Feature htmlcleanup #11

alfh · 2014-02-15T15:17:56Z

Mainly convert uppercase html tags to lowercase, found these by using
grep "[A-Z]>" * | grep -v END | grep -v ""
grep "<[A-Z]" * | grep -v END | grep -v ""

Also fix the display of error messages.

…ation

- Update from 2.3.3 to 2.3.3op2 - OpenPrinting statement from March 2021:- CUPS has new home at OpenPrinting Due to the fact that CUPS development at Apple has stopped since the beginning of 2020 we had forked CUPS some months ago to incorporate patches and fixes from the distributions. As Apple did not resume the upstream work on CUPS, we have made OpenPrinting now the official upstream home for CUPS. This especially means that we can now continue developing CUPS, independent of Apple. So we can add features and lead CUPS into the new architecture without PPD files and with Printer Applications. CUPS has a new home page now and what was formerly our fork is now the official CUPS repository. Upcoming releases will be of the new 2.4.x series, without “opX” suffix as now. Also all documentation files which come with it are updated to point to the OpenPrinting resources. - Update of rootfile not required. - Changelog Changes in CUPS v2.3.3op2 - Security: Fixed a buffer (read) overflow in the `ippReadIO` function (CVE-2020-10001) - Clarified the documentation for the "Listen" directive (Issue #53) - Fixed duplicate ColorModel entries for AirPrint printers (Issue 59) - Fixed directory/permission defaults for Debian kfreebsd-based systems (Issue #60, Issue #61) - Fixed crash bug in `ppdOpen` (Issue #64, Issue #78) - Fixed regression in `snprintf` emulation function (Issue #67) - The scheduler's systemd service file now waits for the nslcd service to start (Issue #69) - The libusb-based USB backend now uses a simpler read timer implementation to avoid a regression in a previous change (Issue #72) - The PPD caching code now only tracks the `APPrinterIconPath` value on macOS (Issue #73) - Fixed segfault in help.cgi when searching in man pages (Issue #81) - Root certificates were incorrectly stored in "~/.cups/ssl". Changes in CUPS v2.3.3op1 - The automated test suite can now be activated using `make test` for consistency with other projects and CI environments - the old `make check` continues to work as well, and the previous test server behavior can be accessed by running `make testserver`. - ippeveprinter now supports multiple icons and strings files. - ippeveprinter now uses the system's FQDN with Avahi. - ippeveprinter now supports Get-Printer-Attributes on "/". - ippeveprinter now uses a deterministic "printer-uuid" value. - ippeveprinter now uses system sounds on macOS for Identify-Printer. - Updated ippfind to look for files in "~/Desktop" on Windows. - Updated ippfind to honor `SKIP-XXX` directives with `PAUSE`. - Updated IPP Everywhere support to work around printers that only advertise color raster support but really also support grayscale (Issue #1) - ipptool now supports DNS-SD URIs like `ipps://My%20Printer._ipps._tcp.local` (Issue #5) - The scheduler now allows root backends to have world read permissions but not world execute permissions (Issue #21) - Failures to bind IPv6 listener sockets no longer cause errors if IPv6 is disabled on the host (Issue #25) - The SNMP backend now supports the HP and Ricoh vendor MIBs (Issue #28) - The scheduler no longer includes a timestamp in files it writes (Issue #29) - The systemd service names are now "cups.service" and "cups-lpd.service" (Issue #30, Issue #31) - The scheduler no longer adds the local hostname to the ServerAlias list (Issue #32) - Added `LogFileGroup` directive in "cups-files.conf" to control the group owner of log files (Issue #34) - Added `--with-max-log-size` configure option (Issue #35) - Added `--enable-sync-on-close` configure option (Issue #37) - Added `--with-error-policy` configure option (Issue #38) - IPP Everywhere PPDs could have an "unknown" default InputSlot (Issue #44) - The `httpAddrListen` function now uses a listen backlog of 128. - Added USB quirks (Apple issue #5789, #5823, #5831) - Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter. - Fixed DNS-SD name collision support in ippeveprinter. - Fixed compiler and code analyzer warnings. - Fixed TLS support on Windows. - Fixed ippfind sub-type searches with Avahi. - Fixed the default hostname used by ippeveprinter on macOS. - Fixed resolution of local IPP-USB printers with Avahi. - Fixed coverity issues (Issue #2) - Fixed `httpAddrConnect` issues (Issue #3) - Fixed web interface device URI issue (Issue #4) - Fixed lp/lpr "printer/class not found" error reporting (Issue #6) - Fixed xinetd support for LPD clients (Issue #7) - Fixed libtool build issue (Issue #11) - Fixed a memory leak in the scheduler (Issue #12) - Fixed a potential integer overflow in the PPD hashing code (Issue #13) - Fixed output-bin and print-quality handling issues (Issue #18) - Fixed PPD options getting mapped to odd IPP values like "tray---4" (Issue #23) - Fixed remote access to the cupsd.conf and log files (Issue #24) - Fixed the automated test suite when running in certain build/CI environments (Issue #25) - Fixed a logging regression caused by a previous change for Apple issue #5604 (Issue #25) - Fixed fax phone number handling with GNOME (Issue #40) - Fixed potential rounding error in rastertopwg filter (Issue #41) - Fixed the "uri-security-supported" value from the scheduler (Issue #42) - Fixed IPP backend crash bug with "printer-alert" values (Issue #43) - Removed old Solaris inetconv(1m) reference in cups-lpd man page (Issue #46) - Fixed default options that incorrectly use the "custom" prefix (Issue #48) - Fixed a memory leak when resolving DNS-SD URIs (Issue #49) - Fixed systemd status reporting by adopting the notify interface (Issue #51) - Fixed crash in rastertopwg (Apple issue #5773) - Fixed cupsManualCopies values in IPP Everywhere PPDs (Apple issue #5807) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

- Update from version 3.6.16 to 3.7.6 - Update of rootfile - find-dependencies run on sobump libs. No dependencies flagged for the old or new libs - Changelog * Version 3.7.6 (released 2022-05-27) ** libgnutls: Fixed invalid write when gnutls_realloc_zero() is called with new_size < old_size. This bug caused heap corruption when gnutls_realloc_zero() has been set as gmp reallocfunc (!1592, #1367, #1368, #1369). ** API and ABI modifications: No changes since last version. * Version 3.7.5 (released 2022-05-15) ** libgnutls: The GNUTLS_NO_TICKETS_TLS12 flag and %NO_TICKETS_TLS12 priority modifier have been added to disable session ticket usage in TLS 1.2 because it does not provide forward secrecy (#477). On the other hand, since session tickets in TLS 1.3 do provide forward secrecy, the PFS priority string now only disables session tickets in TLS 1.2. Future backward incompatibility: in the next major release of GnuTLS, we plan to remove those flag and modifier, and make GNUTLS_NO_TICKETS and %NO_TICKETS only affect TLS 1.2. ** gnutls-cli, gnutls-serv: Channel binding for printing information has been changed from tls-unique to tls-exporter as tls-unique is not supported in TLS 1.3. ** libgnutls: Certificate sanity checks has been enhanced to make gnutls more RFC 5280 compliant (!1583). Following changes were included: - critical extensions are parsed when loading x509 certificate to prohibit any random octet strings. Requires strict-x509 configure option to be enabled - garbage bits in Key Usage extension are prohibited - empty DirectoryStrings in Distinguished name structures of Issuer and Subject name are prohibited ** libgnutls: Removed 3DES from FIPS approved algorithms (#1353). According to the section 2 of SP800-131A Rev.2, 3DES algorithm will be disallowed for encryption after December 31, 2023: https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final ** libgnutls: Optimized support for AES-SIV-CMAC algorithms (#1217, #1312). The existing AEAD API that works in a scatter-gather fashion (gnutls_aead_cipher_encryptv2) has been extended to support AES-SIV-CMAC. For further optimization, new function (gnutls_aead_cipher_set_key) has been added to set key on the existing AEAD handle without re-allocation. ** libgnutls: HKDF and AES-GCM algorithms are now approved in FIPS-140 mode when used in TLS (#1311). ** The configure arguments for Brotli and Zstandard (zstd) support have changed to reflect the previous help text: they are now --with-brotli/--with-zstd respectively (#1342). ** Detecting the Zstandard (zstd) library in configure has been fixed (#1343). ** API and ABI modifications: GNUTLS_NO_TICKETS_TLS12: New flag gnutls_aead_cipher_set_key: New function * Version 3.7.4 (released 2022-03-17) ** libgnutls: Added support for certificate compression as defined in RFC8879 (#1301). New API functions (gnutls_compress_certificate_get_selected_method and gnutls_compress_certificate_set_methods) allow client and server to set their preferences. ** certtool: Added option --compress-cert that allows user to specify compression methods for certificate compression. ** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure option to enforce stricter certificate sanity checks that are compliant with RFC5280. ** libgnutls: Removed IA5String type from DirectoryString within issuer and subject name to make DirectoryString RFC5280 compliant. ** libgnutls: Added function (gnutls_record_send_file) to send file content from open file descriptor (!1486). The implementation is optimized if KTLS (kernel TLS) is enabled. ** libgnutls: Added function (gnutls_ciphersuite_get) to retrieve the name of current ciphersuite from TLS session (#1291). ** libgnutls: The run-time dependency on tpm2-tss is now re-implemented using dlopen, so GnuTLS does not indirectly link to other crypto libraries until TPM2 functionality is utilized (!1544). ** API and ABI modifications: GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member gnutls_compress_certificate_get_selected_method: Added gnutls_compress_certificate_set_methods: Added gnutls_ciphersuite_get: New function gnutls_record_send_file: New function libgnutlsxx: Soname bumped due to ABI breakage introduced in 3.7.1 * Version 3.7.3 (released 2022-01-17) ** libgnutls: The allowlisting configuration mode has been added to the system-wide settings. In this mode, all the algorithms are initially marked as insecure or disabled, while the applications can re-enable them either through the [overrides] section of the configuration file or the new API (#1172). ** The build infrastructure no longer depends on GNU AutoGen for generating command-line option handling, template file parsing in certtool, and documentation generation (#773, #774). This change also removes run-time or bundled dependency on the libopts library, and requires Python 3.6 or later to regenerate the distribution tarball. Note that this brings in known backward incompatibility in command-line tools, such as long options are now case sensitive, while previously they were treated in a case insensitive manner: for example --RSA is no longer a valid option of certtool. The existing scripts using GnuTLS tools may need adjustment for this change. ** libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and used as a gnutls_privkey_t (#594). The code was originally written for the OpenConnect VPN project by David Woodhouse. To generate such blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations or the tpm2_encodeobject tool from unreleased tpm2-tools. ** libgnutls: The library now transparently enables Linux KTLS (kernel TLS) when the feature is compiled in with --enable-ktls configuration option (#1113). If the KTLS initialization fails it automatically falls back to the user space implementation. ** certtool: The certtool command can now read the Certificate Transparency (RFC 6962) SCT extension (#232). New API functions are also provided to access and manipulate the extension values. ** certtool: The certtool command can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. ** libgnutls: Disabling a hashing algorithm through "insecure-hash" configuration directive now also disables TLS ciphersuites that use it as a PRF algorithm. ** libgnutls: PKCS#12 files are now created with modern algorithms by default (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the default PBKDF2 iteration count has been increased to 600000. ** libgnutls: PKCS#12 keys derived using GOST algorithm now uses HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to conform with the latest TC-26 requirements (#1225). ** libgnutls: The library now provides a means to report the status of approved cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this complements the existing mechanism to prohibit the use of unapproved algorithms by making the library unusable state. ** gnutls-cli: The gnutls-cli command now provides a --list-config option to print the library configuration (!1508). ** libgnutls: Fixed possible race condition in gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] ** API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags gnutls_ecc_curve_set_enabled: Added. gnutls_sign_set_secure: Added. gnutls_sign_set_secure_for_certs: Added. gnutls_digest_set_secure: Added. gnutls_protocol_set_enabled: Added. gnutls_fips140_context_init: New function gnutls_fips140_context_deinit: New function gnutls_fips140_push_context: New function gnutls_fips140_pop_context: New function gnutls_fips140_get_operation_state: New function gnutls_fips140_operation_state_t: New enum gnutls_transport_is_ktls_enabled: New function gnutls_get_library_configuration: New function * Version 3.7.2 (released 2021-05-29) ** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode ** libgnutls: The Linux kernel AF_ALG based acceleration has been added. This can be enabled with --enable-afalg configure option, when libkcapi package is installed (#308). ** libgnutls: Fixed timing of early data exchange. Previously, the client was sending early data after receiving Server Hello, which not only negates the benefit of 0-RTT, but also works under certain assumptions hold (e.g., the same ciphersuite is selected in initial and resumption handshake) (#1146). ** certtool: When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default (#1126). ** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now deprecated and will be removed in the future releases. ** certtool: When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale (e.g. Country before State, Organization before OrganizationalUnit). This change also affects the order in which certtool prompts interactively. Please rely on the template mechanism for automated use of certtool! (#1243) ** API and ABI modifications: gnutls_early_cipher_get: Added gnutls_early_prf_hash_get: Added ** guile: Writes to a session record port no longer throw an exception upon GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. * Version 3.7.1 (released 2021-03-10) ** libgnutls: Fixed potential use-after-free in sending "key_share" and "pre_shared_key" extensions. When sending those extensions, the client may dereference a pointer no longer valid after realloc. This happens only when the client sends a large Client Hello message, e.g., when HRR is sent in a resumed session previously negotiated large FFDHE parameters, because the initial allocation of the buffer is large enough without having to call realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low] ** libgnutls: Fixed a regression in handling duplicated certs in a chain (#1131). ** libgnutls: Fixed sending of session ID in TLS 1.3 middlebox compatibiltiy mode. In that mode the client shall always send a non-zero session ID to make the handshake resemble the TLS 1.2 resumption; this was not true in the previous versions (#1074). ** libgnutls: W32 performance improvement with a new sendmsg()-like transport implementation (!1377). ** libgnutls: Removed dependency on the external 'fipscheck' package, when compiled with --enable-fips140-mode (#1101). ** libgnutls: Added padlock acceleration for AES-192-CBC (#1004). ** API and ABI modifications: No changes since last version. * Version 3.7.0 (released 2020-12-02) ** libgnutls: Depend on nettle 3.6 (!1322). ** libgnutls: Added a new API that provides a callback function to retrieve missing certificates from incomplete certificate chains (#202, #968, #1100). ** libgnutls: Added a new API that provides a callback function to output the complete path to the trusted root during certificate chain verification (#1012). ** libgnutls: OIDs exposed as gnutls_datum_t no longer account for the terminating null bytes, while the data field is null terminated. The affected API functions are: gnutls_ocsp_req_get_extension, gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension (#805). ** libgnutls: Added a new set of API to enable QUIC implementation (#826, #849, #850). ** libgnutls: The crypto implementation override APIs deprecated in 3.6.9 are now no-op (#790). ** libgnutls: Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support (!1161). ** libgnutls: Support for padlock has been fixed to make it work with Zhaoxin CPU (#1079). ** libgnutls: The maximum PIN length for PKCS #11 has been increased from 31 bytes to 255 bytes (#932). ** API and ABI modifications: gnutls_x509_trust_list_set_getissuer_function: Added gnutls_x509_trust_list_get_ptr: Added gnutls_x509_trust_list_set_ptr: Added gnutls_session_set_verify_output_function: Added gnutls_record_encryption_level_t: New enum gnutls_handshake_read_func: New callback type gnutls_handshake_set_read_function: New function gnutls_handshake_write: New function gnutls_handshake_secret_func: New callback type gnutls_handshake_set_secret_function: New function gnutls_alert_read_func: New callback type gnutls_alert_set_read_function: New function gnutls_crypto_register_cipher: Deprecated; no-op gnutls_crypto_register_aead_cipher: Deprecated; no-op gnutls_crypto_register_mac: Deprecated; no-op gnutls_crypto_register_digest: Deprecated; no-op Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>

- Update from version 3.1.7 to 3.2.4 - Update of rootfile - find-dependencies run and only thing showing as depending on the libs are knot itself. - Changelog Knot DNS 3.2.4 (2022-12-12) Improvements: - knotd: significant speed-up of catalog zone update processing - knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh - knotd: reworked zone re-bootstrap scheduling to be less progressive - mod-synthrecord: module can work with CIDR-style reverse zones #826 - python: new libknot wrappers for some dname transformation functions - doc: a few fixes and improvements Bugfixes: - knotd: incomplete zone is received when IXFR falls back to AXFR due to connection timeout if primary puts initial SOA only to the first message - knotd: first zone re-bootstrap is planned after 24 hours - knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone - knotd: catalog zone can expire upon EDNS EXPIRE processing - knotd: DNSSEC signing doesn't fail if no offline KSK records available Knot DNS 3.2.3 (2022-11-20) Improvements: - knotd: new per-zone DS push configuration option (see 'zone.ds-push') - libs: upgraded embedded libngtcp2 to 0.11.0 Bugfixes: - knsupdate: program crashes when sending an update - knotd: server drops more responses over UDP under higher load - knotd: missing EDNS padding in responses over QUIC - knotd: some memory issues when handling unusual QUIC traffic - kxdpgun: broken IPv4 source subnet processing - kdig: incorrect handling of unsent data over QUIC Knot DNS 3.2.2 (2022-11-01) Features: - knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode - knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay') - kdig: support for JSON (RFC 8427) output format (see '+json') - kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk) Improvements: - mod-geoip: module respects the server configuration of answer rotation - libs: upgraded embedded libngtcp2 to 0.10.0 - tests: improved robustness of some unit tests - doc: added description of zone bootstrap re-planning Bugfixes: - knotd: catalog confusion when a member is added and immediately deleted #818 - knotd: defective handling of short messages with PROXYv2 header #816 - knotd: inconsistent processing of malformed messages with PROXYv2 header #817 - kxdpgun: incorrect XDP mode is logged - packaging: outdated dependency check in RPM packages Knot DNS 3.2.1 (2022-09-09) Improvements: - libknot: added compatibility with libbpf 1.0 and libxdp - libknot: removed some trailing white space characters from textual RR format - libs: upgraded embedded libngtcp2 to 0.8.1 Bugfixes: - knotd: some non-DNS packets not passed to OS if XDP mode enabled - knotd: inappropriate log about QUIC port change if QUIC not enabled - knotd/kxdpgun: various memory leaks related to QUIC and TCP - kxdpgun: can crash at high rates in emulated XDP mode - tests: broken XDP-TCP test on 32-bit platforms - kdig: failed to build with enabled QUIC on OpenBSD - systemd: failed to start server due to TemporaryFileSystem setting - packaging: missing knot-dnssecutils package on CentOS 7 Knot DNS 3.2.0 (2022-08-22) Features: - knotd: finalized TCP over XDP implementation - knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic') - knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management') - knotd: support for remote grouping in configuration (see 'groups' section) - knotd: implemented EDNS Expire option (RFC 7314) - knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1 - knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762 - knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label') - knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https - keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens) - kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter) - kdig: new DNS over QUIC support (see '+quic') Improvements: - knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS - knotd: RRSIG refresh values don't have to match in the mode Offline KSK - knotd: better decision whether AXFR fallback is needed upon a refresh error - knotd: NSEC3 resalt event was merged with the DNSSEC event - knotd: server logs when the connection to remote was taken from the pool - knotd: server logs zone expiration time when the zone is loaded - knotd: DS check verifies removal of old DS during algorithm rollover - knotd: DNSSEC-related records can be updated via DDNS - knotd: new 'xdp.udp' configuration option for disabling UDP over XDP - knotd: outgoing NOTIFY is replanned if failed - knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones - knotd: DNSSEC-related zone semantic checks use DNSSEC validation - knotd: new configuration value 'query' for setting ACL action - knotd: new check on near end of imported Offline KSK records - knotd/knotc: implemented zone catalog purge, including orphaned member zones - knotc: interactive mode supports catalog zone completion, value completion, and more - knotc: new default brief and colorized output from zone status - knotc: unified empty values in zone status output - keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode - kjournalprint: path to journal DB is automatically taken from the configuration, which can be specified using '-c', '-C' (or '-D') - kcatalogprint: path to catalog DB is automatically taken from the configuration, which can be specified using '-c', '-C' (or '-D') - kzonesign: added automatic configuration file detection and '-C' parameter for configuration DB specificaion - kzonesign: all CPU threads are used for DNSSEC validation - libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765 - libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780 - libknot: reduced memory consumption of the XDP mode - libknot: XDP filter supports up to 256 NIC queues - kxdpgun: new options for specifying source and remote MAC addresses - utils: extended logging of LMDB-related errors - utils: improved error outputs - kdig: query has AD bit set by default - doc: various improvements Bugfixes: - knotd: zone changeset is stored to journal even if disabled - knotd: journal not applied to zone file if zone file changed during reload - knotd: possible out-of-order processing or postponed zone events to far future - knotd: incorrect TTL is used if updated RRSet is empty over control interface - knotd/libs: serial arithmetics not used for RRSIG expiration processing - knsupdate: incorrect RRTYPE in the question section Compatibility: - knotd: default value for 'zone.journal-max-depth' was lowered to 20 - knotd: default value for 'policy.nsec3-iterations' was lowered to 0 - knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL - knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low - knotd: configuration option 'server.listen-xdp' has no effect - knotd: new configuration check on deprecated DNSSEC algorithm - knotc: new '-e' parameter for full zone status output - keymgr: new '-e' parameter for full key list output - keymgr: brief key listing mode is enabled by default - keymgr: renamed parameter '-d' to '-D' - knsupdate: default TTL is set to 3600 - knsupdate: default zone is empty - kjournalprint: renamed parameter '-c' to '-H' - python/libknot: removed compatibility with Python 2 Packaging: - systemd: removed knot.tmpfile - systemd: added some hardening options - distro: Debian 9 and Ubuntu 16.04 no longer supported - distro: packages for CentOS 7 are built in a separate COPR repository - kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils Knot DNS 3.1.9 (2022-08-10) Improvements: - knotd: new configuration checks on unsupported catalog settings - knotd: semantic check issues have notice log level in the soft mode - keymgr: command generate-ksr automatically sets 'from' parameter to last offline KSK records' timestamp if it's not specified - keymgr: command show-offline starts from the first offline KSK record set if 'from' parameter isn't specified - kcatalogprint: new parameters for filtering catalog or member zone - mod-probe: default rate limit was increased to 100000 - libknot: default control timeout was increased to 30 seconds - python/libknot: various exceptions are raised from class KnotCtl - doc: some improvements Bugfixes: - knotd: incomplete outgoing IXFR is responded if journal history is inconsistent - knotd: manually triggered zone flush is suppressed if disabled zone synchronization - knotd: failed to configure XDP listen interface without port specification - knotd: de-cataloged member zone's file isn't deleted #805 - knotd: member zone leaks memory when reloading catalog during dynamic configuration change - knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei) - knotd: server crashes during shutdown if PKCS #11 keystore is used - keymgr: command del-all-old isn't applied to all keys in the removed state - kxdpgun: user specified network interface isn't used - libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins) Knot DNS 3.1.8 (2022-04-28) Features: - knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl') - knotd: new soft zone semantic check mode for allowing defective zone loading - knotc: added zone transfer freeze state to the zone status output Improvements: - knotd: added configuration check for serial policy of generated catalogs Bugfixes: - knotd/libknot: the server can crash when validating a malformed TSIG record - knotd: outgoing zone transfer freeze not preserved during server reload - knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790 - knotd: zone refresh not started if planned during server reload - knotd: generated catalogs can be queried over UDP - knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>

- Update from version 3.2.4 to 3.3.5 - Update of rootfile - Changelog 3.3.5 (2024-03-06) Features: - knotd: new module mod-authsignal for automatic authenticated DNSSEC bootstrapping records synthesis (Thanks to Peter Thomassen) - kzonecheck: new optional ZONEMD verification (see option '-z') Improvements: - knotd: new DNSSEC key rollover log informs about next planned key action - knotd, kzonecheck: added limit on non-matching keys with a duplicate keytag - knot-exporter: added counter-type variant for each metric (Thanks to Marcel Koch) - libs: upgraded embedded libngtcp2 to 1.3.0 - doc: various fixes and updates Bugfixes: - knotd, kzonecheck: failed to validate RRSIG if there are more keys with the same keytag - knotd, kzonecheck: failed to validate zone with more CSK keys - libknot: insufficient check for malformed TCP header options over XDP 3.3.4 (2024-01-24) Features: - knotd: new configuration item for clearing configuration sections (see 'clear') - knotc: configuration import can preserve database contents (see '+nopurge' flag) - kxdpgun: new parameter for setting UDP payload size in EDNS (see '--edns-size') #915 Improvements: - knotd: extended configuration check for 'zonefile-load' and 'journal-content' - knotd: lowered check limit for additional NSEC3 iterations to 0 - knotd: lowered severity level of an informational backup log - knotd: better log message when flushing the journal - knotd: zone restore checks if requested contents are in the provided backup - knotc: '+quic' is default for zone backup, '+noquic' is default for zone restore - kdig: better processing of timeouts and reduced sent datagrams over QUIC - kdig: no retries are attempted over QUIC - keymgr: improved compatibility with bind9-generated keys - libs: some improvements in XDP buffer allocation - libs: upgraded embedded libngtcp2 to 1.2.0 - doc: various fixes and updates Bugfixes: - knotd: failed to build on macOS #909 - knotd: 'nsec3-salt-lifetime: -1' doesn't work if 'ixfr-from-axfr' is enabled - knotd: unnecessarily updated RRSIGs if 'ixfr-from-axfr' and signing are enabled - knotc: zone check complains about missing zone file #913 - kdig: failed to try another target address over QUIC - libknot: infinite loop in knot_rrset_to_wire_extra() #916 3.3.3 (2023-12-13) Features: - knotd: new 'pattern' mode of ACL update owner matching (see 'acl.update-owner-match') - knotc: new '+keysonly' filter for zone backup/restore Improvements: - knotd: zone purging waits for finished zone expiration for better reliability - knotd: remote configuration considers more 'via' with the same address family - knotd: refresh doesn't fall back from IXFR to AXFR upon a network error - knotd: increased default for 'policy.rrsig-refresh' by (0.1 * 'rrsig-lifetime') - knotd: new control flag 'u' for unix time output format from zone status - knotd: extended check for inconsistent acl settings - knotd/libknot: simplified TCP/QUIC sweep logging - mod-dnsproxy: all configured remote addresses are used for fallback operation - mod-dnsproxy: module responds locally if forwarding fails instead of SERVFAIL - libs: upgraded embedded libngtcp2 to 1.1.0 - doc: various fixes and extensions Bugfixes: - knotd: zone backup fails due to improper backup context deinitialization #891 - knotd: failed to sign the zone if maximum zone's TTL is too high - knotd: malformed TCP header if used with QUIC in the generic XDP mode - knotd: server can crash when processing new TCP connections over XDP - knotd: incorrect initialization of TCP limits - knotd: orphaned PEM file not deleted when key generation fails - knotd/libknot: connection timeouts over QUIC due to incomplete retransfer handling #894 - kdig: crashed when querying DNS over TLS if TLS handshake times out #896 - kzonecheck: failed to check DS with SHA-1 or GOST if not supported by local policy - libdnssec: failed to compile with GnuTLS if PKCS #11 support is disabled 3.3.2 (2023-10-20) Features: - knotd: support for IXFR from AXFR computation (see 'zone.ixfr-from-axfr') - knotd: support benevolent IXFR (see 'zone.ixfr-benevolent') - knot-exporter: new configuration option '--no-zone-serial' #880 Improvements: - libs: upgraded embedded libngtcp2 to 1.0.0 - knotd: added logging of new SOA serial when signing is finished - knotd: unified some XDP-related logging - keymgr: improved error message if a key file is not accessible - keymgr: added offline RRSIGs validation at the end of their validity intervals - kdig: upgraded EDNS presentation format to draft version -02 - kdig: simplified QUIC connection without extra PING frames - kzonecheck: removed requirement that DS is at delegation point - doc: various fixes and improvements Bugfixes: - knotd: logged incorrect new SOA serial if 'zonefile-load: difference' is set #875 - knotd: more signing threads with a PKCS #11 keystore has no effect #876 - knotd: DNAME record returned with query domain name instead of actual name #873 - knotd: failed to import configuration file if mod-geoip is in use #881 - knotd: failed to sign RRSet that fits to 64k only if compressed - knotd: broken zone update context upon failed operation over control interface - keymgr: offline RRSIGs not refreshed if 'rrsig-refresh' is not set - knsupdate: incorrect processing of @ in the delete operation #879 - knot-exporter: failed to parse knotd PIDs on FreeBSD Packaging: - docker: added support for (inter-container) D-Bus signaling 3.3.1 (2023-09-11) Improvements: - knotd: multiple catalog groups per member are tolerated, but only one is used - modules: added const qualifier to various function parameters #877 (Thanks to Robert Edmonds) - libs: upgraded embedded libngtcp2 to 0.19.1 Bugfixes: - knotd: TCP over XDP fails to respond - knotd: server can crash when adjusting a wildcard glue - knotd: failed to forward DDNS if 'zone.master' points to 'remotes' - knotd: broken YAML statistics if more modules are configured #874 - knotd: DDNS forwarding isn't RFC 8945 compliant 3.3.0 (2023-08-28) Features: - knotd: full DNS over QUIC (DoQ, RFC 9250) implementation, also without XDP - knotd: bidirectional XFR over QUIC (XoQ) support with opportunistic, strict, and mutual authentication profiles - knotd: automatic reverse PTR records pre-generation (see 'zone.reverse-generate') - knotd: new per zone statistic counters 'zone.size' and 'zone.max-ttl' - knotd: new primary server pinning (see 'zone.master-pin-tolerance') - knotd: new SOA serial modulo policy (see 'zone.serial-modulo') - knotd: new multi-signer operation mode (see 'policy.dnskey-sync' and 'DNSSEC multi-signer') - kdig: support for EDNS presentation format, also in JSON mode (see '+optpresent') - kxdpgun: new TCP/QUIC debug mode 'R' for connection reuse - kxdpgun: new XDP mode parameter '--mode' (Thanks to Jan Včelák) - kxdpgun: new parameter '--qlog' for qlog destination specification - kzonecheck: new '--print' parameter for dumping the zone on stdout Improvements: - knotd: secondary can be configured not to forward DDNS (see 'zone.ddns-master') - knotd: extended support for UNIX socket configuration (remote, acl) - knotd: stats no longer dump empty or zero counters - knotd: new 'keys-updated' D-Bus event - knotd: added transport protocol information to outgoing event and nameserver logs - knotd: server cleans up stale LMDB readers when opening a RW transaction - knotd,kzonecheck: semantic check allows DS only at delegation point - knotc: new zone backup filters '+quic' and '+noquic' for QUIC key backup - mod-dnstap: DNS over QUIC traffic is marked as QUIC - kxdpgun: QUIC connections are closed by default - libs: upgraded embedded libngtcp2 to 0.18.0 - kdig: QUIC, TLS, or HTTPS protocol is printed in the final statistics - doc: new sections 'DNS over QUIC' and 'DNSSEC multi-signer' - doc: various improvements Bugfixes: - knotd: server can crash if a shared module is loaded and dynamic configuration used - knotd: inaccurate transfer size is logged if EDNS EXPIRE, PADDING, or TSIG is present - knotd: subsequent addition and removal to catalog zone isn't handled properly - knotc: configuration import fails if an explicit shared module is configured - utils: database transactions not properly closed when terminated prematurely - kdig: double-free on some malformed responses over QUIC #869 - kdig: some TLS parameters override QUIC parameters - libs: NULL record with empty RDATA isn't allowed - tests: dthreads destructor test sometimes fails Compatibility: - knotd: responses to forwarded DDNS requests are signed with local TSIG key - knotd: NOTIFY-initiated refresh tries all configured addresses of the remote - knotd: configuration option 'xdp.quic-log' was replaced with 'log.quic' - libs: removed embedded libbpf, an external one is necessary for XDP - libs: DNS over QUIC implementation only supports 'doq' ALPN - ctl: removed 'Version: ' prefix from 'status version' output - modules: reduced parameters of 'knotd_qdata_local_addr()' Packaging: - knot-exporter: Prometheus exporter imported from GitHub - knot-exporter: packages for Debian, Ubuntu, and PyPI - debian,ubuntu: new self-hosted repository (see https://pkg.labs.nic.cz/doc/) - docker: upgraded to Debian bookworm-slim 3.2.9 (2023-07-27) Improvements: - keymgr: 'import-pkcs11' not allowed if no PKCS #11 keystore backend is configured - keymgr: more verbose key import errors - doc: extended migration notes - doc: various improvements Bugfixes: - knotd: server may crash when storing changeset of a big zone migrating to/from NSEC3 - knotd: zone refresh loop when all masters are outdated and timers cleared - knotd: failed to active D-Bus notifications if not started as systemd service - kjournalprint: database transaction not properly closed when terminated prematurely 3.2.8 (2023-06-26) Improvements: - kdig: malformed messages are parsed and printed using a best-effort approach - python: new dname from wire initialization Bugfixes: - knotd: missing outgoing NOTIFY upon refresh if one of more primaries is up-to-date - knotd: journal loop detection can prevent zone from loading - knotd: cryptic error message when journal is full #842 - knotd: failed to query catalog zone over UDP - configure: libngtcp2 check wrongly requires version 0.13.0 instead of 0.13.1 3.2.7 (2023-06-06) Features: - knotd: new configuration option for preserving incoming IXFR changeset history (see 'zone.ixfr-by-one') Improvements: - knotd: journal ensures the stored changeset's SOA serials are strictly increasing - knotd: more effective handling of zero KNOT_ZONE_LOAD_TIMEOUT_SEC environment value - knotd, kdig: incoming transfer fails if a message has the TC bit set - knotd, kjournalprint: store or print the timestamp of changeset creation - kxdpgun: load only necessary number of queries (Thanks to Petr Špaček) - kxdpgun: print ratio of sent vs. requested queries (Thanks to Petr Špaček) - kxdpgun: print percentages as floats (Thanks to Petr Špaček) - kjournalprint: ability to print a changeset loop - kjournalprint: added changset serials information to '-z -d' output - packaging: RHEL9 requires libxdp like fedora since RHEL 9.2 #844 - doc: various improvements Bugfixes: - knotd: journal loading can get stuck in a multi-changeset loop - knotd: missing RCU lock when reading zone through the control interface - knotd: server start D-Bus signaling doesn't work well if the zone file is missing, catalog zones are used, or in the async-start mode - knotd: test suite fails on 32bit architectures on musl 1.2 and newer #843 - knotd: failed to process zero-length messages over QUIC - libs: compilation with embedded ngtcp2 fails if there is another ngtcp2 in the path 3.2.6 (2023-04-04) Improvements: - libs: upgraded embedded libngtcp2 to 0.13.1 - libs: added support for building on Cygwin and MSYS (Thanks to Christopher Ng) - mod-dnstap: improved precision of stored time values - kdig: added option for EDNS EXPIRE (see '+expire') #836 - kdig: extended description of SOA timers in the multiline mode - kdig: reduced latency of TLS communication - libknot: added EDE codes 28 and 29 - doc: various improvements Bugfixes: - knotd: generated catalog zone not updated upon server reload #834 - knotd: failed to check shared module configuration - knotd: missing RCU registration of the statistics thread (Thanks to Qin Longfei) - knotd: server logs failed to send QUIC packets in the XDP mode - libs: inconsistent transformation of IPv4-Compatible IPv6 Addresses - utils: failed to load configuration if dnstap module is enabled #831 - libknot: missing include string.h 3.2.5 (2023-02-02) Features: - knotd: new configuration option for enforcing IXFR fallback (see 'zone.provide-ixfr') Improvements: - knotd: changed UNIX socket file mode to 0222 for answering and 0220 for control - mod-probe: new support for communication over a UNIX socket - kdig: new support for communication over a UNIX socket - libs: upgraded embedded libngtcp2 to 0.13.0 - doc: various improvements Bugfixes: - knotd: failed to get catalog member configuration if catalog template is in a template - knotd: failed to respond over a UNIX socket with EDNS - knotd: unexpected zone update upon restart or zone reload if ZONEMD generation is enabled - knotd: redundant zone flush of unchanged zone if zone file load is 'difference-no-serial' - knotd/kxdpgun: failed to receive messages over XDP with drivers tap or ena - knotc: zone check doesn't report missing zone file #829 - kxdpgun: program crashes when remote closes QUIC connection instead of resumption - mod-geoip: configuration check leaks memory in the geodb mode - utils: unwanted color reset sequences in non-color output Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

@middleO

- Update from version 1.3.4 (2009) to 1.10.0 (2017) - Update of rootfile - Changelog 1.10.0 * Build system: Search the "rt" library for clock_gettime(). This fixes build issues on Mac OS X. Thanks to Yann E. Morni for this fix. #9 * Build system: The "--with[out]-ncurses" option has been added and allows to enforce/disable the building of "noping". Thanks to Thomas Deutschmann for the patch. #15 * Build system: Compatibility code to work with pkg-config < 0.27 has been added. #22 * liboping: Creation of ICMPv4 packets has been fixed: due to an incorrect sizeof() the payload may have been prefixed by 20 zero bytes, resulting in larger packets than desired. Thanks to Kyle Zhou for reporting and fixing this. #10 * liboping: The number of file descriptors used has been reduced to at most two (from one per host). This and a few other optimizations significantly improve performance. Thanks to Luke Heberling for the patch. #11 * oping, noping: Handling of the "-O" command line flag has been fixed. * oping, noping: The "-b" option has been added and enables a bell whenever an echo reply is received. Thanks to Antoine Beaupré for the patch. #6 * noping: The background color has been changed to use the terminal default. Thanks to @middleO. #18 * noping: The ability to add hosts after noping has started (the "a" key) has been added. Thanks to Hamish Coleman for the patch. #20, #23 1.9.0 * liboping: The new "PING_OPT_MARK" option allows to mark packets, which can be used for filtering and routing such packets on Linux. * oping, noping: The new "-m" command line option allows to set a mark on packets sent by the tool. * oping, noping: The new "-O" command line option allows to write measurements to an CSV file. * oping, noping: The new "-w" command line option allows to specify the timeout after which a packet/reply is considered "dropped". 1.8.0 * oping, noping: Average and standard deviation have been removed from the status output, which show median and 95th percentile instead. The percentile can be chosen with the "-P" option. * noping: The additional graph types "histogram" and "boxplot" have been added, which can be selected with the "-g" option. 1.7.0 * oping, noping: The new -Z option allows the exit status to indicate the number of failing hosts. Thanks to Barak Pearlmutter for the patch. * noping: The ability to print a "prettyping" style graph has been added. Thanks to Antoine Beaupré for his work! * src/liboping.c: Build issues on Solaris have been fixed. Thanks Scott Severtson for the fix! * Build system: Creation and installation of a pkg-config file has been added. Thanks to Barak Pearlmutter for the patch. 1.6.2 * Build system: Setting capabilities and the set-UID bit has been made more fault-tolerant, so that it will work with Debian's fakeroot(1) utility. * src/liboping.c: Fixed a compiler warning about an non-static format string. Thanks to Brian Edwards for pointing this out. * src/liboping.c: Fixed compilation under Mac OS X and Solaris. Thanks to Clayton O'Neill for his patch. 1.6.1 * Build system: If "make install" is executed as root, the CAP_NET_RAW capability is added to the binary (on Linux) or the set-UID bit is set (other Unixes). * src/oping.c: Fix compiler warnings which may abort the build. Thanks to James Bromberger for reporting the problem. * noping: Compatibility with ncurses 5.8 has been fixed. Thanks to Gaetan Bisson for his patch. 1.6.0 * liboping: Improve timing of received network packets using SO_TIMESTAMP if available. Thanks to Bruno Prémont for his patch. 1.5.1 * oping, noping: Alias for the “Voice Admit” DSCP has been added. * src/oping.c, src/liboping.c: Compiler warnings / errors have been fixed. Thanks to James Bromberger for reporting one of them. 1.5.0 * src/liboping.c: The possibility to set the QoS byte of outgoing IPv4 and IPv6 packets and read the byte from incoming packets has been added. Thanks to Vladimir Melnikov for his patch. * oping, noping: Add the ability to configure the QoS field on the command line. If either the QoS field of outgoing or incoming packets is non-standard, the QoS byte of incoming packets will be printed. * liboping: The library has been relicensed under the LGPL 2.1. 1.4.0 * noping: A new front-end to liboping, using the ncurses library, has been added. The new command line application displays ping statistics online and highlights aberrant round-trip times. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

alfh added 13 commits February 15, 2014 15:45

media.cgi: htmlcleanup, change <B> tag to <b>, and fix attribute quot…

a4455e7

…ation

ids.cgi: htmlcleanup, change html tags from uppercase to lowercase

e6d8a42

fireinfo.cgi: htmlcleanup, change html tags from uppercase to lowercase

56914f1

ovpnmain.cgi: htmlcleanup, change html tags from uppercase to lowercase

973f711

pppsetup.cgi: htmlcleanup, change html tags from uppercase to lowercase

71cc320

remote.cgi: htmlcleanup, change html tags from uppercase to lowercase

c1a0726

services.cgi: htmlcleanup, change html tags from uppercase to lowercase

df26152

gui.cgi: htmlcleanup, change html tags from uppercase to lowercase

d2d0d63

iptables.cgi: htmlcleanup, change html tags from uppercase to lowercase

52ee27b

pppsetup.cgi: htmlcleanup, change html tags from uppercase to lowercase

6161430

logs.cgi: htmlcleanup, change html tags from uppercase to lowercase

b740cdd

cgi-bin and themes: Remove language attribute on script tag

2c01f46

cgi-bin: HTML cleanup, add quotes for attribute values

631b67b

ipfire merged commit 631b67b into ipfire:next Feb 17, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature htmlcleanup #11

Feature htmlcleanup #11

alfh commented Feb 15, 2014

Feature htmlcleanup #11

Feature htmlcleanup #11

Conversation

alfh commented Feb 15, 2014