NET+OS 7.5.2 Updates

 

Last updated: 9/27/21

 

 

 

BSP Updates
Last updated: 09/22/20        

Version 1.0
Removed calls to the IOP queue flush routines.  The latest version of the IOP driver does these calls itself when the naIopProcessorStopAndReset is called.  Calling the flush routines a second time can cause buffers to be duplicated, and that can cause the CAN driver to panic.  This has been seen on tests when the CAN bus was opened and closed repeatedly. (Case 40284)

Corrected a problem with RF chip type checking.

Updated TODO messages for checking authorities in fileinit.c, and adding a semaphore to protect access on the download image if needed in firmware.c. Removed TODO for file type in firmware.c. (Case 39705)        

Corrected issue that caused naCliAddUserTable() to improperly overwrite commands when using -O2 optimization. (Case 38136)

Fixed lockup condition in Ethernet bypass transmit, and changed code for the example application to make it more readable. (Case 37952)

 

Version 1.01

Added code in WPA to check that the redpine driver has notified the wpa_supplicant of an association prior to passing the EAP key to it. (Case 43462)

Fixed error in roaming parameters. (Case 43278)

Fixed problem in spectrum management (802.11h) and multi domain (802.11d) (Case 43043)

 

Version 1.02

Set ENOENT errno instead of none in file system interface when open non-existing file to read.

Fixed errors created by porting from netos74 to new mac driver. (Case 43971)

Fixed Redpine driver's "auto rate" bug. This way, the TX rate will be adjusted according to receive signal strength thus extending the range/distance for the connection. (Case 1336027)

Added __attribute__((packed)) to country IE structure to get the correct tx power from AP's association response. (Case 1336027)

Added code so customer can modify the background scan threshold and roaming threshold in bsp. Also, added a note in API reference to point to file customizeRedpine.c for customization on connectwime9210 platform. (Case 1336027)

Changed read and write access to 32-bit words in scratchpad driver.   Updated nascratchpad example readme file.  (Case 44550)

Removed calls to naIopPause() which was causing the SPI FIM clock to get stuck high, and fixed naIopPause() and naIopResume() for FIM 1. (Case 43026)

 

Version 1.03

Improved power save mode, improved beacon handling and additional communication fixes.  (Case 45536, 45402, 45183)

 

Version 1.04

Fixed coding error to ensure the promiscuousMode bit is set if in monitor mode. (NET+OS-13)

 

Version 1.05

Fixed file system corruption bug in Wi-ME9210.   The NAMI was updating secondary NVRAM space without checking the configuration. (NET+OS-27)

Fixed a bug in 9215 simpleserial of configuring PORT B and D to BSP_GPIO_MUX_SERIAL_2_WIRE_UART, when BSP_GPIO_MUX_SERIAL_B or BSP_GPIO_MUX_SERIAL_D is set to BSP_GPIO_MUX_INTERNAL_USE_ONLY.

In ns9xxx/common simpleserial throws compile time error if BSP_SIMPLE_SERIAL_PORT is not BSP_SIMPLE_SERIAL_ON_PORTA(B,C,D) (NET+OS-3)

Requires TCP fix 1.04

Replaced calls to deprecated function NATimerConfigure with NATimerConfig in natimer sample. (NETOS-8)

Fixed crash in FAT file system when the file is opened multiple times and then closed multiple times. (NETOS-10)

Corrected the error message for BSP_GPIO_MUX_IOP_0_CAN_TXD (NETOS-19)

Updated background scan support when power save is enabled

Minor changes for better return codes in Wireless API

Changed the default background scan time to every 60 seconds and 3 probe_requests on each channel

Updated the signal strength field when handling beacon and probe_response.

Fixed issue where connectwi-me9210 does not associate with an apple airport express. (NETOS-16)

Fixed SSH security problem: login into the module using SSH without user name/password. (NETOS-17)

Added background scan capability to wifi driver. The feature is disabled by default. Please follow API Reference to enable it.

Added fixes to better handle beacon and probe_response.

 

Version 1.06

For those converting from 6.x.x version of NETOS, the wireless parameter band, options, channel, chan_mask fields need to be set to default values. (NPI-51)

We don't support Reverse Direction Protocol, or Reverse Direction Grant (RDG)  In ELEMENT_HT_CAPABILITY(0x2d), sub-field HT Extended Capabilities: 0x0C at index 22, make it 0x00. (NETOS-48 )

Speed up the roaming if the AP's power is suddenly cut off (NETOS-46)

Country code and set channel and set power are not supported per new FCC requirement. This is the world-wide SKU approach, which limits a device to active scans on channels 1-11 and passive everywhere else. Once a beacon is received, f it includes the 802.11d domain, then the device will actively scan on the channels allowed within that domain. If no 802.11d info is found, the device can only issue an active can on the channel where it received a beacon.

·         country code is not supported

·         set power is not supported

·         set tx rate is not supported

·         set channel are not supported

·         802.11d and 802.11h (A band) are enabled by default

·         The passive scan channel mask default is all channels

·         added a function to support get country code from element info

·         for dialog and cli

·         No tx rate selection, No 802.11d, No 802.11h

·         No channel selection, No country selection, No tx_power selection

 

The security combinations are:

·         Open/open (no "open/wep" any more)

·         Shared key/wep (no "shared key/open" any more)

·         WEP-802.1x (username, password)

·         WPA-PSK (TKIP and CCMP)

·         WPA-Enterprise (username, password, and TKIP, CCMP)

·         Cisco LEAP (username, password)

·         EAP-FAST (username, password, and TKIP, CCMP)

·         WPA2-Mixed mode (TKIP+CCMP by default)

·         WLN_AUTH_ANY, WLN_ENCR_ANY, APP_WLN_BSS_ANY, APP_WLN_BSS_IBSS, APP_WLN_BSS_IBSS_JOIN are not supported   (NETOS-35, NETOS-36, NPI-51)

 

Removed tx_power and max_txrate configurations from RCI

Removed Country Code, 802.11 options, Wireless Network type, and channel from RCI (NETOS-42)

Extended CLI to include an nvrestore command

Connectwi-me9210 would not associate with an Apple airport express  Also Fixed endianess problem which caused the performance to drop due to WMM processing. (NETOS-16)

Reload FPGA when restarting the wifi driver. Fixed the problem when Connect Wi-EM stops listening in promiscuous mode. (DCEM-4)

Added code to skip empty calibration entries for the newly manufactured modules, which eliminated 4.9 GHz band. (NETOS-28)

For dialog and WebUi "WEP Shared Key" configuration, changed the driver to handle both "WEP Shared Key" and "Open/SharedKey" cases. (NETOS-51, NPI-51)

Updated Copyright for 2013. (NETOS-52, NPI-51)

 

Version 1.07

Added support of DHCP roaming functionality to connectwime9210 Redpine driver.  One must define BSP_ENABLE_DHCP_INFORM_FOR_ROAMING to TRUE in bsp_net.h to enable this feature. (NETOS-45)

Fixed two problems -  The device should never connect to an AP on a DFS channel if the bss_cap of AP does not have "Spectrum Management" bit set, and the device should not send probe_request frame on a DFS channel if it has not received any frames on this DFS channel first. ( NETOS-61 NETOS-64)

Fixed two problems - When the WiFi driver detects an 802.11d beacon with an unrecognized country code (not defined in the wln_country_config table), the driver will set the mask to actively scan on channel 1-11, and passively on other channels, and the  channel mask for A band will not include 4Ghz channels. 4GHz channel have not been supported for a long time. (NETOS-65)

Three country codes have been deleted since the last time we built the country table. Could not find the ISO 3166-1-alpha-2 code for these three countries anymore.
"ETM",// not supported anymore "East Timor". Made up entry so the tables can be aligned.
"NAN", // not supported anymore "Netherlands Antilles". Made up entry so the tables can be aligned.
"YUG",//not supported anymore "Yugoslavia". Made up entry so the tables can be aligned. (NETOS-62)

Fixed a problem that caused a crash when calling  naWlnStopDriver/naWlnStartDriver repeatedly. (NETOS-55)

 

Version 1.08

There was a bug such that the utility function CoreDump produced output on ARM7 processors, but produced nothing on ARM9 processors. It was found that the CoreDump code was executed, but no output was produced on the serial line through bsp_printf. The fix was to call function setupSimpleSerial at the beginning of function CoreDump. This ensured that all necessary GPIOs were in a known state prior to running CoreDump. ( NETOS-74)

 

Version 1.09

In function na9215A2dConfigure the mask used against the n value (sampling rate) was 0x3f. The problem is that the register section is 10 bits and 0x3f is only 6 bits. Mask should be 0x3ff  (10 bits)   (Case: 00194980)
Added support to API naWlnStartDriver() and naWlnStopDriver() to Redpine driver. The Redpine driver locks up sometimes in the field. These two APIs provide a way for user to stop and restart wifi driver without resetting the whole board. These two APIs handle wpa_supplicant internally so user does NOT need to call wpa_supplicant_terminate() and wpa_supplicant_init(). Also implemented some bug fixes for association with hidden APs. (NETOS-88, NETOS-91)

Fixed problem where network service starts before finishing the 4-way handshaking.  Fix is to check if the 4-way handshaking or EAP finished before allowing the network buffer to queue up. (NETOS-83)
The current driver with default WLN_OPT_MULTI_DOMAIN would not connect if the "country code" is not received. To be able to connect to some OLD and SIMPLE APs in the field, which have no "country code" IE, we set the reg_number to US, so we can at least connect to those APs on channel 1-11. (NETOS-87)

 

Version 1.10

** Please Note **  This BSP Update requires that the NETOS_ESP_Updates_752 package is installed.  Please verify and install manually if necessary. **

Updated the Wi-Fi driver to support the coexistence algorithm described in ETSI EN 301 893 and ETSI 300 328.  This is the adaptivity algorithm. The algorithm is meant to help make Wi-Fi better share bandwidth with other technologies.  Basically, the driver checks the reported signal  strength on the radios receiver before transmitting.  Transmission is deferred if a signal above a certain threshold is detected ( NETOS-93, NETOS-94, NETOS-95, NETOS-97, NETOS-100)

Ported Redpine 3.2.12 driver to NETOS. This version of the Redpine driver supports the adaptivity algorithm, which is defined in the ETSI EN 300 328 V1.7.1/V1.8.1 standard. The general concept is that the device must not transmit on channels on which a certain RF energy level is detected. Requires TCPIP V1.07. (NETOS-99)

Add the WiFi driver version for the connectwime9210 platform only. User can read it in the cli (serial port 2, or telnet) to make sure the ETSI Redpine driver is indeed loaded. Also updated the copyright year. ( NETOS-111, 112)

Found that some Cisco access points require us to renew our DHCP lease after we disassociate and then re-associate with them.  Set the BSP_ENABLE_DHCP_INFORM_FOR_ROAMING flag to trigger this to happen whenever we re-associate. It is highly recommended to leave this Macro set to avoid losing contact with Cisco routers for extended periods of time. (NETOS-115)

Removed the tx power scale code, and added back the code to setup tx power when setup channel. The closed loop calibration routines will cap and adjust tx power based on different channel. (NETOS-123)

Fixed the power save state machine bug, that when the disabling deep power save is done by writing to hardware SDIO register directly, the state did not change from GLBL_PWR_SAVE_DISABLE_REQ_SENT to GLBL_NO_PWR_SAVE (NETOS-124)

Found that the roaming code was turning power save off when sending a NULL frame to verify the connection to the AP, but was not turning power save back on again, and fixed it.  (NETOS-125)

Version 1.11

Fixed WPS functionality.(NETOS-126)

 

Version 1.12

Fixed path error in Version 1.11 patch.

 

Version 1.13

Lowered the max tx power from 16 dBm to 15.5 dBm to pass ETSI test.  This affects only the connectcorewi9p9215_a, connectwiem9210 platforms. (both bg and bga modules)   (NETOS-130)

Made slight modification so Digi ESP can build the bootloader on the connectcorewi9p_a platform within the 64K size limit.(NETOS-129)

 

Version 1.14

Do not turn on power save mode, and do not send stack data if wpaLinkup is not TRUE.  Otherwise, WPA Enterprise takes longer to authenticate users. When loading certificates, the password_buf string needs to be terminated because the OpenSSL library uses strlen() on that string (NETOS-128)

 

Version 1.15

Adjusted TX power to fall within parameters required by EN 300 328 v1.8.1.  ConnectWiME9210 only.

 

Version 1.16

Adjusted TX power to fall within parameters required by EN 300 328 v1.8.1.  Connect Wi-ME, Connect Wi-EM and Connect Wi-SP only.

 

Version 1.17

Made slight modification so Digi ESP can build the bootloader on the connectcore9p_a platform within the 64K size limit.

 

Version 1.18

Fixed a problem in function NAIpEnableIcmpRouterDiscovery which caused it to set the wrong Treck option.

Redpine fix - INFINITE should be TX_WAIT_FOREVER but it was defined as 0. The wait for StatsEvent should be “forever” but it was “0”, resulting wrong counter value before it gets updated.

Version 1.19

Updated to support OpenSSL version 1.0.2e – required by SSL Update v1.02

 

KNOWN LIMITATIONS

-----------------

This OpenSSL 1.0.2e update does not integrate Digi Device Cloud functionality (formerly known as iDigi). The Device Cloud update will be delivered as a future update to NET+OS. Customers using the NET+OS Device Cloud capabilities are advised to not apply this update.

 

IMPORTANT NOTES

---------------

The average binary image size will increase by 200KB (or more) when linking in the new OpenSSL 1.0.2e libraries.

 

Version 1.20

Add WPA_CHIPHER_TKIP to group_cypher when user configures encryption to WLN_ENCR_CCMP to cope with APs configured in mixed mode. (NETOS-148)

 

Version 1.21

When using an FQDN, converted IPv4 address to IPv6 (IPv4 mapped address)  (NETOS-204)

The roaming algorithm has been modified to cope with low beacon reception. (NETOS-186)

 

Version 1.22

 

**  Fix Krack wpa_supplicant vulnerability for Net+OS 7.5. **

 

This vulnerability affects only wireless products that use the wpa_supplicant.


Refer to https://www.digi.com/security for additional information. (NETOS-233)

 

Version 1.23

Additional changes to fix Krack vulnerability for Net+OS 7.5 products using redpine wireless chip (connectwime9210).  (NETOS-233)

 

Version 1.24

Fix wpa supplicant group key re-installation after a de-authentication.  (NETOS-275)

 



Documentation Updates
Last updated 12/22/16

Version 1.0
Added APIs to allow users to limit the amount of heap the TCP/IP stack is allowed to allocate.  Set the default limit to be half the heap. (Case 40091)

 

Version 1.01
Improved documentation for naIsrSetFiq to describe the limitations of FIQ service routines, and to describe the other configuration settings that need to be changed to support an FIQ service routine.

 

Version 1.02
Extended the FTP Client to include FTP rename capability. (case 42127)

Corrected description of fLanguagePtr in the CGI structure. (case 41908)

 

Version 1.03

Added note about WiFi status on redpine platforms.  (Case 43304)

 

Version 1.04

Added API to enable routing ICMP replies.

Added a note in API reference to point to file customizeRedpine.c for customization on connectwime9210 platform. (Case 1336027)

 

Version 1.05

Clarified event_mask set up in wln_event_cb routine.

 

Version 1.06

Updated docuemtation for naSnmpDisableCharacterTesting  (Case  45746)

 

Version 1.07

Removed documentation for all non-public API for a timer driver. (NETOS-7)

Updated documentation for customizeIsImageDownloadForced and customizeIsBackupRecoveryImageForced. (NETOS-20)

Cleaned up API Reference and minor changes for better return codes in Wireless API

Added background scan capability to wifi driver.

 

Version 1.08

Updated document outlining the creation of SSL Certificates (creating_ssl_certs.pdf)

 

Version 1.09

Removed references of country, 802.11h, and 802.d from the API Reference.  The following functions were removed from the reference: wln_get_channel_mask(), wln_get_country_code(), wln_get_country_code_from_string(), wln_get_country_string_from_code(), wln_get_region(), wln_get_supported_country_list(), wln_is_country_valid(), wln_set_country_code(), and wln_setup_supported_countries().  The types wln_country_code_t and wln_region_t
were removed.  Note these are still in the code and will not break when used.  (Case NPI-51)

Version 1.10

Application Note: Switching between DHCP and Static IP address Acquisition in NET+OS

Application Note: Handling multiple submit buttons in NET+OS development environment web-based applications

Application Note: JavaScript and pbuilder compression

Updated API Reference to reflect proper wiring to enable TFTP recovery on various ConnectME Development Boards

 

Version 1.11

Updated the NS9210, NS9215, ConnectSP and Wi-SP, ConnectME Wi-ME ME9210 and Wi-ME9210, and Connectcore 9P and Wi-9P 9215 Hardware Reference Manuals

 

Version 1.12

Application Note:  AWS, CSS and id selectors

Application Note:  Catching Crashes in NET+OS using ESP

 

Version 1.13

Updated link to document describing transmit error rate algorithm in Wireless Driver section of API Reference Guide.

 

Version 1.14

Updated the Connectcore 9P and Wi-9P 9215 Hardware Reference Manual

 

Version 1.15

Removed erroneous note from FCConnect.

 

Version 1.16

Application Note:  Creating IPv6 Addresses

 

Version 1.17

Four new APIs are added to provide options to change the TM_IP_REASSEMBLY behavior.  The Treck stack is currently configured to handle one 8k ping reassembly at a time. With the Redpine 3.2.12 release, the wifi driver passes aggregated frames to Treck stack aggressively, resulting in the Treck stack dropping the frames which exceeds maximum number of IP datagrams waiting to be reassembled (currently 5). With these four new APIs, the user can increase the maximum size of an IP datagram waiting to be reassembled, the maximum number of IP datagrams waiting to be reassembled, the maximum number of IP datagrams that we will track that are too big to be reassembled, and the fragment reassembly timeout, it is the time to live for fragments waiting in the reassembly queue in seconds.

 

Version 1.18

Modified the NASSLX509Generate function so it can now generate certificates signed using SHA1, SHA256, and SHA512 hash functions.  These changes were made because modern web servers no longer allow certificates signed with MD5. (NETOS-183)

 

 

 

ESP Updates

Last updated 8/09/18

 

Version 1.0

Country code and set channel and set power are not supported per new FCC requirement.

This is the world-wide SKU approach, which limits a device to active scans on channels 1-11 and passive everywhere else. Once a beacon is received, if it includes the 802.11d domain, then the device will actively scan on the channels allowed within that domain. If no 802.11d info is found, the device can only issue an active scan on the channel where it received a beacon.

1. Country code is not supported.

2. Set power is not supported.

3. Set tx rate is not supported.

4. Set channel are not supported.

5. 802.11d and 802.11h (A band) are enabled by default.

6. The passive scan channel mask default is all channels.

7. Added a function to support get country code from element info for dialog and cli.

8. No tx rate selection, No 802.11d, No 802.11h.

9. No channel selection, No country selection, No tx_power selection.

 

The security combinations are -

1. Open-open (no open-wep any more).

2. Shared key-wep (no shared key-open any more).

3. WEP-802.1x (username, password).

4. WPA-PSK (TKIP and CCMP).

5. WPA-Enterprise (username, password, and TKIP, CCMP).

6. Cisco LEAP (username, password).

7. EAP-FAST (username, password, and TKIP, CCMP).

8. WPA2-Mixed mode (TKIP and CCMP by default).

9. WLN_AUTH_ANY, WLN_ENCR_ANY, APP_WLN_BSS_ANY, APP_WLN_BSS_IBSS, APP_WLN_BSS_IBSS_JOIN are not supported.

(NETOS-35, NETOS-36, NPI-51)

 

Version 1.01

Flash Writer added support for SPANSION S29PL032J Flash part.
                    The new Flash part has been added for following platforms:
                        - connectcore9c_a
                        - connectcore9p9360_a
                        - connectcorewi9c_a
                        - connectem
                        - connectme
                        - connectme9210
                        - connectme9210can
                        - connectsp
                        - connectwiem
                        - connectwiem9210
                        - connectwime
                        - connectwime9210
                        - connectwisp
                        - ns9360_a

 

Version 1.02

Added support for MACRONIX MX29LV320EB Flash part.

                    The new Flash part has been added for following platforms

                        - connectcore9c_a

                        - connectcore9p9360_a

                        - connectcorewi9c_a

                        - connectem

                        - connectme

                        - connectme9210

                        - connectme9210can

                        - connectsp

                        - connectwiem

                        - connectwiem9210

                        - connectwime

                        - connectwime9210

                        - connectwisp

                        - ns9360_a

Added support for Macronix MX29LV640EB and Microchip SST38VF6402B Flash part.

                    The new Flash part has been added for following platforms

                        - connectme9210

                        - connectme9210can

                        - connectwiem9210

                        - connectwime9210

Version 1.03

Added support for Eon EN29GL064AB Flash part.

                    The new Flash part has been added for following platforms

                        - connectcore9p9215_a

                        - ns9210_a

 

 

FileSystem Updates

Last updated 05/18/15

 

Version 1.0

Added conditional build based on BSP_YAFFS_DRIVER_ENABLE, and corrected unconditional inclusion of yaffs in libfilesys.a (Case 41204)

 

 

 

Flash Updates

Last updated 07/12/21

 

Version 1.00

Added a new Flash function called quick_identify_flash() to work around the problem of resetting while Flash is in the autoselect state.  (Case 45001)

Added support for SPANSION S29GL064N Flash type for ConnectCore7u_a platform

 

Version 1.01

Removed support for Macronix MX28F4000 Flash for the ConnectME and the ConnectME9210.  This Flash type does not have an exit auto select mode command which caused the quick_identify_flash() routine to crash.  This Flash type is not on the approved list for either product.

 

Version 1.02

Fixed the BSP size problem with the connectcore9p9215_a  by removing support for AMD AM29LV160T Flash and removing some unused code in naflash.c

 

Version 1.03

Added support for SPANSION S29PL032J Flash part.
                    The new Flash part has been added for following platforms:
                        - connectcore9c_a
                        - connectcore9p9360_a
                        - connectcorewi9c_a
                        - connectem
                        - connectme
                        - connectme9210
                        - connectme9210can
                        - connectsp
                        - connectwiem
                        - connectwiem9210
                        - connectwime
                        - connectwime9210
                        - connectwisp
                        - ns9360_a

 

Version 1.04

Added support for MACRONIX MX29LV320EB Flash part.

                    The new Flash part has been added for following platforms

                        - connectcore9c_a

                        - connectcore9p9360_a

                        - connectcorewi9c_a

                        - connectem

                        - connectme

                        - connectme9210

                        - connectme9210can

                        - connectsp

                        - connectwiem

                        - connectwiem9210

                        - connectwime

                        - connectwime9210

                        - connectwisp

                        - ns9360_a

Added support for Macronix MX29LV640EB and Microchip SST38VF6402B Flash part.

                    The new Flash part has been added for following platforms

                        - connectme9210

                        - connectme9210can

                        - connectwiem9210

                        - connectwime9210

 

Version 1.05

Added support for Eon EN29GL064AB Flash part.

                    The new Flash part has been added for following platforms

                        - connectcore9p9215_a

                        - ns9210_a

 

Version 1.06

Added support for Eon EN29LV320CB Flash part.

                    The new Flash part has been added for following platforms

                        - connectcore9p9215_a

                        - ns9210_a

 

Version 1.07

Added support for Cypress S29JL032J Flash part.

                    The new Flash part has been added for following platforms

                        - connectcore9p9215_a

                        - ns9210_a

 

 

 

9p9360 Flash Updates

Last updated 12/13/16

 

Version 1.00

32MB NAND Flash is going EOL.  This patch adds support for the replacement part.

 

 

FTP Updates

Last updated 02/12/12

 

Version 1.0

Added file system error status check after create file call in bsp/fsintf/ftpsvrfs.c. It now continues opening a file if the file system error status is NAFS_DUPLICATE_DIR_ENTRY (file already exists). (Case 39495)

 

Version 1.01

Fixed incorrect response to EPSV command. (case 1326897)
 

Version 1.02

Extended the FTP Client to include FTP rename capability. (case 42127)

 

 

iDigi Updates
Last updated 02/22/12

Version 1.0
Updated naiDigiIsConnected() to call naiDigiEdpConnected() and added naiDigiIsConnected() prototype. (Case 41354)

 

Version 1.01

Updated procedures for downloading iDigi CA certificate from iDigi Device Cloud and uploading the certificate into the device. (Case 42105)

 

 

SNMP Updates
Last updated 05/12/20

Version 1.0
Fix from Treck for getting an OID with bad interface index for IfStatsTable. (Case 39737)

 

Version 1.01
Added application API example to access scalar MIB data. (Case 40867)

 

Version 1.02
Removed varbind for sysuptime for V1 trap in tfSendNotificationsForEntry. (Case 42182)

 

Version 1.03
Fix for SNMP replying to a different IP address, than in received request (IPv6 only)  (Case 43127)

 

Version 1.04

Fixed use of broadcast source address in the reply, introduced with fix to Vantive 43127. (Case  44459)

 

Version 1.05

Report correct Ethernet link speed in SNMP ifSpeed  (Case 41612) – Requires TCPIP fix v1.03.

 

Version 1.06

Fixed API functions that access SNMPv3 (tablesnaSnmpDeleteS2GEntry and others)  (Case  44459)

Disable SNMP printable character testing using  new NET+OS API

 

Version 1.07

Replaces direct malloc() and free calls() with tm_snmp_malloc and tm_snmp_free in NET+OS snmpv3 api. (NETOS-39)

 

Version 1.08

Fixed a bug in how the SNMP agent handles certain SNMPv3 requests.  According to RFC-3414, when we receive a request with the authentication bit set, the privacy bit clear, the engine boots set to 0, and engine time set to 0, the agent is suppose to respond with a wrong timeliness report.  That request/report combination is used by the manager to get the current engine boots and engine time values from the agent.  We were sending an encryption failure report.  Changed the code to check for this particular request and send the wrong timeliness report instead.


Version 1.09

The descriptions in the interfaces MIB were switched. This was caused by the SNMP virtual table init function accessing the device list directly instead of by index. .Changed the way the device list is accessed in naSnmpinitVertualInterfaceTable(). Refactored the name of the loopback interface from "LOOPBACK" to "lo". (NETOS-198) – Requires TCPIP fix v1.08

Instructions to recompile the MIB sample project after compiling the MIB were incomplete.  Changed readme files to be clearer.Fixed some typos in the readme files.  (NETOS-179)

tSNMP was starting with a timeslice of 0, starving other threads with the same priority and pre-emption threshold. Timeslice was changed to 1. (NETOS-197)

 

Version 1.10

tfInitializeEngine() was being called twice, causing an overwrite to happen in memory address 0. This commit avoids this situation.  (NETOS-227)

 

Version 1.11

Required dependency of TCPIP Update 1.11.  (NPIX-1141)

 


SSL Updates
Last updated 05/24/21

Version 1.0
HTTPS transactions were found to be quite slow. A recv call in function recv_with_timeout was performing non-blocking recvs without a select and just performing a one second sleep between recv calls. A select call was added and this reduced the amount of time sleeping. This greatly reduced the time to complete an SSL handshake transaction.

 

Version 1.01
Mitigates the Poodle SSL attack by blocking any SSLv3 connection attempts. (NETOS-105)

 

Version 1.02

Updated to OpenSSL version 1.0.2e – requires BSP Update v1.19

 

KNOWN LIMITATIONS

-----------------

This OpenSSL 1.0.2e update does not integrate Digi Device Cloud functionality (formerly known as iDigi). The Device Cloud update will be delivered as a future update to NET+OS. Customers using the NET+OS Device Cloud capabilities are advised to not apply this update.

 

IMPORTANT NOTES

---------------

The average binary image size will increase by 200KB (or more) when linking in the new OpenSSL 1.0.2e libraries.

 

Version 1.03

1. Use AES cipher list instead of HTTPS cipher list
2. Fix bug in wds_tls_setup_start (wds_tls_setup.c) in which app cert was mistakenly ignored.
3. Update certificate date range to go from 2015 to 2035.

 

Version 1.04

Changed port number in src/examples/nasslclient/root.c to match example in readme file.
Only check certs when the "cert verify" flag is NOT set to SSL_CERTIFICATE_VERIFY_NONE. (NETOS-175)

Version 1.05

Fixed a memory leak. (NETOS-184)


Version 1.06

Modified the NASSLX509Generate function so it can now generate certificates signed using SHA1, SHA256, and SHA512 hash functions.  Updated the DigiESPProject web server so that it generates a self signed certificate using SHA256.  These changes were made because modern web servers no longer allow certificates signed with MD5. (NETOS-183)

 

Version 1.07

HTTPS and TLS  threads were corrupted because of race conditions and when reaching gHttpsProxyConnectionCount.  TLS_MAX_CONNECTIONS increased from 8 to 9 to match gHttpsProxyConnectionCount.  Some socket comparison changed from '> 0' to '>=0'.  ( NETOS-192 )

 

Version 1.08

Changes to add subjectAltName to the server certificate to work with latest versions of Chrome.  (NETOS-207)

Avoid double initialization of RNG (NETOS-229)

 

Version 1.09

Fix ssl connection when not using certificate database.

Fix ssl connection when using non blocking sockets.  (NETOS-278)

 

Version 1.10

OpenSSL 1.0.2 vulnerability fixes:
         - CVE-2021-23840
         - CVE-2021-23841   (NETOS-302)

 

 

TCPIP Updates
Last updated 9/27/2021

Version 1.0
Added APIs to allow users to limit the amount of heap the TCP/IP stack is allowed to allocate.  Set the default limit to be half the heap. (Case 40091)

 

Version 1.01
Added static IPv6 gateway (Case 40603, 40112)

Allow DNS servers received in DHCPv6. Depricated DNSAddServer  (Case 41347, 41248, 41349)

Fixed a crash when passing a long hex string to getaddrinfo() or xbsGetAddr() (Case 41637)

 

Version 1.02

Added API to enable routing ICMP replies.

 

Version 1.03

Report correct Ethernet link speed in SNMP ifSpeed  (Case 41612) – Requires SNMP fix v1.05.

 

Version 1.04

In IAM loop, waiting until tfCheckOpenInterface completes, only while it returns TM_EINPROGRESS, otherwise with different error we'd loop forever. (NETOS-3)– Required by BSP fix v1.05.

 

Version 1.05

Reduced and cleaner dialog.  Still issues with reset on Connect ME.  (NPI-51)

Remove ANY Encryption type for WPA Enterprise 802.1X.  Reduced the IAM spew when receiving an IP address. (NPI-51)

Fixed a bug in DHCP INFORM where DHCP INFORM ack is not handled.  (NETOS-46)

Commented TM_6_DEBUG_DHCP to disable logging to a file. (NETOS-44)

Removed Country Code, 802.11 options, Wireless Network type, and channel from the NET+OS Project.  Updated HTML and Pbuilder hooks to move the mixed mode encryption under the WPA-PSK authentication mechanism. (NETOS-29, NETOS-35, NETOS-36)

Fixed a apparent memory loss problem, caused by incorrect accounting of treck_current_memory_usage, which was losing 4 bytes on every actual free().

Moved it to tfKernelMalloc and tfKernelFree to be both on the same level and account for every actual malloc() and free() by Treck, using 4 extra bytes of memory.  (NETOS-39)

Updated Copyright for 2013. (NETOS-52, NPI-51)

Updated to include setting the dhcpParams.isEnabled when updating the staticParams.isEnabled setting. (NETOS-54, NPI-51)

 

Version 1.06

Set default renew time and rebinding time to be 3600 seconds and 7200 seconds respectively if the renew time and/or rebinding time are 0 in replied option information from the DHCPV6 server. (NETOS-89)

 

Version 1.07

Four new APIs are added to provide options to change the TM_IP_REASSEMBLY behavior.  The Treck stack is currently configured to handle one 8k ping reassemble at a time. With the Redpine 3.2.12 release, the wifi driver passes aggregated frames to treck stack aggressively, resulting treck stack dropping the frames which exceeds maximum number of IP datagrams waiting to be reassembled (currently 5). With these four new APIs, the user can increase the maximum size of an IP datagram waiting to be reassembled, the maximum number of IP datagrams waiting to be reassembled, the maximum number of IP datagrams that we will track that are too big to be reassembled, and the fragment reassembly timeout, it's the time to live for fragments waiting in the reassembly queue in seconds. Requires BSP V1.10.

 

Version 1.08

The descriptions in the interfaces MIB were switched. This was caused by the SNMP virtual table init function accessing the device list directly instead of by index. .Changed the way the device list is accessed in naSnmpinitVertualInterfaceTable(). Refactored the name of the loopback interface from "LOOPBACK" to "lo". (NETOS-198) – Requires SNMP fix v1.09

 

Version 1.09

Malformed DNS responses could provoke crashes and unexpected behaviour. This fix avoids these errors from happening by checking the sizes of the queries and RRs in the response. (NETOS-231)

 

Version 1.10

Fixed TCP hangups during SYN flood attacks (NETOS-256)

 

Version 1.11

Security Fixes

Researchers from JSOF (www.jsof-tech.com ) have found vulnerabilities within in the Treck TCPIP, IPv4, IPv6, DHCP, DHCPv6 and DNS products.

Digi products have integrated parts of the products above. In reviewing Digi products with these vulnerabilities, we have rated and consider the vulnerabilities a high level risk.

We recommend that customers immediately review and deploy the latest firmware associated with this release note to protect their devices.

At time of release of this firmware, there is no known in the wild exploit of these vulnerabilities.

Digi internal scoring of the vulnerabilities is a CVSSv3.0 Score of 7.4.

We have broken down the attack vector in a CVSS v3.0 attack profile.

The profile is listed below.

Attack Vector - Network

Attack Complexity - High

Privileges Required - None

User Interaction - None

Scope - Unchanged

Confidentiality - High

Integrity - High

Availability - High

Digi will be coordinating a public disclosure of the vulnerabilities with JSOF that is tentatively set for May 14th, 2020. We are also working with the Cert Coordination Center and have been assigned VU 257161 pertaining to these issues.

Digi will also be publishing continued updates on this information on the security alerts page at www.digi.com/Security

Many thanks to the researchers Moshe Kol and Shlomi Oberman of JSOF for reporting these vulnerabilities. (NPIX-1141)

 

Version 1.12

Remove MS SYNC from TRECK Stack to stop security scanners giving a false positive for RIPPLE20 vulnerabilities VU257161 ( NETOS-279, NDS-1104)

 

Version 1.13

Treck vulnerability fixes for CVE-2020-27336, CVE-2020-27337, CVE-2020-27338 ( NETOS-296)

Version 1.14

IANA option size check fix.  (NETOS-317)

 

 

TFTP Client Updates
Last updated 10/20/17

Version 1.0
The transfer type NET+OS has been using for binary TFTP transfers is "BINARY", but this type does not work for all TFTP servers.  The correct type for binary transfers is "OCTET". This is the type for binary files called out by RFC 1350.
(Case 44996)

 

Version 1.01
Cosmetic changes to printf’s.


 

Utility Updates
Last updated 08/25/11

Version 1.0

Flash Updater modified to support new Spansion and EON flash types on ConnectCore9p9215 platform. (Case 39760)

 

 

WebServer and Email Updates
Last updated 03/19/2020

Version 1.0

 

Advanced Web Server

Checkbox was not reset to 0 when used in multipart/form-data. (Case 41637)

 

Version 1.01

 

Advanced Web Server

Fixed IE authorization problem when uploading a large file using multipart POST request.  IE doesn't send an authorization header until the 3rd request and our authentication is stale. The authorization header is never included when using Firefox or Chrome, so these browsers will not work.  This issue has been previously reported to Mozilla and Google.  (Case 44232) 

 

Version 1.02

 

Advanced Web Server

Added a Null terminator to referer header when it sees any '>' '<' or '&' character. Replaced any '>', '<', or '&' with '*' in errorPath in RpData.c (Allegro's fixes). These fixed cross-site scripting.  (Case NETOS-68)


Version 1.03

 

Advanced Web Server

Fixed POST issue that was introduced with the cross-site scripting fix in v1.02.    (Case NETOS-68)

 

Version 1.04

 

Advanced Web Server

Fixed issue that was corrupting files during multi-file uploads.    (Case NETOS-185)

 

Version 1.05

 

Advanced Web Server

This release contains security updates that remediate CVE-2014-9222 and CVE-2014-9223.  (NETOS-205)

 

Version 1.06

 

Advanced Web Server

The code generated for an INPUT element performs no bounds checking..  (NETOS-228)

 

Version 1.07

 

Advanced Web Server

Fix for TEXTAREA form item limited tp 255 chars. (NETOS-265)