RaspberryMatic 3.71.12.20231014
This is release 3.71.12.20231014 of RaspberryMatic which is a maintenance release with the following bugfixes and feature changes:
Hier klicken für deutschsprachige 🇩🇪🇦🇹🇨🇭 Version des ChangeLogs/Diskussionsbeitrag
🚧 Changes:
For all changes, see the full commit log.
CCU/HomeMatic service changes:
- integrated CloudMatic addon update which integrates a temporary workaround to keep VPN connections working with newer OpenSSL/OpenVPN versions which marked connections with deprecated SHA1-hashed certificates as insecure/weak. Now the
tls-cipher "DEFAULT:@SECLEVEL=0"
vpn client option is added to workaround this until EasySmarthome/Cloudmatic has updated their certificate infrastructure to use proper SHA256 secured certificates (#2442). - updated Mediola NEOserver addon to latest 2.13.0 version.
- modified lighttpd startup/config to return "503 Service unavailable" status codes if the CCU startup is not yet finished. This should prevent potential runtime issues in case external engines like ioBroker or HomeAssistant are trying to use remoteAPI ports when not all CCU services are properly started. In addition, we also allow now only certain query URLs for port 8181/48181.
- modified
ReGaHss
init script to make sure the pid file will have world readable permissions so thathss_led
can query its status. - made sure
ReGaHss
will run on umask 0027 per default so that the regadom file will be generated with a bit more strict file security settings. - integrated a first bunch of modifications so that the
hss_led
,eq3configd
,ssdpd
,snmpd
andnut
services/daemons will be executed using dedicated non-priviledged users and groups rather than always as the root user. This should slightly improve security for these services so that they are not able to access resources they don't have explicit permission for (#599).
WebUI changes:
- enhanced 0041-WebUI-Patch by adding CCU-Jack to interface/category selector (#2446, #2445, @Baxxy13).
- updated CodeMirror to 5.65.15.
- added another minor style glitch fix to
0039-WebUI-Fix-Style-Glitches
WebUI patch to show the buttons in the direct link pages in bold font weight to make the look&feel consistent with the rest.
Operating system changes:
- integrated
openresolv
/resolvconf
support so that theresolv.conf
DNS config management can be performed dynamically in future rather than always generating a staticresolv.conf
file upon bootup. - removed obsolete
PATH
settings inS46tailscaled
init script. Together with the recently introducedopenresolv
package this finally allows to correctly utilize the MagicDNS functionality in tailscale so that DNS settings will be dynamically adapted accordingly, thus all tailscale machines being reachable via their names (#2399). - integrated new buildroot upstream patch to bump libcurl to 8.4.0 to integrate important security fixes (CVE-2023-38545, CVE-2023-38546)
- fixed shellcheck warnings/errors in
dhcp.script
andeQ3StartNetwork
- fixed tailscale reverse proxy setup in lighttpd so that we can register for tailscale VPN again using the WebUI.
- updated upstream linux kernel to 6.1.57.
- updated tailscale to latest 1.50.1 version.
- updated buildroot to latest 2023.08.1 and retired a bunch of upstream patches we were maintaining for a while and are now integrated.
- introduced
rc.shutdown
script execution (#2452, @Baxxy13). - enhanced all SXX init scripts which executes a rc.xxx script by adding echo outputs to signal that these scripts are executed and also added a maximum timeout of 120 seconds for these scripts so that they can't block startup/shutdown anymore (#2450, @Baxxy13).
- regression fix for
rc.postlocal
(#2449, @Baxxy13). - introduce
/usr/local/etc/rc.postlocal
post startup script (#2447, #2338, @Baxxy13). - replaced deprecated vga kernel command option with grub
gfxpayload
variable use so that no deprecated warning should be displayed anymore. - added new
0018-grub2-fix-incompat-ext2
buildroot upstream patch which patches grub2 to ignore certain newer ext filesystem features which could hinder grub2 from correctly recognized an ext filesystem thought it is still valid. This is especially critical for the metadata checksum seed feature which since the latest e2fsck 1.47.0 version is now a default settings, thus renders new ext filesystems as grub2 incompatible without these upstream grub2 patches not part of buildroot yet. (cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031325, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030939) - updated java azul to latest LTS major version 17 (17.44.53-ca-jre17.0.8.1) and modified java-azul buildroot package accordingly which is quite some major bump in the java version potentially improving processing speed of HMIPServer.
- globally enable
BR2_ENABLE_LTO
for all our buildroot configs for potentially improved performance and smaller binaries. - use "armv7" in all our docker container builds rather than "linux/arm" or "armhf" to solve certain HA addon update issues (cf. #2393).
- modified
install-proxmox.sh
to be able to choose a dedicated VM ID (#2424, @indiana11011100). - retire 0012-ffmpeg-rpi-userland-aarch64 buildroot upstream patch as upstream fixed the aarch64 builds for rpi-userland.
- updated nodejs to 18.18.1 by adapting our nodejs buildroot upstream patchset.
👪 Contributors (alphabetically):
📝 Support:
For support on installation and help please visit the following web pages:
RaspberryMatic - Documentation 🇺🇸
RaspberryMatic - Discussions 🇺🇸
RaspberryMatic - Dokumentation 🇩🇪
RaspberryMatic - Forum 🇩🇪
📦 Download:
The following installation archives can be downloaded for different hardware platforms. To verify their integrity a sha256
checksum is provided as well. You can either upload these files using the WebUI-based update mechanism or unarchive them to e.g. flash the included *.img
files on a fresh installation media (e.g. microSD card):
-
RaspberryPi4 Model B, RaspberryPi Compute Module 4, RaspberryPi 400 – (installation):
📦 RaspberryMatic-3.71.12.20231014-rpi4.zip
SHA256: 93a9f0db635443bf80e484ed1feb15bfd42c18459b13873545d5e4aeb053d0ea -
CCU3, ELV-Charly, RaspberryPi3 Model B+, RaspberryPi3 Model B, RaspberryPi3 Model A+, RaspberryPi Compute Module 3, RaspberryPi Compute Module 3 lite, RaspberryPi Zero 2 W – (installation):
📦 RaspberryMatic-3.71.12.20231014-rpi3.zip
SHA256: 28e0ed672c6aef95e59f65b5ceee3e93e7c1a333116146070e33e0bddd92d89d
📦 RaspberryMatic-3.71.12.20231014-ccu3.tgz (only for initial CCU3 Firmware -> RaspberryMatic Upgrade)
SHA256: d1b1f4ad4e80b5f33d2d1e24788d309760e639de4fb1806f51a8a24949d5a4ce -
RaspberryPi2 Model B – (installation):
📦 RaspberryMatic-3.71.12.20231014-rpi2.zip
SHA256: 871d8e712a9ae7b03eacda8266e326a6da43fc8cac6d97499b6dae42c441fd6c -
RaspberryPi Zero W, RaspberryPi Zero, RaspberryPi Compute Module 1, RaspberryPi1 (A+/B+) – (installation):
📦 RaspberryMatic-3.71.12.20231014-rpi0.zip
SHA256: 6f9844582328fe437fc67448e885076315b047c64fa9ba60fadaf84acb066b2e -
TinkerBoard S, TinkerBoard – (installation):
📦 RaspberryMatic-3.71.12.20231014-tinkerboard.zip
SHA256: e0dd8c5128012bd545385aabcc7d54ea222e5570f37caf410121ed737350d9c9 -
ODROID-N2/N2+/C4/C2 – (installation):
📦 RaspberryMatic-3.71.12.20231014-odroid-n2.zip
SHA256: d1388c3d7b97d921ada708cf3f5dcdf29e27c47dbb3bfcc3a873dfab42e26fc8
📦 RaspberryMatic-3.71.12.20231014-odroid-c4.zip
SHA256: 808fad88953516dc1b86a4f14dbfb51ce433caae552151c099b5364dca596415
📦 RaspberryMatic-3.71.12.20231014-odroid-c2.zip
SHA256: a8abf5fc7a1cd3ee9f1a29352eac16000e7e2b2780815a8646cdc0af28606b28 -
Intel NUC – (installation):
📦 RaspberryMatic-3.71.12.20231014-intelnuc.zip
SHA256: 01940e2b4f197bdba5d6ea7756058f46b0762b7d7ee61bf0e97dc06de07182c8 -
Open Virtual Appliance (OVA) – (ProxmoxVE, VirtualBox, ESXi, Synology, QNAP, Workstation Player, QEmu, UNRAID, HyperV):
📦 RaspberryMatic-3.71.12.20231014-ova.zip
SHA256: d9f7f39c6c62bed13cf15b29b2b624862c510ad1908705a4dddfc8c2df7fc0fc
📦 RaspberryMatic-3.71.12.20231014.ova (only for initial OVA installation)
SHA256: 062ec9b65afb74589d98f061259efb2d05f8bd3788268dec0736bab234b6e699 -
Docker / Open Container Initiative (OCI) – virtual appliance (installation):
📦 RaspberryMatic-3.71.12.20231014-oci_amd64.tgz (amd64/x86_64)
SHA256: b40bdb6f42fbd2346e026404a3f18c122e85846c54705215f13f4d10d9e21829
📦 RaspberryMatic-3.71.12.20231014-oci_arm64.tgz (arm64/aarch64)
SHA256: ebd03a8fcf09816c0f0206473d68a7a83843a6fec5a91f03d1dbca49b60d5a70
📦 RaspberryMatic-3.71.12.20231014-oci_arm.tgz (arm/armhf)
SHA256: 66be7f59e9b07b81e4789448a17fdf4d9a97099bfe174bdfe0b740fea88dfe1f -
Kubernetes / K8s – virtual appliance:
see install documentation -
Home Assistant Add-on – virtual appliance:
see install documentation