This reverts commit a9fb87809e.
This prevents the SSH configuration being parsed by the web user
interface.
Reported-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://www.knot-dns.cz/2021-06-16-version-307.html
Features:
knotd: new configuration policy option for CDS digest algorithm setting #738
keymgr: new command for primary SOA serial manipulation in on-secondary signing mode
Improvements:
knotd: improved algorithm rollover to shorten the last step of old RRSIG publication
Bugfixes:
knotd: zone is flushed upon server start, despite DNSSEC signing is up-to-date
knotd: wildcard nonexistence is proved on empty-non-terminal query
knotd: redundant wildcard proof for non-authoritative data in a reply
knotd: missing wildcard proofs in a wildcard-cname loop reply
knotd: incorrectly synthesized CNAME owner from a wildcard record #715
knotd: zone-in-journal changeset ignores journal-max-usage limit #736
knotd: incorrect processing of zone-in-journal changeset with SOA serial 0
knotd: broken initialization of processing workers if SO_REUSEPORT(_LB) not available
kjournalprint: reported journal usage is incorrect #736
keymgr: cannot parse algorithm name ed448 #739
keymgr: default key size not set properly
kdig: failed to process huge DoH responses
libknot/probe: some corner-case bugs
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Please refer to the .tar.gz's ReleaseNote file for the full changelog
since version 0.4.5.8; it is too large to include it here.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.28.8 to 1.28.9
- Update of rootfile not required
- Changelog
CHANGES IN V1.28.9
- libcupsfilters: Silenced compiler warnings
- libcupsfilters: Removed duplicate code in the
apply_filters() function.
- driverless: If there are no driverless IPP printers
available let "driverless" terminate with exit code 0 and
not 1, to follow CUPS' standard of backends in discovery
mode terminating with 0 if there are no appropriate printers
found (Issue #375).
- gstoraster, foomatic-rip: Fixed Ghostscript command line for
counting pages as it took too long on PDFs from evince when
printing DjVu files (Issue #354, Pull request #371, Ubuntu
bug #1920730).
- cups-browsed: Renamed ldap_connect() due to conflict in
new openldap (Issue #367, Pull request #370).
- pdftoraster: Free color data after processing of each page
(Pull request #363).
- cups-browsed: Always save "...-default" option entries
from printers.conf, regardless of presence or absense
of PPD file (Pull request #359).
- cups-browsed: Start after network-online.target (Pull
request #360).
- texttopdf: Set default margins when no PPD file is used
(Pull request #356).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Release announcement of this version as per
https://www.smartmontools.org/browser/tags/RELEASE_7_2/smartmontools/NEWS:
Date 2020-12-30
Summary: smartmontools release 7.2
-----------------------------------------------------------
- smartctl: New option '--json=y[c]' selects YAML output.
- smartctl '-i': Prints ATA TRIM and Zoned Device capabilities.
- smartctl '-j': Fixed 'scsi_grown_defect_list' value.
- smartctl '-a': Prints SCSI 'Accumulated power on time'.
- smartctl '-n POWERMODE': SCSI support.
- smartctl '-s standby,now' and '-s standby,off': SCSI support.
- smartctl '-c': NVMe 1.4 additions.
- smartd: Support for staggered self-tests.
- smartd: No longer writes attribute log if no attributes were read
due to standby mode or other error.
- smartd: Now resolves symlinks before device names are checked for
duplicates.
- smartd: Fixed SMARTD_DEVICETYPE environment variable if DEVICESCAN is
used without '-d TYPE'.
- ATA: Device type '-d jmb39x-q,N' for JMB39x protocol variant used by
some QNAP NAS devices.
- ATA: Device type '-d jms56x,N' for JMS562 USB to SATA RAID bridges.
- SCSI: Improved heuristics for log subpages of new and very old disks.
- NVMe: Log transfer size limited to avoid device or kernel crashes.
- NVMe/USB: Device type '-d sntrealtek' for Realtek RTL9210 USB to
NVMe bridges.
- update-smart-drivedb: New option '--branch X.Y'.
- HDD, SSD and USB additions to drive database.
- Dropped support for pre-C99 snprintf().
- configure: Dropped option '--without-working-snprintf'.
- configure: Fixed '-fstack-protector*' detection.
- Linux: Various fixes of smartd.service file.
- Darwin: NVMe log support.
- FreeBSD: Device scan does no longer include T_ENCLOSURE devices.
- NetBSD: Fixed timeout handling.
- NetBSD big endian: Fixed ATA register handling.
- OpenBSD: Fixed timeout handling.
- Windows: Dropped backward compatibility fixes for very old compilers.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.68.2 to 2.68.3
- Update rootfile
- Changelog
Overview of changes in GLib 2.68.3
* Bugs fixed:
- #2311 testfilemonitor test leaks ip_watched_file_t struct
- #2417 GFile: `g_file_replace_contents()` reports `G_IO_ERROR_WRONG_ETAG` when saving from a symlink
- !2133 Backport !2128 “inotify: Fix a memory leak” to glib-2-68
- !2137 Backport !2136 “tlscertificate: Avoid possible invalid read” to glib-2-68
- !2141 Backport !2138 “glocalfileoutputstream: Fix ETag check when replacing through a symlink” to glib-2-68
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.10.3 to 3.10.4
- Update of rootfile
- Changelog
* Building of unit tests is now optional.
* Fixed a test failure when running tests under XFS.
* Fixed memory leaks in examples.
* Minor documentation fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.20.3 to 3.20.4
- Update of rootfile not required.
- Changelog
Changes in 3.20.4 since 3.20.3:
Ben Boeckel (1):
ci: use consistent sccache builds
Brad King (8):
VS: Add special case for '-T version=14.29.16.10' under VS 16.10
VS: Add flag table entries for '/external:W*' flags in VS 16.10
gitlab-ci: Update Windows builds to MSVC 19.29-16.10 toolset
Makefiles: Fix CMAKE_EXPORT_COMPILE_COMMANDS crash with custom compile rule
presets: Fix buildPreset "jobs" field test case
IRSL: Add Intel oneAPI redist location on Windows
fileapi: Fix codemodel-v2 link command fragment relative paths
John Drouhard (1):
FindBoost: Add check for json component header in Boost 1.75+
Marc Chevrier (1):
Help: cmake_path: fix erroneous example for IS_PREFIX
Raul Tambre (2):
MSVC: C++20 final flag, C++23 support
Clang/MSVC: C++20 final flag, C++23 support
Sam Freed (2):
presets: Fix buildPreset "jobs"
presets: Fix buildPreset "targets" not allowing a single string
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.9.7 to 1.9.7p1
- Update of rootfile not required.
- Changelog
Major changes between sudo 1.9.7p1 and 1.9.7
* Fixed an SELinux sudoedit bug when the edited temporary file
could not be opened. The sesh helper would still be run even
when there are no temporary files available to install.
* Fixed a compilation problem on FreeBSD.
* The sudo_noexec.so file is now built as a module on all systems
other than macOS. This makes it possible to use other libtool
implementations such as slibtool. On macOS shared libraries and
modules are not interchangeable and the version of libtool shipped
with sudo must be used.
* Fixed a few bugs in the getgrouplist() emulation on Solaris when
reading from the local group file.
* Fixed a bug in sudo_logsrvd that prevented periodic relay server
connection retries from occurring in "store_first" mode.
* Disabled the nss_search()-based getgrouplist() emulation on HP-UX
due to a crash when the group source is set to "compat" in
/etc/nsswitch.conf. This is probably due to a mismatch between
include/compat/nss_dbdefs.h and what HP-UX uses internally. On
HP-UX we now just cycle through groups the slow way using
getgrent(). Bug #978.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.52 to 4.53
- Update of rootfile not required
- Changelog
4.53 2021-06-03
- fix typo in passing of max-age to CGI::Cookie (GH #247)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.7.2 to 3.7.3
- Update rootfile
- Changelog
2021-05-22 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bump package version, to 3.7.3.
(LIBNETTLE_MINOR): Bump minor number, to 8.4.
(LIBHOGWEED_MINOR): Bump minor number, to 6.4.
2021-05-17 Niels Möller <nisse@lysator.liu.se>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Check up-front that input is
in range.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* rsa-decrypt.c (rsa_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Add tests with input > n.
2021-05-14 Niels Möller <nisse@lysator.liu.se>
* rsa-sign-tr.c (rsa_sec_blind): Delete mn argument.
(_rsa_sec_compute_root_tr): Delete mn argument, instead require
that input size matches key size. Rearrange use of temporary
storage, to support in-place operation, x == m. Update all
callers.
* rsa-decrypt-tr.c (rsa_decrypt_tr): Make zero-padded copy of
input, for calling _rsa_sec_compute_root_tr.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Test calling all of
rsa_decrypt, rsa_decrypt_tr, and rsa_sec_decrypt with zero input.
2021-05-06 Niels Möller <nisse@lysator.liu.se>
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): Check that message
length is valid, for given key size.
* testsuite/rsa-sec-decrypt-test.c (test_main): Add test cases for
calls to rsa_sec_decrypt specifying a too large message length.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.4.20 to 4.4.22
- Update of rootfile not required
- Changelog
Version 4.4.22
* The crypt_checksalt() function has been fixed to correctly return
with 'CRYPT_SALT_INVALID', in case the setting, that is passed
to be checked, represents an empty passphrase or an uncomputed
setting for descrypt without any salt characters.
Version 4.4.21
* The crypt_checksalt() function will now return the value
'CRYPT_SALT_METHOD_LEGACY' in case the setting, that is passed
to be checked, uses a hashing method, which is considered to be
too weak for use with new passphrases.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.3.4 to 1.3.5
- Update rootfile
- Changelog
Version 1.3.5 (2020 June 3)
* Fix unsigned typedef problem on macOS.
* Fix overflow check in ogg_sync_buffer.
* Clean up cmake and autotools build files.
* Remove Symbian and Apple XCode build files.
* Fix documentation cross-reference links.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 20210419-3.1 to 20210522-3.1
- Update rootfile
- Changelog
2021-05-22 Jess Thrysoee
* version-info: 0:66:0
* all: sync with upstream source
* src/el.c: editrc not read on systems without issetugid
Patch by Trevor Cordes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 0.184 to 0.185
- Update rootfile
- Changelog
Version 0.185
debuginfod-client: Simplify curl handle reuse so downloads which
return an error are retried.
elfcompress: Always exit with code 0 when the operation succeeds (even
when nothing was done). On error the exit code is now always 1.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This reverts commit 86beff5f75.
This patch breaks reading statistics on systems running a 4.14 kernel.
It seems like it is not dependant on the kernel, though.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Core Update 158 specifically ships files that are new or have changed to
keep the size of the update down.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is necessary due to the increased size of the base OS which is
mostly driven by linux-firmware.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Please refer to https://github.com/nhorman/rng-tools/releases for a full
list of meaningful changes between 6.4 and 6.12. "--without-pkcs11" is
necessary to avoid additional dependencies, which do not make sense on
IPFire since there are no use-cases for it.
Rootfiles did not change, our patch to use RDRDAND on i586 as well is
still valid.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This also moves existing patches into their applications' directory
within ~/src/patches/, if already existant.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This patch represents the first batch of various patches we do not use
anymore, hence there is no sense in keeping them, polluting ~/src/patches/.
Two coreutils patches have been moved into the already existing
coreutils folder, while one libloc patch has been a duplicate to that
one already existing in ~/src/patches/libloc/.
Cleaning up this dump remains a non-exhaustive attempt, though. There
are several other patches I could not locate in LFS files in the first
place, which means that the amount of files we can drop from this
directory is likely to be greater than this patch currently covers.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.20(2009) to 2.33(2020)
- Update rootfile
- Changelog
2.33 -- Wed May 19 11:34:00 MT 2020
* Remove PAX Headers in tarball using GNU tar
2.32 -- Wed Mar 04 14:41:00 MT 2020
* Fix t/date.t to run on leap years [arc]
2.31 -- Thu Jan 16 14:00:00 MT 2020
* Fix year 2020 bug from t/getdate.t [Prajith]
* Fix warnings from t/date.t
* Fix pod issue in lib/Date/Parse.pm
* Fix for French language using English day suffixes in %o [mitchjacksontech]
* RT#84075: Fix Date::Parse::str2time century issue. [perlpilot]
* Adds Occitan language. [Quenty31]
* Migrate GitHub repo and bugtracker to atoomic/perl-TimeDate
2.30 -- Mon Feb 18 13:31:03 CST 2013
* Syncing distribution version number with Date::Parse, not functional changes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 10.36 to 10.37
- Update rootfile
- find-dependencies run to check impact of so lib bump
No issues found
- Changelog
Version 10.37 26-May-2021
1. Change RunGrepTest to use tr instead of sed when testing with binary
zero bytes, because sed varies a lot from system to system and has problems
with binary zeros. This is from Bugzilla #2681. Patch from Jeremie
Courreges-Anglas via Nam Nguyen. This fixes RunGrepTest for OpenBSD. Later:
it broke it for at least one version of Solaris, where tr can't handle binary
zeros. However, that system had /usr/xpg4/bin/tr installed, which works OK, so
RunGrepTest now checks for that command and uses it if found.
2. Compiling with gcc 10.2's -fanalyzer option showed up a hypothetical problem
with a NULL dereference. I don't think this case could ever occur in practice,
but I have put in a check in order to get rid of the compiler error.
3. An alternative patch for CMakeLists.txt because 10.36 #4 breaks CMake on
Windows. Patch from email@cs-ware.de fixes bugzilla #2688.
4. Two bugs related to over-large numbers have been fixed so the behaviour is
now the same as Perl.
(a) A pattern such as /\214748364/ gave an overflow error instead of being
treated as the octal number \214 followed by literal digits.
(b) A sequence such as {65536 that has no terminating } so is not a
quantifier was nevertheless complaining that a quantifier number was too big.
5. A run of autoconf suggested that configure.ac was out-of-date with respect
to the lastest autoconf. Running autoupdate made some valid changes, some valid
suggestions, and also some invalid changes, which were fixed by hand. Autoconf
now runs clean and the resulting "configure" seems to work, so I hope nothing
is broken. Later: the requirement for autoconf 2.70 broke some automatic test
robots. It doesn't seem to be necessary: trying a reduction to 2.60.
6. The pattern /a\K.(?0)*/ when matched against "abac" by the interpreter gave
the answer "bac", whereas Perl and JIT both yield "c". This was because the
effect of \K was not propagating back from the full pattern recursion. Other
recursions such as /(a\K.(?1)*)/ did not have this problem.
7. Restore single character repetition optimization in JIT. Currently fewer
character repetitions are optimized than in 10.34.
8. When the names of the functions in the POSIX wrapper were changed to
pcre2_regcomp() etc. (see change 10.33 #4 below), functions with the original
names were left in the library so that pre-compiled programs would still work.
However, this has proved troublesome when programs link with several libraries,
some of which use PCRE2 via the POSIX interface while others use a native POSIX
library. For this reason, the POSIX function names are removed in this release.
The macros in pcre2posix.h should ensure that re-compiling fixes any programs
that haven't been compiled since before 10.33.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 5.8 to 5.9.1
- Update rootfile
- find-dependencies run to check impact of so lib bump
no issues found
- Changelog - for more details on the Many bug fixes for 5.9.1 see the
ChangeLog file in the source tarball
The following is from the CHANGES file in the source tarball
*5.9.1*:
General: Many bug fixes
*5.9*
snmplib:
- Add IPv6 support to DTLSUDP transport
- use new netsnmp_sockaddr_storage in netsnmp_addr_pair
- add base_transport ptr for tunneled transports
- Add support for OpenSSL 1.1.1
- Dtls: overhaul of debug
- Remove inline versions of container funcs
snmpd:
- Use ETHTOOL_GLINKSETTINGS when available Newer Linux kernels
support ETHTOOL_GLINKSETTINGS. Use it when available instead of the
older and deprecated ETHTOOL_GSET. This patch avoids that the Linux
kernel reports the following kernel warning: warning: 'snmpd' uses
legacy ethtool link settings API, link modes are only partially
reported See also https://sourceforge.net/p/net-snmp/patches/1387/.
[bvanassche: reworked this patch significantly]
- Reduce the time needed to execute "pass" scripts on BSD systems See
also https://github.com/net-snmp/net-snmp/issues/8.
- [BUG 2926]: Make it possible to set agentXPingInterval for a
subagent - register agentXPingInterval for the subagent list
handler, before it was registered for snmp - added agentxTimeout to
the subagent list handler. It's now possible to set for snmpd and
the subagent. See 'man snmpd.conf' - added agentxRetries to the
subagent list handler. See 'man snmpd.conf'. It's never used in the
subagent, but it's now following the documentation Signed-off-by:
Anders Wallin <wallinux@gmail.com>
snmptrap:
- BUG: 2899: Patch from Drew Roedersheimer to set library
engineboots/time values before sending
snmptrapd:
- Add support for the latest libmysqlclient version
libsnmp:
- Scan MIB directories in alphabetical order This guarantees that
e.g. mibs/RFC1213-MIB.txt is read before mibs/SNMPv2-MIB.txt. The
order in which these MIBs is read matters because both define
sysLocation but with different attributes.
unspecified:
- [BUG 2930]: Fix a Solaris hrSWInst crash Avoid that snmpd crashes
on Solaris when querying software packages with an empty CATEGORY
field. See also https://sourceforge.net/p/net-snmp/bugs/2930/. See
also https://sourceforge.net/p/net-snmp/patches/1390/.
FreeBSD:
- Fix first byte of IF-MIB::ifPhysAddress Don't write past the
interface name, and use temporary copy instead. This fixes the
first byte of ifPhysAddress always being 0 on FreeBSD. See also
https://sourceforge.net/p/net-snmp/code/merge-requests/20/. [
bvanassche: edited patch title / added test for malloc() result /
reduced number of free(if_name) calls ]
Win32:
- BUG: 2779541 Fixed handle leak in pass_persist.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.2.25 (2014) to 3.5.0 (2019)
- Update rootfile
- Added --disable-static to ./configure
- Added --bindir=/usr/sbin otherwise binaries were installed in /usr/bin
Previous version installed the binaries in /usr/sbin without any command
This maintains location of binaries the same across the versions
- Changelog is no longer provided. Changes have to be found by reading
through the commits. https://github.com/thom311/libnl/releases
This is too large to include here.
There are 664 commits across 7 releases
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.49 to 2.50
- Update rootfile
- Version 2.50 failed to install capsh - bug raised for this
https://bugzilla.kernel.org/show_bug.cgi?id=213261
patch to fix this bug created and used in this build
- Changelog
Release notes for 2.50
2021-05-24 12:05:16 -0700
Some new capsh features:
--explain=cap_foo: describe what cap_foo does (Bug 212451)
--suggest=phrase: search all the cap descriptions and describe those that match the phrase
Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics.
this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin.
Add a test case for recent kernel fix (Bug 212737)
Go pragma fix for convenience functions in "cap" module (reported by Lorenz Bauer. Bug 212321)
Minor man documentation updates
Minor build tree improvements (mostly for maintainer)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.6.14 to 3.6.16
- Update rootfile
- Changelog
* Version 3.6.16 (released 2021-05-24)
** libgnutls: Fixed potential miscalculation of ECDSA/EdDSA code backported from
Nettle. In GnuTLS, as long as it is built and linked against the fixed
version of Nettle, this only affects GOST curves. [CVE-2021-20305]
** libgnutls: Fixed potential use-after-free in sending "key_share"
and "pre_shared_key" extensions. When sending those extensions, the
client may dereference a pointer no longer valid after
realloc. This happens only when the client sends a large Client
Hello message, e.g., when HRR is sent in a resumed session
previously negotiated large FFDHE parameters, because the initial
allocation of the buffer is large enough without having to call
realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low]
* Version 3.6.15 (released 2020-09-04)
** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
The server sending a "no_renegotiation" alert in an unexpected timing,
followed by an invalid second handshake was able to cause a TLS 1.3 client to
crash via a null-pointer dereference. The crash happens in the application's
error handling path, where the gnutls_deinit function is called after
detecting a handshake failure (#1071). [GNUTLS-SA-2020-09-04, CVSS: medium]
** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
indicates that with a false return value (!1306).
** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
accordingly to SP800-56A rev 3 (!1295, !1299).
** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
the size of the internal base64 blob (#1025). The new behavior aligns to the
existing documentation.
** libgnutls: Certificate verification failue due to OCSP must-stapling is not
honered is now correctly marked with the GNUTLS_CERT_INVALID flag
(!1317). The new behavior aligns to the existing documentation.
** libgnutls: The audit log message for weak hashes is no longer printed twice
(!1301).
** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
disabled in the priority string. Previously, even when TLS 1.2 is explicitly
disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
enabled (#1054).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch represents the first batch of various patches we do not use
anymore, hence there is no sense in keeping them, polluting ~/src/patches/.
Two coreutils patches have been moved into the already existing
coreutils folder, while one libloc patch has been a duplicate to that
one already existing in ~/src/patches/libloc/.
Cleaning up this dump remains a non-exhaustive attempt, though. There
are several other patches I could not locate in LFS files in the first
place, which means that the amount of files we can drop from this
directory is likely to be greater than this patch currently covers.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
