- Added mpfr consolidated patches file to mpfr in gcc. mpfr is built internally for use
in the toolchain.
- Confirmed working by running./make toolchain which ran successfully
confirmed from the _build.toolchain.log file that the patches were successfully
implemented for gcc pass 1, gcc pass L and gcc pass 2
- Full toolchain build successfully completed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Lynis (rightly) complains about this directory and its contents being
world-readable on current IPFire installations. Since there is no
necessity for this, we might as well chmod them to 750 / 640.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 4.15.0.1 to 4.16.0.3
- Update of rootfile
- Changelog
v4.16.0.3 - Release date: 2022-04-21
Rebased with official coreboot repository commit 2c4b426557
See: https://github.com/pcengines/coreboot/compare/v4.16.0.2...v4.16.0.3
v4.16.0.2 - Release date: 2022-03-29
Rebased with official coreboot repository commit 66f99f7fa7
See: https://github.com/pcengines/coreboot/compare/v4.16.0.1...v4.16.0.2
v4.16.0.1 - Release date: 2022-03-08
Rebased with official coreboot repository commit b4ba289fa5
Disabled loglevel prefixes introduced in coreboot 4.16
Disabled ANSI escape sequences introduced in coreboot 4.16
Fixed AMD PSP CCP as entropy source
v4.15.0.3 - Release date: 2022-02-16
Rebased with official coreboot repository commit 36425312ee
Added checking hardware matrix before regression tests
Fixed the hard disk not visible in the Seabios Boot Menu
v4.15.0.2 - Release date: 2022-01-11
rebased with official coreboot repository commit 3990da0b
disabled SMM
enabled parallel AP initialization for apu2-6 for faster boot time
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
The strict mode, as specified in RFC 3704, section 2.2, causes packets
to be dropped by the kernel if they arrive with a source IP address that
is not expected on the interface they arrived in. This prevents internal
spoofing attacks, and is considered best practice among the industry.
After a discussion with Michael, we reached the conclusion that
permitting users to configure the operating mode of RPF in IPFire causes
more harm than good. The scenarios where strict RPF is not usable are
negligible, and the vast majority of IPFire's userbase won't even
notice a difference.
This supersedes <495b4ca2-5a4b-2ffa-8306-38f152889582@ipfire.org>.
Suggested-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
and a restore on install / update
The include file that was added in a previous commit allowed to manually
create a backup, but none was created when the addon was installed,
uninstalled or updated.
Signed-off-by: Daniel Weismueller <daniel.weismueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
- CVE-2022-26505 A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1
allows a remote web server to exfiltrate media files. CVE created on 6th March 2022
- minidlna have created the patches to fix CVE-2022-26505 and have created a git tag for
version 1.3.1 but have not provided any 1.3.1 source tarballs. A ticket was raised on
14th March 2022 in the source forge support system asking to "Please publish a tarball
for 1.3.1" but there was no reply from the developer so far.
- In the NIST National Vulnerability Database it refers to a fix implemented in 1.3.1 but
the link to the sourceforge page is only the patches applied for the fix
- I used those diff descriptions to create a patch to implement on the existing 1.3.0
version in IPFire and this patch submission applies that fix
- Incremented the lfs PAK_VER
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.34 (2006) to 5.13 (2021)
- Update of rootfile
- Changelog is too long to include here (~50000 lines)
Details for version 5.13 can be found in the file Changes in the source tarball
Details for version back to 2.34 can be found in the file Changes.old in the
source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.4.3 (2005) to 2.10.2 (2022)
- Update of rootfile
- Addition of libpipeline as a build dependency - separate patch for that.
- Changelog is too long to include here (~14000 lines)
Details back to 2013 can be found in the file ChangeLog in the source tarball
Details from 2013 back to version 2.4.3 can be found in the file ChangeLog-2013 in the
source tarball
90 bug fixes listed in ChangeLog
128 bug fixes listed in Changelog-2013 back to the version after 2.4.3
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 20220207 to 20220414
- Update of rootfile not required
- Changelog
Add new iana release 20220414
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 7.82.0 to 7.83.0
- Update of rootfile
- Changelog
7.83.0
Changes:
o curl: add %header{name} experimental support in -w handling
o curl: add %{header_json} experimental support in -w handling
o curl: add --no-clobber [28]
o curl: add --remove-on-error [11]
o header api: add curl_easy_header and curl_easy_nextheader [56]
o msh3: add support for QUIC and HTTP/3 using msh3 [84]
Bugfixes:
o appveyor: add Cygwin build [77]
o appveyor: only add MSYS2 to PATH where required [78]
o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27]
o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26]
o BINDINGS.md: add Hollywood binding [34]
o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42]
o CI: install Python package impacket to run SMB test 1451 [5]
o configure.ac: move -pthread CFLAGS setting back where it used to be [14]
o configure: bump the copyright year range int the generated output
o conncache: include the zone id in the "bundle" hashkey [112]
o connecache: remove duplicate connc->closure_handle check [90]
o connect: make Curl_getconnectinfo work with conn cache from share handle [22]
o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6]
o cookie.d: clarify when cookies are sent
o cookies: improve errorhandling for reading cookiefile [123]
o curl/system.h: update ifdef condition for MCST-LCC compiler [4]
o curl: error out if -T and -d are used for the same URL [99]
o curl: error out when options need features not present in libcurl [18]
o curl: escape '?' in generated --libcurl code [117]
o curl: fix segmentation fault for empty output file names. [60]
o curl_easy_header: fix typos in documentation [74]
o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126]
o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105]
o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79]
o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63]
o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127]
o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9]
o docs/HYPER.md: updated to reflect current hyper build needs
o docs/opts: Mention Schannel client cert type is P12 [50]
o docs: Fix missing semicolon in example code [102]
o docs: lots of minor language polish [51]
o English: use American spelling consistently [95]
o fail.d: tweak the description [101]
o firefox-db2pem.sh: make the shell script safer [47]
o ftp: fix error message for partial file upload [61]
o gen.pl: change wording for mutexed options [98]
o GHA: add openssl3 jobs moved over from zuul [88]
o GHA: build hyper with nightly rustc [7]
o GHA: move bearssl jobs over from zuul [85]
o gha: move the event-based test over from Zuul [59]
o gtls: fix build for disabled TLS-SRP [48]
o http2: handle DONE called for the paused stream [69]
o http2: RST the stream if we stop it on our own will [67]
o http: avoid auth/cookie on redirects same host diff port [110]
o http: close the stream (not connection) on time condition abort [68]
o http: reject header contents with nul bytes [41]
o http: return error on colon-less HTTP headers [31]
o http: streamclose "already downloaded" [57]
o hyper: fix status_line() return code [13]
o hyper: fix tests 580 and 581 for hyper [107]
o hyper: no h2c support [33]
o infof: consistent capitalization of warning messages [103]
o ipv4/6.d: clarify that they are about using IP addresses [3]
o json.d: fix typo (overriden -> overridden) [24]
o keepalive-time.d: It takes many probes to detect brokenness [29]
o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45]
o lib670: avoid double check result [71]
o lib: #ifdef on USE_HTTP2 better [65]
o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38]
o lib: remove exclamation marks [100]
o libssh2: compare sha256 strings case sensitively [114]
o libssh2: make the md5 comparison fail if wrong length [111]
o libssh: fix build with old libssh versions [12]
o libssh: fix double close [124]
o libssh: Improve fix for missing SSH_S_ stat macros [10]
o libssh: unstick SFTP transfers when done event-based [58]
o macos: set .plist version in autoconf [122]
o mbedtls: remove 'protocols' array from backend when ALPN is not used [66]
o mbedtls: remove server_fd from backend [91]
o mk-ca-bundle.pl: Use stricter logic to process the certificates [39]
o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8]
o mlc_config.json: add file to ignore known troublesome URLs [35]
o mqtt: better handling of TCP disconnect mid-message [55]
o ngtcp2: add client certificate authentication for OpenSSL [15]
o ngtcp2: avoid busy loop in low CWND situation [119]
o ngtcp2: deal with sub-millisecond timeout [116]
o ngtcp2: disconnect the QUIC connection proper [19]
o ngtcp2: enlarge H3_SEND_SIZE [82]
o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83]
o ngtcp2: fix memory leak [80]
o ngtcp2: fix QUIC_IDLE_TIMEOUT [94]
o ngtcp2: make curl 1ms faster [93]
o ngtcp2: remove remote_addr which is not used in a meaningful way [81]
o ngtcp2: update to work after recent ngtcp2 updates [62]
o ngtcp2: use token when detecting :status header field [92]
o nonblock: restore setsockopt method to curlx_nonblock [20]
o openssl: check SSL_get_peer_cert_chain return value [1]
o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23]
o openssl: fix CN check error code [21]
o options: remove mistaken space before paren in prototype
o perl: removed a double semicolon at end of line [64]
o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43]
o projects/README: converted to markdown [76]
o projects: Update VC version names for VS2017, VS2022 [52]
o rtsp: don't let CSeq error override earlier errors [37]
o runtests: add 'bearssl' as testable feature [87]
o runtests: make 'oldlibssh' be before 0.9.4 [2]
o schannel: remove dead code that will never run [89]
o scripts/copyright.pl: ignore the new mlc_config.json file
o scripts: move three scripts from lib/ to scripts/ [44]
o test1135: sync with recent API updates [54]
o test1459: disable for oldlibssh [53]
o test375: fix line endings on Windows [40]
o test386: Fix an incorrect test markup tag
o test718: edited slightly to return better HTTP [32]
o tests/server/util.h: align WIN32 condition with util.c [46]
o tests: refactor server/socksd.c to support --unix-socket [96]
o timediff.[ch]: add curlx helper functions for timeval conversions [86]
o tls: make mbedtls and NSS check for h2, not nghttp2 [70]
o tool and tests: force flush of all buffers at end of program [17]
o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30]
o tool_getparam: error out on missing -K file [115]
o tool_listhelp.c: uppercase URL
o tool_operate: fix a scan-build warning [16]
o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97]
o transfer: redirects to other protocols or ports clear auth [109]
o unit1620: call global_init before calling Curl_open [125]
o url: check sasl additional parameters for connection reuse. [113]
o vtls: provide a unified APLN-disagree string for all backends [75]
o vtls: use a backend standard message for "ALPN: offers %s" [73]
o vtls: use a generic "ALPN, server accepted" message [72]
o winbuild/README.md: fixup dead link [36]
o winbuild: Add a Visual Studio example to the README [49]
o wolfssl: fix compiler error without IPv6 [25]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.5.3 to 2.5.4
- Update of rootfile
- Changelog
Version 2.5.4 - April 21, 2022
- Update the syscall table for Linux v5.17
- Fix minor issues with binary tree testing and with empty binary trees
- Minor documentation improvements including retiring the mailing list
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 0.3.112 to 0.3.113
- Update of rootfile
- Changelog
0.3.113
harness: add test for aio poll missed events
Verify structure padding is correct at build time
Fix struct io_iocb_sockaddr padding for 32bit architectures
Fix struct io_iocb_vector padding for 32bit architectures
Use generic syscall number schema for loongarch
Add endian detection and bit width detection for loongarch
Add loongarch to supported architectures in libaio.spec
cases/16.t: loongarch only supports eventfd2
Fix test issue with gcc-11
harness: Skip the test if io_pgetevents() is not implemented
harness: Print better error messages on error conditions in 22.t
harness: Fix PROT_WRITE mmap check
harness: fix read into PROT_WRITE mmap test
harness: skip 22.p if async_poll isn't supported
harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT
harness: Add fallback code for filesystems not supporting O_DIRECT
harness: add support for skipping tests
harness: Make the test exit with a code matching the pass/fail state
harness: Make RISC-V use SYS_eventfd2 instead of unavailable SYS_eventfd
harness: Use run-time _SC_PAGE_SIZE instead of build-time PAGESIZE
harness: Use destination strncpy() expression for sizeof() argument
Use ctx consistently for io_context_t instead of ctx_id
man: Escape verbatim \n in order to make it through roff
man: Fold short lines
man: Fix markup
man: Fix title header
man: Fix typos
man: Add "None" to empty sections
man: Remove spurious text
man: Remove spurious spaces
man: Fix period formatting
man: Fix casing
man: End sentences with a period
man: Refer to libaio.h instead of libio.h
man: Use the correct troff macro for comments
man: Add missing space in man page references
harness: allow running tests against the installed library
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.63 to 2.64
- Update of rootfile
- Change sed line to ensure removal of static libs - environment names for static libraries
changed.
- Changelog
2.64
Fix memory leak in libpsx at program exit. (Bug: 215551 reported by Kalen Hall)
Be more resilient to CGo configuration with Go compiler when building tests.
(Bug: 215603)
Fix cap_*prctl() return code/errno handling. (Bug: 215772 reported by Anderson
Toshiyuki Sasaki)
Minor clarification to cap_get_pid() man page concerning pid value within
namespaces. (Bug: 215812)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 0.8.2 to 0.8.3
- Update of rootfile not required
- Changelog
0.8.3
- Fix parameters to capng_updatev python bindings to be signed
- Detect capability options at runtime to make containerization easier (ntkme)
- Initialize the library when linked statically
- Add gcc function attributes for deallocation
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.19.2 to 1.21.6
- Update of rootfile not required
- Changelog
Changes with nginx 1.21.6 25 Jan 2022
*) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
unevenly distributed among worker processes.
*) Bugfix: nginx returned the "Connection: keep-alive" header line in
responses during graceful shutdown of old worker processes.
*) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
Changes with nginx 1.21.5
*) Change: now nginx is built with the PCRE2 library by default.
*) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
*) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
*) Feature: the $ssl_curve variable.
*) Bugfix: connections might hang when using HTTP/2 without SSL with the
"sendfile" and "aio" directives.
Changes with nginx 1.21.4
*) Change: support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
*) Change: now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
*) Change: the default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
*) Feature: the "proxy_half_close" directive in the stream module.
*) Feature: the "ssl_alpn" directive in the stream module.
*) Feature: the $ssl_alpn_protocol variable.
*) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
*) Feature: the "mp4_start_key_frame" directive in the
ngx_http_mp4_module.
Thanks to Tracey Jaquith.
*) Bugfix: in the $content_length variable when using chunked transfer
encoding.
*) Bugfix: after receiving a response with incorrect length from a
proxied backend nginx might nevertheless cache the connection.
Thanks to Awdhesh Mathpal.
*) Bugfix: invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
directive.
Changes with nginx 1.21.3
*) Change: optimization of client request body reading when using
HTTP/2.
*) Bugfix: in request body filters internal API when using HTTP/2 and
buffering of the data being processed.
Changes with nginx 1.21.2
*) Change: now nginx rejects HTTP/1.0 requests with the
"Transfer-Encoding" header line.
*) Change: export ciphers are no longer supported.
*) Feature: OpenSSL 3.0 compatibility.
*) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
Thanks to Rob Mueller.
*) Feature: request body filters API now permits buffering of the data
being processed.
*) Bugfix: backend SSL connections in the stream module might hang after
an SSL handshake.
*) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
newer, did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
*) Bugfix: SSL connections with gRPC backends might hang if select,
poll, or /dev/poll methods were used.
*) Bugfix: when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the
request.
Changes with nginx 1.21.1
*) Change: now nginx always returns an error for the CONNECT method.
*) Change: now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
*) Change: now nginx always returns an error if spaces or control
characters are used in the request line.
*) Change: now nginx always returns an error if spaces or control
characters are used in a header name.
*) Change: now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
*) Change: optimization of configuration testing when using many
listening sockets.
*) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
*) Bugfix: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
*) Bugfix: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
*) Bugfix: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
Changes with nginx 1.21.0
*) Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
*) Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
*) Feature: the "max_errors" directive in the mail proxy module.
*) Feature: the mail proxy module supports POP3 and IMAP pipelining.
*) Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
Thanks to Anbang Wen.
*) Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
*) Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
Changes with nginx 1.19.10
*) Change: the default value of the "keepalive_requests" directive was
changed to 1000.
*) Feature: the "keepalive_time" directive.
*) Feature: the $connection_time variable.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
Changes with nginx 1.19.9
*) Bugfix: nginx could not be built with the mail proxy module, but
without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
*) Bugfix: "upstream sent response body larger than indicated content
length" errors might occur when working with gRPC backends; the bug
had appeared in 1.19.1.
*) Bugfix: nginx might not close a connection till keepalive timeout
expiration if the connection was closed by the client while
discarding the request body.
*) Bugfix: nginx might not detect that a connection was already closed
by the client when waiting for auth_delay or limit_req delay, or when
working with backends.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.8
*) Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
*) Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
*) Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
*) Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.7
*) Change: connections handling in HTTP/2 has been changed to better
match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
"http2_max_requests" directives have been removed, the
"keepalive_timeout" and "keepalive_requests" directives should be
used instead.
*) Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
*) Feature: now, if free worker connections are exhausted, nginx starts
closing not only keepalive connections, but also connections in
lingering close.
*) Bugfix: "zero size buf in output" alerts might appear in logs if an
upstream server returned an incorrect response during unbuffered
proxying; the bug had appeared in 1.19.1.
*) Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
*) Bugfix: in the "add_trailer" directive.
Changes with nginx 1.19.6
*) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
block was marked as "down".
*) Bugfix: a segmentation fault might occur in a worker process if HTTPS
was used; the bug had appeared in 1.19.5.
*) Bugfix: nginx returned the 400 response on requests like
"GET http://example.com?args HTTP/1.0".
*) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
Thanks to Chris Newton.
Changes with nginx 1.19.5
*) Feature: the -e switch.
*) Feature: the same source files can now be specified in different
modules while building addon modules.
*) Bugfix: SSL shutdown did not work when lingering close was used.
*) Bugfix: "upstream sent frame for closed stream" errors might occur
when working with gRPC backends.
*) Bugfix: in request body filters internal API.
Changes with nginx 1.19.4
*) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
"grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
*) Feature: the "ssl_reject_handshake" directive.
*) Feature: the "proxy_smtp_auth" directive in mail proxy.
Changes with nginx 1.19.3
*) Feature: the ngx_stream_set_module.
*) Feature: the "proxy_cookie_flags" directive.
*) Feature: the "userid_flags" directive.
*) Bugfix: the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
*) Bugfix: "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
*) Workaround: "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
*) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
*) Bugfix: socket leak when using HTTP/2 and subrequests in the njs
module.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.4.2 to 3.7.3
- Update of rootfile
- Changelog is too large to include here ~600 lines long
More details can be found in the CHANGELOG.rst file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.54.0 to 2.64.0
- Update of rootfile
- Changelog
2.64.0 - 2022-04-19
Added
* Support for the Stack Monitoring service
* Support for stack monitoring on external databases in the Database service
* Support for upgrading VM database systems in place in the Database service
* Support for viewing supported VMWare software versions when listing host shapes in the VMWare Solution service
* Support for choosing compute shapes when creating SDDCs and ESXi hosts in the VMWare Solution service
* Support for work requests on delete operations in the Vulnerability Scanning service
* Support for additional scan metadata in reports, including CVE descriptions, in the Vulnerability Scanning service
* Support for redemption codes in the Usage service
Breaking
* Param `type` in model `DiscoveryDetails` assumes the value of `UNKNOWN_ENUM_VALUE` if it is assigned a value that is not of the allowed_values. It will not raise a `ValueError`.
2.63.0 - 2022-04-12
Added
* Support for bringing your own IPv6 addresses in the Networking service
* Support for specifying database edition and maximum CPU core count when creating or updating an autonomous database in the Database service
* Support for enabling and disabling data collection options when creating or updating Exadata Cloud at Customer VM clusters in the Database service
Breaking
* Support for retries by default on operations in the Identity service
* Support for retries by default on operations in the Operations Insights service
2.62.1 - 2022-04-05
Added
* Fixed the lifecycle state values for target databases in the Data Safe service
* Support for content length and content type response headers when downloading PDFs in the Account Management service
* Support for creating Enterprise Manager-based zLinux host targets, creating alarms, and viewing top process analytics in the Operations Insights service
* Support for diagnostic reboots on VM instances in the Compute service
2.62.0 - 2022-03-29
Added
* Support for returning the number of network ports as part of listing shapes in the Compute service
* Support for Java runtime removal and custom logs in the Java Management service
* Support for new parameters for BGP admin state and enabling/disabling BFD in the Networking service
* Support for private OKE clusters and blue-green deployments in the DevOps service
* Support for international customers to consume and launch third-party paid listings in the Marketplace service
* Support for additional fields on entities, attributes, and folders in the Data Catalog service
Breaking
* Support for retries by default on operations in the Marketplace service
2.61.0 - 2022-03-22
Added
* Support for getting the storage utilization of a deployment on deployment list and get operations in the GoldenGate service
* Support for virtual machines, bare metal machines, and Exadata databases with private endpoints in the Operations Insights service
* Support for setting deletion policies on database systems in the MySQL Database service
Breaking
* Support for retries by default on operations in the Data Labeling service (data plane and control plane)
2.60.1 - 2022-03-15
Added
* Support for Ubuntu platforms and unlimited installation keys in the Management Agent Cloud service
* Support for shielded instances in the VMWare Solution service
* Support for application resources in the Data Integration service
* Support for multi-AVM on Exadata Cloud at Customer infrastructure in the Database service
* Support for heterogeneous (VM and AVM) clusters on Exadata Cloud at Customer infrastructure in the Database service
* Support for custom maintenance schedules for AVM clusters on Exadata Cloud at Customer infrastructure in the Database service
* Support for listing vulnerabilities, vulnerability-impacted containers, and vulnerability-impacted hosts in the Vulnerability Scanning service
* Support for specifying an image count when creating or updating container scan recipes in the Vulnerability Scanning service
2.60.0 - 2022-03-08
Added
* Support for the Sales Accelerator license option in the Content Management service
* Support for VCN hostname cluster endpoints in the Container Engine for Kubernetes service
* Support for optionally specifying an admin username and password when creating a database system during a restore operation in the MySQL Database service
* Support for automatic tablespace creation on non-autonomous and autonomous database dedicated targets in the Database Migration service
* Support for reporting excluded objects based on static exclusion rules and dynamic exclusion settings in the Database Migration service
* Support for removing, listing, and adding database objects reported by the Cloud Premigration Advisor Tool (CPAT) in the Database Migration service
* Support for migrating Oracle databases from the AWS RDS service to OCI as autonomous databases, using the AWS S3 service and DBLINK for data transfer, in the Database Migration service
* Support for querying additional fields of a resource using return clauses in the Search service
* Support for clusters and station clusters in the Roving Edge Infrastructure service
* Support for creating database systems and database homes using customer-managed keys in the Database service
Breaking
* Support for retries enabled by default on operations in the Container Engine for Kubernetes service
* Support for retries enabled by default on operations in the Resource Manager service
* Support for retries enabled by default on operations in the Search service
2.59.0 - 2022-03-01
Added
* Support for DRG route distribution statements to be specified with a new match type 'MATCH_ALL' for matching criteria in the Networking service
* Support for VCN route types on DRG attachments for deciding whether to import VCN CIDRs or subnet CIDRs into route rules in the Networking service
* Support for CPS offline reports in the Database service
* Support for infrastructure patching v2 features in the Database service
* Support for auto-scaling the storage of an autonomous database, as well as shrinking an autonomous database, in the Database service
* Support for managed egress via a default networking option on jobs and notebooks in the Data Science service
* Support for more types of saved search enums in the Management Dashboard service
Breaking
* Support for retries enabled by default on some operations in the AI Vision service
2.58.0 - 2022-02-22
Added
* Support for the Data Connectivity Management service
* Support for the AI Speech service
* Support for disabling crash recovery in the MySQL Database service
* Support for detector recipes of type "threat", new detector rule of type "rogue user", and sightings operations in the Cloud Guard service
* Support for more VM shape configurations when listing shapes in the Compute service
* Support for customer-managed encryption keys in the Analytics Cloud service
* Support for FastConnect device information in the Networking service
Breaking
* Support for retries enabled by default on all operations in the Application Performance Monitoring control plane service
2.57.0 - 2022-02-15
Added
* Support for the AI Vision service
* Support for the Threat Intelligence service
* Support for creation of NoSQL database tables with on-demand throughput capacity in the NoSQL Database Cloud service
* Support for tagging features in the Oracle Container Engine for Kubernetes (OKE) service
* Support for trace snapshots in the Application Performance Monitoring service
* Support for auditing and alerts in the Data Safe service
* Support for data discovery and data masking in the Data Safe service
* Support for customized subscriptions and delivery of announcements by email and SMS in the Announcements service
Breaking
* The API `query_old` was removed from `query_client` in the Application Performance Monitoring service
2.56.0 - 2022-02-08
Added
* Support for managing tablespaces in the Database Management service
* Support for upgrading and managing payment for subscriptions in the Account Management service
* Support for listing fast launch job configurations in the Data Science service
Breaking changes
* Support for retries enabled by default on all operations in the Application Performance Monitoring service
* The type for the `bill_to_address` parameter was changed from `Address` to `BillToAddress` in the invoice model of the Account Management service
* `payment_method` was made a required property of the `payment_detail` model of the Account Management service
2.55.1 - 2022-02-01
Added
* Support for calling Oracle Cloud Infrastructure services in the ap-dcc-canberra-1 region
* Support for the Console Dashboard service
* Support for capacity reservation in the Container Engine for Kubernetes service
* Support for tagging in the Container Engine for Kubernetes service
* Support for fetching listings by image OCID in the Marketplace service
* Support for underscores and hyphens in project resource names in the DevOps service
* Support for cross-region cloning in the Database service
2.55.0 - 2022-01-25
Added
* Support for OneSubscription services
* Support for specifying if a run or application is streaming or batch in the Data Flow service
* Support for updating the Instance Configuration of an Instance Pool within a Cluster Network in the Compute Management service
* Updated documentation for Cross Region ADG feature for Autonomous Database in the Database service
Breaking
* Support for retries enabled by default on all operations in the Object Storage service
2.54.1 - 2022-01-18
Added
* Support for calling Oracle Cloud Infrastructure services in the me-dcc-muscat-1 region
* Support for the Visual Builder service
* Support for cross-region replication of volume groups in the Block Storage service
* Support for boot volume encryption in the Container Engine for Kubernetes service
* Support for adding metadata to records when creating and updating records in the Data Labeling service
* Support for global export formats in snapshot datasets in the Data Labeling service
* Support for adding labeling instructions to datasets in the Data Labeling service
* Support for updating autonomous dataguard associations for autonomous container databases in the Database service
* Support for setting up automatic failover when creating autonomous container databases in the Database service
* Support for setting the RECO storage size when updating a database system in the Database service
* Support for reconnecting refreshable clones to source for autonomous databases on shared infrastructure in the Database service
* Support for checking if an autonomous database on shared infrastructure can be reconnected to source, in the Database service
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.5.3 to 2.6.1
- Update of rootfile not required
- Changelog is not available in the source tarball or on the website. Follwoing list of
changes obtained from git shortlog listing
Release: 2.6.1 nfs-utils-2-6-1
mount: removed unused lable
tools/rpcgen: fix build on macos arm64 (stat64 issue)
mount: Remove NFS v2 support from mount.nfs
nfs.man: Remove references to NFS v2 from the man pages
nfsd: Remove the ability to enable NFS v2.
mount: don't bind a socket needlessly.
Add --disable-sbin-override for when /sbin is a symlink
mountstats: division by zero error on new mount when...
mountd: only do NFSv4 logging on supported kernels.
Move version.h into a common include directory
install-dep: Use command -v instead of which
nfs.man: adding new mount option max_connect
cacheio.c:216:21: warning: unused variable 'stb' [...
gssd: fix crash in debug message.
systemd generators: Install depending on location for...
systemd/Makefile: Drop exlicit setting of unit_dir
nfs-utils: add install-dep for installing all dependencies
nfs-utils: Fix mem leak in mountd
nfs-utils: Fix mem leaks in krb5_util
nfs-utils: Fix mem leaks in gssd
nfs-utils: Fix potential memory leaks in idmap
nfsdcltrack: Use uint64_t instead of time_t
systemd: Fix non-default statedir paths.
nfsdcltrack/nfsdcltrack.c: Fix printf format
nfsdcltrack/sqlite: Fix printf format
mount.nfs: Fix the sloppy option processing
Release: 2.5.4
gssd: Cleaned up debug messages
mount.nfs: insert 'sloppy' at beginning of the options
nfs(5): Correct the spelling of "kernel_source"
nfs(5): Fix missing mentions of "rdma6" netid
gssd: add timeout for upcall threads
gssd: deal with failed thread creation
configure: check for rpc/rpc.h presence
README: update git repository URL
Move declaration of etab and rmtab into libraries
Remove 'force' arg from cache_flush()
Fix NFSv4 export of tmpfs filesystems
gssd: use mutex to protect decrement of refcount
nfs-utils: Enable the retrieval of raw config settings...
nfs-utils: Factor out common structure cleanup calls
Replace all /var/run with /run
Fix `statx()` emulation breaking exports
mountd/exports: Fix typo in the man page
NFS server should enable RDMA by default
mountd/exportd: only log confirmed clients, and poll...
exportfs: fix unexporting of '/'
nfsdclnts: Ignore SIGPIPE signal
mountd: add logging of NFSv4 clients attaching and...
mountd: make default ttl settable by option
mountd: add --cache-use-ipaddr option to force use_ipaddr
mountd: add logging for authentication results for...
mountd/exports: update man page
mountd: Don't proactively add export info when fh info...
mountd: reject unknown client IP when !use_ipaddr.
gssd: Add options to rpc.gssd to allow for the use...
exportd: server-side gid management
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
The array of used/loaded ipsets needs to be reloaded before
the cleanup can be started to also handle sets which are loaded during
runtime.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version r53 to r55
- Update of rootfile not required
- Changelog
inih version 55
Added "version" to meson.build config: #135 (but bumped up to 55 in a subsequent
commit, for this release).
inih version 54
Mainly #134, adding the visibility symbols to the Meson build config, but also other
small tweaks to tests and so on.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.14.02 (Dec 2018) to 2.15.05 (Aug 2020)
- Most recent commit in git was Dec 2021
- Update of rootfile not required
- Changelog in source tarball and in git repository was last updated in 2007.
Only option to see changes is to review the commits in
https://github.com/netwide-assembler/nasm/commits/master
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.4.49 to 2.6.1
- Update of rootfile
- Update of consolidated patch to 2.6.1
- Removal of old patches
- Changelog
OpenLDAP 2.6.1 Release (2022/01/20)
Fixed libldap to init client socket port (ITS#9743)
Fixed libldap with referrals (ITS#9781)
Added slapd config keyword for logfile format (ITS#9745)
Fixed slapd to allow objectClass edits with no net change (ITS#9772)
Fixed slapd configtable population (ITS#9576)
Fixed slapd to only set loglevel in server mode (ITS#9715)
Fixed slapd logfile-rotate use of uninitialized variable (ITS#9730)
Fixed slapd passwd scheme handling with slapd.conf (ITS#9750)
Fixed slapd postread support for modrdn (ITS#7080)
Fixed slapd syncrepl recreation of deleted entries (ITS#9282)
Fixed slapd syncrepl replication with ODSEE (ITS#9707)
Fixed slapd syncrepl to properly replicate glue entries (ITS#9647)
Fixed slapd syncrepl to reject REFRESH for precise resync (ITS#9742)
Fixed slapd syncrepl to avoid busy loop during refresh (ITS#9584)
Fixed slapd syncrepl when X-ORDERED is specified (ITS#9761)
Fixed slapd syncrepl to better handle out of order delete ops (ITS#9751)
Fixed slapd syncrepl to correctly close connections when config is deleted (ITS#9776)
Fixed slapd-mdb to update indices correctly on replace ops (ITS#9753)
Fixed slapd-wt to set correct flags (ITS#9760)
Fixed slapo-accesslog to fix assertion due to deprecated code (ITS#9738)
Fixed slapo-accesslog to fix inconsistently normalized minCSN (ITS#9752)
Fixed slapo-accesslog delete handling of multi-valued config attrs (ITS#9493)
Fixed slapo-autogroup to maintain values in insertion order (ITS#9766)
Fixed slapo-constraint to maintain values in insertion order (ITS#9770)
Fixed slapo-dyngroup to maintain values in insertion order (ITS#9762)
Fixed slapo-dynlist compare operation for static groups (ITS#9747)
Fixed slapo-dynlist static group filter with multiple members (ITS#9779)
Fixed slapo-ppolicy when not built modularly (ITS#9733)
Fixed slapo-refint to maintain values in insertion order (ITS#9763)
Fixed slapo-retcode to honor requested insert position (ITS#9759)
Fixed slapo-sock cn=config support (ITS#9758)
Fixed slapo-syncprov memory leak (ITS#8039)
Fixed slapo-syncprov to generate a more accurate accesslog query (ITS#9756)
Fixed slapo-syncprov to allow empty DB to host persistent syncrepl connections (ITS#9691)
Fixed slapo-syncprov to consider all deletes for sycnInfo messages (ITS#5972)
Fixed slapo-translucent to warn on invalid config (ITS#9768)
Fixed slapo-unique to warn on invalid config (ITS#9767)
Fixed slapo-valsort to maintain values in insertion order (ITS#9764)
Build Environment
Fix test022 to preserve DELAY search output (ITS#9718)
Fix slapd-watcher to allow startup when servers are down (ITS#9727)
Contrib
Fixed slapo-lastbind to work with 2.6 lastbind-precision configuration (ITS#9725)
Documentation
Fixed slapd.conf(5)/slapd-config(5) documentation on lastbind-precision (ITS#9728)
Fixed slapo-accesslog(5) to clarify logoldattr usage (ITS#9749)
OpenLDAP 2.6.0 Release (2021/10/25)
Initial release for "general use".
OpenLDAP 2.5.7 Release (2021/08/18)
Fixed lloadd client state tracking (ITS#9624)
Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611)
Fixed slapd-ldif duplicate controls response (ITS#9497)
Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621)
Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958)
Fixed slapd-mdb idlexp maximum size handling (ITS#9637)
Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628)
Fixed slapd-sql to add support for ppolicy attributes (ITS#9629)
Fixed slapd-sql to close transactions after bind and search (ITS#9630)
Fixed slapo-accesslog to make reqMod optional (ITS#9569)
Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625)
Documentation
slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637)
slapo-accesslog(5) note that reqMod is optional (ITS#9569)
Add ldapvc(1) man page (ITS#9549)
Add guide section on load balancer (ITS#9443)
Updated guide to document multiprovider as replacement for mirrormode (ITS#9200)
Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200)
Updated guide to document removal of deprecated options from client tools (ITS#9200)
OpenLDAP 2.5.6 Release (2021/07/27)
Fixed libldap buffer overflow (ITS#9578)
Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590)
Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747)
Fixed slapd multiple config defaults (ITS#9363)
Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603)
Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608)
Build
Fixed library symbol versioning on Solaris (ITS#9591)
Fixed compile warning in libldap/tpool.c (ITS#9601)
Fixed compile warning in libldap/tls_o.c (ITS#9602)
Contrib
Fixed ppm module for sysconfdir (ITS#7832)
Documentation
Updated guide to document multival, idlexp, and maxentrysize (ITS#9613, ITS#9614)
OpenLDAP 2.5.5 Release (2021/06/03)
Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502)
Added lloadd tcp-user-timeout support (ITS#9502)
Added slapd-asyncmeta tcp-user-timeout support (ITS#9502)
Added slapd-ldap tcp-user-timeout support (ITS#9502)
Added slapd-meta tcp-user-timeout support (ITS#9502)
Fixed incorrect control OIDs for AuthZ Identity (ITS#9542)
Fixed libldap typo in util-int.c (ITS#9541)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, ITS#9546)
Fixed lloadd multiple issues (ITS#8747)
Fixed slapd slap_op_time to avoid duplicates across restarts (ITS#9537)
Fixed slapd typo in daemon.c (ITS#9541)
Fixed slapd slapi compilation (ITS#9544)
Fixed slapd to handle empty DN in extended filters (ITS#9551)
Fixed slapd syncrepl searches with empty base (ITS#6467)
Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534)
Fixed slapd abort due to typo (ITS#9561)
Fixed slapd-asyncmeta quarantine handling (ITS#8721)
Fixed slapd-asyncmeta to have a default operations timeout (ITS#9555)
Fixed slapd-ldap quarantine handling (ITS#8721)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
Fixed slapd-meta quarantine handling (ITS#8721)
Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552)
Fixed slapo-pcache locking during expiration (ITS#9529)
Build
Fixed slappw-argon2 module installation (ITS#9548)
Contrib
Update ldapc++/ldaptcl to use configure.ac (ITS#9554)
Documentation
ldap_first_attribute(3) - Document ldap_get_attribute_ber (ITS#8820)
ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
OpenLDAP 2.5.4 Release (2021/04/29)
Initial release for "general use".
OpenLDAP 2.4.57 Release (2021/01/18)
Fixed ldapexop to use correct return code (ITS#9417)
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
Fixed slapd modrdn memory leak (ITS#9420)
Fixed slapd double-free in vrfilter (ITS#9408)
Fixed slapd cancel operation to correctly terminate (ITS#9428)
Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
OpenLDAP 2.4.56 Release (2020/11/10)
Fixed slapd to remove assert in certificateListValidate (ITS#9383)
Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
Fixed slapd to better parse ldapi listener URIs (ITS#9379)
OpenLDAP 2.4.55 Release (2020/10/26)
Fixed slapd normalization handling with modrdn (ITS#9370)
Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
Contrib
Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
OpenLDAP 2.4.54 Release (2020/10/12)
Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
Fixed slapd syncrepl to be fully serialized (ITS#8102)
Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
Fixed slapo-syncprov sessionlog to use a TAVL tree (ITS#8486)
OpenLDAP 2.4.53 Release (2020/09/07)
Added slapd syncrepl additional SYNC logging (ITS#9043)
Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
Build
Require OpenSSL 1.0.2 or later (ITS#9323)
Fixed libldap compilation issue with broken C compilers (ITS#9332)
OpenLDAP 2.4.52 Release (2020/08/28)
Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
Fixed librewrite malloc/free corruption (ITS#9249)
Fixed libldap hang when using UDP and server down (ITS#9328)
Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
Fixed slapd-mdb index error with collapsed range (ITS#9135)
OpenLDAP 2.4.51 Release (2020/08/11)
Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
Fixed slapd to enforce singular existence of some overlays (ITS#9309)
Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
Fixed slapo-chain to check referral (ITS#9262)
Build Environment
Fix test064 so it no longer uses bashisms (ITS#9263)
Contrib
Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
slapo-allowed - Fix usage of unitialized variable (ITS#9308)
Documentation
ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
OpenLDAP 2.4.50 Release (2020/04/28)
Fixed client benign typos (ITS#8890)
Fixed libldap type cast (ITS#9175)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap_r race on Windows mutex initialization (ITS#9181)
Fixed liblunicode memory leak (ITS#9198)
Fixed slapd benign typos (ITS#8890)
Fixed slapd to limit depth of nested filters (ITS#9202)
Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
Fixed slapo-pcache database initialization (ITS#9182)
Fixed slapo-ppolicy callback (ITS#9171)
Build
Fix olcDatabaseDummy initialization for windows (ITS#7074)
Fix detection for ws2tcpip.h for windows (ITS#8383)
Fix back-mdb types for windows (ITS#7878)
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
slapd-meta(5) - Remove client-pr option (ITS#8683)
slapindex(8) - Fix truncate option information for back-mdb (ITS#9230)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3380000 to 3380300
- Update of rootfile not required
- Changelog
3.38.3 (2022-04-27):
Fix a case of the query planner be overly aggressive with optimizing
automatic-index and Bloom-filter construction, using inappropriate ON clause
terms to restrict the size of the automatic-index or Bloom filter, and
resulting in missing rows in the output. Forum thread 0d3200f4f3bcd3a3.
Other minor patches. See the timeline for details.
3.38.2 (2022-03-26):
Fix a user-discovered problem with the new Bloom filter optimization that
might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause
constraint that says that one of the columns on the right table of the LEFT
JOIN is NULL. See forum thread 031e262a89b6a9d2.
Other minor patches. See the timeline for details.
3.38.1 (2022-03-12):
Fix problems with the new Bloom filter optimization that might cause some
obscure queries to get an incorrect answer.
Fix the localtime modifier of the date and time functions so that it
preserves fractional seconds.
Fix the sqlite_offset SQL function so that it works correctly even in corner
cases such as when the argument is a virtual column or the column of a view.
Fix row value IN operator constraints on virtual tables so that they work
correctly even if the virtual table implementation relies on bytecode to
filter rows that do not satisfy the constraint.
Other minor fixes to assert() statements, test cases, and documentation. See
the source code timeline for details.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
