Triggered by Bug #12846 - in this context I noticed that vnstat had been updated to version 2.9.
For details see:
https://humdi.net/vnstat/CHANGES
"2.9 / 23-Jan-2022
- Fixed
- RescanDatabaseOnSave configuration option wasn't being read from the
configuration file resulting in the feature always being enabled
- Hourly graph image output using large fonts didn't correctly fade out
the x-axis line for hours not having data available
- New
- Add --alert for producing output and/or specific exit status when
configured condition and transfer limit is exceeded, can also be used
for "quota remaining" type of queries depending on used parameters
- Add configuration option InterfaceMatchMethod which allows configuring
the possibility of specifying an interface for database queries by using
its alias instead of system provided interface name, enabled by default
to support case insensitive matching of the beginning of interface
aliases (vnstat and vnstati)
- Image output file extension allows selecting the used image file format
as long as the used LibGD supports it, PNG is no longer the only option
- Add configuration option HourlyGraphMode for changing the output mode
of the graph, 0 = 24 hour sliding window (default, as in previous
releases), 1 = graph begins from midnight
- Add mode parameter for -hg / --hoursgraph options for overriding the
HourlyGraphMode configuration option setting from the command line
- Add vertical line to image output hourly graph to visualize midnight
- Add -t / --timestamp options to daemon for enabling timestamps to prints
when the daemon is running in the foreground attached to a terminal
- Accept ; as comment character in configuration file in addition to #
- Comment out keywords which are using default values with ; character in
provided configuration file and --showconfig output
2.8 / 4-Sep-2021
- Fixed
- Using a combination of --live and --json wasn't flushing stdout after
each line resulting in buffered output if the output was being piped
- Image output would fail to show the last line bar graph in list outputs
if EstimateStyle was 0, BarColumnShowsRate was 1 and the last line had a
higher traffic rate than other lines
- Image output didn't correctly horizontally align the "no data available"
message in 5 minute graph depending on the width of the image
- Image output related configuration warnings could get shown when image
output wasn't being used
- Warnings of mismatches between image output and data retention
configuration didn't provide relevant details for solving the issues
- BandwidthDetection was being used for tun interfaces even when the
Linux kernel had the information hardcoded to 10 Mbit regardless of the
used real interface, interface specific MaxBW will now be used instead
or MaxBandwidth as fallback
- Configured interface specific MaxBW values were getting overridden by
BandwidthDetection when something could be detected
- Image output horizontal rx/tx bars often had one pixel too much width in
the tx section resulting in slightly wrong ratio getting shown
- Top days list wasn't always sorting entries with exactly the same traffic
sum using ascending date
- 64bitInterfaceCounters with value -2 always assumed 32-bit on Linux
systems until a 64-bit value was seen if kernel headers weren't available
when binaries were built
- New
- Add the possibility of specifying an interface without using the
-i / --iface options (vnstat and vnstati)
- The daemon can discover added interfaces from the database without
requiring a restart, configurable with option RescanDatabaseOnSave
- Add configuration option UseUTC for using UTC as timezone for database
entries instead of following the system timezone configuration
- --iflist uses user configured interface specific MaxBW values in the
output when available instead of showing only the kernel provided
information when detected
- Add configuration option AlwaysAddNewInterfaces to expose the daemon
--alwaysadd command line option which gains an optional mode parameter
- Image output uses LibGD filled arc bug workaround only for LibGD
versions that are known to be broken
- Image output example cgi (examples/vnstat.cgi) improvements
- Automatically lists all monitored interfaces instead of requiring the
list to be filled manually, server name in page title comes from
hostname command by default
- Provides links for most available images to more detailed or longer
versions of each image
- Allows direct interface specific page access with /interfacename suffix
for the cgi if the used httpd supports PATH_INFO
- Page auto refresh can be enabled with configurable interval"
Please note:
As mentioned above, the default values in 2.9 are commented out. I have reversed this
by adding a simple 'sed' command to the lfs file.
Another possibility would have been to extend the existing sed commands. If this
is desired differently, please report.
As - nearly - always: running here with no seen problems...
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
vnstat is linked against libgd which has had an SO bump and therefore
needs to be shipped again.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
mount, as updated via util-linux, no longer writes /etc/mtab, causing
programs to rely on this file's content (such as the check_disk Nagios
plugin) to stop working.
/proc/self/mounts contains all the necessary information, so it is fine
to replace /etc/mtab by a symlink to it.
Fixes: #12843
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
remove the old kernel and reconfigure bootscripts for arm boards
and run user scripts to switch to a new kernel.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.
- xzgrep from XZ Utils versions up to and including 5.2.5 are
affected. 5.3.1alpha and 5.3.2alpha are affected as well.
- This bug was inherited from gzip's zgrep. gzip 1.12 includes
a fix for zgrep.
- CU167 has gzip-1.12 with the fix already merged.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.12.20 to 1.14.0
- Update of rootfile
- Changelog
1.14.x is a new stable branch, superseding 1.12.x.
Summary of major changes between 1.12.x and 1.14.0
Dependencies:
• dbus now requires at least a basic level of support for C99 variadic
macros, as implemented in gcc >= 3, all versions of Clang, and
MSVC >= 2005. In practice this requirement has existed since version
1.9.2, but it is now official.
• dbus now requires a C99-compatible va_copy() macro (or a __va_copy()
macro with the same behaviour), except when building for Windows using
MSVC and CMake.
• On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented,
they must be POSIX-conformant. The non-POSIX signature seen in ancient
Solaris versions will no longer work.
• All Windows builds now require Windows Vista or later.
(Note that we do not recommend or support use of dbus on operating
systems outside their vendor's security support lifetime, such as Vista.)
• GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
• Building using CMake now requires CMake 3.4.
• Building documentation using CMake now requires xsltproc, Docbook DTDs
(for example docbook-xml on Debian derivatives), and Docbook XSLT
stylesheets (for example docbook-xsl on Debian derivatives). Using
KDE's meinproc4 documentation processor is no longer supported.
Build-time configuration changes:
• Move CMake build system to top level, matching normal practice for
CMake projects
Deprecations:
**Looking through these I don't believe they will cause a problem as they are
deprecations and not yet removed.In the future if needed we might need to set
datadir to /etc to keep the location the same as with syscondir. This won't be
needed if we don't use the system.d directory for dbus policies.
• Third-party software should install default dbus policies for the system
bus into ${datadir}/dbus-1/system.d (this has been supported since dbus
1.10, released in August 2015). Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy
files in ${sysconfdir}/dbus-1/system.d continue to be read, but this
directory should only be used by system administrators wishing to
override the default policies.
The ${datadir} applicable to dbus is usually /usr/share and the
${sysconfdir} is usually /etc.
• A similar pattern applies to the session bus policies in session.d.
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
• The dbus-daemon man page now has scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and should
not be used, particularly for the standard system and session buses
• DBusServer (and hence the dbus-daemon) no longer accepts usernames
(login names) for the recommended EXTERNAL authentication mechanism,
only numeric user IDs or the empty string. See 1.13.0 release notes
for full details.
New features:
• On Linux 4.13 or later when built against a suitable glibc version,
GetConnectionCredentials() now includes UnixGroupIDs, the effective
group IDs of the initiator of the connection, taken from
SO_PEERGROUPS.
• On Linux 4.13 or later, <policy group="…"> now uses the SO_PEERGROUPS
credentials-passing socket option to get the effective group IDs
of the initiator of the connection. See 1.13.4 release notes for details.
• Add a --sender option to dbus-send, which requests a name and holds it
until the signal has been sent
• dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a combination of
send_destination and the arg0namespace keyword in match rules.
See 1.13.12 release notes for more details
• The dbus-daemon now filters the messages that it relays, removing
header fields that it does not understand. Clients must not rely on
this behaviour unless they have confirmed that they are connected to
a suitable message bus implementation, for example by querying its
Features property.
• The dbus-daemon now emits a signal, ActivatableServicesChanged, when
the list of activatable services may have changed. Support for this
signal can be discovered by querying the Features property.
• It is now possible to disable traditional (non-systemd) service
activation at build-time (Autotools: --disable-traditional-activation,
CMake: -DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release notes
for details.
• The API reference manual can be built as a Qt compiled help file if
qhelpgenerator(-qt5) is available. See 1.13.16 release notes for details.
Miscellaneous behaviour changes:
• When using the "user bus" (--enable-user-session), put the dbus-daemon
in the session slice
• Several environment variables set by systemd are no longer passed
on to activated services
• If the dbus-daemon is compiled for Linux with systemd support, it
now informs systemd that it is ready for use via the sd_notify()
mechanism
• Tarball releases no longer contain pre-2007 changelogs and are now
compressed with xz, making them around 35% smaller.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.4.6 to 2.4.8
- Update of rootfile
- Changelog
Release 2.4.8 Mon March 28 2022
Other changes:
#587 pkg-config: Move "-lm" to section "Libs.private"
#587 CMake|MSVC: Fix pkg-config section "Libs"
#55#582 CMake|macOS: Start using linker arguments
"-compatibility_version <version>" and
"-current_version <version>" in a way compatible with
GNU Libtool
#590#591 Version info bumped from 9:7:8 to 9:8:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#589 CI: Upgrade Clang from 13 to 14
Release 2.4.7 Fri March 4 2022
Bug fixes:
#572#577 Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
with regard to all valid URI characters (RFC 3986),
i.e. the following set (excluding whitespace):
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
0123456789 % -._~ :/?#[]@ !$&'()*+,;=
Other changes:
#555#570#581 CMake|Windows: Store Expat version in the DLL
#577 Document consequences of namespace separator choices not just
in doc/reference.html but also in header <expat.h>
#577 Document Expat's lack of validation of namespace URIs against
RFC 3986, and that the XML 1.0r4 specification doesn't
require Expat to validate namespace URIs, and that Expat
may do more in that regard in future releases.
If you find need for strict RFC 3986 URI validation on
application level today, https://uriparser.github.io/ may
be of interest.
#579 Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
#575 Document that a call to XML_FreeContentModel can be done at
a later time from outside the element declaration handler
#574 Make hardcoded namespace URIs easier to find in code
#573 Update documentation on use of XML_POOR_ENTOPY on Solaris
#569#571 tests: Resolve use of macros NAN and INFINITY for GNU G++
4.8.2 on Solaris.
#578#580 Version info bumped from 9:6:8 to 9:7:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.9.4 to 1.10.1
- Update of rootfile
- Changelog
Noteworthy changes in version 1.10.1 (2022-03-28) [C24/A4/R1]
* Bug fixes:
- Fix minor memory leaks in FIPS mode.
- Build fixes for MUSL libc. [rCffaef0be61]
* Other:
- More portable integrity check in FIPS mode. [rC9fa4c8946a,T5835]
- Add X9.62 OIDs to sha256 and sha512 modules. [rC52fd2305ba]
Noteworthy changes in version 1.10.0 (2022-02-01) [C24/A4/R0]
* New and extended interfaces:
- New control codes to check for FIPS 140-3 approved algorithms.
- New control code to switch into non-FIPS mode.
- New cipher modes SIV and GCM-SIV as specified by RFC-5297.
- Extended cipher mode AESWRAP with padding as specified by
RFC-5649. [T5752]
- New set of KDF functions.
- New KDF modes Argon2 and Balloon.
- New functions for combining hashing and signing/verification. [T4894]
* Performance:
- Improved support for PowerPC architectures.
- Improved ECC performance on zSeries/s390x by using accelerated
scalar multiplication.
- Many more assembler performance improvements for several
architectures.
* Bug fixes:
- Fix Elgamal encryption for other implementations.
[R5328,CVE-2021-40528]
- Fix alignment problem on macOS. [T5440]
- Check the input length of the point in ECDH. [T5423]
- Fix an abort in gcry_pk_get_param for "Curve25519". [T5490]
* Other features:
- The control code GCRYCTL_SET_ENFORCED_FIPS_FLAG is ignored
because it is useless with the FIPS 140-3 related changes.
- Update of the jitter entropy RNG code. [T5523]
- Simplification of the entropy gatherer when using the getentropy
system call.
* Interface changes relative to the 1.10.0 release:
GCRYCTL_SET_DECRYPTION_TAG NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_CIPHER NEW control code.
GCRYCTL_FIPS_SERVICE_INDICATOR_KDF NEW control code.
GCRYCTL_NO_FIPS_MODE = 83 NEW control code.
GCRY_CIPHER_MODE_SIV NEW mode.
GCRY_CIPHER_MODE_GCM_SIV NEW mode.
GCRY_CIPHER_EXTENDED NEW flag.
GCRY_SIV_BLOCK_LEN NEW macro.
gcry_cipher_set_decryption_tag NEW macro.
GCRY_KDF_ARGON2 NEW constant.
GCRY_KDF_BALLOON NEW constant.
GCRY_KDF_ARGON2D NEW constant.
GCRY_KDF_ARGON2I NEW constant.
GCRY_KDF_ARGON2ID NEW constant.
gcry_kdf_hd_t NEW type.
gcry_kdf_job_fn_t NEW type.
gcry_kdf_dispatch_job_fn_t NEW type.
gcry_kdf_wait_all_jobs_fn_t NEW type.
struct gcry_kdf_thread_ops NEW struct.
gcry_kdf_open NEW function.
gcry_kdf_compute NEW function.
gcry_kdf_final NEW function.
gcry_kdf_close NEW function.
gcry_pk_hash_sign NEW function.
gcry_pk_hash_verify NEW function.
gcry_pk_random_override_new NEW function.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.0.4 to 1.0.5
- Update of rootfile not required
- Changelog
Version 1.0.5 changes from git commits
src: doc: Fix messed-up Netlink message batch diagram
build: If doxygen is not available, be sure to report "doxygen: no" to ./conf...
build: doc: get rid of the need for manual updating of Makefile
build: doc: "make" builds & installs a full set of man pages
doxygen: Fixed link to the git source tree on the website.
include: add MNL_SOCKET_DUMP_SIZE definition
doxygen: remove EXPORT_SYMBOL from the output
nlmsg: Fix a missing doxygen section trailer
src: fix doxygen function documentation
examples: Add rtnl-addr-add.c
examples: reduce LOCs during neigh attributes validation
examples: fix print line format
examples: fix neigh max attributes
examples: add arp cache dump example
libmnl: zero attribute padding
examples: rtnl-addr-dump: fix typo
callback: mark cb_ctl_array 'const' in mnl_cb_run2()
examples: nfct-daemon: Fix test building on musl libc
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- This is an addon whose purpose is defined as :-
Netpbm is a toolkit for manipulation of graphic images, including conversion of images
between a variety of different formats. There are over 300 separate tools in the
package including converters for about 100 graphics formats. Examples of the sort of
image manipulation we're talking about are: Shrinking an image by 10%; Cutting the top
half off of an image; Making a mirror image; Creating a sequence of images that fade
from one image to another.
- None of the above seems to be a purpose related to a Firewall. Additionally it is
available in a huge number of distributions, including Linux, BSD,Windows,
MacOS X/Darwin, Solaris, AIX etc
- This package seems to be better used on a system in the lan protected by IPFire than
used on IPFire itself
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- This is the legacy version of libnl - 1.1.4 and was released in 2013
- libnl-3 is the running stable version - 3.5.0
- Nothing in IPFire has libnl as a dependency. Large number of programs have libnl-3 as
a dependency
- libnl developer indicates that libnl-3 should be used if in any way possible and that
the legacy version is for situations that fail to work with libnl-3
- As everything in IPFire looks to already be using libnl-3 this patch is to remove the
legacy version
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 6.61 to 6.62
- Update of rootfile not required
- Changelog
6.62 2022-04-05 01:04:17Z
- Allow downloading to a filehandle (GH#400) (Andrew Fresh)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://raw.githubusercontent.com/rfc1036/whois/next/debian/changelog
whois (5.5.13) unstable; urgency=medium
* Added the .sd TLD server.
* Updated the list of new gTLDs.
* Added the Turkish translation, contributed by Oguz Ersen.
-- Marco d'Itri <md@linux.it> Fri, 08 Apr 2022 01:08:55 +0200
whois (5.5.12) unstable; urgency=medium
* Updated the .pro TLD server, which was totally broken.
* Fixed the detection of Japanese locales using $LC_MESSAGES.
* Implemented providing partial salt strings to mkpasswd.
* Removed 2 new gTLDs which are no longer active.
* Updated one or more translations. (Closes: #1003597)
* Enabled full hardening in debian/rules.
-- Marco d'Itri <md@linux.it> Wed, 23 Feb 2022 01:03:11 +0100
whois (5.5.11) unstable; urgency=medium
* Implemented a --no-recursion command line option to disable recursion
from registrar to registry servers.
* Updated the .pro, .vu and .xxx TLD servers.
* Updated the list of new gTLDs.
* Removed 7 new gTLDs which are no longer active.
* Updated make_version_h.pl to support Ubuntu no-change uploads,
contributed by Matthias Klose. (Closes: #995873)
-- Marco d'Itri <md@linux.it> Mon, 03 Jan 2022 18:18:36 +0100
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Fixes: 12831
Jonatan Schlag reported that the command line options of 'vnstat' had changed
"...and seemed to be broken a long time".
=> https://bugzilla.ipfire.org/show_bug.cgi?id=12831#c0
Several command line switches used in networking initscripts were obviously removed.
Affected commands in '.../networking/any' and '.../networking/red'):
...
/usr/bin/vnstat -u -i ${DEVICE} -r --enable --force > /dev/null 2>&1
...
/usr/bin/vnstat -u -i ${DEVICE} -r --disable > /dev/null 2>&1
...
and
...
/usr/bin/vnstat -u -i ppp0 -r --disable > /dev/null 2>&1
...
Adolf Belka tested this, "looked through the changelogs" and found - besides that
the switch '--enable' had been removed "in version 2.0 in 2018" - that '--enable', '--update'
and '--reset' switches are either not needed or not supported anymore.
"The old man page indicates that none of those options are used when the vnstat daemon
is running."
Since we only start and run 'vnstatd' in IPFire it was decided to remove these commands.
Reported-by: jonatan.schlag <jonatan.schlag@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from 3.0.6 to 3.0.7
- Update of rootfile
- Changelog
Version 3.0.7 -
- Fixed bug #345, in which delimitedList changed expressions in place
using expr.streamline(). Reported by Kim Gräsman, thanks!
- Fixed bug #346, when a string of word characters was passed to WordStart
or WordEnd instead of just taking the default value. Originally posted
as a question by Parag on StackOverflow, good catch!
- Fixed bug #350, in which White expressions could fail to match due to
unintended whitespace-skipping. Reported by Fu Hanxi, thank you!
- Fixed bug #355, when a QuotedString is defined with characters in its
quoteChar string containing regex-significant characters such as ., *,
?, [, ], etc.
- Fixed bug in ParserElement.run_tests where comments would be displayed
using with_line_numbers.
- Added optional "min" and "max" arguments to `delimited_list`. PR
submitted by Marius, thanks!
- Added new API change note in `whats_new_in_pyparsing_3_0_0`, regarding
a bug fix in the `bool()` behavior of `ParseResults`.
Prior to pyparsing 3.0.x, the `ParseResults` class implementation of
`__bool__` would return `False` if the `ParseResults` item list was empty,
even if it contained named results. In 3.0.0 and later, `ParseResults` will
return `True` if either the item list is not empty *or* if the named
results dict is not empty.
# generate an empty ParseResults by parsing a blank string with
# a ZeroOrMore
result = Word(alphas)[...].parse_string("")
print(result.as_list())
print(result.as_dict())
print(bool(result))
Prints:
[]
{}
False
# add a results name to the result
result["name"] = "empty result"
print(result.as_list())
print(result.as_dict())
print(bool(result))
Prints:
[]
{'name': 'empty result'}
True
In previous versions, the second call to `bool()` would return `False`.
- Minor enhancement to Word generation of internal regular expression, to
emit consecutive characters in range, such as "ab", as "ab", not "a-b".
- Fixed character ranges for search terms using non-Western characters
in booleansearchparser, PR submitted by tc-yu, nice work!
- Additional type annotations on public methods.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Build worked without libevent without problems
- Nothing shows up as dependent on the libevent (legacy) libraries
- Lots of dependencies on the the libevent2 libraries
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.0.1 to 1.0.2
- Update of rootfile not required
- Changelog
Version 1.0.2
* Warnings with automake-1.12
* Update header comments to reflect GPLv2+ license
* Allow building on uclinux
* Valgrind warnings due to uninitialized padding in netlink messages
* Hide private library symbols
* Support builds with newer doxygen versions
* Failing calls to getsockname() were left unnoticed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
