This variable never actually held the kernel version. There were always
suffixes appended and other things changed about it. This makes it a lot
simpler as this variable now holds the actual kernel version.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
unshare(8) seems to fail with kernels older than 6.0.0 when mounting
the /proc filesystem in the inner namespace. This seems to be an bug
where unshare does not even try to mount the /proc filesystem but tries
to make its mount propagation private.
This is now solved in that way that we will use unshare on newer kernels
but will fall back on manually mounting the /proc filesystem once we have
entered the chroot environment.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When we create the outer mount namespace, we still want to receive any
mounts from the host system which is why we set it to slave.
The second mount namespace should be a copy of the outer one but should not
propagate anything back to the outer mount namespace.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When using QMI the dial-in option has to be set to "ppp" during setup.
In this case the initscript of suricata will create all related firewall
rules for the ppp0 interface which is not correct when using QMI where
the RED device is called red0.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package seemed to have bunlded WolfSSL which we don't want to use.
Instead we want to use OpenSSL.
The bundled version of WolfSSL did not want to compile with GCC 14.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This went really bad with the latest CSS changes. So this is a
refactor/rewrite of the CGI without many modifications.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This might only be useful for debugging (and even that is questionable).
So instead of flooding logs, we disable this, but it can be easily
enabled for development again.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.9.1 to 5.9.3
- Version 5.9.4 exists but it is indicated that SNMP over TLS and/or DTLS is not
functioning properly with various versions of OpenSSL. However I could not find which
versions mentioned in the News or Changelog. The problem will be fixed in a future
version. There are no CVE fixes in 5.9.4, only a relatively few bug fixes so I
decided to wait for the fixed version in case there are users using TLS with SNMP.
- Update of rootfile
- 6 CVE fixes in 5.9.3
- Changelog
5.9.3
security:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.
- These CVEs can be exploited by a user with read-write credentials:
- CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously
- CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.
- CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.
- To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address
range.
- Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.
misc:
- Snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.
general: Many bug fixes
5.9.2
skipped due to a last minute library versioning found bug -- use 5.9.3 instead
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 4.20.2 to 4.20.4
- Successfully built samba on arm builder
- Update of rootfile for x86_64 & aarch64 not required.
- Changelog
4.20.4
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
4.20.3
* BUG 15683: Running samba-bgqd a a standalone systemd service does not work.
* BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
Windows computer when user account need to change their own password.
* BUG 15671: Invalid client warning about command line passwords.
* BUG 15672: Version string is truncated in manpages.
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
* BUG 15674: cmdline_burn does not always burn secrets.
* BUG 15685: Samba does not parse SDDL found in defaultSecurityDescriptor in
AD_DS_Classes_Windows_Server_v1903.ldf.
* BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
Windows computer when user account need to change their own password.
* BUG 15660: The images don\'t build after the git security release and
CentOS 8 Stream is EOL.
* BUG 15676: Fix clock skew error message and memory cache clock skew
recovery.
* BUG 15603: Heimdal ignores _gsskrb5_decapsulate errors in
init_sec_context/repl_mutual.
* BUG 15621: s4:ldap_server: does not support tls channel bindings
for sasl binds.
* BUG 15678: CTDB socket output queues may suffer unbounded delays under some
special conditions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 10.03.0 to 10.03.1
- Update of rootfile
- Several CVE fixes in this release
- Changelog
10.03.1
Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870, CVE-2024-33871 and
CVE-2024-29510
IMPORTANT: For the 10.04.0 release (fall/autumn 2024) we will be adding
protection for device selection from PostScript input. This will mean that,
by default, only the device specified on the command line will be permitted.
Similar to the file permissions, there will be a "--permit-devices="
allowing a comma separation list of allowed devices. This will also take a
single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during
a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
As as result, we strongly urge anyone including the OCR devices in their
build to update as soon as possible.
As of this release (10.03.1) pdfwrite creates PDF files with XRef streams
and ObjStm streams. This can result in considerably smaller PDF output
files. See Vector Devices for more details.
Ghostscript/pdfwrite now supports passing through PDF "Optional Content".
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental
improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR
engine. In such a build, new devices are available
(pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR
that image, and output the image "wrapped" up as a PDF file, with the OCR
generated text information included as "invisible" text (in PDF terms, text
rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from
source included in our release packages, and not linking to
Tesseract/Leptonica shared libraries. Whether we add this capability will
be largely dependent on community demand for the feature.
See Enabling OCR for more details.
Incompatible changes
(10.03.1) Almost all the "internal" PostScript procedures defined during the
interpreter startup are now "executeonly", further reducing the attack
surface of the interpreter.
The nature of these procedures means there should be no impact for
legitimate usage, but it is possible it will impact uses which abuse the
previous accessibility (even for legitimate reasons). Such cases may now
require "DELAYBIND", See DELAYBIND
(10.03.1) The "makeimagedevice" non-standard operator has been removed. It
allowed low level access to the graphics library in a way that was,
essentially impossible to secure.
(10.03.1) The "putdeviceprops", "getdeviceprops", "finddevice",
"copydevice", "findprotodevice" non-standard operators have all been
removed. They provided functionality that is either accessible through
standard operators, or should not be used by user PostScript.
(10.03.1) The process of "tidying" the PostScript namespace should have
removed only non-standard and undocumented operators. Nevertheless, it is
possible that any integrations or utilities that rely on those non-standard
and undocumented operators may stop working or may change behaviour.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.26 to 1.28
- Update of rootfile not required
- Changelog
1.28
The option '--verify-on-error' has been renamed to '--check-on-error'.
The option '--verify-input-size' has been renamed to '--check-input-size'.
The option synonym '--exit-on-error' has been removed and is no longer
recognized.
In fill and rescue modes, ddrescue now makes a final fsync call on outfile
to prevent an early exit if the kernel caches all the writes.
Option '-t, --show-status' of ddrescuelog now shows the mapfile names at
verbosity level 0 if more than one mapfile is specified.
The variable MAKEINFO has been added to configure and Makefile.in.
1.27
A deadlock in command mode when stdout is fully buffered has been fixed by
flushing stdout after executing each command. (Reported by Jeffrey Bosboom).
The new option '-W, --compare-before-write' has been added. It omits
superfluous writes in rescue mode.
(Suggested by Kajetan Harald Hinner and Petr Slansky).
Diagnostics caused by invalid arguments to command line options now show the
argument and the name of the option.
The option synonym '--direct' has been removed and is no longer recognized.
'long long' is now used instead of 'long' for time variables.
A missing '#include <cstdlib>' has been added.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3460000 to 3460100
- Update of rootfile not required
- Changelog
3460100
Improved robustness while parsing the tokenize= arguments in FTS5. Forum post
171bcc2bcd.
Enhancements to covering index prediction in the query planner. Add early
detection of over-prediction of covering indexes so that sqlite3_prepare() will
return an error rather than just generate bad bytecode. Forum post
e60e4c295d22f8ce.
Do not let the number of terms on a VALUES clause be limited by
SQLITE_LIMIT_COMPOUND_SELECT, even if the VALUES clause contains elements that
appear to be variables due to double-quoted string literals.
Fix the window function version of group_concat() so that it returns an empty
string if it has one or more empty string inputs.
In FTS5 secure-delete mode, fix false-positive integrity-check reports about
corrupt indexes.
Syntax errors in ALTER TABLE should always return SQLITE_ERROR. In some cases,
they were formerly returning SQLITE_INTERNAL.
JavaScript/WASM:
Fix a corruption-causing bug in the JavaScript "opfs" VFS.
Work around a couple of browser-specific OPFS quirks.
Other minor fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20240531 to 20240813
- Update of rootfile not required
- Changelog
20240813
Security updates for INTEL-SA-01083
Security updates for INTEL-SA-01118
Security updates for INTEL-SA-01100
Security updates for INTEL-SA-01038
Security updates for INTEL-SA-01046
Update for functional issues. Refer to Intel® Core™ Ultra Processor for details.
Update for functional issues. Refer to 3rd Generation Intel® Xeon® Processor Scalable Family Specification Update for details.
Update for functional issues. Refer to 3rd Generation Intel® Xeon® Scalable Processors Specification Update for details.
Update for functional issues. Refer to 2nd Generation Intel® Xeon® Processor Scalable Family Specification Update for details
Update for functional issues. Refer to Intel® Xeon® D-2700 Processor Specification Update for details.
Update for functional issues. Refer to Intel® Xeon® E-2300 Processor Specification Update for details.
Update for functional issues. Refer to 13th Generation Intel® Core™ Processor Specification Update for details.
Update for functional issues. Refer to 12th Generation Intel® Core™ Processor Family for details.
Update for functional issues. Refer to 11th Gen Intel® Core™ Processor Specification Update for details.
Update for functional issues. Refer to 10th Gen Intel® Core™ Processor Families Specification Update for details.
Update for functional issues. Refer to 10th Generation Intel® Core™ Processor Specification Update for details.
Update for functional issues. Refer to 8th and 9th Generation Intel® Core™ Processor Family Spec Update for details.
Update for functional issues. Refer to 8th Generation Intel® Core™ Processor Families Specification Update for details.
Update for functional issues. Refer to 7th and 8th Generation Intel® Core™ Processor Specification Update for details.
Update for functional issues. Refer to Intel® Processors and Intel® Core™ i3 N-Series for details.
Update for functional issues. Refer to Intel® Atom® x6000E Series, and Intel® Pentium® and Celeron® N and J Series Processors for Internet of Things (IoT) Applications for details.
For Updated Platforms see the changelog
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.18.1 to 1.20
- Update of rootfile not required
- Changelog
1.20
- Revert default color scheme back to 'off'
- Rewrite man page in mdoc, drop pod2man dependency
1.19
- Fix typo in --exclude-from argument
- Add --(enable|disable)-natsort options
- Add indicator to apparent size/disk usage selection in the footer
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 6.6 to 6.10
- Update of rootfile not required
- Changelog
6.10
* Improvements
* Implemented --decode-fds=eventfd option to retrieve eventfd object details
associated with eventfd file descriptors.
* Implemented decoding of NETLINK_GENERIC nlctrl protocol.
* Implemented decoding of F_DUPFD_QUERY fcntl.
* Implemented decoding of mseal syscall.
* Updated decoding of statx and prctl syscalls.
* Updated decoding of BPF_RAW_TRACEPOINT_OPEN bpf command.
* Updated lists of BPF_*, IORING_*, KEXEC_*, KEY_*, LANDLOCK_*, PR_*, STATX_*,
TCP_*, TEE_*, V4L2_*, and *_MAGIC constants.
* Updated lists of ioctl commands from Linux 6.10.
* Bug fixes
* Worked around a bug introduced in Linux 6.5 that affected system call
tampering on riscv64.
6.9
* Improvements
* Implemented --always-show-pid option.
* The --user|-u option has learned to recognize numeric UID:GID pair, allowing
e.g. statically-built strace to be used without invoking nss plugins.
* Implemented decoding of IORING_REGISTER_SYNC_CANCEL,
IORING_REGISTER_FILE_ALLOC_RANGE, IORING_REGISTER_PBUF_STATUS,
IORING_REGISTER_NAPI, and IORING_UNREGISTER_NAPI opcodes of
io_uring_register syscall.
* Implemented decoding of BPF_TOKEN_CREATE bpf syscall command.
* Updated decoding of io_uring_register and pidfd_send_signal syscalls.
* Updated lists of BPF_*, CAN_*, IORING_*, KEY_*, LSM_*, MPOL_*, NT_*, RWF_*,
PIDFD_*, PTP_*, TCP_*, and *_MAGIC constants.
* Updated lists of ioctl commands from Linux 6.9.
6.8
* Improvements
* Renamed --stack-traces to --stack-trace for consistency.
Old option is retained for backwards compatibility.
* Implemented --stack-trace-frame-limit=N option for configuring the limit
of the number of printed backtrace frames.
* Implemented decoding of statmount, listmount, lsm_get_self_attr,
lsm_set_self_attr, and lsm_list_modules syscalls.
* Implemented decoding of setsockopt(TCP_AO_ADD_KEY).
* Updated decoding of landlock_create_ruleset and landlock_add_rule syscalls.
* Updated decoding of SMC_DIAG_DMBINFO netlink attribute.
* Updated decoding of UBI_IOCATT ioctl command.
* Enhanced decoding of mount attributes of fsmount and mount_setattr syscalls.
* Updated lists of BPF_*, KEXEC_*, KVM_*, PERF_*, SOL_*, STATX_*, UFFD_*,
and V4L2_* constants.
* Updated lists of ioctl commands from Linux 6.8.
6.7
* Improvements
* Implemented -kk/--stack-traces=source option for libdw-based stack tracing.
* Implemented decoding of futex_wake, futex_wait, and sys_futex_requeue
syscalls.
* Updated lists of BPF_*, BTRFS_*, IORING_*, KVM_*, LANDLOCK_*, PR_*,
and TCP_* constants.
* Updated lists of ioctl commands from Linux 6.7.
* Bug fixes
* Fix strace -r during the first second after booting to show correct relative
timestamps.
* Fix strace -f entering deadlock on exit if there are tracee processes
spawned using vfork semantics.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.30.1 to 2.30.6
- Update of rootfile
- Changelog
2.30.6
Improved detection of Nintendo Switch Pro controller report mode
Fixed a rare crash when a controller is disconnected
Fixed creating a framebuffer with KMSDRM on some systems
2.30.5
Respect SDL_HINT_RENDER_DRIVER when creating an accelerated window surface
Clean up any accelerated renderer in SDL_DestroyWindowSurface()
Disable low level USB controller support on Android by default (can be
enabled by setting "SDL_ENV.SDL_JOYSTICK_HIDAPI" metadata to "1" in
AndroidManifest.xml)
Fixed USB permissions dialog on Android 14
Fixed controller mapping matching when one entry has a CRC specified and
another doesn't
Enable joystick support on FreeBSD when building using CMake
Reduced input latency when using an fcitx IME on Linux
Fixed graphical corruption on Raspberry Pi
Fixed crash when using an unstable sort function in SDL_qsort (you shouldn't
do this, but at least it won't crash)
2.30.4
Android rotation will respect user rotation lock preferences
Fixed spurious Left-Ctrl key input when the Right Alt key (AltGr) is pressed
on Windows
Added support for the Saitek Cyborg V.3 Rumble Pad in PS3 mode
Added support for the Razer Kitsune in PS5 mode
Added Linux bindings for the Qanba Drone 2 Arcade Joystick
Leave Nintendo Online controllers in simple report mode so they work with
DirectInput games
Enable using libusb for GameCube controllers when available
2.30.3
Fixed Win+V handling (pasting from clipboard history) on Windows
Fixed Caps Lock and Backspace key mapping for the Colemak keyboard layout on
Windows
Fixed mouse warp on XWayland
Reduced startup time when scanning for game controllers on Linux
Fixed building with C89 compilers
Fixed building with the GDK SDK on Windows
2.30.2
Fixed performance regression initializing controllers on Linux
Added support for the 6-button SEGA Mega Drive Control Pad for Nintendo Online
Added support for the MadCatz Saitek Side Panel Control Deck
Added support for the Hori Fighting Stick EX2
Added support for the Yawman Arrow flightstick
Added a gamepad mapping for the Defender Joystick Cobra R4
Fixed the gamepad mapping for the Sanwa Supply JY-P76USV controller
Poll for the initial controller state when using DirectInput
Allow using SDL_RWFromFile() with named pipes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update patches from 1 - 10 to 1 - 13
- Update of rootfile not required
- Changelog of patches
11 Some systems (e.g., macOS) send signals early on in interactive initialization,
so readline should retry a failed open of the init file.
12 If a user happens to bind do-lowercase-version to something that isn't a
capital letter, so _rl_to_lower doesn't change anything and the result is
still bound to do-lowercase-version, readline can recurse infinitely.
13 When readline is accumulating bytes until it reads a complete multibyte
character, reading a byte that makes the multibyte character invalid can
result in discarding the bytes in the partial character.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.9.4 to 1.10.0
- Update of rootfile
- Changelog
1.10.0
cli : multithreading compression support: improves speed by X times threads allocated
cli : overlap decompression with i/o, improving speed by ~+60%
cli : support environment variables LZ4_CLEVEL and LZ4_NBWORKERS
cli : license of CLI more clearly labelled GPL-2.0-or-later
cli : fix: refuse to compress directories
cli : fix dictionary compression benchmark on multiple files
cli : change: no more implicit `stdout` (except when input is `stdin`)
lib : new level 2, offering mid-way performance (speed and compression)
lib : Improved lz4frame compression speed for small data (up to +160% at 1KB)
lib : Slightly faster (+5%) HC compression speed (levels 3-9), by @JunHe77
lib : dictionary compression support now in stable status
lib : lz4frame states can be safely reset and reused after a processing error (described by @QrczakMK)
lib : `lz4file` API improvements, by @vsolontsov-volant and @t-mat
lib : new experimental symbol `LZ4_compress_destSize_extState()`
build: cmake minimum version raised to 3.5
build: cmake improvements, by @foxeng, @Ohjurot, @LocalSpook, @teo-tsirpanis, @ur4t and @t-mat
build: meson scripts are now hosted into `build/` directory, by @eli-schwartz
build: meson improvements, by @tristan957
build: Visual Studio solutions generated by `cmake` via scripts
port : support for loongArch, risc-v, m68k, mips and sparc architectures
port : improved Visual Studio compatibility, by @t-mat
port : freestanding support improvements, by @t-mat
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.3.5 to 3.3.8
- Update of rootfile not required
- Changelog
3.3.8
Features:
- libzscanner,libknot: added support for 'dohpath' and 'ohttp' SVCB parameters
- libzscanner,libknot: added support for WALLET rrtype
- keymgr: new commands for keystore testing (see 'keystore-test' and 'keystore-bench')
- knotd: new configuration option for setting default TTL (see 'zone.default-ttl')
Improvements:
- libknot: added error codes to better describe some failures
Bugfixes:
- knotd: DNSSEC signing doesn't remove NSEC records for non-authoritative nodes
- knotd: DNSSEC signing not scheduled on secondary if nothing to be reloaded
- libknot: TCP over XDP doesn't ignore SYN+ACK packets on the server side
3.3.7
Improvements:
- libs: upgraded embedded libngtcp2 to 1.6.0
Bugfixes:
- knotd: insufficient metadata check can cause journal corruption
- knotd: missing zone timers initialization upon purge
- knotd: missing RCU lock in zone flush and refresh
- knotd: defective assert in zone refresh
3.3.6
Features:
- knotd: configurable control socket backlog size (see 'control.backlog')
- knotd: optional configuration of congruency of generated keytags (see 'policy.keytag-modulo')
- knotc: support for exporting configuration schema in JSON (see 'conf-export') #912
- mod-dnstap: configuration of sink allows TCP address specification
Improvements:
- knotd: last-signed serial is stored to KASP even if not a secondary zone
- knotd: allowed catalog role member in a catalog template configuration
- knotd: some references in a zone configuration can be set empty to override a template
- knotd: allowed zone backup during a zone transaction
- knotd: add remote TSIG key name to outgoing event logs
- knotc: zone backup with '+keysonly' silently uses all defaults as 'off'
- kxdpgun: host name can be used for target specification
- libs: upgraded embedded libngtcp2 to 1.5.0
- doc: various fixes and updates
Bugfixes:
- knotd: reset TCP connection not removed from a connection pool
- knotd: server wrongly tries to remove removed ZONEMD
- knotd: failed to parse empty list from a textual configuration
- knotd: blocking zone signing in combination with an open transaction causes a deadlock
- knotd: missing RCU lock when sending NOTIFY
- kdig: QNAME letter case isn't preserved if IDN is enabled
- kdig: failed to parse empty QNAME (do not fill question section)
- kxdpgun: floating point exception on SIGUSR1 #927
- libknot: incorrect handling of regular QUIC tokens in incoming initials
- python: failed to set an empty configuration value
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- pci.ids - update from 2023-09-22 to 2024-06-23
- usb.ids - update from 2023-11-08 to 2024-07-04
- Update of rootfile not required
- Changelog is not available. It is just the latest update of the information
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.45.2 to 2.46.0
- Update of rootfile
- Changelog
2.46.0
UI, Workflows & Features
* The "--rfc" option of "git format-patch" learned to take an
optional string value to be used in place of "RFC" to tweak the
"[PATCH]" on the subject header.
* The credential helper protocol, together with the HTTP layer, have
been enhanced to support authentication schemes different from
username & password pair, like Bearer and NTLM.
* Command line completion script (in contrib/) learned to complete
"git symbolic-ref" a bit better (you need to enable plumbing
commands to be completed with GIT_COMPLETION_SHOW_ALL_COMMANDS).
* When the user responds to a prompt given by "git add -p" with an
unsupported command, list of available commands were given, which
was too much if the user knew what they wanted to type but merely
made a typo. Now the user gets a much shorter error message.
* The color parsing code learned to handle 12-bit RGB colors, spelled
as "#RGB" (in addition to "#RRGGBB" that is already supported).
* The operation mode options (like "--get") the "git config" command
uses have been deprecated and replaced with subcommands (like "git
config get").
* "git tag" learned the "--trailer" option to futz with the trailers
in the same way as "git commit" does.
* A new global "--no-advice" option can be used to disable all advice
messages, which is meant to be used only in scripts.
* Updates to symbolic refs can now be made as a part of ref
transaction.
* The trailer API has been reshuffled a bit.
* Terminology to call various ref-like things are getting
straightened out.
* The command line completion script (in contrib/) has been adjusted
to the recent update to "git config" that adopted subcommand based
UI.
* The knobs to tweak how reftable files are written have been made
available as configuration variables.
* When "git push" notices that the commit at the tip of the ref on
the other side it is about to overwrite does not exist locally, it
used to first try fetching it if the local repository is a partial
clone. The command has been taught not to do so and immediately
fail instead.
* The promisor.quiet configuration knob can be set to true to make
lazy fetching from promisor remotes silent.
* The inter/range-diff output has been moved to the end of the patch
when format-patch adds it to a single patch, instead of writing it
before the patch text, to be consistent with what is done for a
cover letter for a multi-patch series.
* A new command has been added to migrate a repository that uses the
files backend for its ref storage to use the reftable backend, with
limitations.
* "git diff --exit-code --ext-diff" learned to take the exit status
of the external diff driver into account when deciding the exit
status of the overall "git diff" invocation when configured to do
so.
* "git update-ref --stdin" learned to handle transactional updates of
symbolic-refs.
* "git format-patch --interdiff" for multi-patch series learned to
turn on cover letters automatically (unless told never to enable
cover letter with "--no-cover-letter" and such).
* The "--heads" option of "ls-remote" and "show-ref" has been been
deprecated; "--branches" replaces "--heads".
* For over a year, setting add.interactive.useBuiltin configuration
variable did nothing but giving a "this does not do anything"
warning. The warning has been removed.
* The http transport can now be told to send request with
authentication material without first getting a 401 response.
* A handful of entries are added to the GitFAQ document.
* "git var GIT_SHELL_PATH" should report the path to the shell used
to spawn external commands, but it didn't do so on Windows, which
has been corrected.
Performance, Internal Implementation, Development Support etc.
* Advertise "git contacts", a tool for newcomers to find people to
ask review for their patches, a bit more in our developer
documentation.
* In addition to building the objects needed, try to link the objects
that are used in fuzzer tests, to make sure at least they build
without bitrot, in Linux CI runs.
* Code to write out reftable has seen some optimization and
simplification.
* Tests to ensure interoperability between reftable written by jgit
and our code have been added and enabled in CI.
* The singleton index_state instance "the_index" has been eliminated
by always instantiating "the_repository" and replacing references
to "the_index" with references to its .index member.
* Git-GUI has a new maintainer, Johannes Sixt.
* The "test-tool" has been taught to run testsuite tests in parallel,
bypassing the need to use the "prove" tool.
* The "whitespace check" task that was enabled for GitHub Actions CI
has been ported to GitLab CI.
* The refs API lost functions that implicitly assumes to work on the
primary ref_store by forcing the callers to pass a ref_store as an
argument.
* Code clean-up to reduce inter-function communication inside
builtin/config.c done via the use of global variables.
* The pack bitmap code saw some clean-up to prepare for a follow-up topic.
* Preliminary code clean-up for "git send-email".
* The default "creation-factor" used by "git format-patch" has been
raised to make it more aggressively find matching commits.
* Before discovering the repository details, We used to assume SHA-1
as the "default" hash function, which has been corrected. Hopefully
this will smoke out codepaths that rely on such an unwarranted
assumptions.
* The project decision making policy has been documented.
* The strcmp-offset tests have been rewritten using the unit test
framework.
* "git add -p" learned to complain when an answer with more than one
letter is given to a prompt that expects a single letter answer.
* The alias-expanded command lines are logged to the trace output.
* A new test was added to ensure git commands that are designed to
run outside repositories do work.
* A few tests in reftable library have been rewritten using the
unit test framework.
* A pair of test helpers that essentially are unit tests on hash
algorithms have been rewritten using the unit-tests framework.
* A test helper that essentially is unit tests on the "decorate"
logic has been rewritten using the unit-tests framework.
* Many memory leaks in the sparse-checkout code paths have been
plugged.
* "make check-docs" noticed problems and reported to its output but
failed to signal its findings with its exit status, which has been
corrected.
* Building with "-Werror -Wwrite-strings" is now supported.
* To help developers, the build procedure now allows builders to use
CFLAGS_APPEND to specify additional CFLAGS.
* "oidtree" tests were rewritten to use the unit test framework.
* The structure of the document that records longer-term project
decisions to deprecate/remove/update various behaviour has been
outlined.
* The pseudo-merge reachability bitmap to help more efficient storage
of the reachability bitmap in a repository with too many refs has
been added.
* When "git merge" sees that the index cannot be refreshed (e.g. due
to another process doing the same in the background), it died but
after writing MERGE_HEAD etc. files, which was useless for the
purpose to recover from the failure.
* The output from "git cat-file --batch-check" and "--batch-command
(info)" should not be unbuffered, for which some tests have been
added.
* A CPP macro USE_THE_REPOSITORY_VARIABLE is introduced to help
transition the codebase to rely less on the availability of the
singleton the_repository instance.
* "git version --build-options" reports the version information of
OpenSSL and other libraries (if used) in the build.
* Memory ownership rules for the in-core representation of
remote.*.url configuration values have been straightened out, which
resulted in a few leak fixes and code clarification.
* When bundleURI interface fetches multiple bundles, Git failed to
take full advantage of all bundles and ended up slurping duplicated
objects, which has been corrected.
* The code to deal with modified paths that are out-of-cone in a
sparsely checked out working tree has been optimized.
* An existing test of oidmap API has been rewritten with the
unit-test framework.
* The "ort" merge backend saw one bugfix for a crash that happens
when inner merge gets killed, and assorted code clean-ups.
* A new warning message is issued when a command has to expand a
sparse index to handle working tree cruft that are outside of the
sparse checkout.
* The test framework learned to take the test body not as a single
string but as a here-document.
* "git push '' HEAD:there" used to hit a BUG(); it has been corrected
to die with "fatal: bad repository ''".
* What happens when http.cookieFile gets the special value "" has
been clarified in the documentation.
Bug Fixes
* "git rebase --signoff" used to forget that it needs to add a
sign-off to the resulting commit when told to continue after a
conflict stops its operation.
* The procedure to build multi-pack-index got confused by the
replace-refs mechanism, which has been corrected by disabling the
latter.
* The "-k" and "--rfc" options of "format-patch" will now error out
when used together, as one tells us not to add anything to the
title of the commit, and the other one tells us to add "RFC" in
addition to "PATCH".
* "git stash -S" did not handle binary files correctly, which has
been corrected.
* A scheduled "git maintenance" job is expected to work on all
repositories it knows about, but it stopped at the first one that
errored out. Now it keeps going.
* zsh can pretend to be a normal shell pretty well except for some
glitches that we tickle in some of our scripts. Work them around
so that "vimdiff" and our test suite works well enough with it.
* Command line completion support for zsh (in contrib/) has been
updated to stop exposing internal state to end-user shell
interaction.
* Tests that try to corrupt in-repository files in chunked format did
not work well on macOS due to its broken "mv", which has been
worked around.
* The maximum size of attribute files is enforced more consistently.
* Unbreak CI jobs so that we do not attempt to use Python 2 that has
been removed from the platform.
* Git 2.43 started using the tree of HEAD as the source of attributes
in a bare repository, which has severe performance implications.
For now, revert the change, without ripping out a more explicit
support for the attr.tree configuration variable.
* The "--exit-code" option of "git diff" command learned to work with
the "--ext-diff" option.
* Windows CI running in GitHub Actions started complaining about the
order of arguments given to calloc(); the imported regex code uses
the wrong order almost consistently, which has been corrected.
* Expose "name conflict" error when a ref creation fails due to D/F
conflict in the ref namespace, to improve an error message given by
"git fetch".
(merge 9339fca23e it/refs-name-conflict later to maint).
* The SubmittingPatches document now refers folks to manpages
translation project.
* The documentation for "git diff --name-only" has been clarified
that it is about showing the names in the post-image tree.
* The credential helper that talks with osx keychain learned to avoid
storing back the authentication material it just got received from
the keychain.
(merge e1ab45b2da kn/osxkeychain-skip-idempotent-store later to maint).
* The chainlint script (invoked during "make test") did nothing when
it failed to detect the number of available CPUs. It now falls
back to 1 CPU to avoid the problem.
* Revert overly aggressive "layered defence" that went into 2.45.1
and friends, which broke "git-lfs", "git-annex", and other use
cases, so that we can rebuild necessary counterparts in the open.
* "git init" in an already created directory, when the user
configuration has includeif.onbranch, started to fail recently,
which has been corrected.
* Memory leaks in "git mv" has been plugged.
* The safe.directory configuration knob has been updated to
optionally allow leading path matches.
* An overly large ".gitignore" files are now rejected silently.
* Upon expiration event, the credential subsystem forgot to clear
in-core authentication material other than password (whose support
was added recently), which has been corrected.
* Fix for an embarrassing typo that prevented Python2 tests from running
anywhere.
* Varargs functions that are unannotated as printf-like or execl-like
have been annotated as such.
* "git am" has a safety feature to prevent it from starting a new
session when there already is a session going. It reliably
triggers when a mbox is given on the command line, but it has to
rely on the tty-ness of the standard input. Add an explicit way to
opt out of this safety with a command line option.
(merge 62c71ace44 jk/am-retry later to maint).
* A leak in "git imap-send" that somehow escapes LSan has been
plugged.
* Setting core.abbrev too early before the repository set-up
(typically in "git clone") caused segfault, which as been
corrected.
* When the user adds to "git rebase -i" instruction to "pick" a merge
commit, the error experience is not pleasant. Such an error is now
caught earlier in the process that parses the todo list.
* We forgot to normalize the result of getcwd() to NFC on macOS where
all other paths are normalized, which has been corrected. This still
does not address the case where core.precomposeUnicode configuration
is not defined globally.
* Earlier we stopped using the tree of HEAD as the default source of
attributes in a bare repository, but failed to document it. This
has been corrected.
* "git update-server-info" and "git commit-graph --write" have been
updated to use the tempfile API to avoid leaving cruft after
failing.
* An unused extern declaration for mingw has been removed to prevent
it from causing build failure.
* A helper function shared between two tests had a copy-paste bug,
which has been corrected.
* "git fetch-pack -k -k" without passing "--lock-pack" (which we
never do ourselves) did not work at all, which has been corrected.
* CI job to build minimum fuzzers learned to pass NO_CURL=NoThanks to
the build procedure, as its build environment does not offer, or
the rest of the build needs, anything cURL.
(merge 4e66b5a990 jc/fuzz-sans-curl later to maint).
* "git diff --no-ext-diff" when diff.external is configured ignored
the "--color-moved" option.
(merge 0f4b0d4cf0 rs/diff-color-moved-w-no-ext-diff-fix later to maint).
* "git archive --add-virtual-file=<path>:<contents>" never paid
attention to the --prefix=<prefix> option but the documentation
said it would. The documentation has been corrected.
(merge 72c282098d jc/archive-prefix-with-add-virtual-file later to maint).
* When GIT_PAGER failed to spawn, depending on the code path taken,
we failed immediately (correct) or just spew the payload to the
standard output (incorrect). The code now always fail immediately
when GIT_PAGER fails.
(merge 78f0a5d187 rj/pager-die-upon-exec-failure later to maint).
* date parser updates to be more careful about underflowing epoch
based timestamp.
(merge 9d69789770 db/date-underflow-fix later to maint).
* The Bloom filter used for path limited history traversal was broken
on systems whose "char" is unsigned; update the implementation and
bump the format version to 2.
(merge 9c8a9ec787 tb/path-filter-fix later to maint).
* Typofix.
(merge 231cf7370e as/pathspec-h-typofix later to maint).
* Code clean-up.
(merge 4b837f821e rs/simplify-submodule-helper-super-prefix-invocation later
to maint).
* "git describe --dirty --broken" forgot to refresh the index before
seeing if there is any chang, ("git describe --dirty" correctly did
so), which has been corrected.
(merge b8ae42e292 as/describe-broken-refresh-index-fix later to maint).
* Test suite has been taught not to unnecessarily rely on DNS failing
a bogus external name.
(merge 407cdbd271 jk/tests-without-dns later to maint).
* GitWeb update to use committer date consistently in rss/atom feeds.
(merge cf6ead095b am/gitweb-feed-use-committer-date later to maint).
* Custom control structures we invented more recently have been
taught to the clang-format file.
(merge 1457dff9be rs/clang-format-updates later to maint).
* Developer build procedure fix.
(merge df32729866 tb/dev-build-pedantic-fix later to maint).
* "git push" that pushes only deletion gave an unnecessary and
harmless error message when push negotiation is configured, which
has been corrected.
(merge 4d8ee0317f jc/disable-push-nego-for-deletion later to maint).
* Address-looking strings found on the trailer are now placed on the
Cc: list after running through sanitize_address by "git send-email".
(merge c852531f45 cb/send-email-sanitize-trailer-addresses later to maint).
* Tests that use GIT_TEST_SANITIZE_LEAK_LOG feature got their exit
status inverted, which has been corrected.
(merge 8c1d6691bc rj/test-sanitize-leak-log-fix later to maint).
* The http.cookieFile and http.saveCookies configuration variables
have a few values that need to be avoided, which are now ignored
with warning messages.
(merge 4f5822076f jc/http-cookiefile later to maint).
* Repacking a repository with multi-pack index started making stupid
pack selections in Git 2.45, which has been corrected.
(merge 8fb6d11fad ds/midx-write-repack-fix later to maint).
* Fix documentation mark-up regression in 2.45.
(merge 6474da0aa4 ja/doc-markup-updates-fix later to maint).
* Work around asciidoctor's css that renders `monospace` material
in the SYNOPSIS section of manual pages as block elements.
(merge d44ce6ddd5 js/doc-markup-updates-fix later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge 493fdae046 ew/object-convert-leakfix later to maint).
(merge 00f3661a0a ss/doc-eol-attr-fix later to maint).
(merge 428c40da61 ri/doc-show-branch-fix later to maint).
(merge 58696bfcaa jc/where-is-bash-for-ci later to maint).
(merge 616e94ca24 tb/doc-max-tree-depth-fix later to maint).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
