Adolf Belka [Sat, 21 Dec 2024 12:55:08 +0000 (13:55 +0100)]
rust: Update to version 1.83.0
- Update from version 1.67.0 to 1.83.0
- Update x86_64, aarch64 & riscv64 rootfiles
- This version of rust hasd the fix to ensure that ruby builds okay with aarch64 &
riscv64. This required a fix to be applied to the LLVM and then for the updated
LLVM to be built into rust. That has occurred with this version.
- Tested out the build on aarch64 and riscv64 and confirmed that ruby built without
any problems with this version of rust.
- The update of rust required a range of updates of other rust crates plus the
inclusion of new crates and the pinning of some crates to older versions. This patch
set includes all the rust crate changes.
- The download-rust-crate script results in source tarballs that have a Cargo.toml.orig
file included in them. This is not allowed in the rust building so the rust-rand file
which is used as a template for the rust crate script has been modified to remove
this .orig file so that the build can complete.
- With this updated version of rust the clamav addon can also now be updated and so is
also included in this patch set.
- There are 29 rust crate changes.
- Changelog is too large to include here. Details can be found at
https://releases.rs/docs/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:17 +0000 (18:51 +0200)]
samba: Modification to disable cups for samba build and install
- As discussed at IPFire conf call on 7th Oct
- disable cups for the samba configure stage
- Update of rootfiles
- Update of samba.cgi to remove the printing of a printer share into the samba
configuration file.
- Tested out on vm system. Installed samba with only avahi, perl-Parse-Yapp, perl-JSON
and wsdd as dependencies. Installed without any problems. Existing share was able
to be accessed without any problems and a new share was created and was also able
to be accessed without problems.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:16 +0000 (18:51 +0200)]
perl-Imager: Removal of all tiff related lines in rootfile
- With removal of libtiff, the perl-Imager rootfile has to have tiff related lines
removed.
- perl-Imager works without the tiff lines in place. Only no tiff images will be able
to be processed by perl-Imager but that is not required for its use in IPFire.
- Tested out creating an OpenVPN connection with OTP enabled and the OTP QR code was
produced and able to be viewed.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:15 +0000 (18:51 +0200)]
make.sh: All removed packages removed from make.sh
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:14 +0000 (18:51 +0200)]
qpdf: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:13 +0000 (18:51 +0200)]
poppler-data: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:12 +0000 (18:51 +0200)]
poppler: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:11 +0000 (18:51 +0200)]
openjpeg: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:10 +0000 (18:51 +0200)]
libtiff: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:09 +0000 (18:51 +0200)]
lcms2: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:08 +0000 (18:51 +0200)]
hplip: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:07 +0000 (18:51 +0200)]
gutenprint: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:06 +0000 (18:51 +0200)]
ghostscript: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:05 +0000 (18:51 +0200)]
foomatic: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:04 +0000 (18:51 +0200)]
epson-inkjet-printer-escpr: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:03 +0000 (18:51 +0200)]
cups-pdf: Removal of cups-pdf
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:02 +0000 (18:51 +0200)]
cups-filters: Removal of cups-filters
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:51:01 +0000 (18:51 +0200)]
cups: Removal of cups and associated packages
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 2 Jan 2025 16:29:26 +0000 (17:29 +0100)]
miniupnpc: revert the addition of this package due to transmission reversion
- As transmission has been reverted back to version 4.0.5 then miniupnpc is no longer
needed for building or runtime.
- This removes the minupnpc lfs and rootfile files. It also removes miniupnpc from
the make.sh file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 2 Jan 2025 16:29:25 +0000 (17:29 +0100)]
transmission: revert version back to 4.0.5
- Revert back from 4.0.6 to 4.0.5 due to a bug in 4.0.6 that has resulted in a variety
of torrent mirrors banning transmission-4.0.6
- The update from 4.0.5 to 4.0.6 did not have any security fixes in it so there is no
issue in moving backward to 4.0.5
- A fix has been created but it is unclear when (and if) version 4.0.7 will be released.
The fix has also been included in version 4.1.0 but this is still in beta development
form.
- Version 4.0.6 required minupnpc for building and run time. This reversion is also
removing miniupnpc in an associated patch in this patch set.
- No change required in the rootfile.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 27 Dec 2024 09:10:00 +0000 (09:10 +0000)]
Tor: Update to 0.4.8.13
Full changelog according to
https://gitlab.torproject.org/tpo/core/tor/-/blob/tor-0.4.8.13/ChangeLog :
Changes in version 0.4.8.13 - 2024-10-24
This is minor release fixing an important client circuit building (Conflux
related) bug which lead to performance degradation and extra load on the
network. Some minor memory leaks fixes as well as an important minor feature
for pluggable transports. We strongly recommend to update as soon as possible
for clients in order to neutralize this conflux bug.
o Major bugfixes (circuit building):
- Conflux circuit building was ignoring the "predicted ports"
feature, which aims to make Tor stop building circuits if there
have been no user requests lately. This bug led to every idle Tor
on the network building and discarding circuits every 30 seconds,
which added overall load to the network, used bandwidth and
battery from clients that weren't actively using their Tor, and
kept sockets open on guards which added connection padding
essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha;
o Minor feature (bridges, pluggable transport):
- Add STATUS TYPE=version handler for Pluggable Transport. This
allows us to gather version statistics on Pluggable Transport
usage from bridge servers on our metrics portal. Closes
ticket 11101.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on October 24, 2024.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2024/10/24.
o Minor bugfixes (memleak, authority):
- Fix a small memleak when computing a new consensus. This only
affects directory authorities. Fixes bug 40966; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (memory):
- Fix memory leaks of the CPU worker code during shutdown. Fixes bug
833; bugfix on 0.3.5.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 20 Dec 2024 10:04:05 +0000 (11:04 +0100)]
backup.pl: Fix Bug13799 - addon restore not working
- This fixes the existence check for the addon .ipf file from a check of existence
of a directory to a check of existence of a file.
Suggested-by: Bernhard Bitsch <bbitsch@ipfire.org> Tested-by: Bernhard Bitsch <bbitsch@ipfire.org> Fixes: Bug13799 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 21 Dec 2024 10:54:42 +0000 (10:54 +0000)]
make.sh: Explicitely check the source tarballs
The Makefiles do not automatically perform the check that I expected
them to perform when running a build. They check if the source tarballs
are all present, but they don't check whether they match the checksum.
This is only being done when "./make.sh downloadsrc" is being run.
In case of the automated builds, we explicitely run "./make.sh
downloadsrc", so I don't think that this might have introduced any
malicious source into the published builds.
Reported-by: Stephen Cuka <stephen@firemypi.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 20 Dec 2024 11:40:02 +0000 (12:40 +0100)]
libyajl: Removal of addon as no longer required by libvirt
- libyajl is no longer being used by libvirt. libvirt now uses json-c which is a core
package in IPFire. libyajl was stopped being used as it had not been updated and
is considered effectively dead upstream.
- lfs, rootfile and libyajl entry in make.sh removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 20 Dec 2024 11:40:01 +0000 (12:40 +0100)]
libvirt: Update to version 10.10.0
- Update from version 10.7.0 to 10.10.0
- Update of rootfile
- version 10.7.0 had a change in it which meant that the script friendly output of
``virsh list --uuid`` was replaced. This change was reverted in version 10.8.0
- In version 10.8.0 libyajl was replaced by json-c for JSON parsing and formatting.
Therefore this patch set also removes libyajl from IPFire as it is no longer
required.
- Changelog
10.10.0
New features
* qemu: add multi boot device support on s390x
For classical mainframe guests (i.e. LPAR or z/VM installations), you
always have to explicitly specify the disk where you want to boot from (or
"IPL" from, in s390x-speak -- IPL means "Initial Program Load").
In the past QEMU only used the first device in the boot order to IPL from.
With the new multi boot device support on s390x that is available with QEMU
version 9.2 and newer, this limitation is lifted. If the IPL fails for the
first device with the lowest boot index, the device with the second lowest
boot index will be tried and so on until IPL is successful or there are no
remaining boot devices to try.
Limitation: The s390x BIOS will try to IPL up to 8 total devices, any
number of which may be disks or network devices.
* qemu: Add support for versioned CPU models
Updates to QEMU CPU models with -vN suffix can now be used in libvirt just
like any other CPU model.
* qemu: Support for the 'data-file' QCOW2 image feature
The QEMU hypervisor driver now supports QCOW2 images with 'data-file'
feature present (both when probing form the image itself and when specified
explicitly via ``<dataStore>`` element). This can be useful when it's
required to keep data "raw" on disk, but the use case requires features
of the QCOW2 format such as incremental backups.
* swtpm: Add support for profiles
Upcoming swtpm release will have TPM profile support that allows to
restrict a TPM's provided set of crypto algorithms and commands. Users can
now select profile by using ``<profile/>`` in their TPM XML definition.
Improvements
* qemu: Support UEFI NVRAM images on block storage
Libvirt now allows users to use block storage as backend for UEFI NVRAM
images and allows them to be in format different than the template. When
qcow2 is used as the format, the images are now also auto-populated from the
template.
* qemu: Automatically add IOMMU when needed
When domain of 'qemu' or 'kvm' type has more than 255 vCPUs IOMMU with EIM
mode is required. Starting with this release libvirt automatically adds one
(or turns on the EIM mode if there's IOMMU without it).
* ch: allow hostdevs in domain definition
The Cloud Hypervisor driver (ch) now supports ``<hostdev/>``-s.
* ch: Enable callbacks for ch domain events
The Cloud Hypervisor driver (ch) now supports emitting events on domain
define, undefine, start, boot, stop and destroy.
Bug fixes
* qemu: Fix reversion and inactive deletion of internal snapshots with UEFI
NVRAM. In `v10.9.0 (2024-11-01)`_ creation of internal snapshots of VMs
with UEFI firmware was allowed, but certain operations such as reversion
or inactive deletion didn't work properly as they didn't consider the
NVRAM qcow2 file.
* virnetdevopenvswitch: Warn on unsupported QoS settings
For OpenVSwitch vNICs libivrt does not set QoS directly using 'tc' but
offloads setting to OVS. But OVS is not as feature full as libvirt in this
regard and setting different 'peak' than 'average' results in vNIC always
sticking with 'peak'. Produce a warning if that's the case.
10.9.0
New features
* qemu: zero block detection for non-shared-storage migration
Users can now request that all-zero blocks are not transferred when migrating
non-shared disk data without actually enabling zero detection on the disk
itself. This allows sparsifying images during migration where the source
has no access to the allocation state of blocks at the cost of CPU overhead.
This feature is available via the ``--migrate-disks-detect-zeroes`` option
for ``virsh migrate`` or ``VIR_MIGRATE_PARAM_MIGRATE_DISKS_DETECT_ZEROES``
migration parameter. See the documentation for caveats.
Improvements
* qemu: internal snapshot improvements
The qemu internal snapshot handling code was updated to use modern commands
which avoid the problems the old ones had, preventing use of internal
snapshots on VMs with UEFI NVRAM. Internal snapshots of VMs using UEFI are
now possible provided that the NVRAM is in ``qcow2`` format.
The new code also allows better control when deleting snapshots. To prevent
possible regressions no strict checking is done, but in case inconsistent
state is encountered a log message is added::
warning : qemuSnapshotActiveInternalDeleteGetDevices:3841 : inconsistent
internal snapshot state (deletion): VM='snap' snapshot='1727959843'
missing='vda ' unexpected='' extra=''
Users are encouraged to report any occurence of the above message along
with steps they took to the upstream tracker.
* qemu: improve documentation of image format settings
The documentation of the various ``*_image_format`` settings in ``qemu.conf``
imply they can only be used to control compression of the image. The
documentation has been improved to clarify the settings describe the
representation of guest memory blocks on disk, which includes compression
among other possible layouts.
* Report CPU model blockers in domain capabilities
When a CPU model is reported as usable='no' an additional
``<blockers model='...'>`` element is added for that CPU model listing
features required by the CPU model, but not supported on the host.
10.8.0
Improvements
* network: make networks with ``<forward mode='open'/>`` more useful
It is now permissable to have a ``<forward mode='open'>`` network that
has no IP address assigned to the host's port of the bridge. This
is the only way to create a libvirt network where guests are
unreachable from the host (and vice versa) and also 0 firewall
rules are added on the host.
It is now also possible for a ``<forward mode='open'/>`` network to
use the ``zone`` attribute of ``<bridge>`` to set the firewalld zone of
the bridge interface (normally it would not be set, as is done
with other forward modes).
* storage: Lessen dependancy on the ``showmount`` program
Libvirt now automatically detects presence of ``showmount`` during runtime
as we do with other helper programs and also the
``daemon-driver-storage-core`` RPM package now doesn't strongly depend on it
if the users wish for a more minimal deployment.
* Switch from YAJL to json-c for JSON parsing and formatting
The parser and formatter in the libvirt library, as well
as the parsers in the nss plugin were rewritten to use json-c
instead of YAJL, which is effectively dead upstream.
* Relax restrictions for memorytune settings
It should now be possible to use resctrl on AMD CPUs as well as Intel CPUs
when the resctrl filesystem is mounted with ``mba_MBps`` option.
Bug fixes
* virsh: Fix script-friedly output of ``virsh list --uuid``
The script-friendly output of just 1 UUID per line was mistakenly replaced
by the full human-targetted table view full of redundant information
and very hard to parse. Users who wish to see the UUIDs in the tabular
output need to use ``virsh list --table --uuid`` as old behaviour was
reverted.
Note that this also broke the ``libvirt-guests`` script. The bug was
introduced in `v10.7.0 (2024-09-02)`_.
* network/qemu: fix some cases where ``device-update`` of a network
interface was failing:
* If the interface was connected to a libvirt network that was
providing a pool of VFs to be used with macvtap passthrough
mode, then *any* update to the interface would fail, even
changing the link state. Updating (the updateable parts of) a
macvtap passthrough interface will now succeed.
* It previously was not possible to move an interface from a Linux
host bridge to an OVS bridge. This (and the opposite direction)
now works.
* qemu: backup: Fix possible crashes when running monitoring commands during
backup job The qemu monitor code was fixed to not crash in specific cases
when monitoing APIs are called during a backup job.
* Fix various memleaks and overflows
Multiple memory leaks and overflows in corner cases were fixed based on
upstream issues reported.
* network: Better cleanup after disappeared networks
If a network disappeared while virtnetworkd was not running not all clean up
was done properly once the daemon was started, especially when only the
network interface disappeared. This could have in some cases resulted in
the network being shown as inactive, but not being able to start.
* qemu: Remember memory backing directory for domains
If ``memory_backing_dir`` is changed during the lifetime of a domain with
file backed memory, files in the old directory would not be cleaned up once
the domain is shut down. Now the directory that was used during startup is
remembered for each running domain.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Robin Roevens [Tue, 5 Nov 2024 22:36:18 +0000 (23:36 +0100)]
zabbix_agentd: Add IPS throughput and guardian blocked IP count items
- Adds Zabbix Agent userparameter `ipfire.ips.throughput.get` for the agent to get details about IPS throughput bypassed/scanned/whitelisted in bytes (JSON)
- Adds Zabbix Agent userparameter `ipfire.guardian.blocked.count` for the agent to get the number of currently blocked IP's by Addon: Guardian.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 14 Dec 2024 12:49:04 +0000 (13:49 +0100)]
fr.pl: Update to French translations for the optionsfw.cgi page
Reported-by: Phil SCAR <p27m@orange.fr> Fixes: Bug13800 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Wed, 11 Dec 2024 16:33:21 +0000 (17:33 +0100)]
monit: Update to 5.34.3
For details see:
https://mmonit.com/monit/changes/
"Fixed: If the ping statement did not explicitly specify an outgoing
address but a previous ping statement did, the same address was
shared by both statements.
Fixed: Monit may crash upon stopping if the ping statement is used
in conjunction with the address option.
Fixed: If a directory is set in the allow option of the set httpd
statement, instead of a file or string, Monit hangs on startup."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 11 Dec 2024 11:51:44 +0000 (12:51 +0100)]
en.pl: Update the wording for the check on the CA Name for upload
- This changes the wording to allowing characters and spaces.
Fixes: Bug10595 part 2 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 11 Dec 2024 11:51:43 +0000 (12:51 +0100)]
vpnmain.cgi: Fix for 2nd part of bug10595
- Bug10595 had two parts in it and was closed after the first part was fixed. The second
part was still unfixed at that time. I cam across it when checking out an open bug on
a similar issue with OpenVPN.
- I found the section that checks on the CA Name and modified it to also allow spaces.
- Having modified that then the subroutines getsubjectfromcert and getCNfromcert required
to have quotation marks put around the parameter that had the CA Name with spaces in it
otherwise the openssl statement only got a filename with the first portion of the ca
name until the first space was encountered.
- Tested this change out on my vm and it worked fine. I was able to upload a ca
certificate into IPSec and use spaces in the CA Name.
Fixes: Bug10595 part 2 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 10 Dec 2024 14:11:21 +0000 (15:11 +0100)]
samba: Update to version 4.21.2
- Update from version 4.21.0 to 4.21.2
- Update of the rootfiles for x86_64, aarch64 & riscv64
- Version 4.21.0 mentioned that LDB is no longer available to build as a distinct
tarball. However version 4.21.0 previously built without any problem so it looks like
it was still available. Now with version 4.21.2 the lmdb package needs to be available
or you have to disable all ldb options. As these options were uncommented in the
previous versions of samba, it looks like they are intended to be present. To make
this version support in the same way the lmdb package had to be moved so it was built
before samba is built. Hence the shift of lmdb in make.sh
- Changelog
4.21.2
* BUG 15732: smbd fails to correctly check sharemode against OVERWRITE
dispositions.
* BUG 15754: Panic in close_directory.
* BUG 15752: winexe no longer works with samba 4.21.
* BUG 14356: protocol error - Unclear debug message "pad length mismatch" for
invalid bind packet.
* BUG 15425: NetrGetLogonCapabilities QueryLevel 2 needs to be implemented.
* BUG 15740: gss_accept_sec_context() from Heimdal does not imply
GSS_C_MUTUAL_FLAG with GSS_C_DCE_STYLE.
* BUG 15749: winbindd should call process_set_title() for locator child.
* BUG 15320: Update CTDB to track all TCP connections to public IP addresses.
4.21.1
* BUG 15624: DH reconnect error handling can lead to stale sharemode entries.
* BUG 15695: "inherit permissions = yes" triggers assert() in vfs_default
when creating a stream.
* BUG 15715: Samba 4.21.0 broke FreeIPA domain member integration.
* BUG 15692: Missing conversion for msDS-UserTGTLifetime, msDS-
ComputerTGTLifetime and msDS-ServiceTGTLifetime on "samba-tool
domain auth policy modify".
* BUG 15280: irpc_destructor may crash during shutdown.
* BUG 15624: DH reconnect error handling can lead to stale sharemode entries.
* BUG 15649: Durable handle is not granted when a previous OPEN exists with
NoOplock.
* BUG 15651: Durable handle is granted but reconnect fails.
* BUG 15708: Disconnected durable handles with RH lease should not be purged
by a new non conflicting open.
* BUG 15714: net ads testjoin and other commands use the wrong secrets.tdb in
a cluster.
* BUG 15726: 4.21 using --with-system-mitkrb5 requires MIT krb5 1.16 as rfc
8009 etypes are used.
* BUG 15730: VFS_OPEN_HOW_WITH_BACKUP_INTENT breaks shadow_copy2.
* BUG 15643: Samba 4.20.0 DLZ module crashes BIND on startup.
* BUG 15721: Cannot build libldb lmdb backend on a build without AD DC.
* BUG 15706: Consistent log level for sighup handler.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 10 Dec 2024 13:23:55 +0000 (14:23 +0100)]
suricata.yaml: Fix bug13646 - Adjust the include syntax to use array format
- Suricata-8.x will only accept include statements in array format and not in multiple
single lines. Suricata-7.x still accepts the multiple single lines but flags up that
the format is deprecated and will be removed in suricata-8.x
- This patch adjusts the address-groups include into the array format.
- This change has been tested out on my vm and the IPS started up and from the logs you
can see that all the include files were taken on board and the derprecation message
is no longer shown.
- This change can be implemented with Suricata-7.x and will make sure that IPFire has
the include syntax that Suricata-8.x will require.
Fixes: Bug13646 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 9 Dec 2024 11:42:51 +0000 (12:42 +0100)]
update.sh: Remove the lines related to FEODO_RECOMMENDED
- This removes the lines related to removing any time entries in the modified file for
FEODO_RECOMMENDED.
- This also removes the lines realted to removing the blocklists for the
FEODO_RECOMMENDED sources from the /var/lib/ipblocklist directory.
- This patch will ensure that FEODO_RECOMMENDED stays in place if it was being used.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 9 Dec 2024 11:42:50 +0000 (12:42 +0100)]
sources: Replacement of Feodo Recommended Tracker list to ipblocklist sources file
- FEODO_RECOMMENDED list is still being updated but the number of events can be very
low. However as it is still active then it has been added back in as discussed in
the Dev Conf Call on Nov 4th.
- FEODO_IP list covers any IP that has been detected as a botnet in the last 30 days.
This could lead to false positives if the botnet has been fixed within one day of
being detected. So it was agreed that this list would stay removed.
- FEODO_AGGRESSIVE list contains all IP's that havce ever been detected as botnets since
the list was started. It is not intended to be used for blocking as it would have a
huge false positive effect. This list will also stay removed as it should not have
been included originally.
- This patch set adds back in the FEODO_RECOMMENDED list into the sources file and in the
associated patch for the update.sh file removes the lines that removed the files
related to FEODO_RECOMMENDED.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 3460100 to 3470200
- Update of rootfile not required
- Changelog 3470200
Fix a problem in text-to-floating-point conversion for SQLite that can cause
values between '1.8446744073709550592eNNN' and '1.8446744073709551609eNNN'
for any exponent NNN to be rendered incorrectly. In other words, some numeric
text values where the first 16 significant digits are '1844674407370955'
might be converted into the wrong floating-point value. See forum thread 569a7209179a7f5e. This problem only arises on x64 and i386 hardware. The
problem was introduced in 3.47.0.
Other minor bug fixes. 3470100
Fix the makefiles so that they once again honored DESTDIR for the "install"
target.
Add the SQLITE_IOCAP_SUBPAGE_READ capability to the VFS, to work around issues
on some non-standard VFSes caused by making SQLITE_DIRECT_OVERFLOW_READ the
default in version 3.45.0.
Fix problems with line endings in the new sqlite3_rsync.exe utility on Windows.
Fix incorrect answers to certain obscure IN queries caused by new query
optimizations added in the 3.47.0 release.
Other minor bug fixes. 3470000
Allow arbitrary expressions in the second argument to the RAISE function.
If the RHS of the ->> operator is negative, then access array elements counting
from the right.
Fix a problem with rolling back hot journal files in the seldom-used
unix-dotfile VFS.
FTS5 tables can now be dropped even if they use a non-standard tokenizer that
has not been registered.
Fix the group_concat() aggregate function so that it returns an empty string,
not a NULL, if it receives a single input value which is an empty string.
Enhance the generate_series() table-valued function so that it is able to
recognize and use constraints on its output value.
Preupdate hooks now recognize when a column added by ALTER TABLE ADD COLUMN has
a non-null default value.
Performance optimizations:
Improved reuse of subqueries associated with the IN operator, especially
when the IN operator has been duplicated due to predicate push-down.
Use a Bloom filter on subqueries on the right-hand side of the IN operator,
in cases where that seems likely to improve performance.
Ensure that queries like "SELECT func(a) FROM tab GROUP BY 1" only invoke
the func() function once per row.
No attempt is made to create automatic indexes on a column that is known to
be non-selective because of its use in other indexes that have been
analyzed.
Adjustments to the query planner so that it produces better plans for star
queries with a large number of dimension tables.
Add the "order-by-subquery" optimization, that seeks to disable sort
operations in outer queries if the desired order is obtained naturally due
to ORDER BY clauses in subqueries.
The "indexed-subtype-expr" optimization strives to use expressions that are
part of an index rather than recomputing the expression based on table
values, as long as the query planner can prove that the subtype of the
expression will never be used.
Miscellaneous coding tweaks for faster runtimes.
Enhancements to SQLite-related command-line programs:
Add the experimental sqlite3_rsync program.
Add extension functions median(), percentile(), percentile_cont(), and
percentile_disc() to the CLI.
Add the .www dot-command to the CLI.
The sqlite3_analyzer utility now provides a break-out of statistics for
WITHOUT ROWID tables.
The sqldiff utility avoids creating an empty database if its second
argument does not exist.
Enhance the sqlite_dbpage table-valued function such that INSERT can be used to
increase or decrease the size of the database file.
SQLite no longer makes any use of the "long double" data type, as hardware
support for long double is becoming less common and long double creates
challenges for some compiler tool chains. Instead, SQLite uses Dekker's
algorithm when extended precision is needed.
The TCL Interface for SQLite supports TCL9. Everything probably still works for
TCL 8.5 and later, though this is not guaranteed. Users are encouraged to
upgrade to TCL9.
JavaScript/WASM:
Fix a corruption-causing bug in the JavaScript "opfs" VFS.
Correct "mode=ro" handling for the "opfs" VFS.
Work around a couple of browser-specific OPFS quirks.
FTS5 Changes:
Add the fts5_tokenizer_v2 API and the locale=1 option, for creating custom
locale-aware tokenizers and fts5 tables that may take advantage of them.
Add the contentless_unindexed=1 option, for creating contentless fts5
tables that store the values of any UNINDEXED columns persistently in the
database.
Allow an FTS5 table to be dropped even if it uses a custom tokenizer whose
implementation is not available.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 6 Dec 2024 16:44:14 +0000 (16:44 +0000)]
connections.cgi: Fix colour of destination country
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 6 Dec 2024 16:42:17 +0000 (16:42 +0000)]
initscripts: readhash: Fix handling = signs
The function expected that a line only contains exactly one equals sign
(=) which is not fit for purpose. In the WireGuard code we hold key
material that is encoded in base64 and therefore contains padding that
uses =.
This patch fixes that we expect exactly one equals sign immediately
after the key and we will then accept more = in the value - which was
already permitted.
Furthermore, this patch fixes the splitting if the key and value at the
first =.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:16:46 +0000 (14:16 +0100)]
libtalloc: Update to version 2.4.2 plus moved before cifs-utils
- Update from version 2.4.1 to 2.4.2
- Update of rootfile
- Moved to before cifs-utils in make.sh as now a required dependency for cifs-utils
- The last changelog is recorded in the sourcde tarball is from 2007 and I have been
unable to find anywhere where the changes can be identified. So updated on the
principle of having the latest version and both samba and cifs-utils now require it.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:16:45 +0000 (14:16 +0100)]
cifs-utils: Update to version 7.1
- Update from version 7.0 to 7.1
- Update of rootfile not required
- libtalloc now required as a build and run-time dependency for cifs-utils
- Changelog
7.1
LDAP Ping capability
smbinfo adds gettconinfo command
Various improvements to man pages
Detailed list of changes since 7.0 was released: 0fae4c7 cifs-utils: bump version to 7.1 2cd7b1f cifs: update documentation for sloppy mount option 9918019 docs: add closetimeo description c4c30b5 docs: add compress description 454870a checkopts: update it to work with latest kernel version 465f213 cifs-utils: add documentation for multichannel and max_channels b3fe25c cifs-utils: smbinfo: add gettconinfo command c6bf4d9 Implement CLDAP Ping to find the closest site 4718e09 (for-next) mount.cifs.rst: update section about xattr/acl support e7ec003 mount.cifs.rst: add missing reference for sssd 3870f5b getcifsacl, setcifsacl: add missing <endian.h> include for le32toh c8ec7d1 getcifsacl, setcifsacl: add missing <linux/limits.h> include
for XATTR_SIZE_MAX 25d6552 cifs-utils: Make automake treat /sbin as exec, not data dac3301 pam_cifscreds: fix warning on NULL arg passed to %s in
pam_syslog() 7314638 cifs.upcall: fix UAF in get_cachename_from_process_env() ef0d95e cifs-utils: add documentation for acregmax and acdirmax 2260c0d setcifsacl: Fix uninitialized value. 1eee8e8 Use explicit "#!/usr/bin/python3"
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:15:46 +0000 (14:15 +0100)]
dnsdist: Update to version 1.9.7
- Update from version 1.9.6 to 1.9.7
- Update of rootfilke not required
- Changelog
1.9.7
New Features
Add a FFI accessor to incoming proxy protocol values
References: #14664, pull request 14716
Improvements
Update Quiche to 0.22.0 (in our packages)
References: pull request 14647
Update the Rust version we use in our packages to 1.78
References: pull request 14695
Fix build with boost 1.86.0
References: #14562, pull request 14638
Stop reporting timeouts in topSlow(), add topTimeouts()
References: #14568, pull request 14641
Fix compilation with GCC 15 (Holger Hoffstätte)
References: #14549, pull request 14645
Add warnings about large values passed to setMaxTCPClientThreads
References: pull request 14646
Bug Fixes
Disable eBPF filtering on QUIC (DoQ, DoH3) sockets
References: #14736, pull request 14740
Fix handling of proxy protocol payload outside of TLS for DoT
References: #14631, pull request 14639
Prevent a data race in incoming DNS over TLS connections by storing the
OpenSSLTLSIOCtx in the connection
References: pull request 14677
Return a valid unix timestamp for Dynamic Block’s until
References: #14552, pull request 14643
Fix EDNS flags confusion when editing the OPT header
References: #14548, pull request 14644
Handle a nonexistent default pool when removing a server
References: pull request 14640
Add EDNS to responses generated from raw record data
References: pull request 14730
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:15:45 +0000 (14:15 +0100)]
aws-cli: Update to version 1.36.15
- Update from version 1.27.100 to 1.36.15 (398 update versions between thgese two)
- Update of rootfile not required
- Changelog is around 4,500 lines long so not suitable to include here. Changes can
be found in the CHANGELOG.rst file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:15:44 +0000 (14:15 +0100)]
amazon-ssm-agent: Update to version 3.3.1345.0
- Update from version 3.2.582.0 to 3.3.1345.0
- Update of rootfile not required
- Changelog
3.3.1345.0
Revert "Update configurePackage to use fixed download method"
Revert "Use a single syscall for route table for health check IP"
3.3.13110.0
Add alternative to wmic to support Windows 2025
Add armv7 architecture support for greengrass component
Add support in ssm-setup-cli for standalone installation in on-premises environments
Fail ssm-setup-cli install command if agent config is not loadable
Implement S3 ownership verification as an optional parameter for plugins
Mark Session task as cancelled when MGS indicates that session is over
Update configurePackage to use fixed download method
Update Docker Engine version and use system environment variables in installation path
Update GreenGrass component minor version to 1.3.1
3.3.1230.0
Revert compatibility hook for future Windows versions as it increased CPU consumption for document execution on Windows.
Revert Increase RunCommand timeout during the registration process for the on-prem instances
3.3.1142.0
Fail windows update when installed version does not match
Reduced length of IMDS errors to shorter format
Increase the RunCommand timeout during the registration process for the on-prem instances
Add nil check when calling GetRepository content in aws:downloadContent
Worker process to exit if they are not successfully started and became idle
Fix bug where unforeseen failures cause time to be incorrectly displayed in RunCommand
Update GreenGrass component minor version to 1.3.0
Ensure agent thread always exit after the corresponding worker process exits
Fix IPC file filtering bug where usernames or session names containing tmp causes agent worker to not correctly receive IPC
Load directly from appconfig file when calling UpdateInstanceInformation during credential refresher
Use a single syscall for route table for health check IP
3.3.987.0
Update default session logging destination to none
Specify a minimum of TLS v1.2 in http client calls
Add web-socket heartbeat to detect connection drops in the web-socket for control and data channels sooner
Use exponential retry for document worker, increase retry interval and attempt count when reading IPC files
Add wait for cloud-init in the agent updater
Fix timeouts for update without yum endpoint connectivity
Change in orchestration directory removal process to reduce disk space usage
Fix Inventory detailed information invalid value check
Fix parsing issue with DomainJoin Plugin
Modify DomainJoin Plugin to use Kerberos REALM in username for RHEL and variants
Change the SUSE linux zypper commands to quiet mode for the DomainJoin Plugin
Move high volume info logs to debug level
Remove deprecated go coverage library (golang.org/x/tools/cmd/cover)
Add lock on session orchestration cleanup to prevent quadratic file system lookup for large volume session users
Upgrade GoLang to version 1.22.7
3.3.859.0
Updated snapcraft.yml specification
3.3.808.0
Add enhancements related to KMS sessions
Add support for RHEL 8.10 & 9.4
Allow in-place upgrade for hybrid distributor packages
Fix idempotency not found error during agent startup
Fix bug that could cause unexpected behavior during parameter replacement in document
Gather metrics during agent version validation in Windows agent update
Make long sleep for onprem same as long sleep for EC2, and cap sleep time at 30 minutes for OnPrem instances
Migrated snap package builder from core18 to core22
Parse version from OS release file correctly when contains special chars
Suppress logs from the go-routine that checks the session manager's orchestration directory
Update go git dependency to v5.12.0
Update seelog config to have default time format with Milliseconds
Update TMP/TEMP env variable during windows installer launch in Updater
Upgrade GoLang to version 1.21.12
3.3.551.0
Agent updater attempts yum install/uninstall before falling back to attempt with rpm
Updated golang.org/x/net from v0.19.0 to v0.26.0
Upgrade GoLang to version 1.21.11
Add IPv6 addresses for NTP and EC2Config to default DenyList
Update Distributor to only use Systems Manager APIs to fetch package contents
3.3.484.0
Update SSM-Setup-CLI logs related to checksum validation of latest version
3.3.418.0
Upgrade go-github version from v8 to v61
Increase timeouts in SSM-Setup-CLI
Fix darwin build issue in SSM-Setup-CLI
Fix the command builder bug to handle space char in input value
Fix an inaccurate log when validating allowDowngrade parameter during Agent update
Signing SSM Agent vended Windows executables
3.3.380.0
Update AWS GO SDK to v1.51.20
3.3.337.0
Remove yum as package manager in linux install/uninstall script
Verify TrustedInstaller status before posting WindowsUpdate information in aws:softwareInventory plugin
3.3.217.0
Add alternative outputs for agent package generation scripts
Add support for Oracle 8.8 & 8.9, Rocky 8.8 & 8.9, AlmaLinux 8.8 & 8.9, and RHEL 8.9 & 9.3
Fix flaky integration test
Fix setup-cli error code for non English systems
Set IPR creds expiry to 30 mins for ssm agent worker
Switch installer package manager from rpm to yum on OSes that support yum
Upgrade GoLang to version 1.21.8
3.3.131.0
Add integration tests for control channel and data channel module
Remove data channel and control channel acknowledgement functionality in MGS Interactor
3.3.40.0
Fix issue to execute aws:updateSSMAgent plugin through aws:rundocument plugin
Update Messaging module to switch off ec2messages when ssmmessages connected successfully
Update SSM Agent Minor version from 3.2 to 3.3
3.2.2303.0
Add integration tests for control channel module
Revert data channel and control channel acknowledgement functionality in MGS Interactor
Update Greengrass component minor version to 1.2.4
3.2.2222.0
Upgrade minimum go version in go.mod file to go 1.19
Upgrade go-git package to v5.11.0
Fix for bad default manifest url when updating EC2Config
3.2.2143.0
Fixed plugin path traversal logic
Updated aws:application plugin default param
Fixed default param in psmodule
Upgraded GoLang to version 1.21.5
3.2.2086.0
Added Agent config to configure session logs destination
Added data channel acknowledgement functionalities
Added redirect handler and timeout for HTTP client
Added steps to verify aws-cli installation for domainJoin plugin
Added support for Ubuntu 23.04, Debian 11.7 & 12, and SUSE 15.5
Adjusted random number generator logic used to get filename in downloadContent plugin
Fixed Agent to gather application inventory from both rpm and dpkg package managers if present in Unix instances
Bump golang.org/x/crypto/ssh from 0.14.0 to 0.17.0
3.2.2016.0
Added telemetry for agent core in-proc executor usage
Added retries for Agent installation with snap on Greengrass
Added code to update Agent config to use only Onprem Identity in Greengrass
Added support for macOS 14 (Sonoma)
Added Onprem registration support using ssm-setup-cli
Fixed docker installation issues in aws:configureDocker plugin
Fix for document worker and session worker not logging when custom seelog configuration missing parameters
Updated allowed regex pattern in S3 URI
Update Agent IoT Greengrass component minor version
Updated SUSE version in Seamless Domain Join script
Updated Greengrass component workflow to get installed Agent version and update Agent only when the installed Agent version doesn't match with Greengrass component Agent version
Upgraded GoLang version that builds agent binaries with to 1.20.11
3.2.1798.0
Bump golang.org/x/net from 0.15.0 to 0.17.0
Upgraded GoLang to version 1.20.10
Fixing race condition in session datachannel unit test
3.2.1705.0
Updated MGS Interactor to send 'Failed' status on agentJob parsing error
Added error handling for Linux DomainJoin when service account credentials empty
Fix for panic scenario in when running aws:configureDocker plugin
Upgraded GoLang to version 1.20.8
Upgraded golang.org/x/net to v0.15.0
Added support for macOS 13 (Ventura)
3.2.1630.0
Fix credential retrieval retry logic in credential refresher
Reducing retrieval log level to debug in the credential refresher after more than 3 retrieval retries
Fix for EC2 credential retrieval errors not being propagated to the credential refresher
Fixing agent version input format validation
Fix downloadPlatformOverride for AlmaLinux
Fixed issue where removing seelog.xml file doesn't revert minimum log level back to INFO
Ignore non-audit files in audit folder
3.2.1542.0
Add aws:updateSSMAgent plugin support for Flatcar Linux
Add fix to resolve manifest url during agent update when using stable keyword
Fix multiple issues causing tight loops during IPC connection scenarios
Sign deb and rpm installer packages for Linux instances using new key
Use file based IPC by default for amazon-ssm-agent and ssm-agent-worker communication in Darwin
3.2.1478.0
Added fix to propagate exit code properly when command fails to start
Added control channel acknowledgement functionalities
Added flag to specify go version used for gosec and govulncheck in static analysis script
Added support for RHEL 8.7, 8.8, 9.1, 9.2
Added support for Rocky Linux 8.7, 9.0, 9.1, 9.2
Added support for Oracle Linux 8.7, 9.1, 9.2
Update go version to 1.20.7
3.2.1377.0
Stopped saving instance profile credentials to disk
Added static agent security scans to makefile
Updated Greengrass component minor version
3.2.1297.0
Added retries to snap uninstall call in setupcli
Fix for windows shutdown executable not found when compiled with golang1.19+
Fix to return correct Agent Job ID for ack after AgentJobParseError
Pass golang contexts for network calls in agent core to terminate cleanly
Remove credential file dependency in agent workers implemented in 3.2.x.x versions
Report MGS Connection Channel status to Health table
Update Dockerfile to use Golang image from ECR repository
3.2.1241.0
Get bucket region using signed HeadBucket request
Updated golang.org/x/net version to 0.10.0 and golang.org/x/crypto version to 0.9.0
Update go version to 1.19.10
3.2.1041.0
Add retry to handle stream data acknowledge messages
Support latest as a version in configurePackage plugin
Updated AWS GO SDK to v1.44.261 and disabled IMDSv1 fallback logic
Use IP address to connect to destination server in port session
3.2.985.0
Add Domain Join support for RHEL 8.7 and AL2022
Add Support to send aws:updateSSMAgent replies through MGS
Retrieve and set interface name dynamically in aws:domainJoin plugin for Ubuntu
3.2.923.0
Update Dockerfile Go version to 1.19
Add reporting of MGS connection status
Add support for updating to agent version marked stable
Add status code to MGS ack and send on message process failure
Update golangci-lint configuration
Add e2e tag to session shell tests
3.2.815.0
Add EC2 credential fallback for AssumeRoleUnauthorizedAccess error
Add CloudWatch log upload support for document and session worker
Add set-hostname support in domainjoin plugin for windows
Add wait time in Agent updater to avoid installation issues caused during reboots initiated by domainjoin plugin
Add support for AlmaLinux
Fix KeepHostName parameter without DNS IP address parameter in domainJoin plugin
Fix issue where carriage returns cause json conversion to fail in aws:softwareInventory plugin
Remove IMDS calls in Onprem during health check
Remove S3 global endpoint fallback logic
Update cli descriptions for registration parameters
Update go version to 1.19.6
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
projects / people / ms / ipfire-2.x.git / log
