- Update from version 23.08.0 to 24.01.0
- Update of rootfile
- Changelog
24.01.0:
core:
* Don't crash on certain documents on the NSS signature backend
* Fix infinite loop in some annotation code if there's not space for
even one character
* Fix build on Android with generic font configuration
* Small internal code cleanup
23.12.0:
core:
* Rewrite FoFiType1::parse to be more flexible. Issue #1422
* Small internal code refactoring
23.11.0:
core:
* CairoOutputDev: Use internal downscaling algorithm if image exceeds
Cairo's maximum dimensions.
* Internal code improvements
* Fix crash on malformed files
utils:
* pdftocairo: Add option to document logical structure if output is pdf
* pdftocairo: EPS output should not contain %%PageOrientation
23.10.0:
core:
* cairo: update type 3 fonts for cairo 1.18 api
* Fix crash on malformed files
build system:
* Make a few more dependencies soft-mandatory
* Add more supported gnupg releases
* Check if linker supports version scripts
23.09.0:
core:
* Add Android-specific font matching functionality
* Fix digital signatures for NeedAppearance=true
* Forms: Don't look up same glyph multiple times
* Provide the key location for certificates you can sign with
* Add ToUnicode support for similarequal
* Fix crash on malformed files
qt5:
* Provide the key location for certificates you can sign with
* Allow to force a rasterized overprint preview during PS conversion
qt6:
* Provide the key location for certificates you can sign with
* Allow to force a rasterized overprint preview during PS conversion
pdfsig:
* Provide the key location for certificates you can sign with
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.10.0 to 10.0.0
- Update of rootfile
- Changelog is too large to include here. Details can be found in the NEWS.rst file in the
source tarball
CVE-2023-3750 was fixed in version 9.6.0
Fix race condition in storage driver leading to a crash
In **libvirt-8.3** a bug was introduced which in rare cases could cause
``libvirtd`` or ``virtstoraged`` to crash if multiple clients attempted to
look up a storage volume by key, path or target path, while other clients
attempted to access something from the same storage pool.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.3.4 to 2.4.1
- Update of rootfile
- Changelog
2.4.1 (2023-07-20)
No change information available anywhere that I could find
2.4.0 (2023-01-18)
No change information available anywhere that I could find
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 10.0.0 to 10.2.1
- Update of rootfile
- Changelog is a bit too large to include here. Details can be found in ChangeLog.md file
in source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
new openssl need at least 2048 bit rsa keys for apache.
So if the existing is smaller a new 4096 bit key is generated.
fixes#13527
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
To quote from the kernel documentation:
> Historically the kernel has allowed TIOCSTI, which will push
> characters into a controlling TTY. This continues to be used
> as a malicious privilege escalation mechanism, and provides no
> meaningful real-world utility any more. Its use is considered
> a dangerous legacy operation, and can be disabled on most
> systems.
>
> Say Y here only if you have confirmed that your system's
> userspace depends on this functionality to continue operating
> normally.
>
> Processes which run with CAP_SYS_ADMIN, such as BRLTTY, can
> use TIOCSTI even when this is set to N.
>
> This functionality can be changed at runtime with the
> dev.tty.legacy_tiocsti sysctl. This configuration option sets
> the default value of the sysctl.
This patch therefore proposes to no longer allow legacy TIOCSTI usage
in IPFire, given its security implications and the apparent lack of
legitimate usage.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This script has been modified when we touched ExtraHD in Core Update
179/180, but has been forgotten to be shipped.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The "ping" plugin does not re-resolve the gateway IP address after
pinging it for the first time. For most people this won't be a big
problem, but if the default gateway changes, the latency graph won't
work any more.
In order to do re-resolve "gateway", the only way is to restart
collectd.
Fixes: #13522
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- lfs and toorfile created for wsdd
- wsdd added to make.sh script
- created install/update/uninstall scripts for wsdd that create an unpriveleged user and
group.
- initscript created for wsdd. As wsdd is a python3 script, when it is run as a daemon the
pidof command does not find any pid for wsdd. So a directory/file for a pid file was
created. This is then passed to the loadproc and killproc commands. After the loadproc
command has been created the pid is extracted from the ps aux command and put into the
pid file. This then works when running the killproc command for it to know what to go
and stop. The statusproc command does not have the ability to feed in the pid from a
pid file and so it fails to find a running wsdd as it uses the pidof command. Code was
added to the status section of the initscript to check if the pid file exists and if so
to print the same command as used with the statusproc command, and also the same
wording if the pid file does not exist because wsdd is not running.
- info from the ethernet/settings file is used to identify if only green0 is available or
if blue0 is also used and based on this the appropriate interface commands are added to
the wsdd command.
- wsdd is also set up to run in a chroot
- Has been tested on my vm testbed, initially by editing the files on the vm clone. After
everything confiremd to be working, the build was successfully carried out and the
.ipfire package was copied to a new vm clone installed and shown to perform as expected.
This test only confirms that wsdd is correctly installed and started. Shutsdown and
restarts on reboot successfully. Confirmed from the ps aux info that wsdd has been
started with the correct options. Thge testing can not evaluate if wsdd enables windows
systems newer than version 7 top be able to detect the samba shares as I have no
windows systems.
Fixes: Bug13445
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
According to the source tarball's NEWS file:
- Improvements
- Allow passing a path to modprobe so the module is loaded from
anywhere from the filesystem, but still handling the module
dependencies recorded in the indexes. This is mostly intended for kernel
developers to speedup testing their kernel modules without having to load the
dependencies manually or override the module in /usr/lib/modules/.
Now it's possible to do:
# modprobe ./drivers/gpu/drm/i915/i915.ko
As long as the dependencies didn't change, this should do the right thing
- Use in-kernel decompression if available. This will check the runtime support
in the kernel for decompressing modules and use it through finit_module().
Previously kmod would fallback to the older init_module() when using
compressed modules since there wasn't a way to instruct the kernel to
uncompress it on load or check if the kernel supported it or not.
This requires a recent kernel (>= 6.4) to have that support and
in-kernel decompression properly working in the kernel.
- Make modprobe fallback to syslog when stderr is not available, as was
documented in the man page, but not implemented
- Better explaing `modprobe -r` and how it differentiates from rmmod
- depmod learned a `-o <dir>` option to allow using a separate output
directory. With this, it's possible to split the output files from
the ones used as input from the kernel build system
- Add compat with glibc >= 2.32.9000 that dropped __xstat
- Improve testsuite to stop skipping tests when sysconfdir is something
other than /etc
- Build system improvements and updates
- Change a few return codes from -ENOENT to -ENODATA to avoid confusing output
in depmod when the module itself lacks a particular ELF section due to e.g.
CONFIG_MODVERSIONS=n in the kernel.
- Bug Fixes
- Fix testsuite using uninitialized memory when testing module removal
with --wait
- Fix testsuite not correctly overriding the stat syscall on 32-bit
platforms. For most architectures this was harmless, but for MIPS it
was causing some tests to fail.
- Fix handling unknown signature algorithm
- Fix linking with a static liblzma, libzstd or zlib
- Fix memory leak when removing module holders
- Fix out-of-bounds access when using very long paths as argument to rmmod
- Fix warnings reported by UBSan
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Noteworthy changes in this release, according to
https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00001.html :
* New option --ignore-dirnlink
Valid in copy-out mode, it instructs cpio to ignore the actual number
of links reported for each directory member and always store 2
instead.
* Changes in --reproducible option
The --reproducible option implies --ignore-dirlink. In other words,
it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes.
* Use GNU ls algorithm for deciding timestamp format in -tv mode
* Bugfixes
** Fix cpio header verification.
** Fix handling of device numbers on copy out.
** Fix calculation of CRC in copy-out mode.
** Rewrite the fix for CVE-2015-1197.
** Fix combination of --create --append --directory.
** Fix appending to archives bigger than 2G.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.2.0 to 2.3.0
- Update of rootfile
2.3.0
- Changes:
* Rename PLIST_UINT to PLIST_INT and add plist_new_int() and plist_get_int_val()
* Add support for JSON format
* Add support for OpenStep format
* Introduce error codes and format constants
* Add return value to import/export functions to allow returning error codes
* Add new plist_sort function
* Add several human-readable output-only formats
* Add new plist_write_to_string/_stream/_file functions
* Add new plist_print function
* Add new plist_read_from_file function
* Add new plist_mem_free() function
* Add a few C++ methods
* Add C++ interface test
* Add PLIST_NULL type
* Some code housekeeping (mostly clang-tidy)
- Breaking:
* plist_from_memory() gets additional parameter
- Bugfixes:
* Fix multiple bugs in all of the parsers
* Fix handling of PLIST_UID nodes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.5.4 to 2.5.5
- Update of rootfile
- Changelog
2.5.5 - December 1, 2023
* Update the syscall table for Linux v6.7-rc3
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.14.1 to 2.15.0
- Update of rootfile
- Autogen no longer required
- fcobjshash.h is no longer in tarball from version 2.13.1
- Changelog
2.15
Do not change the order of orth files
Convert tabs to spaces
Convert more tabs to spaces in docs
src/meson.build: Store correct paths to fontconfig.pc.
Fix a typo in description for HAVE_STDATOMIC_PRIMITIVES
Report more detailed logs instead of assertion.
Add some missing constant names for weight.
Adujst indentation between programlisting in fontconfig-user.sgml
Bump version to 2.14.2
Clean up unused code
Add another test case for flatpak
Update 65-nonlatin.conf for macOS
Change the order of the properties to the order of fontconfig cache format
Add missing property descriptions
Add namedinstance property
Remove the problematic language from code and doc
Fix a typo
Fix a typo for FcCharSetDelChar doc
Fix a typo in scalable property
Use 'outline' instead of 'scalable' for bitmaps
Add more docs about selectfont
Rework CI implementation
Fix a typo
Rework CI implementation v2
Apply a fix of ci-templates
Fix uninitialized memory access when failing memory allocation.
Create a symlink with relative path
Fix an error of "initializer element is not constant"
Update CaseFolding.txt to Unicode 15.1
Update the encoding table for Simplified Chinese
Retry to decode strings in the name table as UTF-16BE in some cases.
Work around decoding strings in Macintosh encoding for the name table.
Add iconv detection for meson build
.gitlab-ci: Update
CI: Update
CI: static build only for rawhide
Use memmove instead of memcpy
Rename README to NEWS and add README.md
Update so version
Fix leak of `reason` in _FcConfigParse when not complaining
Ignore LC_CTYPE if set to "UTF-8"
Some doc clarifications
Add FC_FONT_WRAPPER
Detect standalone CFF fonts for FC_FONT_WRAPPER
Add anp.orth, bhb.orth, hif.orth, mag.orth, raj.orth, and the.orth
Add {agr,ayc,bem,ckb,cmn,dsb,hak,lij,lzh,mfe,mhr,miq,mjw,mnw,nan,nhn,niu,rif,sgs,shn,szl,tcy,tpi,unm,wae,yue,yuw}.orth
Change index type to 16 bit and bump cache version to 9
Expand ~ in glob
Add optional 11-lcdfilter-none configuration
Fix filepaths added when scanning with sysroot
Fix false-positive CFI failure
In fcfreetype.c, `GetScriptTags`: fix `use_of_uninitialized_value` and return the correct number of parsed tags in case the font file contains less tags than indicated.
meson: Support any compiler with gcc or msvc argument syntax
fix typo
Reload MM/VF metadata for each font face in font collection
fixed typos in fc-conflist.sgml
Add aliases for Helvetica LT Std
2.14.2
Fix the build issue on meson when -g option is added to c_args
Store artifacts for meson windows CI
Add FC_DESKTOP_NAME property
Add --with-default-sub-pixel-rendering option
Update po-conf/POTFILES.in
Ignore null pointer on Fc*Destroy functions
Convert tabs to spaces
Convert more tabs to spaces in docs
src/meson.build: Store correct paths to fontconfig.pc.
Fix a typo in description for HAVE_STDATOMIC_PRIMITIVES
Report more detailed logs instead of assertion.
Add some missing constant names for weight.
Adujst indentation between programlisting in fontconfig-user.sgml
meson: modify gperf test to remove sh dependency
meson: Update freetype2 git repository to upstream
Ignore LC_CTYPE if set to "UTF-8"
Expand ~ in glob
fix typo
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
