this patch add nanopi r2c plus support.
if this u-boot is installed on the eMMC this is also
supported.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 4.17.5 to 4.18.1
- Update of rootfile
some libraries now use x86-64 instead of x86_64 but most are still left with x86_64
Good thing that we create a separate version of the rootfile for each architecture
because it is no longer just the arm version that is unique but also the x86_64 one.
- Since version 4.17.0 it has been possible to do a build excluding SMB1 server capability.
As SMB1 is insecure and has known exploits including ransomeware based ones it seems
reasonable to build samba without SMB1 server capability for use on a firewall.
The option to build wiythout SMB1 server capability has been added to the LFS file.
- Changelog
Release Notes for Samba 4.18.1
This is a security release in order to address the following defects:
o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
but otherwise unprivileged users to delete this attribute from
any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was
insufficient and an attacker may be able to obtain
confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should
assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
* BUG 15276: CVE-2023-0225.
* BUG 15270: CVE-2023-0614.
* BUG 15331: ldb wildcard matching makes excessive allocations.
* BUG 15332: large_ldap test is inefficient.
* BUG 15315: CVE-2023-0922.
* BUG 15270: CVE-2023-0614.
* BUG 15276: CVE-2023-0225.
Release Notes for Samba 4.18.0
NEW FEATURES/CHANGES
SMB Server performance improvements
The security improvements in recent releases
(4.13, 4.14, 4.15, 4.16), mainly as protection against symlink races,
caused performance regressions for metadata heavy workloads.
While 4.17 already improved the situation quite a lot,
with 4.18 the locking overhead for contended path based operations
is reduced by an additional factor of ~ 3 compared to 4.17.
It means the throughput of open/close
operations reached the level of 4.12 again.
More succinct samba-tool error messages
Historically samba-tool has reported user error or misconfiguration by
means of a Python traceback, showing you where in its code it noticed
something was wrong, but not always exactly what is amiss. Now it
tries harder to identify the true cause and restrict its output to
describing that. Particular cases include:
* a username or password is incorrect
* an ldb database filename is wrong (including in smb.conf)
* samba-tool dns: various zones or records do not exist
* samba-tool ntacl: certain files are missing
* the network seems to be down
* bad --realm or --debug arguments
Accessing the old samba-tool messages
This is not new, but users are reminded they can get the full Python
stack trace, along with other noise, by using the argument '-d3'.
This may be useful when searching the web.
The intention is that when samba-tool encounters an unrecognised
problem (especially a bug), it will still output a Python traceback.
If you encounter a problem that has been incorrectly identified by
samba-tool, please report it on https://bugzilla.samba.org.
Colour output with samba-tool --color
For some time a few samba-tool commands have had a --color=yes|no|auto
option, which determines whether the command outputs ANSI colour
codes. Now all samba-tool commands support this option, which now also
accepts 'always' and 'force' for 'yes', 'never' and 'none' for 'no',
and 'tty' and 'if-tty' for 'auto' (this more closely matches
convention). With --color=auto, or when --color is omitted, colour
codes are only used when output is directed to a terminal.
Most commands have very little colour in any case. For those that
already used it, the defaults have changed slightly.
* samba-tool drs showrepl: default is now 'auto', not 'no'
* samba-tool visualize: the interactions between --color-scheme,
--color, and --output have changed slightly. When --color-scheme is
set it overrides --color for the purpose of the output diagram, but
not for other output like error messages.
New samba-tool dsacl subcommand for deleting ACES
The samba-tool dsacl tool can now delete entries in directory access
control lists. The interface for 'samba-tool dsacl delete' is similar
to that of 'samba-tool dsacl set', with the difference being that the
ACEs described by the --sddl argument are deleted rather than added.
No colour with NO_COLOR environment variable
With both samba-tool --color=auto (see above) and some other places
where we use ANSI colour codes, the NO_COLOR environment variable will
disable colour output. See https://no-color.org/ for a description of
this variable. `samba-tool --color=always` will use colour regardless
of NO_COLOR.
New wbinfo option --change-secret-at
The wbinfo command has a new option, --change-secret-at=<DOMAIN CONTROLLER>
which forces the trust account password to be changed at a specified domain
controller. If the specified domain controller cannot be contacted the
password change fails rather than trying other DCs.
New option to change the NT ACL default location
Usually the NT ACLs are stored in the security.NTACL extended
attribute (xattr) of files and directories. The new
"acl_xattr:security_acl_name" option allows to redefine the default
location. The default "security.NTACL" is a protected location, which
means the content of the security.NTACL attribute is not accessible
from normal users outside of Samba. When this option is set to use a
user-defined value, e.g. user.NTACL then any user can potentially
access and overwrite this information. The module prevents access to
this xattr over SMB, but the xattr may still be accessed by other
means (eg local access, SSH, NFS). This option must only be used when
this consequence is clearly understood and when specific precautions
are taken to avoid compromising the ACL content.
Azure Active Directory / Office365 synchronisation improvements
Use of the Azure AD Connect cloud sync tool is now supported for
password hash synchronisation, allowing Samba AD Domains to synchronise
passwords with this popular cloud environment.
REMOVED FEATURES
smb.conf changes
Parameter Name Description Default
acl_xattr:security_acl_name New security.NTACL
server addresses New
CHANGES SINCE 4.18.0rc4
* BUG 15314: streams_xattr is creating unexpected locks on folders.
* BUG 15310: New samba-dcerpc architecture does not scale gracefully.
CHANGES SINCE 4.18.0rc3
* BUG 15308: Avoid that tests fail because other tests didn't do cleanup on
failure.
* BUG 15311: fd_load() function implicitly closes the fd where it should not.
CHANGES SINCE 4.18.0rc2
* BUG 15301: Improve file_modtime() and issues around smb3 unix test.
* BUG 15299: Spotlight doesn't work with latest macOS Ventura.
* BUG 15298: Build failure on solaris with tevent 0.14.0 (and ldb 2.7.0).
(tevent 0.14.1 and ldb 2.7.1 are already released...)
* BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of
fsp_get_pathref_fd() in close and fstat.
* BUG 15291: test_chdir_cache.sh doesn't work with SMBD_DONT_LOG_STDOUT=1.
* BUG 15301: Improve file_modtime() and issues around smb3 unix test.
CHANGES SINCE 4.18.0rc1
* BUG 10635: Office365 azure Password Sync not working.
* BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
* BUG 15293: With clustering enabled samba-bgqd can core dump due to use
after free.
Release Notes for Samba 4.17.7
This is a security release in order to address the following defects:
o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
but otherwise unprivileged users to delete this attribute from
any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was
insufficient and an attacker may be able to obtain
confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should
assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
* BUG 15276: CVE-2023-0225.
* BUG 15270: CVE-2023-0614.
* BUG 15331: ldb wildcard matching makes excessive allocations.
* BUG 15332: large_ldap test is inefficient.
* BUG 15315: CVE-2023-0922.
* BUG 14810: CVE-2020-25720 [SECURITY] Create Child permission should not
allow full write to all attributes (additional changes).
* BUG 15270: CVE-2023-0614.
* BUG 15276: CVE-2023-0225.
Release Notes for Samba 4.17.6
* BUG 15314: streams_xattr is creating unexpected locks on folders.
* BUG 10635: Use of the Azure AD Connect cloud sync tool is now supported for
password hash synchronisation, allowing Samba AD Domains to synchronise
passwords with this popular cloud environment.
* BUG 15299: Spotlight doesn't work with latest macOS Ventura.
* BUG 15310: New samba-dcerpc architecture does not scale gracefully.
* BUG 15307: vfs_ceph incorrectly uses fsp_get_io_fd() instead of
fsp_get_pathref_fd() in close and fstat.
* BUG 15293: With clustering enabled samba-bgqd can core dump due to use
after free.
* BUG 15311: fd_load() function implicitly closes the fd where it should not.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.5 to 3.6
- Update of rootfile
- Changelog
Noteworthy changes in release 3.6 (2023-04-10) [stable]
Promoting alpha release to stable release 3.6
Noteworthy changes in release 3.5.28 (2023-03-24) [alpha]
New Features
Support GPT partition attribute bit 63 as no_automount flag.
Add type commands to set type-id on MS-DOS and type-uuid on GPT.
Add swap flag support to the dasd disklabel
Add display of GPT disk and partition UUIDs in JSON output
Bug Fixes
Fix use of enums in flag limits by switching to using #define
Fix ending sector location when using kibi IEC suffix
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.10.1 to 1.10.2
- Update of rootfile
- Changelog
Noteworthy changes in version 1.10.2 (2023-04-06) [C24/A4/R2]
* Bug fixes:
- Fix Argon2 for the case output > 64. [rC13b5454d26]
- Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44]
- Fix RSA key generation failure in forced FIPS mode. [T5919]
- Fix gcry_pk_hash_verify for explicit hash. [T6066]
- Fix a wrong result of gcry_mpi_invm. [T5970]
- Allow building with --disable-asm for HPPA. [T5976]
- Fix Jitter RNG for building native on Windows. [T5891]
- Allow building with -Oz. [T6432]
- Enable the fast path to ChaCha20 only when supported. [T6384]
- Use size_t to avoid counter overflow in Keccak when directly
feeding more than 4GiB. [T6217]
* Other:
- Do not use secure memory for a DRBG instance. [T5933]
- Do not allow PKCS#1.5 padding for encryption in FIPS mode.
[T5918]
- Fix the behaviour for child process re-seeding in the DRBG.
[rC019a40c990]
- Allow verification of small RSA signatures in FIPS mode. [T5975]
- Allow the use of a shorter salt for KDFs in FIPS mode. [T6039]
- Run digest+sign self tests for RSA and ECC in FIPS mode.
[rC06c9350165]
- Add function-name based FIPS indicator function.
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered
an ABI changes because the new FIPS features were not yet
approved. [rC822ee57f07]
- Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397]
- Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9]
- Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a]
- Check minimum allowed key size in PBKDF in FIPS mode.
[T6039,T6219]
- Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba]
- Prefer gpgrt-config when available. [T5034]
- Mark AESWRAP as approved FIPS algorithm. [T5512]
- Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332]
- Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25]
- Remove GCM mode from the allowed FIPS indicators. [rC1540698389]
- Add explicit FIPS indicators for hash and MAC algorithms. [T6376]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.46 to 1.47
- Update of rootfile
- Changelog
Noteworthy changes in version 1.47 (2023-04-06) [C34/A34/R0]
* New error codes for PUKs and reset codes. [T6421]
* Avoid segv in logging with improper use of the "socket://".
[rE68333be630]
* Fixed translation of argparse's internal option --help.
[rE885a287a57]
* Interface changes relative to the 1.46 release:
GPG_ERR_SOURCE_TKD NEW.
GPG_ERR_BAD_PUK NEW.
GPG_ERR_NO_RESET_CODE NEW.
GPG_ERR_BAD_RESET_CODE NEW.
GPGRT_SPAWN_KEEP_STDIN NEW.
GPGRT_SPAWN_KEEP_STDOUT NEW.
GPGRT_SPAWN_KEEP_STDERR NEW.
GPGRT_SPAWN_INHERIT_FILE NEW.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-1
"Features
Expose 'statistics-inhibit-zero' as a configuration option; the default
value retains Unbound's behavior.
Expose 'max-sent-count' as a configuration option; the default value
retains Unbound's behavior.
Merge #461 from Christian Allred: Add max-query-restarts option.
Exposes an internal configuration but the default value retains
Unbound's behavior.
Merge #569 from JINMEI Tatuya: add keep-cache option to
'unbound-control reload' to keep caches.
Bug Fixes
Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
extension.
In unit test, print python script name list correctly.
testcode/dohclient sets log identity to its name.
Clarify the use of MAX_SENT_COUNT in the iterator code.
Fix that cachedb does not store failures in the external cache.
Merge #767 from jonathangray: consistently use IPv4/IPv6 in
unbound.conf.5.
Fix to ignore tcp events for closed comm points.
Fix to make sure to not read again after a tcp comm point is closed.
Fix#775: libunbound: subprocess reap causes parent process reap to
hang.
iana portlist update.
Complementary fix for distutils.sysconfig deprecation in Python 3.10 to
commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
Fix#779: [doc] Missing documention in ub_resolve_event() for callback
parameter was_ratelimited.
Ignore expired error responses.
Merge #720 from jonathangray: fix use after free when WSACreateEvent()
fails.
Fix for the ignore of tcp events for closed comm points, preserve the
use after free protection features.
Fix#782: Segmentation fault in stats.c:404.
Add SVCB and HTTPS to the types removed by 'unbound-control flush'.
Clear documentation for interactivity between the subnet module and the
serve-expired and prefetch configuration options.
Fix#773: When used with systemd-networkd, unbound does not start until
systemd-networkd-wait-online.service times out.
Merge #808: Wrap Makefile script's directory variables in quotes.
Fix to wrap Makefile scripts directory in quotes for uninstall.
Fix windows compile for libunbound subprocess reap comm point closes.
Update github workflows to use checkout v3.
Fix wildcard in hyperlocal zone service degradation, reported by Sergey
Kacheev."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- powertop requires debug_fs to be enabled in the kernel for it to function. In Core
Update 171 debug_fs was disabled as a security risk for a firewall application.
- Based on the above powertop has stopped functioning since Core Update 171. Discussed
at IPFire Developers monthly conf call for April and agreed to remove the addon as
debug_fs will not be re-enabled.
- removal of lfs and rootfiles and removal of powertop line in make.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
In a future Core Update, the following remnants of OpenSSL 1.1.1 need to
be removed:
/usr/lib/engines-1.1/afalg.so
/usr/lib/engines-1.1/capi.so
/usr/lib/engines-1.1/padlock.so
/usr/lib/libcrypto.so.1.1
/usr/lib/libssl.so.1.1
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Compiling the kernel has automatically introduced
CONFIG_INIT_STACK_ALL_ZERO=y and removed GCC's structleak plugin (not to
be confused with its stackleak counterpart). However, according to
related documentation, this neither introduces a security nor
performance disadvantage.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- removal of EX-addonsvc.menu entry in config/menu/ as the lfs file for this could not be
found in the IPFire git repo all the way back to CU30
- removal of EX-addonsvc.menu, EX-asterisk.menu and EX-bluetooth.menu which are no longer
in IPfire for two years or longer.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.23.12 to 1.27.100
- Update of rootfile
- Changelog is over 2000 lines long. For details please see the CHNGELOG.rst file in the
source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 10.0.0 to 10.01.1
- Update of rootfile
- Changelog highlights is only shown in the website. For more details of the changes made
you bhave to go and look at the commit log
https://git.ghostscript.com/?p=ghostpdl.git;a=shortlog;h=refs/heads/master
Version 10.01.0 (2023-03-22)
Highlights in this release include:
We've continued to improve the performance of the PDF interpreter written in
C and improve it's behaviour in edge and out-of-specification cases.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental
improvements.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.6.1 to 1.6.3
- Update of rootfile
- Changelog
1.6.3
*) Correct a packaging issue in 1.6.2. The contents of the release were
correct, but the top level directory was misnamed.
1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
*) Teach configure how to find and build against MariaDB 10.2. PR 61517
[Kris Karas <bugs-a17 moonlit-rail.com>]
*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
prevented commoncrypto being enabled. [Graham Leggett]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
apr_dbm_gdbm will now also return error codes starting with
APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always
returning APR_EGENERAL. [Stefan Fritsch]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.0.32 to 2.0.34
- Update of rootfile
- Changelog
2.0.34 2022-09-15 Ted Felix <ted@tedfelix.com>
- 2.0.34 release
(configure.ac) (Ted Felix)
- Add MSG_CMSG_CLOEXEC for systems that are missing it.
(libnetlink.h libnetlink.c kacpimon/libnetlink.h
kacpimon/libnetlink.c)
(Fabrice Fontaine <fontaine.fabrice@gmail.com>)
- Fix a bug with input layer event table not working on 32-bit builds
with 64-bit time types. (input_layer.c) (Ted Felix)
- Use binary search to find input layer events in the table.
(input_layer.c) (Ted Felix)
- Use AC_PROG_CC instead of the obsolete AC_PROG_CC_STDC.
(configure.ac) (Ted Felix)
- Add support for more input layer events. (input_layer.c)
(Ted Felix)
2.0.33 2021-09-15 Ted Felix <ted@tedfelix.com>
- 2.0.33 release
(configure.ac) (Ted Felix)
- Detect newer GNOME power manager.
(powerbtn.sh) (Andrey Utkin <andrey_utkin@gentoo.org>)
- openrc-shutdown: Set shutdown time to 'now'.
(powerbtn.sh) (Jonathan Davies <jpds@protonmail.com>)
- Attempt to open input layer devices whose permissions have changed.
(inotify_handler.c) (Torsten Hilbrich <torsten.hilbrich@secunet.com>)
- Comments added.
(TESTPLAN inotify_handler.c) (Ted Felix)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 17.04 to 17.05
- Update of rootfile
- Changelog
Version 17.05
- add UTF-8 support for Client7z
- fix issue 130
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.3.2 to 2.3.3
- Update of rootfile
- Changelog
2.3.3
1. src/slposdir.c: stat_file now support open file descriptors, in
addition to filenames.
2. src/sltoken.c: Ignore the \r character in multiline strings that
appear to have CRLF line terminators. (Manfred Hanke)
3. *.tm: minor documentation updates
4. src/slang.h: SLANG_VERSION_STRING was missing the "pre" prefix.
5. src/sltermin.c: Added support for TERMINFO_DIRS (based upon a patch
forwarded by Jörg Thalheim)
6. src/slarray.c: src/slarray.c: some integer overflow checks were
resulting undefined behavior (reported by Sergey)
7. modules/csv.sl: Strip leading/trailing whitespace from column names
8. src/slsmg.c,sldisply.c: Removed static buffers with sizes dependent
upon SLTT_MAX_SCREEN_ROWS/COLS in favor of dynamically allocated
ones.
9. modules/chksum-module: added CRC-8,16,32 checksums to the chksum module
10. modules/csv.sl: An error message in the form of a dollar-string
was not marked as such.
11. modules/csv.sl: Added support for empty CSV files
12. src/sltime.c: The timegm function will ignore the tm_wday and
tm_yday fields, and instead use the tm_mon and tm_mday fields.
13. modules/mkfiles/makefile.all: Added a target for chksum_crc.o for
win32/64 platforms (see change #9)
14. modules/chksum-module.c: The memset function was used with the
wrong structure size causing a buffer overflow on 32 bit systems.
15. src/terminfo/parsecaps.sl: Tweaked an auto-generated comment
produced by parsecaps.sl to produce a more deterministic build
(Ian Rogers).
16. src/slarray.c: Changed two instances of index errors to throw an
IndexError exception instead of InvalidParmError exception.
17. src/slposdir.c; The statvfs function was returning a struct with
duplicated f_bsize fields.
18. *.c: In switch statements, changed the /* drop */ comment to /*
fall through */ to avoid gcc-8 warnings.
19. modules/csv.sl: If a comment string appears at the start of a line
forming a multiline string, then treat it as part of the string.
20. slsh/lib/timestamp.sl: Added a function timestamp_parse that parses
strings such as `Thu May 14 18:05:05 2020` and returns the number
of seconds since the Unix epoch.
21. src/slregexp.c: Added \D (non-digit), \s (whitespace), and \S
(non-whitespace).
22. src/slstrops.c: Added a compiled regexp cache
23. src/slstdio.c: Added trim qualifier to the fgetlines intrinsic:
;trim=1 ==> trim trailing whitespace
;trim=2 ==> trim leading whitespace
;trim=3 ==> trim leading and trailing whitespace
24. slsh/lib/timestamp.sl: When matching a regexp to a timestamp,
start with the RE that was used in the previous match.
25. Another timestamp RE tweak to pickup additional irregular forms
26. modules/csv.sl: If a CSV file has a byte-order mark (BOM), ignore it.
27. src/sldisply.c: Increased the buffer size for the SLtt_tgoto
function to allow for larger terminfo strings
28. modules/Makefile.in: Added STATS_OBJS to the clean target
29. src/slstrops.c: The is_substr function was not handling a NULL
argument
30. slsh/lib/timestamp.sl: Corrected a regular expression for a
timestamp with "Z" as the timezone.
31. modules/csv-module.c: Fields with an embedded \r were not being
properly handled.
32. src/slarray.c: Improved the speed of multi-dimensional array
indexing by about a factor of 2
33. slsh/lib/timestamp.sl: The computation of leap days was incorrect
for some years
34. src/slang.h: Added `typedef void (*SLFVOID_STAR)(void)', which
will replace FVOID_STAR in version 3. The library code was
updated to use this.
35. slsh/lib/fswalk.sl: Added an optional callback argument to the
fswalk that is called when leaving a directory.
36. modules/termios-module.c: Avoid a potential problem with the
tcgetpgrp intrinsic in the unlikely case that sizeof(pid_t) is
larger than sizeof(int).
37. src/slarray.c: Simplified the range checking in the
linear_get_data_addr function and removed unused code.
38. Updated the copyright year
39. slsh/lib/fswalk.sl: Change #35 regression: The get_stat function
was being called with the wrong number of arguments.
40. src/slarith.c: Additional binary arithmetic optimizations involving
arrays of char and short.
41. src/slang.c,slarray.c: Added qualifier support to the array_map
function.
42. src/slang.c: Flagged the use of an uninitialized variable as soon
as it is accessed ("pushed") rather than waiting until it is used
("popped"). Fixed a bug in slsh/lib/setfuns.sl:union that was
detected by this change.
43. src/sl-feat.h: Floating point support by the interpreter is now
required. The library has not compiled without it for a long
time. As such, this option is no longer available.
44. */test/*.sl: Surrounded regression test code that makes use of
complex numbers with `#ifexists Complex_Type' so that they run
when the interpreter is compiled without complex variable support.
45. src/slarray.c: The _pSLarray1d_push_elem needed to be exposed when
compiling the interpreter without optimization.
46. src/slarith.c,...: Rewrote the various macros used by this file to
simplify the code, permit better optimization, and easier
maintenance. Some of the loops were also unrolled.
47. src/slarray.c: Made the array bounds index checking code more
uniform for better readability.
48. src/slarray.c: The previous change introduced a bug that caused
array indexing with no (empty) indices to fail.
49. modules/chksum-module.c: When a CRC object went out of scope
without being closed, it would leave its value on the stack.
50. slsh/lib/process.sl: If the file descriptor that is used to
communicate messages from the child process back to the parent is
requested by the caller, then dup an unused one. To facilitate
testing, two additional hooks were added: exit_hook and exec_hook.
51. slsh/lib/cmdopt.sl: If a command line option is associated with a
callback function, and the value of the command line argument is
optional, pass the default value to the callback if not given on
the command line.
52. modules: Added cumulant function to the stats module; updated
regression scripts/unit tests for better code coverage; fixed a
bug in the _zlib_inflate_reset function where deflateReset was
being called instead of inflateReset.
53. slsh/lib: Updated unit/regression tests for better coverage
54. slsh/lib/print.sl: Use >= instead of > when comparing the number
of screen rows to determine if the pager should be used.
55. modules/chksum-module: Added sha224, sha256, sha384, and sha512
algorithms kindly provided by Jakob Stierhof
56. modules/chksum-module: Added HMAC message authentication code
algorithm (Jakob Stierhof)
57. modules/mkfiles/makefile.all: Added chksum_sha2 to the non-Unix
makefile.
58. src/slgetkey.c: Use memmove instead of SLMEMCPY to avoid issues
with coping to an overlapping buffer. (William Ahern)
59. modules/pcre.sl: The options qualifier was not being properly
handled by the pcre_matches function.
60. src/_slang.h,etc: replaced the dependence of the internal
_pSLang_get_run_stack* functions, which return absolute pointers,
in favor of relative offsets.
61. src/slang.c: Made the run-time stack dynamically growable up to a
maximum configured size.
62. modules/: Documentation updates
63. src/: Added _set_bos/f_compile_hook functions to specify a
function to get called when a statement or function gets compiled.
64. src/sllimits.h: Reduced the initial stack size to a value similar
to what it was before change #61.
65. src/slarrfun.c: array_swap was returning a copy of the input array
when when swapping an array element with itself (bug reported by
Jakob Stierhof)
66. modules/csv.sl: If _csv_decode_row fails, include in the error
message the line number of the file where the error was detected
67. modules/socket-module.c: Corrected an error message for the bind
function
68. Updated the copyright year
69. Added slcov script which generates lcov-compatible code coverage
data
70. autoconf/aclocal.m4: Updated to v0.3.4.1
71. slsh/Makefile.in: Changed the order of the linker flags to avoid a
linking problem on MacPorts (Ryan Schmidt)
72. slsh/lib/cmdopt.sl: Corrected a usage message
73. src/slposio.c: Added the flock function for the creation of
advisory locks
74. src/slcurses.h: Added 'extern "C"' to enable the file to be used
in C++ programs; also marked some variables as dynamically
exportable by using SL_EXTERN (Gisle Vanem)
75. src/slstrops.c: "%0*" was being flagged as invalid by the sprintf
function (Jakob Stierhof)
76. modules/csv.sl: When writing a CSV file with a single row, convert
any scalar data values to single element arrays.
77. src/Makefile.in, slsh/Makefile.in: Addressed some dependency
problems found by `make --shuffle` that were causing parallel
builds to fail (Sergei Trofimovich)
78. src/slarray.c: Flag out-of-range indexing of indefinite ranges
involving negative indexes, e.g., x = [1]; y = x[[-2:]];
Previousely this resulted in y = [1,1] instead of an error.
79. modules/csv.sl: Avoid indexing an empty array with a negative
index (detected by change #78)
80. src/slarray:c: #78 was flagging x[[:-2]] as invalid instead of
producing an empty array for x=[1]
81. src/slarray.c: Tweaked the handling of negative indices in
indefinite ranges such that x[[:-i]] will produce an empty array
wheneve i > length(x)
82. src/sltermin.c: Added support for so-called user-defined terminfo
extensions. In particular, if the terminfo file defines RGB=true,
then truecolor support will be enabled.
83. src/sldisply.c: The Has_True_Color variable was not defined for 32
bit systems
84. modules/csv.sl: Improved read speed for large CSV files
85. src/test/posixio.sl: Do not test the flock function using an NFS
mounted direcory, which requires lockd to be running on the server
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.8.0 to 3.9.0
- Update of rootfile
- Changelog
3.9.0.
* We decode Compute Express Link (CXL) capabilities.
* The tree mode of lspci is now compatible with filtering options.
* When setpci is used with a named register, it checks whether
the register is present in the particular header type.
* Linux: The intel-conf[12] back-ends prefer to use ioperm() instead
of iopl() to gain access to I/O ports.
* Windows: We have two new back-ends thanks to Pali Rohár.
One uses the NT SysDbg interface, the other uses kldbgdrv.sys
(which is a part of the Microsoft WinDbg tool).
* Windows: We support building libpci as a DLL. Also, Windows
binaries now include meta-data with version.
* Hurd: The Hurd back-end works again.
* mmio-conf1(-ext): Added a new back-end implementing the intel-conf1
interface over MMIO. This is useful on some ARM machines, but it
requires manual configuration of the MMIO addresses.
* As usually, updated pci.ids to the current snapshot of the database.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.52.21 to 0.52.23
- Update of rootfile
- Changelog
0.52.23
- fix automatic height of menu/list in whiptail (broken in 0.52.22)
- fix automatic width of whiptail --yesno box
- fix automatic width in whiptail with unicode characters
- fix automatic width with whiptail --noitem and --notags options
- fix spacing with longer tags in whiptail
- avoid overlapping backtitle in whiptail with automatic height
0.52.22
- fix crash in whiptail with new libpopt
- switch from usleep to nanosleep (Rosen Penev)
- fix libnewt.pc to enable static linking (Alexey Sheplyakov)
- fix LDFLAGS order in snack linking (Sam James)
- use CFLAGS when compiling snack
- improve configure.ac (Thomas Kuehne)
- install header and libnewt.pc with shared library (Michael Olbrich)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.66 to 2.67
- Update of rootfile
- Changelog
Release notes for 2.67
Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch
from David Seifert.
Added SPDX identifiers to License file(s). Hopefully this will help the various
robots out there correctly identify the longstanding licenses for libcap and friends.
(Bug: 216609 reported by Günther Noack)
Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther
Noack on behalf of Michael Stapelberg)
The basic issue is how to link C code with Go psx without using CGo. This is all
a low level hackery. If you are interested, browse the source.
Correct for bad whatis entries in man pages (this was throwing a Debian build test,
detail)
Also reviewed man pages and addressed cross linkage issues (Bug: 216585)
Cleaned up some README.md files (made a github mirror now just so I can
automatically render them).
Changed meaning of DYNAMIC=no builds.
This now builds everything with static linking except for libc. The reason for
this exception is explained in the commit message.
Inserted demonstration exploit code in capso.so to support article.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.187 to 0.189
- Update of rootfile
- Changelog
Version 0.189 "Don't deflate!"
configure: eu-nm, eu-addr2line and eu-stack can provide demangled symbols
when linked with libstdc++. Use --disable-demangler to disable.
A new option --enable-sanitize-memory has been added for msan
sanitizer support.
libelf: elf_compress now supports ELFCOMPRESS_ZSTD when build against
libzstd
libdwfl: dwfl_module_return_value_location now returns 0 (no return type)
for DIEs that point to a DW_TAG_unspecified_type.
elfcompress: -t, --type= now support zstd if libelf has been build with
ELFCOMPRESS_ZSTD support.
backends: Add support for LoongArch and Synopsys ARCv2 processors.
Version 0.188 "no section left behind"
readelf: Add -D, --use-dynamic option.
debuginfod-client: Add $DEBUGINFOD_HEADERS_FILE setting to supply outgoing
HTTP headers. Add new function debuginfod_find_section.
debuginfod: Add --disable-source-scan option.
libdwfl: Add new function dwfl_get_debuginfod_client.
Add new function dwfl_frame_reg.
Add new function dwfl_report_offline_memory.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
