- Update from version 6.0.0 to 6.1.0 - Update of rootfile not required - Changelog is only available from the commits in the git repositry https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/iproute2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/iproute2 b/lfs/iproute2 index 825b071c3..62d3483d9 100644 --- a/lfs/iproute2 +++ b/lfs/iproute2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 6.0.0 +VER = 6.1.0
THISAPP = iproute2-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1cfb9b5a7892dec2b35e0eadbd957083e95fdc5077a1aa193329801ff25f9ed90a1fc4152756547be1fab8fe18d9a399001a4c3a61e951f64946156af6a90bae +$(DL_FILE)_BLAKE2 = 38249703e0a9ba74405aebdb97560b286deefa959a9c3f0e0893962b6966f5da2da46199dda6a0f9584bb473f8ba529440643d97f66e9b7619df029e3091d163
install : $(TARGET)
- Update from version 1.20 to 1.20.1 - Update of rootfile not required - Changelog Major changes in 1.20.1 (2022-11-15) Fix integer overflows in PAC parsing [CVE-2022-42898]. Fix null deref in KDC when decoding invalid NDR. Fix memory leak in OTP kdcpreauth module. Fix PKCS11 module path search.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/krb5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/krb5 b/lfs/krb5 index ce7d52d11..0b4dae8cc 100644 --- a/lfs/krb5 +++ b/lfs/krb5 @@ -26,7 +26,7 @@ include Config
SUMMARY = Kerberos
-VER = 1.20 +VER = 1.20.1
THISAPP = krb5-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = fdaaab6c16dbe073c4308f312e321536b582b75fad10e5450be66b6b828825c8c775e56f5287d4a7df819d20889e5c0d9cc1d179d861c9caba185332c0db7387 +$(DL_FILE)_BLAKE2 = ead16f8b1aec8bba3776628b74257c9aec891770c1fa6d5c5e66275db5f078ca59c9944cd2b017453b777ce080f8e5a322f735fab77691479cfad7b881b92830
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 1.20 to 1.20.1
- Update of rootfile not required
- Changelog Major changes in 1.20.1 (2022-11-15) Fix integer overflows in PAC parsing [CVE-2022-42898]. Fix null deref in KDC when decoding invalid NDR. Fix memory leak in OTP kdcpreauth module. Fix PKCS11 module path search.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
lfs/krb5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/krb5 b/lfs/krb5 index ce7d52d11..0b4dae8cc 100644 --- a/lfs/krb5 +++ b/lfs/krb5 @@ -26,7 +26,7 @@ include Config
SUMMARY = Kerberos
-VER = 1.20 +VER = 1.20.1
THISAPP = krb5-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = fdaaab6c16dbe073c4308f312e321536b582b75fad10e5450be66b6b828825c8c775e56f5287d4a7df819d20889e5c0d9cc1d179d861c9caba185332c0db7387 +$(DL_FILE)_BLAKE2 = ead16f8b1aec8bba3776628b74257c9aec891770c1fa6d5c5e66275db5f078ca59c9944cd2b017453b777ce080f8e5a322f735fab77691479cfad7b881b92830
install : $(TARGET)
- Update from version 3.6.1 to 3.6.2 - Update of rootfile - patch to fix glibc 2.36 headers is now part of the source code - Changelog Libarchive 3.6.2 is a bugfix and security release. Important bug fixes: include ZSTD in Windows builds (#1688) SSL fixes on Windows (#1714, #1723, #1724) rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/libarchive | 2 +- lfs/libarchive | 7 ++-- ...ibarchive-3.6-fix-glibc-2.36-headers.patch | 41 ------------------- 3 files changed, 4 insertions(+), 46 deletions(-) delete mode 100644 src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch
diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive index d6860041b..df0ab03c4 100644 --- a/config/rootfiles/common/libarchive +++ b/config/rootfiles/common/libarchive @@ -6,7 +6,7 @@ #usr/lib/libarchive.la #usr/lib/libarchive.so usr/lib/libarchive.so.13 -usr/lib/libarchive.so.13.6.1 +usr/lib/libarchive.so.13.6.2 #usr/lib/pkgconfig/libarchive.pc #usr/share/man/man1/bsdcat.1 #usr/share/man/man1/bsdcpio.1 diff --git a/lfs/libarchive b/lfs/libarchive index c6531ce12..f88753017 100644 --- a/lfs/libarchive +++ b/lfs/libarchive @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.6.1 +VER = 3.6.2
THISAPP = libarchive-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e7b79e97545dabeac164069e87adbd2081d3bd75c22f80b3797c6e487a477b3f6347b6fc14c76668eb69f2f2e5dcdd5a33a694e0a292ce426b8d0d93435218cf +$(DL_FILE)_BLAKE2 = 355b5d402e352dee802513485ce7e047af58d6de5b9bf6a49f3fd8d7b94117007598820ac979585c0da79747e8b63b70ab151131182368a11f97a047cf9029d4
install : $(TARGET)
@@ -74,7 +74,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch cd $(DIR_APP) && ./configure --prefix=/usr --disable-static cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch b/src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch deleted file mode 100644 index 7c88ca1b1..000000000 --- a/src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a2f68263a1da5ad227bcb9cd8fa91b93c8b6c99f Mon Sep 17 00:00:00 2001 -From: Khem Raj raj.khem@gmail.com -Date: Mon, 25 Jul 2022 10:56:53 -0700 -Subject: [PATCH] libarchive: Do not include sys/mount.h when linux/fs.h is - present - -These headers are in conflict and only one is needed by -archive_read_disk_posix.c therefore include linux/fs.h if it exists -otherwise include sys/mount.h - -It also helps compiling with glibc 2.36 -where sys/mount.h conflicts with linux/mount.h see [1] - -[1] https://sourceware.org/glibc/wiki/Release/2.36 ---- - libarchive/archive_read_disk_posix.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c -index 2b39e672b..a96008db7 100644 ---- a/libarchive/archive_read_disk_posix.c -+++ b/libarchive/archive_read_disk_posix.c -@@ -34,9 +34,6 @@ __FBSDID("$FreeBSD$"); - #ifdef HAVE_SYS_PARAM_H - #include <sys/param.h> - #endif --#ifdef HAVE_SYS_MOUNT_H --#include <sys/mount.h> --#endif - #ifdef HAVE_SYS_STAT_H - #include <sys/stat.h> - #endif -@@ -54,6 +51,8 @@ __FBSDID("$FreeBSD$"); - #endif - #ifdef HAVE_LINUX_FS_H - #include <linux/fs.h> -+#elif HAVE_SYS_MOUNT_H -+#include <sys/mount.h> - #endif - /* - * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
I lost count how many security updates libarchive released this year...
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 3.6.1 to 3.6.2
- Update of rootfile
- patch to fix glibc 2.36 headers is now part of the source code
- Changelog Libarchive 3.6.2 is a bugfix and security release. Important bug fixes: include ZSTD in Windows builds (#1688) SSL fixes on Windows (#1714, #1723, #1724) rar5 reader: fix possible garbled output with bsdtar -O (#1745) mtree reader: support reading mtree files with tabs (#1783) various small fixes for issues found by CodeQL
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/libarchive | 2 +- lfs/libarchive | 7 ++-- ...ibarchive-3.6-fix-glibc-2.36-headers.patch | 41 ------------------- 3 files changed, 4 insertions(+), 46 deletions(-) delete mode 100644 src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch
diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive index d6860041b..df0ab03c4 100644 --- a/config/rootfiles/common/libarchive +++ b/config/rootfiles/common/libarchive @@ -6,7 +6,7 @@ #usr/lib/libarchive.la #usr/lib/libarchive.so usr/lib/libarchive.so.13 -usr/lib/libarchive.so.13.6.1 +usr/lib/libarchive.so.13.6.2 #usr/lib/pkgconfig/libarchive.pc #usr/share/man/man1/bsdcat.1 #usr/share/man/man1/bsdcpio.1 diff --git a/lfs/libarchive b/lfs/libarchive index c6531ce12..f88753017 100644 --- a/lfs/libarchive +++ b/lfs/libarchive @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.6.1 +VER = 3.6.2
THISAPP = libarchive-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e7b79e97545dabeac164069e87adbd2081d3bd75c22f80b3797c6e487a477b3f6347b6fc14c76668eb69f2f2e5dcdd5a33a694e0a292ce426b8d0d93435218cf +$(DL_FILE)_BLAKE2 = 355b5d402e352dee802513485ce7e047af58d6de5b9bf6a49f3fd8d7b94117007598820ac979585c0da79747e8b63b70ab151131182368a11f97a047cf9029d4
install : $(TARGET)
@@ -74,7 +74,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch cd $(DIR_APP) && ./configure --prefix=/usr --disable-static cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install
diff --git a/src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch b/src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch deleted file mode 100644 index 7c88ca1b1..000000000 --- a/src/patches/libarchive-3.6-fix-glibc-2.36-headers.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a2f68263a1da5ad227bcb9cd8fa91b93c8b6c99f Mon Sep 17 00:00:00 2001 -From: Khem Raj raj.khem@gmail.com -Date: Mon, 25 Jul 2022 10:56:53 -0700 -Subject: [PATCH] libarchive: Do not include sys/mount.h when linux/fs.h is
- present
-These headers are in conflict and only one is needed by -archive_read_disk_posix.c therefore include linux/fs.h if it exists -otherwise include sys/mount.h
-It also helps compiling with glibc 2.36 -where sys/mount.h conflicts with linux/mount.h see [1]
-[1] https://sourceware.org/glibc/wiki/Release/2.36
- libarchive/archive_read_disk_posix.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c -index 2b39e672b..a96008db7 100644 ---- a/libarchive/archive_read_disk_posix.c -+++ b/libarchive/archive_read_disk_posix.c -@@ -34,9 +34,6 @@ __FBSDID("$FreeBSD$");
- #ifdef HAVE_SYS_PARAM_H
- #include <sys/param.h>
- #endif
--#ifdef HAVE_SYS_MOUNT_H --#include <sys/mount.h> --#endif
- #ifdef HAVE_SYS_STAT_H
- #include <sys/stat.h>
- #endif
-@@ -54,6 +51,8 @@ __FBSDID("$FreeBSD$");
- #endif
- #ifdef HAVE_LINUX_FS_H
- #include <linux/fs.h>
-+#elif HAVE_SYS_MOUNT_H -+#include <sys/mount.h>
- #endif
- /*
- Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
- Update from version 1.2.1 to 1.3.1 - Update of rootfile - Changelog Changes in version 1.3.1, released in December 2022: - Bug fix: It is again possible to include mpc.h without including stdio.h. Changes in version 1.3.0 ("Ipomoea batatas"), released in December 2022: - New function: mpc_agm - New rounding modes "away from zero", indicated by the letter "A" and corresponding to MPFR_RNDA on the designated real or imaginary part. - New experimental ball arithmetic. - New experimental function: mpc_eta_fund - Bug fixes: - mpc_asin for asin(z) with small |Re(z)| and tiny |Im(z)| - mpc_pow_fr: sign of zero part of result when the base has up to sign the same real and imaginary part, and the exponent is an even positive integer - mpc_fma: the returned 'int' value was incorrect in some cases (indicating whether the rounded real/imaginary parts were smaller/equal/greater than the exact values), but the computed complex value was correct. - Remove the unmaintained Makefile.vc; build files for Visual Studio can be found at https://github.com/BrianGladman/mpc .
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/libmpc | 2 +- lfs/libmpc | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/libmpc b/config/rootfiles/common/libmpc index 382f669a8..298a52a09 100644 --- a/config/rootfiles/common/libmpc +++ b/config/rootfiles/common/libmpc @@ -3,5 +3,5 @@ #usr/lib/libmpc.la #usr/lib/libmpc.so usr/lib/libmpc.so.3 -usr/lib/libmpc.so.3.2.1 +usr/lib/libmpc.so.3.3.1 #usr/share/info/mpc.info diff --git a/lfs/libmpc b/lfs/libmpc index 8d1f65aba..7c90e40f9 100644 --- a/lfs/libmpc +++ b/lfs/libmpc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.2.1 +VER = 1.3.1
THISAPP = mpc-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 9cd03c6a71839e4cdb3c1f18d718cc4d3097c3f8ec307a5c756bd5df27c68aa013755156b3b156efee1acabfee2269602c6a3a358092ef0d522271c9c56c133d +$(DL_FILE)_BLAKE2 = 76434e6f8830af3571836d51576bfebbc9701e9bbb5c4686f134081cd96cd90ae02f7ff42bf9e3957c7a7ba92b6b2d9cdabe18f0269271147521cd7f6a2d551c
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 1.2.1 to 1.3.1
- Update of rootfile
- Changelog Changes in version 1.3.1, released in December 2022:
Changes in version 1.3.0 ("Ipomoea batatas"), released in December 2022:
- Bug fix: It is again possible to include mpc.h without including stdio.h.
- New function: mpc_agm
- New rounding modes "away from zero", indicated by the letter "A" and corresponding to MPFR_RNDA on the designated real or imaginary part.
- New experimental ball arithmetic.
- New experimental function: mpc_eta_fund
- Bug fixes:
- mpc_asin for asin(z) with small |Re(z)| and tiny |Im(z)|
- mpc_pow_fr: sign of zero part of result when the base has up to sign the same real and imaginary part, and the exponent is an even positive integer
- mpc_fma: the returned 'int' value was incorrect in some cases (indicating whether the rounded real/imaginary parts were smaller/equal/greater than the exact values), but the computed complex value was correct.
- Remove the unmaintained Makefile.vc; build files for Visual Studio can be found at https://github.com/BrianGladman/mpc .
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/libmpc | 2 +- lfs/libmpc | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/libmpc b/config/rootfiles/common/libmpc index 382f669a8..298a52a09 100644 --- a/config/rootfiles/common/libmpc +++ b/config/rootfiles/common/libmpc @@ -3,5 +3,5 @@ #usr/lib/libmpc.la #usr/lib/libmpc.so usr/lib/libmpc.so.3 -usr/lib/libmpc.so.3.2.1 +usr/lib/libmpc.so.3.3.1 #usr/share/info/mpc.info diff --git a/lfs/libmpc b/lfs/libmpc index 8d1f65aba..7c90e40f9 100644 --- a/lfs/libmpc +++ b/lfs/libmpc @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.2.1 +VER = 1.3.1
THISAPP = mpc-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 9cd03c6a71839e4cdb3c1f18d718cc4d3097c3f8ec307a5c756bd5df27c68aa013755156b3b156efee1acabfee2269602c6a3a358092ef0d522271c9c56c133d +$(DL_FILE)_BLAKE2 = 76434e6f8830af3571836d51576bfebbc9701e9bbb5c4686f134081cd96cd90ae02f7ff42bf9e3957c7a7ba92b6b2d9cdabe18f0269271147521cd7f6a2d551c
install : $(TARGET)
- Update from version 7.0 to 7.1 - Update of rootfile not required - Changelog 2022.12.14 - GNU nano 7.1 "And the devices shall be made of wood" • When --autoindent and --breaklonglines are combined, pressing <Enter> at a specific position no longer eats characters.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/nano | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/nano b/lfs/nano index 89167b2af..7ec2eca48 100644 --- a/lfs/nano +++ b/lfs/nano @@ -24,7 +24,7 @@
include Config
-VER = 7.0 +VER = 7.1
THISAPP = nano-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 5212aa2a65cc7bccb33ebd66934e53ea7c6bd739ceae94796397bd193698453417eae2a5cf63c995e90aa077795f9bcf70568a35208716a09c9a6d89d75ff409 +$(DL_FILE)_BLAKE2 = cc606a04b34e723da01326d617b50f79711d0b35034b3e75f410fa7e277ba3eddbb1a408a80255533d2fa953f23fee745979363d5621b63a79bd89b29d8d528e
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 7.0 to 7.1
- Update of rootfile not required
- Changelog 2022.12.14 - GNU nano 7.1 "And the devices shall be made of wood" • When --autoindent and --breaklonglines are combined, pressing <Enter> at a specific position no longer eats characters.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
lfs/nano | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/nano b/lfs/nano index 89167b2af..7ec2eca48 100644 --- a/lfs/nano +++ b/lfs/nano @@ -24,7 +24,7 @@
include Config
-VER = 7.0 +VER = 7.1
THISAPP = nano-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 5212aa2a65cc7bccb33ebd66934e53ea7c6bd739ceae94796397bd193698453417eae2a5cf63c995e90aa077795f9bcf70568a35208716a09c9a6d89d75ff409 +$(DL_FILE)_BLAKE2 = cc606a04b34e723da01326d617b50f79711d0b35034b3e75f410fa7e277ba3eddbb1a408a80255533d2fa953f23fee745979363d5621b63a79bd89b29d8d528e
install : $(TARGET)
- Update from version 23.4 to 23.6 - Update of rootfile - Changelog Changes in 23.6 * buildsys: Fix DEJAGNU work-around Debian #1015089 * killall: Use kill if pidfd_send_signal fails Debian #1015228 * fuser: Do not mention nonexistent - reset option #42 * fuser: Use modern statn where possible * pstree: Better AppArmor support !30 Changes in 23.5 * killall: Check truncated names !28 * killall: Use openat and pidfd_send_signal #37 * killall: Don't check paths of sockets #35 * pstree: Check for process with show_parents #38 * pstree: Don't disable compaction with show pgids #34 * pstree: Fix storage leak !29
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/psmisc | 44 ++++++++++++++++++++++++++++++++-- lfs/psmisc | 4 ++-- 2 files changed, 44 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/psmisc b/config/rootfiles/common/psmisc index 759e7f0ab..8a658fd1c 100644 --- a/config/rootfiles/common/psmisc +++ b/config/rootfiles/common/psmisc @@ -5,20 +5,38 @@ bin/killall #bin/pslog usr/bin/pstree #usr/bin/pstree.x11 +#usr/share/man/da +#usr/share/man/da/man1 +#usr/share/man/da/man1/prtstat.1 +#usr/share/man/da/man1/pslog.1 #usr/share/man/de/man1/fuser.1 #usr/share/man/de/man1/killall.1 #usr/share/man/de/man1/peekfd.1 #usr/share/man/de/man1/prtstat.1 #usr/share/man/de/man1/pslog.1 #usr/share/man/de/man1/pstree.1 -#usr/share/man/fr -#usr/share/man/fr/man1 #usr/share/man/fr/man1/fuser.1 #usr/share/man/fr/man1/killall.1 #usr/share/man/fr/man1/peekfd.1 #usr/share/man/fr/man1/prtstat.1 #usr/share/man/fr/man1/pslog.1 #usr/share/man/fr/man1/pstree.1 +#usr/share/man/hr +#usr/share/man/hr/man1 +#usr/share/man/hr/man1/fuser.1 +#usr/share/man/hr/man1/killall.1 +#usr/share/man/hr/man1/peekfd.1 +#usr/share/man/hr/man1/prtstat.1 +#usr/share/man/hr/man1/pslog.1 +#usr/share/man/hr/man1/pstree.1 +#usr/share/man/ko +#usr/share/man/ko/man1 +#usr/share/man/ko/man1/fuser.1 +#usr/share/man/ko/man1/killall.1 +#usr/share/man/ko/man1/peekfd.1 +#usr/share/man/ko/man1/prtstat.1 +#usr/share/man/ko/man1/pslog.1 +#usr/share/man/ko/man1/pstree.1 #usr/share/man/man1/fuser.1 #usr/share/man/man1/killall.1 #usr/share/man/man1/peekfd.1 @@ -33,6 +51,12 @@ usr/bin/pstree #usr/share/man/pt_BR/man1/prtstat.1 #usr/share/man/pt_BR/man1/pslog.1 #usr/share/man/pt_BR/man1/pstree.1 +#usr/share/man/ro/man1/fuser.1 +#usr/share/man/ro/man1/killall.1 +#usr/share/man/ro/man1/peekfd.1 +#usr/share/man/ro/man1/prtstat.1 +#usr/share/man/ro/man1/pslog.1 +#usr/share/man/ro/man1/pstree.1 #usr/share/man/ru #usr/share/man/ru/man1 #usr/share/man/ru/man1/fuser.1 @@ -41,6 +65,22 @@ usr/bin/pstree #usr/share/man/ru/man1/prtstat.1 #usr/share/man/ru/man1/pslog.1 #usr/share/man/ru/man1/pstree.1 +#usr/share/man/sr +#usr/share/man/sr/man1 +#usr/share/man/sr/man1/fuser.1 +#usr/share/man/sr/man1/killall.1 +#usr/share/man/sr/man1/peekfd.1 +#usr/share/man/sr/man1/prtstat.1 +#usr/share/man/sr/man1/pslog.1 +#usr/share/man/sr/man1/pstree.1 +#usr/share/man/sv +#usr/share/man/sv/man1 +#usr/share/man/sv/man1/fuser.1 +#usr/share/man/sv/man1/killall.1 +#usr/share/man/sv/man1/peekfd.1 +#usr/share/man/sv/man1/prtstat.1 +#usr/share/man/sv/man1/pslog.1 +#usr/share/man/sv/man1/pstree.1 #usr/share/man/uk #usr/share/man/uk/man1 #usr/share/man/uk/man1/fuser.1 diff --git a/lfs/psmisc b/lfs/psmisc index 4ca6b6810..3340879c3 100644 --- a/lfs/psmisc +++ b/lfs/psmisc @@ -24,7 +24,7 @@
include Config
-VER = 23.4 +VER = 23.6
THISAPP = psmisc-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e762171c4d3252421a49b352fadb3e892f66862f003a313a0cc692f973364b06d2652a51d331314462784d94ad55189e74c4d7a023d5d7c917c5e5c05009f46b +$(DL_FILE)_BLAKE2 = 468bf4e84695efcedb832f890b6201b7bc4aca7c5aabaf30e67f4471671421897ee7cd67f01d4b3d60c3e1c63752eb7384e627e75fa7db290cd749da08e2f788
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 23.4 to 23.6
- Update of rootfile
- Changelog Changes in 23.6 * buildsys: Fix DEJAGNU work-around Debian #1015089
Changes in 23.5
- killall: Use kill if pidfd_send_signal fails Debian #1015228
- fuser: Do not mention nonexistent - reset option #42
- fuser: Use modern statn where possible
- pstree: Better AppArmor support !30
- killall: Check truncated names !28
- killall: Use openat and pidfd_send_signal #37
- killall: Don't check paths of sockets #35
- pstree: Check for process with show_parents #38
- pstree: Don't disable compaction with show pgids #34
- pstree: Fix storage leak !29
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/psmisc | 44 ++++++++++++++++++++++++++++++++-- lfs/psmisc | 4 ++-- 2 files changed, 44 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/psmisc b/config/rootfiles/common/psmisc index 759e7f0ab..8a658fd1c 100644 --- a/config/rootfiles/common/psmisc +++ b/config/rootfiles/common/psmisc @@ -5,20 +5,38 @@ bin/killall #bin/pslog usr/bin/pstree #usr/bin/pstree.x11 +#usr/share/man/da +#usr/share/man/da/man1 +#usr/share/man/da/man1/prtstat.1 +#usr/share/man/da/man1/pslog.1 #usr/share/man/de/man1/fuser.1 #usr/share/man/de/man1/killall.1 #usr/share/man/de/man1/peekfd.1 #usr/share/man/de/man1/prtstat.1 #usr/share/man/de/man1/pslog.1 #usr/share/man/de/man1/pstree.1 -#usr/share/man/fr -#usr/share/man/fr/man1 #usr/share/man/fr/man1/fuser.1 #usr/share/man/fr/man1/killall.1 #usr/share/man/fr/man1/peekfd.1 #usr/share/man/fr/man1/prtstat.1 #usr/share/man/fr/man1/pslog.1 #usr/share/man/fr/man1/pstree.1 +#usr/share/man/hr +#usr/share/man/hr/man1 +#usr/share/man/hr/man1/fuser.1 +#usr/share/man/hr/man1/killall.1 +#usr/share/man/hr/man1/peekfd.1 +#usr/share/man/hr/man1/prtstat.1 +#usr/share/man/hr/man1/pslog.1 +#usr/share/man/hr/man1/pstree.1 +#usr/share/man/ko +#usr/share/man/ko/man1 +#usr/share/man/ko/man1/fuser.1 +#usr/share/man/ko/man1/killall.1 +#usr/share/man/ko/man1/peekfd.1 +#usr/share/man/ko/man1/prtstat.1 +#usr/share/man/ko/man1/pslog.1 +#usr/share/man/ko/man1/pstree.1 #usr/share/man/man1/fuser.1 #usr/share/man/man1/killall.1 #usr/share/man/man1/peekfd.1 @@ -33,6 +51,12 @@ usr/bin/pstree #usr/share/man/pt_BR/man1/prtstat.1 #usr/share/man/pt_BR/man1/pslog.1 #usr/share/man/pt_BR/man1/pstree.1 +#usr/share/man/ro/man1/fuser.1 +#usr/share/man/ro/man1/killall.1 +#usr/share/man/ro/man1/peekfd.1 +#usr/share/man/ro/man1/prtstat.1 +#usr/share/man/ro/man1/pslog.1 +#usr/share/man/ro/man1/pstree.1 #usr/share/man/ru #usr/share/man/ru/man1 #usr/share/man/ru/man1/fuser.1 @@ -41,6 +65,22 @@ usr/bin/pstree #usr/share/man/ru/man1/prtstat.1 #usr/share/man/ru/man1/pslog.1 #usr/share/man/ru/man1/pstree.1 +#usr/share/man/sr +#usr/share/man/sr/man1 +#usr/share/man/sr/man1/fuser.1 +#usr/share/man/sr/man1/killall.1 +#usr/share/man/sr/man1/peekfd.1 +#usr/share/man/sr/man1/prtstat.1 +#usr/share/man/sr/man1/pslog.1 +#usr/share/man/sr/man1/pstree.1 +#usr/share/man/sv +#usr/share/man/sv/man1 +#usr/share/man/sv/man1/fuser.1 +#usr/share/man/sv/man1/killall.1 +#usr/share/man/sv/man1/peekfd.1 +#usr/share/man/sv/man1/prtstat.1 +#usr/share/man/sv/man1/pslog.1 +#usr/share/man/sv/man1/pstree.1 #usr/share/man/uk #usr/share/man/uk/man1 #usr/share/man/uk/man1/fuser.1 diff --git a/lfs/psmisc b/lfs/psmisc index 4ca6b6810..3340879c3 100644 --- a/lfs/psmisc +++ b/lfs/psmisc @@ -24,7 +24,7 @@
include Config
-VER = 23.4 +VER = 23.6
THISAPP = psmisc-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e762171c4d3252421a49b352fadb3e892f66862f003a313a0cc692f973364b06d2652a51d331314462784d94ad55189e74c4d7a023d5d7c917c5e5c05009f46b +$(DL_FILE)_BLAKE2 = 468bf4e84695efcedb832f890b6201b7bc4aca7c5aabaf30e67f4471671421897ee7cd67f01d4b3d60c3e1c63752eb7384e627e75fa7db290cd749da08e2f788
install : $(TARGET)
- Update from version 4.17.3 to 4.17.4 - Update of rootfile (Only the x86_64 rootfile updated with this patch) - Changelog Release Notes for Samba 4.17.4 This is the latest stable release of the Samba 4.17 release series. It also contains security changes in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher. On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96. https://www.samba.org/samba/security/CVE-2022-37966.html o CVE-2022-37967: This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022. A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with. https://www.samba.org/samba/security/CVE-2022-37967.html o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak. https://www.samba.org/samba/security/CVE-2022-38023.html Note that there are several important behavior changes included in this release, which may cause compatibility problems interacting with system still expecting the former behavior. Please read the advisories of CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023 carefully! samba-tool got a new 'domain trust modify' subcommand This allows "msDS-SupportedEncryptionTypes" to be changed on trustedDomain objects. Even against remote DCs (including Windows) using the --local-dc-ipaddress= (and other --local-dc-* options). See 'samba-tool domain trust modify --help' for further details. smb.conf changes Parameter Name Description Default -------------- ----------- ------- allow nt4 crypto Deprecated no allow nt4 crypto:COMPUTERACCOUNT New kdc default domain supported enctypes New (see manpage) kdc supported enctypes New (see manpage) kdc force enable rc4 weak session keys New No reject md5 clients New Default, Deprecated Yes reject md5 servers New Default, Deprecated Yes server schannel Deprecated Yes server schannel require seal New, Deprecated Yes server schannel require seal:COMPUTERACCOUNT New winbind sealed pipes Deprecated Yes Changes since 4.17.3 o Jeremy Allison jra@samba.org * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the same size. o Andrew Bartlett abartlet@samba.org * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of user-controlled pointer in FAST. * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. * BUG 15237: CVE-2022-37966. * BUG 15258: filter-subunit is inefficient with large numbers of knownfails. o Ralph Boehme slow@samba.org * BUG 15240: CVE-2022-38023. * BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories. o Stefan Metzmacher metze@samba.org * BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from Windows. * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. * BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing vulnerability. * BUG 15206: libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(). * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. * BUG 15230: Memory leak in snprintf replacement functions. * BUG 15237: CVE-2022-37966. * BUG 15240: CVE-2022-38023. * BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression). o Noel Power noel.power@suse.com * BUG 15224: pam_winbind uses time_t and pointers assuming they are of the same size. o Anoop C S anoopcs@samba.org * BUG 15198: Prevent EBADF errors with vfs_glusterfs. o Andreas Schneider asn@samba.org * BUG 15237: CVE-2022-37966. * BUG 15243: %U for include directive doesn't work for share listing (netshareenum). * BUG 15257: Stack smashing in net offlinejoin requestodj. o Joseph Sutton josephsutton@catalyst.net.nz * BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue. * BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry. * BUG 15231: CVE-2022-37967. * BUG 15237: CVE-2022-37966. o Nicolas Williams nico@twosigma.com * BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of user-controlled pointer in FAST.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/packages/x86_64/samba | 1 + lfs/samba | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/packages/x86_64/samba b/config/rootfiles/packages/x86_64/samba index e360fa494..5ce0c7ef5 100644 --- a/config/rootfiles/packages/x86_64/samba +++ b/config/rootfiles/packages/x86_64/samba @@ -508,6 +508,7 @@ usr/lib/python3.10/site-packages/samba/tdb_util.py #usr/lib/python3.10/site-packages/samba/tests/krb5/as_canonicalization_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/as_req_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/compatability_tests.py +#usr/lib/python3.10/site-packages/samba/tests/krb5/etype_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/fast_tests.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kcrypto.py #usr/lib/python3.10/site-packages/samba/tests/krb5/kdc_base_test.py diff --git a/lfs/samba b/lfs/samba index ee1d2be94..c73e3eb7f 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@
include Config
-VER = 4.17.3 +VER = 4.17.4 SUMMARY = A SMB/CIFS File, Print, and Authentication Server
THISAPP = samba-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 89 +PAK_VER = 90
DEPS = avahi cups libtirpc perl-Parse-Yapp perl-JSON
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = dfd8e09914aa3f7188e8672ea06aa0409b48931bad9e56e2b54af3145c1df1285ba71d2f6b166a84aaa27a539d8a1de30c9418b337d56b4ae8470ecfb6f44f01 +$(DL_FILE)_BLAKE2 = 2f95ef07530c11b3b46fd5dec3b44c926bc4c06871a2d9405c86a791d8e28d84649444f8147275fe425923eefc46ec49a903b71d21aaca379618ffbfce1dcd84
install : $(TARGET)
- Update from version 5.2.8 to 5.4.0 - Update of rootfile - Changelog 5.4.0 (2022-12-13) This bumps the minor version of liblzma because new features were added. The API and ABI are still backward compatible with liblzma 5.2.x and 5.0.x. Since 5.3.5beta: * All fixes from 5.2.10. * The ARM64 filter is now stable. The xz option is now --arm64. Decompression requires XZ Utils 5.4.0. In the future the ARM64 filter will be supported by XZ for Java, XZ Embedded (including the version in Linux), LZMA SDK, and 7-Zip. * Translations: - Updated Catalan, Croatian, German, Romanian, and Turkish translations. - Updated German man page translations. - Added Romanian man page translations. Summary of new features added in the 5.3.x development releases: * liblzma: - Added threaded .xz decompressor lzma_stream_decoder_mt(). It can use multiple threads with .xz files that have multiple Blocks with size information in Block Headers. The threaded encoder in xz has always created such files. Single-threaded encoder cannot store the size information in Block Headers even if one used LZMA_FULL_FLUSH to create multiple Blocks, so this threaded decoder cannot use multiple threads with such files. If there are multiple Streams (concatenated .xz files), one Stream will be decompressed completely before starting the next Stream. - A new decoder flag LZMA_FAIL_FAST was added. It makes the threaded decompressor report errors soon instead of first flushing all pending data before the error location. - New Filter IDs: * LZMA_FILTER_ARM64 is for ARM64 binaries. * LZMA_FILTER_LZMA1EXT is for raw LZMA1 streams that don't necessarily use the end marker. - Added lzma_str_to_filters(), lzma_str_from_filters(), and lzma_str_list_filters() to convert a preset or a filter chain string to a lzma_filter[] and vice versa. These should make it easier to write applications that allow users to specify custom compression options. - Added lzma_filters_free() which can be convenient for freeing the filter options in a filter chain (an array of lzma_filter structures). - lzma_file_info_decoder() to makes it a little easier to get the Index field from .xz files. This helps in getting the uncompressed file size but an easy-to-use random access API is still missing which has existed in XZ for Java for a long time. - Added lzma_microlzma_encoder() and lzma_microlzma_decoder(). It is used by erofs-utils and may be used by others too. The MicroLZMA format is a raw LZMA stream (without end marker) whose first byte (always 0x00) has been replaced with bitwise-negation of the LZMA properties (lc/lp/pb). It was created for use in EROFS but may be used in other contexts as well where it is important to avoid wasting bytes for stream headers or footers. The format is also supported by XZ Embedded (the XZ Embedded version in Linux got MicroLZMA support in Linux 5.16). The MicroLZMA encoder API in liblzma can compress into a fixed-sized output buffer so that as much data is compressed as can be fit into the buffer while still creating a valid MicroLZMA stream. This is needed for EROFS. - Added lzma_lzip_decoder() to decompress the .lz (lzip) file format version 0 and the original unextended version 1 files. Also lzma_auto_decoder() supports .lz files. - lzma_filters_update() can now be used with the multi-threaded encoder (lzma_stream_encoder_mt()) to change the filter chain after LZMA_FULL_BARRIER or LZMA_FULL_FLUSH. - In lzma_options_lzma, allow nice_len = 2 and 3 with the match finders that require at least 3 or 4. Now it is internally rounded up if needed. - CLMUL-based CRC64 on x86-64 and E2K with runtime processor detection. On 32-bit x86 it currently isn't available unless --disable-assembler is used which can make the non-CLMUL CRC64 slower; this might be fixed in the future. - Building with --disable-threads --enable-small is now thread-safe if the compiler supports __attribute__((__constructor__)). * xz: - Using -T0 (--threads=0) will now use multi-threaded encoder even on a single-core system. This is to ensure that output from the same xz binary is identical on both single-core and multi-core systems. - --threads=+1 or -T+1 is now a way to put xz into multi-threaded mode while using only one worker thread. The + is ignored if the number is not 1. - A default soft memory usage limit is now used for compression when -T0 is used and no explicit limit has been specified. This soft limit is used to restrict the number of threads but if the limit is exceeded with even one thread then xz will continue with one thread using the multi-threaded encoder and this limit is ignored. If the number of threads is specified manually then no default limit will be used; this affects only -T0. This change helps on systems that have very many cores and using all of them for xz makes no sense. Previously xz -T0 could run out of memory on such systems because it attempted to reserve memory for too many threads. This also helps with 32-bit builds which don't have a large amount of address space that would be required for many threads. The default soft limit for -T0 is at most 1400 MiB on all 32-bit platforms. - Previously a low value in --memlimit-compress wouldn't cause xz to switch from multi-threaded mode to single-threaded mode if the limit cannot otherwise be met; xz failed instead. Now xz can switch to single-threaded mode and then, if needed, scale down the LZMA2 dictionary size too just like it already did when it was started in single-threaded mode. - The option --no-adjust no longer prevents xz from scaling down the number of threads as that doesn't affect the compressed output (only performance). Now --no-adjust only prevents adjustments that affect compressed output, that is, with --no-adjust xz won't switch from multi-threaded mode to single-threaded mode and won't scale down the LZMA2 dictionary size. - Added a new option --memlimit-mt-decompress=LIMIT. This is used to limit the number of decompressor threads (possibly falling back to single-threaded mode) but it will never make xz refuse to decompress a file. This has a system-specific default value because without any limit xz could end up allocating memory for the whole compressed input file, the whole uncompressed output file, multiple thread-specific decompressor instances and so on. Basically xz could attempt to use an insane amount of memory even with fairly common files. The system-specific default value is currently the same as the one used for compression with -T0. The new option works together with the existing option --memlimit-decompress=LIMIT. The old option sets a hard limit that must not be exceeded (xz will refuse to decompress) while the new option only restricts the number of threads. If the limit set with --memlimit-mt-decompress is greater than the limit set with --memlimit-compress, then the latter value is used also for --memlimit-mt-decompress. - Added new information to the output of xz --info-memory and new fields to the output of xz --robot --info-memory. - In --lzma2=nice=NUMBER allow 2 and 3 with all match finders now that liblzma handles it. - Don't mention endianness for ARM and ARM-Thumb filters in --long-help. The filters only work for little endian instruction encoding but modern ARM processors using big endian data access still use little endian instruction encoding. So the help text was misleading. In contrast, the PowerPC filter is only for big endian 32/64-bit PowerPC code. Little endian PowerPC would need a separate filter. - Added decompression support for the .lz (lzip) file format version 0 and the original unextended version 1. It is autodetected by default. See also the option --format on the xz man page. - Sandboxing enabled by default: * Capsicum (FreeBSD) * pledge(2) (OpenBSD) * Scripts now support the .lz format using xz. * A few new tests were added. * The liblzma-specific tests are now supported in CMake-based builds too ("make test"). 5.2.10 (2022-12-13) * xz: Don't modify argv[] when parsing the --memlimit* and --block-list command line options. This fixes confusing arguments in process listing (like "ps auxf"). * GNU/Linux only: Use __has_attribute(__symver__) to detect if that attribute is supported. This fixes build on Mandriva where Clang is patched to define __GNUC__ to 11 by default (instead of 4 as used by Clang upstream). 5.2.9 (2022-11-30) * liblzma: - Fixed an infinite loop in LZMA encoder initialization if dict_size >= 2 GiB. (The encoder only supports up to 1536 MiB.) - Fixed two cases of invalid free() that can happen if a tiny allocation fails in encoder re-initialization or in lzma_filters_update(). These bugs had some similarities with the bug fixed in 5.2.7. - Fixed lzma_block_encoder() not allowing the use of LZMA_SYNC_FLUSH with lzma_code() even though it was documented to be supported. The sync-flush code in the Block encoder was already used internally via lzma_stream_encoder(), so this was just a missing flag in the lzma_block_encoder() API function. - GNU/Linux only: Don't put symbol versions into static liblzma as it breaks things in some cases (and even if it didn't break anything, symbol versions in static libraries are useless anyway). The downside of the fix is that if the configure options --with-pic or --without-pic are used then it's not possible to build both shared and static liblzma at the same time on GNU/Linux anymore; with those options --disable-static or --disable-shared must be used too. * New email address for bug reports is xz@tukaani.org which forwards messages to Lasse Collin and Jia Tan.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/xz | 32 +++++++++++++++++++++++++++++++- lfs/xz | 6 +++--- 2 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index d2f1d44cc..1e4a43729 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,7 +41,7 @@ usr/bin/xzmore #usr/lib/liblzma.la usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.2.8 +usr/lib/liblzma.so.5.4.0 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS @@ -93,6 +93,9 @@ usr/lib/liblzma.so.5.2.8 #usr/share/man/de/man1/lzcat.1 #usr/share/man/de/man1/lzcmp.1 #usr/share/man/de/man1/lzdiff.1 +#usr/share/man/de/man1/lzegrep.1 +#usr/share/man/de/man1/lzfgrep.1 +#usr/share/man/de/man1/lzgrep.1 #usr/share/man/de/man1/lzless.1 #usr/share/man/de/man1/lzma.1 #usr/share/man/de/man1/lzmadec.1 @@ -104,6 +107,9 @@ usr/lib/liblzma.so.5.2.8 #usr/share/man/de/man1/xzcmp.1 #usr/share/man/de/man1/xzdec.1 #usr/share/man/de/man1/xzdiff.1 +#usr/share/man/de/man1/xzegrep.1 +#usr/share/man/de/man1/xzfgrep.1 +#usr/share/man/de/man1/xzgrep.1 #usr/share/man/de/man1/xzless.1 #usr/share/man/de/man1/xzmore.1 #usr/share/man/fr @@ -147,3 +153,27 @@ usr/lib/liblzma.so.5.2.8 #usr/share/man/man1/xzgrep.1 #usr/share/man/man1/xzless.1 #usr/share/man/man1/xzmore.1 +#usr/share/man/ro +#usr/share/man/ro/man1 +#usr/share/man/ro/man1/lzcat.1 +#usr/share/man/ro/man1/lzcmp.1 +#usr/share/man/ro/man1/lzdiff.1 +#usr/share/man/ro/man1/lzegrep.1 +#usr/share/man/ro/man1/lzfgrep.1 +#usr/share/man/ro/man1/lzgrep.1 +#usr/share/man/ro/man1/lzless.1 +#usr/share/man/ro/man1/lzma.1 +#usr/share/man/ro/man1/lzmadec.1 +#usr/share/man/ro/man1/lzmore.1 +#usr/share/man/ro/man1/unlzma.1 +#usr/share/man/ro/man1/unxz.1 +#usr/share/man/ro/man1/xz.1 +#usr/share/man/ro/man1/xzcat.1 +#usr/share/man/ro/man1/xzcmp.1 +#usr/share/man/ro/man1/xzdec.1 +#usr/share/man/ro/man1/xzdiff.1 +#usr/share/man/ro/man1/xzegrep.1 +#usr/share/man/ro/man1/xzfgrep.1 +#usr/share/man/ro/man1/xzgrep.1 +#usr/share/man/ro/man1/xzless.1 +#usr/share/man/ro/man1/xzmore.1 diff --git a/lfs/xz b/lfs/xz index 83a724e1a..1e4020dde 100644 --- a/lfs/xz +++ b/lfs/xz @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 5.2.8 +VER = 5.4.0
THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 44d1ddd783b2527f3b17481fc277b671808eb5639c10d31bfaca9fd29ac4413628654ecb9e207955a9477c83eb30f61cf5607cd9a49dd71732707731e4444ace +$(DL_FILE)_BLAKE2 = 8896044ae2761561161f4dcfc1e8e0bc6a58a2a7784567156b23e589cdb80028b37655af65802a20d2631ef05c209e406424f061c0293458a41b16dbf75a4f29
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 5.2.8 to 5.4.0
- Update of rootfile
- Changelog 5.4.0 (2022-12-13) This bumps the minor version of liblzma because new features were added. The API and ABI are still backward compatible with liblzma 5.2.x and 5.0.x. Since 5.3.5beta: * All fixes from 5.2.10. * The ARM64 filter is now stable. The xz option is now --arm64. Decompression requires XZ Utils 5.4.0. In the future the ARM64 filter will be supported by XZ for Java, XZ Embedded (including the version in Linux), LZMA SDK, and 7-Zip. * Translations: - Updated Catalan, Croatian, German, Romanian, and Turkish translations. - Updated German man page translations. - Added Romanian man page translations. Summary of new features added in the 5.3.x development releases: * liblzma: - Added threaded .xz decompressor lzma_stream_decoder_mt(). It can use multiple threads with .xz files that have multiple Blocks with size information in Block Headers. The threaded encoder in xz has always created such files. Single-threaded encoder cannot store the size information in Block Headers even if one used LZMA_FULL_FLUSH to create multiple Blocks, so this threaded decoder cannot use multiple threads with such files. If there are multiple Streams (concatenated .xz files), one Stream will be decompressed completely before starting the next Stream. - A new decoder flag LZMA_FAIL_FAST was added. It makes the threaded decompressor report errors soon instead of first flushing all pending data before the error location. - New Filter IDs: * LZMA_FILTER_ARM64 is for ARM64 binaries. * LZMA_FILTER_LZMA1EXT is for raw LZMA1 streams that don't necessarily use the end marker. - Added lzma_str_to_filters(), lzma_str_from_filters(), and lzma_str_list_filters() to convert a preset or a filter chain string to a lzma_filter[] and vice versa. These should make it easier to write applications that allow users to specify custom compression options. - Added lzma_filters_free() which can be convenient for freeing the filter options in a filter chain (an array of lzma_filter structures). - lzma_file_info_decoder() to makes it a little easier to get the Index field from .xz files. This helps in getting the uncompressed file size but an easy-to-use random access API is still missing which has existed in XZ for Java for a long time. - Added lzma_microlzma_encoder() and lzma_microlzma_decoder(). It is used by erofs-utils and may be used by others too. The MicroLZMA format is a raw LZMA stream (without end marker) whose first byte (always 0x00) has been replaced with bitwise-negation of the LZMA properties (lc/lp/pb). It was created for use in EROFS but may be used in other contexts as well where it is important to avoid wasting bytes for stream headers or footers. The format is also supported by XZ Embedded (the XZ Embedded version in Linux got MicroLZMA support in Linux 5.16). The MicroLZMA encoder API in liblzma can compress into a fixed-sized output buffer so that as much data is compressed as can be fit into the buffer while still creating a valid MicroLZMA stream. This is needed for EROFS. - Added lzma_lzip_decoder() to decompress the .lz (lzip) file format version 0 and the original unextended version 1 files. Also lzma_auto_decoder() supports .lz files. - lzma_filters_update() can now be used with the multi-threaded encoder (lzma_stream_encoder_mt()) to change the filter chain after LZMA_FULL_BARRIER or LZMA_FULL_FLUSH. - In lzma_options_lzma, allow nice_len = 2 and 3 with the match finders that require at least 3 or 4. Now it is internally rounded up if needed. - CLMUL-based CRC64 on x86-64 and E2K with runtime processor detection. On 32-bit x86 it currently isn't available unless --disable-assembler is used which can make the non-CLMUL CRC64 slower; this might be fixed in the future. - Building with --disable-threads --enable-small is now thread-safe if the compiler supports __attribute__((__constructor__)). * xz: - Using -T0 (--threads=0) will now use multi-threaded encoder even on a single-core system. This is to ensure that output from the same xz binary is identical on both single-core and multi-core systems. - --threads=+1 or -T+1 is now a way to put xz into multi-threaded mode while using only one worker thread. The + is ignored if the number is not 1. - A default soft memory usage limit is now used for compression when -T0 is used and no explicit limit has been specified. This soft limit is used to restrict the number of threads but if the limit is exceeded with even one thread then xz will continue with one thread using the multi-threaded encoder and this limit is ignored. If the number of threads is specified manually then no default limit will be used; this affects only -T0. This change helps on systems that have very many cores and using all of them for xz makes no sense. Previously xz -T0 could run out of memory on such systems because it attempted to reserve memory for too many threads. This also helps with 32-bit builds which don't have a large amount of address space that would be required for many threads. The default soft limit for -T0 is at most 1400 MiB on all 32-bit platforms. - Previously a low value in --memlimit-compress wouldn't cause xz to switch from multi-threaded mode to single-threaded mode if the limit cannot otherwise be met; xz failed instead. Now xz can switch to single-threaded mode and then, if needed, scale down the LZMA2 dictionary size too just like it already did when it was started in single-threaded mode. - The option --no-adjust no longer prevents xz from scaling down the number of threads as that doesn't affect the compressed output (only performance). Now --no-adjust only prevents adjustments that affect compressed output, that is, with --no-adjust xz won't switch from multi-threaded mode to single-threaded mode and won't scale down the LZMA2 dictionary size. - Added a new option --memlimit-mt-decompress=LIMIT. This is used to limit the number of decompressor threads (possibly falling back to single-threaded mode) but it will never make xz refuse to decompress a file. This has a system-specific default value because without any limit xz could end up allocating memory for the whole compressed input file, the whole uncompressed output file, multiple thread-specific decompressor instances and so on. Basically xz could attempt to use an insane amount of memory even with fairly common files. The system-specific default value is currently the same as the one used for compression with -T0. The new option works together with the existing option --memlimit-decompress=LIMIT. The old option sets a hard limit that must not be exceeded (xz will refuse to decompress) while the new option only restricts the number of threads. If the limit set with --memlimit-mt-decompress is greater than the limit set with --memlimit-compress, then the latter value is used also for --memlimit-mt-decompress. - Added new information to the output of xz --info-memory and new fields to the output of xz --robot --info-memory. - In --lzma2=nice=NUMBER allow 2 and 3 with all match finders now that liblzma handles it. - Don't mention endianness for ARM and ARM-Thumb filters in --long-help. The filters only work for little endian instruction encoding but modern ARM processors using big endian data access still use little endian instruction encoding. So the help text was misleading. In contrast, the PowerPC filter is only for big endian 32/64-bit PowerPC code. Little endian PowerPC would need a separate filter. - Added decompression support for the .lz (lzip) file format version 0 and the original unextended version 1. It is autodetected by default. See also the option --format on the xz man page. - Sandboxing enabled by default: * Capsicum (FreeBSD) * pledge(2) (OpenBSD) * Scripts now support the .lz format using xz. * A few new tests were added. * The liblzma-specific tests are now supported in CMake-based builds too ("make test"). 5.2.10 (2022-12-13) * xz: Don't modify argv[] when parsing the --memlimit* and --block-list command line options. This fixes confusing arguments in process listing (like "ps auxf"). * GNU/Linux only: Use __has_attribute(__symver__) to detect if that attribute is supported. This fixes build on Mandriva where Clang is patched to define __GNUC__ to 11 by default (instead of 4 as used by Clang upstream). 5.2.9 (2022-11-30) * liblzma: - Fixed an infinite loop in LZMA encoder initialization if dict_size >= 2 GiB. (The encoder only supports up to 1536 MiB.) - Fixed two cases of invalid free() that can happen if a tiny allocation fails in encoder re-initialization or in lzma_filters_update(). These bugs had some similarities with the bug fixed in 5.2.7. - Fixed lzma_block_encoder() not allowing the use of LZMA_SYNC_FLUSH with lzma_code() even though it was documented to be supported. The sync-flush code in the Block encoder was already used internally via lzma_stream_encoder(), so this was just a missing flag in the lzma_block_encoder() API function. - GNU/Linux only: Don't put symbol versions into static liblzma as it breaks things in some cases (and even if it didn't break anything, symbol versions in static libraries are useless anyway). The downside of the fix is that if the configure options --with-pic or --without-pic are used then it's not possible to build both shared and static liblzma at the same time on GNU/Linux anymore; with those options --disable-static or --disable-shared must be used too. * New email address for bug reports is xz@tukaani.org which forwards messages to Lasse Collin and Jia Tan.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/xz | 32 +++++++++++++++++++++++++++++++- lfs/xz | 6 +++--- 2 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index d2f1d44cc..1e4a43729 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,7 +41,7 @@ usr/bin/xzmore #usr/lib/liblzma.la usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.2.8 +usr/lib/liblzma.so.5.4.0 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS @@ -93,6 +93,9 @@ usr/lib/liblzma.so.5.2.8 #usr/share/man/de/man1/lzcat.1 #usr/share/man/de/man1/lzcmp.1 #usr/share/man/de/man1/lzdiff.1 +#usr/share/man/de/man1/lzegrep.1 +#usr/share/man/de/man1/lzfgrep.1 +#usr/share/man/de/man1/lzgrep.1 #usr/share/man/de/man1/lzless.1 #usr/share/man/de/man1/lzma.1 #usr/share/man/de/man1/lzmadec.1 @@ -104,6 +107,9 @@ usr/lib/liblzma.so.5.2.8 #usr/share/man/de/man1/xzcmp.1 #usr/share/man/de/man1/xzdec.1 #usr/share/man/de/man1/xzdiff.1 +#usr/share/man/de/man1/xzegrep.1 +#usr/share/man/de/man1/xzfgrep.1 +#usr/share/man/de/man1/xzgrep.1 #usr/share/man/de/man1/xzless.1 #usr/share/man/de/man1/xzmore.1 #usr/share/man/fr @@ -147,3 +153,27 @@ usr/lib/liblzma.so.5.2.8 #usr/share/man/man1/xzgrep.1 #usr/share/man/man1/xzless.1 #usr/share/man/man1/xzmore.1 +#usr/share/man/ro +#usr/share/man/ro/man1 +#usr/share/man/ro/man1/lzcat.1 +#usr/share/man/ro/man1/lzcmp.1 +#usr/share/man/ro/man1/lzdiff.1 +#usr/share/man/ro/man1/lzegrep.1 +#usr/share/man/ro/man1/lzfgrep.1 +#usr/share/man/ro/man1/lzgrep.1 +#usr/share/man/ro/man1/lzless.1 +#usr/share/man/ro/man1/lzma.1 +#usr/share/man/ro/man1/lzmadec.1 +#usr/share/man/ro/man1/lzmore.1 +#usr/share/man/ro/man1/unlzma.1 +#usr/share/man/ro/man1/unxz.1 +#usr/share/man/ro/man1/xz.1 +#usr/share/man/ro/man1/xzcat.1 +#usr/share/man/ro/man1/xzcmp.1 +#usr/share/man/ro/man1/xzdec.1 +#usr/share/man/ro/man1/xzdiff.1 +#usr/share/man/ro/man1/xzegrep.1 +#usr/share/man/ro/man1/xzfgrep.1 +#usr/share/man/ro/man1/xzgrep.1 +#usr/share/man/ro/man1/xzless.1 +#usr/share/man/ro/man1/xzmore.1 diff --git a/lfs/xz b/lfs/xz index 83a724e1a..1e4020dde 100644 --- a/lfs/xz +++ b/lfs/xz @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 5.2.8 +VER = 5.4.0
THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 44d1ddd783b2527f3b17481fc277b671808eb5639c10d31bfaca9fd29ac4413628654ecb9e207955a9477c83eb30f61cf5607cd9a49dd71732707731e4444ace +$(DL_FILE)_BLAKE2 = 8896044ae2761561161f4dcfc1e8e0bc6a58a2a7784567156b23e589cdb80028b37655af65802a20d2631ef05c209e406424f061c0293458a41b16dbf75a4f29
install : $(TARGET)
Reviewed-by: Peter Müller peter.mueller@ipfire.org
- Update from version 6.0.0 to 6.1.0
- Update of rootfile not required
- Changelog is only available from the commits in the git repositry https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
lfs/iproute2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/iproute2 b/lfs/iproute2 index 825b071c3..62d3483d9 100644 --- a/lfs/iproute2 +++ b/lfs/iproute2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 6.0.0 +VER = 6.1.0
THISAPP = iproute2-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1cfb9b5a7892dec2b35e0eadbd957083e95fdc5077a1aa193329801ff25f9ed90a1fc4152756547be1fab8fe18d9a399001a4c3a61e951f64946156af6a90bae +$(DL_FILE)_BLAKE2 = 38249703e0a9ba74405aebdb97560b286deefa959a9c3f0e0893962b6966f5da2da46199dda6a0f9584bb473f8ba529440643d97f66e9b7619df029e3091d163
install : $(TARGET)
-
Adolf Belka -
Peter Müller