- Update iproute2 from 5.10.0 to 5.11.0
- Updated rootfile
- Changelog extracted from commits
lib/fs: Fix single return points for get_cgroup2_* Andrea Claudi
lib/fs: avoid double call to mkdir on make_path() Andrea Claudi
lib/bpf: Fix and simplify bpf_mnt_check_target() Andrea Claudi
lib/namespace: fix ip -all netns return code Andrea Claudi
ip: lwtunnel: seg6: bail out if table ids are invalid Andrea Claudi
tc: m_gate: use SPRINT_BUF when needed Andrea Claudi
man8/bridge.8: be explicit that "flood" is an egress setting Vladimir Oltean
man8/bridge.8: explain self vs master for "bridge fdb add" Vladimir Oltean
man8/bridge.8: fix which one of self/master is default for "bridge fdb" Vladimir Oltean
man8/bridge.8: explain what a local FDB entry is Vladimir Oltean
man8/bridge.8: document that "local" is default for "bridge fdb add" Vladimir Oltean
man8/bridge.8: document the "permanent" flag for "bridge fdb add" Vladimir Oltean
rdma: Fix statistics bind/unbing argument handling Ido Kalir
uapi: pick up rpl.h fix Stephen Hemminger
iproute: force rtm_dst_len to 32/128 Luca Boccassi
ss: Add clarification about host conditions with multiple familes to man Thayne McCombs
Add documentation of ss filter to man page Thayne McCombs
iplink: print warning for missing VF data Edwin Peer
ss: do not emit warn while dumping MPTCP on old kernels Paolo Abeni
man: tc-taprio.8: document the full offload feature Vladimir Oltean
iplink_bareudp: cleanup help message and man page Guillaume Nault
vrf: fix ip vrf exec with libbpf Luca Boccassi
vrf: print BPF log buffer if bpf_program_load fails Luca Boccassi
build: Fix link errors on some systems Roi Dayan
tc: flower: fix json output with mpls lse Guillaume Nault
dcb: Change --Netns/-N to --netns/-n Petr Machata
dcb: Plug a leaking DCB socket buffer Petr Machata
dcb: Set values with RTM_SETDCB type Petr Machata
uapi: update if_link.h from upstream Stephen Hemminger
include: uapi: Carry dcbnl.h Petr Machata
uapi: update kernel headers to 5.11 pre rc1
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update hplip from 3.20.11 to 3.21.2
- Updated rootfile
- Changelog
Added support for following new Distro's:
Fedora 33
Manjaro 20.2
Debian 10.7
RHEL 8.3
RHEL 7.7
RHEL 7.8
RHEL 7.9
Added support for the following new Printers:
HP LaserJet Enterprise M406dn
HP LaserJet Enterprise M407dn
HP LaserJet Enterprise MFP M430f
HP LaserJet Enterprise MFP M431f
HP LaserJet Managed E40040dn
HP LaserJet Managed MFP E42540f
HP Color LaserJet Enterprise M455dn
HP Color LaserJet Managed E45028dn
HP Color LaserJet Enterprise MFP M480f
HP Color LaserJet Managed MFP E47528f
HP PageWide XL 3920 MFP
HP PageWide XL 4200 Printer
HP PageWide XL 4200 Multifunction Printer
HP PageWide XL 4700 Printer
HP PageWide XL 4700 Multifunction Printer
HP PageWide XL 5200 Printer
HP PageWide XL 5200 Multifunction Printer
HP PageWide XL 8200 Printer
HP Laserjet M207d
HP Laserjet M208d
HP Laserjet M209d
HP Laserjet M210d
HP Laserjet M212d
HP Lasejet M211d
HP Laserjet M209dw
HP Laserjet M209dwe
HP Laserjet M210dw
HP Laserjet M210dwe
HP Laserjet M212dw
HP LaserJet M212dwe
HP Laserjet M208dw
HP Laserjet M207dw
HP Laserjet M211dw
HP LaserJet MFP M234dw
HP LaserJet MFP M234dwe
HP LaserJet MFP M233d
HP LaserJet MFP M232d
HP LaserJet MFP M235d
HP LaserJet MFP M237d
HP LaserJet MFP M236d
HP LaserJet MFP M232dw
HP LaserJet MFP M232dwc
HP LaserJet MFP M233dw
HP LaserJet MFP M236dw
HP LaserJet MFP M235dw
HP LaserJet MFP M235dwe
HP LaserJet MFP M237dwe
HP LaserJet MFP M237dw
HP LaserJet MFP M232sdn
HP LaserJet MFP M233sdn
HP LaserJet MFP M236sdn
HP LaserJet MFP M234sdn
HP LaserJet MFP M234sdne
HP LaserJet MFP M235sdn
HP LaserJet MFP M235sdne
HP LaserJet MFP M237sdne
HP LaserJet MFP M237sdn
HP LaserJet MFP M232sdw
HP LaserJet MFP M233sdw
HP LaserJet MFP M236sdw
HP LaserJet MFP M234sdw
HP LaserJet MFP M234sdwe
HP LaserJet MFP M235sdw
HP LaserJet MFP M235sdwe
HP LaserJet MFP M237sdwe
HP LaserJet MFP M237sdw
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Use the traffic class description field to identify similar classes.
This ensures that a class used in both the up- and down-link is
printed with matching colors in both graphs.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 5 Mar 2021 17:41:28 +0000 (18:41 +0100)]
openssh: Update to 8.5p1
- Update Openssh from 8.4p1 to 8.5p1
- rootfiles not changed
- ssh access by keys tested with 8.5p1 and successfully worked
- Full Release notes can be read at https://www.openssh.com/releasenotes.html
- Future deprecation notice
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.
In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
OpenSSH will disable this signature scheme by default in the near
future.
Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.
- Checked if the weak ssh-rsa public key algorithm was being used with
openssh8.4p1 by running
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
host verification was successful with no issue so IPFire will not be
affected by this deprecation when it happens
- Potentially-incompatible changes
* ssh(1), sshd(8): this release changes the first-preference signature
algorithm from ECDSA to ED25519.
This did not affect my use of ssh login but I use ED25519 as the only
key algorithm that I use. It might be good to get it tested by
someone who has ECDSA and ED25519 keys and prefers ECDSA
Remaining changes don't look likely to affect IPFire users
- Bugfixes
* ssh(1): Prefix keyboard interactive prompts with "(user@host)" to
make it easier to determine which connection they are associated
with in cases like scp -3, ProxyJump, etc. bz#3224
* sshd(8): fix sshd_config SetEnv directives located inside Match
blocks. GHPR201
* ssh(1): when requesting a FIDO token touch on stderr, inform the
user once the touch has been recorded.
* ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the effective value
(for most platforms) at 24 days. bz#3229
* ssh(1): consider the ECDSA key subtype when ordering host key
algorithms in the client.
* ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
that it control allowed key algorithms, when this option actually
specifies the signature algorithms that are accepted. The previous
name remains available as an alias. bz#3253
* ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
* sftp-server(8): add missing lsetstat@openssh.com documentation
and advertisement in the server's SSH2_FXP_VERSION hello packet.
* ssh(1), sshd(8): more strictly enforce KEX state-machine by
banning packet types once they are received. Fixes memleak caused
by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
* sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
platforms instead of being limited by LONG_MAX. bz#3206
* Minor man page fixes (capitalization, commas, etc.) bz#3223
* sftp(1): when doing an sftp recursive upload or download of a
read-only directory, ensure that the directory is created with
write and execute permissions in the interim so that the transfer
can actually complete, then set the directory permission as the
final step. bz#3222
* ssh-keygen(1): document the -Z, check the validity of its argument
earlier and provide a better error message if it's not correct.
bz#2879
* ssh(1): ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config. bz#2320
* sshd_config(5): mention that DisableForwarding is valid in a
sshd_config Match block. bz3239
* sftp(1): fix incorrect sorting of "ls -ltr" under some
circumstances. bz3248.
* ssh(1), sshd(8): fix potential integer truncation of (unlikely)
timeout values. bz#3250
* ssh(1): make hostbased authentication send the signature algorithm
in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Mar 2021 15:08:25 +0000 (15:08 +0000)]
core155: It looks like our tooling can't handle this
Python3 has a common rootfile for x86_64 and aarch64 and separate files
for armv5tel and i586. The core update build scripts cannot deal with
this which makes it necessary to create individual links to the correct
rootfile for each architecture.
Third time lucky.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
