- Update from version 8.0.3 to 8.1.1
- In CU179 the update of qemu caused at least one user to have a problem starting his
qemu system as the qemu bundled slirp library used for the net user backend was removed
in version 7.2. Unfortunately no user tested qemu in the CU179 Testing phase, or if they
did they are not using the net user backend.
- This patch adds the --enable-slirp option to configure and installs libslirp in a
separate patch.
- I can't test if this now works as I don't use qemu anywhere.
- Changelog is too large to include here.
8.1
https://wiki.qemu.org/ChangeLog/8.1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.44/doc/arm/html/notes.html#notes-for-bind-9-16-44
Changes since 9.16.40:
9.16.44:
"Previously, sending a specially crafted message
over the control channel could cause the packet-parsing
code to run out of available stack memory, causing named
to terminate unexpectedly. This has been fixed. (CVE-2023-3341)"
9.16.43:
"Processing already-queued queries received over TCP could cause
an assertion failure, when the server was reconfigured at the
same time or the cache was being flushed. This has been fixed."
9.16.42:
"The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured max-cache-size
limit. (CVE-2023-2828)
A query that prioritizes stale data over lookup triggers a fetch
to refresh the stale data in cache. If the fetch is aborted for
exceeding the recursion quota, it was possible for named to enter
an infinite callback loop and crash due to stack overflow. This
has been fixed. (CVE-2023-2911)
Previously, it was possible for a delegation from cache to be
returned to the client after the stale-answer-client-timeout
duration. This has been fixed."
9.16.41:
"When removing delegations from an opt-out range, empty-non-terminal
NSEC3 records generated by those delegations were not cleaned up.
This has been fixed."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Excerpt from changelog:
"6.0.14 -- 2023-09-13
Security #6289: Crash in SMTP parser during parsing of email (6.0.x backport)
Security #6196: process exit in hyperscan error handling (6.0.x backport)
Security #6156: dcerpc: max-tx config parameter, also for UDP (6.0.x backport)
Bug #6285: community-id: Fix IPv6 address sorting not respecting byte order (6.0.x backport)
Bug #6248: Multi-tenancy: crash under test mode when tenant signature load fails (6.0.x backport)
Bug #6245: tcp: RST with data used in reassembly (6.0.x backport)
Bug #6236: if protocol dcerpc first packet type is Alter_context, it will not parse dcerpc (6.0.x backport)
Bug #6228: ips/af-packet: crash when copy-iface is the same as the interface (6.0.x backport)
Bug #6227: windows: lua script path truncated (6.0.x backport)
Bug #6226: Decode-events of IPv6 GRE are not triggered (6.0.x backport)
Bug #6224: base64: complete support for RFC2045 (6.0.x backport)
Bug #6220: Backport tenant_id conversion to uint32_t
Bug #6213: file.magic: rule reload can lead to crashes (6.0.x backport)
Bug #6193: smtp: Attachment not being md5 matched (6.0.x backport)
Bug #6192: smtp: use every byte to compute email.body_md5 (6.0.x backport)
Bug #6182: log-pcap: fix segfault on lz4 compressed pcaps (6.0.x backport)
Bug #6181: eve/alert: deprecated fields can have unexpected side affects (6.0.x backport)
Bug #6174: FTP bounce detection doesn't work for big-endian platforms (6.0.x backport)
Bug #6166: http2: fileinfo events log http2 object instead of http object as alerts and http2 do (6.0.x backport)
Bug #6139: smb: wrong offset when parse SMB_COM_WRITE_ANDX record (6.0.x backport)
Bug #6082: pcap: device reopen broken (6.0.x backport)
Bug #6068: pcap: memory leaks (6.0.x backport)
Bug #6045: detect: multi-tenancy leaks memory if more than 1 tenant registered (6.0.x backport)
Bug #6035: stream.midstream: if enabled breaks exception policy (6.0.x backport)
Bug #5915: rfb: parser returns error on unimplemented record types (6.0.x backport)
Bug #5794: eve: if alert and drop rules match for a packet, "alert.action" is ambigious (6.0.x backport)
Bug #5439: Invalid certificate when Issuer is not present.
Optimization #6229: Performance impact of Cisco Fabricpath (6.0.x backport)
Optimization #6203: detect: modernize filename fileext filemagic (6.0.x backport)
Optimization #6153: suricatasc: Gracefully handle unsupported commands (6.0.x backport)
Feature #6282: dns/eve: add 'HTTPS' type logging (6.0.x backport)
Feature #5935: ips: add 'master switch' to enable dropping on traffic (handling) exceptions (6.0.x backport)
Documentation #6234: userguide: add installation from Ubuntu PPA section (6.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.28.1 to 2.28.3
- Update of rootfile
- Changelog
2.28.3
This is a stable bugfix release, with the following changes:
Added a gamepad mapping for the G-Shark GS-GP702
Fixed touchpad events for the Razer Wolverine V2 Pro in PS5 mode
Fixed getting key events from TV remotes on Android
Updated to Android minSdkVersion 19 and targetSdkVersion 34 to meet Google
Play Store requirements
2.28.2
This is a stable bugfix release, with the following changes:
Fixed occasionally failing to open the clipboard on Windows
Fixed crash at shutdown when using the D3D11 renderer
Fixed setting the viewport when using the D3D12 renderer
Fixed crash using SDL event functions before initializing SDL on Windows
Fixed Xbox controller trigger motion events on Windows
Fixed Xbox controller rumble in the background on Windows
Added the hint SDL_HINT_JOYSTICK_WGI to control whether to use
Windows.Gaming.Input for controllers
Fixed 8BitDo gamepad mapping when in XInput mode on Linux
Fixed controller lockup initializing some unofficial PS4 replica controllers
Fixed video initialization on headless Linux systems using VNC
Fixed large mouse jump when changing relative mouse mode on macOS
Fixed hardware keyboard text input on iPadOS
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.18.5 to 2.19.0
- Update of rootfile for x86_64
- Changelog is too large to include here
4.19.0
See the WHATSNEW.txt file in the soiurce tarball
4.18.6
* BUG 15420: reply_sesssetup_and_X() can dereference uninitialized tmp
pointer.
* BUG 15430: Missing return in reply_exit_done().
* BUG 15289: post-exec password redaction for samba-tool is more reliable for
fully random passwords as it no longer uses regular expressions
containing the password value itself.
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
* BUG 15342: Spotlight sometimes returns no results on latest macOS.
* BUG 15417: Renaming results in NT_STATUS_SHARING_VIOLATION if previously
attempted to remove the destination.
* BUG 15427: Spotlight results return wrong date in result list.
* BUG 15414: "net offlinejoin provision" does not work as non-root user.
* BUG 15400: rpcserver no longer accepts double backslash in dfs pathname.
* BUG 15433: cm_prepare_connection() calls close(fd) for the second time.
* BUG 15346: 2-3min delays at reconnect with smb2_validate_sequence_number:
bad message_id 2.
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15446: DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed.
* BUG 15390: Python tarfile extraction needs change to avoid a warning
(CVE-2007-4559 mitigation).
* BUG 15435: Regression DFS not working with widelinks = true.
* BUG 9959: Windows client join fails if a second container CN=System exists
somewhere.
* BUG 15441: samba-tool ntacl get segfault if aio_pthread appended.
* BUG 15449: mdssvc: Do an early talloc_free() in _mdssvc_open().
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version v4.0.3 to v4.0.4
- Update of rootfile
- Removal of patch to fix build failures with gettext-0.22 as this has been incorporated
into the source tarball.
- Changelog
procps-ng-4.0.4
* library (API & ABI unchanged)
increment revision: 0:2:0
tolerates all potential 'cpuinfo' formats issue #272
restore the proper main thread tics valuations issue #280
Remove myself from proc count merge #193
Refactor the escape code Debian #1035649
* free: -L one line output issue #156
* pgrep: Use only --signal option for signal Debian #1031765
* pgrep: suppress >15 warning if using regex Debian #1037450
* pidof: Add -t option to show threads merge #190
* pmap: Reset totals between processes issue #298
* ps: fixed missing or corrupted fields with -m option Debian #1036631, issue #279
* ps: Fix buffer overflow in -C option CVE-2023-4016 Debian #1042887, issue #297
* ps: Add --signames to show signal names in masks merge #98
* sysctl: -N show names merge #198, RH #2222056
* tests: dont compare floats with == issue #271
* tests: skips tests if maps missing merge #197, Gentoo #583036
* top: bad command line arguments yield EXIT_FAILURE issue #273
* top: avoids keystroke induced '%Cpu' distortions
* top: includes VM (guest) tics in 'system' overhead issue #274
* top: includes VM (guest) tics with '!' toggle merge #179
* top: lessen summary cpu distortions on first display merge #180
* top: better backspace handling wtth line edits issue #278
* vmstat: Print guest time in non-wide mode
* w: Fix musl UT_HOSTSIZE issue
* watch: Add color support at compile time issue #296
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.5.0 to 4.5.1
- Update of rootfile
- Changelog is much too long to include here. See the ChangeLog file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20221030-3.1 to 20230828-3.1
- Update of rootfile
- Changelog
2023-08-28 Jess Thrysoee
* src/chartype.c: Add missing stdint.h
Reported by Rui Chen
2023-08-27 Jess Thrysoee
* all: sync with upstream source
See also NetBSD changelog:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libedit
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.13.1 to 2.13.2
- Update of rootfile
- Changelog is too large to include here. See the ChangeLog file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 9.6.7 to 11.0.6
- Update of rootfile
- Ran find-dependencies for the sobump. All libraries are only linked into bacula
- All of the versions from 9.6.7 to 11.0.6 and up to 13.0.3 have no bug fixes relatred to
the bacula-fd daemon. With bacula-fd running on a separate machine to the bacula-dir and
bacula-sd daemons, older versions of bacula-fd will work with no bug issues with a newer
bacula-dir and bacula-sd.
- If we put a very new version of bacula-fd on IPFire then it will not work with older
versions of bacula-dir and bacula-sd.
- A new feature in the bacula 11 series is that communication between daemons will
automatically use TLS if OpenSSL is installed on the machines running bacula.
Therefore having a bacula 11 based bacula-fd on IPFire will automatically, with no user
configuration required, use TLS for communication to the IPFire bacula-fd from the other
bacula daemons on other machines.
- This has been shown to automatically work between the bacula-fd daemons on my laptop and
desktop machines and the bacula-dir/bacula-sd on my server machine.
Currently communication between mu bacula-dir/bacuila-sd daemons and the IPFire bacula-fd
daemon communication is still unencrypted.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- In the services WUI page any addon that has a WUI menu page defined, such as Samba,
Guardian etc, has the addon name shown in underlined red which is a link to the addon
cgi page. This works for the other addons as the addon cgi name is the same as the
addon name. I have identified that this is not the case for apcupsd, because the cgi
page is called upsstats.cgi
- This patch adjusts the cgi name to allow apcupsd to also be shown in underlined red.
- The lfs file copies the upsstats.cgi file to one named apcupsd.cgi
- The apcupsd menu file has the cgi name changed from upsstats.cgi to apcupsd.cgi
- The rootfile is updated to also include the apcupsd.cgi file with the others.
- Tested in my vm testbed by making the above changes in the code and the apcupsd addon
was then shown in underlined red, which acted as a link to the apcupsd status WUI page.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- This is v2 version of this patch with the locations for the sysconf and binaries
corrected so that all files are in the same locations as they were with version 2.3.15
Added sysconfdir and bindir to the configure options to achieve this.
- Update from version 2.3.15 (2012) to 2.3.15.4 (2018)
- Update of rootfile.
- The original site for xinetd is no longer accessible.
- Version 2.3.15 was the last version from https://github.com/xinetd-org/xinetd
OpenSUSE have forked the repo and have provided 2.3.15.3 and 2.3.15.4 to collect a range
of patches together from openSUSE, Debian, Fedora, Gentoo etc.
Last bug fix was done on this github repo in Sep 2022 and the last commit in Oct 2022.
- This is as up to date as there is currently available.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.6.3 to 4.0.8 covering 22 releases.
- Update of rootfile
- Ran find-dependencies due to sobump. Everything is linked to tshark files. No additional
bumping required.
- Changelog is too large to cover with 22 releases. For details see the release notes
page on the website - https://www.wireshark.org/docs/relnotes/
4.0.8 Four vulnerabilities fixed.
4.0.7 Two vulnerabilities fixed.
4.0.6 Nine vulnerabilities fixed.
4.0.5 Three vulnerabilities fixed.
4.0.4 One vulnerability fixed.
4.0.3 Seven vulnerabilities fixed.
Didn't check anymore. Based on above this package definitely needs to be regulalrly
updated as it is obviolusly susceptible to vulnerabilities.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.6.12 to 8.6.13
- Update of rootfile
- Changelog
Last changelog in the source tarball is from 2008.
There is no changelog on the tcl website or the tcl github repository. The only option
is the commits log - https://github.com/tcltk/tcl/commits/main
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update foomatic-db-engine from version 4.0.9 (2013) to 4.0.13 (2018)
- Update foomatic-db from version 20131023 to 20230828
- Update of rootfile
- Changelog
foomatic-db
See the ChangeLog file in the foomatic-db source tarball. Too long to include here.
foomatic-db-engine
4.0.13.
* README, USAGE, configure.ac: Updated for release 4.0.13.
* Makefile.in: Add support for LDFLAGS variable (bug #1422).
* configure.ac: Allow user-configurable PERLPREFIX via environment
variable (Bug #1294).
4.0.12.
* README, USAGE, configure.ac: Updated for release 4.0.12.
* foomatic-ppdfile.in: Foomatic doesn't provide some offered PPD
files. Thanks to Marek Kasik for the patch (bug #1238).
* foomatic-ppd-to-xml.in: Let missing XML files be added when to a
PPD with already existing XML files new "*Product:" lines get
added.
4.0.11.
* README, USAGE, configure.ac: Updated for release 4.0.11.
* lib/Foomatic/DB.pm: Do not interpret option default values set to
"0" in PPD files as no default setting defined. Thanks to Deng
Pang from Ricoh (DengPang at rst dot ricoh dot com) for the report.
4.0.10.
* README, USAGE, configure.ac: Updated for release 4.0.10.
* foomatic-addpjloptions.in: Make foomatic-addpjloptions work with
the system's Foomatic database, too.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.20.1 to 1.21.2
- Update of rootfile
- Changelog
Major changes in 1.21.2 (2023-08-14)
This is a bug fix release.
* Fix double-free in KDC TGS processing [CVE-2023-39975].
Changes by ticket ID
9101 Fix double-free in KDC TGS processing
Major changes in 1.21.1 (2023-07-10)
This is a bug fix release.
* Fix potential uninitialized pointer free in kadm5 XDR parsing
[CVE-2023-36054].
Changes by ticket ID
9099 Ensure array count consistency in kadm5 RPC
Major changes in 1.21 (2023-06-05)
User experience:
* Added a credential cache type providing compatibility with the macOS
11 native credential cache.
Developer experience:
* libkadm5 will use the provided krb5_context object to read
configuration values, instead of creating its own.
* Added an interface to retrieve the ticket session key from a GSS
context.
Protocol evolution:
* The KDC will no longer issue tickets with RC4 or triple-DES session
keys unless explicitly configured with the new allow_rc4 or
allow_des3 variables respectively.
* The KDC will assume that all services can handle aes256-sha1 session
keys unless the service principal has a session_enctypes string
attribute.
* Support for PAC full KDC checksums has been added to mitigate an
S4U2Proxy privilege escalation attack.
* The PKINIT client will advertise a more modern set of supported CMS
algorithms.
Code quality:
* Removed unused code in libkrb5, libkrb5support, and the PKINIT
module.
* Modernized the KDC code for processing TGS requests, the code for
encrypting and decrypting key data, the PAC handling code, and the
GSS library packet parsing and composition code.
* Improved the test framework's detection of memory errors in daemon
processes when used with asan.
Changes by ticket ID
9052 Support macOS 11 native credential cache
9053 Make kprop work for dump files larger than 4GB
9054 Replace macros with typedefs in gssrpc types.h
9055 Use SHA-256 instead of SHA-1 for PKINIT CMS digest
9057 Omit LDFLAGS from krb5-config --libs output
9058 Add configure variable for default PKCS#11 module
9059 Use context profile for libkadm5 configuration
9066 Set reasonable supportedCMSTypes in PKINIT
9069 Update error checking for OpenSSL CMS_verify
9071 Add and use ts_interval() helper
9072 Avoid small read overrun in UTF8 normalization
9076 Use memmove() in Unicode functions
9077 Fix aclocal.m4 syntax error for autoconf 2.72
9078 Fix profile crash on memory exhaustion
9079 Fix preauth crash on memory exhaustion
9080 Fix gic_keytab crash on memory exhaustion
9082 Fix policy DB fallback error handling
9083 Fix kpropd crash with unrecognized option
9084 Add PAC full checksums
9085 Fix read overruns in SPNEGO parsing
9086 Fix possible double-free during KDB creation
9087 Fix meridian type in getdate.y
9088 Use control flow guard flag in Windows builds
9089 Add pac_privsvr_enctype string attribute
9090 Convey realm names to certauth modules
9091 Add GSS_C_INQ_ODBC_SESSION_KEY
9092 Fix maintainer-mode build for binutils 2.37
9093 Add PA-REDHAT-PASSKEY padata type
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
