]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
people/pmueller/ipfire-2.x.git
3 years agoopenssl: update to 1.1.1k
Arne Fitzenreiter [Tue, 24 Aug 2021 20:17:06 +0000 (22:17 +0200)] 
openssl: update to 1.1.1k

This update fix:
SM2 Decryption Buffer Overflow (CVE-2021-3711)
Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
https://www.openssl.org/news/secadv/20210824.txt

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: add perl-MIME-Lite
Arne Fitzenreiter [Mon, 16 Aug 2021 06:55:02 +0000 (06:55 +0000)] 
core160: add perl-MIME-Lite

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoperl-MIME-Lite: Update to version 3.033
Adolf Belka [Thu, 8 Jul 2021 11:43:26 +0000 (13:43 +0200)] 
perl-MIME-Lite: Update to version 3.033

- Update from 3.030 (Nov 2013) to 3.033 (Jun 2021)
- Update of rootfile not required
- Changelog
   Version 3.033
     No changes since previous version, just made non-trial.
   Version 3.032
     Fix an error in printing to Net::SMTP (thanks, Peter Heirich)
     Add "use warnings" and require v5.6
   Version 3.031
     Add an SSL option to connect to the SMTP relay via SSL on port 465. (thanks,
      Max Maischein)
     Document some tips on using non-ASCII content with MIME::Lite (thanks,
      traveljury.com and Tom Hukins)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: add pcre
Arne Fitzenreiter [Mon, 16 Aug 2021 06:53:09 +0000 (06:53 +0000)] 
core160: add pcre

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agopcre: Update to version 8.45
Adolf Belka [Thu, 8 Jul 2021 11:43:11 +0000 (13:43 +0200)] 
pcre: Update to version 8.45

- Update from 8.44 to 8.45
- Updated rootfile
- Checked the dependencies of the old lib versions using find-dependencies
   nothing flagged
- Changelog
   Version 8.45 15-June-2021
    This is the final release of PCRE1. A few minor tidies are included.
   1. CMakeLists.txt has two user-supplied patches applied, one to allow for the
      setting of MODULE_PATH, and the other to support the generation of pcre-config
      file and libpcre*.pc files.
   2. There was a memory leak if a compile error occurred when there were more
      than 20 named groups (Bugzilla #2613).
   3. Fixed some typos in code and documentation.
   4. Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: add iproute2
Arne Fitzenreiter [Mon, 16 Aug 2021 06:51:35 +0000 (06:51 +0000)] 
core160: add iproute2

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoiproute2: Update to version 5.13.0
Adolf Belka [Thu, 8 Jul 2021 11:42:51 +0000 (13:42 +0200)] 
iproute2: Update to version 5.13.0

- Update from 5.12.0 to 5.13.0
- Update of rootfile not required
- Changelog is not available in source tarball and not on source website
   Below info obtained from the commits from the git repository
   devlink: Fix printf() type mismatches on 32-bit architectures Ben Hutchings
   utils: Fix BIT() to support up to 64 bits on all architectures Ben Hutchings
   uapi: update headers to 5.13 Stephen Hemminger
   devlink: Fix link errors on some systems Roi Dayan
   tc: pedit: add decrement operation Asbjørn Sloth Tønnesen
   tc: pedit: parse_cmd: add flags argument Asbjørn Sloth Tønnesen
   iplink: support for WWAN devices Sergey Ryazanov
   iplink: add support for parent device Sergey Ryazanov
   Import wwan.h uapi file David Ahern
   man: fix syntax for ip link property Stephen Hemminger
   seg6: add support for SRv6 End.DT46 Behavior Paolo Lungaroni
   Update kernel headers David Ahern
   utils: bump max args number to 512 for batch files Guillaume Nault
   uapi: update kernel headers to 5.13-rc6 Stephen Hemminger
   Merge branch 'devlink-rate-support' into next David Ahern
   devlink: Add ISO/IEC switch Dmytro Linkin
   devlink: Add port func rate support Dmytro Linkin
   devlink: Add helper function to validate object handler Dmytro Linkin
   Update kernel headers David Ahern
   devlink: Add optional controller user input Parav Pandit
   police: Add support for json output Roi Dayan
   tc: fq: add horizon attributes Eric Dumazet
   configure: convert LIBBPF environment variables to command-line options Hangbin Liu
   configure: add options ability Hangbin Liu
   ss: update ss man page Roman Mashak
   tc: f_flower: Add missing ct_state flags to usage description Ariel Levkovich
   tc: f_flower: Add option to match on related ct state Ariel Levkovich
   libgenl: make genl_add_mcast_grp set errno on error Florian Westphal
   lib/fs: fix issue when {name,open}_to_handle_at() is not implemented Heiko Thiery
   config.mk: Rerun configure when it is newer than config.mk David Ahern
   ip: dynamically size columns when printing stats Jakub Kicinski
   seg6: add counters support for SRv6 Behaviors Paolo Lungaroni
   tc: htb: improve burst error messages Andrea Claudi
   tipc: bail out if key is abnormally long Andrea Claudi
   tipc: bail out if algname is abnormally long Andrea Claudi
   tipc: call a sub-routine in separate socket Hoang Le
   tc-cake: update docs to include LE diffserv Tyson Moore
   dcb: fix memory leak Andrea Claudi
   dcb: fix return value on dcb_cmd_app_show Andrea Claudi
   lib: bpf_legacy: avoid to pass invalid argument to close() Andrea Claudi
   tc: q_ets: drop dead code from argument parsing Andrea Claudi
   ip: align the name of the 'nohandler' stat Jakub Kicinski
   Update kernel headers David Ahern
   Merge branch 'rdma-copy-on-fork' into next David Ahern
   rdma: Add copy-on-fork to get sys command Gal Pressman
   rdma: update uapi headers Gal Pressman
   mptcp: make sure flag signal is set when add addr with port Jianguo Wu
   Merge branch 'main' into next David Ahern
   ip: Add nodst option to macvlan type source Jethro Beekman
   Merge branch 'rdma-resource-tracking' into next David Ahern
   rdma: Add SRQ resource tracking information Neta Ostrovsky
   rdma: Add context resource tracking information Neta Ostrovsky
   rdma: Update uapi headers Neta Ostrovsky
   Update kernel headers David Ahern

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: add suricata and libhtp
Arne Fitzenreiter [Mon, 16 Aug 2021 06:49:13 +0000 (06:49 +0000)] 
core160: add suricata and libhtp

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agolibhtp: Update to 5.0.38
Matthias Fischer [Sun, 4 Jul 2021 13:38:56 +0000 (15:38 +0200)] 
libhtp: Update to 5.0.38

For details see:
https://github.com/OISF/libhtp/releases/tag/0.5.38

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agosuricata: Update to 5.0.7
Matthias Fischer [Sun, 4 Jul 2021 13:38:55 +0000 (15:38 +0200)] 
suricata: Update to 5.0.7

For details see:

https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489

and

https://redmine.openinfosecfoundation.org/versions/166

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agotraceroute: Update to version 2.1.0
Adolf Belka [Thu, 1 Jul 2021 21:26:04 +0000 (23:26 +0200)] 
traceroute: Update to version 2.1.0

- Update from 2.0.18 (2011) to 2.1.0 (2016 - latest version)
- Update of rootfile not required
- Changelog
    2016-03-08  Dmitry Butskoy  <Dmitry@Butskoy.name> - 2.1.0
*  Improve the main loop for better interactivity.
   Instead of waiting silently for maximum expiration time of probes
    in progress, use timeout of the first probe (which will be printed
    first from now) only.
*  Speedup wait mechanism.
   Traditional traceroute implementation always waited the whole timeout
    for any probe. But if we already have some replies from the same hop,
    or even from some next hop, we can use the round trip time
    of such a reply as a hint to determine the actual reasonable
    amount of time to wait.
   Now the `-w' option has a form of three (in general) float values
    separated by a comma (or a slash): `-w MAX_SECS,HERE,NEAR' .
    (last two are optional). MAX_SECS specifies the maximum time
    (in seconds) to wait, in any case.
   The optional HERE specifies a factor to multiply the round trip time
    of an already received response from the same hop.
   The resulting value is used as a timeout for the probe, instead of
    (but no more than) MAX_SECS. The optional NEAR specifies a similar
    factor for a response from some next hop.
   The time of the first found result is used in both cases.
   First, we look for the same hop (of the probe which will be printed
    first from now). If nothing found, then look for some next hop.
   If nothing found, use MAX_SECS. If HERE and/or NEAR have zero values,
    the corresponding computation is skipped.
   HERE and NEAR are always set to zero if only MAX_SECS is specified
    (which provides compatibility with previous versions). Thus, if your
    scripts use `-w SECS', then nothing changed for you, since
    the lonely SECS implies `-w SECS,0,0' .
   Defaults are 5.0 seconds for MAX_SECS, 3.0 times for HERE and
    10.0 times for NEAR.
   Certainly, the new algorithm can lead to premature expiry
    (especially when response times differ at times) and printing "*"
    instead of a time. Anyway, you can always switch this algorithm off,
    just by specifying `-w' with the desired timeout only (fe. `-w 5').
   We continue to wait whole MAX_SECS when one probe per time
    must be sent (`--sport', `-P proto'), because it seems more harmful
    rather than helpful to try to wait less in such cases.
   To provide compatibility with 2.0.x versions, use:
traceroute -w 5
    (or any other desired `-w' value).
*  Hint people to use the system traceroute(8) instead of
    tcptraceroute wrapper (by providing a stderr header).
   The using of this wrapper is a little bit harmful, since it has
    less possibilities and a little different set of options.
   For those who are used to use tcptraceroute in cmdline,
    just create a link with that name to the system traceroute.
   When invoked as "tcp*", it then behaves as `traceroute -T'.
   (The simple manual page added for this case in the wrapper subdir).
   The original tcptraceroute had some options differ ("lpNSAE"),
    but they was rare used. Most common "dnFifmqwst" was just the same.
   Therefore it should be painless to use the system binary directly,
    instead of the limited wrapper (which is still provided indeed).
    2016-02-15  Dmitry Butskoy  <Dmitry@Butskoy.name> - 2.0.22
*  Some portability fixing and improvements (Felix Janda)
*  Require clear numbers for options and arguments (Sergey Salnikov)
*  Drop compilation date from the version string (Debian #774365)
*  New tcp module option `reuse', which utilize SO_REUSEADDR
    to reuse local port numbers for the huge workloads (Richard Sheehan)
*  Avoid poll(2) call with spurious zero timeout in some rare cases
    by rounding the value properly using ceil(3)
    2014-11-12  Dmitry Butskoy  <Dmitry@Butskoy.name> - 2.0.21
*  Fix `--mtu' and `-F' working on kernels >= 3.13
*  Some manual page improving (Christopher Mann)
    2014-06-14  Dmitry Butskoy  <Dmitry@Butskoy.name> - 2.0.20
*  Describe all complementary long options in the man page (Jan Synacek)
*  Use correct service name for AS lookups (Frederic Mangano)
*  Avoid some rare case null dereference (geogriffin@jsgriff.com)
*  Improve expiration check for simultaneous probes
    2012-11-19  Dmitry Butskoy  <Dmitry@Butskoy.name> - 2.0.19
*  DCCP protocol support (rfc4340), by Samuel Jero
    Use "-D" option for it (the protocol-specific options
    are available too).
*  Update COPYING and COPYING.LIB license files to the latest
    published ones (due to FSF address changes etc.) (Jan Synacek)
*  Add mention of "-l" option to manual (Filip Holec)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: add Text-Tabs+Wrap
Arne Fitzenreiter [Mon, 16 Aug 2021 06:29:30 +0000 (06:29 +0000)] 
core160: add Text-Tabs+Wrap

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoText-Tabs+Wrap: Update to 2013.0523
Adolf Belka [Thu, 1 Jul 2021 21:25:48 +0000 (23:25 +0200)] 
Text-Tabs+Wrap: Update to 2013.0523

- Update from 2005.0824 to 2013.0523 - latest version
- Update of rootfile required
- Changelog
   = 2013/05/23
     Change module 'NAME'
   = 2013/05/22
     Typos
   = 2013/04/26
     Minor test suite fixes - bug 81698.
     Fixed bug 79766 -- an extraneous "=" in a regex.
     Changed the license to qualify as an "open source" license.
   = 2012/08/18
     Packaging fix.
     Minor documentation fixes.
   = 2012/08/15
     Minor fixes to test suites.
     Added back versions to support old versions of perl.
   = 2009/04/17
     Added support for Unicode combining characters to both
      Text::Tabs and Text::Wrap, plus a new test suite for each
      of these new functionalities.  --tchrist
   = 2009/03/05
     Test improvements from Dave Mitchel sent back in 2005...
     Added code to increase $columns if it's not big enough to accommodate
      the subsequent tab.
     Minor documentation fixes from David Landgren <david at landgren.net>.
     Use warnings::warnif instead of just warn for columns < 2.  Appled per
      request of Rafael Garcia-Suarez <rgarciasuarez at gmail.com>.
   = 2006/11/17
     Text::Tabs can handle newlines now so the BUGS section has been removed
      per request from Aristotle Pagaltzis.
   = 2006/07/11
     Further bomb-proofing to pass more tests: Dan Jacobson <jidanni at
      jidanni dot org> found another way to generate a "this shouldn't happen".
   = 2006/07/05
     Made documentation and code changes to address perlbug:
      https://rt.perl.org/rt3/Ticket/Display.html?id=30229
     Added in changes from the distributed-with-perl version.  This took
      care of perlbug: https://rt.perl.org/rt3/Ticket/Display.html?id=34902
     It also took care of suggestion from Matthijs Bomhoff <matthijs
      at bomhoff dot nl>.
     Made documentation changes (added EXAMPLES) as per a suggestion
      from Gabor Blasko <gblasko at cs dot columbia dot edu>
     belg4mit at MIT dot EDU reported that $columns==1 die'd.  No longer.
     Added tests for each bug report.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: add sqlite
Arne Fitzenreiter [Mon, 16 Aug 2021 06:25:43 +0000 (06:25 +0000)] 
core160: add sqlite

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agosqlite: Update to version 3360000
Adolf Belka [Thu, 1 Jul 2021 21:25:32 +0000 (23:25 +0200)] 
sqlite: Update to version 3360000

- Update from 3350500 to 3360000
- Update of rootfile not required
- Changelog
   Improvement to the EXPLAIN QUERY PLAN output to make it easier to understand.
   Byte-order marks at the start of a token are skipped as if they were whitespace.
   An error is raised on any attempt to access the rowid of a VIEW or subquery. Formerly, the rowid of a VIEW would be indeterminate and often would be NULL. The -DSQLITE_ALLOW_ROWID_IN_VIEW compile-time option is available to restore the legacy behavior for applications that need it.
   The sqlite3_deserialize() and sqlite3_serialize() interfaces are now enabled by default. The -DSQLITE_ENABLE_DESERIALIZE compile-time option is no longer required. Instead, there is is a new -DSQLITE_OMIT_DESERIALIZE compile-time option to omit those interfaces.
   The "memdb" VFS now allows the same in-memory database to be shared among multiple database connections in the same process as long as the database name begins with "/".
   Back out the EXISTS-to-IN optimization (item 8b in the SQLite 3.35.0 change log) as it was found to slow down queries more often than speed them up.
   Improve the constant-propagation optimization so that it works on non-join queries.
   The REGEXP extension is now included in CLI builds.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: add rules.pl
Arne Fitzenreiter [Mon, 16 Aug 2021 06:21:43 +0000 (06:21 +0000)] 
core160: add rules.pl

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoFirewall: Proper allow to create REDIRECT rules.
Stefan Schantl [Wed, 30 Jun 2021 18:40:31 +0000 (20:40 +0200)] 
Firewall: Proper allow to create REDIRECT rules.

This patch now proper allows to create rules for redirecting requests of a
given host, group or network(s) to a specified port or service to the
local IPFire system.

So it implements a very generic and easy to use feature to redirect
(for example all DNS, NTP, or whatever) requests to the a local running
instance and so to force usage of that local hosted service.

* The feature supports specifiying a single port and redirect the requests to another given one.
  ( For example requests to UDP 123 can be redirected to local UDP 1234
  if you run an NTP server on that port.)

* It also supports direct usage of services or even service groups.
  ( So you can create a service group for DNS and redirect them to the
  local recursor, or create a "redirected services" group which easily
  can be managed...)

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoiperf3: Update to version 3.10.1
Adolf Belka [Wed, 30 Jun 2021 17:47:07 +0000 (19:47 +0200)] 
iperf3: Update to version 3.10.1

- Update from 3.9 to 3.10.1
- Update of rootfile not required
- Changelog
   iperf-3.10.1 2021-06-03
     * Notable user-visible changes
       * Fixed a problem with autoconf scripts that made builds fail in
         some environments (#1154 / #1155).
     * Developer-visible changes
       * GNU autoconf 2.71 or newer is now required to regenerate iperf3's
         configure scripts.
   iperf 3.10 2021-05-26
     * Notable user-visible changes
       * Fix a bug where some --reverse tests didn't terminate (#982 /
         #1054).
       * Responsiveness of control connections is slightly improved (#1045
         / #1046 / #1063).
       * The allowable clock skew when doing authentication between client
         and server is now configurable with the new --time-skew-threshold
         (#1065 / #1070).
       * Bitrate throttling using the -b option now works when a burst size
         is specified (#1090).
       * A bug with calculating CPU utilization has been fixed (#1076 /
         #1077).
       * A --bind-dev option to support binding sockets to a given network
         interface has been added to make iperf3 work better with
         multi-homed machines and/or VRFs (#817 / #1089 / #1097).
       * --pidfile now works with --client mode (#1110).
       * The server is now less likely to get stuck due to network errors
         (#1101, #1125), controlled by the new --rcv-timeout option.
       * Fixed a few bugs in termination conditions for byte or
         block-limited tests (#1113, #1114, #1115).
       * Added tcp_info.snd_wnd to JSON output (#1148).
       * Some bugs with garbled JSON output have been fixed (#1086, #1118,
         #1143 / #1146).
       * Support for setting the IPv4 don't-fragment (DF) bit has been
         added with the new --dont-fragment option (#1119).
       * A failure with not being able to read the congestion control
         algorithm under WSL1 has been fixed (#1061 / #1126).
       * Error handling and error messages now make more sense in cases
         where sockets were not successfully opened (#1129 / #1132 /
         #1136, #1135 / #1138, #1128 / #1139).
       * Some buffer overflow hazards were fixed (#1134).
     * Notable developer-visible changes
       * It is now possible to use the API to set/get the congestion
         control algorithm (#1036 / #1112).

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agointltool: Update to version 0.51.0
Adolf Belka [Wed, 30 Jun 2021 17:46:50 +0000 (19:46 +0200)] 
intltool: Update to version 0.51.0

- Update from 0.40.5 (2008) to 0.51.0 (2015 - latest release)
- Update of rootfile3 not required
- Changelog is too long to include here
   Changes from version 0.41.0 to 0.51.0 can be found at https://launchpad.net/intltool/+download
    and in the ChangeLog files in the Source Tarballs
   Changes prior to 0.41.0 can be found at https://download.gnome.org/sources/intltool/
    in the ChangeLog files in the Source Tarballs

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoghostscript: Update version to 9.54.0
Adolf Belka [Wed, 30 Jun 2021 17:46:31 +0000 (19:46 +0200)] 
ghostscript: Update version to 9.54.0

- Update from 9.53.3 to 9.54.0
- Update rootfile
- delete patch related to FT_CALLBACK_DEF as fix has been implemented in the source
   tarball
- Changelog highlights
   Version 9.54.0 (2021-03-30)
     The 9.54.0 release is a maintenance release, and also adds new functionality.
     Highlights in this release include:
       Overprint simulation is now available to all output devices, allowing quality previewing/proofing of PostScript and PDF jobs that rely on overprint. See the -dOverprint option documentation in: Overprint
       The "docxwrite" device adds the ability to output to Microsoft Word "docx" format. See: docxwrite
       The pdfwrite device is now capable of using the Tesseract OCR engine when it is built into Ghostscript to improve searchability and copy and paste functionality when the input lacks the metadata for that purpose. See: UseOCR
       Ghostscript/GhostPDL now includes a "map text to black" function, where text drawn by an input job (except when drawn using a Type 3 font) can be forced to draw in solid black. See: BlackText
       Ghostscript/GhostPDL now supports simple N-up imposition "internally". See: NupControl
       Our efforts in code hygiene and maintainability continue.
       The usual round of bug fixes, compatibility changes, and incremental improvements.
   Full details of above highlights can be found at https://www.ghostscript.com/doc/9.54.0/History9.htm

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoalsa: Update to version 1.2.5.1
Adolf Belka [Wed, 30 Jun 2021 17:46:07 +0000 (19:46 +0200)] 
alsa: Update to version 1.2.5.1

- Not really sure if a sound support capability is really appropriate for a firewall. I
   wouldn't have it. However if it stays as an add-on then it should be up to date.
- Update alsa-lib from 1.0.27.1 (2013) to 1.2.5.1 (2021)
- Update alsa-utils from 1.0.27.1 (2013) to 1.2.5.1 (2021)
- Update alsa-firmware from 1.0.27 (2013) to 1.2.4 (2020)
- Update rootfile
- Changelog is too large to include here. Changes back to 2019-11-20 can be found at
   https://www.alsa-project.org/wiki/Main_Page
   Earlier changes have to be found from the git commits at
   https://github.com/alsa-project/alsa-lib and
   https://github.com/alsa-project/alsa-utils
   There is no changelog or git commits that I have been able to find for alsa-firmware

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: add fwhost.cgi
Arne Fitzenreiter [Mon, 9 Aug 2021 07:52:24 +0000 (07:52 +0000)] 
core160: add fwhost.cgi

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agofwhosts.cgi: properly fetch configured IPsec N2N subnets
Peter Müller [Thu, 22 Apr 2021 20:20:00 +0000 (22:20 +0200)] 
fwhosts.cgi: properly fetch configured IPsec N2N subnets

Previously, the getcolor() function did not correctly process IPsec
N2N connections with more than one remote network configured, resulting
in networks mistakenly marked as being part of a VPN connection, or vice
versa.

Fixes: #11235
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: add general-functions.pl
Arne Fitzenreiter [Mon, 9 Aug 2021 07:47:45 +0000 (07:47 +0000)] 
core160: add general-functions.pl

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agogeneral-functions.pl: do not miscalculate when enumerating IPsec N2N subnet membership
Peter Müller [Thu, 22 Apr 2021 16:15:22 +0000 (18:15 +0200)] 
general-functions.pl: do not miscalculate when enumerating IPsec N2N subnet membership

Fixes: #11235
Cc: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore160: begin updater
Arne Fitzenreiter [Mon, 9 Aug 2021 07:05:56 +0000 (07:05 +0000)] 
core160: begin updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agogrub: fix cloudhelper permissions
Arne Fitzenreiter [Mon, 2 Aug 2021 05:38:43 +0000 (07:38 +0200)] 
grub: fix cloudhelper permissions

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agogrub: fix cloud helper installation
Arne Fitzenreiter [Sun, 1 Aug 2021 15:08:46 +0000 (17:08 +0200)] 
grub: fix cloud helper installation

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocups: Bump package version
Michael Tremer [Wed, 28 Jul 2021 11:09:18 +0000 (11:09 +0000)] 
cups: Bump package version

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agogrub cloud: Add kernel release to boot ID
Michael Tremer [Tue, 27 Jul 2021 10:07:10 +0000 (10:07 +0000)] 
grub cloud: Add kernel release to boot ID

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoflash-image: Enable GRUB_FIRST_BOOT setting
Michael Tremer [Tue, 27 Jul 2021 10:07:09 +0000 (10:07 +0000)] 
flash-image: Enable GRUB_FIRST_BOOT setting

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agogrub: Add file with cloud helping stuff
Michael Tremer [Tue, 27 Jul 2021 10:07:08 +0000 (10:07 +0000)] 
grub: Add file with cloud helping stuff

This file will detect whether to do certain actions depending on the
environment it is running on.

Currently this detects whether IPFire is booting up on AWS EC2 and
selects the serial console boot entry.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoflash-images: Label serial console option as "serial"
Michael Tremer [Tue, 27 Jul 2021 10:07:07 +0000 (10:07 +0000)] 
flash-images: Label serial console option as "serial"

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoset version to 2.27
Arne Fitzenreiter [Sun, 1 Aug 2021 09:51:14 +0000 (11:51 +0200)] 
set version to 2.27

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agokernel: update to 5.10.55
Arne Fitzenreiter [Sun, 1 Aug 2021 09:50:25 +0000 (11:50 +0200)] 
kernel: update to 5.10.55

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-3.x into next
Arne Fitzenreiter [Sat, 31 Jul 2021 16:52:02 +0000 (18:52 +0200)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-3.x into next

3 years agocore159: add libusb
Arne Fitzenreiter [Sat, 31 Jul 2021 16:51:22 +0000 (18:51 +0200)] 
core159: add libusb

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoRevert "libusb: update to 0.0.24"
Arne Fitzenreiter [Sat, 31 Jul 2021 11:27:54 +0000 (13:27 +0200)] 
Revert "libusb: update to 0.0.24"

This reverts commit 937d8dbcb19fcfbdfc0d914b769c93b5cffdba65.

3 years agou-boot-friendlyarm: add armv6l rootfile
Arne Fitzenreiter [Fri, 30 Jul 2021 19:58:56 +0000 (19:58 +0000)] 
u-boot-friendlyarm: add armv6l rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agou-boot: remove uneeded cflags and a unused rpi patch
Arne Fitzenreiter [Fri, 30 Jul 2021 11:29:18 +0000 (11:29 +0000)] 
u-boot: remove uneeded cflags and a unused rpi patch

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agou-boot-friendlyarm: update to 5e8607b
Arne Fitzenreiter [Fri, 30 Jul 2021 11:28:03 +0000 (11:28 +0000)] 
u-boot-friendlyarm: update to 5e8607b

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agokernel: update to 5.10.54
Arne Fitzenreiter [Wed, 28 Jul 2021 20:42:51 +0000 (22:42 +0200)] 
kernel: update to 5.10.54

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agokernel: update to 5.10.53
Arne Fitzenreiter [Sun, 25 Jul 2021 21:48:58 +0000 (23:48 +0200)] 
kernel: update to 5.10.53

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoglib: update to 2.69.0
Arne Fitzenreiter [Fri, 23 Jul 2021 11:47:07 +0000 (13:47 +0200)] 
glib: update to 2.69.0

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocups: Reload dbus to load/unload policy
Michael Tremer [Wed, 21 Jul 2021 14:41:58 +0000 (14:41 +0000)] 
cups: Reload dbus to load/unload policy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoavahi: Reload dbus to load/unload policy
Michael Tremer [Wed, 21 Jul 2021 14:41:57 +0000 (14:41 +0000)] 
avahi: Reload dbus to load/unload policy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agodbus: Add reload to initscript
Michael Tremer [Wed, 21 Jul 2021 14:41:56 +0000 (14:41 +0000)] 
dbus: Add reload to initscript

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore159: Fix permissions after extraction
Michael Tremer [Wed, 21 Jul 2021 15:45:00 +0000 (15:45 +0000)] 
core159: Fix permissions after extraction

There seems to be a bug in tar (which should be gone by now), but on
affected systems, we might need to reset directory permissions just in
case.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agovdr: cleanup unused patch
Arne Fitzenreiter [Fri, 23 Jul 2021 06:11:48 +0000 (06:11 +0000)] 
vdr: cleanup unused patch

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agovdr: bump package version
Arne Fitzenreiter [Thu, 22 Jul 2021 18:22:14 +0000 (18:22 +0000)] 
vdr: bump package version

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agopcengines-apu-firmware: update to 4.14.0.2
Arne Fitzenreiter [Thu, 22 Jul 2021 08:48:47 +0000 (10:48 +0200)] 
pcengines-apu-firmware: update to 4.14.0.2

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agovdr: update to 2.4.7
Arne Fitzenreiter [Wed, 21 Jul 2021 19:49:19 +0000 (21:49 +0200)] 
vdr: update to 2.4.7

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agokernel: update to 5.10.52
Arne Fitzenreiter [Wed, 21 Jul 2021 16:09:59 +0000 (18:09 +0200)] 
kernel: update to 5.10.52

Signen-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agotshark: update to 3.4.7
Arne Fitzenreiter [Mon, 19 Jul 2021 22:46:54 +0000 (22:46 +0000)] 
tshark: update to 3.4.7

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoREADME: Update installation URL
Michael Tremer [Mon, 19 Jul 2021 10:54:50 +0000 (10:54 +0000)] 
README: Update installation URL

Reported-by: Konrad Panzlaff <konrad.panzlaff@pa-bu.de>
Fixes: #12661
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agotshark: Update to version 3.4.6
Adolf Belka [Wed, 14 Jul 2021 20:41:39 +0000 (22:41 +0200)] 
tshark: Update to version 3.4.6

- Update from 3.4.3 to 3.4.6
- Update rootfile
- Changelog
   Wireshark 3.4.6 Release Notes
    What’s New
     The Windows installers now ship with Npcap 1.31. They previously
      shipped with Npcap 1.10.
     The Windows installers now ship with Qt 5.15.2. They previously
      shipped with Qt 5.12.1.
     Bug Fixes
        • wnpa-sec-2021-04[1] DVB-S2-BB dissector infinite loop
     The following bugs have been fixed:
        • Macro filters can’t handle escaped characters Issue 17160[2].
        • Display filter crashes Wireshark Issue 17316[3].
        • IEEE-1588 Signalling Unicast TLV incorrectly reported as being
          malformed Issue 17355[4].
        • IETF QUIC TLS decryption error with extraneous packets during the
          handshake Issue 17383[5].
        • Statistics → Resolved Addresses: multi-protocol (TCP/UDP/…​)
          ports not displayed Issue 17395[6].
     New and Updated Features
      New Protocol Support
       There are no new protocols in this release.
      Updated Protocol Support
       DNP, DVB-S2-BB, ProtoBuf, PTP, QUIC, RANAP, and TACACS
      New and Updated Capture File Support
       Ascend, ERF, K12, NetScaler, and pcapng
   Wireshark 3.4.5 Release Notes
    What’s New
     Bug Fixes
      The following vulnerabilities have been fixed:
        • wnpa-sec-2021-04[1] MS-WSP dissector excessive memory
          consumption. Issue 17331[2].
      The following bugs have been fixed:
        • TShark does not print GeoIP information Issue 14691[3].
        • TShark error when piping to "head" Issue 16192[4].
        • Parts of ASCII representation in Packet Bytes pane are missing
          Issue 17087[5].
        • Buildbot crash output: fuzz-2021-02-22-1012761.pcap Issue
          17254[6].
        • NDPE attribute of NAN packet is not dissected Issue 17278[7].
        • TECMP: reserved flag interpreted as part of timestamp Issue
          17279[8].
        • Master branch does not compile at least with gcc-11 Issue
          17281[9].
        • DNS IXFR/AXFR multiple response Issue 17293[10].
        • File too large Issue 17301[11].
        • Build fails with CMake 3.20 Issue 17314[12].
     New and Updated Features
      New Protocol Support
       There are no new protocols in this release.
      Updated Protocol Support
       DECT, DNS, EAP, Kerberos, LDAP, MS-WSP, SMB2, Sysdig, TECMP, and WiFi
        NAN
      New and Updated Capture File Support
       pcapng
   Wireshark 3.4.4 Release Notes
    What’s New
     Bug Fixes
      The following vulnerabilities have been fixed:
        • wnpa-sec-2021-03[1] Wireshark could open unsafe URLs. Issue
          17232[2]. CVE-2021-22191[3].
      The following bugs have been fixed:
        • NTP Version 3 Client Decode PDML output issue (Reference ID
          Issue) Issue 17112[4].
        • 3.4.2: public wireshark include files are including build time
          "config.h" Issue 17190[5].
        • wireshark-3.4.3/epan/dissectors/packet-s7comm.c:3521: bad array
          index ? Issue 17198[6].
        • SIP protocol: P-Called-Party-ID header mixed up with
          P-Charge-Info header Issue 17215[7].
        • Asterix CAT010 Decode Error Issue 17226[8].
        • _ws.expert columns not populated for IPv4 Issue 17228[9].
        • Buildbot crash output: fuzz-2021-02-12-1651908.pcap Issue
          17233[10].
        • gQUIC: Wireshark 3.4.3 fails to dissect a packet (gQUIC q024)
          that v3.2.6 succeeds. Issue 17250[11].
     New and Updated Features
      New Protocol Support
       There are no new protocols in this release.
      Updated Protocol Support
       ASTERIX, Frame Relay, GQUIC, NTP, NVMe Fabrics RDMA, S7COMM, and SIP
      New and Updated Capture File Support
       iSeries

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agotftpd: Update to version 5.2
Adolf Belka [Wed, 14 Jul 2021 20:41:23 +0000 (22:41 +0200)] 
tftpd: Update to version 5.2

- Update from 0.48 (2007) to 5.2 (2011)
   Version 5.2 is the last update made to this program
- Update to rootfile
- Changelog
   Changes in 5.2:
Fix breakage on newer Linux when a single interface has
         multiple IP addresses.
   Changes in 5.1:
Add -P option to write a PID file.  Patch by Ferenc Wagner.
Bounce the syslog socket in standalone mode, in case the
         syslog daemon has been restarted.  Patch by Ferenc Wagner.
Build fixes.
Fix handling of block number wraparound after a successful
         options negotiation.
Fix a buffer overflow in option parsing.
   Changes in 5.0:
Try to on platforms with getaddrinfo() without AI_ADDRCONFIG or
         AI_CANONNAME.
Implement the "rollover" option, for clients which want block
         number to rollover to anything other than zero.
Correctly disable PMTU in standalone mode.  Patch by Florian
         Lohoff.
   Changes in 0.49:
Add IPv6 support.  Patch by Karsten Keil.
Support systems with editline instead of readline.
Support long options in the server.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agosamba: Update version to 4.14.6
Adolf Belka [Wed, 14 Jul 2021 11:37:12 +0000 (13:37 +0200)] 
samba: Update version to 4.14.6

- Update from 4.14.4 to 4.14.6
- Update of rootfile not required
- Changelog
   Release Notes for Samba 4.14.6
        * BUG 14722: s3: lib: Fix talloc heirarcy error in parent_smb_fname().
        * BUG 14732: smbd: Fix pathref unlinking in create_file_unixpath().
        * BUG 14734: s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown().
        * BUG 14736: s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
          change_file_owner_to_parent() error path.
        * BUG 14730: NT_STATUS_FILE_IS_A_DIRECTORY error messages when using
          glusterfs VFS module.
        * BUG 14734: s3/modules: fchmod: Fallback to path based chmod if pathref.
        * BUG 14740: Spotlight RPC service doesn't work with vfs_glusterfs.
        * BUG 14750: gensec_krb5: Restore ipv6 support for kpasswd.
        * BUG 14752: smbXsrv_{open,session,tcon}: protect
          smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records.
        * BUG 14027: samba-tool domain backup offline doesn't work against bind DLZ
          backend.
        * BUG 14669: netcmd: Use next_free_rid() function to calculate a SID for
          restoring a backup.
   Release Notes for Samba 4.14.5
        * BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success.
        * BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned
          Windows ACL for directory handles.
        * BUG 14721: s3: smbd: Fix uninitialized memory read in
          process_symlink_open() when used with vfs_shadow_copy2().
        * BUG 14689: docs: Expand the "log level" docs on audit logging.
        * BUG 14714: smbd: Correctly initialize close timestamp fields.
        * BUG 14699: Fix gcc11 compiler issues.
        * BUG 14718: docs-xml: Update smbcacls manpage.
        * BUG 14719: docs: Update list of available commands in rpcclient.
        * BUG 14475: ctdb: Fix a crash in run_proc_signal_handler().
        * BUG 14695: s3:winbind: For 'security = ADS' require realm/workgroup to be
          set.
        * BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore159: add mountkernfs script to update
Arne Fitzenreiter [Mon, 19 Jul 2021 18:21:49 +0000 (18:21 +0000)] 
core159: add mountkernfs script to update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agolibvirtd: Enable required cgroups
Michael Tremer [Fri, 16 Jul 2021 11:14:13 +0000 (11:14 +0000)] 
libvirtd: Enable required cgroups

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agomountkernfs: Mount cgroup2 hierarchy
Michael Tremer [Fri, 16 Jul 2021 11:14:12 +0000 (11:14 +0000)] 
mountkernfs: Mount cgroup2 hierarchy

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agolibcdada: Patch file to allow build to work with GCC 11 and update version to 0.3.5
Adolf Belka [Fri, 16 Jul 2021 11:12:58 +0000 (13:12 +0200)] 
libcdada: Patch file to allow build to work with GCC 11 and update version to 0.3.5

- Update from 0.3.4 to 0.3.5
- Created libcdada-0.3.5-Werror.patch based on the gentoo 0.3.5 patch to remove -Werror
   flags from the configure. This was flagging up warnings as errors and stopping
   the build
- Removed the SUP_ARCH line to allow it to build again
- Added --without-tests and --without-checks to the ./configure statement. This prevents
   the test and checks being built
- Removed libcdada-0.3.4-use-shared-library-for-tests-and-examples-build.patch as no
   longer needed with the tests and checks no longer being built
- No update required for rootfile
- Changelog
   v0.3.5 (20th April 2021)
    New
     - Improved public API documentation
     - build: add --without-tests --without-examples build options
    Bug fix
     - Fix `E_EMPTY` return codes set/map/list/stack/queue
     - Fix `make check` when valgrind is not installed

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agopmacct: Patch file to allow build to work with GCC 11
Adolf Belka [Fri, 16 Jul 2021 11:12:57 +0000 (13:12 +0200)] 
pmacct: Patch file to allow build to work with GCC 11

- Created pmacct-1.7.6-Werror.patch to remove -Werror flags from the configure
   This was flagging up warnings as errors and stopping the build
- Removed the SUP_ARCH line to allow it to build again
- No update required to the rootfile

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agokernel: update to 5.10.51
Arne Fitzenreiter [Mon, 19 Jul 2021 12:08:08 +0000 (14:08 +0200)] 
kernel: update to 5.10.51

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agokernel: update to 5.10.50
Arne Fitzenreiter [Thu, 15 Jul 2021 20:41:51 +0000 (22:41 +0200)] 
kernel: update to 5.10.50

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocpufrequtils: enable build on all arches
Arne Fitzenreiter [Wed, 14 Jul 2021 18:04:02 +0000 (20:04 +0200)] 
cpufrequtils: enable build on all arches

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocpufrequtils: add some patches from the debian patchset
Arne Fitzenreiter [Wed, 14 Jul 2021 17:57:58 +0000 (19:57 +0200)] 
cpufrequtils: add some patches from the debian patchset

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoMerge remote-tracking branch 'origin/master' into next
Arne Fitzenreiter [Wed, 14 Jul 2021 11:16:04 +0000 (13:16 +0200)] 
Merge remote-tracking branch 'origin/master' into next

3 years agomake.sh: Explicitely call zstd to extract toolchain
Michael Tremer [Sun, 11 Jul 2021 13:12:15 +0000 (14:12 +0100)] 
make.sh: Explicitely call zstd to extract toolchain

Some older versions of tar do not recognise Zstandard, yet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocdrom: Compress file system image using Zstandard
Michael Tremer [Tue, 13 Jul 2021 16:27:59 +0000 (16:27 +0000)] 
cdrom: Compress file system image using Zstandard

This patch uses the new Zstandard algorithm to compress the file system
image on the ISO image. This comes with these advantages:

* Compression is about twice as fast than XZ with the parameters we have
  selected here
* We use a lot less memory during compression and can therefore utilise
  all processor cores of the build machines
* Decompression (when installing IPFire and when creating the
  flash-image) is substantically faster

The downside is that the generated ISO image is slighty larger (~10MiB)
which I am okay with as a trade-off for the points mentioned above.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoinstaller: Fix reading /proc/cmdline when launched by GRUB
Michael Tremer [Tue, 13 Jul 2021 15:44:20 +0000 (15:44 +0000)] 
installer: Fix reading /proc/cmdline when launched by GRUB

The installer was reading the kernel command line and was looking for
certain values which configured the installer.

GRUB appended a trailing newline character which was not accounted for
and caused that the last parameter was not correctly compared to the
list of possible keys.

Fixes: #12656 - core 157: unattended installation don't work as expected on EFI
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoaws: Enable serial console by default
Michael Tremer [Tue, 13 Jul 2021 10:11:31 +0000 (10:11 +0000)] 
aws: Enable serial console by default

AWS for some time now has a serial console feature which is enabled by
default on all systems. The VGA console is not enabled for any new
non-x86 instance types and not interactive.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore159: add makegraphs and hddshutdown cronjob
Arne Fitzenreiter [Wed, 14 Jul 2021 08:20:23 +0000 (10:20 +0200)] 
core159: add makegraphs and hddshutdown cronjob

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocrontab: dont run makegraphs and hddshutdown to the same time
Arne Fitzenreiter [Wed, 14 Jul 2021 06:14:21 +0000 (08:14 +0200)] 
crontab: dont run makegraphs and hddshutdown to the same time

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agomakegraphs: fix status collection for hddshutdown
Arne Fitzenreiter [Wed, 14 Jul 2021 06:12:16 +0000 (08:12 +0200)] 
makegraphs: fix status collection for hddshutdown

with kernel 5.10.x also the reading of s.m.a.r.t. data to update
the temperatur graphs is countet as disk read so update the stored
value after reading.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agostrip: Silence any warnings for files without capabilities
Michael Tremer [Tue, 13 Jul 2021 15:34:59 +0000 (15:34 +0000)] 
strip: Silence any warnings for files without capabilities

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agovpnmain.cgi: Join certificate output before &Header::cleanhtml();
Michael Tremer [Tue, 13 Jul 2021 15:30:53 +0000 (15:30 +0000)] 
vpnmain.cgi: Join certificate output before &Header::cleanhtml();

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoPartially revert "vpnmain.cgi: Use new system methods"
Michael Tremer [Tue, 13 Jul 2021 15:30:52 +0000 (15:30 +0000)] 
Partially revert "vpnmain.cgi: Use new system methods"

This reverts commit a81cbf61273536ee36f3d26504aabdcd65d39cca.

It was no longer possible to generate the root/host certificates.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoovpnmain.cgi: Join certificate output before &Header::cleanhtml();
Michael Tremer [Tue, 13 Jul 2021 15:30:51 +0000 (15:30 +0000)] 
ovpnmain.cgi: Join certificate output before &Header::cleanhtml();

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore158: Ship etherwake
Michael Tremer [Mon, 12 Jul 2021 16:23:54 +0000 (16:23 +0000)] 
core158: Ship etherwake

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agodnsdist: build only for x86_64
Arne Fitzenreiter [Sat, 10 Jul 2021 17:53:08 +0000 (17:53 +0000)] 
dnsdist: build only for x86_64

32bit archs fail because time_t is only 4 bytes and
aarch64 not build on builders with 2GB ram.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoMerge remote-tracking branch 'origin/master' into next
Arne Fitzenreiter [Sat, 10 Jul 2021 17:51:41 +0000 (17:51 +0000)] 
Merge remote-tracking branch 'origin/master' into next

3 years agostripper: Handle capabilities
Michael Tremer [Fri, 9 Jul 2021 16:17:43 +0000 (16:17 +0000)] 
stripper: Handle capabilities

During the build process, we set capabilities to elevate privileges of
certain progrems (e.g. ping). These have been removed during the build
process because of strip.

This patch collects any capabilities from all files that are being
stripped and restores them after calling strip.

Fixes: #12652
Reported-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore158: Run sshctrl
Michael Tremer [Fri, 9 Jul 2021 15:24:33 +0000 (15:24 +0000)] 
core158: Run sshctrl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoPakfire: call "sync" in function.sh after having extracted archives
Peter Müller [Wed, 7 Jul 2021 17:27:14 +0000 (19:27 +0200)] 
Pakfire: call "sync" in function.sh after having extracted archives

After upgrading to Core Update 157, a few number of users reported their
systems to be unworkable after a reboot. Most of them (the systems, not
the users) were apparently missing the new Linux kernel in their Grub
configuration, causing a non-functional bootloader written to disk.

While we seem to be able to rule out issues related to poor storage
(SDDs, flash cards, etc.) or very high I/O load, it occurred to me we
are not calling "sync" after having extracted a Core Update's .tar.gz
file.

This patch therefore proposes to do so. It is a somewhat homeopathic
approach, though, but might ensure all parts of the system to have
properly processed the contents of an extracted archive. While we cannot
even reasonably guess it will solve the problem(s) mentioned initially,
doing so cannot hurt either.

See also:
https://community.ipfire.org/t/after-update-ipfire-to-157-no-boot/5641/45

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore158: Ship pakfire functions.sh
Michael Tremer [Fri, 9 Jul 2021 13:25:41 +0000 (13:25 +0000)] 
core158: Ship pakfire functions.sh

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopakfire: Do not delay directory restore
Michael Tremer [Fri, 9 Jul 2021 13:25:00 +0000 (13:25 +0000)] 
pakfire: Do not delay directory restore

https://www.gnu.org/software/tar/manual/tar.html#Directory-Modification-Times-and-Permissions

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopakfire: Put tar options into an array
Michael Tremer [Fri, 9 Jul 2021 13:23:56 +0000 (13:23 +0000)] 
pakfire: Put tar options into an array

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopakfire.cgi: Sleep after running a pakfire command
Michael Tremer [Fri, 9 Jul 2021 13:19:08 +0000 (13:19 +0000)] 
pakfire.cgi: Sleep after running a pakfire command

This is required to have better chances in the race of showing the log
output afterwards.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopakfire.cgi: Remove confusing dots in install message
Michael Tremer [Fri, 9 Jul 2021 13:05:13 +0000 (13:05 +0000)] 
pakfire.cgi: Remove confusing dots in install message

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopakfire.cgi: Pass packages to install/uninstall as array
Michael Tremer [Fri, 9 Jul 2021 13:04:14 +0000 (13:04 +0000)] 
pakfire.cgi: Pass packages to install/uninstall as array

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agofireinfo.cgi: Fix kernel version
Michael Tremer [Fri, 9 Jul 2021 12:56:17 +0000 (12:56 +0000)] 
fireinfo.cgi: Fix kernel version

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoclamav: Update to 0.103.3
Matthias Fischer [Tue, 22 Jun 2021 16:13:44 +0000 (18:13 +0200)] 
clamav: Update to 0.103.3

For details see:
https://blog.clamav.net/2021/06/clamav-01033-patch-release.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agodnsdist: Fix FTBFS with GCC 11
Michael Tremer [Wed, 7 Jul 2021 20:18:29 +0000 (20:18 +0000)] 
dnsdist: Fix FTBFS with GCC 11

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore159: add collect and libstatgrab
Arne Fitzenreiter [Fri, 9 Jul 2021 06:12:53 +0000 (06:12 +0000)] 
core159: add collect and libstatgrab

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocollectd: Use libstatgrab to read disk stats
Michael Tremer [Thu, 8 Jul 2021 11:20:05 +0000 (11:20 +0000)] 
collectd: Use libstatgrab to read disk stats

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agomake.sh: Build libstatgrab before collectd
Michael Tremer [Thu, 8 Jul 2021 11:20:03 +0000 (11:20 +0000)] 
make.sh: Build libstatgrab before collectd

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agolibstatgrab: Make it part of the core system
Michael Tremer [Thu, 8 Jul 2021 11:20:04 +0000 (11:20 +0000)] 
libstatgrab: Make it part of the core system

collectd will be using this

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agou-boot: uppdate to 2021.07
Arne Fitzenreiter [Thu, 8 Jul 2021 10:38:52 +0000 (10:38 +0000)] 
u-boot: uppdate to 2021.07

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoddns.cgi: Fix sanity check logic.
Stefan Schantl [Tue, 6 Jul 2021 16:08:29 +0000 (18:08 +0200)] 
ddns.cgi: Fix sanity check logic.

The input validation did not work in the proper way. It allways
reported "No password" when using a provider which supports token and
the token has been given.

This of course is wrong and leaded to unuseable providers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>