- Update from 3.3 to 3.4.2
- Update rootfile - No dependency issues due to so bump
- Changelog
3.4.2 Jun-28-21
Add static trampoline support for Linux on x86_64 and ARM64.
Add support for Alibaba's CSKY architecture.
Add support for Kalray's KVX architecture.
Add support for Intel Control-flow Enforcement Technology (CET).
Add support for ARM Pointer Authentication (PA).
Fix 32-bit PPC regression.
Fix MIPS soft-float problem.
Enable tmpdir override with the $LIBFFI_TMPDIR environment variable.
Enable compatibility with MSVC runtime stack checking.
Reject float and small integer argument in ffi_prep_cif_var().
Callers must promote these types themselves.
3.3 Nov-23-19
Add RISC-V support.
New API in support of GO closures.
Add IEEE754 binary128 long double support for 64-bit Power
Default to Microsoft's 64-bit long double ABI with Visual C++.
GNU compiler uses 80 bits (128 in memory) FFI_GNUW64 ABI.
Add Windows on ARM64 (WOA) support.
Add Windows 32-bit ARM support.
Raw java (gcj) API deprecated.
Add pre-built PDF documentation to source distribution.
Many new test cases and bug fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 5.1.0 to 5.1.1
- Update rootfile
- Changelog is quite long and detailed so the following are the high level descriptions
of the changes from the NEWS file in the source tarball. More details can be found in
the ChangeLog file in the source tarball.
Changes from 5.1.0 to 5.1.1
1. Infrastructure upgrades: Bison 3.8, Gettext 0.20.2, Automake 1.16.4,
and (will wonders never cease) Autoconf 2.71.
2. asort and asorti now allow FUNCTAB and SYMTAB as the first argument if a
second destination array is supplied. Similarly, using either array as
the second argument is now a fatal error. Additionally, using either
array as the destination for split(), match(), etc. also causes a
fatal error.
3. The new -I/--trace option prints a trace of the byte codes as they
are executed.
4. A number of subtle bugs relating to MPFR mode that caused differences
between regular operation and MPFR mode have been fixed.
5. The API now handles MPFR/GMP values slightly differently, requiring
different memory management for those values. See the manual for the
details if you have an extension using those values. As a result,
the minor version was incremented.
6. $0 and the fields are now cleared before starting a BEGINFILE rule.
7. The duplication of m4 and build-aux directories between the main
directory and the extension directory has been removed. This
simplifies the distribution.
8. The test suite has been improved, making it easier to run the entire
suite with -M. Use `GAWK_TEST_ARGS=-M make check' to do so.
9. Profiling and pretty-printing output has been modified slightly so
that functions are presented in a reasonable order with respect
to the namespaces that contain them.
10. Several example programs in the manual have been updated to their
modern POSIX equivalents.
11. A number of examples in doc/gawkinet.texi have been updated for
current times. Thanks to Juergen Kahrs for the work.
12. Handling of Infinity and NaN values has been improved.
13. There has been a general tightening up of the use of const and
of types.
14. The "no effect" lint warnings have been fixed up and now behave
more sanely.
15. The manual has been updated with much more information about what is
and is not a bug, and the changes in the gawk mailing lists.
16. The behavior of strongly-typed regexp constants when passed as the
third argument to sub() or gsub() has been clarified in the code and
in the manual.
17. Similar to item #4 above, division by zero is now fatal in MPFR
mode, as it is in regular mode.
18. There have been numerous minor code cleanups and bug fixes. See the
ChangeLog for details.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.5.0 to 2.5.4
- Update rootfile
- Tested new version in vm testbed. Openvpn server successfully started.
Client connections working with 2.5.0 also successfully worked with 2.5.4
- Changelog
Overview of changes in 2.5.4
Bugfixes
- fix prompting for password on windows console if stderr redirection
is in use - this breaks 2.5.x on Win11/ARM, and might also break
on Win11/adm64 when released.
- fix setting MAC address on TAP adapters (--lladdr) to use sitnl
(was overlooked, and still used "ifconfig" calls)
- various improvements for man page building (rst2man/rst2html etc)
- minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
at least one platform strictly checking this)
- fix minor memory leak under certain conditions in add_route() and
add_route_ipv6()
User-visible Changes
- documentation improvements
- copyright updates where needed
- better error reporting when win32 console access fails
New features
- also build man page on Windows builds
Overview of changes in 2.5.3
Bugfixes
- CVE-2121-3606
see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
OpenVPN windows builds could possibly load OpenSSL Config files from
world writeable locations, thus posing a security risk to OpenVPN.
As a fix, disable OpenSSL config loading completely on Windows.
- disable connect-retry backoff for p2p (--secret) instances
(Trac #1010, #1384)
- fix build with mbedtls w/o SSL renegotiation support
- Fix SIGSEGV (NULL deref) receiving push "echo" (Trac #1409)
- MSI installers: properly schedule reboot in the end of installation
- fix small memory leak in free_key_ctx for auth_token
User-visible Changes
- update copyright messages in files and --version output
New features
- add --auth-token-user option (for --auth-token deployments without
--auth-user-pass in client config)
- improve MSVC building for Windows
- official MSI installers will now contain arm64 drivers and binaries
(x86, amd64, arm64)
Overview of changes in 2.5.2
Bugfixes
- CVE-2020-15078
see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
This bug allows - under very specific circumstances - to trick a
server using delayed authentication (plugin or management) into
returning a PUSH_REPLY before the AUTH_FAILED message, which can
possibly be used to gather information about a VPN setup.
In combination with "--auth-gen-token" or an user-specific token auth
solution it can be possible to get access to a VPN with an
otherwise-invalid account.
- restore pushed "ping" settings correctly on a SIGUSR1 restart
- avoid generating unecessary mbed debug messages - this is actually
a workaround for an mbedTLS 2.25 bug when using Curve25519 and Curve448
ED curves - mbedTLS crashes on preparing debug infos that we do not
actually need unless running with "--verb 8"
- do not print inlined (<dh>...</dh>) Diffie Hellman parameters to log file
- fix Linux/SITNL default route lookup in case of multiple routing tables
with more than one default route present (always use "main table" for now)
- Fix CRL file handling in combination with chroot
User-visible Changes
- OpenVPN will now refuse to start if CRL file is not present at startup
time. At "reload time" absense of the CRL file is still OK (and the
in memory copy is used) but at startup it is now considered an error.
New features
- printing of the TLS ciphers negotiated has been extended, especially
displaying TLS 1.3 and EC certificates more correctly.
Overview of changes in 2.5.1
New features
- "echo msg" support, to enable the server to pushed messages that are
then displayed by the client-side GUI. See doc/gui-notes.txt and
doc/management-notes.txt.
Supported by the Windows GUI shipped in 2.5.1, not yet supported by
Tunnelblick and the Android GUI.
User-visible Changes
- make OPENVPN_PLUGIN_ENABLE_PF plugin failures FATAL - if a plugin offers
to set the "openvpn packet filter", and returns a failure when requested
to, OpenVPN 2.5.0 would crash trying to clean up not-yet-initialized
structure members. Since PF is going away in 2.6.0, this is just turning
the crash into a well-defined program abort, and no further effort has
been spent in rewriting the PF plugin error handling (see trac #1377).
Documentation
- rework sample-plugins/defer/simple.c - this is an extensive rewrite
of the plugin to bring code quality to acceptable standards and add
documentation on the various plugin API aspects. Since it's just
example code, filed under "Documentation", not under "Bugfix".
- various man page improvements.
- clarify ``--block-ipv6`` intent and direction
Bugfixes
- fix installation of openvpn.8 manpage on systems without docutils.
- Windows: fix DNS search list setup for domains with "-" chars.
- Fix tls-auth mismatch OCC message when tls-cryptv2 is used.
- Windows: Skip DHCP renew with Wintun adapter (Wintun does not support
DHCP, so this was just causing an - harmless - error and needless delay).
- Windows: Remove 1 second delay before running netsh - speeds up
interface init for wintun setups not using the interactive service.
- Windows: Fix too early argv freeing when registering DNS - this would
cause a client side crash on Windows if ``register-dns`` is used,
and the interactive service is not used.
- Android: Zero initialise msghdr prior to calling sendmesg.
- Fix line number reporting on config file errors after <inline> segments
(see Trac #1325).
- Fix port-share option with TLS-Crypt v2.
- tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key), otherwise
dropping privs on the server would fail.
- tls-crypt-v2: fix server memory leak (about 600 bytes per connecting
client with tls-crypt-v2)
- rework handling of server-pushed ``--auth-token`` in combination with
``--auth-nocache`` on reconnection / TLS renegotiation events. This
used to "forget" to update new incoming token after a reconnection event
(leading to failure to reauth some time later) and now works in all
tested cases.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
to proper filter IPSec im QoS without using mark or connmark i need ipt filters
for tc which are only build if iptables are build prior iproute2.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 5.13.0 to 5.14.0
- Update rootfile
- Changelog
Alexander Mikhalitsyn (2):
ip route: ignore ENOENT during save if RT_TABLE_MAIN is being dumped
libnetlink: check error handler is present before a call
Andrea Claudi (9):
tc: q_ets: drop dead code from argument parsing
lib: bpf_legacy: avoid to pass invalid argument to close()
dcb: fix return value on dcb_cmd_app_show
dcb: fix memory leak
tipc: bail out if algname is abnormally long
tipc: bail out if key is abnormally long
tc: htb: improve burst error messages
lib: bpf_legacy: fix potential NULL-pointer dereference
lib: bpf_glue: remove useless assignment
Ariel Levkovich (2):
tc: f_flower: Add option to match on related ct state
tc: f_flower: Add missing ct_state flags to usage description
Asbjørn Sloth Tønnesen (2):
tc: pedit: parse_cmd: add flags argument
tc: pedit: add decrement operation
Christian Schürmann (1):
man8/ip-tunnel.8: fix typo, 'encaplim' is not a valid option
David Ahern (6):
Update kernel headers
Update kernel headers
config.mk: Rerun configure when it is newer than config.mk
Update kernel headers
Update kernel headers
Import wwan.h uapi file
Dmytro Linkin (3):
devlink: Add helper function to validate object handler
devlink: Add port func rate support
devlink: Add ISO/IEC switch
Eric Dumazet (1):
tc: fq: add horizon attributes
Feng Zhou (1):
lib/bpf: Fix btf_load error lead to enable debug log
Gal Pressman (2):
rdma: update uapi headers
rdma: Add copy-on-fork to get sys command
Gokul Sivakumar (3):
bridge: reorder cmd line arg parsing to let "-c" detected as "color" option
bridge: fdb: don't colorize the "dev" & "dst" keywords in "bridge -c fdb"
man: bridge: fix the typo to change "-c[lor]" into "-c[olor]" in man page
Guillaume Nault (1):
utils: bump max args number to 512 for batch files
Hangbin Liu (3):
configure: add options ability
configure: convert LIBBPF environment variables to command-line options
ip/bond: add arp_validate filter support
Heiko Thiery (1):
lib/fs: fix issue when {name,open}_to_handle_at() is not implemented
Hoang Le (1):
tipc: call a sub-routine in separate socket
Jacob Keller (1):
devlink: fix infinite loop on flash update for drivers without status
Jakub Kicinski (3):
ip: align the name of the 'nohandler' stat
ip: dynamically size columns when printing stats
ss: fix fallback to procfs for raw sockets
Jethro Beekman (1):
ip: Add nodst option to macvlan type source
Jianguo Wu (1):
mptcp: make sure flag signal is set when add addr with port
Lahav Schlesinger (1):
ipmonitor: Fix recvmsg with ancillary data
Martynas Pumputis (1):
libbpf: fix attach of prog with multiple sections
Neta Ostrovsky (3):
rdma: Update uapi headers
rdma: Add context resource tracking information
rdma: Add SRQ resource tracking information
Paolo Lungaroni (2):
seg6: add counters support for SRv6 Behaviors
seg6: add support for SRv6 End.DT46 Behavior
Parav Pandit (2):
devlink: Add optional controller user input
devlink: Show port state values in man page and in the help command
Peilin Ye (1):
tc/skbmod: Remove misinformation about the swap action
Phil Sutter (1):
tc: u32: Fix key folding in sample option
Roi Dayan (2):
police: Add support for json output
police: Fix normal output back to what it was
Sergey Ryazanov (2):
iplink: add support for parent device
iplink: support for WWAN devices
Stephen Hemminger (6):
lib: remove blank line at eof
uapi: update kernel headers from 5.14-rc1
libnetlink: cosmetic changes
uapi: headers update
uapi: update neighbour.h
v5.14.0
Tyson Moore (1):
tc-cake: update docs to include LE diffserv
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- ExtUtils-PkgConfig is required when building perl-GD
- lfs and rootfile created
- All rootfile entries commented out as only required for building of perl-GD
- added to make.sh file just before perl-GD
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 2.35 (2006) to 2.73 (2020)
- Update of rootfile
- Updated version of perl-GD required ExtUtils-PkgConfig for build. Seperate patch
to build that is part of this series
- Changelog
2.73 * allow --options override the libgd options. Not recommended.
See GH #33 and RT #130045
2.72 * fix CVE 2019-6977 colorMatch for older unpatched libgd versions.
This is a severe security problem, an exploitable heap-overflow.
See https://nvd.nist.gov/vuln/detail/CVE-2019-6977
2.71 * skip Test::Fork on freebsd (GH #25)
2.70 * fixes for hardened CCFLAGS with -Werror (RT #128167)
2.69 * little spelling error, GH #29 Xavier Guimard
2.68 * fix GD::Polygon->clear, RT #124463 Michael Cain
2.67 * fix thread-safety for GD::Simple %COLORS (#26 melak)
* fix arc start-angle docs, RT #123277 Andrew G Gray
* improve setBrush docs, RT #123194 Andrew G Gray
* improve StringFT docs, RT #123193
* replace MacOSX by darwin, and not by Mac OS X/macOS as suggested
in PR #24
* add GD::Image->_file method as suggested in RT #60488 by Kevin Ryde,
also the helper GD::supportsFileType
2.66 * throw proper error on newFrom* with not-existing file
* add t/transp.t from RT #40525
* Improve RT #54366 multiple gd.h warning
* better doc for GD::Simple->arc
* fix ANIMGIF with libgd 2.3.0-dev
2.65 * fix --gdlib_config_path to accept an argument (fperrad)
2.64 * Update doc for LIBGD_VERSION()
* Fix 5.6.2, which does not have float in its typemap
2.63 * renamed VERSION() to LIBGD_VERSION(), RT #121307.
It was treated magically by "use GD 2.18"
2.62 * fixed wrong <5.14 code generated with ExtUtils::Constants
RT #121297. Don't generate const-xs.inc, only when missing.
* add -liconv on hpux also (our pkgconfig parser cannot handle it)
2.61 * add CONFIGURE_REQUIRES META
* add --gdlib_config_path
* add Image Filters: scatter, pixelate, negate, grayscale, brightness,
contrast, color, selectiveBlur, edgeDetectQuick, gaussianBlur, emboss,
meanRemoval, smooth, copyGaussianBlurred
* add palette methods: createPaletteFromTrueColor,
neuQuant (but discouraged), colorMatch.
* add interpolation methods: copyScale, copyRotateInterpolated,
interpolationMethod.
* add double GD::VERSION
* add all gd.h constants
2.60 * add missing methods newFromWBMP, newFromXbm,
(RT #68784) and some missing docs
* Add --lib_fontconfig_path, --fcgi options
* rewrote most of the XS code
* cleanup Makefile.PL #20
2.59 * error on failing libgd calls
* fix colorClosestAlpha, colorAllocateAlpha
* add missing documentation
2.58 * fix VERSION_STRING for 2.0.x
* honor --lib_gd_path specific gdlib-config
* Loosen the comparison tests with GDIMAGETYPE ne gd2
* Improve gdlib-config parsing (PR #17), esp. with 2.0.34
2.57 * fix Jpeg magic number detection RT #26146
* fix RGB - HSV roundtrips: RT #120572 by J2N-FORGET
* fix -print-search-dirs errors RT #106265
* co-maint to rurban
* add hv_fetchs, CI smokers
* add GD::VERSION_STRING api
2.56_03 * add alpha method
* improve option handling
* fix meta data
2.56_02 * fix feature extraction >= 2.2 [RT #119459]
2.56_01 * rm Build.PL, fix permissions, fix for missing gdlib-config
2.56 * Fix Makefile.PL so that it works again.
2.55 * Great simplification of regression framework ought to fix make test problems.
* Replace ExtUtils::MakeMaker script with Module::Build system
(just in time for Module::Build to be deprecated).
* Remove archaic qd.pl (for creating QuickDraw picts) from distribution.
2.54 Patch from yurly@unet.net to fix image corruption in rotate180 when image height is odd.
2.53 Points to Gabor Szabo's GD::Simple tutorial, and fix link to repository.
2.52 Fix regression tests to run on Ubuntu 12.04 64bit.
2.51 Fix misleading warning message about location of gd.h file.
2.50 Fix gdUseFontConfig so that it can be called as a class method.
2.49 Add GitHub information to README.
2.48 Fix compile crash on windows and strawberry (https://rt.cpan.org/Public/Bug/Display.html?id=67990).
2.47 Fix compilation on older perl's without the Newxz macros.
2.46 Added a basic "use" test for GD::Simple
2.45 Clarified the GD license. There is now a formal LICENSE file in the package.
2.44 GD::Group now installed properly.
Quenched compiler warning caused by Newxs() calls.
2.43 Added "transparent" color to GD::Simple.
Fixed Makefile so that GD/Image.pm depends both on GD/Image.pm.PLS and .config.cache
2.42 Fixed magic number detection to autodetect certain missed jpeg files (thanks to Mike Walker)
2.41 Added backend support for grouping features in GD::SVG module.
2.40 ** Do not use - contains a bug **
2.39 Makefile.PL will refuse to run if the proper version of libgd is unavailable.
2.38 Fixed bizarre warning about /usr/include/gd.h != /usr/include/gd.h.
2.37 GD/Image.pm did not bring in croak() properly, meaning that incorrect error messages are printed out when any of the newFromXXX() calls are made.
2.36 Instructions on using gdAntiAliased with palette images.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 2.0.33 (2006) to 2.3.3 (Sep 2021)
- Updating gd requires GD-Graph and perl-GD to be updated otherwise the png graphs
didn't work so all required changes are part of this patch series
- Update rootfile
- Dependencies checked from library so bump. Nothing found.
- Changelog is too large to include here.
For full details see https://github.com/libgd/libgd/releases
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Addition of mdadm module to logwatch
- Addition of logwatch to sudoers list to run mdadm commands
- patch to change logwatch mdadm.conf to allow scan for raid drives, change mdadm script
to run mdadm scan commands with sudo, allow clean but degraded drives to be listed
in the output.
Fixes: 12080
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Create lfs and rootfile
- Add exfatprogs to make.sh
- exfat is supported as a native kernel module since kernel 5.7
- This package requires CONFIG_EXFAT_FS=m to be set for the kernel module for each
architecture that will be supported. Currently that is only i586
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 3.0.9 (2013) to 4.2 (2021)
- Update rootfile
- Program names changed in version 2.0.18
dosfslabel became fatlabel
dosfsck became fsck.fat
and mkdosfs became mkfs.fat
- Added --enable-compat-symlinks to ./configure command to maintain original names as
symlinks
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Final patch for removal of python2 from IPFire. This can be implemented in an
appropriate Core Update after all other python2 related patches have been implemented
and confirmed working.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This package adds an ASNBL helper for detecting Fast Flux setups and
selectively announced networks (i. e. FQDNs resolving to IP addresses
not being announced by an Autonomous System) to the distribution.
Afterwards, the helper script is located at /usr/bin/asnbl-helper.py .
The second version of this patch updates squid-asnbl to upstream version
0.2.2, improving logging in case of detected Fast Flux setups.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This is a handy tool which can help debugging any problems and should be
part of the distribution.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
u-boot for nanopi r2s (rockchip rk3328) need dtc to build the image
so this adds dtc as build dependency for u-boot
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Impementation of libyang-2.0.7 as a dependency for the build of frr
- Creation of rootfile with all entries commented out so that it is only used for the build
libyang is a YANG data modelling language parser and toolkit written (and providing API)
in C.In the future if there is demand to use these functions in frr then this package
may need to be moved from a build only option to a dependency for frr providing the
yang libraries.
- Added into make.sh just before frr
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- v2 version adds $(MAKETUNING) variable to ninja build command
- Update from 0.12.13 to 0.14.3
- Update rootfile
- Remove automake py-compile line from lfs. This only works with python2
Not clear why this line was put into the lfs. Searched the documentation of spice
and qemu and could not find any reference to needing any of the python modules in spice
to be installed either as modules or compiled in. The only references found in general
searches were to modules such as python-virtinst, python-spice-client-gtk or
python-websockify, none of which are in the python modules in spice.
- Removing the automake py-compile line from the lfs enables spice-protocol, spice and
qemu to build without python2 being present.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Implement python3 version of certdata2pem.py script from fedora
- Modify build.sh to work with python3 script that uses p11-kit based on fedora
approach - https://src.fedoraproject.org/rpms/ca-certificates/tree/rawhide
- Extraction of cert files now uses p11-kit which requires libtasn1 as a build
dependency
- Updated rootfile
- Updated ca-certificates installed into a vm and confirmed to download a file from an
https site with the same results as with existing ca-certfictaes system
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 0.9.3 to 0.9.6
0.9.4 and 0.9.6 are security releases
- Update rootfile
- Changelog
libssh 0.9.6 security release
This is a security release of libssh to address CVE-2021-3634 (moderate impact), a
possible heap-buffer overflow when rekeying. A workaround exists. More details can be
found in the advisory.
In addition the 0.9.6 version addresses some memory leaks in error path, an AEAD
handshake and some more.
CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism
Fix several memory leaks on error paths
Reset pending_call_state on disconnect
Fix handshake bug with AEAD ciphers and no HMAC overlap
Use OPENSSL_CRYPTO_LIBRARIES in CMake
Ignore request success and failure message if they are not expected
Support more identity files in configuration
Avoid setting compiler flags directly in CMake
Support build directories with special characters
Include stdlib.h to avoid crash in Windows
Fix sftp_new_channel constructs an invalid object
Fix Ninja multiple rules error
Several tests fixes
libssh 0.9.5
The libssh team is happy to announce another bugfix release of libssh as version
0.9.5. It offers bug fixes for several issues found by our users.
This includes a fix for CVE-2020-16135, however we do not see how this would be
exploitable at all. If you find a security bug in libssh please don’t just assign a
CVE, talk to us first.
CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
Improve handling of library initialization (T222)
Fix parsing of subsecond times in SFTP (T219)
Make the documentation reproducible
Remove deprecated API usage in OpenSSL
Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
Define version in one place (T226)
Prevent invalid free when using different C runtimes than OpenSSL (T229)
Compatibility improvements to testsuite
libssh 0.9.4 security release
This is a security release of libssh to address CVE-2020-1730 (moderate impact), a
possible Denial of Service (DoS) in client and server when handling AES-CTR keys with
OpenSSL. A workaround exists. More details can be found in the advisory.
In addition the this version addresses several memory leaks and adds support for
diffie-hellman-group14-sha256 key exchange.
Fixed CVE-2020-1730 (Possible DoS in client and server when handling AES-CTR keys with OpenSSL)
Added diffie-hellman-group14-sha256
Fixed several possible memory leaks
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
We are using CPU-affinity and packet steering functions in various
places in IPFire, but packets might still be received on a random CPU
core.
This feature enables that packets that belong to the same connection
(i.e. have the save tuple) will be steered to the same queue. This will
increase cache locality and decrease locking which results in higher
throughput.
https://www.kernel.org/doc/Documentation/networking/scaling.txt
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- db.txt is the text file version of the wireless settings by country database
- Using db.txt means that regdbdump from crda is not required by wlanap.cgi
- This patch copies the db.txt file from the source tarball to /lib/firmware/ where
it can be read by wlanap.cgi
- This version of the patch renames the db.txt file to regulatorydb.txt
- Updated rootfile to include regulatorydb.txt
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- python3 has this functionality built in with ipaddress.py
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- With the removal of python-m2crypto then this module is not longer required as a
dependency.
- python3-setuptools was already released into Core Update 157
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- With the removal of python-m2crypto then python-typing is no longer rerquired as a
dependency.
- The functionality of the python2 typing module is built in to python3.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- A python3 version of this module is not required as python-m2crypto is only used for
the build of crda.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- From kernel 4.15 and onwards the function of what crda does is built into the kernel.
- Tested the removal of crda with kernel 4.14.232 and kernel 5.10.45
Country code set by "iw reg set NL" was recognised with kernel 5.10.45 and set at
the global value of 00 with kernel 4.14.232 confirming the kernel built in option is
working without the prescence of crda
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.36 to 1.38
- Update of rootfile
- Changelog
version 1.38
build: Fix --disable-tld builds.
Simplify building of gdoc-generated man/texi outputs.
Rebuild GTK-DOC HTML/PDF outputs on version number changes.
doc: Rebuild idn.1 when version number changes.
build: Fix --disable-tld builds.
cicd: Add pages.
doc: Improve GTK-DOC manual.
cicd: Fix Ubuntu 12.04 builds.
Improve GTK-DOC manual.
Fix build errors related to doc/idn--help.texi.
doc: Fix release process.
doc: Improve HACKING instructions.
Bootstrap cache.
version 1.37
Use gnulib's bootstrap.
Drop old unused WERROR_CFLAGS usage.
Improve URLs.
Fix links for git and valgrind.
Fix self check for --disable-tld.
Sync with TP.
Doc fixes.
Don't dist ps/html/pdf. Drop custom css.
Improve ./configure summary output.
Use gnulib langinfo module.
More ./configure summary output.
Use AM_GNU_GETTEXT_VERSION to get intl.m4 too.
Disable some complex gnulib self-tests that add lots of dependencies and fail on mingw.
Drop second gnulib tests directory since only one is supported.
Require more recent automake and gtk-doc.
Fix .gitignore.
doc: Fix JDK dependency for Fedora.
Drop warning stuff covered by manywarnings.m4 now.
Disable VLA from gettext.
Remove autopoint-generated files that are in gnulib too.
Update autoconf archive macros.
Prefer gnulib's M4 files over autopoint.
Modernize autoconf usage.
Use AM_GNU_GETTEXT_REQUIRE_VERSION.
Update gnulib files.
Modernize configure.ac.
Require autoconf 2.64 for newer gnulib.
Avoid including copyright info in idn example.
Fix manual copyright years.
Fix syntax-check.
Update copyright years.
Improve HACKING.
Drop obsolete PGP key from AUTHORS.
Revert last patch, clearly src/ was being built before doc/.
Build doc/ after src/ so that src/idn exists for help2man of doc/idn.1.
Fix recommended package installs.
Drop .gitlab-ci.yml.
Doc fix.
Sync with TP.
Fix typos, inspired by codespell.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.3.0 (2005) to 2.1.1 (2021)
- Update rootfile
- version 1.3.0 was from 2005. Version 2.1.0 was from 2006. No other updates have been
carried out since 2006 until Feb 2021 when the repository was migrated from CVS
to git. https://github.com/linux-ras/sysfsutils/releases
- Installed iso, that was created from build, into testbed vm system. All menu's opened
and no issues found. Not 100% sure what to look for as I am not totally clear what
the library would be used for or by which programs. Probably needs testing by someone
who lnows what the sysfsutils library is used for.
- Ran find-dependencies on the original library system before build and then on the new
library system after building and in both cases nothing was flagged up. So it looks
like no other programs are linked to the library.
- pcmciautils required one of the sysfsutils include files to be available during the
build. ./configure was modified to allow pcmciautils to find the include file
- Changelog for changes from 2.1.0 to 2.1.1
Moved to git from CVS repository
Modernized build system
Source compiles on latest compilers
Various bug fixes
Removed Changelog and NEWS files
Adjusted COPYING file to reflect set of directories covered under GPLv2
Added SUSE-specific libsysfs.conf
Improvements to adopt git workflow
Integration with Travis-CI
Updated the documentation
Special thanks to all the sysfsutils package maintainers.
Thanks to: Aurelien Jarno, Christopher Engelhard, Guillem Jover,
Kamalesh Babulal, Lee Duncan, Martin Pitt, Timm Bäder
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 6.0.2 (2005) to 12.5.4 (2021)
- sysstat-6.0.2-sysconf.patch no longer required. Built into source as standard now.
- Update rootfile
rootfile made the same as previous version. New options are available, such as
pidstat and tapestat but they have been commented out in the rootfile. If required
in the future they can be uncommented.
- iso that was built with this sysstat was installed into vm testbed and confirmed
that all graphs working, especially those related to disk stats.
- Changelog is too large to show here. Full details for all previous versions can be
found in the CHANGES file in the source tarball.
- At least 25 bugs fixed between the two versions.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 6.7 to 6.8
- Update rootfile
- Changelog is too large to include here. Full details can be found in the
ChangeLog file in the source tarball
Following is the content of the NEWS file from the source tarball which highlights
noteworthy changes, very tersely.
6.8 (3 July 2021)
* Language
. new command @displaymath for formatting of mathematical notation
. @example takes an argument to specify the language
. mark these commands as deprecated, not to be used:
@centerchap, @definfoenclose, @refill, @inforef.
. new paper size @bsixpaper
* texi2any
. should be faster as Perl XS parser is enabled by default
. SHOW_MENU customization variable replaced by FORMAT_MENU.
FORMAT_MENU set to 'menu' is the same as SHOW_MENU set to 1, and
FORMAT_MENU set to 'nomenu' is the same as SHOW_MENU set to 0.
. only check menu structure if CHECK_NORMAL_MENU_STRUCTURE variable is set
. changes to HTML output:
. MathJax support for display of math. new variables HTML_MATH,
MATHJAX_SCRIPT and MATHJAX_SOURCE.
. new variables JS_WEBLABELS and JS_WEBLABELS_FILE to support
JavaScript License Web Labels
. by default, use sectional tables of contents instead of menus
. use section names in links by default (configure with
xrefautomaticsectiontitle customization variable)
. CONTENTS_OUTPUT_LOCATION sets location of table of contents
. document sections wrapped in <div> elements
. new variable USE_NODE_DIRECTIONS to use node or section structure
for node directions
. copiable anchor links for definitions with COPIABLE_ANCHORS variable
. experimental JavaScript browsing interface enabled with INFO_JS_DIR
. don't add an extra period before file extension given as an argument
to @image if image file is not found
* info
. support compressed dir files
* texi2dvi
. stop on first error in input file
* texinfo.tex
. put logical page numbers into PDF's ('page labels')
. put chapter numbers in the PDF outline
. new Finnish translation
* Distribution
. autoconf 2.71, automake 1.16.3, gettext 0.21
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 21.05.0 to 21.07.0
- Update of rootfile
- Changelog is too large to include here. Full details can be found in the ChangeLog file
in the source tarball. This is a collection of all the commits made.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 8.44 to 8.45
- Updated rootfile
- Checked the dependencies of the old lib versions using find-dependencies
nothing flagged
- Changelog
Version 8.45 15-June-2021
This is the final release of PCRE1. A few minor tidies are included.
1. CMakeLists.txt has two user-supplied patches applied, one to allow for the
setting of MODULE_PATH, and the other to support the generation of pcre-config
file and libpcre*.pc files.
2. There was a memory leak if a compile error occurred when there were more
than 20 named groups (Bugzilla #2613).
3. Fixed some typos in code and documentation.
4. Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
