- Update from version 4.15.1 to 4.16.0
- Update rootfile
- sobump in rootfile. Ran find-dependencies but no other linked programs identified.
- nscd is disabled in glibc so it has been disabled in shadow. nscd is enabled by default.
- id and groups (deprecated in shadow) are used from coreutils in IPFire.
- Changelog
4.16.0
The shadow implementations of id(1) and groups(1) are deprecated in favor of the
GNU coreutils and binutils versions. They will be removed in 4.17.0.
Support for rlogind in the login(1) implementation has been removed. That is, the
login(1) -r flag has been removed.
The libsubid major version has been bumped, since it now requires specification of
the module's free() implementation.
4.15.2
Bugfix release.
This release includes a large amount of fixes, including memory leaks,
leaks of other resources such as file descriptors, added missing error
handling, and more.
4.15.3
Bugfix release.
This release includes changes to the build system, packaging, and tests;
most of which, were reported by Debian packagers. There's also a fix
for check_subid_range.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Everytime an update has been done on squid the access.log file has been replaced with an
empty file, losing whatever messages have been in the log.
- This has been the case since squid was implemented in IPFire.
- Update of rootfile to comment out var/log/squid/access.log
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 4.20.1 to 4.20.2
- Update of rootfile for both x86_64 and aarch64
- After doing a grep into the config directories I realised that the xxxMACHINExxx phrase
is only added into rootfiles in the main common or package directories and not in the
x86_64 and aarch64
- In the past I have submitted the samba rootfile with x86_64 replaced by xxxMACHINExxx.
It seems to have worked, so the replacement probably occurs even in the architecture
specific directories but it doesn't need to be used there as the directory is clearly
only for that one architecture.
- Changelog
4.20.2
* BUG 15662: vfs_widelinks with DFS shares breaks case insensitivity.
* BUG 13213: Samba build is not reproducible.
* BUG 15569: ldb qsort might r/w out of bounds with an intransitive compare
function.
* BUG 15625: Many qsort() comparison functions are non-transitive, which can
lead to out-of-bounds access in some circumstances.
* BUG 15638: Need to change gitlab-ci.yml tags in all branches to avoid CI
bill.
* BUG 15654: We have added new options --vendor-name and --vendor-patch-
revision arguments to ./configure to allow distributions and packagers to
put their name in the Samba version string so that when debugging Samba the
source of the binary is obvious.
* BUG 15665: CTDB RADOS mutex helper misses namespace support.
* BUG 13019: Dynamic DNS updates with the internal DNS are not working.
* BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0.
* BUG 15412: Anonymous smb3 signing/encryption should be allowed (similar to
Windows Server 2022).
* BUG 15573: Panic in dreplsrv_op_pull_source_apply_changes_trigger.
* BUG 15620: s4:nbt_server: does not provide unexpected handling, so winbindd
can't use nmb requests instead cldap.
* BUG 15642: winbindd, net ads join and other things don't work on an ipv6
only host.
* BUG 15659: Segmentation fault when deleting files in vfs_recycle.
* BUG 15664: Panic in vfs_offload_token_db_fetch_fsp().
* BUG 15666: "client use kerberos" and --use-kerberos is ignored for the
machine account.
* BUG 15435: Regression DFS not working with widelinks = true.
* BUG 15633: samba-gpupdate - Invalid NtVer in netlogon_samlogon_response.
* BUG 15653: idmap_ad creates an incorrect local krb5.conf in case of trusted
domain lookups.
* BUG 15660: The images don't build after the git security release and CentOS
8 Stream is EOL.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The SSH daemon has been split into a listener and session daemon to have
a smaller attack vector since the listener does not need to implement
the SSH protocol.
In order to keep SSH working, we need to ship the session daemon, too.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 9.7p1 to 9.8p1
- Update of rootfile
- Changelog
9.8p1
-There is a fix for CVE-2024-6387
-The number of changes is too large to show all here. As well as the CVE fix and
another security related fix there are a log of bug fixes as well. The details can
seen at https://www.openssh.com/txt/release-9.8
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- The patch for this was created by Stefan Schantl
- Blocklist addition was discussed and agreed at IPFire dev conf call in June 2024.
- Tested on vm system.
- The combined list was removed because it is just the three others which can be selected
in the WUI to give the equivalent result.
Created-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- The standard email scripts supllied with apcupsd are coded on the basis that sendmail
is being used. The format of the email information in those scripts does not work with
the dma mail system implemented in IPFire.
- The scripts provided in the config/apcupsd directory have been updated to work with
dma. The scripts have been confirmed to work with my production system that is using
a UPS.
- This patch will replace the standard apcupsd scripts with the ones tailored for IPFire.
- If any existing users have modified their scripts to already work with dma then their
versions will be saved in their backup.
- The apcupsd-3.14.14-2.ipfire package created in the build with the above changes has
been installed on a vm system and confirmed to provide the IPFire tailored scripts.
- The lfs change is the addition of the copying of the scripts to the /etc/apcupsd
directory.
- No change to the rootfile as the scripts names are the same.
- The only thing a user will need to do is to ensure the IPFire email system is enabled,
configure and confirmed working. Then valid FROM and TO email addresses need to be
added to each script.
- Once this patch submission is accepted then I will do an update to the apcupsd IPFire
documentation page to describe these scripts and how to update the email addresses.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- tshark in the past had its own version of speexdsp used only for some "arbitrary
resampling code" used for the build of tshark.
- speexdsp has been removed from tshark so it is now a build requirement.
- It is only used for the build of tshark so the rootfile has all entries commented out.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 4.0.8 to 4.2.5
- Update of rootfile
- Version 4.2.5 requires asciidoctor to be built for tshark to build. Despite lots of
investigation and testing out various commands, tshark will not build if asciidoctor is
not present, even if the docs are not going to be used. It is only required for the
build
- To build asciidoctor ruby has to be installed. It is only required for the build of
asciidoctor
- tshark has previously had its own version of speexdsp built in. It is only used to
provide some "arbitrary resampling code" during the build and does not end up in the
running tshark system. Version 4.2.5 has removed the internal speexdsp code but it
is still a required dependency for building, so speexdsp also need to be installed but
only for the build stage.
- The associated patches with this one provide the build installation of ruby, asciidoctor
and speexdsp. With these installed tshark was able to be built.
- version 4.0.8 and 4.2.5 of tshark were tested out on a vm system with the command
"tshark -c 100 > tshark" and this wrote 100 packets from the vm red0 interface to a
text file. Both the old and new versions provided the same sort of result. To a first
level of testing this shows that the 4.2.5 version is functioning as the previous
version was.
- This version had an sobump so find-dependencies was run. All files linked to the three
libraries in tshark are all also in tshark. No other package is linked to.
- Changelog
There are 13 releases between 4.0.8 and 4.2.5 so the changelist is too large to
include here. Details can be found in the release notes for each version at
https://www.wireshark.org/docs/relnotes/
21 CVE vulnerabilities have been fixed that were identified in 7 of the 13 versions.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.5.5 to 1.5.6
- Update of rootfile
- Changelog
1.5.6 (Mar 2024)
api: Promote `ZSTD_c_targetCBlockSize` to Stable API by @felixhandte
api: new `ZSTD_d_maxBlockSize` experimental parameter, to reduce streaming decompression memory, by @terrelln
perf: improve performance of param `ZSTD_c_targetCBlockSize`, by @Cyan4973
perf: improved compression of arrays of integers at high compression, by @Cyan4973
lib: reduce binary size with selective built-time exclusion, by @felixhandte
lib: improved huffman speed on small data and linux kernel, by @terrelln
lib: accept dictionaries with partial literal tables, by @terrelln
lib: fix CCtx size estimation with external sequence producer, by @embg
lib: fix corner case decoder behaviors, by @Cyan4973 and @aimuz
lib: fix zdict prototype mismatch in static_only mode, by @ldv-alt
lib: fix several bugs in magicless-format decoding, by @embg
cli: add common compressed file types to `--exclude-compressed`` by @daniellerozenblit
cli: fix mixing `-c` and `-o` commands with `--rm`, by @Cyan4973
cli: fix erroneous exclusion of hidden files with `--output-dir-mirror` by @felixhandte
cli: improved time accuracy on BSD, by @felixhandte
cli: better errors on argument parsing, by @KapJI
tests: better compatibility with older versions of `grep`, by @Cyan4973
tests: lorem ipsum generator as default backup content, by @Cyan4973
build: cmake improvements by @terrelln, @sighingnow, @gjasny, @JohanMabille, @Saverio976, @gruenich, @teo-tsirpanis
build: bazel support, by @jondo2010
build: fix cross-compiling for AArch64 with lld by @jcelerier
build: fix Apple platform compatibility, by @nidhijaju
build: fix Visual 2012 and lower compatibility, by @Cyan4973
build: improve win32 support, by @DimitriPapadopoulos
build: better C90 compliance for zlibWrapper, by @emaste
port: make: fat binaries on macos, by @mredig
port: ARM64EC compatibility for Windows, by @dunhor
port: QNX support by @klausholstjacobsen
port: MSYS2 and Cygwin makefile installation and test support, by @QBos07
port: risc-v support validation in CI, by @Cyan4973
port: sparc64 support validation in CI, by @Cyan4973
port: AIX compatibility, by @likema
port: HP-UX compatibility, by @likema
doc: Improved specification accuracy, by @elasota
bug: Fix and deprecate ZSTD_generateSequences (#3981)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- lfs copies the required headers to the /usr/include directory.
- rootfile has all entries commented out as utfcpp is only required for the build.
- Added utfcpp into make.sh prior to taglib.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- existing cleanhtml command does not handle diacritical charcters such as umlauts, acute,
grave and circumflex accents.
- In bug 12395 the problem was resolved by adding decode before and encode after the
cleanhtml command in dns.cgi
- Suggestion from @Michael Tremer was to add the decode and encode sections into the
actual cleanhtml subroutine in header.pl
- This patch submission is the execution of that suggestion.
- This will ensure that whenever cleanhtml is used for any remark in a WUI page it will
handle diacritical charcters.
- Tested out on my vm testbed system and confirmed to be working when cleanhtml has the
encode and decode lines.
- Combined with this patch is another one that changes the dns.cgi to remove the decode
and encode entries added into the cgi code.
Suggested-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
According to the Linux kernel documentation, enabling BPF_UNPRIV_DEFAULT_OFF
(which was done in 69dde418f1) will cause
the sysctl kernel.unprivileged_bpf_disabled to default to 2. This
prohibits calls to bpf() from unprivileged users by default, but allows
for such calls to be allowed again during runtime, by setting
kernel.unprivileged_bpf_disabled to 0.
There is no legitimate reason why this should be possible on IPFire,
which is why this patch sets kernel.unprivileged_bpf_disabled to 1
during startup, causing the same effect as 2, but without any option to
revert this setting during runtime. This fixes a Lynis warning.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.23.5 to 3.23.12
- Update of rootfile
- Changelog
3.23.12
Added support for the following new Printers:
HP OfficeJet Pro 9130b series
HP OfficeJet Pro 9120b series
HP OfficeJet Pro 9110b series
HP Color LaserJet Enterprise Flow MFP X58045z
HP Color LaserJet Enterprise Flow MFP X58045zs
HP Color LaserJet Enterprise MFP X58045dn
HP Color LaserJet Enterprise MFP X58045
HP LaserJet Pro P1106 plus
HP LaserJet Pro P1108 plus
3.23.8
Added support for following new Distro's:
OpenSuse 15.5
Fedora 38
Ubuntu 23.04
Added support for the following new Printers:
HP Color LaserJet Pro MFP 4301dwe
HP Color LaserJet Pro MFP 4301fdne
HP Color LaserJet Pro MFP 4301fdwe
HP Color LaserJet Pro MFP 4301cdwe
HP Color LaserJet Pro MFP 4301cfdne
HP Color LaserJet Pro MFP 4301cfdwe
HP Color LaserJet Pro MFP 4302dwe
HP Color LaserJet Pro MFP 4302fdne
HP Color LaserJet Pro MFP 4302fdwe
HP Color LaserJet Pro MFP 4302cdwe
HP Color LaserJet Pro MFP 4302fdn
HP Color LaserJet Pro MFP 4302fdw
HP Color LaserJet Pro MFP 4303dw
HP Color LaserJet Pro MFP 4303fdn
HP Color LaserJet Pro MFP 4303fdw
HP Color LaserJet Pro MFP 4303cdw
HP Color LaserJet Pro MFP 4303cfdn
HP Color LaserJet Pro MFP 4303cfdw
HP Color LaserJet Pro 4201dne
HP Color LaserJet Pro 4201dwe
HP Color LaserJet Pro 4201cdne
HP Color LaserJet Pro 4201cdwe
HP Color LaserJet Pro 4202dne
HP Color LaserJet Pro 4202dwe
HP Color LaserJet Pro 4202dn
HP Color LaserJet Pro 4202dw
HP Color LaserJet Pro 4203dn
HP Color LaserJet Pro 4203dw
HP Color LaserJet Pro 4203cdn
HP Color LaserJet Pro 4203cdw
HP DeskJet 2800 All-in-One Printer series
HP DeskJet 2800e All-in-One Printer series
HP DeskJet Ink Advantage 2800 All-in-One Printer series
HP DeskJet 4200 All-in-One Printer series
HP DeskJet 4200e All-in-One Printer series
HP DeskJet Ink Advantage 4200 All-in-One Printer series
HP DeskJet Ink Advantage Ultra 4900 All-in-One Printer series
Known issues:
1. USB print feature is not working properly with FW version 6.17.X.X for
HP Color LaserJet Pro MFP 4303 devices
2. An I/O error is observed when attempting to add a HP Color LaserJet
Pro MFP 4303series device via wireless option.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.15.1b to 0.16.3
- Update of rootfile
- A new fork has been made of the libid3tag. This is now being managed by Tenacity.
The latest version has a library change so that any package using the old version will
work with the new one.
- Changelog
0.16.3
This release fixes backwards compatibility issues with libid3tag 0.15.1b.
#8 - Define a separate library soversion, which is set to 0 to preserve ABI
compatibility.
Note: no functionality was changed in this release. This and the previous release
are identical in terms of functionality.
Compatibility
With the changes listed above, libid3tag is both source compatible and
binary (ABI) compatible with programs linked against libid3tag 0.15.1b.
We will continue to guarantee this compatibility for as long as we can.
Existing libid3tag 0.15.1b packages can be easily switched to this
version without breakage.
Reporting Issues or Contributing Patches
Our version of libid3tag contains all kinds of integrated packages plus
our own tweaks. However, if you have a patch or two that haven't been
integrated into our fork yet, please feel free to open a pull request.
Just like Tenacity, we aim to have libid3tag packaged and working on as
many platforms as we can without patches.
0.16.2
Fix null pointer dereference in id3_ucs4_length (CVE-2017-11550)
0.16.1
Fix exported CMake config file
Fix pkgconfig file name to match Linux distro packages
(id3tag instead of libid3tag).
0.16.0
Add CMake build system
Remove autotools build system
Install pkgconfig and CMake config files
Apply patches from Debian, Fedora, Arch, and Gentoo
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
