This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core172 has been created at 9ea8de7c39ee35d6fcabc3bfca4a7754344e6610 (commit)
- Log ----------------------------------------------------------------- commit 9ea8de7c39ee35d6fcabc3bfca4a7754344e6610 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 17 14:48:00 2022 +0000
Revert "lsof: Update to version 4.96.4"
This reverts commit 80274cc875304fa2c1e83b9e25ca8cbcb9805e33.
See: #13015 Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit bbbb0b9e01d342a5a5b4db14a37641a427786844 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 17 14:46:32 2022 +0000
backup(.pl): Replace OpenVPN DH parameter with ffdhe4096
This ensures restoring a backup won't silently bring back an insecure Diffie-Hellman parameter (which could also not be inspected through the web interface anymore).
Reported-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ee7944fe32e49c73abcaeb2509c1f1630b645b32 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 17 14:44:49 2022 +0000
Core Updatr 172: Properly replace DH parameter in /var/ipfire/ovpn/n2nconf/*/*.conf
https://lists.ipfire.org/pipermail/development/2022-December/015001.html
Reported-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 6619aed611693d4bca7c009867c838b2fbaf85ac Author: Peter Müller peter.mueller@ipfire.org Date: Tue Dec 13 15:27:30 2022 +0000
Revert "openvpn-authenticator: Avoid infinite loop when losing socket connection"
This reverts commit 92a9ce54bc63ebea153fc46365a1aa299856fbbe.
commit 6d4110d214cd2b7bae59a560f01a3ed3501a98c8 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Dec 13 15:26:45 2022 +0000
Revert "openvpn-authenticator: Break read loop when daemon goes away"
This reverts commit 7ec3664c320707b51407fce854e19b6254eb4836.
commit 4acb701b84f2f6a950e0d03d8e2234018bacb9df Author: Peter Müller peter.mueller@ipfire.org Date: Sun Dec 11 11:57:34 2022 +0000
Tor: Update to 0.4.7.12
Full changelog:
Changes in version 0.4.7.12 - 2022-12-06 This version contains a major change that is a new key for moria1. Also, new metrics are exported on the MetricsPort for the congestion control subsystem.
o Directory authority changes (moria1): - Rotate the relay identity key and v3 identity key for moria1. They have been online for more than a decade and refreshing keys periodically is good practice. Advertise new ports too, to avoid confusion. Closes ticket 40722.
o Minor feature (Congestion control metrics): - Add additional metricsport relay metrics for congestion control. Closes ticket 40724.
o Minor features (fallbackdir): - Regenerate fallback directories generated on December 06, 2022.
o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/12/06.
o Minor bugfixes (cpuworker, relay): - Fix an off by one overload calculation on the number of CPUs being used by our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 7ec3664c320707b51407fce854e19b6254eb4836 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 6 10:01:44 2022 +0000
openvpn-authenticator: Break read loop when daemon goes away
Fixes: #12963 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Tested-by: Adolf Belka adolf.belka@ipfire.org
commit d7618ccba8ba312916593e6ebbadee1d90575c0f Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 6 10:01:43 2022 +0000
openvpn-authenticator: Drop some dead code
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Tested-by: Adolf Belka adolf.belka@ipfire.org
commit 92a9ce54bc63ebea153fc46365a1aa299856fbbe Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 6 10:01:42 2022 +0000
openvpn-authenticator: Avoid infinite loop when losing socket connection
This patch will gracefully terminate the daemon when it loses its connection to the OpenVPN daemon.
Fixes: #12963 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Tested-by: Adolf Belka adolf.belka@ipfire.org
commit 9e7d4102b84c17e7f743e0c8ce6aae92ae0d53d8 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Dec 5 09:40:15 2022 +0100
Language files update:
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 19a417c2a10df279b2aa0e0644838bf892410a07 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Dec 5 09:40:14 2022 +0100
ovpnmain.cgi: Fix for bug in WUI menu on CU172 Testing
- On CU172 Testing Build: master/eb9e29f9 when selecting the OpenVPN menu it showed the Diffie-Hellman info and pressing back took you to the same DH page. - Tested patch suggestion from Erik on vm testbed and confirmed that it worked.
Suggested-by: Erik Kapfer erik.kapfer@ipfire.org Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e9062718d1247375422920a7d69ca8fd00b8b949 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 6 10:07:19 2022 +0000
Revert "Core Update 172: Remove powertop add-on, if installed"
This reverts commit d3a4fcc7097a3df6e45f4d2b15960ccb61f0152f.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7a22b050fa84ffef05dff3b145282ecfbfea9734 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Dec 6 10:05:47 2022 +0000
Revert "Drop powertop"
This reverts commit f7b0247e02ed5af880f03932807d039ef9008d91.
https://community.ipfire.org/t/will-the-powertop-add-on-be-available-in-futu...
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit eb9e29f9a742d5472180371b99c2e17b966852f1 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 3 11:57:18 2022 +0100
Core Update 172: Extract files before removing any
Note to self: Also do this in further Core Updates.
Suggested-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 41dfd30c9a34faeff8d8cd549e5583ad2919ce4f Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 3 11:39:25 2022 +0100
Core Update 172: Do not delete liblzma.so.5.2.5
Again, xz currently present on an IPFire machine is linked against this. Thus, deleting this file causes the unpack routine to fail, which is why we should have never deleted it in the first place.
Reported-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ebcb8d53c440d0454a14514d5284ce32770e8025 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 3 11:38:58 2022 +0100
Core Update 172: Ship packages that miss dependencies
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit dc9f7554c13ebdadb45f27c8f38f14b9d16468d2 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Dec 2 17:43:04 2022 +0100
Core Update 172: Zut alors, keep libhistory.so.8.1 around as well
My fault, again. :-/
Reported-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a3e3e6c3d1c61e59f83aebc030e430014b10a796 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Dec 2 09:56:49 2022 +0100
Core Update 172: Do not delete libreadline.so.8.1
Doing so causes the shell in which the update script is currently executed to crash before extracting files, which results in a completely broken system.
See also: https://community.ipfire.org/t/core-172-testing-fails/9002/1
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 509bde09ae1277a948d18605bd51fd01e5a5bf2b Author: Peter Müller peter.mueller@ipfire.org Date: Thu Dec 1 18:01:28 2022 +0100
Core Update 172: Ship ca-certificates
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8d1f604b4a635f3fc4d62283cd262cd21d5a1765 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Dec 1 10:46:57 2022 +0100
ca-certificates: Remove TrustCor Systems root CAs
On November 30, 2022, Mozilla decided to take the following actions as a response to the concerns raised about the merits of this root CA operator (excerpt taken from https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/...):
> 1. Set "Distrust for TLS After Date" and "Distrust for S/MIME > After Date" to November 30, 2022, for the 3 TrustCor root > certificates (TrustCor RootCert CA-1, TrustCor ECA-1, > TrustCor RootCert CA-2) that are currently included in > Mozilla's root store. > > 2. Remove those root certificates from Mozilla's root store > after the existing end-entity TLS certificates have expired.
As far as the latter is concerned, the offending certificates have these expiry dates set: - TrustCor RootCert CA-1: Mon, 31 Dec 2029 17:23:16 GMT - TrustCor RootCert CA-2: Sun, 31 Dec 2034 17:26:39 GMT - TrustCor ECA-1: Mon, 31 Dec 2029 17:28:07 GMT
The way IPFire 2 currently processes Mozilla's trust store does not feature a way of incorporate a "Distrust for XYZ After Date" attribute. This means that despite TrustCor Systems root CAs are no longer trusted by browsers using Mozilla's trust store, IPFire would still accept certificates directly or indirectly issued by this CA until December 2029 or December 2034.
To protect IPFire users, this patch therefore suggests to patch our copy of Mozilla's trust store in order to remove TrustCor Systems' root CAs: The vast majority of HTTPS connections established from an IPFire machine take place in a non-interactive context, so there is no security benefit from a "Distrust After Date" information. Instead, if we do not want IPFire installations to trust this CA, we have no other option other than remove it unilaterally from our copy of Mozilla's trust store.
See also: https://lists.ipfire.org/pipermail/development/2022-November/014681.html
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 1e83347070b96f08ca22c0a40db9a423e371edbe Author: Jon Murphy jon.murphy@ipfire.org Date: Tue Nov 29 19:10:00 2022 -0600
Language files update: Fix for bug 13007
- Update en.pl, it.pl, pl.pl, and ru.pl to replace "e-mail: ipfire@foo.org" with "email: ipfire@foo.org"
Signed-off-by: Jon Murphy jon.murphy@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 986d1bca1118c1bee96758a7241ba95e14fa56a0 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 17:23:29 2022 +0100
samba: Update aarch64 rootfile
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 78e0fef411974834040b6f668560b0ddd4aee63f Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 14:41:00 2022 +0100
Core Update 172: Ship and restart Suricata
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2b990133770045bb8ef3a081ad27b8a0813ac24e Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 14:38:49 2022 +0100
libhtp: Update to 0.5.42
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 959fe5103b4c72725476657d9e5f42f3abc2f534 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 14:32:57 2022 +0100
suricata: Update to 6.0.9
Full changelog:
Security #5710: smb: crash inside of streaming buffer Grow() (6.0.x backport) Security #5694: smtp/base64: crash / memory corruption (6.0.x backport) Security #5688: decoder/tunnel: tunnel depth not limited properly (6.0.x backport) Security #5600: ips: encapsulated packet logged as dropped, but not actually dropped (6.0.x backport) Bug #5715: smb: file not tracked on smb2 async (6.0.x backport) Bug #5714: SMB2 async responses are not matched with its request (6.0.x backport) Bug #5709: HTTP/2 decompression bug (6.0.x backport) Bug #5696: Integer overflow at dcerpc.rs:846 (6.0.x backport) Bug #5695: readthedocs: not showing pdf download option for recent versions (6.0.x backport) Bug #5683: FlowSwapFileFlags function is incorrect (6.0.x backport) Bug #5635: track by_rule|by_both incorrectly rejected for global thresholds (6.0.x backport) Bug #5633: Pass rules on 6.0.8 are generating alert events when passing tunneled traffic Bug #5608: base64: skip over all invalid characters for RFC 2045 mode (6.0.x backport) Bug #5607: base64_decode does not populate base64_data buffer once hitting non-base64 chars (6.0.x backport) Bug #5602: dcerpc: rust integer underflow (6.0.x backport) Bug #5599: eve: mac address logging for packet records reverses direction (6.0.x backport) Bug #5598: detect/tag: timeout handling issues on windows (6.0.x backport) Bug #5594: ips/tap: in layer 2 ips/tap setups, warn that mixed usage of ips and tap will be removed in 8.0 (6.0.x backport) Bug #4883: Netmap configuration -- need a configuration option for non-standard library locations (6.0.x backport) Feature #5478: Support for RFC2231 (6.0.x backport) Task #5698: libhtp 0.5.42 Task #5570: transversal: update references to suricata webpage version 2 (backport 6.0.x) Task #4852: netmap: new API version (14) supports multi-ring software mode (6.0.x backport)
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 73955514ac319aa4758cdfc56467f2ba47b66935 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 18:24:55 2022 +0100
shairport-sync: ship package due to new ffmpeg version
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 96f000490bca314e36788e05cfcb0075310d3382 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 18:24:54 2022 +0100
mpd: ship package due to new ffmpeg version
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit fab147214ff98593c02a16081fd8aee9ddca804b Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 18:24:53 2022 +0100
minidlna: ship package due to new ffmpeg version
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 08c5fc0a6757d890deafa41bde349b36034a63e7 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 18:38:25 2022 +0100
flac: Update to version 1.4.2
- Update from version 1.3.3 to 1.4.2 - Update of rootfile - several libraries with so bump. Checked with find-dependencies - nothing flagged - Changelog This changelog is not exhaustive, review [the git commit log (https://github.com/xiph/flac/commits) for an exhaustive list of changes. ## FLAC 1.4.2 (22-Oct-2022) Once again, this release only has a few changes. A problem with FLAC playback in GStreamer (and possibly other libFLAC users) was the reason for the short time since the last release * General * Remove xmms plugin (Martijn van Beurden, TokyoBlackHole) * Remove all pure assembler, removing build dependency on nasm * Made console output more uniform across different platforms and CPUs * Improve ability to tune compile for a certain system (for example with -march=native) when combining with --disable-asm-optimizations: plain C functions can now be better optimized * Build system * Default CFLAGS are now prepended instead of dropped when user CFLAGS are set * -msse2 is no longer added by default (was only applicable to x86) * Fix cross-compiling and out-of-tree building when pandoc and doxygen are not available * Fix issue with Clang not compiling functions with intrinsics * Fix detection of bswap intrinsics (Ozkan Sezer) * Improve search for libssp on MinGW (Ozkan Sezer, Martijn van Beurden) * libFLAC * Fix issue when the libFLAC user seeks in a file instead of libFLAC itself ## FLAC 1.4.1 (22-Sep-2022) This release only has a few changes. It was triggered by a problem in the 1.4.0 tarball: man pages were empty and api documentation missing * CMake fixes (Tomasz Kłoczko) * Add checks that man pages and api docs end up in tarball * Enable installation of prebuilt man pages and api docs * Fix compiler warnings (Johannes Kauffmann, Ozkan Sezer) * Fix format specifier (manxorist) * Enable building on Universal Windows Platform (Steve Lhomme) * Fix versioning from git ## FLAC 1.4.0 (09-Sep-2022) As there have been changes to the library interfaces, the libFLAC version number is incremented to 12, the libFLAC++ version number is incremented to 10. As some changes were breaking, the version age numbers (see [libtool versioning](https://www.gnu.org/software/libtool/manual/libtool.html#Libtool-versioning)) have been reset to 0. For more details on the changes to the API, see the [porting guide](https://xiph.org/flac/api/group__porting__1__3__4__to__1__4__0.html). The XMMS plugin and 'common' plugin code (used only by the XMMS plugin) are deprecated, they will be removed in a future release. * General: * It is now possible to limit the minimum bitrate of a FLAC file generated by libFLAC and with the `flac` tool to 1 bit/sample. This function can be used to aid live streaming, for example for internet radio * Encoding files with sample rates up to 1'048'575Hz is now possible. (Con Kolivas) * Compression of preset -3 through -8 was slightly improved at the cost of a small decrease in encoding speed by increasing the precision with which autocorrelation was calculated (Martijn van Beurden) * Encoding speed of preset -0, -1 and -2 was slightly improved * Compression of presets -1 and -4 was slighly improved on certain material by changing the adaptive mid-side heuristics * Speedups specifically targeting 64-bit ARMv8 devices using NEON were integrated (Ronen Gvili, Martijn van Beurden) * Speedups for x86_64 CPUs having the FMA instruction set extention are added * Encoding and decoding of 32-bit PCM is now possible * (Ogg) FLAC format: * The FLAC format document is being rewritten by the IETF CELLAR working group. The latest draft can be found on [https://datatracker.ietf.org/doc/draft-ietf-cellar-flac/%5D(https://datatrac...) * The FLAC format document specifies no bounds for the residual. In other to match current decoder implementations, it is proposed to bound the residual to the range provided by a 32-bit int signed two's complement. This limit must be checked by FLAC encoders as to keep FLAC decoders free from the complexity of being to decode a residual exceeding a 32-bit int. * There is now a set of files available to test whether a FLAC decoder implements the format correctly. This FLAC decoder testbench can be found at [https://github.com/ietf-wg-cellar/flac-test-files%5D(https://github.com/ietf...). Also, results of testing hard- and software can be found here at [https://wiki.hydrogenaud.io/index.php?title=FLAC_decoder_testbench%5D(https:...). * flac: * The option --limit-min-bitrate was added to aid streaming, see [github #264](https://github.com/xiph/flac/pull/264) * The option --keep-foreign-metadata-if-present is added. This option works the same as --keep-foreign-metadata, but does return a warning instead of an error if no foreign metadata was found to store or restore * The warning returned by the foreign metadata handling is now clearer in case a user tries to restore foreign metadata of the wrong type, for example decoding a FLAC file containing AIFF foreign metadata to a WAV file * A problem when using the analyse function causing the first frame to have a wrong size and offset was fixed * Fix bug where channel mask of a file is unintentionally reused when several files are processed with one command * The order of compression-related commands is no longer important, i.e. -8ep gives the same result as -ep8. Previously, a compression level (like -8) would override a more specific setting (like -e or -p). This is no longer the case * flac now checks the block-align property of WAV files to ensure non-standard WAV files (for which flac has no handling) are not mangled * metaflac: * (none) * build system: * MSVC and Makefile.lite build system files have been removed. Building with MSVC (Visual Studio) can be done by using CMake * Various CMake improvements, especially for creating MSVC build files (Martijn van Beurden, martinRenou, CookiePLMonster, David Callu, Tyler Dunn, Cameron Cawley) * Various fixes for MinGW (Martijn van Beurden, Cameron Cawley) * Removed obsolete autotools macro's to silence warnings * Fixes for FreeBSD PowerPC (pkubaj) * Fixed some compiler warnings (Martijn van Beurden, Tyler Dunn) * Fix building with uclibc (Fabrice Fontaine) * testing/validation: * Addition of new encoder fuzzer, adding fuzzing for 8, 24 and 32-bit inputs * Addition of new decoder fuzzer, adding coverage of seeking code * Addition of metadata fuzzer, adding coverage of metadata APIs * Various improvements to fuzzers to improve code coverage, fuzzing speed and stability * Many changes to test suite to improve cross-platform compatibility (Rosen Penev) * Windows CI now also builds the whole test suite * Clang-format file added (Rosen Penev) * Add warning on using v141_xp platform toolset with /MT (Martijn van Beurden, Paul Sanders) * libraries: * Various seeking fixes (Martijn van Beurden, Robert Kausch) * Various bugs fixed found by fuzzing * On decoding, it is now checked whether residuals can be contained by a 32-bit int, preventing integer overflow * Add check that samples supplied to libFLAC actually fall within the bps set * Add checks when parsing metadata blocks to not allocate excessive amounts of memory and not overread * Undocumented Windows-only utf8 functions are no longer exported to the DLL interface * Removed all assembler and intrinsics code from the decoder to improve fuzzing, as they provided only a small speed benefit * The bitwriter buffer is limited in size to 2^24 bytes, so it cannot write excessively large files. This is a backup in case another bug in this area creeps (back) in. * The metadata iterations should now never return a vorbiscomment entry with NULL as an entry, now always at least an empty string is returned * documentation: * Removed html documentation and generate man pages from markdown * Interface changes: * libFLAC: * Addition of FLAC__stream_encoder_set_limit_min_bitrate() and FLAC__stream_encoder_get_limit_min_bitrate(), see [github #264](https://github.com/xiph/flac/pull/264) * get_client_data_from_decoder is renamed FLAC__get_decoder_client_data(), see [github #124](https://github.com/xiph/flac/pull/124) * All API functions taking a filename as an argument now take UTF-8 filenames on Windows, and no longer accept filenames using the current codepage * FLAC__Frame struct has changed: warmup samples are now stored in FLAC__int64 instead of FLAC__int32 types, and verbatim samples can now be stored in either FLAC__int32 or FLAC__int64 depending on whether samples fix the former or latter * The FLAC__StreamMetadata struct now has a tag, so it can be forward declared * libFLAC++: * Addition of ::set_limit_min_bitrate() and ::get_limit_min_bitrate(), see [github #264](https://github.com/xiph/flac/pull/264) * All API functions taking a filename as an argument now take UTF-8 filenames on Windows, and no longer accept filenames using the current codepage * The ::FLAC__Frame struct has changed, see the libFLAC interface change. ## FLAC 1.3.4 (20-Feb-2022) This release mostly fixes (security related) bugs. When building with MSVC, using CMake is preferred, see the README under "Building with CMake" for more information. Building with MSVC using solution files is deprecated and these files will be removed in the future. As there have been no changes to the library interfaces, the libFLAC version number remains 11, and libFLAC++ version number remains 9. * General: * Fix 12 decoder bugs found by oss-fuzz, including CVE-2020-0499 (erikd, Martijn van Beurden) * Fix encoder bug CVE-2021-0561 (NeelkamalSemwal) * Integrate oss-fuzzers (erikd, Guido Vranken) * Seeking fixes (NeelkamalSemwal, Robert Kausch) * Various fixes and improvements (Andrei Astafev, Rosen Penev, Håkan Kvist, oreo639, erikd, Tamás Zahola, Ulrik Mikaelsson, Tyler Dunn, tmkk) * FLAC format: * (none) * Ogg FLAC format: * (none) * flac: * Various fixes and improvements (Andrei Astafev, Martijn van Beurden) * metaflac: * (none) * build system: * CMake improvements (evpobr, Vitaliy Kirsanov, erikd, Ozkan Sezer, Tyler Dunn, tg-m DeadSix27, ericLemanissier, Chocobo1). * Fixes for MinGW and MSVC (Ozkan Sezer). * Fix for clang (Ozkan Sezer) * Fix for PowerPC (Peter Seiderer, Thomas BERNARD) * Fix for FreeBSD PowerPC (pkubaj). * testing/validation: * Add Windows target to CI, improve logging (Ralph Giles) * CI improvements (Ralph Giles, Ewout ter Hoeven) * documentation: * Doxygen fixes (Tyler Dunn) * Fix typos (Tim Gates, maxz) * Interface changes: * libFLAC: * (none) * libFLAC++: * (none)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 1985774f80b285b26e1bc6264e8e8724fc7afb91 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 14:24:15 2022 +0100
make.sh: Update check for static linked qemu files
- In Arch Linux the file -L command comes up with "static-pie linked" instead of "statically linked" - This patch makes the grep look for either one of those strings.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit dc3a5d19aca2ca1c4804ae24d7b6a5f680b7f080 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 13:43:08 2022 +0100
Core Update 172: Ship sysstat
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8005b23bc4fd1d6a6225b67718330a5c3471893a Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 14:24:00 2022 +0100
sysstat: Update to version 12.7.1
- Update from version 12.5.4 to 12.7.1 - Update of rootfile - Changelog 2022/11/06: Version 12.7.1: Fix possible overflow in sa_common.c (GHSL-2022-074) [12.6.1]. sadf: Add support for option -t with SVG output to make it possible to display timestamps in the same locale as that of the file creator. sadf: Print timezone instead of UTC in true time mode. Timezone is also displayed in local time. sadf: PCP: Fix timestamps written to PCP archive file. sar: Add new environment variable S_REPEAT_HEADER. pidstat: Return exit code of the process that was monitored with option -e. mpstat: Add option -H to handle vCPU physical hotplug. Add local, xlocal and debug targets to iconfig script. Turn off gcc's tree-slp-vectorize option which was making sadf crash in some situations. sa_conv.c: Make size of statistics structures from older sysstat versions immutable [12.6.1]. [Bernhard M. Wiedemann]: Declare sadc dependency on libsyscom.a [12.6.1]. [Steve Kay]: Fix gcc v11.2 warnings [12.6.1]. [Steve Kay]: Various cosmetic fixes [12.6.1]. [Jan Christoph Uhde]: sar: Remove `-I int_list` from man-page and help [12.6.1]. [Frank Dana]: Consolidate systemctl commands in README file [12.6.1]. [Rong Tao]: Remove whitespace characters at the end of lines [12.6.1]. Update configure file to deal with newer autoconf version. configure.in file is renamed to configure.ac. Update DTD and XSD documents. sar and sysstat manual pages updated. NLS updated. Add new Georgian translation. Non regression tests updated. 2022/05/29: Version 12.6.0: sar: Fix maximum value for A_IRQ activity. sar/sadf: A_NET_SOFT: Add new metric softnet network backlog. sadc: A_NET_SOFT: Use CPU id from /proc/net/softnet_stat. Update DTD and XSD documents (softnet backlog). [Chris Bagwell]: sar/sadf: Convert 64-bit time value to time_t as needed. sadf: Add basic colorization to sadf's output. sadf: Add sanity checks on values read from file. sadf: PCP: Fix multiple metrics name problems. sa_common.c: Remove unneeded variable assignment. [Lukáš Zaoral]: Take into account LDFLAGS passer to configure script. Various janitorial fixes and updated. Update FAQ. Update sar manual page. Update NLS translations. Update non regression tests. 2022/02/28: Version 12.5.6: sar/sadc: Rewrite code used to collect and display interrupts statistics. Statistics are now collected from /proc/interrupts (instead of /proc/stat) and are displayed for each installed CPU. sar/sadf: Add new "--int=" option to enter a list of interrupts on the command line. sadf: Update the various output formats to deal with the new per-CPU interrupts statistics. Update DTD and XSD documents. CPU elements may be non-existent when all selected CPU are offline. Update sar and sadf manual pages. mpstat: Create its own function to read the total number of interrupts from /proc/stat file. mpstat: Remove unneeded "aligned" attribute from struct stats_irqcpu definition. sar: Fix index value used in online_cpu_bitmap array. sar/sadf: Make sure that datafiles with unknown activities can be read by sar and sadf [12.4.5]. sar/sadf: Don't reallocate buffers for activities not present in file [12.4.5]. sar: Make sure that all buffers are copied in copy_structures() function [12.4.5]. PCP: Fix flow_limit_count metric's unit (A_NET_SOFT activity). PCP: Fix instance names for getattr call (A_NET_NFS(D) activities). Use sizeof() macro instead of hard-coded values with snprintf() functions. rndr_stats.c: Use NOVAL instead of NULL as last argument for cons() function. Use strings definitions whenever possible. Add new non regression tests. Update some existing ones. Various cosmetic fixes. 2021/12/05: Version 12.5.5: iostat: Add --compact option. iostat: Always display persistent names with option -j [12.4.4]. iostat: Fix how device mapper names are taken into account when entered on the command line [12.4.4]. iostat: Update manual page. mpstat: Don't display offline CPU [12.4.4]. mpstat: Fix values displayed when an offline CPU goes back online [12.4.4]. mpstat: Fix untrusted loop bound [12.4.4]. mpstat: Update non regression tests [12.4.4]. sar: Tell the user to convert the file when needed. sadc: Reuse count results for sub-items. [Ville Skyttä]: Use `grep -E` instead of deprecated `egrep` [12.4.4]. [Ville Skyttä]: Spelling and grammar fixes [12.4.4]. Update FAQ. [Nathan Naze]: Update man pages with correct spelling of "JavaScript" [12.4.4]. Update non regression tests.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 28c939b78f0a282bc2389e127edf9f898284940a Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 14:23:49 2022 +0100
samba: Update to version 4.17.3
- Update from version 4.17.0 to 4.17.3 - Update of rootfile (x86_64) - other architectures will need to be adjusted. - Changelog Release Notes for Samba 4.17.3 This is a security release in order to address the following defects: o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap. https://www.samba.org/samba/security/CVE-2022-42898.html o Joseph Sutton josephsutton@catalyst.net.nz * BUG 15203: CVE-2022-42898 o Nicolas Williams nico@twosigma.com * BUG 15203: CVE-2022-42898 Release Notes for Samba 4.17.2 This is a security release in order to address the following defects: o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal (included in Samba). https://www.samba.org/samba/security/CVE-2022-3437.html o CVE-2022-3592: A malicious client can use a symlink to escape the exported directory. https://www.samba.org/samba/security/CVE-2022-3592.html o Volker Lendecke vl@samba.org * BUG 15207: CVE-2022-3592. o Joseph Sutton josephsutton@catalyst.net.nz * BUG 15134: CVE-2022-3437. Release Notes for Samba 4.17.1 o Jeremy Allison jra@samba.org * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. * BUG 15174: smbXsrv_connection_shutdown_send result leaked. * BUG 15182: Flush on a named stream never completes. * BUG 15195: Permission denied calling SMBC_getatr when file not exists. o Douglas Bagnall douglas.bagnall@catalyst.net.nz * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. * BUG 15191: pytest: add file removal helpers for TestCaseInTempDir. o Andrew Bartlett abartlet@samba.org * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. * BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later. over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC. o Ralph Boehme slow@samba.org * BUG 15182: Flush on a named stream never completes. o Volker Lendecke vl@samba.org * BUG 15151: vfs_gpfs silently garbles timestamps > year 2106. o Gary Lockyer gary@catalyst.net.nz * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically. o Stefan Metzmacher metze@samba.org * BUG 15200: multi-channel socket passing may hit a race if one of the involved processes already existed. * BUG 15201: memory leak on temporary of struct imessaging_post_state and struct tevent_immediate on struct imessaging_context (in rpcd_spoolss and maybe others). o Noel Power noel.power@suse.com * BUG 15205: Since popt1.19 various use after free errors using result of poptGetArg are now exposed. o Anoop C S anoopcs@samba.org * BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from vfs_glusterfs. o Andreas Schneider asn@samba.org * BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth. o Joseph Sutton josephsutton@catalyst.net.nz * BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented atomically.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit bf81d068067bd4369feb0bcc647effba50a22c0d Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 14:23:38 2022 +0100
rsync: Update to version 3.2.7
- Update from version 3.2.6 to 3.2.7 - Update of rootfile not required - Changelog # NEWS for rsync 3.2.7 (20 Oct 2022) ### BUG FIXES: - Fixed the client-side validating of the remote sender's filtering behavior. - More fixes for the "unrequested file-list name" name, including a copy of "/" with `--relative` enabled and a copy with a lot of related paths with `--relative` enabled (often derived from a `--files-from` list). - When rsync gets an unpack error on an ACL, mention the filename. - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if "use chroot" is false). ### ENHANCEMENTS: - Added negotiated daemon-auth support that allows a stronger checksum digest to be used to validate a user's login to the daemon. Added SHA512, SHA256, and SHA1 digests to MD5 & MD4. These new digests are at the highest priority in the new daemon-auth negotiation list. - Added support for the SHA1 digest in file checksums. While this tends to be overkill, it is available if someone really needs it. This overly-long checksum is at the lowest priority in the normal checksum negotiation list. See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` environment var for how to customize this. - Improved the xattr hash table to use a 64-bit key without slowing down the key's computation. This should make extra sure that a hash collision doesn't happen. - If the `--version` option is repeated (e.g. `-VV`) then the information is output in a (still readable) JSON format. Client side only. - The script `support/json-rsync-version` is available to get the JSON style version output from any rsync. The script accepts either text on stdin **or** an arg that specifies an rsync executable to run with a doubled `--version` option. If the text we get isn't already in JSON format, it is converted. Newer rsync versions will provide more complete json info than older rsync versions. Various tweaks are made to keep the flag names consistent across versions. - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset" so that rsync can use chroot when it works and a sanitized copy when chroot is not supported (e.g., for a non-root daemon). Explicitly setting the parameter to true or false (on or off) behaves the same way as before. - The `--fuzzy` option was optimized a bit to try to cut down on the amount of computations when considering a big pool of files. The simple heuristic from Kenneth Finnegan resuled in about a 2x speedup. - If rsync is forced to use protocol 29 or before (perhaps due to talking to an rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync now interprets this value as an unsigned integer so that a current year past 2038 can continue to be represented. This does mean that years prior to 1970 cannot be represented in an older protocol, but this trade-off seems like the right choice given that (1) 2038 is very rapidly approaching, and (2) newer protocols support a much wider range of old and new dates. - The rsync client now treats an empty destination arg as an error, just like it does for an empty source arg. This doesn't affect a `host:` arg (which is treated the same as `host:.`) since the arg is not completely empty. The use of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the prior behavior of treating an empty destination arg as a ".". ### PACKAGING RELATED: - The checksum code now uses openssl's EVP methods, which gets rid of various deprecation warnings and makes it easy to support more digest methods. On newer systems, the MD4 digest is marked as legacy in the openssl code, which makes openssl refuse to support it via EVP. You can choose to ignore this and allow rsync's MD4 code to be used for older rsync connections (when talking to an rsync prior to 3.0.0) or you can choose to configure rsync to tell openssl to enable legacy algorithms (see below). - A simple openssl config file is supplied that can be installed for rsync to use. If you install packaging/openssl-rsync.cnf to a public spot (such as `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the configured path in the OPENSSL_CONF environment variable (when the variable is not already set). This will enable openssl's MD4 code for rsync to use. - The packager may wish to include an explicit "use chroot = true" in the top section of their supplied /etc/rsyncd.conf file if the daemon is being installed to run as the root user (though rsync should behave the same even with the value unset, a little extra paranoia doesn't hurt). - I've noticed that some packagers haven't installed support/nameconvert for users to use in their chrooted rsync configs. Even if it is not installed as an executable script (to avoid a python3 dependency) it would be good to install it with the other rsync-related support scripts. - It would be good to add support/json-rsync-version to the list of installed support scripts.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit c2eb7f254cac0c6f079432f9e5ab1b2a72b82646 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 13:41:44 2022 +0100
Core Update 172: Ship poppler
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 47b5dd080a01c21c3f78e366624c5f2e644dc889 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 14:23:27 2022 +0100
poppler: Update to version 22.11.0
- Update from 22.04.0 to 22.11.0 - Update of rootfile - Changelog Release 22.11.0: core: * CairoOutputDev: Update font after restore * Protect against broken files * Small code refactoring Release 22.10.0: core: * SplashOutputDev::tilingPatternFill: Properly restore CTM on failure. Issue #1292 * Protect against malformed files * Refactor code to not use strndup * Other small code refactoring utils: * pdftoppm: Avoid round-off errors when determining raster dimensions * pdftocairo: Avoid round-off errors when determining raster dimensions * pdftotext: Simplify memory handling qt: * Take into account flagNoView when getting/setting the visible status. KDE bug #456313 build system: * Fix sed invocation Release 22.09.0: core: * Splash: Do not truncate line dash patterns with more than 20 entries. Issue #1281 * Various signature related improvements * Fix FormField::getFullyQualifiedName in some scenarios * Splash: Small optimization on dash pattern handling * JBIG2Stream::readHalftoneRegionSeg: Fix potential memory leak * Fix crashes on malformed files. Including CVE-2022-38784 * Fix string formatting in error reporting glib: * Fix two potential memory leaks in poppler_document_create_dests_tree utils: * pdfsig: List signature field names when listing signature information * pdfsig: Add support for specifying signature by field name * pdfunite: Fix crashes on malformed files * pdfunite: Fix potential memory leak of docs Release 22.08.0: core: * Fix rendering text on some forms * CairoOutputDev: Support Type3 charprocs having Resources * Fix crashes on malformed files Release 22.07.0: core: * Fix crash when filling in forms in some files. Issue #1258 * Fix first lines of Annotations sometimes being cut off. Issue #1246 * Signatures: Don't crash if the signature doesn't have a common name * CairoFontEngine: increment font_face reference when retrieving from the cache * Add ToUnicode support for lessorequalslant and greaterorequalslant glib: * Add support for stamp annotation build system: * Tweaks on how gperf is run Release 22.06.0: core: * Forms: Fix crash in forms with their own DR * Refactor CairoFontEngine caching * CairoOutputDev: preserve text color when drawing type 3 glyphs * Windows: font code simplification * Minor code improvements cpp: * Add missing header utils: * pdfattach: Assume filename is utf8 encoded * pdftohtml: Fix type 3 font size calculation Release 22.05.0: core: * Annotations: Make sure we embed fonts for the FreeText annots * Forms: Make sure we embedd fonts as needed * Signatures: Make sure we embed the needed fonts * CairoOutputDev: color type 3 fonts * fix two bugs in multiline find_text() * code improvements utils: * pdftotext: added TSV mode * HtmlOutputDev: don't use png.h cpp: * Use time_t for time * Add page_transition::durationReal qt: * Pass leftFontSize down to `FormWidgetSignature::signDocumentWithAppearence`
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit d1ade1d63f14c2095f0501ac2dc28882f54f45fe Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 14:23:14 2022 +0100
meson: Update to version 0.64.1
- Update from version 0.62.1 to 0.64.1 - Update of rootfile - Changelog is too long to include here. Details can be found at 0.63.0 https://mesonbuild.com/Release-notes-for-0-63-0.html 0.64.0 https://mesonbuild.com/Release-notes-for-0-64-0.html
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 9ee4dd21a95a9dc14adb574004c8a150936ab3cf Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 13:39:39 2022 +0100
Core Update 172: Ship lsof
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 80274cc875304fa2c1e83b9e25ca8cbcb9805e33 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 14:22:49 2022 +0100
lsof: Update to version 4.96.4
- Update from version 4.95.0 to 4.96.4 - Update of rootfile not required - bz2 version of source tarball is no longer provided. - Changelog 4.96.4 October 18, 2022 [FreeBSD] sys/files.h no longer needs _KERNEL defined to include it (bsdimp #256) docs: Describe fd number truncation in output (#261) 4.96.3 September 16, 2022 [FreeBSD] Fix kqueue compat for releases < 14 4.96.2 September 16, 2022 [FreeBSD] fix FreeBSD < 14 4.96.1 September 16, 2022 [FreeBSD] Unconditionally define HASKQUEUE (mjguzik) 4.96.0 September 16, 2022 [linux] fix hash functions used for finding local tcp/udp IPCs There were typos in the code calculating hash values. The typos might break the flatness of hashtables where the endpoint information about locally used tcp/udp was stored. Theoretically, this fix may improve the performance of lsof with [+|-]E option. Inspired by the issue #206 reported by Tomasz Kłoczko (@kloczek). Show copyright notice in --version output. [linux] compile with -Wall option [linux] Avoid some easy collissions for udp/udp6 sockets when hashing [linux] Changing the number of ipcbuckets to 4096 [darwin] fix build with -fno-common (Cfp redefinition) gcc-10 and llvm-11 changed the default from -fcommon to -fno-common: https://gcc.gnu.org/PR85678 As a result build fails as: duplicate symbol '_Cfp' in: ddev.o dfile.o Cfp is already explicitly defined in dstore.c. The change turns header definition into declaration. Provided by Sergei Trofimovich (@trofi) in #221. The same fix is applied to libproc backend by Jiajie Chen (@jiegec) in #226. [linux] Make build reproducible by checking SOURCE_DATE_EPOCH and considering LSOF_{HOST,LOGNAME,SYSINFO,USER} as "none" when it is set. Provided by Danilo Spinella in #217 [darwin] remove /usr/include prefix from include for Darwin 19+ The /usr/include path is missing since macOS Catalina. Fixes issue #234. Provided by Jiajie Chen in #235 [linux] obtain correct information of memory-mapped file. Provided by Teng Hu in #239 [FreeBSD] configure: suggest variable to set if FreeBSD sys not found submitted by @emaste Updated 00FAQ with lookup to open files via mountpoint Provided by Jacob Chapman in #240 [FreeBSD] modernize API usage and remove legacy FreeBSD releases Contributor DamjanJovanovic (#184) Ed Maste (#250, #251, #252), Warner Losh (#253)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit a0751fde7894fb1f352caab56be8720861ce1c34 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 13:37:45 2022 +0100
Core Update 172: Ship libtasn1 and libtiff
My fault, again. :-/
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 366cd034015c6b52f74a90e7cd293a2c05b6b3a1 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 29 13:31:55 2022 +0100
Core Update 172: Remove gnu-netcat addon
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a8b3a69b9dea078d216b0065b49889624736689e Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 18:24:21 2022 +0100
gnu-netcat: Removal of package
- gnu-netcat was last updated in 2004 and is not used as a dependency for any IPFire addon. - IPFire has ncat which is used as a dependency for ipfire-netboot, libshout, libvirt and squid. gnu-netcat not being required for libvcirt was confirmed by Jonatan. - nmap/ncat is being actively updated. - Based on the above this patch is removing gnu-netcat from IPFire.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 47c2e4c0aab69ff7f629e03d40e8e59f845ce3d3 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 28 18:24:36 2022 +0100
sdl2: Update to version 2.26.0
- Update from version 2.0.22 to 2.26.0 - Update of rootfile - Changelog 2.26.0: General: * Updated OpenGL headers to the latest API from The Khronos Group Inc. * Added SDL_GetWindowSizeInPixels() to get the window size in pixels, which may differ from the window coordinate size for windows with high-DPI support * Added simulated vsync synchronization for the software renderer * Added the mouse position to SDL_MouseWheelEvent * Added SDL_ResetHints() to reset all hints to their default values * Added SDL_GetJoystickGUIDInfo() to get device information encoded in a joystick GUID * Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360 to control whether the HIDAPI driver for XBox 360 controllers should be used * Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360_PLAYER_LED to control whether the player LEDs should be lit to indicate which player is associated with an Xbox 360 controller * Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360_WIRELESS to control whether the HIDAPI driver for XBox 360 wireless controllers should be used * Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_ONE to control whether the HIDAPI driver for XBox One controllers should be used * Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_ONE_HOME_LED to control the brightness of the XBox One guide button LED * Added support for PS3 controllers to the HIDAPI driver, enabled by default on macOS, controlled by the SDL_HINT_JOYSTICK_HIDAPI_PS3 hint * Added support for Nintendo Wii controllers to the HIDAPI driver, not enabled by default, controlled by the SDL_HINT_JOYSTICK_HIDAPI_WII hint * Added the hint SDL_HINT_JOYSTICK_HIDAPI_WII_PLAYER_LED to control whether the player LED should be lit on the Nintendo Wii controllers * Added the hint SDL_HINT_JOYSTICK_HIDAPI_VERTICAL_JOY_CONS to control whether Nintendo Switch Joy-Con controllers will be in vertical mode when using the HIDAPI driver * Added access to the individual left and right gyro sensors of the combined Joy-Cons controller * Added a microsecond timestamp to SDL_SensorEvent and SDL_ControllerSensorEvent, when the hardware provides that information * Added SDL_SensorGetDataWithTimestamp() and SDL_GameControllerGetSensorDataWithTimestamp() to retrieve the last sensor data with the associated microsecond timestamp * Added the hint SDL_HINT_HIDAPI_IGNORE_DEVICES to have the SDL HID API ignore specific devices * SDL_GetRevision() now includes more information about the SDL build, including the git commit hash if available Windows: * Added the hint SDL_HINT_MOUSE_RELATIVE_SYSTEM_SCALE to control whether the system mouse acceleration curve is used for relative mouse motion macOS: * Implemented vsync synchronization on macOS 12 Linux: * Added SDL_SetPrimarySelectionText(), SDL_GetPrimarySelectionText(), and SDL_HasPrimarySelectionText() to interact with the X11 primary selection clipboard * Added the hint SDL_HINT_VIDEO_WAYLAND_EMULATE_MOUSE_WARP to control whether mouse pointer warp emulation is enabled under Wayland Android: * Enabled IME soft keyboard input * Added version checking to make sure the SDL Java and C code are compatible 2.24.0: General: * New version numbering scheme, similar to GLib and Flatpak. * An even number in the minor version (second component) indicates a production-ready stable release such as 2.24.0, which would have been 2.0.24 under the old system. * The patchlevel (micro version, third component) indicates a bugfix-only update: for example, 2.24.1 would be a bugfix-only release to fix bugs in 2.24.0, without adding new features. * An odd number in the minor version indicates a prerelease such as 2.23.0. Stable distributions should not use these prereleases. * The patchlevel indicates successive prereleases, for example 2.23.1 and 2.23.2 would be prereleases during development of the SDL 2.24.0 stable release. * Added SDL_GetPointDisplayIndex() and SDL_GetRectDisplayIndex() to get the display associated with a point and rectangle in screen space * Added SDL_bsearch(), SDL_crc16(), and SDL_utf8strnlen() to the stdlib routines * Added SDL_CPUPauseInstruction() as a macro in SDL_atomic.h * Added SDL_size_mul_overflow() and SDL_size_add_overflow() for better size overflow protection * Added SDL_ResetHint() to reset a hint to the default value * Added SDL_ResetKeyboard() to reset SDL's internal keyboard state, generating key up events for all currently pressed keys * Added the hint SDL_HINT_MOUSE_RELATIVE_WARP_MOTION to control whether mouse warping generates motion events in relative mode. This hint defaults off. * Added the hint SDL_HINT_TRACKPAD_IS_TOUCH_ONLY to control whether trackpads are treated as touch devices or mice. By default touchpads are treated as mouse input. * The hint SDL_HINT_JOYSTICK_HIDAPI_JOY_CONS now defaults on * Added support for mini-gamepad mode for Nintendo Joy-Con controllers using the HIDAPI driver * Added the hint SDL_HINT_JOYSTICK_HIDAPI_COMBINE_JOY_CONS to control whether Joy-Con controllers are automatically merged into a unified gamepad when using the HIDAPI driver. This hint defaults on. * The hint SDL_HINT_JOYSTICK_HIDAPI_SWITCH_HOME_LED can be set to a floating point value to set the brightness of the Home LED on Nintendo Switch controllers * Added the hint SDL_HINT_JOYSTICK_HIDAPI_JOYCON_HOME_LED to set the Home LED brightness for the Nintendo Joy-Con controllers. By default the Home LED is not modified. * Added the hint SDL_HINT_JOYSTICK_HIDAPI_SWITCH_PLAYER_LED to control whether the player LED should be lit on the Nintendo Joy-Con controllers * Added support for Nintendo Online classic controllers using the HIDAPI driver * Added the hint SDL_HINT_JOYSTICK_HIDAPI_NINTENDO_CLASSIC to control whether the HIDAPI driver for Nintendo Online classic controllers should be used * Added support for the NVIDIA Shield Controller to the HIDAPI driver, supporting rumble and battery status * Added support for NVIDIA SHIELD controller to the HIDAPI driver, and a hint SDL_HINT_JOYSTICK_HIDAPI_SHIELD to control whether this is used * Added functions to get the platform dependent name for a joystick or game controller: * SDL_JoystickPathForIndex() * SDL_JoystickPath() * SDL_GameControllerPathForIndex() * SDL_GameControllerPath() * Added SDL_GameControllerGetFirmwareVersion() and SDL_JoystickGetFirmwareVersion(), currently implemented for DualSense(tm) Wireless Controllers using HIDAPI * Added SDL_JoystickAttachVirtualEx() for extended virtual controller support * Added joystick event SDL_JOYBATTERYUPDATED for when battery status changes * Added SDL_GUIDToString() and SDL_GUIDFromString() to convert between SDL GUID and string * Added SDL_HasLSX() and SDL_HasLASX() to detect LoongArch SIMD support * Added SDL_GetOriginalMemoryFunctions() * Added SDL_GetDefaultAudioInfo() to get the name and format of the default audio device, currently implemented for PipeWire, PulseAudio, WASAPI, and DirectSound * Added HIDAPI driver for the NVIDIA SHIELD controller (2017 model) to enable support for battery status and rumble * Added support for opening audio devices with 3 or 5 channels (2.1, 4.1). All channel counts from Mono to 7.1 are now supported. * Rewrote audio channel converters used by SDL_AudioCVT, based on the channel matrix coefficients used as the default for FAudio voices * SDL log messages are no longer limited to 4K and can be any length * Fixed a long-standing calling convention issue with dynapi affecting OpenWatcom or OS/2 builds Windows: * Added initial support for building for Windows and Xbox with Microsoft's Game Development Kit (GDK), see docs/README-gdk.md for details * Added a D3D12 renderer implementation and SDL_RenderGetD3D12Device() to retrieve the D3D12 device associated with it * Added the hint SDL_HINT_WINDOWS_DPI_AWARENESS to set whether the application is DPI-aware. This hint must be set before initializing the video subsystem * Added the hint SDL_HINT_WINDOWS_DPI_SCALING to control whether the SDL coordinates are in DPI-scaled points or pixels * Added the hint SDL_HINT_DIRECTINPUT_ENABLED to control whether the DirectInput driver should be used * Added support for SDL_GetAudioDeviceSpec to the DirectSound backend Linux: * Support for XVidMode has been removed, mode changes are only supported using the XRandR extension * Added the hint SDL_HINT_VIDEO_WAYLAND_MODE_EMULATION to control whether to expose a set of emulated modes in addition to the native resolution modes available on Wayland * Added the hint SDL_HINT_KMSDRM_DEVICE_INDEX to specify which KMSDRM device to use if the default is not desired * Added the hint SDL_HINT_LINUX_DIGITAL_HATS to control whether to treat hats as digital rather than checking to see if they may be analog * Added the hint SDL_HINT_LINUX_HAT_DEADZONES to control whether to use deadzones on analog hats macOS: * Bumped minimum OS deployment version to macOS 10.9 * Added SDL_GL_FLOATBUFFERS to allow Cocoa GL contexts to use EDR * Added the hint SDL_HINT_MAC_OPENGL_ASYNC_DISPATCH to control whether dispatching OpenGL context updates should block the dispatching thread until the main thread finishes processing. This hint defaults to blocking, which is the safer option on modern macOS.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 465995c33841a724169d8e8d5068cb735c0de3ed Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Nov 24 14:22:28 2022 +0100
es.pl: Update of Spanish Language file
- Update of Spanish language files provided by Roberto Peña. - ./make.sh lang run before this commit.
Suggested-by: Roberto Peña contacto@northsecure.es Signed-off-by: Adolf Belka adolf.belka@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org
commit 2e498d7403713fc8b40db4ca553f73b0e91f0b18 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Nov 27 16:53:18 2022 +0000
core172: add missing armv6 rootfile link for python3
this fix build of core172 for armv6.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 5de05890581d85f8959b0f6ee81b667436df7e03 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Nov 27 20:51:59 2022 +0000
python3-msgpack: update armv6 rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d7cb4f6535e224f6875c113b4739c2f919e87985 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 26 14:43:03 2022 +0100
liburcu: Update to version 0.13.2
- Update from version 0.13.0 to 0.13.2 - Update of rootfile - Changelog 2022-08-18 Userspace RCU 0.13.2 * Revert "Fix: remove type constness in URCU_FORCE_CAST's C++ version" * Fix: futex.h: include headers outside extern C * Fix: add missing unused attribute to _rcu_dereference * Fix: change method used by _rcu_dereference to strip type constness * Fix: remove type constness in URCU_FORCE_CAST's C++ version * Move extern "C" down in include/urcu/urcu-bp.h * fix: ifdef linux specific cpu count compat * Set git-review branch to stable-0.13 * fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id * Fix: revise obsolete command in README.md * Fix: workqueue: remove unused variable "ret" * Fix: urcu-qsbr: futex wait: handle spurious futex wakeups * Fix: urcu: futex wait: handle spurious futex wakeups * Fix: urcu-wait: futex wait: handle spurious futex wakeups * Fix: defer_rcu: futex wait: handle spurious futex wakeups * Fix: call_rcu: futex wait: handle spurious futex wakeups * Fix: workqueue: futex wait: handle spurious futex wakeups * Fix: Use %lu rather than %ld to print count 2022-01-05 Userspace RCU 0.13.1 * fix: properly detect 'cmpxchg' on x86-32 * fix: use urcu-tls compat with c++ compiler * fix: remove autoconf features default value in help message * fix: add missing pkgconfig file for memb flavour lib * Make temporary variable in _rcu_dereference non-const * Fix: x86 and s390: uatomic __hp() macro C++ support * Fix: x86 and s390: uatomic __hp() macro clang support * Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11 * Fix: changelog: v0.13.0 was released in 2021
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 8f591d729f209fc1d243a18850a9cd321212f2a4 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 28 13:17:07 2022 +0100
Core Update 172: Ship libtiff
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 194dd04102958403c130791fd4d1dda0de8c12a9 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 26 14:42:49 2022 +0100
libtiff: Update to version 4.4.0
- Update from version 4.3.0 to 4.4.0 - Update of rootfile - Changelog is too long to include here (~1000 lines). Details can be found in ChangeLog file in the source tarball. There are at least 31 bug closures in this release.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 05dd992b96c40e32c955223c93563f8651b237ae Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 28 13:10:37 2022 +0100
Core Update 172: Ship libtasn
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4bdb98bc2574dd3a5027d7bb33586cbef483594a Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 26 14:42:38 2022 +0100
libtasn1: Update to version 4.19.0
- Update from version 4.18.0 to 4.19.0 - Update of rootfile - Changelog * Noteworthy changes in release 4.19.0 (2022-08-23) [stable] - Clarify libtasn1.map license. Closes: #38. - Fix ETYPE_OK out of bounds read. Closes: #32. - Update gnulib files and various maintenance fixes.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 749537f0d7638ffa6e6c3b6ee082a82d3b5250cb Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 28 13:09:28 2022 +0100
Core Update 172: Ship iproute2
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4d9cdf1e4f67fa08221b350281879ccc63f71de5 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 26 14:42:22 2022 +0100
iproute2: Update to version 6.0.0
- Update from 5.19.0 to 6.0.0 - Update of rootfile - Changelog can only be obtained by reviewing the git commits from https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit a6dcf0addcec8944bf3f8ca6da4697a438deb32b Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 28 13:08:43 2022 +0100
Core Update 172: Ship iana-etc
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2ae0c4b7b4c48326b1c55910c35c084bee6996ce Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 26 14:42:11 2022 +0100
iana-etc: Update to version 20221107
- Update from version 20220414 to 20221107 - Update of rootfile not required - Update of iana protocols and services info
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 435dcefe08a8665152e58dcb09a3abd579b62437 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 26 14:41:59 2022 +0100
git: Update to version 2.38.1
- Update from version 2.37.1 to 2.38.1 - Update of rootfile - Changelog Git v2.38.1 Release Notes This release merges the security fix that appears in v2.30.6; see the release notes for that version for details. Git v2.38 Release Notes * "git remote show [-n] frotz" now pays attention to negative pathspec. * "git push" sometimes performs poorly when reachability bitmaps are used, even in a repository where other operations are helped by bitmaps. The push.useBitmaps configuration variable is introduced to allow disabling use of reachability bitmaps only for "git push". * "git grep -m<max-hits>" is a way to limit the hits shown per file. * "git merge-tree" learned a new mode where it takes two commits and computes a tree that would result in the merge commit, if the histories leading to these two commits were to be merged. * "git mv A B" in a sparsely populated working tree can be asked to move a path between directories that are "in cone" (i.e. expected to be materialized in the working tree) and "out of cone" (i.e. expected to be hidden). The handling of such cases has been improved. * Earlier, HTTP transport clients learned to tell the server side what locale they are in by sending Accept-Language HTTP header, but this was done only for some requests but not others. * Introduce a safe.barerepository configuration variable that allows users to forbid discovery of bare repositories. * Various messages that come from the pack-bitmap codepaths have been tweaked. * "git rebase -i" learns to update branches whose tip appear in the rebased range with "--update-refs" option. * "git ls-files" learns the "--format" option to tweak its output. * "git cat-file" learned an option to use the mailmap when showing commit and tag objects. * When "git merge" finds that it cannot perform a merge, it should restore the working tree to the state before the command was initiated, but in some corner cases it didn't. * Operating modes like "--batch" of "git cat-file" command learned to take NUL-terminated input, instead of one-item-per-line. * "git rm" has become more aware of the sparse-index feature. * "git rev-list --disk-usage" learned to take an optional value "human" to show the reported value in human-readable format, like "3.40MiB". * The "diagnose" feature to create a zip archive for diagnostic material has been lifted from "scalar" and made into a feature of "git bugreport". * The namespaces used by "log --decorate" from "refs/" hierarchy by default has been tightened. * "git rev-list --ancestry-path=C A..B" is a natural extension of "git rev-list A..B"; instead of choosing a subset of A..B to those that have ancestry relationship with A, it lets a subset with ancestry relationship with C. * "scalar" now enables built-in fsmonitor on enlisted repositories, when able. * The bash prompt (in contrib/) learned to optionally indicate when the index is unmerged. * "git clone" command learned the "--bundle-uri" option to coordinate with hosting sites the use of pre-prepared bundle files. * "git range-diff" learned to honor pathspec argument if given. * "git format-patch --from=<ident>" can be told to add an in-body "From:" line even for commits that are authored by the given <ident> with "--force-in-body-from" option. * The built-in fsmonitor refuses to work on a network mounted repositories; a configuration knob for users to override this has been introduced. * The "scalar" addition from Microsoft is now part of the core Git installation. * Collection of what is referenced by objects in promisor packs have been optimized to inspect these objects in the in-pack order. * Introduce a helper to see if a branch is already being worked on (hence should not be newly checked out in a working tree), which performs much better than the existing find_shared_symref() to replace many uses of the latter. * Teach "git archive" to (optionally and then by default) avoid spawning an external "gzip" process when creating ".tar.gz" (and ".tgz") archives. * Allow large objects read from a packstream to be streamed into a loose object file straight, without having to keep it in-core as a whole. * Further preparation to turn git-submodule.sh into a builtin continues. * Apply Coccinelle rule to turn raw memmove() into MOVE_ARRAY() cpp macro, which would improve maintainability and readability. * Teach "make all" to build gitweb as well. * Tweak tests so that they still work when the "git init" template did not create .git/info directory. * Add Coccinelle rules to detect the pattern of initializing and then finalizing a structure without using it in between at all, which happens after code restructuring and the compilers fail to recognize as an unused variable. * The code to convert between GPG trust level strings and internal constants we use to represent them have been cleaned up. * Support for libnettle as SHA256 implementation has been added. * The way "git multi-pack" uses parse-options API has been improved. * A Coccinelle rule (in contrib/) to encourage use of COPY_ARRAY macro has been improved. * API tweak to make it easier to run fuzz testing on commit-graph parser. * Omit fsync-related trace2 entries when their values are all zero. * The codepath to write multi-pack index has been taught to release a large chunk of memory that holds an array of objects in the packs, as soon as it is done with the array, to reduce memory consumption. * Add a level of redirection to array allocation API in xdiff part, to make it easier to share with the libgit2 project. * "git fetch" client logs the partial clone filter used in the trace2 output. * The "bundle URI" design gets documented. * The common ancestor negotiation exchange during a "git fetch" session now leaves trace log. * Test portability improvements. (merge 4d1d843be7 mt/rot13-in-c later to maint). * The "subcommand" mode is introduced to parse-options API and update the command line parser of Git commands with subcommands. * The pack bitmap file gained a bitmap-lookup table to speed up locating the necessary bitmap for a given commit. * The assembly version of SHA-1 implementation for PPC has been removed. * The server side that responds to "git fetch" and "git clone" request has been optimized by allowing it to send objects in its object store without recomputing and validating the object names. * Annotate function parameters that are not used (but cannot be removed for structural reasons), to prepare us to later compile with -Wunused warning turned on. * Share the text used to explain configuration variables used by "git <subcmd>" in "git help <subcmd>" with the text from "git help config". * "git mv A B" in a sparsely populated working tree can be asked to move a path from a directory that is "in cone" to another directory that is "out of cone". Handling of such a case has been improved. * The chainlint script for our tests has been revamped. * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't correctly record a removed file to the index, which was fixed. * Certain diff options are currently ignored when combined-diff is shown; mark them as incompatible with the feature. * Adjust technical/bitmap-format to be formatted by AsciiDoc, and add some missing information to the documentation. * Fixes for tests when the source directory has unusual characters in its path, e.g. whitespaces, double-quotes, etc. * "git mktree --missing" lazily fetched objects that are missing from the local object store, which was totally unnecessary for the purpose of creating the tree object(s) from its input. * Give _() markings to fatal/warning/usage: labels that are shown in front of these messages. * References to commands-to-be-typed-literally in "git rebase" documentation mark-up have been corrected. * In a non-bare repository, the behavior of Git when the core.worktree configuration variable points at a directory that has a repository as its subdirectory, regressed in Git 2.27 days. * Recent update to vimdiff layout code has been made more robust against different end-user vim settings. * Plug various memory leaks, both in the main code and in test-tool commands. * Fixes a long-standing corner case bug around directory renames in the merge-ort strategy. * The resolve-undo information in the index was not protected against GC, which has been corrected. * A corner case bug where lazily fetching objects from a promisor remote resulted in infinite recursion has been corrected. * "git clone" from a repository with some ref whose HEAD is unborn did not set the HEAD in the resulting repository correctly, which has been corrected. * An earlier attempt to plug leaks placed a clean-up label to jump to at a bogus place, which as been corrected. * Variable quoting fix in the vimdiff driver of "git mergetool" * "git shortlog -n" relied on the underlying qsort() to be stable, which shouldn't have. Fixed. * A fix for a regression in test framework. * mkstemp() emulation on Windows has been improved. * Add missing documentation for "include" and "includeIf" features in "git config" file format, which incidentally teaches the command line completion to include them in its offerings. * Avoid "white/black-list" in documentation and code comments. * Workaround for a compiler warning against use of die() in osx-keychain (in contrib/). * Workaround for a false positive compiler warning. * "git p4" working on UTF-16 files on Windows did not implement CRLF-to-LF conversion correctly, which has been corrected. * "git p4" did not handle non-ASCII client name well, which has been corrected. * "rerere-train" script (in contrib/) used to honor commit.gpgSign while recreating the throw-away merges. * "git checkout" miscounted the paths it updated, which has been corrected. * Fix for a bug that makes write-tree to fail to write out a non-existent index as a tree, introduced in 2.37. * There was a bug in the codepath to upgrade generation information in commit-graph from v1 to v2 format, which has been corrected. * Gitweb had legacy URL shortener that is specific to the way projects hosted on kernel.org used to (but no longer) work, which has been removed. * Fix build procedure for Windows that uses CMake so that it can pick up the shell interpreter from local installation location. * Conditionally allow building Python interpreter on Windows * Fix to lstat() emulation on Windows. * Older gcc with -Wall complains about the universal zero initializer "struct s = { 0 };" idiom, which makes developers' lives inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The build procedure has been tweaked to help these compilers. * Plug memory leaks in the failure code path in the "merge-ort" merge strategy backend. * "git symbolic-ref symref non..sen..se" is now diagnosed as an error. * A follow-up fix to a fix for a regression in 2.36 around hooks. * Avoid repeatedly running getconf to ask libc version in the test suite, and instead just as it once per script. * Platform-specific code that determines if a directory is OK to use as a repository has been taught to report more details, especially on Windows. * "vimdiff3" regression fix. * "git fsck" reads mode from tree objects but canonicalizes the mode before passing it to the logic to check object sanity, which has hid broken tree objects from the checking logic. This has been corrected, but to help existing projects with broken tree objects that they cannot fix retroactively, the severity of anomalies this code detects has been demoted to "info" for now. * Fixes to sparse index compatibility work for "reset" and "checkout" commands. * An earlier optimization discarded a tree-object buffer that is still in use, which has been corrected. * Fix deadlocks between main Git process and subprocess spawned via the pipe_command() API, that can kill "git add -p" that was reimplemented in C recently. * The sequencer machinery translated messages left in the reflog by mistake, which has been corrected. * xcalloc(), imitating calloc(), takes "number of elements of the array", and "size of a single element", in this order. A call that does not follow this ordering has been corrected. * The preload-index codepath made copies of pathspec to give to multiple threads, which were left leaked. * Update the version of Ubuntu used for GitHub Actions CI from 18.04 to 22.04. * The auto-stashed local changes created by "git merge --autostash" was mixed into a conflicted state left in the working tree, which has been corrected. * Multi-pack index got corrupted when preferred pack changed from one pack to another in a certain way, which has been corrected. (merge 99e4d084ff tb/midx-with-changing-preferred-pack-fix later to maint). * The clean-up of temporary files created via mks_tempfile_dt() was racy and attempted to unlink() the leading directory when signals are involved, which has been corrected. (merge babe2e0559 rs/tempfile-cleanup-race-fix later to maint). * FreeBSD portability fix for "git maintenance" that spawns "crontab" to schedule tasks. (merge ee69e7884e bc/gc-crontab-fix later to maint). * Those who use diff-so-fancy as the diff-filter noticed a regression or two in the code that parses the diff output in the built-in version of "add -p", which has been corrected. (merge 0a101676e5 js/add-p-diff-parsing-fix later to maint). * Segfault fix-up to an earlier fix to the topic to teach "git reset" and "git checkout" work better in a sparse checkout. (merge 037f8ea6d9 vd/sparse-reset-checkout-fixes later to maint). * "git diff --no-index A B" managed its the pathnames of its two input files rather haphazardly, sometimes leaking them. The command line argument processing has been straightened out to clean it up. (merge 2b43dd0eb5 rs/diff-no-index-cleanup later to maint). * "git rev-list --verify-objects" ought to inspect the contents of objects and notice corrupted ones, but it didn't when the commit graph is in use, which has been corrected. (merge b27ccae34b jk/rev-list-verify-objects-fix later to maint). * More fixes to "add -p" (merge 64ec8efb83 js/builtin-add-p-portability-fix later to maint). * The parser in the script interface to parse-options in "git rev-parse" has been updated to diagnose a bogus input correctly. (merge f20b9c36d0 ow/rev-parse-parseopt-fix later to maint). * The code that manages list-object-filter structure, used in partial clones, leaked the instances, which has been plugged. (merge 66eede4a37 jk/plug-list-object-filter-leaks later to maint). * Fix another UI regression in the reimplemented "add -p". (merge f6f0ee247f rs/add-p-worktree-mode-prompt-fix later to maint). * "git fetch" over protocol v2 sent an incorrect ref prefix request to the server and made "git pull" with configured fetch refspec that does not cover the remote branch to merge with fail, which has been corrected. (merge 49ca2fba39 jk/proto-v2-ref-prefix-fix later to maint). * A result from opendir() was leaking in the commit-graph expiration codepath, which has been plugged. (merge 12f1ae5324 ml/commit-graph-expire-dir-leak-fix later to maint). * Just like we have coding guidelines, we now have guidelines for reviewers. (merge e01b851923 vd/doc-reviewing-guidelines later to maint). * Other code cleanup, docfix, build fix, etc. (merge 77b9e85c0f vd/fix-perf-tests later to maint). (merge 0682bc43f5 jk/test-crontab-fixes later to maint). (merge b46dd1726c cc/doc-trailer-whitespace-rules later to maint). Git 2.37.4 Release Notes This primarily is to backport various fixes accumulated on the 'master' front since 2.37.3, and also includes the same security fixes as in v2.30.6. * CVE-2022-39253: When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories that have symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default. Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The fix was authored by Taylor Blau, with help from Johannes Schindelin. * CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau. * An earlier optimization discarded a tree-object buffer that is still in use, which has been corrected. * Fix deadlocks between main Git process and subprocess spawned via the pipe_command() API, that can kill "git add -p" that was reimplemented in C recently. * xcalloc(), imitating calloc(), takes "number of elements of the array", and "size of a single element", in this order. A call that does not follow this ordering has been corrected. * The preload-index codepath made copies of pathspec to give to multiple threads, which were left leaked. * Update the version of Ubuntu used for GitHub Actions CI from 18.04 to 22.04. * The auto-stashed local changes created by "git merge --autostash" was mixed into a conflicted state left in the working tree, which has been corrected. Also contains other minor documentation updates and code clean-ups. Git 2.37.3 Release Notes This primarily is to backport various fixes accumulated on the 'master' front since 2.37.2. * The build procedure for Windows that uses CMake has been updated to pick up the shell interpreter from local installation location. * Conditionally allow building Python interpreter on Windows * Fix to lstat() emulation on Windows. * Older gcc with -Wall complains about the universal zero initializer "struct s = { 0 };" idiom, which makes developers' lives inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The build procedure has been tweaked to help these compilers. * Plug memory leaks in the failure code path in the "merge-ort" merge strategy backend. * Avoid repeatedly running getconf to ask libc version in the test suite, and instead just as it once per script. * Platform-specific code that determines if a directory is OK to use as a repository has been taught to report more details, especially on Windows. * "vimdiff3" regression has been corrected. * "git fsck" reads mode from tree objects but canonicalizes the mode before passing it to the logic to check object sanity, which has hid broken tree objects from the checking logic. This has been corrected, but to help exiting projects with broken tree objects that they cannot fix retroactively, the severity of anomalies this code detects has been demoted to "info" for now. * Fixes to sparse index compatibility work for "reset" and "checkout" commands. * Documentation for "git add --renormalize" has been improved. Also contains other minor documentation updates and code clean-ups. Git 2.37.2 Release Notes This primarily is to backport various fixes accumulated on the 'master' front since 2.37.1. * "git shortlog -n" relied on the underlying qsort() to be stable, which shouldn't have. Fixed. * Variable quoting fix in the vimdiff driver of "git mergetool". * An earlier attempt to plug leaks placed a clean-up label to jump to at a bogus place, which as been corrected. * Fixes a long-standing corner case bug around directory renames in the merge-ort strategy. * Recent update to vimdiff layout code has been made more robust against different end-user vim settings. * In a non-bare repository, the behavior of Git when the core.worktree configuration variable points at a directory that has a repository as its subdirectory, regressed in Git 2.27 days. * References to commands-to-be-typed-literally in "git rebase" documentation mark-up have been corrected. * Give _() markings to fatal/warning/usage: labels that are shown in front of these messages. * "git mktree --missing" lazily fetched objects that are missing from the local object store, which was totally unnecessary for the purpose of creating the tree object(s) from its input. * Fixes for tests when the source directory has unusual characters in its path, e.g. whitespaces, double-quotes, etc. * Adjust technical/bitmap-format to be formatted by AsciiDoc, and add some missing information to the documentation. * Certain diff options are currently ignored when combined-diff is shown; mark them as incompatible with the feature. * "git clone" from a repository with some ref whose HEAD is unborn did not set the HEAD in the resulting repository correctly, which has been corrected. * mkstemp() emulation on Windows has been improved. * Add missing documentation for "include" and "includeIf" features in "git config" file format, which incidentally teaches the command line completion to include them in its offerings. * Avoid "white/black-list" in documentation and code comments. * Workaround for a compiler warning against use of die() in osx-keychain (in contrib/). * Workaround for a false positive compiler warning. * The resolve-undo information in the index was not protected against GC, which has been corrected. * A corner case bug where lazily fetching objects from a promisor remote resulted in infinite recursion has been corrected. * "git p4" working on UTF-16 files on Windows did not implement CRLF-to-LF conversion correctly, which has been corrected. * "git p4" did not handle non-ASCII client name well, which has been corrected. * "rerere-train" script (in contrib/) used to honor commit.gpgSign while recreating the throw-away merges. * "git checkout" miscounted the paths it updated, which has been corrected. * Fix for a bug that makes write-tree to fail to write out a non-existent index as a tree, introduced in 2.37. * There was a bug in the codepath to upgrade generation information in commit-graph from v1 to v2 format, which has been corrected. Also contains minor documentation updates and code clean-ups.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 90d43e54c21bf7f0c201979f50a25a2660ed62a3 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 26 14:41:25 2022 +0100
fmt: Update to version 9.1.0
- Update from version 9.0.0 to 9.1.0 - Update of rootfile - Changelog 9.1.0 - 2022-08-27 * ``fmt::formatted_size`` now works at compile time `#3026 https://github.com/fmtlib/fmt/pull/3026`_ For example (`godbolt https://godbolt.org/z/1MW5rMdf8`__): .. code:: c++ #include <fmt/compile.h> int main() { using namespace fmt::literals; constexpr size_t n = fmt::formatted_size("{}"_cf, 42); fmt::print("{}\n", n); // prints 2 } * Fixed handling of invalid UTF-8 `#3038 https://github.com/fmtlib/fmt/pull/3038`_, `#3044 https://github.com/fmtlib/fmt/pull/3044`_, `#3056 https://github.com/fmtlib/fmt/pull/3056`_ * Improved Unicode support in ``ostream`` overloads of ``print`` `#2994 https://github.com/fmtlib/fmt/pull/2994`_, `#3001 https://github.com/fmtlib/fmt/pull/3001`_, `#3025 https://github.com/fmtlib/fmt/pull/3025`_ * Fixed handling of the sign specifier in localized formatting on systems with 32-bit ``wchar_t`` `#3041 https://github.com/fmtlib/fmt/issues/3041`_). * Added support for wide streams to ``fmt::streamed`` `#2994 https://github.com/fmtlib/fmt/pull/2994`_ * Added the ``n`` specifier that disables the output of delimiters when formatting ranges `#2981 https://github.com/fmtlib/fmt/pull/2981`_, `#2983 https://github.com/fmtlib/fmt/pull/2983`_ For example (`godbolt https://godbolt.org/z/roKqGdj8c`__): .. code:: c++ #include <fmt/ranges.h> #include <vector> int main() { auto v = std::vector{1, 2, 3}; fmt::print("{:n}\n", v); // prints 1, 2, 3 } * Worked around problematic ``std::string_view`` constructors introduced in C++23 `#3030 https://github.com/fmtlib/fmt/issues/3030`_, `#3050 https://github.com/fmtlib/fmt/issues/3050`_ * Improve handling (exclusion) of recursive ranges `#2968 https://github.com/fmtlib/fmt/issues/2968`_, `#2974 https://github.com/fmtlib/fmt/pull/2974`_ * Improved error reporting in format string compilation `#3055 https://github.com/fmtlib/fmt/issues/3055`_ * Improved the implementation of `Dragonbox https://github.com/jk-jeon/dragonbox`_, the algorithm used for the default floating-point formatting `#2984 https://github.com/fmtlib/fmt/pull/2984`_ * Fixed issues with floating-point formatting on exotic platforms. * Improved the implementation of chrono formatting `#3010 https://github.com/fmtlib/fmt/pull/3010`_ * Improved documentation `#2966 https://github.com/fmtlib/fmt/pull/2966`_, `#3009 https://github.com/fmtlib/fmt/pull/3009`_, `#3020 https://github.com/fmtlib/fmt/issues/3020`_, `#3037 https://github.com/fmtlib/fmt/pull/3037`_ * Improved build configuration `#2991 https://github.com/fmtlib/fmt/pull/2991`_, `#2995 https://github.com/fmtlib/fmt/pull/2995`_, `#3004 https://github.com/fmtlib/fmt/issues/3004`_, `#3007 https://github.com/fmtlib/fmt/pull/3007`_, `#3040 https://github.com/fmtlib/fmt/pull/3040`_ * Fixed various warnings and compilation issues `#2969 https://github.com/fmtlib/fmt/issues/2969`_, `#2971 https://github.com/fmtlib/fmt/pull/2971`_, `#2975 https://github.com/fmtlib/fmt/issues/2975`_, `#2982 https://github.com/fmtlib/fmt/pull/2982`_, `#2985 https://github.com/fmtlib/fmt/pull/2985`_, `#2988 https://github.com/fmtlib/fmt/issues/2988`_, `#3000 https://github.com/fmtlib/fmt/issues/3000`_, `#3006 https://github.com/fmtlib/fmt/issues/3006`_, `#3014 https://github.com/fmtlib/fmt/issues/3014`_, `#3015 https://github.com/fmtlib/fmt/issues/3015`_, `#3021 https://github.com/fmtlib/fmt/pull/3021`_, `#3023 https://github.com/fmtlib/fmt/issues/3023`_, `#3024 https://github.com/fmtlib/fmt/pull/3024`_, `#3029 https://github.com/fmtlib/fmt/pull/3029`_, `#3043 https://github.com/fmtlib/fmt/pull/3043`_, `#3052 https://github.com/fmtlib/fmt/issues/3052`_, `#3053 https://github.com/fmtlib/fmt/pull/3053`_, `#3054 https://github.com/fmtlib/fmt/pull/3054`_
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 670b07b39f4a951da093e6b737629a1c329f6d43 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 18:38:12 2022 +0100
mpd: Update to version 0.23.10
- Update from version 0.23.8 to 0.23.10 - Update required to allow successful build with updated ffmpeg - Update of rootfile not required - Changelog ver 0.23.10 (2022/10/14) * storage - curl: fix file time stamps * decoder - ffmpeg: fix libfmt 9 compiler warning * encoder - flac: fix failure when libFLAC is built without Ogg support * output - alsa: fix crash bug * Windows - log to stdout by default, don't require "log_file" setting ver 0.23.9 (2022/08/18) * input - cdio_paranoia: add options "mode" and "skip" * decoder - ffmpeg: support FFmpeg 5.1 * filter - replay gain: fix delayed volume display with handler=mixer * output - pipewire: set app icon * fix bogus volume levels with multiple partitions * improve iconv detection * macOS: fix macOS 10 build problem (0.23.8 regression) * Android - load mpd.conf from app data directory
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 4745cff3df93f3c2ca06d91287b8e82d5091008e Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 18:38:11 2022 +0100
ffmpeg: Update to version 5.1.2
- Update from version 4.4 to 5.1.2 - Update of rootfile - avresample has been removed from ffmpeg and so ./configure option had to be removed - many libraries had an so bump so checked with find-dependencies - nothing flagged - Changelog version 5.1.2: - avcodec/dstdec: Check for overflow in build_filter() - avformat/spdifdec: Use 64bit to compute bit rate - avformat/rpl: Use 64bit for duration computation - avformat/xwma: Use av_rescale() for duration computation - avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation - avformat/sbgdec: Check ts_int in genrate_intervals - avformat/sbgdec: clamp end_ts - avformat/rmdec: check tag_size - avformat/nutdec: Check fields - avformat/flvdec: Use 64bit for sum_flv_tag_size - avformat/jacosubdec: Fix overflow in get_shift() - avformat/genh: Check nb_channels for IMA ADPCM - avformat/dxa: avoid bpc overflows - avformat/dhav: Use 64bit seek_back - avformat/cafdec: Check that nb_frasmes fits within 64bit - avformat/asfdec_o: Limit packet offset - avformat/apm: Use 64bit for bit_rate computation - avformat/ape: Check frames size - avformat/icodec: Check nb_pal - avformat/aiffdec: Use 64bit for block_duration use - avformat/aiffdec: Check block_duration - avformat/mxfdec: only probe max run in - avformat/mxfdec: Check run_in is within 65536 - avcodec/mjpegdec: Check for unsupported bayer case - avcodec/apedec: Fix integer overflow in filter_3800() - avcodec/tta: Check 24bit scaling for overflow - avcodec/mobiclip: Check quantizer for overflow - avcodec/exr: Check preview psize - avcodec/tiff: Fix loop detection - libavformat/hls: Free keys - avcodec/fmvc: Move frame allocation to a later stage - avfilter/vf_showinfo: remove backspaces - avcodec/speedhq: Check width - avcodec/bink: disallow odd positioned scaled blocks - avformat/cafenc: derive Opus frame size from the relevant stream parameters - avformat/dashdec: Fix crash on invalid input/ENOMEM, fix leak - lavc/videotoolbox: do not pass AVCodecContext to decoder output callback - lavc/pthread_frame: always transfer stashed hwaccel state - avcodec/arm/sbcenc: avoid callee preserved vfp registers - avformat/riffdec: don't unconditionally overwrite WAVEFORMATEXTENSIBLE layout - avfilter/vf_scale: overwrite the width and height expressions with the original values - lavc/pthread_frame: avoid leaving stale hwaccel state in worker threads - avutil/tests/.gitignore: Add channel_layout testtool version 5.1.1: - avformat/asfdec_o: limit recursion depth in asf_read_unknown() - avformat/mov: Check count sums in build_open_gop_key_points() - doc/git-howto.texi: Document commit signing - libavcodec/8bps: Check that line lengths fit within the buffer - avcodec/midivid: Perform lzss_uncompress() before ff_reget_buffer() - libavformat/iff: Check for overflow in body_end calculation - avformat/avidec: Prevent entity expansion attacks - avcodec/h263dec: Sanity check against minimal I/P frame size - avcodec/hevcdec: Check s->ref in the md5 path similar to hwaccel - avcodec/mpegaudiodec_template: use unsigned shift in handle_crc() - avformat/subviewerdec: Make read_ts() more flexible - avcodec/mjpegdec: bayer and rct are incompatible - MAINTAINERS: Add ED25519 key for signing my commits in the future - avcodec/pngdec: Fix APNG_DISPOSE_OP_BACKGROUND - avcodec/libvpx: fix assembling vp9 packets with alpha channel - fftools/ffmpeg_opt: try to propagate the requested output channel layout - avcodec/libsvtav1: properly initialize the flush EbBufferHeaderType struct - configure: enable the av1_frame_split bsf for the av1 decoder - swresample/swresample: fill the correct buffer to print the output layout string - ffprobe: restore reporting error code for failed inputs - ipfsgateway: Remove default gateway - avcodec/libspeexdec: Fix use of uninitialized value - avformat/avisynth: use ch_layout.nb_channels for channel count - fate/lavf-image: Disable file checksums for exr tests - tests/fate-run: Allow to skip file checksums for lavf_image - fate/imf: Rename IMF fate-target - avcodec/alac: don't fail if channels aren't set during init() when extradata is valid - configure: properly require libx264 if enabled version 5.1: - add ipfs/ipns protocol support - dialogue enhance audio filter - dropped obsolete XvMC hwaccel - pcm-bluray encoder - DFPWM audio encoder/decoder and raw muxer/demuxer - SITI filter - Vizrt Binary Image encoder/decoder - avsynctest source filter - feedback video filter - pixelize video filter - colormap video filter - colorchart video source filter - multiply video filter - PGS subtitle frame merge bitstream filter - blurdetect filter - tiltshelf audio filter - QOI image format support - ffprobe -o option - virtualbass audio filter - VDPAU AV1 hwaccel - PHM image format support - remap_opencl filter - added chromakey_cuda filter version 5.0: - ADPCM IMA Westwood encoder - Westwood AUD muxer - ADPCM IMA Acorn Replay decoder - Argonaut Games CVG demuxer - Argonaut Games CVG muxer - Concatf protocol - afwtdn audio filter - audio and video segment filters - Apple Graphics (SMC) encoder - hsvkey and hsvhold video filters - adecorrelate audio filter - atilt audio filter - grayworld video filter - AV1 Low overhead bitstream format muxer - swscale slice threading - MSN Siren decoder - scharr video filter - apsyclip audio filter - morpho video filter - amr parser - (a)latency filters - GEM Raster image decoder - asdr audio filter - speex decoder - limitdiff video filter - xcorrelate video filter - varblur video filter - huesaturation video filter - colorspectrum source video filter - RTP packetizer for uncompressed video (RFC 4175) - bitpacked encoder - VideoToolbox VP9 hwaccel - VideoToolbox ProRes hwaccel - support loongarch. - aspectralstats audio filter - adynamicsmooth audio filter - libplacebo filter - vflip_vulkan, hflip_vulkan and flip_vulkan filters - adynamicequalizer audio filter - yadif_videotoolbox filter - VideoToolbox ProRes encoder - anlmf audio filter - IMF demuxer (experimental)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit fd4f8278c4a67cdf5b76bf1bb458682edbbb9301 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 18:37:53 2022 +0100
fetchmail: Update to version 6.4.34
- Update from version 6.4.32 to 6.4.34 - Update of rootfile not required. - Changelog Fetchmail Release Notes # ADVANCE WARNING OF FEATURES TO BE REMOVED OR CHANGED IN FUTURE VERSIONS (There are no plans to remove features from a 6.4.X release, but they may be removed from a 6.5.0 or newer release.) * Future fetchmail releases may require compilers and operating systems that adhere to standards issued 2011 or later. (Currently, C89 and Single Unix Specification V2 should suffice.) * Future fetchmail releases may tighten up security and lean towards it a bit more by, for instance, implementing recommendations from RFC-7817 or RFC-8314. This may, for instance, require that TLS v1.1 or newer be used. * The MX and host alias DNS lookups that fetchmail performs in multidrop mode are based on assumptions that are rarely met in practice, somewhat defective, deprecated and may be removed from a future fetchmail version. They have never supported IPv6 (including IPv6-mapped IPv4). Non-DNS based alias keywords such as "aka" will remain in fetchmail. * The monitor and interface options may be removed from a future fetchmail version as they are not reasonably portable across operating systems. * POP2 is obsolete, support will be removed from a future fetchmail version. * IMAP2 and IMAP4 (not IMAP4r1) are obsolete, support may be removed from a future fetchmail version. * RPOP is obsolete, support will be removed from a future fetchmail release. * The multidrop To/Cc guessing code along with the fragile duplicate suppressor is deprecated and may be removed from a future release. * The "envelope Received" option may be removed from a future release, because the Received header was never meant to be machine-readable, the format varies widely, and various other differences in behavior make parsing Received an unreliable undertaking. The envelope option as such will remain though, in order to support Delivered-To, X-Envelope-To, X-Original-To and similar. See also http://home.pages.de/~mandree/mail/multidrop. * The --enable-fallback (fall back to MDA if MTA unavailable) will be removed from a future fetchmail release, because it makes fetchmail's behavior inconsistent and confusing. * The "protocol auto" default inside fetchmail may be removed from a future fetchmail release. Explicit configuration of the protocol is recommended. * Kerberos IV support may be removed from a future fetchmail release. * Kerberos 5 support may be removed from a future fetchmail release. * The --principal option may be removed from a future fetchmail release. * SIGHUP wakeup support may be removed from a future fetchmail release and cause fetchmail to terminate - it was broken for many years. * Support for operating systems that are not sufficiently POSIX compliant may be removed or operation on such systems may be suboptimal for future releases. This means that fetchmail may only continue to work on C99 and POSIX 2001 based systems. * The maintainer may migrate fetchmail to C++ with STL or C#, and impose further requirements (dependencies), such as Boost or other class libraries. * The softbounce option default will change to "false" in the next release. * The --bsmtp - mode of operation may be removed in a future release. * SSLv3 support may be removed from a future fetchmail release. It has been obsolete for many years and found insecure. Use TLS. * Fetchmailconf is deprecated and will be removed from a future release. * Fetchmail does not guarantee compatibility with EOL OpenSSL versions. Support for end-of-life OpenSSL versions may be removed even from patchlevel releases. * Nonstandard authentication schemes (such as RPA) may be removed from future fetchmail versions. * Nonstandard protocol extensions (such as SDPS/*ENV) may be removed from future fetchmail versions. * Future fetchmail releases (even minor ones) may change undocumented parts of the .netrc parser in incompatible ways to enhance compatibility with typical ftp(1) .netrc parsers. * Apparently OPIE is dying. I only have this support on FreeBSD, and FreeBSD 14 (slated for release in 2023) is about to remove it. # KNOWN BUGS AND WORKAROUNDS * Fetchmail does not handle messages without Message-ID header well (See sourceforge.net bug #780933) * Fetchmail currently uses 31-bit signed integers in several places where unsigned and/or wider types should have been used, for instance, for mailbox sizes, and misreports sizes of 2 GibiB and beyond. Fixing this requires C89 compatibility to be relinquished. * BSMTP is mostly untested and errors can cause corrupt output. * Fetchmail does not track pending deletes across crashes. * The command line interface is sometimes a bit stubborn, for instance, fetchmail -s doesn't work with a daemon running. * Linux systems may return duplicates of an IP address in some circumstances if no or no global IPv6 addresses are configured. (No workaround. Ubuntu Bug#582585, Novell Bug#606980.) * Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error messages. This will not be fixed, because the maintainer has no Kerberos 5 server to test against. Use GSSAPI. * For IMAP connections, fetchmail will print "will idle after poll" in verbose mode even though --idle is not given, as an artifact of the 6.4.22 security fixes. Fetchmail means "could idle after poll", but this would have required another loop through the translators. * aka ... hostnames are not considered for upstream server X.509 certificate verification, aka was meant for alias detection with multidrop mailboxes. * When compiled against wolfSSL, some diagnostics and messages of fetchmail are hardcoded to read "OpenSSL"; this was found only after the call for translations had been sent out already. * FreeBSD's OPIE implementation cannot be found when using a C++ compiler. This should not affect the normal build, which uses a C compiler. fetchmail-6.4.34 (released 2022-10-15, 31701 LoC): # CRITICAL BUG FIXES: * When an SMTP receiver refuses delivery, a message would be deleted from the mail store in spite of a softbounce option that is enabled. Bug report, analysis and patch by Horváth Zsolt. Gitlab, fixes #50. # BUILD NOTE: * If you are reusing config.cache from prior builds, this may cause issues with finding Python or some libraries. In case of trouble, remove config.cache and retry. # TRANSLATIONS: language translations were updated by this fine person: * sr: Мирослав Николић (Miroslav Nikolić) [Serbian] fetchmail-6.4.33 (released 2022-08-27, 31696 LoC): # TRANSLATIONS: language translations were updated by this fine person: * fr: Frédéric Marchal [French] # CONTRIBUTED SCRIPT CHANGES: * contrib/fetchsetup improvements by Matěj Cepl * contrib/runfetchmail improvements by Matěj Cepl
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit c0fc77b0a7caafcb7aa2072155ec235aa79bc446 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 28 13:06:14 2022 +0100
Core Update 172: Ship ethtools
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 504a2df6668a6c4c05849a7c05e8e90f5c11e954 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 18:37:41 2022 +0100
ethtool: Update to version 6.0
- Update from version 5.16 to 6.0 - Update of rootfile not required - Changelog Version 6.0 - October 10, 2022 * Fix: advertisement modes autoselection by lanes (-s) Version 5.19 - August 22, 2022 * Feature: get/set tx push (-g and -G) * Feature: register dump support for TI CPSW (-d) * Feature: register dump support for lan743x chipset (-d) * Fix: fix missing sff-8472 output in netlink path (-m) * Fix: fix EEPROM byte write (-E) Version 5.18 - June 14, 2022 * Feature: get/set cqe size (-g and -G) * Fix: fix typo in man page * Fix: fix help text alignment * Fix: improve attribute label (--show-fec) Version 5.17 - April 4, 2022 * Feature: transceiver module power mode (--set-module) * Feature: transceiver module extended state (--show-module) * Feature: get/set rx buffer length (-g and -G) * Feature: tx copybreak buffer size (--get-tunable and --set-tunable) * Feature: JSON output for features (-k) * Feature: support OSFP transceiver modules (-m) * Fix: add missing free() calls (--get-tunable and --set-tunable)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 55b4bb70ec7e12339d1b37d3a89c7515f4aeef52 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 28 13:05:31 2022 +0100
Core Update 172: Ship elinks
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit bcef2fe0f613bb4e3201f11c2403a54d99a4aed8 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 18:37:30 2022 +0100
elinks: Update to version 0.15.1
- Update from version 0.12pre6 (2012) to 0.15.1 (July 2022) - Update of rootfile - Original elinks was last updated in 2012. In Jan 2020 a fork was made of the package and has been maintained since then on an ongoing basis. This new fork is used by Arch Linux - elinks has not been an addon since CU141 but the lfs file was still in the addon format This has been adjusted to make it in line with a core program - The previous patches related to ssl have been removed as the fixes are now part of the source tarball. - Changelog ELinks 0.15.1 Released on 2022-07-31 * about:config * option --always-load-config #137 * compilation fixes on Windows #140 * added ui.background_char #142 * sample build scripts and docker files * experimental DGI support * DOS port based on links code * configurable Accept-Header #143 * minor compilation fixes ELinks 0.15.0 Released on 2021-12-24 * Serbian translation update ELinks 0.15.0rc2 Released on 2021-12-19 * Serbian translation update * HOME_ETC ELinks 0.15.0rc1 Released on 2021-12-04 * removed -Wno-pointer-sign from CFLAGS * close stdin before calling a background program (sgerwk) and options related to it #108, #109, #110, #113 * gemini protocol and text/gemini mime type * changed rendering of blockquote element * avoid tmpfile in lua (sgerwk) #115, #118 * console.log in js (mtatton) #93 * localstorage (mtatton) #98 * options document.browse.search.beginning_only document.browse.search.ignore_history ui.double_esc * ui.temperature.* to show temperature of CPU * document.plain.fixup_tables * enhanced ecmascript code. Added QuickJS * Notes on ECMAScript: requires C++ compiler, sqlite3, libxml++5 >= 5.0.1.GIT and either mozjs78-dev or QuickJS-2021-03-27 Most sites don't work, some crash. Some workarounds were implemented: a) ECMAScript is disabled by default b) ~/.elinks/allow.txt and ~/.elinks/disallow.txt with url prefixes c) Added toggle-ecmascript action. You can bind it to some key * other small fixes ELinks 0.14.3 Released on 2021-09-26 * Fix issue with negative value of cells #126 ELinks 0.14.2 Released on 2021-08-29 * crash in nttp #114 * XSS in gopher #125 ELinks 0.14.1 Released on 2021-05-30 * Disable spidermonkey by default #85 * Show error message about libgcrypt-config. #86 * off by two. #88 * Check NULL. #99 * fix error message when no previous search was performed #100 * alert when moving to the next match of a failed search #101 * include unistd.h and errno.h to define safe_read() #107 ELinks 0.14.0 Released on 2020-12-27 No changes since 0.14.0rc2. ELinks 0.14.0rc2 Released on 2020-12-13 * ~/.elinks/allow.txt - list of allowed url prefixes for js ELinks 0.14.0rc1 Released on 2020-12-06 * dblatex for pdf. PR #64 * fixes CTRL-Z. #65 * changes in mime handlers. PR #66 * fixes in data protocol. #67, #68, #71, #72, #73 * allow to wrap text in PRE. #69 * pass #fragment to external command. #75 * introduced "document.browse.search.reset". #76 * added meson as alternative build system * in #77 I'm going to attach static binaries for released versions * mozjs dependency updated to 52.* Note that, to compile with javascript support you must compile by g++ with -fpermissive option. There is a lot of warnings. Unfortunately JS often crashes. Without help from someone familiar with SpiderMonkey, we won't go far. As you might notice, I renamed repo to elinks. Thanks to all involved in this release. ELinks 0.13.5 Released on 2020-08-30 * added clipboard selection using keyboard. #59 * fixed drawing menus over emoji characters. #60 * encoding to utf-8 and decoding back in python's pre_format_html_hook This is likely the last release of 0.13.x series. ELinks 0.13.4: Released on 2020-07-31. * fixed segfault with gnutls. introduced in 0.13.3 * updated smart and dumb prefixes to https. Thanks Guido Cella. PR #54 * added the st terminal to config options. PR #55 * doc updates PR #57 * also pass the uri as %u to external handler. Thanks sgerwk. PR #58 * added the ui.clipboard_file config option ELinks 0.13.3: Released on 2020-06-29. * configure option --with-luapkg=name You can choose lua version at compilation time. For example: --with-luapkg=luajit * config option connection.ssl.https_by_default (Thanks Guido Cella) not enabled by default * docs updates (Guido Cella) * fixes related to ui.mouse_disable and xterm-like terminals (Thanks sgerwk) * show an alert when the search string is not found (sgerwk) ELinks 0.13.2: Released on 2020-05-31. * command line option -remote search(...) (thanks sgerwk) * command line option -bind-address * config option ui.mouse_disable (sgerwk) * config option ui.tostop * config option ui.sessions.fork_on_start * compatibility (compilability) with lua-5.2 and 5.3 * modified cookies code (not well tested) ELinks 0.13.1: Released on 2020-01-31. * Fixed issue with uploading files to local cgi. * Python scripts in contrib converted to python3. ELinks 0.13.0: Released on 2019-12-27. Incompatibilities: * The protocol.fsp.sort option has been removed. ELinks always sorts. * bug 1024: Verify the host name or IP address in the server certificate if connection.ssl.cert_verify is not 0. Miscellaneous: * The configure script is no longer part of tarball, you must generate it. For example running ./autogen.sh * major bug 181: Slave ELinks processes can now run an external editor. This used to work in the master process only. * major bug 722: Filter CSS according to media types. New option document.css.media. * bug 638: Propagate the existence of $DISPLAY from slave terminals to mailcap test commands. * bugs 762, 1082: Small memory leak in goto_current_link/goto_imgmap * bug 963: New option document.css.ignore_display_none. * bug 977: Fixed crash when opening in new tab a non link with onclick attribute. * bug 1008: File upload fields in HTML forms now stream the files to the server, instead of reading them to memory in advance. This lets you upload larger files. The downsides are that ELinks may use a cached response even if you have modified a file between requests, and that ELinks can send inconsistent data if you modify a file while it is being uploaded. * bug 1054: Don't abort downloads when closing the terminal from which they were started. When such a download ends, display the message in the most recently used terminal. If the user chooses ``Background and Notify'' via the download manager in some terminal, reassociate the download with that terminal. These changes do not apply to downloads to external handlers. * Really retry forever when connection.retries = 0. * enhancement: Session-specific options. Any options changed with toggle-* actions no longer affect other tabs or other terminals. * Do not crash when document.browse.minimum_refresh_time = 0 and a document has a meta refresh with a delay of 0. * Properly update link highlighting and status bar information when the repeat prefix is changed. * Handle SSL rehandshakes * Fix compatibility with Ruby >= 1.9 * enhancement 15: Domain-specific options. Use set_domain in elinks.conf to e.g. disable cookies for google.com. The option manager window does not yet support this. * enhancement 867: Use bracketed paste mode on xterm. This requires xterm patch #228 or later configured with --enable-readline-mouse. * enhancement 824: Experimental support for combining characters. See features.conf for details. * enhancement: Add a new entry Link Info under Link main menu. * enhancement: Indicate backgrounded downloads using an unused led. * enhancement: Display the number of ECMAScript interpreters that have been allocated for documents in the Resources dialog. * Fedora enhancement 346861: Add support for nss_compat_ossl library (OpenSSL replacement). * enhancement: ``elinks --dump'' uses box-drawing characters if supported by the charset. * enhancement 1070: Support 256 colors on fbterm-1.4. * enhancement 1075: Scrolling the entire contents of dialog boxes. Especially useful for multi-file BitTorrent downloads. * Report if the Lua function edit_bookmark_dialog receives the wrong number or types of arguments instead of silently failing. * enhancement: Add ``Invalidate'' button to the cache manager. * enhancement: Add ``Search contents'' button to the cache manager with which one can search through the cache items' data rather than their metadata. * enhancement: Add rudimentary support for the HTML5 media elements, <video> and <audio>. * enhancement: Add move-half-page-up and move-half-page-down actions. * enhancement: Add option to change overlap for vertical scrolling. * enhancement: HTML meta refresh allows semicolons in URLs, and the syntax is more like in Firefox. * link against lua51 not lua50 * SpiderMonkey must be mozjs-17.0. This version is latest with C API. Find it with pkg-config. * using iconv for some multibyte charsets. It works if the terminal codepage is UTF-8. More charsets will be added on demand. * enhancement: support SSL client certificate * python scripting is Python3 only * brotli and zstd encodings * possibility to make use of libevent instead of select for event loop * terminfo queries for output (not input) as compilation option
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit c5c0decb15b4b105599a63cf7697f068c11650a6 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 18:37:17 2022 +0100
ddrescue: Update to version 1.26
- Update from version 1.25 to 1.26 - Update of rootfile not required - Changelog Changes in version 1.26: While writing the mapfile, ddrescue now checks the return value of each call to 'fprintf' to catch any temporary failure of 'fprintf' not reported by the system when closing the file. (Hole in mapfile reported by Radomír Tomis). Domain mapfiles may now contain unordered and overlapping blocks when '-L, --loose-domain' is specified as long as no block overlaps with other block of different status. (Suggested by Gábor Katona and Shaya Potter). Ddrescue now shows the file name in all the diagnostics with a file involved. (Reported by Radomír Tomis). Ddrescue now exits with status 1 on fatal read errors. (Suggested by Marco Marques). Empty phases are now completely skipped. Ddrescue now scrolls forward after each pass. This keeps on the screen the final status of the previous pass, making it easier to estimate the amount of work done by the current pass. (Based on a suggestion by David Morrison). In case of error in a numerical argument to a command line option, ddrescue now shows the name of the option and the range of valid values. The option synonyms '--*-logfile' and '--pause' have been removed and are no longer recognized. Ddrescuelog now can convert between mapfiles and bitmaps of blocks (big and little endian). The new option '-F, --format' has been added to ddrescuelog. It selects the input format for '--create-mapfile', or the output format for '--list-blocks'. (Bitmap format proposed by Florian Sedivy). Option '-d, --delete-if-done' of ddrescuelog no longer returns an error if the mapfile is read from standard input. Instead it behaves like '-D, --done-status' because there is nothing to delete. 'ddrescuelog --show-status' now rounds percentages up to get the sum closer to 100%. Three missing '#include <algorithm>' have been added. (Reported by Richard Burkert). The description of the algorithm in the manual has been improved.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit c0fb95848727afa8087ec753bf21d5292cd8a657 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 18:37:00 2022 +0100
cups-filters: Update to version 1.28.16
- Update from version 1.28.14 to 1.;28 16 - Update of rootfile not required - Changelog CHANGES IN V1.28.16 - imagetoraster, imagetopdf, libcupsfilters: Added support for reading the resolution of an image from its EXIF data when loading it. This way we get the image reproduced in its original size with "print-scaling=none" (Issue #362). - libcupsfilters: Replaced deprecated data types uint16 and uint32. The function to read TIFF image files via libtiff in cupsfilters/image-tiff.c uses the deprecated types uint16 and uint32. The replacements for these types are uint16_t and uint32_t. CHANGES IN V1.28.15 - pdftops: In pdftops identify old LaserJets more precisely for working around PostScript interpreter bugs, older printers need Poppler, newer models need Ghostscript (Ubuntu bug #1967816).
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 3a42eaa9b727c9fa85d45fdf03606efe4b6d70a2 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 25 11:59:44 2022 +0000
Core Update 172: Ship sudo
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 24109ebef7e4497959083c58e71f338956d19f26 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 09:55:31 2022 +0100
sudo: Update to version 1.9.12p1
- Update from version 1.9.11p3 to 1.9.12p1 - Update of rootfile - Changelog What's new in Sudo 1.9.12p1 * Sudo's configure script now does a better job of detecting when the -fstack-clash-protection compiler option does not work. GitHub issue #191. * Fixed CVE-2022-43995, a potential out-of-bounds write for passwords smaller than 8 characters when passwd authentication is enabled. This does not affect configurations that use other authentication methods such as PAM, AIX authentication or BSD authentication. * Fixed a build error with some configurations compiling host_port.c. What's new in Sudo 1.9.12 * Fixed a bug in the ptrace-based intercept mode where the current working directory could include garbage at the end. * Fixed a compilation error on systems that lack the stdint.h header. Bug #1035 * Fixed a bug when logging the command's exit status in intercept mode. The wrong command could be logged with the exit status. * For ptrace-based intercept mode, sudo will now attempt to verify that the command path name, arguments and environment have not changed from the time when they were authorized by the security policy. The new "intercept_verify" sudoers setting can be used to control this behavior. * Fixed running commands with a relative path (e.g. ./foo) in intercept mode. Previously, this would fail if sudo's current working directory was different from that of the command. * Sudo now supports passing the execve(2) system call the NULL pointer for the `argv` and/or `envp` arguments when in intercept mode. Linux treats a NULL pointer like an empty array. * The sudoers LDAP schema now allows sudoUser, sudoRunasUser and sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII. * Fixed a problem with "sudo -i" on SELinux when the target user's home directory is not searchable by sudo. GitHub issue #160. * Neovim has been added to the list of visudo editors that support passing the line number on the command line. * Fixed a bug in sudo's SHA384 and SHA512 message digest padding. * Added a new "-N" (--no-update) command line option to sudo which can be used to prevent sudo from updating the user's cached credentials. It is now possible to determine whether or not a user's cached credentials are currently valid by running: $ sudo -Nnv and checking the exit value. One use case for this is to indicate in a shell prompt that sudo is "active" for the user. * PAM approval modules are no longer invoked when running sub-commands in intercept mode unless the "intercept_authenticate" option is set. There is a substantial performance penalty for calling into PAM for each command run. PAM approval modules are still called for the initial command. * Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2) if available. * The XDG_CURRENT_DESKTOP environment variable is now preserved by default. This makes it possible for graphical applications to choose the correct theme when run via sudo. * On 64-bit systems, if sudo fails to load a sudoers group plugin, it will use system-specific heuristics to try to locate a 64-bit version of the plugin. * The cvtsudoers manual now documents the JSON and CSV output formats. GitHub issue #172. * Fixed a bug where sub-commands were not being logged to a remote log server when log_subcmds was enabled. GitHub issue #174. * The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers settings can be used to support more fine-grained I/O logging. The sudo front-end no longer allocates a pseudo-terminal when running a command if the I/O logging plugin requests logging of stdin, stdout, or stderr but not terminal input/output. * Quieted a libgcrypt run-time initialization warning. This fixes Debian bug #1019428 and Ubuntu bug #1397663. * Fixed a bug in visudo that caused literal backslashes to be removed from the EDITOR environment variable. GitHub issue #179. * The sudo Python plugin now implements the "find_spec" method instead of the the deprecated "find_module". This fixes a test failure when a newer version of setuptools that doesn't include "find_module" is found on the system. * Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created the process ID file, usually /var/run/sudo/sudo_logsrvd.pid, as a directory instead of a plain file. The same bug could result in I/O log directories that end in six or more X's being created literally in addition to the name being used as a template for the mkdtemp(3) function. * Fixed a long-standing bug where a sudoers rule with a command line argument of "", which indicates the command may be run with no arguments, would also match a literal "" on the command line. GitHub issue #182. * Added the -I option to visudo which only edits the main sudoers file. Include files are not edited unless a syntax error is found. * Fixed "sudo -l -U otheruser" output when the runas list is empty. Previously, sudo would list the invoking user instead of the list user. GitHub issue #183. * Fixed the display of command tags and options in "sudo -l" output when the RunAs user or group changes. A new line is started for RunAs changes which means we need to display the command tags and options again. GitHub issue #184. * The sesh helper program now uses getopt_long(3) to parse the command line options. * The embedded copy of zlib has been updated to version 1.2.13. * Fixed a bug that prevented event log data from being sent to the log server when I/O logging was not enabled. This only affected systems without PAM or configurations where the pam_session and pam_setcred options were disabled in the sudoers file. * Fixed a bug where "sudo -l" output included a carriage return after the newline. This is only needed when displaying to a terminal in raw mode. Bug #1042.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 90c1a2758b760e19fa0ff478c6bbdd37467a8d48 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 09:55:00 2022 +0100
qemu-ga: Update to version 7.1.0
- Update in line with update of qemu from version 7.0.0 to 7.1.0 - Update of rootfile not required - Changelog - see changelog info in the qemu update
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 39ff37072ead6719828c4ac5181e40c263149561 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 09:54:59 2022 +0100
qemu: Update to version 7.1.0
- Update from 7.0.0 to 7.1.0 - Update of rootfile not required - Removal of qemu-7.0.0-fix-glibc-headers.patch as an alternative patch approach has been implemeted into thye source tarball. - Changelog is too large to include here. Details can be found at https://wiki.qemu.org/ChangeLog/7.1
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit da0b8e4fb9bf2d0d2a3e9d5c70da8eb7805d2955 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 09:54:43 2022 +0100
nginx: Update to version 1.22.1
- Update from version 1.21.6 to 1.22.1 - Update of rootfile not required - Changelog Changes with nginx 1.22.1 19 Oct 2022 *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, worker process memory disclosure, or might have potential other impact (CVE-2022-41741, CVE-2022-41742). Changes with nginx 1.22.0 24 May 2022 *) 1.22.x stable branch.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 81c3f9e1b9977616259e928468d01a0d84f9e99d Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 09:54:24 2022 +0100
libvirt: Update to version 8.9.0
- Update from 7.10.0 to 8.9.0 - Update of rootfile - Removal of sheepdog_storage option in ./configure as it has been removed from libvirt - Removal of libvirt-7.10.0-fix-glibc-headers.patch as contents are now built in to source tarball. - Changelog is too large to include here. Details can be found in the NEWS.rst file in the source tarball.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 4e3a53528f7209162b5e46ff9de3c84e4b5a9a9e Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 25 11:58:03 2022 +0000
Core Update 172: Ship libpng
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2bfcbac468277beeaebb2d7d976cdc9cedad2bc9 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 09:51:56 2022 +0100
libpng: Update to version 1.6.39
- Update from version 1.6.37 to 1.6.39 - Update of rootfile - Changelog Version 1.6.39 [November 20, 2022] Changed the error handler of oversized chunks (i.e. larger than PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error. Fixed a buffer overflow error in contrib/tools/pngfix. Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp. Disabled the ARM Neon optimizations by default in the CMake file, following the default behavior of the configure script. Allowed configure.ac to work with the trunk version of autoconf. Removed the support for "install" targets from the legacy makefiles; removed the obsolete makefile.cegcc. Cleaned up the code and updated the internal documentation. Version 1.6.38 [September 14, 2022] Added configurations and scripts for continuous integration. Fixed various errors in the handling of tRNS, hIST and eXIf. Implemented many stability improvements across all platforms. Updated the internal documentation.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 92cb2b5573d342d5836e4b7ef98f93a941063a25 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 25 11:57:10 2022 +0000
Core Update 172: Ship libedit
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 6bdf47513b819bb5b50a17cdc637a4722f06bac4 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 09:51:43 2022 +0100
libedit: Update to version 20221030-3.1
- Update from 20210910-3.1 to 20221030-3.1 - Update of rootfile - Changelog * version-info: 0:70:0 * src/sys.h, src/reallocarr.c: Remove unused sys/cdefs.h include, to compile against musl libc * version-info: 0:69:0 * src/sys.h: Add __sun guard around sys/types.h in sys.h * all: sync with upstream source
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 394437551f2ec8506a0c42987a5014a7e67ce804 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 25 11:56:11 2022 +0000
Core Update 172: Ship curl
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8cb2214c3af990cfec03eb64d70930dbe6b003ca Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 25 09:51:25 2022 +0100
curl: Update to version 7.86.0
- Update from version 7.84.0 to 7.86.0 - Update of rootfile - curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this is now built into the source tarball version - Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES file in the source tarballs.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit f07ddd93938e4fb67ebed9217312dff4f522cc4c Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 25 11:55:16 2022 +0000
Core Update 172: Remove pcmcia files
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit bff0999f031af9e5ea1aaa15fcbc7750a27f54e3 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 23 21:07:38 2022 +0100
pcmciautils: Remove package from IPFire
- Current version is 014 which was released in 2008. The latest version is 018 which was released in 2011. - In 2010 pcmcia was acquired by the USB Implementers forum and all work has been focussed on usb only with nothing on pcmcia. - pcmcia is only still used as a legacy requirement on industrial computing systems for machine control etc. pcmcia was introduced originally for laptop use. - All new laptops have no pcmcia slot. Searching on amazon for laptop with pcmcia gave 55 results none of which had any pcmcia capability. - Based on the above the package pcmciautils is being removed from IPFire.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit ef3feaf566082ae5b160ea1d8cc2c3f556a5f52f Author: Jon Murphy jon.murphy@ipfire.org Date: Wed Nov 23 12:50:48 2022 -0600
pcengines-apu-firmware: Update to version 4.17.0.2
- Update from 4.17.0.1 to 4.17.0.2 - Changelog v4.17.0.2 - Release date: 2022-07-29 Rebased with official coreboot repository commit df721bd See: https://github.com/pcengines/coreboot/compare/v4.17.0.1...v4.17.0.2
Signed-off-by: Jon Murphy jon.murphy@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 7bdda6ae236f5aed480a9ee2167809829308838d Author: Peter Müller peter.mueller@ipfire.org Date: Wed Nov 23 12:26:14 2022 +0000
Core Update 172: Ship nano
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 437e0a736834730154f2f67f64d23de0bb48eefd Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Nov 21 16:45:07 2022 +0100
nano: Update to 7.0
For details see: https://www.nano-editor.org/news.php
"2022 November 15 - GNU nano 7.0 "Una existencia simple bajo el sol"
String binds may contain bindable function names between braces. For example, to move the current line down to after the next one: bind ^D "{cut}{down}{paste}{up}" main. Of course, braced function names may be mixed with literal text. If an existing string bind contains a literal {, replace it with {{}. Unicode codes can be entered (via M-V) without leading zeroes, by finishing short codes with <Space> or <Enter>. Word completion (^]) looks for candidates in all open buffers. No regular expression matches the final empty line any more."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 96adb7977219ddc8e7a28bbe7381cf604cbe7397 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 22:49:02 2022 +0100
swig: Update to version 4.1.0
- Update from version 4.0.2 to 4.1.0 - Update of rootfile - Changelog SWIG-4.1.0 summary: - Add Javascript Node v12-v18 support, remove support prior to v6. - Octave 6.0 to 6.4 support added. - Add PHP 8 support. - PHP wrapping is now done entirely via PHP's C API - no more .php wrapper. - Perl 5.8.0 is now the oldest version SWIG supports. - Python 3.3 is now the oldest Python 3 version SWIG supports. - Python 3.9-3.11 support added. - Various memory leak fixes in Python generated code. - Scilab 5.5-6.1 support improved. - Many improvements for each and every target language. - Various preprocessor expression handling improvements. - Improved C99, C++11, C++14, C++17 support. Start adding C++20 standard. - Make SWIG much more move semantics friendly. - Add C++ std::unique_ptr support. - Few minor C++ template handling improvements. - Various C++ using declaration fixes. - Few fixes for handling Doxygen comments. - GitHub Actions is now used instead of Travis CI for continuous integration. - Add building SWIG using CMake as a secondary build system. - Update optional SWIG build dependency for regex support from PCRE to PCRE2.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e47370a167869da39c5962ff9f9f032d7bd995ee Author: Robin Roevens robin.roevens@disroot.org Date: Tue Nov 8 21:09:11 2022 +0100
services.cgi: translate "Addon"
* Translate string "Addon" in services.cgi * Added EN/NL translations * Correct existing plural DE translation for singular "Add-on" * Fix usage of the incorrect strings "addon(s)" to correct hyphenated "add-on(s)" also in other translation strings for EN/NL/DE
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit 819e5e087f02eb4d922d3246110be759fbea59f7 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:11:45 2022 +0000
Core Update 172: Ship u-boot and regenerate all initrds
The latter is also needed to apply new CPU microcodes on x86_64.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit afa464fd4aebfab35badb0d4231b492dde1fe728 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Nov 20 09:46:42 2022 +0000
u-boot: create signed bootscript at build time
before this was as binary in git which make no real sense.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 6163e1b766ec88855a4dd88d79086d671ee4fb51 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Nov 20 08:54:27 2022 +0000
u-boot: update to 2022.10 and arm-trusted-firmware-2.7
this should fix keyboard issues on rpi-4 and many other problems.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit ae6eae447de0a839150fcc01a3a9c87d22f00f5f Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:05:54 2022 +0000
Core Update 172: Ship usbutils
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a2e50df0fa337b860b4c1075d8f2ac03ddeb2ad2 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 22:49:13 2022 +0100
usbutils: Update to version 015
- Update from version 014 to 015 - Update of rootfile not required - Changelog usbutils 015 usb-devices: list the root devices in numerical order usb-devices: use 'local' variable type to handle recursion lsusb: remove unused wireless check lsusb: remove wireless descriptor information usb-devices: fix field width on device speed field lsusb: fix up Midi Device specification devices Fix an runtime error reported by undefind sanitizer lsusb: Improve status display for SuperSpeedPlus hubs lsusb-t: Fix recursive sorting on child devices.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit d84dac1555e8373b58ebe2fb9bf084d15f241a37 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:05:21 2022 +0000
Core Update 172: Ship sed
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 6948b9f7e9b04c1f08b5b099e3d55f92e8fd7af9 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 22:48:51 2022 +0100
sed: Update to version 4.9
- Update from version 4.8 to 4.9 - Update of rootfile not required - Changelog * Noteworthy changes in release 4.9 (2022-11-06) [stable] ** Bug fixes 'sed --follow-symlinks -i' no longer loops forever when its operand is a symbolic link cycle. [bug introduced in sed 4.2] a program with an execution line longer than 2GB can no longer trigger an out-of-bounds memory write. using the R command to read an input line of length longer than 2GB can no longer trigger an out-of-bounds memory read. In locales using UTF-8 encoding, the regular expression '.' no longer sometimes fails to match Unicode characters U+D400 through U+D7FF (some Hangul Syllables, and Hangul Jamo Extended-B) and Unicode characters U+108000 through U+10FFFF (half of Supplemental Private Use Area plane B). [bug introduced in sed 4.8] I/O errors involving temp files no longer confuse sed into using a FILE * pointer after fclosing it, which has undefined behavior in C. ** New Features The 'r' command now accepts address 0, allowing inserting a file before the first line. ** Changes in behavior Sed now prints the less-surprising variant in a corner case of POSIX-unspecified behavior. Before, this would print "n". Now, it prints "X": printf n | sed 'sn\nnXn'; echo
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 363c41724babbb13e670bdbd4cd27a24ec9552dc Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:04:45 2022 +0000
Core Update 172: Ship openvpn
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c86225c9448cfe8972f97be6e7c347502487214b Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 22:48:37 2022 +0100
openvpn: Update to version 2.5.8
- Update from version 2.5.7 to 2.5.8 - Update of rootfile not required - Changelog Version 2.5.8 tls-crypt-v2: bail out if the client key is too small Remove useless empty line from CR_RESPONSE message Allow running a default configuration with TLS libraries without BF-CBC Change command help to match man page and implementation Fix OpenVPN querying user/password if auth-token with user expires t_client: Allow to force FAIL on prerequisite fails t_client.sh: do not require fping6 Preparing release 2.5.8 msvc: add branch name and commit hash to version output Update the replay-window backtrack log message Do not skip ERROR:/SUCCESS: response from management interface Fix auth-token usage with management-def-auth Allow a few levels of recursion in virtual_output_callback() Ensure --auth-nocache is handled during renegotiation Purge auth-token as well while purging passwords Do not copy auth_token username to itself
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit a9aae44d6a2c6192ccb840dddde686f922808ec1 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:04:14 2022 +0000
Core Update 172: Ship xz
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 6ff6ba85ba0787c54cf5caa82a9171ca8b12e350 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:52:36 2022 +0100
xz: Update to version 5.2.8
- Update from version 5.2.5 to 5.2.8 - Update of rootfile - Remove xzgrep-ZDI-CAN-16587 patch as the contents are now integrated into the source tarball and with an improved quicker method - see changelog below. - Changelog 5.2.8 (2022-11-13) * xz: - If xz cannot remove an input file when it should, this is now treated as a warning (exit status 2) instead of an error (exit status 1). This matches GNU gzip and it is more logical as at that point the output file has already been successfully closed. - Fix handling of .xz files with an unsupported check type. Previously such printed a warning message but then xz behaved as if an error had occurred (didn't decompress, exit status 1). Now a warning is printed, decompression is done anyway, and exit status is 2. This used to work slightly before 5.0.0. In practice this bug matters only if xz has been built with some check types disabled. As instructed in PACKAGERS, such builds should be done in special situations only. - Fix "xz -dc --single-stream tests/files/good-0-empty.xz" which failed with "Internal error (bug)". That is, --single-stream was broken if the first .xz stream in the input file didn't contain any uncompressed data. - Fix displaying file sizes in the progress indicator when working in passthru mode and there are multiple input files. Just like "gzip -cdf", "xz -cdf" works like "cat" when the input file isn't a supported compressed file format. In this case the file size counters weren't reset between files so with multiple input files the progress indicator displayed an incorrect (too large) value. * liblzma: - API docs in lzma/container.h: * Update the list of decoder flags in the decoder function docs. * Explain LZMA_CONCATENATED behavior with .lzma files in lzma_auto_decoder() docs. - OpenBSD: Use HW_NCPUONLINE to detect the number of available hardware threads in lzma_physmem(). - Fix use of wrong macro to detect x86 SSE2 support. __SSE2_MATH__ was used with GCC/Clang but the correct one is __SSE2__. The first one means that SSE2 is used for floating point math which is irrelevant here. The affected SSE2 code isn't used on x86-64 so this affects only 32-bit x86 builds that use -msse2 without -mfpmath=sse (there is no runtime detection for SSE2). It improves LZMA compression speed (not decompression). - Fix the build with Intel C compiler 2021 (ICC, not ICX) on Linux. It defines __GNUC__ to 10 but doesn't support the __symver__ attribute introduced in GCC 10. * Scripts: Ignore warnings from xz by using --quiet --no-warn. This is needed if the input .xz files use an unsupported check type. * Translations: - Updated Croatian and Turkish translations. - One new translations wasn't included because it needed technical fixes. It will be in upcoming 5.4.0. No new translations will be added to the 5.2.x branch anymore. - Renamed the French man page translation file from fr_FR.po to fr.po and thus also its install directory (like /usr/share/man/fr_FR -> .../fr). - Man page translations for upcoming 5.4.0 are now handled in the Translation Project. * Update doc/faq.txt a little so it's less out-of-date. 5.2.7 (2022-09-30) * liblzma: - Made lzma_filters_copy() to never modify the destination array if an error occurs. lzma_stream_encoder() and lzma_stream_encoder_mt() already assumed this. Before this change, if a tiny memory allocation in lzma_filters_copy() failed it would lead to a crash (invalid free() or invalid memory reads) in the cleanup paths of these two encoder initialization functions. - Added missing integer overflow check to lzma_index_append(). This affects xz --list and other applications that decode the Index field from .xz files using lzma_index_decoder(). Normal decompression of .xz files doesn't call this code and thus most applications using liblzma aren't affected by this bug. - Single-threaded .xz decoder (lzma_stream_decoder()): If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible to use lzma_memlimit_set() to increase the limit and continue decoding. This was supposed to work from the beginning but there was a bug. With other decoders (.lzma or threaded .xz decoder) this already worked correctly. - Fixed accumulation of integrity check type statistics in lzma_index_cat(). This bug made lzma_index_checks() return only the type of the integrity check of the last Stream when multiple lzma_indexes were concatenated. Most applications don't use these APIs but in xz it made xz --list not list all check types from concatenated .xz files. In xz --list --verbose only the per-file "Check:" lines were affected and in xz --robot --list only the "file" line was affected. - Added ABI compatibility with executables that were linked against liblzma in RHEL/CentOS 7 or other liblzma builds that had copied the problematic patch from RHEL/CentOS 7 (xz-5.2.2-compat-libs.patch). For the details, see the comment at the top of src/liblzma/validate_map.sh. WARNING: This uses __symver__ attribute with GCC >= 10. In other cases the traditional __asm__(".symver ...") is used. Using link-time optimization (LTO, -flto) with GCC versions older than 10 can silently result in broken liblzma.so.5 (incorrect symbol versions)! If you want to use -flto with GCC, you must use GCC >= 10. LTO with Clang seems to work even with the traditional __asm__(".symver ...") method. * xzgrep: Fixed compatibility with old shells that break if comments inside command substitutions have apostrophes ('). This problem was introduced in 5.2.6. * Build systems: - New #define in config.h: HAVE_SYMBOL_VERSIONS_LINUX - Windows: Fixed liblzma.dll build with Visual Studio project files. It broke in 5.2.6 due to a change that was made to improve CMake support. - Windows: Building liblzma with UNICODE defined should now work. - CMake files are now actually included in the release tarball. They should have been in 5.2.5 already. - Minor CMake fixes and improvements. * Added a new translation: Turkish 5.2.6 (2022-08-12) * xz: - The --keep option now accepts symlinks, hardlinks, and setuid, setgid, and sticky files. Previously this required using --force. - When copying metadata from the source file to the destination file, don't try to set the group (GID) if it is already set correctly. This avoids a failure on OpenBSD (and possibly on a few other OSes) where files may get created so that their group doesn't belong to the user, and fchown(2) can fail even if it needs to do nothing. - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on MIPS32 because on MIPS32 userspace processes are limited to 2 GiB of address space. * liblzma: - Fixed a missing error-check in the threaded encoder. If a small memory allocation fails, a .xz file with an invalid Index field would be created. Decompressing such a file would produce the correct output but result in an error at the end. Thus this is a "mild" data corruption bug. Note that while a failed memory allocation can trigger the bug, it cannot cause invalid memory access. - The decoder for .lzma files now supports files that have uncompressed size stored in the header and still use the end of payload marker (end of stream marker) at the end of the LZMA stream. Such files are rare but, according to the documentation in LZMA SDK, they are valid. doc/lzma-file-format.txt was updated too. - Improved 32-bit x86 assembly files: * Support Intel Control-flow Enforcement Technology (CET) * Use non-executable stack on FreeBSD. - Visual Studio: Use non-standard _MSVC_LANG to detect C++ standard version in the lzma.h API header. It's used to detect when "noexcept" can be used. * xzgrep: - Fixed arbitrary command injection via a malicious filename (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for this was released to the public on 2022-04-07. A slight robustness improvement has been made since then and, if using GNU or *BSD grep, a new faster method is now used that doesn't use the old sed-based construct at all. This also fixes bad output with GNU grep >= 3.5 (2020-09-27) when xzgrepping binary files. This vulnerability was discovered by: cleemy desu wayo working with Trend Micro Zero Day Initiative - Fixed detection of corrupt .bz2 files. - Improved error handling to fix exit status in some situations and to fix handling of signals: in some situations a signal didn't make xzgrep exit when it clearly should have. It's possible that the signal handling still isn't quite perfect but hopefully it's good enough. - Documented exit statuses on the man page. - xzegrep and xzfgrep now use "grep -E" and "grep -F" instead of the deprecated egrep and fgrep commands. - Fixed parsing of the options -E, -F, -G, -P, and -X. The problem occurred when multiple options were specied in a single argument, for example, echo foo | xzgrep -Fe foo treated foo as a filename because -Fe wasn't correctly split into -F -e. - Added zstd support. * xzdiff/xzcmp: - Fixed wrong exit status. Exit status could be 2 when the correct value is 1. - Documented on the man page that exit status of 2 is used for decompression errors. - Added zstd support. * xzless: - Fix less(1) version detection. It failed if the version number from "less -V" contained a dot. * Translations: - Added new translations: Catalan, Croatian, Esperanto, Korean, Portuguese, Romanian, Serbian, Spanish, Swedish, and Ukrainian - Updated the Brazilian Portuguese translation. - Added French man page translation. This and the existing German translation aren't complete anymore because the English man pages got a few updates and the translators weren't reached so that they could update their work. * Build systems: - Windows: Fix building of resource files when config.h isn't used. CMake + Visual Studio can now build liblzma.dll. - Various fixes to the CMake support. Building static or shared liblzma should work fine in most cases. In contrast, building the command line tools with CMake is still clearly incomplete and experimental and should be used for testing only.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit a0b158da4c72f6d0f9167230f261d9b971a90c72 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:03:12 2022 +0000
Core Update 172: Ship libxcrypt
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c81385f7f87b06fe6df6768a967eeaf7baa37e58 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:52:25 2022 +0100
libxcrypt: Update to version 4.4.33
- Update from version 4.4.28 to 4.4.33 - Update of rootfile not required - Changelog Version 4.4.33 * Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c. With commit 894aee75433b4dc8d9724b126da6e79fa5f6814b we introduced some changes to huge page handling, that show this error when building with GCC v12.2.1, and thus need a small fix. Version 4.4.32 * Improvements to huge page handling in lib/alg-yescrypt-platform.c. When explicitly using huge pages, request the 2 MiB page size. This should fix the issue where on a system configured to use 1 GiB huge pages we'd fail on munmap() as we're only rounding the size up to a multiple of 2 MiB. With the fix, we wouldn't use huge pages on such a system. Unfortunately, now we also wouldn't use huge pages on Linux kernels too old to have MAP_HUGE_2MB (issue #152). Version 4.4.31 * Fix -Werror=conversion in lib/alg-yescrypt-opt.c (issues #161 and #162). * Add some SHA-2 Maj() optimization in lib/alg-sha256.c. * Fix issues found by Covscan in test/getrandom-fallback.c. * Fix -Werror=strict-overflow in lib/crypt-des.c, which is seen by GCC 12.x (issues #155 and #163). Version 4.4.30 * configure: Restore ucontext api functionality check. In c3f01c72b303cbbb0cc8983120677edee2f3fa4b the use of the ucontext api in the main program was removed, and with it the configure check for it. However, the ucontext api is still used in the "explicit_bzero" test and thus this test still needs to be in place. See also: https://bugs.gentoo.org/838172 * configure: Restore the functionality of the '--disable-symvers' switch. Without this fix the build was simply broken, if symbol versioning was disabled for any reason, e.g. whether the compiler nor the linker supporting it, or if disabled on purpose by the user (issue #142). * Fix variable name in crypt(3) for a datamember of 'struct crypt_data' (issue #153). Version 4.4.29 * Add glibc-on-loongarch-lp64 (Loongson LA464 / LA664) entry to libcrypt.minver. This was added in GNU libc 2.36.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit fab890c51874d204f02fbd81c4af465963b92e48 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:02:29 2022 +0000
Core Update 172: Ship libuv
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit fa3f331a2e8417c631d280713eccbe74b5711421 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:52:10 2022 +0100
libuv: Update to version 1.44.2
- Update from 1.42.0 to 1.44.2 - Update of rootfile not required. - Changelog Version 1.44.2 * Add SHA to ChangeLog (Jameson Nash) * aix, ibmi: handle server hang when remote sends TCP RST (V-for-Vasili) * build: make CI a bit noisier (Jameson Nash) * process: reset the signal mask if the fork fails (Jameson Nash) * zos: implement cmpxchgi() using assembly (Shuowang (Wayne) Zhang) * build: AC_SUBST for AM_CFLAGS (Claes Nästén) * ibmi: Implement UDP disconnect (V-for-Vasili) * doc: update active maintainers list (Ben Noordhuis) * build: fix kFreeBSD build (James McCoy) * build: remove Windows 2016 workflows (Darshan Sen) * Revert "win,errors: remap ERROR_ACCESS_DENIED to UV_EACCES" (Darshan Sen) * unix: simplify getpwuid call (Jameson Nash) * build: filter CI by paths and branches (Jameson Nash) * build: add iOS to macos CI (Jameson Nash) * build: re-enable CI for windows changes (Jameson Nash) * process,iOS: fix build breakage in process.c (Denny C. Dai) * test: remove unused declarations in tcp_rst test (V-for-Vasili) * core: add thread-safe strtok implementation (Guilherme Íscaro) * win: fix incompatible-types warning (twosee) * test: fix flaky file watcher test (Ben Noordhuis) * build: fix AIX xlc autotools build (V-for-Vasili) * unix,win: fix UV_RUN_ONCE + uv_idle_stop loop hang (Ben Noordhuis) * win: fix unexpected ECONNRESET error on TCP socket (twosee) * doc: make sample cross-platform build (gengjiawen) * test: separate some static variables by test cases (Hannah Shi) * sunos: fs-event callback can be called after uv_close() (Andy Fiddaman) * uv: re-register interest in a file after change (Shuowang (Wayne) Zhang) * uv: register UV_RENAME event for _RFIM_UNLINK (Shuowang (Wayne) Zhang) * uv: register __rfim_event 156 as UV_RENAME (Shuowang (Wayne) Zhang) * doc: remove smartos from supported platforms (Ben Noordhuis) * macos: avoid posix_spawnp() cwd bug (Jameson Nash) * release: check versions of autogen scripts are newer (Jameson Nash) * test: rewrite embed test (Ben Noordhuis) * openbsd: use utimensat instead of lutimes (tuftedocelot) * doc: fix link to uvwget example main() function (blogdaren) * unix: use MSG_CMSG_CLOEXEC where supported (Ben Noordhuis) * test: remove disabled callback_order test (Ben Noordhuis) * win,pipe: fix bugs with pipe resource lifetime management (Jameson Nash) * loop: better align order-of-events behavior between platforms (Jameson Nash) * aix,test: uv_backend_fd is not supported by poll (V-for-Vasili) * kqueue: skip EVFILT_PROC when invalidating fds (chucksilvers) * darwin: fix atomic-ops.h ppc64 build (Sergey Fedorov) * zos: don't err when killing a zombie process (Shuowang (Wayne) Zhang) * zos: avoid fs event callbacks after uv_close() (Shuowang (Wayne) Zhang) * zos: correctly format interface addresses names (Shuowang (Wayne) Zhang) * zos: add uv_interface_addresses() netmask support (Shuowang (Wayne) Zhang) * zos: improve memory management of ip addresses (Shuowang (Wayne) Zhang) * tcp,pipe: fail `bind` or `listen` after `close` (theanarkh) * zos: implement uv_available_parallelism() (Shuowang (Wayne) Zhang) * udp,win: fix UDP compiler warning (Jameson Nash) * zos: fix early exit of epoll_wait() (Shuowang (Wayne) Zhang) * unix,tcp: fix errno handling in uv__tcp_bind() (Samuel Cabrero) * shutdown,unix: reduce code duplication (Jameson Nash) * unix: fix c99 comments (Ben Noordhuis) * unix: retry tcgetattr/tcsetattr() on EINTR (Ben Noordhuis) * docs: update introduction.rst (Ikko Ashimine) * unix,stream: optimize uv_shutdown() codepath (Jameson Nash) * zos: delay signal handling until after normal i/o (Shuowang (Wayne) Zhang) * stream: uv__drain() always needs to stop POLLOUT (Jameson Nash) * unix,tcp: allow EINVAL errno from setsockopt in uv_tcp_close_reset() (Stacey Marshall) * win,shutdown: improve how shutdown is dispatched (Jameson Nash) Version 1.44.1 * process: simplify uv__write_int calls (Jameson Nash) * macos: don't use thread-unsafe strtok() (Ben Noordhuis) * process: fix hang after NOTE_EXIT (Jameson Nash) Version 1.44.0 * darwin: remove EPROTOTYPE error workaround (Ben Noordhuis) * doc: fix v1.43.0 changelog entries (cjihrig) * win: replace CRITICAL_SECTION+Semaphore with SRWLock (David Machaj) * darwin: translate EPROTOTYPE to ECONNRESET (Ben Noordhuis) * android: use libc getifaddrs() (Ben Noordhuis) * unix: fix STATIC_ASSERT to check what it means to check (Jessica Clarke) * unix: ensure struct msghdr is zeroed in recvmmsg (Ondřej Surý) * test: test with maximum recvmmsg buffer (Ondřej Surý) * unix: don't allow too small thread stack size (Ben Noordhuis) * bsd: ensure mutex is initialized (Ben Noordhuis) * doc: add gengjiawen as maintainer (gengjiawen) * process: monitor for exit with kqueue on BSDs (Jeremy Rose) * test: fix flaky uv_fs_lutime test (Momtchil Momtchev) * build: fix cmake install locations (Jameson Nash) * thread,win: fix C90 style nit (ssrlive) * build: rename CFLAGS to AM_CFLAGS (Jameson Nash) * doc/guide: update content and sample code (woclass) * process,bsd: handle kevent NOTE_EXIT failure (Jameson Nash) * test: remove flaky test ipc_closed_handle (Ben Noordhuis) * darwin: bump minimum supported version to 10.15 (Ben Noordhuis) * win: return fractional seconds in uv_uptime() (Luca Adrian L) * build: export uv_a for cmake (WenTao Ou) * loop: add pending work to loop-alive check (Jameson Nash) * win: use GetTickCount64 for uptime again (Jameson Nash) * win: restrict system DLL load paths (jonilaitinen) * win,errors: remap ERROR_ACCESS_DENIED to UV_EACCES (Darshan Sen) * bench: add `uv_queue_work` ping-pong measurement (Momtchil Momtchev) * build: fix error C4146 on MSVC (UMU) * test: fix benchmark-ping-udp (Ryan Liptak) * win,fs: consider broken pipe error a normal EOF (Momtchil Momtchev) * document the values of enum uv_stdio_flags (Paul Evans) * win,loop: add missing uv_update_time (twosee) * win,fs: avoid closing an invalid handle (Jameson Nash) * fix oopsie from * doc: clarify android api level (Ben Noordhuis) * win: fix style nits [NFC] (Jameson Nash) * test: fix flaky udp_mmsg test (Santiago Gimeno) * test: fix ipc_send_recv_pipe flakiness (Ben Noordhuis) * doc: checkout -> check out (wyckster) * core: change uv_get_password uid/gid to unsigned (Jameson Nash) * hurd: unbreak build on GNU/Hurd (Vittore F. Scolari) * freebsd: use copy_file_range() in uv_fs_sendfile() (David Carlier) * test: use closefd in runner-unix.c (Guilherme Íscaro) * Reland "macos: use posix_spawn instead of fork" (Jameson Nash) * android: fix build error when no ifaddrs.h (ssrlive) * unix,win: add uv_available_parallelism() (Ben Noordhuis) * process: remove OpenBSD from kevent list (Jameson Nash) * zos: fix build breakage (Ben Noordhuis) * process: only use F_DUPFD_CLOEXEC if it is defined (Jameson Nash) * win,poll: add the MSAFD GUID for AF_UNIX (roflcopter4) * unix: simplify uv__cloexec_fcntl() (Ben Noordhuis) * doc: add secondary GPG ID for vtjnash (Jameson Nash) * unix: remove uv__cloexec_ioctl() (Jameson Nash) Version 1.43.0 * run test named ip6_sin6_len (Jameson Nash) * docs: fix wrong information about scheduling (Mohamed Edrah) * unix: protect fork in uv_spawn from signals (Jameson Nash) * drop only successfully sent packets post sendmmsg (Supragya Raj) * test: fix typo in test-tty-escape-sequence-processing.c (Ikko Ashimine) * cmake: use standard installation layout always (Sylvain Corlay) * win,spawn: allow UNC path with forward slash (earnal) * win,fsevent: fix uv_fs_event_stop() assert (Ben Noordhuis) * unix: remove redundant include in unix.h (Juan José Arboleda) * doc: mark SmartOS as Tier 3 support (Ben Noordhuis) * doc: fix broken links for netbsd's sysctl manpage (YAKSH BARIYA) * misc: adjust stalebot deadline (Ben Noordhuis) * test: remove `dns-server.c` as it is not used anywhere (Darshan Sen) * build: fix non-cmake android builds (YAKSH BARIYA) * doc: replace pyuv with uvloop (Ofek Lev) * asan: fix some tests (Jameson Nash) * build: add experimental TSAN configuration (Jameson Nash) * pipe: remove useless assertion (~locpyl-tidnyd) * bsd: destroy mutex in uv__process_title_cleanup() (Darshan Sen) * build: add windows build to CI (Darshan Sen) * win,fs: fix error code in uv_fs_read() and uv_fs_write() (Darshan Sen) * build: add macos-latest to ci matrix (Ben Noordhuis) * udp: fix &/&& typo in macro condition (Evan Miller) * build: install cmake package module (Petr Menšík) * win: fix build for mingw32 (Nicolas Noble) * build: fix build failures with MinGW new headers (erw7) * build: fix win build with cmake versions before v3.14 (AJ Heller) * unix: support aarch64 in uv_cpu_info() (Juan José Arboleda) * linux: work around CIFS EPERM bug (Ben Noordhuis) * sunos: Oracle Developer Studio support (Stacey Marshall) * Revert "sunos: Oracle Developer Studio support (cjihrig) * sunos: Oracle Developer Studio support (Stacey Marshall) * stream: permit read after seeing EOF (Jameson Nash) * thread: initialize uv_thread_self for all threads (Jameson Nash) * kqueue: ignore write-end closed notifications (Jameson Nash) * macos: fix the cfdata length in uv__get_cpu_speed (Jesper Storm Bache) * unix,win: add uv_ip_name to get name from sockaddr (Campbell He) * win,test: fix a few typos (AJ Heller) * zos: use destructor for uv__threadpool_cleanup() (Wayne Zhang) * linux: use MemAvailable instead of MemFree (Andrey Hohutkin) * freebsd: call dlerror() only if necessary (Jameson Nash) * bsd,windows,zos: fix udp disconnect EINVAL (deal)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit a8e3499f78edf9aa51503958eae21248d9c65c12 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:51:48 2022 +0100
libpipeline: Update to version 1.5.7
- Update from 1.5.6 to 1.5.7 - Update of rootfile - Changelog Version: 1.5.7 * lib/Makefile.am (libpipeline_la_LDFLAGS): Bump -version-info to 6:7:5. Make socketpair configure tests compatible with C23 K&R-style zero-argument function definitions will no longer be permitted. * m4/pipeline-socketpair.m4 (PIPELINE_SOCKETPAIR_PIPE, PIPELINE_SOCKETPAIR_MODE): Use `int main(void)`, not `int main()`. * NEWS.md: Document this. Update pre-commit hooks * .pre-commit-config.yaml (pre-commit-hooks): Update to v4.3.0. (clang-format): Update to v14.0.6. Update manual page date * man/libpipeline.3 (.Dd): Update to the date of the last substantial modification. Leaving this as 2010 suggested more antiquity than we need to suggest. Update home page URL * README.md: Use `https://libpipeline.gitlab.io/libpipeline/%60. * lib/libpipeline.pc.in (URL): Likewise. web: Update last release * web/index.html: Update to 1.5.6. web: Fix last-modified date generation * .gitlab-ci.yml: Replace `@DATE@` with the current date in `public/index.html`. * web/index.html: Use `@DATE@` template. web: Assorted URL updates * web/index.html: Update Git URLs to GitLab. Chase various redirects and/or switch to HTTPS. Remove old Savannah link. Add GitLab Pages site * .gitlab-ci.yml (stages): Add deploy. (pages): New job. * web/index.html, web/libpipeline-lightning-talk.odp, web/standard.css, web/white.css: New files. Transferred Git repository to new group * README.md: Change GitLab URL to https://gitlab.com/libpipeline/libpipeline. * NEWS.md: Document this. Add notes to libpipeline(3) of when functions were added * man/libpipeline.3 (DESCRIPTION, ENVIRONMENT): Add various "Added in" notes. * NEWS.md: Document this.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit b830e457e7ca497211dedfb408a3551be2724753 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:51:35 2022 +0100
libassuan: Update to version 2.5.5
- Update from 2.5.4 to 2.5.5 - Update of rootfile - Changelog Release 2.5.5. Support Unicode when starting servers on Windows. * src/assuan-socket.c (utf8_to_wchar): Rename to (_assuan_utf8_to_wchar): this and give global scope. * src/system-w32.c (__assuan_spawn): Use CreateProcessW. m4: Update with newer autoconf constructs. * src/libassuan.m4: Replace AC_HELP_STRING to AS_HELP_STRING. build: Update to newer autoconf constructs. * configure.ac: Use AC_CONFIG_HEADERS instead of AM_CONFIG_HEADER. Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE. Use AS_HELP_STRING instead of AC_HELP_STRING. (AC_TYPE_SIGNAL): Remove. (AC_DECL_SYS_SIGLIST): Remove. * m4/Makefile.am (EXTRA_DIST): Update. * m4/gnupg-pth.m4: Remove. * m4/onceonly.m4: Remove. * m4/socklen.m4: Update from gnulib. * m4/libtool.m4: Update from libgpg-error. * m4/gpg-error.m4: Update from libgpg-error. Fix crash when logging. * src/assuan-logging.c (_assuan_log_control_channel): Use gpgrt_malloc.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 7e464d15159e56156e9036c664a189025fc2c977 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 10:59:24 2022 +0000
Core Update 172: Ship readline
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f86ae7d1a6fd6436aa3d285f0a1c2fdc9ce364f6 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 15:40:35 2022 +0100
gdb: Patch for building with readline-8.2
- Patch required for successful building with readline-8.2 In readline 8.2 the type of rl_completer_word_break_characters changed to include const.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 1ad5a01388970e3349f83702596d83ce44b1a8f4 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 15:40:34 2022 +0100
readline: Update to version 8.2 plus patch 1
- Update from version 8.1 to 8.2 plus patch 1 - Update of rootfile - Changelog version 8.2 There is a new framework for readline timeouts, including new public functions to set timeouts and query how much time is remaining before a timeout hits, and a hook function that can trigger when readline times out. There is a new state value to indicate a timeout. There is a new option: `enable-active-region'. This separates control of the active region and bracketed-paste. It has the same default value as bracketed-paste, and enabling bracketed paste enables the active region. Users can now turn off the active region while leaving bracketed paste enabled. Two new bindable string variables are available; their values are terminal escape sequences that set the color used to display the active region and turn it off, respectively. If set, these are used in place of terminal standout mode. Finally, Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate locale-specific display and key binding variables when the locale changes. There are a few bug fixes in the redisplay code when restoring the prompt after a digit-argument prompt or incremental search back to a prompt that contains invisible multibyte characters. There are more checks for read errors, especially in the middle of readline commands; previous versions could loop or return incorrect data. Full details are below. GNU Readline is a library which provides programs with an input facility including command-line editing and history. Editing commands similar to both emacs and vi are included. The GNU History library, which provides facilities for managing a list of previously-typed command lines and an interactive command line recall facility similar to that provided by csh, is also present. The history library is built as part of the readline as well as separately. 1. Changes to Readline a. Fixed a problem with cleaning up active marks when using callback mode. b. Fixed a problem with arithmetic comparison operators checking the version. c. Fixed a problem that could cause readline not to build on systems without POSIX signal functions. d. Fixed a bug that could cause readline to crash if the application removed the callback line handler before readline read all typeahead. e. Added additional checks for read errors in the middle of readline commands. f. Fixed a redisplay problem that occurred when switching from the digit- argument prompt `(arg: N)' back to the regular prompt and the regular prompt contained invisible characters. g. Fixed a problem with restoring the prompt when aborting an incremental search. h. Fix a problem with characters > 128 not being displayed correctly in certain single-byte encodings. i. Fixed a problem with unix-filename-rubout that caused it to delete too much when applied to a pathname consisting only of one or more slashes. j. Fixed a display problem that caused the prompt to be wrapped incorrectly if the screen changed dimensions during a call to readline() and the prompt became longer than the screen width. k. Fixed a problem that caused the \r output by turning off bracketed paste to overwrite the line if terminal echo was disabled. l. Fixed a bug that could cause colored-completion-prefix to not display if completion-prefix-display-length was set. m. Fixed a problem with line wrapping prompts when a group of invisible characters runs to the right edge of the screen and the prompt extends longer then the screen width. n. Fixed a couple problems that could cause rl_end to be set incorrectly by transpose-words. o. Prevent some display problems when running a command as the result of a trap or one bound using `bind -x' and the command generates output. p. Fixed an issue with multi-line prompt strings that have one or more invisible characters at the end of a physical line. q. Fixed an issue that caused a history line's undo list to be cleared when it should not have been. r. When replacing a history entry, make sure the existing entry has a non-NULL timestamp before copying it; it may have been added by the application, not the history library. 2. New Features in Readline a. There is now an HS_HISTORY_VERSION containing the version number of the history library for applications to use. b. History expansion better understands multiple history expansions that may contain strings that would ordinarily inhibit history expansion (e.g., `abc!$!$'). c. There is a new framework for readline timeouts, including new public functions to set timeouts and query how much time is remaining before a timeout hits, and a hook function that can trigger when readline times out. There is a new state value to indicate a timeout. d. Automatically bind termcap key sequences for page-up and page-down to history-search-backward and history-search-forward, respectively. e. There is a new `fetch-history' bindable command that retrieves the history entry corresponding to its numeric argument. Negative arguments count back from the end of the history. f. `vi-undo' is now a bindable command. g. There is a new option: `enable-active-region'. This separates control of the active region and bracketed-paste. It has the same default value as bracketed-paste, and enabling bracketed paste enables the active region. Users can now turn off the active region while leaving bracketed paste enabled. h. rl_completer_word_break_characters is now `const char *' like rl_basic_word_break_characters. i. Readline looks in $LS_COLORS for a custom filename extension (*.readline-colored-completion-prefix) and uses that as the default color for the common prefix displayed when `colored-completion-prefix' is set. j. Two new bindable string variables: active-region-start-color and active-region-end-color. The first sets the color used to display the active region; the second turns it off. If set, these are used in place of terminal standout mode. k. New readline state (RL_STATE_EOF) and application-visible variable (rl_eof_found) to allow applications to detect when readline reads EOF before calling the deprep-terminal hook. l. There is a new configuration option: --with-shared-termcap-library, which forces linking the shared readline library with the shared termcap (or curses/ncurses/termlib) library so applications don't have to do it. m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate locale-specific display and key binding variables when the locale changes.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 55ee176bb380f9b0ca57d6a60e74a0efb8c6e087 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 10:57:59 2022 +0000
Core Update 172: Ship bash
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 5be71d2a6efbbf1cf48aca6272d28fbf00ce8f12 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 15:40:05 2022 +0100
bash: Update to version 5.2 plus patches 1 to 9
- Update from version 5.1.16 to version 5.2 plus patches 1 to 9 - Update of rootfile - Changelog This is a terse description of the new features added to bash-5.2 since the release of bash-5.1. As always, the manual page (doc/bash.1) is the place to look for complete descriptions. 1. New Features in Bash a. The bash malloc returns memory that is aligned on 16-byte boundaries. b. There is a new internal timer framework used for read builtin timeouts. c. Rewrote the command substitution parsing code to call the parser recursively and rebuild the command string from the parsed command. This allows better syntax checking and catches errors much earlier. Along with this, if command substitution parsing completes with here-documents remaining to be read, the shell prints a warning message and reads the here-document bodies from the current input stream. d. The `ulimit' builtin now treats an operand remaining after all of the options and arguments are parsed as an argument to the last command specified by an option. This is for POSIX compatibility. e. Here-document parsing now handles $'...' and $"..." quoting when reading the here-document body. f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline commands now understand $'...' and $"..." quoting. g. There is a new `spell-correct-word' bindable readline command to perform spelling correction on the current word. h. The `unset' builtin now attempts to treat arguments as array subscripts without parsing or expanding the subscript, even when `assoc_expand_once' is not set. i. There is a default value for $BASH_LOADABLES_PATH in config-top.h. j. Associative array assignment and certain instances of referencing (e.g., `test -v' now allow `@' and `*' to be used as keys. k. Bash attempts to expand indexed array subscripts only once when executing shell constructs and word expansions. l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with that value for associative arrays instead of unsetting the entire array (which you can still do with `unset arrayname'). For indexed arrays, it removes all elements of the array without unsetting it (like `A=()'). m. Additional builtins (printf/test/read/wait) do a better job of not parsing array subscripts if array_expand_once is set. n. New READLINE_ARGUMENT variable set to numeric argument for readline commands defined using `bind -x'. o. The new `varredir_close' shell option causes bash to automatically close file descriptors opened with {var}<fn and other styles of varassign redirection unless they're arguments to the `exec' builtin. p. The `$0' special parameter is now set to the name of the script when running any (non-interactive) startup files such as $BASH_ENV. q. The `enable' builtin tries to load a loadable builtin using the default search path if `enable name' (without any options) attempts to enable a non-existent builtin. r. The `printf' builtin has a new format specifier: %Q. This acts like %q but applies any specified precision to the original unquoted argument, then quotes and outputs the result. s. The new `noexpand_translations' option controls whether or not the translated output of $"..." is single-quoted. t. There is a new parameter transformation operator: @k. This is like @K, but expands the result to separate words after word splitting. u. There is an alternate array implementation, selectable at `configure' time, that optimizes access speed over memory use (use the new configure --enable-alt-array-implementation option). v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty string, treat the redirection as [N]<&- or [N]>&- and close file descriptor N (default 0). w. Invalid parameter transformation operators are now invalid word expansions, and so cause fatal errors in non-interactive shells. x. New shell option: patsub_replacement. When enabled, a `&' in the replacement string of the pattern substitution expansion is replaced by the portion of the string that matched the pattern. Backslash will escape the `&' and insert a literal `&'. y. `command -p' no longer looks in the hash table for the specified command. z. The new `--enable-translatable-strings' option to `configure' allows $"..." support to be compiled in or out. aa. The new `globskipdots' shell option forces pathname expansion never to return `.' or `..' unless explicitly matched. It is enabled by default. bb. Array references using `@' and `*' that are the value of nameref variables (declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if set -u is enabled and the array (v) is unset. cc. There is a new bindable readline command name: `vi-edit-and-execute-command'. dd. In posix mode, the `printf' builtin checks for the `L' length modifier and uses long double for floating point conversion specifiers if it's present, double otherwise. ee. The `globbing' completion code now takes the `globstar' option into account. ff. `suspend -f' now forces the shell to suspend even if job control is not currently enabled. gg. Since there is no `declare -' equivalent of `local -', make sure to use `local -' in the output of `local -p'.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit ace891f71937c0e08e5b3243565e55c1704c8451 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Nov 19 20:20:28 2022 +0000
intel-microcode: Update rootfile
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a6923c547937c7b12063e34cf68fd58db22d733f Author: Peter Müller peter.mueller@ipfire.org Date: Sat Nov 19 19:27:15 2022 +0000
Core Update 172: Ship sqlite
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f7e5582a56a4dabc29197ce9a5c3eec19a48585b Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 18 23:52:10 2022 +0100
sqlite: Update to version 3400000
- Update from version 3390200 to 3400000 - Update of rootfile not required - Changelog version 3.40.0 On 2022-11-16 Add support for compiling SQLite to WASM and running it in web browsers. NB: The WASM build and its interfaces are considered "beta" and are subject to minor changes if the need arises. We anticipate finalizing the interface for the next release. Add the recovery extension that might be able to recover some content from a corrupt database file. Query planner enhancements: Recognize covering indexes on tables with more than 63 columns where columns beyond the 63rd column are used in the query and/or are referenced by the index. Extract the values of expressions contained within expression indexes where practical, rather than recomputing the expression. The NOT NULL and IS NULL operators (and their equivalents) avoid loading the content of large strings and BLOB values from disk. Avoid materializing a view on which a full scan is performed exactly once. Use and discard the rows of the view as they are computed. Allow flattening of a subquery that is the right-hand operand of a LEFT JOIN in an aggregate query. A new typedef named sqlite3_filename is added and used to represent the name of a database file. Various interfaces are modified to use the new typedef instead of "char*". This interface change should be fully backwards compatible, though it might cause (harmless) compiler warnings when rebuilding some legacy applications. Add the sqlite3_value_encoding() interface. Security enhancement: SQLITE_DBCONFIG_DEFENSIVE is augmented to prohibit changing the schema_version. The schema_version becomes read-only in defensive mode. Enhancements to the PRAGMA integrity_check statement: Columns in non-STRICT tables with TEXT affinity should not contain numeric values. Columns in non-STRICT tables with NUMERIC affinity should not contain TEXT values that could be converted into numbers. Verify that the rows of a WITHOUT ROWID table are in the correct order. Enhance the VACUUM INTO statement so that it honors the PRAGMA synchronous setting. Enhance the sqlite3_strglob() and sqlite3_strlike() APIs so that they are able to accept NULL pointers for their string parameters and still generate a sensible result. Provide the new SQLITE_MAX_ALLOCATION_SIZE compile-time option for limiting the size of memory allocations. Change the algorithm used by SQLite's built-in pseudo-random number generator (PRNG) from RC4 to Chacha20. Allow two or more indexes to have the same name as long as they are all in separate schemas. Miscellaneous performance optimizations result in about 1% fewer CPU cycles used on typical workloads. version 3.39.3 (2022-09-05): Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. See forum thread 9b9e4716c0d7bbd1. Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are deprecated and documented as not being threadsafe. See forum post 719a11e1314d1c70. Other bug and warning fixes. See the timeline for details. version 3.39.4 (2022-09-29): Fix the build on Windows so that it works with -DSQLITE_OMIT_AUTOINIT Fix a long-standing problem in the btree balancer that might, in rare cases, cause database corruption if the application uses an application-defined page cache. Enhance SQLITE_DBCONFIG_DEFENSIVE so that it disallows CREATE TRIGGER statements if one or more of the statements in the body of the trigger write into shadow tables. Fix a possible integer overflow in the size computation for a memory allocation in FTS3. Fix a misuse of the sqlite3_set_auxdata() interface in the ICU Extension.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 418a4fafc659d3444b9651592384eef6c6e9ac6d Author: Peter Müller peter.mueller@ipfire.org Date: Sat Nov 19 19:26:45 2022 +0000
Core Update 172: Ship OpenSSL
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f30206c39a5a58bf726e9e008e01db1796823b61 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 18 23:51:36 2022 +0100
openssl: Update to version 1.1.1s
- Update from version 1.1.1q to 1.1.1s - Update of rootfile - Changelog Changes between 1.1.1r and 1.1.1s [1 Nov 2022] *) Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. Changes between 1.1.1q and 1.1.1r [11 Oct 2022] *) Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases *) Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes *) Added the loongarch64 target *) Fixed a DRBG seed propagation thread safety issue *) Fixed a memory leak in tls13_generate_secret *) Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. *) Added a missing header for memcmp that caused compilation failure on some platforms
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit f299e312faca4fe6bd60052526fdb21783873f82 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 18 23:51:21 2022 +0100
dehydrated: Update to version 0.7.1
- Update from version 0.7.0 to 0.7.1 - Update of rootfile not required - Changelog ## [0.7.1] - 2022-10-31 ## Changed - `--force` no longer forces domain name revalidation by default, a new argument `--force-validation` has been added for that - Added support for EC secp521r1 algorithm (works with e.g. zerossl) - `EC PARAMETERS` are no longer written to privkey.pem (didn't seem necessary and was causing issues with various software) ## Fixed - Requests resulting in `badNonce` errors are now automatically retried (fixes operation with LE staging servers) - Deprecated `egrep` usage has been removed ## Added - Implemented EC for account keys - Domain list now also read from domains.txt.d subdirectory (behaviour might change, see docs) - Implemented RFC 8738 (validating/signing certificates for IP addresses instead of domain names) support (this will not work with most public CAs, if any!)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 1545553c185f2c3aac52010bf6afa3bbcad78cea Author: Peter Müller peter.mueller@ipfire.org Date: Sat Nov 19 19:25:32 2022 +0000
Core Update 172: Ship libnetfilter_conntrack
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 069716d42a2edaf9ceea22887ccce00fe3c560cc Author: Peter Müller peter.mueller@ipfire.org Date: Sat Nov 19 19:24:41 2022 +0000
Core Update 172: Ship conntrack-tools
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit bea1d4aef11f4bb55602cc7448c76972690e5146 Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 18 23:50:43 2022 +0100
libnetfilter_conntrack: Update to version 1.0.9
- Update from version 1.0.8 to 1.0.9 - Update of rootfile - Changelog 1.0.9 This release comes with the new nfct_nlmsg_build_filter() function that allows to add metadata for kernel-side filtering of conntrack entries during conntrack table dump. The nfct_query() API supports the new NFCT_Q_FLUSH_FILTER argument, it allows to flush only ipv4 or ipv6 entries from the connection tracking table. nfct_snprint family of functions have been updated. SCTP conntrack entries now support 'heartbeat sent/acked' state. Entries offloaded to hardware include '[HW_OFFLOAD]' in the formatted output string. Notable bugs fixed with this release include: Fix buffer overflows and out-of-bounds accesses in the nfct_snprintf() functions. nfct_nlmsg_build() did not work for ICMP flows unless all ICMP attributes were set in the reply tuple too, this affected the 'conntrack' tool where updates (e.g. setting the conntrack mark to a different value) of ICMP flows would not work. - Detailed Changes src: Handle negative snprintf return values properly src: Fix nfexp_snprintf return value docs conntrack: Replace strncpy with snprintf to improve null byte handling conntrack: Fix incorrect snprintf size calculation include: Add ARRAY_SIZE() macro conntrack: Fix buffer overflow on invalid icmp type in setters conntrack: Move icmp request>reply type mapping to common file conntrack: Fix buffer overflow in protocol related snprintf functions conntrack: Fix buffer overflows in __snprintf_protoinfo* like in *2str fns examples: check return value of nfct_nlmsg_build() libnetfilter_conntrack.pc.in: add LIBMNL_LIBS to Libs.Private conntrack: dccp print function should use dccp state conntrack: sctp: update states include: add CTA_STATS_CLASH_RESOLVE include: sync uapi header with nf-next src: add support for status dump filter include: add CTA_STATS_CHAIN_TOOLONG from linux 5.15 uapi libnetfilter_conntrack: bump version to 1.0.9 build: use the right automake variables Update .gitignore build: update obsolete autoconf macros conntrack: fix invmap_icmpv6 entries conntrack: Don't use ICMP attrs in decision to build repl tuple src: add IPS_HW_OFFLOAD flag conntrack: add flush filter command build: missing internal/proto.h in Makefile.am conntrack: add nfct_nlmsg_build_filter() helper conntrack: don't cancel nest on unknown layer 4 protocols tests: Fix for missing qa-connlabel.conf in tarball tests: Add simple tests to TESTS variable
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit b685b5e7e9e2f6d48cae352431d82f3a96962e3d Author: Adolf Belka adolf.belka@ipfire.org Date: Fri Nov 18 23:50:42 2022 +0100
conntrack-tools: Update to version 1.4.7
- Update from 1.4.6 to 1.4.7 - Update of rootfile not required - Requires update fo libnetfilter_conntrack from 1.0.8 to 1.0.9 - Changelog conntrack-tools 1.4.7 This release contains new features: * IPS_HW_OFFLOAD flag specifies that a conntrack entry has been offloaded into the hardware * 'clash_resolve' and 'chaintoolong' stats counters * Default to unspec family if '-f' flag is absent to improve support for dual-stack setups * Support filtering events by IP address family * Support flushing per IP address family * Add "save" output format representing data in conntrack parameters * Support loading conntrack commands from a batch file, e.g. generated by "save" output format * Annotate portid in events by the program name (if found) * Accept yes/no as synonyms to on/off in conntrackd.conf * Support user space helper auto-loading upon daemon startup, relieving users from manual 'nfct add helper' calls * Filter dumps by status on kernel side if possible * Accept to filter for any status other than SEEN_REPLY using 'UNREPLIED' * Use libmnl internally * Reuse netlink socket for improved performance with bulk CT entry loads * Remove '-o userspace' flag and always tag user space triggered events * Introduce '-A' command, a variant of '-I' which does not fail if the entry exists already ... and fixes: * ICMP entry creation would fail when reply data was specified * Sync zone value also * Log external inject problems as warning only * Endianness bug parsing IP addresses * Ignore conntrack ID when looking up cache entries to allow for stuck old ones to be replaced eventually * Broken parsing of IPv6 M-SEARCH requests in ssdp cthelper * Eliminate the need for lazy binding in nfct * Fix for use of unknown protocol values * Sanitize protocol value parsing, catch illegal values * Ensure unknown protocol values are included in '-o save' dumps ... and documentation updates: * Fixed examples in manual * Refer to nf_conntrack sysctl instead of the deprecated ip_conntrack one * Misc updates to the manual * Add an older example script creating an active-active setup using the cluster match
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 28b9df01a6dc6359e3916984c9d2c5130eae68d2 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Nov 19 19:22:01 2022 +0000
linux-firmware: Do not ship firmware for Realtek Bluetooth devices
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit db38a4e9a7931f2d54c0204acfa04fb6f44099d4 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Nov 19 19:17:52 2022 +0000
Core Update 172: Do not ship amd-ucode/microcode_amd_fam19h.bin.asc
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c932dcd7ae2c8398b02313d211a79d831b5d4d29 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Nov 19 19:16:07 2022 +0000
Core Update 172: Ship relevant changes of linux-firmware
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 1c609e13dee22191a09307c6a98783859a18248d Author: Peter Müller peter.mueller@ipfire.org Date: Sat Nov 19 11:18:51 2022 +0000
linux-firmware: Update to 20221109
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit d1fc3c7bee2f69814f32ddba16607b358e642b8a Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 20:06:27 2022 +0000
Core Update 172: Ship intel-microcode
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit bad01e125741a0bbb6141e733881856cad4ceab8 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 20:05:39 2022 +0000
intel-microcode: Update to 20221108
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit afd2a2a7b143ecf69bc7cda9b54199caadc4f7d4 Author: Robin Roevens robin.roevens@disroot.org Date: Fri Nov 18 16:42:34 2022 +0100
Rename misleading "check filesystem" reboot option NL translation
Some users assume that "check filesystem" does more than just trigger a simple "fsck" run. This patch changes the button label to avoid confusion. - NL translation
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit cc7bd1145c0b81201b30e02d303997e176337ed9 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 19:55:12 2022 +0000
Core Update 172: Ship bind
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ae45b1217a86b3733d02e8036d7bf26951f5d5a6 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Nov 18 20:19:26 2022 +0100
bind: Update to 9.16.35
For details for 9.16.35 and 9.16.34 (we skipped the last) see: https://downloads.isc.org/isc/bind9/9.16.35/doc/arm/html/notes.html#notes-fo...
"Notes for BIND 9.16.35 Bug Fixes
A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. [GL #3591]
In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. This has been fixed. [GL #3598]
rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. This has been fixed. [GL #3247]
Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. This has been fixed. [GL #2895]
The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. This has been fixed. [GL #3584]
Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. This has been fixed. [GL #3563]
When a DNS resource record’s TTL value was equal to the resolver’s configured prefetch “eligibility” value, the record was erroneously not treated as eligible for prefetching. This has been fixed. [GL #3603]
...
Notes for BIND 9.16.34
Bug Fixes
Changing just the TSIG key names for primaries in catalog zones’ member zones was not effective. This has been fixed. [GL #3557]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 9d5d747799470e56fcceb30458c5c87769a2f85b Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 19:45:35 2022 +0000
dtc: Update rootfile
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit e044bc2422216610680bf3656d732dcc840de9d1 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 11 12:15:37 2022 +0000
Core Update 172: Ship and apply OpenVPN Diffie-Hellman changes
Inspired by https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=2ccc799f....
Cc: Erik Kapfer erik.kapfer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit bc6227963efe10575cdb7aadfc807bd3bd968e9d Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 11 12:15:03 2022 +0000
OpenSSL: Add ffdhe4096 Diffie-Hellman parameter
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 35494eac83dda575ec4e9998f8295809bf9a280d Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 11 12:14:37 2022 +0000
OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096
Initial patch: https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=2ccc799f...
Minor adjustments to make it apply to the current state of "next", and removal of chown operation in OpenSSL's LFS file, which would have lead to the Diffie-Hellman group file being writable by nobody, for which there is no necessity.
Fixes: #12632 From: Erik Kapfer erik.kapfer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c899c04b11709fee4f38e9d13449b0e53527d907 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Nov 7 18:54:14 2022 +0100
clamav 0.105.1: New package to resolve several CVEs
For details see: https://blog.clamav.net/2022/10/new-packages-for-clamav-01037-01044.html
Fixes:
"CVE-2022-37434 - A critical severity vulnerability in the zlib library.
CVE-2022-40303 - A high severity vulnerability in the libxml2 library. Note: As of writing, the details of this CVE are not published. However, you can find additional details on other sites.
CVE-2022-40304 - A high severity vulnerability in the libxml2 library. Note: As of writing, the details of this CVE are not published. However, you can find additional details on other sites."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
commit e87bc0b45638767d301ad706f5164ee2b64f5103 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 8 14:42:46 2022 +0000
Postfix: Update to 3.7.3
This is an urgent bugfix release, see https://www.postfix.org/announcements/postfix-3.7.3.html for its announcement.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8a0be2033f8d932b1687df1b6515bfb72230acf2 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 10 19:31:33 2022 +0000
Tor: Disable SOCKS port if unused
Fixes: #11780 Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ad7300839381a67872a1ce15f2e7d72540aa6c9c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Oct 27 10:26:39 2022 +0200
memtest: update to memtest86+ v6.00
This is now a version 64bit version that can also boot via efi.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 39d6705063c1e00d946bfd1c9949666b3393527e Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 13:38:29 2022 +0000
Core Update 172: Fix menu.d file permissions
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c8274d4cfa2a23ba1a4e856edd313c1215b9065b Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 13:37:51 2022 +0000
configroot: menu.d files do not have to be writable by "nobody"
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit eae0cb549aaafbf34f61c3b1778c99ca0dd4ad77 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 13:35:17 2022 +0000
Core Update 172: Fix permissions of some library files
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 362c5537afd468e479275dc4ced9363c50d25be2 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 13:33:45 2022 +0000
Ensure /var/ipfire/updatexlrator/updxlrator-lib.pl is not writable by "nobody"
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 3135e76ea193eb75c4b9b4315634ec418a23238f Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 13:29:10 2022 +0000
configroot: Ensure connscheduler/lib.pl is not writable by "nobody"
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a26967c4b7c659a2fb134d4ddb9d120d3fcd3f16 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 10 21:23:24 2022 +0000
Tor: Update to 0.4.7.11
Please refer to https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes for this versions' release notes.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 32fcdf45e4bdd079506fbf148ce486d3a1c13bde Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Fri Nov 18 11:49:15 2022 +0100
Rename misleading "check filesystem" reboot option
Some users assume that "check filesystem" does more than just trigger a simple "fsck" run. This patch changes the button label to avoid confusion.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org
commit d41f25bd9651b3fa1dc2afefaf4787df69d49929 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Nov 18 12:30:56 2022 +0000
Python3: Update 32-bit ARM rootfile
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 508b2dda8aadcc61fff691d76cb3354c7fde75d8 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 10 20:46:03 2022 +0000
python3-msgpack: Fix architecture placeholder in rootfile
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4808c03710e7648dddba27a15dd5bc4568215fd7 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 10 15:26:28 2022 +0000
Core Update 172 requires a reboot
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f9ab4c432aa681ce03a80e8c58bce237d6d982ef Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 10 15:26:00 2022 +0000
Core Update 172: Ship Python 3.10.8 and related changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f6afaf5625564b06f04a09b8f863f1f04609a59e Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:34 2022 +0100
iotop: Modified rootfile with python-3.10.8
- rootfile for iotop is significantly different with python-3.10.8 compared to 3.10.1 Many entries now missing and iotop placed in bin instead of sbin despite source tarball setup.py having a "dirty hack to make sure iotop is installed in sbin instead of bin" - Added lines to lfs to move iotop from /bin to /sbin - Tested iotop out with python-3.10.8 installed vm system and it worked without any problems, the same as the existing version running with python-3.10.1
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit b92ee932053f10a152712ca5857b1f95622eee73 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:33 2022 +0100
libplist: Update rootfile for operation with python-3.10.8
- With python-3.10.8 the plist.so is no longer available in the site packages. libplist libraries are still available. - libplist is only used as a dependency for shairport-sync Tested by installing shairport-sync and starting/stopping it. Started and stopped successfully without any error messages. This would suggest that the libplist libraries are probably being picked up successfully. Cannot test properly as I have no Apple/iOS or related products.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 0bae316983fd885274f4352ca8eb58c5c4f1d5dd Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:32 2022 +0100
python3-flit:Modify lfs to work with python-3.10.8
- The change to python-3.10.8 caused the rootfile to have temp build files from /root/.cache to be included in it. Added commands to remove these temp build files so they were not included to the rootfile.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit d9a6af2841b5197a97677262247bb55b6c7844a7 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:31 2022 +0100
python3-urllib3:Update to version 1.26.12 and to work with python-3.10.8
- Updated from version 1.26.9 to 1.26.12 - Update of rootfile - Changelog 1.26.12 (2022-08-22) * Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module. Both will be removed in v2.x. See this `GitHub issue https://github.com/urllib3/urllib3/issues/2680`_ for justification and info on how to migrate. 1.26.11 (2022-07-25) * Fixed an issue where reading more than 2 GiB in a call to ``HTTPResponse.read`` would raise an ``OverflowError`` on Python 3.9 and earlier. 1.26.10 (2022-07-07) * Removed support for Python 3.5 * Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 03446e1efb5341170a521a6e5351ba2e105cc035 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:30 2022 +0100
python3-typing_extensions:Update to version 4.4.0 and to work with python-3.10.8
- Updated from version 4.1.1 to 4.4.0 - Update of rootfile - Changelog # Release 4.4.0 (October 6, 2022) - Add `typing_extensions.Any` a backport of python 3.11's Any class which is subclassable at runtime. (backport from python/cpython#31841, by Shantanu and Jelle Zijlstra). Patch by James Hilton-Balfe (@Gobot1234). - Add initial support for TypeVarLike `default` parameter, PEP 696. Patch by Marc Mueller (@cdce8p). - Runtime support for PEP 698, adding `typing_extensions.override`. Patch by Jelle Zijlstra. - Add the `infer_variance` parameter to `TypeVar`, as specified in PEP 695. Patch by Jelle Zijlstra. # Release 4.3.0 (July 1, 2022) - Add `typing_extensions.NamedTuple`, allowing for generic `NamedTuple`s on Python <3.11 (backport from python/cpython#92027, by Serhiy Storchaka). Patch by Alex Waygood (@AlexWaygood). - Adjust `typing_extensions.TypedDict` to allow for generic `TypedDict`s on Python <3.11 (backport from python/cpython#27663, by Samodya Abey). Patch by Alex Waygood (@AlexWaygood). # Release 4.2.0 (April 17, 2022) - Re-export `typing.Unpack` and `typing.TypeVarTuple` on Python 3.11. - Add `ParamSpecArgs` and `ParamSpecKwargs` to `__all__`. - Improve "accepts only single type" error messages. - Improve the distributed package. Patch by Marc Mueller (@cdce8p). - Update `typing_extensions.dataclass_transform` to rename the `field_descriptors` parameter to `field_specifiers` and accept arbitrary keyword arguments. - Add `typing_extensions.get_overloads` and `typing_extensions.clear_overloads`, and add registry support to `typing_extensions.overload`. Backport from python/cpython#89263. - Add `typing_extensions.assert_type`. Backport from bpo-46480. - Drop support for Python 3.6. Original patch by Adam Turner (@AA-Turner).
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit da165e095a2ca5fe22e484ee539adfb5ab15fcb6 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:29 2022 +0100
python3-trio:Update to version 0.22.0 and to work with python-3.10.8
- Updated from version 0.21.0 to 0.22.0 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit ba9c2b56ac9f4504b15dee3c2a64c6d00e053004 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:28 2022 +0100
python3-sniffio:Update to version 1.3.0 and to work with python-3.10.8
- Updated from version 1.2.0 to 1.3.0 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e4eb9f80fe1f1986c0e3eec4e1aabfaa47310364 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:27 2022 +0100
python3-setuptools:Update to version 65.4.1 and to work with python-3.10.8
- Updated from version 62.0.0 to 65.4.1 - Update of rootfile - Changelog is too large to include here. Details can be found in the CHANGES.rst file in the source tarball. Most of the changes are bug fixes
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 10d3e010fd63124c265709fd397856e98d41acc0 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:26 2022 +0100
python3-semantic_version:Update to version 2.10.0 and to work with python-3.10.8
- Updated from version 2.9.0 to 2.10.0 - Update of rootfile - Changelog 2.10.0 (2022-05-26) *New:* * `132 https://github.com/rbarrois/python-semanticversion/issues/132`_: Ensure sorting a collection of versions is always stable, even with build metadata.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 9976d905abf80b595b84d83bbd3070e2666764ad Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:25 2022 +0100
python3-s3transfer:Update to version 0.6.0 and to work with python-3.10.8
- Updated from version 0.5.2 to 0.6.0 - Update of rootfile- No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 4c97d1c23cad4041d72454ca9eb7bd5bc9601d6b Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:24 2022 +0100
python3-rsa:Update to version 4.9 and to work with python-3.10.8
- Updated from version 4.8 to 4.9 - Update of rootfile - Changelog ## Version 4.9 - release 2022-07-20 - Remove debug logging from `rsa/key.py` ([#194](https://github.com/sybrenstuvel/python-rsa/issues/194)). - Remove overlapping slots in `PrivateKey` and `PublicKey`. ([#189](https://github.com/sybrenstuvel/python-rsa/pull/189)). - Do not include CHANGELOG/LICENSE/README.md in wheel ([#191](https://github.com/sybrenstuvel/python-rsa/pull/191)). - Fixed Key Generation Unittest: Public and Private keys are assigned the wrong way around ([#188](https://github.com/sybrenstuvel/python-rsa/pull/188)).
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 8b54edabe105706db36f83390a716a3d4e457aa1 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:23 2022 +0100
python3-requests:Update to version 2.28.1 and to work with python-3.10.8
- Updated from version 2.27.1 to 2.28.1 - Update of rootfile - Changelog 2.28.1 (2022-06-29) **Improvements** - Speed optimization in `iter_content` with transition to `yield from`. (#6170) **Dependencies** - Added support for chardet 5.0.0 (#6179) - Added support for charset-normalizer 2.1.0 (#6169) 2.28.0 (2022-06-09) **Deprecations** - ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (#6091) - Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091) **Improvements** - Wrap JSON parsing issues in Request's JSONDecodeError for payloads without an encoding to make `json()` API consistent. (#6097) - Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#6154) - Added provisional 3.11 support with current beta build. (#6155) - Requests got a makeover and we decided to paint it black. (#6095) **Bugfixes** - Fixed bug where setting `CURL_CA_BUNDLE` to an empty string would disable cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074) - Fixed urllib3 exception leak, wrapping `urllib3.exceptions.SSLError` with `requests.exceptions.SSLError` for `content` and `iter_content`. (#6057) - Fixed issue where invalid Windows registry entires caused proxy resolution to raise an exception rather than ignoring the entry. (#6149) - Fixed issue where entire payload could be included in the error message for JSONDecodeError. (#6036)
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 363bdb9c623f98a466c1c1c6312186037b9465fd Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:22 2022 +0100
python3-pytz:Update to version 2022.4 and to work with python-3.10.8
- Updated from version 2022.1 to 2022.4 - Update of rootfile - Changelog 2022.4 An update to pytz has been released, containing the IANA 2022d timezone database. There are no code changes.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 6a4a621edba6eed387d53a8784e09075e7d46c02 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:21 2022 +0100
python3-pyparsing:Update to version 3.0.9 and to work with python-3.10.8
- Updated from version 3.0.7 to 3.0.9 - Update of rootfile - Changelog Version 3.0.9 - - Added Unicode set `BasicMultilingualPlane` (may also be referenced as `BMP`) representing the Basic Multilingual Plane (Unicode characters up to code point 65535). Can be used to parse most language characters, but omits emojis, wingdings, etc. Raised in discussion with Dave Tapley (issue #392). - To address mypy confusion of `pyparsing.Optional` and `typing.Optional` resulting in `error: "_SpecialForm" not callable` message reported in issue #365, fixed the import in exceptions.py. Nice sleuthing by Iwan Aucamp and Dominic Davis-Foster, thank you! (Removed definitions of `OptionalType`, `DictType`, and `IterableType` and replaced them with `typing.Optional`, `typing.Dict`, and `typing.Iterable` throughout.) - Fixed typo in jinja2 template for railroad diagrams, thanks for the catch Nioub (issue #388). - Removed use of deprecated `pkg_resources` package in railroad diagramming code (issue #391). - Updated bigquery_view_parser.py example to parse examples at https://cloud.google.com/bigquery/docs/reference/legacy-sql
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 87eb5329b2252dc9f5be2f0ddc8d67458821b7b0 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:20 2022 +0100
python3-pyfuse3:Update to version 3.2.2 and to work with python-3.10.8
- Updated from version 3.2.1 to 3.2.2 - Version 3.2.2 is a cythonised version of 3.2.1 resulting in no longer requiring Cython - Update of rootfile - Changelog Release 3.2.2 (2022-09-28) * remove support for python 3.5 (broken, out of support by python devs) * cythonize with latest Cython 0.29.x (brings Python 3.11 support) * use github actions for CI, remove travis-ci * update README: minimal maintenance, not developed * update setup.py with tested python versions * examples/tmpfs.py: work around strange kernel behaviour (calling SETATTR after UNLINK of a (not open) file): respond with ENOENT instead of crashing.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 8d2347138bda5edd7c3fffeb3e5f3e692e6a0937 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:19 2022 +0100
python3-msgpack:Update to version 1.0.4 and to work with python-3.10.8
- Updated from version 1.0.3 to 1.0.4 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e0423d2bf8cd361f90303ff2c29c9a9e58f64a75 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:18 2022 +0100
python3-jmespath:Update to version 1.0.1 and to work with python-3.10.8
- Updated from version 1.0.0 to 1.0.1 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 3b2dec125e663de16290d9407327f766c77b7adb Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:17 2022 +0100
python3-idna:Update to version 3.4 and to work with python-3.10.8
- Updated from version 3.3 to 3.4 - Update of rootfile - Changelog 3.4 (2022-09-14) - Update to Unicode 15.0.0 - Migrate to pyproject.toml for build information (PEP 621) - Correct another instance where generic exception was raised instead of IDNAError for malformed input - Source distribution uses zeroized file ownership for improved reproducibility
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 044c371cc22f445f8e6a668bf7c5444cc8648f17 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:16 2022 +0100
python3-docutils:Update to version 0.19 and to work with python-3.10.8
- Updated from version 0.18.1 to 0.19 - Update of rootfile - Changelog Release 0.19 (2022-07-05) * General - Dropped support for Python 2.7, 3.5, and 3.6. and removed compatibility hacks from code and tests. - Code cleanup, check PEP 8 conformity with `flake8` (exceptions in file tox.ini). * docutils/__main__.py - New module. Support for ``python -m docutils``. Also used for the ``docutils`` console script `entry point`. * docutils/core.py: - Let `Publisher.publish()` print info and prompt when waiting for input from a terminal (cf. https://clig.dev/#interactivity). - Respect "input_encoding_error_handler" setting when opening a source. * docutils/io.py - New function `error_string()` obsoletes `utils.error_reporting.ErrorString`. - Class `ErrorOutput` moved here from `utils/error_reporting`. - Use "utf-8-sig" instead of Python's default encoding if the "input_encoding" setting is None. - Fix error when reading of UTF-16 encoded source without trailing newline. * docutils/parsers/__init__.py - Aliases "markdown" and "commonmark" point to "commonmark_wrapper". - Alias for the "myst" parser (https://pypi.org/project/myst-docutils). - Use absolute module names in `_parser_aliases` instead of two import attempts. (Keeps details if the `recommonmark_wrapper.py` module raises an ImportError.) - Prepend parser name to ImportError if importing a parser class fails. * docutils/parsers/commonmark_wrapper.py - New module for parsing CommonMark input. Selects a locally installed 3rd-party parser (pycmark, myst, or recommonmark). * docutils/parsers/recommonmark_wrapper.py - Raise ImportError, if import of the upstream parser module fails. If called from an `"include" directive`_, the system-message now has source/line info. - Adapt to and test with "recommonmark" versions 0.6.0 and 0.7.1. .. _"include" directive: docs/ref/rst/directives.html#include * docutils/parsers/rst/__init__.py - Update PEP base URL (fixes bug #445), use "https:" scheme in RFC base URL. - Add `reporter` to `Directive` class attributes. * docutils/parsers/rst/directives/__init__.py - `parser_name()` keeps details if converting ImportError to ValueError. * docutils/parsers/rst/roles.py - Don't use mutable default values for function arguments. Fixes bug #430. * docutils/transforms/universal.py - Fix bug #435: invalid references in `problematic` nodes with report_level=4. * docutils/utils/__init__.py - `decode_path()` returns `str` instance instead of `nodes.reprunicode`. * docutils/utils/error_reporting.py - Add deprecation warning. * docutils/writers/_html_base.py - Add "html writers" to `config_section_dependencies`. Fixes bug #443. - Write table column widths with 3 digits precision. Fixes bug #444. * docutils/writers/html5_polyglot/__init__.py - Add space before "charset" meta tag closing sequence. - Remove class value "controls" from an `image` node with video content after converting it to a "control" attribute of the <video> tag. - Wrap groups of footnotes in an ``<aside>`` for easier styling. * docutils/writers/pep_html/ - Use "https:" scheme in "python_home" URL default. - Fix links in template.txt. * setup.py: - New "docutils" console script `entry point`__. Fixes bug #447. __ https://packaging.python.org/en/latest/specifications/entry-points/ * test/alltests.py - Always encode the log file "alltests.out" using 'utf-8'. * test/DocutilsTestSupport.py - `exception_data()` now returns None if no exception was raised. - `recommonmark_wrapper` only imported if upstream parser is present. * test/test_parsers/test_rst/test_directives/test_tables.py - Fix bug #436: Null char valid in CSV since Python 3.11. * tools/docutils-cli.py - Allow 3rd-party drop-in components for reader and parser, too. - Fix help output. - Actual code moved to docutils.__main__.py.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 5de419768554a6cc1e709164bc94f8cda5d026e6 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:15 2022 +0100
python3-colorama:Update to version 0.4.5 and to work with python-3.10.8
- Updated from version 0.4.4 to 0.4.5 - Update of rootfile - Changelog 0.4.5 * Catch a racy ValueError that could occur on exit. * Create README-hacking.md, for Colorama contributors. * Tweak some README unicode characters that don't render correctly on PyPI. * Fix some tests that were failing on some operating systems. * Add support for Python 3.9. * Add support for PyPy3. * Add support for pickling with the ``dill`` module.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit f42da6c8c1bb9776529c5dc3cd6b9121db3215e2 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:14 2022 +0100
python3-click:Update to version 8.1.3 and to work with python-3.10.8
- Updated from version 8.1.2 to 8.1.3 - Update of rootfile - Changelog Version 8.1.3 - Use verbose form of ``typing.Callable`` for ``@command`` and ``@group``. :issue:`2255` - Show error when attempting to create an option with ``multiple=True, is_flag=True``. Use ``count`` instead. :issue:`2246`
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 8815cdbe5af71996eac29c148b9fa29bbe2506ad Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:13 2022 +0100
python3-circuitbreaker:Update to version 1.4.0 and to work with python-3.10.8
- Updated from version 1.3.2 to 1.4.0 - Update of rootfile - Changelog 1.4.0 Latest The circuitbreaker project has been classified as "Critical Project" on PyPI, meaning it belongs to the top 1% of all projects on PyPI based on the downloads over the last 6 months. We're working an important peace here 🙂 Fallback Function By default, the circuit breaker will raise a CircuitBreaker exception when the circuit is opened. You can instead specify a function to be called when the circuit is opened. This function can be specified with the fallback_function parameter and will be called with the same parameters as the decorated function would be. Custom callable for handling exceptions The logic for handling thrown exceptions as failures can now be customized by passing a callable. The callable will be passed the exception type and value, and should return True if the exception should be treated as a failure. Monotonic clock Using the wall clock to measure durations is vulnerable to changes in the system clock causing misbehavior - a clock accidentally set far in the future and later reset could result in the circuit breaker remaining open for a great deal longer than expected. To solve this, a monotonic clock is now used for timing open states. Circuitbreaker default name The circuitbreaker default names are now taken from __qualname__ if available for more precise default naming. Fixes and tooling the project is now built on Github Action instead of Travis CI building for python 3.10 applied smaller flake8 fixes
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit cce71b141c4ffd6f0b633a29b52c615232216fb4 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:12 2022 +0100
python3-charset-normalizer:Update to version 2.1.1 and to work with python-3.10.8
- Updated from version 2.0.12 to 2.1.1 - Update of rootfile - Changelog ## [2.1.1](https://github.com/Ousret/charset_normalizer/compare/2.1.0...2.1.1) (2022-08-19) ### Deprecated - Function `normalize` scheduled for removal in 3.0 ### Changed - Removed useless call to decode in fn is_unprintable (#206) ### Fixed - Third-party library (i18n xgettext) crashing not recognizing utf_8 (PEP 263) with underscore from [@aleksandernovikov](https://github.com/aleksandernovikov) (#204) ## [2.1.0](https://github.com/Ousret/charset_normalizer/compare/2.0.12...2.1.0) (2022-06-19) ### Added - Output the Unicode table version when running the CLI with `--version` (PR #194) ### Changed - Re-use decoded buffer for single byte character sets from [@nijel](https://github.com/nijel) (PR #175) - Fixing some performance bottlenecks from [@deedy5](https://github.com/deedy5) (PR #183) ### Fixed - Workaround potential bug in cpython with Zero Width No-Break Space located in Arabic Presentation Forms-B, Unicode 1.1 not acknowledged as space (PR #175) - CLI default threshold aligned with the API threshold from [@oleksandr-kuzmenko](https://github.com/oleksandr-kuzmenko) (PR #181) ### Removed - Support for Python 3.5 (PR #192) ### Deprecated - Use of backport unicodedata from `unicodedata2` as Python is quickly catching up, scheduled for removal in 3.0 (PR #194)
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c083a72afe17c4d4789a1a0bc19801ba0ddc73b1 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:11 2022 +0100
python3-cffi:Update to version 1.15.1 and to work with python-3.10.8
- Updated from version 1.15.0 to 1.15.1 - Update of rootfile - Changelog v1.15.1 If you call ffi.embedding_api() but don’t write any extern “Python” function there, then the resulting C code would fail an assert. Fixed. Updated Windows/arm64 embedded libffi static lib to v3.4.2, and scripted to ease future updates (thanks Niyas Sait!)
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit f3a337ece1bd9b6cc04497911cb80f3a5b953514 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:10 2022 +0100
python3-certifi:Update to version 2022.9.4 and to work with python-3.10.8
- Updated from version 2021.10.8 to 2022.9.4 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c28c0d6f0d26f48611f62a00e6df026d2ad100ef Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:09 2022 +0100
python3-botocore:Update to version 1.27.89 and to work with python-3.10.8
- Updated from version 1.25.12 to 1.27.89 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c52ff00f094d82ad93afbdea7ae1198cc12b1eda Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:08 2022 +0100
python3-attrs:Update to version 22.1.0 and to work with python-3.10.8
- Updated from version 21.4.0 to 22.1.0 - Update of rootfile - Changelog 22.1.0 (2022-07-28) Backwards-incompatible Changes - Python 2.7 is not supported anymore. Dealing with Python 2.7 tooling has become too difficult for a volunteer-run project. We have supported Python 2 more than 2 years after it was officially discontinued and feel that we have paid our dues. All version up to 21.4.0 from December 2021 remain fully functional, of course. `#936 https://github.com/python-attrs/attrs/issues/936`_ - The deprecated ``cmp`` attribute of ``attrs.Attribute`` has been removed. This does not affect the *cmp* argument to ``attr.s`` that can be used as a shortcut to set *eq* and *order* at the same time. `#939 https://github.com/python-attrs/attrs/issues/939`_ Changes - Instantiation of frozen slotted classes is now faster. `#898 https://github.com/python-attrs/attrs/issues/898`_ - If an ``eq`` key is defined, it is also used before hashing the attribute. `#909 https://github.com/python-attrs/attrs/issues/909`_ - Added ``attrs.validators.min_len()``. `#916 https://github.com/python-attrs/attrs/issues/916`_ - ``attrs.validators.deep_iterable()``'s *member_validator* argument now also accepts a list of validators and wraps them in an ``attrs.validators.and_()``. `#925 https://github.com/python-attrs/attrs/issues/925`_ - Added missing type stub re-imports for ``attrs.converters`` and ``attrs.filters``. `#931 https://github.com/python-attrs/attrs/issues/931`_ - Added missing stub for ``attr(s).cmp_using()``. `#949 https://github.com/python-attrs/attrs/issues/949`_ - ``attrs.validators._in()``'s ``ValueError`` is not missing the attribute, expected options, and the value it got anymore. `#951 https://github.com/python-attrs/attrs/issues/951`_ - Python 3.11 is now officially supported. `#969 https://github.com/python-attrs/attrs/issues/969`_
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit e18e8a70201af82743b5c495e393ad58113807eb Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:07 2022 +0100
python3-arrow:Update to version 1.2.3 and to work with python-3.10.8
- Updated from version 1.2.2 to 1.2.3 - Update of rootfile - Changelog 1.2.3 (2022-06-25) - [NEW] Added Amharic, Armenian, Georgian, Laotian and Uzbek locales. - [FIX] Updated Danish locale and associated tests. - [INTERNAl] Small fixes to CI.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit fa613d31c804e3b364ce0f8ae652b0ea74a6eec4 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:06 2022 +0100
rust-pyo3-build-config:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c74a3eead3ff598532bae5b53f77c02c8ff9527c Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:05 2022 +0100
rust-pyo3-macros-backend:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit fd9d183c211beeb47a068604217230b56eeacb30 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:04 2022 +0100
rust-pyo3-macros:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 9ab0df2c67ee9bc5714631081f9a22dd60157415 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:03 2022 +0100
rust-pyo3:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - Changelog ## [0.15.2] - 2022-04-14 ### Packaging - Backport of PyPy 3.9 support from PyO3 0.16. [#2262](https://github.com/PyO3/pyo3/pull/2262)
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 7b43fb6b7d7edd2b1b19e789008a72dff28bf146 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:02 2022 +0100
rust-pem:Update to version 1.1.0 - required by python3-cryptography
- Updated from version 1.0.2 to 1.1.0 - Update of rootfile - Changelog found in source tarball stops at version 1.0.1 No changelog found elsewhere
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 217e9db5912bd65310aec837296ce5a52fa7cc4a Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:01 2022 +0100
rust-ouroboros_macro:Update to version 0.15.5 - required by python3-cryptography
- Updated from version 0.13.0 to 0.15.5 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c8e187ba8e56c9fdbcfa3c8ec78e94e735c09563 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:57:00 2022 +0100
rust-ouroboros:Update to version 0.15.5 - required by python3-cryptography
- Updated from version 0.13.0 to 0.15.5 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit f80eb8b8f6cc4dce927ad43e1140428cfc93648e Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:59 2022 +0100
rust-asn1_derive:Update to version 0.12.2 - required by python3-cryptography
- Updated from version 0.8.7 to 0.12.2 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit db101b368a9c9408041fdb65a815d6a664f32432 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:58 2022 +0100
rust-asn1: Update to version 0.12.2 - required by python3-cryptography
- Updated from version 0.8.7 to 0.12.2 - Update of rootfile - No changelog found in source tarball or other location
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit d116f35a366627996a83f9ec2610271520cbd2d5 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:57 2022 +0100
rust-iana-time-zone: Required by updated rust-chrono
- Install of version 0.1.51 - Definition of rootfile - Creation of metadata patch to eliminate windows options
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 9745d784b97d975979f0f7b22eced1583ffe4025 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:56 2022 +0100
rust-chrono:Update to version 0.4.22 required by python3-cryptography
- Updated from version 0.4.19 to 0.4.22 - Update of rootfile - Update of metadata patch as more windows related entries in Cargo.toml to be excluded - Changelog ## 0.4.22 * Allow wasmbindgen to be optional on `wasm32-unknown-unknown` target [(#771)](https://github.com/chronotope/chrono/pull/771) * Fix compile error for `x86_64-fortanix-unknown-sgx` [(#767)](https://github.com/chronotope/chrono/pull/767) * Update `iana-time-zone` version to 1.44 [(#773)](https://github.com/chronotope/chrono/pull/773) ## 0.4.21 * Fall back to UTC timezone in cases where no timezone is found [(#756)](https://github.com/chronotope/chrono/pull/756) * Correctly detect timezone on Android [(#756)](https://github.com/chronotope/chrono/pull/756) * Improve documentation for strftime `%Y` specifier [(#760)](https://github.com/chronotope/chrono/pull/760) ## 0.4.20 * Add more formatting documentation and examples. * Add support for microseconds timestamps serde serialization/deserialization (#304) * Fix `DurationRound` is not TZ aware (#495) * Implement `DurationRound` for `NaiveDateTime` * Implement `std::iter::Sum` for `Duration` * Add `DateTime::from_local()` to construct from given local date and time (#572) * Add a function that calculates the number of years elapsed between now and a given `Date` or `DateTime` (#557) * Correct build for wasm32-unknown-emscripten target (#568) * Change `Local::now()` and `Utc::now()` documentation from "current date" to "current date and time" (#647) * Fix `duration_round` panic on rounding by `Duration::zero()` (#658) * Add optional rkyv support. * Add support for microseconds timestamps serde serialization for `NaiveDateTime`. * Add support for optional timestamps serde serialization for `NaiveDateTime`. * Fix build for wasm32-unknown-emscripten (@yu-re-ka #593) * Make `ParseErrorKind` public and available through `ParseError::kind()` (#588) * Implement `DoubleEndedIterator` for `NaiveDateDaysIterator` and `NaiveDateWeeksIterator` * Fix panicking when parsing a `DateTime` (@botahamec) * Add support for getting week bounds based on a specific `NaiveDate` and a `Weekday` (#666) * Remove libc dependency from Cargo.toml. * Add the `and_local_timezone` method to `NaiveDateTime` * Fix the behavior of `Duration::abs()` for negative durations with non-zero nanos * Add compatibility with rfc2822 comments (#733) * Make `js-sys` and `wasm-bindgen` enabled by default when target is `wasm32-unknown-unknown` for ease of API discovery * Add the `Months` struct and associated `Add` and `Sub` impls
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 97119282dde51c5536c67556d2200d128b4124c4 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:55 2022 +0100
python3-cryptography:Update to version 38.0.1 and to work with python-3.10.8
- Updated from version 36.0.2 to 38.0.1 - Update of rootfile - Changelog 38.0.1 - 2022-09-07 Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs). 38.0.0 - 2022-09-06 Final deprecation of OpenSSL 1.1.0. The next release of cryptography will drop support. We no longer ship many linux 2010 wheels. Users should upgrade to the latest pip to ensure this doesn’t cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms. Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required. decrypt() and related methods now accept both str and bytes tokens. Parsing CertificateSigningRequest restores the behavior of enforcing that the Extension critical field must be correctly encoded DER. See the issue for complete details. Added two new OpenSSL functions to the bindings to support an upcoming pyOpenSSL release. When parsing CertificateRevocationList and CertificateSigningRequest values, it is now enforced that the version value in the input must be valid according to the rules of RFC 2986 and RFC 5280. Using MD5 or SHA1 in CertificateBuilder and other X.509 builders is deprecated and support will be removed in the next version. Added additional APIs to SignedCertificateTimestamp, including signature_hash_algorithm, signature_algorithm, signature, and extension_bytes. Added tbs_precertificate_bytes, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification. KBKDFHMAC and KBKDFCMAC now support MiddleFixed counter location. Fixed RFC 4514 name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method from_rfc4514_string(). It is now possible to customize some aspects of encryption when serializing private keys, using encryption_builder(). Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade. Added AES128 and AES256 classes. These classes do not replace AES (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length. 37.0.4 - 2022-07-05 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5. 37.0.3 - 2022-06-21 (YANKED)¶ Attention This release was subsequently yanked from PyPI due to a regression in OpenSSL. Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4. 37.0.2 - 2022-05-03 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.3. Added a constant needed for an upcoming pyOpenSSL release. 37.0.1 - 2022-04-27 Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error. Restored some legacy symbols for older pyOpenSSL users. These will be removed again in the future, so pyOpenSSL users should still upgrade to the latest version of that package when they upgrade cryptography. 37.0.0 - 2022-04-26 Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2. BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+. BACKWARDS INCOMPATIBLE: Removed signer and verifier methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to sign and verify. Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of cryptography will be the last to support compiling with OpenSSL 1.1.0. Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future cryptography release. Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required. Deprecated CAST5, SEED, IDEA, and Blowfish because they are legacy algorithms with extremely low usage. These will be removed in a future version of cryptography. Added limited support for distinguished names containing a bit string. We now ship universal2 wheels on macOS, which contain both arm64 and x86_64 architectures. Users on macOS should upgrade to the latest pip to ensure they can use this wheel, although we will continue to ship x86_64 specific wheels for now to ease the transition. This will be the final release for which we ship manylinux2010 wheels. Going forward the minimum supported manylinux ABI for our wheels will be manylinux2014. The vast majority of users will continue to receive manylinux wheels provided they have an up to date pip. For PyPy wheels this release already requires manylinux2014 for compatibility with binaries distributed by upstream. Added support for multiple OCSPSingleResponse in a OCSPResponse. Restored support for signing certificates and other structures in X.509 with SHA3 hash algorithms. TripleDES is disabled in FIPS mode. Added support for serialization of PKCS#12 CA friendly names/aliases in serialize_key_and_certificates() Added support for 12-15 byte (96 to 120 bit) nonces to AESOCB3. This class previously supported only 12 byte (96 bit). Added support for AESSIV when using OpenSSL 3.0.0+. Added support for serializing PKCS7 structures from a list of certificates with serialize_certificates. Added support for parsing RFC 4514 strings with from_rfc4514_string(). Added AUTO to PSS. This can be used to verify a signature where the salt length is not already known. Added DIGEST_LENGTH to PSS. This constant will set the salt length to the same length as the PSS hash algorithm. Added support for loading RSA-PSS key types with load_pem_private_key() and load_der_private_key(). This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 7a251a1fa3f08cb1bebb681dff6055828d01e062 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:54 2022 +0100
python3-setuptools-scm:Update to version 7.0.5 and to work with python-3.10.8
- Updated from version 6.4.2 to 7.0.5 - Update of rootfile - Changelog v7.0.5 Merge pull request #746 from RonnyPfannschmidt/release-prep v7.0.4 Merge pull request #739 from RonnyPfannschmidt/fix-738-protect-relative-to v7.0.3 What's Changed Hg / pip compatibility by @paugier in #729 fix #728: remove git arguments that triggered wrong branch names by @RonnyPfannschmidt in #730 fix #691 - support root in pyproject.toml even for cli by @RonnyPfannschmidt in #731 fix #727: correctly handle incomplete archivals from setuptools_scm_g… by @RonnyPfannschmidt in #732 cleanup pyproject loading and allow cli relative roots to be specified by @RonnyPfannschmidt in #736 Update the README: document support for Git archives by @Changaco in #734 v7.0.2 Merge pull request #724 from RonnyPfannschmidt/fix-722-self-bootstrap v7.0.1 Merge pull request #719 from kojiromike/missing-importlib v7.0.0 pre-commit update
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 47cfdd293ee997fa878f695e1a5dc3bad2861b54 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:53 2022 +0100
python3-setuptools-rust:Update to version 1.5.2 and to work with python-3.10.8
- Updated from version 1.2.0 to 1.5.2 - Update of rootfile - Changelog v1.5.2 Fixed Fix regression in dylib build artifacts not being found since 1.5.0. #290 Fix regression in sdist missing examples and other supplementary files since 1.5.0. #291 v1.5.1 Fixed Fix regression in get_lib_name crashing since 1.5.0. #280 Fix regression in Binding.Exec builds with multiple executables not finding built executables since 1.5.0. #283 v1.5.0 Added Add support for extension modules built for wasm32-unknown-emscripten with Pyodide. #244 Changed Locate cdylib artifacts by handling messages from cargo instead of searching target dir (fixes build on MSYS2). #267 No longer guess cross-compile environment using HOST_GNU_TYPE / BUILD_GNU_TYPE sysconfig variables. #269 Fixed Fix RustBin build without wheel. #273 Fix RustBin setuptools install. #275 v1.4.1 Fixed Fix crash when checking Rust version. #263 v1.4.0 Packaging Increase minimum setuptools version to 62.4. #222 Added Add cargo_manifest_args to support locked, frozen and offline builds. #234 Add RustBin for packaging binaries in scripts data directory. #248 Changed Exec binding RustExtension with script=True is deprecated in favor of RustBin. #248 Errors while calling cargo metadata are now reported back to the user #254 quiet option will now suppress output of cargo metadata. #256 setuptools-rust will now match cargo behavior of not setting --target when the selected target is the rust host. #258 Deprecate native option of RustExtension. #258 Fixed If the sysconfig for BLDSHARED has no flags, setuptools-rust won't crash anymore. #241 v1.3.0 Packaging Increase minimum setuptools version to 58. #222 Fixed Fix crash when python-distutils-extra linux package is installed. #222 Fix sdist built with vendored dependencies on Windows having incorrect cargo config. #223
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 8d7395e6661e3db11787d5fdc5719474ddfcb966 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:52 2022 +0100
python3-pep517:Update to version 0.13.0 and to work with python-3.10.8
- Updated from version 0.12.0 to 0.13.0 - Update of rootfile - No Changelog available in the source tarball or pypi or the github repository
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit d8c94dabb588c2160e68a4ee6b95ec8c36587b5d Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:51 2022 +0100
python3-daemon: Update to version 2.3.1 and to work with python-3.10.8
- Updated from version 2.3.0 to 2.3.1 - Update of rootfile - Changelog Version 2.3.1 Bugs Fixed: * Avoid operations on a closed stream file when detecting a socket. Closes: Pagure #64. Thanks to Mark Richman for the report. * Correct use of names to allow `from daemon import *`. Closes: Pagure #65. Thanks to July Tikhonov for the report. Changed: * Speed daemon start time by computing candidate file descriptors once. Closes: Pagure #40. Thanks to Alex Pyrgiotis for the report. * Remove incorrect double-patch of objects in test cases. Closes: Pagure #62. Thanks to Miro Hrončok for the report. * Deprecate helper function `is_socket`. The function incorrectly causes `ValueError` when the file object is already closed. Migrate to the new `is_socket_file` helper function instead. Removed: * Drop backward-compatible helpers that provided Python 2 support. * declaration of source encoding ‘utf-8’ * absolute_import * unicode_literals * module-level metaclass `type` * unification of str with unicode type * renamed standard library exceptions and modules * raise exception from context exception All these are default behaviour in Python 3 and need no special handling.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit b7fbfaded5eb65afd9f3fc63d3fdc77ecaa930f7 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:50 2022 +0100
python3-build: Update to version 0.8.0 and to work with python-3.10.8
- Updated from version 0.7.0 to 0.8.0 - Update of rootfile - Changelog 0.8.0 (2022-05-22) Accept os.PathLike[str] in addition to str for paths in public API (PR #392, Fixes #372) Add schema validation for build-system table to check conformity with PEP 517 and PEP 518 (PR #365, Fixes #364) Better support for Python 3.11 (sysconfig schemes PR #434, PR #463, tomllib PR #443, warnings PR #420) Improved error printouts (PR #442) Avoid importing packaging unless needed (PR #395, Fixes #393) Breaking Changes Failure to create a virtual environment in the build.env module now raises build.FailedProcessError (PR #442) - As far as I can tell IPFire does not use the build.env module and the built iso installed successfully
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 9d8a588351ab32ca9524202b8dc15a40db5ac756 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:49 2022 +0100
python3-Cython: Removal of this module from IPFire
- New version of python3-pyfuse3 has been cythonised so Cython no longer required
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 50274d92e86b5bc4c96e219538aa635cf04d80d5 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:48 2022 +0100
make.sh: Addition, deletion and re-orderiong of packages for Python-3.10.8
- Addition of rust-iana-time-zone and removal of python3-Cython as updated python3-pyfuse can be built now without Cython. - python3-toml and python3-pyproject2setuppy moved earlier as updated python3-pyparsing no longer has setup.py file
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit a3e169e897d8a804eb66aad56d0fe98ac0f57d30 Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Nov 9 19:56:47 2022 +0100
python3: Update to version 3.10.8
- Update from version 3.10.1 to 3.10.8 - Update of rootfile - Changelog is too large to include hear. More details can be found at https://docs.python.org/3.10/whatsnew/changelog.html#changelog - Installed Iso, created from build of this python update series, into a vm testbed clone. All pages and contents worked. No issues found on any WUI page.
Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit dcecf6f8a93b126452efa4a5c12e7aa5bc610139 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 8 14:39:42 2022 +0000
Core Update 172: Ship vnstat
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c7369b4bf14bf6d8b1b911202621edcbfcda0709 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Nov 7 19:03:55 2022 +0100
vnstat: Update to 2.10
For details see: https://humdi.net/vnstat/CHANGES
"2.10 / 22-Oct-2022
- Fixed - BandwidthDetection in BSD wasn't correctly converting kernel reported bits per second values to Mbits per second resulting in a sanity check being triggered and detected values not being used expect for PPPoE interfaces which incorrectly were detected as 64000 Mbit - Image output of 5 minute graph wasn't possible if data retention of the 5 minute time period was configured as unlimited (pull request by Sebastian Lechte) - Estimates and average rates weren't calculated correctly for daily, monthly and yearly time periods when monitoring of the interface had been started during the ongoing time period - Estimates weren't being shown in summary output when OutputStyle or --style was configured with a value less than 2 (vnstat) - Alignment of column header in short output wasn't correct when OutputStyle or --style was configured with the value 0 (vnstat) - New - Support input of more than 31 characters in interface name when using interface1+interface2 syntax data merge queries - Support passing --config option multiple times, later files override earlier files if settings overlap (vnstat and vnstati) - Add configuration option EstimateVisible for controlling the visibility of the estimate line - Add configuration option EstimateText for modifying the default "estimated" text string when the estimate line is visible - Add --style support to -tr / --traffic output - Add summary option to --json and --xml outputs - Add timestamps to --json and --xml outputs - Add Prometheus compatible metrics endpoint cgi to examples (examples/vnstat-metrics.cgi)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 0600bf162d12dccfacab571f2bec856f2f7a8944 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 8 14:38:32 2022 +0000
strongSwan: Commit forgotten LFS file changes
My fault, again.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit d3a4fcc7097a3df6e45f4d2b15960ccb61f0152f Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 8 11:15:05 2022 +0000
Core Update 172: Remove powertop add-on, if installed
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f7b0247e02ed5af880f03932807d039ef9008d91 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 7 12:24:07 2022 +0000
Drop powertop
This has been discussed briefly in the telephone conference of September: powertop is considered to be unnecessary, as IPFire is optimized for performance, thus interfering with possible power consumption reducing switches. Also, the need for powertop has been diminished, given that x86 platforms are highly likely not to run on batteries, and we are phasing out 32-bit ARM, where this could have been the case.
Therefore, this patch proposes to drop powertop.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 0675d2a449a121f52065db9314dbe18edd7205e0 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 8 11:13:30 2022 +0000
Core Update 172: Ship libxml2
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 639e23b847e17b288bb6ed3e3e4f1a10abe30093 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 7 22:14:14 2022 +0100
libxml2: Update to version 2.10.3
- Update from version 2.9.14 to 2.10.3 - Update of rootfile - Changelog v2.10.3: Oct 14 2022 ### Security - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c ### Portability - win32: Fix build with VS2013 ### Build system - cmake: Set SOVERSION v2.10.2: Aug 29 2022 ### Improvements - Remove set-but-unused variable in xmlXPathScanName - Silence -Warray-bounds warning ### Build system - build: require automake-1.16.3 or later (Xi Ruoyao) - Remove generated files from distribution ### Test suite - Don't create missing.xml when running testapi v2.10.1: Aug 25 2022 ### Regressions - Fix xmlCtxtReadDoc with encoding ### Bug fixes - Fix HTML parser with threads and --without-legacy ### Build system - Fix build with Python 3.10 - cmake: Disable version script on macOS - Remove Makefile rule to build testapi.c ### Documentation - Switch back to HTML output for API documentation - Port doc/examples/index.py to Python 3 - Fix order of exports in libxml2-api.xml - Remove libxml2-refs.xml v2.10.0: Aug 17 2022 ### Security - [CVE-2022-2309] Reset nsNr in xmlCtxtReset - Reserve byte for NUL terminator and report errors consistently in xmlBuf and xmlBuffer (David Kilzer) - Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer) - Fix integer overflow in xmlBufferDump() (David Kilzer) - xmlBufAvail() should return length without including a byte for NUL terminator (David Kilzer) - Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David Kilzer) - Use xmlNewDocText in xmlXIncludeCopyRange - Fix use-after-free bugs when calling xmlTextReaderClose() before xmlFreeTextReader() on post-validating parser (David Kilzer) - Use UPDATE_COMPAT() consistently in buf.c (David Kilzer) - fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn) ### Removals and deprecations - Disable XPointer location support by default - Remove outdated xml2Conf.sh - Deprecate module init and cleanup functions - Remove obsolete XML Software Autoupdate (XSA) file - Remove DOCBparser - Remove obsolete Python test framework - Remove broken VxWorks support - Remove broken Mac OS 9 support - Remove broken bakefile support - Remove broken Visual Studio 2010 support - Remove broken Windows CE support - Deprecate IDREF-related functions in valid.h - Deprecate legacy functions - Disable legacy support by default - Deprecate all functions in nanoftp.h - Disable FTP support by default - Add XML_DEPRECATED macro - Remove elfgcchack.h ### Regressions - Skip incorrectly opened HTML comments - Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer) ### Bug fixes - Fix memory leak with invalid XSD - Make XPath depth check work with recursive invocations - Fix memory leak in xmlLoadEntityContent error path - Avoid double-free if malloc fails in inputPush - Properly fold whitespace around the QName value when validating an XSD schema. (Damjan Jovanovic) - Add whitespace folding for some atomic data types that it's missing on. (Damjan Jovanovic) - Don't add IDs containing unexpanded entity references ### Improvements - Avoid calling xmlSetTreeDoc - Simplify xmlFreeNode - Don't reset nsDef when changing node content - Fix unintended fall-through in xmlNodeAddContentLen - Remove unused xmlBuf functions (David Kilzer) - Implement xpath1() XPointer scheme - Add configuration flag for XPointer locations support - Fix compiler warnings in Python code - Mark more static data as `const` (David Kilzer) - Make xmlStaticCopyNode non-recursive - Clean up encoding switching code - Simplify recursive pthread mutex - Use non-recursive mutex in dict.c - Fix parser progress checks - Avoid arithmetic on freed pointers - Improve buffer allocation scheme - Remove unneeded #includes - Add support for some non-standard escapes in regular expressions. (Damjan Jovanovic) - htmlParseComment: handle abruptly-closed comments (Mike Dalessio) - Add let variable tag support (Oliver Diehl) - Add value-of tag support (Oliver Diehl) - Remove useless call to xmlRelaxNGCleanupTypes - Don't include ICU headers in public headers - Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio) - Fix unused variable warnings with disabled features - Only warn on invalid redeclarations of predefined entities - Remove unneeded code in xmlreader.c - Rework validation context flags ### Portability - Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin) - Fix Python tests on macOS - Fix xmlCleanupThreads on Windows - Fix reinitialization of library on Windows - Don't mix declarations and code in runtest.c - Use portable python shebangs (David Seifert) - Use critical sections as mutex on Windows - Don't set HAVE_WIN32_THREADS in win32config.h - Use stdint.h with newer MSVC - Remove cruft from win32config.h - Remove isinf/isnan emulation in win32config.h - Always fopen files with "rb" - Remove __DJGPP__ checks - Remove useless __CYGWIN__ checks ### Build system - Don't autogenerate doc/examples/Makefile.am - cmake: Install libxml.m4 on UNIX-like platforms (Daniel E) - cmake: Use symbol versioning on UNIX-like platforms (Daniel E) - Port genUnicode.py to Python 3 - Port gentest.py to Python 3 - cmake: Fix build without thread support - cmake: Install documentation in CMAKE_INSTALL_DOCDIR - cmake: Remove non needed files in docs dir (Daniel E) - configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set (Christopher Degawa) - Move local Autoconf macros into m4 directory - Use XML_PRIVATE_LIBS in libxml2_la_LIBADD - Update libxml-2.0-uninstalled.pc.in - Remove LIBS from XML_PRIVATE_LIBS - Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS - Don't overlink executables - cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg) - build: Make use of variables in libxml's pkg-config file (Daniel Engberg) - Avoid obsolescent `test -a` constructs (David Seifert) - Move AM_MAINTAINER_MODE to AM section - configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert) - Streamline documentation installation - Don't try to recreate COPYING symlink - Detect libm using libtool's macros (David Seifert) - configure.ac: disable static libraries by default (David Seifert) - python/Makefile.am: nest python docs in $(docdir) (David Seifert) - python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert) - Makefile.am: install examples more idiomatically (David Seifert) - configure.ac: remove useless AC_SUBST (David Seifert) - Respect `--sysconfdir` in source files (David Seifert) - Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin) - Only install *.html and *.c example files - Remove --with-html-dir option - Rework documentation build system - Remove old website - Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert) - Update genChRanges.py - Update build_glob.py - Remove ICONV_CONST test - Remove obsolete AC_HEADER checks - Don't check for standard C89 library functions - Don't check for standard C89 headers - Remove special configuration for certain maintainers ### Test suite, CI - Disable network in API tests - testapi: remove leading slash from "/missing.xml" (Mike Gilbert) - Build Autotools CI tests out of source tree (VPATH) - Add --with-minimum build to CI tests - Fix warnings when testing --with-minimum build - cmake: Run all tests when threads are disabled - Also build CI tests with -Werror - Move doc/examples tests to new test suite - Simplify 'make check' targets - Fix schemas and relaxng tests - Remove unused result files - Allow missing result files in runtest - Move regexp tests to runtest - Move SVG tests to runtest.c - Move testModule to new test suite - Move testThreads to new test suite - Remove major parts of old test suite - Make testchar return an error on failure (Tony Tascioglu) - Add CI job for static build - python/tests: open() relative to test scripts (David Seifert) - Port some test scripts to Python 3 ### Documentation - Improve documentation of tree manipulation API - Update xml2-config man page - Consolidate man pages - Rename xmlcatalog_man.xml - Make examples a standalone HTML page - Fix documentation in entities.c - Add note about optimization flags
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 4022e2f9c3d64e21d8b55a8206630fea7a845cd3 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 8 11:12:28 2022 +0000
Core Update 172: Ship expat
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit cf25086eea3776172dba0691afa6bf5646090a64 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 7 22:13:58 2022 +0100
expat: Update to version 2.5.0
- Update from version 2.4.9 to 2.5.0 - Update of rootfile. - Changelog Release 2.5.0 Tue October 25 2022 Security fixes: #616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. Bug fixes: #612 #645 Fix curruption from undefined entities #613 #654 Fix case when parsing was suspended while processing nested entities #616 #652 #653 Stop leaking opening tag bindings after a closing tag mismatch error where a parser is reset through XML_ParserReset and then reused to parse #656 CMake: Fix generation of pkg-config file #658 MinGW|CMake: Fix static library name Other changes: #663 Protect header expat_config.h from multiple inclusion #666 examples: Make use of XML_GetBuffer and be more consistent across examples #648 Address compiler warnings #667 #668 Version info bumped from 9:9:8 to 9:10:8; see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 0a65d443ef11e127b4bf8af6f6ede18a51855c57 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 8 11:11:40 2022 +0000
Core Update 172: Ship zlib
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 634f46dc34f2e134cfe74e72673f7632a52a030b Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Nov 7 22:14:28 2022 +0100
zlib: Update to version 1.2.13
- Update from version 1.2.12 to 1.2.13 - Update of rootfile - Patches for CVE-2022-37434 removed as they are now integarted in the source tarball - Changelog Changes in 1.2.13 (13 Oct 2022) - Fix configure issue that discarded provided CC definition - Correct incorrect inputs provided to the CRC functions - Repair prototypes and exporting of new CRC functions - Fix inflateBack to detect invalid input with distances too far - Have infback() deliver all of the available output up to any error - Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37434) - Fix bug in block type selection when Z_FIXED used - Tighten deflateBound bounds - Remove deleted assembler code references - Various portability and appearance improvements
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit a2a695be02696854c73c74610f15152614fb4ee5 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 3 16:51:19 2022 +0000
Core Update 172: Ship (o|)vpnmain.cgi
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 818dde8e8b8b8cbf571c7d02ba4c8272280f3e46 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 3 15:29:32 2022 +0000
IPsec/OpenVPN: Use 4,096-bit RSA for host certificates as well
We already moved away from 2048-MODP in Core Update 170. Similarly, German Federal Office for Information Security (BSI) recommends shifting away from RSA keys below 3,000 bits by the end of 2022 at the latest.
The only place left in IPFire 2.x where we generate such keys is for IPsec and OpenVPN host certificates. This patch increases their key sizes to 4,096 bits as well - CA certificates already have this length.
Existing VPN connections cannot be migrated automatically. However, only the respective host certificate has to be regenerated - thanks to the CA certificates' key length being sufficient, there is no need to replace the entire VPN CA.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 6376c155b8c02c37d891f91d9bf9e60564430d04 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 3 15:14:01 2022 +0000
Core Update 172: Ship wirelessctrl
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 77e1061bf9079dfdd8bad56a41f3c4a053012654 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 2 10:30:06 2022 +0000
misc-progs: wirelessctrl: Fix missing whitespace for log prefix
Fixes: #12978 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 44fc05f634ab3829ea368428845bd4d5412cc2a9 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Oct 29 09:04:07 2022 +0000
Core Update 172: Ship rules.pl
This file should have been shipped with Core Update 171, but that was omitted by mistake. Core Update 172 therefore finally fixes #12934 on existing installations.
Fixes: #12934 Cc: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a6f89e38db587c467d97513437dfe0ae2e424a19 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Oct 29 08:58:00 2022 +0000
Core Update 171: Ship changes related to services.cgi
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8ed997102eeaee19e06e13aea4dfe08f83338489 Author: Robin Roevens robin.roevens@disroot.org Date: Wed Oct 12 00:01:57 2022 +0200
services.cgi: add link to addon config if ui exists for it
* If a cgi file exists with the same name as an addon, the displayed service will be a link to that cgi file.
Signed-off-by: Robin Roevens robin.roevens@disroot.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 4f205b54422afa069dd3956ebc4df2efe8600f75 Author: Robin Roevens robin.roevens@disroot.org Date: Wed Oct 12 00:01:56 2022 +0200
services.cgi: add restart action and restrict action usage
* Add restart action to services. * Only display available actions for a service: Start when service is stopped or Stop and Restart when a service is running.
Signed-off-by: Robin Roevens robin.roevens@disroot.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 207ca1141c1e1b1b2d384b82ac6b8238ad8d566c Author: Robin Roevens robin.roevens@disroot.org Date: Wed Oct 12 00:01:55 2022 +0200
services.cgi: minor cosmetics
* Singular 'Service' instead of plural 'Services' as column header of services table * Sort list of services
Signed-off-by: Robin Roevens robin.roevens@disroot.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 2b9b31b71d9b6211276b60ce9583198163a0c582 Author: Robin Roevens robin.roevens@disroot.org Date: Wed Oct 12 00:01:54 2022 +0200
services.cgi: Fix status/actions on services with name != addon name
* addonctrl's new functionality to control explicit addon services was implemented. * Change 'Addon' column header to 'Addon Service' to be clear that it's not addons but services listed here. * Services not matching the name of the addon now display the addon name between parentheses, so the user knows where the service comes from. * When no valid runlevel symlink is found by addonctrl for a service, the 'enable on boot' checkbox is replaced by a small exclamation point with alt-text "No valid runlevel symlink was found for the initscript of this service." to inform user why a service can't be enabled. * Added German and Dutch translation for above message.
Fixes: Bug#12935 Signed-off-by: Robin Roevens robin.roevens@disroot.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 24168c8898eb6a9bcc1a0f6103f0c87eb092e7ef Author: Robin Roevens robin.roevens@disroot.org Date: Wed Oct 12 00:01:53 2022 +0200
misc-progs: addonctrl: Add support for 'Services' metadata
* Addonctrl will now check in addon metadata for the exact initscript names (Services). If more than one initscript is defined for an addon, the requested action will be performed on all listed initscripts. * Added posibility to perform action on a specific initscript of an addon instead of on all initscripts of the addon. * New action 'list-services' to display a list of services related to an addon. * New action 'boot-status' to display wether service(s) are enabled to start on boot or not. * More error checking and cleaner error reporting to user * General cleanup and code restructuring to avoid code duplication * Updated and made usage instructions more verbose.
Fixes: Bug#12935 Signed-off-by: Robin Roevens robin.roevens@disroot.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit e728fba16f59f09374e5817de6efa0fcb4d29537 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Oct 29 08:55:58 2022 +0000
Samba: Update ARM rootfiles
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ca1787b29ba370c2da9cdfb29e6f148fdb5edba1 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 24 12:39:47 2022 +0000
libloc: Update rootfile
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 3e5190f5c7fc828937fdefa0a65d97243b55c2ed Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Oct 8 19:55:47 2022 +0200
samba: Update to 4.17.0
For details see: https://www.samba.org/samba/latest_news.html#4.17.0
This "just came my way" and I found the CVEs listed on https://www.samba.org/samba/history/security.html which address "All versions of Samba prior to 4.16.4" or "All versions of Samba" rather long.
The 'glibc_headers' patch is now included.
Sad to say, due to the lack of hardware I can only include the rootfile for x86_64.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
commit 77321ff12fc918f39ce6a4eeb37a97e25896b65f Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 24 09:07:18 2022 +0000
Core Update 172: Ship changes related to OpenVPN CRL handling
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit e420c103dede60f9c8121386b55e83314d176634 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 7 14:50:17 2022 +0000
openvpnctrl: Update CRL before starting the client daemon
If the CRL is outdated for some reason (e.g. a backup restored from ISO where we don't run the migration scripts), this will update it on reboot/restart of the service.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 233baacd6753d8adb756219d5fac536d9b6f92ae Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 7 14:50:16 2022 +0000
backup: Update OpenVPN CRL
After a backup is restored, the CRL might be out of data and client won't be able to connect to the server any more.
This will immediately update the CRL should it require an update.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c965daf6da233875d6cdf06fd8935f18102c7478 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 24 09:05:23 2022 +0000
Core Update 172: Delete orphaned strongSwan files
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 5f1abe00433812a75e58583ed254a452fe30a609 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 24 09:04:29 2022 +0000
Core Update 172: Ship and restart Unbound
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 609007e54b85fafd14b35c3adfd9acb8a36b9b4d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Oct 14 21:09:35 2022 +0200
unbound: Update to 1.17.0
For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-0
"Features
Merge #753: ACL per interface. (New interface-* configuration options).
Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option).
Bug Fixes
Fix #728: alloc_reg_obtain() core dump. Stop double alloc_reg_release when serviced_create fails. Fix edns subnet so that scope 0 answers only match sourcemask 0 queries for answers from cache if from a query with sourcemask 0. Fix unittest for edns subnet change. Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to unsupported IPV6_USER_MTU socket option being set. Fix ratelimit inconsistency, for ip-ratelimits the value is the amount allowed, like for ratelimits. Fix #734 [FR] enable unbound-checkconf to detect more (basic) errors. Fix to log accept error ENFILE and EMFILE errno, but slowly, once per 10 seconds. Also log accept failures when no slow down is used. Fix to avoid process wide fcntl calls mixed with nonblocking operations after a blocked write. Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive operations, so that instruction reordering does not cause mistakenly blocking socket operations. Fix to wait for blocked write on UDP sockets, with a timeout if it takes too long the packet is dropped. Fix for wait for udp send to stop when packet is successfully sent. Fix #741: systemd socket activation fails on IPv6. Fix to update config tests to fix checking if nonblocking sockets work on OpenBSD. Slow down log frequency of write wait failures. Fix to set out of file descriptor warning to operational verbosity. Fix to log a verbose message at operational notice level if a thread is not responding, to stats requests. It is logged with thread identifiers. Remove include that was there for debug purposes. Fix to check pthread_t size after pthread has been detected. Convert tdir tests to use the new skip_test functionality. Remove unused testcode/mini_tpkg.sh file. Better output for skipped tdir tests. Fix doxygen warning in respip.h. Fix to remove erroneous TC flag from TCP upstream. Fix test tdir skip report printout. Fix windows compile, the identifier interface is defined in headers. Fix to close errno block in comm_point_tcp_handle_read outside of ifdef. Fix static analysis report to remove dead code from the rpz_callback_from_iterator_module function. Fix to clean up after the acl_interface unit test. Merge #764: Leniency for target discovery when under load (for NRDelegation changes). Use DEBUG_TDIR from environment in mini_tdir.sh for debugging. Fix string comparison in mini_tdir.sh. Make ede.tdir test more predictable by using static data. Fix checkconf test for dnscrypt and proxy port. Fix dnscrypt compile for proxy protocol code changes. Fix to stop responses with TC flag from resulting in partial responses. It retries to fetch the data elsewhere, or fails the query and in depth fix removes the TC flag from the cached item. Fix proxy length debug output printout typecasts. Fix to stop possible loops in the tcp reuse code (write_wait list and tcp_wait list). Based on analysis and patch from Prad Seniappan and Karthik Umashankar. Fix PROXYv2 header read for TCP connections when no proxied addresses are provided."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 4ddb1fdac09c20d132935f668b395b918e9846a4 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 24 09:03:08 2022 +0000
Core Update 172: Ship and restart OpenSSH
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 89e47eaca85d0d582195731b4506b6c4be1dfe75 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Oct 15 15:47:51 2022 +0000
OpenSSH: Update to 9.1p1
Please refer to https://www.openssh.com/releasenotes.html#9.1 for the release announcement of this version.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 7fc5e932944d61af0ccacf87bb562f0a94bb3f26 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 24 08:59:09 2022 +0000
Core Update 172: Ship tzdata
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 367a62f5151c1a8569c32d2d40a536d889dd55f6 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Oct 15 15:51:05 2022 +0000
tzdata: Update to 2022e
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 024579de58e4410ce1d2eba61814f2ede59f53a5 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 24 08:58:51 2022 +0000
Core Update 172: Ship libloc
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 0d0bfd0e5c68a6d0ebef31f37fbd601a90e71250 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Oct 15 15:53:07 2022 +0000
libloc: Update to 0.9.15
Please refer to https://lists.ipfire.org/pipermail/location/2022-September/000579.html for the release announcement of this version.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit f6121180b8a219e11a21d586df0ad175f1440b63 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 24 08:57:00 2022 +0000
Core Update 172: Ship and restart strongSwan
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4929efb7d8a0b90040be24754b13f748a15f8a85 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Oct 15 16:01:26 2022 +0000
strongSwan: Update to 5.9.8
Please refer to https://github.com/strongswan/strongswan/releases/tag/5.9.8 for the release announcement of this version.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 0f421901dde788a2bbb8af1fcf185477408a812b Author: Peter Müller peter.mueller@ipfire.org Date: Mon Oct 24 08:55:12 2022 +0000
Start Core Update 172
Signed-off-by: Peter Müller peter.mueller@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree