For details see:
https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00007.html
"
...
The specific issue that was addressed in this release:
https://savannah.gnu.org/bugs/?63616 (pasting succeeded despite --view)
Changes between v7.1 and v7.2:
------------------------------
Benno Schulenberg (12):
bindings: let ^/ toggle between the 'search' and 'gotoline' menus
bump version numbers and add a news item for the 7.2 release
copyright: update the years for the FSF
docs: give ^K and ^U some useful function in the alternative bindings
docs: put the binding of ^Y after its unbinding, for it to be effective
gnulib: update to its current upstream state
input: disallow bracketed pastes when in view mode
po: update translations and regenerate POT file and PO files
syntax: html: colorize specially the other two emphasizing tags too
tweaks: avoid warnings when compiling with -Wpedantic
tweaks: rewrap an old news item
tweaks: separate a special thanks from the preceding ones"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details for 9.16.36 and 9.16.37 see:
https://downloads.isc.org/isc/bind9/9.16.37/doc/arm/html/notes.html#notes-for-bind-9-16-37
"Notes for BIND 9.16.37
Security Fixes
An UPDATE message flood could cause named to exhaust all available
memory. This flaw was addressed by adding a new update-quota option
that controls the maximum number of outstanding DNS UPDATE messages
that named can hold in a queue at any given time (default: 100).
(CVE-2022-3094)
ISC would like to thank Rob Schulhof from Infoblox for bringing this
vulnerability to our attention. [GL #3523]
named could crash with an assertion failure when an RRSIG query was
received and stale-answer-client-timeout was set to a non-zero value.
This has been fixed. (CVE-2022-3736)
ISC would like to thank Borja Marcos from Sarenet (with assistance by
Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to
our attention. [GL #3622]
named running as a resolver with the stale-answer-client-timeout option
set to any value greater than 0 could crash with an assertion failure,
when the recursive-clients soft quota was reached. This has been fixed.
(CVE-2022-3924)
ISC would like to thank Maksym Odinintsev from AWS for bringing this
vulnerability to our attention. [GL #3619]
New Features
The new update-quota option can be used to control the number of
simultaneous DNS UPDATE messages that can be processed to update an
authoritative zone on a primary server, or forwarded to the primary
server by a secondary server. The default is 100. A new statistics
counter has also been added to record events when this quota is
exceeded, and the version numbers for the XML and JSON statistics
schemas have been updated. [GL #3523]
Feature Changes
The Differentiated Services Code Point (DSCP) feature in BIND has been
deprecated. Configuring DSCP values in named.conf now causes a warning
to be logged. Note that this feature has only been partly operational
since the new Network Manager was introduced in BIND 9.16.0. [GL #3773]
The catalog zone implementation has been optimized to work with
hundreds of thousands of member zones. [GL #3744]
Bug Fixes
In certain query resolution scenarios (e.g. when following CNAME
records), named configured to answer from stale cache could return a
SERVFAIL response despite a usable, non-stale answer being present in
the cache. This has been fixed. [GL #3678]
...
Notes for BIND 9.16.36
Feature Changes
The auto-dnssec option has been deprecated and will be removed in a
future BIND 9.19.x release. Please migrate to dnssec-policy. [GL #3667]
Bug Fixes
When a catalog zone was removed from the configuration, in some cases a
dangling pointer could cause the named process to crash. This has been
fixed. [GL #3683]
When a zone was deleted from a server, a key management object related
to that zone was inadvertently kept in memory and only released upon
shutdown. This could lead to constantly increasing memory use on
servers with a high rate of changes affecting the set of zones being
served. This has been fixed. [GL #3727]
In certain cases, named waited for the resolution of outstanding
recursive queries to finish before shutting down. This was unintended
and has been fixed. [GL #3183]
The zone <name>/<class>: final reference detached log message was moved
from the INFO log level to the DEBUG(1) log level to prevent the
named-checkzone tool from superfluously logging this message in
non-debug mode. [GL #3707]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
I have removed the patches instead of readd the mpfr-4.1.0
patchset because this result may result in different builds if we
not update the prebuild toolchain.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 2.4.6 (Feb 2015) to 2.4.7 (Mar 2022)
- Update of rootfile
- The shebang in the libtoolize script has changed from ! /bin/sh to ! /usr/bin/env sh
because apparently the previous version presented challenges for containerised
environments. For IPFire build it meant that using libtoolize in the build of libxcrypt
failed because it could not deal with the changed shebang.
- Patch created to change the shebang for libtoolize.in back to the version in 2.4.6 and
earlier.
- The change of libtoolize.in then caused the libtool build to try and rebuild the man
page for it but this fails as help2man is required for this. There is no option in the
configure to not build the docs so hence there is an associated patch with this one
that build help2man but the rootfile is completely commented out as it is only
required for the build
- Added --disable-static to the configure options
- Changelog
Noteworthy changes in release 2.4.7 (2022-03-16) [stable]
New features:
- Libtool script now supports (configure-time and runtime) ARFLAGS
variable, which obsoletes AR_FLAGS. This is due to naming conventions
among other *FLAGS and to be consistent with Automake's ARFLAGS.
- Gnulib testsuite is enabled and run during 'make check'.
- Support the Windows version of the Intel C Compiler (icl) in
libtool script.
- Pass '-fsanitize=*' flags for GCC and LLVM, and '-specs=*' for GCC
to linker.
- Pass '-Xassembler=*' and '-Wa,*' flag to compilers and linkers.
- The variable 'FILECMD' with default value of '/usr/bin/file' was used to
replace existing hard coded references to '/usr/bin/file'.
- Add MidnightBSD support.
Important incompatible changes:
- Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'.
- Do not pass '-pthread' to Solaris linker.
- 'libtool' and 'libtoolize' scripts now use '#! /usr/bin/env sh' shebang.
Previously '#! /bin/sh' was used, which presents challenges for
containerized environments.
Bug fixes:
- Fix significant slowdown of libtoolize for certain projects (regression
introduced in 2.4.3 release) caused by infinite m4 macro recursion.
- Mitigate the slowdown of libtool script (introduced in v2.4.3) caused by
increased number of calls to '$SED $sed_quote_subst' (bug#20006).
- Properly parse and export TLS symbols on AIX.
- Various bug fixes surrounding use of 'sed'.
- Darwin systems set proper "allow undefined" flag on OSX 11, and
PowerPC 10.5.
- Removed some deprecated tests related to 'Makefile.inc' files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
[Please note: This 'clamav' version needs rust >1.56]
For details see:
https://blog.clamav.net/2022/11/clamav-100-lts-released.html
Excerpt:
"Major changes
Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password. Use of
the default password will now appear in the metadata JSON.
Overhauled the implementation of the all-match feature. The newer code is more reliable and easier to
maintain.
This project fixed several known issues with signature detection in all- match mode:
Enabled embedded file-type recognition signatures to match when a malware signature also matched in
a scan of the same layer.
Enabled bytecode signatures to run in all-match mode after a match has occurred.
Fixed an assortment of all-match edge case issues.
Added multiple test cases to verify correct all-match behavior.
Added a new callback to the public API for inspecting file content during a scan at each layer of archive
extraction.
The new callback function type is clcb_file_inspection defined in clamav.h.
The function cl_engine_set_clcb_file_inspection() may be used to enable the callback prior to performing
a scan.
This new callback is to be considered unstable for the 1.0 release. We may alter this function in a
subsequent feature version.
Added a new function to the public API for unpacking CVD signature archives.
The new function is cl_cvdunpack(). The last parameter for the function may be set to verify if a CVD's
signature is valid before unpacking the CVD content to the destination directory.
The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default
build options for TomsFastMath to support bigger floating point numbers. Without this change, database and
Windows EXE/DLL authenticode certificate validation may fail. The ENABLE_EXTERNAL_TOMSFASTMATH build is now
ignored.
Moved the Dockerfile and supporting scripts from the main ClamAV repository over to a new
repository: https://github.com/Cisco-Talos/clamav-docker
The separate repository will make it easier to update the images and fix issues with images for released
ClamAV versions.
Any users building the ClamAV Docker image rather than pulling them from Docker Hub will have to get the
latest Docker files from the new location.
Increased the SONAME major version for libclamav because of ABI changes between the 0.103 LTS release and
the 1.0 LTS release.
Other improvements
Add checks to limit PDF object extraction recursion.
Increased the limit for memory allocations based on untrusted input and altered the warning message when the
limit is exceeded so that it is more helpful and less dramatic.
Dramatically improved the build time of libclamav-Rust unit tests. The unit test build is included in the
time limit for the test itself and was timing out on slower systems. The ClamAV Rust code modules now share
the same build directory, which also reduces the amount of disk space used for the build.
For Windows: The debugging symbol (PDB) files are now installed alongside the DLL and LIB library files when
built in "RelWithDebInfo" or "Debug" mode.
Relaxed the constraints on the check for overlapping ZIP file entries so as not to alert on slightly
malformed, but non-malicious, Java (JAR) archives.
Increased the time limit in FreshClam before warning if the DNS entry is stale. In combination with changes
to update the DNS entry more frequently, this should prevent false alarms of failures in the database
publication system.
Docker: The C library header files are now included in the Docker image. Patch courtesy of GitHub user
TerminalFi.
Show the BYTECODE_RUNTIME build options when using the ccmake GUI for CMake. Patch courtesy of
Дилян Палаузов.
Added explicit minimum and maximum supported LLVM versions so that the build will fail if you try to build
with a version that is too old or too new and will print a helpful message rather than simply failing to
compile because of compatibility issues. Patch courtesy of Matt Jolly.
Fixed compiler warnings that may turn into errors in Clang 16. Patch courtesy of Michael Orlitzky.
Allow building with a custom RPATH so that the executables may be moved after build in a development
environment to a final installation directory.
Bug fixes
Assorted code quality fixes. These are not security issues and will not be backported to prior feature
versions:
Several heap buffer overflows while loading PDB and WDB databases were found by OSS-Fuzz and by Michal
Dardas.
oss-fuzz 43843: heap buffer overflow read (1) cli_sigopts_handler
oss-fuzz 44849: heap buffer overflow read (4) in HTML/js-norm
oss-fuzz 43816: heap buffer overflow read (8) in cli_bcomp_freemeta
oss-fuzz 43832: heap buffer overflow read (2) in cli_parse_add
oss-fuzz 44493: integer overflow in cli_scannulsft
CIFuzz leak detected in IDB parser
oss-fuzz assorted signature parser leaks
oss-fuzz 40601: leak detected in pdf_parseobj
Fixed a build failure when using LIBCLAMAV_ONLY mode with tests enabled.
Fixed an issue verifying EXE/DLL authenticode signatures to determine a given file can be trusted (skipped).
Fixed a caching bug relating to the Container and Intermediates logical signature condition.
Fixed a build issue when build with RAR disabled or when building with an external libmspack library rather
than the bundled library.
Fixed the capitalization of the -W option for clamonacc in the clamonacc manpage. Patch courtesy of GitHub
user monkz.
macOS: Fixed an issue with memory-map (mmap) system call detection affecting versions 0.105 and 0.104.
Memory maps may be used in ClamAV to improve signature load performance and scan performance, as well as RAM
usage.
Fixed a performance issue with Rust code when the build type is not explicitly set to "Release" or
"RelWithDebInfo". The Rust default build type is now "RelWithDebInfo" just like the C code, instead of
Debug. This means it is now optimized by default.
Fixed an issue loading Yara rules containing regex strings with an escaped forward-slash (\/) followed by a
colon (:).
Fixed an issue detecting and scanning ZIP file entries appended to very small files. The fix is part of the
all-match feature overhaul.
Fixed a detection issue with EXE/DLL import-address-table hash signatures that specify a wildcard (*) for
the size field. The fix is part of the all-match feature overhaul.
Fixed the default bytecode timeout value listed in the manpages and in the sample config files. Patches
courtesy of Liam Jarvis and Ben Bodenmiller.
Fixed an issue building the libclamav_rust test program when running ctest if building
with BYTECODE_RUNTIME=llvm and when the FindLLVM.cmake module is used to find the LLVM libraries. Patch
courtesy of GitHub user teoberi.
Fixed an issue where scans sent to clamd with the all-match mode enabled caused all subsequent scans to also
use all-match mode.
Fixed bug when starting clamonacc with the --log=FILE option that created randomly named files in the
current directory.
Other assorted bug fixes."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Please see the discussions about this patch series here:
https://lists.ipfire.org/pipermail/development/2022-November/014714.html
and here:
https://lists.ipfire.org/pipermail/development/2022-November/014887.html
During building 'rust 1.65', I always got:
...
error: invalid inclusion of reserved file name Cargo.toml.orig in
package source
...
[Build stops]
After a rather frustrating while, I decided to delete this file during building the particular crate file.
Fun! Building completed without errors.
For now, I added an appropriate if-statement in each crate file which contains 'Cargo.toml.orig'.
If 'Cargo-toml.orig' is present: delete it. Just throw it away.
It might be that there is a more elegant way to do this - if 'someone' has a better solution, please
submit an easier patch.
I searched a few days, but didn't find ANY clue what is going on here.
All I can say: building runs. No more errors or breaks. Nothing.
Please test and confirm.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1650-2022-11-03
I started updating rust to 1.65 mainly because 'clamav 0.105.1-3' and the
shortly thereafter released version 'clamav 1.0.0' need at least 'rust 1.56':
"Building ClamAV requires, at a minimum, Rust compiler version 1.56, as it
relies on features introduced in the Rust 2021 Edition."
At this point we were still on 'nightly 2022-01-27'. Ok then...
But it was a bit more tricky than I thought, because this update wouldn't build without
patching most of the existing rust-crate-lfs files in a way I didn't expect.
Please note the patch series following this update...
Nevertheless, the update to 1.65 and ALL testbuilds completed without any errors.
Unfortunately, I can only provide the rootfile for x86_64 - I don't have the appropriate hardware
for anything else.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
During updating rust to 1.65 I found that 'lfsmake2 rust' appeared
twice and removed the second - obsolete - call.
'rust-cipher' now requires 'rust-crypto-common', but was called later
in the build sequence.
=> Moved 'rust-crypto-common' just before 'rust-cipher'. [Thanks Adolf! ;-)]
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Existing iotop is version 0.6 from 2013. In that original repository there have been 42
commits since then up to 2022-03-07 but without any version release.
- In 2020 a new repository was started, based on the original iotop but converted to only
C code with no python. This is being updated on a regular basis with version releases.
This version was released in July 10th 2022. There have been n21 releases since this
repository was started.
- Built and tested this version of iotop and it gave a screen with very similar look to
the original version. The new version has the ability to scroll all the entries whereas
the original one required the window to be made larger to show more entries.
- The new version also has a column showing a graphical view of the amount of traffic as
well as the actual numbers.
- Overall this looks to match what vthe original iotop did, plus with a few extras and is
being regularly maintained with new releases.
- Updated rootfile
- This version of iotop is automatically placed in /usr/sbin as the original used to be.
- New repository is at https://github.com/Tomas-M/iotop
- Changelog can be seen at the above repository. It is too large to include here with
21 version updates.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.3 to 0.4
- Update of rootfile not required
- Changelog
* Release version 0.4
* Complement phyint whitelist with blacklist
Fixes: #54
Implement new phyint configuration option (blacklist), which enables
blocking of specific traffic.
* Chroot and drop privileges after startup
With this PR:
- The apparent root directory can be changed after startup, thus denying
igmpproxy access to files and commands outside that environmental
directory tree.
- igmpproxy can drop root privileges after startup by changing id to
another user.
* Add travis apt repositories for Ubuntu Precise
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.2.5.1 to 1.2.8
- Update of rootfile
- Changelog for alsa-lib and alsa-utils is too long to include here.
Details can be found by looking at the individual web site pages for each change
version from 1.2.5.1 to 1.2.8 at https://www.alsa-project.org/wiki/Main_Page_News
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 4.11.1 to 4.13
- Update of rootfile not required
- Changelog
4.13
* useradd.8: fix default group ID (Tim Biermann)
* Revert drop of subid_init() (Serge Hallyn)
* Georgian translation (NorwayFun)
* useradd: Avoid taking unneeded space: do not reset non-existent data
in lastlog (David Kalnischkies)
* relax username restrictions (Alexander Kanavin)
* selinux: check MLS enabled before setting serange (genBTC)
* copy_tree: use fchmodat instead of chmod (Samanta Navarro)
* copy_tree: don't block on FIFOs (Samanta Navarro)
* add shell linter (Jan Macku)
* copy_tree: carefully treat permissions (Samanta Navarro)
* lib/commonio: make lock failures more detailed (Luca BRUNO)
* lib: use strzero and memzero where applicable (Christian Göttsche)
* Update Dutch translation (Frans Spiesschaert)
* Don't test for NULL before calling free (Alex Colomar)
* Use libc MAX() and MIN() (Alejandro Colomar)
* chage: Fix regression in print_date (Xiami)
* usermod: report error if homedir does not exist (Iker Pedrosa)
* libmisc: minimum id check for system accounts (Iker Pedrosa)
* fix usermod -rG x y wrongly adding a group (xyz)
* man: add missing space in useradd.8.xml (Iker Pedrosa)
* lastlog: check for localtime() return value (Iker Pedrosa)
* Raise limit for passwd and shadow entry length (Iker Pedrosa)
* Remove adduser-old.c (Alejandro Colomar)
* useradd: Fix buffer overflow when using a prefix (David Michael)
* Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn)
4.12.3
Revert removal of subid_init, which should have bumped soname. So note that 4.12
through 4.12.2 were broken for subid users.
4.12.2
This includes the fix by Christian Göttsche for a TOCTTOU when copying directories.
4.12.1
This should fix the broken uk manpages in 4.12.
4.12
This release includes the following changes:
* Add absolute path hint to --root (Celeste Liu)
* Various cleanups (Christian Göttsche)
* Fix Ubuntu release used in CI tests (Jeremy Whiting)
* add -F options to useradd (and tests) (Masatake YAMATO)
* useradd manpage updates (Masatake YAMATO and Alexander Zhang))
* Check for ownerid (not just username) in subid ranges (Iker Pedrosa)
* Declare file local functions static (Christian Göttsche)
* Use strict prototypes (Christian Göttsche)
* Do not drop const qualifier for Basename (Christian Göttsche)
* Constify various pointers (Christian Göttsche)
* Don't return uninitialized memory (Christian Göttsche)
* Don't let compiler optimize away memory cleaning (Christian Göttsche)
* Remove many obsolete compatibility checks and defines (Alejandro Colomar)
* Modify ID range check in useradd (Iker Pedrosa)
* Use "extern "C"" to make libsubid easier to use from C++ (Alois Wohlschlager)
* French translation updates (bubu)
* Fix s/with-pam/with-libpam/ (serge)
* Spanish translation updates (Fernando)
* French translation fixes (Balint Reczey)
* Default max group name length to 32 (Jami Kettunen)
* Fix PAM service files without-selinux (Ali Riza KESKIN)
* Improve manpages (Markus Hiereth)
- groupadd, useradd, usermod
- groups and id
- pwck
* Add fedora to CI builds (Iker Pedrosa)
* Fix condition under which pw_dir check happens (Ed Neville)
* logoutd: switch to strncat (Steve Grubb)
* AUTHORS: improve markdown output (Iker Pedrosa)
* Handle ERANGE errors correctly (Niko)
* Check for fopen NULL return (juyin)
* Split get_salt() into its own fn juyin)
* Get salt before chroot to ensure /dev/urandom. (juyin)
* Chpasswd code cleanup (juyin)
* Work around git safe.directory enforcement (serge)
* Alphabetize order in usermod help (Matheus Marques)
* Erase password copy on error branches (Christian Göttsche)
* Suggest using --badname if needed (Iker Pedrosa)
* Update translation files (Iker Pedrosa)
* Correct badnames option to badname (Iker Pedrosa)
* configure: replace obsolete autoconf macros (Christian Göttsche)
* tests: replace egrep with grep -E (Sam James)
* Update Ukrainian translations (Yuri Chornoivan)
* Cleanups (Iker Pedrosa)
- Remove redeclared variable
- Remove commented out code and FIXMEs
- Add header guards
- Initialize local variables
* CI updates (Iker Pedrosa)
- Create github workflow to install dependencies
- Enable CodeQL
- Update actions version
* libmisc: use /dev/urandom as fallback if other methods fail (Xi Ruoyao)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 7.0.0.11 to 7.0.4
- Update of rootfile
- Changelog
updated language flags, catch abortcompile throw in non-ragel progs
7.0.3
This version of colm includes a critical fix for big-endian system. Fixes#61.
expect colm version 0.14.6 and version bump ragel to 7.0.3
7.0.2
Latest colm includes bugfixes for refcounting, which fixes a ragel issue with includes #58.
expect colm 0.14.5 and version bump to 7.0.2
7.0.1
removed accidental commit of ragel/.exrc
7.0.0.12
implemented NfaClear in asm codegen
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.13.0.6 to 0.14.7
- Update of rootfile
- patch from colm commit fc61ecb required to fix bug of make looking for static and
dynamic libs even if one of them was disabled
- Changelog is not available in source tarball or on website etc. Changes have to be
reviewed by the commits https://github.com/adrian-thurston/colm/commits/0.14.7
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 21.3 to 23.0
- Update of rootfile
- Changelog
23.0
What's Changed
Remove unused LPAREN token from tokenizer by @hrnciar in #630
Reorganise the project layout and version management by @pradyunsg in #626
Correctly handle non-normalised specifiers in requirements by @pradyunsg in #634
Use stable Python 3.11 in tests by @153957 in #641
Fix typing for specifiers.BaseSpecifier.filter() by @henryiii in #643
Correctly handle trailing whitespace on URL requirements by @pradyunsg in #642
refactor _generic_api to use EXT_SUFFIX by @mattip in #607
Allow "extra" to be None in the marker environment by @pradyunsg in #650
Fix typos by @kianmeng in #648
Update changelog for release by @pradyunsg in #656
22.0
What's Changed
Fix compatible version specifier incorrectly strip trailing '0' by @kasium in #493
Remove support for Python 3.6 by @abravalheri in #500
Use concurrency limit in ci by @blink1073 in #510
Fix issue link in changelog. by @bdice in #509
chore: test with PyPy 3.8 & 3.9 by @mayeut in #512
Accept locally installed prereleases by @q0w in #515
Always run GHA workflows when they change by @mayeut in #516
Add __hash__/__eq__ to requirements by @abravalheri in #499
Upgrade to setup-python v3 and use caching for GHA by @brettcannon in #521
allow pre-release versions in marker evaluation by @graingert in #523
Error out from workflow on missing interpreter by @mayeut in #525
chore: update pre-commit config to the latest repos' versions by @mayeut in #534
chore: remove Windows PyPy 3.9 workaround on GHA by @mayeut in #533
Use pipx to run nox / build in GHA workflows by @mayeut in #517
Run tests with all PyPy versions locally by @mayeut in #535
Adhere to PEP 685 when evaluating markers with extras by @hroncok in #545
chore: update mypy and move to toml by @henryiii in #547
Normalize extra comparison in markers for output by @brettcannon in #549
Evaluate markers under environment with empty "extra" by @MrMino in #550
Do not set extra in default_environment() by @sbidoul in #554
Update extlinks strings to use a format string by @mayeut in #555
Update CI test workflow to use setup-python@v4 by @mayeut in #556
CI: Update actions/* to their latest major versions by @mayeut in #557
Fix a spelling mistake by @venthur in #558
fix: macOS platform tags with old macOS SDK by @mayeut in #513
Correctly parse ELF for musllinux on Big Endian by @uranusjr in #538
A metadata module with a data class for core metadata by @brettcannon in #518
Document utils.NormalizedName by @brettcannon in #565
Drop LegacySpecifier and LegacyVersion by @pradyunsg in #407
Move metadata, versions and specifiers API documentation to sphinx.ext.autodoc by @pradyunsg in #572
Demonstrate behaviour of SpecifierSet.__iter__ by @hauntsaninja in #575
Handwritten parser for parsing requirements by @hrnciar in #484
Add changelog entry for removal of pyparsing dependency by @hroncok in #581
Use Iterator instead of Iterable for specifier filter methods by @ichard26 in #584
Better output on linter failure by @henryiii in #478
Add a "cpNNN-none-any" tag by @joonis in #541
Document exceptions raised by functions in utils by @MrMino in #544
Refactor ELF parsing logic to standlone class by @uranusjr in #553
Forbid prefix version matching on pre-release/post-release segments by @mayeut in #563
Update coverage to >=5.0.0 by @mayeut in #586
Normalize specifier version for prefix matching by @mayeut in #561
Add python 3.11 by @mayeut in #587
Fix prefix version matching by @mayeut in #564
Remove duplicate namedtuple by @layday in #589
Update changelog by @pradyunsg in #595
Change email-related fields in Metadata to str by @brettcannon in #596
Add versionchanged for 21.3 by @brettcannon in #599
refactor: use flit as a backend by @henryiii in #546
Remove packaging.metadata by @pradyunsg in #603
Refactor nox requirements to use requirements files (#601) by @strokirk in #609
Improve Requirement/Marker parser with context-sensitive tokenisation by @pradyunsg in #624
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Comment added to remind, when doing version update, that borgbackup only works with
certain versions at any one time.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.2.0 to 1.2.3
- Update of rootfile
- This update works with python3-msgpack-1.0.4 and fixes bug 13032
- To make it work then the borgbackup-1.2.3-py3.10.egg-info directory must be the only
egg-info directory for borgbackup otherwise version 1.2.3 will end up with an error.
Versions 1.2.2 and earlier workled without any problem if there was an earlier egg-info
directory for a different version number. The borgbackup rootfile had the egg-info
directory commented out so an uninstall cleared the directory but did not remove it.
This patch has the egg-info directory in the rootfile uncommented and so an uninstall
removes the directory.
- borgbackup paks files created so that the uninstall.sh file will remove any egg-info
directory that starts with "borgbackup-1." as the first ever borgbackup was 1.0.12
When the old 1.2.0 or earlier borgbackup is uninstalled it will use the old default
paks uninstall.sh file and rootfile which will leave the old egg-info directory in
place. When version 1.2.3 is installed it will use the new install.sh script which
will remove any existing egg-info directories present still.
- Changelog
Version 1.2.3 (2022-12-24)
Upgrade notes:
Some things can be recommended for the upgrade process from borg 1.1.x (please also read the important compatibility notes below):
do you already want to upgrade? 1.1.x also will get fixes for a while.
be careful, first upgrade your less critical / smaller repos.
first upgrade to a recent 1.1.x release - especially if you run some older 1.1.* or even 1.0.* borg release.
using that, run at least one borg create (your normal backup), prune and especially a check to see everything is in a good state.
check the output of borg check - if there is anything special, consider a borg check --repair followed by another borg check.
if everything is fine so far (borg check reports no issues), you can consider upgrading to 1.2.x. if not, please first fix any already existing issue.
if you want to play safer, first create a backup of your borg repository.
upgrade to latest borg 1.2.x release (you could use the fat binary from github releases page)
run borg compact --cleanup-commits to clean up a ton of 17 bytes long files in your repo caused by a borg 1.1 bug
run borg check again (now with borg 1.2.x) and check if there is anything special.
run borg info (with borg 1.2.x) to build the local pre12-meta cache (can take significant time, but after that it will be fast) - for more details see below.
check the compatibility notes (see below) and adapt your scripts, if needed.
if you run into any issues, please check the github issue tracker before posting new issues there or elsewhere.
If you follow this procedure, you can help avoiding that we get a lot of “borg 1.2” issue reports that are not really 1.2 issues, but existed before and maybe just were not noticed.
Compatibility notes:
matching of path patterns has been aligned with borg storing relative paths. Borg archives file paths without leading slashes. Previously, include/exclude patterns could contain leading slashes. You should check your patterns and remove leading slashes.
dropped support / testing for older Pythons, minimum requirement is 3.8. In case your OS does not provide Python >= 3.8, consider using our binary, which does not need an external Python interpreter. Or continue using borg 1.1.x, which is still supported.
freeing repository space only happens when “borg compact” is invoked.
mount: the default for --numeric-ids is False now (same as borg extract)
borg create --noatime is deprecated. Not storing atime is the default behaviour now (use --atime if you want to store the atime).
--prefix is deprecated, use -a / --glob-archives, see #6806
list: corrected mix-up of “isomtime” and “mtime” formats. Previously, “isomtime” was the default but produced a verbose human format, while “mtime” produced a ISO-8601-like format. The behaviours have been swapped (so “mtime” is human, “isomtime” is ISO-like), and the default is now “mtime”. “isomtime” is now a real ISO-8601 format (“T” between date and time, not a space).
create/recreate --list: file status for all files used to get announced AFTER the file (with borg < 1.2). Now, file status is announced BEFORE the file contents are processed. If the file status changes later (e.g. due to an error or a content change), the updated/final file status will be printed again.
removed deprecated-since-long stuff (deprecated since):
command “borg change-passphrase” (2017-02), use “borg key …”
option “--keep-tag-files” (2017-01), use “--keep-exclude-tags”
option “--list-format” (2017-10), use “--format”
option “--ignore-inode” (2017-09), use “--files-cache” w/o “inode”
option “--no-files-cache” (2017-09), use “--files-cache=disabled”
removed BORG_HOSTNAME_IS_UNIQUE env var. to use borg you must implement one of these 2 scenarios:
the combination of FQDN and result of uuid.getnode() must be unique and stable (this should be the case for almost everybody, except when having duplicate FQDN and MAC address or all-zero MAC address)
if you are aware that 1) is not the case for you, you must set BORG_HOST_ID env var to something unique.
exit with 128 + signal number, #5161. if you have scripts expecting rc == 2 for a signal exit, you need to update them to check for >= 128.
Fixes:
create: fix --list --dry-run output for directories, #7209
diff/recreate: normalize chunker params before comparing them, #7079
check: fix uninitialised variable if repo is completely empty, #7034
xattrs: improve error handling, #6988
fix args.paths related argparsing, #6994
archive.save(): always use metadata from stats (e.g. nfiles, size, …), #7072
tar_filter: recognize .tar.zst as zstd, #7093
get_chunker: fix missing sparse=False argument, #7056
file_integrity.py: make sure file_fd is always closed on exit
repository: cleanup(): close segment before unlinking
repository: use os.replace instead of os.rename
Other changes:
remove python < 3.7 compatibility code
do not use version_tuple placeholder in setuptools_scm template
CI: fix tox4 passenv issue, #7199
vagrant: update to python 3.9.16, use the openbsd 7.1 box
misc. test suite and docs fixes / improvements
remove deprecated --prefix from docs, #7109
Windows: use MSYS2 for Github CI, remove Appveyor CI
Version 1.2.2 (2022-08-20)
New features:
prune/delete --checkpoint-interval=1800 and ctrl-c/SIGINT support, #6284
Fixes:
SaveFile: use a custom mkstemp with mode support, #6933, #6400, #6786. This fixes umask/mode/ACL issues (and also “chmod not supported” exceptions seen in 1.2.1) of files updated using SaveFile, e.g. the repo config.
hashindex_compact: fix eval order (check idx before use), #5899
create --paths-from-(stdin|command): normalize paths, #6778
secure_erase: avoid collateral damage, #6768. If a hardlink copy of a repo was made and a new repo config shall be saved, do NOT fill in random garbage before deleting the previous repo config, because that would damage the hardlink copy.
list: fix {flags:<WIDTH>} formatting, #6081
check: try harder to create the key, #5719
misc commands: ctrl-c must not kill other subprocesses, #6912
borg create with a remote repo via ssh
borg create --content-from-command
borg create --paths-from-command
(de)compression filter process of import-tar / export-tar
Other changes:
deprecate --prefix, use -a / --glob-archives, see #6806
make setuptools happy (“package would be ignored”), #6874
fix pyproject.toml to create a fixed _version.py file, compatible with both old and new setuptools_scm version, #6875
automate asciinema screencasts
CI: test on macOS 12 without fuse / fuse tests (too troublesome on github CI due to kernel extensions needed by macFUSE)
tests: fix test_obfuscate byte accounting
repository: add debug logging for issue #6687
_chunker.c: fix warnings on macOS
requirements.lock.txt: use the latest cython 0.29.32
docs:
add info on man page installation, #6894
update archive_progress json description about “finished”, #6570
json progress_percent: some values are optional, #4074
FAQ: full quota / full disk, #5960
correct shell syntax for installation using git
Version 1.2.1 (2022-06-06)
Fixes:
create: skip with warning if opening the parent dir of recursion root fails, #6374
create: fix crash. metadata stream can produce all-zero chunks, #6587
fix crash when computing stats, escape % chars in archive name, #6500
fix transaction rollback: use files cache filename as found in txn.active/, #6353
import-tar: kill filter process in case of borg exceptions, #6401#6681
import-tar: fix mtime type bug
ensure_dir: respect umask for created directory modes, #6400
SaveFile: respect umask for final file mode, #6400
check archive: improve error handling for corrupt archive metadata block, make robust_iterator more robust, #4777
pre12-meta cache: do not use the cache if want_unique is True, #6612
fix scp-style repo url parsing for ip v6 address, #6526
mount -o versions: give clear error msg instead of crashing. it does not make sense to request versions view if you only look at 1 archive, but the code shall not crash in that case as it did, but give a clear error msg.
show_progress: add finished=true/false to archive_progress json, #6570
delete/prune: fix --iec mode output (decimal vs. binary units), #6606
info: fix authenticated mode repo to show “Encrypted: No”, #6462
diff: support presence change for blkdev, chrdev and fifo items, #6615
New features:
delete: add repository id and location to prompt, #6453
borg debug dump-repo-objs --ghost: new --segment=S --offset=O options
Other changes:
support python 3.11
allow msgpack 1.0.4, #6716
load_key: no key is same as empty key, #6441
give a more helpful error msg for unsupported key formats, #6561
better error msg for defect or unsupported repo configs, #6566
docs:
document borg 1.2 pattern matching behavior change, #6407 Make clear that absolute paths always go into the matcher as if they are relative (without leading slash). Adapt all examples accordingly.
authentication primitives: improved security and performance infos
mention BORG_FILES_CACHE_SUFFIX as alternative to BORG_FILES_CACHE_TTL, #5602
FAQ: add a hint about --debug-topic=files_cache
improve borg check --max-duration description
fix values of TAG bytes, #6515
borg compact --cleanup-commits also runs a normal compaction, #6324
virtualization speed tips
recommend umask for passphrase file perms
borg 1.2 is security supported
update link to ubuntu packages, #6485
use --numeric-ids in pull mode docs
remove blake2 docs, blake2 code not bundled any more, #6371
clarify on-disk order and size of segment file log entry fields, #6357
docs building: do not transform --/--- to unicode dashes
tests:
check that borg does not require pytest for normal usage, fixes#6563
fix OpenBSD symlink mode test failure, #2055
vagrant:
darwin64: remove fakeroot, #6314
update development.lock.txt
use pyinstaller 4.10 and python 3.9.13 for binary build
upgrade VMCPUS and xdistn from 4 to 16, maybe this speeds up the tests
crypto:
use hmac.compare_digest instead of ==, #6470
hmac_sha256: replace own cython wrapper code by hmac.digest python stdlib (since py38)
hmac and blake2b minor optimizations and cleanups
removed some unused crypto related code, #6472
avoid losing the key (potential use-after-free). this never could happen in 1.2 due to the way we use the code. The issue was discovered in master after other changes, so we also “fixed” it here before it bites us.
setup / build:
add pyproject.toml, fix sys.path, #6466
setuptools_scm: also require it via pyproject.toml
allow extra compiler flags for every extension build
fix misc. C / Cython compiler warnings, deprecation warnings
fix zstd.h include for bundled zstd, #6369
source using python 3.8 features: pyupgrade --py38-plus ./**/*.py
Fixes: Bug #13032
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.11.0 to 3.13.0
- Update of rootfile
- Changelog
libfuse 3.13.0 (2023-01-13)
- There is a new low-level API function `fuse_session_custom_io` that allows to implement
a daemon with a custom io. This can be used to create a daemon that can process incoming
FUSE requests to other destinations than `/dev/fuse`.
- A segfault when loading custom FUSE modules has been fixed.
- There is a new `fuse_notify_expire_entry` function.
- A deadlock when resolving paths in the high-level API has been fixed.
- libfuse can now be build explicitly for C libraries without symbol versioning support.
libfuse 3.12.0 (2022-09-08)
- There is a new build parameter to specify where the SysV init script should be
installed.
- The *max_idle_threads* parameter has been deprecated in favor of the new max_threads*
parameter (which avoids the excessive overhead of creating and destructing threads).
Using max_threads == 1 and calling fuse_session_loop_mt() will run single threaded
similar to fuse_session_loop().
The following changes apply when using the most recent API (-DFUSE_USE_VERSION=312,
see `example/passthrough_hp.cc` for an example for how to usse the new API):
- `struct fuse_loop_config` is now private and has to be constructed using
- fuse_loop_cfg_create()* and detroyed with *fuse_loop_cfg_destroy()*. Parameters can be
- changed using `fuse_loop_cfg_set_*()` functions.
- fuse_session_loop_mt()* now accepts `struct fuse_loop_config *` as NULL pointer.
- fuse_parse_cmdline()* now accepts a *max_threads* option.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.9.12p1 to 1.9.12p2
- Update of rootfile not required
- Changelog
1.9.12p2
Fixed a compilation error on Linux/aarch64. GitHub issue #197.
Fixed a potential crash introduced in the fix GitHub issue #134. If a user’s
sudoers entry did not have any RunAs user’s set, running sudo -U otheruser -l
would dereference a NULL pointer.
Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a
I/O files when the iolog_file sudoers setting contains six or more Xs.
Fixed a compilation issue on AIX with the native compiler. GitHub issue #231.
Fixed CVE-2023-22809, a flaw in sudo’s -e option (aka sudoedit) that could
allow a malicious user with sudoedit privileges to edit arbitrary files. For
more information, see https://www.sudo.ws/security/advisories/sudoedit_any
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update pci.ids from version 2022.12.04 to 2023.01.18
- Update usb.ids from version 2022.12.09 to 2023.01.16
- Update of rootfile not required
- Update of LFS not required
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://midnight-commander.org/wiki/NEWS-4.8.29
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.29
Summary:
"Major changes since 4.8.28
Core
Add more options for panel filter (#1373):
"Files only" (#4209)
"Case sensitive" (#4334)
"Using shell patterns"
Continue copy after interrupt (#4409)
Restore menu accelerator for "Sort order": back to "S"; change menu
accelerator for "SFTP link" to "N" (#4373)
Add support for cross-compilation with PERL path different between
--build and --host (#4399)
Bootstrap with autotools providing direct support for Apple M1
Port mc.ext to INI format and rename to mc.ext.ini (#4141, #3742,
#3191)
Implement compound (AND) conditions (Type/Shell? and Type/Regex?
pairs) to disambiguate overloaded extensions
There is no fallback to previous mc.ext format
VFS
Editor
Change location of all user's syntax related stuff to
~/.local/share/mc/syntax/ directory (#4413)
syntax/Syntax: document location of syntax files (#4320)
Improvements of syntax highlighting:
YAML: improve multiline blocks highliting (#4059)
New syntax highlighting:
Privoxy (https://www.privoxy.org) actions files (#4384)
TOML (Tom's Obvious Minimal Language) (#4412)
Viewer
Diff viewer
Misc
Code cleanup (#4357, #4397, #4425)
sqlite3 view: use 'immutable=1' URI parameter to prevent leaving
wal/shm files after viewing sqlite database (#4369) Support of contour
terminal emulator (https://github.com/contour-terminal/contour)
(#4396)
mc.ext.ini: clarify regex for makefiles (#4419)
Remove empty hints translations by setting 5% threshold (#3608)
Fixes
Fail to build with only SFTP network VFS is enabled (#4420)
Crash on quick view of archives (#4398)
Wrong description of --enable-configure-args option (#4400)
Wrong version sort (#4374)
No subshell if subshell is initializing more than 1 second (#3121)
Filter keyboard shortcut only affects left panel (#4383)
File type check does not work with special character in filename
(#4377) Select files keeping the right mouse button pressed doesn't
select all files (#4381)
Cannot scroll panel listing upwards using mouse (#4119)
"Directory Compare" doesn't correct work with panelization (#3220)
Wrong decompressing of zip files in quick view panel (#4404)
mc.ext: 'include' keyword (for command class def) have no effect if it
was defined before 'Include' keyword (for command def) (#2773) mcedit:
infinite loop when deleting a macro (#4391)
mcviewer: segfault when switching from raw to parsed mode and back
(#4401) Broken handling of zip archives (#4368)
FISH subshell: commands don't work after window resize (#4372)
FTP VFS: doesn't reconnect to server after timeout (#3670)
FISH VFS: cannot remove non-empty directory (#4364)
EXTFS VFS: segfault if archive contains file(s) in the parent directory
(#4422, #4427) Tests: variable redeclaration in filevercmp_test5
(#4358)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.26.0 to 2.26.2
- Update of rootfile
- Changelog
2.26.2 Latest
This is a stable bugfix release, with the following changes:
Fixed long delay at startup when a Razer keyboard is connected
Fixed not receiving SDLK_5 or SDL_SCANCODE_5 when using the AZERTY keyboard
layout on Linux
2.26.1
This is a stable bugfix release, with the following changes:
Improved audio resampling quality
Fixed crash if SDL_GetPointDisplayIndex() or SDL_GetRectDisplayIndex() are
called before SDL_VideoInit()
Fixed building with older Xcode and macOS SDK
Fixed building when not using shared Wayland libraries
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
