• Upgrade of the Linux Kernel to 2.6.11 version which includes improvements in many different areas, including scalability, device support, and performance.
  
• Compact Flash: the Virtual Flash File System was implemented, it is mounted in the "/mnt/flash" directory during the boot time. These are the files:
  • boot_ori
  • boot_alt
  • boot_conf (old config)
  • zImage
  • config.tgz (old scripts).
• Modules: The file with modules configuration was changed from /etc/modules.conf to /etc/modprobe.conf.
• IPSec: the 2.6 kernel uses Openswan 2.3.0 in place of Freeswan (see Change Log for upgrade notes)
• has support for NAT-Transversal that allows IPSec to be used behind any NAT device by encapsuling ESP in UDP
• the client need to include the following line in /etc/ipsec.conf file:
  nat_transversal=yes
• LAN Bonding (Active Backup only)
• Achieve redundancy on the Ethernet devices;
• The standard Ethernet interface and one PCMCIA card act as one unique interface, answering for the same IP address, with the same MAC address;
• No manual intervention is required when the primary connection is lost or recovered;
• The failover is transparent and all connection sessions continue working with no interruption.

• Authentication Enhancement:
• The administrator can choose different authentication types for accessing the box from accessing the port. The configuration can be done either by web interface or by CLI.
• Each authentication server configuration is stored in its own configuration file:
• For Radius: /etc/raddb/server
• For TacacsPlus: /etc/tacplus.conf
• for Kerberos: /etc/krb5.conf
• for LDAP: /etc/ldap.conf
• for NIS: /etc/yp.conf
• The PAM configuration file was divided into several files, one file per service. The configuration file name has the same service name which it provides information for. They are saved under /etc/pam.d/.
• See Change Log for upgrade notes
  

• Group Authorization Enhancement: Retrieves "group" information from the authentication servers (TACACS+, RADIUS and LDAP) in order to perform a kind of "network-based" authorization.

• TIMEZONE: The ACS image includes official timezones. The administrator must run the set_timezone script to bring up a sequential menu, or configure it by WebUI or CLI. This menu shows basic options or regions, and the user can browser the options to choose one. (See Change Log for upgrade notes.)
  

• Power Management Enhancements:
• The administrator can control the state of one group (multi-outlet device) as well as to control the state of individual outlets in that group. This results in a more elegant way to control and monitor the state of the outlets on such devices.
• In the Web interface, it has been implemented in a new page called Multi-Outlet Control under IPDU Power Mgmt.
  
• In the Command Line Interface (CLI), when the pm command is called without any parameter, it shows the following menu (when a number is used as an argument, it will behave normally): 
1. Exit
2. Individual ipdus
3. Multi-outlet devices
4. Info

• IPMI Enhancements:
• Removed the "ipmiutils".
  
• The management of IPMI devices is done using ipmitool 1.6.0.
• A new page was implemented in the Web interface. IPMI Power Mgmt is in the Applications Menu.
• The device configuration was implemented in the CLI command.

• Web Interface - new or changed pages
• Ports Menu
  
• Ports Statistics - Table where the columns represent the following fields:
  • Serial port number
  • Serial port alias
  • Baud rate
  • TX bytes (bytes sent)
  • RX bytes (bytes received)
  • Frame (error)
  • Parity (error)
  • Overrun (error).
    
  • Access Tab (Physical Ports) - the configuration of the server authentication was removed
• Applications Menu
• IPDU Multi-Outlet Ctrl - manager groups of outlets (multi-outlet devices)
• IPMI Power Mgmt. - add IPMI devices and manager them.
• Connect - the pop-up window with 3.000 lines of scroll and with the Copy/Paste functionality
  
• Network Menu
• Syslog - allow the admin to configure filters by level
• PCMCIA Management in Configure Pop-up - added CDMA as card type
  
• Security Menu
• Authentication - allow the admin to configure the authentication method for access to the box and the authentication servers.
• Help Buttons are removed temporarily.
  

• CLI - New Commands
• When configuring PCMCIA cards, the user can insert (load) or eject (unload) the cards using these commands:
• cli>config network pcmcia #card insert
• cli>config network pcmcia #card eject

• PortSlave - new protocols
  
• Console (telnetSSH) - Allows the client to access the serial port using a Telnet or SSH connection, that is, it accepts any Telnet or SSH connection to access the serial port.
• Bidirectional Telnet (dynamic mode) - Support for socket_server and login mode. When the enter key is typed in the terminal connected to the serial port, CS presents the login banner and prompts to the user at the terminal. When in idle mode, the CS accepts Console(telnet).
  
• generic_dial - Generic Dial Framework will control this port.

• Upgrade of OpenSSL to 0.9.8
• This product is not affected by the vulnerability SSL 2.0 Rollback (CAN-2005-2969)

• Upgrade of OpenSSH to 4.1p1
• X.509 - support for X.509 certificates
• SSHD keys are generated in the first boot of this version (the SSHD will be able to accept connections after the generation of the keys).
  
• If you use PuTTY, you need to upgrade its version to 0.58 (the PuTTY had one  bug that was fixed in the current version).
  

• Upgrade of OpenLDAP to 2.2.26 (see Change Log for upgrade notes)
  

• Upgrade of PAM_LDAP module to 1.7.8 - Fixed potential security vulnerability
  
• Fail to re-start TLS when following referred connections. This can result in credentials being sent in clear text when pam_ldap attempts to rebind.

• Upgrade of MGETTY to 1.1.33

• Upgrade of NET-SNMP to 5.2.1.2 - This version eliminates a potential security vulnerability:
• Fixed a denial of service vulnerability when stream sockets have been configured for use (such as, TCP but not UDP).
  

• Upgrade of WIRELESS-TOOLS to 27

• Upgrade of ZLIB to 1.2.3 - Version 1.2.3 eliminates potential security vulnerabilities in zlib 1.2.1 and 1.2.2 (CAN-2005-1849).
• Eliminates a potential security vulnerability when decoding invalid compressed data
• Eliminates a potential security vulnerability when decoding specially crafted compressed data

• Upgrade of MODULE-INIT-TOOLS to 3.1-pre6

• Kerberos - Applied a patch that fixes potential security vulnerability (CAN-2005-1689, VU#623332)

• Upgrade BUSYBOX to 1.00
• Contains the login utilities (the tinylogin package was removed)

• Included support for the following PCMCIA cards:
• Xircom-XE2000 10/100 Network PC Card Adaptor
• Option Wireless-GlobeTrotter Universal Tri-band GPRS/GSM PC-Radio Card
• Growell-iCARD800 CDMA 1XRTT GW-1031C
  
  

• ts_menu utility:
• The ACL does not have the correct treatment
  
• The "-ro" option does not work in Clustering environment
  
• The "-s" option does not work in Clustering environment
  
• The CTRL-Z key is not sent through serial port when the "-auth" option is not used
  
• SNMP
  
• There are two config files for snmp on our box: /etc/snmpd.conf and /etc/snmp/snmpd.conf. Both use the same name but have different functions
  
• Some OID's regarding the eth0 interface are wrong (speed and operation status)
  
• cySPortRemoteIP value is wrong.
  
• WebUI:
• Crashes when LDAP is used to do the authentication
  
• Add User page allows the admin enter special characters in the shell field
  
• When configuring one syslog server, one filter is included in the Syslog configuration
  
• The firewall configuration is not saved when the client saves or loads the configuration using the backup configuration page
  
• Crashes when Clustering is configured and the "Connect" page is accessed
  
• Not working when adding new users, in some situations.
• The "Privileged Users" field under Multi User (Physical Port) does not accept spaces
  
• Customers have their LDAP Base Domain Name in the server with 60 characters.
  
• Unsaved changes indicator turns red even when no changes were made to the Physical Ports pages
• Firmware upgrade fails depeding on the FTP server
  
• WebUI - Java Apple
• Has an expired certificate
  
• Access to clustering port works fine for CAS (telnet), but not for CAS (SSH)
  
• Message shows when web-session times out and the client clocks in Connect
  
• TAB key is not being sent to the device when the JRE version is 1.5.0
  
• PMD daemon no longer looks for the value assigned to pmNumOfOutlets parameter
  
• pmCommand wouldn't report the status of buzzer and current protection
  
• Second dialout PPP session doesn't work
  
• syslog messages are shown after the dial-in hangup
  
• CAS(telnet)
• Sending RFC-2217 - Notify Modem State
  
• Does not relay DCD changes per RFC-2217
  
• When there is any sniff session opened, CS does not relay DCD changes
  
• Many CAS sessions die during a weekend stress test (under constant data flow)
  
• Route command segmentation fault
  
• TACACS+ authentication fallback to second server
  
• WIZ command accept only 1 DNS server
  
• nsupdate generated error messages
  
• Assigning multiple power ports no longer works
  
• Invalid users were included in the /etc/passwd file; problem should happen only in the *Local / *DownLocal authtype schemes
  
• When using the telnet client of Windows 2003 Server to access the port where the IPDU is connected, the session does not work
  
• bootconf utility allows you to select Bootp option but when saving the config at the end, bootconf change bootp option to TFTP
  
• CLI: SNMP configuration was wrong. Increased the max length of the community name
  
• The CAS (SSH) does not work when sttyCmd parameter is configured as raw -echo -echoe -echok -iexten -echoctl -echoke in pslave.conf
  
• CS holds data for 10-15 seconds while it is supposed to spit out data at every 1 second a device attached to a serial port of our CS configured at 300, 8, N, 1 with no flow control. the protocol is raw_data and half duplex (rs232_half)
  
• Enabled ssh root access in Open & Moderate profile. It should be disabled in secure profile.
  
• LS1001A's serial RS232 port only works at 9600 bps in TS profile
  
• The ipppd option deldefaultroute does not work
  
• [ISDN callback] ipppd is brought up with wrong parameters for CALLBACK
  
• Instead of md5, old DES-hased passwords are used to save password in the shadow file
  
• With one serial port configured as CAS telnet (socket_server) and using data buffering, there was one delay to show data from the serial port
  
• When upgrading the Firmware version of the CS by way of the WebUi, a failure can occur depending on the FTP server used
  
• Possible memory leak in the shared memory when using the factory configuration
  
• The command ts_menu -s does not show all virtual ports configured
  

• The "admin" username can not be added or deleted using the WebUI or the CLI. The following command can be used to add one "admin" user:
• #adduser -g admin admin <enter>
• Using WebUI to edit the one slave of Virtual Ports, if the IP address is changed, the slave will be deleted.
  

• A new directory /etc/daemon.d was created. This directory contains all files are used by the daemon.sh utility. The upgrade to the old version is done by the upgrade260.sh program that runs in the first boot with the 2.6.0 version. Always verify your configuration after the first boot.
  
• The /etc/config_files file was changed
  
• Some files were included (/etc/shadow, ...)
• Some files were removed (/etc/TIMEZONE, /etc/getty_ttyS0, ...)
• Include changes in the /etc/config_files.save and copy it to /etc/config_files and save in CF.
• Upgrade of the Linux Kernel to 2.6.11
• The Compact Flash directory was changed from /proc/flash to /mnt/flash
• The name of the configuration file in Compact Flash was changed from scripts to config.tgz
  
• The script shell defconf performs the reset to the factory configuration.
  
• The file with modules configuration was changed from /etc/modules.conf to /etc/modprobe.conf
• Included your changes in the new file and added the new file in /etc/config_files
• The /etc/ipsec.conf file was changed:
• Copy the /etc/ipsec.conf.save file to /etc/ipsec.conf file and include your changes or
• Edit your /etc/ipsec.conf file:
  
• Include the following line: version 2
• Comment out the plutoload and plutostart lines
• Upgrade of PAM-LDAP - change the OpenLDAP SSL configuration:
  
• In the /etc/ldap.conf file, at least one of the following parameters are required if the tls_checkpeer is yes:
• tls_cacertfile
• tls_cacertdir
• TIMEZONE:
• This feature now uses the /etc/localtime file.
  
• The old /etc/TIMEZONE file is erased if you configure this new feature.
  
• The image comes with no /etc/localtime file, but it will be created and replace the TIMEZONE file if you use any of the ways of configure timezone.
• Authentication Enhancement
• The /etc/pam.conf file was removed and the /etc/pam.d directory was created
• The Radius and TACACS+ servers need to be reconfigured by WebUI or CLI (the configuration of these servers in PortSlave configuration was removed).
  
• The /bin/build_DB_ramdisk shell script was changed to use ramdisk type tmpfs instead of ramfs that has had a problem with maxsize.
• The certificates that are used by SSHD and HTTPS are generated during the first boot.
  
• The name of the PCMCIA modem devices was changed from /dev/ttySxx to /dev/ttyMy. Two dedicated device files (ttyM1 and ttyM2) have been created for the PCMCIA modem devices.
• If the PCMCIA modem card has already been configured, the user should rename the existing file /etc/ppp/options.ttySxx to /etc/ppp/options.ttyM1

• The PM firmware 1.7.0 has some features that are not supported by this CS version.
  

• The text of the first message shown is wrong when root does the first login.

• The Web User Interface crashes when there are virtual ports configured and the user clicks in Applications option.
• Web User Interface - connect to the virtual ports using SSH protocol.
• ts_menu:  SSH session to Box and ts_menu to access the serial port using SSH protocol. Also, the user does not enter the password; it was blocking others SSH sessions to Box or to the serial port.
• ts_menu:  Group authorization was not checked
  
• ts_menu:  Ten seconds to establish one session to serial port (authentication type as NONE)
• ts_menu:  Does not establish session to serial port when the protocol is RAW

• ts_menu can ask the password to access the serial port when the access to Box was done using ssh.
• ts_menu: The option read-only is not working to access Virtual Ports (clustering).
  

• CAS session, CS did not send the RFC2217 notify modem state.
  

a) New features

• CLI redesign
• ts_menu redesign
• new syslog messages to allow the admin to monitor the CS
  
• Upgrade of OpenSSH to 3.8.1p1.
  
• This version uses the authentication method  "gssapi-with-mic" to accept Kerberos TGT and the old version used "gssapi". The ssh kerberized client need to have support to the method "gssapi-with-mic".
  
• The OpenSSH requires a local user "sshd" in order to perform the authentication. If NIS authentication is used, please, insert the sshd user and sshd group in NIS database and configure the parameter UseLogin as yes in the sshd_config file.
  
•  Example of the line in passwd: " sshd:*:xxx:yyy:sshd privsep:/var/empty:/bin/false"
• Example of the line in group:  "sshd::yyy:"
  
• Upgrade of Zlib to 1.2.1
  
• Upgrade of Kerberos to 1.3.5
• Upgrade of OpenLdap to 2.2.15
• Save and Load configuration to/from the PCMCIA Compact Flash or IDE
• Billing Wizard
  
• Enhancement for the integration with IPDU
  
• allow user to access the pmCommand utility by ssh or telnet session to the serial port when the PM is connected.
• allow regular user to access the PM utilities (pm and pmCommand).
• the user that is a member of  "admin" group is one admin user to pm and pmCommand utilities.
• new syslog messages
• the number of Outlets of the PM is detected, so the configuration of this parameter was removed.
  
• Enhancement for the Web Interface
• allow user to connect to the box by Applications->Connect
• allow regular user to change his password
• new page with Physical Ports Status
• the previous port-specific parameters will not be discarded when the "Modify all ports" option is selected, only the parameters  modified will be copied to all ports.
  
• included the parameter "DCD state" in Physical Ports -> General.
  
 

• TACACS+ authentication works when a user tries to connect to the CS box with ssh version 2.
  
• Some problem in the Web Interface
•  ssh client using the option -T (disable  pseudo-tty allocation) and accessing the serial port, will have the session closed by CS.

• TACACS+ authentication does not work when a user tries to connect to the CS box with ssh version 1.
• Web Interface - user management allows the admin to manager 200 users in the local database
• Sometimes the "hama" Compact Flash card (64Mb) is not detected on boot time in CS-16/32/48.
  

• The file /etc/snmpd.conf was renamed to /etc/snmpd.sh. If you had modified /etc/snmpd.conf, apply the same changes to /etc/snmpd.sh.
• The file /etc/config_files was changed, some files were included.If you had run "saveconf" with release 2.2.0, your /etc/config_files is loaded from the flash and you will not have the latest list. Please edit /etc/config_files, rename the file, /etc/snmpd.conf, to /etc/snmpd.sh and run "saveconf".
• The pmusers group has removed. The file /etc/rc.sysinit was changed .If there is one saved in flash it must be replaced/merged with /etc/rc.sysinit.save. The file /etc/group was changed. If the file was not changed just replace it with the file /etc/group.save.
• This version does not have support to Sentry's IPDU nor RPC's IPDU. The files /etc/pm.sentry and /etc/pm.rpc22 were deleted. The file /etc/pmd.sh was changed. If there is one saved in flash it  must be edit:  old line - ConfigFiles="/etc/pm.bb /etc/pm.rpc22 /etc/pm.sentry" and the new line - ConfigFiles="/etc/pm.bb".
  

• Memory leak in the WebUI
  
• TCP socket error not properly handled by WebUI
  
• WebUI logs out when accidentally hit an enter key while entering some info for group name
• users configured in a group via the WebUI  are not being displayed after a log out

• Invalid error code returned by scp/ssh
  

a) New features

• WEB redesign
• Physical Ports - the previous Port-specific parameters will be discarded when the admin clicks in the "Modify All Ports" in expert mode or when the admin clicks in the "Port Profile" or "Data Buffering" in the wizard menu.
• WEB session inactivity timeout implemented
  
• Upgrade of OpenSSL to 0.9.7d
  
• Kerberos ticket support (SSH to box and to serial ports; Telnet and rlogin to box)
  
• PM in daisy chain FW upgrade support (should be used along with PM 1.2.2 and later)
  
• New Integration Power Management and Console Management.
  I) CAS access using pmkey:
       - if pmusers of the port is configured as "all", the CS allows the user to access the outlets of the server.
       - the user access verification is done by "pmd", so CAS(telnet/ssh) shows the PM menu and only when user type a command the check is done.
  II) regular users that are members of "pmusers" group can manage only outlets that they have permission to access.
• adduser command has the option "-G <group name>" that allows the admin to configure list of supplementary groups which the user is also a member of.

• Kernel with all security patches to bring it to the level of 2.4.25
• User could not access CS with empty password  through ssh/telnet
• When using ssh and idle timeout, session is closed by idle timeout even if user is using it.
• sshd doesn't work with public key auth when key is stored at users home and user ssh to port

• openssh will look in the home directory by default if public key is used
• The startPmFwUpgrade and pmFWUpgrade programs were removed. The new program for PM firmware upgrade is pmfwupgrade.
• Power Management: regular users that are members of "pmusers" group can manage only outlets
  that they have permission to access. (adduser accepts -G as parameter).
• List of vulnerabilities fixed

a) New features

• IPMI over LAN support
• menush support through WEB
• LPD support
• Data Buffer logging (connection/disconnection time stamp)
• PM field upgrade (no chain) support
  
• SNMP Proxy to access the PM
• Billing allowed in all ports and platforms
• Sniff session notification
• Upgrade of OpenSSH (from 3.6.1p2 to 3.7.1p2)

• Critical security fix: malicious users of mremap() syscall can gain privileges

• web page configuration for banner did not accept as many characters as all.issue parameter
• Error in message after submitting change in WebUI
• daemon.sh was not giving feedback at all if errors were found in the daemon list
• ntpclient was not setting the hardware clock
• /var directory had permission 777

• Command "lpq -P <printer_name>" always returns "0 bytes" as file Total Size while command "lpq -P <printer_name> -l" (long format) returns the 
  right size except for the active printing job

• patch in mremap.c file

• The file /etc/TIMEZONE was changed. If there is one saved in flash it must be replaced/merged with /etc/TIMEZONE.save
  
• The sshd program was upgraded to version 3.7.1p2 and it needs a new configuration file. If the file /etc/ssh/sshd_config was not changed just replace it with  the file /etc/ssh/sshd_config.save.  Otherwise the user should merge these files.

• The file /etc/rc.sysinit was changed.If there is one saved in flash it must be replaced/merged with /etc/rc.sysinit.save.
  
• The file /etc/group was changed. It was included the group "pam" and  "pmusers".If the file was not changed just replace it with the  file /etc/group.save.
    Otherwise the user need to do the following commands:
         #addgroup pam <enter>
         #addgroup pmusers <enter>
         #chgrp pmusers /bin/pm <enter>

a) New features

• None

• Critical security bug has been discovered in the Linux kernel within do_brk() function that may lead to full compromise of vulnerable system. Successful exploitation of do_brk() leads to full compromise of vulnerable system, including gaining full uid 0 privileges (CAN-2003-0961)

• patch in /usr/cvsroot/tslinux_mv21/linux/mm/mmap.c file

a) New features

• Compact flash and IDE PCMCIA cards support
• Support to WLAN Linksys WPC11

• rfc2217 commands were not being properly handled by socket when no data buffering or sniffing was enabled
• CrossTalk in bad console cables would halt a normal boot
• Command "updatefiles" was failing when the files under /tmp/upd/<pathname> had subdirectories
• When user logged into the CS using SecureCRT, telnet, or SSH and disconnected after the login prompt they would get the following error
pam_authenticate: Error in service module
• Removed message due to /etc/motd
• crontab -e was not working
• "Password" in the pm utility was not working correctly
• ts_menu with different Escape char was not working
• ports do not release when connecting to LDAP server

• /etc/motd removed from CS

• "Existent feature (syslog) -> the configuration file (/etc/syslog-ng.conf) was changed. The f_kernel and f_alerts in /etc/syslog-ng/syslog-ng.conf were changed."

• Comments for parameter all.sttyCmd in /etc/portslave/pslave.conf might let user think that it was valid only for TS profile because of the expression "terminal port", and it was not true. Changed the comments.

• /etc/pm.bb had the AlterPath PM prompt changed from "pm8>" to "pm>". If that file was NOT included in /etc/config_files by the user in an earlier FW version, the CS FW upgrade will force the user to either upgrade the AlterPath PM boxes to the newest FW or to edit the /etc/pm.bb file in the CS, change the prompt back to "pm8>", to include that file in /etc/config_files, to restart pmd process and to run saveconf to have the CS communicating with the AlterPath PM again.

PM versions before 1.0.9 have the "prompt pm8>"

PM versions after that have prompt "pm>"

/etc/pm.bb defines the prompt as "pm8>" for all CS versions before V_2.1.3. It defines as "pm>" for V_2.1.4 and later

a) New features

• None

• Applied latest patches until openssh 3.7.1

• The patch is a fix to buffer.c in openssh. The patch updates 3.6.1p2 to the current code level (3.7.1)

a) New features

• SSL V2 reenabled in the FW (it was disabled in previous FW version) and made configurable. This way, IE can work with SSL3 or SSL2 whereas the existent buggy Netscape and Mozila can work with SSL2.
• Hardened the code through disabling services daytime and time and rejecting time stamp

• saveconf was very slow to save configuration files in flash and was generating R/W temp files before saving them into flash
• RFC2217 not working when user did not configure data buffering or sniffing for a given serial port
• WEB would cap in 40 characters the users field before copying the field to the proper configuration file (pslave.conf). Now the limit is 256 characters.
• CrossTalk in bad console cables made the unit not boot if the console cable did not have console hooked up
• Socket CAS was handling telnet command NOP as data
• pam was generating a deceiving error saying "unable to set group membership for user (err=-1)". It was a incompatibility between sshd (set_creds) and pam_groups (set_creds). The

pam_groups issue a system call that requires root privilege but sshd already change the privilege to the user just logged in. Removed the module pam_groups from the sshd service (pam.conf).

• SSL2 enabled or disabled through configuration file (/etc/ssl_version.conf). The user will choose between SSLv2, SSLv3, and SSLv23 (default).

a) New features

• Upgrade of OpenSSH (from 3.5.p1 to 3.6.1p1)
• Upgrade of Openssl to 0.9.7b
• Upgrade of net-snmp (from 5.0.7 to 5.0.8)
• Windows 2003 support
• Enhanced Clustering (allows encrypted path between master and slave at lower CPU cost, authentication between master and slave)
• Allows Radius Server to specify the serial ports the user can access
• tstest with chat string support
• Enabled pam_tally module
• Support to NIS
• Support to LDAPDownLocal authentication
• Support to NISDownLocal authentication
• Support to KerberosDownLocal authentication
• SSH-2 break extension support
• performance improvement (transfer rate over serial ports). This feature affects the meaning of the parameters all.DTR_reset, all.auto_answer_output, and all.auto_answer_input
• support to change and control (FW and Configuration) to work with new  product

• Radius and callback was not working properly (no call back)
• "W" command showing a wrong pid  for ports TS profile
• Radius was sending a wrong NAS-Port-Id to Radius Server
• Changed DHCP client to keep trying to get an IP address forever if configured as "1"
• If a user belongs to more than one group he can not access CS serial port properly

• Windows 2003 support: new parameters in /etc/portslave/pslave.conf (s<nn>.translation xterm, s<nn>.web_WinEMS, s<nn>l.xml_monitor), added file /webs/web/appl/utf8key.conf, added web interface for Win EMS via java applet), New macros available in /etc/syslog-ng/syslog-ng.conf:
• added /webs/web/appl/close.gif, /webs/web/appl/refresh.gif, /webs/web/appl/colorSet.conf

- java applet now pops up when you connect. There is a refresh and close icon that users can click on. The refresh button is used to reconnect to the server. The close icon is used to close the window of the popup.
• Enhanced Clustering: new parameter in /etc/portslave/pslave.conf (conf.nat_clustering)
• NIS:

    . change in /etc/nsswitch.conf (inserted commented lines about NIS)
    . change in /etc/pam.conf (changed module pam_unix.so to module pam_unix2.so).
    . created new file yp.conf (NIS server configuration) and domainname.conf (NIS domain name)
    . created new program /bin/domainame (to configure the domain name)
    . new lib /lib/libnss_nis-2.2.3.so and /lib/security/pam_unix2.so
• LdapDownLocal:

    . change in /etc/portslave/pslave.conf
    . changed WEB interface to support new value to authentication type parameter
    . changed snmpd to support new value to authentication type parameter
    . change din /etc/pam.conf (added new service ldapdownlocal)
• KerberosDownLocal:

    . change in /etc/portslave/pslave.conf
    . changed WEB interface to support new value to authentication type parameter
    . changed snmpd to support new value to authentication type parameter
    . change in /etc/pam.conf (add new service kerberosdownlocal)
 
• SSH-2 break extension: (support to "Session Channel Break Extension - draft-ietf-secsh-break-00.txt")

    . implemented client and server.
    . break interval -> change in /etc/portslave/pslave.conf (added parameter all.break_interval)
• performance improvement

. change in /etc/portslave/pslave.conf (included new value to all.sniff_mode)
• support to change and control (FW and Configuration)

. saveconf and restoreconf -> have more options
. adduser -> allow to add user with root privileges
• existent feature (DHCP client) -> the following files were changed: /bin/handle_dhcp (now this script shell does the ifconfig commands to set the IP address to eth0) and /etc/network/dhcpcd_cmd.
• existent feaute (default route) -> the /etc/network/st_routes was changed. The option "metric 3" was inserted in the definition of the default route.

a) New features

• Power Management. Allows users connect IPDUs (Inteligent Power Distribution Unit) from some vendors (Cyclades, Baytech and Sentry) to Advanced Console Servers and manage the outlets used to power the Servers.
• Upgrade of OpenSSL to 0.9.7a
• Upgrade of net-snmp to version 5.0.7
• Upgrade of Busybox to 0.60.5. (include support to "top" command).
• Upgrade of DHCP to 1.3.22
• Dynamic DNS update support
• Dynamic serial port allocation (hunting group; pool of serial ports) support

Telnet/SSH connections with Data Buffering are locked after NFS server goes down

Protocol socket_server ignores the [more] data buffer menu command over telnet

Wizard for DB is setting the parameter *.data_buffering wrongly when the value has more than 5 digits

PPP connection from a Windows 2000 would not be established unless cb_script line was commented out in pslave.conf

• New feature (Power Management):

The text of the first message showed when root does the first
login, is wrong:

Files changed:
 - /etc/inittab

New parameters were added in webs configuration, serial ports section: Protocol (the IPDU protocol was included), IPDU type, PM users, PM number of outlets, PM outlets and PM hotkey.

- The same parameters above were added in the MIB.
- The process pmd was included in the webs administration to restart processes.
- The Link Administration > Power Management was created to manage the IPDU's outlets.
 

• Created a script to change persmission of pppd during bootup /bin/chmod_pppd

• Added that script (commented out) from users_script (/etc/users_scripts)

• Existent feature (telnet client) -> /bin/telnet moved to /usr/bin/telnet. (see upgrade notes); /etc/portslave/pslace.conf was changed (conf.telnet parameter).

• The nsupdate application was added in the CS to allow the dhcpcd performing the DDNS updates when the dhcp server does not perform them. The nsupdate can be called from the shell script "handle_dhcp" using the data  received from the dhcp server that were written into the file "/etc/dhcpc/dhcpcd-eth0.info".

• A new command line option was added to the tstest program: the "-I <initchat>".

So, the command to do port conversation without navigating in the menu should be:

tstest -l <#port> -s <baudrate> -I <initchat_string>

The command "tstest -?" will display all options available:

-l #port      - Serial port number [1 to 32]
-s speed      - Baud rate
-p parity     - Parity even, odd, none
-f flow       - Flow control hard, soft, none
-d DataLength - Number of bits from 5 to 8
-b            - Send break 0.25 to 0.5 seconds long
-B interval   - Send break [1-5] seconds long
-T interval   - Toggle DTR [1-5] seconds long
-t            - Toggle DTR forever
-R interval   - Toggle RTS [1-5] seconds long
-r            - Toggle RTS forever
-i            - Port conversation
-I <initchat> - Port conversation
-c            - doesn't change tty configuration/signals on open
-C            - doesn't restore tty configuration/signals on close
 

• Java applet has changed. Now to ssh to the port chosen, users can just type the username and his/her password rather than typing username:portnumber and then his/her password.

• Existent feature (CallBack in Dial-In profile) ->  /bin/chat was moved to /usr/local/sbin/chat, so the /etc/portslave/cb_script  was changed  (included the path "/usr/local/sbin" to "chat").
   

• Existent feature (Dial-In profile) -> change in /etc/portslave/pslave.conf (removed the callback from the default of the pppoptions parameter).
 
• Existent feature (busybox) -> upgrade version 0.60.2 to version 0.60.5 (included support to the "top" command  and the "ps" shows new columns). The /etc/inittab file was changed because the order to start the process was changed in the new busybox.
 
• Existent feature (/bin/build_DB_ramdisk) -> change to not show the messages from /etc/mke2fs and /etc/mount.
 
• Existent feature (MIB) -> change to support new PortSlave parameters and fixed some problems with object definitions.
 
• Included Note about CHAP authentication (Chapter 3, section Authentication)

• New feature (hunting group) -> added some new parameters in /etc/portslave/pslave.conf (all.pool_ipno, all.pool_serverfarm, all.pool_socket_port)

a) New features

• Upgrade of the WEB server (goahead v2.1.4)
• The WEB logic for access limit has changed. There will be 4 priority levels: user, monitor, administrator and full (root). Each page will have a priority level associated with it; if the page has monitor priority, all the users with privilege monitor, administrator or full will have access to the page. The default user groups will be root (full), admin (administrator), monitor (monitor) and user (user). Also, the link list will be grouped according to the user privilege. The common user, for now, will be able to logout and to connect to serial ports, nothing more. In order to make it effective, it's necessary to change the file /etc/websum.conf with the one in the new zImage.
• Run Configuration implemented in WEB. A link was created in the Administration section and, in the page, the administrator can reload the portslave, the IPSEC, the snmp and the syslog-ng configuration. The signal_ras script was changed to fit this feature.
• Added a link called SNMP in the Configuration section. This configuration is done in the same way as syslog-ng; by editing the file.
• Changed the syslog-ng.conf file. The new configuration allows syslog-ng to receive syslog messages from the Kernel.
• Implemented a new PortSlave parameter "all.telnet_client_mode". This parameters allows the user to choose text or binary mode for automatic telnet client.
• ISDN BRI PCMCIA card supported
• Implemented a new PorstSlave parameter "all.lf_suppress" to allow some Windows telnet client to access Unix servers and not receive double prompt.
• Implemented two new PortSlave parameters "all.auto_answer_input" and "all.auto_answer_output" to allow PowerEdge Servers to display BIOS' output when there's no connection (ssh or telnet) to that serial port (given data buffering is active).
• Enhanced sniffer feature by allowing presenting or not the sniffer menu

• A problem in syslog data buffering was fixed. That would appear when the parameter data_buffering is not enabled and the parameter time stamp is enabled.
• When changing serial port configuration parameter like "sttyCmd" and issuing the "signal_ras hup" command the serial port parameter is not being reconfigured.
• If slave entries for all 48 ports of a CS are added to the pslave.conf file in the master the following message appears when the slave is selected on the ts_menu first screen.
 
"Caution: You have exceeded the number of slaves allowed. You may be invading your system's memory therefore affecting the performance of this application..."
• CS - SNMP

Fixed problem with to save configuration and to restart PortSlave by SNMP set.
• New Logo replacing the old one
• Changed the banner to show Advanced Console Server
  

• new feature (Access Limit by priority) -> change in /etc/websum.conf (reconfigured user groups and access limits according to the priority and added some more access list entried)
• new feature (Common Users access only application pages) -> files web/read/{*.jar, *.conf, sportConnect.asp, connectPorts.asp} moved to web/appl.
• new feature (complete Run Configuration) -> Link "Run Configuration" inserted in the Administration section, in

the Web Server Menu
• new feature (SNMP configuration) -> Link "SNMP" inserted in the Configuration section, in the Web Server

Menu
• new feature (Define the text/binary mode in automatic telnet client) -> change in /etc/portslave/pslave.conf (added the parameter all.telnet_client_mode)
• new feature (LF suppression) -> change in /etc/portslave/pslave.conf (allows suppressing the last LF from the CRLF sent by a Windows telnet client to avoid having double prompt on screen when user accesses a Unix server through the CAS' serial port)
• new feature (Probing mechanism) -> change in /etc/portslave/pslave.conf (if a server probes the serial port by sending a string the CAS answer with other string so BIOS can start displaying. Input and output strings are configurable)
• existent feature (session sniffing) -> change in /etc/portslave/pslave.conf (all.multiple_sessions can be configured to present or not the sniffer menu)
• existent feature (syslog-ng receives syslog message from kernel) -> change the syslog-ng.conf file (see the upgrade notes), change in upgrade_110 file
• the command "w" is changed. The original version was renamed to "w_ori". "w_cas" is a new command and it shows the information about CAS sessions. The command "w" calls w_ori and w_cas.
• Files changed due to ISDN BRI:

- Inclusion of isdn4k-utils package.
- Changes in the linux/drivers/isdn and linux/drivers/isdn/hisax files.
- Changes in the tslinux_mv21/Makefile to generate isdn4k-utils tools and support modules_install (CDK).
- Changes in tslinux_mv21/linux/Makefile.cyc to support modules_install (CDK).
- Changes in tslinux_mv21/linux/.config.tsxk to support isdn subsystem and ppp as loadable module (CDK).
- Inclusion of /etc/ppp files to support synchronous ppp.
- Changes in build_extra to create isdn devices under /dev (CDK).
- Changes in /lib/modules/<version>/ files to support isdn.
- Changes in /etc/config_files to save /etc/ppp/pap-secrets and /etc/ppp/chap-secrets in flash.
• CS MIB for SNMP management

Included new PortSlave Parameters in the CS MIB.
• The configuration of the snmpd (/etc/snmp/snmpd.conf file) was changed. The upgrade has to be done in two steps:

. First step.
.. Save the file /etc/snmp/snmpd.conf, if it was changed.
.. Edit the file /etc/config_files and remove the line related to snmp.
.. Execute the command "saveconf" and reboot the CS.

. Second step.
.. if the file /etc/snmp/snmpd.conf was changed the user should make his own
changes again.

a) New features

• Linux Kernel 2.4.17
• PAM Support (LDAP, Kerberos, TACACS+, Radius, Local authentication)
• SSH 1/2, telnet, ftp, PPP and SLIP, 10/100BT
• Spurious Break Eliminator
• PCMCIA support (modem card, Ethernet and Wireless initially)
• Extended wizard configuration
• Java Applet to allow serial connection using browser (telnet or ssh sessions)
• IPSec support
• All features supported by the predecessor family

• None