For details for 9.16.36 and 9.16.37 see:
https://downloads.isc.org/isc/bind9/9.16.37/doc/arm/html/notes.html#notes-for-bind-9-16-37
"Notes for BIND 9.16.37
Security Fixes
An UPDATE message flood could cause named to exhaust all available
memory. This flaw was addressed by adding a new update-quota option
that controls the maximum number of outstanding DNS UPDATE messages
that named can hold in a queue at any given time (default: 100).
(CVE-2022-3094)
ISC would like to thank Rob Schulhof from Infoblox for bringing this
vulnerability to our attention. [GL #3523]
named could crash with an assertion failure when an RRSIG query was
received and stale-answer-client-timeout was set to a non-zero value.
This has been fixed. (CVE-2022-3736)
ISC would like to thank Borja Marcos from Sarenet (with assistance by
Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to
our attention. [GL #3622]
named running as a resolver with the stale-answer-client-timeout option
set to any value greater than 0 could crash with an assertion failure,
when the recursive-clients soft quota was reached. This has been fixed.
(CVE-2022-3924)
ISC would like to thank Maksym Odinintsev from AWS for bringing this
vulnerability to our attention. [GL #3619]
New Features
The new update-quota option can be used to control the number of
simultaneous DNS UPDATE messages that can be processed to update an
authoritative zone on a primary server, or forwarded to the primary
server by a secondary server. The default is 100. A new statistics
counter has also been added to record events when this quota is
exceeded, and the version numbers for the XML and JSON statistics
schemas have been updated. [GL #3523]
Feature Changes
The Differentiated Services Code Point (DSCP) feature in BIND has been
deprecated. Configuring DSCP values in named.conf now causes a warning
to be logged. Note that this feature has only been partly operational
since the new Network Manager was introduced in BIND 9.16.0. [GL #3773]
The catalog zone implementation has been optimized to work with
hundreds of thousands of member zones. [GL #3744]
Bug Fixes
In certain query resolution scenarios (e.g. when following CNAME
records), named configured to answer from stale cache could return a
SERVFAIL response despite a usable, non-stale answer being present in
the cache. This has been fixed. [GL #3678]
...
Notes for BIND 9.16.36
Feature Changes
The auto-dnssec option has been deprecated and will be removed in a
future BIND 9.19.x release. Please migrate to dnssec-policy. [GL #3667]
Bug Fixes
When a catalog zone was removed from the configuration, in some cases a
dangling pointer could cause the named process to crash. This has been
fixed. [GL #3683]
When a zone was deleted from a server, a key management object related
to that zone was inadvertently kept in memory and only released upon
shutdown. This could lead to constantly increasing memory use on
servers with a high rate of changes affecting the set of zones being
served. This has been fixed. [GL #3727]
In certain cases, named waited for the resolution of outstanding
recursive queries to finish before shutting down. This was unintended
and has been fixed. [GL #3183]
The zone <name>/<class>: final reference detached log message was moved
from the INFO log level to the DEBUG(1) log level to prevent the
named-checkzone tool from superfluously logging this message in
non-debug mode. [GL #3707]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from version 2.4.6 (Feb 2015) to 2.4.7 (Mar 2022)
- Update of rootfile
- The shebang in the libtoolize script has changed from ! /bin/sh to ! /usr/bin/env sh
because apparently the previous version presented challenges for containerised
environments. For IPFire build it meant that using libtoolize in the build of libxcrypt
failed because it could not deal with the changed shebang.
- Patch created to change the shebang for libtoolize.in back to the version in 2.4.6 and
earlier.
- The change of libtoolize.in then caused the libtool build to try and rebuild the man
page for it but this fails as help2man is required for this. There is no option in the
configure to not build the docs so hence there is an associated patch with this one
that build help2man but the rootfile is completely commented out as it is only
required for the build
- Added --disable-static to the configure options
- Changelog
Noteworthy changes in release 2.4.7 (2022-03-16) [stable]
New features:
- Libtool script now supports (configure-time and runtime) ARFLAGS
variable, which obsoletes AR_FLAGS. This is due to naming conventions
among other *FLAGS and to be consistent with Automake's ARFLAGS.
- Gnulib testsuite is enabled and run during 'make check'.
- Support the Windows version of the Intel C Compiler (icl) in
libtool script.
- Pass '-fsanitize=*' flags for GCC and LLVM, and '-specs=*' for GCC
to linker.
- Pass '-Xassembler=*' and '-Wa,*' flag to compilers and linkers.
- The variable 'FILECMD' with default value of '/usr/bin/file' was used to
replace existing hard coded references to '/usr/bin/file'.
- Add MidnightBSD support.
Important incompatible changes:
- Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'.
- Do not pass '-pthread' to Solaris linker.
- 'libtool' and 'libtoolize' scripts now use '#! /usr/bin/env sh' shebang.
Previously '#! /bin/sh' was used, which presents challenges for
containerized environments.
Bug fixes:
- Fix significant slowdown of libtoolize for certain projects (regression
introduced in 2.4.3 release) caused by infinite m4 macro recursion.
- Mitigate the slowdown of libtool script (introduced in v2.4.3) caused by
increased number of calls to '$SED $sed_quote_subst' (bug#20006).
- Properly parse and export TLS symbols on AIX.
- Various bug fixes surrounding use of 'sed'.
- Darwin systems set proper "allow undefined" flag on OSX 11, and
PowerPC 10.5.
- Removed some deprecated tests related to 'Makefile.inc' files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
[Please note: This 'clamav' version needs rust >1.56]
For details see:
https://blog.clamav.net/2022/11/clamav-100-lts-released.html
Excerpt:
"Major changes
Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password. Use of
the default password will now appear in the metadata JSON.
Overhauled the implementation of the all-match feature. The newer code is more reliable and easier to
maintain.
This project fixed several known issues with signature detection in all- match mode:
Enabled embedded file-type recognition signatures to match when a malware signature also matched in
a scan of the same layer.
Enabled bytecode signatures to run in all-match mode after a match has occurred.
Fixed an assortment of all-match edge case issues.
Added multiple test cases to verify correct all-match behavior.
Added a new callback to the public API for inspecting file content during a scan at each layer of archive
extraction.
The new callback function type is clcb_file_inspection defined in clamav.h.
The function cl_engine_set_clcb_file_inspection() may be used to enable the callback prior to performing
a scan.
This new callback is to be considered unstable for the 1.0 release. We may alter this function in a
subsequent feature version.
Added a new function to the public API for unpacking CVD signature archives.
The new function is cl_cvdunpack(). The last parameter for the function may be set to verify if a CVD's
signature is valid before unpacking the CVD content to the destination directory.
The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default
build options for TomsFastMath to support bigger floating point numbers. Without this change, database and
Windows EXE/DLL authenticode certificate validation may fail. The ENABLE_EXTERNAL_TOMSFASTMATH build is now
ignored.
Moved the Dockerfile and supporting scripts from the main ClamAV repository over to a new
repository: https://github.com/Cisco-Talos/clamav-docker
The separate repository will make it easier to update the images and fix issues with images for released
ClamAV versions.
Any users building the ClamAV Docker image rather than pulling them from Docker Hub will have to get the
latest Docker files from the new location.
Increased the SONAME major version for libclamav because of ABI changes between the 0.103 LTS release and
the 1.0 LTS release.
Other improvements
Add checks to limit PDF object extraction recursion.
Increased the limit for memory allocations based on untrusted input and altered the warning message when the
limit is exceeded so that it is more helpful and less dramatic.
Dramatically improved the build time of libclamav-Rust unit tests. The unit test build is included in the
time limit for the test itself and was timing out on slower systems. The ClamAV Rust code modules now share
the same build directory, which also reduces the amount of disk space used for the build.
For Windows: The debugging symbol (PDB) files are now installed alongside the DLL and LIB library files when
built in "RelWithDebInfo" or "Debug" mode.
Relaxed the constraints on the check for overlapping ZIP file entries so as not to alert on slightly
malformed, but non-malicious, Java (JAR) archives.
Increased the time limit in FreshClam before warning if the DNS entry is stale. In combination with changes
to update the DNS entry more frequently, this should prevent false alarms of failures in the database
publication system.
Docker: The C library header files are now included in the Docker image. Patch courtesy of GitHub user
TerminalFi.
Show the BYTECODE_RUNTIME build options when using the ccmake GUI for CMake. Patch courtesy of
Дилян Палаузов.
Added explicit minimum and maximum supported LLVM versions so that the build will fail if you try to build
with a version that is too old or too new and will print a helpful message rather than simply failing to
compile because of compatibility issues. Patch courtesy of Matt Jolly.
Fixed compiler warnings that may turn into errors in Clang 16. Patch courtesy of Michael Orlitzky.
Allow building with a custom RPATH so that the executables may be moved after build in a development
environment to a final installation directory.
Bug fixes
Assorted code quality fixes. These are not security issues and will not be backported to prior feature
versions:
Several heap buffer overflows while loading PDB and WDB databases were found by OSS-Fuzz and by Michal
Dardas.
oss-fuzz 43843: heap buffer overflow read (1) cli_sigopts_handler
oss-fuzz 44849: heap buffer overflow read (4) in HTML/js-norm
oss-fuzz 43816: heap buffer overflow read (8) in cli_bcomp_freemeta
oss-fuzz 43832: heap buffer overflow read (2) in cli_parse_add
oss-fuzz 44493: integer overflow in cli_scannulsft
CIFuzz leak detected in IDB parser
oss-fuzz assorted signature parser leaks
oss-fuzz 40601: leak detected in pdf_parseobj
Fixed a build failure when using LIBCLAMAV_ONLY mode with tests enabled.
Fixed an issue verifying EXE/DLL authenticode signatures to determine a given file can be trusted (skipped).
Fixed a caching bug relating to the Container and Intermediates logical signature condition.
Fixed a build issue when build with RAR disabled or when building with an external libmspack library rather
than the bundled library.
Fixed the capitalization of the -W option for clamonacc in the clamonacc manpage. Patch courtesy of GitHub
user monkz.
macOS: Fixed an issue with memory-map (mmap) system call detection affecting versions 0.105 and 0.104.
Memory maps may be used in ClamAV to improve signature load performance and scan performance, as well as RAM
usage.
Fixed a performance issue with Rust code when the build type is not explicitly set to "Release" or
"RelWithDebInfo". The Rust default build type is now "RelWithDebInfo" just like the C code, instead of
Debug. This means it is now optimized by default.
Fixed an issue loading Yara rules containing regex strings with an escaped forward-slash (\/) followed by a
colon (:).
Fixed an issue detecting and scanning ZIP file entries appended to very small files. The fix is part of the
all-match feature overhaul.
Fixed a detection issue with EXE/DLL import-address-table hash signatures that specify a wildcard (*) for
the size field. The fix is part of the all-match feature overhaul.
Fixed the default bytecode timeout value listed in the manpages and in the sample config files. Patches
courtesy of Liam Jarvis and Ben Bodenmiller.
Fixed an issue building the libclamav_rust test program when running ctest if building
with BYTECODE_RUNTIME=llvm and when the FindLLVM.cmake module is used to find the LLVM libraries. Patch
courtesy of GitHub user teoberi.
Fixed an issue where scans sent to clamd with the all-match mode enabled caused all subsequent scans to also
use all-match mode.
Fixed bug when starting clamonacc with the --log=FILE option that created randomly named files in the
current directory.
Other assorted bug fixes."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1650-2022-11-03
I started updating rust to 1.65 mainly because 'clamav 0.105.1-3' and the
shortly thereafter released version 'clamav 1.0.0' need at least 'rust 1.56':
"Building ClamAV requires, at a minimum, Rust compiler version 1.56, as it
relies on features introduced in the Rust 2021 Edition."
At this point we were still on 'nightly 2022-01-27'. Ok then...
But it was a bit more tricky than I thought, because this update wouldn't build without
patching most of the existing rust-crate-lfs files in a way I didn't expect.
Please note the patch series following this update...
Nevertheless, the update to 1.65 and ALL testbuilds completed without any errors.
Unfortunately, I can only provide the rootfile for x86_64 - I don't have the appropriate hardware
for anything else.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Existing iotop is version 0.6 from 2013. In that original repository there have been 42
commits since then up to 2022-03-07 but without any version release.
- In 2020 a new repository was started, based on the original iotop but converted to only
C code with no python. This is being updated on a regular basis with version releases.
This version was released in July 10th 2022. There have been n21 releases since this
repository was started.
- Built and tested this version of iotop and it gave a screen with very similar look to
the original version. The new version has the ability to scroll all the entries whereas
the original one required the window to be made larger to show more entries.
- The new version also has a column showing a graphical view of the amount of traffic as
well as the actual numbers.
- Overall this looks to match what vthe original iotop did, plus with a few extras and is
being regularly maintained with new releases.
- Updated rootfile
- This version of iotop is automatically placed in /usr/sbin as the original used to be.
- New repository is at https://github.com/Tomas-M/iotop
- Changelog can be seen at the above repository. It is too large to include here with
21 version updates.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.2.5.1 to 1.2.8
- Update of rootfile
- Changelog for alsa-lib and alsa-utils is too long to include here.
Details can be found by looking at the individual web site pages for each change
version from 1.2.5.1 to 1.2.8 at https://www.alsa-project.org/wiki/Main_Page_News
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 7.0.0.11 to 7.0.4
- Update of rootfile
- Changelog
updated language flags, catch abortcompile throw in non-ragel progs
7.0.3
This version of colm includes a critical fix for big-endian system. Fixes#61.
expect colm version 0.14.6 and version bump ragel to 7.0.3
7.0.2
Latest colm includes bugfixes for refcounting, which fixes a ragel issue with includes #58.
expect colm 0.14.5 and version bump to 7.0.2
7.0.1
removed accidental commit of ragel/.exrc
7.0.0.12
implemented NfaClear in asm codegen
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.13.0.6 to 0.14.7
- Update of rootfile
- patch from colm commit fc61ecb required to fix bug of make looking for static and
dynamic libs even if one of them was disabled
- Changelog is not available in source tarball or on website etc. Changes have to be
reviewed by the commits https://github.com/adrian-thurston/colm/commits/0.14.7
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 21.3 to 23.0
- Update of rootfile
- Changelog
23.0
What's Changed
Remove unused LPAREN token from tokenizer by @hrnciar in #630
Reorganise the project layout and version management by @pradyunsg in #626
Correctly handle non-normalised specifiers in requirements by @pradyunsg in #634
Use stable Python 3.11 in tests by @153957 in #641
Fix typing for specifiers.BaseSpecifier.filter() by @henryiii in #643
Correctly handle trailing whitespace on URL requirements by @pradyunsg in #642
refactor _generic_api to use EXT_SUFFIX by @mattip in #607
Allow "extra" to be None in the marker environment by @pradyunsg in #650
Fix typos by @kianmeng in #648
Update changelog for release by @pradyunsg in #656
22.0
What's Changed
Fix compatible version specifier incorrectly strip trailing '0' by @kasium in #493
Remove support for Python 3.6 by @abravalheri in #500
Use concurrency limit in ci by @blink1073 in #510
Fix issue link in changelog. by @bdice in #509
chore: test with PyPy 3.8 & 3.9 by @mayeut in #512
Accept locally installed prereleases by @q0w in #515
Always run GHA workflows when they change by @mayeut in #516
Add __hash__/__eq__ to requirements by @abravalheri in #499
Upgrade to setup-python v3 and use caching for GHA by @brettcannon in #521
allow pre-release versions in marker evaluation by @graingert in #523
Error out from workflow on missing interpreter by @mayeut in #525
chore: update pre-commit config to the latest repos' versions by @mayeut in #534
chore: remove Windows PyPy 3.9 workaround on GHA by @mayeut in #533
Use pipx to run nox / build in GHA workflows by @mayeut in #517
Run tests with all PyPy versions locally by @mayeut in #535
Adhere to PEP 685 when evaluating markers with extras by @hroncok in #545
chore: update mypy and move to toml by @henryiii in #547
Normalize extra comparison in markers for output by @brettcannon in #549
Evaluate markers under environment with empty "extra" by @MrMino in #550
Do not set extra in default_environment() by @sbidoul in #554
Update extlinks strings to use a format string by @mayeut in #555
Update CI test workflow to use setup-python@v4 by @mayeut in #556
CI: Update actions/* to their latest major versions by @mayeut in #557
Fix a spelling mistake by @venthur in #558
fix: macOS platform tags with old macOS SDK by @mayeut in #513
Correctly parse ELF for musllinux on Big Endian by @uranusjr in #538
A metadata module with a data class for core metadata by @brettcannon in #518
Document utils.NormalizedName by @brettcannon in #565
Drop LegacySpecifier and LegacyVersion by @pradyunsg in #407
Move metadata, versions and specifiers API documentation to sphinx.ext.autodoc by @pradyunsg in #572
Demonstrate behaviour of SpecifierSet.__iter__ by @hauntsaninja in #575
Handwritten parser for parsing requirements by @hrnciar in #484
Add changelog entry for removal of pyparsing dependency by @hroncok in #581
Use Iterator instead of Iterable for specifier filter methods by @ichard26 in #584
Better output on linter failure by @henryiii in #478
Add a "cpNNN-none-any" tag by @joonis in #541
Document exceptions raised by functions in utils by @MrMino in #544
Refactor ELF parsing logic to standlone class by @uranusjr in #553
Forbid prefix version matching on pre-release/post-release segments by @mayeut in #563
Update coverage to >=5.0.0 by @mayeut in #586
Normalize specifier version for prefix matching by @mayeut in #561
Add python 3.11 by @mayeut in #587
Fix prefix version matching by @mayeut in #564
Remove duplicate namedtuple by @layday in #589
Update changelog by @pradyunsg in #595
Change email-related fields in Metadata to str by @brettcannon in #596
Add versionchanged for 21.3 by @brettcannon in #599
refactor: use flit as a backend by @henryiii in #546
Remove packaging.metadata by @pradyunsg in #603
Refactor nox requirements to use requirements files (#601) by @strokirk in #609
Improve Requirement/Marker parser with context-sensitive tokenisation by @pradyunsg in #624
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.2.0 to 1.2.3
- Update of rootfile
- This update works with python3-msgpack-1.0.4 and fixes bug 13032
- To make it work then the borgbackup-1.2.3-py3.10.egg-info directory must be the only
egg-info directory for borgbackup otherwise version 1.2.3 will end up with an error.
Versions 1.2.2 and earlier workled without any problem if there was an earlier egg-info
directory for a different version number. The borgbackup rootfile had the egg-info
directory commented out so an uninstall cleared the directory but did not remove it.
This patch has the egg-info directory in the rootfile uncommented and so an uninstall
removes the directory.
- borgbackup paks files created so that the uninstall.sh file will remove any egg-info
directory that starts with "borgbackup-1." as the first ever borgbackup was 1.0.12
When the old 1.2.0 or earlier borgbackup is uninstalled it will use the old default
paks uninstall.sh file and rootfile which will leave the old egg-info directory in
place. When version 1.2.3 is installed it will use the new install.sh script which
will remove any existing egg-info directories present still.
- Changelog
Version 1.2.3 (2022-12-24)
Upgrade notes:
Some things can be recommended for the upgrade process from borg 1.1.x (please also read the important compatibility notes below):
do you already want to upgrade? 1.1.x also will get fixes for a while.
be careful, first upgrade your less critical / smaller repos.
first upgrade to a recent 1.1.x release - especially if you run some older 1.1.* or even 1.0.* borg release.
using that, run at least one borg create (your normal backup), prune and especially a check to see everything is in a good state.
check the output of borg check - if there is anything special, consider a borg check --repair followed by another borg check.
if everything is fine so far (borg check reports no issues), you can consider upgrading to 1.2.x. if not, please first fix any already existing issue.
if you want to play safer, first create a backup of your borg repository.
upgrade to latest borg 1.2.x release (you could use the fat binary from github releases page)
run borg compact --cleanup-commits to clean up a ton of 17 bytes long files in your repo caused by a borg 1.1 bug
run borg check again (now with borg 1.2.x) and check if there is anything special.
run borg info (with borg 1.2.x) to build the local pre12-meta cache (can take significant time, but after that it will be fast) - for more details see below.
check the compatibility notes (see below) and adapt your scripts, if needed.
if you run into any issues, please check the github issue tracker before posting new issues there or elsewhere.
If you follow this procedure, you can help avoiding that we get a lot of “borg 1.2” issue reports that are not really 1.2 issues, but existed before and maybe just were not noticed.
Compatibility notes:
matching of path patterns has been aligned with borg storing relative paths. Borg archives file paths without leading slashes. Previously, include/exclude patterns could contain leading slashes. You should check your patterns and remove leading slashes.
dropped support / testing for older Pythons, minimum requirement is 3.8. In case your OS does not provide Python >= 3.8, consider using our binary, which does not need an external Python interpreter. Or continue using borg 1.1.x, which is still supported.
freeing repository space only happens when “borg compact” is invoked.
mount: the default for --numeric-ids is False now (same as borg extract)
borg create --noatime is deprecated. Not storing atime is the default behaviour now (use --atime if you want to store the atime).
--prefix is deprecated, use -a / --glob-archives, see #6806
list: corrected mix-up of “isomtime” and “mtime” formats. Previously, “isomtime” was the default but produced a verbose human format, while “mtime” produced a ISO-8601-like format. The behaviours have been swapped (so “mtime” is human, “isomtime” is ISO-like), and the default is now “mtime”. “isomtime” is now a real ISO-8601 format (“T” between date and time, not a space).
create/recreate --list: file status for all files used to get announced AFTER the file (with borg < 1.2). Now, file status is announced BEFORE the file contents are processed. If the file status changes later (e.g. due to an error or a content change), the updated/final file status will be printed again.
removed deprecated-since-long stuff (deprecated since):
command “borg change-passphrase” (2017-02), use “borg key …”
option “--keep-tag-files” (2017-01), use “--keep-exclude-tags”
option “--list-format” (2017-10), use “--format”
option “--ignore-inode” (2017-09), use “--files-cache” w/o “inode”
option “--no-files-cache” (2017-09), use “--files-cache=disabled”
removed BORG_HOSTNAME_IS_UNIQUE env var. to use borg you must implement one of these 2 scenarios:
the combination of FQDN and result of uuid.getnode() must be unique and stable (this should be the case for almost everybody, except when having duplicate FQDN and MAC address or all-zero MAC address)
if you are aware that 1) is not the case for you, you must set BORG_HOST_ID env var to something unique.
exit with 128 + signal number, #5161. if you have scripts expecting rc == 2 for a signal exit, you need to update them to check for >= 128.
Fixes:
create: fix --list --dry-run output for directories, #7209
diff/recreate: normalize chunker params before comparing them, #7079
check: fix uninitialised variable if repo is completely empty, #7034
xattrs: improve error handling, #6988
fix args.paths related argparsing, #6994
archive.save(): always use metadata from stats (e.g. nfiles, size, …), #7072
tar_filter: recognize .tar.zst as zstd, #7093
get_chunker: fix missing sparse=False argument, #7056
file_integrity.py: make sure file_fd is always closed on exit
repository: cleanup(): close segment before unlinking
repository: use os.replace instead of os.rename
Other changes:
remove python < 3.7 compatibility code
do not use version_tuple placeholder in setuptools_scm template
CI: fix tox4 passenv issue, #7199
vagrant: update to python 3.9.16, use the openbsd 7.1 box
misc. test suite and docs fixes / improvements
remove deprecated --prefix from docs, #7109
Windows: use MSYS2 for Github CI, remove Appveyor CI
Version 1.2.2 (2022-08-20)
New features:
prune/delete --checkpoint-interval=1800 and ctrl-c/SIGINT support, #6284
Fixes:
SaveFile: use a custom mkstemp with mode support, #6933, #6400, #6786. This fixes umask/mode/ACL issues (and also “chmod not supported” exceptions seen in 1.2.1) of files updated using SaveFile, e.g. the repo config.
hashindex_compact: fix eval order (check idx before use), #5899
create --paths-from-(stdin|command): normalize paths, #6778
secure_erase: avoid collateral damage, #6768. If a hardlink copy of a repo was made and a new repo config shall be saved, do NOT fill in random garbage before deleting the previous repo config, because that would damage the hardlink copy.
list: fix {flags:<WIDTH>} formatting, #6081
check: try harder to create the key, #5719
misc commands: ctrl-c must not kill other subprocesses, #6912
borg create with a remote repo via ssh
borg create --content-from-command
borg create --paths-from-command
(de)compression filter process of import-tar / export-tar
Other changes:
deprecate --prefix, use -a / --glob-archives, see #6806
make setuptools happy (“package would be ignored”), #6874
fix pyproject.toml to create a fixed _version.py file, compatible with both old and new setuptools_scm version, #6875
automate asciinema screencasts
CI: test on macOS 12 without fuse / fuse tests (too troublesome on github CI due to kernel extensions needed by macFUSE)
tests: fix test_obfuscate byte accounting
repository: add debug logging for issue #6687
_chunker.c: fix warnings on macOS
requirements.lock.txt: use the latest cython 0.29.32
docs:
add info on man page installation, #6894
update archive_progress json description about “finished”, #6570
json progress_percent: some values are optional, #4074
FAQ: full quota / full disk, #5960
correct shell syntax for installation using git
Version 1.2.1 (2022-06-06)
Fixes:
create: skip with warning if opening the parent dir of recursion root fails, #6374
create: fix crash. metadata stream can produce all-zero chunks, #6587
fix crash when computing stats, escape % chars in archive name, #6500
fix transaction rollback: use files cache filename as found in txn.active/, #6353
import-tar: kill filter process in case of borg exceptions, #6401#6681
import-tar: fix mtime type bug
ensure_dir: respect umask for created directory modes, #6400
SaveFile: respect umask for final file mode, #6400
check archive: improve error handling for corrupt archive metadata block, make robust_iterator more robust, #4777
pre12-meta cache: do not use the cache if want_unique is True, #6612
fix scp-style repo url parsing for ip v6 address, #6526
mount -o versions: give clear error msg instead of crashing. it does not make sense to request versions view if you only look at 1 archive, but the code shall not crash in that case as it did, but give a clear error msg.
show_progress: add finished=true/false to archive_progress json, #6570
delete/prune: fix --iec mode output (decimal vs. binary units), #6606
info: fix authenticated mode repo to show “Encrypted: No”, #6462
diff: support presence change for blkdev, chrdev and fifo items, #6615
New features:
delete: add repository id and location to prompt, #6453
borg debug dump-repo-objs --ghost: new --segment=S --offset=O options
Other changes:
support python 3.11
allow msgpack 1.0.4, #6716
load_key: no key is same as empty key, #6441
give a more helpful error msg for unsupported key formats, #6561
better error msg for defect or unsupported repo configs, #6566
docs:
document borg 1.2 pattern matching behavior change, #6407 Make clear that absolute paths always go into the matcher as if they are relative (without leading slash). Adapt all examples accordingly.
authentication primitives: improved security and performance infos
mention BORG_FILES_CACHE_SUFFIX as alternative to BORG_FILES_CACHE_TTL, #5602
FAQ: add a hint about --debug-topic=files_cache
improve borg check --max-duration description
fix values of TAG bytes, #6515
borg compact --cleanup-commits also runs a normal compaction, #6324
virtualization speed tips
recommend umask for passphrase file perms
borg 1.2 is security supported
update link to ubuntu packages, #6485
use --numeric-ids in pull mode docs
remove blake2 docs, blake2 code not bundled any more, #6371
clarify on-disk order and size of segment file log entry fields, #6357
docs building: do not transform --/--- to unicode dashes
tests:
check that borg does not require pytest for normal usage, fixes#6563
fix OpenBSD symlink mode test failure, #2055
vagrant:
darwin64: remove fakeroot, #6314
update development.lock.txt
use pyinstaller 4.10 and python 3.9.13 for binary build
upgrade VMCPUS and xdistn from 4 to 16, maybe this speeds up the tests
crypto:
use hmac.compare_digest instead of ==, #6470
hmac_sha256: replace own cython wrapper code by hmac.digest python stdlib (since py38)
hmac and blake2b minor optimizations and cleanups
removed some unused crypto related code, #6472
avoid losing the key (potential use-after-free). this never could happen in 1.2 due to the way we use the code. The issue was discovered in master after other changes, so we also “fixed” it here before it bites us.
setup / build:
add pyproject.toml, fix sys.path, #6466
setuptools_scm: also require it via pyproject.toml
allow extra compiler flags for every extension build
fix misc. C / Cython compiler warnings, deprecation warnings
fix zstd.h include for bundled zstd, #6369
source using python 3.8 features: pyupgrade --py38-plus ./**/*.py
Fixes: Bug #13032
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.11.0 to 3.13.0
- Update of rootfile
- Changelog
libfuse 3.13.0 (2023-01-13)
- There is a new low-level API function `fuse_session_custom_io` that allows to implement
a daemon with a custom io. This can be used to create a daemon that can process incoming
FUSE requests to other destinations than `/dev/fuse`.
- A segfault when loading custom FUSE modules has been fixed.
- There is a new `fuse_notify_expire_entry` function.
- A deadlock when resolving paths in the high-level API has been fixed.
- libfuse can now be build explicitly for C libraries without symbol versioning support.
libfuse 3.12.0 (2022-09-08)
- There is a new build parameter to specify where the SysV init script should be
installed.
- The *max_idle_threads* parameter has been deprecated in favor of the new max_threads*
parameter (which avoids the excessive overhead of creating and destructing threads).
Using max_threads == 1 and calling fuse_session_loop_mt() will run single threaded
similar to fuse_session_loop().
The following changes apply when using the most recent API (-DFUSE_USE_VERSION=312,
see `example/passthrough_hp.cc` for an example for how to usse the new API):
- `struct fuse_loop_config` is now private and has to be constructed using
- fuse_loop_cfg_create()* and detroyed with *fuse_loop_cfg_destroy()*. Parameters can be
- changed using `fuse_loop_cfg_set_*()` functions.
- fuse_session_loop_mt()* now accepts `struct fuse_loop_config *` as NULL pointer.
- fuse_parse_cmdline()* now accepts a *max_threads* option.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://midnight-commander.org/wiki/NEWS-4.8.29
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.29
Summary:
"Major changes since 4.8.28
Core
Add more options for panel filter (#1373):
"Files only" (#4209)
"Case sensitive" (#4334)
"Using shell patterns"
Continue copy after interrupt (#4409)
Restore menu accelerator for "Sort order": back to "S"; change menu
accelerator for "SFTP link" to "N" (#4373)
Add support for cross-compilation with PERL path different between
--build and --host (#4399)
Bootstrap with autotools providing direct support for Apple M1
Port mc.ext to INI format and rename to mc.ext.ini (#4141, #3742,
#3191)
Implement compound (AND) conditions (Type/Shell? and Type/Regex?
pairs) to disambiguate overloaded extensions
There is no fallback to previous mc.ext format
VFS
Editor
Change location of all user's syntax related stuff to
~/.local/share/mc/syntax/ directory (#4413)
syntax/Syntax: document location of syntax files (#4320)
Improvements of syntax highlighting:
YAML: improve multiline blocks highliting (#4059)
New syntax highlighting:
Privoxy (https://www.privoxy.org) actions files (#4384)
TOML (Tom's Obvious Minimal Language) (#4412)
Viewer
Diff viewer
Misc
Code cleanup (#4357, #4397, #4425)
sqlite3 view: use 'immutable=1' URI parameter to prevent leaving
wal/shm files after viewing sqlite database (#4369) Support of contour
terminal emulator (https://github.com/contour-terminal/contour)
(#4396)
mc.ext.ini: clarify regex for makefiles (#4419)
Remove empty hints translations by setting 5% threshold (#3608)
Fixes
Fail to build with only SFTP network VFS is enabled (#4420)
Crash on quick view of archives (#4398)
Wrong description of --enable-configure-args option (#4400)
Wrong version sort (#4374)
No subshell if subshell is initializing more than 1 second (#3121)
Filter keyboard shortcut only affects left panel (#4383)
File type check does not work with special character in filename
(#4377) Select files keeping the right mouse button pressed doesn't
select all files (#4381)
Cannot scroll panel listing upwards using mouse (#4119)
"Directory Compare" doesn't correct work with panelization (#3220)
Wrong decompressing of zip files in quick view panel (#4404)
mc.ext: 'include' keyword (for command class def) have no effect if it
was defined before 'Include' keyword (for command def) (#2773) mcedit:
infinite loop when deleting a macro (#4391)
mcviewer: segfault when switching from raw to parsed mode and back
(#4401) Broken handling of zip archives (#4368)
FISH subshell: commands don't work after window resize (#4372)
FTP VFS: doesn't reconnect to server after timeout (#3670)
FISH VFS: cannot remove non-empty directory (#4364)
EXTFS VFS: segfault if archive contains file(s) in the parent directory
(#4422, #4427) Tests: variable redeclaration in filevercmp_test5
(#4358)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.26.0 to 2.26.2
- Update of rootfile
- Changelog
2.26.2 Latest
This is a stable bugfix release, with the following changes:
Fixed long delay at startup when a Razer keyboard is connected
Fixed not receiving SDLK_5 or SDL_SCANCODE_5 when using the AZERTY keyboard
layout on Linux
2.26.1
This is a stable bugfix release, with the following changes:
Improved audio resampling quality
Fixed crash if SDL_GetPointDisplayIndex() or SDL_GetRectDisplayIndex() are
called before SDL_VideoInit()
Fixed building with older Xcode and macOS SDK
Fixed building when not using shared Wayland libraries
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
The firewall engine generated rules that did not have any traffic
selectors due to an improperly initialized variable in the source.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.8.8 to 1.8.9
- Update of rootfile
- Changelog
xtables-monitor: add missing spaces in printed str
build: Fix error during out of tree build
iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode
iptables.8: mention that iptables exits when setuid
extensions: libxt_conntrack: remove always-false conditionals
nft: fix ebtables among match when mac+ip addresses are used
nft: support dissection of meta pkktype mode
nft: prefer native 'meta pkttype' instead of xt match
extensions: libxt_pkttype: support otherhost
nft: support ttl/hoplimit dissection
nft: prefer payload to ttl/hl module
nft: un-break among match with concatenation
Revert "nft: prefer payload to ttl/hl module"/'meta pkttype' match.
nft: track each register individually
tests: extend native delinearize script
nft: check for unknown meta keys
iptables-nft: exit nonzero when iptables-save cannot decode all expressions
xlate: get rid of escape_quotes
extensions: change expected output for new format
xlate-test: avoid shell entanglements
nft-bridge: work around recent "among" decode breakage
extensions: add xt_statistics random mode translation
netfilter: add nf_log.h
treewide: use uint* instead of u_int*
nft: replace nftnl_.*_nlmsg_build_hdr() by nftnl_nlmsg_build_hdr()
nft-shared: replace nftnl_expr_get_data() by nftnl_expr_get()
xshared: Fix build for -Werror=format-security
Revert "fix build for missing ETH_ALEN definition"
tests: shell: Check overhead in iptables-save and -restore
libxtables: Unexport init_extensions*() declarations
arptables: Support -x/--exact flag
iptables-legacy: Drop redundant include of xtables-multi.h
xshared: Make some functions static
Makefile: Add --enable-profiling configure option
tests: shell: Add some more rules to 0002-verbose-output_0
tests: shell: Extend iptables-xml test a bit
tests: shell: Extend zero counters test a bit further
extensions: libebt_standard.t: Test logical-{in,out} as well
ebtables-restore: Deny --init-table
extensions: string: Do not print default --to value
extensions: string: Review parse_string() function
extensions: string: Fix and enable tests
nft: Exit if nftnl_alloc_expr fails
libxtables: Move struct xtables_afinfo into xtables.h
libxtables: Define XT_OPTION_OFFSET_SCALE in xtables.h
libxtables: Fix unsupported extension warning corner case
tests: shell: Fix testcases for changed ip6tables opts output
xshared: Fix for missing space after 'prot' column
xshared: Print protocol numbers if --numeric was given
xtables-restore: Extend failure error message
nft: Expand extended error reporting to nft_cmd, too
tests: shell: Test delinearization of native nftables expressions
ebtables: Drop unused OPT_* defines
ebtables: Eliminate OPT_TABLE
ebtables: Merge OPT_* flags with xshared ones
nft-shared: Introduce __get_cmp_data()
ebtables: Support '-p Length'
ebtables: Fix among match
nft: Fix meta statement parsing
nft-bridge: Drop 'sreg_count' variable
tests: iptables-test: Simplify '-N' option a bit
tests: iptables-test: Simplify execute_cmd() calling
tests: iptables-test: Pass netns to execute_cmd()
tests: iptables-test: Test both variants by default
extensions: among: Remove pointless fall through
extensions: among: Fix for use with ebtables-restore
extensions: libebt_stp: Eliminate duplicate space in output
extensions: libip6t_dst: Fix output for empty options
extensions: TCPOPTSTRIP: Do not print empty options
extensions: libebt_log: Avoid empty log-prefix in output
tests: IDLETIMER.t: Fix syntax, support for restore input
tests: libebt_stp.t: Drop duplicate whitespace
tests: shell: Fix expected output for ip6tables dst match
tests: shell: Fix expected ebtables log target output
libiptc: Fix for segfault when renaming a chain
nft: Fix compile with -DDEBUG
extensions: NFQUEUE: Document queue-balance limitation
tests: iptables-test: Implement fast test mode
tests: iptables-test: Cover for obligatory -j CONTINUE in ebtables
tests: *.t: Fix expected output for simple calls
tests: *.t: Fix for hexadecimal output
tests: libebt_redirect.t: Plain redirect prints with trailing whitespace
tests: libxt_length.t: Fix odd use-case output
tests: libxt_recent.t: Add missing default values
tests: libxt_tos.t, libxt_TOS.t: Add missing masks in output
tests: libebt_vlan.t: Drop trailing whitespace from rules
tests: libxt_connlimit.t: Add missing default values
tests: *.t: Add missing all-one's netmasks to expected output
extensions: DNAT: Fix bad IP address error reporting
extensions: *NAT: Drop NF_NAT_RANGE_PROTO_RANDOM* flag checks
extensions: DNAT: Use __DNAT_xlate for REDIRECT, too
extensions: DNAT: Generate print, save and xlate callbacks
extensions: DNAT: Rename some symbols
extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE
tests: xlate-test: Cleanup file reading loop
tests: xlate-test.py: Introduce run_proc()
tests: xlate-test: Replay results for reverse direction testing
xshared: Share make_delete_mask() between ip{,6}tables
nft-shared: Introduce port_match_single_to_range()
extensions: libip*t_LOG: Merge extensions
extensions: libebt_ip: Include kernel header
extensions: libebt_arp, libebt_ip: Use xtables_ipparse_any()
extensions: Collate ICMP types/codes in libxt_icmp.h
extensions: Unify ICMP parser into libxt_icmp.h
Drop extra newline from xtables_error() calls
extensions: mark: Test double bitwise in a rule
extensions: libebt_mark: Fix mark target xlate
extensions: libebt_mark: Fix xlate test case
extensions: libebt_redirect: Fix xlate return code
extensions: libipt_ttl: Sanitize xlate callback
extensions: CONNMARK: Fix xlate callback
extensions: MARK: Sanitize MARK_xlate()
extensions: TCPMSS: Use xlate callback for IPv6, too
extensions: TOS: Fix v1 xlate callback
extensions: ecn: Sanitize xlate callback
extensions: tcp: Translate TCP option match
extensions: libebt_log: Add comment to clarify xlate callback
extensions: frag: Add comment to clarify xlate callback
extensions: ipcomp: Add comment to clarify xlate callback
libxtables: xt_xlate_add() to take care of spacing
extensions: Leverage xlate auto-spacing
extensions: libxt_conntrack: Drop extra whitespace in xlate
extensions: xlate: Format sets consistently
tests: shell: Test selective ebtables flushing
tests: shell: Fix valgrind mode for 0008-unprivileged_0
iptables-restore: Free handle with --test also
iptables-xml: Free allocated chain strings
nft: Plug memleak in nft_rule_zero_counters()
iptables: Plug memleaks in print_firewall()
xtables: Introduce xtables_clear_iptables_command_state()
iptables: Properly clear iptables_command_state object
xshared: Free data after printing help
libiptc: Eliminate garbage access
ebtables: Implement --check command
tests: xlate: Use --check to verify replay
nft: Fix for comparing ifname matches against nft-generated ones
nft: Fix match generator for '! -i +'
nft: Recognize INVAL/D interface name
xtables-translate: Fix for interfaces with asterisk mid-string
ebtables: Fix MAC address match translation
Makefile: Create LZMA-compressed dist-files
Drop INCOMPATIBILITIES file
Drop libiptc/linux_stddef.h
Makefile: Generate ip6tables man pages on the fly
extensions: Makefile: Merge initext targets
iptables/Makefile: Reorg variable assignments
iptables/Makefile: Split nft-variant man page list
Makefile: Fix for 'make distcheck'
Makefile: Generate .tar.xz archive with 'make dist'
include/Makefile: xtables-version.h is generated
tests: Adjust testsuite return codes to automake guidelines
Makefile.am: Integrate testsuites
nft: Parse icmp header matches
arptables: Check the mandatory ar_pln match
nft: Increase rule parser strictness
nft: Make rule parsing errors fatal
nft: Reject tcp/udp extension without proper protocol match
gitignore: Ignore utils/nfsynproxy
gitignore: Ignore generated ip6tables man pages
ebtables-translate: Install symlink
Makefile: Replace brace expansion
configure: Bump version for 1.8.9 release
tests: add ebtables among testcase
xt_sctp: support a couple of new chunk types
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 9.56.1 to 10.0.0
- Update of rootfile
- Changelog on website has following entry
From 9.55.0 onwards, in recognition of how unwieldy very large HTML files can become
(History9.html had reached 8.1Mb!), we intend to only include the summary highlights
For anyone wanting the full details of the changes in a release, we ask them to look
at the history in our public git repository: ghostpdl-10.00.0 log.
If this change does not draw negative feedback, History?.htm file(s) will be removed
from the release archives.
- History?.htm files are no longer part of the release tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 4.4.0 to 4.5.0
- Update o0f rootfile
- sobump requires shipping of core programs poppler (covered by update patch) and perl
together with addons cups-filters and spandsp (covered by PAK_VER updates in patch
series.
- Changelog is t6oo long to include here. For details see the ChangeLog file in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- This package was used by the asterisk addon which was dropped some time ago so
spandsp is no longer needed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
