- Update from version 1.1.1n to 1.1.1o
- Update of rootfile not required
- This patch is to go into CU168 as this update is for fixing a moderate severity CVE
- Changelog
1.1.1o [3 May 2022]
(CVE-2022-1292)
Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 0.33 to 0.34
- Combined this patch with update to mpd as mpc depends on mpd
- Changelog
0.34 (2021/11/30)
* add commands "albumart", "readpicture"
* don't print status after error
* custom status format
* support grouping "list" results
* meson: auto-build libmpdclient if not available
* require libmpdclient 2.16 or newer
* require MPD 0.21 or newer
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.22.6 to 0.23.6
- Update of rootfile not required
- Since version 0.23 there is a new build time dependency for libfmt so a separate
patch has been created to add fmt to the system but only for build
- Changelog
ver 0.23.6 (2022/03/14)
* protocol
- support filename "cover.webp" for "albumart" command
- support "readcomments" and "readpicture" on CUE tracks
* decoder
- ffmpeg: fix end-of-file check (update stuck at empty files)
- opus: fix "readpicture" on Opus files
* output
- pipewire: fix crash bug if setting volume before playback starts
- wasapi: fix resume after pause
ver 0.23.5 (2021/12/01)
* protocol
- support relative offsets for "searchadd"
- fix "searchaddpl" bug (bogus error "Bad position")
* database
- upnp: fix crash bug
* tags
- fix MixRamp support
* migrate to PCRE2
* GCC 12 build fixes
ver 0.23.4 (2021/11/11)
* protocol
- add optional position parameter to "searchaddpl"
* decoder
- ffmpeg: support libavcodec 59
* output
- alsa: add option "thesycon_dsd_workaround" to work around device bug
* fix crash on debug builds if startup fails
* systemd
- remove "RuntimeDirectory" directive because it caused problems
- ignore the "pid_file" setting if started as systemd service
* Windows
- enable the "openmpt" decoder plugin
ver 0.23.3 (2021/10/31)
* protocol
- add optional position parameter to "add" and "playlistadd"
- allow range in "playlistdelete"
* database
- fix scanning files with question mark in the name
- inotify: fix use-after-free bug
* output
- alsa: add option "stop_dsd_silence" to work around DSD DAC noise
* macOS: fix libfmt related build failure
* systemd: add "RuntimeDirectory" directive
ver 0.23.2 (2021/10/22)
* protocol
- fix "albumart" timeout bug
* input
- nfs: fix playback bug
* output
- pipewire: send artist and title to PipeWire
- pipewire: DSD support
* neighbor
- mention failed plugin name in error message
* player
- fix cross-fade regression
* fix crash with libfmt versions older than 7
ver 0.23.1 (2021/10/19)
* protocol
- use decimal notation instead of scientific notation
- "load" supports relative positions
* output
- emit "mixer" idle event when replay gain changes volume
- pipewire: emit "mixer" idle events on external volume change
- pipewire: attempt to change the graph sample rate
- snapcast: fix time stamp bug which caused "Failed to get chunk"
* fix libfmt linker problems
* fix broken password authentication
ver 0.23 (2021/10/14)
* protocol
- new command "getvol"
- show the audio format in "playlistinfo"
- support "listfiles" with arbitrary storage plugins
- support relative positions in "addid"
- fix relative positions in "move" and "moveid"
- add "position" parameter to "findadd" and "searchadd"
- add position parameter to "load"
* database
- proxy: require MPD 0.20 or later
- proxy: require libmpdclient 2.11 or later
- proxy: split search into chunks to avoid exceeding the output buffer
- simple: add option to hide CUE target songs
- upnp: support libnpupnp instead of libupnp
* archive
- zzip, iso9660: ignore file names which are invalid UTF-8
* decoder
- openmpt: new plugin
- wavpack: fix WVC file support
* player
- do not cross-fade songs shorter than 20 seconds
* output
- oss: support DSD over PCM
- pipewire: new plugin
- snapcast: new plugin
* tags
- new tags "ComposerSort", "Ensemble", "Movement", "MovementNumber", and "Location"
* split permission "player" from "control"
* add option "host_permissions"
* new build-time dependency: libfmt
ver 0.22.11 (2021/08/24)
* protocol
- fix "albumart" crash
* filter
- ffmpeg: pass "channel_layout" instead of "channels" to buffersrc
- ffmpeg: fix "av_buffersink_get_frame() failed: Resource temporarily unavailable"
- ffmpeg: support double-precision samples (by converting to single precision)
* Android
- build with NDK r23
- playlist_directory defaults to "/sdcard/Android/data/org.musicpd/files/playlists"
ver 0.22.10 (2021/08/06)
* protocol
- support "albumart" for virtual tracks in CUE sheets
* database
- simple: fix crash bug
- simple: fix absolute paths in CUE "as_directory" entries
- simple: prune CUE entries from database for non-existent songs
* input
- curl: fix crash bug after stream with Icy metadata was closed by peer
- tidal: remove defunct unmaintained plugin
* tags
- fix crash caused by bug in TagBuilder and a few potential reference leaks
* output
- httpd: fix missing tag after seeking into a new song
- oss: fix channel order of multi-channel files
* mixer
- alsa: fix yet more rounding errors
ver 0.22.9 (2021/06/23)
* database
- simple: load all .mpdignore files of all parent directories
* tags
- fix "readcomments" and "readpicture" on remote files with ID3 tags
* decoder
- ffmpeg: support the tags "sort_album", "album-sort", "artist-sort"
- ffmpeg: fix build failure with FFmpeg 3.4
* Android
- fix auto-start on boot in Android 8 or later
* Windows
- fix build failure with SQLite
ver 0.22.8 (2021/05/22)
* fix crash bug in "albumart" command (0.22.7 regression)
ver 0.22.7 (2021/05/19)
* protocol
- don't use glibc extension to parse time stamps
- optimize the "albumart" command
* input
- curl: send user/password in the first request, save one roundtrip
* decoder
- ffmpeg: fix build problem with FFmpeg 3.4
- gme: support RSN files
* storage
- curl: don't use glibc extension
* database
- simple: fix database corruption bug
* output
- fix crash when pausing with multiple partitions
- jack: enable on Windows
- httpd: send header "Access-Control-Allow-Origin: *"
- wasapi: add algorithm for finding usable audio format
- wasapi: use default device only if none was configured
- wasapi: add DoP support
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Added mpfr consolidated patches file to mpfr in gcc. mpfr is built internally for use
in the toolchain.
- Confirmed working by running./make toolchain which ran successfully
confirmed from the _build.toolchain.log file that the patches were successfully
implemented for gcc pass 1, gcc pass L and gcc pass 2
- Full toolchain build successfully completed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Lynis (rightly) complains about this directory and its contents being
world-readable on current IPFire installations. Since there is no
necessity for this, we might as well chmod them to 750 / 640.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 4.15.0.1 to 4.16.0.3
- Update of rootfile
- Changelog
v4.16.0.3 - Release date: 2022-04-21
Rebased with official coreboot repository commit 2c4b426557
See: https://github.com/pcengines/coreboot/compare/v4.16.0.2...v4.16.0.3
v4.16.0.2 - Release date: 2022-03-29
Rebased with official coreboot repository commit 66f99f7fa7
See: https://github.com/pcengines/coreboot/compare/v4.16.0.1...v4.16.0.2
v4.16.0.1 - Release date: 2022-03-08
Rebased with official coreboot repository commit b4ba289fa5
Disabled loglevel prefixes introduced in coreboot 4.16
Disabled ANSI escape sequences introduced in coreboot 4.16
Fixed AMD PSP CCP as entropy source
v4.15.0.3 - Release date: 2022-02-16
Rebased with official coreboot repository commit 36425312ee
Added checking hardware matrix before regression tests
Fixed the hard disk not visible in the Seabios Boot Menu
v4.15.0.2 - Release date: 2022-01-11
rebased with official coreboot repository commit 3990da0b
disabled SMM
enabled parallel AP initialization for apu2-6 for faster boot time
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
The strict mode, as specified in RFC 3704, section 2.2, causes packets
to be dropped by the kernel if they arrive with a source IP address that
is not expected on the interface they arrived in. This prevents internal
spoofing attacks, and is considered best practice among the industry.
After a discussion with Michael, we reached the conclusion that
permitting users to configure the operating mode of RPF in IPFire causes
more harm than good. The scenarios where strict RPF is not usable are
negligible, and the vast majority of IPFire's userbase won't even
notice a difference.
This supersedes <495b4ca2-5a4b-2ffa-8306-38f152889582@ipfire.org>.
Suggested-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
and a restore on install / update
The include file that was added in a previous commit allowed to manually
create a backup, but none was created when the addon was installed,
uninstalled or updated.
Signed-off-by: Daniel Weismueller <daniel.weismueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
- CVE-2022-26505 A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1
allows a remote web server to exfiltrate media files. CVE created on 6th March 2022
- minidlna have created the patches to fix CVE-2022-26505 and have created a git tag for
version 1.3.1 but have not provided any 1.3.1 source tarballs. A ticket was raised on
14th March 2022 in the source forge support system asking to "Please publish a tarball
for 1.3.1" but there was no reply from the developer so far.
- In the NIST National Vulnerability Database it refers to a fix implemented in 1.3.1 but
the link to the sourceforge page is only the patches applied for the fix
- I used those diff descriptions to create a patch to implement on the existing 1.3.0
version in IPFire and this patch submission applies that fix
- Incremented the lfs PAK_VER
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.34 (2006) to 5.13 (2021)
- Update of rootfile
- Changelog is too long to include here (~50000 lines)
Details for version 5.13 can be found in the file Changes in the source tarball
Details for version back to 2.34 can be found in the file Changes.old in the
source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.4.3 (2005) to 2.10.2 (2022)
- Update of rootfile
- Addition of libpipeline as a build dependency - separate patch for that.
- Changelog is too long to include here (~14000 lines)
Details back to 2013 can be found in the file ChangeLog in the source tarball
Details from 2013 back to version 2.4.3 can be found in the file ChangeLog-2013 in the
source tarball
90 bug fixes listed in ChangeLog
128 bug fixes listed in Changelog-2013 back to the version after 2.4.3
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 20220207 to 20220414
- Update of rootfile not required
- Changelog
Add new iana release 20220414
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 7.82.0 to 7.83.0
- Update of rootfile
- Changelog
7.83.0
Changes:
o curl: add %header{name} experimental support in -w handling
o curl: add %{header_json} experimental support in -w handling
o curl: add --no-clobber [28]
o curl: add --remove-on-error [11]
o header api: add curl_easy_header and curl_easy_nextheader [56]
o msh3: add support for QUIC and HTTP/3 using msh3 [84]
Bugfixes:
o appveyor: add Cygwin build [77]
o appveyor: only add MSYS2 to PATH where required [78]
o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27]
o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26]
o BINDINGS.md: add Hollywood binding [34]
o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42]
o CI: install Python package impacket to run SMB test 1451 [5]
o configure.ac: move -pthread CFLAGS setting back where it used to be [14]
o configure: bump the copyright year range int the generated output
o conncache: include the zone id in the "bundle" hashkey [112]
o connecache: remove duplicate connc->closure_handle check [90]
o connect: make Curl_getconnectinfo work with conn cache from share handle [22]
o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6]
o cookie.d: clarify when cookies are sent
o cookies: improve errorhandling for reading cookiefile [123]
o curl/system.h: update ifdef condition for MCST-LCC compiler [4]
o curl: error out if -T and -d are used for the same URL [99]
o curl: error out when options need features not present in libcurl [18]
o curl: escape '?' in generated --libcurl code [117]
o curl: fix segmentation fault for empty output file names. [60]
o curl_easy_header: fix typos in documentation [74]
o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126]
o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105]
o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79]
o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63]
o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127]
o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9]
o docs/HYPER.md: updated to reflect current hyper build needs
o docs/opts: Mention Schannel client cert type is P12 [50]
o docs: Fix missing semicolon in example code [102]
o docs: lots of minor language polish [51]
o English: use American spelling consistently [95]
o fail.d: tweak the description [101]
o firefox-db2pem.sh: make the shell script safer [47]
o ftp: fix error message for partial file upload [61]
o gen.pl: change wording for mutexed options [98]
o GHA: add openssl3 jobs moved over from zuul [88]
o GHA: build hyper with nightly rustc [7]
o GHA: move bearssl jobs over from zuul [85]
o gha: move the event-based test over from Zuul [59]
o gtls: fix build for disabled TLS-SRP [48]
o http2: handle DONE called for the paused stream [69]
o http2: RST the stream if we stop it on our own will [67]
o http: avoid auth/cookie on redirects same host diff port [110]
o http: close the stream (not connection) on time condition abort [68]
o http: reject header contents with nul bytes [41]
o http: return error on colon-less HTTP headers [31]
o http: streamclose "already downloaded" [57]
o hyper: fix status_line() return code [13]
o hyper: fix tests 580 and 581 for hyper [107]
o hyper: no h2c support [33]
o infof: consistent capitalization of warning messages [103]
o ipv4/6.d: clarify that they are about using IP addresses [3]
o json.d: fix typo (overriden -> overridden) [24]
o keepalive-time.d: It takes many probes to detect brokenness [29]
o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45]
o lib670: avoid double check result [71]
o lib: #ifdef on USE_HTTP2 better [65]
o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38]
o lib: remove exclamation marks [100]
o libssh2: compare sha256 strings case sensitively [114]
o libssh2: make the md5 comparison fail if wrong length [111]
o libssh: fix build with old libssh versions [12]
o libssh: fix double close [124]
o libssh: Improve fix for missing SSH_S_ stat macros [10]
o libssh: unstick SFTP transfers when done event-based [58]
o macos: set .plist version in autoconf [122]
o mbedtls: remove 'protocols' array from backend when ALPN is not used [66]
o mbedtls: remove server_fd from backend [91]
o mk-ca-bundle.pl: Use stricter logic to process the certificates [39]
o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8]
o mlc_config.json: add file to ignore known troublesome URLs [35]
o mqtt: better handling of TCP disconnect mid-message [55]
o ngtcp2: add client certificate authentication for OpenSSL [15]
o ngtcp2: avoid busy loop in low CWND situation [119]
o ngtcp2: deal with sub-millisecond timeout [116]
o ngtcp2: disconnect the QUIC connection proper [19]
o ngtcp2: enlarge H3_SEND_SIZE [82]
o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83]
o ngtcp2: fix memory leak [80]
o ngtcp2: fix QUIC_IDLE_TIMEOUT [94]
o ngtcp2: make curl 1ms faster [93]
o ngtcp2: remove remote_addr which is not used in a meaningful way [81]
o ngtcp2: update to work after recent ngtcp2 updates [62]
o ngtcp2: use token when detecting :status header field [92]
o nonblock: restore setsockopt method to curlx_nonblock [20]
o openssl: check SSL_get_peer_cert_chain return value [1]
o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23]
o openssl: fix CN check error code [21]
o options: remove mistaken space before paren in prototype
o perl: removed a double semicolon at end of line [64]
o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43]
o projects/README: converted to markdown [76]
o projects: Update VC version names for VS2017, VS2022 [52]
o rtsp: don't let CSeq error override earlier errors [37]
o runtests: add 'bearssl' as testable feature [87]
o runtests: make 'oldlibssh' be before 0.9.4 [2]
o schannel: remove dead code that will never run [89]
o scripts/copyright.pl: ignore the new mlc_config.json file
o scripts: move three scripts from lib/ to scripts/ [44]
o test1135: sync with recent API updates [54]
o test1459: disable for oldlibssh [53]
o test375: fix line endings on Windows [40]
o test386: Fix an incorrect test markup tag
o test718: edited slightly to return better HTTP [32]
o tests/server/util.h: align WIN32 condition with util.c [46]
o tests: refactor server/socksd.c to support --unix-socket [96]
o timediff.[ch]: add curlx helper functions for timeval conversions [86]
o tls: make mbedtls and NSS check for h2, not nghttp2 [70]
o tool and tests: force flush of all buffers at end of program [17]
o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30]
o tool_getparam: error out on missing -K file [115]
o tool_listhelp.c: uppercase URL
o tool_operate: fix a scan-build warning [16]
o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97]
o transfer: redirects to other protocols or ports clear auth [109]
o unit1620: call global_init before calling Curl_open [125]
o url: check sasl additional parameters for connection reuse. [113]
o vtls: provide a unified APLN-disagree string for all backends [75]
o vtls: use a backend standard message for "ALPN: offers %s" [73]
o vtls: use a generic "ALPN, server accepted" message [72]
o winbuild/README.md: fixup dead link [36]
o winbuild: Add a Visual Studio example to the README [49]
o wolfssl: fix compiler error without IPv6 [25]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.5.3 to 2.5.4
- Update of rootfile
- Changelog
Version 2.5.4 - April 21, 2022
- Update the syscall table for Linux v5.17
- Fix minor issues with binary tree testing and with empty binary trees
- Minor documentation improvements including retiring the mailing list
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 0.3.112 to 0.3.113
- Update of rootfile
- Changelog
0.3.113
harness: add test for aio poll missed events
Verify structure padding is correct at build time
Fix struct io_iocb_sockaddr padding for 32bit architectures
Fix struct io_iocb_vector padding for 32bit architectures
Use generic syscall number schema for loongarch
Add endian detection and bit width detection for loongarch
Add loongarch to supported architectures in libaio.spec
cases/16.t: loongarch only supports eventfd2
Fix test issue with gcc-11
harness: Skip the test if io_pgetevents() is not implemented
harness: Print better error messages on error conditions in 22.t
harness: Fix PROT_WRITE mmap check
harness: fix read into PROT_WRITE mmap test
harness: skip 22.p if async_poll isn't supported
harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT
harness: Add fallback code for filesystems not supporting O_DIRECT
harness: add support for skipping tests
harness: Make the test exit with a code matching the pass/fail state
harness: Make RISC-V use SYS_eventfd2 instead of unavailable SYS_eventfd
harness: Use run-time _SC_PAGE_SIZE instead of build-time PAGESIZE
harness: Use destination strncpy() expression for sizeof() argument
Use ctx consistently for io_context_t instead of ctx_id
man: Escape verbatim \n in order to make it through roff
man: Fold short lines
man: Fix markup
man: Fix title header
man: Fix typos
man: Add "None" to empty sections
man: Remove spurious text
man: Remove spurious spaces
man: Fix period formatting
man: Fix casing
man: End sentences with a period
man: Refer to libaio.h instead of libio.h
man: Use the correct troff macro for comments
man: Add missing space in man page references
harness: allow running tests against the installed library
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.63 to 2.64
- Update of rootfile
- Change sed line to ensure removal of static libs - environment names for static libraries
changed.
- Changelog
2.64
Fix memory leak in libpsx at program exit. (Bug: 215551 reported by Kalen Hall)
Be more resilient to CGo configuration with Go compiler when building tests.
(Bug: 215603)
Fix cap_*prctl() return code/errno handling. (Bug: 215772 reported by Anderson
Toshiyuki Sasaki)
Minor clarification to cap_get_pid() man page concerning pid value within
namespaces. (Bug: 215812)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 0.8.2 to 0.8.3
- Update of rootfile not required
- Changelog
0.8.3
- Fix parameters to capng_updatev python bindings to be signed
- Detect capability options at runtime to make containerization easier (ntkme)
- Initialize the library when linked statically
- Add gcc function attributes for deallocation
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.19.2 to 1.21.6
- Update of rootfile not required
- Changelog
Changes with nginx 1.21.6 25 Jan 2022
*) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
unevenly distributed among worker processes.
*) Bugfix: nginx returned the "Connection: keep-alive" header line in
responses during graceful shutdown of old worker processes.
*) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
Changes with nginx 1.21.5
*) Change: now nginx is built with the PCRE2 library by default.
*) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
*) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
*) Feature: the $ssl_curve variable.
*) Bugfix: connections might hang when using HTTP/2 without SSL with the
"sendfile" and "aio" directives.
Changes with nginx 1.21.4
*) Change: support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
*) Change: now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
*) Change: the default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
*) Feature: the "proxy_half_close" directive in the stream module.
*) Feature: the "ssl_alpn" directive in the stream module.
*) Feature: the $ssl_alpn_protocol variable.
*) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
*) Feature: the "mp4_start_key_frame" directive in the
ngx_http_mp4_module.
Thanks to Tracey Jaquith.
*) Bugfix: in the $content_length variable when using chunked transfer
encoding.
*) Bugfix: after receiving a response with incorrect length from a
proxied backend nginx might nevertheless cache the connection.
Thanks to Awdhesh Mathpal.
*) Bugfix: invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
directive.
Changes with nginx 1.21.3
*) Change: optimization of client request body reading when using
HTTP/2.
*) Bugfix: in request body filters internal API when using HTTP/2 and
buffering of the data being processed.
Changes with nginx 1.21.2
*) Change: now nginx rejects HTTP/1.0 requests with the
"Transfer-Encoding" header line.
*) Change: export ciphers are no longer supported.
*) Feature: OpenSSL 3.0 compatibility.
*) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
Thanks to Rob Mueller.
*) Feature: request body filters API now permits buffering of the data
being processed.
*) Bugfix: backend SSL connections in the stream module might hang after
an SSL handshake.
*) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
newer, did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
*) Bugfix: SSL connections with gRPC backends might hang if select,
poll, or /dev/poll methods were used.
*) Bugfix: when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the
request.
Changes with nginx 1.21.1
*) Change: now nginx always returns an error for the CONNECT method.
*) Change: now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
*) Change: now nginx always returns an error if spaces or control
characters are used in the request line.
*) Change: now nginx always returns an error if spaces or control
characters are used in a header name.
*) Change: now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
*) Change: optimization of configuration testing when using many
listening sockets.
*) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
*) Bugfix: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
*) Bugfix: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
*) Bugfix: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
Changes with nginx 1.21.0
*) Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
*) Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
*) Feature: the "max_errors" directive in the mail proxy module.
*) Feature: the mail proxy module supports POP3 and IMAP pipelining.
*) Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
Thanks to Anbang Wen.
*) Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
*) Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
Changes with nginx 1.19.10
*) Change: the default value of the "keepalive_requests" directive was
changed to 1000.
*) Feature: the "keepalive_time" directive.
*) Feature: the $connection_time variable.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
Changes with nginx 1.19.9
*) Bugfix: nginx could not be built with the mail proxy module, but
without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
*) Bugfix: "upstream sent response body larger than indicated content
length" errors might occur when working with gRPC backends; the bug
had appeared in 1.19.1.
*) Bugfix: nginx might not close a connection till keepalive timeout
expiration if the connection was closed by the client while
discarding the request body.
*) Bugfix: nginx might not detect that a connection was already closed
by the client when waiting for auth_delay or limit_req delay, or when
working with backends.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.8
*) Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
*) Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
*) Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
*) Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.7
*) Change: connections handling in HTTP/2 has been changed to better
match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
"http2_max_requests" directives have been removed, the
"keepalive_timeout" and "keepalive_requests" directives should be
used instead.
*) Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
*) Feature: now, if free worker connections are exhausted, nginx starts
closing not only keepalive connections, but also connections in
lingering close.
*) Bugfix: "zero size buf in output" alerts might appear in logs if an
upstream server returned an incorrect response during unbuffered
proxying; the bug had appeared in 1.19.1.
*) Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
*) Bugfix: in the "add_trailer" directive.
Changes with nginx 1.19.6
*) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
block was marked as "down".
*) Bugfix: a segmentation fault might occur in a worker process if HTTPS
was used; the bug had appeared in 1.19.5.
*) Bugfix: nginx returned the 400 response on requests like
"GET http://example.com?args HTTP/1.0".
*) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
Thanks to Chris Newton.
Changes with nginx 1.19.5
*) Feature: the -e switch.
*) Feature: the same source files can now be specified in different
modules while building addon modules.
*) Bugfix: SSL shutdown did not work when lingering close was used.
*) Bugfix: "upstream sent frame for closed stream" errors might occur
when working with gRPC backends.
*) Bugfix: in request body filters internal API.
Changes with nginx 1.19.4
*) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
"grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
*) Feature: the "ssl_reject_handshake" directive.
*) Feature: the "proxy_smtp_auth" directive in mail proxy.
Changes with nginx 1.19.3
*) Feature: the ngx_stream_set_module.
*) Feature: the "proxy_cookie_flags" directive.
*) Feature: the "userid_flags" directive.
*) Bugfix: the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
*) Bugfix: "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
*) Workaround: "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
*) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
*) Bugfix: socket leak when using HTTP/2 and subrequests in the njs
module.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.4.2 to 3.7.3
- Update of rootfile
- Changelog is too large to include here ~600 lines long
More details can be found in the CHANGELOG.rst file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.54.0 to 2.64.0
- Update of rootfile
- Changelog
2.64.0 - 2022-04-19
Added
* Support for the Stack Monitoring service
* Support for stack monitoring on external databases in the Database service
* Support for upgrading VM database systems in place in the Database service
* Support for viewing supported VMWare software versions when listing host shapes in the VMWare Solution service
* Support for choosing compute shapes when creating SDDCs and ESXi hosts in the VMWare Solution service
* Support for work requests on delete operations in the Vulnerability Scanning service
* Support for additional scan metadata in reports, including CVE descriptions, in the Vulnerability Scanning service
* Support for redemption codes in the Usage service
Breaking
* Param `type` in model `DiscoveryDetails` assumes the value of `UNKNOWN_ENUM_VALUE` if it is assigned a value that is not of the allowed_values. It will not raise a `ValueError`.
2.63.0 - 2022-04-12
Added
* Support for bringing your own IPv6 addresses in the Networking service
* Support for specifying database edition and maximum CPU core count when creating or updating an autonomous database in the Database service
* Support for enabling and disabling data collection options when creating or updating Exadata Cloud at Customer VM clusters in the Database service
Breaking
* Support for retries by default on operations in the Identity service
* Support for retries by default on operations in the Operations Insights service
2.62.1 - 2022-04-05
Added
* Fixed the lifecycle state values for target databases in the Data Safe service
* Support for content length and content type response headers when downloading PDFs in the Account Management service
* Support for creating Enterprise Manager-based zLinux host targets, creating alarms, and viewing top process analytics in the Operations Insights service
* Support for diagnostic reboots on VM instances in the Compute service
2.62.0 - 2022-03-29
Added
* Support for returning the number of network ports as part of listing shapes in the Compute service
* Support for Java runtime removal and custom logs in the Java Management service
* Support for new parameters for BGP admin state and enabling/disabling BFD in the Networking service
* Support for private OKE clusters and blue-green deployments in the DevOps service
* Support for international customers to consume and launch third-party paid listings in the Marketplace service
* Support for additional fields on entities, attributes, and folders in the Data Catalog service
Breaking
* Support for retries by default on operations in the Marketplace service
2.61.0 - 2022-03-22
Added
* Support for getting the storage utilization of a deployment on deployment list and get operations in the GoldenGate service
* Support for virtual machines, bare metal machines, and Exadata databases with private endpoints in the Operations Insights service
* Support for setting deletion policies on database systems in the MySQL Database service
Breaking
* Support for retries by default on operations in the Data Labeling service (data plane and control plane)
2.60.1 - 2022-03-15
Added
* Support for Ubuntu platforms and unlimited installation keys in the Management Agent Cloud service
* Support for shielded instances in the VMWare Solution service
* Support for application resources in the Data Integration service
* Support for multi-AVM on Exadata Cloud at Customer infrastructure in the Database service
* Support for heterogeneous (VM and AVM) clusters on Exadata Cloud at Customer infrastructure in the Database service
* Support for custom maintenance schedules for AVM clusters on Exadata Cloud at Customer infrastructure in the Database service
* Support for listing vulnerabilities, vulnerability-impacted containers, and vulnerability-impacted hosts in the Vulnerability Scanning service
* Support for specifying an image count when creating or updating container scan recipes in the Vulnerability Scanning service
2.60.0 - 2022-03-08
Added
* Support for the Sales Accelerator license option in the Content Management service
* Support for VCN hostname cluster endpoints in the Container Engine for Kubernetes service
* Support for optionally specifying an admin username and password when creating a database system during a restore operation in the MySQL Database service
* Support for automatic tablespace creation on non-autonomous and autonomous database dedicated targets in the Database Migration service
* Support for reporting excluded objects based on static exclusion rules and dynamic exclusion settings in the Database Migration service
* Support for removing, listing, and adding database objects reported by the Cloud Premigration Advisor Tool (CPAT) in the Database Migration service
* Support for migrating Oracle databases from the AWS RDS service to OCI as autonomous databases, using the AWS S3 service and DBLINK for data transfer, in the Database Migration service
* Support for querying additional fields of a resource using return clauses in the Search service
* Support for clusters and station clusters in the Roving Edge Infrastructure service
* Support for creating database systems and database homes using customer-managed keys in the Database service
Breaking
* Support for retries enabled by default on operations in the Container Engine for Kubernetes service
* Support for retries enabled by default on operations in the Resource Manager service
* Support for retries enabled by default on operations in the Search service
2.59.0 - 2022-03-01
Added
* Support for DRG route distribution statements to be specified with a new match type 'MATCH_ALL' for matching criteria in the Networking service
* Support for VCN route types on DRG attachments for deciding whether to import VCN CIDRs or subnet CIDRs into route rules in the Networking service
* Support for CPS offline reports in the Database service
* Support for infrastructure patching v2 features in the Database service
* Support for auto-scaling the storage of an autonomous database, as well as shrinking an autonomous database, in the Database service
* Support for managed egress via a default networking option on jobs and notebooks in the Data Science service
* Support for more types of saved search enums in the Management Dashboard service
Breaking
* Support for retries enabled by default on some operations in the AI Vision service
2.58.0 - 2022-02-22
Added
* Support for the Data Connectivity Management service
* Support for the AI Speech service
* Support for disabling crash recovery in the MySQL Database service
* Support for detector recipes of type "threat", new detector rule of type "rogue user", and sightings operations in the Cloud Guard service
* Support for more VM shape configurations when listing shapes in the Compute service
* Support for customer-managed encryption keys in the Analytics Cloud service
* Support for FastConnect device information in the Networking service
Breaking
* Support for retries enabled by default on all operations in the Application Performance Monitoring control plane service
2.57.0 - 2022-02-15
Added
* Support for the AI Vision service
* Support for the Threat Intelligence service
* Support for creation of NoSQL database tables with on-demand throughput capacity in the NoSQL Database Cloud service
* Support for tagging features in the Oracle Container Engine for Kubernetes (OKE) service
* Support for trace snapshots in the Application Performance Monitoring service
* Support for auditing and alerts in the Data Safe service
* Support for data discovery and data masking in the Data Safe service
* Support for customized subscriptions and delivery of announcements by email and SMS in the Announcements service
Breaking
* The API `query_old` was removed from `query_client` in the Application Performance Monitoring service
2.56.0 - 2022-02-08
Added
* Support for managing tablespaces in the Database Management service
* Support for upgrading and managing payment for subscriptions in the Account Management service
* Support for listing fast launch job configurations in the Data Science service
Breaking changes
* Support for retries enabled by default on all operations in the Application Performance Monitoring service
* The type for the `bill_to_address` parameter was changed from `Address` to `BillToAddress` in the invoice model of the Account Management service
* `payment_method` was made a required property of the `payment_detail` model of the Account Management service
2.55.1 - 2022-02-01
Added
* Support for calling Oracle Cloud Infrastructure services in the ap-dcc-canberra-1 region
* Support for the Console Dashboard service
* Support for capacity reservation in the Container Engine for Kubernetes service
* Support for tagging in the Container Engine for Kubernetes service
* Support for fetching listings by image OCID in the Marketplace service
* Support for underscores and hyphens in project resource names in the DevOps service
* Support for cross-region cloning in the Database service
2.55.0 - 2022-01-25
Added
* Support for OneSubscription services
* Support for specifying if a run or application is streaming or batch in the Data Flow service
* Support for updating the Instance Configuration of an Instance Pool within a Cluster Network in the Compute Management service
* Updated documentation for Cross Region ADG feature for Autonomous Database in the Database service
Breaking
* Support for retries enabled by default on all operations in the Object Storage service
2.54.1 - 2022-01-18
Added
* Support for calling Oracle Cloud Infrastructure services in the me-dcc-muscat-1 region
* Support for the Visual Builder service
* Support for cross-region replication of volume groups in the Block Storage service
* Support for boot volume encryption in the Container Engine for Kubernetes service
* Support for adding metadata to records when creating and updating records in the Data Labeling service
* Support for global export formats in snapshot datasets in the Data Labeling service
* Support for adding labeling instructions to datasets in the Data Labeling service
* Support for updating autonomous dataguard associations for autonomous container databases in the Database service
* Support for setting up automatic failover when creating autonomous container databases in the Database service
* Support for setting the RECO storage size when updating a database system in the Database service
* Support for reconnecting refreshable clones to source for autonomous databases on shared infrastructure in the Database service
* Support for checking if an autonomous database on shared infrastructure can be reconnected to source, in the Database service
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.5.3 to 2.6.1
- Update of rootfile not required
- Changelog is not available in the source tarball or on the website. Follwoing list of
changes obtained from git shortlog listing
Release: 2.6.1 nfs-utils-2-6-1
mount: removed unused lable
tools/rpcgen: fix build on macos arm64 (stat64 issue)
mount: Remove NFS v2 support from mount.nfs
nfs.man: Remove references to NFS v2 from the man pages
nfsd: Remove the ability to enable NFS v2.
mount: don't bind a socket needlessly.
Add --disable-sbin-override for when /sbin is a symlink
mountstats: division by zero error on new mount when...
mountd: only do NFSv4 logging on supported kernels.
Move version.h into a common include directory
install-dep: Use command -v instead of which
nfs.man: adding new mount option max_connect
cacheio.c:216:21: warning: unused variable 'stb' [...
gssd: fix crash in debug message.
systemd generators: Install depending on location for...
systemd/Makefile: Drop exlicit setting of unit_dir
nfs-utils: add install-dep for installing all dependencies
nfs-utils: Fix mem leak in mountd
nfs-utils: Fix mem leaks in krb5_util
nfs-utils: Fix mem leaks in gssd
nfs-utils: Fix potential memory leaks in idmap
nfsdcltrack: Use uint64_t instead of time_t
systemd: Fix non-default statedir paths.
nfsdcltrack/nfsdcltrack.c: Fix printf format
nfsdcltrack/sqlite: Fix printf format
mount.nfs: Fix the sloppy option processing
Release: 2.5.4
gssd: Cleaned up debug messages
mount.nfs: insert 'sloppy' at beginning of the options
nfs(5): Correct the spelling of "kernel_source"
nfs(5): Fix missing mentions of "rdma6" netid
gssd: add timeout for upcall threads
gssd: deal with failed thread creation
configure: check for rpc/rpc.h presence
README: update git repository URL
Move declaration of etab and rmtab into libraries
Remove 'force' arg from cache_flush()
Fix NFSv4 export of tmpfs filesystems
gssd: use mutex to protect decrement of refcount
nfs-utils: Enable the retrieval of raw config settings...
nfs-utils: Factor out common structure cleanup calls
Replace all /var/run with /run
Fix `statx()` emulation breaking exports
mountd/exports: Fix typo in the man page
NFS server should enable RDMA by default
mountd/exportd: only log confirmed clients, and poll...
exportfs: fix unexporting of '/'
nfsdclnts: Ignore SIGPIPE signal
mountd: add logging of NFSv4 clients attaching and...
mountd: make default ttl settable by option
mountd: add --cache-use-ipaddr option to force use_ipaddr
mountd: add logging for authentication results for...
mountd/exports: update man page
mountd: Don't proactively add export info when fh info...
mountd: reject unknown client IP when !use_ipaddr.
gssd: Add options to rpc.gssd to allow for the use...
exportd: server-side gid management
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
The array of used/loaded ipsets needs to be reloaded before
the cleanup can be started to also handle sets which are loaded during
runtime.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version r53 to r55
- Update of rootfile not required
- Changelog
inih version 55
Added "version" to meson.build config: #135 (but bumped up to 55 in a subsequent
commit, for this release).
inih version 54
Mainly #134, adding the visibility symbols to the Meson build config, but also other
small tweaks to tests and so on.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.14.02 (Dec 2018) to 2.15.05 (Aug 2020)
- Most recent commit in git was Dec 2021
- Update of rootfile not required
- Changelog in source tarball and in git repository was last updated in 2007.
Only option to see changes is to review the commits in
https://github.com/netwide-assembler/nasm/commits/master
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
