- util-macros was originally installed as a build requirement for pciaccess which is
a dependency of libvirt
- Along the way of updates of pciaccess the build requirement for util-macros is no
longer needed. pciaccess built without problems with util-macros removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.6 to 3.7
- Update of rootfile not required
- Changelog
* Noteworthy changes in release 3.7 (2021-08-14) [stable]
** Changes in behavior
Use of the --unix-byte-offsets (-u) option now evokes a warning.
Since 3.1, this Windows-only option has had no effect.
** Bug fixes
Preprocessing N patterns would take at least O(N^2) time when too many
patterns hashed to too few buckets. This now takes seconds, not days:
: | grep -Ff <(seq 6400000 | tr 0-9 A-J)
[Bug#44754 introduced in grep 3.5]
- More details of the changes can be found in the ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 10.2 to 11.1
- Update of rootfile
- Changelog
Version 11.1 of GDB includes the following changes and enhancements:
Support for ARM Symbian (arm*-*-symbianelf*) has been removed.
Building GDB now requires GMP (The GNU Multiple Precision Arithmetic Library).
New command-line options "--early-init-command" (or "-eix") and
"--early-init-eval-command" (or "-eiex")
GDB/MI Changes:
New --qualified option for the '-break-insert' and '-dprintf-insert' commands.
New --force-condition option for the '-break-insert' and '-dprintf-insert' commands.
New --force option for the '-break-condition' command.
The '-file-list-exec-source-files' now accepts an optional regular expression to
filter the source files included in the result.
The results from '-file-list-exec-source-files' now include a 'debug-fully-read'
field to indicate if the corresponding source's debugging information has been
partially read (false) or has been fully read (true).
TUI Improvements:
Mouse actions are now supported. The mouse wheel scrolls the appropriate window.
Key combinations that do not have a specific action on the focused window are now
passed to GDB.
Python enhancements:
Inferior objects now contain a read-only 'connection_num' attribute that gives the
connection number as seen in 'info connections' and 'info inferiors'.
New method gdb.Frame.level() which returns the stack level of the frame object.
New method gdb.PendingFrame.level() which returns the stack level of the frame
object.
When hitting a catchpoint, the Python API will now emit a gdb.BreakpointEvent
rather than a gdb.StopEvent. The gdb.Breakpoint attached to the event will have
type BP_CATCHPOINT.
Python TUI windows can now receive mouse click events. If the Window object
implements the click method, it is called for each mouse click event in this
window.
New setting "python ignore-environment on|off"; if "on", causes GDB's builtin
Python to ignore any environment variable that would otherwise affect how Python
behaves (needs to be set during "early initialization" (see above).
New setting "python dont-write-bytecode auto|on|off".
Guile API enhancements:
Improved support for rvalue reference values.
New procedures for obtaining value variants: value-reference-value,
value-rvalue-reference-value and value-const-value.
New "qMemTags" and "QMemTags" remote protocol packets (associated with Memory Tagging).
GDB will now look for the .gdbinit file in a config directory before looking for
~/.gdbinit. The file is searched for in the following locations: $XDG_CONFIG_HOME/gdb/gdbinit, $HOME/.config/gdb/gdbinit, $HOME/.gdbinit. On Apple hosts the search order is instead: $HOME/Library/Preferences/gdb/gdbinit, $HOME/.gdbinit.
The "break [...] if CONDITION" command no longer returns an error when the condition
is invalid at one or more locations. Instead, if the condition is valid at one or
more locations, the locations where the condition is not valid are disabled.
The behavior of the "condition" command is changed to match the new behavior of the
"break" command.
Support for general memory tagging functionality (currently limited to AArch64 MTE)
Core file debugging now supported for x86_64 Cygwin programs.
New "org.gnu.gdb.riscv.vector" feature for RISC-V targets.
GDB now supports fixed point types which are described in DWARF as base types with a
fixed-point encoding. Additionally, support for the DW_AT_GNU_numerator and
DW_AT_GNU_denominator has also been added.
Miscellaneous:
New "startup-quietly on|off" setting; when "on", behaves the same as passing the
"-silent" option on the command line.
New "print type hex on|off" setting; when 'on', the 'ptype' command uses
hexadecimal notation to print sizes and offsets of struct members. When 'off',
decimal notation is used.
The "inferior" command, when run without argument, prints information about the
current inferior.
The "ptype" command now supports "/x" and "/d", affecting the base used to print
sizes and offsets.
The output of the "info source" has been restructured.
New "style version foreground | background | intensity" commands to control the
styling of the GDB version number.
Various debug and maintenance commands (mostly useful for the GDB developers)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 6.12 to 6.14
- Update of rootfile not required
- patch for building rng-tools also for i586 removed as 32 bit will no longer be EOL at
end of 2021
- Building 6.14 caused an error for not finding librtlsdr. The same check is in the
makefile in 6.12 but it does not get checked. I could not find why the check was being
carried out in 6.14 - it was not due to the removal of the patch. In the end I added
the --disable-rtlsdr option to configure and this allowed the build to occur without
the check for the prescence of librtlsdr being carried out.
- Changelog
rng-tools 6.14
Bug Fixes:
Fixed a null pointer deref in nistbeacon entropy source
fixed some confguration tests
clarified some rngd behavior in the man page
update init code to do proper logging
various covscan fixes
fixed a memory leak in jitter entropy source
fixed possible NULL deref in rdrand source
various fixed in openssl mangling code
added randstat binary to build
minor modernizations to configure.ac
rng-tools 6.13
Features:
Support rndr instruction on arm
Support jitter software timer on coarse time systems
Bug Fixes:
Merged all openssl use into a single helper library
Improved console output readability
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.46.3 to 1.46.5
- Update of rootfile not required
- Changelog
1.46.5 (December 30, 2021)
Updates/Fixes since v1.46.4:
UI and Features
When resizing a file system and the inode count exceeds the 2**32
maximum, if resize2fs can successfully perform the resize by dropping
the last block group, resize2fs will do that in order to allow the file
system grow operation to succeed. For example, using the default inode
ratio size of 16k, this will allow a successful resize to 64TB - 128MB
when the storage device is 64TB.
Fixes
Avoid a potential infinite loop in resize2fs -P when the file system is
corrupted (introduced in e2fsprogs 1.45.5). (Addresses github issue
https://github.com/tytso/e2fsprogs/issues/94)
E2fsck now updates the bg_checksum after fixing problems in the block
group descriptor, which eliminates some unnecessary messages printed or
asked of the system administrator.
Fixed some potential deadlock problems in the unix_io handler in the case
of I/O errors. The fix should also improve the performance of parallel
bitmap loading.
Fixed e2fsck's fast commit handling which could result it in crashing
when trying to merge extents when there were none available to be
merged.
Fix e2fsck's support of quota limit data, which could sometimes get
dropped when the quota data needs to be regenerated, or when processing
the orphan list.
Fix tune2fs to correctly transfer the quota limits when converting quota
files to the internal quota inodes. Also add support for tune2fs to
properly handle the older version 0 quota files.
Fix debugfs's get_quota and list_quota commands so that the header of
the report printed by these commands correctly reflect that the units of
used space is in bytes instead of blocks.
Performance, Internal Implementation, Development Support etc.
Add some additional packages to the setup-schroot script to account for
the fact that the script can be run on older Debian distributions and so
the build dependencies might omit some packages needed to build
e2fsprogs on unstable version of Debian.
Reduce resize2fs's CPU overhead when counting the number of blocks in
use which can reduce the wall clock time for very large file systems
by substantial amount.
Teach libuuid to use getrandom() or getentropy() if available in favor
of reading from /dev/[u]random.
Teach libss to use libreadline.so.8 if it is available.
Update some test expect files to fix some regression tests that were
broken in e2fsprogs 1.46.4.
If the PRINT_FAILED environment variable is set, failed tests will
display the diff output to make it easier to debug test failures on
autobuilders.
Fix various compiler warnings.
Update tst_getsize to use ext2fs_get_size2() to support testing devices
which are larger than 2**32 sectors.
Fixed spelling mistakes in the mke2fs.conf man page.
Update Chinese, Malay, Serbian, Spanish, Swedish, and Ukrainian
translations.
1.46.4 (August 18, 2021)
Updates/Fixes since v1.46.3:
UI and Features
The defaults for mke2fs now call for 256 byte inodes for all file
systems (with the exception of file systems for the GNU Hurd, which only
supports 128 byte inodes). Creating non-Hurd file systems with 128 byte
inodes will trigger a warning message to make sure users are aware of
the potential problems of using small/legacy inode sizes.
The bigalloc feature is now considered supported if the cluster size no
more than 16 times the block size. So the mke2fs program has been
changes to only warn if the cluster size is larger than that.
Fixes
E2fsck now checks to make sure directory entries do not reference
internal quota inodes.
E2image now includes the quota inodes when creating file system image,
since they are part of the file system metadata.
E2fsck now properly accounts the quota usage of the project quota file.
Fix a regression introduced in 1.64.3 where attempting to create a file
system image using mke2fs into a non-existent file would fail.
(Addresses Debian Bug: #992094)
Fix mke2fs to correctly create Posix ACL's on big-endian systems when
copying files from a directory hierarchy.
Updated and clarified the resize2fs man page. (Addresses Debian Bug:
#979411)
Performance, Internal Implementation, Development Support etc.
Improve various regression tests to be more portable and to reflect the
new default inode size of 256 byte inodes, even for small file systems.
Fixed a GNU Hurd portability problem which was causing tests to fail.
Fixed a test failure in f_baddotdir on big-endian systems. This wasn't
necessarily a bug per se in e2fsck, but rather e2fsck having different
behaviour on big-endian systems. (Addresses Debian Bug: #991922)
Use WantedBy=multi-user.target in e2scrub_reap.service. (Addresses
Debian Bug: #991349)
Synchronize e2fsck/recovery.c with the kernel's fs/jbd2/recovery.c
Fix various Coverity and compiler warnings.
Fix various error pathes to make sure we don't leak resources or
potentially use or try to free uninitialized pointers.
Added a setup-schroot command for use on Debian porter boxes.
Updated config.guess and config.sub with newer versions from the FSF.
Update Czech, Dutch, French, Polish, Portuguese, and Swedish translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
xfsprogs-5.14.2 (06 Dec 2021)
- libxfs: move rogue fallthrough macro out of linux.h (Darrick J. Wong)
xfsprogs-5.14.1 (02 Dec 2021)
- libxfs: fix atomic64_t for 32-bit architectures (Darrick J. Wong)
- libfrog: fix crc32c self test code on cross builds (Darrick J. Wong)
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
we have removed the -multi after the kernel name but
in the update script delete *-multi-* which leftover
the arm specific dtb folder and uImages.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Add ms-classless-static-routes and rfc3442-classless-static-routes as options for dhcp
These are apparently required for deployiong classless IP routes
- Original static-routes option is not intended for classless IP routing but is being
left in place for backward compatibility
- The option "rfc3442-classless-static-routes" is for normal clients
- The option "ms-classless-static-routes" is for Microsoft clients
Fixes: bug 12291
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://dlcdn.apache.org//httpd/CHANGES_2.4.52
Excerpt from changelog:
""Changes with Apache 2.4.52
*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: 漂亮é¼
TengMA(@Te3t123)
..."
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update en.pl, it.pl and ru.pl to replace "an core-update" with "a core-update"
Fixes: Bug#12747
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Some paths might not exist on some systems which caused the installer to
abort the installation. This patch makes the installer ignore this
condition.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog:
Changes in version 0.4.6.9 - 2021-12-15
This version fixes several bugs from earlier versions of Tor. One important
piece is the removal of DNS timeout metric from the overload general signal.
See below for more details.
o Major bugfixes (relay, overload):
- Don't make Tor DNS timeout trigger an overload general state.
These timeouts are different from DNS server timeout. They have to
be seen as timeout related to UX and not because of a network
problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha.
o Minor feature (reproducible build):
- The repository can now build reproducible tarballs which adds the
build command "make dist-reprod" for that purpose. Closes
ticket 26299.
o Minor features (compilation):
- Give an error message if trying to build with a version of
LibreSSL known not to work with Tor. (There's an incompatibility
with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of
their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes
ticket 40511.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on December 15, 2021.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/12/15.
o Minor bugfixes (compilation):
- Fix our configuration logic to detect whether we had OpenSSL 3:
previously, our logic was reversed. This has no other effect than
to change whether we suppress deprecated API warnings. Fixes bug
40429; bugfix on 0.3.5.13.
o Minor bugfixes (relay):
- Reject IPv6-only DirPorts. Our reachability self-test forces
DirPorts to be IPv4, but our configuration parser allowed them to
be IPv6-only, which led to an assertion failure. Fixes bug 40494;
bugfix on 0.4.5.1-alpha.
o Documentation (man, relay):
- Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504;
bugfix on 0.4.6.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
The parsers for those are disabled in the suricata config so
the rules are not needed, on the contrary they massively will spam
warnings when launching suricate because of the disabled parsers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
In order to be able to run the ISO command on command line it is helpful
that the script does not go into background halfway through the process.
We should rather start it as a background job straight from the CGI
script.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch is changing the behaviour of the backup script so that it
creates one tarball and compresses it in one go.
This will save storing the original tarball on disk before compressing
it which on my test system requires significant disk space.
This patch also solves a bug where the backup file included with the ISO
image could not be extracted because it was not gzip-compressed when it
was expected to be.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.14.0.4 to 4.15.0.1
- Update of rootfile
- Changelog
v4.15.0.1
rebased with official coreboot repository commit 6973a3e7
v4.14.0.6
rebased with official coreboot repository commit d06c0917
Re-added GPIO bindings to fix LED and button functionality
v4.14.0.5
rebased with official coreboot repository commit d4c55353
Updated CPU declarations in ACPI to comply with newer ACPI standard
Removed GPIO bindings to fix conflict with OS drivers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- v3 version uses newer version of fribidi
- lfs file created
- rootfile created
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- v3 version has updated pango version
- Update from 1.30.1 (2012) to 1.50.0 (2021)
- Update of rootfile - Pango modules, engines, and config have been removed (#733882) in
version 1.37.0 in 2014.
- pango now has dependencies of harfbuzz and fribidi so patches for these two are
included in the following two patches for this series.
- make.sh modified to include
build of these two packages before pango is built
- Build is done via meson/ninja now
- Changelog is too large to show here but the details can be found in the NEWS file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.14.0.4 to 4.15.0.1
- Update of rootfile
- Changelog
v4.15.0.1
rebased with official coreboot repository commit 6973a3e7
v4.14.0.6
rebased with official coreboot repository commit d06c0917
Re-added GPIO bindings to fix LED and button functionality
v4.14.0.5
rebased with official coreboot repository commit d4c55353
Updated CPU declarations in ACPI to comply with newer ACPI standard
Removed GPIO bindings to fix conflict with OS drivers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update main file from 5.1 to 5.1.8 (includes patches 1 to 8)
- Remove patches 1 to 4
- Changelog - Patches 1 to 4 from the previous IPFire version together with patches 5 to
8 are now included into bash-5.1.8 followed by application of patches 9 to 12
Patch 12
There is a possible race condition that arises when a child process receives
a signal trapped by the parent before it can reset the signal dispositions.
The child process is not supposed to trap the signal in this circumstance.
Patch 11
When reading a compound assignment, and running it through the parser to
split it into words, we need to save and restore any alias we're currently
expanding.
Patch 10
If `wait -n' is interrupted by a trapped signal other than SIGINT, it does
not completely clean up state, and that can prevent subsequent calls to
`wait -n' from working correctly.
Patch 9
The bash malloc implementation of malloc_usable_size() does not follow the
specification. This can cause library functions that use it to overwrite
memory bounds checking.
Patch 8
Process substitution FIFOs opened by child processes as targets of redirections
were not removed appropriately, leaving remnants in the file system.
Patch 7
The code to check readline versions in an inputrc file had the sense of the
comparisons reversed.
Patch 6
Make sure child processes forked to run command substitutions are in the
proper process group.
Patch 5
Fix two memory leaks when assigning arrays using compound assignment syntax.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
