- Update from version 23.6 to 23.7
- Update of roiotfile not required
- Changelog
23.7
* build-sys: Make disable-statx work
* fuser: Fallback to stat() if no statx() Debian 1030747 #48
* fuser: silently ignore EACCES when scanning proc directories
* killall: small formatting fixes Debian #1037231
* pstree: Do not assume root PID #49
* pslog: include config.h #51!36
* misc: Update gettext to 0.21
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 10.42 to 10.43
- Update of rootfile
- Changelog
10.43
There are quite a lot of changes in this release (see ChangeLog and git log for
a list). Those that are not bugfixes or code tidies are:
* The JIT code no longer supports ARMv5 architecture.
* A new function pcre2_get_match_data_heapframes_size() for finer heap control.
* New option flags to restrict the interaction between ASCII and non-ASCII
characters for caseless matching and \d and friends. There are also new
pattern constructs to control these flags from within a pattern.
* Upgrade to Unicode 15.0.0.
* Treat a NULL pattern with zero length as an empty string.
* Added support for limited-length variable-length lookbehind assertions, with
a default maximum length of 255 characters (same as Perl) but with a function
to adjust the limit.
* Support for LoongArch in JIT.
* Perl changed the meaning of (for example) {,3} which did not used to be
recognized as a quantifier. Now it means {0,3} and PCRE2 has also changed.
Note that {,} is still not a quantifier.
* Following Perl, allow spaces and tabs after { and before } in all Perl-
compatible items that use braces, and also around commas in quantifiers. The
one exception in PCRE2 is \u{...}, which is from ECMAScript, not Perl, and
PCRE2 follows ECMAScript usage.
* Changed the meaning of \w and its synonyms and derivatives (\b and \B) in UCP
mode to follow Perl. It now matches characters whose general categories are L
or N or whose particular categories are Mn (non-spacing mark) or Pc
(combining punctuation).
* Changed the default meaning of [:xdigit:] in UCP mode to follow Perl. It now
matches the "fullwidth" versions of hex digits. PCRE2_EXTRA_ASCII_DIGIT can
be used to keep it ASCII only.
* Make PCRE2_UCP the default in UTF mode in pcre2grep and add -no_ucp,
--case-restrict and --posix-digit.
* Add --group-separator and --no-group-separator to pcre2grep.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 5.13 to 6.8
- Update of rootfile
- make on its own no longer needed. It goes straight to make install
- Changelog can be seen by reviewing the Changes file in each source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 1.24 to 1.24.1
- Update of rootfile not required
- Changelog
1.24.1
main.cc: Fix compilation failure on MinGW because of mkdir.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 4.9.0 to 4.9.1
- Update of rootfile
- Changelog
4.9.1
* Support stop/parity bits on serial port (#23952)
* Add needed system headers in checks and return values
for implicit function declarations
* Fixes:
- Avoid zombies after shell exit (#25089)
- Missed signal sending permission check on failed
query messages (CVE-2023-24626)
- manpage fixes
- source code fixes during cleanup
- UTF-8 encoding can emit invalid UTF-8 sequences
for out of range unicode values (#62097)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 1.6.0 to 1.6.1
- Update of rootfile
- Removal of patch for as changes now incorporated in source tarball.
- Changelog
1.6.1
build: fail if specified configure options cannot be satisfied.
pam_env: fixed --disable-econf --enable-vendordir support.
pam_unix: do not warn if password aging is disabled.
pam_unix: try to set uid to 0 before unix_chkpwd invocation.
pam_unix: allow empty passwords with non-empty hashes.
Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 2.5.1 to 2.6.4
- Update of rootfile
- Changelog
2.6.4
Use AX_ADD_FORTIFY_SOURCE to avoid redefining _FORTIFY_SOURCE by
@thesamesam in #103
Do not look up include files in the current working directory by
@DaanDeMeyer in #105
2.6.3
libkfont:
Don't look for fonts in the current directory.
showkey:
Add parameter to allow to change timeout.
po:
Update po files.
2.6.2
loadkeys:
Don't look for keymap in the current directory.
keymaps:
Add colemak mod-dh keymaps.
2.6.1
libkfont:
Fix font saving from linux kernel if KD_FONT_OP_GET_TALL is available.
Respect font height when writing psf2 header.
keymaps:
Create new 'mac-fr' layout for contemporary French Macs.
2.6.0
libkfont:
Leverage KD_FONT_OP_GET/SET_TALL font operations. The new
KD_FONT_OP_GET/SET_TALL font operations allow to load fonts taller
than 32 pixels by dropping the VGA-specific vertical pitch limitation
(requires kernel 6.2 or later).
Use threadsafe strtok_r.
Increase soname version.
setvtrgb:
Fix read from pipe. The pipe is not rewindable, but we don't really
need to rewind() but we need to unread one character.
keymaps:
i386/dvorak/dvorak-de.map: Add dvorak-de.map from console-data.
i386/qwerty/is-latin1.map: the circumflex should also be available in
its original level-3 position.
i386/qwerty/la-latin1.map: Convert the characters expressed in Latin-1
to the named constants, to ease up transition to Unicode.
pine/en.map: New version of pinephone keyboard map file.
unimaps:
Add mapping for U+25CF. The unicode maps in font files like
eurlatgr.psfu and cp850-8x16.psfu have an entry for U+25CF, but the
plaintext unimap files do not.
tests:
Use strace to track syscalls. Now strace is powerful enough to show
ioctls specific to console configuration.
po:
Update translations (from translationproject.org).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 1.7 to 1.7.1
- Update of rootfile not required
- Changelog
1.7.1
## Security
- CVE-2023-50246: Fix heap buffer overflow in jvp\_literal\_number\_literal
- CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload
## CLI changes
- Make the default background color more suitable for bright backgrounds.
@mjarosie @taoky @nicowilliams @itchyny #2904
- Allow passing the inline jq script after `--`. @emanuele6 #2919
- Restrict systems operations on OpenBSD and remove unused `mkstemp`.
@klemensn #2934
- Fix possible uninitialised value dereference if `jq_init()` fails.
@emanuele6 @nicowilliams #2935
## Language changes
- Simplify `paths/0` and `paths/1`. @asheiduk @emanuele6 #2946
- Reject `U+001F` in string literals. @torsten-schenk @itchyny @wader #2911
- Remove unused nref accumulator in `block_bind_library`. @emanuele6 #2914
- Remove a bunch of unused variables, and useless assignments.
@emanuele6 #2914
- main.c: Remove unused EXIT\_STATUS\_EXACT option. @emanuele6 #2915
- Actually use the number correctly casted from double to int as index.
@emanuele6 #2916
- src/builtin.c: remove unnecessary jv\_copy-s in
type\_error/type\_error2. @emanuele6 #2937
- Remove undefined behavior caught by LLVM 10 UBSAN. @Gaelan @emanuele6
#2926
- Convert decnum to binary64 (double) instead of decimal64. This makes
jq behave like the JSON specification suggests and more similar to
other languages. @wader @leonid-s-usov #2949
- Fix memory leaks on invalid input for `ltrimstr/1` and `rtrimstr/1`.
@emanuele6 #2977
- Fix memory leak on failed get for `setpath/2`. @emanuele6 #2970
- Fix nan from json parsing also for nans with payload that start with
'n'. @emanuele6 #2985
- Allow carriage return characters in comments. @emanuele6 #2942#2984
## Documentation changes
- Generate links in the man page. @emanuele6 #2931
- Standardize arch types to AMD64 & ARM64 from index page download
dropdown. @owenthereal #2884
## libjq
- Add extern C for C++. @rockwotj #2953
## Build and test changes
- Fix incorrect syntax for checksum file. @kamontat @wader #2899
- Remove `-dirty` version suffix for windows release build. @itchyny #2888
- Make use of `od` in tests more compatible. @nabijaczleweli @emanuele6
@nicowilliams #2922
- Add dependabot. @yeikel #2889
- Extend fuzzing setup to fuzz parser and and JSON serializer.
@DavidKorczynski @emanuele6 #2952
- Keep releasing executables with legacy names. @itchyny #2951
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 20240125 to 20240502
- Update of rootfile not required
- Changelog - update of iana-etc files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 1.20 to 1.20.2
- Update of root filr not required
- Changelog
1.20.2
A bug has been fixed that made global commands like 'g/x/s/x/x', with the last
delimiter omitted, print every substituted line twice.
(Bug introduced in 1.18. Reported by Douglas McIlroy).
1.20.1
New command-line options '+line', '+/RE', and '+?RE' have been implemented to
set the current line to the line number specified or to the first or last line
matching the regular expression 'RE'.
(Suggested by Matthew Polk and John Cowan).
File names containing control characters 1 to 31 are now rejected unless they
are allowed with the command-line option '--unsafe-names'.
File names containing control characters 1 to 31 are now printed using octal
escape sequences.
Ed now rejects file names ending with a slash.
Intervening commands that don't set the modified flag no longer make a second
'e' or 'q' command fail with a 'buffer modified' warning.
Tilde expansion is now performed on file names supplied to commands; if a file
name starts with '~/', the tilde (~) is expanded to the contents of the
variable HOME. (Suggested by John Cowan).
Ed now warns the first time that a command modifies a buffer loaded from a
read-only file. (Suggested by Dan Jacobson).
It has been documented that 'e' creates an empty buffer if file does not exist.
It has been documented that 'f' sets the default filename, whether or not its
argument names an existing file.
The description of the exit status has been improved in '--help' and in the
manual.
The variable MAKEINFO has been added to configure and Makefile.in.
It has been documented in INSTALL that when choosing a C standard, the POSIX
features need to be enabled explicitly:
./configure CFLAGS+='--std=c99 -D_POSIX_C_SOURCE=2'
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Updatre from version 2.14 to 2.15
- Update of rootfile
- Changelog
2.15
* Fix operation of --no-absolute-filenames --make-directories
* Restore access and modification times of symlinks in copy-in
and copy-pass modes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
We should not have any configuration files that we share in this place,
therefore this patch is moving it into /usr/share/openvpn where we
should be able to update it without any issues.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.8.1 to 2.8.2
- Update of rootfile
- Changelog
2.8.2
- Fix fallout of development in NUT v2.8.0 and/or v2.8.1:
* dstate machinery: a segmentation fault (null pointer dereference) was
possible with `INSTCMD` processing of commands without parameters nor
`TRACKING` identifier. [#2155]
* USB bus number detection for libusb-1.0 builds was overly zealous and
wrongly considered zero values as an error. [#2198]
* `upsmon` recognition of `CAL` state could linger after the calibration
activity was completed by the hardware, which led to mis-processing of
shutdown triggers. Also, notification was added to report "finished
calibration". [issue #2168, PR #2169]
* `upsmon` recognition of `OFF` state as a trigger for FSD (forced shut
down) criticality considered also the input line state, which may be
an independently evolving circumstance. [issue #2278, PR #2279]
* `upsmon` support for `POLLFAIL_LOG_THROTTLE_MAX` did not neuter the
applied setting when live-reloading configuration, so commenting it
away in `upsmon.conf` did not have the effect of resetting the logging
frequency to default. It also did not reset the counters to certainly
follow the new configuration for existing faults. [issue #2207, PR #2209]
* `upsmon` support for `POLLFAIL_LOG_THROTTLE_MAX` had an off-by-one error
(e.g. reporting "Data stale" or "Driver not connected" every 30 sec with
`POLLFAIL_LOG_THROTTLE_MAX 5` and `POLLFREQ 5` settings). [#2207]
* Drivers running with non-default user account (e.g. with `user=root`
in their configuration) failed to apply group ownership and permissions
to their Unix socket file for interaction with the local data server.
[#2185, #2096]
* Dispatcher script `scripts/python/app/NUT-Monitor` referenced `py3qt3`
instead of the correct `py3qt5`. It also tries to check both `py2gtk2`
and `py3qt5` implementations verbosely, even if one is not installed.
[#2199, #2201]
* Set the `DesktopFileName` in `scripts/python/app/NUT-Monitor-py3qt5`,
this binds the application with the desktop file and allow the Open
Desktop compatible implementation to display the proper icon and
application name. [#2205]
* Original recipe for `apc_modbus` strictly required USB support even if
building NUT without it. [#2262]
* Builds requested with a specific C/C++ language standard revision via
`CFLAGS` and `CXXFLAGS` should again be honoured. [PR #2306]
* Allow requesting detailed debug builds (with disabled optimizations for
binaries to best match the source code) for supported compilers using
`configure` script option `--with-debuginfo`. Note that default autoconf
behavior usually embeds moderate optimizations and debug information on
its own. [PR #2310]
* A fix applied among clean-ups between NUT v2.7.4 and v2.8.0 releases
backfired for `usbhid-ups` subdriver `belkin-hid` which in practice
relied on the broken older behavior; more details in its entry below.
[PR #2371]
- nut-usbinfo.pl, nut-scanner and libnutscan:
* Library API version for `libnutscan` was bumped from 2.2.0 to 2.5.0
during evolution of this NUT release.
* USB VendorID:ProductID support list files generated by the script for
different OS frameworks now include a comment with other possibly
compatible driver names, where the respective file format allows for
comments.
* Added the concept of `alt_driver_names` in `nutscan_device_t` structure
for ability to suggest a comment with other possibly compatible driver
names in configuration snippets generated by `nut-scanner`; practical
support implemented for USB connected drivers.
* Added the concept of commented-away suggested option values `comment_tag`
and a method to `nutscan_add_commented_option_to_device()`, instead of
hacks in prepared config data which broke some use-cases. [#2221]
* Command-line option `-U` for USB scan can now be specified several times
to increase the detail level about hardware link to the device (this was
previously always suggested, but may be not reliable if USB enumeration
gets changed over time). [#2221]
* Added generation of FreeBSD/pfSense quirks for USB devices supported
by NUT (may get installed to `$datadir` e.g. `/usr/local/share/nut`
and need to be pasted into your `/boot/loader.conf.local`). [#2159]
* nut-scanner now avoids creating ambiguous `nutdevN` device section names
when called separately to scan different media buses (one at a time).
Now the "bus" name would be embedded (e.g. non-colliding `nutdev-usb1`
and `nutdev-snmp1`). [#2247]
* nut-scanner can now discover NUT simulated devices (`.dev` and `.seq`
files) located in your sysconfig directory, and prepare configuration
sections with the simulation driver (currently `dummy-ups`). [#2246]
* nut-scanner now reports `dummy-ups` as driver when scanning NUT "bus"
with Old or Avahi method. [#2236, #2245]
- upsd: Fixed conditions for "no listening interface available" diagnosis
to check how many listeners we succeeded with, not whether the first one
succeeded or not. If not all requested (non-localhost) listeners were
available, default to fail the daemon start-up attempt; support for an
`ALLOW_NOT_ALL_LISTENERS` setting was added to control this behavior. [#723]
- NUT CI improvements:
* Added publishing recipes for PyNUT client bindings for NUT, so it ends
up in the link:https://pypi.org/project/PyNUTClient[PyPI repository].
[#2158]
* Added support for new `ccache` namespace concept, where possible. [#2256]
* Fixed an issue for builds configured `--without-usb`. [#2263]
* Added a fallback for `libgd` discovery (for CGI etc. builds). [#2287]
* Made `aspell` TeX module detection more reliable. [#2206]
* Fixed recipes for completely out-of-tree builds to pass with documentation
generation and checking on all tested "make" implementations. [#2318]
* Various other recipe and documentation clean-up efforts. [#2284, #2269,
#2261]
- main driver core codebase:
* Help users of drivers that can be built to support optionally USB and
other media (like `nutdrv_qx` built for serial-only support), and built
in fact without USB support but used for USB devices, with some more
information to make troubleshooting easier. [issue #2259, PR #2260]
* Driver programs with debug tracing support via `-D` CLI option and/or
the `NUT_DEBUG_LEVEL` environment variable now check those earlier in
their life-time, so that initialization routine can be debugged. [#2259]
* Multiple USB-capable drivers got options to customize `usb_config_index`
`usb_hid_rep_index`, `usb_hid_desc_index`, `usb_hid_ep_in` and
`usb_hid_ep_out` hardware connection settings via `ups.conf` options.
This is treated as experimental, not all code paths may be actually
using such values from `struct usb_communication_subdriver_t` rather
than hard-coded defaults. Discovery of correct values is up to the
user at the moment (using `lsusb`, internet search, luck...) [#2149]
- nut-driver-enumerator (NDE) service/script:
* The optional daemon mode (primarily useful for systems which monitor
a large and dynamic population of power devices) was enhanced with a
`--daemon-after` variant which parses the configuration once before
daemonization and this has a chance to fail while not forked off, as
well as to allow only completing the service unit initialization when
everything is actually ready to work (so further dependencies can start
at the proper time). [#682]
* Also applied other optimizations to the script implementation. [#682]
- powerpanel text driver now handles status responses in any format and should
support most devices. [#2156]
- tripplite_usb driver now allows any device to match if a particular Unit ID
was not specified in `ups.conf`. [PR #2297, issues #2282 and #2258]
- snmp-ups driver:
* added support for Eaton EMP002 sensor for ATS16 NM2 sub-driver. [#2286]
* mapping table updates for apc-mib sub-driver. [#2264]
- usbhid-ups driver:
* `arduino-hid` subdriver was enhanced from "initial bare bones" experimental
set of mapped data points to support some 20 more mappings to make it more
useful as an UPS driver, not just a controller developer sandbox. [#2188]
* `cps-hid` subdriver now supports devices branded as Cyber Energy and built
by cooperation with Cyber Power Systems. [#2312]
* `belkin-hid` subdriver now supports Liebert PSI5 devices which have a
different numeric reading scale than earlier handled models. [issue #2271,
PR #2272, PR #2369] Generally the wrong-scale processing was addressed,
including a regression in NUT v2.8.0 which led to zero values
in voltage data points which NUT v2.7.4 reported well [#2371]
* The `onlinedischarge` configuration flag name was too ambiguous and got
deprecated (will be supported but no longer promoted by documentation),
introducing `onlinedischarge_onbattery` as the meaningful alias. [#2213]
* Logged notifications about `OL+DISCHRG` state should now be throttled
(see the driver manual page for more details) [#2214, #2215]:
- If `battery.charge` is available, make the message when entering the
state and then only if the charge differs from that when we posted
the earlier message (e.g. really discharging) and is under
`onlinedischarge_log_throttle_hovercharge` value (defaults to 100%);
- Also can throttle to a time frequency configurable by a new option
`onlinedischarge_log_throttle_sec`, by default 30 sec if `battery.charge`
is not reported by the device (should be frequent by default, in case
the UPS-reported state combination does reflect a bad power condition).
- nutdrv_qx driver:
* Fixed handling of `battery_voltage_reports_one_pack` configuration flag
introduced in NUT v2.8.1. [originally by PR #1279; fixed by PR #2324,
issue #2325]
- Various code and documentation fixes for NSS crypto support. [#2274, #2268]
- Laid foundations for the SmartNUT effort (aiming to integrate drivers with
some other backends than the networked NUT data server process).
- Eaton contributed recipes and scripts used to create the IPP for Unix
bundle (aka Eaton IPSS Unix or UPP), a freely available value-added
packaging of NUT distributed as the UPS software companion for OSes
where their more complex UPS monitoring/management tools had not been
ported. This allows for delivery of NUT packages with an interactive
installer and some system integration scripts (events, notifications,
status, shutdown daemon...), and was contributed to the NUT upstream
project by Eaton -- provided "as is" at the moment, and may later serve
as foundation or inspiration for new NUT features. [#2288]
- nutconf (C++ library and tool to read and manage NUT configuration files)
was started in the open by Eaton employees and used in the IPP installer,
but the code lingered in a side branch. It was now brushed up to our common
best practices and added to the main codebase. As of this import, there are
known deficiencies in Windows platform support, as well as some un-awareness
about configuration key words which appeared in NUT since 2013. [#2290]
- The `tools/gitlog2changelog.py.in` script was revised, in particular to
convert section titles (with contributor names coming from Git metadata)
into plain ASCII character set, for `dblatex` versions which do not allow
diacritics and other kinds of non-trivial characters in sections. This can
cause successful builds of `ChangeLog.pdf` file on more platforms, but at
expense of a semi-cosmetic difference in those names. [PR #2360, PR #2366]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 3.8.4 to 3.9.0
- Update of rootfile
- With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With
previous versions the default value was no but to prevent the possibility of an smtp
smuggling attack the option should be yes. Previous version therefore actively set
the value to yes and added it to the main.cf file when being installed. With version
3.9.0 the default value is now yes so the option no longer needs to be added into
main.cf, so smtp smuggling attack is protected by default now.
- Removed the section from the install.sh file that added the option into main.cf with
version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be
actively added into main.cf
- Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This v2 version increments the PAK_VER number
- Update from version 4.19.5 to 4.20.1
- Update of rootfile
- Changelog
4.20.1
* BUG 15630: dns update debug message is too noisy.
* BUG 15635: Do not fail PAC validation for RFC8009 checksums types.
* BUG 15605: Improve performance of lookup_groupmem() in idmap_ad.
* BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only
flag.
* BUG 15611: http library doesn't support 'chunked transfer encoding'.
* BUG 15600: Provide a systemd service file for the background queue daemon.
4.20.0
The changelog is too large to show here. Details can be found at
https://www.samba.org/samba/history/samba-4.20.0.html
I did not identify any changes related to how samba is configured in IPFire
4.19.6
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
* BUG 15588: samba-gpupdate: Correctly implement site support.
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
* BUG 15588: samba-gpupdate: Correctly implement site support.
* BUG 15599: libgpo: Segfault in python bindings.
* BUG 15580: Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 3.2.7 to 3.3.0
- Update of rootfile not required
- Changelog
3.3.0
### BUG FIXES:
- Fixed a bug with `--sparse --inplace` where a trailing gap in the source
file would not clear out the trailing data in the destination file.
- Fixed an buffer overflow in the checksum2 code if SHA1 is being used for
the checksum2 algorithm.
- Fixed an issue when rsync is compiled using `_FORTIFY_SOURCE` so that the
extra tests don't complain about a strlcpy() limit value (which was too
large, even though it wasn't possible for the larger value to cause an
overflow).
- Add a backtick to the list of characters that the filename quoting needs
to escape using backslashes.
- Fixed a string-comparison issue in the internal handling of `--progress`
(a locale such as tr_TR.utf-8 needed the internal triggering of `--info`
options to use upper-case flag names to ensure that they match).
- Make sure that a local transfer marks the sender side as trusted.
- Change the argv handling to work with a newer popt library -- one that
likes to free more data than it used to.
- Rsync now calls `OpenSSL_add_all_algorithms()` when compiled against an
older openssl library.
- Fixed a problem in the daemon auth for older protocols (29 and before)
if the openssl library is being used to compute MD4 checksums.
- Fixed `rsync -VV` on Cygwin -- it needed a flush of stdout.
- Fixed an old stats bug that counted devices as symlinks.
### ENHANCEMENTS:
- Enhanced rrsync with the `-no-overwrite` option that allows you to ensure
that existing files on your restricted but writable directory can't be
modified.
- Enhanced the manpages to mark links with .UR & .UE. If your nroff doesn't
support these idioms, touch the file `.md2man-force` in the source
directory so that `md-convert` gets called with the `--force-link-text`
option, and that should ensure that your manpages are still readable
even with the ignored markup.
- Some manpage improvements on the handling of [global] modules.
- Changed the mapfrom & mapto perl scripts (in the support dir) into a
single python script named idmap. Converted a couple more perl scripts
into python.
- Changed the mnt-excl perl script (in the support dir) into a python
script.
### DEVELOPER RELATED:
- Updated config.guess (timestamp 2023-01-01) and config.sub (timestamp
2023-01-21).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 2.44.0 to 2.45.2
- Update of rootfile not required
- Changelog
2.45.2
In preparing security fixes for four CVEs, we made overly aggressive
"defense in depth" changes that broke legitimate use cases like 'git
lfs' and 'git annex.' This release is to revert these misguided, if
well-intentioned, changes that were shipped in 2.45.1 and were not
direct security fixes.
send-email: drop FakeTerm hack
send-email: avoid creating more than one Term::ReadLine object
ci: drop mention of BREW_INSTALL_PACKAGES variable
ci: avoid bare "gcc" for osx-gcc job
ci: stop installing "gcc-13" for osx-gcc
hook: plug a new memory leak
init: use the correct path of the templates directory again
Revert "core.hooksPath: add some protection while cloning"
tests: verify that `clone -c core.hooksPath=/dev/null` works again
clone: drop the protections where hooks aren't run
Revert "Add a helper function to compare file contents"
Revert "fsck: warn about symlink pointing inside a gitdir"
2.45.1
This release merges up the fix that appears in v2.39.4,
v2.40.2, v2.41.1, v2.42.2, v2.43.4 and v2.44.1 to address the
security issues CVE-2024-32002, CVE-2024-32004, CVE-2024-32020,
CVE-2024-32021 and CVE-2024-32465; see the release notes for
these versions for details.
2.45.0
Backward Compatibility Notes
UI, Workflows & Features
* Integrate the reftable code into the refs framework as a backend.
With "git init --ref-format=reftable", hopefully it would be a lot
more efficient to manage a repository with many references.
* "git checkout -p" and friends learned that that "@" is a synonym
for "HEAD".
* Variants of vimdiff learned to honor mergetool.<variant>.layout
settings.
* "git reflog" learned a "list" subcommand that enumerates known reflogs.
* When a merge conflicted at a submodule, merge-ort backend used to
unconditionally give a lengthy message to suggest how to resolve
it. Now the message can be squelched as an advice message.
* "git for-each-ref" learned "--include-root-refs" option to show
even the stuff outside the 'refs/' hierarchy.
* "git rev-list --missing=print" has learned to optionally take
"--allow-missing-tips", which allows the objects at the starting
points to be missing.
* "git merge-tree" has learned that the three trees involved in the
3-way merge only need to be trees, not necessarily commits.
* "git log --merge" learned to pay attention to CHERRY_PICK_HEAD and
other kinds of *_HEAD pseudorefs.
* Platform specific tweaks for OS/390 has been added to
config.mak.uname.
* Users with safe.bareRepository=explicit can still work from within
$GIT_DIR of a seconary worktree (which resides at .git/worktrees/$name/)
of the primary worktree without explicitly specifying the $GIT_DIR
environment variable or the --git-dir=<path> option.
* The output format for dates "iso-strict" has been tweaked to show
a time in the Zulu timezone with "Z" suffix, instead of "+00:00".
* "git diff" and friends learned two extra configuration variables,
diff.srcPrefix and diff.dstPrefix.
* The status.showUntrackedFiles configuration variable had a name
that tempts users to set a Boolean value expressed in our usual
"false", "off", and "0", but it only took "no". This has been
corrected so "true" and its synonyms are taken as "normal", while
"false" and its synonyms are taken as "no".
* Remove an ancient and not well maintained Hg-to-git migration
script from contrib/.
* Hints that suggest what to do after resolving conflicts can now be
squelched by disabling advice.mergeConflict.
* Allow git-cherry-pick(1) to automatically drop redundant commits via
a new `--empty` option, similar to the `--empty` options for
git-rebase(1) and git-am(1). Includes a soft deprecation of
`--keep-redundant-commits` as well as some related docs changes and
sequencer code cleanup.
* "git config" learned "--comment=<message>" option to leave a
comment immediately after the "variable = value" on the same line
in the configuration file.
* core.commentChar used to be limited to a single byte, but has been
updated to allow an arbitrary multi-byte sequence.
* "git add -p" and other "interactive hunk selection" UI has learned to
skip showing the hunk immediately after it has already been shown, and
an additional action to explicitly ask to reshow the current hunk.
* "git pack-refs" learned the "--auto" option, which defers the decision of
whether and how to pack to the ref backend. This is used by the reftable
backend to avoid repacking of an already-optimal ref database. The new mode
is triggered from "git gc --auto".
* "git add -u <pathspec>" and "git commit [-i] <pathspec>" did not
diagnose a pathspec element that did not match any files in certain
situations, unlike "git add <pathspec>" did.
* The userdiff patterns for C# has been updated.
* Git writes a "waiting for your editor" message on an incomplete
line after launching an editor, and then append another error
message on the same line if the editor errors out. It now clears
the "waiting for..." line before giving the error message.
* The filename used for rejected hunks "git apply --reject" creates
was limited to PATH_MAX, which has been lifted.
* When "git bisect" reports the commit it determined to be the
culprit, we used to show it in a format that does not honor common
UI tweaks, like log.date and log.decorate. The code has been
taught to use "git show" to follow more customizations.
Performance, Internal Implementation, Development Support etc.
* The code to iterate over refs with the reftable backend has seen
some optimization.
* More tests that are marked as "ref-files only" have been updated to
improve test coverage of reftable backend.
* Some parts of command line completion script (in contrib/) have
been micro-optimized.
* The way placeholders are to be marked-up in documentation have been
specified; use "_<placeholder>_" to typeset the word inside a pair
of <angle-brackets> emphasized.
* "git --no-lazy-fetch cmd" allows to run "cmd" while disabling lazy
fetching of objects from the promisor remote, which may be handy
for debugging.
* The implementation in "git clean" that makes "-n" and "-i" ignore
clean.requireForce has been simplified, together with the
documentation.
* Uses of xwrite() helper have been audited and updated for better
error checking and simpler code.
* Some trace2 events that lacked def_param have learned to show it,
enriching the output.
* The parse-options code that deals with abbreviated long option
names have been cleaned up.
* The code in reftable backend that creates new table files works
better with the tempfile framework to avoid leaving cruft after a
failure.
* The reftable code has its own custom binary search function whose
comparison callback has an unusual interface, which caused the
binary search to degenerate into a linear search, which has been
corrected.
* The code to iterate over reflogs in the reftable has been optimized
to reduce memory allocation and deallocation.
* Work to support a repository that work with both SHA-1 and SHA-256
hash algorithms has started.
* A new fuzz target that exercises config parsing code has been
added.
* Fix the way recently added tests interpolate variables defined
outside them, and document the best practice to help future
developers.
* Introduce an experimental protocol for contributors to propose the
topic description to be used in the "What's cooking" report, the
merge commit message for the topic, and in the release notes and
document it in the SubmittingPatches document.
* The t/README file now gives a hint on running individual tests in
the "t/" directory with "make t<num>-*.sh t<num>-*.sh".
(merge 8d383806fc pb/test-scripts-are-build-targets later to maint).
* The "hint:" messages given by the advice mechanism, when given a
message with a blank line, left a line with trailing whitespace,
which has been cleansed.
* Documentation rules has been explicitly described how to mark-up
literal parts and a few manual pages have been updated as examples.
* The .editorconfig file has been taught that a Makefile uses HT
indentation.
* t-prio-queue test has been cleaned up by using C99 compound
literals; this is meant to also serve as a weather-balloon to smoke
out folks with compilers who have trouble compiling code that uses
the feature.
* Windows binary used to decide the use of unix-domain socket at
build time, but it learned to make the decision at runtime instead.
* The "shared repository" test in the t0610 reftable test failed
under restrictive umask setting (e.g. 007), which has been
corrected.
* Document and apply workaround for a buggy version of dash that
mishandles "local var=val" construct.
* The codepaths that reach date_mode_from_type() have been updated to
pass "struct date_mode" by value to make them thread safe.
* The strategy to compact multiple tables of reftables after many
operations accumulate many entries has been improved to avoid
accumulating too many tables uncollected.
* The code to iterate over reftable blocks has seen some optimization
to reduce memory allocation and deallocation.
* The way "git fast-import" handles paths described in its input has
been tightened up and more clearly documented.
* The cvsimport tests required that the platform understands
traditional timezone notations like CST6CDT, which has been
updated to work on those systems as long as they understand
POSIX notation with explicit tz transition dates.
* The code to format trailers have been cleaned up.
2.44.0
* "git apply" on a filesystem without filemode support have learned
to take a hint from what is in the index for the path, even when
not working with the "--index" or "--cached" option, when checking
the executable bit match what is required by the preimage in the
patch.
(merge 45b625142d cp/apply-core-filemode later to maint).
* "git column" has been taught to reject negative padding value, as
it would lead to nonsense behaviour including division by zero.
(merge 76fb807faa kh/column-reject-negative-padding later to maint).
* "git am --help" now tells readers what actions are available in
"git am --whitespace=<action>", in addition to saying that the
option is passed through to the underlying "git apply".
(merge a171dac734 jc/am-whitespace-doc later to maint).
* "git tag --column" failed to check the exit status of its "git
column" invocation, which has been corrected.
(merge 92e66478fc rj/tag-column-fix later to maint).
* Credential helper based on libsecret (in contrib/) has been updated
to handle an empty password correctly.
(merge 8f1f2023b7 mh/libsecret-empty-password-fix later to maint).
* "git difftool --dir-diff" learned to honor the "--trust-exit-code"
option; it used to always exit with 0 and signalled success.
(merge eb84c8b6ce ps/difftool-dir-diff-exit-code later to maint).
* The code incorrectly attempted to use textconv cache when asked,
even when we are not running in a repository, which has been
corrected.
(merge affe355fe7 jk/textconv-cache-outside-repo-fix later to maint).
* Remove an empty file that shouldn't have been added in the first
place.
(merge 4f66942215 js/remove-cruft-files later to maint).
* The logic to access reflog entries by date and number had ugly
corner cases at the boundaries, which have been cleaned up.
(merge 5edd126720 jk/reflog-special-cases-fix later to maint).
* An error message from "git upload-pack", which responds to "git
fetch" requests, had a trailing NUL in it, which has been
corrected.
(merge 3f4c7a0805 sg/upload-pack-error-message-fix later to maint).
* Clarify wording in the CodingGuidelines that requires <git-compat-util.h>
to be the first header file.
(merge 4e89f0e07c jc/doc-compat-util later to maint).
* "git commit -v --cleanup=scissors" used to add the scissors line
twice in the log message buffer, which has been corrected.
(merge e90cc075cc jt/commit-redundant-scissors-fix later to maint).
* A custom remote helper no longer cannot access the newly created
repository during "git clone", which is a regression in Git 2.44.
This has been corrected.
(merge 199f44cb2e ps/remote-helper-repo-initialization-fix later to maint).
* Various parts of upload-pack have been updated to bound the resource
consumption relative to the size of the repository to protect from
abusive clients.
(merge 6cd05e768b jk/upload-pack-bounded-resources later to maint).
* The upload-pack program, when talking over v2, accepted the
packfile-uris protocol extension from the client, even if it did
not advertise the capability, which has been corrected.
(merge a922bfa3b5 jk/upload-pack-v2-capability-cleanup later to maint).
* Make sure failure return from merge_bases_many() is properly caught.
(merge 25fd20eb44 js/merge-base-with-missing-commit later to maint).
* FSMonitor client code was confused when FSEvents were given in a
different case on a case-insensitive filesystem, which has been
corrected.
(merge 29c139ce78 jh/fsmonitor-icase-corner-case-fix later to maint).
* The "core.commentChar" configuration variable only allows an ASCII
character, which was not clearly documented, which has been
corrected.
(merge fb7c556f58 kh/doc-commentchar-is-a-byte later to maint).
* With release 2.44 we got rid of all uses of test_i18ngrep and there
is no in-flight topic that adds a new use of it. Make a call to
test_i18ngrep a hard failure, so that we can remove it at the end
of this release cycle.
(merge 381a83dfa3 jc/test-i18ngrep later to maint).
* The command line completion script (in contrib/) learned to
complete "git reflog" better.
(merge 1284f9cc11 rj/complete-reflog later to maint).
* The logic to complete the command line arguments to "git worktree"
subcommand (in contrib/) has been updated to correctly honor things
like "git -C dir" etc.
(merge 3574816d98 rj/complete-worktree-paths-fix later to maint).
* When git refuses to create a branch because the proposed branch
name is not a valid refname, an advice message is given to refer
the user to exact naming rules.
(merge 8fbd903e58 kh/branch-ref-syntax-advice later to maint).
* Code simplification by getting rid of code that sets an environment
variable that is no longer used.
(merge 72a8d3f027 pw/rebase-i-ignore-cherry-pick-help-environment later to maint).
* The code to find the effective end of log messages can fall into an
endless loop, which has been corrected.
(merge 2541cba2d6 fs/find-end-of-log-message-fix later to maint).
* Mark-up used in the documentation has been improved for
consistency.
(merge 45d5ed3e50 ja/doc-markup-fixes later to maint).
* The status.showUntrackedFiles configuration variable was
incorrectly documented to accept "false", which has been corrected.
* Leaks from "git restore" have been plugged.
(merge 2f64da0790 rj/restore-plug-leaks later to maint).
* "git bugreport --no-suffix" was not supported and instead
segfaulted, which has been corrected.
(merge b3b57c69da js/bugreport-no-suffix-fix later to maint).
* The documentation for "%(trailers[:options])" placeholder in the
"--pretty" option of commands in the "git log" family has been
updated.
(merge bff85a338c bl/doc-key-val-sep-fix later to maint).
* "git checkout --conflict=bad" reported a bad conflictStyle as if it
were given to a configuration variable; it has been corrected to
report that the command line option is bad.
(merge 5a99c1ac1a pw/checkout-conflict-errorfix later to maint).
* Code clean-up in the "git log" machinery that implements custom log
message formatting.
(merge 1c10b8e5b0 jk/pretty-subject-cleanup later to maint).
* "git config" corrupted literal HT characters written in the
configuration file as part of a value, which has been corrected.
(merge e6895c3f97 ds/config-internal-whitespace-fix later to maint).
* A unit test for reftable code tried to enumerate all files in a
directory after reftable operations and expected to see nothing but
the files it wanted to leave there, but was fooled by .nfs* cruft
files left, which has been corrected.
(merge 0068aa7946 ps/reftable-unit-test-nfs-workaround later to maint).
* The implementation and documentation of "object-format" option
exchange between the Git itself and its remote helpers did not
quite match, which has been corrected.
* The "--pretty=<shortHand>" option of the commands in the "git log"
family, defined as "[pretty] shortHand = <expansion>" should have
been looked up case insensitively, but was not, which has been
corrected.
(merge f999d5188b bl/pretty-shorthand-config-fix later to maint).
* "git apply" failed to extract the filename the patch applied to,
when the change was about an empty file created in or deleted from
a directory whose name ends with a SP, which has been corrected.
(merge 776ffd1a30 jc/apply-parse-diff-git-header-names-fix later to maint).
* Update a more recent tutorial doc.
(merge 95ab557b4b dg/myfirstobjectwalk-updates later to maint).
* The test script had an incomplete and ineffective attempt to avoid
clobbering the testing user's real crontab (and its equivalents),
which has been completed.
(merge 73cb87773b es/test-cron-safety later to maint).
* Use advice_if_enabled() API to rewrite a simple pattern to
call advise() after checking advice_enabled().
(merge 6412d01527 rj/use-adv-if-enabled later to maint).
* Another "set -u" fix for the bash prompt (in contrib/) script.
(merge d7805bc743 vs/complete-with-set-u-fix later to maint).
* "git checkout/switch --detach foo", after switching to the detached
HEAD state, gave the tracking information for the 'foo' branch,
which was pointless.
* "git apply" has been updated to lift the hardcoded pathname length
limit, which in turn allowed a mksnpath() function that is no
longer used.
(merge 708f7e0590 rs/apply-lift-path-length-limit later to maint).
* A file descriptor leak in an error codepath, used when "git apply
--reject" fails to create the *.rej file, has been corrected.
(merge 2b1f456adf rs/apply-reject-fd-leakfix later to maint).
* A config parser callback function fell through instead of returning
after recognising and processing a variable, wasting cycles, which
has been corrected.
(merge a816ccd642 ds/fetch-config-parse-microfix later to maint).
* Fix was added to work around a regression in libcURL 8.7.0 (which has
already been fixed in their tip of the tree).
(merge 92a209bf24 jk/libcurl-8.7-regression-workaround later to maint).
* The variable that holds the value read from the core.excludefile
configuration variable used to leak, which has been corrected.
(merge 0e0fefb29f jc/unleak-core-excludesfile later to maint).
* vreportf(), which is used by error() and friends, has been taught
to give the error message printf-format string when its vsnprintf()
call fails, instead of showing nothing useful to identify the
nature of the error.
(merge c63adab961 rs/usage-fallback-to-show-message-format later to maint).
* Adjust to an upcoming changes to GNU make that breaks our Makefiles.
(merge 227b8fd902 tb/make-indent-conditional-with-non-spaces later to maint).
* Git 2.44 introduced a regression that makes the updated code to
barf in repositories with multi-pack index written by older
versions of Git, which has been corrected.
* When .git/rr-cache/ rerere database gets corrupted or rerere is fed to
work on a file with conflicted hunks resolved incompletely, the rerere
machinery got confused and segfaulted, which has been corrected.
(merge 167395bb47 mr/rerere-crash-fix later to maint).
* The "receive-pack" program (which responds to "git push") was not
converted to run "git maintenance --auto" when other codepaths that
used to run "git gc --auto" were updated, which has been corrected.
(merge 7bf3057d9c ps/run-auto-maintenance-in-receive-pack later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge f0e578c69c rs/use-xstrncmpz later to maint).
(merge 83e6eb7d7a ba/credential-test-clean-fix later to maint).
(merge 64562d784d jb/doc-interactive-singlekey-do-not-need-perl later to maint).
(merge c431a235e2 cp/t9146-use-test-path-helpers later to maint).
(merge 82d75402d5 ds/doc-send-email-capitalization later to maint).
(merge 41bff66e35 jc/doc-add-placeholder-fix later to maint).
(merge 6835f0efe9 jw/remote-doc-typofix later to maint).
(merge 244001aa20 hs/rebase-not-in-progress later to maint).
(merge 2ca6c07db2 jc/no-include-of-compat-util-from-headers later to maint).
(merge 87bd7fbb9c rs/fetch-simplify-with-starts-with later to maint).
(merge f39addd0d9 rs/name-rev-with-mempool later to maint).
(merge 9a97b43e03 rs/submodule-prefix-simplify later to maint).
(merge 40b8076462 ak/rebase-autosquash later to maint).
(merge 3223204456 eg/add-uflags later to maint).
(merge 5f78d52dce es/config-doc-sort-sections later to maint).
(merge 781fb7b4c2 as/option-names-in-messages later to maint).
(merge 51d41dc243 jk/doc-remote-helpers-markup-fix later to maint).
(merge e1aaf309db pb/ci-win-artifact-names-fix later to maint).
(merge ad538c61da jc/index-pack-fsck-levels later to maint).
(merge 67471bc704 ja/doc-formatting-fix later to maint).
(merge 86f9ce7dd6 bl/doc-config-fixes later to maint).
(merge 0d527842b7 az/grep-group-error-message-update later to maint).
(merge 7c43bdf07b rs/strbuf-expand-bad-format later to maint).
(merge 8b68b48d5c ds/typofix-core-config-doc later to maint).
(merge 39bb692152 rs/imap-send-use-xsnprintf later to maint).
(merge 8d320cec60 jc/t2104-style-fixes later to maint).
(merge b4454d5a7b pw/t3428-cleanup later to maint).
(merge 84a7c33a4b pf/commitish-committish later to maint).
(merge 8882ee9d68 la/mailmap-entry later to maint).
(merge 44bdba2fa6 rs/no-openssl-compilation-fix-on-macos later to maint).
(merge f412d72c19 yb/replay-doc-linkfix later to maint).
(merge 5da40be8d7 xx/rfc2822-date-format-in-doc later to maint).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This architecture does not seem to be support and since we don't support
this as a primary architecture just yet, we will build without this
package.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
the kernel developers has removed a reset at bring the
device first up to save time. At my test's this result in
not detecting the link correct. This readd the reset and at
my tests the device has worked.
fixes#13692
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- hyperscan will move from BSD licence to a proprietary paid for licence from version 5.5
onwards.
- hyperscan will be replaced by vectorscan, a fork of hyperscan.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- It has been announced that from hyperscan-5.5 onwards the licence for this package
will change from BSD tp proprietarty paid for version
- This patch submission installs vectorscan whihc was created as a fork from hyperscan
andf that is being maintained and has indicated it will suay Open Source
- Created new lfs file
- Created nbew rootfile. This looks to match the hyperscan rootfile closely
- Added vector scan to the make.sh file and removed hyperscan from it.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This release fixes CVE-2024-25581, a denial of service security issue affecting versions 1.9.0, 1.9.1, 1.9.2 and 1.9.3 only. Earlier versions are not affected.
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Previously this patch was reverted due to Grub not being able to boot with it.
This was fixed in Grub-2.12
- Confirmed on my vm testbed that a CU186 install with this e2fsprogs version was able
to complete the install when the reboot button at the end of the first install stage
was completed.
- Update from version 1.46.5 to 1.47.0
- Update of rootfile not required
- Changelog
E2fsprogs 1.47.0 (February 5, 2023)
Updates/Fixes since v1.46.6:
UI and Features
Add support for the orphan_file feature, which speeds up workloads that
are deleting or truncating a large number files in parallel. This
compat feature was first supported in the v5.15 Linux kernel.
The mke2fs program (via the mke2fs.conf file) now enables the
metadata_csum_seed and orphan_file features by default. The
metadata_csum_seed feature is an incompat feature which is first
supported in the Linux kernel starting in the 4.4 kernel and e2fsprogs
1.43.
Mke2fs now supports the extended option "assume_storage_prezeroed" which
causes mke2fs to skip zeroing the journal and inode tables and to mark
the inode tables as zeroed.
Add support to tune2fs and e2label to set the label and UUID for a
mounted file system using a ioctl, which is more reliable than modifying
the superblock via writing to the block device. The kernel support for
setting the label landed in v5.17, while the support for adding the UUID
landed in v6.0. If the ioctls are not supported, tune2fs and e2label
will fall back old strategy of directly modifying the superblock.
Allow tune2fs to disable the casefold feature after scanning all of the
directories do not have the Casefold flag set.
Fixes
Fix a potential unbalanced mutex unlock when there is a short read while
using the bounce buffer when using direct I/O.
Performance, Internal Implementation, Development Support etc.
Fix various Coverity and compiler warnings.
Add the new function ext2fs_xattrs_read_inode() which takes an in-memory
inode to avoid needing to reread an inode that was already read into
memory.
Teach debugfs logdump command the -n option which forces printing a
specified number of transactions, even when a block missing a magic
number would have stopped the logdump. (This is for debugging
journalling problems.)
E2fsprogs 1.46.6 (February 1, 2023)
Updates/Fixes since v1.46.5:
UI and Features
Debugfs's ncheck command now allows the inode number to be surrounded by
angle brackets, to be consistent with other debugfs commands.
Debugfs no longer prints a scary message when debugfs -c (which enables
"catastrophic mode") is used. This was intended to allow debugfs to
operate on very badly corrupted file systems, but it is now sometimes
used to suppress reading the block and inode bitmaps when they are not
needed.
Resize2fs will round down the requested new file system size to the
nearest cluster boundary when resizing bigalloc file systems.
Improve error messages issued by badblocks.
Fuse2fs now supports an offset=<bytes> option which allows operating on
a file system image which is located starting at the specified offset
from the beginning of the image.
Fixes
Pre-v6.2 Linux kernels had long-standing bug in how the extended
attribute hash was calculated when there were non-ASCII characters in
the xattr name, when the hash would be different depending on whether
the C 'char' type was signed or unsigned. To address this bug, starting
with e2fsprogs 1.46.6+ and Linux 6.2+, we will accept either the signed
or unsigned hash variant, but only set the unsigned hash variant. Since
extended attribute names are in practice composed of ASCII characters,
other than various tests (such as generic/454), most users will
hopefully not notice this change.
Avoid triggering udev in dumpe2fs and "resize2fs -P" for file systems
with MMP enabled by opening the device read-only when reading the MMP
block.
Fix MMP handling so it can notice when another writer has modify the MMP
block out from under it when stopping a MMP sessions.
Fix tune2fs so it will detect another device stealing the MMP sessions
while rewriting metadata checksums.
E2fsck will now check to make sure the journal inode does not have the
encrypt flag set.
Fix a deadlock bug in e2fsck's error handler when there are errors
trying to write to the file system.
Fix a bug where e2fsck could fail when specifying an undo file and an
explicit superblock number.
Fix e2image so it won't potentially loop forever for certain invalid
file systems.
Fix resize2fs to honor the E2FSPROGS_FAKE_TIME environment variable.
This allows embedded system builders who use resize2fs as part of their
image build process to create reproducible images.
Fix tune2fs to avoid a crash if the journal replay fails and to make
sure its exit status is non-zero if there is some failure.
Fix tune2fs, fuse2fs, and debugsfs to update j_tail_sequence when
replaying the journal.
Add additional bullet-proofing for very badly corrupted file systems.
Try avoid UBSAN warnings, null pointer derferences, and other memory
bugs. (Addresses CVE-2022-1304)
Don't fail when the source directory for mke2fs -d doesn't support
extended attributese.
Check for and handle malloc() failures when computing the log filename
in e2fsck and in the libss library.
Fix tune2fs and e2fsck to accept pathames which include '=' characters.
Previously arguments to tune2fs and e2fsck which included '=' characters
are presumed to be blkid specifiers such as UUID=xxx or LABEL=yyy. If a
specifier is both a valid pathname name and blkid tag name specifier,
priority is given to a blkid resolved pathname.
Improve tune2fs's error messages.
Fix a bug in tune2fs which could cause it to crash if device goes
off-line just as it being opened.
Fix the fsck driver so if it is interrupted while running fsck -N it
doesn't end up kllling all processes on the system.
Fix a crash in badblocks when the user specifies an overly large
number of blocks tested at a time in read/write or nondestructive
mode.
Update and clarify's chattr's man page and usage message. Fix spelling
typo's in a variety of different man pages and comments.
Performance, Internal Implementation, Development Support etc.
Update to autoconf 2.71.
Update flags used to create shared library on Darwin/MacOS.
Speed up e2fsck's clonning of multiply-claimed blocks so it is
substantially faster on very large file systems.
Add tests/fuzz directory with fuzzers from oss-fuzz.
Add a Github Actions configuration file so that Github will run CI tests
on Linux, Windows and MacOS on a push to the e2fsprogs github repo.
Make the mtab parsing in ext2fs_check_mount_point() more careful so it
won't get confused when a block device shows up in the mnt_name field
for a virtual file system.
Fix the libss's Makefile to create the man page directory before trying
to install its man page.
Fix various Coverity and compiler warnings.
Make tests more portable on various different OS's and system
configurations (e.g., with SELinux enabled, MacOS, and Windows)
Use mallinfo2() instead of mallinfo() where avilable, since mallinfo()
is deprecated on newer glibc versions.
E2fsck will no longer do a full scan of disconnected directory when
trying to print the parent directory, which is pointless and can slow
down e2fsck if there are a large number of disconnected directories.
Debugfs will now print the extended attribute's e_hash field.
Fix the setup-schroot script to work on non-Linux platforms.
Fix ext2fs_compare_generic_bmap() so it correctly compares all of the
bits in the bitmap, and so that it works correctly when comparing a
bitarray bitmap with a rbtree-based bitmap. (Fortunately, none of the
programs in e2fsprogs uses bitmap comparison functions.)
Fix memory leaks on error paths.
Add support for the configure option --enable-largefile so that
e2fsprogs can utilize largefile support for the MUSL C library.
Add an note that the dict library code has been modified, as required by
the Kazlib license.
Synchronized changes from Android's AOSP e2fsprogs tree.
Updated config.guess and config.sub with newer versions from the FSF.
Add Friulian translation.
Update Chinese, Czech, Dutch, French, German, Malay, Polish, Serbian,
Spanish, Swedish, and Ukrainian translations.
Fixes: bug#13073
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
