-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
- bugfix: snort on red aliases #35
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Is there a bug report on the IPFire bug tracker for this? |
not that i know. at least i haven't found an open one... |
can be closed since fixed w/ c77e962 |
mtremer
pushed a commit
that referenced
this pull request
Apr 14, 2021
- Update from 2.3.3 to 2.3.3op2 - OpenPrinting statement from March 2021:- CUPS has new home at OpenPrinting Due to the fact that CUPS development at Apple has stopped since the beginning of 2020 we had forked CUPS some months ago to incorporate patches and fixes from the distributions. As Apple did not resume the upstream work on CUPS, we have made OpenPrinting now the official upstream home for CUPS. This especially means that we can now continue developing CUPS, independent of Apple. So we can add features and lead CUPS into the new architecture without PPD files and with Printer Applications. CUPS has a new home page now and what was formerly our fork is now the official CUPS repository. Upcoming releases will be of the new 2.4.x series, without “opX” suffix as now. Also all documentation files which come with it are updated to point to the OpenPrinting resources. - Update of rootfile not required. - Changelog Changes in CUPS v2.3.3op2 - Security: Fixed a buffer (read) overflow in the `ippReadIO` function (CVE-2020-10001) - Clarified the documentation for the "Listen" directive (Issue #53) - Fixed duplicate ColorModel entries for AirPrint printers (Issue 59) - Fixed directory/permission defaults for Debian kfreebsd-based systems (Issue #60, Issue #61) - Fixed crash bug in `ppdOpen` (Issue #64, Issue #78) - Fixed regression in `snprintf` emulation function (Issue #67) - The scheduler's systemd service file now waits for the nslcd service to start (Issue #69) - The libusb-based USB backend now uses a simpler read timer implementation to avoid a regression in a previous change (Issue #72) - The PPD caching code now only tracks the `APPrinterIconPath` value on macOS (Issue #73) - Fixed segfault in help.cgi when searching in man pages (Issue #81) - Root certificates were incorrectly stored in "~/.cups/ssl". Changes in CUPS v2.3.3op1 - The automated test suite can now be activated using `make test` for consistency with other projects and CI environments - the old `make check` continues to work as well, and the previous test server behavior can be accessed by running `make testserver`. - ippeveprinter now supports multiple icons and strings files. - ippeveprinter now uses the system's FQDN with Avahi. - ippeveprinter now supports Get-Printer-Attributes on "/". - ippeveprinter now uses a deterministic "printer-uuid" value. - ippeveprinter now uses system sounds on macOS for Identify-Printer. - Updated ippfind to look for files in "~/Desktop" on Windows. - Updated ippfind to honor `SKIP-XXX` directives with `PAUSE`. - Updated IPP Everywhere support to work around printers that only advertise color raster support but really also support grayscale (Issue #1) - ipptool now supports DNS-SD URIs like `ipps://My%20Printer._ipps._tcp.local` (Issue #5) - The scheduler now allows root backends to have world read permissions but not world execute permissions (Issue #21) - Failures to bind IPv6 listener sockets no longer cause errors if IPv6 is disabled on the host (Issue #25) - The SNMP backend now supports the HP and Ricoh vendor MIBs (Issue #28) - The scheduler no longer includes a timestamp in files it writes (Issue #29) - The systemd service names are now "cups.service" and "cups-lpd.service" (Issue #30, Issue #31) - The scheduler no longer adds the local hostname to the ServerAlias list (Issue #32) - Added `LogFileGroup` directive in "cups-files.conf" to control the group owner of log files (Issue #34) - Added `--with-max-log-size` configure option (Issue #35) - Added `--enable-sync-on-close` configure option (Issue #37) - Added `--with-error-policy` configure option (Issue #38) - IPP Everywhere PPDs could have an "unknown" default InputSlot (Issue #44) - The `httpAddrListen` function now uses a listen backlog of 128. - Added USB quirks (Apple issue #5789, #5823, #5831) - Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter. - Fixed DNS-SD name collision support in ippeveprinter. - Fixed compiler and code analyzer warnings. - Fixed TLS support on Windows. - Fixed ippfind sub-type searches with Avahi. - Fixed the default hostname used by ippeveprinter on macOS. - Fixed resolution of local IPP-USB printers with Avahi. - Fixed coverity issues (Issue #2) - Fixed `httpAddrConnect` issues (Issue #3) - Fixed web interface device URI issue (Issue #4) - Fixed lp/lpr "printer/class not found" error reporting (Issue #6) - Fixed xinetd support for LPD clients (Issue #7) - Fixed libtool build issue (Issue #11) - Fixed a memory leak in the scheduler (Issue #12) - Fixed a potential integer overflow in the PPD hashing code (Issue #13) - Fixed output-bin and print-quality handling issues (Issue #18) - Fixed PPD options getting mapped to odd IPP values like "tray---4" (Issue #23) - Fixed remote access to the cupsd.conf and log files (Issue #24) - Fixed the automated test suite when running in certain build/CI environments (Issue #25) - Fixed a logging regression caused by a previous change for Apple issue #5604 (Issue #25) - Fixed fax phone number handling with GNOME (Issue #40) - Fixed potential rounding error in rastertopwg filter (Issue #41) - Fixed the "uri-security-supported" value from the scheduler (Issue #42) - Fixed IPP backend crash bug with "printer-alert" values (Issue #43) - Removed old Solaris inetconv(1m) reference in cups-lpd man page (Issue #46) - Fixed default options that incorrectly use the "custom" prefix (Issue #48) - Fixed a memory leak when resolving DNS-SD URIs (Issue #49) - Fixed systemd status reporting by adopting the notify interface (Issue #51) - Fixed crash in rastertopwg (Apple issue #5773) - Fixed cupsManualCopies values in IPP Everywhere PPDs (Apple issue #5807) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
mtremer
pushed a commit
that referenced
this pull request
May 14, 2021
- Update from 0.2.7 to 0.2.10 - Convert from python-inotify to python3-inotify make.sh, lfs & rootfiles - Update rootfiles - Changelog 0.2.8: - We now just *skip* the event if not known - Implement InotifyTree and InotifyTrees as sub-classes of new BaseTree class - Made InotifyTree and InotifyTrees sub-classes of new base class BaseTree - Recursively watch a list of paths/trees 0.2.9: - Added getter for Inotify object from tree objects - Added note to docs about race-conditions. Added small change for redundant adds. - Slightly reorganized documentation. Updated example. - Merge pull request #35 from dsoprea/dustin. Added extensive unit-test coverage. Closes all bug requests. - Added large amount of unit-test coverage. - Now handle rename-specific events. - Can now also ignore issues with new directories not existing if you're created *and* deleted or renamed a folder since the last time events were read. - Adjusted requirements for simplicity. - Added Python 3 compatibility. - Fixed Unicode support. - Can now provide `filter_predicate` to event_gen() to allow custom loop termination based on events. - We'll now terminate the loop when certain events are encountered. These events are passed into event_gen() as `terminal_events`. By default these are the IN_Q_OVERFLOW and IN_UNMOUNT types. - Fixes #28 - Fixes #23 - Fixes #22 - Fixes #19 - Fixes #16 - Fixes #15 - Fixes #5 - Check presence of both glibc errno and musl libc err - Support for musl libc (Alpine Linux) - Merge pull request #27 from jessesuen/master. Support for musl libc (Alpine Linux) - Check presence of both glibc errno and musl libc err - Merge pull request #26 from hathcock/hathcock/issue-25. resolves #25, list of binary paths can't be logged with existing call - Support for musl libc (Alpine Linux) - Resolves #25, list of binary paths can't be logged with existing call 0.2.10: - Merge pull request #34 from davidparsson/ feature/support-moved-directories - Support MOVED_FROM and MOVED_TO in BaseTree - events: Now log event types from epoll vs data stream. - This release implicitly fixed the botched binary package released in 0.2.9 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
mtremer
pushed a commit
that referenced
this pull request
Jan 2, 2022
- Update from 4.17.0 to 4.18.0 - Update of rootfile - Changelog - Full details can be found in the ChangeLog file in the source tarball * Noteworthy changes in release 4.18.0 (2021-11-09) [stable] - Improve GTK-DOC manual. Closes: #35. - Improve --help and --version for tools with gnulib. Closes: #37. - Update gnulib files and various maintenance fixes. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
mtremer
pushed a commit
that referenced
this pull request
Apr 24, 2022
- Update from 10.39 to 10.40 - Update of rootfile - Changelog Version 10.40 15-April-2022 1. Merged patch from @carenas (GitHub #35, 7db87842) to fix pcre2grep incorrect handling of multiple passes. 2. Merged patch from @carenas (GitHub #36, dae47509) to fix portability issue in pcre2grep with buffered fseek(stdin). 3. Merged patch from @carenas (GitHub #37, acc520924) to fix tests when -S is not supported. 4. Revert an unintended change in JIT repeat detection. 5. Merged patch from @carenas (GitHub #52, b037bfa1) to fix build on GNU Hurd. 6. Merged documentation and comments patches from @carenas (GitHub #47). 7. Merged patch from @carenas (GitHub #49) to remove obsolete JFriedl test code from pcre2grep. 8. Merged patch from @carenas (GitHub #48) to fix CMake install issue #46. 9. Merged patch from @carenas (GitHub #53) fixing NULL checks in matching and substituting. 10. Add null_subject and null_replacement modifiers to pcre2test. 11. Add check for NULL subject to POSIX regexec() function. 12. Add check for NULL replacement to pcre2_substitute(). 13. For the subject arguments of pcre2_match(), pcre2_dfa_match(), and pcre2_substitute(), and the replacement argument of the latter, if the pointer is NULL and the length is zero, treat as an empty string. Apparently a number of applications treat NULL/0 in this way. 14. Added support for Bidi_Class and a number of binary Unicode properties, including Bidi_Control. 15. Fix some minor issues raised by clang sanitize. 16. Very minor code speed up for maximizing character property matches. 17. A number of changes to script matching for \p and \P: (a) Script extensions for a character are now coded as a bitmap instead of a list of script numbers, which should be faster and does not need a loop. (b) Added the syntax \p{script:xxx} and \p{script_extensions:xxx} (synonyms sc and scx). (c) Changed \p{scriptname} from being the same as \p{sc:scriptname} to being the same as \p{scx:scriptname} because this change happened in Perl at release 5.26. (d) The standard Unicode 4-letter abbreviations for script names are now recognized. (e) In accordance with Unicode and Perl's "loose matching" rules, spaces, hyphens, and underscores are ignored in property names, which are then matched independent of case. 18. The Python scripts in the maint directory have been refactored. There are now three scripts that generate pcre2_ucd.c, pcre2_ucp.h, and pcre2_ucptables.c (which is #included by pcre2_tables.c). The data lists that used to be duplicated are now held in a single common Python module. 19. On CHERI, and thus Arm's Morello prototype, pointers are represented as hardware capabilities, which consist of both an integer address and additional metadata, meaning they are twice the size of the platform's size_t type, i.e. 16 bytes on a 64-bit system. The ovector member of heapframe happens to only be 8 byte aligned, and so computing frame_size ended up with a multiple of 8 but not 16. Whilst the first frame was always suitably aligned, this then misaligned the frame that follows, resulting in an alignment fault when storing a pointer to Fecode at the start of match. Patch to fix this issue by Jessica Clarke PR#72. 20. Added -LP and -LS listing options to pcre2test. 21. A user discovered that the library names in CMakeLists.txt for MSVC debugger (PDB) files were incorrect - perhaps never tried for PCRE2? 22. An item such as [Aa] is optimized into a caseless single character match. When this was quantified (e.g. [Aa]{2}) and was also the last literal item in a pattern, the optimizing "must be present for a match" character check was not being flagged as caseless, causing some matches that should have succeeded to fail. 23. Fixed a unicode properrty matching issue in JIT. The character was not fully read in caseless matching. 24. Fixed an issue affecting recursions in JIT caused by duplicated data transfers. 25. Merged patch from @carenas (GitHub #96) which fixes some problems with pcre2test and readline/readedit: * Use the right header for libedit in FreeBSD with autoconf * Really allow libedit with cmake * Avoid using readline headers with libedit Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
mtremer
pushed a commit
that referenced
this pull request
Dec 27, 2022
- Update from version 23.4 to 23.6 - Update of rootfile - Changelog Changes in 23.6 * buildsys: Fix DEJAGNU work-around Debian #1015089 * killall: Use kill if pidfd_send_signal fails Debian #1015228 * fuser: Do not mention nonexistent - reset option #42 * fuser: Use modern statn where possible * pstree: Better AppArmor support !30 Changes in 23.5 * killall: Check truncated names !28 * killall: Use openat and pidfd_send_signal #37 * killall: Don't check paths of sockets #35 * pstree: Check for process with show_parents #38 * pstree: Don't disable compaction with show pgids #34 * pstree: Fix storage leak !29 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
mtremer
pushed a commit
that referenced
this pull request
Apr 18, 2023
- Update from version 2.3.2 to 2.3.3 - Update of rootfile - Changelog 2.3.3 1. src/slposdir.c: stat_file now support open file descriptors, in addition to filenames. 2. src/sltoken.c: Ignore the \r character in multiline strings that appear to have CRLF line terminators. (Manfred Hanke) 3. *.tm: minor documentation updates 4. src/slang.h: SLANG_VERSION_STRING was missing the "pre" prefix. 5. src/sltermin.c: Added support for TERMINFO_DIRS (based upon a patch forwarded by Jörg Thalheim) 6. src/slarray.c: src/slarray.c: some integer overflow checks were resulting undefined behavior (reported by Sergey) 7. modules/csv.sl: Strip leading/trailing whitespace from column names 8. src/slsmg.c,sldisply.c: Removed static buffers with sizes dependent upon SLTT_MAX_SCREEN_ROWS/COLS in favor of dynamically allocated ones. 9. modules/chksum-module: added CRC-8,16,32 checksums to the chksum module 10. modules/csv.sl: An error message in the form of a dollar-string was not marked as such. 11. modules/csv.sl: Added support for empty CSV files 12. src/sltime.c: The timegm function will ignore the tm_wday and tm_yday fields, and instead use the tm_mon and tm_mday fields. 13. modules/mkfiles/makefile.all: Added a target for chksum_crc.o for win32/64 platforms (see change #9) 14. modules/chksum-module.c: The memset function was used with the wrong structure size causing a buffer overflow on 32 bit systems. 15. src/terminfo/parsecaps.sl: Tweaked an auto-generated comment produced by parsecaps.sl to produce a more deterministic build (Ian Rogers). 16. src/slarray.c: Changed two instances of index errors to throw an IndexError exception instead of InvalidParmError exception. 17. src/slposdir.c; The statvfs function was returning a struct with duplicated f_bsize fields. 18. *.c: In switch statements, changed the /* drop */ comment to /* fall through */ to avoid gcc-8 warnings. 19. modules/csv.sl: If a comment string appears at the start of a line forming a multiline string, then treat it as part of the string. 20. slsh/lib/timestamp.sl: Added a function timestamp_parse that parses strings such as `Thu May 14 18:05:05 2020` and returns the number of seconds since the Unix epoch. 21. src/slregexp.c: Added \D (non-digit), \s (whitespace), and \S (non-whitespace). 22. src/slstrops.c: Added a compiled regexp cache 23. src/slstdio.c: Added trim qualifier to the fgetlines intrinsic: ;trim=1 ==> trim trailing whitespace ;trim=2 ==> trim leading whitespace ;trim=3 ==> trim leading and trailing whitespace 24. slsh/lib/timestamp.sl: When matching a regexp to a timestamp, start with the RE that was used in the previous match. 25. Another timestamp RE tweak to pickup additional irregular forms 26. modules/csv.sl: If a CSV file has a byte-order mark (BOM), ignore it. 27. src/sldisply.c: Increased the buffer size for the SLtt_tgoto function to allow for larger terminfo strings 28. modules/Makefile.in: Added STATS_OBJS to the clean target 29. src/slstrops.c: The is_substr function was not handling a NULL argument 30. slsh/lib/timestamp.sl: Corrected a regular expression for a timestamp with "Z" as the timezone. 31. modules/csv-module.c: Fields with an embedded \r were not being properly handled. 32. src/slarray.c: Improved the speed of multi-dimensional array indexing by about a factor of 2 33. slsh/lib/timestamp.sl: The computation of leap days was incorrect for some years 34. src/slang.h: Added `typedef void (*SLFVOID_STAR)(void)', which will replace FVOID_STAR in version 3. The library code was updated to use this. 35. slsh/lib/fswalk.sl: Added an optional callback argument to the fswalk that is called when leaving a directory. 36. modules/termios-module.c: Avoid a potential problem with the tcgetpgrp intrinsic in the unlikely case that sizeof(pid_t) is larger than sizeof(int). 37. src/slarray.c: Simplified the range checking in the linear_get_data_addr function and removed unused code. 38. Updated the copyright year 39. slsh/lib/fswalk.sl: Change #35 regression: The get_stat function was being called with the wrong number of arguments. 40. src/slarith.c: Additional binary arithmetic optimizations involving arrays of char and short. 41. src/slang.c,slarray.c: Added qualifier support to the array_map function. 42. src/slang.c: Flagged the use of an uninitialized variable as soon as it is accessed ("pushed") rather than waiting until it is used ("popped"). Fixed a bug in slsh/lib/setfuns.sl:union that was detected by this change. 43. src/sl-feat.h: Floating point support by the interpreter is now required. The library has not compiled without it for a long time. As such, this option is no longer available. 44. */test/*.sl: Surrounded regression test code that makes use of complex numbers with `#ifexists Complex_Type' so that they run when the interpreter is compiled without complex variable support. 45. src/slarray.c: The _pSLarray1d_push_elem needed to be exposed when compiling the interpreter without optimization. 46. src/slarith.c,...: Rewrote the various macros used by this file to simplify the code, permit better optimization, and easier maintenance. Some of the loops were also unrolled. 47. src/slarray.c: Made the array bounds index checking code more uniform for better readability. 48. src/slarray.c: The previous change introduced a bug that caused array indexing with no (empty) indices to fail. 49. modules/chksum-module.c: When a CRC object went out of scope without being closed, it would leave its value on the stack. 50. slsh/lib/process.sl: If the file descriptor that is used to communicate messages from the child process back to the parent is requested by the caller, then dup an unused one. To facilitate testing, two additional hooks were added: exit_hook and exec_hook. 51. slsh/lib/cmdopt.sl: If a command line option is associated with a callback function, and the value of the command line argument is optional, pass the default value to the callback if not given on the command line. 52. modules: Added cumulant function to the stats module; updated regression scripts/unit tests for better code coverage; fixed a bug in the _zlib_inflate_reset function where deflateReset was being called instead of inflateReset. 53. slsh/lib: Updated unit/regression tests for better coverage 54. slsh/lib/print.sl: Use >= instead of > when comparing the number of screen rows to determine if the pager should be used. 55. modules/chksum-module: Added sha224, sha256, sha384, and sha512 algorithms kindly provided by Jakob Stierhof 56. modules/chksum-module: Added HMAC message authentication code algorithm (Jakob Stierhof) 57. modules/mkfiles/makefile.all: Added chksum_sha2 to the non-Unix makefile. 58. src/slgetkey.c: Use memmove instead of SLMEMCPY to avoid issues with coping to an overlapping buffer. (William Ahern) 59. modules/pcre.sl: The options qualifier was not being properly handled by the pcre_matches function. 60. src/_slang.h,etc: replaced the dependence of the internal _pSLang_get_run_stack* functions, which return absolute pointers, in favor of relative offsets. 61. src/slang.c: Made the run-time stack dynamically growable up to a maximum configured size. 62. modules/: Documentation updates 63. src/: Added _set_bos/f_compile_hook functions to specify a function to get called when a statement or function gets compiled. 64. src/sllimits.h: Reduced the initial stack size to a value similar to what it was before change #61. 65. src/slarrfun.c: array_swap was returning a copy of the input array when when swapping an array element with itself (bug reported by Jakob Stierhof) 66. modules/csv.sl: If _csv_decode_row fails, include in the error message the line number of the file where the error was detected 67. modules/socket-module.c: Corrected an error message for the bind function 68. Updated the copyright year 69. Added slcov script which generates lcov-compatible code coverage data 70. autoconf/aclocal.m4: Updated to v0.3.4.1 71. slsh/Makefile.in: Changed the order of the linker flags to avoid a linking problem on MacPorts (Ryan Schmidt) 72. slsh/lib/cmdopt.sl: Corrected a usage message 73. src/slposio.c: Added the flock function for the creation of advisory locks 74. src/slcurses.h: Added 'extern "C"' to enable the file to be used in C++ programs; also marked some variables as dynamically exportable by using SL_EXTERN (Gisle Vanem) 75. src/slstrops.c: "%0*" was being flagged as invalid by the sprintf function (Jakob Stierhof) 76. modules/csv.sl: When writing a CSV file with a single row, convert any scalar data values to single element arrays. 77. src/Makefile.in, slsh/Makefile.in: Addressed some dependency problems found by `make --shuffle` that were causing parallel builds to fail (Sergei Trofimovich) 78. src/slarray.c: Flag out-of-range indexing of indefinite ranges involving negative indexes, e.g., x = [1]; y = x[[-2:]]; Previousely this resulted in y = [1,1] instead of an error. 79. modules/csv.sl: Avoid indexing an empty array with a negative index (detected by change #78) 80. src/slarray:c: #78 was flagging x[[:-2]] as invalid instead of producing an empty array for x=[1] 81. src/slarray.c: Tweaked the handling of negative indices in indefinite ranges such that x[[:-i]] will produce an empty array wheneve i > length(x) 82. src/sltermin.c: Added support for so-called user-defined terminfo extensions. In particular, if the terminfo file defines RGB=true, then truecolor support will be enabled. 83. src/sldisply.c: The Has_True_Color variable was not defined for 32 bit systems 84. modules/csv.sl: Improved read speed for large CSV files 85. src/test/posixio.sl: Do not test the flock function using an NFS mounted direcory, which requires lockd to be running on the server Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
snort was not working on red aliases.
make snort protect the whole red subnet if red IP configuration is static (including all aliases) and not only main red IP.