- Update from version 3.3 to 3.5
- Update of rootfile not required
- Two patches no longer required as fixes are now in source tarball
- Changelog
3.5 (Tue Mar 14 2023)
- Decode HPE OEM records 216, 224, 230, 238 and 242.
- Fortify entry point length checks.
- Add a --no-quirks option.
- Drop the CPUID exception list.
- Do not let --dump-bin overwrite an existing file.
- Ensure /dev/mem is a character device file.
- Bug fixes:
Fix segmentation fault in HPE OEM record 240
- Minor improvements:
Typo fixes
Write the whole dump file at once
Fix a build warning when USE_MMAP isn't set
3.4 (Mon Jun 27 2022)
- Support for SMBIOS 3.4.0. This includes new memory device types, new
processor upgrades, new slot types and characteristics, decoding of memory
module extended speed, new system slot types, new processor characteristics
and new format of Processor ID.
- Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS
characteristics, new slot characteristics, new on-board device types, new
pointing device interface types, and a new record type (type 45 -
Firmware Inventory Information).
- Decode HPE OEM records 194, 199, 203, 236, 237, 238 and 240.
- Bug fixes:
Fix OEM vendor name matching
Fix ASCII filtering of strings
Fix crash with option -u
- Minor improvements:
Skip details of uninstalled memory modules
Don't display the raw CPU ID in quiet mode
Improve the formatting of the manual pages
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.0.12 to 2.14
- Update of rootfile not required
- Changelog
2.14 (2023-10-06)
o MPLS subsystem
o L3VPN: BGP/MPLS VPNs (RFC 4364)
o BGP: Access to unknown route attributes
o RAdv: Custom options
o Babel: RTT metric extension
o BMP: Refactored route monitoring
o BMP: Multiple instances of BMP protocol
o BMP: Both pre-policy and post-policy monitoring
o Experimental route aggregation
o Filter: Method framework
o Filter: Functions have return type statements
o Filter: New bytestring data type
o Kernel: Option to learn kernel routes
o Many bugfixes and improvements
Notes:
User-defined filter functions that return values now should have return type
statements. We still accept functions without such statement, if they could be
properly typed.
For loops allowed to use both existing iterator variables or ones defined in
the for statement. We no longer support the first case, all iterator variables
must be defined in the for statement (e.g. 'for int i in bgp_path ...').
Due to oversight, VRF interfaces were not included in respective VRFs, this is
fixed now.
2.13.1 (2023-06-23)
o BGP: Fix role check when no capability option is present
o Filter: Fixed segfault when a case option had an empty block
This is a bugfix version.
2.13 (2023-04-21)
o Babel: IPv4 via IPv6 extension (RFC 9229)
o Babel: Improve authentication on lossy networks
o BGP: New 'allow bgp_med' option
o BSD: Support for IPv4 routes with IPv6 nexthop on FreeBSD
o Experimental BMP protocol implementation
o Important bugfixes
Notes:
We changed versioning scheme from <epoch>.<major>.<minor> to more common
<major>.<minor>.<patch> . From now on, you may expect that BIRD 2.13.x will be
strictly only fixing bugs found in 2.13, whereas BIRD 2.14 will also contain
new features.
This BIRD version contains an alpha release of BMP protocol implementation.
It is not ready for production usage and therefore it is not compiled by
default and have to be enabled during installation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This updated version of this script avoids any errors if collectd is not
running (yet) which might happen during the boot process.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
new openssl need at least 2048 bit rsa keys for apache.
So if the existing is smaller a new 4096 bit key is generated.
fixes#13527
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
To quote from the kernel documentation:
> Historically the kernel has allowed TIOCSTI, which will push
> characters into a controlling TTY. This continues to be used
> as a malicious privilege escalation mechanism, and provides no
> meaningful real-world utility any more. Its use is considered
> a dangerous legacy operation, and can be disabled on most
> systems.
>
> Say Y here only if you have confirmed that your system's
> userspace depends on this functionality to continue operating
> normally.
>
> Processes which run with CAP_SYS_ADMIN, such as BRLTTY, can
> use TIOCSTI even when this is set to N.
>
> This functionality can be changed at runtime with the
> dev.tty.legacy_tiocsti sysctl. This configuration option sets
> the default value of the sysctl.
This patch therefore proposes to no longer allow legacy TIOCSTI usage
in IPFire, given its security implications and the apparent lack of
legitimate usage.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://github.com/htop-dev/htop/blob/main/ChangeLog
"What's new in version 3.3.0
* Multiple refactorings and code improvements
* Shorten docker container IDs to 12 characters
* Settings: preserve empty header
* Fix execlp() argument without pointer cast
* OpenFilesScreen: Make column sizing dynamic for file size, offset and inode
* Add support for "truss" (FreeBSD equivalent of "strace")
* Darwin: add NetworkIOMeter support
* HeaderLayout: add "3 columns - 40/30/30", "... 30/40/30" & "... 30/30/40"
* Meter: use correct unicode characters for digit '9'
* Note in manual re default memory units of KiB
* Add column for process container name
* Add logic to filter the container name (+type) from the CGroup name
* Change NetworkIOMeter value unit from KiB/s to bytes/second
* Cap DiskIOMeter "utilisation" percentage at 100%
* PCP platform implementation of frontswap and zswap accounting
* Shorten podman/libpod container IDs to 12 characters
* Write configuration to temporary file first
* Incorporate shared memory in bar text
* Move shared memory next to used memory
* Correct order of memory meter in help
* Add recalculate to Ctrl-L refresh
* Update process list on thread visibility toggling
* Support dynamic screens with 'top-most' entities beyond processes
* Introduce Row and Table classes for screens beyond top-processes
* Rework ZramMeter and remove MeterClass.comprisedValues
* More robust logic for CPU process percentages (Linux & PCP)
* Show year as start time for processes older than a year
* Short-term fix for docker container detection
* default color preset: use bold blue for better visibility
* Document 'O' keyboard shortcut
* Implement logic for '--max-iterations'
* Update F5 key label on tab switch (Tree <-> List)
* Force re-sorting of the process list view after switching between list/treeview mode
* Linux: (hack) work around the fact that Zswapped pages may be SwapCached
* Linux: implement zswap support
* {Memory,Swap}Meter: add "compressed memory" metrics
* Darwin: add DiskIOMeter support
* Fix scroll relative to followed process
* ZramMeter: update bar mode
* Use shared real memory on FreeBSD
* Increase Search and Filter max string length to 128
* Improve CPU computation code
* Remove LXC special handling for the CPU count
* Create new File Descriptor meter
* PCP: add IRQ PSI meter
* Linux: add IRQ PSI meter
* Linux: highlight username if process has elevated privileges
* Add support for scheduling policies
* Add a systemd user meter to monitor user units.
* FreeBSD: remove duplicate zfs ARC size subtraction"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
This script has been modified when we touched ExtraHD in Core Update
179/180, but has been forgotten to be shipped.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The "ping" plugin does not re-resolve the gateway IP address after
pinging it for the first time. For most people this won't be a big
problem, but if the default gateway changes, the latency graph won't
work any more.
In order to do re-resolve "gateway", the only way is to restart
collectd.
Fixes: #13522
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Because of a single variable being passwd with the workgroup, it would
have been possible to inject shell commands here. Passing it in the
array prevents that.
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
- lfs and toorfile created for wsdd
- wsdd added to make.sh script
- created install/update/uninstall scripts for wsdd that create an unpriveleged user and
group.
- initscript created for wsdd. As wsdd is a python3 script, when it is run as a daemon the
pidof command does not find any pid for wsdd. So a directory/file for a pid file was
created. This is then passed to the loadproc and killproc commands. After the loadproc
command has been created the pid is extracted from the ps aux command and put into the
pid file. This then works when running the killproc command for it to know what to go
and stop. The statusproc command does not have the ability to feed in the pid from a
pid file and so it fails to find a running wsdd as it uses the pidof command. Code was
added to the status section of the initscript to check if the pid file exists and if so
to print the same command as used with the statusproc command, and also the same
wording if the pid file does not exist because wsdd is not running.
- info from the ethernet/settings file is used to identify if only green0 is available or
if blue0 is also used and based on this the appropriate interface commands are added to
the wsdd command.
- wsdd is also set up to run in a chroot
- Has been tested on my vm testbed, initially by editing the files on the vm clone. After
everything confiremd to be working, the build was successfully carried out and the
.ipfire package was copied to a new vm clone installed and shown to perform as expected.
This test only confirms that wsdd is correctly installed and started. Shutsdown and
restarts on reboot successfully. Confirmed from the ps aux info that wsdd has been
started with the correct options. Thge testing can not evaluate if wsdd enables windows
systems newer than version 7 top be able to detect the samba shares as I have no
windows systems.
Fixes: Bug13445
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Some programs do not write their own PID files any more, but since our
initscripts heavily rely on those, this extension allows to store it
easily.
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
getpids() checked whether it needed to pass a pid file to pidofproc, but
the check was inverted.
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
According to the source tarball's NEWS file:
- Improvements
- Allow passing a path to modprobe so the module is loaded from
anywhere from the filesystem, but still handling the module
dependencies recorded in the indexes. This is mostly intended for kernel
developers to speedup testing their kernel modules without having to load the
dependencies manually or override the module in /usr/lib/modules/.
Now it's possible to do:
# modprobe ./drivers/gpu/drm/i915/i915.ko
As long as the dependencies didn't change, this should do the right thing
- Use in-kernel decompression if available. This will check the runtime support
in the kernel for decompressing modules and use it through finit_module().
Previously kmod would fallback to the older init_module() when using
compressed modules since there wasn't a way to instruct the kernel to
uncompress it on load or check if the kernel supported it or not.
This requires a recent kernel (>= 6.4) to have that support and
in-kernel decompression properly working in the kernel.
- Make modprobe fallback to syslog when stderr is not available, as was
documented in the man page, but not implemented
- Better explaing `modprobe -r` and how it differentiates from rmmod
- depmod learned a `-o <dir>` option to allow using a separate output
directory. With this, it's possible to split the output files from
the ones used as input from the kernel build system
- Add compat with glibc >= 2.32.9000 that dropped __xstat
- Improve testsuite to stop skipping tests when sysconfdir is something
other than /etc
- Build system improvements and updates
- Change a few return codes from -ENOENT to -ENODATA to avoid confusing output
in depmod when the module itself lacks a particular ELF section due to e.g.
CONFIG_MODVERSIONS=n in the kernel.
- Bug Fixes
- Fix testsuite using uninitialized memory when testing module removal
with --wait
- Fix testsuite not correctly overriding the stat syscall on 32-bit
platforms. For most architectures this was harmless, but for MIPS it
was causing some tests to fail.
- Fix handling unknown signature algorithm
- Fix linking with a static liblzma, libzstd or zlib
- Fix memory leak when removing module holders
- Fix out-of-bounds access when using very long paths as argument to rmmod
- Fix warnings reported by UBSan
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Noteworthy changes in this release, according to
https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00001.html :
* New option --ignore-dirnlink
Valid in copy-out mode, it instructs cpio to ignore the actual number
of links reported for each directory member and always store 2
instead.
* Changes in --reproducible option
The --reproducible option implies --ignore-dirlink. In other words,
it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes.
* Use GNU ls algorithm for deciding timestamp format in -tv mode
* Bugfixes
** Fix cpio header verification.
** Fix handling of device numbers on copy out.
** Fix calculation of CRC in copy-out mode.
** Rewrite the fix for CVE-2015-1197.
** Fix combination of --create --append --directory.
** Fix appending to archives bigger than 2G.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
