- Update from version 1.7.0 to 1.7.2
- Update of rootfile
- Changelog
Changes for APR 1.7.2
*) Correct a packaging issue in 1.7.1. The contents of the release were
correct, but the top level directory was misnamed.
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This is necessary, since the package version was already incremented to
91 in "master", due to the libtirpc changes in Core Update 173.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 4.17.4 to 4.17.5
- Update of rootfile not required
- Changelog
Release Notes for Samba 4.17.5
* BUG 14808: smbc_getxattr() return value is incorrect.
* BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly.
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
* BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS.
* BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
* BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
* BUG 15283: vfs_virusfilter segfault on access, directory edgecase (accessing NULL value).
* BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes).
* BUG 15243: %U for include directive doesn't work for share listing (netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15269: ctdb: use-after-free in run_proc.
* BUG 15243: %U for include directive doesn't work for share listing (netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15280: irpc_destructor may crash during shutdown.
* BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
* BUG 15268: smbclient segfaults with use after free on an optimized build.
* BUG 15282: smbstatus leaking files in msg.sock and msg.lock.
* BUG 15164: Leak in wbcCtxPingDc2.
* BUG 15265: Access based share enum does not work in Samba 4.16+.
* BUG 15267: Crash during share enumeration.
* BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer.
* BUG 15281: Avoid relying on C89 features in a few places.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- This is happening due to the use of bgcolor which has been deprecated since HTML4.01 and
is no longer supported in HTML5
- Similar approach used here as was used in the same fix for the dhcp.cgi page
- CSS based approach utilised.
- Partially tested in my vm testbed. The percentage bar works withg no problems.
The table could not be confirmed as in my testbed I don't have updatexlrator running
as my updates are all based on https and not http.
- The table will need to be confirmed by the bug reporter or someone else that uses
updatexlrator
Fixes: Bug#13024
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
For details see:
https://mmonit.com/monit/changes/
"New: Added click-jacking protection headers to Monit HTTP GUI (the
SAMEORIGIN iframe is allowed).
Fixed: Issue #1035: If the start, stop or restart program statement
contains the equal sign, which is not followed by a space character,
the configuration is not parsed correctly.
Fixed: Issue #1047: If the MariaDB server doesn't allow access to the
host, from which Monit test is running, Monit reported: Invalid
handshake packet sequence id -- not MySQL protocol.
Fixed: Add the missing responsetime option to the ping test."
For more details see:
https://bitbucket.org/tildeslash/monit/commits/tag/release-5-33-0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.38/doc/arm/html/notes.html#notes-for-bind-9-16-38
"Notes for BIND 9.16.38
Bug Fixes
A constant stream of zone additions and deletions via rndc reconfig
could cause increased memory consumption due to delayed cleaning of
view memory. This has been fixed. [GL #3801]
The speed of the message digest algorithms (MD5, SHA-1, SHA-2), and of
NSEC3 hashing, has been improved. [GL #3795]
Building BIND 9 failed when the --enable-dnsrps switch for ./configure
was used. This has been fixed. [GL #3827]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from 4.17.0.3 to 4.19.0.1
- Changelog
v4.19.0.1 - Release date: 2023-02-02
Rebased with official coreboot repository commit 2ccbcc5
Removed configuration and mainboard files for apu1 due to the board being dropped from upstream coreboot
See: https://github.com/pcengines/coreboot/compare/v4.17.0.3...v4.19.0.1
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
- Update from version 0.15.1 to 0.16.0
- Update of rootfile
- According to the forked elinks developer if parallel build is required then meson
should be used for the build. With make they don't believe that it ever ran in
parallel mode.
- This patch modifies the build from autotools to meson and updates the version.
- Parallel build option added back in to meson/ninja flow.
- The build requires git to be present so git moved to just before elinks in make.sh
- Changelog
ELinks 0.16.0
* detect xterm on my computer
ELinks 0.16.0rc1
* alternative mujs engine for js
* bump mozjs to 102
* experimental XHR implementation
* macros in exmode #196
* removed infinite loop, which occurred under BSD #197
* optional terminal hyperlinks in dumps #198
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 20221108 to 20230214
- Update of rootfile
- Changelog - details can be found in the releasenote.md file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.12.1 to 2.13.0
- Update of rootfile
- Changelog
CHANGES BETWEEN 2.12.1 and 2.13.0 (2023-Feb-09)
I. IMPORTANT CHANGES
- The demo program `ftinspect` has been completely updated and much
enhanced. It now combines the functionality of almost all other
graphical FreeType demo programs into a single application based
on the Qt framework. This was Charlie Jiang's GSoC 2022 project.
- The 'COLR' v1 API is now considered as stable.
https://learn.microsoft.com/en-us/typography/opentype/spec/colr
III. MISCELLANEOUS
- For OpenType Variable Fonts, `avar` table format 2.0 is now
supported. The code was contributed by Behdad Esfahbod.
Note that this is an extension supported on recent Apple platforms
and by HarfBuzz, but not yet in the OpenType standard! See
https://github.com/harfbuzz/boring-expansion-spec/blob/main/avar2.md
for the specification. To deactivate it, define the configuration
macro 'TT_CONFIG_OPTION_NO_BORING_EXPANSION'.
- A new API `FT_GlyphSlot_Slant` to slant a glyph by a given angle
has been added. Note that this function is part of `ftsynth.h`,
which is still considered to be in alpha stage.
- TrueType interpreter version 38 (also known as 'Infinality') that
was first introduced about 10 years ago in FreeType 2.4.11 is now
deprecated and slated to be removed in the next version. TrueType
interpreter version 40 has been FreeType's default version for six
years now and provides an excellent alternative. This is the last
FreeType version with TT_INTERPRETER_VERSION_38 and
TT_INTERPRETER_VERSION_40 treated differently.
- The only referenced but never documented configuration macro
`FT_CONFIG_OPTION_NO_GLYPH_NAMES` has been removed.
- The `ftbench` demo program got a new command line option `-e` to
set a charmap index.
- Specifying a point size is now optional for the demo programs
`ftgrid`, `ftmulti`, `ftstring`, and `ftview`. If not given, a
default size is used.
- For `ftgrid`, `ftstring`, and `ftview`, option `-e` now also
accepts a numeric value to set a charmap index.
- In `ftstring`, it is now possible to set the displayed text
interactively by pressing the 'Enter' key.
- `ftmulti` can now handle up to 16 design axes.
- To avoid reserved identifiers that are globally defined, the
auto-hinter debugging macros (which are only available if
`FT_DEBUG_AUTOFIT` is defined)
```
_af_debug_disable_horz_hints
_af_debug_disable_vert_hints
_af_debug_disable_blue_hints
_af_debug_hints
```
have been renamed to
```
af_debug_disable_horz_hints_
af_debug_disable_vert_hints_
af_debug_disable_blue_hints_
af_debug_hints_
```
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.14.4 to 1.14.6
- Update of rootfile
- The Denial of service issue mentioned first in the changelog is not applicable to IPFire
as the build is done without asserts enabled.
- Changelog
dbus 1.14.6 (2023-02-08)
Denial of service fixes:
• Fix an incorrect assertion that could be used to crash dbus-daemon or
other users of DBusServer prior to authentication, if libdbus was compiled
with assertions enabled.
We recommend that production builds of dbus, for example in OS distributions,
should be compiled with checks but without assertions.
(dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
Other fixes:
• When connected to a dbus-broker, stop dbus-monitor from incorrectly
replying to Peer method calls that were sent to the dbus-broker with
a NULL destination (dbus#301, Kai A. Hiller)
• Fix out-of-bounds varargs read in the dbus-daemon's config-parser.
This is not attacker-triggerable and appears to be harmless in practice,
but is technically undefined behaviour and is detected as such by
AddressSanitizer. (dbus!357, Evgeny Vereshchagin)
• Avoid a data race in multi-threaded use of DBusCounter
(dbus#426, Ralf Habacker)
• Fix a crash with some glibc versions when non-auditable SELinux events
are logged (dbus!386, Jeremi Piotrowski)
• If dbus_message_demarshal() runs out of memory while validating a message,
report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)
• Use C11 _Alignof if available, for better standards-compliance
(dbus!389, Khem Raj)
• Stop including an outdated copy of pkg.m4 in the git tree
(dbus!365, Simon McVittie)
• Documentation:
· Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)
• Tests fixes:
· Fix the test-apparmor-activation test after dbus#416
(dbus!380, Dave Jones)
Internal changes:
• Fix CI builds with recent git versions (dbus#447, Simon McVittie)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
The developers do not provide a changelog, this time I couldn't
even find a comment.
All I can say:
Running her on Core 172. No seen problems.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from version 7.0.0.11 to 7.0.4
- Update of rootfile
- Changelog
updated language flags, catch abortcompile throw in non-ragel progs
7.0.3
This version of colm includes a critical fix for big-endian system. Fixes#61.
expect colm version 0.14.6 and version bump ragel to 7.0.3
7.0.2
Latest colm includes bugfixes for refcounting, which fixes a ragel issue with includes #58.
expect colm 0.14.5 and version bump to 7.0.2
7.0.1
removed accidental commit of ragel/.exrc
7.0.0.12
implemented NfaClear in asm codegen
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.13.0.6 to 0.14.7
- Update of rootfile
- patch from colm commit fc61ecb required to fix bug of make looking for static and
dynamic libs even if one of them was disabled
- Changelog is not available in source tarball or on website etc. Changes have to be
reviewed by the commits https://github.com/adrian-thurston/colm/commits/0.14.7
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.6.12 to 1.7.23
- Update of rootfile
- Changelog
Most changes are related to additional printers except for
1.7.10
* Fixed the problem that epson-escpr-wrapper filter would crash
when cupsRasterReadHeader failed.
1.7.7.2
* Supported new model.
* Fixed an issue of filter crash when FIFO I/O was closed.
1.7.0
* Supported new models.
* Applied Privacy Statement.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 6.4.34 to 6.4.36
- Update of rootfile nor required
- Changelog
fetchmail-6.4.36 (released 2023-01-28, 31710 LoC):
(in alphabetical order of language codes):
* cs: Petr Pisar [Czech]
* es: Cristian Othón Martínez Vera [Spanish]
* fr: Frédéric Marchal [French]
* ja: Takeshi Hamasaki [Japanese]
* pl: Jakub Bogusz [Polish]
* ro: Remus-Gabriel Chelu [Romanian]
* sq: Besnik Bleta [Albanian]
* sv: Göran Uddeborg [Swedish]
fetchmail-6.4.35 (released 2023-01-04, 31707 LoC):
* Fetchmail now warns about OpenSSL before 1.1.1s or 3.0.7,
and rejects wolfSSL older than 5.5.1.
(in reverse alphabetical order of language codes so as not to prefer people):
* sv: Göran Uddeborg [Swedish]
* eo: Keith Bowes [Esperanto]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2022e to 2022g
- Update of rootfile
- Changelog is too large to include here. See the NEWS file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Thunderbird and Roundcube mail clients presume that any mail with Content Type of
multipart/mixed has an attachment included rather than actually checking for
disposition attachment. This means that any mail with multipart/mixed gets the
attachment icon marked up even though there is no attachment.
- Although this is a problem of the clients involved, in this case the simplest solution
is to change multipart/mixed to multipart/alternative as WIO Mail only sends text
without any attachment or other part to indicate that a client is active or inactive.
- Confirmed on my vm testbed
Fixes: Bug#13040
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Thunderbird and Roundcube mail clients presume that any mail with Content Type of
multipart/mixed has an attachment included rather than actually checking for
disposition attachment. This means that any mail with multipart/mixed gets the
attachment icon marked up even though there is no attachment.
- Although this is a problem of the clients involved, in this case the simplest solution
is to change multipart/mixed to multipart/alternative as the Mail Service test mail only
sends text without any attachment or other part.
- Confirmed on my vm testbed
Fixes: Bug#13040
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- Original poster found this effect with using Vivaldi at 100% zoom.
- I tested it with Vivaldi and Firefox on Arch Linux and was not able to show the effect but
running SeaMonkey and changing the zoom from 100% to lower or higher caused the input
boxes to go outside of the WUI boundary as described by the bug reporter.
- It looks like the effect is dependent on the browser, the zoom setting and the OS
Distribution.
- In all cases the similar three input boxes in a row in the dhcp.cgi code for entering a
fixed lease stayed fixed in ratrio to the WUI page whatever zoom or browser was used.
- This patch changes the wio code for those three input boxes to use the approach from the
dhcp.cgi code.
- Tested on my vm testbed and change confirmed to fix the size of the input boxes
irrespective of the browser or zoom setting.
Fixes: Bug#13039
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Patch tested out on my production system that has apcupsd running on it. APCUPS was
in the list of options in the system logs and entries from apcupsd were extracted
correctly in the wui.
Fixes: Bug#12950
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- rngd removed from initscripts lfs and rootfiles due to change of rng-tools to addon
Fixes: Bug#12900
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- This patch is to move the rng-tools package from a core package to an addon. With the
kernel changes from 5.6 rngd is no longer needed to create the required kernel entropy.
- The results from HRNG's via rngd are used with an XOR after the entropy is
collected by the kernel. So the HWRNG output is used to dilute the kernel random number
data, which is already merged from several sources.
- Based on the above and @Paul's request in the bug report to have rng-tools kept as an
addon this patch set is submitted for consideration to keep rng-tools but as an addon.
- move rng-tools rootfile from common to packages
- Modify rng-tools lfs from core package to addon package
- Create rng-tools pak to install and uninstall - creating rc.d links for start & stop.
- Move rngd initscript from system to packages directory.
- Installed into my vm testbed and confirmed that it works. No rngd daemon installed
from iso install. After addon install rngd is present and running. Added various files
to be able to test the services wui page. rngd shows up and can be turned off and on
Fixes: Bug#12900
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
For details see:
https://github.com/lsof-org/lsof/blob/master/00DIST#L5471
"4.98.0 January 22, 2023
Fix two potential null pointer access bug when gethostbyname2()
returns an empty address list
Add support for older automake versions (on e.g. CentOS 7)
Migrate testing scripts and programs to autotools
Extend CI to build on more Linux distros
[linux] Fix handling of empty command name, closing #246.
Add test from #246, where lsof returns stale command name when the
command name is empty. If getting command name failed, return
NULL instead of empty string
Add --with/without-libtirpc option to autotools-based build
system and automatically detect libtirpc by default
Add -H switch to print human readable size, e.g. 123.4K (#260)
[linux] Fix implicit declaration error when HASPTYEPT is undefined
Add support for musl libc-based Linux distros
Add --enable-security argument to configure to allow only the
root user to list all open files
Add --enable-no-sock-security argument to configure to allow
anyone to list anyone else's socket files when combined with
--enable-security
[linux] Always enable 64 bit off_t in configure.ac
[netbsd] Import patches from pkgsrc and port autotools-based build system to NetBSD
[netbsd] Fix lock status reading"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
