Stefan Schantl [Sat, 23 Sep 2023 10:54:55 +0000 (12:54 +0200)]
extrahd.cgi: Add support for LVM and MDADM devices
This commit adds support for using LVM and mdadm based RAID devices
for the CGI page.
In case one or more drives/partitions are used by such a "grouped"
volume they still will displayed on the page, but can not be
configured/used. Instead the "master" volume of which the
drive/partition is part of is shown in the "mountpoint" input box.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sat, 23 Sep 2023 10:54:55 +0000 (12:54 +0200)]
extrahd.cgi: Add support for LVM and MDADM devices
This commit adds support for using LVM and mdadm based RAID devices
for the CGI page.
In case one or more drives/partitions are used by such a "grouped"
volume they still will displayed on the page, but can not be
configured/used. Instead the "master" volume of which the
drive/partition is part of is shown in the "mountpoint" input box.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 28 Sep 2023 10:37:01 +0000 (12:37 +0200)]
libslirp: Add the slirp library as this is required for the net user backend in qemu
- Looking through some of the changelog and some mail list communications it looks like
qemu decided they did noty want to maintain their own bundled version of libslirp when
the majority of OS's had their own version now in place. Ubuntu 18.04 did not have
libslirp but qemu stopped supporting that version from qemu-7.1
- So it looks like all OS's have a standard libslirp available now and qemu have taken
the decision to no longer have their own version but to use the system version. That
was always possible to do if use of the system version was explicitly defined but
the default was to use the bundled version.
- No evidence that libslirp is deprecated.
- The last version of libslirp was released a year ago but it looks like every month or
so there are a couple of commits merged. The last was a month ago.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 28 Sep 2023 10:36:59 +0000 (12:36 +0200)]
qemu: Update to version 8.1.1 and add libslirp for net user backend
- Update from version 8.0.3 to 8.1.1
- In CU179 the update of qemu caused at least one user to have a problem starting his
qemu system as the qemu bundled slirp library used for the net user backend was removed
in version 7.2. Unfortunately no user tested qemu in the CU179 Testing phase, or if they
did they are not using the net user backend.
- This patch adds the --enable-slirp option to configure and installs libslirp in a
separate patch.
- I can't test if this now works as I don't use qemu anywhere.
- Changelog is too large to include here.
8.1
https://wiki.qemu.org/ChangeLog/8.1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 26 Sep 2023 14:07:01 +0000 (16:07 +0200)]
urlfilter.cgi: Fixes bug#10649 - calls urlfilterctrl with remove option if update disabled
- When the url filter update enable checkbox is unchecked then this patch calls
urlfilterctrl with the remove option added in the otrher patch of this series.
- Tested on my vm testbed that this change does remove the urlfilter symlink from the
fcron directories when the update is disabled.
Fixes: Bug#10649 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 26 Sep 2023 14:07:00 +0000 (16:07 +0200)]
urlfilterctrl: Fix bug#10649 - add option to remove urlfilter from fcron directories
- Currently if the urlfilter update is enabled then autoupdate.pl is renamed urlfilter and
added into either the daily, weekly or monthly fcron directoiries. If the update is
disabled then the urlfilter update script stays in the directory and is not removed.
- This patch adds in the option of remove to the urlfilterctrl program. The first part
of the urlfilterctrl.c code removes any existing symlinks so all that needs to be done
for the remove option is to not add any symlinks to the fcron directories.
- Confirmed in a vm testbed that the current approach leaves the symlink in place. Installed
the changes from this and the previous patch and confirmed that when the url update is
disabled the symlink is removed.
Fixes: Bug#10649 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 25 Sep 2023 16:41:56 +0000 (18:41 +0200)]
update.sh: Adds code to update an existing ovpnconfig with pass or no-pass
- The code checks first if ovpnconfig exists and is not empty.
- Then it makes all net2net connections no-pass since they do not use encryption
- Then it cycles through all .p12 files and checks with openssl if a password exists or not.
If a password is present then pass is added to index 41 and if not then no-pass is added
to index 41
- I had to add a blank line to the top of the ovpnconfig file otherwise the awk code
treated the first line as a blank line and missed it out of the update. This was the
problem that was discovered during the previous Testing Release evaluation.
Tested out this time with several existing entries both encrypted and insecure and with
additional entries of both added in afterwards and all connection entries were
maintained - road warrior and net2net.
- This code should be left in update.sh for future Core Updates in case people don't update
with Core Update 175 but leave it till later. This code works fine on code that already
has pass or no-pass entered into index 41 in ovpnconfig
Fixes: Bug#11048 Suggested-by: Erik Kapfer <ummeegge@ipfire.org> Suggested-by: Adolf Belka <adolf.belka@ipfire.org> Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 25 Sep 2023 16:41:55 +0000 (18:41 +0200)]
web-user-interface: Addition of new icon for secure connection certificate download
- This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png
- The license for this image is the following:-
This library is free software; you can redistribute it and/or modify it under the terms
of the GNU Lesser General Public License as published by the Free Software Foundation;
either version 2.1 of the License, or (at your option) any later version. This library
is distributed in the hope that it will be useful, but without any warranty; without
even the implied warranty of merchantability or fitness for a particular purpose. See
version 2.1 and version 3 of the GNU Lesser General Public License for more details.
- Based on the above license I believe it can be used by IPFire covered by the GNU General
Public License that is used for it.
- The icon image was made by taking the existing openvpn.png file and superimposing the
padlock icon on top of it as a 12x12 pixel format and naming it openvpn_encrypted.png
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 25 Sep 2023 16:41:51 +0000 (18:41 +0200)]
ovpnmain.cgi: Fix for bug#11048 - insecure download icon shown for connections with a password
- At long last I have re-visited the patch submission for bug #11048 and fixed the issues
that caused the problems last time I evaluated it in Testing.
- The insecure package download icon is shown if entry 41 in /var/ipfire/ovpn/ovpnconfig
is set to no-pass. The code block on ovpnmain.cgi that deals with this checks if the
connection is a host and if the first password entry is a null. Then it adds no-pass
to ovpnconfig.
- The same block of code is also used for when he connection is edited. However at this
stage the password entry is back to null because the password value is only kept until
the connection has been saved. Therefore doing an edit results in the password value
being taken as null even for connections with a password.
- This fix enters no-pass if the connection type is host and the password is null, pass if
the connection type is host and the password has characters. If the connection type is
net then no-pass is used as net2net connections dop not have encrypted certificates.
- The code has been changed to show a different icon for unencrypted and encrypted
certificates.
- Separate patches are provided for the language file change, the provision of a new icon
and the code for the update.sh script for the Core Update to update all existing
connections, if any exist, to have either pass or no-pass in index 41.
- This patch set was a joint collaboration between Erik Kapfer and Adolf Belka
- Patch set, including the code for the Core Update 180 update.sh script has been tested
on a vm testbed
Fixes: Bug#11048 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Suggested-by: Adolf Belka <adolf.belka@ipfire.org> Suggested-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.44/doc/arm/html/notes.html#notes-for-bind-9-16-44
Changes since 9.16.40:
9.16.44:
"Previously, sending a specially crafted message
over the control channel could cause the packet-parsing
code to run out of available stack memory, causing named
to terminate unexpectedly. This has been fixed. (CVE-2023-3341)"
9.16.43:
"Processing already-queued queries received over TCP could cause
an assertion failure, when the server was reconfigured at the
same time or the cache was being flushed. This has been fixed."
9.16.42:
"The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured max-cache-size
limit. (CVE-2023-2828)
A query that prioritizes stale data over lookup triggers a fetch
to refresh the stale data in cache. If the fetch is aborted for
exceeding the recursion quota, it was possible for named to enter
an infinite callback loop and crash due to stack overflow. This
has been fixed. (CVE-2023-2911)
Previously, it was possible for a delegation from cache to be
returned to the client after the stale-answer-client-timeout
duration. This has been fixed."
9.16.41:
"When removing delegations from an opt-out range, empty-non-terminal
NSEC3 records generated by those delegations were not cleaned up.
This has been fixed."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Security #6289: Crash in SMTP parser during parsing of email (6.0.x backport)
Security #6196: process exit in hyperscan error handling (6.0.x backport)
Security #6156: dcerpc: max-tx config parameter, also for UDP (6.0.x backport)
Bug #6285: community-id: Fix IPv6 address sorting not respecting byte order (6.0.x backport)
Bug #6248: Multi-tenancy: crash under test mode when tenant signature load fails (6.0.x backport)
Bug #6245: tcp: RST with data used in reassembly (6.0.x backport)
Bug #6236: if protocol dcerpc first packet type is Alter_context, it will not parse dcerpc (6.0.x backport)
Bug #6228: ips/af-packet: crash when copy-iface is the same as the interface (6.0.x backport)
Bug #6227: windows: lua script path truncated (6.0.x backport)
Bug #6226: Decode-events of IPv6 GRE are not triggered (6.0.x backport)
Bug #6224: base64: complete support for RFC2045 (6.0.x backport)
Bug #6220: Backport tenant_id conversion to uint32_t
Bug #6213: file.magic: rule reload can lead to crashes (6.0.x backport)
Bug #6193: smtp: Attachment not being md5 matched (6.0.x backport)
Bug #6192: smtp: use every byte to compute email.body_md5 (6.0.x backport)
Bug #6182: log-pcap: fix segfault on lz4 compressed pcaps (6.0.x backport)
Bug #6181: eve/alert: deprecated fields can have unexpected side affects (6.0.x backport)
Bug #6174: FTP bounce detection doesn't work for big-endian platforms (6.0.x backport)
Bug #6166: http2: fileinfo events log http2 object instead of http object as alerts and http2 do (6.0.x backport)
Bug #6139: smb: wrong offset when parse SMB_COM_WRITE_ANDX record (6.0.x backport)
Bug #6082: pcap: device reopen broken (6.0.x backport)
Bug #6068: pcap: memory leaks (6.0.x backport)
Bug #6045: detect: multi-tenancy leaks memory if more than 1 tenant registered (6.0.x backport)
Bug #6035: stream.midstream: if enabled breaks exception policy (6.0.x backport)
Bug #5915: rfb: parser returns error on unimplemented record types (6.0.x backport)
Bug #5794: eve: if alert and drop rules match for a packet, "alert.action" is ambigious (6.0.x backport)
Bug #5439: Invalid certificate when Issuer is not present.
Optimization #6229: Performance impact of Cisco Fabricpath (6.0.x backport)
Optimization #6203: detect: modernize filename fileext filemagic (6.0.x backport)
Optimization #6153: suricatasc: Gracefully handle unsupported commands (6.0.x backport)
Feature #6282: dns/eve: add 'HTTPS' type logging (6.0.x backport)
Feature #5935: ips: add 'master switch' to enable dropping on traffic (handling) exceptions (6.0.x backport)
Documentation #6234: userguide: add installation from Ubuntu PPA section (6.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
extrahd: use udev rule to mount extrahd partitions
the previous patches for
https://bugzilla.ipfire.org/show_bug.cgi?id=12863
introduce a new bug that slow devices are not mounted
at boot. So now udev calls the extrahd script with
the uuid.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Thu, 14 Sep 2023 17:45:12 +0000 (17:45 +0000)]
Tor: Do not attempt to establish connections via IPv6
To quote from the changelog of Tor 0.4.8.4:
o Minor feature (client, IPv6):
- Make client able to pick IPv6 relays by default now meaning
ClientUseIPv6 option now defaults to 1. Closes ticket 40785.
In order to avoid any malfunctions on IPFire installations,
set this option to "0" explicitly.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 14 Sep 2023 17:45:11 +0000 (17:45 +0000)]
Tor: Update to 0.4.8.5
Changes in version 0.4.8.5 - 2023-08-30
Quick second release after the first stable few days ago fixing minor
annoying bugfixes creating log BUG stacktrace. We also fix BSD compilation
failures and PoW unit test.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on August 30, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/08/30.
o Minor bugfix (NetBSD, compilation):
- Fix compilation issue on NetBSD by avoiding an unnecessary
dependency on "huge" page mappings in Equi-X. Fixes bug 40843;
bugfix on 0.4.8.1-alpha.
o Minor bugfix (NetBSD, testing):
- Fix test failures in "crypto/hashx" and "slow/crypto/equix" on
x86_64 and aarch64 NetBSD hosts, by adding support for
PROT_MPROTECT() flags. Fixes bug 40844; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (conflux):
- Demote a relay-side warn about too many legs to ProtocolWarn, as
there are conditions that it can briefly happen during set
construction. Also add additional set logging details for all
error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha.
- Prevent non-fatal assert stacktrace caused by using conflux sets
during their teardown process. Fixes bug 40842; bugfix
on 0.4.8.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 7 Sep 2023 17:30:15 +0000 (19:30 +0200)]
sdl2: Update to version 2.28.3
- Update from version 2.28.1 to 2.28.3
- Update of rootfile
- Changelog
2.28.3
This is a stable bugfix release, with the following changes:
Added a gamepad mapping for the G-Shark GS-GP702
Fixed touchpad events for the Razer Wolverine V2 Pro in PS5 mode
Fixed getting key events from TV remotes on Android
Updated to Android minSdkVersion 19 and targetSdkVersion 34 to meet Google
Play Store requirements
2.28.2
This is a stable bugfix release, with the following changes:
Fixed occasionally failing to open the clipboard on Windows
Fixed crash at shutdown when using the D3D11 renderer
Fixed setting the viewport when using the D3D12 renderer
Fixed crash using SDL event functions before initializing SDL on Windows
Fixed Xbox controller trigger motion events on Windows
Fixed Xbox controller rumble in the background on Windows
Added the hint SDL_HINT_JOYSTICK_WGI to control whether to use
Windows.Gaming.Input for controllers
Fixed 8BitDo gamepad mapping when in XInput mode on Linux
Fixed controller lockup initializing some unofficial PS4 replica controllers
Fixed video initialization on headless Linux systems using VNC
Fixed large mouse jump when changing relative mouse mode on macOS
Fixed hardware keyboard text input on iPadOS
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 7 Sep 2023 17:30:14 +0000 (19:30 +0200)]
samba: Update to version 4.19.0
- Update from version 2.18.5 to 2.19.0
- Update of rootfile for x86_64
- Changelog is too large to include here
4.19.0
See the WHATSNEW.txt file in the soiurce tarball
4.18.6
* BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
pointer.
* BUG 15430: Missing return in reply_exit_done().
* BUG 15289: post-exec password redaction for samba-tool is more reliable for
fully random passwords as it no longer uses regular expressions
containing the password value itself.
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
* BUG 15342: Spotlight sometimes returns no results on latest macOS.
* BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
attempted to remove the destination.
* BUG 15427: Spotlight results return wrong date in result list.
* BUG 15414: "net offlinejoin provision" does not work as non-root user.
* BUG 15400: rpcserver no longer accepts double backslash in dfs pathname.
* BUG 15433: cm_prepare_connection() calls close(fd) for the second time.
* BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
bad message_id 2.
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
* BUG 15390: Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation).
* BUG 15435: Regression DFS not working with widelinks = true.
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 7 Sep 2023 17:30:13 +0000 (19:30 +0200)]
procps: Update to version v4.0.4
- Update from version v4.0.3 to v4.0.4
- Update of rootfile
- Removal of patch to fix build failures with gettext-0.22 as this has been incorporated
into the source tarball.
- Changelog
procps-ng-4.0.4
* library (API & ABI unchanged)
increment revision: 0:2:0
tolerates all potential 'cpuinfo' formats issue #272
restore the proper main thread tics valuations issue #280
Remove myself from proc count merge #193
Refactor the escape code Debian #1035649
* free: -L one line output issue #156
* pgrep: Use only --signal option for signal Debian #1031765
* pgrep: suppress >15 warning if using regex Debian #1037450
* pidof: Add -t option to show threads merge #190
* pmap: Reset totals between processes issue #298
* ps: fixed missing or corrupted fields with -m option Debian #1036631, issue #279
* ps: Fix buffer overflow in -C option CVE-2023-4016 Debian #1042887, issue #297
* ps: Add --signames to show signal names in masks merge #98
* sysctl: -N show names merge #198, RH #2222056
* tests: dont compare floats with == issue #271
* tests: skips tests if maps missing merge #197, Gentoo #583036
* top: bad command line arguments yield EXIT_FAILURE issue #273
* top: avoids keystroke induced '%Cpu' distortions
* top: includes VM (guest) tics in 'system' overhead issue #274
* top: includes VM (guest) tics with '!' toggle merge #179
* top: lessen summary cpu distortions on first display merge #180
* top: better backspace handling wtth line edits issue #278
* vmstat: Print guest time in non-wide mode
* w: Fix musl UT_HOSTSIZE issue
* watch: Add color support at compile time issue #296
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 7 Sep 2023 17:30:12 +0000 (19:30 +0200)]
ncdu: Update to version 1.18.1
- Update from 1.17 to 1.18.1
- Update of rootfile not required
- Changelog
1.18.1 - 2023-02-12
- Fix build on non-Linux platforms
1.18 - 2022-12-06
- Fix 'dark-bg' color scheme to actually have a dark background
- Backport configuration file support from 2.x
- Backport many new CLI options from 2.x
- Negation of existing flags: --no-si, --no-confirm-quit, --no-follow-symlinks, --include-caches, --include-kernfs
- --[no-]extended in addition to -e
- --one-file-system and --cross-file-system in addition to -x
- --slow-ui-updates, --fast-ui-updates in addition to -q
- Column visibility options: --(show|hide)-(hidden|itemcount|mtime|graph|percent)
- Sorting: --sort, --[no-]group-directories-first
- Feature selection: --(enable|disable)-(shell|delete|refresh)
- Deletion confirmation: --[no-]confirm-delete
- Hidden file visibility: --show-hidden, --hide-hidden
- Size display: --apparent-size, --disk-usage
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 7 Sep 2023 17:30:10 +0000 (19:30 +0200)]
libnl-3: Update to version 3.8.0
- Update from 3.5.0 to 3.8.0
- Update of rootfile
- Changelog is no longer provided. Changes are available by reviewing the github commits
https://github.com/thom311/libnl/commits/main
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20221030-3.1 to 20230828-3.1
- Update of rootfile
- Changelog
2023-08-28 Jess Thrysoee
* src/chartype.c: Add missing stdint.h
Reported by Rui Chen
2023-08-27 Jess Thrysoee
* all: sync with upstream source
See also NetBSD changelog:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libedit
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 7 Sep 2023 17:30:08 +0000 (19:30 +0200)]
gzip: Update to version 1.13
- Update from version 1.12 to 1.13
- Update of rootfile not required
- Changelog
Noteworthy changes in release 1.13 (2023-08-19) [stable]
Changes in behavior
zless now diagnoses gzip failures, if using less 623 or later.
When SIGPIPE is ignored, gzip now exits with status 2 (warning)
instead of status 1 (error) when writing to a broken pipe. This is
more useful with programs like 'less' that treat gzip exit status 2
as a non-failure.
Bug fixes
'gzip -d' no longer fails to report invalid compressed data
that uses a dictionary distance outside the input window.
[bug present since the beginning]
Port to C23, which does not allow K&R-style function definitions
with parameters, and which does not define __alignas_is_defined.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 7 Sep 2023 17:30:06 +0000 (19:30 +0200)]
boost: Update to version 1_83_0
- Update from 1_81_0 to 1_83_0
- Update of rootfile for x86_64
- Changelog is a bit long to include here so providing links to the pages with changes
1_82_0
https://www.boost.org/users/history/version_1_82_0.html
1_83_0
https://www.boost.org/users/history/version_1_83_0.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 6 Sep 2023 13:41:59 +0000 (15:41 +0200)]
libgudev: Update to version 238
- Update from version 237 to 238
- Update of rootfile not required.
- With patches applied to eudev tarball, libgudev built without any problems. Testing
will need to focus on use of QMI to ensure that it executes with no problems with this
fix.
- Changelog
238:
* Fix newline stripping
* Add g_udev_device_get_current_tags()
* Add a number of tests, and devel docs
* Fix devhelp not being able to find the docs
* Skip locale test with locale isn't available
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 6 Sep 2023 13:41:58 +0000 (15:41 +0200)]
udev: Apply patches to update to version 251 and add dummies for current tags
- eudev-3.2.12 has udev version 243 and this causes the build of libgudev to fail as
it requires a newer version of udev.
- Just changing the version in eudev from 243 to 251 is insufficient as libgudev also
expects to see current tags which have been introduced in a more recent version of
systemd udev.
- Two patches applied from the eudev github issue #249 covering this problem.
- With the two patches applied libgudev built without any problems.
- Update to rootfile not required.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 5 Sep 2023 19:48:38 +0000 (21:48 +0200)]
bacula: Update to version 11.0.6
- Update from version 9.6.7 to 11.0.6
- Update of rootfile
- Ran find-dependencies for the sobump. All libraries are only linked into bacula
- All of the versions from 9.6.7 to 11.0.6 and up to 13.0.3 have no bug fixes relatred to
the bacula-fd daemon. With bacula-fd running on a separate machine to the bacula-dir and
bacula-sd daemons, older versions of bacula-fd will work with no bug issues with a newer
bacula-dir and bacula-sd.
- If we put a very new version of bacula-fd on IPFire then it will not work with older
versions of bacula-dir and bacula-sd.
- A new feature in the bacula 11 series is that communication between daemons will
automatically use TLS if OpenSSL is installed on the machines running bacula.
Therefore having a bacula 11 based bacula-fd on IPFire will automatically, with no user
configuration required, use TLS for communication to the IPFire bacula-fd from the other
bacula daemons on other machines.
- This has been shown to automatically work between the bacula-fd daemons on my laptop and
desktop machines and the bacula-dir/bacula-sd on my server machine.
Currently communication between mu bacula-dir/bacuila-sd daemons and the IPFire bacula-fd
daemon communication is still unencrypted.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Tue, 29 Aug 2023 08:52:39 +0000 (10:52 +0200)]
network initscripts: Remove code for old zone scheme
A long time ago (2007) there were more config types possible then 1, 2, 3
and 4. As our installer currently only accepts config type out of the set
1, 2, 3 and 4 we do not need to check if our CONFIG_TYPE is in this set.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Tue, 29 Aug 2023 08:52:38 +0000 (10:52 +0200)]
Use bash as shebang in network initscripts
/bin/sh is a symlink to /bin/bash on ipfire systems. Using /bin/sh in
the scripts as shebang hurts in two ways:
1. We use features which do not work with sh as shell. This is not
really a problem but if we rely on features of a real bash we can
state this clearly.
2. The syntay highlighting in vim does not work without a correct
shebang. As I want and need correct syntax highlighting I propose to
change the shebang.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 27 Aug 2023 10:17:36 +0000 (12:17 +0200)]
hwdata: Update pci.ids to version 2023-08-12 and usb.ids to version 2023-08-24
- Update pci.ids from version 2023-01-18 to 2023-08-12
- Update usb.ids from version 2023-01-16 to 2023-08-24
- Update of rootfile not required
- No changelog available.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 4 Sep 2023 16:52:31 +0000 (18:52 +0200)]
apcupsd: Make apcupsd link in services page access its apcupsd WUI menu.
- In the services WUI page any addon that has a WUI menu page defined, such as Samba,
Guardian etc, has the addon name shown in underlined red which is a link to the addon
cgi page. This works for the other addons as the addon cgi name is the same as the
addon name. I have identified that this is not the case for apcupsd, because the cgi
page is called upsstats.cgi
- This patch adjusts the cgi name to allow apcupsd to also be shown in underlined red.
- The lfs file copies the upsstats.cgi file to one named apcupsd.cgi
- The apcupsd menu file has the cgi name changed from upsstats.cgi to apcupsd.cgi
- The rootfile is updated to also include the apcupsd.cgi file with the others.
- Tested in my vm testbed by making the above changes in the code and the apcupsd addon
was then shown in underlined red, which acted as a link to the apcupsd status WUI page.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 31 Aug 2023 11:01:08 +0000 (13:01 +0200)]
xinetd: Update to version 2.3.15.4
- This is v2 version of this patch with the locations for the sysconf and binaries
corrected so that all files are in the same locations as they were with version 2.3.15
Added sysconfdir and bindir to the configure options to achieve this.
- Update from version 2.3.15 (2012) to 2.3.15.4 (2018)
- Update of rootfile.
- The original site for xinetd is no longer accessible.
- Version 2.3.15 was the last version from https://github.com/xinetd-org/xinetd
OpenSUSE have forked the repo and have provided 2.3.15.3 and 2.3.15.4 to collect a range
of patches together from openSUSE, Debian, Fedora, Gentoo etc.
Last bug fix was done on this github repo in Sep 2022 and the last commit in Oct 2022.
- This is as up to date as there is currently available.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 30 Aug 2023 14:17:40 +0000 (16:17 +0200)]
whois: Update to version 5.5.18
- Update from version 5.5.17 to 5.5.18
- Update of rootfile not required.
- Changelog
5.5.18
* Updated the .ga TLD server. (Closes: #1037288)
* Added new recovered IPv4 allocations.
* Removed the delegation of 43.0.0.0/8 to JPNIC.
* Removed 12 new gTLDs which are no longer active.
* Improved the man page source, courtesy of Bjarni Ingi Gislason.
(Closes: #1040613)
* Added the .edu.za SLD server.
* Updated the .alt.za SLD server.
* Added the -ru and -su NIC handles servers.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 30 Aug 2023 14:17:38 +0000 (16:17 +0200)]
tzdata: Update to version 2023c
- Update from version 2023b to 2023c
- Update of rootfile not required.
- Changelog
Release 2023c - 2023-03-28 12:42:14 -0700
Changes to past and future timestamps
Model Lebanon's DST chaos by reverting data to tzdb 2023a.
(Thanks to Rany Hany for the heads-up.)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 30 Aug 2023 14:17:37 +0000 (16:17 +0200)]
tshark: Update to version 4.0.8
- Update from version 3.6.3 to 4.0.8 covering 22 releases.
- Update of rootfile
- Ran find-dependencies due to sobump. Everything is linked to tshark files. No additional
bumping required.
- Changelog is too large to cover with 22 releases. For details see the release notes
page on the website - https://www.wireshark.org/docs/relnotes/
4.0.8 Four vulnerabilities fixed.
4.0.7 Two vulnerabilities fixed.
4.0.6 Nine vulnerabilities fixed.
4.0.5 Three vulnerabilities fixed.
4.0.4 One vulnerability fixed.
4.0.3 Seven vulnerabilities fixed.
Didn't check anymore. Based on above this package definitely needs to be regulalrly
updated as it is obviolusly susceptible to vulnerabilities.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 30 Aug 2023 14:17:36 +0000 (16:17 +0200)]
transmission: Update to version 4.0.4
- Update from version 4.0.3 to 4.0.4
- Update of rootfile not required.
- Changelog
Transmission 4.0.4
This is a bugfix-only release. Everyone's feedback on 4.0.x has been very helpful -- thanks for all the suggestions, bug reports, and pull requests!
What's New in 4.0.4
All Platforms
* Fixed bug in sending torrent metadata to peers. ([#5460](https://github.com/transmission/transmission/pull/5460))
* Avoid unnecessary heap memory allocations. ([#5520](https://github.com/transmission/transmission/pull/5520), [#5527](https://github.com/transmission/transmission/pull/5527))
* Fixed filename collision edge case when renaming files. ([#5563](https://github.com/transmission/transmission/pull/5563))
* Fixed locale errors that broke number rounding when displaying statistics, e.g. upload / download ratios. ([#5587](https://github.com/transmission/transmission/pull/5587))
* Always use a fixed-length key query in tracker announces. This isn't required by the [spec](https://www.bittorrent.org/beps/bep_0007.html), but some trackers rely on that fixed length because it's common practice by other BitTorrent clients. ([#5652](https://github.com/transmission/transmission/pull/5652))
* Fixed potential Windows crash when [getstdhandle()](https://learn.microsoft.com/en-us/windows/console/getstdhandle) returns `NULL`. ([#5675](https://github.com/transmission/transmission/pull/5675))
* Fixed `4.0.0` bug where the port numbers in LDP announces are sometimes malformed. ([#5825](https://github.com/transmission/transmission/pull/5825))
* Fixed a bug that prevented editing the query part of a tracker URL. ([#5871](https://github.com/transmission/transmission/pull/5871))
* Fixed a bug where Transmission may not announce LPD on its listening interface. ([#5896](https://github.com/transmission/transmission/pull/5896))
* Made small performance improvements in libtransmission. ([#5715](https://github.com/transmission/transmission/pull/5715))
macOS Client
* Updated code that had been using deprecated API. ([#5633](https://github.com/transmission/transmission/pull/5633))
Qt Client
* Fixed torrent name rendering when showing magnet links in compact view. ([#5491](https://github.com/transmission/transmission/pull/5491))
* Fixed bug that broke the "Move torrent file to trash" setting. ([#5505](https://github.com/transmission/transmission/pull/5505))
* Fixed Qt 6.4 deprecation warning. ([#5552](https://github.com/transmission/transmission/pull/5552))
* Fixed poor resolution of Qt application icon. ([#5570](https://github.com/transmission/transmission/pull/5570))
GTK Client
* Fixed missing 'Remove torrent' tooltip. ([#5777](https://github.com/transmission/transmission/pull/5777))
Web Client
* Don't show `null` as a tier name in the inspector's tier list. ([#5462](https://github.com/transmission/transmission/pull/5462))
* Fixed truncated play / pause icons. ([#5771](https://github.com/transmission/transmission/pull/5771))
* Fixed overflow when rendering peer lists and made speed indicators honor `prefers-color-scheme` media queries. ([#5814](https://github.com/transmission/transmission/pull/5814))
* Made the main menu accessible even on smaller displays. ([#5827](https://github.com/transmission/transmission/pull/5827))
transmission-cli
* Fixed "no such file or directory" warning when adding a magnet link. ([#5426](https://github.com/transmission/transmission/pull/5426))
* Fixed bug that caused the wrong decimal separator to be used in some locales. ([#5444](https://github.com/transmission/transmission/pull/5444))
transmission-remote
* Fixed display bug that failed to show some torrent labels. ([#5572](https://github.com/transmission/transmission/pull/5572))
Everything Else
* Ran all PNG files through lossless compressors to make them smaller. ([#5586](https://github.com/transmission/transmission/pull/5586))
* Fixed potential build issue when compiling on macOS with gcc. ([#5632](https://github.com/transmission/transmission/pull/5632))
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 30 Aug 2023 14:17:35 +0000 (16:17 +0200)]
traceroute: Update to version 2.1.2
- Update from version 2.1.0 to 2.1.2
- Update of rootfile not required.
- Updated ipfire traceroute patch.
- Changelog
2.1.2
* Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1
(Eric Dumazet, SF bug #14)
2.1.1
* Interpret ipv4-mapped ipv6 addresses (::ffff:A.B.C.D) as true ipv4.
There are no ipv4-mapped addresses in the real network which we
operate on, so use just ipv4 in such cases, but allow users
to specify it this way for convenience.
* Return back more robast poll(2) loop handling.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>