • 001-core:

  • - security fix openssl-1.1.1q broken AES-OCB encryption on x86 (CVE-2022-2097) #856592

    - security fix sqlite-3.39.2: buffer overflow (CVE-2022-35737) #863431

    - security fix rsyslog-8.2206.0: Potential heap buffer overflow in TCP syslog server (receiver) components (CVE-2022-24903) #842846

    - security fix logrotate-3.20.0: Unprivileged DoS via state file (CVE-2022-1348) #847382

    - security fix xorg-server-21.1.4 security stabilisation #858140

    - upgraded to glibc-2.35-r8, alsa-lib-1.2.7.2, alsa-ucm-conf-1.2.7.2, alsa-utils-1.2.7-r1, alsa-plugins-1.2.7.1, libxcrypt-4.4.28-r1, wget-1.21.3-r1, stunnel-5.64-r1, libxcb-1.15-r1, compose-tables-1.8.1, libX11-1.8.1, gmmlib-22.1.4, pciutils-3.8.0-r1, xmodmap-1.0.11, xev-1.2.5, libxcvt-0.1.2, libdrm-2.4.112, xcb-util-cursor-0.1.3-r4, wayland-1.21.0, libepoxy-1.5.10-r1, mesa-progs-8.5.0, tigervnc-1.12.0-r7, harfbuzz-4.4.1, xf86-input-synaptics-1.9.2, xf86-video-mga-2.0.1

  • 003-settings.xzm:

  • - kiosk fix properly handle the URLs containing the '&' character when browser is started by another app (e.g. Zoom's authorization through Google) or from the command line

    Porteus Kiosk version 20220724

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.15.55

    - kernel config: enabled ASUS WMI driver, enabled hardware monitoring support for NVME bus so device temperatures can be viewed in the debug log or by executing the 'sensors' command over SSH

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-102.0.1 changelog: 92.0 93.0 94.0 95.0 96.0 97.0 98.0 99.0 100.0 101.0 102.0

  • 003-settings.xzm:

  • - kiosk fix disabled autoupdate of Firefox plugins. Without persistence enabled it causes the updated plugins to be downloaded during every session restart.

    - kiosk fix fixed a bug where Firefox would not open on an entire screen when running with navigation bar disabled and was restarted from Porteus Kiosk Server or over SSH ('killall firefox' command)

    - kiosk fix disabled 'Open previous tabs' popup which appears in the Firefox browser when persistence is enabled and the kiosk PC is rebooted or powered off (unclean shutdown)

    - kiosk fix hide the PDF download button in the Firefox's PDF viewer when downloads are disabled in the system

    - new feature added support for downloading components and updates from our domian mirrors. System installation and update time should be shorter now. Please ensure that your company network allows connecting to the mirror servers - update/reconfiguration process will notify about this when needed.

    Porteus Kiosk version 20220710

  • 001-core:

  • - security fix curl-7.84.0: multiple vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208) #854708

    - upgraded to traceroute-2.1.0-r2, elfutils-0.187, acpid-2.0.33, rsync-3.2.4-r3, nspr-4.34, tiff-4.4.0, systemd-utils-250.7, nghttp2-1.47, rsyslog-8.2112.0-r1, dbus-1.12.22-r2, gmmlib-22.1.3, glib-2.72.2, libinput-1.21.0-r1, libnotify-0.7.12, libva-intel-media-driver-22.4.3, fontconfig-2.14.0-r1, harfbuzz-4.3.0, librsvg-2.54.4

  • 002-firefox:

  • - security fix mozilla-firefox-91.11.0. Changelog: link

    Porteus Kiosk version 20220619

  • 001-core:

  • - security fix pacparser-1.4.0: Memory overwrite vulnerability #844736

    - security fix zlib-1.2.12-r2: security stabilisation #836303

    - upgraded to upgraded to glibc-2.34-r13, libffi-3.4.2-r1, libltdl-2.4.7, gnutls-3.7.6, libfastjson-0.99.9-r1, libestr-0.1.11-r1, sqlite-3.38.5, rsyslog-8.2112.0, libxcb-1.15, xkeyboard-config-2.36, libxkbcommon-1.4.1, libdrm-2.4.111, llvm-14.0.4, mesa-22.0.5, mesa-amber-21.3.9, harfbuzz-4.2.1, xorg-server-21.1.3-r3, tigervnc-1.12.0-r6, xf86-input-libinput-1.2.1, adwaita-icon-theme-42.0_p2

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-2022060, ppp-2.4.9-r8

    - added tcl-8.6.12

  • 005-thinclient.xzm:

  • - upgraded to libgpg-error-1.45, vte-0.68.0

  • 10-printing.xzm:

  • - upgraded to perl-5.34.1-r3, qpdf-10.6.3, python-3.8.13, poppler-22.05.0, lcms-2.13.1

    Porteus Kiosk version 20220605

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.15.44, intel-microcode-20220510_p20220508

    - kernel config: added support for storage devices formatted with an exFAT filesystem

  • 001-core:

  • - security fix rsync-3.2.4: Vulnerability in bundled zlib #838724

    - security fix libxml2-2.9.14: Integer overflows in xmlBuf and xmlBuffer #842261

    - security fix ntfs3g-2022.5.17 multiple vulnerabilities (CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789) #847598

    - upgraded to expat-2.4.8, libbsd-0.11.6, userspace-rcu-0.13.1, sqlite-3.38.3, nss-3.68.4, libjpeg-turbo-2.1.3, fribidi-1.0.12, atk-2.38.0, glib-2.72.1, pango-1.50.7, at-spi2-core-2.44.1, librsvg-2.54.3, gtk+-3.24.34, adwaita-icon-theme-42.0, libusb-1.0.26

    - added systemd-utils-250.6

    - removed udev-249.6-r2

    Porteus Kiosk version 20220522

  • 001-core:

  • - security fix openssl-1.1.1o: Multiple vulnerabilities #842489

    - security fix ncurses-6.3_p20220423: segfaulting OOB read (CVE-2022-29458) #839351

    - upgraded to sqlite-3.38.2, compose-tables-1.7.5, libX11-1.7.5, libXcursor-1.2.1, curl-7.83.1, dbus-1.12.22-r1, libevdev-1.12.1, xkeyboard-config-2.35.1, libxkbcommon-1.4.0, setxkbmap-1.3.3, libdrm-2.4.110, e2fsprogs-1.46.5-r1, libva-2.14.0, mesa-22.0.3, libepoxy-1.5.10, libva-intel-media-driver-22.3.1, xorg-server-21.1.3-r2, xf86-video-amdgpu-22.0.0, tigervnc-1.12.0-r5, hwdata-0.358, wget-1.21.3, pciutils-3.8.0, libtasn1-4.18.0, inih-55, libva-utils-2.14.0, libcap-2.64

    - added mesa-amber-21.3.8, libunwind-1.6.2

  • 002-firefox:

  • - security fix mozilla-firefox-91.9.1. Changelog: link

  • 005-thinclient.xzm:

  • - security fix libpcre2-10.40: multiple vulnerabilities (CVE-2022-1586, CVE-2022-1587) #845195

    - security fix freerdp-2.7.0: multiple vulnerabilities (CVE-2022-24882, CVE-2022-24883) #842231

  • 08-ssh:

  • - security fix openssh-8.9_p1-r2: Command injection via scp (CVE-2020-15778) #733802

    Porteus Kiosk version 20220508

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to intel-microcode-20220419_p20220421

    - kernel config: compiled 'vmd' driver directly into kernel to allow booting from the NVME drives which are managed by the VDM controller

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-101.0.4951.54


    WARNING: if you use 'browser_preferences=' parameter then you may need to update your preferences file as number of Chrome policies have been depreciated in Chrome 101:


    ExtensionInstallWhitelist replaced by ExtensionInstallAllowlist

    ExtensionInstallBlacklist replaced by ExtensionInstallBlocklist

    URLWhitelist replaced by URLAllowlist

    URLBlacklist replaced by URLBlocklist


  • 003-settings.xzm:

  • - kiosk fix disabled 'show side panel' button on Chrome UI by default

    Porteus Kiosk version 20220501

  • 001-core:

  • - security fix libinput-1.20.1: format string vulnerability when using xf86-input-libinput (CVE-2022-1215) #839729

    - security fix freetype-2.12.0: multiple vulnerabilities (CVE-2022-27404, CVE-2022-27405, CVE-2022-27406) #840224

    - upgraded to ncurses-6.3_p20211106, alsa-topology-conf-1.2.5.1, alsa-ucm-conf-1.2.6.3, alsa-lib-1.2.6.1, alsa-utils-1.2.6, alsa-plugins-1.2.6, sqlite-3.38.1, dhcpcd-9.4.1, gmmlib-22.1.2, harfbuzz-3.4.0-r1, xf86-video-vmware-13.3.0-r1

  • 003-settings.xzm:

  • - kiosk fix whitelist 'zoommtg' protocol for Chrome by default otherwise zoom connections cannot be established using the web client

  • 005-thinclient.xzm:

  • - upgraded to libpcre2-10.39-r1, shared-mime-info-2.2, freerdp-2.6.1, remmina-1.4.25

    Porteus Kiosk version 20220410

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.15.33

  • 001-core:

  • - security fix nss-3.68.3: Memory safety issues with PKCS#11 tokens #836386

    - upgraded to libpcre-8.45-r1, sysvinit-3.01, sqlite-3.38.0, curl-7.79.1-r1, libplatform-2.1.0.1-r2, libvdpau-1.5, iptables-1.8.7-r2, freetype-2.11.1

    - added traceroute-2.1.0-r1

  • 002-firefox:

  • - security fix mozilla-firefox-91.8.0. Changelog: link

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20220408


    Tagged as Porteus Kiosk 5.4.0 release


    Main features of this release are listed here.

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


    Porteus Kiosk version 20220326

  • 002-firefox:

  • - security fix mozilla-firefox-91.7.1. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix switching to a secondary keyboard layout will no longer allow using keyboard combinations which are blocked in the system by default

    - new feature added support for remote config URLs which contains an append parameters, e.g. https://domain.com/kiosk-config.php?device=nuc&sound=0.3

    Porteus Kiosk version 20220320

  • 001-core:

  • - security fix openssl-1.1.1n: infinite loop when using invalid curve parameters in BN_mod_sqrt() (CVE-2022-0778) #835343

    - upgraded to expat-2.4.7, libcap-2.63, nss-3.68.2-r1, gnutls-3.7.3-r1, fribidi-1.0.11, glib-2.70.4, at-spi2-core-2.42.0, mesa-21.3.7, libva-intel-media-driver-22.1.0-r1, xorg-server-21.1.3-r1, pango-1.50.4, librsvg-2.52.6, pangomm-2.46.2, gtk+-3.24.31, adwaita-icon-theme-41.0

  • 002-firefox:

  • - security fix mozilla-firefox-91.7.1. Changelog: link

  • 004-wifi.xzm:

  • - upgraded to wpa_supplicant-2.10-r1

  • 005-thinclient.xzm:

  • - upgraded to vte-0.66.2

  • 10-printing.xzm:

  • - upgraded to qpdf-10.5.0, sane-backends-1.1.1-r2, poppler-22.01.0

  • 11-citrix.xzm:

  • - upgraded to libsecret-0.20.5, icaclient-22.3.0.24

    Porteus Kiosk version 20220312

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-5.15.28

    - upgraded to sof-firmware-1.9.3-r1

    Porteus Kiosk version 20220305

  • 001-core:

  • - security fix gnutls-3.7.3: Memory corruption in gnutls_x509_trust_list_verify_crt2() (GNUTLS-SA-2022-01-17) #831573

    - security fix libxml2-2.9.13: multiple vulnerabilities (CVE-2022-23308) #833809

    - security fix libxslt-1.1.35: use-after-free in xsltApplyTemplates (CVE-2021-30560) #833508

    - upgraded to timezone-data-2021e, hwdata-0.354, zstd-1.5.2, expat-2.4.6, libxcrypt-4.4.27, openssl-1.1.1m, ntfs3g-2021.8.22-r3, gmmlib-22.0.2, logrotate-3.19.0, libva-intel-media-driver-22.1.0

    - added libcec-6.0.2, libplatform-2.1.0.1-r1

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-98.0.4758.102

  • 003-settings.xzm:

  • - kiosk fix disabled 'share this page' button on the Chrome's URL bar by default

    Porteus Kiosk version 20220219

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.10.101, intel-microcode-20220207_p20220207

  • 001-core:

  • - security fix util-linux-2.37.4: Partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline (CVE-2022-0563) #833365

    - upgraded to nspr-4.33, mtr-0.95, libICE-1.0.10-r1, libXdmcp-1.1.3-r1, mesa-21.3.5

  • 002-firefox:

  • - security fix mozilla-firefox-91.6.0. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix Firefox browser will open URLs which require domain authentication without asking for an user confirmation

    Porteus Kiosk version 20220206

  • 001-core:

  • - security fix expat-2.4.4: multiple vulnerabilities (CVE-2022-23852, CVE-2022-23990) #831918

    - security fix util-linux-2.37.3: multiple vulnerabilities (CVE-2021-3995, CVE-2021-3996) #831978

    - security fix shadow-4.11.1: TOCTOU race condition in usermod/userdel (CVE-2013-4235) #830486

    - upgraded to sqlite-3.37.2, nss-3.68.2, gmmlib-21.3.5, libinput-1.19.3, elogind-246.10-r2, libva-intel-media-driver-21.4.3, harfbuzz-3.2.0, gtk+-3.24.30, glib-2.70.2

  • 003-settings.xzm:

  • - new feature if default GPU driver fails during the Xorg server initialization then automatically use other drivers in the following order: modesetting, fbdev, vesa until the desktop is started properly

  • 005-thinclient.xzm:

  • - upgraded to json-glib-1.6.6-r1, libsoup-2.74.2, remmina-1.4.23-r1

    Porteus Kiosk version 20220123

  • 001-core:

  • - security fix expat-2.4.3: multiple vulnerabilities (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) #830422

    - upgraded to glibc-2.33-r7, compose-tables-1.7.3, libX11-1.7.3, wget-1.21.2, libevdev-1.12.0, libglvnd-1.4.0, libdrm-2.4.109, wayland-1.20.0, libva-2.13.0-r2, mesa-21.3.4, feh-3.7.2, xorg-server-21.1.3

    - added libxcrypt-4.4.25-r1, libxcvt-0.1.1

  • 002-firefox:

  • - security fix mozilla-firefox-91.5.0. Changelog: link

    - new feature enabled OpenH264 plugin by default as its needed for WebRTC streams

  • 005-thinclient.xzm:

  • - security fix libgcrypt-1.9.4: ElGamal plaintext recovery (CVE-2021-40528) #811900

  • 10-printing.xzm:

  • - upgraded to libidn-1.38-r1, perl-5.34.0-r6, qpdf-10.4.0, sane-backends-1.0.32, cups-2.3.3_p2-r3, ghostscript-gpl-9.55.0-r1, poppler-21.11.0, cups-filters-1.28.10-r1, foomatic-db-engine-4.0.12-r1, python-3.8.12_p1-r1, dbus-python-1.2.18, hplip-3.21.10

    Porteus Kiosk version 20220109

  • 001-core:

  • - upgraded to e2fsprogs-libs-1.46.4-r1, ethtool-5.15, elfutils-0.186, libcap-2.62, xfsprogs-5.14.2, shadow-4.9-r4, gcc-11.2.0

    - added userspace-rcu-0.13.0

  • 08-ssh:

  • - security fix openssh-8.8_p1: Multiple vulnerabilities #815010

    Porteus Kiosk version 20211219

  • initrd:

  • - use native 'vboxvideo' driver instead of 'vesafb' for displaying the splash screen when booting on the VirtualBox platform

    - use 'vesafb' driver for displaying the splash screen when the proprietary nVidia driver is available in the system (custom builds only)

  • vmlinuz and 000-kernel.xzm:

  • - kiosk fix mainstain firmware symlinks according to the WHENCE file

  • 001-core:

  • - security fix ntfs3g-2021.8.22: Multiple vulnerabilities (CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263) #811156

    - upgraded to libmd-1.0.4, libpciaccess-0.16-r1, gmmlib-21.3.3, libwacom-1.12, harfbuzz-3.1.1, udev-249.6-r2, pciutils-3.7.0-r2, usbutils-014-r1, gmp-6.2.1-r2, openssl-1.1.1l-r1, xdotool-3.20211022.1, mesa-21.2.6, imlib2-1.7.1-r2, xorg-server-1.20.14

    - added hwdata-0.353

    - removed hwids-20210613-r2

  • 002-chrome:

  • - upgraded to google-chrome-96.0.4664.110

  • 002-firefox:

  • - security fix mozilla-firefox-91.4.0. Changelog: link

  • 003-settings.xzm:

  • - new feature reduce the number of required connections to PK Server from 5 to 3. This optimization lowers the server overhead when multiple clients are booting at the same time ('rtc_wake=' parameter is used).

  • 004-wifi.xzm:

  • - upgraded to ppp-2.4.9-r5, wpa_supplicant-2.9-r8

  • 005-thinclient.xzm:

  • - upgraded to remmina-1.4.21, libpcre2-10.39

  • 08-ssh.xzm:

  • - upgraded to openssh-8.7_p1-r3

    Porteus Kiosk version 20211128

  • 001-core:

  • - security fix rsync-3.2.3-r5: improper TLS validation in rsync-ssl script (CVE-2020-14387) #792576

    - upgraded to dbus-1.12.20-r4, hwids-20210613-r2, libva-2.13.0-r1, libva-utils-2.13.0, libva-intel-media-driver-21.3.5

    - added udev-249-r3

    - removed eudev-3.2.10-r1

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-96.0.4664.45

    Porteus Kiosk version 20211114

  • 001-core:

  • - upgraded to ncurses-6.2_p20210619, nspr-4.32, nss-3.70, libXi-1.8, libxslt-1.1.34-r2, nghttp2-1.45.1-r1, shadow-4.9-r3, llvm-13.0.0, gmmlib-21.3.1, libglvnd-1.3.4, libxkbcommon-1.3.1, xkeyboard-config-2.34, libinput-1.19.2, mesa-21.2.5, libepoxy-1.5.9-r1, libva-intel-driver-2.4.1-r1, mesa-progs-8.4.0-r1, cairo-1.16.0-r5, libXft-2.3.4, libXfont2-2.0.5, pango-1.48.10-r1, xf86-input-libinput-1.2.0, xf86-video-amdgpu-21.0.0

  • 002-firefox:

  • - security fix mozilla-firefox-91.3.0. Changelog: link

  • 005-thinclient.xzm:

  • - upgraded to freerdp-2.4.1-r1

    Porteus Kiosk version 20211030

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.10.76

  • 003-settings.xzm:

  • - kiosk fix disabled 'Restore pages' Chrome popup which could appear when kiosk is rebooted with full persistence enabled

    - kiosk fix enable the hardware video decode also for screensaver video and screensaver webpage functions when relevant parameters are present in the kiosk config

    - new feature added support for .der certificates to 'import_certificates=' parameter


    Tagged as Porteus Kiosk 5.3.0 release


    Wizard 5.3.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


    Porteus Kiosk version 20211016

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.10.73

  • 001-core:

  • - security fix libjpeg-turbo-2.1.1: Out of bounds read (CVE-2021-37972) #814206

    - security fix curl-7.79.0: Multiple vulnerabilities (CVE-2021-22945, CVE-2021-22946, CVE-2021-22947) #813270

    - upgraded to e2fsprogs-libs-1.46.4, e2fsprogs-1.46.4, compose-tables-1.7.2-r1, mtr-0.94-r1, nghttp2-1.44.0-r1, shadow-4.9-r2, gmmlib-21.2.1, xdotool-3.20210903.1, stunnel-5.59, util-linux-2.37.2-r1, libusb-1.0.24-r2, pciutils-3.7.0-r1, usbutils-014, glib-2.68.4, libgudev-237-r1, libnotify-0.7.9-r1, freetype-2.11.0-r1, harfbuzz-2.9.1, pango-1.48.10

  • 002-firefox:

  • - security fix mozilla-firefox-91.2.0. Changelog: link

  • 005-thinclient.xzm:

  • - security fix libssh-0.9.6: Heap buffer overflow (CVE-2021-3634) #810517

    - security fix libgcrypt-1.8.8: ElGamal sidechannel leak (CVE-2021-33560) #795480

    - upgraded to libidn2-2.3.2, shared-mime-info-2.1, remmina-1.4.20-r1

  • 10-printing.xzm:

  • - security fix ghostscript-gpl-9.54.0-r1: arbitrary code execution vulnerability (CVE-2021-3781) #812509

    - security fix perl-5.34.0-r2: perl-core/Encode-3.120: Encode.pm loads code from outside expected @INC (CVE-2021-36770) #807307

    - upgraded to net-snmp-5.9.1-r1, gutenprint-5.3.4-r2

    Porteus Kiosk version 20211002

  • 001-core:

  • - added libinput-1.18.1, xf86-input-libinput-1.1.0

  • 003-settings.xzm:

  • - new feature use 'libinput' as default input driver and fallback to 'evdev' only in case the touchscreen was calibrated in kiosk 5.2.0 release or older

    - new feature enabled native touch gestures support in the Firefox browser: scrolling, swiping, pinch to zoom, etc.

    - new feature updated 'disable_zoom_controls=' parameter to control the 'pinch to zoom' touch gesture in the Firefox browser

    Porteus Kiosk version 20210918

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.10.63, intel-microcode-20210608_p20210830

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-93.0.4577.82

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-91.1.0 changelog: 79.0 80.0 81.0 82.0 83.0 84.0 85.0 86.0 87.0 88.0 89.0 90.0 91.0

  • 003-settings.xzm:

  • - kiosk fix disabled 'Reading List' in the Chrome browser by default

    - kiosk fix disabled 'Ctrl+Shift+B' key combination by default as it allows to toggle the bookmarks bar in the Firefox browser

    - kiosk fix removed 'star button' from the Firefox's URL bar as it allows to bookmark webpages with a single mouse click

    - kiosk fix added access to 'about:certificates' in Firefox so users can view the certificates which are available for the browser and also view certificate of untrusted sites

  • 05-flash.xzm:

  • - *removed* as Firefox 91 ESR do not support flash NPAPI plugin anymore. Flash standalone applications can be still supported through the customized kiosk builds.

    Porteus Kiosk version 20210828

  • 001-core:

  • - security fix openssl-1.1.1l: multiple vulnerabilities (CVE-2021-3711, CVE-2021-3712) #809980

    - upgraded to libxdg-basedir-1.2.3, libbsd-0.11.3, eudev-3.2.10-r1, libxml2-2.9.12-r5, dbus-1.12.20-r3, dbus-glib-0.112, at-spi2-core-2.40.3, libwacom-1.11, libva-2.12.0, mesa-21.1.7, libva-utils-2.12.0, harfbuzz-2.8.2-r1, pango-1.48.7-r1, imlib2-1.6.1-r2

  • 002-firefox:

  • - security fix mozilla-firefox-78.13.0. Changelog: link

  • 004-wifi.xzm:

  • - upgraded to usb_modeswitch-2.6.1

    Porteus Kiosk version 20210814

  • 001-core:

  • - security fix curl-7.78.0: Multiple vulnerabilities (CVE-2021-22922, CVE-2021-22923, CVE-2021-22925, CVE-2021-22926) #803308

    - upgraded to upgraded to kmod-29, llvm-12.0.1, libtasn1-4.17.0, gnutls-3.7.2, libdrm-2.4.107, xkeyboard-config-2.33, mesa-21.1.6, xorg-server-1.20.13-r1, conky-1.12.2, tigervnc-1.9.0-r2

  • 005-thinclient.xzm:

  • - upgraded to libpcre2-10.37-r2, libsodium-1.0.18_p20210617, freerdp-2.3.2, remmina-1.4.20

    - added libappindicator-12.10.1_p20200706, libdbusmenu-16.04.0-r1

    Porteus Kiosk version 20210731

  • 001-core:

  • - upgraded to cronbase-0.3.7-r8, zstd-1.5.0, openssl-1.1.1k-r1, util-linux-2.36.2-r1, libpcre-8.45, procps-3.3.17-r1, nghttp2-1.43.0-r2, shadow-4.8.1-r4, logrotate-3.18.1-r1

  • 10-printing.xzm:

  • - upgraded to perl-5.34.0, libidn-1.37, libpaper-1.1.28, qpdf-10.3.2, net-snmp-5.9-r5, cups-2.3.3_p2-r2, poppler-21.07.0

    Porteus Kiosk version 20210718

  • 001-core:

  • - security fix glibc-2.33-r1: Use-after-free in mq_notify (CVE-2021-33574) #792261

    - upgraded to elfutils-0.185, libdrm-2.4.106, libX11-1.7.2, llvm-12.0.0, mesa-21.1.4, at-spi2-core-2.40.2, glib-2.68.3-r1, pango-1.48.7, librsvg-2.50.7

  • 004-wifi.xzm:

  • - upgraded to ppp-2.4.9-r4

  • 005-thinclient.xzm:

  • - upgraded to remmina-1.4.18, vte-0.64.2

  • 11-citrix.xzm:

  • - upgraded to libogg-1.3.5

    Porteus Kiosk version 20210703

  • 001-core:

  • - upgraded to timezone-data-2021a-r1, sqlite-3.35.5, hwids-20210613-r1, libjpeg-turbo-2.1.0-r2

  • 004-wifi.xzm:

  • - upgraded to wvstreams-4.6.1_p14-r2, ppp-2.4.9-r3

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.16-r7

    Porteus Kiosk version 20210620

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.10.45, intel-microcode-20210608_p20210608

  • 001-core:

  • - upgraded to elfutils-0.184, glib-2.68.2-r1, libxml2-2.9.12-r3, hwids-20210613, nghttp2-1.41.0-r2, curl-7.77.0-r1, pango-1.48.5-r1

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-91.0.4472.114

  • 003-settings.xzm:

  • - kiosk fix blocked 'Ctrl+Shift+N' keyboard shortcut to prevent opening new Chrome window in the incognito mode

    - kiosk fix blocked 'Alt+Shift+i' keyboard shortcut to prevent opening the feedback form when Chrome browser is used

    - kiosk fix disabled 'Caret browsing' feature by default for Firefox and Chrome browsers

  • 004-wifi.xzm:

  • - upgraded to wpa_supplicant-2.9-r5

  • 005-thinclient.xzm:

  • - upgraded to libidn2-2.3.1, libgpg-error-1.42, libsoup-2.72.0-r1, opus-1.3.1-r2

  • 11-citrix.xzm:

  • - upgraded to icaclient-21.3.0.38

    Porteus Kiosk version 20210606

  • 001-core:

  • - security fix libX11-1.7.1: missing request length checks (CVE-2021-31535) #790824

    - security fix curl-7.77.0: multiple vulnerabilities (CVE-2021-22898, CVE-2021-22901) #792192

    - upgraded to glibc-2.33, alsa-topology-conf-1.2.4, alsa-ucm-conf-1.2.4, expat-2.4.1, attr-2.5.1, zlib-1.2.11-r4, alsa-lib-1.2.4, libdrm-2.4.105, ca-certificates-20210119.3.66, libxml2-2.9.12-r2, glib-2.68.2, shadow-4.8.1-r3, rsync-3.2.3-r4, wget-1.21.1, libwacom-1.9, xkeyboard-config-2.32, nss-3.63.1-r1, alsa-utils-1.2.4, libxkbcommon-1.3.0, libXfixes-6.0.0, libjpeg-turbo-2.1.0-r1, libglvnd-1.3.3, xkbcomp-1.4.5, libXres-1.2.1, libXaw-1.0.14, gdk-pixbuf-2.42.6, at-spi2-core-2.40.1, elogind-246.10-r1, mesa-21.0.3, harfbuzz-2.8.1, pango-1.48.5, xf86-input-wacom-0.40.0, gtk+-3.24.29, gtk+-2.24.33, libcap-2.49, adwaita-icon-theme-40.1.1m, tiff-4.3.0

  • 002-firefox:

  • - security fix mozilla-firefox-78.11.0. Changelog: link

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20210421

  • 005-thinclient.xzm:

  • - upgraded to libpcre2-10.36-r1, usbredir-0.9.0, libsoup-2.72.0, vte-0.64.1

  • 08-ssh.xzm:

  • - security fix openssh-8.6_p1: theoretical sandbox escape in rare logging configuration #784896

  • 10-printing.xzm:

  • - upgraded to lcms-2.12, qpdf-10.3.1, net-snmp-5.9-r3, sane-backends-1.0.31-r2, poppler-21.05.0, perl-5.32.1

    Porteus Kiosk version 20210523

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.10.38, intel-microcode-20210216_p20210514, sof-firmware-1.6.1

  • 001-core:

  • - upgraded to dmidecode-3.3, sysvinit-2.99, inih-53, e2fsprogs-libs-1.46.2, libxml2-2.9.12, gnutls-3.7.1, iptables-1.8.7, dhcpcd-9.4.0-r1, usbutils-013-r1, ntfs3g-2017.3.23.5-r1, e2fsprogs-1.46.2, conky-1.12.1-r1

    Porteus Kiosk version 20210509

  • 001-core:

  • - security fix curl-7.76.1: multiple vulnerabilities (CVE-2021-{22876,22890}) #779535

    - upgraded to ethtool-5.10, libusb-1.0.24-r1, logrotate-3.18.0, xlockmore-5.66

  • 005-thinclient.xzm:

  • - upgraded to json-glib-1.6.2, remmina-1.4.13

  • 06-fonts.xzm:

  • - upgraded to liberation-fonts-2.1.3

    Porteus Kiosk version 20210425

  • 001-core:

  • - security fix xorg-server-1.20.11 - Input validation failures in X server XInput extension #782679

    - upgraded to sysvinit-2.98-r1, util-linux-2.36.2, rsync-3.2.3-r3, fribidi-1.0.10, xinit-1.4.1-r1, nss-3.63.1, gdk-pixbuf-2.42.4, ca-certificates-20210119.3.64

    - added dmidecode-3.2

  • 003-settings.xzm:

  • - kiosk fix fixed scaling function for video outputs working in mirrorying mode and having a similar name, e.g. DP1 and eDP1

  • 004-wifi.xzm:

  • - upgraded to ppp-2.4.9-r2, usb_modeswitch-2.6.0

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.16-r5

    Porteus Kiosk version 20210411

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-5.10.29, intel-microcode-20210216_p20210221

    - added sof-firmware-1.5.1

  • 001-core:

  • - security fix stunnel-5.58: Multiple vulnerabilities (CVE-2021-20230) #772146

    - security fix nettle-3.7.2: potential incorrect validation (CVE-2021-20305) #78483

    - upgraded to gmp-6.2.1-r1, nspr-4.30, nss-3.63, libfastjson-0.99.9, rsyslog-8.2102.0, pciutils-3.7.0, procps-3.3.17, mesa-20.3.5, gtk+-3.24.26

  • 002-firefox:

  • - security fix mozilla-firefox-78.9.0. Changelog: link

  • 005-thinclient.xzm:

  • - upgraded to remmina-1.4.12

  • 08-ssh.xzm:

  • - security fix openssh-8.5_p1: Double-free in ssh-agent (CVE-2021-28041) #774090

    Porteus Kiosk version 20210328

  • 001-core:

  • - security fix openssl-1.1.1k: multiple vulnerabilities (CVE-2021-3449, CVE-2021-3450) #777681

    - security fix libxml2-2.9.10-r5: Buffer Overflow vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c (CVE-2020-24977) #749849

    - upgraded to bzip2-1.0.8-r1, zstd-1.4.9, libunistring-0.9.10-r1, elfutils-0.183, sqlite-3.34.1, ca-certificates-20210119.3.62, xset-1.2.4-r1, xlockmore-5.65-r1, xsetroot-1.1.2-r1, xrefresh-1.0.6-r1, llvm-11.1.0, xf86-video-qxl-0.1.5_p20200205

  • 005-thinclient.xzm:

  • - upgraded to libgpg-error-1.41, libgcrypt-1.8.7


    Tagged as Porteus Kiosk 5.2.0 release


    Main features of this release are listed here.

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


    Porteus Kiosk version 20210314

  • 001-core:

  • - security fix glibc-2.32-r7: buffer overread in iconv (CVE-2019-25013) #764176

    - upgraded to dosfstools-4.2, libdrm-2.4.104, rsync-3.2.3-r2, e2fsprogs-libs-1.45.7, libXt-1.2.1, libevdev-1.11.0, dhcpcd-9.3.4, e2fsprogs-1.45.7, libgudev-234, at-spi2-core-2.38.0, at-spi2-atk-2.38.0, libva-2.10.0, libva-utils-2.10.0, mesa-20.3.4, libepoxy-1.5.5, harfbuzz-2.7.4, xf86-video-nouveau-1.0.17, librsvg-2.50.3, adwaita-icon-theme-3.38

    - added gmmlib-20.4.1, libva-intel-media-driver-20.4.5

  • 002-firefox:

  • - security fix mozilla-firefox-78.8.0. Changelog: link

  • 005-thinclient.xzm:

  • - upgraded to json-glib-1.6.0, vte-0.62.3, remmina-1.4.11

  • 10-printing.xzm:

  • - upgraded to qpdf-10.1.0, poppler-21.02.0

    Porteus Kiosk version 20210228

  • 001-core:

  • - security fix openssl-1.1.1j: multiple vulnerabilities (CVE-2021-23840, CVE-2021-23841) #769785

    - security fix glib-2.66.7: Integer overflow (CVE-2021-27218, CVE-2021-27219, GHSL-2021-045) #768753

    - upgraded to timezone-data-2021a, llvm-11.0.1

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20201120, iw-5.9

  • 10-printing.xzm:

  • - security fix openjpeg-2.4.0: Multiple vulnerabilities (CVE-2019-12973, CVE-2020-15389, CVE-2020-27814, CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27844, CVE-2020-27845) #718918

    - upgraded to cups-2.3.3-r2, ghostscript-gpl-9.53.3-r5, cups-filters-1.28.7

    Porteus Kiosk version 20210214

  • 001-core:

  • - upgraded to glibc-2.32-r6, timezone-data-2020f, feh-3.6.1, kmod-28, eudev-3.2.10, xorg-server-1.20.10-r2, volumeicon-0.5.1-r2, gtkdialog-0.8.3_p20200202

  • 004-wifi.xzm:

  • - upgraded to jimtcl-0.78-r2

  • 06-fonts.xzm:

  • - upgraded to liberation-fonts-2.1.2

    Porteus Kiosk version 20210131

  • 001-core:

  • - security fix freetds-1.2.18: Buffer overflow (CVE-2019-13508) #718950

    - upgraded to timezone-data-2020e, expat-2.2.10, zlib-1.2.11-r3, tiff-4.2.0, e2fsprogs-libs-1.45.6, libvdpau-1.4, logrotate-3.17.0, lua-5.3.6-r2, dhcpcd-8.1.9-r1, xfsprogs-5.10.0-r1, xlockmore-5.50-r1, e2fsprogs-1.45.6, conky-1.11.6-r2, mesa-20.2.6, xf86-video-intel-2.99.917_p20201215

    - added inih-52

  • 003-settings.xzm:

  • - kiosk fix blocked 'Shift+F12' keyboard shortcut by default as it gives an access to the 'accessibility inspector' in the Firefox browser

  • 004-wifi.xzm:

  • - upgraded to ppp-2.4.8-r1

  • 005-thinclient.xzm:

  • - upgraded to shared-mime-info-2.0-r2, remmina-1.4.10

  • 08-ssh.xzm:

  • - upgraded to openssh-8.4_p1-r3

    Porteus Kiosk version 20210117

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-87.0.4280.141

  • 002-firefox:

  • - security fix mozilla-firefox-78.6.1. Changelog: link

  • 05-flash.xzm:

  • - downgraded to adobe-flash-32.0.0.330 as this version still works despite of being EOL-ed by Adobe

    Porteus Kiosk version 20210103

  • 001-core:

  • - security fix dbus-1.12.20: use after free if duplicate UIDs #755392

    - security fix curl-7.74.0: Multiple vulnerabilities (CVE-2020-8284, CVE-2020-8285, CVE-2020-8286) #759259

    - security fix gdk-pixbuf-2.42.2: infinite loop in GIF handling (CVE-2020-29385) #759094

    - upgraded to glibc-2.32-r3, zstd-1.4.5, gmp-6.2.1, elfutils-0.182, usbutils-013, libjpeg-turbo-2.0.6, feh-3.6, hsetroot-1.0.5

  • 005-thinclient.xzm:

  • - upgraded to upgraded to lz4-1.9.3

  • 08-ssh.xzm:

  • - upgraded to openssh-8.4_p1-r2

  • 09-x11vnc.xzm:

  • - security fix x11vnc-0.9.16-r4: Insecure permissions on shm (CVE-2020-29074) #756841

  • 10-printing.xzm:

  • - upgraded to jbig2dec-0.19, qpdf-10.0.4, poppler-20.11.0, ghostscript-gpl-9.53.3-r4, dymo-cups-drivers-1.4.0-r2, gutenprint-5.3.3-r2, cups-filters-1.28.3

    - added libidn-1.36

  • 11-citrix.xzm:

  • - upgraded to speex-1.2.0-r2

    Porteus Kiosk version 20201213

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.82, intel-microcode-20201112_p20201116-r1

  • 001-core:

  • - security fix openssl-1.1.1i: Denial of service in X509 parser (CVE-2020-1971) #759079

    - security fix xorg-server-1.20.10: Multiple vulnerabilities (CVE-2020-14360, CVE-2020-25712) #757882

    - upgraded to timezone-data-2020d, hwids-20201207, libxml2-2.9.10-r4, libXau-1.0.9-r1, libxshmfence-1.3-r2, libevdev-1.10.0, libdrm-2.4.103, xkeyboard-config-2.31, libX11-1.7.0, libxkbcommon-1.0.3, xkbcomp-1.4.4, libXtst-1.2.3-r2, mesa-20.2.4, xf86-video-vesa-2.5.0, adwaita-icon-theme-3.36.1-r1

    - added compose-tables-1.7.0

  • 003-settings.xzm:

  • - kiosk fix disabled Chrome update notification on screensaver video and screensaver URL

    Porteus Kiosk version 20201129

  • 001-core:

  • - upgraded to popt-1.18, libpng-1.6.37-r2, sysvinit-2.97, libusb-1.0.23-r1, rsyslog-8.2008.0, llvm-11.0.0, mesa-20.2.3, dbus-1.12.20

  • 002-firefox:

  • - security fix mozilla-firefox-78.5.0. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix stop the screensaver video before locking the session (session_idle_action=lock). There is no point to play the video if nothing is visible on the kiosk screen.

  • 005-thinclient.xzm:

  • - security fix libssh-0.9.5: Null pointer dereference (CVE-2020-16135)#734624

    - new feature recompiled Remmina with CUPS support so its possible to redirect local printers to remote RDP session

    Porteus Kiosk version 20201115

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.77, intel-microcode-20201110_p20201110

  • 001-core:

  • - security fix nss-3.58: Tighten CCS handling for middlebox compatibility mode in TLS 1.3 handshake (CVE-2020-25648) #750254

    - upgraded to gcc-9.3.0-r1, glibc-2.32-r2, attr-2.4.48-r4, nspr-4.29, libXfixes-5.0.3-r3, libXrender-0.9.10-r2, libXv-1.0.11-r2, libXinerama-1.1.4-r1, libSM-1.2.3-r1, libXxf86vm-1.1.4-r2, fontconfig-2.13.1-r2

    Porteus Kiosk version 20201101

  • 001-core:

  • - security fix freetype-2.10.3-r1: Heap buffer overflow in malformed ttf files (CVE-2020-15999) #750275

    - upgraded to alsa-topology-conf-1.2.3, alsa-ucm-conf-1.2.3, alsa-lib-1.2.3.2-r1, alsa-utils-1.2.3, rsync-3.2.3-r1, libjpeg-turbo-2.0.5-r2

  • 10-printing.xzm:

  • - upgraded to lcms-2.11, libieee1284-0.2.11-r8, net-snmp-5.9-r2, poppler-0.90.1

    Porteus Kiosk version 20201018

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.72

  • 001-core:

  • - upgraded to libva-intel-driver-2.4.1, elfutils-0.181, nspr-4.28, nss-3.56, libglvnd-1.3.2-r2, acpid-2.0.32-r2, mesa-20.1.10

  • 002-firefox:

  • - security fix mozilla-firefox-78.3.1. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix disabled 'Shift+F9' key combination which opens the "Storage Inspector" console in the Firefox browser

    - kiosk fix disabled the possibility of dropping an URL on the tabs bar so its not possible to open a new tab if the address bar is disabled

    - kiosk fix disabled the possibility of dropping an URL on the home button so its not possible to change the homepage which was st in the kiosk config

    - kiosk fix disabled the possibility of dropping an URL on the bookmarks toolbar so its not possible to add a new bookmark or change the position of existing bookmarks which are managed through the kiosk config

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.445


    Tagged as Porteus Kiosk 5.1.0 release


    Main features of this release are listed here.

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


    Porteus Kiosk version 20201004

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.69, intel-microcode-20200616_p20200921

  • 001-core:

  • - upgraded to sqlite-3.33.0, kmod-27-r2, libxml2-2.9.10-r3, llvm-10.0.1, libglvnd-1.3.2-r1, harfbuzz-2.7.2, libva-2.7.1, mesa-20.1.8

  • 002-chrome:

  • - upgraded to google-chrome-85.0.4183.121

  • 003-settings.xzm:

  • - new feature added VAAPI info to the debug log so its quick to find which video codecs can be hardware decoded by the GPU

  • 004-wifi.xzm:

  • - upgraded to libnl-3.5.0

    Porteus Kiosk version 20200920

  • 001-core:

  • - security fix gnutls-3.6.15: Null-pointer deref in TLS 1.3 client (CVE-2020-24659) #740390

    - upgraded to ethtool-5.8-r1, xcb-util-renderutil-0.3.9-r3, xcb-util-keysyms-0.4.0-r2, xcb-util-wm-0.4.1-r3, xcb-util-0.4.0-r2, xcb-util-image-0.4.0-r2, xcb-util-cursor-0.1.3-r3, xev-1.2.4, libevdev-1.9.1, xf86-video-fbdev-0.5.0-r1, mesa-20.1.7

    - added libglvnd-1.3.2, wayland-1.18.0

  • 002-chrome:

  • - upgraded to google-chrome-85.0.4183.102

  • 003-settings.xzm:

  • - kiosk fix load the driver for USB audio devices with a slight delay to make sure it uses the last sound card slot. This is to prevent breaking our 'default_sound_card=' parameter with random slot assignment.

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.433

  • 11-citrix.xzm:

  • - upgraded to libogg-1.3.4, libvorbis-1.3.7

    Porteus Kiosk version 20200902

  • 001-core:

  • - security fix libX11-1.6.12: Double free in locale handling (CVE-2020-14363) #738984

    - security fix libxml2-2.9.10: multiple vulnerabilities (CVE-2019-20388, CVE-2020-7595) #710748

    - security fix curl-7.72.0: May use wrong connection to submit data if CURLOPT_CONNECT_ONLY (CVE-2020-8231) #737990

    - security fix libpcre-8.44: Multiple vulnerabilities (CVE-2019-20838, CVE-2020-14155) #717920

    - upgraded to coreutils-8.32-r1, ethtool-5.8, libjpeg-turbo-2.0.5-r1, rsync-3.2.3, procps-3.3.16-r2, iptables-1.8.5, libxslt-1.1.34-r1, shadow-4.8-r5, atk-2.36.0, at-spi2-core-2.36.0, librsvg-2.48.8, gtk+-3.24.22, adwaita-icon-theme-3.36.1, glib-2.64.5, libnotify-0.7.9

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-85.0.4183.83

  • 003-settings.xzm:

  • - kiosk security fix disabled 'irc://' and 'ircs://' handlers for the Firefox which could allow the attacker to unlock the default browser profile and run other applications. Vulnerability reported by Offensive Security company - thank you!

    - kiosk security fix ensure that Firefox profile folder is not symlinked to another folder when pushing a managed bookmark file to it. Symlinked profile  directory could lead to gaining root access and compromising the system. Vulnerability reported by Offensive Security company - thank you!

  • 005-thinclient.xzm:

  • - upgraded to libgpg-error-1.38, libgcrypt-1.8.6, libpcre2-10.35, vte-0.60.3

  • 08-ssh.xzm:

  • - upgraded to openssh-8.1_p1-r4

    Porteus Kiosk version 20200816

  • 001-core:

  • - security fix nss-3.55: Multiple vulnerabilities (CVE-2020-12400, CVE-2020-12401, CVE-2020-12403) #734986

    - security fix nspr-4.26: Multiple vulnerabilities (CVE-2020-12400, CVE-2020-12401, CVE-2020-12403) #734986

    - security fix libX11-1.6.10: Multiple vulnerabilities (CVE-2020-14344) #734974

    - security fix libxml2-2.9.10: multiple vulnerabilities (CVE-2019-20388, CVE-2020-7595) #710748

    - security fix libxslt-1.1.34: multiple vulnerabilities (CVE-2019-20388, CVE-2020-7595) #710748

    - upgraded to glibc-2.31-r6, libffi-3.3-r2, hwids-20200813.1

  • 005-thinclient.xzm:

  • - security fix freerdp-2.2.0: Integer overflow in rdpegfx channel (CVE-2020-15103) #733328

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.414

  • 10-printing.xzm:

  • - security fix jbig2dec-0.18: Buffer overflow in jbig2_image_compose (CVE-2020-12268) #729730

    - security fix ghostscript-gpl-9.52: Multiple vulnerabilities (CVE-2020-15900, CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538) #734322

    - upgraded to net-snmp-5.8.1_pre1-r1, python-2.7.18-r1, sane-backends-1.0.30-r2

    Porteus Kiosk version 20200802

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.55

  • 001-core:

  • - security fix sqlite-3.32.3-r1: Multiple vulnerabilities #732604

    - upgraded to elfutils-0.180, rsync-3.2.2-r1, freetype-2.10.2-r1, rsyslog-8.2004.0, libdrm-2.4.102, libxkbcommon-0.10.0-r1, xkeyboard-config-2.30, cairo-1.16.0-r4, xorg-server-1.20.8-r1

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-78.1 changelog: 69.0 70.0 71.0 72.0 73.0 74.0 75.0 76.0 77.0 78.0

  • 003-settings:

  • - new feature "silent_printing=yes" parameter is working again for the Firefox browser after fixing relevant function by Mozilla

  • 004-wifi.xzm:

  • - upgraded to wireless-tools-30_pre9-r1

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.403

    Porteus Kiosk version 20200718

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.52

    Porteus Kiosk version 20200711

  • 001-core:

  • - security fix curl-7.71.0: Multiple vulnerabilities (CVE-2020-8169, CVE-2020-8177) #729374

    - security fix ntp-4.2.8_p15: Memory leak allowing denial of service (CVE-2020-15025) #729458

    - upgraded to llvm-10.0.0, nettle-3.6-r2, util-linux-2.35.2, pciutils-3.6.4, usbutils-012, harfbuzz-2.6.7, gtk+-3.24.20

  • 10-printing.xzm:

  • - kiosk fix Remove 'og' permissions from the CUPS usb backed as some printers can not be discovered otherwise.

    - security fix perl-5.30.3: multiple vulnerabilities (CVE-2020-10543, CVE-2020-10878, CVE-2020-12723) #723792

    - security fix openldap-2.4.50: Denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243) #719960

    - upgraded to net-snmp-5.8-r5, python-2.7.18, dbus-python-1.2.16, poppler-0.88.0-r1, cups-filters-1.27.4, cups-2.3.3-r1

    Porteus Kiosk version 20200628

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.49, intel-microcode-20200616_p20200617

  • 001-core:

  • - security fix dbus-1.12.18: Denial of service via file descriptor leak (CVE-2020-12049) #727104

    - security fix libjpeg-turbo-2.0.4-r1 Buffer overflow in get_rgb_row() via malformed PPM file (CVE-2020-13790) #727010

    - upgraded to html-xml-utils-7.7, rsync-3.2.0-r1, iw-5.4, pixman-0.40.0, mesa-20.0.8, xorg-server-1.20.8

  • 003-settings:

  • - kiosk fix start the "hide mouse" process with a 5 second delay to have the Xorg session fully set

  • 005-thinclient.xzm:

  • - security fix libvncserver-0.9.13: Multiple vulnerabilities (CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405) #728594

    - upgraded to remmina-1.4.5

  • 09-x11vnc.xzm:

  • - security fix libvncserver-0.9.13: Multiple vulnerabilities (CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405) #728594

    Porteus Kiosk version 20200614

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.46, intel-microcode-20200609_p20200601

  • 001-core:

  • - security fix gnutls-3.6.14: Flaw in TLS session ticket key construction (CVE-2020-13777)#727108

    - security fix nss-3.52.1: Timing attack on DSA signatures (CVE-2020-12399)#726842

    - upgraded to pacparser-1.3.7-r1, libtasn1-4.16.0, ca-certificates-20200601.3.53, xf86-video-intel-2.99.917_p20200515

  • 002-chrome:

  • - upgraded to google-chrome-83.0.4103.97

  • 002-firefox:

  • - critical security fix mozilla-firefox-68.9.0. Changelog: link

  • 003-settings:

  • - kiosk fix 'shutdown_menu=' parameter: activate lock function only when session or root password are set

  • 005-thinclient.xzm:

  • - thinclient fix create pty nodes by default as they are needed for Remmina SSH connection

    - upgraded to freerdp-2.1.1-r1

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.387

  • 11-citrix.xzm:

  • - upgraded to icaclient-20.04.0.21

    - kiosk fix ctxusb daemon is disbled by default as some users experience random session disconnects because of it

    Porteus Kiosk version 20200531

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.43, intel-microcode-20200508_p20200508

  • 001-core:

  • - upgraded to harfbuzz-2.6.5, conky-1.10.8-r9

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-83.0.4103.61

  • 003-settings:

  • - kiosk fix disabled Ctrl+Shift+d keyboard shortcut by default

  • 005-thinclient.xzm:

  • - security fix freerdp-2.1.1: Multiple vulnerabilities (CVE-2020-13396, CVE-2020-13397, CVE-2020-13398)#724380

    - upgraded to remmina-1.4.3

    Porteus Kiosk version 20200517

  • 001-core:

  • - security fix ncurses-6.2: multiple vulnerabilities (CVE-2019-17594, CVE-2019-17595) #698210

    - security fix ntp-4.2.8_p14: Multiple vulnerabilities (CVE-2020-11868) #717798

    - upgraded to timezone-data-2020a, alsa-topology-conf-1.2.2, alsa-ucm-conf-1.2.2, alsa-lib-1.2.2-r1, alsa-utils-1.2.2, ethtool-5.4, nettle-3.5.1-r1, wget-1.20.3-r3, xvkbd-4.1, util-linux-2.35.1-r2, openbox-3.6.1-r3

  • 002-firefox:

  • - critical security fix mozilla-firefox-68.8.0. Changelog: link

  • 005-thinclient.xzm:

  • - security fix freerdp-2.1.0: Multiple vulnerabilities (CVE-2020-11017, CVE-2020-11018, CVE-2020-11019, CVE-2020-11038, CVE-2020-11039, CVE-2020-11040, CVE-2020-11041, CVE-2020-11042, CVE-2020-11043, CVE-2020-11044, CVE-2020-11045, CVE-2020-11046, CVE-2020-11047, CVE-2020-11048, CVE-2020-11049, CVE-2020-11058, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523, CVE-2020-11524, CVE-2020-11525, CVE-2020-11526)#716830

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.371

    Porteus Kiosk version 20200503

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.36, intel-microcode-20191115_p20200429

  • 001-core:

  • - upgraded to glibc-2.30-r8, openssl-1.1.1g, nettle-3.5.1, fribidi-1.0.9, libpcre-8.43, dhcpcd-8.1.9, ntfs3g-2017.3.23-r3, glib-2.62.6, atk-2.34.1, at-spi2-core-2.34.0, at-spi2-atk-2.34.2

  • 003-settings:

  • - kiosk fix disabled completion panel on the virtual keyboard by default as it may reveal passwords which user enters during the session

  • 005-thinclient.xzm:

  • - upgraded to libsoup-2.70.0, freerdp-2.0.0-r1, vte-0.58.3

    Porteus Kiosk version 20200419

  • 001-core:

  • - upgraded to openssl-1.1.1f, libxcb-1.14, curl-7.69.1, gnutls-3.6.13, libevdev-1.9.0, fuse-2.9.9-r1, feh-3.3, gtk+-3.24.16, xf86-video-intel-2.99.917_p20200310

  • 002-firefox:

  • - critical security fix mozilla-firefox-68.7. Changelog: link

  • 005-thinclient.xzm:

  • - security fix libvncserver-0.9.12-r5: heap buffer overflow in HandleCursorShape() (CVE-2019-15690) #714054

    - upgraded to libssh-0.9.4, libpcre2-10.34

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.363

  • 09-x11vnc.xzm:

  • - security fix libvncserver-0.9.12-r5: heap buffer overflow in HandleCursorShape() (CVE-2019-15690) #714054

  • 11-citrix.xzm:

  • - upgraded to icaclient-19.12.0.19

    - enabled microphone and webcam in the Citrix session by default

    Porteus Kiosk version 20200404

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.30

    - kernel config: enabled EFI stub support which is needed to boot the kiosk on some HP PCs equipped with the EFI firmware

    Porteus Kiosk version 20200329

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.28

    - kernel config: the busybox's modprobe applet does not load PHY drivers which are need to initialize NICs. Compiled broadcom and realtek PHY drivers directly into kernel to resolve PXE booting issues.

  • 001-core:

  • - upgraded to gmp-6.2.0-r1, nspr-4.25, shadow-4.8-r4, nss-3.51, libjpeg-turbo-2.0.4

  • 002-chrome:

  • - upgraded to google-chrome-80.0.3987.149

  • 004-wifi.xzm:

  • - upgraded to crda-4.14

  • 005-thinclient.xzm:

  • - security fix libidn2-2.2.0: Improper roundtrip checks when converting A-labels to U-labels (CVE-2019-12290) #697752

    - upgraded to usbredir-0.8.0

  • 06-fonts.xzm:

  • - upgraded to liberation-fonts-2.1.0

  • 10-printing.xzm:

  • - upgraded to dbus-python-1.2.14, openjpeg-2.3.1-r1, poppler-0.85.0

  • 11-citrix.xzm:

  • - security fix libvorbis-1.3.6-r1: multiple vulnerabilities (CVE-2018-10392, CVE-2018-10393) #699862

    Porteus Kiosk version 20200315

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-5.4.25

  • 001-core:

  • - upgraded to coreutils-8.31-r1, kmod-26-r5, mtdev-1.1.6, sqlite-3.31.1, libxkbcommon-0.10.0, shadow-4.8-r3, hwids-20200306, curl-7.68.0, xkeyboard-config-2.29, xkbcomp-1.4.3, libwacom-1.1, llvm-9.0.1, mesa-19.3.5, xorg-server-1.20.7, xf86-input-wacom-0.39.0, xf86-video-intel-2.99.917_p20191209

  • 002-chrome:

  • - upgraded to google-chrome-80.0.3987.132

  • 004-wifi.xzm:

  • - upgraded to ppp-2.4.8

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.344

  • 08-ssh.xzm:

  • - upgraded to openssh-8.1_p1-r3


    Tagged as Porteus Kiosk 5.0.0 release


    Wizard 5.0.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


    Porteus Kiosk version 20200301

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-5.4.23

  • 001-core:

  • - security fix glib-2.60.7-r2: Mishandling of proxy_addr field in GSocketClient may lead to proxy being ignored (CVE-2020-6750) #710514

    - upgraded to xfsprogs-5.4.0-r1, acpid-2.0.32-r1, librsvg-2.40.21

  • 002-chrome:

  • - upgraded to google-chrome-80.0.3987.122

  • 002-firefox.xzm:

  • - upgraded to mozilla-firefox-68.5.0

  • 003-settings:

  • - new feature added support for displaying TIFF files in the Firefox browser. TIFF files are converted to the PDF format first so its possible to view them directly in the browser. This function requires 'enable_file_protocol=yes' parameter present in the kiosk config.

  • 08-ssh.xzm:

  • - upgraded to openssh-8.1_p1-r2

  • 10-printing.xzm:

  • - upgraded to python-2.7.17-r1, gutenprint-5.3.3

    Porteus Kiosk version 20200216

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.102, 20191115_p20200209

  • 001-core:

  • - security fix openssl: rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551) #702176

    - security fix e2fsprogs-1.45.5: out of bounds write on filesystem check (CVE-2019-5188) #709374

    - upgraded to gcc-9.2.0-r2, libffi-3.3-r1

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-80.0.3987.100

  • 003-settings:

  • - kiosk fix disabled 'browser reset prompt' by default in the Firefox browser. This prompt may appear when full persistence is enabled and the kiosk was not used for a while.

    - new feature added virtual keyboard to the 'session password' windows its possible to start the kiosk session without physical keyboard

    - new feature sync NTP time every day to keep the system clock updated for kiosks which are not rebooted for a long time (e.g. 6 months).

  • 004-wifi.xzm:

  • - upgraded to wpa_supplicant-2.9-r2

  • 005-thinclient.xzm:

  • - upgraded to lz4-1.9.2

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.330

  • 10-printing.xzm:

  • - upgraded to hplip-3.18.12-r1, net-snmp-5.8-r3, python-2.7.17, libpaper-1.1.24_p5

    Porteus Kiosk version 20200202

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.101

  • 001-core:

  • - upgraded to alsa-lib-1.2.1.2, alsa-utils-1.2.1, imlib2-1.6.1, glib-2.60.7-r1, gtk+-3.24.13

    - added alsa-topology-conf-1.2.1, alsa-ucm-conf-1.2.1.2

  • 003-settings:

  • - kiosk fix fix mouse events on ncurses apps (mc, alsamixer) when logging to the kiosk over SSH from the 'xterm-256color' terminal

    - new feature give the user 60 seconds to perform an action in order to stop shutting down the PC when the 'halt_idle=' parameter is used

  • 005-thinclient.xzm:

  • - upgraded to libvncserver-0.9.12-r4

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.314

  • 09-x11vnc.xzm:

  • - upgraded to libvncserver-0.9.12-r4

    Porteus Kiosk version 20200118

  • 003-settings:

  • - kiosk fix disable Chrome update popup also on browser instance which is used for displaying the screensaver video/webpage

    - kiosk fix ensure to kill only the browser process when screensaver webpage is running and Xorg session is restarted

    Porteus Kiosk version 20200111

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.94

  • 001-core:

  • - security fix fribidi-1.0.8: stack buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c (CVE-2019-18397) #699338

    - upgraded to rsyslog-8.1911.0-r1, xfsprogs-5.4.0, libxml2-2.9.9-r3, libXpm-3.5.13, libvdpau-1.3, mesa-19.2.8, libepoxy-1.5.4, xorg-server-1.20.6, xf86-input-wacom-0.38.0

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-68.4.1. Changelog: link

  • 003-settings:

  • - kiosk fix 'persistence=full' parameter: remove Chrome's SingletonLock file by default to avoid 'Chrome profile' locked message when hostname is changed

    - kiosk fix reuse Chrome profile in full for screensaver video/webpage purposes. Some extensions can be forced through global policies as we want to keep their settings in the new Chrome instance which is used to play the screensaver.

  • 08-ssh.xzm:

  • - kiosk fix recompiled openssh package with support for obsolete keys as many kiosk users still use older SSH clients

    Porteus Kiosk version 20191221

  • 001-core:

  • - upgraded to glibc-2.29-r7, ncurses-6.1_p20190609, gnutls-3.6.7-r1, fribidi-1.0.7, nss-3.47.1-r1, glib-utils-2.60.7, glib-2.60.7, gdk-pixbuf-2.40.0, atk-2.32.0, at-spi2-core-2.32.1, at-spi2-atk-2.32.0, gtk+-3.24.11, adwaita-icon-theme-3.32.0

  • 003-settings:

  • - kiosk fix 'volume_level=' parameter: set the sound level for every audio device present in the system and not just the first one

  • 005-thinclient.xzm:

  • - upgraded to libssh-0.9.3, libsoup-2.66.4, vte-0.56.4

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.303

    Porteus Kiosk version 20191208

  • 001-core:

  • - security fix nss-3.47.1: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) #701840

    - upgraded to elfutils-0.177, sqlite-3.30.1, stunnel-5.55, libxml2-2.9.9-r2

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-68.3.0. Changelog: link

  • 10-printing.xzm:

  • - security fix tiff-4.1.0: multiple vulnerabilities (CVE-2018-19210, CVE-2019-17546, CVE-2019-6128) #699868

    - upgraded to poppler-0.82.0, perl-5.30.1

    Porteus Kiosk version 20191124

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.86, intel-microcode-20191115_p20191110

  • 001-core:

  • - security fix libjpeg-turbo-2.0.3: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images (CVE-2019-2201) #699830

    - upgraded to kmod-26-r3, attr-2.4.48-r3, libbsd-0.10.0, libxkbcommon-0.9.1, libdrm-2.4.100, libX11-1.6.9, xkeyboard-config-2.28, rsyslog-8.1910.0-r1, harfbuzz-2.6.4, libnotify-0.7.8, xf86-video-ati-19.1.0, xf86-video-amdgpu-19.1.0, mesa-19.1.8, volumeicon-0.5.1-r1

  • 005-thinclient.xzm:

  • - thinclient fix fixed Citrix standalone application by switching to latest 'selfservice' utility which utilize webkitgtk2 package, also added all required dependencies

    - upgraded to remmina-1.3.6-r1, shared-mime-info-1.10-r1

    - added libsodium-1.0.18

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.293

  • 09-x11vnc.xzm:

  • - security fix libvncserver-0.9.12-r3: memory leak allows attacker to read stack memory (CVE-2019-15681) #699036

    Porteus Kiosk version 20191109

  • 001-core:

  • - security fix curl-7.66.0: multiple vulnerabilities (CVE-2019-5481, CVE-2019-5482) #694020

    - upgraded to kmod-26-r2, eudev-3.2.9, libgudev-233-r1, libusb-1.0.21-r1, pciutils-3.5.6-r1

  • 004-wifi.xzm:

  • - security fix wpa_supplicant-2.9-r1: multiple vulnerabilities (CVE-2019-{13377,16275}) #696030

  • 005-thinclient.xzm:

  • - security fix libpcre2-10.33-r1: multiple vulnerabilities #699052

  • 10-printing.xzm:

  • - security fix ghostscript-gpl-9.50 multiple vulnerabilities (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817) #693002

    - upgraded to qpdf-9.0.2, jbig2dec-0.17-r1, cups-filters-1.25.11

    Porteus Kiosk version 20191027

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.80

  • 001-core:

  • - security fix rsyslog-8.1910.0: multiple vulnerabilities (CVE-2019-17041, CVE-2019-17042) #697464

    - upgraded to timezone-data-2019c, sqlite-3.29.0, hwids-20191025, gdk-pixbuf-2.38.1-r1

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-78.0.3904.70

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-68.2.0. Changelog: link

  • 003-settings:

  • - kiosk fix added '-noxdamage' flag to the x11vnc startup script to prevent VNC crashes on some kiosks

  • 005-thinclient.xzm:

  • - security fix libgcrypt-1.8.5: ECDSA side-channel attack (CVE-2019-13627) #693108

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.270

  • 08-ssh.xzm:

  • - upgraded to openssh-8.0_p1-r4

  • 10-printing.xzm:

  • - upgraded to openldap-2.4.48, python-2.7.16

    Porteus Kiosk version 20191005

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.77

  • 001-core:

  • - security fix e2fsprogs-1.45.4: maliciously corrupted file systems can trigger buffer overruns in the quota code used by e2fsck (CVE-2019-5094) #695522

    - upgraded to libffi-3.3_rc0, e2fsprogs-libs-1.45.4

  • 003-settings:

  • - kiosk fix hide the Firefox's tab bar when 'toggle_tabs=' parameter is used. Regression introduced after upgrading to Firefox 68.x.

    Porteus Kiosk version 20190921

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.75, intel-microcode-20190918_p20190918

  • 001-core:

  • - security fix openssl-1.0.2t: multiple vulnerabilities (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563) #694162

    - security fix expat-2.2.8: Heap buffer overread (CVE-2019-15903) #694362

    - upgraded to gmp-6.1.2-r1, libpciaccess-0.16, libICE-1.0.10, libevdev-1.8.0, libXfont2-2.0.4, setxkbmap-1.3.2, xinput-1.6.3, xrandr-1.5.1, libdrm-2.4.99, llvm-8.0.1, mesa-19.1.7

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.255


    Tagged as Porteus Kiosk 4.9.0 release


    Wizard 4.9.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


    Porteus Kiosk version 20190908

  • 001-core:

  • - upgraded to feh-3.2.1, nspr-4.22, nss-3.46, rsyslog-8.1904.0-r1, xvkbd-4.0, glib-2.60.6, harfbuzz-2.6.1, libwacom-0.33, gtk+-3.24.10

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-68.1.0. Changelog: link

  • 003-settings:

  • - new feature enable dictionary on the xvkbd virtual keyboard by default

    - new feature 'homepage_check=' parameter will restart network service approx every 10 minutes if homepage is not found

    - new feature if 'session_idle=' parameter is enabled then users have up to 30 seconds to cancel session restart/lock instead of 5 seconds

    - new feature when 'session_idle_forced=' parameter is used then no 'session restart' notification will be displayed as this parameter is used mostly for digital signage

  • 10-printing.xzm:

  • - security fix tiff-4.0.10-r2: Integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (CVE-2019-14973) #693394

    - security fix openjpeg-2.3.1: Multiple vulnerabilities (CVE-2018-5727, CVE-2018-5785, CVE-2018-6616) #646774

    - upgraded to poppler-0.79.0-r1

  • 11-citrix.xzm:

  • - upgraded to icaclient-19.8.0.29

    xorg-server-1.20.x fullscreen issue seems to be fixed now in latest Citrix package so we have removed our own tweaks for emulating the fullscreen mode

    Porteus Kiosk version 20190825

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.68, intel-microcode-20190618_p20190819

  • 001-core:

  • - security fix pango-1.42.4-r2: Buffer overflow (CVE-2019-1010238) #692110

    - upgraded to timezone-data-2019b-r1, hwids-20190818, libva-2.5.0-r1, libva-intel-driver-2.3.0

  • 002-chrome:

  • - upgraded to google-chrome-76.0.3809.100

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-68.0.2. Changelog: link

  • 003-settings:

  • - kiosk fix 'client_id=automatic' - ensure the port is not already used by other kiosk or process when registering new client ID

  • 004-wifi.xzm:

  • - security fix wpa_supplicant-2.8: Improper fragmentation reassembly state validation in EAP peer leading to DoS (CVE-2019-11555) #685860

  • 005-thinclient.xzm:

  • - upgraded to remmina-1.3.4, libssh-0.9.0

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.238

  • 08-ssh.xzm:

  • - upgraded to openssh-8.0_p1-r2


    WARNING: We have changed default key type from RSA to newer Ed25519 (faster and more secure) in OpenSSH version 8.x.


    Please reboot Porteus Kiosk Server ASAP in order to upgrade the system and OpenSSH package specifically. This is to avoid connectivity issues with kiosk clients which already upgraded to system 8version '20190825' and higher.

    Porteus Kiosk version 20190803

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.63, intel-microcode-20190618_p20190722

  • 001-core:

  • - security fix glib-2.58.3-r1: file_copy_fallback does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450) #690498

    - upgraded to dhcpcd-7.2.3, xfsprogs-4.19.0

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-76.0.3809.87

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-68.0 changelog: 53.0 54.0 55.0 56.0 57.0 58.0 59.0 60.0 61.0 62.0 63.0 64.0 65.0 66.0 67.0 68.0

    - *broken parameter* Mozilla still did not fix the 'silent_printing=' parameter in Firefox 68. We could not wait any longer with a Firefox upgrade so please switch to Chrome if you need this feature.

  • 003-settings:

  • - kiosk fix disabled middle mouse click by default when browser works with navigation bar disabled so its not possible to open new tabs when clicking on the hyperlinks

    - kiosk fix disabled hidden files from viewing through the file protocol in the Firefox browser

    - kiosk fix run 'grep' utility with a '-w' flag to properly find and reuse client IDs from deleted kiosks when 'client_id=automatic' parameter is used

    - kiosk fix disabled 'Ctrl+0' (zoom reset) keyboard shortcut when 'disable_zoom_controls=' parameter is used. This is to prevent the case when zoom level is changed by the admin and kiosk users should not reset it back to default value.

    - new feature 'managed_bookmarks=' parameter will work even when when navigation bar is disabled in the Firefox browser

  • 07-java.xzm:

  • - *removed* as Firefox 68 do not support java NPAPI plugin anymore. Java .jnlp files are rare nowadays and can be still supported through the customized builds.

    Porteus Kiosk version 20190721

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.60

  • 001-core:

  • - upgraded to ncurses-6.1_p20181020, timezone-data-2019a, ca-certificates-20190110.3.43, e2fsprogs-libs-1.45.2, e2fsprogs-1.45.2, libX11-1.6.8, libevdev-1.7.0, xkeyboard-config-2.27, libXt-1.2.0, libXi-1.7.10, xinit-1.4.1, mesa-19.0.8, libepoxy-1.5.3-r1, xorg-server-1.20.5, xf86-input-elographics-1.4.2

  • 003-settings:

  • - kiosk fix screensaver video: detect screen size properly for the video outputs which are marked as 'primary' in the xrandr output

  • 005-thinclient.xzm:

  • - upgraded to libvncserver-0.9.12-r2

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.223

  • 09-x11vnc.xzm:

  • - upgraded to libvncserver-0.9.12-r2

    Porteus Kiosk version 20190707

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.57, intel-microcode-20190514_p20190623

  • 001-core:

  • - security fix dbus-1.12.16: authentication bypass through manipulated symlinks (CVE-2019-12749) #687900

    - security fix expat-2.2.7 stable request due to denial-of-service vulnerability in <2.2.7 (CVE-2018-20843) #688734

    - upgraded to elfutils-0.176-r1

    Porteus Kiosk version 20190623

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.54, intel-microcode-20190514_p20190608

  • 001-core:

  • - upgraded to util-linux-2.33.2, wget-1.20.3-r1, rsyslog-8.1904.0

  • 003-settings:

  • - kiosk fix if 'homepage_append=mac' parameter is used then wait on IP until its assigned by DHCP otherwise MAC address cant be determined

    - kiosk fix added '-nomodtweak' by default to the VNC service startup script in order to resolve 'Shift' key related problems

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.207

  • 07-java.xzm:

  • - security fix icedtea-bin-3.12.0: Multiple vulnerabilties #685480

    Porteus Kiosk version 20190609

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.49, intel-microcode-20190514_p20190525

  • 002-chrome:

  • upgraded to google-chrome-74.0.3729.169

  • 003-settings.xzm:

  • - kiosk fix disabled 'Ctrl+period' and 'Ctrl+semicolon' key shortcuts by default when Chrome has navigation bar disabled to prevent restarting the browser by the kiosk users

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20190603

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.16-r2

  • 10-printing.xzm:

  • - security fix cups-2.2.11: Linux session cookies use a predictable random number seed (CVE-2018-4700) #672742

    - upgraded to poppler-0.77.0

    Porteus Kiosk version 20190526

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.46, intel-microcode-20190514_p20190512

  • 001-core.xzm:

  • - security fix sqlite-3.28.0: use-after-free in window function leading to remote code execution (CVE-2019-5018) #685838

    - security fix libxslt-1.1.33-r1: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068) #684206

    - security fix curl-7.65.0: multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436) #686050

    - upgraded to llvm-7.1.0, libvdpau-1.2, usbutils-010-r1

  • 003-settings.xzm:

  • - kiosk fix fixed screensaver video not working correctly on rotated screens

    - kiosk security fix disabled 'Ctrl+Shift+N' key shortcut by default when Chrome has navigation bar disabled (works in fullscreen) to prevent opening a new browser instance in a new, normal mode window. This bug affected only kiosks with private mode enabled.

  • 004-wifi.xzm:

  • - upgraded to crda-3.18-r3

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.192

  • 09-x11vnc.xzm:

  • - upgraded to libvncserver-0.9.12

  • 10-printing.xzm:

  • - upgraded to net-snmp-5.8-r1, gutenprint-5.3.1, perl-5.28.2-r1

    Porteus Kiosk version 20190512

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.42

    - kernel config: set Hyper-V framebuffer to FullHD resolution by default as userspace can not control the screen size on Hyper-V virtual machines

  • 001-core.xzm:

  • - security fix dhcpcd-7.1.1-r3 - dhcpv6: potential read overflow with D6_OPTION_PD_EXCLUDE #685264

    - upgraded to libxml2-2.9.9-r1, libcroco-0.6.13, at-spi2-core-2.30.1, gdk-pixbuf-2.38.1, pango-1.42.4-r1, atk-2.30.0, librsvg-2.40.20, at-spi2-atk-2.30.1, gtk+-3.24.8, adwaita-icon-theme-3.30.1

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-74.0.3729.131

  • 003-settings.xzm:

  • - kiosk fix Network wizard: moved 'Set time' utility from the wifi page to the final network configuration page as incorrect system time may affect also wired connections (expired SSL certificates)

    - kiosk fix added random delay to the tunneling script. This is to lower the impact on Porteus Kiosk Server resources in case of large number of clients connecting to it at the same time (e.g. server reboot or network connection interrupt).

    - new feature added user guest to the cdrom group by default so its possible to play DVDs/Audio CDs in kiosk

  • 005-thinclient.xzm:

  • - upgraded to libsoup-2.64.2, vte-0.54.4

    - added libpsl-0.21.0, libidn2-2.1.1a-r1

    Porteus Kiosk version 20190428

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.37, intel-microcode-20180807a_p20190420

  • 001-core.xzm:

  • - security fix libpng-1.6.37: use-after-free vulnerability in png_image_free (CVE-2018-14048, CVE-2018-14550, CVE-2019-7317) #683366

    - security fix dhcpcd-7.1.1-r2 - multiple vulnerabilities #684430

    - upgraded to bzip2-1.0.6-r11, libcap-2.26-r2, sqlite-3.27.2, pixman-0.38.4, libXau-1.0.9, libXdmcp-1.1.3, xkeyboard-config-2.26-r1, libfontenc-1.1.4, libxkbcommon-0.8.4, ntfs3g-2017.3.23-r2, libXext-1.3.4, libxkbfile-1.1.0, xmodmap-1.0.10, libXcomposite-0.4.5, libXrandr-1.5.2, libXdamage-1.1.5, libXmu-1.1.3, libXcursor-1.2.0, xev-1.2.3, xdotool-3.20160805.1, libXft-2.3.3, xorg-server-1.20.4, gtk+-3.24.4-r1, xf86-video-nouveau-1.0.16, xf86-video-ati-19.0.1, xf86-video-amdgpu-19.0.1, xf86-video-intel-2.99.917_p20190301

  • 003-settings.xzm:

  • - kiosk fix installation wizard: properly list Access Points which contain spaces in SSID. This bug affected only fallback 'iw' utility which is used in environments with over hundred APs in range.

    - kiosk fix Cloud/ThinClient: do not remount the device automatically when 'Eject removable devices' button is pressed

    - kiosk fix 'refresh_webpage=' parameter shouln't prevent restarting the session when 'session_idle_forced=' parameter is used

    - kiosk fix hide 'onscreen buttons' under the screensaver window when browser is restarted through the 'session_idle=' parameter

  • 005-thinclient.xzm:

  • - upgraded to libgpg-error-1.36, libpcre2-10.32

  • 10-printing.xzm:

  • - security fix tiff-4.0.10: potential out-of-bounds write in JBIGDecode() (CVE-2018-18557) #669948

    - upgraded to jbig2dec-0.14

    Porteus Kiosk version 20190414

  • initrd:

  • - never clear the screen when booting with 'kernel_parameters=debug' enabled. It allows to see kernel oopses and crashes caused by drivers loaded later in the booting process by udev.

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.34

  • 001-core.xzm:

  • - security fix wget-1.20.3: buffer overflow vulnerability (CVE-2019-5953) #682994

    - security fix cairo-1.16.0-r3: invalid free in cairo_ft_apply_variations (CVE-2018-19876) #672908

    - security fix elfutils-0.173-r1: dwfl_segment_report_module doesn't check whether the dyn data read from core (CVE-2019-7150) #676974

    - security fix gnutls-3.6.7: multiple vulnerabilities (CVE-2019-3829, CVE-2019-3836, GNUTLS-SA-2019-03-27) #681846

    - upgraded to glibc-2.28-r6, libdrm-2.4.97, glib-2.58.3, curl-7.64.1, stunnel-5.50-r1, dhcpcd-7.1.1-r1, mesa-18.3.6, mesa-progs-8.4.0

  • 003-settings.xzm:

  • - new feature if remote management is enabled then report remote config name to Porteus Kiosk Server

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.171

  • uefi.zip:

  • - upgraded to grub-2.03 from git. Latest verion is needed to boot some CoffeLake and GeminiLake systems which supports EFI firmware only.

    Porteus Kiosk version 20190331

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.32

  • 001-core.xzm:

  • - upgraded to glibc-2.28-r5, alsa-lib-1.1.8, alsa-utils-1.1.8, nettle-3.4.1, hwids-20190316, gnutls-3.6.6, harfbuzz-2.3.1

  • 004-wifi.xzm:

  • - upgraded to ppp-2.4.7-r7

  • 005-thinclient.xzm:

  • - upgraded to opus-1.3

    Porteus Kiosk version 20190317

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.29, intel-microcode-20180807a_p20190309

  • 001-core.xzm:

  • - security fix openssl-1.0.2r - undisclosed vulnerabilities (CVE-2019-1559) #678564

    - security fix ntp-4.2.8_p13: Crafted null dereference attack in authenticated mode 6 packet (CVE-2019-8936) #679742

    - upgraded to ethtool-4.19, sysvinit-2.93, feh-3.1.1, rsyslog-8.1901.0

  • 005-thinclient.xzm:

  • - upgraded to lz4-1.8.3

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.156

  • 08-ssh.xzm:

  • - security fix openssh-7.9_p1-r4: multiple vulnerabilities (CVE-2019-{6109,6110,6111}) #675522

  • 10-printing.xzm:

  • - security fix poppler-0.73.0: a reachable abort in FileSpec::FileSpec in FileSpec.cc (CVE-2018-20650) #674666

    - upgraded to sane-backends-1.0.27-r3

    Porteus Kiosk version 20190309

    This is an emergency update which covers Chrome browser 'zero-day' vulnerability: link

  • 002-chrome:

  • - upgraded to google-chrome-72.0.3626.121

    Porteus Kiosk version 20190302

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.26

  • 001-core.xzm:

  • - security fix libxml2-2.9.8-r1: Out-of-bounds read in htmlParseTryOrFinish (CVE-2017-8872) #618110

    - upgraded to libpcre-8.42, xf86-video-intel-2.99.917_p20180214-r2, dbus-1.12.12-r1

  • 002-chrome:

  • - upgraded to google-chrome-72.0.3626.109

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20190301

  • 06-fonts.xzm:

  • - upgraded to libertine-5.3.0.20120702-r3

    Porteus Kiosk version 20190217

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.23, intel-microcode-20180807a_p20190204

  • 001-core.xzm:

  • - security fix curl-7.64.0 - multiple vulnerabilities (CVE-2018-16890, CVE-2019-3822, CVE-2019-3823) #677346

    - upgraded to kmod-25, mc-4.8.22, lm_sensors-3.5.0, expat-2.2.6

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-72.0.3626.96, pepperflash-32.0.0.114

  • 003-settings.xzm:

  • - kiosk fix when client_id is not in range 1024-65535, is missing or is set to a string then default to 'client_id=automatic'

    - kiosk fix resolved issues with parsing some proxy pac files

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.142

  • 10-printing.xzm:

  • - upgraded to cups-filters-1.21.6, qpdf-8.2.1, sane-backends-1.0.27-r2

  • 11-citrix.xzm:

  • - upgraded to icaclient-19.1.0.9

    Porteus Kiosk version 20190203

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.19.19

  • 001-core.xzm:

  • - upgraded to hwids-20180917, pixman-0.36.0, libevdev-1.6.0, xinit-1.4.0-r1, cairo-1.16.0-r2, xf86-video-mga-2.0.0, nss-3.40.1-r1

  • 003-settings.xzm:

  • - kiosk fix added guest user to the 'usb' and 'plugdev' groups so it's possible to connect to the mobile phones and photo cameras in order to download the files from them

  • 07-java.xzm:

  • - security fix icedtea-bin-3.10.0: Multiple vulnerabilties #676152


    Tagged as Porteus Kiosk 4.8.0 release


    Wizard 4.8.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


    Porteus Kiosk version 20190119

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-4.19.16

    - upgraded to intel-microcode-20180807a_p20181215

  • 001-core.xzm:

  • - upgraded to conky-1.10.8-r4, coreutils-8.30, harfbuzz-2.0.2-r1, e2fsprogs-1.44.5, e2fsprogs-libs-1.44.5, libunistring-0.9.10

  • 003-settings.xzm:

  • - new feature ask for confirmation when restarting kiosk wizard, this is to prevent accidental restarts and losses of wizard choices

    Porteus Kiosk version 20190113

  • initrd:

  • - busybox: added aliases support to the 'ash' shell

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.93

  • 001-core.xzm:

  • - security fix openssl-1.0.2q: side-channel vulnerability (CVE-2018-5407) #673056

    - security fix wget-1.20.1: password and metadata leak via extended filesystem attributes (CVE-2018-20483) #674170

    - security fix glib-2.56.4: multiple vulnerabilities #668474

    - security fix ntp-4.2.8_p12: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) #658576

    - upgraded to mc-4.8.20-r1, timezone-data-2018i, xvkbd-3.9, ca-certificates-20180409.3.37, util-linux-2.33-r1, tint2-16.6.1, mesa-18.2.8

    - added xcompmgr-1.1.7-r1, xf86-video-vboxvideo-1.0.0

  • 003-settings.xzm:

  • - kiosk fix added mc="mc -u" alias to disable subshell otherwise midnight commander starts slowly on the ash shell

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.114

  • 10-printing.xzm:

  • - security fix poppler-0.68.0: multiple vulnerabilities #659828

    - upgraded to openjpeg-2.3.0-r1, hplip-3.18.12, perl-5.26.2

    Porteus Kiosk version 20181222

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.90, intel-microcode-20180807a_p20181215

  • 001-core.xzm:

  • - upgraded to acpid-2.0.31, libestr-0.1.11, rsyslog-8.40.0-r1, timezone-data-2018g-r1

  • 003-settings.xzm:

  • - kiosk fix added support for xterm-256color terminals for ncurses based apps (alsamixer, midnight commander, etc) which can be run over SSH

    Porteus Kiosk version 20181216

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.88

  • 001-core.xzm:

  • - upgraded to atk-2.28.1, curl-7.62.0, libpng-1.6.35-r1, nspr-4.20, nss-3.40.1, sqlite-3.25.3, sysvinit-2.91-r1, tofrodos-1.7.13, rsyslog-8.38.0-r2, fribidi-1.0.5, at-spi2-core-2.26.2, at-spi2-atk-2.26.2, harfbuzz-2.0.2, gtk+-2.24.32-r1, gtk+-3.24.1, fuse-2.9.8, mesa-18.2.7

  • 003-settings.xzm:

  • - kiosk fix kiosk wizard: make proxy.pac file working in case when it returns the 'DIRECT' connection (no proxy used)

  • 004-wifi.xzm:

  • - security fix wpa_supplicant-2.6-r10: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526) #663172

  • 005-thinclient.xzm:

  • - upgraded to json-glib-1.4.4

  • 05-flash.xzm:

  • - upgraded to adobe-flash-32.0.0.101

    Porteus Kiosk version 20181202

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.85

  • 002-chrome:

  • - upgraded to google-chrome-70.0.3538.110

  • 003-settings.xzm:

  • - kiosk fix start VNC service with 10 seconds delay to allow clipboard copying between the host and the VNC clients

    - kiosk fix delete caches folder when screensaver webpage and video is closed to free up the space in the RAM

    - kiosk fix 'session_idle=' parameter must kill also the Ctirix session

  • 005-thinclient.xzm:

  • - security fix freerdp-2.0.0_rc4: multiple vulnerabilities (CVE-2018-{8784,8785,8786,8787,8788,8789}) #672010

  • 05-flash.xzm:

  • - upgraded to adobe-flash-31.0.0.153

  • 10-printing.xzm:

  • - security fix openldap-2.4.45: Double free vulnerability in servers/slapd/back-mdb/search.c (CVE-2017-9287) #620204

    - security fix ghostscript-gpl-9.26: 1Policy operator gives access to .forceput (CVE-2018-18284) #668846

  • 11-citrix.xzm:

  • - major Citrix Receiver upgrade upgraded to icaclient-18.10.0.11

    - kiosk fix run Citrix window in maximized mode instead of fullscreen as it causes 100% CPU usage with xorg server 1.20.x. Unfortunately all Citrix versions are affected by this bug and its 5 months old already so we are not sure when it will be fixed by upstream: link

    Porteus Kiosk version 20181118

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.81, intel-microcode-20180807a_p20181117

  • 001-core.xzm:

  • - upgraded to baselayout-2.6-r1, timezone-data-2018g, openssl-1.0.2p-r1, wget-1.19.5-r1, mesa-18.2.5, tigervnc-1.9.0-r1

  • 002-chrome:

  • - upgraded to google-chrome-70.0.3538.102

  • 003-settings.xzm:

  • - kiosk fix fixed calibration not working for touch controllers containing 'Ⓡ' symbol in their name

    - kiosk fix wait 4 seconds before rotating the touch input as some screens are slow to initialize

    - kiosk fix wait up to 120 seconds for the gateway as some setups require starting the local server first and many times the kiosk is faster

  • 005-thinclient.xzm:

  • - upgraded to spice-gtk-0.35

    - added lz4-1.8.2

  • 05-flash.xzm:

  • - upgraded to adobe-flash-31.0.0.148

    Porteus Kiosk version 20181104

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.79, intel-microcode-20180807a_p20181027

    - added wifi firmware needed for Surface Pro 2s laptop

  • 001-core.xzm:

  • - major Xorg upgrade upgraded xorg-server to version 1.20.3 and bumped whole Xorg stack: libdrm-2.4.96, libSM-1.2.3, libX11-1.6.7, libepoxy-1.5.3, mesa-18.2.4, xkeyboard-config-2.25, xf86-video-r128-6.12.0, xf86-video-ati-18.1.0, xf86-video-amdgpu-18.1.0

    - upgraded to glibc-2.27-r6, sshpass-1.06, acpid-2.0.30, rsyslog-8.38.0-r1

  • 002-chrome:

  • - upgraded to google-chrome-70.0.3538.77

  • 003-settings.xzm:

  • - kiosk fix fallback to the 'iw' utility for scanning for available wireless networks when there are 100+ Access Points in range

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20181024

    - added iw-4.9

    Porteus Kiosk version 20181021

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.72, intel-microcode-20180807a_p20180922

  • 001-core.xzm:

  • - upgraded to alsa-lib-1.1.6-r1, alsa-utils-1.1.6, lm_sensors-3.4.0_p20180923, apulse-0.1.12-r4, harfbuzz-1.9.0, libnotify-0.7.7-r1

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-70.0.3538.67, pepperflash-31.0.0.122

  • 003-settings.xzm:

  • - kiosk fix fixed full persistence not working when kiosk was installed on some eMMC and NVME devices (/dev/mmcblk2 and /dev/nvme0n2 nodes)

    - kiosk fix fixed calibration not working for touch controllers containing additional spaces in their names. Example: "ELO Touch Solutions ELO Touch Solutions AccuTouch 2218" has two spaces between "Solutions" and "ELO" strings.

  • 005-thinclient.xzm:

  • - security fix libssh-0.8.4: Authentication bypass vulnerability in the server code (CVE-2018-10933) #668788

  • 05-flash.xzm:

  • - upgraded to adobe-flash-31.0.0.122

  • 07-java.xzm:

  • - security fix icedtea-bin-3.9.0: Multiple vulnerabilties #667920

    Porteus Kiosk version 20181007

  • 001-core.xzm:

  • - upgraded to libbsd-0.9.1, libxcb-1.13.1, rsyslog-8.38.0, dosfstools-4.1, dbus-glib-0.110, mesa-18.1.9

    - added librsvg-2.40.18, libcroco-0.6.12-r1

  • 005-thinclient.xzm:

  • - upgraded to remmina-1.2.31.3

    - added json-glib-1.2.8, libsoup-2.58.2

  • 10-printing.xzm:

  • - security fix ghostscript-gpl-9.25: Multiple vulnerabilities (CVE-2018-{15908,15909,15910,15911,16509,16510,16511,16513,16539,16540,16541,16542,16543,16585,16802}) #635426

    Porteus Kiosk version 20180923

  • initrd:

  • - do not search for the GPU driver if PCI bus in not available (Hyper-V Gen2 platform and some ARM boxes)

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.71, intel-microcode-20180807a_p20180916

    - kernel config: enabled support for Hyper-V Gen2 platform

  • 001-core.xzm:

  • - security fix libxkbcommon-0.8.2: multiple vulnerabilities (CVE-2018-{15853,15854,15855,15856,15857,15858,15859,15861,15862,15863,15864}) #665702

    - upgraded to nspr-4.19, nss-3.37.3, xfsprogs-4.17.0-r1

  • 05-flash.xzm:

  • - upgraded to adobe-flash-31.0.0.108

  • 10-printing.xzm:

  • - security fix python-2.7.15: Heap-Buffer-Overflow and Heap-Use-After-Free in Objects/fileobject.c (CVE-2018-1000030) #647862

    - security fix tiff-4.0.9-r4: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes crash (CVE-2017-18013) #645982

    - upgraded to cups-filters-1.20.4

    Porteus Kiosk version 20180909

  • 001-core.xzm:

  • - security fix openssl-1.0.2o-r6: Client DoS due to large DH parameter (CVE-2018-0732) #663654

    - security fix curl-7.61.1: NTLM password overflow via integer overflow (CVE-2018-14618) #665292

    - upgraded to timezone-data-2018e

  • 003-settings.xzm:

  • - kiosk fix Remmina: remember connection passwords (SSH, VNC, RDP, etc) when persistence is set to full

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20180907

    Porteus Kiosk version 20180825

  • 001-core.xzm:

  • - security fix libjpeg-turbo-1.5.3-r2: Denial of Service (CVE-2018-1152, CVE-2018-11813) #658624

    - security fix libX11-1.6.6: Multiple vulnerabilities (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600) #664184

    - security fix pango-1.42.4: assertion which can be triggered by invalid Unicode sequences #664108

    - upgraded to bzip2-1.0.6-r10, fontconfig-2.13.0-r4, libdrm-2.4.93, gnutls-3.5.19, libevdev-1.5.9-r1, pciutils-3.5.6, llvm-6.0.1, libXinerama-1.1.4, libXScrnSaver-1.2.3, libwacom-0.30, libXaw3d-1.6.3, sqlite-3.24.0, xkbcomp-1.4.2, xf86-video-fbdev-0.5.0, mesa-18.1.6, xf86-video-vmware-13.3.0

    - added fribidi-0.19.7

  • 05-flash.xzm:

  • - upgraded to adobe-flash-30.0.0.154

  • 08-ssh.xzm:

  • - security fix openssh-7.7_p1-r9: User enumeration via malformed packets in authentication requests (CVE-2018-15473) #664264

    Porteus Kiosk version 20180812

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.62, intel-microcode-20180807_p20180808-r1

  • 001-core.xzm:

  • - added localization files from 'libX11' package so Citrix Receiver can work correctly with non english keyboard layouts

  • 002-chrome:

  • - upgraded to google-chrome-68.0.3440.105

  • 003-settings.xzm:

  • - kiosk fix 'screensaver_video' and 'screensaver_webpage' parameters will properly handle URLs containing '&' sign

    - new feature allow 'screensaver_webpage' to work with webpage stored on a local filesystem, e.g. 'screensaver_webpage=file:///opt/www/index.html'

    Porteus Kiosk version 20180728

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to intel-microcode-20180721-r1

  • 002-chrome:

  • - major Chrome upgrade upgraded to google-chrome-68.0.3440.75

  • 003-settings.xzm:

  • - kiosk fix set the timezone before rsyslogd is started

    - new feature added remote kiosk config name to the debug report. For security reasons we cant reveal full kiosk config location, however - config name itself should be enough for the admins to figure out which remote config the kiosk is currently using.

  • 05-flash.xzm:

  • - upgraded to adobe-flash-30.0.0.134

    Porteus Kiosk version 20180715

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.55, intel-microcode-20180703

  • 001-core.xzm:

  • - security fix curl-7.61.0: Heap-based Buffer Overflow (CVE-2018-0500) #660894

    - upgraded to coreutils-8.29-r1, libcap-2.25, util-linux-2.32-r4, imlib2-1.5.1, rsyslog-8.35.0-r1, harfbuzz-1.8.1, gtk+-3.22.30, gtk+-2.24.32

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.9.0. Changelog: link

    Porteus Kiosk version 20180701

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.52

  • 001-core.xzm:

  • - upgraded to ntfs3g-2017.3.23-r1, zlib-1.2.11-r2

  • 004-wifi.xzm:

  • - upgraded to libnl-3.4.0

  • 07-java.xzm:

  • - upgraded to icedtea-web-1.6.2

  • 11-citrix.xzm:

  • - upgraded to icaclient-13.10.0.20

    Porteus Kiosk version 20180623

    IMPORTANT:

    GCC 7.3.0 is finally stable now in upstream Gentoo project. This is important as linux kernel compiled with this compiler version provides full mitigation for Spectre v2 vulnerability. Check below is performed on Intel m3-6Y30 CPU which is fully protected with this update:

      root@tablet:~# dmesg | grep microcode

      [ 0.000000] microcode: microcode updated early to revision 0xc6, date = 2018-04-17


      root@tablet:~# grep . /sys/devices/system/cpu/vulnerabilities/*

      /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI

      /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp

      /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization

      /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.51, intel-microcode-20180616

  • 001-core.xzm:

  • - upgraded to gcc-7.3.0-r3

  • 08-ssh.xzm:

  • - upgraded to openssh-7.7_p1-r5

    Porteus Kiosk version 20180616


    Tagged as Porteus Kiosk 4.7.0 release


    Wizard 4.7.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.50

  • 001-core.xzm:

  • - upgraded to: acpid-2.0.29-r1, llvm-5.0.2, xf86-input-wacom-0.36.0-r2

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.8.1. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix system upgrade/reconfiguration notification will be visible all the time so users can know there is an action happening in the backgroud

  • 004-wifi.xzm:

  • - security fix ppp-2.4.7-r6: Buffer Overflow in pppd EAP-TLS implementation (CVE-2018-11574) #657656

  • 005-thinclient.xzm:

  • - upgraded to libgcrypt-1.8.3, libgpg-error-1.29

  • 05-flash.xzm:

  • - major flashplayer upgrade upgraded to adobe-flash-30.0.0.113

  • 07-java.xzm:

  • - security fix icedtea-bin-3.8.0: Multiple vulnerabilties #657704

  • 08-ssh.xzm:

  • - upgraded to openssh-7.7_p1-r4

    Porteus Kiosk version 20180603

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.47, intel-microcode-20180527-r1

  • 001-core.xzm:

  • - security fix procps-3.3.15: multiple vulnerabilities (qualys audit) (CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124) #656022

    - upgraded to: glibc-2.26-r7, timezone-data-2018d, stunnel-5.43, conky-1.10.8-r1, openssl-1.0.2o-r3, xf86-input-synaptics-1.9.1, xf86-input-evdev-2.10.6

  • 003-settings.xzm:

  • - kiosk fix enable flashplayer by default for Chrome browser when 'screensaver_url=' parameter is used

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20180531

    Porteus Kiosk version 20180521

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.42

    - kernel config: enabled touchpad compatibility layer for older hardware

  • 001-core.xzm:

  • - security fix wget-1.19.5: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494) #655216

    - security fix curl-7.60.0: multiple vulnerabilities (CVE-2018-1000300, CVE-2018-1000301) #655266

    - security fix libidn-1.34 - multiple vulnerabilities #655668

    - security fix freetype-2.9.1: crash with certain malformed variation fonts (CVE-2018-6942) #654696

    - upgraded to: e2fsprogs-libs-1.43.9, libpciaccess-0.14, libxshmfence-1.3, xkeyboard-config-2.23.1-r1, libevdev-1.5.9, rsyslog-8.34.0, usbutils-009, libxkbcommon-0.8.0, e2fsprogs-1.43.9, libdrm-2.4.91, libxcb-1.13, libxkbfile-1.0.9-r1, xkbcomp-1.4.1, xinit-1.4.0, tigervnc-1.8.0-r3, libepoxy-1.5.1, xorg-server-1.19.5-r2, xf86-video-vesa-2.4.0, xf86-input-wacom-0.36.0, xf86-video-intel-2.99.917_p20180214, xf86-video-ati-18.0.1, xf86-video-amdgpu-18.0.1

  • 002-chrome.xzm:

  • - upgraded to google-chrome-66.0.3359.181, pepper-flash-29.0.0.171

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.8. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix replaced '--start-fullscreen' with '--kiosk' flag for Chrome screensaver to get rid of 'Press F11 to exit fullscreen' notification

    - kiosk fix made 'Cancel' button same size as other buttons in shutdown menu so its easier to press this button on touchscreens

    - new feature enabled "DRI3" and "TearFree" features on Intel DDX driver by default

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20180509

  • 005-thinclient.xzm:

  • - upgraded to freerdp-2.0.0_rc2-r1

  • 05-flash.xzm:

  • - upgraded to adobe-flash-29.0.0.171

  • 10-printing.xzm:

  • - upgraded to cups-2.2.7, gutenprint-5.2.13

    Porteus Kiosk version 20180506

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.39

    - kernel config: added support for DM-Crypt so its possible to encrypt partitions or files with cryptsetup

  • 001-core.xzm:

  • - security fix shadow-4.6: unprivileged user can drop supplementary groups (CVE-2018-7169) #647790

    - upgraded to: conky-1.10.8, libxml2-2.9.8, libxslt-1.1.32, harfbuzz-1.7.6, gdk-pixbuf-2.36.12, gtk+-3.22.29, mesa-17.3.9

    - added haveged-1.9.2-r1

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-66.0.3359.139

  • 11-citrix.xzm:

  • - new feature allow redirecting USB devices to the Citrix session by default

    Porteus Kiosk version 20180422

  • 001-core.xzm:

  • - security fix openssl-1.0.2o: multiple vulnerabilities (CVE-2018-0733, CVE-2018-0739) #651730

    - security fix sqlite-3.23.1: Denial of Service vulnerability through corrupted schemas (CVE-2018-8740) #650952

    - upgraded to: ca-certificates-20170717.3.36.1, ethtool-4.13, gnutls-3.5.18, libpng-1.6.34, logrotate-3.14.0, nettle-3.4

  • 004-wifi.xzm:

  • - upgraded to wpa_supplicant-2.6-r6

  • 05-flash.xzm:

  • - upgraded to adobe-flash-29.0.0.140

    Porteus Kiosk version 20180408

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.33

  • 001-core.xzm:

  • - security fix glibc-2.25-r11: Heap pointer deference vulnerability on powerpc (CVE-2018-6551) #646492

    - security fix ncurses-6.1: Stack buffer overflow vulnerability (CVE-2017-16879) #639706

    - security fix libtasn1-4.13: CVE-2018-6003: stack overflow due to unbounded recursion/DOS #647012

    - upgraded to: libdrm-2.4.89, mesa-17.3.8, pango-1.40.14-r1, rsyslog-8.32.0-r4

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.7.3. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix wizard: repeat calibration twice for touch devices with swapped axes. This is needed to get accurate calibration data.

    - kiosk fix unblock 'Ctrl + left mouse click' during installation so its possible to select multiple devices for calibration in the wizard

    - kiosk fix kill old VNC connections before restarting vnc service

  • 004-wifi.xzm:

  • - upgraded to usb_modeswitch-2.5.2

  • 11-citrix.xzm:

  • - security fix libvorbis-1.3.6: out of bounds write (CVE-2018-5146) #650654

    - upgraded to icaclient-13.9.1.6

    Porteus Kiosk version 20180325

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.30

    - upgraded to intel-microcode-20180312

  • 001-core.xzm:

  • - security fix curl-7.59.0: multiple vulnerabilities (CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122) #650056

    - security fix ntp-4.2.8_p11: multiple vulnerabilities (CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185) #649612

    - security fix ncurses-6.1: Stack buffer overflow vulnerability (CVE-2017-16879) #639706

    - upgraded to: dbus-1.10.24, dhcpcd-7.0.1

  • 003-settings.xzm:

  • - new feature wizard: do not ask for the client ID, SSH and VNC details when pointing kiosk to existing remote config hosted on Porteus Kiosk Server. These details does not matter at the installation stage as kiosk will be reconfigured anyway as per remote config settings. Installation of multiple clients should be faster now.

  • 004-wifi.xzm:

  • - upgraded to usb_modeswitch-2.4.0-r1

  • 005-thinclient.xzm:

  • - security fix spice-gtk-0.34: Denial of Service/RCE vulnerability through malicious messages #650878

    - new feature Chrome browser: associate ".ica" files with Citrix Receiver. Receiver standalone application opens now automatically after clicking on the ".ica" file.

    - upgraded to freerdp-2.0.0_rc1-r1

  • 05-flash.xzm:

  • - upgraded to adobe-flash-29.0.0.113

  • 10-printing.xzm:

  • - security fix tiff-4.0.9: Heap-based buffer overflow in tiff2pdf (CVE-2017-11335) #645980

  • 11-citrix.xzm:

  • - added libogg-1.3.3, libvorbis-1.3.5, speex-1.2.0-r1

    Porteus Kiosk version 20180311

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.25

  • 001-core.xzm:

  • - upgraded to: sqlite-3.22.0, util-linux-2.30.2-r1, xorg-server-1.19.5-r1, xset-1.2.4, xsetroot-1.1.2

  • 003-settings.xzm:

  • - kiosk fix default to first proxy IP in case when multiple proxies are returned for automatic proxy configuration (proxy PAC files) for cli utilities respecting 'http_proxy=' variable

    - kiosk fix rotate touch input if at least one screen is rotated

  • 005-thinclient.xzm:

  • - upgraded to: opus-1.2.1

  • 07-java.xzm:

  • - security fix icedtea-bin-3.7.0: Multiple vulnerabilties #649968

    Porteus Kiosk version 20180225

  • 001-core.xzm:

  • - security fix rsync-3.1.3: Security bypass vulnerability (CVE-2018-5764) #646818

    - upgraded to: cairo-1.14.12, dhcpcd-6.11.5, glibc-2.25-r10, hwids-20171003, rsyslog-8.32.0-r3, sqlite-3.21.0

  • 002-chrome.xzm:

  • - upgraded to google-chrome-64.0.3282.186

  • 10-printing.xzm:

  • - upgraded to poppler-0.62.0-r1

    Porteus Kiosk version 20180208

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.18

    - downgraded to intel-microcode-20171117-r1 as per Intel recommendations #646646

  • 05-flash.xzm:

  • - upgraded to adobe-flash-28.0.0.161

    Porteus Kiosk version 20180206

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.17

  • 001-core.xzm:

  • - security fix curl-7.58.0: multiple vulnerabilities (CVE-2018-1000005, CVE-2018-1000007) #645698

    - upgraded to: libfastjson-0.99.8, rsyslog-8.32.0-r1, eudev-3.2.5

  • 002-chrome.xzm:

  • IMPORTANT:

    This release brings mitigations against web-exploitable Spectre flaw enabled on the application level.

    - major Chrome upgrade upgraded to google-chrome-64.0.3282.140

  • 003-settings.xzm:

  • - kiosk fix make stunnel aware of 'proxy_exceptions=' parameter when connecting to PK Server

    - kiosk fix fixed 'managed_bookmarks=' parameter being ignored in the PCID section of remote config

    - new feature list SDIO devices in the debug report

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20171223-r1

    Porteus Kiosk version 20180125

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.14.15

    - kernel config: enabled retpoline support. Spectre V2 mitigation is still not complete as we are waiting on GCC compiler update from upstream (Spectre V1 is not even touched yet).

  • 001-core.xzm:

  • - security fix gdk-pixbuf-2.36.11: Integer overflow in io-gif.c:gif_get_lzw() can lead to memory corruption and potential code execution (CVE-2017-1000422) #644770

    - security fix libidn-1.33-r2: Integer overflow results in denial of service (CVE-2017-14062) #631130

    - upgraded to: kmod-24, glib-2.52.3, libxml2-2.9.7, adwaita-icon-theme-3.24.0, at-spi2-core-2.24.1, atk-2.24.0, pango-1.40.14, at-spi2-atk-2.24.1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.6.0. Changelog: link

  • 005-thinclient.xzm:

  • - upgraded to: remmina-1.2.0_rc24, vte-0.48.4

  • 05-flash.xzm:

  • - upgraded to adobe-flash-28.0.0.137

  • 06-fonts.xzm:

  • - added corefonts-1-r7

  • 10-printing.xzm:

  • - security fix qpdf-7.0.0: multiple infinite loop (CVE-2017-11624, CVE-2017-11625, CVE-2017-11626, CVE-2017-11627, CVE-2017-9208, CVE-2017-9209, CVE-2017-9210) #626446

    - upgraded to cups-filters-1.17.9

  • 11-citrix.xzm:

  • - upgraded to icaclient-13.8.0.10299729

    Porteus Kiosk version 20180110


    IMPORTANT:

    This system revision fixes Meltdown attack for the Intel CPUs (AMD is not affected) and partially mitigates Spectre vulnerability for the Firefox browser. Chrome users should enable Site Isolation for Chrome 63.x using 'browser_preferences=' parameter unless they are affected by some known issues of this feature (thats why enterprise policies are not enabled by default).

    More patches to come as Meltdown/Spectre bugs are still a work in progress. Pushing what we have right now as first exploits are available publicly already.



    Tagged as Porteus Kiosk 4.6.0 release


    Wizard 4.6.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • initrd:

  • - enabled busybox applet: strings

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-4.14.13

    - kernel config: compiled Intel and AMD microcode directly into kernel so its loaded early in the booting process (required for Haswell CPUs and never)

    - upgraded to intel-microcode-20180108

  • 001-core.xzm:

  • - upgraded to expat-2.2.5, iptables-1.6.1-r2, libpcre-8.41-r1, lm_sensors-3.4.0_p20170901, xfsprogs-4.14.0

  • 002-chrome.xzm:

  • - upgraded to google-chrome-63.0.3239.132

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.5.3. Changelog: link

  • 003-settings.xzm:

  • - new feature make sure kernel version matches kernel modules version before performing system upgrade

  • 004-wifi.xzm:

  • - moved wifi firmware to 000-kernel.xzm module

    Porteus Kiosk version 20171226

  • 001-core.xzm:

  • - upgraded to sqlite-3.20.1-r1, gdk-pixbuf-2.36.10-r2, gtk+-3.22.19, hicolor-icon-theme-0.17, libdrm-2.4.88, libgudev-232, libusb-1.0.21, libxml2-2.9.6, llvm-4.0.1-r1, mesa-17.2.7, pango-1.40.12, procps-3.3.12-r1, shared-mime-info-1.9, timezone-data-2017c

  • 002-chrome.xzm:

  • - upgraded to google-chrome-63.0.3239.108

  • 003-settings.xzm:

  • - kiosk fix make full persistence working when kiosk is installed on NVME devices

    - kiosk fix skip gateway check for modem connections

    - kiosk fix for dialup connections default to first MAC address found (even from wired NIC) when reporting to PK Server as ppp0 interface does not have a MAC addess itself

  • 05-flash.xzm:

  • - major flashplayer upgrade upgraded to adobe-flash-28.0.0.126

    Porteus Kiosk version 20171212

  • 001-core.xzm:

  • - security fix openssl-1.0.2n: multiple vulnerabilities (CVE-2017-{3737,3738}) #640172

    - security fix rsync-3.1.2-r2: Multiple vulnerabilities (CVE-2017-{17433,17434}) #640570

    - security fix harfbuzz-1.7.2: Use-of-uninitialized-value in OT::RangeRecord::cmp #621644

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.5.2. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix switched i915 Mesa (3D) driver from gallium to classic version as gallium one causes Firefox tabs to crash on Intel Alviso (gen3) GPUs on certain websites, e.g. https://www.seznam.cz

    Porteus Kiosk version 20171210

  • 001-core.xzm:

  • - security fix curl-7.57.0: Multiple vulnerabilities (CVE-2017-8816, CVE-2017-8817, CVE-2017-8818) #638734

    - security fix libXfont2-2.0.3: Open files with O_NOFOLLOW (symlink attack) (CVE-2017-16611) #639064

    - security fix libXcursor-1.1.15: Heap overflows when parsing malicious files (CVE-2017-16612) #639062

    - security fix libxslt-1.1.30: integer overflow (CVE-2017-5029) #612194

    - upgraded to elfutils-0.170-r1, gmp-6.1.2, html-xml-utils-7.1, libdrm-2.4.82, mesa-17.1.10

    - added xvkbd-3.8

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-63.0.3239.84

  • 003-settings.xzm:

  • - kiosk fix mirror the screens properly when 'screen_settings=' parameter is used

    - kiosk fix source (rather than execute) 'persistence' script in rc.S to make sure it completes before moving to runlevel 3

    - kiosk fix allow flash content by default on all websites for Chrome browser

  • 10-printing.xzm:

  • - security fix poppler-0.57.0-r1: Null pointer dereference in the JPXStream::readUByte function #619558

    - upgraded to hplip-3.17.10-r1, python-2.7.14-r1

    Porteus Kiosk version 20171126

  • initrd:

  • - Mention 'Win32DiskImager' and 'dd' utilities directly in the 'Error - kiosk data not found' info

  • vmlinuz and 000-kernel.xzm:

  • - recompiled with gcc-6.4.0

  • 001-core.xzm:

  • - security fix rsync-3.1.2-r1: Heap-based buffer over-read in receive_xattr function (CVE-2017-16548) #636714

    - upgraded to coreutils-8.28-r1, gcc-6.4.0, logrotate-3.13.0

  • 003-settings.xzm:

  • - new feature added 'search for printer' function to the printer list in the wizard

  • 05-flash.xzm:

  • - security fix adobe-flash-27.0.0.187: Multiple vulnerabilities (CVE-2017-11213, CVE-2017-11215, CVE-2017-11225, CVE-2017-3112, CVE-2017-3114) #637630

  • 08-ssh.xzm:

  • - security fix openssh-7.5_p1-r3: sftp-server was incorrectly permitting creation of zero-length files #633428

  • 10-printing.xzm:

  • - security fix lcms-2.9: Heap-buffer-overflow in TetrahedralInterpFloat #628478

    - upgraded to hplip-3.17.10

    Porteus Kiosk version 20171112

  • initrd:

  • - copy modules to RAM one by one rather than in parallel, it should resolve occasional MD5 sum mismatches seen on some devices

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.12.14

  • 001-core.xzm:

  • - security fix openssl-1.0.2m: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) #636264

    - upgraded to glibc-2.25-r9, util-linux-2.30.2

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-62.0.3202.89

  • 003-settings.xzm:

  • - kiosk fix disabled "Control + left mouse click" and "Control + Shift + left mouse click" shortcuts as they open URLs as new tabs. This is unwanted when navigation bar is disabled.

    - kiosk fix disabled 'captive portals check' function for Firefox as it slows down booting for offline kiosks (browser waits till connection times out)

  • 07-java.xzm:

  • - security fix icedtea-bin-3.6.0: Multiple vulnerabilties #636522

  • 10-printing.xzm:

  • - security fix sane-backends-1.0.27: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server (CVE-2017-6318) #622422

    - upgraded to libieee1284-0.2.11-r6, python-2.7.14

    Porteus Kiosk version 20171030

  • 001-core.xzm:

  • - security fix net-misc/wget-1.19.1-r2: multiple vulnerabilities (CVE-2017-13089, CVE-2017-13090) #635496

    - security fix curl-7.56.1: IMAP FETCH response out of bounds read (CVE-2017-1000257) #635140

    - security fix libXfont2-2.0.2: multiple vulnerabilities (CVE-2017-13720, CVE-2017-13722) #634044

    - upgraded to libidn-1.33-r1

  • 003-settings.xzm:

  • - kiosk fix determine IP address and MAC of default NIC just before sending data to the server

  • 05-flash.xzm:

  • - upgraded to adobe-flash-27.0.0.183

    Porteus Kiosk version 20171023

  • 001-core.xzm:

  • - security fix xorg-server-1.19.5: multiple vulnerabilities (CVE-2017-13721, CVE-2017-13723) #633910

    - upgraded to e2fsprogs-libs-1.43.6, e2fsprogs-1.43.6, gnutls-3.5.15, xinit-1.3.4-r3

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.4.1. Changelog: link

  • 003-settings.xzm:

  • - new feature set window title in PS1 prompt, helps finding e.g. to which kiosk you are connected over ssh

  • 004-wifi.xzm:

  • - security fix wpa_supplicant-2.6-r3: WPA packet number reuse with replayed messages and key reinstallation #634436

  • 05-flash.xzm:

  • - upgraded to adobe-flash-27.0.0.170

  • 10-printing.xzm:

  • - security fix perl-5.24.3: multiple vulnerabilities (CVE-2017-12837, CVE-2017-12883) #630610

    Porteus Kiosk version 20171011

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: compiled pinctrl drivers directly into kernel otherwise its not possible to initialize some MMC devices and boot from them

  • 001-core.xzm:

  • - upgraded to baselayout-2.4.1-r2, coreutils-8.26, libbsd-0.8.6, logrotate-3.12.3-r1, oxygen-gtk-1.4.6-r1

  • 003-settings.xzm:

  • - new feature play sound when battery capacity reaches 10% and display notification with emergency status (must be clicked to disappear)

  • 06-fonts.xzm:

  • - upgraded to noto-20170403

  • 10-printing.xzm:

  • - security fix poppler-0.57.0: buffer over-read in the GfxImageColorMap::getGray function (CVE-2017-9865) #627390

    - upgraded to cups-filters-1.16.4, libieee1284-0.2.11-r5

    Porteus Kiosk version 20170927

  • 003-settings.xzm:

  • - kiosk fix wait 20 seconds and if gateway is not found during boot then start network initialization script once again to catch all devices which are slow to initialize, e.g. usb wifi dongles

    - kiosk fix remove 'new tab' button from Firefox interface when address bar is disabled

    Porteus Kiosk version 20170914

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-4.12.12

  • 001-core.xzm:

  • - security fix libtasn1-4.12-r1: Denial of Service Vulnerability (NULL pointer dereference) (CVE-2017-10790) #627014

    - security fix gdk-pixbuf-2.36.9: multiple vulnerabilities (CVE-2017-6311, CVE-2017-6312, CVE-2017-6313, CVE-2017-6314) #611390

  • 003-settings.xzm:

  • - new feature added 'show desktop' launcher to Server/Cloud/ThinClient systems by default

  • 005-thinclient.xzm:

  • - security fix libgcrypt-1.8.1: Side channel attack on Curve25519 (CVE-2017-0379) #629160

  • 05-flash.xzm:

  • - major flashplayer upgrade upgraded to adobe-flash-27.0.0.130

  • 07-java.xzm:

  • - upgraded to icedtea-bin-3.5.1

    Porteus Kiosk version 20170831


    Tagged as Porteus Kiosk 4.5.0 release


    Wizard 4.5.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.45

  • 001-core.xzm:

  • - security fix curl-7.55.0: Multiple vulnerabilities (CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101) #626776

    - security fix libpcre-8.41: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) (CVE-2017-7245, CVE-2017-7246) #614052

    - security fix libxml2-2.9.4-r3: Missing validation for external entities in xmlParsePEReference (CVE-2017-7375) #623206

    - upgraded to openssl-1.0.2l

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-60.0.3112.113

  • 003-settings.xzm:

  • - kiosk fix keep bookmarks visible in Firefox when managed bookmarks are enabled and navigation bar is set to autohide

    - kiosk fix parameter 'client_id=automatic' wont cause new ID to be assigned to the client when default NIC (MAC address) changes

    - new feature run wpa_supplicant against all available wireless network interfaces and not only the first one. This is handy e.g. if your internal wifi card does not work (hardware failure, weak connection, mising driver/firmware) and you want to use a wifi dongle.

    - new feature Kiosk Wizard: present available network interfaces in a dropdown list which makes easier to find interface names

  • 005-thinclient.xzm:

  • - security fix libpcre2-10.30: pcre2_match.c out of bounds write (CVE-2017-8399) #617944

    - upgraded to freerdp-2.0.0_rc0, net-misc/remmina-1.2.0_rc19

  • 10-printing.xzm:

  • - security fix openjpeg-2.2.0: Multiple vulnerabilities (CVE-2016-1626, CVE-2016-1628, CVE-2016-9112) #602180

    - upgraded to dbus-python-1.2.4

    Porteus Kiosk version 20170816

  • 001-core.xzm:

  • - security fix shadow-4.5: newusers tool could be made to manipulate internal data structures (CVE-2017-12424) #627044

    - upgraded to ca-certificates-20161130.3.30.2, libfastjson-0.99.6, rsyslog-8.28.0

  • 05-flash.xzm:

  • - upgraded to adobe-flash-26.0.0.151

    Porteus Kiosk version 20170808

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.41

  • 001-core.xzm:

  • - upgraded to libwacom-0.25, pacparser-1.3.7, nettle-3.3-r2

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.3.0. Changelog: link

  • 004-wifi.xzm:

  • - upgraded to wpa_supplicant-2.6-r2

    - added wifi firmware needed for Surface Pro 4 laptop

  • 005-thinclient.xzm:

  • - new feature disable system-tray applet for Remmina, this is needed for auto looping Remmina connections

    Porteus Kiosk version 20170729

  • initrd:

  • - enabled busybox applet: setsid

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.40

  • 002-chrome.xzm:

  • - upgraded to pepperflash-26.0.0.137

  • 003-settings.xzm:

  • - kiosk fix do not override existing user.js when adding Firefox preferences through 'browser_preferences=' parameter

    - kiosk fix rotate touch with 2 seconds delay after rotating the screen otherwise some touchscreens wont rotate the touch input properly

    - kiosk fix full persistence: do not overwrite hash file for PepperFlash as it may be upgraded in the background by Chrome

    - new feature start tunneling service as a daemon so its not restarted when Xorg session is closed or system runlevel is changed

  • 11-citrix.xzm:

  • - upgraded to icaclient-13.6.0.10243651

    This release fixes few issues like standalone Receiver application crashing upon start and smartcards not being redirected to Ctirix session properly.

    Porteus Kiosk version 20170718

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.38, intel-microcode-20170707

  • 001-core.xzm:

  • - security fix elfutils-0.169-r1: multiple vulnerabilities (CVE-2017-7607, CVE-2017-7608, CVE-2017-7609, CVE-2017-7610, CVE-2017-7611, CVE-2017-7612, CVE-2017-7613) #618004

    - upgraded to libpng-1.6.29, sqlite-3.19.3, xfsprogs-4.9.0, harfbuzz-1.4.6-r2, libgudev-231, pango-1.40.6, gtk+-3.22.16

  • 005-thinclient.xzm:

  • - upgraded to vte-0.46.2

  • 05-flash.xzm:

  • - security fix adobe-flash-26.0.0.137: multiple vulnerabilities (APSB17-21, CVE-2017-3080, CVE-2017-3099, CVE-2017-3100) #624620

    Porteus Kiosk version 20170706

  • initrd:

  • - display 'Device not ready' message not earlier than 10 seconds after boot

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.35, intel-microcode-20170511

  • 001-core.xzm:

  • - upgraded to dbus-glib-0.108, liblogging-1.0.6, rsyslog-8.27.0-r1

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to 59.0.3071.115

  • 003-settings.xzm:

  • - kiosk fix removed 16 characters password limit for the 'session_password=' parameter

    - kiosk fix enable capture channels for the microphone during system start

    - kiosk fix toggle tabs function should not prevent restarting the browser when 'session_idle_forced=' parameter is used

  • 004-wifi.xzm:

  • - added more brcm sdio firmware

  • 005-thinclient.xzm:

  • - security fix libgcrypt-1.7.8: flush+reload side-channel attack on RSA secret keys: "Sliding right into disaster" (CVE-2017-7526) #623006

    Porteus Kiosk version 20170621

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.33

  • 001-core.xzm:

  • - security fix curl-7.54.0: --write-out out of buffer read (CVE-2017-7407) #615870

    - security fix expat-2.2.1: External entity infinite loop DoS (CVE-2017-9233) #622046

    - security fix glibc-2.23-r4: arbitrary code execution through crafted LD_LIBRARY_PATH values (CVE-2017-1000366) #622220

    - security fix ntp-4.2.8_p10: multiple vulnerabilities (CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464) #613550

    - security fix tigervnc-1.8.0: multiple vulnerabilities (CVE-2017-7392, CVE-2017-7393, CVE-2017-7394, CVE-2017-7395, CVE-2017-7396) #614742

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.2.0. Changelog: link

  • 003-settings.xzm:

  • - new feature removed shutdown, reboot and sleep options from the bottom panel's 'exit menu' of the Cloud and ThinClient systems. If you need to have them present then please add 'shutdown_menu=yes' parameter to your kiosk config.

  • 004-wifi.xzm:

  • - upgraded to wpa_supplicant-2.6-r1

  • 005-thinclient.xzm:

  • - security fix libgcrypt-1.7.7: Possible timing attack on EdDSA session key #621218

  • 05-flash.xzm:

  • - upgraded to adobe-flash-26.0.0.131

  • 08-ssh.xzm:

  • - security fix openssh-7.5_p1: Multiple Vulnerabilities (CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012) #603100

  • 10-printing.xzm:

  • - security fix jbig2dec-0.13-r4 : multiple integer overflow (CVE-2017-7885, CVE-2017-7975, CVE-2017-7976) #616464

    - security fix gnutls-3.5.13: Crash upon receiving well-formed status_request extension #622038

    - security fix ghostscript-gpl-9.21 : Memory corruption / type confusion (CVE-2017-8291) #616814

    Porteus Kiosk version 20170607

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.31

  • 001-core.xzm:

  • - security fix bzip2-1.0.6-r8: heap use after free in bzip2recover (CVE-2016-3189) #620466

    - upgraded to logrotate-3.12.2, libdrm-2.4.80, libevdev-1.5.7, xkbcomp-1.4.0, libxkbcommon, mesa-17.0.6, libepoxy-1.4.2, xorg-server-1.19.3, xf86-video-amdgpu-1.3.0, xf86-video-nouveau-1.0.15, xf86-video-openchrome-0.6.0, xf86-video-intel-2.99.917_p20170313, xf86-video-ati-7.9.0

  • 005-thinclient.xzm:

  • - security fix icu-58.2-r1 : heap overflow (CVE-2017-7867, CVE-2017-7868) #616468

  • 10-printing.xzm:

  • - security fix perl-5.24.1-r2: chmod() logic in rmtree() and remove_tree() functions can be abused (CVE-2017-6512) #620304

    - security fix libtasn1-4.10-r2: asn1_find_node() based stackoverflow (CVE-2017-6891) #619686

    - upgraded to cups-filters-1.13.5

    Porteus Kiosk version 20170526


    Tagged as Porteus Kiosk 4.4.0 release


    Wizard 4.4.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • initrd:

  • - enabled busybox applet: stat

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.30

  • 001-core.xzm:

  • - security fix freetype-2.8: multiple overflows (CVE-2016-10328, CVE-2017-7857, CVE-2017-7858, CVE-2017-7864, CVE-2017-8105, CVE-2017-8287) #616730

    - upgraded to gtk+-3.22.15, libjpeg-turbo-1.5.1, rsyslog-8.26.0-r1

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to 58.0.3029.110

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-52.1.2. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix timeout connecting to the server after 60 seconds when trying to download files from it. Kiosk can still boot even is server in not accessible at the moment.

    - new feature start screensaver immediately when idle time is set to 0

    - new feature added support for storing SSL certificate on the server through the 'import_certificates=server://certificate.crt' parameter

    - new feature added proxy auto configuration support for stunnel so clients behind proxy can connect to Porteus Kiosk Server

  • 005-thinclient.xzm:

  • - upgraded to libssh-0.7.4

  • 07-java.xzm:

  • - security fix icedtea-bin-3.4.0: Multiple vulnerabilties (CVE-2017-{3509,3511,3512,3514,3526,3533,3539,3544}) #618874

    - added crippled 'java-config' utility to keep java plugin quiet in the logs

  • 10-printing.xzm:

  • - security fix tiff-4.0.8: Multiple Vulnerabilities (CVE-2017-7592, CVE-2017-7593, CVE-2017-7594) #618610

    - upgraded to gnutls-3.5.12

    - added libunistring-0.9.7

    Porteus Kiosk version 20170513

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.27

  • 003-settings.xzm:

  • - kiosk fix use hp backend for HP printers connected directly to kiosk

    - kiosk fix decorate Chrome popup windows by default so its possible to close them

    - kiosk fix ignore lines starting with space/tabs in kiosk config as they break PCID sections

    - new feature enable CloudPrinting by default for Cloud/ThinClient variants with Chrome browser

  • 005-thinclient.xzm:

  • - upgraded to spice-gtk-0.33-r2

  • 05-flash.xzm:

  • - upgraded to adobe-flash-25.0.0.171

    Porteus Kiosk version 20170506

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.25

    - kernel config: compiled nvme driver directly into kernel so its possible to install kiosk on NVME devices, added support for loading Intel/AMD microcode by the kernel

    - added microcode firmware needed by some Intel/AMD CPUs

  • 001-core.xzm:

  • - security fix dbus-1.10.16: two symlink attacks #611392

    - security fix feh-2.18.3: Integer overflow in wallpaper.c while receiving an IPC message (CVE-2017-7875) #616470

    - security fix nss-3.29.5: Out-of-bounds write in Base64 encoding in NSS (CVE-2017-5461) #616032

    - upgraded to apulse-0.1.10, gdk-pixbuf-2.36.6, pango-1.40.5, gtk+-3.22.12

  • 003-settings.xzm:

  • - kiosk fix regenerate playlist and restart screensaver slideshow when online zip archive was updated

    - kiosk fix refresh ripples screensaver every 10 minutes to avoid background picture distortions

    - kiosk fix process only connected displays for 'screen_settings=' parameter

    - kiosk fix display a warning message and skip installation/reconfiguration/upgrade if generated kiosk ISO is larger than system partition (900 MB)

  • 005-thinclient.xzm:

  • - upgraded to usbredir-0.7.1_p20170503

    Porteus Kiosk version 20170422

  • 001-core.xzm:

  • - upgraded to harfbuzz-1.4.5

    - added apulse-0.1.9

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-52.1.0 changelog: 46.0 47.0 48.0 49.0 50.0 51.0 52.0

  • 05-flash.xzm:

  • - upgraded to adobe-flash-25.0.0.148

  • 10-printing.xzm:

  • - upgraded to perl-5.24.1-r1

    Porteus Kiosk version 20170408

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.21

  • 001-core.xzm:

  • - upgraded to atk-2.22.0, ethtool-4.8, gdk-pixbuf-2.36.5, glib-2.50.3-r1, hwids-20170328, libnotify-0.7.7, llvm-3.9.1-r1, nettle-3.3-r1, pango-1.40.4, rsyslog-8.24.0-r2, sqlite-3.17.0

  • 002-chrome.xzm:

  • - upgraded to google-chrome-57.0.2987.133

  • 003-settings.xzm:

  • - kiosk fix fixed the case when 'persistence=none' parameter was preventing the booting media to be powered off

  • 005-thinclient.xzm:

  • - upgraded to at-spi2-core-2.22.1, at-spi2-atk-2.22.0, adwaita-icon-theme-3.22.0, gtk+-3.22.11, vte-0.46.1

    - added libpcre2-10.22

  • 10-printing.xzm:

  • - upgraded to gutenprint-5.2.12, foomatic-db-4.0.20170331

    Porteus Kiosk version 20170328

  • initrd.xz:

  • - new feature added support for 'kernel_parameters=boot_from_usb' which forces booting the system from removable device even if second kiosk installation is available on the hard drive. This is useful e.g. if you want to test new kiosk version on specific PC using usb stick before updaing main system installation on the hard drive.

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.17

  • 001-core.xzm:

  • - security fix wget-1.19.1-r1: CRLF injection in the url_parse function in url.c (CVE-2017-6508) #612326

    - security fix freetype-2.7.1-r2: parse_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name #612192

    - security fix libpcre-8.40-r1: OOB read / application crash (CVE-2017-6004) #609592

    - major Xorg upgrade upgraded xorg-server to version 1.19.2 and bumped whole Xorg stack: libdrm-2.4.75, libevdev-1.5.6, xkeyboard-config-2.20, libICE-1.0.9-r1, libxcb-1.12-r2, libXfont2-2.0.1, libX11-1.6.5, libXi-1.7.9, mesa-13.0.5, xauth-1.0.10, libepoxy-1.4.1, cairo-1.14.8, xorg-server-1.19.2, xf86-video-r128-6.10.2, xf86-video-vmware-13.2.1, xf86-video-trident-1.3.8, xf86-video-amdgpu-1.2.0, xf86-video-openchrome-0.5.0, xf86-video-nouveau-1.0.13, xf86-video-tdfx-1.4.7, xf86-video-sisusb-0.9.7, xf86-video-glint-1.2.9, xf86-video-savage-2.3.9, xf86-input-synaptics-1.9.0, xf86-video-mga-1.6.5, xf86-video-sis-0.10.9, xf86-video-siliconmotion-1.7.9, xf86-video-qxl-0.1.5, xf86-video-chips-1.2.7, xf86-input-evdev-2.10.5, xf86-video-intel-2.99.917_p20170216, xf86-video-ati-7.8.0, libwacom-0.24, xf86-input-wacom-0.34.0

    - upgraded to timezone-data-2017a, wmctrl-1.07-r2, xdotool-3.20150503.1-r1, tint2-0.12.12, rsyslog-8.24.0-r1

    - added libxkbcommon-0.6.0, xf86-video-virtualbox

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-google-chrome-57.0.2987.110

  • 003-settings.xzm:

  • - kiosk fix copy client files recursively and bind two ports with one ssh command when initializing a tunnel to the PK Server. This is to avoid unnecessary connections and lower server overhead when multiple clients are starting at the same time.

    - kiosk fix force opening Chrome on webpage(s) defined in the "RestoreOnStartupURLs" policy. This is to resolve an issue where Chrome started with a blank page when 'persistence=full' was enabled and kiosk was not shutdown cleanly, e.g. due to a power cut.

    - kiosk fix set 'kiosk-printer' globally as default printer through the lpoptions command. Seems that Chrome-55.x and up respect this setting now instead of a local one included in the master preferences file.

    - kiosk fix Alt-Home and Alt-KP_Home keyboard shortcuts are allowed when Chrome works with navigation bar disabled

    - kiosk fix fixed the case where parameter 'shared_printer=no' was still initializing shared printing

    - new feature all plugins for Chrome are enabled by default including "Widevine Content Decryption Module" so its possible to watch e.g. Netfilx movies

    - new feature check if at least one video output is active in the VNC startup script, if not then create virtual mode with 1920x1080 size and assign it to a disconnected output. This way VNC service can work properly on kiosks which have no monitor attached.

  • 005-thinclient.xzm:

  • - recompiled libssh with gcrypt and ssh1 support

    - upgraded to libgpg-error-1.27-r1, libgcrypt-1.7.6

  • 05-flash.xzm:

  • - upgraded to adobe-flash-25.0.0.127

    Porteus Kiosk version 20170312


    Tagged as Porteus Kiosk 4.3.0 release


    Wizard 4.3.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.14

  • 001-core.xzm:

  • - security fix shadow-4.4-r2: su: user can send SIGKILL with root privileges to other processes (CVE-2017-2616) #610804

    - security fix nss-3.28: multiple vulnerabilities (CVE-2016-{5285,8635,9074}) #604916

    - security fix curl-7.53.0: SSL_VERIFYSTATUS ignored (CVE-2017-2629) #610572

    - upgraded to sqlite-3.16.2

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.8.0. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix rotate /var/log/x11vnc.log every day so it wont grow in size too much

    - kiosk fix skip system reconfiguration/upgrade if ISO is burned on an optical media

    - kiosk fix skip system reconfiguration/upgrade if ISO was manually burned on a partition (e.g. /dev/sda1) while it should be burned on a device (e.g. /dev/sda)

    - new feature use OpenDNS as secondary DNS server in the installation wizard for static IP configuration

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20170307

  • 10-printing.xzm:

  • - security fix lcms-2.8-r1: Out-of-bounds read in Type_MLU_Read() (CVE-2016-10165) #591452

    - security fix jbig2dec-0.13-r1: Heap-buffer overflow due to Integer overflow in jbig2_image_new function #607188

    - upgraded to libtasn1-4.10

    Porteus Kiosk version 20170219

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.9.11

  • 001-core.xzm:

  • - upgraded to libbsd-0.8.3, gtk+-2.24.31-r1

  • 05-flash.xzm:

  • - upgraded to adobe-flash-24.0.0.221

  • 10-printing.xzm:

  • - security fix ghostscript-gpl-9.20-r1: Multiple vulnerabilities (CVE-2016-7976, CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602) #596576

    - added openjpeg-2.1.1_p20160922

    Porteus Kiosk version 20170211

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-4.9.9

  • 001-core.xzm:

  • - security fix ntfs3g-2016.2.22-r2: incorrect filtering of environment variables leading to privilege escalation (CVE-2017-0358) #607912

  • 003-settings.xzm:

  • - new feature added warning when there may be not enough RAM available on the PC to perform system installation. Kiosks with 512MB of RAM may fail the installation if there large in size components enabled, e.g. java.

  • 004-wifi.xzm:

  • - upgraded wifi firmware to match new kernel

  • 05-flash.xzm:

  • - major flashplayer upgrade upgraded to adobe-flash-24.0.0.194

  • 07-java.xzm:

  • - security fix icedtea-bin-3.3.0: Multiple vulnerabilties (CVE-2016-{2183,5546,5547,5548,5549,5552}, CVE-2017-{3231,3241,3252,3253,3260,3261,3272,3289}) #607676

    Porteus Kiosk version 20170129

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.45

  • 001-core.xzm:

  • - security fix openssl-1.0.2k: Multiple vulnerabilities (CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732) #607318

    - security fix lua-5.1.5-r4: overflow flaw in vararg functions (CVE-2014-5461) #520480

    - upgraded to kmod-23, util-linux-2.28.2

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-55.0.2883.87

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.7.0. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix removed obsolete Chrome policies: DisableSpdy, DnsPrefetchingEnabled

    - new feature activate 'serial' backend for CUPS as some usb printers require it for direct connection

    - new feature if kiosk installation fails then debug info will be displayed in the browser in order to help identifying the problem, e.g. I/O errors on target media

  • 005-thinclient.xzm:

  • - security fix opus-1.1.3-r1: Memory corruption during media file and data processing (CVE-2017-0381) #605894

  • 09-x11vnc.xzm:

  • - security fix libvncserver-0.9.11: multiple vulnerabilities (CVE-2016-9941, CVE-2016-9942) #605326

  • 10-printing.xzm:

  • - upgraded to openldap-2.4.44

    Porteus Kiosk version 20170115

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.42

  • 001-core.xzm:

  • - security fix glibc-2.23-r3: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption #576726

    - security fix libxml2-2.9.4-r1: NULL pointer deref in XPointer range-to #597116

    - security fix ibpng-1.6.27: NULL pointer dereference (CVE-2016-10087) #604082

    - upgraded to ca-certificates-20161102.3.27.2-r2, acpid-2.0.28, libfastjson-0.99.4, zlib-1.2.11, logrotate-3.11.0, curl-7.52.1-r1, libva-1.7.3, libva-intel-driver

  • 002-firefox.xzm:

  • - security fix fmpeg-2.8.10: multiple vulnerabilities #596760

  • 003-settings.xzm:

  • - kiosk fix configure input devices first and then screen settings so rotated touchscreen devices are calibrated properly

    - kiosk fix set hostname before starting rsyslog so proper kiosk hostname is saved in the logs (especially important when logs are transported to Kiosk Server)

    - new feature paramter 'client_id=automatic' will automatically asign the client ID to the kiosk - no need for manual configuration. Following range will be used for automatic IDs: 2000 - 4999.

  • 10-printing.xzm:

  • - security fix gnutls-3.3.26: two memory corruption vulnerabilities (CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, GNUTLS-SA-2017-1, GNUTLS-SA-2017-2) #605238

    Porteus Kiosk version 20161229

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.39

  • 001-core.xzm:

  • - security fix curl-7.52.1: uninitialized random (CVE-2016-9594) #603574

    - upgraded to alsa-lib-1.1.2, alsa-utils-1.1.2, conky-1.10.4, lm_sensors-3.4.0_p20160725, stunnel-5.36

    - added mtr-0.87

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.6.0. Changelog: link

  • 003-settings.xzm:

  • - new feature if bookmark name is not defined in the 'managed_bookmarks=' parameter and the page title is not available then default to the raw URL for the bookmark name

  • 004-wifi.xzm:

  • - upgraded to libnl-3.2.28

  • 005-thinclient.xzm:

  • - upgraded to opus-1.1.3, freerdp-2.0.0_pre20161219

  • 10-printing.xzm:

  • - security fix perl-5.22.3_rc4: unsafe module load path (CVE-2016-1238) #589680

    - upgraded to libieee1284-0.2.11-r4, libtasn1-4.9-r1, sane-backends-1.0.25-r1

    Porteus Kiosk version 20161212

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.38

  • 001-core.xzm:

  • - security fix ntfs3g-2016.2.22 [-external-fuse]: incorrect filtering of environment variables could cause privilege escalation (CVE-2015-3202) #550970

    - upgraded to e2fsprogs-1.43.3-r1, e2fsprogs-libs-1.43.3, feh-2.18, libpcre-8.39, ncurses-6.0-r1, procps-3.3.12

  • 003-settings.xzm:

  • - kiosk fix fixed the list of foomatic drivers which was generated incorrectly for 4.2.0 release

  • 004-wifi.xzm:

  • - security fix ppp-2.4.7-r3: buffer overflow in radius plug-in's rc_mksid() (CVE-2015-3310) #546554

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.14_p20161013

  • 10-printing.xzm:

  • - upgraded to qpdf-5.1.1-r1

    Porteus Kiosk version 20161203


    Tagged as Porteus Kiosk 4.2.0 release


    Wizard 4.2.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.36

  • 001-core.xzm:

  • - security fix expat-2.2.0-r1: Undefined behavior and pointer overflows (CVE-2016-4472) #585510

    - security fix ntp-4.2.8_p9: Multiple vulnerabilities (CVE-2016-{7426,7427,7429,7428,7431,7434,7433,9310,9311,9312}) #600430

    - upgraded to coreutils-8.25, libpng-1.6.25, rsyslog-8.19.0

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.5.1. Changelog: link

  • 005-thinclient.xzm:

  • - security fix icu-58.1: Stack based buffer overflow in locid.cpp (CVE-2016-7415) #594494

  • 07-java.xzm:

  • - security fix icedtea-bin-3.2.0: Multiple vulnerabilties (CVE-2016-{5542,5554,5568,5573,5582,5597}) #600224

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.14-r1

  • 10-printing.xzm:

  • - security fix libtasn1-4.8: infinite loop while parsing DER certificates #579748

    - security fix openldap-2.4.43: ber_get_next denial of service vulnerability #560424

    - security fix python-2.7.12: smtplib StartTLS stripping attack (CVE-2016-0772) #585946

    - security fix tiff-4.0.7: Multiple vulnerabilities #599746

    Porteus Kiosk version 20161115

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.32

  • 001-core.xzm:

  • - security fix curl-7.51.0: Multiple vulnerabilities (CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625) #597760

    - upgraded to hwids-20161103, libXi-1.7.8, timezone-data-2016h

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-54.0.2840.100

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.5.0. Changelog: link

  • 003-settings.xzm:

  • - kiosk fix disable 'C++' and 'C--' keyboard shortcuts properly when 'disable_zoom_controls=yes' parameter is used

  • 005-thinclient.xzm:

  • - upgraded to libwebp-0.4.2, remmina-1.2.0_rc16, vte-0.44.3

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.644: Multiple vulnerabilities (CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865) #599204

  • 08-ssh.xzm:

  • - security fix openssh-7.3_p1-r7: Memory exhaustion due to unregistered KEXINIT handler after receiving message(CVE-2016-8858) #597360

  • 10-printing.xzm:

  • - upgraded to cups-2.1.4, foomatic-db-4.0.20161101

    Porteus Kiosk version 20161023

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.27

  • 001-core.xzm:

  • - security fix libX11-1.6.4, libXfixes-5.0.3, libXi-1.7.7, libXrandr-1.5.1, libXrender-0.9.10, libXtst-1.2.3, libXv-1.0.11, libXvMC-1.0.10 - Multiple vulnerabilities #596182

    - security fix dbus-1.10.12: format string vulnerability #596772

  • 004-wifi.xzm:

  • - security fix wpa_supplicant-2.6: Multiple vulnerabilities (CVE-2015-5310, CVE-2015-5315, CVE-2015-5316, CVE-2016-4477) #596042

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.637: Multiple vulnerabilities (APSB16-32, CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992) #596896

  • 11-citrix.xzm:

  • - upgraded to icaclient-13.4.0.10109380-r1

    Porteus Kiosk version 20161003

  • 001-core.xzm:

  • - kiosk fix recompiled xf86-video-intel driver without DRI3 support which causes issues on Intel Alviso (gen3) GPUs

    - upgraded to cronbase-0.3.7-r4, gtkdialog-0.8.3-r2, mesa-12.0.3

  • 003-settings.xzm:

  • - kiosk fix make parameter 'vga_driver=modesetting' working

    Porteus Kiosk version 20161001

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.23

  • 001-core.xzm:

  • - security fix openssl-1.0.2j: Multiple vulnerabilities (CVE-2016-6309, CVE-2016-7052) #595186

    - upgraded to acpid-2.0.27, atk-2.20.0, cronbase-0.3.7-r3, cronie-1.5.0-r1, dhcpcd-6.11.3, fuse-2.9.7, gdk-pixbuf-2.34.0, glib-2.48.2, gtk+-2.24.31, harfbuzz-1.3.1, libgudev-230-r1, logrotate-3.10.0, pango-1.40.3, sqlite-3.13.0

  • 005-thinclient.xzm:

  • - upgraded to at-spi2-atk-2.20.1, at-spi2-core-2.20.2, gtk+-3.20.9, libgpg-error-1.24, libsoup-2.54.1-r1, vte-0.44.2

  • 08-ssh.xzm:

  • - security fix openssh-7.3_p1-r6: Remote pre-auth crash #595342

  • 10-printing.xzm:

  • - security fix gnutls-3.3.24-r1: OCSP validation issue (CVE-2016-7444) #594738

    - upgraded to gmp-6.1.0, net-snmp-5.7.3-r5

    Porteus Kiosk version 20160923

  • 001-core.xzm:

  • - security fix curl-7.50.3: escape and unescape integer overflows (CVE-2016-7167) #593716

    - security fix openssl-1.0.2i: Multiple vulnerabilities (CVE-2016-2180, CVE-2016-2183, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308) #594500

    - major Xorg upgrade upgraded xorg-server to version 1.18.4 and bumped whole Xorg stack: libdrm-2.4.70, libXdmcp-1.1.2-r1, pixman-0.34.0, libevdev-1.5.2, libxcb-1.12, libXfixes-5.0.2, libXi-1.7.6, xkbcomp-1.3.1, xkeyboard-config-2.17, xrandr-1.5.0, mesa-12.0.1, mesa-progs-8.3.0, xorg-server-1.18.4, xf86-video-r128-6.10.1, xf86-input-evdev-2.10.3, xf86-video-amdgpu-1.1.0, xf86-input-synaptics-1.8.3, xf86-video-nouveau-1.0.12, xf86-input-aiptek-1.4.1-r1, xf86-video-openchrome-0.4.0, xf86-video-intel-2.99.917_p20160621-r1, xf86-video-ati-7.7.0, xf86-input-wacom-0.33.0

    - added libbsd-0.8.2

  • 002-chrome.xzm:

  • - upgraded to google-chrome-53.0.2785.116

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.4.0. changelog: link

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.635 Multiple vulnerabilities (APSB16-29) #593684

    Porteus Kiosk version 20160914

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.20

  • 001-core.xzm:

  • - security fix curl-7.50.2: Incorrect reuse of client certificates (CVE-2016-7141) #592974

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-53.0.2785.113

  • 003-settings.xzm:

  • - kiosk fix make sure SSH tunnel connection is established fully before trying to download remote config from Porteus Kiosk Server

  • 06-fonts.xzm:

  • - upgraded to noto-20160531

  • 10-printing.xzm:

  • - upgraded to perl-5.22.2

    Porteus Kiosk version 20160904


    Tagged as Porteus Kiosk 4.1.0 release


    Wizard 4.1.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.19

  • 001-core.xzm:

  • - upgraded to libestr-0.1.10

  • 003-settings.xzm:

  • - kiosk fix clients behind the proxy can connect to Porteus Kiosk Server properly

    - new feature screensaver slideshow will sort the pictures according to their filename

  • 10-printing.xzm:

  • - upgraded to gutenprint-5.2.11

    Porteus Kiosk version 20160819

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.18

  • 001-core.xzm:

  • - security fix curl-7.50.1: multiple vulnerabilities #590482

    - upgraded to dejavu-2.37

  • 003-settings.xzm:

  • - kiosk fix keep cron logs in a separate file so they wont be flooding main system log

    - kiosk fix disabled geolocation and OCSP services for Firefox as they make troubles for kiosks which uses proxies with authentication (long wait for a timeout when connecting to Mozilla services)

    - new feature report kernel version to the Server

  • 07-java.xzm:

  • - security fix icedtea{,-bin}-{7.2.6.7,3.1.0}: Multiple vulnerabilties (CVE-2016-{3458,3485,3500,3508,3550,3587,3598,3606,3610}) #590590

  • 10-printing.xzm:

  • - security fix nettle-3.2-r1 : RSA code is vulnerable to cache-timing related attacks #590484

    Porteus Kiosk version 20160806

  • initrd:

  • - enabled busybox applet: mktemp

    - do not start splash if 'debug' kernel parameter is used

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.16

  • 001-core.xzm:

  • - added c_rehash-1.7-r1, hicolor-icon-theme-0.15

    - upgraded to hwids-20160801, timezone-data-2016e

  • 002-chrome.xzm:

  • - upgraded to google-chrome-52.0.2743.116

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.3.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix escape '?' character for Firefox's whitelist/blacklist functions so URLs containing this characters are handled correctly

    - kiosk fix make sure that ssh tunnel was established properly before forwarding client's data to the Server. This is to avoid 'password not found' error which could appear when establishing VNC connection from Administration Panel to the client.

  • 10-printing.xzm:

  • - added sane-backends-1.0.24-r6, net-snmp-5.7.3-r3

    - recompiled hplip with scanner and fax support

    - upgraded to poppler-0.45.0

  • 11-citrix.xzm:

  • - new feature linked /opt/Citrix/ICAClient/keystore/cacerts directory to /etc/ssl/certs so system certificates could be used

    Porteus Kiosk version 20160724

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.15

  • 001-core.xzm:

  • - upgraded to llvm-3.7.1-r3

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-52.0.2743.82

  • 003-settings.xzm:

  • - kiosk security fix do not mount removable device and start the browser if session is locked by the "session password" window

    - kiosk security fix blocked Shift+Enter key combination by default as it was opening a new Firefox window when user clicked on download link and then pressed Shift+Enter

    - kiosk fix browser idle: prevent very first browser restart if no user activity was detected

    - kiosk fix update DNS properly when dialup connection is used

    - kiosk fix block 'Ctrl+p' key combination if printing component is not enabled

    - kiosk fix stunnel: reduced logging level from "warning" to "critical" to get rid of warning entries flooding the log when remote server is down

    - new feature enable bootsplash by default for post installation ISO

    - new feature default search engine is set to Google, you may change it to DuckDuckGo with 'search_engine=duckduckgo' parameter

    - new feature shutdown menu: restart session is back, all services are aware that Xorg session can be restarted

    - new feature browser idle: notify the user that user activity was detected and session wont be restarted

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.632 - Multiple vulnerabilities (CVE-2016-{4217,4218,4219,4220,4221,4222,4223,4224,4225,4226,4227,4228,4229,4230,4231,4232,4233,4234,...,4249}) #588738

    Porteus Kiosk version 20160710

  • initrd:

  • - enabled busybox applet: eject

  • 001-core.xzm:

  • - security fix expat-2.1.1-r2: Using XML_Parse before rand() results in non-random output (CVE-2016-5300) #577928

    - security fix libpcre-8.38-r1: stack buffer overflow for (*ACCEPT) with deeply nested parentheses #575546

    - security fix openssl-1.0.2h-r2: Non-constant time codepath followed for certain operations in DSA implementation (CVE-2016-2178) #585276

    - security fix wget-1.18: Lack of filename checking allows arbitrary file upload via FTP redirect (CVE-2016-4971) #585926

    - security fix libjpeg-turbo-1.5.0: Out-of-Bounds Read via unusually long Blocks in MCU #585782

    - added: json-c-0.12, libestr-0.1.9, liblogging-1.0.5, rsyslog-8.16.0-r1, startup-notification-0.12-r1

    - upgraded to stunnel-5.34-r1

  • 003-settings.xzm:

  • - new feature rsyslog replaces metalog as default logging daemon - its more configurable and supports remote logging

    - new feature if association with Kiosk Server is enabled then bind remote rsyslog port locally (over SSL tunnel). System logs in severity warning and above will be logged on the Server side - useful for proactive support.

    - new feature if hostname is not specified and if Kiosk Server association is enabled then use client_id as hostname

    - new feature automatically eject optical disc after successful installation

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20160610

  • 10-printing.xzm:

  • - security fix gnutls-3.3.24: Certificate verification issue when used with the p11-kit trust module (GNUTLS-SA-2016-2) #588306

    - recompiled poppler with cairo support

    - upgraded to cups-2.1.3-r1

    Porteus Kiosk version 20160625

  • initrd:

  • - mention Win32DiskImager explicitly in the booting failure message

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.14

  • 001-core.xzm:

  • - upgraded to gtk+-2.24.30, harfbuzz-1.2.7, libxml2-2.9.4, timezone-data-2016d

  • 002-chrome.xzm:

  • - upgraded to google-chrome-51.0.2704.106

  • 003-settings.xzm:

  • - kiosk fix fixed character conversion issue for Citrix Receiver

    - kiosk fix make sure that authorized_keys file was copied correctly from Porteus Kiosk Server

    - kiosk fix add '--disable-pinch' to Chrome flags if 'disable_zoom=yes' parameter is used

    - kiosk fix make signons work again for Chrome

    - kiosk fix removed 'restart session' option from shutdown menu as its causing troubled in certain situations. Please use 'reboot' option instead.

    - new feature kiosk config can be hosted on FTP servers

    - new feature list touch devices in debug report

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.626 - Critical vulnerability (CVE-2016-{4120,4171}) #586044

    Porteus Kiosk version 20160610

  • initrd:

  • - added quirk for nVidia GPUs

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.13

  • 001-core.xzm:

  • - security fix expat-2.1.1-r1: Expat XML Parser Crashes on Malformed Input (CVE-2016-0718) #583268

    - security fix ntp-4.2.8_p8: Multiple vulnerabilities (CVE-2016-{4953,4954,4955,4956,4957}) #584954

    - security fix ntfs3g-2015.3.14 [-external-fuse]: incorrect filtering of environment variables could cause privilege escalation (CVE-2015-3202) #550970

    - upgraded to cairo-1.14.6, dosfstools-4.0-r1, elfutils-0.166, nss-3.23, sysvinit-2.88-r9, xfsprogs-4.5.0

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-51.0.2704.84

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.2.0. changelog: link

  • 003-settings.xzm:

  • - kiosk security fix if ssh service is enabled then allow login to Porteus Kiosk Server as kiosk user only from localhost interface (force using SSL tunnel)

    - kiosk fix when multiple homepages are defined and 'homepage_check=' parameter is enabled then query only first homepage to prevent "homepage is not available" message

    - kiosk fix fixed 'scheduled_actions=' parameter not working correctly when hour or minute was staring with '0' number (e.g. 09:04)

    Porteus Kiosk version 20160528


    Tagged as Porteus Kiosk 4.0.0 release


    Wizard 4.0.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • initrd:

  • - use 'uvesafb' driver to display splash screen during boot when native framebuffer driver is not available

    - when booting fails show an info how to burn the kiosk ISO correctly on the usb sticks

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.11

  • 001-core.xzm:

  • - security fix curl-7.49.0: TLS certificate check bypass with mbedTLS/PolarSSL (CVE-2016-3739) #583394

    - upgraded to bzip2-1.0.6-r7, freetype-2.6.3-r1, hwids-20160421, libpng-1.6.21, procps-3.3.11-r3, pciutils-3.4.1, wget-1.17.1-r1

  • 003-settings.xzm:

  • - kiosk security fix disabled access to four chrome:// facilities which slipped through our blacklist filter. Vulnerability reported by Blaze Information Security - thank you!

    - kiosk fix enabled logging for x11vnc daemon

  • 06-fonts.xzm:

  • - added libertine-5.3.0.20120702-r2, noto-20160305-r1 packages

    - upgraded to dejavu-2.35, liberation-fonts-2.00.1-r2

    Porteus Kiosk version 20160519

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.10

  • 001-core.xzm:

  • - security fix imlib2-1.4.9: integer overflow resulting in insufficient heap allocation #580038

    - upgraded to glib-2.46.2-r3, kmod-22, timezone-data-2016c

    - added dosfstools-4.0, mesa-progs-8.2.0

  • 002-chrome.xzm:

  • - upgraded to google-chrome-50.0.2661.102

  • 003-settings.xzm:

  • - kiosk fix fixed installation on SD cards which broke after switching to the GRUB bootloader

    - kiosk fix disabled 'horizontal overscroll' in Chrome as this feature may cause privacy concerns

    - new feature added OpenGL info to debug report

  • 004-wifi.xzm:

  • - upgraded to crda-3.18-r1

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.621 - many vulnerabilities (CVE-2016-{1096,1097,1098,1099,1100,1101,1102,1103,1104,1105,1106,1107,1108,1109,1110,...,4117}) #582670

  • 07-java.xzm:

  • - major Java upgrade upgraded to icedtea-bin-3.0.1 (java-1.8.x)

    - upgraded to icedtea-web-1.6.1-r1

  • 10-printing.xzm:

  • - security fix poppler-0.42.0: heap buffer overflow #579752

    - recompiled tiff with jpeg support

    - upgraded to foomatic-db-4.0.20160504

    Porteus Kiosk version 20160505

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.9

  • 001-core.xzm:

  • - security fix openssl-1.0.2h: Multiple vulnerabilities (CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176) #581234

  • 002-firefox.xzm:

  • - security fix mozilla-firefox-45.1.1

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20160502

    Porteus Kiosk version 20160501

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.8

  • 001-core.xzm:

  • - security fix ntp-4.2.8_p7: multiple vulnerabilities #581528

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-45.1.0. changelog: link

  • 002-chrome.xzm:

  • - upgraded to google-chrome-50.0.2661.94

  • 003-settings.xzm:

  • - kiosk fix 'persistence=session' parameter should not depend on 'disable_private_mode=yes'

    - kiosk fix allow for filepicker in Chrome when support for removable media is enabled

    - new feature display /media location in the filepicker left side panel so its easier to find where removable media were mounted

    - new feature enable shared VNC access by default

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.6.6: Multiple vulnerabilties (CVE-2016-{0686,0687,0695,3425,3427}) #581028

    Porteus Kiosk version 20160417

  • initrd and initrdpxe.xz:

  • - upgraded to busybox-1.24.2

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.7

    - kernel config: enabled x86_64 architecture by default - we are dropping support for 32bit CPUs. Enabled drivers for hardware monitoring, PVSCSI SCSI Controller and added support for POSIX Message Queues

  • 001-core.xzm:

  • - security fix glibc-2.22-r4: nss_dns: Stack overflow in getnetbyname implementation (CVE-2016-3075) #578602

    - security fix sqlite-3.12.0: Buffer overread, buffer overflow, integer overflow #578940

    - new feature upgraded userland (all kiosk modules) to 64bit architecture. We are droping support for 32bit CPUs.

    - upgraded to gdk-pixbuf-2.32.3, libwacom-0.18, openbox-3.6.1, timezone-data-2016a, stunnel-5.30

    - added lm_sensors-3.3.5, tslib-1.0-r3, xev-1.2.2, xf86-input-tslib-0.0.6-r3

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-50.0.2661.75

  • 003-settings.xzm:

  • - kiosk fix when in debug mode unset homepage_append parameter so debug report can be displayed in the browser correctly

    - kiosk fix keep screensaver window on top when browser works with navigation bar disabled and is restarted by 'browser_idle=' parameter

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.616 Arbitrary code execution vulnerability (APSA16-01, CVE-2016-1019) #579166

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.6.5: unspecified vulnerability (CVE-2016-0636) #578300

    Porteus Kiosk version 20160318

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.6-porteus

  • 001-core.xzm:

  • - security fix openssl-1.0.2g-r2: Multiple vulnerabilities (CVE-2016-{0702,0703,0704,0705,0797,0798,0799,0800}) #575548

    - security fix ntp-4.2.8_p6: multiple vulnerabilities (CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158) #572452

    - security fix sqlite-3.11.1: arbitrary code execution on databases with malformed schema, buffer overreads (CVE-2015-7036) #574420

    - security fix nss-3.22.2 : multiple vulnerabilities (CVE-2016-{1950..1979}, CVE-2016-{2790..2802}) #576862

    - security fix imlib2-1.4.7: multiple vulnerabilities (CVE-2014-9762) #572884

    - added following packages: conky-1.9.0-r3, cronbase-0.3.7-r1, cronie-1.5.0, e2fsprogs-1.42.13, e2fsprogs-libs-1.42.13, fuse-2.9.4, gsimplecal-1.6, libpcre-8.38, logrotate-3.9.2, mc-4.8.14, metalog-3-r1, ncurses-5.9-r5, popt-1.16-r2, rsync-3.1.2, tint2-0.12.3, volumeicon-0.4.6, xcb-util-0.4.0, xf86-video-fbdev-0.4.4, xfsprogs-3.2.4

    - upgraded to gtk+-2.24.29

  • 002-firefox.xzm:

  • - security fix ffmpeg-2.8.6: Multiple vulnerabilities (CVE-2016-{2213,2328,2329,2330}) #577458

  • 003-settings.xzm:

  • - kiosk fix wizard: remote management 'test config' button downloads the config using wget and displays in gtkdialog window rather than the browser.

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.577: Multiple vulnerabilities (APSB16-08, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010) #576980

  • 08-ssh.xzm:

  • - security fix openssh-7.2_p2: Multiple vulnerabilities (CVE-2016-1908, CVE-2016-3115) #576954

  • 10-printing.xzm:

  • - security fix tiff-4.0.6: Buffer overflow (CVE-2013-4243) #484542

    Porteus Kiosk version 20160310

  • initrd:

  • - removed Broadcom BCM57780 quirk

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.5

  • 001-core.xzm:

  • - upgraded to atk-2.18.0, glib-2.46.2-r2, gtk+-2.24.28-r1, harfbuzz-1.1.3, libnotify-0.7.6-r3, libxml2-2.9.3, pango-1.38.1

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-45.0 changelog: 39.0 40.0 41.0 42.0 43.0 44.0 45.0

  • 003-settings.xzm:

  • - new feature welcome wizard: display link quality info after AP name in the scanning result

  • 004-wifi.xzm:

  • - added missing mt7601u.bin firmware

    Porteus Kiosk version 20160228


    Tagged as Porteus Kiosk 3.7.0 release


    Wizard 3.7.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.3-porteus.

  • 003-settings.xzm:

  • - kiosk fix blacklist drm kernel modules when 'gpu_driver=vesa' parameter is used

    Porteus Kiosk version 20160222

  • initrd:

  • - do not load uvesafb as it broke with 4.4 kernel

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.4.2-porteus. Moving early to kernel 4.4.x LTS as we need proper support for Intel Skylake processors.

    - kernel config: added support for Microsoft Hyper-V virtualization platform

  • 001-core.xzm:

  • - security fix glibc-2.21-r2: stack overflow in getaddrinfo (CVE-2015-7547) #574880

    - security fix dhcpcd-6.10.0: two vulnerabilities (CVE-2016-{1503,1504}) #571152

    - upgraded to libva-1.6.2, libva-intel-driver-1.6.2

  • 003-settings.xzm:

  • - kiosk fix fixed kiosk client -> Porteus Kiosk Server communication when ssh services are working on non default ssh port

    - kiosk fix generate system report only once when debug mode is enabled

  • 004-wifi.xzm:

  • - upgraded to ca-certificates-20151214.3.21, wpa_supplicant-2.5-r1

  • 06-fonts.xzm:

  • - added liberation-fonts-2.00.1-r1 package

    Porteus Kiosk version 20160214

  • initrd:

  • - do not count modules when copying to RAM as we want quieter booting

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.17

    - kernel config: switched to UVESA which is a modern replacement for VESA

  • 001-core.xzm:

  • - security fix nss-3.21-r2: Weak RSA-MD5 signature allows attack on client certificate authentication (part of SLOTH attack), miscalculations in bignum lib (CVE-2015-7575, CVE-2016-1938) #571086

    - added 'synclient' utility so its possible to configure touchpads

    - added following packages: v86d-0.1.10, fbv-1.0b

    - upgraded to libusb-1.0.19-r1, timezone-data-2015g

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.6.1. changelog: link

  • 003-settings.xzm:

  • - kiosk fix managed bookmarks: if bookmark title is not discovered automatically then use URL as a title instead of the generic 'Bookmark' name

    - kiosk fix eliminated fault conditions when underscore sign was used in kiosk parameters

    - new feature 'import_certificates=' parameter: added support for downloading and injecting standalone certificate to browser cert8.db/cert9.db. Sample: import_certificates=http://domain.com/files/certificate-1.crt http://domain.com/files/certificate-2.crt

  • 004-wifi.xzm:

  • - upgraded to wireless-regdb-20160208

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.569 : Multiple vulnerabilities (APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985) #574284

  • 10-printing.xzm:

  • - security fix nettle-3.2: Miscalculations of elliptic curve multiplications (CVE-2015-8803,CVE-2015-8804,CVE-2015-8805) #573646

    Porteus Kiosk version 20160129

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.16

  • 001-core.xzm:

  • - security fix openssl-1.0.2f: Multiple vulnerabilities (CVE-2015-3197,CVE-2016-0701) #572854

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.6.0. changelog: link

    - security fix ffmpeg-2.8.5: stealing local files with HLS+concat (CVE-2016-{1897,1898}) #571868

  • 003-settings.xzm:

  • - kiosk fix kill hhpc process properly when exiting screensaver slideshow/video

    - kiosk fix fixed touchscreen calibration/rotating for touch controllers which reports two input devices (e.g. PQLabs EN320006897)

    - new feature disabled system notification messages in order to achieve quiet boot and shutdown. Messages appears only when there is an issue or when kiosk reconfigures/upgrades itself.

  • 004-wifi.xzm:

  • - upgraded to usb_modeswitch-2.2.6

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.6.4: Mulitple vulnerabilities (CVE-2015-{7575,8126,8472}, CVE-2016-{0402,0448,0466,0483,0494}) #572716

  • 10-printing.xzm:

  • - security fix cups-filters-1.5.0: foomatic-rip - consider the back tick as an illegal shell escape character (CVE-2015-{8327,8560}) #567286

    Porteus Kiosk version 20160121

  • initrd:

  • - enabled busybox applets: gzip, gunzip, tty, zcat

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: enabled support for CIFS protocol (Windows network shares) and VESA framebuffer

  • 002-chrome.xzm:

  • - upgraded to google-chrome-47.0.2526.111_p1

  • 003-settings.xzm:

  • - kiosk fix remote config: allow for [[GLOBAL]] and [[PCID]] strings with no space between the bracket and data

    - kiosk fix 'browser_preferences=' parameter should append to user.js rather than overwrite it

    - kiosk fix fixed time calculation in the screensaver script - it can run now continuously for 11 500 days

    - kiosk fix remove whitespaces at the end of the parameters in the kiosk config prior to parsing. This bug was breaking for example 'printer_connection=' parameter.

    - kiosk fix wizard: save manual edits to kiosk config when user clicks on the 'save config' button

    - new feature wizard: added 'Back' button so you can restart it if you want to redo kiosk configuration

    - new feature wizard: added video tutorial button presenting how to save and load kiosk config/ISO from removable device

    - new feature added 'Raw Queue' printer driver for models which uses their own drivers

    - new feature use 1MB for the block size when burning the ISO during installation/reconfiguration/upgrade making this operation significantly faster

  • 08-ssh.xzm:

  • - security fix openssh-7.1_p2: Multiple vulnerabilities related to roaming (CVE-2016-{0777,0778}) #571892

  • uefi.zip:

  • - upgraded to Grub 2.02 beta2 and patched its sources for quiet boot

    Porteus Kiosk version 20160103

  • initrd and initrdpxe.xz:

  • - went back to wget applet from busybox and added SSL helper as statically linked wget for some reasons does not perform hostname resolution correctly

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: enabled i586 architecture by default. We are dropping support for i486 CPUs.

  • 001-core.xzm:

  • - security fix libjpeg-turbo-1.4.2: buffer overflow #531418

    - new feature recompiled userland with 'march=i586' compiler flag which seems to be a minimum requirement for latest Mesa ('march=i486' causes system hangs on Intel GPUs). We are droping support for i486 CPUs.

    - upgraded to mesa-11.0.6

  • 002-chrome.xzm:

  • - upgraded to google-chrome-47.0.2526.106_p1

  • 003-settings.xzm:

  • - kiosk fix run wget with '-U Mozilla' flag when doing the homepage check as some http servers reject connection when user agent is not set for the client

    - kiosk fix Chrome: disable 'pinch to zoom' touch gesture when navigation bar is disabled

    - kiosk fix handle displays with dash in name (e.g. VGA-0) properly when 'screen_settings=' parameter is provided and screen positioning function is used

    - kiosk fix recompiled openbox without xinerama support so applications get maximized across all available screens in mulit seat setup (e.g. video wall)

    - new feature added md5sum check of main system components after burning the ISO on the storage media. If md5sum does not match then burning is repeated up to 3 times.

  • 004-wifi.xzm:

  • - upgraded to libnl-3.2.27

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.559: Multiple vulnerabilities (CVE-2015-{8459,8460,8634,8635,8636,8638,8639,8640,8641,8642,8643,8644,8645,8646,8647,8648,8649,8650,8651}) #570040

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.14

    - added libvncserver-0.9.10-r3

  • 10-printing.xzm:

  • - security fix libpcre-8.38: Heap Overflow Vulnerability in find_fixedlength() (CVE-2015-5073) #553300

    Porteus Kiosk version 20151215

  • initrd and initrdpxe.xz:

  • - replaced busybox 'wget' applet with full wget application to allow downloading files from SSL protected sites

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.15

    - kernel config: enabled IP Multicast feature which is needed for receiving RTP/UDP video streams, compiled MPT drivers into kernel so its possible to install kiosk on SCSI/SAS hard drives in VMware and VirtualBox

    - configured ath10k driver to never search for a file containing wifi parameters otherwise network cant be initialized until this file is provided (its specific to each unit so there is no chance to make everyone happy)

  • 001-core.xzm:

  • - security fix openssl-1.0.2e: Multiple vulnerabilities (CVE-2015-{1794,3193,3194,3195,3196}) #567476

    - major Xorg upgrade upgraded xorg-server to version 1.17.4 and bumped whole Xorg stack: libX11-1.6.3, libXdmcp-1.1.2, libXi-1.7.5, libXrandr-1.5.0, libXrender-0.9.9, libXt-1.1.5, libdrm-2.4.65, libepoxy-1.3.1, libevdev-1.4.4, libfontenc-1.1.3, libpciaccess-0.13.4, libxcb-1.11.1, libxkbfile-1.0.9, setxkbmap-1.3.1, sqlite-3.9.2, udev-225, xf86-input-evdev-2.9.2, xf86-input-synaptics-1.8.2, xf86-input-wacom-0.31.0, xf86-video-ast-1.1.5, xf86-video-intel-2.99.917-r2, xf86-video-mga-1.6.4, xf86-video-qxl-0.1.4, xf86-video-r128-6.10.0, xf86-video-vesa-2.3.4, xinit-1.3.4-r1, xinput-1.6.2, xkeyboard-config-2.16, xmodmap-1.0.9, xorg-server-1.17.4

    - added attr-2.4.47-r2, libcap-2.24-r2, wmctrl-1.07-r1, xf86-video-amdgpu-0.0.01_pre20150814

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-47.0.2526.80_p1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.5.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix inject 'file:///tmp' to the whitelist automatically if 'screensaver_video=' parameter is used

    - kiosk fix start screensaver video with 'always on top' attribute so its not covered by restarted browser when 'browser_idle=' function is active

    - kiosk fix Firefox: disabled 'restore previous session' feature which shows up when persistence is enabled and browser crashes or is restarted by the 'browser_idle=' parameter

  • 004-wifi.xzm:

  • - added qualcomm ath10k firmware

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.554: Multiple vulnerabilities #567838

    - upgraded to curl-7.45.0

  • 05-flash_legacy.xzm:

  • - upgraded to curl-7.45.0

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.6.3: Vulnerability (CVE-2015-4871) #567850

    Porteus Kiosk version 20151126


    Tagged as Porteus Kiosk 3.6.0 release


    Wizard 3.6.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - kernel config: added support for VMware virtual machines

  • 001-core.xzm:

  • - security fix libpng-1.6.19: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions #565678

    - added elfutils-0.163, libepoxy-1.2, libva-1.6.1, libva-intel-driver-1.6.1, libvdpau-1.1.1, llvm-3.5.0, mesa-10.3.7-r1, xf86-video-vmware

  • 002-firefox.xzm:

  • - added ffmpeg-2.6.3

  • 003-settings.xzm:

  • - kiosk fix run the screensaver slideshow with 'always on top' attribute so its never covered by other windows (e.g. browser could be automatically restarted through the browser_idle* parameter and cover the slideshow)

    - new feature Firefox preferences: enabled support for h264 playback in the html5 video tag

    - new feature added /etc/rc.d/local_shutdown.d for local commands which should be executed during system reboot/shutdown: killing processes gracefully, stopping LAMP services, unmounting remote share or persistent storage

    - new feature compare kernel and kernel modules version and stop booting when they do not match as networking would not be initialized anyway

  • 07-java.xzm:

  • - security fix icedtea-bin7.2.6.2: Multiple vulnerabilities (CVE-2015-4734,4803,4805,4806,4835,4840,4842,4843,4844,4860,4872,4881,4882,4883,4893,4903,4911}) #565842

  • 10-printing.xzm:

  • - upgraded to hplip-3.15.11

  • 11-citrix.xzm:

  • - upgraded to icaclient-13.2.1.328635

    Porteus Kiosk version 20151112

  • initrd:

  • - display OS version during PXE boot

    - create /dev/shm by default

    - upgraded to busybox-1.24.1

    - enabled busybox applets: reset, time, arping, uptime, pgrep

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.13

  • 001-core.xzm:

  • - security fix libxml2-2.9.2-r4: Out-of-bounds memory access when parsing unclosed HTML comment #560524

    - security fix nspr-4.10.10: use-after-poison, buffer overflow, integer overflow (CVE-2015-{7181,7182,7183}) #564834

    - security fix nss-3.20.1: use-after-poison, buffer overflow, integer overflow (CVE-2015-{7181,7182,7183}) #564834

    - upgraded to glib-2.44.1-r1, kmod-4.21, pango-1.36.8-r1, procps-3.3.10-r1, stunnel-5.24, xf86-video-rendition-4.2.6

  • 002-chrome.xzm:

  • - upgraded to google-chrome-46.0.2490.86_p1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.4.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix improved compatibility of old wifi drivers and WPA2 Enterprise encryption scheme

  • 08-ssh.xzm:

  • - security fix openssh-7.1_p1-r2: MaxAuthTries bypass attack Vulnerability (CVE-2015-5600) #555518

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.548: multiple vulnerabilities #565318

    Porteus Kiosk version 20151101

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.12

    - kernel config: added NFS client support

  • 001-core.xzm:

  • - upgraded to glibc-2.21-r1

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-46.0.2490.80_p1

  • 003-settings.xzm:

  • - kiosk fix blocked Shift+F8 key combination by default

    - kiosk fix start "scheduled tasks" with 40 sec delay to avoid situation when system is restarted twice within the same minute (kiosk reboots very fast)

    - kiosk fix use default network interface instead of first one listed in /sys/class/net when determining MAC addres for the 'homepage_append=mac' function

    - new feature display warning when battery reaches 10% and repeat every 60 secs until AC is connected

    - new feature added /etc/rc.d/local_net.d for local scripts which should be run once networking is initialized

  • 04-wfi.xzm:

  • upgraded to wireless-regdb-20151022

    Porteus Kiosk version 20151019

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.10

  • 001-core.xzm:

  • - security fix gdk-pixbuf-2.32.1: Heap overflow when scaling a GIF file (CVE-2015-7674) #562878

    - added stunnel-5.20, sshpass-1.05, xf86-video-virtualbox

    - upgraded to gtkdialog-0.8.3-r1, html-xml-utils-6.9, libpng-1.6.18, timezone-data-2015f

  • 003-settings.xzm:

  • - kiosk fix fixed Google Chrome not starting during PXE boot

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.540: Multiple vulnerabilities (APSB15-27) (CVE-2015-{7645,7646,7647,7648}) #563172

  • 10-printing.xzm:

  • - upgraded to gmp-6.0.0a

    Porteus Kiosk version 20151001

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.8

  • 001-core.xzm:

  • - upgraded to pixman-0.32.8, util-linux-2.26.2, xf86-video-s3virge-1.10.7, xf86-video-chips-1.2.6

  • 002-chrome.xzm:

  • - upgraded to google-chrome-45.0.2454.101_p1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.3.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix fixed the 'homepage check' function preventing the browser from starting in some rare cases

    - new feature wizard/updates: restart network service after 5 failed download attempts of the additional components

  • 004-wifi.xzm:

  • - upgraded to libnl-3.2.26, wireless-regdb-20150925

    - added iwlwifi-7265D-13.ucode firmware

  • 05-flash.xzm:

  • - security fix flashplayer-plugin-11.2.202.521

  • 10-printing.xzm:

  • - upgraded to gnutls-3.3.17.1, nettle-3.1.1, python-2.7.10

    Porteus Kiosk version 20150918

  • 003-settings.xzm:

  • - kiosk fix removed user agent parameter from wget flags ('-U Mozilla') as it breaks dropbox.com compatibility with remote management

    - upgraded to wget-1.16.3-r1

  • 004-wifi.xzm:

  • - added rtl8812aefw.bin and rtl8812aefw_wowlan.bin firmware

    Porteus Kiosk version 20150916

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.7

  • 001-core.xzm:

  • - security fix openssl-1.0.2d: Alternate chains certificate forgery (CVE-2015-1793) #554172

    - security fix gdk-pixbuf-2.30.8-r2: heap overflow and DoS #556314

    - added xf86-video-sis-0.10.8 package

    - upgraded to atk-2.16.0-r1, dhcpcd-6.9.3, harfbuzz-0.9.41, glib-2.44.1

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-45.0.2454.93_p1

  • 003-settings.xzm:

  • - kiosk fix 'localhost' is resolved to '127.0.0.1' address properly

    - kiosk fix added 'localhost,127.0.0.1' to proxy exceptions by default to resolve printing problems when proxy is used

    - new feature added support for remote management when kiosk is booted over network (PXE boot)

    - new feature wizard: added possibility to test printing before burning the ISO

    - new feature wizard: added new window which appears after setting up the network with 4 buttons: a) launch wizard (first run - no previous kiosk config exist), b) point device to existing remote kiosk configuration, c) load config from the network, d) load config from removable device

    - new feature wizard: added support for nested configurations when loading the config from the network/removable device

  • 07-java.xzm:

  • - upgraded to icedtea-bin-7.2.6.1

    Porteus Kiosk version 20150902


    Tagged as Porteus Kiosk 3.5.0 release


    Wizard 3.5.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - kernel config: added support for userspace parallel port printer drivers (required by hplip)

  • 001-core.xzm:

  • - upgraded to dhcpcd-6.9.2 to resolve PXE boot issues

  • 003-settings.xzm:

  • - kiosk fix if removable media are enabled then whitelist file:///media automatically

    - kiosk fix fixed custom sound level feature which got broken in 3.4.0 release

    - kiosk fix remove all non printable characters before parsing remote configs

    - new feature implemented support for nested configurations in remote management

    Porteus Kiosk version 20150830

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.1.6

  • 001-core.xzm:

  • - upgraded to nss-3.20

  • 002-chrome.xzm:

  • - major Chrome upgrade upgraded to google-chrome-44.0.2403.157_p1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.2.1. changelog: link

  • 003-settings.xzm:

  • - kiosk fix generate all required ssh keys automatically with 'ssh-keygen -A' command

    - new feature when private mode is disabled and Google Chrome is used then following functions will be enabled by default: form autofilling, editing bookmarks (bookmark bar is always enabled), Chrome applications, spellcheck, sync, translate, signing into the profile

    - new feature added foomatic printing database with support for over 4k of new drivers

    - new feature remote config is downloaded with PC ID string appended to the kiosk config URL. This way you can find out in the server logs which kiosk downloaded it.

  • 10-printing.xzm:

  • - added support for Bixolon thermal printers

    - added foomatic-db-4.0.20150819, foomatic-db-engine-4.0.12, perl-5.20.2 packages

    - upgraded to hplip-3.15.7

    Porteus Kiosk version 20150815

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-4.1.5

    - kernel config: added Virtio support

  • 001-core.xzm:

  • - security fix gdk-pixbuf-2.30.8-r1: heap overflow and DoS #556314

    - added feh-2.9.3, giblib-1.2.4, html-xml-utils-6.8, xinput_calibrator-0.7.5 packages

    - upgraded to pciutils-3.3.1, timezone-data-2015e

  • 003-settings.xzm:

  • - new feature in case of touchscreens rotate the touch input automatically to the position of the screen

    - new feature activate touch gestures in Chrome if touch capable device is found

  • 05-flash.xzm:

  • - security fix flashplayer-plugin-11.2.202.508

  • 10-printing.xzm:

  • - security fix cups-2.0.3: multiple vulnerabilities (CVE-2015-{1158,1159}) #551846

    - added pygobject-2.28.6-r55 package

    Porteus Kiosk version 20150802

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.0.9

  • 001-core.xzm:

  • - security fix expat-2.1.0-r5: Heap-buffer-overflow (CVE-2015-1283) #555642

    - upgraded to dunst-1.1.0

  • 003-settings.xzm:

  • - kiosk security fix blocked access to Firefox preferences through 'about:preferences#preferences' URL

    - kiosk fix remote management: if kiosk is signed to the 'automatic updates' service then download components directly from such channel to avoid double reburn.

    - kiosk fix fixed download progress bar not showing on slow networks (20 KB/s and below)

    - kiosk fix do not download uefi.zip during installation if booting from UEFI ISO

    - kiosk fix apply proxy/proxypac settings straight during installation so its possible to use browsers as normal

    - new feature wizard: added 'setup keyboard layout' button on the very first screen. Handy in case you are using different layout then English (US)

    - new feature wizard: added 'time setup' utility on the wifi configuration screen as wifi may fail to connect if system clock is set incorrectly

    - new feature wizard: display wireless MAC address on the wifi configuration screen (some wireless networks are filtered per MAC and this info is needed to allow the kiosk to connect)

    - new feature wizard: added possibility for testing default sound card and custom sound level

    - new feature wizard: show the list of printer manufacturers on first screen and then display relevant printer models (list is shorter so its easier to find desired model)

    - new feature wizard: save in real time to the kiosk config when doing manual edits (*Save Edits* button is no longer needed)

  • 08-ssh.xzm:

  • - security fix openssh-6.9_p1-r2: two security issues (CVE-2015-5352) #553724

  • 10-printing.xzm:

  • - security fix cups-filters-1.0.71: Incorrect fix for heap-based buffer overflow (CVE-2015-3279) #553836

    - added support for Zebra and Star thermal printers

    - added pnm2ppa-1.13-r1 (support for HP Deskjet 710, 712, 720, 722, 820, 1000 series)

    Porteus Kiosk version 20150719

  • 001-core.xzm:

  • - critical security fix nss-3.19.2: Multiple vulnerabilities (CVE-2015-{2721,4000}) #550288

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.134_p1

  • 05-flash.xzm:

  • - critical security fix adobe-flash-11.2.202.491: Multiple vulnerabilities allowing for ACE and DoS (CVE-2015-{5122,5123}) #554882

    Porteus Kiosk version 20150712

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.0.8

  • 001-core.xzm:

  • - security fix openssl-1.0.1p: Alternate chains certificate forgery (CVE-2015-1793) #554172

    - security fix ntp-4.2.8_p3: remote code execution in some configs, and a leap second issue (CVE-2015-5146) #553682

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.132_p1

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.481: use after free / "hackingteam" vuln (CVE-2015-5119) #554220

    - security fix curl-7.43.0: Multiple vulnerabilities (CVE-2015-{3236,3237}) #552618

  • 05-flash_legacy.xzm:

  • - security fix curl-7.43.0: Multiple vulnerabilities (CVE-2015-{3236,3237}) #552618

    Porteus Kiosk version 20150704

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-4.0.7

  • 001-core.xzm:

  • - upgraded to gtk+-2.24.28-r1, sqlite-3.8.10.2

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.130_p1

    - 'kiosk-printer' is set as default instead of the 'Save as PDF' option

    - new feature enabled native 'print preview' window for Chrome

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-38.1.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix do not prefer gutenprint drivers over other ones as they could offer more functions or better print quality (e.g. Xerox proprietary drivers)

    - kiosk fix removed workaround to the '100% CPU load' cups bug as its fixed upsteream now #549732

    - kiosk fix when homepage is not defined then default to porteus-kiosk.org to avoid showing of the welcome page in Chrome browser

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.468: heap buffer overflow (CVE-2015-3113) #552946

  • 10-printing.xzm:

  • - security fix cups-filters-1.0.70: remote code execution (CVE-2015-3258) #553644

    - upgraded to cups-2.0.2-r2

  • uefi.zip:

  • - 32bit EFI support: renamed bootx32.efi to bootia32.efi to make possible direct booting from isohybrid images (no need for EFI shell workaround)

    Porteus Kiosk version 20150619

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: added support for namespaces (NET_NS, PID_NS, USER_NS) which are required for Google Chrome sandbox to work

  • 001-core.xzm:

  • - security fix openssl-1.0.1o: - multiple vulnerabilities (CVE-2014-8176,CVE-2015-{1788,1789,1790,1791,1792,4000}) #551832

    - added xdotool-2.20110530.1 package

    - upgraded to ethtool-3.18

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.125_p1

    Google Chrome got better locking so it works now in a similar way to Firefox:

    - removed default Chrome profile (/home/guest/.config/google-chrome) as all preferences are managed now through the Group Policy Objects, master_preferences and chrome-flags.conf (saved in 003-settings.xzm/opt/google/chrome folder)

    - locked down all Chrome settings (including chrome://*) so its not possible to change enything even when navigation bar is enabled

    - when user create an application shortcut (Chrome menu -> More Tools -> Create application shortcuts) then it will be opened as decorated and maximized

    - popup windows will open as maximized and decorated so its possible to close them

    - disabled downloads, bookmarks, password manager and profile syncing (guest mode is forced)

    - disabled developer tools

    - disabled print preview

    - disabled following plugins by default: Chrome Remote Desktop Viewer, Native Client, Widevine Content Decryption Module

    - form autofilling is possible when private mode is disabled

    - new feature enabled controling of the 'file://' protocol through the 'enable_file_protocol=yes' kiosk setting. If your kiosks are managed centrally then you may add this parameter to your remote config.

    - new feature enabled blacklisting/whitelisting through the 'blacklist=' and 'whitelist=' kiosk settings. If your kiosks are managed centrally then you may add these parameters to your remote config.

  • 003-settings.xzm:

  • - kiosk security fix blocked 'view-source:' protocol in Firefox which was giving an access to some system files (the ones readable by the user 'guest') despite of the 'file://' protocol being disabled. Blocked accessing the Firefox menu through the 'Alt' key when new browser window is opened with the tab dragging gesture. Both issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program. Thank you.

    Porteus Kiosk version 20150611

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-4.0.5

    - kernel config: added support for Qemu virtual machines and enabled Tun/Tap driver (required for example by OpenVPN)

  • 001-core.xzm:

  • - added xf86-video-qxl-0.1.3 package

    - upgraded to acpid-2.0.23, dhcpcd-6.9.0, ntfs3g-2014.2.15-r, usbutils-008-r1

  • 002-chrome.xzm:

  • - upgraded to google-chrome-43.0.2357.124_p1

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-38.0.1 changelog: 32.0 33.0 34.0 35.0 36.0 37.0 38.0

    - browser is started as maximized rather than fullscreen by default. This allows to launch HTML5 apps like pdf viewer, youtube video player and other in real fullscreen with no firefox navigation bar visible at the top. To restart the browser you have to close its last tab - same as in Google Chrome.

    - stop/refresh buttons are back in their original position (right side of the URL bar).

    - disabled openh264 plugin which is needed only for video chats (Firefox Hello communication client) and would have to be downloaded during every browser restart due to license restrictions

    - disabled Enhanced Tiles by default

    - disabled HeartBeat rating system and Google SafeBrowsing service

  • 003-settings.xzm:

  • - kiosk fix Google Chrome - fixed handling of homepages containing '&' sign

    - kiosk fix close 'shutdown menu' when going back from sleep

    - kiosk fix removed Chinese/Japanese/Korean layouts from the keyboard mapping list in the wizard as they need external input method application not supported in kiosk by default

    - new feature when private mode is disabled then open new tab as 'about:newtab' rather than 'about:blank'

  • 04-wifi.xzm:

  • - upgraded to wireless-regdb-20150605

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.466: multiple vulnerabilities (CVE-2015-{3096,3097,3098,3099,3100,3101,3102,3103,3104,3105,3106,3107,3108}) #551658

  • 10-printing.xzm:

  • - upgraded to ghostscript-gpl-9.15-r1, libpcre-8.36

    Porteus Kiosk version 20150531


    Tagged as Porteus Kiosk 3.4.0 release


    Wizard 3.4.0 features: all new features implemented on the wizard level can be found here

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.14

    - kernel config: added many new drivers for better support of the tablets and x86 embedded devices

  • 001-core.xzm:

  • - added ntfs3g-2014.2.15, nspr-4.10.8 and nss-3.17.4 packages

    - upgraded to alsa-lib-1.0.29, alsa-utils-1.0.29, cairo-1.14.2, xf86-video-geode-2.11.17, xf86-video-mach64-6.9.5

  • 002-chrome.xzm:

  • - added google-chrome-43.0.2357.81. Welcome Google Chrome!

  • 002-firefox.xzm:

  • - removed libs doubled in 001-core.xzm (from nss and nspr packages)

  • 003-settings.xzm:

  • - kiosk fix scale only connected and initialized video outputs (skip cases when crtc cant be find)

    - kiosk fix no matter what user selects in the wizard - keep navigation/address bar enabled when in debug mode

    - new feature set custom resolution on all active displays and not just the first one

  • 04-wifi.xzm:

  • - security fix wpa_supplicant-2.4-r3: EAP-pwd missing payload length validation (CVE - Pending) #548742

    - upgraded to jimtcl-0.76

  • 10-printing.xzm:

  • - security fix gnutls-3.3.15: MD5-based ServerKeyExchange signature accepted by default (GNUTLS-SA-2015-2) #548636

    - security fix libtasn1-4.5: invalid memory access (CVE-2015-3622) #548252

    - upgraded to nettle-2.7.1-r4

    Porteus Kiosk version 20150519

  • initrd:

  • - when kiosk data is not found then display debug info and drop to the shell only after key press (wait 10 secs for it). If no action is taken by the user then shutdown the PC.

  • vmlinuz and 000-kernel.xzm:

  • - kernel config: compiled XFS into kernel as its not loaded automatically when mounting device formatted with this filesystem

  • 001-core.xzm:

  • - upgraded to openssl-1.0.1m

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.7.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix whitelisted 'about:blank' by default so 'access denied' image is not shown on a new tab

    - kiosk fix set default sound level to 90% as 75% may be too low

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.460: multiple vulnerabilities (CVE-2015-{3044,3077,3078,3079,3080,3081,3082,3083,3084,3085,3086,3087,3088,3089,3090,3091,3092,3093) #546706

    - security fix curl-7.42.1: sensitive HTTP server headers also sent to proxies (CVE-2015-3153) #548130

  • 05-flash_legacy.xzm:

  • - security fix curl-7.42.1: sensitive HTTP server headers also sent to proxies (CVE-2015-3153) #548130

  • 07-java.xzm:

  • - upgraded to icedtea-bin-7.2.5.5

  • uefi.zip:

  • - added support for PCs equipped with 32bit EFI firmware. Some implementations do not support booting from isohybrid ISOs and its necessary to setup 'Internal EFI shell' as default for booting.

    Porteus Kiosk version 20150510

  • initrd:

  • - PXE boot: default to port 80 if PORT variable is missing in the 'http_server=' parameter

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.13

  • 001-core.xzm:

  • - upgraded to kmod-20, xf86-video-cirrus-1.5.3, xf86-video-neomagic-1.2.9, xf86-video-savage-2.3.8, xf86-video-siliconmotion-1.7.8

  • 003-settings.xzm:

  • - kiosk fix fixed handling of SSIDs with whitespaces in name

    - new feature automatic updates: inject PC ID to /etc/version so its possible to identify the kiosk through it

    - new feature if 'shutdown menu' is not enabled then allow powering off the PC by pressing the power button. If user has a physical access to it then can force kiosk shutdown by holding the button for 5 secs anyway

  • 04-wifi.xzm:

  • - security fix wpa_supplicant-2.4: action script execution vulnerability (CVE-2014-3686) #524928

  • 05-flash.xzm:

  • - security fix curl-7.42.0: Multiple vulnerabilities (CVE-2015-{3143,3144,3145,3148}) #547376

  • 05-flash_legacy.xzm:

  • - security fix curl-7.42.0: Multiple vulnerabilities (CVE-2015-{3143,3144,3145,3148}) #547376

  • 06-fonts.xzm:

  • - upgraded to wqy-zenhei-0.9.46

    Porteus Kiosk version 20150423

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.12

  • 001-core.xzm:

  • - security fix libxml2-2.9.2-r1: denial of service processing a crafted XML document #546720

    - upgraded to dbus-glib-0.102, expat-2.1.0-r4, glibc-2.20-r2, harfbuzz-0.9.38, hwids-20150129, libnotify-0.7.6-r1, timezone-data-2015b

  • 003-settings.xzm:

  • - kiosk fix fixed default permissions for ntfs so its possible now to mount NTFS formatted removable media

    - new feature allow access to 'about:config' when in debug mode

    - new feature run all custom scripts from /etc/rc.d/local_cli.d (when in runlevel 3) and /etc/rc.d/local_gui.d (when in runlevel 4) during startup

  • 04-wifi.xzm:

  • - upgraded to usb_modeswitch-2.2.0_p20140529, wpa_supplicant-2.2-r1

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.457: multiple vulnerabilities (CVE-2015-{0346,0347,0348,0349,0350,0351,0352,0353,0354,0355,0356,0357,0358,0359,0360,3038,3039,3040,3041,3042,3043,3044}) #546706

  • 10-printing.xzm:

  • - upgraded to cups-2.0.2-r1, hplip-3.15.4

    Porteus Kiosk version 20150413

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.11

  • 003-settings.xzm:

  • - kiosk fix timeout after 10 secs when waiting on wifi interface so other NICs can be initialized by dhcpcd (wired connection can be used as a fallback for wifi)

    - kiosk fix initialize brightness by default on all supported outputs to resolve 'dark screen' bug affecting some Intel GPUs

    - kiosk fix installation/reconfguration/upgrade: timeout downloading of components after 20 secs when connection to the server is lost (wget waits 15 mins by default)

    - new feature save current time to hardware clock if ntpdate succeeded pulling the date from the internet

  • 06-fonts.xzm:

  • - upgraded to thaifonts-scalable-0.6.1

  • 10-printing.xzm:

  • - security fix poppler-0.32.0: segmentation fault in XRef::getEntry at XRef.cc:1317 #542220

    Porteus Kiosk version 20150403

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.10

    - kernel config: added UDF filesystem support required for mounting of some optical media

  • 001-core.xzm:

  • - upgraded to util-linux-2.25.2-r2, xf86-video-trident-1.3.7, libwacom-0.11

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.6.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix setup automatic proxy configuration separately for kiosk config and wallpaper URLs as they may be handled by proxy exceptions

    - kiosk fix setup sound level later in the boot process to allow slow sound devices initialize properly

    - new feature automount iso9660 and udf formatted CDs and DVDs when 'removable devices' support is enabled

  • 04-wifi.xzm:

  • - upgraded to libnl-3.2.25, ca-certificates-20140927.3.17.2

  • 10-printing.xzm:

  • - security fix libtasn1-4.4: stack overflow in DER decoder (CVE-2015-2806) #544922

    Porteus Kiosk version 20150322

  • vmlinuz and 000-kernel.xzm:

  • - various updates to the kernel config

  • 001-core.xzm:

  • - security fix openssl-1.0.1l-r1: Multiple vulnerabilities (CVE-2015-0204,0207,0208,0209,0285,0287,0288,0289,0290,0291,0292,0293,1787) #543552

    - security fix libXfont-1.5.1: BDF file parsing issues (CVE-2015-1802) #543630

    - new feature switched to 'ripples' screensaver which looks nicer and does not leave any distortions on the screen when running for longer

    - upgraded to timezone-data-2015a, glib-2.42.2, atk-2.14.0, gtk+-2.24.27

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.5.3. changelog: link

  • 003-settings.xzm:

  • - kiosk fix fixed 'remote management' not working with UEFI PCs

    - kiosk fix fixed a bug which prevented having address bar disabled and navigation bar hidden at the same time

    - kiosk fix removed tiny white line displayed on top of the screen when navigation bar was disabled

    - kiosk fix restart vnc service automatically in case it crashes

    - kiosk fix changed default font size to 12 for system messages

    - new feature scale smaller screen automatcally when second monitor is connected and there is a mismatch in resolution between internal/external outputs

    - new feature disabled 'search for text when i start typing' in firefox preferences so kiosk can work with bar code scanners out of the box

    - new feature screensaver runs now in fullscreen mode rather than maximized+undecorated, this allows to have all other applications decorated in kiosk

  • 04-wifi.xzm:

  • - upgraded to wireless-regdb-20150313

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.451: multiple vulnerabilities (CVE-2015-{0332,0333,0334,0335,0336,0337,0338,0339,0340,0341,0342}) #543112

  • 10-printing.xzm:

  • - security fix cups-filters-1.0.66: remove_bad_chars() bypass #542158

    Porteus Kiosk version 20150308

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.18.9

  • 001-core.xzm:

  • - added pacparser-1.3.1 package required for proxy auto configuration

  • 003-settings.xzm:

  • - kiosk fix fixed downloading of kiosk remote configs/wallpapers from some SSL protected sites

    - kiosk fix apply settings from proxy pac files to all applications and not only firefox

    - kiosk fix export 'https_proxy=' and 'ftp_proxy=' environmental variables properly

    - kiosk fix fixed discovering of some usb wifi dongles in the welcome wizard

    - kiosk fix clear booting screen so system version is not visible when Xorg is restarted through the shutdown menu

    - kiosk fix run ntpdate even when clock is set to Factory

    - added 'shutdown' utility wrapper

  • 04-wifi.xzm:

  • - added rtl8188eufw.bin firmware

    Porteus Kiosk version 20150302


    Tagged as Porteus Kiosk 3.3.0 release


    Wizard 3.3.0 features: all new features implemented on the wizard level can be found here and here.

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • initrd:

  • - upgraded to busybox-0.23.1

    - enabled busybox applets: dirname, fgrep, nohup, pkill, printenv, printf, pwd, realpath, seq, touch, uniq, usleep, which, whoami, xargs

  • vmlinuz and 000-kernel.xzm:

  • - major kernel upgrade upgraded to linux-3.18.8 and aufs 3.18-20150223

    - upgraded firmware to relevant kernel version

  • 001-core.xzm:

  • - security fix freetype-2.5.5: Multiple vulnerabilities (CVE-2014-{9656,9657,9658,9659,9660,9661,9662,9663,9664,9665,9666,9667,9668,9669,9670,9671,9672,9673,9674,9675}) #539796

    - added libevdev-1.3 and xf86-video-s3-0.6.5-r1 packages

    - major Xorg upgrade upgraded xorg-server to version 1.16.4 and bumped whole Xorg stack: cairo-1.12.18-r1, libdrm-2.4.59, libICE-1.0.9, libpciaccess-0.13.3, libxcb-1.11-r1, libXext-1.3.3, libXfont-1.5.0, libXft-2.3.2, libXi-1.7.4, libXxf86vm, libxshmfence-1.2, mtdev-1.1.5, pixman-0.32.6, xf86-input-evdev-2.9.1, xf86-input-synaptics-1.8.1, xf86-input-wacom-0.24.0, xf86-video-ast-1.0.1, xf86-video-ati-7.5.0, xf86-video-i740-1.3.5, xf86-video-intel-2.99.917, xf86-video-modesetting-0.9.0, xf86-video-nouveau-1.0.11, xf86-video-tdfx-1.4.6, xinit-1.3.3-r1, xkbcomp-1.3.0, xkeyboard-config-2.14, xorg-server-1.16.4, xrandr-1.4.3

    - upgraded to dhcpcd-6.6.7, oxygen-gtk-1.4.6, timezone-data-2014j, xscreensaver-5.32

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.5.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix removed hplip version from the driver name in the wizard (allows hplip package upgrades in the 'automatic updates' channel)

    - kiosk fix fixed handling of WPA passwords containing spaces

    - kiosk fix fixed race condition between ssh/vnc services during kiosk startup

    - new feature allow outgoing traffic in the firewall on all ports by default. Incoming/forwarded traffic is still blocked as before. This is needed for proxy autoconfiguration service, browsing ftp shares, flovplayer video support, etc ...

    - new fature switched to system wide proxy so all applications can use it and not only firefox

    - new fature rotate screen on all connected displays and not only on default one

  • 04-wireless.xzm:

  • - added jimtcl-0.73, ppp-2.4.7, usb_modeswitch-2.1.0_p20140129, wvdial-1.61, wvstreams-4.6.1-r3 which are needed for dialup support in kiosk

  • 10-printing.xzm:

  • - added gmp-5.1.3-r1, gnutls-3.3.10-r2, libtasn1-4.2, nettle-2.7.1-r1 which are the new dependencies for the cups package (openssl support has been replaced with gnutls for making secure connections)

    - upgraded to cups-2.0.1-r1, hplip-3.15.2

    Porteus Kiosk version 20150213

  • initrd:

  • - enabled 'env' busybox applet required by hplip (hp printers)

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.33

    - kernel config: enabled support for more than 4 com ports

  • 001-core.xzm:

  • - security fix freetype-2.5.4-r1: Multiple vulnerabilities (CVE-2014-{9656,9657,9658,9659,9660,9661,9662,9663,9664,9665,9666,9667,9668,9669,9670,9671,9672,9673,9674,9675}) #539796

    - security fix dbus-1.8.16: denial of service in dbus >= 1.4 systemd activation (CVE-2015-0245) #539482

  • 003-settings.xzm:

  • - kiosk fix automatic updates - check for kiosk server accessibility before performing system update

    - kiosk fix wizard - do not accept VNC passwords longer than 8 characters (upstream limit) and keep asking until shorter one is provided

    - kiosk fix firefox UI - reintroduced 'back/forward' buttons when address bar is disabled

    - kiosk fix firefox config - allow insecure ntlm authentication (disabled by upstream in firefox 30.x)

    - new fature firefox UI - moved home button on the right side of the URL bar as it fits better there

    - new fature firefox config - enable all firefox plugins (vlc, libreoffice, mozplugin, npica, etc) even if they are not available in kiosk by default

  • 10-printing.xzm:

  • - added python-2.7.9 and dbus-python-1.2.0-r1 required by hplip (hp printers)

    Porteus Kiosk version 20150208

  • initrd:

  • - save kiosk version in /etc/version so it can be checked through ssh or from URL bar (if file:// protocol is enabled)

  • 003-settings.xzm:

  • - kiosk fix wizard installer - fixed listing of devices with white spaces in name

  • 004-wireless.xzm:

  • - added ca-certificates-20130906-r1 required for WPA/WPA2 Enterprise support

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.442: Multiple vulnerabilities (CVE-2015-{0314,0315,0316,0317,0318,0319,0320,0321,0322,0323,0324,0325,0326,0327,0328,0329,0330}) #538982

    Porteus Kiosk version 20150128

  • 003-settings.xzm:

  • - kiosk fix do not start firewall in the background as printing exceptions may be not initialized

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.440: remote code execution (CVE-2015-0311) #537426

    Porteus Kiosk version 20150126

  • initrd:

  • - added 'readlink' busybox applet

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.29

    - kernel config: added back usblp kernel module which is needed by some non standard CUPS drivers

  • 001-core.xzm:

  • - upgraded to procps-3.3.9-r2, kmod-19, libxdg-basedir-1.2.0-r1

  • 003-settings.xzm:

  • - kiosk fix improved handling of network interfaces which are showing late in the system (e.g.: usb wifi dongle)

    - kiosk fix set volume on all audio channels except for "*Mic*" and "*Boost*" to prevent unwanted noise from the speakers

    - new feature 'automatic updates' trial - display a warning that kiosk needs to be reconfigured during the last 10 days of the trial

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.438: some vulnerability (CVE-2015-0310) #537738

    Porteus Kiosk version 20150115

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.28

    - kernel config: increased kernel log buffer size, enabled PAT support which improves 2D/3D performance in some cases, enabled PPP protocol which is needed for 3g connections, enabled USB serial drivers

  • 001-core.xzm:

  • - security fix openssl-1.0.1k: multiple vulnerabilities (CVE-2014-{3569,3570,3571,3572,8275},CVE-2015-{0204,0205,0206}) #536042

    - critical security fix xorg-server-1.15.2-r1: multiple vulnerabilities (CVE-2014-{8091,8092,8093,8094,8095,8096,8097,8098,8099,8100,8101,8102,8103}) #532086

    - added tofrodos-1.7.12a package

    - upgraded to dejavu-2.34, fontconfig-2.11.1-r2

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.4.0. changelog: link

  • 003-settings.xzm:

  • - disabled 'slow script' dialog window in firefox preferences

    - list MTRR registers in debug report

  • 004-wireless.xzm:

  • - upgraded to crda-1.1.3-r1, wireless-regdb-20141118

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.429: multiple vulnerabilities (CVE-2015-{0301,0302,0303,0304,0305,0306,0307,0308,0309}) #536562

  • 06-fonts.xzm:

  • - upgraded to dejavu-2.34

  • 10-printing.xzm:

  • - upgraded to poppler-0.26.5

    Porteus Kiosk version 20141228

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.27

    - kernel config: added support for 2TB+ drives

  • 001-core.xzm:

  • - security fix ntp-4.2.8-r1: Multiple vulnerabilities (CVE-2014-{9293,9294,9295,9296}) #533076

    - security fix libpng-1.6.16: heap overflow #533358

    - added rfkill utility

    - upgraded to glib-2.40.2, gtk+-2.24.25, pango-1.36.8

  • 003-settings.xzm:

  • - kiosk fix unblock all wifi devices during boot with rfkill

    - kiosk fix clear also /tmp folder on each firefox restart to make sure that nothing persists there

    - kiosk fix hide status bar when navigation bar is disabled

    - new feature do not create new ISO prior to installation but burn it 'on the fly'. This allows to install base kiosk ISO (no extra modules added) on a PCs with as little as 128MB of RAM

    - new feature set system localization to en-US.UTF8

    - new feature allow HTML5 fullscreen api on all pages by default

    - new feature first run wizard - notify user when never version of Porteus Kiosk ISO is available for download

    Porteus Kiosk version 20141212

    We have got some great responses after 3.2.0 release so aside of usual security fixes and upgrades delivered by upstream this version brings esential fixes to the kiosk itself. Thanks a lot for your feedback!


  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.26

    - kernel config: added support debug messages and printk. Adds about 1MB of size to the ISO but Porteus Kiosk grows rapidly in popularity and we need more debugging info to resolve hardware problems

  • 001-core.xzm:

  • - security fix libpng-1.6.15: out of bounds memory access #532264

    - security fix libxml2-2.9.2: expansion attach (CVE-2014-3660) #525656

    - added 'dmesg' applet to busybox and full 'lspci' and 'lsusb' utilities along with pci/usb ids database - needed for debugging

    - upgraded to libdrm-2.4.58

  • 003-settings.xzm:

  • - kiosk fix 'automatic updates' - made it "fool-proof" so random files which (possibly) are added by Windows burning utilities wont break updating process

    - kiosk fix fixed bug where homepage could not be set to a page chapter: 'homepage://some_url/#tag

    - kiosk fix updated 'disable navigation bar' function which finally works around an age old fullscreen + html video fullscreen issue. Still not resolved by upstream: link

    - kiosk fix 'Welcome' wizard - fixed bug when wifi interface was named as eth1 (ipw220 driver) and kiosk could not initialize wireless connection

    - kiosk fix remove /var/log/Xorg.0.log as it contains some important system informations: kernel, Xorg, DDX driver version

    - new feature added function which discovers and switches wifi interface automatically if hardware configuration has changed (e.g.: wifi 'eth1' becomes 'wlan0'). Works only if 'dhcpcd' is selected in the wizard.

  • 004-wireless.xzm:

  • - added iwconfig utility

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.425: multiple vulnerabilities (CVE-2014-{0580,0587,8443,9162,9163,9164}) #532074

  • 10-printing.xzm:

  • - moved libusb to core as it's needed by 'lsusb' utility

    Porteus Kiosk version 20141204


    Tagged as Porteus Kiosk 3.2.0 release


    Wizard 3.2.0 features: all new features implemented on the wizard level can be found here and here.

    Other changes which sums up this release: new features implemented in the ISO level, bugfixes and package upgrades are listed in the changelog below.


    Long live Porteus Kiosk!


  • vmlinuz and 000-kernel.xzm:

  • - kernel config: added ath6k wifi drivers, minor configuration changes

  • 001-core.xzm:

  • - upgraded to libSM-1.2.2-r1

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.3.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix fixed a bug when wifi connection could not be establish in some cases

    - added generic PDF, PostScript and text-only drivers to the printer models list

  • 004-wireless.xzm:

  • - added ath6k firmware

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.424: additional hardening against CVE-2014-8439 (CVE-2014-8439) #530692

  • 08-ssh.xzm:

  • - security fix openssh-6.7_p1: openssh client does not check SSHFP if server offers certificate (CVE-2014-2653) #505942

    Porteus Kiosk version 20141122

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.25 and aufs 3.14.21+-20141110

    - kernel config: disabled an option for loading firmware through userspace as udev-217 dropped this possibility

  • initrd.xz:

  • - kiosk fix make sure that only .xzm modules are mounted to /union (aufs) and not other files or folders

  • 001-core.xzm:

  • - security fix dbus-1.8.10: denial of service via incomplete fix for CVE-2014-3636 #528900

    - added xinput and xf86-video-openchrome packages

    - upgraded to timezone-data-2014i-r1, xscreensaver-5.30

  • 003-settings.xzm:

  • - new feature added support for basic authentication for the homepage, e.g.: http://user:name@domain.org

    - new feature display notification that unauthorized component has been added to the ISO and kiosk can't be upgraded

    - new feature disabled updates of firefox addons by default, we have none in kiosk but this setting comes handy when ISO is customized manually

    - maintenance: updated system caches as all packages were recompiled with gcc-4.8.3

  • 004-wireless.xzm:

  • - added crda and wireless-regdb packages for better wifi support

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.418: multiple vulnerabilities (CVE-2014-{0573,0574,0576,0577,0581,0582,0583,0584,0585,0586,0588,0589,0590,8437,8438,8440,8441,8442}) #529088

    - security fix curl-7.39.0: libcurl duphandle read out of bounds (CVE-2014-3707) #528840

  • 05-flash_legacy.xzm:

  • - security fix curl-7.39.0: libcurl duphandle read out of bounds (CVE-2014-3707) #528840

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.5.3: multiple vulnerabilities #524560

  • 10-printing.xzm:

  • - added hplip package with support for over 900 HP printers

    - upgraded to libusb-1.0.19

    Porteus Kiosk version 20141103

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.23 and aufs 3.14.21+-20141020

    - kernel config: added support for uinput and other miscellaneous input drivers; added support for eMMC cards

  • 001-core.xzm:

  • - upgraded to alsa-lib-1.0.28, alsa-utils-1.0.28

  • 003-settings.xzm:

  • - security fix wget-1.16: arbitrary file creation through ftp symlinks (CVE-2014-4877) #527056

    - new feature display 'System is up to date' notification when kiosk works in it's latest version

  • 07-java.xzm:

  • - upgraded to icedtea-web-1.5.1-r1

  • 10-printing.xzm:

  • - security fix lcms-2.6-r1: insufficient ICC profile version validation (CVE-2014-0459) #507788

    Porteus Kiosk version 20141023

  • 001-core.xzm:

  • - critical security fix openssl-1.0.1j: multiple vulnerabilities (CVE-2014-{3513,3515,3567,3568}) #525468

    - kiosk fix added missing /usr/lib/libgudev-1.0.so library required by /usr/lib/libwacom.so

    - upgraded to timezone-data-2014g

  • 003-settings.xzm:

  • - kiosk fix final fix for the BCM chipset issue.

    - kiosk fix fixed handling of the lpd:// printer URI containing authorization string.

    Porteus Kiosk version 20141016

  • initrd.xz:

  • - added a quirk for loading 'broadcom' driver during PXE boot when BCM57780 chipset is found.

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.22 and aufs 3.14.21+-20141013

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.2.0. changelog: link

  • 003-settings.xzm:

  • - kiosk fix updated 'xzm download' function to resolve remaining md5sum issues. After this upgrade you should never experience them anymore (they may still occur only when there is something wrong with your connection).

    - added a quirk for loading 'broadcom' driver during normal boot when BCM57780 chipset is found.

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.411: multiple vulnerabilities (CVE-2014-{0558,0564,0569}) #525430

    Porteus Kiosk version 20141001

  • 001-core.xzm:

  • - security fix dhcpcd-6.4.7: fast stabilization due to the 'shellshock' issue #523900

    - added libwacom-0.7.1 required by xf86-input-wacom package

    - upgraded to util-linux-2.24.1-r3

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.1.1. changelog: link

  • 07-java.xzm:

  • - upgraded to icedtea-web-1.4.2-r1

    Porteus Kiosk version 20140918

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.19 and aufs 3.14.x-20140915

  • 001-core.xzm:

  • - security fix dbus-1.8.8: Multiple vulnerabilities (CVE-2014-{3635,3636,3637,3638,3639) #522982

    - upgraded to udev-216

  • 003-settings.xzm:

  • - updated printers list: number of supported printers increased from 1756 to 2483. read more: link

    - updated keyboard layout list: added Moldovian and Wolof layouts, removed Catalonian

  • 004-wifi.xzm:

  • - brought back 'iwlist' utility from the 'wireless-tools' package as it's needed for scanning local SSIDs in the first run wizard

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.406: Multiple vulnerabilities (CVE-2014-{0547,0548,0549,0550,0551,0552,0553,0554,0555,0556,0557,0559}) #522448

  • 10-printing.xzm:

  • - security fix cups-1.7.5: two vulnerabilities (CVE-2014-5030) #519792

    - upgraded to gutenprint-5.2.10

    - added dymo-cups-drivers-1.4.0, splix-2.0.0_p20130826, xerox-drivers-0_p20080123

    Porteus Kiosk version 20140908

  • initrd.xz:

  • - new feature display the OS version during boot

    - clean the screen properly after counting (modules/seconds)

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.18 and aufs 3.14.x-20140825

    - kernel config: added 'CONFIG_EFI_FB=y'

  • 001-core.xzm:

  • - added xf86-input-hyperpen-1.4.1, xf86-input-fpit-1.4.0

    - recompiled 'pixman' package with MMX CPU instruction support

    - removed 'xrefresh' package as it's not needed anymore

    - upgraded to timezone-data-2014f

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-31.1.0. changelog: link

  • 003-settings.xzm:

  • - switched to MAC based authorization for dhcpcd which is persistent (MAC never changes) unlike duid in kiosk

    - upgraded to mkisofs-3.01a24

  • 004-wifi.xzm:

  • - removed 'wireless-tools' package as was never really needed

  • 08-ssh.xzm:

  • - recompiled 'openssh' package with X11 forwarding support

  • 09-x11vnc.xzm:

  • - upgraded to x11vnc-0.9.13-r1

    Porteus Kiosk version 20140812

  • 001-core.xzm:

  • - security fix openssl-1.0.1i: Multiple vulnerabilities (CVE-2014-{3505,3506,3507,3509,3510,3511,3512,5139}) #519264

    - security fix dhcpcd-6.4.3: Denial of service #518596

    - upgraded to glibc-2.19-r1, timezone-data-2014d, xscreensaver-5.29

  • 003-settings.xzm:

  • - welcome wizard: fixed support for hidden wifi SSIDs

    - maintenance: updated system caches due to upgraded glibc package

  • 05-flash.xzm:

  • - security fix adobe-flash-11.2.202.400: multiple code execution or security bypass flaws (APSB14-18) (CVE-{2014-0538,0540,0541,0542,0543,0544,0545}) #519790

    - upgraded to curl-7.36.0

  • 05-flash_legacy.xzm:

  • - upgraded to curl-7.36.0

    Porteus Kiosk version 20140727

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.13

    - upgraded to aufs 3.14.x-20140720

    - kernel config: added 'CONFIG_FHANDLE=y' required by latest udev.

    - kernel config: removed 'CONFIG_USB_PRINTER=m' as usb printers are now handled by libusb.

  • 001-core.xzm:

  • - security fix openssl-1.0.1h-r2: Multiple vulnerabilities (CVE-2010-5298,CVE-2014-{0195,0198,0221,0224,3470}) #512506

    - security fix freetype-2.5.3-r1: CFF Fonts Stem Hints Processing Buffer Overflow Vulnerability (CVE-2014-2240) #504088

    - new feature added 'ntpdate' utlity to sync hardware clock with remote ntp server (pool.ntp.org) if timezone was enabled in the wizard. Outgoing udp traffic on port 123 is enabled in the firewall config.

    - upgraded to atk-2.12.0-r1, gdk-pixbuf-2.30.8, glib-2.40.0-r1, gtk+-2.24.24, harfbuzz-0.9.28, imlib2-1.4.6-r2, libglade-2.6.4-r2, libpng-1.6.12, pango-1.36.5

  • 002-firefox.xzm:

  • - major Firefox ESR release mozilla-firefox-31.0. changelog: 25.0 26.0 27.0 28.0 29.0 30.0 31.0

    - firefox config: moved refresh/stop buttons on the left side of the address bar.

    - firefox config: removed '100%' button from zoom controls to make them smaller.

    - firefox config: allowed java plugin by default so it wont ask for confirmation before running.

  • 003-settings.xzm:

  • - kiosk wizard: display wpa password and wep key on the welcome wizard config page.

    - maintenance: updated system caches.

  • 07-java.xzm:

  • - upgraded to cups-1.7.3

  • 10-printing.xzm:

  • - upgraded to cups-1.7.3, gtk+-2.24.24

    Porteus Kiosk version 20140715

  • 001-core.xzm:

  • - upgraded to kmod-18-r1, udev-215

  • 003-settings.xzm:

  • - kiosk security fix disabled 'Ctrl+Shift+h' keybinding which displays firefox history menu (nothing there as kiosk runs in 'private mode' by default but still we dont need this menu in kiosk) and 'Ctrl+`' keybinding which allows to display prevoius kiosk notifications.

    - added empty and non-executable /etc/rc.d/rc.local so users can put their startup commands into it.

  • 05-flash:

  • - security fix adobe-flash-11.2.202.394: multiple vulnerabilities (CVE-2014-{0537,0539,4671}) #516750

  • 10-printing:

  • - upgraded to libpcre-8.35

    Porteus Kiosk version 20140707

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.14.11 as 3.14.x kernel line obtained a 'Long Term Support' status: link

    - upgraded to aufs 3.14.x-20140630

  • 001-core.xzm:

  • - critical security fix dbus-1.8.6: two local DoS vulnerabilities in dbus-daemon (CVE-2014-{3532,3533}) #516080

    - critical security fix libXfont-1.4.8: integer overflow, unchecked buffer (CVE-2014-{0209,0210,0211}) #510250

    - upgraded to iptables-1.4.21-r1

  • 003-settings.xzm:

  • - kiosk security fix disabled 'Shift + left mouse button' combination to prevent opening new firefox windows when clicked on hyperlinks. This binding is especially dangerous when the navigation bar is disabled as there is no possibility to close any windows in this mode. Multiple firefox instances could slow down the kiosk or even make it unusable.

    - kiosk fix once kiosk is fully booted delete unneeded and potentially risky for the kiosk stability utilities like 'wget' or 'dd'.

    - new feature if swap support is not enabled in the wizard - spin down all the block media (hd, CD, usb, SD/MMC cards) to save energy and make the kiosk environment friendly.

  • 10-printing:

  • - recompiled cups-filters against upgraded qpdf libraries

    - upgraded to qpdf-5.1.1

    Porteus Kiosk version 20140611

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.12.22

  • 002-firefox.xzm:

  • - critical security fix mozilla-firefox-24.6.0. changelog: link

  • 003-settings.xzm:

  • - bugfix: Alt+Ctrl+Del combination will kill only previous instance of the 'kiosk shutdown' utility and not every gtkdialog application (like e.g. welcome wizard).

  • 004-wifi.xzm:

  • - removed unneeded bluetooth firmware.

  • 05-flash:

  • - security fix adobe-flash-11.2.202.378: multiple vulnerabilities (CVE-2014-{0531,0532,0533,0534,0535,0536}) #512888

    Porteus Kiosk version 20140605

  • vmlinuz and 000-kernel.xzm:

  • - upgraded to linux-3.12.21

    - upgraded to aufs 3.12.x-20140602

  • 001-core.xzm:

  • - critical security fix openssl-1.0.1h-r2: SSL/TLS MITM vulnerability (CVE-2014-{0224,0221,0195,0198,3470},CVE-2010-5298) #512506

  • 003-settings.xzm:

  • - bugfix: always put wifi interface up before scanning for available networks in the first run wizard.

  • 07-java.xzm:

  • - security fix icedtea-bin-7.2.4.7: multiple vulnerabilities #508270

    - security fix icedtea-web-1.4.2: insecure temporary directory use #501472

    Porteus Kiosk version 20140530

  • 003-settings.xzm:

  • - bugfix: export SSID as 'ssid_name=some-name' in the welcome wizard otherwise wifi networking wont be initialized.

    Porteus Kiosk version 20140523


    Tagged as Porteus Kiosk 3.1.0 release