- Implement python3 version of certdata2pem.py script from fedora
- Modify build.sh to work with python3 script that uses p11-kit based on fedora
approach - https://src.fedoraproject.org/rpms/ca-certificates/tree/rawhide
- Extraction of cert files now uses p11-kit which requires libtasn1 as a build
dependency
- Updated rootfile
- Updated ca-certificates installed into a vm and confirmed to download a file from an
https site with the same results as with existing ca-certfictaes system
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 0.9.3 to 0.9.6
0.9.4 and 0.9.6 are security releases
- Update rootfile
- Changelog
libssh 0.9.6 security release
This is a security release of libssh to address CVE-2021-3634 (moderate impact), a
possible heap-buffer overflow when rekeying. A workaround exists. More details can be
found in the advisory.
In addition the 0.9.6 version addresses some memory leaks in error path, an AEAD
handshake and some more.
CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism
Fix several memory leaks on error paths
Reset pending_call_state on disconnect
Fix handshake bug with AEAD ciphers and no HMAC overlap
Use OPENSSL_CRYPTO_LIBRARIES in CMake
Ignore request success and failure message if they are not expected
Support more identity files in configuration
Avoid setting compiler flags directly in CMake
Support build directories with special characters
Include stdlib.h to avoid crash in Windows
Fix sftp_new_channel constructs an invalid object
Fix Ninja multiple rules error
Several tests fixes
libssh 0.9.5
The libssh team is happy to announce another bugfix release of libssh as version
0.9.5. It offers bug fixes for several issues found by our users.
This includes a fix for CVE-2020-16135, however we do not see how this would be
exploitable at all. If you find a security bug in libssh please don’t just assign a
CVE, talk to us first.
CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
Improve handling of library initialization (T222)
Fix parsing of subsecond times in SFTP (T219)
Make the documentation reproducible
Remove deprecated API usage in OpenSSL
Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
Define version in one place (T226)
Prevent invalid free when using different C runtimes than OpenSSL (T229)
Compatibility improvements to testsuite
libssh 0.9.4 security release
This is a security release of libssh to address CVE-2020-1730 (moderate impact), a
possible Denial of Service (DoS) in client and server when handling AES-CTR keys with
OpenSSL. A workaround exists. More details can be found in the advisory.
In addition the this version addresses several memory leaks and adds support for
diffie-hellman-group14-sha256 key exchange.
Fixed CVE-2020-1730 (Possible DoS in client and server when handling AES-CTR keys with OpenSSL)
Added diffie-hellman-group14-sha256
Fixed several possible memory leaks
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.2.15 (2013) to 2.0.16 (2021)
- Source file name changed from SDL to SDL2 so also deleted old sdl and created sdl2
files for rootfile and lfs
- Changelog is too large to include here. Details can be found in the WhatsNew.txt file
in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
We are using CPU-affinity and packet steering functions in various
places in IPFire, but packets might still be received on a random CPU
core.
This feature enables that packets that belong to the same connection
(i.e. have the save tuple) will be steered to the same queue. This will
increase cache locality and decrease locking which results in higher
throughput.
https://www.kernel.org/doc/Documentation/networking/scaling.txt
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://blog.clamav.net/2021/09/clamav-01040-released.html
New requirements and major changes:
"As of ClamAV 0.104, CMake is required to build ClamAV
...
The built-in LLVM for the bytecode runtime has been removed."
But since the current 'llvm 12.0.1' version refused to be build
"...you will need to supply the development libraries for LLVM
version 3.6.2" - which is ~6 years old - I gave up with 'llvm'
and stayed with the bytecode "interpreter".
Cited:
"The bytecode interpreter is the default runtime for bytecode
signatures just as it was in ClamAV 0.103.
@ALL:
In 'clamav 0.104.0' there is no appropriate cmake option for
"CONFIGURE_FLAGS = --disable-fanotify" for ARM buildings anymore.
Perhaps there is a kernel option for this?
=> https://docs.clamav.net/manual/OnAccess.html#requirements
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- db.txt is the text file version of the wireless settings by country database
- Using db.txt means that regdbdump from crda is not required by wlanap.cgi
- This patch copies the db.txt file from the source tarball to /lib/firmware/ where
it can be read by wlanap.cgi
- This version of the patch renames the db.txt file to regulatorydb.txt
- Updated rootfile to include regulatorydb.txt
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- python3 has this functionality built in with ipaddress.py
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- With the removal of python-m2crypto then this module is not longer required as a
dependency.
- python3-setuptools was already released into Core Update 157
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- With the removal of python-m2crypto then python-typing is no longer rerquired as a
dependency.
- The functionality of the python2 typing module is built in to python3.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- A python3 version of this module is not required as python-m2crypto is only used for
the build of crda.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- From kernel 4.15 and onwards the function of what crda does is built into the kernel.
- Tested the removal of crda with kernel 4.14.232 and kernel 5.10.45
Country code set by "iw reg set NL" was recognised with kernel 5.10.45 and set at
the global value of 00 with kernel 4.14.232 confirming the kernel built in option is
working without the prescence of crda
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 2.8.8 to 2.10.0
- Update of rootfile carried out
- Changelog
2.10.0:
[ tatsuz ]
* updated Visual Studio projects to VS 2019 (#54)
[ Fabian Greffrath ]
* mp4read.c: fix stack-buffer-overflow in stringin()/ftypin()
* fix heap-buffer-overflow in mp4read.c
[ Clayton Smith ]
* Remove non-ASCII characters
* Remove trailing whitespace
[ Andrew Wesie ]
* Check return value of ltp_data.
* Restrict SBR frame length to 960 and 1024 samples.
* Support object type 29.
* Support implicit SBR signaling in frontend.
* Fix PNS decoding when only right channel is noise.
* Initialize element_id array with an invalid id.
* Fix NULL pointer dereferences.
* Fix infinite loop in adts_parse.
* Fix infinite loop in huffman_getescape.
* Check for error after each channel decode.
* Check for inconsistent number of channels.
2.9.2:
[ Michał Janiszewski ]
* Only use x86-assembly when explicitly on x86
* Use unsigned integers correctly
* Initialize pointers that might otherwise not be
[ Fabian Greffrath ]
* update README esp. WRT directory structure
[ Rosen Penev ]
* fix compilation without SBR/PS_DEC (#48)
* fix compilation with LC_ONLY_DECODER (#47)
[ Fabian Greffrath ]
* fix "inline function 'cfftf1' declared but never defined" compiler warning
* fix some inconsistencies in the frontend output
* mp4read_open: add check for failed frame buffer allocation
* stszin: add check for allocation error and integer overflow
* add a pkg-config file
[ Stefan Pöschel ]
* frontend: address compile warning + add missing LF (#50)
[ François Cartegnie ]
* library name is faad (#52)
* Unbreak PS audio (#51)
2.9.1:
[ Fabian Greffrath ]
* Include stdio.h in libfaad/ps_dec.c for stderr (Michael Fink)
* Fix Tille -> Title typo in frontend/mp4read.c (Alexander Thomas)
2.9.0:
[ Krzysztof Nikiel ]
* Build system fixes and code clean-up
[ LoRd_MuldeR ]
* Fix compiler warnings and code indentation
* Fix compilation with GCC <= 4.7.3
* MSVC solution file clean-up
[ Cameron Cawley ]
* Fix compilation with GCC 4.7.4
* Fix compilation with MinGW
[ Michael Fink ]
* MSVC 2017 project file update
[ Hugo Lefeuvre ]
* Fix crash with unsupported MP4 files (NULL pointer dereference,
division by zero)
* CVE-2019-6956: ps_dec: sanitize iid_index before mixing
* CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
* CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
parametric stereo (PS)
* CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
CVE-2018-20358: syntax.c: check for syntax element inconsistencies
* CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
borders
[ Hugo Beauzée-Luyssen ]
* CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
[ Filip Roséen ]
* Prevent crash on SCE followed by CPE
[ Gianfranco Costamagna ]
* Fix linking with GCC 9 and "-Wl,--as-needed"
[ Fabian Greffrath ]
* Enable the frontend to be built reproducibly
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 3.0.3 to 3.0.6
- Update of rootfile carried out
- Changelog
## Lynis 3.0.6 (2021-07-22)
### Added
- OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
- Check for outdated translation files
### Changed
- DBS-1826 - Check if PostgreSQL is being used
- DBS-1828 - Test multiple PostgreSQL configuration file(s)
- KRNL-5830 - Sort kernels by version instead of modification date
- PKGS-7410 - Don't show exception for systems using LXC
- GetHostID function: fallback options added for Linux systems
- Fix: macOS Big Sur detection
- Fix: show correct text when egrep is missing
- Fix: variable name for PostgreSQL
- German and Spanish translations extended
## Lynis 3.0.5 (2021-07-02)
### Added
- OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
- CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
### Changed
- ACCT-9622 - Corrected typo
- HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
- PKGS-7320 - extended to Arch Linux 32
- Generation of host identifiers (hostid/hostid2) extended
- Linux host identifiers are now using ip as preferred input source
- Improved logging in several areas
## Lynis 3.0.4 (2021-05-11)
### Added
- ACCT-9670 - Detection of cmd tooling
- ACCT-9672 - Test cmd configuration file
- BOOT-5140 - Check for ELILO boot loader presence
- OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
### Changed
- BOOT-5104 - Add service manager detection support for runit
- FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
- FIRE-4540 - Corrected nftables empy ruleset test
- LOGG-2138 - Do not check for klogd when metalog is being used
- TIME-3185 - Improved support for Debian stretch
- Corrected issue when Lynis is not executed directly from lynis directory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.36 to 1.38
- Update of rootfile
- Changelog
version 1.38
build: Fix --disable-tld builds.
Simplify building of gdoc-generated man/texi outputs.
Rebuild GTK-DOC HTML/PDF outputs on version number changes.
doc: Rebuild idn.1 when version number changes.
build: Fix --disable-tld builds.
cicd: Add pages.
doc: Improve GTK-DOC manual.
cicd: Fix Ubuntu 12.04 builds.
Improve GTK-DOC manual.
Fix build errors related to doc/idn--help.texi.
doc: Fix release process.
doc: Improve HACKING instructions.
Bootstrap cache.
version 1.37
Use gnulib's bootstrap.
Drop old unused WERROR_CFLAGS usage.
Improve URLs.
Fix links for git and valgrind.
Fix self check for --disable-tld.
Sync with TP.
Doc fixes.
Don't dist ps/html/pdf. Drop custom css.
Improve ./configure summary output.
Use gnulib langinfo module.
More ./configure summary output.
Use AM_GNU_GETTEXT_VERSION to get intl.m4 too.
Disable some complex gnulib self-tests that add lots of dependencies and fail on mingw.
Drop second gnulib tests directory since only one is supported.
Require more recent automake and gtk-doc.
Fix .gitignore.
doc: Fix JDK dependency for Fedora.
Drop warning stuff covered by manywarnings.m4 now.
Disable VLA from gettext.
Remove autopoint-generated files that are in gnulib too.
Update autoconf archive macros.
Prefer gnulib's M4 files over autopoint.
Modernize autoconf usage.
Use AM_GNU_GETTEXT_REQUIRE_VERSION.
Update gnulib files.
Modernize configure.ac.
Require autoconf 2.64 for newer gnulib.
Avoid including copyright info in idn example.
Fix manual copyright years.
Fix syntax-check.
Update copyright years.
Improve HACKING.
Drop obsolete PGP key from AUTHORS.
Revert last patch, clearly src/ was being built before doc/.
Build doc/ after src/ so that src/idn exists for help2man of doc/idn.1.
Fix recommended package installs.
Drop .gitlab-ci.yml.
Doc fix.
Sync with TP.
Fix typos, inspired by codespell.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
iwconfig doesn't return values for "Link Quality" if the interface
is disconnected, causing a division by zero error. If there are odd
values, the resulting percentage may contain many decimal places.
This patch makes wifi_get_link_quality return zero instead of failing
and rounds the percentage to a more meaningful integer.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.3.0 (2005) to 2.1.1 (2021)
- Update rootfile
- version 1.3.0 was from 2005. Version 2.1.0 was from 2006. No other updates have been
carried out since 2006 until Feb 2021 when the repository was migrated from CVS
to git. https://github.com/linux-ras/sysfsutils/releases
- Installed iso, that was created from build, into testbed vm system. All menu's opened
and no issues found. Not 100% sure what to look for as I am not totally clear what
the library would be used for or by which programs. Probably needs testing by someone
who lnows what the sysfsutils library is used for.
- Ran find-dependencies on the original library system before build and then on the new
library system after building and in both cases nothing was flagged up. So it looks
like no other programs are linked to the library.
- pcmciautils required one of the sysfsutils include files to be available during the
build. ./configure was modified to allow pcmciautils to find the include file
- Changelog for changes from 2.1.0 to 2.1.1
Moved to git from CVS repository
Modernized build system
Source compiles on latest compilers
Various bug fixes
Removed Changelog and NEWS files
Adjusted COPYING file to reflect set of directories covered under GPLv2
Added SUSE-specific libsysfs.conf
Improvements to adopt git workflow
Integration with Travis-CI
Updated the documentation
Special thanks to all the sysfsutils package maintainers.
Thanks to: Aurelien Jarno, Christopher Engelhard, Guillem Jover,
Kamalesh Babulal, Lee Duncan, Martin Pitt, Timm Bäder
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 6.0.2 (2005) to 12.5.4 (2021)
- sysstat-6.0.2-sysconf.patch no longer required. Built into source as standard now.
- Update rootfile
rootfile made the same as previous version. New options are available, such as
pidstat and tapestat but they have been commented out in the rootfile. If required
in the future they can be uncommented.
- iso that was built with this sysstat was installed into vm testbed and confirmed
that all graphs working, especially those related to disk stats.
- Changelog is too large to show here. Full details for all previous versions can be
found in the CHANGES file in the source tarball.
- At least 25 bugs fixed between the two versions.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
In some cases iptables logs the protocol number instead of the name.
When accessing the logs via the WUI, this number has been displayed as used
protocol, which is very hard to read and understand.
This commit adds a new function to the general-functions.pl, which
generates a hash to translate the protocol number into the protocol
name.
Fixes#11282.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 6.7 to 6.8
- Update rootfile
- Changelog is too large to include here. Full details can be found in the
ChangeLog file in the source tarball
Following is the content of the NEWS file from the source tarball which highlights
noteworthy changes, very tersely.
6.8 (3 July 2021)
* Language
. new command @displaymath for formatting of mathematical notation
. @example takes an argument to specify the language
. mark these commands as deprecated, not to be used:
@centerchap, @definfoenclose, @refill, @inforef.
. new paper size @bsixpaper
* texi2any
. should be faster as Perl XS parser is enabled by default
. SHOW_MENU customization variable replaced by FORMAT_MENU.
FORMAT_MENU set to 'menu' is the same as SHOW_MENU set to 1, and
FORMAT_MENU set to 'nomenu' is the same as SHOW_MENU set to 0.
. only check menu structure if CHECK_NORMAL_MENU_STRUCTURE variable is set
. changes to HTML output:
. MathJax support for display of math. new variables HTML_MATH,
MATHJAX_SCRIPT and MATHJAX_SOURCE.
. new variables JS_WEBLABELS and JS_WEBLABELS_FILE to support
JavaScript License Web Labels
. by default, use sectional tables of contents instead of menus
. use section names in links by default (configure with
xrefautomaticsectiontitle customization variable)
. CONTENTS_OUTPUT_LOCATION sets location of table of contents
. document sections wrapped in <div> elements
. new variable USE_NODE_DIRECTIONS to use node or section structure
for node directions
. copiable anchor links for definitions with COPIABLE_ANCHORS variable
. experimental JavaScript browsing interface enabled with INFO_JS_DIR
. don't add an extra period before file extension given as an argument
to @image if image file is not found
* info
. support compressed dir files
* texi2dvi
. stop on first error in input file
* texinfo.tex
. put logical page numbers into PDF's ('page labels')
. put chapter numbers in the PDF outline
. new Finnish translation
* Distribution
. autoconf 2.71, automake 1.16.3, gettext 0.21
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.11.1 to 1.12
- Update rootfile
- Changelog
TagLib 1.12 (Feb 16, 2021)
* Added support for WinRT.
* Added support for Linux on POWER.
* Added support for classical music tags of iTunes 12.5.
* Added support for file descriptor to FileStream.
* Added support for 'cmID', 'purl', 'egid' MP4 atoms.
* Added support for 'GRP1' ID3v2 frame.
* Added support for extensible WAV subformat.
* Enabled FileRef to detect file types based on the stream content.
* Dropped support for Windows 9x and NT 4.0 or older.
* Check for mandatory header objects in ASF files.
* More tolerant handling of RIFF padding, WAV files, broken MPEG streams.
* Improved calculation of Ogg, Opus, Speex, WAV, MP4 bitrates.
* Improved Windows compatibility by storing FLAC picture after comments.
* Fixed numerical genres in ID3v2.3.0 'TCON' frames.
* Fixed consistency of API removing MP4 items when empty values are set.
* Fixed consistency of API preferring COMM frames with no description.
* Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439).
* Fixed handling of empty MPEG files.
* Fixed parsing MP4 mdhd timescale.
* Fixed reading MP4 atoms with zero length.
* Fixed reading FLAC files with zero-sized seektables.
* Fixed handling of lowercase field names in Vorbis Comments.
* Fixed handling of 'rate' atoms in MP4 files.
* Fixed handling of invalid UTF-8 sequences.
* Fixed possible file corruptions when saving Ogg files.
* Fixed handling of non-audio blocks, sampling rates, DSD audio in WavPack files.
* TableOfContentsFrame::toString() improved.
* UserTextIdentificationFrame::toString() improved.
* Marked FileRef::create() deprecated.
* Marked MPEG::File::save() with boolean parameters deprecated,
provide overloads with enum parameters.
* Several smaller bug fixes and performance improvements.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 3.21.2 to 3.21.6
- Update of rootfile
- Changelog
3.21.6
Added support for following new Distro's:
Fedora 34
Ubuntu 21.04
OpenSuse 15.3
Debian 10.9
3.21.4
Added support for following new Distro's:
LinuxMint 20.1
Debian 10.8
Added support for the following new Printers:
HP Envy 6400 series
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
