- Due to the update of openssh to version 9.8 in CU187, logwatch no longer found the sshd
login data from the messages log as the daemon was changed to sshd-session.
- Therefore the daily logwatch files were missing the sshd information in them.
- A patch to add support for openssh-9.8 sshd-session and port info has been merged into
the logwatch git system and will be included into the next released version of logwatch
- Update logwatch from version 7.8 to 7.11 and add patch for openssh-9.8 support.
- Update the previous three logwatch patches for version 7.11
- Tested on my vm testbed. Confirmed that logwatch now includes back the sshd information
into the Log Summary page.
- When logwatch is updated to version 7.12 then the openssh-9.8 support patch will be able
to be removed.
Fixes: bug13762
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- With the update of openssh to version 9.8 in CU187 the daemon was changed from sshd to
sshd-session. Therefore the log.dat no longer finds any info related to the logins.
- This updates the section regex to look for both sshd and sshd-session.
- Tested out on my vm system and confirmed to work.
- This fix will make available all previous log info for sshd-session in the messages log
as it continued to be stored, just could not be read by the WUI system log.
Fixes: bug13762
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.11.1 to 1.12.1
- Update of rootfile not required
- Changelog
1.12.1
Bugfixes:
Screen updates extremely slow on Windows #2435
Dry run error if the build directory does not exist #2431
New critical path scheduler performance improvements #2443
1.12.0
Critical path scheduler which orders the jobs by their runtime history #2177
This may break your build if you haven't specified your dependencies
correctly.
Resiliency against inputs changing during the build #1943
Reliable ETA and progress percentage in status #1963
Support for path lengths over 260 characters on Windows #1900
ARM binaries are now available for Windows and Linux, too
Several bugfixes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.26.1 to 1.26.2
- Update of rootfile not required
- CVE Fix in this version
- Changelog
1.26.2
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash
(CVE-2024-7347).
Thanks to Nils Bars.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.9 to 3.10
- Update of rootfile
- Changelog
3.10
This is a maintenance release, including a few each of bug
fixes, new features and optimizations.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.9 and libhogweed.so.6.9, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Add missing hash functions sha512_224 and sha512_256 to the
nettle_get_hashes() list. The name values in the
corresponding nettle_hash structs also changed to use
underscore instead of dash, for consistency.
* Fix a few cases of formally undefined calls to memcpy(dst,
NULL, 0), resulting from valid calls to, e.g.,
sha256_update(ctx, 0, NULL).
New features:
* Support RSA-OAEP encryption. Contributed by Nicolas Mora and
Daiki Ueno.
* New function sha3_256_shake_output, new functions
sha3_128_init, sha3_128_update, sha3_128_shake,
sha3_128_shake_output. Contributed by Daiki Ueno.
* Added DRBG-CTR with AES256, contributed by Simon Josefsson.
Optimizations:
* New combined gcm-aes assembly for powerpc64, contributed by
Danny Tsen.
* New sha256 assembly for powerpc64, contributed by Eric
Richter.
* Improved performance for powerpc64 AES decrypt, by skipping
subkey transformations that don't suit the vncipher
instructions.
* Add arm64 CPU feature detection for Android and for Apple systems,
contributed by Foolbar and Tim Kosse, prespectively.
Miscellaneous:
* New tests for side-channel silence, based on valgrind.
* Delete all md5 assembly code. Delete all sparc32 assembly code.
3.9.1
This is a bugfix release, fixing a few bugs reported for
Nettle-3.9. The bug in the new OCB code may be exploitable for
denial of service or worse, since triggering it leads to
memory corruption. Upgrading from Nettle-3.9 to the new
version is strongly recommended.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.8 and libhogweed.so.6.8, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fix OCB loop for processing messages of size 272 bytes or
larger. Reported and fixed by Jussi Kivilinna.
* Fix alignment bug in the new x86_64 non-pclmul assembly
implementation of ghash. Reported by Henrik Grubbström.
* Fix build-time memory leak in eccdata. Reported by Noah
Watkins.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.2.5 to 3.2.8
- Update of rootfile not required
- Changelog
3.2.8
* UPD: Bump bundled WolfSSL library to stable version 5.7.2, GitHub #1433
Resolves CVE-2024-1544, CVE-2024-5288, CVE-2024-5991, CVE-2024-5814
* UPD: Revert local modifications to the bundled WolfSSL library, GitHub #1432
* FIX: Enable building against a shared WolfSSL 5.7.2 library, GitHub #1421
* FIX: meson: Do not define rpath with a linker argument, GitHub #1443
3.2.7
* NEW: meson: Ability to control the run-time linker path config file,
GitHub #1396
New boolean Meson option: `-Dwith-ldsoconf'
When set to false, do not create /etc/ld.so.conf.d/libatalk.conf
* BREAKING: meson: Enable rpath by default, while disabling ldsoconf
by default, GitHub #1417
* FIX: meson: Allow ldconfig to run unprivileged during setup, GitHub #1407
* FIX: docker: Add entry script step to clean up any residual lock file,
GitHub #1412
* NEW: docker: Ship a docker-compose.yml sample file, GitHub #1414
* NEW: docker: Check for AFP_USER and AFP_PASS when launching container,
GitHub #1415
3.2.6
* BREAKING: meson: Refresh the dynamic linker cache when installing on Linux,
GitHub #1386
This fixes the issue of the libatalk.so shared library not being found
when configuring with a non-standard library path, e.g. /usr/local/lib .
New Meson option `-Dwith-install-hooks' controls this behavior,
allowing you to disable the install hook in non-privileged environments.
On Linux systems with glibc, we now install the following config file:
/etc/ld.so.conf.d/libatalk.conf
* BREAKING: meson: Introduce option to control which manual l10n to build,
GitHub #1390
New Meson option `-Dwith-manual-l10n' default to empty, can be set to
`ja' to build the Japanese localization of the html manual.
This changes the default behavior of the build system
to not build the Japanese html manual by default.
* BREAKING: meson: Install htmldocs into htmldocs subdir, GitHub #1391
Previously, the html manual files were installed into the root
of the netatalk doc directory. Now they are put under netatalk/htmldocs .
* BREAKING: meson: Use modern linker flag for rpath, remove dtags override,
GitHub #1384
When configuring with `-Dwith-rpath=true' the linker flags
`-Wl,-rpath,' will be prepended instead of the old `-R' flag.
On Linux platforms, we no longer prepend `-Wl,--enable-new-dtags',
either.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.03.23 to 2.03.26
- Update of rootfile not required
- Changelog
2.03.26
Fix internal error reported by pvmove on a VG with single PV.
Also accept --mknodes --refresh for vgscan.
Fix vgmknodes --refresh to wait for udev before checking /dev content.
Use log/report_command_log=1 config setting by default for JSON output format.
Fix unreleased memory pools on RAID lvextend.
Add --integritysettings option to manipuilate dm-integrity settings.
2.03.25
Utilize more radix_tree instead of dm_hash and btree.
Refactor DM uuid caching from device_mapper directory.
Enhance checking for DM uuid device.
Fix lvm shell command completion on tab key (2.03.24).
Avoid lockd_vg call to lvmlockd for local VGs.
Allow forced change of locktype from none.
Handle OPTIONS defined in /etc/sysconfig/lvmlockd.
2.03.24
Lvconvert supports VDO options for thin-pool with vdo conversion.
Improve placement to .data.rel.ro and .rodata sections.
Fix support for -y and -W when creating thinpool with vdo.
Bettter support for runtime valgrind detection.
Allow command interruption when communicating with dmeventd.
Fix resize of VDO volume used for thin pool data volume.
Use -Wl,-z,now and -Wl,--as-needed for compilation by default.
Require 3.7 as minimal version for sanlock.
Share code for closing opened desriptors on program startup.
Fix memleak in lvmcache.
Add configure --with-default-event-activation=ON setting.
Fix return value from reporter function when hitting internal error.
Skip checking of pools for lvremove and vgremove commands.
VDO modprobes dm-vdo for 6.9 kernel and kvdo for older kernel version.
Fix lvs reporting for VDO volumes with new upstream kernel driver.
Don't import DM_UDEV_DISABLE_OTHER_RULES_FLAG in LVM rules, DM rules cover it.
Fix table line generation for cache snapshots using cachevol.
Enhance lvconvert support for external origins stacking.
When swapping LV names also swap properties like hostname, time and data.
Fix removal of stacked external origins.
Lock filesystem when converting volume to read-only external origin.
Support external origin between different thin-pool.
Improve validation of acceptable volumes for external origins.
Reduce amount of preloaded devices for complex device trees.
Avoid logging problems from monitoring snapshots with inactive origins.
Check for cache policy module presence in kernel's builtin modules file.
Add configure --with-modulesdir to select kernel modules directory.
Support creation of thin-pool with VDO use for its data volume.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.21.0 to 3.22.0
- Update for rootfile not required
- autogen.sh step not required as configure file has been available in source tarball
since version 3.10.0 in 2016
- xz version of logrotate available so changed to that.
- Changelog
3.22.0
- fix calculations for time differences (#516)
- fix extension for zip compression (#545)
- fix omitted copy for logs with `mail` and `rotate 0` (#553)
- fix wrongly skipping copy with `copytruncate` and `compress` (#553)
- fix ambiguities between `mode`, `UID` and `GID` parsing when not specifying all options (#575)
- fix hang when encountering a named pipe (#607)
- on prerotate failure logs are preserved instead of rotated (#506)
- in case a configuration file was skipped due to unsafe permissions the
exit status after rotattion will be `1` (#508)
- the state is no longer written to non-regular files (#529)
- the systemd timer now correctly utilizes load distribution (#574)
- add dateformat specifier `%z` for timezone offsets (#594)
- change default mode for created `olddir` directories to `0755` (#560)
- support quoted user and group names in `su`, `create`, and `createolddir` (#575)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 0.9.31 to 0.9.33
- Update of rootfile not required
- Changelog
0.9.33
ITS#9037 mdb_page_search: fix error code when DBI record is missing
ITS#10198 For win32, stop passing ignored parameter
ITS#10212 Fix meta page usage by read only tools
0.9.32
ITS#9378 - Add ability to replay log and replay log tool
ITS#10095 - partial revert of ITS#9278. The patch was incorrect and introduced numerous race conditions.
ITS#10125 - mdb_load: fix cursor reinit in Append mode
ITS#10137 - Allow users to define MDB_IDL_LOGN
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.6.42 to 1.6.44
- Update of rootfile
- Changelog
1.6.44
Hardened calculations in chroma handling to prevent overflows, and
relaxed a constraint in cHRM validation to accomodate the standard
ACES AP1 set of color primaries.
(Contributed by John Bowler)
Removed the ASM implementation of ARM Neon optimizations and updated
the build accordingly. Only the remaining C implementation shall be
used from now on, thus ensuring the support of the PAC/BTI security
features on ARM64.
(Contributed by Ross Burton and John Bowler)
Fixed the pickup of the PNG_HARDWARE_OPTIMIZATIONS option in the
CMake build on FreeBSD/amd64. This is an important performance fix
on this platform.
Applied various fixes and improvements to the CMake build.
(Contributed by Eric Riff, Benjamin Buch and Erik Scholz)
Added fuzzing targets for the simplified read API.
(Contributed by Mikhail Khachayants)
Fixed a build error involving pngtest.c under a custom config.
This was a regression introduced in a code cleanup in libpng-1.6.43.
(Contributed by Ben Wagner)
Fixed and improved the config files for AppVeyor CI and Travis CI.
1.6.43
Fixed the row width check in png_check_IHDR().
This corrected a bug that was specific to the 16-bit platforms,
and removed a spurious compiler warning from the 64-bit builds.
(Reported by Jacek Caban; fixed by John Bowler)
Added eXIf chunk support to the push-mode reader in pngpread.c.
(Contributed by Chris Blume)
Added contrib/pngexif for the benefit of the users who would like
to inspect the content of eXIf chunks.
Added contrib/conftest/basic.dfa, a basic build-time configuration.
(Contributed by John Bowler)
Fixed a preprocessor condition in pngread.c that broke build-time
configurations like contrib/conftest/pngcp.dfa.
(Contributed by John Bowler)
Added CMake build support for LoongArch LSX.
(Contributed by GuXiWei)
Fixed a CMake build error that occurred under a peculiar state of the
dependency tree. This was a regression introduced in libpng-1.6.41.
(Contributed by Dan Rosser)
Marked the installed libpng headers as system headers in CMake.
(Contributed by Benjamin Buch)
Updated the build support for RISCOS.
(Contributed by Cameron Cawley)
Updated the makefiles to allow cross-platform builds to initialize
conventional make variables like AR and ARFLAGS.
Added various improvements to the CI scripts in areas like version
consistency verification and text linting.
Added version consistency verification to pngtest.c also.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Used in the samba addon.
- With the old separate module removed samba still successfully built, installed and was
able to be run from the WUI.
Fixes: bug13640
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Used by the git addon.
- With the old separate module removed git still successfully built, installed and was
able to be run, cloning the ipfire git repo, changing to next, modifying a file and
the running a commit with the change.
Fixes: bug13640
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Used in install-ipfire.sh script that is run by the install of vdradmin.
- With the old separate module removed vdradmin still successfully built and installed.
Fixes: bug13640
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Used in install-ipfire.sh script that is run by the install of vdradmin.
- With the old separate module removed vdradmin still successfully built and installed.
Fixes: bug13640
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Not referenced in the IPFire git repo so looks like not actively used
Fixes: bug13640
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Not referenced in the IPFire git repo so looks like not actively used
Fixes: bug13640
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Not referenced in the IPFire git repo so looks like not actively used
Fixes: bug13640
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Removed
perl-Archive-Tar
perl-Compress-Zlib
perl-Digest
perl-Digest-HMAC
perl-Digest-SHA1
perl-JSON
perl-MIME-Base64
- Tested out on a vm system and no issues identified.
Fixes: bug13640
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Addition of patch to enable protobuf-c to be built with protobuf version > 26
- When protobuf-c is upgraded to version 1.5.1 it will include this patch
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 7.1 to 7.1.1
- Update of rootfile not required
- Changelog
7.1.1
* texi2any
. fix potential crash when @include is used inside a table
. do not complain about presence of @anchor inside @item in a table
. C source files that are generated from *.xs files are no no longer
distributed, so xsubpp from Perl is needed to build XS modules.
. fix bug that led to memory alignment error on SPARC
. performance improvement and fixes for MinGW
. test failures due to floating point rounding error fixed (observed
on IBM POWER9 processor)
* info
. crash when setting style to invalid value fixed
. potential call of memcpy with null argument fixed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.1 to 8.2
- Update of rootfile not required
- Changelog
8.2
• At a Yes-No prompt, beside Y and the localized initial for "Yes",
also ^Y is accepted. Similarly, ^N for "No", and ^A for "All".
• A text-highlighting bug with Alt+Home/Alt+End is fixed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.14.0 to 0.14.1
- Update of rootfile
- Changelog
0.14.1
* Fix: missing typename in URCU_FORCE_CAST
* Allow building with GCC >= 13.3 on RISC-V
* pointer.h: Fix the rcu_cmpxchg_pointer documentation
* Adjust shell script to allow Bash in other locations
* fix: handle EINTR correctly in get_cpu_mask_from_sysfs
* Relicense src/compat-smp.h to MIT
* ppc.h: use mftb on ppc
* Fix: allow clang to build liburcu on RISC-V
* Fix -Walloc-size
* urcu/uatomic/riscv: Mark RISC-V as broken
* Fix: urcu-bp: misaligned reader accesses
* LoongArch: Document that byte and short atomics are implemented with LL/SC
* Add LoongArch support
* tests/regression/rcutorture: Add wait state
* urcu-wait: Initialize node in URCU_WAIT_NODE_INIT
* Fix: urcu-wait: add missing futex.h include
* Adjust shell scripts to allow Bash in other locations
* Add support for OpenBSD
* Revert "compiler.h: Introduce caa_unqual_scalar_typeof"
* rculfhash: Use caa_container_of_check_null in cds_lfht_entry
* compiler.h: Introduce caa_container_of_check_null
* compiler.h: Introduce caa_unqual_scalar_typeof
* Avoid calling caa_container_of on NULL pointer in cds_lfht macros
* Fix: revise urcu_read_lock_update() comment
* Fix: uatomic powerpc comment about lwsync
* fix: aarch64: allow RHEL7 gcc 4.8.5-11
* fix: warning 'noreturn' function does return on ppc
* Fix: use __noreturn__ for C11-compatibility
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
