- python3-toml only required for build of python3-pyproject2setuppy so rootfile has all
entries commented out.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- pyproject2setuppy only required for build of python3-tomli so rootfile has all entries
commented out.
- python3-tomli has no setup.py file so pyproject2setuppy used to convert pyproject.toml
file into a setup.py file
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- tomli only required for build of python3-setuptools-scm so rootfile has all entries
commented out.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.2.0 (Jan 2019) to 6.3.2 (Sep 2021)
- Update of rootfile
- Changelog
6.3.2
* fix#629: correctly convert Version data in tags_to_version parser to avoid errors
6.3.1
* fix#625: restore tomli in install_requires after the regression changes in took it out
and some users never added it even tho they have pyproject.toml files
6.3.0
.. warning::
This release explicitly warns on unsupported setuptools.
This unfortunately has to happen as the legacy ``setup_requires`` mechanism
incorrectly configures the setuptools working-set when a more recent setuptools
version than available is required.
As all releases of setuptools are affected as the historic mechanism
for ensuring a working setuptools setup was shipping a ``ez_setup`` file
next to ``setup.py``, which would install the required version of setuptools.
This mechanism has long since been deprecated and removed
as most people haven't been using it
* fix#612: depend on packaging to ensure version parsing parts
* fix#611: correct the typo that hid away the toml extra and add it in ``setup.py`` as well
* fix#615: restore support for the git_archive plugin which doesn't pass over the config
* restore the ability to run on old setuptools while to avoid breaking pipelines
v6.2.0
* fix#608: resolve tomli dependency issue by making it a hard dependency
as all intended/supported install options use pip/wheel this is only a feature release
* ensure python 3.10 works
v6.1.1
* fix#605: completely disallow bdist_egg - modern enough setuptools>=45 uses pip
* fix#606: re-integrate and harden toml parsing
* fix#597: harden and expand support for figuring the current distribution name from
`pyproject.toml` (`project.name` or `tool.setuptools_scm.dist_name`) section or `setup.cfg` (`metadata.name`)
v6.1.0
* fix#587: don't fail file finders when distribution is not given
* fix#524: new parameters ``normalize`` and ``version_cls`` to customize the version normalization class.
* fix#585: switch from toml to tomli for toml 1.0 support
* fix#591: allow to opt in for searching parent directories in the api
* fix#589: handle yaml encoding using the expected defaults
* fix#575: recommend storing the version_module inside of ``mypkg/_version.py``
* fix#571: accept branches starting with ``v`` as release branches
* fix#557: Use ``packaging.version`` for ``version_tuple``
* fix#544: enhance errors on unsupported python/setuptools versions
v6.0.1
* fix#537: drop node_date on old git to avoid errors on missing %cI
v6.0.0
* fix#517: drop dead python support >3.6 required
* drop dead setuptools support > 45 required (can install wheels)
* drop egg building (use wheels)
* add git node_date metadata to get the commit time-stamp of HEAD
* allow version schemes to be priority ordered lists of version schemes
* support for calendar versioning (calver) by date
v5.0.2
* fix#415: use git for matching prefixes to support the windows situation
v5.0.1
* fix#509: support ``SETUPTOOLS_SCM_PRETEND_VERSION_FOR_${DISTRIBUTION_NAME}`` for ``pyproject.toml``
v5.0.0
Breaking changes:
* fix#339: strict errors on missing scms when parsing a scm dir to avoid false version lookups
v5.0.2
* fix#415: use git for matching prefixes to support the windows situation
v5.0.1
* fix#509: support ``SETUPTOOLS_SCM_PRETEND_VERSION_FOR_${DISTRIBUTION_NAME}`` for ``pyproject.toml``
v5.0.0
Breaking changes:
* fix#339: strict errors on missing scms when parsing a scm dir to avoid false version lookups
* fix#337: if relative_to is a directory instead of a file,
consider it as direct target instead of the containing folder and print a warning
Bugfixes:
* fix#352: add support for generally ignoring specific vcs roots
* fix#471: better error for version bump failing on complex but accepted tag
* fix#479: raise indicative error when tags carry non-parsable information
* Add `no-guess-dev` which does no next version guessing, just adds `.post1.devN` in
case there are new commits after the tag
* add python3.9
* enhance documentation
* consider SOURCE_DATE_EPOCH for versioning
* add a version_tuple to write_to templates
* fix#321: add support for the ``SETUPTOOLS_SCM_PRETEND_VERSION_FOR_${DISTRIBUTION_NAME}`` env var to target the pretend key
* fix#142: clearly list supported scm
* fix#213: better error message for non-zero dev numbers in tags
* fix#356: add git branch to version on describe failure
v4.1.2
* disallow git tags without dots by default again - #449
v4.1.1
* drop jaraco.windows from pyproject.toml, allows for wheel builds on python2
v4.1.0
* include python 3.9 via the deadsnakes action
* return release_branch_semver scheme (it got dropped in a bad rebase)
* undo the devendoring of the samefile backport for python2.7 on windows
* re-enable the building of universal wheels
* fix handling of missing git/hg on python2.7 (python 3 exceptions where used)
* correct the tox flake8 invocation
* trigger builds on tags again
v4.0.0
* Add ``parentdir_prefix_version`` to support installs from GitHub release
tarballs.
* use Coordinated Universal Time (UTC)
* switch to github actions for ci
* fix documentation for ``tag_regex`` and add support for single digit versions
* document handling of enterprise distros with unsupported setuptools versions #312
* switch to declarative metadata
* drop the internal copy of samefile and use a dependency on jaraco.windows on legacy systems
* select git tags based on the presence of numbers instead of dots
* enable getting a version form a parent folder prefix
* add release-branch-semver version scheme
* make global configuration available to version metadata
* drop official support for python 3.4
v3.5.0
* add ``no-local-version`` local scheme and improve documentation for schemes
v3.4.4
* fix#403: also sort out resource warnings when dealing with git file finding
v3.4.3
* fix#399: ensure the git file finder terminates subprocess after reading archive
v3.4.2
* fix#395: correctly transfer tag regex in the Configuration constructor
* rollback --first-parent for git describe as it turns out to be a regression for some users
v3.4.1
* pull in #377 to fix#374: correctly set up the default version scheme for pyproject usage.
this bugfix got missed when ruushing the release.
v3.4.0
* fix#181 - add support for projects built under setuptools declarative config
by way of the setuptools.finalize_distribution_options hook in Setuptools 42.
* fix#305 - ensure the git file finder closes filedescriptors even when errors happen
* fix#381 - clean out env vars from the git hook system to ensure correct function from within
* modernize docs wrt importlib.metadata
*edited*
* use --first-parent for git describe
v3.3.3
* add eggs for python3.7 and 3.8 to the deploy
v3.3.2
* fix#335 - fix python3.8 support and add builds for up to python3.8
v3.3.1
* fix#333 (regression from #198) - use a specific fallback root when calling fallbacks. Remove old
hack that resets the root when fallback entrypoints are present.
v3.3.0
this bugfix got missed when ruushing the release.
v3.4.0
* fix#181 - add support for projects built under setuptools declarative config
by way of the setuptools.finalize_distribution_options hook in Setuptools 42.
* fix#305 - ensure the git file finder closes filedescriptors even when errors happen
* fix#381 - clean out env vars from the git hook system to ensure correct function from within
* modernize docs wrt importlib.metadata
*edited*
* use --first-parent for git describe
v3.3.3
* add eggs for python3.7 and 3.8 to the deploy
v3.3.2
* fix#335 - fix python3.8 support and add builds for up to python3.8
v3.3.1
* fix#333 (regression from #198) - use a specific fallback root when calling fallbacks. Remove old
hack that resets the root when fallback entrypoints are present.
v3.3.0
* fix#198 by adding the ``fallback_version`` option, which sets the version to be used when everything else fails.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.8.7 to 3.10.1
- Update of rootfile
- libvirt needs to be updated to 7.10.0 before this patch series is implemented
otherwise the old libvirt (6.5.0) will fail to build with the new python3.
- Changelog is w2ay to big to show here. Details can be found by viewing 3.9.rst and
3.10.rst in the Doc/whatsnew/ folder in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For some reason, this module is not present after the very first boot of
an IPFire installation.
Fixes: #12767
Reported-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Fixes: #12301
When using hosts with MAC-addresses in a hostgroup,
the rule won't be generated if those hosts are selected as target.
There is a hint but due to a wrong hashparameter the hint was not shown.
With this patch the hint is shown again.
Additionally the rule is skipped when rules.pl creates rules.
There are no bootmessages with failed target "none" anymore.
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
- Update from 2.4.2 to 2.4.4
- Update of rootfile
- Changelog
Release 2.4.4 Sun January 30 2022
Security fixes:
#550 CVE-2022-23852 -- Fix signed integer overflow
(undefined behavior) in function XML_GetBuffer
(that is also called by function XML_Parse internally)
for when XML_CONTEXT_BYTES is defined to >0 (which is both
common and default).
Impact is denial of service or more.
#551 CVE-2022-23990 -- Fix unsigned integer overflow in function
doProlog triggered by large content in element type
declarations when there is an element declaration handler
present (from a prior call to XML_SetElementDeclHandler).
Impact is denial of service or more.
Bug fixes:
#544#545 xmlwf: Fix a memory leak on output file opening error
Other changes:
#546 Autotools: Fix broken CMake support under Cygwin
#554 Windows: Add missing files to the installer to fix
compilation with CMake from installed sources
#552#554 Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
Release 2.4.3 Sun January 16 2022
Security fixes:
#531#534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
"<r xmlns:a='[..]' a:a123='[..]' [..] />"
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
#532#538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
#539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.
Other changes:
#535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
#541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
and MSYS2 by not going through Wine on these platforms
#527#528 Address compiler warnings
#533#543 Version info bumped from 9:2:8 to 9:3:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#536 CI: Check for realistic minimum CMake version
#529#539 CI: Cover compilation with -m32
#529 CI: Store coverage reports as artifacts for download
#528 CI: Upgrade Clang from 11 to 13
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 5.1.012 to 5.1.016
- Update of rootfile not required
- Changelog
Patch 013 - Bash did not always perform tilde expansion following an unquoted colon on
the rhs of an assignment statement in posix mode.
Patch 014 - Bash may produce corrupted input if a multibyte character spans a 512-byte
boundary while reading the output of a command substitution.
Patch 015 - There are some characters (e.g., cyrillic) that can't be displayed using
certain single-byte encodings (e.g., cp1251) because the negative signed
int is interpreted as EOF and not displayed.
Patch 016 - Multiple `!' tokens should toggle negation of an expression in a [[
conditional command, instead of simply negating the expression.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 5.15 to 5.16
- Update of rootfile not required
- Changelog
Version 5.16 - January 19, 2022
* Feature: use memory maps for module EEPROM parsing (-m)
* Feature: show CMIS diagnostic information (-m)
* Fix: fix dumping advertised FEC modes (--show-fec)
* Fix: ignore cable test notifications from other devices (--cable-test)
* Fix: do not show duplicate options in help text (--help)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 7.80.0 to 7.81.0
- Update of rootfile
- Changelog
7.81.0
This release includes the following changes:
o mime: use percent-escaping for multipart form field and file names [1]
This release includes the following bugfixes:
o asyn-ares: ares_getaddrinfo needs no happy eyeballs timer [73]
o azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper [12]
o BINDINGS: add cURL client for PostgreSQL [68]
o BINDINGS: add one from Everything curl and update a link
o checksrc: detect more kinds of NULL comparisons we avoid [105]
o CI: build examples for additional code verification [75]
o CI: bump job to use mbedtls 3.1.0 [90]
o cmake: don't set _USRDLL on a static Windows build [22]
o cmake: prevent dev warning due to mismatched arg [94]
o cmake: private identifiers use CURL_ instead of CMAKE_ prefix [40]
o config.d: update documentation to match the path search
o configure: add -lm to configure for rustls build. [13]
o configure: better diagnostics if hyper is built wrong [6]
o configure: don't enable TLS when --without-* flags are used [17]
o configure: fix runtime-lib detection on macOS [21]
o curl.1: require "see also" for every documented option [27]
o curl: improve error message for --head with -J [42]
o curl_easy_cleanup.3: remove from multi handle first [3]
o curl_easy_escape.3: call curl_easy_cleanup in example [58]
o curl_easy_unescape.3: call curl_easy_cleanup in example [57]
o curl_multi_init.3: fix EXAMPLE formatting
o curl_multi_perform/socket_action.3: clarify what errors mean [70]
o curl_share_setopt.3: split out options into their own manpages [14]
o CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL [51]
o digest: compute user:realm:pass digest w/o userhash [45]
o docs/checksrc: Add documentation for STRERROR [18]
o docs/cmdline-opts: do not say "protocols: all" [26]
o docs/examples: workaround broken -Wno-pedantic-ms-format
o docs/HTTP3: describe how to setup a h3 reverse-proxy for testing [88]
o docs/INSTALL.md: typo fix : added missing "get" verb [31]
o docs/URL-SYNTAX.md: space is not fine in a given URL
o docs: add known bugs list to HTTP3.md [83]
o docs: address proselint nits [16]
o docs: consistent manpage SYNOPSIS [47]
o docs: fix dead links, remove ECH.md
o docs: fix typo in OpenSSL 3 build instructions [80]
o docs: Update the Reducing Size section
o example/progressfunc: remove code for old libcurls [78]
o examples/multi-single.c: remove WAITMS() [98]
o FAQ: typo fix : "yout" ➤ "your" [30]
o ftp: disable warning 4706 in MSVC [85]
o gen.pl: improve example output format [29]
o github workflow: add wolfssl (removed from zuul) [103]
o github/workflows: add mbedtls and mbedtls-clang (removed from zuul) [92]
o gtls: check return code for gnutls_alpn_set_protocols [86]
o hash: lazy-alloc the table in Curl_hash_add() [54]
o http2:set_transfer_url() return early on OOM [53]
o HTTP3: update quiche build instructions [37]
o http: enable haproxy support for hyper backend [20]
o http: Fix CURLOPT_HTTP200ALIASES [89]
o http_proxy: don't close the socket (too early) [100]
o insecure.d: detail its use for SFTP and SCP as well [32]
o insecure.d: expand and clarify [28]
o libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
o libcurl-security.3: mention address and URL mitigations
o libssh2: fix error message for sha256 mismatch
o libtest: avoid "assignment within conditional expression" [84]
o lift: ignore is a deprecated config option, use ignoreRules [35]
o linkcheck.yml: add CI job that checks markdown links [82]
o m4/curl-compilers: tell clang -Wno-pointer-bool-conversion [99]
o Makefile.m32: rename -winssl option to -schannel and tidy up [33]
o mbedTLS: add support for CURLOPT_CAINFO_BLOB [44]
o mbedtls: fix CURLOPT_SSLCERT_BLOB [72]
o mbedtls: fix private member designations for v3.1.0 [93]
o misc: remove unused doh flags when CURL_DISABLE_DOH is defined [71]
o misc: s/e-mail/email [74]
o multi: cleanup the socket hash when destroying it [55]
o multi: handle errors returned from socket/timer callbacks [52]
o multi: shut down CONNECT in Curl_detach_connnection [2]
o netrc.d: edit the .netrc example to look nicer [24]
o ngtcp2: verify the server cert on connect (quictls) [102]
o ngtcp2: verify the server certificate for the gnutls case [101]
o nss:set_cipher don't clobber the cipher list [38]
o openldap: implement STARTTLS [56]
o openldap: process search query response messages one by one [50]
o openldap: several minor improvements [69]
o openldap: simplify ldif generation code [77]
o openssl: check the return value of BIO_new() [43]
o openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
o openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
o openssl: remove usage of deprecated `SSL_get_peer_certificate`
o openssl: use non-deprecated API to read key parameters
o page-footer: add a mention of how to report bugs to the man page
o page-footer: document more environment variables [23]
o request.d: refer to 'method' rather than 'command' [59]
o retry-all-errors.d: make the example complete
o runtests: make the SSH library a testable feature
o rustls: read of zero bytes might be okay [9]
o rustls: remove comment about checking handshaking [15]
o rustls: remove incorrect EOF check [10]
o sha256/md5: return errors when init fails [79]
o socks5: use appropriate ATYP for numerical IP address host names [91]
o test1156: enable for hyper [65]
o test1156: fixup the stdout check for Windows [60]
o test1525: tweaked for hyper [64]
o test1526: enable for hyper [63]
o test1527: enable for hyper [62]
o test1528: enable for hyper [61]
o test1554: adjust for hyper [49]
o test1556: adjust for hyper [48]
o test302[12]: run only with the libssh2 backend [8]
o test661: enable for hyper [66]
o tests/CI.md: add more information on CI environments [39]
o tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 [76]
o tftp: mark protocol as not possible to do over CONNECT [25]
o tool_findfile: updated search for a file in the homedir [46]
o tool_operate: only set SSH related libcurl options for SSH URLs [11]
o tool_operate: warn if too many output arguments were found [87]
o url.c: fix the SIGPIPE comment for Curl_close [4]
o url: check ssl_config when re-use proxy connection [81]
o url: reduce ssl backend count for CURL_DISABLE_PROXY builds [96]
o urlapi: accept port number zero [34]
o urlapi: if possible, shorten given numerical IPv6 addresses [95]
o urlapi: provide more detailed return codes [36]
o urlapi: reject short file URLs [41]
o version_win32: Check build number and platform id
o vtls/rustls: adapt to the updated rustls_version proto [19]
o writeout: fix %{http_version} for HTTP/3 [7]
o x509asn1: return early on errors [67]
o zuul.d: update rustls-ffi to version 0.8.2 [5]
o zuul: fix quiche build pointing to wrong Cargo [104]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.3.3op2 to 2.4.1
- Update of rootfile
- Changelog
Changes in CUPS v2.4.1 (27th January 2020)
- The default color mode now is now configurable and defaults to the printer's
reported default mode (Issue #277)
- Configuration script now checks linking for -Wl,-pie flags (Issue #303)
- Fixed memory leaks - in testi18n (Issue #313), in `cups_enum_dests()`
(Issue #317), in `_cupsEncodeOption()` and `http_tls_upgrade()` (Issue #322)
- Fixed missing bracket in de/index.html (Issue #299)
- Fixed typos in configuration scripts (Issues #304, #316)
- Removed remaining legacy code for `RIP_MAX_CACHE` environment variable
(Issue #323)
- Removed deprecated directives from cupsctl and cups-files.conf (Issue #300)
- Removed `purge-jobs` legacy code from CGI scripts and templates (Issue #325)
Changes in CUPS v2.4.0 (29th November 2021)
- Added configure option --with-idle-exit-timeout (Issue #294)
- Added --with-systemd-timeoutstartsec configure option (Issue #298)
- DigestOptions now are applied for MD5 Digest authentication defined
by RFC 2069 as well (Issue #287)
- Fixed compilation on Solaris (Issue #293)
- Fixed and improved German translations (Issue #296, Issue #297)
Changes in CUPS v2.4rc1 (12th November 2021)
- Added warning and debug messages when loading printers
if the queue is raw or with driver (Issue #286)
- Compilation now uses -fstack-protector-strong if available (Issue #285)
Changes in CUPS v2.4b1 (27th October 2021)
- Added support for CUPS running in a Snapcraft snap.
- Added basic OAuth 2.0 client support (Issue #100)
- Added support for AirPrint and Mopria clients (Issue #105)
- Added configure support for specifying systemd dependencies in the CUPS
service file (Issue #144)
- Added several features and improvements to `ipptool` (Issue #153)
- Added a JSON output mode for `ipptool`.
- The `ipptool` command now correctly reports an error when a test file cannot
be found.
- CUPS library now uses thread safe `getpwnam_r` and `getpwuid_r` functions
(Issue #274)
- Fixed Kerberos authentication for the web interface (Issue #19)
- The ZPL sample driver now supports more "standard" label sizes (Issue #70)
- Fixed reporting of printer instances when enumerating and when no options are
set for the main instance (Issue #71)
- Reverted USB read limit enforcement change from CUPS 2.2.12 (Issue #72)
- The IPP backend did not return the correct status code when a job was canceled
at the printer/server (Issue #74)
- The `testlang` unit test program now loops over all of the available locales
by default (Issue #85)
- The `cupsfilter` command now shows error messages when options are used
incorrectly (Issue #88)
- The PPD functions now treat boolean values as case-insensitive (Issue #106)
- Temporary queue names no longer end with an underscore (Issue #110)
- The USB backend now runs as root (Issue #121)
- Added pkg-config file for libcups (Issue #122)
- Fixed a PPD memory leak caused by emulator definitions (Issue #124)
- Fixed a `DISPLAY` bug in `ipptool` (Issue #139)
- The scheduler now includes the `[Job N]` prefix for job log messages, even
when using syslog logging (Issue #154)
- Added support for locales using the GB18030 character set (Issue #159)
- `httpReconnect2` did not reset the socket file descriptor when the TLS
negotiation failed (Apple #5907)
- `httpUpdate` did not reset the socket file descriptor when the TLS
negotiation failed (Apple #5915)
- The IPP backend now retries Validate-Job requests (Issue #132)
- Now show better error messages when a driver interface program fails to
provide a PPD file (Issue #148)
- Added dark mode support to the CUPS web interface (Issue #152)
- Added a workaround for Solaris in `httpAddrConnect2` (Issue #156)
- Fixed an interaction between `--remote-admin` and `--remote-any` for the
`cupsctl` command (Issue #158)
- Now use a 60 second timeout for reading USB backchannel data (Issue #160)
- The USB backend now tries harder to find a serial number (Issue #170)
- Fixed `@IF(name)` handling in `cupsd.conf` (Apple #5918)
- Fixed documentation and added examples for CUPS' limited CGI support
(Apple #5940)
- Fixed the `lpc` command prompt (Apple #5946)
- Now always pass "localhost" in the `Host:` header when talking over a domain
socket or the loopback interface (Issue #185)
- Fixed a job history update issue in the scheduler (Issue #187)
- Fixed `job-pages-per-set` value for duplex print jobs.
- Fixed an edge case in `ippReadIO` to make sure that only complete attributes
and values are retained on an error (Issue #195)
- Hardened `ippReadIO` to prevent invalid IPP messages from being propagated
(Issue #195, Issue #196)
- The scheduler now supports the "everywhere" model directly (Issue #201)
- Fixed some IPP Everywhere option mapping problems (Issue #238)
- Fixed support for "job-hold-until" with the Restart-Job operation (Issue #250)
- Fixed the default color/grayscale presets for IPP Everywhere PPDs (Issue #262)
- Fixed support for the 'offline-report' state for all USB backends (Issue #264)
- Documentation fixes (Issue #92, Issue #163, Issue #177, Issue #184)
- Localization updates (Issue #123, Issue #129, Issue #134, Issue #146,
Issue #164)
- USB quirk updates (Issue #192, Issue #270, Apple #5766, Apple #5838,
Apple #5843, Apple #5867)
- Web interface updates (Issue #142, Issue #218)
- The `ippeveprinter` tool now automatically uses an available port.
- Fixed several Windows TLS and hashing issues.
- Deprecated cups-config (Issue #97)
- Deprecated Kerberos (`AuthType Negotiate`) authentication (Issue #98)
- Removed support for the (long deprecated and unused) `FontPath`,
`ListenBackLog`, `LPDConfigFile`, `KeepAliveTimeout`, `RIPCache`, and
`SMBConfigFile` directives in `cupsd.conf` and `cups-files.conf`.
- Stubbed out deprecated `httpMD5` functions.
- Add test for undefined page ranges during printing.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Removing a lot of duplicate code parsing meta files, now replaced by
simple function calls, resulting in all metadata in one hash.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.9.8p2 to 1.9.9
- Update of rootfile
- Changelog
What's new in Sudo 1.9.9
* Sudo can now be built with OpenSSL 3.0 without generating warnings
about deprecated OpenSSL APIs.
* A digest can now be specified along with the "ALL" command in
the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for
this in the sudoers file but did not include corresponding changes
for the other back-ends.
* visudo now only warns about an undefined alias or a cycle in an
alias once for each alias.
* The sudoRole cn was truncated by a single character in warning messages.
GitHub issue #115.
* The cvtsudoers utility has new --group-file and --passwd-file options
to use a custom passwd or group file when the --match-local option is
also used.
* The cvtsudoers utility can now filter or match based on a command.
* The cvtsudoers utility can now produce output in csv (comma-separated
value) format. This can be used to help generate entitlement reports.
* Fixed a bug in sudo_logsrvd that could result in the connection being
dropped for very long command lines.
* Fixed a bug where sudo_logsrvd would not accept a restore point
of zero.
* Fixed a bug in visudo where the value of the "editor" setting was not
used if it did not match the user's EDITOR environment variable.
This was only a problem if the "env_editor" setting was not enabled.
Bug #1000.
* Sudo now builds with the -fcf-protection compiler option and the
"-z now" linker option if supported.
* The output of "sudoreplay -l" now more closely matches the
traditional sudo log format.
* The sudo_sendlog utility will now use the full contents of the log.json
file, if present. This makes it possible to send sudo-format I/O logs
that use the newer log.json format to sudo_logsrvd without losing any
information.
* Fixed compilation of the arc4random_buf() replacement on systems with
arc4random() but no arc4random_buf(). Bug #1008.
* Sudo now uses its own getentropy() by default on Linux. The GNU libc
version of getentropy() will fail on older kernels that don't support
the getrandom() system call.
* It is now possible to build sudo with WolfSSL's OpenSSL compatibility
layer by using the --enable-wolfssl configure option.
* Fixed a bug related to Daylight Saving Time when parsing timestamps
in Generalized Time format. This affected the NOTBEFORE and
NOTAFTER options in sudoers. Bug #1006
* Added the -O and -P options to visudo, which can be used to check
or set the owner and permissions. This can be used in conjunction
with the -c option to check that the sudoers file ownership and
permissions are correct. Bug #1007.
* It is now possible to set resource limits in the sudoers file itself.
The special values "default" and "user" refer to the default system
limit and invoking user limit respectively. The core dump size limit
is now set to 0 by default unless overridden by the sudoers file.
* The cvtsudoers utility can now merge multiple sudoers sources into
a single, combined sudoers file. If there are conflicting entries,
cvtsudoers will attempt to resolve them but manual intervention
may be required. The merging of sudoers rules is currently fairly
simplistic but will be improved in a future release.
* Sudo was parsing but not applying the "deref" and "tls_reqcert"
ldap.conf settings. This meant the options were effectively
ignored which broke dereferencing of aliases in LDAP. Bug #1013.
* Clarified in the sudo man page that the security policy may
override the user's PATH environment variable. Bug #1014.
* When sudo is run in non-interactive mode (with the -n option), it
will now attempt PAM authentication and only exit with an error
if user interaction is required. This allows PAM modules that
don't interact with the user to succeed. Previously, sudo
would not attempt authentication if the -n option was specified.
Bug #956 and GitHub issue #83.
* Fixed a regression introduced in version 1.9.1 when sudo is
built with the --with-fqdn configure option. The local host
name was being resolved before the sudoers file was processed,
making it impossible to disable DNS lookups by negating the
"fqdn" sudoers option. Bug #1016.
* Added support for negated sudoUser attributes in the LDAP and
SSSD sudoers back ends. A matching sudoUser that is negated
will cause the sudoRole containing it to be ignored.
* Fixed a bug where the stack resource limit could be set to a
value smaller than that of the invoking user and not be reset
before the command was run. Bug #1017.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 5.15.0 to 5.16.0
- Update of rootfile
routef has been removed
Commit message - This script is old and limited to IPv4. Using ip route command
directly is better option.
rtpr has been removed
Commit message - This script was a one off hack for a special case. Now that ip
commands have better formatting, there is no real reason for it
ifcfg has been removed
Commit message - This script was from olden days of ifcfg. I don't see any
distribution using it and it is time to put it out to pasture.
- Changelog - There is no changelog. For details of changes you have to review the
commits in the git repository
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
