- Update from version 3.8.3 to 3.8.5
- Update of rootfile
- Changelog
3.8.5
** libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
** libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
** libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
v1.5 decryption error handling and deterministic ECDSA with earlier
versions of GMP. These were a regression introduced in the 3.8.4
release. See #1535 and !1827.
** build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of nettle_rsa_compute_root_tr().
** API and ABI modifications:
GNUTLS_PKCS_PBES1_DES_SHA1: New enum member of gnutls_pkcs_encrypt_flags_t
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 10.42 to 10.43
- Update of rootfile
- Changelog
10.43
There are quite a lot of changes in this release (see ChangeLog and git log for
a list). Those that are not bugfixes or code tidies are:
* The JIT code no longer supports ARMv5 architecture.
* A new function pcre2_get_match_data_heapframes_size() for finer heap control.
* New option flags to restrict the interaction between ASCII and non-ASCII
characters for caseless matching and \d and friends. There are also new
pattern constructs to control these flags from within a pattern.
* Upgrade to Unicode 15.0.0.
* Treat a NULL pattern with zero length as an empty string.
* Added support for limited-length variable-length lookbehind assertions, with
a default maximum length of 255 characters (same as Perl) but with a function
to adjust the limit.
* Support for LoongArch in JIT.
* Perl changed the meaning of (for example) {,3} which did not used to be
recognized as a quantifier. Now it means {0,3} and PCRE2 has also changed.
Note that {,} is still not a quantifier.
* Following Perl, allow spaces and tabs after { and before } in all Perl-
compatible items that use braces, and also around commas in quantifiers. The
one exception in PCRE2 is \u{...}, which is from ECMAScript, not Perl, and
PCRE2 follows ECMAScript usage.
* Changed the meaning of \w and its synonyms and derivatives (\b and \B) in UCP
mode to follow Perl. It now matches characters whose general categories are L
or N or whose particular categories are Mn (non-spacing mark) or Pc
(combining punctuation).
* Changed the default meaning of [:xdigit:] in UCP mode to follow Perl. It now
matches the "fullwidth" versions of hex digits. PCRE2_EXTRA_ASCII_DIGIT can
be used to keep it ASCII only.
* Make PCRE2_UCP the default in UTF mode in pcre2grep and add -no_ucp,
--case-restrict and --posix-digit.
* Add --group-separator and --no-group-separator to pcre2grep.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 5.13 to 6.8
- Update of rootfile
- make on its own no longer needed. It goes straight to make install
- Changelog can be seen by reviewing the Changes file in each source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 4.9.0 to 4.9.1
- Update of rootfile
- Changelog
4.9.1
* Support stop/parity bits on serial port (#23952)
* Add needed system headers in checks and return values
for implicit function declarations
* Fixes:
- Avoid zombies after shell exit (#25089)
- Missed signal sending permission check on failed
query messages (CVE-2023-24626)
- manpage fixes
- source code fixes during cleanup
- UTF-8 encoding can emit invalid UTF-8 sequences
for out of range unicode values (#62097)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 1.6.0 to 1.6.1
- Update of rootfile
- Removal of patch for as changes now incorporated in source tarball.
- Changelog
1.6.1
build: fail if specified configure options cannot be satisfied.
pam_env: fixed --disable-econf --enable-vendordir support.
pam_unix: do not warn if password aging is disabled.
pam_unix: try to set uid to 0 before unix_chkpwd invocation.
pam_unix: allow empty passwords with non-empty hashes.
Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 2.5.1 to 2.6.4
- Update of rootfile
- Changelog
2.6.4
Use AX_ADD_FORTIFY_SOURCE to avoid redefining _FORTIFY_SOURCE by
@thesamesam in #103
Do not look up include files in the current working directory by
@DaanDeMeyer in #105
2.6.3
libkfont:
Don't look for fonts in the current directory.
showkey:
Add parameter to allow to change timeout.
po:
Update po files.
2.6.2
loadkeys:
Don't look for keymap in the current directory.
keymaps:
Add colemak mod-dh keymaps.
2.6.1
libkfont:
Fix font saving from linux kernel if KD_FONT_OP_GET_TALL is available.
Respect font height when writing psf2 header.
keymaps:
Create new 'mac-fr' layout for contemporary French Macs.
2.6.0
libkfont:
Leverage KD_FONT_OP_GET/SET_TALL font operations. The new
KD_FONT_OP_GET/SET_TALL font operations allow to load fonts taller
than 32 pixels by dropping the VGA-specific vertical pitch limitation
(requires kernel 6.2 or later).
Use threadsafe strtok_r.
Increase soname version.
setvtrgb:
Fix read from pipe. The pipe is not rewindable, but we don't really
need to rewind() but we need to unread one character.
keymaps:
i386/dvorak/dvorak-de.map: Add dvorak-de.map from console-data.
i386/qwerty/is-latin1.map: the circumflex should also be available in
its original level-3 position.
i386/qwerty/la-latin1.map: Convert the characters expressed in Latin-1
to the named constants, to ease up transition to Unicode.
pine/en.map: New version of pinephone keyboard map file.
unimaps:
Add mapping for U+25CF. The unicode maps in font files like
eurlatgr.psfu and cp850-8x16.psfu have an entry for U+25CF, but the
plaintext unimap files do not.
tests:
Use strace to track syscalls. Now strace is powerful enough to show
ioctls specific to console configuration.
po:
Update translations (from translationproject.org).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Updatre from version 2.14 to 2.15
- Update of rootfile
- Changelog
2.15
* Fix operation of --no-absolute-filenames --make-directories
* Restore access and modification times of symlinks in copy-in
and copy-pass modes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
We should not have any configuration files that we share in this place,
therefore this patch is moving it into /usr/share/openvpn where we
should be able to update it without any issues.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.8.1 to 2.8.2
- Update of rootfile
- Changelog
2.8.2
- Fix fallout of development in NUT v2.8.0 and/or v2.8.1:
* dstate machinery: a segmentation fault (null pointer dereference) was
possible with `INSTCMD` processing of commands without parameters nor
`TRACKING` identifier. [#2155]
* USB bus number detection for libusb-1.0 builds was overly zealous and
wrongly considered zero values as an error. [#2198]
* `upsmon` recognition of `CAL` state could linger after the calibration
activity was completed by the hardware, which led to mis-processing of
shutdown triggers. Also, notification was added to report "finished
calibration". [issue #2168, PR #2169]
* `upsmon` recognition of `OFF` state as a trigger for FSD (forced shut
down) criticality considered also the input line state, which may be
an independently evolving circumstance. [issue #2278, PR #2279]
* `upsmon` support for `POLLFAIL_LOG_THROTTLE_MAX` did not neuter the
applied setting when live-reloading configuration, so commenting it
away in `upsmon.conf` did not have the effect of resetting the logging
frequency to default. It also did not reset the counters to certainly
follow the new configuration for existing faults. [issue #2207, PR #2209]
* `upsmon` support for `POLLFAIL_LOG_THROTTLE_MAX` had an off-by-one error
(e.g. reporting "Data stale" or "Driver not connected" every 30 sec with
`POLLFAIL_LOG_THROTTLE_MAX 5` and `POLLFREQ 5` settings). [#2207]
* Drivers running with non-default user account (e.g. with `user=root`
in their configuration) failed to apply group ownership and permissions
to their Unix socket file for interaction with the local data server.
[#2185, #2096]
* Dispatcher script `scripts/python/app/NUT-Monitor` referenced `py3qt3`
instead of the correct `py3qt5`. It also tries to check both `py2gtk2`
and `py3qt5` implementations verbosely, even if one is not installed.
[#2199, #2201]
* Set the `DesktopFileName` in `scripts/python/app/NUT-Monitor-py3qt5`,
this binds the application with the desktop file and allow the Open
Desktop compatible implementation to display the proper icon and
application name. [#2205]
* Original recipe for `apc_modbus` strictly required USB support even if
building NUT without it. [#2262]
* Builds requested with a specific C/C++ language standard revision via
`CFLAGS` and `CXXFLAGS` should again be honoured. [PR #2306]
* Allow requesting detailed debug builds (with disabled optimizations for
binaries to best match the source code) for supported compilers using
`configure` script option `--with-debuginfo`. Note that default autoconf
behavior usually embeds moderate optimizations and debug information on
its own. [PR #2310]
* A fix applied among clean-ups between NUT v2.7.4 and v2.8.0 releases
backfired for `usbhid-ups` subdriver `belkin-hid` which in practice
relied on the broken older behavior; more details in its entry below.
[PR #2371]
- nut-usbinfo.pl, nut-scanner and libnutscan:
* Library API version for `libnutscan` was bumped from 2.2.0 to 2.5.0
during evolution of this NUT release.
* USB VendorID:ProductID support list files generated by the script for
different OS frameworks now include a comment with other possibly
compatible driver names, where the respective file format allows for
comments.
* Added the concept of `alt_driver_names` in `nutscan_device_t` structure
for ability to suggest a comment with other possibly compatible driver
names in configuration snippets generated by `nut-scanner`; practical
support implemented for USB connected drivers.
* Added the concept of commented-away suggested option values `comment_tag`
and a method to `nutscan_add_commented_option_to_device()`, instead of
hacks in prepared config data which broke some use-cases. [#2221]
* Command-line option `-U` for USB scan can now be specified several times
to increase the detail level about hardware link to the device (this was
previously always suggested, but may be not reliable if USB enumeration
gets changed over time). [#2221]
* Added generation of FreeBSD/pfSense quirks for USB devices supported
by NUT (may get installed to `$datadir` e.g. `/usr/local/share/nut`
and need to be pasted into your `/boot/loader.conf.local`). [#2159]
* nut-scanner now avoids creating ambiguous `nutdevN` device section names
when called separately to scan different media buses (one at a time).
Now the "bus" name would be embedded (e.g. non-colliding `nutdev-usb1`
and `nutdev-snmp1`). [#2247]
* nut-scanner can now discover NUT simulated devices (`.dev` and `.seq`
files) located in your sysconfig directory, and prepare configuration
sections with the simulation driver (currently `dummy-ups`). [#2246]
* nut-scanner now reports `dummy-ups` as driver when scanning NUT "bus"
with Old or Avahi method. [#2236, #2245]
- upsd: Fixed conditions for "no listening interface available" diagnosis
to check how many listeners we succeeded with, not whether the first one
succeeded or not. If not all requested (non-localhost) listeners were
available, default to fail the daemon start-up attempt; support for an
`ALLOW_NOT_ALL_LISTENERS` setting was added to control this behavior. [#723]
- NUT CI improvements:
* Added publishing recipes for PyNUT client bindings for NUT, so it ends
up in the link:https://pypi.org/project/PyNUTClient[PyPI repository].
[#2158]
* Added support for new `ccache` namespace concept, where possible. [#2256]
* Fixed an issue for builds configured `--without-usb`. [#2263]
* Added a fallback for `libgd` discovery (for CGI etc. builds). [#2287]
* Made `aspell` TeX module detection more reliable. [#2206]
* Fixed recipes for completely out-of-tree builds to pass with documentation
generation and checking on all tested "make" implementations. [#2318]
* Various other recipe and documentation clean-up efforts. [#2284, #2269,
#2261]
- main driver core codebase:
* Help users of drivers that can be built to support optionally USB and
other media (like `nutdrv_qx` built for serial-only support), and built
in fact without USB support but used for USB devices, with some more
information to make troubleshooting easier. [issue #2259, PR #2260]
* Driver programs with debug tracing support via `-D` CLI option and/or
the `NUT_DEBUG_LEVEL` environment variable now check those earlier in
their life-time, so that initialization routine can be debugged. [#2259]
* Multiple USB-capable drivers got options to customize `usb_config_index`
`usb_hid_rep_index`, `usb_hid_desc_index`, `usb_hid_ep_in` and
`usb_hid_ep_out` hardware connection settings via `ups.conf` options.
This is treated as experimental, not all code paths may be actually
using such values from `struct usb_communication_subdriver_t` rather
than hard-coded defaults. Discovery of correct values is up to the
user at the moment (using `lsusb`, internet search, luck...) [#2149]
- nut-driver-enumerator (NDE) service/script:
* The optional daemon mode (primarily useful for systems which monitor
a large and dynamic population of power devices) was enhanced with a
`--daemon-after` variant which parses the configuration once before
daemonization and this has a chance to fail while not forked off, as
well as to allow only completing the service unit initialization when
everything is actually ready to work (so further dependencies can start
at the proper time). [#682]
* Also applied other optimizations to the script implementation. [#682]
- powerpanel text driver now handles status responses in any format and should
support most devices. [#2156]
- tripplite_usb driver now allows any device to match if a particular Unit ID
was not specified in `ups.conf`. [PR #2297, issues #2282 and #2258]
- snmp-ups driver:
* added support for Eaton EMP002 sensor for ATS16 NM2 sub-driver. [#2286]
* mapping table updates for apc-mib sub-driver. [#2264]
- usbhid-ups driver:
* `arduino-hid` subdriver was enhanced from "initial bare bones" experimental
set of mapped data points to support some 20 more mappings to make it more
useful as an UPS driver, not just a controller developer sandbox. [#2188]
* `cps-hid` subdriver now supports devices branded as Cyber Energy and built
by cooperation with Cyber Power Systems. [#2312]
* `belkin-hid` subdriver now supports Liebert PSI5 devices which have a
different numeric reading scale than earlier handled models. [issue #2271,
PR #2272, PR #2369] Generally the wrong-scale processing was addressed,
including a regression in NUT v2.8.0 which led to zero values
in voltage data points which NUT v2.7.4 reported well [#2371]
* The `onlinedischarge` configuration flag name was too ambiguous and got
deprecated (will be supported but no longer promoted by documentation),
introducing `onlinedischarge_onbattery` as the meaningful alias. [#2213]
* Logged notifications about `OL+DISCHRG` state should now be throttled
(see the driver manual page for more details) [#2214, #2215]:
- If `battery.charge` is available, make the message when entering the
state and then only if the charge differs from that when we posted
the earlier message (e.g. really discharging) and is under
`onlinedischarge_log_throttle_hovercharge` value (defaults to 100%);
- Also can throttle to a time frequency configurable by a new option
`onlinedischarge_log_throttle_sec`, by default 30 sec if `battery.charge`
is not reported by the device (should be frequent by default, in case
the UPS-reported state combination does reflect a bad power condition).
- nutdrv_qx driver:
* Fixed handling of `battery_voltage_reports_one_pack` configuration flag
introduced in NUT v2.8.1. [originally by PR #1279; fixed by PR #2324,
issue #2325]
- Various code and documentation fixes for NSS crypto support. [#2274, #2268]
- Laid foundations for the SmartNUT effort (aiming to integrate drivers with
some other backends than the networked NUT data server process).
- Eaton contributed recipes and scripts used to create the IPP for Unix
bundle (aka Eaton IPSS Unix or UPP), a freely available value-added
packaging of NUT distributed as the UPS software companion for OSes
where their more complex UPS monitoring/management tools had not been
ported. This allows for delivery of NUT packages with an interactive
installer and some system integration scripts (events, notifications,
status, shutdown daemon...), and was contributed to the NUT upstream
project by Eaton -- provided "as is" at the moment, and may later serve
as foundation or inspiration for new NUT features. [#2288]
- nutconf (C++ library and tool to read and manage NUT configuration files)
was started in the open by Eaton employees and used in the IPP installer,
but the code lingered in a side branch. It was now brushed up to our common
best practices and added to the main codebase. As of this import, there are
known deficiencies in Windows platform support, as well as some un-awareness
about configuration key words which appeared in NUT since 2013. [#2290]
- The `tools/gitlog2changelog.py.in` script was revised, in particular to
convert section titles (with contributor names coming from Git metadata)
into plain ASCII character set, for `dblatex` versions which do not allow
diacritics and other kinds of non-trivial characters in sections. This can
cause successful builds of `ChangeLog.pdf` file on more platforms, but at
expense of a semi-cosmetic difference in those names. [PR #2360, PR #2366]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 3.8.4 to 3.9.0
- Update of rootfile
- With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With
previous versions the default value was no but to prevent the possibility of an smtp
smuggling attack the option should be yes. Previous version therefore actively set
the value to yes and added it to the main.cf file when being installed. With version
3.9.0 the default value is now yes so the option no longer needs to be added into
main.cf, so smtp smuggling attack is protected by default now.
- Removed the section from the install.sh file that added the option into main.cf with
version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be
actively added into main.cf
- Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This v2 version increments the PAK_VER number
- Update from version 4.19.5 to 4.20.1
- Update of rootfile
- Changelog
4.20.1
* BUG 15630: dns update debug message is too noisy.
* BUG 15635: Do not fail PAC validation for RFC8009 checksums types.
* BUG 15605: Improve performance of lookup_groupmem() in idmap_ad.
* BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only
flag.
* BUG 15611: http library doesn't support 'chunked transfer encoding'.
* BUG 15600: Provide a systemd service file for the background queue daemon.
4.20.0
The changelog is too large to show here. Details can be found at
https://www.samba.org/samba/history/samba-4.20.0.html
I did not identify any changes related to how samba is configured in IPFire
4.19.6
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
* BUG 15588: samba-gpupdate: Correctly implement site support.
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
* BUG 15588: samba-gpupdate: Correctly implement site support.
* BUG 15599: libgpo: Segfault in python bindings.
* BUG 15580: Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This architecture does not seem to be support and since we don't support
this as a primary architecture just yet, we will build without this
package.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- hyperscan will move from BSD licence to a proprietary paid for licence from version 5.5
onwards.
- hyperscan will be replaced by vectorscan, a fork of hyperscan.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
