[arm-allstar] Update - V1.5rc5-11
Roger Coudé
ve2dbe at yahoo.ca
Sat Nov 10 08:18:18 EST 2018
Also,The here is no reason to block *4 on a private node… does it?Roger
De : Roger Coudé <ve2dbe at yahoo.ca>
À : ARM Allstar <arm-allstar at hamvoip.org>
Envoyé le : samedi 10 novembre 2018 8h06
Objet : Re: [arm-allstar] Update - V1.5rc5-11
Doug,I agree with you, but the side effect is that we cannot use iaxrpt to send commands to nodes anymore.That capabality saved my live many times when I was on the road and used my phone to reboot a node, etc…Would it be possible to block *4 without blocking iaxrpt DTMF?73Roger
De : Doug Crompton via ARM-allstar <arm-allstar at hamvoip.org>
À : ARM Allstar <arm-allstar at hamvoip.org>
Cc : Doug Crompton <wa3dsp at gmail.com>
Envoyé le : samedi 10 novembre 2018 1h29
Objet : [arm-allstar] Update - V1.5rc5-11
A new update has been released. V1.5rc5-11 and V1.5.3-43 November 9, 2018.
This is an important security update. Please use the ADMIN menu item 1 to
update. This release has the following changes -
Allstar has a often little known and used command *4 mapped to ilink,4
which can be used to send DTMF commands to OTHER nodes just like you would
to your own. The node you would control needs to be connected for the
control to work.
While this is in some cases a useful command it also has enormous security
risks if used in a nefarious way. To eliminate this problem we have turned
off this feature by default in the hamvoip code with this update. Users who
need to use it can turn it on with this added command in the node stanza of
each node requiring it in rpt.conf. Leaving the command out or setting it
to 0 has the same effect of restricting its use. Few users will have a need
to turn this on -
remote_dtmf_allowed=1
This command is only needed at the node you want to control and on any
nodes in between if it is not a direct connect. It is not required on the
source node unless you also want it to be controlled from somewhere else.
Keep in mind that it is a general security issue to turn this on and you
should only to do so if it is needed. This is the classic "back door" which
probably made sense when Allstar was a small group with trust between
users. We will be introducing a pin number security feature for this in a
future update which will make it more secure to leave it on.
Minor change in astdb.php so current data will not be overwritten if
incoming data is non-existent or corrupted.
Changed the cop,61 and cop,62 commands to allow both a ':' and '=' in the
command. This solves a problem when using an event statement to directly
control FOB GPIO which previously required the '=' in the command. A
statement like this is now permitted -
[events]
asterisk -rx "rpt cmd 1998 cop 62 GPIO1:1" = s|t|RPT_RXKEYED
NOTE the : instead of = between the GPIO1 and value to set 1.
Again more sanity checks in code areas that have rarely caused coredumps.
Hamvoip Allstar has become significantly more stable over the years with
these code changes to prevent situations that should not happen but when
they do can cause coredumps. Coredumps happen when the code crashes but in
almost all cases you will not even know it happened as Allstar immediatly
restarts, It is unlikely you will but if you ever see a coredump file in
/var/lib/systemd/coredump let us know and pass the file on directly (not on
this forum) so we can evaluate the problem and hopefully come up with a
solution.
Changed the AutoSky and weather.sh scripts to so they pass local weather
and alerts to Supermon. The Supermon updates to display this will be in the
next release.
*73 Doug*
*WA3DSP*
*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
_______________________________________________
ARM-allstar mailing list
ARM-allstar at hamvoip.org
http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
Visit the BBB and RPi2/3 web page - http://hamvoip.org
More information about the ARM-allstar
mailing list