Adolf Belka [Sat, 2 Jan 2021 12:54:45 +0000 (13:54 +0100)]
general-functions.pl: Update to fix bug #12428
- Patch of general-functions.pl for implementation of fix provided
by Bernhard Bitsch in bug #12428.
Had to be modified as that fix gave a failure for single character hostnames.
Updated version prevents spaces being put into hostnames and works for single
character hostnames
- Updated subroutine validfqdn to apply consistent rules for hostname & domain name
portions of fqdn
- Minor updates for consistency across validhostname, validdomainname & validfqdn
- Patch implemented into testbed system and confirmed working for hostnames, domain names
and FQDN's.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 27 Dec 2020 11:06:27 +0000 (12:06 +0100)]
bacula: Update to 9.6.7
- Update bacula from 9.6.6 to 9.6.7
This is a minor bug release
See https://sourceforge.net/projects/bacula/files/bacula/9.6.7/ReleaseNotes/
- This is the last of the version 9 series. The next update will be the version 11 series.
- Update of lfs and rootfiles
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 27 Dec 2020 18:59:29 +0000 (19:59 +0100)]
iperf3: Update to version 3.9
- Update iperf3 from 3.7 to 3.9
- No changes to rootfiles
- Update patch file to remove pg flag
- Release notes from version 3.8 onwards:-
iperf 3.9 2020-08-17
--------------------
* Notable user-visible changes
* A --timestamps flag has been added, which prepends a timestamp to
each output line. An optional argument to this flag, which is a
format specification to strftime(3), allows for custom timestamp
formats (#909, #1028).
* A --server-bitrate-limit flag has been added as a server-side
command-line argument. It allows a server to enforce a maximum
throughput rate; client connections that specify a higher bitrate
or exceed this bitrate during a test will be terminated. The
bitrate is expressed in bits per second, with an optional trailing
slash and integer count that specifies an averaging interval over
which to enforce the limit (#999).
* A bug that caused increased CPU usage with the --bidir option has
been fixed (#1011).
* Notable developer-visible changes
* Fixed various minor memory leaks (#1023).
iperf 3.8.1 2020-06-10
----------------------
* Notable user-visible changes
* A regression with "make install", where the libiperf shared
library files were not getting installed, has been fixed (#1013 /
#1014).
iperf 3.8 2020-06-08
--------------------
* Notable user-visible changes
* Profiled libraries and binaries are no longer built by default
(#950).
* A minimal Dockerfile has been added (#824).
* A bug with burst mode and unlimited rate has been fixed (#898).
* Configuring with the --enable-static-bin flag will now cause
a statically-linked iperf3 binary to be built (#989).
* Configuring with the --without-sctp flag will now prevent SCTP
from being auto-detected (#1008). This flag allows building a
static binary (see above item) on a CentOS system with SCTP
installed, because no static SCTP libraries are available.
* Clock skew between the iperf3 client and server will no longer
skew the computation of jitter during UDP tests (#842 / #990).
* A possible buffer overflow in the authentication feature has been
fixed. This was only relevant when configuration authentication
using the libiperf3 API, and did not affect command-line usage.
Various other improvements and fixes in this area were also made
(#996).
* Notable developer-visible changes
* The embedded version of cJSON has been updated to 1.7.13 (#978).
* Some server authentication functions have been added to the API
(#911).
* API access has been added to the connection timeout parameter
(#1001).
* Tests for some authentication functions have been added.
* Various compiler errors and warnings have been fixed.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 27 Dec 2020 18:51:45 +0000 (19:51 +0100)]
iperf: Update to 2.0.14a
- Update from version 2.0.13 to 2.0.14a
- No change in rootfiles
- Release notes for change:-
o scaling improvements for -P, i.e. improved support for large numbers of traffic threads
o major code refactoring (see doc/DESIGN_NOTES) for maintainability, extensibilty, performance, scaling, memory usage
o support for full duplex traffic using --full-duplex
o support for reverse traffic using --reverse
o support for role-reversal character of asterisk in the transfer id
o transfer id now an incrementing integer and no longer the socket id
o support for TCP connect only tests with --connect-only
o isochronous support compiled in by default, must use config to disable
o support --isochronous for both UDP or TCP traffic to simulate video streams
o use of clock_nanosleep when supported to schedule isochronous burst starts, otherwise use nanosleep delay
o support for --trip-times indicating the client and server clocks are synchronized to an accuracy sufficient, note: consider the use of precision time protocol as well as ask your data center to provide access to a GPS disciplined reference time source
o support for --trip-times with -d and -r bidirectional tests
o output TCP connect times (3WHS) in connect reports
o support for application level tcp connect retries via --connect-retries n
o rate-limited options of -b and --fq-rate supported for unidirectional, full duplex and reverse traffic
o reporter thread designed to automatically cause packet reports to aggregate - mitigating and hopefully removing thread thrashing
o support for frame or burst based reporting or sampling vs time based via -i [f|F] (experimental)
o support for UDP traffic only from client to server with --no-udp-fin
o support for write to read latencies (UDP and TCP) with --trip-times
o support for sum only outputs with --sum-only
o support for little's law calculations in --trip-time outputs
o support for --txstart-time <epoch-time> to schedule client traffic start, timestamp support microseconds, e.g. unix $(expr $(date +%s) + 1).$(date +%N)
o support for --txdelay-time to insert delay between TCP three way handshake (3WHS) and data transfer
o support for --no-connect-sync which disables transmit traffic start synchronization when -P is used, defaults to synchronized
o option of --full-duplex implementation uses a barrier on the client side to synchronize full duplex traffic
o no limits to group sum reports, i.e. all clients will get its own sum report per a server
o improved report timestamps, e.g. end to end or client and server based timestamps with --trip-times
o improved settings messaging
o improved messaging for --tcp-congestion or -Z
o re-implemented -U for single UDP server with minimal threading interactions
o re-implemented -1 or --singleclient where server will serialize traffic runs
o warning message if the test were likely CPU bound instead of network i/o bound
o fix the case when -P <value> is set on the server such that summing output is displayed
o multicast listener will autoset -U (single server), e.g -P > 1 not supported for multicast
o multicast listener no longer busy drops multicast packets during traffic test, i.e. only server thread receives them
o immediate bail out on mutually exclusive command line options
o fix -o or --output using freopen to redirect stdout and stderr to a file
o man page updates with examples
o tested with 1000's of traffic streams, WiFi, 10G and 100G
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 26 Dec 2020 16:40:32 +0000 (17:40 +0100)]
procps: Update to 3.3.16
- update from 3.2.8 to 3.3.16
This is also an update from procps to procps-ng
The previous version was no longer being maintained.
- Added autogen.sh into lfs as ity is needed to create the config script.
- Added libdir=/lib line into configure command as default is /usr/lib
- Added mv commands for kill, ps & sysctl to place them into the same locations
as the previous version of procps
- Moved lfsmake2 procps line to after pkg-config in make.sh
The autogen line requires autoconf, libtool, gettext and pkg-config
to be available so procps moved to after them.
- procps-3.2.8-fix_unknown_HZ_value.patch no longer required with new
version so removed.
- rootfile updated.
- libprocps library being maintained by the same people now maitaining this
version of procps.
- information on the releases from 3.3.13 to 3.3.16 available on
https://gitlab.com/procps-ng/procps/-/releases
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sat, 26 Dec 2020 17:09:23 +0000 (18:09 +0100)]
ninja: Allow to limit the parallel build processes.
When run, ninja normally runs a maximum number of processes in parallel.
By default this is the number of cores on the system plus two. In some cases this can
overheat a CPU or run a system out of memory. If run from the command line, passing a
-jN parameter will limit the number of parallel processes, but some packages embed the
execution of ninja and do not pass a -j parameter.
Using this optional procedure allows us to limit the number of parallel processes
via an environment variable, NINJAJOBS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Thu, 24 Dec 2020 00:09:04 +0000 (01:09 +0100)]
Update (and cosmetic fixes) for 'pakfire.cgi': Added GUI entry for existing, but unused translation string
While preparing the Core153 update, I found by chance that a language string had been added from
Core152 to Core153 which I couldn't find in any CGI-file.
The translation suggested that this string ('Available Updates') could belong to 'pakfire.cgi'.
And I thought that on the pakfire GUI something was actually missing: the heading above the
box listing the 'Available Updates'. Don't know why I didn't saw this before.
So tried to add these missing heading. I hope I made it right...
Some cosmetic fixes:
I also added some space around the text for 'Available Addons' and 'Installed Addons'
because the text lines weren't separated. There is no seen wordwrapping. This required deleting
some unwanted '<br />' in the affected translation strings.
I tried this about 4 years ago, but somehow this patch got lost.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Thu, 24 Dec 2020 10:56:13 +0000 (11:56 +0100)]
country.cgi: Cosmetic fix for 'Back'-button'
While testing Peter's patch for Bug #12560 I noticed that the standard 'back'-button
at the end of the page - like in 'ipinfo.cgi' - was implemented as a text string.
I just took the code segment with the 'back'-*image* from 'ipinfo.cgi' to make this
link looking similar to the other pages.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 23 Dec 2020 14:03:32 +0000 (15:03 +0100)]
libloc: update to 0.9.5 and backport fix for #12554
This patch updates libloc to 0.9.5, deletes the upstream patchset from
version 0.9.4, and includes a latest upstream patch to backport a fix
for #12554.
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Tue, 22 Dec 2020 16:01:25 +0000 (17:01 +0100)]
remote.cgi: cosmetic changes
- Swap colour generation to improve readability in case of no active SSH logins
- Unify table layout
- Improve German "SSH host key" translation to avoid Deppenleerzeichen
This patch does not introduce functional changes.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 21 Dec 2020 21:25:34 +0000 (22:25 +0100)]
texinfo: update to 6.7
Full changelog as retrieved from https://git.savannah.gnu.org/cgit/texinfo.git/plain/NEWS:
6.7 (23 September 2019)
* Language:
. support of index subentries and sub-subentries with @subentry
. new commands @seeentry and @seealso in index entries
. no need to wrap Top node in @ifnottex - omitted automatically when
processed with TeX
. UTF-8 is the default input encoding
* texi2any
. for HTML output, mark index nodes in menus and tables of contents
with the 'rel' attribute of the 'a' tag.
. TOP_NODE_UP is now only used in HTML if TOP_NODE_UP_URL is set.
Also TOP_NODE_UP should now be formatted in the output format.
In HTML TOP_NODE_UP should be suitable for inclusion in HTML
element attributes, so for instance should not contain elements.
. support of noderename.cnf files has been removed
. INPUT_PERL_ENCODING, INPUT_ENCODING_NAME, NODE_FILE_EXTENSION,
NODE_FILENAMES, SHORTEXTN and TOP_NODE_FILE removed as customization
variables.
. TOP_NODE_FILE_TARGET now contains the extension.
. error messages translated when the XS parser module is in use
* texi2dvi
. unconditionally run in --batch mode, i.e. without stopping if there
is a TeX error
. keep on going after a TeX error if the index files changed
. with --tidy (or --build-dir), avoid reading index files from previous
runs where --tidy was not used
* info
. for a tree search (with M-/), '}' and '{' work as well as 'M-}' and
'M-{' to go through the results
Peter Müller [Mon, 21 Dec 2020 19:02:10 +0000 (20:02 +0100)]
ccache: update to 3.7.12
Please refer to https://ccache.dev/news.html#2020-10-01 for a list of
all release notes since version 3.4.1, it is unfortunately way too long
to be added here. :-]
Since ccache is not part of the distribution itself, no rootfile updates
were necessary.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 16 Dec 2020 12:33:22 +0000 (13:33 +0100)]
Fix for bug 10743
This adds in the option to have "deny known clients" in dhcpd.conf
This is applied to the range command so applies to the dynamic addresses
given.
If you have just a range statement say in blue then if you are not using
vlans you could have the situation where a known host in green might end
up getting a lease from the blue range. Here a deny known-clients makes
sense. Your range in this case would be limited to only unknown clients if
deny known-clients was selected.
dhcp WUI has been modified to add in this command. Error message has been
added to check that a range has been specified if the deny unknown clients
checkbox has been selected.
Language files updated with additional items (English, German & Dutch).
For more information on the history of this please see the bugzilla entry Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 21 Dec 2020 11:23:57 +0000 (12:23 +0100)]
dehydrated: Update to 0.7.0
- Update dehydrated from 0.6.5 to 0.7.0
- No changes to the rootfiles
- This update patch also addresses bug #12425
The changes from the interim patch mentioned in bug #12425 are included into this update
- Changes for all releases can be found at https://github.com/dehydrated-io/dehydrated/releases
- Changes for this version update
Added
Support for external account bindings
Special support for ZeroSSL
Support presets for some CAs instead of requiring URLs
Allow requesting preferred chain (--preferred-chain)
Added method to show CAs current terms of service (--display-terms)
Allow setting path to domains.txt using cli arguments (--domains-txt)
Added new cli command --cleanupdelete which deletes old files instead of archiving them
Fixed
No more silent failures on broken hook-scripts
Better error-handling with KEEP_GOING enabled
Check actual order status instead of assuming it's valid
Don't include keyAuthorization in challenge validation (RFC compliance)
Changed
Using EC secp384r1 as default certificate type
Use JSON.sh to parse JSON
Use account URL instead of account ID (RFC compliance)
Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
Cleanup now also removes dangling symlinks
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 18 Dec 2020 21:07:16 +0000 (22:07 +0100)]
hplip: Update to 3.20.11
- Update from 3.18.6 to 3.20.11 (16 updates)
- See Release notes for bug fixes and support for additional printers
https://sourceforge.net/p/hplip/news/
- Update of rootfile :-)
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 17 Dec 2020 20:01:59 +0000 (21:01 +0100)]
bird: Update to 2.0.7
Update bird from 2.0.6 to 2.0.7
Changes from changelog
- BGP: Fix reconfiguration with import table
*Change of some options requires route refresh, but when import table is
active, channel reload is done from it instead of doing full route
refresh. So in this case we request it internally.
- Doc: Minor documentation fixes
- Nest: Handle non-MPLS on MPLS case in recursive route update
*When non-MPLS recursive route resolves to MPLS underlying route,
then it should get MPLS labels from the the underlying route.
- Nest: Handle PtP links in recursive route update
*Underlying (IGP) route may lead to PtP link, in this case it does not
need gateway. Which is different than direct route without gateway.
*When recursive (BGP) route uses PtP route, it should not use recursive
next hop as immediate next hop, while for direct routes it should.
- Nest: Fix recursive route update
*Missing cleanup can lead to dangling pointer to old next hops.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 17 Dec 2020 16:13:28 +0000 (17:13 +0100)]
htop: Update to 3.0.3
Update htop from 3.0.2 to 3.0.3
See the Change Log for details of changes
https://github[.]com/htop-dev/htop/blob/master/ChangeLog Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 16 Dec 2020 18:28:05 +0000 (19:28 +0100)]
sqlite: Update to 3.34.0
-Update sqlite from 3.26.0 to 3.34.0
See https://sqlite[.]org/chronology[.]html for history between
these releases.
-Have reviewed all release notes between these two releases and there
are no deprecations.
-No change to rootfile. Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
ummeegge [Sun, 6 Dec 2020 10:08:59 +0000 (10:08 +0000)]
Pam: Update to version 1.5.1
Several fixes and improvements since the current available 1.3.1 version are included.
CVE-2020-27780 has also been fixed.
For a full release overview --> https://github.com/linux-pam/linux-pam/releases .
Signed-off-by: ummeegge <erik.kapfer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Dec 2020 14:01:36 +0000 (15:01 +0100)]
Fix for bug 12539
The installer recognises cups and cups-filters both as cups and puts
two instances of cups in the add-on services table.
Based on input from Michael Tremer this patch replaces the command
returning the second element between hyphens with one that takes
what comes after "meta-" using Perl code rather than a shell command.
The second find command was changed as per Michael's suggestion.
Tested in my ipfire test bed system and only results in one cups
entry. Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
ummeegge [Sun, 6 Dec 2020 15:03:45 +0000 (15:03 +0000)]
tshark: Update to version 3.4.0
- Since tshark uses since 3.4.0 an always enabled asynchronous DNS
resolution, c-ares is a needed dependency.
- Since the current actual version 3.2.6 a lot of bug fixes, fixed
vulnerabilities, updated features, new protocols but also updated
protocols has been integrated.
A full overview of all changes can be found in here -->
Update to version 3.2.7:
https://www.wireshark.org/docs/relnotes/wireshark-3.2.7.html
Update to version 3.2.8:
https://www.wireshark.org/docs/relnotes/wireshark-3.2.8.html
Update to version 3.4.0
https://www.wireshark.org/docs/relnotes/wireshark-3.4.0.html
Signed-off-by: ummeegge <erik.kapfer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
ummeegge [Sun, 6 Dec 2020 15:03:44 +0000 (15:03 +0000)]
c-ares: New package. Needed as tshark Dependency
- Since tshark uses with version 3.4.0 an always enabled asynchronous DNS
resolution c-ares is a needed dependency.
- Since curl can also use c-ares --> https://c-ares.haxx.se/ it has been
placed in make.sh before curl even no compiletime options has been set
to enable this. c-ares has also been placed in packages and not in common
which would be needed if it should be used for curl too.
Signed-off-by: ummeegge <erik.kapfer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 5 Dec 2020 14:51:11 +0000 (15:51 +0100)]
bacula: Update to use IPFire initscript
Bacula install used the bacula initscript for starting and stopping bacula.
This works fine but results in no pid or memory input in the addons table
under services.
Using the IPFire initscript also successfully starts and stops bacula with
no problems but also provides the pid and memory information in the services
addons table.
- rootfiles adjusted to remove the reference to bacula-ctl-fd
- lfs/bacula adjusted to remove the init.d/bacula link generation
remove the "rm -f /root/.rnd" command. This file is not present
and I have not seen this command in any other lfs file that I
have looked at.
- new bacula initscript created
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The X.509 GeneralName type is a generic type for representing different types
of names. One of those name types is known as EDIPartyName. OpenSSL provides a
function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
to see if they are equal or not. This function behaves incorrectly when both
GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
may occur leading to a possible denial of service attack.
OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
1) Comparing CRL distribution point names between an available CRL and a CRL
distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches the timestamp
authority name (exposed via the API functions TS_RESP_verify_response and
TS_RESP_verify_token)
If an attacker can control both items being compared then that attacker could
trigger a crash. For example if the attacker can trick a client or server into
checking a malicious certificate against a malicious CRL then this may occur.
Note that some applications automatically download CRLs based on a URL embedded
in a certificate. This checking happens prior to the signatures on the
certificate and CRL being verified. OpenSSL's s_server, s_client and verify
tools have support for the "-crl_download" option which implements automatic
CRL downloading and this attack has been demonstrated to work against those
tools.
Note that an unrelated bug means that affected versions of OpenSSL cannot parse
or construct correct encodings of EDIPARTYNAME. However it is possible to
construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence
trigger this attack.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>