- Update minicom from 2.7.1 to 2.8
- Changelog for version 2.8
New timestamp mode: Delta to previous line.
Add HPA ESC sequence
Add alternative window support (ti/te)
Fix file name of non-global configuration settings.
Update translations: Indonesian, French, Swedish, Spanish, German, Brazilian Portuguese, Vietnamese, Polish, Danish, Norwegian, Serbian
New translation: Serbian, Simplified chinese
Fix F10 macro key used in current setups
Add F11 and F12 for macro use
Fixed DTR for recent systems
Add support for RS485.
Add --capturefile-buffer-mode option
Bug fixes
- Updated rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update arping from 2.15 to 2.21
- Notable changes from 2.20 to 2.21:
* Use more modern pcap API calls, when available
* Add payload data to mac ping
* chdir(/) after chroot()
* Misc minor cleanup
- Notable changes from 2.19 to 2.20:
* Improved support for cross-compile
* Use unveil(2) and pledge(2) where available (i.e. OpenBSD)
* Fix false duplicates when destination address is *also* assigned to local interface
* Minor typo-level fixes
- Notable changes from 2.18 to 2.19:
* Added -g to drop privs to alternate user (for Android)
* Slightly improved error messages
- Notable changes from 2.17 to 2.18:
* Make -w/-W work like 'ping'
- Notable changes from 2.16 to 2.17:
* Add padding to packets to work on Raspberry Pi 3
- Notable changes from 2.15 to 2.16:
* VLAN tagging (Nikolay Aleksandrov)
* 802.1Q priority (Nikolay Aleksandrov)
* Added a bunch of unit tests.
* Be more lazy about initializing libnet.
This fixes issues where arping would sometimes pick an unsuitable
device during arg parsing, if the "first" device on the system is
not a "normal" device.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The database we ship by default is meanwhile four weeks old, and since
the merge window for Core Update 154 is still open, there is no need to
ship data being more outdated than they have to be. :-)
The second version of this patch also updates the checksum for the
downloaded database file.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update sudo from 1.9.5p1 to 1.9.5p2
- Major changes between version 1.9.5p2 and 1.9.5p1:
Fixed sudo's setprogname(3) emulation on systems that don't provide it.
Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954.
Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically.
The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache.
When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is complicated to set the password in the C helper binary.
Therefore it is being set by a helper script.
This is still not an optimal solution since the password might be
exposed to the shell environment, but has the advantage that shell
command injection is no longer possible.
Fixes: #12562
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Fixes: #12562
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit f1d98a1c3f.
The new version of make seems to break building u-boot on armv5tel.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.8.6 to 1.8.7
Florian Westphal (4):
xtables-monitor: fix rule printing
xtables-monitor: fix packet family protocol
xtables-monitor: print packet first
xtables-monitor:
Pablo Neira Ayuso (2):
tests: shell: update format of registers in bitwise payloads.
configure: bump version for 1.8.7 release
Phil Sutter (21):
nft: Optimize class-based IP prefix matches
ebtables: Optimize masked MAC address matches
tests/shell: Add test for bitwise avoidance fixes
ebtables: Fix for broken chain renaming
iptables-test.py: Accept multiple test files on commandline
iptables-test.py: Try to unshare netns by default
libxtables: Extend MAC address printing/parsing support
xtables-arp: Don't use ARPT_INV_*
xshared: Merge some command option-related code
tests/shell: Test for fixed extension registration
extensions: dccp: Fix for DCCP type 'INVALID'
nft: Fix selective chain compatibility checks
nft: cache: Introduce nft_cache_add_chain()
nft: Implement nft_chain_foreach()
nft: cache: Move nft_chain_find() over
nft: Introduce struct nft_chain
nft: Introduce a dedicated base chain array
nft: cache: Sort custom chains by name
tests: shell: Drop any dump sorting in place
nft: Avoid pointless table/chain creation
tests/shell: Fix nft-only/0009-needless-bitwise_0
- Rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Exerpt from 'ChangeLog.md':
"## [3.18.0] - 2021-01-08
- allow UIDs and GIDs to be specified numerically (#217)
- add support for Zstandard compressed files (#355)
- make `delaycompress` not to fail with `rotate 0` (#341)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Add patch to support listing of token providers.
* Add fix to proper encode python string.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update fuse from 2.9.7 to 3.10.1
- Update also required by sshfs update
- Changelog is available at https://github.com/libfuse/libfuse/releases
- Build had to be changed from autools to meson/ninja
- Rootfiles changed
- namespace conflict fix patch no longer required. Fix now built into kernel.h
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 5.8.0 to 5.10.0
- No changelog available
- No changes to the rootfiles
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.8.5 to 1.8.6
- Changelog info
Arturo Borrero Gonzalez (1):
xtables-translate: don't fail if help was requested
Giuseppe Scrivano (1):
iptables: accept lock file name at runtime
Jan Engelhardt (2):
doc: document danger of applying REJECT to INVALID CTs
build: resolve iptables-apply not getting installed
Maciej Żenczykowski (1):
libxtables: compiler warning fixes for NO_SHARED_LIBS
Pablo Neira Ayuso (4):
extensions: libxt_conntrack: provide translation for DNAT and SNAT --ctstate
iptables: replace libnftnl table list by linux list
iptables-nft: fix basechain policy configuration
configure: bump version for 1.8.6 release
Phil Sutter (31):
xtables-restore: Fix verbose mode table flushing
build: Fix for failing 'make uninstall'
xtables-translate: Use proper clear_cs function
tests: shell: Add help output to run-tests.sh
nft: Make table creation purely implicit
nft: Be lazy when flushing
nft: cache: Drop duplicate chain check
nft: Drop pointless nft_xt_builtin_init() call
nft: Turn nft_chain_save() into a foreach-callback
nft: Use nft_chain_find() in two more places
nft: Reorder enum nft_table_type
nft: Eliminate table list from cache
nft: Fix command name in ip6tables error message
tests: shell: Merge and extend return codes test
xtables-monitor: Fix ip6tables rule printing
nft: Fix for ruleset flush while restoring
Makefile: Add missing man pages to CLEANFILES
nft: cache: Check consistency with NFT_CL_FAKE, too
nft: Extend use of nftnl_chain_list_foreach()
nft: Fold nftnl_rule_list_chain_save() into caller
nft: Use nft_chain_find() in nft_chain_builtin_init()
nft: Fix for broken address mask match detection
extensions: libipt_icmp: Fix translation of type 'any'
libxtables: Make sure extensions register in revision order
libxtables: Simplify pending extension registration
libxtables: Register multiple extensions in ascending order
nft: Make batch_add_chain() return the added batch object
nft: Fix error reporting for refreshed transactions
libiptc: Avoid gcc-10 zero-length array warning
nft: Fix for concurrent noflush restore calls
tests: shell: Improve concurrent noflush restore test a bit
- Rootfiles updated
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update of stunnel from 5.56 to 5.57
- Changelog Version 5.57, 2020.10.11, urgency: HIGH
Security bugfixes
The "redirect" option was fixed to properly handle "verifyChain = yes" (thx to Rob Hoes).
OpenSSL DLLs updated to version 1.1.1h.
New features
New securityLevel configuration file option.
FIPS support for RHEL-based distributions.
Support for modern PostgreSQL clients (thx to Bram Geron).
Windows tooltip texts updated to mention "stunnel".
TLS 1.3 configuration updated for better compatibility.
Bugfixes
Fixed a transfer() loop bug.
Fixed memory leaks on configuration reloading errors.
DH/ECDH initialization restored for client sections.
Delay startup with systemd until network is online.
bin\libssp-0.dll removed when uninstalling.
A number of testing framework fixes and improvements.
- No change to rootfiles
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
System capabilities are stored in extended file system attributes
which are by default not stored in tar balls.
This patch ensures that they are packaged and extracted.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update iperf3 from 3.7 to 3.9
- No changes to rootfiles
- Update patch file to remove pg flag
- Release notes from version 3.8 onwards:-
iperf 3.9 2020-08-17
--------------------
* Notable user-visible changes
* A --timestamps flag has been added, which prepends a timestamp to
each output line. An optional argument to this flag, which is a
format specification to strftime(3), allows for custom timestamp
formats (#909, #1028).
* A --server-bitrate-limit flag has been added as a server-side
command-line argument. It allows a server to enforce a maximum
throughput rate; client connections that specify a higher bitrate
or exceed this bitrate during a test will be terminated. The
bitrate is expressed in bits per second, with an optional trailing
slash and integer count that specifies an averaging interval over
which to enforce the limit (#999).
* A bug that caused increased CPU usage with the --bidir option has
been fixed (#1011).
* Notable developer-visible changes
* Fixed various minor memory leaks (#1023).
iperf 3.8.1 2020-06-10
----------------------
* Notable user-visible changes
* A regression with "make install", where the libiperf shared
library files were not getting installed, has been fixed (#1013 /
#1014).
iperf 3.8 2020-06-08
--------------------
* Notable user-visible changes
* Profiled libraries and binaries are no longer built by default
(#950).
* A minimal Dockerfile has been added (#824).
* A bug with burst mode and unlimited rate has been fixed (#898).
* Configuring with the --enable-static-bin flag will now cause
a statically-linked iperf3 binary to be built (#989).
* Configuring with the --without-sctp flag will now prevent SCTP
from being auto-detected (#1008). This flag allows building a
static binary (see above item) on a CentOS system with SCTP
installed, because no static SCTP libraries are available.
* Clock skew between the iperf3 client and server will no longer
skew the computation of jitter during UDP tests (#842 / #990).
* A possible buffer overflow in the authentication feature has been
fixed. This was only relevant when configuration authentication
using the libiperf3 API, and did not affect command-line usage.
Various other improvements and fixes in this area were also made
(#996).
* Notable developer-visible changes
* The embedded version of cJSON has been updated to 1.7.13 (#978).
* Some server authentication functions have been added to the API
(#911).
* API access has been added to the connection timeout parameter
(#1001).
* Tests for some authentication functions have been added.
* Various compiler errors and warnings have been fixed.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.0.13 to 2.0.14a
- No change in rootfiles
- Release notes for change:-
o scaling improvements for -P, i.e. improved support for large numbers of traffic threads
o major code refactoring (see doc/DESIGN_NOTES) for maintainability, extensibilty, performance, scaling, memory usage
o support for full duplex traffic using --full-duplex
o support for reverse traffic using --reverse
o support for role-reversal character of asterisk in the transfer id
o transfer id now an incrementing integer and no longer the socket id
o support for TCP connect only tests with --connect-only
o isochronous support compiled in by default, must use config to disable
o support --isochronous for both UDP or TCP traffic to simulate video streams
o use of clock_nanosleep when supported to schedule isochronous burst starts, otherwise use nanosleep delay
o support for --trip-times indicating the client and server clocks are synchronized to an accuracy sufficient, note: consider the use of precision time protocol as well as ask your data center to provide access to a GPS disciplined reference time source
o support for --trip-times with -d and -r bidirectional tests
o output TCP connect times (3WHS) in connect reports
o support for application level tcp connect retries via --connect-retries n
o rate-limited options of -b and --fq-rate supported for unidirectional, full duplex and reverse traffic
o reporter thread designed to automatically cause packet reports to aggregate - mitigating and hopefully removing thread thrashing
o support for frame or burst based reporting or sampling vs time based via -i [f|F] (experimental)
o support for UDP traffic only from client to server with --no-udp-fin
o support for write to read latencies (UDP and TCP) with --trip-times
o support for sum only outputs with --sum-only
o support for little's law calculations in --trip-time outputs
o support for --txstart-time <epoch-time> to schedule client traffic start, timestamp support microseconds, e.g. unix $(expr $(date +%s) + 1).$(date +%N)
o support for --txdelay-time to insert delay between TCP three way handshake (3WHS) and data transfer
o support for --no-connect-sync which disables transmit traffic start synchronization when -P is used, defaults to synchronized
o option of --full-duplex implementation uses a barrier on the client side to synchronize full duplex traffic
o no limits to group sum reports, i.e. all clients will get its own sum report per a server
o improved report timestamps, e.g. end to end or client and server based timestamps with --trip-times
o improved settings messaging
o improved messaging for --tcp-congestion or -Z
o re-implemented -U for single UDP server with minimal threading interactions
o re-implemented -1 or --singleclient where server will serialize traffic runs
o warning message if the test were likely CPU bound instead of network i/o bound
o fix the case when -P <value> is set on the server such that summing output is displayed
o multicast listener will autoset -U (single server), e.g -P > 1 not supported for multicast
o multicast listener no longer busy drops multicast packets during traffic test, i.e. only server thread receives them
o immediate bail out on mutually exclusive command line options
o fix -o or --output using freopen to redirect stdout and stderr to a file
o man page updates with examples
o tested with 1000's of traffic streams, WiFi, 10G and 100G
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- update from 3.2.8 to 3.3.16
This is also an update from procps to procps-ng
The previous version was no longer being maintained.
- Added autogen.sh into lfs as ity is needed to create the config script.
- Added libdir=/lib line into configure command as default is /usr/lib
- Added mv commands for kill, ps & sysctl to place them into the same locations
as the previous version of procps
- Moved lfsmake2 procps line to after pkg-config in make.sh
The autogen line requires autoconf, libtool, gettext and pkg-config
to be available so procps moved to after them.
- procps-3.2.8-fix_unknown_HZ_value.patch no longer required with new
version so removed.
- rootfile updated.
- libprocps library being maintained by the same people now maitaining this
version of procps.
- information on the releases from 3.3.13 to 3.3.16 available on
https://gitlab.com/procps-ng/procps/-/releases
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When run, ninja normally runs a maximum number of processes in parallel.
By default this is the number of cores on the system plus two. In some cases this can
overheat a CPU or run a system out of memory. If run from the command line, passing a
-jN parameter will limit the number of parallel processes, but some packages embed the
execution of ninja and do not pass a -j parameter.
Using this optional procedure allows us to limit the number of parallel processes
via an environment variable, NINJAJOBS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
More and more packages uses meson as build environment instead of
autotools or cmake.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Full changelog as retrieved from https://git.savannah.gnu.org/cgit/texinfo.git/plain/NEWS:
6.7 (23 September 2019)
* Language:
. support of index subentries and sub-subentries with @subentry
. new commands @seeentry and @seealso in index entries
. no need to wrap Top node in @ifnottex - omitted automatically when
processed with TeX
. UTF-8 is the default input encoding
* texi2any
. for HTML output, mark index nodes in menus and tables of contents
with the 'rel' attribute of the 'a' tag.
. TOP_NODE_UP is now only used in HTML if TOP_NODE_UP_URL is set.
Also TOP_NODE_UP should now be formatted in the output format.
In HTML TOP_NODE_UP should be suitable for inclusion in HTML
element attributes, so for instance should not contain elements.
. support of noderename.cnf files has been removed
. INPUT_PERL_ENCODING, INPUT_ENCODING_NAME, NODE_FILE_EXTENSION,
NODE_FILENAMES, SHORTEXTN and TOP_NODE_FILE removed as customization
variables.
. TOP_NODE_FILE_TARGET now contains the extension.
. error messages translated when the XS parser module is in use
* texi2dvi
. unconditionally run in --batch mode, i.e. without stopping if there
is a TeX error
. keep on going after a TeX error if the index files changed
. with --tidy (or --build-dir), avoid reading index files from previous
runs where --tidy was not used
* info
. for a tree search (with M-/), '}' and '{' work as well as 'M-}' and
'M-{' to go through the results
* Distribution:
. Several obsolete portability checks removed
. gettext 0.20.1, automake 1.16.1
No rootfile changes were necessary.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
