- Update from version 3.10 to 3.11
- Update of rootfile not required
- Changelog
* Noteworthy changes in release 3.11 (2023-05-13) [stable]
** Bug fixes
With -P, patterns like [\d] now work again. Fixing this has caused
grep to revert to the behavior of grep 3.8, in that patterns like \w
and \b go back to using ASCII rather than Unicode interpretations.
However, future versions of GNU grep and/or PCRE2 are likely to fix
this and change the behavior of \w and \b back to Unicode again,
without breaking [\d] as 3.10 did.
[bug introduced in grep 3.10]
grep no longer fails on files dated after the year 2038,
when running on 32-bit x86 and ARM hosts using glibc 2.34+.
[bug introduced in grep 3.9]
grep -P no longer fails to match patterns using negated classes
like \D or \W when linked with PCRE2 10.34 or newer.
[bug introduced in grep 3.8]
** Changes in behavior
grep --version now prints a line describing the version of PCRE2 it uses.
For example, it prints this when built with the very latest from git:
grep -P uses PCRE2 10.43-DEV 2023-04-14
or this with what's currently available in Fedora 37:
grep -P uses PCRE2 10.40 2022-04-14
previous versions of grep wouldn't respect the user provided settings for
PCRE_CFLAGS and PCRE_LIBS when building if a libpcre2-8 pkg-config module
was found.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.1.1 to 5.2.2
- Update of rootfile
- Changelog
Changes from 5.2.1 to 5.2.2
1. Infrastructure upgrades: makeinfo 7.0.1 must be used to format
the manual. As a result, the manual can also now be formatted
with LaTeX by running it through `makeinfo --latex'.
2. Gawk no longer builds an x86_64 executable on M1 macOS systems.
This means that PMA is unavailable on those systems.
3. Gawk will now diagnose if a heap file was created with a different
setting of -M/--bignum than in the current invocation and exit with
a fatal message if so.
4. Gawk no longer "leaks" its free list of NODEs in the heap file, resulting
in much more efficient usage of persistent storage.
5. PROCINFO["pma"] exists if the PMA allocator is compiled into gawk.
Its value is the PMA version.
6. The time extension is no longer deprecated. The strptime() function
from gawkextlib's timex extension has been added to it.
7. Better information is passed to input parsers for when they want to
decide whether or not to take control of a file. In particular, the
readdir extension is simplified for Windows because of this.
8. The various PNG files are now installed for Info and HTML. The
images files now have gawk_ prefixed names to avoid any conflicts
with other installed PNG file names.
9. As usual, there have been several minor code cleanups and bug fixes.
See the ChangeLog for details.
Changes from 5.2.0 to 5.2.1
1. Infrastructure upgrades: PMA version Avon 8.
2. Issues related to the sign of NaN and Inf values on RiscV have
been fixed; gawk now gives identical results on that platform as
it does on others.
3. A few issues with the debugger have been fixed.
4. More subtle issues with untyped array elements being passed to
functions have been fixed.
5. The rwarray extension's readall() function has had some bugs fixed.
6. The PMA allocator is now supported on FreeBSD, OpenBSD and Linux on S/390x.
It is now supported also on both Intel and M1 macOS systems.
7. There have been several minor code cleanups and bug fixes. See the
ChangeLog for details.
Changes from 5.1.x to 5.2.0
*****************************************************************************
* MPFR mode (the -M option) is now ON PAROLE. This feature is now being *
* supported by a volunteer in the development team and not by the primary *
* maintainer. If this situation changes, then the feature will be removed. *
* For more information see this section in the manual: *
* https://www.gnu.org/software/gawk/manual/html_node/MPFR-On-Parole.html *
*****************************************************************************
1. Infrastructure upgrades: Libtool 2.4.7, Bison 3.8.2.
2. Numeric scalars now compare in the same way as C for the relational
operators. Comparison order for sorting has not changed. This only
makes a difference when comparing Infinity and NaN values with
regular numbers; it should not be noticeable most of the time.
3. If the AWK_HASH environment variable is set to "fnv1a" gawk will
use the FNV1-A hash function for associative arrays.
4. The CMake infrastructure has been removed. In the five years it was in
the tree, nobody used it, and it was not updated.
5. There is now a new function, mkbool(), that creates Boolean-typed
values. These values *are* numbers, but they are also tagged as
Boolean. This is mainly for use with data exchange to/from languages
or environments that support real Boolean values. See the manual
for details.
6. As BWK awk has supported interval expressions since 2019, they are
now enabled even if --traditional is supplied. The -r/--re-interval option
remains, but it does nothing.
7. The rwarray extension has two new functions, writeall() and readall(),
for saving / restoring all of gawk's variables and arrays.
8. The new `gawkbug' script should be used for reporting bugs.
9. The manual page (doc/gawk.1) has been considerably reduced in size.
Wherever possible, details were replaced with references to the online
copy of the manual.
10. Gawk now supports Terence Kelly's "persistent malloc" (pma),
allowing gawk to preserve its variables, arrays and user-defined
functions between runs. THIS IS AN EXPERIMENTAL FEATURE!
For more information, see the manual. A new pm-gawk.1 man page
is included, as is a separate user manual that focuses on the feature.
11. Support for OS/2 has been removed. It was not being actively
maintained.
12. Similarly, support for DJGPP has been removed. It also was not
being actively maintained.
13. VAX/VMS is no longer supported, as it can no longer be tested.
The files for it remain in the distribution but will be removed
eventually.
14. Some subtle issues with untyped array elements being passed to
functions have been fixed.
15. Syntax errors are now immediately fatal. This prevents problems
with errors from fuzzers and other such things.
16. There have been numerous minor code cleanups and bug fixes. See the
ChangeLog for details.
Changes from 5.1.1 to 5.1.x
1. Infrastructure upgrades: Automake 1.16.5, Texinfo 6.8.
2. The rwarray extension now supports writing and reading GMP and
MPFR values. As a result, a bug in the API code was fixed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.17 to 1.19
- Update of rootfile not required
- Changelog
2023-01-11 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.19 released.
* main_loop.c (exec_command): Fix commands 'e', 'E'; they did set
the 'modified' flag if file not found. (Reported by Harry Graf).
(main_loop): Print script error line to stdout instead of stderr.
* Change long name of option '-s' to '--script'.
(Suggested by Andrew L. Moore).
* Assign short name '-q' to options '--quiet' and '--silent'.
* main.c (show_strerror) Use '!quiet' to enable diagnostics.
* Do not process file names for backslash escapes.
(Suggested by Andrew L. Moore).
* ed.texi: Document 0 as starting point for searches '0;/RE/'.
Document how to achieve the effect of ex style '!' filtering.
2022-02-04 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.18 released.
* main_loop.c (get_shell_command): Flush stdout after printing cmd.
(Reported by Sören Tempel).
* signal.c (sighup_handler): Fix a memory leak just before exiting.
* carg_parser.c (ap_init): Likewise.
(Both reported by Xosé Vázquez Pérez).
* io.c (read_file, write_file): Check ptr returned by strip_escapes.
* main_loop.c (get_shell_command, exec_command): Likewise.
* main_loop.c (get_shell_command): Remove backslash from escaped '%'.
(Reported by Martin Thomsen).
* main_loop.c, regex.c: Implement case-insensitive REs.
* regex.c (compile_regex): Don't overwrite previous regex if error.
* main.c: New option '--strip-trailing-cr'.
* buffer.c (push_undo_atom): Fail if stack grows larger than INT_MAX.
(too_many_lines): Fail if buffer grows larger than INT_MAX lines.
* global.c (set_active_node): Fail if list grows larger than INT_MAX.
* signal.c (resize_buffer): Fail if a line grows longer than INT_MAX.
* io.c (read_file): Return -2 for fatal errors.
* main_loop.c (main_loop): Set error status if fatal error from main.
* main.c [restricted_]: New message "Directory access restricted".
* ed.texi: New chapter "The 's' Command".
* COPYING: Restored. (I forgot to do it in 1.11).
* TODO: Removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.8 to 3.9
- Update of rootfile not required
- Changelog
version 3.9
* NEWS: Record release date.
build: update gnulib to latest
2023-01-05 Jim Meyering <meyering@fb.com>
tests: avoid large-subopt XPASS on systems without perl
* tests/large-subopt: Use $PERL, rather than hard-coding "perl".
* bootstrap.conf (gnulib_modules): Add "perl" to the list.
Reported by Bruno Haible in
https://lists.gnu.org/r/diffutils-devel/2023-01/msg00000.html
2023-01-05 Bruno Haible <bruno@clisp.org>
tests: avoid a test failure when using Solaris 11.4's old grep
* tests/colors (nanosecond_zeros): Use a dumbed-down grep '\.'
in place of "grep -F ." to accommodate Solaris 11.4's old versions
of grep in the default PATH. Reported here:
https://lists.gnu.org/r/diffutils-devel/2023-01/msg00001.html
2023-01-01 Jim Meyering <meyering@fb.com>
build: update gnulib to latest
maint: update copyright dates
2022-12-31 Paul Eggert <eggert@cs.ucla.edu>
build: simplify GCC 12 false alarm workaround
* src/util.c (print_message_queue): Pacify GCC in a
more-straightforward way.
maint: fix assumption typo
Fix a typo I introduced in my August 2021 signal handling fixes.
Problem reported by Sam James (Bug#60457).
* src/util.c (xsigismember): Don’t assume sigismember cannot return 0.
2022-12-30 Jim Meyering <meyering@fb.com>
build: update gnulib to latest
build: temp?-disable -Wanalyzer-use-of-uninitialized-value
* src/util.c (print_message_queue): This function triggers false
positive warnings from GCC12, so add pragmas to ignore that new warning
in this one function. Required when using either of these:
- gcc version 12.2.1 20221121
- gcc version 13.0.0 20221229 (experimental)
2022-12-11 Jim Meyering <meyering@fb.com>
build: update gnulib to latest
2022-11-12 Jim Meyering <meyering@fb.com>
build: update gnulib to latest
2022-02-14 Paul Eggert <eggert@cs.ucla.edu>
doc: mark up SEE ALSO (Bug#53976)
2022-01-24 Jim Meyering <meyering@fb.com>
tests: fix false-failure on systems without valgrind
* tests/init.cfg (require_valgrind_): Use exit status of subshell,
not that of the "local" declaration.
2022-01-14 Paul Eggert <eggert@cs.ucla.edu>
build: update gnulib submodule to latest
2022-01-03 Jim Meyering <meyering@fb.com>
maint: avoid new syntax-check failure
* cfg.mk (local-checks-to-skip): Add sc_indent, to skip it.
Otherwise, "make syntax-check" would fail.
maint: make update-copyright
build: update gnulib to latest; also bootstrap and init.sh
2021-10-30 Paul Eggert <eggert@cs.ucla.edu>
maint: modernize README-{hacking,prereq}
2021-10-16 Paul Eggert <eggert@cs.ucla.edu>
doc: copy fdl.texi into git
This pacifies this notice from ./bootstrap: “Notice from module
fdl: Don't use this module! Instead, copy the referenced license
file into your version control repository.”
* bootstrap.conf (gnulib_modules): Remove fdl.
* doc/fdl.texi: New file, taken from Gnulib.
maint: direct dependency on time_rz now
Now that diff calls tzalloc, it depends directly on time_rz.
* bootstrap.conf (gnulib_modules): Add time_rz.
build: update gnulib submodule to latest
2021-10-15 Paul Eggert <eggert@cs.ucla.edu>
diff: fix timezone bug on Solaris
Problem reported by Vladimir Marek (bug#51228).
* NEWS: Mention this.
* src/context.c (print_context_label): Pass localtz to nstrftime,
instead of always passing 0.
* src/diff.c (main) [!HAVE_TM_GMTOFF]:
Initialize localtz if time_format uses %z.
* src/diff.h (localtz): New decl.
* tests/Makefile.am (TESTS): Add timezone.
* tests/timezone: New test.
2021-08-31 Paul Eggert <eggert@cs.ucla.edu>
diff3: port better to MS-Windows
* src/diff3.c (enum diff_type): Prefix constants like ADD with
"DIFF_" to avoid collisions with unwise system headers.
2021-08-30 Paul Eggert <eggert@cs.ucla.edu>
maint: port better to non-POSIX
Problem privately reported by Gisle Vanem for MS-Windows.
* src/util.c (sig, install_signal_handlers):
Don’t assume SIGTSTP, SIGALRM, SIGQUIT.
(is_tstp_index): New function, for use in SIGTSTP avoidance.
maint: prefer attribute.h attributes
Prefer the macros used in attribute.h, and _Noreturn,
to the by-hand use of __attribute__, as this is more portable.
* bootstrap.conf (gnulib_modules): Add attribute.
* src/system.h: Include attribute.h. All uses of
attributes changed to use the attribute.h macros.
Plus, use _Noreturn.
(FALLTHROUGH): Remove; attribute.h now defines this.
build: update gnulib submodule to latest
diff: avoid double translation
* src/analyze.c (briefly_report): Do not translate here,
as ‘message’ translates its format.
diff: use variable arg list for messages
This simplifies the code by using varargs.
* bootstrap.conf (gnulib_modules): Add flexmember.
(XGETTEXT_OPTIONS): Do not flag message5.
* src/util.c: Include flexmember.h, stdarg.h.
(struct msg): New members msgid, argbytes. args is now
FLEXIBLE_ARRAY_MEMBER, and does not contain msgid.
All uses changed.
(message): Now varargs. Detect number of args by counting '%'s.
Use FLEXSIZEOF, to avoid problems on systems with buggy
allocators. Avoid redundant ‘*p = 0’ when *p is already zero
after stpcpy.
(message5): Remove; all callers changed to use ‘message’.
(print_message_queue): Abort if too many args were passed;
this cannot happen with current diffutils.
2021-08-29 Paul Eggert <eggert@cs.ucla.edu>
diff: port better to MS-Windows
Problem reported by Gisle Vanem (Bug#36488#30).
* src/util.c (xsigaction) [SA_NOCLDSTOP]: Remove; no longer needed.
(install_signal_handlers): If the first call to sigaction or
signal fails, do not exit; just skip the signal and continue,
in case the runtime does not support the signal even though the
corresponding SIG* macro is defined.
2021-08-28 Paul Eggert <eggert@cs.ucla.edu>
diff: cleanup signal handling just before exit
This should fix an unlikely signal handling bug with colored
output, and should also fix a Debian FTBFS (Fails To Build From
Source) on powerpc64le-linux. See Bug#34519 and Frédéric
Bonnard’s report in:
https://bugs.debian.org/922552#19
* bootstrap.conf (gnulib_modules): Add raise, sigprocmask.
* src/diff.c (main): Call cleanup_signal_handlers before exiting.
Don’t bother calling ‘exit’; no longer needed nowadays.
* src/util.c (sigprocmask, siginterrupt) [!SA_NOCLDSTOP]:
Define to 0 instead of empty, since the results are now used.
(sigset_t) [!SA_NOCLDSTOP]: Remove; we now rely on Gnulib.
(xsigaction) [SA_NOCLDSTOP]: New function.
(xsigaddset, xsigismember, xsignal, xsigprocmask): New functions.
(some_signals_caught): New static var.
(process_signals): Omit a conditional branch.
Don’t bother loading interrupt_signal if stop_signal_count is nonzero.
(process_signals, install_signal_handlers):
Check for failures from sigprocmask etc.
(sig, nsig): Now at top level, since multiple functions need them.
(install_signal_handlers): No need for caught_sig array;
just use caught_signals. However, set some_signals_caught.
(cleanup_signal_handlers): New function.
2021-08-22 Paul Eggert <eggert@cs.ucla.edu>
diff: add integer overflow checking
* src/diff.c (option_list, main): Check for integer overflow
in some unlikely and hard-to-test cases.
maint: refactor integer overflow checking
Rely on more-modern Gnulib capabilities instead of doing
integer overflow checking by hand, in some cases.
* lib/cmpbuf.c (buffer_lcm):
* src/io.c (slurp, find_identical_ends):
Use INT_ADD_WRAPV and INT_MULTIPLY_WRAPV rather than checking
overflow by hand.
* src/diff3.c (process_diff):
* src/dir.c (dir_read):
* src/io.c (find_identical_ends, read_files):
Use xnmalloc rather than checking overflow by hand.
(read_files): Rely on xcalloc to do overflow checking.
diff: avoid sprintf %s
sprintf fails if the result contains more than INT_MAX bytes,
so rework the code to avoid usage of sprintf %s where the
string might be longer than that.
* bootstrap.conf (gnulib_modules): Remove xvasprintf.
* src/diff.c (specify_style):
* src/util.c (begin_output):
Rewrite to avoid sprintf %s.
* src/util.c: Do not include xvasprintf.h.
(concat): Remove, as it uses sprintf %s. All uses rewritten.
diff: use mempcpy
* bootstrap.conf (gnulib_modules): Add mempcpy, stpcpy.
* src/ifdef.c (do_printf_spec):
* src/sdiff.c (expand_name, lf_snarf, temporary_file):
* src/util.c (message5):
Prefer mempcpy to memcpy plus manual size-updating.
Prefer stpcpy to mempcpy plus manual size-spec.
sdiff: fix unlikely memory leak
* src/sdiff.c (temporary_file): Fix memory leak when mkstemp fails.
Don’t assume temporary file name length fits in ‘int’.
diff3: simplify process_diff
* src/diff3.c (process_diff): Remove LAST_BLOCK arg, since callers
no longer needed it. All callers changed. This removes an
unnecessary initialization of bptr to NULL.
maint: modernize IF_LINT for GCC 11.2.1
* src/cmp.c (cmp):
* src/dir.c (find_dir_file_pathname):
* src/sdiff.c (edit):
Mention which GCC bug this IF_LINT works around.
* src/diff3.c (process_diff):
Always initialize to NULL, to avoid problems on mostly-theoretical
hosts where accessing uninitialized variables traps. The next
patch will have a better fix for this.
* src/ifdef.c (do_printf_spec):
No need for IF_LINT in GCC 11.2.1.
maint: lint → GCC_LINT
‘lint’ is for traditional lint and perhaps some other tools;
‘GCC_LINT’ is targeted more for what we do.
Gnulib accepts either, but we might as well be more accurate.
* configure.ac (GCC_LINT): Define this instead of ‘lint’.
All uses changed.
diff: remove printint
* src/system.h (printint): Remove. All uses removed. This type
was only for porting to pre-C89 hosts, and is no longer needed.
diff: remove INT_MAX limit on -F/-p searches
* src/context.c (find_function): Don’t limit function-line
searches to INT_MAX bytes, removing a FIXME.
maint: .gitignore updates
* .gitignore: Remove lib/unused-parameter.h. Add all of m4, since
no files there need to be committed; this lets us remove
m4/.gitignore and m4/gnulib-cache.m4. Add *.orig, *.patch, .Tpo,
/*.diff, lib/*/ (which lets us remove /lib/sys/), lib/ctype.h,
lib/errno.h, lib/float.h, lib/fnmatch.h, lib/getopt-cdefs.h,
lib/getopt.h, lib/limits.h, lib/sigsegv.h, lib/stdalign.h,
lib/stdarg.h, lib/stdbool.h, lib/stddef.h, lib/stdint.h,
lib/stdopen.[ch], vc-dwim-log-*. Add slashes to autom4te.cache,
build-aux. Remove redundant initial slashes from patterns that
also have internal slashes. Remove plain ABOUT-NLS, since
/ABOUT-NLS suffices. Sort using LC_ALL=C.
maint: omit unused function if not debugging
* src/util.c (debug_script): Compile only if DEBUG.
maint: remove prepargs
* lib/Makefile.am (noinst_HEADERS): Remove prepargs.h.
(libdiffutils_a_SOURCES): Remove prepargs.c.
* lib/prepargs.c, lib/prepargs.h: Remove. Hasn’t been
needed for many years.
* src/diff.c: Do not include prepargs.h.
maint: zalloc → xzalloc
* src/util.c (zalloc): Remove. All uses replaced
by xzalloc, which means the same thing.
2021-08-22 Paul Eggert <eggert@cs.ucla.edu>
diff3: suppress -fanalyzer alarms
* src/diff3.c: Add pragma to suppress -Wanalyzer-null-dereference
alarms.
* src/diff.h (find_dir_file_pathname): Add malloc-related
attributes, to pacify gcc -Wsuggest-attribute=malloc.
2021-08-22 Paul Eggert <eggert@cs.ucla.edu>
maint: remove January workaround for Gnulib issue
* configure.ac: Don’t add -Wno-analyzer-null-argument, since
the issue is now fixed in Gnulib.
build: update gnulib submodule to latest
2021-08-01 Paul Eggert <eggert@cs.ucla.edu>
maint: remove stray init.cfg
* init.cfg: Remove. I guess this file was a stray, since it was a
copy of tests/init.cfg when it was checked in, and it hasn’t been
maintained since.
tests: port to valgrind 3.16.0 + GCC 11.2
* tests/init.cfg (stderr_fileno_): Reject valgrind if it reports a
"Serious error" on a trival use of ‘diff’. Without this patch, on
RHEL 8.4 when I compile diffutils with a GCC 11.2.0 that I built
myself, ‘valgrind diff’ spits out messages like WARNING: Serious
error when reading debug info / When reading debug info from diff:
Ignoring non-Dwarf2/3/4 block in .debug_info’ and this causes the
strip-trailing-cr test to fail. I guess valgrind complains
because the valgrind version 3.16.0 that came with RHEL 8.4 cannot
grok the debug entries generated by GCC 11.2.0.
2021-08-01 Jim Meyering <meyering@fb.com>
maint: post-release administrivia
* NEWS: Add header line for next release.
* .prev-version: Record previous version.
* cfg.mk (old_NEWS_hash): Auto-update.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
the flashimage is build without journal to not destroy
usb thumbdrives or sd cards. On real ssd's and virtual
machines it should enabled for higher data security.
So this patch add the journal is drive support smart.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is just to ensure that all systems have the latest version of this
file as it has been changed during the test phase of the previous
update.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- The fix applied in vpnmain.cgi only adds the unique_subject = yes to the index.txt.attr
file after the first time that the root/host certificates are attempted to be created.
- Without this line in update.sh, the first attempt to create the root/host certificate set
will still have the original error code. If the creation is attempted again then it will
work because the unique_subject = yes will have then been added into the file.
- This patch ensures that the first attempt to create a root/host certificate set in CU175
will work.
- Confirmed on vm testbed with freshly updated CU175.
Fixes: Bug#13138
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- This now only adds "providers legacy default" to the config files of connections that
have legacy certificates, both for n2n and roadwarrior.
- This new approach also removes the requirement to have code in the update.sh script
or in backup.pl so those earlier modifications are removed in two additional patches
combined with this one in a set.
- The -legacy option has been removed from the pkcs12 creation part of the code as
otherwise this creates a certificate in legacy format, which is not wanted. All new
connection certificates being created will be based on openssl-3.x
Fixes: Bug#13137
Suggested-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- The change to openssl-3.x results in the openssl commands that start with ca failing
with the error message
OpenSSL produced an error: <br>40E7B4719B730000:error:0700006C:configuration file
routines:NCONF_get_string:no value:crypto/conf/conf_lib.c:315:group=<NULL>
name=unique_subject
- The fix for this is to include the unique_subject = yes line into
/var/ipfire/certs/index.txt.attr
- Additionally, based on the learnings from bug#13137 on OpenVPN, any openssl commands
dealing with pkcs12 (.p12) files that were created with openssl-1.1.1x fail when being
accessed with openssl-3.x due to the no longer supported algorithm. These can be
accessed if the -legacy option is added to every openssl command dealing with pkcs12
Fixes: Bug#13138
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- This code adds the "providers legacy default" line into OpenVPN N2N Client config files
when restoring them in case it is missing from a backup earlier than CU175.
Only adds the line if it is not already present.
- Tested out on my vm testbed system
Fixes: Bug#13137
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- This modification will check if ovpnconfig exists and is not empty. If so then it will
check for all n2n connections and if they are Client configs will check if
"providers legacy default" is not already present and if so will add it.
Fixes: Bug#13137
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- With a n2n connection .p12 certificate created wityh openssl-1.1.1x the line
providers legacy default is required in the n2nconf file to enable it to start.
- Any openssl-3.x attempt to open a .p12 file created with openssl-1.1.1x will result in
a failure and an error message. All the openssl commands dealing with pkcs12 (.p12)
files need to have the -legacy option added to them.
Fixes: Bug#13137
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit 9fae7ab32b.
This file is not part of the core distribution, but part of the
squidclamav package.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Any insecure connections made with openssl-3.x can have the cert and key extracted but
if the insecure connection was made from prior to CU175 Testing then it used
openssl-1.1.1 which causes an error under openssl-3.x due to the old version being able
to accept older ciphers no longer accepted by openssl-3.x
- Adding the -legacy option to the openssl commands enables openssl-3.x to successfully
open them and extract the cert and key
- Successfully tested on a vm system. Confirmed that the downloaded version under
openssl-3.x worked exactly the same as the version downloaded under openssl-1.1.1
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- OpenSSL-3.x gives an error when trying to open insecure .p12 files to extract the cert
and key for the insecure package download option.
- To make this work the -legacy option is needed in the openssl command, which requires
the legacy.so library to be available.
- Successfully tested on a vm system.
- Patch set built on Master (CU175 Testing)
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- What is it?
rsnapshot is a filesystem snapshot utility based on
rsync. rsnapshot makes it easy to make periodic snapshots of the
ipfire device. The code makes extensive use of hard links whenever
possible, to greatly reduce the disk space required. See:
https://rsnapshot.org
- Why is it needed?
Rsnapshot backups run multiple times per day
(e.g., once per day up to 24 times per day). Rsnapshot is much easier
to configure, setup and use than the borg backup add-on. (I found
borg somewhat confusing). Rsnapshot completes each backup very fast.
Unlike borg, rsnapshot does not compress each backup before storage.
During a complete rebuild, borg backup need installation of the borg
add-on to recover archived files. Rsnapshot backups can be copied
directly from the backup drive. Current backups (backup.pl or borg)
could corrupt sqlite3 databases by running a backup during a database
write. This add-on includes a script specifically for sqlite backups.
- IPFire Wiki
In process at: https://wiki.ipfire.org/addons/rsnapshot
Thanks to Gerd for creating a first build and a nice template for me!
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
The latter will not work until a reboot due to the Core Update featuring
a new kernel, and will instead result in the following error:
modprobe: FATAL: Module nf_log_ipv4 not found in directory /lib/modules/6.1.27-ipfire
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- The code checks first if ovpnconfig exists and is not empty.
- Then it makes all net2net connections no-pass since they do not use encryption
- Then it cycles through all .p12 files and checks with openssl if a password exists or not.
If a password is present then pass is added to index 41 and if not then no-pass is added
to index 41
- This code should be left in update.sh for future Core Updates in case people don't update
with Core Update 175 but leave it till later. This code works fine on code that already
has pass or no-pass entered into index 41 in ovpnconfig
Fixes: Bug#11048
Suggested-by: Erik Kapfer <ummeegge@ipfire.org>
Suggested-by: Adolf Belka <adolf.belka@ipfire.org>
Tested-by: Erik Kapfer <ummeegge@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png
- The license for this image is the following:-
This library is free software; you can redistribute it and/or modify it under the terms
of the GNU Lesser General Public License as published by the Free Software Foundation;
either version 2.1 of the License, or (at your option) any later version. This library
is distributed in the hope that it will be useful, but without any warranty; without
even the implied warranty of merchantability or fitness for a particular purpose. See
version 2.1 and version 3 of the GNU Lesser General Public License for more details.
- Based on the above license I believe it can be used by IPFire covered by the GNU General
Public License that is used for it.
- The icon image was made by taking the existing openvpn.png file and superimposing the
padlock icon on top of it at a 12x12 pixel format and naming it openvpn_encrypted.png
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
