we have no supported armv5tel board left so we can switch to the higher
arch. This now can use the vpu (still in softfp calling convention to
not break existing installations.)
this fix many compile problems, also boost is now working again.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
the application layer gateway modules can used to bypass the nat
via nat slipstreaming. I had disabled all of them. If one is really needed
we can reenable it later.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The kernel will try to gather entropy really early in the boot process
where those device drivers might not have been loaded yet. They are
small and can therefore be compiled into the kernel like we already do
on ARM.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.68.2 to 2.68.3
- Update rootfile
- Changelog
Overview of changes in GLib 2.68.3
* Bugs fixed:
- #2311 testfilemonitor test leaks ip_watched_file_t struct
- #2417 GFile: `g_file_replace_contents()` reports `G_IO_ERROR_WRONG_ETAG` when saving from a symlink
- !2133 Backport !2128 “inotify: Fix a memory leak” to glib-2-68
- !2137 Backport !2136 “tlscertificate: Avoid possible invalid read” to glib-2-68
- !2141 Backport !2138 “glocalfileoutputstream: Fix ETag check when replacing through a symlink” to glib-2-68
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.10.3 to 3.10.4
- Update of rootfile
- Changelog
* Building of unit tests is now optional.
* Fixed a test failure when running tests under XFS.
* Fixed memory leaks in examples.
* Minor documentation fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.7.2 to 3.7.3
- Update rootfile
- Changelog
2021-05-22 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bump package version, to 3.7.3.
(LIBNETTLE_MINOR): Bump minor number, to 8.4.
(LIBHOGWEED_MINOR): Bump minor number, to 6.4.
2021-05-17 Niels Möller <nisse@lysator.liu.se>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Check up-front that input is
in range.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* rsa-decrypt.c (rsa_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Add tests with input > n.
2021-05-14 Niels Möller <nisse@lysator.liu.se>
* rsa-sign-tr.c (rsa_sec_blind): Delete mn argument.
(_rsa_sec_compute_root_tr): Delete mn argument, instead require
that input size matches key size. Rearrange use of temporary
storage, to support in-place operation, x == m. Update all
callers.
* rsa-decrypt-tr.c (rsa_decrypt_tr): Make zero-padded copy of
input, for calling _rsa_sec_compute_root_tr.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Test calling all of
rsa_decrypt, rsa_decrypt_tr, and rsa_sec_decrypt with zero input.
2021-05-06 Niels Möller <nisse@lysator.liu.se>
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): Check that message
length is valid, for given key size.
* testsuite/rsa-sec-decrypt-test.c (test_main): Add test cases for
calls to rsa_sec_decrypt specifying a too large message length.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 20210419-3.1 to 20210522-3.1
- Update rootfile
- Changelog
2021-05-22 Jess Thrysoee
* version-info: 0:66:0
* all: sync with upstream source
* src/el.c: editrc not read on systems without issetugid
Patch by Trevor Cordes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Core Update 158 specifically ships files that are new or have changed to
keep the size of the update down.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 10.36 to 10.37
- Update rootfile
- find-dependencies run to check impact of so lib bump
No issues found
- Changelog
Version 10.37 26-May-2021
1. Change RunGrepTest to use tr instead of sed when testing with binary
zero bytes, because sed varies a lot from system to system and has problems
with binary zeros. This is from Bugzilla #2681. Patch from Jeremie
Courreges-Anglas via Nam Nguyen. This fixes RunGrepTest for OpenBSD. Later:
it broke it for at least one version of Solaris, where tr can't handle binary
zeros. However, that system had /usr/xpg4/bin/tr installed, which works OK, so
RunGrepTest now checks for that command and uses it if found.
2. Compiling with gcc 10.2's -fanalyzer option showed up a hypothetical problem
with a NULL dereference. I don't think this case could ever occur in practice,
but I have put in a check in order to get rid of the compiler error.
3. An alternative patch for CMakeLists.txt because 10.36 #4 breaks CMake on
Windows. Patch from email@cs-ware.de fixes bugzilla #2688.
4. Two bugs related to over-large numbers have been fixed so the behaviour is
now the same as Perl.
(a) A pattern such as /\214748364/ gave an overflow error instead of being
treated as the octal number \214 followed by literal digits.
(b) A sequence such as {65536 that has no terminating } so is not a
quantifier was nevertheless complaining that a quantifier number was too big.
5. A run of autoconf suggested that configure.ac was out-of-date with respect
to the lastest autoconf. Running autoupdate made some valid changes, some valid
suggestions, and also some invalid changes, which were fixed by hand. Autoconf
now runs clean and the resulting "configure" seems to work, so I hope nothing
is broken. Later: the requirement for autoconf 2.70 broke some automatic test
robots. It doesn't seem to be necessary: trying a reduction to 2.60.
6. The pattern /a\K.(?0)*/ when matched against "abac" by the interpreter gave
the answer "bac", whereas Perl and JIT both yield "c". This was because the
effect of \K was not propagating back from the full pattern recursion. Other
recursions such as /(a\K.(?1)*)/ did not have this problem.
7. Restore single character repetition optimization in JIT. Currently fewer
character repetitions are optimized than in 10.34.
8. When the names of the functions in the POSIX wrapper were changed to
pcre2_regcomp() etc. (see change 10.33 #4 below), functions with the original
names were left in the library so that pre-compiled programs would still work.
However, this has proved troublesome when programs link with several libraries,
some of which use PCRE2 via the POSIX interface while others use a native POSIX
library. For this reason, the POSIX function names are removed in this release.
The macros in pcre2posix.h should ensure that re-compiling fixes any programs
that haven't been compiled since before 10.33.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.2.25 (2014) to 3.5.0 (2019)
- Update rootfile
- Added --disable-static to ./configure
- Added --bindir=/usr/sbin otherwise binaries were installed in /usr/bin
Previous version installed the binaries in /usr/sbin without any command
This maintains location of binaries the same across the versions
- Changelog is no longer provided. Changes have to be found by reading
through the commits. https://github.com/thom311/libnl/releases
This is too large to include here.
There are 664 commits across 7 releases
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.49 to 2.50
- Update rootfile
- Version 2.50 failed to install capsh - bug raised for this
https://bugzilla.kernel.org/show_bug.cgi?id=213261
patch to fix this bug created and used in this build
- Changelog
Release notes for 2.50
2021-05-24 12:05:16 -0700
Some new capsh features:
--explain=cap_foo: describe what cap_foo does (Bug 212451)
--suggest=phrase: search all the cap descriptions and describe those that match the phrase
Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics.
this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin.
Add a test case for recent kernel fix (Bug 212737)
Go pragma fix for convenience functions in "cap" module (reported by Lorenz Bauer. Bug 212321)
Minor man documentation updates
Minor build tree improvements (mostly for maintainer)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.6.14 to 3.6.16
- Update rootfile
- Changelog
* Version 3.6.16 (released 2021-05-24)
** libgnutls: Fixed potential miscalculation of ECDSA/EdDSA code backported from
Nettle. In GnuTLS, as long as it is built and linked against the fixed
version of Nettle, this only affects GOST curves. [CVE-2021-20305]
** libgnutls: Fixed potential use-after-free in sending "key_share"
and "pre_shared_key" extensions. When sending those extensions, the
client may dereference a pointer no longer valid after
realloc. This happens only when the client sends a large Client
Hello message, e.g., when HRR is sent in a resumed session
previously negotiated large FFDHE parameters, because the initial
allocation of the buffer is large enough without having to call
realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low]
* Version 3.6.15 (released 2020-09-04)
** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
The server sending a "no_renegotiation" alert in an unexpected timing,
followed by an invalid second handshake was able to cause a TLS 1.3 client to
crash via a null-pointer dereference. The crash happens in the application's
error handling path, where the gnutls_deinit function is called after
detecting a handshake failure (#1071). [GNUTLS-SA-2020-09-04, CVSS: medium]
** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
indicates that with a false return value (!1306).
** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
accordingly to SP800-56A rev 3 (!1295, !1299).
** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
the size of the internal base64 blob (#1025). The new behavior aligns to the
existing documentation.
** libgnutls: Certificate verification failue due to OCSP must-stapling is not
honered is now correctly marked with the GNUTLS_CERT_INVALID flag
(!1317). The new behavior aligns to the existing documentation.
** libgnutls: The audit log message for weak hashes is no longer printed twice
(!1301).
** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
disabled in the priority string. Previously, even when TLS 1.2 is explicitly
disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
enabled (#1054).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch removes translations, directives in LFS files, and ALG shared
object files which all became orphaned after we disabled ALGs due to NAT
Slipstreaming vulnerability in Core Update 155.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Notable changes as per https://git.savannah.gnu.org/cgit/dmidecode.git/plain/NEWS:
Version 3.3 (Wed Oct 14 2020)
- [BUILD] Allow overriding build settings from the environment.
- [COMPATIBILITY] Document how the UUID fields are interpreted.
- [PORTABILITY] Don't use memcpy on /dev/mem on arm64.
- [PORTABILITY] Only scan /dev/mem for entry point on x86.
- Support for SMBIOS 3.3.0. This includes new processor names, new port
connector types, and new memory device form factors, types and
technologies.
- Add bios-revision, firmware-revision and system-sku-number to -s option.
- Use the most appropriate unit for cache size.
- Decode system slot base bus width and peers.
- Important bug fixes:
Fix Redfish Hostname print length
Fix formatting of TPM table output
Fix System Slot Information for PCIe SSD
Don't choke on invalid processor voltage
- Use the most appropriate unit for cache size.
Version 3.2 (Wed Sep 14 2018)
- [COMPATIBILITY] The UUID is now displayed using lowercase letters, per
RFC 4122 (#53569). You must ensure that any code parsing it is
case-insensitive.
- Support for SMBIOS 3.2.0. This includes new processor names, new socket
and port connector types, new system slot state and property, and support
for non-volatile memory (NVDIMM).
- Support for Redfish management controllers.
- A new command line option to query a specific structure by its handle.
- A new command line option to query the system family string.
- Support for 3 ThinkPad-specific structures (patch #9642).
- Support for HPE's new company name.
- Support UEFI on FreeBSD.
- Important bug fixes:
Fix firmware version of TPM device
Fix the HPE UEFI feature flag check
- (biosdecode) A new command line option to fully decode PIR information
(support request #109339).
This patch also features two new patches recommended by upstream, whose
online version can be retrieved at
https://git.savannah.gnu.org/cgit/dmidecode.git/commit/?id=1117390ccd9cea139638db6f460bb6de70e28f94https://git.savannah.gnu.org/cgit/dmidecode.git/commit/?id=11e134e54d15e67a64c39a623f492a28df922517.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.3.0 to 2.4.1
- Update rootfile
- Changelog (URL in changelog changed to https://verbump(dot)de as mail was
rejected by IPFire mail system due to policy violation because URL was
highlighted as a blacklisted addresss
Release 2.4.1 Sun May 23 2021
Bug fixes:
#488#490 Autotools: Fix installed header expat_config.h for multilib
systems; regression introduced in 2.4.0 by pull request #486
Other changes:
#491#492 Version info bumped from 9:0:8 to 9:1:8;
see https://verbump(dot)de/ for what these numbers do
Special thanks to:
Gentoo's QA check "multilib_check_headers"
Release 2.4.0 Sun May 23 2021
Security fixes:
#34#466#484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
(denial-of-service; flavors targeting CPU time or RAM or both,
leveraging general entities or parameter entities or both)
by tracking and limiting the input amplification factor
(<amplification> := (<direct> + <indirect>) / <direct>).
By conservative default, amplification up to a factor of 100.0
is tolerated and rejection only starts after 8 MiB of output bytes
(=<direct> + <indirect>) have been processed.
The fix adds the following to the API:
- A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
signals this specific condition.
- Two new API functions ..
- XML_SetBillionLaughsAttackProtectionMaximumAmplification and
- XML_SetBillionLaughsAttackProtectionActivationThreshold
.. to further tighten billion laughs protection parameters
when desired. Please see file "doc/reference.html" for details.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
- Two new XML_FEATURE_* constants ..
- that can be queried using the XML_GetFeatureList function, and
- that are shown in "xmlwf -v" output.
- Two new environment variable switches ..
- EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
- EXPAT_ENTITY_DEBUG=(0|1)
.. for runtime debugging of accounting and entity processing.
Specific behavior of these values may change in the future.
- Two new command line arguments "-a FACTOR" and "-b BYTES"
for xmlwf to further tighten billion laughs protection
parameters when desired.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
Bug fixes:
#332#470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
for UTF-16 payloads containing CDATA sections.
#485#486 Autotools: Fix generated CMake files for non-64bit and
non-Linux platforms (e.g. macOS and MinGW in particular)
that were introduced with release 2.3.0
Other changes:
#468#469 xmlwf: Improve help output and the xmlwf man page
#463 xmlwf: Improve maintainability through some refactoring
#477 xmlwf: Fix man page DocBook validity
#458#459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
and CMAKE_INSTALL_INCLUDEDIR
#471#481 CMake: Add support for standard variable BUILD_SHARED_LIBS
#457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
#467 Resolve macro HAVE_EXPAT_CONFIG_H
#472 Delete unused legacy helper file "conftools/PrintPath"
#473#483 Improve attribution
#464#465#477 doc/reference.html: Fix XHTML validity
#475#478 doc/reference.html: Replace the 90s look by OK.css
#479 Version info bumped from 8:0:7 to 9:0:8
due to addition of new symbols and error codes;
see https://verbump(dot)de/ for what these numbers do
Infrastructure:
#456 CI: Enable periodic runs
#457 CI: Start covering the list of exported symbols
#474 CI: Isolate coverage task
#476#482 CI: Adapt to breaking changes in image "ubuntu-18.04"
#477 CI: Cover well-formedness and DocBook/XHTML validity
of doc/reference.html and doc/xmlwf.xml
Special thanks to:
Dimitry Andric
Eero Helenius
Nick Wellnhofer
Rhodri James
Tomas Korbar
Yury Gribov and Clang LeakSan
JetBrains
OSS-Fuzz
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 7.76.1 to 7.77.0
- Update rootfile
- Changelog is too large to include here. It can be accesed at
https://curl.se/changes.html
There are 5 changes and 133 bug fixes of which 3 are related to CVE's
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
