- Update fcron from 3.2.0 (Jul 2014) to 3.2.1 (Jun 2016 - latest version)
- Updated rootfile
- Changelog
From version 3.2.0 to 3.2.1
* @-line can now be run every second (minimum every 10s previously)
* Fixed occasional 1s slippage. This was due to a race condition
between when time_to_sleep is run and when we compute how long to
sleep for, which could happen in the following second: if that
happened we end up sleeping for 1s instead of not sleeping at all.
The fix was to replace time_to_sleep() by next_wake_time().
* add From: header to emails. Similarly to other crons, use: "From:
%s (fcron)" with %s being either the user the job is run as or the
value of MAILFROM.
* The installation script now supports systemd fully.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update acl from 2.2.52 (May 2013) to 2.2.53 (Jun 2018 - latest version)
- Rootfile updated
- No make rules for install-lib or install-dev in new version. Only for install
- Changelog in tarball has 2.2.49 (Nov 2009) as the latest change
- Could not find changelog info anywhere else.
- Following changelog created by extracting from git commits (thanks for idea Peter Mueller)
- include: fix uninstall for `make distcheck` Mike Frysinger
- acl.5 man page: Update link to POSIX.1e draft Andreas Gruenbacher
- test: add regression test Dmitry V. Levin
- Enable large-file support on systems that do not enable it by default Dmitry V. Levin
- libacl: Fix acl_from_text() returning NULL on all input Dmitry V. Levin
- setfacl --restore: Silence valgrind Andreas Gruenbacher
- setfacl: Preserve special mode bits on filesystems without POSIX ACL support Andreas Gruenbacher
- setfacl.1: document the meaning of '-' in perms Kamil Dudka
- setfacl: Allow more than four characters in the perms field Andreas Gruenbacher
- permissions.test: Fix umask Andreas Gruenbacher
- Add additional group names for root-specific tests Andreas Gruenbacher
- libtestlookup: Add missing EXPORT and static declarations Andreas Gruenbacher
- Minor man-page clarifications Andreas Gruenbacher
- Remove ACL_ADD and ACL_DELETE Andreas Gruenbacher
- test: fixups on SELinux machines for root testcases He Zhe
- libacl: Ignore warning in parse_acl_entry() Andreas Gruenbacher
- Cleanup visibility of API functions Yury Usishchev
- Cleanup internal headers usage Yury Usishchev
- Rework config.h usage Yury Usishchev
- walk_tree_rec: Add parentheses to clarify code Andreas Gruenbacher
- __acl_from_xattr: Set errno for invalid tag types Andreas Gruenbacher
- Fix checks for valid permissions in input Corinna Vinschen
- use portable AC_C_BIGENDIAN Mike Frysinger
- quote: escape literal backslashes Jeff Mahoney
- test: Add helper library to fake passwd/group files Jeff Mahoney
- ignore configure.lineno Mike Frysinger
- walk_tree: mark internal variables as static Dmitry V. Levin
- Do not export symbols that are not supposed to be exported Dmitry V. Levin
- getfacl: Fix minor resource leak Andreas Gruenbacher
- setfacl man page: Minor wording improvements Andreas Gruenbacher
- Fix the display block nesting in acl.5 Andreas Gruenbacher
- getfacl: Fix memory leak Andreas Gruenbacher
- fix compilation with latest xattr git Brice De Bruyne
- libacl: acl_set_file: Remove unnecesary racy check Andreas Gruenbacher
- cp.test: Check permissions of the right file Andreas Gruenbacher
- add __acl_ prefixes to internal symbols Mike Frysinger
- mark libmisc funcs as hidden so they are not exported Mike Frysinger
- telldir return value and seekdir second parameters are of type long Cristian Rodríguez
- read_acl_{comments,seq}: switch to next_line Mike Frysinger
- read_acl_{comments,seq}: rename "line" to "lineno" Mike Frysinger
- build: ship a pkgconfig file for libacl Mike Frysinger
- build: make use of an aux-dir to stow away helper scripts Mike Frysinger
- build: drop aclincludedir, use pkgincludedir Mike Frysinger
- po: regenerate files after move Mike Frysinger
- modernize build system Mike Frysinger
- test: make running parallel/out-of-tree safe Mike Frysinger
- move gettext logic into misc.h Mike Frysinger
- punt debian/rpm packaging logic Mike Frysinger
- libacl: fix SIGSEGV of getfacl -e on overly long group name Kamil Dudka
- libacl: Make sure that acl_from_text() always sets errno when it fails Andreas Gruenbacher
- Use autoreconf rather than autoconf to regenerate the files. Fabrice Bauzac
- .gitignore: ignore *~ and config.h.in. Fabrice Bauzac
- Bad markup in acl.5 page Eric S. Raymond
- Makefile: rename configure.in to configure.ac Mike Frysinger
- test: fix insufficient quoting of '\' Kamil Dudka
- setfacl.1: fix typo 'inclu de' -> 'include' John Bradshaw
- Install the libraries to the appropriate directory Brandon Philips
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update screen from 4.2.1 to 4.8.0
- Changelog
Version 4.8.0 (05/02/2020)
* Improve startup time by only polling for files to close
Fixes:
- Fix for segfault if termcap doesn't have Km entry
- Make screen exit code be 0 when checking --version
- Fix potential memory corruption when using OSC 49
Version 4.7.0 (02/10/2019)
* Add support for SGR (1006) mouse mode
* Add support for OSC 11
* Update Unicode ambiguous and wide tables to 12.1.0
* Fixes:
- cross-compilation support (bug #43223)
- a lot of manpage fixes and cleanups
Version 4.6.2 (23/10/2017):
* Fixes:
- revert changes to cursor position restore behavour (bug #51832)
- set freed pointer to NULL (bug #52133)
- documentation fixes
- fix windowlist crashes (bug #43054 & #51500)
Version 4.6.1 (10/07/2017):
* Fixes:
- problems with starting session in some cases
- parallel make install
- segfault when querying info on nonUTF locale (bug #51402)
Version 4.6.0 (28/06/2017):
* Update Unicode wide tables to 9.0 (bug #50044)
* Support more serial speeds
* Improved namespaces support
* Migrate from fifos to sockets
* Start viewing scrollback at first line of output (bug #49377)
Version 4.5.1 (25/02/2017):
* Fixes:
- logfile permissions problem (CVE-2017-5618)
- SunOS build problem (bug #50089)
- FreeBSD core dumps (bug #50143)
Version 4.5.0 (10/12/2016):
* Allow specifying logfile's name via command line parameter '-L'
* Fixes:
- broken handling of "bind u digraph U+" (bug #48691)
- crash with long $TERM (bug #48983)
- crash when bumping blank window
- build for AIX (bug #49149)
- %x improperly separating arguments
- install with custom DESTDIR (bug #48370)
Version 4.4.0 (19/06/2016):
* Support up to 24 function keys
* Fix runtime issues
* 'logfile' command, starts logging into new file upon changing
Version 4.3.1 (28/06/2015):
* Fix resize bug
Version 4.3.0 (13/06/2015):
* Introduce Xx string escape showing the executed command of a window
* Implement dead/zombie window polling, allowing for auto reconnecting
* Allow setting hardstatus on first line
New Commands:
* 'sort' command sorting windows by title
* 'bumpleft', 'bumpright' - manually move windows on window list
* 'collapse' removing numbering 'gaps' between windows, by renumbering
* 'windows' command now accepts arguments for use with querying
- Rootfile updated
- Two screen patchfiles deleted as the patch changes are now built into
the source files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update ipset from 7.6 to 7.10
- Changelog
7.10
Kernel part changes
Fix patch "Handle false warning from -Wstringop-overflow"
Backward compatibility: handle renaming nla_strlcpy to nla_strscpy
treewide: rename nla_strlcpy to nla_strscpy. (Francis Laniel)
netfilter: ipset: fix shift-out-of-bounds in htable_bits() (Vasily Averin)
netfilter: ipset: fixes possible oops in mtype_resize (Vasily Averin)
Handle false warning from -Wstringop-overflow
Backward compatibility: handle missing strscpy with a wrapper of strlcpy.
Move compiler specific compatibility support to separated file (broken compatibility support reported by Ed W)
7.9
Userspace changes
Fix library versioning (Jan Engelhardt)
7.8
Kernel part changes
Complete backward compatibility fix for package copy of <linux/jhash.h>
Compatibility: check for kvzalloc() and GFP_KERNEL_ACCOUNT
netfilter: ipset: enable memory accounting for ipset allocations (Vasily Averin)
netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet)
Compatibility: use skb_policy() from if_vlan.h if available
Compatibility: Check for the fourth arg of list_for_each_entry_rcu()
Backward compatibility fix for the package copy of <linux/jhash.h>
7.7
Userspace changes
Expose the initval hash parameter to userspace
Handle all variable header parts in helper scripts instead ot test tasks
Add bucketsize parameter to all hash types
Support the -exist flag with the destroy command
Kernel part changes
Expose the initval hash parameter to userspace
Add bucketsize parameter to all hash types
Use fallthrough pseudo-keyword in the package copy of too
Support the -exist flag with the destroy command
netfilter: Use fallthrough pseudo-keyword (Gustavo A. R. Silva)
netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva)
netfilter: ipset: call ip_set_free() instead of kfree() (Eric Dumazet)
netfiler: ipset: fix unaligned atomic access (Russell King)
netfilter: ipset: Fix subcounter update skip (Phil Sutter)
ipset: Update byte and packet counters regardless of whether they match (Stefano Brivio)
netfilter: ipset: Pass lockdep expression to RCU lists (Amol Grover)
ip_set: Fix compatibility with kernels between v3.3 and v4.5 (Serhey Popovych)
ip_set: Fix build on kernels without INIT_DEFERRABLE_WORK (Serhey Popovych)
ipset: Support kernels with at least system_wq support
ip_set: Fix build on kernels without system_power_efficient_wq (Serhey Popovych)
- Rootfiles updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org>
Fixes: #12562
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.8.6 to 1.8.7
Florian Westphal (4):
xtables-monitor: fix rule printing
xtables-monitor: fix packet family protocol
xtables-monitor: print packet first
xtables-monitor:
Pablo Neira Ayuso (2):
tests: shell: update format of registers in bitwise payloads.
configure: bump version for 1.8.7 release
Phil Sutter (21):
nft: Optimize class-based IP prefix matches
ebtables: Optimize masked MAC address matches
tests/shell: Add test for bitwise avoidance fixes
ebtables: Fix for broken chain renaming
iptables-test.py: Accept multiple test files on commandline
iptables-test.py: Try to unshare netns by default
libxtables: Extend MAC address printing/parsing support
xtables-arp: Don't use ARPT_INV_*
xshared: Merge some command option-related code
tests/shell: Test for fixed extension registration
extensions: dccp: Fix for DCCP type 'INVALID'
nft: Fix selective chain compatibility checks
nft: cache: Introduce nft_cache_add_chain()
nft: Implement nft_chain_foreach()
nft: cache: Move nft_chain_find() over
nft: Introduce struct nft_chain
nft: Introduce a dedicated base chain array
nft: cache: Sort custom chains by name
tests: shell: Drop any dump sorting in place
nft: Avoid pointless table/chain creation
tests/shell: Fix nft-only/0009-needless-bitwise_0
- Rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update fuse from 2.9.7 to 3.10.1
- Update also required by sshfs update
- Changelog is available at https://github.com/libfuse/libfuse/releases
- Build had to be changed from autools to meson/ninja
- Rootfiles changed
- namespace conflict fix patch no longer required. Fix now built into kernel.h
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.8.5 to 1.8.6
- Changelog info
Arturo Borrero Gonzalez (1):
xtables-translate: don't fail if help was requested
Giuseppe Scrivano (1):
iptables: accept lock file name at runtime
Jan Engelhardt (2):
doc: document danger of applying REJECT to INVALID CTs
build: resolve iptables-apply not getting installed
Maciej Żenczykowski (1):
libxtables: compiler warning fixes for NO_SHARED_LIBS
Pablo Neira Ayuso (4):
extensions: libxt_conntrack: provide translation for DNAT and SNAT --ctstate
iptables: replace libnftnl table list by linux list
iptables-nft: fix basechain policy configuration
configure: bump version for 1.8.6 release
Phil Sutter (31):
xtables-restore: Fix verbose mode table flushing
build: Fix for failing 'make uninstall'
xtables-translate: Use proper clear_cs function
tests: shell: Add help output to run-tests.sh
nft: Make table creation purely implicit
nft: Be lazy when flushing
nft: cache: Drop duplicate chain check
nft: Drop pointless nft_xt_builtin_init() call
nft: Turn nft_chain_save() into a foreach-callback
nft: Use nft_chain_find() in two more places
nft: Reorder enum nft_table_type
nft: Eliminate table list from cache
nft: Fix command name in ip6tables error message
tests: shell: Merge and extend return codes test
xtables-monitor: Fix ip6tables rule printing
nft: Fix for ruleset flush while restoring
Makefile: Add missing man pages to CLEANFILES
nft: cache: Check consistency with NFT_CL_FAKE, too
nft: Extend use of nftnl_chain_list_foreach()
nft: Fold nftnl_rule_list_chain_save() into caller
nft: Use nft_chain_find() in nft_chain_builtin_init()
nft: Fix for broken address mask match detection
extensions: libipt_icmp: Fix translation of type 'any'
libxtables: Make sure extensions register in revision order
libxtables: Simplify pending extension registration
libxtables: Register multiple extensions in ascending order
nft: Make batch_add_chain() return the added batch object
nft: Fix error reporting for refreshed transactions
libiptc: Avoid gcc-10 zero-length array warning
nft: Fix for concurrent noflush restore calls
tests: shell: Improve concurrent noflush restore test a bit
- Rootfiles updated
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- update from 3.2.8 to 3.3.16
This is also an update from procps to procps-ng
The previous version was no longer being maintained.
- Added autogen.sh into lfs as ity is needed to create the config script.
- Added libdir=/lib line into configure command as default is /usr/lib
- Added mv commands for kill, ps & sysctl to place them into the same locations
as the previous version of procps
- Moved lfsmake2 procps line to after pkg-config in make.sh
The autogen line requires autoconf, libtool, gettext and pkg-config
to be available so procps moved to after them.
- procps-3.2.8-fix_unknown_HZ_value.patch no longer required with new
version so removed.
- rootfile updated.
- libprocps library being maintained by the same people now maitaining this
version of procps.
- information on the releases from 3.3.13 to 3.3.16 available on
https://gitlab.com/procps-ng/procps/-/releases
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
More and more packages uses meson as build environment instead of
autotools or cmake.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This improves the usability of the zone configuration by marking assigned
NICs in the zone color. The highlighting is initially applied to the static
HTML output, and JavaScript is used to follow changes made by the user.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The pacificnew file has been dropped by IANA. Adding the "factory" file
makes sense to have a reasonable default in case the time zone is
unknown, which, however, should not happen in case of IPFire 2.x - just
trying to be consistent here.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Enable RDP and SIP parsers.
* Enable new introduced parsers for RFB and DCERPC.
Because HTTP2 support and parser currently is experimental the suricata
developers decided to disable it at default - we keep this default
setting for now.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
