This includes new and changed firmware files, to avoid shipping a lot of
unchanged files. Upstream deleted files will be deleted on the
installations as well.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.0.3 to 3.0.6
- Communication had with cisofy about the website and github versions of lynis and the
lack of a signature file on github. Following response received from Michael Boelen
of cisofy.
"GitHub releases are different as they (the tarballs) are created by GitHub itself. So
yes, the hashes will differ. In fact, the contents of the files will be different as
well. These files are not signed by GitHub or us. We consider GitHub the work version.
When we release a new version, we tag them on GitHub with a version as well. For the
stable releases, use the version on the website."
- Based on the above the version used in this build is from the website. The signature
file for version 3.0.6 on the website is now available.
- The lynis-3.0.6.tar.gz in the IPFire Source location will probably need to be removed
as it is from the Github location and running ./make.sh uploadsrc will probably not
upload the correct version because the filenames are the same. The tarball used in this
patch was from https://cisofy.com/downloads/lynis/
- The lfs file modified to take account of the tarball expanding to just lynis without
any version number. Also the rm -rf line has been modified due to the file differences
with the previous Github versions.
- Update rootfile to take account of the plugin_pam_phase1 and plugin_systemd_phase1
plugins not being included in the cisofy website version of the tarball. If these two
plugins that are available for community users are needed then they have to be
downloaded separately from cisofy via an email subscription to the notification test.
All other plugins are only available for paying customers.
- Changelog
Version 3.0.6 (2021-07-22)
### Added
- OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
- Check for outdated translation files
### Changed
- DBS-1826 - Check if PostgreSQL is being used
- DBS-1828 - Test multiple PostgreSQL configuration file(s)
- KRNL-5830 - Sort kernels by version instead of modification date
- PKGS-7410 - Don't show exception for systems using LXC
- GetHostID function: fallback options added for Linux systems
- Fix: macOS Big Sur detection
- Fix: show correct text when egrep is missing
- Fix: variable name for PostgreSQL
- German and Spanish translations extended
Version 3.0.5 (2021-07-02)
### Added
- OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
- CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
### Changed
- ACCT-9622 - Corrected typo
- HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
- PKGS-7320 - extended to Arch Linux 32
- Generation of host identifiers (hostid/hostid2) extended
- Linux host identifiers are now using ip as preferred input source
- Improved logging in several areas
Version 3.0.4 (2021-05-11)
### Added
- ACCT-9670 - Detection of cmd tooling
- ACCT-9672 - Test cmd configuration file
- BOOT-5140 - Check for ELILO boot loader presence
- OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
### Changed
- BOOT-5104 - Add service manager detection support for runit
- FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
- FIRE-4540 - Corrected nftables empy ruleset test
- LOGG-2138 - Do not check for klogd when metalog is being used
- TIME-3185 - Improved support for Debian stretch
- Corrected issue when Lynis is not executed directly from lynis directory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- util-macros was originally installed as a build requirement for pciaccess which is
a dependency of libvirt
- Along the way of updates of pciaccess the build requirement for util-macros is no
longer needed. pciaccess built without problems with util-macros removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 10.2 to 11.1
- Update of rootfile
- Changelog
Version 11.1 of GDB includes the following changes and enhancements:
Support for ARM Symbian (arm*-*-symbianelf*) has been removed.
Building GDB now requires GMP (The GNU Multiple Precision Arithmetic Library).
New command-line options "--early-init-command" (or "-eix") and
"--early-init-eval-command" (or "-eiex")
GDB/MI Changes:
New --qualified option for the '-break-insert' and '-dprintf-insert' commands.
New --force-condition option for the '-break-insert' and '-dprintf-insert' commands.
New --force option for the '-break-condition' command.
The '-file-list-exec-source-files' now accepts an optional regular expression to
filter the source files included in the result.
The results from '-file-list-exec-source-files' now include a 'debug-fully-read'
field to indicate if the corresponding source's debugging information has been
partially read (false) or has been fully read (true).
TUI Improvements:
Mouse actions are now supported. The mouse wheel scrolls the appropriate window.
Key combinations that do not have a specific action on the focused window are now
passed to GDB.
Python enhancements:
Inferior objects now contain a read-only 'connection_num' attribute that gives the
connection number as seen in 'info connections' and 'info inferiors'.
New method gdb.Frame.level() which returns the stack level of the frame object.
New method gdb.PendingFrame.level() which returns the stack level of the frame
object.
When hitting a catchpoint, the Python API will now emit a gdb.BreakpointEvent
rather than a gdb.StopEvent. The gdb.Breakpoint attached to the event will have
type BP_CATCHPOINT.
Python TUI windows can now receive mouse click events. If the Window object
implements the click method, it is called for each mouse click event in this
window.
New setting "python ignore-environment on|off"; if "on", causes GDB's builtin
Python to ignore any environment variable that would otherwise affect how Python
behaves (needs to be set during "early initialization" (see above).
New setting "python dont-write-bytecode auto|on|off".
Guile API enhancements:
Improved support for rvalue reference values.
New procedures for obtaining value variants: value-reference-value,
value-rvalue-reference-value and value-const-value.
New "qMemTags" and "QMemTags" remote protocol packets (associated with Memory Tagging).
GDB will now look for the .gdbinit file in a config directory before looking for
~/.gdbinit. The file is searched for in the following locations: $XDG_CONFIG_HOME/gdb/gdbinit, $HOME/.config/gdb/gdbinit, $HOME/.gdbinit. On Apple hosts the search order is instead: $HOME/Library/Preferences/gdb/gdbinit, $HOME/.gdbinit.
The "break [...] if CONDITION" command no longer returns an error when the condition
is invalid at one or more locations. Instead, if the condition is valid at one or
more locations, the locations where the condition is not valid are disabled.
The behavior of the "condition" command is changed to match the new behavior of the
"break" command.
Support for general memory tagging functionality (currently limited to AArch64 MTE)
Core file debugging now supported for x86_64 Cygwin programs.
New "org.gnu.gdb.riscv.vector" feature for RISC-V targets.
GDB now supports fixed point types which are described in DWARF as base types with a
fixed-point encoding. Additionally, support for the DW_AT_GNU_numerator and
DW_AT_GNU_denominator has also been added.
Miscellaneous:
New "startup-quietly on|off" setting; when "on", behaves the same as passing the
"-silent" option on the command line.
New "print type hex on|off" setting; when 'on', the 'ptype' command uses
hexadecimal notation to print sizes and offsets of struct members. When 'off',
decimal notation is used.
The "inferior" command, when run without argument, prints information about the
current inferior.
The "ptype" command now supports "/x" and "/d", affecting the base used to print
sizes and offsets.
The output of the "info source" has been restructured.
New "style version foreground | background | intensity" commands to control the
styling of the GDB version number.
Various debug and maintenance commands (mostly useful for the GDB developers)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
we have removed the -multi after the kernel name but
in the update script delete *-multi-* which leftover
the arm specific dtb folder and uImages.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://dlcdn.apache.org//httpd/CHANGES_2.4.52
Excerpt from changelog:
""Changes with Apache 2.4.52
*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: 漂亮é¼
TengMA(@Te3t123)
..."
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 4.14.0.4 to 4.15.0.1
- Update of rootfile
- Changelog
v4.15.0.1
rebased with official coreboot repository commit 6973a3e7
v4.14.0.6
rebased with official coreboot repository commit d06c0917
Re-added GPIO bindings to fix LED and button functionality
v4.14.0.5
rebased with official coreboot repository commit d4c55353
Updated CPU declarations in ACPI to comply with newer ACPI standard
Removed GPIO bindings to fix conflict with OS drivers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- v3 version uses newer version of fribidi
- lfs file created
- rootfile created
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- v3 version has updated pango version
- Update from 1.30.1 (2012) to 1.50.0 (2021)
- Update of rootfile - Pango modules, engines, and config have been removed (#733882) in
version 1.37.0 in 2014.
- pango now has dependencies of harfbuzz and fribidi so patches for these two are
included in the following two patches for this series.
- make.sh modified to include
build of these two packages before pango is built
- Build is done via meson/ninja now
- Changelog is too large to show here but the details can be found in the NEWS file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.14.0.4 to 4.15.0.1
- Update of rootfile
- Changelog
v4.15.0.1
rebased with official coreboot repository commit 6973a3e7
v4.14.0.6
rebased with official coreboot repository commit d06c0917
Re-added GPIO bindings to fix LED and button functionality
v4.14.0.5
rebased with official coreboot repository commit d4c55353
Updated CPU declarations in ACPI to comply with newer ACPI standard
Removed GPIO bindings to fix conflict with OS drivers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.33.1 to 2.34.1
- Update of rootfile - The "--preserve-merges" option of "git rebase" has been removed.
- Changelog is too large to include here.
The changes for version 2.34.0 can be found in the source tarball in
Documentation/RelNotes/2.34.0.txt and for version 2.34.1 in
Documentation/RelNotes/2.34.1.txt
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 6.85 to 6.86
- Update of rootfile
- Changelog
6.86 2021-11-15
-Change warn to carp
All warnings are now issued with the carp command rather than warn.
Requested in GitHup pull request #18, but that request was not used
because it only changed the uses in the Date::Manip::Date module.
-Bug fixes
Fixed a bug where the next/prev Date::Manip::Recur methods gave
incorrect results when there are no dates that match the criteria.
(GitHub #36)
-Time zone fixes
There were no new timezone fixes on 2021-06-01 or 2021-09-01, so no
releases made then.
Newest zoneinfo data (tzdata 2021e). (GitHub #37)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.0.16 to 2.0.18
- Update of rootfile
- Changelog
2.0.18
General:
* The SDL wiki documentation and development headers are automatically kept in sync
* Each function has information about in which version of SDL it was introduced
* Added the hint SDL_HINT_APP_NAME to let SDL know the name of your application for
various places it might show up in system information
* Added SDL_RenderGeometry() and SDL_RenderGeometryRaw() to allow rendering of
arbitrary shapes using the SDL 2D render API
* Added SDL_SetTextureUserData() and SDL_GetTextureUserData() to associate
application data with an SDL texture
* Added SDL_RenderWindowToLogical() and SDL_RenderLogicalToWindow() to convert
between window coordinates and logical render coordinates
* Added SDL_RenderSetVSync() to change whether a renderer present is synchronized
with vblank at runtime
* Added SDL_PremultiplyAlpha() to premultiply alpha on a block of
SDL_PIXELFORMAT_ARGB8888 pixels
* Added a window event SDL_WINDOWEVENT_DISPLAY_CHANGED which is sent when a window
changes what display it's centered on
* Added SDL_GetWindowICCProfile() to query a window's ICC profile, and a window
event SDL_WINDOWEVENT_ICCPROF_CHANGED that is sent when it changes
* Added the hint SDL_HINT_VIDEO_EGL_ALLOW_TRANSPARENCY to allow EGL windows to be
transparent instead of opaque
* SDL_WaitEvent() has been redesigned to use less CPU in most cases
* Added SDL_SetWindowMouseRect() and SDL_GetWindowMouseRect() to confine the mouse
cursor to an area of a window
* You can now read precise mouse wheel motion using 'preciseX' and 'preciseY' event
fields
* Added SDL_GameControllerHasRumble() and SDL_GameControllerHasRumbleTriggers() to
query whether a game controller supports rumble
* Added SDL_JoystickHasRumble() and SDL_JoystickHasRumbleTriggers() to query whether
a joystick supports rumble
* SDL's hidapi implementation is now available as a public API in SDL_hidapi.h
Windows:
* Improved relative mouse motion over Windows Remote Desktop
* Added the hint SDL_HINT_IME_SHOW_UI to show native UI components instead of hiding
them (defaults off)
Windows/UWP:
* WGI is used instead of XInput for better controller support in UWP apps
Linux:
* Added the hint SDL_HINT_SCREENSAVER_INHIBIT_ACTIVITY_NAME to set the activity
that's displayed by the system when the screensaver is disabled
* Added the hint SDL_HINT_LINUX_JOYSTICK_CLASSIC to control whether /dev/input/js*
or /dev/input/event* are used as joystick devices
* Added the hint SDL_HINT_JOYSTICK_DEVICE to allow the user to specify devices that
will be opened in addition to the normal joystick detection
* Added SDL_LinuxSetThreadPriorityAndPolicy() for more control over a thread
priority on Linux
Android:
* Added support for audio output and capture using AAudio on Android 8.1 and newer
* Steam Controller support is disabled by default, and can be enabled by setting the
hint SDL_HINT_JOYSTICK_HIDAPI_STEAM to "1" before calling SDL_Init()
Apple Arcade:
* Added SDL_GameControllerGetAppleSFSymbolsNameForButton() and
SDL_GameControllerGetAppleSFSymbolsNameForAxis() to support Apple Arcade titles
iOS:
* Added documentation that the UIApplicationSupportsIndirectInputEvents key must be
set to true in your application's Info.plist in order to get real Bluetooth mouse
events.
* Steam Controller support is disabled by default, and can be enabled by setting the
hint SDL_HINT_JOYSTICK_HIDAPI_STEAM to "1" before calling SDL_Init()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This patch removes support for i586 according to the decision being
taken over a year ago.
It removes the architecture from the build system and removes all
required hacks and other quirks that have been necessary before.
There is no need to ship any changed files to the remaining
architectures as the removed code branches have not been used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.10.4 to 2.11.0
- Update rootfile
- Changelog
CHANGES BETWEEN 2.10.4 and 2.11.0
I. IMPORTANT CHANGES
- A new rendering module has been added to create 8-bit Signed Distance Field (SDF)
bitmaps for both outline and bitmap glyphs. The new rendering mode is called
`FT_RENDER_MODE_SDF`, the pixel mode is `FT_PIXEL_MODE_GRAY8`, and the
corresponding raster flag is `FT_RASTER_FLAG_SDF`. This work was Anuj Verma's
GSoC 2020 project.
- A new, experimental API is now available for surfacing properties of 'COLR' v1
color fonts (as the name says, this is an extension to the 'COLR' table for
outline color fonts using the SFNT container format). 'COLR' v1 fonts are a
recently proposed addition to OFF and OpenType; specification work currently
happens in https://github.com/googlefonts/colr-gradients-spec/ 'COLR' v1 is
expected to be merged to OpenType; the ISO standardisation process for adding
'COLR' v1 as an amendment to OFF is underway. Functions similar to the already
existing 'COLR' API have been added to access the corresponding data.
FT_Get_Color_Glyph_Paint Retrieve the root paint for a given glyph ID.
FT_Get_Paint_Layers Access the layers of a `PaintColrLayers` table.
FT_Get_Colorline_Stops Retrieve the 'color stops' on a color line. As an input,
a color stop iterator gets used, which in turn is retrieved from a paint.
FT_Get_Paint Dereference an `FT_OpaquePaint` object and retrieve the
corresponding `FT_COLR_Paint` object, which contains details on how to draw the
respective 'COLR' v1 `Paint` table.
II. MISCELLANEOUS
- FreeType has moved its infrastructure to https://gitlab.freedesktop.org/freetype
A side effect is that the git repositories are now called `freetype.git` and
`freetype-demos.git`, which by default expand to the directories `freetype` and
`freetype-demos`, respectively. The documentation has been updated accordingly.
FreeType's Savannah repositories will stay; they are now mirrors of the
'freedesktop.org' repositories.
- A new function `FT_Get_Transform` returns the values set by `FT_Set_Transform`.
- A new configuration macro `FT_DEBUG_LOGGING` is available. It provides extended
debugging capabilities for FreeType, for example showing a time stamp or
displaying the component a tracing message comes from. See file `docs/DEBUG` for
more information. This work was Priyesh Kumar's GSoC 2020 project.
- The legacy Type 1 and CFF engines are further demoted due to lack of CFF2
charstring support. You now need to use `FT_Property_Set` to enable them besides
the `T1_CONFIG_OPTION_OLD_ENGINE` and `CFF_CONFIG_OPTION_OLD_ENGINE` options,
respectively.
- The experimental 'warp' mode (AF_CONFIG_OPTION_USE_WARPER) for the auto-hinter
has been removed.
- The smooth rasterizer performance has been improved by >10%. Note that due to
necessary code changes there might be very subtle differences in rendering. They
are not visible by the eye, however.
- PCF bitmap fonts compressed with LZW (these are usually files with the extension
`.pcf.Z`) are now handled correctly.
- Improved Meson build files, including support to build the FreeType demo programs.
- A new demo program `ftsdf` is available to display Signed Distance Fields of
glyphs.
- The `ftlint` demo program has been extended to do more testing of its input. In
particular, it can display horizontal and vertical acutances for quality
assessment, together with computing MD5 checksums of rendered glyphs. [The
acutance measures how sharply the pixel coverage changes at glyph edges. For
monochrome bitmaps, it is always 2.0 in either X or Y direction. For
anti-aliased bitmaps, it depends on the hinting and the shape of a glyph and
might approach or even reach value 2.0 for glyphs like 'I', 'L', '+', '-', or
'=', while it might be lower for glyphs like 'O', 'S', or 'W'.]
- The `ttdebug` demo program didn't show changed point coordinates (bug introduced
in version 2.10.3).
- It is now possible to adjust the axis increment for variable fonts in the
`ftmulti` demo program.
- It is now possible to change the hinting engine in the `ftstring` demo program.
- The graphical demo programs work better now in native color depth on win32 and
x11.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 1.35 (2004) to 5.09 (2021)
- Update of rootfile required
- Changelog is too large to include here.
Full details can be found in Changes file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
