For details see:
https://roy.marples.name/blog/dhcpcd-7-1-1-released
"A minor update, highlights include:
IPv4LL: Fixed build with this disabled
IPv4LL: Remember last address between carrier resets
BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN
FreeBSD: Avoid panicing kernel when RTA_IFP is set for IPv6 prefix routes"
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://curl.haxx.se/changes.html
This came rather unexpected - if I'd known, I'd have waited with 7.63.0.
"Changes:
cookies: leave secure cookies alone
hostip: support wildcard hosts
http: Implement trailing headers for chunked transfers
http: added options for allowing HTTP/0.9 responses
timeval: Use high resolution timestamps on Windows
Bugfixes:
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823: SMTP end-of-response out-of-bounds read
FAQ: remove mention of sourceforge for github
OS400: handle memory error in list conversion
OS400: upgrade ILE/RPG binding.
README: add codacy code quality badge
Revert http_negotiate: do not close connection
THANKS: added several missing names from year <= 2000
build: make 'tidy' target work for metalink builds
cmake: added checks for variadic macros
cmake: updated check for HAVE_POLL_FINE to match autotools
cmake: use lowercase for function name like the rest of the code
configure: detect xlclang separately from clang
configure: fix recv/send/select detection on Android
configure: rewrite --enable-code-coverage
conncache_unlock: avoid indirection by changing input argument type
cookie: fix comment typo
cookies: allow secure override when done over HTTPS
cookies: extend domain checks to non psl builds
cookies: skip custom cookies when redirecting cross-site
curl --xattr: strip credentials from any URL that is stored
curl -J: refuse to append to the destination file
curl/urlapi.h: include "curl.h" first
curl_multi_remove_handle() don't block terminating c-ares requests
darwinssl: accept setting max-tls with default min-tls
disconnect: separate connections and easy handles better
disconnect: set conn->data for protocol disconnect
docs/version.d: mention MultiSSL
docs: fix the --tls-max description
docs: use $(INSTALL_DATA) to install man page
docs: use meaningless port number in CURLOPT_LOCALPORT example
gopher: always include the entire gopher-path in request
http2: clear pause stream id if it gets closed
if2ip: remove unused function Curl_if_is_interface_name
libssh: do not let libssh create socket
libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
libssh: free sftp_canonicalize_path() data correctly
libtest/stub_gssapi: use "real" snprintf
mbedtls: use VERIFYHOST
multi: multiplexing improvements
multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
ntlm: fix NTMLv2 compliance
ntlm_sspi: add support for channel binding
openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
openssl: fix the SSL_get_tlsext_status_ocsp_resp call
openvms: fix OpenSSL discovery on VAX
openvms: fix typos in documentation
os400: add a missing closing bracket
os400: fix extra parameter syntax error
pingpong: change default response timeout to 120 seconds
pingpong: ignore regular timeout in disconnect phase
printf: fix format specifiers
runtests.pl: Fix perl call to include srcdir
schannel: fix compiler warning
schannel: preserve original certificate path parameter
schannel: stop calling it "winssl"
sigpipe: if mbedTLS is used, ignore SIGPIPE
smb: fix incorrect path in request if connection reused
ssh: log the libssh2 error message when ssh session startup fails
test1558: verify CURLINFO_PROTOCOL on file:// transfer
test1561: improve test name
test1653: make it survive torture tests
tests: allow tests to pass by 2037-02-12
tests: move objnames-* from lib into tests
timediff: fix math for unsigned time_t
timeval: Disable MSVC Analyzer GetTickCount warning
tool_cb_prg: avoid integer overflow
travis: added cmake build for osx
urlapi: Fix port parsing of eol colon
urlapi: distinguish possibly empty query
urlapi: fix parsing ipv6 with zone index
urldata: rename easy_conn to just conn
winbuild: conditionally use /DZLIB_WINAPI
wolfssl: fix memory-leak in threaded use
spnego_sspi: add support for channel binding"
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
...
'/usr/src/config/rootfiles/packages//borgbackup' -> '/install/packages/package/ROOTFILES'
tar: usr/lib/python3.6/site-packages/borg/chunker.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory
tar: usr/lib/python3.6/site-packages/borg/compress.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory
tar: usr/lib/python3.6/site-packages/borg/crypto.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory
tar: usr/lib/python3.6/site-packages/borg/hashindex.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory
tar: usr/lib/python3.6/site-packages/borg/platform_linux.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory
tar: Exiting with failure status due to previous errors
make: *** [borgbackup:58: dist] Error 2
...
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 6 Feb 2019 21:00:00 +0000 (21:00 +0000)]
apply default firewall policy for ORANGE, too
If firewall default policy is set to DROP, this setting was not
applied to outgoing ORANGE traffic as well, which was misleading.
Fixes #11973
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Cc: Oliver Fuhrer <oliver.fuhrer@bluewin.ch> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For some informations about this update see:
https://roy.marples.name/blog/dhcpcd-7-1-0-released
"dhcpcd-7.1.0 has been released with the following changes:
- OpenBSD: works alongside slaacd(8)
- NetBSD: sets SO_RERROR on to detect receive socket overflow
- BSD: route improvements to avoid listening for own changes
- Linux: use NETLINK_BROADCAST_ERROR
- BSD: avoid late address deletion messages by testing address existance
- IP6: implement IP6 address sharing
- BSD: catch UP/DOWN events when interfaces does support media changes
- IPv4LL: remember old address when carrier is lost
Many other minor fixes and documenation updates have been submitted by various
community members for this release..."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 27 Jan 2019 17:38:04 +0000 (18:38 +0100)]
ghostscript: Update to 9.26
For details see:
https://www.ghostscript.com/doc/9.26/News.htm
This version fixes CVE-2019-6116 ("code execution via subroutines within pseudo-operators")
Some details (german) can be found here:
https://www.heise.de/security/meldung/Boeser-Bug-in-PostScript-trifft-ghostscript-und-damit-Viele-mehr-4286563.html
I saw this article and found it could be the time for an update...
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 24 Jan 2019 12:31:27 +0000 (12:31 +0000)]
Enable some performance tuning
These parameters increase the throughput on various (large-ish)
systems by 5-10% on the slight expense of higher power consumption.
Socket buffers are increases and the system is configured to be
less aggressive when scheduling processes from one processor to
another one which ensures that the cache remains "hot" for longer.
On a slower system (apu1d) no performance improvement or loss
could have been measured.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 23 Jan 2019 19:54:07 +0000 (20:54 +0100)]
OpenSSH: update to 7.9p1
Update OpenSSH to 7.9p1 (release note is available at
https://www.openssh.com/txt/release-7.9). Patching support
for OpenSSL 1.1.0 is no longer required, thus the orphaned
patchfile has been deleted.
Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 20 Jan 2019 17:07:47 +0000 (18:07 +0100)]
logrotate: Update to 3.15
For details see:
https://github.com/logrotate/logrotate/releases
- timer unit: change trigger fuzz from 12h to 1h (#230)
- service unit: only run if /var/log is mounted (#230)
- preserve fractional part of timestamps when compressing (#226)
- re-indent source code using spaces only (#188)
- minage: avoid rounding issue while comparing the amount of seconds (#36)
- never remove old log files if rotate -1 is specified (#202)
- return non-zero exit status if a config file contains an error (#199)
- make copytruncate work with rotate 0 (#191)
- warn user if both size and the time interval options are used (#192)
- pass rotated log file name as the 2nd argument of the postrotate script
when sharedscript is not enabled (#193)
- rename logrotate-default to logrotate.conf (#187)
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>