* [git.ipfire.org] IPFire 2.x development tree branch, core162, created. 68b57610898d586668b586e4a73db0cec98763f2
@ 2021-12-19 9:13 Arne Fitzenreiter
0 siblings, 0 replies; only message in thread
From: Arne Fitzenreiter @ 2021-12-19 9:13 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 82783 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core162 has been created
at 68b57610898d586668b586e4a73db0cec98763f2 (commit)
- Log -----------------------------------------------------------------
commit 68b57610898d586668b586e4a73db0cec98763f2
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Dec 16 20:23:36 2021 +0100
suricata: Do not load rules for dnp3 and modbus.
The parsers for those are disabled in the suricata config so
the rules are not needed, on the contrary they massively will spam
warnings when launching suricate because of the disabled parsers.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 65d5ec52ce288bdffd9e989581e3b638dc948210
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Dec 8 18:18:05 2021 +0100
suricata: Disable sid 2210059.
This rule emits a massive logspam and temporary will be disabled until
a better solution is found.
Fixes #12738.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f23e0e5a7f860f6c8c15a9cecacadc9fa745651e
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Dec 8 18:10:31 2021 +0100
suricata: Cleanup default loaded rules file.
There are no such rules file available and therefore cannot be loaded.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 74070fe153775dbe975e77fa54f0a9733cea8e50
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Dec 8 18:10:30 2021 +0100
suricata: Move default loaded rulefiles to own included file.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 3b1482e9394447343a3a0cfb9e2f9ec9b5f95626
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Dec 6 18:01:32 2021 +0100
pcengines-apu-firmware: Update to version 4.15.0.1
- Update from 4.14.0.4 to 4.15.0.1
- Update of rootfile
- Changelog
v4.15.0.1
rebased with official coreboot repository commit 6973a3e7
v4.14.0.6
rebased with official coreboot repository commit d06c0917
Re-added GPIO bindings to fix LED and button functionality
v4.14.0.5
rebased with official coreboot repository commit d4c55353
Updated CPU declarations in ACPI to comply with newer ACPI standard
Removed GPIO bindings to fix conflict with OS drivers
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ccf19569ab72b6b53b9e5f89003f7af971fbe8ab
Author: Jon Murphy <jcmurphy26(a)gmail.com>
Date: Sun Dec 5 00:46:20 2021 +0100
manualpages: Complete the list of user manual pages
Jon Murphy gathered all the links and made the updated file
available on the mailing list:
https://lists.ipfire.org/pipermail/development/2021-October/011383.html
https://lists.ipfire.org/pipermail/development/2021-December/011737.html
With kind permission from him, this patch contains the completed list.
The list was successfully checked with "./make.sh check-manualpages".
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Reported-by: Jon Murphy <jcmurphy26(a)gmail.com>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2c13fafb7f6eec202d58ebdb6e7fe78e0311ba23
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Dec 6 12:24:56 2021 +0000
installer: add network phy kernel modules to rd
network for download the sources has not worked with some nic's
like realtek 8169 because the phy driver was missing.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d2d98018fde4b646fe2da8df4dc65817fcc1ab17
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Dec 4 12:52:21 2021 +0000
keepalived: Update to 2.2.4
This patch re-enables this package for build and it builds against next
with Linux 5.15.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5fc3f779a5d74d215a126625011ded6de3b04e64
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 2 13:04:03 2021 +0100
./make.sh lang
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 471e4846a3c0641efe02f25edd5a39d469a98d05
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 2 12:59:13 2021 +0100
index.cgi: set arch eol warning link color to white
The link was red on red backround which is unreadable.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 65067248d19a7ecdabc564aff26f4ce11c2e2faf
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 2 11:34:38 2021 +0100
kernel: update to 5.15.6
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 727c76f09a0eff3c597d06d91d5fd9bfeb1c9f28
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Dec 1 07:42:06 2021 +0100
index.cgi: fix eol link
<li> not official has a href parameter.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d638cffb3531f3ab2eb97a5907ee38f16e755171
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Nov 30 14:12:08 2021 +0100
rtl8812au: update to git-307d694...
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 11a3bd48989b7009d057d882d300c9c17e42c08c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Nov 30 13:51:13 2021 +0100
mountkernfs: fix typo (wrong space character)
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b7cf050eeb930fe684cb287380e8c4dd6ed0459b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Nov 30 09:58:27 2021 +0100
core162: add systctl.conf to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ffd857d098d42c77e3bebc9a78c51536e26d31d5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Nov 30 09:50:38 2021 +0100
sysctl: kernel 5.13 has removed some scheduler variables.
sched_min_granularity_ns and sched_migration_cost_ns are not
available for sysctl anymore. They can only altered via debugfs
if scheduler debugging is enabled.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5a7f7dd58733f1f59787d99e479b4c1cc9f28703
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Nov 30 09:35:19 2021 +0100
issue/motd: add architecture warning also to console and ssh logins.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 616de7524fc01d027f30da1d6dd20baa0f6a8e9b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Nov 30 09:34:20 2021 +0100
core162: add index.cgi
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b55e2b8a35914ea1842c2e0800d220b6874da0ca
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Nov 28 16:43:52 2021 +0100
Inform users about the eol of i?86
The warning point to a wiki page which is currently in construction.
This should give us the opportunity to add further information for
these users even if we do not provide updates anymore.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ef972dcf7af72f2ba809e21fb04f10ca868e19d8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Nov 29 09:14:33 2021 +0000
kernel: update arm config and rootfile (oldconfig)
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6dd1860f0d3798860d6e7204243e88203d25eab3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Nov 28 08:28:48 2021 +0000
rpi-firmware: ignore user from tarball
flashimage built will fail because it cannot untar the users
to a fat partition.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b6ddee66fcfae2730d8cfe69704213b660ed00b8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 27 14:24:18 2021 +0000
core162: add rpi-firmware
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ee3da7ef37010037acf7ecbe1bce1aa6b997c1cd
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 27 14:21:31 2021 +0000
rpi-firmware: update to 20211127
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4f6ef735420f85180a393d729df199c56077afa4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 25 17:06:33 2021 +0100
cfgroot: install manualpages file
this fix the 500 internal server error becuase this file
was not installed by the patch that add the wiki links.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6e739d105088444b9380cb27d2fffe22cedf43a7
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 25 11:26:12 2021 +0000
kernel: update to 5.15.5
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c6e906909970646658beaeb6aa62db665cb37412
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 24 19:09:01 2021 +0000
suricata: rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 063906ebc232ec0c3d95b29fdb3b68c6f4e980c8
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Nov 24 12:12:27 2021 +0100
Tor: update to 0.4.6.8
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.6.8:
Changes in version 0.4.6.8 - 2021-10-26
This version fixes several bugs from earlier versions of Tor. One
highlight is a fix on how we track DNS timeouts to report general
relay overload.
o Major bugfixes (relay, overload state):
- Relays report the general overload state for DNS timeout errors
only if X% of all DNS queries over Y seconds are errors. Before
that, it only took 1 timeout to report the overload state which
was just too low of a threshold. The X and Y values are 1% and 10
minutes respectively but they are also controlled by consensus
parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories for October 2021. Closes
ticket 40493.
o Minor features (testing):
- On a testing network, relays can now use the
TestingMinTimeToReportBandwidth option to change the smallest
amount of time over which they're willing to report their observed
maximum bandwidth. Previously, this was fixed at 1 day. For
safety, values under 2 hours are only supported on testing
networks. Part of a fix for ticket 40337.
- Relays on testing networks no longer rate-limit how frequently
they are willing to report new bandwidth measurements. Part of a
fix for ticket 40337.
- Relays on testing networks now report their observed bandwidths
immediately from startup. Previously, they waited until they had
been running for a full day. Closes ticket 40337.
o Minor bugfix (onion service):
- Do not flag an HSDir as non-running in case the descriptor upload
or fetch fails. An onion service closes pending directory
connections before uploading a new descriptor which can thus lead
to wrongly flagging many relays and thus affecting circuit building
path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
- Improve logging when a bad HS version is given. Fixes bug 40476;
bugfix on 0.4.6.1-alpha.
o Minor bugfix (CI, onion service):
- Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (compatibility):
- Fix compatibility with the most recent Libevent versions, which no
longer have an evdns_set_random_bytes() function. Because this
function has been a no-op since Libevent 2.0.4-alpha, it is safe
for us to just stop calling it. Fixes bug 40371; bugfix
on 0.2.1.7-alpha.
o Minor bugfixes (onion service, TROVE-2021-008):
- Only log v2 access attempts once total, in order to not pollute
the logs with warnings and to avoid recording the times on disk
when v2 access was attempted. Note that the onion address was
_never_ logged. This counts as a Low-severity security issue.
Fixes bug 40474; bugfix on 0.4.5.8.
Since we configure Tor to use libseccomp, the latter has been updated
for kernel 5.15 as well, hence we need to ship Tor either way.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 53055098f2d7a5a80fae0a5204611e1aa71c8d1a
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Nov 24 12:11:48 2021 +0100
libseccomp: Update to 2.5.3
Release annnouncement as per https://github.com/seccomp/libseccomp/releases/tag/v2.5.3:
Version 2.5.3 - November 5, 2021
Update the syscall table for Linux v5.15
Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
Document that seccomp_rule_add() may return -EACCES
Fix issues with test 11-basic-basic_errors on old kernels (API level < 5)
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9a3aca047b700d04a192f6c5c0aa96305ae21dfe
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Nov 24 12:07:43 2021 +0100
Postfix: update to 3.6.3
Please refer to http://www.postfix.org/announcements/postfix-3.6.3.html
for this versions' release announcement.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a1484cc31a0f80c0cae7c6585fc6655c8f31996d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 21:11:31 2021 +0100
Core Update 162: Ship ddns
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a2b127c3e102c58030b7d2920ae36a14d1726c9e
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 21:10:57 2021 +0100
Core Update 162: Ship and restart OpenVPN
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 20371c8294f44f6bd06bc97c1c03db94f0722afa
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 23:48:32 2021 +0100
Core Update 162: Remove jwhois, ship currently maintained whois client
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 30edf752e21f5d27972a891ca69424570a36c049
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 6 13:16:42 2021 +0200
jwhois: Remove jwhois and all associated patches
- jwhois being replaced with whois
- Removal of jwhois lfs, rootfile and assoicated patch files.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c56eb6cbeff97451baecdb5a2fb6087be24fac60
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 6 13:16:41 2021 +0200
whois: Installation of aan actively maintained whois client
- This whois client is being actively maintained. This version 5.5.10 was released on
June 6th 2021 and regular updates have been ocurring several times per year.
- This client has all of its default whois servers compiled into it. These can be seen
by reading the source files in the tarball.
- Therefore the whois.conf file is available for any additional servers that are decided
to be required but as provided is empty.
- Installed on a vm testbed and worked to identify the details of ip addresses. Selecting
an IP in the WUI logs screen also gets the ip information provided so it is working
well with the WUI.
Tested-by:Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ac36f9f2c1f11e8c998448e4dc57c5abe1e30f51
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 6 13:16:40 2021 +0200
make.sh: Remove jwhois and replace with whois
- jwhois is no longer being maintained. The last release was from 2005 and the last commit
was in 2015. https://github.com/jonasob/jwhois
- Debian switched to another whois client which is being actively maintained.
https://github.com/rfc1036/whois
- This patch series is the removal of jwhois and the installation of whois
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 82760a506b0c8753cdcead81ec1f7579edb46745
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 23:42:58 2021 +0100
Core Update 162: Ship dhcpcd
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f48544ef43f80e70b6100a45d2c7688bbf04a71c
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon Nov 1 18:30:53 2021 +0100
dhcpcd: Update to 9.4.1
For details see:
https://roy.marples.name/git/dhcpcd/shortlog/refs/heads/dhcpcd-9
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
commit d07fb5668d3df68931d9cedab59e8ac2aac22e72
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 23:39:28 2021 +0100
Core Update 162: Ship slang
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0b95de5cbfc7a5fd6deb2d4e43bbd442f4823378
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 28 23:21:39 2021 +0200
slang: Update to version 2.3.2
- Update from 2.3.0 to 2.3.2
- Update rootfile
- Changelog is too large to include here. Details can be found in the changes.txt file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 8799c54e989288643bb2ef90074423a3b9c41e15
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 23:37:29 2021 +0100
Core Update 162: Ship sshfs
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7b30673be3e3006ea915c08b6b2669021b01a81b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 28 23:21:56 2021 +0200
sshfs: Update to version 3.7.2
- Update from 3.7.1 to 3.7.2
- Update of rootfile not required
- Changelog
Release 3.7.2 (2021-06-08)
* Added a secondary check so if a mkdir request fails with EPERM an access request
will be tried - returning EEXIST if the access was successful.
Fixes: https://github.com/libfuse/sshfs/issues/243
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 549f5294c34855354e1983cc3440425eb3305b77
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 28 23:22:10 2021 +0200
sslh: Update to version 1.22c
- Update from 1.7a (2013) to 1.22c (2021)
- Update rootfile
- Changelog is too large to include here. Full details can be read in the ChangeLog file
in the source tarball
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit c43d3a12ae5204bd19212cc29211e84d135bc03e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Sep 28 23:22:32 2021 +0200
strace: Update to version 5.14
- Update from 5.11 to 5.14
- Update of rootfile not required
- Changelog
Noteworthy changes in release 5.14 (2021-09-02)
* Improvements
* Implemented decoding of memfd_secret and quotactl_fd syscalls,
introduced in Linux 5.14.
* Enhanced prctl syscall decoding.
* Enhanced decoding of IFLA_* netlink attributes.
* Enhanced decoding of MDBA_ROUTER_PATTR_* mdb router port netlink attributes.
* Updated lists of BPF_*, IORING_*, MADV_*, MOUNT_ATTR_*, SCTP_*,
and UFFD_* constants.
* Updated lists of ioctl commands from Linux 5.14.
* Bug fixes
* Fixed build using bionic libc.
Noteworthy changes in release 5.13 (2021-07-18)
* Improvements
* Print netlink data in a more structured way.
* Implemented decoding of NT_PRSTATUS and NT_FPREGSET regsets
of PTRACE_GETREGSET and PTRACE_SETREGSET requests.
* Implemented decoding of regs argument of PTRACE_GETREGS, PTRACE_GETREGS64,
PTRACE_SETREGS, PTRACE_SETREGS64, PTRACE_GETFPREGS, and PTRACE_SETFPREGS
requests.
* Implemented powerpc System Call Vectored ABI support.
* Implemented decoding of landlock_add_rule, landlock_create_ruleset,
and landlock_restrict_self syscalls introduced in Linux 5.13.
* Enhanced decoding of perf_event_open syscall.
* Updated lists of BPF_*, IORING_*, KEXEC_*, KEY_*, KVM_*, NT_*, PR_*,
PTRACE_*, RTM_*, RTPROT_*, TRAP_*, UFFD_*, UFFDIO_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 5.13.
* Portability
* On powerpc and powerpc64, linux kernel >= 2.6.23 is required.
Older versions without a decent PTRACE_GETREGS support will not work.
Noteworthy changes in release 5.12 (2021-04-26)
* Improvements
* Implemented --secontext[=full] option to display SELinux contexts.
* Implemented decoding of mount_setattr syscall introduced in Linux 5.12.
* Updated decoding of IFLA_BRPORT_* netlink attributes to match Linux 5.12.
* Updated lists of DEVCONF_*, IORING_*, KVM_*, MPOL_*, MTD_*, NFT_MSG_*,
RESOLVE_*, RTM_*, ST_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 5.12.
* Bug fixes
* Fixed build using bionic libc.
* Portability
* Added binutils 2.36 support to --enable-mpers builds.
- More details of the above changes can be found in the ChangeLog file in the source
tarball
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 496dfedfa2df5c30187f0b35ce017929fdc7413b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 23:35:06 2021 +0100
Core Update 162: Ship bind and libuv
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 689246f594ceb0e99da7b364c8fe1fda7f46088d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Nov 11 09:14:49 2021 +0100
libuv: Required for build and run of bind utilities
- Install libuv lfs and rootfile
- Add libuv to make.sh
- Tested by running bind utilities on a vm testbed
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 405e359ee694530e473106f8960bfcf1dff83e9a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Nov 11 09:14:48 2021 +0100
bind: Update to version 9.16.22
- Update from 9.11.32 to 9.16.22
- 9.11 is an ESV (Extended Support Version) that will go EOL in December 2021
9.16 is the replacement ESV whose EOL is not yet defined but will be at least 4 years
so should be supported until at least March 2024 as the 9.16 branch was started in 2020
- Update rootfile
- libuv is now required both to build the bind libraries and for the running of the
utilities.
- Changelog is difficult to define here as this is a change of branch from 9.11 to 9.16
both of which have been running in parallel. However all the changes from the start of
9.16.0 can be found in the CHANGES file in the source tarball.
- nslookup, host and dig utilities tested out by installing this on a vm testbed. All
these utilities worked as the previous version
nsupdate was not able to be tested other than confirming that running nsupdate
opened an interactive session. This utility would be good to be tested by someone
familiar with how to run it.
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 1a654c6269e8ed6cc62cd7b516683bb4acb641df
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Oct 20 09:21:35 2021 +0000
Run "./make.sh lang"
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0deb3dacdaede1e99dd4a92a789a2b8264eb04b7
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 23:25:13 2021 +0100
Core Update 162: Ship changed firewall initscript
Restarting the firewall is not necessary during the upgrade procedure,
and the user is asked to reboot the machine afterwards either way.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 91a29ffc1607a430ad0b00d0559e3d55bdfad601
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 24 17:44:35 2021 +0000
firewall: Remove unused CONNTRACK chain in raw table
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit fddcbfd4f5020f59ae48207f140d9fe52cde93ec
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 23:22:52 2021 +0100
Core Update 162: Ship vpnmain.cgi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 85d5f26fa947c77d465a177a58f3a240fdb0daae
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 14 10:33:46 2021 +0100
ipsec: Prefer curve448 over curve25519
Curve448 provides better cryptographic security. For more details see:
https://bugzilla.ipfire.org/show_bug.cgi?id=12634
Fixes: #12634
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 45221cc614eb9bccf779d79d01f7dbce6b705045
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 23:17:29 2021 +0100
Core Update 162: Ship proxy.cgi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit af048d4bf184af129e70586a5e7ed2ac71275621
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Oct 10 21:49:49 2021 +0200
proxy.cgi: Fix translation string mix-up
"advproxy advanced web proxy" was meant to be used in the first place,
followed by "advproxy advanced web proxy configuration", as it is done
in other CGIs.
This patch also fixes a missing German translation, and improves
translations of "one X per line" ("eines" != "eins"). :-)
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 241d8a753a8deefb3c1db604612a0ae5a0d0d638
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Oct 20 22:29:23 2021 +0200
meson: Update to version 0.59.2
- Update from 0.58.0 to 0.59.2
- Update rootfile
- Changelog is too long to include here.
Full details can be read at https://mesonbuild.com/Release-notes-for-0-59-0.html
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2ae78be0817c9e2f667171cfa7e1c87655a28000
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Oct 20 22:27:58 2021 +0200
bison: Update to version 3.8.2
- Update from 3.7.6 to 3.8.2
- Update rootfile
- Changelog
Noteworthy changes in release 3.8.2 (2021-09-25) [stable]
Fixed portability issues of bison on Cygwin.
Improvements in glr2.cc: add support for custom error messages (`%define
parse.error custom`), allow linking several parsers together.
Noteworthy changes in release 3.8.1 (2021-09-11) [stable]
The generation of prototypes for yylex and yyerror in Yacc mode is
breaking existing grammar files. To avoid breaking too many grammars, the
prototypes are now generated when `-y/--yacc` is used *and* the
`POSIXLY_CORRECT` environment variable is defined.
Avoid using `-y`/`--yacc` simply to comply with Yacc's file name
conventions, rather, use `-o y.tab.c`. Autoconf's AC_PROG_YACC macro uses
`-y`. Avoid it if possible, for instance by using gnulib's gl_PROG_BISON.
Noteworthy changes in release 3.8 (2021-09-07) [stable]
** Backward incompatible changes
In conformance with the recommendations of the Graphviz team
(https://marc.info/?l=graphviz-devel&m=129418103126092), `-g`/`--graph`
now generates a *.gv file by default, instead of *.dot. A transition
started in Bison 3.4.
To comply with the latest POSIX standard, in Yacc compatibility mode
(options `-y`/`--yacc`) Bison now generates prototypes for yyerror and
yylex. In some situations, this is breaking compatibility: if the user
has already declared these functions but with some differences (e.g., to
declare them as static, or to use specific attributes), the generated
parser will fail to compile. To disable these prototypes, #define yyerror
(to `yyerror`), and likewise for yylex.
** Deprecated features
Support for the YYPRINT macro is removed. It worked only with yacc.c and
only for tokens. It was obsoleted by %printer, introduced in Bison 1.50
(November 2002).
It has always been recommended to prefer `%define api.value.type foo` to
`#define YYSTYPE foo`. The latter is supported in C for compatibility
with Yacc, but not in C++. Warnings are now issued if `#define YYSTYPE`
is used in C++, and eventually support will be removed.
In C++ code, prefer value_type to semantic_type to denote the semantic
value type, which is specified by the `api.value.type` %define variable.
** New features
*** A skeleton for the D programming language
The "lalr1.d" skeleton is now officially part of Bison.
It was originally contributed by Oliver Mangold, based on Paolo Bonzini's
lalr1.java, and was improved by H. S. Teoh. Adela Vais then took over
maintenance and invested a lot of efforts to complete, test and document
it.
It now supports all the bells and whistles of the other deterministic
parsers, which include: pull/push interfaces, verbose and custom error
messages, lookahead correction, token constructors, internationalization,
locations, printers, token and symbol prefixes, etc.
Two examples demonstrate the D parsers: a basic one (examples/d/simple),
and an advanced one (examples/d/calc).
*** Option -H, --header and directive %header
The option `-H`/`--header` supersedes the option `--defines`, and the
directive %header supersedes %defines. Both `--defines` and `%defines`
are, of course, maintained for backward compatibility.
*** Option --html
Since version 2.4 Bison can be used to generate HTML reports. However it
was a two-step process: first bison must be invoked with option `--xml`,
and then xsltproc must be run to the convert the XML reports into HTML.
The new option `--html` combines these steps. The xsltproc program must
be available.
*** A C++ native GLR parser
A new version of the C++ GLR parser was added: "glr2.cc". It generates
"true C++11", instead of a C++ wrapper around a C parser as does the
existing "glr.cc" parser. As a first significant consequence, it supports
`%define api.value.type variant`, contrary to glr.cc.
It should be upward compatible in terms of interface, feature and
performance to "glr.cc". To try it out, simply use
%skeleton "glr2.cc"
It will eventually replace "glr.cc". However we need user feedback on
this skeleton. _Please_ report your results and comments about it.
*** Counterexamples
Counterexamples now show the rule numbers, and always show ε for rules
with an empty right-hand side. For instance
exp
↳ 1: e1 e2 "a"
↳ 3: ε • ↳ 1: ε
instead of
exp
↳ e1 e2 "a"
↳ • ↳ ε
*** Lookahead correction in Java
The Java skeleton (lalr1.java) now supports LAC, via the `parse.lac`
%define variable.
*** Abort parsing for memory exhaustion (C)
User actions may now use `YYNOMEM` (similar to `YYACCEPT` and `YYABORT`)
to abort the current parse with memory exhaustion.
*** Printing locations in debug traces (C)
The `YYLOCATION_PRINT(File, Loc)` macro prints a location. It is defined
when (i) locations are enabled, (ii) the default type for locations is
used, (iii) debug traces are enabled, and (iv) `YYLOCATION_PRINT` is not
already defined.
Users may define `YYLOCATION_PRINT` to cover other cases.
*** GLR traces
There were no debug traces for deferred calls to user actions. They are
logged now.
Noteworthy changes in release 3.7.6 (2021-03-08) [stable]
** Bug fixes
*** Reused Push Parsers
When a push-parser state structure is used for multiple parses, it was
possible for some state to leak from one run into the following one.
*** Fix Table Generation
In some very rare conditions, when there are many useless tokens, it was
possible to generate incorrect parsers.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 73d18835c0a4609fd46e81c4a8b43270bd9b6bc8
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Nov 19 17:44:58 2021 +0000
suricata: Handle retransmitted SYN with TSval
Read more in the patch.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9268cddfd284f82df51fd76c48b1810f5980620e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Nov 19 17:44:57 2021 +0000
IPS: Do not try to show rules when stat on rules tarball fails
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c5c1f3044708de445b27139776e2c0054b2190df
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Nov 19 17:44:55 2021 +0000
suricata: This package is supported on all architectures
There is no need to list them specifically.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit eab7754d1e8b7f487ad12556c95f74c9a7cc046c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Nov 19 17:44:54 2021 +0000
suricata: Drop extra rootfiles
These are all the same and not different from what is in
config/rootfiles/common/suricata.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 112441db22d07e43c1f6b5e55d9c60f65916ed3a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Nov 19 17:44:53 2021 +0000
rust: Drop Cargo home directory after build
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 30f411694c8100086ff836a6d13140acdc68d9dd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Nov 19 17:44:52 2021 +0000
suricata: Include all default rules
These rules do not drop anything, but only alert when internal parts of
the engine trigger an event. This will allow us more insight on what is
happening.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f542b163281b8bdd877d2b8e93945f271b2aca50
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 22:51:55 2021 +0100
Core Update 162: Ship jansson
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d3a4c2fc5015bad251f0ed608b4d91b701f742f5
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Oct 20 22:29:05 2021 +0200
jansson: Update to version 2.14
- Update from 2.12 to 2.14
- Update rootfile
- Changelog
Version 2.14 Released 2021-09-09
* New Features:
- Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
corresponding `nocheck` functions. (#520, by Maxim Zhukov)
* Fixes:
- Handle `sprintf` corner cases (#537, by Tobias Stoeckmann)
* Build:
- Symbol versioning for all exported symbols (#540, by Simon McVittie)
- Fix compiler warnings (#555, by Kelvin Lee)
* Documentation:
- Small fixes (#544, #546, by @i-ky)
- Sphinx 3 compatibility (#543, by Pierce Lopez)
Version 2.13.1 Released 2020-05-07
* Build:
- Include `jansson_version_str()` and `jansson_version_cmp()` in
shared library. (#534)
- Include ``scripts/`` in tarball. (#535)
Version 2.13 Released 2020-05-05
* New Features:
- Add `jansson_version_str()` and `jansson_version_cmp()` for runtime
version checking (#465).
- Add `json_object_update_new()`, `json_object_update_existing_new()`
and `json_object_update_missing_new()` functions (#499).
- Add `json_object_update_recursive()` (#505).
* Build:
- Add ``-Wno-format-truncation`` to suppress format truncation warnings (#489).
* Bug fixes:
- Remove ``strtod`` macro definition for MinGW (#498).
- Add infinite loop check in `json_deep_copy()` (#490).
- Add ``pipe`` macro definition for MinGW (#500).
- Enhance ``JANSSON_ATTRS`` macro to support earlier C standard(C89) (#501).
- Update version detection for sphinx-build (#502).
* Documentation:
- Fix typos (#483, #494).
- Document that call the custom free function to free the return value
of `json_dumps()` if you have a custom malloc/free (#490).
- Add vcpkg installation instructions (#496).
- Document that non-blocking file descriptor is not supported on
`json_loadfd()` (#503).
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5c581bbb87b2245f2c020ee3782a35e2dbe4cbe3
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 22:49:06 2021 +0100
Core Update 162: Ship libhtp and Suricata, restart the latter
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit db584cb746ba562bcddf1a5adb27770e2aef5f0e
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 23 21:13:12 2021 +0100
Core Update 162: Ship libxcrypt
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d5b7826ee84de1920078c032bfe54dd057b16060
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Nov 20 13:47:32 2021 +0100
libhtp: Update to 0.5.39
For details see:
https://github.com/OISF/libhtp/releases/tag/0.5.39
"0.5.39 (16 Nov 2021)
--------------------
- host: ipv6 address is a valid host
- util: one char is not always empty line
- test and fuzz improvements"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 58d399710b5cf73f15e5ea6b7cd34717cc5f0a45
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Nov 20 13:47:31 2021 +0100
suricata: Update to 5.0.8
For details see:
https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
"Various security, performance, accuracy and stability issues have been fixed,
including two TCP evasion issues. CVE 2021-37592 was assigned."
Changelog:
"5.0.8 -- 2021-11-16
Security #4635: tcp: crafted injected packets cause desync after 3whs
Security #4727: Bypass of Payload Detection on TCP RST with options of MD5header
Bug #4345: Failed assert in TCPProtoDetectCheckBailConditions size_ts > 1000000UL
Bug #4382: fileinfo "stored: false" even if the file is kept on disk
Bug #4626: DNP3: intra structure overflow in DNP3DecodeObjectG70V6
Bug #4628: alert count shows up as 0 when stats are disabled
Bug #4631: Protocol detection : confusion with SMB in midstream
Bug #4639: Failed assertion in SMTP SMTPTransactionComplete
Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned
Bug #4647: rules: Unable to find the sm in any of the sm lists
Bug #4674: rules: mix of drop and pass rules issues
Bug #4676: rules: drop rules with noalert not fully dropping
Bug #4688: detect: too many prefilter engines lead to FNs
Bug #4690: nfs: failed assert self.tx_data.files_logged > 1
Bug #4691: IPv6 : decoder event on invalid fragment length
Bug #4696: lua: file info callback returns wrong value
Bug #4718: protodetect: SEGV due to NULL ptr deref
Bug #4729: ipv6 evasions : fragmentation
Bug #4788: Memory leak in SNMP with DetectEngineState
Bug #4790: af-packet: threads sometimes get stuck in capture
Bug #4794: loopback: different AF_INET6 values per OS
Bug #4816: flow-manager: cond_t handling in emergency mode is broken
Bug #4831: SWF decompression overread
Bug #4833: Wrong list_id with transforms for http_client_body and http file_data
Optimization #3429: improve err msg for dataset rules parsing
Task #4835: libhtp 0.5.39"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit efcd60effbc93d4fd958d5d3e81ca01ac1844ce9
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 24 08:56:23 2021 +0000
core162: add connections.cgi
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d4df452e1b79007ae5855c78266b22ca3b4fd5b5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 24 07:54:47 2021 +0000
connections.cgi: fix connection list if green interface is not present
if green interface not exist the cgi adds empty addresses to the arrays and
display nothing.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 654eb3c3c539cfb601b2e620b2819bc15df85563
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 24 07:52:04 2021 +0000
core162: add unbound initskript
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit cd26578fc91a68f26866d693e5dc334356733d8e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 24 07:44:14 2021 +0000
unbound: initskript change server for dns test
if the system time is incorrect DNSSec validation fail but it fails sometimes for pool.ntp.org already but not for ping.ipfire.org.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 90aa2574773c0ede7ed4e700c4ae22578a30e350
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 24 07:42:25 2021 +0000
kernel: update to 5.15.4
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2a8a964609dff38bda7433bae5eecb1f5ecdfa7d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 24 02:46:45 2021 +0000
core162: apply local sshd config and restart
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d63838f4b98ff518e9288ad55ce1085bddccfc1e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 24 02:43:47 2021 +0000
core162: remove old kernel
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 93b4cc6c9105e7c9ee8209f8e3ba24333ae6114e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 24 02:42:31 2021 +0000
core162: add changed files to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2d62dd5fa6c7c386bf6d1ed57b30c45211f6d57d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Nov 23 18:08:39 2021 +0000
start core162 (based on kerneltest-5.15)
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 171c860f0f206864c8ab80b7bf1053c063ccfe61
Merge: 7091738a5 6f6d66105
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Nov 23 18:05:41 2021 +0000
Merge remote-tracking branch 'arne_f/kernel-5.15' into next
commit 6f6d66105ab2b94cf51cd9b4b2945c831a221e88
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Nov 21 19:31:49 2021 +0100
kernel: rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d4a6dc427037a09c7eae6f3df903b11279e4f1da
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 20 23:38:55 2021 +0000
kernel: update to 5.15.3
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 521e8aa99d46bfd4d90d55b4496dc60e40f4ac0c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 20 23:38:06 2021 +0000
kernel: aarch64 enable ath5k wlan driver
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7091738a5c3c5a95d358f5da498493914eeaf688
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 2 10:53:10 2021 +0000
QoS: Do not try to unload any kernel modules
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1f9adf14a71df98d6356c596e84dac1a2851c119
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Sep 23 11:54:36 2021 +0000
dnsdist: Update to 1.6.1
This patch makes this package available for aarch64. There are no
reasons why it shouldn't be.
Compiling has become more resource-hungry which is why the memory
consumption per process has been upped to 3GiB.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit fa7735b68ecc6eba2d25e5d71f747644e220ea9c
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Tue Sep 28 13:09:06 2021 +0200
Fix translations and clean general-functions.pl
This patch fixes two wrong translations now used by the new
user manual links feature and removes an abandoned constant.
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
commit 4edcd4b21795db042bc773ca158f6b5c1367ddbc
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Tue Sep 28 13:09:05 2021 +0200
make.sh: Add check-manualpages function
This patch adds a function to verify the user manual links
configuration file at build time.
Run with "./make.sh check-manualpages"
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
commit b0323d194630ba0e91730dac58a3306fcc830ef7
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Tue Sep 28 13:09:04 2021 +0200
webinterface: Add links to the configuration wiki
This patch adds a little "help" icon to the page header.
If a manual entry exists for a configuration page, the icon
appears and offers a quick way to access the wiki.
Wiki pages can be configured in the "manualpages" file.
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0ad924b1c1732fa35fac68273aa8b45e98028b6c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Oct 23 18:50:00 2021 +0200
libffi: Update to version 3.4.2
- Update from 3.3 to 3.4.2
- Update rootfile - No dependency issues due to so bump
- Changelog
3.4.2 Jun-28-21
Add static trampoline support for Linux on x86_64 and ARM64.
Add support for Alibaba's CSKY architecture.
Add support for Kalray's KVX architecture.
Add support for Intel Control-flow Enforcement Technology (CET).
Add support for ARM Pointer Authentication (PA).
Fix 32-bit PPC regression.
Fix MIPS soft-float problem.
Enable tmpdir override with the $LIBFFI_TMPDIR environment variable.
Enable compatibility with MSVC runtime stack checking.
Reject float and small integer argument in ffi_prep_cif_var().
Callers must promote these types themselves.
3.3 Nov-23-19
Add RISC-V support.
New API in support of GO closures.
Add IEEE754 binary128 long double support for 64-bit Power
Default to Microsoft's 64-bit long double ABI with Visual C++.
GNU compiler uses 80 bits (128 in memory) FFI_GNUW64 ABI.
Add Windows on ARM64 (WOA) support.
Add Windows 32-bit ARM support.
Raw java (gcj) API deprecated.
Add pre-built PDF documentation to source distribution.
Many new test cases and bug fixes.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit cf910913abd5af97d1297ba834bda21b9b491237
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Nov 2 11:07:20 2021 +0100
gawk: Update to version 5.1.1
- Update from 5.1.0 to 5.1.1
- Update rootfile
- Changelog is quite long and detailed so the following are the high level descriptions
of the changes from the NEWS file in the source tarball. More details can be found in
the ChangeLog file in the source tarball.
Changes from 5.1.0 to 5.1.1
1. Infrastructure upgrades: Bison 3.8, Gettext 0.20.2, Automake 1.16.4,
and (will wonders never cease) Autoconf 2.71.
2. asort and asorti now allow FUNCTAB and SYMTAB as the first argument if a
second destination array is supplied. Similarly, using either array as
the second argument is now a fatal error. Additionally, using either
array as the destination for split(), match(), etc. also causes a
fatal error.
3. The new -I/--trace option prints a trace of the byte codes as they
are executed.
4. A number of subtle bugs relating to MPFR mode that caused differences
between regular operation and MPFR mode have been fixed.
5. The API now handles MPFR/GMP values slightly differently, requiring
different memory management for those values. See the manual for the
details if you have an extension using those values. As a result,
the minor version was incremented.
6. $0 and the fields are now cleared before starting a BEGINFILE rule.
7. The duplication of m4 and build-aux directories between the main
directory and the extension directory has been removed. This
simplifies the distribution.
8. The test suite has been improved, making it easier to run the entire
suite with -M. Use `GAWK_TEST_ARGS=-M make check' to do so.
9. Profiling and pretty-printing output has been modified slightly so
that functions are presented in a reasonable order with respect
to the namespaces that contain them.
10. Several example programs in the manual have been updated to their
modern POSIX equivalents.
11. A number of examples in doc/gawkinet.texi have been updated for
current times. Thanks to Juergen Kahrs for the work.
12. Handling of Infinity and NaN values has been improved.
13. There has been a general tightening up of the use of const and
of types.
14. The "no effect" lint warnings have been fixed up and now behave
more sanely.
15. The manual has been updated with much more information about what is
and is not a bug, and the changes in the gawk mailing lists.
16. The behavior of strongly-typed regexp constants when passed as the
third argument to sub() or gsub() has been clarified in the code and
in the manual.
17. Similar to item #4 above, division by zero is now fatal in MPFR
mode, as it is in regular mode.
18. There have been numerous minor code cleanups and bug fixes. See the
ChangeLog for details.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 692c22519dc6b693bb4fdb31135267dd8f8d97fb
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Sep 26 12:37:00 2021 +0200
libxcrypt: Update to version 4.4.26
- v2 version is to extend from 4.4.25 to 4.4.26
- Update from 4.4.23 to 4.4.26
- Update of rootfile not required
- Changelog
Version 4.4.26
* Fix compilation on systems with GCC >= 10, that do not support
declarations with __attribute__((symver)).
Version 4.4.25
* Add support for Python 3.11 in the configure script.
* Stricter checking of invalid salt characters (issue #135).
Hashed passphrases are always entirely printable ASCII, and do
not contain any whitespace or the characters ':', ';', '*', '!',
or '\'. (These characters are used as delimiters and special
markers in the passwd(5) and shadow(5) files.)
Version 4.4.24
* Add hash group for Debian in lib/hashes.conf.
Debian has switched to use the yescrypt hashing algorithm as
the default for new user passwords, so we should add a group
for this distribution.
* Overhaul the badsalt test.
Test patterns are now mostly generated rather than manually coded
into a big table. Not reading past the end of the “setting” part
of the string is tested more thoroughly (this would have caught the
sunmd5 $$ bug if it had been available at the time).
Test logs are tidier.
* Add ‘test-programs’ utility target to Makefile.
It is sometimes useful to compile all the test programs but not run
them. Add a Makefile target that does this.
* Fix incorrect bcrypt-related ifdeffage in test/badsalt.c.
The four variants of bcrypt are independently configurable, but the
badsalt tests for them were all being toggled by INCLUDE_bcrypt,
which is only the macro for the $2b$ variant.
* Fix bigcrypt-related test cases in test/badsalt.c.
The test spec was only correct when both or neither of bigcrypt and
descrypt were enabled.
* Detect ASan in configure and disable incompatible tests.
ASan’s “interceptors” for crypt and crypt_r have a semantic conflict
with libxcrypt, requiring a few tests to be disabled for builds with
-fsanitize-address. See commentary in test/crypt-badargs.c for an
explanation of the conflict, and the commentary in
build-aux/zw_detect_asan.m4 for why a configure test is required.
* Fix several issues found by Covscan in the testsuite. These include:
- CWE-170: String not null terminated (STRING_NULL)
- CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
- CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
- CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
- CWE-573: Missing varargs init or cleanup (VARARGS)
- CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0341e11fe1f80b569957d23e688a0771c474691a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Jul 15 12:07:37 2021 +0200
fwhosts.cgi: Fix check to limit amount of ports in custom service groups.
iptables multiport only supports up to 15 elements for each protocol (TCP or UDP).
That can be single ports or portranges (they count doubble).
This commit extends the check to calculate the amount of used TCP and/or
UDP ports of all existing entries in a group, by increasing the amount
for the service which should be added.
If the amount of ports for TCP or UDP ports become greater than the
limit of 15 the error message will be displayed.
Fixes #11323.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
commit fe6b3e502b1ea2d6b66a2cd157aa842bcb5378e7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Oct 23 21:16:25 2021 +0200
ddns: Add upstream patch to fix a typo for FreeDNSAfraid.org provider
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reported-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
commit f877c07e4d87c09aadc258307db51eba28ffdc1a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Sep 27 17:33:59 2021 +0200
openssh: Update to version 8.8p1
- Update from 8.7p1 to 8.8p1
- Update of rootfile not required
- Changelog
OpenSSH 8.8p1
Future deprecation notice
A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.
This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug- compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.
Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expand-path(a)openssh.com" to support
this.
Security
sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd(8) was started with.
Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege.
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5).
Potentially-incompatible changes
This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K [1]
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Changes since OpenSSH 8.7p1
This release is motivated primarily by the above deprecation and
security fix.
New features
* ssh(1): allow the ssh_config(5) CanonicalizePermittedCNAMEs
directive to accept a "none" argument to specify the default
behaviour.
Bugfixes
* scp(1): when using the SFTP protocol, continue transferring files
after a transfer error occurs, better matching original scp/rcp
behaviour.
* ssh(1): fixed a number of memory leaks in multiplexing,
* ssh-keygen(1): avoid crash when using the -Y find-principals
command.
* A number of documentation and manual improvements, including
bz#3340, PR139, PR215, PR241, PR257
Portability
* ssh-agent(1): on FreeBSD, use procctl to disable ptrace(2)
* ssh(1)/sshd(8): some fixes to the pselect(2) replacement
compatibility code. bz#3345
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit f97e922c516b402a8904678537b1f83a41f0891d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Nov 10 12:09:29 2021 +0100
openvpn: Update to version 2.5.4
- Update from 2.5.0 to 2.5.4
- Update rootfile
- Tested new version in vm testbed. Openvpn server successfully started.
Client connections working with 2.5.0 also successfully worked with 2.5.4
- Changelog
Overview of changes in 2.5.4
Bugfixes
- fix prompting for password on windows console if stderr redirection
is in use - this breaks 2.5.x on Win11/ARM, and might also break
on Win11/adm64 when released.
- fix setting MAC address on TAP adapters (--lladdr) to use sitnl
(was overlooked, and still used "ifconfig" calls)
- various improvements for man page building (rst2man/rst2html etc)
- minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
at least one platform strictly checking this)
- fix minor memory leak under certain conditions in add_route() and
add_route_ipv6()
User-visible Changes
- documentation improvements
- copyright updates where needed
- better error reporting when win32 console access fails
New features
- also build man page on Windows builds
Overview of changes in 2.5.3
Bugfixes
- CVE-2121-3606
see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
OpenVPN windows builds could possibly load OpenSSL Config files from
world writeable locations, thus posing a security risk to OpenVPN.
As a fix, disable OpenSSL config loading completely on Windows.
- disable connect-retry backoff for p2p (--secret) instances
(Trac #1010, #1384)
- fix build with mbedtls w/o SSL renegotiation support
- Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409)
- MSI installers: properly schedule reboot in the end of installation
- fix small memory leak in free_key_ctx for auth_token
User-visible Changes
- update copyright messages in files and --version output
New features
- add --auth-token-user option (for --auth-token deployments without
--auth-user-pass in client config)
- improve MSVC building for Windows
- official MSI installers will now contain arm64 drivers and binaries
(x86, amd64, arm64)
Overview of changes in 2.5.2
Bugfixes
- CVE-2020-15078
see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
This bug allows - under very specific circumstances - to trick a
server using delayed authentication (plugin or management) into
returning a PUSH_REPLY before the AUTH_FAILED message, which can
possibly be used to gather information about a VPN setup.
In combination with "--auth-gen-token" or an user-specific token auth
solution it can be possible to get access to a VPN with an
otherwise-invalid account.
- restore pushed "ping" settings correctly on a SIGUSR1 restart
- avoid generating unecessary mbed debug messages - this is actually
a workaround for an mbedTLS 2.25 bug when using Curve25519 and Curve448
ED curves - mbedTLS crashes on preparing debug infos that we do not
actually need unless running with "--verb 8"
- do not print inlined (<dh>...</dh>) Diffie Hellman parameters to log file
- fix Linux/SITNL default route lookup in case of multiple routing tables
with more than one default route present (always use "main table" for now)
- Fix CRL file handling in combination with chroot
User-visible Changes
- OpenVPN will now refuse to start if CRL file is not present at startup
time. At "reload time" absense of the CRL file is still OK (and the
in memory copy is used) but at startup it is now considered an error.
New features
- printing of the TLS ciphers negotiated has been extended, especially
displaying TLS 1.3 and EC certificates more correctly.
Overview of changes in 2.5.1
New features
- "echo msg" support, to enable the server to pushed messages that are
then displayed by the client-side GUI. See doc/gui-notes.txt and
doc/management-notes.txt.
Supported by the Windows GUI shipped in 2.5.1, not yet supported by
Tunnelblick and the Android GUI.
User-visible Changes
- make OPENVPN_PLUGIN_ENABLE_PF plugin failures FATAL - if a plugin offers
to set the "openvpn packet filter", and returns a failure when requested
to, OpenVPN 2.5.0 would crash trying to clean up not-yet-initialized
structure members. Since PF is going away in 2.6.0, this is just turning
the crash into a well-defined program abort, and no further effort has
been spent in rewriting the PF plugin error handling (see trac #1377).
Documentation
- rework sample-plugins/defer/simple.c - this is an extensive rewrite
of the plugin to bring code quality to acceptable standards and add
documentation on the various plugin API aspects. Since it's just
example code, filed under "Documentation", not under "Bugfix".
- various man page improvements.
- clarify ``--block-ipv6`` intent and direction
Bugfixes
- fix installation of openvpn.8 manpage on systems without docutils.
- Windows: fix DNS search list setup for domains with "-" chars.
- Fix tls-auth mismatch OCC message when tls-cryptv2 is used.
- Windows: Skip DHCP renew with Wintun adapter (Wintun does not support
DHCP, so this was just causing an - harmless - error and needless delay).
- Windows: Remove 1 second delay before running netsh - speeds up
interface init for wintun setups not using the interactive service.
- Windows: Fix too early argv freeing when registering DNS - this would
cause a client side crash on Windows if ``register-dns`` is used,
and the interactive service is not used.
- Android: Zero initialise msghdr prior to calling sendmesg.
- Fix line number reporting on config file errors after <inline> segments
(see Trac #1325).
- Fix port-share option with TLS-Crypt v2.
- tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key), otherwise
dropping privs on the server would fail.
- tls-crypt-v2: fix server memory leak (about 600 bytes per connecting
client with tls-crypt-v2)
- rework handling of server-pushed ``--auth-token`` in combination with
``--auth-nocache`` on reconnection / TLS renegotiation events. This
used to "forget" to update new incoming token after a reconnection event
(leading to failure to reauth some time later) and now works in all
tested cases.
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit acbd6ff4dbbfa248b00d3922f666da7e6fabcc6c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Nov 14 21:42:52 2021 +0100
ovpnmain.cgi: Bug 12574 - OpenVPN Internal server error when returning after generating root/host certificates
- Option "--secret" was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5
It was replaced by "secret". If "--secret" is used with genkey then a user warning is
printed and this is what gives the Internal server error.
- Patch was defined by Erik Kapfer but currently he does not have a build environment
so I have submitted the patch on his behalf.
- Patch tested on a vm testbed running Core Update 160. Confirmed that without patch the
error still occurs and with patch everything runs smoothly.
Fixes: Bug #12574
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by : Erik Kapfer <ummeegge(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ced15fdfaf4b233dd43fc60df5e2d17e13f95637
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Nov 4 09:05:54 2021 +0000
installer: Bind-mount /sys/firmware/efi/efivars into chroot
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 27944cdc4a2a10241936b011fa52755c1e658e7d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Nov 4 09:05:53 2021 +0000
installer: Setup efivarfs when possible
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 76050bdcf2874846ca2cb22981666c6381e7cb2f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Nov 4 09:05:52 2021 +0000
mountkernfs: Mount /sys/firmware/efi/efivars on EFI systems
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0b2aa5173d60878533ac72403d15ef9f97f8810f
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Aug 15 09:05:49 2021 +0200
Patch 'log.dat' to show 'monit' messages in system logs
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e8c75ca765fad986d1898df039a49d1db584b45a
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Aug 15 09:11:44 2021 +0200
knot: Update to 3.1.1
For changes since 3.0.7, see:
https://gitlab.nic.cz/knot/knot-dns/raw/v3.1.1/NEWS
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 59bf369edcf475410b6cdc155cf4a4b5f77eca43
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Aug 15 09:15:24 2021 +0200
unbound: Update to 1.13.2
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-13-2
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 5391e7229522fe5f7a37a7840949106b79272868
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Nov 7 17:34:49 2021 +0100
clamav: Update to 0.104.1
For details see:
https://blog.clamav.net/2021/11/clamav-01034-and-01041-patch-releases.html
"ClamAV 0.104.1 is a critical patch release..."
[Changelog is too long to include here.]
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 06fe9baec79ef312d340c4d1beeb626c3c0828f6
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Oct 23 14:43:14 2021 +0200
Coreutils: update to 9.0
Please refer to https://lists.gnu.org/archive/html/coreutils/2021-09/msg00113.html
for this version's release announcement.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 970e8547becf91657ffa9bc4f84eb9bbf021b145
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Oct 10 19:13:38 2021 +0200
location-functions.pl: Recognise XD / LOC_NETWORK_FLAG_DROP
This enables creating firewall rules using the special country code "XD"
for hostile networks safe to drop and ipinfo.cgi to display a meaningful
text for IP addresses having this flag set.
At the moment, the "LOC_NETWORK_FLAG_DROP" is not yet populated, but
will be in the future (as soon as libloc 0.9.9 is released and running
in production).
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 73efd9b7dc47eef18e1793a64f1638e8cd0fe158
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Sep 25 12:54:01 2021 +0200
libloc: update to 0.9.8
Please refer to
https://git.ipfire.org/?p=location/libloc.git;a=commit;h=a138fbfec116981407588c05127b8e7c02e29ae5
for further information on this release.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 96c83b21b38764862d09302e105f9933ee27de3a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 13 15:25:39 2021 +0000
kernel: update to 5.15.2
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 67ad8f7ed0fc9e94157f93727de7c8a002a8d7c1
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Nov 12 06:03:41 2021 +0000
util-linux: aarch64 rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c460b2652d380f9658ec8148a5ac4340966c519c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 11 18:18:49 2021 +0000
kernel: aarch64 rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e196a73096c53b8db7e1841d09eaa75a8e3caaa1
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 11 18:18:23 2021 +0000
kernel: update aarch64 config
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit db8199076d8fce5554b6e54b6069cf5e80ed2a1a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 10 21:58:44 2021 +0000
kernel: increase CMA size to 24MB
mmc ports need this for DMA transfers.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 50fe4e50f3a90ed60d5e27cd8880d0994fd7254d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 10 07:04:58 2021 +0000
xradio: update get mac address from dts function
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4290323c4d6feb64f08f6a174f5f5bfaef0b0456
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 10 07:04:23 2021 +0000
util-linux: armv6 rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit dc48869767ce9b2375efa7c8acbffc4a3269bdb8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 10 07:03:38 2021 +0000
kernel: armv6 rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9f3286a9c1d0221d31442aa7d8981e97f57aa89d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 10 07:02:58 2021 +0000
kernel: updated armv6 config
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit cb9c6cfbd70249b1d879ed3164434ecde82ad099
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Nov 9 18:24:26 2021 +0100
kernel: update to 5.15.1
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 24ff52a2e4a37b1f1f3a70fa23221c0f6d669f63
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 6 10:01:32 2021 +0100
kernel: i586 rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 757e5d4e1fad3f2b666bba1822534f14ac296f67
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 6 09:57:30 2021 +0100
kernel: update i586 config
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d6f982720f6494103fc05e0929f872381279a70c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 6 08:00:58 2021 +0100
util-linux: rootfile update i586
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c0cb2605d7caf0c6036c07d49a2538a7d85a4f9d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Nov 5 18:03:02 2021 +0100
kernel: x86_64 rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1e5d37e87deca652299f464f87598ac0cf71edb0
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Nov 5 17:18:41 2021 +0100
kernel: update x86_64 config
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 21d858c2bf181b7a3eb2e44205cc3eddfdd81017
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Nov 5 17:18:10 2021 +0100
xtables-addons: fix rootfile
commit b592521348b57b0880a9782664b747f34bdac8e6
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 4 21:55:42 2021 +0100
kerneltest: build updater that only contain the kernel
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit eab6edf09440f6cd6675f00338128f46d087bea3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 4 21:51:03 2021 +0100
util-linux: rootfile update
with kernel headers 5.15 sbin/raw will not built.
todo check if we need this...
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1296f1b08183d803c17e54641e09e18c72d9cfa4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 4 21:49:44 2021 +0100
kernel: update to 5.15.0
todo add arm patches, configs and rootfiles
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c6e9c3d48f77fa72c31d47aea39de56616c50841
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 4 21:45:58 2021 +0100
rtl8xxx: remove ipx from realtek wlan modules
kernel 5.15 remove the ipx headers. ipx itself was removed many years ago.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d17ae41d7e139569fcb80ceab5e103ffdab60220
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 4 21:44:23 2021 +0100
xtables-addons: update to 3.18
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 895dd61aafc6302ef9b95cd7ef17c84819f9369b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 4 19:21:43 2021 +0100
keepalived: disable build because it fails with kernel 5.15
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a7bb8b98a3f688ad431c6448ead97199f3cc09e2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 4 19:19:04 2021 +0100
gcc: fix build with kernel 5.15 headers
kernel 5.15 remove cyclades interface.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-12-19 9:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-19 9:13 [git.ipfire.org] IPFire 2.x development tree branch, core162, created. 68b57610898d586668b586e4a73db0cec98763f2 Arne Fitzenreiter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox