- Update from 1.46.3 to 1.46.5
- Update of rootfile not required
- Changelog
1.46.5 (December 30, 2021)
Updates/Fixes since v1.46.4:
UI and Features
When resizing a file system and the inode count exceeds the 2**32
maximum, if resize2fs can successfully perform the resize by dropping
the last block group, resize2fs will do that in order to allow the file
system grow operation to succeed. For example, using the default inode
ratio size of 16k, this will allow a successful resize to 64TB - 128MB
when the storage device is 64TB.
Fixes
Avoid a potential infinite loop in resize2fs -P when the file system is
corrupted (introduced in e2fsprogs 1.45.5). (Addresses github issue
https://github.com/tytso/e2fsprogs/issues/94)
E2fsck now updates the bg_checksum after fixing problems in the block
group descriptor, which eliminates some unnecessary messages printed or
asked of the system administrator.
Fixed some potential deadlock problems in the unix_io handler in the case
of I/O errors. The fix should also improve the performance of parallel
bitmap loading.
Fixed e2fsck's fast commit handling which could result it in crashing
when trying to merge extents when there were none available to be
merged.
Fix e2fsck's support of quota limit data, which could sometimes get
dropped when the quota data needs to be regenerated, or when processing
the orphan list.
Fix tune2fs to correctly transfer the quota limits when converting quota
files to the internal quota inodes. Also add support for tune2fs to
properly handle the older version 0 quota files.
Fix debugfs's get_quota and list_quota commands so that the header of
the report printed by these commands correctly reflect that the units of
used space is in bytes instead of blocks.
Performance, Internal Implementation, Development Support etc.
Add some additional packages to the setup-schroot script to account for
the fact that the script can be run on older Debian distributions and so
the build dependencies might omit some packages needed to build
e2fsprogs on unstable version of Debian.
Reduce resize2fs's CPU overhead when counting the number of blocks in
use which can reduce the wall clock time for very large file systems
by substantial amount.
Teach libuuid to use getrandom() or getentropy() if available in favor
of reading from /dev/[u]random.
Teach libss to use libreadline.so.8 if it is available.
Update some test expect files to fix some regression tests that were
broken in e2fsprogs 1.46.4.
If the PRINT_FAILED environment variable is set, failed tests will
display the diff output to make it easier to debug test failures on
autobuilders.
Fix various compiler warnings.
Update tst_getsize to use ext2fs_get_size2() to support testing devices
which are larger than 2**32 sectors.
Fixed spelling mistakes in the mke2fs.conf man page.
Update Chinese, Malay, Serbian, Spanish, Swedish, and Ukrainian
translations.
1.46.4 (August 18, 2021)
Updates/Fixes since v1.46.3:
UI and Features
The defaults for mke2fs now call for 256 byte inodes for all file
systems (with the exception of file systems for the GNU Hurd, which only
supports 128 byte inodes). Creating non-Hurd file systems with 128 byte
inodes will trigger a warning message to make sure users are aware of
the potential problems of using small/legacy inode sizes.
The bigalloc feature is now considered supported if the cluster size no
more than 16 times the block size. So the mke2fs program has been
changes to only warn if the cluster size is larger than that.
Fixes
E2fsck now checks to make sure directory entries do not reference
internal quota inodes.
E2image now includes the quota inodes when creating file system image,
since they are part of the file system metadata.
E2fsck now properly accounts the quota usage of the project quota file.
Fix a regression introduced in 1.64.3 where attempting to create a file
system image using mke2fs into a non-existent file would fail.
(Addresses Debian Bug: #992094)
Fix mke2fs to correctly create Posix ACL's on big-endian systems when
copying files from a directory hierarchy.
Updated and clarified the resize2fs man page. (Addresses Debian Bug:
#979411)
Performance, Internal Implementation, Development Support etc.
Improve various regression tests to be more portable and to reflect the
new default inode size of 256 byte inodes, even for small file systems.
Fixed a GNU Hurd portability problem which was causing tests to fail.
Fixed a test failure in f_baddotdir on big-endian systems. This wasn't
necessarily a bug per se in e2fsck, but rather e2fsck having different
behaviour on big-endian systems. (Addresses Debian Bug: #991922)
Use WantedBy=multi-user.target in e2scrub_reap.service. (Addresses
Debian Bug: #991349)
Synchronize e2fsck/recovery.c with the kernel's fs/jbd2/recovery.c
Fix various Coverity and compiler warnings.
Fix various error pathes to make sure we don't leak resources or
potentially use or try to free uninitialized pointers.
Added a setup-schroot command for use on Debian porter boxes.
Updated config.guess and config.sub with newer versions from the FSF.
Update Czech, Dutch, French, Polish, Portuguese, and Swedish translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
xfsprogs-5.14.2 (06 Dec 2021)
- libxfs: move rogue fallthrough macro out of linux.h (Darrick J. Wong)
xfsprogs-5.14.1 (02 Dec 2021)
- libxfs: fix atomic64_t for 32-bit architectures (Darrick J. Wong)
- libfrog: fix crc32c self test code on cross builds (Darrick J. Wong)
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
we have removed the -multi after the kernel name but
in the update script delete *-multi-* which leftover
the arm specific dtb folder and uImages.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Add ms-classless-static-routes and rfc3442-classless-static-routes as options for dhcp
These are apparently required for deployiong classless IP routes
- Original static-routes option is not intended for classless IP routing but is being
left in place for backward compatibility
- The option "rfc3442-classless-static-routes" is for normal clients
- The option "ms-classless-static-routes" is for Microsoft clients
Fixes: bug 12291
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://dlcdn.apache.org//httpd/CHANGES_2.4.52
Excerpt from changelog:
""Changes with Apache 2.4.52
*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: 漂亮é¼
TengMA(@Te3t123)
..."
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update en.pl, it.pl and ru.pl to replace "an core-update" with "a core-update"
Fixes: Bug#12747
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Some paths might not exist on some systems which caused the installer to
abort the installation. This patch makes the installer ignore this
condition.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Suricata will print a warning on startup if the collection of stats
is enabled but no stats logger, which will print them out is enabled.
Acctually we do not use any stats so this safely can be disabled.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will prevent suricata from displaying a warning on startup and
anyway would be the log level which suricata switches in such a case.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
All of them are disabled by default, but may be needed in some
environments and so easily can be enabled there.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
When adding a host to the whitelist set the bypass flag to
immediate take the load from the IDS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The "/var/ipfire/suricata/suricata-default-rules.yaml" file, now
dynamicall will be generated, based on the enabled application layer
protocols.
Only existing rulefiles for enabled app layer protocols will be loaded.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function call suricata to obtain a list of enabled application
layer protocols (application/protocol parsers).
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
directory.
If there are one, they safly can be removed because the *.config files
now live in a different folder.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
exists before returning the filename.
This will prevent from using and processing non existing files.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This prevents from running the script while the WUI is performing
operations at the same time or to launch multiple instances of the
script.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
determined.
If no timestamp could be grabbed for rulestarball of a given provider,
return N/A.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Check if the system is online.
* Check if enough free disk space is available.
* Abort whith an error message if the ruleset could not be
downloaded.
In error case the provider now will be removed again from the file which
keeps the configured providers. Sadly it needs to be added first because
otherwise the downloader could not read the required values from it.....
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The test condition was wrong here and therefore oinkmaster never has
been executed when this setting has been changed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
