[PATCH] ddrescue: Update to version 1.29

List overview All Threads
Download

newer

older

Fwd: [FAILED] Nightly Build of...

[PATCH] flac: Update to version...

Adolf Belka

22 Jan 2025 22 Jan '25

12:43 p.m.

- Update from version 1.28 to 1.29 - Update of rootfile not required - Changelog 1.29 The new option '--continue-on-errno' has been added. If ddrescue exits because of a fatal read error, it now prints the value of the variable 'errno' so that it can be used as argument to '--continue-on-errno'. When using '--ask' and '--verbose', print rescue options before asking user. Option '--log-reads' now records the value of errno if different from EIO. (The four changes above suggested by Christian Franke). The effect of option '-O, --reopen-on-error' has been extended to all phases. It has been documented in the manual that '--reopen-on-error' may be needed when using '--continue-on-errno'. A compilation error on FiwixOS 3.3 about an ambiguous call to std::abs has been fixed. (Reported by Jordi Sanfeliu). The chapter 'Syntax of command-line arguments' has been added to the manual. Two examples of combined use with lziprecover have been added to the manual. (One of them uses the new Forward Error Correction (FEC) feature of lziprecover). It has been documented in the manual that option '-b' of ddrescuelog is position dependent. (Reported by Winston B. E.).

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/ddrescue | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lfs/ddrescue b/lfs/ddrescue index 9d1c08fe2..8320751ae 100644 --- a/lfs/ddrescue +++ b/lfs/ddrescue @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config

SUMMARY = Data Copying in the Presence of I/O Errors

-VER = 1.28 +VER = 1.29

THISAPP = ddrescue-$(VER) DL_FILE = $(THISAPP).tar.lz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = ddrescue -PAK_VER = 4 +PAK_VER = 5

DEPS =

@@ -48,7 +48,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 8c212f0d495e0df8e0398b97730c812ea9ccb77bd42e730198222e9918e3652fc52d932449b1e0dc9bdd453a123e2450c962e33e98d9845ce81b9a934a5bbdaa +$(DL_FILE)_BLAKE2 = 88eab69f2296464859dc8720930f28f6bc32aa694649e15a99dcd9dfd63ed8ba845d7af347e8b1ee90e954f8317888ec0f2cd90ec98994a7d2b4d654a31adbfc

install : $(TARGET)

-- 2.48.1

Show replies by date

Adolf Belka

22 Jan 22 Jan

12:43 p.m.

New subject: [PATCH] fontconfig: Update to version 2.16.0

- Update from version 2.15.0 to 2.16.0 - Update of rootfile - Changelog 2.16.0 Publish docs to GitLab pages doc: default index for fontconfig-devel to index.html Update URLs for docs doc: Fix a typo of the summary for FcFontSetSort Clean up .uuid files with fc-cache -f too Fix undesired unref of FcConfig on Win32 meson.build: Fix a typo in POT names meson.build: Add missing --msgid-bugs-address Sort out bitmap related config files Add test cases for 70-no-bitmap-and-emoji.conf and 70-no-bitmap-except-emoji.conf meson: Add missing checkup Add a missing dependency for CI on FreeBSD meson: try to figure out libintl dependency ci: Fix a typo in build script ci: Add config.log for artifacts ci: Add missing dependencies ci: Disable cache update meson: Fix build fail with NLS enabled on BSD meson: Add libxml2 support ci: Add libxml2 build for meson meson: Workaround an exception ci: Workaround an error with libxml2 on Android meson: Add iconv checkup for all platforms Fix incompatible pointer type on MinGW meson: Use c_shared_args to take care of --default-library=both on Win32 ci: Fix a typo ci: disable iconv for MSVC ci: build with expat on MSVC doc: Use sans-serif instead of sans Do not add merge commits into NEWS file doc: Fix a typo meson: Enable run-test.sh for non-Win32 test/wrapper-script.sh: don't add a path when executable already has a path name. meson: Add missing the unit testing with json-c test-conf: Fix compiler warnings Fix test case for reproducible builds ci: Use md5 if md5sum isn't available. ci: normalize path to avoid miscalculation of cache name ci: Add Fedora 40 and remove Fedora 38 More information when no writable cache directories Fix a memory leak in _get_real_paths_from_prefix Set FcTypeVoid if no valid types to convert Add FcConfigSetFontSetFilter Improve hinting detection for fonthashint object Accept integer for pixelsize Fix a memory leak in fc-list/fc-query/fc-scan Add got.orth for Gothic language Add cop.orth for Coptic language Add foreign automake option to avoid an error on autotools bootstrap ci: rebase ci-templates ci: Add Fedora 41 and drop 39 ci: run check-merge-request on merge request pipelines only ci: Add FreeBSD 14.1 and drop 13.2 ci: build mingw on f40 only meson: Add install_tag for install targets meson: Add docs into dist meson: Add autotools files into dist doc: generate fontconfig-devel.html as one big file ci: Fix a fail on pages deployment ci: Fix pages deployment again fc-case: Correct the license header of fccase.h Use proper postscriptname for named instance if any Replace hardcoded path in man pages to url link Allow comma as a delimiter in postscriptname and ignore it on matching Deal with glob string properly Another fix of glob string for Win32 ci: Enable meson dist Fix misleading-indentation warning Bump the libtool version Do not prefix cache_base with a "/". Doing so will lead to FcStrBuildFilename() composing paths that contain double slashes, e.g. in FcDirCacheProcess(). If FcDirCacheBasenameMD5() returns a cache_base that is prefixed with a "/", the call to FcStrBuildFilename() in FcDirCacheProcess() will compose a path that contains double slashes and this double-slashed path will then be passed to FcDirCacheOpenFile(). This won't cause any harm on Linux because Linux just ignores multiple slashes in paths but on other operating systems multiple slashes in paths are not allowed so FcDirCacheOpenFile() will fail on those platforms because of the double slash in the path. Fix qsort nullpointer issue Fix FcSerialize null pointer usage meson: fix config relocation on Windows Fix invalid escape character \s Remove redundant leaf assignment in fcfreetype.c Move Mac OS image to an up-to-date Mac OS 15 Sequoia image on ARM Update Windows image to gstreamer image from stable Allow building Rust targets in CI [Fontations] Build bindgen targets, basic Rust test Refactor exclusive language logic into separate file meson: added default font dirs for android Unlock on allocation failure in FcCacheInsert Ensure config is locked during retry in FcConfigReference Fix wording in README.md build: detect-and-use `-lm` for `fabs` in fcmatch fontconfig: mark _FcPatternIter as may_alias Meson: Fix build with clang-cl by using cc.preprocess() meson: Add missing dep on generated header

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/fontconfig | 4 +++- lfs/fontconfig | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/fontconfig b/config/rootfiles/common/fontconfig index 50d503ed8..713fda601 100644 --- a/config/rootfiles/common/fontconfig +++ b/config/rootfiles/common/fontconfig @@ -39,7 +39,7 @@ usr/bin/fc-validate #usr/lib/libfontconfig.la #usr/lib/libfontconfig.so usr/lib/libfontconfig.so.1 -usr/lib/libfontconfig.so.1.12.1 +usr/lib/libfontconfig.so.1.15.0 #usr/lib/pkgconfig/fontconfig.pc #usr/share/fontconfig #usr/share/fontconfig/conf.avail @@ -80,6 +80,8 @@ usr/lib/libfontconfig.so.1.12.1 #usr/share/fontconfig/conf.avail/65-khmer.conf #usr/share/fontconfig/conf.avail/65-nonlatin.conf #usr/share/fontconfig/conf.avail/69-unifont.conf +#usr/share/fontconfig/conf.avail/70-no-bitmaps-and-emoji.conf +#usr/share/fontconfig/conf.avail/70-no-bitmaps-except-emoji.conf #usr/share/fontconfig/conf.avail/70-no-bitmaps.conf #usr/share/fontconfig/conf.avail/70-yes-bitmaps.conf #usr/share/fontconfig/conf.avail/80-delicious.conf diff --git a/lfs/fontconfig b/lfs/fontconfig index 318d643b0..6b7af145a 100644 --- a/lfs/fontconfig +++ b/lfs/fontconfig @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 2.15.0 +VER = 2.16.0 SUMMARY = Library for configuring and customizing font access

THISAPP = fontconfig-$(VER) @@ -41,7 +41,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 17c85fddc4ab84111c4f50afb89ecd8792c3aeaa2690b38fd39fca6f6cece69e9ce0cd3af8a2e54968c79ad1f9bee1e444699a13c068d9dfd3dfe1212ff37533 +$(DL_FILE)_BLAKE2 = 48d6fcbfe83f0a4c026a4f90d864a4195805e04cc6dd486bd18d68caa8b55fd51fc37822781298152d363b70dc103c9f8b216f6dc0193b2b192eb35565482ec4

install : $(TARGET)

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] gdb: Update to version 16.1

- Update from version 15.2 to 16.1 - Update of rootfile - Changelog 16.1 * Support for Nios II targets has been removed as this architecture has been EOL'ed by Intel. * GDB now supports watchpoints for tagged data pointers (see https://en.wikipedia.org/wiki/Tagged_pointer) on amd64, such as the one used by the Linear Address Masking (LAM) feature provided by Intel. * Debugging support for Intel MPX has been removed. This includes the removal of ** MPX register support ** the commands "show/set mpx bound" (deprecated since GDB 15) ** i386 and amd64 implementation of the hooks report_signal_info and get_siginfo_type. * GDB now supports printing of asynchronous events from the Intel Processor Trace during 'record instruction-history', 'record function-call-history' and all stepping commands. This can be controlled with the new "set record btrace pt event-tracing" command. * GDB now supports printing of ptwrite payloads from the Intel Processor Trace during 'record instruction-history', 'record function-call-history' and all stepping commands. The payload is also accessible in Python as a RecordAuxiliary object. Printing is customizable via a ptwrite filter function in Python. By default, the raw ptwrite payload is printed for each ptwrite that is encountered. * For breakpoints that are created in the 'pending' state, any 'thread' or 'task' keywords are parsed at the time the breakpoint is created, rather than at the time the breakpoint becomes non-pending. * Thread-specific breakpoints are only inserted into the program space in which the thread of interest is running. In most cases program spaces are unique for each inferior, so this means that thread-specific breakpoints will usually only be inserted for the inferior containing the thread of interest. The breakpoint will be hit no less than before. * For ARM targets, the offset of the pc in the jmp_buf has been fixed to match glibc 2.20 and later. This should only matter when not using libc probes. This may cause breakage when using an incompatible libc, like uclibc or newlib, or an older glibc. * MTE (Memory Tagging Extension) debugging is now supported on AArch64 baremetal targets. * Remove support (native and remote) for QNX Neutrino (triplet `i[3456]86-*-nto*`). * In a record session, when a forward emulation reaches the end of the reverse history, the warning message has been changed to indicate that the end of the history has been reached. It also specifies that the forward execution can continue, and the recording will also continue. * The Ada 'Object_Size attribute is now supported. * Support for process record/replay and reverse debugging on loongarch*-linux* targets has been added. * New bash script gstack uses GDB to print stack traces of running processes. * Python API ** Added gdb.record.clear. Clears the trace data of the current recording. This forces re-decoding of the trace for successive commands. ** Added the new event source gdb.tui_enabled. ** New module gdb.missing_objfile that facilitates dealing with missing objfiles when opening a core-file. ** New function gdb.missing_objfile.register_handler that can register an instance of a sub-class of gdb.missing_debug.MissingObjfileHandler as a handler for missing objfiles. ** New class gdb.missing_objfile.MissingObjfileHandler which can be sub-classed to create handlers for missing objfiles. ** The 'signed' argument to gdb.Architecture.integer_type() will no longer accept non-bool types. ** The gdb.MICommand.installed property can only be set to True or False. ** The 'qualified' argument to gdb.Breakpoint constructor will no longer accept non-bool types. ** Added the gdb.Symbol.is_artificial attribute. * Debugger Adapter Protocol changes ** The "scopes" request will now return a scope holding global variables from the stack frame's compilation unit. ** The "scopes" request will return a "returnValue" scope holding the return value from the latest "stepOut" command, when appropriate. ** The "launch" and "attach" requests were rewritten in accordance with some clarifications to the spec. Now they can be sent at any time after the "initialized" event, but will not take effect (or send a response) until after the "configurationDone" request has been sent. ** The "variables" request will not return artificial symbols. * New commands show jit-reader-directory Show the name of the directory that "jit-reader-load" uses for relative file names. set style line-number foreground COLOR set style line-number background COLOR set style line-number intensity VALUE Control the styling of line numbers printed by GDB. set style command foreground COLOR set style command background COLOR set style command intensity VALUE Control the styling of GDB commands when displayed by GDB. set style title foreground COLOR set style title background COLOR set style title intensity VALUE This style now applies to the header line of lists, for example the first line of the output of "info breakpoints". Previous uses of this style have been replaced with the new "command" style. set warn-language-frame-mismatch [on|off] show warn-language-frame-mismatch Control the warning that is emitted when specifying a language that does not match the current frame's language. maintenance info inline-frames [ADDRESS] New command which displays GDB's inline-frame information for the current address, or for ADDRESS if specified. The output identifies inlined frames which start at the specified address. maintenance info blocks [ADDRESS] New command which displays information about all of the blocks at ADDRESS, or at the current address if ADDRESS is not given. Blocks are listed starting at the inner global block out to the most inner block. info missing-objfile-handlers List all the registered missing-objfile handlers. enable missing-objfile-handler LOCUS HANDLER disable missing-objfile-handler LOCUS HANDLER Enable or disable a missing-objfile handler with a name matching the regular expression HANDLER, in LOCUS. LOCUS can be 'global' to operate on global missing-objfile handler, 'progspace' to operate on handlers within the current program space, or can be a regular expression which is matched against the filename of the primary executable in each program space. * Changed commands remove-symbol-file This command now supports file-name completion. remove-symbol-file -a ADDRESS The ADDRESS expression can now be a full expression consisting of multiple terms, e.g. 'function + 0x1000' (without quotes), previously only a single term could be given. target core target exec target tfile target ctf compile file maint print c-tdesc save gdb-index These commands now require their filename argument to be quoted if it contains white space or quote characters. If the argument contains no such special characters then quoting is not required. maintenance print remote-registers Add an "Expedited" column to the output of the command. It indicates which registers were included in the last stop reply packet received by GDB. show configuration Now includes the version of GNU Readline library that GDB is using. * New remote packets vFile:stat Return information about files on the remote system. Like vFile:fstat but takes a filename rather than an open file descriptor. x addr,length Given ADDR and LENGTH, fetch LENGTH units from the memory at address ADDR and send the fetched data in binary format. This packet is equivalent to 'm', except that the data in the response are in binary format.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/gdb | 13 +++++++------ lfs/gdb | 6 +++--- 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/config/rootfiles/common/gdb b/config/rootfiles/common/gdb index d74a65b71..dc189b90e 100644 --- a/config/rootfiles/common/gdb +++ b/config/rootfiles/common/gdb @@ -2,14 +2,11 @@ #usr/bin/gdb #usr/bin/gdb-add-index #usr/bin/gdbserver -#usr/bin/run +#usr/bin/gstack #usr/include/gdb #usr/include/gdb/jit-reader.h #usr/include/sim #usr/lib/libinproctrace.so -#usr/include/sim/callback.h -#usr/include/sim/sim.h -#usr/lib/libsim.a #usr/share/gdb/python #usr/share/gdb/python/gdb #usr/share/gdb/python/gdb/FrameDecorator.py @@ -19,7 +16,7 @@ #usr/share/gdb/python/gdb/command/__init__.py #usr/share/gdb/python/gdb/command/explore.py #usr/share/gdb/python/gdb/command/frame_filters.py -#usr/share/gdb/python/gdb/command/missing_debug.py +#usr/share/gdb/python/gdb/command/missing_files.py #usr/share/gdb/python/gdb/command/pretty_printers.py #usr/share/gdb/python/gdb/command/prompt.py #usr/share/gdb/python/gdb/command/type_printers.py @@ -33,6 +30,7 @@ #usr/share/gdb/python/gdb/dap/evaluate.py #usr/share/gdb/python/gdb/dap/events.py #usr/share/gdb/python/gdb/dap/frames.py +#usr/share/gdb/python/gdb/dap/globalvars.py #usr/share/gdb/python/gdb/dap/io.py #usr/share/gdb/python/gdb/dap/launch.py #usr/share/gdb/python/gdb/dap/locations.py @@ -56,11 +54,13 @@ #usr/share/gdb/python/gdb/function/caller_is.py #usr/share/gdb/python/gdb/function/strfns.py #usr/share/gdb/python/gdb/missing_debug.py +#usr/share/gdb/python/gdb/missing_files.py +#usr/share/gdb/python/gdb/missing_objfile.py #usr/share/gdb/python/gdb/printer #usr/share/gdb/python/gdb/printer/__init__.py -#usr/share/gdb/python/gdb/printer/bound_registers.py #usr/share/gdb/python/gdb/printing.py #usr/share/gdb/python/gdb/prompt.py +#usr/share/gdb/python/gdb/ptwrite.py #usr/share/gdb/python/gdb/styling.py #usr/share/gdb/python/gdb/types.py #usr/share/gdb/python/gdb/unwinder.py @@ -102,4 +102,5 @@ #usr/share/man/man1/gdb-add-index.1 #usr/share/man/man1/gdb.1 #usr/share/man/man1/gdbserver.1 +#usr/share/man/man1/gstack.1 #usr/share/man/man5/gdbinit.5 diff --git a/lfs/gdb b/lfs/gdb index ab16e3db5..8518ae6af 100644 --- a/lfs/gdb +++ b/lfs/gdb @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 15.2 +VER = 16.1

THISAPP = gdb-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 073668c21b41f12bf40160c6d3df808056453cc9df3b5b86374abe38e955d208f86467458b7e64b3c3e93d70b7f87425619778173fdb375256cd85be15419f14 +$(DL_FILE)_BLAKE2 = d1907a4abffda663e3d383959ee18e1ef91fe913c378cf9681bdf5810bf7e7f065236f722564fd77eebf15700751fed1cef58c25cd0c0c44d1d9a416809f6a66

install : $(TARGET)

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] git: Update to version 2.48.1

- Update from version 2.46.0 to 2.48.1 - Update of rootfile - Changelog 2.48.1 This release merges up the fix that appears in v2.40.4, v2.41.3, v2.42.4, v2.43.6, v2.44.3, v2.45.3, v2.46.3, and v2.47.2 to address the security issues CVE-2024-50349 and CVE-2024-52006; see the release notes for these versions for details. 2.48.0 UI, Workflows & Features * A new configuration variable remote.<name>.serverOption makes the transport layer act as if the --serverOption=<value> option is given from the command line. * "git rebase --rebase-merges" now uses branch names as labels when able. * Describe the policy to introduce breaking changes. * Teach 'git notes add' and 'git notes append' a new '-e' flag, instructing them to open the note in $GIT_EDITOR before saving. * Documentation for "git bundle" saw improvements to more prominently call out the use of '--all' when creating bundles. * Drop support for older libcURL and Perl. * End-user experience of "git mergetool" when the command errors out has been improved. * "git bundle --unbundle" and "git clone" running on a bundle file both learned to trigger fsck over the new objects with configurable fck check levels. * When "git fetch $remote" notices that refs/remotes/$remote/HEAD is missing and discovers what branch the other side points with its HEAD, refs/remotes/$remote/HEAD is updated to point to it. * "git fetch" honors "remote.<remote>.followRemoteHEAD" settings to tweak the remote-tracking HEAD in "refs/remotes/<remote>/HEAD". * "git range-diff" learned to optionally show and compare merge commits in the ranges being compared, with the --diff-merges option. Performance, Internal Implementation, Development Support etc. * Document "amlog" notes. * The way AsciiDoc is used for SYNOPSIS part of the manual pages has been revamped. The sources, at least for the simple cases, got vastly more pleasant to work with. * The reftable library is now prepared to expect that the memory allocation function given to it may fail to allocate and to deal with such an error. * An extra worktree attached to a repository points at each other to allow finding the repository from the worktree (and vice versa) possible. Use relative paths for this linkage. * Enable Windows-based CI in GitLab. * Commands that can also work outside Git have learned to take the repository instance "repo" when we know we are in a repository, and NULL when we are not, in a parameter. The uses of the_repository variable in a few of them have been removed using the new calling convention. * The reftable sub-system grew a new reftable-specific strbuf replacement to reduce its dependency on Git-specific data structures. * The ref-filter machinery learns to recognize and avoid cases where sorting would be redundant. * Various platform compatibility fixes split out of the larger effort to use Meson as the primary build tool. * Treat ECONNABORTED the same as ECONNRESET in 'git credential-cache' to work around a possible Cygwin regression. This resolves a race condition caused by changes in Cygwin's handling of socket closures, allowing the client to exit cleanly when encountering ECONNABORTED. * Demonstrate an assertion failure in 'git mv'. * Documentation update to clarify that 'uploadpack.allowAnySHA1InWant' implies both 'allowTipSHA1InWant' and 'allowReachableSHA1InWant'. * Replace various calls to atoi() with strtol_i() and strtoul_ui(), and add improved error handling. * Documentation updates to 'git-update-ref(1)'. * Update the project's CodingGuidelines to discourage naming functions with a "_1()" suffix. * Update '.clang-format' to match project conventions. * Centralize documentation for repository extensions into a single place. * Buildfix and upgrade of Clar to a newer version. * Documentation mark-up updates. * Renaming a handful of variables and structure fields. * Fix for clar unit tests to support CMake build. * C23 compatibility updates. * GCC 15 compatibility updates. * We now ensure "index-pack" is used with the "--promisor" option only during a "git fetch". * The migration procedure between two ref backends has been optimized. * "git fsck" learned to issue warnings on "curiously formatted" ref contents that have always been treated as valid but that Git wouldn't have written itself (e.g., missing terminating end-of-line after the full object name). * Work around Coverity warning that would not trigger in practice. * Built-in Git subcommands are supplied the repository object to work with; they learned to do the same when they invoke sub-subcommands. * Drop support for ancient environments in various CI jobs. * Isolate the reftable subsystem from the rest of Git's codebase by using fewer pieces of Git's infrastructure. * Optimize reading random references out of the reftable backend by allowing reuse of iterator objects. * Backport oss-fuzz tests to our codebase. * Introduce a new repository extension to prevent older Git versions from mis-interpreting worktrees created with relative paths. * Yet another "pass the repository through the callchain" topic. * "git describe" learned to stop digging the history needlessly deeper. * Build procedure update plus introduction of Meson based builds. * Recent reftable updates mistook a NULL return from a request for 0-byte allocation as OOM and died unnecessarily, which has been corrected. * Reftable backend adds check for upper limit of log's update_index. * Start working to make the codebase buildable with -Wsign-compare. * Regression fix for 'show-index' when run outside of a repository. * The meson-build procedure is integrated into CI to catch and prevent bitrotting. * "git refs migrate" learned to also migrate the reflog data across backends. * The developer documentation has been updated to give the latest info on gitk and git-gui maintainer. * CI jobs that run threaded programs under LSan has been giving false positives from time to time, which has been worked around. * Doc update to clarify how periodical maintenance are scheduled, spread across time to avoid thundering herds. * Use after free and double freeing at the end in "git log -L... -p" had been identified and fixed. * On macOS, fsmonitor can fall into a race condition that results in a client waiting forever to be notified about an event that has already happened. This problem has been corrected. * "git maintenance start" crashed due to an uninitialized variable reference, which has been corrected. * Fail gracefully instead of crashing when attempting to write the contents of a corrupt in-core index as a tree object. * A "git fetch" from the superproject going down to a submodule used a wrong remote when the default remote names are set differently between them. * Fixes compile time warnings with 64-bit MSVC. * Teaches 'shortlog' to explicitly use SHA-1 when operating outside of a repository. * Fix 'git grep' regression on macOS by disabling lookahead when encountering invalid UTF-8 byte sequences. * The dumb-http code regressed when the result of re-indexing a pack yielded an *.idx file that differs in content from the *.idx file it downloaded from the remote. This has been corrected by no longer relying on the *.idx file we got from the remote. * When called with '--left-right' and '--use-bitmap-index', 'rev-list' will produce output without any left/right markers, which has been corrected. * More leakfixes. * Test modernization. * The "--shallow-exclude=<ref>" option to various history transfer commands takes a ref, not an arbitrary revision. * A regression where commit objects missing from a commit-graph can cause an infinite loop when doing a fetch in a partial clone has been fixed. * The MinGW compatibility layer has been taught to support POSIX semantics for atomic renames when other process(es) have a file opened at the destination path. * "git gc" discards any objects that are outside promisor packs that are referred to by an object in a promisor pack, and we do not refetch them from the promisor at runtime, resulting an unusable repository. Work around it by including these objects in the referring promisor pack at the receiving end of the fetch. * Avoid build/test breakage on a system without working malloc debug support dynamic library. (merge 72ad6dc368 jk/test-malloc-debug-check later to maint). * Double-free fix. (merge fe17a25905 jk/fetch-prefetch-double-free-fix later to maint). * Use of some uninitialized variables in "git difftool" has been corrected. * Object reuse code based on multi-pack-index sent an unwanted copy of object. (merge e199290592 tb/multi-pack-reuse-dupfix later to maint). * "git fast-import" can be tricked into a replace ref that maps an object to itself, which is a useless thing to do. (merge 5e904f1a4a en/fast-import-avoid-self-replace later to maint). * The ref-transaction hook triggered for reflog updates, which has been corrected. (merge b886db48c6 kn/ref-transaction-hook-with-reflog later to maint). * Give a bit of advice/hint message when "git maintenance" stops finding a lock file left by another instance that still is potentially running. (merge ba874d1dac ps/gc-stale-lock-warning later to maint). * Use the right helper program to measure file size in performance tests. (merge 3f97f1bce6 tb/use-test-file-size-more later to maint). * A double-free that may not trigger in practice by luck has been corrected in the reference resolution code. (merge b6318cf23a sj/refs-symref-referent-fix later to maint). * The sequencer failed to honor core.commentString in some places. * Describe a case where an option value needs to be spelled as a separate argument, i.e. "--opt val", not "--opt=val". (merge 1bc1e94091 jc/doc-opt-tilde-expand later to maint). * Loosen overly strict ownership check introduced in the recent past, to keep the promise "cloning a suspicious repository is a safe first step to inspect it". (merge 0ffb5a6bf1 bc/allow-upload-pack-from-other-people later to maint). * "git fast-import" learned to reject paths with ".." and "." as their components to avoid creating invalid tree objects. (merge 8cb4c6e62f en/fast-import-verify-path later to maint). * The --ancestry-path option is designed to be given a commit that is on the path, which was not documented, which has been corrected. (merge bc1a980759 kk/doc-ancestry-path later to maint). * "git tag" has been taught to refuse to create refs/tags/HEAD since such a tag will be confusing in the context of the UI provided by the Git Porcelain commands. (merge bbd445d5ef jc/forbid-head-as-tagname later to maint). * The advice messages now tell the newer 'git config set' command to set the advice.token configuration variable to squelch a message. (merge 6c397d0104 bf/explicit-config-set-in-advice-messages later to maint). * The syntax ":/<text>" to name the latest commit with the matching text was broken with a recent change, which has been corrected. (merge 0ff919e87a ps/commit-with-message-syntax-fix later to maint). * Fix performance regression of a recent "fatten promisor pack with local objects" protection against an unwanted gc. * "git log -p --remerge-diff --reverse" was completely broken. (merge f94bfa1516 js/log-remerge-keep-ancestry later to maint). * "git bundle create" with an annotated tag on the positive end of the revision range had a workaround code for older limitation in the revision walker, which has become unnecessary. (merge dd1072dfa8 tc/bundle-with-tag-remove-workaround later to maint). * GitLab CI updates. (merge c6b43f663e ps/ci-gitlab-update later to maint). * Code to reuse objects based on bitmap contents have been tightened to avoid race condition even when multiple packs are involved. (merge 62b3ec8a3f tb/bitmap-fix-pack-reuse later to maint). * An earlier "csum-file checksum does not have to be computed with sha1dc" topic had a few code paths that had initialized an implementation of a hash function to be used by an unmatching hash by mistake, which have been corrected. (merge 599a63409b ps/weak-sha1-for-tail-sum-fix later to maint). * Other code cleanup, docfix, build fix, etc. (merge 77af53f56f aa/t7300-modernize later to maint). (merge dcd590a39d bf/t-readme-mention-reftable later to maint). (merge 68e3c69efa kh/trailer-in-glossary later to maint). (merge 91f88f76e6 tb/boundary-traversal-fix later to maint). (merge 168ebb7159 jc/doc-error-message-guidelines later to maint). (merge 18693d7d65 kh/doc-bundle-typofix later to maint). (merge e2f5d3b491 kh/doc-update-ref-grammofix later to maint). (merge 8525e92886 mh/doc-windows-home-env later to maint). 2.47.2 This release merges up the fix that appears in v2.40.4, v2.41.3, v2.42.4, v2.43.6, v2.44.3, v2.45.3 and v2.46.3 to address the security issues CVE-2024-50349 and CVE-2024-52006; see the release notes for these versions for details. 2.47.1 This is to flush accumulated fixes since 2.47.0 on the 'master' front down to the maintenance track. Fixes since Git 2.47 * Use after free and double freeing at the end in "git log -L... -p" had been identified and fixed. * On macOS, fsmonitor can fall into a race condition that results in a client waiting forever to be notified for an event that have already happened. This problem has been corrected. * "git maintenance start" crashed due to an uninitialized variable reference, which has been corrected. * Fail gracefully instead of crashing when attempting to write the contents of a corrupt in-core index as a tree object. * A "git fetch" from the superproject going down to a submodule used a wrong remote when the default remote names are set differently between them. * The "gitk" project tree has been synchronized again with its new maintainer, Johannes Sixt. Also contains minor documentation updates and code clean-ups. 2.47.0 UI, Workflows & Features * Many Porcelain commands that internally use the merge machinery were taught to consistently honor the diff.algorithm configuration. * A few descriptions in "git show-ref -h" have been clarified. * A 'P' command to "git add -p" that passes the patch hunk to the pager has been added. * "git grep -W" omits blank lines that follow the found function at the end of the file, just like it omits blank lines before the next function. * The value of http.proxy can have "path" at the end for a socks proxy that listens to a unix-domain socket, but we started to discard it when we taught proxy auth code path to use the credential helpers, which has been corrected. * The code paths to compact multiple reftable files have been updated to correctly deal with multiple compaction triggering at the same time. * Support to specify ref backend for submodules has been enhanced. * "git svn" has been taught about svn:global-ignores property recent versions of Subversion has. * The default object hash and ref backend format used to be settable only with explicit command line option to "git init" and environment variables, but now they can be configured in the user's global and system wide configuration. * "git send-email" learned "--translate-aliases" option that reads addresses from the standard input and emits the result of applying aliases on them to the standard output. * 'git for-each-ref' learned a new "--format" atom to find the branch that the history leading to a given commit "%(is-base:<commit>)" is likely based on. * The command line prompt support used to be littered with bash-isms, which has been corrected to work with more shells. * Support for the RUNTIME_PREFIX feature has been added to z/OS port. * "git send-email" learned "--mailmap" option to allow rewriting the recipient addresses. * "git mergetool" learned to use VSCode as a merge backend. * "git pack-redundant" has been marked for removal in Git 3.0. * One-line messages to "die" and other helper functions will get LF added by these helper functions, but many existing messages had an unnecessary LF at the end, which have been corrected. * The "scalar clone" command learned the "--no-tags" option. * The environment GIT_ADVICE has been intentionally kept undocumented to discourage its use by interactive users. Add documentation to help tool writers. * "git apply --3way" learned to take "--ours" and other options. Performance, Internal Implementation, Development Support etc. * A build tweak knob has been simplified by not setting the value that is already the default; another unused one has been removed. * A CI job that use clang-format to check coding style issues in new code has been added. * The reviewing guidelines document now explicitly encourages people to give positive reviews and how. * Test script linter has been updated to catch an attempt to use one-shot export construct "VAR=VAL func" for shell functions (which does not work for some shells) better. * Some project conventions have been added to CodingGuidelines. * In the refs subsystem, implicit reliance of the_repository has been eliminated; the repository associated with the ref store object is used instead. * Various tests in reftable library have been rewritten using the unit test framework. * A test that fails on an unusually slow machine was found, and made less likely to cause trouble by lengthening the expiry value it uses. * An existing test of hashmap API has been rewritten with the unit-test framework. * A policy document that describes platform support levels and expectation on platform stakeholders has been introduced. * The refs API has been taught to give symref target information to the users of ref iterators, allowing for-each-ref and friends to avoid an extra ref_resolve_* API call per a symbolic ref. * Unit-test framework has learned a simple control structure to allow embedding test statements in-line instead of having to create a new function to contain them. * Incremental updates of multi-pack index files is getting worked on. * Use of API functions that implicitly depend on the_repository object in the config subsystem has been rewritten to pass a repository object through the callchain. * Unused parameters have been either marked as UNUSED to squelch -Wunused warnings or dropped from many functions.. * The code in the reftable library has been cleaned up by discarding unused "generic" interface. * The underlying machinery for "git diff-index" has long been made to expand the sparse index as needed, but the command fully expanded the sparse index upfront, which now has been taught not to do. * More trace2 events at key points on push and fetch code paths have been added. * Make our codebase compilable with the -Werror=unused-parameter option. * "git cat-file" works well with the sparse-index, and gets marked as such. * CI started failing completely for linux32 jobs, as the step to upload failed test directory uses GitHub actions that is deprecated and is now disabled. * Import clar unit tests framework libgit2 folks invented for our use. * The error messages from the test script checker have been improved. * The convention to calling into built-in command implementation has been updated to pass the repository, if known, together with the prefix value. * "git apply" had custom buffer management code that predated before use of strbuf got widespread, which has been updated to use strbuf, which also plugged some memory leaks. * The reftable backend learned to more efficiently handle exclude patterns while enumerating the refs. * CI updates. FreeBSD image has been updated to 13.4. (merge 2eeb29702e cb/ci-freebsd-13-4 later to maint). * Give timeout to the locking code to write to reftable, instead of failing on the first failure without retrying. * The checksum at the tail of files are now computed without collision detection protection. This is safe as the consumer of the information to protect itself from replay attacks checks for hash collisions independently. 2.46.3 This release merges up the fix that appears in v2.40.4, v2.41.3, v2.42.4, v2.43.6, v2.44.3 and v2.45.3 to address the security issues CVE-2024-50349 and CVE-2024-52006; see the release notes for these versions for details. 2.46.2 This release is primarily to merge changes to unbreak the 32-bit GitHub actions jobs we use for CI testing, so that we can release real fixes for the 2.46.x track after they pass CI. It also reverts the "git patch-id" change that went into 2.46.1, as it seems to have got a regression reported (I haven't verified, but it is better to keep a known breakage than adding an unintended regression). Other than that, a handful of minor bugfixes are included. * In a few corner cases "git diff --exit-code" failed to report "changes" (e.g., renamed without any content change), which has been corrected. * Cygwin does have /dev/tty support that is needed by things like single-key input mode. * The interpret-trailers command failed to recognise the end of the message when the commit log ends in an incomplete line. 2.46.1 This release is primarily to merge fixes accumulated on the 'master' front to prepare for 2.47 release that are still relevant to 2.46.x maintenance track. * "git checkout --ours" (no other arguments) complained that the option is incompatible with branch switching, which is technically correct, but found confusing by some users. It now says that the user needs to give pathspec to specify what paths to checkout. * It has been documented that we avoid "VAR=VAL shell_func" and why. * "git add -p" by users with diff.suppressBlankEmpty set to true failed to parse the patch that represents an unmodified empty line with an empty line (not a line with a single space on it), which has been corrected. * "git rebase --help" referred to "offset" (the difference between the location a change was taken from and the change gets replaced) incorrectly and called it "fuzz", which has been corrected. * "git notes add -m '' --allow-empty" and friends that take prepared data to create notes should not invoke an editor, but it started doing so since Git 2.42, which has been corrected. * An expensive operation to prepare tracing was done in re-encoding code path even when the tracing was not requested, which has been corrected. * Perforce tests have been updated. * The credential helper to talk to OSX keychain sometimes sent garbage bytes after the username, which has been corrected. * A recent update broke "git ls-remote" used outside a repository, which has been corrected. * "git config --value=foo --fixed-value section.key newvalue" barfed when the existing value in the configuration file used the valueless true syntax, which has been corrected. * "git reflog expire" failed to honor annotated tags when computing reachable commits. * A flakey test and incorrect calls to strtoX() functions have been fixed. * Follow-up on 2.45.1 regression fix. * "git rev-list ... | git diff-tree -p --remerge-diff --stdin" should behave more or less like "git log -p --remerge-diff" but instead it crashed, forgetting to prepare a temporary object store needed. * The patch parser in "git patch-id" has been tightened to avoid getting confused by lines that look like a patch header in the log message. * "git bundle unbundle" outside a repository triggered a BUG() unnecessarily, which has been corrected. * The code forgot to discard unnecessary in-core commit buffer data for commits that "git log --skip=<number>" traversed but omitted from the output, which has been corrected. * "git verify-pack" and "git index-pack" started dying outside a repository, which has been corrected. * A corner case bug in "git stash" was fixed. Also contains minor documentation updates and code clean-ups.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/packages/git | 2 +- lfs/git | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/packages/git b/config/rootfiles/packages/git index 4422f01ac..6dad7e0a8 100644 --- a/config/rootfiles/packages/git +++ b/config/rootfiles/packages/git @@ -203,12 +203,12 @@ usr/libexec/git-core/mergetools/smerge usr/libexec/git-core/mergetools/tkdiff usr/libexec/git-core/mergetools/tortoisemerge usr/libexec/git-core/mergetools/vimdiff +usr/libexec/git-core/mergetools/vscode usr/libexec/git-core/mergetools/winmerge usr/libexec/git-core/mergetools/xxdiff usr/libexec/git-core/scalar #usr/share/git-core #usr/share/git-core/templates -usr/share/git-core/templates/branches usr/share/git-core/templates/description #usr/share/git-core/templates/hooks usr/share/git-core/templates/hooks/applypatch-msg.sample diff --git a/lfs/git b/lfs/git index e209fb568..185029b17 100644 --- a/lfs/git +++ b/lfs/git @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 2.46.0 +VER = 2.48.1 SUMMARY = Fast, scalable, distributed revision control system

THISAPP = git-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = git -PAK_VER = 35 +PAK_VER = 36

DEPS = perl-Authen-SASL perl-Net-SMTP-SSL

@@ -47,7 +47,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 11fd88faea8cca0982945320c0a1ff949d2abedca9ffde34d40a739349e2a7ae6ceb51a23e8c21f7985cd494d9d17abcec4769e766c3c5188162b906eb1b96bc +$(DL_FILE)_BLAKE2 = 092ed16fab3b3e56c81cb91db48e4db1f41b6d91d4855a7c73fb642f1fd0272823a92b8963644ef33517c61956bca89a95e4b4dc3e9237cb0520aa37c0770966

install : $(TARGET)

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] harfbuzz: Update to version 10.2.0

- Update from version 10.1.0 to 10.2.0 - Update of rootfile - Changelog 10.2.0 - Consider Unicode Variation Selectors when subsetting “cmap” table. - Guard hb_cairo_glyphs_from_buffer() against malformed UTF-8 strings. - Fix incorrect “COLR” v1 glyph scaling in hb-cairo. - Use locale-independent parsing of double numbers is “hb-subset” command line tool. - Fix incorrect zeroing of advance width of base glyphs in various “Courier New” font versions due to incorrect “GDEF” glyph classes. - Fix handling of long language codes with “HB_LEAN” configuration. - Update OpenType language system registry. - Allow all Myanmar tone marks (including visarga) in any order - Don’t insert U+25CC DOTTED CIRCLE before superscript/subscript digits - Handle Garay script as right to left script. - New API for serializing font tables and potentially repacking them in optimal way. This was a previously experimental-only API. - New API for converting font variation setting from and to strings. - Various build fixes - Various subsetter and instancer fixes. - New API: +hb_subset_serialize_link_t +hb_subset_serialize_object_t +hb_subset_serialize_or_fail() +hb_subset_axis_range_from_string() +hb_subset_axis_range_to_string()

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/harfbuzz | 10 +++++----- lfs/harfbuzz | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/config/rootfiles/common/harfbuzz b/config/rootfiles/common/harfbuzz index 4fb716d84..c951a4507 100644 --- a/config/rootfiles/common/harfbuzz +++ b/config/rootfiles/common/harfbuzz @@ -38,7 +38,7 @@ #usr/include/harfbuzz/hb-shape-plan.h #usr/include/harfbuzz/hb-shape.h #usr/include/harfbuzz/hb-style.h -#usr/include/harfbuzz/hb-subset-repacker.h +#usr/include/harfbuzz/hb-subset-serialize.h #usr/include/harfbuzz/hb-subset.h #usr/include/harfbuzz/hb-unicode.h #usr/include/harfbuzz/hb-version.h @@ -47,16 +47,16 @@ #usr/lib/cmake/harfbuzz/harfbuzz-config.cmake #usr/lib/libharfbuzz-cairo.so usr/lib/libharfbuzz-cairo.so.0 -usr/lib/libharfbuzz-cairo.so.0.61010.0 +usr/lib/libharfbuzz-cairo.so.0.61020.0 #usr/lib/libharfbuzz-gobject.so usr/lib/libharfbuzz-gobject.so.0 -usr/lib/libharfbuzz-gobject.so.0.61010.0 +usr/lib/libharfbuzz-gobject.so.0.61020.0 #usr/lib/libharfbuzz-subset.so usr/lib/libharfbuzz-subset.so.0 -usr/lib/libharfbuzz-subset.so.0.61010.0 +usr/lib/libharfbuzz-subset.so.0.61020.0 #usr/lib/libharfbuzz.so usr/lib/libharfbuzz.so.0 -usr/lib/libharfbuzz.so.0.61010.0 +usr/lib/libharfbuzz.so.0.61020.0 #usr/lib/pkgconfig/harfbuzz-cairo.pc #usr/lib/pkgconfig/harfbuzz-gobject.pc #usr/lib/pkgconfig/harfbuzz-subset.pc diff --git a/lfs/harfbuzz b/lfs/harfbuzz index a5a90eec2..71abe2dfc 100644 --- a/lfs/harfbuzz +++ b/lfs/harfbuzz @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 10.1.0 +VER = 10.2.0

THISAPP = harfbuzz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 7d78e31d045b984d8d1a8b1d1f8f282ff9b7dc748ffd65355266266e75064b14eb94ec6b1418e208ebb0fffb99ef174d1978ab14f0c318c1112c2d8005285979 +$(DL_FILE)_BLAKE2 = 6711eed94c4cbc7b4d37ec17c3bd4512110f873d0f179bc213773ad89af99cd349f92ea8ce957ddeb5084ad3719e2436cb712a880b02668954c69e0b1c3ceb98

install : $(TARGET)

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] libexif: Update to version 0.6.25

- Update from version 0.6.24 to 0.6.25 - Update of rootfile - Changelog 0.6.25 * REUSE compatibility (all files declare their license) * Translation updates: ro, de, es, ka, pl, sr, sv, uk, vi, zh_CN, * Disabled Apple Makernote support, as its not complete * various bugfixes * handle JPEG APP10 * EXIF_TAG_COMPOSITE_IMAGE, EXIF_TAG_STANDARD_OUTPUT_SENSITIVITY, EXIF_TAG_RECOMMENDED_EXPOSURE_INDEX, EXIF_TAG_ISO_SPEED, EXIF_TAG_ISO_SPEEDLatitudeYYY, EXIF_TAG_ISO_SPEEDLatitudeZZZ, EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE, EXIF_TAG_LENS_SPECIFICATION, EXIF_TAG_GAMMA, EXIF_TAG_OFFSET_TIME, EXIF_TAG_OFFSET_TIME_ORIGINAL, EXIF_TAG_OFFSET_TIME_DIGITIZED, EXIF_TAG_CAMERA_OWNER_NAME, EXIF_TAG_BODY_SERIAL_NUMBER, EXIF_TAG_LENS_MAKE, EXIF_TAG_LENS_MODEL, EXIF_TAG_LENS_SERIAL_NUMBER: better decoding

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/packages/libexif | 6 ++---- lfs/libexif | 12 +++++++----- 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/config/rootfiles/packages/libexif b/config/rootfiles/packages/libexif index 985a7af74..ae0db7bad 100644 --- a/config/rootfiles/packages/libexif +++ b/config/rootfiles/packages/libexif @@ -27,8 +27,6 @@ usr/lib/libexif.so.12.3.4 #usr/share/doc/libexif/README #usr/share/doc/libexif/SECURITY.md #usr/share/locale/be/LC_MESSAGES/libexif-12.mo -#usr/share/locale/bs -#usr/share/locale/bs/LC_MESSAGES #usr/share/locale/bs/LC_MESSAGES/libexif-12.mo #usr/share/locale/cs/LC_MESSAGES/libexif-12.mo #usr/share/locale/da/LC_MESSAGES/libexif-12.mo @@ -36,19 +34,19 @@ usr/lib/libexif.so.12.3.4 #usr/share/locale/en_AU #usr/share/locale/en_AU/LC_MESSAGES #usr/share/locale/en_AU/LC_MESSAGES/libexif-12.mo -#usr/share/locale/en_CA -#usr/share/locale/en_CA/LC_MESSAGES #usr/share/locale/en_CA/LC_MESSAGES/libexif-12.mo #usr/share/locale/en_GB/LC_MESSAGES/libexif-12.mo #usr/share/locale/es/LC_MESSAGES/libexif-12.mo #usr/share/locale/fr/LC_MESSAGES/libexif-12.mo #usr/share/locale/it/LC_MESSAGES/libexif-12.mo #usr/share/locale/ja/LC_MESSAGES/libexif-12.mo +#usr/share/locale/ka/LC_MESSAGES/libexif-12.mo #usr/share/locale/ms/LC_MESSAGES/libexif-12.mo #usr/share/locale/nl/LC_MESSAGES/libexif-12.mo #usr/share/locale/pl/LC_MESSAGES/libexif-12.mo #usr/share/locale/pt/LC_MESSAGES/libexif-12.mo #usr/share/locale/pt_BR/LC_MESSAGES/libexif-12.mo +#usr/share/locale/ro/LC_MESSAGES/libexif-12.mo #usr/share/locale/ru/LC_MESSAGES/libexif-12.mo #usr/share/locale/sk/LC_MESSAGES/libexif-12.mo #usr/share/locale/sq/LC_MESSAGES/libexif-12.mo diff --git a/lfs/libexif b/lfs/libexif index c89232b1c..c9a6eb69b 100644 --- a/lfs/libexif +++ b/lfs/libexif @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config

SUMMARY = An EXIF Tag Parsing Library for Digital Cameras

-VER = 0.6.24 +VER = 0.6.25

THISAPP = libexif-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libexif -PAK_VER = 3 +PAK_VER = 4

DEPS =

@@ -48,7 +48,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 75d3a2b4fefd7b7706226e70d31250ef7e99eeb81a4839ddc36cc9e3180534542d8a02851f8e6fd5034bbc925a616ead8c4bfb0cce8bc5886c3ec54811914a6b +$(DL_FILE)_BLAKE2 = a0f8a80194694fab295dcd9c72088055b83534b281cb5bdac67a781dfb56fab0e354e32a520eb31d9f4dd604524355d69ba62012056f5706051e8382e4d898b8

install : $(TARGET)

@@ -82,7 +82,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && ./configure --prefix=/usr --disable-static + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-static cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install @rm -rf $(DIR_APP)

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] libxcrypt: Update to version 4.4.38

- Update from version 4.4.36 to 4.4.38 - Update of rootfile - Changelog 4.4.38 * Fix several "-Wunterminated-string-initialization", which are seen by upcoming GCC 15.x (issue #194). * Fix "-Wmaybe-uninitialized" in crypt.c, which is seen by GCC 13.3.0. * Skip test/explicit-bzero if compiling with ASAN. * Drop hard requirement for the pkg-config binary (issue #198). 4.4.37 * Several fixes to the manpages (issue #185). * Add binary compatibility for x86_64 GNU/Hurd (issue #189). * Only test the needed makecontext signature during configure (issue #178). * Fix -Werror=strict-overflow in lib/crypt-bcrypt.c, which is seen by GCC 4.8.5 (issue #197).

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/libxcrypt | 3 +-- lfs/libxcrypt | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/common/libxcrypt b/config/rootfiles/common/libxcrypt index 1cbb05816..7febd9254 100644 --- a/config/rootfiles/common/libxcrypt +++ b/config/rootfiles/common/libxcrypt @@ -1,3 +1,4 @@ +#root/libcrypt.pc #usr/include/crypt.h #usr/include/xcrypt.h #usr/lib/libcrypt.la @@ -7,8 +8,6 @@ usr/lib/libcrypt.so.1.1.0 #usr/lib/libowcrypt.so #usr/lib/libowcrypt.so.1 #usr/lib/libxcrypt.so -#usr/lib/pkgconfig/libcrypt.pc -#usr/lib/pkgconfig/libxcrypt.pc #usr/share/man/man3/crypt.3 #usr/share/man/man3/crypt_checksalt.3 #usr/share/man/man3/crypt_gensalt.3 diff --git a/lfs/libxcrypt b/lfs/libxcrypt index 4ec63516a..2f40385ca 100644 --- a/lfs/libxcrypt +++ b/lfs/libxcrypt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 4.4.36 +VER = 4.4.38

THISAPP = libxcrypt-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -47,7 +47,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 9f028e0fe2cb7bb4273f3f6d1e579e0fe93cd71eba21286aa7dc078c904ea3cdce38b2955bdcd618853f7657b01aea7e28c4d898680e69fdf75f812b5a304c1d +$(DL_FILE)_BLAKE2 = 42d594fe36f61a1b5343d9fda22541b09373fe74c587537db8203f9c92120b6c73edef2e1b3d7febda14ae979845405b5fdaeb31dd2b89eedc423b0924ea7cff

install : $(TARGET)

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] lvm2: Update to version 2.03.30

- Update from version 2.03.28 to 2.03.30 - Update of rootfile not required - Changelog 2.03.30 Lvresize reports origin vdo volume cannot be resized. Support setting reserved_memory|stack of --config cmdline. Fix support for disabling memory locking (2.03.27). Do not extend an LV if FS resize unsupported and '--fs resize' used. Prevent leftover temporary device when converting in use volume to a pool. lvconvert detects early volume in use when converting it to a pool. Handle NVMe with quirk changed WWID not matching WWID in devices file. 2.03.29 Configure --enable/disable-sd-notify to control lvmlockd build with sd-notify. Allow test mode when lvmlockd is built without dlm support. Add a note about RAID + integrity synchronization to lvmraid(7) man page. Add a function for running lvconvert --repair on RAID LVs to lvmdbusd. Improve option section of man pages for listing commands ({pv,lv,vg}{s,display}). Fix renaming of raid sub LVs when converting a volume to raid (2.03.28). Fix segfault/VG write error for raid LV lvextend -i|--stripes -I|--stripesize. Revert ignore -i|--stripes, -I|--stripesize for lvextend on raid0 LV (2.03.27).

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/lvm2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/lvm2 b/lfs/lvm2 index 8992ecf16..355691a43 100644 --- a/lfs/lvm2 +++ b/lfs/lvm2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 2.03.28 +VER = 2.03.30

THISAPP = LVM2.$(VER) DL_FILE = $(THISAPP).tgz @@ -40,7 +40,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = c4c64975d39b9f5c8def0ec6a405b6aa158b6646fcc010724dc500cec7645a2f97b089665615c5fb0b03cd3c528c95f59122900b4f1d08d16364729c38acc10b +$(DL_FILE)_BLAKE2 = 4175f09235cb68064be2da073a499b6a022e98722bae47d63088d8ee8b8a3f644695cd7de636ffd93c5e66f9cdce33b2a43d29ea527f5015172c6516ecf94e4c

install : $(TARGET)

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] lynis: Update to version 3.1.3

- Update from version 3.1.1 to 3.1.3 - Update of rootfile - Changelog 3.1.3 This release introduces additional documentation in the form of blog articles to support the (missing) control information on the website. Added - Detection of Buildroot, Fedora Linux Asahi Remix, Garden Linux, Peppermint OS - Support for blog posts and articles to enhance suggestions Changed - BOOT-5264 - Changed output of systemd-analyze test and added link - FILE-6398 - Test temporarily disabled as on modern kernels JDB support is built-in - FIRE-4508 - Several changes to expand the test, make it more generic, resolve minor issues - KRNL-5622 - Test if systemctl binary is set - Several improvements for busybox - Update of translations: Italian, Russian, Spanish 3.1.2 Added - Detection of ALT Linux - Detection of Athena OS - Detection of Container-Optimized OS from Google - Detection of Koozali SME Server - Detection of Nobara Linux - Detection of Open Source Media Center (OSMC) - Detection of PostmarketOS - CRYP-7932 - macOS FileVault encryption test - FILE-6398 - Check if JBD (Journal Block Device) driver is loaded - FINT-4344 - Wazuh system running state - PKGS-7305 - Query macOS Apps in /Applications and CoreServices - File added: .editorconfig, which is used by editors to standardize formatting Changed - Correction of software EOL database and inclusion of AIX entries - Support sysctl value perf_event_paranoid -> 2|3 - Update of translations: German, Portuguese, Turkish - Grammar and spell improvements - Improved package detection on Alpine Linux - Slackware support to check installed packges (functionPackageIsInstalled()) - Added words prosecute/report to LEGAL_BANNER_STRINGS - Busybox support: Replace newer tr command syntax with older ascii specific operations - Added Wazuh as a malware scanner/antivirus and rootkit detection tool - Updated PHP versions and removed PHP 5 (deprecated) - AUTH-9262 - Corrected message with advised PAM libary (libpam-passwdqc) - CONT-8104 - Checking for errors, not only warning in docker info output - DBS-1826 - PostgreSQL detection improved for AlmaLinux, Rocky Linux, and FreeBSD - FILE-6344 - Test kernel version (major/minor) - INSE-8000 - Added inetd package and service name used in ubuntu 24.04 - KRNL-5622 - Use systemctl get-default instead of following link - KRNL-5820 - Accept ulimit with -H parameter also - LOGG-2144 - Check for wazuh-agent presence on Linux systems - MACF-6234 - Test if semanage binary is available - MALW-3200 - ESET Endpoint Antivirus added - MALW-3280 - McAfee Antivirus for Linux deprecated - MALW-3291 - Check if Microsoft Defender Antivirus is installe - NETW-3200 - Added regex to allow both /bin/true as /bin/false - PKGS-7303 - Added version numbers to brew packages - PKGS-7370 - Cron job check for debsums improved - PKGS-7392 - Improved filtering of apt-check output (Ubuntu 24.04 may give an error) - PKGS-7410 - Added kernel name for Hardkernel odroid XU4

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/packages/lynis | 3 ++- lfs/lynis | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis index 34b07ff32..9c0157ddb 100644 --- a/config/rootfiles/packages/lynis +++ b/config/rootfiles/packages/lynis @@ -1,6 +1,7 @@ var/ipfire/lynis #var/ipfire/lynis/LICENSE #var/ipfire/lynis/db +var/ipfire/lynis/db/control-links.db var/ipfire/lynis/db/fileperms.db var/ipfire/lynis/db/hints.db var/ipfire/lynis/db/integrity.db @@ -87,6 +88,7 @@ var/ipfire/lynis/include/tests_firewalls var/ipfire/lynis/include/tests_hardening var/ipfire/lynis/include/tests_homedirs var/ipfire/lynis/include/tests_insecure_services +var/ipfire/lynis/include/tests_kerberos var/ipfire/lynis/include/tests_kernel var/ipfire/lynis/include/tests_kernel_hardening var/ipfire/lynis/include/tests_ldap @@ -118,4 +120,3 @@ var/ipfire/lynis/lynis #var/ipfire/lynis/plugins #var/ipfire/lynis/plugins/README var/ipfire/lynis/plugins/custom_plugin.template -var/ipfire/lynis/software-eol.db diff --git a/lfs/lynis b/lfs/lynis index 38ebac9c6..b95ace3f4 100644 --- a/lfs/lynis +++ b/lfs/lynis @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config

SUMMARY = Security and System auditing tool

-VER = 3.1.1 +VER = 3.1.3

THISAPP = lynis-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -49,7 +49,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 056e689f00ac0fa74bd1a6dc3915cbd70f28cdb5461e0749b68ce2cf84e425c295425f7bb6d5aeb0208693a0e38290cb90925e392928257c79bc5887f6e58498 +$(DL_FILE)_BLAKE2 = 68483c194b3202befe3d45386d30c51399a7e9e413509fec982a120a5ab6ae22609c0e975d6fab33658decb0f2cf1c8dfb75434c68bfa76ad4f6602d10ad5a84

install : $(TARGET)

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] monit: Update to version 5.34.4

- Update from version 5.34.3 to 5.34.4 - Update of rootfile not required - Changelog 5.34.4 Fixed: If the Monit configuration file contains a string with unbalanced escape sequences, Monit may crash upon startup. Fixed: If the password in the set mmonit URL contains only binary characters, syntax check passed (-t), but Monit aborts after start and reports following error: AssertException: n >= 0 raised in Str_ndup at src/util/Str.c:315 Aborted Fixed: If the every <cron> statement contained a syntax error, syntax check passed (-t), but Monit aborts after start and reports following error: AssertException: n < 5 && n >= 0 raised in Time_incron at src/system/Time.c:1566 Aborted Fixed: If the timeout option value was set to 0, the syntax check was successful (-t), but Monit aborts after starting and reports the following error: AssertException: timeout > 0 raised in Socket_create at src/net/socket.c:319 Aborted Fixed: The set syslog statement's facility option did not permit the specification of the log_user. Thanks to Lutz Mader for report. Fixed: Double interpretation of format strings during RETHROW

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/monit | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/lfs/monit b/lfs/monit index b31a6ad0e..82de4137b 100644 --- a/lfs/monit +++ b/lfs/monit @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 5.34.3 +VER = 5.34.4 SUMMARY = Utility for monitoring services on a Unix system

THISAPP = monit-$(VER) @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = monit -PAK_VER = 26 +PAK_VER = 27

DEPS =

@@ -47,7 +47,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 444bc0918fefc59214f9513fa134d4abea9cb0bbfc3e71fa4c3d76d9134821a54e1949bf89a4dc483593862a629a03ac347df9c12f07476c1fcbf2c2e2d4d507 +$(DL_FILE)_BLAKE2 = a61a63eab320cb39d9d90a877fa6d2f9c326e9629847c235cb44061ad69d9ae561d1c05c5ca0b50e263d3539ed39db64602741e88aa20697209c62bdb53f7516

install : $(TARGET)

@@ -81,10 +81,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var - + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] openvmtools: Update to version 12.5.0

- Update from version 12.0.5 to 12.5.0 - Update of rootfile not required - Several CVE's in various updates between 12.0.5 and 12.5.0 - Changelog 12.5.0 The following github.com/vmware/open-vm-tools pull request has been addressed. Revise settings for vmware-user.desktop Pull request #668 Accomodate newer releases of libxml2 and xmlsec1. The configure.ac and VGAuth code updated to avoid deprecated functions and build options based on OSS product version. 12.4.5 A number of issues flagged by Coverity and ShellCheck have been addressed. The changes include code fixes and Coverity escapes for reported false positives. See the details in the open-vm-tools ChangeLog for specific fix or false positive escape. Nested logging from RPCChannel error may hang the vmtoolsd process. This issue has been fixed in this release. vmtoolsd child processes invoke parent's atexit handler.** Fixed in this release by terminating child processes with _exit(). Mutexes in lib/libvmtools/vmtoolsLog.c and glib could have been locked at fork time. The vmtoolsLog.c Debug(), Warning() and Panic() functions are not safe for child processes. Fixed in this release by directing child processes' logging to stdout. Permission on the vmware-network.log file incorrectly defaults to (0644). Fixed in this release. The correct default is set to (0600). The NetworkManager calls in the Linux "network" script have been updated. Defaults to using the "Sleep" method over the "Enabled" method used to work around a bug in NetworkManager version 0.9.0. Resolves: Pull request #699 Issue #426 Unused header files have been dropped from the current open-vm-tools source. Accomodate newer releases of libxml2 and xmlsec1. The configure.ac and VGAuth code updated to avoid deprecated functions and build options based on OSS product version. 12.4.0 The following github.com/vmware/open-vm-tools pull request has been addressed Power Ops: Attempt to execute file path only Pull request #689 A number of issues flagged by Coverity have been addressed. Add aliasing code to identify Miracle Linux by its former name of "asianux". The Asianux Linux distribution rebranded itself as Miracle Linux. Since vSphere infrastructure recognizes "asianux" but not Miracle Linux, aliasing code was added to open-vm-tools to continue to identify Miracle Linux systems as "asianux". 12.3.5 This release resolves CVE-2023-34058. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0024.html. open-vm-tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. Note: While the description and known attack vectors are very similar to CVE-2023-20900, CVE-2023-34058 has a different root cause that must be addressed. A patch for earlier versions of open-vm-tools is available at CVE-2023-34058.patch. This release resolves CVE-2023-34059. open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.4. - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. A patch for earlier versions of open-vm-tools is available at CVE-2023-34059.patch. The following github.com/vmware/open-vm-tools issue have been addressed Better cooperation between deployPkg plugin and cloud-init concerning location of 'disable_vmware_customization' flag. Issue #310 12.3.0 This release resolves CVE-2023-20900. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0019.html. Linux quiesced snapshot: "SyncDriver: failed to freeze 'filesystem'" The open-vm-tools 12.2.0 release had an update to the Linux quiesced snapshot operation that would avoid starting a quiesced snapshot if a filesystem had already been frozen by another process. See the Resolved Issues section in the open-vm-tools 12.2.0 Release Notes. That fix may have been backported into earlier versions of open-vm-tools by Linux vendors. It is possible that filesystems are being frozen in custom pre-freeze scripts to control the order in which those specific filesystems are to be frozen. The vmtoolsd process must be informed of all such filesystems with the help of "excludedFileSystems" setting of tools.conf. [vmbackup] excludedFileSystems=/opt/data,/opt/app/project-*,... A temporary workaround is available (starting from open-vm-tools 12.3.0) for system administrators to quickly allow a quiescing operation to succeed until the "excludedFileSystems" list can be configured. Note, if another process thaws the file system while a quiescing snapshot operation is ongoing, the snapshot may be compromised. Once the "excludedFileSystems" list is configured this setting MUST be unset (or set to false). [vmbackup] ignoreFrozenFileSystems = true This workaround is provided in the source file changes in https://github.com/vmware/open-vm-tools/commit/60c3a80ddc2b400366ed05169e16a... and at Linux vendors' discretion, may be backported to earlier versions of open-vm-tools. A number of Coverity reported issues have been addressed. Component Manager / salt-minion: New InstallStatus "UNMANAGED". Salt-minion added support for "ExternalInstall" (106) to indicate an older version of salt-minion is installed on the vm and cannot be managed by the svtminion.* scripts. The Component Manager will track that as "UNMANAGED" and take no action. The following pull requests and issues have been addressed Add antrea and calico interface pattern to GUESTINFO_DEFAULT_IFACE_EXCLUDES Issue #638 Pull request #639 Invalid argument with "" in Linux username (Active Directory user) Issue #641 Improve POSIX guest identification Issue #647 Issue #648 Remove appUtil library which depends on deprecated "gdk-pixbuf-xlib" Issue #658 Fix build problems with grpc Pull request #664 Issue #676 12.2.5 This release resolves CVE-2023-20867. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2023-0013.html. 12.2.0 A number of Coverity reported issues have been addressed. The vmtoolsd task is blocked in the uninterruptible state while doing a quiesced snapshot. As the ioctl FIFREEZE is done during a quiesced snapshot operation, an EBUSY could be seen because of an attempt to freeze the same superblock more than once depending on the OS configuration (e.g. usage of bind mounts). An EBUSY could also mean another process has locked or frozen that filesystem. That later could lead to the vmtoolsd process being blocked and ultimately other processes on the system could be blocked. The Linux quiesced snapshot procedure has been updated that when an EBUSY is received, the filesystem FSID is checked against the list of filesystems that have already been quiesced. If not previously seen, a warning that the filesystem is controlled by another process is logged and the quiesced snapshot request will be rejected. This fix to lib/syncDriver/syncDriverLinux.c is directly applicable to previous releases of open-vm-tools and is available at: https://github.com/vmware/open-vm-tools/commit/9d458c53a7a656d4d1ba3a28d090c... Updated the guestOps to handle some edge cases. When File_GetSize() fails or returns a -1 indicating the user does not have access permissions: Skip the file in the output of the ListFiles() request. Fail an InitiateFileTransferFromGuest operation. The following pull requests and issues have been addressed. Detect the proto files for the containerd grpc client in alternate locations. Pull request #626 FreeBSD: Support newer releases and code clean-up for earlier versions. Pull request #584 12.1.5 A number of Coverity reported issues have been addressed. The deployPkg plugin may prematurely reboot the guest VM before cloud-init has completed user data setup. If both the Perl based Linux customization script and cloud-init run when the guest VM boots, the deployPkg plugin may reboot the guest before cloud-init has finished. The deployPkg plugin has been updated to wait for a running cloud-init process to finish before the guest VM reboot is initiated. This issue is fixed in this release. A SIGSEGV may be encountered when a non-quiesing snapshot times out. This issue is fixed in this release. Unwanted vmtoolsd service error message if not on a VMware hypervisor. When open-vm-tools comes preinstalled in a base Linux release, the vmtoolsd services are started automatically at system start and desktop login. If running on physical hardware or in a non-VMware hypervisor, the services will emit an error message to the Systemd's logging service before stopping. This issue is fixed in this release. 12.1.0 This release resolves CVE-2022-31676. For more information on this vulnerability and its impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2022-0024.html. A patch for existing open-vm-tools releases is provided in the CVE-2022-31676 README file. A number of Coverity reported issues have been addressed. [FTBFS] Fix the build of the ContainerInfo plugin for a 32-bit Linux release Reported in open-vm-tools pull request #588, the fix did not make the code freeze date for open-vm-tools 12.0.5. This issue is fixed in this release. Make HgfsConvertFromNtTimeNsec aware of 64-bit time_t on i386 (32-bit) Reported in open-vm-tools pull request #387, this change incorporates the support of 64 bit time epoch conversion from Windows NT time to Unix Epoch time on i386.

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/openvmtools | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/lfs/openvmtools b/lfs/openvmtools index b91c89d26..6e277f080 100644 --- a/lfs/openvmtools +++ b/lfs/openvmtools @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config

SUMMARY = Open Virtual Machine Tools

-VER = stable-12.0.5 +VER = stable-12.5.0

THISAPP = open-vm-tools-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)/open-vm-tools TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 PROG = openvmtools -PAK_VER = 12 +PAK_VER = 13

DEPS =

@@ -51,7 +51,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 298a28bfdcb5791851392a0a8d1c301c528fa7f5eb239dfd9c5b6434c10ed90196fa1583d228ab0ef22e7b342cb9b1b65639b303b44b228ddca0d16bda54b437 +$(DL_FILE)_BLAKE2 = 3ad8b820d75fe82f0111a3042a5f26697c56a10b06c77abb55ce84ebd9c8c9867283a7682131633f67ea86a7a85f95f35b3eecc255a3b8de44ee0e242f4da44e

install : $(TARGET)

@@ -85,20 +85,19 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --with-kernel-release=$(KVER)-ipfire \ - --without-ssl \ - --without-pam \ - --without-gtk2 \ - --without-gtkmm \ - --without-icu \ - --without-x \ - --with-linuxdir=/usr/src/linux \ - --without-kernel-modules \ - --disable-deploypkg \ - --without-xerces - + --prefix=/usr \ + --sysconfdir=/etc \ + --with-kernel-release=$(KVER)-ipfire \ + --without-ssl \ + --without-pam \ + --without-gtk2 \ + --without-gtkmm \ + --without-icu \ + --without-x \ + --with-linuxdir=/usr/src/linux \ + --without-kernel-modules \ + --disable-deploypkg \ + --without-xerces cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install

-- 2.48.1

Adolf Belka

12:43 p.m.

New subject: [PATCH] pango: Update to version 1.56.1

- Update from version 1.54.0 to 1.56.1 - Update of rootfile - Changelog 1.56.1 - Avoid criticals when there are no fonts - fontconfig: Handle lack of FC_FONT_WRAPPER in font cache - fontconfig: Prefer application fonts even if they are older 1.56.0 - Support setting font features in font descriptions - serialization: Document the tab array format - serialization: Accept attributes without range - win32: Improve the pango_font_map_reload_implementation - win32: Take variations into account for caching - layout: Fix measuring ellipsis runs with shapes - build: Require C11 - build: Require GLib 2.80 - build: Require cairo 1.18 1.55 - Support Unicode 16 - Add pango_font_map_add_font_file - fontconfig: Reject patterns without FC_FILE - coretext: Actually use .AppleSystemUIFont - coretext: Keep track of variations - win32: Use font options for caching - win32: Keep variations in PangoWin32Font - build: Require harfbuzz 8.4.0 - build: Require fontconfig 2.15 - build: Require meson 1.2.0 - build: Require Window 10

Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/pango | 7 +++---- lfs/pango | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/config/rootfiles/common/pango b/config/rootfiles/common/pango index 26f46eeea..54d838a77 100644 --- a/config/rootfiles/common/pango +++ b/config/rootfiles/common/pango @@ -41,16 +41,15 @@ usr/bin/pango-view #usr/include/pango-1.0/pango/pangoft2.h #usr/lib/libpango-1.0.so usr/lib/libpango-1.0.so.0 -usr/lib/libpango-1.0.so.0.5400.0 +usr/lib/libpango-1.0.so.0.5600.1 #usr/lib/libpangocairo-1.0.so usr/lib/libpangocairo-1.0.so.0 -usr/lib/libpangocairo-1.0.so.0.5400.0 +usr/lib/libpangocairo-1.0.so.0.5600.1 #usr/lib/libpangoft2-1.0.so usr/lib/libpangoft2-1.0.so.0 -usr/lib/libpangoft2-1.0.so.0.5400.0 +usr/lib/libpangoft2-1.0.so.0.5600.1 #usr/lib/pkgconfig/pango.pc #usr/lib/pkgconfig/pangocairo.pc #usr/lib/pkgconfig/pangofc.pc #usr/lib/pkgconfig/pangoft2.pc #usr/lib/pkgconfig/pangoot.pc -#usr/share/man/man1/pango-view.1 diff --git a/lfs/pango b/lfs/pango index cf0573515..7bf2a1026 100644 --- a/lfs/pango +++ b/lfs/pango @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 1.54.0 +VER = 1.56.1

# https://download.gnome.org/sources/pango/

@@ -42,7 +42,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_BLAKE2 = 92c389ab3f21631c245575e30804ffee6fef7b60bc6acdf08159aa325d878cf335203267720aec9143ea2a4e590578424cd64011f73da22e1b0beca85e85a276 +$(DL_FILE)_BLAKE2 = a22d8113ecbe1f076ff15ea9fa231897bc1275c45c8c9ba74635ec0b030d7e59acbdd25d52ff9d5a9ef83e1e4d8a56cf84ae3fdc19b028ff6ef1017eb82924c3

install : $(TARGET)

-- 2.48.1

Age (days ago)

Last active (days ago)

development@lists.ipfire.org

11 comments

1 participants

tags (0)

participants (1)

Adolf Belka