Michael Tremer [Mon, 19 Jul 2021 10:54:50 +0000 (10:54 +0000)]
README: Update installation URL
Reported-by: Konrad Panzlaff <konrad.panzlaff@pa-bu.de> Fixes: #12661 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 14 Jul 2021 20:41:39 +0000 (22:41 +0200)]
tshark: Update to version 3.4.6
- Update from 3.4.3 to 3.4.6
- Update rootfile
- Changelog
Wireshark 3.4.6 Release Notes
What’s New
The Windows installers now ship with Npcap 1.31. They previously
shipped with Npcap 1.10.
The Windows installers now ship with Qt 5.15.2. They previously
shipped with Qt 5.12.1.
Bug Fixes
• wnpa-sec-2021-04[1] DVB-S2-BB dissector infinite loop
The following bugs have been fixed:
• Macro filters can’t handle escaped characters Issue 17160[2].
• Display filter crashes Wireshark Issue 17316[3].
• IEEE-1588 Signalling Unicast TLV incorrectly reported as being
malformed Issue 17355[4].
• IETF QUIC TLS decryption error with extraneous packets during the
handshake Issue 17383[5].
• Statistics → Resolved Addresses: multi-protocol (TCP/UDP/…)
ports not displayed Issue 17395[6].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DNP, DVB-S2-BB, ProtoBuf, PTP, QUIC, RANAP, and TACACS
New and Updated Capture File Support
Ascend, ERF, K12, NetScaler, and pcapng
Wireshark 3.4.5 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-04[1] MS-WSP dissector excessive memory
consumption. Issue 17331[2].
The following bugs have been fixed:
• TShark does not print GeoIP information Issue 14691[3].
• TShark error when piping to "head" Issue 16192[4].
• Parts of ASCII representation in Packet Bytes pane are missing
Issue 17087[5].
• Buildbot crash output: fuzz-2021-02-22-1012761.pcap Issue
17254[6].
• NDPE attribute of NAN packet is not dissected Issue 17278[7].
• TECMP: reserved flag interpreted as part of timestamp Issue
17279[8].
• Master branch does not compile at least with gcc-11 Issue
17281[9].
• DNS IXFR/AXFR multiple response Issue 17293[10].
• File too large Issue 17301[11].
• Build fails with CMake 3.20 Issue 17314[12].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DECT, DNS, EAP, Kerberos, LDAP, MS-WSP, SMB2, Sysdig, TECMP, and WiFi
NAN
New and Updated Capture File Support
pcapng
Wireshark 3.4.4 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-03[1] Wireshark could open unsafe URLs. Issue
17232[2]. CVE-2021-22191[3].
The following bugs have been fixed:
• NTP Version 3 Client Decode PDML output issue (Reference ID
Issue) Issue 17112[4].
• 3.4.2: public wireshark include files are including build time
"config.h" Issue 17190[5].
• wireshark-3.4.3/epan/dissectors/packet-s7comm.c:3521: bad array
index ? Issue 17198[6].
• SIP protocol: P-Called-Party-ID header mixed up with
P-Charge-Info header Issue 17215[7].
• Asterix CAT010 Decode Error Issue 17226[8].
• _ws.expert columns not populated for IPv4 Issue 17228[9].
• Buildbot crash output: fuzz-2021-02-12-1651908.pcap Issue
17233[10].
• gQUIC: Wireshark 3.4.3 fails to dissect a packet (gQUIC q024)
that v3.2.6 succeeds. Issue 17250[11].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ASTERIX, Frame Relay, GQUIC, NTP, NVMe Fabrics RDMA, S7COMM, and SIP
New and Updated Capture File Support
iSeries
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 14 Jul 2021 20:41:23 +0000 (22:41 +0200)]
tftpd: Update to version 5.2
- Update from 0.48 (2007) to 5.2 (2011)
Version 5.2 is the last update made to this program
- Update to rootfile
- Changelog
Changes in 5.2:
Fix breakage on newer Linux when a single interface has
multiple IP addresses.
Changes in 5.1:
Add -P option to write a PID file. Patch by Ferenc Wagner.
Bounce the syslog socket in standalone mode, in case the
syslog daemon has been restarted. Patch by Ferenc Wagner.
Build fixes.
Fix handling of block number wraparound after a successful
options negotiation.
Fix a buffer overflow in option parsing.
Changes in 5.0:
Try to on platforms with getaddrinfo() without AI_ADDRCONFIG or
AI_CANONNAME.
Implement the "rollover" option, for clients which want block
number to rollover to anything other than zero.
Correctly disable PMTU in standalone mode. Patch by Florian
Lohoff.
Changes in 0.49:
Add IPv6 support. Patch by Karsten Keil.
Support systems with editline instead of readline.
Support long options in the server.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 14 Jul 2021 11:37:12 +0000 (13:37 +0200)]
samba: Update version to 4.14.6
- Update from 4.14.4 to 4.14.6
- Update of rootfile not required
- Changelog
Release Notes for Samba 4.14.6
* BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname().
* BUG 14732: smbd: Fix pathref unlinking in create_file_unixpath().
* BUG 14734: s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown().
* BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
change_file_owner_to_parent() error path.
* BUG 14730: NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
glusterfs VFS module.
* BUG 14734: s3/modules: fchmod: Fallback to path based chmod if pathref.
* BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs.
* BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd.
* BUG 14752: smbXsrv_{open,session,tcon}: protect
smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records.
* BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ
backend.
* BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for
restoring a backup.
Release Notes for Samba 4.14.5
* BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success.
* BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned
Windows ACL for directory handles.
* BUG 14721: s3: smbd: Fix uninitialized memory read in
process_symlink_open() when used with vfs_shadow_copy2().
* BUG 14689: docs: Expand the "log level" docs on audit logging.
* BUG 14714: smbd: Correctly initialize close timestamp fields.
* BUG 14699: Fix gcc11 compiler issues.
* BUG 14718: docs-xml: Update smbcacls manpage.
* BUG 14719: docs: Update list of available commands in rpcclient.
* BUG 14475: ctdb: Fix a crash in run_proc_signal_handler().
* BUG 14695: s3:winbind: For 'security = ADS' require realm/workgroup to be
set.
* BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 16 Jul 2021 11:12:58 +0000 (13:12 +0200)]
libcdada: Patch file to allow build to work with GCC 11 and update version to 0.3.5
- Update from 0.3.4 to 0.3.5
- Created libcdada-0.3.5-Werror.patch based on the gentoo 0.3.5 patch to remove -Werror
flags from the configure. This was flagging up warnings as errors and stopping
the build
- Removed the SUP_ARCH line to allow it to build again
- Added --without-tests and --without-checks to the ./configure statement. This prevents
the test and checks being built
- Removed libcdada-0.3.4-use-shared-library-for-tests-and-examples-build.patch as no
longer needed with the tests and checks no longer being built
- No update required for rootfile
- Changelog
v0.3.5 (20th April 2021)
New
- Improved public API documentation
- build: add --without-tests --without-examples build options
Bug fix
- Fix `E_EMPTY` return codes set/map/list/stack/queue
- Fix `make check` when valgrind is not installed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 16 Jul 2021 11:12:57 +0000 (13:12 +0200)]
pmacct: Patch file to allow build to work with GCC 11
- Created pmacct-1.7.6-Werror.patch to remove -Werror flags from the configure
This was flagging up warnings as errors and stopping the build
- Removed the SUP_ARCH line to allow it to build again
- No update required to the rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sun, 11 Jul 2021 13:12:15 +0000 (14:12 +0100)]
make.sh: Explicitely call zstd to extract toolchain
Some older versions of tar do not recognise Zstandard, yet.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 13 Jul 2021 16:27:59 +0000 (16:27 +0000)]
cdrom: Compress file system image using Zstandard
This patch uses the new Zstandard algorithm to compress the file system
image on the ISO image. This comes with these advantages:
* Compression is about twice as fast than XZ with the parameters we have
selected here
* We use a lot less memory during compression and can therefore utilise
all processor cores of the build machines
* Decompression (when installing IPFire and when creating the
flash-image) is substantically faster
The downside is that the generated ISO image is slighty larger (~10MiB)
which I am okay with as a trade-off for the points mentioned above.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 13 Jul 2021 15:44:20 +0000 (15:44 +0000)]
installer: Fix reading /proc/cmdline when launched by GRUB
The installer was reading the kernel command line and was looking for
certain values which configured the installer.
GRUB appended a trailing newline character which was not accounted for
and caused that the last parameter was not correctly compared to the
list of possible keys.
Fixes: #12656 - core 157: unattended installation don't work as expected on EFI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 13 Jul 2021 10:11:31 +0000 (10:11 +0000)]
aws: Enable serial console by default
AWS for some time now has a serial console feature which is enabled by
default on all systems. The VGA console is not enabled for any new
non-x86 instance types and not interactive.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
with kernel 5.10.x also the reading of s.m.a.r.t. data to update
the temperatur graphs is countet as disk read so update the stored
value after reading.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 9 Jul 2021 16:17:43 +0000 (16:17 +0000)]
stripper: Handle capabilities
During the build process, we set capabilities to elevate privileges of
certain progrems (e.g. ping). These have been removed during the build
process because of strip.
This patch collects any capabilities from all files that are being
stripped and restores them after calling strip.
Fixes: #12652 Reported-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 7 Jul 2021 17:27:14 +0000 (19:27 +0200)]
Pakfire: call "sync" in function.sh after having extracted archives
After upgrading to Core Update 157, a few number of users reported their
systems to be unworkable after a reboot. Most of them (the systems, not
the users) were apparently missing the new Linux kernel in their Grub
configuration, causing a non-functional bootloader written to disk.
While we seem to be able to rule out issues related to poor storage
(SDDs, flash cards, etc.) or very high I/O load, it occurred to me we
are not calling "sync" after having extracted a Core Update's .tar.gz
file.
This patch therefore proposes to do so. It is a somewhat homeopathic
approach, though, but might ensure all parts of the system to have
properly processed the contents of an extracted archive. While we cannot
even reasonably guess it will solve the problem(s) mentioned initially,
doing so cannot hurt either.
See also:
https://community.ipfire.org/t/after-update-ipfire-to-157-no-boot/5641/45
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 6 Jul 2021 16:08:29 +0000 (18:08 +0200)]
ddns.cgi: Fix sanity check logic.
The input validation did not work in the proper way. It allways
reported "No password" when using a provider which supports token and
the token has been given.
This of course is wrong and leaded to unuseable providers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 19 Apr 2021 10:25:14 +0000 (10:25 +0000)]
make.sh: Build zlib + zstd before binutils
binutils is using to compress LTO? debugging data. Since binutils linked
against zstd from stage2 is expecting data being compressed, we need to
have zstd available at the toolchain stage.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Feb 2021 18:17:03 +0000 (18:17 +0000)]
make.sh: Set parallelism to number of CPU cores
Setting it to something higher than the number of physical CPU cores was
a good idea when we used to have slow magnetic storage. That way, at
least there was always one process waiting for IO.
With modern fast flash-based storage, this does not hold any more since
it is fast enough that we don't need to have a couple of processes ready
to wait.
It will probably have made work for the scheduler more challenging since
more processes were ready and processes were moved around processors.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>