This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 819e5e087f02eb4d922d3246110be759fbea59f7 (commit) via afa464fd4aebfab35badb0d4231b492dde1fe728 (commit) via 6163e1b766ec88855a4dd88d79086d671ee4fb51 (commit) via ae6eae447de0a839150fcc01a3a9c87d22f00f5f (commit) via a2e50df0fa337b860b4c1075d8f2ac03ddeb2ad2 (commit) via d84dac1555e8373b58ebe2fb9bf084d15f241a37 (commit) via 6948b9f7e9b04c1f08b5b099e3d55f92e8fd7af9 (commit) via 363c41724babbb13e670bdbd4cd27a24ec9552dc (commit) via c86225c9448cfe8972f97be6e7c347502487214b (commit) via a9aae44d6a2c6192ccb840dddde686f922808ec1 (commit) via 6ff6ba85ba0787c54cf5caa82a9171ca8b12e350 (commit) via a0b158da4c72f6d0f9167230f261d9b971a90c72 (commit) via c81385f7f87b06fe6df6768a967eeaf7baa37e58 (commit) via fab890c51874d204f02fbd81c4af465963b92e48 (commit) via fa3f331a2e8417c631d280713eccbe74b5711421 (commit) via a8e3499f78edf9aa51503958eae21248d9c65c12 (commit) via b830e457e7ca497211dedfb408a3551be2724753 (commit) via 7e464d15159e56156e9036c664a189025fc2c977 (commit) via f86ae7d1a6fd6436aa3d285f0a1c2fdc9ce364f6 (commit) via 1ad5a01388970e3349f83702596d83ce44b1a8f4 (commit) via 55ee176bb380f9b0ca57d6a60e74a0efb8c6e087 (commit) via 5be71d2a6efbbf1cf48aca6272d28fbf00ce8f12 (commit) from ace891f71937c0e08e5b3243565e55c1704c8451 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 819e5e087f02eb4d922d3246110be759fbea59f7 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:11:45 2022 +0000
Core Update 172: Ship u-boot and regenerate all initrds
The latter is also needed to apply new CPU microcodes on x86_64.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit afa464fd4aebfab35badb0d4231b492dde1fe728 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Nov 20 09:46:42 2022 +0000
u-boot: create signed bootscript at build time
before this was as binary in git which make no real sense.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 6163e1b766ec88855a4dd88d79086d671ee4fb51 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Nov 20 08:54:27 2022 +0000
u-boot: update to 2022.10 and arm-trusted-firmware-2.7
this should fix keyboard issues on rpi-4 and many other problems.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit ae6eae447de0a839150fcc01a3a9c87d22f00f5f Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:05:54 2022 +0000
Core Update 172: Ship usbutils
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a2e50df0fa337b860b4c1075d8f2ac03ddeb2ad2 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 22:49:13 2022 +0100
usbutils: Update to version 015
- Update from version 014 to 015 - Update of rootfile not required - Changelog usbutils 015 usb-devices: list the root devices in numerical order usb-devices: use 'local' variable type to handle recursion lsusb: remove unused wireless check lsusb: remove wireless descriptor information usb-devices: fix field width on device speed field lsusb: fix up Midi Device specification devices Fix an runtime error reported by undefind sanitizer lsusb: Improve status display for SuperSpeedPlus hubs lsusb-t: Fix recursive sorting on child devices.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit d84dac1555e8373b58ebe2fb9bf084d15f241a37 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:05:21 2022 +0000
Core Update 172: Ship sed
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 6948b9f7e9b04c1f08b5b099e3d55f92e8fd7af9 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 22:48:51 2022 +0100
sed: Update to version 4.9
- Update from version 4.8 to 4.9 - Update of rootfile not required - Changelog * Noteworthy changes in release 4.9 (2022-11-06) [stable] ** Bug fixes 'sed --follow-symlinks -i' no longer loops forever when its operand is a symbolic link cycle. [bug introduced in sed 4.2] a program with an execution line longer than 2GB can no longer trigger an out-of-bounds memory write. using the R command to read an input line of length longer than 2GB can no longer trigger an out-of-bounds memory read. In locales using UTF-8 encoding, the regular expression '.' no longer sometimes fails to match Unicode characters U+D400 through U+D7FF (some Hangul Syllables, and Hangul Jamo Extended-B) and Unicode characters U+108000 through U+10FFFF (half of Supplemental Private Use Area plane B). [bug introduced in sed 4.8] I/O errors involving temp files no longer confuse sed into using a FILE * pointer after fclosing it, which has undefined behavior in C. ** New Features The 'r' command now accepts address 0, allowing inserting a file before the first line. ** Changes in behavior Sed now prints the less-surprising variant in a corner case of POSIX-unspecified behavior. Before, this would print "n". Now, it prints "X": printf n | sed 'sn\nnXn'; echo
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 363c41724babbb13e670bdbd4cd27a24ec9552dc Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:04:45 2022 +0000
Core Update 172: Ship openvpn
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c86225c9448cfe8972f97be6e7c347502487214b Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 22:48:37 2022 +0100
openvpn: Update to version 2.5.8
- Update from version 2.5.7 to 2.5.8 - Update of rootfile not required - Changelog Version 2.5.8 tls-crypt-v2: bail out if the client key is too small Remove useless empty line from CR_RESPONSE message Allow running a default configuration with TLS libraries without BF-CBC Change command help to match man page and implementation Fix OpenVPN querying user/password if auth-token with user expires t_client: Allow to force FAIL on prerequisite fails t_client.sh: do not require fping6 Preparing release 2.5.8 msvc: add branch name and commit hash to version output Update the replay-window backtrack log message Do not skip ERROR:/SUCCESS: response from management interface Fix auth-token usage with management-def-auth Allow a few levels of recursion in virtual_output_callback() Ensure --auth-nocache is handled during renegotiation Purge auth-token as well while purging passwords Do not copy auth_token username to itself
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit a9aae44d6a2c6192ccb840dddde686f922808ec1 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:04:14 2022 +0000
Core Update 172: Ship xz
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 6ff6ba85ba0787c54cf5caa82a9171ca8b12e350 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:52:36 2022 +0100
xz: Update to version 5.2.8
- Update from version 5.2.5 to 5.2.8 - Update of rootfile - Remove xzgrep-ZDI-CAN-16587 patch as the contents are now integrated into the source tarball and with an improved quicker method - see changelog below. - Changelog 5.2.8 (2022-11-13) * xz: - If xz cannot remove an input file when it should, this is now treated as a warning (exit status 2) instead of an error (exit status 1). This matches GNU gzip and it is more logical as at that point the output file has already been successfully closed. - Fix handling of .xz files with an unsupported check type. Previously such printed a warning message but then xz behaved as if an error had occurred (didn't decompress, exit status 1). Now a warning is printed, decompression is done anyway, and exit status is 2. This used to work slightly before 5.0.0. In practice this bug matters only if xz has been built with some check types disabled. As instructed in PACKAGERS, such builds should be done in special situations only. - Fix "xz -dc --single-stream tests/files/good-0-empty.xz" which failed with "Internal error (bug)". That is, --single-stream was broken if the first .xz stream in the input file didn't contain any uncompressed data. - Fix displaying file sizes in the progress indicator when working in passthru mode and there are multiple input files. Just like "gzip -cdf", "xz -cdf" works like "cat" when the input file isn't a supported compressed file format. In this case the file size counters weren't reset between files so with multiple input files the progress indicator displayed an incorrect (too large) value. * liblzma: - API docs in lzma/container.h: * Update the list of decoder flags in the decoder function docs. * Explain LZMA_CONCATENATED behavior with .lzma files in lzma_auto_decoder() docs. - OpenBSD: Use HW_NCPUONLINE to detect the number of available hardware threads in lzma_physmem(). - Fix use of wrong macro to detect x86 SSE2 support. __SSE2_MATH__ was used with GCC/Clang but the correct one is __SSE2__. The first one means that SSE2 is used for floating point math which is irrelevant here. The affected SSE2 code isn't used on x86-64 so this affects only 32-bit x86 builds that use -msse2 without -mfpmath=sse (there is no runtime detection for SSE2). It improves LZMA compression speed (not decompression). - Fix the build with Intel C compiler 2021 (ICC, not ICX) on Linux. It defines __GNUC__ to 10 but doesn't support the __symver__ attribute introduced in GCC 10. * Scripts: Ignore warnings from xz by using --quiet --no-warn. This is needed if the input .xz files use an unsupported check type. * Translations: - Updated Croatian and Turkish translations. - One new translations wasn't included because it needed technical fixes. It will be in upcoming 5.4.0. No new translations will be added to the 5.2.x branch anymore. - Renamed the French man page translation file from fr_FR.po to fr.po and thus also its install directory (like /usr/share/man/fr_FR -> .../fr). - Man page translations for upcoming 5.4.0 are now handled in the Translation Project. * Update doc/faq.txt a little so it's less out-of-date. 5.2.7 (2022-09-30) * liblzma: - Made lzma_filters_copy() to never modify the destination array if an error occurs. lzma_stream_encoder() and lzma_stream_encoder_mt() already assumed this. Before this change, if a tiny memory allocation in lzma_filters_copy() failed it would lead to a crash (invalid free() or invalid memory reads) in the cleanup paths of these two encoder initialization functions. - Added missing integer overflow check to lzma_index_append(). This affects xz --list and other applications that decode the Index field from .xz files using lzma_index_decoder(). Normal decompression of .xz files doesn't call this code and thus most applications using liblzma aren't affected by this bug. - Single-threaded .xz decoder (lzma_stream_decoder()): If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible to use lzma_memlimit_set() to increase the limit and continue decoding. This was supposed to work from the beginning but there was a bug. With other decoders (.lzma or threaded .xz decoder) this already worked correctly. - Fixed accumulation of integrity check type statistics in lzma_index_cat(). This bug made lzma_index_checks() return only the type of the integrity check of the last Stream when multiple lzma_indexes were concatenated. Most applications don't use these APIs but in xz it made xz --list not list all check types from concatenated .xz files. In xz --list --verbose only the per-file "Check:" lines were affected and in xz --robot --list only the "file" line was affected. - Added ABI compatibility with executables that were linked against liblzma in RHEL/CentOS 7 or other liblzma builds that had copied the problematic patch from RHEL/CentOS 7 (xz-5.2.2-compat-libs.patch). For the details, see the comment at the top of src/liblzma/validate_map.sh. WARNING: This uses __symver__ attribute with GCC >= 10. In other cases the traditional __asm__(".symver ...") is used. Using link-time optimization (LTO, -flto) with GCC versions older than 10 can silently result in broken liblzma.so.5 (incorrect symbol versions)! If you want to use -flto with GCC, you must use GCC >= 10. LTO with Clang seems to work even with the traditional __asm__(".symver ...") method. * xzgrep: Fixed compatibility with old shells that break if comments inside command substitutions have apostrophes ('). This problem was introduced in 5.2.6. * Build systems: - New #define in config.h: HAVE_SYMBOL_VERSIONS_LINUX - Windows: Fixed liblzma.dll build with Visual Studio project files. It broke in 5.2.6 due to a change that was made to improve CMake support. - Windows: Building liblzma with UNICODE defined should now work. - CMake files are now actually included in the release tarball. They should have been in 5.2.5 already. - Minor CMake fixes and improvements. * Added a new translation: Turkish 5.2.6 (2022-08-12) * xz: - The --keep option now accepts symlinks, hardlinks, and setuid, setgid, and sticky files. Previously this required using --force. - When copying metadata from the source file to the destination file, don't try to set the group (GID) if it is already set correctly. This avoids a failure on OpenBSD (and possibly on a few other OSes) where files may get created so that their group doesn't belong to the user, and fchown(2) can fail even if it needs to do nothing. - Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on MIPS32 because on MIPS32 userspace processes are limited to 2 GiB of address space. * liblzma: - Fixed a missing error-check in the threaded encoder. If a small memory allocation fails, a .xz file with an invalid Index field would be created. Decompressing such a file would produce the correct output but result in an error at the end. Thus this is a "mild" data corruption bug. Note that while a failed memory allocation can trigger the bug, it cannot cause invalid memory access. - The decoder for .lzma files now supports files that have uncompressed size stored in the header and still use the end of payload marker (end of stream marker) at the end of the LZMA stream. Such files are rare but, according to the documentation in LZMA SDK, they are valid. doc/lzma-file-format.txt was updated too. - Improved 32-bit x86 assembly files: * Support Intel Control-flow Enforcement Technology (CET) * Use non-executable stack on FreeBSD. - Visual Studio: Use non-standard _MSVC_LANG to detect C++ standard version in the lzma.h API header. It's used to detect when "noexcept" can be used. * xzgrep: - Fixed arbitrary command injection via a malicious filename (CVE-2022-1271, ZDI-CAN-16587). A standalone patch for this was released to the public on 2022-04-07. A slight robustness improvement has been made since then and, if using GNU or *BSD grep, a new faster method is now used that doesn't use the old sed-based construct at all. This also fixes bad output with GNU grep >= 3.5 (2020-09-27) when xzgrepping binary files. This vulnerability was discovered by: cleemy desu wayo working with Trend Micro Zero Day Initiative - Fixed detection of corrupt .bz2 files. - Improved error handling to fix exit status in some situations and to fix handling of signals: in some situations a signal didn't make xzgrep exit when it clearly should have. It's possible that the signal handling still isn't quite perfect but hopefully it's good enough. - Documented exit statuses on the man page. - xzegrep and xzfgrep now use "grep -E" and "grep -F" instead of the deprecated egrep and fgrep commands. - Fixed parsing of the options -E, -F, -G, -P, and -X. The problem occurred when multiple options were specied in a single argument, for example, echo foo | xzgrep -Fe foo treated foo as a filename because -Fe wasn't correctly split into -F -e. - Added zstd support. * xzdiff/xzcmp: - Fixed wrong exit status. Exit status could be 2 when the correct value is 1. - Documented on the man page that exit status of 2 is used for decompression errors. - Added zstd support. * xzless: - Fix less(1) version detection. It failed if the version number from "less -V" contained a dot. * Translations: - Added new translations: Catalan, Croatian, Esperanto, Korean, Portuguese, Romanian, Serbian, Spanish, Swedish, and Ukrainian - Updated the Brazilian Portuguese translation. - Added French man page translation. This and the existing German translation aren't complete anymore because the English man pages got a few updates and the translators weren't reached so that they could update their work. * Build systems: - Windows: Fix building of resource files when config.h isn't used. CMake + Visual Studio can now build liblzma.dll. - Various fixes to the CMake support. Building static or shared liblzma should work fine in most cases. In contrast, building the command line tools with CMake is still clearly incomplete and experimental and should be used for testing only.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit a0b158da4c72f6d0f9167230f261d9b971a90c72 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:03:12 2022 +0000
Core Update 172: Ship libxcrypt
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c81385f7f87b06fe6df6768a967eeaf7baa37e58 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:52:25 2022 +0100
libxcrypt: Update to version 4.4.33
- Update from version 4.4.28 to 4.4.33 - Update of rootfile not required - Changelog Version 4.4.33 * Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c. With commit 894aee75433b4dc8d9724b126da6e79fa5f6814b we introduced some changes to huge page handling, that show this error when building with GCC v12.2.1, and thus need a small fix. Version 4.4.32 * Improvements to huge page handling in lib/alg-yescrypt-platform.c. When explicitly using huge pages, request the 2 MiB page size. This should fix the issue where on a system configured to use 1 GiB huge pages we'd fail on munmap() as we're only rounding the size up to a multiple of 2 MiB. With the fix, we wouldn't use huge pages on such a system. Unfortunately, now we also wouldn't use huge pages on Linux kernels too old to have MAP_HUGE_2MB (issue #152). Version 4.4.31 * Fix -Werror=conversion in lib/alg-yescrypt-opt.c (issues #161 and #162). * Add some SHA-2 Maj() optimization in lib/alg-sha256.c. * Fix issues found by Covscan in test/getrandom-fallback.c. * Fix -Werror=strict-overflow in lib/crypt-des.c, which is seen by GCC 12.x (issues #155 and #163). Version 4.4.30 * configure: Restore ucontext api functionality check. In c3f01c72b303cbbb0cc8983120677edee2f3fa4b the use of the ucontext api in the main program was removed, and with it the configure check for it. However, the ucontext api is still used in the "explicit_bzero" test and thus this test still needs to be in place. See also: https://bugs.gentoo.org/838172 * configure: Restore the functionality of the '--disable-symvers' switch. Without this fix the build was simply broken, if symbol versioning was disabled for any reason, e.g. whether the compiler nor the linker supporting it, or if disabled on purpose by the user (issue #142). * Fix variable name in crypt(3) for a datamember of 'struct crypt_data' (issue #153). Version 4.4.29 * Add glibc-on-loongarch-lp64 (Loongson LA464 / LA664) entry to libcrypt.minver. This was added in GNU libc 2.36.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit fab890c51874d204f02fbd81c4af465963b92e48 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 11:02:29 2022 +0000
Core Update 172: Ship libuv
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit fa3f331a2e8417c631d280713eccbe74b5711421 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:52:10 2022 +0100
libuv: Update to version 1.44.2
- Update from 1.42.0 to 1.44.2 - Update of rootfile not required. - Changelog Version 1.44.2 * Add SHA to ChangeLog (Jameson Nash) * aix, ibmi: handle server hang when remote sends TCP RST (V-for-Vasili) * build: make CI a bit noisier (Jameson Nash) * process: reset the signal mask if the fork fails (Jameson Nash) * zos: implement cmpxchgi() using assembly (Shuowang (Wayne) Zhang) * build: AC_SUBST for AM_CFLAGS (Claes Nästén) * ibmi: Implement UDP disconnect (V-for-Vasili) * doc: update active maintainers list (Ben Noordhuis) * build: fix kFreeBSD build (James McCoy) * build: remove Windows 2016 workflows (Darshan Sen) * Revert "win,errors: remap ERROR_ACCESS_DENIED to UV_EACCES" (Darshan Sen) * unix: simplify getpwuid call (Jameson Nash) * build: filter CI by paths and branches (Jameson Nash) * build: add iOS to macos CI (Jameson Nash) * build: re-enable CI for windows changes (Jameson Nash) * process,iOS: fix build breakage in process.c (Denny C. Dai) * test: remove unused declarations in tcp_rst test (V-for-Vasili) * core: add thread-safe strtok implementation (Guilherme Íscaro) * win: fix incompatible-types warning (twosee) * test: fix flaky file watcher test (Ben Noordhuis) * build: fix AIX xlc autotools build (V-for-Vasili) * unix,win: fix UV_RUN_ONCE + uv_idle_stop loop hang (Ben Noordhuis) * win: fix unexpected ECONNRESET error on TCP socket (twosee) * doc: make sample cross-platform build (gengjiawen) * test: separate some static variables by test cases (Hannah Shi) * sunos: fs-event callback can be called after uv_close() (Andy Fiddaman) * uv: re-register interest in a file after change (Shuowang (Wayne) Zhang) * uv: register UV_RENAME event for _RFIM_UNLINK (Shuowang (Wayne) Zhang) * uv: register __rfim_event 156 as UV_RENAME (Shuowang (Wayne) Zhang) * doc: remove smartos from supported platforms (Ben Noordhuis) * macos: avoid posix_spawnp() cwd bug (Jameson Nash) * release: check versions of autogen scripts are newer (Jameson Nash) * test: rewrite embed test (Ben Noordhuis) * openbsd: use utimensat instead of lutimes (tuftedocelot) * doc: fix link to uvwget example main() function (blogdaren) * unix: use MSG_CMSG_CLOEXEC where supported (Ben Noordhuis) * test: remove disabled callback_order test (Ben Noordhuis) * win,pipe: fix bugs with pipe resource lifetime management (Jameson Nash) * loop: better align order-of-events behavior between platforms (Jameson Nash) * aix,test: uv_backend_fd is not supported by poll (V-for-Vasili) * kqueue: skip EVFILT_PROC when invalidating fds (chucksilvers) * darwin: fix atomic-ops.h ppc64 build (Sergey Fedorov) * zos: don't err when killing a zombie process (Shuowang (Wayne) Zhang) * zos: avoid fs event callbacks after uv_close() (Shuowang (Wayne) Zhang) * zos: correctly format interface addresses names (Shuowang (Wayne) Zhang) * zos: add uv_interface_addresses() netmask support (Shuowang (Wayne) Zhang) * zos: improve memory management of ip addresses (Shuowang (Wayne) Zhang) * tcp,pipe: fail `bind` or `listen` after `close` (theanarkh) * zos: implement uv_available_parallelism() (Shuowang (Wayne) Zhang) * udp,win: fix UDP compiler warning (Jameson Nash) * zos: fix early exit of epoll_wait() (Shuowang (Wayne) Zhang) * unix,tcp: fix errno handling in uv__tcp_bind() (Samuel Cabrero) * shutdown,unix: reduce code duplication (Jameson Nash) * unix: fix c99 comments (Ben Noordhuis) * unix: retry tcgetattr/tcsetattr() on EINTR (Ben Noordhuis) * docs: update introduction.rst (Ikko Ashimine) * unix,stream: optimize uv_shutdown() codepath (Jameson Nash) * zos: delay signal handling until after normal i/o (Shuowang (Wayne) Zhang) * stream: uv__drain() always needs to stop POLLOUT (Jameson Nash) * unix,tcp: allow EINVAL errno from setsockopt in uv_tcp_close_reset() (Stacey Marshall) * win,shutdown: improve how shutdown is dispatched (Jameson Nash) Version 1.44.1 * process: simplify uv__write_int calls (Jameson Nash) * macos: don't use thread-unsafe strtok() (Ben Noordhuis) * process: fix hang after NOTE_EXIT (Jameson Nash) Version 1.44.0 * darwin: remove EPROTOTYPE error workaround (Ben Noordhuis) * doc: fix v1.43.0 changelog entries (cjihrig) * win: replace CRITICAL_SECTION+Semaphore with SRWLock (David Machaj) * darwin: translate EPROTOTYPE to ECONNRESET (Ben Noordhuis) * android: use libc getifaddrs() (Ben Noordhuis) * unix: fix STATIC_ASSERT to check what it means to check (Jessica Clarke) * unix: ensure struct msghdr is zeroed in recvmmsg (Ondřej Surý) * test: test with maximum recvmmsg buffer (Ondřej Surý) * unix: don't allow too small thread stack size (Ben Noordhuis) * bsd: ensure mutex is initialized (Ben Noordhuis) * doc: add gengjiawen as maintainer (gengjiawen) * process: monitor for exit with kqueue on BSDs (Jeremy Rose) * test: fix flaky uv_fs_lutime test (Momtchil Momtchev) * build: fix cmake install locations (Jameson Nash) * thread,win: fix C90 style nit (ssrlive) * build: rename CFLAGS to AM_CFLAGS (Jameson Nash) * doc/guide: update content and sample code (woclass) * process,bsd: handle kevent NOTE_EXIT failure (Jameson Nash) * test: remove flaky test ipc_closed_handle (Ben Noordhuis) * darwin: bump minimum supported version to 10.15 (Ben Noordhuis) * win: return fractional seconds in uv_uptime() (Luca Adrian L) * build: export uv_a for cmake (WenTao Ou) * loop: add pending work to loop-alive check (Jameson Nash) * win: use GetTickCount64 for uptime again (Jameson Nash) * win: restrict system DLL load paths (jonilaitinen) * win,errors: remap ERROR_ACCESS_DENIED to UV_EACCES (Darshan Sen) * bench: add `uv_queue_work` ping-pong measurement (Momtchil Momtchev) * build: fix error C4146 on MSVC (UMU) * test: fix benchmark-ping-udp (Ryan Liptak) * win,fs: consider broken pipe error a normal EOF (Momtchil Momtchev) * document the values of enum uv_stdio_flags (Paul Evans) * win,loop: add missing uv_update_time (twosee) * win,fs: avoid closing an invalid handle (Jameson Nash) * fix oopsie from * doc: clarify android api level (Ben Noordhuis) * win: fix style nits [NFC] (Jameson Nash) * test: fix flaky udp_mmsg test (Santiago Gimeno) * test: fix ipc_send_recv_pipe flakiness (Ben Noordhuis) * doc: checkout -> check out (wyckster) * core: change uv_get_password uid/gid to unsigned (Jameson Nash) * hurd: unbreak build on GNU/Hurd (Vittore F. Scolari) * freebsd: use copy_file_range() in uv_fs_sendfile() (David Carlier) * test: use closefd in runner-unix.c (Guilherme Íscaro) * Reland "macos: use posix_spawn instead of fork" (Jameson Nash) * android: fix build error when no ifaddrs.h (ssrlive) * unix,win: add uv_available_parallelism() (Ben Noordhuis) * process: remove OpenBSD from kevent list (Jameson Nash) * zos: fix build breakage (Ben Noordhuis) * process: only use F_DUPFD_CLOEXEC if it is defined (Jameson Nash) * win,poll: add the MSAFD GUID for AF_UNIX (roflcopter4) * unix: simplify uv__cloexec_fcntl() (Ben Noordhuis) * doc: add secondary GPG ID for vtjnash (Jameson Nash) * unix: remove uv__cloexec_ioctl() (Jameson Nash) Version 1.43.0 * run test named ip6_sin6_len (Jameson Nash) * docs: fix wrong information about scheduling (Mohamed Edrah) * unix: protect fork in uv_spawn from signals (Jameson Nash) * drop only successfully sent packets post sendmmsg (Supragya Raj) * test: fix typo in test-tty-escape-sequence-processing.c (Ikko Ashimine) * cmake: use standard installation layout always (Sylvain Corlay) * win,spawn: allow UNC path with forward slash (earnal) * win,fsevent: fix uv_fs_event_stop() assert (Ben Noordhuis) * unix: remove redundant include in unix.h (Juan José Arboleda) * doc: mark SmartOS as Tier 3 support (Ben Noordhuis) * doc: fix broken links for netbsd's sysctl manpage (YAKSH BARIYA) * misc: adjust stalebot deadline (Ben Noordhuis) * test: remove `dns-server.c` as it is not used anywhere (Darshan Sen) * build: fix non-cmake android builds (YAKSH BARIYA) * doc: replace pyuv with uvloop (Ofek Lev) * asan: fix some tests (Jameson Nash) * build: add experimental TSAN configuration (Jameson Nash) * pipe: remove useless assertion (~locpyl-tidnyd) * bsd: destroy mutex in uv__process_title_cleanup() (Darshan Sen) * build: add windows build to CI (Darshan Sen) * win,fs: fix error code in uv_fs_read() and uv_fs_write() (Darshan Sen) * build: add macos-latest to ci matrix (Ben Noordhuis) * udp: fix &/&& typo in macro condition (Evan Miller) * build: install cmake package module (Petr Menšík) * win: fix build for mingw32 (Nicolas Noble) * build: fix build failures with MinGW new headers (erw7) * build: fix win build with cmake versions before v3.14 (AJ Heller) * unix: support aarch64 in uv_cpu_info() (Juan José Arboleda) * linux: work around CIFS EPERM bug (Ben Noordhuis) * sunos: Oracle Developer Studio support (Stacey Marshall) * Revert "sunos: Oracle Developer Studio support (cjihrig) * sunos: Oracle Developer Studio support (Stacey Marshall) * stream: permit read after seeing EOF (Jameson Nash) * thread: initialize uv_thread_self for all threads (Jameson Nash) * kqueue: ignore write-end closed notifications (Jameson Nash) * macos: fix the cfdata length in uv__get_cpu_speed (Jesper Storm Bache) * unix,win: add uv_ip_name to get name from sockaddr (Campbell He) * win,test: fix a few typos (AJ Heller) * zos: use destructor for uv__threadpool_cleanup() (Wayne Zhang) * linux: use MemAvailable instead of MemFree (Andrey Hohutkin) * freebsd: call dlerror() only if necessary (Jameson Nash) * bsd,windows,zos: fix udp disconnect EINVAL (deal)
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit a8e3499f78edf9aa51503958eae21248d9c65c12 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:51:48 2022 +0100
libpipeline: Update to version 1.5.7
- Update from 1.5.6 to 1.5.7 - Update of rootfile - Changelog Version: 1.5.7 * lib/Makefile.am (libpipeline_la_LDFLAGS): Bump -version-info to 6:7:5. Make socketpair configure tests compatible with C23 K&R-style zero-argument function definitions will no longer be permitted. * m4/pipeline-socketpair.m4 (PIPELINE_SOCKETPAIR_PIPE, PIPELINE_SOCKETPAIR_MODE): Use `int main(void)`, not `int main()`. * NEWS.md: Document this. Update pre-commit hooks * .pre-commit-config.yaml (pre-commit-hooks): Update to v4.3.0. (clang-format): Update to v14.0.6. Update manual page date * man/libpipeline.3 (.Dd): Update to the date of the last substantial modification. Leaving this as 2010 suggested more antiquity than we need to suggest. Update home page URL * README.md: Use `https://libpipeline.gitlab.io/libpipeline/%60. * lib/libpipeline.pc.in (URL): Likewise. web: Update last release * web/index.html: Update to 1.5.6. web: Fix last-modified date generation * .gitlab-ci.yml: Replace `@DATE@` with the current date in `public/index.html`. * web/index.html: Use `@DATE@` template. web: Assorted URL updates * web/index.html: Update Git URLs to GitLab. Chase various redirects and/or switch to HTTPS. Remove old Savannah link. Add GitLab Pages site * .gitlab-ci.yml (stages): Add deploy. (pages): New job. * web/index.html, web/libpipeline-lightning-talk.odp, web/standard.css, web/white.css: New files. Transferred Git repository to new group * README.md: Change GitLab URL to https://gitlab.com/libpipeline/libpipeline. * NEWS.md: Document this. Add notes to libpipeline(3) of when functions were added * man/libpipeline.3 (DESCRIPTION, ENVIRONMENT): Add various "Added in" notes. * NEWS.md: Document this.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit b830e457e7ca497211dedfb408a3551be2724753 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 18:51:35 2022 +0100
libassuan: Update to version 2.5.5
- Update from 2.5.4 to 2.5.5 - Update of rootfile - Changelog Release 2.5.5. Support Unicode when starting servers on Windows. * src/assuan-socket.c (utf8_to_wchar): Rename to (_assuan_utf8_to_wchar): this and give global scope. * src/system-w32.c (__assuan_spawn): Use CreateProcessW. m4: Update with newer autoconf constructs. * src/libassuan.m4: Replace AC_HELP_STRING to AS_HELP_STRING. build: Update to newer autoconf constructs. * configure.ac: Use AC_CONFIG_HEADERS instead of AM_CONFIG_HEADER. Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE. Use AS_HELP_STRING instead of AC_HELP_STRING. (AC_TYPE_SIGNAL): Remove. (AC_DECL_SYS_SIGLIST): Remove. * m4/Makefile.am (EXTRA_DIST): Update. * m4/gnupg-pth.m4: Remove. * m4/onceonly.m4: Remove. * m4/socklen.m4: Update from gnulib. * m4/libtool.m4: Update from libgpg-error. * m4/gpg-error.m4: Update from libgpg-error. Fix crash when logging. * src/assuan-logging.c (_assuan_log_control_channel): Use gpgrt_malloc.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 7e464d15159e56156e9036c664a189025fc2c977 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 10:59:24 2022 +0000
Core Update 172: Ship readline
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f86ae7d1a6fd6436aa3d285f0a1c2fdc9ce364f6 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 15:40:35 2022 +0100
gdb: Patch for building with readline-8.2
- Patch required for successful building with readline-8.2 In readline 8.2 the type of rl_completer_word_break_characters changed to include const.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 1ad5a01388970e3349f83702596d83ce44b1a8f4 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 15:40:34 2022 +0100
readline: Update to version 8.2 plus patch 1
- Update from version 8.1 to 8.2 plus patch 1 - Update of rootfile - Changelog version 8.2 There is a new framework for readline timeouts, including new public functions to set timeouts and query how much time is remaining before a timeout hits, and a hook function that can trigger when readline times out. There is a new state value to indicate a timeout. There is a new option: `enable-active-region'. This separates control of the active region and bracketed-paste. It has the same default value as bracketed-paste, and enabling bracketed paste enables the active region. Users can now turn off the active region while leaving bracketed paste enabled. Two new bindable string variables are available; their values are terminal escape sequences that set the color used to display the active region and turn it off, respectively. If set, these are used in place of terminal standout mode. Finally, Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate locale-specific display and key binding variables when the locale changes. There are a few bug fixes in the redisplay code when restoring the prompt after a digit-argument prompt or incremental search back to a prompt that contains invisible multibyte characters. There are more checks for read errors, especially in the middle of readline commands; previous versions could loop or return incorrect data. Full details are below. GNU Readline is a library which provides programs with an input facility including command-line editing and history. Editing commands similar to both emacs and vi are included. The GNU History library, which provides facilities for managing a list of previously-typed command lines and an interactive command line recall facility similar to that provided by csh, is also present. The history library is built as part of the readline as well as separately. 1. Changes to Readline a. Fixed a problem with cleaning up active marks when using callback mode. b. Fixed a problem with arithmetic comparison operators checking the version. c. Fixed a problem that could cause readline not to build on systems without POSIX signal functions. d. Fixed a bug that could cause readline to crash if the application removed the callback line handler before readline read all typeahead. e. Added additional checks for read errors in the middle of readline commands. f. Fixed a redisplay problem that occurred when switching from the digit- argument prompt `(arg: N)' back to the regular prompt and the regular prompt contained invisible characters. g. Fixed a problem with restoring the prompt when aborting an incremental search. h. Fix a problem with characters > 128 not being displayed correctly in certain single-byte encodings. i. Fixed a problem with unix-filename-rubout that caused it to delete too much when applied to a pathname consisting only of one or more slashes. j. Fixed a display problem that caused the prompt to be wrapped incorrectly if the screen changed dimensions during a call to readline() and the prompt became longer than the screen width. k. Fixed a problem that caused the \r output by turning off bracketed paste to overwrite the line if terminal echo was disabled. l. Fixed a bug that could cause colored-completion-prefix to not display if completion-prefix-display-length was set. m. Fixed a problem with line wrapping prompts when a group of invisible characters runs to the right edge of the screen and the prompt extends longer then the screen width. n. Fixed a couple problems that could cause rl_end to be set incorrectly by transpose-words. o. Prevent some display problems when running a command as the result of a trap or one bound using `bind -x' and the command generates output. p. Fixed an issue with multi-line prompt strings that have one or more invisible characters at the end of a physical line. q. Fixed an issue that caused a history line's undo list to be cleared when it should not have been. r. When replacing a history entry, make sure the existing entry has a non-NULL timestamp before copying it; it may have been added by the application, not the history library. 2. New Features in Readline a. There is now an HS_HISTORY_VERSION containing the version number of the history library for applications to use. b. History expansion better understands multiple history expansions that may contain strings that would ordinarily inhibit history expansion (e.g., `abc!$!$'). c. There is a new framework for readline timeouts, including new public functions to set timeouts and query how much time is remaining before a timeout hits, and a hook function that can trigger when readline times out. There is a new state value to indicate a timeout. d. Automatically bind termcap key sequences for page-up and page-down to history-search-backward and history-search-forward, respectively. e. There is a new `fetch-history' bindable command that retrieves the history entry corresponding to its numeric argument. Negative arguments count back from the end of the history. f. `vi-undo' is now a bindable command. g. There is a new option: `enable-active-region'. This separates control of the active region and bracketed-paste. It has the same default value as bracketed-paste, and enabling bracketed paste enables the active region. Users can now turn off the active region while leaving bracketed paste enabled. h. rl_completer_word_break_characters is now `const char *' like rl_basic_word_break_characters. i. Readline looks in $LS_COLORS for a custom filename extension (*.readline-colored-completion-prefix) and uses that as the default color for the common prefix displayed when `colored-completion-prefix' is set. j. Two new bindable string variables: active-region-start-color and active-region-end-color. The first sets the color used to display the active region; the second turns it off. If set, these are used in place of terminal standout mode. k. New readline state (RL_STATE_EOF) and application-visible variable (rl_eof_found) to allow applications to detect when readline reads EOF before calling the deprep-terminal hook. l. There is a new configuration option: --with-shared-termcap-library, which forces linking the shared readline library with the shared termcap (or curses/ncurses/termlib) library so applications don't have to do it. m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate locale-specific display and key binding variables when the locale changes.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 55ee176bb380f9b0ca57d6a60e74a0efb8c6e087 Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 21 10:57:59 2022 +0000
Core Update 172: Ship bash
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 5be71d2a6efbbf1cf48aca6272d28fbf00ce8f12 Author: Adolf Belka adolf.belka@ipfire.org Date: Sat Nov 19 15:40:05 2022 +0100
bash: Update to version 5.2 plus patches 1 to 9
- Update from version 5.1.16 to version 5.2 plus patches 1 to 9 - Update of rootfile - Changelog This is a terse description of the new features added to bash-5.2 since the release of bash-5.1. As always, the manual page (doc/bash.1) is the place to look for complete descriptions. 1. New Features in Bash a. The bash malloc returns memory that is aligned on 16-byte boundaries. b. There is a new internal timer framework used for read builtin timeouts. c. Rewrote the command substitution parsing code to call the parser recursively and rebuild the command string from the parsed command. This allows better syntax checking and catches errors much earlier. Along with this, if command substitution parsing completes with here-documents remaining to be read, the shell prints a warning message and reads the here-document bodies from the current input stream. d. The `ulimit' builtin now treats an operand remaining after all of the options and arguments are parsed as an argument to the last command specified by an option. This is for POSIX compatibility. e. Here-document parsing now handles $'...' and $"..." quoting when reading the here-document body. f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline commands now understand $'...' and $"..." quoting. g. There is a new `spell-correct-word' bindable readline command to perform spelling correction on the current word. h. The `unset' builtin now attempts to treat arguments as array subscripts without parsing or expanding the subscript, even when `assoc_expand_once' is not set. i. There is a default value for $BASH_LOADABLES_PATH in config-top.h. j. Associative array assignment and certain instances of referencing (e.g., `test -v' now allow `@' and `*' to be used as keys. k. Bash attempts to expand indexed array subscripts only once when executing shell constructs and word expansions. l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with that value for associative arrays instead of unsetting the entire array (which you can still do with `unset arrayname'). For indexed arrays, it removes all elements of the array without unsetting it (like `A=()'). m. Additional builtins (printf/test/read/wait) do a better job of not parsing array subscripts if array_expand_once is set. n. New READLINE_ARGUMENT variable set to numeric argument for readline commands defined using `bind -x'. o. The new `varredir_close' shell option causes bash to automatically close file descriptors opened with {var}<fn and other styles of varassign redirection unless they're arguments to the `exec' builtin. p. The `$0' special parameter is now set to the name of the script when running any (non-interactive) startup files such as $BASH_ENV. q. The `enable' builtin tries to load a loadable builtin using the default search path if `enable name' (without any options) attempts to enable a non-existent builtin. r. The `printf' builtin has a new format specifier: %Q. This acts like %q but applies any specified precision to the original unquoted argument, then quotes and outputs the result. s. The new `noexpand_translations' option controls whether or not the translated output of $"..." is single-quoted. t. There is a new parameter transformation operator: @k. This is like @K, but expands the result to separate words after word splitting. u. There is an alternate array implementation, selectable at `configure' time, that optimizes access speed over memory use (use the new configure --enable-alt-array-implementation option). v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty string, treat the redirection as [N]<&- or [N]>&- and close file descriptor N (default 0). w. Invalid parameter transformation operators are now invalid word expansions, and so cause fatal errors in non-interactive shells. x. New shell option: patsub_replacement. When enabled, a `&' in the replacement string of the pattern substitution expansion is replaced by the portion of the string that matched the pattern. Backslash will escape the `&' and insert a literal `&'. y. `command -p' no longer looks in the hash table for the specified command. z. The new `--enable-translatable-strings' option to `configure' allows $"..." support to be compiled in or out. aa. The new `globskipdots' shell option forces pathname expansion never to return `.' or `..' unless explicitly matched. It is enabled by default. bb. Array references using `@' and `*' that are the value of nameref variables (declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if set -u is enabled and the array (v) is unset. cc. There is a new bindable readline command name: `vi-edit-and-execute-command'. dd. In posix mode, the `printf' builtin checks for the `L' length modifier and uses long double for floating point conversion specifiers if it's present, double otherwise. ee. The `globbing' completion code now takes the `globstar' option into account. ff. `suspend -f' now forces the shell to suspend even if job control is not currently enabled. gg. Since there is no `declare -' equivalent of `local -', make sure to use `local -' in the output of `local -p'.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/bash | 5 + config/rootfiles/common/libpipeline | 2 +- config/rootfiles/common/readline | 5 +- config/rootfiles/common/xz | 37 ++- .../159 => core/172}/filelists/aarch64/u-boot | 0 .../159 => core/172}/filelists/armv6l/u-boot | 0 .../{oldcore/139 => core/172}/filelists/bash | 0 .../{oldcore/162 => core/172}/filelists/libuv | 0 .../{oldcore/155 => core/172}/filelists/libxcrypt | 0 .../{oldcore/100 => core/172}/filelists/openvpn | 0 .../{oldcore/139 => core/172}/filelists/readline | 0 .../{oldcore/100 => core/172}/filelists/sed | 0 .../{oldcore/164 => core/172}/filelists/usbutils | 0 .../{oldcore/100 => core/172}/filelists/xz | 0 config/rootfiles/core/172/update.sh | 28 ++ config/rootfiles/packages/libassuan | 2 +- config/u-boot/boot.scr | Bin 2514 -> 0 bytes lfs/bash | 9 +- lfs/gdb | 1 + lfs/libassuan | 6 +- lfs/libpipeline | 4 +- lfs/libuv | 6 +- lfs/libxcrypt | 4 +- lfs/openvpn | 4 +- lfs/readline | 10 +- lfs/sed | 4 +- lfs/u-boot | 17 +- lfs/usbutils | 4 +- lfs/xz | 5 +- src/patches/bash/bash52-001 | 46 ++++ src/patches/bash/bash52-002 | 46 ++++ src/patches/bash/bash52-003 | 89 +++++++ src/patches/bash/bash52-004 | 70 +++++ src/patches/bash/bash52-005 | 47 ++++ src/patches/bash/bash52-006 | 293 +++++++++++++++++++++ src/patches/bash/bash52-007 | 262 ++++++++++++++++++ src/patches/bash/bash52-008 | 58 ++++ src/patches/bash/bash52-009 | 43 +++ src/patches/gdb-readline8.2.patch | 35 +++ src/patches/readline/readline82-001 | 42 +++ src/patches/xzgrep-ZDI-CAN-16587.patch | 94 ------- 41 files changed, 1141 insertions(+), 137 deletions(-) copy config/rootfiles/{oldcore/159 => core/172}/filelists/aarch64/u-boot (100%) copy config/rootfiles/{oldcore/159 => core/172}/filelists/armv6l/u-boot (100%) copy config/rootfiles/{oldcore/139 => core/172}/filelists/bash (100%) copy config/rootfiles/{oldcore/162 => core/172}/filelists/libuv (100%) copy config/rootfiles/{oldcore/155 => core/172}/filelists/libxcrypt (100%) copy config/rootfiles/{oldcore/100 => core/172}/filelists/openvpn (100%) copy config/rootfiles/{oldcore/139 => core/172}/filelists/readline (100%) copy config/rootfiles/{oldcore/100 => core/172}/filelists/sed (100%) copy config/rootfiles/{oldcore/164 => core/172}/filelists/usbutils (100%) copy config/rootfiles/{oldcore/100 => core/172}/filelists/xz (100%) delete mode 100644 config/u-boot/boot.scr create mode 100644 src/patches/bash/bash52-001 create mode 100644 src/patches/bash/bash52-002 create mode 100644 src/patches/bash/bash52-003 create mode 100644 src/patches/bash/bash52-004 create mode 100644 src/patches/bash/bash52-005 create mode 100644 src/patches/bash/bash52-006 create mode 100644 src/patches/bash/bash52-007 create mode 100644 src/patches/bash/bash52-008 create mode 100644 src/patches/bash/bash52-009 create mode 100644 src/patches/gdb-readline8.2.patch create mode 100644 src/patches/readline/readline82-001 delete mode 100644 src/patches/xzgrep-ZDI-CAN-16587.patch
Difference in files: diff --git a/config/rootfiles/common/bash b/config/rootfiles/common/bash index c28d3571a..f348b5366 100644 --- a/config/rootfiles/common/bash +++ b/config/rootfiles/common/bash @@ -21,6 +21,7 @@ #usr/include/bash/conftypes.h #usr/include/bash/dispose_cmd.h #usr/include/bash/error.h +#usr/include/bash/execute_cmd.h #usr/include/bash/externs.h #usr/include/bash/general.h #usr/include/bash/hashlib.h @@ -62,13 +63,16 @@ #usr/include/bash/y.tab.h #usr/lib/bash usr/lib/bash/Makefile.inc +usr/lib/bash/Makefile.sample usr/lib/bash/accept usr/lib/bash/basename usr/lib/bash/csv usr/lib/bash/cut usr/lib/bash/dirname +usr/lib/bash/dsv usr/lib/bash/fdflags usr/lib/bash/finfo +usr/lib/bash/getconf usr/lib/bash/head usr/lib/bash/id usr/lib/bash/ln @@ -88,6 +92,7 @@ usr/lib/bash/rmdir usr/lib/bash/seq usr/lib/bash/setpgid usr/lib/bash/sleep +usr/lib/bash/stat usr/lib/bash/strftime usr/lib/bash/sync usr/lib/bash/tee diff --git a/config/rootfiles/common/libpipeline b/config/rootfiles/common/libpipeline index 703d33e65..b706294aa 100644 --- a/config/rootfiles/common/libpipeline +++ b/config/rootfiles/common/libpipeline @@ -2,7 +2,7 @@ #usr/lib/libpipeline.la #usr/lib/libpipeline.so #usr/lib/libpipeline.so.1 -#usr/lib/libpipeline.so.1.5.6 +#usr/lib/libpipeline.so.1.5.7 #usr/lib/pkgconfig/libpipeline.pc #usr/share/man/man3/libpipeline.3 #usr/share/man/man3/pipecmd_arg.3 diff --git a/config/rootfiles/common/readline b/config/rootfiles/common/readline index 31eab5298..834a7046f 100644 --- a/config/rootfiles/common/readline +++ b/config/rootfiles/common/readline @@ -9,10 +9,11 @@ #usr/include/readline/tilde.h #usr/lib/libhistory.so usr/lib/libhistory.so.8 -usr/lib/libhistory.so.8.1 +usr/lib/libhistory.so.8.2 #usr/lib/libreadline.so usr/lib/libreadline.so.8 -usr/lib/libreadline.so.8.1 +usr/lib/libreadline.so.8.2 +#usr/lib/pkgconfig/history.pc #usr/lib/pkgconfig/readline.pc #usr/share/doc/readline #usr/share/doc/readline/CHANGES diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index c7bd0b302..d2f1d44cc 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,7 +41,7 @@ usr/bin/xzmore #usr/lib/liblzma.la usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.2.5 +usr/lib/liblzma.so.5.2.8 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS @@ -65,15 +65,26 @@ usr/lib/liblzma.so.5.2.5 #usr/share/doc/xz/history.txt #usr/share/doc/xz/lzma-file-format.txt #usr/share/doc/xz/xz-file-format.txt +#usr/share/locale/ca/LC_MESSAGES/xz.mo #usr/share/locale/cs/LC_MESSAGES/xz.mo #usr/share/locale/da/LC_MESSAGES/xz.mo #usr/share/locale/de/LC_MESSAGES/xz.mo +#usr/share/locale/eo/LC_MESSAGES/xz.mo +#usr/share/locale/es/LC_MESSAGES/xz.mo #usr/share/locale/fi/LC_MESSAGES/xz.mo #usr/share/locale/fr/LC_MESSAGES/xz.mo +#usr/share/locale/hr/LC_MESSAGES/xz.mo #usr/share/locale/hu/LC_MESSAGES/xz.mo #usr/share/locale/it/LC_MESSAGES/xz.mo +#usr/share/locale/ko/LC_MESSAGES/xz.mo #usr/share/locale/pl/LC_MESSAGES/xz.mo +#usr/share/locale/pt/LC_MESSAGES/xz.mo #usr/share/locale/pt_BR/LC_MESSAGES/xz.mo +#usr/share/locale/ro/LC_MESSAGES/xz.mo +#usr/share/locale/sr/LC_MESSAGES/xz.mo +#usr/share/locale/sv/LC_MESSAGES/xz.mo +#usr/share/locale/tr/LC_MESSAGES/xz.mo +#usr/share/locale/uk/LC_MESSAGES/xz.mo #usr/share/locale/vi/LC_MESSAGES/xz.mo #usr/share/locale/zh_CN/LC_MESSAGES/xz.mo #usr/share/locale/zh_TW/LC_MESSAGES/xz.mo @@ -82,9 +93,6 @@ usr/lib/liblzma.so.5.2.5 #usr/share/man/de/man1/lzcat.1 #usr/share/man/de/man1/lzcmp.1 #usr/share/man/de/man1/lzdiff.1 -#usr/share/man/de/man1/lzegrep.1 -#usr/share/man/de/man1/lzfgrep.1 -#usr/share/man/de/man1/lzgrep.1 #usr/share/man/de/man1/lzless.1 #usr/share/man/de/man1/lzma.1 #usr/share/man/de/man1/lzmadec.1 @@ -96,11 +104,26 @@ usr/lib/liblzma.so.5.2.5 #usr/share/man/de/man1/xzcmp.1 #usr/share/man/de/man1/xzdec.1 #usr/share/man/de/man1/xzdiff.1 -#usr/share/man/de/man1/xzegrep.1 -#usr/share/man/de/man1/xzfgrep.1 -#usr/share/man/de/man1/xzgrep.1 #usr/share/man/de/man1/xzless.1 #usr/share/man/de/man1/xzmore.1 +#usr/share/man/fr +#usr/share/man/fr/man1 +#usr/share/man/fr/man1/lzcat.1 +#usr/share/man/fr/man1/lzcmp.1 +#usr/share/man/fr/man1/lzdiff.1 +#usr/share/man/fr/man1/lzless.1 +#usr/share/man/fr/man1/lzma.1 +#usr/share/man/fr/man1/lzmadec.1 +#usr/share/man/fr/man1/lzmore.1 +#usr/share/man/fr/man1/unlzma.1 +#usr/share/man/fr/man1/unxz.1 +#usr/share/man/fr/man1/xz.1 +#usr/share/man/fr/man1/xzcat.1 +#usr/share/man/fr/man1/xzcmp.1 +#usr/share/man/fr/man1/xzdec.1 +#usr/share/man/fr/man1/xzdiff.1 +#usr/share/man/fr/man1/xzless.1 +#usr/share/man/fr/man1/xzmore.1 #usr/share/man/man1/lzcat.1 #usr/share/man/man1/lzcmp.1 #usr/share/man/man1/lzdiff.1 diff --git a/config/rootfiles/core/172/filelists/aarch64/u-boot b/config/rootfiles/core/172/filelists/aarch64/u-boot new file mode 120000 index 000000000..2a16bdbfe --- /dev/null +++ b/config/rootfiles/core/172/filelists/aarch64/u-boot @@ -0,0 +1 @@ +../../../../common/aarch64/u-boot \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/armv6l/u-boot b/config/rootfiles/core/172/filelists/armv6l/u-boot new file mode 120000 index 000000000..e88d95fac --- /dev/null +++ b/config/rootfiles/core/172/filelists/armv6l/u-boot @@ -0,0 +1 @@ +../../../../common/armv6l/u-boot \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/bash b/config/rootfiles/core/172/filelists/bash new file mode 120000 index 000000000..de970cb1d --- /dev/null +++ b/config/rootfiles/core/172/filelists/bash @@ -0,0 +1 @@ +../../../common/bash \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/libuv b/config/rootfiles/core/172/filelists/libuv new file mode 120000 index 000000000..c74f52510 --- /dev/null +++ b/config/rootfiles/core/172/filelists/libuv @@ -0,0 +1 @@ +../../../common/libuv \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/libxcrypt b/config/rootfiles/core/172/filelists/libxcrypt new file mode 120000 index 000000000..ad93616b5 --- /dev/null +++ b/config/rootfiles/core/172/filelists/libxcrypt @@ -0,0 +1 @@ +../../../common/libxcrypt \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/openvpn b/config/rootfiles/core/172/filelists/openvpn new file mode 120000 index 000000000..493f3f7a4 --- /dev/null +++ b/config/rootfiles/core/172/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/readline b/config/rootfiles/core/172/filelists/readline new file mode 120000 index 000000000..84209f189 --- /dev/null +++ b/config/rootfiles/core/172/filelists/readline @@ -0,0 +1 @@ +../../../common/readline \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/sed b/config/rootfiles/core/172/filelists/sed new file mode 120000 index 000000000..fc5f5c6d6 --- /dev/null +++ b/config/rootfiles/core/172/filelists/sed @@ -0,0 +1 @@ +../../../common/sed \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/usbutils b/config/rootfiles/core/172/filelists/usbutils new file mode 120000 index 000000000..31db5a7ac --- /dev/null +++ b/config/rootfiles/core/172/filelists/usbutils @@ -0,0 +1 @@ +../../../common/usbutils \ No newline at end of file diff --git a/config/rootfiles/core/172/filelists/xz b/config/rootfiles/core/172/filelists/xz new file mode 120000 index 000000000..734e926c7 --- /dev/null +++ b/config/rootfiles/core/172/filelists/xz @@ -0,0 +1 @@ +../../../common/xz \ No newline at end of file diff --git a/config/rootfiles/core/172/update.sh b/config/rootfiles/core/172/update.sh index 20fa4c900..cc31851ab 100644 --- a/config/rootfiles/core/172/update.sh +++ b/config/rootfiles/core/172/update.sh @@ -38,6 +38,13 @@ done /etc/rc.d/init.d/sshd stop /etc/rc.d/init.d/unbound stop
+KVER="xxxKVERxxx" + +# Backup uEnv.txt if exist +if [ -e /boot/uEnv.txt ]; then + cp -vf /boot/uEnv.txt /boot/uEnv.txt.org +fi + # Remove files rm -rvf \ /etc/strongswan.d/scepclient.conf \ @@ -62,12 +69,15 @@ rm -rvf \ /usr/lib/libbind9-9.16.33.so \ /usr/lib/libdns-9.16.33.so \ /usr/lib/libexpat.so.1.8.9 \ + /usr/lib/libhistory.so.8.1 \ /usr/lib/libirs-9.16.33.so \ /usr/lib/libisc-9.16.33.so \ /usr/lib/libisccc-9.16.33.so \ /usr/lib/libisccfg-9.16.33.so \ + /usr/lib/liblzma.so.5.2.5 \ /usr/lib/libnetfilter_conntrack.so.3.7.0 \ /usr/lib/libns-9.16.33.so \ + /usr/lib/libreadline.so.8.1 \ /usr/lib/libunbound.so.8.1.1* \ /usr/lib/libxml2.so.2.9.* \ /usr/lib/python3.10/ensurepip/_bundled/pip-21* \ @@ -151,6 +161,24 @@ if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then /etc/init.d/ipsec start fi
+# Regenerate all initrds +dracut --regenerate-all --force +case "$(uname -m)" in + armv*) + mkimage -A arm -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire + rm /boot/initramfs-${KVER}-ipfire.img + ;; + aarch64) + mkimage -A arm64 -T ramdisk -C lzma -d /boot/initramfs-${KVER}-ipfire.img /boot/uInit-${KVER}-ipfire + # dont remove initramfs because grub need this to boot. + ;; +esac + +# Call user update script (needed for some ARM boards) +if [ -e /boot/pakfire-kernel-update ]; then + /boot/pakfire-kernel-update ${KVER} +fi + # This update needs a reboot... touch /var/run/need_reboot
diff --git a/config/rootfiles/packages/libassuan b/config/rootfiles/packages/libassuan index c1bb31883..fd57c7dd6 100644 --- a/config/rootfiles/packages/libassuan +++ b/config/rootfiles/packages/libassuan @@ -3,7 +3,7 @@ usr/bin/libassuan-config #usr/lib/libassuan.la usr/lib/libassuan.so usr/lib/libassuan.so.0 -usr/lib/libassuan.so.0.8.4 +usr/lib/libassuan.so.0.8.5 #usr/lib/pkgconfig/libassuan.pc #usr/share/aclocal/libassuan.m4 #usr/share/info/assuan.info diff --git a/config/u-boot/boot.scr b/config/u-boot/boot.scr deleted file mode 100644 index 875e09dc2..000000000 Binary files a/config/u-boot/boot.scr and /dev/null differ diff --git a/lfs/bash b/lfs/bash index ec8939aed..14b20b986 100644 --- a/lfs/bash +++ b/lfs/bash @@ -24,7 +24,7 @@
include Config
-VER = 5.1.16 +VER = 5.2
THISAPP = bash-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -53,7 +53,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 0bc53b24d9b95cd85e45196510104acf6ac6c980f68aedcc83c8409ce6a4682e92736a9cbe089ed92d74590e28918d0bee0e67c8e0f994bd37e45fad83f5b48e +$(DL_FILE)_BLAKE2 = 51b196e710794ebad8eac28c31c93eb99ac1a7db30919a13271e39e1cb66a0672f242df75fc7d71627ea873dfbce53ec35c0c56a71c5167143070a7811343fd9
install : $(TARGET)
@@ -90,6 +90,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash/bash-4.0-paths-1.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash/bash-4.0-profile-1.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/bash/bash-3.2-ssh_source_bash.patch + + for i in $$(seq 1 9); do \ + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/bash/bash52-$$(printf "%03d" "$${i}") || exit 1; \ + done +
cd $(DIR_APP) && ./configure --prefix=$(PREFIX) $(CONFIGURE_OPTIONS) cd $(DIR_APP) && make $(MAKETUNING) diff --git a/lfs/gdb b/lfs/gdb index f36e52c8c..bd5a57f29 100644 --- a/lfs/gdb +++ b/lfs/gdb @@ -70,6 +70,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/gdb-readline8.2.patch cd $(DIR_APP) && mkdir -pv build cd $(DIR_APP)/build && \ ../configure \ diff --git a/lfs/libassuan b/lfs/libassuan index d8b6b97f0..4b59508ab 100644 --- a/lfs/libassuan +++ b/lfs/libassuan @@ -26,7 +26,7 @@ include Config
SUMMARY = IPC library used by GnuPG version 2
-VER = 2.5.4 +VER = 2.5.5
THISAPP = libassuan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libassuan -PAK_VER = 6 +PAK_VER = 7
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2eec42c47840741a4726fc35c3ed04300e5fbcd37f808b121534aeaa04d0d0f609a30ad48cfbe33a81ee4b2ebbb822b9a48a5c602268f1b802bf5d7d19d72e9c +$(DL_FILE)_BLAKE2 = 24952e97c757b97c387ab4c2c4bf7b040f2874e9326c129805c7f5326fa14d80e083b0842e336a635531a2c8d4a66d428c816bae6b175f1c4518add1ffa3554d
install : $(TARGET)
diff --git a/lfs/libpipeline b/lfs/libpipeline index 66b72d07d..ece978708 100644 --- a/lfs/libpipeline +++ b/lfs/libpipeline @@ -24,7 +24,7 @@
include Config
-VER = 1.5.6 +VER = 1.5.7
THISAPP = libpipeline-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 813009e37ddb9a63da57e11ce71040646449b10140f5dd42cca02d280a3adb2173207af857ebca24777fdc8d30e426c41ad51f356f285decfe007b5829d9730f +$(DL_FILE)_BLAKE2 = b8f9ff6886f8df12e3fefbfaa0cbcb1e07d7baaa8a1dfcf4bc01c17c6632b8c6a40e55395f1e4870ca391eefb1535ebbc3931fcdee51cf5f4293741e437a2f25
install : $(TARGET)
diff --git a/lfs/libuv b/lfs/libuv index 0da6e8c29..95a30cc96 100644 --- a/lfs/libuv +++ b/lfs/libuv @@ -25,9 +25,9 @@
include Config
-VER = 1.42.0 +VER = 1.44.2
-THISAPP = libuv-v$(VER) +THISAPP = libuv-$(VER) DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 4b282aeb234aa0dbf44b45ef160fcd773b62f3e5090699bff0e1edf208be79831dff382b495fde670370673b13c8e0c3a053f8c8afcf1430db37c30970e337c7 +$(DL_FILE)_BLAKE2 = 883a1fbffcd8f55bf28ea5a79ed18aa3e2f2fac126285e8aca2ef9370eafc62f69f95ddb8bf27d4159e038bfb0a01abafdf0dadbc4309e5d31f0e77057ee84ac
install : $(TARGET)
diff --git a/lfs/libxcrypt b/lfs/libxcrypt index 56a27f33e..bdb6818eb 100644 --- a/lfs/libxcrypt +++ b/lfs/libxcrypt @@ -24,7 +24,7 @@
include Config
-VER = 4.4.28 +VER = 4.4.33
THISAPP = libxcrypt-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = cf40994c461bb0161b1fd585cbc3881d98cbe3d494cfaa33f89c4e1cedcd593f5b603b58309dadbaa7cd436bfabe74b0d2d9a8fafd3a2212f5ef5b18e6f67161 +$(DL_FILE)_BLAKE2 = 9cd2a2df4e2399d9084a5e03cb9be45e70c0213e1f143d423b5043f8f331320c79e6b8efa7ff33d401bce41a32574c6d6866096b70bf14ed715416c638f43a21
install : $(TARGET)
diff --git a/lfs/openvpn b/lfs/openvpn index 0483ac311..db2246206 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -24,7 +24,7 @@
include Config
-VER = 2.5.7 +VER = 2.5.8
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f5db74445d080f191b09a4ff5512712973fa6c3a6662479e11d2398e5e01c45eba5d50faa3301c715066dd0eb2f7d8702ceefc68d9edb1af264ec699710f8e5c +$(DL_FILE)_BLAKE2 = d029f6facd94a82aa28765cab340130dd4e5a4ffc2e0ccf3bf4888aee52d337126c21fdd7304dbaad5fe67d0a1f8d44e5a3c44801dcfa935aef200675ac5167f
install : $(TARGET)
diff --git a/lfs/readline b/lfs/readline index b899d6ebb..ef083a60c 100644 --- a/lfs/readline +++ b/lfs/readline @@ -24,7 +24,7 @@
include Config
-VER = 8.1 +VER = 8.2
THISAPP = readline-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f0feca1ea3517b2b613adacac8c997cce0e86aa2f410c82a40ce1a2e128067112b4c68dbf25b808291c28c47583345abac994ce10b8d117958afcb96ee5e7c69 +$(DL_FILE)_BLAKE2 = 7974322b9c092a756a79e537df08e8532f8e0fcb598f77732e28287c33ebec9e9837ed88b43334c310892d56a871b423903f0f564def2fbe700a1004f2ae7b18
install : $(TARGET)
@@ -71,9 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-# for i in $$(seq 1 1); do \ -# cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/readline/readline81-$$(printf "%03d" "$${i}") || exit 1; \ -# done + for i in $$(seq 1 1); do \ + cd $(DIR_APP) && patch -Np0 < $(DIR_SRC)/src/patches/readline/readline82-$$(printf "%03d" "$${i}") || exit 1; \ + done
cd $(DIR_APP) && ./configure --prefix=/usr --disable-static cd $(DIR_APP) && make $(MAKETUNING) SHLIB_LIBS=-lncurses diff --git a/lfs/sed b/lfs/sed index 157be07cd..89ca4f250 100644 --- a/lfs/sed +++ b/lfs/sed @@ -24,7 +24,7 @@
include Config
-VER = 4.8 +VER = 4.9
THISAPP = sed-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -53,7 +53,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 62f6b6500cc9a20a35cafc2b09b12bb7da67fa0afb0b1b26153babc0023424b3126f44d29eba14c25fc4490996c90738b191c9440c66da6c120bbb9bc6f6df65 +$(DL_FILE)_BLAKE2 = 6c7c7dc782b87c3bd0b5e826ba46c2f1dc7bd8c1159945fcf14b394711742964628774cf9f27d844b672721d7849e6c31992d82fafb9ed4118b7feb60406d1e1
install : $(TARGET)
diff --git a/lfs/u-boot b/lfs/u-boot index 3488204ee..e5a48ef91 100644 --- a/lfs/u-boot +++ b/lfs/u-boot @@ -24,7 +24,7 @@
include Config
-VER = 2021.07 +VER = 2022.10
THISAPP = u-boot-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -36,7 +36,7 @@ SUP_ARCH = armv6l aarch64 CFLAGS := $(patsubst -fstack-protector-strong,,$(CFLAGS)) LDFLAGS += --no-warn-rwx-segments
-ATF_VER = 2.6 +ATF_VER = 2.7
############################################################################### # Top-level Rules @@ -48,9 +48,9 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) arm-trusted-firmware-$(ATF_VER).tar.gz = $(DL_FROM)/arm-trusted-firmware-$(ATF_VER).tar.gz arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz = $(DL_FROM)/arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz
-$(DL_FILE)_BLAKE2 = 1a209a604e0f30264781a14ca855bbb777e8f1c031de60d28de397084fc9bfc4a3771ad00ec22f5cdcfa721f22707a533b9b59004ac0b107df927f23dc5ab0a6 -arm-trusted-firmware-$(ATF_VER).tar.gz_BLAKE2 = 1d0caff9ea6d97276d1377483e3f81901c935f9af784b7a735636c75b00106935a7e301c21ecec7b9fd9a97dcf873ac1b12169bf7211dae3d975b78d379eba74 -arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz_BLAKE2 = bc5245c1af911eb8ce8def743339102bb46d6aa854fbe916584775479dc97c9a9176c1d1615afc7ede496c7ca9da78db52d9c2eaf1290a4d06e53dbb1933e658 +$(DL_FILE)_BLAKE2 = 42aa7a6f131735888939982e579de4342e3909e064ab896b0df6f1ff56c20ed6cb11d25286da7c052a5f67dcef6fa7a746944d8df6dd504586f5a71502d157e1 +arm-trusted-firmware-$(ATF_VER).tar.gz_BLAKE2 = 4fc4d5646e272200d40081902e17f0be32956f451622f011a0d568c8cf26e15ab165fe16a69cf222241f7ba1d443add562d6d382277eb4fb2b49c3918cabdbad +arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz_BLAKE2 = 04424a7dcda0771f469c8e918a24aed75017c1a28c1b8c2c794e3ce31afbc01e7906ccab6faf1459d69a5ec1ef4fdde2bab1011b883980efeae7372013f2570e
install : $(TARGET)
@@ -213,7 +213,7 @@ else cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" Nanopi R2S - IPFire.org"!' .config cd $(DIR_APP) && sed -i -e 's!^CONFIG_BOOTCOMMAND=.*!CONFIG_BOOTCOMMAND="console=ttyS2,115200n8;run distro_bootcmd"!' .config cd $(DIR_APP) && sed -i -e 's!^CONFIG_BAUDRATE=.*!CONFIG_BAUDRATE=115200!' .config - cd $(DIR_APP) && sed -i -e 's!.*CONFIG_MISC_INIT_R.*!# CONFIG_MISC_INIT_R is not set!' .config + cd $(DIR_APP) && sed -i -e 's!.*CONFIG_ENV_OVERWRITE.*!CONFIG_ENV_OVERWRITE=y!' .config cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)" cd $(DIR_APP) && install -v -m 644 u-boot-rockchip.bin \ /usr/share/u-boot/nanopi_r2s/u-boot-rockchip.bin @@ -221,12 +221,14 @@ else
# Nanopi R4S # arm trusted firmware for rk3399 cannot build without cortex m0 gcc crosscompiler + # it is build on ubuntu with make PLAT=rk3399 ARCH=aarch64 DEBUG=0 bl31 cd $(DIR_APP) && tar axf $(DIR_DL)/arm-trusted-firmware-$(ATF_VER)-rk3399-binary.tar.xz -mkdir -pv /usr/share/u-boot/nanopi_r4s cd $(DIR_APP) && make CROSS_COMPILE="" nanopi-r4s-rk3399_config cd $(DIR_APP) && sed -i -e 's!^CONFIG_IDENT_STRING=.*!CONFIG_IDENT_STRING=" Nanopi R4S - IPFire.org"!' .config cd $(DIR_APP) && sed -i -e 's!^CONFIG_BOOTCOMMAND=.*!CONFIG_BOOTCOMMAND="console=ttyS2,115200n8;run distro_bootcmd"!' .config cd $(DIR_APP) && sed -i -e 's!^CONFIG_BAUDRATE=.*!CONFIG_BAUDRATE=115200!' .config + cd $(DIR_APP) && sed -i -e 's!.*CONFIG_ENV_OVERWRITE.*!CONFIG_ENV_OVERWRITE=y!' .config cd $(DIR_APP) && make CROSS_COMPILE="" HOSTCC="gcc $(CFLAGS)" cd $(DIR_APP) && install -v -m 644 u-boot-rockchip.bin \ /usr/share/u-boot/nanopi_r4s/u-boot-rockchip.bin @@ -238,6 +240,9 @@ endif
# config (uEnv.txt and boot.*) cp -vf $(DIR_SRC)/config/u-boot/* /boot/ + # create signed binary boot script (boot.scr) + mkimage -C none -A arm -T script -d /boot/boot.cmd /boot/boot.scr + # patch real Kernel version to uEnv.txt sed -e "s/xxxKVERxxx/$(KVER)/g" -i /boot/uEnv.txt
diff --git a/lfs/usbutils b/lfs/usbutils index e2d2e92a6..922bb0e14 100644 --- a/lfs/usbutils +++ b/lfs/usbutils @@ -24,7 +24,7 @@
include Config
-VER = 014 +VER = 015
THISAPP = usbutils-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8defadf7aa05dedb5af52a08ee8b5c152529c35e32514360326c9bc45860c8a1d10b5688cc40ddc2218824b7a776ed8590182cee2c54504d4fbd94512ce80259 +$(DL_FILE)_BLAKE2 = 6056947e3df829e988b9429827c69234a90b7ad1be666d54566211bc6c8e09e74372543059827a39cab2badd1df71deff1147503bef3850a38bffefe3b2ae0e2
install : $(TARGET)
diff --git a/lfs/xz b/lfs/xz index 9345df954..83a724e1a 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@
include Config
-VER = 5.2.5 +VER = 5.2.8
THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 9b9b58e33722ecfe799bb50f3ffe4e86386f734ab4468eb54ff92771ddf899302d1ffa4d88bdb0de351fc3eab8a6ea103f00d7e79f33db879fe22b2e1a7e62db +$(DL_FILE)_BLAKE2 = 44d1ddd783b2527f3b17481fc277b671808eb5639c10d31bfaca9fd29ac4413628654ecb9e207955a9477c83eb30f61cf5607cd9a49dd71732707731e4444ace
install : $(TARGET)
@@ -75,7 +75,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/xzgrep-ZDI-CAN-16587.patch cd $(DIR_APP) && ./configure --prefix=$(PREFIX) cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/src/patches/bash/bash52-001 b/src/patches/bash/bash52-001 new file mode 100644 index 000000000..83776ec76 --- /dev/null +++ b/src/patches/bash/bash52-001 @@ -0,0 +1,46 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-001 + +Bug-Reported-by: Emanuele Torre torreemanuele6@gmail.com +Bug-Reference-ID: CAA7hNqeR1eSdiGK8mjQSqJPo815JYoG-Ekz-5PrAJTEYy2e6hg@mail.gmail.com +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-09/msg00060.html + +Bug-Description: + +Expanding unset arrays in an arithmetic context can cause a segmentation fault. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2/subst.c 2022-08-31 17:36:46.000000000 -0400 +--- subst.c 2022-09-30 09:12:05.000000000 -0400 +*************** +*** 10858,10862 **** + t = expand_subscript_string (exp, quoted & ~(Q_ARITH|Q_DOUBLE_QUOTES)); + free (exp); +! exp = sh_backslash_quote (t, abstab, 0); + free (t); + +--- 10858,10862 ---- + t = expand_subscript_string (exp, quoted & ~(Q_ARITH|Q_DOUBLE_QUOTES)); + free (exp); +! exp = t ? sh_backslash_quote (t, abstab, 0) : savestring (""); + free (t); + +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 0 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 1 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-002 b/src/patches/bash/bash52-002 new file mode 100644 index 000000000..18229c996 --- /dev/null +++ b/src/patches/bash/bash52-002 @@ -0,0 +1,46 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-002 + +Bug-Reported-by: Kan-Ru Chen koster@debian.org +Bug-Reference-ID: +Bug-Reference-URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021109 + +Bug-Description: + +Starting bash with an invalid locale specification for LC_ALL/LANG/LC_CTYPE +can cause the shell to crash. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/lib/readline/nls.c 2022-08-15 09:38:51.000000000 -0400 +--- lib/readline/nls.c 2022-10-05 09:23:22.000000000 -0400 +*************** +*** 142,145 **** +--- 142,149 ---- + lspec = ""; + ret = setlocale (LC_CTYPE, lspec); /* ok, since it does not change locale */ ++ if (ret == 0 || *ret == 0) ++ ret = setlocale (LC_CTYPE, (char *)NULL); ++ if (ret == 0 || *ret == 0) ++ ret = RL_DEFAULT_LOCALE; + #else + ret = (lspec == 0 || *lspec == 0) ? RL_DEFAULT_LOCALE : lspec; + +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 1 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 2 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-003 b/src/patches/bash/bash52-003 new file mode 100644 index 000000000..b2dc4cbcc --- /dev/null +++ b/src/patches/bash/bash52-003 @@ -0,0 +1,89 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-003 + +Bug-Reported-by: D630 d630@posteo.net +Bug-Reference-ID: cf8523d58ac75b9ffba9519faa175618@posteo.de +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00092.html + +Bug-Description: + +Command substitutions need to preserve newlines instead of replacing them +with semicolons, especially in the presence of multiple here-documents. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/print_cmd.c 2022-07-26 09:16:39.000000000 -0400 +--- print_cmd.c 2022-10-17 10:41:06.000000000 -0400 +*************** +*** 298,305 **** +--- 298,307 ---- + { + char c = command->value.Connection->connector; ++ int was_newline; + + s[0] = printing_comsub ? c : ';'; + s[1] = '\0'; + ++ was_newline = deferred_heredocs == 0 && was_heredoc == 0 && c == '\n'; + if (deferred_heredocs == 0) + { +*************** +*** 315,318 **** +--- 317,322 ---- + if (inside_function_def) + cprintf ("\n"); ++ else if (printing_comsub && c == '\n' && was_newline == 0) ++ cprintf ("\n"); /* preserve newlines in comsubs but don't double them */ + else + { +*************** +*** 1366,1370 **** + } + else +! newline ("}"); + + dispose_command (cmdcopy); +--- 1371,1379 ---- + } + else +! { +! /* { */ +! newline ("}"); +! was_heredoc = 0; /* not printing any here-documents now */ +! } + + dispose_command (cmdcopy); +*************** +*** 1443,1447 **** + } + else +! newline ("}"); + + result = the_printed_command; +--- 1452,1459 ---- + } + else +! { /* { */ +! newline ("}"); +! was_heredoc = 0; +! } + + result = the_printed_command; +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 2 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 3 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-004 b/src/patches/bash/bash52-004 new file mode 100644 index 000000000..d0834c19c --- /dev/null +++ b/src/patches/bash/bash52-004 @@ -0,0 +1,70 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-004 + +Bug-Reported-by: Antoine bug-bash@glitchimini.net +Bug-Reference-ID: 8bd59753-05ff-9b09-2337-2c7f52ded650@glitchimini.net +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00022.html + +Bug-Description: + +Bash needs to keep better track of nested brace expansions to avoid problems +with quoting and POSIX semantics. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/subst.c 2022-10-05 10:22:02.000000000 -0400 +--- subst.c 2022-10-06 15:19:08.000000000 -0400 +*************** +*** 1799,1802 **** +--- 1804,1810 ---- + } + ++ #define PARAMEXPNEST_MAX 32 // for now ++ static int dbstate[PARAMEXPNEST_MAX]; ++ + /* Extract a parameter expansion expression within ${ and } from STRING. + Obey the Posix.2 rules for finding the ending `}': count braces while +*************** +*** 1829,1832 **** +--- 1837,1842 ---- + return (extract_heredoc_dolbrace_string (string, sindex, quoted, flags)); + ++ dbstate[0] = dolbrace_state; ++ + pass_character = 0; + nesting_level = 1; +*************** +*** 1853,1856 **** +--- 1863,1868 ---- + if (string[i] == '$' && string[i+1] == LBRACE) + { ++ if (nesting_level < PARAMEXPNEST_MAX) ++ dbstate[nesting_level] = dolbrace_state; + nesting_level++; + i += 2; +*************** +*** 1865,1868 **** +--- 1877,1881 ---- + if (nesting_level == 0) + break; ++ dolbrace_state = (nesting_level < PARAMEXPNEST_MAX) ? dbstate[nesting_level] : dbstate[0]; /* Guess using initial state */ + i++; + continue; +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 3 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 4 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-005 b/src/patches/bash/bash52-005 new file mode 100644 index 000000000..3f6a85215 --- /dev/null +++ b/src/patches/bash/bash52-005 @@ -0,0 +1,47 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-005 + +Bug-Reported-by: Justin Wood (Callek) callek@gmail.com +Bug-Reference-ID: CANBDKY9fp2yiXONP7RY4kNuRteuovUebxSJaqePHeu7cyaFS9Q@mail.gmail.com +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00088.html + +Bug-Description: + +Null pattern substitution replacement strings can cause a crash. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/subst.c 2022-10-05 10:22:02.000000000 -0400 +--- subst.c 2022-10-13 16:57:26.000000000 -0400 +*************** +*** 8966,8970 **** + } + else if (*string == 0 && (match_pattern (string, pat, mtype, &s, &e) != 0)) +! return ((mflags & MATCH_EXPREP) ? strcreplace (rep, '&', "", 2) : savestring (rep)); + + ret = (char *)xmalloc (rsize = 64); +--- 8966,8971 ---- + } + else if (*string == 0 && (match_pattern (string, pat, mtype, &s, &e) != 0)) +! return (mflags & MATCH_EXPREP) ? strcreplace (rep, '&', "", 2) +! : (rep ? savestring (rep) : savestring ("")); + + ret = (char *)xmalloc (rsize = 64); +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 4 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 5 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-006 b/src/patches/bash/bash52-006 new file mode 100644 index 000000000..851cfd7b6 --- /dev/null +++ b/src/patches/bash/bash52-006 @@ -0,0 +1,293 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-006 + +Bug-Reported-by: feng xiangjun fengxj325@gmail.com +Bug-Reference-ID: CAHH2t87LrCmO=gdyWOmGn5WJt7EucL+iOXzrry34OETe50S6uA@mail.gmail.com +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00089.html + +Bug-Description: + +In interactive shells, interrupting the shell while entering a command +substitution can inhibit alias expansion. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/parse.y 2022-10-08 13:10:06.000000000 -0400 +--- parse.y 2022-10-14 10:03:19.000000000 -0400 +*************** +*** 3307,3310 **** +--- 3307,3312 ---- + extended_glob = global_extglob; + #endif ++ if (parser_state & (PST_CMDSUBST|PST_STRING)) ++ expand_aliases = expaliases_flag; + + parser_state = 0; +*************** +*** 4389,4392 **** +--- 4391,4395 ---- + parser_state |= PST_NOERROR; + ++ parser_state |= PST_STRING; + expand_aliases = 0; + +*************** +*** 6402,6406 **** + parser_state &= ~PST_NOEXPAND; /* parse_comsub sentinel */ + /* State flags we want to set for this run through the tokenizer. */ +! parser_state |= PST_COMPASSIGN|PST_REPARSE; + } + +--- 6405,6409 ---- + parser_state &= ~PST_NOEXPAND; /* parse_comsub sentinel */ + /* State flags we want to set for this run through the tokenizer. */ +! parser_state |= PST_COMPASSIGN|PST_REPARSE|PST_STRING; + } + +*** ../bash-20221007/parser.h 2022-08-30 11:39:56.000000000 -0400 +--- parser.h 2022-10-14 09:56:18.000000000 -0400 +*************** +*** 51,54 **** +--- 51,55 ---- + #define PST_NOEXPAND 0x400000 /* don't expand anything in read_token_word; for command substitution */ + #define PST_NOERROR 0x800000 /* don't print error messages in yyerror */ ++ #define PST_STRING 0x1000000 /* parsing a string to a command or word list */ + + /* Definition of the delimiter stack. Needed by parse.y and bashhist.c. */ +*** ../bash-20221007/builtins/shopt.def 2022-10-07 10:25:55.000000000 -0400 +--- builtins/shopt.def 2022-10-14 09:30:11.000000000 -0400 +*************** +*** 150,153 **** +--- 150,156 ---- + #endif + ++ int expaliases_flag = 0; ++ static int shopt_set_expaliases PARAMS((char *, int)); ++ + static int shopt_set_debug_mode PARAMS((char *, int)); + +*************** +*** 199,203 **** + { "dotglob", &glob_dot_filenames, (shopt_set_func_t *)NULL }, + { "execfail", &no_exit_on_failed_exec, (shopt_set_func_t *)NULL }, +! { "expand_aliases", &expand_aliases, (shopt_set_func_t *)NULL }, + #if defined (DEBUGGER) + { "extdebug", &debugging_mode, shopt_set_debug_mode }, +--- 202,206 ---- + { "dotglob", &glob_dot_filenames, (shopt_set_func_t *)NULL }, + { "execfail", &no_exit_on_failed_exec, (shopt_set_func_t *)NULL }, +! { "expand_aliases", &expaliases_flag, shopt_set_expaliases }, + #if defined (DEBUGGER) + { "extdebug", &debugging_mode, shopt_set_debug_mode }, +*************** +*** 351,355 **** + allow_null_glob_expansion = glob_dot_filenames = 0; + no_exit_on_failed_exec = 0; +! expand_aliases = 0; + extended_quote = 1; + fail_glob_expansion = 0; +--- 354,358 ---- + allow_null_glob_expansion = glob_dot_filenames = 0; + no_exit_on_failed_exec = 0; +! expand_aliases = expaliases_flag = 0; + extended_quote = 1; + fail_glob_expansion = 0; +*************** +*** 632,635 **** +--- 635,647 ---- + } + ++ static int ++ shopt_set_expaliases (option_name, mode) ++ char *option_name; ++ int mode; ++ { ++ expand_aliases = expaliases_flag; ++ return 0; ++ } ++ + #if defined (READLINE) + static int +*** ../bash-20221007/builtins/common.h 2022-10-07 10:10:17.000000000 -0400 +--- builtins/common.h 2022-10-14 09:29:25.000000000 -0400 +*************** +*** 258,261 **** +--- 258,263 ---- + #endif + ++ extern int expaliases_flag; ++ + /* variables from source.def */ + extern int source_searches_cwd; +*** ../bash-20221007/execute_cmd.c 2022-10-10 10:48:54.000000000 -0400 +--- execute_cmd.c 2022-10-14 09:32:24.000000000 -0400 +*************** +*** 1537,1541 **** + aliases. */ + if (ois != interactive_shell) +! expand_aliases = 0; + } + +--- 1537,1541 ---- + aliases. */ + if (ois != interactive_shell) +! expand_aliases = expaliases_flag = 0; + } + +*** ../bash-20221007/general.c 2021-11-04 14:12:38.000000000 -0400 +--- general.c 2022-10-14 09:34:24.000000000 -0400 +*************** +*** 92,96 **** + &interactive_comments, + &source_uses_path, +! &expand_aliases, + &inherit_errexit, + &print_shift_error, +--- 92,96 ---- + &interactive_comments, + &source_uses_path, +! &expaliases_flag, + &inherit_errexit, + &print_shift_error, +*************** +*** 107,111 **** + if (on != 0) + { +! interactive_comments = source_uses_path = expand_aliases = 1; + inherit_errexit = 1; + source_searches_cwd = 0; +--- 107,112 ---- + if (on != 0) + { +! interactive_comments = source_uses_path = 1; +! expand_aliases = expaliases_flag = 1; + inherit_errexit = 1; + source_searches_cwd = 0; +*************** +*** 117,120 **** +--- 118,122 ---- + { + set_posix_options (saved_posix_vars); ++ expand_aliases = expaliases_flag; + free (saved_posix_vars); + saved_posix_vars = 0; +*************** +*** 123,127 **** + { + source_searches_cwd = 1; +! expand_aliases = interactive_shell; + print_shift_error = 0; + } +--- 125,129 ---- + { + source_searches_cwd = 1; +! expand_aliases = expaliases_flag = interactive_shell; /* XXX */ + print_shift_error = 0; + } + +*** ../bash-5.2-patched/shell.c 2022-03-04 15:13:00.000000000 -0500 +--- shell.c 2022-10-14 09:36:19.000000000 -0400 +*************** +*** 1845,1850 **** + init_interactive () + { +! expand_aliases = interactive_shell = startup_state = 1; +! interactive = 1; + #if defined (HISTORY) + if (enable_history_list == -1) +--- 1845,1850 ---- + init_interactive () + { +! expand_aliases = expaliases_flag = 1; +! interactive_shell = startup_state = interactive = 1; + #if defined (HISTORY) + if (enable_history_list == -1) +*************** +*** 1866,1870 **** + #endif /* HISTORY */ + interactive_shell = startup_state = interactive = 0; +! expand_aliases = posixly_correct; /* XXX - was 0 not posixly_correct */ + no_line_editing = 1; + #if defined (JOB_CONTROL) +--- 1866,1870 ---- + #endif /* HISTORY */ + interactive_shell = startup_state = interactive = 0; +! expand_aliases = expaliases_flag = posixly_correct; /* XXX - was 0 not posixly_correct */ + no_line_editing = 1; + #if defined (JOB_CONTROL) +*************** +*** 1883,1887 **** + #endif + init_noninteractive (); +! expand_aliases = interactive_shell = startup_state = 1; + #if defined (HISTORY) + remember_on_history = enable_history_list; /* XXX */ +--- 1883,1887 ---- + #endif + init_noninteractive (); +! expand_aliases = expaliases_flag = interactive_shell = startup_state = 1; + #if defined (HISTORY) + remember_on_history = enable_history_list; /* XXX */ +*************** +*** 2026,2030 **** + forced_interactive = interactive_shell = 0; + subshell_environment = running_in_background = 0; +! expand_aliases = 0; + bash_argv_initialized = 0; + +--- 2026,2030 ---- + forced_interactive = interactive_shell = 0; + subshell_environment = running_in_background = 0; +! expand_aliases = expaliases_flag = 0; + bash_argv_initialized = 0; + +*** ../bash-5.2-patched/y.tab.c 2022-09-23 10:18:27.000000000 -0400 +--- y.tab.c 2022-10-14 14:57:26.000000000 -0400 +*************** +*** 5618,5621 **** +--- 5618,5623 ---- + extended_glob = global_extglob; + #endif ++ if (parser_state & (PST_CMDSUBST|PST_STRING)) ++ expand_aliases = expaliases_flag; + + parser_state = 0; +*************** +*** 6700,6703 **** +--- 6702,6706 ---- + parser_state |= PST_NOERROR; + ++ parser_state |= PST_STRING; + expand_aliases = 0; + +*************** +*** 8713,8717 **** + parser_state &= ~PST_NOEXPAND; /* parse_comsub sentinel */ + /* State flags we want to set for this run through the tokenizer. */ +! parser_state |= PST_COMPASSIGN|PST_REPARSE; + } + +--- 8716,8720 ---- + parser_state &= ~PST_NOEXPAND; /* parse_comsub sentinel */ + /* State flags we want to set for this run through the tokenizer. */ +! parser_state |= PST_COMPASSIGN|PST_REPARSE|PST_STRING; + } + +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 5 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 6 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-007 b/src/patches/bash/bash52-007 new file mode 100644 index 000000000..152776f4b --- /dev/null +++ b/src/patches/bash/bash52-007 @@ -0,0 +1,262 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-007 + +Bug-Reported-by: Bruce Jerrick +Bug-Reference-ID: +Bug-Reference-URL: https://bugzilla.redhat.com/show_bug.cgi?id=2134307 + +Bug-Description: + +This patch fixes several problems with alias expansion inside command +substitutions when in POSIX mode. + +Patch (apply with `patch -p0'): + +*** /fs1/chet/scratch/bash-5.2.6/parse.y 2022-11-02 10:36:54.000000000 -0400 +--- parse.y 2022-10-24 10:53:26.000000000 -0400 +*************** +*** 3613,3616 **** +--- 3614,3618 ---- + #define P_ARRAYSUB 0x0020 /* parsing a [...] array subscript for assignment */ + #define P_DOLBRACE 0x0040 /* parsing a ${...} construct */ ++ #define P_ARITH 0x0080 /* parsing a $(( )) arithmetic expansion */ + + /* Lexical state while parsing a grouping construct or $(...). */ +*************** +*** 3911,3914 **** +--- 3914,3920 ---- + else if ((flags & (P_ARRAYSUB|P_DOLBRACE)) && (tflags & LEX_WASDOL) && (ch == '(' || ch == '{' || ch == '[')) /* ) } ] */ + goto parse_dollar_word; ++ else if ((flags & P_ARITH) && (tflags & LEX_WASDOL) && ch == '(') /*)*/ ++ /* $() inside $(( ))/$[ ] */ ++ goto parse_dollar_word; + #if defined (PROCESS_SUBSTITUTION) + /* XXX - technically this should only be recognized at the start of +*************** +*** 3941,3945 **** + nestret = parse_matched_pair (0, '{', '}', &nestlen, P_FIRSTCLOSE|P_DOLBRACE|rflags); + else if (ch == '[') /* ] */ +! nestret = parse_matched_pair (0, '[', ']', &nestlen, rflags); + + CHECK_NESTRET_ERROR (); +--- 3947,3951 ---- + nestret = parse_matched_pair (0, '{', '}', &nestlen, P_FIRSTCLOSE|P_DOLBRACE|rflags); + else if (ch == '[') /* ] */ +! nestret = parse_matched_pair (0, '[', ']', &nestlen, rflags|P_ARITH); + + CHECK_NESTRET_ERROR (); +*************** +*** 4080,4084 **** + shell_ungetc (peekc); + if (peekc == '(') /*)*/ +! return (parse_matched_pair (qc, open, close, lenp, 0)); + } + +--- 4086,4090 ---- + shell_ungetc (peekc); + if (peekc == '(') /*)*/ +! return (parse_matched_pair (qc, open, close, lenp, P_ARITH)); + } + +*************** +*** 4501,4505 **** + + exp_lineno = line_number; +! ttok = parse_matched_pair (0, '(', ')', &ttoklen, 0); + rval = 1; + if (ttok == &matched_pair_error) +--- 4512,4516 ---- + + exp_lineno = line_number; +! ttok = parse_matched_pair (0, '(', ')', &ttoklen, P_ARITH); + rval = 1; + if (ttok == &matched_pair_error) +*************** +*** 5016,5020 **** + } + else +! ttok = parse_matched_pair (cd, '[', ']', &ttoklen, 0); + if (ttok == &matched_pair_error) + return -1; /* Bail immediately. */ +--- 5030,5034 ---- + } + else +! ttok = parse_matched_pair (cd, '[', ']', &ttoklen, P_ARITH); + if (ttok == &matched_pair_error) + return -1; /* Bail immediately. */ +*** ../bash-5.2.6/y.tab.c 2022-11-02 10:36:54.000000000 -0400 +--- y.tab.c 2022-11-02 10:55:58.000000000 -0400 +*************** +*** 5924,5927 **** +--- 5924,5928 ---- + #define P_ARRAYSUB 0x0020 /* parsing a [...] array subscript for assignment */ + #define P_DOLBRACE 0x0040 /* parsing a ${...} construct */ ++ #define P_ARITH 0x0080 /* parsing a $(( )) arithmetic expansion */ + + /* Lexical state while parsing a grouping construct or $(...). */ +*************** +*** 6222,6225 **** +--- 6223,6229 ---- + else if ((flags & (P_ARRAYSUB|P_DOLBRACE)) && (tflags & LEX_WASDOL) && (ch == '(' || ch == '{' || ch == '[')) /* ) } ] */ + goto parse_dollar_word; ++ else if ((flags & P_ARITH) && (tflags & LEX_WASDOL) && ch == '(') /*)*/ ++ /* $() inside $(( ))/$[ ] */ ++ goto parse_dollar_word; + #if defined (PROCESS_SUBSTITUTION) + /* XXX - technically this should only be recognized at the start of +*************** +*** 6252,6256 **** + nestret = parse_matched_pair (0, '{', '}', &nestlen, P_FIRSTCLOSE|P_DOLBRACE|rflags); + else if (ch == '[') /* ] */ +! nestret = parse_matched_pair (0, '[', ']', &nestlen, rflags); + + CHECK_NESTRET_ERROR (); +--- 6256,6260 ---- + nestret = parse_matched_pair (0, '{', '}', &nestlen, P_FIRSTCLOSE|P_DOLBRACE|rflags); + else if (ch == '[') /* ] */ +! nestret = parse_matched_pair (0, '[', ']', &nestlen, rflags|P_ARITH); + + CHECK_NESTRET_ERROR (); +*************** +*** 6391,6395 **** + shell_ungetc (peekc); + if (peekc == '(') /*)*/ +! return (parse_matched_pair (qc, open, close, lenp, 0)); + } + +--- 6395,6399 ---- + shell_ungetc (peekc); + if (peekc == '(') /*)*/ +! return (parse_matched_pair (qc, open, close, lenp, P_ARITH)); + } + +*************** +*** 6812,6816 **** + + exp_lineno = line_number; +! ttok = parse_matched_pair (0, '(', ')', &ttoklen, 0); + rval = 1; + if (ttok == &matched_pair_error) +--- 6816,6820 ---- + + exp_lineno = line_number; +! ttok = parse_matched_pair (0, '(', ')', &ttoklen, P_ARITH); + rval = 1; + if (ttok == &matched_pair_error) +*************** +*** 7327,7331 **** + } + else +! ttok = parse_matched_pair (cd, '[', ']', &ttoklen, 0); + if (ttok == &matched_pair_error) + return -1; /* Bail immediately. */ +--- 7331,7335 ---- + } + else +! ttok = parse_matched_pair (cd, '[', ']', &ttoklen, P_ARITH); + if (ttok == &matched_pair_error) + return -1; /* Bail immediately. */ +*** /fs1/chet/scratch/bash-5.2.6/builtins/evalstring.c 2022-07-18 14:46:56.000000000 -0400 +--- builtins/evalstring.c 2022-10-18 10:57:51.000000000 -0400 +*************** +*** 432,435 **** +--- 432,437 ---- + if (parse_command () == 0) + { ++ int local_expalias, local_alflag; ++ + if ((flags & SEVAL_PARSEONLY) || (interactive_shell == 0 && read_but_dont_execute)) + { +*************** +*** 508,511 **** +--- 510,526 ---- + #endif /* ONESHOT */ + ++ /* We play tricks in the parser and command_substitute() turning ++ expand_aliases on and off depending on which parsing pass and ++ whether or not we're in posix mode. This only matters for ++ parsing, and we let the higher layers deal with that. We just ++ want to ensure that expand_aliases is set to the appropriate ++ global value when we go to execute this command, so we save ++ and restore it around the execution (we don't restore it if ++ the global value of the flag (expaliases_flag) changes). */ ++ local_expalias = expand_aliases; ++ local_alflag = expaliases_flag; ++ if (subshell_environment & SUBSHELL_COMSUB) ++ expand_aliases = expaliases_flag; ++ + /* See if this is a candidate for $( <file ). */ + if (startup_state == 2 && +*************** +*** 525,528 **** +--- 540,547 ---- + discard_unwind_frame ("pe_dispose"); + ++ /* If the global value didn't change, we restore what we had. */ ++ if ((subshell_environment & SUBSHELL_COMSUB) && local_alflag == expaliases_flag) ++ expand_aliases = local_expalias; ++ + if (flags & SEVAL_ONECMD) + { +*** /fs1/chet/scratch/bash-5.2.6/command.h 2021-04-30 15:43:15.000000000 -0400 +--- command.h 2022-10-18 11:44:31.000000000 -0400 +*************** +*** 115,118 **** +--- 115,119 ---- + #define PF_EXPANDRHS 0x20 /* same as W_EXPANDRHS */ + #define PF_ALLINDS 0x40 /* array, act as if [@] was supplied */ ++ #define PF_BACKQUOTE 0x80 /* differentiate `` from $() for command_substitute */ + + /* Possible values for subshell_environment */ +*** /fs1/chet/scratch/bash-5.2.6/subst.c 2022-11-02 10:28:10.000000000 -0400 +--- subst.c 2022-10-20 12:41:07.000000000 -0400 +*************** +*** 7124,7129 **** + + /* We want to expand aliases on this pass if we are not in posix mode +! for backwards compatibility. */ +! if (expand_aliases) + expand_aliases = posixly_correct == 0; + +--- 7133,7142 ---- + + /* We want to expand aliases on this pass if we are not in posix mode +! for backwards compatibility. parse_and_execute() takes care of +! setting expand_aliases back to the global value when executing the +! parsed string. We only do this for $(...) command substitution, +! since that is what parse_comsub handles; `` comsubs are processed +! using parse.y:parse_matched_pair(). */ +! if (expand_aliases && (flags & PF_BACKQUOTE) == 0) + expand_aliases = posixly_correct == 0; + +*************** +*** 11293,11297 **** + { + de_backslash (temp); +! tword = command_substitute (temp, quoted, 0); + temp1 = tword ? tword->word : (char *)NULL; + if (tword) +--- 11306,11310 ---- + { + de_backslash (temp); +! tword = command_substitute (temp, quoted, PF_BACKQUOTE); + temp1 = tword ? tword->word : (char *)NULL; + if (tword) +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 6 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 7 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-008 b/src/patches/bash/bash52-008 new file mode 100644 index 000000000..ff6371140 --- /dev/null +++ b/src/patches/bash/bash52-008 @@ -0,0 +1,58 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-008 + +Bug-Reported-by: Glenn Jackman glenn.jackman@gmail.com +Bug-Reference-ID: CAFC8ewQDx7hzNJzveuJ5o4FWo=ij7MzckiJVN_6NXjp504QZeg@mail.gmail.com +Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00095.html + +Bug-Description: + +Array subscript expansion can inappropriately quote brackets if the expression +contains < or >. + +Patch (apply with `patch -p0'): + +*** ../bash-20221015/subst.c 2022-10-18 10:47:33.000000000 -0500 +--- subst.c 2022-10-20 11:41:07.000000000 -0500 +*************** +*** 3820,3823 **** +--- 3820,3827 ---- + #endif + ++ /* We don't perform process substitution in arithmetic expressions, so don't ++ bother checking for it. */ ++ #define ARITH_EXP_CHAR(s) (s == '$' || s == '`' || s == CTLESC || s == '~') ++ + /* If there are any characters in STRING that require full expansion, + then call FUNC to expand STRING; otherwise just perform quote +*************** +*** 4029,4033 **** + while (string[i]) + { +! if (EXP_CHAR (string[i])) + break; + else if (string[i] == ''' || string[i] == '\' || string[i] == '"') +--- 4033,4037 ---- + while (string[i]) + { +! if (ARITH_EXP_CHAR (string[i])) + break; + else if (string[i] == ''' || string[i] == '\' || string[i] == '"') +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 7 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 8 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/bash/bash52-009 b/src/patches/bash/bash52-009 new file mode 100644 index 000000000..f907c8c47 --- /dev/null +++ b/src/patches/bash/bash52-009 @@ -0,0 +1,43 @@ + BASH PATCH REPORT + ================= + +Bash-Release: 5.2 +Patch-ID: bash52-009 + +Bug-Reported-by: Corey Hickey bugfood-ml@fatooh.org +Bug-Reference-ID: 134330ef-0ead-d73e-68eb-d58fc51efdba@fatooh.org +Bug-Reference-URL: https://lists.gnu.org/archive/html/help-bash/2022-10/msg00025.html + +Bug-Description: + +Bash arithmetic expansion should allow `@' and `*' to be used as associative +array keys in expressions. + +Patch (apply with `patch -p0'): + +*** ../bash-5.2-patched/expr.c 2022-07-11 10:03:34.000000000 -0400 +--- expr.c 2022-10-31 10:51:08.000000000 -0400 +*************** +*** 1169,1172 **** +--- 1169,1174 ---- + #if defined (ARRAY_VARS) + aflag = tflag; /* use a different variable for now */ ++ if (shell_compatibility_level > 51) ++ aflag |= AV_ATSTARKEYS; + v = (e == ']') ? array_variable_part (tok, tflag, (char **)0, (int *)0) : find_variable (tok); + #else +*** ../bash-5.2/patchlevel.h 2020-06-22 14:51:03.000000000 -0400 +--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 8 + + #endif /* _PATCHLEVEL_H_ */ +--- 26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 9 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/src/patches/gdb-readline8.2.patch b/src/patches/gdb-readline8.2.patch new file mode 100644 index 000000000..93724b109 --- /dev/null +++ b/src/patches/gdb-readline8.2.patch @@ -0,0 +1,35 @@ +From 1add37b567a7dee39d99f37b37802034c3fce9c4 Mon Sep 17 00:00:00 2001 +From: Andreas Schwab schwab@linux-m68k.org +Date: Sun, 20 Mar 2022 14:01:54 +0100 +Subject: [PATCH] Add support for readline 8.2 + +In readline 8.2 the type of rl_completer_word_break_characters changed to +include const. +--- + gdb/completer.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gdb/completer.c b/gdb/completer.c +index d3900ae2014..a51c16ac7f8 100644 +--- a/gdb/completer.c ++++ b/gdb/completer.c +@@ -36,7 +36,7 @@ + calling a hook instead so we eliminate the CLI dependency. */ + #include "gdbcmd.h" + +-/* Needed for rl_completer_word_break_characters() and for ++/* Needed for rl_completer_word_break_characters and for + rl_filename_completion_function. */ + #include "readline/readline.h" + +@@ -2011,7 +2011,7 @@ gdb_completion_word_break_characters_throw () + rl_basic_quote_characters = NULL; + } + +- return rl_completer_word_break_characters; ++ return (char *) rl_completer_word_break_characters; + } + + char * +-- +2.31.1 diff --git a/src/patches/readline/readline82-001 b/src/patches/readline/readline82-001 new file mode 100644 index 000000000..a13ff4285 --- /dev/null +++ b/src/patches/readline/readline82-001 @@ -0,0 +1,42 @@ + READLINE PATCH REPORT + ===================== + +Readline-Release: 8.2 +Patch-ID: readline82-001 + +Bug-Reported-by: Kan-Ru Chen koster@debian.org +Bug-Reference-ID: +Bug-Reference-URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021109 + +Bug-Description: + +Starting a readline application with an invalid locale specification for +LC_ALL/LANG/LC_CTYPE can cause it crash on the first call to readline. + +Patch (apply with `patch -p0'): + +*** ../readline-8.2-patched/nls.c 2022-08-15 09:38:51.000000000 -0400 +--- nls.c 2022-10-05 09:23:22.000000000 -0400 +*************** +*** 142,145 **** +--- 142,149 ---- + lspec = ""; + ret = setlocale (LC_CTYPE, lspec); /* ok, since it does not change locale */ ++ if (ret == 0 || *ret == 0) ++ ret = setlocale (LC_CTYPE, (char *)NULL); ++ if (ret == 0 || *ret == 0) ++ ret = RL_DEFAULT_LOCALE; + #else + ret = (lspec == 0 || *lspec == 0) ? RL_DEFAULT_LOCALE : lspec; + +*** ../readline-8.2/patchlevel 2013-11-15 08:11:11.000000000 -0500 +--- patchlevel 2014-03-21 08:28:40.000000000 -0400 +*************** +*** 1,3 **** + # Do not edit -- exists only for use by patch + +! 0 +--- 1,3 ---- + # Do not edit -- exists only for use by patch + +! 1 diff --git a/src/patches/xzgrep-ZDI-CAN-16587.patch b/src/patches/xzgrep-ZDI-CAN-16587.patch deleted file mode 100644 index 406ded590..000000000 --- a/src/patches/xzgrep-ZDI-CAN-16587.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 69d1b3fc29677af8ade8dc15dba83f0589cb63d6 Mon Sep 17 00:00:00 2001 -From: Lasse Collin lasse.collin@tukaani.org -Date: Tue, 29 Mar 2022 19:19:12 +0300 -Subject: [PATCH] xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587). - -Malicious filenames can make xzgrep to write to arbitrary files -or (with a GNU sed extension) lead to arbitrary code execution. - -xzgrep from XZ Utils versions up to and including 5.2.5 are -affected. 5.3.1alpha and 5.3.2alpha are affected as well. -This patch works for all of them. - -This bug was inherited from gzip's zgrep. gzip 1.12 includes -a fix for zgrep. - -The issue with the old sed script is that with multiple newlines, -the N-command will read the second line of input, then the -s-commands will be skipped because it's not the end of the -file yet, then a new sed cycle starts and the pattern space -is printed and emptied. So only the last line or two get escaped. - -One way to fix this would be to read all lines into the pattern -space first. However, the included fix is even simpler: All lines -except the last line get a backslash appended at the end. To ensure -that shell command substitution doesn't eat a possible trailing -newline, a colon is appended to the filename before escaping. -The colon is later used to separate the filename from the grep -output so it is fine to add it here instead of a few lines later. - -The old code also wasn't POSIX compliant as it used \n in the -replacement section of the s-command. Using <newline> is the -POSIX compatible method. - -LC_ALL=C was added to the two critical sed commands. POSIX sed -manual recommends it when using sed to manipulate pathnames -because in other locales invalid multibyte sequences might -cause issues with some sed implementations. In case of GNU sed, -these particular sed scripts wouldn't have such problems but some -other scripts could have, see: - - info '(sed)Locale Considerations' - -This vulnerability was discovered by: -cleemy desu wayo working with Trend Micro Zero Day Initiative - -Thanks to Jim Meyering and Paul Eggert discussing the different -ways to fix this and for coordinating the patch release schedule -with gzip. ---- - src/scripts/xzgrep.in | 20 ++++++++++++-------- - 1 file changed, 12 insertions(+), 8 deletions(-) - -diff --git a/src/scripts/xzgrep.in b/src/scripts/xzgrep.in -index b180936..e5186ba 100644 ---- a/src/scripts/xzgrep.in -+++ b/src/scripts/xzgrep.in -@@ -180,22 +180,26 @@ for i; do - { test $# -eq 1 || test $no_filename -eq 1; }; then - eval "$grep" - else -+ # Append a colon so that the last character will never be a newline -+ # which would otherwise get lost in shell command substitution. -+ i="$i:" -+ -+ # Escape & \ | and newlines only if such characters are present -+ # (speed optimization). - case $i in - (*' - '* | *'&'* | *''* | *'|'*) -- i=$(printf '%s\n' "$i" | -- sed ' -- $!N -- $s/[&|]/\&/g -- $s/\n/\n/g -- ');; -+ i=$(printf '%s\n' "$i" | LC_ALL=C sed 's/[&|]/\&/g; $!s/$/\/');; - esac -- sed_script="s|^|$i:|" -+ -+ # $i already ends with a colon so don't add it here. -+ sed_script="s|^|$i|" - - # Fail if grep or sed fails. - r=$( - exec 4>&1 -- (eval "$grep" 4>&-; echo $? >&4) 3>&- | sed "$sed_script" >&3 4>&- -+ (eval "$grep" 4>&-; echo $? >&4) 3>&- | -+ LC_ALL=C sed "$sed_script" >&3 4>&- - ) || r=2 - exit $r - fi >&3 5>&- --- -2.35.1 -
hooks/post-receive -- IPFire 2.x development tree