i have added the gatewayfield at the line below the IP and Netmask
fields but prior this fields so the cursor jumps first the the gateway
and after this to the IP. This patch fix the activation order.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The changelog of lynis 3.0.3 is available at
https://github.com/CISOfy/lynis/releases/tag/3.0.3; all changes since
lynis 3.0.1 can be inspected at https://github.com/CISOfy/lynis/releases.
lynis 3.0.2 adds detection for IPFire, so we can hope to have those
"unknown operating system" messages omitted in future. :-)
Minor adjustments to LFS and rootfile were necessary to purge unused
CI/CD stuff as well as some markdown files (licence, code of conduct,
etc. pp.) from the extracted archive.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
These are meanwhile set by Unbound upstream as well, so there is no need
to do things twice here.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This was designed to keep a workstation that is compiling IPFire
responsive during the build. However, the kernel's scheduler has been
improved enough that this is no longer an issue.
Instead of telling the kernel that the build job is something with a
lower priority (which it isn't) we now simply run with the nicelevel of
the parent process that has called make.sh.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Release notes as per https://github.com/seccomp/libseccomp/releases/tag/v2.5.1:
Version 2.5.1 - November 20, 2020
Fix a bug where seccomp_load() could only be called once
Change the notification fd handling to only request a notification fd if
the filter has a _NOTIFY action
Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
Clarify the maintainers' GPG keys
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update qemu from 5.0.0 to 5.2.0
- Changelogs for 5.1.0 and 5.2.0 available at https://wiki.qemu.org/ChangeLog/
- rootfile updated
- patch no longer needed as fix built into source. patch was not utilised
for 5.0.0 version. Patch line was commented out in previous lfs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
I've should have read the changelog from opensuse more thoroughly:
...
4a862fa [clamav] Ignore new "Activating the newly loaded database" message
...
Sorry for the noise.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update cups-filters from 1.27.4 to 1.28.7
- Changelog
CHANGES IN V1.28.7
- driverless: Removed the support quality check from Pull
request #235 as it takes significant time for each printer
being listed, making cups-driverd (`lpinfo -m`) timing out
when there are many printers (OpenPrinting CUPS issue #65).
- libcupsfilters: In the PPD generator give priority to Apple
Raster against PDF (Issue #331).
- libcupsfilters: Added NULL check when removing ".Borderless"
suffixes from page size names (Issue #314, Pull request
#328).
- libcupsfilters: In the cupsRasterParseIPPOptions() map the
color spaces the same way as in the PPD generator (Issue
#326, Pull request #327).
- libcupsfilters: Fixed addition of grayscale mode in
generated PPD files, to avoid duplicate entries
(OpenPrinting CUPS issue #59).
CHANGES IN V1.28.6
- libcupsfilters: In generated PPDs add a grayscale mode if
there are only color printing modes (from OpenPrinting
CUPS).
- libcupsfilters: In generated PPDs add an "OutputBin" option
also if it has only one choice (OpenPrinting CUPS pull
request #18).
- libcupsfilters: Generated PPDs could have an "Unknown"
default InputSlot (OpenPrinting CUPS issue #44).
- cups-browsed: Removed unneeded IPP attribute additions
preventing the created local queues from preserving a
location or description the user assigns to them (Issue
#323).
- cups-browsed: Removed all calls of the resolve_uri() function
of libcupsfilters, as these are not actually needed and in case
the supplied DNS-SD-based URI is not resolvable, the function
gets stuck for ~5 seconds.
- cups-browsed: Fixed several memory leaks, mainly from the
code to merge printer IPP attributes for clusters (Pull
request #322).
- cups-browsed: Silenced compiler warning.
- foomatic-rip: Fix infinite loop and input from file on raw
printing (Pull request #318).
- foomatic-rip: Remove temporary file created during pdf-to-ps
conversion (Pull request #313).
CHANGES IN V1.28.5
- cups-browsed: UUID from IPP response was used after its
pointer was freed by ippDelete() (Pull request #311).
CHANGES IN V1.28.4
- driverless: Avoid duplicate PPD list entries from the same
device via UUID
- driverless: Reduce ippfind calls by "driverless" and
"driverless-fax"called by CUPS. Let "driverless list" list
both print and fax PPDs and "driverless-fax list" do
nothing.
- driverless: Avoid duplicate listings in printer discovery,
by "driverless-fax" not listing any URI as "driverless"
lists them all already.
- driverless: Vastly improve performance by doing only one
ippfind call instead of two (IPP, IPPS) as ippfind accepts
more than one reg type on the command line.
- Sample PPDs: Corrected manufacturer name in
Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd.
CHANGES IN V1.28.3
- libcupsfilters, cups-browsed: Fixed inconsistency between
resolvers for DNS-SD-based URIs, resolve_uri() and
ippfind_based_uri_converter(). Now both return a freeable
string.
- libcupsfilters: Fix uninitialized buffer and parsing ippfind
output in ippfind_based_uri_converter() function (Issue
#308, Pull request #309).
CHANGES IN V1.28.2
- driverless: Free allocated memory, use MAX_OUTPUT_LEN (Pull
request #304).
- driverless: Make the two ippfind tasks(for IPP
and IPPS) run in parallel (Pull request #302, #305, #306).
- braille: Support new liblouis tables not containing a
display name (Pull request #303)
- Build system: Let ./configure not error out when there is
more than one DejaVuSans.ttf test font candidate (Issue
#300).
- cups-browsed: Crash when a remote printer set as default
gets removed, due to missing variable in printf() call
(Issue #299).
- libcupsfilters: Removed all signal handling and global
variables from get_printer_attributes() and
ippfind_based_uri_converter(). This is overkill for these
quick operations and causes problems when shutting down
cups-browsed (Issue #298).
CHANGES IN V1.28.1
- COPYING: Fixed several typos
- libcupsfilters: Fixed typo in log message of
get_printer_attributes functions.
- cups-browsed: Fixed typos in configuration file and man page
- libcupsfilters: Let the PPD generator not suffix page size
names with ".Borderless" if all page sizes would get this
suffix, for example for printers which generally print
borderless.
- libcupsfilters: Added "faxPrefix" option for generated IPP
Fax Out PPDs, so that this option also appears in print
dialogs.
- driverless: List addresses for local services correctly when
using "--std-ipp-uris" (with "localhost" hostname).
- driverless: Make calls of the ippfind utility somewhat faster,
setting the timeout of ippfind to automatic.
- libcupsfilters: Resolve DNS-SD-based URIs for local services
correctly (using hostname "localhost").
- libcupsfilters: In get_printer_attributes() functions do not
try to convert URIs which are not DNS-SD-based (Issue #294).
- libcupsfilters: In get_printer_attributes() functions also
support URIs with "dnssd://..." scheme.
- libcupsfilters: Moved signal handling back into main
function of the get_printer_attributes() variants, it got
moved out accidentally.
- driverless: For generating a PPD, independent whether via
"driverless URI" or "driverless cat URI", always allow CUPS
driver URIs (prefixed with "driverless: " or
"driverless-fax:") and pure IPP URIs.
- driverless: Accept clean IPP URIs also for 'driverless cat
...' (Issue #295, Pull request #296).
- driverless-fax: Do not use fixed path for call of driverless
itself (Pull request #293).
CHANGES IN V1.28.0
- driverless, driverless-fax, libcupsfilters: Added IPP Fax
Out support. Now printer setup tools list an additional fax
"driver". A fax queue is created by selecting this
driver. Jobs have to be sent with "-o phone=12345" to supply
the destination phone number (Pull request #280).
- libfontembed: Silenced warning with gcc 10.x (Pull request
#287).
- cups-browsed: Added ./configure options
--enable-saving-created-queues and
--with-remote-cups-local-queue-naming (Pull request: #253,
#285).
- cups-browsed: Fixed several memory leaks, mainly from the
code to merge printer IPP attributes for clusters (Pull
request #281, #283).
- driverless: Added "--std-ipp-uris" command line option to
show listed URIs in standard hostname-based form (not the
CUPS DNS-SD-service-name-based form. Only for manual call of
the utility, for debugging purposes (Pull request #277).
- libfontembed: Removed assert() calls which cause crashes
when unsupported emoji fonts are installed (Issue #254, Pull
request #276).
- driverless: Added support for IPPS (use "ipps://..." URIs if
possible, Issue #251, Pull request #270, #273).
- gstoraster, gstopdf: When converting PostScript to PDF use
the "pdfwrite" output device with "-dPDFSETTINGS=/default"
instead of with "-dPDFSETTINGS=/printer". This reproduces
bitmaps in the PostScript file with their original image
quality (Issue #272).
- cups-browsed: Limit log file size and add backup file for
previous log entries. Introduced the configuration option
DebugLogFileSize in cups-browsed.conf to set the actual
limit in kilobytes or 0 to get the old behavior of an
unlimited size for the log file (Issue #260, Pull request
#267).
- gstoraster, gstopdf: Do not apply margins when output format
is PDF, as then we convert an incoming PostScript file to
PDF (pre-pdftopdf) and do not prepare the pages for the
printer (post-pdftopdf, Issue #250).
- cups-browsed: Do not write any log messages directly to
stderr, there were some concerning timeouts on queue
creation (Issue #260).
- Build system: Fix cross-compilation without DejaVu test font
in configure.ac (Issue #262, Pull request #263).
- libcupsfilters: Respect the fact that PPD keywords
are case-sensitive when adding "*cupsManualCopies: True" in
PPD file (Issue #242).
- libcupsfilters: Older versions of libcups (< 2.3.1)
had the enum name for fold-accordion finishings mistyped.
Added a workaround.
- cups-browsed: Remove left-over local queues from the
previous session more quickly when CUPS legacy browsing is
turned on.
- cups-browsed: Left-over local queues from the previous
session for which the corresponding remote printer did not
appear again did not get removed as they were considered
externally overwritten.
- gstoraster, gstopdf: Add option "-dDoNumCopies" to
Ghostscript command line if we are outputting PDF (called
via gstopdf wrapper) and the number of copies supplied to
CUPS is 1 (4th command line argument). In this case we
convert incoming PostScript to PDF and need to respect
embedded PostScript commands to implement the number of
copies (Issue #255, CUPS Issue #5796, OpenSUSE bug
#1173345).
- imagetoraster: Potential null dereference fix (when no valid
PPD is supplied, Pull request #256).
- cups-browsed: Call cupsGetNamedDest() only if
"OnlyUnsupportedByCUPS No"
- Sample PPDs: Corrected ColorModel default for Generic PWG
Raster PPD to Color (Pull request #247).
- cups-browsed: Mark the temp queue as cups-browsed-generated
during setting printer-is-shared (Pull request #246).
- cups-browsed: Remove mentions of README and AUTHORS files in
the man page (Pull request #244).
- pclmtoraster: Added new filter to extract Raster data from
raster-only PDF files, here for the special case of PCLm
files (Pull request #243, #257).
- Sample PPDs: In Generic-PDF_Printer-PDF.ppd add option to
switch between color and grayscale printing (Pull request
#237).
CHANGES IN V1.27.5
- cups-browsed: Do not remove the created local queues on
shutdown, to avoid their re-creation on restart, so that
desktops get no cluttered with notifications of new queues
being created. One can return to the old behavior via
"KeepGeneratedQueuesOnShutdown No" in cups-browsed.conf
(Ubuntu bug #1869981, #1878241).
- cups-browsed: Do not accept DNS-SD broadcasts of IPPS type
of "remote" CUPS queues of another CUPS instance on the
local machine. This way we get a local queue pointing to
such a printer only in unencrypted version (IPP). For some
reason printing from one CUPS server to another on the same
machine works only unencrypted.
- foomatic-rip: Map two-sided-short-edge to DuplexTumble (Pull
request #236)
- Build system: In configure.ac use AS_IF instead of
AC_CHECK_FILE for font check (Issue #239, Pull request #240)
- cups-browsed: Cleaned up code for determining to which CUPS
server (host/port/domain socket) to connect, so that
connection via DomainSocket cups-browsed.conf directive,
CUPS_SERVER and IPP_PORT environment variables and all
defaults and methods of libcups, including CUPS' client.conf
work.
- gstoraster, rastertopdf: Do not pass NULL to fprintf() (Pull
request #230).
- libcupsfilters: Silence compiler warning (Pull request #229).
- rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update screen from 4.2.1 to 4.8.0
- Changelog
Version 4.8.0 (05/02/2020)
* Improve startup time by only polling for files to close
Fixes:
- Fix for segfault if termcap doesn't have Km entry
- Make screen exit code be 0 when checking --version
- Fix potential memory corruption when using OSC 49
Version 4.7.0 (02/10/2019)
* Add support for SGR (1006) mouse mode
* Add support for OSC 11
* Update Unicode ambiguous and wide tables to 12.1.0
* Fixes:
- cross-compilation support (bug #43223)
- a lot of manpage fixes and cleanups
Version 4.6.2 (23/10/2017):
* Fixes:
- revert changes to cursor position restore behavour (bug #51832)
- set freed pointer to NULL (bug #52133)
- documentation fixes
- fix windowlist crashes (bug #43054 & #51500)
Version 4.6.1 (10/07/2017):
* Fixes:
- problems with starting session in some cases
- parallel make install
- segfault when querying info on nonUTF locale (bug #51402)
Version 4.6.0 (28/06/2017):
* Update Unicode wide tables to 9.0 (bug #50044)
* Support more serial speeds
* Improved namespaces support
* Migrate from fifos to sockets
* Start viewing scrollback at first line of output (bug #49377)
Version 4.5.1 (25/02/2017):
* Fixes:
- logfile permissions problem (CVE-2017-5618)
- SunOS build problem (bug #50089)
- FreeBSD core dumps (bug #50143)
Version 4.5.0 (10/12/2016):
* Allow specifying logfile's name via command line parameter '-L'
* Fixes:
- broken handling of "bind u digraph U+" (bug #48691)
- crash with long $TERM (bug #48983)
- crash when bumping blank window
- build for AIX (bug #49149)
- %x improperly separating arguments
- install with custom DESTDIR (bug #48370)
Version 4.4.0 (19/06/2016):
* Support up to 24 function keys
* Fix runtime issues
* 'logfile' command, starts logging into new file upon changing
Version 4.3.1 (28/06/2015):
* Fix resize bug
Version 4.3.0 (13/06/2015):
* Introduce Xx string escape showing the executed command of a window
* Implement dead/zombie window polling, allowing for auto reconnecting
* Allow setting hardstatus on first line
New Commands:
* 'sort' command sorting windows by title
* 'bumpleft', 'bumpright' - manually move windows on window list
* 'collapse' removing numbering 'gaps' between windows, by renumbering
* 'windows' command now accepts arguments for use with querying
- Rootfile updated
- Two screen patchfiles deleted as the patch changes are now built into
the source files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
perl complains about the use of experimental smartmatch feature
if it is not declared.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update dbus from 1.11.12 to 1.12.20 (latest in release line
1.13.x is also available but this is the development line
and not recommended for production use
- Changelog between these two versions is very long (750 lines long) and
can be found in the NEWS file in the source tarball.
- rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update ipset from 7.6 to 7.10
- Changelog
7.10
Kernel part changes
Fix patch "Handle false warning from -Wstringop-overflow"
Backward compatibility: handle renaming nla_strlcpy to nla_strscpy
treewide: rename nla_strlcpy to nla_strscpy. (Francis Laniel)
netfilter: ipset: fix shift-out-of-bounds in htable_bits() (Vasily Averin)
netfilter: ipset: fixes possible oops in mtype_resize (Vasily Averin)
Handle false warning from -Wstringop-overflow
Backward compatibility: handle missing strscpy with a wrapper of strlcpy.
Move compiler specific compatibility support to separated file (broken compatibility support reported by Ed W)
7.9
Userspace changes
Fix library versioning (Jan Engelhardt)
7.8
Kernel part changes
Complete backward compatibility fix for package copy of <linux/jhash.h>
Compatibility: check for kvzalloc() and GFP_KERNEL_ACCOUNT
netfilter: ipset: enable memory accounting for ipset allocations (Vasily Averin)
netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet)
Compatibility: use skb_policy() from if_vlan.h if available
Compatibility: Check for the fourth arg of list_for_each_entry_rcu()
Backward compatibility fix for the package copy of <linux/jhash.h>
7.7
Userspace changes
Expose the initval hash parameter to userspace
Handle all variable header parts in helper scripts instead ot test tasks
Add bucketsize parameter to all hash types
Support the -exist flag with the destroy command
Kernel part changes
Expose the initval hash parameter to userspace
Add bucketsize parameter to all hash types
Use fallthrough pseudo-keyword in the package copy of too
Support the -exist flag with the destroy command
netfilter: Use fallthrough pseudo-keyword (Gustavo A. R. Silva)
netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva)
netfilter: ipset: call ip_set_free() instead of kfree() (Eric Dumazet)
netfiler: ipset: fix unaligned atomic access (Russell King)
netfilter: ipset: Fix subcounter update skip (Phil Sutter)
ipset: Update byte and packet counters regardless of whether they match (Stefano Brivio)
netfilter: ipset: Pass lockdep expression to RCU lists (Amol Grover)
ip_set: Fix compatibility with kernels between v3.3 and v4.5 (Serhey Popovych)
ip_set: Fix build on kernels without INIT_DEFERRABLE_WORK (Serhey Popovych)
ipset: Support kernels with at least system_wq support
ip_set: Fix build on kernels without system_power_efficient_wq (Serhey Popovych)
- Rootfiles updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update minicom from 2.7.1 to 2.8
- Changelog for version 2.8
New timestamp mode: Delta to previous line.
Add HPA ESC sequence
Add alternative window support (ti/te)
Fix file name of non-global configuration settings.
Update translations: Indonesian, French, Swedish, Spanish, German, Brazilian Portuguese, Vietnamese, Polish, Danish, Norwegian, Serbian
New translation: Serbian, Simplified chinese
Fix F10 macro key used in current setups
Add F11 and F12 for macro use
Fixed DTR for recent systems
Add support for RS485.
Add --capturefile-buffer-mode option
Bug fixes
- Updated rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update arping from 2.15 to 2.21
- Notable changes from 2.20 to 2.21:
* Use more modern pcap API calls, when available
* Add payload data to mac ping
* chdir(/) after chroot()
* Misc minor cleanup
- Notable changes from 2.19 to 2.20:
* Improved support for cross-compile
* Use unveil(2) and pledge(2) where available (i.e. OpenBSD)
* Fix false duplicates when destination address is *also* assigned to local interface
* Minor typo-level fixes
- Notable changes from 2.18 to 2.19:
* Added -g to drop privs to alternate user (for Android)
* Slightly improved error messages
- Notable changes from 2.17 to 2.18:
* Make -w/-W work like 'ping'
- Notable changes from 2.16 to 2.17:
* Add padding to packets to work on Raspberry Pi 3
- Notable changes from 2.15 to 2.16:
* VLAN tagging (Nikolay Aleksandrov)
* 802.1Q priority (Nikolay Aleksandrov)
* Added a bunch of unit tests.
* Be more lazy about initializing libnet.
This fixes issues where arping would sometimes pick an unsuitable
device during arg parsing, if the "first" device on the system is
not a "normal" device.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The database we ship by default is meanwhile four weeks old, and since
the merge window for Core Update 154 is still open, there is no need to
ship data being more outdated than they have to be. :-)
The second version of this patch also updates the checksum for the
downloaded database file.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update sudo from 1.9.5p1 to 1.9.5p2
- Major changes between version 1.9.5p2 and 1.9.5p1:
Fixed sudo's setprogname(3) emulation on systems that don't provide it.
Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954.
Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically.
The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache.
When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is complicated to set the password in the C helper binary.
Therefore it is being set by a helper script.
This is still not an optimal solution since the password might be
exposed to the shell environment, but has the advantage that shell
command injection is no longer possible.
Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
There is no need for this being implemented and it is dangerous to allow
the user to create any shell accounts or users that belong to groups
with higher privileges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
