Full changelog as retrieved from https://git.savannah.gnu.org/cgit/texinfo.git/plain/NEWS:
6.7 (23 September 2019)
* Language:
. support of index subentries and sub-subentries with @subentry
. new commands @seeentry and @seealso in index entries
. no need to wrap Top node in @ifnottex - omitted automatically when
processed with TeX
. UTF-8 is the default input encoding
* texi2any
. for HTML output, mark index nodes in menus and tables of contents
with the 'rel' attribute of the 'a' tag.
. TOP_NODE_UP is now only used in HTML if TOP_NODE_UP_URL is set.
Also TOP_NODE_UP should now be formatted in the output format.
In HTML TOP_NODE_UP should be suitable for inclusion in HTML
element attributes, so for instance should not contain elements.
. support of noderename.cnf files has been removed
. INPUT_PERL_ENCODING, INPUT_ENCODING_NAME, NODE_FILE_EXTENSION,
NODE_FILENAMES, SHORTEXTN and TOP_NODE_FILE removed as customization
variables.
. TOP_NODE_FILE_TARGET now contains the extension.
. error messages translated when the XS parser module is in use
* texi2dvi
. unconditionally run in --batch mode, i.e. without stopping if there
is a TeX error
. keep on going after a TeX error if the index files changed
. with --tidy (or --build-dir), avoid reading index files from previous
runs where --tidy was not used
* info
. for a tree search (with M-/), '}' and '{' work as well as 'M-}' and
'M-{' to go through the results
* Distribution:
. Several obsolete portability checks removed
. gettext 0.20.1, automake 1.16.1
No rootfile changes were necessary.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Please refer to https://ccache.dev/news.html#2020-10-01 for a list of
all release notes since version 3.4.1, it is unfortunately way too long
to be added here. :-]
Since ccache is not part of the distribution itself, no rootfile updates
were necessary.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update dehydrated from 0.6.5 to 0.7.0
- No changes to the rootfiles
- This update patch also addresses bug #12425
The changes from the interim patch mentioned in bug #12425 are included into this update
- Changes for all releases can be found at https://github.com/dehydrated-io/dehydrated/releases
- Changes for this version update
Added
Support for external account bindings
Special support for ZeroSSL
Support presets for some CAs instead of requiring URLs
Allow requesting preferred chain (--preferred-chain)
Added method to show CAs current terms of service (--display-terms)
Allow setting path to domains.txt using cli arguments (--domains-txt)
Added new cli command --cleanupdelete which deletes old files instead of archiving them
Fixed
No more silent failures on broken hook-scripts
Better error-handling with KEEP_GOING enabled
Check actual order status instead of assuming it's valid
Don't include keyAuthorization in challenge validation (RFC compliance)
Changed
Using EC secp384r1 as default certificate type
Use JSON.sh to parse JSON
Use account URL instead of account ID (RFC compliance)
Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
Cleanup now also removes dangling symlinks
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Update bird from 2.0.6 to 2.0.7
Changes from changelog
- BGP: Fix reconfiguration with import table
*Change of some options requires route refresh, but when import table is
active, channel reload is done from it instead of doing full route
refresh. So in this case we request it internally.
- Doc: Minor documentation fixes
- Nest: Handle non-MPLS on MPLS case in recursive route update
*When non-MPLS recursive route resolves to MPLS underlying route,
then it should get MPLS labels from the the underlying route.
- Nest: Handle PtP links in recursive route update
*Underlying (IGP) route may lead to PtP link, in this case it does not
need gateway. Which is different than direct route without gateway.
*When recursive (BGP) route uses PtP route, it should not use recursive
next hop as immediate next hop, while for direct routes it should.
- Nest: Fix recursive route update
*Missing cleanup can lead to dangling pointer to old next hops.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-Update sqlite from 3.26.0 to 3.34.0
See https://sqlite[.]org/chronology[.]html for history between
these releases.
-Have reviewed all release notes between these two releases and there
are no deprecations.
-No change to rootfile.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Since tshark uses with version 3.4.0 an always enabled asynchronous DNS
resolution c-ares is a needed dependency.
- Since curl can also use c-ares --> https://c-ares.haxx.se/ it has been
placed in make.sh before curl even no compiletime options has been set
to enable this. c-ares has also been placed in packages and not in common
which would be needed if it should be used for curl too.
Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Bacula install used the bacula initscript for starting and stopping bacula.
This works fine but results in no pid or memory input in the addons table
under services.
Using the IPFire initscript also successfully starts and stops bacula with
no problems but also provides the pid and memory information in the services
addons table.
- rootfiles adjusted to remove the reference to bacula-ctl-fd
- lfs/bacula adjusted to remove the init.d/bacula link generation
remove the "rm -f /root/.rnd" command. This file is not present
and I have not seen this command in any other lfs file that I
have looked at.
- new bacula initscript created
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
fix: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)
Severity: High
The X.509 GeneralName type is a generic type for representing different types
of names. One of those name types is known as EDIPartyName. OpenSSL provides a
function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
to see if they are equal or not. This function behaves incorrectly when both
GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
may occur leading to a possible denial of service attack.
OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
1) Comparing CRL distribution point names between an available CRL and a CRL
distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches the timestamp
authority name (exposed via the API functions TS_RESP_verify_response and
TS_RESP_verify_token)
If an attacker can control both items being compared then that attacker could
trigger a crash. For example if the attacker can trick a client or server into
checking a malicious certificate against a malicious CRL then this may occur.
Note that some applications automatically download CRLs based on a URL embedded
in a certificate. This checking happens prior to the signatures on the
certificate and CRL being verified. OpenSSL's s_server, s_client and verify
tools have support for the "-crl_download" option which implements automatic
CRL downloading and this attack has been demonstrated to work against those
tools.
Note that an unrelated bug means that affected versions of OpenSSL cannot parse
or construct correct encodings of EDIPARTYNAME. However it is possible to
construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence
trigger this attack.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Otherwise the WUI is not allowed to put and release the nobeep file in
this folder and the desired functionality does not work.
Fixes#12385.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch disables the output of 'iptables' in 'summary.dat' by
modifying '/usr/share/conf/logwatch.conf'.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
