mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-12 20:16:49 +02:00
f5b9dcd1ccc930255aca4992023097cf1ef496cf
9877 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
f5b9dcd1cc |
man: Update to version 2.10.2
- Update from version 2.4.3 (2005) to 2.10.2 (2022)
- Update of rootfile
- Addition of libpipeline as a build dependency - separate patch for that.
- Changelog is too long to include here (~14000 lines)
Details back to 2013 can be found in the file ChangeLog in the source tarball
Details from 2013 back to version 2.4.3 can be found in the file ChangeLog-2013 in the
source tarball
90 bug fixes listed in ChangeLog
128 bug fixes listed in Changelog-2013 back to the version after 2.4.3
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
Peter Müller
|
eecf8445e2 |
Core Update 168: Ship iana-etc
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
0f90707416 |
Core Update 168: Ship curl
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
f61ced49e9 |
curl: Update to version 7.83.0
- Update from 7.82.0 to 7.83.0
- Update of rootfile
- Changelog
7.83.0
Changes:
o curl: add %header{name} experimental support in -w handling
o curl: add %{header_json} experimental support in -w handling
o curl: add --no-clobber [28]
o curl: add --remove-on-error [11]
o header api: add curl_easy_header and curl_easy_nextheader [56]
o msh3: add support for QUIC and HTTP/3 using msh3 [84]
Bugfixes:
o appveyor: add Cygwin build [77]
o appveyor: only add MSYS2 to PATH where required [78]
o BearSSL: add CURLOPT_SSL_CIPHER_LIST support [27]
o BearSSL: add CURLOPT_SSL_CTX_FUNCTION support [26]
o BINDINGS.md: add Hollywood binding [34]
o CI: Do not use buildconf. Instead, just use: autoreconf -fi [42]
o CI: install Python package impacket to run SMB test 1451 [5]
o configure.ac: move -pthread CFLAGS setting back where it used to be [14]
o configure: bump the copyright year range int the generated output
o conncache: include the zone id in the "bundle" hashkey [112]
o connecache: remove duplicate connc->closure_handle check [90]
o connect: make Curl_getconnectinfo work with conn cache from share handle [22]
o connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined [6]
o cookie.d: clarify when cookies are sent
o cookies: improve errorhandling for reading cookiefile [123]
o curl/system.h: update ifdef condition for MCST-LCC compiler [4]
o curl: error out if -T and -d are used for the same URL [99]
o curl: error out when options need features not present in libcurl [18]
o curl: escape '?' in generated --libcurl code [117]
o curl: fix segmentation fault for empty output file names. [60]
o curl_easy_header: fix typos in documentation [74]
o CURLINFO_PRIMARY_PORT.3: clarify which port this is [126]
o CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS [105]
o CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
o CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs [79]
o CURLOPT_PROGRESSFUNCTION.3: fix typo in example [63]
o CURLOPT_UNRESTRICTED_AUTH.3: extended explanation [127]
o CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype [9]
o docs/HYPER.md: updated to reflect current hyper build needs
o docs/opts: Mention Schannel client cert type is P12 [50]
o docs: Fix missing semicolon in example code [102]
o docs: lots of minor language polish [51]
o English: use American spelling consistently [95]
o fail.d: tweak the description [101]
o firefox-db2pem.sh: make the shell script safer [47]
o ftp: fix error message for partial file upload [61]
o gen.pl: change wording for mutexed options [98]
o GHA: add openssl3 jobs moved over from zuul [88]
o GHA: build hyper with nightly rustc [7]
o GHA: move bearssl jobs over from zuul [85]
o gha: move the event-based test over from Zuul [59]
o gtls: fix build for disabled TLS-SRP [48]
o http2: handle DONE called for the paused stream [69]
o http2: RST the stream if we stop it on our own will [67]
o http: avoid auth/cookie on redirects same host diff port [110]
o http: close the stream (not connection) on time condition abort [68]
o http: reject header contents with nul bytes [41]
o http: return error on colon-less HTTP headers [31]
o http: streamclose "already downloaded" [57]
o hyper: fix status_line() return code [13]
o hyper: fix tests 580 and 581 for hyper [107]
o hyper: no h2c support [33]
o infof: consistent capitalization of warning messages [103]
o ipv4/6.d: clarify that they are about using IP addresses [3]
o json.d: fix typo (overriden -> overridden) [24]
o keepalive-time.d: It takes many probes to detect brokenness [29]
o lib/warnless.[ch]: only check for WIN32 and ignore _WIN32 [45]
o lib670: avoid double check result [71]
o lib: #ifdef on USE_HTTP2 better [65]
o lib: fix some misuse of curlx_convert_wchar_to_UTF8 [38]
o lib: remove exclamation marks [100]
o libssh2: compare sha256 strings case sensitively [114]
o libssh2: make the md5 comparison fail if wrong length [111]
o libssh: fix build with old libssh versions [12]
o libssh: fix double close [124]
o libssh: Improve fix for missing SSH_S_ stat macros [10]
o libssh: unstick SFTP transfers when done event-based [58]
o macos: set .plist version in autoconf [122]
o mbedtls: remove 'protocols' array from backend when ALPN is not used [66]
o mbedtls: remove server_fd from backend [91]
o mk-ca-bundle.pl: Use stricter logic to process the certificates [39]
o mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl [8]
o mlc_config.json: add file to ignore known troublesome URLs [35]
o mqtt: better handling of TCP disconnect mid-message [55]
o ngtcp2: add client certificate authentication for OpenSSL [15]
o ngtcp2: avoid busy loop in low CWND situation [119]
o ngtcp2: deal with sub-millisecond timeout [116]
o ngtcp2: disconnect the QUIC connection proper [19]
o ngtcp2: enlarge H3_SEND_SIZE [82]
o ngtcp2: fix HTTP/3 upload stall and avoid busy loop [83]
o ngtcp2: fix memory leak [80]
o ngtcp2: fix QUIC_IDLE_TIMEOUT [94]
o ngtcp2: make curl 1ms faster [93]
o ngtcp2: remove remote_addr which is not used in a meaningful way [81]
o ngtcp2: update to work after recent ngtcp2 updates [62]
o ngtcp2: use token when detecting :status header field [92]
o nonblock: restore setsockopt method to curlx_nonblock [20]
o openssl: check SSL_get_peer_cert_chain return value [1]
o openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL [23]
o openssl: fix CN check error code [21]
o options: remove mistaken space before paren in prototype
o perl: removed a double semicolon at end of line [64]
o pop3/smtp: return *WEIRD_SERVER_REPLY when not understood [43]
o projects/README: converted to markdown [76]
o projects: Update VC version names for VS2017, VS2022 [52]
o rtsp: don't let CSeq error override earlier errors [37]
o runtests: add 'bearssl' as testable feature [87]
o runtests: make 'oldlibssh' be before 0.9.4 [2]
o schannel: remove dead code that will never run [89]
o scripts/copyright.pl: ignore the new mlc_config.json file
o scripts: move three scripts from lib/ to scripts/ [44]
o test1135: sync with recent API updates [54]
o test1459: disable for oldlibssh [53]
o test375: fix line endings on Windows [40]
o test386: Fix an incorrect test markup tag
o test718: edited slightly to return better HTTP [32]
o tests/server/util.h: align WIN32 condition with util.c [46]
o tests: refactor server/socksd.c to support --unix-socket [96]
o timediff.[ch]: add curlx helper functions for timeval conversions [86]
o tls: make mbedtls and NSS check for h2, not nghttp2 [70]
o tool and tests: force flush of all buffers at end of program [17]
o tool_cb_hdr: Turn the Location: into a terminal hyperlink [30]
o tool_getparam: error out on missing -K file [115]
o tool_listhelp.c: uppercase URL
o tool_operate: fix a scan-build warning [16]
o tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3) [97]
o transfer: redirects to other protocols or ports clear auth [109]
o unit1620: call global_init before calling Curl_open [125]
o url: check sasl additional parameters for connection reuse. [113]
o vtls: provide a unified APLN-disagree string for all backends [75]
o vtls: use a backend standard message for "ALPN: offers %s" [73]
o vtls: use a generic "ALPN, server accepted" message [72]
o winbuild/README.md: fixup dead link [36]
o winbuild: Add a Visual Studio example to the README [49]
o wolfssl: fix compiler error without IPv6 [25]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
56b9ee7e7e |
libseccomp: Update to version 2.5.4
- Update from version 2.5.3 to 2.5.4 - Update of rootfile - Changelog Version 2.5.4 - April 21, 2022 - Update the syscall table for Linux v5.17 - Fix minor issues with binary tree testing and with empty binary trees - Minor documentation improvements including retiring the mailing list Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
b314ad9e78 |
Core Update 168: Ship libaio
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
efa6f1e2dc |
libaio: Update to version 0.3.113
- Update from version 0.3.112 to 0.3.113 - Update of rootfile - Changelog 0.3.113 harness: add test for aio poll missed events Verify structure padding is correct at build time Fix struct io_iocb_sockaddr padding for 32bit architectures Fix struct io_iocb_vector padding for 32bit architectures Use generic syscall number schema for loongarch Add endian detection and bit width detection for loongarch Add loongarch to supported architectures in libaio.spec cases/16.t: loongarch only supports eventfd2 Fix test issue with gcc-11 harness: Skip the test if io_pgetevents() is not implemented harness: Print better error messages on error conditions in 22.t harness: Fix PROT_WRITE mmap check harness: fix read into PROT_WRITE mmap test harness: skip 22.p if async_poll isn't supported harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT harness: Add fallback code for filesystems not supporting O_DIRECT harness: add support for skipping tests harness: Make the test exit with a code matching the pass/fail state harness: Make RISC-V use SYS_eventfd2 instead of unavailable SYS_eventfd harness: Use run-time _SC_PAGE_SIZE instead of build-time PAGESIZE harness: Use destination strncpy() expression for sizeof() argument Use ctx consistently for io_context_t instead of ctx_id man: Escape verbatim \n in order to make it through roff man: Fold short lines man: Fix markup man: Fix title header man: Fix typos man: Add "None" to empty sections man: Remove spurious text man: Remove spurious spaces man: Fix period formatting man: Fix casing man: End sentences with a period man: Refer to libaio.h instead of libio.h man: Use the correct troff macro for comments man: Add missing space in man page references harness: allow running tests against the installed library Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
585ab87551 |
Core Update 168: Ship libcap
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
d9538fbcc4 |
libcap: Update to version 2.64
- Update from version 2.63 to 2.64
- Update of rootfile
- Change sed line to ensure removal of static libs - environment names for static libraries
changed.
- Changelog
2.64
Fix memory leak in libpsx at program exit. (Bug: 215551 reported by Kalen Hall)
Be more resilient to CGo configuration with Go compiler when building tests.
(Bug: 215603)
Fix cap_*prctl() return code/errno handling. (Bug: 215772 reported by Anderson
Toshiyuki Sasaki)
Minor clarification to cap_get_pid() man page concerning pid value within
namespaces. (Bug: 215812)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
fab8358515 |
Core Update 168: Ship libcap-ng
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
810dbe76ae |
oci-cli: Update to version 3.7.3
- Update from 3.4.2 to 3.7.3 - Update of rootfile - Changelog is too large to include here ~600 lines long More details can be found in the CHANGELOG.rst file in the source tarball Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
85a250d636 |
oci-python-sdk: Update to version 2.64.0
- Update from 2.54.0 to 2.64.0 - Update of rootfile - Changelog 2.64.0 - 2022-04-19 Added * Support for the Stack Monitoring service * Support for stack monitoring on external databases in the Database service * Support for upgrading VM database systems in place in the Database service * Support for viewing supported VMWare software versions when listing host shapes in the VMWare Solution service * Support for choosing compute shapes when creating SDDCs and ESXi hosts in the VMWare Solution service * Support for work requests on delete operations in the Vulnerability Scanning service * Support for additional scan metadata in reports, including CVE descriptions, in the Vulnerability Scanning service * Support for redemption codes in the Usage service Breaking * Param `type` in model `DiscoveryDetails` assumes the value of `UNKNOWN_ENUM_VALUE` if it is assigned a value that is not of the allowed_values. It will not raise a `ValueError`. 2.63.0 - 2022-04-12 Added * Support for bringing your own IPv6 addresses in the Networking service * Support for specifying database edition and maximum CPU core count when creating or updating an autonomous database in the Database service * Support for enabling and disabling data collection options when creating or updating Exadata Cloud at Customer VM clusters in the Database service Breaking * Support for retries by default on operations in the Identity service * Support for retries by default on operations in the Operations Insights service 2.62.1 - 2022-04-05 Added * Fixed the lifecycle state values for target databases in the Data Safe service * Support for content length and content type response headers when downloading PDFs in the Account Management service * Support for creating Enterprise Manager-based zLinux host targets, creating alarms, and viewing top process analytics in the Operations Insights service * Support for diagnostic reboots on VM instances in the Compute service 2.62.0 - 2022-03-29 Added * Support for returning the number of network ports as part of listing shapes in the Compute service * Support for Java runtime removal and custom logs in the Java Management service * Support for new parameters for BGP admin state and enabling/disabling BFD in the Networking service * Support for private OKE clusters and blue-green deployments in the DevOps service * Support for international customers to consume and launch third-party paid listings in the Marketplace service * Support for additional fields on entities, attributes, and folders in the Data Catalog service Breaking * Support for retries by default on operations in the Marketplace service 2.61.0 - 2022-03-22 Added * Support for getting the storage utilization of a deployment on deployment list and get operations in the GoldenGate service * Support for virtual machines, bare metal machines, and Exadata databases with private endpoints in the Operations Insights service * Support for setting deletion policies on database systems in the MySQL Database service Breaking * Support for retries by default on operations in the Data Labeling service (data plane and control plane) 2.60.1 - 2022-03-15 Added * Support for Ubuntu platforms and unlimited installation keys in the Management Agent Cloud service * Support for shielded instances in the VMWare Solution service * Support for application resources in the Data Integration service * Support for multi-AVM on Exadata Cloud at Customer infrastructure in the Database service * Support for heterogeneous (VM and AVM) clusters on Exadata Cloud at Customer infrastructure in the Database service * Support for custom maintenance schedules for AVM clusters on Exadata Cloud at Customer infrastructure in the Database service * Support for listing vulnerabilities, vulnerability-impacted containers, and vulnerability-impacted hosts in the Vulnerability Scanning service * Support for specifying an image count when creating or updating container scan recipes in the Vulnerability Scanning service 2.60.0 - 2022-03-08 Added * Support for the Sales Accelerator license option in the Content Management service * Support for VCN hostname cluster endpoints in the Container Engine for Kubernetes service * Support for optionally specifying an admin username and password when creating a database system during a restore operation in the MySQL Database service * Support for automatic tablespace creation on non-autonomous and autonomous database dedicated targets in the Database Migration service * Support for reporting excluded objects based on static exclusion rules and dynamic exclusion settings in the Database Migration service * Support for removing, listing, and adding database objects reported by the Cloud Premigration Advisor Tool (CPAT) in the Database Migration service * Support for migrating Oracle databases from the AWS RDS service to OCI as autonomous databases, using the AWS S3 service and DBLINK for data transfer, in the Database Migration service * Support for querying additional fields of a resource using return clauses in the Search service * Support for clusters and station clusters in the Roving Edge Infrastructure service * Support for creating database systems and database homes using customer-managed keys in the Database service Breaking * Support for retries enabled by default on operations in the Container Engine for Kubernetes service * Support for retries enabled by default on operations in the Resource Manager service * Support for retries enabled by default on operations in the Search service 2.59.0 - 2022-03-01 Added * Support for DRG route distribution statements to be specified with a new match type 'MATCH_ALL' for matching criteria in the Networking service * Support for VCN route types on DRG attachments for deciding whether to import VCN CIDRs or subnet CIDRs into route rules in the Networking service * Support for CPS offline reports in the Database service * Support for infrastructure patching v2 features in the Database service * Support for auto-scaling the storage of an autonomous database, as well as shrinking an autonomous database, in the Database service * Support for managed egress via a default networking option on jobs and notebooks in the Data Science service * Support for more types of saved search enums in the Management Dashboard service Breaking * Support for retries enabled by default on some operations in the AI Vision service 2.58.0 - 2022-02-22 Added * Support for the Data Connectivity Management service * Support for the AI Speech service * Support for disabling crash recovery in the MySQL Database service * Support for detector recipes of type "threat", new detector rule of type "rogue user", and sightings operations in the Cloud Guard service * Support for more VM shape configurations when listing shapes in the Compute service * Support for customer-managed encryption keys in the Analytics Cloud service * Support for FastConnect device information in the Networking service Breaking * Support for retries enabled by default on all operations in the Application Performance Monitoring control plane service 2.57.0 - 2022-02-15 Added * Support for the AI Vision service * Support for the Threat Intelligence service * Support for creation of NoSQL database tables with on-demand throughput capacity in the NoSQL Database Cloud service * Support for tagging features in the Oracle Container Engine for Kubernetes (OKE) service * Support for trace snapshots in the Application Performance Monitoring service * Support for auditing and alerts in the Data Safe service * Support for data discovery and data masking in the Data Safe service * Support for customized subscriptions and delivery of announcements by email and SMS in the Announcements service Breaking * The API `query_old` was removed from `query_client` in the Application Performance Monitoring service 2.56.0 - 2022-02-08 Added * Support for managing tablespaces in the Database Management service * Support for upgrading and managing payment for subscriptions in the Account Management service * Support for listing fast launch job configurations in the Data Science service Breaking changes * Support for retries enabled by default on all operations in the Application Performance Monitoring service * The type for the `bill_to_address` parameter was changed from `Address` to `BillToAddress` in the invoice model of the Account Management service * `payment_method` was made a required property of the `payment_detail` model of the Account Management service 2.55.1 - 2022-02-01 Added * Support for calling Oracle Cloud Infrastructure services in the ap-dcc-canberra-1 region * Support for the Console Dashboard service * Support for capacity reservation in the Container Engine for Kubernetes service * Support for tagging in the Container Engine for Kubernetes service * Support for fetching listings by image OCID in the Marketplace service * Support for underscores and hyphens in project resource names in the DevOps service * Support for cross-region cloning in the Database service 2.55.0 - 2022-01-25 Added * Support for OneSubscription services * Support for specifying if a run or application is streaming or batch in the Data Flow service * Support for updating the Instance Configuration of an Instance Pool within a Cluster Network in the Compute Management service * Updated documentation for Cross Region ADG feature for Autonomous Database in the Database service Breaking * Support for retries enabled by default on all operations in the Object Storage service 2.54.1 - 2022-01-18 Added * Support for calling Oracle Cloud Infrastructure services in the me-dcc-muscat-1 region * Support for the Visual Builder service * Support for cross-region replication of volume groups in the Block Storage service * Support for boot volume encryption in the Container Engine for Kubernetes service * Support for adding metadata to records when creating and updating records in the Data Labeling service * Support for global export formats in snapshot datasets in the Data Labeling service * Support for adding labeling instructions to datasets in the Data Labeling service * Support for updating autonomous dataguard associations for autonomous container databases in the Database service * Support for setting up automatic failover when creating autonomous container databases in the Database service * Support for setting the RECO storage size when updating a database system in the Database service * Support for reconnecting refreshable clones to source for autonomous databases on shared infrastructure in the Database service * Support for checking if an autonomous database on shared infrastructure can be reconnected to source, in the Database service Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
9efdbe103b |
Core Update 168: Ship changed rules.pl
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
Stefan Schantl
|
8b97a537f5 |
rules.pl: Fix automatic ipset sets cleanup.
The array of used/loaded ipsets needs to be reloaded before the cleanup can be started to also handle sets which are loaded during runtime. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
2f908d9648 |
Core Update 168: Ship libinih
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
3421b1abd8 |
meson: Update to version 0.62.1
- Update from version 0.60.1 to 0.62.1 - Update of rootfile - Changelog is too long to include here. More details can be read at the following link https://mesonbuild.com/Release-notes-for-0-62-0.html Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
9d5c3d36e0 |
openvmtools: Update to version stable-12.0.0
- Update from version stable-11.3.0 to stable-12.0.0
- Update of rootfile
- Changelog is a bit too long to include here. More details can be found at
https://github.com/vmware/open-vm-tools/blob/stable-12.0.0/ReleaseNotes.md
https://github.com/vmware/open-vm-tools/blob/stable-11.3.5/ReleaseNotes.md
- In version 11.3.5 mount.vmhgfs was removed from openvmtools
It has been replaced by hgfs-fuse
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
8de58edc73 |
Core Update 168: Ship relevant linux-firmware changes
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
5a48b4a23b |
linux-firmware: Update to 20220411
See https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/ for changes since the last linux-firmware version tag. Also, please note that this patch does not feature any directives for shipping files via a Core Update - these need to be done separately. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
7138d1747c |
Core Update 168: Ship openjpeg
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
ca98d29a86 |
openjpeg: Update to version 2.4.0
- Update from version 2.3.1 to 2.4.0
- Update of rootfile
- Changelog
2.4.0
**Closed issues:**
- OPENJPEG\_INSTALL\_DOC\_DIR does not control a destination directory where HTML docs would be installed. [\#1309](https://github.com/uclouvain/openjpeg/issues/1309)
- Heap-buffer-overflow in lib/openjp2/pi.c:312 [\#1302](https://github.com/uclouvain/openjpeg/issues/1302)
- Heap-buffer-overflow in lib/openjp2/t2.c:973 [\#1299](https://github.com/uclouvain/openjpeg/issues/1299)
- Heap-buffer-overflow in lib/openjp2/pi.c:623 [\#1293](https://github.com/uclouvain/openjpeg/issues/1293)
- Global-buffer-overflow in lib/openjp2/dwt.c:1980 [\#1286](https://github.com/uclouvain/openjpeg/issues/1286)
- Heap-buffer-overflow in lib/openjp2/tcd.c:2417 [\#1284](https://github.com/uclouvain/openjpeg/issues/1284)
- Heap-buffer-overflow in lib/openjp2/mqc.c:499 [\#1283](https://github.com/uclouvain/openjpeg/issues/1283)
- Openjpeg could not encode 32bit RGB float image [\#1281](https://github.com/uclouvain/openjpeg/issues/1281)
- Openjpeg could not encode 32bit RGB float image [\#1280](https://github.com/uclouvain/openjpeg/issues/1280)
- ISO/IEC 15444-1:2019 \(E\) compared with 'cio.h' [\#1277](https://github.com/uclouvain/openjpeg/issues/1277)
- Test-suite failure due to hash mismatch [\#1264](https://github.com/uclouvain/openjpeg/issues/1264)
- Heap use-after-free [\#1261](https://github.com/uclouvain/openjpeg/issues/1261)
- Memory leak when failing to allocate object... [\#1259](https://github.com/uclouvain/openjpeg/issues/1259)
- Memory leak of Tier 1 handle when OpenJPEG fails to set it as TLS... [\#1257](https://github.com/uclouvain/openjpeg/issues/1257)
- Any plan to build release for CVE-2020-8112/CVE-2020-6851 [\#1247](https://github.com/uclouvain/openjpeg/issues/1247)
- failing to convert 16-bit file: opj\_t2\_encode\_packet\(\): only 5251 bytes remaining in output buffer. 5621 needed. [\#1243](https://github.com/uclouvain/openjpeg/issues/1243)
- CMake+VS2017 Compile OK, thirdparty Compile OK, but thirdparty not install [\#1239](https://github.com/uclouvain/openjpeg/issues/1239)
- New release to solve CVE-2019-6988 ? [\#1238](https://github.com/uclouvain/openjpeg/issues/1238)
- Many tests fail to pass after the update of libtiff to version 4.1.0 [\#1233](https://github.com/uclouvain/openjpeg/issues/1233)
- Another heap buffer overflow in libopenjp2 [\#1231](https://github.com/uclouvain/openjpeg/issues/1231)
- Heap buffer overflow in libopenjp2 [\#1228](https://github.com/uclouvain/openjpeg/issues/1228)
- Endianness of binary volume \(JP3D\) [\#1224](https://github.com/uclouvain/openjpeg/issues/1224)
- New release to resolve CVE-2019-12973 [\#1222](https://github.com/uclouvain/openjpeg/issues/1222)
- how to set the block size,like 128,256 ? [\#1216](https://github.com/uclouvain/openjpeg/issues/1216)
- compress YUV files to motion jpeg2000 standard [\#1213](https://github.com/uclouvain/openjpeg/issues/1213)
- Repair/update Java wrapper, and include in release [\#1208](https://github.com/uclouvain/openjpeg/issues/1208)
- abc [\#1206](https://github.com/uclouvain/openjpeg/issues/1206)
- Slow decoding [\#1202](https://github.com/uclouvain/openjpeg/issues/1202)
- Installation question [\#1201](https://github.com/uclouvain/openjpeg/issues/1201)
- Typo in test\_decode\_area - \*ptilew is assigned instead of \*ptileh [\#1195](https://github.com/uclouvain/openjpeg/issues/1195)
- Creating a J2K file with one POC is broken [\#1191](https://github.com/uclouvain/openjpeg/issues/1191)
- Make fails on Arch Linux [\#1174](https://github.com/uclouvain/openjpeg/issues/1174)
- Heap buffer overflow in opj\_t1\_clbl\_decode\_processor\(\) triggered with Ghostscript [\#1158](https://github.com/uclouvain/openjpeg/issues/1158)
- opj\_stream\_get\_number\_byte\_left: Assertion `p\_stream-\>m\_byte\_offset \>= 0' failed. [\#1151](https://github.com/uclouvain/openjpeg/issues/1151)
- The fuzzer ignores too many inputs [\#1079](https://github.com/uclouvain/openjpeg/issues/1079)
- out of bounds read [\#1068](https://github.com/uclouvain/openjpeg/issues/1068)
**Merged pull requests:**
- Change defined WIN32 [\#1310](https://github.com/uclouvain/openjpeg/pull/1310) ([Jamaika1](https://github.com/Jamaika1))
- docs: fix simple typo, producted -\> produced [\#1308](https://github.com/uclouvain/openjpeg/pull/1308) ([timgates42](https://github.com/timgates42))
- Set ${OPENJPEG\_INSTALL\_DOC\_DIR} to DESTINATION of HTMLs [\#1307](https://github.com/uclouvain/openjpeg/pull/1307) ([lemniscati](https://github.com/lemniscati))
- Use INC\_DIR for OPENJPEG\_INCLUDE\_DIRS \(fixes uclouvain\#1174\) [\#1306](https://github.com/uclouvain/openjpeg/pull/1306) ([matthew-sharp](https://github.com/matthew-sharp))
- pi.c: avoid out of bounds access with POC \(fixes \#1302\) [\#1304](https://github.com/uclouvain/openjpeg/pull/1304) ([rouault](https://github.com/rouault))
- Encoder: grow again buffer size [\#1303](https://github.com/uclouvain/openjpeg/pull/1303) ([zodf0055980](https://github.com/zodf0055980))
- opj\_j2k\_write\_sod\(\): avoid potential heap buffer overflow \(fixes \#1299\) \(probably master only\) [\#1301](https://github.com/uclouvain/openjpeg/pull/1301) ([rouault](https://github.com/rouault))
- pi.c: avoid out of bounds access with POC \(refs https://github.com/uclouvain/openjpeg/issues/1293\#issuecomment-737122836\) [\#1300](https://github.com/uclouvain/openjpeg/pull/1300) ([rouault](https://github.com/rouault))
- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1297, but likely not the proper fix [\#1298](https://github.com/uclouvain/openjpeg/pull/1298) ([rouault](https://github.com/rouault))
- opj\_t2\_encode\_packet\(\): avoid out of bound access of \#1294, but likely not the proper fix [\#1296](https://github.com/uclouvain/openjpeg/pull/1296) ([rouault](https://github.com/rouault))
- opj\_j2k\_setup\_encoder\(\): validate POC compno0 and compno1 \(fixes \#1293\) [\#1295](https://github.com/uclouvain/openjpeg/pull/1295) ([rouault](https://github.com/rouault))
- Encoder: avoid global buffer overflow on irreversible conversion when… [\#1292](https://github.com/uclouvain/openjpeg/pull/1292) ([rouault](https://github.com/rouault))
- Decoding: deal with some SPOT6 images that have tiles with a single tile-part with TPsot == 0 and TNsot == 0, and with missing EOC [\#1291](https://github.com/uclouvain/openjpeg/pull/1291) ([rouault](https://github.com/rouault))
- Free p\_tcd\_marker\_info to avoid memory leak [\#1288](https://github.com/uclouvain/openjpeg/pull/1288) ([zodf0055980](https://github.com/zodf0055980))
- Encoder: grow again buffer size [\#1287](https://github.com/uclouvain/openjpeg/pull/1287) ([zodf0055980](https://github.com/zodf0055980))
- Encoder: avoid uint32 overflow when allocating memory for codestream buffer \(fixes \#1243\) [\#1276](https://github.com/uclouvain/openjpeg/pull/1276) ([rouault](https://github.com/rouault))
- Java compatibility from 1.5 to 1.6 [\#1263](https://github.com/uclouvain/openjpeg/pull/1263) ([jiapei100](https://github.com/jiapei100))
- opj\_decompress: fix double-free on input directory with mix of valid and invalid images [\#1262](https://github.com/uclouvain/openjpeg/pull/1262) ([rouault](https://github.com/rouault))
- openjp2: Plug image leak when failing to allocate codestream index. [\#1260](https://github.com/uclouvain/openjpeg/pull/1260) ([sebras](https://github.com/sebras))
- openjp2: Plug memory leak when setting data as TLS fails. [\#1258](https://github.com/uclouvain/openjpeg/pull/1258) ([sebras](https://github.com/sebras))
- openjp2: Error out if failing to create Tier 1 handle. [\#1256](https://github.com/uclouvain/openjpeg/pull/1256) ([sebras](https://github.com/sebras))
- Testing for invalid values of width, height, numcomps [\#1254](https://github.com/uclouvain/openjpeg/pull/1254) ([szukw000](https://github.com/szukw000))
- Single-threaded performance improvements in forward DWT for 5-3 and 9-7 \(and other improvements\) [\#1253](https://github.com/uclouvain/openjpeg/pull/1253) ([rouault](https://github.com/rouault))
- Add support for multithreading in encoder [\#1248](https://github.com/uclouvain/openjpeg/pull/1248) ([rouault](https://github.com/rouault))
- Add support for generation of PLT markers in encoder [\#1246](https://github.com/uclouvain/openjpeg/pull/1246) ([rouault](https://github.com/rouault))
- Fix warnings about signed/unsigned casts in pi.c [\#1244](https://github.com/uclouvain/openjpeg/pull/1244) ([rouault](https://github.com/rouault))
- opj\_decompress: add sanity checks to avoid segfault in case of decoding error [\#1240](https://github.com/uclouvain/openjpeg/pull/1240) ([rouault](https://github.com/rouault))
- ignore wrong icc [\#1236](https://github.com/uclouvain/openjpeg/pull/1236) ([szukw000](https://github.com/szukw000))
- Implement writing of IMF profiles [\#1235](https://github.com/uclouvain/openjpeg/pull/1235) ([rouault](https://github.com/rouault))
- tests: add alternate checksums for libtiff 4.1 [\#1234](https://github.com/uclouvain/openjpeg/pull/1234) ([rouault](https://github.com/rouault))
- opj\_tcd\_init\_tile\(\): avoid integer overflow [\#1232](https://github.com/uclouvain/openjpeg/pull/1232) ([rouault](https://github.com/rouault))
- tests/fuzzers: link fuzz binaries using $LIB\_FUZZING\_ENGINE. [\#1230](https://github.com/uclouvain/openjpeg/pull/1230) ([Dor1s](https://github.com/Dor1s))
- opj\_j2k\_update\_image\_dimensions\(\): reject images whose coordinates are beyond INT\_MAX \(fixes \#1228\) [\#1229](https://github.com/uclouvain/openjpeg/pull/1229) ([rouault](https://github.com/rouault))
- Fix resource leaks [\#1226](https://github.com/uclouvain/openjpeg/pull/1226) ([dodys](https://github.com/dodys))
- abi-check.sh: fix false postive ABI error, and display output error log [\#1218](https://github.com/uclouvain/openjpeg/pull/1218) ([rouault](https://github.com/rouault))
- pi.c: avoid integer overflow, resulting in later invalid access to memory in opj\_t2\_decode\_packets\(\) [\#1217](https://github.com/uclouvain/openjpeg/pull/1217) ([rouault](https://github.com/rouault))
- Add check to validate SGcod/SPcoc/SPcod parameter values. [\#1211](https://github.com/uclouvain/openjpeg/pull/1211) ([sebras](https://github.com/sebras))
- Fix buffer overflow reading an image file less than four characters [\#1196](https://github.com/uclouvain/openjpeg/pull/1196) ([robert-ancell](https://github.com/robert-ancell))
- compression: emit POC marker when only one single POC is requested \(f… [\#1192](https://github.com/uclouvain/openjpeg/pull/1192) ([rouault](https://github.com/rouault))
- Fix several potential vulnerabilities [\#1185](https://github.com/uclouvain/openjpeg/pull/1185) ([Young-X](https://github.com/Young-X))
- openjp2/j2k: Report error if all wanted components are not decoded. [\#1164](https://github.com/uclouvain/openjpeg/pull/1164) ([sebras](https://github.com/sebras))
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
0a1d567ce8 |
Core Update 168: Ship openldap
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
c4f3bb4b08 |
openldap: Update to version 2.6.1
- Update from version 2.4.49 to 2.6.1
- Update of rootfile
- Update of consolidated patch to 2.6.1
- Removal of old patches
- Changelog
OpenLDAP 2.6.1 Release (2022/01/20)
Fixed libldap to init client socket port (ITS#9743)
Fixed libldap with referrals (ITS#9781)
Added slapd config keyword for logfile format (ITS#9745)
Fixed slapd to allow objectClass edits with no net change (ITS#9772)
Fixed slapd configtable population (ITS#9576)
Fixed slapd to only set loglevel in server mode (ITS#9715)
Fixed slapd logfile-rotate use of uninitialized variable (ITS#9730)
Fixed slapd passwd scheme handling with slapd.conf (ITS#9750)
Fixed slapd postread support for modrdn (ITS#7080)
Fixed slapd syncrepl recreation of deleted entries (ITS#9282)
Fixed slapd syncrepl replication with ODSEE (ITS#9707)
Fixed slapd syncrepl to properly replicate glue entries (ITS#9647)
Fixed slapd syncrepl to reject REFRESH for precise resync (ITS#9742)
Fixed slapd syncrepl to avoid busy loop during refresh (ITS#9584)
Fixed slapd syncrepl when X-ORDERED is specified (ITS#9761)
Fixed slapd syncrepl to better handle out of order delete ops (ITS#9751)
Fixed slapd syncrepl to correctly close connections when config is deleted (ITS#9776)
Fixed slapd-mdb to update indices correctly on replace ops (ITS#9753)
Fixed slapd-wt to set correct flags (ITS#9760)
Fixed slapo-accesslog to fix assertion due to deprecated code (ITS#9738)
Fixed slapo-accesslog to fix inconsistently normalized minCSN (ITS#9752)
Fixed slapo-accesslog delete handling of multi-valued config attrs (ITS#9493)
Fixed slapo-autogroup to maintain values in insertion order (ITS#9766)
Fixed slapo-constraint to maintain values in insertion order (ITS#9770)
Fixed slapo-dyngroup to maintain values in insertion order (ITS#9762)
Fixed slapo-dynlist compare operation for static groups (ITS#9747)
Fixed slapo-dynlist static group filter with multiple members (ITS#9779)
Fixed slapo-ppolicy when not built modularly (ITS#9733)
Fixed slapo-refint to maintain values in insertion order (ITS#9763)
Fixed slapo-retcode to honor requested insert position (ITS#9759)
Fixed slapo-sock cn=config support (ITS#9758)
Fixed slapo-syncprov memory leak (ITS#8039)
Fixed slapo-syncprov to generate a more accurate accesslog query (ITS#9756)
Fixed slapo-syncprov to allow empty DB to host persistent syncrepl connections (ITS#9691)
Fixed slapo-syncprov to consider all deletes for sycnInfo messages (ITS#5972)
Fixed slapo-translucent to warn on invalid config (ITS#9768)
Fixed slapo-unique to warn on invalid config (ITS#9767)
Fixed slapo-valsort to maintain values in insertion order (ITS#9764)
Build Environment
Fix test022 to preserve DELAY search output (ITS#9718)
Fix slapd-watcher to allow startup when servers are down (ITS#9727)
Contrib
Fixed slapo-lastbind to work with 2.6 lastbind-precision configuration (ITS#9725)
Documentation
Fixed slapd.conf(5)/slapd-config(5) documentation on lastbind-precision (ITS#9728)
Fixed slapo-accesslog(5) to clarify logoldattr usage (ITS#9749)
OpenLDAP 2.6.0 Release (2021/10/25)
Initial release for "general use".
OpenLDAP 2.5.7 Release (2021/08/18)
Fixed lloadd client state tracking (ITS#9624)
Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611)
Fixed slapd-ldif duplicate controls response (ITS#9497)
Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621)
Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958)
Fixed slapd-mdb idlexp maximum size handling (ITS#9637)
Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628)
Fixed slapd-sql to add support for ppolicy attributes (ITS#9629)
Fixed slapd-sql to close transactions after bind and search (ITS#9630)
Fixed slapo-accesslog to make reqMod optional (ITS#9569)
Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625)
Documentation
slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637)
slapo-accesslog(5) note that reqMod is optional (ITS#9569)
Add ldapvc(1) man page (ITS#9549)
Add guide section on load balancer (ITS#9443)
Updated guide to document multiprovider as replacement for mirrormode (ITS#9200)
Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200)
Updated guide to document removal of deprecated options from client tools (ITS#9200)
OpenLDAP 2.5.6 Release (2021/07/27)
Fixed libldap buffer overflow (ITS#9578)
Fixed libldap missing mutex unlock on connection alloc failure (ITS#9590)
Fixed lloadd cn=config olcBkLloadClientMaxPending setting (ITS#8747)
Fixed slapd multiple config defaults (ITS#9363)
Fixed slapd ipv6 addresses to work with tcp wrappers (ITS#9603)
Fixed slapo-syncprov delete of nonexistent sessionlog (ITS#9608)
Build
Fixed library symbol versioning on Solaris (ITS#9591)
Fixed compile warning in libldap/tpool.c (ITS#9601)
Fixed compile warning in libldap/tls_o.c (ITS#9602)
Contrib
Fixed ppm module for sysconfdir (ITS#7832)
Documentation
Updated guide to document multival, idlexp, and maxentrysize (ITS#9613, ITS#9614)
OpenLDAP 2.5.5 Release (2021/06/03)
Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502)
Added lloadd tcp-user-timeout support (ITS#9502)
Added slapd-asyncmeta tcp-user-timeout support (ITS#9502)
Added slapd-ldap tcp-user-timeout support (ITS#9502)
Added slapd-meta tcp-user-timeout support (ITS#9502)
Fixed incorrect control OIDs for AuthZ Identity (ITS#9542)
Fixed libldap typo in util-int.c (ITS#9541)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed libldap better TLS1.3 cipher suite handling (ITS#9521, ITS#9546)
Fixed lloadd multiple issues (ITS#8747)
Fixed slapd slap_op_time to avoid duplicates across restarts (ITS#9537)
Fixed slapd typo in daemon.c (ITS#9541)
Fixed slapd slapi compilation (ITS#9544)
Fixed slapd to handle empty DN in extended filters (ITS#9551)
Fixed slapd syncrepl searches with empty base (ITS#6467)
Fixed slapd syncrepl refresh on startup (ITS#9324, ITS#9534)
Fixed slapd abort due to typo (ITS#9561)
Fixed slapd-asyncmeta quarantine handling (ITS#8721)
Fixed slapd-asyncmeta to have a default operations timeout (ITS#9555)
Fixed slapd-ldap quarantine handling (ITS#8721)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
Fixed slapd-meta quarantine handling (ITS#8721)
Fixed slapo-accesslog to record reqNewDN for modRDN ops (ITS#9552)
Fixed slapo-pcache locking during expiration (ITS#9529)
Build
Fixed slappw-argon2 module installation (ITS#9548)
Contrib
Update ldapc++/ldaptcl to use configure.ac (ITS#9554)
Documentation
ldap_first_attribute(3) - Document ldap_get_attribute_ber (ITS#8820)
ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
OpenLDAP 2.5.4 Release (2021/04/29)
Initial release for "general use".
OpenLDAP 2.4.57 Release (2021/01/18)
Fixed ldapexop to use correct return code (ITS#9417)
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
Fixed slapd modrdn memory leak (ITS#9420)
Fixed slapd double-free in vrfilter (ITS#9408)
Fixed slapd cancel operation to correctly terminate (ITS#9428)
Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
OpenLDAP 2.4.56 Release (2020/11/10)
Fixed slapd to remove assert in certificateListValidate (ITS#9383)
Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
Fixed slapd to better parse ldapi listener URIs (ITS#9379)
OpenLDAP 2.4.55 Release (2020/10/26)
Fixed slapd normalization handling with modrdn (ITS#9370)
Fixed slapd-meta to check ldap_install_tls return code (ITS#9366)
Contrib
Fixed nssov misplaced semicolon (ITS#8731, ITS#9368)
OpenLDAP 2.4.54 Release (2020/10/12)
Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342)
Fixed slapd delta-syncrepl to be fully serialized (ITS#9330)
Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352)
Fixed slapd syncrepl to be fully serialized (ITS#8102)
Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345)
Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355)
Fixed slapd syncrepl to not create empty ADD ops (ITS#9359)
Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295)
Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353)
Fixed slapo-accesslog normalizer for reqStart (ITS#9358)
Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361)
Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015)
Fixed slapo-syncprov sessionlog to use a TAVL tree (ITS#8486)
OpenLDAP 2.4.53 Release (2020/09/07)
Added slapd syncrepl additional SYNC logging (ITS#9043)
Fixed slapd syncrepl segfault on NULL cookie on REFRESH (ITS#9282)
Fixed slapd syncrepl to use fresh connection on REFRESH fallback (ITS#9338)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302,ITS#9334)
Build
Require OpenSSL 1.0.2 or later (ITS#9323)
Fixed libldap compilation issue with broken C compilers (ITS#9332)
OpenLDAP 2.4.52 Release (2020/08/28)
Added libldap LDAP_OPT_X_TLS_REQUIRE_SAN option (ITS#9318)
Added libldap OpenSSL support for multiple EECDH curves (ITS#9054)
Added slapd OpenSSL support for multiple EECDH curves (ITS#9054)
Fixed librewrite malloc/free corruption (ITS#9249)
Fixed libldap hang when using UDP and server down (ITS#9328)
Fixed slapd syncrepl rare deadlock due to network issues (ITS#9324)
Fixed slapd syncrepl regression that could trigger an assert (ITS#9329)
Fixed slapd-mdb index error with collapsed range (ITS#9135)
OpenLDAP 2.4.51 Release (2020/08/11)
Added slapo-ppolicy implement Netscape password policy controls (ITS#9279)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287)
Fixed slapd to enforce singular existence of some overlays (ITS#9309)
Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227)
Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282)
Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295)
Fixed slapd-perl dynamic config with threaded slapd (ITS#7573)
Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285)
Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302)
Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309)
Fixed slapo-chain to check referral (ITS#9262)
Build Environment
Fix test064 so it no longer uses bashisms (ITS#9263)
Contrib
Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248)
slapo-allowed - Fix usage of unitialized variable (ITS#9308)
Documentation
ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271)
OpenLDAP 2.4.50 Release (2020/04/28)
Fixed client benign typos (ITS#8890)
Fixed libldap type cast (ITS#9175)
Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650)
Fixed libldap_r race on Windows mutex initialization (ITS#9181)
Fixed liblunicode memory leak (ITS#9198)
Fixed slapd benign typos (ITS#8890)
Fixed slapd to limit depth of nested filters (ITS#9202)
Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214)
Fixed slapo-pcache database initialization (ITS#9182)
Fixed slapo-ppolicy callback (ITS#9171)
Build
Fix olcDatabaseDummy initialization for windows (ITS#7074)
Fix detection for ws2tcpip.h for windows (ITS#8383)
Fix back-mdb types for windows (ITS#7878)
Contrib
Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855)
Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206)
Documentation
slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003)
slapd-meta(5) - Remove client-pr option (ITS#8683)
slapindex(8) - Fix truncate option information for back-mdb (ITS#9230)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
174778b202 |
Core Update 168: Ship sqlite
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
94e680c36d |
Core Update 168: Ship mpfr
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
9ee219315c |
multipath-tools: Update to version 0.8.9
- Update from commit 386d288, bumped to version 0.7.7 (May 2018) to version 0.8.9 (Feb 2022) - Update of rootfile - Changelog No changelog file in the source tarball or on website. Changelog is the commit tree see https://github.com/opensvc/multipath-tools/commits/master for more details Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
b4294a6a09 |
Core Update 168: Ship nano
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
843314ba98 |
parted: Update to version 3.5
- Update from 3.4 to 3.5 - Update of rootfile - Changelog * Noteworthy changes in release 3.5 (2022-04-18) [stable] ** New Features Update to latest gnulib for 3.5 release * Noteworthy changes in release 3.4.64.2 (2022-04-05) [alpha] ** Bug Fixes usage: remove the mention of "a particular partition" * Noteworthy changes in release 3.4.64 (2022-03-30) [alpha] ** New Features Add --fix to --script mode to automatically fix problems like the backup GPT header not being at the end of a disk. Add use of the swap partition flag to msdos disk labeled disks. Allow the partition name to be an empty string when set in script mode. Add --json command line switch to output the details of the disk as JSON. Add support for the Linux home GUID using the linux-home flag. ** Bug Fixes Decrease disk sizes used in tests to make it easier to run the test suite on systems with less memory. Largest filesystem is now 267MB (fat32). The rest are only 10MB. Add aarch64 and mips64 as valid machines for testing. Escape colons and backslashes in the machine output. Device path, model, and partition name could all include these. They are now escaped with a backslash. Use libdevmapper's retry remove option when the device is BUSY. This prevents libdevmapper from printing confusin output when trying to remove a busy partition. Keep GUID specific attributes when writing the GPT header. Previously they were set to 0. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
3d767c8aad |
borgbackup: Fix rootfile on 32-bit ARM
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
b7a2d742b4 |
powertop: Update to version 2.14
- Update from v2.10 to 2.14
- added ./autogen.sh to create configure file
- Update of rootfile
- Changelog
No changelog provided anywhere. For details of changes see commits in the github
repository - https://github.com/fenrus75/powertop/commits/master
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
3098182fa7 |
Samba: Update ARM rootfiles
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
2b9af93313 |
Core Update 168: Ship wakeonlan.cgi
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
52224df18d |
Core Update 168: Ship pcre2
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
f86e23906e |
pcre2: Update to version 10.40
- Update from 10.39 to 10.40 - Update of rootfile - Changelog Version 10.40 15-April-2022 1. Merged patch from @carenas (GitHub #35, 7db87842) to fix pcre2grep incorrect handling of multiple passes. 2. Merged patch from @carenas (GitHub #36, dae47509) to fix portability issue in pcre2grep with buffered fseek(stdin). 3. Merged patch from @carenas (GitHub #37, acc520924) to fix tests when -S is not supported. 4. Revert an unintended change in JIT repeat detection. 5. Merged patch from @carenas (GitHub #52, b037bfa1) to fix build on GNU Hurd. 6. Merged documentation and comments patches from @carenas (GitHub #47). 7. Merged patch from @carenas (GitHub #49) to remove obsolete JFriedl test code from pcre2grep. 8. Merged patch from @carenas (GitHub #48) to fix CMake install issue #46. 9. Merged patch from @carenas (GitHub #53) fixing NULL checks in matching and substituting. 10. Add null_subject and null_replacement modifiers to pcre2test. 11. Add check for NULL subject to POSIX regexec() function. 12. Add check for NULL replacement to pcre2_substitute(). 13. For the subject arguments of pcre2_match(), pcre2_dfa_match(), and pcre2_substitute(), and the replacement argument of the latter, if the pointer is NULL and the length is zero, treat as an empty string. Apparently a number of applications treat NULL/0 in this way. 14. Added support for Bidi_Class and a number of binary Unicode properties, including Bidi_Control. 15. Fix some minor issues raised by clang sanitize. 16. Very minor code speed up for maximizing character property matches. 17. A number of changes to script matching for \p and \P: (a) Script extensions for a character are now coded as a bitmap instead of a list of script numbers, which should be faster and does not need a loop. (b) Added the syntax \p{script:xxx} and \p{script_extensions:xxx} (synonyms sc and scx). (c) Changed \p{scriptname} from being the same as \p{sc:scriptname} to being the same as \p{scx:scriptname} because this change happened in Perl at release 5.26. (d) The standard Unicode 4-letter abbreviations for script names are now recognized. (e) In accordance with Unicode and Perl's "loose matching" rules, spaces, hyphens, and underscores are ignored in property names, which are then matched independent of case. 18. The Python scripts in the maint directory have been refactored. There are now three scripts that generate pcre2_ucd.c, pcre2_ucp.h, and pcre2_ucptables.c (which is #included by pcre2_tables.c). The data lists that used to be duplicated are now held in a single common Python module. 19. On CHERI, and thus Arm's Morello prototype, pointers are represented as hardware capabilities, which consist of both an integer address and additional metadata, meaning they are twice the size of the platform's size_t type, i.e. 16 bytes on a 64-bit system. The ovector member of heapframe happens to only be 8 byte aligned, and so computing frame_size ended up with a multiple of 8 but not 16. Whilst the first frame was always suitably aligned, this then misaligned the frame that follows, resulting in an alignment fault when storing a pointer to Fecode at the start of match. Patch to fix this issue by Jessica Clarke PR#72. 20. Added -LP and -LS listing options to pcre2test. 21. A user discovered that the library names in CMakeLists.txt for MSVC debugger (PDB) files were incorrect - perhaps never tried for PCRE2? 22. An item such as [Aa] is optimized into a caseless single character match. When this was quantified (e.g. [Aa]{2}) and was also the last literal item in a pattern, the optimizing "must be present for a match" character check was not being flagged as caseless, causing some matches that should have succeeded to fail. 23. Fixed a unicode properrty matching issue in JIT. The character was not fully read in caseless matching. 24. Fixed an issue affecting recursions in JIT caused by duplicated data transfers. 25. Merged patch from @carenas (GitHub #96) which fixes some problems with pcre2test and readline/readedit: * Use the right header for libedit in FreeBSD with autoconf * Really allow libedit with cmake * Avoid using readline headers with libedit Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
854241e108 |
Core Update 168: Ship media.cgi
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
b8ffb101f8 |
keepalived: Update to version 2.2.7
- Update from 2.2.4 to 2.2.7
- Update of rootfile
- Changelog
Release 2.2.7 brings lots of improvements and fix some minor issues reported. It add
some new VRRP features as well. Stability has been even more extended.
New
ipvs: Add support to twos scheduler.
vrrp: Add vrf option for unicast without specifying an interface.
vrrp: Add option unicast_fault_no_peer. Previously if unicast_src_ip (or any
other unicast option) was specified, but no unicast peers were
configured, then the VRRP instance would operate in multicast mode. A
user has identified that, due to automatic configuration generation,
they could have a configuration that should operate in unicast mode,
but that no unicast peers were configured. In this case, they did not
want the VRRP instance to revert to multicast mode. In order to
maintain backward compatibility, keepalived can’t simply change to not
allowing no unicast peers. Instead, this commit adds the configuration
option “unicast_fault_no_peer”, which if specified causes the VRRP
instance to go to fault state if no unicast peers are configured.
vrrp: Allow specification of multicast address to be used.
vrrp: Add vrf option to static and vrrp routes.
vrrp: Add option to resend vrrp states on fifos after reload. Since
keepalived restarts FIFOs scripts it is managing when a reload occurs,
it can be helpful to send the VRRP instance and group states after a
reload. This commit adds option fifo_write_vrrp_states_on_reload to do
that, and it means that what is written to the FIFOs with default
configuration does not change.
vrrp: Allow duplication of VRIDs on an interface with unicast peers. If two
VRRP instances are using unicast peers and there is no overlap of
unicast peers between the vrrp instances, then the vrrp instances can
use the same VRIDs.
global: Don’t assume running as user root.
systemd: Add keepalived-non-root.service systemd service file.
keepalived-non-root.service allows keepalived to be run as a non
root user, but with specific added capabilities to allow all the
functionality that keepalived needs.
Improvements
vrrp: Stop receiving any data on garp and ndisc sockets. This is a send-only
channel.
vrrp: Open gratuitous ARP socket as an ARP socket rather than RARP. Now that
the receiving of packets on the garp socket has been stopped, we can
open the socket with the correct type of binding, and we won’t have a
queue of received messages build up.
vrrp: Extend cBPF filtering code to support standard definition.
vrrp: Optimise nftables configuration to limit some rules to macvlans. If we
are moving messages that have been generated on a macvlan, we nftables
rules can be optimised to restrict them to macvlan interfaces.
vrrp: Drop ICMPV6 Router Solicitation messages from vmac interfaces. When we
create a vmac interface, a short time afterwards the kernel sends a
router solicition message with the source MAC address of the vmac
interface. The problem is that this will upset snooping switches if
the VRRP instance is in backup state. Furthermore, we can’t simply
move the packet onto the underlying interface since the ICMPV6 payload
also contains the MAC address of the vmac interface. We can’t just
change the MAC address in the ICMPV6 message, since there is also a
checksum which would need to be recalculated. The only solution at the
moment is to drop the packet. This shouldn’t be a problem since the
underlying interface should have sent a Router solicitation message
when it came up.
vrrp: Add option to specify MAC address for VMACs.
vrrp: Don’t lose some configuration faults. The following errors were being
detected in vrrp_complete_instance() and the VRRP instance was then
supposed to be put into fault state since it couldn’t operate.
However, the need to go to fault state was subsequently being lost.
The configuration errors that were being lost were: (a) Configuring
use of a VMAC on a non Ethernet interface (b) Attempting to use
multicast on an interface that doesn’t support it (c) Using an ipvlan
without a source IP address (d) ipvlan address family not matching
VRRP isntance’s (e) VRID conflicts on an interface which could be
deleted an recreated on a different interface (f) An interface
specified for a VIP is the same as the VRRP instance’s VMAC or another
VRRP instance’s VMAC. This improvement ensures that the VRRP instance
will be put into, and remain in, fault state, since it cannot
successfully operate. As can be seen from the list of circumstances
above, they were very unlikely to occur, but were possible.
vrrp: Bind IPv6 socket to multicast address. Previously IPv6 sockets were
being bound to the ::1 address, since trying to bind to the multicast
address was failing. The reason for failing has now been discovered to
be that the scope_id needed to be set (i.e. the interface index),
since the multicast addresses that we use are link-local multicast
addresses. This improvement now sets the scope_id, so the socket can
successfully be bound to the multicast address.
vrrp: Set IPV6_MULTICAST_ALL on IPv6 sockets if available.
vrrp: Some SNMP extension and improvements: - Correct FastOpenNoCookie and
L3Mdev variable types - Don’t write multicast address to SNMP when
using unicast. - Don’t write unconfigured LVS sync daemon address to
SNMP. - Define and use SNMP_TruthValue. - Define and use
SNMP_InetAddressType. - Correct reporting accept mode for VRRPv3 SNMP.
vrrp: Misc DBus improvements (Opening, logging, data_dir, policy, …)
vrrp: Handle VMAC’s interface changing on reload properly.
vrrp: If accept traffic for VIPs changes on reload, update firewall.
vrrp: Stop going to backup if reload IPv6 and change vmac_xmit_base.
vrrp: Add add/prepend/append options to static and virtual routes. The
kernel by default prepends routes, whereas the ip (iproute2) utility
be default adds routes (adding a route does not allow duplicates
whereas appending or prepending does). keepalived previously has not
set the flags relating to this, and so has always prepended routes.
This means that duplicate routes could be created.
lib: Update Red Black tree code to Linux 5.15-rc4.
script: Extend sample_notify_fifo.sh.
doc: Misc documentation updates.
docker: Upate docker file.
init: Init handling extensions. Make parent process exit with meaningful
status on error. Ensure systemd is not notified of successful start if
failed. fix building without systemd notify suport.
bfd: handle unexpected closure of pipe to checker and vrrp processes. If the
parent process abnormally terminates and then the BFD process
terminates due to PDEATHSIG before the vrrp or checker processes
terminate, the vrrp and checker processes can get a read error on the
pipes used to communicate with the BFD process.
bfd: make BFD work when IPv6 disabled on system.
Fixes
lib: Fix calculating CLOCK_REALTIME and CLOCK_MONOTONIC offsets.
lib: scheduler: Handle cancelling timer thread on ready queue. The timer
thread on the ready queue, if cancelled, was corrupting the read
list_head, since it assumed it was on a red black tree.
snap: Fix building snaps.
ipvs: Fix building with glibc prior to v2.19 (released 2014).
bfd: Handle interface down/address missing when keepalived starts. This
resolves a segfault, and also makes bfd retry once per minute to create
send socket if it cannot do so due to no address to bind to on an
interface.
vrrp: Fix unicast with interface in a VRF domain.
vrrp: Fix moving excess VIPs to eVIPs, by properly handling vip_cnt.
vrrp: Fix configured IPv6 multicast addresses with VMACs. Using different
multicast addresses with IPv6 on the same interface without using
VMACs is only supported if the kernel supports IPV6_MULTICAST_ALL
(from Linux v4.20).
vrrp: Fix checking for unicast with VMAC/ipvlan and no peers.
vrrp: Fix checking if have unicast ppers if unicast_ttl specified.
vrrp: Don’t segfault if duplicate VMAC name, but ignore second name.
vrrp: Don’t delete and recreate VMAC on reload if only VRID has changed.
There seems to be an issue deleting and then immediately recreating a
VMAC on the same interface. This commit therefore simply changes the
MAC address if the only change is the VRID.
vrrp: Fix nftables config if VMAC interface changed on reload.
vrrp: Don’t segfault if don’t have permission for ARP/NDISC socket.
vrrp: Fix IPv6 with vmac_xmit_base.
vrrp: fix disabling vmac-xmit-base with VRRPv3 IPv6 use_vmac.
vrrp: Fix specifying user/group for vrrp_scripts.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Peter Müller
|
28fdd8ede6 |
Core Update 168: Ship procps
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
0469187ca0 |
procps: Update to version v4.0.0
- Update from v3.3.16 to v4.0.0
- added --disable-static to ./configure to remove static libs from rootfile
- Update of rootfile
- Changed lib name. Ran ./make.sh find-dependencies. No dependencies on old libraries
- Changelog
procps-ng-4.0.0
* Rename pwait to pidwait
* free: Add committed line option merge #25
* free: Fix -h --si combined options issue #133, #223
* free: Fix first column justification issue #229, #204, #206, Debian #1001689
* free: Better spacing for Chinese language issue #213
* library: renamed to libproc-2 and reset to 0:0:0
* library: add support for accessing smaps_rollup issue #112, #201
* library: add support for accessing autogroups
* library: add support for LIBPROC_HIDE_KERNEL env var merge #147
* library: add support for cpu utilization to pids i/f
* pkill: Check for lt- variants of program name issue #192
* pgrep: Add newline after regex error message merge #91
* pgrep: Fix selection where uid/gid > 2^31 merge !146
* pgrep: Select on cgroup v2 paths issue #168
* ps: Add OOM and OOMADJ fields issue #198
* ps: Add IO Accounting fields issue #184
* ps: Add PSS and USS fields issue #112
* ps: Add two new autogroup fields
* ps: Ignore SIGURG merge !142
* slabtop: Don't combine d and o options issue #160
* sysctl: Add support for systemd glob patterns issue #191
* sysctl: Check resolved path to be under /proc/sys issue #179
* sysctl: return non-zero if EINVAL return for write merge #76
* sysctl.conf.5: Note max line length issue #77
* top: added LOGID similar to 3.3.13 ps LUID
* top: added EXE identical to 3.3.17 ps EXE
* top: exploit some library smaps_rollup provisions issue #112
* top: added four new IO accounting fields issue #184
* top: 'F' key is now a new forest view 'focus' toggle
* top: summary area memory lines can print two abreast
* top: added two new autogroup fields
* top: added long versions of command line options
* top: added cpu utilization & 2 time related fields
* top: the time related fields can now be user scaled
* uptime: print short/pretty format correctly issue #217
* vmstat: add -y option to remove first line merge !72
procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations issue #176
* kill: Pass int to signalled process merge #32
* pgrep: Pass int to signalled process merge #32
* pgrep: Check sanity of SG_ARG_MAX issue #152
* pgrep: Add older than selection merge #79
* pidof: Quiet mode merge #83
* pidof: show worker threads Redhat #1803640
* ps.1: Mention stime alias issue #164
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option Redhat #1399206
* pwait: New command waits for a process merge #97
* sysctl: Match systemd directory order Debian #950788
* sysctl: Document directory order Debian #951550
* top: ensure config file backward compatibility Debian #951335
* top: add command line 'e' for symmetry with 'E' issue #165
* top: add '4' toggle for two abreast cpu display issue #172
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch merge #114
* vmstat: Wide mode gives wider proc columns merge #48
* watch: Add environment variable for interval merge #62
* watch: Add no linewrap option issue #182
* watch: Support more colors merge #106,#109
* free,uptime,slabtop: complain about extra ops issue #181
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
3a5ba6cf97 |
Core Update 168: Ship pango
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
0487d6a575 |
pango: Update to version 1.50.6
- Update from 1.50.4 to 1.50.6
- Update of rootfile
- Changelog
Overview of changes in 1.50.6, 19-03-2022
- Drop hb-glib dependency
- Fix test font configuration
- Maintain order in pango_attr_list_change
- Fix a use-after-free in pango_attr_list_change
Overview of changes in 1.50.5, 03-03-2022
* Fix compiler warnings
* Enable cairo by default
* pango-view: Show more baselines
* layout: Handle baselines
* Windows: build cleanups
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Peter Müller
|
b26c72d569 |
Core Update 168: Ship logwatch
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
Matthias Fischer
|
ab473dd363 |
logwatch: Update to 7.6
The developers do not provide a changelog, the only comment I could find was on: https://packetstormsecurity.com/files/165672/Logwatch-7.6.html "Changes: Fixed bugs." Running here on Core 166. No seen problems. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> |
||
|
Adolf Belka
|
7b5f057a48 |
perl-JSON: Installation of new package required by samba
- Installation of lfs and rootfile for perl-JSON - required by samba-4.16.0 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
e8e8b6ae29 |
samba: Update to version 4.16.0
- Update from version 4.15.5 to 4.16.0
- Update of rootfile
- perl-JSON now added to samba requirements. Additional patch combined with this on for
install of perl-JSON
- Changelog
Release Notes for Samba 4.16.0
NEW FEATURES/CHANGES
New samba-dcerpcd binary to provide DCERPC in the member server setup
In order to make it much easier to break out the DCERPC services
from smbd, a new samba-dcerpcd binary has been created.
samba-dcerpcd can be used in two ways. In the normal case without
startup script modification it is invoked on demand from smbd or
winbind --np-helper to serve DCERPC over named pipes. Note that
in order to run in this mode the smb.conf [global] section has
a new parameter "rpc start on demand helpers = [true|false]".
This parameter is set to "true" by default, meaning no changes to
smb.conf files are needed to run samba-dcerpcd on demand as a named
pipe helper.
It can also be used in a standalone mode where it is started
separately from smbd or winbind but this requires changes to system
startup scripts, and in addition a change to smb.conf, setting the new
[global] parameter "rpc start on demand helpers = false". If "rpc
start on demand helpers" is not set to false, samba-dcerpcd will
refuse to start in standalone mode.
Note that when Samba is run in the Active Directory Domain Controller
mode the samba binary that provides the AD code will still provide its
normal DCERPC services whilst allowing samba-dcerpcd to provide
services like SRVSVC in the same way that smbd used to in this
configuration.
The parameters that allowed some smbd-hosted services to be started
externally are now gone (detailed below) as this is now the default
setting.
samba-dcerpcd can also be useful for use outside of the Samba
framework, for example, use with the Linux kernel SMB2 server ksmbd or
possibly other SMB2 server implementations.
Heimdal-8.0pre used for Samba Internal Kerberos, adds FAST support
Samba has since Samba 4.0 included a snapshot of the Heimdal Kerberos
implementation. This snapshot has now been updated and will closely
match what will be released as Heimdal 8.0 shortly.
This is a major update, previously we used a snapshot of Heimdal from
2011, and brings important new Kerberos security features such as
Kerberos request armoring, known as FAST. This tunnels ticket
requests and replies that might be encrypted with a weak password
inside a wrapper built with a stronger password, say from a machine
account.
In Heimdal and MIT modes Samba's KDC now supports FAST, for the
support of non-Windows clients.
Windows clients will not use this feature however, as they do not
attempt to do so against a server not advertising domain Functional
Level 2012. Samba users are of course free to modify how Samba
advertises itself, but use with Windows clients is not supported "out
of the box".
Finally, Samba also uses a per-KDC, not per-realm 'cookie' to secure part of
the FAST protocol. A future version will align this more closely with
Microsoft AD behaviour.
If FAST needs to be disabled on your Samba KDC, set
kdc enable fast = no
in the smb.conf.
Certificate Auto Enrollment
Certificate Auto Enrollment allows devices to enroll for certificates from
Active Directory Certificate Services. It is enabled by Group Policy.
To enable Certificate Auto Enrollment, Samba's group policy will need to be
enabled by setting the smb.conf option `apply group policies` to Yes. Samba
Certificate Auto Enrollment depends on certmonger, the cepces certmonger
plugin, and sscep. Samba uses sscep to download the CA root chain, then uses
certmonger paired with cepces to monitor the host certificate templates.
Certificates are installed in /var/lib/samba/certs and private keys are
installed in /var/lib/samba/private/certs.
Ability to add ports to dns forwarder addresses in internal DNS backend
The internal DNS server of Samba forwards queries non-AD zones to one or more
configured forwarders. Up until now it has been assumed that these forwarders
listen on port 53. Starting with this version it is possible to configure the
port using host:port notation. See smb.conf for more details. Existing setups
are not affected, as the default port is 53.
CTDB changes
* The "recovery master" role has been renamed "leader"
Documentation and logs now refer to "leader".
The following ctdb tool command names have changed:
recmaster -> leader
setrecmasterrole -> setleaderrole
Command output has changed for the following commands:
status
getcapabilities
The "[legacy] -> recmaster capability" configuration option has been
renamed and moved to the cluster section, so this is now:
[cluster] -> leader capability
* The "recovery lock" has been renamed "cluster lock"
Documentation and logs now refer to "cluster lock".
The "[cluster] -> recovery lock" configuration option has been
deprecated and will be removed in a future version. Please use
"[cluster] -> cluster lock" instead.
If the cluster lock is enabled then traditional elections are not
done and leader elections use a race for the cluster lock. This
avoids various conditions where a node is elected leader but can not
take the cluster lock. Such conditions included:
- At startup, a node elects itself leader of its own cluster before
connecting to other nodes
- Cluster filesystem failover is slow
The abbreviation "reclock" is still used in many places, because a
better abbreviation eludes us (i.e. "clock" is obvious bad) and
changing all instances would require a lot of churn. If the
abbreviation "reclock" for "cluster lock" is confusing, please
consider mentally prefixing it with "really excellent".
* CTDB now uses leader broadcasts and an associated timeout to
determine if an election is required
The leader broadcast timeout can be configured via new configuration
option
[cluster] -> leader timeout
This specifies the number of seconds without leader broadcasts
before a node calls an election. The default is 5.
REMOVED FEATURES
Older SMB1 protocol SMBCopy command removed
SMB is a nearly 30-year old protocol, and some protocol commands that
while supported in all versions, have not seen widespread use.
One of those is SMBCopy, a feature for a server-side copy of a file.
This feature has been so unmaintained that Samba has no testsuite for
it.
The SMB1 command SMB_COM_COPY (SMB1 command number 0x29) was
introduced in the LAN Manager 1.0 dialect and it was rendered obsolete
in the NT LAN Manager dialect.
Therefore it has been removed from the Samba smbd server.
We do note that a fully supported and tested server-side copy is
present in SMB2, and can be accessed with "scopy" subcommand in
smbclient)
SMB1 server-side wildcard expansion removed
Server-side wildcard expansion is another feature that sounds useful,
but is also rarely used and has become problematic - imposing extra
work on the server (both in terms of code and CPU time).
In actual OS design, wildcard expansion is handled in the local shell,
not at the remote server using SMB wildcard syntax (which is not shell
syntax).
In Samba 4.16 the ability to process file name wildcards in requests
using the SMB1 commands SMB_COM_RENAME (SMB1 command number 0x7),
SMB_COM_NT_RENAME (SMB1 command number 0xA5) and SMB_COM_DELETE (SMB1
command number 0x6) has been removed.
SMB1 protocol has been deprecated, particularly older dialects
We take this opportunity to remind that we have deprecated and
disabled by default, but not removed, the whole SMB1 protocol since
Samba 4.11. If needed for security purposes or code maintenance we
will continue to remove older protocol commands and dialects that are
unused or have been replaced in more modern SMB1 versions.
We specifically deprecate the older dialects older than "NT LM 0.12"
(also known as "NT LANMAN 1.0" and "NT1").
Please note that "NT LM 0.12" is the dialect used by software as old
as Windows 95, Windows NT and Samba 2.0, so this deprecation applies
to DOS and similar era clients.
We do reassure that that 'simple' operation of older clients than
these (eg DOS) will, while untested, continue for the near future, our
purpose is not to cripple use of Samba in unique situations, but to
reduce the maintaince burden.
Eventually SMB1 as a whole will be removed, but no broader change is
announced for 4.16.
In the rare case where the above changes cause incompatibilities,
users requiring support for these features will need to use older
versions of Samba.
No longer using Linux mandatory locks for sharemodes
smbd mapped sharemodes to Linux mandatory locks. This code in the Linux kernel
was broken for a long time, and is planned to be removed with Linux 5.15. This
Samba release removes the usage of mandatory locks for sharemodes and the
"kernel share modes" config parameter is changed to default to "no". The Samba
VFS interface is kept, so that file-system specific VFS modules can still use
private calls for enforcing sharemodes.
smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
kernel share modes New default No
dns forwarder Changed
rpc_daemon Removed
rpc_server Removed
rpc start on demand helpers Added true
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
8b84073efb |
git: Update to version 2.36.0
- Update from 2.35.1 to 2.36.0
- Update of rootfile
- Changelog
2.36 Release Notes
These are too long to include here. To see the details go to the following link
https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.36.0.txt
2.35.3.txt Release Notes
This release merges up the fixes that appear in v2.35.3.
2.35.2 Release Notes
This release merges up the fixes that appear in v2.30.3,
v2.31.2, v2.32.1, v2.33.2 and v2.34.2 to address the security
issue CVE-2022-24765; see the release notes for these versions
for details.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
2a85fc7a12 |
lcdproc: Update to version 0.5.9
- Update from version 0.5.7 (2016) to 0.5.9 (2017)
- Update of rootfile
- This patch brings lcdproc up to date with the most recent release.
- Although there are no new releases there are continuing ongoing commits and issue fixes
being done in the repository with the last commit being in Dec 2021.
Not sure why no new releases are being done. It looks like any of the commits that fix
issuse people have raised have to be patched by the interested people.
- Changelog
0.5.9
This is mostly a code cleanup, bugfix and maintainance release.
Drivers supporting new hardware or additional functionality
HD44780 connection type "serial" supports Portwell EZIO-100 and EZIO-300
HD44780 connection type "gpio" supports dual controller displays.
This connection type is now a full replacement for the obsolete "rpi"
connection type.
Removed configure flags
enable-permissive-menu-goto is replaced by a setting in LCDd.conf
enable-seamless-hbars is now selected by drivers that need it automatically
Other important changes
The build system now specifies the language as C99.
API: drivers need to include "shared/report.h" instead of "report.h"
libftdi1 is used if it is available instead of obsolete libftdi
display update interval is selectable from LCDd.conf
0.5.8
New drivers
futaba: for Futaba TOSD-5711BB VFDisplay commonly used on Elonex Artisan,
Fujitsu Scaleo E and FIC Spectra Media Centre PCs
linux_input: supporting event devices from the linux input subsystem
Olimex_MOD_LCD1x9: for Olimex MOD-LCD1x9
yard2LCD: for yard2
New connection types for hd44780 driver
lcm162 is a differently wired 8 bit connection type used on Nextgate NSA
network appliances
gpio is using the linux sysfs gpio interface to control a display in
4-bit mode. To build this sub-driver you need
libugpio, which is a new dependency
for lcdproc.
Obsolete connection types for hd44780 driver
The following connection types are obsolete and probably won't get bug
and security fixes:
raspberrypi: use the gpio connection type instead
piplate: use the gpio connection type together with the gpio-mcp23s08
kernel module.
pifacecad: use the gpio connection type together with the gpio-mcp23s08
kernel module.
i2c: support for this sub-driver might continue for the users of
non-linux operating systems. On linux systems it is recommended to
use the gpio connection type together with the gpio-pcf857x kernel
module.
Drivers supporting new hardware or additional functionality
icp_a106 now also supports A125 displays
NoritakeVFD added some non-essential features
Other important changes
Development of lcdproc moved to github.
Some internal data structures have changed. If you have custom LCDd
drivers, you will need to recompile them against the new version. Of
course submitting such drivers in pull requests is appreciated.
For a detailed list of bug fixes, see the ChangeLog.md included in the
distribution archive.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Peter Müller
|
fd4c9f98b8 |
Core Update 168: Ship ipset
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
1b16f712c6 |
ipset: Update to version 7.15
- Update from 7.11 to 7.15
- Update of rootfile
- Changelog
7.15
Kernel part changes
netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt()
7.14
Userspace changes
Add missing function to libipset.map and bump library version
Kernel part changes
64bit division isn't allowed on 32bit, replace it with shift
7.13
Userspace changes
When parsing protocols by number, do not check it in /etc/protocols.
Add missing hunk to patch "Allow specifying protocols by number"
Kernel part changes
Limit the maximal range of consecutive elements to add/delete fix
7.12
Userspace changes
Allow specifying protocols by number
Fix example in ipset.8 manpage
tests: add tests ipset to nftables
add ipset to nftables translation infrastructur
lib: Detach restore routine from parser
lib: split parser from command execution
Fix patch "Parse port before trying by service name"
Kernel part changes
Limit the maximal range of consecutive elements to add/delete
Backport "netfilter: use nfnetlink_unicast()"
Backport "netfilter: nfnetlink: consolidate callback type"
Backport "netfilter: nfnetlink: add struct nfnl_info and pass it to
callbacks"
Backport "netfilter: add helper function to set up the nfnetlink header
and use it"
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Peter Müller
|
22ceda82b6 |
Core Update 168: Ship harfbuzz
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
f5ebb58ab4 |
harfbuzz: Update to version 4.2.0
- Update from 3.4.0 to 4.2.0
- Update of rootfile
- Changelog
Overview of changes leading to 4.2.0
Wednesday, March 30, 2022
- Source code reorganization, splitting large hb-ot-layout files into smaller,
per-subtable ones under OT/Layout/*. Code for more tables will follow suit in
later releases. (Garret Rieger, Behdad Esfahbod)
- Revert Indic shaper change in previous release that broke some fonts and
instead make per-syllable restriction of “GSUB” application limited to
script-specific Indic features, while applying them and discretionary
features in one go. (Behdad Esfahbod)
- Fix decoding of private in gvar table. (Behdad Esfahbod)
- Fix handling of contextual lookups that delete too many glyphs. (Behdad Esfahbod)
- Make “morx” deleted glyphs don’t block “GPOS” application. (Behdad Esfahbod)
- Various build fixes. (Chun-wei Fan, Khaled Hosny)
- New API
+hb_set_next_many() (Andrew John)
Overview of changes leading to 4.1.0
Wednesday, March 23, 2022
- Various OSS-Fuzz fixes. (Behdad Esfahbod)
- Make fallback vertical-origin match FreeType’s. (Behdad Esfahbod)
- Treat visible viramas like dependent vowels in USE shaper. (David Corbett)
- Apply presentation forms features and discretionary features in one go in
Indic shaper, which seems to match Uniscribe and CoreText behaviour.
(Behdad Esfahbod, David Corbett)
- Various bug fixes.
- New API
+hb_set_add_sorted_array() (Andrew John)
Overview of changes leading to 4.0.1
Friday, March 11, 2022
- Update OpenType to AAT mappings for “hist” and “vrtr” features.
(Florian Pircher)
- Update IANA Language Subtag Registry to 2022-03-02. (David Corbett)
- Update USE shaper to allow any non-numeric tail in a symbol cluster, and
remove obsolete data overrides. (David Corbett)
- Fix handling of baseline variations to return correctly scaled values.
(Matthias Clasen)
- A new experimental hb_subset_repack_or_fail() to repack an array of objects,
eliminating offset overflows. The API is not available unless HarfBuzz is
built with experimental APIs enabled. (Qunxin Liu)
- New experimental API
+hb_link_t
+hb_object_t
+hb_subset_repack_or_fail()
Overview of changes leading to 4.0.0
Tuesday, March 1, 2022
- New public API to create subset plan and gather information on things like
glyph mappings in the final subset. The plan can then be passed on to perform
the subsetting operation. (Garret Rieger)
- Draw API for extracting glyph shapes have been extended and finalized and is
no longer an experimental API. The draw API supports glyf, CFF and CFF2
glyph outlines tables, and applies variation settings set on the font as well
as synthetic slant. The new public API is not backward compatible with the
previous, non-public, experimental API. (Behdad Esfahbod)
- The hb-view tool will use HarfBuzz draw API to render the glyphs instead of
cairo-ft when compiled with Cairo 1.17.5 or newer, setting HB_DRAW
environment variable to 1 or 0 will force using or not use the draw API,
respectively. (Behdad Esfahbod)
- The hb-shape and hb-view tools now default to using HarfBuzz’s own font
loading functions (ot) instead of FreeType ones (ft). They also have a new
option, --font-slant, to apply synthetic slant to the font. (Behdad Esfahbod)
- HarfBuzz now supports more than 65535 (the OpenType limit) glyph shapes and
metrics. See https://github.com/be-fonts/boring-expansion-spec/issues/6 and
https://github.com/be-fonts/boring-expansion-spec/issues/7 for details.
(Behdad Esfahbod)
- New API to get the dominant horizontal baseline tag for a given script.
(Behdad Esfahbod)
- New API to get the baseline positions from the font, and synthesize missing
ones. As well as new API to get font metrics and synthesize missing ones.
(Matthias Clasen)
- Improvements to finding dependencies on Windows when building with Visual
Studio. (Chun-wei Fan)
- New buffer flag, HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT, that must be set
during shaping for HB_GLYPH_FLAG_UNSAFE_TO_CONCAT flag to be reliably
produced. This is to limit the performance hit of producing this flag to when
it is actually needed. (Behdad Esfahbod)
- Documentation improvements. (Matthias Clasen)
- New API
- General:
+HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT
+hb_var_num_t
- Draw:
+hb_draw_funcs_t
+hb_draw_funcs_create()
+hb_draw_funcs_reference()
+hb_draw_funcs_destroy()
+hb_draw_funcs_is_immutable()
+hb_draw_funcs_make_immutable()
+hb_draw_move_to_func_t
+hb_draw_funcs_set_move_to_func()
+hb_draw_line_to_func_t
+hb_draw_funcs_set_line_to_func()
+hb_draw_quadratic_to_func_t
+hb_draw_funcs_set_quadratic_to_func()
+hb_draw_cubic_to_func_t
+hb_draw_funcs_set_cubic_to_func()
+hb_draw_close_path_func_t
+hb_draw_funcs_set_close_path_func()
+hb_draw_state_t
+HB_DRAW_STATE_DEFAULT
+hb_draw_move_to()
+hb_draw_line_to()
+hb_draw_quadratic_to()
+hb_draw_cubic_to()
+hb_draw_close_path()
+hb_font_get_glyph_shape_func_t
+hb_font_funcs_set_glyph_shape_func()
+hb_font_get_glyph_shape()
- OpenType layout
+HB_OT_LAYOUT_BASELINE_TAG_IDEO_FACE_CENTRAL
+HB_OT_LAYOUT_BASELINE_TAG_IDEO_EMBOX_CENTRAL
+hb_ot_layout_get_horizontal_baseline_tag_for_script()
+hb_ot_layout_get_baseline_with_fallback()
- Metrics:
+hb_ot_metrics_get_position_with_fallback()
- Subset:
+hb_subset_plan_t
+hb_subset_plan_create_or_fail()
+hb_subset_plan_reference()
+hb_subset_plan_destroy()
+hb_subset_plan_set_user_data()
+hb_subset_plan_get_user_data()
+hb_subset_plan_execute_or_fail()
+hb_subset_plan_unicode_to_old_glyph_mapping()
+hb_subset_plan_new_to_old_glyph_mapping()
+hb_subset_plan_old_to_new_glyph_mapping()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|