This ensures that jQuery is also available for custom javascript
added to the HTML <head> with $extrahead.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.50 to 2.61
- Update of rootfile
- Changelog
Release notes for 2.61
Better error handling of the numerical arguments for capsh and setcap.
Reported by meitingli with some bug de-duping help from Artem S. Tashkinov (Bugs 214909, 214911)
Fix executable mode for all of the .so files. There were two situations where this was failing (with a hard to debug SIGSEGV inside libc). Bugs reported by Sam James. Both the same solution related to stack alignment and use of SSE instructions:
glibc and the 32-bit x86 mode (Gentoo bug 820071)
musl runtime library for 64-bit x86 code (Bug 215009)
Added an example of a shared library object with its own file capability.
It demonstrates how to give a shared library a file capability and offer it as a linkable privileged API service to an otherwise unprivileged binary.
Fix the top-level include for Make.Rules in the contrib/sucap example application
Add support for running constructors at libcap.so start up time when running as stand alone binary.
This enables the binary executable to print out some dynamically generated content when given the --summary argument.
Release notes for 2.60
Some build, code linting fixes, the addition of the cap_fill_flag() API and a memory latency optimization contributed by Google (Bugs: 214579 214601 214599)
General improvement in thread safety for libcap and cap package (Bug: 214715)
Minor API change replacing libcap:cap_launch_*() void returning functions with int + errno status returns.
This should be backwardly compatible for code.
Added a cap_iab_dup(), and (*cap.IAB).Dup() to API.
Fixed (*cap.IAB).Fill() which was previously malfunctioning for certain Inh and Amb copies.
New features for capsh
--quiet can be used to suppress the start up check that the local libcap is modern enough to name all of the capabilities known to the hosting kernel
Added -+ and =+ arguments. These are fork+exec equivalents to -- and == respectively (that use the cap_launch API).
Release notes for 2.59
libcap-2.55 ... 2.58 would SIGSEGV if an operation was attempted on a NULL value for cap_t or cap_iab_t. Restore the more tolerant error return behavior last seen with libcap-2.54. (Bug 214525)
More make -j13 fixes (missing dependency for make -C progs sudotest).
Various minor documentation fixes.
Release notes for 2.58
Fixed a potential libcap memory leak by adding a destructor (Bug 214373 reported by yan12125)
Major improvement is that there is a path for Linux-PAM compliant applications to support setting Ambient vector Capabilities via pam_cap.so now (Bug 214377)
In addition to the bug, related discussion is in two Github issues: https://github.com/shadow-maint/shadow/pull/408#issuecomment-919673098 and https://github.com/rra/pam-krb5/issues/21
Added support for RPM builds that generate the build-id that RPM expects (see https://github.com/rpm-software-management/rpm/issues/367 for discussion)
Minor contrib/sucap/su.c cleanups
Clean up kdebug build rules
More documentation cleanup
Release notes for 2.57
capsh enhancements:
--mode makes a guess at the libcap mode of the current process (Bug 214319)
--strict makes capsh less permissive and expects the user to perform more deliberate capability transactions
useful for learning all the steps; and helps this article be more pedagogical.
Build system fixes
Preserve $(WARNINGS) (Fix from David Seifert)
Don't ever build test binaries unless make test etc is invoked (speeds builds on slower systems)
Support make -j12 for all, test and sudotest targets
getcap -r / now generates readable output (Bug 214317)
Some documentation cleanup: more consistency.
Release notes for 2.56
Canonicalize the Makefile use (in collaboration with David Seifert)
In the process fixed a bug in pam_cap/test_pam_cap (reported by David Seifert, Bug 214257)
Doc fixes for cap_iab.3
Added color support to captree, which helped make the following fix generate readable output:
Fixed captree to not display duplicate copies of sub-trees if also exploring their ancestor (Bug 214269)
Fixed contrib/sucap/su to correctly handle the Inheritable flag.
Release notes for 2.55
Two rounds of fixes for the results of some static analysis performed by Zoltan Fridrich
Removed a clang compilation warning about memory allocation by rewriting the way cap_free() and the various libcap memory allocation mechanisms work. (Bug 214183)
This generated a few broken builds until it was fixed.
Cleanup of some man pages; some fixes and shorter URL to bugzilla link.
Added libcap cap_proc_root() API function (to reach parity with the Go cap package).
This is only potentially useful with the recently added cap_iab_get_pid() function
Revamped what the GOLANG=yes builds install - used to install local copies of cap and psx, but these were effectively useless because of the Go module support in recent Go releases in favor of user controller GOPATH.
Now make GOLANG=yes only installs the captree utility
Added some features to captree and created a small article on it
Added a man page for the captree utility
Some small changes to the tests to account for the idiosyncrasies of some new testing environments I've accumulated.
Included adding --has-b support to capsh
Release notes for 2.54
Fix for a corner case infinite loop handling long strings (patch provided by Samanta Navarro)
Fixes to not ignore allocation failures (patch provided by Samanta Navarro)
Evolving work from Samanta Navarro, found and fixed a memory leak in cap_iab_get_proc()
More robust discovery of the name of the dynamic loader of the build target (patch provided by Arnout Vandecappelle)
Revamped the Go capability comparison API for *cap.Set and *cap.IAB: (x).Cf(), and added cap.IABGetPID()
Added libcap cap_iab_compare() and cap_iab_get_pid() APIs.
Added a Go utility, captree, to display the process (and thread) graph along with the POSIX.1e and IAB capabilities of each PID{TID} tree.
Extended getpcaps to support the --iab command line argument, which outputs a PID's IAB tuple too (if non-default).
Install *.so files as executable now that they are executable as binaries
A feature of 2.52 but not extended to install rules at that time.
Absorbed a lot of wisdom from a number of downstream package workarounds including wisdom from (Zhi Li and Arnout Vandecappelle and unknown others... Bugs 214023#c16, 214085)
Support make FORCELINKPAM=yes or make FORCELINKPAM=no for those packagers that feel strongly about not letting this be dynamically discovered at build time.
Fixed a compiler warnings from the GitHub build tester (Bug 214143)
Release notes for 2.53
The (C) cap_launch functionality was previously broken when launches failed (found and fixed by Samanta Navarro)
Added a test case for this too.
Lots of tyops fixed in code and documentation (also by Samanta Navarro)
Support distributions that aggressively link shared objects (reported by David Runge; Bug 214023)
These distributions failed to observe a runnable pam_cap.so and various make options failed.
Support clang builds (again). (Reported by Johan Herland 214047)
This used to work, but by accident. It broke with the advent of a runnable libcap.so , libpsx.so and pam_cap.so support. Fixed now, and added a build target to validate it still works at release time.
Minor documentation updates including one for Slavi Marinov who was trying to get cap.LaunchFunc() to work.
Worked up a couple of example modifications to goapps/web to demonstrate a different user per web query and enabling a custom chroot per web query.
Release notes for 2.52
Revived -std=c89 compilation for make all etc. (Bug 213541 reported by Byron Stanoszek.)
The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now runnable as standalone binaries!
The support is used to display some description information.
To activate it, these binaries need to be installed executable (chmod +x ...)
We also provided a write-up of how to enable this sort of feature in other .so files here.
The module pam_cap.so now contains support for a default=<IAB> module argument. (Bug 213611).
Enhanced capsh --suggest to also compare against the capability value names and not just their descriptions.
Added capsh --current support.
Minor documentation updates.
Added a contrib/sucap/su.c pure-capabilities PAM implementation of su.
This is primarily to demonstrate that such a thing is possible, and to validate that the pam_cap.so module is capable of adding any IAB tuple of inheritables per group or user.
At this time, it relies on features only present in this version of libcap and HEAD of the Linux-PAM sources for the pam_unix.so module.
Release notes for 2.51
Fix capsh installation (Bug 213261 - reported by Jan Palus)
Add an autoauth module flag to pam_cap.so (Bug 213279 - noted a feature request hidden in StackExchange)
Unified libcap/cap (Go) and libcap (C) default generation of external format binary data (Bug 213375 - addressing an issue raised by Mike Schilling)
This standard binary format should be forwards/backwards compatible with earlier libcap2 builds and libcap/cap packages
API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one capability flag to another.
This can be used to raise all the Permitted capabilities in a Set with one API call.
In tree build/run/test of Go packages now uses Go module vendoring (Bug 212453).
This is with an eye to the imminent golang change removing support for GOPATH based building.
Minor compilation warning fixes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Created lfs file
- Created rootfile but all entries commented out. If the use of userspace rcu becomes
something to be required as part of IPFire then the appropriate entries in the
rootfile can be uncommented in a future commit.
- Added liburcu to the make.sh file just before xfsprogs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 5.12.0 to 5.14.0
- Update of rootfile not required
- Build of xfsprogs now requires liburcu to be built. Added as separate commit.
- Changelog
xfsprogs-5.14.0 (19 Nov 2021)
- debian: Fix FTBFS (Boian Bonev)
- debian: Pass --build and --host to configure (Bastian Germann)
- debian: Update Uploaders list (Bastian Germann)
xfsprogs-5.14.0-rc1 (12 Nov 2021)
- xfsprogs: introduce liburcu support (Dave Chinner)
- xfsprogs: convert atomic to uatomic (Dave Chinner)
- xfsprogs: convert utilities to use "fallthrough;" (Darrick J. Wong)
- libxfs: port xfs_set_inode_alloc from kernel (Darrick J. Wong)
- mkfs: warn about V4 deprecation (Darrick J. Wong)
- xfs_db: convert agresv to use for_each_perag (Darrick J. Wong)
xfsprogs-5.13.0 (20 Aug 2021)
- No further changes
xfsprogs-5.13.0-rc1 (02 Aug 2021)
- mkfs: validate rtextsz hint when rtinherit is set (Darrick J. Wong)
- xfs_repair: invalidate dirhash when junking dirent (Darrick J. Wong)
- xfs_repair: validate inherited rtextsz hint alignmt (Darrick J. Wong)
- xfs_quota: allow truncate of grp & prj quota files (Darrick J. Wong)
- xfs_io: allow callers to dump fs stats individually (Darrick J. Wong)
- xfs_io: don't count fsmaps before querying fsmaps (Darrick J. Wong)
- xfs_io: print header once when dumping fsmap in csv (Darrick J. Wong)
- xfs_io: clean up the funshare command a bit (Darrick J. Wong)
- xfs_io: fix broken funshare_cmd usage (Darrick J. Wong)
xfsprogs-5.13.0-rc0 (01 Jul 2021)
- libxfs changes merged from kernel 5.13
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.5.1 to 1.5.2
- Update rootfile
- Changelog
Release 1.5.2
* pam_exec: implemented quiet_log option.
* pam_mkhomedir: added support of HOME_MODE and UMASK from /etc/login.defs.
* pam_timestamp: changed hmac algorithm to call openssl instead of the bundled
sha1 implementation if selected, added option to select
the hash algorithm to use with HMAC.
* Added pkgconfig files for provided libraries.
* Added --with-systemdunitdir configure option to specify systemd unit
directory.
* Added --with-misc-conv-bufsize configure option to specify the buffer size
in libpam_misc's misc_conv() function, raised the default value for this
parameter from 512 to 4096.
* Multiple minor bug fixes, portability fixes, documentation improvements,
and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 4.2.1 (2015) to 4.9 (2021)
- Update rootfile
- Update patch for suppression of groups installation
- Changelog
* Release 4.9
2021-07-22 Serge Hallyn <serge@hallyn.com>
* Updated translations (Björn Esser, Juergen Hoetzel)
* Major salt updates (Björn Esser)
* Various coverity and cleanup fixes (Iker Pedrosa)
* Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct)
* Implement NSS support for subids and a libsubid (Serge Hallyn)
* setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
* login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
* selinux fixes (Christian Göttsche)
* Fix path prefix path handling (Lucas Servén Marín)
* Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
* Treat an empty passwd field as invalid (Haelwenn Monnier)
* newxidmap: allow running under alternative gid (Martijn de Gouw)
* usermod: check that shell is executable (Geert Ijewski)
* Add yescript support (Rodolphe Bréard)
* useradd memleak fixes (whzhe)
* useradd: use built-in settings by default (Ludwig Nussel)
* getdefs: add foreign (non-shadow-utils) items (Karel Zak)
* buffer overflow fixes (Tobias Stoeckmann)
* Adding run-parts style for pre and post useradd/del (ed@s5h.net)
2020-01-23 Serge Hallyn <serge@hallyn.com>
* selinux: inclue stdio (Michael Vetter)
* man: don't suggest making groupmems user-writeable (Michael Weiser)
* Makefile: bail out on error in for loops (Wolfgang Bumiller)
* Adding logging of SSH_ORIGINAL_COMMAND to nologin. (ed@s5h.net)
* add new HOME_MODE login.defs option (Duncan Overbruck)
* Add tty logging to useradd (ed@s5h.net)
* Useradd: make non-executable shell check only a warning (Tomas Mraz)
* Update Dutch translation (Frans-Spiesschaert)
* user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz)
* Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean)
2019-12-20 Dave Reisner <dreisner@archlinux.org>
* Do not auto-enable acct_tools_setuid just because
pam is enabled. NOTE - any distros which are relying
on this behavior will need to switch to configure
--enable-account-tools-setuid
* Release 4.8
2019-12-01 Serge Hallyn <serge@hallyn.com>
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
* Release 4.7
2019-06-13 Serge Hallyn <serge@hallyn.com>
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
* Release 4.6
2018-04-29 Serge Hallyn <serge@hallyn.com>
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option
2017-07-16 Serge Hallyn <serge@hallyn.com>
* Import new Dutch translations.
2017-07-10 Serge Hallyn <serge@hallyn.com>
* Expand error codes for groupmod.
2017-05-17 Serge Hallyn <serge@hallyn.com>
* Release 4.5
2017-05-17 Serge Hallyn <serge@hallyn.com>
* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
preventing SIGTERM to su from being propagated to the job.
* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
* Merge Russian translation updates from Yuri Kozlov
* Fix missing close of subuid file on error
2017-02-23 Serge Hallyn <serge@hallyn.com>
* Merge patch by Tobias Stoeckmann <tobias@stoeckmann.org> to fix
the equivalent of util-linux CVE-2017-2616.
2017-02-08 Serge Hallyn <serge@hallyn.com>
* Update Kazakh translations
* Consult configuration before calculating subuids
* Remove misplaced semicolon
2017-01-29 Serge Hallyn <serge@hallyn.com>
* Patch from Fedora to improve performance with SSSD, Winbind,
or nss_ldap. (Tomas Mraz)
* Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer)
2016-12-21 Serge Hallyn <serge@hallyn.com>
* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
* Fix readability in usermod error messages.
* Reset user in tallylog
* Add audit support to su
* Changes since 4.4
2016-12-02 Serge Hallyn <serge@hallyn.com>
- Use sizeof rather than hardcoding snprintf args
- Fix useradd improper default loading
- Update Vietnamese translations
- Update Polish translations
- Remove non-POSIX chmod option in Makefile
- Fix suidubins assignments
- Fix --add-subuids etc spelling in manpages
- Audit homedir ownership change.
- Print error on selinux file context update failure
- Keep original file perms when creating a backup
* Changes since 4.2.1:
2016-12-02 Serge Hallyn <serge@hallyn.com>
- Documentation, error report and translations updates
- Replace path_max with 32
- User namespace support fixes/updates including:
- Correct sanity checks in newXidmap
- Fix building without subuid support
- Add /etc/subuid support for UID matching
- Support subuid for nonlocal users
- Default to 65536 subuid allocations
- Respect -r
- Check for range overflows
- Add tests from svn tree
- Use AC_CHECK_SIZEOF for uid_t size checks
- Accomodate missing /etc and login.defs
- Support FORCE_SHADOW
- Be more robust in hostile environment
- Allow removing a primary group
- Clear passwords on __pw_dup errors
- Memory leak fix in commonio_update and get_map_ranges
- Fix resource leak in syslog_sg
- Fix user busy error at userdel
- Support set/clear lastlog record via lastlog command
- Add --no-create-home as longopt for -M
- Fix signal races
- Reduce syslog priority of common usage events
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 7.79.1 to 7.80.0
- Update of rootfile
- Changelog is too long to include here.
This update fixes 172 bugs the details of which can be found in the CHANGES file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 0.185 to 0.186
- Update of rootfile
- find-dependencies with old libs did not report any issues
- Changelog
2021-11-10 Mark Wielaard <mark@klomp.org>
* configure.ac (AC_INIT): Set version to 0.186.
* NEWS: Add translation item.
2021-09-03 John Mellor-Crummey <johnmc@rice.edu>
* NEWS: Read inlining info in NVIDIA extended line map
2021-08-10 Adrian Ratiu <adrian.ratiu@collabora.com>
* configure.ac (AC_CACHE_CHECK): Rework std=gnu99 check to allow clang.
2021-08-20 Saleem Abdulrasool <abdulras@google.com>
* Add AC_CHECK_HEADERS for error.h and err.h.
2021-07-28 Mark Wielaard <mark@klomp.org>
* configure.ac (AC_CHECK_DECLS): Add reallocarray check.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 5.13 to 5.15
- Update of rootfile not required
- Changelog
Release version 5.15 Michal Kubecek
update UAPI header copies Michal Kubecek
netlink: settings: Correct duplicate condition Bastian Germann
Merge branch 'review/module-fixes-2-v2' Michal Kubecek
sff-8636: Remove extra blank lines Ido Schimmel
sff-8636: Convert if statement to switch-case Ido Schimmel
sff-8636: Fix incorrect function name Ido Schimmel
sff-8636: Remove incorrect comment Ido Schimmel
cmis: Correct comment Ido Schimmel
cmis: Fix wrong define name Ido Schimmel
cmis: Fix CLEI code parsing Ido Schimmel
Merge branch 'review/module-fixes' into master Michal Kubecek
netlink: eeprom: Fix compilation when pretty dump is disabled Ido Schimmel
ethtool: Fix compilation warning when pretty dump is disabled Ido Schimmel
netlink: eeprom: Fallback to IOCTL when a complete hex/raw dump is requested Ido Schimmel
cmis: Fix invalid memory access in IOCTL path Ido Schimmel
sff-8636: Fix parsing of Page 03h in IOCTL path Ido Schimmel
Merge branch 'next' into master Michal Kubecek
Release version 5.14 Michal Kubecek
netlink: settings: add netlink support for coalesce cqe mode parameter Yufeng Mo
pretty: update message descriptions for coalescing Michal Kubecek
netlink: settings: add two link extended substates of bad signal integrity Guangbin Huang
update UAPI header copies Michal Kubecek
pretty: add message descriptions for PHC virtual clocks Michal Kubecek
pretty: add message descriptions for FEC stats Michal Kubecek
pretty: reorder to match enum values Michal Kubecek
update UAPI header copies Michal Kubecek
cmdline: skip dummy args entry in find_option() Michal Kubecek
Merge branch 'review/nojson-fail' into master Michal Kubecek
ethtool: return error if command does not support --json Jakub Kicinski
ethtool: use dummy args[] entry for no-args case Jakub Kicinski
ethtool: remove questionable goto Jakub Kicinski
Remove trailing newline in perror messages Jules Maselbas
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.42 to 1.43
- Update of rootfile
- Changelog - full details can be found in the ChangeLog file in the source tarball
Noteworthy changes in version 1.43 (2021-11-03) [C32/A32/R1]
* Fix for building against GNU libc 2.34. [T5547]
* Fix build problems on macOS. [T5440,T5610]
* Fix gpgrt-config problems. [T5381,T5595]
* Fix gpgrt_free for legacy platforms. [448bf7b01cad]
* Fix truncation of error message in the middle of a character. [T5048]
* Fix the --disable-threads configure options. [T5495]
* Improve lock-obj generation for cross-builds [99ae862a96a5]
* Improve cross-builds. [T5365]
* Improve gpgrt_wait_processes. [T5381]
* Allow config files to read values from the Windows Registry and
from envvars. [b1790f4cc71f]
* Update the Russian and Czech translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 5.14.0 to 5.15.0
- Update of rootfile
- Changelog
v5.15.0 Stephen Hemminger
rdma: Fix SRQ resource tracking information json Neta Ostrovsky
man: devlink-port: fix pfnum for devlink port add Antoine Tenart
Merge branch 'managed-neighbor' into next David Ahern
ip, neigh: Add NTF_EXT_MANAGED support Daniel Borkmann
ip, neigh: Add missing NTF_USE support Daniel Borkmann
ip, neigh: Fix up spacing in netlink dump Daniel Borkmann
xfrm: enable to manage default policies Nicolas Dichtel
Merge branch 'rdma-optional-stats' into next David Ahern
uapi: pickup fix for xfrm ABI breakage Stephen Hemminger
iplink: enable to specify index when changing netns Nicolas Dichtel
Merge branch 'config-libdir' into next David Ahern
configure: add the --libdir option Andrea Claudi
configure: add the --prefix option Andrea Claudi
configure: support --param=value style Andrea Claudi
configure: simplify options parsing Andrea Claudi
configure: fix parsing issue with more than one value per option Andrea Claudi
configure: fix parsing issue on libbpf_dir option Andrea Claudi
configure: fix parsing issue on include_dir option Andrea Claudi
rdma: Add optional-counters set/unset support Neta Ostrovsky
rdma: Add stat "mode" support Neta Ostrovsky
rdma: Update uapi headers Neta Ostrovsky
Update kernel headers David Ahern
mptcp: cleanup include section. Stephen Hemminger
lib/bpf: fix map-in-map creation without prepopulation Paul Chaignon
man: devlink-port: remove extra .br Antoine Tenart
man: devlink-port: fix style Antoine Tenart
man: devlink-port: fix the devlink port add synopsis Antoine Tenart
Merge branch 'main' into next David Ahern
Merge branch 'ioam-encap-modes' into next David Ahern
Update documentation Justin Iurman
Add support for IOAM encap modes Justin Iurman
cmd: use spaces instead of tabs for usage indentation Frank Villaro-Dixon
ip: nexthop: keep cache netlink socket open Nikolay Aleksandrov
devlink: print maximum number of snapshots if available Jacob Keller
Update kernel headers David Ahern
mptcp: unbreak JSON endpoint list Davide Caratti
Merge branch 'nexthop-cache' into next David Ahern
ip: nexthop: add print_cache_nexthop which prints and manages the nh cache Nikolay Aleksandrov
ip: route: print and cache detailed nexthop information when requested Nikolay Aleksandrov
ip: nexthop: add a helper which retrieves and prints cached nh entry Nikolay Aleksandrov
ip: nexthop: add cache helpers Nikolay Aleksandrov
ip: nexthop: factor out ipnh_get_id rtnl talk into a helper Nikolay Aleksandrov
ip: nexthop: factor out print_nexthop's nh entry printing Nikolay Aleksandrov
ip: nexthop: parse attributes into nh entry structure before printing Nikolay Aleksandrov
ip: nexthop: add nh entry structure Nikolay Aleksandrov
ip: nexthop: split print_nh_res_group into parse and print parts Nikolay Aleksandrov
ip: nexthop: add resilient group structure Nikolay Aleksandrov
ip: export print_rta_gateway version which outputs prepared gateway string Nikolay Aleksandrov
ip: print_rta_if takes ifindex as device argument instead of attribute Nikolay Aleksandrov
Merge branch 'ax.25-netrom-rose' into next David Ahern
ROSE: Print decoded addresses rather than hex numbers. Ralf Baechle
ROSE: Add rose_ntop implementation. Ralf Baechle
NETROM: Print decoded addresses rather than hex numbers. Ralf Baechle
NETROM: Add netrom_ntop implementation. Ralf Baechle
AX.25: Print decoded addresses rather than hex numbers. Ralf Baechle
AX.25: Add ax25_ntop implementation. Ralf Baechle
lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists Andrea Claudi
tc/f_flower: fix port range parsing Puneet Sharma
lib: bpf_legacy: add prog name, load time, uid and btf id in prog info dump Gokul Sivakumar
Merge branch 'main' into next David Ahern
uapi: updates from 5.-rc1 Stephen Hemminger
ip: Support filter links/neighs with no master Lahav Schlesinger
man: ip-macsec: fix gcm-aes-256 formatting issue Lennert Buytenhek
Merge branch 'main' into next David Ahern
Merge branch 'bridge-mcast_router' into next David Ahern
bridge: vlan: add support for mcast_router option Nikolay Aleksandrov
bridge: vlan: set vlan option attributes while parsing Nikolay Aleksandrov
Update kernel headers David Ahern
ip: rewrite routel in python Stephen Hemminger
ip: remove routef script Stephen Hemminger
ip: remove ifcfg script Stephen Hemminger
ip: remove old rtpr script Stephen Hemminger
iptuntap: fix multi-queue flag display David Marchand
man: ip-link: remove double of Nikolay Aleksandrov
configure: restore backward compatibility Luca Boccassi
tree-wide: fix some typos found by Lintian Luca Boccassi
ip: remove leftovers from IPX and DECnet Stephen Hemminger
uapi: update headers from 5. merge Stephen Hemminger
ip/bond: add lacp active support Hangbin Liu
Update kernel headers David Ahern
ip/tunnel: always print all known attributes Ilya Dmitrichenko
ipioam6: use print_nl instead of print_null Justin Iurman
tc/skbmod: Introduce SKBMOD_F_ECN option Peilin Ye
IOAM man8 Justin Iurman
New IOAM6 encap type for routes Justin Iurman
Add, show, link, remove IOAM namespaces and schemas Justin Iurman
Import ioam6 uapi headers David Ahern
Update kernel headers David Ahern
ipneigh: add support to print brief output of neigh cache in tabular format Gokul Sivakumar
Merge branch 'bridge-vlan-global-mcast' into next David Ahern
bridge: vlan: add support for dumping router ports Nikolay Aleksandrov
bridge: vlan: add global mcast_querier option Nikolay Aleksandrov
bridge: vlan: add global mcast_startup_query_interval option Nikolay Aleksandrov
bridge: vlan: add global mcast_query_response_interval option Nikolay Aleksandrov
bridge: vlan: add global mcast_query_interval option Nikolay Aleksandrov
bridge: vlan: add global mcast_querier_interval option Nikolay Aleksandrov
bridge: vlan: add global mcast_membership_interval option Nikolay Aleksandrov
bridge: vlan: add global mcast_last_member_interval option Nikolay Aleksandrov
bridge: vlan: add global mcast_startup_query_count option Nikolay Aleksandrov
bridge: vlan: add global mcast_last_member_count option Nikolay Aleksandrov
bridge: vlan: add global mcast_mld_version option Nikolay Aleksandrov
bridge: vlan: add global mcast_igmp_version option Nikolay Aleksandrov
bridge: vlan: add global mcast_snooping option Nikolay Aleksandrov
bridge: vlan: add support to set global vlan options Nikolay Aleksandrov
bridge: vlan: add support for vlan filtering when dumping options Nikolay Aleksandrov
bridge: vlan: add support to show global vlan options Nikolay Aleksandrov
bridge: vlan: skip unknown attributes when printing options Nikolay Aleksandrov
bridge: vlan: factor out vlan option printing Nikolay Aleksandrov
ip: bridge: add support for mcast_vlan_snooping Nikolay Aleksandrov
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
sched_min_granularity_ns and sched_migration_cost_ns are not
available for sysctl anymore. They can only altered via debugfs
if scheduler debugging is enabled.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The warning point to a wiki page which is currently in construction.
This should give us the opportunity to add further information for
these users even if we do not provide updates anymore.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
this fix the 500 internal server error becuase this file
was not installed by the patch that add the wiki links.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.6.8:
Changes in version 0.4.6.8 - 2021-10-26
This version fixes several bugs from earlier versions of Tor. One
highlight is a fix on how we track DNS timeouts to report general
relay overload.
o Major bugfixes (relay, overload state):
- Relays report the general overload state for DNS timeout errors
only if X% of all DNS queries over Y seconds are errors. Before
that, it only took 1 timeout to report the overload state which
was just too low of a threshold. The X and Y values are 1% and 10
minutes respectively but they are also controlled by consensus
parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories for October 2021. Closes
ticket 40493.
o Minor features (testing):
- On a testing network, relays can now use the
TestingMinTimeToReportBandwidth option to change the smallest
amount of time over which they're willing to report their observed
maximum bandwidth. Previously, this was fixed at 1 day. For
safety, values under 2 hours are only supported on testing
networks. Part of a fix for ticket 40337.
- Relays on testing networks no longer rate-limit how frequently
they are willing to report new bandwidth measurements. Part of a
fix for ticket 40337.
- Relays on testing networks now report their observed bandwidths
immediately from startup. Previously, they waited until they had
been running for a full day. Closes ticket 40337.
o Minor bugfix (onion service):
- Do not flag an HSDir as non-running in case the descriptor upload
or fetch fails. An onion service closes pending directory
connections before uploading a new descriptor which can thus lead
to wrongly flagging many relays and thus affecting circuit building
path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
- Improve logging when a bad HS version is given. Fixes bug 40476;
bugfix on 0.4.6.1-alpha.
o Minor bugfix (CI, onion service):
- Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (compatibility):
- Fix compatibility with the most recent Libevent versions, which no
longer have an evdns_set_random_bytes() function. Because this
function has been a no-op since Libevent 2.0.4-alpha, it is safe
for us to just stop calling it. Fixes bug 40371; bugfix
on 0.2.1.7-alpha.
o Minor bugfixes (onion service, TROVE-2021-008):
- Only log v2 access attempts once total, in order to not pollute
the logs with warnings and to avoid recording the times on disk
when v2 access was attempted. Note that the onion address was
_never_ logged. This counts as a Low-severity security issue.
Fixes bug 40474; bugfix on 0.4.5.8.
Since we configure Tor to use libseccomp, the latter has been updated
for kernel 5.15 as well, hence we need to ship Tor either way.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Release annnouncement as per https://github.com/seccomp/libseccomp/releases/tag/v2.5.3:
Version 2.5.3 - November 5, 2021
Update the syscall table for Linux v5.15
Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
Document that seccomp_rule_add() may return -EACCES
Fix issues with test 11-basic-basic_errors on old kernels (API level < 5)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- jwhois being replaced with whois
- Removal of jwhois lfs, rootfile and assoicated patch files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- This whois client is being actively maintained. This version 5.5.10 was released on
June 6th 2021 and regular updates have been ocurring several times per year.
- This client has all of its default whois servers compiled into it. These can be seen
by reading the source files in the tarball.
- Therefore the whois.conf file is available for any additional servers that are decided
to be required but as provided is empty.
- Installed on a vm testbed and worked to identify the details of ip addresses. Selecting
an IP in the WUI logs screen also gets the ip information provided so it is working
well with the WUI.
Tested-by:Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
