Peter Müller [Sat, 4 Sep 2021 13:53:11 +0000 (15:53 +0200)]
Tor: update to 0.4.6.7
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.6.7:
Changes in version 0.4.6.7 - 2021-08-16
This version fixes several bugs from earlier versions of Tor,
including one that could lead to a denial-of-service attack. Everyone
running an earlier version, whether as a client, a relay, or an onion
service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
o Major bugfixes (cryptography, security):
- Resolve an assertion failure caused by a behavior mismatch between
our batch-signature verification code and our single-signature
verification code. This assertion failure could be triggered
remotely, leading to a denial of service attack. We fix this issue
by disabling batch verification. Fixes bug 40078; bugfix on
0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
CVE-2021-38385. Found by Henry de Valence.
o Minor feature (fallbackdir):
- Regenerate fallback directories list. Close ticket 40447.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/08/12.
o Minor bugfix (crypto):
- Disable the unused batch verification feature of ed25519-donna.
Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
de Valence.
o Minor bugfixes (onion service):
- Send back the extended SOCKS error 0xF6 (Onion Service Invalid
Address) for a v2 onion address. Fixes bug 40421; bugfix
on 0.4.6.2-alpha.
o Minor bugfixes (relay):
- Reduce the compression level for data streaming from HIGH to LOW
in order to reduce CPU load on the directory relays. Fixes bug
40301; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (timekeeping):
- Calculate the time of day correctly on systems where the time_t
type includes leap seconds. (This is not the case on most
operating systems, but on those where it occurs, our tor_timegm
function did not correctly invert the system's gmtime function,
which could result in assertion failures when calculating voting
schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 7 Sep 2021 15:01:25 +0000 (15:01 +0000)]
udev: Enable ntuple offloading feature in supported NICs
We are using CPU-affinity and packet steering functions in various
places in IPFire, but packets might still be received on a random CPU
core.
This feature enables that packets that belong to the same connection
(i.e. have the save tuple) will be steered to the same queue. This will
increase cache locality and decrease locking which results in higher
throughput.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://blog.clamav.net/2021/09/clamav-01040-released.html
New requirements and major changes:
"As of ClamAV 0.104, CMake is required to build ClamAV
...
The built-in LLVM for the bytecode runtime has been removed."
But since the current 'llvm 12.0.1' version refused to be build
"...you will need to supply the development libraries for LLVM
version 3.6.2" - which is ~6 years old - I gave up with 'llvm'
and stayed with the bytecode "interpreter".
Cited:
"The bytecode interpreter is the default runtime for bytecode
signatures just as it was in ClamAV 0.103.
@ALL:
In 'clamav 0.104.0' there is no appropriate cmake option for
"CONFIGURE_FLAGS = --disable-fanotify" for ARM buildings anymore.
Perhaps there is a kernel option for this?
=> https://docs.clamav.net/manual/OnAccess.html#requirements
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Thu, 19 Aug 2021 12:07:06 +0000 (12:07 +0000)]
glibc: Fix CVE-2021-33574 and follow-up issue
The mq_notify function has a potential use-after-free issue when using a
notification type of SIGEV_THREAD and a thread attribute with a non-default
affinity mask.
The fix for this introduced a NULL pointer dereference.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Aug 2021 21:01:52 +0000 (23:01 +0200)]
wlanap.cgi: Access db.txt in place of using regdbdump on regulatory.bin
- wlanap.cgi was using regdbdump from crda to create a text based list of the
wireless settings by country database.
- With the removal of crda as part of the removal of python2 this option could not be
used.
- wireless-regdb also has a text based database list in the source tarball and this
patch makes wlanap.cgi read this list into the @countrylist_cmd variable
- This needs to be tested by someone that has an IPFire system with wifi that can access
and evaluate wlanap.cgi to confirm that this change functions as expected.
- This version changes the name of the stored text file from db.txt to regulatorydb.txt
- The command to read the data from regulatorydb.txt into @countrylist_cmd has been
corrected
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Aug 2021 21:01:51 +0000 (23:01 +0200)]
wireless-regdb: Use db.txt file for wlanap.cgi
- db.txt is the text file version of the wireless settings by country database
- Using db.txt means that regdbdump from crda is not required by wlanap.cgi
- This patch copies the db.txt file from the source tarball to /lib/firmware/ where
it can be read by wlanap.cgi
- This version of the patch renames the db.txt file to regulatorydb.txt
- Updated rootfile to include regulatorydb.txt
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Aug 2021 21:01:49 +0000 (23:01 +0200)]
python-setuptools: Removal of this python2 module.
- With the removal of python-m2crypto then this module is not longer required as a
dependency.
- python3-setuptools was already released into Core Update 157
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Aug 2021 21:01:48 +0000 (23:01 +0200)]
python-typing: Removal of this python2 module.
- With the removal of python-m2crypto then python-typing is no longer rerquired as a
dependency.
- The functionality of the python2 typing module is built in to python3.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Aug 2021 21:01:46 +0000 (23:01 +0200)]
crda: removal from kernel 4.15 and onwards.
- From kernel 4.15 and onwards the function of what crda does is built into the kernel.
- Tested the removal of crda with kernel 4.14.232 and kernel 5.10.45
Country code set by "iw reg set NL" was recognised with kernel 5.10.45 and set at
the global value of 00 with kernel 4.14.232 confirming the kernel built in option is
working without the prescence of crda
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Aug 2021 21:01:45 +0000 (23:01 +0200)]
make.sh: Remove crda and remaining python2 modules
- crda only works with python2 version of m2crypto
python-m2crypto requires python-setuptools and python-typing
- With Linux kernel 4.15 and later the country code status check that crda did is built
into the kernel.
- So from kernel 4.15, crda can be removed, which allows removal of m2crypto, setuptools
and typing.
- python-typing is built into python3 so no additional python3 module required.
- python3 version of python-setuptools has already been installed.
- python3 version of python-m2crypto is not required. python-m2crypto is only used for the
build of crda.
- ipaddr can be removed as the function of this python2 module is built into python3 with
ipaddress.py
- removal of crda tested with 5.10.45 kernel and the setting of a country code was
recognised. If this test carried out with crda removed and 4.14.232 kernel then country
code stays defined as the global code "00".
- wlanap.cgi uses regdbdump from crda to create a text based list of the
wireless settings by country database. With the removal of crda a modification is
required to wireless-reg to copy the db.txt file to a specific location that wlan.cgi
can then access. db.txt is the text file version of the wireless settings by country
database.
- This series version copies the db.txt file and renames it regulatorydb.txt and places it in
/lib/firmware/
- This series version also corrects the loading command from regulatorydb.txt into the
@countrylist_cmd variable
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Aug 2021 13:14:30 +0000 (15:14 +0200)]
client175: Convert python2 modules in source tarball to python3
- Patch created to convert all python modules to python3 compatibility that need it.
2to3 converter used for this.
- Start initscript changed to use python3
- No change required in rootfile
- Execution of patch added to lfs file
- Tested in vm machine. WUI page showed the same as with the python version.
scan of directory for mp3 (.flac) files was successful. Could not test actual audio
playing capability as my vm testbed does not have any audio setup at this time.
I believe that the purpose of client175 is to provide the WUI page and for that my
testing seemed to show everything working as expected.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 3 Aug 2021 13:11:11 +0000 (15:11 +0200)]
ncat: Update to 7.91 and fix #12647 ncat segfault if virtmanager try to connect libvirt
- Update from 7.80 to 7.91
- Update of rootfile
- Changelog is too long to include here
Full details can be found in the CHANGELOG file in the source tarball
- Added patch to fix segfault - https://github.com/nmap/nmap/issues/2154
- Ran with unpatched 7.91 version
$ touch /tmp/foo
$ nc -U /tmp/foo
Segmentation fault - flagged problem in #12647
- Ran with patched 7.91 version
$ touch /tmp/foo
$ nc -U /tmp/foo
Ncat: Connection refused. - Expected behaviour
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 1 Aug 2021 16:13:20 +0000 (18:13 +0200)]
e2fsprogs: Update to version 1.46.3
- Update from 1.44.4 to 1.46.3
- Update of rootfile
- Changelog from 1.44.4 to 1.46.3 is too long to display.
Full details can be found at http://e2fsprogs.sourceforge.net/e2fsprogs-release.html
Most of the 14 version updates have bug fixes in them.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 31 Jul 2021 21:50:06 +0000 (23:50 +0200)]
faad2: Update to version 2.10.0
- Update from 2.8.8 to 2.10.0
- Update of rootfile carried out
- Changelog
2.10.0:
[ tatsuz ]
* updated Visual Studio projects to VS 2019 (#54)
[ Fabian Greffrath ]
* mp4read.c: fix stack-buffer-overflow in stringin()/ftypin()
* fix heap-buffer-overflow in mp4read.c
[ Clayton Smith ]
* Remove non-ASCII characters
* Remove trailing whitespace
[ Andrew Wesie ]
* Check return value of ltp_data.
* Restrict SBR frame length to 960 and 1024 samples.
* Support object type 29.
* Support implicit SBR signaling in frontend.
* Fix PNS decoding when only right channel is noise.
* Initialize element_id array with an invalid id.
* Fix NULL pointer dereferences.
* Fix infinite loop in adts_parse.
* Fix infinite loop in huffman_getescape.
* Check for error after each channel decode.
* Check for inconsistent number of channels.
2.9.2:
[ Michał Janiszewski ]
* Only use x86-assembly when explicitly on x86
* Use unsigned integers correctly
* Initialize pointers that might otherwise not be
[ Fabian Greffrath ]
* update README esp. WRT directory structure
[ Rosen Penev ]
* fix compilation without SBR/PS_DEC (#48)
* fix compilation with LC_ONLY_DECODER (#47)
[ Fabian Greffrath ]
* fix "inline function 'cfftf1' declared but never defined" compiler warning
* fix some inconsistencies in the frontend output
* mp4read_open: add check for failed frame buffer allocation
* stszin: add check for allocation error and integer overflow
* add a pkg-config file
[ Stefan Pöschel ]
* frontend: address compile warning + add missing LF (#50)
[ François Cartegnie ]
* library name is faad (#52)
* Unbreak PS audio (#51)
2.9.1:
[ Fabian Greffrath ]
* Include stdio.h in libfaad/ps_dec.c for stderr (Michael Fink)
* Fix Tille -> Title typo in frontend/mp4read.c (Alexander Thomas)
2.9.0:
[ Krzysztof Nikiel ]
* Build system fixes and code clean-up
[ LoRd_MuldeR ]
* Fix compiler warnings and code indentation
* Fix compilation with GCC <= 4.7.3
* MSVC solution file clean-up
[ Cameron Cawley ]
* Fix compilation with GCC 4.7.4
* Fix compilation with MinGW
[ Michael Fink ]
* MSVC 2017 project file update
[ Hugo Lefeuvre ]
* Fix crash with unsupported MP4 files (NULL pointer dereference,
division by zero)
* CVE-2019-6956: ps_dec: sanitize iid_index before mixing
* CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
* CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
parametric stereo (PS)
* CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
CVE-2018-20358: syntax.c: check for syntax element inconsistencies
* CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
borders
[ Hugo Beauzée-Luyssen ]
* CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
[ Filip Roséen ]
* Prevent crash on SCE followed by CPE
[ Gianfranco Costamagna ]
* Fix linking with GCC 9 and "-Wl,--as-needed"
[ Fabian Greffrath ]
* Enable the frontend to be built reproducibly
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 31 Jul 2021 19:06:52 +0000 (21:06 +0200)]
ncdu: Update to version 1.16
- Update from 1.15.1 to 1.16
- Update of rootfile not required
- Changelog
1.16 - 2021-07-02
- Increase width of size bar depending on terminal size (Christian Göttsche)
- Set/increment $NCDU_LEVEL variable when spawning a shell
- Indicate whether apparent size or disk usage is being displayed
- Display setuid, setgid and sticky bits in file flags in extended mode
- Fix error handling while reading --exclude-from file
- Improve JSON import to allow for several future extensions to the format
- Export link count in JSON dumps
- Don't export inode in JSON dumps for non-hardlinks
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 31 Jul 2021 19:06:34 +0000 (21:06 +0200)]
lynis: Update to version 3.0.6
- Update from 3.0.3 to 3.0.6
- Update of rootfile carried out
- Changelog
## Lynis 3.0.6 (2021-07-22)
### Added
- OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
- Check for outdated translation files
### Changed
- DBS-1826 - Check if PostgreSQL is being used
- DBS-1828 - Test multiple PostgreSQL configuration file(s)
- KRNL-5830 - Sort kernels by version instead of modification date
- PKGS-7410 - Don't show exception for systems using LXC
- GetHostID function: fallback options added for Linux systems
- Fix: macOS Big Sur detection
- Fix: show correct text when egrep is missing
- Fix: variable name for PostgreSQL
- German and Spanish translations extended
## Lynis 3.0.5 (2021-07-02)
### Added
- OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
- CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
### Changed
- ACCT-9622 - Corrected typo
- HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
- PKGS-7320 - extended to Arch Linux 32
- Generation of host identifiers (hostid/hostid2) extended
- Linux host identifiers are now using ip as preferred input source
- Improved logging in several areas
## Lynis 3.0.4 (2021-05-11)
### Added
- ACCT-9670 - Detection of cmd tooling
- ACCT-9672 - Test cmd configuration file
- BOOT-5140 - Check for ELILO boot loader presence
- OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
### Changed
- BOOT-5104 - Add service manager detection support for runit
- FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
- FIRE-4540 - Corrected nftables empy ruleset test
- LOGG-2138 - Do not check for klogd when metalog is being used
- TIME-3185 - Improved support for Debian stretch
- Corrected issue when Lynis is not executed directly from lynis directory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 31 Jul 2021 19:04:43 +0000 (21:04 +0200)]
bird: Update to version 2.0.8
- Update from 2.0.7 to 2.0.8
- Update of rootfile not required
- Changelog
Version 2.0.8 (2021-03-18)
o Automatic channel reloads based on RPKI changes
o Multiple static routes with the same network
o Use bitmaps to keep track of exported routes
o Per-channel debug flags
o CLI commands show info from multiple protocols
o Linux: IPv4 routes with IPv6 nexthops
o Filter: Optimized redesign of prefix sets
o Filter: Improved type checking of user filters
o Filter: New src/dst accessors for Flowspec and SADR
o Filter: New 'weight' route attribute
o Filter: BGP path mask loop operator
o Filter: Remove quitbird command
o RIP: Demand circuit support (RFC 2091)
o BGP: New 'allow as sets' and 'enforce first as' options
o BGP: Support for BGP hostname capability
o BGP: Support for MD5SIG with dynamic BGP
o BFD: Optional separation of IPv4 / IPv6 BFD instances
o BFD: Per-peer session options
o RPKI: Allow build without libSSH
o RPKI: New 'ignore max length' option
o OSPF: Redesign of handling of unnumbered PtPs
o OSPF: Allow key id 0 in authentication
o Babel: Use onlink flag for routes with unreachable next hop
o Many bugfixes
Notes:
Automatic channel reloads based on RPKI changes are enabled by default,
but require import table enabled when used in BGP import filter.
BIRD now uses bitmaps to keep track of exported routes instead of
re-evaluation of export filters. That should improve speed and accuracy in
route export handling during reconfiguration, but takes some more memory.
Per-channel debug logging and some CLI commands (like 'show ospf neighbors')
defaulting to all protocol instances lead to some minor changes in log and
CLI output. Caution is recommended when logs or CLI output are monitored by
scripts.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://mmonit.com/monit/changes/
New: Issue #979: If filesystem mount flags changed, show both old
and new value. Originally only the new value was reported.
Fixed: Issue #960: The memory usage may report wrong value if system
memory size changed after Monit start. The problem was frequent
on KVM/LXC containers where MemTotal is dynamicaly updated.
Fixed: Issue #965: Monit CLI: if a custom configuration file was
used with the -c option, and the file cannot be read by Monit,
an AssertException was thrown. Monit will report normal error
instead of the exception now.
Fixed: Issue #966: Monit CLI: The service name pattern was changed
to case-sensitive in Monit 5.28.0. Revert the behaviour back
to case-insensitive.
Fixed: Issue #971: The LINK UP and LINK DOWN tests now support short
form of the optional ELSE condition, in addition to the verbose ELSE
IF <SUCCEEDED|FAILED> form.
Fixed: Issue #976: The space free test recovery always reported
value in percent, regardless of the test setting. If the test uses
absolute limit, Monit will report absolute space usage now.
Fixed: Issue #986: Services checks with custom schedule (the EVERY
statement) did set the data collection timestamp even if the
monitoring was skipped in the given cycle. The timestamp is now
updated only when the check was performed.
Fixed: Issue #990: Monit built with libressl may crash during
verification of the expired SSL certificate.
Fixed: Issue #968: Systemd and upstart templates: templates used
to set the path to the configuration file in the sysconfdir, which
is optionally set via the configure script during the compilation.
The path wasn't fully expanded in the template though, so it was
invalid. The template doesn't specify the explicit path now and lets
Monit search for the configuration file in all supported locations
(including the sysconfdir).
Changed: Issue #984: The permission check of the SSL PEM key file
allows group read permissions now (originally Monit enforced that
the file is readable only by the file owner).
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Fri, 30 Jul 2021 17:57:01 +0000 (19:57 +0200)]
qos.cgi: Fix truncated status output
In the past only the fist line of the status output has been passed
to the cleanhtml() function and displayed. Now the whole output will be
converted to a string, cleaned and displyed on the WUI again.
Fixes #12666.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 28 Jul 2021 20:46:00 +0000 (22:46 +0200)]
sudo: Update to version 1.9.7p2
- Update from 1.9.7p1 to 1.9.7p2
- Update of rootfile not required.
- Changelog - more details can be found at https://www.sudo.ws/changes.html
Major changes between version 1.9.7p2 and 1.9.7p1:
When formatting JSON output, octal numbers are now stored as strings, not numbers.
The JSON spec does not actually support octal numbers with a 0 prefix.
Fixed a compilation issue on Solaris 9.
Sudo now can handle the getgroups() function returning a different number of groups
for subsequent invocations. GitHub PR #106.
When loading a Python plugin, python_plugin.so now verifies that the module loaded
matches the one we tried to load. This allows sudo to display a more useful error
message when trying to load a plugin with a name that conflicts with a Python
module installed in the system location.
Sudo no longer sets the the open files resource limit to unlimited while it runs.
This avoids a problem where sudo's closefrom() emulation would need to close a
very large number of descriptors on systems without a way to determine which ones
are actually open.
Sudo now includes a configure check for va_copy or __va_copy and only defines its
own version if the configure test fails.
Fixed a bug in sudo's utmp file handling which prevented old entries from being
reused. As a result, the utmp (or utmpx) file was appended to unnecessarily.
GitHub PR #107.
Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd from accepting TLS
connections when OpenSSL is used. Bug #988.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 27 Jul 2021 08:59:00 +0000 (08:59 +0000)]
initscripts: Add switch to start processes in background
Since systemd, many programs no longer behave like a well-behaved
daemon. To avoid any extra solutions, this patch adds a -b switch which
will start a program in the background and throw away any output.
The behaviour remains unchanged for any other programs.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 26 Jul 2021 16:35:16 +0000 (18:35 +0200)]
libidn: Update to version 1.38
- Update from 1.36 to 1.38
- Update of rootfile
- Changelog
version 1.38
build: Fix --disable-tld builds.
Simplify building of gdoc-generated man/texi outputs.
Rebuild GTK-DOC HTML/PDF outputs on version number changes.
doc: Rebuild idn.1 when version number changes.
build: Fix --disable-tld builds.
cicd: Add pages.
doc: Improve GTK-DOC manual.
cicd: Fix Ubuntu 12.04 builds.
Improve GTK-DOC manual.
Fix build errors related to doc/idn--help.texi.
doc: Fix release process.
doc: Improve HACKING instructions.
Bootstrap cache.
version 1.37
Use gnulib's bootstrap.
Drop old unused WERROR_CFLAGS usage.
Improve URLs.
Fix links for git and valgrind.
Fix self check for --disable-tld.
Sync with TP.
Doc fixes.
Don't dist ps/html/pdf. Drop custom css.
Improve ./configure summary output.
Use gnulib langinfo module.
More ./configure summary output.
Use AM_GNU_GETTEXT_VERSION to get intl.m4 too.
Disable some complex gnulib self-tests that add lots of dependencies and fail on mingw.
Drop second gnulib tests directory since only one is supported.
Require more recent automake and gtk-doc.
Fix .gitignore.
doc: Fix JDK dependency for Fedora.
Drop warning stuff covered by manywarnings.m4 now.
Disable VLA from gettext.
Remove autopoint-generated files that are in gnulib too.
Update autoconf archive macros.
Prefer gnulib's M4 files over autopoint.
Modernize autoconf usage.
Use AM_GNU_GETTEXT_REQUIRE_VERSION.
Update gnulib files.
Modernize configure.ac.
Require autoconf 2.64 for newer gnulib.
Avoid including copyright info in idn example.
Fix manual copyright years.
Fix syntax-check.
Update copyright years.
Improve HACKING.
Drop obsolete PGP key from AUTHORS.
Revert last patch, clearly src/ was being built before doc/.
Build doc/ after src/ so that src/idn exists for help2man of doc/idn.1.
Fix recommended package installs.
Drop .gitlab-ci.yml.
Doc fix.
Sync with TP.
Fix typos, inspired by codespell.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 26 Jul 2021 16:34:39 +0000 (18:34 +0200)]
curl: Update to version 7.78.0
- Update from 7.77.0 to 7.78.0
- Update of rootfile not required
- Changelog
Changes:
curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
hostip: make 'localhost' return fixed values
mbedtls: add support for cert and key blob options
metalink: remove all support for it
mqtt: add support for username and password
Bugfixes:
--socks4[a]: clarify where the host name is resolved
ares: always store IPv6 addresses first
asyn-ares: remove check for 'data' in Curl_resolver_cancel
bearssl: explicitly initialize all fields of Curl_ssl
bearssl: remove incorrect const on variable that is modified
build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
c-hyper: abort CONNECT response reading early on non 2xx responses
c-hyper: add support for transfer-encoding in the request
c-hyper: bail on too long response headers
c-hyper: clear NTLM auth buffer when request is issued
c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
c-hyper: fix NTLM on closed connection tested with test159
c-hyper: fix the uploaded field in progress callbacks
c-hyper: handle NULL from hyper_buf_copy()
c-hyper: support CURLINFO_STARTTRANSFER_TIME
c-hyper: support CURLOPT_HEADER
ccsidcurl: fix the compile errors
CI/cirrus: install impacket from PyPI instead of FreeBSD packages
CI: add bearssl build
CI: add Circle CI
CI: add jobs using Zuul
CI: delete --enable-hsts option (it is the default now)
CI: remove travis details
cleanup: spell DoH with a lowercase o
cmake: add CURL_DISABLE_NTLM option
cmake: avoid leaking absolute paths into exported config
cmake: fix IoctlSocket FIONBIO check
cmake: fix support for UnixSockets feature on Win32
cmake: remove libssh2 feature checks
cmake: try well-known send/recv signature for Apple
configure.ac: make non-executable
configure/cmake: remove checks for many unused functions
configure: add --disable-ntlm option
configure: disable RTSP when hyper is selected
configure: do not strip out debug flags
configure: fix nghttp2 library name for static builds
configure: inhibit the implicit-fallthrough warning on gcc-12
configure: rename get-easy-option configure option to get-easy-options
conn_shutdown: if closed during CONNECT cleanup properly
conncache: lowercase the hash key for better match
cookies: track expiration in jar to optimize removals
copyright: add boiler-plate headers to CI config files
crustls: bump crustls version and use new URL
curl.h: <sys/select.h> is supported by VxWorks7
curl.h: include sys/select.h for NuttX RTOS
curl: ignore blank --output-dir
curl_endian: remove the unused Curl_write64_le function
curl_multibyte: Remove local encoding fallbacks
Curl_ntlm_core_mk_nt_hash: fix OOM in error path
Curl_ssl_getsessionid: fail if no session cache exists
CURLOPT_WRITEFUNCTION.3: minor update of the example
docs/BINDINGS: fix outdated links
docs/examples: use curl_multi_poll() in multi examples
docs/INSTALL: remove mentions of configure --with-darwin-ssl
docs: document missing arguments to commands
docs: fix inconsistencies in EGDSOCKET documentation
docs: fix incorrect argument name reference
docs: Fix typos
docs: make docs for --etag-save match the program behaviour
docs: use --max-redirs instead of --max-redir
doh: (void)-prefix call to curl_easy_setopt
doh: fix wrong DEBUGASSERT for doh private_data
easy: during upkeep, attach Curl_easy to connections in the cache
examples/multi-single: fix scan-build warning
examples: length-limit two sscanf() uses of %s
examples: safer and more proper read callback logic
filecheck: quietly remove test-place/*~
formdata: avoid "Argument cannot be negative" warning
formdata: correct typecast in curl_mime_data call
GHA: add a linux-hyper job
GHA: add several libcurl tests to the hyper job
GHA: run the newly fixed tests with hyper
github: timeout jobs on macOS after 90 minutes
glob: pass an 'int' as len when using printf's %*s
gnutls: set the preferred TLS versions in correct order
GOVERNANCE: add 'user', 'committer' and 'contributor'
hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
hostip: bad CURLOPT_RESOLVE syntax now returns error
hsts: ignore numberical IP address hosts
HSTS: not experimental anymore
http2: clarify 'Using HTTP2' verbose message
http2: init recvbuf struct for pushed streams
http2_connisdead: handle trailing GOAWAY better
http: fix crash in rate-limited upload
http: make the haproxy support work with unix domain sockets
http_proxy: deal with non-200 CONNECT response with Hyper
hyper: propagate errors back up from read callbacks
HYPER: remove mentions of deprecated development branch
idn: fix libidn2 with windows unicode builds
infof: remove newline from format strings, always append it
lib: don't compare fd to FD_SETSIZE when using poll
lib: fix compiler warnings with CURL_DISABLE_NETRC
lib: fix type of len passed to *printf's %*s
lib: more %u for port and int for %*s fixes
lib: use %u instead of %ld for port number printf
libcurl-security.3: mention file descriptors and forks
libssh2: limit time a disconnect can take to 1 second
mbedtls: make mbedtls_strerror always work
mbedtls: Remove unnecessary include
mqtt: detect illegal and too large file size
mqtt: extend the error message for no topic
msnprintf: return number of printed characters excluding null byte
multi: add scan-build-6 work-around in curl_multi_fdset
multi: alter transfer timeout ordering
multi: do not switch off connect_only flag when closing
multi: fix crash in curl_multi_wait / curl_multi_poll
netrc: skip 'macdef' definitions
ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
openssl: avoid static variable for seed flag
openssl: don't remove session id entry in disassociate
pinnedpubkey.d: fix formatting for version support lists
proto.d: fix formatting for paragraphs after margin changes
quiche: use send() instead of sendto() to avoid macOS issue
Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
runtests: also find the last test in Makefile.inc
runtests: enable 'hyper mode' only for HTTP tests
runtests: init $VERSION to avoid warnings when using -l
runtests: parse data/Makefile.inc instead of using make
runtests: skip disabled tests unless -f is used
rustls: remove native_roots fallback
schannel: set ALPN length correctly for HTTP/2
SChannel: Use '_tcsncmp()' instead
sectransp: check for client certs by name first, then file
setopt: fix incorrect comments
socketpair: fix potential hangs
socks4: scan for the IPv4 address in resolve results
ssl: read pending close notify alert before closing the connection
sws: malloc request struct instead of using stack
telnet: fix option parser to not send uninitialized contents
test1116: hyper doesn't pass through "surprise-trailers"
test1147: hyper doesn't allow "crazy" request headers like built-in
test1151: added missing CRLF to work with hyper
test1216: adjusted for hyper mode
test1218: adjusted for hyper mode
test1230: adjust to work in hyper mode
test1340/1341: adjusted for hyper mode
test1438/1457: add HTTP keyword to make hyper mode work
test1514: add a CRLF to the response to make it correct
test1518: adjusted to work with hyper
test1519: adjusted to work with hyper
test1594/1595/1596: fix to work in hyper mode
test269: disable for hyper
test3010: work with hyper mode
test328: avoid a header-looking body to make hyper mode work
test339: CRLFify better to work in hyper mode
test347: CRLFify to work in hyper mode
test393: make Content-Length fit within 64 bit for hyper
test394: hyper returns a different error
test395: hyper cannot work around > 64 bit content-lengths like built-in
test433: adjust for hyper mode
test434: add HTTP keyword
test500: adjust to work with hyper mode
test566: adjust to work with hyper mode
test599: adjusted to work in hyper mode
test644: remove as duplicate of test 587
tests: fix Accept-Encoding strips to work with Hyper builds
TLS: prevent shutdown loops to get stuck
tool: make _lseeki64() macro work with the PellesC compiler
tool_help: document that --tlspassword takes a password
tool_help: remove unused define
url.c: remove two variable assigns that are never read
url: (void)-prefix a curl_url_get() call
url: bad CURLOPT_CONNECT_TO syntax now returns error
version: turn version number functions into returning void
vtls: exit addsessionid if no cache is inited
vtls: fix connection reuse checks for issuer cert and case sensitivity
vtls: only store TIMER_APPCONNECT for non-proxy connect
vtls: use free() not curl_free()
warnless: simplify type size handling
Win32: fix build with Watt-32
winbuild/README: VC should be set to 6 'or larger'
winbuild: support alternate nghttp2 static lib name
wolfssl: failing to set a session id is not reason to error out
write-out.d: clarify urlnum is not unique for de-globbed URLs
zuul: use the new rustls directory name
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
iwconfig doesn't return values for "Link Quality" if the interface
is disconnected, causing a division by zero error. If there are odd
values, the resulting percentage may contain many decimal places.
This patch makes wifi_get_link_quality return zero instead of failing
and rounds the percentage to a more meaningful integer.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 20 Jul 2021 20:01:29 +0000 (22:01 +0200)]
rpcbind: Update to version 1.2.6
- Update from 1.2.5 to 1.2.6
- Update of rootfile not required
- Changelog is too large to include here. It can be downloaded from sourceforge
https://sourceforge.net/projects/rpcbind/files/rpcbind/1.2.6/1.2.6-ChangeLog
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 20 Jul 2021 20:01:03 +0000 (22:01 +0200)]
ethtool: Update to version 5.13
- Update from 5.12 to 5.13
- Update of rootfile not reuired
- Changelog is no longer in the source tarball. It has to be extracted from the commits
in the git repository.
5.13
netlink: work around spurious selftest failure Michal Kubecek
Merge branch 'review/getmodule-v4' into master Michal Kubecek
ethtool: Update manpages to reflect changes to getmodule (-m) command Vladyslav Tarasiuk
ethtool: Rename QSFP-DD identifiers to use CMIS Vladyslav Tarasiuk
ethtool: Refactor human-readable module EEPROM output for new API Vladyslav Tarasiuk
ethtool: Add netlink handler for getmodule (-m) Vladyslav Tarasiuk
Merge branch 'review/fec-stats-v3' into master Michal Kubecek
test: workaround for FEC encoding parser checks Michal Kubecek
netlink: stats: add an --all-groups option Jakub Kicinski
netlink: add support for standard stats Jakub Kicinski
ethtool: add nlchk for redirecting to netlink Jakub Kicinski
netlink: fec: support displaying statistics Jakub Kicinski
netlink: add FEC support Jakub Kicinski
json: improve array print API Jakub Kicinski
update UAPI header copies
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 20 Jul 2021 20:00:46 +0000 (22:00 +0200)]
cmake: Update to version 3.21.0
- Update from 3.20.4 to 3.21.0
- Update of rootfile not required
- Changelog
3.20.4 to 3.20.5
This version update made no changes to documented features or interfaces. Some
implementation updates were made to support ecosystem changes and/or fix regressions.
3.20.5 to 3.21.0
New Features
Presets
cmake-presets(7) gained support for specifying the install prefix in a configure preset.
cmake-presets(7) gained support for conditional enabling of presets.
cmake-presets(7) gained support for a ${hostSystemName} macro.
cmake-presets(7) gained support for omitting the generator and binaryDir fields.
Generators
The Visual Studio 17 2022 generator was added. This is experimental and based on "Visual Studio 2022 Preview 1.1" because this version of VS has not been released.
The Makefile Generators and the Ninja generator learned to add linker launcher tools along with the linker for C, CXX, OBJC, and OBJCXX languages. See the CMAKE_<LANG>_LINKER_LAUNCHER variable and <LANG>_LINKER_LAUNCHER target property for details.
Languages
CMake learned to support HIP as a first-class language that can be enabled via the project() and enable_language() commands.
C_STANDARD, OBJC_STANDARD, and the Compile Features functionality gained support for C17 and C23.
Source file extensions .ixx and .cppm are now treated as C++.
Command-Line
cmake(1) gained the --install-prefix <dir> command-line option to specify the location of the install prefix.
cmake(1) gained the --toolchain <path/to/file> command-line option to specify a toolchain file.
cmake(1) -E capabilities output, for some generators, may now contain a supportedPlatforms field listing platforms known to be supported in CMAKE_GENERATOR_PLATFORM.
Messages printed to a terminal now may be colored by message type.
Compilers
The Fujitsu compiler is now supported using compiler id Fujitsu in traditional (Trad) mode, and compiler id FujitsuClang in Clang mode.
Platforms
CMake now supports the MSYS runtime environment, much like CYGWIN.
File-Based API
The cmake-file-api(7) "codemodel" version 2 version field has been updated to 2.3.
The cmake-file-api(7) "codemodel" version 2 gained a new "directory" object containing directory-level information. This includes a list of installers generated by the install() command.
Commands
The add_custom_command() command DEPFILE option:
may now use generator expressions,
is now supported by Visual Studio Generators for VS 2012 and above, and
is now supported by the Xcode generator.
The add_custom_command(TARGET) command (for Build Events) gained support for resolving target-dependent generator expressions.
The build_command() command gained a PARALLEL_LEVEL option.
The file(COPY_FILE) command was added to copy a single file.
The file(GET_RUNTIME_DEPENDENCIES) command gained new POST_INCLUDE_FILES and POST_EXCLUDE_FILES arguments.
The file(REAL_PATH) command gained the option EXPAND_TILDE to replace any leading tilde with the path to the user's home directory.
The file(RENAME) command learned to optionally capture failure in a result variable. It also gained a NO_REPLACE option to fail if the destination exists.
The install() command gained a new IMPORTED_RUNTIME_ARTIFACTS mode, which can be used to install the runtime artifacts of imported targets.
The install() command gained a new RUNTIME_DEPENDENCY_SET mode, which can be used to install runtime dependencies using file(GET_RUNTIME_DEPENDENCIES).
The install(TARGETS) command gained new RUNTIME_DEPENDENCIES and RUNTIME_DEPENDENCY_SET arguments, which can be used to install runtime dependencies using file(GET_RUNTIME_DEPENDENCIES).
The install(SCRIPT|CODE) command supports a new option ALL_COMPONENTS which allows the corresponding code to run for every component of a per component installation.
The project() command now sets variables PROJECT_IS_TOP_LEVEL and <PROJECT-NAME>_IS_TOP_LEVEL to indicate whether it was called in a top-level CMakeLists.txt file.
Variables
The CMAKE_TOOLCHAIN_FILE environment variable was added to provide a default value for the CMAKE_TOOLCHAIN_FILE variable.
Properties
The IMPORTED_TARGETS directory property was added to get a list of Imported Targets created in the current directory.
The XCODE_EMBED_APP_EXTENSIONS target property was added to tell the Xcode generator to embed app extensions such as iMessage sticker packs. Aspects of the embedding can be customized with the XCODE_EMBED_APP_EXTENSIONS_PATH, XCODE_EMBED_APP_EXTENSIONS_CODE_SIGN_ON_COPY and XCODE_EMBED_APP_EXTENSIONS_REMOVE_HEADERS_ON_COPY properties.
Modules
The FindBLAS and FindLAPACK modules learned to support the serial Fujitsu_SSL2 and parallel Fujitsu_SSL2BLAMP libraries.
The FindDevIL module now provides imported targets.
The FindIconv module now has version support.
The FindIntl module now has version support.
The FindMPI module learned to support Fujitsu and FujitsuClang in both host and cross compiling modes.
The FindMsys module was added to find MSYS installations. Like FindCygwin, it is used automatically by some other find modules to locate UNIX-style tools on Windows.
The FindOpenMP module learned to support Fujitsu and FujitsuClang.
The FindVulkan module gained imported targets Vulkan::Headers and Vulkan::glslangValidator.
The UseJava module command add_jar gained a RESOURCES option to allow explicit naming of resources with non-optional namespace.
The UseSWIG module use now standard library naming conventions for the CSharp language. See policy CMP0122.
The UseSWIG module now supports using the swig tool to generate implicit dependencies with the Xcode generator.
Generator Expressions
A new TARGET_RUNTIME_DLLS generator expression was added.
CTest
ctest(1) gained documentation for its ability to capture Additional Test Measurements.
ctest(1) learned to recognize files attached to a test at run time. Previously it was only possible to attach files to tests at configure time by using the ATTACHED_FILES or ATTACHED_FILES_ON_FAIL test properties. See Additional Test Measurements for more information.
ctest(1) gained a --output-junit option to write test results to a JUnit XML file.
The ctest_build() command gained a PARALLEL_LEVEL option.
CPack
The CPack DragNDrop Generator gained option CPACK_DMG_FILESYSTEM to control the .dmg filesystem.
The CPack IFW Generator now supports hyphens in names given to cpack_ifw_configure_component() or cpack_ifw_configure_component_group() as DEPENDS or DEPENDENCIES arguments. This requires QtIFW 3.1 or later.
The CPack NSIS Generator gained a new CPACK_NSIS_EXECUTABLE variable to specify the makensis executable to use instead of the default one.
The CPACK_CUSTOM_INSTALL_VARIABLES variable was added to set variables in cmake_install.cmake script invocations made by CPack.
Deprecated and Removed Features
Undocumented CMAKE_SYSTEM_NAME version-stripping behavior has been removed entirely. If it is set by a -D flag or by a toolchain file, it is left unaltered, even if it still contains a version number. Similar CMAKE_HOST_SYSTEM_NAME version-stripping behavior, also undocumented, has been moved earlier, before project() or enable_language() is called.
ARMClang cpu/arch compile and link flags are no longer added automatically based on the CMAKE_SYSTEM_PROCESSOR variable or the undocumented CMAKE_SYSTEM_ARCH variable. They must be specified explicitly. See policy CMP0123.
Other Changes
The find_file(), find_path(), find_program(), and find_library() commands handle cache variables in the same way regardless how they are defined. See policy CMP0125 for details.
The find_file(), find_path(), find_program(), and find_library() commands gained the option NO_CACHE to store find result in normal variable.
The foreach() command now isolates loop variables in the loop scope. See policy CMP0124 for details.
The list() command's GET, INSERT, SUBLIST, and REMOVE_AT subcommands now error with invalid (i.e., non-integer) values are given as any of their index arguments based on the setting of policy CMP0121.
The set(CACHE) command no longer removes a normal variable of the same name, if any. See policy CMP0126.
target_link_libraries() calls referencing object libraries via the TARGET_OBJECTS generator expression now place the object files before all libraries on the link line, regardless of their specified order. See documentation on Linking Object Libraries via $<TARGET_OBJECTS> for details.
The Ninja Generators now pass source files and include directories to the compiler using absolute paths. This makes diagnostic messages and debug symbols more consistent, and matches the Makefile Generators.
The NMake Makefiles generator now encodes the generated makefiles as UTF-8 with a BOM when using nmake from VS 9 or above.
The Visual Studio Generators for VS 2010 and above now place per-source preprocessor definitions after target-wide preprocssor definitions. This makes VS consistent with the Ninja Generators and the Makefile Generators.
The precompiled binaries provided on cmake.org now support liblzma multi-threading. See the CPACK_THREADS and CPACK_ARCHIVE_THREADS variables.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 19 Jul 2021 11:46:25 +0000 (13:46 +0200)]
sysfsutils: Update to 2.1.1
- Update from 1.3.0 (2005) to 2.1.1 (2021)
- Update rootfile
- version 1.3.0 was from 2005. Version 2.1.0 was from 2006. No other updates have been
carried out since 2006 until Feb 2021 when the repository was migrated from CVS
to git. https://github.com/linux-ras/sysfsutils/releases
- Installed iso, that was created from build, into testbed vm system. All menu's opened
and no issues found. Not 100% sure what to look for as I am not totally clear what
the library would be used for or by which programs. Probably needs testing by someone
who lnows what the sysfsutils library is used for.
- Ran find-dependencies on the original library system before build and then on the new
library system after building and in both cases nothing was flagged up. So it looks
like no other programs are linked to the library.
- pcmciautils required one of the sysfsutils include files to be available during the
build. ./configure was modified to allow pcmciautils to find the include file
- Changelog for changes from 2.1.0 to 2.1.1
Moved to git from CVS repository
Modernized build system
Source compiles on latest compilers
Various bug fixes
Removed Changelog and NEWS files
Adjusted COPYING file to reflect set of directories covered under GPLv2
Added SUSE-specific libsysfs.conf
Improvements to adopt git workflow
Integration with Travis-CI
Updated the documentation
Special thanks to all the sysfsutils package maintainers.
Thanks to: Aurelien Jarno, Christopher Engelhard, Guillem Jover,
Kamalesh Babulal, Lee Duncan, Martin Pitt, Timm Bäder
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
So it was able to create DNAT rules with a network as target.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Fri, 16 Jul 2021 17:15:28 +0000 (19:15 +0200)]
firewall.cgi: Map rule if manual target address belongs to IPFire
Automatically map the rule target if a manual entered target address is
assigned to a network zone.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Fri, 16 Jul 2021 16:35:58 +0000 (18:35 +0200)]
firewall.cgi: Allow to creating input rules from Orange to another zone.
It was not able to create a firewall rule from the orange network to a
different network address of the firewall. ( For example: Orange -> IPFire's green address)
These rules always have been handled as FORWARD rules which is totaly
wrong.
Fixes #12265.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Tested-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 15 Jul 2021 12:46:19 +0000 (14:46 +0200)]
sysstat: Update to version 12.5.4
- Update from 6.0.2 (2005) to 12.5.4 (2021)
- sysstat-6.0.2-sysconf.patch no longer required. Built into source as standard now.
- Update rootfile
rootfile made the same as previous version. New options are available, such as
pidstat and tapestat but they have been commented out in the rootfile. If required
in the future they can be uncommented.
- iso that was built with this sysstat was installed into vm testbed and confirmed
that all graphs working, especially those related to disk stats.
- Changelog is too large to show here. Full details for all previous versions can be
found in the CHANGES file in the source tarball.
- At least 25 bugs fixed between the two versions.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 15 Jul 2021 12:45:58 +0000 (14:45 +0200)]
minidlna: Update to version 1.3.0
- Update from 1.2.1 to 1.3.0
- Update of rootfile not required
- Changelog
1.3.0 - Released 24-Nov-2020
- Fixed some build warnings when building with musl.
- Use $USER instead of $LOGNAME for the default friendly name.
- Fixed build with GCC 10
- Fixed some warnings from newer compilers
- Disallow negative HTTP chunk lengths. [CVE-2020-28926]
- Validate SUBSCRIBE callback URL. [CVE-2020-12695]
- Fixed spurious warnings with ogg coverart
- Fixed an issue with VLC where browse results would be truncated.
- Fixed bookmarks on Samsung Q series
- Added DSD file support.
- Fixed potential stack smash vulnerability in getsyshwaddr on macOS.
- Will now reload the log file on SIGHUP.
- Worked around bad SearchCriteria from the Control4 Android app.
- Increased max supported network addresses to 8.
- Added forced alphasort capability.
- Added episode season and number metadata support.
- Enabled subtitles by default for unknown DLNA clients, and add enable_subtitles config option.
- Fixed discovery when connected to certain WiFi routers.
- Added FreeBSD kqueue support.
- Added the ability to set the group to run as.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Thu, 15 Jul 2021 08:16:18 +0000 (10:16 +0200)]
firewalllog.dat: Proper display protocol names.
In some cases iptables logs the protocol number instead of the name.
When accessing the logs via the WUI, this number has been displayed as used
protocol, which is very hard to read and understand.
This commit adds a new function to the general-functions.pl, which
generates a hash to translate the protocol number into the protocol
name.
Fixes #11282.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 14 Jul 2021 20:40:59 +0000 (22:40 +0200)]
texinfo: Update to version 6.8
- Update from 6.7 to 6.8
- Update rootfile
- Changelog is too large to include here. Full details can be found in the
ChangeLog file in the source tarball
Following is the content of the NEWS file from the source tarball which highlights
noteworthy changes, very tersely.
6.8 (3 July 2021)
* Language
. new command @displaymath for formatting of mathematical notation
. @example takes an argument to specify the language
. mark these commands as deprecated, not to be used:
@centerchap, @definfoenclose, @refill, @inforef.
. new paper size @bsixpaper
* texi2any
. should be faster as Perl XS parser is enabled by default
. SHOW_MENU customization variable replaced by FORMAT_MENU.
FORMAT_MENU set to 'menu' is the same as SHOW_MENU set to 1, and
FORMAT_MENU set to 'nomenu' is the same as SHOW_MENU set to 0.
. only check menu structure if CHECK_NORMAL_MENU_STRUCTURE variable is set
. changes to HTML output:
. MathJax support for display of math. new variables HTML_MATH,
MATHJAX_SCRIPT and MATHJAX_SOURCE.
. new variables JS_WEBLABELS and JS_WEBLABELS_FILE to support
JavaScript License Web Labels
. by default, use sectional tables of contents instead of menus
. use section names in links by default (configure with
xrefautomaticsectiontitle customization variable)
. CONTENTS_OUTPUT_LOCATION sets location of table of contents
. document sections wrapped in <div> elements
. new variable USE_NODE_DIRECTIONS to use node or section structure
for node directions
. copiable anchor links for definitions with COPIABLE_ANCHORS variable
. experimental JavaScript browsing interface enabled with INFO_JS_DIR
. don't add an extra period before file extension given as an argument
to @image if image file is not found
* info
. support compressed dir files
* texi2dvi
. stop on first error in input file
* texinfo.tex
. put logical page numbers into PDF's ('page labels')
. put chapter numbers in the PDF outline
. new Finnish translation
* Distribution
. autoconf 2.71, automake 1.16.3, gettext 0.21
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 14 Jul 2021 20:40:39 +0000 (22:40 +0200)]
taglib: Update to version 1.12
- Update from 1.11.1 to 1.12
- Update rootfile
- Changelog
TagLib 1.12 (Feb 16, 2021)
* Added support for WinRT.
* Added support for Linux on POWER.
* Added support for classical music tags of iTunes 12.5.
* Added support for file descriptor to FileStream.
* Added support for 'cmID', 'purl', 'egid' MP4 atoms.
* Added support for 'GRP1' ID3v2 frame.
* Added support for extensible WAV subformat.
* Enabled FileRef to detect file types based on the stream content.
* Dropped support for Windows 9x and NT 4.0 or older.
* Check for mandatory header objects in ASF files.
* More tolerant handling of RIFF padding, WAV files, broken MPEG streams.
* Improved calculation of Ogg, Opus, Speex, WAV, MP4 bitrates.
* Improved Windows compatibility by storing FLAC picture after comments.
* Fixed numerical genres in ID3v2.3.0 'TCON' frames.
* Fixed consistency of API removing MP4 items when empty values are set.
* Fixed consistency of API preferring COMM frames with no description.
* Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439).
* Fixed handling of empty MPEG files.
* Fixed parsing MP4 mdhd timescale.
* Fixed reading MP4 atoms with zero length.
* Fixed reading FLAC files with zero-sized seektables.
* Fixed handling of lowercase field names in Vorbis Comments.
* Fixed handling of 'rate' atoms in MP4 files.
* Fixed handling of invalid UTF-8 sequences.
* Fixed possible file corruptions when saving Ogg files.
* Fixed handling of non-audio blocks, sampling rates, DSD audio in WavPack files.
* TableOfContentsFrame::toString() improved.
* UserTextIdentificationFrame::toString() improved.
* Marked FileRef::create() deprecated.
* Marked MPEG::File::save() with boolean parameters deprecated,
provide overloads with enum parameters.
* Several smaller bug fixes and performance improvements.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 14 Jul 2021 11:36:57 +0000 (13:36 +0200)]
less: Update to version 590
- Update from 581.2 to 590
- Update of rootfile not required
- Changelog
Major changes between "less" versions 581 and 590
* Make less able to read lesskey source files (deprecating lesskey).
* If XDG_CONFIG_HOME is set, find lesskey source file
in $XDG_CONFIG_HOME/lesskey rather than $HOME/.lesskey.
* If XDG_DATA_HOME is set, find and store history file
in $XDG_DATA_HOME/lesshst rather than $HOME/.lesshst.
* Add the --lesskey-src option.
* Add the --file-size option.
* With -F, if screen is resized to make file fit on one screen, don't exit.
* Fix bug which could leave terminal in mouse-reporting mode
after exiting less.
* Fix bug which caused failure to respond to window resize.
* Fix backslash bug searching in tag file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 14 Jul 2021 11:36:40 +0000 (13:36 +0200)]
hplip: Update to version 3.21.6
- Update from 3.21.2 to 3.21.6
- Update of rootfile
- Changelog
3.21.6
Added support for following new Distro's:
Fedora 34
Ubuntu 21.04
OpenSuse 15.3
Debian 10.9
3.21.4
Added support for following new Distro's:
LinuxMint 20.1
Debian 10.8
Added support for the following new Printers:
HP Envy 6400 series
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The images inherited padding from the general design and
have been resized to fit the layout, resulting in blurred graphs.
This removes the padding and shows the graphs in full size.
Fixes: #12657 Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Sun, 11 Jul 2021 17:54:17 +0000 (19:54 +0200)]
firewall.cgi: Fix multiple usage of configured net or interface.
When configuring a standard network as source or target the same
interface would be pre-selected as firewall interface when editing an
existing rule.
In case an existing input rule with an configured firewall interface
should be changed, the same network device has been pre-selected in the
standard networks dropdown box.
This easily confuses users and may lead to false configurations when
saving an edited rule.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 8 Jul 2021 11:43:43 +0000 (13:43 +0200)]
poppler: Update to version 21.07.0
- Update from 21.05.0 to 21.07.0
- Update of rootfile
- Changelog is too large to include here. Full details can be found in the ChangeLog file
in the source tarball. This is a collection of all the commits made.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 8 Jul 2021 11:43:26 +0000 (13:43 +0200)]
perl-MIME-Lite: Update to version 3.033
- Update from 3.030 (Nov 2013) to 3.033 (Jun 2021)
- Update of rootfile not required
- Changelog
Version 3.033
No changes since previous version, just made non-trial.
Version 3.032
Fix an error in printing to Net::SMTP (thanks, Peter Heirich)
Add "use warnings" and require v5.6
Version 3.031
Add an SSL option to connect to the SMTP relay via SSL on port 465. (thanks,
Max Maischein)
Document some tips on using non-ASCII content with MIME::Lite (thanks,
traveljury.com and Tom Hukins)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 8 Jul 2021 11:43:11 +0000 (13:43 +0200)]
pcre: Update to version 8.45
- Update from 8.44 to 8.45
- Updated rootfile
- Checked the dependencies of the old lib versions using find-dependencies
nothing flagged
- Changelog
Version 8.45 15-June-2021
This is the final release of PCRE1. A few minor tidies are included.
1. CMakeLists.txt has two user-supplied patches applied, one to allow for the
setting of MODULE_PATH, and the other to support the generation of pcre-config
file and libpcre*.pc files.
2. There was a memory leak if a compile error occurred when there were more
than 20 named groups (Bugzilla #2613).
3. Fixed some typos in code and documentation.
4. Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 8 Jul 2021 11:42:51 +0000 (13:42 +0200)]
iproute2: Update to version 5.13.0
- Update from 5.12.0 to 5.13.0
- Update of rootfile not required
- Changelog is not available in source tarball and not on source website
Below info obtained from the commits from the git repository
devlink: Fix printf() type mismatches on 32-bit architectures Ben Hutchings
utils: Fix BIT() to support up to 64 bits on all architectures Ben Hutchings
uapi: update headers to 5.13 Stephen Hemminger
devlink: Fix link errors on some systems Roi Dayan
tc: pedit: add decrement operation Asbjørn Sloth Tønnesen
tc: pedit: parse_cmd: add flags argument Asbjørn Sloth Tønnesen
iplink: support for WWAN devices Sergey Ryazanov
iplink: add support for parent device Sergey Ryazanov
Import wwan.h uapi file David Ahern
man: fix syntax for ip link property Stephen Hemminger
seg6: add support for SRv6 End.DT46 Behavior Paolo Lungaroni
Update kernel headers David Ahern
utils: bump max args number to 512 for batch files Guillaume Nault
uapi: update kernel headers to 5.13-rc6 Stephen Hemminger
Merge branch 'devlink-rate-support' into next David Ahern
devlink: Add ISO/IEC switch Dmytro Linkin
devlink: Add port func rate support Dmytro Linkin
devlink: Add helper function to validate object handler Dmytro Linkin
Update kernel headers David Ahern
devlink: Add optional controller user input Parav Pandit
police: Add support for json output Roi Dayan
tc: fq: add horizon attributes Eric Dumazet
configure: convert LIBBPF environment variables to command-line options Hangbin Liu
configure: add options ability Hangbin Liu
ss: update ss man page Roman Mashak
tc: f_flower: Add missing ct_state flags to usage description Ariel Levkovich
tc: f_flower: Add option to match on related ct state Ariel Levkovich
libgenl: make genl_add_mcast_grp set errno on error Florian Westphal
lib/fs: fix issue when {name,open}_to_handle_at() is not implemented Heiko Thiery
config.mk: Rerun configure when it is newer than config.mk David Ahern
ip: dynamically size columns when printing stats Jakub Kicinski
seg6: add counters support for SRv6 Behaviors Paolo Lungaroni
tc: htb: improve burst error messages Andrea Claudi
tipc: bail out if key is abnormally long Andrea Claudi
tipc: bail out if algname is abnormally long Andrea Claudi
tipc: call a sub-routine in separate socket Hoang Le
tc-cake: update docs to include LE diffserv Tyson Moore
dcb: fix memory leak Andrea Claudi
dcb: fix return value on dcb_cmd_app_show Andrea Claudi
lib: bpf_legacy: avoid to pass invalid argument to close() Andrea Claudi
tc: q_ets: drop dead code from argument parsing Andrea Claudi
ip: align the name of the 'nohandler' stat Jakub Kicinski
Update kernel headers David Ahern
Merge branch 'rdma-copy-on-fork' into next David Ahern
rdma: Add copy-on-fork to get sys command Gal Pressman
rdma: update uapi headers Gal Pressman
mptcp: make sure flag signal is set when add addr with port Jianguo Wu
Merge branch 'main' into next David Ahern
ip: Add nodst option to macvlan type source Jethro Beekman
Merge branch 'rdma-resource-tracking' into next David Ahern
rdma: Add SRQ resource tracking information Neta Ostrovsky
rdma: Add context resource tracking information Neta Ostrovsky
rdma: Update uapi headers Neta Ostrovsky
Update kernel headers David Ahern
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 1 Jul 2021 21:26:04 +0000 (23:26 +0200)]
traceroute: Update to version 2.1.0
- Update from 2.0.18 (2011) to 2.1.0 (2016 - latest version)
- Update of rootfile not required
- Changelog
2016-03-08 Dmitry Butskoy <Dmitry@Butskoy.name> - 2.1.0
* Improve the main loop for better interactivity.
Instead of waiting silently for maximum expiration time of probes
in progress, use timeout of the first probe (which will be printed
first from now) only.
* Speedup wait mechanism.
Traditional traceroute implementation always waited the whole timeout
for any probe. But if we already have some replies from the same hop,
or even from some next hop, we can use the round trip time
of such a reply as a hint to determine the actual reasonable
amount of time to wait.
Now the `-w' option has a form of three (in general) float values
separated by a comma (or a slash): `-w MAX_SECS,HERE,NEAR' .
(last two are optional). MAX_SECS specifies the maximum time
(in seconds) to wait, in any case.
The optional HERE specifies a factor to multiply the round trip time
of an already received response from the same hop.
The resulting value is used as a timeout for the probe, instead of
(but no more than) MAX_SECS. The optional NEAR specifies a similar
factor for a response from some next hop.
The time of the first found result is used in both cases.
First, we look for the same hop (of the probe which will be printed
first from now). If nothing found, then look for some next hop.
If nothing found, use MAX_SECS. If HERE and/or NEAR have zero values,
the corresponding computation is skipped.
HERE and NEAR are always set to zero if only MAX_SECS is specified
(which provides compatibility with previous versions). Thus, if your
scripts use `-w SECS', then nothing changed for you, since
the lonely SECS implies `-w SECS,0,0' .
Defaults are 5.0 seconds for MAX_SECS, 3.0 times for HERE and
10.0 times for NEAR.
Certainly, the new algorithm can lead to premature expiry
(especially when response times differ at times) and printing "*"
instead of a time. Anyway, you can always switch this algorithm off,
just by specifying `-w' with the desired timeout only (fe. `-w 5').
We continue to wait whole MAX_SECS when one probe per time
must be sent (`--sport', `-P proto'), because it seems more harmful
rather than helpful to try to wait less in such cases.
To provide compatibility with 2.0.x versions, use:
traceroute -w 5
(or any other desired `-w' value).
* Hint people to use the system traceroute(8) instead of
tcptraceroute wrapper (by providing a stderr header).
The using of this wrapper is a little bit harmful, since it has
less possibilities and a little different set of options.
For those who are used to use tcptraceroute in cmdline,
just create a link with that name to the system traceroute.
When invoked as "tcp*", it then behaves as `traceroute -T'.
(The simple manual page added for this case in the wrapper subdir).
The original tcptraceroute had some options differ ("lpNSAE"),
but they was rare used. Most common "dnFifmqwst" was just the same.
Therefore it should be painless to use the system binary directly,
instead of the limited wrapper (which is still provided indeed).
2016-02-15 Dmitry Butskoy <Dmitry@Butskoy.name> - 2.0.22
* Some portability fixing and improvements (Felix Janda)
* Require clear numbers for options and arguments (Sergey Salnikov)
* Drop compilation date from the version string (Debian #774365)
* New tcp module option `reuse', which utilize SO_REUSEADDR
to reuse local port numbers for the huge workloads (Richard Sheehan)
* Avoid poll(2) call with spurious zero timeout in some rare cases
by rounding the value properly using ceil(3)
2014-11-12 Dmitry Butskoy <Dmitry@Butskoy.name> - 2.0.21
* Fix `--mtu' and `-F' working on kernels >= 3.13
* Some manual page improving (Christopher Mann)
2014-06-14 Dmitry Butskoy <Dmitry@Butskoy.name> - 2.0.20
* Describe all complementary long options in the man page (Jan Synacek)
* Use correct service name for AS lookups (Frederic Mangano)
* Avoid some rare case null dereference (geogriffin@jsgriff.com)
* Improve expiration check for simultaneous probes
2012-11-19 Dmitry Butskoy <Dmitry@Butskoy.name> - 2.0.19
* DCCP protocol support (rfc4340), by Samuel Jero
Use "-D" option for it (the protocol-specific options
are available too).
* Update COPYING and COPYING.LIB license files to the latest
published ones (due to FSF address changes etc.) (Jan Synacek)
* Add mention of "-l" option to manual (Filip Holec)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 1 Jul 2021 21:25:48 +0000 (23:25 +0200)]
Text-Tabs+Wrap: Update to 2013.0523
- Update from 2005.0824 to 2013.0523 - latest version
- Update of rootfile required
- Changelog
= 2013/05/23
Change module 'NAME'
= 2013/05/22
Typos
= 2013/04/26
Minor test suite fixes - bug 81698.
Fixed bug 79766 -- an extraneous "=" in a regex.
Changed the license to qualify as an "open source" license.
= 2012/08/18
Packaging fix.
Minor documentation fixes.
= 2012/08/15
Minor fixes to test suites.
Added back versions to support old versions of perl.
= 2009/04/17
Added support for Unicode combining characters to both
Text::Tabs and Text::Wrap, plus a new test suite for each
of these new functionalities. --tchrist
= 2009/03/05
Test improvements from Dave Mitchel sent back in 2005...
Added code to increase $columns if it's not big enough to accommodate
the subsequent tab.
Minor documentation fixes from David Landgren <david at landgren.net>.
Use warnings::warnif instead of just warn for columns < 2. Appled per
request of Rafael Garcia-Suarez <rgarciasuarez at gmail.com>.
= 2006/11/17
Text::Tabs can handle newlines now so the BUGS section has been removed
per request from Aristotle Pagaltzis.
= 2006/07/11
Further bomb-proofing to pass more tests: Dan Jacobson <jidanni at
jidanni dot org> found another way to generate a "this shouldn't happen".
= 2006/07/05
Made documentation and code changes to address perlbug:
https://rt.perl.org/rt3/Ticket/Display.html?id=30229
Added in changes from the distributed-with-perl version. This took
care of perlbug: https://rt.perl.org/rt3/Ticket/Display.html?id=34902
It also took care of suggestion from Matthijs Bomhoff <matthijs
at bomhoff dot nl>.
Made documentation changes (added EXAMPLES) as per a suggestion
from Gabor Blasko <gblasko at cs dot columbia dot edu>
belg4mit at MIT dot EDU reported that $columns==1 die'd. No longer.
Added tests for each bug report.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 3350500 to 3360000
- Update of rootfile not required
- Changelog
Improvement to the EXPLAIN QUERY PLAN output to make it easier to understand.
Byte-order marks at the start of a token are skipped as if they were whitespace.
An error is raised on any attempt to access the rowid of a VIEW or subquery. Formerly, the rowid of a VIEW would be indeterminate and often would be NULL. The -DSQLITE_ALLOW_ROWID_IN_VIEW compile-time option is available to restore the legacy behavior for applications that need it.
The sqlite3_deserialize() and sqlite3_serialize() interfaces are now enabled by default. The -DSQLITE_ENABLE_DESERIALIZE compile-time option is no longer required. Instead, there is is a new -DSQLITE_OMIT_DESERIALIZE compile-time option to omit those interfaces.
The "memdb" VFS now allows the same in-memory database to be shared among multiple database connections in the same process as long as the database name begins with "/".
Back out the EXISTS-to-IN optimization (item 8b in the SQLite 3.35.0 change log) as it was found to slow down queries more often than speed them up.
Improve the constant-propagation optimization so that it works on non-join queries.
The REGEXP extension is now included in CLI builds.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 30 Jun 2021 18:40:31 +0000 (20:40 +0200)]
Firewall: Proper allow to create REDIRECT rules.
This patch now proper allows to create rules for redirecting requests of a
given host, group or network(s) to a specified port or service to the
local IPFire system.
So it implements a very generic and easy to use feature to redirect
(for example all DNS, NTP, or whatever) requests to the a local running
instance and so to force usage of that local hosted service.
* The feature supports specifiying a single port and redirect the requests to another given one.
( For example requests to UDP 123 can be redirected to local UDP 1234
if you run an NTP server on that port.)
* It also supports direct usage of services or even service groups.
( So you can create a service group for DNS and redirect them to the
local recursor, or create a "redirected services" group which easily
can be managed...)
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 30 Jun 2021 17:47:07 +0000 (19:47 +0200)]
iperf3: Update to version 3.10.1
- Update from 3.9 to 3.10.1
- Update of rootfile not required
- Changelog
iperf-3.10.1 2021-06-03
* Notable user-visible changes
* Fixed a problem with autoconf scripts that made builds fail in
some environments (#1154 / #1155).
* Developer-visible changes
* GNU autoconf 2.71 or newer is now required to regenerate iperf3's
configure scripts.
iperf 3.10 2021-05-26
* Notable user-visible changes
* Fix a bug where some --reverse tests didn't terminate (#982 /
#1054).
* Responsiveness of control connections is slightly improved (#1045
/ #1046 / #1063).
* The allowable clock skew when doing authentication between client
and server is now configurable with the new --time-skew-threshold
(#1065 / #1070).
* Bitrate throttling using the -b option now works when a burst size
is specified (#1090).
* A bug with calculating CPU utilization has been fixed (#1076 /
#1077).
* A --bind-dev option to support binding sockets to a given network
interface has been added to make iperf3 work better with
multi-homed machines and/or VRFs (#817 / #1089 / #1097).
* --pidfile now works with --client mode (#1110).
* The server is now less likely to get stuck due to network errors
(#1101, #1125), controlled by the new --rcv-timeout option.
* Fixed a few bugs in termination conditions for byte or
block-limited tests (#1113, #1114, #1115).
* Added tcp_info.snd_wnd to JSON output (#1148).
* Some bugs with garbled JSON output have been fixed (#1086, #1118,
#1143 / #1146).
* Support for setting the IPv4 don't-fragment (DF) bit has been
added with the new --dont-fragment option (#1119).
* A failure with not being able to read the congestion control
algorithm under WSL1 has been fixed (#1061 / #1126).
* Error handling and error messages now make more sense in cases
where sockets were not successfully opened (#1129 / #1132 /
#1136, #1135 / #1138, #1128 / #1139).
* Some buffer overflow hazards were fixed (#1134).
* Notable developer-visible changes
* It is now possible to use the API to set/get the congestion
control algorithm (#1036 / #1112).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 30 Jun 2021 17:46:50 +0000 (19:46 +0200)]
intltool: Update to version 0.51.0
- Update from 0.40.5 (2008) to 0.51.0 (2015 - latest release)
- Update of rootfile3 not required
- Changelog is too long to include here
Changes from version 0.41.0 to 0.51.0 can be found at https://launchpad.net/intltool/+download
and in the ChangeLog files in the Source Tarballs
Changes prior to 0.41.0 can be found at https://download.gnome.org/sources/intltool/
in the ChangeLog files in the Source Tarballs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>