- Update dbus from 1.11.12 to 1.12.20 (latest in release line
1.13.x is also available but this is the development line
and not recommended for production use
- Changelog between these two versions is very long (750 lines long) and
can be found in the NEWS file in the source tarball.
- rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update ipset from 7.6 to 7.10
- Changelog
7.10
Kernel part changes
Fix patch "Handle false warning from -Wstringop-overflow"
Backward compatibility: handle renaming nla_strlcpy to nla_strscpy
treewide: rename nla_strlcpy to nla_strscpy. (Francis Laniel)
netfilter: ipset: fix shift-out-of-bounds in htable_bits() (Vasily Averin)
netfilter: ipset: fixes possible oops in mtype_resize (Vasily Averin)
Handle false warning from -Wstringop-overflow
Backward compatibility: handle missing strscpy with a wrapper of strlcpy.
Move compiler specific compatibility support to separated file (broken compatibility support reported by Ed W)
7.9
Userspace changes
Fix library versioning (Jan Engelhardt)
7.8
Kernel part changes
Complete backward compatibility fix for package copy of <linux/jhash.h>
Compatibility: check for kvzalloc() and GFP_KERNEL_ACCOUNT
netfilter: ipset: enable memory accounting for ipset allocations (Vasily Averin)
netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet)
Compatibility: use skb_policy() from if_vlan.h if available
Compatibility: Check for the fourth arg of list_for_each_entry_rcu()
Backward compatibility fix for the package copy of <linux/jhash.h>
7.7
Userspace changes
Expose the initval hash parameter to userspace
Handle all variable header parts in helper scripts instead ot test tasks
Add bucketsize parameter to all hash types
Support the -exist flag with the destroy command
Kernel part changes
Expose the initval hash parameter to userspace
Add bucketsize parameter to all hash types
Use fallthrough pseudo-keyword in the package copy of too
Support the -exist flag with the destroy command
netfilter: Use fallthrough pseudo-keyword (Gustavo A. R. Silva)
netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva)
netfilter: ipset: call ip_set_free() instead of kfree() (Eric Dumazet)
netfiler: ipset: fix unaligned atomic access (Russell King)
netfilter: ipset: Fix subcounter update skip (Phil Sutter)
ipset: Update byte and packet counters regardless of whether they match (Stefano Brivio)
netfilter: ipset: Pass lockdep expression to RCU lists (Amol Grover)
ip_set: Fix compatibility with kernels between v3.3 and v4.5 (Serhey Popovych)
ip_set: Fix build on kernels without INIT_DEFERRABLE_WORK (Serhey Popovych)
ipset: Support kernels with at least system_wq support
ip_set: Fix build on kernels without system_power_efficient_wq (Serhey Popovych)
- Rootfiles updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update minicom from 2.7.1 to 2.8
- Changelog for version 2.8
New timestamp mode: Delta to previous line.
Add HPA ESC sequence
Add alternative window support (ti/te)
Fix file name of non-global configuration settings.
Update translations: Indonesian, French, Swedish, Spanish, German, Brazilian Portuguese, Vietnamese, Polish, Danish, Norwegian, Serbian
New translation: Serbian, Simplified chinese
Fix F10 macro key used in current setups
Add F11 and F12 for macro use
Fixed DTR for recent systems
Add support for RS485.
Add --capturefile-buffer-mode option
Bug fixes
- Updated rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is complicated to set the password in the C helper binary.
Therefore it is being set by a helper script.
This is still not an optimal solution since the password might be
exposed to the shell environment, but has the advantage that shell
command injection is no longer possible.
Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Fixes: #12562
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.8.6 to 1.8.7
Florian Westphal (4):
xtables-monitor: fix rule printing
xtables-monitor: fix packet family protocol
xtables-monitor: print packet first
xtables-monitor:
Pablo Neira Ayuso (2):
tests: shell: update format of registers in bitwise payloads.
configure: bump version for 1.8.7 release
Phil Sutter (21):
nft: Optimize class-based IP prefix matches
ebtables: Optimize masked MAC address matches
tests/shell: Add test for bitwise avoidance fixes
ebtables: Fix for broken chain renaming
iptables-test.py: Accept multiple test files on commandline
iptables-test.py: Try to unshare netns by default
libxtables: Extend MAC address printing/parsing support
xtables-arp: Don't use ARPT_INV_*
xshared: Merge some command option-related code
tests/shell: Test for fixed extension registration
extensions: dccp: Fix for DCCP type 'INVALID'
nft: Fix selective chain compatibility checks
nft: cache: Introduce nft_cache_add_chain()
nft: Implement nft_chain_foreach()
nft: cache: Move nft_chain_find() over
nft: Introduce struct nft_chain
nft: Introduce a dedicated base chain array
nft: cache: Sort custom chains by name
tests: shell: Drop any dump sorting in place
nft: Avoid pointless table/chain creation
tests/shell: Fix nft-only/0009-needless-bitwise_0
- Rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Cache ethernet configuration in public variable "ethernet_settings",
add functions to simplify working with the network configuration.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function nicely translates the ethernet/settings "CONFIG_TYPE"
into a list of available zones. Therefore it should be more accessible!
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This function is deprecated. The commonly used and maintained "IpInSubnet" function can be found in general-functions.pl.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This enables some more features that have been added to wpa_supplicant
over time. In our case we need SAE for WPA3 support.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Till now when a server was in the "blocking regime" there was one probe
made every 15 min, to see if this server is up again. In situations
where all servers where down (e.g. because of a massive package loss)
it could take up to 15 min to have a working dns again.
This patch changes this behaviour in a way that a server marked down is
probed every 2 min.
Fixes: #12557
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update fuse from 2.9.7 to 3.10.1
- Update also required by sshfs update
- Changelog is available at https://github.com/libfuse/libfuse/releases
- Build had to be changed from autools to meson/ninja
- Rootfiles changed
- namespace conflict fix patch no longer required. Fix now built into kernel.h
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
