Add missing closing tags, indentation and CSS styling.
Add link to reboot notice, left-align info list and resize packages
lists for better readability.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Improve lockfile test: Return immediately if lockfile is present,
to prevent unnecessary and expensive "pidof" calls
- Add better explanation to the log file reading command and JS
- Change user interface: If no errors occurred, the page returns to
the main screen (after a short delay). If an error occurred, the log
output remains and a message is shown.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
The extended lockfile test seems to be sufficient to detect
a running Pakfire process and display the logs.
"Sleep" even proved to be counterproductive, as fast processes
can finish in under a second and are then again not detected.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Currently the page becomes unresponsive while Pakfire is busy.
This patch implements a AJAX/JSON driven log output, to provide
continuous information to the user while Pakfire is running.
The output is updated 1x per second, if the load should be too high,
the interval can be change by writing to "pakfire.refreshInterval".
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
This implements a function to determine if Pakfire is already running.
It tests the PID and lockfile and can be expanded easily later.
'pidof' checks the full path to avoid confusion.
Removes the unreachable function "refreshpage".
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Trying to get rid of the system backpipe check if a pakfire is running
does not work very well. It simply makes the code more complex and
only introduced some new problems.
This commit switches back to the old logic which worked well in the
past.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Similar to the Location block, this chain logs and drops all traffic
from and to networks known to pose technical threats to IPFire users.
Doing so in a dedicated chain makes sense for transparency reasons, as
we won't interfer with other firewall rules or the Location block, so it
is always clear why a packet from or to such a network has been dropped.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
There is no legitimate reason why traffic from our own IP address on RED
should ever appear incoming on that interface.
This prevents attackers from impersonating IPFire itself, and is only
cleared/reset if the RED interface is brought up. Therefore, an attacker
cannot bypass this by foring a dial-up or DHCP connection to break down.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Traffic from and to 127.0.0.0/8 must only appear on the loopback
interface, never on any other interface. This ensures offending packets
are logged, and the loopback interface cannot be abused for processing
traffic from and to any other networks.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Inbound Tor traffic conflicts with Location block as inbound connections
have to be accepted from many parts of the world. To solve this,
inbound Tor traffic has to be accepted before jumping into Location block
chain.
Note this affects Tor relay operators only.
Rolled forward as ongoing from
https://patchwork.ipfire.org/project/ipfire/patch/f8ee2e1d-b642-8c63-1f8a-4f24c354cd90@ipfire.org/,
note the documentation in the wiki needs to be updated once this landed
in production.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
In case of faulty connection tracking, this ensures such packets are
logged, to make analysing network incidents less troublesome. Since
NewNotSYN is handled before, where logging can be turned off for systems
running on weak flash devices, the amount of log messages emitted here
should be neglectible.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
http://www.squid-cache.org/Versions/v5/changesets/
There is still no official announcement.
Nevertheless, since 31 Jul 2021, 'squid 5.1' has become "stable"
and is listed under "Current versions suitable for production use".
The only problem I found during testing deals with 'privoxy'.
Since 'privoxy' - as parent cache_peer - sometimes replies with a '403',
'squid 5.1' handles this cache_peer connection as 'dead' which is then
logged in 'cache_log'. See discussion on list.
Actually this is something that got fixed from 'squid 4.16' to '5.1' - its
no bug - its a feature. Everything else works as expected,'squid' and
'privoxy' developers were informed.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Shallalist is no longer available because of personal reasons.
MESD is unreachable and I am just assuming that it is dead, too.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 5.803 (2004) to 6.60 (2021)
- Rename lfs and rootfile from libwww-perl to perl-libwww making it consistent with other
perl programs that start with perl rather than end with it in the name
- Update of rootfile
- Changelog is too long to include here (~900 lines long)
The details can be found in the Changes file in the source tarball. Looks like more
than 200 bugs fixed between the existing and new versions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.8.3 (2002) to 1.20 (2021)
- Update rootfile
- There is no longer a make process for make install-compat
To have the compat libraries you have to add --enable-libgdbm-compat to the configure
command but then you don't get the non compat libraries.
So the full configure, make, make install has to be run twice with
--enable-libgdbm-compat added to the second instance.
- Both static and shared libs are built by default so added --disable-static to both
build instances
- Nothing flagged from find-dependencies run against the old library versions
- Changelog is too large to include here but full details can be found from the
ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.02.187 to 2.02.188
- Update of rootfile not required
- Changelog
Version 2.02.188 - 07th May 2021
Fix problem with unbound variable usage within fsadm.
Avoid removing LVs on error path of lvconvert during creation volumes.
Fix crashing lvdisplay when thin volume was waiting for merge.
Support option --errorwhenfull when converting volume to thin-pool.
Improve thin-performance profile support conversion to thin-pool.
Support resize of cached volumes.
Allocation prints better error when metadata cannot fit on a single PV.
Pvmove can better resolve full thin-pool tree move.
Limit pool metadata spare to 16GiB.
Improves convertsion and allocation of pool metadata.
Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0.
Enhance lvdisplay to report raid availiable/partial.
Enhance error handling for fsadm and hanled correct fsck result.
Stop logging rename errors from persintent filter.
Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values.
Support using BLKZEROOUT for clearing devices.
Support interruption when wipping LVs.
Add configure --enable-editline support as an alternative to readline.
Zero pool metadata on allocation (disable with allocation/zero_metadata=0).
Failure in zeroing or wiping will fail command (bypass with -Zn, -Wn).
Fix support for lvconvert --repair used by foreign apps (i.e. Docker).
Support interruption for bcache waiting.
Fix bcache when device has too many failing writes.
Fix bcache waiting for IO completion with failing disks.
Configure use own python path name order to prefer using python3.
Enhance reporting and error handling when creating thin volumes.
Use revert_lv() on reload error path after vg_revert().
Improve estimation of needed extents when creating thin-pool.
Use extra 1% when resizing thin-pool metadata LV with --use-policy.
Enhance --use-policy percentage rounding.
Switch code base to use flexible array syntax.
Preserve uint32_t for seqno handling.
Switch from mmap to plain read when loading regular files.
Fix running out of free buffers for async writing for larger writes.
Fix conversion to raid from striped lagging type.
Fix conversion to 'mirrored' mirror log with larger regionsize.
Fix support for lvconvert --repair used by foreign apps (i.e. Docker).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 56.2.0 to 58.0.4
- Update rootfile
- Changelog
v58.0.4
* #2773: Retain case in setup.cfg during sdist.
v58.0.3
* #2777: Build does not fail fast when ``use_2to3`` is supplied but set to a false value.
v58.0.2
* #2769: Build now fails fast when ``use_2to3`` is supplied.
v58.0.1
* #2765: In Distribution.finalize_options, suppress known removed entry points to avoid issues with older Setuptools.
v58.0.0
* #2086: Removed support for 2to3 during builds. Projects should port to a unified codebase or pin to an older version of Setuptools using PEP 518 build-requires.
* #2746: add python_requires example
v57.5.0
* #2712: Added implicit globbing support for `[options.data_files]` values.
* #2737: fix various syntax and style errors in code snippets in docs
v57.4.0
* #2722: Added support for ``SETUPTOOLS_EXT_SUFFIX`` environment variable to override the suffix normally detected from the ``sysconfig`` module.
v57.3.0
* #2465: Documentation is now published using the Furo theme.
v57.2.0
* #2724: Added detection of Windows ARM64 build environments using the ``VSCMD_ARG_TGT_ARCH`` environment variable.
v57.1.0
* #2692: Globs are now sorted in 'license_files' restoring reproducibility by eliminating variance from disk order.
* #2714: Update to distutils at pypa/distutils@e2627b7.
* #2715: Removed reliance on deprecated ssl.match_hostname by removing the ssl support. Now any index operations rely on the native SSL implementation.
* #2604: Revamped the backward/cross tool compatibility section to remove
some confusion.
Add some examples and the version since when ``entry_points`` are
supported in declarative configuration.
Tried to make the reading flow a bit leaner, gather some informations
that were a bit dispersed.
v57.0.0
* #2645: License files excluded via the ``MANIFEST.in`` but matched by either
the ``license_file`` (deprecated) or ``license_files`` options,
will be nevertheless included in the source distribution. - by :user:`cdce8p`
* #2628: Write long description in message payload of PKG-INFO file. - by :user:`cdce8p`
* #2645: Added ``License-File`` (multiple) to the output package metadata.
The field will contain the path of a license file, matched by the
``license_file`` (deprecated) and ``license_files`` options,
relative to ``.dist-info``. - by :user:`cdce8p`
* #2678: Moved Setuptools' own entry points into declarative config.
* #2680: Vendored `more_itertools <https://pypi.org/project/more-itertools>`_ for Setuptools.
* #2681: Setuptools own setup.py no longer declares setup_requires, but instead expects wheel to be installed as declared by pyproject.toml.
* #2650: Updated the docs build tooling to support the latest version of
Towncrier and show the previews of not-yet-released setuptools versions
in the changelog -- :user:`webknjaz`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.9.10 to 2.9.12
- Update rootfile
- Changelog for 2.9.11 is too large to put all of it here. Full details can be found at
http://www.xmlsoft.org/news.html
Git commit comments:-
2.9.12
Brown paper bag release, some recently added sources were missing from
the 2.9.11 tarball
2.9.11
Prompted by CVE-2021-3541, but this includes an awful lot of serious bug
fixes by Nick and others
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 0.4.10 to 0.4.11
- Update of rootfile not required
- Changelog
The only change is a "typo fix" in Adobe-Korea1-H-Mac
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 6.5.0 to 7.10.0 (17 releases between these versions)
- Update of rootfile
- Update of patch as source file contents changed enough that old patch failed to work
- Build changed to meson/ninja as autotools option has been removed
- Most of the existing options were available as meson options - look in
meson_options.txt file in the source tarball.
Three options were not available with meson
--with-virtualport
--with-macvtap
--without-dbus
- Changelog is too large to include here (~1200 lines) but the detail can be seen in the
NEWS.rst file in the source tarball. Many bug fixes identified in the changelog
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 1.5.0 to 1.5.1
- Update of rootfile
- Changelog
v1.5.1 (Dec, 2021)
perf: rebalanced compression levels, to better match the intended speed/level curve,
by @senhuang42
perf: faster huffman decoder, using x64 assembly, by @terrelln
perf: slightly faster high speed modes (strategies fast & dfast), by @felixhandte
perf: improved binary size and faster compilation times, by @terrelln
perf: new row64 mode, used notably in level 12, by @senhuang42
perf: faster mid-level compression speed in presence of highly repetitive patterns,
by @senhuang42
perf: minor compression ratio improvements for small data at high levels, by @cyan4973
perf: reduced stack usage (mostly useful for Linux Kernel), by @terrelln
perf: faster compression speed on incompressible data, by @bindhvo
perf: on-demand reduced ZSTD_DCtx state size, using build macro
ZSTD_DECODER_INTERNAL_BUFFER, at a small cost of performance, by @bindhvo
build: allows hiding static symbols in the dynamic library, using build macro,
by @skitt
build: support for m68k (Motorola 68000's), by @cyan4973
build: improved AIX support, by @Helflym
build: improved meson unofficial build, by @eli-schwartz
cli : custom memory limit when training dictionary (#2925), by @embg
cli : report advanced parameters information when compressing in very verbose mode
(``-vv`), by @Svetlitski-FB
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.11.0 to 2.11.1
- Update of rootfile
- Changelog is too long to include here - more than 1500 lines.
Details can be found in the ChangeLog file in the source tarball.
24 bug fixes listed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.4.1 to 2.4.2
- Update of rootfile
- Changelog
Release 2.4.2 Sun December 19 2021
Other changes:
#509#510 Link againgst libm for function "isnan"
#513#514 Include expat_config.h as early as possible
#498 Autotools: Include files with release archives:
- buildconf.sh
- fuzz/*.c
#507#519 Autotools: Sync CMake templates
#495#524 CMake: MinGW: Fix pkg-config section "Libs" for
- non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
- multi-config CMake generators (e.g. Ninja Multi-Config)
#502#503 docs: Document that function XML_GetBuffer may return NULL
when asking for a buffer of 0 (zero) bytes size
#522#523 docs: Fix return value docs for both
XML_SetBillionLaughsAttackProtection* functions
#525#526 Version info bumped from 9:1:8 to 9:2:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
