with kernel 5.10 dhcpcd hung at shutdown if red was a wireless client
becuase there was two running instances. This change repeat the
dcpcd -k call.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This reverts commit 86beff5f75.
This patch breaks reading statistics on systems running a 4.14 kernel.
It seems like it is not dependant on the kernel, though.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This also moves existing patches into their applications' directory
within ~/src/patches/, if already existant.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This patch represents the first batch of various patches we do not use
anymore, hence there is no sense in keeping them, polluting ~/src/patches/.
Two coreutils patches have been moved into the already existing
coreutils folder, while one libloc patch has been a duplicate to that
one already existing in ~/src/patches/libloc/.
Cleaning up this dump remains a non-exhaustive attempt, though. There
are several other patches I could not locate in LFS files in the first
place, which means that the amount of files we can drop from this
directory is likely to be greater than this patch currently covers.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.49 to 2.50
- Update rootfile
- Version 2.50 failed to install capsh - bug raised for this
https://bugzilla.kernel.org/show_bug.cgi?id=213261
patch to fix this bug created and used in this build
- Changelog
Release notes for 2.50
2021-05-24 12:05:16 -0700
Some new capsh features:
--explain=cap_foo: describe what cap_foo does (Bug 212451)
--suggest=phrase: search all the cap descriptions and describe those that match the phrase
Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics.
this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin.
Add a test case for recent kernel fix (Bug 212737)
Go pragma fix for convenience functions in "cap" module (reported by Lorenz Bauer. Bug 212321)
Minor man documentation updates
Minor build tree improvements (mostly for maintainer)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch represents the first batch of various patches we do not use
anymore, hence there is no sense in keeping them, polluting ~/src/patches/.
Two coreutils patches have been moved into the already existing
coreutils folder, while one libloc patch has been a duplicate to that
one already existing in ~/src/patches/libloc/.
Cleaning up this dump remains a non-exhaustive attempt, though. There
are several other patches I could not locate in LFS files in the first
place, which means that the amount of files we can drop from this
directory is likely to be greater than this patch currently covers.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package seems to be unmaintained for at least five years. It's
(former?) upstream traces back to https://section5.ch/index.php/2011/01/13/dpf-hacking/,
but download links to both dpfhack and a patched version of lcd4linux
point to http://localhost/.
http://tech.section5.ch/files/dpfhack-0.1alpha.tgz still serves
something apparently related to dpfhack, but it is unclear whether that
is a previous version than the "0.12devel" we know about, or a
successor. https://tech.section5.ch/files/dpfhack-0.1alpha.tgz, just to
have it noticed, comes with a X.509 certificate not issued for this
FQDN.
dpfhack is solely needed as a dependancy for lcd4linux, which appears to
be unmaintained as well, hence being dropped in a dedicated patch.
Given the status quo, bugs in dpfhack cannot be reported properly,
security issues won't be addressed (by anybody else then ourselves), and
technical questions cannot be clarified aside a reverse engineering
approach.
We should not allow such an add-on to be installed on a firewall system.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not received any updates or attention within the last
three years. It's sole known upstream URL (https://ssl.bulix.org/projects/lcd4linux/)
returns a HTTP error 404 nowadays, and the author was unable to locate
any upstream source that appears to be still maintained today.
Given the status quo, bugs in lcd4linux cannot be reported properly,
security issues won't be addressed (by anybody else then ourselves), and
technical questions cannot be clarified aside a reverse engineering
approach.
We should not allow such an add-on to be installed on a firewall system.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Notable changes as per https://git.savannah.gnu.org/cgit/dmidecode.git/plain/NEWS:
Version 3.3 (Wed Oct 14 2020)
- [BUILD] Allow overriding build settings from the environment.
- [COMPATIBILITY] Document how the UUID fields are interpreted.
- [PORTABILITY] Don't use memcpy on /dev/mem on arm64.
- [PORTABILITY] Only scan /dev/mem for entry point on x86.
- Support for SMBIOS 3.3.0. This includes new processor names, new port
connector types, and new memory device form factors, types and
technologies.
- Add bios-revision, firmware-revision and system-sku-number to -s option.
- Use the most appropriate unit for cache size.
- Decode system slot base bus width and peers.
- Important bug fixes:
Fix Redfish Hostname print length
Fix formatting of TPM table output
Fix System Slot Information for PCIe SSD
Don't choke on invalid processor voltage
- Use the most appropriate unit for cache size.
Version 3.2 (Wed Sep 14 2018)
- [COMPATIBILITY] The UUID is now displayed using lowercase letters, per
RFC 4122 (#53569). You must ensure that any code parsing it is
case-insensitive.
- Support for SMBIOS 3.2.0. This includes new processor names, new socket
and port connector types, new system slot state and property, and support
for non-volatile memory (NVDIMM).
- Support for Redfish management controllers.
- A new command line option to query a specific structure by its handle.
- A new command line option to query the system family string.
- Support for 3 ThinkPad-specific structures (patch #9642).
- Support for HPE's new company name.
- Support UEFI on FreeBSD.
- Important bug fixes:
Fix firmware version of TPM device
Fix the HPE UEFI feature flag check
- (biosdecode) A new command line option to fully decode PIR information
(support request #109339).
This patch also features two new patches recommended by upstream, whose
online version can be retrieved at
https://git.savannah.gnu.org/cgit/dmidecode.git/commit/?id=1117390ccd9cea139638db6f460bb6de70e28f94https://git.savannah.gnu.org/cgit/dmidecode.git/commit/?id=11e134e54d15e67a64c39a623f492a28df922517.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Relevant excerpt from Changelog as per
https://savannah.gnu.org/forum/forum.php?forum_id=9339:
NEWS
* Noteworthy changes in release 1.10 (2018-12-29) [stable]
** Changes in behavior
Compressed gzip output no longer contains the current time as a
timestamp when the input is not a regular file. Instead, the output
contains a null (zero) timestamp. This makes gzip's behavior more
reproducible when used as part of a pipeline. (As a reminder, even
regular files will use null timestamps after the year 2106, due to a
limitation in the gzip format.)
** Bug fixes
A use of uninitialized memory on some malformed inputs has been fixed.
[bug present since the beginning]
A few theoretical race conditions in signal handers have been fixed.
These bugs most likely do not happen on practical platforms.
[bugs present since the beginning]
In addition, gzip 1.10 comes with the GNU library patch applied, so
there is no need to carry this file around any more.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
start, restart and reload will now be prohibited if the configuration
file has an incorrect syntax. This avoids killing a running daemon and
is showing an indication to the user instead of having the daemon dying
silently in the background.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When pakfire gets launched a check if a so called lockfile exists and
the process will be aborted, otherwise the file will be created which
prevents any other pakfire instance to perform any operations until the
first process gets finished and the lock will be released again.
Because the release of the lock is located in an END block, the lock
also will be released in case the pakfire process gets interuped or
gains an error.
This prevents from an lock loop and an unuseable pakfire.
Reference: #12621.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Since I only ran "find . -type f -name ...", I missed mostly directories
containing configuration and initscripts of recently dropped add-ons and
packages.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
These include rootfiles, firewall menue entries that have been
unmaintained for a long time, and firewall chains which were never used
in recent time.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.3.11 to 2.4.0
- Update of rootfile not required
- Update of patches as the source code is different enough that the
patches failed to work.
- Changelog has information on changes for version 2.4.0. Prior version
information is for 2.3.3 from 2012. All intervening versions have no
changelog information available.
Version 2.4.0
- Update translations.
- Useragent report is produced if information is available.
- Don't abort if DNS resolution is failing to resolve a host IP address.
- xz compressed log files are supported.
- Compressed redirector logs are now supported.
- Filter converted and split logs using -t command line option.
- Add many new buffer overflow checks.
- Use random temporary directory name by default.
- Many bug fixed.
- Many new features added.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- What is it?
pmacct is a monitoring tool for network management tasks. Data collected
can be used for analysis and troubleshooting purposes to maintain the
health of the network. pmacct can collect, replicate and export network
information. It can cache in memory tables, store persistently to SQLite3
and output to flat-files like CSV, formatted, and JSON.
- Why is it needed?
To monitor data usage (IP-based or MAC-based data accounting) down to the
client level. Net-Traffic will monitor traffic for the entire RED, GREEN,
etc. networks, but it cannot pinpoint which client is using lots of data.
Connections will take a snapshot but not show day by day sums. pmacct can
help admins keep tabs on users that use too much data.
- What are the use cases?
An ISP may implement data caps and if the limit is over-run then you have
to pay for every additional xxGB of data used. Typical charges can be
around $10 per 50GB. With pmacct you can identify the high users and take
action, hopefully before the limit is breached.
- This is being introduced as a command line only tool. However, at a later
date, if it is useful to enough additional users a WUI page could be
developed as discussed in the development mailing list
https://lists.ipfire.org/pipermail/development/2021-January/009174.html
- Changes in V2 version
- Initscript is using IPFire template and installed with IPFire method.
- All other daemons except pmacct and pmacctd have been removed from the install.
- Example conf files have been removed from /etc/pmacct
Both example conf files are described in the pmacct wiki draft.
Tested-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- v2 version has updated rootfile. One line was accidentally missed out of
original patch submission.
- Change from building with python2 to python3
- iotop setup.py used "itervalues" which is no longer used by python3
In python3 this has been changed to "values". Patch created to update
this in the source tarball setup.py
- Update lfs file with patch application and use of python3
- Update of rootfile
- Installed updated version into vm testbed and iotop confirmed working
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 6.3.26 (2013-04-23) to 6.4.19 (2021-04-24)
- Update rootfile
- Delete fetchmail-6.3.26-permit-build-without-ssl3.patch as it is not
needed with version 6.4.19
- Added command to use python3 to lfs
- Changelog is too large to include here
Full details can be found in NEWS file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Return output of iptables directly instead of writing it to files.
* Make iptables wait for 5s if xtables is locked by another iptables
process. (--wait 5 argument)
* Add optional parameter "-x" to have iptables report exact numbers.
* Add optional parameter "-f" to display the filter table (default).
* Add optional parameter "-n" to display the nat table.
* Add optional parameter "-m" to display the mangle table.
* Adapt iptables.cgi and guardian.cgi to catch getipstat output
instead of reading temp-files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- v2 patch version has required libraries not commented
- v2 patch version has lua.pc file commented out in the rootfile
pkgconfig file is only required for build or development and not
for normal running of IPFire
- v2 patch version has make linux changed to make all
INSTALL_TOP is required - default is /usr/local
INSTALL_DATA is required - default results in an empty rootfile
TO_LIB is required - default results in only lua.a in rootfile
- v2 patch version includes PAK_VER updates for dnsdist and haproxy due to
sobump. These packages showed up as dependencies to the old lua library
ncat was also linked but already had a PAK_VER change due to a package
upgrade and so no longer showed up in the find-dependencies scan
- Update from 5.3.5 to 5.4.3
- Autotoolize patch not update since 5.3 series
Based on input from Michael Tremer implemented build approach
from BLFS. This approach also used by Arch Linux. Updated lfs in
line with approach. Added pkgconfig file lua.pc as used in BLFS.
- Update of shared_library patch obtained from BLFS
- Update of rootfile
- Removal of old lua-5.3.5 patches
- Changelog
Main changes
new generational mode for garbage collection
to-be-closed variables
const variables
userdata can have multiple user values
new implementation for math.random
warning system
debug information about function arguments and returns
new semantics for the integer 'for' loop
optional 'init' argument to 'string.gmatch'
new functions 'lua_resetthread' and 'coroutine.close'
string-to-number coercions moved to the string library
allocation function allowed to fail when shrinking a memory block
new format '%p' in 'string.format'
utf8 library accepts codepoints up to 2^31
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
With wireless device as members in bridges, we cannot predict the name
very well. So we will use the MAC address and find the correct device
name when we launch hostapd.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.54.3 to 2.68.1
- Update rootfile
- glib-2.54.3-compile-fixes-1.patch not required, all changes now
incorporated in the source tarball
- meson/ninja have replaced autotools
- As so's updated ran find-dependencies
No additional programs flagged up
- Changelog is too large to include here
Full details can be viewed in the NEWS file in the source tarball
Large number of bugs fixed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
