This is release 22.214.171.12431014 of RaspberryMatic which is a maintenance release with the following bugfixes and feature changes:
For all changes, see the full commit log.
CCU/HomeMatic service changes:
- integrated CloudMatic addon update which integrates a temporary workaround to keep VPN connections working with newer OpenSSL/OpenVPN versions which marked connections with deprecated SHA1-hashed certificates as insecure/weak. Now the
tls-cipher "DEFAULT:@SECLEVEL=0"vpn client option is added to workaround this until EasySmarthome/Cloudmatic has updated their certificate infrastructure to use proper SHA256 secured certificates (#2442).
- updated Mediola NEOserver addon to latest 2.13.0 version.
- modified lighttpd startup/config to return “503 Service unavailable” status codes if the CCU startup is not yet finished. This should prevent potential runtime issues in case external engines like ioBroker or HomeAssistant are trying to use remoteAPI ports when not all CCU services are properly started. In addition, we also allow now only certain query URLs for port 8181/48181.
ReGaHssinit script to make sure the pid file will have world readable permissions so that
hss_ledcan query its status.
- made sure
ReGaHsswill run on umask 0027 per default so that the regadom file will be generated with a bit more strict file security settings.
- integrated a first bunch of modifications so that the
nutservices/daemons will be executed using dedicated non-priviledged users and groups rather than always as the root user. This should slightly improve security for these services so that they are not able to access resources they don’t have explicit permission for (#599).
- enhanced 0041-WebUI-Patch by adding CCU-Jack to interface/category selector (#2446, #2445, @Baxxy13).
- updated CodeMirror to 5.65.15.
- added another minor style glitch fix to
0039-WebUI-Fix-Style-GlitchesWebUI patch to show the buttons in the direct link pages in bold font weight to make the look&feel consistent with the rest.
Operating system changes:
resolvconfsupport so that the
resolv.confDNS config management can be performed dynamically in future rather than always generating a static
resolv.conffile upon bootup.
- removed obsolete
S46tailscaledinit script. Together with the recently introduced
openresolvpackage this finally allows to correctly utilize the MagicDNS functionality in tailscale so that DNS settings will be dynamically adapted accordingly, thus all tailscale machines being reachable via their names (#2399).
- integrated new buildroot upstream patch to bump libcurl to 8.4.0 to integrate important security fixes (CVE-2023-38545, CVE-2023-38546)
- fixed shellcheck warnings/errors in
- fixed tailscale reverse proxy setup in lighttpd so that we can register for tailscale VPN again using the WebUI.
- updated upstream linux kernel to 6.1.57.
- updated tailscale to latest 1.50.1 version.
- updated buildroot to latest 2023.08.1 and retired a bunch of upstream patches we were maintaining for a while and are now integrated.
rc.shutdownscript execution (#2452, @Baxxy13).
- enhanced all SXX init scripts which executes a rc.xxx script by adding echo outputs to signal that these scripts are executed and also added a maximum timeout of 120 seconds for these scripts so that they can’t block startup/shutdown anymore (#2450, @Baxxy13).
- regression fix for
/usr/local/etc/rc.postlocalpost startup script (#2447, #2338, @Baxxy13).
- replaced deprecated vga kernel command option with grub
gfxpayloadvariable use so that no deprecated warning should be displayed anymore.
- added new
0018-grub2-fix-incompat-ext2buildroot upstream patch which patches grub2 to ignore certain newer ext filesystem features which could hinder grub2 from correctly recognized an ext filesystem thought it is still valid. This is especially critical for the metadata checksum seed feature which since the latest e2fsck 1.47.0 version is now a default settings, thus renders new ext filesystems as grub2 incompatible without these upstream grub2 patches not part of buildroot yet. (cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031325, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030939)
- updated java azul to latest LTS major version 17 (17.44.53-ca-jre126.96.36.199) and modified java-azul buildroot package accordingly which is quite some major bump in the java version potentially improving processing speed of HMIPServer.
- globally enable
BR2_ENABLE_LTOfor all our buildroot configs for potentially improved performance and smaller binaries.
- use “armv7” in all our docker container builds rather than “linux/arm” or “armhf” to solve certain HA addon update issues (cf. #2393).
install-proxmox.shto be able to choose a dedicated VM ID (#2424, @indiana11011100).
- retire 0012-ffmpeg-rpi-userland-aarch64 buildroot upstream patch as upstream fixed the aarch64 builds for rpi-userland.
- updated nodejs to 18.18.1 by adapting our nodejs buildroot upstream patchset.
👪 Contributors (alphabetically):
For support on installation and help please visit the following web pages:
The following installation archives can be downloaded for different hardware platforms. To verify their integrity a
sha256 checksum is provided as well. You can either upload these files using the WebUI-based update mechanism or unarchive them to e.g. flash the included
*.img files on a fresh installation media (e.g. microSD card):
- RaspberryPi4 Model B, RaspberryPi Compute Module 4, RaspberryPi 400 – (installation):
- CCU3, ELV-Charly, RaspberryPi3 Model B+, RaspberryPi3 Model B, RaspberryPi3 Model A+, RaspberryPi Compute Module 3, RaspberryPi Compute Module 3 lite, RaspberryPi Zero 2 W – (installation):
📦 RaspberryMatic-188.8.131.5231014-ccu3.tgz (only for initial CCU3 Firmware -> RaspberryMatic Upgrade)
- RaspberryPi2 Model B – (installation):
- RaspberryPi Zero W, RaspberryPi Zero, RaspberryPi Compute Module 1, RaspberryPi1 (A+/B+) – (installation):
- TinkerBoard S, TinkerBoard – (installation):
- ODROID-N2/N2+/C4/C2 – (installation):
- Intel NUC – (installation):
- Open Virtual Appliance (OVA) – (ProxmoxVE, VirtualBox, ESXi, Synology, QNAP, Workstation Player, QEmu, UNRAID, HyperV):
📦 RaspberryMatic-184.108.40.20631014.ova (only for initial OVA installation)
- Docker / Open Container Initiative (OCI) – virtual appliance (installation):
📦 RaspberryMatic-220.127.116.1131014-oci_amd64.tgz (amd64/x86_64)
📦 RaspberryMatic-18.104.22.16831014-oci_arm64.tgz (arm64/aarch64)
📦 RaspberryMatic-22.214.171.12431014-oci_arm.tgz (arm/armhf)
- Kubernetes / K8s – virtual appliance:
see install documentation
- Home Assistant Add-on – virtual appliance:
see install documentation