The parsers for those are disabled in the suricata config so
the rules are not needed, on the contrary they massively will spam
warnings when launching suricate because of the disabled parsers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
- Update from 4.14.0.4 to 4.15.0.1
- Update of rootfile
- Changelog
v4.15.0.1
rebased with official coreboot repository commit 6973a3e7
v4.14.0.6
rebased with official coreboot repository commit d06c0917
Re-added GPIO bindings to fix LED and button functionality
v4.14.0.5
rebased with official coreboot repository commit d4c55353
Updated CPU declarations in ACPI to comply with newer ACPI standard
Removed GPIO bindings to fix conflict with OS drivers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
network for download the sources has not worked with some nic's
like realtek 8169 because the phy driver was missing.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This patch re-enables this package for build and it builds against next
with Linux 5.15.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
sched_min_granularity_ns and sched_migration_cost_ns are not
available for sysctl anymore. They can only altered via debugfs
if scheduler debugging is enabled.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The warning point to a wiki page which is currently in construction.
This should give us the opportunity to add further information for
these users even if we do not provide updates anymore.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
this fix the 500 internal server error becuase this file
was not installed by the patch that add the wiki links.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.6.8:
Changes in version 0.4.6.8 - 2021-10-26
This version fixes several bugs from earlier versions of Tor. One
highlight is a fix on how we track DNS timeouts to report general
relay overload.
o Major bugfixes (relay, overload state):
- Relays report the general overload state for DNS timeout errors
only if X% of all DNS queries over Y seconds are errors. Before
that, it only took 1 timeout to report the overload state which
was just too low of a threshold. The X and Y values are 1% and 10
minutes respectively but they are also controlled by consensus
parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories for October 2021. Closes
ticket 40493.
o Minor features (testing):
- On a testing network, relays can now use the
TestingMinTimeToReportBandwidth option to change the smallest
amount of time over which they're willing to report their observed
maximum bandwidth. Previously, this was fixed at 1 day. For
safety, values under 2 hours are only supported on testing
networks. Part of a fix for ticket 40337.
- Relays on testing networks no longer rate-limit how frequently
they are willing to report new bandwidth measurements. Part of a
fix for ticket 40337.
- Relays on testing networks now report their observed bandwidths
immediately from startup. Previously, they waited until they had
been running for a full day. Closes ticket 40337.
o Minor bugfix (onion service):
- Do not flag an HSDir as non-running in case the descriptor upload
or fetch fails. An onion service closes pending directory
connections before uploading a new descriptor which can thus lead
to wrongly flagging many relays and thus affecting circuit building
path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
- Improve logging when a bad HS version is given. Fixes bug 40476;
bugfix on 0.4.6.1-alpha.
o Minor bugfix (CI, onion service):
- Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (compatibility):
- Fix compatibility with the most recent Libevent versions, which no
longer have an evdns_set_random_bytes() function. Because this
function has been a no-op since Libevent 2.0.4-alpha, it is safe
for us to just stop calling it. Fixes bug 40371; bugfix
on 0.2.1.7-alpha.
o Minor bugfixes (onion service, TROVE-2021-008):
- Only log v2 access attempts once total, in order to not pollute
the logs with warnings and to avoid recording the times on disk
when v2 access was attempted. Note that the onion address was
_never_ logged. This counts as a Low-severity security issue.
Fixes bug 40474; bugfix on 0.4.5.8.
Since we configure Tor to use libseccomp, the latter has been updated
for kernel 5.15 as well, hence we need to ship Tor either way.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Release annnouncement as per https://github.com/seccomp/libseccomp/releases/tag/v2.5.3:
Version 2.5.3 - November 5, 2021
Update the syscall table for Linux v5.15
Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
Document that seccomp_rule_add() may return -EACCES
Fix issues with test 11-basic-basic_errors on old kernels (API level < 5)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- jwhois being replaced with whois
- Removal of jwhois lfs, rootfile and assoicated patch files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- This whois client is being actively maintained. This version 5.5.10 was released on
June 6th 2021 and regular updates have been ocurring several times per year.
- This client has all of its default whois servers compiled into it. These can be seen
by reading the source files in the tarball.
- Therefore the whois.conf file is available for any additional servers that are decided
to be required but as provided is empty.
- Installed on a vm testbed and worked to identify the details of ip addresses. Selecting
an IP in the WUI logs screen also gets the ip information provided so it is working
well with the WUI.
Tested-by:Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.3.0 to 2.3.2
- Update rootfile
- Changelog is too large to include here. Details can be found in the changes.txt file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 3.7.1 to 3.7.2
- Update of rootfile not required
- Changelog
Release 3.7.2 (2021-06-08)
* Added a secondary check so if a mkdir request fails with EPERM an access request
will be tried - returning EEXIST if the access was successful.
Fixes: https://github.com/libfuse/sshfs/issues/243
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 1.7a (2013) to 1.22c (2021)
- Update rootfile
- Changelog is too large to include here. Full details can be read in the ChangeLog file
in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 5.11 to 5.14
- Update of rootfile not required
- Changelog
Noteworthy changes in release 5.14 (2021-09-02)
* Improvements
* Implemented decoding of memfd_secret and quotactl_fd syscalls,
introduced in Linux 5.14.
* Enhanced prctl syscall decoding.
* Enhanced decoding of IFLA_* netlink attributes.
* Enhanced decoding of MDBA_ROUTER_PATTR_* mdb router port netlink attributes.
* Updated lists of BPF_*, IORING_*, MADV_*, MOUNT_ATTR_*, SCTP_*,
and UFFD_* constants.
* Updated lists of ioctl commands from Linux 5.14.
* Bug fixes
* Fixed build using bionic libc.
Noteworthy changes in release 5.13 (2021-07-18)
* Improvements
* Print netlink data in a more structured way.
* Implemented decoding of NT_PRSTATUS and NT_FPREGSET regsets
of PTRACE_GETREGSET and PTRACE_SETREGSET requests.
* Implemented decoding of regs argument of PTRACE_GETREGS, PTRACE_GETREGS64,
PTRACE_SETREGS, PTRACE_SETREGS64, PTRACE_GETFPREGS, and PTRACE_SETFPREGS
requests.
* Implemented powerpc System Call Vectored ABI support.
* Implemented decoding of landlock_add_rule, landlock_create_ruleset,
and landlock_restrict_self syscalls introduced in Linux 5.13.
* Enhanced decoding of perf_event_open syscall.
* Updated lists of BPF_*, IORING_*, KEXEC_*, KEY_*, KVM_*, NT_*, PR_*,
PTRACE_*, RTM_*, RTPROT_*, TRAP_*, UFFD_*, UFFDIO_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 5.13.
* Portability
* On powerpc and powerpc64, linux kernel >= 2.6.23 is required.
Older versions without a decent PTRACE_GETREGS support will not work.
Noteworthy changes in release 5.12 (2021-04-26)
* Improvements
* Implemented --secontext[=full] option to display SELinux contexts.
* Implemented decoding of mount_setattr syscall introduced in Linux 5.12.
* Updated decoding of IFLA_BRPORT_* netlink attributes to match Linux 5.12.
* Updated lists of DEVCONF_*, IORING_*, KVM_*, MPOL_*, MTD_*, NFT_MSG_*,
RESOLVE_*, RTM_*, ST_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 5.12.
* Bug fixes
* Fixed build using bionic libc.
* Portability
* Added binutils 2.36 support to --enable-mpers builds.
- More details of the above changes can be found in the ChangeLog file in the source
tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Install libuv lfs and rootfile
- Add libuv to make.sh
- Tested by running bind utilities on a vm testbed
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 9.11.32 to 9.16.22
- 9.11 is an ESV (Extended Support Version) that will go EOL in December 2021
9.16 is the replacement ESV whose EOL is not yet defined but will be at least 4 years
so should be supported until at least March 2024 as the 9.16 branch was started in 2020
- Update rootfile
- libuv is now required both to build the bind libraries and for the running of the
utilities.
- Changelog is difficult to define here as this is a change of branch from 9.11 to 9.16
both of which have been running in parallel. However all the changes from the start of
9.16.0 can be found in the CHANGES file in the source tarball.
- nslookup, host and dig utilities tested out by installing this on a vm testbed. All
these utilities worked as the previous version
nsupdate was not able to be tested other than confirming that running nsupdate
opened an interactive session. This utility would be good to be tested by someone
familiar with how to run it.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Restarting the firewall is not necessary during the upgrade procedure,
and the user is asked to reboot the machine afterwards either way.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
