This could potentially create problems when we abuse these functions to
launch the DHCP client on IPTV interfaces. This would have to be tested
and confirmed or potentially we would need some more changes to keep
supporting that use-case, too.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This has been removed a long time ago and we should probably spend a
little bit more time on keeping the networking code tidy :)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
QMI is a proprietary interface from Qualcomm which are absolute pioneers
when it comes to interfacing with modems. I don't think there would be
any way to make this any more complicated and bloated.
So, bascially we will put the modem into a raw IP mode which changes the
interface into Point-to-Point mode.
We then configure the provider settings using qmicli. After that, the
modem will try to connect to the provider and obtain an IP address.
We will then start a DHCP client which does not do any DHCP-ing because
implementing that would be too complicated. Instead we do something even
*more* complicated where we would launch a custom script which asks the
modem for the allocated IP address and will configure it into the
device. The DHCP client then reads that IP address from the device and
pretends it came up with it by itself. Such an easy way to do this.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
On November 30, 2022, Mozilla decided to take the following
actions as a response to the concerns raised about the merits
of this root CA operator (excerpt taken from
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ):
> 1. Set "Distrust for TLS After Date" and "Distrust for S/MIME
> After Date" to November 30, 2022, for the 3 TrustCor root
> certificates (TrustCor RootCert CA-1, TrustCor ECA-1,
> TrustCor RootCert CA-2) that are currently included in
> Mozilla's root store.
>
> 2. Remove those root certificates from Mozilla's root store
> after the existing end-entity TLS certificates have expired.
As far as the latter is concerned, the offending certificates
have these expiry dates set:
- TrustCor RootCert CA-1: Mon, 31 Dec 2029 17:23:16 GMT
- TrustCor RootCert CA-2: Sun, 31 Dec 2034 17:26:39 GMT
- TrustCor ECA-1: Mon, 31 Dec 2029 17:28:07 GMT
The way IPFire 2 currently processes Mozilla's trust store
does not feature a way of incorporate a "Distrust for XYZ After
Date" attribute. This means that despite TrustCor Systems root
CAs are no longer trusted by browsers using Mozilla's trust
store, IPFire would still accept certificates directly or
indirectly issued by this CA until December 2029 or December 2034.
To protect IPFire users, this patch therefore suggests to
patch our copy of Mozilla's trust store in order to remove
TrustCor Systems' root CAs: The vast majority of HTTPS connections
established from an IPFire machine take place in a non-interactive
context, so there is no security benefit from a "Distrust After
Date" information. Instead, if we do not want IPFire installations
to trust this CA, we have no other option other than remove it
unilaterally from our copy of Mozilla's trust store.
See also: https://lists.ipfire.org/pipermail/development/2022-November/014681.html
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.12pre6 (2012) to 0.15.1 (July 2022)
- Update of rootfile
- Original elinks was last updated in 2012. In Jan 2020 a fork was made of the package
and has been maintained since then on an ongoing basis. This new fork is used by Arch
Linux
- elinks has not been an addon since CU141 but the lfs file was still in the addon format
This has been adjusted to make it in line with a core program
- The previous patches related to ssl have been removed as the fixes are now part of the
source tarball.
- Changelog
ELinks 0.15.1 Released on 2022-07-31
* about:config
* option --always-load-config #137
* compilation fixes on Windows #140
* added ui.background_char #142
* sample build scripts and docker files
* experimental DGI support
* DOS port based on links code
* configurable Accept-Header #143
* minor compilation fixes
ELinks 0.15.0 Released on 2021-12-24
* Serbian translation update
ELinks 0.15.0rc2 Released on 2021-12-19
* Serbian translation update
* HOME_ETC
ELinks 0.15.0rc1 Released on 2021-12-04
* removed -Wno-pointer-sign from CFLAGS
* close stdin before calling a background program (sgerwk)
and options related to it #108, #109, #110, #113
* gemini protocol and text/gemini mime type
* changed rendering of blockquote element
* avoid tmpfile in lua (sgerwk) #115, #118
* console.log in js (mtatton) #93
* localstorage (mtatton) #98
* options document.browse.search.beginning_only
document.browse.search.ignore_history
ui.double_esc
* ui.temperature.* to show temperature of CPU
* document.plain.fixup_tables
* enhanced ecmascript code. Added QuickJS
* Notes on ECMAScript:
requires C++ compiler, sqlite3, libxml++5 >= 5.0.1.GIT
and either mozjs78-dev or QuickJS-2021-03-27
Most sites don't work, some crash. Some workarounds were implemented:
a) ECMAScript is disabled by default
b) ~/.elinks/allow.txt and ~/.elinks/disallow.txt with url prefixes
c) Added toggle-ecmascript action. You can bind it to some key
* other small fixes
ELinks 0.14.3 Released on 2021-09-26
* Fix issue with negative value of cells #126
ELinks 0.14.2 Released on 2021-08-29
* crash in nttp #114
* XSS in gopher #125
ELinks 0.14.1 Released on 2021-05-30
* Disable spidermonkey by default #85
* Show error message about libgcrypt-config. #86
* off by two. #88
* Check NULL. #99
* fix error message when no previous search was performed #100
* alert when moving to the next match of a failed search #101
* include unistd.h and errno.h to define safe_read() #107
ELinks 0.14.0 Released on 2020-12-27
No changes since 0.14.0rc2.
ELinks 0.14.0rc2 Released on 2020-12-13
* ~/.elinks/allow.txt - list of allowed url prefixes for js
ELinks 0.14.0rc1 Released on 2020-12-06
* dblatex for pdf. PR #64
* fixes CTRL-Z. #65
* changes in mime handlers. PR #66
* fixes in data protocol. #67, #68, #71, #72, #73
* allow to wrap text in PRE. #69
* pass #fragment to external command. #75
* introduced "document.browse.search.reset". #76
* added meson as alternative build system
* in #77 I'm going to attach static binaries for released versions
* mozjs dependency updated to 52.*
Note that, to compile with javascript support you must compile by g++ with -fpermissive option.
There is a lot of warnings. Unfortunately JS often crashes. Without help from someone familiar
with SpiderMonkey, we won't go far.
As you might notice, I renamed repo to elinks.
Thanks to all involved in this release.
ELinks 0.13.5 Released on 2020-08-30
* added clipboard selection using keyboard. #59
* fixed drawing menus over emoji characters. #60
* encoding to utf-8 and decoding back in python's pre_format_html_hook
This is likely the last release of 0.13.x series.
ELinks 0.13.4: Released on 2020-07-31.
* fixed segfault with gnutls. introduced in 0.13.3
* updated smart and dumb prefixes to https. Thanks Guido Cella. PR #54
* added the st terminal to config options. PR #55
* doc updates PR #57
* also pass the uri as %u to external handler. Thanks sgerwk. PR #58
* added the ui.clipboard_file config option
ELinks 0.13.3: Released on 2020-06-29.
* configure option --with-luapkg=name
You can choose lua version at compilation time. For example: --with-luapkg=luajit
* config option connection.ssl.https_by_default (Thanks Guido Cella)
not enabled by default
* docs updates (Guido Cella)
* fixes related to ui.mouse_disable and xterm-like terminals (Thanks sgerwk)
* show an alert when the search string is not found (sgerwk)
ELinks 0.13.2: Released on 2020-05-31.
* command line option -remote search(...) (thanks sgerwk)
* command line option -bind-address
* config option ui.mouse_disable (sgerwk)
* config option ui.tostop
* config option ui.sessions.fork_on_start
* compatibility (compilability) with lua-5.2 and 5.3
* modified cookies code (not well tested)
ELinks 0.13.1: Released on 2020-01-31.
* Fixed issue with uploading files to local cgi.
* Python scripts in contrib converted to python3.
ELinks 0.13.0: Released on 2019-12-27.
Incompatibilities:
* The protocol.fsp.sort option has been removed. ELinks always sorts.
* bug 1024: Verify the host name or IP address in the server certificate
if connection.ssl.cert_verify is not 0.
Miscellaneous:
* The configure script is no longer part of tarball, you must generate it.
For example running ./autogen.sh
* major bug 181: Slave ELinks processes can now run an external editor.
This used to work in the master process only.
* major bug 722: Filter CSS according to media types. New option
document.css.media.
* bug 638: Propagate the existence of $DISPLAY from slave terminals to
mailcap test commands.
* bugs 762, 1082: Small memory leak in goto_current_link/goto_imgmap
* bug 963: New option document.css.ignore_display_none.
* bug 977: Fixed crash when opening in new tab a non link with onclick
attribute.
* bug 1008: File upload fields in HTML forms now stream the files to
the server, instead of reading them to memory in advance. This lets
you upload larger files. The downsides are that ELinks may use a
cached response even if you have modified a file between requests,
and that ELinks can send inconsistent data if you modify a file
while it is being uploaded.
* bug 1054: Don't abort downloads when closing the terminal from which
they were started. When such a download ends, display the message
in the most recently used terminal. If the user chooses
``Background and Notify'' via the download manager in some terminal,
reassociate the download with that terminal. These changes do not
apply to downloads to external handlers.
* Really retry forever when connection.retries = 0.
* enhancement: Session-specific options. Any options changed with
toggle-* actions no longer affect other tabs or other terminals.
* Do not crash when document.browse.minimum_refresh_time = 0 and
a document has a meta refresh with a delay of 0.
* Properly update link highlighting and status bar information when the
repeat prefix is changed.
* Handle SSL rehandshakes
* Fix compatibility with Ruby >= 1.9
* enhancement 15: Domain-specific options. Use set_domain in
elinks.conf to e.g. disable cookies for google.com. The option
manager window does not yet support this.
* enhancement 867: Use bracketed paste mode on xterm. This requires
xterm patch #228 or later configured with --enable-readline-mouse.
* enhancement 824: Experimental support for combining characters.
See features.conf for details.
* enhancement: Add a new entry Link Info under Link main menu.
* enhancement: Indicate backgrounded downloads using an unused led.
* enhancement: Display the number of ECMAScript interpreters that have
been allocated for documents in the Resources dialog.
* Fedora enhancement 346861: Add support for nss_compat_ossl library
(OpenSSL replacement).
* enhancement: ``elinks --dump'' uses box-drawing characters if supported
by the charset.
* enhancement 1070: Support 256 colors on fbterm-1.4.
* enhancement 1075: Scrolling the entire contents of dialog boxes.
Especially useful for multi-file BitTorrent downloads.
* Report if the Lua function edit_bookmark_dialog receives the wrong
number or types of arguments instead of silently failing.
* enhancement: Add ``Invalidate'' button to the cache manager.
* enhancement: Add ``Search contents'' button to the cache manager with
which one can search through the cache items' data rather than their
metadata.
* enhancement: Add rudimentary support for the HTML5 media elements,
<video> and <audio>.
* enhancement: Add move-half-page-up and move-half-page-down actions.
* enhancement: Add option to change overlap for vertical scrolling.
* enhancement: HTML meta refresh allows semicolons in URLs, and the
syntax is more like in Firefox.
* link against lua51 not lua50
* SpiderMonkey must be mozjs-17.0. This version is latest with C API.
Find it with pkg-config.
* using iconv for some multibyte charsets. It works if the terminal codepage
is UTF-8. More charsets will be added on demand.
* enhancement: support SSL client certificate
* python scripting is Python3 only
* brotli and zstd encodings
* possibility to make use of libevent instead of select for event loop
* terminfo queries for output (not input) as compilation option
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 7.0.0 to 7.1.0
- Update of rootfile not required
- Removal of qemu-7.0.0-fix-glibc-headers.patch as an alternative patch approach has been
implemeted into thye source tarball.
- Changelog is too large to include here. Details can be found at
https://wiki.qemu.org/ChangeLog/7.1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 7.10.0 to 8.9.0
- Update of rootfile
- Removal of sheepdog_storage option in ./configure as it has been removed from libvirt
- Removal of libvirt-7.10.0-fix-glibc-headers.patch as contents are now built in to source
tarball.
- Changelog is too large to include here. Details can be found in the NEWS.rst file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 7.84.0 to 7.86.0
- Update of rootfile
- curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this
is now built into the source tarball version
- Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES
file in the source tarballs.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.2.5 to 5.2.8
- Update of rootfile
- Remove xzgrep-ZDI-CAN-16587 patch as the contents are now integrated into the source
tarball and with an improved quicker method - see changelog below.
- Changelog
5.2.8 (2022-11-13)
* xz:
- If xz cannot remove an input file when it should, this
is now treated as a warning (exit status 2) instead of
an error (exit status 1). This matches GNU gzip and it
is more logical as at that point the output file has
already been successfully closed.
- Fix handling of .xz files with an unsupported check type.
Previously such printed a warning message but then xz
behaved as if an error had occurred (didn't decompress,
exit status 1). Now a warning is printed, decompression
is done anyway, and exit status is 2. This used to work
slightly before 5.0.0. In practice this bug matters only
if xz has been built with some check types disabled. As
instructed in PACKAGERS, such builds should be done in
special situations only.
- Fix "xz -dc --single-stream tests/files/good-0-empty.xz"
which failed with "Internal error (bug)". That is,
--single-stream was broken if the first .xz stream in
the input file didn't contain any uncompressed data.
- Fix displaying file sizes in the progress indicator when
working in passthru mode and there are multiple input files.
Just like "gzip -cdf", "xz -cdf" works like "cat" when the
input file isn't a supported compressed file format. In
this case the file size counters weren't reset between
files so with multiple input files the progress indicator
displayed an incorrect (too large) value.
* liblzma:
- API docs in lzma/container.h:
* Update the list of decoder flags in the decoder
function docs.
* Explain LZMA_CONCATENATED behavior with .lzma files
in lzma_auto_decoder() docs.
- OpenBSD: Use HW_NCPUONLINE to detect the number of
available hardware threads in lzma_physmem().
- Fix use of wrong macro to detect x86 SSE2 support.
__SSE2_MATH__ was used with GCC/Clang but the correct
one is __SSE2__. The first one means that SSE2 is used
for floating point math which is irrelevant here.
The affected SSE2 code isn't used on x86-64 so this affects
only 32-bit x86 builds that use -msse2 without -mfpmath=sse
(there is no runtime detection for SSE2). It improves LZMA
compression speed (not decompression).
- Fix the build with Intel C compiler 2021 (ICC, not ICX)
on Linux. It defines __GNUC__ to 10 but doesn't support
the __symver__ attribute introduced in GCC 10.
* Scripts: Ignore warnings from xz by using --quiet --no-warn.
This is needed if the input .xz files use an unsupported
check type.
* Translations:
- Updated Croatian and Turkish translations.
- One new translations wasn't included because it needed
technical fixes. It will be in upcoming 5.4.0. No new
translations will be added to the 5.2.x branch anymore.
- Renamed the French man page translation file from
fr_FR.po to fr.po and thus also its install directory
(like /usr/share/man/fr_FR -> .../fr).
- Man page translations for upcoming 5.4.0 are now handled
in the Translation Project.
* Update doc/faq.txt a little so it's less out-of-date.
5.2.7 (2022-09-30)
* liblzma:
- Made lzma_filters_copy() to never modify the destination
array if an error occurs. lzma_stream_encoder() and
lzma_stream_encoder_mt() already assumed this. Before this
change, if a tiny memory allocation in lzma_filters_copy()
failed it would lead to a crash (invalid free() or invalid
memory reads) in the cleanup paths of these two encoder
initialization functions.
- Added missing integer overflow check to lzma_index_append().
This affects xz --list and other applications that decode
the Index field from .xz files using lzma_index_decoder().
Normal decompression of .xz files doesn't call this code
and thus most applications using liblzma aren't affected
by this bug.
- Single-threaded .xz decoder (lzma_stream_decoder()): If
lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
to use lzma_memlimit_set() to increase the limit and continue
decoding. This was supposed to work from the beginning
but there was a bug. With other decoders (.lzma or
threaded .xz decoder) this already worked correctly.
- Fixed accumulation of integrity check type statistics in
lzma_index_cat(). This bug made lzma_index_checks() return
only the type of the integrity check of the last Stream
when multiple lzma_indexes were concatenated. Most
applications don't use these APIs but in xz it made
xz --list not list all check types from concatenated .xz
files. In xz --list --verbose only the per-file "Check:"
lines were affected and in xz --robot --list only the "file"
line was affected.
- Added ABI compatibility with executables that were linked
against liblzma in RHEL/CentOS 7 or other liblzma builds
that had copied the problematic patch from RHEL/CentOS 7
(xz-5.2.2-compat-libs.patch). For the details, see the
comment at the top of src/liblzma/validate_map.sh.
WARNING: This uses __symver__ attribute with GCC >= 10.
In other cases the traditional __asm__(".symver ...")
is used. Using link-time optimization (LTO, -flto) with
GCC versions older than 10 can silently result in
broken liblzma.so.5 (incorrect symbol versions)! If you
want to use -flto with GCC, you must use GCC >= 10.
LTO with Clang seems to work even with the traditional
__asm__(".symver ...") method.
* xzgrep: Fixed compatibility with old shells that break if
comments inside command substitutions have apostrophes (').
This problem was introduced in 5.2.6.
* Build systems:
- New #define in config.h: HAVE_SYMBOL_VERSIONS_LINUX
- Windows: Fixed liblzma.dll build with Visual Studio project
files. It broke in 5.2.6 due to a change that was made to
improve CMake support.
- Windows: Building liblzma with UNICODE defined should now
work.
- CMake files are now actually included in the release tarball.
They should have been in 5.2.5 already.
- Minor CMake fixes and improvements.
* Added a new translation: Turkish
5.2.6 (2022-08-12)
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files. Previously this required
using --force.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
- Visual Studio: Use non-standard _MSVC_LANG to detect C++
standard version in the lzma.h API header. It's used to
detect when "noexcept" can be used.
* xzgrep:
- Fixed arbitrary command injection via a malicious filename
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
this was released to the public on 2022-04-07. A slight
robustness improvement has been made since then and, if
using GNU or *BSD grep, a new faster method is now used
that doesn't use the old sed-based construct at all. This
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
when xzgrepping binary files.
This vulnerability was discovered by:
cleemy desu wayo working with Trend Micro Zero Day Initiative
- Fixed detection of corrupt .bz2 files.
- Improved error handling to fix exit status in some situations
and to fix handling of signals: in some situations a signal
didn't make xzgrep exit when it clearly should have. It's
possible that the signal handling still isn't quite perfect
but hopefully it's good enough.
- Documented exit statuses on the man page.
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
of the deprecated egrep and fgrep commands.
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
problem occurred when multiple options were specied in
a single argument, for example,
echo foo | xzgrep -Fe foo
treated foo as a filename because -Fe wasn't correctly
split into -F -e.
- Added zstd support.
* xzdiff/xzcmp:
- Fixed wrong exit status. Exit status could be 2 when the
correct value is 1.
- Documented on the man page that exit status of 2 is used
for decompression errors.
- Added zstd support.
* xzless:
- Fix less(1) version detection. It failed if the version number
from "less -V" contained a dot.
* Translations:
- Added new translations: Catalan, Croatian, Esperanto,
Korean, Portuguese, Romanian, Serbian, Spanish, Swedish,
and Ukrainian
- Updated the Brazilian Portuguese translation.
- Added French man page translation. This and the existing
German translation aren't complete anymore because the
English man pages got a few updates and the translators
weren't reached so that they could update their work.
* Build systems:
- Windows: Fix building of resource files when config.h isn't
used. CMake + Visual Studio can now build liblzma.dll.
- Various fixes to the CMake support. Building static or shared
liblzma should work fine in most cases. In contrast, building
the command line tools with CMake is still clearly incomplete
and experimental and should be used for testing only.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Patch required for successful building with readline-8.2
In readline 8.2 the type of rl_completer_word_break_characters changed to
include const.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.1 to 8.2 plus patch 1
- Update of rootfile
- Changelog
version 8.2
There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times out.
There is a new state value to indicate a timeout. There is a new option:
`enable-active-region'. This separates control of the active region and
bracketed-paste. It has the same default value as bracketed-paste, and
enabling bracketed paste enables the active region. Users can now turn off
the active region while leaving bracketed paste enabled. Two new bindable
string variables are available; their values are terminal escape sequences
that set the color used to display the active region and turn it off,
respectively. If set, these are used in place of terminal standout mode.
Finally, Readline now checks for changes to locale settings
(LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate
locale-specific display and key binding variables when the locale changes.
There are a few bug fixes in the redisplay code when restoring the prompt
after a digit-argument prompt or incremental search back to a prompt that
contains invisible multibyte characters. There are more checks for read
errors, especially in the middle of readline commands; previous versions
could loop or return incorrect data. Full details are below.
GNU Readline is a library which provides programs with an input
facility including command-line editing and history. Editing
commands similar to both emacs and vi are included. The GNU
History library, which provides facilities for managing a list of
previously-typed command lines and an interactive command line
recall facility similar to that provided by csh, is also present.
The history library is built as part of the readline as well as
separately.
1. Changes to Readline
a. Fixed a problem with cleaning up active marks when using callback mode.
b. Fixed a problem with arithmetic comparison operators checking the version.
c. Fixed a problem that could cause readline not to build on systems without
POSIX signal functions.
d. Fixed a bug that could cause readline to crash if the application removed
the callback line handler before readline read all typeahead.
e. Added additional checks for read errors in the middle of readline commands.
f. Fixed a redisplay problem that occurred when switching from the digit-
argument prompt `(arg: N)' back to the regular prompt and the regular
prompt contained invisible characters.
g. Fixed a problem with restoring the prompt when aborting an incremental
search.
h. Fix a problem with characters > 128 not being displayed correctly in certain
single-byte encodings.
i. Fixed a problem with unix-filename-rubout that caused it to delete too much
when applied to a pathname consisting only of one or more slashes.
j. Fixed a display problem that caused the prompt to be wrapped incorrectly if
the screen changed dimensions during a call to readline() and the prompt
became longer than the screen width.
k. Fixed a problem that caused the \r output by turning off bracketed paste
to overwrite the line if terminal echo was disabled.
l. Fixed a bug that could cause colored-completion-prefix to not display if
completion-prefix-display-length was set.
m. Fixed a problem with line wrapping prompts when a group of invisible
characters runs to the right edge of the screen and the prompt extends
longer then the screen width.
n. Fixed a couple problems that could cause rl_end to be set incorrectly by
transpose-words.
o. Prevent some display problems when running a command as the result of a
trap or one bound using `bind -x' and the command generates output.
p. Fixed an issue with multi-line prompt strings that have one or more
invisible characters at the end of a physical line.
q. Fixed an issue that caused a history line's undo list to be cleared when
it should not have been.
r. When replacing a history entry, make sure the existing entry has a non-NULL
timestamp before copying it; it may have been added by the application, not
the history library.
2. New Features in Readline
a. There is now an HS_HISTORY_VERSION containing the version number of the
history library for applications to use.
b. History expansion better understands multiple history expansions that may
contain strings that would ordinarily inhibit history expansion (e.g.,
`abc!$!$').
c. There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times
out. There is a new state value to indicate a timeout.
d. Automatically bind termcap key sequences for page-up and page-down to
history-search-backward and history-search-forward, respectively.
e. There is a new `fetch-history' bindable command that retrieves the history
entry corresponding to its numeric argument. Negative arguments count back
from the end of the history.
f. `vi-undo' is now a bindable command.
g. There is a new option: `enable-active-region'. This separates control of
the active region and bracketed-paste. It has the same default value as
bracketed-paste, and enabling bracketed paste enables the active region.
Users can now turn off the active region while leaving bracketed paste
enabled.
h. rl_completer_word_break_characters is now `const char *' like
rl_basic_word_break_characters.
i. Readline looks in $LS_COLORS for a custom filename extension
(*.readline-colored-completion-prefix) and uses that as the default color
for the common prefix displayed when `colored-completion-prefix' is set.
j. Two new bindable string variables: active-region-start-color and
active-region-end-color. The first sets the color used to display the
active region; the second turns it off. If set, these are used in place
of terminal standout mode.
k. New readline state (RL_STATE_EOF) and application-visible variable
(rl_eof_found) to allow applications to detect when readline reads EOF
before calling the deprep-terminal hook.
l. There is a new configuration option: --with-shared-termcap-library, which
forces linking the shared readline library with the shared termcap (or
curses/ncurses/termlib) library so applications don't have to do it.
m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG)
each time it is called, and modifies the appropriate locale-specific display
and key binding variables when the locale changes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.1.16 to version 5.2 plus patches 1 to 9
- Update of rootfile
- Changelog
This is a terse description of the new features added to bash-5.2 since
the release of bash-5.1. As always, the manual page (doc/bash.1) is
the place to look for complete descriptions.
1. New Features in Bash
a. The bash malloc returns memory that is aligned on 16-byte boundaries.
b. There is a new internal timer framework used for read builtin timeouts.
c. Rewrote the command substitution parsing code to call the parser recursively
and rebuild the command string from the parsed command. This allows better
syntax checking and catches errors much earlier. Along with this, if
command substitution parsing completes with here-documents remaining to be
read, the shell prints a warning message and reads the here-document bodies
from the current input stream.
d. The `ulimit' builtin now treats an operand remaining after all of the options
and arguments are parsed as an argument to the last command specified by
an option. This is for POSIX compatibility.
e. Here-document parsing now handles $'...' and $"..." quoting when reading the
here-document body.
f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline
commands now understand $'...' and $"..." quoting.
g. There is a new `spell-correct-word' bindable readline command to perform
spelling correction on the current word.
h. The `unset' builtin now attempts to treat arguments as array subscripts
without parsing or expanding the subscript, even when `assoc_expand_once'
is not set.
i. There is a default value for $BASH_LOADABLES_PATH in config-top.h.
j. Associative array assignment and certain instances of referencing (e.g.,
`test -v' now allow `@' and `*' to be used as keys.
k. Bash attempts to expand indexed array subscripts only once when executing
shell constructs and word expansions.
l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with
that value for associative arrays instead of unsetting the entire array
(which you can still do with `unset arrayname'). For indexed arrays, it
removes all elements of the array without unsetting it (like `A=()').
m. Additional builtins (printf/test/read/wait) do a better job of not
parsing array subscripts if array_expand_once is set.
n. New READLINE_ARGUMENT variable set to numeric argument for readline commands
defined using `bind -x'.
o. The new `varredir_close' shell option causes bash to automatically close
file descriptors opened with {var}<fn and other styles of varassign
redirection unless they're arguments to the `exec' builtin.
p. The `$0' special parameter is now set to the name of the script when running
any (non-interactive) startup files such as $BASH_ENV.
q. The `enable' builtin tries to load a loadable builtin using the default
search path if `enable name' (without any options) attempts to enable a
non-existent builtin.
r. The `printf' builtin has a new format specifier: %Q. This acts like %q but
applies any specified precision to the original unquoted argument, then
quotes and outputs the result.
s. The new `noexpand_translations' option controls whether or not the translated
output of $"..." is single-quoted.
t. There is a new parameter transformation operator: @k. This is like @K, but
expands the result to separate words after word splitting.
u. There is an alternate array implementation, selectable at `configure' time,
that optimizes access speed over memory use (use the new configure
--enable-alt-array-implementation option).
v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty
string, treat the redirection as [N]<&- or [N]>&- and close file descriptor
N (default 0).
w. Invalid parameter transformation operators are now invalid word expansions,
and so cause fatal errors in non-interactive shells.
x. New shell option: patsub_replacement. When enabled, a `&' in the replacement
string of the pattern substitution expansion is replaced by the portion of
the string that matched the pattern. Backslash will escape the `&' and
insert a literal `&'.
y. `command -p' no longer looks in the hash table for the specified command.
z. The new `--enable-translatable-strings' option to `configure' allows $"..."
support to be compiled in or out.
aa. The new `globskipdots' shell option forces pathname expansion never to
return `.' or `..' unless explicitly matched. It is enabled by default.
bb. Array references using `@' and `*' that are the value of nameref variables
(declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if
set -u is enabled and the array (v) is unset.
cc. There is a new bindable readline command name:
`vi-edit-and-execute-command'.
dd. In posix mode, the `printf' builtin checks for the `L' length modifier and
uses long double for floating point conversion specifiers if it's present,
double otherwise.
ee. The `globbing' completion code now takes the `globstar' option into account.
ff. `suspend -f' now forces the shell to suspend even if job control is not
currently enabled.
gg. Since there is no `declare -' equivalent of `local -', make sure to use
`local -' in the output of `local -p'.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Install of version 0.1.51
- Definition of rootfile
- Creation of metadata patch to eliminate windows options
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.4.19 to 0.4.22
- Update of rootfile
- Update of metadata patch as more windows related entries in Cargo.toml to be excluded
- Changelog
## 0.4.22
* Allow wasmbindgen to be optional on `wasm32-unknown-unknown` target [(#771)](https://github.com/chronotope/chrono/pull/771)
* Fix compile error for `x86_64-fortanix-unknown-sgx` [(#767)](https://github.com/chronotope/chrono/pull/767)
* Update `iana-time-zone` version to 1.44 [(#773)](https://github.com/chronotope/chrono/pull/773)
## 0.4.21
* Fall back to UTC timezone in cases where no timezone is found [(#756)](https://github.com/chronotope/chrono/pull/756)
* Correctly detect timezone on Android [(#756)](https://github.com/chronotope/chrono/pull/756)
* Improve documentation for strftime `%Y` specifier [(#760)](https://github.com/chronotope/chrono/pull/760)
## 0.4.20
* Add more formatting documentation and examples.
* Add support for microseconds timestamps serde serialization/deserialization (#304)
* Fix `DurationRound` is not TZ aware (#495)
* Implement `DurationRound` for `NaiveDateTime`
* Implement `std::iter::Sum` for `Duration`
* Add `DateTime::from_local()` to construct from given local date and time (#572)
* Add a function that calculates the number of years elapsed between now and a given `Date` or `DateTime` (#557)
* Correct build for wasm32-unknown-emscripten target (#568)
* Change `Local::now()` and `Utc::now()` documentation from "current date" to "current date and time" (#647)
* Fix `duration_round` panic on rounding by `Duration::zero()` (#658)
* Add optional rkyv support.
* Add support for microseconds timestamps serde serialization for `NaiveDateTime`.
* Add support for optional timestamps serde serialization for `NaiveDateTime`.
* Fix build for wasm32-unknown-emscripten (@yu-re-ka #593)
* Make `ParseErrorKind` public and available through `ParseError::kind()` (#588)
* Implement `DoubleEndedIterator` for `NaiveDateDaysIterator` and `NaiveDateWeeksIterator`
* Fix panicking when parsing a `DateTime` (@botahamec)
* Add support for getting week bounds based on a specific `NaiveDate` and a `Weekday` (#666)
* Remove libc dependency from Cargo.toml.
* Add the `and_local_timezone` method to `NaiveDateTime`
* Fix the behavior of `Duration::abs()` for negative durations with non-zero nanos
* Add compatibility with rfc2822 comments (#733)
* Make `js-sys` and `wasm-bindgen` enabled by default when target is `wasm32-unknown-unknown` for ease of API discovery
* Add the `Months` struct and associated `Add` and `Sub` impls
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.2.12 to 1.2.13
- Update of rootfile
- Patches for CVE-2022-37434 removed as they are now integarted in the source tarball
- Changelog
Changes in 1.2.13 (13 Oct 2022)
- Fix configure issue that discarded provided CC definition
- Correct incorrect inputs provided to the CRC functions
- Repair prototypes and exporting of new CRC functions
- Fix inflateBack to detect invalid input with distances too far
- Have infback() deliver all of the available output up to any error
- Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37434)
- Fix bug in block type selection when Z_FIXED used
- Tighten deflateBound bounds
- Remove deleted assembler code references
- Various portability and appearance improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
* Addonctrl will now check in addon metadata for the exact initscript
names (Services). If more than one initscript is defined for an addon,
the requested action will be performed on all listed initscripts.
* Added posibility to perform action on a specific initscript of an
addon instead of on all initscripts of the addon.
* New action 'list-services' to display a list of services related to
an addon.
* New action 'boot-status' to display wether service(s) are enabled
to start on boot or not.
* More error checking and cleaner error reporting to user
* General cleanup and code restructuring to avoid code duplication
* Updated and made usage instructions more verbose.
Fixes: Bug#12935
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
If the CRL is outdated for some reason (e.g. a backup restored from ISO
where we don't run the migration scripts), this will update it on
reboot/restart of the service.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For reasons I have not been able to determine, the RTC
module for the Ten64 board (rtc-rx8025) is not automatically
loaded at startup, despite every other relevant modules being
loaded.
modprobe it manually if we are on a Ten64 board.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
These two patches are needed to support SFP's on NXP DPAA2 platforms
(e.g Traverse Ten64).
The deadlock issue patch was submitted upstream a while ago and
rejected, however I am not aware of any better solutions at present.
The 10G mode additions are part of mainline since 5.16.
These two .patches were sourced from our patchset over here:
https://gitlab.com/traversetech/traverse-kernel-patches/-/tree/lts-5-15/patches
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.2.4 plus CVE-2022-29154 patch to 3.2.6
- Patch for CVE-2022-29154 applied in CU170 turned out to have a bug within it causing
rsync to fail with an error. Four additional commits were done to fix this bug and
its consequences but these were all applied in the rsync git repo after the patch had
been merged into CU170.
- Version 3.2.5 onwards contains the CVE-2022-29154 fix and associated commits.
- No update of rootfile required.
- Changelog
NEWS for rsync 3.2.6 (9 Sep 2022)
BUG FIXES:
More path-cleaning improvements in the file-list validation code to avoid
rejecting of valid args.
A file-list validation fix for a --files-from file that ends without a
line-terminating character.
Added a safety check that prevents the sender from removing destination
files when a local copy using --remove-source-files has some files that are
shared between the sending & receiving hierarchies, including the case
where the source dir & destination dir are identical.
Fixed a bug in the internal MD4 checksum code that could cause the digest to
be sporadically incorrect (the openssl version was/is fine).
A minor tweak to rrsync added "copy-devices" to the list of known args, but
left it disabled by default.
ENHANCEMENTS:
Rename --protect-args to --secluded-args to make it clearer how it differs
from the default backslash-escaped arg-protecting behavior of rsync. The
old option names are still accepted. The environment-variable override did
not change its name.
PACKAGING RELATED:
The configure option --with-protected-args was renamed to
--with-secluded-args. This option makes --secluded-args the default rsync
behavior instead of using backslash escaping for protecting args.
The mkgitver script now makes sure that a .git dir/file is in the top-level
source dir before calling git describe. It also runs a basic check on the
version value. This should avoid using an unrelated git description for
rsync's version.
DEVELOPER RELATED:
The configure script no longer sets the -pedantic-errors CFLAG (which it
used to try to do only for gcc).
The name_num_obj struct was modified to allow its dynamic name_num_item list
to be initialized in a better way.
NEWS for rsync 3.2.5 (14 Aug 2022)
SECURITY FIXES:
Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include
recursive names that should have been excluded by the sender. These extra
safety checks only require the receiver rsync to be updated. When dealing
with an untrusted sending host, it is safest to copy into a dedicated
destination directory for the remote content (i.e. don't copy into a
destination directory that contains files that aren't from the remote host
unless you trust the remote host). Fixes CVE-2022-29154.
A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
BUG FIXES:
Fixed the handling of filenames specified with backslash-quoted wildcards
when the default remote-arg-escaping is enabled.
Fixed the configure check for signed char that was causing a host that
defaults to unsigned characters to generate bogus rolling checksums. This
made rsync send mostly literal data for a copy instead of finding matching
data in the receiver's basis file (for a file that contains high-bit
characters).
Lots of manpage improvements, including an attempt to better describe how
include/exclude filters work.
If rsync is compiled with an xxhash 0.8 library and then moved to a system
with a dynamically linked xxhash 0.7 library, we now detect this and
disable the XX3 hashes (since these routines didn't stabilize until 0.8).
ENHANCEMENTS:
The --trust-sender option was added as a way to bypass the extra file-list
safety checking (should that be required).
PACKAGING RELATED:
A note to those wanting to patch older rsync versions: the changes in this
release requires the quoted argument change from 3.2.4. Then, you'll want
every single code change from 3.2.5 since there is no fluff in this release.
The build date that goes into the manpages is now based on the developer's
release date, not on the build's local-timezone interpretation of the date.
DEVELOPER RELATED:
Configure now defaults GETGROUPS_T to gid_t when cross compiling.
Configure now looks for the bsd/string.h include file in order to fix the
build on a host that has strlcpy() in the main libc but not defined in the
main string.h file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Changelog:
"6.0.8 -- 2022-09-27
Task #5552: libhtp 0.5.41
6.0.7 -- 2022-09-27
Security #5430: mqtt: DOS by quadratic with too many transactions in one parse (6.0.x backport)
Bug #5559: BUG_ON triggered from TmThreadsInjectFlowById (6.0.x backport)
Bug #5549: Failed assert DeStateSearchState (6.0.x)
Bug #5548: tcp: assertion failed in DoInsertSegment (BUG_ON) (6.0.x)
Bug #5547: rules: less strict parsing of unexpected flowbit options
Bug #5546: rules: don't error on bad hex in content
Bug #5540: detect: transform strip whitespace creates a 0-sized variable-length array: backport6
Bug #5505: http2: slow http2_frames_get_header_value_vec because of allocation [backport6]
Bug #5471: Reject action is no longer working (6.0.x backport)
Bug #5467: rules: more graceful handling of anomalies for stable versions
Bug #5459: Counters are not initialized in all places. (6.0.x backport)
Bug #5448: nfs: add maximum number of operations per compound (6.0.x backport)
Bug #5436: Infinite loop if the sniffing interface temporarily goes down (6.0.x backports)
Bug #5335: flow: vlan.use-for-tracking is not used for ICMPv4 (6.0.x backport)
Bug #4421: flow manager: using too much CPU during idle (6.0.x backport)
Feature #5535: ips: add "reject" action to exception policies (6.0.x backport)
Feature #5500: ips: midstream: add "exception policy" for midstream (6.0.x backport)
Task #5551: doc: add exception policy documentation (6.0.x)
Task #5533: detect/parse: add tests for parsing signatures with reject and drop action (6.0.x backport)
Task #5525: exceptions: error out when invalid configuration value is passed (6.0.x backport)
Task #5381: add `alert-queue-expand-fails` command-line option (6.0.x backport)
Task #5328: python: distutils deprecation warning (6.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 37 to 38
- Update of rootfile
- mandoc is now a build dependency for efivar
- Old compile fixes patches are no longer required with version 38
- Details for lfs build of version 38 obtained from Beyond Linux From Scratch
- Changelog
bug fixes
Rework some makefile bits to make overriding some options simpler. by @vathpela in #140
Handle /sys/devices/virtual/{nvme-fabrics,nvme-subsystem} devices by @vathpela in #139
guids.S: Include <cet.h> when CET is enabled by @hjl-tools in #149
Fix /sys/block sysfs parsing for eMMC-s by @jwrdegoede in #150
Properly check mmap return error by @hannob in #152
Fix s{yt,ty}le typo in efi_get_variable(3) by @nabijaczleweli in #162
Handle NULL set_variable() by @lcp in #159
Fix parsing for nvme-subsystem devices by @dannf in #158
Attempt to fix the identified thread safety bugs by @vathpela in #155
Make thread-test depend on libefivar.so by @hjl-tools in #176
Upstream a local patch from rawhide by @frozencemetery in #177
Fix conversion from UTF8 to UCS2 by @freedge in #171
efivar: make docs match current code for 'efivar -A' by @vathpela in #178
Migrate CI to Github actions by @frozencemetery in #179
Add code of conduct by @frozencemetery in #180
Misc minor fixes by @vathpela in #182
Add efi_time_t declarations and helper functions. by @vathpela in #183
More misc fixes by @vathpela in #185
Run CI on more targets by @vathpela in #187
Coverity fixes 20211208 by @vathpela in #189
CI: run abicheck by @frozencemetery in #190
Fix linux virtual root device parsing by @vathpela in #188
efivar.spec.in: fix license to be valid SPDX by @frozencemetery in #192
Add efisecdb tooling by @vathpela in #184
Fix linker string comparison for dash by @frozencemetery in #194
Full changelog diff between version 37 and 38 is available in github repo
https://github.com/rhboot/efivar/compare/37...38
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
