This reverts commit 1f3f267021.
Symlink will remain in place to ensure the reverted version is always
shipped to our users, including those that have installed Core Update
174 (testing).
Fixes: #13073
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
* The script needs to run with root permissions in order to
do the ipset operations. So remove code to drop the permissions
on startup.
* Adjust execute calls to use the proper functions from
general functions.
* Add some code to set the correct ownership (nobody:nobody) for
changed files during script runtime.
Fixes#13072.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
- With change of common css entries into header.pl with commit
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=b52a84ddc77f9db7e4ad7b129f21fbf528c6f990
I had missed that color20 and color22 etc, that come from colors.txt, are not known in
header.pl so that the alternate colours in tables were missing. Even though I tested the
previous commit I obviously did not look well enough because I missed that the tables
had no alternate colours. I just found it now when looking at Core Update 174 Testing.
- Confirmed by copying this version of header.pl into my CU174 Testing system and the
alternate colour rows came back again as they should be. I am sure now that they are
correct.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
- v2 version that has only the removed line in the language files diffs
- Line removed from de, en, es & fr
- No translations had been done for the other languages for that line.
Fixes: Bug#12701
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
It only contains firmware files for some Qualcomm Bluetooth devices, for
which there is no use on IPFire, since we disabled Bluetooth support in
the kernel a long time ago due to security reasons.
To save some space (~ 1.9 MByte), do not ship these files, and delete
them on existing IPFire installations as well.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- This line is no longer needed with the help button at the top of each WUI page that was
implemented by @Leo
- Sorry for long time for me to get around to finalising this patch but it is done now.
Fixes: bug#12701
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- This updates the updatexlrator.cgi page to the same central use of extraHead from
header.pl and simplifying of css variables where appropriate.
- The variables for the percentage bar will also be able to be used in other cgi pages
with a percent bar.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- After looking at other .cgi files I realised that I had named the variables based on
their dhcp usage only. However colouryellow or color20 etc can be used not only in a
row but also in a cell or a column. Rather than ending up with multiple copies of the
same colour for rows, cells, columns etc I have simplified the variable names to just
the colour. They can then be used in whatever situation is wanted. The rest of the cgi
code will give the view of what structure the colour is being applied to.
- This will limit the number of different css variables defined in the header.pl file
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
If QMI is used the dial in mode has to be set as ppp dialin but the
interface name is red. In such a case the old code tried to display
the stats for the ppp0 interface which is wrong.
This patch fixes this issue by calling the handy function to get
the correct interface name for red.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Checkboxes does not submit any values if they are not checked.
Default them to "off" in such a case.
This fixes the issue not beeing able to disable the logging.
Fixes#12979.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Now the rules files in a subfolder like "<provider>-rules" also will get
extracted.
Fixes rule file extraction for Snort Community ruleset.
Fixes#12948.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.8 to 3.9
- Update of rootfile not required
- Changelog
Noteworthy changes in release 3.9 (2023-03-05) [stable]
Bug fixes
With -P, some non-ASCII UTF8 characters were not recognized as
word-constituent due to our omission of the PCRE2_UCP flag. E.g.,
given f(){ echo Perú|LC_ALL=en_US.UTF-8 grep -Po "$1"; } and
this command, echo $(f 'r\w'):$(f '.\b'), before it would print ":r".
After the fix, it prints the correct results: "rú:ú".
When given multiple patterns the last of which has a back-reference,
grep no longer sometimes mistakenly matches lines in some cases.
[Bug#36148#13 introduced in grep 3.4]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 65.4.1 to 67.5.1
- Update of rootfile
- Changelog
v67.5.1
Misc
* #3836: Fixed interaction between ``setuptools``' package auto-discovery and
auto-generated ``htmlcov`` files.
Previously, the ``htmlcov`` name was ignored when searching for single-file
modules, however the correct behaviour is to ignore it when searching for
packages (since it is supposed to be a directory, see `coverage config`_)
-- by :user:`yukihiko-shinoda`.
.. _coverage config: https://coverage.readthedocs.io/en/stable/config.html#html-directory
* #3838: Improved error messages for ``pyproject.toml`` validations.
* #3839: Fixed ``pkg_resources`` errors caused when parsing metadata of packages that
are already installed but do not conform with PEP 440.
v67.5.0
Changes
* #3843: Although pkg_resources has been discouraged for use, some projects still
consider pkg_resources viable for usage. This change makes it clear that
pkg_resources should not be used, emitting a DeprecationWarning when imported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.9.13p2 to 1.9.13p3
- Update of rootfile not required
- Changelog
What's new in Sudo 1.9.13p3
* Fixed a bug introduced in sudo 1.9.13 that caused a syntax error
when "list" was used as a user or host name. GitHub issue #246.
* Fixed a bug that could cause sudo to hang when running a command
in a pseudo-terminal when there is still input buffered after a
command has exited.
* Fixed "sudo -U otheruser -l command". This is a regression in
sudo 1.9.13. GitHub issue #248.
* Fixed "sudo -l command args" when matching a command in sudoers
with command line arguments. This is a regression in sudo 1.9.13.
GitHub issue #249.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 10.4.0 to 11.3.0
- Update of rootfile
- Build changed to cmake from version 11.0 onwards
- find-dependencies run due to lib so bump. Only qpdf and cups-filters are linked to
the changed libs. cups-filters being shipped due to a change required because of
qpdf-11.3.0
- Changelog is too large to include here. Details can be found in the ChangeLog file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.4.11 to 0.4.12
- Update of rootfile not required
- No Changelog available but the latest version of poppler-data is required by poppler
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 23.01.0 to 23.03.0
- Update of rootfile not required
- Changelog
Release 23.03.0:
core:
* PngWriter: Fix potential uninitialized memory use
Release 23.02.0:
core:
* CairoOutputDev: Fix rendering of color type 3 fonts
* CairoOutputDev: Add handling matte entry
* Fix segfault on wrong nssdir
* Fix "NSS could not shutdown"
utils:
* pdfsig: Point out supports PKCS#11 URIs as nickname
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Most of the packages being searched for in the system logs section only put hostname into
the logs. However HAProxy puts the FQDN. Reviewing RFC 5424 shows that this is following
the requirements. The preferred order fromn the RFC is
1. FQDN
2. Static IP address
3. hostname
4. Dynamic IP address
5. the NILVALUE
- Most of the programs are using option 3 but option 1 is valid for HAProxy
- The regex change filters out the hostname from the FQDN if an extra 'dot' is present
Fixes: Bug#12922
Suggested-by: Michael <ip.fire@die-fritzens.de>
Tested-by: Michael <ip.fire@die-fritzens.de>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.4.1 to 2.4.2
- Update of rootfile not required
- Changelog
Changes in CUPS v2.4.2 (26th May 2022)
- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
- The `cupsFileOpen` function no longer opens files for append in read-write
mode (Issue #291)
- The cupsd daemon removed processing temporary queue (Issue #364)
- Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm
closing the connection (Issue #365)
- Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329)
- Fixed CSS related issues in CUPS Web UI (Issue #344)
- Fixed copyright in CUPS Web UI trailer template (Issue #346)
- mDNS hostname in device uri is not resolved when installaling a permanent
IPP Everywhere queue (Issues #340, #343)
- The `lpstat` command now reports when the scheduler is not running
(Issue #352)
- Updated the man pages concerning the `-h` option (Issue #357)
- Re-added LibreSSL/OpenSSL support (Issue #362)
- Updated the Solaris smf service file (Issue #368)
- Fixed a regression in lpoptions option support (Issue #370)
- The scheduler now regenerates the PPD cache information after changing the
"cupsd.conf" file (Issue #371)
- Updated the scheduler to set "auth-info-required" to "username,password" if a
backend reports it needs authentication info but doesn't set a method for
authentication (Issue #373)
- Updated the configure script to look for the OpenSSL library the old way if
pkg-config is not available (Issue #375)
- Fixed the prototype for the `httpWriteResponse` function (Issue #380)
- Brought back minimal AIX support (Issue #389)
- `cupsGetResponse` did not always set the last error.
- Fixed a number of old references to the Apple CUPS web page.
- Restored the default/generic printer icon file for the web interface.
- Removed old stylesheet classes that are no longer used by the web
interface.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This is necessary since the certdata2pem.py script does not take
meta information such as "distrust after date" into account, hence
Mozilla's changes to TrustCor's root CAs are not sufficient to have them
removed from or distrusted on IPFire installations.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 5.9.9 to 5.9.10
- Update of rootfile not required
- Changelog
strongswan-5.9.10
- Fixed a vulnerability related to certificate verification in TLS-based EAP
methods that leads to an authentication bypass followed by an expired pointer
dereference that results in a denial of service and possibly even remote code
execution.
This vulnerability has been registered as CVE-2023-26463.
- Added support for full packet hardware offload for IPsec SAs and policies with
Linux 6.2 kernels to the kernel-netlink plugin.
- TLS-based EAP methods now use the standardized key derivation when used
with TLS 1.3.
- The eap-tls plugin properly supports TLS 1.3 according to RFC 9190, by
implementing the "protected success indication".
- With the `prefer` value for the `childless` setting, initiators will create
a childless IKE_SA if the responder supports the extension.
- Routes via XFRM interfaces can optionally be installed automatically by
enabling the `install_routes_xfrmi` option of the kernel-netlink plugin.
- charon-nm now uses XFRM interfaces instead of dummy TUN devices to avoid
issues with name resolution if they are supported by the kernel.
- The `pki --req` command can encode extendedKeyUsage (EKU) flags in the
PKCS#10 certificate signing request.
- The `pki --issue` command adopts EKU flags from CSRs but allows modifying them
(replace them completely, or adding/removing specific flags).
- On Linux 6.2 kernels, the last use times of CHILD_SAs are determined via the
IPsec SAs instead of the policies.
- For libcurl with MultiSSL support, the curl plugin provides an option to
select the SSL/TLS backend.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This reverts commit 6d3e6cfc16.
Arne informed me via the phone that this patch has to be reverted, since
his changes for riscv64 already made it redundant. Keeping it would
cause rootfile quirks to the riscv64 builds.
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
