* [git.ipfire.org] IPFire 2.x development tree branch, core168, created. 4a4fc8f19a8734a7d92895da3772027550e80f01
@ 2022-06-05 16:01 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2022-06-05 16:01 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 439824 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core168 has been created
at 4a4fc8f19a8734a7d92895da3772027550e80f01 (commit)
- Log -----------------------------------------------------------------
commit 4a4fc8f19a8734a7d92895da3772027550e80f01
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Jun 4 08:43:15 2022 +0000
Core Update 168: Ship fcrontab and rebuild it from scratch
This is necessary due to IDSv4 changes introducing changes to fcrontab.
While this patch will cause any custom cron jobs configured there to be
lost, it is better to start with a defined state rather than sed'ing
on this file.
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Cc: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit de5896985ccb3c9c732315ddd17106e5c4b1bafe
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue May 31 17:21:54 2022 +0000
intel-microcode: Update rootfile
Reported-by: Jon Murphy <jcmurphy26(a)gmail.com>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 4f4b7fbc13d3fcc50d0acc93ae20ecef7c4466dc
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 30 20:00:53 2022 +0000
Update contributor list
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 71d53192d37db0d86a9dc04b11aa40016ba09b47
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu May 19 08:56:34 2022 +0000
core168: Add script to automatically repair MDRAID arrays
Please see the header of the script for more details.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 69aac83da960bc89783aa8dc5373b907cccc60f8
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu May 19 08:56:33 2022 +0000
core168: Add rd.auto to kernel command line
This parameter will enable dracut to automatically launch any MDRAID
arrays at boot time.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8077bacb826bb336d98d90c628ad8fece098dc16
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed May 18 17:49:00 2022 +0000
strongSwan: Bring back firewall rules for permitting IP-in-IP, ESP and AH traffic
Fixes: #12866
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b630a9a8a8dab5e558c0929191ee25da2e9d5068
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed May 18 17:42:24 2022 +0000
Core Update 168: fcrontab != crontab
Silly me.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1c1d9fd7bfdf5495069c3119982753a9ddc5fe24
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon May 16 14:48:14 2022 +0000
dracut: Enable automatic assembly of any RAID/LVM devices
This has changed in dracut 24 and we have used various hacks to enable
this behaviour again when it would have been so easy to just enable this
parameter.
Fixes: #12862 - Upgrade from Core 166 to 167 does not use RAID anymore
Reported-by: Dirk Sihling <dsihling(a)web.de>
Reported-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit bbd4767fcf3086800e96aa449c6fa526ad662288
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 16 07:12:23 2022 +0000
Core Update 168: Ship liburcu
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 4eb6ba2bd56029a8756d75b2a34c9fbe68650740
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri May 13 23:26:34 2022 +0200
poppler: Fix rootfile.
libpoppler.so.120.0.0 contains all the functions and symbols which
are required by the tools linked against it.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 691a83f2374d85f834c24d3d82525bc554ad4f25
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri May 13 23:20:44 2022 +0200
libinih: Fix rootfile.
Some tools of the xfsprogs are linked against libinih and therefore
we need to ship those libs.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 0f3b6da86d3e239badea7c46aca05189a940b469
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri May 13 23:17:48 2022 +0200
liburcu: Fix rootfile.
At least the xfsprogs is linked agains the urcu libraries and therefore
requires them to run and deal with xfs filesystems.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit e2f4f99e498a89157e85e8e4b983e61568956e9e
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri May 13 19:10:44 2022 +0200
update-ids-ruleset: Silent script if no providers settings file exists.
Only try to read-in the providers settings file, in case it exists.
Otherwise the script produces an error message, about the missing file,
each time it gets executed.
Because of the fcron job this would be twice a day in most cases.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ceb8b07b2cfedc5ec84576dd85db80bd83ce7ab1
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri May 13 18:55:48 2022 +0200
pango: Fix rootfile.
The main libraries libpangocairo and libpangosoft2 accidently have been
marked to be not shipped or part of the system.
They are required by collecty and various other libraries or binaries.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 9f42266a5957dd9da1f6eb68a8602429a3e993da
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri May 13 09:22:35 2022 +0000
strongswan: Update rootfile
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8615d42ce7d77016aed51ea0528119f38e589e5d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri May 13 06:30:57 2022 +0200
expat: Fix rootfile.
The libexpat.so.1 file is just a symlink to libexpat.so.1.8.8 which
contains all the functions and symbols required by the binaries, linked
against it. Therefore this file needs to be present on the systems.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 27d1dc083ecc49cd11f57b975f8daf599eb436f4
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 12 18:06:59 2022 +0000
Core Update 168: Ship and restart strongSwan
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b074ebd6ad688124d5dfdcc2ed614040553afd7e
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 12 18:04:52 2022 +0000
strongSwan: Update to 5.9.6
See: https://github.com/strongswan/strongswan/releases/tag/5.9.6
Since this addresses security issues, and also with regards to reports
such as https://community.ipfire.org/t/core-update-167-ipsec-issue/7893,
I take the liberty to push this straight into Core Update 168.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1ad192722a9ecd0b0f0afc008da020b9534e57d6
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 12 17:53:50 2022 +0000
intel-microcode: Update to 20220510
Please refer to https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510
for further details.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 675849974918df21c717c26bf6e974fa2f9d7f67
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 12 17:27:34 2022 +0000
Core Update 168: Ship core-files
https://community.ipfire.org/t/core-168-testing-working/7901/7
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 91f1aaaa869df6fe9a04d3aefb36f021e9945ad7
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue May 10 14:12:53 2022 +0000
nagios-plugins: Bump package version for OpenLDAP update
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 64fb91fedf733518c5a4c3ea638c1b6f29f1e36d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue May 10 14:12:21 2022 +0000
Core Update 168: Ship necessary dependencies
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7dc85dec948bd6250a9f2845ccc919828b76a83d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue May 10 13:56:59 2022 +0000
Core Update 168: Ship coreutils
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 672582488b302da48c35e0652dd8609f5954d8e2
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue May 10 13:54:25 2022 +0000
Core Update 168: Ship GnuPG
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0e48c84c42407fc326bafba6c6166a38a0c3a3a4
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun May 8 15:23:03 2022 +0200
suricata: Perform ruleset update every 12 hours.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3b926424278d9f0d2f89c9684b8d7bbf86de858c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 8 14:16:10 2022 +0000
Update rootfiles
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit dc871930f600677514cefca5fb7befa4e809442e
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 8 13:14:16 2022 +0000
Core Update 168: Ship pakfire.cgi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2b5253bbbb3acb6f276040ffe095f7380ea3991d
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Sun May 8 14:09:52 2022 +0200
pakfire.cgi: Cosmetic fixes
Add formatting to improve readability of dependencies list header.
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Acked-by: Peter Müller <peter.muelle(a)ipfire.org>
commit 3706e0a5b34f65baa7b6bfaad38ac6bd0496d50c
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Sun May 8 14:09:51 2022 +0200
pakfire.cgi: Discard tac stderr output
Prevents meaningless "broken pipe" messages in the httpd error log.
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Acked-by: Peter Müller <peter.muelle(a)ipfire.org>
commit 85d570843ef7b4b1a428dadf93e5a2a8410348ca
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Sun May 8 14:09:50 2022 +0200
pakfire.cgi: Implement Post/Redirect/Get pattern
Refreshing the Pakfire page may cause a command to be
executed multiple times and induce odd errors.
This patch implements a HTTP 303 redirect after form processing,
which causes the browser to discard the POST form data.
Navigating backward or reloading the page now does not trigger
multiple executions anymore.
Fixes: #12781
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Acked-by: Peter Müller <peter.muelle(a)ipfire.org>
commit 3cdb83939bc69d7e3d4ca911361d84f54301f4b8
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Sun May 8 14:09:49 2022 +0200
pakfire.cgi: Notify user if Pakfire is already performing a task
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Acked-by: Peter Müller <peter.muelle(a)ipfire.org>
commit 4b5d1f3001e5f47399d3c1a6eabcd18c1a318996
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Sun May 8 14:09:48 2022 +0200
pakfire.cgi: Show error and log messages earlier
The main page cannot be used while an installation is running.
Therefore it makes more sense to generate the log output first.
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Acked-by: Peter Müller <peter.muelle(a)ipfire.org>
commit 0f506a130c67a67c833530b2b8ad44f811df5ac6
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Sun May 8 14:09:47 2022 +0200
pakfire.cgi: Fix indentation
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Acked-by: Peter Müller <peter.muelle(a)ipfire.org>
commit cd521e78b815e84c31683b3cc2ec085f6f97d939
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Sun May 8 14:09:46 2022 +0200
pakfire.cgi: Separate command processing and HTML generation
Move most of the command execution away from the HTML output.
This makes it easier to modify or extend individual commands.
Also load Pakfire settings earlier to ensure that they are
available during command execution.
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Acked-by: Peter Müller <peter.muelle(a)ipfire.org>
commit c7105c6e66bdc9ed1c42d4248926c0e7b654b414
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 8 12:05:53 2022 +0000
spectre-meltdown-checker: Update to 0.45
Please refer to https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.45
for the release announcements of this version.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d79814485fba7eb410497ec8e904dc717ef4a065
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 8 12:03:18 2022 +0000
Core Update 168: Delete orphaned symlinks to Suricata ruleset updater
Reported-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit fd1e3e3c7417c14809b1fbbf8f7620c99053009b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 8 12:00:10 2022 +0000
Core Update 168: Stop services before extracting files
https://lists.ipfire.org/pipermail/development/2022-May/013398.html
On a general note, we should do so for every Core Update, as it is more
sane to stop services before deleting or overwriting any files.
Reported-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0ab31dfdb1b3fce7aa4f3db0373de8808fa02acb
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 8 11:42:19 2022 +0000
make.sh: Sigh, bump core update version
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3e2e9c159389db191989ad2cb0553d5b9a2bae9f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 8 11:41:09 2022 +0000
Core Update 168: Ship intel-microcodes and rebuild initrds
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 822076e0c2109c4a59a93be9c2592f8475726c87
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 8 11:24:06 2022 +0000
intel-microcode: Update to 20220419
Please refer to https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220419
for the release announcement.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 40811ff383dc358e77afa9c482199336a4ffdca6
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 8 09:01:24 2022 +0000
Suricata: Install Core Update 167 converter script
My fault, again. :-/
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 99a79bcbd89de07e108b836fe7d19bd26aeb02c3
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 21:17:47 2022 +0000
Revert "Core Update 168: Ship boost and delete orphaned libraries"
This reverts commit 3bd471b8203b878e9e270d833d49e08921c584e3.
commit 568215c84bb52ad09d7df43492eb61d99e343ac3
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 21:16:45 2022 +0000
Revert "boost: Fix rootfile entries that referred to python3.8 instead of 3.10"
This reverts commit 05a1fe1362b633b82b696a88801bb29fb1070872.
For some reason, the rootfile changes introduced with this patch break
the build, as they do not seem to be present. Needs further
investigation.
commit 5ecf056d52b007a413db0477254a3600fef1d81c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 16:47:44 2022 +0000
Drop libusb-compat
This was solely needed for NUT, which has now been updated, and does not
require an older libusb version to be carried around.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b2f707cb025bccf4417b0848e1140fc610e76fd6
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu May 5 18:39:53 2022 +0200
nut: Update to version 2.8.0
- Update from version 2.7.4 to 2.8.0
- 2.7.4 was released in 2016 and since then not a lot of progress was made with it but
since the start of 2022 new work on nut has ocurred culminating in this release
- Update of rootfile
- Ran find-dependencies on the old libraries due to the sobump to confirm that nothing
else than nut used them, which was the case.
- Changelog
After a long and windy trip since the last official release v2.7.4 half a dozen
years ago, we the community, contributors and maintainers are proud to announce
at last the general availability of NUT v2.8.0!
As always, the new release includes numerous new drivers, sub-drivers, protocols
and bug-fixes, with many companies and individuals chipping in with contributions
of code.Thanks to everyone involved in making this happen, inspiring the changes,
and providing the open-source friendly infrastructure.
This release also culminates a significant effort in improvements of NUT QA and
CI, and as a result -- in codebase quality and portability across a decade or
two of recent platforms, third-party tools and other dependencies. As a side
effect, public API (in headers and libraries) has changed a bit, hence a new
semantic "minor" number is claimed for this major body of work.
During this time, the https://networkupstools.org/ web site has changed to a
rolling-release model to serve current information to match the evolving
codebase. There are now special Sub-sites for historic releases to keep
documentation snapshots relevant for users of packages which are typically based
on official NUT releases.
We recognize that NUT is an important piece of infrastructure which gets built
into all sorts of devices, projects and operating systems -- some of which the
team never heard of until they pop up in a question, and others we haven't heard
of for years -- so we take a seriously omnivorous stance towards covering many
versions and implementations of compiler suites, C/C++ revisions, make programs,
shell and other scripted language interpreters, OSes and CPUs, and other similar
variables tamed with our new NUT CI farm test matrix dynamically driven by
currently registered build agents and their declared capabilities.
Sections in the NEWS and UPGRADING files about changes since last release are
several pages long, so would not all be repeated here. A few important
highlights for distribution packagers and custom builders follow, however:
NUT now supports more i2c and modbus devices, as well as libusb-1.0 support
as an alternative to earlier libusb-0.1 (so new dependency-based categories
of packages for drivers may be due);
NUT Python modules and scripts (e.g. NUT-Monitor variants) should work with
python-2.7 and with python-3.x, so covering historic distro releases as
well as new ones (and so your distro can deliver one or both, probably in
several packages with different dependencies in the latter case);
NUT provides revised reference systemd and SMF service unit definitions,
including support of drivers wrapped into individual service instances with
varying dependencies based on different media required (networked stack, USB
stack, etc.), and many daemons include -F option for running "in foreground"
to avoid extra forking after one already done by a service framework - you
may want to use those in your packaged deliverables;
NUT newly provides the "nut-driver-enumerator" script and service, which
allows it to follow edition of ups.conf and dynamically define+(re)start and
stop+undefine service instances for drivers - there are several ways it can
be integrated for different use-cases;
There are several new configuration keywords and CLI options - so while new
NUT builds should work with old configs and scripts, the opposite is not
necessarily true (old binaries may reject configurations taking advantage
of new features);
There are several new protocol keywords - but old and new NUT daemons (data
server and clients) should be able to communicate both ways;
It is assumed that API/ABI changes may require third-party NUT clients
(library consumers of libnutclient, libupsclient, libnutscan... -- their
version info was bumped accordingly) to get rebuilt, in order to work with
the new NUT release in a stable fashion;
The dummy-ups driver used in automated testing now processes *.dev filename
patterns once and does not loop, like it still does for *.seq and other
files (by default);
USB code is now more strict about logical minimum/maximum ranges for data
reported from devices, and some devices were already found to make mistakes
- so there is also a mechanism for turning a blind eye to known issues and
fix-up such report descriptors to produce intended sane values;
New documentation page docs/config-prereqs.txt highlights packaged
dependencies installable on a large range of platforms to build as much of
NUT as possible (incidentally, ones NUT CI farm uses to test every iteration);
Finally, we hope that NUT codebase might be able to cater for everyone "out
of the box" (it also simplifies local builds from GitHub sources on any
systems, for troubleshooting and checking pre-release enhancements): if you
as a packager have to apply patches for your distribution, give it a thought
-- whether they address a common issue best solved upstream once and behave
similarly for everyone (and conversely, if your platform can do with
existing solutions already tracked in the NUT version du-jour). PRs welcome!
Or at least Wiki entries to list all the distro efforts for cross-pollination
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b6fe8ee88dafb5ebb02a787b11da602de016969d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 16:24:20 2022 +0000
Run ./make.sh update-contributors
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 5b1299f71717a59f50ea5b7aa7796dfe27afd080
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 16:22:51 2022 +0000
oinkmaster: Delete remnants
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 68725035744de0253f19e0b3550799799a44f80d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 16:21:23 2022 +0000
Core Update 168: Ship and apply IDSv4 changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 4d4f5df0c8b4e212cec1fd1206616308584df18e
Merge: e47f7c829 1a9e81ce7
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 16:07:41 2022 +0000
Merge branch 'temp-stevee-idsv4' into next
commit e47f7c8295ef92b6ee40ce88154d4449c4b29f19
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 15:31:16 2022 +0000
Core Update 168: Ship freetype
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c78f6e33f8415bdefb5be953032eba111d3585ff
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed May 4 21:51:00 2022 +0200
freetype: Update to version 2.12.1
- Update from version 2.11.1 to 2.12.1
- Update of rootfile
- Changelog
CHANGES BETWEEN 2.12.0 and 2.12.1
I. IMPORTANT BUG FIXES
- Loading CFF fonts sometimes made FreeType crash (bug introduced in
version 2.12.0)
- Loading a fully hinted TrueType glyph a second time (without
caching) sometimes yielded different rendering results if TrueType
hinting was active (bug introduced in version 2.12.0).
- The generation of the pkg-config file `freetype2.pc` was broken if
the build was done with cmake (bug introduced in version 2.12.0).
II. MISCELLANEOUS
- New option `--with-librsvg` for the `configure` script for better
FreeType demo support.
- The meson build no longer enforces both static and dynamic
versions of the library by default.
- The internal zlib library was updated to version 1.2.12. Note,
however, that FreeType is *not* affected by CVE-2018-25032 since
it only does decompression.
CHANGES BETWEEN 2.11.1 and 2.12.0
I. IMPORTANT CHANGES
- FreeType now handles OT-SVG fonts, to be controlled with
`FT_CONFIG_OPTION_SVG` configuration macro. By default, it can
only load the 'SVG ' table of an OpenType font. However, by using
the `svg-hooks` property of the new 'ot-svg' module it is possible
to register an external SVG rendering engine. The FreeType demo
programs have been set up to use 'librsvg' as the rendering
library.
This work was Moazin Khatti's GSoC 2019 project.
II. MISCELLANEOUS
- The handling of fonts with an 'sbix' table has been improved.
- Corrected bitmap offsets.
- A new tag `FT_PARAM_TAG_IGNORE_SBIX` for `FT_Open_Face` makes
FreeType ignore an 'sbix' table in a font, allowing applications
to access the font's outline glyphs.
- `FT_FACE_FLAG_SBIX` and `FT_FACE_FLAG_SBIX_OVERLAY` together
with their corresponding preprocessor macros `FT_HAS_SBIX` and
`FT_HAS_SBIX_OVERLAY` enable applications to treat 'sbix' tables
as described in the OpenType specification.
- The internal 'zlib' code has been updated to be in sync with the
current 'zlib' version (1.2.11).
- The previously internal load flag `FT_LOAD_SBITS_ONLY` is now
public.
- Some minor improvements of the building systems, in particular
handling of the 'zlib' library (internal vs. external).
- Support for non-desktop Universal Windows Platform.
- Various other minor bug and documentation fixes.
- The `ftdump` demo program shows more information for Type1 fonts
if option `-n` is given.
- `ftgrid` can now display embedded bitmap strikes.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 6f3da00c53ac58dcbb833740b7a6f069166ee98f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed May 4 21:51:28 2022 +0200
sdl2: Update to version 2.0.22
- Update from version 2.0.20 to 2.0.22
- Update of rootfile
- Changelog
2.0.22:
General:
* Added SDL_RenderGetWindow() to get the window associated with a renderer
* Added floating point rectangle functions:
* SDL_PointInFRect()
* SDL_FRectEmpty()
* SDL_FRectEquals()
* SDL_FRectEqualsEpsilon()
* SDL_HasIntersectionF()
* SDL_IntersectFRect()
* SDL_UnionFRect()
* SDL_EncloseFPoints()
* SDL_IntersectFRectAndLine()
* Added SDL_IsTextInputShown() which returns whether the IME window is currently
shown
* Added SDL_ClearComposition() to dismiss the composition window without disabling
IME input
* Added SDL_TEXTEDITING_EXT event for handling long composition text, and a hint
SDL_HINT_IME_SUPPORT_EXTENDED_TEXT to enable it
* Added the hint SDL_HINT_MOUSE_RELATIVE_MODE_CENTER to control whether the mouse
should be constrained to the whole window or the center of the window when
relative mode is enabled
* The mouse is now automatically captured when mouse buttons are pressed, and the
hint SDL_HINT_MOUSE_AUTO_CAPTURE allows you to control this behavior
* Added the hint SDL_HINT_VIDEO_FOREIGN_WINDOW_OPENGL to let SDL know that a
foreign window will be used with OpenGL
* Added the hint SDL_HINT_VIDEO_FOREIGN_WINDOW_VULKAN to let SDL know that a
foreign window will be used with Vulkan
* Added the hint SDL_HINT_QUIT_ON_LAST_WINDOW_CLOSE to specify whether an
SDL_QUIT event will be delivered when the last application window is closed
* Added the hint SDL_HINT_JOYSTICK_ROG_CHAKRAM to control whether ROG Chakram
mice show up as joysticks
Windows:
* Added support for SDL_BLENDOPERATION_MINIMUM and SDL_BLENDOPERATION_MAXIMUM to
the D3D9 renderer
Linux:
* Compiling with Wayland support requires libwayland-client version 1.18.0 or later
* Added the hint SDL_HINT_X11_WINDOW_TYPE to specify the _NET_WM_WINDOW_TYPE of
SDL windows
* Added the hint SDL_HINT_VIDEO_WAYLAND_PREFER_LIBDECOR to allow using libdecor
with compositors that support xdg-decoration
Android:
* Added SDL_AndroidSendMessage() to send a custom command to the SDL java activity
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 401a2f3db0303e404987d06890296f23966c8ae8
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed May 4 21:51:15 2022 +0200
hplip: Update to version 3.22.4
- Update from version 3.22.2 to 3.22.4
- Update of rootfile
- Changelog
HPLIP 3.22.4 - This release has the following changes:
Added support for following new Distro's:
Manjaro 21.2
Added support for the following new Printers:
HP LaserJet Pro 4001ne
HP LaserJet Pro 4001n
HP LaserJet Pro 4001dne
HP LaserJet Pro 4001dn
HP LaserJet Pro 4001dwe
HP LaserJet Pro 4001dw
HP LaserJet Pro 4001d
HP LaserJet Pro 4001de
HP LaserJet Pro 4002ne
HP LaserJet Pro 4002n
HP LaserJet Pro 4002dne
HP LaserJet Pro 4002dn
HP LaserJet Pro 4002dwe
HP LaserJet Pro 4002dw
HP LaserJet Pro 4002d
HP LaserJet Pro 4002de
HP LaserJet Pro 4003dn
HP LaserJet Pro 4003dw
HP LaserJet Pro 4003n
HP LaserJet Pro 4003d
HP LaserJet Pro 4004d
HP LaserJet Pro 4004dn
HP LaserJet Pro 4004dw
HP LaserJet Pro MFP 4101dwe
HP LaserJet Pro MFP 4101dw
HP LaserJet Pro MFP 4101fdn
HP LaserJet Pro MFP 4101fdne
HP LaserJet Pro MFP 4101fdw
HP LaserJet Pro MFP 4101fdwe
HP LaserJet Pro MFP 4102dwe
HP LaserJet Pro MFP 4102dw
HP LaserJet Pro MFP 4102fdn
HP LaserJet Pro MFP 4102fdw
HP LaserJet Pro MFP 4102fdwe
HP LaserJet Pro MFP 4102fdne
HP LaserJet Pro MFP 4102fnw
HP LaserJet Pro MFP 4102fnwe
HP LaserJet Pro MFP 4103dw
HP LaserJet Pro MFP 4103dn
HP LaserJet Pro MFP 4103fdn
HP LaserJet Pro MFP 4103fdw
HP LaserJet Pro MFP 4104dw
HP LaserJet Pro MFP 4104fdw
HP LaserJet Pro MFP 4104fdn
HP ScanJet Pro 3600 f1
HP ScanJet Pro N4600 fnw1
HP ScanJet Pro 2600 f1
HP ScanJet Enterprise Flow N6600 fnw1
HPLIP 3.22.2 - This release has the following changes:
Added support for following new Distro's:
Elementary OS 6.1
RHEL 8.5
Linux Mint 20.3
Added support for the following new Printers:
HP LaserJet Tank MFP 1602a
HP LaserJet Tank MFP 1602w
HP LaserJet Tank MFP 1604w
HP LaserJet Tank MFP 2602dn
HP LaserJet Tank MFP 2602sdn
HP LaserJet Tank MFP 2602sdw
HP LaserJet Tank MFP 2602dw
HP LaserJet Tank MFP 2604dw
HP LaserJet Tank MFP 2604sdw
HP LaserJet Tank MFP 2603dw
HP LaserJet Tank MFP 2603sdw
HP LaserJet Tank MFP 2605sdw
HP LaserJet Tank MFP 2606dn
HP LaserJet Tank MFP 2606sdn
HP LaserJet Tank MFP 2606sdw
HP LaserJet Tank MFP 2606dw
HP LaserJet Tank MFP 2606dc
HP LaserJet Tank MFP 1005
HP LaserJet Tank MFP 1005w
HP LaserJet Tank MFP 1005nw
HP LaserJet Tank 1502a
HP LaserJet Tank 1502w
HP LaserJet Tank 1504w
HP LaserJet Tank 2502dw
HP LaserJet Tank 2502dn
HP LaserJet Tank 2504dw
HP LaserJet Tank 2503dw
HP LaserJet Tank 2506dw
HP LaserJet Tank 2506d
HP LaserJet Tank 2506dn
HP LaserJet Tank 1020
HP LaserJet Tank 1020w
HP LaserJet Tank 1020nw
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c36610e051b931b4ae497b633ca41713e03d53e7
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 12 12:33:36 2022 +0200
haproxy: Update to version 2.5.5
- Update from 2.4.15 to 2.5.5
- Update of rootfile not required
- Changelog
2.5.5
- CI: github actions: add the output of $CC -dM -E-
- CI: github actions: use cache for OpenTracing
- CI: refactor OpenTracing build script
- CI: github actions: use cache for SSL libs
- CI: Consistently use actions/checkout(a)v2
- BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
- BUILD: tree-wide: mark a few numeric constants as explicitly long long
- BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
- BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
- REGTESTS: fix the race conditions in normalize_uri.vtc
- REGTESTS: fix the race conditions in secure_memcmp.vtc
- BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
- BUG/MINOR: pool: always align pool_heads to 64 bytes
- BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
- BUILD: fix kFreeBSD build.
- MINOR: pools: add a new global option "no-memory-trimming"
- MINOR: stats: Add dark mode support for socket rows
- BUILD: pools: fix backport of no-memory-trimming on non-linux OS
- BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
- BUG/MINOR: add missing modes in proxy_mode_str()
- BUG/MINOR: cli: shows correct mode in "show sess"
- BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
- BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
- DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
- BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
- DEBUG: stream: Add the missing descriptions for stream trace events
- DEBUG: stream: Fix stream trace message to print response buffer state
- BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
- BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
- BUG/MEDIUM: httpclient: don't consume data before it was analyzed
- CLEANUP: htx: remove unused co_htx_remove_blk()
- BUG/MINOR: httpclient: consume partly the blocks when necessary
- BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
- BUG/MEDIUM: httpclient: must manipulate head, not first
- REGTESTS: fix the race conditions in be2hex.vtc
2.5.4
- BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
- BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
- BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
- DOC: Fix usage/examples of deprecated ACLs
- BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
- REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
- CI: github: enable pool debugging by default
- BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
2.5.3
- MINOR: sock: move the unused socket cleaning code into its own function
- BUG/MEDIUM: mworker: close unused transferred FDs on load failure
- BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
- BUG/MINOR: sink: Use the right field in appctx context in release callback
- BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
- BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
- BUG/MAJOR: compiler: relax alignment constraints on certain structures
- MINOR: httpclient: Don't limit data transfer to 1024 bytes
- BUG/MINOR: httpclient: reinit flags in httpclient_start()
- BUG/MINOR: mailers: negotiate SMTP, not ESMTP
- BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
- BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
- BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
- CLEANUP: httpclient/cli: fix indentation alignment of the help message
- BUG/MINOR: tools: url2sa reads ipv4 too far
- BUG/MEDIUM: httpclient: limit transfers to the maximum available room
- DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
2.5.2
- BUG/MEDIUM: connection: properly leave stopping list on error
- BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
- BUG/MINOR: httpclient: don't send an empty body
- BUG/MINOR: httpclient: set default Accept and User-Agent headers
- BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
- BUILD/MINOR: fix solaris build with clang.
- BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
- DOC: management: mark "set server ssl" as deprecated
- MEDIUM: cli: yield between each pipelined command
- MINOR: channel: add new function co_getdelim() to support multiple delimiters
- BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
- MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
- BUG/MEDIUM: cli: Never wait for more data on client shutdown
- BUG/MEDIUM: mcli: do not try to parse empty buffers
- BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
- BUG/MINOR: stream: make the call_rate only count the no-progress calls
- DEBUG: cli: add a new "debug dev fd" expert command
- BUILD: debug/cli: condition test of O_ASYNC to its existence
- DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
- REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
- BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
- BUG/MINOR: mworker: does not add the -sf in wait mode
- BUG/MINOR: pools: always flush pools about to be destroyed
- DEBUG: pools: add extra sanity checks when picking objects from a local cache
- DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
- DEBUG: pools: replace the link pointer with the caller's address on pool_free()
- BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
- BUG/MINOR: mworker: does not erase the pidfile upon reload
- DEBUG: fd: make sure we never try to insert/delete an impossible FD number
- MINOR: listener: replace the listener's spinlock with an rwlock
- BUG/MEDIUM: listener: read-lock the listener during accept()
- BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
- BUG/MEDIUM: httpclient: Xfer the request when the stream is created
- BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
- BUG/MINOR: jwt: Double free in deinit function
- BUG/MINOR: jwt: Missing pkey free during cleanup
- BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
- BUG/MINOR: httpclient/cli: display junk characters in vsn
- BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
- BUG/MAJOR: spoe: properly detach all agents when releasing the applet
- REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
- REGTESTS: peers: leave a bit more time to peers to synchronize
- BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
- BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
2.5.1
- BUG/MINOR: cache: Fix loop on cache entries in "show cache"
- BUG/MINOR: httpclient: allow to replace the host header
- BUG/MINOR: lua: don't expose internal proxies
- BUG/MINOR: lua: remove loop initial declarations
- BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
- BUILD: evports: remove a leftover from the dead_fd cleanup
- BUG/MINOR: vars: Fix the set-var and unset-var converters
- BUG/MINOR: server: Don't rely on last default-server to init server SSL context
- BUG/MEDIUM: resolvers: Detach query item on response error
- BUG/MAJOR: segfault using multiple log forward sections.
- BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
- BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
- BUG/MINOR: mworker: deinit of thread poller was called when not initialized
- MINOR: mux-h1: Improve H1 traces by adding info about http parsers
- BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
- BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query
- MINOR: cli: "show version" displays the current process version
- BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
- IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
- MINOR: http-rules: Add capture action to http-after-response ruleset
- BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
- DOC: spoe: Clarify use of the event directive in spoe-message section
- DOC: config: Specify %Ta is only available in HTTP mode
- DOC: config: retry-on list is space-delimited
- DOC: config: fix error-log-format example
- BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
- MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
- MINOR: pools: work around possibly slow malloc_trim() during gc
- BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
- BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
- BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
- BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
- BUILD: ssl: unbreak the build with newer libressl
- DOC: fix misspelled keyword "resolve_retries" in resolvers
- DEBUG: ssl: make sure we never change a servername on established connections
- BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time
- BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
- REGTESTS: ssl: fix ssl_default_server.vtc
- MINOR: compat: detect support for dl_iterate_phdr()
- MINOR: debug: add ability to dump loaded shared libraries
- MINOR: debug: add support for -dL to dump library names at boot
- MINOR: proxy: add option idle-close-on-response
- MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
- BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
- CI: Github Actions: do not show VTest failures if build failed
- BUG/MINOR: ssl: free the fields in srv->ssl_ctx
- BUG/MEDIUM: ssl: free the ckch instance linked to a server
- REGTESTS: ssl: update of a crt with server deletion
- BUILD/MINOR: cpuset FreeBSD 14 build fix.
- CI: github actions: update OpenSSL to 3.0.1
- BUILD/MINOR: tools: solaris build fix on dladdr.
- BUG/MINOR: cli: fix _getsocks with musl libc
- BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
- BUG/MEDIUM: mworker: don't use _getsocks in wait mode
- BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
- BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
- BUILD: cpuset: fix build issue on macos introduced by previous change
- CI: github actions: clean default step conditions
2.5.0
- BUILD: SSL: add quictls build to scripts/build-ssl.sh
- BUILD: SSL: add QUICTLS to build matrix
- CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis
- BUILD: cli: clear a maybe-unused warning on some older compilers
- BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword
- BUG/MINOR: ssl: make SSL counters atomic
- CLEANUP: assorted typo fixes in the code and comments
- BUG/MINOR: ssl: free correctly the sni in the backend SSL cache
- MINOR: version: mention that it's stable now
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 3bd471b8203b878e9e270d833d49e08921c584e3
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 14:23:30 2022 +0000
Core Update 168: Ship boost and delete orphaned libraries
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 05a1fe1362b633b82b696a88801bb29fb1070872
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed May 4 13:14:29 2022 +0200
boost: Fix rootfile entries that referred to python3.8 instead of 3.10
- In Jan 2022 I updated python from 3.8 to 3.10 but I missed that boost had rootfile
entries with python38 in it.
- Running a build just now for another package it got flagged up that the rootfile for
boost had been changed and the logfile now had the entries with python310 instead of
python38
- Not clear why it only flagged this up now but this patch is to correct that error
- Running find-dependencies on both the pyton38 and python310 versions of the libraries
flagged nothing as being linked to either, so probably lucky with this being missed
first time around.
- Boost will need to be shipped with a Core Update
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ce386d20ab8c5eea847038fb83dc8396bbbe2c04
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 14:18:46 2022 +0000
Core Update 168: Ship OpenSSL
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a694737a131fccbc791ab70693a0da8b1c5d550b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed May 4 12:59:48 2022 +0200
openssl: Update to version 1.1.1o
- Update from version 1.1.1n to 1.1.1o
- Update of rootfile not required
- This patch is to go into CU168 as this update is for fixing a moderate severity CVE
- Changelog
1.1.1o [3 May 2022]
(CVE-2022-1292)
Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d97295c680de05d7528471077115a46f3a48f600
Merge: 98b761a55 c22d834ca
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu May 5 14:18:13 2022 +0000
Merge branch 'master' into next
commit 98b761a5576204b9cd0c8a441f2eeb4d530cadd6
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 2 20:26:46 2022 +0000
download-rust-crate: Switch from MD5 to BLAKE2
https://wiki.ipfire.org/devel/telco/2022-05-02
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit eac8a6fbb86b8befb00adc318d0675a1c4748ed5
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 29 14:05:22 2022 +0200
mpc: Update to version 0.34
- Update from version 0.33 to 0.34
- Combined this patch with update to mpd as mpc depends on mpd
- Changelog
0.34 (2021/11/30)
* add commands "albumart", "readpicture"
* don't print status after error
* custom status format
* support grouping "list" results
* meson: auto-build libmpdclient if not available
* require libmpdclient 2.16 or newer
* require MPD 0.21 or newer
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 66c022d88741a79228575189aadbd106abe668f6
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 29 14:05:21 2022 +0200
fmt: Addition of new build time dependency for mpd
- lfs and rootfile created
- Added fmt to make.sh
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 944454beecf07808814a3cd9271883e1a4b2e22b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 29 14:05:20 2022 +0200
mpd: Update to version 0.23.6
- Update from version 0.22.6 to 0.23.6
- Update of rootfile not required
- Since version 0.23 there is a new build time dependency for libfmt so a separate
patch has been created to add fmt to the system but only for build
- Changelog
ver 0.23.6 (2022/03/14)
* protocol
- support filename "cover.webp" for "albumart" command
- support "readcomments" and "readpicture" on CUE tracks
* decoder
- ffmpeg: fix end-of-file check (update stuck at empty files)
- opus: fix "readpicture" on Opus files
* output
- pipewire: fix crash bug if setting volume before playback starts
- wasapi: fix resume after pause
ver 0.23.5 (2021/12/01)
* protocol
- support relative offsets for "searchadd"
- fix "searchaddpl" bug (bogus error "Bad position")
* database
- upnp: fix crash bug
* tags
- fix MixRamp support
* migrate to PCRE2
* GCC 12 build fixes
ver 0.23.4 (2021/11/11)
* protocol
- add optional position parameter to "searchaddpl"
* decoder
- ffmpeg: support libavcodec 59
* output
- alsa: add option "thesycon_dsd_workaround" to work around device bug
* fix crash on debug builds if startup fails
* systemd
- remove "RuntimeDirectory" directive because it caused problems
- ignore the "pid_file" setting if started as systemd service
* Windows
- enable the "openmpt" decoder plugin
ver 0.23.3 (2021/10/31)
* protocol
- add optional position parameter to "add" and "playlistadd"
- allow range in "playlistdelete"
* database
- fix scanning files with question mark in the name
- inotify: fix use-after-free bug
* output
- alsa: add option "stop_dsd_silence" to work around DSD DAC noise
* macOS: fix libfmt related build failure
* systemd: add "RuntimeDirectory" directive
ver 0.23.2 (2021/10/22)
* protocol
- fix "albumart" timeout bug
* input
- nfs: fix playback bug
* output
- pipewire: send artist and title to PipeWire
- pipewire: DSD support
* neighbor
- mention failed plugin name in error message
* player
- fix cross-fade regression
* fix crash with libfmt versions older than 7
ver 0.23.1 (2021/10/19)
* protocol
- use decimal notation instead of scientific notation
- "load" supports relative positions
* output
- emit "mixer" idle event when replay gain changes volume
- pipewire: emit "mixer" idle events on external volume change
- pipewire: attempt to change the graph sample rate
- snapcast: fix time stamp bug which caused "Failed to get chunk"
* fix libfmt linker problems
* fix broken password authentication
ver 0.23 (2021/10/14)
* protocol
- new command "getvol"
- show the audio format in "playlistinfo"
- support "listfiles" with arbitrary storage plugins
- support relative positions in "addid"
- fix relative positions in "move" and "moveid"
- add "position" parameter to "findadd" and "searchadd"
- add position parameter to "load"
* database
- proxy: require MPD 0.20 or later
- proxy: require libmpdclient 2.11 or later
- proxy: split search into chunks to avoid exceeding the output buffer
- simple: add option to hide CUE target songs
- upnp: support libnpupnp instead of libupnp
* archive
- zzip, iso9660: ignore file names which are invalid UTF-8
* decoder
- openmpt: new plugin
- wavpack: fix WVC file support
* player
- do not cross-fade songs shorter than 20 seconds
* output
- oss: support DSD over PCM
- pipewire: new plugin
- snapcast: new plugin
* tags
- new tags "ComposerSort", "Ensemble", "Movement", "MovementNumber", and "Location"
* split permission "player" from "control"
* add option "host_permissions"
* new build-time dependency: libfmt
ver 0.22.11 (2021/08/24)
* protocol
- fix "albumart" crash
* filter
- ffmpeg: pass "channel_layout" instead of "channels" to buffersrc
- ffmpeg: fix "av_buffersink_get_frame() failed: Resource temporarily unavailable"
- ffmpeg: support double-precision samples (by converting to single precision)
* Android
- build with NDK r23
- playlist_directory defaults to "/sdcard/Android/data/org.musicpd/files/playlists"
ver 0.22.10 (2021/08/06)
* protocol
- support "albumart" for virtual tracks in CUE sheets
* database
- simple: fix crash bug
- simple: fix absolute paths in CUE "as_directory" entries
- simple: prune CUE entries from database for non-existent songs
* input
- curl: fix crash bug after stream with Icy metadata was closed by peer
- tidal: remove defunct unmaintained plugin
* tags
- fix crash caused by bug in TagBuilder and a few potential reference leaks
* output
- httpd: fix missing tag after seeking into a new song
- oss: fix channel order of multi-channel files
* mixer
- alsa: fix yet more rounding errors
ver 0.22.9 (2021/06/23)
* database
- simple: load all .mpdignore files of all parent directories
* tags
- fix "readcomments" and "readpicture" on remote files with ID3 tags
* decoder
- ffmpeg: support the tags "sort_album", "album-sort", "artist-sort"
- ffmpeg: fix build failure with FFmpeg 3.4
* Android
- fix auto-start on boot in Android 8 or later
* Windows
- fix build failure with SQLite
ver 0.22.8 (2021/05/22)
* fix crash bug in "albumart" command (0.22.7 regression)
ver 0.22.7 (2021/05/19)
* protocol
- don't use glibc extension to parse time stamps
- optimize the "albumart" command
* input
- curl: send user/password in the first request, save one roundtrip
* decoder
- ffmpeg: fix build problem with FFmpeg 3.4
- gme: support RSN files
* storage
- curl: don't use glibc extension
* database
- simple: fix database corruption bug
* output
- fix crash when pausing with multiple partitions
- jack: enable on Windows
- httpd: send header "Access-Control-Allow-Origin: *"
- wasapi: add algorithm for finding usable audio format
- wasapi: use default device only if none was configured
- wasapi: add DoP support
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 69a72eb43924e14164d2a5ec142e1f544219198b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun May 1 16:00:00 2022 +0200
apcupsd: Force update to get new libgd library
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 1d683be87622e80b3c672b252c89c9d6c376bed5
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun May 1 15:59:59 2022 +0200
icinga: Force update to get new libgd library
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 45bae9ac918b3ff937a8805506f3cf2084ee214b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun May 1 15:59:58 2022 +0200
sarg: Force update to get new libgd library
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit e1ea4c0ad2ccda7ecd09c581203f7ebce12f6c5c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun May 1 15:47:13 2022 +0200
gcc: Update mpfr with patches for use in toolchain build
- Added mpfr consolidated patches file to mpfr in gcc. mpfr is built internally for use
in the toolchain.
- Confirmed working by running./make toolchain which ran successfully
confirmed from the _build.toolchain.log file that the patches were successfully
implemented for gcc pass 1, gcc pass L and gcc pass 2
- Full toolchain build successfully completed.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2784c87b0e5978a6c49c814625a7e949298b57bb
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 2 05:38:27 2022 +0000
Core Update 168: Fix permissions of /etc/sudoers.d/
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a260900c8d160192adc96234bb8a125f69b28c30
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 30 10:05:44 2022 +0000
Do not permit world-readability of /etc/sudoers.d/
Lynis (rightly) complains about this directory and its contents being
world-readable on current IPFire installations. Since there is no
necessity for this, we might as well chmod them to 750 / 640.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 64567c94232a7f015b07d5a280f63fd7c6df696d
Author: Jon Murphy <jon.murphy(a)ipfire.org>
Date: Sun May 1 18:16:23 2022 -0500
pcengines-apu-firmware: Update to version 4.16.0.3
- Update from 4.15.0.1 to 4.16.0.3
- Update of rootfile
- Changelog
v4.16.0.3 - Release date: 2022-04-21
Rebased with official coreboot repository commit 2c4b426557
See: https://github.com/pcengines/coreboot/compare/v4.16.0.2...v4.16.0.3
v4.16.0.2 - Release date: 2022-03-29
Rebased with official coreboot repository commit 66f99f7fa7
See: https://github.com/pcengines/coreboot/compare/v4.16.0.1...v4.16.0.2
v4.16.0.1 - Release date: 2022-03-08
Rebased with official coreboot repository commit b4ba289fa5
Disabled loglevel prefixes introduced in coreboot 4.16
Disabled ANSI escape sequences introduced in coreboot 4.16
Fixed AMD PSP CCP as entropy source
v4.15.0.3 - Release date: 2022-02-16
Rebased with official coreboot repository commit 36425312ee
Added checking hardware matrix before regression tests
Fixed the hard disk not visible in the Seabios Boot Menu
v4.15.0.2 - Release date: 2022-01-11
rebased with official coreboot repository commit 3990da0b
disabled SMM
enabled parallel AP initialization for apu2-6 for faster boot time
Signed-off-by: Jon Murphy <jon.murphy(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 52209fedab107907a1a8225b9cdc9edf4c54d251
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 2 05:35:12 2022 +0000
langs: Add missing link
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d4afd45e1138adf32ef87c483224f387d6566cfe
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 2 05:30:08 2022 +0000
Core Update 168: Ship and apply sysctl changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1af975dcebb2892a13775d344109508e46bb0be4
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 30 09:45:27 2022 +0000
sysctl: Use strict Reverse Path Filtering
The strict mode, as specified in RFC 3704, section 2.2, causes packets
to be dropped by the kernel if they arrive with a source IP address that
is not expected on the interface they arrived in. This prevents internal
spoofing attacks, and is considered best practice among the industry.
After a discussion with Michael, we reached the conclusion that
permitting users to configure the operating mode of RPF in IPFire causes
more harm than good. The scenarios where strict RPF is not usable are
negligible, and the vast majority of IPFire's userbase won't even
notice a difference.
This supersedes <495b4ca2-5a4b-2ffa-8306-38f152889582(a)ipfire.org>.
Suggested-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 01cb6d794baf9f19c47e4037e7e0bf3e7b7710f3
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon May 2 05:28:32 2022 +0000
cups: Bump package version
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2a14689ba86fa0acc222c6bffdb911d674ce34f8
Author: Daniel Weismueller <daniel.weismueller(a)ipfire.org>
Date: Thu Apr 28 16:24:16 2022 +0200
cups: for now cups make a backup on uninstall
and a restore on install / update
The include file that was added in a previous commit allowed to manually
create a backup, but none was created when the addon was installed,
uninstalled or updated.
Signed-off-by: Daniel Weismueller <daniel.weismueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 01eb9debf3bc28880912b6596ad6cb659b9c3a3b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Apr 29 15:24:59 2022 +0000
Tor: Update to 0.4.7.7
Please refer to https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.7.7
for the changelog of this version.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit e1e94ae75b5cb4835d9a35a7c054db66778a8114
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 30 19:34:58 2022 +0200
minidlna: Addition of patches to fix CVE-2022-26505
- CVE-2022-26505 A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1
allows a remote web server to exfiltrate media files. CVE created on 6th March 2022
- minidlna have created the patches to fix CVE-2022-26505 and have created a git tag for
version 1.3.1 but have not provided any 1.3.1 source tarballs. A ticket was raised on
14th March 2022 in the source forge support system asking to "Please publish a tarball
for 1.3.1" but there was no reply from the developer so far.
- In the NIST National Vulnerability Database it refers to a fix implemented in 1.3.1 but
the link to the sourceforge page is only the patches applied for the fix
- I used those diff descriptions to create a patch to implement on the existing 1.3.0
version in IPFire and this patch submission applies that fix
- Incremented the lfs PAK_VER
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 53736cfe67a21848b095746b123119c96b2d5dac
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 30 19:34:42 2022 +0200
man-pages: Update to version 5.13
- Update from version 2.34 (2006) to 5.13 (2021)
- Update of rootfile
- Changelog is too long to include here (~50000 lines)
Details for version 5.13 can be found in the file Changes in the source tarball
Details for version back to 2.34 can be found in the file Changes.old in the
source tarball
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 908a25c644c1d1dd87bc0dca8cc2698fb30c87a0
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 30 19:34:14 2022 +0200
libpipeline: Addition as build dependency for man
- Created lfs and rootfile
- Added entry into make.sh
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f5b9dcd1ccc930255aca4992023097cf1ef496cf
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 30 19:34:13 2022 +0200
man: Update to version 2.10.2
- Update from version 2.4.3 (2005) to 2.10.2 (2022)
- Update of rootfile
- Addition of libpipeline as a build dependency - separate patch for that.
- Changelog is too long to include here (~14000 lines)
Details back to 2013 can be found in the file ChangeLog in the source tarball
Details from 2013 back to version 2.4.3 can be found in the file ChangeLog-2013 in the
source tarball
90 bug fixes listed in ChangeLog
128 bug fixes listed in Changelog-2013 back to the version after 2.4.3
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit eecf8445e23a5d9061c18c4bee88090a3a47e0ec
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 1 08:36:10 2022 +0000
Core Update 168: Ship iana-etc
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f4d1ada17054d4d0f08c270ce50dfc90f917307c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 30 19:33:46 2022 +0200
iana-etc: Update to version 20220414
- Update from version 20220207 to 20220414
- Update of rootfile not required
- Changelog
Add new iana release 20220414
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0f907074168a0c7db05b9d25e48999a05a489ac9
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun May 1 08:35:18 2022 +0000
Core Update 168: Ship curl
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f61ced49e9b2452bee1448f3a42a050c793194a4
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 30 19:33:31 2022 +0200
curl: Update to version 7.83.0
- Update from 7.82.0 to 7.83.0
- Update of rootfile
- Changelog
7.83.0
Changes:
o curl: add %header{name} experimental support in -w handling
o curl: add %{header_json} experimental support in -w handling
o curl: add --no-clobber [28]
o curl: add --remove-on-error [11]
o header api: add curl_easy_header and curl_easy_nextheader [56]
o msh3: add support for QUIC and HTTP/3 using msh3 [84]
Bugfixes:
o appveyor: add Cygwin build [77]
o appveyor: only add MSYS2 to PATH where required [78]
o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27]
o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26]
o BINDINGS.md: add Hollywood binding [34]
o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42]
o CI: install Python package impacket to run SMB test 1451 [5]
o configure.ac: move -pthread CFLAGS setting back where it used to be [14]
o configure: bump the copyright year range int the generated output
o conncache: include the zone id in the "bundle" hashkey [112]
o connecache: remove duplicate connc->closure_handle check [90]
o connect: make Curl_getconnectinfo work with conn cache from share handle [22]
o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6]
o cookie.d: clarify when cookies are sent
o cookies: improve errorhandling for reading cookiefile [123]
o curl/system.h: update ifdef condition for MCST-LCC compiler [4]
o curl: error out if -T and -d are used for the same URL [99]
o curl: error out when options need features not present in libcurl [18]
o curl: escape '?' in generated --libcurl code [117]
o curl: fix segmentation fault for empty output file names. [60]
o curl_easy_header: fix typos in documentation [74]
o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126]
o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105]
o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79]
o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63]
o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127]
o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9]
o docs/HYPER.md: updated to reflect current hyper build needs
o docs/opts: Mention Schannel client cert type is P12 [50]
o docs: Fix missing semicolon in example code [102]
o docs: lots of minor language polish [51]
o English: use American spelling consistently [95]
o fail.d: tweak the description [101]
o firefox-db2pem.sh: make the shell script safer [47]
o ftp: fix error message for partial file upload [61]
o gen.pl: change wording for mutexed options [98]
o GHA: add openssl3 jobs moved over from zuul [88]
o GHA: build hyper with nightly rustc [7]
o GHA: move bearssl jobs over from zuul [85]
o gha: move the event-based test over from Zuul [59]
o gtls: fix build for disabled TLS-SRP [48]
o http2: handle DONE called for the paused stream [69]
o http2: RST the stream if we stop it on our own will [67]
o http: avoid auth/cookie on redirects same host diff port [110]
o http: close the stream (not connection) on time condition abort [68]
o http: reject header contents with nul bytes [41]
o http: return error on colon-less HTTP headers [31]
o http: streamclose "already downloaded" [57]
o hyper: fix status_line() return code [13]
o hyper: fix tests 580 and 581 for hyper [107]
o hyper: no h2c support [33]
o infof: consistent capitalization of warning messages [103]
o ipv4/6.d: clarify that they are about using IP addresses [3]
o json.d: fix typo (overriden -> overridden) [24]
o keepalive-time.d: It takes many probes to detect brokenness [29]
o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45]
o lib670: avoid double check result [71]
o lib: #ifdef on USE_HTTP2 better [65]
o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38]
o lib: remove exclamation marks [100]
o libssh2: compare sha256 strings case sensitively [114]
o libssh2: make the md5 comparison fail if wrong length [111]
o libssh: fix build with old libssh versions [12]
o libssh: fix double close [124]
o libssh: Improve fix for missing SSH_S_ stat macros [10]
o libssh: unstick SFTP transfers when done event-based [58]
o macos: set .plist version in autoconf [122]
o mbedtls: remove 'protocols' array from backend when ALPN is not used [66]
o mbedtls: remove server_fd from backend [91]
o mk-ca-bundle.pl: Use stricter logic to process the certificates [39]
o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8]
o mlc_config.json: add file to ignore known troublesome URLs [35]
o mqtt: better handling of TCP disconnect mid-message [55]
o ngtcp2: add client certificate authentication for OpenSSL [15]
o ngtcp2: avoid busy loop in low CWND situation [119]
o ngtcp2: deal with sub-millisecond timeout [116]
o ngtcp2: disconnect the QUIC connection proper [19]
o ngtcp2: enlarge H3_SEND_SIZE [82]
o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83]
o ngtcp2: fix memory leak [80]
o ngtcp2: fix QUIC_IDLE_TIMEOUT [94]
o ngtcp2: make curl 1ms faster [93]
o ngtcp2: remove remote_addr which is not used in a meaningful way [81]
o ngtcp2: update to work after recent ngtcp2 updates [62]
o ngtcp2: use token when detecting :status header field [92]
o nonblock: restore setsockopt method to curlx_nonblock [20]
o openssl: check SSL_get_peer_cert_chain return value [1]
o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23]
o openssl: fix CN check error code [21]
o options: remove mistaken space before paren in prototype
o perl: removed a double semicolon at end of line [64]
o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43]
o projects/README: converted to markdown [76]
o projects: Update VC version names for VS2017, VS2022 [52]
o rtsp: don't let CSeq error override earlier errors [37]
o runtests: add 'bearssl' as testable feature [87]
o runtests: make 'oldlibssh' be before 0.9.4 [2]
o schannel: remove dead code that will never run [89]
o scripts/copyright.pl: ignore the new mlc_config.json file
o scripts: move three scripts from lib/ to scripts/ [44]
o test1135: sync with recent API updates [54]
o test1459: disable for oldlibssh [53]
o test375: fix line endings on Windows [40]
o test386: Fix an incorrect test markup tag
o test718: edited slightly to return better HTTP [32]
o tests/server/util.h: align WIN32 condition with util.c [46]
o tests: refactor server/socksd.c to support --unix-socket [96]
o timediff.[ch]: add curlx helper functions for timeval conversions [86]
o tls: make mbedtls and NSS check for h2, not nghttp2 [70]
o tool and tests: force flush of all buffers at end of program [17]
o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30]
o tool_getparam: error out on missing -K file [115]
o tool_listhelp.c: uppercase URL
o tool_operate: fix a scan-build warning [16]
o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97]
o transfer: redirects to other protocols or ports clear auth [109]
o unit1620: call global_init before calling Curl_open [125]
o url: check sasl additional parameters for connection reuse. [113]
o vtls: provide a unified APLN-disagree string for all backends [75]
o vtls: use a backend standard message for "ALPN: offers %s" [73]
o vtls: use a generic "ALPN, server accepted" message [72]
o winbuild/README.md: fixup dead link [36]
o winbuild: Add a Visual Studio example to the README [49]
o wolfssl: fix compiler error without IPv6 [25]
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 56b9ee7e7e63fffba6bbe09c11bd57aa1df88d4b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Apr 27 19:17:56 2022 +0200
libseccomp: Update to version 2.5.4
- Update from version 2.5.3 to 2.5.4
- Update of rootfile
- Changelog
Version 2.5.4 - April 21, 2022
- Update the syscall table for Linux v5.17
- Fix minor issues with binary tree testing and with empty binary trees
- Minor documentation improvements including retiring the mailing list
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b314ad9e78d333109a7e8c43d4461d13ccbaea19
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 30 08:56:38 2022 +0000
Core Update 168: Ship libaio
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit efa6f1e2dc1f7d9c93444b70ca1d19cf78d96a11
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 22 22:10:12 2022 +0200
libaio: Update to version 0.3.113
- Update from version 0.3.112 to 0.3.113
- Update of rootfile
- Changelog
0.3.113
harness: add test for aio poll missed events
Verify structure padding is correct at build time
Fix struct io_iocb_sockaddr padding for 32bit architectures
Fix struct io_iocb_vector padding for 32bit architectures
Use generic syscall number schema for loongarch
Add endian detection and bit width detection for loongarch
Add loongarch to supported architectures in libaio.spec
cases/16.t: loongarch only supports eventfd2
Fix test issue with gcc-11
harness: Skip the test if io_pgetevents() is not implemented
harness: Print better error messages on error conditions in 22.t
harness: Fix PROT_WRITE mmap check
harness: fix read into PROT_WRITE mmap test
harness: skip 22.p if async_poll isn't supported
harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT
harness: Add fallback code for filesystems not supporting O_DIRECT
harness: add support for skipping tests
harness: Make the test exit with a code matching the pass/fail state
harness: Make RISC-V use SYS_eventfd2 instead of unavailable SYS_eventfd
harness: Use run-time _SC_PAGE_SIZE instead of build-time PAGESIZE
harness: Use destination strncpy() expression for sizeof() argument
Use ctx consistently for io_context_t instead of ctx_id
man: Escape verbatim \n in order to make it through roff
man: Fold short lines
man: Fix markup
man: Fix title header
man: Fix typos
man: Add "None" to empty sections
man: Remove spurious text
man: Remove spurious spaces
man: Fix period formatting
man: Fix casing
man: End sentences with a period
man: Refer to libaio.h instead of libio.h
man: Use the correct troff macro for comments
man: Add missing space in man page references
harness: allow running tests against the installed library
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 585ab8755129e0cccfb48c2e1fabdaaaf1f39c0f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 30 08:56:07 2022 +0000
Core Update 168: Ship libcap
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d9538fbcc4a5f2547a3cedab9b5d2aad307cd2b3
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 22 22:10:30 2022 +0200
libcap: Update to version 2.64
- Update from version 2.63 to 2.64
- Update of rootfile
- Change sed line to ensure removal of static libs - environment names for static libraries
changed.
- Changelog
2.64
Fix memory leak in libpsx at program exit. (Bug: 215551 reported by Kalen Hall)
Be more resilient to CGo configuration with Go compiler when building tests.
(Bug: 215603)
Fix cap_*prctl() return code/errno handling. (Bug: 215772 reported by Anderson
Toshiyuki Sasaki)
Minor clarification to cap_get_pid() man page concerning pid value within
namespaces. (Bug: 215812)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit fab835851530b6dafacc16f43c4488ba597376c4
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 30 08:55:35 2022 +0000
Core Update 168: Ship libcap-ng
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 535607ac934efbd27cb11c8c201dc528f53bac9e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 22 22:10:47 2022 +0200
libcap-ng: Update to version 0.8.3
- Update from 0.8.2 to 0.8.3
- Update of rootfile not required
- Changelog
0.8.3
- Fix parameters to capng_updatev python bindings to be signed
- Detect capability options at runtime to make containerization easier (ntkme)
- Initialize the library when linked statically
- Add gcc function attributes for deallocation
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3661b4cb467232082bed7ceebe0cff1882c38d5d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Apr 25 14:40:16 2022 +0200
nginx: Update to version 1.21.6
- Update from version 1.19.2 to 1.21.6
- Update of rootfile not required
- Changelog
Changes with nginx 1.21.6 25 Jan 2022
*) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
unevenly distributed among worker processes.
*) Bugfix: nginx returned the "Connection: keep-alive" header line in
responses during graceful shutdown of old worker processes.
*) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
Changes with nginx 1.21.5
*) Change: now nginx is built with the PCRE2 library by default.
*) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
*) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
*) Feature: the $ssl_curve variable.
*) Bugfix: connections might hang when using HTTP/2 without SSL with the
"sendfile" and "aio" directives.
Changes with nginx 1.21.4
*) Change: support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
*) Change: now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
*) Change: the default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
*) Feature: the "proxy_half_close" directive in the stream module.
*) Feature: the "ssl_alpn" directive in the stream module.
*) Feature: the $ssl_alpn_protocol variable.
*) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
*) Feature: the "mp4_start_key_frame" directive in the
ngx_http_mp4_module.
Thanks to Tracey Jaquith.
*) Bugfix: in the $content_length variable when using chunked transfer
encoding.
*) Bugfix: after receiving a response with incorrect length from a
proxied backend nginx might nevertheless cache the connection.
Thanks to Awdhesh Mathpal.
*) Bugfix: invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
directive.
Changes with nginx 1.21.3
*) Change: optimization of client request body reading when using
HTTP/2.
*) Bugfix: in request body filters internal API when using HTTP/2 and
buffering of the data being processed.
Changes with nginx 1.21.2
*) Change: now nginx rejects HTTP/1.0 requests with the
"Transfer-Encoding" header line.
*) Change: export ciphers are no longer supported.
*) Feature: OpenSSL 3.0 compatibility.
*) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
Thanks to Rob Mueller.
*) Feature: request body filters API now permits buffering of the data
being processed.
*) Bugfix: backend SSL connections in the stream module might hang after
an SSL handshake.
*) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
newer, did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
*) Bugfix: SSL connections with gRPC backends might hang if select,
poll, or /dev/poll methods were used.
*) Bugfix: when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the
request.
Changes with nginx 1.21.1
*) Change: now nginx always returns an error for the CONNECT method.
*) Change: now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
*) Change: now nginx always returns an error if spaces or control
characters are used in the request line.
*) Change: now nginx always returns an error if spaces or control
characters are used in a header name.
*) Change: now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
*) Change: optimization of configuration testing when using many
listening sockets.
*) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
*) Bugfix: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
*) Bugfix: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
*) Bugfix: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
Changes with nginx 1.21.0
*) Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
*) Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
*) Feature: the "max_errors" directive in the mail proxy module.
*) Feature: the mail proxy module supports POP3 and IMAP pipelining.
*) Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
Thanks to Anbang Wen.
*) Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
*) Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
Changes with nginx 1.19.10
*) Change: the default value of the "keepalive_requests" directive was
changed to 1000.
*) Feature: the "keepalive_time" directive.
*) Feature: the $connection_time variable.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
Changes with nginx 1.19.9
*) Bugfix: nginx could not be built with the mail proxy module, but
without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
*) Bugfix: "upstream sent response body larger than indicated content
length" errors might occur when working with gRPC backends; the bug
had appeared in 1.19.1.
*) Bugfix: nginx might not close a connection till keepalive timeout
expiration if the connection was closed by the client while
discarding the request body.
*) Bugfix: nginx might not detect that a connection was already closed
by the client when waiting for auth_delay or limit_req delay, or when
working with backends.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.8
*) Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
*) Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
*) Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
*) Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.7
*) Change: connections handling in HTTP/2 has been changed to better
match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
"http2_max_requests" directives have been removed, the
"keepalive_timeout" and "keepalive_requests" directives should be
used instead.
*) Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
*) Feature: now, if free worker connections are exhausted, nginx starts
closing not only keepalive connections, but also connections in
lingering close.
*) Bugfix: "zero size buf in output" alerts might appear in logs if an
upstream server returned an incorrect response during unbuffered
proxying; the bug had appeared in 1.19.1.
*) Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
*) Bugfix: in the "add_trailer" directive.
Changes with nginx 1.19.6
*) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
block was marked as "down".
*) Bugfix: a segmentation fault might occur in a worker process if HTTPS
was used; the bug had appeared in 1.19.5.
*) Bugfix: nginx returned the 400 response on requests like
"GET http://example.com?args HTTP/1.0".
*) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
Thanks to Chris Newton.
Changes with nginx 1.19.5
*) Feature: the -e switch.
*) Feature: the same source files can now be specified in different
modules while building addon modules.
*) Bugfix: SSL shutdown did not work when lingering close was used.
*) Bugfix: "upstream sent frame for closed stream" errors might occur
when working with gRPC backends.
*) Bugfix: in request body filters internal API.
Changes with nginx 1.19.4
*) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
"grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
*) Feature: the "ssl_reject_handshake" directive.
*) Feature: the "proxy_smtp_auth" directive in mail proxy.
Changes with nginx 1.19.3
*) Feature: the ngx_stream_set_module.
*) Feature: the "proxy_cookie_flags" directive.
*) Feature: the "userid_flags" directive.
*) Bugfix: the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
*) Bugfix: "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
*) Workaround: "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
*) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
*) Bugfix: socket leak when using HTTP/2 and subrequests in the njs
module.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 810dbe76aeda67dd339e3150a7dede4af07c1a08
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Apr 25 14:40:33 2022 +0200
oci-cli: Update to version 3.7.3
- Update from 3.4.2 to 3.7.3
- Update of rootfile
- Changelog is too large to include here ~600 lines long
More details can be found in the CHANGELOG.rst file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 85a250d6369357d8405a24dd6ccff22a04c5525d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Apr 25 14:40:48 2022 +0200
oci-python-sdk: Update to version 2.64.0
- Update from 2.54.0 to 2.64.0
- Update of rootfile
- Changelog
2.64.0 - 2022-04-19
Added
* Support for the Stack Monitoring service
* Support for stack monitoring on external databases in the Database service
* Support for upgrading VM database systems in place in the Database service
* Support for viewing supported VMWare software versions when listing host shapes in the VMWare Solution service
* Support for choosing compute shapes when creating SDDCs and ESXi hosts in the VMWare Solution service
* Support for work requests on delete operations in the Vulnerability Scanning service
* Support for additional scan metadata in reports, including CVE descriptions, in the Vulnerability Scanning service
* Support for redemption codes in the Usage service
Breaking
* Param `type` in model `DiscoveryDetails` assumes the value of `UNKNOWN_ENUM_VALUE` if it is assigned a value that is not of the allowed_values. It will not raise a `ValueError`.
2.63.0 - 2022-04-12
Added
* Support for bringing your own IPv6 addresses in the Networking service
* Support for specifying database edition and maximum CPU core count when creating or updating an autonomous database in the Database service
* Support for enabling and disabling data collection options when creating or updating Exadata Cloud at Customer VM clusters in the Database service
Breaking
* Support for retries by default on operations in the Identity service
* Support for retries by default on operations in the Operations Insights service
2.62.1 - 2022-04-05
Added
* Fixed the lifecycle state values for target databases in the Data Safe service
* Support for content length and content type response headers when downloading PDFs in the Account Management service
* Support for creating Enterprise Manager-based zLinux host targets, creating alarms, and viewing top process analytics in the Operations Insights service
* Support for diagnostic reboots on VM instances in the Compute service
2.62.0 - 2022-03-29
Added
* Support for returning the number of network ports as part of listing shapes in the Compute service
* Support for Java runtime removal and custom logs in the Java Management service
* Support for new parameters for BGP admin state and enabling/disabling BFD in the Networking service
* Support for private OKE clusters and blue-green deployments in the DevOps service
* Support for international customers to consume and launch third-party paid listings in the Marketplace service
* Support for additional fields on entities, attributes, and folders in the Data Catalog service
Breaking
* Support for retries by default on operations in the Marketplace service
2.61.0 - 2022-03-22
Added
* Support for getting the storage utilization of a deployment on deployment list and get operations in the GoldenGate service
* Support for virtual machines, bare metal machines, and Exadata databases with private endpoints in the Operations Insights service
* Support for setting deletion policies on database systems in the MySQL Database service
Breaking
* Support for retries by default on operations in the Data Labeling service (data plane and control plane)
2.60.1 - 2022-03-15
Added
* Support for Ubuntu platforms and unlimited installation keys in the Management Agent Cloud service
* Support for shielded instances in the VMWare Solution service
* Support for application resources in the Data Integration service
* Support for multi-AVM on Exadata Cloud at Customer infrastructure in the Database service
* Support for heterogeneous (VM and AVM) clusters on Exadata Cloud at Customer infrastructure in the Database service
* Support for custom maintenance schedules for AVM clusters on Exadata Cloud at Customer infrastructure in the Database service
* Support for listing vulnerabilities, vulnerability-impacted containers, and vulnerability-impacted hosts in the Vulnerability Scanning service
* Support for specifying an image count when creating or updating container scan recipes in the Vulnerability Scanning service
2.60.0 - 2022-03-08
Added
* Support for the Sales Accelerator license option in the Content Management service
* Support for VCN hostname cluster endpoints in the Container Engine for Kubernetes service
* Support for optionally specifying an admin username and password when creating a database system during a restore operation in the MySQL Database service
* Support for automatic tablespace creation on non-autonomous and autonomous database dedicated targets in the Database Migration service
* Support for reporting excluded objects based on static exclusion rules and dynamic exclusion settings in the Database Migration service
* Support for removing, listing, and adding database objects reported by the Cloud Premigration Advisor Tool (CPAT) in the Database Migration service
* Support for migrating Oracle databases from the AWS RDS service to OCI as autonomous databases, using the AWS S3 service and DBLINK for data transfer, in the Database Migration service
* Support for querying additional fields of a resource using return clauses in the Search service
* Support for clusters and station clusters in the Roving Edge Infrastructure service
* Support for creating database systems and database homes using customer-managed keys in the Database service
Breaking
* Support for retries enabled by default on operations in the Container Engine for Kubernetes service
* Support for retries enabled by default on operations in the Resource Manager service
* Support for retries enabled by default on operations in the Search service
2.59.0 - 2022-03-01
Added
* Support for DRG route distribution statements to be specified with a new match type 'MATCH_ALL' for matching criteria in the Networking service
* Support for VCN route types on DRG attachments for deciding whether to import VCN CIDRs or subnet CIDRs into route rules in the Networking service
* Support for CPS offline reports in the Database service
* Support for infrastructure patching v2 features in the Database service
* Support for auto-scaling the storage of an autonomous database, as well as shrinking an autonomous database, in the Database service
* Support for managed egress via a default networking option on jobs and notebooks in the Data Science service
* Support for more types of saved search enums in the Management Dashboard service
Breaking
* Support for retries enabled by default on some operations in the AI Vision service
2.58.0 - 2022-02-22
Added
* Support for the Data Connectivity Management service
* Support for the AI Speech service
* Support for disabling crash recovery in the MySQL Database service
* Support for detector recipes of type "threat", new detector rule of type "rogue user", and sightings operations in the Cloud Guard service
* Support for more VM shape configurations when listing shapes in the Compute service
* Support for customer-managed encryption keys in the Analytics Cloud service
* Support for FastConnect device information in the Networking service
Breaking
* Support for retries enabled by default on all operations in the Application Performance Monitoring control plane service
2.57.0 - 2022-02-15
Added
* Support for the AI Vision service
* Support for the Threat Intelligence service
* Support for creation of NoSQL database tables with on-demand throughput capacity in the NoSQL Database Cloud service
* Support for tagging features in the Oracle Container Engine for Kubernetes (OKE) service
* Support for trace snapshots in the Application Performance Monitoring service
* Support for auditing and alerts in the Data Safe service
* Support for data discovery and data masking in the Data Safe service
* Support for customized subscriptions and delivery of announcements by email and SMS in the Announcements service
Breaking
* The API `query_old` was removed from `query_client` in the Application Performance Monitoring service
2.56.0 - 2022-02-08
Added
* Support for managing tablespaces in the Database Management service
* Support for upgrading and managing payment for subscriptions in the Account Management service
* Support for listing fast launch job configurations in the Data Science service
Breaking changes
* Support for retries enabled by default on all operations in the Application Performance Monitoring service
* The type for the `bill_to_address` parameter was changed from `Address` to `BillToAddress` in the invoice model of the Account Management service
* `payment_method` was made a required property of the `payment_detail` model of the Account Management service
2.55.1 - 2022-02-01
Added
* Support for calling Oracle Cloud Infrastructure services in the ap-dcc-canberra-1 region
* Support for the Console Dashboard service
* Support for capacity reservation in the Container Engine for Kubernetes service
* Support for tagging in the Container Engine for Kubernetes service
* Support for fetching listings by image OCID in the Marketplace service
* Support for underscores and hyphens in project resource names in the DevOps service
* Support for cross-region cloning in the Database service
2.55.0 - 2022-01-25
Added
* Support for OneSubscription services
* Support for specifying if a run or application is streaming or batch in the Data Flow service
* Support for updating the Instance Configuration of an Instance Pool within a Cluster Network in the Compute Management service
* Updated documentation for Cross Region ADG feature for Autonomous Database in the Database service
Breaking
* Support for retries enabled by default on all operations in the Object Storage service
2.54.1 - 2022-01-18
Added
* Support for calling Oracle Cloud Infrastructure services in the me-dcc-muscat-1 region
* Support for the Visual Builder service
* Support for cross-region replication of volume groups in the Block Storage service
* Support for boot volume encryption in the Container Engine for Kubernetes service
* Support for adding metadata to records when creating and updating records in the Data Labeling service
* Support for global export formats in snapshot datasets in the Data Labeling service
* Support for adding labeling instructions to datasets in the Data Labeling service
* Support for updating autonomous dataguard associations for autonomous container databases in the Database service
* Support for setting up automatic failover when creating autonomous container databases in the Database service
* Support for setting the RECO storage size when updating a database system in the Database service
* Support for reconnecting refreshable clones to source for autonomous databases on shared infrastructure in the Database service
* Support for checking if an autonomous database on shared infrastructure can be reconnected to source, in the Database service
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a2a05a470649a6ade7d00d82436c2834ababe7ab
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Apr 25 14:39:59 2022 +0200
nfs: Update to version 2.6.1
- Update from version 2.5.3 to 2.6.1
- Update of rootfile not required
- Changelog is not available in the source tarball or on the website. Follwoing list of
changes obtained from git shortlog listing
Release: 2.6.1 nfs-utils-2-6-1
mount: removed unused lable
tools/rpcgen: fix build on macos arm64 (stat64 issue)
mount: Remove NFS v2 support from mount.nfs
nfs.man: Remove references to NFS v2 from the man pages
nfsd: Remove the ability to enable NFS v2.
mount: don't bind a socket needlessly.
Add --disable-sbin-override for when /sbin is a symlink
mountstats: division by zero error on new mount when...
mountd: only do NFSv4 logging on supported kernels.
Move version.h into a common include directory
install-dep: Use command -v instead of which
nfs.man: adding new mount option max_connect
cacheio.c:216:21: warning: unused variable 'stb' [...
gssd: fix crash in debug message.
systemd generators: Install depending on location for...
systemd/Makefile: Drop exlicit setting of unit_dir
nfs-utils: add install-dep for installing all dependencies
nfs-utils: Fix mem leak in mountd
nfs-utils: Fix mem leaks in krb5_util
nfs-utils: Fix mem leaks in gssd
nfs-utils: Fix potential memory leaks in idmap
nfsdcltrack: Use uint64_t instead of time_t
systemd: Fix non-default statedir paths.
nfsdcltrack/nfsdcltrack.c: Fix printf format
nfsdcltrack/sqlite: Fix printf format
mount.nfs: Fix the sloppy option processing
Release: 2.5.4
gssd: Cleaned up debug messages
mount.nfs: insert 'sloppy' at beginning of the options
nfs(5): Correct the spelling of "kernel_source"
nfs(5): Fix missing mentions of "rdma6" netid
gssd: add timeout for upcall threads
gssd: deal with failed thread creation
configure: check for rpc/rpc.h presence
README: update git repository URL
Move declaration of etab and rmtab into libraries
Remove 'force' arg from cache_flush()
Fix NFSv4 export of tmpfs filesystems
gssd: use mutex to protect decrement of refcount
nfs-utils: Enable the retrieval of raw config settings...
nfs-utils: Factor out common structure cleanup calls
Replace all /var/run with /run
Fix `statx()` emulation breaking exports
mountd/exports: Fix typo in the man page
NFS server should enable RDMA by default
mountd/exportd: only log confirmed clients, and poll...
exportfs: fix unexporting of '/'
nfsdclnts: Ignore SIGPIPE signal
mountd: add logging of NFSv4 clients attaching and...
mountd: make default ttl settable by option
mountd: add --cache-use-ipaddr option to force use_ipaddr
mountd: add logging for authentication results for...
mountd/exports: update man page
mountd: Don't proactively add export info when fh info...
mountd: reject unknown client IP when !use_ipaddr.
gssd: Add options to rpc.gssd to allow for the use...
exportd: server-side gid management
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9efdbe103b8d98b80125407443e906373c534269
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Apr 29 19:48:26 2022 +0000
Core Update 168: Ship changed rules.pl
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8b97a537f5f9e798a1ab307b2c32bd9a8b0f6913
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Apr 25 21:04:53 2022 +0200
rules.pl: Fix automatic ipset sets cleanup.
The array of used/loaded ipsets needs to be reloaded before
the cleanup can be started to also handle sets which are loaded during
runtime.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2f908d96489d6de9f1acc783c23f7fbe0057ed1d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Apr 29 19:47:31 2022 +0000
Core Update 168: Ship libinih
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f02dc11a38c1144fcef322cf34fc6417aae4355f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Apr 27 19:17:42 2022 +0200
libinih: Update to version r55
- Update from version r53 to r55
- Update of rootfile not required
- Changelog
inih version 55
Added "version" to meson.build config: #135 (but bumped up to 55 in a subsequent
commit, for this release).
inih version 54
Mainly #134, adding the visibility symbols to the Meson build config, but also other
small tweaks to tests and so on.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3421b1abd824d680c68948a83123469737b1bbfa
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Apr 27 19:18:11 2022 +0200
meson: Update to version 0.62.1
- Update from version 0.60.1 to 0.62.1
- Update of rootfile
- Changelog is too long to include here. More details can be read at the following link
https://mesonbuild.com/Release-notes-for-0-62-0.html
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7481abecc3ae49406b8312af1dff521755f72428
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 14:59:09 2022 +0000
mcelog: Update to 181
No changelog or release notes are provided. Please refer to
https://git.kernel.org/pub/scm/utils/cpu/mce/mcelog.git/log/ for the
source code history since the 175 release of mcelog.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8f855e933d52e7d8eca1cbfe947ab56ee9202232
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 14:47:00 2022 +0000
Postfix: Update to 3.7.1
Please refer to https://www.postfix.org/announcements/postfix-3.7.1.html
for this versions' release notes.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9d5c3d36e08f4b459e17534c40cbbf3dd07d1d57
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Apr 25 14:41:54 2022 +0200
openvmtools: Update to version stable-12.0.0
- Update from version stable-11.3.0 to stable-12.0.0
- Update of rootfile
- Changelog is a bit too long to include here. More details can be found at
https://github.com/vmware/open-vm-tools/blob/stable-12.0.0/ReleaseNotes.md
https://github.com/vmware/open-vm-tools/blob/stable-11.3.5/ReleaseNotes.md
- In version 11.3.5 mount.vmhgfs was removed from openvmtools
It has been replaced by hgfs-fuse
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b7d80a2767f42a6bb8df65084f27a34803ee77de
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 28 23:25:41 2022 +0200
nasm: Update to version 2.15.05
- Update from version 2.14.02 (Dec 2018) to 2.15.05 (Aug 2020)
- Most recent commit in git was Dec 2021
- Update of rootfile not required
- Changelog in source tarball and in git repository was last updated in 2007.
Only option to see changes is to review the commits in
https://github.com/netwide-assembler/nasm/commits/master
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8de58edc738a0405eda7f691bab1c4fdaf02f83f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Apr 29 19:32:56 2022 +0000
Core Update 168: Ship relevant linux-firmware changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 5a48b4a23b66c25c63f1bc503f54c6babac8794a
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 19:28:30 2022 +0000
linux-firmware: Update to 20220411
See https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/
for changes since the last linux-firmware version tag.
Also, please note that this patch does not feature any directives for
shipping files via a Core Update - these need to be done separately.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7138d1747ced95690e0acd76f7370d34ae3a399b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Apr 29 19:01:46 2022 +0000
Core Update 168: Ship openjpeg
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ca98d29a86a6eb9734d60eb7fb334395be0a29bd
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Apr 25 14:41:29 2022 +0200
openjpeg: Update to version 2.4.0
- Update from version 2.3.1 to 2.4.0
- Update of rootfile
- Changelog
2.4.0
**Closed issues:**
- OPENJPEG\_INSTALL\_DOC\_DIR does not control a destination directory where HTML docs would be installed. [\#1309](https://github.com/uclouvain/openjpeg/issues/1309)
- Heap-buffer-overflow in lib/openjp2/pi.c:312 [\#1302](https://github.com/uclouvain/openjpeg/issues/1302)
- Heap-buffer-overflow in lib/openjp2/t2.c:973 [\#1299](https://github.com/uclouvain/openjpeg/issues/1299)
- Heap-buffer-overflow in lib/openjp2/pi.c:623 [\#1293](https://github.com/uclouvain/openjpeg/issues/1293)
- Global-buffer-overflow in lib/openjp2/dwt.c:1980 [\#1286](https://github.com/uclouvain/openjpeg/issues/1286)
- Heap-buffer-overflow in lib/openjp2/tcd.c:2417 [\#1284](https://github.com/uclouvain/openjpeg/issues/1284)
- Heap-buffer-overflow in lib/openjp2/mqc.c:499 [\#1283](https://github.com/uclouvain/openjpeg/issues/1283)
- Openjpeg could not encode 32bit RGB float image [\#1281](https://github.com/uclouvain/openjpeg/issues/1281)
- Openjpeg could not encode 32bit RGB float image [\#1280](https://github.com/uclouvain/openjpeg/issues/1280)
- ISO/IEC 15444-1:2019 \(E\) compared with 'cio.h' [\#1277](https://github.com/uclouvain/openjpeg/issues/1277)
- Test-suite failure due to hash mismatch [\#1264](https://github.com/uclouvain/openjpeg/issues/1264)
- Heap use-after-free [\#1261](https://github.com/uclouvain/openjpeg/issues/1261)
- Memory leak when failing to allocate object... [\#1259](https://github.com/uclouvain/openjpeg/issues/1259)
- Memory leak of Tier 1 handle when OpenJPEG fails to set it as TLS... [\#1257](https://github.com/uclouvain/openjpeg/issues/1257)
- Any plan to build release for CVE-2020-8112/CVE-2020-6851 [\#1247](https://github.com/uclouvain/openjpeg/issues/1247)
- failing to convert 16-bit file: opj\_t2\_encode\_packet\(\): only 5251 bytes remaining in output buffer. 5621 needed. [\#1243](https://github.com/uclouvain/openjpeg/issues/1243)
- CMake+VS2017 Compile OK, thirdparty Compile OK, but thirdparty not install [\#1239](https://github.com/uclouvain/openjpeg/issues/1239)
- New release to solve CVE-2019-6988 ? [\#1238](https://github.com/uclouvain/openjpeg/issues/1238)
- Many tests fail to pass after the update of libtiff to version 4.1.0 [\#1233](https://github.com/uclouvain/openjpeg/issues/1233)
- Another heap buffer overflow in libopenjp2 [\#1231](https://github.com/uclouvain/openjpeg/issues/1231)
- Heap buffer overflow in libopenjp2 [\#1228](https://github.com/uclouvain/openjpeg/issues/1228)
- Endianness of binary volume \(JP3D\) [\#1224](https://github.com/uclouvain/openjpeg/issues/1224)
- New release to resolve CVE-2019-12973 [\#1222](https://github.com/uclouvain/openjpeg/issues/1222)
- how to set the block size,like 128,256 ? [\#1216](https://github.com/uclouvain/openjpeg/issues/1216)
- compress YUV files to motion jpeg2000 standard [\#1213](https://github.com/uclouvain/openjpeg/issues/1213)
- Repair/update Java wrapper, and include in release [\#1208](https://github.com/uclouvain/openjpeg/issues/1208)
- abc [\#1206](https://github.com/uclouvain/openjpeg/issues/1206)
- Slow decoding [\#1202](https://github.com/uclouvain/openjpeg/issues/1202)
- Installation question [\#1201](https://github.com/uclouvain/openjpeg/issues/1201)
- Typo in test\_decode\_area - \*ptilew is assigned instead of \*ptileh [\#1195](https://github.com/uclouvain/openjpeg/issues/1195)
- Creating a J2K file with one POC is broken [\#1191](https://github.com/uclouvain/openjpeg/issues/1191)
- Make fails on Arch Linux [\#1174](https://github.com/uclouvain/openjpeg/issues/1174)
- Heap buffer overflow in opj\_t1\_clbl\_decode\_processor\(\) triggered with Ghostscript [\#1158](https://github.com/uclouvain/openjpeg/issues/1158)
- opj\_stream\_get\_number\_byte\_left: Assertion `p\_stream-\>m\_byte\_offset \>= 0' failed. [\#1151](https://github.com/uclouvain/openjpeg/issues/1151)
- The fuzzer ignores too many inputs [\#1079](https://github.com/uclouvain/openjpeg/issues/1079)
- out of bounds read [\#1068](https://github.com/uclouvain/openjpeg/issues/1068)
**Merged pull requests:**
- Change defined WIN32 [\#1310](https://github.com/uclouvain/openjpeg/pull/1310) ([Jamaika1](https://github.com/Jamaika1))
- docs: fix simple typo, producted -\> produced [\#1308](https://github.com/uclouvain/openjpeg/pull/1308) ([timgates42](https://github.com/timgates42))
- Set ${OPENJPEG\_INSTALL\_DOC\_DIR} to DESTINATION of HTMLs [\#1307](https://github.com/uclouvain/openjpeg/pull/1307) ([lemniscati](https://github.com/lemniscati))
- Use INC\_DIR for OPENJPEG\_INCLUDE\_DIRS \(fixes uclouvain\#1174\) [\#1306](https://github.com/uclouvain/openjpeg/pull/1306) ([matthew-sharp](https://github.com/matthew-sharp))
- pi.c: avoid out of bounds access with POC \(fixes \#1302\) [\#1304](https://github.com/uclouvain/openjpeg/pull/1304) ([rouault](https://github.com/rouault))
- Encoder: grow again buffer size [\#1303](https://github.com/uclouvain/openjpeg/pull/1303) ([zodf0055980](https://github.com/zodf0055980))
- opj\_j2k\_write\_sod\(\): avoid potential heap buffer overflow \(fixes \#1299\) \(probably master only\) [\#1301](https://github.com/uclouvain/openjpeg/pull/1301) ([rouault](https://github.com/rouault))
- pi.c: avoid out of bounds access with POC \(refs https://github.com/uclouvain/openjpeg/issues/1293\#issuecomment-737122836\) [\#1300](https://github.com/uclouvain/openjpeg/pull/1300) ([rouault](https://github.com/rouault))
- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1297, but likely not the proper fix [\#1298](https://github.com/uclouvain/openjpeg/pull/1298) ([rouault](https://github.com/rouault))
- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1294, but likely not the proper fix [\#1296](https://github.com/uclouvain/openjpeg/pull/1296) ([rouault](https://github.com/rouault))
- opj\_j2k\_setup\_encoder\(\): validate POC compno0 and compno1 \(fixes \#1293\) [\#1295](https://github.com/uclouvain/openjpeg/pull/1295) ([rouault](https://github.com/rouault))
- Encoder: avoid global buffer overflow on irreversible conversion when… [\#1292](https://github.com/uclouvain/openjpeg/pull/1292) ([rouault](https://github.com/rouault))
- Decoding: deal with some SPOT6 images that have tiles with a single tile-part with TPsot == 0 and TNsot == 0, and with missing EOC [\#1291](https://github.com/uclouvain/openjpeg/pull/1291) ([rouault](https://github.com/rouault))
- Free p\_tcd\_marker\_info to avoid memory leak [\#1288](https://github.com/uclouvain/openjpeg/pull/1288) ([zodf0055980](https://github.com/zodf0055980))
- Encoder: grow again buffer size [\#1287](https://github.com/uclouvain/openjpeg/pull/1287) ([zodf0055980](https://github.com/zodf0055980))
- Encoder: avoid uint32 overflow when allocating memory for codestream buffer \(fixes \#1243\) [\#1276](https://github.com/uclouvain/openjpeg/pull/1276) ([rouault](https://github.com/rouault))
- Java compatibility from 1.5 to 1.6 [\#1263](https://github.com/uclouvain/openjpeg/pull/1263) ([jiapei100](https://github.com/jiapei100))
- opj\_decompress: fix double-free on input directory with mix of valid and invalid images [\#1262](https://github.com/uclouvain/openjpeg/pull/1262) ([rouault](https://github.com/rouault))
- openjp2: Plug image leak when failing to allocate codestream index. [\#1260](https://github.com/uclouvain/openjpeg/pull/1260) ([sebras](https://github.com/sebras))
- openjp2: Plug memory leak when setting data as TLS fails. [\#1258](https://github.com/uclouvain/openjpeg/pull/1258) ([sebras](https://github.com/sebras))
- openjp2: Error out if failing to create Tier 1 handle. [\#1256](https://github.com/uclouvain/openjpeg/pull/1256) ([sebras](https://github.com/sebras))
- Testing for invalid values of width, height, numcomps [\#1254](https://github.com/uclouvain/openjpeg/pull/1254) ([szukw000](https://github.com/szukw000))
- Single-threaded performance improvements in forward DWT for 5-3 and 9-7 \(and other improvements\) [\#1253](https://github.com/uclouvain/openjpeg/pull/1253) ([rouault](https://github.com/rouault))
- Add support for multithreading in encoder [\#1248](https://github.com/uclouvain/openjpeg/pull/1248) ([rouault](https://github.com/rouault))
- Add support for generation of PLT markers in encoder [\#1246](https://github.com/uclouvain/openjpeg/pull/1246) ([rouault](https://github.com/rouault))
- Fix warnings about signed/unsigned casts in pi.c [\#1244](https://github.com/uclouvain/openjpeg/pull/1244) ([rouault](https://github.com/rouault))
- opj\_decompress: add sanity checks to avoid segfault in case of decoding error [\#1240](https://github.com/uclouvain/openjpeg/pull/1240) ([rouault](https://github.com/rouault))
- ignore wrong icc [\#1236](https://github.com/uclouvain/openjpeg/pull/1236) ([szukw000](https://github.com/szukw000))
- Implement writing of IMF profiles [\#1235](https://github.com/uclouvain/openjpeg/pull/1235) ([rouault](https://github.com/rouault))
- tests: add alternate checksums for libtiff 4.1 [\#1234](https://github.com/uclouvain/openjpeg/pull/1234) ([rouault](https://github.com/rouault))
- opj\_tcd\_init\_tile\(\): avoid integer overflow [\#1232](https://github.com/uclouvain/openjpeg/pull/1232) ([rouault](https://github.com/rouault))
- tests/fuzzers: link fuzz binaries using $LIB\_FUZZING\_ENGINE. [\#1230](https://github.com/uclouvain/openjpeg/pull/1230) ([Dor1s](https://github.com/Dor1s))
- opj\_j2k\_update\_image\_dimensions\(\): reject images whose coordinates are beyond INT\_MAX \(fixes \#1228\) [\#1229](https://github.com/uclouvain/openjpeg/pull/1229) ([rouault](https://github.com/rouault))
- Fix resource leaks [\#1226](https://github.com/uclouvain/openjpeg/pull/1226) ([dodys](https://github.com/dodys))
- abi-check.sh: fix false postive ABI error, and display output error log [\#1218](https://github.com/uclouvain/openjpeg/pull/1218) ([rouault](https://github.com/rouault))
- pi.c: avoid integer overflow, resulting in later invalid access to memory in opj\_t2\_decode\_packets\(\) [\#1217](https://github.com/uclouvain/openjpeg/pull/1217) ([rouault](https://github.com/rouault))
- Add check to validate SGcod/SPcoc/SPcod parameter values. [\#1211](https://github.com/uclouvain/openjpeg/pull/1211) ([sebras](https://github.com/sebras))
- Fix buffer overflow reading an image file less than four characters [\#1196](https://github.com/uclouvain/openjpeg/pull/1196) ([robert-ancell](https://github.com/robert-ancell))
- compression: emit POC marker when only one single POC is requested \(f… [\#1192](https://github.com/uclouvain/openjpeg/pull/1192) ([rouault](https://github.com/rouault))
- Fix several potential vulnerabilities [\#1185](https://github.com/uclouvain/openjpeg/pull/1185) ([Young-X](https://github.com/Young-X))
- openjp2/j2k: Report error if all wanted components are not decoded. [\#1164](https://github.com/uclouvain/openjpeg/pull/1164) ([sebras](https://github.com/sebras))
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0a1d567ce82a6e8f1d103d9481ebf67088b8591c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Apr 29 19:01:10 2022 +0000
Core Update 168: Ship openldap
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c4f3bb4b08f5ee743cf984770d5f205cd75a7ec3
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Apr 25 14:41:41 2022 +0200
openldap: Update to version 2.6.1
- Update from version 2.4.49 to 2.6.1
- Update of rootfile
- Update of consolidated patch to 2.6.1
- Removal of old patches
- Changelog
OpenLDAP 2.6.1 Release (2022/01/20)
Fixed libldap to init client socket port (ITS#9743)
Fixed libldap with referrals (ITS#9781)
Added slapd config keyword for logfile format (ITS#9745)
Fixed slapd to allow objectClass edits with no net change (ITS#9772)
Fixed slapd configtable population (ITS#9576)
Fixed slapd to only set loglevel in server mode (ITS#9715)
Fixed slapd logfile-rotate use of uninitialized variable (ITS#9730)
Fixed slapd passwd scheme handling with slapd.conf (ITS#9750)
Fixed slapd postread support for modrdn (ITS#7080)
Fixed slapd syncrepl recreation of deleted entries (ITS#9282)
Fixed slapd syncrepl replication with ODSEE (ITS#9707)
Fixed slapd syncrepl to properly replicate glue entries (ITS#9647)
Fixed slapd syncrepl to reject REFRESH for precise resync (ITS#9742)
Fixed slapd syncrepl to avoid busy loop during refresh (ITS#9584)
Fixed slapd syncrepl when X-ORDERED is specified (ITS#9761)
Fixed slapd syncrepl to better handle out of order delete ops (ITS#9751)
Fixed slapd syncrepl to correctly close connections when config is deleted (ITS#9776)
Fixed slapd-mdb to update indices correctly on replace ops (ITS#9753)
Fixed slapd-wt to set correct flags (ITS#9760)
Fixed slapo-accesslog to fix assertion due to deprecated code (ITS#9738)
Fixed slapo-accesslog to fix inconsistently normalized minCSN (ITS#9752)
Fixed slapo-accesslog delete handling of multi-valued config attrs (ITS#9493)
Fixed slapo-autogroup to maintain values in insertion order (ITS#9766)
Fixed slapo-constraint to maintain values in insertion order (ITS#9770)
Fixed slapo-dyngroup to maintain values in insertion order (ITS#9762)
Fixed slapo-dynlist compare operation for static groups (ITS#9747)
Fixed slapo-dynlist static group filter with multiple members (ITS#9779)
Fixed slapo-ppolicy when not built modularly (ITS#9733)
Fixed slapo-refint to maintain values in insertion order (ITS#9763)
Fixed slapo-retcode to honor requested insert position (ITS#9759)
Fixed slapo-sock cn=config support (ITS#9758)
Fixed slapo-syncprov memory leak (ITS#8039)
Fixed slapo-syncprov to generate a more accurate accesslog query (ITS#9756)
Fixed slapo-syncprov to allow empty DB to host persistent syncrepl connections (ITS#9691)
Fixed slapo-syncprov to consider all deletes for sycnInfo messages (ITS#5972)
Fixed slapo-translucent to warn on invalid config (ITS#9768)
Fixed slapo-unique to warn on invalid config (ITS#9767)
Fixed slapo-valsort to maintain values in insertion order (ITS#9764)
Build Environment
Fix test022 to preserve DELAY search output (ITS#9718)
Fix slapd-watcher to allow startup when servers are down (ITS#9727)
Contrib
Fixed slapo-lastbind to work with 2.6 lastbind-precision configuration (ITS#9725)
Documentation
Fixed slapd.conf(5)/slapd-config(5) documentation on lastbind-precision (ITS#9728)
Fixed slapo-accesslog(5) to clarify logoldattr usage (ITS#9749)
OpenLDAP 2.6.0 Release (2021/10/25)
Initial release for "general use".
OpenLDAP 2.5.7 Release (2021/08/18)
Fixed lloadd client state tracking (ITS#9624)
Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611)
Fixed slapd-ldif duplicate controls response (ITS#9497)
Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621)
Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958)
Fixed slapd-mdb idlexp maximum size handling (ITS#9637)
Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628)
Fixed slapd-sql to add support for ppolicy attributes (ITS#9629)
Fixed slapd-sql to close transactions after bind and search (ITS#9630)
Fixed slapo-accesslog to make reqMod optional (ITS#9569)
Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625)
Documentation
slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637)
slapo-accesslog(5) note that reqMod is optional (ITS#9569)
Add ldapvc(1) man page (ITS#9549)
Add guide section on load balancer (ITS#9443)
Updated guide to document multiprovider as replacement for mirrormode (ITS#9200)
Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200)
Updated guide to document removal of deprecated options from client tools (ITS#9200)
OpenLDAP 2.5.6 Release (2021/07/27)
Fixed libldap buffer overflow (ITS#9578)
Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590)
Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747)
Fixed slapd multiple config defaults (ITS#9363)
Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603)
Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608)
Build
Fixed library symbol versioning on Solaris (ITS#9591)
Fixed compile warning in libldap/tpool.c (ITS#9601)
Fixed compile warning in libldap/tls_o.c (ITS#9602)
Contrib
Fixed ppm module for sysconfdir (ITS#7832)
Documentation
Updated guide to document multival, idlexp, and maxentrysize (ITS#9613, ITS#9614)
OpenLDAP 2.5.5 Release (2021/06/03)
Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502)
Added lloadd tcp-user-timeout support (ITS#9502)
Added slapd-asyncmeta tcp-user-timeout support (ITS#9502)
Added slapd-ldap tcp-user-timeout support (ITS#9502)
Added slapd-meta tcp-user-timeout support (ITS#9502)
Fixed incorrect control OIDs for AuthZ Identity (ITS#9542)
Fixed libldap typo in util-int.c (ITS#9541)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, ITS#9546)
Fixed lloadd multiple issues (ITS#8747)
Fixed slapd slap_op_time to avoid duplicates across restarts (ITS#9537)
Fixed slapd typo in daemon.c (ITS#9541)
Fixed slapd slapi compilation (ITS#9544)
Fixed slapd to handle empty DN in extended filters (ITS#9551)
Fixed slapd syncrepl searches with empty base (ITS#6467)
Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534)
Fixed slapd abort due to typo (ITS#9561)
Fixed slapd-asyncmeta quarantine handling (ITS#8721)
Fixed slapd-asyncmeta to have a default operations timeout (ITS#9555)
Fixed slapd-ldap quarantine handling (ITS#8721)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
Fixed slapd-meta quarantine handling (ITS#8721)
Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552)
Fixed slapo-pcache locking during expiration (ITS#9529)
Build
Fixed slappw-argon2 module installation (ITS#9548)
Contrib
Update ldapc++/ldaptcl to use configure.ac (ITS#9554)
Documentation
ldap_first_attribute(3) - Document ldap_get_attribute_ber (ITS#8820)
ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
OpenLDAP 2.5.4 Release (2021/04/29)
Initial release for "general use".
OpenLDAP 2.4.57 Release (2021/01/18)
Fixed ldapexop to use correct return code (ITS#9417)
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
Fixed slapd modrdn memory leak (ITS#9420)
Fixed slapd double-free in vrfilter (ITS#9408)
Fixed slapd cancel operation to correctly terminate (ITS#9428)
Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
OpenLDAP 2.4.56 Release (2020/11/10)
Fixed slapd to remove assert in certificateListValidate (ITS#9383)
Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
Fixed slapd to better parse ldapi listener URIs (ITS#9379)
OpenLDAP 2.4.55 Release (2020/10/26)
Fixed slapd normalization handling with modrdn (ITS#9370)
Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
Contrib
Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
OpenLDAP 2.4.54 Release (2020/10/12)
Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
Fixed slapd syncrepl to be fully serialized (ITS#8102)
Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
Fixed slapo-syncprov sessionlog to use a TAVL tree (ITS#8486)
OpenLDAP 2.4.53 Release (2020/09/07)
Added slapd syncrepl additional SYNC logging (ITS#9043)
Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
Build
Require OpenSSL 1.0.2 or later (ITS#9323)
Fixed libldap compilation issue with broken C compilers (ITS#9332)
OpenLDAP 2.4.52 Release (2020/08/28)
Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
Fixed librewrite malloc/free corruption (ITS#9249)
Fixed libldap hang when using UDP and server down (ITS#9328)
Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
Fixed slapd-mdb index error with collapsed range (ITS#9135)
OpenLDAP 2.4.51 Release (2020/08/11)
Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
Fixed slapd to enforce singular existence of some overlays (ITS#9309)
Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
Fixed slapo-chain to check referral (ITS#9262)
Build Environment
Fix test064 so it no longer uses bashisms (ITS#9263)
Contrib
Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
slapo-allowed - Fix usage of unitialized variable (ITS#9308)
Documentation
ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
OpenLDAP 2.4.50 Release (2020/04/28)
Fixed client benign typos (ITS#8890)
Fixed libldap type cast (ITS#9175)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap_r race on Windows mutex initialization (ITS#9181)
Fixed liblunicode memory leak (ITS#9198)
Fixed slapd benign typos (ITS#8890)
Fixed slapd to limit depth of nested filters (ITS#9202)
Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
Fixed slapo-pcache database initialization (ITS#9182)
Fixed slapo-ppolicy callback (ITS#9171)
Build
Fix olcDatabaseDummy initialization for windows (ITS#7074)
Fix detection for ws2tcpip.h for windows (ITS#8383)
Fix back-mdb types for windows (ITS#7878)
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
slapd-meta(5) - Remove client-pr option (ITS#8683)
slapindex(8) - Fix truncate option information for back-mdb (ITS#9230)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 174778b20266c2c24f15784e090e7e8d10118642
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Apr 29 18:59:21 2022 +0000
Core Update 168: Ship sqlite
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8596273dca625444ef1b28a7a7e61a1354c23c47
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 28 13:14:25 2022 +0200
sqlite: Update to version 3380300
- Update from version 3380000 to 3380300
- Update of rootfile not required
- Changelog
3.38.3 (2022-04-27):
Fix a case of the query planner be overly aggressive with optimizing
automatic-index and Bloom-filter construction, using inappropriate ON clause
terms to restrict the size of the automatic-index or Bloom filter, and
resulting in missing rows in the output. Forum thread 0d3200f4f3bcd3a3.
Other minor patches. See the timeline for details.
3.38.2 (2022-03-26):
Fix a user-discovered problem with the new Bloom filter optimization that
might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause
constraint that says that one of the columns on the right table of the LEFT
JOIN is NULL. See forum thread 031e262a89b6a9d2.
Other minor patches. See the timeline for details.
3.38.1 (2022-03-12):
Fix problems with the new Bloom filter optimization that might cause some
obscure queries to get an incorrect answer.
Fix the localtime modifier of the date and time functions so that it
preserves fractional seconds.
Fix the sqlite_offset SQL function so that it works correctly even in corner
cases such as when the argument is a virtual column or the column of a view.
Fix row value IN operator constraints on virtual tables so that they work
correctly even if the virtual table implementation relies on bytecode to
filter rows that do not satisfy the constraint.
Other minor fixes to assert() statements, test cases, and documentation. See
the source code timeline for details.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 94e680c36d2f16577e16dc7748721c990efde492
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Apr 29 18:58:43 2022 +0000
Core Update 168: Ship mpfr
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ca0458ce1577f5793acaec9e25167b329fec43a3
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 28 23:24:34 2022 +0200
mpfr: Update to version 4.1.0 plus patches 1 to 13
- Update from version 4.1.0 to 4.1.0 plus patches 1 to 13
- Version 4.1.0 was released on 10-07-2020. However patches have been progressively
issued to fix various bugs that have been identified.
- Currently 13 patches have been issued and mpfr provide a cumulative patches file to
use to patch the source file.
- Update of rootfile
- Patch changelog
1 With GCC (the only tested compiler with software _Decimal128), conversions of
double to _Decimal128 yield an increase of 2 to 3 MB for the generated library
code when the decimal encoding is BID (designed for software implementations),
even though the conversions done in MPFR are very simple. Details about this GCC
issue. The decimal128-conv patch avoids these conversions by directly using
_Decimal128 constants. Note that fixing the issue entirely would require to get
rid of all the decimal128 operations; in the mean time, decimal support (i.e.
mpfr_get_decimal128 and mpfr_set_decimal128 functions) could be disabled at
configure time.
Corresponding changeset in the 4.1 branch: 14094.
2 The random_deviate.c file contains non-portable code. This is fixed by the
random_deviate patch.
Corresponding changeset in the 4.1 branch: 14126.
3 In the mpfr_set_z_2exp function, a huge mpz_t value can yield an integer overflow.
This is fixed by the set_z_2exp-overflow patch (with testcases). Note that in
practice, an integer overflow may occur only with a 32-bit ABI. Moreover, with a
usual compilation, an integer overflow should here not yield any particular issue,
assuming that the processor does signed addition and multiplication modulo 2^32 (as
usual). However, UBsan would detect the overflow, and LTO might have unpredictable
effects.
Corresponding changesets in the 4.1 branch: 14147, 14151.
4 Some function prototypes are slightly inconsistent. This is valid C code, but
these inconsistencies are unintended and possibly confusing, and they trigger
diagnostics with the -Warray-parameter option of the future GCC 11 (included in
-Wall). This causes issues when testing MPFR. And since mpfr.h is concerned, this
might also affect user code. This is fixed by the prototypes patch.
Corresponding changeset in the 4.1 branch: 14411.
5 In uncommon cases, the mpfr_digamma function needs to use an intermediate
precision equal to the exponent of the input value, which may be huge. This is
inefficient, and the code can request more memory than available, yielding a crash.
The digamma-hugemem patch improves the implementation by making such a need much
rarer; it also provides testcases showing a crash on 64-bit machines (at least).
Corresponding changeset in the 4.1 branch: 14424.
6 The mpfr_digamma function may have an erratic behavior in some cases (an assertion
failure in debug mode). This is fixed by the digamma-interm-zero patch (with
testcase).
Corresponding changeset in the 4.1 branch: 14425.
7 The Bessel functions (mpfr_j0, mpfr_j1, mpfr_jn, mpfr_y0, mpfr_y1, mpfr_yn) may
have an erratic behavior in some cases (an assertion failure in debug mode). This
is fixed by the jn-interm-zero patch (with testcase).
Corresponding changeset in the 4.1 branch: 14426.
8 The mpfr_digamma function may have an erratic behavior in some cases (an assertion
failure in debug mode) when the reflection formula is used, i.e. when x < 1/2.
This is fixed by the digamma-interm-zero2 patch (with testcase).
Corresponding changeset in the 4.1 branch: 14435.
9 The Bessel functions (mpfr_j0, mpfr_j1, mpfr_jn, mpfr_y0, mpfr_y1, mpfr_yn) may
have an erratic behavior in some cases (an assertion failure in debug mode) when
the asymptotic expansion is needed. This is fixed by the jyn_asympt-interm-zero
patch (with testcase).
Corresponding changeset in the 4.1 branch: 14436.
10 Some functions are also implemented as macros, and such a macro should behave
exactly like the corresponding function (if the code is valid for the function
call). However, the following macros do not behave as if their argument were
implicitly converted to the type from the function prototype: mpfr_nan_p,
mpfr_inf_p, mpfr_zero_p, mpfr_regular_p, mpfr_get_prec, mpfr_get_exp,
mpfr_copysign (third argument), mpfr_signbit and mpfr_set (second argument). For
instance, providing an argument of type void * instead of mpfr_ptr or mpfr_srcptr
will yield a compilation failure. Note that this issue does not exist in C++,
which does not support such implicit conversions. Moreover, the mpfr_set macro
evaluates its second argument twice (reported by David McCooey), which is
incorrect if this evaluation has side effects. This is fixed by the macros patch
(with testcases). Macros for the custom interface, which are explicitly documented
as provided, do not follow these rules; the patch clarifies this point in the MPFR
manual.
Corresponding changesets in the 4.1 branch: 14468, 14469.
11 The test programs tset_si and tset_sj fail if MPFR_USE_NO_MACRO is defined (e.g.,
via -DMPFR_USE_NO_MACRO in CFLAGS). This is fixed by the tset_sij patch.
Corresponding changeset in the 4.1 branch: 14470.
12 The mpfr_get_str_ndigits function may raise the inexact flag. In a very reduced
exponent range (e.g. in which the result would not be representable as a MPFR
number), it has undefined behavior: it may return an incorrect value, crash, or
loop, taking more and more memory. This is fixed by the get_str_ndigits patch,
which also updates the tests to check these issues.
Corresponding changeset in the 4.1 branch: 14490.
13 The code for the formatted output functions (mpfr_printf, etc.) contains an
incorrect assertion, checked only in debug mode, i.e. when MPFR has been
configured with --enable-assert; this assertion failure occurs when the integer 0
(of either a native type or mpfr_prec_t with the length specifier P) is output
with the precision field equal to 0, i.e. when the corresponding string to output
is empty. Otherwise, there should be no side effects since the code is actually
valid in this case; but since the code incorrectly instructs the compiler that
some variable cannot be 0, there might be an issue with some optimizations (very
unlikely, though). This bug is fixed by the vasprintf-prec-zero patch, which also
provides testcases.
Corresponding changesets in the 4.1 branch: 14524, 14525.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 4b113aa68ebc522686c4c70155d6c69507d4d7d1
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 28 23:25:00 2022 +0200
mtr: Update to version 0.95
- Update from version 0.94 to 0.95
- Update of rootfile not required
- Changelog
V0.95
Aaron Lipinski (27):
move net_send_batch call to its caller
addr -> hostent for consistency
re-init source too
additional call from net_reopen
refactor - group local, remote inits
reset ctl address family at net_reopen
accept only value used in structure
tell dns process if we want 4 or 6
resolve ipv6 only if we have ipv6
remove wrapper only function
init structures correctly wired up
prepare host with h_addr_list
remove temporaries
extract convert_addrinfo_to_hostent function
move conversion call to caller
use addrinfo
remove conversion function
switch gui to addrinfo
export DEFAULT_AF
reset addr family before searching again
freeaddrinfo
export get_hostent_from_name
make Hostname as const
rename function
dont show json option if not available
Egor Panov (1):
Updated Readme
R.E. Wolff (2):
Slight cleanup, but no fix for code that came up in a bugreport.
increased max length suggested by YVS2014
Roger Wolff (12):
Rogier Wolff (2):
Code formatting for Zenithal pull
added clarification to readme suggested by Zenithal
Sergei Trofimovich (1):
ui/curses: always use "%s"-style format for printf()-style functions
Vincent Bernat (3):
ui: don't cast to void* when calling display_rawhost()
net: fix MPLS display for curses and report
report: fix display of MPLS labels when using --report
Zenithal (1):
Add display of destination with resolved addr under curses mode
a1346054 (5):
fix wrong bash completion flag
fix shellcheck warnings
unify codestyle
fix spelling
trim trailing whitespace
gaamox(a)tutanota.com (1):
Report secondary servers when CSV + wide report is enabled
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9ee219315c2eb419126afd621e6664c6aefc36cb
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 28 23:25:13 2022 +0200
multipath-tools: Update to version 0.8.9
- Update from commit 386d288, bumped to version 0.7.7 (May 2018) to
version 0.8.9 (Feb 2022)
- Update of rootfile
- Changelog
No changelog file in the source tarball or on website. Changelog is the commit tree
see https://github.com/opensvc/multipath-tools/commits/master for more details
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b4294a6a0959127003f4c2cb99887f3e64dc8c09
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Apr 29 18:56:38 2022 +0000
Core Update 168: Ship nano
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 4b502cf0c2d4388d5b29c5656a35e75e34b4fafe
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 28 23:25:28 2022 +0200
nano: Update to version 6.3
- Update from version 6.2 to 6.3
- Update of rootfile not required
- Changelog
Changes between v6.2 and v6.3:
Benno Schulenberg (41):
build: add the --disable-maintainer-mode option to ./configure
build: fix compilation for --enable-{tiny,nanorc,color}
build: fix compilation when configured with --disable-color
build: remove an obsolete check -- the dependent code was deleted
bump version numbers and add a news item for the 6.3 release
display: suppress spotlight yellow and error red when NO_COLOR is set
docs: add an example binding for copying text to the system clipboard
execute: clear an anchor only when the whole buffer gets filtered
execute: don't crash when an empty buffer is piped through a command
execute: stay on the same line number when filtering the whole buffer
feedback: show extra warning when writing failed due to "No space left"
files: do not change to a higher directory when the working one is gone
files: show a warning when the working directory is gone (when used)
files: when the working directory exists, still check its accessibility
filtering: close all output descriptors, so that 'xsel' will terminate
formatting: change cursor position only after saving it in the undo item
gnulib: pull in the workaround for a build problem on NetBSD
gnulib: update to its current upstream state
justify: stay at the same line number when doing a full justification
painting: colorize text also after an unterminated start match
painting: look for another start match only after the actual end match
painting: recalculate the multidata when making large strides or changes
painting: stop coloring an extremely long line after 2000 bytes
painting: tighten the check for a lacking end match on a colored line
syntax: xml: colorize /> properly, and colorize prolog tags differently
syntax: xml: colorize user-defined entities differently
tweaks: avoid a function call when two plain assignments will do
tweaks: change the indentation of a list, to match other indentations
tweaks: don't leave an orphaned temporary file behind when writing fails
tweaks: elide an unneeded call of strlen()
tweaks: exclude the extra truncation warning from the tiny version
tweaks: make the triggering of the recalculation of multidata less eager
tweaks: move the saving and restoring of flags to where it is needed
tweaks: normalize the indentation after the previous change
tweaks: prevent the adding of an unwanted newline in a different way
tweaks: remove redundant braces, and add two translator hints
tweaks: remove some stray spaces before a comma
tweaks: simplify a bit of code, eliding two labels and three gotos
tweaks: simplify a fragment of code, and fold two lines together
tweaks: trim a few comments, rename a function, and reshuffle some code
verbatim: with --zero, keep cursor in viewport when it was on bottom row
Mike Frysinger (1):
general: fix building for Windows
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ff76241b271dc7fdceb7431c95cee299678c90f8
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 28 23:25:55 2022 +0200
ncdu: Update to version 1.17
- Update from version 1.16 to 1.17
- Update of rootfile not required
- Changelog
1.17 - 2022-04-28 - ncdu-1.17.tar.gz
Add ‘dark-bg’ color scheme and use that by default
Use natural sort order when sorting by file name
Improve compatibility with C89 environments
Fix wrong assumption about errno not being set by realloc()
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 843314ba98e0d6b8ab3d1760f49f256ff5cebb61
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 23 23:25:34 2022 +0200
parted: Update to version 3.5
- Update from 3.4 to 3.5
- Update of rootfile
- Changelog
* Noteworthy changes in release 3.5 (2022-04-18) [stable]
** New Features
Update to latest gnulib for 3.5 release
* Noteworthy changes in release 3.4.64.2 (2022-04-05) [alpha]
** Bug Fixes
usage: remove the mention of "a particular partition"
* Noteworthy changes in release 3.4.64 (2022-03-30) [alpha]
** New Features
Add --fix to --script mode to automatically fix problems like the backup
GPT header not being at the end of a disk.
Add use of the swap partition flag to msdos disk labeled disks.
Allow the partition name to be an empty string when set in script mode.
Add --json command line switch to output the details of the disk as JSON.
Add support for the Linux home GUID using the linux-home flag.
** Bug Fixes
Decrease disk sizes used in tests to make it easier to run the test suite
on systems with less memory. Largest filesystem is now 267MB (fat32). The
rest are only 10MB.
Add aarch64 and mips64 as valid machines for testing.
Escape colons and backslashes in the machine output. Device path,
model, and partition name could all include these. They are now
escaped with a backslash.
Use libdevmapper's retry remove option when the device is BUSY. This
prevents libdevmapper from printing confusin output when trying to
remove a busy partition.
Keep GUID specific attributes when writing the GPT header. Previously
they were set to 0.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9a39b090cc292ac815c912c198935a20e742959f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 28 13:52:30 2022 +0200
ncurses-compat: remove orphaned lfs file
- ncurses-compat was removed from make.sh in Core Update 119 together with the rootfile
--ncurses-compat lfs file was left behind at that time
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3d767c8aad82ac8a4d8b164569136a138e19d9cf
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Apr 26 11:25:59 2022 +0000
borgbackup: Fix rootfile on 32-bit ARM
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1a9e81ce7f999628536c5fa33928f3e79a7d84cc
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Apr 26 05:24:47 2022 +0200
ids.cgi: Remove etag data when deleting a provider.
Otherwise the same provider could not be added again at a later
time if the stored etag is still valid.
In this case the server will not offer the rules and the provider
could not be added.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 504fb53bcc1eb03af782d800b77ee6a1b6e4077b
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Apr 26 05:23:44 2022 +0200
ids-functions.pl: Add remove_from_etags() function.
This function is used to drop the stored etags data of a given provider.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 91a8664b662ed506a7896b638c6d9d140485a5aa
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Apr 25 21:15:23 2022 +0200
Revert "ruleset-sources: Remove support for PT Attack Team Detection rules."
The ruleset provider has recovered his github presence.
This reverts commit c8adaee1958ed0c382341e08949d5cb88bd58c7e.
commit b7a2d742b44aaac6b56ad73cbdab860debad345d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 23 23:26:41 2022 +0200
powertop: Update to version 2.14
- Update from v2.10 to 2.14
- added ./autogen.sh to create configure file
- Update of rootfile
- Changelog
No changelog provided anywhere. For details of changes see commits in the github
repository - https://github.com/fenrus75/powertop/commits/master
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3098182fa7145490c4f1ee00db17f64e04c2299b
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 25 18:40:17 2022 +0000
Samba: Update ARM rootfiles
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 249d796b4b873fde6e4bf270b7028afe8073abc2
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Apr 25 20:12:19 2022 +0200
convert-ids-backend-files: Wait until suricata has stopped sucessfully.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit aa2ab8c40b1cf5dcdcbe3c4ac9d44b8e0997db7d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 19:14:49 2022 +0000
Run ./make.sh update-contributors
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2b9af93313e1f6f0a782a94131e87237debc42b7
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 19:14:08 2022 +0000
Core Update 168: Ship wakeonlan.cgi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 154dfcb7a2ec7ab399f8ca5393987bfa8defefa9
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Wed Apr 20 14:13:09 2022 +0200
wakeonlan.cgi: Fix meta refresh tag
This fixes an HTML error that is briefly visible
on the "magic packet sent" page.
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 52224df18d06515d17b6dd7e1d309364d38b4335
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 19:13:37 2022 +0000
Core Update 168: Ship pcre2
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f86e23906ee01f5b9c9b4eea84957b78481e0048
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 23 23:26:13 2022 +0200
pcre2: Update to version 10.40
- Update from 10.39 to 10.40
- Update of rootfile
- Changelog
Version 10.40 15-April-2022
1. Merged patch from @carenas (GitHub #35, 7db87842) to fix pcre2grep incorrect
handling of multiple passes.
2. Merged patch from @carenas (GitHub #36, dae47509) to fix portability issue
in pcre2grep with buffered fseek(stdin).
3. Merged patch from @carenas (GitHub #37, acc520924) to fix tests when -S is
not supported.
4. Revert an unintended change in JIT repeat detection.
5. Merged patch from @carenas (GitHub #52, b037bfa1) to fix build on GNU Hurd.
6. Merged documentation and comments patches from @carenas (GitHub #47).
7. Merged patch from @carenas (GitHub #49) to remove obsolete JFriedl test code
from pcre2grep.
8. Merged patch from @carenas (GitHub #48) to fix CMake install issue #46.
9. Merged patch from @carenas (GitHub #53) fixing NULL checks in matching and
substituting.
10. Add null_subject and null_replacement modifiers to pcre2test.
11. Add check for NULL subject to POSIX regexec() function.
12. Add check for NULL replacement to pcre2_substitute().
13. For the subject arguments of pcre2_match(), pcre2_dfa_match(), and
pcre2_substitute(), and the replacement argument of the latter, if the pointer
is NULL and the length is zero, treat as an empty string. Apparently a number
of applications treat NULL/0 in this way.
14. Added support for Bidi_Class and a number of binary Unicode properties,
including Bidi_Control.
15. Fix some minor issues raised by clang sanitize.
16. Very minor code speed up for maximizing character property matches.
17. A number of changes to script matching for \p and \P:
(a) Script extensions for a character are now coded as a bitmap instead of
a list of script numbers, which should be faster and does not need a
loop.
(b) Added the syntax \p{script:xxx} and \p{script_extensions:xxx} (synonyms
sc and scx).
(c) Changed \p{scriptname} from being the same as \p{sc:scriptname} to being
the same as \p{scx:scriptname} because this change happened in Perl at
release 5.26.
(d) The standard Unicode 4-letter abbreviations for script names are now
recognized.
(e) In accordance with Unicode and Perl's "loose matching" rules, spaces,
hyphens, and underscores are ignored in property names, which are then
matched independent of case.
18. The Python scripts in the maint directory have been refactored. There are
now three scripts that generate pcre2_ucd.c, pcre2_ucp.h, and pcre2_ucptables.c
(which is #included by pcre2_tables.c). The data lists that used to be
duplicated are now held in a single common Python module.
19. On CHERI, and thus Arm's Morello prototype, pointers are represented as
hardware capabilities, which consist of both an integer address and additional
metadata, meaning they are twice the size of the platform's size_t type, i.e.
16 bytes on a 64-bit system. The ovector member of heapframe happens to only be
8 byte aligned, and so computing frame_size ended up with a multiple of 8 but
not 16. Whilst the first frame was always suitably aligned, this then
misaligned the frame that follows, resulting in an alignment fault when storing
a pointer to Fecode at the start of match. Patch to fix this issue by Jessica
Clarke PR#72.
20. Added -LP and -LS listing options to pcre2test.
21. A user discovered that the library names in CMakeLists.txt for MSVC
debugger (PDB) files were incorrect - perhaps never tried for PCRE2?
22. An item such as [Aa] is optimized into a caseless single character match.
When this was quantified (e.g. [Aa]{2}) and was also the last literal item in a
pattern, the optimizing "must be present for a match" character check was not
being flagged as caseless, causing some matches that should have succeeded to
fail.
23. Fixed a unicode properrty matching issue in JIT. The character was not
fully read in caseless matching.
24. Fixed an issue affecting recursions in JIT caused by duplicated data
transfers.
25. Merged patch from @carenas (GitHub #96) which fixes some problems with
pcre2test and readline/readedit:
* Use the right header for libedit in FreeBSD with autoconf
* Really allow libedit with cmake
* Avoid using readline headers with libedit
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 854241e108ecf798a43fb9b30a53f1119783c149
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 19:09:23 2022 +0000
Core Update 168: Ship media.cgi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 52f8118635b64f1edf5bfdd92d1351f5ec0959af
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed May 13 18:40:34 2020 +0200
media.cgi: Added translation for 'inodes'
For details see:
https://en.wikipedia.org/wiki/Inode
or
http://www.linfo.org/inode.html ;-)
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
commit d6fc413aea8c863587a4793b320ab2db6c29eb5d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 12 12:34:11 2022 +0200
ipvsadm: Update to version 1.31
- Update from 1.29 to 1.31
- Update of rootfile not required
- Changelog
Version 1.31
In ipvsadm(8) add using nft or an eBPF program to set a packet mark
Add --pe sip option in ipvsadm(8) man page
ipvsadm: allow tunneling with gre encapsulation
Merge branch 'GUE-encap'
ipvsadm: allow tunneling with gue encapsulation
ipvsadm: convert options to unsigned long long
Version 1.30
Merge: ipvsadm: Document/add support for fo/ovf/mh schedulers
Add support for mh scheduler
Document support of ovf scheduler
Document support of fo scheduler
libipvs: fix some buffer sizes
libipvs: discrepancy with libnl genlmsg_put
ipvsadm: catch the original errno from netlink answer
Version 1.29
ipvsadm: new attributes for sync daemon
ipvsadm: support 64-bit stats and rates
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit b8ffb101f86d40c68482c8a305b760a382036d78
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 12 12:34:28 2022 +0200
keepalived: Update to version 2.2.7
- Update from 2.2.4 to 2.2.7
- Update of rootfile
- Changelog
Release 2.2.7 brings lots of improvements and fix some minor issues reported. It add
some new VRRP features as well. Stability has been even more extended.
New
ipvs: Add support to twos scheduler.
vrrp: Add vrf option for unicast without specifying an interface.
vrrp: Add option unicast_fault_no_peer. Previously if unicast_src_ip (or any
other unicast option) was specified, but no unicast peers were
configured, then the VRRP instance would operate in multicast mode. A
user has identified that, due to automatic configuration generation,
they could have a configuration that should operate in unicast mode,
but that no unicast peers were configured. In this case, they did not
want the VRRP instance to revert to multicast mode. In order to
maintain backward compatibility, keepalived can’t simply change to not
allowing no unicast peers. Instead, this commit adds the configuration
option “unicast_fault_no_peer”, which if specified causes the VRRP
instance to go to fault state if no unicast peers are configured.
vrrp: Allow specification of multicast address to be used.
vrrp: Add vrf option to static and vrrp routes.
vrrp: Add option to resend vrrp states on fifos after reload. Since
keepalived restarts FIFOs scripts it is managing when a reload occurs,
it can be helpful to send the VRRP instance and group states after a
reload. This commit adds option fifo_write_vrrp_states_on_reload to do
that, and it means that what is written to the FIFOs with default
configuration does not change.
vrrp: Allow duplication of VRIDs on an interface with unicast peers. If two
VRRP instances are using unicast peers and there is no overlap of
unicast peers between the vrrp instances, then the vrrp instances can
use the same VRIDs.
global: Don’t assume running as user root.
systemd: Add keepalived-non-root.service systemd service file.
keepalived-non-root.service allows keepalived to be run as a non
root user, but with specific added capabilities to allow all the
functionality that keepalived needs.
Improvements
vrrp: Stop receiving any data on garp and ndisc sockets. This is a send-only
channel.
vrrp: Open gratuitous ARP socket as an ARP socket rather than RARP. Now that
the receiving of packets on the garp socket has been stopped, we can
open the socket with the correct type of binding, and we won’t have a
queue of received messages build up.
vrrp: Extend cBPF filtering code to support standard definition.
vrrp: Optimise nftables configuration to limit some rules to macvlans. If we
are moving messages that have been generated on a macvlan, we nftables
rules can be optimised to restrict them to macvlan interfaces.
vrrp: Drop ICMPV6 Router Solicitation messages from vmac interfaces. When we
create a vmac interface, a short time afterwards the kernel sends a
router solicition message with the source MAC address of the vmac
interface. The problem is that this will upset snooping switches if
the VRRP instance is in backup state. Furthermore, we can’t simply
move the packet onto the underlying interface since the ICMPV6 payload
also contains the MAC address of the vmac interface. We can’t just
change the MAC address in the ICMPV6 message, since there is also a
checksum which would need to be recalculated. The only solution at the
moment is to drop the packet. This shouldn’t be a problem since the
underlying interface should have sent a Router solicitation message
when it came up.
vrrp: Add option to specify MAC address for VMACs.
vrrp: Don’t lose some configuration faults. The following errors were being
detected in vrrp_complete_instance() and the VRRP instance was then
supposed to be put into fault state since it couldn’t operate.
However, the need to go to fault state was subsequently being lost.
The configuration errors that were being lost were: (a) Configuring
use of a VMAC on a non Ethernet interface (b) Attempting to use
multicast on an interface that doesn’t support it (c) Using an ipvlan
without a source IP address (d) ipvlan address family not matching
VRRP isntance’s (e) VRID conflicts on an interface which could be
deleted an recreated on a different interface (f) An interface
specified for a VIP is the same as the VRRP instance’s VMAC or another
VRRP instance’s VMAC. This improvement ensures that the VRRP instance
will be put into, and remain in, fault state, since it cannot
successfully operate. As can be seen from the list of circumstances
above, they were very unlikely to occur, but were possible.
vrrp: Bind IPv6 socket to multicast address. Previously IPv6 sockets were
being bound to the ::1 address, since trying to bind to the multicast
address was failing. The reason for failing has now been discovered to
be that the scope_id needed to be set (i.e. the interface index),
since the multicast addresses that we use are link-local multicast
addresses. This improvement now sets the scope_id, so the socket can
successfully be bound to the multicast address.
vrrp: Set IPV6_MULTICAST_ALL on IPv6 sockets if available.
vrrp: Some SNMP extension and improvements: - Correct FastOpenNoCookie and
L3Mdev variable types - Don’t write multicast address to SNMP when
using unicast. - Don’t write unconfigured LVS sync daemon address to
SNMP. - Define and use SNMP_TruthValue. - Define and use
SNMP_InetAddressType. - Correct reporting accept mode for VRRPv3 SNMP.
vrrp: Misc DBus improvements (Opening, logging, data_dir, policy, …)
vrrp: Handle VMAC’s interface changing on reload properly.
vrrp: If accept traffic for VIPs changes on reload, update firewall.
vrrp: Stop going to backup if reload IPv6 and change vmac_xmit_base.
vrrp: Add add/prepend/append options to static and virtual routes. The
kernel by default prepends routes, whereas the ip (iproute2) utility
be default adds routes (adding a route does not allow duplicates
whereas appending or prepending does). keepalived previously has not
set the flags relating to this, and so has always prepended routes.
This means that duplicate routes could be created.
lib: Update Red Black tree code to Linux 5.15-rc4.
script: Extend sample_notify_fifo.sh.
doc: Misc documentation updates.
docker: Upate docker file.
init: Init handling extensions. Make parent process exit with meaningful
status on error. Ensure systemd is not notified of successful start if
failed. fix building without systemd notify suport.
bfd: handle unexpected closure of pipe to checker and vrrp processes. If the
parent process abnormally terminates and then the BFD process
terminates due to PDEATHSIG before the vrrp or checker processes
terminate, the vrrp and checker processes can get a read error on the
pipes used to communicate with the BFD process.
bfd: make BFD work when IPv6 disabled on system.
Fixes
lib: Fix calculating CLOCK_REALTIME and CLOCK_MONOTONIC offsets.
lib: scheduler: Handle cancelling timer thread on ready queue. The timer
thread on the ready queue, if cancelled, was corrupting the read
list_head, since it assumed it was on a red black tree.
snap: Fix building snaps.
ipvs: Fix building with glibc prior to v2.19 (released 2014).
bfd: Handle interface down/address missing when keepalived starts. This
resolves a segfault, and also makes bfd retry once per minute to create
send socket if it cannot do so due to no address to bind to on an
interface.
vrrp: Fix unicast with interface in a VRF domain.
vrrp: Fix moving excess VIPs to eVIPs, by properly handling vip_cnt.
vrrp: Fix configured IPv6 multicast addresses with VMACs. Using different
multicast addresses with IPv6 on the same interface without using
VMACs is only supported if the kernel supports IPV6_MULTICAST_ALL
(from Linux v4.20).
vrrp: Fix checking for unicast with VMAC/ipvlan and no peers.
vrrp: Fix checking if have unicast ppers if unicast_ttl specified.
vrrp: Don’t segfault if duplicate VMAC name, but ignore second name.
vrrp: Don’t delete and recreate VMAC on reload if only VRID has changed.
There seems to be an issue deleting and then immediately recreating a
VMAC on the same interface. This commit therefore simply changes the
MAC address if the only change is the VRID.
vrrp: Fix nftables config if VMAC interface changed on reload.
vrrp: Don’t segfault if don’t have permission for ARP/NDISC socket.
vrrp: Fix IPv6 with vmac_xmit_base.
vrrp: fix disabling vmac-xmit-base with VRRPv3 IPv6 use_vmac.
vrrp: Fix specifying user/group for vrrp_scripts.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 28fdd8ede6b241144e1aa3a05ac2c5ac82d56ae3
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 19:01:13 2022 +0000
Core Update 168: Ship procps
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0469187ca03c808f23521caf5e4749a41d3a95b2
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 23 23:26:55 2022 +0200
procps: Update to version v4.0.0
- Update from v3.3.16 to v4.0.0
- added --disable-static to ./configure to remove static libs from rootfile
- Update of rootfile
- Changed lib name. Ran ./make.sh find-dependencies. No dependencies on old libraries
- Changelog
procps-ng-4.0.0
* Rename pwait to pidwait
* free: Add committed line option merge #25
* free: Fix -h --si combined options issue #133, #223
* free: Fix first column justification issue #229, #204, #206, Debian #1001689
* free: Better spacing for Chinese language issue #213
* library: renamed to libproc-2 and reset to 0:0:0
* library: add support for accessing smaps_rollup issue #112, #201
* library: add support for accessing autogroups
* library: add support for LIBPROC_HIDE_KERNEL env var merge #147
* library: add support for cpu utilization to pids i/f
* pkill: Check for lt- variants of program name issue #192
* pgrep: Add newline after regex error message merge #91
* pgrep: Fix selection where uid/gid > 2^31 merge !146
* pgrep: Select on cgroup v2 paths issue #168
* ps: Add OOM and OOMADJ fields issue #198
* ps: Add IO Accounting fields issue #184
* ps: Add PSS and USS fields issue #112
* ps: Add two new autogroup fields
* ps: Ignore SIGURG merge !142
* slabtop: Don't combine d and o options issue #160
* sysctl: Add support for systemd glob patterns issue #191
* sysctl: Check resolved path to be under /proc/sys issue #179
* sysctl: return non-zero if EINVAL return for write merge #76
* sysctl.conf.5: Note max line length issue #77
* top: added LOGID similar to 3.3.13 ps LUID
* top: added EXE identical to 3.3.17 ps EXE
* top: exploit some library smaps_rollup provisions issue #112
* top: added four new IO accounting fields issue #184
* top: 'F' key is now a new forest view 'focus' toggle
* top: summary area memory lines can print two abreast
* top: added two new autogroup fields
* top: added long versions of command line options
* top: added cpu utilization & 2 time related fields
* top: the time related fields can now be user scaled
* uptime: print short/pretty format correctly issue #217
* vmstat: add -y option to remove first line merge !72
procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations issue #176
* kill: Pass int to signalled process merge #32
* pgrep: Pass int to signalled process merge #32
* pgrep: Check sanity of SG_ARG_MAX issue #152
* pgrep: Add older than selection merge #79
* pidof: Quiet mode merge #83
* pidof: show worker threads Redhat #1803640
* ps.1: Mention stime alias issue #164
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option Redhat #1399206
* pwait: New command waits for a process merge #97
* sysctl: Match systemd directory order Debian #950788
* sysctl: Document directory order Debian #951550
* top: ensure config file backward compatibility Debian #951335
* top: add command line 'e' for symmetry with 'E' issue #165
* top: add '4' toggle for two abreast cpu display issue #172
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch merge #114
* vmstat: Wide mode gives wider proc columns merge #48
* watch: Add environment variable for interval merge #62
* watch: Add no linewrap option issue #182
* watch: Support more colors merge #106,#109
* free,uptime,slabtop: complain about extra ops issue #181
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 3a5ba6cf97322c9c931b841d72a3642109b2718c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 16:29:49 2022 +0000
Core Update 168: Ship pango
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0487d6a5754fb2121dfcd61ca98d6e3a902cf0a9
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 5 15:47:47 2022 +0200
pango: Update to version 1.50.6
- Update from 1.50.4 to 1.50.6
- Update of rootfile
- Changelog
Overview of changes in 1.50.6, 19-03-2022
- Drop hb-glib dependency
- Fix test font configuration
- Maintain order in pango_attr_list_change
- Fix a use-after-free in pango_attr_list_change
Overview of changes in 1.50.5, 03-03-2022
* Fix compiler warnings
* Enable cairo by default
* pango-view: Show more baselines
* layout: Handle baselines
* Windows: build cleanups
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit b26c72d569ebf1ee00f54e4d6363f5cbfd59abf3
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 16:08:12 2022 +0000
Core Update 168: Ship logwatch
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ab473dd36372980a7603ece7f1c766fd848d74f2
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Apr 16 13:07:00 2022 +0200
logwatch: Update to 7.6
The developers do not provide a changelog, the only comment I could find was on:
https://packetstormsecurity.com/files/165672/Logwatch-7.6.html
"Changes: Fixed bugs."
Running here on Core 166. No seen problems.
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
commit cdf0522ec2b944ce0b6aac5d6baa49c96930d660
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Sun Apr 24 12:43:16 2022 +0200
HTML: Add language attribute
This attribute is recommended by W3C, because it is used by
screen readers to provide the correct pronunciation.
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7b5f057a485be990445fe0d5448abdd3946bca84
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 21 09:51:46 2022 +0200
perl-JSON: Installation of new package required by samba
- Installation of lfs and rootfile for perl-JSON - required by samba-4.16.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit e8e8b6ae29176e605143c8927ba402078cdc4f54
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 21 09:51:45 2022 +0200
samba: Update to version 4.16.0
- Update from version 4.15.5 to 4.16.0
- Update of rootfile
- perl-JSON now added to samba requirements. Additional patch combined with this on for
install of perl-JSON
- Changelog
Release Notes for Samba 4.16.0
NEW FEATURES/CHANGES
New samba-dcerpcd binary to provide DCERPC in the member server setup
In order to make it much easier to break out the DCERPC services
from smbd, a new samba-dcerpcd binary has been created.
samba-dcerpcd can be used in two ways. In the normal case without
startup script modification it is invoked on demand from smbd or
winbind --np-helper to serve DCERPC over named pipes. Note that
in order to run in this mode the smb.conf [global] section has
a new parameter "rpc start on demand helpers = [true|false]".
This parameter is set to "true" by default, meaning no changes to
smb.conf files are needed to run samba-dcerpcd on demand as a named
pipe helper.
It can also be used in a standalone mode where it is started
separately from smbd or winbind but this requires changes to system
startup scripts, and in addition a change to smb.conf, setting the new
[global] parameter "rpc start on demand helpers = false". If "rpc
start on demand helpers" is not set to false, samba-dcerpcd will
refuse to start in standalone mode.
Note that when Samba is run in the Active Directory Domain Controller
mode the samba binary that provides the AD code will still provide its
normal DCERPC services whilst allowing samba-dcerpcd to provide
services like SRVSVC in the same way that smbd used to in this
configuration.
The parameters that allowed some smbd-hosted services to be started
externally are now gone (detailed below) as this is now the default
setting.
samba-dcerpcd can also be useful for use outside of the Samba
framework, for example, use with the Linux kernel SMB2 server ksmbd or
possibly other SMB2 server implementations.
Heimdal-8.0pre used for Samba Internal Kerberos, adds FAST support
Samba has since Samba 4.0 included a snapshot of the Heimdal Kerberos
implementation. This snapshot has now been updated and will closely
match what will be released as Heimdal 8.0 shortly.
This is a major update, previously we used a snapshot of Heimdal from
2011, and brings important new Kerberos security features such as
Kerberos request armoring, known as FAST. This tunnels ticket
requests and replies that might be encrypted with a weak password
inside a wrapper built with a stronger password, say from a machine
account.
In Heimdal and MIT modes Samba's KDC now supports FAST, for the
support of non-Windows clients.
Windows clients will not use this feature however, as they do not
attempt to do so against a server not advertising domain Functional
Level 2012. Samba users are of course free to modify how Samba
advertises itself, but use with Windows clients is not supported "out
of the box".
Finally, Samba also uses a per-KDC, not per-realm 'cookie' to secure part of
the FAST protocol. A future version will align this more closely with
Microsoft AD behaviour.
If FAST needs to be disabled on your Samba KDC, set
kdc enable fast = no
in the smb.conf.
Certificate Auto Enrollment
Certificate Auto Enrollment allows devices to enroll for certificates from
Active Directory Certificate Services. It is enabled by Group Policy.
To enable Certificate Auto Enrollment, Samba's group policy will need to be
enabled by setting the smb.conf option `apply group policies` to Yes. Samba
Certificate Auto Enrollment depends on certmonger, the cepces certmonger
plugin, and sscep. Samba uses sscep to download the CA root chain, then uses
certmonger paired with cepces to monitor the host certificate templates.
Certificates are installed in /var/lib/samba/certs and private keys are
installed in /var/lib/samba/private/certs.
Ability to add ports to dns forwarder addresses in internal DNS backend
The internal DNS server of Samba forwards queries non-AD zones to one or more
configured forwarders. Up until now it has been assumed that these forwarders
listen on port 53. Starting with this version it is possible to configure the
port using host:port notation. See smb.conf for more details. Existing setups
are not affected, as the default port is 53.
CTDB changes
* The "recovery master" role has been renamed "leader"
Documentation and logs now refer to "leader".
The following ctdb tool command names have changed:
recmaster -> leader
setrecmasterrole -> setleaderrole
Command output has changed for the following commands:
status
getcapabilities
The "[legacy] -> recmaster capability" configuration option has been
renamed and moved to the cluster section, so this is now:
[cluster] -> leader capability
* The "recovery lock" has been renamed "cluster lock"
Documentation and logs now refer to "cluster lock".
The "[cluster] -> recovery lock" configuration option has been
deprecated and will be removed in a future version. Please use
"[cluster] -> cluster lock" instead.
If the cluster lock is enabled then traditional elections are not
done and leader elections use a race for the cluster lock. This
avoids various conditions where a node is elected leader but can not
take the cluster lock. Such conditions included:
- At startup, a node elects itself leader of its own cluster before
connecting to other nodes
- Cluster filesystem failover is slow
The abbreviation "reclock" is still used in many places, because a
better abbreviation eludes us (i.e. "clock" is obvious bad) and
changing all instances would require a lot of churn. If the
abbreviation "reclock" for "cluster lock" is confusing, please
consider mentally prefixing it with "really excellent".
* CTDB now uses leader broadcasts and an associated timeout to
determine if an election is required
The leader broadcast timeout can be configured via new configuration
option
[cluster] -> leader timeout
This specifies the number of seconds without leader broadcasts
before a node calls an election. The default is 5.
REMOVED FEATURES
Older SMB1 protocol SMBCopy command removed
SMB is a nearly 30-year old protocol, and some protocol commands that
while supported in all versions, have not seen widespread use.
One of those is SMBCopy, a feature for a server-side copy of a file.
This feature has been so unmaintained that Samba has no testsuite for
it.
The SMB1 command SMB_COM_COPY (SMB1 command number 0x29) was
introduced in the LAN Manager 1.0 dialect and it was rendered obsolete
in the NT LAN Manager dialect.
Therefore it has been removed from the Samba smbd server.
We do note that a fully supported and tested server-side copy is
present in SMB2, and can be accessed with "scopy" subcommand in
smbclient)
SMB1 server-side wildcard expansion removed
Server-side wildcard expansion is another feature that sounds useful,
but is also rarely used and has become problematic - imposing extra
work on the server (both in terms of code and CPU time).
In actual OS design, wildcard expansion is handled in the local shell,
not at the remote server using SMB wildcard syntax (which is not shell
syntax).
In Samba 4.16 the ability to process file name wildcards in requests
using the SMB1 commands SMB_COM_RENAME (SMB1 command number 0x7),
SMB_COM_NT_RENAME (SMB1 command number 0xA5) and SMB_COM_DELETE (SMB1
command number 0x6) has been removed.
SMB1 protocol has been deprecated, particularly older dialects
We take this opportunity to remind that we have deprecated and
disabled by default, but not removed, the whole SMB1 protocol since
Samba 4.11. If needed for security purposes or code maintenance we
will continue to remove older protocol commands and dialects that are
unused or have been replaced in more modern SMB1 versions.
We specifically deprecate the older dialects older than "NT LM 0.12"
(also known as "NT LANMAN 1.0" and "NT1").
Please note that "NT LM 0.12" is the dialect used by software as old
as Windows 95, Windows NT and Samba 2.0, so this deprecation applies
to DOS and similar era clients.
We do reassure that that 'simple' operation of older clients than
these (eg DOS) will, while untested, continue for the near future, our
purpose is not to cripple use of Samba in unique situations, but to
reduce the maintaince burden.
Eventually SMB1 as a whole will be removed, but no broader change is
announced for 4.16.
In the rare case where the above changes cause incompatibilities,
users requiring support for these features will need to use older
versions of Samba.
No longer using Linux mandatory locks for sharemodes
smbd mapped sharemodes to Linux mandatory locks. This code in the Linux kernel
was broken for a long time, and is planned to be removed with Linux 5.15. This
Samba release removes the usage of mandatory locks for sharemodes and the
"kernel share modes" config parameter is changed to default to "no". The Samba
VFS interface is kept, so that file-system specific VFS modules can still use
private calls for enforcing sharemodes.
smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
kernel share modes New default No
dns forwarder Changed
rpc_daemon Removed
rpc_server Removed
rpc start on demand helpers Added true
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 8b84073efb4113afe48e6ca12e1c04ed934bd855
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 21 21:31:30 2022 +0200
git: Update to version 2.36.0
- Update from 2.35.1 to 2.36.0
- Update of rootfile
- Changelog
2.36 Release Notes
These are too long to include here. To see the details go to the following link
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.36.0.txt
2.35.3.txt Release Notes
This release merges up the fixes that appear in v2.35.3.
2.35.2 Release Notes
This release merges up the fixes that appear in v2.30.3,
v2.31.2, v2.32.1, v2.33.2 and v2.34.2 to address the security
issue CVE-2022-24765; see the release notes for these versions
for details.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2e9899036a64e4d1fcccedb1a2eeefca0af7a7e2
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 12 12:35:26 2022 +0200
stunnel: Update to version 5.63
- Update from version 5.62 to 5.63
- Update of rootfile not required
- Changelog
Version 5.63, 2022.03.15
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.2.
* New features
- Updated stunnel.spec to support bash completion
* Bugfixes
- Fixed possible PRNG initialization crash (thx to Gleydson Soares).
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 6dd63f5e7f33d2948132f7412f75cd4473e7b148
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 12 12:35:10 2022 +0200
stress: Update to version 1.0.5
- Update from version 1.0.4 to 1.0.5
- Update of rootfile not required
- Changelog
Version 1.0.5
* Added CI test for GitHub.
* Migrated manpage system to txt2man.
* Modernized system install.
* Set right permissions to source code.
* Updated README and added a CONTRIBUTING file.
* Other minor changes and improvements.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit ac8da780aa611e2b86e49ec02a7d0c4c4b9bfc26
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 12 12:34:58 2022 +0200
strace: Update to version 5.17
- Update from 5.14 to 5.17
- Update of rootfile not required
- Changelog
Noteworthy changes in release 5.17 (2022-03-26)
* Improvements
* Added 64-bit LoongArch architecture support.
* Extended personality designation syntax of syscall specification expressions
to support all(a)pers and %class(a)pers.
* Enhanced rejection of invalid syscall numbers in syscall specification
expressions.
* Implemented decoding of set_mempolicy_home_node syscall, introduced
in Linux 5.17.
* Implemented decoding of IFLA_GRO_MAX_SIZE and TCA_ACT_IN_HW_COUNT netlink
attributes.
* Implemented decoding of PR_SET_VMA operation of prctl syscall.
* Implemented decoding of siginfo_t.si_pkey field.
* Implemented decoding of LIRC ioctl commands.
* Updated lists of FAN_*, IORING_*, IOSQE_*, KEY_*, KVM_*, MODULE_INIT_*,
TCA_ACT_*, and *_MAGIC constants.
* Updated lists of ioctl commands from Linux 5.17.
Noteworthy changes in release 5.16 (2022-01-10)
* Improvements
* Implemented --secontext=mismatch option to find mismatches in SELinux
contexts.
* Implemented decoding of futex_waitv syscall introduced in Linux 5.16.
* Implemented decoding of BPF_LINK_GET_NEXT_ID and BPF_LINK_GET_FD_BY_ID bpf
syscall commands.
* Enhanced decoding of BPF_MAP_CREATE, BPF_PROG_TEST_RUN, and BPF_PROG_LOAD
bpf syscall commands.
* Enhanced decoding of BTRFS_IOC_FS_INFO ioctl command.
* Updated lists of AUDIT_*, BPF_*, BTRFS_*, DEVCONF_*, FAN_*, ETH_P_*,
IPV4_DEVCONF_*, KVM_*, NDA_*, SO_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 5.16.
* Bug fixes
* Fixed build for older Android.
Noteworthy changes in release 5.15 (2021-12-01)
* Improvements
* Implemented --strings-in-hex=non-ascii-chars option for using hexadecimal
numbers instead of octal ones in escape sequences in the output strings.
* Implemented --decode-pids=comm option (and its alias -Y) for printing
command names for PIDs.
* Implemented --decode-pids=pidns as an alias to --pidns-translation option.
* Implemented printing of current working directory when AT_FDCWD constant
is used with --decode-fds=path option enabled.
* Improved printing of syscall names in places where the associated
AUDIT_ARCH_* value is present (ptrace PTRACE_GET_SYSCALL_INFO request,
SIGSYS siginfo_t).
* Implemented decoding of process_mrelease syscall, introduced in Linux 5.15.
* Implemented decoding of SECCOMP_GET_NOTIF_SIZES operation of seccomp
syscall.
* Implemented decoding of HDIO_*, KD*, and SECCOMP_* ioctl commands.
* Implemented decoding of RTM_NEWCACHEREPORT, RTM_{NEW,DEL,GET}NEXTHOP,
and RTM_{NEW,GET}STATS NETLINK_ROUTE netlink messages.
* Implemented decoding of AF_ALG, AF_IEEE802154, AF_MCTP, AF_NFC, AF_QIPCRTR,
AF_RRPC, AF_VSOCK, and AF_XDP socket addresses.
* Implemented decoding of AF_BRIDGE and AF_MCTP protocols for IFLA_AF_SPEC
netlink attribute.
* Implemented decoding of IFLA_BR_MCAST_QUERIER_STATE, IFLA_BR_MULTI_BOOLOPT,
IFLA_INET6_RA_MTU, IFLA_INFO_SLAVE_DATA, and IFLA_VFINFO_LIST netlink
attributes.
* Enhanced decoding of io_uring_register and times syscalls.
* Enhanced IFLA_BR_FORWARD_DELAY, IFLA_BR_MAX_AGE, IFLA_EXT_MASK,
IFLA_PROTINFO, *_INTVL, and *_TIMER netlink attribute decoding.
* Enhanced decoding of AF_IPX and AF_NETLINK socket addresses.
* Updated lists o AF_*, ARPHRD_*, BTRFS_*, DEVCONF_*, DM_*, ETH_P_*,
FAN_REPORT_*, IORING_*, MOVE_MOUNT_*, MPOL_*, PACKET_*, RTM_*, SO_*,
and XFRM_MSG_* constants.
* Updated lists of ioctl commands from Linux 5.15.
* Bug fixes
* Fixed printing of struct bpf_prog_info.map_ids array.
* Fixed behaviour of "dev", "pidfd", and "socket" arguments of the --print-fds
option to no longer imply the "path" argument.
* Fixed insufficient buffer size used for network interface name printing,
that previously led to assertions on attempts of printing interface names
that require quoting, for example, names longer than 4 characters in -xx
mode (addresses RHBZ bug #2028146).
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 2a85fc7a124c918d6b431c04e255e03f364cc84b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 12 12:34:42 2022 +0200
lcdproc: Update to version 0.5.9
- Update from version 0.5.7 (2016) to 0.5.9 (2017)
- Update of rootfile
- This patch brings lcdproc up to date with the most recent release.
- Although there are no new releases there are continuing ongoing commits and issue fixes
being done in the repository with the last commit being in Dec 2021.
Not sure why no new releases are being done. It looks like any of the commits that fix
issuse people have raised have to be patched by the interested people.
- Changelog
0.5.9
This is mostly a code cleanup, bugfix and maintainance release.
Drivers supporting new hardware or additional functionality
HD44780 connection type "serial" supports Portwell EZIO-100 and EZIO-300
HD44780 connection type "gpio" supports dual controller displays.
This connection type is now a full replacement for the obsolete "rpi"
connection type.
Removed configure flags
enable-permissive-menu-goto is replaced by a setting in LCDd.conf
enable-seamless-hbars is now selected by drivers that need it automatically
Other important changes
The build system now specifies the language as C99.
API: drivers need to include "shared/report.h" instead of "report.h"
libftdi1 is used if it is available instead of obsolete libftdi
display update interval is selectable from LCDd.conf
0.5.8
New drivers
futaba: for Futaba TOSD-5711BB VFDisplay commonly used on Elonex Artisan,
Fujitsu Scaleo E and FIC Spectra Media Centre PCs
linux_input: supporting event devices from the linux input subsystem
Olimex_MOD_LCD1x9: for Olimex MOD-LCD1x9
yard2LCD: for yard2
New connection types for hd44780 driver
lcm162 is a differently wired 8 bit connection type used on Nextgate NSA
network appliances
gpio is using the linux sysfs gpio interface to control a display in
4-bit mode. To build this sub-driver you need
libugpio, which is a new dependency
for lcdproc.
Obsolete connection types for hd44780 driver
The following connection types are obsolete and probably won't get bug
and security fixes:
raspberrypi: use the gpio connection type instead
piplate: use the gpio connection type together with the gpio-mcp23s08
kernel module.
pifacecad: use the gpio connection type together with the gpio-mcp23s08
kernel module.
i2c: support for this sub-driver might continue for the users of
non-linux operating systems. On linux systems it is recommended to
use the gpio connection type together with the gpio-pcf857x kernel
module.
Drivers supporting new hardware or additional functionality
icp_a106 now also supports A125 displays
NoritakeVFD added some non-essential features
Other important changes
Development of lcdproc moved to github.
Some internal data structures have changed. If you have custom LCDd
drivers, you will need to recompile them against the new version. Of
course submitting such drivers in pull requests is appreciated.
For a detailed list of bug fixes, see the ChangeLog.md included in the
distribution archive.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit fd4c9f98b8eba436ae16a03b2487ea308aaa94e7
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 14:17:24 2022 +0000
Core Update 168: Ship ipset
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 1b16f712c6895c462973f4c021be67cd80aabd8f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 12 12:33:58 2022 +0200
ipset: Update to version 7.15
- Update from 7.11 to 7.15
- Update of rootfile
- Changelog
7.15
Kernel part changes
netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt()
7.14
Userspace changes
Add missing function to libipset.map and bump library version
Kernel part changes
64bit division isn't allowed on 32bit, replace it with shift
7.13
Userspace changes
When parsing protocols by number, do not check it in /etc/protocols.
Add missing hunk to patch "Allow specifying protocols by number"
Kernel part changes
Limit the maximal range of consecutive elements to add/delete fix
7.12
Userspace changes
Allow specifying protocols by number
Fix example in ipset.8 manpage
tests: add tests ipset to nftables
add ipset to nftables translation infrastructur
lib: Detach restore routine from parser
lib: split parser from command execution
Fix patch "Parse port before trying by service name"
Kernel part changes
Limit the maximal range of consecutive elements to add/delete
Backport "netfilter: use nfnetlink_unicast()"
Backport "netfilter: nfnetlink: consolidate callback type"
Backport "netfilter: nfnetlink: add struct nfnl_info and pass it to
callbacks"
Backport "netfilter: add helper function to set up the nfnetlink header
and use it"
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 22ceda82b63226570ae7a79da99cec84855d8f25
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 14:15:30 2022 +0000
Core Update 168: Ship harfbuzz
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f5ebb58ab484b0d966f951e7aaf9dd6eb0611418
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 5 15:47:30 2022 +0200
harfbuzz: Update to version 4.2.0
- Update from 3.4.0 to 4.2.0
- Update of rootfile
- Changelog
Overview of changes leading to 4.2.0
Wednesday, March 30, 2022
- Source code reorganization, splitting large hb-ot-layout files into smaller,
per-subtable ones under OT/Layout/*. Code for more tables will follow suit in
later releases. (Garret Rieger, Behdad Esfahbod)
- Revert Indic shaper change in previous release that broke some fonts and
instead make per-syllable restriction of “GSUB” application limited to
script-specific Indic features, while applying them and discretionary
features in one go. (Behdad Esfahbod)
- Fix decoding of private in gvar table. (Behdad Esfahbod)
- Fix handling of contextual lookups that delete too many glyphs. (Behdad Esfahbod)
- Make “morx” deleted glyphs don’t block “GPOS” application. (Behdad Esfahbod)
- Various build fixes. (Chun-wei Fan, Khaled Hosny)
- New API
+hb_set_next_many() (Andrew John)
Overview of changes leading to 4.1.0
Wednesday, March 23, 2022
- Various OSS-Fuzz fixes. (Behdad Esfahbod)
- Make fallback vertical-origin match FreeType’s. (Behdad Esfahbod)
- Treat visible viramas like dependent vowels in USE shaper. (David Corbett)
- Apply presentation forms features and discretionary features in one go in
Indic shaper, which seems to match Uniscribe and CoreText behaviour.
(Behdad Esfahbod, David Corbett)
- Various bug fixes.
- New API
+hb_set_add_sorted_array() (Andrew John)
Overview of changes leading to 4.0.1
Friday, March 11, 2022
- Update OpenType to AAT mappings for “hist” and “vrtr” features.
(Florian Pircher)
- Update IANA Language Subtag Registry to 2022-03-02. (David Corbett)
- Update USE shaper to allow any non-numeric tail in a symbol cluster, and
remove obsolete data overrides. (David Corbett)
- Fix handling of baseline variations to return correctly scaled values.
(Matthias Clasen)
- A new experimental hb_subset_repack_or_fail() to repack an array of objects,
eliminating offset overflows. The API is not available unless HarfBuzz is
built with experimental APIs enabled. (Qunxin Liu)
- New experimental API
+hb_link_t
+hb_object_t
+hb_subset_repack_or_fail()
Overview of changes leading to 4.0.0
Tuesday, March 1, 2022
- New public API to create subset plan and gather information on things like
glyph mappings in the final subset. The plan can then be passed on to perform
the subsetting operation. (Garret Rieger)
- Draw API for extracting glyph shapes have been extended and finalized and is
no longer an experimental API. The draw API supports glyf, CFF and CFF2
glyph outlines tables, and applies variation settings set on the font as well
as synthetic slant. The new public API is not backward compatible with the
previous, non-public, experimental API. (Behdad Esfahbod)
- The hb-view tool will use HarfBuzz draw API to render the glyphs instead of
cairo-ft when compiled with Cairo 1.17.5 or newer, setting HB_DRAW
environment variable to 1 or 0 will force using or not use the draw API,
respectively. (Behdad Esfahbod)
- The hb-shape and hb-view tools now default to using HarfBuzz’s own font
loading functions (ot) instead of FreeType ones (ft). They also have a new
option, --font-slant, to apply synthetic slant to the font. (Behdad Esfahbod)
- HarfBuzz now supports more than 65535 (the OpenType limit) glyph shapes and
metrics. See https://github.com/be-fonts/boring-expansion-spec/issues/6 and
https://github.com/be-fonts/boring-expansion-spec/issues/7 for details.
(Behdad Esfahbod)
- New API to get the dominant horizontal baseline tag for a given script.
(Behdad Esfahbod)
- New API to get the baseline positions from the font, and synthesize missing
ones. As well as new API to get font metrics and synthesize missing ones.
(Matthias Clasen)
- Improvements to finding dependencies on Windows when building with Visual
Studio. (Chun-wei Fan)
- New buffer flag, HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT, that must be set
during shaping for HB_GLYPH_FLAG_UNSAFE_TO_CONCAT flag to be reliably
produced. This is to limit the performance hit of producing this flag to when
it is actually needed. (Behdad Esfahbod)
- Documentation improvements. (Matthias Clasen)
- New API
- General:
+HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT
+hb_var_num_t
- Draw:
+hb_draw_funcs_t
+hb_draw_funcs_create()
+hb_draw_funcs_reference()
+hb_draw_funcs_destroy()
+hb_draw_funcs_is_immutable()
+hb_draw_funcs_make_immutable()
+hb_draw_move_to_func_t
+hb_draw_funcs_set_move_to_func()
+hb_draw_line_to_func_t
+hb_draw_funcs_set_line_to_func()
+hb_draw_quadratic_to_func_t
+hb_draw_funcs_set_quadratic_to_func()
+hb_draw_cubic_to_func_t
+hb_draw_funcs_set_cubic_to_func()
+hb_draw_close_path_func_t
+hb_draw_funcs_set_close_path_func()
+hb_draw_state_t
+HB_DRAW_STATE_DEFAULT
+hb_draw_move_to()
+hb_draw_line_to()
+hb_draw_quadratic_to()
+hb_draw_cubic_to()
+hb_draw_close_path()
+hb_font_get_glyph_shape_func_t
+hb_font_funcs_set_glyph_shape_func()
+hb_font_get_glyph_shape()
- OpenType layout
+HB_OT_LAYOUT_BASELINE_TAG_IDEO_FACE_CENTRAL
+HB_OT_LAYOUT_BASELINE_TAG_IDEO_EMBOX_CENTRAL
+hb_ot_layout_get_horizontal_baseline_tag_for_script()
+hb_ot_layout_get_baseline_with_fallback()
- Metrics:
+hb_ot_metrics_get_position_with_fallback()
- Subset:
+hb_subset_plan_t
+hb_subset_plan_create_or_fail()
+hb_subset_plan_reference()
+hb_subset_plan_destroy()
+hb_subset_plan_set_user_data()
+hb_subset_plan_get_user_data()
+hb_subset_plan_execute_or_fail()
+hb_subset_plan_unicode_to_old_glyph_mapping()
+hb_subset_plan_new_to_old_glyph_mapping()
+hb_subset_plan_old_to_new_glyph_mapping()
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 5d18c0a5704ae55ae1eab6734574b9c8b3678235
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 14:15:04 2022 +0000
Core Update 168: Ship poppler
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c35d3ac6a1569c1a3b7aae4981396ed6faed8f9f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 5 15:48:00 2022 +0200
poppler: Update to version 22.04.0
- Update from 22.02.0 to 22.04.0
- Update of rootfile
- Changelog
Release 22.04.0:
core:
* Fix underline sometimes being drawn only partially
* Fix Adobe Reader not reading some of the contents we write correctly
* Fix code that workarounds some broken-ish files
* FoFiTrueType: Parse CFF2 fonts too
* FoFiTrueType: Support cmap types 2 and 13
* Fix a few small memory leaks
* code improvements
qt:
* Handle SaveAs named action
* Annotations: don't change the text color when changing the font
utils:
* pdftotext: print creation and modification date when using htmlmeta param
glib:
* Fix returning internal data of temporary strings
cpp:
* Fix code incompatibility with MSVC
build system:
* poppler internal library is no longer forced to static on MSVC
* Error out if iconv is not available and the cpp frontend is enabled
* Require FreeType 2.8
Release 22.03.0:
core:
* Signature: Fix finding Signatures that are in Pages not not in the global the Forms object
* Signature: Improve getting the path to the firefox certificate database
* Splash: Fix rendering of some joints. Issue #1212
* Fix get_poppler_localdir for relocatable Windows builds
* Minor code improvements
qt:
* Minor code improvements
utils:
* pdfimages: Fix the wrong Stream being passed for drawMaskedImage
build system:
* Small code improvements
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit df326d08fe914dcffa5779f59ed34c247a279282
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 14:07:52 2022 +0000
Core Update 168: Ship fribidi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a21c2a4cc4cd48f31fb9396065cedb0802994038
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 23 13:17:16 2022 +0200
fribidi: Update to version 1.0.12
- Update from 1.0.11 to 1.0.12
- Update of rootfile not required
- Changelog
Overview of changes between 1.0.11 and 1.0.12
* Various fuzzing fixes.
- Looking at the details in the commits it looks like fribidi's use of the word fuzzing
fixes basically means bug fixes. Included are fixes for a segmentation violation and a
stack buffer overflow
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b0aa87ac73a1d92579b2659020b8b3e8c915226d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 14:07:19 2022 +0000
Core Update 168: Ship pciutils
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ffe6661c0b892eb9387a8d0d6059f560db919e84
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Apr 23 23:25:58 2022 +0200
pciutils: Update to version 3.8.0
- Update from 3.7.0 to 3.8.0
- Update of rootfile
- Changelog
* Released as 3.8.0.
* Filters can now match devices based on partially specified
class code and also on the programming interface.
* Reporting of link speeds, power limits, and virtual function tags
has been updated to the current PCIe specification.
* We decode the Data Object Exchange capability.
* Bus mapping mode works in non-zero domains.
* pci_fill_info() can fetch more fields: bridge bases, programming
interface, revision, subsystem vendor and device ID, OS driver,
and also parent bridge. Internally, the implementation was rewritten,
significantly reducing the number of corner cases to be handled.
* The Windows port was revived and greatly improved by Pali Rohár.
It requires less magic to compile. More importantly, it runs on both
old and recent Windows systems (see README.Windows for details).
* Added a new Windows back-end using the cfgmgr32 interface.
It does not provide direct access to the configuration space,
but basic information about the device is reported via pci_fill_info().
For back-ends of this type, we now provide an emulated read-only
config space.
* If the configuration space is not readable for some reason
(e.g., the cfgmgr32 back-end, but also badly implemented sleep mode
of some devices), lspci prints only information provided by the OS.
* The Hurd back-end was greatly improved thanks to Joan Lledó.
* Various minor bug fixes and improvements.
* We officially require a working C99 compiler. Sorry, MSVC.
* As usually, updated pci.ids to the current snapshot of the database.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 87dcb206d025556d9c939fd7f003ad75ff93b61f
Merge: a6d1108e7 bad8659d8
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 24 10:27:59 2022 +0000
Merge branch 'temp-c168-development' into next
commit bad8659d80520b2cdbd043efa0b5b15d8580c2c5
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 19:36:57 2022 +0000
Do not mark CGI files as executable, second round
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c04309ef012b19e3bdc98384cad28af407cc62ac
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 19:35:37 2022 +0000
Do not mark CGI files as executable
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2420f4775b77f4692cfc1625c2d7318fb5e1876f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 14:35:19 2022 +0000
Core Update 168: Ship WebIF-related changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c13060fd4cda278ea79dd8d547291dbbc31840c1
Author: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Date: Wed Apr 20 15:32:34 2022 +0200
menu: Fix warnings, clean code
This patch adds default values and removes a missing translation
to fix "uninitialized value" and "odd number of elements" warnings.
Removes function calls from functions.pl that have already been
handled by the header before it is loaded by eval().
Signed-off-by: Leo-Andres Hofmann <hofmann(a)leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
commit a04b39daa75022e5e6e12da32398bee71b73b150
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 14:32:00 2022 +0000
Core Update 168: Ship efibootmgr on x86_64 and aarch64
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 28894b78260b8194ff1df4ef0700c5d21031a8d4
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 19:49:32 2022 +0000
efibootmgr: Update to 17
Full changelog as per https://github.com/rhboot/efibootmgr/releases/tag/17:
various CI updates
Make.defaults: fix pkg-config invocation for LDFLAGS
make_linux_load_option(): add some more efi_error() calls
Change the default partition choice.
Don't set LIBEFIBOOT_REPORT_GPT_ERRORS=1
Make it easier to build with a devel branch of efivar
efibootmgr -e: improve parsing for efivar-36 compat
Fix an invalid free()
Propogate verbosity to libefivar 36's internal logging facility
Add a bit more logging
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 2f4148ccd3cab052c39a6eb77314bd789f0abd9c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 14:29:08 2022 +0000
Core Update 168: Ship and restart OpenSSH
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7a981d94cb2c3e48ecaf07c506c8353a2c839d79
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 20:40:41 2022 +0000
SSH: do not send spoofable TCP keep alive messages
By default, both SSH server and client rely on TCP-based keep alive
messages to detect broken sessions, which can be spoofed rather easily
in order to keep a broken session opened (and vice versa).
Since we rely on SSH-based keep alive messages, which are not vulnerable
to this kind of tampering, there is no need to double-check connections
via TCP keep alive as well.
This patch thereof disables using TCP keep alive for both SSH client and
server scenario. For usability reasons, a timeout of 5 minutes (10
seconds * 30 keep alive messages = 300 seconds) will be used for both
client and server configuration, as 60 seconds were found to be too
short for unstable connectivity scenarios.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 018f80c6cd609184b72c08c1967b143a0637cc7f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 20:40:20 2022 +0000
SSH: Add sntrup761x25519-sha512(a)openssh.com key exchange to configurations
This algorithm was introduced in OpenSSH 9.0p1; also, align the
curve25519-sha256* key exchanges to keep things tidy.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7554e857eebdd6593f986b2a0b840e73db65aa19
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 20:40:00 2022 +0000
OpenSSH: Update to 9.0p1
Relevant changelog part, as retrieved from https://www.openssh.com/txt/release-9.0:
Changes since OpenSSH 8.9
=========================
This release is focused on bug fixing.
Potentially-incompatible changes
--------------------------------
This release switches scp(1) from using the legacy scp/rcp protocol
to using the SFTP protocol by default.
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.
This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug-compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.
Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expand-path(a)openssh.com" to support
this.
In case of incompatibility, the scp(1) client may be instructed to use
the legacy scp/rcp using the -O flag.
New features
------------
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("sntrup761x25519-sha512(a)openssh.com").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers and is paired with the X25519 ECDH key exchange
(the previous default) as a backstop against any weaknesses in
NTRU Prime that may be discovered in the future. The combination
ensures that the hybrid exchange offers at least as good security
as the status quo.
We are making this change now (i.e. ahead of cryptographically-
relevant quantum computers) to prevent "capture now, decrypt
later" attacks where an adversary who can record and store SSH
session ciphertext would be able to decrypt it once a sufficiently
advanced quantum computer is available.
* sftp-server(8): support the "copy-data" extension to allow server-
side copying of files/data, following the design in
draft-ietf-secsh-filexfer-extensions-00. bz2948
* sftp(1): add a "cp" command to allow the sftp client to perform
server-side file copies.
Bugfixes
--------
* ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output
fd closes without data in the channel buffer. bz3405 and bz3411
* sshd(8): pack pollfd array in server listen/accept loop. Could
cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE
* ssh-keygen(1): avoid NULL deref via the find-principals and
check-novalidate operations. bz3409 and GHPR#307 respectively.
* scp(1): fix a memory leak in argument processing. bz3404
* sshd(8): don't try to resolve ListenAddress directives in the sshd
re-exec path. They are unused after re-exec and parsing errors
(possible for example if the host's network configuration changed)
could prevent connections from being accepted.
* sshd(8): when refusing a public key authentication request from a
client for using an unapproved or unsupported signature algorithm
include the algorithm name in the log message to make debugging
easier.
Portability
-----------
* sshd(8): refactor platform-specific locked account check, fixing
an incorrect free() on platforms with both libiaf and shadow
passwords (probably only Unixware) GHPR#284,
* ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3)
parsing of K/M/G/etc quantities. bz#3401.
* sshd(8): provide killpg implementation (mostly for Tandem NonStop)
GHPR#301.
* Check for missing ftruncate prototype. GHPR#301
* sshd(8): default to not using sandbox when cross compiling. On most
systems poll(2) does not work when the number of FDs is reduced
with setrlimit, so assume it doesn't when cross compiling and we
can't run the test. bz#3398.
* sshd(8): allow ppoll_time64 in seccomp sandbox. Should fix sandbox
violations on some (at least i386 and armhf) 32bit Linux platforms.
bz#3396.
* Improve detection of -fzero-call-used-regs=all support in
configure script.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 420e8a85d0141198a04af0cb8000739c2bc4a108
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 20:53:35 2022 +0000
lynis: Update to 3.0.7
Full changelog as retrieved from https://cisofy.com/changelog/lynis/#307:
- MALW-3290 - Show status of malware components
- OS detection for RHEL 6 and Funtoo Linux
- Added service manager openrc
- DBS-1804 - Added alias for MariaDB
- FINT-4316 - Support for newer Ubuntu versions
- MALW-3280 - Added Trend Micro malware agent
- NETW-3200 - Allow unknown number of spaces in modprobe blacklists
- PKGS-7320 - Support for Garuda Linux and arch-audit
- Several improvements for busybox shell
- Russian translation of Lynis extended
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit a808de4c17fea4453817d6dde9de7a0581f3e60d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 14:27:01 2022 +0000
Core Update 168: Ship bind
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit ffa5629d06f3ee08ba49ecf6ef6c298cc98d91c4
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Apr 22 09:55:36 2022 +0200
bind: Update to 9.16.28
For details see:
https://downloads.isc.org/isc/bind9/9.16.28/doc/arm/html/notes.html#notes-for-bind-9-16-28
"Notes for BIND 9.16.28
New Features
Add a new configuration option reuseport to disable load balancing
on sockets in situations where processing of Response Policy Zones
(RPZ), Catalog Zones, or large zone transfers can cause service
disruptions. See the BIND 9 ARM for more detail. [GL #3249]
Bug Fixes
Invalid dnssec-policy definitions, where the defined keys did not
cover both KSK and ZSK roles for a given algorithm, were being
accepted. These are now checked, and the dnssec-policy is rejected
if both roles are not present for all algorithms in use. [GL #3142]
Handling of TCP write timeouts has been improved to track the
timeout for each TCP write separately, leading to a faster
connection teardown in case the other party is not reading the data.
[GL #3200]"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 701e63c222f7e09cd27c8198c02ce0279627c7d8
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 14:26:05 2022 +0000
Core Update 168: Ship libhtp and Suricata, restart the latter
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 30f306a3e28d63d63e126b709d8866cfc9b80803
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Apr 22 10:21:48 2022 +0200
suricata: Update to 5.0.9
Changelog:
"5.0.9 -- 2022-04-21
Security #4889: ftp: SEGV at flow cleanup due to protocol confusion
Security #5025: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input
Security #5028: smtp: GetLine function buffers data indefinitely if 0x0a was not found in the frag'd input
Security #5253: Infinite loop in JsonFTPLogger
Feature #4644: pthreads: set minimum stack size
Bug #4466: dataset file not written when run as user
Bug #4678: Configuration test mode succeeds when reference.config file contains invalid content
Bug #4745: Absent app-layer protocol is always enabled by default
Bug #4819: tcp: insert_data_normal_fail can hit without triggering memcap
Bug #4823: conf: quadratic complexity
Bug #4825: pppoe decoder fails when protocol identity field is only 1 byte
Bug #4827: packetpool: packets in pool may have capture method ReleasePacket callbacks set
Bug #4838: af-packet: cluster_id is not used when trying to set fanout support
Bug #4878: datasets: memory leak in 5.0.x
Bug #4887: dnp3: buffer over read in logging base64 empty objects
Bug #4891: protodetect: SMB vs TLS protocol detection in midstream
Bug #4893: TFTP: memory leak due to missing detect state
Bug #4895: Memory leak with signature using file_data and NFS
Bug #4897: profiling: Invalid performance counter when using sampling
Bug #4901: eve: memory leak related to dns
Bug #4932: smtp: smtp transaction not logged if no email is present
Bug #4955: stream: too aggressive pruning in lossy streams
Bug #4957: SMTP assertion triggered
Bug #4959: suricatasc loop if recv returns no data
Bug #4961: dns: transaction not created when z-bit set
Bug #4963: Run stream reassembly on both directions upon receiving a FIN packet
Bug #5058: dns: probing/parser can return error when it should return incomplete
Bug #5063: Not keyword matches in Kerberos requests
Bug #5096: output: timestamp missing usecs on Arm 32bit + Musl
Bug #5099: htp: server personality radix handling issue
Bug #5101: defrag: policy config can setup radix incorrectly
Bug #5103: Application log cannot to be re-opened when running as non-root user
Bug #5105: iprep: cidr support can set up radix incorrectly
Bug #5107: detect/iponly: rule parsing does not always apply netmask correctly
Bug #5109: swf: coverity warning
Bug #5115: detect/ip_proto: inconsistent behavior when specifying protocol by string
Bug #5117: detect/iponly: mixing netblocks can lead to FN/FP
Bug #5119: smb: excessive CPU utilization and higher packet processing latency due to excessive calls to Vec::extend_from_slice()
Bug #5137: smb: excessive memory use during file transfer
Bug #5150: nfs: Integer underflow in NFS
Bug #5157: xbits: noalert is allowed in rule language with other commands
Bug #5164: iprep: use_cnt can get desynchronized (SIGABRT)
Bug #5171: detect/iponly: non-cidr netmask settings can lead incorrect radix tree
Bug #5193: SSL : over allocation for certificates
Bug #5213: content:"22 2 22"; is parsed without error
Bug #5227: 5.0.x: SMB: Wrong buffer being checked for possible overflow.
Bug #5251: smb: integer underflows and overflows
Task #5006: libhtp 0.5.40"
Additionally, I moved the 'suricata' patch files into a separate directory.
Apart from some line numbers, nothing else was changed.
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit c2ead0c78ddce8e82969ceaab172d3f6bc5e84d4
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Apr 22 10:21:47 2022 +0200
libhtp: Update to 0.5.40 - needed for 'suricata'
For details see:
https://github.com/OISF/libhtp/releases/tag/0.5.40
"uri: optionally allows spaces in uri
ints: integer handling improvements
headers: continue on nul byte
headers: consistent trailing space handling
list: fix integer overflow
util: remove unused htp_utf8_decode
fix 100-continue with CL 0
lzma: don't do unnecessary realloc"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit af8c9da4e525c3d0c896398d33e8e891180fc163
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 14:24:25 2022 +0000
Core Update 168: Ship knot
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit e56de75e336c84784d46c16f715950b088080adb
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Apr 22 10:03:54 2022 +0200
knot: Update to 3.1.7
For changes since v3.1.1 see:
https://gitlab.nic.cz/knot/knot-dns/raw/v3.1.7/NEWS
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 166efe4cb5c5ccd8888ce521857b36b3169b1f5a
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Apr 22 13:32:28 2022 +0200
mc: Update to 4.8.28
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.28
Summary:
"Major changes since 4.8.27
Core
VFS
Remove SMB support (#1)
Editor
Add syntax highlighting:
Ngspice/SPICE (http://ngspice.sourceforge.net/) (#4316, #4319)
DOT/Graphviz (https://graphviz.org/doc/info/lang.html) (#4322)
Viewer
Support file/dir macros from mc.ect for standalone viewer (#4150)
Misc
Minimal version of "check" utility is 0.9.10.
Code cleanup (#4270, #4330)
Support Shift+Fn keys for KiTTY (#4325)
Filehighlight:
graphical formats: avif, jp2, jxl, heic, heif, psb, psd (#4328)
Markdown (#4351)
Fixes
FTBFS with ncurses build with --disable-widec (#4200)
There is no exit on Ubuntu PPC64 big endian (#3887)
Segfault on change panel mode (#4323)
Accelerator conflict in Left/Right? menu (#4284)
move a lot of files across filesystems is slow (#4287)
mc.ext: wrong order of rules: general matches are made before more specific ones (#4273)
mc.ext: compressed man pages are shown unformatted (#4272)
ext.d/misc.sh: invoking /bin/cat on systems that have no /bin/cat (like NixOS) (#4298)
mcedit: errors in syntax definitions (#4286)
VFS: FISH: when uploading a symbolic link, it creates both the link and its target (#4281)
VFS: SFTP: timestamps are not preserved for uploaded symlink (#4285)
VFS: EXTFS: incorrect test of isoinfo (#4326)
Typo in skin files (#3146)"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 1f326847a36c80b4c65952d06687bf6819a2d6e8
Merge: 0676b7b77 7e6efc89e
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sat Apr 23 14:23:04 2022 +0000
Merge branch 'next' into temp-c168-development
commit adce5b1c8fc21916c77d7e8a40cbed2baac1f2a2
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 22 13:31:51 2022 +0200
convert-ids-backend-files: Stop and start suricata during runtime.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 615fd78f9294b2843e396f3e70b2181d8491725d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 22 09:13:41 2022 +0200
convert-ids-backend-files: Set correct ownership for suricata used
rulefiles file.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c8adaee1958ed0c382341e08949d5cb88bd58c7e
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 22 05:47:21 2022 +0200
ruleset-sources: Remove support for PT Attack Team Detection rules.
All of a sudden this ruleset provider has dissapeared from Github.
I was not able to find any further details or web page or the ruleset
anymore.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 1febad2ad41578d3e77195929076e3cbbc28a89f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 22 05:45:56 2022 +0200
ids.cgi: Avoid doubble locking the page when forcing a ruleset update.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 07dc722f611685c6018630f927ad4b65f44988d1
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 22 05:44:23 2022 +0200
ids.cgi: Make the page lock in oinkmaster_web() function optional.
This allows to call and release the page lock manually.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit e41ee3e0f24cb89b20a758e2281531ed76577ef4
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 22 05:31:28 2022 +0200
ids-functions.pl: Avoid suricata from loading rulesfiles of an
unsupported provider.
Modify the write_used_rulefiles_file() function to skip the rulesfiles
of unsupported providers.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c62121c7e4ef9ec5688e16b04ef59e21276e1bd0
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Apr 20 20:58:04 2022 +0200
ids-functions.pl: Try to enumerate the dl_rulesfile if a provider is not
supported anymore.
In this case the details about the file suffix is not available in the
ruleset-sources file anymore. In this case now the function tries to
enumerate the correct filename.
This allows to display the correct stats in the WUI and to extract and
use the downloaded ruleset of the provider until it got deleted by the
user.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 782418e226434fbd7fbd236699a45bce328dcd6d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Apr 19 15:10:31 2022 +0200
Add missing german translation strings.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 0676b7b777e7d93d80103ca463567b89c8344841
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 21:16:03 2022 +0000
borgbackup: Add missing 'python3-pkgconfig' dependency
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9196f2a4483ca9a12485c9d511d9946ccc00a0d7
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Apr 13 19:07:57 2022 +0200
python3-pkgconfig: Install this new python module for borgbackup
- Instal the python pkgconfig module - required for borgbackup
- Install of rootfile
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 8b27f672f80f2364fd28b13466d3a555b5c076f1
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Apr 13 19:07:56 2022 +0200
borgbackup: Update to version 1.2.0
- Update from 1.1.17 to 1.2.0
- Update of rootfile
- v2 version has x86_64 replaced by xxxMACHINExxx in the rootfile
- borgbackup now requires the python module pkgconfig, installed as a set with this patch
- Changelog
Compatibility notes:
dropped support / testing for older Pythons, minimum requirement is 3.8. In
case your OS does not provide Python >= 3.8, consider using our binary,
which does not need an external Python interpreter. Or continue using
borg 1.1.x, which is still supported.
freeing repository space only happens when “borg compact” is invoked.
mount: the default for --numeric-ids is False now (same as borg extract)
borg create --noatime is deprecated. Not storing atime is the default
behaviour now (use --atime if you want to store the atime).
list: corrected mix-up of “isomtime” and “mtime” formats. Previously,
“isomtime” was the default but produced a verbose human format, while
“mtime” produced a ISO-8601-like format. The behaviours have been swapped
(so “mtime” is human, “isomtime” is ISO-like), and the default is now
“mtime”. “isomtime” is now a real ISO-8601 format (“T” between date and
time, not a space).
create/recreate --list: file status for all files used to get announced
AFTER the file (with borg < 1.2). Now, file status is announced BEFORE the
file contents are processed. If the file status changes later (e.g. due to
an error or a content change), the updated/final file status will be
printed again.
removed deprecated-since-long stuff (deprecated since):
command “borg change-passphrase” (2017-02), use “borg key …”
option “--keep-tag-files” (2017-01), use “--keep-exclude-tags”
option “--list-format” (2017-10), use “--format”
option “--ignore-inode” (2017-09), use “--files-cache” w/o “inode”
option “--no-files-cache” (2017-09), use “--files-cache=disabled”
removed BORG_HOSTNAME_IS_UNIQUE env var. to use borg you must implement one
of these 2 scenarios:
the combination of FQDN and result of uuid.getnode() must be unique
and stable (this should be the case for almost everybody, except
when having duplicate FQDN and MAC address or all-zero MAC address)
if you are aware that 1) is not the case for you, you must set
BORG_HOST_ID env var to something unique.
exit with 128 + signal number, #5161. if you have scripts expecting rc == 2
for a signal exit, you need to update them to check for >= 128.
Fixes:
diff: reduce memory consumption, fix is_hardlink_master, #6295
compact: fix / improve freeable / freed space log output
derive really freed space from quota use before/after, #5679
do not say “freeable”, but “maybe freeable” (based on hint, unsure)
fix race conditions in internal SaveFile function, #6306 #6028
implement internal safe_unlink (was: truncate_and_unlink) function more
safely: usually it does not truncate any more, only under “disk full”
circumstances and only if there is only one hardlink. see:
https://github.com/borgbackup/borg/discussions/6286
Other changes:
info: use a pre12-meta cache to accelerate stats for borg < 1.2 archives.
the first time borg info is invoked on a borg 1.1 repo, it can take a
rather long time computing and caching some stats values for 1.1 archives,
which borg 1.2 archives have in their archive metadata structure. be
patient, esp. if you have lots of old archives. following invocations are
much faster due to the cache. related change: add archive name to
calc_stats progress display.
docs:
add borg 1.2 upgrade notes, #6217
link to borg placeholders and borg patterns help
init: explain the encryption modes better
clarify usage of patternfile roots
put import-tar docs into same file as export-tar docs
explain the difference between a path that ends with or without a slash,
#6297
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 0312f9294255755d4a94dcf3fd4b455e25e0324c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 21:13:09 2022 +0000
wio: Bump package version
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit aee369fea30e210bf1088e88116610f8ce970a4b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Apr 13 10:00:20 2022 +0200
wio.cgi: Remove code lines that are commented out
- These lines were introduced with another patch related to removing IPFire start/stop
capability from wio
- The lines were introduced in commented out form and so are doing nothing.
- It looks like they were added as part of a debugging or investigation work on wio
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
commit 12fbbc61e568b208f007df3b02c28b0bb6fe14e7
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Apr 13 10:00:19 2022 +0200
wio.pl: Fix bug 12799 - Remove code scanning for all potential IP's on RED interface
- The lines to scan the red interface were introduced at the time of a patch to remove
the IPFire start/stop function from wio. These lines are not related to that change
but were included in the patch with no commit message. The same lines were also added
into wio.cgi in the same patch set but in that case the lines were all commented out.
- These lines look like they were most likely added to the code for investigation or
debugging purposes. Looking at the lines in wio.pl the results obtained are not
used elsewhere in wio for obtaining info on the status of the red interface. Deleting
the lines did not affect anything related to the scanning, setup or monitoring of
systems by wio.
- The lines were wasting space but generally not creating a huge impact on pertformance.
On my production system it scans my red and comes up with a list of 1022 IP's because
of the subnet my ISP uses - xxx.yy.216.0/20
- Scanning those 1022 IP's and sorting them takes my system about 3 seconds. Without
sorting it is around the same level.
- In Bug#12799 the originator has an ISP that is using a private network that has a
defined subnet of 10.0.0.0/8 This is 16,777,214 IP's to be scanned. Even without sorting
my system would end up taking around 13 hours to do that. The bug originator found that
on certain machines that he had IPFire on wio just never stopped scanning.
- As these lines just seem to collect a large amount of IP's on red that are not related
to the actual running red IP, as there was no commit message related to their
introduction and as removing the lines on vm's running dhcp and static red interfaces
and also on my running production system for 4 weeks has shown no impact on the
monitoring capability this patch is being submitted to remove these lines from wio
Fixes: Bug#12799
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
commit 2e68dcd6eb10cccda976d2dfe1f8204cb066eecb
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 12 12:35:40 2022 +0200
tshark: Update to version 3.6.3
- Update from 3.4.7 to 3.6.3
- Update of rootfile
- find-dependencies run due to sobump - nothing reported
- Changelog - a range of changes including many bug fixes and several vulnerabilities
Wireshark 3.6.3 Release Notes
Bug Fixes
• Fuzz job crash output: fuzz-2022-01-19-7399.pcap Issue 17894[1].
• TLS dissector incorrectly reports JA3 values Issue 17942[2].
• "Wiki Protocol page" in packet details menu is broken - wiki
pages not migrated to GitLab? Issue 17944[3].
• Dissector bug, protocol PFCP display Flow Description IE value
error in Additional Flow Description of PFD Management Request
Message Issue 17951[4].
• Bluetooth: Fails to open Log file for SCO connection Issue
17964[5].
• Fuzz job crash output: fuzz-2022-03-07-10896.pcap Issue 17984[6].
• libwiretap: Save as ERF causes segmentation fault Issue 17989[7].
• HTTP server returning multiple early hints shows too many
responses in "Follow HTTP Stream" Issue 18006[8].
New and Updated Features
Updated Protocol Support
CSN.1, HTTP, IEEE 802.11, NTLM SSP, PFCP, PKTLOG, SSDP, TLS, and USB
HID
New and Updated Capture File Support
pcap and pcapng
Wireshark 3.6.2 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2022-01[1] RTMPT dissector infinite loop. Issue
17813[2].
• wnpa-sec-2022-02[3] Large loops in multiple dissectors. Issue
17829[4], Issue 17842[5], Issue 17847[6], Issue 17855[7], Issue
17891[8], Issue 17925[9], Issue 17926[10], Issue 17931[11], Issue
17932[12], Issue 17933[13].
• wnpa-sec-2022-03[14] PVFS dissector crash. Issue 17840[15].
• wnpa-sec-2022-04[16] CSN.1 dissector crash. Issue 17882[17].
• wnpa-sec-2022-05[18] CMS dissector crash. Issue 17935[19].
The following bugs have been fixed:
• Support for GSM SMS TPDU in HTTP2 body Issue 17784[20].
• Wireshark 3.6.1 broke the ABI by removing ws_log_default_writer
from libwsutil Issue 17822[21].
• Fedora RPM package build failing with RPATH of /usr/local/lib64
Issue 17830[22].
• macos-setup.sh: ftp.pcre.org no longer exists Issue 17834[23].
• nmap.org/npcap → npcap.com: domain/URL change Issue 17838[24].
• MPLS ECHO FEC stack change TLV not dissected correctly Issue
17868[25].
• Attempting to open a systemd journal export file segfaults Issue
17875[26].
• Dissector bug on 802.11ac packets Issue 17878[27].
• The Info column shows only one NGAP/S1AP packet of several
packets inside an SCTP packet Issue 17886[28].
• Uninstalling Wireshark 3.6.1 on Windows 10 fails to remove the
installation directory because it doesn’t remove the User’s Guide
subdirectory and all its contents. Issue 17898[29].
• 3.6 doesn’t build without zlib Issue 17899[30].
• SIP Statistics no longer properly reporting method type
accounting Issue 17904[31].
• Fuzz job crash output: fuzz-2022-01-26-6940.pcap Issue 17909[32].
• SCTP retransmission detection broken for the first data chunk of
each association with relative TSN Issue 17917[33].
• “Show In Folder” doesn’t work correctly for filenames with spaces
Issue 17927[34].
New and Updated Features
Updated Protocol Support
AMP, ASN.1 PER, ATN-ULCS, BGP, BP, CFLOW, CMS, CSN.1, GDSDB, GSM RP,
GTP, HTTP3, IEEE 802.11 Radiotap, IPDC, ISAKMP, Kafka, MP2T, MPEG
PES, MPEG SECT, MPLS ECHO, NGAP, NTLMSSP, OpenFlow 1.4, OpenFlow 1.5,
P_MUL, PN-RT, PROXY, PTP, PVFS, RSL, RTMPT, rtnetlink, S1AP, SCTP,
Signal PDU, SIP, TDS, USB, WAP, and ZigBee ZCL
New and Updated Capture File Support
BLF and libpcap
Wireshark 3.6.1 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-17[1] RTMPT dissector infinite loop. Issue
17745[2]. CVE-2021-4185[3].
• wnpa-sec-2021-18[4] BitTorrent DHT dissector infinite loop. Issue
17754[5]. CVE-2021-4184[6].
• wnpa-sec-2021-19[7] pcapng file parser crash. Issue 17755[8].
CVE-2021-4183[9].
• wnpa-sec-2021-20[10] RFC 7468 file parser infinite loop. Issue
17801[11]. CVE-2021-4182[12].
• wnpa-sec-2021-21[13] Sysdig Event dissector crash.
CVE-2021-4181[14].
• wnpa-sec-2021-22[15] Kafka dissector infinite loop. Issue
17811[16].
The following bugs have been fixed:
• Allow sub-second timestamps in hexdumps Issue 15562[17].
• GRPC: An unnecessary empty Protobuf tree item is displayed if the
GRPC message body length is 0 Issue 17675[18].
• Can’t install "ChmodBPF.pkg" or "Add Wireshark to the system
path.pkg" on M1 MacBook Air Monterey without Rosetta 2 Issue
17757[19].
• TECMP: LIN Payload is cut off by 1 byte Issue 17760[20].
• Wireshark crashes if a 64 bit field of type BASE_CUSTOM is
applied as a column Issue 17762[21].
• Command line option "-o console.log.level" causes wireshark and
tshark to exit on start Issue 17763[22].
• Setting WIRESHARK_LOG_LEVEL=debug breaks interface capture Issue
17764[23].
• Unable to build without tshark Issue 17766[24].
• IEEE 802.11 action frames are not getting parsed and always seen
as malformed Issue 17767[25].
• IEC 60870-5-101 link address field is 1 byte, but should have
configurable length of 0,1 or 2 bytes Issue 17775[26].
• dfilter: 'tcp.port not in {1}' crashes Wireshark Issue 17785[27].
New and Updated Features
• The 'console.log.level' preference was removed in Wireshark
3.6.0. This release adds an '-o console.log.level:'
backward-compatibilty option on the CLI that maps to the new
logging sub-system. Note that this does not have bitmask
semantics and does not correspond to any actual preference. It is
just a transition mechanism for users that were relying on this
CLI option and will be removed in the future. To see the new
diagnostic output options consult the manpages or the output of
'--help'.
Updated Protocol Support
ANSI A I/F, AT, BitTorrent DHT, FF, GRPC, IEC 101/104, IEEE 802.11,
IEEE 802.11 Radiotap, IPsec, Kafka, QUIC, RTMPT, RTSP, SRVLOC, Sysdig
Event, and TECMP
New and Updated Capture File Support
BLF and RFC 7468
Wireshark 3.6.0 Release Notes
Many improvements have been made. See the “New and Updated Features”
section below for more details. You might want to pay particular
attention to the display filter syntax updates.
New and Updated Features
The following features are new (or have been significantly updated)
since version 3.6.0rc3:
• The macOS Intel packages now ship with Qt 5.15.3 and require
macOS 10.13 or later.
The following features are new (or have been significantly updated)
since version 3.6.0rc2:
• Display filter set elements must now be comma-separated. See
below for more details.
The following features are new (or have been significantly updated)
since version 3.6.0rc1:
• The display filter expression “a != b” now has the same meaning
as “!(a == b)”.
The following features are new (or have been significantly updated)
since version 3.5.0:
• Nothing of note.
The following features are new (or have been significantly updated)
since version 3.4.0:
• Several changes have been made to the display filter syntax:
• The expression “a != b” now always has the same meaning as
“!(a == b)”. In particular this means filter expressions with
multi-value fields like “ip.addr != 1.1.1.1” will work as
expected (the result is the same as typing “ip.src != 1.1.1.1 and
ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a
!= b) being true.
• It is possible to use the syntax “a ~= b” or “a any_ne b” to
recover the previous (inconsistent with "==") logic for not
equal.
• Literal strings can now be specified using raw string syntax,
identical to raw strings in the Python programming language. This
can be used to avoid the complexity of using two levels of
character escapes with regular expressions.
• Set elements must now be separated using a comma. A filter
such as http.request.method in {"GET" "HEAD"} must be written as
… in {"GET", "HEAD"}. Whitespace is not significant. The
previous use of whitespace as separator is deprecated and will be
removed in a future version.
• Support for the syntax "a not in b" with the same meaning as
"not a in b" has been added.
• Packaging updates:
• A macOS Arm 64 (Apple Silicon) package is now available.
• The macOS Intel packages now ship with Qt 5.15.3 and require
macOS 10.13 or later.
• The Windows installers now ship with Npcap 1.55.
• A 64-bit Windows PortableApps package is now available.
• TCP conversations now support a completeness criteria, which
facilitates the identification of TCP streams having any of
opening or closing handshakes, a payload, in any combination. It
can be accessed with the new tcp.completeness filter.
• Protobuf fields that are not serialized on the wire or otherwise
missing in capture files can now be displayed with default values
by setting the new “add_default_value” preference. The default
values might be explicitly declared in “proto2” files, or false
for bools, first value for enums, zero for numeric types.
• Wireshark now supports reading Event Tracing for Windows (ETW). A
new extcap named ETW reader is created that now can open an etl
file, convert all events in the file to DLT_ETW packets and write
to a specified FIFO destination. Also, a new packet_etw dissector
is created to dissect DLT_ETW packets so Wireshark can display
the DLT_ETW packet header, its message and packet_etw dissector
calls packet_mbim sub_dissector if its provider matches the MBIM
provider GUID.
• “Follow DCCP stream” feature to filter for and extract the
contents of DCCP streams.
• Wireshark now supports dissecting RTP packets with OPUS payloads.
• Importing captures from text files based on regular expressions
is now possible. By specifying a regex capturing a single packet
including capturing groups for relevant fields a textfile can be
converted to a libpcap capture file. Supported data encodings are
plain-hexadecimal, -octal, -binary and base64. Also the timestamp
format now allows the second-fractions to be placed anywhere in
the timestamp and it will be stored with nanosecond instead of
microsecond precision.
• The RTP Player has been significatnly redesigned and improved.
See Playing VoIP Calls[1] and RTP Player Window[2] in the User’s
Guide for more details.
• The RTP Player can play many streams in row.
• The UI is more responsive.
• The RTP Player maintains playlist and other tools can add and
remove streams to and from it.
• Every stream can be muted or routed to the left or right
channel for replay.
• The option to save audio has been moved from the RTP Analysis
dialog to the RTP Player. The RTP Player also saves what was
played, and it can save in multichannel .au or .wav.
• The RTP Player is now accessible from the Telephony › RTP ›
RTP Player menu.
• The VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP
Player, SIP Flows) are non-modal and can stay opened on
background.
• The same tools are provided across all dialogs (Prepare
Filter, Analyse, RTP Player …)
• The “Follow Stream” dialog is now able to follow SIP calls based
on their Call-ID value.
• The “Follow Stream” dialog’s YAML output format has been updated
to add timestamps and peers information For more details see
Following Protocol Streams[3] in the User’s Guide.
• IP fragments between public IPv4 addresses are now reassembled
even if they have different VLAN IDs. Reassembly of IP fragments
where one endpoint is a private (RFC 1918 section 3) or
link-local (RFC 3927) IPv4 address continues to take the VLAN ID
into account, as those addresses can be reused. To revert to the
previous behavior and not reassemble fragments with different
VLAN IDs, turn on the “Enable stricter conversation tracking
heuristics” top level protocol preference.
• USB Link Layer reassembly has been added, which allows hardware
captures to be analyzed at the same level as software captures.
• TShark can now export TLS session keys with the
--export-tls-session-keys option.
• Wireshark participated in the Google Season of Docs 2020 and the
User’s Guide has been extensively updated.
• The “RTP Stream Analysis” dialog CSV export format was slightly
changed. The first line of the export contains column titles as
in other CSV exports.
• Wireshark now supports the Turkish language.
• The settings in the “Import from Hex Dump” dialog is now stored
in a profile import_hexdump.json file.
• Analyze › Reload Lua Plugins has been improved to properly
support FileHandler.
• The “RTP Stream Analysis” and “IAX2 Stream Analysis” dialogs now
show correct calculation mean jitter calculations.
• RTP streams are now created based on Skinny protocol messages in
addition to other types of messages.
• The “VoIP Calls Flow Sequence” window shows more information
about various Skinny messages.
• Initial support for building Wireshark on Windows using GCC and
MinGW-w64 has been added. See README.msys2 in the sources for
more information.
New File Format Decoding Support
Vector Informatik Binary Log File (BLF)
New Protocol Support
5G Lawful Interception (5GLI), Bluetooth Link Manager Protocol (BT
LMP), Bundle Protocol version 7 (BPv7), Bundle Protocol version 7
Security (BPSec), CBOR Object Signing and Encryption (COSE), E2
Application Protocol (E2AP), Event Tracing for Windows (ETW), EXtreme
extra Eth Header (EXEH), High-Performance Connectivity Tracer
(HiPerConTracer), ISO 10681, Kerberos SPAKE, Linux psample protocol,
Local Interconnect Network (LIN), Microsoft Task Scheduler Service,
O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus Interactive Audio
Codec (OPUS), PDU Transport Protocol, R09.x (R09), RDP Dynamic
Channel Protocol (DRDYNVC), RDP Graphic pipeline channel Protocol
(EGFX), RDP Multi-transport (RDPMT), Real-Time Publish-Subscribe
Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire
Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC),
Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP),
Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, UAVCAN
DSDL, UAVCAN/CAN, UDP Remote Desktop Protocol (RDPUDP), Van Jacobson
PPP compression (VJC), World of Warcraft World (WOWW), and X2 xIRI
payload (xIRI)
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
Vector Informatik Binary Log File (BLF)
Wireshark 3.4.9 Release Notes
Bug Fixes
• TShark PDML output embeds "proto" elements within other "proto"
elements Issue 10588[1].
• Filter expressions comparing against single-octet hex strings
where the hex digit string equals a protocol name don’t work
Issue 12810[2].
• AMQP 0.9: dissector fails to handle Content-Body frame split
across TCP packets Issue 14217[3].
• IEEE 802.15.4: Missing check on "PAN ID Present" bit of the
Multipurpose Frame Control field Issue 17496[4].
• Wireshark ignored some character in filename when exporting SMB
objects. Issue 17530[5].
• tshark -z credentials: assertion failed: (allocator→in_scope)
Issue 17576[6].
• IS-IS Extended IP Reachability Prefix-SID not decoded properly
Issue 17610[7].
• Error when reloading lua plugins with a capture file loaded via a
custom lua file handler Issue 17615[8].
• Absolute time UTC field filters are constructed incorrectly,
don’t match the packet Issue 17617[9].
• GUI freezes when clicking on large (non-capture) file in File
chooser Issue 17620[10].
• Crash after selecting a different profile while capturing Issue
17622[11].
• BT-DHT reports malformed packets that are actually uTP on same
connection Issue 17626[12].
Updated Protocol Support
AMQP, Aruba IAP, BGP, BT-DHT, CoAP, DCERPC SPOOLSS, Diameter, EPL,
GSM A-bis OML, GSM A-I/F COMMON, GSM SIM, IEEE 1905.1a, IEEE
802.15.4, IMAP, InfiniBand, ISIS LSP, ISObus VT, JPEG, MP2T,
NORDIC_BLE, QUIC, RTCP, SDP, SMB, TWAMP-Control, USB HID, and VSS
Monitoring
New and Updated Capture File Support
CAM Inspector, Ixia IxVeriWave, pcapng, and USBDump
Wireshark 3.4.8 Release Notes
Bug Fixes
• Dissector bug reported for Bluetooth Cycling Power Measurement
characteristic for extreme angles value Issue 17505[1].
• vcruntime140_1.dll deleted on Wireshark update/install Issue
17506[2].
• Raknet Addresses are incorrectly identified. Issue 17509[3].
• Editcap saving files as ethernet when specifying '-T
ieee-802-11-*' Issue 17520[4].
• CoAP dissector confuses Content-Format with Accept Issue
17536[5].
Updated Protocol Support
BT ATT, BT LE LL, CoAP, DLM3, GSM SIM, iLBC, and RakNet
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit bdd2566f7bbda478769006871c6f515fc6230940
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:20 2022 +0200
python3-urllib3: Update to version 1.26.9
- Update from 1.26.7 to 1.26.9
- Update of rootfile
- Changelog
1.26.9 (2022-03-16)
* Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still
receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``.
This change does not impact behavior of urllib3, only which dependencies are installed.
* Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception.
* Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool``
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.
1.26.8 (2022-01-07)
* Added extra message to ``urllib3.exceptions.ProxyError`` when urllib3 detects that
a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
* Added a mention of the size of the connection pool when discarding a connection due to the pool being full.
* Added explicit support for Python 3.11.
* Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of ``Retry.DEFAULT_MAX_BACKOFF``
to better match the rest of the default parameter names. ``Retry.MAX_BACKOFF`` is removed in v2.0.
* Changed location of the vendored ``ssl.match_hostname`` function from ``urllib3.packages.ssl_match_hostname``
to ``urllib3.util.ssl_match_hostname`` to ensure Python 3.10+ compatibility after being repackaged
by downstream distributors.
* Fixed absolute imports, all imports are now relative.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 76227aaf7181296f58969a00b91ad2c80d800cfa
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:19 2022 +0200
python3-typing-extensions: Update to version 4.1.1
- Update from 4.0.1 to 4.1.1
- Update of rootfile
- Changelog
# Release 4.1.1 (February 13, 2022)
- Fix importing `typing_extensions` on Python 3.7.0 and 3.7.1. Original
patch by Nikita Sobolev (@sobolevn).
# Release 4.1.0 (February 12, 2022)
- Runtime support for PEP 646, adding `typing_extensions.TypeVarTuple`
and `typing_extensions.Unpack`.
- Add interaction of `Required` and `NotRequired` with `__required_keys__`,
`__optional_keys__` and `get_type_hints()`. Patch by David Cabot (@d-k-bo).
- Runtime support for PEP 675 and `typing_extensions.LiteralString`.
- Add `Never` and `assert_never`. Backport from bpo-46475.
- `ParamSpec` args and kwargs are now equal to themselves. Backport from
bpo-46676. Patch by Gregory Beauregard (@GBeauregard).
- Add `reveal_type`. Backport from bpo-46414.
- Runtime support for PEP 681 and `typing_extensions.dataclass_transform`.
- `Annotated` can now wrap `ClassVar` and `Final`. Backport from
bpo-46491. Patch by Gregory Beauregard (@GBeauregard).
- Add missed `Required` and `NotRequired` to `__all__`. Patch by
Yuri Karabas (@uriyyo).
- The `@final` decorator now sets the `__final__` attribute on the
decorated object to allow runtime introspection. Backport from
bpo-46342.
- Add `is_typeddict`. Patch by Chris Moradi (@chrismoradi) and James
Hilton-Balfe (@Gobot1234).
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit f9563f97c63e0c5c4249cea00ddeb82f5e2450f4
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:18 2022 +0200
python3-tomli: Update to version 2.0.1
- Update from 2.0.0 to 2.0.1
- Update of rootfile
- Changelog
2.0.1
Improve
Make bundling easier by using relative imports internally and adding
license and copyright notice to source files.
Make error messages more uniform
Raise a friendly TypeError for wrong file mode
Allow parse_float to return objects having the append attr
Eagerly raise an error if parse_float returns an illegal type
Packaging
Move from pytest testing framework to unittest and remove python-dateutil
test dependency. Tests now only require Python interpreter.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 75363dc20ffbb2aa17518b757eec2a4e09f9be65
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:17 2022 +0200
python3-setuptools: Update to version 62.0.0
- Update from 59.5.0 to 62.0.0
- Update of rootfile
- Changelog
v62.0.0
Breaking Changes
* #3151: Made ``setup.py develop --user`` install to the user site packages directory even if it is disabled in the current interpreter.
Changes
* #3153: When resolving requirements use both canonical and normalized names -- by :user:`ldaniluk`
* #3167: Honor unix file mode in ZipFile when installing wheel via ``install_as_egg`` -- by :user:`delijati`
Misc
* #3088: Fixed duplicated tag with the ``dist-info`` command.
* #3247: Fixed problem preventing ``readme`` specified as dynamic in ``pyproject.toml``
from being dynamically specified in ``setup.py``.
v61.3.1
Misc
* #3233: Included missing test file ``setupcfg_examples.txt`` in ``sdist``.
* #3233: Added script that allows developers to download ``setupcfg_examples.txt`` prior to
running tests. By caching these files it should be possible to run the test suite
offline.
v61.3.0
Changes
* #3229: Disabled automatic download of ``trove-classifiers`` to facilitate reproducibility.
Misc
* #3229: Updated ``pyproject.toml`` validation via ``validate-pyproject`` v0.7.1.
* #3229: New internal tool made available for updating the code responsible for
the validation of ``pyproject.toml``.
This tool can be executed via ``tox -e generate-validation-code``.
v61.2.0
Changes
* #3215: Ignored a subgroup of invalid ``pyproject.toml`` files that use the ``[project]``
table to specify only ``requires-python`` (**transitional**).
.. warning::
Please note that future releases of setuptools will halt the build process
if a ``pyproject.toml`` file that does not match doc:`the PyPA Specification
<PyPUG:specifications/declaring-project-metadata>` is given.
* #3215: Updated ``pyproject.toml`` validation, as generated by ``validate-pyproject==0.6.1``.
* #3218: Prevented builds from erroring if the project specifies metadata via
``pyproject.toml``, but uses other files (e.g. ``setup.py``) to complement it,
without setting ``dynamic`` properly.
.. important::
This is a **transitional** behaviour.
Future releases of ``setuptools`` may simply ignore externally set metadata
not backed by ``dynamic`` or even halt the build with an error.
* #3224: Merge changes from pypa/distutils(a)e1d5c9b1f6
Documentation changes
* #3217: Fixed typo in ``pyproject.toml`` example in Quickstart -- by :user:`pablo-cardenas`.
Misc
* #3223: Fixed missing requirements with environment markers when
``optional-dependencies`` is set in ``pyproject.toml``.
v61.1.1
Misc
* #3212: Fixed missing dependencies when running ``setup.py install``.
Note that calling ``setup.py install`` directly is still deprecated and
will be removed in future versions of ``setuptools``.
Please check the release notes for :ref:`setup_install_deprecation_note`.
v61.1.0
Deprecations
* #3206: Changed ``setuptools.convert_path`` to an internal function that is not exposed
as part of setuptools API.
Future releases of ``setuptools`` are likely to remove this function.
Changes
* #3202: Changed behaviour of auto-discovery to not explicitly expand ``package_dir``
for flat-layouts and to not use relative paths starting with ``./``.
* #3203: Prevented ``pyproject.toml`` parsing from overwriting
``dist.include_package_data`` explicitly set in ``setup.py`` with default
value.
* #3208: Added a warning for non existing files listed with the ``file`` directive in
``setup.cfg`` and ``pyproject.toml``.
* #3208: Added a default value for dynamic ``classifiers`` in ``pyproject.toml`` when
files are missing and errors being ignored.
* #3211: Disabled auto-discovery when distribution class has a ``configuration``
attribute (e.g. when the ``setup.py`` script contains ``setup(...,
configuration=...)``). This is done to ensure extension-only packages created
with ``numpy.distutils.misc_util.Configuration`` are not broken by the safe
guard
behaviour to avoid accidental multiple top-level packages in a flat-layout.
.. note::
Users that don't set ``packages``, ``py_modules``, or ``configuration`` are
still likely to observe the auto-discovery behavior, which may halt the
build if the project contains multiple directories and/or multiple Python
files directly under the project root.
To disable auto-discovery please explicitly set either ``packages`` or
``py_modules``. Alternatively you can also configure :ref:`custom-discovery`.
v61.0.0
Deprecations
* #3068: Deprecated ``setuptools.config.read_configuration``,
``setuptools.config.parse_configuration`` and other functions or classes
from ``setuptools.config``.
Users that still need to parse and process configuration from ``setup.cfg`` can
import a direct replacement from ``setuptools.config.setupcfg``, however this
module is transitional and might be removed in the future
(the ``setup.cfg`` configuration format itself is likely to be deprecated in the future).
Breaking Changes
* #2894: If you purposefully want to create an *"empty distribution"*, please be aware
that some Python files (or general folders) might be automatically detected and
included.
Projects that currently don't specify both ``packages`` and ``py_modules`` in their
configuration and contain extra folders or Python files (not meant for distribution),
might see these files being included in the wheel archive or even experience
the build to fail.
You can check details about the automatic discovery (and how to configure a
different behaviour) in :doc:`/userguide/package_discovery`.
* #3067: If the file ``pyproject.toml`` exists and it includes project
metadata/config (via ``[project]`` table or ``[tool.setuptools]``),
a series of new behaviors that are not backward compatible may take place:
- The default value of ``include_package_data`` will be considered to be ``True``.
- Setuptools will attempt to validate the ``pyproject.toml`` file according
to PEP 621 specification.
- The values specified in ``pyproject.toml`` will take precedence over those
specified in ``setup.cfg`` or ``setup.py``.
Changes
* #2887: **[EXPERIMENTAL]** Added automatic discovery for ``py_modules`` and ``packages``
-- by :user:`abravalheri`.
Setuptools will try to find these values assuming that the package uses either
the *src-layout* (a ``src`` directory containing all the packages or modules),
the *flat-layout* (package directories directly under the project root),
or the *single-module* approach (an isolated Python file, directly under
the project root).
The automatic discovery will also respect layouts that are explicitly
configured using the ``package_dir`` option.
For backward-compatibility, this behavior will be observed **only if both**
``py_modules`` **and** ``packages`` **are not set**.
(**Note**: specifying ``ext_modules`` might also prevent auto-discover from
taking place)
If setuptools detects modules or packages that are not supposed to be in the
distribution, please manually set ``py_modules`` and ``packages`` in your
``setup.cfg`` or ``setup.py`` file.
If you are using a *flat-layout*, you can also consider switching to
*src-layout*.
* #2887: **[EXPERIMENTAL]** Added automatic configuration for the ``name`` metadata
-- by :user:`abravalheri`.
Setuptools will adopt the name of the top-level package (or module in the case
of single-module distributions), **only when** ``name`` **is not explicitly
provided**.
Please note that it is not possible to automatically derive a single name when
the distribution consists of multiple top-level packages or modules.
* #3066: Added vendored dependencies for :pypi:`tomli`, :pypi:`validate-pyproject`.
These dependencies are used to read ``pyproject.toml`` files and validate them.
* #3067: **[EXPERIMENTAL]** When using ``pyproject.toml`` metadata,
the default value of ``include_package_data`` is changed to ``True``.
* #3068: **[EXPERIMENTAL]** Add support for ``pyproject.toml`` configuration
(as introduced by :pep:`621`). Configuration parameters not covered by
standards are handled in the ``[tool.setuptools]`` sub-table.
In the future, existing ``setup.cfg`` configuration
may be automatically converted into the ``pyproject.toml`` equivalent before taking effect
(as proposed in #1688). Meanwhile users can use automated tools like
:pypi:`ini2toml` to help in the transition.
Please note that the legacy backend is not guaranteed to work with
``pyproject.toml`` configuration.
-- by :user:`abravalheri`
* #3125: Implicit namespaces (as introduced in :pep:`420`) are now considered by default
during :doc:`package discovery </userguide/package_discovery>`, when
``setuptools`` configuration and project metadata are added to the
``pyproject.toml`` file.
To disable this behaviour, use ``namespaces = False`` when explicitly setting
the ``[tool.setuptools.packages.find]`` section in ``pyproject.toml``.
This change is backwards compatible and does not affect the behaviour of
configuration done in ``setup.cfg`` or ``setup.py``.
* #3152: **[EXPERIMENTAL]** Added support for ``attr:`` and ``cmdclass`` configurations
in ``setup.cfg`` and ``pyproject.toml`` when ``package_dir`` is implicitly
found via auto-discovery.
* #3178: Postponed importing ``ctypes`` when hiding files on Windows.
This helps to prevent errors in systems that might not have ``libffi`` installed.
* #3179: Merge with pypa/distutils(a)267dbd25ac
Documentation changes
* #3172: Added initial documentation about configuring ``setuptools`` via ``pyproject.toml``
(using standard project metadata).
Misc
* #3065: Refactored ``setuptools.config`` by separating configuration parsing (specific
to the configuration file format, e.g. ``setup.cfg``) and post-processing
(which includes directives such as ``file:`` that can be used across different
configuration formats).
v60.10.0
Changes
* #2971: Deprecated upload_docs command, to be removed in the future.
* #3137: Use samefile from stdlib, supported on Windows since Python 3.2.
* #3170: Adopt nspektr (vendored) to implement Distribution._install_dependencies.
Documentation changes
* #3144: Added documentation on using console_scripts from setup.py, which was previously only shown in setup.cfg -- by :user:`xhlulu`
* #3148: Added clarifications about ``MANIFEST.in``, that include links to PyPUG docs
and more prominent mentions to using a revision control system plugin as an
alternative.
* #3148: Removed mention to ``pkg_resources`` as the recommended way of accessing data
files, in favour of importlib.resources.
Additionally more emphasis was put on the fact that *package data files* reside
**inside** the *package directory* (and therefore should be *read-only*).
Misc
* #3120: Added workaround for intermittent failures of backend tests on PyPy.
These tests now are marked with `XFAIL
<https://docs.pytest.org/en/stable/how-to/skipping.html>`_, instead of erroring
out directly.
* #3124: Improved configuration for :pypi:`rst-linker` (extension used to build the
changelog).
* #3133: Enhanced isolation of tests using virtual environments - PYTHONPATH is not leaking to spawned subprocesses -- by :user:`befeleme`
* #3147: Added options to provide a pre-built ``setuptools`` wheel or sdist for being
used during tests with virtual environments.
Paths for these pre-built distribution files can now be set via the environment
variables: ``PRE_BUILT_SETUPTOOLS_SDIST`` and ``PRE_BUILT_SETUPTOOLS_WHEEL``.
v60.9.3
Misc
* #3093: Repaired automated release process.
v60.9.2
Misc
* #3035: When loading distutils from the vendored copy, rewrite ``__name__`` to ensure consistent importing from inside and out.
v60.9.1
Misc
* #3102: Prevent vendored importlib_metadata from loading distributions from older importlib_metadata.
* #3103: Fixed issue where string-based entry points would be omitted.
* #3107: Bump importlib_metadata to 4.11.1 addressing issue with parsing requirements in egg-info as found in PyPy.
v60.9.0
Changes
* #2876: In the build backend, allow single config settings to be supplied.
* #2993: Removed workaround in distutils hack for get-pip now that pypa/get-pip#137 is closed.
* #3085: Setuptools no longer relies on ``pkg_resources`` for entry point handling.
* #3098: Bump vendored packaging to 21.3.
* Removed bootstrap script.
v60.8.2
Misc
* #3091: Make ``concurrent.futures`` import lazy in vendored ``more_itertools``
package to a avoid importing threading as a side effect (which caused
`gevent/gevent#1865 <https://github.com/gevent/gevent/issues/1865>`__).
-- by :user:`maciejp-ro`
v60.8.1
Misc
* #3084: When vendoring jaraco packages, ensure the namespace package is converted to a simple package to support zip importer.
v60.8.0
Changes
* #3085: Setuptools now vendors importlib_resources and importlib_metadata and jaraco.text. Setuptools no longer relies on pkg_resources for ensure_directory nor parse_requirements.
v60.7.1
Misc
* #3072: Remove lorem_ipsum from jaraco.text when vendored.
v60.7.0
Changes
* #3061: Vendored jaraco.text and use line processing from that library in pkg_resources.
Misc
* #3070: Avoid AttributeError in easy_install.create_home_path when sysconfig.get_config_vars values are not strings.
v60.6.0
Changes
* #3043: Merge with pypa/distutils(a)bb018f1ac3 including consolidated behavior in sysconfig.get_platform (pypa/distutils#104).
* #3057: Don't include optional ``Home-page`` in metadata if no ``url`` is specified. -- by :user:`cdce8p`
* #3062: Merge with pypa/distutils(a)b53a824ec3 including improved support for lib directories on non-x64 Windows builds.
Documentation changes
* #2897: Added documentation about wrapping ``setuptools.build_meta`` in a in-tree
custom backend. This is a :pep:`517`-compliant way of dynamically specifying
build dependencies (e.g. when platform, OS and other markers are not enough).
-- by :user:`abravalheri`
* #3034: Replaced occurrences of the defunct distutils-sig mailing list with pointers
to GitHub Discussions.
-- by :user:`ashemedai`
* #3056: The documentation has stopped suggesting to add ``wheel`` to
:pep:`517` requirements -- by :user:`webknjaz`
Misc
* #3054: Used Py3 syntax ``super().__init__()`` -- by :user:`imba-tjd`
v60.5.4
Misc
* #3009: Remove filtering of distutils warnings.
* #3031: Suppress distutils replacement when building or testing CPython.
v60.5.3
Misc
* #3026: Honor sysconfig variables in easy_install.
v60.5.2
Misc
* #2993: In _distutils_hack, for get-pip, simulate existence of setuptools.
v60.5.1
Misc
* #2918: Correct support for Python 3 native loaders.
v60.5.0
Changes
* #2990: Set the ``.origin`` attribute of the ``distutils`` module to the module's ``__file__``.
v60.4.0
Changes
* #2839: Removed ``requires`` sorting when installing wheels as an egg dir.
* #2953: Fixed a bug that easy install incorrectly parsed Python 3.10 version string.
* #3006: Fixed startup performance issue of Python interpreter due to imports of
costly modules in ``_distutils_hack`` -- by :user:`tiran`
Documentation changes
* #2674: Added link to additional resources on packaging in Quickstart guide
* #3008: "In-tree" Sphinx extension for "favicons" replaced with ``sphinx-favicon``.
* #3008: SVG images (logo, banners, ...) optimised with the help of the ``scour``
package.
Misc
* #2862: Added integration tests that focus on building and installing some packages in
the Python ecosystem via ``pip`` -- by :user:`abravalheri`
* #2952: Modified "vendoring" logic to keep license files.
* #2968: Improved isolation for some tests that where inadvertently using the project
root for builds, and therefore creating directories (e.g. ``build``, ``dist``,
``*.egg-info``) that could interfere with the outcome of other tests
-- by :user:`abravalheri`.
* #2968: Introduced new test fixtures ``venv``, ``venv_without_setuptools``,
``bare_venv`` that rely on the ``jaraco.envs`` package.
These new test fixtures were also used to remove the (currently problematic)
dependency on the ``pytest_virtualenv`` plugin.
* #2968: Removed ``tmp_src`` test fixture. Previously this fixture was copying all the
files and folders under the project root, including the ``.git`` directory,
which is error prone and increases testing time.
Since ``tmp_src`` was used to populate virtual environments (installing the
version of ``setuptools`` under test via the source tree), it was replaced by
the new ``setuptools_sdist`` and ``setuptools_wheel`` fixtures (that are build
only once per session testing and can be shared between all the workers for
read-only usage).
v60.3.1
Misc
* #3002: Suppress AttributeError when detecting get-pip.
v60.3.0
Changes
* #2993: In _distutils_hack, bypass the distutils exception for pip when get-pip is being invoked, because it imports setuptools.
Misc
* #2989: Merge with pypa/distutils(a)788cc159. Includes fix for config vars missing from sysconfig.
v60.2.0
Changes
* #2974: Setuptools now relies on the Python logging infrastructure to log messages. Instead of using ``distutils.log.*``, use ``logging.getLogger(name).*``.
* #2987: Sync with pypa/distutils(a)2def21c5d74fdd2fe7996ee4030ac145a9d751bd, including fix for missing get_versions attribute (#2969), more reliance on sysconfig from stdlib.
Misc
* #2962: Avoid attempting to use local distutils when the presiding version of Setuptools on the path doesn't have one.
* #2983: Restore 'add_shim' as the way to invoke the hook. Avoids compatibility issues between different versions of Setuptools with the distutils local implementation.
v60.1.1
Misc
* #2980: Bypass distutils loader when setuptools module is no longer available on sys.path.
v60.1.0
Changes
* #2958: In distutils_hack, only add the metadata finder once. In ensure_local_distutils, rely on a context manager for reliable manipulation.
* #2963: Merge with pypa/distutils(a)a5af364910. Includes revisited fix for pypa/distutils#15 and improved MinGW/Cygwin support from pypa/distutils#77.
v60.0.5
Misc
* #2960: Install schemes fall back to default scheme for headers.
v60.0.4
Misc
* #2954: Merge with pypa/distutils(a)eba2bcd310. Adds platsubdir to config vars available for substitution.
v60.0.3
Misc
* #2940: Avoid KeyError in distutils hack when pip is imported during ensurepip.
v60.0.2
Misc
* #2938: Select 'posix_user' for the scheme unless falling back to stdlib, then use 'unix_user'.
v60.0.1
Misc
* #2944: Add support for extended install schemes in easy_install.
v60.0.0
Breaking Changes
* #2896: Setuptools once again makes its local copy of distutils the default. To override, set SETUPTOOLS_USE_DISTUTILS=stdlib.
v59.8.0
Changes
* #2935: Merge pypa/distutils(a)460b59f0e68dba17e2465e8dd421bbc14b994d1f.
v59.7.0
Changes
* #2930: Require Python 3.7
v59.6.0
Changes
* #2925: Merge with pypa/distutils(a)92082ee42c including introduction of deprecation warning on Version classes.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 7eeeb60373dd381db51505002b3de89d7c33f948
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:16 2022 +0200
python3-setuptools-scm: Update to version 6.4.2
- Update from version 6.3.2 to 6.4.2
- Update rootfile
- Changelog
v6.4.2
* fix #671 : NoReturn is not avaliable in painfully dead python 3.6
v6.4.1
* fix regression #669: restore get_version signature
* fix #668: harden the selftest for distribution extras
v6.4.0
* compatibility adjustments for setuptools >58
* only put minimal setuptools version into toml extra to warn people with old
strict pins
* coorectly handle hg-git self-use
* better mercurial detection
* modernize packaging setup
* python 3.10 support
* better handling of setuptools install command deprecation
* consider ``pyproject.tomls`` when running as command
* use list in git describe command to avoid shell expansions while supporting
both windows and posix
* add ``--strip-dev`` flag to ``python -m setuptools_scm`` to print the next
guessed version cleanly
* ensure no-guess-dev will fail on bad tags instead of generating invalid
versions
* ensure we use utc everywhere to avoid confusion
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit a790b010770eb5839055c117f71e44bc9b8d3538
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:15 2022 +0200
python3-setuptools-rust: Update to version 1.2.0
- Update from 1.1.2 to 1.2.0
- Update of rootfile
- Changelog
## 1.2.0 (2022-03-22)
### Packaging
- Drop support for Python 3.6. [#209]
### Added
- Add support for `kebab-case` executable names. [#205]
- Add support for custom cargo profiles. [#216]
### Fixed
- Fix building macOS arm64 wheel with cibuildwheel. [#217]
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit dba994e86f185585e656c0fa5dc5c2c5f6b15116
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:14 2022 +0200
python3-semantic-version: Update to version 2.9.0
- Update from 2.8.5 to 2.9.0
- Update of rootfile
- Changelog
2.9.0 (2022-02-06)
*New:*
* Add support for Django 3.1, 3.2, 4.0
* Add support for Python 3.7 / 3.8 / 3.9 / 3.10
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 98c7df65620a424c1980730bb6118098a685f1ea
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:13 2022 +0200
python3-s3transfer: Update to version 0.5.2
- Update from 0.5.0 to 0.5.2
- Update of rootfile
- Changelog
There is no changelog in the source tarball or in PyPi or in the github repository.
To see the changes you have to read through the individual commits in the github
repository.
https://github.com/boto/s3transfer/commits/develop
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 40556f0946c26163d852d973b71f2818ad555198
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:12 2022 +0200
python3-pytz: Update to version 2022.1
- Update from 2021.3 to 2022.1
- Update of rootfile
- Changelog
pytz 2022.1 with the 2022a timezone database has been released. There are no code
changes.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit b9758326128d343afe0a80db8aef7b308a9f4ba9
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:11 2022 +0200
python3-jmespath: Update to version 1.0.0
- Update from 0.10.0 to 1.0.0
- Update of rootfile
- Changelog
This python module does not have a changelog in its source file or on its PyPi page
or on its github page.
To see what changes have occurred you have to look at the individual commits in github
https://github.com/jmespath/jmespath.py/commits/develop
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit e9fecdc0397044c268c8c7ef34bcd924a2daa4a7
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:10 2022 +0200
python3-flit: Update to version 3.7.1
- Update from 3.6.0 to 3.7.1
- Update of rootfile
- Changelog
Version 3.7.1
Fix building packages which need execution to get the version number, and
have a relative import in __init__.py (PR #531).
Version 3.7
Support for external data files such as man pages or Jupyter extension
support files (PR #510).
Project names are now lowercase in wheel filenames and .dist-info folder
names, in line with the specifications (PR #498).
Improved support for bootstrapping a Python environment, e.g. for downstream
packagers (PR #511). flit_core.wheel is usable with python -m to create
wheels before the build tool is available, and flit_core sdists also
include a script to install itself from a wheel before installer is available.
Use newer importlib APIs, fixing some deprecation warnings (PR #499).
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 441e92695515b32beafb009e513b11661eaa210d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:09 2022 +0200
python3-click: Update to version 8.1.2
- Update from 8.0.3 to 8.1.2
- Update of rootfile
- Changelog
Version 8.1.2
- Fix error message for readable path check that was mixed up with the
executable check. :pr:`2236`
- Restore parameter order for ``Path``, placing the ``executable``
parameter at the end. It is recommended to use keyword arguments
instead of positional arguments. :issue:`2235`
Version 8.1.1
- Fix an issue with decorator typing that caused type checking to
report that a command was not callable. :issue:`2227`
Version 8.1.0
- Drop support for Python 3.6. :pr:`2129`
- Remove previously deprecated code. :pr:`2130`
- ``Group.resultcallback`` is renamed to ``result_callback``.
- ``autocompletion`` parameter to ``Command`` is renamed to
``shell_complete``.
- ``get_terminal_size`` is removed, use
``shutil.get_terminal_size`` instead.
- ``get_os_args`` is removed, use ``sys.argv[1:]`` instead.
- Rely on :pep:`538` and :pep:`540` to handle selecting UTF-8 encoding
instead of ASCII. Click's locale encoding detection is removed.
:issue:`2198`
- Single options boolean flags with ``show_default=True`` only show
the default if it is ``True``. :issue:`1971`
- The ``command`` and ``group`` decorators can be applied with or
without parentheses. :issue:`1359`
- The ``Path`` type can check whether the target is executable.
:issue:`1961`
- ``Command.show_default`` overrides ``Context.show_default``, instead
of the other way around. :issue:`1963`
- Parameter decorators and ``@group`` handles ``cls=None`` the same as
not passing ``cls``. ``@option`` handles ``help=None`` the same as
not passing ``help``. :issue:`#1959`
- A flag option with ``required=True`` requires that the flag is
passed instead of choosing the implicit default value. :issue:`1978`
- Indentation in help text passed to ``Option`` and ``Command`` is
cleaned the same as using the ``@option`` and ``@command``
decorators does. A command's ``epilog`` and ``short_help`` are also
processed. :issue:`1985`
- Store unprocessed ``Command.help``, ``epilog`` and ``short_help``
strings. Processing is only done when formatting help text for
output. :issue:`2149`
- Allow empty str input for ``prompt()`` when
``confirmation_prompt=True`` and ``default=""``. :issue:`2157`
- Windows glob pattern expansion doesn't fail if a value is an invalid
pattern. :issue:`2195`
- It's possible to pass a list of ``params`` to ``@command``. Any
params defined with decorators are appended to the passed params.
:issue:`2131`.
- ``@command`` decorator is annotated as returning the correct type if
a ``cls`` argument is used. :issue:`2211`
- A ``Group`` with ``invoke_without_command=True`` and ``chain=False``
will invoke its result callback with the group function's return
value. :issue:`2124`
- ``to_info_dict`` will not fail if a ``ParamType`` doesn't define a
``name``. :issue:`2168`
- Shell completion prioritizes option values with option prefixes over
new options. :issue:`2040`
- Options that get an environment variable value using
``autoenvvar_prefix`` treat an empty value as ``None``, consistent
with a direct ``envvar``. :issue:`2146`
Version 8.0.4
- ``open_file`` recognizes ``Path("-")`` as a standard stream, the
same as the string ``"-"``. :issue:`2106`
- The ``option`` and ``argument`` decorators preserve the type
annotation of the decorated function. :pr:`2155`
- A callable default value can customize its help text by overriding
``__str__`` instead of always showing ``(dynamic)``. :issue:`2099`
- Fix a typo in the Bash completion script that affected file and
directory completion. If this script was generated by a previous
version, it should be regenerated. :issue:`2163`
- Fix typing for ``echo`` and ``secho`` file argument.
:issue:`2174, 2185`
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 4d2a20f407110fa91b2ceb9f38c6c0bae1add405
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:08 2022 +0200
python3-charset-vomalizer: Update to version 2.0.12
- Update from 2.0.10 to 2.0.12
- Update of rootfile
- Changelog
## [2.0.12]
### Fixed
- ASCII miss-detection on rare cases (PR #170)
## [2.0.11]
### Added
- Explicit support for Python 3.11 (PR #164)
### Changed
- The logging behavior have been completely reviewed, now using only TRACE and
DEBUG levels (PR #163 #165)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit b3ae0e6695fb3e9dbffa6f15a66c6fdc4a62af23
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sun Apr 10 13:18:07 2022 +0200
python3-botocore: Update to version 1.24.37
- Update from 1.23.21 to 1.24.37
- Update of rootfile
- Changelog
1.24.37
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for the pass-through of WebVTT styling to WebVTT outputs, pass-through of KLV metadata to supported formats, and improved filter support for processing 444/RGB content.
api-change:wafv2: Add a new CurrentDefaultVersion field to ListAvailableManagedRuleGroupVersions API response; add a new VersioningSupported boolean to each ManagedRuleGroup returned from ListAvailableManagedRuleGroups API response.
api-change:mediapackage-vod: This release adds ScteMarkersSource as an available field for Dash Packaging Configurations. When set to MANIFEST, MediaPackage will source the SCTE-35 markers from the manifest. When set to SEGMENTS, MediaPackage will source the SCTE-35 markers from the segments.
1.24.36
api-change:apigateway: ApiGateway CLI command get-usage now includes usagePlanId, startDate, and endDate fields in the output to match documentation.
api-change:personalize: This release provides tagging support in AWS Personalize.
api-change:pi: Adds support for DocumentDB to the Performance Insights API.
api-change:events: Update events client to latest version
api-change:docdb: Added support to enable/disable performance insights when creating or modifying db instances
api-change:sagemaker: Amazon Sagemaker Notebook Instances now supports G5 instance types
1.24.35
bugfix:Proxy: Fix failure case for IP proxy addresses using TLS-in-TLS. boto/botocore#2652
api-change:config: Add resourceType enums for AWS::EMR::SecurityConfiguration and AWS::SageMaker::CodeRepository
api-change:panorama: Added Brand field to device listings.
api-change:lambda: This release adds new APIs for creating and managing Lambda Function URLs and adds a new FunctionUrlAuthType parameter to the AddPermission API. Customers can use Function URLs to create built-in HTTPS endpoints on their functions.
api-change:kendra: Amazon Kendra now provides a data source connector for Box. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-box.html
1.24.34
api-change:securityhub: Added additional ASFF details for RdsSecurityGroup AutoScalingGroup, ElbLoadBalancer, CodeBuildProject and RedshiftCluster.
api-change:fsx: Provide customers more visibility into file system status by adding new "Misconfigured Unavailable" status for Amazon FSx for Windows File Server.
api-change:s3control: Documentation-only update for doc bug fixes for the S3 Control API docs.
api-change:datasync: AWS DataSync now supports Amazon FSx for OpenZFS locations.
1.24.33
api-change:iot: AWS IoT - AWS IoT Device Defender adds support to list metric datapoints collected for IoT devices through the ListMetricValues API
api-change:servicecatalog: This release adds ProvisioningArtifictOutputKeys to DescribeProvisioningParameters to reference the outputs of a Provisioned Product and deprecates ProvisioningArtifactOutputs.
api-change:sms: Revised product update notice for SMS console deprecation.
api-change:proton: SDK release to support tagging for AWS Proton Repository resource
enhancement:AWSCRT: Upgrade awscrt version to 0.13.8
1.24.32
api-change:connect: This release updates these APIs: UpdateInstanceAttribute, DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically enable/disable multi-party conferencing using attribute type MULTI_PARTY_CONFERENCING on the specified Amazon Connect instance.
1.24.31
api-change:cloudcontrol: SDK release for Cloud Control API in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD
api-change:pinpoint-sms-voice-v2: Amazon Pinpoint now offers a version 2.0 suite of SMS and voice APIs, providing increased control over sending and configuration. This release is a new SDK for sending SMS and voice messages called PinpointSMSVoiceV2.
api-change:workspaces: Added APIs that allow you to customize the logo, login message, and help links in the WorkSpaces client login page. To learn more, visit https://docs.aws.amazon.com/workspaces/latest/adminguide/customize-branding.html
api-change:route53-recovery-cluster: This release adds a new API "ListRoutingControls" to list routing control states using the highly reliable Route 53 ARC data plane endpoints.
api-change:databrew: This AWS Glue Databrew release adds feature to support ORC as an input format.
api-change:auditmanager: This release adds documentation updates for Audit Manager. The updates provide data deletion guidance when a customer deregisters Audit Manager or deregisters a delegated administrator.
api-change:grafana: This release adds tagging support to the Managed Grafana service. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to support tagging while calling CreateWorkspace.
1.24.30
api-change:iot-data: Update the default AWS IoT Core Data Plane endpoint from VeriSign signed to ATS signed. If you have firewalls with strict egress rules, configure the rules to grant you access to data-ats.iot.[region].amazonaws.com or data-ats.iot.[region].amazonaws.com.cn.
api-change:ec2: This release simplifies the auto-recovery configuration process enabling customers to set the recovery behavior to disabled or default
api-change:fms: AWS Firewall Manager now supports the configuration of third-party policies that can use either the centralized or distributed deployment models.
api-change:fsx: This release adds support for modifying throughput capacity for FSx for ONTAP file systems.
api-change:iot: Doc only update for IoT that fixes customer-reported issues.
1.24.29
api-change:organizations: This release provides the new CloseAccount API that enables principals in the management account to close any member account within an organization.
1.24.28
api-change:medialive: This release adds support for selecting a maintenance window.
api-change:acm-pca: Updating service name entities
1.24.27
api-change:ec2: This is release adds support for Amazon VPC Reachability Analyzer to analyze path through a Transit Gateway.
api-change:ssm: This Patch Manager release supports creating, updating, and deleting Patch Baselines for Rocky Linux OS.
api-change:batch: Bug Fix: Fixed a bug where shapes were marked as unboxed and were not serialized and sent over the wire, causing an API error from the service.
1.24.26
api-change:lambda: Adds support for increased ephemeral storage (/tmp) up to 10GB for Lambda functions. Customers can now provision up to 10 GB of ephemeral storage per function instance, a 20x increase over the previous limit of 512 MB.
api-change:config: Added new APIs GetCustomRulePolicy and GetOrganizationCustomRulePolicy, and updated existing APIs PutConfigRule, DescribeConfigRule, DescribeConfigRuleEvaluationStatus, PutOrganizationConfigRule, DescribeConfigRule to support a new feature for building AWS Config rules with AWS CloudFormation Guard
api-change:transcribe: This release adds an additional parameter for subtitling with Amazon Transcribe batch jobs: outputStartIndex.
1.24.25
api-change:redshift: This release adds a new [--encrypted | --no-encrypted] field in restore-from-cluster-snapshot API. Customers can now restore an unencrypted snapshot to a cluster encrypted with AWS Managed Key or their own KMS key.
api-change:ebs: Increased the maximum supported value for the Timeout parameter of the StartSnapshot API from 60 minutes to 4320 minutes. Changed the HTTP error code for ConflictException from 503 to 409.
api-change:gamesparks: Released the preview of Amazon GameSparks, a fully managed AWS service that provides a multi-service backend for game developers.
api-change:elasticache: Doc only update for ElastiCache
api-change:transfer: Documentation updates for AWS Transfer Family to describe how to remove an associated workflow from a server.
api-change:auditmanager: This release updates 1 API parameter, the SnsArn attribute. The character length and regex pattern for the SnsArn attribute have been updated, which enables you to deselect an SNS topic when using the UpdateSettings operation.
api-change:ssm: Update AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource APIs to reflect the support for tagging Automation resources. Includes other minor documentation updates.
1.24.24
api-change:location: Amazon Location Service now includes a MaxResults parameter for GetDevicePositionHistory requests.
api-change:polly: Amazon Polly adds new Catalan voice - Arlet. Arlet is available as Neural voice only.
api-change:lakeformation: The release fixes the incorrect permissions called out in the documentation - DESCRIBE_TAG, ASSOCIATE_TAG, DELETE_TAG, ALTER_TAG. This trebuchet release fixes the corresponding SDK and documentation.
api-change:ecs: Documentation only update to address tickets
api-change:ce: Added three new APIs to support tagging and resource-level authorization on Cost Explorer resources: TagResource, UntagResource, ListTagsForResource. Added optional parameters to CreateCostCategoryDefinition, CreateAnomalySubscription and CreateAnomalyMonitor APIs to support Tag On Create.
1.24.23
api-change:ram: Document improvements to the RAM API operations and parameter descriptions.
api-change:ecr: This release includes a fix in the DescribeImageScanFindings paginated output.
api-change:quicksight: AWS QuickSight Service Features - Expand public API support for group management.
api-change:chime-sdk-meetings: Add support for media replication to link multiple WebRTC media sessions together to reach larger and global audiences. Participants connected to a replica session can be granted access to join the primary session and can switch sessions with their existing WebRTC connection
api-change:mediaconnect: This release adds support for selecting a maintenance window.
1.24.22
enhancement:jmespath: Add env markers to get working version of jmespath for python 3.6
api-change:glue: Added 9 new APIs for AWS Glue Interactive Sessions: ListSessions, StopSession, CreateSession, GetSession, DeleteSession, RunStatement, GetStatement, ListStatements, CancelStatement
1.24.21
enhancement:Dependency: Added support for jmespath 1.0
api-change:amplifybackend: Adding the ability to customize Cognito verification messages for email and SMS in CreateBackendAuth and UpdateBackendAuth. Adding deprecation documentation for ForgotPassword in CreateBackendAuth and UpdateBackendAuth
api-change:acm-pca: AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports customizable certificate subject names and extensions.
api-change:ssm-incidents: Removed incorrect validation pattern for IncidentRecordSource.invokedBy
api-change:billingconductor: This is the initial SDK release for AWS Billing Conductor. The AWS Billing Conductor is a customizable billing service, allowing you to customize your billing data to match your desired business structure.
api-change:s3outposts: S3 on Outposts is releasing a new API, ListSharedEndpoints, that lists all endpoints associated with S3 on Outpost, that has been shared by Resource Access Manager (RAM).
1.24.20
api-change:robomaker: This release deprecates ROS, Ubuntu and Gazbeo from RoboMaker Simulation Service Software Suites in favor of user-supplied containers and Relaxed Software Suites.
api-change:dataexchange: This feature enables data providers to use the RevokeRevision operation to revoke subscriber access to a given revision. Subscribers are unable to interact with assets within a revoked revision.
api-change:ec2: Adds the Cascade parameter to the DeleteIpam API. Customers can use this parameter to automatically delete their IPAM, including non-default scopes, pools, cidrs, and allocations. There mustn't be any pools provisioned in the default public scope to use this parameter.
api-change:cognito-idp: Updated EmailConfigurationType and SmsConfigurationType to reflect that you can now choose Amazon SES and Amazon SNS resources in the same Region.
enhancement:AWSCRT: Upgrade awscrt extra to 0.13.5
api-change:location: New HERE style "VectorHereExplore" and "VectorHereExploreTruck".
api-change:ecs: Documentation only update to address tickets
api-change:keyspaces: Fixing formatting issues in CLI and SDK documentation
api-change:rds: Various documentation improvements
1.24.19
api-change:kendra: Amazon Kendra now provides a data source connector for Slack. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-slack.html
api-change:timestream-query: Amazon Timestream Scheduled Queries now support Timestamp datatype in a multi-measure record.
enhancement:Stubber: Added support for modeled exception fields when adding errors to a client stub. Implements boto/boto3`#3178 <https://github.com/boto/botocore/issues/3178>`__.
api-change:elasticache: Doc only update for ElastiCache
api-change:config: Add resourceType enums for AWS::ECR::PublicRepository and AWS::EC2::LaunchTemplate
1.24.18
api-change:outposts: This release adds address filters for listSites
api-change:lambda: Adds PrincipalOrgID support to AddPermission API. Customers can use it to manage permissions to lambda functions at AWS Organizations level.
api-change:secretsmanager: Documentation updates for Secrets Manager.
api-change:connect: This release adds support for enabling Rich Messaging when starting a new chat session via the StartChatContact API. Rich Messaging enables the following formatting options: bold, italics, hyperlinks, bulleted lists, and numbered lists.
api-change:chime: Chime VoiceConnector Logging APIs will now support MediaMetricLogs. Also CreateMeetingDialOut now returns AccessDeniedException.
1.24.17
api-change:transcribe: Documentation fix for API StartMedicalTranscriptionJobRequest, now showing min sample rate as 16khz
api-change:transfer: Adding more descriptive error types for managed workflows
api-change:lexv2-models: Update lexv2-models client to latest version
1.24.16
api-change:comprehend: Amazon Comprehend now supports extracting the sentiment associated with entities such as brands, products and services from text documents.
1.24.15
api-change:eks: Introducing a new enum for NodeGroup error code: Ec2SubnetMissingIpv6Assignment
api-change:keyspaces: Adding link to CloudTrail section in Amazon Keyspaces Developer Guide
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for reading timecode from AVCHD sources and now provides the ability to segment WebVTT at the same interval as the video and audio in HLS packages.
1.24.14
api-change:chime-sdk-meetings: Adds support for Transcribe language identification feature to the StartMeetingTranscription API.
api-change:ecs: Amazon ECS UpdateService API now supports additional parameters: loadBalancers, propagateTags, enableECSManagedTags, and serviceRegistries
api-change:migration-hub-refactor-spaces: AWS Migration Hub Refactor Spaces documentation update.
1.24.13
api-change:synthetics: Allow custom handler function.
api-change:transfer: Add waiters for server online and offline.
api-change:devops-guru: Amazon DevOps Guru now integrates with Amazon CodeGuru Profiler. You can view CodeGuru Profiler recommendations for your AWS Lambda function in DevOps Guru. This feature is enabled by default for new customers as of 3/4/2022. Existing customers can enable this feature with UpdateEventSourcesConfig.
api-change:macie: Amazon Macie Classic (macie) has been discontinued and is no longer available. A new Amazon Macie (macie2) is now available with significant design improvements and additional features.
api-change:ec2: Documentation updates for Amazon EC2.
api-change:sts: Documentation updates for AWS Security Token Service.
api-change:connect: This release updates the *InstanceStorageConfig APIs so they support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_SEGMENTS. Use this resource type to enable streaming for real-time contact analysis and to associate the Kinesis stream where real-time contact analysis segments will be published.
1.24.12
api-change:greengrassv2: Doc only update that clarifies Create Deployment section.
api-change:fsx: This release adds support for data repository associations to use root ("/") as the file system path
api-change:kendra: Amazon Kendra now suggests spell corrections for a query. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/query-spell-check.html
api-change:appflow: Launching Amazon AppFlow Marketo as a destination connector SDK.
api-change:timestream-query: Documentation only update for SDK and CLI
1.24.11
api-change:gamelift: Minor updates to address errors.
api-change:cloudtrail: Add bytesScanned field into responses of DescribeQuery and GetQueryResults.
api-change:athena: This release adds support for S3 Object Ownership by allowing the S3 bucket owner full control canned ACL to be set when Athena writes query results to S3 buckets.
api-change:keyspaces: This release adds support for data definition language (DDL) operations
api-change:ecr: This release adds support for tracking images lastRecordedPullTime.
1.24.10
api-change:mediapackage: This release adds Hybridcast as an available profile option for Dash Origin Endpoints.
api-change:rds: Documentation updates for Multi-AZ DB clusters.
api-change:mgn: Add support for GP3 and IO2 volume types. Add bootMode to LaunchConfiguration object (and as a parameter to UpdateLaunchConfigurationRequest).
api-change:kafkaconnect: Adds operation for custom plugin deletion (DeleteCustomPlugin) and adds new StateDescription field to DescribeCustomPlugin and DescribeConnector responses to return errors from asynchronous resource creation.
1.24.9
api-change:finspace-data: Add new APIs for managing Users and Permission Groups.
api-change:amplify: Add repositoryCloneMethod field for hosting an Amplify app. This field shows what authorization method is used to clone the repo: SSH, TOKEN, or SIGV4.
api-change:fsx: This release adds support for the following FSx for OpenZFS features: snapshot lifecycle transition messages, force flag for deleting file systems with child resources, LZ4 data compression, custom record sizes, and unsetting volume quotas and reservations.
api-change:fis: This release adds logging support for AWS Fault Injection Simulator experiments. Experiment templates can now be configured to send experiment activity logs to Amazon CloudWatch Logs or to an S3 bucket.
api-change:route53-recovery-cluster: This release adds a new API option to enable overriding safety rules to allow routing control state updates.
api-change:amplifyuibuilder: We are adding the ability to configure workflows and actions for components.
api-change:athena: This release adds support for updating an existing named query.
api-change:ec2: This release adds support for new AMI property 'lastLaunchedTime'
api-change:servicecatalog-appregistry: AppRegistry is deprecating Application and Attribute-Group Name update feature. In this release, we are marking the name attributes for Update APIs as deprecated to give a heads up to our customers.
1.24.8
api-change:elasticache: Doc only update for ElastiCache
api-change:panorama: Added NTP server configuration parameter to ProvisionDevice operation. Added alternate software fields to DescribeDevice response
1.24.7
api-change:route53: SDK doc update for Route 53 to update some parameters with new information.
api-change:databrew: This AWS Glue Databrew release adds feature to merge job outputs into a max number of files for S3 File output type.
api-change:transfer: Support automatic pagination when listing AWS Transfer Family resources.
api-change:s3control: Amazon S3 Batch Operations adds support for new integrity checking capabilities in Amazon S3.
api-change:s3: This release adds support for new integrity checking capabilities in Amazon S3. You can choose from four supported checksum algorithms for data integrity checking on your upload and download requests. In addition, AWS SDK can automatically calculate a checksum as it streams data into S3
api-change:fms: AWS Firewall Manager now supports the configuration of AWS Network Firewall policies with either centralized or distributed deployment models. This release also adds support for custom endpoint configuration, where you can choose which Availability Zones to create firewall endpoints in.
api-change:lightsail: This release adds support to delete and create Lightsail default key pairs that you can use with Lightsail instances.
api-change:autoscaling: You can now hibernate instances in a warm pool to stop instances without deleting their RAM contents. You can now also return instances to the warm pool on scale in, instead of always terminating capacity that you will need later.
1.24.6
api-change:transfer: The file input selection feature provides the ability to use either the originally uploaded file or the output file from the previous workflow step, enabling customers to make multiple copies of the original file while keeping the source file intact for file archival.
api-change:lambda: Lambda releases .NET 6 managed runtime to be available in all commercial regions.
api-change:textract: Added support for merged cells and column header for table response.
1.24.5
api-change:translate: This release enables customers to use translation settings for formality customization in their synchronous translation output.
api-change:wafv2: Updated descriptions for logging configuration.
api-change:apprunner: AWS App Runner adds a Java platform (Corretto 8, Corretto 11 runtimes) and a Node.js 14 runtime.
1.24.4
api-change:imagebuilder: This release adds support to enable faster launching for Windows AMIs created by EC2 Image Builder.
api-change:customer-profiles: This release introduces apis CreateIntegrationWorkflow, DeleteWorkflow, ListWorkflows, GetWorkflow and GetWorkflowSteps. These apis are used to manage and view integration workflows.
api-change:dynamodb: DynamoDB ExecuteStatement API now supports Limit as a request parameter to specify the maximum number of items to evaluate. If specified, the service will process up to the Limit and the results will include a LastEvaluatedKey value to continue the read in a subsequent operation.
1.24.3
api-change:transfer: Properties for Transfer Family used with SFTP, FTP, and FTPS protocols. Display Banners are bodies of text that can be displayed before and/or after a user authenticates onto a server using one of the previously mentioned protocols.
api-change:gamelift: Increase string list limit from 10 to 100.
api-change:budgets: This change introduces DescribeBudgetNotificationsForAccount API which returns budget notifications for the specified account
1.24.2
api-change:iam: Documentation updates for AWS Identity and Access Management (IAM).
api-change:redshift: SDK release for Cross region datasharing and cost-control for cross region datasharing
api-change:evidently: Add support for filtering list of experiments and launches by status
api-change:backup: AWS Backup add new S3_BACKUP_OBJECT_FAILED and S3_RESTORE_OBJECT_FAILED event types in BackupVaultNotifications events list.
1.24.1
api-change:ec2: Documentation updates for EC2.
api-change:budgets: Adds support for auto-adjusting budgets, a new budget method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit baseline using a historical lookback average or current period forecast.
api-change:ce: AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers.
api-change:glue: Support for optimistic locking in UpdateTable
api-change:ssm: Assorted ticket fixes and updates for AWS Systems Manager.
1.24.0
api-change:appflow: Launching Amazon AppFlow SAP as a destination connector SDK.
feature:Parser: Adding support for parsing int/long types in rest-json response headers.
api-change:rds: Adds support for determining which Aurora PostgreSQL versions support Babelfish.
api-change:athena: This release adds a subfield, ErrorType, to the AthenaError response object in the GetQueryExecution API when a query fails.
1.23.54
api-change:ssm: Documentation updates for AWS Systems Manager.
1.23.53
api-change:cloudformation: This SDK release adds AWS CloudFormation Hooks HandlerErrorCodes
api-change:lookoutvision: This release makes CompilerOptions in Lookout for Vision's StartModelPackagingJob's Configuration object optional.
api-change:pinpoint: This SDK release adds a new paramater creation date for GetApp and GetApps Api call
api-change:sns: Customer requested typo fix in API documentation.
api-change:wafv2: Adds support for AWS WAF Fraud Control account takeover prevention (ATP), with configuration options for the new managed rule group AWSManagedRulesATPRuleSet and support for application integration SDKs for Android and iOS mobile apps.
1.23.52
api-change:cloudformation: This SDK release is for the feature launch of AWS CloudFormation Hooks.
1.23.51
api-change:kendra: Amazon Kendra now provides a data source connector for Amazon FSx. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-fsx.html
api-change:apprunner: This release adds support for App Runner to route outbound network traffic of a service through an Amazon VPC. New API: CreateVpcConnector, DescribeVpcConnector, ListVpcConnectors, and DeleteVpcConnector. Updated API: CreateService, DescribeService, and UpdateService.
api-change:s3control: This release adds support for S3 Batch Replication. Batch Replication lets you replicate existing objects, already replicated objects to new destinations, and objects that previously failed to replicate. Customers will receive object-level visibility of progress and a detailed completion report.
api-change:sagemaker: Autopilot now generates an additional report with information on the performance of the best model, such as a Confusion matrix and Area under the receiver operating characteristic (AUC-ROC). The path to the report can be found in CandidateArtifactLocations.
1.23.50
api-change:auditmanager: This release updates 3 API parameters. UpdateAssessmentFrameworkControlSet now requires the controls attribute, and CreateAssessmentFrameworkControl requires the id attribute. Additionally, UpdateAssessmentFramework now has a minimum length constraint for the controlSets attribute.
api-change:synthetics: Adding names parameters to the Describe APIs.
api-change:ssm-incidents: Update RelatedItem enum to support SSM Automation
api-change:events: Update events client to latest version
enhancement:Lambda Request Header: Adding request header for Lambda recursion detection.
1.23.49
api-change:athena: You can now optionally specify the account ID that you expect to be the owner of your query results output location bucket in Athena. If the account ID of the query results bucket owner does not match the specified account ID, attempts to output to the bucket will fail with an S3 permissions error.
api-change:rds: updates for RDS Custom for Oracle 12.1 support
api-change:lakeformation: Add support for calling Update Table Objects without a TransactionId.
1.23.48
api-change:ec2: adds support for AMIs in Recycle Bin
api-change:robomaker: The release deprecates the use various APIs of RoboMaker Deployment Service in favor of AWS IoT GreenGrass v2.0.
api-change:meteringmarketplace: Add CustomerAWSAccountId to ResolveCustomer API response and increase UsageAllocation limit to 2500.
api-change:rbin: Add EC2 Image recycle bin support.
1.23.47
api-change:emr: Update emr client to latest version
api-change:personalize: Adding minRecommendationRequestsPerSecond attribute to recommender APIs.
enhancement:Request headers: Adding request headers with retry information.
api-change:appflow: Launching Amazon AppFlow Custom Connector SDK.
api-change:dynamodb: Documentation update for DynamoDB Java SDK.
api-change:iot: This release adds support for configuring AWS IoT logging level per client ID, source IP, or principal ID.
api-change:comprehend: Amazon Comprehend now supports sharing and importing custom trained models from one AWS account to another within the same region.
api-change:ce: Doc-only update for Cost Explorer API that adds INVOICING_ENTITY dimensions
api-change:fis: Added GetTargetResourceType and ListTargetResourceTypesAPI actions. These actions return additional details about resource types and parameters that can be targeted by FIS actions. Added a parameters field for the targets that can be specified in experiment templates.
api-change:es: Allows customers to get progress updates for blue/green deployments
api-change:glue: Launch Protobuf support for AWS Glue Schema Registry
api-change:elasticache: Documentation update for AWS ElastiCache
1.23.46
api-change:appconfigdata: Documentation updates for AWS AppConfig Data.
api-change:athena: This release adds a field, AthenaError, to the GetQueryExecution response object when a query fails.
api-change:appconfig: Documentation updates for AWS AppConfig
api-change:cognito-idp: Doc updates for Cognito user pools API Reference.
api-change:secretsmanager: Feature are ready to release on Jan 28th
api-change:sagemaker: This release added a new NNA accelerator compilation support for Sagemaker Neo.
1.23.45
api-change:ec2: X2ezn instances are powered by Intel Cascade Lake CPUs that deliver turbo all core frequency of up to 4.5 GHz and up to 100 Gbps of networking bandwidth
api-change:kafka: Amazon MSK has updated the CreateCluster and UpdateBrokerStorage API that allows you to specify volume throughput during cluster creation and broker volume updates.
api-change:connect: This release adds support for configuring a custom chat duration when starting a new chat session via the StartChatContact API. The default value for chat duration is 25 hours, minimum configurable value is 1 hour (60 minutes) and maximum configurable value is 7 days (10,080 minutes).
api-change:amplify: Doc only update to the description of basicauthcredentials to describe the required encoding and format.
api-change:opensearch: Allows customers to get progress updates for blue/green deployments
1.23.44
api-change:frauddetector: Added new APIs for viewing past predictions and obtaining prediction metadata including prediction explanations: ListEventPredictions and GetEventPredictionMetadata
api-change:ebs: Documentation updates for Amazon EBS Direct APIs.
api-change:codeguru-reviewer: Added failure state and adjusted timeout in waiter
api-change:securityhub: Adding top level Sample boolean field
api-change:sagemaker: API changes relating to Fail steps in model building pipeline and add PipelineExecutionFailureReason in PipelineExecutionSummary.
1.23.43
api-change:fsx: This release adds support for growing SSD storage capacity and growing/shrinking SSD IOPS for FSx for ONTAP file systems.
api-change:efs: Update efs client to latest version
api-change:connect: This release adds support for custom vocabularies to be used with Contact Lens. Custom vocabularies improve transcription accuracy for one or more specific words.
api-change:guardduty: Amazon GuardDuty expands threat detection coverage to protect Amazon Elastic Kubernetes Service (EKS) workloads.
1.23.42
api-change:route53-recovery-readiness: Updated documentation for Route53 Recovery Readiness APIs.
1.23.41
enhancement:Exceptions: ProxyConnectionError previously provided the full proxy URL. User info will now be appropriately masked if needed.
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for 4K AV1 output resolutions & 10-bit AV1 color, the ability to ingest sidecar Dolby Vision XML metadata files, and the ability to flag WebVTT and IMSC tracks for accessibility in HLS.
api-change:transcribe: Add support for granular PIIEntityTypes when using Batch ContentRedaction.
1.23.40
api-change:guardduty: Amazon GuardDuty findings now include remoteAccountDetails under AwsApiCallAction section if instance credential is exfiltrated.
api-change:connect: This release adds tagging support for UserHierarchyGroups resource.
api-change:mediatailor: This release adds support for multiple Segment Delivery Configurations. Users can provide a list of names and URLs when creating or editing a source location. When retrieving content, users can send a header to choose which URL should be used to serve content.
api-change:fis: Added action startTime and action endTime timestamp fields to the ExperimentAction object
api-change:ec2: C6i, M6i and R6i instances are powered by a third-generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz
1.23.39
api-change:macie2: This release of the Amazon Macie API introduces stricter validation of requests to create custom data identifiers.
api-change:ec2-instance-connect: Adds support for ED25519 keys. PushSSHPublicKey Availability Zone parameter is now optional. Adds EC2InstanceStateInvalidException for instances that are not running. This was previously a service exception, so this may require updating your code to handle this new exception.
1.23.38
api-change:ivs: This release adds support for the new Thumbnail Configuration property for Recording Configurations. For more information see https://docs.aws.amazon.com/ivs/latest/userguide/record-to-s3.html
api-change:storagegateway: Documentation update for adding bandwidth throttling support for S3 File Gateways.
api-change:location: This release adds the CalculateRouteMatrix API which calculates routes for the provided departure and destination positions. The release also deprecates the use of pricing plan across all verticals.
api-change:cloudtrail: This release fixes a documentation bug in the description for the readOnly field selector in advanced event selectors. The description now clarifies that users omit the readOnly field selector to select both Read and Write management events.
api-change:ec2: Add support for AWS Client VPN client login banner and session timeout.
1.23.37
enhancement:Configuration: Adding support for defaults_mode configuration. The defaults_mode will be used to determine how certain default configuration options are resolved in the SDK.
1.23.36
api-change:config: Update ResourceType enum with values for CodeDeploy, EC2 and Kinesis resources
api-change:application-insights: Application Insights support for Active Directory and SharePoint
api-change:honeycode: Added read and write api support for multi-select picklist. And added errorcode field to DescribeTableDataImportJob API output, when import job fails.
api-change:ram: This release adds the ListPermissionVersions API which lists the versions for a given permission.
api-change:lookoutmetrics: This release adds a new DeactivateAnomalyDetector API operation.
1.23.35
api-change:pinpoint: Adds JourneyChannelSettings to WriteJourneyRequest
api-change:lexv2-runtime: Update lexv2-runtime client to latest version
api-change:nimble: Amazon Nimble Studio now supports validation for Launch Profiles. Launch Profiles now report static validation results after create/update to detect errors in network or active directory configuration.
api-change:glue: This SDK release adds support to pass run properties when starting a workflow run
api-change:ssm: AWS Systems Manager adds category support for DescribeDocument API
api-change:elasticache: AWS ElastiCache for Redis has added a new Engine Log LogType in LogDelivery feature. You can now publish the Engine Log from your Amazon ElastiCache for Redis clusters to Amazon CloudWatch Logs and Amazon Kinesis Data Firehose.
1.23.34
api-change:lexv2-models: Update lexv2-models client to latest version
api-change:elasticache: Doc only update for ElastiCache
api-change:honeycode: Honeycode is releasing new APIs to allow user to create, delete and list tags on resources.
api-change:ec2: Hpc6a instances are powered by a third-generation AMD EPYC processors (Milan) delivering all-core turbo frequency of 3.4 GHz
api-change:fms: Shield Advanced policies for Amazon CloudFront resources now support automatic application layer DDoS mitigation. The max length for SecurityServicePolicyData ManagedServiceData is now 8192 characters, instead of 4096.
api-change:pi: This release adds three Performance Insights APIs. Use ListAvailableResourceMetrics to get available metrics, GetResourceMetadata to get feature metadata, and ListAvailableResourceDimensions to list available dimensions. The AdditionalMetrics field in DescribeDimensionKeys retrieves per-SQL metrics.
1.23.33
api-change:finspace-data: Documentation updates for FinSpace.
api-change:rds: This release adds the db-proxy event type to support subscribing to RDS Proxy events.
api-change:ce: Doc only update for Cost Explorer API that fixes missing clarifications for MatchOptions definitions
api-change:kendra: Amazon Kendra now supports advanced query language and query-less search.
api-change:workspaces: Introducing new APIs for Workspaces audio optimization with Amazon Connect: CreateConnectClientAddIn, DescribeConnectClientAddIns, UpdateConnectClientAddIn and DeleteConnectClientAddIn.
api-change:iotevents-data: This release provides documentation updates for Timer.timestamp in the IoT Events API Reference Guide.
api-change:ec2: EC2 Capacity Reservations now supports RHEL instance platforms (RHEL with SQL Server Standard, RHEL with SQL Server Enterprise, RHEL with SQL Server Web, RHEL with HA, RHEL with HA and SQL Server Standard, RHEL with HA and SQL Server Enterprise)
1.23.32
api-change:ec2: New feature: Updated EC2 API to support faster launching for Windows images. Optimized images are pre-provisioned, using snapshots to launch instances up to 65% faster.
api-change:compute-optimizer: Adds support for new Compute Optimizer capability that makes it easier for customers to optimize their EC2 instances by leveraging multiple CPU architectures.
api-change:lookoutmetrics: This release adds FailureType in the response of DescribeAnomalyDetector.
api-change:databrew: This SDK release adds support for specifying a Bucket Owner for an S3 location.
api-change:transcribe: Documentation updates for Amazon Transcribe.
1.23.31
api-change:medialive: This release adds support for selecting the Program Date Time (PDT) Clock source algorithm for HLS outputs.
1.23.30
api-change:ec2: This release introduces On-Demand Capacity Reservation support for Cluster Placement Groups, adds Tags on instance Metadata, and includes documentation updates for Amazon EC2.
api-change:mediatailor: This release adds support for filler slate when updating MediaTailor channels that use the linear playback mode.
api-change:opensearch: Amazon OpenSearch Service adds support for Fine Grained Access Control for existing domains running Elasticsearch version 6.7 and above
api-change:iotwireless: Downlink Queue Management feature provides APIs for customers to manage the queued messages destined to device inside AWS IoT Core for LoRaWAN. Customer can view, delete or purge the queued message(s). It allows customer to preempt the queued messages and let more urgent messages go through.
api-change:es: Amazon OpenSearch Service adds support for Fine Grained Access Control for existing domains running Elasticsearch version 6.7 and above
api-change:mwaa: This release adds a "Source" field that provides the initiator of an update, such as due to an automated patch from AWS or due to modification via Console or API.
api-change:appsync: AppSync: AWS AppSync now supports configurable batching sizes for AWS Lambda resolvers, Direct AWS Lambda resolvers and pipeline functions
1.23.29
api-change:cloudtrail: This release adds support for CloudTrail Lake, a new feature that lets you run SQL-based queries on events that you have aggregated into event data stores. New APIs have been added for creating and managing event data stores, and creating, running, and managing queries in CloudTrail Lake.
api-change:iot: This release adds an automatic retry mechanism for AWS IoT Jobs. You can now define a maximum number of retries for each Job rollout, along with the criteria to trigger the retry for FAILED/TIMED_OUT/ALL(both FAILED an TIMED_OUT) job.
api-change:ec2: This release adds a new API called ModifyVpcEndpointServicePayerResponsibility which allows VPC endpoint service owners to take payer responsibility of their VPC Endpoint connections.
api-change:snowball: Updating validation rules for interfaces used in the Snowball API to tighten security of service.
api-change:lakeformation: Add new APIs for 3rd Party Support for Lake Formation
api-change:appstream: Includes APIs for App Entitlement management regarding entitlement and entitled application association.
api-change:eks: Amazon EKS now supports running applications using IPv6 address space
api-change:quicksight: Multiple Doc-only updates for Amazon QuickSight.
api-change:ecs: Documentation update for ticket fixes.
api-change:sagemaker: Amazon SageMaker now supports running training jobs on ml.g5 instance types.
api-change:glue: Add Delta Lake target support for Glue Crawler and 3rd Party Support for Lake Formation
1.23.28
api-change:rekognition: This release introduces a new field IndexFacesModelVersion, which is the version of the face detect and storage model that was used when indexing the face vector.
api-change:s3: Minor doc-based updates based on feedback bugs received.
enhancement:JSONFileCache: Add support for __delitem__ in JSONFileCache
api-change:s3control: Documentation updates for the renaming of Glacier to Glacier Flexible Retrieval.
1.23.27
api-change:sagemaker: The release allows users to pass pipeline definitions as Amazon S3 locations and control the pipeline execution concurrency using ParallelismConfiguration. It also adds support of EMR jobs as pipeline steps.
api-change:rds: Multiple doc-only updates for Relational Database Service (RDS)
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added strength levels to the Sharpness Filter and now permits OGG files to be specified as sidecar audio inputs.
api-change:greengrassv2: This release adds the API operations to manage the Greengrass role associated with your account and to manage the core device connectivity information. Greengrass V2 customers can now depend solely on Greengrass V2 SDK for all the API operations needed to manage their fleets.
api-change:detective: Added and updated API operations to support the Detective integration with AWS Organizations. New actions are used to manage the delegated administrator account and the integration configuration.
1.23.26
api-change:nimble: Amazon Nimble Studio adds support for users to upload files during a streaming session using NICE DCV native client or browser.
api-change:chime-sdk-messaging: The Amazon Chime SDK now supports updating message attributes via channel flows
api-change:imagebuilder: Added a note to infrastructure configuration actions and data types concerning delivery of Image Builder event messages to encrypted SNS topics. The key that's used to encrypt the SNS topic must reside in the account that Image Builder runs under.
api-change:workmail: This release allows customers to change their email monitoring configuration in Amazon WorkMail.
api-change:transfer: Property for Transfer Family used with the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session.
api-change:lookoutmetrics: This release adds support for Causal Relationships. Added new ListAnomalyGroupRelatedMetrics API operation and InterMetricImpactDetails API data type
api-change:mediaconnect: You can now use the Fujitsu-QoS protocol for your MediaConnect sources and outputs to transport content to and from Fujitsu devices.
api-change:qldb: Amazon QLDB now supports journal exports in JSON and Ion Binary formats. This release adds an optional OutputFormat parameter to the ExportJournalToS3 API.
1.23.25
api-change:customer-profiles: This release adds an optional parameter, ObjectTypeNames to the PutIntegration API to support multiple object types per integration option. Besides, this release introduces Standard Order Objects which contain data from third party systems and each order object belongs to a specific profile.
api-change:sagemaker: This release adds a new ContentType field in AutoMLChannel for SageMaker CreateAutoMLJob InputDataConfig.
api-change:forecast: Adds ForecastDimensions field to the DescribeAutoPredictorResponse
api-change:securityhub: Added new resource details objects to ASFF, including resources for Firewall, and RuleGroup, FirewallPolicy Added additional details for AutoScalingGroup, LaunchConfiguration, and S3 buckets.
api-change:location: Making PricingPlan optional as part of create resource API.
api-change:redshift: This release adds API support for managed Redshift datashares. Customers can now interact with a Redshift datashare that is managed by a different service, such as AWS Data Exchange.
api-change:apigateway: Documentation updates for Amazon API Gateway
api-change:devops-guru: Adds Tags support to DescribeOrganizationResourceCollectionHealth
api-change:imagebuilder: This release adds support for importing and exporting VM Images as part of the Image Creation workflow via EC2 VM Import/Export.
api-change:datasync: AWS DataSync now supports FSx Lustre Locations.
api-change:finspace-data: Make dataset description optional and allow s3 export for dataviews
1.23.24
api-change:secretsmanager: Documentation updates for Secrets Manager
1.23.23
api-change:lexv2-models: Update lexv2-models client to latest version
api-change:network-firewall: This release adds support for managed rule groups.
api-change:route53-recovery-control-config: This release adds tagging supports to Route53 Recovery Control Configuration. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to support tagging while calling CreateCluster, CreateControlPanel and CreateSafetyRule.
api-change:ec2: Adds waiters support for internet gateways.
api-change:sms: This release adds SMS discontinuation information to the API and CLI references.
api-change:route53domains: Amazon Route 53 domain registration APIs now support filtering and sorting in the ListDomains API, deleting a domain by using the DeleteDomain API and getting domain pricing information by using the ListPrices API.
api-change:savingsplans: Adds the ability to specify Savings Plans hourly commitments using five digits after the decimal point.
1.23.22
api-change:lookoutvision: This release adds new APIs for packaging an Amazon Lookout for Vision model as an AWS IoT Greengrass component.
api-change:sagemaker: This release added a new Ambarella device(amba_cv2) compilation support for Sagemaker Neo.
api-change:comprehendmedical: This release adds a new set of APIs (synchronous and batch) to support the SNOMED-CT ontology.
api-change:health: Documentation updates for AWS Health
api-change:logs: This release adds AWS Organizations support as condition key in destination policy for cross account Subscriptions in CloudWatch Logs.
api-change:outposts: This release adds the UpdateOutpost API.
api-change:support: Documentation updates for AWS Support.
api-change:iot: This release allows customer to enable caching of custom authorizer on HTTP protocol for clients that use persistent or Keep-Alive connection in order to reduce the number of Lambda invocations.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 159f9214a6852328f4edb327b33d2268ac4bac3f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 21:08:28 2022 +0000
Core Update 168: Ship and restart OpenVPN
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 75072c7702208179b392570485d5b301673525a0
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 14 10:21:12 2022 +0200
openvpn: Update to version 2.5.6
- Update from version 2.5.4 to 2.5.6
- Update of rootfile not required
- No changes related to ciphers or options
- Source tarball changed from .xz to .gz as for version 2.5.6 the xz options was not
available. Raised on Openvpn forum but response was that they also didn't know why xz
option was not available but they thought it was not a big deal as the gz version is
only slightly larger.
- Changelog
Overview of changes in 2.5.6
User-visible Changes
update copyright year to 2022
New features
new plugin (sample-plugin/defer/multi-auth.c) to help testing with multiple
parallel plugins that succeed/fail in direct/deferred mode
various build improvements (github actions etc)
upgrade pkcs11-helper to release 1.28.4
Bugfixes
CVE-2022-0547 see
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
If openvpn is configured with multiple authentication plugins and more than
one plugin tries to do deferred authentication, the result is not
well-defined - creating a possible authentication bypass.
In this situation the server process will now abort itself with a clear log
message. Only one plugin is allowed to do deferred authentication.
Fix "--mtu-disc maybe|yes" on Linux
Due to configure/syshead.h/#ifdef confusion, the code in question was not
compiled-in since a long time. Fixed. Trac: #1452
Fix $common_name variable passed to scripts when username-as-common-name is
in effect.
This was not consistently set - sometimes, OpenVPN exported the username,
sometimes the common name from the client cert. Fixed. Trac: #1434
Fix potential memory leaks in add_route() and add_route_ipv6().
Apply connect-retry backoff only to one side of the connection in p2p mode.
Without that fix/enhancement, two sides could end up only sending packets
when the other end is not ready. Trac: #1010, #1384
remove unused sitnl.h file
clean up msvc build files, remove unused MSVC build .bat files
repair "--inactive" handling with a 'bytes' parameter larger than 2 Gbytes
due to integer overflow, this ended up being "0" on Linux, but on Windows
with MSVC it ends up being "always 2 Gbyte", both not doing what is
requested. Trac: #1448
repair handling of EC certificates on Windows with pkcs11-helper
(wrong compile-time defines for OpenSSL 1.1.1)
Documentation
documentation improvements related to DynDNS. Trac: #1417
clean up documentation for --proto and related options
rebuild rst docs if input files change (proper dependency handling)
Overview of changes in 2.5.5
User-visible Changes
SWEET32/64bit cipher deprecation change was postponed to 2.7
Windows: use network address for emulated DHCP server as default this
enables use of a /30 subnet, which is needed when connecting to OpenVPN Cloud.
require EC support in windows builds (this means it's no longer possible to
build a Windows OpenVPN binary with an OpenSSL lib without EC support)
New features
Windows build: use CFG and Spectre mitigations on MSVC builds
bring back OpenSSL config loading to Windows builds. OpenSSL config is
loaded from %installdir%\ssl\openssl.cnf (typically:
c:\program files\openvpn\ssl\openssl.cnf) if it exists.
This is important for some hardware tokens which need special OpenSSL
config for correct operation. Trac #1296
Bugfixes
Windows build: enable EKM
Windows build: improve various vcpkg related build issues
Windows build: fix regression related to non-writeable status files
(Trac #1430)
Windows build: fix regression that broke OpenSSL EC support
Windows build: fix "product version" display (2.5..4 -> 2.5.4)
Windows build: fix regression preventing use of PKCS12 files
improve "make check" to notice if "openvpn --show-cipher" crashes
improve argv unit tests
ensure unit tests work with mbedTLS builds without BF-CBC ciphers
include "--push-remove" in the output of "openvpn --help"
fix error in iptables syntax in example firewall.sh script
fix "resolvconf -p" invocation in example "up" script
fix "common_name" environment for script calls when
"--username-as-common-name" is in effect (Trac #1434)
Documentation
move "push-peer-info" documentation from "server options" to "client"
(where it belongs)
correct "foreign_option_{n}" typo in manpage
update IRC information in CONTRIBUTING.rst (libera.chat)
README.down-root: fix plugin module name
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 0f447b470a929bb8f565e4cc5eb2697f074ddd7a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 14 10:20:57 2022 +0200
bird: Update to version 2.0.9
- Update from version 2.0.8 to 2.0.9
- Update of rootfile not required
- Changelog
Version 2.0.9 (2022-02-09)
o BGP: Flowspec validation procedure
o Babel: MAC authentication support
o Routing table configuration blocks
o Optional prefix trie in routing table for faster LPM/interval queries
o CLI: New 'show route in <prefix>' command
o Filter: Faster (16-way) prefix sets
o Filter: MPLS label route attribute
o Filter: Operators to pick community components
o Filter: Operators to find minimum and maximum element of lists
o BGP: New 'free bind' option
o BGP: Log route updates that were changed to withdraws
o BGP: Improved 'invalid next hop' error reporting
o OSPF: Allow ifaces with host address as unnumbered PtP or PtMP ifaces
o OSPF: All packets on PtP networks should be sent to AllSPFRouters address
o Scripts for apkg-powered upstream packaging for deb and rpm
o Support for Blake2s and Blake2b hash functions
o Security keys / passwords can be entered in hexadecimal digits
o Memory statistics split into Effective and Overhead
o Linux: New option 'netlink rx buffer' to specify netlink socket buffer size
o BSD: Assume onlink flag on ifaces with only host addresses
o Many bugfixes
Notes:
- For OSPF on PtP network, BIRD now sends all packets to multicast AllSPFRouters
address (as required in RFC 2328 8.1). This likely breaks setups with multiple
neighbors on a network configured as PtP, which worked in previous versions.
Such links should be configured as PtMP.
- Since Linux 5.3, netlink socket can be flooded by route cache entries during
route table scan. This version mitigates that issue by using strict netlink
filtering.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 5e792900bc14070f877e7d2c1e406bebd60fac19
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 21:05:49 2022 +0000
Core Update 168: Ship and restart Squid
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f56b5ce8af9a71296bd20c7b47208781b1574caa
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Apr 15 13:07:14 2022 +0200
squid: Update to 5.5
For details see:
http://lists.squid-cache.org/pipermail/squid-users/2022-April/024725.html
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b101f8e842f221113377f69b6a0471ffd24d15e7
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 21:04:38 2022 +0000
Core Update 168: Ship and restart vnstat
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c516ba3b01b93cd4d549cf92b70f4eb58fd95d20
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Apr 16 16:53:47 2022 +0200
vnstat: Update to 2.9
Triggered by Bug #12846 - in this context I noticed that vnstat had been updated to version 2.9.
For details see:
https://humdi.net/vnstat/CHANGES
"2.9 / 23-Jan-2022
- Fixed
- RescanDatabaseOnSave configuration option wasn't being read from the
configuration file resulting in the feature always being enabled
- Hourly graph image output using large fonts didn't correctly fade out
the x-axis line for hours not having data available
- New
- Add --alert for producing output and/or specific exit status when
configured condition and transfer limit is exceeded, can also be used
for "quota remaining" type of queries depending on used parameters
- Add configuration option InterfaceMatchMethod which allows configuring
the possibility of specifying an interface for database queries by using
its alias instead of system provided interface name, enabled by default
to support case insensitive matching of the beginning of interface
aliases (vnstat and vnstati)
- Image output file extension allows selecting the used image file format
as long as the used LibGD supports it, PNG is no longer the only option
- Add configuration option HourlyGraphMode for changing the output mode
of the graph, 0 = 24 hour sliding window (default, as in previous
releases), 1 = graph begins from midnight
- Add mode parameter for -hg / --hoursgraph options for overriding the
HourlyGraphMode configuration option setting from the command line
- Add vertical line to image output hourly graph to visualize midnight
- Add -t / --timestamp options to daemon for enabling timestamps to prints
when the daemon is running in the foreground attached to a terminal
- Accept ; as comment character in configuration file in addition to #
- Comment out keywords which are using default values with ; character in
provided configuration file and --showconfig output
2.8 / 4-Sep-2021
- Fixed
- Using a combination of --live and --json wasn't flushing stdout after
each line resulting in buffered output if the output was being piped
- Image output would fail to show the last line bar graph in list outputs
if EstimateStyle was 0, BarColumnShowsRate was 1 and the last line had a
higher traffic rate than other lines
- Image output didn't correctly horizontally align the "no data available"
message in 5 minute graph depending on the width of the image
- Image output related configuration warnings could get shown when image
output wasn't being used
- Warnings of mismatches between image output and data retention
configuration didn't provide relevant details for solving the issues
- BandwidthDetection was being used for tun interfaces even when the
Linux kernel had the information hardcoded to 10 Mbit regardless of the
used real interface, interface specific MaxBW will now be used instead
or MaxBandwidth as fallback
- Configured interface specific MaxBW values were getting overridden by
BandwidthDetection when something could be detected
- Image output horizontal rx/tx bars often had one pixel too much width in
the tx section resulting in slightly wrong ratio getting shown
- Top days list wasn't always sorting entries with exactly the same traffic
sum using ascending date
- 64bitInterfaceCounters with value -2 always assumed 32-bit on Linux
systems until a 64-bit value was seen if kernel headers weren't available
when binaries were built
- New
- Add the possibility of specifying an interface without using the
-i / --iface options (vnstat and vnstati)
- The daemon can discover added interfaces from the database without
requiring a restart, configurable with option RescanDatabaseOnSave
- Add configuration option UseUTC for using UTC as timezone for database
entries instead of following the system timezone configuration
- --iflist uses user configured interface specific MaxBW values in the
output when available instead of showing only the kernel provided
information when detected
- Add configuration option AlwaysAddNewInterfaces to expose the daemon
--alwaysadd command line option which gains an optional mode parameter
- Image output uses LibGD filled arc bug workaround only for LibGD
versions that are known to be broken
- Image output example cgi (examples/vnstat.cgi) improvements
- Automatically lists all monitored interfaces instead of requiring the
list to be filled manually, server name in page title comes from
hostname command by default
- Provides links for most available images to more detailed or longer
versions of each image
- Allows direct interface specific page access with /interfacename suffix
for the cgi if the used httpd supports PATH_INFO
- Page auto refresh can be enabled with configurable interval"
Please note:
As mentioned above, the default values in 2.9 are commented out. I have reversed this
by adding a simple 'sed' command to the lfs file.
Another possibility would have been to extend the existing sed commands. If this
is desired differently, please report.
As - nearly - always: running here with no seen problems...
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 31e85ef336ccfc2abb724d08e497c40c55b52762
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon Apr 18 11:12:43 2022 +0200
rsync: Update to 3.2.4
For details see:
https://download.samba.org/pub/rsync/NEWS#3.2.4
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c74f7aa6d94337fec1d83e10e6d63c90b3d7aa72
Merge: a95bb24fe 31592610c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Apr 18 16:38:47 2022 +0000
Merge branch 'next' into temp-c168-development
commit 38cf581405290ac9781793e8785cbdf0e210dced
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Apr 17 16:38:21 2022 +0200
ids-functions.pl: Remove temporary files if the downloader aborts.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit eaf5364413ab44dff0640396653fef4e39ace4d7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Apr 17 15:21:20 2022 +0200
ids.cgi: Disable manual update button if a provider is not longer
supported.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 6bef05b9ed1eacb57f66f565def49bbfe6400946
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Apr 17 15:03:56 2022 +0200
ids.cgi: Proper handle providers which are not longer supported.
They will be shown with a different background colour to get the users
attention.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 7c4b8df7163e60bc05867531e3d2a7001eb2af59
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Apr 17 15:02:41 2022 +0200
update-ids-ruleset: Skip unsupported providers.
In case a configured provider is not longer supported, simply skip it
and do not try to perform an update.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit da5c7c24f022751ff4d8dfb68c65d0e60801a626
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 16:02:28 2022 +0200
ids.cgi: Remove orphaned headline.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit b3dbe9ef6462b90198f969dcf42bb17f9c4b427f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 15:57:34 2022 +0200
backup.pl: Run convert-ids-backend-files converter.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 7bc15b982c7ce3bd0b6d3cf752e1e42abba4fe1d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 15:54:44 2022 +0200
backup: Add files for new IDS backend.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit f7eedacb43e81dd8acd031f1ed7680fd0bf3b2b9
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 15:51:06 2022 +0200
convert-ids-backend-files: Restart suricata if the IDS is running.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 5bad33e9a4bae9e15979087df3420c30dd5afd6c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 15:32:27 2022 +0200
ids.cgi: Display return code on download error, when adding a new
provider.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 00271ed769a64e309498c8c5ab2267c0e5982957
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 15:30:03 2022 +0200
ids.cgi: Handle "Not modified" when forcing an ruleset update.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit b645f7fc8675a9caa014b83dff6e7d012a4802c8
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 15:12:58 2022 +0200
ids.cgi: Do not longer use hard-coded status messages in
oinkmaster_web() function.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 93af000b8b3f86008040cb5a62405b158c270fe7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 14:54:11 2022 +0200
oinkmaster: Drop package.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit d2bf4d377f698076e53a56a9784a0b70d8ed3388
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 14:51:48 2022 +0200
suricata: Rootfile update.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 0d99255c0614d0218912724b97f6cfdb4811a895
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 14:49:52 2022 +0200
suricata: Create empty threshold.config file.
The file is referenced in the suricata config file and if not
present some ugly warnings will be displayed/logged during startup.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit d44d4ccf34132b77c8cf3d4ace7eab99a4717a53
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 14:48:35 2022 +0200
suricata: Create directory to store the downloaded ruleset files.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit b75baeff28412bec16dd72e4251d24c371c3fd5d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 14:42:22 2022 +0200
suricata: Do not longer install YAML file for default rules.
This file got obsolete, because it's content will be generated
dynamically by the backend code.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 2e558477da7438d2bd79411279ae1502f044c787
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 16 14:39:09 2022 +0200
convert-ids-backend-files: Convert MONITOR_TRAFFIC_ONLY settings.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit a2c56ead7367995ff743cc5c75aec8c4fb195f83
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 15 06:02:49 2022 +0200
ids-functions.pl: Remove read_enabled_disabled_sids_file() function.
Not longer needed and therefore dead code.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit a15c9b16b404bc1970fd016104560e8fd24b5edb
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 15 05:59:33 2022 +0200
IDS: Move autoupdate logic to cron.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c2eac6fcd4281834409700066b25061d15ca0d6c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 15 05:52:01 2022 +0200
convert-ids-backend-files: Move already downloaded files to new
location.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit b570d35c0aff4c1d126be539bbb009830a1fbb7f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 15 05:19:20 2022 +0200
ids-functions.pl: Change location for downloaded rulesfiles to
"/var/cache/suricata/".
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 4f513522feeb88a447a861d414eead6432ce784f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 15 05:18:37 2022 +0200
ids-functions.pl: Do not use a hard-code temporary download location.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c215cfd8873130362b0665696e06a79279f79abd
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 15 05:13:23 2022 +0200
convert-ids-backend-files: Remove old backend related files.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 70b1672d94f3f6c3cfe82bf65df65125df0b0014
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 15 05:12:56 2022 +0200
convert-ids-backend-files: Remove converted files.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 9f7702544abc0a906d14ccdcf0e4b03239a8fc33
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 15 05:10:45 2022 +0200
convert-ids-backend-files: Regenerate ruleset and used rulesets file.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c00609ce56cab337d352e69599144683192dec8f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Apr 14 05:47:55 2022 +0200
convert-ids-backend-files: Successor of the
convert-ids-modifications-files converter.
This converter also will convert the used rulesfiles file for the
providers.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 2f154264a02a560b0ef4ff6777833330a110f2a4
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Apr 14 05:16:25 2022 +0200
ids.cg: Regeneate ruleset if the ruleset action (mode) of a provider
get changed.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 39b5adb9404ae1b986e75437c4203752da8e9167
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Apr 11 05:57:05 2022 +0200
update-ids-ruleset: Only regenerate and reload ruleset on at least one
successfull update.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 990d111d70b7f5276b5ff3b6729773f1066fcee7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Apr 11 05:48:17 2022 +0200
ids-functions.pl: Add support for Etags.
Etags are used to itentify if an ressource has been changed
by sending a special request and an Etag value to the server.
If the ressource has changed the server will serve the new content
otherwise it will return the 304 (Not-Modified) code.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 149a3291df07c0b1ba0384b83509bb6a62a1eae2
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Apr 11 05:47:15 2022 +0200
ids.cgi: Do not double display a working notice when removing a ruleset
provider.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit a95bb24fe13e4e7837bfbf2e75e255f61985df7d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Apr 5 09:02:40 2022 +0000
nginx: Update to 1.20.2
The 1.20.x series is the current stable one, please refer to
https://nginx.org/en/CHANGES-1.20 for its changelog.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 6fd8dd43b63d32acd119c06682bb19a2ee10966d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 5 15:47:01 2022 +0200
dbus: Update to version 1.14.0
- Update from 1.12.20 to 1.14.0
- Update of rootfile
- Changelog
1.14.x is a new stable branch, superseding 1.12.x.
Summary of major changes between 1.12.x and 1.14.0
Dependencies:
• dbus now requires at least a basic level of support for C99 variadic
macros, as implemented in gcc >= 3, all versions of Clang, and
MSVC >= 2005. In practice this requirement has existed since version
1.9.2, but it is now official.
• dbus now requires a C99-compatible va_copy() macro (or a __va_copy()
macro with the same behaviour), except when building for Windows using
MSVC and CMake.
• On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented,
they must be POSIX-conformant. The non-POSIX signature seen in ancient
Solaris versions will no longer work.
• All Windows builds now require Windows Vista or later.
(Note that we do not recommend or support use of dbus on operating
systems outside their vendor's security support lifetime, such as Vista.)
• GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
• Building using CMake now requires CMake 3.4.
• Building documentation using CMake now requires xsltproc, Docbook DTDs
(for example docbook-xml on Debian derivatives), and Docbook XSLT
stylesheets (for example docbook-xsl on Debian derivatives). Using
KDE's meinproc4 documentation processor is no longer supported.
Build-time configuration changes:
• Move CMake build system to top level, matching normal practice for
CMake projects
Deprecations:
**Looking through these I don't believe they will cause a problem as they are
deprecations and not yet removed.In the future if needed we might need to set
datadir to /etc to keep the location the same as with syscondir. This won't be
needed if we don't use the system.d directory for dbus policies.
• Third-party software should install default dbus policies for the system
bus into ${datadir}/dbus-1/system.d (this has been supported since dbus
1.10, released in August 2015). Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy
files in ${sysconfdir}/dbus-1/system.d continue to be read, but this
directory should only be used by system administrators wishing to
override the default policies.
The ${datadir} applicable to dbus is usually /usr/share and the
${sysconfdir} is usually /etc.
• A similar pattern applies to the session bus policies in session.d.
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
• The dbus-daemon man page now has scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and should
not be used, particularly for the standard system and session buses
• DBusServer (and hence the dbus-daemon) no longer accepts usernames
(login names) for the recommended EXTERNAL authentication mechanism,
only numeric user IDs or the empty string. See 1.13.0 release notes
for full details.
New features:
• On Linux 4.13 or later when built against a suitable glibc version,
GetConnectionCredentials() now includes UnixGroupIDs, the effective
group IDs of the initiator of the connection, taken from
SO_PEERGROUPS.
• On Linux 4.13 or later, <policy group="…"> now uses the SO_PEERGROUPS
credentials-passing socket option to get the effective group IDs
of the initiator of the connection. See 1.13.4 release notes for details.
• Add a --sender option to dbus-send, which requests a name and holds it
until the signal has been sent
• dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a combination of
send_destination and the arg0namespace keyword in match rules.
See 1.13.12 release notes for more details
• The dbus-daemon now filters the messages that it relays, removing
header fields that it does not understand. Clients must not rely on
this behaviour unless they have confirmed that they are connected to
a suitable message bus implementation, for example by querying its
Features property.
• The dbus-daemon now emits a signal, ActivatableServicesChanged, when
the list of activatable services may have changed. Support for this
signal can be discovered by querying the Features property.
• It is now possible to disable traditional (non-systemd) service
activation at build-time (Autotools: --disable-traditional-activation,
CMake: -DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release notes
for details.
• The API reference manual can be built as a Qt compiled help file if
qhelpgenerator(-qt5) is available. See 1.13.16 release notes for details.
Miscellaneous behaviour changes:
• When using the "user bus" (--enable-user-session), put the dbus-daemon
in the session slice
• Several environment variables set by systemd are no longer passed
on to activated services
• If the dbus-daemon is compiled for Linux with systemd support, it
now informs systemd that it is ready for use via the sd_notify()
mechanism
• Tarball releases no longer contain pre-2007 changelogs and are now
compressed with xz, making them around 35% smaller.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
commit 77be7ab63b0fb4be4eeaa3059d7860ab3a701729
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 10:20:31 2022 +0000
Core Update 168: Ship expat
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 54fe871c8305649b00dbd7e67bb68ccfc4c43f7d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Apr 5 15:47:15 2022 +0200
expat: Update to version 2.4.8
- Update from 2.4.6 to 2.4.8
- Update of rootfile
- Changelog
Release 2.4.8 Mon March 28 2022
Other changes:
#587 pkg-config: Move "-lm" to section "Libs.private"
#587 CMake|MSVC: Fix pkg-config section "Libs"
#55 #582 CMake|macOS: Start using linker arguments
"-compatibility_version <version>" and
"-current_version <version>" in a way compatible with
GNU Libtool
#590 #591 Version info bumped from 9:7:8 to 9:8:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#589 CI: Upgrade Clang from 13 to 14
Release 2.4.7 Fri March 4 2022
Bug fixes:
#572 #577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
with regard to all valid URI characters (RFC 3986),
i.e. the following set (excluding whitespace):
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
0123456789 % -._~ :/?#[]@ !$&'()*+,;=
Other changes:
#555 #570 #581 CMake|Windows: Store Expat version in the DLL
#577 Document consequences of namespace separator choices not just
in doc/reference.html but also in header <expat.h>
#577 Document Expat's lack of validation of namespace URIs against
RFC 3986, and that the XML 1.0r4 specification doesn't
require Expat to validate namespace URIs, and that Expat
may do more in that regard in future releases.
If you find need for strict RFC 3986 URI validation on
application level today, https://uriparser.github.io/ may
be of interest.
#579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
#575 Document that a call to XML_FreeContentModel can be done at
a later time from outside the element declaration handler
#574 Make hardcoded namespace URIs easier to find in code
#573 Update documentation on use of XML_POOR_ENTOPY on Solaris
#569 #571 tests: Resolve use of macros NAN and INFINITY for GNU G++
4.8.2 on Solaris.
#578 #580 Version info bumped from 9:6:8 to 9:7:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9c4e7e3b4956eb886acaaf039d31b4a26dbece8c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 10:20:11 2022 +0000
Core Update 168: Ship libgcrypt
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 2a8de00c6fbc7625d385ebd04ad466ee8a024a12
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Apr 6 15:06:12 2022 +0200
libgcrypt: Update to version 1.10.1
- Update from 1.9.4 to 1.10.1
- Update of rootfile
- Changelog
Noteworthy changes in version 1.10.1 (2022-03-28) [C24/A4/R1]
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc. [rCffaef0be61]
* Other:
- More portable integrity check in FIPS mode. [rC9fa4c8946a,T5835]
- Add X9.62 OIDs to sha256 and sha512 modules. [rC52fd2305ba]
Noteworthy changes in version 1.10.0 (2022-02-01) [C24/A4/R0]
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649. [T5752]
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification. [T4894]
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[R5328,CVE-2021-40528]
- Fix alignment problem on macOS. [T5440]
- Check the input length of the point in ECDH. [T5423]
- Fix an abort in gcry_pk_get_param for "Curve25519". [T5490]
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code. [T5523]
- Simplification of the entropy gatherer when using the getentropy
system call.
* Interface changes relative to the 1.10.0 release:
GCRYCTL_SET_DECRYPTION_TAG NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code.
GCRYCTL_NO_FIPS_MODE = 83 NEW control code.
GCRY_CIPHER_MODE_SIV NEW mode.
GCRY_CIPHER_MODE_GCM_SIV NEW mode.
GCRY_CIPHER_EXTENDED NEW flag.
GCRY_SIV_BLOCK_LEN NEW macro.
gcry_cipher_set_decryption_tag NEW macro.
GCRY_KDF_ARGON2 NEW constant.
GCRY_KDF_BALLOON NEW constant.
GCRY_KDF_ARGON2D NEW constant.
GCRY_KDF_ARGON2I NEW constant.
GCRY_KDF_ARGON2ID NEW constant.
gcry_kdf_hd_t NEW type.
gcry_kdf_job_fn_t NEW type.
gcry_kdf_dispatch_job_fn_t NEW type.
gcry_kdf_wait_all_jobs_fn_t NEW type.
struct gcry_kdf_thread_ops NEW struct.
gcry_kdf_open NEW function.
gcry_kdf_compute NEW function.
gcry_kdf_final NEW function.
gcry_kdf_close NEW function.
gcry_pk_hash_sign NEW function.
gcry_pk_hash_verify NEW function.
gcry_pk_random_override_new NEW function.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit bf1defce5579ed2db91d8fae4eb5549bc8471311
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 10:18:50 2022 +0000
Core Update 168: Ship libnml
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d6aead033a752d7965a3bed6c98dcf5d289707b2
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Apr 6 15:06:28 2022 +0200
libmnl: Update to version 1.0.5
- Update from 1.0.4 to 1.0.5
- Update of rootfile not required
- Changelog
Version 1.0.5 changes from git commits
src: doc: Fix messed-up Netlink message batch diagram
build: If doxygen is not available, be sure to report "doxygen: no" to ./conf...
build: doc: get rid of the need for manual updating of Makefile
build: doc: "make" builds & installs a full set of man pages
doxygen: Fixed link to the git source tree on the website.
include: add MNL_SOCKET_DUMP_SIZE definition
doxygen: remove EXPORT_SYMBOL from the output
nlmsg: Fix a missing doxygen section trailer
src: fix doxygen function documentation
examples: Add rtnl-addr-add.c
examples: reduce LOCs during neigh attributes validation
examples: fix print line format
examples: fix neigh max attributes
examples: add arp cache dump example
libmnl: zero attribute padding
examples: rtnl-addr-dump: fix typo
callback: mark cb_ctl_array 'const' in mnl_cb_run2()
examples: nfct-daemon: Fix test building on musl libc
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 88e01ab8553e9fc7d7d64d2de2b3e7f03c515177
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 10:18:01 2022 +0000
Core Update 168: Remove netbpm add-on, if installed
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 00c31b29184dac2f5dadc21f9457b427a6ee3cb6
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 10:13:32 2022 +0000
Core Update 168: Remove libnl files
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8841ef19685bcb148fdbcdd5c75b8eb96b2bb244
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 7 18:35:04 2022 +0200
netpbm: Removal from IPFire
- This is an addon whose purpose is defined as :-
Netpbm is a toolkit for manipulation of graphic images, including conversion of images
between a variety of different formats. There are over 300 separate tools in the
package including converters for about 100 graphics formats. Examples of the sort of
image manipulation we're talking about are: Shrinking an image by 10%; Cutting the top
half off of an image; Making a mirror image; Creating a sequence of images that fade
from one image to another.
- None of the above seems to be a purpose related to a Firewall. Additionally it is
available in a huge number of distributions, including Linux, BSD,Windows,
MacOS X/Darwin, Solaris, AIX etc
- This package seems to be better used on a system in the lan protected by IPFire than
used on IPFire itself
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 411cd0ca9c52b8a57fc288b2e992d13b3ffb1215
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 7 18:35:03 2022 +0200
libnl: Removal from IPFire
- This is the legacy version of libnl - 1.1.4 and was released in 2013
- libnl-3 is the running stable version - 3.5.0
- Nothing in IPFire has libnl as a dependency. Large number of programs have libnl-3 as
a dependency
- libnl developer indicates that libnl-3 should be used if in any way possible and that
the legacy version is for situations that fail to work with libnl-3
- As everything in IPFire looks to already be using libnl-3 this patch is to remove the
legacy version
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 22ac250b37bbce6f56ea7920e55d5ca9a70f71d3
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 10:05:38 2022 +0000
Core Update 168: Ship perl-libwww
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit c002bd1f44f4ae0c33691be3896456dc8fbd221f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 8 20:49:41 2022 +0200
perl-libwww: Update to 6.62
- Update from 6.61 to 6.62
- Update of rootfile not required
- Changelog
6.62 2022-04-05 01:04:17Z
- Allow downloading to a filehandle (GH#400) (Andrew Fresh)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 6ac573bd8f4a1070e56769e1d74e8268ce8bf19f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 10:04:42 2022 +0000
Core Update 168: Ship whois
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f09b8111142c5d27466d40668d1bd92f60003596
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Apr 9 11:00:16 2022 +0200
whois: Update to 5.5.13
For details see:
https://raw.githubusercontent.com/rfc1036/whois/next/debian/changelog
whois (5.5.13) unstable; urgency=medium
* Added the .sd TLD server.
* Updated the list of new gTLDs.
* Added the Turkish translation, contributed by Oguz Ersen.
-- Marco d'Itri <md(a)linux.it> Fri, 08 Apr 2022 01:08:55 +0200
whois (5.5.12) unstable; urgency=medium
* Updated the .pro TLD server, which was totally broken.
* Fixed the detection of Japanese locales using $LC_MESSAGES.
* Implemented providing partial salt strings to mkpasswd.
* Removed 2 new gTLDs which are no longer active.
* Updated one or more translations. (Closes: #1003597)
* Enabled full hardening in debian/rules.
-- Marco d'Itri <md(a)linux.it> Wed, 23 Feb 2022 01:03:11 +0100
whois (5.5.11) unstable; urgency=medium
* Implemented a --no-recursion command line option to disable recursion
from registrar to registry servers.
* Updated the .pro, .vu and .xxx TLD servers.
* Updated the list of new gTLDs.
* Removed 7 new gTLDs which are no longer active.
* Updated make_version_h.pl to support Ubuntu no-change uploads,
contributed by Matthias Klose. (Closes: #995873)
-- Marco d'Itri <md(a)linux.it> Mon, 03 Jan 2022 18:18:36 +0100
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit da8ca3b1216906d2f009ee6ee09131fa9c7e65de
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 09:56:44 2022 +0000
Core Update 168: Ship changed networking initscripts
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 5806ff0cc5af4b361b3e32cb9e32d97d1f07d400
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Apr 7 18:46:54 2022 +0200
Deleted 'vnstat' calls in initscripts - those options were removed and we're using 'vnstatd', not 'vnstat'.
Fixes: 12831
Jonatan Schlag reported that the command line options of 'vnstat' had changed
"...and seemed to be broken a long time".
=> https://bugzilla.ipfire.org/show_bug.cgi?id=12831#c0
Several command line switches used in networking initscripts were obviously removed.
Affected commands in '.../networking/any' and '.../networking/red'):
...
/usr/bin/vnstat -u -i ${DEVICE} -r --enable --force > /dev/null 2>&1
...
/usr/bin/vnstat -u -i ${DEVICE} -r --disable > /dev/null 2>&1
...
and
...
/usr/bin/vnstat -u -i ppp0 -r --disable > /dev/null 2>&1
...
Adolf Belka tested this, "looked through the changelogs" and found - besides that
the switch '--enable' had been removed "in version 2.0 in 2018" - that '--enable', '--update'
and '--reset' switches are either not needed or not supported anymore.
"The old man page indicates that none of those options are used when the vnstat daemon
is running."
Since we only start and run 'vnstatd' in IPFire it was decided to remove these commands.
Reported-by: jonatan.schlag <jonatan.schlag(a)ipfire.org>
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
commit 18ed846002a02d51a9122133dc2314cbb6d5b04e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 8 20:49:56 2022 +0200
python3-pyparsing: Update to version 3.0.7
- Update from 3.0.6 to 3.0.7
- Update of rootfile
- Changelog
Version 3.0.7 -
- Fixed bug #345, in which delimitedList changed expressions in place
using expr.streamline(). Reported by Kim Gräsman, thanks!
- Fixed bug #346, when a string of word characters was passed to WordStart
or WordEnd instead of just taking the default value. Originally posted
as a question by Parag on StackOverflow, good catch!
- Fixed bug #350, in which White expressions could fail to match due to
unintended whitespace-skipping. Reported by Fu Hanxi, thank you!
- Fixed bug #355, when a QuotedString is defined with characters in its
quoteChar string containing regex-significant characters such as ., *,
?, [, ], etc.
- Fixed bug in ParserElement.run_tests where comments would be displayed
using with_line_numbers.
- Added optional "min" and "max" arguments to `delimited_list`. PR
submitted by Marius, thanks!
- Added new API change note in `whats_new_in_pyparsing_3_0_0`, regarding
a bug fix in the `bool()` behavior of `ParseResults`.
Prior to pyparsing 3.0.x, the `ParseResults` class implementation of
`__bool__` would return `False` if the `ParseResults` item list was empty,
even if it contained named results. In 3.0.0 and later, `ParseResults` will
return `True` if either the item list is not empty *or* if the named
results dict is not empty.
# generate an empty ParseResults by parsing a blank string with
# a ZeroOrMore
result = Word(alphas)[...].parse_string("")
print(result.as_list())
print(result.as_dict())
print(bool(result))
Prints:
[]
{}
False
# add a results name to the result
result["name"] = "empty result"
print(result.as_list())
print(result.as_dict())
print(bool(result))
Prints:
[]
{'name': 'empty result'}
True
In previous versions, the second call to `bool()` would return `False`.
- Minor enhancement to Word generation of internal regular expression, to
emit consecutive characters in range, such as "ab", as "ab", not "a-b".
- Fixed character ranges for search terms using non-Western characters
in booleansearchparser, PR submitted by tc-yu, nice work!
- Additional type annotations on public methods.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit b86bd4f90adc4111db864cb8c1365a0d115a6675
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 09:51:22 2022 +0000
Core Update 168: Remove libevent files
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit e2e51070a18073d6087429daa6036f8eb510886e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 8 23:55:24 2022 +0200
libevent: Remove from IPFire
- Build worked without libevent without problems
- Nothing shows up as dependent on the libevent (legacy) libraries
- Lots of dependencies on the the libevent2 libraries
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Acked-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 943ce57701d39352f51a6b09906cd945a421829c
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 09:49:55 2022 +0000
Core Update 168: Ship libnfnetlink
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 5dcca14b51b845a56ea3d99e1772f569a259e949
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Apr 8 20:49:03 2022 +0200
libnfnetlink: Update to version 1.0.2
- Update from 1.0.1 to 1.0.2
- Update of rootfile not required
- Changelog
Version 1.0.2
* Warnings with automake-1.12
* Update header comments to reflect GPLv2+ license
* Allow building on uclinux
* Valgrind warnings due to uninitialized padding in netlink messages
* Hide private library symbols
* Support builds with newer doxygen versions
* Failing calls to getsockname() were left unnoticed
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit d258332f5bb062394f524dc485153d1841e55436
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 09:49:02 2022 +0000
Core Update 168: Remove orphaned files
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit a6d966e1b79de3b052f92569f8f67b2b0753df49
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 7 13:04:49 2022 +0200
sdparm: Removal from IPFire
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9624937d9112b92cd735391bc15b3d7aef5bedd5
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 7 13:04:48 2022 +0200
pigz: Removal from IPFire
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 85967534723f8da3f6077814dc1f04f8ffb87874
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 7 13:04:47 2022 +0200
libsolv: Removal from IPFire
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit adee5528664883cf48fd83873c978b51b11a7342
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 7 13:04:46 2022 +0200
libpri: Removal from IPFire
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 03216bd01c57262e1fa753ee4ed86cf050fc2212
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 7 13:04:45 2022 +0200
libdnet: Removal from IPFire
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 758162bdc4f5d58cd10afd3f5efbdf7a3034b5b8
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Apr 7 13:04:44 2022 +0200
libart: Removal from IPFire
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 77c3824f285e7df66ce4a26be11dc336bc17633d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Sun Apr 10 09:42:56 2022 +0000
Start Core Update 168
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit faa8c62f6377cf6efa2b4edef1bbe77ede248867
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Apr 10 11:25:36 2022 +0200
ids.cgi: Use new oinkmaster_web function instead the silent one from
ids-functions.
This will print some nice status messages while the page is locked and
the IDS rules get regenerated/altered.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 44d41fd692ea695708c9cd51ecbf1fab2c7a5c28
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Apr 10 11:23:49 2022 +0200
ids.cgi: Add oinkmaster_web () function.
This function is used to regenerate the entire ruleset similar to the
one from ids-functions, but is enhanced to print additional status
messages.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 1aaa347774a96e54daf26ff0762e63731e94a629
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Apr 10 11:19:41 2022 +0200
ids.cgi: Allow to split working_notice function into two parts.
This allows to open the notice and close it at a later time.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 25652a75d485eaf500a60326373f66e56b902c70
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Apr 10 11:17:05 2022 +0200
ids.cgi: Keep IDS/IPS mode settings when enabling/disabling a provider
or autoupdate for it.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 30c4a9ff35117388ce3061ad44280967e1f4cf86
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 9 14:46:39 2022 +0200
ids.cgi: Adjust code to use new used-rulesfiles backend.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 8d6714edc8c957214506bc483bc51edc06c94554
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Apr 9 13:11:18 2022 +0200
ids-functions.pl: Change backend to use one file to load the used
rulefiles.
Suricata seems to struggle when using multiple and/or nested includes in
the same config section. This results in a only partially loaded
confguration where not all rulefiles are loaded and used.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit fa7663a1b594dcfd4bf542eb34a0869d5280e38f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 26 12:26:35 2022 +0100
ids.cgi: Remove newly added provider if the rules could not be
downloaded.
When adding a new provider and in case the rules file or tarball can not
be downloaded, the provider remains as configured.
To avoid that, the provider needs to be removed again.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 81144407528319a53fd0e8ea6852158c56ab7612
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 18:59:42 2022 +0100
convert-ids-modification-files: New converter.
This converter is responsible to convert the old oinkmaster modification
files into the new files and format.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 432b8ed21e0fa9c0ee4cca360dfd881348ba62a0
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 26 11:54:19 2022 +0100
ids.cgi: Drop last fragments from old modify sids backend.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 849fc8ea15a861a97f2e4d9c74804115fd15ecf5
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 18:08:49 2022 +0100
ids-functions.pl: Drop oinkmaster related functions and declarations.
They are not longer needed and safely can be dropped.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 443ad51d1c33550eafc62320865046510b7be8fc
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 16:52:19 2022 +0100
ids.cgi: Allow to configure IDS/IPS mode individually for each provider.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 4c98be8bd21c95b9bb576e211e633bf507388234
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 16:33:20 2022 +0100
ids.cgi: Use new provider modifications backend.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 9f353f8518b93fb1b4f76663088d36d321e8e3f2
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 16:11:12 2022 +0100
ids.cgi: Use new backend to store the ruleset modifications of a
provider.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 2deba6bf4a6b866713ee000a91457802101fa893
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 16:10:01 2022 +0100
ids-functions.pl: Use "enabled/disabled" to mark if a rule should be
altered.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 794469483f26e514e13648a07483d19e2372ecb7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 15:47:52 2022 +0100
ids-functions.pl: Replace call of external oinkmaster.pl to newly
introduced process_ruleset function.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 5a6c7bbe85a24faddf3c5f495d28a6ae6004514f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 15:44:37 2022 +0100
ids-functions.pl: Add process_ruleset() function.
This function is going to replace the part which currently the
oinkmaster.pl script does.
It will read in the extracted ruleset, remove duplicates and alter the
rules to alert or drop in case they match. Also rules will be enabled or
disabled if the used requested this.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 518cbdd38905ed7909f7dfe218957cbc828a004c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 15:34:57 2022 +0100
ids-functions.pl: Add get_provider_ruleset_modifications_file().
This function will obosolete the old oinkmaster modifications files.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit e246285af4c98647217fe96a48d794f959ebf3d8
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 15:34:10 2022 +0100
ids-functions.pl: Add private function to obtain the sid and rev of a
rule.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit e0eb5bc737fa807a574b4f5bf5c42977d55201fb
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Mar 20 15:33:09 2022 +0100
ids-functions.pl: Add get_providers_mode() function.
This function is used to gather the modes of the configured providers
and return them as hash.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit ff780d8b3fa6b91fe9d8560684232381b81b5498
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 26 11:27:01 2022 +0100
update-ids-ruleset: Fix typo in return code.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 74019d3044117bc84646fec22e6a88833a131790
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 26 11:23:44 2022 +0100
update-ids-ruleset: Skip providers which are not enabled.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 9a3f9c2b234457e6cfda54f7ee3746781ba503b5
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 26 11:22:50 2022 +0100
update-ids-ruleset: Log and abort if to less free disk space is
available.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c9c3eadbbffeee8a4f46365e917f619939dee9f1
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 26 11:22:08 2022 +0100
update-ids-ruleset: Add logging for various events.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit d1f7542659cc7ecaaad551f813b0cb32a4734351
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 26 11:18:38 2022 +0100
update-ids-ruleset: Add function to iherit with the syslog daemon.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 65e3aef5835a5e681bdd2af292e4c547c0d196d0
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 26 11:17:06 2022 +0100
ids-functionsn.pl: Remove logging calls when checking free diskspace.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 52a557a848c3f744278aec91d7e16ff1f5c24833
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Mar 26 11:14:40 2022 +0100
ids-functions.pl: Remove logging calls from downloader.
The download script should not directly do the logging stuff.
It simply should download the files for the requested provider and
return an error code on fail.
The logging should be done at another place.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit e26edcc1c7cac6235f7d60c527f980895fc3fe5a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Mar 25 06:03:40 2022 +0100
ids-functions.pl: Provide better return codes, if the downloader fails.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 0f2c5211f6d8b183a8496ff208c20ca5ddc0c6c6
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Mar 24 21:17:59 2022 +0100
ids-functions.pl: Limit downloader to only one provider.
Remove the option and required code to download the rulesets
for all configured and enabled providers by just calling the downloader
function.
This cause a lot of troubles and if required, directly should be handled
by the processing script.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 235e3e92a32a95339c177a94371b22c4bc0877a6
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Mar 24 21:17:08 2022 +0100
ids-functions.pl: Add get_subscription_code() function.
This function can be used to obtain the subscription code of a given
configured provider.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 061391e77601082727e64e40dfa352f89be18ce1
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Mar 24 20:51:56 2022 +0100
ids-functions.pl: Use If-Modified-Since header to reduce file downloads.
When using the "If-Modified-Since" header, the server can be requested
if a modified version of the file can be served.
In case that is true, the file will be sent and stored by the downloader
function. If the file has not been touched since the last time, the
server will respond with the code "304" (Not modified).
This tells us, that the current stored file is the latest one (still up-to-date)
and we safely can skip the download attempt for this provider.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit f264adda359ec58846840e60d9743ca522fa4004
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Mar 24 20:29:21 2022 +0100
ids-functions.pl: Re-order download request handler creation.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 7d8956083b76babafef3c8e82fb32c4f243424c3
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Mar 24 20:18:58 2022 +0100
ids-functions.pl: Early load required perl modules.
This will help us to determine if all required perl modules and their
dependencies are avail and load-able.
It also prevents us from doubble loading modules and makes development
and maintainance more easy.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 304ce130fd1e19de6a4faf9834784e0d821c02c1
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Mar 21 20:21:21 2022 +0100
ids-functions.pl: Remove temporary file, if the download failed.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit e71804fb821acf84ef4ad06fcaf80dda6fe8af0c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Mar 21 20:19:25 2022 +0100
ids-functions.pl: Allow "3" download attempts for each provider before fail.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit de1199e2a32e9f177ea237392b0ae22b5f8a2b87
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Mar 21 19:52:04 2022 +0100
ids-functions.pl: Drop downloader code for sourcefire based ruleset.
Even if the servers do not support HEAD requests, the remote filesize
(content_length) can be obtained from the connection headers.
This generic method works for all servers and therefore we do not need
the code for handle sourcefire servers in a different way anymore.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-06-05 16:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-05 16:01 [git.ipfire.org] IPFire 2.x development tree branch, core168, created. 4a4fc8f19a8734a7d92895da3772027550e80f01 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox