- Update minicom from 2.7.1 to 2.8
- Changelog for version 2.8
New timestamp mode: Delta to previous line.
Add HPA ESC sequence
Add alternative window support (ti/te)
Fix file name of non-global configuration settings.
Update translations: Indonesian, French, Swedish, Spanish, German, Brazilian Portuguese, Vietnamese, Polish, Danish, Norwegian, Serbian
New translation: Serbian, Simplified chinese
Fix F10 macro key used in current setups
Add F11 and F12 for macro use
Fixed DTR for recent systems
Add support for RS485.
Add --capturefile-buffer-mode option
Bug fixes
- Updated rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update arping from 2.15 to 2.21
- Notable changes from 2.20 to 2.21:
* Use more modern pcap API calls, when available
* Add payload data to mac ping
* chdir(/) after chroot()
* Misc minor cleanup
- Notable changes from 2.19 to 2.20:
* Improved support for cross-compile
* Use unveil(2) and pledge(2) where available (i.e. OpenBSD)
* Fix false duplicates when destination address is *also* assigned to local interface
* Minor typo-level fixes
- Notable changes from 2.18 to 2.19:
* Added -g to drop privs to alternate user (for Android)
* Slightly improved error messages
- Notable changes from 2.17 to 2.18:
* Make -w/-W work like 'ping'
- Notable changes from 2.16 to 2.17:
* Add padding to packets to work on Raspberry Pi 3
- Notable changes from 2.15 to 2.16:
* VLAN tagging (Nikolay Aleksandrov)
* 802.1Q priority (Nikolay Aleksandrov)
* Added a bunch of unit tests.
* Be more lazy about initializing libnet.
This fixes issues where arping would sometimes pick an unsuitable
device during arg parsing, if the "first" device on the system is
not a "normal" device.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The database we ship by default is meanwhile four weeks old, and since
the merge window for Core Update 154 is still open, there is no need to
ship data being more outdated than they have to be. :-)
The second version of this patch also updates the checksum for the
downloaded database file.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update sudo from 1.9.5p1 to 1.9.5p2
- Major changes between version 1.9.5p2 and 1.9.5p1:
Fixed sudo's setprogname(3) emulation on systems that don't provide it.
Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954.
Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically.
The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache.
When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is complicated to set the password in the C helper binary.
Therefore it is being set by a helper script.
This is still not an optimal solution since the password might be
exposed to the shell environment, but has the advantage that shell
command injection is no longer possible.
Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
There is no need for this being implemented and it is dangerous to allow
the user to create any shell accounts or users that belong to groups
with higher privileges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function invokes a new command similar to safe_system()
but without launching a shell before.
That way, it is possible to execute commands without any risk
of shell command injection from nobody.
Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Fixes: #12562
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit f1d98a1c3f.
The new version of make seems to break building u-boot on armv5tel.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.8.6 to 1.8.7
Florian Westphal (4):
xtables-monitor: fix rule printing
xtables-monitor: fix packet family protocol
xtables-monitor: print packet first
xtables-monitor:
Pablo Neira Ayuso (2):
tests: shell: update format of registers in bitwise payloads.
configure: bump version for 1.8.7 release
Phil Sutter (21):
nft: Optimize class-based IP prefix matches
ebtables: Optimize masked MAC address matches
tests/shell: Add test for bitwise avoidance fixes
ebtables: Fix for broken chain renaming
iptables-test.py: Accept multiple test files on commandline
iptables-test.py: Try to unshare netns by default
libxtables: Extend MAC address printing/parsing support
xtables-arp: Don't use ARPT_INV_*
xshared: Merge some command option-related code
tests/shell: Test for fixed extension registration
extensions: dccp: Fix for DCCP type 'INVALID'
nft: Fix selective chain compatibility checks
nft: cache: Introduce nft_cache_add_chain()
nft: Implement nft_chain_foreach()
nft: cache: Move nft_chain_find() over
nft: Introduce struct nft_chain
nft: Introduce a dedicated base chain array
nft: cache: Sort custom chains by name
tests: shell: Drop any dump sorting in place
nft: Avoid pointless table/chain creation
tests/shell: Fix nft-only/0009-needless-bitwise_0
- Rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Cache ethernet configuration in public variable "ethernet_settings",
add functions to simplify working with the network configuration.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function nicely translates the ethernet/settings "CONFIG_TYPE"
into a list of available zones. Therefore it should be more accessible!
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Exerpt from 'ChangeLog.md':
"## [3.18.0] - 2021-01-08
- allow UIDs and GIDs to be specified numerically (#217)
- add support for Zstandard compressed files (#355)
- make `delaycompress` not to fail with `rotate 0` (#341)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Since programs from the toolchain are linked against this, we need to
make this library available in stage 2, too.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The SSH init script only kills the main daemon which leads to any child
processes (for remaining connections) being untouched.
killproc returns 4 (unknown error) when not all processes were killed
which is not intended here. Therefore we ignore the error and do not
pause the shut down process for a minute.
Fixes: #12544
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
