mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-05-03 08:42:55 +02:00
ffdc6fbba8732f7cdce77e09e4cae8a0b5651ec1
1798 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Tremer
|
bf4da9c80f |
dnsdist: Update to 1.8.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Adolf Belka
|
149cd8971a |
powertop: Remove this addon as it does not work without debug_fs enabled
- powertop requires debug_fs to be enabled in the kernel for it to function. In Core Update 171 debug_fs was disabled as a security risk for a firewall application. - Based on the above powertop has stopped functioning since Core Update 171. Discussed at IPFire Developers monthly conf call for April and agreed to remove the addon as debug_fs will not be re-enabled. - removal of lfs and rootfiles and removal of powertop line in make.sh Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Peter Müller
|
653c04a9db |
freeradius: Update to 3.0.26
This is necessary for updating OpenSSL to 3.1.x Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
cf2d231d36 |
aws-cli: Update to version 1.27.100
- Update from version 1.23.12 to 1.27.100 - Update of rootfile - Changelog is over 2000 lines long. For details please see the CHNGELOG.rst file in the source tarball Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
931324b1a4 |
ghostscript: Update to version 10.01.1
- Update from version 10.0.0 to 10.01.1 - Update of rootfile - Changelog highlights is only shown in the website. For more details of the changes made you bhave to go and look at the commit log https://git.ghostscript.com/?p=ghostpdl.git;a=shortlog;h=refs/heads/master Version 10.01.0 (2023-03-22) Highlights in this release include: We've continued to improve the performance of the PDF interpreter written in C and improve it's behaviour in edge and out-of-specification cases. Our efforts in code hygiene and maintainability continue. The usual round of bug fixes, compatibility changes, and incremental improvements. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
077a55f4f9 |
7zip: Update to version 17.05
- Update from version 17.04 to 17.05 - Update of rootfile - Changelog Version 17.05 - add UTF-8 support for Client7z - fix issue 130 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
385f7bd8ac |
elfutiles: Update to version 0.189
- Update from version 0.187 to 0.189 - Update of rootfile - Changelog Version 0.189 "Don't deflate!" configure: eu-nm, eu-addr2line and eu-stack can provide demangled symbols when linked with libstdc++. Use --disable-demangler to disable. A new option --enable-sanitize-memory has been added for msan sanitizer support. libelf: elf_compress now supports ELFCOMPRESS_ZSTD when build against libzstd libdwfl: dwfl_module_return_value_location now returns 0 (no return type) for DIEs that point to a DW_TAG_unspecified_type. elfcompress: -t, --type= now support zstd if libelf has been build with ELFCOMPRESS_ZSTD support. backends: Add support for LoongArch and Synopsys ARCv2 processors. Version 0.188 "no section left behind" readelf: Add -D, --use-dynamic option. debuginfod-client: Add $DEBUGINFOD_HEADERS_FILE setting to supply outgoing HTTP headers. Add new function debuginfod_find_section. debuginfod: Add --disable-source-scan option. libdwfl: Add new function dwfl_get_debuginfod_client. Add new function dwfl_frame_reg. Add new function dwfl_report_offline_memory. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
d8a10d15fd |
sdl2: Update to version 2.26.4
- Update from version 2.26.2 to 2.26.4
- Update of rootfile
- Changelog
2.26.4 Latest
Fixed relative mouse motion over remote desktop on Windows
Fixed using older game controller mappings on Linux
2.26.3
Fixed infinite loop shutting down WGI controllers
Fixed centering the D-pad on some Xbox controllers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
|
||
|
Adolf Belka
|
f21d3a5ad3 |
python3-setuptools: Update to version 67.5.1
- Update from version 65.4.1 to 67.5.1 - Update of rootfile - Changelog v67.5.1 Misc * #3836: Fixed interaction between ``setuptools``' package auto-discovery and auto-generated ``htmlcov`` files. Previously, the ``htmlcov`` name was ignored when searching for single-file modules, however the correct behaviour is to ignore it when searching for packages (since it is supposed to be a directory, see `coverage config`_) -- by :user:`yukihiko-shinoda`. .. _coverage config: https://coverage.readthedocs.io/en/stable/config.html#html-directory * #3838: Improved error messages for ``pyproject.toml`` validations. * #3839: Fixed ``pkg_resources`` errors caused when parsing metadata of packages that are already installed but do not conform with PEP 440. v67.5.0 Changes * #3843: Although pkg_resources has been discouraged for use, some projects still consider pkg_resources viable for usage. This change makes it clear that pkg_resources should not be used, emitting a DeprecationWarning when imported. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
a9bca0f0d8 |
cups-filters: -std=c++17 required due to problem introduced with qpdf-11.3.0
- Add -std=c++17 flag to configure - Disable static libs - Update of rootfile Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
Jon Murphy
|
3ad00458a5 |
pcengines-apu-firmware: Update to version 4.19.0.1
- Update from 4.17.0.3 to 4.19.0.1
- Changelog
v4.19.0.1 - Release date: 2023-02-02
Rebased with official coreboot repository commit 2ccbcc5
Removed configuration and mainboard files for apu1 due to the board being dropped from upstream coreboot
See: https://github.com/pcengines/coreboot/compare/v4.17.0.3...v4.19.0.1
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
|
||
|
Adolf Belka
|
3791abd6eb |
dbus: Update to version 1.14.6
- Update from version 1.14.4 to 1.14.6 - Update of rootfile - The Denial of service issue mentioned first in the changelog is not applicable to IPFire as the build is done without asserts enabled. - Changelog dbus 1.14.6 (2023-02-08) Denial of service fixes: • Fix an incorrect assertion that could be used to crash dbus-daemon or other users of DBusServer prior to authentication, if libdbus was compiled with assertions enabled. We recommend that production builds of dbus, for example in OS distributions, should be compiled with checks but without assertions. (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin) Other fixes: • When connected to a dbus-broker, stop dbus-monitor from incorrectly replying to Peer method calls that were sent to the dbus-broker with a NULL destination (dbus#301, Kai A. Hiller) • Fix out-of-bounds varargs read in the dbus-daemon's config-parser. This is not attacker-triggerable and appears to be harmless in practice, but is technically undefined behaviour and is detected as such by AddressSanitizer. (dbus!357, Evgeny Vereshchagin) • Avoid a data race in multi-threaded use of DBusCounter (dbus#426, Ralf Habacker) • Fix a crash with some glibc versions when non-auditable SELinux events are logged (dbus!386, Jeremi Piotrowski) • If dbus_message_demarshal() runs out of memory while validating a message, report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie) • Use C11 _Alignof if available, for better standards-compliance (dbus!389, Khem Raj) • Stop including an outdated copy of pkg.m4 in the git tree (dbus!365, Simon McVittie) • Documentation: · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan) • Tests fixes: · Fix the test-apparmor-activation test after dbus#416 (dbus!380, Dave Jones) Internal changes: • Fix CI builds with recent git versions (dbus#447, Simon McVittie) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Michael Tremer
|
b7fdcbf6ca |
perl-TimeDate: Move from package into main system
This is now required by ovpnmain.cgi for certificate expiry time detection. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
3fca7d6c76 |
epson-inkjet-printer-escpr: Update to version 1.7.23
- Update from version 1.6.12 to 1.7.23 - Update of rootfile - Changelog Most changes are related to additional printers except for 1.7.10 * Fixed the problem that epson-escpr-wrapper filter would crash when cupsRasterReadHeader failed. 1.7.7.2 * Supported new model. * Fixed an issue of filter crash when FIFO I/O was closed. 1.7.0 * Supported new models. * Applied Privacy Statement. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
f4b849cb3f |
rng-tools: Move from core package to addon - fixes bug 12900
- This patch is to move the rng-tools package from a core package to an addon. With the kernel changes from 5.6 rngd is no longer needed to create the required kernel entropy. - The results from HRNG's via rngd are used with an XOR after the entropy is collected by the kernel. So the HWRNG output is used to dilute the kernel random number data, which is already merged from several sources. - Based on the above and @Paul's request in the bug report to have rng-tools kept as an addon this patch set is submitted for consideration to keep rng-tools but as an addon. - move rng-tools rootfile from common to packages - Modify rng-tools lfs from core package to addon package - Create rng-tools pak to install and uninstall - creating rc.d links for start & stop. - Move rngd initscript from system to packages directory. - Installed into my vm testbed and confirmed that it works. No rngd daemon installed from iso install. After addon install rngd is present and running. Added various files to be able to test the services wui page. rngd shows up and can be turned off and on Fixes: Bug#12900 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> |
||
Arne Fitzenreiter
|
f5ee536b72 |
rootfile: add many rootfiles for riscv64
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Arne Fitzenreiter
|
d79c944425 |
rootfiles: vdr-dvbapi and amazon-ssm-agent are identical now
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
e7a72e5863 |
make: Update to version 4.4
- Update from version 4.3 to 4.4 - Update of rootfile - the $(MAKETUNING) option does not work with the elinks build with version 4.4 A linked patch has been created for the removal of that option from the elinks lfs file. - Changelog Version 4.4 (31 Oct 2022) A complete list of bugs fixed in this version is available here: https://sv.gnu.org/bugs/index.php?group=make&report_id=111&fix_release_id=109&set=custom * WARNING: Deprecation! The following systems are deprecated in this release: - OS/2 (EMX) - AmigaOS - Xenix - Cray In the NEXT release of GNU Make, support for these systems will be removed. If you want to see them continue to be supported, contact <bug-make@gnu.org>. * WARNING: Future backward-incompatibility! In the NEXT release of GNU Make, pattern rules will implement the same behavior change for multiple targets as explicit grouped targets, below: if any target of the rule is needed by the build, the recipe will be invoked if any target of the rule is missing or out of date. During testing some makefiles were found to contain pattern rules that do not build all targets; this can cause issues so we are delaying this change for one release cycle to allow these makefiles to be updated. GNU Make shows a warning if it detects this situation: "pattern recipe did not update peer target". * WARNING: Backward-incompatibility! GNU Make now uses temporary files in more situations than previous releases. If your build system sets TMPDIR (or TMP or TEMP on Windows) and deletes the contents during the build, or uses restrictive permissions, this may cause problems. You can choose an alternative temporary directory only for use by GNU Make by setting the new MAKE_TMPDIR environment variable before invoking make. Note that this value CANNOT be set inside the makefile, since make needs to find its temporary directory before the makefiles are parsed. * WARNING: Backward-incompatibility! Previously each target in a explicit grouped target rule was considered individually: if the targets needed by the build were not out of date the recipe was not run even if other targets in the group were out of date. Now if any of the grouped targets are needed by the build, then if any of the grouped targets are out of date the recipe is run and all targets in the group are considered updated. * WARNING: Backward-incompatibility! Previously if --no-print-directory was seen anywhere in the environment or command line it would take precedence over any --print-directory. Now, the last setting of directory printing options seen will be used, so a command line such as "--no-print-directory -w" _will_ show directory entry/exits. * WARNING: Backward-incompatibility! Previously the order in which makefiles were remade was not explicitly stated, but it was (roughly) the inverse of the order in which they were processed by make. In this release, the order in which makefiles are rebuilt is the same order in which make processed them, and this is defined to be true in the GNU Make manual. * WARNING: Backward-incompatibility! Previously only simple (one-letter) options were added to the MAKEFLAGS variable that was visible while parsing makefiles. Now, all options are available in MAKEFLAGS. If you want to check MAKEFLAGS for a one-letter option, expanding "$(firstword -$(MAKEFLAGS))" is a reliable way to return the set of one-letter options which can be examined via findstring, etc. * WARNING: Backward-incompatibility! Previously makefile variables marked as export were not exported to commands started by the $(shell ...) function. Now, all exported variables are exported to $(shell ...). If this leads to recursion during expansion, then for backward-compatibility the value from the original environment is used. To detect this change search for 'shell-export' in the .FEATURES variable. * WARNING: New build requirement GNU Make utilizes facilities from GNU Gnulib: Gnulib requires certain C99 features in the C compiler and so these features are required by GNU Make: https://www.gnu.org/software/gnulib/manual/html_node/C99-features-assumed.html The configure script should verify the compiler has these features. * New feature: The .WAIT special target If the .WAIT target appears between two prerequisites of a target, then GNU Make will wait for all of the targets to the left of .WAIT in the list to complete before starting any of the targets to the right of .WAIT. This feature is available in some other versions of make, and it will be required by an upcoming version of the POSIX standard for make. Different patches were made by Alexey Neyman <alex.neyman@auriga.ru> (2005) and Steffen Nurpmeso <steffen@sdaoden.eu> (2020) that were useful but the result is a different implementation (closer to Alexey's idea). * New feature: .NOTPARALLEL accepts prerequisites If the .NOTPARALLEL special target has prerequisites then all prerequisites of those targets will be run serially (as if .WAIT was specified between each prerequisite). * New feature: The .NOTINTERMEDIATE special target .NOTINTERMEDIATE disables intermediate behavior for specific files, for all files built using a pattern, or for the entire makefile. Implementation provided by Dmitry Goncharov <dgoncharov@users.sf.net> * New feature: The $(let ...) function This function allows user-defined functions to define a set of local variables: values can be assigned to these variables from within the user-defined function and they will not impact global variable assignments. Implementation provided by Jouke Witteveen <j.witteveen@gmail.com> * New feature: The $(intcmp ...) function This function allows conditional evaluation controlled by a numerical comparison. Implementation provided by Jouke Witteveen <j.witteveen@gmail.com> * New feature: Improved support for -l / --load-average On systems that provide /proc/loadavg (Linux), GNU Make will use it to determine the number of runnable jobs and use this as the current load, avoiding the need for heuristics. Implementation provided by Sven C. Dack <sdack@gmx.com> * New feature: The --shuffle command line option This option reorders goals and prerequisites to simulate non-determinism that may be seen using parallel build. Shuffle mode allows a form of "fuzz testing" of parallel builds to verify that all prerequisites are correctly described in the makefile. Implementation provided by Sergei Trofimovich <siarheit@google.com> * New feature: The --jobserver-style command line option and named pipes A new jobserver method is used on systems where mkfifo(3) is supported. This solves a number of obscure issues related to using the jobserver and recursive invocations of GNU Make. This change means that sub-makes will connect to the jobserver even if they are not marked as recursive. It also means that other tools that want to participate in the jobserver will need to be enhanced as described in the GNU Make manual. You can force GNU Make to use the simple pipe-based jobserver (perhaps if you are integrating with other tools or older versions of GNU Make) by adding the '--jobserver-style=pipe' option to the command line of the top-level invocation of GNU Make, or via MAKEFLAGS or GNUMAKEFLAGS. To detect this change search for 'jobserver-fifo' in the .FEATURES variable. * Some POSIX systems (*BSD) do not allow locks to be taken on pipes, which caused the output sync feature to not work properly there. Also multiple invocations of make redirecting to the same output file (e.g., /dev/null) would cause hangs. Instead of locking stdout (which does have some useful performance characteristics, but is not portable) create a temporary file and lock that. Windows continues to use a mutex as before. * GNU Make has sometimes chosen unexpected, and sub-optimal, chains of implicit rules due to the definition of "ought to exist" in the implicit rule search algorithm, which considered any prerequisite mentioned in the makefile as "ought to exist". This algorithm has been modified to prefer prerequisites mentioned explicitly in the target being built and only if that results in no matching rule, will GNU Make consider prerequisites mentioned in other targets as "ought to exist". Implementation provided by Dmitry Goncharov <dgoncharov@users.sf.net> * GNU Make was performing secondary expansion of all targets, even targets which didn't need to be considered during the build. In this release only targets which are considered will be secondarily expanded. Implementation provided by Dmitry Goncharov <dgoncharov@users.sf.net> * If the MAKEFLAGS variable is modified in a makefile, it will be re-parsed immediately rather than after all makefiles have been read. Note that although all options are parsed immediately, some special effects won't appear until after all makefiles are read. * The -I option accepts an argument "-" (e.g., "-I-") which means "reset the list of search directories to empty". Among other things this can be used to prevent GNU Make from searching in its default list of directories. * New debug option "print" will show the recipe to be run, even when silent mode is set, and new debug option "why" will show why a target is rebuilt (which prerequisites caused the target to be considered out of date). Implementation provided by David Boyce <David.S.Boyce@gmail.com> * The existing --trace option is made equivalent to --debug=print,why * Target-specific variables can now be marked "unexport". * Exporting / unexporting target-specific variables is handled correctly, so that the attribute of the most specific variable setting is used. * Special targets like .POSIX are detected upon definition, ensuring that any change in behavior takes effect immediately, before the next line is parsed. * When the pipe-based jobserver is enabled and GNU Make decides it is invoking a non-make sub-process and closes the jobserver pipes, it will now add a new option to the MAKEFLAGS environment variable that disables the jobserver. This prevents sub-processes that invoke make from accidentally using other open file descriptors as jobserver pipes. For more information see https://savannah.gnu.org/bugs/?57242 and https://savannah.gnu.org/bugs/?62397 * A long-standing issue with the directory cache has been resolved: changes made as a side-effect of some other target's recipe are now noticed as expected. * GNU Make can now be built for MS-Windows using the Tiny C tcc compiler. Port provided by Christian Jullien <eligis@orange.fr> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Michael Tremer
|
39f94ee8eb |
Drop support for armv6l (and armv7hl)
This removes support for building IPFire for 32 bit ARM architectures. This has been decided in August 2022 with six months notice as there are not very many users and hardware is generally not available any more. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
ec83fe38a3 |
Rootfile update for ARM
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
024220e4df |
libtirpc: Convert from an addon to a core program - fixes Bug 13015
- libtirpc is required for lsof to work from CU172 onwards. rpc.h is no longer available from glibc. This would normally cause the lsof build to fail but libtirpc as an addon is built before lsof and so is present in the build and lsof is linked to it. When running lsof it fails as the linked libtirpc library is not present unless it has been installed as an addon. - This patch converts the libtirpc lfs from an addon to a core program and moves the rootfile from the packages directory to the common directory. - Tested out on my vm testbed. With CU172 lsof fails to run due to the missing libtirpc With the build based on this patch installed lsof works normally again. - Disabled the static library build in the configure options and updated the rootfile Tested-by: Adolf Belka <adolf.belka@ipfire.org> Fixes: Bug#13015 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> |
||
|
Adolf Belka
|
14dcff8507 |
nfs: Update to version 2.6.2
- Update from version 2.6.1 to 2.6.2 - Update of rootfile - Changelog is available in sourceforge at the following url https://sourceforge.net/projects/nfs/files/nfs-utils/2.6.2/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
Matthias Fischer
|
949c109a6c |
clamav: Update to 1.0.0
[Please note: This 'clamav' version needs rust >1.56] For details see: https://blog.clamav.net/2022/11/clamav-100-lts-released.html Excerpt: "Major changes Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password. Use of the default password will now appear in the metadata JSON. Overhauled the implementation of the all-match feature. The newer code is more reliable and easier to maintain. This project fixed several known issues with signature detection in all- match mode: Enabled embedded file-type recognition signatures to match when a malware signature also matched in a scan of the same layer. Enabled bytecode signatures to run in all-match mode after a match has occurred. Fixed an assortment of all-match edge case issues. Added multiple test cases to verify correct all-match behavior. Added a new callback to the public API for inspecting file content during a scan at each layer of archive extraction. The new callback function type is clcb_file_inspection defined in clamav.h. The function cl_engine_set_clcb_file_inspection() may be used to enable the callback prior to performing a scan. This new callback is to be considered unstable for the 1.0 release. We may alter this function in a subsequent feature version. Added a new function to the public API for unpacking CVD signature archives. The new function is cl_cvdunpack(). The last parameter for the function may be set to verify if a CVD's signature is valid before unpacking the CVD content to the destination directory. The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default build options for TomsFastMath to support bigger floating point numbers. Without this change, database and Windows EXE/DLL authenticode certificate validation may fail. The ENABLE_EXTERNAL_TOMSFASTMATH build is now ignored. Moved the Dockerfile and supporting scripts from the main ClamAV repository over to a new repository: https://github.com/Cisco-Talos/clamav-docker The separate repository will make it easier to update the images and fix issues with images for released ClamAV versions. Any users building the ClamAV Docker image rather than pulling them from Docker Hub will have to get the latest Docker files from the new location. Increased the SONAME major version for libclamav because of ABI changes between the 0.103 LTS release and the 1.0 LTS release. Other improvements Add checks to limit PDF object extraction recursion. Increased the limit for memory allocations based on untrusted input and altered the warning message when the limit is exceeded so that it is more helpful and less dramatic. Dramatically improved the build time of libclamav-Rust unit tests. The unit test build is included in the time limit for the test itself and was timing out on slower systems. The ClamAV Rust code modules now share the same build directory, which also reduces the amount of disk space used for the build. For Windows: The debugging symbol (PDB) files are now installed alongside the DLL and LIB library files when built in "RelWithDebInfo" or "Debug" mode. Relaxed the constraints on the check for overlapping ZIP file entries so as not to alert on slightly malformed, but non-malicious, Java (JAR) archives. Increased the time limit in FreshClam before warning if the DNS entry is stale. In combination with changes to update the DNS entry more frequently, this should prevent false alarms of failures in the database publication system. Docker: The C library header files are now included in the Docker image. Patch courtesy of GitHub user TerminalFi. Show the BYTECODE_RUNTIME build options when using the ccmake GUI for CMake. Patch courtesy of Дилян Палаузов. Added explicit minimum and maximum supported LLVM versions so that the build will fail if you try to build with a version that is too old or too new and will print a helpful message rather than simply failing to compile because of compatibility issues. Patch courtesy of Matt Jolly. Fixed compiler warnings that may turn into errors in Clang 16. Patch courtesy of Michael Orlitzky. Allow building with a custom RPATH so that the executables may be moved after build in a development environment to a final installation directory. Bug fixes Assorted code quality fixes. These are not security issues and will not be backported to prior feature versions: Several heap buffer overflows while loading PDB and WDB databases were found by OSS-Fuzz and by Michal Dardas. oss-fuzz 43843: heap buffer overflow read (1) cli_sigopts_handler oss-fuzz 44849: heap buffer overflow read (4) in HTML/js-norm oss-fuzz 43816: heap buffer overflow read (8) in cli_bcomp_freemeta oss-fuzz 43832: heap buffer overflow read (2) in cli_parse_add oss-fuzz 44493: integer overflow in cli_scannulsft CIFuzz leak detected in IDB parser oss-fuzz assorted signature parser leaks oss-fuzz 40601: leak detected in pdf_parseobj Fixed a build failure when using LIBCLAMAV_ONLY mode with tests enabled. Fixed an issue verifying EXE/DLL authenticode signatures to determine a given file can be trusted (skipped). Fixed a caching bug relating to the Container and Intermediates logical signature condition. Fixed a build issue when build with RAR disabled or when building with an external libmspack library rather than the bundled library. Fixed the capitalization of the -W option for clamonacc in the clamonacc manpage. Patch courtesy of GitHub user monkz. macOS: Fixed an issue with memory-map (mmap) system call detection affecting versions 0.105 and 0.104. Memory maps may be used in ClamAV to improve signature load performance and scan performance, as well as RAM usage. Fixed a performance issue with Rust code when the build type is not explicitly set to "Release" or "RelWithDebInfo". The Rust default build type is now "RelWithDebInfo" just like the C code, instead of Debug. This means it is now optimized by default. Fixed an issue loading Yara rules containing regex strings with an escaped forward-slash (\/) followed by a colon (:). Fixed an issue detecting and scanning ZIP file entries appended to very small files. The fix is part of the all-match feature overhaul. Fixed a detection issue with EXE/DLL import-address-table hash signatures that specify a wildcard (*) for the size field. The fix is part of the all-match feature overhaul. Fixed the default bytecode timeout value listed in the manpages and in the sample config files. Patches courtesy of Liam Jarvis and Ben Bodenmiller. Fixed an issue building the libclamav_rust test program when running ctest if building with BYTECODE_RUNTIME=llvm and when the FindLLVM.cmake module is used to find the LLVM libraries. Patch courtesy of GitHub user teoberi. Fixed an issue where scans sent to clamd with the all-match mode enabled caused all subsequent scans to also use all-match mode. Fixed bug when starting clamonacc with the --log=FILE option that created randomly named files in the current directory. Other assorted bug fixes." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> |
||
|
Adolf Belka
|
7bb36910f4 |
iotop: Update to version 1.22 coming from new repository
- Existing iotop is version 0.6 from 2013. In that original repository there have been 42 commits since then up to 2022-03-07 but without any version release. - In 2020 a new repository was started, based on the original iotop but converted to only C code with no python. This is being updated on a regular basis with version releases. This version was released in July 10th 2022. There have been n21 releases since this repository was started. - Built and tested this version of iotop and it gave a screen with very similar look to the original version. The new version has the ability to scroll all the entries whereas the original one required the window to be made larger to show more entries. - The new version also has a column showing a graphical view of the amount of traffic as well as the actual numbers. - Overall this looks to match what vthe original iotop did, plus with a few extras and is being regularly maintained with new releases. - Updated rootfile - This version of iotop is automatically placed in /usr/sbin as the original used to be. - New repository is at https://github.com/Tomas-M/iotop - Changelog can be seen at the above repository. It is too large to include here with 21 version updates. Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
f050a57c93 |
alsa: Update to version 1.2.8
- Update from version 1.2.5.1 to 1.2.8 - Update of rootfile - Changelog for alsa-lib and alsa-utils is too long to include here. Details can be found by looking at the individual web site pages for each change version from 1.2.5.1 to 1.2.8 at https://www.alsa-project.org/wiki/Main_Page_News Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Jon Murphy
|
c80bc99415 |
pcengines-apu-firmware: Update to version 4.17.0.3
- Update from 4.17.0.2 to 4.17.0.3
- Changelog
v4.17.0.3 - Release date: 2022-08-24
Rebased with official coreboot repository commit e173f2b
See: https://github.com/pcengines/coreboot/compare/v4.17.0.2...v4.17.0.3
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
|
||
|
Adolf Belka
|
26562e76a3 |
python3-packaging: Update to version 23.0
- Update from version 21.3 to 23.0
- Update of rootfile
- Changelog
23.0
What's Changed
Remove unused LPAREN token from tokenizer by @hrnciar in #630
Reorganise the project layout and version management by @pradyunsg in #626
Correctly handle non-normalised specifiers in requirements by @pradyunsg in #634
Use stable Python 3.11 in tests by @153957 in #641
Fix typing for specifiers.BaseSpecifier.filter() by @henryiii in #643
Correctly handle trailing whitespace on URL requirements by @pradyunsg in #642
refactor _generic_api to use EXT_SUFFIX by @mattip in #607
Allow "extra" to be None in the marker environment by @pradyunsg in #650
Fix typos by @kianmeng in #648
Update changelog for release by @pradyunsg in #656
22.0
What's Changed
Fix compatible version specifier incorrectly strip trailing '0' by @kasium in #493
Remove support for Python 3.6 by @abravalheri in #500
Use concurrency limit in ci by @blink1073 in #510
Fix issue link in changelog. by @bdice in #509
chore: test with PyPy 3.8 & 3.9 by @mayeut in #512
Accept locally installed prereleases by @q0w in #515
Always run GHA workflows when they change by @mayeut in #516
Add __hash__/__eq__ to requirements by @abravalheri in #499
Upgrade to setup-python v3 and use caching for GHA by @brettcannon in #521
allow pre-release versions in marker evaluation by @graingert in #523
Error out from workflow on missing interpreter by @mayeut in #525
chore: update pre-commit config to the latest repos' versions by @mayeut in #534
chore: remove Windows PyPy 3.9 workaround on GHA by @mayeut in #533
Use pipx to run nox / build in GHA workflows by @mayeut in #517
Run tests with all PyPy versions locally by @mayeut in #535
Adhere to PEP 685 when evaluating markers with extras by @hroncok in #545
chore: update mypy and move to toml by @henryiii in #547
Normalize extra comparison in markers for output by @brettcannon in #549
Evaluate markers under environment with empty "extra" by @MrMino in #550
Do not set extra in default_environment() by @sbidoul in #554
Update extlinks strings to use a format string by @mayeut in #555
Update CI test workflow to use setup-python@v4 by @mayeut in #556
CI: Update actions/* to their latest major versions by @mayeut in #557
Fix a spelling mistake by @venthur in #558
fix: macOS platform tags with old macOS SDK by @mayeut in #513
Correctly parse ELF for musllinux on Big Endian by @uranusjr in #538
A metadata module with a data class for core metadata by @brettcannon in #518
Document utils.NormalizedName by @brettcannon in #565
Drop LegacySpecifier and LegacyVersion by @pradyunsg in #407
Move metadata, versions and specifiers API documentation to sphinx.ext.autodoc by @pradyunsg in #572
Demonstrate behaviour of SpecifierSet.__iter__ by @hauntsaninja in #575
Handwritten parser for parsing requirements by @hrnciar in #484
Add changelog entry for removal of pyparsing dependency by @hroncok in #581
Use Iterator instead of Iterable for specifier filter methods by @ichard26 in #584
Better output on linter failure by @henryiii in #478
Add a "cpNNN-none-any" tag by @joonis in #541
Document exceptions raised by functions in utils by @MrMino in #544
Refactor ELF parsing logic to standlone class by @uranusjr in #553
Forbid prefix version matching on pre-release/post-release segments by @mayeut in #563
Update coverage to >=5.0.0 by @mayeut in #586
Normalize specifier version for prefix matching by @mayeut in #561
Add python 3.11 by @mayeut in #587
Fix prefix version matching by @mayeut in #564
Remove duplicate namedtuple by @layday in #589
Update changelog by @pradyunsg in #595
Change email-related fields in Metadata to str by @brettcannon in #596
Add versionchanged for 21.3 by @brettcannon in #599
refactor: use flit as a backend by @henryiii in #546
Remove packaging.metadata by @pradyunsg in #603
Refactor nox requirements to use requirements files (#601) by @strokirk in #609
Improve Requirement/Marker parser with context-sensitive tokenisation by @pradyunsg in #624
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
b8a598fc92 |
borgbackup: Update to version 1.2.3 and fix bug 13032
- Update from version 1.2.0 to 1.2.3
- Update of rootfile
- This update works with python3-msgpack-1.0.4 and fixes bug 13032
- To make it work then the borgbackup-1.2.3-py3.10.egg-info directory must be the only
egg-info directory for borgbackup otherwise version 1.2.3 will end up with an error.
Versions 1.2.2 and earlier workled without any problem if there was an earlier egg-info
directory for a different version number. The borgbackup rootfile had the egg-info
directory commented out so an uninstall cleared the directory but did not remove it.
This patch has the egg-info directory in the rootfile uncommented and so an uninstall
removes the directory.
- borgbackup paks files created so that the uninstall.sh file will remove any egg-info
directory that starts with "borgbackup-1." as the first ever borgbackup was 1.0.12
When the old 1.2.0 or earlier borgbackup is uninstalled it will use the old default
paks uninstall.sh file and rootfile which will leave the old egg-info directory in
place. When version 1.2.3 is installed it will use the new install.sh script which
will remove any existing egg-info directories present still.
- Changelog
Version 1.2.3 (2022-12-24)
Upgrade notes:
Some things can be recommended for the upgrade process from borg 1.1.x (please also read the important compatibility notes below):
do you already want to upgrade? 1.1.x also will get fixes for a while.
be careful, first upgrade your less critical / smaller repos.
first upgrade to a recent 1.1.x release - especially if you run some older 1.1.* or even 1.0.* borg release.
using that, run at least one borg create (your normal backup), prune and especially a check to see everything is in a good state.
check the output of borg check - if there is anything special, consider a borg check --repair followed by another borg check.
if everything is fine so far (borg check reports no issues), you can consider upgrading to 1.2.x. if not, please first fix any already existing issue.
if you want to play safer, first create a backup of your borg repository.
upgrade to latest borg 1.2.x release (you could use the fat binary from github releases page)
run borg compact --cleanup-commits to clean up a ton of 17 bytes long files in your repo caused by a borg 1.1 bug
run borg check again (now with borg 1.2.x) and check if there is anything special.
run borg info (with borg 1.2.x) to build the local pre12-meta cache (can take significant time, but after that it will be fast) - for more details see below.
check the compatibility notes (see below) and adapt your scripts, if needed.
if you run into any issues, please check the github issue tracker before posting new issues there or elsewhere.
If you follow this procedure, you can help avoiding that we get a lot of “borg 1.2” issue reports that are not really 1.2 issues, but existed before and maybe just were not noticed.
Compatibility notes:
matching of path patterns has been aligned with borg storing relative paths. Borg archives file paths without leading slashes. Previously, include/exclude patterns could contain leading slashes. You should check your patterns and remove leading slashes.
dropped support / testing for older Pythons, minimum requirement is 3.8. In case your OS does not provide Python >= 3.8, consider using our binary, which does not need an external Python interpreter. Or continue using borg 1.1.x, which is still supported.
freeing repository space only happens when “borg compact” is invoked.
mount: the default for --numeric-ids is False now (same as borg extract)
borg create --noatime is deprecated. Not storing atime is the default behaviour now (use --atime if you want to store the atime).
--prefix is deprecated, use -a / --glob-archives, see #6806
list: corrected mix-up of “isomtime” and “mtime” formats. Previously, “isomtime” was the default but produced a verbose human format, while “mtime” produced a ISO-8601-like format. The behaviours have been swapped (so “mtime” is human, “isomtime” is ISO-like), and the default is now “mtime”. “isomtime” is now a real ISO-8601 format (“T” between date and time, not a space).
create/recreate --list: file status for all files used to get announced AFTER the file (with borg < 1.2). Now, file status is announced BEFORE the file contents are processed. If the file status changes later (e.g. due to an error or a content change), the updated/final file status will be printed again.
removed deprecated-since-long stuff (deprecated since):
command “borg change-passphrase” (2017-02), use “borg key …”
option “--keep-tag-files” (2017-01), use “--keep-exclude-tags”
option “--list-format” (2017-10), use “--format”
option “--ignore-inode” (2017-09), use “--files-cache” w/o “inode”
option “--no-files-cache” (2017-09), use “--files-cache=disabled”
removed BORG_HOSTNAME_IS_UNIQUE env var. to use borg you must implement one of these 2 scenarios:
the combination of FQDN and result of uuid.getnode() must be unique and stable (this should be the case for almost everybody, except when having duplicate FQDN and MAC address or all-zero MAC address)
if you are aware that 1) is not the case for you, you must set BORG_HOST_ID env var to something unique.
exit with 128 + signal number, #5161. if you have scripts expecting rc == 2 for a signal exit, you need to update them to check for >= 128.
Fixes:
create: fix --list --dry-run output for directories, #7209
diff/recreate: normalize chunker params before comparing them, #7079
check: fix uninitialised variable if repo is completely empty, #7034
xattrs: improve error handling, #6988
fix args.paths related argparsing, #6994
archive.save(): always use metadata from stats (e.g. nfiles, size, …), #7072
tar_filter: recognize .tar.zst as zstd, #7093
get_chunker: fix missing sparse=False argument, #7056
file_integrity.py: make sure file_fd is always closed on exit
repository: cleanup(): close segment before unlinking
repository: use os.replace instead of os.rename
Other changes:
remove python < 3.7 compatibility code
do not use version_tuple placeholder in setuptools_scm template
CI: fix tox4 passenv issue, #7199
vagrant: update to python 3.9.16, use the openbsd 7.1 box
misc. test suite and docs fixes / improvements
remove deprecated --prefix from docs, #7109
Windows: use MSYS2 for Github CI, remove Appveyor CI
Version 1.2.2 (2022-08-20)
New features:
prune/delete --checkpoint-interval=1800 and ctrl-c/SIGINT support, #6284
Fixes:
SaveFile: use a custom mkstemp with mode support, #6933, #6400, #6786. This fixes umask/mode/ACL issues (and also “chmod not supported” exceptions seen in 1.2.1) of files updated using SaveFile, e.g. the repo config.
hashindex_compact: fix eval order (check idx before use), #5899
create --paths-from-(stdin|command): normalize paths, #6778
secure_erase: avoid collateral damage, #6768. If a hardlink copy of a repo was made and a new repo config shall be saved, do NOT fill in random garbage before deleting the previous repo config, because that would damage the hardlink copy.
list: fix {flags:<WIDTH>} formatting, #6081
check: try harder to create the key, #5719
misc commands: ctrl-c must not kill other subprocesses, #6912
borg create with a remote repo via ssh
borg create --content-from-command
borg create --paths-from-command
(de)compression filter process of import-tar / export-tar
Other changes:
deprecate --prefix, use -a / --glob-archives, see #6806
make setuptools happy (“package would be ignored”), #6874
fix pyproject.toml to create a fixed _version.py file, compatible with both old and new setuptools_scm version, #6875
automate asciinema screencasts
CI: test on macOS 12 without fuse / fuse tests (too troublesome on github CI due to kernel extensions needed by macFUSE)
tests: fix test_obfuscate byte accounting
repository: add debug logging for issue #6687
_chunker.c: fix warnings on macOS
requirements.lock.txt: use the latest cython 0.29.32
docs:
add info on man page installation, #6894
update archive_progress json description about “finished”, #6570
json progress_percent: some values are optional, #4074
FAQ: full quota / full disk, #5960
correct shell syntax for installation using git
Version 1.2.1 (2022-06-06)
Fixes:
create: skip with warning if opening the parent dir of recursion root fails, #6374
create: fix crash. metadata stream can produce all-zero chunks, #6587
fix crash when computing stats, escape % chars in archive name, #6500
fix transaction rollback: use files cache filename as found in txn.active/, #6353
import-tar: kill filter process in case of borg exceptions, #6401 #6681
import-tar: fix mtime type bug
ensure_dir: respect umask for created directory modes, #6400
SaveFile: respect umask for final file mode, #6400
check archive: improve error handling for corrupt archive metadata block, make robust_iterator more robust, #4777
pre12-meta cache: do not use the cache if want_unique is True, #6612
fix scp-style repo url parsing for ip v6 address, #6526
mount -o versions: give clear error msg instead of crashing. it does not make sense to request versions view if you only look at 1 archive, but the code shall not crash in that case as it did, but give a clear error msg.
show_progress: add finished=true/false to archive_progress json, #6570
delete/prune: fix --iec mode output (decimal vs. binary units), #6606
info: fix authenticated mode repo to show “Encrypted: No”, #6462
diff: support presence change for blkdev, chrdev and fifo items, #6615
New features:
delete: add repository id and location to prompt, #6453
borg debug dump-repo-objs --ghost: new --segment=S --offset=O options
Other changes:
support python 3.11
allow msgpack 1.0.4, #6716
load_key: no key is same as empty key, #6441
give a more helpful error msg for unsupported key formats, #6561
better error msg for defect or unsupported repo configs, #6566
docs:
document borg 1.2 pattern matching behavior change, #6407 Make clear that absolute paths always go into the matcher as if they are relative (without leading slash). Adapt all examples accordingly.
authentication primitives: improved security and performance infos
mention BORG_FILES_CACHE_SUFFIX as alternative to BORG_FILES_CACHE_TTL, #5602
FAQ: add a hint about --debug-topic=files_cache
improve borg check --max-duration description
fix values of TAG bytes, #6515
borg compact --cleanup-commits also runs a normal compaction, #6324
virtualization speed tips
recommend umask for passphrase file perms
borg 1.2 is security supported
update link to ubuntu packages, #6485
use --numeric-ids in pull mode docs
remove blake2 docs, blake2 code not bundled any more, #6371
clarify on-disk order and size of segment file log entry fields, #6357
docs building: do not transform --/--- to unicode dashes
tests:
check that borg does not require pytest for normal usage, fixes #6563
fix OpenBSD symlink mode test failure, #2055
vagrant:
darwin64: remove fakeroot, #6314
update development.lock.txt
use pyinstaller 4.10 and python 3.9.13 for binary build
upgrade VMCPUS and xdistn from 4 to 16, maybe this speeds up the tests
crypto:
use hmac.compare_digest instead of ==, #6470
hmac_sha256: replace own cython wrapper code by hmac.digest python stdlib (since py38)
hmac and blake2b minor optimizations and cleanups
removed some unused crypto related code, #6472
avoid losing the key (potential use-after-free). this never could happen in 1.2 due to the way we use the code. The issue was discovered in master after other changes, so we also “fixed” it here before it bites us.
setup / build:
add pyproject.toml, fix sys.path, #6466
setuptools_scm: also require it via pyproject.toml
allow extra compiler flags for every extension build
fix misc. C / Cython compiler warnings, deprecation warnings
fix zstd.h include for bundled zstd, #6369
source using python 3.8 features: pyupgrade --py38-plus ./**/*.py
Fixes: Bug #13032
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Matthias Fischer
|
b00012039e |
mc: Update to 4.8.29
For details see: https://midnight-commander.org/wiki/NEWS-4.8.29 For details see: http://midnight-commander.org/wiki/NEWS-4.8.29 Summary: "Major changes since 4.8.28 Core Add more options for panel filter (#1373): "Files only" (#4209) "Case sensitive" (#4334) "Using shell patterns" Continue copy after interrupt (#4409) Restore menu accelerator for "Sort order": back to "S"; change menu accelerator for "SFTP link" to "N" (#4373) Add support for cross-compilation with PERL path different between --build and --host (#4399) Bootstrap with autotools providing direct support for Apple M1 Port mc.ext to INI format and rename to mc.ext.ini (#4141, #3742, #3191) Implement compound (AND) conditions (Type/Shell? and Type/Regex? pairs) to disambiguate overloaded extensions There is no fallback to previous mc.ext format VFS Editor Change location of all user's syntax related stuff to ~/.local/share/mc/syntax/ directory (#4413) syntax/Syntax: document location of syntax files (#4320) Improvements of syntax highlighting: YAML: improve multiline blocks highliting (#4059) New syntax highlighting: Privoxy (https://www.privoxy.org) actions files (#4384) TOML (Tom's Obvious Minimal Language) (#4412) Viewer Diff viewer Misc Code cleanup (#4357, #4397, #4425) sqlite3 view: use 'immutable=1' URI parameter to prevent leaving wal/shm files after viewing sqlite database (#4369) Support of contour terminal emulator (https://github.com/contour-terminal/contour) (#4396) mc.ext.ini: clarify regex for makefiles (#4419) Remove empty hints translations by setting 5% threshold (#3608) Fixes Fail to build with only SFTP network VFS is enabled (#4420) Crash on quick view of archives (#4398) Wrong description of --enable-configure-args option (#4400) Wrong version sort (#4374) No subshell if subshell is initializing more than 1 second (#3121) Filter keyboard shortcut only affects left panel (#4383) File type check does not work with special character in filename (#4377) Select files keeping the right mouse button pressed doesn't select all files (#4381) Cannot scroll panel listing upwards using mouse (#4119) "Directory Compare" doesn't correct work with panelization (#3220) Wrong decompressing of zip files in quick view panel (#4404) mc.ext: 'include' keyword (for command class def) have no effect if it was defined before 'Include' keyword (for command def) (#2773) mcedit: infinite loop when deleting a macro (#4391) mcviewer: segfault when switching from raw to parsed mode and back (#4401) Broken handling of zip archives (#4368) FISH subshell: commands don't work after window resize (#4372) FTP VFS: doesn't reconnect to server after timeout (#3670) FISH VFS: cannot remove non-empty directory (#4364) EXTFS VFS: segfault if archive contains file(s) in the parent directory (#4422, #4427) Tests: variable redeclaration in filevercmp_test5 (#4358)" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
b3ebc2840b |
python3-setuptools: Fix rootfile
https://lists.ipfire.org/pipermail/nightly-builds/2023-January/004089.html Reported-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
0042dfc14a |
tshark: Update rootfile
https://lists.ipfire.org/pipermail/nightly-builds/2023-January/004090.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
d98dfe5a19 |
sdl2: Update to version 2.26.2
- Update from version 2.26.0 to 2.26.2
- Update of rootfile
- Changelog
2.26.2 Latest
This is a stable bugfix release, with the following changes:
Fixed long delay at startup when a Razer keyboard is connected
Fixed not receiving SDLK_5 or SDL_SCANCODE_5 when using the AZERTY keyboard
layout on Linux
2.26.1
This is a stable bugfix release, with the following changes:
Improved audio resampling quality
Fixed crash if SDL_GetPointDisplayIndex() or SDL_GetRectDisplayIndex() are
called before SDL_VideoInit()
Fixed building with older Xcode and macOS SDK
Fixed building when not using shared Wayland libraries
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Michael Tremer
|
debf583b42 |
rootfiles: Remove further spaces
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
ed10535acf |
ghostscript: Update to version 10.0.0
- Update from version 9.56.1 to 10.0.0 - Update of rootfile - Changelog on website has following entry From 9.55.0 onwards, in recognition of how unwieldy very large HTML files can become (History9.html had reached 8.1Mb!), we intend to only include the summary highlights For anyone wanting the full details of the changes in a release, we ask them to look at the history in our public git repository: ghostpdl-10.00.0 log. If this change does not draw negative feedback, History?.htm file(s) will be removed from the release archives. - History?.htm files are no longer part of the release tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
90aca7bbc1 |
spandsp: Remove package from IPFire
- This package was used by the asterisk addon which was dropped some time ago so spandsp is no longer needed Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Peter Müller
|
132e2f8f0c |
samba: Align 32-bit ARM rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
a3e50a3f6c |
samba: Update to version 4.17.4
- Update from version 4.17.3 to 4.17.4
- Update of rootfile (Only the x86_64 rootfile updated with this patch)
- Changelog
Release Notes for Samba 4.17.4
This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
RC4-HMAC Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac
session keys for use between modern clients and servers
despite all modern Kerberos implementations supporting
the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy' would force
rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
o CVE-2022-37967: This is the Samba CVE for the Windows
Kerberos Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained
delegation permission could forge a more powerful
ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
same algorithms as rc4-hmac cryptography in Kerberos,
and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
Note that there are several important behavior changes
included in this release, which may cause compatibility problems
interacting with system still expecting the former behavior.
Please read the advisories of CVE-2022-37966,
CVE-2022-37967 and CVE-2022-38023 carefully!
samba-tool got a new 'domain trust modify' subcommand
This allows "msDS-SupportedEncryptionTypes" to be changed
on trustedDomain objects. Even against remote DCs (including Windows)
using the --local-dc-ipaddress= (and other --local-dc-* options).
See 'samba-tool domain trust modify --help' for further details.
smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
allow nt4 crypto Deprecated no
allow nt4 crypto:COMPUTERACCOUNT New
kdc default domain supported enctypes New (see manpage)
kdc supported enctypes New (see manpage)
kdc force enable rc4 weak session keys New No
reject md5 clients New Default, Deprecated Yes
reject md5 servers New Default, Deprecated Yes
server schannel Deprecated Yes
server schannel require seal New, Deprecated Yes
server schannel require seal:COMPUTERACCOUNT New
winbind sealed pipes Deprecated Yes
Changes since 4.17.3
o Jeremy Allison <jra@samba.org>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15237: CVE-2022-37966.
* BUG 15258: filter-subunit is inefficient with large numbers of knownfails.
o Ralph Boehme <slow@samba.org>
* BUG 15240: CVE-2022-38023.
* BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.
o Stefan Metzmacher <metze@samba.org>
* BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
Windows.
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
vulnerability.
* BUG 15206: libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4().
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15230: Memory leak in snprintf replacement functions.
* BUG 15237: CVE-2022-37966.
* BUG 15240: CVE-2022-38023.
* BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression).
o Noel Power <noel.power@suse.com>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Anoop C S <anoopcs@samba.org>
* BUG 15198: Prevent EBADF errors with vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15237: CVE-2022-37966.
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15257: Stack smashing in net offlinejoin requestodj.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15231: CVE-2022-37967.
* BUG 15237: CVE-2022-37966.
o Nicolas Williams <nico@twosigma.com>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Peter Müller
|
efe0455614 |
samba: Update 32-bit ARM rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
cfb7cf5e03 |
libtalloc: Update to version 2.3.4
- Update from version 2.3.1 to 2.3.4 - Update of rootfile - No Changelog available in the source tarball or on the website. talloc uses the samba technical mailing list for any communications but there was no announcement for the updated versions found. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
01e65b0902 |
libshout: Update to version 2.4.6
- Update from version 2.4.3 to 2.4.6
- Update of rootfile
- Changelog
libshout 2.4.6 (20220410)
* Fixed pkg-config file (#2329)
* Made vorbis an optional codec
* Do not pass to small headers to libspeex
(see also the same mirror-patch in Icecast)
* Updated documentation, mostly in regard of making it clearer
which functions are now obsoleted
* General code cleanup
* Added compiler warnings about obsoleted functions and
ignored return values
* Replaced old shout_set_metadata() with new shout_set_metadata_utf8()
* Added support for plain text streaming
* Fixed shout_set_metadata*() sometimes returning SHOUTERR_RETRY (#2328)
* Workaround old clients by emulating SHOUTERR_RETRY with SHOUTERR_BUSY (#2316)
* Remove our re-implementation of X509_check_host()
* Allow to disable building tools (#2331)
libshout 2.4.5 (20201219)
* Improved shout.h for reading, and understanding.
* Marked dumpfile support as obsolete (as SHOUT_PROTOCOL_XAUDIOCAST already is).
* Added Support for setting the content language.
* Avoid the use of obsolete functions (#2317).
* Several small fixes for non-blocking mode (#2321, #2315).
* Corrected detection of libogg (mostly for windows targets).
* Now accept TLS mode "auto" when build without TLS support.
* Added new tool shout(1).
libshout 2.4.4 (20201001)
* Fixed handling of blocking/non-blocking mode
* Fixed ICY port increment
* Fixed reusing of handles
* Fixed error handling of Ogg sync layer
* Fixed Passing of errors between connection and instance layer
Without this fix died connections were not correctly detected.
* Fixed and improved build scripts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
6d144d259f |
dbus: Update to version 1.14.4
- Update from version 1.14.0 to 1.14.4
- Update of rootfile
- Changelog
dbus 1.14.4 (2022-10-05)
This is a security update for the dbus 1.14.x stable branch, fixing
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
security hardening (dbus#416).
Behaviour changes:
• On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
Denial of service fixes:
Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote attacker.
• An invalid array of fixed-length elements where the length of the array
is not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
• A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (dbus#418, CVE-2022-42010; Simon McVittie)
• A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. This was a regression in
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
dbus 1.14.2 (2022-09-26)
Fixes:
• Fix build failure on FreeBSD (dbus!277, Alex Richardson)
• Fix build failure on macOS with launchd enabled
(dbus!287, Dawid Wróbel)
• Preserve errno on failure to open /proc/self/oom_score_adj
(dbus!285, Gentoo#834725; Mike Gilbert)
• On Linux, don't log warnings if oom_score_adj is read-only but does not
need to be changed (dbus!291, Simon McVittie)
• Slightly improve error-handling for inotify
(dbus!235, Simon McVittie)
• Don't crash if dbus-daemon is asked to watch more than 128 directories
for changes (dbus!302, Jan Tojnar)
• Autotools build system fixes:
· Don't treat --with-x or --with-x=yes as a request to disable X11,
fixing a regression in 1.13.20. Instead, require X11 libraries and
fail if they cannot be detected. (dbus!263, Lars Wendler)
· When a CMake project uses an Autotools-built libdbus in a
non-standard prefix, find dbus-arch-deps.h successfully
(dbus#314, Simon McVittie)
· Don't include generated XML catalog in source releases
(dbus!317, Jan Tojnar)
· Improve robustness of detecting gcc __sync atomic builtins
(dbus!320, Alex Richardson)
• CMake build system fixes:
· Detect endianness correctly, fixing interoperability with other D-Bus
implementations on big-endian systems (dbus#375, Ralf Habacker)
· When building for Unix, install session and system bus setup
in the intended locations
(dbus!267, dbus!297; Ralf Habacker, Alex Richardson)
· Detect setresuid() and getresuid() (dbus!319, Alex Richardson)
· Detect backtrace() on FreeBSD (dbus!281, Alex Richardson)
· Don't include headers from parent directory (dbus!282, Alex Richardson)
· Distinguish between host and target TMPDIR when cross-compiling
(dbus!279, Alex Richardson)
· Fix detection of atomic operations (dbus!306, Alex Richardson)
Tests and CI enhancements:
• On Unix, skip tests that switch uid if run in a container that is
unable to do so, instead of failing (dbus#407, Simon McVittie)
• Use the latest MSYS2 packages for CI
(Ralf Habacker, Simon McVittie)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
1302f0cde8 |
libvirt: Update version to 8.10.0
- Update from version 8.9.0 to 8.10.0
- Update of rootfile
- Changelog
v8.10.0 (2022-12-01)
**New features**
* Tool for validating SEV firmware boot measurement of QEMU VMs
The ``virt-qemu-sev-validate`` program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.
* Support for SGX EPC (enclave page cache)
Users can add a ``<memory model='sgx-epc'>`` device to lauch a VM with
``Intel Software Guard Extensions``.
* Support migration of vTPM state of QEMU vms on shared storage
Pass ``--migration`` option if appropriate in order for ``swtpm`` to
properly migrate on shared storage.
**Improvements**
* Mark close callback (un-)register API as high priority
High priority APIs use a separate thread pool thus can help in eliminating
problems with stuck VMs. Marking the close callback API as high priority
allows ``virsh`` to properly connect to the daemon in case the normal
priority workers are stuck allowing other high priority API usage.
* Updated x86 CPU features
The following features for the x86 platform were added:
``v-vmsave-vmload``, ``vgif``, ``avx512-vp2intersect``, ``avx512-fp16``,
``serialize``, ``tsx-ldtrk``, ``arch-lbr``, ``xfd``, ``intel-pt-lip``,
``avic``, ``sgx``, ``sgxlc``, ``sgx-exinfo``, ``sgx1``, ``sgx2``,
``sgx-debug``, ``sgx-mode64``, ``sgx-provisionkey``, ``sgx-tokenkey``,
``sgx-kss``, ``bus-lock-detect``, ``pks``, ``amx``.
* Add support for ``hv-avic`` Hyper-V enlightenment
``qemu-6.2`` introduced support for the ``hv-avic`` enlightenment which
allows to use Hyper-V SynIC with hardware APICv/AVIC enabled.
* qemu: Run memory preallocation with numa-pinned threads
Run the thread allocating memory in the proper NUMA node to reduce overhead.
* RPM packaging changes
- add optional dependancy of ``libvirt-daemon`` on ``libvirt-client``
The ``libvirt-guests.`` tool requires the ``virsh`` client to work
properly, but we don't want to require the installation of the daemon
if the tool is not used.
- relax required ``python3-libvirt`` version for ``libvirt-client-qemu``
The ``virt-qemu-qmp-proxy`` tool requires python but doesn't strictly
need the newest version. Remove the strict versioning requirement in
order to prevent cyclic dependency when building.
**Bug fixes**
* Skip initialization of ``cache`` capabilities if host doesn't support them
Hypervisor drivers would fail to initialize on ``aarch64`` hosts with
following error ::
virStateInitialize:657 : Initialisation of cloud-hypervisor state driver failed: no error
which prevented the startup of the daemon.
* Allow incoming connections to guests on routed networks w/firewalld
A change in handling of implicit rules in ``firewalld 1.0.0`` broke
incomming connections to VMs when using ``routed`` network. This is fixed
by adding a new ``libvirt-routed`` zone configured to once again allow
incoming sessions to guests on routed networks.
* Fix infinite loop in nodedev driver
Certain udev entries might be of a size that makes libudev emit EINVAL
which caused a busy loop burning CPU. Fix it by ignoring the return code.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
349fc481b8 |
libusbredir: Update to version 0.13.0
- Update from version 0.8.0 to 0.13.0 - Update of rootfile - bz2 version no longer supplied only xz version - Build changed from autotyools to meson/ninja - Changelog # usbredir-0.13.0 - 01 Aug 2022 - !61 Fix regression on unserialize data - !59 Removes usbredirserver - !58 Improved header length checks when unserialising data - !62 Fix usage of command line argument in usbredirect - !57 Fix small memory leak on usbredirect # usbredir-0.12.0 - 12 Nov 2021 - !47 Implement dropping packets from isochronous devices when buffer is owned by usbredirparser library - !50 Use packet size limit on deserialization - !54 Fix possible bad state in deserialization logic - !48 Fix possible memory leak in serialization logic - !45 Fix (un)serialization with empty write buffers - !42 !46 !52 Improvements to usbredirparserfuzz # usbredir-0.11.0 - 10 Aug 2021 - !40 Fixes use-after-free on usbredirparser serialization - !25 Fixes memory leak in usbredirparser - !32 Fixes build in MacOS related to visibility of exported symbols - !36 Adds usbredirfilter_free function - !29 Adds Fuzzing for Filters - !34 Improvements to usbredirfilter_string_to_rules() # usbredir-0.10.0 - 27 May 2021 - !23 Fixes 0.9.0 regression in bulk transfer message size - !20 Drops autotools, only meson is supported now - !15, !16, !18, !21 Improves fuzzing code base and meson builds - !17 Fixes libusbredirhost.pc when generated by meson # usbredir-0.9.0 - 02 Apr 2021 - !2 Add usbredirect tool with feature parity with usbredirserver - !6 Add fuzzer for usbredirparser - !12 Add MSI installer for usbredirect tool - !11 Add meson build: autotool will be removed in a future release - !5 Limit packet's length to 65 kB - !4 Fix wrong up-cast when checking for package's length - Require LLVM's compiler-rt (optional: for fuzzer) - Require glib2 >= 2.44 (optional: for usbredirect) - Deprecate usbredirserver in favor of usbredirect Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Michael Tremer
|
7a22b050fa |
Revert "Drop powertop"
This reverts commit
|
||
|
Peter Müller
|
986d1bca11 |
samba: Update aarch64 rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
08c5fc0a67 |
flac: Update to version 1.4.2
- Update from version 1.3.3 to 1.4.2
- Update of rootfile
- several libraries with so bump. Checked with find-dependencies - nothing flagged
- Changelog
This changelog is not exhaustive, review [the git commit log
(https://github.com/xiph/flac/commits) for an exhaustive list of changes.
## FLAC 1.4.2 (22-Oct-2022)
Once again, this release only has a few changes. A problem with FLAC playback in GStreamer (and possibly other libFLAC users) was the reason for the short time since the last release
* General
* Remove xmms plugin (Martijn van Beurden, TokyoBlackHole)
* Remove all pure assembler, removing build dependency on nasm
* Made console output more uniform across different platforms and CPUs
* Improve ability to tune compile for a certain system (for example with -march=native) when combining with --disable-asm-optimizations: plain C functions can now be better optimized
* Build system
* Default CFLAGS are now prepended instead of dropped when user CFLAGS are set
* -msse2 is no longer added by default (was only applicable to x86)
* Fix cross-compiling and out-of-tree building when pandoc and doxygen are not available
* Fix issue with Clang not compiling functions with intrinsics
* Fix detection of bswap intrinsics (Ozkan Sezer)
* Improve search for libssp on MinGW (Ozkan Sezer, Martijn van Beurden)
* libFLAC
* Fix issue when the libFLAC user seeks in a file instead of libFLAC itself
## FLAC 1.4.1 (22-Sep-2022)
This release only has a few changes. It was triggered by a problem in the 1.4.0 tarball: man pages were empty and api documentation missing
* CMake fixes (Tomasz Kłoczko)
* Add checks that man pages and api docs end up in tarball
* Enable installation of prebuilt man pages and api docs
* Fix compiler warnings (Johannes Kauffmann, Ozkan Sezer)
* Fix format specifier (manxorist)
* Enable building on Universal Windows Platform (Steve Lhomme)
* Fix versioning from git
## FLAC 1.4.0 (09-Sep-2022)
As there have been changes to the library interfaces, the libFLAC version number is incremented to 12, the libFLAC++ version number is incremented to 10. As some changes were breaking, the version age numbers (see [libtool versioning](https://www.gnu.org/software/libtool/manual/libtool.html#Libtool-versioning)) have been reset to 0. For more details on the changes to the API, see the [porting guide](https://xiph.org/flac/api/group__porting__1__3__4__to__1__4__0.html).
The XMMS plugin and 'common' plugin code (used only by the XMMS plugin) are deprecated, they will be removed in a future release.
* General:
* It is now possible to limit the minimum bitrate of a FLAC file generated by libFLAC and with the `flac` tool to 1 bit/sample. This function can be used to aid live streaming, for example for internet radio
* Encoding files with sample rates up to 1'048'575Hz is now possible. (Con Kolivas)
* Compression of preset -3 through -8 was slightly improved at the cost of a small decrease in encoding speed by increasing the precision with which autocorrelation was calculated (Martijn van Beurden)
* Encoding speed of preset -0, -1 and -2 was slightly improved
* Compression of presets -1 and -4 was slighly improved on certain material by changing the adaptive mid-side heuristics
* Speedups specifically targeting 64-bit ARMv8 devices using NEON were integrated (Ronen Gvili, Martijn van Beurden)
* Speedups for x86_64 CPUs having the FMA instruction set extention are added
* Encoding and decoding of 32-bit PCM is now possible
* (Ogg) FLAC format:
* The FLAC format document is being rewritten by the IETF CELLAR working group. The latest draft can be found on [https://datatracker.ietf.org/doc/draft-ietf-cellar-flac/](https://datatracker.ietf.org/doc/draft-ietf-cellar-flac/)
* The FLAC format document specifies no bounds for the residual. In other to match current decoder implementations, it is proposed to bound the residual to the range provided by a 32-bit int signed two's complement. This limit must be checked by FLAC encoders as to keep FLAC decoders free from the complexity of being to decode a residual exceeding a 32-bit int.
* There is now a set of files available to test whether a FLAC decoder implements the format correctly. This FLAC decoder testbench can be found at [https://github.com/ietf-wg-cellar/flac-test-files](https://github.com/ietf-wg-cellar/flac-test-files). Also, results of testing hard- and software can be found here at [https://wiki.hydrogenaud.io/index.php?title=FLAC_decoder_testbench](https://wiki.hydrogenaud.io/index.php?title=FLAC_decoder_testbench).
* flac:
* The option --limit-min-bitrate was added to aid streaming, see [github #264](https://github.com/xiph/flac/pull/264)
* The option --keep-foreign-metadata-if-present is added. This option works the same as --keep-foreign-metadata, but does return a warning instead of an error if no foreign metadata was found to store or restore
* The warning returned by the foreign metadata handling is now clearer in case a user tries to restore foreign metadata of the wrong type, for example decoding a FLAC file containing AIFF foreign metadata to a WAV file
* A problem when using the analyse function causing the first frame to have a wrong size and offset was fixed
* Fix bug where channel mask of a file is unintentionally reused when several files are processed with one command
* The order of compression-related commands is no longer important, i.e. -8ep gives the same result as -ep8. Previously, a compression level (like -8) would override a more specific setting (like -e or -p). This is no longer the case
* flac now checks the block-align property of WAV files to ensure non-standard WAV files (for which flac has no handling) are not mangled
* metaflac:
* (none)
* build system:
* MSVC and Makefile.lite build system files have been removed. Building with MSVC (Visual Studio) can be done by using CMake
* Various CMake improvements, especially for creating MSVC build files (Martijn van Beurden, martinRenou, CookiePLMonster, David Callu, Tyler Dunn, Cameron Cawley)
* Various fixes for MinGW (Martijn van Beurden, Cameron Cawley)
* Removed obsolete autotools macro's to silence warnings
* Fixes for FreeBSD PowerPC (pkubaj)
* Fixed some compiler warnings (Martijn van Beurden, Tyler Dunn)
* Fix building with uclibc (Fabrice Fontaine)
* testing/validation:
* Addition of new encoder fuzzer, adding fuzzing for 8, 24 and 32-bit inputs
* Addition of new decoder fuzzer, adding coverage of seeking code
* Addition of metadata fuzzer, adding coverage of metadata APIs
* Various improvements to fuzzers to improve code coverage, fuzzing speed and stability
* Many changes to test suite to improve cross-platform compatibility (Rosen Penev)
* Windows CI now also builds the whole test suite
* Clang-format file added (Rosen Penev)
* Add warning on using v141_xp platform toolset with /MT (Martijn van Beurden, Paul Sanders)
* libraries:
* Various seeking fixes (Martijn van Beurden, Robert Kausch)
* Various bugs fixed found by fuzzing
* On decoding, it is now checked whether residuals can be contained by a 32-bit int, preventing integer overflow
* Add check that samples supplied to libFLAC actually fall within the bps set
* Add checks when parsing metadata blocks to not allocate excessive amounts of memory and not overread
* Undocumented Windows-only utf8 functions are no longer exported to the DLL interface
* Removed all assembler and intrinsics code from the decoder to improve fuzzing, as they provided only a small speed benefit
* The bitwriter buffer is limited in size to 2^24 bytes, so it cannot write excessively large files. This is a backup in case another bug in this area creeps (back) in.
* The metadata iterations should now never return a vorbiscomment entry with NULL as an entry, now always at least an empty string is returned
* documentation:
* Removed html documentation and generate man pages from markdown
* Interface changes:
* libFLAC:
* Addition of FLAC__stream_encoder_set_limit_min_bitrate() and FLAC__stream_encoder_get_limit_min_bitrate(), see [github #264](https://github.com/xiph/flac/pull/264)
* get_client_data_from_decoder is renamed FLAC__get_decoder_client_data(), see [github #124](https://github.com/xiph/flac/pull/124)
* All API functions taking a filename as an argument now take UTF-8 filenames on Windows, and no longer accept filenames using the current codepage
* FLAC__Frame struct has changed: warmup samples are now stored in FLAC__int64 instead of FLAC__int32 types, and verbatim samples can now be stored in either FLAC__int32 or FLAC__int64 depending on whether samples fix the former or latter
* The FLAC__StreamMetadata struct now has a tag, so it can be forward declared
* libFLAC++:
* Addition of ::set_limit_min_bitrate() and ::get_limit_min_bitrate(), see [github #264](https://github.com/xiph/flac/pull/264)
* All API functions taking a filename as an argument now take UTF-8 filenames on Windows, and no longer accept filenames using the current codepage
* The ::FLAC__Frame struct has changed, see the libFLAC interface change.
## FLAC 1.3.4 (20-Feb-2022)
This release mostly fixes (security related) bugs. When building with MSVC, using CMake is preferred, see the README under "Building with CMake" for more information. Building with MSVC using solution files is deprecated and these files will be removed in the future. As there have been no changes to the library interfaces, the libFLAC version number remains 11, and libFLAC++ version number remains 9.
* General:
* Fix 12 decoder bugs found by oss-fuzz, including CVE-2020-0499 (erikd, Martijn van Beurden)
* Fix encoder bug CVE-2021-0561 (NeelkamalSemwal)
* Integrate oss-fuzzers (erikd, Guido Vranken)
* Seeking fixes (NeelkamalSemwal, Robert Kausch)
* Various fixes and improvements (Andrei Astafev, Rosen Penev, Håkan Kvist, oreo639, erikd, Tamás Zahola, Ulrik Mikaelsson, Tyler Dunn, tmkk)
* FLAC format:
* (none)
* Ogg FLAC format:
* (none)
* flac:
* Various fixes and improvements (Andrei Astafev, Martijn van Beurden)
* metaflac:
* (none)
* build system:
* CMake improvements (evpobr, Vitaliy Kirsanov, erikd, Ozkan Sezer, Tyler Dunn, tg-m DeadSix27, ericLemanissier, Chocobo1).
* Fixes for MinGW and MSVC (Ozkan Sezer).
* Fix for clang (Ozkan Sezer)
* Fix for PowerPC (Peter Seiderer, Thomas BERNARD)
* Fix for FreeBSD PowerPC (pkubaj).
* testing/validation:
* Add Windows target to CI, improve logging (Ralph Giles)
* CI improvements (Ralph Giles, Ewout ter Hoeven)
* documentation:
* Doxygen fixes (Tyler Dunn)
* Fix typos (Tim Gates, maxz)
* Interface changes:
* libFLAC:
* (none)
* libFLAC++:
* (none)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
28c939b78f |
samba: Update to version 4.17.3
- Update from version 4.17.0 to 4.17.3
- Update of rootfile (x86_64) - other architectures will need to be adjusted.
- Changelog
Release Notes for Samba 4.17.3
This is a security release in order to address the following defects:
o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
integer overflows when parsing a PAC on a 32-bit system, which
allowed an attacker with a forged PAC to corrupt the heap.
https://www.samba.org/samba/security/CVE-2022-42898.html
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15203: CVE-2022-42898
o Nicolas Williams <nico@twosigma.com>
* BUG 15203: CVE-2022-42898
Release Notes for Samba 4.17.2
This is a security release in order to address the following defects:
o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
unwrap_des() and unwrap_des3() routines of Heimdal (included
in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html
o CVE-2022-3592: A malicious client can use a symlink to escape the exported
directory.
https://www.samba.org/samba/security/CVE-2022-3592.html
o Volker Lendecke <vl@samba.org>
* BUG 15207: CVE-2022-3592.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15134: CVE-2022-3437.
Release Notes for Samba 4.17.1
o Jeremy Allison <jra@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15174: smbXsrv_connection_shutdown_send result leaked.
* BUG 15182: Flush on a named stream never completes.
* BUG 15195: Permission denied calling SMBC_getatr when file not exists.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
* BUG 15191: pytest: add file removal helpers for TestCaseInTempDir.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later.
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
o Ralph Boehme <slow@samba.org>
* BUG 15182: Flush on a named stream never completes.
o Volker Lendecke <vl@samba.org>
* BUG 15151: vfs_gpfs silently garbles timestamps > year 2106.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
o Stefan Metzmacher <metze@samba.org>
* BUG 15200: multi-channel socket passing may hit a race if one of the
involved processes already existed.
* BUG 15201: memory leak on temporary of struct imessaging_post_state and
struct tevent_immediate on struct imessaging_context (in
rpcd_spoolss and maybe others).
o Noel Power <noel.power@suse.com>
* BUG 15205: Since popt1.19 various use after free errors using result of
poptGetArg are now exposed.
o Anoop C S <anoopcs@samba.org>
* BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from
vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
a8b3a69b9d |
gnu-netcat: Removal of package
- gnu-netcat was last updated in 2004 and is not used as a dependency for any IPFire addon. - IPFire has ncat which is used as a dependency for ipfire-netboot, libshout, libvirt and squid. gnu-netcat not being required for libvcirt was confirmed by Jonatan. - nmap/ncat is being actively updated. - Based on the above this patch is removing gnu-netcat from IPFire. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
47c2e4c0aa |
sdl2: Update to version 2.26.0
- Update from version 2.0.22 to 2.26.0
- Update of rootfile
- Changelog
2.26.0:
General:
* Updated OpenGL headers to the latest API from The Khronos Group Inc.
* Added SDL_GetWindowSizeInPixels() to get the window size in pixels, which may differ from the window coordinate size for windows with high-DPI support
* Added simulated vsync synchronization for the software renderer
* Added the mouse position to SDL_MouseWheelEvent
* Added SDL_ResetHints() to reset all hints to their default values
* Added SDL_GetJoystickGUIDInfo() to get device information encoded in a joystick GUID
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360 to control whether the HIDAPI driver for XBox 360 controllers should be used
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360_PLAYER_LED to control whether the player LEDs should be lit to indicate which player is associated with an Xbox 360 controller
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360_WIRELESS to control whether the HIDAPI driver for XBox 360 wireless controllers should be used
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_ONE to control whether the HIDAPI driver for XBox One controllers should be used
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_ONE_HOME_LED to control the brightness of the XBox One guide button LED
* Added support for PS3 controllers to the HIDAPI driver, enabled by default on macOS, controlled by the SDL_HINT_JOYSTICK_HIDAPI_PS3 hint
* Added support for Nintendo Wii controllers to the HIDAPI driver, not enabled by default, controlled by the SDL_HINT_JOYSTICK_HIDAPI_WII hint
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_WII_PLAYER_LED to control whether the player LED should be lit on the Nintendo Wii controllers
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_VERTICAL_JOY_CONS to control whether Nintendo Switch Joy-Con controllers will be in vertical mode when using the HIDAPI driver
* Added access to the individual left and right gyro sensors of the combined Joy-Cons controller
* Added a microsecond timestamp to SDL_SensorEvent and SDL_ControllerSensorEvent, when the hardware provides that information
* Added SDL_SensorGetDataWithTimestamp() and SDL_GameControllerGetSensorDataWithTimestamp() to retrieve the last sensor data with the associated microsecond timestamp
* Added the hint SDL_HINT_HIDAPI_IGNORE_DEVICES to have the SDL HID API ignore specific devices
* SDL_GetRevision() now includes more information about the SDL build, including the git commit hash if available
Windows:
* Added the hint SDL_HINT_MOUSE_RELATIVE_SYSTEM_SCALE to control whether the system mouse acceleration curve is used for relative mouse motion
macOS:
* Implemented vsync synchronization on macOS 12
Linux:
* Added SDL_SetPrimarySelectionText(), SDL_GetPrimarySelectionText(), and SDL_HasPrimarySelectionText() to interact with the X11 primary selection clipboard
* Added the hint SDL_HINT_VIDEO_WAYLAND_EMULATE_MOUSE_WARP to control whether mouse pointer warp emulation is enabled under Wayland
Android:
* Enabled IME soft keyboard input
* Added version checking to make sure the SDL Java and C code are compatible
2.24.0:
General:
* New version numbering scheme, similar to GLib and Flatpak.
* An even number in the minor version (second component) indicates a production-ready stable release such as 2.24.0, which would have been 2.0.24 under the old system.
* The patchlevel (micro version, third component) indicates a bugfix-only update: for example, 2.24.1 would be a bugfix-only release to fix bugs in 2.24.0, without adding new features.
* An odd number in the minor version indicates a prerelease such as 2.23.0. Stable distributions should not use these prereleases.
* The patchlevel indicates successive prereleases, for example 2.23.1 and 2.23.2 would be prereleases during development of the SDL 2.24.0 stable release.
* Added SDL_GetPointDisplayIndex() and SDL_GetRectDisplayIndex() to get the display associated with a point and rectangle in screen space
* Added SDL_bsearch(), SDL_crc16(), and SDL_utf8strnlen() to the stdlib routines
* Added SDL_CPUPauseInstruction() as a macro in SDL_atomic.h
* Added SDL_size_mul_overflow() and SDL_size_add_overflow() for better size overflow protection
* Added SDL_ResetHint() to reset a hint to the default value
* Added SDL_ResetKeyboard() to reset SDL's internal keyboard state, generating key up events for all currently pressed keys
* Added the hint SDL_HINT_MOUSE_RELATIVE_WARP_MOTION to control whether mouse warping generates motion events in relative mode. This hint defaults off.
* Added the hint SDL_HINT_TRACKPAD_IS_TOUCH_ONLY to control whether trackpads are treated as touch devices or mice. By default touchpads are treated as mouse input.
* The hint SDL_HINT_JOYSTICK_HIDAPI_JOY_CONS now defaults on
* Added support for mini-gamepad mode for Nintendo Joy-Con controllers using the HIDAPI driver
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_COMBINE_JOY_CONS to control whether Joy-Con controllers are automatically merged into a unified gamepad when using the HIDAPI driver. This hint defaults on.
* The hint SDL_HINT_JOYSTICK_HIDAPI_SWITCH_HOME_LED can be set to a floating point value to set the brightness of the Home LED on Nintendo Switch controllers
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_JOYCON_HOME_LED to set the Home LED brightness for the Nintendo Joy-Con controllers. By default the Home LED is not modified.
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_SWITCH_PLAYER_LED to control whether the player LED should be lit on the Nintendo Joy-Con controllers
* Added support for Nintendo Online classic controllers using the HIDAPI driver
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_NINTENDO_CLASSIC to control whether the HIDAPI driver for Nintendo Online classic controllers should be used
* Added support for the NVIDIA Shield Controller to the HIDAPI driver, supporting rumble and battery status
* Added support for NVIDIA SHIELD controller to the HIDAPI driver, and a hint SDL_HINT_JOYSTICK_HIDAPI_SHIELD to control whether this is used
* Added functions to get the platform dependent name for a joystick or game controller:
* SDL_JoystickPathForIndex()
* SDL_JoystickPath()
* SDL_GameControllerPathForIndex()
* SDL_GameControllerPath()
* Added SDL_GameControllerGetFirmwareVersion() and SDL_JoystickGetFirmwareVersion(), currently implemented for DualSense(tm) Wireless Controllers using HIDAPI
* Added SDL_JoystickAttachVirtualEx() for extended virtual controller support
* Added joystick event SDL_JOYBATTERYUPDATED for when battery status changes
* Added SDL_GUIDToString() and SDL_GUIDFromString() to convert between SDL GUID and string
* Added SDL_HasLSX() and SDL_HasLASX() to detect LoongArch SIMD support
* Added SDL_GetOriginalMemoryFunctions()
* Added SDL_GetDefaultAudioInfo() to get the name and format of the default audio device, currently implemented for PipeWire, PulseAudio, WASAPI, and DirectSound
* Added HIDAPI driver for the NVIDIA SHIELD controller (2017 model) to enable support for battery status and rumble
* Added support for opening audio devices with 3 or 5 channels (2.1, 4.1). All channel counts from Mono to 7.1 are now supported.
* Rewrote audio channel converters used by SDL_AudioCVT, based on the channel matrix coefficients used as the default for FAudio voices
* SDL log messages are no longer limited to 4K and can be any length
* Fixed a long-standing calling convention issue with dynapi affecting OpenWatcom or OS/2 builds
Windows:
* Added initial support for building for Windows and Xbox with Microsoft's Game Development Kit (GDK), see docs/README-gdk.md for details
* Added a D3D12 renderer implementation and SDL_RenderGetD3D12Device() to retrieve the D3D12 device associated with it
* Added the hint SDL_HINT_WINDOWS_DPI_AWARENESS to set whether the application is DPI-aware. This hint must be set before initializing the video subsystem
* Added the hint SDL_HINT_WINDOWS_DPI_SCALING to control whether the SDL coordinates are in DPI-scaled points or pixels
* Added the hint SDL_HINT_DIRECTINPUT_ENABLED to control whether the DirectInput driver should be used
* Added support for SDL_GetAudioDeviceSpec to the DirectSound backend
Linux:
* Support for XVidMode has been removed, mode changes are only supported using the XRandR extension
* Added the hint SDL_HINT_VIDEO_WAYLAND_MODE_EMULATION to control whether to expose a set of emulated modes in addition to the native resolution modes available on Wayland
* Added the hint SDL_HINT_KMSDRM_DEVICE_INDEX to specify which KMSDRM device to use if the default is not desired
* Added the hint SDL_HINT_LINUX_DIGITAL_HATS to control whether to treat hats as digital rather than checking to see if they may be analog
* Added the hint SDL_HINT_LINUX_HAT_DEADZONES to control whether to use deadzones on analog hats
macOS:
* Bumped minimum OS deployment version to macOS 10.9
* Added SDL_GL_FLOATBUFFERS to allow Cocoa GL contexts to use EDR
* Added the hint SDL_HINT_MAC_OPENGL_ASYNC_DISPATCH to control whether dispatching OpenGL context updates should block the dispatching thread until the main thread finishes processing. This hint defaults to blocking, which is the safer option on modern macOS.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Arne Fitzenreiter
|
5de0589058 |
python3-msgpack: update armv6 rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |