- Update from 1.9.4 to 1.10.1
- Update of rootfile
- Changelog
Noteworthy changes in version 1.10.1 (2022-03-28) [C24/A4/R1]
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc. [rCffaef0be61]
* Other:
- More portable integrity check in FIPS mode. [rC9fa4c8946a,T5835]
- Add X9.62 OIDs to sha256 and sha512 modules. [rC52fd2305ba]
Noteworthy changes in version 1.10.0 (2022-02-01) [C24/A4/R0]
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649. [T5752]
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification. [T4894]
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[R5328,CVE-2021-40528]
- Fix alignment problem on macOS. [T5440]
- Check the input length of the point in ECDH. [T5423]
- Fix an abort in gcry_pk_get_param for "Curve25519". [T5490]
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code. [T5523]
- Simplification of the entropy gatherer when using the getentropy
system call.
* Interface changes relative to the 1.10.0 release:
GCRYCTL_SET_DECRYPTION_TAG NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code.
GCRYCTL_NO_FIPS_MODE = 83 NEW control code.
GCRY_CIPHER_MODE_SIV NEW mode.
GCRY_CIPHER_MODE_GCM_SIV NEW mode.
GCRY_CIPHER_EXTENDED NEW flag.
GCRY_SIV_BLOCK_LEN NEW macro.
gcry_cipher_set_decryption_tag NEW macro.
GCRY_KDF_ARGON2 NEW constant.
GCRY_KDF_BALLOON NEW constant.
GCRY_KDF_ARGON2D NEW constant.
GCRY_KDF_ARGON2I NEW constant.
GCRY_KDF_ARGON2ID NEW constant.
gcry_kdf_hd_t NEW type.
gcry_kdf_job_fn_t NEW type.
gcry_kdf_dispatch_job_fn_t NEW type.
gcry_kdf_wait_all_jobs_fn_t NEW type.
struct gcry_kdf_thread_ops NEW struct.
gcry_kdf_open NEW function.
gcry_kdf_compute NEW function.
gcry_kdf_final NEW function.
gcry_kdf_close NEW function.
gcry_pk_hash_sign NEW function.
gcry_pk_hash_verify NEW function.
gcry_pk_random_override_new NEW function.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.0.4 to 1.0.5
- Update of rootfile not required
- Changelog
Version 1.0.5 changes from git commits
src: doc: Fix messed-up Netlink message batch diagram
build: If doxygen is not available, be sure to report "doxygen: no" to ./conf...
build: doc: get rid of the need for manual updating of Makefile
build: doc: "make" builds & installs a full set of man pages
doxygen: Fixed link to the git source tree on the website.
include: add MNL_SOCKET_DUMP_SIZE definition
doxygen: remove EXPORT_SYMBOL from the output
nlmsg: Fix a missing doxygen section trailer
src: fix doxygen function documentation
examples: Add rtnl-addr-add.c
examples: reduce LOCs during neigh attributes validation
examples: fix print line format
examples: fix neigh max attributes
examples: add arp cache dump example
libmnl: zero attribute padding
examples: rtnl-addr-dump: fix typo
callback: mark cb_ctl_array 'const' in mnl_cb_run2()
examples: nfct-daemon: Fix test building on musl libc
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- This is an addon whose purpose is defined as :-
Netpbm is a toolkit for manipulation of graphic images, including conversion of images
between a variety of different formats. There are over 300 separate tools in the
package including converters for about 100 graphics formats. Examples of the sort of
image manipulation we're talking about are: Shrinking an image by 10%; Cutting the top
half off of an image; Making a mirror image; Creating a sequence of images that fade
from one image to another.
- None of the above seems to be a purpose related to a Firewall. Additionally it is
available in a huge number of distributions, including Linux, BSD,Windows,
MacOS X/Darwin, Solaris, AIX etc
- This package seems to be better used on a system in the lan protected by IPFire than
used on IPFire itself
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- This is the legacy version of libnl - 1.1.4 and was released in 2013
- libnl-3 is the running stable version - 3.5.0
- Nothing in IPFire has libnl as a dependency. Large number of programs have libnl-3 as
a dependency
- libnl developer indicates that libnl-3 should be used if in any way possible and that
the legacy version is for situations that fail to work with libnl-3
- As everything in IPFire looks to already be using libnl-3 this patch is to remove the
legacy version
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 6.61 to 6.62
- Update of rootfile not required
- Changelog
6.62 2022-04-05 01:04:17Z
- Allow downloading to a filehandle (GH#400) (Andrew Fresh)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://raw.githubusercontent.com/rfc1036/whois/next/debian/changelog
whois (5.5.13) unstable; urgency=medium
* Added the .sd TLD server.
* Updated the list of new gTLDs.
* Added the Turkish translation, contributed by Oguz Ersen.
-- Marco d'Itri <md@linux.it> Fri, 08 Apr 2022 01:08:55 +0200
whois (5.5.12) unstable; urgency=medium
* Updated the .pro TLD server, which was totally broken.
* Fixed the detection of Japanese locales using $LC_MESSAGES.
* Implemented providing partial salt strings to mkpasswd.
* Removed 2 new gTLDs which are no longer active.
* Updated one or more translations. (Closes: #1003597)
* Enabled full hardening in debian/rules.
-- Marco d'Itri <md@linux.it> Wed, 23 Feb 2022 01:03:11 +0100
whois (5.5.11) unstable; urgency=medium
* Implemented a --no-recursion command line option to disable recursion
from registrar to registry servers.
* Updated the .pro, .vu and .xxx TLD servers.
* Updated the list of new gTLDs.
* Removed 7 new gTLDs which are no longer active.
* Updated make_version_h.pl to support Ubuntu no-change uploads,
contributed by Matthias Klose. (Closes: #995873)
-- Marco d'Itri <md@linux.it> Mon, 03 Jan 2022 18:18:36 +0100
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Fixes: 12831
Jonatan Schlag reported that the command line options of 'vnstat' had changed
"...and seemed to be broken a long time".
=> https://bugzilla.ipfire.org/show_bug.cgi?id=12831#c0
Several command line switches used in networking initscripts were obviously removed.
Affected commands in '.../networking/any' and '.../networking/red'):
...
/usr/bin/vnstat -u -i ${DEVICE} -r --enable --force > /dev/null 2>&1
...
/usr/bin/vnstat -u -i ${DEVICE} -r --disable > /dev/null 2>&1
...
and
...
/usr/bin/vnstat -u -i ppp0 -r --disable > /dev/null 2>&1
...
Adolf Belka tested this, "looked through the changelogs" and found - besides that
the switch '--enable' had been removed "in version 2.0 in 2018" - that '--enable', '--update'
and '--reset' switches are either not needed or not supported anymore.
"The old man page indicates that none of those options are used when the vnstat daemon
is running."
Since we only start and run 'vnstatd' in IPFire it was decided to remove these commands.
Reported-by: jonatan.schlag <jonatan.schlag@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from 3.0.6 to 3.0.7
- Update of rootfile
- Changelog
Version 3.0.7 -
- Fixed bug #345, in which delimitedList changed expressions in place
using expr.streamline(). Reported by Kim Gräsman, thanks!
- Fixed bug #346, when a string of word characters was passed to WordStart
or WordEnd instead of just taking the default value. Originally posted
as a question by Parag on StackOverflow, good catch!
- Fixed bug #350, in which White expressions could fail to match due to
unintended whitespace-skipping. Reported by Fu Hanxi, thank you!
- Fixed bug #355, when a QuotedString is defined with characters in its
quoteChar string containing regex-significant characters such as ., *,
?, [, ], etc.
- Fixed bug in ParserElement.run_tests where comments would be displayed
using with_line_numbers.
- Added optional "min" and "max" arguments to `delimited_list`. PR
submitted by Marius, thanks!
- Added new API change note in `whats_new_in_pyparsing_3_0_0`, regarding
a bug fix in the `bool()` behavior of `ParseResults`.
Prior to pyparsing 3.0.x, the `ParseResults` class implementation of
`__bool__` would return `False` if the `ParseResults` item list was empty,
even if it contained named results. In 3.0.0 and later, `ParseResults` will
return `True` if either the item list is not empty *or* if the named
results dict is not empty.
# generate an empty ParseResults by parsing a blank string with
# a ZeroOrMore
result = Word(alphas)[...].parse_string("")
print(result.as_list())
print(result.as_dict())
print(bool(result))
Prints:
[]
{}
False
# add a results name to the result
result["name"] = "empty result"
print(result.as_list())
print(result.as_dict())
print(bool(result))
Prints:
[]
{'name': 'empty result'}
True
In previous versions, the second call to `bool()` would return `False`.
- Minor enhancement to Word generation of internal regular expression, to
emit consecutive characters in range, such as "ab", as "ab", not "a-b".
- Fixed character ranges for search terms using non-Western characters
in booleansearchparser, PR submitted by tc-yu, nice work!
- Additional type annotations on public methods.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Build worked without libevent without problems
- Nothing shows up as dependent on the libevent (legacy) libraries
- Lots of dependencies on the the libevent2 libraries
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.0.1 to 1.0.2
- Update of rootfile not required
- Changelog
Version 1.0.2
* Warnings with automake-1.12
* Update header comments to reflect GPLv2+ license
* Allow building on uclinux
* Valgrind warnings due to uninitialized padding in netlink messages
* Hide private library symbols
* Support builds with newer doxygen versions
* Failing calls to getsockname() were left unnoticed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
gzip 1.12 no longer features zless. For convenience reasons, symlink
/usr/bin/zless to /usr/bin/zmore, so users won't need to relearn any
commands they were previously used to.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Prevents "use of uninitialized value" warnings when the
CGI is called with broken undefined GET parameters.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.9.9 to 1.9.10
- Update of rootfile not required
- Changelog
What's new in Sudo 1.9.10
* Added new "log_passwords" and "passprompt_regex" sudoers options.
If "log_passwords" is disabled, sudo will attempt to prevent passwords
from being logged. If sudo detects any of the regular expressions in
the "passprompt_regex" list in the terminal output, sudo will log '*'
characters instead of the terminal input until a newline or carriage
return is found in the input or an output character is received.
* Added new "log_passwords" and "passprompt_regex" settings to
sudo_logsrvd that operate like the sudoers options when logging
terminal input.
* Fixed several few bugs in the cvtsudoers utility when merging
multiple sudoers sources.
* Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
file, where the "retry_interval" in the [relay] section was not
being recognized.
* Restored the pre-1.9.9 behavior of not performing authentication
when sudo's -n option is specified. A new "noninteractive_auth"
sudoers option has been added to enable PAM authentication in
non-interactive mode. GitHub issue #131.
* On systems with /proc, if the /proc/self/stat (Linux) or
/proc/pid/psinfo (other systems) file is missing or invalid,
sudo will now check file descriptors 0-2 to determine the user's
terminal. Bug #1020.
* Fixed a compilation problem on Debian kFreeBSD. Bug #1021.
* Fixed a crash in sudo_logsrvd when running in relay mode if
an alert message is received.
* Fixed an issue that resulting in "problem with defaults entries"
email to be sent if a user ran sudo when the sudoers entry in
the nsswitch.conf file includes "sss" but no sudo provider is
configured in /etc/sssd/sssd.conf. Bug #1022.
* Updated the warning displayed when the invoking user is not
allowed to run sudo. If sudo has been configured to send mail
on failed attempts (see the mail_* flags in sudoers), it will
now print "This incident has been reported to the administrator."
If the "mailto" or "mailerpath" sudoers settings are disabled,
the message will not be printed and no mail will be sent.
GitHub issue #48.
* Fixed a bug where the user-specified command timeout was not
being honored if the sudoers rule did not also specify a timeout.
* Added support for using POSIX extended regular expressions in
sudoers rules. A command and/or arguments in sudoers are treated
as a regular expression if they start with a '^' character and
end with a '$'. The command and arguments are matched separately,
either one (or both) may be a regular expression.
Bug #578, GitHub issue #15.
* A user may now only run "sudo -U otheruser -l" if they have a
"sudo ALL" privilege where the RunAs user contains either "root"
or "otheruser". Previously, having "sudo ALL" was sufficient,
regardless of the RunAs user. GitHub issue #134.
* The sudo lecture is now displayed immediately before the password
prompt. As a result, sudo will no longer display the lecture
unless the user needs to enter a password. Authentication methods
that don't interact with the user via a terminal do not trigger
the lecture.
* Sudo now uses its own closefrom() emulation on Linux systems.
The glibc version may not work in a chroot jail where /proc is
not available. If close_range(2) is present, it will be used
in preference to /proc/self/fd.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
