webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 21:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,668 Commits 2 Branches 1 Tag
d9538fbcc4a5f2547a3cedab9b5d2aad307cd2b3
Commit Graph

18668 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Adolf Belka
d9538fbcc4 libcap: Update to version 2.64 
- Update from version 2.63 to 2.64
- Update of rootfile
- Change sed line to ensure removal of static libs - environment names for static libraries
   changed.
- Changelog
   2.64
	    Fix memory leak in libpsx at program exit. (Bug: 215551 reported by Kalen Hall)
	    Be more resilient to CGo configuration with Go compiler when building tests.
             (Bug: 215603)
	    Fix cap_*prctl() return code/errno handling.  (Bug: 215772 reported by Anderson
             Toshiyuki Sasaki)
	    Minor clarification to cap_get_pid() man page concerning pid value within
             namespaces. (Bug: 215812)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-30 08:56:00 +00:00
Peter Müller
fab8358515 Core Update 168: Ship libcap-ng 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-30 08:55:35 +00:00
Adolf Belka
535607ac93 libcap-ng: Update to version 0.8.3 
- Update from 0.8.2 to 0.8.3
- Update of rootfile not required
- Changelog
    0.8.3
	- Fix parameters to capng_updatev python bindings to be signed
	- Detect capability options at runtime to make containerization easier (ntkme)
	- Initialize the library when linked statically
	- Add gcc function attributes for deallocation

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-30 08:54:59 +00:00
Adolf Belka
3661b4cb46 nginx: Update to version 1.21.6 
- Update from version 1.19.2 to 1.21.6
- Update of rootfile not required
- Changelog
	Changes with nginx 1.21.6                                        25 Jan 2022
	    *) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
	       unevenly distributed among worker processes.
	    *) Bugfix: nginx returned the "Connection: keep-alive" header line in
	       responses during graceful shutdown of old worker processes.
	    *) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
	Changes with nginx 1.21.5
	    *) Change: now nginx is built with the PCRE2 library by default.
	    *) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
	    *) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
	    *) Feature: the $ssl_curve variable.
	    *) Bugfix: connections might hang when using HTTP/2 without SSL with the
	       "sendfile" and "aio" directives.
	Changes with nginx 1.21.4
	    *) Change: support for NPN instead of ALPN to establish HTTP/2
	       connections has been removed.
	    *) Change: now nginx rejects SSL connections if ALPN is used by the
	       client, but no supported protocols can be negotiated.
	    *) Change: the default value of the "sendfile_max_chunk" directive was
	       changed to 2 megabytes.
	    *) Feature: the "proxy_half_close" directive in the stream module.
	    *) Feature: the "ssl_alpn" directive in the stream module.
	    *) Feature: the $ssl_alpn_protocol variable.
	    *) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
	    *) Feature: the "mp4_start_key_frame" directive in the
	       ngx_http_mp4_module.
	       Thanks to Tracey Jaquith.
	    *) Bugfix: in the $content_length variable when using chunked transfer
	       encoding.
	    *) Bugfix: after receiving a response with incorrect length from a
	       proxied backend nginx might nevertheless cache the connection.
	       Thanks to Awdhesh Mathpal.
	    *) Bugfix: invalid headers from backends were logged at the "info" level
	       instead of "error"; the bug had appeared in 1.21.1.
	    *) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
	       directive.
	Changes with nginx 1.21.3
	    *) Change: optimization of client request body reading when using
	       HTTP/2.
	    *) Bugfix: in request body filters internal API when using HTTP/2 and
	       buffering of the data being processed.
	Changes with nginx 1.21.2
	    *) Change: now nginx rejects HTTP/1.0 requests with the
	       "Transfer-Encoding" header line.
	    *) Change: export ciphers are no longer supported.
	    *) Feature: OpenSSL 3.0 compatibility.
	    *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
	       are now passed to the mail proxy authentication server.
	       Thanks to Rob Mueller.
	    *) Feature: request body filters API now permits buffering of the data
	       being processed.
	    *) Bugfix: backend SSL connections in the stream module might hang after
	       an SSL handshake.
	    *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
	       newer, did not affect loading of the server certificates when set
	       with "@SECLEVEL=N" in the "ssl_ciphers" directive.
	    *) Bugfix: SSL connections with gRPC backends might hang if select,
	       poll, or /dev/poll methods were used.
	    *) Bugfix: when using HTTP/2 client request body was always written to
	       disk if the "Content-Length" header line was not present in the
	       request.
	Changes with nginx 1.21.1
	    *) Change: now nginx always returns an error for the CONNECT method.
	    *) Change: now nginx always returns an error if both "Content-Length"
	       and "Transfer-Encoding" header lines are present in the request.
	    *) Change: now nginx always returns an error if spaces or control
	       characters are used in the request line.
	    *) Change: now nginx always returns an error if spaces or control
	       characters are used in a header name.
	    *) Change: now nginx always returns an error if spaces or control
	       characters are used in the "Host" request header line.
	    *) Change: optimization of configuration testing when using many
	       listening sockets.
	    *) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
	       and "}" characters when proxying with changed URI.
	    *) Bugfix: SSL variables might be empty when used in logs; the bug had
	       appeared in 1.19.5.
	    *) Bugfix: keepalive connections with gRPC backends might not be closed
	       after receiving a GOAWAY frame.
	    *) Bugfix: reduced memory consumption for long-lived requests when
	       proxying with more than 64 buffers.
	Changes with nginx 1.21.0
	    *) Security: 1-byte memory overwrite might occur during DNS server
	       response processing if the "resolver" directive was used, allowing an
	       attacker who is able to forge UDP packets from the DNS server to
	       cause worker process crash or, potentially, arbitrary code execution
	       (CVE-2021-23017).
	    *) Feature: variables support in the "proxy_ssl_certificate",
	       "proxy_ssl_certificate_key" "grpc_ssl_certificate",
	       "grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
	       "uwsgi_ssl_certificate_key" directives.
	    *) Feature: the "max_errors" directive in the mail proxy module.
	    *) Feature: the mail proxy module supports POP3 and IMAP pipelining.
	    *) Feature: the "fastopen" parameter of the "listen" directive in the
	       stream module.
	       Thanks to Anbang Wen.
	    *) Bugfix: special characters were not escaped during automatic redirect
	       with appended trailing slash.
	    *) Bugfix: connections with clients in the mail proxy module might be
	       closed unexpectedly when using SMTP pipelining.
	Changes with nginx 1.19.10
	    *) Change: the default value of the "keepalive_requests" directive was
	       changed to 1000.
	    *) Feature: the "keepalive_time" directive.
	    *) Feature: the $connection_time variable.
	    *) Workaround: "gzip filter failed to use preallocated memory" alerts
	       appeared in logs when using zlib-ng.
	Changes with nginx 1.19.9
	    *) Bugfix: nginx could not be built with the mail proxy module, but
	       without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
	    *) Bugfix: "upstream sent response body larger than indicated content
	       length" errors might occur when working with gRPC backends; the bug
	       had appeared in 1.19.1.
	    *) Bugfix: nginx might not close a connection till keepalive timeout
	       expiration if the connection was closed by the client while
	       discarding the request body.
	    *) Bugfix: nginx might not detect that a connection was already closed
	       by the client when waiting for auth_delay or limit_req delay, or when
	       working with backends.
	    *) Bugfix: in the eventport method.
	Changes with nginx 1.19.8
	    *) Feature: flags in the "proxy_cookie_flags" directive can now contain
	       variables.
	    *) Feature: the "proxy_protocol" parameter of the "listen" directive,
	       the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
	    *) Bugfix: HTTP/2 connections were immediately closed when using
	       "keepalive_timeout 0"; the bug had appeared in 1.19.7.
	    *) Bugfix: some errors were logged as unknown if nginx was built with
	       glibc 2.32.
	    *) Bugfix: in the eventport method.
	Changes with nginx 1.19.7
	    *) Change: connections handling in HTTP/2 has been changed to better
	       match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
	       "http2_max_requests" directives have been removed, the
	       "keepalive_timeout" and "keepalive_requests" directives should be
	       used instead.
	    *) Change: the "http2_max_field_size" and "http2_max_header_size"
	       directives have been removed, the "large_client_header_buffers"
	       directive should be used instead.
	    *) Feature: now, if free worker connections are exhausted, nginx starts
	       closing not only keepalive connections, but also connections in
	       lingering close.
	    *) Bugfix: "zero size buf in output" alerts might appear in logs if an
	       upstream server returned an incorrect response during unbuffered
	       proxying; the bug had appeared in 1.19.1.
	    *) Bugfix: HEAD requests were handled incorrectly if the "return"
	       directive was used with the "image_filter" or "xslt_stylesheet"
	       directives.
	    *) Bugfix: in the "add_trailer" directive.
	Changes with nginx 1.19.6
	    *) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
	       block was marked as "down".
	    *) Bugfix: a segmentation fault might occur in a worker process if HTTPS
	       was used; the bug had appeared in 1.19.5.
	    *) Bugfix: nginx returned the 400 response on requests like
	       "GET http://example.com?args HTTP/1.0".
	    *) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
	       Thanks to Chris Newton.
	Changes with nginx 1.19.5
	    *) Feature: the -e switch.
	    *) Feature: the same source files can now be specified in different
	       modules while building addon modules.
	    *) Bugfix: SSL shutdown did not work when lingering close was used.
	    *) Bugfix: "upstream sent frame for closed stream" errors might occur
	       when working with gRPC backends.
	    *) Bugfix: in request body filters internal API.
	Changes with nginx 1.19.4
	    *) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
	       "grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
	    *) Feature: the "ssl_reject_handshake" directive.
	    *) Feature: the "proxy_smtp_auth" directive in mail proxy.
	Changes with nginx 1.19.3
	    *) Feature: the ngx_stream_set_module.
	    *) Feature: the "proxy_cookie_flags" directive.
	    *) Feature: the "userid_flags" directive.
	    *) Bugfix: the "stale-if-error" cache control extension was erroneously
	       applied if backend returned a response with status code 500, 502,
	       503, 504, 403, 404, or 429.
	    *) Bugfix: "[crit] cache file ... has too long header" messages might
	       appear in logs if caching was used and the backend returned responses
	       with the "Vary" header line.
	    *) Workaround: "[crit] SSL_write() failed" messages might appear in logs
	       when using OpenSSL 1.1.1.
	    *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
	       might appear in logs; the bug had appeared in 1.19.2.
	    *) Bugfix: a segmentation fault might occur in a worker process when
	       using HTTP/2 if errors with code 400 were redirected to a proxied
	       location using the "error_page" directive.
	    *) Bugfix: socket leak when using HTTP/2 and subrequests in the njs
	       module.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-30 08:54:31 +00:00
Adolf Belka
810dbe76ae oci-cli: Update to version 3.7.3 
- Update from 3.4.2 to 3.7.3
- Update of rootfile
- Changelog is too large to include here ~600 lines long
   More details can be found in the CHANGELOG.rst file in the source tarball

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 21:11:50 +00:00
Adolf Belka
85a250d636 oci-python-sdk: Update to version 2.64.0 
- Update from 2.54.0 to 2.64.0
- Update of rootfile
- Changelog
	2.64.0 - 2022-04-19
	     Added
		* Support for the Stack Monitoring service
		* Support for stack monitoring on external databases in the Database service
		* Support for upgrading VM database systems in place in the Database service
		* Support for viewing supported VMWare software versions when listing host shapes in the VMWare Solution service
		* Support for choosing compute shapes when creating SDDCs and ESXi hosts in the VMWare Solution service
		* Support for work requests on delete operations in the Vulnerability Scanning service
		* Support for additional scan metadata in reports, including CVE descriptions, in the Vulnerability Scanning service
		* Support for redemption codes in the Usage service
	     Breaking
		* Param `type` in model `DiscoveryDetails` assumes the value of `UNKNOWN_ENUM_VALUE` if it is assigned a value that is not of the allowed_values. It will not raise a `ValueError`.
	2.63.0 - 2022-04-12
	     Added
		* Support for bringing your own IPv6 addresses in the Networking service
		* Support for specifying database edition and maximum CPU core count when creating or updating an autonomous database in the Database service
		* Support for enabling and disabling data collection options when creating or updating Exadata Cloud at Customer VM clusters in the Database service
	      Breaking
		* Support for retries by default on operations in the Identity service
		* Support for retries by default on operations in the Operations Insights service
	2.62.1 - 2022-04-05
	     Added
		* Fixed the lifecycle state values for target databases in the Data Safe service
		* Support for content length and content type response headers when downloading PDFs in the Account Management service
		* Support for creating Enterprise Manager-based zLinux host targets, creating alarms, and viewing top process analytics in the Operations Insights service
		* Support for diagnostic reboots on VM instances in the Compute service
	2.62.0 - 2022-03-29
	     Added
		* Support for returning the number of network ports as part of listing shapes in the Compute service
		* Support for Java runtime removal and custom logs in the Java Management service
		* Support for new parameters for BGP admin state and enabling/disabling BFD in the Networking service
		* Support for private OKE clusters and blue-green deployments in the DevOps service
		* Support for international customers to consume and launch third-party paid listings in the Marketplace service
		* Support for additional fields on entities, attributes, and folders in the Data Catalog service
	      Breaking
		* Support for retries by default on operations in the Marketplace service
	2.61.0 - 2022-03-22
	     Added
		* Support for getting the storage utilization of a deployment on deployment list and get operations in the GoldenGate service
		* Support for virtual machines, bare metal machines, and Exadata databases with private endpoints in the Operations Insights service
		* Support for setting deletion policies on database systems in the MySQL Database service
	      Breaking
		* Support for retries by default on operations in the Data Labeling service (data plane and control plane)
	2.60.1 - 2022-03-15
	     Added
		* Support for Ubuntu platforms and unlimited installation keys in the Management Agent Cloud service
		* Support for shielded instances in the VMWare Solution service
		* Support for application resources in the Data Integration service
		* Support for multi-AVM on Exadata Cloud at Customer infrastructure in the Database service
		* Support for heterogeneous (VM and AVM) clusters on Exadata Cloud at Customer infrastructure in the Database service
		* Support for custom maintenance schedules for AVM clusters on Exadata Cloud at Customer infrastructure in the Database service
		* Support for listing vulnerabilities, vulnerability-impacted containers, and vulnerability-impacted hosts in the Vulnerability Scanning service
		* Support for specifying an image count when creating or updating container scan recipes in the Vulnerability Scanning service
	2.60.0 - 2022-03-08
	     Added
		* Support for the Sales Accelerator license option in the Content Management service
		* Support for VCN hostname cluster endpoints in the Container Engine for Kubernetes service
		* Support for optionally specifying an admin username and password when creating a database system during a restore operation in the MySQL Database service
		* Support for automatic tablespace creation on non-autonomous and autonomous database dedicated targets in the Database Migration service
		* Support for reporting excluded objects based on static exclusion rules and dynamic exclusion settings in the Database Migration service
		* Support for removing, listing, and adding database objects reported by the Cloud Premigration Advisor Tool (CPAT) in the Database Migration service
		* Support for migrating Oracle databases from the AWS RDS service to OCI as autonomous databases, using the AWS S3 service and DBLINK for data transfer, in the Database Migration service
		* Support for querying additional fields of a resource using return clauses in the Search service
		* Support for clusters and station clusters in the Roving Edge Infrastructure service
		* Support for creating database systems and database homes using customer-managed keys in the Database service
	      Breaking
		* Support for retries enabled by default on operations in the Container Engine for Kubernetes service
		* Support for retries enabled by default on operations in the Resource Manager service
		* Support for retries enabled by default on operations in the Search service
	2.59.0 - 2022-03-01
	     Added
		* Support for DRG route distribution statements to be specified with a new match type 'MATCH_ALL' for matching criteria in the Networking service
		* Support for VCN route types on DRG attachments for deciding whether to import VCN CIDRs or subnet CIDRs into route rules in the Networking service
		* Support for CPS offline reports in the Database service
		* Support for infrastructure patching v2 features in the Database service
		* Support for auto-scaling the storage of an autonomous database, as well as shrinking an autonomous database, in the Database service
		* Support for managed egress via a default networking option on jobs and notebooks in the Data Science service
		* Support for more types of saved search enums in the Management Dashboard service
	     Breaking
		* Support for retries enabled by default on some operations in the AI Vision service
	2.58.0 - 2022-02-22
	     Added
		* Support for the Data Connectivity Management service
		* Support for the AI Speech service
		* Support for disabling crash recovery in the MySQL Database service
		* Support for detector recipes of type "threat", new detector rule of type "rogue user", and sightings operations in the Cloud Guard service
		* Support for more VM shape configurations when listing shapes in the Compute service
		* Support for customer-managed encryption keys in the Analytics Cloud service
		* Support for FastConnect device information in the Networking service
	     Breaking
		* Support for retries enabled by default on all operations in the Application Performance Monitoring control plane service
	2.57.0 - 2022-02-15
	     Added
		* Support for the AI Vision service
		* Support for the Threat Intelligence service
		* Support for creation of NoSQL database tables with on-demand throughput capacity in the NoSQL Database Cloud service
		* Support for tagging features in the Oracle Container Engine for Kubernetes (OKE) service
		* Support for trace snapshots in the Application Performance Monitoring service
		* Support for auditing and alerts in the Data Safe service
		* Support for data discovery and data masking in the Data Safe service
		* Support for customized subscriptions and delivery of announcements by email and SMS in the Announcements service
	     Breaking
		* The API `query_old` was removed from `query_client` in the Application Performance Monitoring service
	2.56.0 - 2022-02-08
	     Added
		* Support for managing tablespaces in the Database Management service
		* Support for upgrading and managing payment for subscriptions in the Account Management service
		* Support for listing fast launch job configurations in the Data Science service
	     Breaking changes
		* Support for retries enabled by default on all operations in the Application Performance Monitoring service
		* The type for the `bill_to_address` parameter was changed from `Address` to `BillToAddress` in the invoice model of the Account Management service
		* `payment_method` was made a required property of the `payment_detail` model of the Account Management service
	2.55.1 - 2022-02-01
	     Added
		* Support for calling Oracle Cloud Infrastructure services in the ap-dcc-canberra-1 region
		* Support for the Console Dashboard service
		* Support for capacity reservation in the Container Engine for Kubernetes service
		* Support for tagging in the Container Engine for Kubernetes service
		* Support for fetching listings by image OCID in the Marketplace service
		* Support for underscores and hyphens in project resource names in the DevOps service
		* Support for cross-region cloning in the Database service
	2.55.0 - 2022-01-25
	     Added
		* Support for OneSubscription services
		* Support for specifying if a run or application is streaming or batch in the Data Flow service
		* Support for updating the Instance Configuration of an Instance Pool within a Cluster Network in the Compute Management service
		* Updated documentation for Cross Region ADG feature for Autonomous Database in the Database service
	     Breaking
		* Support for retries enabled by default on all operations in the Object Storage service
	2.54.1 - 2022-01-18
	     Added
		* Support for calling Oracle Cloud Infrastructure services in the me-dcc-muscat-1 region
		* Support for the Visual Builder service
		* Support for cross-region replication of volume groups in the Block Storage service
		* Support for boot volume encryption in the Container Engine for Kubernetes service
		* Support for adding metadata to records when creating and updating records in the Data Labeling service
		* Support for global export formats in snapshot datasets in the Data Labeling service
		* Support for adding labeling instructions to datasets in the Data Labeling service
		* Support for updating autonomous dataguard associations for autonomous container databases in the Database service
		* Support for setting up automatic failover when creating autonomous container databases in the Database service
		* Support for setting the RECO storage size when updating a database system in the Database service
		* Support for reconnecting refreshable clones to source for autonomous databases on shared infrastructure in the Database service
		* Support for checking if an autonomous database on shared infrastructure can be reconnected to source, in the Database service

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 21:11:46 +00:00
Adolf Belka
a2a05a4706 nfs: Update to version 2.6.1 
- Update from version 2.5.3 to 2.6.1
- Update of rootfile not required
- Changelog is not available in the source tarball or on the website. Follwoing list of
   changes obtained from git shortlog listing
    Release: 2.6.1 nfs-utils-2-6-1
	mount: removed unused lable
	tools/rpcgen: fix build on macos arm64 (stat64 issue)
	mount: Remove NFS v2 support from mount.nfs
	nfs.man: Remove references to NFS v2 from the man pages
	nfsd: Remove the ability to enable NFS v2.
	mount: don't bind a socket needlessly.
	Add --disable-sbin-override for when /sbin is a symlink
	mountstats: division by zero error on new mount when...
	mountd: only do NFSv4 logging on supported kernels.
	Move version.h into a common include directory
	install-dep: Use command -v instead of which
	nfs.man: adding new mount option max_connect
	cacheio.c:216:21: warning: unused variable 'stb' [...
	gssd: fix crash in debug message.
	systemd generators: Install depending on location for...
	systemd/Makefile: Drop exlicit setting of unit_dir
	nfs-utils: add install-dep for installing all dependencies
	nfs-utils: Fix mem leak in mountd
	nfs-utils: Fix mem leaks in krb5_util
	nfs-utils: Fix mem leaks in gssd
	nfs-utils: Fix potential memory leaks in idmap
	nfsdcltrack: Use uint64_t instead of time_t
	systemd: Fix non-default statedir paths.
	nfsdcltrack/nfsdcltrack.c: Fix printf format
	nfsdcltrack/sqlite: Fix printf format
	mount.nfs: Fix the sloppy option processing
    Release: 2.5.4
	gssd: Cleaned up debug messages
	mount.nfs: insert 'sloppy' at beginning of the options
	nfs(5): Correct the spelling of "kernel_source"
	nfs(5): Fix missing mentions of "rdma6" netid
	gssd: add timeout for upcall threads
	gssd: deal with failed thread creation
	configure: check for rpc/rpc.h presence
	README: update git repository URL
	Move declaration of etab and rmtab into libraries
	Remove 'force' arg from cache_flush()
	Fix NFSv4 export of tmpfs filesystems
	gssd: use mutex to protect decrement of refcount
	nfs-utils: Enable the retrieval of raw config settings...
	nfs-utils: Factor out common structure cleanup calls
	Replace all /var/run with /run
	Fix `statx()` emulation breaking exports
	mountd/exports: Fix typo in the man page
	NFS server should enable RDMA by default
	mountd/exportd: only log confirmed clients, and poll...
	exportfs: fix unexporting of '/'
	nfsdclnts: Ignore SIGPIPE signal
	mountd: add logging of NFSv4 clients attaching and...
	mountd: make default ttl settable by option
	mountd: add --cache-use-ipaddr option to force use_ipaddr
	mountd: add logging for authentication results for...
	mountd/exports: update man page
	mountd: Don't proactively add export info when fh info...
	mountd: reject unknown client IP when !use_ipaddr.
	gssd: Add options to rpc.gssd to allow for the use...
	exportd: server-side gid management

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 21:09:36 +00:00
Peter Müller
9efdbe103b Core Update 168: Ship changed rules.pl 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:48:26 +00:00
Stefan Schantl
8b97a537f5 rules.pl: Fix automatic ipset sets cleanup. 
The array of used/loaded ipsets needs to be reloaded before
the cleanup can be started to also handle sets which are loaded during
runtime.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:47:43 +00:00
Peter Müller
2f908d9648 Core Update 168: Ship libinih 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:47:31 +00:00
Adolf Belka
f02dc11a38 libinih: Update to version r55 
- Update from version r53 to r55
- Update of rootfile not required
- Changelog
   inih version 55
     Added "version" to meson.build config: #135 (but bumped up to 55 in a subsequent
      commit, for this release).
   inih version 54
     Mainly #134, adding the visibility symbols to the Meson build config, but also other
      small tweaks to tests and so on.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:47:23 +00:00
Adolf Belka
3421b1abd8 meson: Update to version 0.62.1 
- Update from version 0.60.1 to 0.62.1
- Update of rootfile
- Changelog is too long to include here. More details can be read at the following link
   https://mesonbuild.com/Release-notes-for-0-62-0.html

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:42:16 +00:00
Peter Müller
7481abecc3 mcelog: Update to 181 
No changelog or release notes are provided. Please refer to
https://git.kernel.org/pub/scm/utils/cpu/mce/mcelog.git/log/ for the
source code history since the 175 release of mcelog.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:39:42 +00:00
Peter Müller
8f855e933d Postfix: Update to 3.7.1 
Please refer to https://www.postfix.org/announcements/postfix-3.7.1.html
for this versions' release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:39:17 +00:00
Adolf Belka
9d5c3d36e0 openvmtools: Update to version stable-12.0.0 
- Update from version stable-11.3.0 to stable-12.0.0
- Update of rootfile
- Changelog is a bit too long to include here. More details can be found at
    https://github.com/vmware/open-vm-tools/blob/stable-12.0.0/ReleaseNotes.md
    https://github.com/vmware/open-vm-tools/blob/stable-11.3.5/ReleaseNotes.md
- In version 11.3.5 mount.vmhgfs was removed from openvmtools
   It has been replaced by hgfs-fuse

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:37:31 +00:00
Adolf Belka
b7d80a2767 nasm: Update to version 2.15.05 
- Update from version 2.14.02 (Dec 2018) to 2.15.05 (Aug 2020)
- Most recent commit in git was Dec 2021
- Update of rootfile not required
- Changelog in source tarball and in git repository was last updated in 2007.
  Only option to see changes is to review the commits in
  https://github.com/netwide-assembler/nasm/commits/master

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:37:10 +00:00
Peter Müller
8de58edc73 Core Update 168: Ship relevant linux-firmware changes 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:32:56 +00:00
Peter Müller
5a48b4a23b linux-firmware: Update to 20220411 
See https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/
for changes since the last linux-firmware version tag.

Also, please note that this patch does not feature any directives for
shipping files via a Core Update - these need to be done separately.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:17:30 +00:00
Peter Müller
7138d1747c Core Update 168: Ship openjpeg 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:01:46 +00:00
Adolf Belka
ca98d29a86 openjpeg: Update to version 2.4.0 
- Update from version 2.3.1 to 2.4.0
- Update of rootfile
- Changelog
    2.4.0
	**Closed issues:**
		- OPENJPEG\_INSTALL\_DOC\_DIR does not control a destination directory where HTML docs would be installed. [\#1309](https://github.com/uclouvain/openjpeg/issues/1309)
		- Heap-buffer-overflow in lib/openjp2/pi.c:312 [\#1302](https://github.com/uclouvain/openjpeg/issues/1302)
		- Heap-buffer-overflow in lib/openjp2/t2.c:973 [\#1299](https://github.com/uclouvain/openjpeg/issues/1299)
		- Heap-buffer-overflow in lib/openjp2/pi.c:623 [\#1293](https://github.com/uclouvain/openjpeg/issues/1293)
		- Global-buffer-overflow in lib/openjp2/dwt.c:1980 [\#1286](https://github.com/uclouvain/openjpeg/issues/1286)
		- Heap-buffer-overflow in lib/openjp2/tcd.c:2417 [\#1284](https://github.com/uclouvain/openjpeg/issues/1284)
		- Heap-buffer-overflow in lib/openjp2/mqc.c:499 [\#1283](https://github.com/uclouvain/openjpeg/issues/1283)
		- Openjpeg could not encode 32bit RGB float image [\#1281](https://github.com/uclouvain/openjpeg/issues/1281)
		- Openjpeg could not encode 32bit RGB float image [\#1280](https://github.com/uclouvain/openjpeg/issues/1280)
		- ISO/IEC 15444-1:2019 \(E\) compared with 'cio.h' [\#1277](https://github.com/uclouvain/openjpeg/issues/1277)
		- Test-suite failure due to hash mismatch [\#1264](https://github.com/uclouvain/openjpeg/issues/1264)
		- Heap use-after-free [\#1261](https://github.com/uclouvain/openjpeg/issues/1261)
		- Memory leak when failing to allocate object... [\#1259](https://github.com/uclouvain/openjpeg/issues/1259)
		- Memory leak of Tier 1 handle when OpenJPEG fails to set it as TLS... [\#1257](https://github.com/uclouvain/openjpeg/issues/1257)
		- Any plan to build release for CVE-2020-8112/CVE-2020-6851 [\#1247](https://github.com/uclouvain/openjpeg/issues/1247)
		- failing to convert 16-bit file: opj\_t2\_encode\_packet\(\): only 5251 bytes remaining in output buffer. 5621 needed. [\#1243](https://github.com/uclouvain/openjpeg/issues/1243)
		- CMake+VS2017 Compile OK, thirdparty Compile OK, but thirdparty not install [\#1239](https://github.com/uclouvain/openjpeg/issues/1239)
		- New release to solve CVE-2019-6988 ? [\#1238](https://github.com/uclouvain/openjpeg/issues/1238)
		- Many tests fail to pass after the update of libtiff to version 4.1.0 [\#1233](https://github.com/uclouvain/openjpeg/issues/1233)
		- Another heap buffer overflow in libopenjp2 [\#1231](https://github.com/uclouvain/openjpeg/issues/1231)
		- Heap buffer overflow in libopenjp2 [\#1228](https://github.com/uclouvain/openjpeg/issues/1228)
		- Endianness of binary volume \(JP3D\) [\#1224](https://github.com/uclouvain/openjpeg/issues/1224)
		- New release to resolve CVE-2019-12973 [\#1222](https://github.com/uclouvain/openjpeg/issues/1222)
		- how to set the block size,like 128,256 ? [\#1216](https://github.com/uclouvain/openjpeg/issues/1216)
		- compress YUV files to motion jpeg2000 standard [\#1213](https://github.com/uclouvain/openjpeg/issues/1213)
		- Repair/update Java wrapper, and include in release [\#1208](https://github.com/uclouvain/openjpeg/issues/1208)
		- abc [\#1206](https://github.com/uclouvain/openjpeg/issues/1206)
		- Slow decoding [\#1202](https://github.com/uclouvain/openjpeg/issues/1202)
		- Installation question [\#1201](https://github.com/uclouvain/openjpeg/issues/1201)
		- Typo in test\_decode\_area - \*ptilew is assigned instead of \*ptileh [\#1195](https://github.com/uclouvain/openjpeg/issues/1195)
		- Creating a J2K file with one POC is broken [\#1191](https://github.com/uclouvain/openjpeg/issues/1191)
		- Make fails on Arch Linux [\#1174](https://github.com/uclouvain/openjpeg/issues/1174)
		- Heap buffer overflow in opj\_t1\_clbl\_decode\_processor\(\) triggered with Ghostscript [\#1158](https://github.com/uclouvain/openjpeg/issues/1158)
		- opj\_stream\_get\_number\_byte\_left: Assertion `p\_stream-\>m\_byte\_offset \>= 0' failed. [\#1151](https://github.com/uclouvain/openjpeg/issues/1151)
		- The fuzzer ignores too many inputs [\#1079](https://github.com/uclouvain/openjpeg/issues/1079)
		- out of bounds read [\#1068](https://github.com/uclouvain/openjpeg/issues/1068)
	**Merged pull requests:**
		- Change defined WIN32 [\#1310](https://github.com/uclouvain/openjpeg/pull/1310) ([Jamaika1](https://github.com/Jamaika1))
		- docs: fix simple typo, producted -\> produced [\#1308](https://github.com/uclouvain/openjpeg/pull/1308) ([timgates42](https://github.com/timgates42))
		- Set ${OPENJPEG\_INSTALL\_DOC\_DIR} to DESTINATION of HTMLs [\#1307](https://github.com/uclouvain/openjpeg/pull/1307) ([lemniscati](https://github.com/lemniscati))
		- Use INC\_DIR for OPENJPEG\_INCLUDE\_DIRS \(fixes uclouvain\#1174\) [\#1306](https://github.com/uclouvain/openjpeg/pull/1306) ([matthew-sharp](https://github.com/matthew-sharp))
		- pi.c: avoid out of bounds access with POC \(fixes \#1302\) [\#1304](https://github.com/uclouvain/openjpeg/pull/1304) ([rouault](https://github.com/rouault))
		- Encoder: grow again buffer size [\#1303](https://github.com/uclouvain/openjpeg/pull/1303) ([zodf0055980](https://github.com/zodf0055980))
		- opj\_j2k\_write\_sod\(\): avoid potential heap buffer overflow \(fixes \#1299\) \(probably master only\) [\#1301](https://github.com/uclouvain/openjpeg/pull/1301) ([rouault](https://github.com/rouault))
		- pi.c: avoid out of bounds access with POC \(refs https://github.com/uclouvain/openjpeg/issues/1293\#issuecomment-737122836\) [\#1300](https://github.com/uclouvain/openjpeg/pull/1300) ([rouault](https://github.com/rouault))
		- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1297, but likely not the proper fix [\#1298](https://github.com/uclouvain/openjpeg/pull/1298) ([rouault](https://github.com/rouault))
		- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1294, but likely not the proper fix [\#1296](https://github.com/uclouvain/openjpeg/pull/1296) ([rouault](https://github.com/rouault))
		- opj\_j2k\_setup\_encoder\(\): validate POC compno0 and compno1 \(fixes \#1293\) [\#1295](https://github.com/uclouvain/openjpeg/pull/1295) ([rouault](https://github.com/rouault))
		- Encoder: avoid global buffer overflow on irreversible conversion when… [\#1292](https://github.com/uclouvain/openjpeg/pull/1292) ([rouault](https://github.com/rouault))
		- Decoding: deal with some SPOT6 images that have tiles with a single tile-part with TPsot == 0 and TNsot == 0, and with missing EOC [\#1291](https://github.com/uclouvain/openjpeg/pull/1291) ([rouault](https://github.com/rouault))
		- Free p\_tcd\_marker\_info to avoid memory leak [\#1288](https://github.com/uclouvain/openjpeg/pull/1288) ([zodf0055980](https://github.com/zodf0055980))
		- Encoder: grow again buffer size [\#1287](https://github.com/uclouvain/openjpeg/pull/1287) ([zodf0055980](https://github.com/zodf0055980))
		- Encoder: avoid uint32 overflow when allocating memory for codestream buffer \(fixes \#1243\) [\#1276](https://github.com/uclouvain/openjpeg/pull/1276) ([rouault](https://github.com/rouault))
		- Java compatibility from 1.5 to 1.6 [\#1263](https://github.com/uclouvain/openjpeg/pull/1263) ([jiapei100](https://github.com/jiapei100))
		- opj\_decompress: fix double-free on input directory with mix of valid and invalid images [\#1262](https://github.com/uclouvain/openjpeg/pull/1262) ([rouault](https://github.com/rouault))
		- openjp2: Plug image leak when failing to allocate codestream index. [\#1260](https://github.com/uclouvain/openjpeg/pull/1260) ([sebras](https://github.com/sebras))
		- openjp2: Plug memory leak when setting data as TLS fails. [\#1258](https://github.com/uclouvain/openjpeg/pull/1258) ([sebras](https://github.com/sebras))
		- openjp2: Error out if failing to create Tier 1 handle. [\#1256](https://github.com/uclouvain/openjpeg/pull/1256) ([sebras](https://github.com/sebras))
		- Testing for invalid values of width, height, numcomps [\#1254](https://github.com/uclouvain/openjpeg/pull/1254) ([szukw000](https://github.com/szukw000))
		- Single-threaded performance improvements in forward DWT for 5-3 and 9-7 \(and other improvements\) [\#1253](https://github.com/uclouvain/openjpeg/pull/1253) ([rouault](https://github.com/rouault))
		- Add support for multithreading in encoder [\#1248](https://github.com/uclouvain/openjpeg/pull/1248) ([rouault](https://github.com/rouault))
		- Add support for generation of PLT markers in encoder [\#1246](https://github.com/uclouvain/openjpeg/pull/1246) ([rouault](https://github.com/rouault))
		- Fix warnings about signed/unsigned casts in pi.c [\#1244](https://github.com/uclouvain/openjpeg/pull/1244) ([rouault](https://github.com/rouault))
		- opj\_decompress: add sanity checks to avoid segfault in case of decoding error [\#1240](https://github.com/uclouvain/openjpeg/pull/1240) ([rouault](https://github.com/rouault))
		- ignore wrong icc [\#1236](https://github.com/uclouvain/openjpeg/pull/1236) ([szukw000](https://github.com/szukw000))
		- Implement writing of IMF profiles [\#1235](https://github.com/uclouvain/openjpeg/pull/1235) ([rouault](https://github.com/rouault))
		- tests: add alternate checksums for libtiff 4.1 [\#1234](https://github.com/uclouvain/openjpeg/pull/1234) ([rouault](https://github.com/rouault))
		- opj\_tcd\_init\_tile\(\): avoid integer overflow [\#1232](https://github.com/uclouvain/openjpeg/pull/1232) ([rouault](https://github.com/rouault))
		- tests/fuzzers: link fuzz binaries using $LIB\_FUZZING\_ENGINE. [\#1230](https://github.com/uclouvain/openjpeg/pull/1230) ([Dor1s](https://github.com/Dor1s))
		- opj\_j2k\_update\_image\_dimensions\(\): reject images whose coordinates are beyond INT\_MAX \(fixes \#1228\) [\#1229](https://github.com/uclouvain/openjpeg/pull/1229) ([rouault](https://github.com/rouault))
		- Fix resource leaks [\#1226](https://github.com/uclouvain/openjpeg/pull/1226) ([dodys](https://github.com/dodys))
		- abi-check.sh: fix false postive ABI error, and display output error log [\#1218](https://github.com/uclouvain/openjpeg/pull/1218) ([rouault](https://github.com/rouault))
		- pi.c: avoid integer overflow, resulting in later invalid access to memory in opj\_t2\_decode\_packets\(\) [\#1217](https://github.com/uclouvain/openjpeg/pull/1217) ([rouault](https://github.com/rouault))
		- Add check to validate SGcod/SPcoc/SPcod parameter values. [\#1211](https://github.com/uclouvain/openjpeg/pull/1211) ([sebras](https://github.com/sebras))
		- Fix buffer overflow reading an image file less than four characters [\#1196](https://github.com/uclouvain/openjpeg/pull/1196) ([robert-ancell](https://github.com/robert-ancell))
		- compression: emit POC marker when only one single POC is requested \(f… [\#1192](https://github.com/uclouvain/openjpeg/pull/1192) ([rouault](https://github.com/rouault))
		- Fix several potential vulnerabilities  [\#1185](https://github.com/uclouvain/openjpeg/pull/1185) ([Young-X](https://github.com/Young-X))
		- openjp2/j2k: Report error if all wanted components are not decoded. [\#1164](https://github.com/uclouvain/openjpeg/pull/1164) ([sebras](https://github.com/sebras))

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:01:37 +00:00
Peter Müller
0a1d567ce8 Core Update 168: Ship openldap 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 19:01:10 +00:00
Adolf Belka
c4f3bb4b08 openldap: Update to version 2.6.1 
- Update from version 2.4.49 to 2.6.1
- Update of rootfile
- Update of consolidated patch to 2.6.1
- Removal of old patches
- Changelog
   OpenLDAP 2.6.1 Release (2022/01/20)
	Fixed libldap to init client socket port (ITS#9743)
	Fixed libldap with referrals (ITS#9781)
	Added slapd config keyword for logfile format (ITS#9745)
	Fixed slapd to allow objectClass edits with no net change (ITS#9772)
	Fixed slapd configtable population (ITS#9576)
	Fixed slapd to only set loglevel in server mode (ITS#9715)
	Fixed slapd logfile-rotate use of uninitialized variable (ITS#9730)
	Fixed slapd passwd scheme handling with slapd.conf (ITS#9750)
	Fixed slapd postread support for modrdn (ITS#7080)
	Fixed slapd syncrepl recreation of deleted entries (ITS#9282)
	Fixed slapd syncrepl replication with ODSEE (ITS#9707)
	Fixed slapd syncrepl to properly replicate glue entries (ITS#9647)
	Fixed slapd syncrepl to reject REFRESH for precise resync (ITS#9742)
	Fixed slapd syncrepl to avoid busy loop during refresh (ITS#9584)
	Fixed slapd syncrepl when X-ORDERED is specified (ITS#9761)
	Fixed slapd syncrepl to better handle out of order delete ops (ITS#9751)
	Fixed slapd syncrepl to correctly close connections when config is deleted (ITS#9776)
	Fixed slapd-mdb to update indices correctly on replace ops (ITS#9753)
	Fixed slapd-wt to set correct flags (ITS#9760)
	Fixed slapo-accesslog to fix assertion due to deprecated code (ITS#9738)
	Fixed slapo-accesslog to fix inconsistently normalized minCSN (ITS#9752)
	Fixed slapo-accesslog delete handling of multi-valued config attrs (ITS#9493)
	Fixed slapo-autogroup to maintain values in insertion order (ITS#9766)
	Fixed slapo-constraint to maintain values in insertion order (ITS#9770)
	Fixed slapo-dyngroup to maintain values in insertion order (ITS#9762)
	Fixed slapo-dynlist compare operation for static groups (ITS#9747)
	Fixed slapo-dynlist static group filter with multiple members (ITS#9779)
	Fixed slapo-ppolicy when not built modularly (ITS#9733)
	Fixed slapo-refint to maintain values in insertion order (ITS#9763)
	Fixed slapo-retcode to honor requested insert position (ITS#9759)
	Fixed slapo-sock cn=config support (ITS#9758)
	Fixed slapo-syncprov memory leak (ITS#8039)
	Fixed slapo-syncprov to generate a more accurate accesslog query (ITS#9756)
	Fixed slapo-syncprov to allow empty DB to host persistent syncrepl connections (ITS#9691)
	Fixed slapo-syncprov to consider all deletes for sycnInfo messages (ITS#5972)
	Fixed slapo-translucent to warn on invalid config (ITS#9768)
	Fixed slapo-unique to warn on invalid config (ITS#9767)
	Fixed slapo-valsort to maintain values in insertion order (ITS#9764)
	Build Environment
		Fix test022 to preserve DELAY search output (ITS#9718)
		Fix slapd-watcher to allow startup when servers are down (ITS#9727)
	Contrib
		Fixed slapo-lastbind to work with 2.6 lastbind-precision configuration (ITS#9725)
	Documentation
		Fixed slapd.conf(5)/slapd-config(5) documentation on lastbind-precision (ITS#9728)
		Fixed slapo-accesslog(5) to clarify logoldattr usage (ITS#9749)
   OpenLDAP 2.6.0 Release (2021/10/25)
	Initial release for "general use".
   OpenLDAP 2.5.7 Release (2021/08/18)
	Fixed lloadd client state tracking (ITS#9624)
	Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611)
	Fixed slapd-ldif duplicate controls response (ITS#9497)
	Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621)
	Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958)
	Fixed slapd-mdb idlexp maximum size handling (ITS#9637)
	Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628)
	Fixed slapd-sql to add support for ppolicy attributes (ITS#9629)
	Fixed slapd-sql to close transactions after bind and search (ITS#9630)
	Fixed slapo-accesslog to make reqMod optional (ITS#9569)
	Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625)
	Documentation
		slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637)
		slapo-accesslog(5) note that reqMod is optional (ITS#9569)
		Add ldapvc(1) man page (ITS#9549)
		Add guide section on load balancer (ITS#9443)
		Updated guide to document multiprovider as replacement for mirrormode (ITS#9200)
		Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200)
		Updated guide to document removal of deprecated options from client tools (ITS#9200)
   OpenLDAP 2.5.6 Release (2021/07/27)
	Fixed libldap buffer overflow (ITS#9578)
	Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590)
	Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747)
	Fixed slapd multiple config defaults (ITS#9363)
	Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603)
	Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608)
	Build
		Fixed library symbol versioning on Solaris (ITS#9591)
		Fixed compile warning in libldap/tpool.c (ITS#9601)
		Fixed compile warning in libldap/tls_o.c (ITS#9602)
	Contrib
		Fixed ppm module for sysconfdir (ITS#7832)
	Documentation
		Updated guide to document multival, idlexp, and maxentrysize (ITS#9613, ITS#9614)
   OpenLDAP 2.5.5 Release (2021/06/03)
	Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502)
	Added lloadd tcp-user-timeout support (ITS#9502)
	Added slapd-asyncmeta tcp-user-timeout support (ITS#9502)
	Added slapd-ldap tcp-user-timeout support (ITS#9502)
	Added slapd-meta tcp-user-timeout support (ITS#9502)
	Fixed incorrect control OIDs for AuthZ Identity (ITS#9542)
	Fixed libldap typo in util-int.c (ITS#9541)
	Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
	Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, ITS#9546)
	Fixed lloadd multiple issues (ITS#8747)
	Fixed slapd slap_op_time to avoid duplicates across restarts (ITS#9537)
	Fixed slapd typo in daemon.c (ITS#9541)
	Fixed slapd slapi compilation (ITS#9544)
	Fixed slapd to handle empty DN in extended filters (ITS#9551)
	Fixed slapd syncrepl searches with empty base (ITS#6467)
	Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534)
	Fixed slapd abort due to typo (ITS#9561)
	Fixed slapd-asyncmeta quarantine handling (ITS#8721)
	Fixed slapd-asyncmeta to have a default operations timeout (ITS#9555)
	Fixed slapd-ldap quarantine handling (ITS#8721)
	Fixed slapd-mdb deletion of context entry (ITS#9531)
	Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
	Fixed slapd-meta quarantine handling (ITS#8721)
	Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552)
	Fixed slapo-pcache locking during expiration (ITS#9529)
	Build
		Fixed slappw-argon2 module installation (ITS#9548)
	Contrib
		Update ldapc++/ldaptcl to use configure.ac (ITS#9554)
	Documentation
		ldap_first_attribute(3) - Document ldap_get_attribute_ber (ITS#8820)
        ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
   OpenLDAP 2.5.4 Release (2021/04/29)
	Initial release for "general use".
   OpenLDAP 2.4.57 Release (2021/01/18)
	Fixed ldapexop to use correct return code (ITS#9417)
	Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
	Fixed slapd to remove assert in csnValidate (ITS#9410)
	Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
	Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
	Fixed slapd AVA sort with invalid RDN (ITS#9412)
	Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
	Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
	Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
	Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
	Fixed slapd modrdn memory leak (ITS#9420)
	Fixed slapd double-free in vrfilter (ITS#9408)
	Fixed slapd cancel operation to correctly terminate (ITS#9428)
	Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
	Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
   OpenLDAP 2.4.56 Release (2020/11/10)
	Fixed slapd to remove assert in certificateListValidate (ITS#9383)
	Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
	Fixed slapd to better parse ldapi listener URIs (ITS#9379)
   OpenLDAP 2.4.55 Release (2020/10/26)
	Fixed slapd normalization handling with modrdn (ITS#9370)
	Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
	Contrib
		Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
   OpenLDAP 2.4.54 Release (2020/10/12)
	Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
	Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
	Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
	Fixed slapd syncrepl to be fully serialized (ITS#8102)
	Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
	Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
	Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
	Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
	Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
	Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
	Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
	Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
	Fixed slapo-syncprov sessionlog to use a TAVL tree (ITS#8486)
   OpenLDAP 2.4.53 Release (2020/09/07)
	Added slapd syncrepl additional SYNC logging (ITS#9043)
	Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
	Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
	Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
	Build
		Require OpenSSL 1.0.2 or later (ITS#9323)
		Fixed libldap compilation issue with broken C compilers (ITS#9332)
   OpenLDAP 2.4.52 Release (2020/08/28)
	Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
	Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
	Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
	Fixed librewrite malloc/free corruption (ITS#9249)
	Fixed libldap hang when using UDP and server down (ITS#9328)
	Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
	Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
	Fixed slapd-mdb index error with collapsed range (ITS#9135)
   OpenLDAP 2.4.51 Release (2020/08/11)
	Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
	Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
	Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
	Fixed slapd to enforce singular existence of some overlays (ITS#9309)
	Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
	Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
	Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
	Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
	Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
	Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
	Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
	Fixed slapo-chain to check referral (ITS#9262)
	Build Environment
		Fix test064 so it no longer uses bashisms (ITS#9263)
	Contrib
		Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
		slapo-allowed - Fix usage of unitialized variable (ITS#9308)
	Documentation
		ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
   OpenLDAP 2.4.50 Release (2020/04/28)
	Fixed client benign typos (ITS#8890)
	Fixed libldap type cast (ITS#9175)
	Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
	Fixed libldap_r race on Windows mutex initialization (ITS#9181)
	Fixed liblunicode memory leak (ITS#9198)
	Fixed slapd benign typos (ITS#8890)
	Fixed slapd to limit depth of nested filters (ITS#9202)
	Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
	Fixed slapo-pcache database initialization (ITS#9182)
	Fixed slapo-ppolicy callback (ITS#9171)
	Build
		Fix olcDatabaseDummy initialization for windows (ITS#7074)
		Fix detection for ws2tcpip.h for windows (ITS#8383)
		Fix back-mdb types for windows (ITS#7878)
	Contrib
		Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
		Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
	Documentation
		slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
		slapd-meta(5) - Remove client-pr option (ITS#8683)
		slapindex(8) - Fix truncate option information for back-mdb (ITS#9230)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:59:39 +00:00
Peter Müller
174778b202 Core Update 168: Ship sqlite 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:59:21 +00:00
Adolf Belka
8596273dca sqlite: Update to version 3380300 
- Update from version 3380000 to 3380300
- Update of rootfile not required
- Changelog
	3.38.3 (2022-04-27):
	    Fix a case of the query planner be overly aggressive with optimizing
             automatic-index and Bloom-filter construction, using inappropriate ON clause
             terms to restrict the size of the automatic-index or Bloom filter, and
             resulting in missing rows in the output. Forum thread 0d3200f4f3bcd3a3.
	    Other minor patches. See the timeline for details.
	3.38.2 (2022-03-26):
	    Fix a user-discovered problem with the new Bloom filter optimization that
             might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause
             constraint that says that one of the columns on the right table of the LEFT
             JOIN is NULL. See forum thread 031e262a89b6a9d2.
	    Other minor patches. See the timeline for details.
	3.38.1 (2022-03-12):
	    Fix problems with the new Bloom filter optimization that might cause some
             obscure queries to get an incorrect answer.
	    Fix the localtime modifier of the date and time functions so that it
             preserves fractional seconds.
	    Fix the sqlite_offset SQL function so that it works correctly even in corner
             cases such as when the argument is a virtual column or the column of a view.
	    Fix row value IN operator constraints on virtual tables so that they work
             correctly even if the virtual table implementation relies on bytecode to
             filter rows that do not satisfy the constraint.
	    Other minor fixes to assert() statements, test cases, and documentation. See
             the source code timeline for details.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:59:13 +00:00
Peter Müller
94e680c36d Core Update 168: Ship mpfr 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:58:43 +00:00
Adolf Belka
ca0458ce15 mpfr: Update to version 4.1.0 plus patches 1 to 13 
- Update from version 4.1.0 to 4.1.0 plus patches 1 to 13
- Version 4.1.0 was released on 10-07-2020. However patches have been progressively
   issued to fix various bugs that have been identified.
- Currently 13 patches have been issued and mpfr provide a cumulative patches file to
   use to patch the source file.
- Update of rootfile
- Patch changelog
   1 With GCC (the only tested compiler with software _Decimal128), conversions of
     double to _Decimal128 yield an increase of 2 to 3 MB for the generated library
     code when the decimal encoding is BID (designed for software implementations),
     even though the conversions done in MPFR are very simple. Details about this GCC
     issue. The decimal128-conv patch avoids these conversions by directly using
     _Decimal128 constants. Note that fixing the issue entirely would require to get
     rid of all the decimal128 operations; in the mean time, decimal support (i.e.
     mpfr_get_decimal128 and mpfr_set_decimal128 functions) could be disabled at
     configure time.
     Corresponding changeset in the 4.1 branch: 14094.
   2 The random_deviate.c file contains non-portable code. This is fixed by the
     random_deviate patch.
     Corresponding changeset in the 4.1 branch: 14126.
   3 In the mpfr_set_z_2exp function, a huge mpz_t value can yield an integer overflow.
     This is fixed by the set_z_2exp-overflow patch (with testcases). Note that in
     practice, an integer overflow may occur only with a 32-bit ABI. Moreover, with a
     usual compilation, an integer overflow should here not yield any particular issue,
     assuming that the processor does signed addition and multiplication modulo 2^32 (as
     usual). However, UBsan would detect the overflow, and LTO might have unpredictable
     effects.
     Corresponding changesets in the 4.1 branch: 14147, 14151.
   4 Some function prototypes are slightly inconsistent. This is valid C code, but
     these inconsistencies are unintended and possibly confusing, and they trigger
     diagnostics with the -Warray-parameter option of the future GCC 11 (included in
     -Wall). This causes issues when testing MPFR. And since mpfr.h is concerned, this
     might also affect user code. This is fixed by the prototypes patch.
     Corresponding changeset in the 4.1 branch: 14411.
   5 In uncommon cases, the mpfr_digamma function needs to use an intermediate
     precision equal to the exponent of the input value, which may be huge. This is
     inefficient, and the code can request more memory than available, yielding a crash.
     The digamma-hugemem patch improves the implementation by making such a need much
     rarer; it also provides testcases showing a crash on 64-bit machines (at least).
     Corresponding changeset in the 4.1 branch: 14424.
   6 The mpfr_digamma function may have an erratic behavior in some cases (an assertion
     failure in debug mode). This is fixed by the digamma-interm-zero patch (with
     testcase).
     Corresponding changeset in the 4.1 branch: 14425.
   7 The Bessel functions (mpfr_j0, mpfr_j1, mpfr_jn, mpfr_y0, mpfr_y1, mpfr_yn) may
     have an erratic behavior in some cases (an assertion failure in debug mode). This
     is fixed by the jn-interm-zero patch (with testcase).
     Corresponding changeset in the 4.1 branch: 14426.
   8 The mpfr_digamma function may have an erratic behavior in some cases (an assertion
     failure in debug mode) when the reflection formula is used, i.e. when x < 1/2.
     This is fixed by the digamma-interm-zero2 patch (with testcase).
     Corresponding changeset in the 4.1 branch: 14435.
   9 The Bessel functions (mpfr_j0, mpfr_j1, mpfr_jn, mpfr_y0, mpfr_y1, mpfr_yn) may
     have an erratic behavior in some cases (an assertion failure in debug mode) when
     the asymptotic expansion is needed. This is fixed by the jyn_asympt-interm-zero
     patch (with testcase).
     Corresponding changeset in the 4.1 branch: 14436.
  10 Some functions are also implemented as macros, and such a macro should behave
     exactly like the corresponding function (if the code is valid for the function
     call). However, the following macros do not behave as if their argument were
     implicitly converted to the type from the function prototype: mpfr_nan_p,
     mpfr_inf_p, mpfr_zero_p, mpfr_regular_p, mpfr_get_prec, mpfr_get_exp,
     mpfr_copysign (third argument), mpfr_signbit and mpfr_set (second argument). For
     instance, providing an argument of type void * instead of mpfr_ptr or mpfr_srcptr
     will yield a compilation failure. Note that this issue does not exist in C++,
     which does not support such implicit conversions. Moreover, the mpfr_set macro
     evaluates its second argument twice (reported by David McCooey), which is
     incorrect if this evaluation has side effects. This is fixed by the macros patch
     (with testcases). Macros for the custom interface, which are explicitly documented
     as provided, do not follow these rules; the patch clarifies this point in the MPFR
     manual.
     Corresponding changesets in the 4.1 branch: 14468, 14469.
  11 The test programs tset_si and tset_sj fail if MPFR_USE_NO_MACRO is defined (e.g.,
     via -DMPFR_USE_NO_MACRO in CFLAGS). This is fixed by the tset_sij patch.
     Corresponding changeset in the 4.1 branch: 14470.
  12 The mpfr_get_str_ndigits function may raise the inexact flag. In a very reduced
     exponent range (e.g. in which the result would not be representable as a MPFR
     number), it has undefined behavior: it may return an incorrect value, crash, or
     loop, taking more and more memory. This is fixed by the get_str_ndigits patch,
     which also updates the tests to check these issues.
     Corresponding changeset in the 4.1 branch: 14490.
  13 The code for the formatted output functions (mpfr_printf, etc.) contains an
     incorrect assertion, checked only in debug mode, i.e. when MPFR has been
     configured with --enable-assert; this assertion failure occurs when the integer 0
     (of either a native type or mpfr_prec_t with the length specifier P) is output
     with the precision field equal to 0, i.e. when the corresponding string to output
     is empty. Otherwise, there should be no side effects since the code is actually
     valid in this case; but since the code incorrectly instructs the compiler that
     some variable cannot be 0, there might be an issue with some optimizations (very
     unlikely, though). This bug is fixed by the vasprintf-prec-zero patch, which also
     provides testcases.
     Corresponding changesets in the 4.1 branch: 14524, 14525.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:58:29 +00:00
Adolf Belka
4b113aa68e mtr: Update to version 0.95 
- Update from version 0.94 to 0.95
- Update of rootfile not required
- Changelog
V0.95
   Aaron Lipinski (27):
         move net_send_batch call to its caller
         addr -> hostent for consistency
         re-init source too
         additional call from net_reopen
         refactor - group local, remote inits
         reset ctl address family at net_reopen
         accept only value used in structure
         tell dns process if we want 4 or 6
         resolve ipv6 only if we have ipv6
         remove wrapper only function
         init structures correctly wired up
         prepare host with h_addr_list
         remove temporaries
         extract convert_addrinfo_to_hostent function
         move conversion call to caller
         use addrinfo
         remove conversion function
         switch gui to addrinfo
         export DEFAULT_AF
         reset addr family before searching again
         freeaddrinfo
         export get_hostent_from_name
         make Hostname as const
         rename function
         dont show json option if not available
   Egor Panov (1):
         Updated Readme
   R.E. Wolff (2):
         Slight cleanup, but no fix for code that came up in a bugreport.
         increased max length suggested by YVS2014
   Roger Wolff (12):
   Rogier Wolff (2):
         Code formatting for Zenithal pull
         added clarification to readme suggested by Zenithal
   Sergei Trofimovich (1):
         ui/curses: always use "%s"-style format for printf()-style functions
   Vincent Bernat (3):
         ui: don't cast to void* when calling display_rawhost()
         net: fix MPLS display for curses and report
         report: fix display of MPLS labels when using --report
   Zenithal (1):
         Add display of destination with resolved addr under curses mode
   a1346054 (5):
         fix wrong bash completion flag
         fix shellcheck warnings
         unify codestyle
         fix spelling
         trim trailing whitespace
   gaamox@tutanota.com (1):
         Report secondary servers when CSV + wide report is enabled

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:58:17 +00:00
Adolf Belka
9ee219315c multipath-tools: Update to version 0.8.9 
- Update from commit 386d288, bumped to version 0.7.7 (May 2018) to
   version 0.8.9 (Feb 2022)
- Update of rootfile
- Changelog
   No changelog file in the source tarball or on website. Changelog is the commit tree
   see https://github.com/opensvc/multipath-tools/commits/master for more details

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:56:58 +00:00
Peter Müller
b4294a6a09 Core Update 168: Ship nano 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:56:38 +00:00
Adolf Belka
4b502cf0c2 nano: Update to version 6.3 
- Update from version 6.2 to 6.3
- Update of rootfile not required
- Changelog
   Changes between v6.2 and v6.3:
    Benno Schulenberg (41):
      build: add the --disable-maintainer-mode option to ./configure
      build: fix compilation for --enable-{tiny,nanorc,color}
      build: fix compilation when configured with --disable-color
      build: remove an obsolete check -- the dependent code was deleted
      bump version numbers and add a news item for the 6.3 release
      display: suppress spotlight yellow and error red when NO_COLOR is set
      docs: add an example binding for copying text to the system clipboard
      execute: clear an anchor only when the whole buffer gets filtered
      execute: don't crash when an empty buffer is piped through a command
      execute: stay on the same line number when filtering the whole buffer
      feedback: show extra warning when writing failed due to "No space left"
      files: do not change to a higher directory when the working one is gone
      files: show a warning when the working directory is gone (when used)
      files: when the working directory exists, still check its accessibility
      filtering: close all output descriptors, so that 'xsel' will terminate
      formatting: change cursor position only after saving it in the undo item
      gnulib: pull in the workaround for a build problem on NetBSD
      gnulib: update to its current upstream state
      justify: stay at the same line number when doing a full justification
      painting: colorize text also after an unterminated start match
      painting: look for another start match only after the actual end match
      painting: recalculate the multidata when making large strides or changes
      painting: stop coloring an extremely long line after 2000 bytes
      painting: tighten the check for a lacking end match on a colored line
      syntax: xml: colorize /> properly, and colorize prolog tags differently
      syntax: xml: colorize user-defined entities differently
      tweaks: avoid a function call when two plain assignments will do
      tweaks: change the indentation of a list, to match other indentations
      tweaks: don't leave an orphaned temporary file behind when writing fails
      tweaks: elide an unneeded call of strlen()
      tweaks: exclude the extra truncation warning from the tiny version
      tweaks: make the triggering of the recalculation of multidata less eager
      tweaks: move the saving and restoring of flags to where it is needed
      tweaks: normalize the indentation after the previous change
      tweaks: prevent the adding of an unwanted newline in a different way
      tweaks: remove redundant braces, and add two translator hints
      tweaks: remove some stray spaces before a comma
      tweaks: simplify a bit of code, eliding two labels and three gotos
      tweaks: simplify a fragment of code, and fold two lines together
      tweaks: trim a few comments, rename a function, and reshuffle some code
      verbatim: with --zero, keep cursor in viewport when it was on bottom row
    Mike Frysinger (1):
      general: fix building for Windows

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:56:27 +00:00
Adolf Belka
ff76241b27 ncdu: Update to version 1.17 
- Update from version 1.16 to 1.17
- Update of rootfile not required
- Changelog
	1.17 - 2022-04-28 - ncdu-1.17.tar.gz
	    Add ‘dark-bg’ color scheme and use that by default
	    Use natural sort order when sorting by file name
	    Improve compatibility with C89 environments
	    Fix wrong assumption about errno not being set by realloc()

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:56:17 +00:00
Adolf Belka
843314ba98 parted: Update to version 3.5 
- Update from 3.4 to 3.5
- Update of rootfile
- Changelog
   * Noteworthy changes in release 3.5 (2022-04-18) [stable]
	** New Features
	  Update to latest gnulib for 3.5 release
   * Noteworthy changes in release 3.4.64.2 (2022-04-05) [alpha]
	** Bug Fixes
	  usage: remove the mention of "a particular partition"
   * Noteworthy changes in release 3.4.64 (2022-03-30) [alpha]
	** New Features
	  Add --fix to --script mode to automatically fix problems like the backup
	  GPT header not being at the end of a disk.
	  Add use of the swap partition flag to msdos disk labeled disks.
	  Allow the partition name to be an empty string when set in script mode.
	  Add --json command line switch to output the details of the disk as JSON.
	  Add support for the Linux home GUID using the linux-home flag.
	** Bug Fixes
	  Decrease disk sizes used in tests to make it easier to run the test suite
	  on systems with less memory. Largest filesystem is now 267MB (fat32). The
	  rest are only 10MB.
	  Add aarch64 and mips64 as valid machines for testing.
	  Escape colons and backslashes in the machine output. Device path,
	  model, and partition name could all include these. They are now
	  escaped with a backslash.
	  Use libdevmapper's retry remove option when the device is BUSY. This
	  prevents libdevmapper from printing confusin output when trying to
	  remove a busy partition.
	  Keep GUID specific attributes when writing the GPT header. Previously
	  they were set to 0.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 18:55:49 +00:00
Adolf Belka
9a39b090cc ncurses-compat: remove orphaned lfs file 
- ncurses-compat was removed from make.sh in Core Update 119 together with the rootfile
--ncurses-compat lfs file was left behind at that time

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-29 17:58:24 +00:00
Peter Müller
3d767c8aad borgbackup: Fix rootfile on 32-bit ARM 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-26 11:25:59 +00:00
Adolf Belka
b7a2d742b4 powertop: Update to version 2.14 
- Update from v2.10 to 2.14
- added ./autogen.sh to create configure file
- Update of rootfile
- Changelog
   No changelog provided anywhere. For details of changes see commits in the github
    repository - https://github.com/fenrus75/powertop/commits/master

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-25 18:40:49 +00:00
Peter Müller
3098182fa7 Samba: Update ARM rootfiles 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-25 18:40:17 +00:00
Peter Müller
aa2ab8c40b Run ./make.sh update-contributors 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 19:14:49 +00:00
Peter Müller
2b9af93313 Core Update 168: Ship wakeonlan.cgi 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 19:14:08 +00:00
Leo-Andres Hofmann
154dfcb7a2 wakeonlan.cgi: Fix meta refresh tag 
This fixes an HTML error that is briefly visible
on the "magic packet sent" page.

Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 19:13:51 +00:00
Peter Müller
52224df18d Core Update 168: Ship pcre2 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 19:13:37 +00:00
Adolf Belka
f86e23906e pcre2: Update to version 10.40 
- Update from 10.39 to 10.40
- Update of rootfile
- Changelog
   Version 10.40 15-April-2022
	1. Merged patch from @carenas (GitHub #35, 7db87842) to fix pcre2grep incorrect
	   handling of multiple passes.
	2. Merged patch from @carenas (GitHub #36, dae47509) to fix portability issue
	   in pcre2grep with buffered fseek(stdin).
	3. Merged patch from @carenas (GitHub #37, acc520924) to fix tests when -S is
	   not supported.
	4. Revert an unintended change in JIT repeat detection.
	5. Merged patch from @carenas (GitHub #52, b037bfa1) to fix build on GNU Hurd.
	6. Merged documentation and comments patches from @carenas (GitHub #47).
	7. Merged patch from @carenas (GitHub #49) to remove obsolete JFriedl test code
	   from pcre2grep.
	8. Merged patch from @carenas (GitHub #48) to fix CMake install issue #46.
	9. Merged patch from @carenas (GitHub #53) fixing NULL checks in matching and
	   substituting.
	10. Add null_subject and null_replacement modifiers to pcre2test.
	11. Add check for NULL subject to POSIX regexec() function.
	12. Add check for NULL replacement to pcre2_substitute().
	13. For the subject arguments of pcre2_match(), pcre2_dfa_match(), and
	    pcre2_substitute(), and the replacement argument of the latter, if the pointer
	    is NULL and the length is zero, treat as an empty string. Apparently a number
	    of applications treat NULL/0 in this way.
	14. Added support for Bidi_Class and a number of binary Unicode properties,
	    including Bidi_Control.
	15. Fix some minor issues raised by clang sanitize.
	16. Very minor code speed up for maximizing character property matches.
	17. A number of changes to script matching for \p and \P:
	    (a) Script extensions for a character are now coded as a bitmap instead of
	        a list of script numbers, which should be faster and does not need a
	        loop.
	    (b) Added the syntax \p{script:xxx} and \p{script_extensions:xxx} (synonyms
	        sc and scx).
	    (c) Changed \p{scriptname} from being the same as \p{sc:scriptname} to being
	        the same as \p{scx:scriptname} because this change happened in Perl at
	        release 5.26.
	    (d) The standard Unicode 4-letter abbreviations for script names are now
	        recognized.
	    (e) In accordance with Unicode and Perl's "loose matching" rules, spaces,
	        hyphens, and underscores are ignored in property names, which are then
	        matched independent of case.
	18. The Python scripts in the maint directory have been refactored. There are
	    now three scripts that generate pcre2_ucd.c, pcre2_ucp.h, and pcre2_ucptables.c
	    (which is #included by pcre2_tables.c). The data lists that used to be
	    duplicated are now held in a single common Python module.
	19. On CHERI, and thus Arm's Morello prototype, pointers are represented as
	    hardware capabilities, which consist of both an integer address and additional
	    metadata, meaning they are twice the size of the platform's size_t type, i.e.
	    16 bytes on a 64-bit system. The ovector member of heapframe happens to only be
	    8 byte aligned, and so computing frame_size ended up with a multiple of 8 but
	    not 16. Whilst the first frame was always suitably aligned, this then
	    misaligned the frame that follows, resulting in an alignment fault when storing
	    a pointer to Fecode at the start of match. Patch to fix this issue by Jessica
	    Clarke PR#72.
	20. Added -LP and -LS listing options to pcre2test.
	21. A user discovered that the library names in CMakeLists.txt for MSVC
	    debugger (PDB) files were incorrect - perhaps never tried for PCRE2?
	22. An item such as [Aa] is optimized into a caseless single character match.
	    When this was quantified (e.g. [Aa]{2}) and was also the last literal item in a
	    pattern, the optimizing "must be present for a match" character check was not
	    being flagged as caseless, causing some matches that should have succeeded to
	    fail.
	23. Fixed a unicode properrty matching issue in JIT. The character was not
	    fully read in caseless matching.
	24. Fixed an issue affecting recursions in JIT caused by duplicated data
	    transfers.
	25. Merged patch from @carenas (GitHub #96) which fixes some problems with
	    pcre2test and readline/readedit:
	      * Use the right header for libedit in FreeBSD with autoconf
	      * Really allow libedit with cmake
	      * Avoid using readline headers with libedit

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 19:13:10 +00:00
Peter Müller
854241e108 Core Update 168: Ship media.cgi 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 19:09:23 +00:00
Matthias Fischer
52f8118635 media.cgi: Added translation for 'inodes' 
For details see:
https://en.wikipedia.org/wiki/Inode

or

http://www.linfo.org/inode.html ;-)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
 2022-04-24 19:08:34 +00:00
Adolf Belka
d6fc413aea ipvsadm: Update to version 1.31 
- Update from 1.29 to 1.31
- Update of rootfile not required
- Changelog
	Version 1.31
		In ipvsadm(8) add using nft or an eBPF program to set a packet mark
		Add --pe sip option in ipvsadm(8) man page
		ipvsadm: allow tunneling with gre encapsulation
		Merge branch 'GUE-encap'
		ipvsadm: allow tunneling with gue encapsulation
		ipvsadm: convert options to unsigned long long
	Version 1.30
		Merge: ipvsadm: Document/add support for fo/ovf/mh schedulers
		Add support for mh scheduler
		Document support of ovf scheduler
		Document support of fo scheduler
		libipvs: fix some buffer sizes
		libipvs: discrepancy with libnl genlmsg_put
		ipvsadm: catch the original errno from netlink answer
	Version 1.29
		ipvsadm: new attributes for sync daemon
		ipvsadm: support 64-bit stats and rates

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-04-24 19:02:42 +00:00
Adolf Belka
b8ffb101f8 keepalived: Update to version 2.2.7 
- Update from 2.2.4 to 2.2.7
- Update of rootfile
- Changelog
   Release 2.2.7 brings lots of improvements and fix some minor issues reported. It add
    some new VRRP features as well. Stability has been even more extended.
	New
	    ipvs: Add support to twos scheduler.
	    vrrp: Add vrf option for unicast without specifying an interface.
	    vrrp: Add option unicast_fault_no_peer. Previously if unicast_src_ip (or any
                  other unicast option) was specified, but no unicast peers were
                  configured, then the VRRP instance would operate in multicast mode. A
                  user has identified that, due to automatic configuration generation,
                  they could have a configuration that should operate in unicast mode,
                  but that no unicast peers were configured. In this case, they did not
                  want the VRRP instance to revert to multicast mode. In order to
                  maintain backward compatibility, keepalived can’t simply change to not
                  allowing no unicast peers. Instead, this commit adds the configuration
                  option “unicast_fault_no_peer”, which if specified causes the VRRP
                  instance to go to fault state if no unicast peers are configured.
	    vrrp: Allow specification of multicast address to be used.
	    vrrp: Add vrf option to static and vrrp routes.
	    vrrp: Add option to resend vrrp states on fifos after reload. Since
                  keepalived restarts FIFOs scripts it is managing when a reload occurs,
                  it can be helpful to send the VRRP instance and group states after a
                  reload. This commit adds option fifo_write_vrrp_states_on_reload to do
                  that, and it means that what is written to the FIFOs with default
                  configuration does not change.
	    vrrp: Allow duplication of VRIDs on an interface with unicast peers. If two
                  VRRP instances are using unicast peers and there is no overlap of
                  unicast peers between the vrrp instances, then the vrrp instances can
                  use the same VRIDs.
	    global: Don’t assume running as user root.
	    systemd: Add keepalived-non-root.service systemd service file.
                     keepalived-non-root.service allows keepalived to be run as a non
                     root user, but with specific added capabilities to allow all the
                     functionality that keepalived needs.
	Improvements
	    vrrp: Stop receiving any data on garp and ndisc sockets. This is a send-only
                  channel.
	    vrrp: Open gratuitous ARP socket as an ARP socket rather than RARP. Now that
                  the receiving of packets on the garp socket has been stopped, we can
                  open the socket with the correct type of binding, and we won’t have a
                  queue of received messages build up.
	    vrrp: Extend cBPF filtering code to support standard definition.
	    vrrp: Optimise nftables configuration to limit some rules to macvlans. If we
                  are moving messages that have been generated on a macvlan, we nftables
                  rules can be optimised to restrict them to macvlan interfaces.
	    vrrp: Drop ICMPV6 Router Solicitation messages from vmac interfaces. When we
                  create a vmac interface, a short time afterwards the kernel sends a
                  router solicition message with the source MAC address of the vmac
                  interface. The problem is that this will upset snooping switches if
                  the VRRP instance is in backup state. Furthermore, we can’t simply
                  move the packet onto the underlying interface since the ICMPV6 payload
                  also contains the MAC address of the vmac interface. We can’t just
                  change the MAC address in the ICMPV6 message, since there is also a
                  checksum which would need to be recalculated. The only solution at the
                  moment is to drop the packet. This shouldn’t be a problem since the
                  underlying interface should have sent a Router solicitation message
                  when it came up.
	    vrrp: Add option to specify MAC address for VMACs.
	    vrrp: Don’t lose some configuration faults. The following errors were being
                  detected in vrrp_complete_instance() and the VRRP instance was then
                  supposed to be put into fault state since it couldn’t operate.
                  However, the need to go to fault state was subsequently being lost.
                  The configuration errors that were being lost were: (a) Configuring
                  use of a VMAC on a non Ethernet interface (b) Attempting to use
                  multicast on an interface that doesn’t support it (c) Using an ipvlan
                  without a source IP address (d) ipvlan address family not matching
                  VRRP isntance’s (e) VRID conflicts on an interface which could be
                  deleted an recreated on a different interface (f) An interface
                  specified for a VIP is the same as the VRRP instance’s VMAC or another
                  VRRP instance’s VMAC. This improvement ensures that the VRRP instance
                  will be put into, and remain in, fault state, since it cannot
                  successfully operate. As can be seen from the list of circumstances
                  above, they were very unlikely to occur, but were possible.
	    vrrp: Bind IPv6 socket to multicast address. Previously IPv6 sockets were
                  being bound to the ::1 address, since trying to bind to the multicast
                  address was failing. The reason for failing has now been discovered to
                  be that the scope_id needed to be set (i.e. the interface index),
                  since the multicast addresses that we use are link-local multicast
                  addresses. This improvement now sets the scope_id, so the socket can
                  successfully be bound to the multicast address.
	    vrrp: Set IPV6_MULTICAST_ALL on IPv6 sockets if available.
	    vrrp: Some SNMP extension and improvements: - Correct FastOpenNoCookie and
                  L3Mdev variable types - Don’t write multicast address to SNMP when
                  using unicast. - Don’t write unconfigured LVS sync daemon address to
                  SNMP. - Define and use SNMP_TruthValue. - Define and use
                  SNMP_InetAddressType. - Correct reporting accept mode for VRRPv3 SNMP.
	    vrrp: Misc DBus improvements (Opening, logging, data_dir, policy, …)
	    vrrp: Handle VMAC’s interface changing on reload properly.
	    vrrp: If accept traffic for VIPs changes on reload, update firewall.
	    vrrp: Stop going to backup if reload IPv6 and change vmac_xmit_base.
	    vrrp: Add add/prepend/append options to static and virtual routes. The
                  kernel by default prepends routes, whereas the ip (iproute2) utility
                  be default adds routes (adding a route does not allow duplicates
                  whereas appending or prepending does). keepalived previously has not
                  set the flags relating to this, and so has always prepended routes.
                  This means that duplicate routes could be created.
	    lib: Update Red Black tree code to Linux 5.15-rc4.
	    script: Extend sample_notify_fifo.sh.
	    doc: Misc documentation updates.
	    docker: Upate docker file.
	    init: Init handling extensions. Make parent process exit with meaningful
                  status on error. Ensure systemd is not notified of successful start if
                  failed. fix building without systemd notify suport.
	    bfd: handle unexpected closure of pipe to checker and vrrp processes. If the
                 parent process abnormally terminates and then the BFD process
                 terminates due to PDEATHSIG before the vrrp or checker processes
                 terminate, the vrrp and checker processes can get a read error on the
                 pipes used to communicate with the BFD process.
	    bfd: make BFD work when IPv6 disabled on system.
	Fixes
	    lib: Fix calculating CLOCK_REALTIME and CLOCK_MONOTONIC offsets.
	    lib: scheduler: Handle cancelling timer thread on ready queue. The timer
                 thread on the ready queue, if cancelled, was corrupting the read
                 list_head, since it assumed it was on a red black tree.
	    snap: Fix building snaps.
	    ipvs: Fix building with glibc prior to v2.19 (released 2014).
	    bfd: Handle interface down/address missing when keepalived starts. This
                 resolves a segfault, and also makes bfd retry once per minute to create
                 send socket if it cannot do so due to no address to bind to on an
                 interface.
	    vrrp: Fix unicast with interface in a VRF domain.
	    vrrp: Fix moving excess VIPs to eVIPs, by properly handling vip_cnt.
	    vrrp: Fix configured IPv6 multicast addresses with VMACs. Using different
                  multicast addresses with IPv6 on the same interface without using
                  VMACs is only supported if the kernel supports IPV6_MULTICAST_ALL
                 (from Linux v4.20).
	    vrrp: Fix checking for unicast with VMAC/ipvlan and no peers.
	    vrrp: Fix checking if have unicast ppers if unicast_ttl specified.
	    vrrp: Don’t segfault if duplicate VMAC name, but ignore second name.
	    vrrp: Don’t delete and recreate VMAC on reload if only VRID has changed.
                  There seems to be an issue deleting and then immediately recreating a
                  VMAC on the same interface. This commit therefore simply changes the
                  MAC address if the only change is the VRID.
	    vrrp: Fix nftables config if VMAC interface changed on reload.
	    vrrp: Don’t segfault if don’t have permission for ARP/NDISC socket.
	    vrrp: Fix IPv6 with vmac_xmit_base.
	    vrrp: fix disabling vmac-xmit-base with VRRPv3 IPv6 use_vmac.
	    vrrp: Fix specifying user/group for vrrp_scripts.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-04-24 19:02:37 +00:00
Peter Müller
28fdd8ede6 Core Update 168: Ship procps 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 19:01:13 +00:00
Adolf Belka
0469187ca0 procps: Update to version v4.0.0 
- Update from v3.3.16 to v4.0.0
- added --disable-static to ./configure to remove static libs from rootfile
- Update of rootfile
- Changed lib name. Ran ./make.sh find-dependencies. No dependencies on old libraries
- Changelog
    procps-ng-4.0.0
	  * Rename pwait to pidwait
	  * free: Add committed line option                        merge #25
	  * free: Fix -h --si combined options                     issue #133, #223
	  * free: Fix first column justification                   issue #229, #204, #206, Debian #1001689
	  * free: Better spacing for Chinese language              issue #213
	  * library: renamed to libproc-2 and reset to 0:0:0
	  * library: add support for accessing smaps_rollup        issue #112, #201
	  * library: add support for accessing autogroups
	  * library: add support for LIBPROC_HIDE_KERNEL env var   merge #147
	  * library: add support for cpu utilization to pids i/f
	  * pkill: Check for lt- variants of program name          issue #192
	  * pgrep: Add newline after regex error message           merge #91
	  * pgrep: Fix selection where uid/gid > 2^31              merge !146
	  * pgrep: Select on cgroup v2 paths                       issue #168
	  * ps: Add OOM and OOMADJ fields                          issue #198
	  * ps: Add IO Accounting fields                           issue #184
	  * ps: Add PSS and USS fields                             issue #112
	  * ps: Add two new autogroup fields
	  * ps: Ignore SIGURG                                      merge !142
	  * slabtop: Don't combine d and o options                 issue #160
	  * sysctl: Add support for systemd glob patterns          issue #191
	  * sysctl: Check resolved path to be under /proc/sys      issue #179
	  * sysctl: return non-zero if EINVAL return for write     merge #76
	  * sysctl.conf.5: Note max line length                    issue #77
	  * top: added LOGID similar to 3.3.13 ps LUID
	  * top: added EXE identical to 3.3.17 ps EXE
	  * top: exploit some library smaps_rollup provisions      issue #112
	  * top: added four new IO accounting fields               issue #184
	  * top: 'F' key is now a new forest view 'focus' toggle
	  * top: summary area memory lines can print two abreast
	  * top: added two new autogroup fields
	  * top: added long versions of command line options
	  * top: added cpu utilization & 2 time related fields
	  * top: the time related fields can now be user scaled
	  * uptime: print short/pretty format correctly            issue #217
	  * vmstat: add -y option to remove first line             merge !72
    procps-ng-3.3.17
	  * library: Incremented to 8:3:0
	    (no removals or additions, internal changes only)
	  * all: properly handle utf8 cmdline translations         issue #176
	  * kill: Pass int to signalled process                    merge #32
	  * pgrep: Pass int to signalled process                   merge #32
	  * pgrep: Check sanity of SG_ARG_MAX                      issue #152
	  * pgrep: Add older than selection                        merge #79
	  * pidof: Quiet mode                                      merge #83
	  * pidof: show worker threads                             Redhat #1803640
	  * ps.1: Mention stime alias                              issue #164
	  * ps: check also match on truncated 16 char comm names
	  * ps: Add exe output option                              Redhat #1399206
	  * pwait: New command waits for a process                 merge #97
	  * sysctl: Match systemd directory order                  Debian #950788
	  * sysctl: Document directory order                       Debian #951550
	  * top: ensure config file backward compatibility         Debian #951335
	  * top: add command line 'e' for symmetry with 'E'        issue #165
	  * top: add '4' toggle for two abreast cpu display        issue #172
	  * top: add '!' toggle for combining multiple cpus
	  * top: fix potential SEGV involving -p switch            merge #114
	  * vmstat: Wide mode gives wider proc columns             merge #48
	  * watch: Add environment variable for interval           merge #62
	  * watch: Add no linewrap option                          issue #182
	  * watch: Support more colors                             merge #106,#109
	  * free,uptime,slabtop: complain about extra ops          issue #181

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 18:59:49 +00:00
Peter Müller
3a5ba6cf97 Core Update 168: Ship pango 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 16:29:49 +00:00
Adolf Belka
0487d6a575 pango: Update to version 1.50.6 
- Update from 1.50.4 to 1.50.6
- Update of rootfile
- Changelog
    Overview of changes in 1.50.6, 19-03-2022
	- Drop hb-glib dependency
	- Fix test font configuration
	- Maintain order in pango_attr_list_change
	- Fix a use-after-free in pango_attr_list_change
    Overview of changes in 1.50.5, 03-03-2022
	* Fix compiler warnings
	* Enable cairo by default
	* pango-view: Show more baselines
	* layout: Handle baselines
	* Windows: build cleanups

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-04-24 16:29:35 +00:00
Peter Müller
b26c72d569 Core Update 168: Ship logwatch 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-04-24 16:08:12 +00:00