Turris OS packages issueshttps://gitlab.nic.cz/turris/os/packages/-/issues2023-08-16T14:49:21+02:00https://gitlab.nic.cz/turris/os/packages/-/issues/333syslog-ng: update to version 3.20.12023-08-16T14:49:21+02:00Josef Schlehofersyslog-ng: update to version 3.20.1Pull request for upstream: https://github.com/openwrt/packages/pull/8335Pull request for upstream: https://github.com/openwrt/packages/pull/8335Turris OS 3.11.3https://gitlab.nic.cz/turris/os/packages/-/issues/307logread wrapper for LuCI packages2019-07-22T19:59:57+02:00Josef Schlehoferlogread wrapper for LuCI packagesI'm in touch with @dibdot and he said that Turris OS 4.x still doesn't have a wrapper for logread, which means e.g. **System Log** tab in LuCI is empty. He sent me a small [wrapper](/uploads/d13fb9996193f517aca3cda69dd8f325/logread), whi...I'm in touch with @dibdot and he said that Turris OS 4.x still doesn't have a wrapper for logread, which means e.g. **System Log** tab in LuCI is empty. He sent me a small [wrapper](/uploads/d13fb9996193f517aca3cda69dd8f325/logread), which we can re-use and copy it to /sbin. :-)
For now, I'm thinking about these solutions:
* add a dependency for syslog-ng to logread
* add logread to files in sys-log and copy it to /sbin
* and maybe more coming later?
I think this could also solve issues like this:
https://forum.turris.cz/t/logread-broken/1181/ (reproducible on Turris Omnia, TOS 3.11.2)
https://forum.turris.cz/t/combination-of-syslog-ng-luci-system-logging-configuration-mwan3/5975Turris OS 3.11.3https://gitlab.nic.cz/turris/os/packages/-/issues/301[version bump] bird {1.6.5|2.0.3}2019-05-15T18:45:58+02:00Ghost User[version bump] bird {1.6.5|2.0.3}Is there a reason for sticking to the 1.x branch and not making the transition to 2.x?
https://bird.network.cz/
7.1.2019 - New releases 2.0.3 and 1.6.5! Check NEWS files
> Version 1.6.5 (2019-01-05)
> o MRT table dumps (RFC 6396)...Is there a reason for sticking to the 1.x branch and not making the transition to 2.x?
https://bird.network.cz/
7.1.2019 - New releases 2.0.3 and 1.6.5! Check NEWS files
> Version 1.6.5 (2019-01-05)
> o MRT table dumps (RFC 6396)
> o BGP Long-lived graceful restart
> o Filter: Make ifname attribute modifiable
> o Improved keeping track of IPv6 link-local addresses
> o Many bugfixes
>
> Version 1.6.4 (2018-03-22)
> o Basic VRF support
> o Simplified autoconf scripts
> o BGP: Shutdown communication (RFC 8203)
> o BGP: Allow exchanging LOCAL_PREF with eBGP peers
> o BGP: Allow to specify interface for regular sessions
> o BGP: New option 'disable after cease'
> o RAdv: Support for more specific routes (RFC 4191)
> o RAdv: Proper handling of prefix retraction
> o Filter: Allow silent filter execution
> o Filter: Fixed stack overflow in BGP mask expressions
> o Several bug fixes
___
> Version 2.0.3 (2019-01-05)
> o MRT table dumps (RFC 6396)
> o BGP Long-lived graceful restart
> o BGP: Optional import table (Adj-RIB-In)
> o BGP: Extend 'next hop keep' and 'next hop self' options
> o BGP: Improved VRF support
> o OSPF: Authentication trailer for OSPFv3 (RFC 7166)
> o Babel: New option to randomize router ID
> o Filter: Custom route attributes
> o Filter: Support for src accessor to SADR source prefix
> o Filter: Support for VPN_RD sets
> o Filter: Make ifname attribute modifiable
> o Perf: Protocol to measure BIRD performance internally
> o More verbose error messages in config processing
> o Log file size limit / log rotation
> o Many bugfixes
>
> Notes:
>
> Export of routes to RS EBGP (route server) sessions from other sources than
> RS EBGP sessions was changed that ASN is no longer prepended to BGP_PATH in
> that case. The change does not affect regular BGP configurations or regular
> route servers that have only RS EBGP peers.
>
> For BGP route servers and route reflectors, the default value of option
> 'next hop keep' was changed to a more appropriate value.
>
> Attributes for OSPF and Babel metrics are no longer reset when exported to
> these protocols and could be set anywhere in BIRD. As a result, OSPF metric is
> kept when a route is reannounced between OSPF instances. Also, when route is
> exported to OSPF with both ospf_metric1 and ospf_metric2 attributes it is now
> propagated as OSPF-E2 route instead of as OSPF-E1 route.
>
> Compiling BIRD with --enable-debug no longer automatically activates debug
> mode (-d option) nor local mode (-l option). Also, debug mode with output to
> file (-D option) no longer not forces foreground mode (-f option).
>
> The configure script now uses standard option --runstatedir, the old option
> --with-runtimedir is deprecated.
>
>
> Version 2.0.2 (2018-03-22)
> o Source-specific routing support for Linux kernel and Babel
> o BGP: New option 'disable after cease'
> o Filter: Allow silent filter execution
> o Filter: Fixed stack overflow in BGP mask expressions.
> o Several bugfixes
>
> Notes:
>
> Syntax prefix:netmask for IPv4 prefixes was dropped. Just use prefix/pxlen.
>
>
> Version 2.0.1 (2018-01-16)
> o Linux MPLS kernel support
> o Better handling of channels inherited from templates
> o Default EBGP Route Propagation Behavior without Policies (RFC 8212)
> o Many bugfixes
>
> Notes:
>
> To satisfy requirements of RFC 8212, external BGP protocols now require
> explicit configuration of import and export policies.
>
>
> Version 2.0.0 (2017-12-11)
> o Integrated IPv4 + IPv6 design
> o Support for MPLS next hops
> o Support for VPNv4 and VPNv6 networks
> o Microsecond timers infrastructure
> o Basic VRF support
> o Babel: Support for dual-stack IPv4/IPv6
> o Babel: Many improvements and bugfixes
> o Major BGP protocol redesign
> o Full support for Multiprotocol BGP
> o BGP multicast support (SAFI 2)
> o BGP flowspec support (RFC 5575)
> o BGP with MPLS labels (RFC 3107)
> o BGP MPLS/VPN support (RFC 4364)
> o BGP 6PE - IPv6 NLRI over IPv4 MPLS (RFC 4798)
> o BGP IPv4 NLRI with an IPv6 Next Hop (RFC 5549)
> o BGP Confederations (RFC 5065)
> o BGP Shutdown communication (RFC 8203)
> o BGP: Allow exchanging LOCAL_PREF with eBGP peers
> o BGP: Allow to specify interface for regular sessions
> o OSPF: Support of address families in OSPFv3
> o OSPF: Enable ECMP and Link detection by default
> o RAdv: Support for more specific routes (RFC 4191)
> o RAdv: Proper handling of prefix retraction
> o RIP: Enable ECMP and Link detection by default
> o Redesign of RPKI handling
> o New RPKI-Router protocol
> o Static: Minor overhaul
> o Static: Support for all new route types
> o Kenrel: Default Linux kernel metric changed to 32
> o Kernel: Fix IPv6 ECMP handling with Linux 4.11+
> o Update of show route command
> o BIRD client persistent history
> o New build system
> o Unit tests
> o ...
>
> Notes:
>
> Tables are now defined with appropriate net type keyword. Protocols and tables
> are now connected by explicit channels, most related protocol options (table,
> import, export, ...) are now channel options. See doc/bird.conf.example2 for
> configuration examples. Some options were removed/replaced.Turris OS 3.11.3https://gitlab.nic.cz/turris/os/packages/-/issues/327netdata: update to version 1.12.02019-02-17T23:32:39+01:00Josef Schlehofernetdata: update to version 1.12.0Turris OS 3.11.3https://gitlab.nic.cz/turris/os/packages/-/issues/320unbound version bump 1.9.02019-02-11T16:47:47+01:00Ghost Userunbound version bump 1.9.0Unbound 1.9.0 is available:
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.9.0.tar.gz
sha256 415af94b8392bc6b2c52e44ac8f17935cc6ddf2cc81edfb47c5be4ad205ab917
pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.9.0.tar.gz.a...Unbound 1.9.0 is available:
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.9.0.tar.gz
sha256 415af94b8392bc6b2c52e44ac8f17935cc6ddf2cc81edfb47c5be4ad205ab917
pgp https://www.nlnetlabs.nl/downloads/unbound/unbound-1.9.0.tar.gz.asc
> This release contains the DNS Flag Day changes for Unbound. See the
> reference here, https://dnsflagday.net/ . Or this presentation:
> https://indico.dns-oarc.net/event/29/contributions/662/attachments/634/1063/EDNS_Flag_Day_-_OARC29.pdf
> . The EDNS timeouts are not used to fallback to nonEDNS queries.
>
> Out of order processing is implemented, for TCP and TLS. It can be
> configured with a maximum amount of memory to use to store pending
> answers, and the current memory usage is in the statistics output. This
> is with stream-wait-size in unbound.conf and mem.streamwait in
> unbound-control stats output. Streams that cause the total memory
> counted to exceed the maximum are dropped, but it is possible to get a
> number of responses with little memory used.
>
> There is also TLS session resumption support, that can be enabled with
> the tls-session-ticket-keys option. Together with the already existing
> TCP fast open, enabled with --enable-tfo-server --enable-tfo-client,
> that enables zero RTT stream reconnections to the server. Make sure to
> also increase incoming-num-tcp if you expect a lot of TCP and TLS users.
>
> Options are added to set the TLS ciphers and TLS ciphersuites from
> unbound.conf. This can be done with the tls-chiphers and
> tls-ciphersuites options.
>
> TLS can be used from libunbound, with the ub_ctx_set_tls config call,
> use that together with ub_ctx_set_fwd to select DNS over TLS transport.
>
>
> Features
> - log-tag-queryreply: yes in unbound.conf tags the log-queries and
> log-replies in the log file for easier log filter maintenance.
> - ip-ratelimit-factor of 1 allows all traffic through, instead of the
> previous blocking everything.
> - Fix #4206: **support openssl 1.0.2 for TLS hostname verification**,
> alongside the 1.1.0 and later support that is already there.
> - Add contrib/unbound-fuzzme.patch from Jacob Hoffman-Andrews,
> the patch adds a program used for fuzzing.
> - streamtcp option -a send queries consecutively and prints answers
> as they arrive.
> - out-of-order processing for TCP and TLS.
> - Add stream-wait-size: 4m config option to limit the maximum
> memory used by waiting tcp and tls stream replies. This avoids
> a denial of service where these replies use up all of the memory.
> - unbound-control stats has mem.streamwait that counts TCP and TLS
> waiting result buffers.
> - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
> options for unbound.conf.
> - Patch for TLS session resumption from Manabu Sonoda,
> enable with tls-session-ticket-keys in unbound.conf.
> - ub_ctx_set_tls call for libunbound that enables DoT for the machines
> set with ub_ctx_set_fwd. Patch from Florian Obser.
>
> Bug Fixes
> - Fix that unbound-checkconf does not complains if the config file
> is not placed inside the chroot.
> - Refuse to start with no ports.
> - Remove clang analysis warnings.
> - Patch for typo in unbound.conf man page.
> - Fix icon, no ragged edges and nicer resolutions available, for eg.
> Win 7 and Windows 10 display.
> - cache-max-ttl also defines upperbound of initial TTL in response.
> - Fix config parser memory leaks.
> - Fix for FreeBSD port make with dnscrypt and dnstap enabled.
> - **Fixup openssl 1.0.2 compile**
> - Fix for crash in dns64 module if response is null.
> - On FreeBSD warn if systcl settings do not allow server TCP FASTOPEN,
> and server tcp fastopen is enabled at compile time.
> - Document interaction between the tls-upstream option in the server
> section and forward-tls-upstream option in the forward-zone sections.
> - Fix syntax in comment of local alias processing.
> - Fix NSEC3 record that is returned in wildcard replies from
> auth-zone zones with NSEC3 and wildcards.
> - Log query name for looping module errors.
> - For caps-for-id fallback, use the whitelist to avoid timeout
> starting a fallback sequence for it.
> - increase mesh max activation count for capsforid long fetches.
> - Fix for #4219: secondaries not updated after serial change, unbound
> falls back to AXFR after IXFR gives several timeout failures.
> - Fix that auth zone after IXFR fallback tries the same master.
> - Fix for IXFR fallback to reset counter when IXFR does not timeout.
> - Newer aclocal and libtoolize used for generating configure scripts,
> aclocal 1.16.1 and libtoolize 2.4.6.
> - Fix unit test for python 3.7 new keyword 'async'.
> - clang analysis fixes, assert arc4random buffer in init,
> no check for already checked delegation pointer in iterator,
> in testcode check for NULL packet matches, in perf do not copy
> from NULL start list when growing capacity. Adjust host and file
> only when present in test header read to please checker. In
> testcode for unknown macro operand give zero result. Initialise the
> passed argv array in test code. In test code add EDNS data
> segment copy only when nonempty.
> - Patch from Florian Obser fixes some compiler warnings:
> include mini_event.h to have a prototype for mini_ev_cmp
> include edns.h to have a prototype for apply_edns_options
> sldns_wire2str_edns_keepalive_print is only called in the wire2str,
> module declare it static to get rid of compiler warning:
> no previous prototype for function
> infra_find_ip_ratedata() is only called in the infra module,
> declare it static to get rid of compiler warning:
> no previous prototype for function
> do not shadow local variable buf in authzone
> auth_chunks_delete and az_nsec3_findnode are only called in the
> authzone module, declare them static to get rid of compiler warning:
> no previous prototype for function...
> copy_rrset() is only called in the respip module, declare it
> static to get rid of compiler warning:
> no previous prototype for function 'copy_rrset'
> no need for another variable "r"; gets rid of compiler warning:
> declaration shadows a local variable in libunbound.c
> no need for another variable "ns"; gets rid of compiler warning:
> declaration shadows a local variable in iterator.c
> - Moved includes and make depend.
> - updated contrib/fastrpz.patch to cleanly diff.
> - remove compile warnings from libnettle compile.
> - output of newer lex 2.6.1 and bison 3.0.5.
> - Set build system for added call in the libunbound API.
> - List example config for root zone copy locally hosted with auth-zone
> as suggested from draft-ietf-dnsop-7706-bis-02. But with updated
> B root address.
> - Fixed spelling of tls-ciphers option in example.conf.Turris OS 3.11.3Jan PavlinecJan Pavlinec