Peter Müller [Sun, 28 Mar 2021 13:54:05 +0000 (15:54 +0200)]
Tor: update to 0.4.5.7
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.5.7:
Changes in version 0.4.5.7 - 2021-03-16
Tor 0.4.5.7 fixes two important denial-of-service bugs in earlier
versions of Tor.
One of these vulnerabilities (TROVE-2021-001) would allow an attacker
who can send directory data to a Tor instance to force that Tor
instance to consume huge amounts of CPU. This is easiest to exploit
against authorities, since anybody can upload to them, but directory
caches could also exploit this vulnerability against relays or clients
when they download. The other vulnerability (TROVE-2021-002) only
affects directory authorities, and would allow an attacker to remotely
crash the authority with an assertion failure. Patches have already
been provided to the authority operators, to help ensure
network stability.
We recommend that everybody upgrade to one of the releases that fixes
these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available
to you.
This release also updates our GeoIP data source, and fixes a few
smaller bugs in earlier releases.
o Major bugfixes (security, denial of service):
- Disable the dump_desc() function that we used to dump unparseable
information to disk. It was called incorrectly in several places,
in a way that could lead to excessive CPU usage. Fixes bug 40286;
bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021-
001 and CVE-2021-28089.
- Fix a bug in appending detached signatures to a pending consensus
document that could be used to crash a directory authority. Fixes
bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002
and CVE-2021-28090.
o Minor features (geoip data):
- We have switched geoip data sources. Previously we shipped IP-to-
country mappings from Maxmind's GeoLite2, but in 2019 they changed
their licensing terms, so we were unable to update them after that
point. We now ship geoip files based on the IPFire Location
Database instead. (See https://location.ipfire.org/ for more
information). This release updates our geoip files to match the
IPFire Location Database as retrieved on 2021/03/12. Closes
ticket 40224.
o Minor bugfixes (directory authority):
- Now that exit relays don't allow exit connections to directory
authority DirPorts (to prevent network reentry), disable
authorities' reachability self test on the DirPort. Fixes bug
40287; bugfix on 0.4.5.5-rc.
o Minor bugfixes (documentation):
- Fix a formatting error in the documentation for
VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha.
o Minor bugfixes (Linux, relay):
- Fix a bug in determining total available system memory that would
have been triggered if the format of Linux's /proc/meminfo file
had ever changed to include "MemTotal:" in the middle of a line.
Fixes bug 40315; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (metrics port):
- Fix a BUG() warning on the MetricsPort for an internal missing
handler. Fixes bug 40295; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (onion service):
- Remove a harmless BUG() warning when reloading tor configured with
onion services. Fixes bug 40334; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (portability):
- Fix a non-portable usage of "==" with "test" in the configure
script. Fixes bug 40298; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (relay):
- Remove a spammy log notice falsely claiming that the IPv4/v6
address was missing. Fixes bug 40300; bugfix on 0.4.5.1-alpha.
- Do not query the address cache early in the boot process when
deciding if a relay needs to fetch early directory information
from an authority. This bug resulted in a relay falsely believing
it didn't have an address and thus triggering an authority fetch
at each boot. Related to our fix for 40300.
o Removed features (mallinfo deprecated):
- Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it.
Closes ticket 40309.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 25 Mar 2021 14:36:34 +0000 (14:36 +0000)]
openssl: Update to 1.1.1k
From https://www.openssl.org/news/secadv/20210325.txt:
OpenSSL Security Advisory [25 March 2021]
=========================================
CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
========================================================================
Severity: High
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the
certificates present in a certificate chain. It is not set by default.
Starting from OpenSSL version 1.1.1h a check to disallow certificates in
the chain that have explicitly encoded elliptic curve parameters was added
as an additional strict check.
An error in the implementation of this check meant that the result of a
previous check to confirm that certificates in the chain are valid CA
certificates was overwritten. This effectively bypasses the check
that non-CA certificates must not be able to issue other certificates.
If a "purpose" has been configured then there is a subsequent opportunity
for checks that the certificate is a valid CA. All of the named "purpose"
values implemented in libcrypto perform this check. Therefore, where
a purpose is set the certificate chain will still be rejected even when the
strict flag has been used. A purpose is set by default in libssl client and
server certificate verification routines, but it can be overridden or
removed by an application.
In order to be affected, an application must explicitly set the
X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
for the certificate verification or, in the case of TLS client or server
applications, override the default purpose.
OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these
versions should upgrade to OpenSSL 1.1.1k.
OpenSSL 1.0.2 is not impacted by this issue.
This issue was reported to OpenSSL on 18th March 2021 by Benjamin Kaduk
from Akamai and was discovered by Xiang Ding and others at Akamai. The fix was
developed by Tomáš Mráz.
NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
=====================================================================
Severity: High
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation
ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits
the signature_algorithms extension (where it was present in the initial
ClientHello), but includes a signature_algorithms_cert extension then a NULL
pointer dereference will result, leading to a crash and a denial of service
attack.
A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which
is the default configuration). OpenSSL TLS clients are not impacted by this
issue.
All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions
should upgrade to OpenSSL 1.1.1k.
OpenSSL 1.0.2 is not impacted by this issue.
This issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was
developed by Peter Kästle and Samuel Sapalski from Nokia.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
zoneconf.cgi: Avoid unnecessary MAC address changes
Ensure that a bridge always has a MAC address configured, to prevent
udev/network-hotplug-bridges assigning random addresses at each start.
Cache previously generated MAC addresses so that they are not
regenerated each time the configuration is saved by the user.
Add more comments to existing code.
Fixes: #12583 Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:33:24 +0000 (08:33 +0100)]
perl-Net-SMTP-SSL: Update to 1.04
- Update from 1.02 to 1.04
- Update of rootfile not required
- This is a dependency of git addon package
- Changelog
1.04 2016-10-09
- mark this library deprecated, suggest newer Net::SMTP instead
1.03 2015-06-20
- $net_smtp_ssl->isa('Net::SMTP') is now true
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:32:56 +0000 (08:32 +0100)]
perl-MIME-Base64: Update to 3.16
- Update from 3.15 to 3.16
- No update of rootfile required
- This a dependency to the git addon package
- Changelog
2020-09-26
- Convert the build to Dist::Zilla to ensure we're releasing well built packages
- Ensure all tests are using strict and warnings (thanks, Nicolas R).
- Cleanup this change log
- Add a .mailmap to cleanup our contributors list
- Use `our` instead of `use vars`
- Bump the required Perl version to v5.6.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:32:42 +0000 (08:32 +0100)]
git: Update to 2.31.0
- Update git from 2.28.0 to 2.31.0
- Updated rootfile
- Changelog
Nine releases between these two versions so the changes are too many
to enter here.
The change logs for each version can be found in the tarball under
Documentation/RelNotes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:30:37 +0000 (08:30 +0100)]
crda: Update to 4.14
- Update from 3.18 to 4.14
- No update of rootfile required
- Changelog
2019-11-12 crda: Makefile: fix .so compilation line with some compilersHEADmaster Brian Norris
2018-11-21 README: add legacy notice Luis Chamberlain
2018-11-21 crda: add URLs to README Xose Vazquez Perez
2018-11-21 crda: be explicit about file permission on install Luis Chamberlain
2018-04-28 reglib: properly ident code on reglib_is_valid_rd() Luis R. Rodriguez
2018-01-05 crda: Fix error: `keys’ defined but not usedv4.14 Jelle van der Waa
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:30:15 +0000 (08:30 +0100)]
libstatgrab: Update to 0.92
- Update from 0.91 to 0.92
- Update of rootfile
- Changelog
2019-07-16 Tim Bishop <tim@bishnet.net>
Fix build/install of manpages.
This defaults to attempting to install manpages, unless --disable-man is
given to stop it. It defaults to not building the manpages, unless it
finds docbook2man to build them with.
So for users of the release tarball this will install the manual pages
from the tarball, unless requested not to.
For users of the git repository it will error if they don't have
docbook2man, unless they choose to disable manual pages. I think this is
reasonable because docbook2man is a required tool for build from source.
Files affected:
configure.ac
docs/libstatgrab/Makefile.am
docs/saidar/Makefile.am
docs/statgrab/Makefile.am
2019-07-15 Tim Bishop <tim@bishnet.net>
Allow version to be overridden.
By default, it still uses the short version of the commit reference.
This is most useful for normal CI builds so you can easily see which
commit a tarball is made from. But when testing for a release one might
want to specify the version explicitly, so this can now be overridden by
manually triggering a build and setting LSG_VERSION (eg. 0.92).
Files affected:
.gitlab-ci.yml
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:29:52 +0000 (08:29 +0100)]
mcelog: Update to version 175
- Update from versom version 135 to 175
- Updated rootfile
- Changelog
40 updates between the previous version and current version (5 years)
Changelog is just the list of commits in the git repository - too much
to include here.
https://git.kernel.org/pub/scm/utils/cpu/mce/mcelog.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:29:06 +0000 (08:29 +0100)]
rpcbind: Update to 1.2.5
- Update from 0.2.3 to 1.2.5
- rpcbind-0.2.3-tirpc_fix-1.patch no longer needed as changes are now
included in the tarball
- Updated rootfile
- Dependency of nfs addon package
- Changelog
Too many lines to put in here
Full change logs for 0.2.4 and 1.2.5 can be found at
https://sourceforge.net/projects/rpcbind/files/rpcbind/
No bug fixes in 0.2.4
One bug fix in 1.2.5
Author: Steve Dickson <steved@redhat.com>
Date: Sat Dec 16 15:31:21 2017 -0500
rpcbind.service: Not pulling the rpcbind.target
According to systemd.special(7) manpage:
rpcbind.target
The portmapper/rpcbind pulls in this target and orders itself
before it, to indicate its availability. systemd automatically
adds dependencies of type After= for this target unit to
all SysV init script service units with an LSB header
referring to the "$portmap" facility. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1431574 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:28:55 +0000 (08:28 +0100)]
libtirpc: Update to 1.3.1
- Update from 1.0.2 to 1.3.1
- libtirpc-1.0.2-glibc-2.26.patch no longer needed as changes are now
included in the tarball
- Updated rootfile
- Dependency of rpcbind addon which is a dependency for the nfs addon
- Changelog
No changelog file provided anymore. Only git commits available
See http://git.linux-nfs.org/?p=steved/libtirpc.git;a=log for details
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:28:42 +0000 (08:28 +0100)]
libnfsidmap: Update to 0.27
- Update from 0.26 to 0.27
- Update to rootfile not required
- Dependency of nfs addon
- Changelog
Too many lines to put whole log here. Full change log can be viewed at
https://fedorapeople.org/~steved/libnfsidmap/0.27/
One bux fix
Author: Steve Dickson <steved@redhat.com>
Date: Fri Sep 2 10:07:52 2016 -0400
libnfsidmap: Make sure __res_querydomain is resolvable
Fail the build when __res_querydomain is not resolvable Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1372136 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:28:27 +0000 (08:28 +0100)]
nfs: Update to 2.5.3
- Update from 2.5.1 to 2.5.3
- No update to rootfile required
- Changelog
Changelog for each version has around 500 lines so there is too much to
put here. The full change logs for each version can be found at
https://sourceforge.net/projects/nfs/files/nfs-utils/
Two bug fixes in 2.5.2 and four in 2.5.3 as follows
Author: Steve Dickson <steved@redhat.com>
Date: Tue Feb 2 11:02:47 2021 -0500
mount: fix parsing of default options
A recent patch to change configfile.c to use parse_opt.c contained code
which was intended to remove all "default*" options from the list before
that could be passed to the kernel. This code didn't work, so default*
options WERE passed to the kernel, and the kernel complained and failed
the mount attempt.
A more recent patch attempted to fix this by not including the
"default*" options in the option list at all. This resulting in
global-default defaults over-riding per-mount or per-server defaults.
This patch reverse the "more recent" patch, and fixes the original patch
by providing correct code to remove all "default*" options before the
kernel can see them. Fixes: 88c22f924f1b ("mount: convert configfile.c to use parse_opt.c") Fixes: 8142542bda28 ("mount: parse default values correctly")
Author: Steve Dickson <steved@redhat.com>
Date: Wed Jan 6 13:12:12 2021 -0500
mount: parse default values correctly
Commit 88c22f92 converted the configfile.c routines
to use the parse_opt interfaces which broke how
default values from nfsmount.conf are managed.
Default values can not be added to the mount string
handed to the kernel. They must be interpreted into
the correct mount options then passed to the kernel. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1912877
Author: Steve Dickson <steved@redhat.com>
Date: Mon Nov 9 14:34:15 2020 -0500
nfs-v4client.target: NFSv4 only client target.
To allow v4 only clients, create an systemd
nfs-client target that does not "Wants" a
rpc-statd notify Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1886634
Author: Steve Dickson <steved@redhat.com>
Date: Fri Sep 4 14:15:53 2020 -0400
rpc.idmapd: Do not free config variables
Commit 93e8f092e added a conf_cleanup() call to clean
up memory after the config file was parsed. It turns
out that memory still needed and it is not very much
so the call is removed. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1873965
Author: Steve Dickson <steved@redhat.com>
Date: Wed Aug 5 14:59:23 2020 -0400
rpc.idmapd: Turn down the verbosity in flush_inotify()
Commit 27a8e146 introduce a debugging message
that was not cover by a check if verbose
is set, which cause a large number of message
to be logged on every kerberos mount Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1867172 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:27:22 +0000 (08:27 +0100)]
parted: Update to 3.4
- Update from 3.2 to 3.4
- Updated rootfile
- parted-3.2-device-mapper.patch and parted-3.2-sysmacros.patch are no
longer needed as changes are now included in the tarball
- Changelog is too large to put in here.
11 bug fixes included in logs
Full changelog can be viewed in the tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:27:03 +0000 (08:27 +0100)]
pigz: Update to 2.6
- Update from 2.3.1 to 2.6
- Update of rootfile not required
- Changelog
There is no changelog in the tarball. The recommended source for the
changes are the commits on the git repository
https://github.com/madler/pigz/commits/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:26:43 +0000 (08:26 +0100)]
strace: Update to 5.11
- Update from 5.10 to 5.11
- No update of rootfile required
- Changelog is too long to put in here (several thousand lines)
Full change log can be reviewed in the tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:25:29 +0000 (08:25 +0100)]
perl-File-Tail: Update to 1.3
- Update from 0.99.3 to 1.3
- No update required to rootfile
- perl-File-Tail is a dependency of the swatch addon
- Changelog
1.0 Actually just two minor bug fixes (one of them in a test), but I no
longer see a point in not having a 1.0 version.
1.1 Lee Duncan drew my attention to Stephan Muller's fixes for Windows compatibility
Changed the use of the system's mv command to using File::Copy in the
tests. (Steffen Mueller)
Added machine-readable license statement to Makefile.PL and thus
META.yml (Steffen Mueller)
The sixth test in 10/open.t is skipped on win32 because you can't just
move files around that are opened. (Steffen Mueller)
Due to using sysread and friends, there were newline problems on win32.
That should be fixed now. (Steffen Mueller)
1.2 Break the infinite loop that can result when the average length of lines
causes the attempt to fill the tail buffer to fill with the exact same
or even smaller number of lines.
1.3 Fix for a stupid bug in 1.2 (GFILATOV, Slaven_Rezic)
Added a warning for use of debug in a non-debug version of File::Tail
Shows a warning when maxbuf is set to a too-small value
Invoking name_changes callback changes the value of input attribute (sottile@ix.netcom.com)
When deciding to reopen the file, check if the inode matches (that would mean it has not
been ranamed)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:25:05 +0000 (08:25 +0100)]
perl-Date-Manip: Update to 6.85
- Update from 6.40 to 6.85
- Updated rootfile
- perl-Date-Manip is a dependency of the swatch addon
- Changelog is too long to include here
Full changelog can be viewed in tarball
Approximately 31 bug fixes in the 36 releases between 6.40 and 6.85
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:24:55 +0000 (08:24 +0100)]
perl-Date-Calc: Update to 6.4
- Update from 6.3 to 6.4
- Update of rootfile not required
- perl-Date-Calc is a dependency of the swatch addon
- Changelog
Version 6.4 07.03.2015
+ Fixed t/f016.t, t/f027.t and t/f028.t which started failing on 01/01/2015
+ Fixed t/f035.t which gave a warning "Unescaped left brace in regex is deprecated"
with Perl 5.21.x
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:24:40 +0000 (08:24 +0100)]
perl-Carp-Clan: Update to 6.08
- Update from 6.04 to 6.08
- Updated rootfile
- perl-Carp-Clan is a dependency of the swatch addon
- Changelog
6.08 2019-09-14 17:09:41Z
- fix warning in bad test (thanks, Todd Rinaldo - RT#130494)
- speed up code that was accomodating ancient perl versions that are no
longer supported
6.07 2018-12-02 21:44:55Z
- declared test prerequisites in the proper phase (RT#125288)
- modernized distribution tooling
6.06 2016-05-29
- Avoid failure due to version self-check in 20pre560.t
This test seems like a footgun for release management reasons, but apprently
I wasn't quite as careful as I tried to be in keeping the last release minimal.
6.05 2016-05-29
- Patch tests failing due to 5.25.1+'s deprecated unquoted { } in regex.
(RT #114537)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:24:24 +0000 (08:24 +0100)]
swatch: Update to 3.2.4
- Update from 3.2.3 to 3.2.4
- Updated rootfile
- Changelog
There is no changelog in sourceforge for this package
The changelog in the tarball has the last entry for 2008
Found this url https://fossies.org/diffs/swatchdog/3.2.3_vs_3.2.4/lib/Swatch/Actions.pm-diff.html
which indicates that all changes are only related to change of name from
swatch to swatchdog
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:18:22 +0000 (08:18 +0100)]
swig: Update to 4.0.2
- Update from 3.0.12 to 4.0.2
- Updated rootfile
- Changelog is too large to include here
Full chagelog can be found in the tarball in CHANGES and CHANGES.current
Large number of bugs fixed in the two versions between 3.0.12 and 4.0.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:18:03 +0000 (08:18 +0100)]
sysbench: Update to 1.0.20
- Update from 0.4.12 to 1.0.20
- Updated rootfile
- Changelog
2020-04-24 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.20
* build/CI/packaging: Add arm64 to Travis CI matrix (#358)
* build/CI/packaging: add Ubuntu Focal
* build/CI/packaging: remove Fedora Rawhide from CI matrix
* build/CI/packaging: fix regression tests to work with MySQL 8.0.19+
* build/CI/packaging: fix macOS builds in Travis
* build/CI/packaging: remove Ubuntu Disco (EOL)
2019-12-08 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.19
* build/CI/packaging: fix Ubuntu packaging for Bionic and later versions
* regression tests: compatibility fix for PostgreSQL 12
* build/CI/packaging: fix macOs builds in Travis
* build/CI/packaging: add Fedora 31.
2019-10-21 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.18
* build/CI/packaging: add Ubuntu Eoan.
* build/CI/packaging: remove Ubuntu Cosmic (EOL).
* build/CI/packaging: add CentOS 8.
* build/CI/packaging: add Ubuntu Disco.
* build/CI/packaging: remove Ubuntu Trusty (EOL).
* build/CI/packaging: remove Fedora 28 (EOL).
* build/CI/packaging: add Fedora 30.
* build/CI/packaging: cherry-pick fix for LuaJIT/LuaJIT#484 to
fix builds on macOS Mojave.
* build/CI/packaging: add Debian Buster
2019-03-15 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.17
* build/CI/packaging: update RPM spec to support RHEL8-beta
(thanks to Alexey Bychko for the patch)
* regression tests: remove unnecessary error leading to opt_rate.t instability.
* --rate mode: return a non-zero exit code on event queue
overflow.
* --rate mode: fix a bogus error about eventgen thread termination
2018-12-16 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.16
* build/CI/packaging: add Ubuntu Cosmic.
* build/CI/packaging: add Fedora 29.
* build/CI/packaging: remove Fedora 27 (EOL).
* SQL API: fix GH-282 (Mysql's fetch_row() is broken)
* --rate mode: fix latency stats skew on low rates
* Lua: Add /usr/share/lua/5.1 to LUA_PATH and /usr/lib/lua/5.1
to LUA_CPATH.
* build/CI/packaging: add -Wvla to default compiler flags.
* build/CI/packaging: fix debian/changelog format
* build/CI/packaging: fix buildpack.sh to not push multiple file
types to packagecloud.
* build/CI/packaging: add libaio-dev to Debian/Ubuntu build
dependencies.
2018-07-03 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.15
* CI/build/packaging: add Fedora 28
* CI/build/packaging: add Ubuntu Bionic
* CI/build/packaging: remove Fedora 26 (EOL)
* CI/build/packaging: remove Debian Wheezy (EOL)
* fileio: fix GH-229 (--file-fsync-freq=0 seems to prevent
fsync() at the end of the test)
* command line: improve parsing of boolean command line options
* tests: fix GH-220 (Testsuite api_sql_mysql.t failed ...)
* tests: fix GH-223 (test failure on ppc64)
* tests: fix opt_help.t to pass when the binary is not
configured with MySQL support
* MySQL driver: use it by default in DB benchmarks
2018-04-01 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.14
* reports: fix JSON stats reporter to produce valid JSON
(GH-195)
* Lua SQL API: don't crash when query_row() is called with a
SELECT returning empty result set
* Lua SQL API: don't crash when bulk insert API calls are used
out of order
* regression tests: make PostgreSQL tests compatible with the
new dump format introduced in 10.3
* regression tests: minor stability and coverage improvements
2018-02-17 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.13
* remove Ubuntu Zesty from CI/build/packaging matrices (EOL)
* minor cleanups in build scripts
* improve report formatting for long latency values
* fileio: --file-extra-flags now accepts a list of flags rather
than just a single value
* OLTP: re-prepare prepared statements after reconnects, i.e. in
cases when a server connection is lost and sysbench is
configured to ignore such errors
2018-01-17 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.12
* improve --rate mode precision for high argument values
* add Fedora Rawhide and Debian Sid to CI matrix
* fix compile-time architecture detection for some Broadwell
CPUs which were incorrectly identified as Core 2.
* remove build dependency on xxd (and vim-minimal package)
* fix Lua API to correctly stop the benchmark when event()
returns a value other than nil or false (thanks to caojiafeng
for the patch)
* fix the fileio benchmark when the specified file size is not a
multiple of block size
* fix the fileio benchmark to throw a descriptive error when the
specified file size does not match the size of files created by
'prepare'
* remove Fedora 25 from CI/build/packaging matrices (EOL)
* minor improvements in tests and documentation.
2017-12-09 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.11
* add Debian Stretch to CI/build/packaging matrices
* add Fedora 27 to CI/build/packaging matrices
* make statistic counters usable from Lua scripts
* fix the PostgreSQL driver to be compatible with CockroachDB
(GH-180)
* fix oltp_insert.lua to work correctly when both --tables and
--threads are greater than 1 (GH-178)
* fix FreeBSD builds by adding -rdynamic to the default linker
flags (GH-174)
* minor documentation updates
2017-10-25 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.10
* fixed PK conflicts in oltp_insert.lua by creating empty tables
on 'prepare'
* made sysbench.opt available to init()/done() by exporting it
to the global Lua state
* added Fedora 26 (both x86_64 and AArch64) to the list of
supported and tested distributions
* fixed GH-172: sysbench 1.0.9 doesn't build with mariadb 10.2.8
* add the /usr/local LuaRocks root directory to default LUA_PATH
and LUA_CPATH
* removed Fedora 24, Ubuntu Precise, Yakkety from default build
matrices
* added Ubuntu Artful to default build matrices
2017-09-05 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.9
* fixed oltp_delete.lua to not use INSERT statements for
consistency with other oltp_* benchmarks (GH-168)
* added a workaround for MySQL bug #87337 "8.0.2 reintroduces
my_bool to client API"
* fixed building on on Debian GNU/kFreeBSD (GH-161)
* fixed building against MariaDB 10.2 (thanks to Xavier Bachelot
for the patch, GH-160)
2017-07-04 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.8
* fixed api_report test for slow machines (thanks to @jcfp)
* fileio: suggest to run prepare step on missing files (thanks
to Heinrich Schuchardt)
* JSON reports: removed an erroneous trailing comma (GH-139)
* added events per second to the CPU benchmark report (GH-140)
* fixed db_connect() in legacy SQL API to use the default value
for --db-driver (GH-146)
* removed busy-wait in the bounded event generation mode
(--rate) to avoid CPU hogging
2017-05-15 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.7
* Ubuntu Zesty added to package build matrix
* fixed GH-130: Mutex Benchmark Documentation
* fixed latency reports in the --rate mode
* fixed compiler warnings when building against MySQL 8.0 client
libraries
2017-04-13 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.6
* no functional changes
* many build- and packaging-related improvements
* Linux packages are now automatically built using Travis CI and
packpack, hosted by packagecloud.io
2017-04-02 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.5
* various build-related documentation updates
* benchmark can now be specified by a module name on the command
line
* memory benchmark: performance and scalability improvements
* fix ARMv6 builds with system ConcurrencyKit
* fix GH-123: Table already exists error on prepare
* fix GH-121: make buildhost cpudetection optional
2017-03-13 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.4
* fixed a number of compilation errors and warnings that were
specific to 32-bit platforms
* bundle cram (regression tests framework) and use it by default
in 'make test'
* bundled ConcurrencyKit updated to 0.6.0
2017-02-26 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.3
* LuaJIT scalability improvements for non-x86 architectures
* performance optimizations in oltp_read_write.lua to avoid Lua
string management
* fixed Illumos builds (thanks to Dillon Amburgey)
2017-02-17 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.2
* improved scalability for --report-checkpoints mode
* fix builds on CentoOS 6 and autoconf 2.63
* support for Snap (http://snapcraft.io) packages
2017-02-05 Alexey Kopytov <akopytov@gmail.com>
* version 1.0.1
* fix clock_gettime runtime failure built with macOS 10.11 and
Xcode 8.x
2017-02-04 Aleksei Kopytov <akopytov@gmail.com>
* version 1.0.0
* too much time and too many changes since the previous formal
release, so briefly:
* Lua scripts instead of hard-coded C tests for database
("oltp") benchmarks + ability to create custom workloads
* much better single-threaded performance
* much better scalability
* improvements and cleanups in command line syntax and options
* latency histograms in cumulative statistic reports
* report hooks to print statistics in custom formats
(CSV/JSON/XML/etc.)
* Dropped Windows support
* Dropped support for Oracle, Drizzle and libattachsql drivers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 22 Mar 2021 07:17:40 +0000 (08:17 +0100)]
sysvinit: Update to 2.99
- Update from 2.98 to 2.99
- Update to rootfile not required
- Changelog
sysvinit (2.99) released; urgency=low
* Fixed typos and missing underlines in shutdown manual page.
Corrections provided by Helge Kreutzmann.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 21 Mar 2021 18:31:48 +0000 (19:31 +0100)]
bind: Update to 9.11.29
For details see:
https://downloads.isc.org/isc/bind9/9.11.29/RELEASE-NOTES-bind-9.11.29.html
"Bug Fixes
An invalid direction field (not one of N, S, E, W) in a LOC record resulted
in an INSIST failure when a zone file containing such a record was loaded. [GL #2499]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Fri, 19 Mar 2021 17:32:19 +0000 (18:32 +0100)]
BUG12479: Copied NAT rule in Firewall displays incorrect source Port
Fixes: #12479
When copying a NAT rule in the firewall the existing sourceport is copied, too.
This Fix deletes the sourceport from a copied NAT rule. After Saving, the correct port is used.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 17 Mar 2021 21:42:01 +0000 (22:42 +0100)]
jquery: Update to 3.6.0
- Update from 1.10.2 to 3.6.0
- No update required for rootfile
- Changelog covers 8 years and 3 branches of code version
- The 1.x and 2.x branches no longer receive patches
Summary of Important Changes for move to 3.0
Attributes
Breaking change: .removeAttr() no longer sets properties to false
Breaking change: select-multiple with nothing selected returns an empty array
Feature: SVG documents support class operations
Deprecated: .toggleClass() with no arguments and .toggleClass( Boolean )
Callbacks
Feature: Locking a Callback prevents only future list execution
Core
Breaking change: jQuery 3.0 runs in Strict Mode
Breaking change: document-ready handlers are now asynchronous
Breaking change: jQuery.isNumeric() and custom .toString()
Breaking change: Deprecated .context and .selector properties removed
Breaking change: Deprecated .size() removed
Breaking change: Undocumented internal methods no longer exposed
Breaking change: Return values on empty sets are undefined
Feature: for...of loops can be used on jQuery collections
Feature: jQuery.ready promise is formally supported
Deprecated: jQuery.unique(), renamed to jQuery.uniqueSort()
Deprecated: jQuery.parseJSON()
Deprecated: document-ready handlers other than jQuery(function)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 17 Mar 2021 21:42:22 +0000 (22:42 +0100)]
sudo: Update to 1.9.6p1
- Update from 1.9.5p2 to 1.9.6p1
- Update not required for rootfile
- Changelog
Major changes between version 1.9.6p1 and 1.9.6:
Fixed a regression introduced in sudo 1.9.6 that resulted in an error message instead of a usage message when sudo is run with no arguments.
Major changes between version 1.9.6 and 1.9.5p2:
Fixed a sudo_sendlog compilation problem with the AIX xlC compiler.
Fixed a regression introduced in sudo 1.9.4 where the --disable-root-mailer configure option had no effect.
Added a --disable-leaks configure option that avoids some memory leaks on exit that would otherwise occur. This is intended to be used with development tools that measure memory leaks. It is not safe to use in production at this time.
Plugged some memory leaks identified by oss-fuzz and ASAN.
Fixed the handling of sudoOptions for an LDAP sudoRole that contains multiple sudoCommands. Previously, some of the options would only be applied to the first sudoCommand.
Fixed a potential out of bounds read in the parsing of NOTBEFORE and NOTAFTER sudoers command options (and their LDAP equivalents).
The parser used for reading I/O log JSON files is now more resilient when processing invalid JSON.
Fixed typos that prevented make uninstall from working. GitHub issue #87.
Fixed a regression introduced in sudo 1.9.4 where the last line in a sudoers file might not have a terminating NUL character added if no newline was present.
Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new --enable-fuzzer configure option can be combined with the --enable-sanitizer option to build sudo with fuzzing support. Multiple fuzz targets are available for fuzzing different parts of sudo. Fuzzers are built and tested via make fuzz or as part of make check (even when sudo is not built with fuzzing support). Fuzzing support currently requires the LLVM clang compiler (not gcc).
Fixed the --enable-static-sudoers configure option. GitHub issue #92.
Fixed a potential out of bounds read sudo when is run by a user with more groups than the value of max_groups in sudo.conf.
Added an admin_flag sudoers option to make the use of the ~/.sudo_as_admin_successful file configurable on systems where sudo is build with the --enable-admin-flag configure option. This mostly affects Ubuntu and its derivatives. GitHub issue #56.
The max_groups setting in sudo.conf is now limited to 1024. This setting is obsolete and should no longer be needed.
Fixed a bug in the tilde expansion of CHROOT=dir and CWD=dir sudoers command options. A path ~/foo was expanded to /home/userfoo instead of /home/user/foo. This also affects the runchroot and runcwd Defaults settings.
Fixed a bug on systems without a native getdelim(3) function where very long lines could cause parsing of the sudoers file to end prematurely. Bug #960.
Fixed a potential integer overflow when converting the timestamp_timeout and passwd_timeout sudoers settings to a timespec struct.
The default for the group_source setting in sudo.conf is now dynamic on macOS. Recent versions of macOS do not reliably return all of a user's non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. Bug #946.
Fixed a potential use-after-free in the PAM conversation function. Bug #967.
Fixed potential redefinition of sys/stat.h macros in sudo_compat.h. Bug #968.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 17 Mar 2021 21:41:48 +0000 (22:41 +0100)]
attr: Update to 2.5.1
- Update from 2.4.48 to 2.5.1
- Update rootfile
- Changelog
Version 2.5.1
Fix libtool library versioning regression Andreas Gruenbacher
Version 2.4.48
Update po files and German translation Andreas Gruenbacher
getfattr: Add --one-file-system option Andreas Gruenbacher
Move struct stat into struct walk_tree_args Andreas Gruenbacher
Move list of open directories into struct walk_tree_args Andreas Gruenbacher
Move walk_tree_rec arguments into a separate struct Andreas Gruenbacher
xattr.conf: Indicate afs metadata xattrs should be skipped when copying David Howells
Fix typos in manual pages Samanta Navarro
Update my email address Andreas Gruenbacher
man: add examples to setfattr.1 Achilles Gaikwad
install-data: Don't remove unrelated empty directories Andreas Gruenbacher
attr: Replace bzero with memset Rosen Penev
getfattr: don't count terminating NULL in well_enough_printable Jeff Layton
attr_list, attr_listf: Guard against unterminated buffer Andreas Gruenbacher
attr_multi, attr_multif: Don't set errno to -EINVAL Andreas Gruenbacher
Switch back to syscall() Andreas Gruenbacher
attr_list.3: Fix the attributes.h include path Andreas Gruenbacher
getfattr.1: by default only user namespace attributes are dumped Simon Ruderich
Enable large-file support on systems that do not enable it by default Dmitry V. Levin
man: standardize AUTHORS section Mike Frysinger
man: fix bold style in SEE ALSO section Mike Frysinger
test: escape left brace in a regex in test/run Troy Dawson
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 17 Mar 2021 21:41:31 +0000 (22:41 +0100)]
acl: Update to 2.3.1
- Update from 2.2.53 to 2.3.1
- Updated rootfile
- Changelog
Version 2.3.1
Fix libtool library versioning regression Andreas Gruenbacher
Version 2.3.0
Update po files and German translation Andreas Gruenbacher
getfacl: fix indent in --help output Valentin Vidic
getfacl: Add --one-file-system optionnext Pavel Polacek
Move struct stat into struct walk_tree_args Andreas Gruenbacher
Move list of open directories into struct walk_tree_args Andreas Gruenbacher
Move walk_tree_rec arguments into a separate struct Andreas Gruenbacher
acl_from_mode, acl_copy_int: Fix segfault on allocation failure Tavian Barnes
__acl_create_entry_obj: do not break strict aliasing rules Kamil Dudka
Fix typo in getfacl(1) man page Anthony Sottile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update tshark from 3.4.2 to 3.4.3
- Update rootfile
- Changelog is too long to include here.
See ChangeLog file in source tarball
29 bugfixes included
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update stunnel from 5.57 to 5.58
- Update rootfile
- Changelog
Version 5.58, 2021.02.20, urgency: HIGH
Security bugfixes
The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein).
Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov).
OpenSSL DLLs updated to version 1.1.1j.
New features
New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers).
'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value.
Initial FIPS 3.0 support.
Bugfixes
X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates.
Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
Merged Debian 05-typos.patch (thx to Peter Pentchev).
Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
Fixed tests on the WSL2 platform.
NSIS installer updated to version 3.06 to fix a multiuser installation bug on some platforms, including 64-bit XP.
Fixed engine initialization (thx to Petr Strukov).
FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available.
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update sqlite from 3.34.0 to 3.34.1
- Update rootfile
- Changelog
Fix a potential use-after-free bug when processing a a subquery with
both a correlated WHERE clause and a "HAVING 0" clause and where the
parent query is an aggregate.
Fix documentation typos
Fix minor problems in extensions.
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update qpdf from 10.1.0 to 10.3.0
- Updated rootfile
- Changelog is too long to fully include here
See ChangeLog file in source tarball
Bug fixes in 10.3.0
* The last several changes are in support of fixing more complex
cases of keeping form fields working properly through page copying
operations. Fixes #509.
Bug fixes in 10.2.0
* From qpdf CLI, --pages and --split-pages will properly preserve
interactive form functionality. Fixes #340.
* From qpdf CLI, --overlay and --underlay will copy annotations
and form fields from overlay/underlay file. Fixes #395.
* Add new option --password-file=file for reading the decryption
password from a file. file may be "-" to read from standard input.
Fixes #499.
* By default, give an error if a user attempts to encrypt a file
with a 256-bit key, a non-empty user password, and an empty owner
password. Such files are insecure since they can be opened with no
password. To allow explicit creation of files like this, pass the
new --allow-insecure option. Thanks to github user RobK88 for a
detailed analysis and for reporting this issue. Fixes #501.
* Bug fix: if a form XObject lacks a resources dictionary,
consider any names in that form XObject to be referenced from the
containing page. This is compliant with older PDF versions. Also
detect if any form XObjects have any unresolved names and, if so,
don't remove unreferenced resources from them or from the page
that contains them. Fixes #494.
* Give warnings instead of segfaulting if a QPDF operation is
attempted after calling closeInputSource(). Fixes #495.
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update nagios-plugins from 2.2.1 to 2.3.3
- Updated rootfile
- Changelog is too long to include here
See ChangeLog file in source tarball
80 bugs fixed with the last four releases
- Latest version og nagios-plugins is recommended by update of nagios_nrpe
to 4.0.3
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update nagios_nrpe from 3.2.1 to 4.0.3
- No update for rootfile
- Changelog
[4.0.3](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.3) - 2020-04-28
**FIXES**
- Fixed nasty_metachars not being read from config file (#235) (Sebastian Wolf)
[4.0.2](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.2) - 2020-03-11
**FIXES**
- Fixed buffer length calculations/writing past memory boundaries on some systems (#227, #228) (Andreas Baumann, hariwe, Sebastian Wolf)
- Fixed use of uninitialized variable when validating requests (#229) (hariwe, Sebastian Wolf)
[4.0.1](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.1) - 2020-01-22
**FIXES**
* Fixed syslog flooding with CRC-checking errors when both plugin and agent were updated to version 4 (Sebastian Wolf)
[4.0.0](https://github.com/NagiosEnterprises/nrpe/releases/tag/nrpe-4.0.0) - 2019-01-13
Note: This update includes security fixes which affect both the check_nrpe plugin and
the NRPE daemon. The latest version of NRPE is still able to interoperate with previous
versions, but for best results, both programs should be updated.
**ENHANCEMENTS**
* Added TLSv1.3 and TLSv1.3+ support for systems that have it (Nigel Yong, Rahul Golam)
* Added IPv6 ip address to list of default allow_from hosts (Troy Lea)
* Added -D option to disable logging to syslog (Tom Griep, Sebastian Wolf)
* Added -3 option to force check_nrpe to use NRPE v3 packets
* OpenRC: provide a default path for nrpe.cfg (Michael Orlitzky)
* OpenRC: Use RC_SVCNAME over a hard-coded PID file (j-licht)
**FIXES**
* Checks for '!' now only occur inside the command buffer (Joni Eskelinen)
* NRPE daemon is more resilient to DOS attacks (Leonid Vasiliev)
* allowed_hosts will no longer test getaddrinfo records against the wrong protocol (dombenson)
* nasty_metachars will now handle C escape sequences properly when specified in the config file (Sebastian Wolf)
* Calculated packet sizes now struct padding/alignment when sending and receiving messages (Sebastian Wolf)
* Buffer sizes are now checked before use in packet size calculation (Sebastian Wolf)
* When using `include_dir`, individual files' errors do not prevent the remaining files from being read (Sebastian Wolf)
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update nano from 5.5 to 5.6
- No update for rootfile
- Changelog
Changes between v5.5 and v5.6:
Benno Schulenberg (52):
build: avoid a warning about duplicate symbol when building from tarball
build: detect a build from git also when building out of tree
build: include a workaround only for versions of ncurses that need it
bump version numbers and add a news item for the 5.6 release
color: do not look for another 'end' match after already finding one
color: give highlighted text its own color, to not look like marked text
color: recompile the file-probing regexes a little faster with REG_NOSUB
color: use bright yellow to highlight a search match
color: use inverse video for highlighting when there are no colors
debug: add timing instruments to cache precalculation and screen refresh
display: for a large paste or insertion, recalculate the multiline cache
docs: correct the description of --quickblank for the changed base value
docs: correct the formatting of a comment in the sample nanorc
docs: correct the word order for Alt+D in the cheat sheet -- it changed
docs: mention the new 'set highlightcolor' option
docs: remove all mentions of --markmatch and 'set markmatch'
docs: say that --minibar is modified by --constantshow and --stateflags
feedback: make Full Justify show a message also when using --minibar
gnulib: update to its current upstream state
minibar: show a message a little longer when --quickblank isn't used
minibar: show cursor position + character code only with --constantshow
minibar: show the state flags only when --stateflags is used
minibar: suppress the toggling feedback for M-C, but show it for M-Y/M-P
options: remove --markmatch and 'set markmatch', as the behavior is gone
painting: always do backtracking for the first row of the screen
painting: trigger a refresh when a second start match appears on a line
painting: trigger fewer unneeded full-screen refreshes
painting: when finding an end match, set its multidata right away
scrolling: keep centering after large paste, also when line numbers widen
search: just highlight the found occurrence, instead of marking it
search: make highlighting the standard, non-changeable behavior
tweaks: avoid the vague possibility of advancing beyond end-of-line
tweaks: be slightly more efficient in marking lines as WOULDBE
tweaks: call wattron()/wattroff() only when actually painting something
tweaks: correct a comment, improve another, and trim some verbosity
tweaks: don't bother comparing virgin multidata with current situation
tweaks: don't bother initializing freshly allocated multidata
tweaks: don't bother wiping the multidata before recomputing it
tweaks: elide a function that is now just one line
tweaks: frob a condition, to be more concise, and reshuffle another
tweaks: frob some comments, and adjust indentation after previous change
tweaks: frob some comments, and reshuffle two fragments of code
tweaks: frob two fragments of code, to be more readable
tweaks: make a skipping condition more precise
tweaks: remove an old fix that was made superfluous by a recent fix
tweaks: remove a strangely placed warning
tweaks: rename six symbols, to be more straightforward
tweaks: reshuffle some code, and reduce the scope of a variable
tweaks: reshuffle three conditions into a better order
tweaks: rewrap and reindent a few lines
tweaks: rewrap two lines, for esthetics
tweaks: stop evaluating a rule when the match is offscreen to the right
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update ipset from 7.10 to 7.11
- No update to rootfile
- Changelog
- Parse port before trying by service name (Haw Loeung)
- Silence unused-but-set-variable warnings (reported by
Serhey Popovych)
- Handle -Werror=implicit-fallthrough= in debug mode compiling
- ipset: fix print format warning (Neutron Soutmun)
- Updated utilities
- Argument parsing buffer overflow in ipset_parse_argv fixed
(reported by Marshall Whittaker)
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update iproute2 from 5.10.0 to 5.11.0
- Updated rootfile
- Changelog extracted from commits
lib/fs: Fix single return points for get_cgroup2_* Andrea Claudi
lib/fs: avoid double call to mkdir on make_path() Andrea Claudi
lib/bpf: Fix and simplify bpf_mnt_check_target() Andrea Claudi
lib/namespace: fix ip -all netns return code Andrea Claudi
ip: lwtunnel: seg6: bail out if table ids are invalid Andrea Claudi
tc: m_gate: use SPRINT_BUF when needed Andrea Claudi
man8/bridge.8: be explicit that "flood" is an egress setting Vladimir Oltean
man8/bridge.8: explain self vs master for "bridge fdb add" Vladimir Oltean
man8/bridge.8: fix which one of self/master is default for "bridge fdb" Vladimir Oltean
man8/bridge.8: explain what a local FDB entry is Vladimir Oltean
man8/bridge.8: document that "local" is default for "bridge fdb add" Vladimir Oltean
man8/bridge.8: document the "permanent" flag for "bridge fdb add" Vladimir Oltean
rdma: Fix statistics bind/unbing argument handling Ido Kalir
uapi: pick up rpl.h fix Stephen Hemminger
iproute: force rtm_dst_len to 32/128 Luca Boccassi
ss: Add clarification about host conditions with multiple familes to man Thayne McCombs
Add documentation of ss filter to man page Thayne McCombs
iplink: print warning for missing VF data Edwin Peer
ss: do not emit warn while dumping MPTCP on old kernels Paolo Abeni
man: tc-taprio.8: document the full offload feature Vladimir Oltean
iplink_bareudp: cleanup help message and man page Guillaume Nault
vrf: fix ip vrf exec with libbpf Luca Boccassi
vrf: print BPF log buffer if bpf_program_load fails Luca Boccassi
build: Fix link errors on some systems Roi Dayan
tc: flower: fix json output with mpls lse Guillaume Nault
dcb: Change --Netns/-N to --netns/-n Petr Machata
dcb: Plug a leaking DCB socket buffer Petr Machata
dcb: Set values with RTM_SETDCB type Petr Machata
uapi: update if_link.h from upstream Stephen Hemminger
include: uapi: Carry dcbnl.h Petr Machata
uapi: update kernel headers to 5.11 pre rc1
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update hplip from 3.20.11 to 3.21.2
- Updated rootfile
- Changelog
Added support for following new Distro's:
Fedora 33
Manjaro 20.2
Debian 10.7
RHEL 8.3
RHEL 7.7
RHEL 7.8
RHEL 7.9
Added support for the following new Printers:
HP LaserJet Enterprise M406dn
HP LaserJet Enterprise M407dn
HP LaserJet Enterprise MFP M430f
HP LaserJet Enterprise MFP M431f
HP LaserJet Managed E40040dn
HP LaserJet Managed MFP E42540f
HP Color LaserJet Enterprise M455dn
HP Color LaserJet Managed E45028dn
HP Color LaserJet Enterprise MFP M480f
HP Color LaserJet Managed MFP E47528f
HP PageWide XL 3920 MFP
HP PageWide XL 4200 Printer
HP PageWide XL 4200 Multifunction Printer
HP PageWide XL 4700 Printer
HP PageWide XL 4700 Multifunction Printer
HP PageWide XL 5200 Printer
HP PageWide XL 5200 Multifunction Printer
HP PageWide XL 8200 Printer
HP Laserjet M207d
HP Laserjet M208d
HP Laserjet M209d
HP Laserjet M210d
HP Laserjet M212d
HP Lasejet M211d
HP Laserjet M209dw
HP Laserjet M209dwe
HP Laserjet M210dw
HP Laserjet M210dwe
HP Laserjet M212dw
HP LaserJet M212dwe
HP Laserjet M208dw
HP Laserjet M207dw
HP Laserjet M211dw
HP LaserJet MFP M234dw
HP LaserJet MFP M234dwe
HP LaserJet MFP M233d
HP LaserJet MFP M232d
HP LaserJet MFP M235d
HP LaserJet MFP M237d
HP LaserJet MFP M236d
HP LaserJet MFP M232dw
HP LaserJet MFP M232dwc
HP LaserJet MFP M233dw
HP LaserJet MFP M236dw
HP LaserJet MFP M235dw
HP LaserJet MFP M235dwe
HP LaserJet MFP M237dwe
HP LaserJet MFP M237dw
HP LaserJet MFP M232sdn
HP LaserJet MFP M233sdn
HP LaserJet MFP M236sdn
HP LaserJet MFP M234sdn
HP LaserJet MFP M234sdne
HP LaserJet MFP M235sdn
HP LaserJet MFP M235sdne
HP LaserJet MFP M237sdne
HP LaserJet MFP M237sdn
HP LaserJet MFP M232sdw
HP LaserJet MFP M233sdw
HP LaserJet MFP M236sdw
HP LaserJet MFP M234sdw
HP LaserJet MFP M234sdwe
HP LaserJet MFP M235sdw
HP LaserJet MFP M235sdwe
HP LaserJet MFP M237sdwe
HP LaserJet MFP M237sdw
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Use the traffic class description field to identify similar classes.
This ensures that a class used in both the up- and down-link is
printed with matching colors in both graphs.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Mar 2021 17:41:28 +0000 (18:41 +0100)]
openssh: Update to 8.5p1
- Update Openssh from 8.4p1 to 8.5p1
- rootfiles not changed
- ssh access by keys tested with 8.5p1 and successfully worked
- Full Release notes can be read at https://www.openssh.com/releasenotes.html
- Future deprecation notice
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.
In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
OpenSSH will disable this signature scheme by default in the near
future.
Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.
- Checked if the weak ssh-rsa public key algorithm was being used with
openssh8.4p1 by running
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
host verification was successful with no issue so IPFire will not be
affected by this deprecation when it happens
- Potentially-incompatible changes
* ssh(1), sshd(8): this release changes the first-preference signature
algorithm from ECDSA to ED25519.
This did not affect my use of ssh login but I use ED25519 as the only
key algorithm that I use. It might be good to get it tested by
someone who has ECDSA and ED25519 keys and prefers ECDSA
Remaining changes don't look likely to affect IPFire users
- Bugfixes
* ssh(1): Prefix keyboard interactive prompts with "(user@host)" to
make it easier to determine which connection they are associated
with in cases like scp -3, ProxyJump, etc. bz#3224
* sshd(8): fix sshd_config SetEnv directives located inside Match
blocks. GHPR201
* ssh(1): when requesting a FIDO token touch on stderr, inform the
user once the touch has been recorded.
* ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the effective value
(for most platforms) at 24 days. bz#3229
* ssh(1): consider the ECDSA key subtype when ordering host key
algorithms in the client.
* ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
that it control allowed key algorithms, when this option actually
specifies the signature algorithms that are accepted. The previous
name remains available as an alias. bz#3253
* ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
* sftp-server(8): add missing lsetstat@openssh.com documentation
and advertisement in the server's SSH2_FXP_VERSION hello packet.
* ssh(1), sshd(8): more strictly enforce KEX state-machine by
banning packet types once they are received. Fixes memleak caused
by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
* sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
platforms instead of being limited by LONG_MAX. bz#3206
* Minor man page fixes (capitalization, commas, etc.) bz#3223
* sftp(1): when doing an sftp recursive upload or download of a
read-only directory, ensure that the directory is created with
write and execute permissions in the interim so that the transfer
can actually complete, then set the directory permission as the
final step. bz#3222
* ssh-keygen(1): document the -Z, check the validity of its argument
earlier and provide a better error message if it's not correct.
bz#2879
* ssh(1): ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config. bz#2320
* sshd_config(5): mention that DisableForwarding is valid in a
sshd_config Match block. bz3239
* sftp(1): fix incorrect sorting of "ls -ltr" under some
circumstances. bz3248.
* ssh(1), sshd(8): fix potential integer truncation of (unlikely)
timeout values. bz#3250
* ssh(1): make hostbased authentication send the signature algorithm
in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>