Adolf Belka [Sun, 10 Apr 2022 11:18:12 +0000 (13:18 +0200)]
python3-pytz: Update to version 2022.1
- Update from 2021.3 to 2022.1
- Update of rootfile
- Changelog
pytz 2022.1 with the 2022a timezone database has been released. There are no code
changes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:11 +0000 (13:18 +0200)]
python3-jmespath: Update to version 1.0.0
- Update from 0.10.0 to 1.0.0
- Update of rootfile
- Changelog
This python module does not have a changelog in its source file or on its PyPi page
or on its github page.
To see what changes have occurred you have to look at the individual commits in github
https://github.com/jmespath/jmespath.py/commits/develop
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:10 +0000 (13:18 +0200)]
python3-flit: Update to version 3.7.1
- Update from 3.6.0 to 3.7.1
- Update of rootfile
- Changelog
Version 3.7.1
Fix building packages which need execution to get the version number, and
have a relative import in __init__.py (PR #531).
Version 3.7
Support for external data files such as man pages or Jupyter extension
support files (PR #510).
Project names are now lowercase in wheel filenames and .dist-info folder
names, in line with the specifications (PR #498).
Improved support for bootstrapping a Python environment, e.g. for downstream
packagers (PR #511). flit_core.wheel is usable with python -m to create
wheels before the build tool is available, and flit_core sdists also
include a script to install itself from a wheel before installer is available.
Use newer importlib APIs, fixing some deprecation warnings (PR #499).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:09 +0000 (13:18 +0200)]
python3-click: Update to version 8.1.2
- Update from 8.0.3 to 8.1.2
- Update of rootfile
- Changelog
Version 8.1.2
- Fix error message for readable path check that was mixed up with the
executable check. :pr:`2236`
- Restore parameter order for ``Path``, placing the ``executable``
parameter at the end. It is recommended to use keyword arguments
instead of positional arguments. :issue:`2235`
Version 8.1.1
- Fix an issue with decorator typing that caused type checking to
report that a command was not callable. :issue:`2227`
Version 8.1.0
- Drop support for Python 3.6. :pr:`2129`
- Remove previously deprecated code. :pr:`2130`
- ``Group.resultcallback`` is renamed to ``result_callback``.
- ``autocompletion`` parameter to ``Command`` is renamed to
``shell_complete``.
- ``get_terminal_size`` is removed, use
``shutil.get_terminal_size`` instead.
- ``get_os_args`` is removed, use ``sys.argv[1:]`` instead.
- Rely on :pep:`538` and :pep:`540` to handle selecting UTF-8 encoding
instead of ASCII. Click's locale encoding detection is removed.
:issue:`2198`
- Single options boolean flags with ``show_default=True`` only show
the default if it is ``True``. :issue:`1971`
- The ``command`` and ``group`` decorators can be applied with or
without parentheses. :issue:`1359`
- The ``Path`` type can check whether the target is executable.
:issue:`1961`
- ``Command.show_default`` overrides ``Context.show_default``, instead
of the other way around. :issue:`1963`
- Parameter decorators and ``@group`` handles ``cls=None`` the same as
not passing ``cls``. ``@option`` handles ``help=None`` the same as
not passing ``help``. :issue:`#1959`
- A flag option with ``required=True`` requires that the flag is
passed instead of choosing the implicit default value. :issue:`1978`
- Indentation in help text passed to ``Option`` and ``Command`` is
cleaned the same as using the ``@option`` and ``@command``
decorators does. A command's ``epilog`` and ``short_help`` are also
processed. :issue:`1985`
- Store unprocessed ``Command.help``, ``epilog`` and ``short_help``
strings. Processing is only done when formatting help text for
output. :issue:`2149`
- Allow empty str input for ``prompt()`` when
``confirmation_prompt=True`` and ``default=""``. :issue:`2157`
- Windows glob pattern expansion doesn't fail if a value is an invalid
pattern. :issue:`2195`
- It's possible to pass a list of ``params`` to ``@command``. Any
params defined with decorators are appended to the passed params.
:issue:`2131`.
- ``@command`` decorator is annotated as returning the correct type if
a ``cls`` argument is used. :issue:`2211`
- A ``Group`` with ``invoke_without_command=True`` and ``chain=False``
will invoke its result callback with the group function's return
value. :issue:`2124`
- ``to_info_dict`` will not fail if a ``ParamType`` doesn't define a
``name``. :issue:`2168`
- Shell completion prioritizes option values with option prefixes over
new options. :issue:`2040`
- Options that get an environment variable value using
``autoenvvar_prefix`` treat an empty value as ``None``, consistent
with a direct ``envvar``. :issue:`2146`
Version 8.0.4
- ``open_file`` recognizes ``Path("-")`` as a standard stream, the
same as the string ``"-"``. :issue:`2106`
- The ``option`` and ``argument`` decorators preserve the type
annotation of the decorated function. :pr:`2155`
- A callable default value can customize its help text by overriding
``__str__`` instead of always showing ``(dynamic)``. :issue:`2099`
- Fix a typo in the Bash completion script that affected file and
directory completion. If this script was generated by a previous
version, it should be regenerated. :issue:`2163`
- Fix typing for ``echo`` and ``secho`` file argument.
:issue:`2174, 2185`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:08 +0000 (13:18 +0200)]
python3-charset-vomalizer: Update to version 2.0.12
- Update from 2.0.10 to 2.0.12
- Update of rootfile
- Changelog
## [2.0.12]
### Fixed
- ASCII miss-detection on rare cases (PR #170)
## [2.0.11]
### Added
- Explicit support for Python 3.11 (PR #164)
### Changed
- The logging behavior have been completely reviewed, now using only TRACE and
DEBUG levels (PR #163 #165)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 10 Apr 2022 11:18:07 +0000 (13:18 +0200)]
python3-botocore: Update to version 1.24.37
- Update from 1.23.21 to 1.24.37
- Update of rootfile
- Changelog
1.24.37
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for the pass-through of WebVTT styling to WebVTT outputs, pass-through of KLV metadata to supported formats, and improved filter support for processing 444/RGB content.
api-change:wafv2: Add a new CurrentDefaultVersion field to ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
api-change:mediapackage-vod: This release adds ScteMarkersSource as an available field for Dash Packaging Configurations. When set to MANIFEST, MediaPackage will source the SCTE-35 markers from the manifest. When set to SEGMENTS, MediaPackage will source the SCTE-35 markers from the segments.
1.24.36
api-change:apigateway: ApiGateway CLI command get-usage now includes usagePlanId, startDate, and endDate fields in the output to match documentation.
api-change:personalize: This release provides tagging support in AWS Personalize.
api-change:pi: Adds support for DocumentDB to the Performance Insights API.
api-change:events: Update events client to latest version
api-change:docdb: Added support to enable/disable performance insights when creating or modifying db instances
api-change:sagemaker: Amazon Sagemaker Notebook Instances now supports G5 instance types
1.24.35
bugfix:Proxy: Fix failure case for IP proxy addresses using TLS-in-TLS. boto/botocore#2652
api-change:config: Add resourceType enums for AWS::EMR::SecurityConfiguration and AWS::SageMaker::CodeRepository
api-change:panorama: Added Brand field to device listings.
api-change:lambda: This release adds new APIs for creating and managing Lambda Function URLs and adds a new FunctionUrlAuthType parameter to the AddPermission API. Customers can use Function URLs to create built-in HTTPS endpoints on their functions.
api-change:kendra: Amazon Kendra now provides a data source connector for Box. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-box.html
1.24.34
api-change:securityhub: Added additional ASFF details for RdsSecurityGroup AutoScalingGroup, ElbLoadBalancer, CodeBuildProject and RedshiftCluster.
api-change:fsx: Provide customers more visibility into file system status by adding new "Misconfigured Unavailable" status for Amazon FSx for Windows File Server.
api-change:s3control: Documentation-only update for doc bug fixes for the S3 Control API docs.
api-change:datasync: AWS DataSync now supports Amazon FSx for OpenZFS locations.
1.24.33
api-change:iot: AWS IoT - AWS IoT Device Defender adds support to list metric datapoints collected for IoT devices through the ListMetricValues API
api-change:servicecatalog: This release adds ProvisioningArtifictOutputKeys to DescribeProvisioningParameters to reference the outputs of a Provisioned Product and deprecates ProvisioningArtifactOutputs.
api-change:sms: Revised product update notice for SMS console deprecation.
api-change:proton: SDK release to support tagging for AWS Proton Repository resource
enhancement:AWSCRT: Upgrade awscrt version to 0.13.8
1.24.32
api-change:connect: This release updates these APIs: UpdateInstanceAttribute, DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically enable/disable multi-party conferencing using attribute type MULTI_PARTY_CONFERENCING on the specified Amazon Connect instance.
1.24.31
api-change:cloudcontrol: SDK release for Cloud Control API in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD
api-change:pinpoint-sms-voice-v2: Amazon Pinpoint now offers a version 2.0 suite of SMS and voice APIs, providing increased control over sending and configuration. This release is a new SDK for sending SMS and voice messages called PinpointSMSVoiceV2.
api-change:workspaces: Added APIs that allow you to customize the logo, login message, and help links in the WorkSpaces client login page. To learn more, visit https://docs.aws.amazon.com/workspaces/latest/adminguide/customize-branding.html
api-change:route53-recovery-cluster: This release adds a new API "ListRoutingControls" to list routing control states using the highly reliable Route 53 ARC data plane endpoints.
api-change:databrew: This AWS Glue Databrew release adds feature to support ORC as an input format.
api-change:auditmanager: This release adds documentation updates for Audit Manager. The updates provide data deletion guidance when a customer deregisters Audit Manager or deregisters a delegated administrator.
api-change:grafana: This release adds tagging support to the Managed Grafana service. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to support tagging while calling CreateWorkspace.
1.24.30
api-change:iot-data: Update the default AWS IoT Core Data Plane endpoint from VeriSign signed to ATS signed. If you have firewalls with strict egress rules, configure the rules to grant you access to data-ats.iot.[region].amazonaws.com or data-ats.iot.[region].amazonaws.com.cn.
api-change:ec2: This release simplifies the auto-recovery configuration process enabling customers to set the recovery behavior to disabled or default
api-change:fms: AWS Firewall Manager now supports the configuration of third-party policies that can use either the centralized or distributed deployment models.
api-change:fsx: This release adds support for modifying throughput capacity for FSx for ONTAP file systems.
api-change:iot: Doc only update for IoT that fixes customer-reported issues.
1.24.29
api-change:organizations: This release provides the new CloseAccount API that enables principals in the management account to close any member account within an organization.
1.24.28
api-change:medialive: This release adds support for selecting a maintenance window.
api-change:acm-pca: Updating service name entities
1.24.27
api-change:ec2: This is release adds support for Amazon VPC Reachability Analyzer to analyze path through a Transit Gateway.
api-change:ssm: This Patch Manager release supports creating, updating, and deleting Patch Baselines for Rocky Linux OS.
api-change:batch: Bug Fix: Fixed a bug where shapes were marked as unboxed and were not serialized and sent over the wire, causing an API error from the service.
1.24.26
api-change:lambda: Adds support for increased ephemeral storage (/tmp) up to 10GB for Lambda functions. Customers can now provision up to 10 GB of ephemeral storage per function instance, a 20x increase over the previous limit of 512 MB.
api-change:config: Added new APIs GetCustomRulePolicy and GetOrganizationCustomRulePolicy, and updated existing APIs PutConfigRule, DescribeConfigRule, DescribeConfigRuleEvaluationStatus, PutOrganizationConfigRule, DescribeConfigRule to support a new feature for building AWS Config rules with AWS CloudFormation Guard
api-change:transcribe: This release adds an additional parameter for subtitling with Amazon Transcribe batch jobs: outputStartIndex.
1.24.25
api-change:redshift: This release adds a new [--encrypted | --no-encrypted] field in restore-from-cluster-snapshot API. Customers can now restore an unencrypted snapshot to a cluster encrypted with AWS Managed Key or their own KMS key.
api-change:ebs: Increased the maximum supported value for the Timeout parameter of the StartSnapshot API from 60 minutes to 4320 minutes. Changed the HTTP error code for ConflictException from 503 to 409.
api-change:gamesparks: Released the preview of Amazon GameSparks, a fully managed AWS service that provides a multi-service backend for game developers.
api-change:elasticache: Doc only update for ElastiCache
api-change:transfer: Documentation updates for AWS Transfer Family to describe how to remove an associated workflow from a server.
api-change:auditmanager: This release updates 1 API parameter, the SnsArn attribute. The character length and regex pattern for the SnsArn attribute have been updated, which enables you to deselect an SNS topic when using the UpdateSettings operation.
api-change:ssm: Update AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource APIs to reflect the support for tagging Automation resources. Includes other minor documentation updates.
1.24.24
api-change:location: Amazon Location Service now includes a MaxResults parameter for GetDevicePositionHistory requests.
api-change:polly: Amazon Polly adds new Catalan voice - Arlet. Arlet is available as Neural voice only.
api-change:lakeformation: The release fixes the incorrect permissions called out in the documentation - DESCRIBE_TAG, ASSOCIATE_TAG, DELETE_TAG, ALTER_TAG. This trebuchet release fixes the corresponding SDK and documentation.
api-change:ecs: Documentation only update to address tickets
api-change:ce: Added three new APIs to support tagging and resource-level authorization on Cost Explorer resources: TagResource, UntagResource, ListTagsForResource. Added optional parameters to CreateCostCategoryDefinition, CreateAnomalySubscription and CreateAnomalyMonitor APIs to support Tag On Create.
1.24.23
api-change:ram: Document improvements to the RAM API operations and parameter descriptions.
api-change:ecr: This release includes a fix in the DescribeImageScanFindings paginated output.
api-change:quicksight: AWS QuickSight Service Features - Expand public API support for group management.
api-change:chime-sdk-meetings: Add support for media replication to link multiple WebRTC media sessions together to reach larger and global audiences. Participants connected to a replica session can be granted access to join the primary session and can switch sessions with their existing WebRTC connection
api-change:mediaconnect: This release adds support for selecting a maintenance window.
1.24.22
enhancement:jmespath: Add env markers to get working version of jmespath for python 3.6
api-change:glue: Added 9 new APIs for AWS Glue Interactive Sessions: ListSessions, StopSession, CreateSession, GetSession, DeleteSession, RunStatement, GetStatement, ListStatements, CancelStatement
1.24.21
enhancement:Dependency: Added support for jmespath 1.0
api-change:amplifybackend: Adding the ability to customize Cognito verification messages for email and SMS in CreateBackendAuth and UpdateBackendAuth. Adding deprecation documentation for ForgotPassword in CreateBackendAuth and UpdateBackendAuth
api-change:acm-pca: AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports customizable certificate subject names and extensions.
api-change:ssm-incidents: Removed incorrect validation pattern for IncidentRecordSource.invokedBy
api-change:billingconductor: This is the initial SDK release for AWS Billing Conductor. The AWS Billing Conductor is a customizable billing service, allowing you to customize your billing data to match your desired business structure.
api-change:s3outposts: S3 on Outposts is releasing a new API, ListSharedEndpoints, that lists all endpoints associated with S3 on Outpost, that has been shared by Resource Access Manager (RAM).
1.24.20
api-change:robomaker: This release deprecates ROS, Ubuntu and Gazbeo from RoboMaker Simulation Service Software Suites in favor of user-supplied containers and Relaxed Software Suites.
api-change:dataexchange: This feature enables data providers to use the RevokeRevision operation to revoke subscriber access to a given revision. Subscribers are unable to interact with assets within a revoked revision.
api-change:ec2: Adds the Cascade parameter to the DeleteIpam API. Customers can use this parameter to automatically delete their IPAM, including non-default scopes, pools, cidrs, and allocations. There mustn't be any pools provisioned in the default public scope to use this parameter.
api-change:cognito-idp: Updated EmailConfigurationType and SmsConfigurationType to reflect that you can now choose Amazon SES and Amazon SNS resources in the same Region.
enhancement:AWSCRT: Upgrade awscrt extra to 0.13.5
api-change:location: New HERE style "VectorHereExplore" and "VectorHereExploreTruck".
api-change:ecs: Documentation only update to address tickets
api-change:keyspaces: Fixing formatting issues in CLI and SDK documentation
api-change:rds: Various documentation improvements
1.24.19
api-change:kendra: Amazon Kendra now provides a data source connector for Slack. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-slack.html
api-change:timestream-query: Amazon Timestream Scheduled Queries now support Timestamp datatype in a multi-measure record.
enhancement:Stubber: Added support for modeled exception fields when adding errors to a client stub. Implements boto/boto3`#3178 <https://github.com/boto/botocore/issues/3178>`__.
api-change:elasticache: Doc only update for ElastiCache
api-change:config: Add resourceType enums for AWS::ECR::PublicRepository and AWS::EC2::LaunchTemplate
1.24.18
api-change:outposts: This release adds address filters for listSites
api-change:lambda: Adds PrincipalOrgID support to AddPermission API. Customers can use it to manage permissions to lambda functions at AWS Organizations level.
api-change:secretsmanager: Documentation updates for Secrets Manager.
api-change:connect: This release adds support for enabling Rich Messaging when starting a new chat session via the StartChatContact API. Rich Messaging enables the following formatting options: bold, italics, hyperlinks, bulleted lists, and numbered lists.
api-change:chime: Chime VoiceConnector Logging APIs will now support MediaMetricLogs. Also CreateMeetingDialOut now returns AccessDeniedException.
1.24.17
api-change:transcribe: Documentation fix for API StartMedicalTranscriptionJobRequest, now showing min sample rate as 16khz
api-change:transfer: Adding more descriptive error types for managed workflows
api-change:lexv2-models: Update lexv2-models client to latest version
1.24.16
api-change:comprehend: Amazon Comprehend now supports extracting the sentiment associated with entities such as brands, products and services from text documents.
1.24.15
api-change:eks: Introducing a new enum for NodeGroup error code: Ec2SubnetMissingIpv6Assignment
api-change:keyspaces: Adding link to CloudTrail section in Amazon Keyspaces Developer Guide
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for reading timecode from AVCHD sources and now provides the ability to segment WebVTT at the same interval as the video and audio in HLS packages.
1.24.14
api-change:chime-sdk-meetings: Adds support for Transcribe language identification feature to the StartMeetingTranscription API.
api-change:ecs: Amazon ECS UpdateService API now supports additional parameters: loadBalancers, propagateTags, enableECSManagedTags, and serviceRegistries
api-change:migration-hub-refactor-spaces: AWS Migration Hub Refactor Spaces documentation update.
1.24.13
api-change:synthetics: Allow custom handler function.
api-change:transfer: Add waiters for server online and offline.
api-change:devops-guru: Amazon DevOps Guru now integrates with Amazon CodeGuru Profiler. You can view CodeGuru Profiler recommendations for your AWS Lambda function in DevOps Guru. This feature is enabled by default for new customers as of 3/4/2022. Existing customers can enable this feature with UpdateEventSourcesConfig.
api-change:macie: Amazon Macie Classic (macie) has been discontinued and is no longer available. A new Amazon Macie (macie2) is now available with significant design improvements and additional features.
api-change:ec2: Documentation updates for Amazon EC2.
api-change:sts: Documentation updates for AWS Security Token Service.
api-change:connect: This release updates the *InstanceStorageConfig APIs so they support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_SEGMENTS. Use this resource type to enable streaming for real-time contact analysis and to associate the Kinesis stream where real-time contact analysis segments will be published.
1.24.12
api-change:greengrassv2: Doc only update that clarifies Create Deployment section.
api-change:fsx: This release adds support for data repository associations to use root ("/") as the file system path
api-change:kendra: Amazon Kendra now suggests spell corrections for a query. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/query-spell-check.html
api-change:appflow: Launching Amazon AppFlow Marketo as a destination connector SDK.
api-change:timestream-query: Documentation only update for SDK and CLI
1.24.11
api-change:gamelift: Minor updates to address errors.
api-change:cloudtrail: Add bytesScanned field into responses of DescribeQuery and GetQueryResults.
api-change:athena: This release adds support for S3 Object Ownership by allowing the S3 bucket owner full control canned ACL to be set when Athena writes query results to S3 buckets.
api-change:keyspaces: This release adds support for data definition language (DDL) operations
api-change:ecr: This release adds support for tracking images lastRecordedPullTime.
1.24.10
api-change:mediapackage: This release adds Hybridcast as an available profile option for Dash Origin Endpoints.
api-change:rds: Documentation updates for Multi-AZ DB clusters.
api-change:mgn: Add support for GP3 and IO2 volume types. Add bootMode to LaunchConfiguration object (and as a parameter to UpdateLaunchConfigurationRequest).
api-change:kafkaconnect: Adds operation for custom plugin deletion (DeleteCustomPlugin) and adds new StateDescription field to DescribeCustomPlugin and DescribeConnector responses to return errors from asynchronous resource creation.
1.24.9
api-change:finspace-data: Add new APIs for managing Users and Permission Groups.
api-change:amplify: Add repositoryCloneMethod field for hosting an Amplify app. This field shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4.
api-change:fsx: This release adds support for the following FSx for OpenZFS features: snapshot lifecycle transition messages, force flag for deleting file systems with child resources, LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations.
api-change:fis: This release adds logging support for AWS Fault Injection Simulator experiments. Experiment templates can now be configured to send experiment activity logs to Amazon CloudWatch Logs or to an S3 bucket.
api-change:route53-recovery-cluster: This release adds a new API option to enable overriding safety rules to allow routing control state updates.
api-change:amplifyuibuilder: We are adding the ability to configure workflows and actions for components.
api-change:athena: This release adds support for updating an existing named query.
api-change:ec2: This release adds support for new AMI property 'lastLaunchedTime'
api-change:servicecatalog-appregistry: AppRegistry is deprecating Application and Attribute-Group Name update feature. In this release, we are marking the name attributes for Update APIs as deprecated to give a heads up to our customers.
1.24.8
api-change:elasticache: Doc only update for ElastiCache
api-change:panorama: Added NTP server configuration parameter to ProvisionDevice operation. Added alternate software fields to DescribeDevice response
1.24.7
api-change:route53: SDK doc update for Route 53 to update some parameters with new information.
api-change:databrew: This AWS Glue Databrew release adds feature to merge job outputs into a max number of files for S3 File output type.
api-change:transfer: Support automatic pagination when listing AWS Transfer Family resources.
api-change:s3control: Amazon S3 Batch Operations adds support for new integrity checking capabilities in Amazon S3.
api-change:s3: This release adds support for new integrity checking capabilities in Amazon S3. You can choose from four supported checksum algorithms for data integrity checking on your upload and download requests. In addition, AWS SDK can automatically calculate a checksum as it streams data into S3
api-change:fms: AWS Firewall Manager now supports the configuration of AWS Network Firewall policies with either centralized or distributed deployment models. This release also adds support for custom endpoint configuration, where you can choose which Availability Zones to create firewall endpoints in.
api-change:lightsail: This release adds support to delete and create Lightsail default key pairs that you can use with Lightsail instances.
api-change:autoscaling: You can now hibernate instances in a warm pool to stop instances without deleting their RAM contents. You can now also return instances to the warm pool on scale in, instead of always terminating capacity that you will need later.
1.24.6
api-change:transfer: The file input selection feature provides the ability to use either the originally uploaded file or the output file from the previous workflow step, enabling customers to make multiple copies of the original file while keeping the source file intact for file archival.
api-change:lambda: Lambda releases .NET 6 managed runtime to be available in all commercial regions.
api-change:textract: Added support for merged cells and column header for table response.
1.24.5
api-change:translate: This release enables customers to use translation settings for formality customization in their synchronous translation output.
api-change:wafv2: Updated descriptions for logging configuration.
api-change:apprunner: AWS App Runner adds a Java platform (Corretto 8, Corretto 11 runtimes) and a Node.js 14 runtime.
1.24.4
api-change:imagebuilder: This release adds support to enable faster launching for Windows AMIs created by EC2 Image Builder.
api-change:customer-profiles: This release introduces apis CreateIntegrationWorkflow, DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These apis are used to manage and view integration workflows.
api-change:dynamodb: DynamoDB ExecuteStatement API now supports Limit as a request parameter to specify the maximum number of items to evaluate. If specified, the service will process up to the Limit and the results will include a LastEvaluatedKey value to continue the read in a subsequent operation.
1.24.3
api-change:transfer: Properties for Transfer Family used with SFTP, FTP, and FTPS protocols. Display Banners are bodies of text that can be displayed before and/or after a user authenticates onto a server using one of the previously mentioned protocols.
api-change:gamelift: Increase string list limit from 10 to 100.
api-change:budgets: This change introduces DescribeBudgetNotificationsForAccount API which returns budget notifications for the specified account
1.24.2
api-change:iam: Documentation updates for AWS Identity and Access Management (IAM).
api-change:redshift: SDK release for Cross region datasharing and cost-control for cross region datasharing
api-change:evidently: Add support for filtering list of experiments and launches by status
api-change:backup: AWS Backup add new S3_BACKUP_OBJECT_FAILED and S3_RESTORE_OBJECT_FAILED event types in BackupVaultNotifications events list.
1.24.1
api-change:ec2: Documentation updates for EC2.
api-change:budgets: Adds support for auto-adjusting budgets, a new budget method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit baseline using a historical lookback average or current period forecast.
api-change:ce: AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers.
api-change:glue: Support for optimistic locking in UpdateTable
api-change:ssm: Assorted ticket fixes and updates for AWS Systems Manager.
1.24.0
api-change:appflow: Launching Amazon AppFlow SAP as a destination connector SDK.
feature:Parser: Adding support for parsing int/long types in rest-json response headers.
api-change:rds: Adds support for determining which Aurora PostgreSQL versions support Babelfish.
api-change:athena: This release adds a subfield, ErrorType, to the AthenaError response object in the GetQueryExecution API when a query fails.
1.23.54
api-change:ssm: Documentation updates for AWS Systems Manager.
1.23.53
api-change:cloudformation: This SDK release adds AWS CloudFormation Hooks HandlerErrorCodes
api-change:lookoutvision: This release makes CompilerOptions in Lookout for Vision's StartModelPackagingJob's Configuration object optional.
api-change:pinpoint: This SDK release adds a new paramater creation date for GetApp and GetApps Api call
api-change:sns: Customer requested typo fix in API documentation.
api-change:wafv2: Adds support for AWS WAF Fraud Control account takeover prevention (ATP), with configuration options for the new managed rule group AWSManagedRulesATPRuleSet and support for application integration SDKs for Android and iOS mobile apps.
1.23.52
api-change:cloudformation: This SDK release is for the feature launch of AWS CloudFormation Hooks.
1.23.51
api-change:kendra: Amazon Kendra now provides a data source connector for Amazon FSx. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-fsx.html
api-change:apprunner: This release adds support for App Runner to route outbound network traffic of a service through an Amazon VPC. New API: CreateVpcConnector, DescribeVpcConnector, ListVpcConnectors, and DeleteVpcConnector. Updated API: CreateService, DescribeService, and UpdateService.
api-change:s3control: This release adds support for S3 Batch Replication. Batch Replication lets you replicate existing objects, already replicated objects to new destinations, and objects that previously failed to replicate. Customers will receive object-level visibility of progress and a detailed completion report.
api-change:sagemaker: Autopilot now generates an additional report with information on the performance of the best model, such as a Confusion matrix and Area under the receiver operating characteristic (AUC-ROC). The path to the report can be found in CandidateArtifactLocations.
1.23.50
api-change:auditmanager: This release updates 3 API parameters. UpdateAssessmentFrameworkControlSet now requires the controls attribute, and CreateAssessmentFrameworkControl requires the id attribute. Additionally, UpdateAssessmentFramework now has a minimum length constraint for the controlSets attribute.
api-change:synthetics: Adding names parameters to the Describe APIs.
api-change:ssm-incidents: Update RelatedItem enum to support SSM Automation
api-change:events: Update events client to latest version
enhancement:Lambda Request Header: Adding request header for Lambda recursion detection.
1.23.49
api-change:athena: You can now optionally specify the account ID that you expect to be the owner of your query results output location bucket in Athena. If the account ID of the query results bucket owner does not match the specified account ID, attempts to output to the bucket will fail with an S3 permissions error.
api-change:rds: updates for RDS Custom for Oracle 12.1 support
api-change:lakeformation: Add support for calling Update Table Objects without a TransactionId.
1.23.48
api-change:ec2: adds support for AMIs in Recycle Bin
api-change:robomaker: The release deprecates the use various APIs of RoboMaker Deployment Service in favor of AWS IoT GreenGrass v2.0.
api-change:meteringmarketplace: Add CustomerAWSAccountId to ResolveCustomer API response and increase UsageAllocation limit to 2500.
api-change:rbin: Add EC2 Image recycle bin support.
1.23.47
api-change:emr: Update emr client to latest version
api-change:personalize: Adding minRecommendationRequestsPerSecond attribute to recommender APIs.
enhancement:Request headers: Adding request headers with retry information.
api-change:appflow: Launching Amazon AppFlow Custom Connector SDK.
api-change:dynamodb: Documentation update for DynamoDB Java SDK.
api-change:iot: This release adds support for configuring AWS IoT logging level per client ID, source IP, or principal ID.
api-change:comprehend: Amazon Comprehend now supports sharing and importing custom trained models from one AWS account to another within the same region.
api-change:ce: Doc-only update for Cost Explorer API that adds INVOICING_ENTITY dimensions
api-change:fis: Added GetTargetResourceType and ListTargetResourceTypesAPI actions. These actions return additional details about resource types and parameters that can be targeted by FIS actions. Added a parameters field for the targets that can be specified in experiment templates.
api-change:es: Allows customers to get progress updates for blue/green deployments
api-change:glue: Launch Protobuf support for AWS Glue Schema Registry
api-change:elasticache: Documentation update for AWS ElastiCache
1.23.46
api-change:appconfigdata: Documentation updates for AWS AppConfig Data.
api-change:athena: This release adds a field, AthenaError, to the GetQueryExecution response object when a query fails.
api-change:appconfig: Documentation updates for AWS AppConfig
api-change:cognito-idp: Doc updates for Cognito user pools API Reference.
api-change:secretsmanager: Feature are ready to release on Jan 28th
api-change:sagemaker: This release added a new NNA accelerator compilation support for Sagemaker Neo.
1.23.45
api-change:ec2: X2ezn instances are powered by Intel Cascade Lake CPUs that deliver turbo all core frequency of up to 4.5 GHz and up to 100 Gbps of networking bandwidth
api-change:kafka: Amazon MSK has updated the CreateCluster and UpdateBrokerStorage API that allows you to specify volume throughput during cluster creation and broker volume updates.
api-change:connect: This release adds support for configuring a custom chat duration when starting a new chat session via the StartChatContact API. The default value for chat duration is 25 hours, minimum configurable value is 1 hour (60 minutes) and maximum configurable value is 7 days (10,080 minutes).
api-change:amplify: Doc only update to the description of basicauthcredentials to describe the required encoding and format.
api-change:opensearch: Allows customers to get progress updates for blue/green deployments
1.23.44
api-change:frauddetector: Added new APIs for viewing past predictions and obtaining prediction metadata including prediction explanations: ListEventPredictions and GetEventPredictionMetadata
api-change:ebs: Documentation updates for Amazon EBS Direct APIs.
api-change:codeguru-reviewer: Added failure state and adjusted timeout in waiter
api-change:securityhub: Adding top level Sample boolean field
api-change:sagemaker: API changes relating to Fail steps in model building pipeline and add PipelineExecutionFailureReason in PipelineExecutionSummary.
1.23.43
api-change:fsx: This release adds support for growing SSD storage capacity and growing/shrinking SSD IOPS for FSx for ONTAP file systems.
api-change:efs: Update efs client to latest version
api-change:connect: This release adds support for custom vocabularies to be used with Contact Lens. Custom vocabularies improve transcription accuracy for one or more specific words.
api-change:guardduty: Amazon GuardDuty expands threat detection coverage to protect Amazon Elastic Kubernetes Service (EKS) workloads.
1.23.42
api-change:route53-recovery-readiness: Updated documentation for Route53 Recovery Readiness APIs.
1.23.41
enhancement:Exceptions: ProxyConnectionError previously provided the full proxy URL. User info will now be appropriately masked if needed.
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for 4K AV1 output resolutions & 10-bit AV1 color, the ability to ingest sidecar Dolby Vision XML metadata files, and the ability to flag WebVTT and IMSC tracks for accessibility in HLS.
api-change:transcribe: Add support for granular PIIEntityTypes when using Batch ContentRedaction.
1.23.40
api-change:guardduty: Amazon GuardDuty findings now include remoteAccountDetails under AwsApiCallAction section if instance credential is exfiltrated.
api-change:connect: This release adds tagging support for UserHierarchyGroups resource.
api-change:mediatailor: This release adds support for multiple Segment Delivery Configurations. Users can provide a list of names and URLs when creating or editing a source location. When retrieving content, users can send a header to choose which URL should be used to serve content.
api-change:fis: Added action startTime and action endTime timestamp fields to the ExperimentAction object
api-change:ec2: C6i, M6i and R6i instances are powered by a third-generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz
1.23.39
api-change:macie2: This release of the Amazon Macie API introduces stricter validation of requests to create custom data identifiers.
api-change:ec2-instance-connect: Adds support for ED25519 keys. PushSSHPublicKey Availability Zone parameter is now optional. Adds EC2InstanceStateInvalidException for instances that are not running. This was previously a service exception, so this may require updating your code to handle this new exception.
1.23.38
api-change:ivs: This release adds support for the new Thumbnail Configuration property for Recording Configurations. For more information see https://docs.aws.amazon.com/ivs/latest/userguide/record-to-s3.html
api-change:storagegateway: Documentation update for adding bandwidth throttling support for S3 File Gateways.
api-change:location: This release adds the CalculateRouteMatrix API which calculates routes for the provided departure and destination positions. The release also deprecates the use of pricing plan across all verticals.
api-change:cloudtrail: This release fixes a documentation bug in the description for the readOnly field selector in advanced event selectors. The description now clarifies that users omit the readOnly field selector to select both Read and Write management events.
api-change:ec2: Add support for AWS Client VPN client login banner and session timeout.
1.23.37
enhancement:Configuration: Adding support for defaults_mode configuration. The defaults_mode will be used to determine how certain default configuration options are resolved in the SDK.
1.23.36
api-change:config: Update ResourceType enum with values for CodeDeploy, EC2 and Kinesis resources
api-change:application-insights: Application Insights support for Active Directory and SharePoint
api-change:honeycode: Added read and write api support for multi-select picklist. And added errorcode field to DescribeTableDataImportJob API output, when import job fails.
api-change:ram: This release adds the ListPermissionVersions API which lists the versions for a given permission.
api-change:lookoutmetrics: This release adds a new DeactivateAnomalyDetector API operation.
1.23.35
api-change:pinpoint: Adds JourneyChannelSettings to WriteJourneyRequest
api-change:lexv2-runtime: Update lexv2-runtime client to latest version
api-change:nimble: Amazon Nimble Studio now supports validation for Launch Profiles. Launch Profiles now report static validation results after create/update to detect errors in network or active directory configuration.
api-change:glue: This SDK release adds support to pass run properties when starting a workflow run
api-change:ssm: AWS Systems Manager adds category support for DescribeDocument API
api-change:elasticache: AWS ElastiCache for Redis has added a new Engine Log LogType in LogDelivery feature. You can now publish the Engine Log from your Amazon ElastiCache for Redis clusters to Amazon CloudWatch Logs and Amazon Kinesis Data Firehose.
1.23.34
api-change:lexv2-models: Update lexv2-models client to latest version
api-change:elasticache: Doc only update for ElastiCache
api-change:honeycode: Honeycode is releasing new APIs to allow user to create, delete and list tags on resources.
api-change:ec2: Hpc6a instances are powered by a third-generation AMD EPYC processors (Milan) delivering all-core turbo frequency of 3.4 GHz
api-change:fms: Shield Advanced policies for Amazon CloudFront resources now support automatic application layer DDoS mitigation. The max length for SecurityServicePolicyData ManagedServiceData is now 8192 characters, instead of 4096.
api-change:pi: This release adds three Performance Insights APIs. Use ListAvailableResourceMetrics to get available metrics, GetResourceMetadata to get feature metadata, and ListAvailableResourceDimensions to list available dimensions. The AdditionalMetrics field in DescribeDimensionKeys retrieves per-SQL metrics.
1.23.33
api-change:finspace-data: Documentation updates for FinSpace.
api-change:rds: This release adds the db-proxy event type to support subscribing to RDS Proxy events.
api-change:ce: Doc only update for Cost Explorer API that fixes missing clarifications for MatchOptions definitions
api-change:kendra: Amazon Kendra now supports advanced query language and query-less search.
api-change:workspaces: Introducing new APIs for Workspaces audio optimization with Amazon Connect: CreateConnectClientAddIn, DescribeConnectClientAddIns, UpdateConnectClientAddIn and DeleteConnectClientAddIn.
api-change:iotevents-data: This release provides documentation updates for Timer.timestamp in the IoT Events API Reference Guide.
api-change:ec2: EC2 Capacity Reservations now supports RHEL instance platforms (RHEL with SQL Server Standard, RHEL with SQL Server Enterprise, RHEL with SQL Server Web, RHEL with HA, RHEL with HA and SQL Server Standard, RHEL with HA and SQL Server Enterprise)
1.23.32
api-change:ec2: New feature: Updated EC2 API to support faster launching for Windows images. Optimized images are pre-provisioned, using snapshots to launch instances up to 65% faster.
api-change:compute-optimizer: Adds support for new Compute Optimizer capability that makes it easier for customers to optimize their EC2 instances by leveraging multiple CPU architectures.
api-change:lookoutmetrics: This release adds FailureType in the response of DescribeAnomalyDetector.
api-change:databrew: This SDK release adds support for specifying a Bucket Owner for an S3 location.
api-change:transcribe: Documentation updates for Amazon Transcribe.
1.23.31
api-change:medialive: This release adds support for selecting the Program Date Time (PDT) Clock source algorithm for HLS outputs.
1.23.30
api-change:ec2: This release introduces On-Demand Capacity Reservation support for Cluster Placement Groups, adds Tags on instance Metadata, and includes documentation updates for Amazon EC2.
api-change:mediatailor: This release adds support for filler slate when updating MediaTailor channels that use the linear playback mode.
api-change:opensearch: Amazon OpenSearch Service adds support for Fine Grained Access Control for existing domains running Elasticsearch version 6.7 and above
api-change:iotwireless: Downlink Queue Management feature provides APIs for customers to manage the queued messages destined to device inside AWS IoT Core for LoRaWAN. Customer can view, delete or purge the queued message(s). It allows customer to preempt the queued messages and let more urgent messages go through.
api-change:es: Amazon OpenSearch Service adds support for Fine Grained Access Control for existing domains running Elasticsearch version 6.7 and above
api-change:mwaa: This release adds a "Source" field that provides the initiator of an update, such as due to an automated patch from AWS or due to modification via Console or API.
api-change:appsync: AppSync: AWS AppSync now supports configurable batching sizes for AWS Lambda resolvers, Direct AWS Lambda resolvers and pipeline functions
1.23.29
api-change:cloudtrail: This release adds support for CloudTrail Lake, a new feature that lets you run SQL-based queries on events that you have aggregated into event data stores. New APIs have been added for creating and managing event data stores, and creating, running, and managing queries in CloudTrail Lake.
api-change:iot: This release adds an automatic retry mechanism for AWS IoT Jobs. You can now define a maximum number of retries for each Job rollout, along with the criteria to trigger the retry for FAILED/TIMED_OUT/ALL(both FAILED an TIMED_OUT) job.
api-change:ec2: This release adds a new API called ModifyVpcEndpointServicePayerResponsibility which allows VPC endpoint service owners to take payer responsibility of their VPC Endpoint connections.
api-change:snowball: Updating validation rules for interfaces used in the Snowball API to tighten security of service.
api-change:lakeformation: Add new APIs for 3rd Party Support for Lake Formation
api-change:appstream: Includes APIs for App Entitlement management regarding entitlement and entitled application association.
api-change:eks: Amazon EKS now supports running applications using IPv6 address space
api-change:quicksight: Multiple Doc-only updates for Amazon QuickSight.
api-change:ecs: Documentation update for ticket fixes.
api-change:sagemaker: Amazon SageMaker now supports running training jobs on ml.g5 instance types.
api-change:glue: Add Delta Lake target support for Glue Crawler and 3rd Party Support for Lake Formation
1.23.28
api-change:rekognition: This release introduces a new field IndexFacesModelVersion, which is the version of the face detect and storage model that was used when indexing the face vector.
api-change:s3: Minor doc-based updates based on feedback bugs received.
enhancement:JSONFileCache: Add support for __delitem__ in JSONFileCache
api-change:s3control: Documentation updates for the renaming of Glacier to Glacier Flexible Retrieval.
1.23.27
api-change:sagemaker: The release allows users to pass pipeline definitions as Amazon S3 locations and control the pipeline execution concurrency using ParallelismConfiguration. It also adds support of EMR jobs as pipeline steps.
api-change:rds: Multiple doc-only updates for Relational Database Service (RDS)
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added strength levels to the Sharpness Filter and now permits OGG files to be specified as sidecar audio inputs.
api-change:greengrassv2: This release adds the API operations to manage the Greengrass role associated with your account and to manage the core device connectivity information. Greengrass V2 customers can now depend solely on Greengrass V2 SDK for all the API operations needed to manage their fleets.
api-change:detective: Added and updated API operations to support the Detective integration with AWS Organizations. New actions are used to manage the delegated administrator account and the integration configuration.
1.23.26
api-change:nimble: Amazon Nimble Studio adds support for users to upload files during a streaming session using NICE DCV native client or browser.
api-change:chime-sdk-messaging: The Amazon Chime SDK now supports updating message attributes via channel flows
api-change:imagebuilder: Added a note to infrastructure configuration actions and data types concerning delivery of Image Builder event messages to encrypted SNS topics. The key that's used to encrypt the SNS topic must reside in the account that Image Builder runs under.
api-change:workmail: This release allows customers to change their email monitoring configuration in Amazon WorkMail.
api-change:transfer: Property for Transfer Family used with the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session.
api-change:lookoutmetrics: This release adds support for Causal Relationships. Added new ListAnomalyGroupRelatedMetrics API operation and InterMetricImpactDetails API data type
api-change:mediaconnect: You can now use the Fujitsu-QoS protocol for your MediaConnect sources and outputs to transport content to and from Fujitsu devices.
api-change:qldb: Amazon QLDB now supports journal exports in JSON and Ion Binary formats. This release adds an optional OutputFormat parameter to the ExportJournalToS3 API.
1.23.25
api-change:customer-profiles: This release adds an optional parameter, ObjectTypeNames to the PutIntegration API to support multiple object types per integration option. Besides, this release introduces Standard Order Objects which contain data from third party systems and each order object belongs to a specific profile.
api-change:sagemaker: This release adds a new ContentType field in AutoMLChannel for SageMaker CreateAutoMLJob InputDataConfig.
api-change:forecast: Adds ForecastDimensions field to the DescribeAutoPredictorResponse
api-change:securityhub: Added new resource details objects to ASFF, including resources for Firewall, and RuleGroup, FirewallPolicy Added additional details for AutoScalingGroup, LaunchConfiguration, and S3 buckets.
api-change:location: Making PricingPlan optional as part of create resource API.
api-change:redshift: This release adds API support for managed Redshift datashares. Customers can now interact with a Redshift datashare that is managed by a different service, such as AWS Data Exchange.
api-change:apigateway: Documentation updates for Amazon API Gateway
api-change:devops-guru: Adds Tags support to DescribeOrganizationResourceCollectionHealth
api-change:imagebuilder: This release adds support for importing and exporting VM Images as part of the Image Creation workflow via EC2 VM Import/Export.
api-change:datasync: AWS DataSync now supports FSx Lustre Locations.
api-change:finspace-data: Make dataset description optional and allow s3 export for dataviews
1.23.24
api-change:secretsmanager: Documentation updates for Secrets Manager
1.23.23
api-change:lexv2-models: Update lexv2-models client to latest version
api-change:network-firewall: This release adds support for managed rule groups.
api-change:route53-recovery-control-config: This release adds tagging supports to Route53 Recovery Control Configuration. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to support tagging while calling CreateCluster, CreateControlPanel and CreateSafetyRule.
api-change:ec2: Adds waiters support for internet gateways.
api-change:sms: This release adds SMS discontinuation information to the API and CLI references.
api-change:route53domains: Amazon Route 53 domain registration APIs now support filtering and sorting in the ListDomains API, deleting a domain by using the DeleteDomain API and getting domain pricing information by using the ListPrices API.
api-change:savingsplans: Adds the ability to specify Savings Plans hourly commitments using five digits after the decimal point.
1.23.22
api-change:lookoutvision: This release adds new APIs for packaging an Amazon Lookout for Vision model as an AWS IoT Greengrass component.
api-change:sagemaker: This release added a new Ambarella device(amba_cv2) compilation support for Sagemaker Neo.
api-change:comprehendmedical: This release adds a new set of APIs (synchronous and batch) to support the SNOMED-CT ontology.
api-change:health: Documentation updates for AWS Health
api-change:logs: This release adds AWS Organizations support as condition key in destination policy for cross account Subscriptions in CloudWatch Logs.
api-change:outposts: This release adds the UpdateOutpost API.
api-change:support: Documentation updates for AWS Support.
api-change:iot: This release allows customer to enable caching of custom authorizer on HTTP protocol for clients that use persistent or Keep-Alive connection in order to reduce the number of Lambda invocations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 14 Apr 2022 08:21:12 +0000 (10:21 +0200)]
openvpn: Update to version 2.5.6
- Update from version 2.5.4 to 2.5.6
- Update of rootfile not required
- No changes related to ciphers or options
- Source tarball changed from .xz to .gz as for version 2.5.6 the xz options was not
available. Raised on Openvpn forum but response was that they also didn't know why xz
option was not available but they thought it was not a big deal as the gz version is
only slightly larger.
- Changelog
Overview of changes in 2.5.6
User-visible Changes
update copyright year to 2022
New features
new plugin (sample-plugin/defer/multi-auth.c) to help testing with multiple
parallel plugins that succeed/fail in direct/deferred mode
various build improvements (github actions etc)
upgrade pkcs11-helper to release 1.28.4
Bugfixes
CVE-2022-0547 see
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
If openvpn is configured with multiple authentication plugins and more than
one plugin tries to do deferred authentication, the result is not
well-defined - creating a possible authentication bypass.
In this situation the server process will now abort itself with a clear log
message. Only one plugin is allowed to do deferred authentication.
Fix "--mtu-disc maybe|yes" on Linux
Due to configure/syshead.h/#ifdef confusion, the code in question was not
compiled-in since a long time. Fixed. Trac: #1452
Fix $common_name variable passed to scripts when username-as-common-name is
in effect.
This was not consistently set - sometimes, OpenVPN exported the username,
sometimes the common name from the client cert. Fixed. Trac: #1434
Fix potential memory leaks in add_route() and add_route_ipv6().
Apply connect-retry backoff only to one side of the connection in p2p mode.
Without that fix/enhancement, two sides could end up only sending packets
when the other end is not ready. Trac: #1010, #1384
remove unused sitnl.h file
clean up msvc build files, remove unused MSVC build .bat files
repair "--inactive" handling with a 'bytes' parameter larger than 2 Gbytes
due to integer overflow, this ended up being "0" on Linux, but on Windows
with MSVC it ends up being "always 2 Gbyte", both not doing what is
requested. Trac: #1448
repair handling of EC certificates on Windows with pkcs11-helper
(wrong compile-time defines for OpenSSL 1.1.1)
Documentation
documentation improvements related to DynDNS. Trac: #1417
clean up documentation for --proto and related options
rebuild rst docs if input files change (proper dependency handling)
Overview of changes in 2.5.5
User-visible Changes
SWEET32/64bit cipher deprecation change was postponed to 2.7
Windows: use network address for emulated DHCP server as default this
enables use of a /30 subnet, which is needed when connecting to OpenVPN Cloud.
require EC support in windows builds (this means it's no longer possible to
build a Windows OpenVPN binary with an OpenSSL lib without EC support)
New features
Windows build: use CFG and Spectre mitigations on MSVC builds
bring back OpenSSL config loading to Windows builds. OpenSSL config is
loaded from %installdir%\ssl\openssl.cnf (typically:
c:\program files\openvpn\ssl\openssl.cnf) if it exists.
This is important for some hardware tokens which need special OpenSSL
config for correct operation. Trac #1296
Bugfixes
Windows build: enable EKM
Windows build: improve various vcpkg related build issues
Windows build: fix regression related to non-writeable status files
(Trac #1430)
Windows build: fix regression that broke OpenSSL EC support
Windows build: fix "product version" display (2.5..4 -> 2.5.4)
Windows build: fix regression preventing use of PKCS12 files
improve "make check" to notice if "openvpn --show-cipher" crashes
improve argv unit tests
ensure unit tests work with mbedTLS builds without BF-CBC ciphers
include "--push-remove" in the output of "openvpn --help"
fix error in iptables syntax in example firewall.sh script
fix "resolvconf -p" invocation in example "up" script
fix "common_name" environment for script calls when
"--username-as-common-name" is in effect (Trac #1434)
Documentation
move "push-peer-info" documentation from "server options" to "client"
(where it belongs)
correct "foreign_option_{n}" typo in manpage
update IRC information in CONTRIBUTING.rst (libera.chat)
README.down-root: fix plugin module name
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 14 Apr 2022 08:20:57 +0000 (10:20 +0200)]
bird: Update to version 2.0.9
- Update from version 2.0.8 to 2.0.9
- Update of rootfile not required
- Changelog
Version 2.0.9 (2022-02-09)
o BGP: Flowspec validation procedure
o Babel: MAC authentication support
o Routing table configuration blocks
o Optional prefix trie in routing table for faster LPM/interval queries
o CLI: New 'show route in <prefix>' command
o Filter: Faster (16-way) prefix sets
o Filter: MPLS label route attribute
o Filter: Operators to pick community components
o Filter: Operators to find minimum and maximum element of lists
o BGP: New 'free bind' option
o BGP: Log route updates that were changed to withdraws
o BGP: Improved 'invalid next hop' error reporting
o OSPF: Allow ifaces with host address as unnumbered PtP or PtMP ifaces
o OSPF: All packets on PtP networks should be sent to AllSPFRouters address
o Scripts for apkg-powered upstream packaging for deb and rpm
o Support for Blake2s and Blake2b hash functions
o Security keys / passwords can be entered in hexadecimal digits
o Memory statistics split into Effective and Overhead
o Linux: New option 'netlink rx buffer' to specify netlink socket buffer size
o BSD: Assume onlink flag on ifaces with only host addresses
o Many bugfixes
Notes:
- For OSPF on PtP network, BIRD now sends all packets to multicast AllSPFRouters
address (as required in RFC 2328 8.1). This likely breaks setups with multiple
neighbors on a network configured as PtP, which worked in previous versions.
Such links should be configured as PtMP.
- Since Linux 5.3, netlink socket can be flooded by route cache entries during
route table scan. This version mitigates that issue by using strict netlink
filtering.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Triggered by Bug #12846 - in this context I noticed that vnstat had been updated to version 2.9.
For details see:
https://humdi.net/vnstat/CHANGES
"2.9 / 23-Jan-2022
- Fixed
- RescanDatabaseOnSave configuration option wasn't being read from the
configuration file resulting in the feature always being enabled
- Hourly graph image output using large fonts didn't correctly fade out
the x-axis line for hours not having data available
- New
- Add --alert for producing output and/or specific exit status when
configured condition and transfer limit is exceeded, can also be used
for "quota remaining" type of queries depending on used parameters
- Add configuration option InterfaceMatchMethod which allows configuring
the possibility of specifying an interface for database queries by using
its alias instead of system provided interface name, enabled by default
to support case insensitive matching of the beginning of interface
aliases (vnstat and vnstati)
- Image output file extension allows selecting the used image file format
as long as the used LibGD supports it, PNG is no longer the only option
- Add configuration option HourlyGraphMode for changing the output mode
of the graph, 0 = 24 hour sliding window (default, as in previous
releases), 1 = graph begins from midnight
- Add mode parameter for -hg / --hoursgraph options for overriding the
HourlyGraphMode configuration option setting from the command line
- Add vertical line to image output hourly graph to visualize midnight
- Add -t / --timestamp options to daemon for enabling timestamps to prints
when the daemon is running in the foreground attached to a terminal
- Accept ; as comment character in configuration file in addition to #
- Comment out keywords which are using default values with ; character in
provided configuration file and --showconfig output
2.8 / 4-Sep-2021
- Fixed
- Using a combination of --live and --json wasn't flushing stdout after
each line resulting in buffered output if the output was being piped
- Image output would fail to show the last line bar graph in list outputs
if EstimateStyle was 0, BarColumnShowsRate was 1 and the last line had a
higher traffic rate than other lines
- Image output didn't correctly horizontally align the "no data available"
message in 5 minute graph depending on the width of the image
- Image output related configuration warnings could get shown when image
output wasn't being used
- Warnings of mismatches between image output and data retention
configuration didn't provide relevant details for solving the issues
- BandwidthDetection was being used for tun interfaces even when the
Linux kernel had the information hardcoded to 10 Mbit regardless of the
used real interface, interface specific MaxBW will now be used instead
or MaxBandwidth as fallback
- Configured interface specific MaxBW values were getting overridden by
BandwidthDetection when something could be detected
- Image output horizontal rx/tx bars often had one pixel too much width in
the tx section resulting in slightly wrong ratio getting shown
- Top days list wasn't always sorting entries with exactly the same traffic
sum using ascending date
- 64bitInterfaceCounters with value -2 always assumed 32-bit on Linux
systems until a 64-bit value was seen if kernel headers weren't available
when binaries were built
- New
- Add the possibility of specifying an interface without using the
-i / --iface options (vnstat and vnstati)
- The daemon can discover added interfaces from the database without
requiring a restart, configurable with option RescanDatabaseOnSave
- Add configuration option UseUTC for using UTC as timezone for database
entries instead of following the system timezone configuration
- --iflist uses user configured interface specific MaxBW values in the
output when available instead of showing only the kernel provided
information when detected
- Add configuration option AlwaysAddNewInterfaces to expose the daemon
--alwaysadd command line option which gains an optional mode parameter
- Image output uses LibGD filled arc bug workaround only for LibGD
versions that are known to be broken
- Image output example cgi (examples/vnstat.cgi) improvements
- Automatically lists all monitored interfaces instead of requiring the
list to be filled manually, server name in page title comes from
hostname command by default
- Provides links for most available images to more detailed or longer
versions of each image
- Allows direct interface specific page access with /interfacename suffix
for the cgi if the used httpd supports PATH_INFO
- Page auto refresh can be enabled with configurable interval"
Please note:
As mentioned above, the default values in 2.9 are commented out. I have reversed this
by adding a simple 'sed' command to the lfs file.
Another possibility would have been to extend the existing sed commands. If this
is desired differently, please report.
As - nearly - always: running here with no seen problems...
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Mon, 11 Apr 2022 19:14:43 +0000 (19:14 +0000)]
Core Update 167: Replace /etc/mtab by symlink to /proc/self/mounts
mount, as updated via util-linux, no longer writes /etc/mtab, causing
programs to rely on this file's content (such as the check_disk Nagios
plugin) to stop working.
/proc/self/mounts contains all the necessary information, so it is fine
to replace /etc/mtab by a symlink to it.
Fixes: #12843 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Mon, 11 Apr 2022 13:40:00 +0000 (15:40 +0200)]
xz: Apply patch to solve security fix (ZDI-CAN-16587)
- Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.
- xzgrep from XZ Utils versions up to and including 5.2.5 are
affected. 5.3.1alpha and 5.3.2alpha are affected as well.
- This bug was inherited from gzip's zgrep. gzip 1.12 includes
a fix for zgrep.
- CU167 has gzip-1.12 with the fix already merged.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 5 Apr 2022 13:47:01 +0000 (15:47 +0200)]
dbus: Update to version 1.14.0
- Update from 1.12.20 to 1.14.0
- Update of rootfile
- Changelog
1.14.x is a new stable branch, superseding 1.12.x.
Summary of major changes between 1.12.x and 1.14.0
Dependencies:
• dbus now requires at least a basic level of support for C99 variadic
macros, as implemented in gcc >= 3, all versions of Clang, and
MSVC >= 2005. In practice this requirement has existed since version
1.9.2, but it is now official.
• dbus now requires a C99-compatible va_copy() macro (or a __va_copy()
macro with the same behaviour), except when building for Windows using
MSVC and CMake.
• On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented,
they must be POSIX-conformant. The non-POSIX signature seen in ancient
Solaris versions will no longer work.
• All Windows builds now require Windows Vista or later.
(Note that we do not recommend or support use of dbus on operating
systems outside their vendor's security support lifetime, such as Vista.)
• GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
• Building using CMake now requires CMake 3.4.
• Building documentation using CMake now requires xsltproc, Docbook DTDs
(for example docbook-xml on Debian derivatives), and Docbook XSLT
stylesheets (for example docbook-xsl on Debian derivatives). Using
KDE's meinproc4 documentation processor is no longer supported.
Build-time configuration changes:
• Move CMake build system to top level, matching normal practice for
CMake projects
Deprecations:
**Looking through these I don't believe they will cause a problem as they are
deprecations and not yet removed.In the future if needed we might need to set
datadir to /etc to keep the location the same as with syscondir. This won't be
needed if we don't use the system.d directory for dbus policies.
• Third-party software should install default dbus policies for the system
bus into ${datadir}/dbus-1/system.d (this has been supported since dbus
1.10, released in August 2015). Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy
files in ${sysconfdir}/dbus-1/system.d continue to be read, but this
directory should only be used by system administrators wishing to
override the default policies.
The ${datadir} applicable to dbus is usually /usr/share and the
${sysconfdir} is usually /etc.
• A similar pattern applies to the session bus policies in session.d.
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
• The dbus-daemon man page now has scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and should
not be used, particularly for the standard system and session buses
• DBusServer (and hence the dbus-daemon) no longer accepts usernames
(login names) for the recommended EXTERNAL authentication mechanism,
only numeric user IDs or the empty string. See 1.13.0 release notes
for full details.
New features:
• On Linux 4.13 or later when built against a suitable glibc version,
GetConnectionCredentials() now includes UnixGroupIDs, the effective
group IDs of the initiator of the connection, taken from
SO_PEERGROUPS.
• On Linux 4.13 or later, <policy group="…"> now uses the SO_PEERGROUPS
credentials-passing socket option to get the effective group IDs
of the initiator of the connection. See 1.13.4 release notes for details.
• Add a --sender option to dbus-send, which requests a name and holds it
until the signal has been sent
• dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a combination of
send_destination and the arg0namespace keyword in match rules.
See 1.13.12 release notes for more details
• The dbus-daemon now filters the messages that it relays, removing
header fields that it does not understand. Clients must not rely on
this behaviour unless they have confirmed that they are connected to
a suitable message bus implementation, for example by querying its
Features property.
• The dbus-daemon now emits a signal, ActivatableServicesChanged, when
the list of activatable services may have changed. Support for this
signal can be discovered by querying the Features property.
• It is now possible to disable traditional (non-systemd) service
activation at build-time (Autotools: --disable-traditional-activation,
CMake: -DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release notes
for details.
• The API reference manual can be built as a Qt compiled help file if
qhelpgenerator(-qt5) is available. See 1.13.16 release notes for details.
Miscellaneous behaviour changes:
• When using the "user bus" (--enable-user-session), put the dbus-daemon
in the session slice
• Several environment variables set by systemd are no longer passed
on to activated services
• If the dbus-daemon is compiled for Linux with systemd support, it
now informs systemd that it is ready for use via the sd_notify()
mechanism
• Tarball releases no longer contain pre-2007 changelogs and are now
compressed with xz, making them around 35% smaller.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 5 Apr 2022 13:47:15 +0000 (15:47 +0200)]
expat: Update to version 2.4.8
- Update from 2.4.6 to 2.4.8
- Update of rootfile
- Changelog
Release 2.4.8 Mon March 28 2022
Other changes:
#587 pkg-config: Move "-lm" to section "Libs.private"
#587 CMake|MSVC: Fix pkg-config section "Libs"
#55 #582 CMake|macOS: Start using linker arguments
"-compatibility_version <version>" and
"-current_version <version>" in a way compatible with
GNU Libtool
#590 #591 Version info bumped from 9:7:8 to 9:8:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#589 CI: Upgrade Clang from 13 to 14
Release 2.4.7 Fri March 4 2022
Bug fixes:
#572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
with regard to all valid URI characters (RFC 3986),
i.e. the following set (excluding whitespace):
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz 0123456789 % -._~ :/?#[]@ !$&'()*+,;=
Other changes:
#555 #570 #581 CMake|Windows: Store Expat version in the DLL
#577 Document consequences of namespace separator choices not just
in doc/reference.html but also in header <expat.h>
#577 Document Expat's lack of validation of namespace URIs against
RFC 3986, and that the XML 1.0r4 specification doesn't
require Expat to validate namespace URIs, and that Expat
may do more in that regard in future releases.
If you find need for strict RFC 3986 URI validation on
application level today, https://uriparser.github.io/ may
be of interest.
#579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
#575 Document that a call to XML_FreeContentModel can be done at
a later time from outside the element declaration handler
#574 Make hardcoded namespace URIs easier to find in code
#573 Update documentation on use of XML_POOR_ENTOPY on Solaris
#569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
4.8.2 on Solaris.
#578 #580 Version info bumped from 9:6:8 to 9:7:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 6 Apr 2022 13:06:12 +0000 (15:06 +0200)]
libgcrypt: Update to version 1.10.1
- Update from 1.9.4 to 1.10.1
- Update of rootfile
- Changelog
Noteworthy changes in version 1.10.1 (2022-03-28) [C24/A4/R1]
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc. [rCffaef0be61]
* Other:
- More portable integrity check in FIPS mode. [rC9fa4c8946a,T5835]
- Add X9.62 OIDs to sha256 and sha512 modules. [rC52fd2305ba]
Noteworthy changes in version 1.10.0 (2022-02-01) [C24/A4/R0]
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649. [T5752]
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification. [T4894]
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[R5328,CVE-2021-40528]
- Fix alignment problem on macOS. [T5440]
- Check the input length of the point in ECDH. [T5423]
- Fix an abort in gcry_pk_get_param for "Curve25519". [T5490]
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code. [T5523]
- Simplification of the entropy gatherer when using the getentropy
system call.
* Interface changes relative to the 1.10.0 release:
GCRYCTL_SET_DECRYPTION_TAG NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code.
GCRYCTL_NO_FIPS_MODE = 83 NEW control code.
GCRY_CIPHER_MODE_SIV NEW mode.
GCRY_CIPHER_MODE_GCM_SIV NEW mode.
GCRY_CIPHER_EXTENDED NEW flag.
GCRY_SIV_BLOCK_LEN NEW macro.
gcry_cipher_set_decryption_tag NEW macro.
GCRY_KDF_ARGON2 NEW constant.
GCRY_KDF_BALLOON NEW constant.
GCRY_KDF_ARGON2D NEW constant.
GCRY_KDF_ARGON2I NEW constant.
GCRY_KDF_ARGON2ID NEW constant.
gcry_kdf_hd_t NEW type.
gcry_kdf_job_fn_t NEW type.
gcry_kdf_dispatch_job_fn_t NEW type.
gcry_kdf_wait_all_jobs_fn_t NEW type.
struct gcry_kdf_thread_ops NEW struct.
gcry_kdf_open NEW function.
gcry_kdf_compute NEW function.
gcry_kdf_final NEW function.
gcry_kdf_close NEW function.
gcry_pk_hash_sign NEW function.
gcry_pk_hash_verify NEW function.
gcry_pk_random_override_new NEW function.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 6 Apr 2022 13:06:28 +0000 (15:06 +0200)]
libmnl: Update to version 1.0.5
- Update from 1.0.4 to 1.0.5
- Update of rootfile not required
- Changelog
Version 1.0.5 changes from git commits
src: doc: Fix messed-up Netlink message batch diagram
build: If doxygen is not available, be sure to report "doxygen: no" to ./conf...
build: doc: get rid of the need for manual updating of Makefile
build: doc: "make" builds & installs a full set of man pages
doxygen: Fixed link to the git source tree on the website.
include: add MNL_SOCKET_DUMP_SIZE definition
doxygen: remove EXPORT_SYMBOL from the output
nlmsg: Fix a missing doxygen section trailer
src: fix doxygen function documentation
examples: Add rtnl-addr-add.c
examples: reduce LOCs during neigh attributes validation
examples: fix print line format
examples: fix neigh max attributes
examples: add arp cache dump example
libmnl: zero attribute padding
examples: rtnl-addr-dump: fix typo
callback: mark cb_ctl_array 'const' in mnl_cb_run2()
examples: nfct-daemon: Fix test building on musl libc
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 7 Apr 2022 16:35:04 +0000 (18:35 +0200)]
netpbm: Removal from IPFire
- This is an addon whose purpose is defined as :-
Netpbm is a toolkit for manipulation of graphic images, including conversion of images
between a variety of different formats. There are over 300 separate tools in the
package including converters for about 100 graphics formats. Examples of the sort of
image manipulation we're talking about are: Shrinking an image by 10%; Cutting the top
half off of an image; Making a mirror image; Creating a sequence of images that fade
from one image to another.
- None of the above seems to be a purpose related to a Firewall. Additionally it is
available in a huge number of distributions, including Linux, BSD,Windows,
MacOS X/Darwin, Solaris, AIX etc
- This package seems to be better used on a system in the lan protected by IPFire than
used on IPFire itself
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 7 Apr 2022 16:35:03 +0000 (18:35 +0200)]
libnl: Removal from IPFire
- This is the legacy version of libnl - 1.1.4 and was released in 2013
- libnl-3 is the running stable version - 3.5.0
- Nothing in IPFire has libnl as a dependency. Large number of programs have libnl-3 as
a dependency
- libnl developer indicates that libnl-3 should be used if in any way possible and that
the legacy version is for situations that fail to work with libnl-3
- As everything in IPFire looks to already be using libnl-3 this patch is to remove the
legacy version
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 8 Apr 2022 18:49:41 +0000 (20:49 +0200)]
perl-libwww: Update to 6.62
- Update from 6.61 to 6.62
- Update of rootfile not required
- Changelog
6.62 2022-04-05 01:04:17Z
- Allow downloading to a filehandle (GH#400) (Andrew Fresh)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://raw.githubusercontent.com/rfc1036/whois/next/debian/changelog
whois (5.5.13) unstable; urgency=medium
* Added the .sd TLD server.
* Updated the list of new gTLDs.
* Added the Turkish translation, contributed by Oguz Ersen.
-- Marco d'Itri <md@linux.it> Fri, 08 Apr 2022 01:08:55 +0200
whois (5.5.12) unstable; urgency=medium
* Updated the .pro TLD server, which was totally broken.
* Fixed the detection of Japanese locales using $LC_MESSAGES.
* Implemented providing partial salt strings to mkpasswd.
* Removed 2 new gTLDs which are no longer active.
* Updated one or more translations. (Closes: #1003597)
* Enabled full hardening in debian/rules.
-- Marco d'Itri <md@linux.it> Wed, 23 Feb 2022 01:03:11 +0100
whois (5.5.11) unstable; urgency=medium
* Implemented a --no-recursion command line option to disable recursion
from registrar to registry servers.
* Updated the .pro, .vu and .xxx TLD servers.
* Updated the list of new gTLDs.
* Removed 7 new gTLDs which are no longer active.
* Updated make_version_h.pl to support Ubuntu no-change uploads,
contributed by Matthias Klose. (Closes: #995873)
-- Marco d'Itri <md@linux.it> Mon, 03 Jan 2022 18:18:36 +0100
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Deleted 'vnstat' calls in initscripts - those options were removed and we're using 'vnstatd', not 'vnstat'.
Fixes: 12831
Jonatan Schlag reported that the command line options of 'vnstat' had changed
"...and seemed to be broken a long time".
=> https://bugzilla.ipfire.org/show_bug.cgi?id=12831#c0
Several command line switches used in networking initscripts were obviously removed.
Affected commands in '.../networking/any' and '.../networking/red'):
Adolf Belka tested this, "looked through the changelogs" and found - besides that
the switch '--enable' had been removed "in version 2.0 in 2018" - that '--enable', '--update'
and '--reset' switches are either not needed or not supported anymore.
"The old man page indicates that none of those options are used when the vnstat daemon
is running."
Since we only start and run 'vnstatd' in IPFire it was decided to remove these commands.
Adolf Belka [Fri, 8 Apr 2022 18:49:56 +0000 (20:49 +0200)]
python3-pyparsing: Update to version 3.0.7
- Update from 3.0.6 to 3.0.7
- Update of rootfile
- Changelog
Version 3.0.7 -
- Fixed bug #345, in which delimitedList changed expressions in place
using expr.streamline(). Reported by Kim Gräsman, thanks!
- Fixed bug #346, when a string of word characters was passed to WordStart
or WordEnd instead of just taking the default value. Originally posted
as a question by Parag on StackOverflow, good catch!
- Fixed bug #350, in which White expressions could fail to match due to
unintended whitespace-skipping. Reported by Fu Hanxi, thank you!
- Fixed bug #355, when a QuotedString is defined with characters in its
quoteChar string containing regex-significant characters such as ., *,
?, [, ], etc.
- Fixed bug in ParserElement.run_tests where comments would be displayed
using with_line_numbers.
- Added optional "min" and "max" arguments to `delimited_list`. PR
submitted by Marius, thanks!
- Added new API change note in `whats_new_in_pyparsing_3_0_0`, regarding
a bug fix in the `bool()` behavior of `ParseResults`.
Prior to pyparsing 3.0.x, the `ParseResults` class implementation of
`__bool__` would return `False` if the `ParseResults` item list was empty,
even if it contained named results. In 3.0.0 and later, `ParseResults` will
return `True` if either the item list is not empty *or* if the named
results dict is not empty.
# generate an empty ParseResults by parsing a blank string with
# a ZeroOrMore
result = Word(alphas)[...].parse_string("")
print(result.as_list())
print(result.as_dict())
print(bool(result))
Prints:
[]
{}
False
# add a results name to the result
result["name"] = "empty result"
print(result.as_list())
print(result.as_dict())
print(bool(result))
Prints:
[]
{'name': 'empty result'}
True
In previous versions, the second call to `bool()` would return `False`.
- Minor enhancement to Word generation of internal regular expression, to
emit consecutive characters in range, such as "ab", as "ab", not "a-b".
- Fixed character ranges for search terms using non-Western characters
in booleansearchparser, PR submitted by tc-yu, nice work!
- Additional type annotations on public methods.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 8 Apr 2022 21:55:24 +0000 (23:55 +0200)]
libevent: Remove from IPFire
- Build worked without libevent without problems
- Nothing shows up as dependent on the libevent (legacy) libraries
- Lots of dependencies on the the libevent2 libraries
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 8 Apr 2022 18:49:03 +0000 (20:49 +0200)]
libnfnetlink: Update to version 1.0.2
- Update from 1.0.1 to 1.0.2
- Update of rootfile not required
- Changelog
Version 1.0.2
* Warnings with automake-1.12
* Update header comments to reflect GPLv2+ license
* Allow building on uclinux
* Valgrind warnings due to uninitialized padding in netlink messages
* Hide private library symbols
* Support builds with newer doxygen versions
* Failing calls to getsockname() were left unnoticed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Sat, 9 Apr 2022 10:44:10 +0000 (10:44 +0000)]
gzip: Symlink /usr/bin/zless to /usr/bin/zmore
gzip 1.12 no longer features zless. For convenience reasons, symlink
/usr/bin/zless to /usr/bin/zmore, so users won't need to relearn any
commands they were previously used to.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 5 Apr 2022 13:48:16 +0000 (15:48 +0200)]
sudo: Update to version 1.9.10
- Update from 1.9.9 to 1.9.10
- Update of rootfile not required
- Changelog
What's new in Sudo 1.9.10
* Added new "log_passwords" and "passprompt_regex" sudoers options.
If "log_passwords" is disabled, sudo will attempt to prevent passwords
from being logged. If sudo detects any of the regular expressions in
the "passprompt_regex" list in the terminal output, sudo will log '*'
characters instead of the terminal input until a newline or carriage
return is found in the input or an output character is received.
* Added new "log_passwords" and "passprompt_regex" settings to
sudo_logsrvd that operate like the sudoers options when logging
terminal input.
* Fixed several few bugs in the cvtsudoers utility when merging
multiple sudoers sources.
* Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
file, where the "retry_interval" in the [relay] section was not
being recognized.
* Restored the pre-1.9.9 behavior of not performing authentication
when sudo's -n option is specified. A new "noninteractive_auth"
sudoers option has been added to enable PAM authentication in
non-interactive mode. GitHub issue #131.
* On systems with /proc, if the /proc/self/stat (Linux) or
/proc/pid/psinfo (other systems) file is missing or invalid,
sudo will now check file descriptors 0-2 to determine the user's
terminal. Bug #1020.
* Fixed a compilation problem on Debian kFreeBSD. Bug #1021.
* Fixed a crash in sudo_logsrvd when running in relay mode if
an alert message is received.
* Fixed an issue that resulting in "problem with defaults entries"
email to be sent if a user ran sudo when the sudoers entry in
the nsswitch.conf file includes "sss" but no sudo provider is
configured in /etc/sssd/sssd.conf. Bug #1022.
* Updated the warning displayed when the invoking user is not
allowed to run sudo. If sudo has been configured to send mail
on failed attempts (see the mail_* flags in sudoers), it will
now print "This incident has been reported to the administrator."
If the "mailto" or "mailerpath" sudoers settings are disabled,
the message will not be printed and no mail will be sent.
GitHub issue #48.
* Fixed a bug where the user-specified command timeout was not
being honored if the sudoers rule did not also specify a timeout.
* Added support for using POSIX extended regular expressions in
sudoers rules. A command and/or arguments in sudoers are treated
as a regular expression if they start with a '^' character and
end with a '$'. The command and arguments are matched separately,
either one (or both) may be a regular expression.
Bug #578, GitHub issue #15.
* A user may now only run "sudo -U otheruser -l" if they have a
"sudo ALL" privilege where the RunAs user contains either "root"
or "otheruser". Previously, having "sudo ALL" was sufficient,
regardless of the RunAs user. GitHub issue #134.
* The sudo lecture is now displayed immediately before the password
prompt. As a result, sudo will no longer display the lecture
unless the user needs to enter a password. Authentication methods
that don't interact with the user via a terminal do not trigger
the lecture.
* Sudo now uses its own closefrom() emulation on Linux systems.
The glibc version may not work in a chroot jail where /proc is
not available. If close_range(2) is present, it will be used
in preference to /proc/self/fd.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 6 Apr 2022 13:05:10 +0000 (15:05 +0200)]
curl: Update to version 7.82.0
- Update from 7.81.0 to 7.82.0
- Update of rootfile not required
- Changelog
Versionl 7.82.0
This release includes the following changes:
o curl: add --json [67]
o mesalink: remove support [23]
This release includes the following bugfixes:
o appveyor: update images from VS 2019 to 2022
o appveyor: use VS 2017 image for the autotools builds
o azure-pipelines: add a build on Windows with libssh [154]
o bearssl: fix connect error on expired cert and no verify [132]
o bearssl: fix EXC_BAD_ACCESS on incomplete CA cert [131]
o bearssl: fix session resumption (session id) [133]
o build: enable -Warith-conversion
o build: fix -Wenum-conversion handling
o build: fix ngtcp2 crypto library detection [63]
o checkprefix: remove strlen calls [128]
o checksrc: fix typo in comment [34]
o CI: move 'distcheck' job from zuul to azure pipelines [60]
o CI: move scan-build job from Zuul to Azure Pipelines [59]
o CI: move the NSS job from zuul to GHA [84]
o ci: move the OpenSSL + c-ares job from Zuul to Circle CI [75]
o CI: move the rustls CI job to GHA from Zuul [8]
o CI: move two jobs from Zuul to Circle CI [73]
o CI: test building wolfssl with --enable-opensslextra [42]
o CI: workflows/wolfssl: install impacket [47]
o circleci: add a job using libssh [121]
o cirlceci: also run a c-ares job on arm with debug enabled [74]
o cmake: fix iOS CMake project generation error [13]
o cmdline-opts/gen.pl: fix option matching to improve references [50]
o config.d: Clarify _curlrc filename is still valid on Windows [95]
o configure.ac: use user-specified gssapi dir when using pkg-config [136]
o configure: change output for cross-compiled alt-svc support [140]
o configure: fix '--enable-code-coverage' typo [110]
o configure: remove support for "embedded ares" [82]
o configure: requires --with-nss-deprecated to build with NSS [114]
o configure: set CURL_LIBRARY_PATH for nghttp2 [58]
o configure: support specification of a nghttp2 library path [101]
o configure: use correct CFLAGS for threaded resolver with xlC on AIX [54]
o curl tool: erase some more sensitive command line arguments [22]
o curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval [5]
o curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE [9]
o curl-openssl: fix SRP check for OpenSSL 3.0 [86]
o curl-openssl: remove the OpenSSL headers and library versions check [35]
o curl.h: fix typo [129]
o curl: remove "separators" (when using globbed URLs) [32]
o curl_getdate.3: remove pointless .PP line [68]
o curl_multi_socket.3: remove callback and typical usage descriptions [7]
o curl_url_set.3: mention when CURLU_ALLOW_SPACE was added
o CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples [27]
o CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment [147]
o CURLOPT_RESOLVE.3: change example port to 443
o CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment [153]
o CURLOPT_XFERINFOFUNCTION.3: fix typo in example [81]
o CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released" [71]
o des: fix compile break for OpenSSL without DES [141]
o docs/cmdline-opts: add "mutexed" options for more http versions [25]
o docs/DEPRECATE: remove NPN support in August 2022 [64]
o docs: capitalize the name 'Netscape' [77]
o docs: document HTTP/2 not insisting on TLS 1.2 [49]
o docs: fix mandoc -T lint formatting complaints [2]
o docs: update IETF links to use datatracker [41]
o examples/curlx: support building with OpenSSL 1.1.0+ [148]
o examples/multi-app.c: call curl_multi_remove_handle as well [19]
o formdata: avoid size_t => long typecast overflows [37]
o ftp: provide error message for control bytes in path [66]
o gen.pl: terminate "example" sections better [4]
o gha: add a macOS CI job with libssh [142]
o gskit: Convert to using Curl_poll [111]
o gskit: Fix errors from Curl_strerror refactor [113]
o gskit: Fix initialization of Curl_ssl_gskit struct [112]
o h2/h3: allow CURLOPT_HTTPHEADER change ":scheme" [88]
o hostcheck: fixed to not touch used input strings [38]
o hostcheck: reduce strlen calls on chained certificates [92]
o hostip: avoid unused parameter error in Curl_resolv_check [144]
o http2: move two infof calls to debug-h2-only [145]
o http: make Curl_compareheader() take string length arguments too [87]
o if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled [104]
o KNOWN_BUGS: fix typo "libpsl"
o ldap: return CURLE_URL_MALFORMAT for bad URL [24]
o lib: remove support for CURL_DOES_CONVERSIONS [96]
o libssh2: don't typecast socket to int for libssh2_session_handshake [151]
o libssh: fix include files and defines use for Windows builds [156]
o Makefile.am: Generate VS 2022 projects
o maketgz: return error if 'make dist' fails [79]
o mbedtls: enable use of mbedtls without CRL support [57]
o mbedtls: enable use of mbedtls without filesystem functions support [100]
o mbedtls: fix CURLOPT_SSLCERT_BLOB (again)
o mbedtls: fix ssl_init error with mbedTLS 3.1.0+ [12]
o mbedtls: remove #include <mbedtls/certs.h> [56]
o mbedtls: return CURLcode result instead of a mbedtls error code [1]
o md5: check md5_init_func return value
o mime: use a define instead of the magic number 24 [89]
o misc: allow curl to build with wolfssl --enable-opensslextra [43]
o misc: remove BeOS code and references [30]
o misc: remove the final watcom references [29]
o misc: remove unused data when IPv6 is not supported [80]
o mqtt: free 'sendleftovers' in disconnect [115]
o mqtt: free any send leftover data when done [36]
o multi: allow user callbacks to call curl_multi_assign [126]
o multi: grammar fix in comment [69]
o multi: remember connection_id before returning connection to pool [76]
o multi: set in_callback for multi interface callbacks [28]
o netware: remove support [72]
o next.d. remove .fi/.nf as they are handled by gen.pl [3]
o ngtcp2: adapt to changed end of headers callback proto [39]
o ngtcp2: fix declaration of ‘result’ shadows a previous local [14]
o ngtcp2: Reset dynbuf when it is fully drained [143]
o nss: handshake callback during shutdown has no conn->bundle [55]
o ntlm: remove unused feature defines [117]
o openldap: fix compiler warning when built without SSL support [70]
o openldap: implement SASL authentication [16]
o openldap: pass string length arguments to client_write() [116]
o openssl.h: avoid including OpenSSL headers here [15]
o openssl: check if sessionid flag is enabled before retrieving session [125]
o openssl: check SSL_get_ex_data to prevent potential NULL dereference [40]
o openssl: check the return value of BIO_new_mem_buf() [18]
o openssl: fix `ctx_option_t` for OpenSSL v3+
o openssl: fix build for version < 1.1.0 [134]
o openssl: return error if TLS 1.3 is requested when not supported [45]
o os400: Add function wrapper for system command [138]
o os400: Add link to QADRT devkit to README.OS400 [137]
o os400: Default build to target current release [139]
o OS400: fix typos in rpg include file [149]
o projects: add support for Visual Studio 17 (2022) [124]
o projects: fix Visual Studio wolfSSL configurations
o projects: remove support for MSVC before VC10 (Visual Studio 2010) [123]
o quiche: after leaving h3_recving state, poll again [108]
o quiche: change qlog file extension to `.sqlog` [44]
o quiche: fix upload for bigger content-length [146]
o quiche: handle stream reset [83]
o quiche: remove two leftover debug infof() outputs
o quiche: verify the server cert on connect [33]
o quiche: when *recv_body() returns data, drain it before polling again [109]
o README.md: fix links [118]
o remote-header-name.d: clarify [10]
o runtests.pl: disable debuginfod [51]
o runtests.pl: properly print the test if it contains binary zeros
o runtests.pl: support the nonewline attribute for the data part [21]
o runtests.pl: tolerate test directories without Makefile.inc [98]
o runtests: allow client/file to specify multiple directories
o runtests: make 'rustls' a testable feature
o runtests: make 'wolfssl' a testable feature [6]
o runtests: set 'oldlibssh' for libssh versions before 0.9.5 [122]
o rustls: add CURLOPT_CAINFO_BLOB support [26]
o schannel: move the algIds array out of schannel.h [135]
o scripts/cijobs.pl: output data about all currect CI jobs [78]
o scripts/completion.pl: improve zsh completion [46]
o scripts/copyright.pl: support many provided file names on the cmdline
o scripts/delta: check the file delta for current branch
o sectransp: mark a 3DES cipher as weak [130]
o setopt: do bounds-check before strdup [99]
o setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds [53]
o sha256: Fix minimum OpenSSL version [102]
o smb: pass socket for writing and reading data instead of FIRSTSOCKET [90]
o ssl: reduce allocated space for ssl backend when FTP is disabled [127]
o test3021: disable all msys2 path transformation
o test374: gif data without new line at the end [20]
o tests/disable-scan.pl: properly detect multiple symbols per line [94]
o tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine [85]
o tool_findfile: check ~/.config/curlrc too [17]
o tool_getparam: DNS options that need c-ares now fail without it [31]
o TPF: drop support [97]
o unit1610: init SSL library before calling SHA256 functions [152]
o url: exclude zonefrom_url when no ipv6 is available [103]
o url: given a user in the URL, find pwd for that user in netrc [11]
o url: keep trailing dot in host name [62]
o url: make Curl_disconnect return void [48]
o urlapi: handle "redirects" smarter [119]
o urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled [52]
o urldata: remove conn->bits.user_passwd [105]
o version_win32: fix warning for `CURL_WINDOWS_APP` [93]
o vtls: fix socket check conditions [150]
o vtls: pass on the right SNI name [61]
o vxworks: drop support [65]
o winbuild: add parameter WITH_SSH [120]
o wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case [106]
o wolfssl: when SSL_read() returns zero, check the error [107]
o write-out.d: Fix num_headers formatting
o x509asn1: toggle off functions not needed for diff tls backends [91]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 6 Apr 2022 13:05:42 +0000 (15:05 +0200)]
ghostscript: Update to version 9.56.1
- Update from 9.55.0 to 9.56.1
- Update of rootfile
- Changelog
Version 9.56.0 (2022-02-22)
Highlights in this release include:
New PDF Interpreter: This is an entirely new implementation written in C
(rather than PostScript, as before). For a full discussion of this change
and reasons for it see: Changes Coming to the PDF Interpreter.
In this (9.56.0) release, the new PDF interpreter is now ENABLED by default
in Ghostscript, but the old PDF interpreter can be used as a fallback by
specifying -dNEWPDF=false. We've provided this so users that encounter
issues with the new interpreter can keep working while we iron out those
issues, the option will not be available in the long term.
This also allows us to offer a new executable (gpdf, or gpdfwin??.exe on
Windows) which is purely for PDF input. For this release, those new binaries
are not included in the "install" make targets, nor in the Windows installers.
Calling Ghostscript via the GS API is now thread safe. The one limitation is
that the X11 devices for Unix-like systems (x11, x11alpha, x11cmyk, x11cmyk2,
x11cmyk4, x11cmyk8, x11gray2, x11gray4 and x11mono) cannot be made thread
safe, due to their interaction with the X11 server, those devices have been
modified to only allow one instance in an executable.
The PSD output device now writes ICC profiles to their output files, for
improved color fidelity.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental
improvements.
Included below are incompatible changes from recent releases (the specific release
in question is listed in parentheses). We include these, for now, as we are aware
that not everyone upgrades with every release.
(9.55.0) Changes to the device API. This will affect developers and
maintainers of Ghostscript devices. Firstly, and most importantly,
the way device-specific "procs" are specified has been rewritten
to make it (we think!) clearer and less confusing. See The
Interface between Ghostscript and Device Drivers and The Great
Device Rework Of 2021 for more details.
(9.55.0) The command line options -sGraphicsICCProfile=___,
-dGraphicsIntent=#, -dGraphicsBlackPt=#, -dGraphicsKPreserve=# have
been changed to -sVectorICCProfile=___, -dVectorIntent=#,
-dVectorBlackPt=#, -dVectorKPreserve=#.
(9.53.0) As of 9.53.0, we have (re-)introduced the patch level to the
version number, this helps facilitate a revised policy on handling
security-related issues.
Note for GSView Users: The patch level addition breaks GSView 5 (it is
hardcoded to check for versions 704-999. It is possible, but not guaranteed
that a GSView update might be forthcoming to resolve this.
(9.52) -dALLOWPSTRANSPARENCY: The transparency compositor (and related
features), whilst we are improving it, remains sensitive to being
driven correctly, and incorrect use can have unexpected/undefined
results. Hence, as part of improving security, we limited access to
these operators, originally using the -dSAFER feature. As we made
"SAFER" the default mode, that became unacceptable, hence the new
option -dALLOWPSTRANSPARENCY which enables access to the operators.
(9.50) There are a couple of subtle incompatibilities between the old and
new SAFER implementations. Firstly, as mentioned in the 9.50 release
notes, SAFER now leaves standard PostScript functionality unchanged
(except for the file access limitations). Secondly, the interaction
with save/restore operations has changed. See SAFER.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 6 Apr 2022 13:05:56 +0000 (15:05 +0200)]
iproute2: Update to version 5.17.0
- Update from 5.16.0 to 5.17.0
- Update of rootfile not required
- Changelog
v5.17.0
ip/geneve: add support for IFLA_GENEVE_INNER_PROTO_INHERIT
Merge branch 'gtp-netdev' into next
f_flower: Implement gtp options support
ip: GTP support in ip link Wojciech
man: bridge: document per-port mcast_router settings
bridge: support for controlling mcast_router per port
Update kernel headers
vdpa: Update man page with added support to configure max vq pair
link_xfrm: if_id must be non zero
testsuite: link xfrm delete no if_id test
vdpa: Support reading device features
vdpa: Support for configuring max VQ pairs for a device
vdpa: Allow for printing negotiated features of a device
vdpa: Remove unsupported command line option
Makefile: move HAVE_MNL check to top-level Makefile
Merge branch 'bridge-broadcast-flooding' into next
Merge branch 'main' into next
man: ip-link: whitespace fixes to odd line breaks mid sentence
man: ip-link: mention bridge port's default mcast_flood state
man: ip-link: document new bcast_flood flag on bridge ports
ip: iplink_bridge_slave: support for broadcast flooding
man: bridge: add missing closing " in bridge show mdb
man: bridge: document new bcast_flood flag for bridge ports
bridge: support for controlling flooding of broadcast per port
rdma: make RES_PID and RES_KERN_NAME alternative to each other
uapi: update vdpa.h
ipaddress: remove 'label' compatibility with Linux-2.0 net aliases
lib/fs: fix memory leak in get_task_name()
ip/batadv: allow to specify RA when creating link
Import batman_adv.h header from last kernel sync point
uapi: update magic.h
Revert "configure: Allow command line override of toolchain"
tc: separate action print for filter and action dump
rdma: Fix the logic to print unsigned int.
Revert "rdma: Fix res_print_uint() and add res_print_u64()"
Merge branch 'libbpf-fixups' into next
bpf: Remove use of bpf_create_map_xattr
bpf: Export bpf syscall wrapper
bpf_glue: Remove use of bpf_load_program from libbpf
rdma: Fix res_print_uint() and add res_print_u64()
uapi: update to xfrm.h
ss: display advertised TCP receive window and out-of-order counter
Merge branch 'link-layer-protocols' into next
tc: bash-completion: Add profinet and ethercat to procotol completion list
lib: add profinet and ethercat as link layer protocol names
Merge branch '802.1X-locked-bridge-ports' into next
man8/ip-link.8: add locked port feature description and cmd syntax
man8/bridge.8: add locked port feature description and cmd syntax
ip: iplink_bridge_slave: add locked port flag support
bridge: link: add command to set port in locked mode
Update kernel headers
configure: Allow command line override of toolchain
mptcp: add port support for setting flags
mptcp: add fullmesh support for setting flags
mptcp: add fullmesh check for adding address
bond: add ns_ip6_target option
Merge branch 'main' into next
devlink: Remove strtouint8_t in favor of get_u8
devlink: Remove strtouint16_t in favor of get_u16
devlink: Remove strtouint32_t in favor of get_u32
devlink: Remove strtouint64_t in favor of get_u64
Update kernel headers
f_flower: fix indentation for enc_key_id and u32
bridge: Remove vlan listing from `bridge link`
bridge: Fix error string typo
lnstat: fix strdup leak in -w argument parsing
iplink_can: print_usage: typo fix, add missing spaces
dcb: Fix error reporting when accessing "dcb app"
tc: fix duplicate fall-through
libnetlink: fix socket leak in rtnl_open_byproto()
tc_util: Fix parsing action control with space and slash
tunnel: Fix missing space after local/remote print
Merge branch 'ioam-insert-freq' into next
Update documentation
Add support for the IOAM insertion frequency
Update kernel headers
iplink: add ip-link documentation
iplink: add gro_max_size attribute handling
tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6`
tc: u32: add support for json output
iprule: Allow option dsfield in 'ip rule show'
tc/f_flower: fix indentation
tc_util: fix breakage from clang changes
tc: add skip_hw and skip_sw to control action offload
ss: use freecon() instead of free() when appropriate
man: Fix a typo in the flag documentation of ip address
dcb: app: Add missing "dcb app show dev X default-prio"
Merge branch 'clang-compile' into next
json_print: suppress clang format warning
libbpf: fix clang warning about format non-literal
tunnel: fix clang warning
tipc: fix clang warning about empty format string
can: fix clang warning
ipl2tp: fix clang warning
tc_util: fix clang warning in print_masked_type
flower: fix clang warnings
netem: fix clang warnings
utils: add format attribute
tc: add format attribute to tc_print_rate
Merge branch 'main' into next
uapi: update kernel headers from 5.17-rc1
tc/action: print error to stderr
mptcp: add id check for deleting address
dcb: Rewrite array-formatting code to not cause warnings with Clang
f_flower: fix checkpatch warnings
netem: fix checkpatch warnings
Merge branch 'main' into next
lib: fix ax25.h include for musl
uapi: add missing virtio headers
uapi: add missing rose and ax25 files
q_cake: allow changing to diffserv3
iplink_can: add ctrlmode_{supported,_static} to the "--details --json" output
Update kernel headers
Merge branch 'rdma-clang-compile' into next
rdma: Don't allocate sparse array
rdma: Limit copy data by the destination size
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 6 Apr 2022 13:03:58 +0000 (15:03 +0200)]
cups-filters: Update to version 1.28.14
- Update from 1.28.10 to 1.28.14
- Update of rootfile not required
- Changelog
CHANGES IN V1.28.14
- pdftopdf: Correct the output when suppressing auto-rotation
(option "nopdfAutoRotate"). Depending on the situation pages
got cropped in the wrong orientation or de-centered.
- pdftopdf: Correct the output when the
"orientation-requested" or the "landscape" option is
supplied. Output could be de-centered (Issue #456),
portrait-oriented pages be wrongly cropped and division of
the output page into cells for N-up done in the wrong
orientation.
- rastertopdf: In PCLm output mode the filter failed to
generate PCLm if the printer has no
"pclm-source-resolution-default" IPP attribute.
CHANGES IN V1.28.13
- pdftopdf: Fix N-up printing when paper is taken
long-edge-first by the printer.
- pdftopdf: Fix cropping ("print-scaling=none" and
"print-scaling=fill") when paper is taken long-edge-first by
the printer (Issue #454).
- pdftops: Use Poppler for all Apple LaserWriter models (Issue
#452).
CHANGES IN V1.28.12
- imagetoraster, imagetopdf: Fixed comparison of the image
size with the page size for print-scaling=auto. The image
size in pixels was compared with the page size in PostScript
points (1/72 inch).
- imagetoraster, imagetopdf: Fixed the "print-scaling=none"
(crop-to-fit) mode, also use crop-to-fit always when
requested, do not fall back to fit-to-page when the image
size differs significantly from the page size (Issue #362).
- libcupsfilters: Changed the default PPI resolution for
images as input files from 128 to 200 (Pull request #446).
- implicitclass: Do not check availability of "gs" and
"pdftops" executables, instead, check by the presence of
"gstoraster" and "pdftoraster" filters whether we have
configured cups-filters for Ghostscript and/or Poppler use.
- libcupsfilters: In the PPD generator for the driverless
utility and cups-browsed add "*cupsFilter2: ..." lines for
all supported driverless data formats (PDF, Apple/PWG
Raster, PCLm), and add lines for legacy data formats (PCL,
PostScript) only if no driverless formats available.
- libcupsfilters: Always use encryption for ipps. RFC7472
requires that 'ipps' must be used over HTTPS, but the
driverless utility does not enforce encryption (Pull request
#433).
- serial: Add a 10-msec sleep and at the end add a tcdrain().
For some unknown reason, every printing file need sleep a
little time to make sure the serial printer receive data is
right (Pull request #431).
- libcupsfilters: Fix resolver functions for DNS-SD-based
URIs, to make resolve_uri() also work when DEVICE_URI env
variable is set and to make ippfind_based_uri_converter()
not re-direct stdin.
- pdftopdf: Set default for print-scaling to avoid "should
never happem" log messages and undefined behavior.
- pdftopdf: Fix orientation-requested = 0. Consider
this as "automatic selection and not as error.
- pdftopdf: Fixed all combinations of print-scaling and
number-up for printers with asymmetric margins (top !=
bottom or left != right) and for input files containing
pages with different sizes and/or orientations. Fixes
backported from 2.x branch.
- pdftopdf: Add 2% tolerance for input size larger than output
page when "print-scaling=auto" or "print-scaling=auto-fit"
is used and too large input pages should be scaled, fitting
documents not. This prevents a random-looking behavior if
input and output page size seem to be equal, but in reality
there are slight differences between size dimensions.
CHANGES IN V1.28.11
- libcupsfilters: Let PPD generator take default ColorModel
from printer (CUPS issue #277).
- Braille: In vectortopdf check inkscape version to call
inkscape with the correct command line (Issue #315, Pull
request #443).
- Build system: Make missing DejaVuSans.ttf non-fatal in
./configure as the font is only needed for test programs,
not for actual use of cups-filters (Issue #411).
- libcupsfilters: In imagetoraster() fixed crash with SGray
(Issue #435).
- cups-browsed: Naming of local queues is matched to CUPS'
current naming of temporary queues (no leading or trailing
underscores), to avoid duplicates in print dialogs which
support CUPS' temporary queues.
- libcupsfilters: Make cupsRasterParseIPPOptions() work correctly
with PPDs (Issue #436).
- libcupsfilters: Let colord_get_profile_for_device_id() not
return empty file name, to avoid error messages in CUPS
error_log.
- foomatic-rip: Debug message was wrongly sent to stdout and
not to log (Issue #422).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 5 Apr 2022 13:46:43 +0000 (15:46 +0200)]
cifs-utils: Update to version 6.14
- Update from 6.13 to 6.14
- Update of rootfile not required
- Changelog
September, 2021: Release 6.14
cifs-utils: bump version to 6.14
setcifsacl: fix formatting
smbinfo: add support for new key dump ioctl
mount.cifs: fix crash when mount point does not exist
cifs.upcall: fix regression in kerberos mount
smbinfo: Add command for displaying alternate data streams
Reorder ACEs in preferred order during setcifsacl
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Bernhard Bitsch [Mon, 4 Apr 2022 20:33:31 +0000 (22:33 +0200)]
graphs.pl: Change directory name to replace HOSTILE with HOSTILE_DROP - fixes bug#12838
- The directory name for the hostile data was using HOSTILE while the chain was called
HOSTILE_DROP. This resulted in the files in the directory not being updated.
Fixes: bug#12838 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Bernhard Bitsch [Mon, 4 Apr 2022 20:33:30 +0000 (22:33 +0200)]
collectd.conf: Change chain from HOSTILE to HOSTILE_DROP - fixes bug#12838
- Chain that was specified was HOSTILE but actual used is HOSTILE_DROP
- Using HOSTILE caused no update fro the hostile data used in the Firewall Hits graph
Fixes: bug#12838 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Acked-by: Bernhard Bitsch <bbitsch@ipfire.org>
Peter Müller [Mon, 4 Apr 2022 05:31:53 +0000 (05:31 +0000)]
haproxy: Update to 2.4.15
The changelog of the entire 2.4.x series can be retrieved from
https://www.haproxy.org/download/2.4/src/CHANGELOG .
As-promised-to: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
projects / people / pmueller / ipfire-2.x.git / log
