- Update from version 1.14.4 to 1.14.6 - Update of rootfile - The Denial of service issue mentioned first in the changelog is not applicable to IPFire as the build is done without asserts enabled. - Changelog dbus 1.14.6 (2023-02-08) Denial of service fixes: • Fix an incorrect assertion that could be used to crash dbus-daemon or other users of DBusServer prior to authentication, if libdbus was compiled with assertions enabled. We recommend that production builds of dbus, for example in OS distributions, should be compiled with checks but without assertions. (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin) Other fixes: • When connected to a dbus-broker, stop dbus-monitor from incorrectly replying to Peer method calls that were sent to the dbus-broker with a NULL destination (dbus#301, Kai A. Hiller) • Fix out-of-bounds varargs read in the dbus-daemon's config-parser. This is not attacker-triggerable and appears to be harmless in practice, but is technically undefined behaviour and is detected as such by AddressSanitizer. (dbus!357, Evgeny Vereshchagin) • Avoid a data race in multi-threaded use of DBusCounter (dbus#426, Ralf Habacker) • Fix a crash with some glibc versions when non-auditable SELinux events are logged (dbus!386, Jeremi Piotrowski) • If dbus_message_demarshal() runs out of memory while validating a message, report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie) • Use C11 _Alignof if available, for better standards-compliance (dbus!389, Khem Raj) • Stop including an outdated copy of pkg.m4 in the git tree (dbus!365, Simon McVittie) • Documentation: · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan) • Tests fixes: · Fix the test-apparmor-activation test after dbus#416 (dbus!380, Dave Jones) Internal changes: • Fix CI builds with recent git versions (dbus#447, Simon McVittie)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/packages/dbus | 2 +- lfs/dbus | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/config/rootfiles/packages/dbus b/config/rootfiles/packages/dbus index 3f752c21e..01b1538b7 100644 --- a/config/rootfiles/packages/dbus +++ b/config/rootfiles/packages/dbus @@ -40,7 +40,7 @@ usr/bin/dbus-uuidgen #usr/lib/libdbus-1.la #usr/lib/libdbus-1.so usr/lib/libdbus-1.so.3 -usr/lib/libdbus-1.so.3.32.1 +usr/lib/libdbus-1.so.3.32.2 #usr/lib/pkgconfig/dbus-1.pc usr/libexec/dbus-daemon-launch-helper #usr/share/dbus-1 diff --git a/lfs/dbus b/lfs/dbus index 9aceceb08..7d123e4ef 100644 --- a/lfs/dbus +++ b/lfs/dbus @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = D-Bus Message Bus System
-VER = 1.14.4 +VER = 1.14.6
THISAPP = dbus-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dbus -PAK_VER = 8 +PAK_VER = 9
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 7da5cd8f09eaef7a64f35f8ccbeb81c5687b3fad02d6ac05dd4c232e0f731dbcf4c76c36b615e6216815c8f8631bf9cb32543665440153a1199b1b35922cdda4 +$(DL_FILE)_BLAKE2 = c3b8a3bc455a65eb4c561fc701547760c4236912d9caf29822547c7ac4a5852d951c2a484e5eb0435f9d40dfa131e28b7243d5350318ea212aac7c28670ab355
install : $(TARGET)
- Update from version 2.12.1 to 2.13.0 - Update of rootfile - Changelog CHANGES BETWEEN 2.12.1 and 2.13.0 (2023-Feb-09) I. IMPORTANT CHANGES - The demo program `ftinspect` has been completely updated and much enhanced. It now combines the functionality of almost all other graphical FreeType demo programs into a single application based on the Qt framework. This was Charlie Jiang's GSoC 2022 project. - The 'COLR' v1 API is now considered as stable. https://learn.microsoft.com/en-us/typography/opentype/spec/colr III. MISCELLANEOUS - For OpenType Variable Fonts, `avar` table format 2.0 is now supported. The code was contributed by Behdad Esfahbod. Note that this is an extension supported on recent Apple platforms and by HarfBuzz, but not yet in the OpenType standard! See https://github.com/harfbuzz/boring-expansion-spec/blob/main/avar2.md for the specification. To deactivate it, define the configuration macro 'TT_CONFIG_OPTION_NO_BORING_EXPANSION'. - A new API `FT_GlyphSlot_Slant` to slant a glyph by a given angle has been added. Note that this function is part of `ftsynth.h`, which is still considered to be in alpha stage. - TrueType interpreter version 38 (also known as 'Infinality') that was first introduced about 10 years ago in FreeType 2.4.11 is now deprecated and slated to be removed in the next version. TrueType interpreter version 40 has been FreeType's default version for six years now and provides an excellent alternative. This is the last FreeType version with TT_INTERPRETER_VERSION_38 and TT_INTERPRETER_VERSION_40 treated differently. - The only referenced but never documented configuration macro `FT_CONFIG_OPTION_NO_GLYPH_NAMES` has been removed. - The `ftbench` demo program got a new command line option `-e` to set a charmap index. - Specifying a point size is now optional for the demo programs `ftgrid`, `ftmulti`, `ftstring`, and `ftview`. If not given, a default size is used. - For `ftgrid`, `ftstring`, and `ftview`, option `-e` now also accepts a numeric value to set a charmap index. - In `ftstring`, it is now possible to set the displayed text interactively by pressing the 'Enter' key. - `ftmulti` can now handle up to 16 design axes. - To avoid reserved identifiers that are globally defined, the auto-hinter debugging macros (which are only available if `FT_DEBUG_AUTOFIT` is defined) ``` _af_debug_disable_horz_hints _af_debug_disable_vert_hints _af_debug_disable_blue_hints _af_debug_hints ``` have been renamed to ``` af_debug_disable_horz_hints_ af_debug_disable_vert_hints_ af_debug_disable_blue_hints_ af_debug_hints_ ```
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/freetype | 2 +- lfs/freetype | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/config/rootfiles/common/freetype b/config/rootfiles/common/freetype index e7d8e9ff9..d42345cc9 100644 --- a/config/rootfiles/common/freetype +++ b/config/rootfiles/common/freetype @@ -60,7 +60,7 @@ #usr/lib/libfreetype.la #usr/lib/libfreetype.so usr/lib/libfreetype.so.6 -usr/lib/libfreetype.so.6.18.3 +usr/lib/libfreetype.so.6.19.0 #usr/lib/pkgconfig/freetype2.pc #usr/share/aclocal/freetype2.m4 #usr/share/man/man1/freetype-config.1 diff --git a/lfs/freetype b/lfs/freetype index 5233f7bb8..22ba9b4a4 100644 --- a/lfs/freetype +++ b/lfs/freetype @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.12.1 +VER = 2.13.0
THISAPP = freetype-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c4737dc0c6e44e0a911545d604fdb2e8e8b3f5185d3f5dfe4e4561ee2d75b3e5a31afcbb2089306fec4b31ba10324a6ec6499c3735b2b7591c71e96fee4ed278 +$(DL_FILE)_BLAKE2 = 11aac3cddb3e71cc0e6a616ed609294d6641aa0011842aa8230eace826955883aca0063331660025be14582b44aa189718ce21e0e5193a66bb5d7cffa1d0fb7f
install : $(TARGET)
- Update from version 20221108 to 20230214 - Update of rootfile - Changelog - details can be found in the releasenote.md file in the source tarball
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/x86_64/intel-microcode | 7 +++++++ lfs/intel-microcode | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode index cb45f6558..2d4f8f8c3 100644 --- a/config/rootfiles/common/x86_64/intel-microcode +++ b/config/rootfiles/common/x86_64/intel-microcode @@ -95,6 +95,11 @@ lib/firmware/intel-ucode/06-8e-09 lib/firmware/intel-ucode/06-8e-0a lib/firmware/intel-ucode/06-8e-0b lib/firmware/intel-ucode/06-8e-0c +lib/firmware/intel-ucode/06-8f-04 +lib/firmware/intel-ucode/06-8f-05 +lib/firmware/intel-ucode/06-8f-06 +lib/firmware/intel-ucode/06-8f-07 +lib/firmware/intel-ucode/06-8f-08 lib/firmware/intel-ucode/06-96-01 lib/firmware/intel-ucode/06-97-02 lib/firmware/intel-ucode/06-97-05 @@ -113,6 +118,8 @@ lib/firmware/intel-ucode/06-a6-00 lib/firmware/intel-ucode/06-a6-01 lib/firmware/intel-ucode/06-a7-01 lib/firmware/intel-ucode/06-b7-01 +lib/firmware/intel-ucode/06-ba-02 +lib/firmware/intel-ucode/06-ba-03 lib/firmware/intel-ucode/06-bf-02 lib/firmware/intel-ucode/06-bf-05 lib/firmware/intel-ucode/0f-00-07 diff --git a/lfs/intel-microcode b/lfs/intel-microcode index 1d4204231..fb7be5fe4 100644 --- a/lfs/intel-microcode +++ b/lfs/intel-microcode @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 20221108 +VER = 20230214
THISAPP = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e149e001656f45e8da9a83817a6f83fc6663edbfc8a98b27ab4f9d326f0999921aea03f1ea3628d35978ad5534e017f2d394d1d00d0c992aee54a539a582abf2 +$(DL_FILE)_BLAKE2 = d98d054a8cfd66e3d0549d1e8f4a4745cad342d45f36a82d2f2f51fedc29635125fdad95ee4970069e134facc1ab3092b97837c6f8744ffedf220a5d3d022dd5
install : $(TARGET)
- Update from version 1.9.12p2 to 1.9.13 - Update of rootfile - Changelog What's new in Sudo 1.9.13 * Fixed a bug running relative commands via sudo when "log_subcmds" is enabled. GitHub issue #194. * Fixed a signal handling bug when running sudo commands in a shell script. Signals were not being forwarded to the command when the sudo process was not run in its own process group. * Fixed a bug in cvtsudoers' LDIF parsing when the file ends without a newline and a backslash is the last character of the file. * Fixed a potential use-after-free bug with cvtsudoers filtering. GitHub issue #198. * Added a reminder to the default lecture that the password will not echo. This line is only displayed when the pwfeedback option is disabled. GitHub issue #195. * Fixed potential memory leaks in error paths. GitHub issues #199, #202. * Fixed potential NULL dereferences on memory allocation failure. GitHub issues #204, #211. * Sudo now uses C23-style attributes in function prototypes instead of gcc-style attributes if supported. * Added a new "list" pseudo-command in sudoers to allow a user to list another user's privileges. Previously, only root or a user with the ability to run any command as either root or the target user on the current host could use the -U option. This also includes a fix to the log entry when a user lacks permission to run "sudo -U otheruser -l command". Previously, the logs would indicate that the user tried to run the actual command, now the log entry includes the list operation. * JSON logging now escapes control characters if they happen to appear in the command or environment. * New Albanian translation from translationproject.org. * Regular expressions in sudoers or logsrvd.conf may no longer contain consecutive repetition operators. This is implementation- specific behavior according to POSIX, but some implementations will allocate excessive amounts of memory. This mainly affects the fuzzers. * Sudo now builds AIX-style shared libraries and dynamic shared objects by default instead of svr4-style. This means that the default sudo plugins are now .a (archive) files that contain a .so shared object file instead of bare .so files. This was done to improve compatibility with the AIX Freeware ecosystem, specifically, the AIX Freeware build of OpenSSL. Sudo will still load svr4-style .so plugins and if a .so file is requested, either via sudo.conf or the sudoers file, and only the .a file is present, sudo will convert the path from plugin.so to plugin.a(plugin.so) when loading it. This ensures compatibility with existing configurations. To restore the old, pre-1.9.13 behavior, run configure using the --with-aix-soname=svr4 option. * Sudo no longer checks the ownership and mode of the plugins that it loads. Plugins are configured via either the sudo.conf or sudoers file which are trusted configuration files. These checks suffered from time-of-check vs. time-of-use race conditions and complicate loading plugins that are not simple paths. Ownership and mode checks are still performed when loading the sudo.conf and sudoers files, which do not suffer from race conditions. The sudo.conf "developer_mode" setting is no longer used. * Control characters in sudo log messages and "sudoreplay -l" output are now escaped in octal format. Space characters in the command path are also escaped. Command line arguments that contain spaces are surrounded by single quotes and any literal single quote or backslash characters are escaped with a backslash. This makes it possible to distinguish multiple command line arguments from a single argument that contains spaces. * Improved support for DragonFly BSD which uses a different struct procinfo than either FreeBSD or 4.4BSD. * Fixed a compilation error on Linux arm systems running older kernels that may not define EM_ARM in linux/elf-em.h. GitHub issue #232. * Fixed a compilation error when LDFLAGS contains -Wl,--no-undefined. Sudo will now link using -Wl,--no-undefined by default if possible. GitHub issue #234. * Fixed a bug executing a command with a very long argument vector when "log_subcmds" or "intercept" is enabled on a system where "intercept_type" is set to "trace". GitHub issue #194. * When sudo is configured to run a command in a pseudo-terminal but the standard input is not connected to a terminal, the command will now be run as a background process. This works around a problem running sudo commands in the background from a shell script where changing the terminal to raw mode could interfere with the interactive shell that ran the script. GitHub issue #237. * A missing include file in sudoers is no longer a fatal error unless the error_recovery plugin argument has been set to false.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/sudo | 2 ++ lfs/sudo | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/config/rootfiles/common/sudo b/config/rootfiles/common/sudo index 43b8f7127..9c8be9974 100644 --- a/config/rootfiles/common/sudo +++ b/config/rootfiles/common/sudo @@ -79,6 +79,7 @@ usr/sbin/visudo #usr/share/locale/ja/LC_MESSAGES/sudo.mo #usr/share/locale/ja/LC_MESSAGES/sudoers.mo #usr/share/locale/ka/LC_MESSAGES/sudo.mo +#usr/share/locale/ka/LC_MESSAGES/sudoers.mo #usr/share/locale/ko/LC_MESSAGES/sudo.mo #usr/share/locale/ko/LC_MESSAGES/sudoers.mo #usr/share/locale/lt/LC_MESSAGES/sudoers.mo @@ -101,6 +102,7 @@ usr/sbin/visudo #usr/share/locale/sk/LC_MESSAGES/sudoers.mo #usr/share/locale/sl/LC_MESSAGES/sudo.mo #usr/share/locale/sl/LC_MESSAGES/sudoers.mo +#usr/share/locale/sq/LC_MESSAGES/sudo.mo #usr/share/locale/sr/LC_MESSAGES/sudo.mo #usr/share/locale/sr/LC_MESSAGES/sudoers.mo #usr/share/locale/sv/LC_MESSAGES/sudo.mo diff --git a/lfs/sudo b/lfs/sudo index ddcddf225..c94796f6a 100644 --- a/lfs/sudo +++ b/lfs/sudo @@ -24,7 +24,7 @@
include Config
-VER = 1.9.12p2 +VER = 1.9.13
THISAPP = sudo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 79eac710b757acae7aa98e6e6f495a475e5236be456e4687fb1441345ee296672ff80a5a60902cffcd257aa81a01fbc3857f3c52e51bb46f56c060fd299e0c05 +$(DL_FILE)_BLAKE2 = a923879920ac5a3c71e6e898ecc9c1194f26ea5e0ac109a6163fbbdea02724bb0bc126cdd7ea0be2470febc4f978b00519adb2fbc2952706cd47bebcd48447aa
install : $(TARGET)
-
Adolf Belka