For details see:
https://www.nano-editor.org/news.php
"Changes between v6.3 and v6.4:
------------------------------
Benno Schulenberg (24):
bump version numbers and add a news item for the 6.4 release
display: remember text and column positions when softwrapping a line
docs: concisely describe how the linter behaves
docs: remove the two notices about the changed defaults
docs: rename README.GIT to README.hacking, so it's clearer what is meant
docs: stop mentioning the obsoleted keywords that were removed
files: designate the root directory with a simple "/", not with "//"
formatter: instead of leaving curses, use full_refresh() to wipe messages
gnulib: update to its current upstream state
help: reshuffle two shortcuts so that more help-line items are paired
options: stop accepting -z, as --suspendable has been dropped too
rcfile: remove five obsolete or deprecated keywords
syntax: default: do not colorize a square or angle bracket after a URL
syntax: perl: add missing keywords, and reduce the length of some lines
syntax: python: mention an alternative linter in a comment
tweaks: add a missing word to a news item
tweaks: add a translator hint
tweaks: improve a comment, and reshuffle two functions plus some lines
tweaks: put each regex on separate line, to better show many keywords
tweaks: rename a variable, to not be the same as a function name
tweaks: rename two variables, to not contain the name of another
tweaks: reshuffle a description and rewrap another
tweaks: reshuffle a few lines, to group things better
version: condense the copyright message, to not dominate the output
LIU Hao (1):
build: ignore errors from `git describe`"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
realtek has released a third different usb ac wlan chipset.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- starting tftpd currently throws "missing directory" error
- this change corrects the issue
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
- this releases fixes the following major security issues:
CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123,
CVE-2022-23124, CVE-2022-23125 and CVE-2022-0194.
- FIX: afpd: make a variable declaration a definition
- UPD: Remove bundled libevent
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- rootfile has all entries commented out as not needed for execution only build
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- The addition of pyfuse3 requires a total of 11 python3 module dependencies and the
addition of python3-Cython during the build
- The other dependencies etc are submitted in the rest of this patch series.
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This is a maintenance release that bundles all the previously added
patches, which have therefore been deleted.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Full changelog since version 0.23.6:
ver 0.23.8 (2022/07/09)
* storage
- curl: fix crash if web server does not understand WebDAV
* input
- cdio_paranoia: fix crash if no drive was found
- cdio_paranoia: faster cancellation
- cdio_paranoia: don't scan for replay gain tags
- pipewire: fix playback of very short tracks
- pipewire: drop all buffers before manual song change
- pipewire: fix stuttering after manual song change
- snapcast: fix busy loop while paused
- snapcast: fix stuttering after resuming playback
* mixer
- better error messages
- alsa: fix setting volume before playback starts
- pipewire: fix crash bug
- pipewire: fix volume change events with PipeWire 0.3.53
- pipewire: don't force initial volume=100%
* support libfmt 9
ver 0.23.7 (2022/05/09)
* database
- upnp: support pupnp 1.14
* decoder
- ffmpeg: fix HLS seeking
- opus: fix missing song length on high-latency files
* output
- shout: require at least libshout 2.4.0
* mixer
- pipewire: fix volume restore
- software: update volume of disabled outputs
* support libiconv
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Full changelog:
4.1.0 - 2022-07-18
ENHANCEMENTS
Add support for OpenSSL 3 (and EL9/Debian 11/Ubuntu 22)
Allow tcpd/libwrap to be excluded from build when present on the system
Allow loading of full certificate chains
Change -u (connection issues return UNKNOWN) to include all SSL-layer failures.
Disable renegotiation and enforce server cipher order when using SSL
Verify that private keys match certificates when using SSL
FIXES
Fixed incorrect default for nasty_metachars in nrpe.cfg
Fixed incorrect help text for --use-adh
Fixed potential out-of-bound read when used with IPv6
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- In 2018 parted was moved from being an addon to being a core program
- The rootfile was moved from rootfiles/packages/ to rootfiles/common/
- The LFS was not updated to remove the PAK_VER etc elements.
- This patch adjusts the LFS file to be in line with being a core program
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-2
"Features
Merge #718: Introduce infra-cache-max-rtt option to config max retransmit timeout.
Bug Fixes
Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing
for one loop pass'.
Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT
on outbound tcp sockets.
Fix verbose EDE error printout.
Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest cross-compiler versions.
Merge PR 714: Avoid treat normal hosts as unresponsive servers. And fixup the lock code.
iana portlist update.
Update documentation for 'outbound-msg-retry:'.
Tests for ghost domain fixes."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Please refer to https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.57
for the changelog of this version. Since it introduces
architecture-dependent rootfile changes due to CPU side-channel
mitigations, changes to ARM rootfiles have been omitted due to the lack
of hardware.
Supposed hardening changes will be submitted separately.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://blog.clamav.net/2022/07/clamav-01037-01041-and-01051-patch.html
"ClamAV 0.105.1 is a critical patch release with the following fixes:
Upgrade the vendored UnRAR library to version 6.1.7.
Fix issue building macOS universal binaries in some configurations.
Silence error message when the logical signature maximum functionality
level is lower than the current functionality level.
Fix scan error when scanning files containing malformed images that
cannot be loaded to calculate an image fuzzy hash.
Fix logical signature "Intermediates" feature.
Relax constraints on slightly malformed ZIP archives that contain
overlapping file entries."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.31/doc/arm/html/notes.html#notes-for-bind-9-16-31
Excerpt from changelog:
" --- 9.16.31 released ---
5917. [bug] Update ifconfig.sh script as is miscomputed interface
identifiers when destroying interfaces. [GL #3061]
5915. [bug] Detect missing closing brace (}) and computational
overflows in $GENERATE directives. [GL #3429]
5913. [bug] Fix a race between resolver query timeout and
validation in resolver.c:validated(). Remove
resolver.c:maybe_destroy() as it is no loger needed.
[GL #3398]
5909. [bug] The server-side destination port was missing from dnstap
captures of client traffic. [GL #3309]
5905. [bug] When the TCP connection would be closed/reset between
the connect/accept and the read, the uv_read_start()
return value would be unexpected and cause an assertion
failure. [GL #3400]
5903. [bug] When named checks that the OPCODE in a response matches
that of the request, if there is a mismatch named logs
an error. Some of those error messages incorrectly
used RCODE instead of OPCODE to lookup the nemonic.
This has been corrected. [GL !6420]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Changelog:
"5.0.10 -- 2022-07-12
Bug #5429: TCP flow that retransmits the SYN with a newer TSval not properly tracked (5.0.x backport)
[Note: Therefore 'suricata-5.0-stream-tcp-Handle-retransmitted-SYN-with-TSval.patch' could be removed]
Bug #5424: inspection of smb traffic without smb/dcerpc doesn't work correct. (5.0.x backport)
Bug #5423: DCERPC protocol detection when nested in SMB (5.0.x backport)
Bug #5404: detect: will still inspect packets of a "dropped" flow for non-TCP (5.0.x backport)
Bug #5388: detect/threshold: offline time handling issue (5.0.x backports)
Bug #5358: test failure on Ubuntu 22.04 with GCC 12 (5.0.x backport)
Bug #5354: detect/alert: fix segvfault when incrementing discarded alerts if alert-queue-expand fails (5.0.x backport)
Bug #5345: CIDR prefix calculation fails on big endian archs (5.0.x backport)
Bug #5343: ftp: quadratic complexity for tx iterator with linked list (5.0.x backport)
Bug #5341: decode/mime: base64 decoding for data with spaces is broken (5.0.x backport)
Bug #5339: PreProcessCommands does not handle all the edge cases (5.0.x backport)
Bug #5325: FTP: expectation created in wrong direction (5.0.x backport)
Bug #5305: cppcheck: various static analyzer "warning"s
Bug #5302: Failed assert DeStateSearchState
Bug #5301: eve: payload field randomly missing even if the packet field is present
Bug #5289: Remove unneeded stack-on-signal initialization.
Bug #5283: 5.0.x: ftp: don't let first incomplete segment be over maximum length
Bug #5124: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit (5.0.x backport)
Bug #5113: Off-by-one in flow-manager flow_hash row allocation
Bug #5055: Documentation copyright years are invalid
Bug #5021: dataset: error with space in rule language
Bug #4926: Rule error in SMB dce_iface and dce_opnum keywords (5.0.x backport)
Bug #4646: TCP reassembly, failed assert app_progress > last_ack_abs, both sides need to be pruned
Optimization #5123: alerts: use alert queing in DetectEngineThreadCtx (5.0.x backport)
Optimization #5121: Use configurable or more dynamic @ PACKET_ALERT_MAX@ (5.0.x backport)
Task #5322: stats/alert: log out to stats alerts that have been discarded from packet queue (5.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-16-1
"Features
Fix#704: [FR] Statistics counter for number of outgoing UDP queries
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
command.
Bug Fixes
makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
Fix for edns client subnet to respect not looking in its cache when
instructed to do so (e.g., prefetch).
Merge PR #688: Rpz url notify issue.
Note in the unbound.conf text that NOTIFY is allowed from the 'url:'
addresses for auth and rpz zones.
Remove unused LDNS function check for GOST Engine unloading.
Fix for loading locally stored zones that have lines with blanks or
blanks and comments.
Fix#663: use after free issue with edns options.
Clarify -v flag manpage entry (#705)
Fix test program dohclient close to use portability routine.
Show the output of the exact .rpl run that failed with 'make test'.
Fix for cached 0 TTL records to not trigger prefetching when
serve-expired-client-timeout is set.
Add debug option to the mini_tdir.sh test code.
Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
Allow fallback to the parent side when MAX_TARGET_NX is reached. This
will also allow MAX_TARGET_NX more NXDOMAINs.
iana portlist update.
Fix detection of libz on windows compile with static option.
Fix compile warning for windows compile.
Merge PR #706: NXNS fallback.
From #706: Cached NXDOMAIN does not increase the target nx responses.
From #706: Don't generate parent side queries if we already have the
lame records in cache.
From #706: When a lame address is the best choice, don't try to
generate target queries when the missing targets are all lame.
Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS mode
on openssl3.
Merge PR #660 from Petr Menšík: Sha1 runtime insecure.
For #660: formatting, less verbose logging, add EDE information.
Fix for correct openssl error when adding windows CA certificates to
the openssl trust store.
Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
Reintroduce documentation and more EDE support for
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3380500 to 3890000
- Update of rootfile not required
- Changelog
Release 3.39.0 On 2022-06-25
Add (long overdue) support for RIGHT and FULL OUTER JOIN.
Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are
equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL
standards.
Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that
indicates a query that has both DISTINCT and ORDER BY clauses.
Added the sqlite3_db_name() interface.
The unix os interface resolves all symbolic links in database filenames to create a
canonical name for the database before the file is opened.
Defer materializing views until the materialization is actually needed, thus avoiding
unnecessary work if the materialization turns out to never be used.
The HAVING clause of a SELECT statement is now allowed on any aggregate query, even
queries that do not have a GROUP BY clause.
Many microoptimizations collectively reduce CPU cycles by about 2.3%.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 8.2 to 9.0
- Update of rootfile
- Remove gcc10 detection patch as this is now built into the source tarball
- Update hardening crash patch. The issue related to the gcc10 patch seems to suggest
that when that is fixed then the hardening crash patch is not required but it wasn't
100% clear. So I have left the patch in place as it only changes one line and if it
worked with the earlier versions then it should also work now. If it is decided that
it is not needed then it can always be removed at a future update.
- Changelog is massive with over 30000 lines.
vim provides fixed updates such as 8.2 and 9.0 but then issues very frequent patch
updates. For version 8.2 there are 5172 patch updates none of which have been applied
to IPFire. All of these are now built into version 9.0
https://vimhelp.org/version9.txt.html#new-9 provides the details of what is new with
version 9.0, including details of all the 5172 patches.
- Key thing for version 9.0 is that there is a new Vim9 script language which is not
backwards compatible. However the old legacy script language will continue to be
supported so all old scripts can continue to be used.
- Version 9.0 already has 48 patches released. The releases occur virtually every day
with several days having multiple patch releases.
- Once this 9.0 version of vim has been confirmed to work successfully by people
experienced in using vim (I struggle to remember the set of characters to press to
exit from an editing session), then my plan is to periodically submit an update of the
patches, although some may be missed out as they are not relevant for IPFire - such
as deleting Travis CI config and improving the recognition of some Visual Basic files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3.1.2 (July 2017) to 4.3 (July 2021)
- Update of rootfile
- Changelog
4.3 (2021-07-22)
decode-dimms: Attempt to decode LPDDR3 modules
eeprom, eepromer: Removed the tools in favor of eeprog
i2cdetect: Sort the bus list by number
i2cdump: Add range support to I2C block mode
Deprecate SMBus block mode
i2cget: Add support for I2C block read
Add support for SMBus block read
i2ctransfer: Reverted check for returned length from driver
4.2 (2020-09-22)
manpages: Add BUGS section to let people know how to contact us
Makefile: Allow to preset all CFLAGS and LDFLAGS variables
tools: Consistently use snprintf instead of sprintf
Restrict addresses 0x03-0x07, too (defined by I2C standard)
decode-dimms: Print SPD revision for DDR3 too
Print primary bus width for DDR3 and DDR4
List ee1004 as a candidate driver
Display MAC for DDR3
Add MAC abbreviation for DDR4
Round DDR4 speed properly
Detect and report truncated input files
Print kernel driver used
Print DDR memory speed in MT/s
Add DDR5 memory types
Decode manufacturing data for LPDDR3
Fix the version string
Point the user to the right drivers
Update the list of vendors to Jedec JEP106BB
decode-vaio: Add support for the at24 driver
Scan more i2c buses
i2cset: Fix short writes with mask
i2ctransfer: Mention '-a' everywhere in the manpage
Support messages using I2C_M_RECV_LEN
Add check for returned length from driver
i2c-stub-from-dump: Read dumps from hexdump -C
library: Add a manual page to document the API
4.1 (2018-11-30)
Makefile: Make STRIP, DESTDIR and PREFIX overridable
tools: Fix potential buffer overflows in i2cbusses
Fix build race
Allow usage of reserved addresses with the '-a' flag
decode-dimms: Add preliminary DDR4 support
Decode size and timings of DDR4
Decode misc parameters of DDR4
Decode physical characteristics of DDR4
Documentation update for DDR4
Verify the CRC of DDR4 data block 1
Update manufacturer IDs (JEP106AX)
eeprog: Fix ambiguous parentheses
Fix build race
i2ctransfer: Rename option '-f' to '-a' for consistency
i2c-dev.h: Delete
library: Fix build race
Allow disabling the dynamic flavor
Mention the correct license in source files
py-smbus: Fix i2c_smbus_* error propagation
4.0 (2017-10-30)
tools: Fix build with recent compilers (gcc 4.6+)
Add examples to the manual pages
README: Clarify licenses
Mention the current maintainer
decode-dimms: Decode module configuration type of DDR2 SDRAM
Decode bus width extension of DDR3 SDRAM
Don't choke when no EEPROM is found
Don't make columns larger than they need to be
Make side-by-side output more robust
Print module organization of DDR SDRAM
Merge cells by default in side-by-side output
Print extra timing values of DDR SDRAM
Print DDR and DDR2 core timings for all supported CAS values
Print DDR2 equivalent speed of tCK max
Don't print undefined DDR2 SDRAM timings
Print SDR, DDR, DDR2, DDR3 core timings for all standard speeds
Update manufacturer IDs
Make DDR3 manufacturer count parity error non-fatal
Strip former manufacturer name in side-by-side output mode
Remove duplicate "ns" in SDR timings
Add section headers for SDR modules
Fix decoding of SDR SPD revision
Prevent hang on reserved DDR3 module type
Decode more DDR3 module types
Fix DDR3 tRAS decoding
Fix DDR3 core timings rounding
Round down PC3 numbers to comply with Jedec
Don't print the DDR3 time bases
Decode the FTB fields of DDR3 tCk, tAA, tRCD, tRP and tRC
Fix speed and PC3 number of high-speed DDR3 modules
Decode DDR3 reference card revision
Print width of all known DDR3 module types
Print physical characteristics for all DDR3 module types
Don't print raw SSTE32882 register values
Add support for Load Reduced DIMM (LRDIMM) DDR3 modules
Fully decode the DDR3 SDRAM Device Type field
Fix DDR3 extended temp range refresh rate decoding
Encode "degrees" to HTML degree symbol
Generate XHTML 1.1 compliant markup
Add a manual page
Correctly check for out-of-bounds vendor ID
Update manufacturer IDs (JEP106AQ)
decode-vaio: Add a manual page
eeprog: Add a manual page
Moved to a separate subdirectory
Increase delay after writes
eeprom: Add a manual page
Marked as deprecated
eepromer: Add a manual page
Marked as deprecated
i2cdetect: Do a best effort detection if functionality is missing
Clarify the SMBus commands used for probing by default
i2ctransfer: New tool to send user-defined I2C messages in one transfer
i2c-dev.h: Minimize differences with kernel flavor
Move SMBus helper functions to include/i2c/smbus.h
i2c-stub-from-dump: Be more tolerant on input dump format
library: New libi2c library
Properly propagate real error codes on read errors
Use I2C_SMBUS_BLOCK_MAX instead of hard-coding 32
lib/smbus.c: Add missing include which was causing a build error
py-smbus: Fix module level docs
Add support for python 3
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
