[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfire-scm
Subject: [git.ipfire.org] IPFire 2.x development tree branch, core161, created. 191347cc465f81898540e6e07fb6c
From: Arne Fitzenreiter <git () ipfire ! org>
Date: 2021-11-17 6:59:37
Message-ID: 4HvDLx1xtxz2xpk () people01 ! haj ! ipfire ! org
[Download RAW message or body]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core161 has been created
at 191347cc465f81898540e6e07fb6c610d87af372 (commit)
- Log -----------------------------------------------------------------
commit 191347cc465f81898540e6e07fb6c610d87af372
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu Nov 4 08:04:20 2021 +0000
core161: add ovpnmain.cgi
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit cc79d2810fc81ddd1608803995ead2fe11276271
Author: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Wed Nov 3 19:18:55 2021 +0100
ovpnmain.cgi: Do not interpret $? as error code of move()
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 9d418afb8ce566f28efa56f01f584ed9cdb633d5
Merge: 844f40bee f8dce3555
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 31 13:48:29 2021 +0000
Merge branch 'next'
commit f8dce3555a028b7f97f7b57c17d6491467d582fe
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat Oct 30 18:06:36 2021 +0200
IO-Stringy: download from IPFire server
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 0049737e26cd40ab1c87c9f6251113e2fb68caea
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat Oct 30 14:54:53 2021 +0000
core161: remove dropped client175 addon
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 2d78849475f1c3ce33e10ae0890fe9187907b960
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Oct 29 19:11:34 2021 +0200
avahi: Install backup definition - bug#12714
- Addition of backup definition install into lfs file
- Update of rootfile
Fixes: 12714
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 71b06657f986715b23b7a5cfbdf1553d85a33eb7
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Oct 23 13:54:51 2021 +0200
backup definitions: housekeeping to remove orphaned definitions
- check_mk_agent, client175 & lcr are addons that have been removed so the backup
definitions are no longer required.
- dma is not a package but a core program and has its config backup requirements
built into the core backup include file so the addon backup definition is not
used or needed.
- No issues found in the build after these files were removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 8ca80092c2bc11d436e9c686fb5eb22cde682837
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 29 21:58:32 2021 +0200
core161: disconnect before replace pppd
after replacing a running pppd connectd is failing until next boot so stop pppd \
before updating.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 869d9788f12e690ce11308b637a52f918fb98829
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 29 17:14:49 2021 +0200
core161: delete more orphaned shared obbject files
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit f625c4207e62747cbfe2fd09fd0cf0851b131749
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 29 13:55:43 2021 +0200
core161: reconnect only if ppp is used
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 635e22e0241ee187d473df8a4d09e1d58c465a29
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 29 12:02:24 2021 +0200
core161: fix typo in path
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 3c2b8c6cd99466b8e4d101b48a2d56e7296b3139
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 29 10:07:15 2021 +0200
gcc: enable parallel build
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 09b36b16c3ababba14e0942a2c45593f0d353bff
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 29 10:06:23 2021 +0200
core161: reconnect after firewall restart
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 967e2973b4c8f264ebf8e134edf362b4975c3b8c
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 29 10:03:40 2021 +0200
kernel: armv6l rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit edb856c4af5dd4db50f0a10db4807d99e91e03d4
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu Oct 28 19:24:08 2021 +0200
core161: restart firewall to update IPSec nat exclude rule
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 4c19c5b6eccdcb6c6eb21184b0b6b6e98b965ebe
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu Oct 28 19:23:00 2021 +0200
core161: qosctrl need full path to start
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 409b263f9f5136ebc5a368142b752205c34f5de9
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Tue Oct 26 19:01:28 2021 +0200
Core Update 161: fix typo (stronswan != strongswan)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 832490f063f81a54ecb470caaa3fab8c3f73c12e
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu Oct 28 00:39:07 2021 +0200
kernel: update to 5.10.76
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit a7b4f847119660fd58a0da2652d56d5ffeff5e69
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 25 16:59:08 2021 +0000
general-functions: remove comment that system_output also in speed.cgi
this functions was removed from speed.cgi by reading kernel netowrk
statistics instead of parsing ip -s show ...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 95539a589e51dc2b0793ae58c1cd35f5fe858320
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sat Oct 23 14:44:56 2021 +0200
Remove orphaned ddns patches
These are no longer necessary, since ddns 0.14 comes with both of them
applied.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 642318cbaaea173d50315e8cbe3720ea1e79bb05
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Oct 23 18:49:01 2021 +0200
git: Update to version 2.33.1
- Update from 2.31.0 to 2.33.1
- Update rootfile
- Changelog is too long to show here. The details can be found in the 2.31.1.txt,
2.32.0.txt, 2.33.0.txt and 2.33.1.txt files in the Documentation/RelNotes
directory in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 9d72f4b05932ef53f95b621ea9a40cfd7255cee7
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Oct 23 18:49:32 2021 +0200
htop: Update to version 3.1.1
- Update from 3.0.5 to 3.1.1
- Update of rootfile not required
- Changelog is too long to include here. Full details can be found at
https://github.com/htop-dev/htop/blob/main/ChangeLog
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit b88f6c476b45c173db54ce31d59dc42202c56e34
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 25 16:55:26 2021 +0000
core161: add curl
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit be52d700f160b1201d83fb942a0280f3f2d0f16a
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon Sep 27 17:32:40 2021 +0200
curl: Update to version 7.79.1
- Update from 7.78.0 to 7.79.1
- Update of rootfile not required
- Changelog
Fixed in 7.79.1 - September 22 2021
Bugfixes:
Curl_http2_setup: don't change connection data on repeat invokes
curl_multi_fdset: make FD_SET() not operate on sockets out of range
dist: provide lib/.checksrc in the tarball
FAQ: add GOPHERS + curl works on data, not files
hsts: CURLSTS_FAIL from hsts read callback should fail transfer
hsts: handle unlimited expiry
http: fix the broken >3 digit response code detection
strerror: use sys_errlist instead of strerror on Windows
test1184: disable
tests/sshserver.pl: make it work with openssh-8.7p1
Fixed in 7.79.0 - September 15 2021
Changes:
bearssl: support CURLOPT_CAINFO_BLOB
http: consider cookies over localhost to be secure
secure transport: support CURLINFO_CERTINFO
Bugfixes:
CVE-2021-22945: clear the leftovers pointer when sending succeeds
CVE-2021-22946: do not ignore --ssl-reqd
CVE-2021-22947: reject STARTTLS server response pipelining
ares: use ares_getaddrinfo()
asyn-ares.c: move all version number checks to the top
auth: do not append zero-terminator to authorisation id in kerberos
auth: properly handle byte order in kerberos security message
auth: use sasl authzid option in kerberos
auth: we do not support a security layer after kerberos authentication
BINDINGS.md: update links to use https where available
build: fix compiler warnings
c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
c-hyper: fix header value passed to debug callback
c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
c-hyper: initial step for 100-continue support
c-hyper: initial support for "dumping" 1xx HTTP responses
c-hyper: remove the hyper_executor_poll() loop from Curl_http
CI/cirrus: reduce compile time with increased parallism
CI: use GitHub Container Registry instead of Docker Hub
cirrus: Add FreeBSD 13.0 job and disable sanitizer build
cmake: avoid poll() on macOS
cmake: sync CURL_DISABLE options
codeql: fix error "Resource not accessible by integration"
compressed.d: it's a request, not an order
config.d: escape the backslash properly
config.d: note that curlrc is used even when --config
config: get rid of the unused HAVE_SIG_ATOMIC_T et. al.
configure.ac: revert bad nghttp2 library detection improvements
configure: error out if both ngtcp2 and quiche are specified
configure: make --disable-hsts work
configure: set classic mingw minimum OS version to XP
configure: tweak nghttp2 library name fix
connect: get local port + ip also when reusing connections
connect: remove superfluous conditional
curl-openssl.m4: check lib64 for the pkg-config file
curl-openssl.m4: show correct output for OpenSSL v3
curl.1: mention "global" flags
curl.1: provide examples for each option
curl: add warning for ignored data after quoted form parameter
curl: add warning for incompatible parameters usage
curl: better error message when -O fails to get a good name
curl: stop retry if Retry-After: is longer than allowed
curl_easy_setopt.3: improve the string copy wording
Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
curl_setup.h: sync values for HTTP_ONLY
curl_url_get.3: clarify about path and query
CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
CURLOPT_SSL_CTX_*.3: tidy up the example
CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
docs/MQTT: update state of username/password support
docs: remove experimental mentions from HSTS and MQTT
docs: the security list is reached at security at curl.se now
easy: use a custom implementation of wcsdup on Windows
examples/*hiperfifo.c: fix calloc arguments to match function proto
examples/cookie_interface: avoid printfing time_t directly
examples/cookie_interface: fix scan-build printf warning
examples/ephiperfifo.c: simplify signal handler
FAQ: add two dev related questions
getparameter: fix the --local-port number parser
happy-eyeballs-timeout-ms.d: polish the wording
hostip: Make Curl_ipv6works function independent of getaddrinfo
http2: Curl_http2_setup needs to init stream data in all invokes
http2: revert a change that broke upgrade to h2c
http2: revert call the handle-closed function correctly on closed stream
http: disallow >3-digit response codes
http: ignore content-length if any transfer-encoding is used
http_proxy: clear 'sending' when the outgoing request is sent
http_proxy: fix the User-Agent inclusion in CONNECT
http_proxy: fix user-agent and custom headers for CONNECT with hyper
http_proxy: only wait for writable socket while sending request
INTERNALS: bump c-ares requirement to 1.16.0
INTERNALS: c-ares has a new home: c-ares.org
lib: don't use strerror()
libcurl-errors.3: clarify two CURLUcode errors
limit-rate.d: clarify base unit
mailing lists: move from cool.haxx.se to lists.haxx.se
mbedtls: avoid using a large buffer on the stack
mbedTLS: initial 3.0.0 support
mbedtls_threadlock: fix unused variable warning
mksymbolsmanpage.pl: Fix showing symbol's last used version
mksymbolsmanpage.pl: match symbols case insenitively
multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
ngtcp2: compile with the latest ngtcp2 and nghttp3
ngtcp2: fix build with ngtcp2 and nghttp3
ngtcp2: remove the acked_crypto_offset struct field init
ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
ngtcp2: reset the oustanding send buffer again when drained
ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
ngtcp2: stop buffering crypto data
ngtcp2: utilize crypto API functions to simplify
openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
openssl: when creating a new context, there cannot be an old one
opt-docs: make sure all man pages have examples
opt-docs: verify man page sections + order
opts docs: unify phrasing in NAME header
output.d: add method to suppress response bodies
page-header: add GOPHERS, simplify wording in the 1st para
progress: fix a compile warning on some systems
progress: make trspeed avoid floats
runtests: add option -u to error on server unexpectedly alive
schannel: Work around typo in classic mingw macro
scripts: invoke interpreters through /usr/bin/env
setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
strerror.h: remove the #include from files not using it
symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
test1138: remove trailing space to make work with hyper
test1173: check references to libcurl options
test1280: CRLFify the response to please hyper
test1565: fix windows build errors
test365: verify response with chunked AND Content-Length headers
tests/*server.pl: flush output before executing subprocess
tests/*server.py: remove pidfile on server termination
tests/runtests.pl: cleanup copy&paste mistakes and unused code
tests/server/*.c: align handling of portfile argument and file
tests: adjust the tftpd output to work with hyper mode
tests: be explicit about using 'python3' instead of 'python'
tests: enable test 1129 for hyper builds
tests: make three tests pass until 2037
tool/tests: fix potential year 2038 issues
tool_operate: Fix --fail-early with parallel transfers
url: fix compiler warning in no-verbose builds
urlapi.c:seturl: assert URL instead of using if-check
vtls: fix typo in schannel_verify.c
winbuild/README.md: clarify GEN_PDB option
wolfssl: clean up wolfcrypt error queue
write-out.d: clarify size_download/upload
x509asn1: fix heap over-read when parsing x509 certificates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit c04ebdccee35ddac7cc483efb182982f7345052f
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 25 16:52:15 2021 +0000
core161: add strongswan changes to update.
this core also stops strongwan before extracting because the updown script
is changed.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit c4c756333578fc43d7f712cbc262fc3f3bf1fc52
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sat Oct 23 14:49:52 2021 +0200
strongSwan: update to 5.9.4
Release notes as per https://github.com/strongswan/strongswan/releases/tag/5.9.4:
Fixed a denial-of-service vulnerability in the gmp plugin that was caused by \
an integer overflow when processing RSASSA-PSS signatures with very large salt \
lengths. This vulnerability has been registered as CVE-2021-41990. Please refer to \
our blog for details. Fixed a denial-of-service vulnerability in the in-memory \
certificate cache if certificates are replaced and a very large random value caused \
an integer overflow. This vulnerability has been registered as CVE-2021-41991. \
Please refer to our blog for details. Fixed a related flaw that caused the daemon to \
accept and cache an infinite number of versions of a valid certificate by modifying \
the parameters in the signatureAlgorithm field of the outer X.509 Certificate \
structure. AUTH_LIFETIME notifies are now only sent by a responder if it can't \
reauthenticate the IKE_SA itself due to asymmetric authentication (i.e. EAP) or the \
use of virtual IPs.
Several corner cases with reauthentication have been fixed (48fbe1d, 36161fe, \
0d373e2).
Serial number generation in several pki sub-commands has been fixed so they \
don't start with an unintended zero byte (#631). Loading SSH public keys via vici \
has been improved (#467).
Shared secrets, PEM files, vici messages, PF_KEY messages, swanctl configs \
and other data is properly wiped from memory.
Use a longer dummy key to initialize HMAC instances in the openssl plugin in \
case it's used in FIPS-mode (#557).
The --enable-tpm option now implies --enable-tss-tss2 as the plugin doesn't \
do anything without a TSS 2.0.
libtpmtss is initialized in all programs and libraries that use it.
Migrated testing scripts to Python 3.
The testing environment uses images based on Debian bullseye by default \
(support for jessie was removed).
To my understanding, IPFire is not affected by CVE-2021-41990, as we do
not support creation of IPsec connections using RSASSA-PSS (please
correct me if we do :-). In contrast, CVE-2021-41991 affects IPFire
installations indeed.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit aa60fd7b3e61aeb08c68b67f615f8c94e6545447
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 25 18:43:45 2021 +0200
strongswan: remove unneded -j RETURN rules
after removimg the mark rules this rules are useless because they should skip \
expensive policy matches that now are removed.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 98d78fa824fd30a9bc2b90f7d3831ff20c9997b4
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 25 15:46:07 2021 +0200
makeqosscript: fix typo in comment.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit a38c882bfb59d5b359b22df3d97f3ed88f497d93
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 25 13:45:39 2021 +0200
strongswan: remove CONNMARK rules.
the marks are not used by firewall and QoS anymore.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit a8dd6e98ba04b8dc0e7642beab16c9efeaee6e33
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 25 12:58:10 2021 +0200
speed.cgi: replave parsing of ip show output
latest ipfroute2 update change the output so this repkace it by reading \
/sys/class/net/*/statistics
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 36b00b8ed130601a9aab14036c81c2ea788aa000
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 25 11:42:16 2021 +0200
makeqosscript: replace marks b< ipt policy match for upsec
this is more reliable at not loose some connections.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 66bc17dcc16f465fed435f366a8ccf01c6e6d814
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 24 17:06:34 2021 +0200
iproute2: build after iptables to get ipt filters for tc
to proper filter IPSec im QoS without using mark or connmark i need ipt filters
for tc which are only build if iptables are build prior iproute2.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 572249bbf385d09dad98d0359921f96220a87c9f
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 24 12:13:20 2021 +0000
core161: add iproute2
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 05b6dd44bef2f8a2cc4827533a6ff070a8852b8e
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Sep 7 13:03:22 2021 +0200
iproute2: Update version to 5.14.0
- Update from 5.13.0 to 5.14.0
- Update rootfile
- Changelog
Alexander Mikhalitsyn (2):
ip route: ignore ENOENT during save if RT_TABLE_MAIN is being dumped
libnetlink: check error handler is present before a call
Andrea Claudi (9):
tc: q_ets: drop dead code from argument parsing
lib: bpf_legacy: avoid to pass invalid argument to close()
dcb: fix return value on dcb_cmd_app_show
dcb: fix memory leak
tipc: bail out if algname is abnormally long
tipc: bail out if key is abnormally long
tc: htb: improve burst error messages
lib: bpf_legacy: fix potential NULL-pointer dereference
lib: bpf_glue: remove useless assignment
Ariel Levkovich (2):
tc: f_flower: Add option to match on related ct state
tc: f_flower: Add missing ct_state flags to usage description
Asbjørn Sloth Tønnesen (2):
tc: pedit: parse_cmd: add flags argument
tc: pedit: add decrement operation
Christian Schürmann (1):
man8/ip-tunnel.8: fix typo, 'encaplim' is not a valid option
David Ahern (6):
Update kernel headers
Update kernel headers
config.mk: Rerun configure when it is newer than config.mk
Update kernel headers
Update kernel headers
Import wwan.h uapi file
Dmytro Linkin (3):
devlink: Add helper function to validate object handler
devlink: Add port func rate support
devlink: Add ISO/IEC switch
Eric Dumazet (1):
tc: fq: add horizon attributes
Feng Zhou (1):
lib/bpf: Fix btf_load error lead to enable debug log
Gal Pressman (2):
rdma: update uapi headers
rdma: Add copy-on-fork to get sys command
Gokul Sivakumar (3):
bridge: reorder cmd line arg parsing to let "-c" detected as "color" option
bridge: fdb: don't colorize the "dev" & "dst" keywords in "bridge -c fdb"
man: bridge: fix the typo to change "-c[lor]" into "-c[olor]" in man page
Guillaume Nault (1):
utils: bump max args number to 512 for batch files
Hangbin Liu (3):
configure: add options ability
configure: convert LIBBPF environment variables to command-line options
ip/bond: add arp_validate filter support
Heiko Thiery (1):
lib/fs: fix issue when {name,open}_to_handle_at() is not implemented
Hoang Le (1):
tipc: call a sub-routine in separate socket
Jacob Keller (1):
devlink: fix infinite loop on flash update for drivers without status
Jakub Kicinski (3):
ip: align the name of the 'nohandler' stat
ip: dynamically size columns when printing stats
ss: fix fallback to procfs for raw sockets
Jethro Beekman (1):
ip: Add nodst option to macvlan type source
Jianguo Wu (1):
mptcp: make sure flag signal is set when add addr with port
Lahav Schlesinger (1):
ipmonitor: Fix recvmsg with ancillary data
Martynas Pumputis (1):
libbpf: fix attach of prog with multiple sections
Neta Ostrovsky (3):
rdma: Update uapi headers
rdma: Add context resource tracking information
rdma: Add SRQ resource tracking information
Paolo Lungaroni (2):
seg6: add counters support for SRv6 Behaviors
seg6: add support for SRv6 End.DT46 Behavior
Parav Pandit (2):
devlink: Add optional controller user input
devlink: Show port state values in man page and in the help command
Peilin Ye (1):
tc/skbmod: Remove misinformation about the swap action
Phil Sutter (1):
tc: u32: Fix key folding in sample option
Roi Dayan (2):
police: Add support for json output
police: Fix normal output back to what it was
Sergey Ryazanov (2):
iplink: add support for parent device
iplink: support for WWAN devices
Stephen Hemminger (6):
lib: remove blank line at eof
uapi: update kernel headers from 5.14-rc1
libnetlink: cosmetic changes
uapi: headers update
uapi: update neighbour.h
v5.14.0
Tyson Moore (1):
tc-cake: update docs to include LE diffserv
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 10941827dbf9dd415a3da8864b09098517e5aef4
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sat Oct 23 08:01:51 2021 +0200
Core Update 161: Delete shared object files leftover from pppd 2.4.8
Rolled forward from commit 488e29e033097eadabd152e97022b71c21e6a414.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 01141196f6789e14c9d57e673cfeac63b9e348f5
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 16:18:46 2021 +0000
core161: ship azure-setup
with core158 was a bug fixed that local hyperV installations wait to long
for the metadata service for azure but it was not shipped to existing
installations.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 80a1f805912314e77cc4ed95d2a37069f4795785
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 16:16:32 2021 +0000
core161: add speed.cgi
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 110d4c81060c6663cdb562ee10afc7626c2d489b
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 10:05:32 2021 +0200
speed.cgi: reduce system load by copying two general-functions.
include general-functions.pl load and initialize many subfunctions that are not
needed by speed.cgi which was executed very often.
So this reduce the system load significant if webif was open in browser
and ajax-speed display enabled.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 6befc952cc9f71d314f696dc2621120d705e8220
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Oct 22 15:37:27 2021 +0200
minidlna: Add backup capability - bug#12710
- Backup definition missing - created ro backup config file
- Update of rootfile
- Addition of backup definition install into lfs file
- Addition of restore and backup statements into install.sh and uninstall.sh pak \
scripts
Fixes: 12710
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit ada4f4cc99efe7229e465bb86c51bd60c4abf64d
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 16:11:35 2021 +0000
core161: add gd changes
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 5f965f36f0bf8f4ae6f6341d9b59ce306ed0883b
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 23 14:24:51 2021 +0200
GD-Graph: Update to version 1.54
- Update from 1.4308 (2006) to 1.54 (2016 - latest version)
- Update of rootfile not required
- Changelog
1.54 21 Nov 2016
- Disable two Y axes alignment when any y[12]_{min,max}_value is defined
RT#62665
1.53 08 Jul 2016
- Fix 'Illegal division by zero' when x_min_value and x_max_value
are defined and x_tick_number set to 'auto' RT#73185
Thanks to Bob Rogers, https://github.com/ruz/GDGraph/pull/12
1.52 28 Jan 2016
- y1_min_range and y2_min_range instead of min_range_1 and min_range_2,
niether were documented before.
- Update documentation in regards to all *_min_range options available.
1.51 27 Dec 2015
- fix shadows rendering on cumulative bar charts
thanks to https://github.com/Tordek
see https://github.com/ruz/GDGraph/pull/4
1.50 27 Dec 2015
- run samples as part of test suite to make sure no sample crashes
thanks to https://github.com/tynovsky
- properly define test requirements using newer MakeMaker
1.49 11 Mar 2015
- fix to Z-axis color filling in 3D pie charts (Debian Bug #489184)
- bump ExtUtils::MakeMaker dependency
- tiny improvement in the code of the samples
1.48 02 Aug 2013
- no code changes, just release enginering cleanup
- adjust MANIFEST.SKIP file so MANIFEST can be generated
once again
- ship sample58.pl file, so `make samples` stop failing
- mention the current and past maintainers in META files
as authors
- use newer CPAN::Meta and ExtUtils::MakeMaker, older
versions generated META files without runtime prerequisites
1.47 28 Jun 2013
- experimental hide_overlapping_values option for bar graphs
1.46 26 Jun 2013
- This release is based on old work by Martien that was sitting
in his repo
- x_last_label_skip option
- new samples and tweaks to old
1.45 21 Jun 2013
- read DISTRIBUTION STATUS in perldoc GD::Graph
- no code changes since 1.44
1.44 25 Apr 2007
- Patched bugs 21610, 20792, 20802, 23755 and 22932
- Updated POD to clarify current maintenance status, and encourage
bug reporting via RT (and to point out some external help resources)
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 6cdc5164ff8365896fcd1ddb1fff6f5716b92a9a
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 23 14:24:50 2021 +0200
ExtUtils-PkgConfig: Build of this required for latest version of perl-GD
- ExtUtils-PkgConfig is required when building perl-GD
- lfs and rootfile created
- All rootfile entries commented out as only required for building of perl-GD
- added to make.sh file just before perl-GD
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 0aca0b419f827b33904306e2cce9f7ec2313daf6
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 23 14:24:49 2021 +0200
perl-GD: Update to version 2.73
- Update from 2.35 (2006) to 2.73 (2020)
- Update of rootfile
- Updated version of perl-GD required ExtUtils-PkgConfig for build. Seperate \
patch to build that is part of this series
- Changelog
2.73 * allow --options override the libgd options. Not recommended.
See GH #33 and RT #130045
2.72 * fix CVE 2019-6977 colorMatch for older unpatched libgd versions.
This is a severe security problem, an exploitable heap-overflow.
See https://nvd.nist.gov/vuln/detail/CVE-2019-6977
2.71 * skip Test::Fork on freebsd (GH #25)
2.70 * fixes for hardened CCFLAGS with -Werror (RT #128167)
2.69 * little spelling error, GH #29 Xavier Guimard
2.68 * fix GD::Polygon->clear, RT #124463 Michael Cain
2.67 * fix thread-safety for GD::Simple %COLORS (#26 melak)
* fix arc start-angle docs, RT #123277 Andrew G Gray
* improve setBrush docs, RT #123194 Andrew G Gray
* improve StringFT docs, RT #123193
* replace MacOSX by darwin, and not by Mac OS X/macOS as suggested
in PR #24
* add GD::Image->_file method as suggested in RT #60488 by Kevin Ryde,
also the helper GD::supportsFileType
2.66 * throw proper error on newFrom* with not-existing file
* add t/transp.t from RT #40525
* Improve RT #54366 multiple gd.h warning
* better doc for GD::Simple->arc
* fix ANIMGIF with libgd 2.3.0-dev
2.65 * fix --gdlib_config_path to accept an argument (fperrad)
2.64 * Update doc for LIBGD_VERSION()
* Fix 5.6.2, which does not have float in its typemap
2.63 * renamed VERSION() to LIBGD_VERSION(), RT #121307.
It was treated magically by "use GD 2.18"
2.62 * fixed wrong <5.14 code generated with ExtUtils::Constants
RT #121297. Don't generate const-xs.inc, only when missing.
* add -liconv on hpux also (our pkgconfig parser cannot handle it)
2.61 * add CONFIGURE_REQUIRES META
* add --gdlib_config_path
* add Image Filters: scatter, pixelate, negate, grayscale, brightness,
contrast, color, selectiveBlur, edgeDetectQuick, gaussianBlur, \
emboss, meanRemoval, smooth, copyGaussianBlurred
* add palette methods: createPaletteFromTrueColor,
neuQuant (but discouraged), colorMatch.
* add interpolation methods: copyScale, copyRotateInterpolated,
interpolationMethod.
* add double GD::VERSION
* add all gd.h constants
2.60 * add missing methods newFromWBMP, newFromXbm,
(RT #68784) and some missing docs
* Add --lib_fontconfig_path, --fcgi options
* rewrote most of the XS code
* cleanup Makefile.PL #20
2.59 * error on failing libgd calls
* fix colorClosestAlpha, colorAllocateAlpha
* add missing documentation
2.58 * fix VERSION_STRING for 2.0.x
* honor --lib_gd_path specific gdlib-config
* Loosen the comparison tests with GDIMAGETYPE ne gd2
* Improve gdlib-config parsing (PR #17), esp. with 2.0.34
2.57 * fix Jpeg magic number detection RT #26146
* fix RGB - HSV roundtrips: RT #120572 by J2N-FORGET
* fix -print-search-dirs errors RT #106265
* co-maint to rurban
* add hv_fetchs, CI smokers
* add GD::VERSION_STRING api
2.56_03 * add alpha method
* improve option handling
* fix meta data
2.56_02 * fix feature extraction >= 2.2 [RT #119459]
2.56_01 * rm Build.PL, fix permissions, fix for missing gdlib-config
2.56 * Fix Makefile.PL so that it works again.
2.55 * Great simplification of regression framework ought to fix make test \
problems.
* Replace ExtUtils::MakeMaker script with Module::Build system
(just in time for Module::Build to be deprecated).
* Remove archaic qd.pl (for creating QuickDraw picts) from distribution.
2.54 Patch from yurly@unet.net to fix image corruption in rotate180 when \
image height is odd.
2.53 Points to Gabor Szabo's GD::Simple tutorial, and fix link to \
repository. 2.52 Fix regression tests to run on Ubuntu 12.04 64bit.
2.51 Fix misleading warning message about location of gd.h file.
2.50 Fix gdUseFontConfig so that it can be called as a class method.
2.49 Add GitHub information to README.
2.48 Fix compile crash on windows and strawberry \
(https://rt.cpan.org/Public/Bug/Display.html?id=67990). 2.47 Fix compilation on \
older perl's without the Newxz macros. 2.46 Added a basic "use" test for \
GD::Simple
2.45 Clarified the GD license. There is now a formal LICENSE file in the \
package. 2.44 GD::Group now installed properly.
Quenched compiler warning caused by Newxs() calls.
2.43 Added "transparent" color to GD::Simple.
Fixed Makefile so that GD/Image.pm depends both on GD/Image.pm.PLS and \
.config.cache
2.42 Fixed magic number detection to autodetect certain missed jpeg files \
(thanks to Mike Walker)
2.41 Added backend support for grouping features in GD::SVG module.
2.40 ** Do not use - contains a bug **
2.39 Makefile.PL will refuse to run if the proper version of libgd is \
unavailable.
2.38 Fixed bizarre warning about /usr/include/gd.h != /usr/include/gd.h.
2.37 GD/Image.pm did not bring in croak() properly, meaning that incorrect \
error messages are printed out when any of the newFromXXX() calls are made. 2.36 \
Instructions on using gdAntiAliased with palette images.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 5f71d0a6bf369719e2456c2ffe34e4ac2b103e94
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 23 14:24:48 2021 +0200
gd: Update to version 2.3.3
- Update from 2.0.33 (2006) to 2.3.3 (Sep 2021)
- Updating gd requires GD-Graph and perl-GD to be updated otherwise the png \
graphs didn't work so all required changes are part of this patch series
- Update rootfile
- Dependencies checked from library so bump. Nothing found.
- Changelog is too large to include here.
For full details see https://github.com/libgd/libgd/releases
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 726891607b32908e8f757d941b5202387c90ca89
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 16:00:49 2021 +0000
core161: add backup exclude
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit d2c2025b3d0271d3afdccc43b550a07b59480c94
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed May 26 12:43:01 2021 +0200
backup/exclude: unbound is missing hosts.conf include after restoring a backup of \
an older version
- Added unbound.conf to backup/exclude list to fix bug #12441
Fixes: #12441
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit bca0fb81476b3ca5b7352435e38a06a7dd1332b0
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 15:56:53 2021 +0000
core161: add ppp changes
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 52764dbe7f6439045040ab35719953cf178063b9
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Wed Jul 7 21:49:35 2021 +0200
Tell pppd not to ask for IPv6 addresses during dial-up
pppd 2.4.9 supports IPv6 and asks for an IPv6 configuration by default.
Setting the received prefix in the kernel will never work, however, as
the rest of IPFire 2.x does not support IPv6.
pppd notices the ISP about this, and at least Otenet (GR) and British
Telecom (several countries) decide to close a dial-up connection then.
German DTAG seems to ignore such errors silently.
This patch adds an option to the pppd call to prevent asking for an
IPv6 configuration, hence avoiding this errors.
To apply this patch, it is necessary to ship ppp 2.4.9 again. Since I
have no access to a testing machine behind an ISP supporting IPv6, this
patch unfortunately is untested.
Fixes: #12651
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit aa45d923ebc396fdbe4a95db3d54457bd55fd20e
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Wed Jul 7 21:49:11 2021 +0200
Revert "Revert "ppp: update to 2.4.9""
This reverts commit 2d6e633d7f20bd94cbc36880049d2599e93bdaf3.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit d6f10036654c1f0a6457fd5a67e144f64e7280e5
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sun Sep 5 22:45:05 2021 +0200
cups-filters: Update to version 1.28.10
- Update from 1.28.9 to 1.28 10
- Update rootfile
- Changelog
CHANGES IN V1.28.10
- Sample PPDs: Add borderless page size definitions to Generic
PDF Printer, HP Color LaserJet CM3530 MFP PDF, and Ricoh PDF
Printer PPD files.
- Sample PPDs: From the PDF PPD files removed the unneeded
"*cupsFilters2: ..." line. For CUPS it does not make any
difference.
- libcupsfilters: Fixed pdftopdf filter to correctly support
page ranges without upper limit, like "10-" (Pull request
#399).
- libcupsfilters: Use wildcard tag (IPP_TAG_ZERO) search for
"media-type" and "media-type-supported" in the PPD
generator (Pull request #398).
- implicitclass, parallel: Added missing newlines at error
messages.
- libfontembed: Removed unneeded fontembed/main.c and ttfread
executable. Eliminates the dependency on DejaVuSans.ttf
(Issue #386).
- gstoraster: Refactor the filter a little to clarify handling
of page counts and set job-impressions for TotalPageCount in
PWG-Raster header (Pull request #394).
- cups-browsed: Make NotifLeaseDuration configurable and renew
after half the lease duration not 60 sec before end. The
early renewal improves reliability on busy systems a
lot. For easier development and debugging short durations
from 300 sec on can get selected (Pull request #378).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 64aa254af13f6164e8c441f1ed43b838580064cd
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Mon Sep 20 17:08:18 2021 +0200
monit 5.29.0: Bump forgotten PAK_VER
Thanks Adolf! ;-)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit e01dd97b5c08f90249894e9b0ef7e29543a057b7
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Sat Sep 18 16:11:10 2021 +0200
monit: Update to 5.29.0
For details see:
https://mmonit.com/monit/changes/
New: Issue #715: The PostgreSQL protocol test has been improved and
now supports authentication with username, password and database
when testing connection. Example:
if failed port 5432
protocol pgsql username "username" password "12345" database "test"
then alert
Previous Monit versions used hardcoded credentials when testing
connection to postgresql (user=root and database=root). This could
trigger thousands of messages like this in the postgresql log:
root@root FATAL: password authentication failed for user "root"
root@root DETAIL: Role "root" does not exist.
Note: Monit will continue to use the hardcoded credentials (for
backward compatibility) unless username and password are set.
New: Issue #973: You can now test program output using a regular
expression. Syntax:
IF CONTENT [!]= <regex> THEN action
Example:
check program disk0_smart with path "/usr/sbin/nvme smart-log /dev/nvme0"
if content != "critical_warning[ ]+: 0" then alert
New: Issue #974: Monit CLI: Added support for the -g (group) option
to the report command. Example:
monit -g database report
Fixed: Issue #991 (Monit 5.28.1 regression): MacOS: Monit didn't
compile on MacOS 10.13 or older. Thanks to Lutz Mader.
Fixed: Issue #994 (Monit 5.28.1 regression): The check program
statement with every did not work properly.
Fixed: Issue #995: Monit start delay was vulnerable to time jumps
when Monit is waiting for the delay to pass. Thanks to Daniel Crowe.
Fixed: Issue #975: Monit CLI: Monit did not report a warning if -s,
-p, -l, -g or -c command-line options were specified multiple times
and silently used the last value only. Monit will generate a warning
now.
Fixed: Issue #972: Monit GUI: The log view had no size limit when
reading the Monit log file and could block the browser if the log
file was large.
Fixed: Issue #955: If more than one every statement is used in
a check-service context only the last value is (silently) used.
We now report a warning in this case.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 448649ae645c285d04294773fc60ea1510cfe029
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Sep 28 23:21:16 2021 +0200
shairport-sync: Update to version 3.3.8
- Update from 3.3.7 to 3.3.8
- Update of rootfile not required
- Changelog
Version 3.3.8
**Enhancements**
* Documentation for the MQTT interface. Many thanks to \
[minix1234](https://github.com/minix1234)!
**Bug Fixes**
* Fix a bug in the `alsa` back end. In the interval between checking that \
the alsa
device handle was non-`NULL` and actually using it, the handle could be \
set to
`NULL`. The interval between check and usage is now protected.
* Fix a bug in the `alsa` precision timing code. Thanks to
[durwin99](https://github.com/durwin99),
[Nicolas Da Mutten](https://github.com/cleverer),
[mistakenideas](https://github.com/mistakenideas),
[Ben Willmore](https://github.com/ben-willmore) and
[giggywithit](https://github.com/giggywithit) for the
[report](https://github.com/mikebrady/shairport-sync/issues/1158).
* Fix a bug that caused Shairport Sync to hang, but not actually crash, if \
an `on-...` script failed.
* Fix a crash that occurred if metadata support is enabled during \
compilation but turned off in the configuration file. Thanks to
[Tim Curtis](https://github.com/moodeaudio) for the report.
* Fix a crash that occurred playing from AirPower on Android. Thanks to
[Ircama](https://github.com/Ircama) for the report.
* Fix the configure.ac file so that `--without-<feature>` configuration \
options
are not interpreted as `--with-<feature>` options instead! Thanks to
[David Racine](https://github.com/bassdr) for the report.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 725d6a49169d779efe2493478f9c4a7c2e9b8f45
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 10:45:26 2021 +0000
core161: add logwatch
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 1c71ff6b2ccde8383529ed26937e1cd21f4cce08
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Oct 6 15:48:35 2021 +0200
logwatch: mdadm status missing - Fix for Bug 12080
- Addition of mdadm module to logwatch
- Addition of logwatch to sudoers list to run mdadm commands
- patch to change logwatch mdadm.conf to allow scan for raid drives, change mdadm \
script
to run mdadm scan commands with sudo, allow clean but degraded drives to be \
listed in the output.
Fixes: 12080
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 4ee445ce44e801c5746e05f06ffa7d05932fdee7
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Oct 20 22:28:43 2021 +0200
ghostscript: Update to version 9.55.0
- Update from 9.54 to 9.55.0
- Update rootfile
- Changelog
Version 9.55.0 (2021-09-27)
Highlights in this release include:
This release includes the fix for the %pipe% security issue \
(CVE-2021-3781).
New PDF Interpreter: This is an entirely new implementation written in C \
(rather
than PostScript, as before). For a full discussion of this change and \
reasons for it see: Changes Coming to the PDF Interpreter.
In this (9.55.0) release, the new PDF interpreter is disabled by default \
in
Ghostscript, but can be used by specifying -dNEWPDF. We hope to make it \
the
default in 9.56.0, and fully deprecate the PostScript implementation \
shortly after that (depending on the feedback we get).
This also allows us to offer a new executable (gpdf, or gpdfwin??.exe on \
Windows)
which is purely for PDF input. For this release, those new binaries are \
not
included in the "install" make targets, nor in the Windows installers \
(they will be from 9.56.0 onwards).
We would ask that as many users as possible take the opportunity to test \
with the
new PDF implementation (i.e. using -dNEWPDF on your gs command line), and \
discuss
any problems with us, before the new implementation becomes the default.
The pdfwrite device now supports "passthrough" for JPX/JPG2000 data images \
(as
well as the already supported JPEG/DCT Encoded). That means that if no \
rescaling
or color conversion of the image data is required, the encoded/compressed \
image
data from the input file will be written unchanged to the output, \
preventing
potential image degradation caused by decompressing and recompressing.
The Ghostscript/GhostPDL demo apps for C, C#, Java and Python have all had
improvements and the C#/Java/Python language bindings have now been \
documented, see Ghostscript Language Bindings
The Zugferd compliant PDF generating definitions (lib/zugferd.ps) have \
been
updated and expanded to support the current version (2.1.1) of the \
Zugferd spec, and optionally different versions of the specification.
The PCL/m output devices now support Duplex/Tumble.
The internal support for "n-up" style simple imposition (introduced in \
9.54.0) has
been extended and improved for better support across all input formats.
Ghostscript now supports object specific halftone - for example, different
halftones can be specified for text and images, reflecting the differing \
needs of rendering those two types of object.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental \
improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR \
engine. In
such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which \
render
the output file to an image, OCR that image, and output the image \
"wrapped" up as
a PDF file, with the OCR generated text information included as \
"invisible" text (in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from \
source
included in our release packages, and not linking to Tesseract/Leptonica \
shared
libraries. Whether we add this capability will be largely dependent on \
community demand for the feature.
See Enabling OCR for more details.
For a list of open issues, or to report problems, please visit \
bugs.ghostscript.com. Incompatible changes
(9.55.0) Changes to the device API. This will affect developers and \
maintainers of
Ghostscript devices. Firstly, and most importantly, the way \
device-specific
"procs" are specified has been rewritten to make it (we think!) clearer \
and less
confusing. See The Interface between Ghostscript and Device Drivers and \
The Great Device Rework Of 2021 for more details.
(9.55.0) The command line options -sGraphicsICCProfile=___, \
-dGraphicsIntent=#,
-dGraphicsBlackPt=#, -dGraphicsKPreserve=# have been changed to
-sVectorICCProfile=___, -dVectorIntent=#, -dVectorBlackPt=#,
-dVectorKPreserve=#.
From 9.55.0 onwards, in recognition of how unwieldy very large HTML files \
can become
(History9.html had reached 8.1Mb!), we intend to only include the summary
highlights (above).
For anyone wanting the full details of the changes in a release, we ask them \
to look
at the history in our public git repository: ghostpdl-9.55.0 log.
If this change does not draw negative feedback, History?.htm file(s) will be \
removed from the release archives.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 0df914ef30b67a45f59ff8d02cddd76245d64953
Author: Stéphane Pautrel <steph78630@gmail.com>
Date: Wed Oct 20 09:21:36 2021 +0000
lang: Update French translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 9a93f07dae62990610d0b7168e83767e907803e4
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Oct 20 09:21:35 2021 +0000
Run "./make.sh lang"
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit dbd455ef936277aae9cf4d7d7294f0ceca495b84
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed Oct 20 17:46:37 2021 +0000
make.sh: Rewrite uploadsrc with rsync
Instead of having a very dodgy diff of filelists, this rsync call does
everything automatically and only requires authentication once.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 65710b528a73425a86b286c982130457f3a7d7f4
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Oct 8 15:43:49 2021 +0200
pcengines-apu-firmware: Update to version 4.14.0.4
- Update from 4.14.0.2 to 4.14.0.4
- Update of rootfile
- Changelog
v4.14.0.4 Release date: 2021-09-17
Changed:
Rebased with official coreboot repository commit d9f5d90
Enabled EHCI controller by default on apu3-apu6 platforms
Updated sortbootorder to v4.6.22
Added:
Safeguard against setting watchdog timeout too low
Known issues:
apuled driver doesn't work in FreeBSD. Check the GPIOs document for \
workaround.
Some PCIe cards are not detected on certain OSes and/or in certain mPCIe \
slots. Check the mPCIe modules document for solution/workaround.
Booting with 2 USB 3.x sticks plugged in apu4 sometimes results in \
detecting only 1 stick
Certain USB 3.x sticks happen to not appear in boot menu
Booting Xen is unstable
v4.14.0.3 Release date: 2021-08-06
Changed:
Rebased with official coreboot repository commit c049c80
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit f85e3493ac71b05d9c5499d8b08b4aaa87c548f5
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 10:23:41 2021 +0000
core161: add ca-certificates
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 82c53ef9df7eb0ab75d8d5be42206f14e2b703f1
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sat Sep 25 11:41:29 2021 +0200
update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.
The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 76f36a621d1ec83b3a998c600b7bb92f40a88cf0
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sat Sep 25 09:09:00 2021 +0200
Tor: Bump package version
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 91aa257ed732cfa881740310d659db7554bece3d
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sat Sep 25 09:08:42 2021 +0200
Tor: Do not try to support IPv6 for Directory and OR ports
We currently don't have IPv6 in vanilla IPFire 2.x installations, hence
there is no sense in letting Tor finding out IPv6 connectivity.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit fb4e1d53a0f079a82717203d0ff7eeea7d0c6162
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sat Sep 25 09:08:22 2021 +0200
Tor: Use crypto hardware acceleration if available
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 0b6a2e761bc14d90725beda5b31f1637a599d163
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sat Sep 25 09:07:58 2021 +0200
Tor: Enable syscall sandbox
This makes post-exploitation activities harder, in case the local Tor
instance has been compromised. It is worth noticing that Tor won't
respond to a "GETINFO address" command on the control port if sandboxed,
but our CGI does not make use of it, and neither is any legitimate
service on IPFire doing so.
Tested on a small middle relay running on an IPFire machine.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 0e0c1a8aec13c626b905e97531a2f3f1b5d31e9b
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Sep 11 12:57:09 2021 +0200
krb5: Update to version 1.19.2
- Update from 1.19.1 to 1.19.2
- Update of rootfile not required
- Changelog
Major changes in 1.19.2 (2021-07-22)
This is a bug fix release.
* Fix a denial of service attack against the KDC encrypted challenge
code [CVE-2021-36222].
* Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
krb5-1.19.2 changes by ticket ID
8989 Fix typo in enctypes.rst
8992 Avoid rand() in aes-gen test program
9005 Fix argument type errors on Windows
9006 doc build fails with Sphinx 4.0.2
9007 Fix KDC null deref on bad encrypted challenge
9014 Using locking in MEMORY krb5_cc_get_principal()
9015 Fix use-after-free during krad remote_shutdown()
9016 Memory leak in krb5_gss_inquire_cred
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 4bd07ee400b1c39e4efec803567efc024147674a
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Sep 11 12:56:48 2021 +0200
7zip: Update to version 17.04
- Update from 17.03 to 17.04
- Update rootfile
- Changelog
Version 17.04
- add lzip decompress
- update zstd 1.4.9
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 8c943731b14e100e2c55f600e110e28e4040b528
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 10:16:23 2021 +0000
core161: add exfatprogs
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 574690dc0015447b5db788ab08190790e0c22d7b
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu Sep 9 13:53:30 2021 +0200
exfatprogs: Provide package to work with exfat formats
- Create lfs and rootfile
- Add exfatprogs to make.sh
- exfat is supported as a native kernel module since kernel 5.7
- This package requires CONFIG_EXFAT_FS=m to be set for the kernel module for \
each architecture that will be supported. Currently that is only i586
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit eb8dcf245fc8fa1c40f5248863dd4a003f68e35e
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 22 10:14:04 2021 +0000
core161: add dosfstools
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 923cf5358ca02c25bb57efb39fa5d00740c86364
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Sep 8 23:21:14 2021 +0200
dosfstools: Update to version 4.2
- Update from 3.0.9 (2013) to 4.2 (2021)
- Update rootfile
- Program names changed in version 2.0.18
dosfslabel became fatlabel
dosfsck became fsck.fat
and mkdosfs became mkfs.fat
- Added --enable-compat-symlinks to ./configure command to maintain original \
names as symlinks
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 2e82a4002daac145ad2d46978667994728e2dcf0
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu Oct 21 04:39:52 2021 +0200
kernel: update to 5.10.75
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 20977f0a83e41d1128570f3d88d5c861200e4094
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue Oct 19 18:36:32 2021 +0000
core161: generate new qos.sh
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit a3c9708117a60e6e49ba4bd828d3f68d0746e54d
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue Oct 19 18:35:01 2021 +0000
core161: add pakfire.cgi
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 7f7f546e4ae25d75738d6c326149476d7def615a
Author: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon Oct 18 21:09:58 2021 +0200
pakfire.cgi: Implement logic to lock the page until pakfire has been fully \
launched.
When performing any action which requires pakfire, the page gets locked
with an message informing the user that pakfire is working. The page
will be reloaded when pakfire has been launched and is doing the
requested operation - showing the well known log output. This also
happens when pakfire has been launched via any kind of terminal or SSH
session and the CGI gets accessed.
Internally before pakfire gets started a variable called page_lock will
be set to lock the page. An while loop will keep the page locked until
pakfire is launched fully and has written it's lock_file.
This approach will prevent us from any kind of required time intervall
or race conditions.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit e850a61429b03cb77a9dc798e9f093500db09a87
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue Oct 19 18:27:49 2021 +0000
firewall: replace mark with --pol ipsec to exclude ipsec traffic from masquerade
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit ef7d9d7657a3062dbba694728c4c8c6b05caa4c7
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue Oct 19 18:25:11 2021 +0000
core161: add suricata changes
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit d4ff0694c5fa0ec1798cbf849b896b3212a262f6
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Mon Oct 18 22:36:02 2021 +0200
squid-asnbl: update to 0.2.3
Upstream commit 500b9137d0a9dd31e40f0d1effdba0aafeb94ca4 changes the
behaviour of this script in case of invalid or unresolvable FQDNs,
preventing Squid from eventually shutting down due to too many BH's per
time.
Since this allows (authenticated) users to run a DoS against the Squid
instance, it is considered to be security relevant.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 19357bc55e63cbde3bfae3f46bfaf5e655871763
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 18 10:10:22 2021 +0000
firewall: Keep REPEAT bit when saving rest to CONNMARK
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 3fa8300e706227db9f72b4b1349dde3e66399298
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 18 10:10:21 2021 +0000
suricata: Introduce IPSBYPASS chain
NFQUEUE does not let the packet continue where it was processed, but
inserts it back into iptables at the start. That is why we need an
extra IPSBYPASS chain which has the following tasks:
* Make the BYPASS bit permanent for the entire connection
* Clear the REPEAT bit
The latter is more of cosmetic nature so that we can identify packets
that have come from suricata again and those which have bypassed the IPS
straight away.
The IPS_* chain will now only be sent traffic to, when none of the two
relevant bits has been set. Otherwise the packet has already been
processed by suricata in the first pass or suricata has decided to
bypass the connection.
This massively reduces load on the IPS which allows many common
connections (TLS connections with downloads) to bypass the IPS bringing
us back to line speed.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 2469ca9fbab0a02502fc8086bc94517d7dcdcfaf
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 18 10:10:20 2021 +0000
suricata: Store bypass flag in connmark and restore
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 49dd3e2946435b0f4dc77ca1a9d7b14d22edca8d
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 18 10:10:19 2021 +0000
suricata: Add rule to skip IPS if a packet has the bypass bit set
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 855475580b153f05df8417d408193142a76950cf
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 18 10:10:18 2021 +0000
suricata: Always append rules instead of inserting them
This allows us to add rules in a consistent order like they are in the
script.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 9deccd1cbab7e446a362b6410fb88b36b655a7cd
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 18 10:10:17 2021 +0000
suricata: Enable bypassing unhandled streams
If a stream cannot be identified or if suricata has decided that it
cannot do anything useful any more (e.g. TLS sessions after the
handshake), we will allow suricata to bypass any following packets in
that flow
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 11f7218f9cd16b32b2cb4477355e0e5057df6399
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 18 10:10:16 2021 +0000
suricata: Define bypass mark
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 4f07c279a01d076d7f788ac8635194a8bb7c51cd
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 18 10:10:15 2021 +0000
suricata: Rename MARK/MASK to REPEAT_MARK/REPEAT_MASK
This should avoid confusion when we add more marks
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 761fadbdde805c8863a1f2a736408367a38f94da
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 18 10:10:14 2021 +0000
suricata: Set most significant bit as repeat marker
I have no idea why some odd value was chosen here, but one bit should be
enough.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit aaf266ac2b1c230eeb1ba897c9674aaf28cbcf53
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue Oct 19 11:32:00 2021 +0000
core161: add pakfire.conf and pakfire/lib/functions.pl
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit ec18a1ecae60c6c3b6418e300aebd6a823844c8d
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Oct 14 19:01:49 2021 +0000
pakfire: Allow pinning Pakfire to one mirror server
This patch adds a new $mirror option to the configuration file which
will cause Pakfire to only use this one to download any files.
This feature is disabled by default but useful for development.
Fixes: #12706
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 56702858529ae1bf75e21da3ef00f136bacedfcd
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue Oct 19 11:27:58 2021 +0000
core161: add index.cgi and general-functions.pl
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 637eb94684cb0029ca76bb67dda8a8d2c15560ab
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Oct 14 13:26:30 2021 +0000
index.cgi: Remove left-over DNSSEC status warning
An error message is still shown although there is no option to disable
DNSSEC at the moment. The old marker file could still be present on
older machines.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 0165dd40256fb1fe8474140cf54eb30cfb9fb7f3
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Tue Oct 19 11:23:12 2021 +0000
core161: add partresize
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit a09578f4eb954ea982926daab53c34492df05b43
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu Oct 14 12:00:31 2021 +0000
OCI: Enable serial console by default
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 80909fb6da64a911c900df50805fd5866685faf0
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 18 18:57:18 2021 +0200
strongswan: update _updown to use conmark for QoS
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 819fdfb17a3cbc7c25ce098be83896bcd3311567
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 18 14:44:59 2021 +0200
QoS: imgress Connmark restore, layer7 and IPSec handling
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 03c7877845a147029fa122f35ea5a1a3289aacf6
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 18 00:35:42 2021 +0200
kernel: update to 5.10.74
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 3c838a59ea59e3f47fbb0b381a4e2b7f7a8f3571
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat Oct 16 10:18:42 2021 +0200
makeqosscripts: add missing parenthesis at QOS_OUT Layer7 rules.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 79930b29a4cf0e891c294c3a1db22b0d7c0a03f1
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 15 08:07:04 2021 +0200
kernel: update to 5.10.73
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit b04724fd348c2f4e41607603ab25c1f18b96a919
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 15 06:00:08 2021 +0000
u-boot-friendlyarm: copy binary from core159
this u-boot version cannot build without python2 that is removed
with core161 so this copy the binary from older build.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit c8bb619a71cdea01bc86fe20d2d73f8fec4cf7e0
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Oct 13 16:36:59 2021 +0000
core161: remove python2 module from collectd
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 97ac4778bbbc73d8e5a430fa750f133fd3590f8e
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Oct 13 16:33:43 2021 +0000
core161: now use 2to3 of python3
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit b0302f7fad48b64c4cab3a1357c5e5fd6dd9ffa7
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Oct 13 12:33:09 2021 +0000
core161: remove python2 at update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit d5bb33744ac0ec18e0f8eb1e74cceb6c02aa3083
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Tue Aug 24 12:34:53 2021 +0200
python: removal of python2 from IPFire
- Final patch for removal of python2 from IPFire. This can be implemented in an
appropriate Core Update after all other python2 related patches have been \
implemented and confirmed working.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 81acbae3f14da9cb2faa69559488ab1435925df1
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Fri Oct 8 19:22:24 2021 +0200
nano: Update to 5.9
For details see:
https://www.nano-editor.org/news.php
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 8e3167cc44c8a46eac7b9cc6d7b5987333bc4f23
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Oct 13 12:23:40 2021 +0000
guardian: bump PAK_VER
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 2f6232d56cf6e02370377ace649e529c35c13655
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Sat Oct 9 11:23:25 2021 +0200
Bought a 'd' - fixed an old typo
'bandwith...' should be 'bandwidth...'.
Despite being my favourite typo for the past few years(?),
today I decided to try to say 'Goodbye' to an old friend.
Similar to 'MB writen' its hard but I think it just about time.
'qos' and 'guardian' will never be the same for me... ;-)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 13aeb192178b57bc1b14abc514a022ca89cc87bd
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sun Oct 10 21:43:14 2021 +0200
proxy.cgi: Remove option to show Squid's version entirely
There is no sense to display this to anybody, and we do not reveal
version information anywhere else on purpose. The IT staff knows which
version of IPFire they are running (hopefully the latest), and it's
none of the rest of the world's business.
Fixes: #12665 (in some way)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 61cc803fadf4beef80793a691c18d6a4f186863f
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Oct 13 12:16:45 2021 +0000
core161: add squid-asnbl and proxy.cgi
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit cb17776812e1f3b3c780637c107b0da14416306f
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sun Oct 10 19:44:06 2021 +0200
langs: Add English and German translations for newly added web proxy features
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit bb5ca28313ccfe3a4cb901a33c0601d916782f0e
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sun Oct 10 19:43:41 2021 +0200
proxy.cgi: Implement proactive Fast Flux detection and detection for selectively \
announced destinations
This patch adds two new features to IPFire's web proxy:
(a) Proactive Fast Flux detection
FQDNs are resolved to their IP addresses, which are then resolved to
corresponding Autonomous System Numbers using IPFire's location
database. Most destinations will scatter across a very low number of
ASNs (not to be confused with IP addresses!). FQDNs hosted on Fast
Flux setups have a significantly higher ASN diversity (5 is usually
a good threshold), so they can be proactively detected.
(b) Detection for selectively announced destinations
Especially in targeted operations, miscreants host FQDNs for
exfiltrating data or malware distributions on ASNs not announced
globally, but only to the intended victim or it's upstream ISPs.
That way, security researchers located in other parts of the
internet have no insights into these attacks, hence not being able
to publish listings or send take down notices for the domains used.
While RPKI made this attack harder, it can still be observed every
now and then.
This feature also protects against accessing FQDNs resolving to IP
addresses not being globally routeable, hence providing a trivial
mitigation for so-called "rebound attacks" - which we cannot filter
at DNS level currently.
The second version of this patch consumes the user-defined whitelist for
the URL filter (if present and populated) for the ASNBL helper as well,
to make exceptions for funny destinations such as fedoraproject.org
possible. In addition, the ASNBL helper's sanity tests no longer include
publicly routable IP addresses, so failures on location01 cannot brick
IPFire installations in the field.
Thanks to Michael Tremer and Adolf Belka for these suggestions.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 2b591415539ee80fb71d282eccad22b937d2ee96
Author: Peter Müller <peter.mueller@ipfire.org>
Date: Sun Oct 10 19:43:18 2021 +0200
squid-asnbl: New package
This package adds an ASNBL helper for detecting Fast Flux setups and
selectively announced networks (i. e. FQDNs resolving to IP addresses
not being announced by an Autonomous System) to the distribution.
Afterwards, the helper script is located at /usr/bin/asnbl-helper.py .
The second version of this patch updates squid-asnbl to upstream version
0.2.2, improving logging in case of detected Fast Flux setups.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit e314dc82a85f4e8d0f3f18f6f48fd2e4e1cabef7
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Oct 13 12:10:04 2021 +0000
core161: add hexdump
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 45124fbbc286d8cb325615d4e5b512fb651cf1fe
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun Oct 10 12:57:42 2021 +0000
util-linux: Ship hexdump
This is a handy tool which can help debugging any problems and should be
part of the distribution.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 9f9d0974f00bc520e6a59f0c89096dda09adf353
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Sat Oct 9 23:07:43 2021 +0200
client175: Removal of this package as it currently only works with python2
- Removal of the lfs, rootfile and initscript
- Removal of client175 entry in the make.sh file
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit c59dc6a724b0da61d65ea1be603e6b27b4da8a68
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Oct 13 12:08:30 2021 +0000
core161: add makegraphs and hddshutdown
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit cbf3a350ac15b1e3a27db0411a5623ba5ce40e71
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Oct 8 23:38:24 2021 +0200
makegraphs: Update script for new iostat output format - Bug#12702
- Modification of iostat line as per input in Bug#12702
Fixes: 12702
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 74b9fcc65e73802926ce6c1cc3d488598b361802
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Fri Oct 8 23:38:23 2021 +0200
hddshutdown: Update script for new iostat output format - Bug#12702
- Modification of iostat line as per input in Bug#12702
Fixes: 12702
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit a4d0d0a1e4ac946ff65bd65d03a6f705d69f8134
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Oct 13 12:03:56 2021 +0000
core161: add apache2
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit b6ef9f4b3e2a2fb8ea69c6721ba73c08d855ad08
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Fri Oct 8 19:12:40 2021 +0200
apache: Update to 2.4.51
For details see (2.49):
https://dlcdn.apache.org//httpd/CHANGES_2.4.49
For 2.51:
https://dlcdn.apache.org//httpd/CHANGES_2.4.51
"SECURITY: CVE-2021-42013: Path Traversal and Remote Code
Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
fix of CVE-2021-41773) (cve.mitre.org)
It was found that the fix for CVE-2021-41773 in Apache HTTP
Server 2.4.50 was insufficient..."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 9b189f44939fbf4743520e17fc59edda6ebadbca
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Wed Oct 13 12:00:11 2021 +0000
core161: add firewall changes to update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 51c4b73f7a417ff56e27f913cd3254f549ead99a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 4 18:52:22 2021 +0100
IPsec: Replace MARK 50 by 0x00800000
This change is necessary because we are using the right-hand two bytes
for storing the QoS classes.
All IPsec traffic will now be skipped and never classified by the QoS.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit f857c5c63040664414dc07838052155305136c5a
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 4 18:52:21 2021 +0100
QoS: Make outgoing packet processing use CONNMARK
This will significantly reduce the load when classifying outgoing
traffic as there won't be any overhead as soon as the connection has
been classified. The classficiation is being stored in the iptables MARK
which will be copied to CONNMARK if changed.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 0bb882c4bb9acefe26a5713520e5c4ce42cafd79
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 4 18:52:20 2021 +0100
QoS: Drop support for hardcoded ACK rules
This feature has to go in order to take advantage of CONNMARK which will
drastically decrease CPU load when passing packets.
We no longer will see every packet in the QOS-INC chain in order to
change classification of that packet. It is also party counter-intuitive
to have parts of one connection in one class and the corresponding ACK
packets in another.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit c825fcef40f63c8ce39a50b7285dbca98e2db60b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 4 18:52:19 2021 +0100
firewall: Always restore all connection marks
This was done by tc only when QoS was enabled
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 45329c0a66d2f1f7bf4d215489ece6bc1714dfe3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 4 18:52:18 2021 +0100
QoS: Use the two right hand bytes to mark packets
In order to not deal with any marks from NAT and the IPS, this patch
adds masks to all places where packets are being marked for individual
QoS classes.
Instead of being able to use the "fw" match in tc, we have to use the
u32 to apply the mask.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit ce31144c629354d32fcb41ea69f0dbc5e426eea7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon Oct 4 18:52:17 2021 +0100
firewall: Only check relevant bits for NAT fix rules
In order to use the highest two bits for surciata bypass, we will need
to make sure that whenever we compare any other marks, we do not care
about anything else.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 5c372259e3132fa77a8238400b707d7aa398dc15
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 10 13:23:30 2021 +0200
kernel: update to 5.10.72
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 8bb805760f607ee1451ce8b2e033d5af073282dc
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 10 13:22:48 2021 +0200
kernel: add realtek rtl88x2bu wlan module
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 58f6264fa42abe2b889b5d291d8fea91088a9c8e
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 10 06:46:25 2021 +0000
kernel: update to 5.10.71
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 02fadedf8dfb0143b5b49c4d59eb243eefc0f4c3
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 10 06:45:09 2021 +0000
initskrips: leds: add nanopi r2s support
commit 13e001f5c258373c1d7ecd6bfd6e2c5aa4f9dc7d
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 8 19:54:29 2021 +0000
kernel: config for nanopi r2s
some drivers does nozt work as module so they are now compiled into
main kernel
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit fe582c9d7c2379710c13d3266d05307ff23c9aca
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 8 12:05:36 2021 +0000
u-boot: nanopi r2s: add bootcmd and 2nd mac address
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 0b29b37c57415784d55373b36fb291bc7b07eb5b
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 4 06:13:18 2021 +0000
u-boot: bootscript try to use also devnum instead of dev_num
on newer board the variable was renamed.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit dac49f1b119b639fdca9b36e6af8706b41fbb821
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Oct 4 06:07:30 2021 +0000
u-boot: set nanopi r2s baudrate to 115200
default is 150000 but many usb-ttl adapters are unstable at this rate.
commit 954ac9df0441ebbca230cd2e0adcd91cbb9c97c1
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 3 07:42:41 2021 +0000
flash-images: install u-boot for nanopi r2s on aarch64
rockchip has a large bootloader so this also increase the gap between \
partitiontable and fist partition to 16MB on aarch64
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 1f38bac05383eef9c8065f7834f35779e79ab966
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 3 07:39:04 2021 +0000
u-boot: add nanopi r2s build
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 4c59cad1c0f8ee5846c39007bd6734b35d66264c
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Oct 3 07:30:57 2021 +0000
dtc: add device tree compiler on aarch64
u-boot for nanopi r2s (rockchip rk3328) need dtc to build the image
so this adds dtc as build dependency for u-boot
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 577c7c09fa226bbf5f2775628f4ff330bf16c98a
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Oct 1 23:23:01 2021 +0200
kernel: update to 5.10.70
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit b0bb1450fdc450ab239adfccda04420e5bece546
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 24 10:14:50 2021 +0100
media.cgi: Fix parsing output of iostat
Since the last update of sysstat, the output of iostat has changed and
the web user interface showed wrong values.
This is now being fixed in this patch.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 3d17e0d68316b4475bae73ca39f4bb59e9fcdf5e
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Sep 27 12:21:51 2021 +0200
kernel: update to 5.10.69
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 13fcfb9a0e81a14ee125e7e51f342d758263da63
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Sep 26 14:58:27 2021 +0200
kernel: update to 5.10.68
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 9d20b293b83c78dde7234fa3d3912d2b754df8cd
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun Sep 26 08:40:32 2021 +0000
kernel: arm rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 62f705316b81d4b7f452e6380112696d33571381
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat Sep 25 13:19:25 2021 +0000
kernel: aarch64 enable drivers for common ROCKCHIP boards
thx to Fukan K
fixes #12681
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit a21d6a30ced4d4cbf814712277de9ec41d97b412
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat Sep 25 13:07:36 2021 +0000
kernel: aarch64 oldconfig
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 5b659043a98ecd92c5f7fa1a550262ae99476bb2
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Fri Sep 24 09:31:52 2021 +0000
wlanap.cgi: fix typo at reading country list
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 6d8cc5a74eef140b28c62b23b6973c06b15ec8f2
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Sep 20 23:46:14 2021 +0200
kernel: x86 rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 037dc6b9bc5bbc1138ea5075d14d61ba19aaada9
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Sep 20 23:45:56 2021 +0200
kernel: update to 5.10.67
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit cbbed5bc1487ca0e3343b0aaf777abea258ef49c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:29 2021 +0000
kernel: Enable all cgroups on all architectures
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 9df49966d6c511227debbfca57dbe1ad38664f87
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:28 2021 +0000
kernel: Zero-init all stack variables by default
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit b7ed5dc81796dbc49b48306259bd72fbd35c107f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:27 2021 +0000
kernel: Enable support for TPM hardware
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 9012cffdb6588448de51a592dd1bdfeb6cd3ec05
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:26 2021 +0000
kernel: Enable ExFAT on all architectures
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 340f155649ee22afa19f1b6677e35a3d155a7898
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:25 2021 +0000
kernel: Enable frontswap
"Frontswap provides a "transcendent memory" interface for swap pages. In
some environments, dramatic performance savings may be obtained because
swapped pages are saved in RAM (or a RAM-like device) instead of a swap
disk."
https://www.kernel.org/doc/html/latest/vm/frontswap.html
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 15f53912a1a474a2f0cce9a1cd1478276395f3ff
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:24 2021 +0000
kernel: Disable network security hooks
This is a feature we do not use and it should therefore be disabled
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit c913c9862cef699125149dc0ba40adc86eff05c6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:23 2021 +0000
kernel: Disable OpenvSwitch
We do not use this and so we should not build it to save space.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit fef9a33846217b0257eda627a3aa6528b70adc86
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:22 2021 +0000
kernel: Disable any runtime testing
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 828d3d2525a449c45b719a31fba800558a0c3b18
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:21 2021 +0000
kernel: Disable SLUB debugging
This is not necessary on our systems and according to the documentation
will reduce code size of the allocator which will result in better
performance.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 034a2402fc24083ec99e5caa70c45a1d810c9d33
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:20 2021 +0000
kernel: Enable Pressure Stall Information
This is a new type of metric to find out what resource is currently a
bottleneck for the whole system. We might use this for graphs.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit f58a8cb16f487441a86ea48ae6aaf06eb9f6e7e5
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:19 2021 +0000
kernel: Disable IRQ time accounting
This feature is now disabled (was disabled on ARM before) as we do not
need it:
"Select this option to enable fine granularity task irq time accounting.
This is done by reading a timestamp on each transitions between softirq
and hardirq state, so there can be a small performance impact."
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit c0932f8fbece2beb13644605d85b599fe33505e4
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:18 2021 +0000
kernel: Disable suspending systems to RAM
We do not make any use of this functionality
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit 0e83b0d03c0907d99f7f709482476267c903c2dd
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Sep 17 11:42:17 2021 +0000
kernel: Change timer tick to 1000Hz
This change is required to make the system respond faster to any
realtime events (sending or receiving data packets).
It will wake up at least one core 1000 times a second which will result
in finer timer granularity and make scheduling smoother. HTB for
example sends large packet bursts on each timer even to keep up data
rates which is not helpful for most applications.
The change might increase resource consumption and overhead slightly on
some systems, but since we are running in an idle-dyntick configuration,
we should not keep awake any cores that have not been awake before.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
commit f06578af15465ab9eedca2e4840d070b8497a81c
Author: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Mon Sep 20 13:57:26 2021 +0000
core161: start updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree
_______________________________________________
IPFire-SCM mailing list
IPFire-SCM@lists.ipfire.org
https://lists.ipfire.org/mailman/listinfo/ipfire-scm
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic