- Added validation code for the location group name. This is only validated when edited
and not when created.
- The code was copied from the section for creating the Services Group Name or the
Network/Host Group Name.
Fixes: Bug#13206
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Around three years ago the samba wui page was simplified and several parts were removed
including the ability to set either wide links or unix extensions to be enabled
- When the above was done wide links = yes was defined in the samba.cgi code
- unix extenstions was not defined and therefore took the default value which was/is yes
- unix extensions is now called smb1 unix extensions and has the same default value of yes
- With both wide links = yes and smb1 unix extensions = yes means that when there is a
wide symlink (one that goes outside the share directory tree) then wide links is disabled
because smb1 unix extensions is enabled. This is even though the smb1 protocol is disabled
by default.
- This patch sets smb1 unix extensions = no in the configuration.
- This has been tested in my vm testbed and confirmed that the error message is no longer
shown and that any wide links are able to be accessed from the share mounted on a client
Fixes: Bug#13193
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.34 to 1.35
- Update of rootfile not required
- Changelog
1.35 - Sergey Poznyakoff, 2023-07-18
* Fail when building GNU tar, if the platform supports 64-bit time_t
but the build uses only 32-bit time_t.
* Leave the devmajor and devminor fields empty (rather than zero) for
non-special files, as this is more compatible with traditional tar.
* Bug fixes
** Fix interaction of --update with --wildcards.
** When extracting archives into an empty directory, do not create
hard links to files outside that directory.
** Handle partial reads from regular files.
** Warn "file changed as we read it" less often.
Formerly, tar warned if the file's size or ctime changed.
However, this generated a false positive if tar read a file
while another process hard-linked to it, changing its ctime.
Now, tar warns if the file's size, mtime, user ID, group ID,
or mode changes. Although neither heuristic is perfect,
the new one should work better in practice.
** Fix --ignore-failed-read to ignore file-changed read errors
as far as exit status is concerned. You can now suppress file-changed
issues entirely with --ignore-failed-read --warning=no-file-changed.
** Fix --remove-files to not remove a file that changed while we read it.
** Fix --atime-preserve=replace to not fail if there was no need to replace,
either because we did not read the file, or the atime did not change.
** Fix race when creating a parent directory while another process is
also doing so.
** Fix handling of prefix keywords not followed by "." in pax headers.
** Fix handling of out-of-range sparse entries in pax headers.
** Fix handling of --transform='s/s/@/2'.
** Fix treatment of options ending in / in files-from list.
** Fix crash on 'tar --checkpoint-action exec=\"'.
** Fix low-memory crash when reading incremental dumps.
** Fix --exclude-vcs-ignores memory allocation misuse.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Fix excessive time spent checking DH q parameter value.
The function DH_check() performs various checks on DH parameters. After
fixing CVE-2023-3446 it was discovered that a large q parameter value can
also trigger an overly long computation during some of these checks.
A correct q value, if present, cannot be larger than the modulus p
parameter, thus it is unnecessary to perform these checks if q is larger
than p.
If DH_check() is called with such q parameter value,
DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
intensive checks are skipped.
([CVE-2023-3817])
*Tomáš Mráz*
* Fix DH_check() excessive time with over sized modulus.
The function DH_check() performs various checks on DH parameters. One of
those checks confirms that the modulus ("p" parameter) is not too large.
Trying to use a very large modulus is slow and OpenSSL will not normally use
a modulus which is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the supplied
modulus value even if it has already been found to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying a
key/parameters with a modulus over this size will simply cause DH_check() to
fail.
([CVE-2023-3446])
*Matt Caswell*
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
with NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated. ([CVE-2023-2975])
Thanks to Juerg Wullschleger (Google) for discovering the issue.
The fix changes the authentication tag value and the ciphertext for
applications that use empty associated data entries with AES-SIV.
To decrypt data encrypted with previous versions of OpenSSL the application
has to skip calls to `EVP_DecryptUpdate()` for empty associated data
entries.
*Tomáš Mráz*
* When building with the `enable-fips` option and using the resulting
FIPS provider, TLS 1.2 will, by default, mandate the use of an extended
master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will
not operate with truncated digests (FIPS 140-3 IG G.R).
*Paul Dale*
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.23.12 to 0.23.13
- Update of rootfile not required
- mpd needs version 0.23.13 to build with fmt-10.0.0
- Changelog
0.23.13 (2023/05/22)
* input
- curl: fix busy loop after connection failed
- curl: hide "404" log messages for non-existent ".mpdignore" files
* archive
- zzip: fix crash bug
* database
- simple: reveal hidden songs after deleting containing CUE
* decoder
- ffmpeg: reorder to a lower priority than "gme"
- gme: require GME 0.6 or later
* output
- pipewire: fix corruption bug due to missing lock
* Linux
- shut down if parent process dies in --no-daemon mode
- determine systemd unit directories via pkg-config
* support libfmt 10
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 9.1.0 to 10.0.0
- Update of rootfile
- sobump so ran ./make find dependencies. This highlighted mpd but that needs to be
updated anyway as the existing version does not build with fmt-10.0.0
- Changelog is too large to include here. See the file ChangeLog.rst in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Gettext earlier than 0.21 would still build when it found errors in language files etc.
With gettext-0.22 if it finds any errors it now stops.
- There were two lines in the french po file in procps that had erros in them. procps have
raised a commit to fix those. The patch included here carries out that commit.
- Update of rootfile not required.
- This patch will not be needed when the next update of procps occurs.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.21 to 0.22
- Update of rootfile
- Changelog
0.22 - June 2023
* PO file format:
- When a #: line contains references to file names that contain spaces,
these file names are surrounded by Unicode characters U+2068 and U+2069.
This makes it possible to parse such references correctly.
* Improvements for maintainers:
- The AM_GNU_GETTEXT macro now defines two variables localedir_c and
localedir_c_make, that can be used in C code or in Makefiles,
respectively, for representing the value of the --localedir configure
option.
* Programming languages support:
- C, C++:
o xgettext now supports gettext-like functions that take wide strings
(of type 'const wchar_t *', 'const char16_t *', or 'const char32_t *')
as arguments.
o xgettext now recognizes numbers with digit separators, as defined by
ISO C 23, as tokens.
o xgettext and msgfmt now recognize the format string directive %b
(for binary integer output, as defined by ISO C 23) in format strings.
o xgettext and msgfmt now recognize the argument size specifiers
w8, w16, w32, w64, wf8, wf16, wf32, wf64 (as defined by ISO C 23)
in format strings.
o xgettext and msgfmt now recognize C++ format strings, as defined by
ISO C++ 20. They are marked as 'c++-format' in POT and PO files.
A new example has been added, 'hello-c++20', that illustrates how
to use these format strings with gettext.
- Java:
o The build system and tools now also support Java versions newer than
Java 11. This is known to work up to Java 20, at least. On the other
hand, support for old versions of Java (Java 1.5 and GCJ) has been
dropped.
- Tcl: xgettext now supports the \x, \u, and \U escapes as defined in
Tcl 8.6.
* Portability:
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with an encoding other than UTF-8.
To this effect, the msgfmt program now converts the messages to UTF-8
encoding before storing them in a MO file. You can prevent this by
using the msgfmt --no-convert option.
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with ISO C 99 <inttypes.h> format
string directive macros. To this effect, the msgfmt program pre-expands
strings with such macros. You can prevent this by using the msgfmt
--no-redundancy option.
* xgettext:
- The xgettext option '--sorted-output' is now deprecated.
- xgettext input files of type PO that are not all ASCII and not UTF-8
encoded are now handled correctly.
* The base Unicode standard is now updated to 15.0.0.
* Emacs PO mode:
Fix an incompatibility with Emacs version 29 or newer.
0.21.1 - October 2022
* Runtime behaviour:
- On AIX, locale names with a script or with an uppercase language are now
supported.
For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and
EN_US.UTF-8 is treated like en_US.UTF-8.
* The base Unicode standard is now updated to 14.0.0.
* Portability:
- Building on macOS 11/arm64 is now supported.
- Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is probably a lot easier than calling all sorts of shell commands
from Perl.
The script has also changed that it will try to mount/umount all
configured mountpoints unless a specific mountpoint is being given.
An initscript will be needed to mount everything when the system is
booting up and umount everything on shutdown.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This feature does not have any benefit because the linux kernel
knows best which filesystem a device/partition has.
So there is no need for a user to specify this by-hand. This also
prevents from choosing a wrong fs type and as a direct result in a
not mountable device.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This functions are going to replace the former used scan/write to file/read from
file approach by directly collecting the required informations from the
kernel sysfs and devfs.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is another fragment of rngd - the gift that keeps giving.
The udev rules file contains a lot of stuff for a prototype which never
went into production. So, that can be dropped.
It would have been left with one rule that starts rngd whenever a HWRNG
is being found. That is however no longer needed as rngd is being
started in the init process. We no longer need to initialize it as early
as possible to seed the kernel's PRNG.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- This problem occurred with pmacct-1.7.8 and was raised with upstream. They identified a
bug and provided a commit with a fix.
- Unfortunately the commit can not be used on version 1.7.8 from Dec 2022 as it depends on
other commits applied in the period from Dec 2022 to July 2023.
- The next version release is likely to come out around Dec 2023 to Mar 2024 based on the
previous release frequency (6 to 9 months)
- The only alternative was to make a release from the commit stage of the fix. In Github
this only provides a zip file. So I extracted the zip file and then re-archived it
as a .tar.gz file
- Build went successfully and the .ipfire package file was tested successfully by @Jon
Fixes: Bug#13163
Tested-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.71.1 to 2.77.0
- Update of rootfile
- Changelog is too large to include here. Details can be found in the NEWS file in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.22.4 to 1.23.0
- Update of rootfile
- Changelog is too large to show here.
See the NEWS file in the source tarball for user visible changes. This does not
include any bug fixes.
For bug fixes and all commits see the ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- If the certificate name has underscores in it then the status always shows as DISCONNECTED
alothough the actual connection is working and can be used.
- The certificate with underscores works fine. RFC5280 accepts underscores in the name.
- The code for checking the status splits up the status message and takes the first part
as the common name for the connection. Then there is a regex command which rerplaces
any underscores in the status common name with spaces. This results in the connection
with underscores in the certificate name never matching any status feedback common
name as the underscores have been replaced by spaces.
- This has been tested to work with my vm test bed. With existing code the connection with
underscores in the certificate name permanently showed DISCONNECTED. With the code change
the connection shows as CONNECTED very quickly.
Fixes: Bug#13190
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update perl dircetory for plugin from 5.32.1 to 5.36.0
- Perl was updated in August 2022 but this directory was missed when that update was done.
A forum member has tried to use gnump3d and had problems because it was trying to use
the perl 5.32.1 directory for a plugin in the gnump3d.conf file
- Bumped the PAK_VER to ensure that gniump3d is shipped.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
