- Update from 5.16.0 to 5.17.0
- Update of rootfile not required
- Changelog
v5.17.0
ip/geneve: add support for IFLA_GENEVE_INNER_PROTO_INHERIT
Merge branch 'gtp-netdev' into next
f_flower: Implement gtp options support
ip: GTP support in ip link Wojciech
man: bridge: document per-port mcast_router settings
bridge: support for controlling mcast_router per port
Update kernel headers
vdpa: Update man page with added support to configure max vq pair
link_xfrm: if_id must be non zero
testsuite: link xfrm delete no if_id test
vdpa: Support reading device features
vdpa: Support for configuring max VQ pairs for a device
vdpa: Allow for printing negotiated features of a device
vdpa: Remove unsupported command line option
Makefile: move HAVE_MNL check to top-level Makefile
Merge branch 'bridge-broadcast-flooding' into next
Merge branch 'main' into next
man: ip-link: whitespace fixes to odd line breaks mid sentence
man: ip-link: mention bridge port's default mcast_flood state
man: ip-link: document new bcast_flood flag on bridge ports
ip: iplink_bridge_slave: support for broadcast flooding
man: bridge: add missing closing " in bridge show mdb
man: bridge: document new bcast_flood flag for bridge ports
bridge: support for controlling flooding of broadcast per port
rdma: make RES_PID and RES_KERN_NAME alternative to each other
uapi: update vdpa.h
ipaddress: remove 'label' compatibility with Linux-2.0 net aliases
lib/fs: fix memory leak in get_task_name()
ip/batadv: allow to specify RA when creating link
Import batman_adv.h header from last kernel sync point
uapi: update magic.h
Revert "configure: Allow command line override of toolchain"
tc: separate action print for filter and action dump
rdma: Fix the logic to print unsigned int.
Revert "rdma: Fix res_print_uint() and add res_print_u64()"
Merge branch 'libbpf-fixups' into next
bpf: Remove use of bpf_create_map_xattr
bpf: Export bpf syscall wrapper
bpf_glue: Remove use of bpf_load_program from libbpf
rdma: Fix res_print_uint() and add res_print_u64()
uapi: update to xfrm.h
ss: display advertised TCP receive window and out-of-order counter
Merge branch 'link-layer-protocols' into next
tc: bash-completion: Add profinet and ethercat to procotol completion list
lib: add profinet and ethercat as link layer protocol names
Merge branch '802.1X-locked-bridge-ports' into next
man8/ip-link.8: add locked port feature description and cmd syntax
man8/bridge.8: add locked port feature description and cmd syntax
ip: iplink_bridge_slave: add locked port flag support
bridge: link: add command to set port in locked mode
Update kernel headers
configure: Allow command line override of toolchain
mptcp: add port support for setting flags
mptcp: add fullmesh support for setting flags
mptcp: add fullmesh check for adding address
bond: add ns_ip6_target option
Merge branch 'main' into next
devlink: Remove strtouint8_t in favor of get_u8
devlink: Remove strtouint16_t in favor of get_u16
devlink: Remove strtouint32_t in favor of get_u32
devlink: Remove strtouint64_t in favor of get_u64
Update kernel headers
f_flower: fix indentation for enc_key_id and u32
bridge: Remove vlan listing from `bridge link`
bridge: Fix error string typo
lnstat: fix strdup leak in -w argument parsing
iplink_can: print_usage: typo fix, add missing spaces
dcb: Fix error reporting when accessing "dcb app"
tc: fix duplicate fall-through
libnetlink: fix socket leak in rtnl_open_byproto()
tc_util: Fix parsing action control with space and slash
tunnel: Fix missing space after local/remote print
Merge branch 'ioam-insert-freq' into next
Update documentation
Add support for the IOAM insertion frequency
Update kernel headers
iplink: add ip-link documentation
iplink: add gro_max_size attribute handling
tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6`
tc: u32: add support for json output
iprule: Allow option dsfield in 'ip rule show'
tc/f_flower: fix indentation
tc_util: fix breakage from clang changes
tc: add skip_hw and skip_sw to control action offload
ss: use freecon() instead of free() when appropriate
man: Fix a typo in the flag documentation of ip address
dcb: app: Add missing "dcb app show dev X default-prio"
Merge branch 'clang-compile' into next
json_print: suppress clang format warning
libbpf: fix clang warning about format non-literal
tunnel: fix clang warning
tipc: fix clang warning about empty format string
can: fix clang warning
ipl2tp: fix clang warning
tc_util: fix clang warning in print_masked_type
flower: fix clang warnings
netem: fix clang warnings
utils: add format attribute
tc: add format attribute to tc_print_rate
Merge branch 'main' into next
uapi: update kernel headers from 5.17-rc1
tc/action: print error to stderr
mptcp: add id check for deleting address
dcb: Rewrite array-formatting code to not cause warnings with Clang
f_flower: fix checkpatch warnings
netem: fix checkpatch warnings
Merge branch 'main' into next
lib: fix ax25.h include for musl
uapi: add missing virtio headers
uapi: add missing rose and ax25 files
q_cake: allow changing to diffserv3
iplink_can: add ctrlmode_{supported,_static} to the "--details --json" output
Update kernel headers
Merge branch 'rdma-clang-compile' into next
rdma: Don't allocate sparse array
rdma: Limit copy data by the destination size
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.28.10 to 1.28.14
- Update of rootfile not required
- Changelog
CHANGES IN V1.28.14
- pdftopdf: Correct the output when suppressing auto-rotation
(option "nopdfAutoRotate"). Depending on the situation pages
got cropped in the wrong orientation or de-centered.
- pdftopdf: Correct the output when the
"orientation-requested" or the "landscape" option is
supplied. Output could be de-centered (Issue #456),
portrait-oriented pages be wrongly cropped and division of
the output page into cells for N-up done in the wrong
orientation.
- rastertopdf: In PCLm output mode the filter failed to
generate PCLm if the printer has no
"pclm-source-resolution-default" IPP attribute.
CHANGES IN V1.28.13
- pdftopdf: Fix N-up printing when paper is taken
long-edge-first by the printer.
- pdftopdf: Fix cropping ("print-scaling=none" and
"print-scaling=fill") when paper is taken long-edge-first by
the printer (Issue #454).
- pdftops: Use Poppler for all Apple LaserWriter models (Issue
#452).
CHANGES IN V1.28.12
- imagetoraster, imagetopdf: Fixed comparison of the image
size with the page size for print-scaling=auto. The image
size in pixels was compared with the page size in PostScript
points (1/72 inch).
- imagetoraster, imagetopdf: Fixed the "print-scaling=none"
(crop-to-fit) mode, also use crop-to-fit always when
requested, do not fall back to fit-to-page when the image
size differs significantly from the page size (Issue #362).
- libcupsfilters: Changed the default PPI resolution for
images as input files from 128 to 200 (Pull request #446).
- implicitclass: Do not check availability of "gs" and
"pdftops" executables, instead, check by the presence of
"gstoraster" and "pdftoraster" filters whether we have
configured cups-filters for Ghostscript and/or Poppler use.
- libcupsfilters: In the PPD generator for the driverless
utility and cups-browsed add "*cupsFilter2: ..." lines for
all supported driverless data formats (PDF, Apple/PWG
Raster, PCLm), and add lines for legacy data formats (PCL,
PostScript) only if no driverless formats available.
- libcupsfilters: Always use encryption for ipps. RFC7472
requires that 'ipps' must be used over HTTPS, but the
driverless utility does not enforce encryption (Pull request
#433).
- serial: Add a 10-msec sleep and at the end add a tcdrain().
For some unknown reason, every printing file need sleep a
little time to make sure the serial printer receive data is
right (Pull request #431).
- libcupsfilters: Fix resolver functions for DNS-SD-based
URIs, to make resolve_uri() also work when DEVICE_URI env
variable is set and to make ippfind_based_uri_converter()
not re-direct stdin.
- pdftopdf: Set default for print-scaling to avoid "should
never happem" log messages and undefined behavior.
- pdftopdf: Fix orientation-requested = 0. Consider
this as "automatic selection and not as error.
- pdftopdf: Fixed all combinations of print-scaling and
number-up for printers with asymmetric margins (top !=
bottom or left != right) and for input files containing
pages with different sizes and/or orientations. Fixes
backported from 2.x branch.
- pdftopdf: Add 2% tolerance for input size larger than output
page when "print-scaling=auto" or "print-scaling=auto-fit"
is used and too large input pages should be scaled, fitting
documents not. This prevents a random-looking behavior if
input and output page size seem to be equal, but in reality
there are slight differences between size dimensions.
CHANGES IN V1.28.11
- libcupsfilters: Let PPD generator take default ColorModel
from printer (CUPS issue #277).
- Braille: In vectortopdf check inkscape version to call
inkscape with the correct command line (Issue #315, Pull
request #443).
- Build system: Make missing DejaVuSans.ttf non-fatal in
./configure as the font is only needed for test programs,
not for actual use of cups-filters (Issue #411).
- libcupsfilters: In imagetoraster() fixed crash with SGray
(Issue #435).
- cups-browsed: Naming of local queues is matched to CUPS'
current naming of temporary queues (no leading or trailing
underscores), to avoid duplicates in print dialogs which
support CUPS' temporary queues.
- libcupsfilters: Make cupsRasterParseIPPOptions() work correctly
with PPDs (Issue #436).
- libcupsfilters: Let colord_get_profile_for_device_id() not
return empty file name, to avoid error messages in CUPS
error_log.
- foomatic-rip: Debug message was wrongly sent to stdout and
not to log (Issue #422).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 6.13 to 6.14
- Update of rootfile not required
- Changelog
September, 2021: Release 6.14
cifs-utils: bump version to 6.14
setcifsacl: fix formatting
smbinfo: add support for new key dump ioctl
mount.cifs: fix crash when mount point does not exist
cifs.upcall: fix regression in kerberos mount
smbinfo: Add command for displaying alternate data streams
Reorder ACEs in preferred order during setcifsacl
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- The directory name for the hostile data was using HOSTILE while the chain was called
HOSTILE_DROP. This resulted in the files in the directory not being updated.
Fixes: bug#12838
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- Chain that was specified was HOSTILE but actual used is HOSTILE_DROP
- Using HOSTILE caused no update fro the hostile data used in the Firewall Hits graph
Fixes: bug#12838
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Acked-by: Bernhard Bitsch <bbitsch@ipfire.org>
This saves some resources when we re-read the same configuration file
too often.
Suggested-by: Anthony Heading <ajrh@ajrh.net>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch changes that the script will listen to changes to the
directory instead of the file which got complicated when files got
renamed.
It also processes all changes at the same time and tries finding out
what actions have to be performed in order to avoid unnecessary
iterations.
The script is also limited to process any changes only once every five
seconds to keep resource usage in check on busy systems.
Suggested-by: Anthony Heading <ajrh@ajrh.net>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This improves logging and enables logging to the console.
Suggested-by: Anthony Heading <ajrh@ajrh.net>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Since running virtual machines is one of our legitimate use cases, it
makes sense to provide Qemu with the ability of taking advantage of
IOMMU support for safer virtuall memory allocation, if available.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
This is recommended by KSPP, Lynis, and others. Indeed, there is no
legitimate reason why an unprivileged user on IPFire should do any
profiling. Unfortunately, this change never landed in the mainline
kernel, hence a distribution patch is necessary.
The second version of this patch rebases the kernel patch by Jeff
Vander Stoep against Linux 5.15.17 to avoid fuzzying.
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Since we dropped support for blocking P2P protocols, the corresponding translation strings
are no longer needed.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
