mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-20 07:53:01 +02:00
7ea6cba07a2cbf21d8a3272ce6371c36df8263ec
8781 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
7ea6cba07a |
bash: Update version to 5.2 with patches 1 to 15
- Update from version 5.2 patches 1-9 to 5.2 patches 1-15 - Update of rootfile not required - Changelog bash52-015 There are several cases where bash is too aggressive when optimizing out forks in subshells. For example, `eval' and traps should never be optimized. bash52-014 Bash defers processing additional terminating signals when running the EXIT trap while exiting due to a terminating signal. This patch allows the new terminating signal to kill the shell immediately. bash52-013 Bash can leak memory when referencing a non-existent associative array element. bash52-012 When running in bash compatibility mode, nested command substitutions can leave the `extglob' option enabled. bash52-011 Using timeouts and readline editing with the `read' builtin (read -e -t) can leave the readline timeout enabled, potentially resulting in an erroneous timeout on the next call. bash52-010 Bash-5.2 checks the first 128 characters of an executable file that execve() refuses to execute to see whether it's a binary file before trying to execute it as a shell script. This defeats some previously-supported use cases like "self-executing" jar files or "self-uncompressing" scripts. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
cf2d231d36 |
aws-cli: Update to version 1.27.100
- Update from version 1.23.12 to 1.27.100 - Update of rootfile - Changelog is over 2000 lines long. For details please see the CHNGELOG.rst file in the source tarball Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
ccae603c72 |
automake: Update to version 1.16.5
- Update from version 1.16.3 to 1.16.5 - Update of rootfile not required - Chyangelog New in 1.16.5: * Bugs fixed - PYTHON_PREFIX and PYTHON_EXEC_PREFIX are now set according to Python's sys.* values only if the new configure option --with-python-sys-prefix is specified. Otherwise, GNU default values are used, as in the past. (The change in 1.16.3 was too incompatible.) - consistently depend on install-libLTLIBRARIES. * Distribution - use const for yyerror declaration in bison/yacc tests. New in 1.16.4: * New features added - The PYTHON_PREFIX and PYTHON_EXEC_PREFIX variables are now set from Python's sys.prefix and sys.exec_prefix; use the new configure options --with-python_prefix and --with-python_exec_prefix to specify explicitly. - Common top-level files can be provided as .md; the non-md version is used if both are present: AUTHORS ChangeLog INSTALL NEWS README README-alpha THANKS - CTAGS, ETAGS, SCOPE variables can be set via configure. - Silent make output for custom link commands. - New option "no-dist-built-sources" skips generating $(BUILT_SOURCES) before building the tarball as part of "make dist", that is, omits the dependency of $(distdir): $(BUILT_SOURCES). * Bugs fixed - automake output more reproducible. - test-driver less likely to clash with tests writing to the same file. - DejaGnu tests always use the directory name, testsuite/, for compatibility with the newer dejagnu-1.6.3 and with prior versions. * Distribution - config.sub and config.guess updates include restoration of `...` for maximum portability. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
931324b1a4 |
ghostscript: Update to version 10.01.1
- Update from version 10.0.0 to 10.01.1 - Update of rootfile - Changelog highlights is only shown in the website. For more details of the changes made you bhave to go and look at the commit log https://git.ghostscript.com/?p=ghostpdl.git;a=shortlog;h=refs/heads/master Version 10.01.0 (2023-03-22) Highlights in this release include: We've continued to improve the performance of the PDF interpreter written in C and improve it's behaviour in edge and out-of-specification cases. Our efforts in code hygiene and maintainability continue. The usual round of bug fixes, compatibility changes, and incremental improvements. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
cebe8231ce |
arping: Update to version 2.23
- Update from version 2.21 to 2.23
- Update of rootfile not required
- Changelog
2.23
Notable changes:
* Work around VLAN bug in libpcap 1.7-1.9.0
* Linux: Experimental support for seccomp (off by default)
* Android: Don't attempt to use caps if header files missing
* OpenBSD: try lo0, not just lo, for interface fallback
* Made -P set target MAC address (-t)
2.22
Only real changes are to support newer version of unit test framework.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
ece70b1fcc |
aprutil: Update to version 1.6.3
- Update from version 1.6.1 to 1.6.3
- Update of rootfile
- Changelog
1.6.3
*) Correct a packaging issue in 1.6.2. The contents of the release were
correct, but the top level directory was misnamed.
1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
*) Teach configure how to find and build against MariaDB 10.2. PR 61517
[Kris Karas <bugs-a17 moonlit-rail.com>]
*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
prevented commoncrypto being enabled. [Graham Leggett]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
apr_dbm_gdbm will now also return error codes starting with
APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always
returning APR_EGENERAL. [Stefan Fritsch]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
70f08332ce |
amazon-ssm-agent: Update to version 3.2.582.0
- Update from version 3.0.356.0 - Update of rootfile not required - Changelog 3.2.574.0 - Fixed go-vet issues by passing mocks by value - Updated domainjoin and cloudwatch executables for windows 3.2.532.0 - Removed explicit setting of EC2 aws credential profile - Added public key to registration info - Sends non-interactive command errors that occur before command execution to data channel - Added instance id verification to registration process 3.2.419.0 - Added minimum retry sleep for Registrar RegisterManagedInstance calls - Explicitly skip AZ info check for on-prem and ECS targets - Fix for SSM-Agent that is unable to start on Apple Mac M1's (mac2.metal instances) - Ensuring powershell path is set to system directory on Windows - Load DLLs with using system/absolute paths on Windows - Added workaround for Samba limit when loading Active Directory ids - Dynamically get network interface name for SeamlessDomainJoin - Added install-yum-rpm to makefile to install agent on host from source code - Added logging for specifying credential source - Refactored tests to remove mocks from production binaries - Updated Windows DomainJoin plugin SharpZipLib and Newtonsoft.json dependencies 3.2.345.0 - Updated yaml.v3 dependency 3.2.286.0 - Separated EC2 identity vault manifest from OnPrem identity vault manifest - Fix for credential retrieval blocking os termination signals - Fix for agent updater using shared credentials on EC2 - Added guards against panic for agent identity health checks - Added logging around agent module start/stop 3.2.183.0 - Added logging when assuming identity - Increased retries to ECS metadata endpoint - Added linux debug build to makefile - Implemented aws sdk logging interface - Updated agent minor version to 3.2 - Added functionality to retrieve agent credentials from Systems Manager on EC2 3.1.1927.0 - Update shell for Session Manager on MacOS 3.1.1856.0 - Lower message length threshold for cloudwatch log streaming - Ran gofmt and goimports with golang version 1.19 - Report AvailabilityZone and AvailabilityZoneId in health pings - Update AWS Go SDK to v1.44.78 3.1.1767.0 - Fix samba configuration for sub-domains 3.1.1732.0 - Add code in document/session worker to fallback to default identity selector when runtime config not present - Fix to handle command-line-arguments in document/session worker when launched by old agent workers 3.1.1634.0 - Fallback to file based IPC if named pipe creation times out - Increase tls handshake timeout in http download client - Log mds client timeout errors as WARN 3.1.1575.0 - Added separate metric for snapd running apps failure during update - Fixed idle session timeout with smux keep alive configuration based on CLI version - Updated AgentTaskComplete message retry - Updated go version to 1.18.3 3.1.1511.0 - Collect kernel version in InstanceDetailedInformation - Support separate output stream for non-interactive session - Cleanup default log group name for runcommands - Updated rpm spec file to include build id 3.1.1476.0 - Fix port session premature close when local server is not connected before timeout 3.1.1446.0 - Add created date to AgentJobAck message - Disable smux keep alive to use idle session timeout feature - Fix unit-tests running on windows 3.1.1374.0 - Added timeout for s3 HEAD requests - Added vpc address deny to port forwarding - Fixed for reboot scenario in configure package plugin - Fixed goroutine leak in seelog library - Fixed nullpointer segmentation fault in configure package plugin - Improved error handling in manifest download in updater - Improved worker initialization to improve startup failure logging 3.1.1260.0 - Added missing check for invalid S3 path parameter - Added support for domain join using a non-local username - Fixed broken links in README.md - Fixed ECS Exec issue where agent was using environment variables for credentials - Updated Ec2Detector test to query smbios directly for system information 3.1.1208.0 - Updated ec2detector module to use Get-CmiInstance instead of wmic.exe - Fixed file creation mode of ssm-agent-users sudoer file 3.1.1188.0 - Added new ec2detector module to determine if agent is on EC2 - Added support for port forwarding to remote host - Added quotes around inventory parameter ValueName on Windows - Fix for domain join DNS IP assignments in shared directories - Replaced namedpipe updater test with ec2detector test 3.1.1141.0 - Add application inventory by file for Bottlerocket - Fix infinite retry logic to send failed replies in MGSInteractor - Remove usage of io/fs package 3.1.1080.0 - (windows only) Remove symlink scan during update 3.1.1045.0 - Fixed sourceHash validation for aws:application document plugin - Added document parameter validation for values passed to target document of aws:runDocument plugin - (windows only) Fix process leak when legacy cloudwatch plugin is enabled - (windows only) Fail installation if C:\ProgramData\Amazon\SSM\ has symlinks 3.1.1004.0 - Added platform detection for Bottlerocket OS - Consolidated regional endpoint generation to common endpoint module 3.1.941.0 - Added support for Rocky linux - Fixed sharefile/shareprofile not being propagated to updateutil - Fixed incorrect darwin platform detection post BigSur - Fixed log flush issue in updater - Updated .NET dependencies for domainjoin and cloudwatch (windows only) - Updated go version to 1.17.6 3.1.821.0 - Implement new core module named MessageService to start processing commands from both MGS and MDS - Merge functionalities from RunCommandService core module and Session core module. - Receive run command documents through MGS if connected and fallback to MDS otherwise. This functionality requires appropriate permissions for both endpoints and will be rolled out gradually to end users. - Provide filesystem based idempotency check to avoid duplicate run command document execution. - Increase default run command pool buffer size from 1 to 5 to load additional documents before-hand for processing. - Fix nil pointer deference panic produced in named pipe test case during agent update - Remove StopType concept in ssm-agent-worker and add different waits for reboot and shutdown stop 3.1.804.0 - Add support for upstart when running get-diagnostic command using ssm-cli - Fix systemctl service name to support older versions of systemctl - Include changes to facilitate testing - Update DNS server selection logic for seamless domain join on linux and darwin - Update go version to go1.17.5 - Update golang sys package dependency 3.1.715.0 - Derive default directories from appconfig on Darwin - Set x-bit on newly-created directories 3.1.634.0 - Fix for ssm-setup-cli to be able to select service manager without the agent being installed 3.1.630.0 - Added greengrass component recipe for the new SystemsManagerAgent component - Added support for registering agent on a greengrass device - Added support for downloading more than 1000 objects in downloadContent - Fixed retry logic for onprem and s3 upload - Fixed unit tests when running on Mac - Update AWS SDK to v1.41.4 - Update logic to retrieve platform details for Rocky Linux 3.1.501.0 - Add diagnostics command to ssm-cli - Fix caching for onprem credentials - Additional configuration options for Seamless Domain Join - Gracefully exit session if group of runas user is modified - Skip retries for cert validation errors in S3 HEAD requests - Fix DNS failures on CentOS 8.2 - Update several dependencies 3.1.459.0 - Fixed a bug with powershell command for Inventory 3.1.426.0 - Fixed cpu spike issue manifesting on snap - Fixed issue with version comparison in EC2Config update plugin - Fixed panic when command output was being truncated - Updated build to use go1.16.8 - Removed Profile from inventory powershell commands on Windows 3.1.338.0 - Fix to eliminate WaitGroup reuse panic triggered during agent reboot - Fix to include applications without UninstallString in Inventory for Windows - Fixed a bug where multi-plugin documents with large outputs would timeout RunCommand - Fixed a bug where RunCommand could delay executions for up to 15 minutes 3.1.282.0 - Add serial port logging of AwsNitroEnclaves package version on windows during startup - Allow usage of existing loggroup/logstream when the user does not have create permission - Change service interrogate request log to debug - Cleanup old surveyor channel files on startup - Fix filehandle leak in windows leading to agent going offline - Fix to schedule correct next run time during orchestration directories cleanup - Fix to sequentially update correct runcount value in the document bookkeeping file - Fix a bug with version parsing EC2Config updater - Updated rpm packaging for fips compliance 3.1.192.0 - Added darwin arm64 to makefile - Added logic to limit orchestration directory cleanup - Added packaging for public SSM Agent container image - Fixed cloudwatch endpoint for telemetry metrics requests - Fixed handling of Windows filepaths and mutex locks - Fixed agent worker handling of OS signals and termination channel requests - Updated datachannel retry strategy to not retry for a specific error scenario - Updated default gomaxproc value for Windows - Update build to use go1.16.6 3.1.127.0 - Added a workaround for windows random halts - Fixed race condition during reboot document execution 3.1.90.0 - Updated to version 3.1 - Updated build to build statically linked binaries for linux 64bit - Minimum supported linux kernel version for linux 64bit is 3.2+ - Fixed permissions for docker config file - Fixed issue with ubuntu prerm and postinst scripts - Fixed issue where processor stop was being called twice 3.0.1390.0 - Added config option to delete orchestration folder - Added snapcraft packaging config - Added workaround for aws:runDocument status bug - Added improved handling of file closure - Added support for go mod and updated build to use go 1.16.4 - Fixed bug parsing vpce s3 urls - Refactored use of agent identity in agent cli - Updated check if agent is running as windows service - Updated handling of session cancellation to still send output to client side - Updated interactive session exit code logic to match non-interactive mode - Updated vendor dependencies 3.0.1295.0 - Added configurable custom identity and identity consumption order - Added cross-account domain join - Added cleanup for older versions of updater artifacts - Added a workaround for MacOS kernel bug that sometimes kept RunCommand from launching - Added a workaround for log file contention on Windows - Added synchronization to RunCommand service stop - Changed hibernation log level - MacOS executables are now signed - Removed delay in non-interactive session type 3.0.1209.0 - Fixed issue where registration file is not removed when registration is cleared - Removed unnecessary CloudWatch Log api calls - Added support for IMDSv2 in Windows AD domain join plugin 3.0.1181.0 - Added support for digest authorization in downloadContent plugin - Added missing defer close for windows service in updater - Added support to disable onprem hardware similarity check - Fixed windows random halts issue - Refactored windows startup - Refactored task pool to dynamically dispatch goroutines 3.0.1124.0 - Added a check for broken symlink after update - Added support for NonInteractiveCommands session type on Linux and Windows platforms - Added lint-all flag to makefile - Changed Inventory plugin billinginfo to use IMDSv2 - Fixed indefinite retries for ResourceError during CWLogging - Fixed go vet call in checkstyle.sh - Fixed inter process communication log line - Fixed a bug where CloudWatch logs were not being uploaded - Fixed timer and goroutine leaks - Fixed an issue where document workers on Windows were not exiting 3.0.1031.0 - Added test-all flag to the makefile - Added support for onprem private key auto rotation - Added config to remove plugin output files after upload to s3 - Added update precondition for upcoming 3.1 release - Fixed cloudwatch windows where TLS 1.0 is disabled - Fixed document cloudwatch upload when CreateLogStream permissions were missing left instances stuck in terminating - Fixed domain join windows EC2 instances where TLS 1.0 is disabled - Fixed domain join script for .local domain names - Fixed domain join script to exit when domain is already joined - Fixed panic issue in windows startup script when executing powershell command - Fixed session manager issue on MacOS for root and home path - Removed IMDS call in domain join script - Refactored update plugin and updater interaction 3.0.882.0 - Added jitter to first control channel call - Added dedicated folder for plugins - Added option to overwrite corrupt shared credentials 3.0.854.0 - Added $HOME env variable for root user when runAsElevated is true in session - Added CREAD flag in serial port control flags on linux - Added PlatformName and PlatformVersion as env variables for aws:runShellScript - Added support for macOS updater - Added v2.2 document support in updater - Added defer recover statements - Fixed inventory error log when dpkg is not available - Fixed ssm-cli logging to stdout - Removed consideration of unimportant error codes in service side - Updated ec2 credential caching time to ~1 hour - Updated service query logic for Windows - Updated golang sys package dependency 3.0.755.0 - Fix fallback logic for MGS endpoint generation - Fix regional endpoint generation 3.0.732.0 - Fix bug in document parameter expansion - Fix datachannel to wait for empty message buffer before closing - Fix for hung Session Manager sessions - Fix for folder permission issue in domain join - Refactor identity handling - Update session plugin to pause reading when datachannel not actively sending data - Update ssm-user creation details in README.md 3.0.655.0 - Add feature to retain hostname during domain join - Add delay to pty start failure for session-worker - Add nil pointer check on shell command for session-worker - Add shlex to vendor which is used to parse session interactive command input for session-worker - Change log level for IPC not readable message - Change v2 agent to use v3 agent executor - Fix network connectivity issues on RHEL8 - Fix race condition where first message is dropped when session plugin's message handler is not ready - Fix file channel protocol test cases - Fix blocking http call when certificates are not available - Move aws cli installation out of /tmp for domain join plugin - Update boolean attributes in Session Document to accept both string and bool values - Upgrade vendor dependencies and build to use go1.15.7 3.0.603.0 - Added instruction to README.md for getting the latest version of SSM Agent in a specific region - Fix for PowerShell stream data being executed in reverse order - Fix to create update lock folder before creating update locks - Fix to reset ipcTempFile properties at the end of session 3.0.529.0 - Fix for encrypted s3 bucket upload 3.0.502.0 - Add agent version flag to retrieve agent version - Add onFailure/onSuccess/finallyStep support for plugins - Add SSE header for S3 Upload - Add SSM Agent support in MacOS - Extend use of default http transport - Fix for Agent not aquiring new instance role credentials after EC2 hibernation - Fix for shell profile powershell commands not being executed in the expected order - Fix to delete undeleted channel while using reboot document - Fix to consider status of all plugin steps in document after system restart - Fix bug capturing rpm install exit code - Handle sourceInfo json sent from CLI in downloadContent plugin - Optimize agent startup time by removing additional wait times - Refactor makefile - Replace master branch with mainline branch - Upgrade aws-sdk-go to latest version(v1.35.23) 3.0.431.0 - Use DefaultTransport as underlying RoundTripper for S3 access 3.0.413.0 - Add additional checks and logs to install scripts - Add retry logic to handle ssm document during reboot - Add dockerfile to build agent - Add script to package binaries to tar - Change default download directory on Linux to /var/lib/amazon/ssm - Extend SSM Agent ability to execute from relative path and use custom certificates - Fix IP address parsing in domain join plugin - Fix self update logging - Log fingerprint similarity check failures as ERROR and each changed machine property as WARN - Prefix ecs target id with 'ecs:' - Prefer non-link-local addresses to show in Console - Use IMDSv1 after IMDSv2 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
dd5a9f733a |
acpid: Update to version 2.0.34
- Update from version 2.0.32 to 2.0.34 - Update of rootfile - Changelog 2.0.34 2022-09-15 Ted Felix <ted@tedfelix.com> - 2.0.34 release (configure.ac) (Ted Felix) - Add MSG_CMSG_CLOEXEC for systems that are missing it. (libnetlink.h libnetlink.c kacpimon/libnetlink.h kacpimon/libnetlink.c) (Fabrice Fontaine <fontaine.fabrice@gmail.com>) - Fix a bug with input layer event table not working on 32-bit builds with 64-bit time types. (input_layer.c) (Ted Felix) - Use binary search to find input layer events in the table. (input_layer.c) (Ted Felix) - Use AC_PROG_CC instead of the obsolete AC_PROG_CC_STDC. (configure.ac) (Ted Felix) - Add support for more input layer events. (input_layer.c) (Ted Felix) 2.0.33 2021-09-15 Ted Felix <ted@tedfelix.com> - 2.0.33 release (configure.ac) (Ted Felix) - Detect newer GNOME power manager. (powerbtn.sh) (Andrey Utkin <andrey_utkin@gentoo.org>) - openrc-shutdown: Set shutdown time to 'now'. (powerbtn.sh) (Jonathan Davies <jpds@protonmail.com>) - Attempt to open input layer devices whose permissions have changed. (inotify_handler.c) (Torsten Hilbrich <torsten.hilbrich@secunet.com>) - Comments added. (TESTPLAN inotify_handler.c) (Ted Felix) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
077a55f4f9 |
7zip: Update to version 17.05
- Update from version 17.04 to 17.05 - Update of rootfile - Changelog Version 17.05 - add UTF-8 support for Client7z - fix issue 130 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
90a3a2b88f |
slang: Update to version 2.3.3
- Update from version 2.3.2 to 2.3.3 - Update of rootfile - Changelog 2.3.3 1. src/slposdir.c: stat_file now support open file descriptors, in addition to filenames. 2. src/sltoken.c: Ignore the \r character in multiline strings that appear to have CRLF line terminators. (Manfred Hanke) 3. *.tm: minor documentation updates 4. src/slang.h: SLANG_VERSION_STRING was missing the "pre" prefix. 5. src/sltermin.c: Added support for TERMINFO_DIRS (based upon a patch forwarded by Jörg Thalheim) 6. src/slarray.c: src/slarray.c: some integer overflow checks were resulting undefined behavior (reported by Sergey) 7. modules/csv.sl: Strip leading/trailing whitespace from column names 8. src/slsmg.c,sldisply.c: Removed static buffers with sizes dependent upon SLTT_MAX_SCREEN_ROWS/COLS in favor of dynamically allocated ones. 9. modules/chksum-module: added CRC-8,16,32 checksums to the chksum module 10. modules/csv.sl: An error message in the form of a dollar-string was not marked as such. 11. modules/csv.sl: Added support for empty CSV files 12. src/sltime.c: The timegm function will ignore the tm_wday and tm_yday fields, and instead use the tm_mon and tm_mday fields. 13. modules/mkfiles/makefile.all: Added a target for chksum_crc.o for win32/64 platforms (see change #9) 14. modules/chksum-module.c: The memset function was used with the wrong structure size causing a buffer overflow on 32 bit systems. 15. src/terminfo/parsecaps.sl: Tweaked an auto-generated comment produced by parsecaps.sl to produce a more deterministic build (Ian Rogers). 16. src/slarray.c: Changed two instances of index errors to throw an IndexError exception instead of InvalidParmError exception. 17. src/slposdir.c; The statvfs function was returning a struct with duplicated f_bsize fields. 18. *.c: In switch statements, changed the /* drop */ comment to /* fall through */ to avoid gcc-8 warnings. 19. modules/csv.sl: If a comment string appears at the start of a line forming a multiline string, then treat it as part of the string. 20. slsh/lib/timestamp.sl: Added a function timestamp_parse that parses strings such as `Thu May 14 18:05:05 2020` and returns the number of seconds since the Unix epoch. 21. src/slregexp.c: Added \D (non-digit), \s (whitespace), and \S (non-whitespace). 22. src/slstrops.c: Added a compiled regexp cache 23. src/slstdio.c: Added trim qualifier to the fgetlines intrinsic: ;trim=1 ==> trim trailing whitespace ;trim=2 ==> trim leading whitespace ;trim=3 ==> trim leading and trailing whitespace 24. slsh/lib/timestamp.sl: When matching a regexp to a timestamp, start with the RE that was used in the previous match. 25. Another timestamp RE tweak to pickup additional irregular forms 26. modules/csv.sl: If a CSV file has a byte-order mark (BOM), ignore it. 27. src/sldisply.c: Increased the buffer size for the SLtt_tgoto function to allow for larger terminfo strings 28. modules/Makefile.in: Added STATS_OBJS to the clean target 29. src/slstrops.c: The is_substr function was not handling a NULL argument 30. slsh/lib/timestamp.sl: Corrected a regular expression for a timestamp with "Z" as the timezone. 31. modules/csv-module.c: Fields with an embedded \r were not being properly handled. 32. src/slarray.c: Improved the speed of multi-dimensional array indexing by about a factor of 2 33. slsh/lib/timestamp.sl: The computation of leap days was incorrect for some years 34. src/slang.h: Added `typedef void (*SLFVOID_STAR)(void)', which will replace FVOID_STAR in version 3. The library code was updated to use this. 35. slsh/lib/fswalk.sl: Added an optional callback argument to the fswalk that is called when leaving a directory. 36. modules/termios-module.c: Avoid a potential problem with the tcgetpgrp intrinsic in the unlikely case that sizeof(pid_t) is larger than sizeof(int). 37. src/slarray.c: Simplified the range checking in the linear_get_data_addr function and removed unused code. 38. Updated the copyright year 39. slsh/lib/fswalk.sl: Change #35 regression: The get_stat function was being called with the wrong number of arguments. 40. src/slarith.c: Additional binary arithmetic optimizations involving arrays of char and short. 41. src/slang.c,slarray.c: Added qualifier support to the array_map function. 42. src/slang.c: Flagged the use of an uninitialized variable as soon as it is accessed ("pushed") rather than waiting until it is used ("popped"). Fixed a bug in slsh/lib/setfuns.sl:union that was detected by this change. 43. src/sl-feat.h: Floating point support by the interpreter is now required. The library has not compiled without it for a long time. As such, this option is no longer available. 44. */test/*.sl: Surrounded regression test code that makes use of complex numbers with `#ifexists Complex_Type' so that they run when the interpreter is compiled without complex variable support. 45. src/slarray.c: The _pSLarray1d_push_elem needed to be exposed when compiling the interpreter without optimization. 46. src/slarith.c,...: Rewrote the various macros used by this file to simplify the code, permit better optimization, and easier maintenance. Some of the loops were also unrolled. 47. src/slarray.c: Made the array bounds index checking code more uniform for better readability. 48. src/slarray.c: The previous change introduced a bug that caused array indexing with no (empty) indices to fail. 49. modules/chksum-module.c: When a CRC object went out of scope without being closed, it would leave its value on the stack. 50. slsh/lib/process.sl: If the file descriptor that is used to communicate messages from the child process back to the parent is requested by the caller, then dup an unused one. To facilitate testing, two additional hooks were added: exit_hook and exec_hook. 51. slsh/lib/cmdopt.sl: If a command line option is associated with a callback function, and the value of the command line argument is optional, pass the default value to the callback if not given on the command line. 52. modules: Added cumulant function to the stats module; updated regression scripts/unit tests for better code coverage; fixed a bug in the _zlib_inflate_reset function where deflateReset was being called instead of inflateReset. 53. slsh/lib: Updated unit/regression tests for better coverage 54. slsh/lib/print.sl: Use >= instead of > when comparing the number of screen rows to determine if the pager should be used. 55. modules/chksum-module: Added sha224, sha256, sha384, and sha512 algorithms kindly provided by Jakob Stierhof 56. modules/chksum-module: Added HMAC message authentication code algorithm (Jakob Stierhof) 57. modules/mkfiles/makefile.all: Added chksum_sha2 to the non-Unix makefile. 58. src/slgetkey.c: Use memmove instead of SLMEMCPY to avoid issues with coping to an overlapping buffer. (William Ahern) 59. modules/pcre.sl: The options qualifier was not being properly handled by the pcre_matches function. 60. src/_slang.h,etc: replaced the dependence of the internal _pSLang_get_run_stack* functions, which return absolute pointers, in favor of relative offsets. 61. src/slang.c: Made the run-time stack dynamically growable up to a maximum configured size. 62. modules/: Documentation updates 63. src/: Added _set_bos/f_compile_hook functions to specify a function to get called when a statement or function gets compiled. 64. src/sllimits.h: Reduced the initial stack size to a value similar to what it was before change #61. 65. src/slarrfun.c: array_swap was returning a copy of the input array when when swapping an array element with itself (bug reported by Jakob Stierhof) 66. modules/csv.sl: If _csv_decode_row fails, include in the error message the line number of the file where the error was detected 67. modules/socket-module.c: Corrected an error message for the bind function 68. Updated the copyright year 69. Added slcov script which generates lcov-compatible code coverage data 70. autoconf/aclocal.m4: Updated to v0.3.4.1 71. slsh/Makefile.in: Changed the order of the linker flags to avoid a linking problem on MacPorts (Ryan Schmidt) 72. slsh/lib/cmdopt.sl: Corrected a usage message 73. src/slposio.c: Added the flock function for the creation of advisory locks 74. src/slcurses.h: Added 'extern "C"' to enable the file to be used in C++ programs; also marked some variables as dynamically exportable by using SL_EXTERN (Gisle Vanem) 75. src/slstrops.c: "%0*" was being flagged as invalid by the sprintf function (Jakob Stierhof) 76. modules/csv.sl: When writing a CSV file with a single row, convert any scalar data values to single element arrays. 77. src/Makefile.in, slsh/Makefile.in: Addressed some dependency problems found by `make --shuffle` that were causing parallel builds to fail (Sergei Trofimovich) 78. src/slarray.c: Flag out-of-range indexing of indefinite ranges involving negative indexes, e.g., x = [1]; y = x[[-2:]]; Previousely this resulted in y = [1,1] instead of an error. 79. modules/csv.sl: Avoid indexing an empty array with a negative index (detected by change #78) 80. src/slarray:c: #78 was flagging x[[:-2]] as invalid instead of producing an empty array for x=[1] 81. src/slarray.c: Tweaked the handling of negative indices in indefinite ranges such that x[[:-i]] will produce an empty array wheneve i > length(x) 82. src/sltermin.c: Added support for so-called user-defined terminfo extensions. In particular, if the terminfo file defines RGB=true, then truecolor support will be enabled. 83. src/sldisply.c: The Has_True_Color variable was not defined for 32 bit systems 84. modules/csv.sl: Improved read speed for large CSV files 85. src/test/posixio.sl: Do not test the flock function using an NFS mounted direcory, which requires lockd to be running on the server Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
3856fa45c9 |
pciutils: Update to version 3.9.0
- Update from version 3.8.0 to 3.9.0
- Update of rootfile
- Changelog
3.9.0.
* We decode Compute Express Link (CXL) capabilities.
* The tree mode of lspci is now compatible with filtering options.
* When setpci is used with a named register, it checks whether
the register is present in the particular header type.
* Linux: The intel-conf[12] back-ends prefer to use ioperm() instead
of iopl() to gain access to I/O ports.
* Windows: We have two new back-ends thanks to Pali Rohár.
One uses the NT SysDbg interface, the other uses kldbgdrv.sys
(which is a part of the Microsoft WinDbg tool).
* Windows: We support building libpci as a DLL. Also, Windows
binaries now include meta-data with version.
* Hurd: The Hurd back-end works again.
* mmio-conf1(-ext): Added a new back-end implementing the intel-conf1
interface over MMIO. This is useful on some ARM machines, but it
requires manual configuration of the MMIO addresses.
* As usually, updated pci.ids to the current snapshot of the database.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
48af3df725 |
openssh: Update to version 9.3p1
- Update from version 9.2p1 to 9.3p1
- Update of rootfile not required
- Removal of patch as this was only required for i586 builds which are no longer done in
IPFire
- Changelog
9.3p1 (2023-03-15)
This release fixes a number of security bugs.
Security
This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.
* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.
* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.
The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.
New features
* ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when
outputting SSHFP fingerprints to allow algorithm selection. bz3493
* sshd(8): add a `sshd -G` option that parses and prints the
effective configuration without attempting to load private keys
and perform other checks. This allows usage of the option before
keys have been generated and for configuration evaluation and
verification by unprivileged users.
Bugfixes
* scp(1), sftp(1): fix progressmeter corruption on wide displays;
bz3534
* ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability
of private keys as some systems are starting to disable RSA/SHA1
in libcrypto.
* sftp-server(8): fix a memory leak. GHPR363
* ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol
compatibility code and simplify what's left.
* Fix a number of low-impact Coverity static analysis findings.
These include several reported via bz2687
* ssh_config(5), sshd_config(5): mention that some options are not
first-match-wins.
* Rework logging for the regression tests. Regression tests will now
capture separate logs for each ssh and sshd invocation in a test.
* ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage
says it should; bz3532.
* ssh(1): ensure that there is a terminating newline when adding a
new entry to known_hosts; bz3529
Portability
* sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
mmap(2), madvise(2) and futex(2) flags, removing some concerning
kernel attack surface.
* sshd(8): improve Linux seccomp-bpf sandbox for older systems;
bz3537
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
7ace13e5c1 |
newt: Update to version 0.52.23
- Update from version 0.52.21 to 0.52.23 - Update of rootfile - Changelog 0.52.23 - fix automatic height of menu/list in whiptail (broken in 0.52.22) - fix automatic width of whiptail --yesno box - fix automatic width in whiptail with unicode characters - fix automatic width with whiptail --noitem and --notags options - fix spacing with longer tags in whiptail - avoid overlapping backtitle in whiptail with automatic height 0.52.22 - fix crash in whiptail with new libpopt - switch from usleep to nanosleep (Rosen Penev) - fix libnewt.pc to enable static linking (Alexey Sheplyakov) - fix LDFLAGS order in snack linking (Sam James) - use CFLAGS when compiling snack - improve configure.ac (Thomas Kuehne) - install header and libnewt.pc with shared library (Michael Olbrich) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
00bf577610 |
libcap: Update to version 2.67
- Update from version 2.66 to 2.67
- Update of rootfile
- Changelog
Release notes for 2.67
Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch
from David Seifert.
Added SPDX identifiers to License file(s). Hopefully this will help the various
robots out there correctly identify the longstanding licenses for libcap and friends.
(Bug: 216609 reported by Günther Noack)
Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther
Noack on behalf of Michael Stapelberg)
The basic issue is how to link C code with Go psx without using CGo. This is all
a low level hackery. If you are interested, browse the source.
Correct for bad whatis entries in man pages (this was throwing a Debian build test,
detail)
Also reviewed man pages and addressed cross linkage issues (Bug: 216585)
Cleaned up some README.md files (made a github mirror now just so I can
automatically render them).
Changed meaning of DYNAMIC=no builds.
This now builds everything with static linking except for libc. The reason for
this exception is explained in the commit message.
Inserted demonstration exploit code in capso.so to support article.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
127e0b465b |
tzdata: Update to version 2023b
- Update from version 2022g to 2023b
- Update of rootfile not required
- Changelog
Release 2023b - 2023-03-23 19:50:38 -0700
Briefly:
Lebanon delays the start of DST this year.
Changes to future timestamps
This year Lebanon springs forward April 20/21 not March 25/26.
(Thanks to Saadallah Itani.)
Release 2023a - 2023-03-22 12:39:33 -0700
Briefly:
Egypt now uses DST again, from April through October.
This year Morocco springs forward April 23, not April 30.
Palestine delays the start of DST this year.
Much of Greenland still uses DST from 2024 on.
America/Yellowknife now links to America/Edmonton.
tzselect can now use current time to help infer timezone.
The code now defaults to C99 or later.
Fix use of C23 attributes.
Changes to future timestamps
Starting in 2023, Egypt will observe DST from April's last Friday
through October's last Thursday. (Thanks to Ahmad ElDardiry.)
Assume the transition times are 00:00 and 24:00, respectively.
In 2023 Morocco's spring-forward transition after Ramadan
will occur April 23, not April 30. (Thanks to Milamber.)
Adjust predictions for future years accordingly. This affects
predictions for 2023, 2031, 2038, and later years.
This year Palestine will delay its spring forward from
March 25 to April 29 due to Ramadan. (Thanks to Heba Hamad.)
Make guesses for future Ramadans too.
Much of Greenland, represented by America/Nuuk, will continue to
observe DST using European Union rules. When combined with
Greenland's decision not to change the clocks in fall 2023,
America/Nuuk therefore changes from -03/-02 to -02/-01 effective
2023-10-29 at 01:00 UTC. (Thanks to Thomas M. Steenholdt.)
This change from 2022g doesn't affect timestamps until 2024-03-30,
and doesn't affect tm_isdst until 2023-03-25.
Changes to past timestamps
America/Yellowknife has changed from a Zone to a backward
compatibility Link, as it no longer differs from America/Edmonton
since 1970. (Thanks to Almaz Mingaleev.) This affects some
pre-1948 timestamps. The old data are now in 'backzone'.
Changes to past time zone abbreviations
When observing Moscow time, Europe/Kirov and Europe/Volgograd now
use the abbreviations MSK/MSD instead of numeric abbreviations,
for consistency with other timezones observing Moscow time.
Changes to code
You can now tell tzselect local time, to simplify later choices.
Select the 'time' option in its first prompt.
You can now compile with -DTZNAME_MAXIMUM=N to limit time zone
abbreviations to N bytes (default 255). The reference runtime
library now rejects POSIX-style TZ strings that contain longer
abbreviations, treating them as UTC. Previously the limit was
platform dependent and abbreviations were silently truncated to
16 bytes even when the limit was greater than 16.
The code by default is now designed for C99 or later. To build in
a C89 environment, compile with -DPORT_TO_C89. To support C89
callers of the tzcode library, compile with -DSUPPORT_C89. The
two new macros are transitional aids planned to be removed in a
future version, when C99 or later will be required.
The code now builds again on pre-C99 platforms, if you compile
with -DPORT_TO_C89. This fixes a bug introduced in 2022f.
On C23-compatible platforms tzcode no longer uses syntax like
'static [[noreturn]] void usage(void);'. Instead, it uses
'[[noreturn]] static void usage(void);' as strict C23 requires.
(Problem reported by Houge Langley.)
The code's functions now constrain their arguments with the C
'restrict' keyword consistently with their documentation.
This may allow future optimizations.
zdump again builds standalone with ckdadd and without setenv,
fixing a bug introduced in 2022g. (Problem reported by panic.)
leapseconds.awk can now process a leap seconds file that never
expires; this might be useful if leap seconds are discontinued.
Changes to commentary
tz-link.html has a new section "Coordinating with governments and
distributors". (Thanks to Neil Fuller for some of the text.)
To improve tzselect diagnostics, zone1970.tab's comments column is
now limited to countries that have multiple timezones.
Note that leap seconds are planned to be discontinued by 2035.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
0f450c32f1 |
grep: Update to version 3.10
- Update from version 3.9 to 3.10
- Update of rootfile not required
- Changelog
* Noteworthy changes in release 3.10 (2023-03-22) [stable]
** Bug fixes
With -P, \d now matches only ASCII digits, regardless of PCRE
options/modes. The changes in grep-3.9 to make \b and \w work
properly had the undesirable side effect of making \d also match
e.g., the Arabic digits: ٠١٢٣٤٥٦٧٨٩. With grep-3.9, -P '\d+'
would match that ten-digit (20-byte) string. Now, to match such
a digit, you would use \p{Nd}. Similarly, \D is now mapped to [^0-9].
[bug introduced in grep 3.9]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
385f7bd8ac |
elfutiles: Update to version 0.189
- Update from version 0.187 to 0.189 - Update of rootfile - Changelog Version 0.189 "Don't deflate!" configure: eu-nm, eu-addr2line and eu-stack can provide demangled symbols when linked with libstdc++. Use --disable-demangler to disable. A new option --enable-sanitize-memory has been added for msan sanitizer support. libelf: elf_compress now supports ELFCOMPRESS_ZSTD when build against libzstd libdwfl: dwfl_module_return_value_location now returns 0 (no return type) for DIEs that point to a DW_TAG_unspecified_type. elfcompress: -t, --type= now support zstd if libelf has been build with ELFCOMPRESS_ZSTD support. backends: Add support for LoongArch and Synopsys ARCv2 processors. Version 0.188 "no section left behind" readelf: Add -D, --use-dynamic option. debuginfod-client: Add $DEBUGINFOD_HEADERS_FILE setting to supply outgoing HTTP headers. Add new function debuginfod_find_section. debuginfod: Add --disable-source-scan option. libdwfl: Add new function dwfl_get_debuginfod_client. Add new function dwfl_frame_reg. Add new function dwfl_report_offline_memory. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
c453b48e9d |
sqlite: Update to version 3410200
- Update from version 3400100 to 3410200
- Update of rootfile not required
- Changelog
3.41.2 (2023-03-22):
Multiple fixes for reads past the end of memory buffers (NB: reads not writes) in the
following circumstances:
When processing a corrupt database file using the non-standard SQLITE_ENABLE_STAT4
compile-time option.
In the CLI when the sqlite3_error_offset() routine returns an out-of-range value
(see also the fix to sqlite3_error_offset() below).
In the recovery extension.
In FTS3 when processing a corrupt database file.
Fix the sqlite3_error_offset() so that it does not return out-of-range values when
reporting errors associated with generated columns.
Multiple fixes in the query optimizer for problems that cause incorrect results for
bizarre, fuzzer-generated queries.
Increase the size of the reference counter in the page cache object to 64 bits to
ensure that the counter never overflows.
Fix a performance regression caused by a bug fix in patch release 3.41.1.
Fix a few incorrect assert() statements.
3.41.1 (2023-03-10):
Provide compile-time options -DHAVE_LOG2=0 and -DHAVE_LOG10=0 to enable SQLite to be
compiled on systems that omit the standard library functions log2() and log10(),
repectively.
Ensure that the datatype for column t1.x in
"CREATE TABLE t1 AS SELECT CAST(7 AS INT) AS x;" continues to be INT and is not
NUM, for historical compatibility.
Enhance PRAGMA integrity_check to detect when extra bytes appear at the end of an
index record.
Fix various obscure bugs reported by the user community. See the timeline of changes
for details.
3.41.0 On 2023-02-21
Query planner improvements:
Make use of indexed expressions within an aggregate query that includes a
GROUP BY clause.
The query planner has improved awareness of when an index is a covering index
and adjusts predicted runtimes accordingly.
The query planner is more aggressive about using co-routines rather than
materializing subqueries and views.
Queries against the built-in table-valued functions json_tree() and json_each()
will now usually treat "ORDER BY rowid" as a no-op.
Enhance the ability of the query planner to use indexed expressions even if the
expression has been modified by the constant-propagation optimization. (See
forum thread 0a539c7.)
Add the built-in unhex() SQL function.
Add the base64 and base85 application-defined functions as an extension and include
that extension in the CLI.
Add the sqlite3_stmt_scanstatus_v2() interface. (This interface is only available if
SQLite is compiled using SQLITE_ENABLE_STMT_SCANSTATUS.)
In-memory databases created using sqlite3_deserialize() now report their filename as
an empty string, not as 'x'.
Changes to the CLI:
Add the new base64() and base85() SQL functions
Enhanced EXPLAIN QUERY PLAN output using the new sqlite3_stmt_scanstatus_v2()
interface when compiled using SQLITE_ENABLE_STMT_SCANSTATUS.
The ".scanstats est" command provides query planner estimates in profiles.
The continuation prompt indicates if the input is currently inside of a string
literal, identifier literal, comment, trigger definition, etc.
Enhance the --safe command-line option to disallow dangerous SQL functions.
The double-quoted string misfeature is now disabled by default for CLI builds.
Legacy use cases can reenable the misfeature at run-time using the
".dbconfig dqs_dml on" and ".dbconfig dqs_ddl on" commands.
Enhance the PRAGMA integrity_check command so that it detects when text strings in a
table are equivalent to but not byte-for-byte identical to the same strings in the
index.
Enhance the carray table-valued function so that it is able to bind an array of BLOB
objects.
Added the sqlite3_is_interrupted() interface.
Long-running calls to sqlite3_prepare() and similar now invoke the progress handler
callback and react to sqlite3_interrupt().
The sqlite3_vtab_in_first() and sqlite3_vtab_in_next() functions are enhanced so
that they reliably detect if they are invoked on a parameter that was not selected
for multi-value IN processing using sqlite3_vtab_in(). They return SQLITE_ERROR
instead of SQLITE_MISUSE in this case.
The parser now ignores excess parentheses around a subquery on the right-hand side
of an IN operator, so that SQLite now works the same as PostgreSQL in this regard.
Formerly, SQLite treated the subquery as an expression with an implied "LIMIT 1".
Added the SQLITE_FCNTL_RESET_CACHE option to the sqlite3_file_control() API.
Makefile improvements:
The new makefile target "sqlite3r.c" builds an amalgamation that includes the
recovery extension.
New makefile targets "devtest" and "releasetest" for running a quick
developmental test prior to doing a check-in and for doing a full release test,
respectively.
Miscellaneous performance enhancements.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
|
||
|
Adolf Belka
|
d8a10d15fd |
sdl2: Update to version 2.26.4
- Update from version 2.26.2 to 2.26.4
- Update of rootfile
- Changelog
2.26.4 Latest
Fixed relative mouse motion over remote desktop on Windows
Fixed using older game controller mappings on Linux
2.26.3
Fixed infinite loop shutting down WGI controllers
Fixed centering the D-pad on some Xbox controllers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
|
||
Matthias Fischer
|
0ddd17b790 |
bind: Update to 9.16.39
For details see: https://downloads.isc.org/isc/bind9/9.16.39/doc/arm/html/notes.html#notes-for-bind-9-16-39 "Notes for BIND 9.16.39 Feature Changes libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. [GL #3840] Bug Fixes named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. [GL #3911]" When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [GL #3673]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> |
||
Peter Müller
|
d3a520fa68 |
Revert "e2fsprogs: Update to version 1.47.0"
This reverts commit
|
||
|
Peter Müller
|
8370c82a58 |
haproxy: Update to 2.7.4
https://www.mail-archive.com/haproxy@formilux.org/msg43229.html Reported-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
a127e615ac |
wireless-regdb: Update to 2023-02-13
Please refer to https://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git/log/ for the list of commits since August 2022. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
3562922c43 |
linux-firmware: Update to version 20230210
- Update from version 20221214 to 20230210 - Update of rootfile - Changelog For changes see the commits in the git repo https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
078ec1ecc0 |
grep: Update to version 3.9
- Update from version 3.8 to 3.9
- Update of rootfile not required
- Changelog
Noteworthy changes in release 3.9 (2023-03-05) [stable]
Bug fixes
With -P, some non-ASCII UTF8 characters were not recognized as
word-constituent due to our omission of the PCRE2_UCP flag. E.g.,
given f(){ echo Perú|LC_ALL=en_US.UTF-8 grep -Po "$1"; } and
this command, echo $(f 'r\w'):$(f '.\b'), before it would print ":r".
After the fix, it prints the correct results: "rú:ú".
When given multiple patterns the last of which has a back-reference,
grep no longer sometimes mistakenly matches lines in some cases.
[Bug#36148#13 introduced in grep 3.4]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
f21d3a5ad3 |
python3-setuptools: Update to version 67.5.1
- Update from version 65.4.1 to 67.5.1 - Update of rootfile - Changelog v67.5.1 Misc * #3836: Fixed interaction between ``setuptools``' package auto-discovery and auto-generated ``htmlcov`` files. Previously, the ``htmlcov`` name was ignored when searching for single-file modules, however the correct behaviour is to ignore it when searching for packages (since it is supposed to be a directory, see `coverage config`_) -- by :user:`yukihiko-shinoda`. .. _coverage config: https://coverage.readthedocs.io/en/stable/config.html#html-directory * #3838: Improved error messages for ``pyproject.toml`` validations. * #3839: Fixed ``pkg_resources`` errors caused when parsing metadata of packages that are already installed but do not conform with PEP 440. v67.5.0 Changes * #3843: Although pkg_resources has been discouraged for use, some projects still consider pkg_resources viable for usage. This change makes it clear that pkg_resources should not be used, emitting a DeprecationWarning when imported. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
2e7b68c693 |
sudo: Update to version 1.9.13p3
- Update from version 1.9.13p2 to 1.9.13p3 - Update of rootfile not required - Changelog What's new in Sudo 1.9.13p3 * Fixed a bug introduced in sudo 1.9.13 that caused a syntax error when "list" was used as a user or host name. GitHub issue #246. * Fixed a bug that could cause sudo to hang when running a command in a pseudo-terminal when there is still input buffered after a command has exited. * Fixed "sudo -U otheruser -l command". This is a regression in sudo 1.9.13. GitHub issue #248. * Fixed "sudo -l command args" when matching a command in sudoers with command line arguments. This is a regression in sudo 1.9.13. GitHub issue #249. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
a9bca0f0d8 |
cups-filters: -std=c++17 required due to problem introduced with qpdf-11.3.0
- Add -std=c++17 flag to configure - Disable static libs - Update of rootfile Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
6828b9bcd6 |
qpdf: Update to version 11.3.0
- Update from version 10.4.0 to 11.3.0 - Update of rootfile - Build changed to cmake from version 11.0 onwards - find-dependencies run due to lib so bump. Only qpdf and cups-filters are linked to the changed libs. cups-filters being shipped due to a change required because of qpdf-11.3.0 - Changelog is too large to include here. Details can be found in the ChangeLog file in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
d6cb0d4330 |
poppler-data: Update to version 0.4.12
- Update from version 0.4.11 to 0.4.12 - Update of rootfile not required - No Changelog available but the latest version of poppler-data is required by poppler Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
cb9ead7f91 |
poppler: Update to version 23.03.0
- Update from version 23.01.0 to 23.03.0
- Update of rootfile not required
- Changelog
Release 23.03.0:
core:
* PngWriter: Fix potential uninitialized memory use
Release 23.02.0:
core:
* CairoOutputDev: Fix rendering of color type 3 fonts
* CairoOutputDev: Add handling matte entry
* Fix segfault on wrong nssdir
* Fix "NSS could not shutdown"
utils:
* pdfsig: Point out supports PKCS#11 URIs as nickname
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
b8e360bab7 |
cups: Update to version 2.4.2
- Update from 2.4.1 to 2.4.2 - Update of rootfile not required - Changelog Changes in CUPS v2.4.2 (26th May 2022) - Fixed certificate strings comparison for Local authorization (CVE-2022-26691) - The `cupsFileOpen` function no longer opens files for append in read-write mode (Issue #291) - The cupsd daemon removed processing temporary queue (Issue #364) - Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm closing the connection (Issue #365) - Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329) - Fixed CSS related issues in CUPS Web UI (Issue #344) - Fixed copyright in CUPS Web UI trailer template (Issue #346) - mDNS hostname in device uri is not resolved when installaling a permanent IPP Everywhere queue (Issues #340, #343) - The `lpstat` command now reports when the scheduler is not running (Issue #352) - Updated the man pages concerning the `-h` option (Issue #357) - Re-added LibreSSL/OpenSSL support (Issue #362) - Updated the Solaris smf service file (Issue #368) - Fixed a regression in lpoptions option support (Issue #370) - The scheduler now regenerates the PPD cache information after changing the "cupsd.conf" file (Issue #371) - Updated the scheduler to set "auth-info-required" to "username,password" if a backend reports it needs authentication info but doesn't set a method for authentication (Issue #373) - Updated the configure script to look for the OpenSSL library the old way if pkg-config is not available (Issue #375) - Fixed the prototype for the `httpWriteResponse` function (Issue #380) - Brought back minimal AIX support (Issue #389) - `cupsGetResponse` did not always set the last error. - Fixed a number of old references to the Apple CUPS web page. - Restored the default/generic printer icon file for the web interface. - Removed old stylesheet classes that are no longer used by the web interface. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Matthias Fischer
|
ee1d6a7c3a |
apache: Update to 2.4.56
For details see: https://dlcdn.apache.org/httpd/CHANGES_2.4.56 "Changes with Apache 2.4.56 *) SECURITY: CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (cve.mitre.org) HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. Credits: Dimas Fariski Setyawan Putra (nyxsorcerer) *) SECURITY: CVE-2023-25690: HTTP request splitting with mod_rewrite and mod_proxy (cve.mitre.org) Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" " http://example.com:8080/elsewhere?$1" http://example.com:8080/elsewhere ; [P] ProxyPassReverse /here/ http://example.com:8080/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Credits: Lars Krapf of Adobe *) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be truncated without the initial logfile being truncated. [Eric Covener] *) mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to allow connections of any age to be reused. Up to now, a negative value was handled as an error when parsing the configuration file. PR 66421. [nailyk <bzapache nailyk.fr>, Christophe Jaillet] *) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number of headers. [Ruediger Pluem] *) mod_md: - Enabling ED25519 support and certificate transparency information when building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis. - MDChallengeDns01 can now be configured for individual domains. Thanks to Jérôme Billiras (@bilhackmac) for the initial PR. - Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge teardown not being invoked as it should. [Stefan Eissing] *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors reported in access logs and error documents. The processing of the reset was correct, only unneccesary reporting was caused. [Stefan Eissing] *) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation. [Yann Ylavic]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
38d6ab69c9 |
ca-certificates: Update root CA certificates bundle
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
ee80a12db0 |
strongswan: Update to version 5.9.10
- Update from version 5.9.9 to 5.9.10 - Update of rootfile not required - Changelog strongswan-5.9.10 - Fixed a vulnerability related to certificate verification in TLS-based EAP methods that leads to an authentication bypass followed by an expired pointer dereference that results in a denial of service and possibly even remote code execution. This vulnerability has been registered as CVE-2023-26463. - Added support for full packet hardware offload for IPsec SAs and policies with Linux 6.2 kernels to the kernel-netlink plugin. - TLS-based EAP methods now use the standardized key derivation when used with TLS 1.3. - The eap-tls plugin properly supports TLS 1.3 according to RFC 9190, by implementing the "protected success indication". - With the `prefer` value for the `childless` setting, initiators will create a childless IKE_SA if the responder supports the extension. - Routes via XFRM interfaces can optionally be installed automatically by enabling the `install_routes_xfrmi` option of the kernel-netlink plugin. - charon-nm now uses XFRM interfaces instead of dummy TUN devices to avoid issues with name resolution if they are supported by the kernel. - The `pki --req` command can encode extendedKeyUsage (EKU) flags in the PKCS#10 certificate signing request. - The `pki --issue` command adopts EKU flags from CSRs but allows modifying them (replace them completely, or adding/removing specific flags). - On Linux 6.2 kernels, the last use times of CHILD_SAs are determined via the IPsec SAs instead of the policies. - For libcurl with MultiSSL support, the curl plugin provides an option to select the SSL/TLS backend. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
ee5c0d09dc |
zstd: Update to version 1.5.4
- Update from version 1.5.2 to 1.5.4 - Update of rootfile - Changelog v1.5.4 (Feb 2023) perf: +20% faster huffman decompression for targets that can't compile x64 assembly (#3449, @terrelln) perf: up to +10% faster streaming compression at levels 1-2 (#3114, @embg) perf: +4-13% for levels 5-12 by optimizing function generation (#3295, @terrelln) pref: +3-11% compression speed for `arm` target (#3199, #3164, #3145, #3141, #3138, @JunHe77 and #3139, #3160, @danlark1) perf: +5-30% faster dictionary compression at levels 1-4 (#3086, #3114, #3152, @embg) perf: +10-20% cold dict compression speed by prefetching CDict tables (#3177, @embg) perf: +1% faster compression by removing a branch in ZSTD_fast_noDict (#3129, @felixhandte) perf: Small compression ratio improvements in high compression mode (#2983, #3391, @Cyan4973 and #3285, #3302, @daniellerozenblit) perf: small speed improvement by better detecting `STATIC_BMI2` for `clang` (#3080, @TocarIP) perf: Improved streaming performance when `ZSTD_c_stableInBuffer` is set (#2974, @Cyan4973) cli: Asynchronous I/O for improved cli speed (#2975, #2985, #3021, #3022, @yoniko) cli: Change `zstdless` behavior to align with `zless` (#2909, @binhdvo) cli: Keep original file if `-c` or `--stdout` is given (#3052, @dirkmueller) cli: Keep original files when result is concatenated into a single output with `-o` (#3450, @Cyan4973) cli: Preserve Permissions and Ownership of regular files (#3432, @felixhandte) cli: Print zlib/lz4/lzma library versions with `-vv` (#3030, @terrelln) cli: Print checksum value for single frame files with `-lv` (#3332, @Cyan4973) cli: Print `dictID` when present with `-lv` (#3184, @htnhan) cli: when `stderr` is *not* the console, disable status updates, but preserve final summary (#3458, @Cyan4973) cli: support `--best` and `--no-name` in `gzip` compatibility mode (#3059, @dirkmueller) cli: support for `posix` high resolution timer `clock_gettime()`, for improved benchmark accuracy (#3423, @Cyan4973) cli: improved help/usage (`-h`, `-H`) formatting (#3094, @dirkmueller and #3385, @jonpalmisc) cli: Fix better handling of bogus numeric values (#3268, @ctkhanhly) cli: Fix input consists of multiple files _and_ `stdin` (#3222, @yoniko) cli: Fix tiny files passthrough (#3215, @cgbur) cli: Fix for `-r` on empty directory (#3027, @brailovich) cli: Fix empty string as argument for `--output-dir-*` (#3220, @embg) cli: Fix decompression memory usage reported by `-vv --long` (#3042, @u1f35c, and #3232, @zengyijing) cli: Fix infinite loop when empty input is passed to trainer (#3081, @terrelln) cli: Fix `--adapt` doesn't work when `--no-progress` is also set (#3354, @terrelln) api: Support for Block-Level Sequence Producer (#3333, @embg) api: Support for in-place decompression (#3432, @terrelln) api: New `ZSTD_CCtx_setCParams()` function, set all parameters defined in a `ZSTD_compressionParameters` structure (#3403, @Cyan4973) api: Streaming decompression detects incorrect header ID sooner (#3175, @Cyan4973) api: Window size resizing optimization for edge case (#3345, @daniellerozenblit) api: More accurate error codes for busy-loop scenarios (#3413, #3455, @Cyan4973) api: Fix limit overflow in `compressBound` and `decompressBound` (#3362, #3373, Cyan4973) reported by @nigeltao api: Deprecate several advanced experimental functions: streaming (#3408, @embg), copy (#3196, @mileshu) bug: Fix corruption that rarely occurs in 32-bit mode with wlog=25 (#3361, @terrelln) bug: Fix for block-splitter (#3033, @Cyan4973) bug: Fixes for Sequence Compression API (#3023, #3040, @Cyan4973) bug: Fix leaking thread handles on Windows (#3147, @animalize) bug: Fix timing issues with cmake/meson builds (#3166, #3167, #3170, @Cyan4973) build: Allow user to select legacy level for cmake (#3050, @shadchin) build: Enable legacy support by default in cmake (#3079, @niamster) build: Meson build script improvements (#3039, #3120, #3122, #3327, #3357, @eli-schwartz and #3276, @neheb) build: Add aarch64 to supported architectures for zstd_trace (#3054, @ooosssososos) build: support AIX architecture (#3219, @qiongsiwu) build: Fix `ZSTD_LIB_MINIFY` build macro, which now reduces static library size by half (#3366, @terrelln) build: Fix Windows issues with Multithreading translation layer (#3364, #3380, @yoniko) and ARM64 target (#3320, @cwoffenden) build: Fix `cmake` script (#3382, #3392, @terrelln and #3252 @Tachi107 and #3167 @Cyan4973) doc: Updated man page, providing more details for `--train` mode (#3112, @Cyan4973) doc: Add decompressor errata document (#3092, @terrelln) misc: Enable Intel CET (#2992, #2994, @hjl-tools) misc: Fix `contrib/` seekable format (#3058, @yhoogstrate and #3346, @daniellerozenblit) misc: Improve speed of the one-file library generator (#3241, @wahern and #3005, @cwoffenden) v1.5.3 (dev version, unpublished) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
56db79acab |
texinfo: Update to version 7.0.2
- Update from version 6.8 to 7.0.2
- Update of rootfile
- Removal of patch which was needed due to inability to build texinfo-6.8 with glibc-2.34
Problem was fixed for building with glibc-2.34 and onwards with texinfo-7.0
- Changelog
7.0.2 (22 January 2023)
This is a bug-fix release with minimal changes.
* texi2any
. do not distribute architecture-dependent files
. build fixed on OpenIndiana 11
* info
. further fix of recoding of UTF-8 files to ASCII
. fix check for presence of man pages on Solaris
* install-info
. fix build by avoiding function name clash on some platforms
. compiler warning re strncat silenced
7.0.1 (30 November 2022)
This is a bug-fix release with minimal changes.
* texi2any
. avoid crashes on empty @image argument and other potential crashes
(with "Can't use an undefined value as an ARRAY reference" message)
. avoid hang on @ref command inside section command
* info
. fix recoding of UTF-8 files to ASCII when run in C locale
* js
. index search fixed for new HTML output
. some obsolete files removed from distribution
7.0 (7 November 2022)
* texi2any
. LaTeX added as an output format, selected with --latex
. EPUB 3 added as an output format, selected with --epub3
. reform throughout the code in general
. thorough review of character encoding issues
. new customization variables involved with character encoding:
INPUT_FILE_NAME_ENCODING, OUTPUT_FILE_NAME_ENCODING,
DOC_ENCODING_FOR_INPUT_FILE_NAME, DOC_ENCODING_FOR_OUTPUT_FILE_NAME,
MESSAGE_ENCODING and COMMAND_LINE_ENCODING
. warn if full-text commands (@ref, @footnote, @anchor) appear in @w
. new variable NO_TOP_NODE_OUTPUT
. IGNORE_BEFORE_SETFILENAME variable removed. former effect
is now always on.
. HTML output:
. use manual_name_html as output directory for split HTML instead of
manual_name or manual_name.html
. default DOCTYPE declaration changed to plain HTML5 style rather than
HTML4 DTD reference
. output only the CSS rules that are needed in an output file
. remove CSS_LINES variable and add SHOW_BUILTIN_CSS_RULES
(custom CSS can still be output using EXTRA_HEAD)
. use <code> tag for the output of @t and @verb instead of <tt>
. use <abbr> for @acronym instead of <acronym>
. link to table of contents from short table of contents only if a
table of contents is actually output
. prefix classes from @example arguments with `user-'
. percent encode URL in @url/@uref, @email, @image and external
manual file
. new USE_XML_SYNTAX, HTML_ROOT_ELEMENT_ATTRIBUTES and
NO_CUSTOM_HTML_ATTRIBUTE variables can be used to output
valid XHTML
. systematic addition of classes attribute in HTML elements based on the
Texinfo @-command names. renaming of class attributes to avoid
confusion with @-commands formatting and describe the role in the
document rather than the formatting style.
. COPIABLE_ANCHORS renamed to COPIABLE_LINKS
. do not add a title by default; SHOW_TITLE or NO_TOP_NODE_OUTPUT has
to be set
. USE_TITLEPAGE_FOR_TITLE is now true by default
. L2H variable removed, replaced by HTML_MATH set to `l2h'
. rename OVERVIEW_LINK_TO_TOC to SHORT_TOC_LINK_TO_TOC
. rename BEFORE_OVERVIEW to BEFORE_SHORT_TOC_LINE
. rename AFTER_OVERVIEW to AFTER_SHORT_TOC_LINES
. remove PRE_ABOUT, AFTER_ABOUT, and add PROGRAM_NAME_IN_ABOUT
. remove KEEP_TOP_EXTERNAL_REF
. new variables IGNORE_REF_TO_TOP_NODE_UP, CONVERT_TO_LATEX_IN_MATH,
HTMLXREF_MODE and HTMLXREF_FILE
. DocBook output:
. do not output Top node or text before the first @node or sectioning
@-command. NO_TOP_NODE_OUTPUT can be set to false to output Top node
for now.
. replace @definfocenlose defined @-commands by the argument as-is
to be more consistent with printed output
. HTML/DocBook output:
. USE_NUMERIC_ENTITY changed to mean to use numeric entities instead
of named entities. former effect is now always on.
. ENABLE_ENCODING_USE_ENTITY variable removed. former effect is now
always off.
. Info output
. quote problematic node names (with :, comma...) by default
. new customization variable ASCII_PUNCTUATION to use plain ASCII
characters for quotation marks and a few other symbols
* texinfo.tex
. `@microtype on' uses microtypography in formatting for pdfTeX and LuaTeX
. do not ignore @part page immediately following Top node
. do `@set txicodevaristt' to get slanted typewriter for @var in code,
`@clear txicodevaristt' to use slanted, variable-width roman font for
@var everywhere. flag is @set by default, but we may turn this off
in the future.
. new file doc/texinfo-zh.tex for Texinfo documents in Chinese.
new support file doc/txi-zh.tex for Chinese. doc/short-sample-zh.texi is
a sample document.
* info
. better support for index entries containing parentheses
. better support for getting bold text etc. when displaying manpages
. bug fixed where the first index entry in a file could be ignored
. M-C-f closes as well as opens footnotes window
. do not crash if run in Brazilian Portuguese locale
* Language
. @deftype* commands use typewriter font in argument list
. new commands @latex, @iflatex, @ifnotlatex for new LaTeX output format
. do `@set txidefnamenospace' to omit space after a definition name
* Other
. build fixed for glibc 2.34
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
88b06e23f1 |
sudo: Update to version 1.9.13p2
- Update from version 1.9.12p2 to 1.9.13p2 - Update of rootfile - Changelog What's new in Sudo 1.9.13p2 * Fixed the --enable-static-sudoers option, broken in sudo 1.9.13. GitHub issue #245. * Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). This bug was introduced in sudo 1.9.8. What's new in Sudo 1.9.13p1 * Fixed a typo in the configure script that resulted in a line like "]: command not found" in the output. GitHub issue #238. * Corrected the order of the C23 [[noreturn]] attribute in function prototypes. This fixes a build error with GCC 13. GitHub issue #239. * The "check" make target misbehaved when there was more than one version of the UTF-8 C locale in the output of "locale -a". GitHub issue #241. * Removed a dependency on the AC_SYS_YEAR2038 macro in configure.ac. This was added in autoconf 2.72 but sudo's configure.ac only required autoconf 2.70. * Relaxed the autoconf version requirement to version 2.69. What's new in Sudo 1.9.13 * Fixed a bug running relative commands via sudo when "log_subcmds" is enabled. GitHub issue #194. * Fixed a signal handling bug when running sudo commands in a shell script. Signals were not being forwarded to the command when the sudo process was not run in its own process group. * Fixed a bug in cvtsudoers' LDIF parsing when the file ends without a newline and a backslash is the last character of the file. * Fixed a potential use-after-free bug with cvtsudoers filtering. GitHub issue #198. * Added a reminder to the default lecture that the password will not echo. This line is only displayed when the pwfeedback option is disabled. GitHub issue #195. * Fixed potential memory leaks in error paths. GitHub issues #199, #202. * Fixed potential NULL dereferences on memory allocation failure. GitHub issues #204, #211. * Sudo now uses C23-style attributes in function prototypes instead of gcc-style attributes if supported. * Added a new "list" pseudo-command in sudoers to allow a user to list another user's privileges. Previously, only root or a user with the ability to run any command as either root or the target user on the current host could use the -U option. This also includes a fix to the log entry when a user lacks permission to run "sudo -U otheruser -l command". Previously, the logs would indicate that the user tried to run the actual command, now the log entry includes the list operation. * JSON logging now escapes control characters if they happen to appear in the command or environment. * New Albanian translation from translationproject.org. * Regular expressions in sudoers or logsrvd.conf may no longer contain consecutive repetition operators. This is implementation- specific behavior according to POSIX, but some implementations will allocate excessive amounts of memory. This mainly affects the fuzzers. * Sudo now builds AIX-style shared libraries and dynamic shared objects by default instead of svr4-style. This means that the default sudo plugins are now .a (archive) files that contain a .so shared object file instead of bare .so files. This was done to improve compatibility with the AIX Freeware ecosystem, specifically, the AIX Freeware build of OpenSSL. Sudo will still load svr4-style .so plugins and if a .so file is requested, either via sudo.conf or the sudoers file, and only the .a file is present, sudo will convert the path from plugin.so to plugin.a(plugin.so) when loading it. This ensures compatibility with existing configurations. To restore the old, pre-1.9.13 behavior, run configure using the --with-aix-soname=svr4 option. * Sudo no longer checks the ownership and mode of the plugins that it loads. Plugins are configured via either the sudo.conf or sudoers file which are trusted configuration files. These checks suffered from time-of-check vs. time-of-use race conditions and complicate loading plugins that are not simple paths. Ownership and mode checks are still performed when loading the sudo.conf and sudoers files, which do not suffer from race conditions. The sudo.conf "developer_mode" setting is no longer used. * Control characters in sudo log messages and "sudoreplay -l" output are now escaped in octal format. Space characters in the command path are also escaped. Command line arguments that contain spaces are surrounded by single quotes and any literal single quote or backslash characters are escaped with a backslash. This makes it possible to distinguish multiple command line arguments from a single argument that contains spaces. * Improved support for DragonFly BSD which uses a different struct procinfo than either FreeBSD or 4.4BSD. * Fixed a compilation error on Linux arm systems running older kernels that may not define EM_ARM in linux/elf-em.h. GitHub issue #232. * Fixed a compilation error when LDFLAGS contains -Wl,--no-undefined. Sudo will now link using -Wl,--no-undefined by default if possible. GitHub issue #234. * Fixed a bug executing a command with a very long argument vector when "log_subcmds" or "intercept" is enabled on a system where "intercept_type" is set to "trace". GitHub issue #194. * When sudo is configured to run a command in a pseudo-terminal but the standard input is not connected to a terminal, the command will now be run as a background process. This works around a problem running sudo commands in the background from a shell script where changing the terminal to raw mode could interfere with the interactive shell that ran the script. GitHub issue #237. * A missing include file in sudoers is no longer a fatal error unless the error_recovery plugin argument has been set to false. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
9e5de6c132 |
pango: Update to version 1.50.13
- Update from version 1.50.6 to 1.50.13 - Update of rootfile - Changelog Overview of changes in 1.50.13, 20-02-2023 - win32: Add back fallback for empty fontsets - win32: Improve DirectWrite support - Fix word segmentation for Japanese - Don't set backspace-deletes-char for math symbols - coretext: Fix a crash - cairo: Apply metrics hinting to underlines too - Treat COLRv1 fonts as color fonts Overview of changes in 1.50.12, 18-11-2022 - Fix weight conversion on MacOS - Update to Unicode 15 - Some introspection annotation fixes - Improve PangoAttrList serialization - Fix char offset calculatiosn in multi-paragraph layouts Overview of changes in 1.50.11, 03-10-2022 - Don't crash for lack of fonts - Avoid a crash in shaping Overview of changes in 1.50.10, 16-09-2022 - Avoid some unnecessary strdups - Fix line height computations with a non-trivial CTM Overview of changes in 1.50.9, 09-08-2022 - Apply show flags to line separators - Fix a thread-safety problem Overview of changes in 1.50.8, 02-07-2022 - Add some properties to fontmap and family - Fix handling of ligature carets in mixed directions Overview of changes in 1.50.7, 14-04-2022 - coretext: Fix the build - editing: Fix moving across paragraph boundaries in rtl - layout: Try harder to survive without fonts - Windows: Register a sans-serif font - Windows: Try harder to load a font Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
9f2c7dda09 |
make: Update to version 4.4.1
- Update from version 4.4 to 4.4.1 - Update of rootfile not required - Changelog Version 4.4.1 (26 Feb 2023) This release is primarily a bug-fix release. A complete list of bugs fixed in this version is available here: https://sv.gnu.org/bugs/index.php?group=make&report_id=111&fix_release_id=110&set=custom * WARNING: Backward-incompatibility! In previous releases it was not well-defined when updates to MAKEFLAGS made inside a makefile would be visible. This release ensures they are visible immediately, even when invoking $(shell ...) functions. Also, command line variable assignments are now always present in MAKEFLAGS, even when parsing makefiles. Implementation provided by Dmitry Goncharov <dgoncharov@users.sf.net> * New feature: Parallel builds of archives Previously it was not possible to use parallel builds with archives. It is still not possible using the built-in rules, however you can now override the built-in rules with a slightly different set of rules and use parallel builds with archive creation. See the "Dangers When Using Archives" section of the GNU Make manual, and https://savannah.gnu.org/bugs/index.php?14927 * Previously target-specific variables would inherit their "export" capability from parent target-specific variables even if they were marked private. Now private parent target-specific variables have no affect. For more details see https://savannah.gnu.org/bugs/index.php?61463 * Disable FIFO jobserver on GNU/Hurd and Cygwin Experimentation shows that the new FIFO-based jobserver doesn't work well on GNU/Hurd or Cygwin: revert these systems to use the pipe-based jobserver. * Updates to allow building on OS/2 Provided by KO Myung-Hun <komh78@gmail.com> * New platform: GNU Make is supported on z/OS Thanks to Igor Todorovski <itodorov@ca.ibm.com> for the patches and testing assistance. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
de374578af |
lmdb: Update to version 0.9.30
- Update from version 0.9.29 to 0.9.30 - Update of rootfile not required - The original git repo where the lmdb-LMDB file was obtained from is marked as a read only mirror of the official repo on openldap.org Going to opemnldap.org then points you to https://git.openldap.org/openldap/openldap for the downloads, which also has a newer version of lmdb than the mirror site. - Therefore I have changed over to that location for the source tarball which requires the name change to openldap-LMDB for the file. Also changed to bz2 version. - Changelog LMDB 0.9.30 Release (2023/02/08) ITS#9806 - LMDB page_split: key threshold depends on page size ITS#9916 - avoid gcc optimization bug on sparc64 linux ITS#9919 - Mark infrequently used functions as cold ITS#9723 - clear C_EOF on cursor with MDB_FIRST_DUP ITS#9030 - Use sys/cachectl.h rather than asm/cachectl.h on mips Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
fe9264e588 |
liburcu: Update to version 0.14.0
- Update from version 0.13.2 to 0.14.0 - Update of rootfile - Changelog 2023-02-14 Userspace RCU 0.14.0 * Fix: urcu-bp: only teardown call-rcu worker in destructor * Fix: rculfhash: urcu_die() takes positive error value * Fix: call_rcu: teardown default call_rcu worker on application exit * Fix: join worker thread in call_rcu_data_free * Docs: clarify grace period polling API * Document grace period polling in rcu-api.md * Implement poll rcu stress test in rcutorture * urcu-memb,mb,signal: Implement grace period polling * Fix: auto-resize hash table destroy deadlock * Fix building on MSYS2 * rculfhash: Include rculfhash-internal.h from local directory * Remove "Darwin" from "should also work on list" * Merge branch 'adah1972-improve-md' * Add semicolons at the end of function prototypes * Wrap a file name in backticks * Wrap command-line options in backticks * Fix a wrong format * Wrap URLs in angle brackets * Fix Markdown issues * Fix: Always check pthread_create for failures * Disable signals in URCU background threads * Fix: futex.h: include headers outside extern C * Fix: add missing unused attribute to _rcu_dereference * Fix: change method used by _rcu_dereference to strip type constness * Fix: remove type constness in URCU_FORCE_CAST's C++ version * Move extern "C" down in include/urcu/urcu-bp.h * fix: ifdef linux specific cpu count compat * Add unit tests for possible_cpus_array_len * fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id * Fix: revise obsolete command in README.md * Fix: workqueue: remove unused variable "ret" * Fix: urcu-qsbr: futex wait: handle spurious futex wakeups * Fix: urcu: futex wait: handle spurious futex wakeups * Fix: urcu-wait: futex wait: handle spurious futex wakeups * Fix: defer_rcu: futex wait: handle spurious futex wakeups * Fix: call_rcu: futex wait: handle spurious futex wakeups * Fix: workqueue: futex wait: handle spurious futex wakeups * Fix: Use %lu rather than %ld to print count * Update ABI definition files * Bump version current and age * alpha: allocate membarrier system call number * Bump version to 0.14.0-pre * Improved test framework * rculfhash: introduce cds_lfht_node_init_deleted * Fix: changelog: v0.13.0 was released in 2021 * cleanup: i386 arch detection * fix: properly detect 'cmpxchg' on x86-32 * fix: use urcu-tls compat with c++ compiler * Fix typo * fix: remove autoconf features default value in help message * fix: add missing pkgconfig file for memb flavour lib * Cleanup: Tests: Remove useless pre-C99 compatibility code from tap.h * Document C99 and C++11 requirement in README.md * Always use '__thread' for Thread local storage except on MSVC * Fix: powerpc32: transparent unions alter calling convention * fix: don't use C++ thread_local on MacOs * wfcqueue API: implement overloaded wrappers with templates * wfcqueue: combine C++ API cds_wfcq_head_cast with overloading * wfstack C++ API: implement overloaded wrappers with templates * lfstack C++ API: implement overloaded wrappers with templates * wfstack: combine C++ API cds_wfs_stack_cast with overloading * lfstack: combine C++ API cds_lfs_stack_cast with overloading * fix: test_build tap plan * Test C++ build of list head init * Fix order of initializers in CDS_LIST_HEAD_INIT * unit tests: test wfcqueue, wfstack, lfstack empty check functions in C++ * wfcqueue: implement C++ API based on function overloading * wfstack: implement C++ API based on function overloading * lfstack: implement C++ API based on function overloading * Fix tap.h: remove extra semicolon in pass/fail macros * Add C++ build tests * Build and run regression and unit tests as C++ programs * Add --enable-Werror configure switch * Add `urcu_posix_assert()` as `assert()` replacement * Rename `urcu_assert()` to `urcu_assert_debug()` * cleanup: spelling fixes in comments * Make temporary variable in _rcu_dereference non-const * (tls-ie2) Fix: x86 and s390: uatomic __hp() macro C++ support * Fix: x86 and s390: uatomic __hp() macro clang support * Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
aefb33df1b |
iproute2: Update to version 6.2.0
- Update from version 6.1.0 to 6.2.0 - Update of rootfile - Changelog No Changelog in website or in source tarball. Only source of changes is the git commits https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
d17852b25e |
harfbuzz: Update to version 7.0.1
- Update from version 6.0.0 to 7.0.1 - Update of rootfile - Changelog Overview of changes leading to 7.0.1 - Various build and bug fixes. Overview of changes leading to 7.0.0 - New hb-paint API that is designed mainly to paint “COLRv1” glyphs, but can be also used as a unified API to paint any of the glyph representations supported by HarfBuzz (B/W outlines, color layers, or color bitmaps). (Behdad Esfahbod, Matthias Clasen) - New hb-cairo API for integrating with cairo graphics library. This is provided as a separate harfbuzz-cairo library. (Behdad Esfahbod, Matthias Clasen) - Support for instancing “CFF2” table. (Behdad Esfahbod) - Support font emboldening. (Behdad Esfahbod) - Support feature ranges with AAT shaping. (Behdad Esfahbod) - Experimental support to cubic curves in “glyf” table, see https://github.com/harfbuzz/boring-expansion-spec/blob/main/glyf1-cubicOutlines.md for spec. (Behdad Esfahbod) - Various subsetter improvements. (Garret Rieger, Qunxin Liu, Behdad Esfahbod) - Various documentation improvements. (Behdad Esfahbod, Matthias Clasen, Khaled Hosny) - Significantly reduced memory use during shaping. (Behdad Esfahbod) - Greatly reduced memory use during subsetting “CFF” table. (Behdad Esfahbod) - New command line utility, hb-info, for querying various font information. (Behdad Esfahbod, Matthias Clasen) - New hb-shape/hb-view options: --glyphs, --color-palette, --font-bold, --font-grade, and --named-instance. (Behdad Esfahbod) - Miscellaneous fixes and improvements. (Amir Masoud Abdol, Andres Salomon, Behdad Esfahbod, Chun-wei Fan, Garret Rieger, Jens Kutilek, Khaled Hosny, Konstantin Käfer, Matthias Clasen, Nirbheek Chauhan, Pedro J. Estébanez, Qunxin Liu, Sergei Trofimovich) - New API: +HB_FONT_NO_VAR_NAMED_INSTANCE +HB_PAINT_IMAGE_FORMAT_BGRA +HB_PAINT_IMAGE_FORMAT_PNG +HB_PAINT_IMAGE_FORMAT_SVG +hb_cairo_font_face_create_for_face +hb_cairo_font_face_create_for_font +hb_cairo_font_face_get_face +hb_cairo_font_face_get_font +hb_cairo_font_face_get_scale_factor +hb_cairo_font_face_set_font_init_func +hb_cairo_font_face_set_scale_factor +hb_cairo_font_init_func_t +hb_cairo_glyphs_from_buffer +hb_cairo_scaled_font_get_font +hb_color_line_get_color_stops +hb_color_line_get_color_stops_func_t +hb_color_line_get_extend +hb_color_line_get_extend_func_t +hb_color_line_t +hb_color_stop_t +hb_draw_funcs_get_empty +hb_draw_funcs_get_user_data +hb_draw_funcs_set_user_data +hb_face_collect_nominal_glyph_mapping +hb_font_draw_glyph +hb_font_draw_glyph_func_t +hb_font_funcs_set_draw_glyph_func +hb_font_funcs_set_paint_glyph_func +hb_font_get_synthetic_bold +hb_font_get_var_named_instance +hb_font_paint_glyph +hb_font_paint_glyph_func_t +hb_font_set_synthetic_bold +hb_map_keys +hb_map_next +hb_map_update +hb_map_values +hb_ot_color_glyph_has_paint +hb_ot_color_has_paint +hb_ot_layout_script_select_language2 +hb_ot_name_id_predefined_t +hb_paint_color +hb_paint_color_func_t +hb_paint_composite_mode_t +hb_paint_custom_palette_color +hb_paint_custom_palette_color_func_t +hb_paint_extend_t +hb_paint_funcs_create +hb_paint_funcs_destroy +hb_paint_funcs_get_empty +hb_paint_funcs_get_user_data +hb_paint_funcs_is_immutable +hb_paint_funcs_make_immutable +hb_paint_funcs_reference +hb_paint_funcs_set_color_func +hb_paint_funcs_set_custom_palette_color_func +hb_paint_funcs_set_image_func +hb_paint_funcs_set_linear_gradient_func +hb_paint_funcs_set_pop_clip_func +hb_paint_funcs_set_pop_group_func +hb_paint_funcs_set_pop_transform_func +hb_paint_funcs_set_push_clip_glyph_func +hb_paint_funcs_set_push_clip_rectangle_func +hb_paint_funcs_set_push_group_func +hb_paint_funcs_set_push_transform_func +hb_paint_funcs_set_radial_gradient_func +hb_paint_funcs_set_sweep_gradient_func +hb_paint_funcs_set_user_data +hb_paint_funcs_t +hb_paint_image +hb_paint_image_func_t +hb_paint_linear_gradient +hb_paint_linear_gradient_func_t +hb_paint_pop_clip +hb_paint_pop_clip_func_t +hb_paint_pop_group +hb_paint_pop_group_func_t +hb_paint_pop_transform +hb_paint_pop_transform_func_t +hb_paint_push_clip_glyph +hb_paint_push_clip_glyph_func_t +hb_paint_push_clip_rectangle +hb_paint_push_clip_rectangle_func_t +hb_paint_push_group +hb_paint_push_group_func_t +hb_paint_push_transform +hb_paint_push_transform_func_t +hb_paint_radial_gradient +hb_paint_radial_gradient_func_t +hb_paint_sweep_gradient +hb_paint_sweep_gradient_func_t +hb_set_is_inverted +hb_subset_input_keep_everything - Deprecated API: +hb_font_funcs_set_glyph_shape_func +hb_font_get_glyph_shape_func_t +hb_font_get_glyph_shape Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
4e692c42b6 |
gnutls: Update to version 3.8.0
- Update from version 3.7.7 to 3.8.0 - Update of rootfile - Changelog Version 3.8.0 (unreleased 2023-02-09) -- libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange. Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361] -- libgnutls: C++ library is now header only. All definitions from gnutlsxx.c have been moved into gnutlsxx.h. Users of the C++ interface have two options: 1. include gnutlsxx.h in their application and link against the C library. (default) 2. include gnutlsxx.h in their application, compile with GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link against the C++ library. -- libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST priority modifier have been added to allow disabling of the status_request TLS extension in the client side. -- libgnutls: TLS heartbeat is disabled by default. The heartbeat extension in TLS (RFC 6520) is not widely used given other implementations dropped support for it. To enable back support for it, supply --enable-heartbeat-support to configure script. -- libgnutls: SRP authentication is now disabled by default. It is disabled because the SRP authentication in TLS is not up to date with the latest TLS standards and its ciphersuites are based on the CBC mode and SHA-1. To enable it back, supply --enable-srp-authentication option to configure script. -- libgnutls: All code has been indented using "indent -ppi1 -linux". CI/CD has been adjusted to catch regressions. This is implemented through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s commit-check. You may run devel/indent-gnutls to fix any indentation issues if you make code modifications. -- guile: Guile-bindings removed. They have been extracted into a separate project to reduce complexity and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>. -- minitasn1: Upgraded to libtasn1 version 4.19. -- API and ABI modifications: GNUTLS_NO_STATUS_REQUEST: New flag GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member Version 3.7.8 (released 2022-09-27) -- libgnutls: In FIPS140 mode, RSA signature verification is an approved operation if the key has modulus with known sizes (1024, 1280, 1536, and 1792 bits), in addition to any modulus sizes larger than 2048 bits, according to SP800-131A rev2. -- libgnutls: gnutls_session_channel_binding performs additional checks when GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the "tls-exporter" channel binding is only usable when the handshake is bound to a unique master secret (i.e., either TLS 1.3 or extended master secret extension is negotiated). Otherwise the function now returns error. -- libgnutls: usage of the following functions, which are designed to loosen restrictions imposed by allowlisting mode of configuration, has been additionally restricted. Invoking them is now only allowed if system-wide TLS priority string has not been initialized yet: gnutls_digest_set_secure gnutls_sign_set_secure gnutls_sign_set_secure_for_certs gnutls_protocol_set_enabled -- API and ABI modifications: No changes since last version. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
0c5234e1ce |
ethtool: Update to version 6.2
- Update from version 6.1 to 6.2 - Update of rootfile not required - Changelog Version 6.2 - February 21, 2023 * Feature: link down event statistics (no option) * Feature: JSON output for coalesce (-c) * Feature: new link modes (no option) * Feature: JSON output for ring (-g) * Feature: netlink handler for RSS get (-x) * Fix: fix boolean value output in JSON output * Fix: fix build errors and warnings Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
1f3f267021 |
e2fsprogs: Update to version 1.47.0
- Update from version 1.46.5 to 1.47.0 - Update of rootfile not required - Changelog E2fsprogs 1.47.0 (February 5, 2023) Updates/Fixes since v1.46.6: UI and Features Add support for the orphan_file feature, which speeds up workloads that are deleting or truncating a large number files in parallel. This compat feature was first supported in the v5.15 Linux kernel. The mke2fs program (via the mke2fs.conf file) now enables the metadata_csum_seed and orphan_file features by default. The metadata_csum_seed feature is an incompat feature which is first supported in the Linux kernel starting in the 4.4 kernel and e2fsprogs 1.43. Mke2fs now supports the extended option "assume_storage_prezeroed" which causes mke2fs to skip zeroing the journal and inode tables and to mark the inode tables as zeroed. Add support to tune2fs and e2label to set the label and UUID for a mounted file system using a ioctl, which is more reliable than modifying the superblock via writing to the block device. The kernel support for setting the label landed in v5.17, while the support for adding the UUID landed in v6.0. If the ioctls are not supported, tune2fs and e2label will fall back old strategy of directly modifying the superblock. Allow tune2fs to disable the casefold feature after scanning all of the directories do not have the Casefold flag set. Fixes Fix a potential unbalanced mutex unlock when there is a short read while using the bounce buffer when using direct I/O. Performance, Internal Implementation, Development Support etc. Fix various Coverity and compiler warnings. Add the new function ext2fs_xattrs_read_inode() which takes an in-memory inode to avoid needing to reread an inode that was already read into memory. Teach debugfs logdump command the -n option which forces printing a specified number of transactions, even when a block missing a magic number would have stopped the logdump. (This is for debugging journalling problems.) E2fsprogs 1.46.6 (February 1, 2023) Updates/Fixes since v1.46.5: UI and Features Debugfs's ncheck command now allows the inode number to be surrounded by angle brackets, to be consistent with other debugfs commands. Debugfs no longer prints a scary message when debugfs -c (which enables "catastrophic mode") is used. This was intended to allow debugfs to operate on very badly corrupted file systems, but it is now sometimes used to suppress reading the block and inode bitmaps when they are not needed. Resize2fs will round down the requested new file system size to the nearest cluster boundary when resizing bigalloc file systems. Improve error messages issued by badblocks. Fuse2fs now supports an offset=<bytes> option which allows operating on a file system image which is located starting at the specified offset from the beginning of the image. Fixes Pre-v6.2 Linux kernels had long-standing bug in how the extended attribute hash was calculated when there were non-ASCII characters in the xattr name, when the hash would be different depending on whether the C 'char' type was signed or unsigned. To address this bug, starting with e2fsprogs 1.46.6+ and Linux 6.2+, we will accept either the signed or unsigned hash variant, but only set the unsigned hash variant. Since extended attribute names are in practice composed of ASCII characters, other than various tests (such as generic/454), most users will hopefully not notice this change. Avoid triggering udev in dumpe2fs and "resize2fs -P" for file systems with MMP enabled by opening the device read-only when reading the MMP block. Fix MMP handling so it can notice when another writer has modify the MMP block out from under it when stopping a MMP sessions. Fix tune2fs so it will detect another device stealing the MMP sessions while rewriting metadata checksums. E2fsck will now check to make sure the journal inode does not have the encrypt flag set. Fix a deadlock bug in e2fsck's error handler when there are errors trying to write to the file system. Fix a bug where e2fsck could fail when specifying an undo file and an explicit superblock number. Fix e2image so it won't potentially loop forever for certain invalid file systems. Fix resize2fs to honor the E2FSPROGS_FAKE_TIME environment variable. This allows embedded system builders who use resize2fs as part of their image build process to create reproducible images. Fix tune2fs to avoid a crash if the journal replay fails and to make sure its exit status is non-zero if there is some failure. Fix tune2fs, fuse2fs, and debugsfs to update j_tail_sequence when replaying the journal. Add additional bullet-proofing for very badly corrupted file systems. Try avoid UBSAN warnings, null pointer derferences, and other memory bugs. (Addresses CVE-2022-1304) Don't fail when the source directory for mke2fs -d doesn't support extended attributese. Check for and handle malloc() failures when computing the log filename in e2fsck and in the libss library. Fix tune2fs and e2fsck to accept pathames which include '=' characters. Previously arguments to tune2fs and e2fsck which included '=' characters are presumed to be blkid specifiers such as UUID=xxx or LABEL=yyy. If a specifier is both a valid pathname name and blkid tag name specifier, priority is given to a blkid resolved pathname. Improve tune2fs's error messages. Fix a bug in tune2fs which could cause it to crash if device goes off-line just as it being opened. Fix the fsck driver so if it is interrupted while running fsck -N it doesn't end up kllling all processes on the system. Fix a crash in badblocks when the user specifies an overly large number of blocks tested at a time in read/write or nondestructive mode. Update and clarify's chattr's man page and usage message. Fix spelling typo's in a variety of different man pages and comments. Performance, Internal Implementation, Development Support etc. Update to autoconf 2.71. Update flags used to create shared library on Darwin/MacOS. Speed up e2fsck's clonning of multiply-claimed blocks so it is substantially faster on very large file systems. Add tests/fuzz directory with fuzzers from oss-fuzz. Add a Github Actions configuration file so that Github will run CI tests on Linux, Windows and MacOS on a push to the e2fsprogs github repo. Make the mtab parsing in ext2fs_check_mount_point() more careful so it won't get confused when a block device shows up in the mnt_name field for a virtual file system. Fix the libss's Makefile to create the man page directory before trying to install its man page. Fix various Coverity and compiler warnings. Make tests more portable on various different OS's and system configurations (e.g., with SELinux enabled, MacOS, and Windows) Use mallinfo2() instead of mallinfo() where avilable, since mallinfo() is deprecated on newer glibc versions. E2fsck will no longer do a full scan of disconnected directory when trying to print the parent directory, which is pointless and can slow down e2fsck if there are a large number of disconnected directories. Debugfs will now print the extended attribute's e_hash field. Fix the setup-schroot script to work on non-Linux platforms. Fix ext2fs_compare_generic_bmap() so it correctly compares all of the bits in the bitmap, and so that it works correctly when comparing a bitarray bitmap with a rbtree-based bitmap. (Fortunately, none of the programs in e2fsprogs uses bitmap comparison functions.) Fix memory leaks on error paths. Add support for the configure option --enable-largefile so that e2fsprogs can utilize largefile support for the MUSL C library. Add an note that the dict library code has been modified, as required by the Kazlib license. Synchronized changes from Android's AOSP e2fsprogs tree. Updated config.guess and config.sub with newer versions from the FSF. Add Friulian translation. Update Chinese, Czech, Dutch, French, German, Malay, Polish, Serbian, Spanish, Swedish, and Ukrainian translations. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
4de715dbe2 |
curl: Update to version 7.88.1
- Update from version 7.87.0 to 7.88.1
- Update of rootfile not required
- Patch removed as fix now built into source tarball
- Changelog
Fixed in 7.88.1 - February 20 2023
Bugfixes:
build-openssl.bat: keep OpenSSL 3 engine binaries
cmake: fix Windows check for CryptAcquireContext
connnect: fix timeout handling to use full duration
curl: make --silent work stand-alone
curl_setup: Suppress OpenSSL 3 deprecation warnings
CURLOPT_WS_OPTIONS.3: fix the availability version
GHA: update rustls dependency to 0.9.2
http2: buffer/pausedata and output flush fix.
http2: set drain on stream end
http: include stdint.h more readily
krb5: silence cast-align warning
lib1560: add IPv6 canonicalization tests
os400: correct Curl_os400_sendto()
remote-header-name.d: mention that filename* is not supported
runtests: fix "uninitialized value $port"
setopt: allow HTTP3 when HTTP2 is not defined
socketpair: allow EWOULDBLOCK when reading the pair check bytes
socks: allow using DoH to resolve host names
tests-httpd: add proxy tests
tests: make sure gnuserv-tls has SRP support before using it
tests: make the telnet server shut down a socket gracefully
tool_getparam: make --get a true boolean
tool_operate: allow debug builds to set buffersize
urlapi: do the port number extraction without using sscanf()
urldata: remove `now` from struct SingleRequest - not needed
Fixed in 7.88.0 - February 15 2023
Changes:
curl.h: add CURL_HTTP_VERSION_3ONLY
share: add sharing of HSTS cache among handles
src: add --http3-only
tool_operate: share HSTS between handles
urlapi: add CURLU_PUNYCODE
writeout: add %{certs} and %{num_certs}
Bugfixes:
cf-socket: fix build when not HAVE_GETPEERNAME
cf-socket: keep sockaddr local in the socket filters
cfilters:Curl_conn_get_select_socks: use the first non-connected filter
CI: add a workflow to automatically label pull requests
CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup
CI: Retry failed downloads to reduce spurious failures
CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12
cmake: bump requirement to 3.7
cmake: check for sendmsg
cmake: delete redundant macro definition `SECURITY_WIN32`
cmake: fix dev warning due to mismatched arg
cmake: fix the snprintf detection
cmake: remove deprecated symbols check
cmake: set SOVERSION also for macOS
cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
cmdline-opts/Makefile: on error, do not leave a partial
CODEOWNERS: remove the peeps mentioned as CI owners
connect: fix access of pointer before NULL check
connect: fix build when not ENABLE_IPV6
connect: fix strategy testing for attempts, timeouts and happy-eyeball
connections: introduce http/3 happy eyeballs
content_encoding: do not reset stage counter for each header
CONTRIBUTE: More formally specify the commit description
cookies: fp is always not NULL
copyright.pl: cease doing year verifications
copyright: update all copyright lines and remove year ranges
curl.1: make help, version and manual sections "custom"
curl.h: allow up to 10M buffer size
curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
curl/websockets.h: extend the websocket frame struct
curl: output warning at --verbose output for debug-enabled version
curl_free.3: fix return type of `curl_free`
curl_global_sslset.3: clarify the openssl situation
curl_log: for failf/infof and debug logging implementations
curl_setup: Disable by default recv-before-send in Windows
curl_version_info.3: fix typo
curl_ws_send.3: clarify how to send multi-frame messages
CURLOPT_HEADERDATA.3: warn DLL users must set write function
CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1
CURLOPT_WRITEFUNCTION.3: fix memory leak in example
dict: URL decode the entire path always
docs/DEPRECATE.md: deprecate gskit
docs: add link to GitHub Discussions
docs: mention indirect effects of --insecure
docs: POSTFIELDSIZE must be set to -1 with read function
doh: ifdef IPv6 code
easyoptions: fix header printing in generation script
escape: hex decode with a lookup-table
escape: use table lookup when adding %-codes to output
examples: remove the curlgtk.c example
fopen: remove unnecessary assignment
ftpserver: lower the DATA connect timeout to speed up torture tests
GHA/macos.yml: bump to gcc-12
GHA/macos: use Xcode_14.0.1 for cmake builds
GHA: add job on Slackware 15.0
GHA: bump ngtcp2 workflow dependencies
GHA: enable websockets in the torture job
GHA: move the quiche job here from zuul
GHA: use designated ngtcp2 and its dependencies versions
haxproxy: send before TLS handhshake
header.d: add a header file example
hsts.d: explain hsts more
hsts: handle adding the same host name again
HTTP/[23]: continue upload when state.drain is set
http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames
http2: fix compiler warning due to uninitialized variable
http2: minor buffer and error path fixes
http2: when using printf %.*s, the length arg must be 'int'
HTTP3: mention what needs to be in place to remove EXPERIMENTAL label
http: add additional condition for including stdint.h
http: decode transfer encoding first
http: fix "part of conditional expression is always false"
http: remove the trace message "Mark bundle... multiuse"
http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
http_proxy: do not assign data->req.p.http use local copy
INSTALL: document how to use multiple TLS backends
lib670: make test.h the first include
lib: connect/h2/h3 refactor
lib: fix typos
lib: fix typos in comments which repeat a word
libssh2: try sha2 algos for hostkey methods
libtest: add a sleep macro for Windows
Linux CI: update some dependecies to latest tag
Makefile.mk: fix wolfssl and mbedtls default paths
man pages: call the custom user pointer 'clientp' consistently
md4: fix build with GnuTLS + OpenSSL v1
misc: fix grammar and spelling
misc: fix spelling
misc: reduce struct and struct field sizes
msh3: add support for request payload
msh3: update to v0.5 Release
msh3: update to v0.6
multi: stop sending empty HTTP/3 UDP datagrams on Windows
multihandle: turn bool struct fields into bits
ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
ngtcp2: fix the build without 'sendmsg'
ngtcp2: replace removed define and stop using removed function
no-clobber.d: only use long form options in man page text
noproxy: support for space-separated names is deprecated
nss: implement data_pending method
openldap: fix missing sasl symbols at build in specific configs
openssl: adapt to boringssl's error code type
openssl: don't ignore CA paths when using Windows CA store (redux)
openssl: don't log raw record headers
openssl: make the BIO_METHOD a local variable in the connection filter
openssl: only use CA_BLOB if verifying peer
openssl: remove attached easy handles from SSL instances
openssl: store the CA after first send (ClientHello)
os400: fixes to make-lib.sh and initscript.sh
packages: remove Android, update README
release-notes.pl: check fixes/closes lines better
Revert "x509asn1: avoid freeing unallocated pointers"
runtest.pl: add expected fourth return value
runtests: tear down http2/http3 servers when https server is stopped
runtests: consider warnings fatal and error on them
runtests: fix detection of TLS backends
runtests: make 'mbedtls' a testable feature
rustls: improve error messages
scripts/delta: show percent of number of files changed since last tag
scripts: fix Appveyor job detection in cijobs.pl
scripts: set file mode +x on all perl and shell scripts
sectransp: fix for incomplete read/writes
SECURITY-PROCESS.md: document severity levels
setopt: Address undefined behaviour by checking for null
setopt: move the SHA256 opt within #ifdef libssh2
setopt: use >, not >=, when checking if uarg is larger than uint-max
smb: return error on upload without size
socketpair: allow localhost MITM sniffers
strdup: name it Curl_strdup
system.h: assume OS400 is always built with ILEC compiler
test1560: use a UTF8-using locale when run
test2304: remove stdout verification
tests-httpd: basic infra to run curl against an apache httpd
tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx
tests: add tests for HTTP/2 and HTTP/3 to verify the header API
tests: avoid use of sha1 in certificates
tls: fixes for wolfssl + openssl combo builds
tool_getparam: fix hiding of command line secrets
tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type
tool_operate: fix error codes during DOS filename sanitize
tool_operate: fix error codes on bad URL & OOM
tool_operate: fix headerfile writing
tool_operate: repair --rate
transfer: break the read loop when RECV is cleared
typecheck: accept expressions for option/info parameters
url: fix part of conditional expression is always true
urlapi: avoid Curl_dyn_addf() for hex outputs
urlapi: fix part of conditional expression is always true: qlen
urlapi: skip path checks if path is just "/"
urlapi: skip the extra dedotdot alloc if no dot in path
urldata: cease storing TLS auth type
urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
urldata: make set.http200aliases conditional on HTTP being present
urldata: move the cookefilelist to the 'set' struct
urldata: remove unused struct fields, made more conditional
vquic: stabilization and improvements
vtls: fix hostname handling in filters
vtls: manage current easy handle in nested cfilter calls
vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
winbuild: document that arm64 is supported
windows: always use curl's basename() implementation
wolfssl: remove deprecated post-quantum algorithms
workflows/linux.yml: merge 3 common packages
write-out.d: add 'since version' to %{header_json} documentation
write-out.d: clarify Windows % symbol escaping
ws: fix autoping handling
ws: fix multiframe send handling
ws: fix recv of larger frames
ws: remove bad assert
ws: unstick connect-only shutdown
ws: use %Ou for outputting curl_off_t with info()
x509asn1: fix compile errors and warnings
zuul: stop using this CI service
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
fc6323b894 |
apr: Update to version 1.7.2
- Update from version 1.7.0 to 1.7.2
- Update of rootfile
- Changelog
Changes for APR 1.7.2
*) Correct a packaging issue in 1.7.1. The contents of the release were
correct, but the top level directory was misnamed.
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Peter Müller
|
083950a0df |
samba: Bump package version
This is necessary, since the package version was already incremented to 91 in "master", due to the libtirpc changes in Core Update 173. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |