- Update hplip from 3.20.11 to 3.21.2
- Updated rootfile
- Changelog
Added support for following new Distro's:
Fedora 33
Manjaro 20.2
Debian 10.7
RHEL 8.3
RHEL 7.7
RHEL 7.8
RHEL 7.9
Added support for the following new Printers:
HP LaserJet Enterprise M406dn
HP LaserJet Enterprise M407dn
HP LaserJet Enterprise MFP M430f
HP LaserJet Enterprise MFP M431f
HP LaserJet Managed E40040dn
HP LaserJet Managed MFP E42540f
HP Color LaserJet Enterprise M455dn
HP Color LaserJet Managed E45028dn
HP Color LaserJet Enterprise MFP M480f
HP Color LaserJet Managed MFP E47528f
HP PageWide XL 3920 MFP
HP PageWide XL 4200 Printer
HP PageWide XL 4200 Multifunction Printer
HP PageWide XL 4700 Printer
HP PageWide XL 4700 Multifunction Printer
HP PageWide XL 5200 Printer
HP PageWide XL 5200 Multifunction Printer
HP PageWide XL 8200 Printer
HP Laserjet M207d
HP Laserjet M208d
HP Laserjet M209d
HP Laserjet M210d
HP Laserjet M212d
HP Lasejet M211d
HP Laserjet M209dw
HP Laserjet M209dwe
HP Laserjet M210dw
HP Laserjet M210dwe
HP Laserjet M212dw
HP LaserJet M212dwe
HP Laserjet M208dw
HP Laserjet M207dw
HP Laserjet M211dw
HP LaserJet MFP M234dw
HP LaserJet MFP M234dwe
HP LaserJet MFP M233d
HP LaserJet MFP M232d
HP LaserJet MFP M235d
HP LaserJet MFP M237d
HP LaserJet MFP M236d
HP LaserJet MFP M232dw
HP LaserJet MFP M232dwc
HP LaserJet MFP M233dw
HP LaserJet MFP M236dw
HP LaserJet MFP M235dw
HP LaserJet MFP M235dwe
HP LaserJet MFP M237dwe
HP LaserJet MFP M237dw
HP LaserJet MFP M232sdn
HP LaserJet MFP M233sdn
HP LaserJet MFP M236sdn
HP LaserJet MFP M234sdn
HP LaserJet MFP M234sdne
HP LaserJet MFP M235sdn
HP LaserJet MFP M235sdne
HP LaserJet MFP M237sdne
HP LaserJet MFP M237sdn
HP LaserJet MFP M232sdw
HP LaserJet MFP M233sdw
HP LaserJet MFP M236sdw
HP LaserJet MFP M234sdw
HP LaserJet MFP M234sdwe
HP LaserJet MFP M235sdw
HP LaserJet MFP M235sdwe
HP LaserJet MFP M237sdwe
HP LaserJet MFP M237sdw
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Use the traffic class description field to identify similar classes.
This ensures that a class used in both the up- and down-link is
printed with matching colors in both graphs.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update Openssh from 8.4p1 to 8.5p1
- rootfiles not changed
- ssh access by keys tested with 8.5p1 and successfully worked
- Full Release notes can be read at https://www.openssh.com/releasenotes.html
- Future deprecation notice
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.
In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
OpenSSH will disable this signature scheme by default in the near
future.
Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.
- Checked if the weak ssh-rsa public key algorithm was being used with
openssh8.4p1 by running
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
host verification was successful with no issue so IPFire will not be
affected by this deprecation when it happens
- Potentially-incompatible changes
* ssh(1), sshd(8): this release changes the first-preference signature
algorithm from ECDSA to ED25519.
This did not affect my use of ssh login but I use ED25519 as the only
key algorithm that I use. It might be good to get it tested by
someone who has ECDSA and ED25519 keys and prefers ECDSA
Remaining changes don't look likely to affect IPFire users
- Bugfixes
* ssh(1): Prefix keyboard interactive prompts with "(user@host)" to
make it easier to determine which connection they are associated
with in cases like scp -3, ProxyJump, etc. bz#3224
* sshd(8): fix sshd_config SetEnv directives located inside Match
blocks. GHPR201
* ssh(1): when requesting a FIDO token touch on stderr, inform the
user once the touch has been recorded.
* ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the effective value
(for most platforms) at 24 days. bz#3229
* ssh(1): consider the ECDSA key subtype when ordering host key
algorithms in the client.
* ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
that it control allowed key algorithms, when this option actually
specifies the signature algorithms that are accepted. The previous
name remains available as an alias. bz#3253
* ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
* sftp-server(8): add missing lsetstat@openssh.com documentation
and advertisement in the server's SSH2_FXP_VERSION hello packet.
* ssh(1), sshd(8): more strictly enforce KEX state-machine by
banning packet types once they are received. Fixes memleak caused
by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
* sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
platforms instead of being limited by LONG_MAX. bz#3206
* Minor man page fixes (capitalization, commas, etc.) bz#3223
* sftp(1): when doing an sftp recursive upload or download of a
read-only directory, ensure that the directory is created with
write and execute permissions in the interim so that the transfer
can actually complete, then set the directory permission as the
final step. bz#3222
* ssh-keygen(1): document the -Z, check the validity of its argument
earlier and provide a better error message if it's not correct.
bz#2879
* ssh(1): ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config. bz#2320
* sshd_config(5): mention that DisableForwarding is valid in a
sshd_config Match block. bz3239
* sftp(1): fix incorrect sorting of "ls -ltr" under some
circumstances. bz3248.
* ssh(1), sshd(8): fix potential integer truncation of (unlikely)
timeout values. bz#3250
* ssh(1): make hostbased authentication send the signature algorithm
in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The bundles BIND package contains some outdated files as well which is
why I am extracting it first and then call UPDATE_AUTOMAKE.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Unfortunately, Rust is not available for riscv64, which is why we have
to disable this package and all that depend on it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
