This enables some DoS protection using SYNPROXY which will complete a
SYN handshake with the client before the connection is being forwarded.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This should never cause any problems, but will cause that certain more
complicated featured like SYNPROXY won't work.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The SSH daemon has been split into a listener and session daemon to have
a smaller attack vector since the listener does not need to implement
the SSH protocol.
In order to keep SSH working, we need to ship the session daemon, too.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 9.7p1 to 9.8p1
- Update of rootfile
- Changelog
9.8p1
-There is a fix for CVE-2024-6387
-The number of changes is too large to show all here. As well as the CVE fix and
another security related fix there are a log of bug fixes as well. The details can
seen at https://www.openssh.com/txt/release-9.8
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Excerpt from changelog:
"7.0.6 -- 2024-06-26
Security #7042: defrag: id reuse can lead to invalid reassembly (7.0.x backport)(CVE 2024-37151)
Security #7105: http2: oom from duplicate headers (7.0.x backport)
Security #7033: http/range: segv when http.memcap is reached (7.0.x backport)
Security #6988: modbus: txs without responses are never freed (7.0.x backport)
Bug #7107: packet: app-layer-events incorrectly used on recycled packets (7.0.x backport)
Bug #7064: util/radix-tree: Possible dereference of nullptr in case of unsuccess allocation of memory for node (7.0.x backport)
Bug #7063: smtp/mime: data command rejected by pipelining server does not reset data mode (7.0.x backport)
Bug #7060: smtp: split name logged as 2 names (7.0.x backport)
Bug #7050: af-packet: failure to start up on many threads plus high load (7.0.x backport)
Bug #7043: Crasher in HTTP chunked / StreamingBuffer (7.0.x backport)
Bug #7038: pcap/log: MacOS rotates file well before limit is reached (7.0.x backport)
Bug #7035: time: in offline mode, time can stay behind at pcap start (7.0.x backport)
Bug #7023: unix-socket: iface-bypassed-stat crash (7.0.x backport)
Bug #7021: unix-socket: hostbit commands don't properly release host (7.0.x backport)
Bug #7015: rust: build with rust 1.78 with slice::from_raw_parts now requiring the pointer to be non-null (7.0.x backport)
Bug #6990: tls.random buffers don't work as expected (7.0.x backport)
Bug #6986: iprep: rule with '=,0' can't match (7.0.x backport)
Bug #6975: detect: log relevant frames app-layer metdata (7.0.x backport)
Bug #6950: decode/ppp: decoder.event.ppp.wrong_type on valid packet (7.0.x backport)
Bug #6897: detect/port: upper boundary ports are not correctly handled (7.0.x backport)
Bug #6895: detect/port: port grouping does not happen correctly if gap between a single and range port (7.0.x backport)
Bug #6862: Lightweight rules profiling: crash when profiling ends (7.0.x backport)
Bug #6848: alerts: wrongly using tx id 0 when there is no tx (7.0.x backport)
Bug #6845: coverity: warning in port grouping code (7.0.x backport)
Bug #6844: detect/port: port ranges are incorrect when a port is single as well as a part of range (7.0.x backport)
Bug #6690: Ethernet src should match src ip (7.0.x backport)
Bug #6520: detect-engine/port: recursive DetectPortInsert calls are expensive (7.0.x backport)
Optimization #6830: detect/port: port grouping is quite slow in worst cases (7.0.x backport)
Optimization #6829: detect/port: PortGroupWhitelist fn takes a lot of processing time (7.0.x backport)
Feature #7010: JA4 support for TLS and QUIC (7.0.x backport)
Feature #6557: Capability to have rules profiling on pcap run (7.0.x backport)
Documentation #6910: userguide: document how to verify tar.gz signature (7.0.x backport)
Documentation #6687: docs: port userguide build instruction changes from master-6.0.x (7.0.x backport)
Documentation #6601: docs: update eBPF installation instructions (7.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://www.nano-editor.org/news.php
"2024 May 1 - GNU nano 8.0 "Grus grus"
By default ^F is bound to starting a forward search, and ^B to
starting a backward search, while M-F and M-B repeat the search
in the corresponding direction. (See the documentation if you
want the old bindings back.)
Command-line option --modernbindings (-/) makes ^Q quit, ^X cut,
^C copy, ^V paste, ^Z undo, ^Y redo, ^O open a file, ^W write a file,
^R replace, ^G find again, ^D find again backwards, ^A set the mark,
^T jump to a line, ^P show the position, and ^E execute.
Above modern bindings are activated also when the name of
nano's executable (or a symlink to it) starts with the letter "e".
To open a file at a certain line number, one can now use also
nano filename:number, besides nano +number filename.
<Alt+Home> and <Alt+End> put the cursor on the first and last
row in the viewport, while retaining the horizontal position.
When the three digits in an #RGB color code are all the same,
the code is mapped to the xterm grey scale, giving access to
fourteen levels of grey instead of just four.
For easier access, M-" is bound to placing/removing an anchor,
and M-' to jumping to the next anchor.
Whenever an error occurs, the keystroke buffer is cleared, thus
stopping the execution of a macro or a string bind.
The mousewheel scrolls the viewport instead of moving the cursor."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- The patch for this was created by Stefan Schantl
- Blocklist addition was discussed and agreed at IPFire dev conf call in June 2024.
- Tested on vm system.
- The combined list was removed because it is just the three others which can be selected
in the WUI to give the equivalent result.
Created-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- The standard email scripts supllied with apcupsd are coded on the basis that sendmail
is being used. The format of the email information in those scripts does not work with
the dma mail system implemented in IPFire.
- The scripts provided in the config/apcupsd directory have been updated to work with
dma. The scripts have been confirmed to work with my production system that is using
a UPS.
- This patch will replace the standard apcupsd scripts with the ones tailored for IPFire.
- If any existing users have modified their scripts to already work with dma then their
versions will be saved in their backup.
- The apcupsd-3.14.14-2.ipfire package created in the build with the above changes has
been installed on a vm system and confirmed to provide the IPFire tailored scripts.
- The lfs change is the addition of the copying of the scripts to the /etc/apcupsd
directory.
- No change to the rootfile as the scripts names are the same.
- The only thing a user will need to do is to ensure the IPFire email system is enabled,
configure and confirmed working. Then valid FROM and TO email addresses need to be
added to each script.
- Once this patch submission is accepted then I will do an update to the apcupsd IPFire
documentation page to describe these scripts and how to update the email addresses.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- tshark in the past had its own version of speexdsp used only for some "arbitrary
resampling code" used for the build of tshark.
- speexdsp has been removed from tshark so it is now a build requirement.
- It is only used for the build of tshark so the rootfile has all entries commented out.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 4.0.8 to 4.2.5
- Update of rootfile
- Version 4.2.5 requires asciidoctor to be built for tshark to build. Despite lots of
investigation and testing out various commands, tshark will not build if asciidoctor is
not present, even if the docs are not going to be used. It is only required for the
build
- To build asciidoctor ruby has to be installed. It is only required for the build of
asciidoctor
- tshark has previously had its own version of speexdsp built in. It is only used to
provide some "arbitrary resampling code" during the build and does not end up in the
running tshark system. Version 4.2.5 has removed the internal speexdsp code but it
is still a required dependency for building, so speexdsp also need to be installed but
only for the build stage.
- The associated patches with this one provide the build installation of ruby, asciidoctor
and speexdsp. With these installed tshark was able to be built.
- version 4.0.8 and 4.2.5 of tshark were tested out on a vm system with the command
"tshark -c 100 > tshark" and this wrote 100 packets from the vm red0 interface to a
text file. Both the old and new versions provided the same sort of result. To a first
level of testing this shows that the 4.2.5 version is functioning as the previous
version was.
- This version had an sobump so find-dependencies was run. All files linked to the three
libraries in tshark are all also in tshark. No other package is linked to.
- Changelog
There are 13 releases between 4.0.8 and 4.2.5 so the changelist is too large to
include here. Details can be found in the release notes for each version at
https://www.wireshark.org/docs/relnotes/
21 CVE vulnerabilities have been fixed that were identified in 7 of the 13 versions.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.5.5 to 1.5.6
- Update of rootfile
- Changelog
1.5.6 (Mar 2024)
api: Promote `ZSTD_c_targetCBlockSize` to Stable API by @felixhandte
api: new `ZSTD_d_maxBlockSize` experimental parameter, to reduce streaming decompression memory, by @terrelln
perf: improve performance of param `ZSTD_c_targetCBlockSize`, by @Cyan4973
perf: improved compression of arrays of integers at high compression, by @Cyan4973
lib: reduce binary size with selective built-time exclusion, by @felixhandte
lib: improved huffman speed on small data and linux kernel, by @terrelln
lib: accept dictionaries with partial literal tables, by @terrelln
lib: fix CCtx size estimation with external sequence producer, by @embg
lib: fix corner case decoder behaviors, by @Cyan4973 and @aimuz
lib: fix zdict prototype mismatch in static_only mode, by @ldv-alt
lib: fix several bugs in magicless-format decoding, by @embg
cli: add common compressed file types to `--exclude-compressed`` by @daniellerozenblit
cli: fix mixing `-c` and `-o` commands with `--rm`, by @Cyan4973
cli: fix erroneous exclusion of hidden files with `--output-dir-mirror` by @felixhandte
cli: improved time accuracy on BSD, by @felixhandte
cli: better errors on argument parsing, by @KapJI
tests: better compatibility with older versions of `grep`, by @Cyan4973
tests: lorem ipsum generator as default backup content, by @Cyan4973
build: cmake improvements by @terrelln, @sighingnow, @gjasny, @JohanMabille, @Saverio976, @gruenich, @teo-tsirpanis
build: bazel support, by @jondo2010
build: fix cross-compiling for AArch64 with lld by @jcelerier
build: fix Apple platform compatibility, by @nidhijaju
build: fix Visual 2012 and lower compatibility, by @Cyan4973
build: improve win32 support, by @DimitriPapadopoulos
build: better C90 compliance for zlibWrapper, by @emaste
port: make: fat binaries on macos, by @mredig
port: ARM64EC compatibility for Windows, by @dunhor
port: QNX support by @klausholstjacobsen
port: MSYS2 and Cygwin makefile installation and test support, by @QBos07
port: risc-v support validation in CI, by @Cyan4973
port: sparc64 support validation in CI, by @Cyan4973
port: AIX compatibility, by @likema
port: HP-UX compatibility, by @likema
doc: Improved specification accuracy, by @elasota
bug: Fix and deprecate ZSTD_generateSequences (#3981)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.1.2 to 2.1.5
- Update of rootfile not required
- Update of traceroute patch as the source tarball has version number specified in its
directory structure.
- Changelog
2.1.5
* Fix rfc5837 parsing (Francois Rigault)
2.1.4
* Parse interface information (rfc5837) for ICMP extensions
* Add `fastopen' tcp module option (cookie negotiation only)
* Complete tcp module option `mss' to discover possible mss clamping
along the path being traced (idea and testing from Francois Rigault).
The argument is optional now.
Changed mss is printed once in a form of `M=NUM' at the first probe
it was detected on. (Actually, the mss clamping performed by
some previous hop).
Note, some routers may return too short original fragment
in the time exceeded message, making the check impossible.
Besides that the responses may come in a different order.
All this can lead to a later place of the report
(using -N 1 can help for the order).
* Complete tcp module option `info' to print returned tcp header options too
(all those that can be set or altered by `-O' for tcp module).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.3a to 3.4
- Update of rootfile not required
- Changelog
3.4
* Add options keep-last and keep-group to destroy-unattached to keep the last
session whether in a group.
* Don't allow paste-buffer into dead panes.
* Add -t to source-file.
* Rewrite combined character handling to be more consistent and to support
newer Unicode combined characters.
* Add basic support for SIXEL if built with --enable-sixel.
* Add a session, pane and user mouse range types for the status line and add
format variables for mouse_status_line and mouse_status_range so they can be
associated with different commands in the key bindings.
* Add flag (-o) to next-prompt/previous-prompt to go to OSC 133 command output.
* Add options and flags for menu styles (menu-style, menu-border-style) similar
to those existing for popups.
* Add support for marking lines with a shell prompt based on the OSC 133 extension.
* Check for libterminfo for NetBSD.
* Add "us" to styles for underscore colour.
* Add flags (-c and -y) to change the confirm key and default behaviour of
confirm-before.
* Use ncurses' new tparm_s function (added in 6.4-20230424) instead of tparm so
it does not object to string arguments in c apabilities it doesn't already
know. Also ignore errors from tparm if using previous ncurses versions.
* Set default lock command to vlock on Linux if present at build time.
* Discard mouse sequences that have the right form but actually are invalid.
* Add support for spawning panes in separate cgroups with systemd and a
configure flag (--disable-cgroups) to turn off.
* Add a format (pane_unseen_changes) to show if there are unseen changes while
in a mode.
* Remove old buffer when renaming rather than complaining.
* Add an L modifier like P, W, S to loop over clients.
* Add -f to list-clients like the other list commands.
* Extend display-message to work for control clients.
* Add a flag to display-menu to select the manu item selected when the menu is
open.
* Have tmux recognise pasted text wrapped in bracket paste sequences, rather
than only forwarding them to the program inside.
* Have client return 1 if process is interrupted to an input pane.
* Query the client terminal for foreground and background colours and if OSC 10
or 11 is received but no colour has been set inside tmux, return the colour
from the first attached client.
* Add send-keys -K to handle keys directly as if typed (so look up in key
table).
* Process escape sequences in show-buffer.
* Add a -l flag to display-message to disable format expansion.
* Add paste-buffer-deleted notification and fix name of paste-buffer-changed.
* Do not attempt to connect to the socket as a client if systemd is active.
* Add scroll-top and scroll-bottom commands to scroll so cursor is at top or
bottom.
* Add a -T flag to capture-pane to stop at the last used cell instead of the
full width. Restore the previous behaviour by making it default to off unless
-J is used.
* Add message-line option to control where message and prompt go.
* Notification when a when a paste buffer is deleted.
* Add a Nobr terminfo(5) capability to tell tmux the terminal does not use bright
colours for bold.
* Change g and G to go to top and bottom in menus.
* Add a third state "all" to allow-passthrough to work even in invisible panes.
* Add support for OSC 8 hyperlinks.
* Store the time lines are scrolled into history and display in copy mode.
* Add a %config-error reply to control mode for configuration file errors since
reporting them in view mode is useless.
* A new feature flag (ignorefkeys) to ignore terminfo(5) function key
definitions for rxvt.
* Pass through first argument to OSC 52 (which clipboards to set) if the
application provides it.
* Expand arguments to send-keys, capture-pane, split-window, join-pane where it
makes sense to do so.
* Ignore named buffers when choosing a buffer if one is not specified by the user.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- lfs copies the required headers to the /usr/include directory.
- rootfile has all entries commented out as utfcpp is only required for the build.
- Added utfcpp into make.sh prior to taglib.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- decode and encode lines have now been integrated into the cleanhtml subroutine in
header.pl so that all uses of cleanhtml will be able to handle diacritical characters
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- existing cleanhtml command does not handle diacritical charcters such as umlauts, acute,
grave and circumflex accents.
- In bug 12395 the problem was resolved by adding decode before and encode after the
cleanhtml command in dns.cgi
- Suggestion from @Michael Tremer was to add the decode and encode sections into the
actual cleanhtml subroutine in header.pl
- This patch submission is the execution of that suggestion.
- This will ensure that whenever cleanhtml is used for any remark in a WUI page it will
handle diacritical charcters.
- Tested out on my vm testbed system and confirmed to be working when cleanhtml has the
encode and decode lines.
- Combined with this patch is another one that changes the dns.cgi to remove the decode
and encode entries added into the cgi code.
Suggested-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will avoid outgoing IPsec traffic being dropped by IPFire itself,
if the default firewall behavior for outgoing traffic is set to
"blocked", and no appropriate rules have been manually configured in the
web interface.
To ensure configured IPsec tunnels will always work flawlessly,
regardless of the firewall default policy and any manually created
firewall rules, create and delete outgoing iptables rules accordingly
when bringing an IPsec connection up or down.
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
According to the Linux kernel documentation, enabling BPF_UNPRIV_DEFAULT_OFF
(which was done in 69dde418f1) will cause
the sysctl kernel.unprivileged_bpf_disabled to default to 2. This
prohibits calls to bpf() from unprivileged users by default, but allows
for such calls to be allowed again during runtime, by setting
kernel.unprivileged_bpf_disabled to 0.
There is no legitimate reason why this should be possible on IPFire,
which is why this patch sets kernel.unprivileged_bpf_disabled to 1
during startup, causing the same effect as 2, but without any option to
revert this setting during runtime. This fixes a Lynis warning.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
>From https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes:
Changes in version 0.4.8.12 - 2024-06-06
This is a minor release with couple bugfixes affecting conflux and logging.
We also have the return of faravahar directory authority with new keys and
address.
o Minor feature (dirauth):
- Add back faravahar with a new address and new keys. Closes 40689.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 06, 2024.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2024/06/06.
o Minor bugfix (circuit):
- Remove a log_warn being triggered by a protocol violation that
already emits a protocol warning log. Fixes bug 40932; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (conflux):
- Avoid a potential hard assert (crash) when sending a cell on a
Conflux set. Fixes bug 40921; bugfix on 0.4.8.1-alpha.
- Make sure we don't process a closed circuit when packaging data.
This lead to a non fatal BUG() spamming logs. Fixes bug 40908;
bugfix on 0.4.8.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is required to configure a user FQDN which some VPN peers might
send.
This patch also allows setting a key ID using @#.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- When ppp was updated from version 2.5.0 to e1266c7 I missed that a new configure option
was introduced. This is --with-runtime-dir=DIR.
- If this option is used then the run time directory for the pid files is defined by that
DIR entry. If the option is not used then the pid directory is fixed as /var/run/pppd/
- Even if the --runstatedir=DIR option is used then it is ignored if the
--with-runtime-dir=DIR option is used or not used even though both effectively deal
with the same aspect.
- Some users in the forum had noticed that they had log messages saying that pid files
could not be created because the files or directories did not exist. The pid files
were being tried to be stored in /var/run/pppd/ but the pppd directory did not exist.
- This patch submission adds the --with-runtime-dir=/var/run option to the ppp configure
command. This basically makes ppp act the same as it used to do previously with version
2.5.0 and earlier.
- Changing IPFire to use /var/run/pppd/ is not a good idea as then there are several
locations in IPFire that specify the pid directory location to /var/run/ as hard coded
path. All of these locations would need to be identified and changed.
- Leaving IPFire to use /var/run means that only the ppp configure command needs to be
modified.
- I hope that @adamgibbo and @markadewwet will be able to test out this change in CU187
Testing when it is accepted. Those two users have got the pid error messages.
- Even if the ppp pid file can not be stored ppp will still successfully start. However
the likelihood is that stoppinf ppp will not work as would be expected. This patch
ensures that ppp will be able to store its pid files asa required whyen starting up.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.23.5 to 3.23.12
- Update of rootfile
- Changelog
3.23.12
Added support for the following new Printers:
HP OfficeJet Pro 9130b series
HP OfficeJet Pro 9120b series
HP OfficeJet Pro 9110b series
HP Color LaserJet Enterprise Flow MFP X58045z
HP Color LaserJet Enterprise Flow MFP X58045zs
HP Color LaserJet Enterprise MFP X58045dn
HP Color LaserJet Enterprise MFP X58045
HP LaserJet Pro P1106 plus
HP LaserJet Pro P1108 plus
3.23.8
Added support for following new Distro's:
OpenSuse 15.5
Fedora 38
Ubuntu 23.04
Added support for the following new Printers:
HP Color LaserJet Pro MFP 4301dwe
HP Color LaserJet Pro MFP 4301fdne
HP Color LaserJet Pro MFP 4301fdwe
HP Color LaserJet Pro MFP 4301cdwe
HP Color LaserJet Pro MFP 4301cfdne
HP Color LaserJet Pro MFP 4301cfdwe
HP Color LaserJet Pro MFP 4302dwe
HP Color LaserJet Pro MFP 4302fdne
HP Color LaserJet Pro MFP 4302fdwe
HP Color LaserJet Pro MFP 4302cdwe
HP Color LaserJet Pro MFP 4302fdn
HP Color LaserJet Pro MFP 4302fdw
HP Color LaserJet Pro MFP 4303dw
HP Color LaserJet Pro MFP 4303fdn
HP Color LaserJet Pro MFP 4303fdw
HP Color LaserJet Pro MFP 4303cdw
HP Color LaserJet Pro MFP 4303cfdn
HP Color LaserJet Pro MFP 4303cfdw
HP Color LaserJet Pro 4201dne
HP Color LaserJet Pro 4201dwe
HP Color LaserJet Pro 4201cdne
HP Color LaserJet Pro 4201cdwe
HP Color LaserJet Pro 4202dne
HP Color LaserJet Pro 4202dwe
HP Color LaserJet Pro 4202dn
HP Color LaserJet Pro 4202dw
HP Color LaserJet Pro 4203dn
HP Color LaserJet Pro 4203dw
HP Color LaserJet Pro 4203cdn
HP Color LaserJet Pro 4203cdw
HP DeskJet 2800 All-in-One Printer series
HP DeskJet 2800e All-in-One Printer series
HP DeskJet Ink Advantage 2800 All-in-One Printer series
HP DeskJet 4200 All-in-One Printer series
HP DeskJet 4200e All-in-One Printer series
HP DeskJet Ink Advantage 4200 All-in-One Printer series
HP DeskJet Ink Advantage Ultra 4900 All-in-One Printer series
Known issues:
1. USB print feature is not working properly with FW version 6.17.X.X for
HP Color LaserJet Pro MFP 4303 devices
2. An I/O error is observed when attempting to add a HP Color LaserJet
Pro MFP 4303series device via wireless option.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
