This patch enabled that we can compress any firmware files on disk. This
will save some space since /lib/firmware is becoming larger with every
release.
From formerly 828MiB, this is now using ~349MiB which is a saving of
about 480MiB on disk. This is helping us a lot fighting to contain the
distribution to 2GB on /.
Some other firmware that is installed in other packages is not
compressed with this patch which is a bit sad, but potentially not worth
the effort.
In order to ship this change with a Core Update, it might be intuitive
to remove /lib/firmware first and then extract the new update with all
new files. However, I do not know if this all will compress as well as
before since now the files are already individually compressed. It might
be a challenge to ship this.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We used to create some iptables rules that permitted traffic to the
firewall from IPsec peers. This however doesn't work due to changes in
iana-etc and it looks like those rules are entirely absolete now.
This patch removes them which should not cause any functional changes.
Fixes: #12808
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
riscv64 does not return any value on our machine (maybe because it is
emulated?). "undefined" is however seen as a valid value, which makes
the build fail.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
"2022-01-16 - v2.10
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added option send SAE Confirm immediately (sae_config_immediate=1)
after SAE Commit
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2)
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed WPS UPnP SUBSCRIBE handling of invalid operations
[https://w1.fi/security/2020-1/]
* fixed PMF disconnection protection bypass
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* fixed various issues in experimental support for EAP-TEAP server
* added configuration (max_auth_rounds, max_auth_rounds_short) to
increase the maximum number of EAP message exchanges (mainly to
support cases with very large certificates) for the EAP server
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* extended HE (IEEE 802.11ax) support, including 6 GHz support
* removed obsolete IAPP functionality
* fixed EAP-FAST server with TLS GCM/CCM ciphers
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible; owe_ptk_workaround=1 can be used to enabled a
a workaround for the group 20/21 backwards compatibility
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* added support for PASN
* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
* a large number of other fixes, cleanup, and extensions"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
http://www.squid-cache.org/Versions/v5/changesets/SQUID_5_4_1.html
This is 'squid 5.4.1', containing the previous patch for Bug #5055.
Prior to this patch I reverted my previous patches 'squid: Update 5.2 => 5.4" and
'squid 5.4: Latest patch - Bug #5055 - from upstream' and marked them as
'superseded' in patchwork.
For a better overview the 'squid-gcc11'-patch has been renamed again and moved
to an own squid-patch-directory.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.1.1 (2016) to 2.3.0 (2021)
- Update of rootfile
- A build dependency has been added for twine. As this is to support the upload of
packages to PyPI it will not be used for IPFire. The changelog just notes the addition
of twine as a build dependency without any explanation. See entry in version 2.2.4
No other change was made when this dependency was added to setup.py
Adding twine added 9 further dependencies some of which caused further dependencies and
so on. 19 additional new packages were reached and the system was still coming up with
more.
Created a patch to remove the twine build dependency from setup.py
Subsequently found other people had done the same thing as there was no response to
requests from other people to not have it as a build dependency for situations where
packages were not going to be uploaded to PyPI.
- Changelog
Version 2.3.0
:Released: 2021-02-21
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Removed:
* Remove support for Python versions older than Python 3.
Python 2 has been unsupported by the Python project since 2020.
* Remove dependency on back-ported `unittest2` and `mock`.
Depend instead on standard library `unittest` and `unittest.mock`.
Thanks to Michał Górny for the merge requests.
Version 2.2.4
:Released: 2019-10-27
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Run the Setuptools `egg-info` command as part of the `build`
command.
Closes: Pagure #31. Thanks to Stanislav Levin for the bug report and
diagnosis.
* Create the socket and catch “non-socket” errors.
Closes: Pagure #34. Thanks to Miro Hrončok for the bug report and
patch.
* Only deal with a range of file descriptors if the range is not empty.
Closes: Pagure #39. Thanks to Alex Pyrgiotis for the test scenario.
* Declare Twine as a build dependency.
* Reformat the change log entries with keepachangelog.com sub-sections.
Changed:
* Upgrade Tox dependency to version “3.7.0”.
Thanks to Miro Hrončok for the contribution.
* Significant speed-up to discovery of file descriptors to close.
By using a native `tuple` for the heavily-used file descriptor range
representation, this gives approximately 5× faster calls to
`close_all_open_files` in the typical case. This partially addresses
Pagure #40.
Thanks to Alex Pyrgiotis for testing various alternative proposals.
* Refactor the build system to use Makefile modules for each topic.
Version 2.2.3
:Released: 2019-01-21
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Use custom fake file type for testing `fileno` behaviour.
This works around an incompatibility in Python 2.7 `file` type that
caused test cases to fail.
Deprecated:
* Promote the warning for `runner` module to a `DeprecationWarning`.
This has been an unofficial example module from the beginning, and
it will be removed in a future version.
Version 2.2.2
:Released: 2019-01-19
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Remove from the build system specification a white space character
not permitted in TOML format.
Added:
* Implement test suite automation in virtualenvs, using Tox.
Version 2.2.1
:Released: 2019-01-18
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Added:
* Add a :PEP:`518` conformant build system specification (the
``pyproject.toml`` file).
Version 2.2.0
:Released: 2018-08-15
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Correct the description of the return value for
`daemon.is_detach_process_context_required`.
Closes: Pagure #6.
* Set a sensible default for `Distribution.script_name`.
This works around a bug in Setuptools which calls commands before
the `Distribution` is initialised.
Closes: Pagure #2.
Changed:
* The test suite now relies on the test discovery feature in
‘unittest’. This feature is in Python version 2.7 and later.
* Improve performance of `daemon.close_all_open_files`.
Thanks to Darek Działak for the implementation.
Closes: Pagure #10.
Version 2.1.2
:Released: 2016-10-26
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Added:
* Add a README document for the code base.
Changed:
* Migrate code project hosting to Pagure.
Record the change of homepage URL in PyPI metadata.
Deprecated:
* Raise a warning that the ‘runner’ module is pending deprecation.
This has been an unofficial example module from the beginning, and
it will be removed in a future version.
Bugs Fixed:
* Ensure custom types are part of the Python type hierarchy.
* Avoid a circular dependency for the version string at install time.
Thanks to Maarten van Gompel for the reproducible test case.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 5.1.012 to 5.1.016
- Update of rootfile not required
- Changelog
Patch 013 - Bash did not always perform tilde expansion following an unquoted colon on
the rhs of an assignment statement in posix mode.
Patch 014 - Bash may produce corrupted input if a multibyte character spans a 512-byte
boundary while reading the output of a command substitution.
Patch 015 - There are some characters (e.g., cyrillic) that can't be displayed using
certain single-byte encodings (e.g., cp1251) because the negative signed
int is interpreted as EOF and not displayed.
Patch 016 - Multiple `!' tokens should toggle negation of an expression in a [[
conditional command, instead of simply negating the expression.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 4.2.1 (2015) to 4.11.1 (2021)
- Update rootfile
- Update patch for suppression of groups installation
- Change default hash from sha512 to yescrypt in lfs and logins.def
- Changelog
* Release 4.11.1
* build: include lib/shadowlog_internal.h in dist tarballs (Sam James)
* Release 4.11
* Handle possible TOCTTOU issues in usermod/userdel (edneville)
* (CVE-2013-4235)
* Use O_NOFOLLOW when copying file
* Kill all user tasks in userdel
* Fix useradd -D segfault (Xi Ruoyao)
* Clean up obsolete libc feature-check ifdefs (Alejandro Colomar)
* Fix -fno-common build breaks due to duplicate Prog declarations
(Adam Sampson)
* Have single date_to_str definition (Alejandro Colomar)
* Fix libsubid SONAME version (Sam James)
* Clarify licensing info, use SPDX.
* Release 4.10
Note: From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su from
util-linux. Please open an issue if there is a problem with that.
We intend to remove it in an upcoming release.
This release features many fixes expecially to the building of
libsubid, some SELinux labeling issues, and a few signaling
issues.
* libsubid fixes (Xi Ruoyao, Serge Hallyn, Iker Pedrosa, Mike Gilbert,
GalaxyMaster, and Luís Ferreira)
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it. (Iker Pedrosa)
* Add libeconf dep for new*idmap (Iker Pedrosa)
* Allow all group types with usermod -G (Iker Pedrosa)
* Avoid useradd generating empty subid range (Iker Pedrosa)
* Handle NULL pw_passwd (Jaroslav Jindrak)
* Fix default value SHA_get_salt_rounds (Mike Gilbert)
* Use https where possible in README (Paul Menzel)
* Update content and format of README (Iker Pedrosa)
* Translation updates (Balint Reczey, Frans Spiesschaert)
* Switch from xml2po to itstool in 'make dist' (Serge Hallyn)
* Fix double frees (Michael Vetter)
* Add LOG_INIT configurable to useradd (Andy Zaugg)
* Add CREATE_MAIL_SPOOL documentation (Andy Zaugg)
* Create a security.md
* Fix su never being SIGKILLd when trapping TERM (Ruihan li)
* Fix wrong SELinux labels in several possible cases (Iker Pedrosa)
* Fix missing chmod in chadowtb_move (GalaxyMaster)
* Handle malformed hushlogins entries (Tobias Stoeckmann)
* Fix groupdel segv when passwd does not exist (François Rigault)
* Fix covscan-found newgrp segfault (Iker Pedrosa)
* Remove trailing slash on hoedir (Ed Neville)
* Fix passwd -l message - it does not change expirey (Ed Neville)
* Fix SIGCHLD handling bugs in su and vipw (Tobias Stoeckmann)
* Remove special case for "" in usermod (Alejandro Colomar)
* Implement usermod -rG to remove a specific group
(Andy Zaugg)
* call pam_end() after fork in child path for su and login
(Björn Fischer)
* useradd: In absence of /etc/passwd, assume 0 == root
(Ludwig Nussel)
* lib: check NULL before freeing data (Iker Pedrosa)
* Fix pwck segfault (Iker Pedrosa)
* Release 4.9
2021-07-22 Serge Hallyn <serge@hallyn.com>
* Updated translations (Björn Esser, Juergen Hoetzel)
* Major salt updates (Björn Esser)
* Various coverity and cleanup fixes (Iker Pedrosa)
* Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct)
* Implement NSS support for subids and a libsubid (Serge Hallyn)
* setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
* login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
* selinux fixes (Christian Göttsche)
* Fix path prefix path handling (Lucas Servén Marín)
* Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
* Treat an empty passwd field as invalid (Haelwenn Monnier)
* newxidmap: allow running under alternative gid (Martijn de Gouw)
* usermod: check that shell is executable (Geert Ijewski)
* Add yescript support (Rodolphe Bréard)
* useradd memleak fixes (whzhe)
* useradd: use built-in settings by default (Ludwig Nussel)
* getdefs: add foreign (non-shadow-utils) items (Karel Zak)
* buffer overflow fixes (Tobias Stoeckmann)
* Adding run-parts style for pre and post useradd/del (ed@s5h.net)
2020-01-23 Serge Hallyn <serge@hallyn.com>
* selinux: inclue stdio (Michael Vetter)
* man: don't suggest making groupmems user-writeable (Michael Weiser)
* Makefile: bail out on error in for loops (Wolfgang Bumiller)
* Adding logging of SSH_ORIGINAL_COMMAND to nologin. (ed@s5h.net)
* add new HOME_MODE login.defs option (Duncan Overbruck)
* Add tty logging to useradd (ed@s5h.net)
* Useradd: make non-executable shell check only a warning (Tomas Mraz)
* Update Dutch translation (Frans-Spiesschaert)
* user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz)
* Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean)
2019-12-20 Dave Reisner <dreisner@archlinux.org>
* Do not auto-enable acct_tools_setuid just because
pam is enabled. NOTE - any distros which are relying
on this behavior will need to switch to configure
--enable-account-tools-setuid
* Release 4.8
2019-12-01 Serge Hallyn <serge@hallyn.com>
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
* Release 4.7
2019-06-13 Serge Hallyn <serge@hallyn.com>
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
* Release 4.6
2018-04-29 Serge Hallyn <serge@hallyn.com>
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option
2017-07-16 Serge Hallyn <serge@hallyn.com>
* Import new Dutch translations.
2017-07-10 Serge Hallyn <serge@hallyn.com>
* Expand error codes for groupmod.
2017-05-17 Serge Hallyn <serge@hallyn.com>
* Release 4.5
2017-05-17 Serge Hallyn <serge@hallyn.com>
* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
preventing SIGTERM to su from being propagated to the job.
* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
* Merge Russian translation updates from Yuri Kozlov
* Fix missing close of subuid file on error
2017-02-23 Serge Hallyn <serge@hallyn.com>
* Merge patch by Tobias Stoeckmann <tobias@stoeckmann.org> to fix
the equivalent of util-linux CVE-2017-2616.
2017-02-08 Serge Hallyn <serge@hallyn.com>
* Update Kazakh translations
* Consult configuration before calculating subuids
* Remove misplaced semicolon
2017-01-29 Serge Hallyn <serge@hallyn.com>
* Patch from Fedora to improve performance with SSSD, Winbind,
or nss_ldap. (Tomas Mraz)
* Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer)
2016-12-21 Serge Hallyn <serge@hallyn.com>
* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
* Fix readability in usermod error messages.
* Reset user in tallylog
* Add audit support to su
* Changes since 4.4
2016-12-02 Serge Hallyn <serge@hallyn.com>
- Use sizeof rather than hardcoding snprintf args
- Fix useradd improper default loading
- Update Vietnamese translations
- Update Polish translations
- Remove non-POSIX chmod option in Makefile
- Fix suidubins assignments
- Fix --add-subuids etc spelling in manpages
- Audit homedir ownership change.
- Print error on selinux file context update failure
- Keep original file perms when creating a backup
* Changes since 4.2.1:
2016-12-02 Serge Hallyn <serge@hallyn.com>
- Documentation, error report and translations updates
- Replace path_max with 32
- User namespace support fixes/updates including:
- Correct sanity checks in newXidmap
- Fix building without subuid support
- Add /etc/subuid support for UID matching
- Support subuid for nonlocal users
- Default to 65536 subuid allocations
- Respect -r
- Check for range overflows
- Add tests from svn tree
- Use AC_CHECK_SIZEOF for uid_t size checks
- Accomodate missing /etc and login.defs
- Support FORCE_SHADOW
- Be more robust in hostile environment
- Allow removing a primary group
- Clear passwords on __pw_dup errors
- Memory leak fix in commonio_update and get_map_ranges
- Fix resource leak in syslog_sg
- Fix user busy error at userdel
- Support set/clear lastlog record via lastlog command
- Add --no-create-home as longopt for -M
- Fix signal races
- Reduce syslog priority of common usage events
Fixes: Bug 12762
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 6.5.0 to 7.10.0 (17 releases between these versions)
- Update of rootfile
- Update of patch as source file contents changed enough that old patch failed to work
- Build changed to meson/ninja as autotools option has been removed
- Most of the existing options were available as meson options - look in
meson_options.txt file in the source tarball.
Three options were not available with meson
--with-virtualport
--with-macvtap
--without-dbus
- Changelog is too large to include here (~1200 lines) but the detail can be seen in the
NEWS.rst file in the source tarball. Many bug fixes identified in the changelog
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update main file from 5.1 to 5.1.8 (includes patches 1 to 8)
- Remove patches 1 to 4
- Changelog - Patches 1 to 4 from the previous IPFire version together with patches 5 to
8 are now included into bash-5.1.8 followed by application of patches 9 to 12
Patch 12
There is a possible race condition that arises when a child process receives
a signal trapped by the parent before it can reset the signal dispositions.
The child process is not supposed to trap the signal in this circumstance.
Patch 11
When reading a compound assignment, and running it through the parser to
split it into words, we need to save and restore any alias we're currently
expanding.
Patch 10
If `wait -n' is interrupted by a trapped signal other than SIGINT, it does
not completely clean up state, and that can prevent subsequent calls to
`wait -n' from working correctly.
Patch 9
The bash malloc implementation of malloc_usable_size() does not follow the
specification. This can cause library functions that use it to overwrite
memory bounds checking.
Patch 8
Process substitution FIFOs opened by child processes as targets of redirections
were not removed appropriately, leaving remnants in the file system.
Patch 7
The code to check readline versions in an inputrc file had the sense of the
comparisons reversed.
Patch 6
Make sure child processes forked to run command substitutions are in the
proper process group.
Patch 5
Fix two memory leaks when assigning arrays using compound assignment syntax.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
This patch removes support for i586 according to the decision being
taken over a year ago.
It removes the architecture from the build system and removes all
required hacks and other quirks that have been necessary before.
There is no need to ship any changed files to the remaining
architectures as the removed code branches have not been used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 5.2.0 to 6.1.0
- Update of rootfile
- Removal of --no-pie patch as the changes are now built into the qemu source files
- Changelog is too long to fully include here. Full details can be read at
https://wiki.qemu.org/ChangeLog/
Following are the deprecated options and features from each version.
6.1.0
Using non-persistent backing file with pmem=on is now deprecated.
'-display sdl,window_close=...' should be replaced with '-display sdl,window-close=...'
(i.e. with a minus instead of an underscore between “window” and “close”).
'-no-quit' is deprecated. '-display ...,window-close=off' should be used instead.
The Aspeed swift-bmc machine is deprecated and should be replaced by the
witherspoon-bmc or the romulus-bmc machines.
6.0.0
The --enable-fips option has been deprecated. Consumers wishing to have FIPS
compliance must build QEMU with libcrypt and gnutls, NOT nettle.
The -writeconfig option has been deprecated. The functionality of -writeconfig is
limited and the code does not even try to detect cases where it prints incorrect
syntax (for example if values have a quote in them). It will be removed without
replacement.
Boolean parameters such as share=on / share=off could be written in short form as
share and noshare. This is now deprecated and will cause a warning.
-chardev backend aliases tty and parport are aliases that will be removed. Instead,
the actual backend names serial and parallel should be used.
The delay option for socket character devices is now deprecated.
Userspace local APIC with KVM (-M kernel-irqchip=off)
hexadecimal sizes with scaling multipliers (e.g. 0x20M)
-spice password=string is deprecated now. Use password-secret option instead.
opened property of rng-* objects
loaded property of secret and secret_keyring
MIPS Trap-and-Emulate KVM support
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.2.1 (2015) to 4.9 (2021)
- Update rootfile
- Update patch for suppression of groups installation
- Changelog
* Release 4.9
2021-07-22 Serge Hallyn <serge@hallyn.com>
* Updated translations (Björn Esser, Juergen Hoetzel)
* Major salt updates (Björn Esser)
* Various coverity and cleanup fixes (Iker Pedrosa)
* Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct)
* Implement NSS support for subids and a libsubid (Serge Hallyn)
* setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
* login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
* selinux fixes (Christian Göttsche)
* Fix path prefix path handling (Lucas Servén Marín)
* Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
* Treat an empty passwd field as invalid (Haelwenn Monnier)
* newxidmap: allow running under alternative gid (Martijn de Gouw)
* usermod: check that shell is executable (Geert Ijewski)
* Add yescript support (Rodolphe Bréard)
* useradd memleak fixes (whzhe)
* useradd: use built-in settings by default (Ludwig Nussel)
* getdefs: add foreign (non-shadow-utils) items (Karel Zak)
* buffer overflow fixes (Tobias Stoeckmann)
* Adding run-parts style for pre and post useradd/del (ed@s5h.net)
2020-01-23 Serge Hallyn <serge@hallyn.com>
* selinux: inclue stdio (Michael Vetter)
* man: don't suggest making groupmems user-writeable (Michael Weiser)
* Makefile: bail out on error in for loops (Wolfgang Bumiller)
* Adding logging of SSH_ORIGINAL_COMMAND to nologin. (ed@s5h.net)
* add new HOME_MODE login.defs option (Duncan Overbruck)
* Add tty logging to useradd (ed@s5h.net)
* Useradd: make non-executable shell check only a warning (Tomas Mraz)
* Update Dutch translation (Frans-Spiesschaert)
* user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz)
* Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean)
2019-12-20 Dave Reisner <dreisner@archlinux.org>
* Do not auto-enable acct_tools_setuid just because
pam is enabled. NOTE - any distros which are relying
on this behavior will need to switch to configure
--enable-account-tools-setuid
* Release 4.8
2019-12-01 Serge Hallyn <serge@hallyn.com>
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
* Release 4.7
2019-06-13 Serge Hallyn <serge@hallyn.com>
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
* Release 4.6
2018-04-29 Serge Hallyn <serge@hallyn.com>
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option
2017-07-16 Serge Hallyn <serge@hallyn.com>
* Import new Dutch translations.
2017-07-10 Serge Hallyn <serge@hallyn.com>
* Expand error codes for groupmod.
2017-05-17 Serge Hallyn <serge@hallyn.com>
* Release 4.5
2017-05-17 Serge Hallyn <serge@hallyn.com>
* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
preventing SIGTERM to su from being propagated to the job.
* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
* Merge Russian translation updates from Yuri Kozlov
* Fix missing close of subuid file on error
2017-02-23 Serge Hallyn <serge@hallyn.com>
* Merge patch by Tobias Stoeckmann <tobias@stoeckmann.org> to fix
the equivalent of util-linux CVE-2017-2616.
2017-02-08 Serge Hallyn <serge@hallyn.com>
* Update Kazakh translations
* Consult configuration before calculating subuids
* Remove misplaced semicolon
2017-01-29 Serge Hallyn <serge@hallyn.com>
* Patch from Fedora to improve performance with SSSD, Winbind,
or nss_ldap. (Tomas Mraz)
* Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer)
2016-12-21 Serge Hallyn <serge@hallyn.com>
* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
* Fix readability in usermod error messages.
* Reset user in tallylog
* Add audit support to su
* Changes since 4.4
2016-12-02 Serge Hallyn <serge@hallyn.com>
- Use sizeof rather than hardcoding snprintf args
- Fix useradd improper default loading
- Update Vietnamese translations
- Update Polish translations
- Remove non-POSIX chmod option in Makefile
- Fix suidubins assignments
- Fix --add-subuids etc spelling in manpages
- Audit homedir ownership change.
- Print error on selinux file context update failure
- Keep original file perms when creating a backup
* Changes since 4.2.1:
2016-12-02 Serge Hallyn <serge@hallyn.com>
- Documentation, error report and translations updates
- Replace path_max with 32
- User namespace support fixes/updates including:
- Correct sanity checks in newXidmap
- Fix building without subuid support
- Add /etc/subuid support for UID matching
- Support subuid for nonlocal users
- Default to 65536 subuid allocations
- Respect -r
- Check for range overflows
- Add tests from svn tree
- Use AC_CHECK_SIZEOF for uid_t size checks
- Accomodate missing /etc and login.defs
- Support FORCE_SHADOW
- Be more robust in hostile environment
- Allow removing a primary group
- Clear passwords on __pw_dup errors
- Memory leak fix in commonio_update and get_map_ranges
- Fix resource leak in syslog_sg
- Fix user busy error at userdel
- Support set/clear lastlog record via lastlog command
- Add --no-create-home as longopt for -M
- Fix signal races
- Reduce syslog priority of common usage events
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- jwhois being replaced with whois
- Removal of jwhois lfs, rootfile and assoicated patch files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This patch makes this package available for aarch64. There are no
reasons why it shouldn't be.
Compiling has become more resource-hungry which is why the memory
consumption per process has been upped to 3GiB.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
