- Update fuse from 2.9.7 to 3.10.1
- Update also required by sshfs update
- Changelog is available at https://github.com/libfuse/libfuse/releases
- Build had to be changed from autools to meson/ninja
- Rootfiles changed
- namespace conflict fix patch no longer required. Fix now built into kernel.h
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 5.8.0 to 5.10.0
- No changelog available
- No changes to the rootfiles
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.8.5 to 1.8.6
- Changelog info
Arturo Borrero Gonzalez (1):
xtables-translate: don't fail if help was requested
Giuseppe Scrivano (1):
iptables: accept lock file name at runtime
Jan Engelhardt (2):
doc: document danger of applying REJECT to INVALID CTs
build: resolve iptables-apply not getting installed
Maciej Żenczykowski (1):
libxtables: compiler warning fixes for NO_SHARED_LIBS
Pablo Neira Ayuso (4):
extensions: libxt_conntrack: provide translation for DNAT and SNAT --ctstate
iptables: replace libnftnl table list by linux list
iptables-nft: fix basechain policy configuration
configure: bump version for 1.8.6 release
Phil Sutter (31):
xtables-restore: Fix verbose mode table flushing
build: Fix for failing 'make uninstall'
xtables-translate: Use proper clear_cs function
tests: shell: Add help output to run-tests.sh
nft: Make table creation purely implicit
nft: Be lazy when flushing
nft: cache: Drop duplicate chain check
nft: Drop pointless nft_xt_builtin_init() call
nft: Turn nft_chain_save() into a foreach-callback
nft: Use nft_chain_find() in two more places
nft: Reorder enum nft_table_type
nft: Eliminate table list from cache
nft: Fix command name in ip6tables error message
tests: shell: Merge and extend return codes test
xtables-monitor: Fix ip6tables rule printing
nft: Fix for ruleset flush while restoring
Makefile: Add missing man pages to CLEANFILES
nft: cache: Check consistency with NFT_CL_FAKE, too
nft: Extend use of nftnl_chain_list_foreach()
nft: Fold nftnl_rule_list_chain_save() into caller
nft: Use nft_chain_find() in nft_chain_builtin_init()
nft: Fix for broken address mask match detection
extensions: libipt_icmp: Fix translation of type 'any'
libxtables: Make sure extensions register in revision order
libxtables: Simplify pending extension registration
libxtables: Register multiple extensions in ascending order
nft: Make batch_add_chain() return the added batch object
nft: Fix error reporting for refreshed transactions
libiptc: Avoid gcc-10 zero-length array warning
nft: Fix for concurrent noflush restore calls
tests: shell: Improve concurrent noflush restore test a bit
- Rootfiles updated
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update of stunnel from 5.56 to 5.57
- Changelog Version 5.57, 2020.10.11, urgency: HIGH
Security bugfixes
The "redirect" option was fixed to properly handle "verifyChain = yes" (thx to Rob Hoes).
OpenSSL DLLs updated to version 1.1.1h.
New features
New securityLevel configuration file option.
FIPS support for RHEL-based distributions.
Support for modern PostgreSQL clients (thx to Bram Geron).
Windows tooltip texts updated to mention "stunnel".
TLS 1.3 configuration updated for better compatibility.
Bugfixes
Fixed a transfer() loop bug.
Fixed memory leaks on configuration reloading errors.
DH/ECDH initialization restored for client sections.
Delay startup with systemd until network is online.
bin\libssp-0.dll removed when uninstalling.
A number of testing framework fixes and improvements.
- No change to rootfiles
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
System capabilities are stored in extended file system attributes
which are by default not stored in tar balls.
This patch ensures that they are packaged and extracted.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Patch of general-functions.pl for implementation of fix provided
by Bernhard Bitsch in bug #12428.
Had to be modified as that fix gave a failure for single character hostnames.
Updated version prevents spaces being put into hostnames and works for single
character hostnames
- Updated subroutine validfqdn to apply consistent rules for hostname & domain name
portions of fqdn
- Minor updates for consistency across validhostname, validdomainname & validfqdn
- Patch implemented into testbed system and confirmed working for hostnames, domain names
and FQDN's.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update iperf3 from 3.7 to 3.9
- No changes to rootfiles
- Update patch file to remove pg flag
- Release notes from version 3.8 onwards:-
iperf 3.9 2020-08-17
--------------------
* Notable user-visible changes
* A --timestamps flag has been added, which prepends a timestamp to
each output line. An optional argument to this flag, which is a
format specification to strftime(3), allows for custom timestamp
formats (#909, #1028).
* A --server-bitrate-limit flag has been added as a server-side
command-line argument. It allows a server to enforce a maximum
throughput rate; client connections that specify a higher bitrate
or exceed this bitrate during a test will be terminated. The
bitrate is expressed in bits per second, with an optional trailing
slash and integer count that specifies an averaging interval over
which to enforce the limit (#999).
* A bug that caused increased CPU usage with the --bidir option has
been fixed (#1011).
* Notable developer-visible changes
* Fixed various minor memory leaks (#1023).
iperf 3.8.1 2020-06-10
----------------------
* Notable user-visible changes
* A regression with "make install", where the libiperf shared
library files were not getting installed, has been fixed (#1013 /
#1014).
iperf 3.8 2020-06-08
--------------------
* Notable user-visible changes
* Profiled libraries and binaries are no longer built by default
(#950).
* A minimal Dockerfile has been added (#824).
* A bug with burst mode and unlimited rate has been fixed (#898).
* Configuring with the --enable-static-bin flag will now cause
a statically-linked iperf3 binary to be built (#989).
* Configuring with the --without-sctp flag will now prevent SCTP
from being auto-detected (#1008). This flag allows building a
static binary (see above item) on a CentOS system with SCTP
installed, because no static SCTP libraries are available.
* Clock skew between the iperf3 client and server will no longer
skew the computation of jitter during UDP tests (#842 / #990).
* A possible buffer overflow in the authentication feature has been
fixed. This was only relevant when configuration authentication
using the libiperf3 API, and did not affect command-line usage.
Various other improvements and fixes in this area were also made
(#996).
* Notable developer-visible changes
* The embedded version of cJSON has been updated to 1.7.13 (#978).
* Some server authentication functions have been added to the API
(#911).
* API access has been added to the connection timeout parameter
(#1001).
* Tests for some authentication functions have been added.
* Various compiler errors and warnings have been fixed.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.0.13 to 2.0.14a
- No change in rootfiles
- Release notes for change:-
o scaling improvements for -P, i.e. improved support for large numbers of traffic threads
o major code refactoring (see doc/DESIGN_NOTES) for maintainability, extensibilty, performance, scaling, memory usage
o support for full duplex traffic using --full-duplex
o support for reverse traffic using --reverse
o support for role-reversal character of asterisk in the transfer id
o transfer id now an incrementing integer and no longer the socket id
o support for TCP connect only tests with --connect-only
o isochronous support compiled in by default, must use config to disable
o support --isochronous for both UDP or TCP traffic to simulate video streams
o use of clock_nanosleep when supported to schedule isochronous burst starts, otherwise use nanosleep delay
o support for --trip-times indicating the client and server clocks are synchronized to an accuracy sufficient, note: consider the use of precision time protocol as well as ask your data center to provide access to a GPS disciplined reference time source
o support for --trip-times with -d and -r bidirectional tests
o output TCP connect times (3WHS) in connect reports
o support for application level tcp connect retries via --connect-retries n
o rate-limited options of -b and --fq-rate supported for unidirectional, full duplex and reverse traffic
o reporter thread designed to automatically cause packet reports to aggregate - mitigating and hopefully removing thread thrashing
o support for frame or burst based reporting or sampling vs time based via -i [f|F] (experimental)
o support for UDP traffic only from client to server with --no-udp-fin
o support for write to read latencies (UDP and TCP) with --trip-times
o support for sum only outputs with --sum-only
o support for little's law calculations in --trip-time outputs
o support for --txstart-time <epoch-time> to schedule client traffic start, timestamp support microseconds, e.g. unix $(expr $(date +%s) + 1).$(date +%N)
o support for --txdelay-time to insert delay between TCP three way handshake (3WHS) and data transfer
o support for --no-connect-sync which disables transmit traffic start synchronization when -P is used, defaults to synchronized
o option of --full-duplex implementation uses a barrier on the client side to synchronize full duplex traffic
o no limits to group sum reports, i.e. all clients will get its own sum report per a server
o improved report timestamps, e.g. end to end or client and server based timestamps with --trip-times
o improved settings messaging
o improved messaging for --tcp-congestion or -Z
o re-implemented -U for single UDP server with minimal threading interactions
o re-implemented -1 or --singleclient where server will serialize traffic runs
o warning message if the test were likely CPU bound instead of network i/o bound
o fix the case when -P <value> is set on the server such that summing output is displayed
o multicast listener will autoset -U (single server), e.g -P > 1 not supported for multicast
o multicast listener no longer busy drops multicast packets during traffic test, i.e. only server thread receives them
o immediate bail out on mutually exclusive command line options
o fix -o or --output using freopen to redirect stdout and stderr to a file
o man page updates with examples
o tested with 1000's of traffic streams, WiFi, 10G and 100G
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- update from 3.2.8 to 3.3.16
This is also an update from procps to procps-ng
The previous version was no longer being maintained.
- Added autogen.sh into lfs as ity is needed to create the config script.
- Added libdir=/lib line into configure command as default is /usr/lib
- Added mv commands for kill, ps & sysctl to place them into the same locations
as the previous version of procps
- Moved lfsmake2 procps line to after pkg-config in make.sh
The autogen line requires autoconf, libtool, gettext and pkg-config
to be available so procps moved to after them.
- procps-3.2.8-fix_unknown_HZ_value.patch no longer required with new
version so removed.
- rootfile updated.
- libprocps library being maintained by the same people now maitaining this
version of procps.
- information on the releases from 3.3.13 to 3.3.16 available on
https://gitlab.com/procps-ng/procps/-/releases
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When run, ninja normally runs a maximum number of processes in parallel.
By default this is the number of cores on the system plus two. In some cases this can
overheat a CPU or run a system out of memory. If run from the command line, passing a
-jN parameter will limit the number of parallel processes, but some packages embed the
execution of ninja and do not pass a -j parameter.
Using this optional procedure allows us to limit the number of parallel processes
via an environment variable, NINJAJOBS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
More and more packages uses meson as build environment instead of
autotools or cmake.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
While preparing the Core153 update, I found by chance that a language string had been added from
Core152 to Core153 which I couldn't find in any CGI-file.
The translation suggested that this string ('Available Updates') could belong to 'pakfire.cgi'.
And I thought that on the pakfire GUI something was actually missing: the heading above the
box listing the 'Available Updates'. Don't know why I didn't saw this before.
So tried to add these missing heading. I hope I made it right...
Some cosmetic fixes:
I also added some space around the text for 'Available Addons' and 'Installed Addons'
because the text lines weren't separated. There is no seen wordwrapping. This required deleting
some unwanted '<br />' in the affected translation strings.
I tried this about 4 years ago, but somehow this patch got lost.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
While testing Peter's patch for Bug #12560 I noticed that the standard 'back'-button
at the end of the page - like in 'ipinfo.cgi' - was implemented as a text string.
I just took the code segment with the 'back'-*image* from 'ipinfo.cgi' to make this
link looking similar to the other pages.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
