- Update from 4.14.0.4 to 4.15.0.1
- Update of rootfile
- Changelog
v4.15.0.1
rebased with official coreboot repository commit 6973a3e7
v4.14.0.6
rebased with official coreboot repository commit d06c0917
Re-added GPIO bindings to fix LED and button functionality
v4.14.0.5
rebased with official coreboot repository commit d4c55353
Updated CPU declarations in ACPI to comply with newer ACPI standard
Removed GPIO bindings to fix conflict with OS drivers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
this fix the 500 internal server error becuase this file
was not installed by the patch that add the wiki links.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Release annnouncement as per https://github.com/seccomp/libseccomp/releases/tag/v2.5.3:
Version 2.5.3 - November 5, 2021
Update the syscall table for Linux v5.15
Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
Document that seccomp_rule_add() may return -EACCES
Fix issues with test 11-basic-basic_errors on old kernels (API level < 5)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- jwhois being replaced with whois
- Removal of jwhois lfs, rootfile and assoicated patch files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- This whois client is being actively maintained. This version 5.5.10 was released on
June 6th 2021 and regular updates have been ocurring several times per year.
- This client has all of its default whois servers compiled into it. These can be seen
by reading the source files in the tarball.
- Therefore the whois.conf file is available for any additional servers that are decided
to be required but as provided is empty.
- Installed on a vm testbed and worked to identify the details of ip addresses. Selecting
an IP in the WUI logs screen also gets the ip information provided so it is working
well with the WUI.
Tested-by:Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.3.0 to 2.3.2
- Update rootfile
- Changelog is too large to include here. Details can be found in the changes.txt file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 1.7a (2013) to 1.22c (2021)
- Update rootfile
- Changelog is too large to include here. Full details can be read in the ChangeLog file
in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Install libuv lfs and rootfile
- Add libuv to make.sh
- Tested by running bind utilities on a vm testbed
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 9.11.32 to 9.16.22
- 9.11 is an ESV (Extended Support Version) that will go EOL in December 2021
9.16 is the replacement ESV whose EOL is not yet defined but will be at least 4 years
so should be supported until at least March 2024 as the 9.16 branch was started in 2020
- Update rootfile
- libuv is now required both to build the bind libraries and for the running of the
utilities.
- Changelog is difficult to define here as this is a change of branch from 9.11 to 9.16
both of which have been running in parallel. However all the changes from the start of
9.16.0 can be found in the CHANGES file in the source tarball.
- nslookup, host and dig utilities tested out by installing this on a vm testbed. All
these utilities worked as the previous version
nsupdate was not able to be tested other than confirming that running nsupdate
opened an interactive session. This utility would be good to be tested by someone
familiar with how to run it.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Restarting the firewall is not necessary during the upgrade procedure,
and the user is asked to reboot the machine afterwards either way.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.7.6 to 3.8.2
- Update rootfile
- Changelog
Noteworthy changes in release 3.8.2 (2021-09-25) [stable]
Fixed portability issues of bison on Cygwin.
Improvements in glr2.cc: add support for custom error messages (`%define
parse.error custom`), allow linking several parsers together.
Noteworthy changes in release 3.8.1 (2021-09-11) [stable]
The generation of prototypes for yylex and yyerror in Yacc mode is
breaking existing grammar files. To avoid breaking too many grammars, the
prototypes are now generated when `-y/--yacc` is used *and* the
`POSIXLY_CORRECT` environment variable is defined.
Avoid using `-y`/`--yacc` simply to comply with Yacc's file name
conventions, rather, use `-o y.tab.c`. Autoconf's AC_PROG_YACC macro uses
`-y`. Avoid it if possible, for instance by using gnulib's gl_PROG_BISON.
Noteworthy changes in release 3.8 (2021-09-07) [stable]
** Backward incompatible changes
In conformance with the recommendations of the Graphviz team
(https://marc.info/?l=graphviz-devel&m=129418103126092), `-g`/`--graph`
now generates a *.gv file by default, instead of *.dot. A transition
started in Bison 3.4.
To comply with the latest POSIX standard, in Yacc compatibility mode
(options `-y`/`--yacc`) Bison now generates prototypes for yyerror and
yylex. In some situations, this is breaking compatibility: if the user
has already declared these functions but with some differences (e.g., to
declare them as static, or to use specific attributes), the generated
parser will fail to compile. To disable these prototypes, #define yyerror
(to `yyerror`), and likewise for yylex.
** Deprecated features
Support for the YYPRINT macro is removed. It worked only with yacc.c and
only for tokens. It was obsoleted by %printer, introduced in Bison 1.50
(November 2002).
It has always been recommended to prefer `%define api.value.type foo` to
`#define YYSTYPE foo`. The latter is supported in C for compatibility
with Yacc, but not in C++. Warnings are now issued if `#define YYSTYPE`
is used in C++, and eventually support will be removed.
In C++ code, prefer value_type to semantic_type to denote the semantic
value type, which is specified by the `api.value.type` %define variable.
** New features
*** A skeleton for the D programming language
The "lalr1.d" skeleton is now officially part of Bison.
It was originally contributed by Oliver Mangold, based on Paolo Bonzini's
lalr1.java, and was improved by H. S. Teoh. Adela Vais then took over
maintenance and invested a lot of efforts to complete, test and document
it.
It now supports all the bells and whistles of the other deterministic
parsers, which include: pull/push interfaces, verbose and custom error
messages, lookahead correction, token constructors, internationalization,
locations, printers, token and symbol prefixes, etc.
Two examples demonstrate the D parsers: a basic one (examples/d/simple),
and an advanced one (examples/d/calc).
*** Option -H, --header and directive %header
The option `-H`/`--header` supersedes the option `--defines`, and the
directive %header supersedes %defines. Both `--defines` and `%defines`
are, of course, maintained for backward compatibility.
*** Option --html
Since version 2.4 Bison can be used to generate HTML reports. However it
was a two-step process: first bison must be invoked with option `--xml`,
and then xsltproc must be run to the convert the XML reports into HTML.
The new option `--html` combines these steps. The xsltproc program must
be available.
*** A C++ native GLR parser
A new version of the C++ GLR parser was added: "glr2.cc". It generates
"true C++11", instead of a C++ wrapper around a C parser as does the
existing "glr.cc" parser. As a first significant consequence, it supports
`%define api.value.type variant`, contrary to glr.cc.
It should be upward compatible in terms of interface, feature and
performance to "glr.cc". To try it out, simply use
%skeleton "glr2.cc"
It will eventually replace "glr.cc". However we need user feedback on
this skeleton. _Please_ report your results and comments about it.
*** Counterexamples
Counterexamples now show the rule numbers, and always show ε for rules
with an empty right-hand side. For instance
exp
↳ 1: e1 e2 "a"
↳ 3: ε • ↳ 1: ε
instead of
exp
↳ e1 e2 "a"
↳ • ↳ ε
*** Lookahead correction in Java
The Java skeleton (lalr1.java) now supports LAC, via the `parse.lac`
%define variable.
*** Abort parsing for memory exhaustion (C)
User actions may now use `YYNOMEM` (similar to `YYACCEPT` and `YYABORT`)
to abort the current parse with memory exhaustion.
*** Printing locations in debug traces (C)
The `YYLOCATION_PRINT(File, Loc)` macro prints a location. It is defined
when (i) locations are enabled, (ii) the default type for locations is
used, (iii) debug traces are enabled, and (iv) `YYLOCATION_PRINT` is not
already defined.
Users may define `YYLOCATION_PRINT` to cover other cases.
*** GLR traces
There were no debug traces for deferred calls to user actions. They are
logged now.
Noteworthy changes in release 3.7.6 (2021-03-08) [stable]
** Bug fixes
*** Reused Push Parsers
When a push-parser state structure is used for multiple parses, it was
possible for some state to leak from one run into the following one.
*** Fix Table Generation
In some very rare conditions, when there are many useless tokens, it was
possible to generate incorrect parsers.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
These rules do not drop anything, but only alert when internal parts of
the engine trigger an event. This will allow us more insight on what is
happening.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.12 to 2.14
- Update rootfile
- Changelog
Version 2.14 Released 2021-09-09
* New Features:
- Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
corresponding `nocheck` functions. (#520, by Maxim Zhukov)
* Fixes:
- Handle `sprintf` corner cases (#537, by Tobias Stoeckmann)
* Build:
- Symbol versioning for all exported symbols (#540, by Simon McVittie)
- Fix compiler warnings (#555, by Kelvin Lee)
* Documentation:
- Small fixes (#544, #546, by @i-ky)
- Sphinx 3 compatibility (#543, by Pierce Lopez)
Version 2.13.1 Released 2020-05-07
* Build:
- Include `jansson_version_str()` and `jansson_version_cmp()` in
shared library. (#534)
- Include ``scripts/`` in tarball. (#535)
Version 2.13 Released 2020-05-05
* New Features:
- Add `jansson_version_str()` and `jansson_version_cmp()` for runtime
version checking (#465).
- Add `json_object_update_new()`, `json_object_update_existing_new()`
and `json_object_update_missing_new()` functions (#499).
- Add `json_object_update_recursive()` (#505).
* Build:
- Add ``-Wno-format-truncation`` to suppress format truncation warnings (#489).
* Bug fixes:
- Remove ``strtod`` macro definition for MinGW (#498).
- Add infinite loop check in `json_deep_copy()` (#490).
- Add ``pipe`` macro definition for MinGW (#500).
- Enhance ``JANSSON_ATTRS`` macro to support earlier C standard(C89) (#501).
- Update version detection for sphinx-build (#502).
* Documentation:
- Fix typos (#483, #494).
- Document that call the custom free function to free the return value
of `json_dumps()` if you have a custom malloc/free (#490).
- Add vcpkg installation instructions (#496).
- Document that non-blocking file descriptor is not supported on
`json_loadfd()` (#503).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.3 to 3.4.2
- Update rootfile - No dependency issues due to so bump
- Changelog
3.4.2 Jun-28-21
Add static trampoline support for Linux on x86_64 and ARM64.
Add support for Alibaba's CSKY architecture.
Add support for Kalray's KVX architecture.
Add support for Intel Control-flow Enforcement Technology (CET).
Add support for ARM Pointer Authentication (PA).
Fix 32-bit PPC regression.
Fix MIPS soft-float problem.
Enable tmpdir override with the $LIBFFI_TMPDIR environment variable.
Enable compatibility with MSVC runtime stack checking.
Reject float and small integer argument in ffi_prep_cif_var().
Callers must promote these types themselves.
3.3 Nov-23-19
Add RISC-V support.
New API in support of GO closures.
Add IEEE754 binary128 long double support for 64-bit Power
Default to Microsoft's 64-bit long double ABI with Visual C++.
GNU compiler uses 80 bits (128 in memory) FFI_GNUW64 ABI.
Add Windows on ARM64 (WOA) support.
Add Windows 32-bit ARM support.
Raw java (gcj) API deprecated.
Add pre-built PDF documentation to source distribution.
Many new test cases and bug fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 5.1.0 to 5.1.1
- Update rootfile
- Changelog is quite long and detailed so the following are the high level descriptions
of the changes from the NEWS file in the source tarball. More details can be found in
the ChangeLog file in the source tarball.
Changes from 5.1.0 to 5.1.1
1. Infrastructure upgrades: Bison 3.8, Gettext 0.20.2, Automake 1.16.4,
and (will wonders never cease) Autoconf 2.71.
2. asort and asorti now allow FUNCTAB and SYMTAB as the first argument if a
second destination array is supplied. Similarly, using either array as
the second argument is now a fatal error. Additionally, using either
array as the destination for split(), match(), etc. also causes a
fatal error.
3. The new -I/--trace option prints a trace of the byte codes as they
are executed.
4. A number of subtle bugs relating to MPFR mode that caused differences
between regular operation and MPFR mode have been fixed.
5. The API now handles MPFR/GMP values slightly differently, requiring
different memory management for those values. See the manual for the
details if you have an extension using those values. As a result,
the minor version was incremented.
6. $0 and the fields are now cleared before starting a BEGINFILE rule.
7. The duplication of m4 and build-aux directories between the main
directory and the extension directory has been removed. This
simplifies the distribution.
8. The test suite has been improved, making it easier to run the entire
suite with -M. Use `GAWK_TEST_ARGS=-M make check' to do so.
9. Profiling and pretty-printing output has been modified slightly so
that functions are presented in a reasonable order with respect
to the namespaces that contain them.
10. Several example programs in the manual have been updated to their
modern POSIX equivalents.
11. A number of examples in doc/gawkinet.texi have been updated for
current times. Thanks to Juergen Kahrs for the work.
12. Handling of Infinity and NaN values has been improved.
13. There has been a general tightening up of the use of const and
of types.
14. The "no effect" lint warnings have been fixed up and now behave
more sanely.
15. The manual has been updated with much more information about what is
and is not a bug, and the changes in the gawk mailing lists.
16. The behavior of strongly-typed regexp constants when passed as the
third argument to sub() or gsub() has been clarified in the code and
in the manual.
17. Similar to item #4 above, division by zero is now fatal in MPFR
mode, as it is in regular mode.
18. There have been numerous minor code cleanups and bug fixes. See the
ChangeLog for details.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.5.0 to 2.5.4
- Update rootfile
- Tested new version in vm testbed. Openvpn server successfully started.
Client connections working with 2.5.0 also successfully worked with 2.5.4
- Changelog
Overview of changes in 2.5.4
Bugfixes
- fix prompting for password on windows console if stderr redirection
is in use - this breaks 2.5.x on Win11/ARM, and might also break
on Win11/adm64 when released.
- fix setting MAC address on TAP adapters (--lladdr) to use sitnl
(was overlooked, and still used "ifconfig" calls)
- various improvements for man page building (rst2man/rst2html etc)
- minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
at least one platform strictly checking this)
- fix minor memory leak under certain conditions in add_route() and
add_route_ipv6()
User-visible Changes
- documentation improvements
- copyright updates where needed
- better error reporting when win32 console access fails
New features
- also build man page on Windows builds
Overview of changes in 2.5.3
Bugfixes
- CVE-2121-3606
see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
OpenVPN windows builds could possibly load OpenSSL Config files from
world writeable locations, thus posing a security risk to OpenVPN.
As a fix, disable OpenSSL config loading completely on Windows.
- disable connect-retry backoff for p2p (--secret) instances
(Trac #1010, #1384)
- fix build with mbedtls w/o SSL renegotiation support
- Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409)
- MSI installers: properly schedule reboot in the end of installation
- fix small memory leak in free_key_ctx for auth_token
User-visible Changes
- update copyright messages in files and --version output
New features
- add --auth-token-user option (for --auth-token deployments without
--auth-user-pass in client config)
- improve MSVC building for Windows
- official MSI installers will now contain arm64 drivers and binaries
(x86, amd64, arm64)
Overview of changes in 2.5.2
Bugfixes
- CVE-2020-15078
see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
This bug allows - under very specific circumstances - to trick a
server using delayed authentication (plugin or management) into
returning a PUSH_REPLY before the AUTH_FAILED message, which can
possibly be used to gather information about a VPN setup.
In combination with "--auth-gen-token" or an user-specific token auth
solution it can be possible to get access to a VPN with an
otherwise-invalid account.
- restore pushed "ping" settings correctly on a SIGUSR1 restart
- avoid generating unecessary mbed debug messages - this is actually
a workaround for an mbedTLS 2.25 bug when using Curve25519 and Curve448
ED curves - mbedTLS crashes on preparing debug infos that we do not
actually need unless running with "--verb 8"
- do not print inlined (<dh>...</dh>) Diffie Hellman parameters to log file
- fix Linux/SITNL default route lookup in case of multiple routing tables
with more than one default route present (always use "main table" for now)
- Fix CRL file handling in combination with chroot
User-visible Changes
- OpenVPN will now refuse to start if CRL file is not present at startup
time. At "reload time" absense of the CRL file is still OK (and the
in memory copy is used) but at startup it is now considered an error.
New features
- printing of the TLS ciphers negotiated has been extended, especially
displaying TLS 1.3 and EC certificates more correctly.
Overview of changes in 2.5.1
New features
- "echo msg" support, to enable the server to pushed messages that are
then displayed by the client-side GUI. See doc/gui-notes.txt and
doc/management-notes.txt.
Supported by the Windows GUI shipped in 2.5.1, not yet supported by
Tunnelblick and the Android GUI.
User-visible Changes
- make OPENVPN_PLUGIN_ENABLE_PF plugin failures FATAL - if a plugin offers
to set the "openvpn packet filter", and returns a failure when requested
to, OpenVPN 2.5.0 would crash trying to clean up not-yet-initialized
structure members. Since PF is going away in 2.6.0, this is just turning
the crash into a well-defined program abort, and no further effort has
been spent in rewriting the PF plugin error handling (see trac #1377).
Documentation
- rework sample-plugins/defer/simple.c - this is an extensive rewrite
of the plugin to bring code quality to acceptable standards and add
documentation on the various plugin API aspects. Since it's just
example code, filed under "Documentation", not under "Bugfix".
- various man page improvements.
- clarify ``--block-ipv6`` intent and direction
Bugfixes
- fix installation of openvpn.8 manpage on systems without docutils.
- Windows: fix DNS search list setup for domains with "-" chars.
- Fix tls-auth mismatch OCC message when tls-cryptv2 is used.
- Windows: Skip DHCP renew with Wintun adapter (Wintun does not support
DHCP, so this was just causing an - harmless - error and needless delay).
- Windows: Remove 1 second delay before running netsh - speeds up
interface init for wintun setups not using the interactive service.
- Windows: Fix too early argv freeing when registering DNS - this would
cause a client side crash on Windows if ``register-dns`` is used,
and the interactive service is not used.
- Android: Zero initialise msghdr prior to calling sendmesg.
- Fix line number reporting on config file errors after <inline> segments
(see Trac #1325).
- Fix port-share option with TLS-Crypt v2.
- tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key), otherwise
dropping privs on the server would fail.
- tls-crypt-v2: fix server memory leak (about 600 bytes per connecting
client with tls-crypt-v2)
- rework handling of server-pushed ``--auth-token`` in combination with
``--auth-nocache`` on reconnection / TLS renegotiation events. This
used to "forget" to update new incoming token after a reconnection event
(leading to failure to reauth some time later) and now works in all
tested cases.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
