Stefan Schantl [Sat, 22 Apr 2023 07:41:38 +0000 (09:41 +0200)]
firewall-lib.pl: Use an ipset set if a service group contains more than
15 ports.
The iptables multiport only supports up to 15 ports (ranges costs more).
To avoid this kind of limitation, now an ipset set will be used which
could handle up to 65k ports at once.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Fri, 14 Apr 2023 16:32:54 +0000 (18:32 +0200)]
rules.pl: Avoid creating iptables rules if the corresponding blocklist is not loaded
In case a blocklist is empty after de-duplication of the entries, it
would not be loaded. In such a case we also can skip creating any
iptables rules for this list.
This avoids us checking against an empty list and therefore saves a few cpu cycles.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Peter Müller [Fri, 7 Apr 2023 14:35:11 +0000 (14:35 +0000)]
parse-func.pl: Adjust regular expression to changed 'tc' output
It is not clear at all why they choose to change the tool's output this
way in upstream commit 010a8388aea11e767ba3a2506728b9ad9760df0e, but
we'll have to make do with this.
Fixes: #13075 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Symlink will remain in place to ensure the reverted version is always
shipped to our users, including those that have installed Core Update
174 (testing).
Fixes: #13073 Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 16 Mar 2023 10:34:03 +0000 (11:34 +0100)]
header.pl: Add reference to colors.txt into header.pl
- With change of common css entries into header.pl with commit
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=b52a84ddc77f9db7e4ad7b129f21fbf528c6f990
I had missed that color20 and color22 etc, that come from colors.txt, are not known in
header.pl so that the alternate colours in tables were missing. Even though I tested the
previous commit I obviously did not look well enough because I missed that the tables
had no alternate colours. I just found it now when looking at Core Update 174 Testing.
- Confirmed by copying this version of header.pl into my CU174 Testing system and the
alternate colour rows came back again as they should be. I am sure now that they are
correct.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Adolf Belka [Sun, 12 Mar 2023 12:48:11 +0000 (13:48 +0100)]
Language files: Fixes bug#12701 - Line removed from proxy.cgi no longer needed in lang files
- v2 version that has only the removed line in the language files diffs
- Line removed from de, en, es & fr
- No translations had been done for the other languages for that line.
Fixes: Bug#12701 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Sat, 11 Mar 2023 17:04:18 +0000 (17:04 +0000)]
linux-firmware: Do not ship the qca/ directory
It only contains firmware files for some Qualcomm Bluetooth devices, for
which there is no use on IPFire, since we disabled Bluetooth support in
the kernel a long time ago due to security reasons.
To save some space (~ 1.9 MByte), do not ship these files, and delete
them on existing IPFire installations as well.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 20221214 to 20230210
- Update of rootfile
- Changelog
For changes see the commits in the git repo
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 14 Feb 2023 13:08:46 +0000 (14:08 +0100)]
procy.cgi: Fix bug#12701 - remove advproxy wpad notice line
- This line is no longer needed with the help button at the top of each WUI page that was
implemented by @Leo
- Sorry for long time for me to get around to finalising this patch but it is done now.
Fixes: bug#12701 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Mon, 6 Mar 2023 17:04:24 +0000 (18:04 +0100)]
updatexlrator.cgi: Update to naming of variables in css section
- This updates the updatexlrator.cgi page to the same central use of extraHead from
header.pl and simplifying of css variables where appropriate.
- The variables for the percentage bar will also be able to be used in other cgi pages
with a percent bar.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Mon, 6 Mar 2023 17:04:23 +0000 (18:04 +0100)]
dhcp.cgi: Update to naming of variables in css section
- After looking at other .cgi files I realised that I had named the variables based on
their dhcp usage only. However colouryellow or color20 etc can be used not only in a
row but also in a cell or a column. Rather than ending up with multiple copies of the
same colour for rows, cells, columns etc I have simplified the variable names to just
the colour. They can then be used in whatever situation is wanted. The rest of the cgi
code will give the view of what structure the colour is being applied to.
- This will limit the number of different css variables defined in the header.pl file
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Stefan Schantl [Tue, 7 Mar 2023 11:53:49 +0000 (12:53 +0100)]
traffic.cgi: Do not use hard-coded red interface name
If QMI is used the dial in mode has to be set as ppp dialin but the
interface name is red. In such a case the old code tried to display
the stats for the ppp0 interface which is wrong.
This patch fixes this issue by calling the handy function to get
the correct interface name for red.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:01:24 +0000 (23:01 +0100)]
grep: Update to version 3.9
- Update from version 3.8 to 3.9
- Update of rootfile not required
- Changelog
Noteworthy changes in release 3.9 (2023-03-05) [stable]
Bug fixes
With -P, some non-ASCII UTF8 characters were not recognized as
word-constituent due to our omission of the PCRE2_UCP flag. E.g.,
given f(){ echo Perú|LC_ALL=en_US.UTF-8 grep -Po "$1"; } and
this command, echo $(f 'r\w'):$(f '.\b'), before it would print ":r".
After the fix, it prints the correct results: "rú:ú".
When given multiple patterns the last of which has a back-reference,
grep no longer sometimes mistakenly matches lines in some cases.
[Bug#36148#13 introduced in grep 3.4]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:01:26 +0000 (23:01 +0100)]
python3-setuptools: Update to version 67.5.1
- Update from version 65.4.1 to 67.5.1
- Update of rootfile
- Changelog
v67.5.1
Misc
* #3836: Fixed interaction between ``setuptools``' package auto-discovery and
auto-generated ``htmlcov`` files.
Previously, the ``htmlcov`` name was ignored when searching for single-file
modules, however the correct behaviour is to ignore it when searching for
packages (since it is supposed to be a directory, see `coverage config`_)
-- by :user:`yukihiko-shinoda`.
.. _coverage config: https://coverage.readthedocs.io/en/stable/config.html#html-directory
* #3838: Improved error messages for ``pyproject.toml`` validations.
* #3839: Fixed ``pkg_resources`` errors caused when parsing metadata of packages that
are already installed but do not conform with PEP 440.
v67.5.0
Changes
* #3843: Although pkg_resources has been discouraged for use, some projects still
consider pkg_resources viable for usage. This change makes it clear that
pkg_resources should not be used, emitting a DeprecationWarning when imported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:01:27 +0000 (23:01 +0100)]
sudo: Update to version 1.9.13p3
- Update from version 1.9.13p2 to 1.9.13p3
- Update of rootfile not required
- Changelog
What's new in Sudo 1.9.13p3
* Fixed a bug introduced in sudo 1.9.13 that caused a syntax error
when "list" was used as a user or host name. GitHub issue #246.
* Fixed a bug that could cause sudo to hang when running a command
in a pseudo-terminal when there is still input buffered after a
command has exited.
* Fixed "sudo -U otheruser -l command". This is a regression in
sudo 1.9.13. GitHub issue #248.
* Fixed "sudo -l command args" when matching a command in sudoers
with command line arguments. This is a regression in sudo 1.9.13.
GitHub issue #249.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:05:15 +0000 (23:05 +0100)]
qpdf: Update to version 11.3.0
- Update from version 10.4.0 to 11.3.0
- Update of rootfile
- Build changed to cmake from version 11.0 onwards
- find-dependencies run due to lib so bump. Only qpdf and cups-filters are linked to
the changed libs. cups-filters being shipped due to a change required because of
qpdf-11.3.0
- Changelog is too large to include here. Details can be found in the ChangeLog file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:02:18 +0000 (23:02 +0100)]
poppler-data: Update to version 0.4.12
- Update from version 0.4.11 to 0.4.12
- Update of rootfile not required
- No Changelog available but the latest version of poppler-data is required by poppler
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:02:17 +0000 (23:02 +0100)]
poppler: Update to version 23.03.0
- Update from version 23.01.0 to 23.03.0
- Update of rootfile not required
- Changelog
Release 23.03.0:
core:
* PngWriter: Fix potential uninitialized memory use
Release 23.02.0:
core:
* CairoOutputDev: Fix rendering of color type 3 fonts
* CairoOutputDev: Add handling matte entry
* Fix segfault on wrong nssdir
* Fix "NSS could not shutdown"
utils:
* pdfsig: Point out supports PKCS#11 URIs as nickname
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 8 Mar 2023 14:59:55 +0000 (15:59 +0100)]
log.dat: Fixes Bug#12922 - adjusts regex to catch hostname for hostname or FQDN
- Most of the packages being searched for in the system logs section only put hostname into
the logs. However HAProxy puts the FQDN. Reviewing RFC 5424 shows that this is following
the requirements. The preferred order fromn the RFC is
1. FQDN
2. Static IP address
3. hostname
4. Dynamic IP address
5. the NILVALUE
- Most of the programs are using option 3 but option 1 is valid for HAProxy
- The regex change filters out the hostname from the FQDN if an extra 'dot' is present
Fixes: Bug#12922 Suggested-by: Michael <ip.fire@die-fritzens.de> Tested-by: Michael <ip.fire@die-fritzens.de> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
projects / people / stevee / ipfire-2.x.git / log
