From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 3341244feff069a4259f086a814ed6c1e2171146
Date: Fri, 09 Aug 2024 10:45:58 +0000 [thread overview]
Message-ID: <4WgLDQ6H8dz2xT1@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 88337 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 3341244feff069a4259f086a814ed6c1e2171146 (commit)
via 0382036f71b1f57ebcb7fc9ca82178cb80d33869 (commit)
via 05971bd7d0d9a6195824c54afe970f2791125971 (commit)
via efd4db4bb016bd282e1f9442f908a1c61139bca5 (commit)
via 31f0c0b2896d6c2c49cf22f9444df03ee26424dc (commit)
via f389d702dc647df2b72c440fb5cb0bce2ac640ac (commit)
via 42d514370a4ebf063f8153e36dcc045f645d075e (commit)
via c80163aad261230f981a99da753cdcc3f70be454 (commit)
via 157b603528ae0f02a34f396cd49371ac35e3b2a2 (commit)
via b2d848bd819ce551ff3b58d27507c18a1e1aa491 (commit)
via 0a942376687049e6bcce8c1e5f18c5c505d0810b (commit)
via 1e639a1dfa86011656001c9612d11d7bdcfca1cb (commit)
via 7e6ba7113752e724ce5dc92e432af9b05eb0aef0 (commit)
via f6e2ccf3ab33e8680705f82aed54218ca6675b71 (commit)
from ecacbaacbad42545e2e41838ed9c50ac5ae42cb0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3341244feff069a4259f086a814ed6c1e2171146
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 9 10:41:37 2024 +0000
core188: Ship libgcrypt
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0382036f71b1f57ebcb7fc9ca82178cb80d33869
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 9 12:37:34 2024 +0200
netatalk: Update to version 3.2.5
- Update from version 3.1.2 to 3.2.5
- Update of rootfile
- Change to meson build
- Bundled libevent was removed in 3.1.13 so configure option no longer needed.
- The latest netatalk places the prefix value onto all other directories. No way to change
this via the meson options. So sysconfdir and localstatedir would end up being under
/usr. Patch created to remove the prefix value at the beginning of sysconfdir and
localstatedir so that the locations stay the same as for the previous versions.
- The default value for pam.d is in /usr/etc/ but option available to change this.
- Large number of CVE fixes in some of the updates - 3.2.1, 3.1.18, 3.1.17, 3.1.16,
3.1.15, 3.1.13, 3.1.12,
- Changelog
3.2.5
* BREAKING: meson: Allow choosing shared or static libraries to build,
GitHub #1321
In practice, only shared libraries are built by default now.
Use the `default_library' option to control what is built.
* FIX: meson: Control the MySQL CNID backend, and support MariaDB, GitHub #1341
Introduces a new boolean `with-cnid-mysql-backend' option.
* FIX: meson: Implement with-init-dir option, GitHub #1346
* FIX: autotools/meson: Install FreeBSD init script into correct location,
GitHub #1345
* FIX: meson: Fix syntax error with libiconv path, GitHub #1279
* FIX: meson: Correct description for with-manual option, GitHub #1282
* FIX: meson: Correct prefix lookup for tracker-control, GitHub #1284
* FIX: meson: default OPEN_NOFOLLOW_ERRNO overwrites platform customization,
GitHub #1286
* FIX: meson: Don't make dtags depend on rpath, GitHub #1293
* FIX: meson: Remove duplicate dependency check for posix threads, GitHub #1297
* FIX: meson: Better output when cryptographic UAMs aren't built, GitHub #1302
* FIX: meson: Prioritize tests and run single-threaded to avoid race condition,
GitHub #1312
* FIX: meson: Better way to handle rpath executable targets, GitHub #1315
* FIX: meson: Refactor libcrypto check and print better status messages,
GitHub #1299
* FIX: meson: Look for libmariadb dependency to appease Fedora, GitHub #1348
* FIX: meson: Declare have_atfuncs globally to avoid failure later, GitHub #1357
* FIX: meson: Do a compiler sanity check before header checks, GitHub #1356
* FIX: Avoid using reserved keyword to build the tests on NetBSD, GitHub #1328
3.2.4
* UPD: autotools: Restore ABI versioning of libatalk,
and set it to 18.0.0, GitHub #1261
* UPD: meson: Define long-form soversion as 18.0.0, GitHub #1256
Previously, only `18' was defined.
* NEW: meson: Introduce pkgconfdir override option, GitHub #1241
The new option is called `with-pkgconfdir-path'
and is analogous to the `with-pkgconfdir' Autotools option.
Additionally, the hard-coded "netatalk" path suffix has been removed.
* NEW: meson: Introduce `debian' init style option
that installs both sysv and systemd, GitHub #1239
* FIX: meson: Add have_atfuncs check,
and make dtags dependent on rpath flag, GitHub #1236
* FIX: meson: Correct overwrite install logic for config files, GitHub #1253
* FIX: Fix typo in netatalk_conf.c log message
3.2.3
* UPD: Record note of permission to upgrade CNID code
to a later GPL, GitHub #1194
* UPD: Remove long-obsoleted cnid2_create script, GitHub #1203
* UPD: docker: Add option to enable ClearText and Guest UAMs, GitHub #1202
* FIX: docs: Standardize reference entry naming
for netatalk-config man page, GitHub #1208
* FIX: meson: Generate afppasswd manual html page, GitHub #1210
* UPD: meson: Remove obsolete 64 bit library check, GitHub #1207
* FIX: meson: Enable rpath for binaries
only when with-rpath is enabled, GitHub #1214
* FIX: meson: Require kerberos before enabling krb5 UAM,
not just GSSAPI, GitHub #1218
* FIX: meson: Restore linking with 64-bit libdb on Solaris, GitHub #1222
* FIX: meson: Fixing linking when building with
the `with-ssl-override' option, GitHub #1227
3.2.2
* UPD: meson: Use external SSL dependency to provide cast header, GitHub #1186
This reintroduces OpenSSL/LibreSSL as a dependency for the DHX UAM,
while removing all source files with the SSLeay copyright notice.
* UPD: meson: Add option to override system WolfSSL
with embedded WolfSSL: `with-ssl-override', GitHub #1176
* UPD: Remove obsolete Red Hat Upstart and SuSE SysV init scripts, GitHub #1163
* FIX: meson: Fix errors in PAM support macro, GitHub #1178
* FIX: meson: Fix perl shebang substitution in cnid2_create script, GitHub #1183
* FIX: meson: Fix operation of D-Bus path macros, GitHub #1182
* FIX: meson: Fix errors in shadow password macro, GitHub #1192
* FIX: autotools: gcc 8.5 expects explicit library flags
for libgcrypt, GitHub #1188
* NEW: Create a security policy, GitHub #1166
3.2.1
* FIX: CVE-2024-38439,CVE-2024-38440,CVE-2024-38441: Harden user login,
GitHub #1158
* BREAKING: meson: Rework option semantics and feature macros, GitHub #1099
- Consistent syntax of the build options to make them user-friendly
- Standardises the syntax of the feature macros
- Fixes the logic of the largefile support macro
- Disables gssapi support if the Kerberos V UAM is not required
- All options are now defined either as `with-*' or `with-*-path'
- Please see the Release Notes for a full list of changed options
* UPD: meson: Enable building with system WolfSSL library, GitHub #1160
- Build system will attempt to detect
that all required headers and symbols are supported
- Falls back to the bundled WolfSSL library
* FIX: meson: Fix -Doption paths on systems
where rpath is enabled by default, GitHub #1053
* FIX: meson: Fix library search macro on OmniOS hosts, GitHub #1056
* FIX: meson: Fix rules for installing scripts, GitHub #1070
- Install afpstats only when Perl is detected
- Don't install scripts only used by netatalk developers
* FIX: meson: set setuid bit to allow user afppasswd changing, GitHub #1071
* FIX: meson: Fix logic of libiconv detection macro, GitHub #1075
* FIX: meson: Address various issues with the meson build system, GitHub #1082
- Enables quota support on all flavours of linux and BSD, plus macOS
- Adds the quota provider to the configuration summary
- Adds a user option to disable LDAP support
- Sets dependencies according to user configuration
- Improves the syntax of the ACL macro
* FIX: meson: Further refinements to meson build system, GitHub #1086
- Adds user options to disable cracklib and GSSAPI support
- Automates Berkeley DB library detection on macOS
* FIX: meson: Fix issues with quota support on linux and macOS, GitHub #1092
- Enables quota support on macOS hosts
- Restores missing configuration option for linux hosts
- Removes obsolete quota configuration data for linux and macOS hosts
* FIX: meson: Set executable flags when installing scripts, GitHub #1117
* UPD: autotools and meson: Use pkg-config to find libgcrypt, GitHub #1132
- This removes dependency on the now-obsolete libgcrypt-config
* FIX: Use portable linux macro in etc/afpd header, GitHub #1083
* UPD: Debian Trixie expects systemd scripts in /usr/lib, GitHub #1135
* UPD: Add copyright for mac_roman.h, GitHub #1137
* FIX: Cleanup of copyright headers to make them scanner friendly, GitHub #1142
* FIX: Remove unused atalk/talloc.h header, GitHub #1154
* FIX: docker: Don't bail out when password is longer than 8 chars, GitHub #1067
* UPD: docker: Bump to Alpine 3.20 base image, GitHub #1111
* FIX: docker: Rework AFP user's GROUP and GID settings, GitHub #1116
- GID now requires GROUP to be set, and applies to that group
rather than that of the user.
* UPD: docs: Indicate license for software package,
and add SSLeay notice, GitHub #1125
* FIX: docs: Rephrase tarball section of manual, GitHub #1164
3.2.0
* NEW: BREAKING: Introduce the Meson build system, GitHub #707
GNU Autotools is still supported, but will be removed
in a future release. See the newly added INSTALL file.
* NEW: BREAKING: Bundle WolfSSL for DHX/RandNum UAM encryption, GitHub #358
This is enabled by default, controlled by option "-Dwith-embedded-ssl"
Requires the Meson build system.
External OpenSSL 1.1 and LibreSSL are still supported.
* NEW: BREAKING: LDAP API bump, OpenLDAP v2.3 or later required, GitHub #762
afp.conf option "ldap server" has been replaced with "ldap uri"
and has a new syntax. See the manual for details.
* UPD: BREAKING: Remove legacy cdb and tdb CNID backends, GitHub #508
* UPD: BREAKING: Remove Andrew File System (AFS) support, GitHub #554
* UPD: BREAKING: Remove bundled talloc, GitHub #479
For Spotlight support, use the talloc library supplied by your OS,
or get the source code from the Samba project and build it yourself.
* UPD: BREAKING: Remove generated SPARQL code, GitHub #337
This introduces a compile time dependency on
a yacc parser and a lexer to build with Spotlight support.
* UPD: BREAKING: Rename macOS launchd plist to io.netatalk.*, GitHub #778
Note: Only the Meson build system will clean up the old plist.
* UPD: BREAKING: Renamed Gentoo init script to openrc, GitHub #868
OpenRC is cross platform; confirmed working on Alpine Linux.
* NEW: FreeBSD init script, borrowed from FreeBSD ports, GitHub #876
Special thanks to the author, Joe Marcus Clarke.
* NEW: OpenBSD init script, GitHub #870
* NEW: Introduce an official Dockerfile and entry script, GitHub #713
* NEW: Option to log to file with second (not us) accuracy, GitHub #580
Enable with afp.conf option: "log microseconds = no"
* NEW: Option to add delay to FCE event emission, GitHub #849
Set a ms delay with afp.conf option: "fce sendwait"
* NEW: afppasswd: Add -w option to set password from the CLI, GitHub #936
* NEW: docs: Distribute a manual appendix with the GNU GPL v2, GitHub #745
* NEW: docs: Distribute the Japanese localization of the manual, GitHub #806
* NEW: docs: Generate a manual appendix with build instructions, GitHub #791
The appendix is generated from the GitHub CI workflow yaml file.
* UPD: docs: Document libraries, init scripts in manual, GitHub #808
* UPD: docs: Remove substituted file system paths from manual, GitHub #514
* FIX: afpd: Prevent theoretical crash in FPSetACL, GitHub #364
* FIX: libatalk: Fix parsing of macOS-created AppleDouble files, GitHub #270
* FIX: libatalk: Restore invalid EA metadata cleanup, GitHub #400
* FIX: quota: Use the NetBSD 6 quota API, GitHub #1028
* FIX: quota: Workaround for rquota.h symbol name on Fedora 40, GitHub #1040
* FIX: uams: Allow linking of the PGP UAM, GitHub #548
* FIX: Shore up error handling and type safety, GitHub #952
* UPD: Rewrite the afpstats script in Perl, GitHub #893
And, improve the formatting of the standard output.
Requires the Net::DBus Perl extension.
This removes the effective dependency on a Python runtime.
* UPD: Make Perl and grep optional requirements, GitHub #886
When either is missing, do not install the optional Perl scripts.
* NEW: Build system option "disable-init-hooks", GitHub #796
Will skip init script enablement commands that require
elevated privileges on the system.
* FIX: Make cracklib macro properly detect dictionary, GitHub #940
* FIX: Build with PAM support on FreeBSD 14, GitHub #560
* FIX: Allow libevent2 linking on OpenIndiana, GitHub #512
* FIX: Control all Spotlight dependencies at compile time, GitHub #571
* UPD: Remove redundant AUTHORS file, GitHub #538
3.1.18
* FIX: CVE-2022-22995: Harden create_appledesktop_folder(), GitHub #480
* FIX: Disable dtrace support on aarch64 FreeBSD hosts, Github #498
* FIX: Correct syntax for libwrap check in tcp-wrappers.m4, GitHub #500
* FIX: Correct syntax for libiconv check in iconv.m4, GitHub #491
* FIX: quota is not supported on macOS, GitHub #492
3.1.17
* FIX: CVE-2023-42464: Validate data type in dalloc_value_for_key(), GitHub #486
* FIX: Declare a variable before using it in a loop,
which was throwing off the default compiler on RHEL7, GitHub #481
* UPD: Distribute tarballs with xz compression by default, not gzip, GitHub #478
* UPD: Add AUTHOR sections to all man pages with a reference to CONTRIBUTORS,
and standardize headers and footers, GitHub #462
3.1.16
* FIX: libatalk: Fix CVE-2022-23121, CVE-2022-23123 regression
- Added guard check before access ad_entry(), GitHub#357
- Allow zero length entry, for AppleDouble specification, GitHub#368
- Remove special handling for COMMENT entries, GitHub#236
- The assertion for invalid entires is still enabled,
so please report any future "Invalid metadata EA" errors!
* FIX: build system: Fix autoconf warnings and modernize bootstrap
and configure.ac, GitHub#331
* FIX: build system: Correct syntax in libevent search macro,
summary macro and netatalk executable makefile, GitHub#342
* FIX: build system: Fix native libiconv detection on macOS, GitHub#343
* FIX: build system: Use non-interactive PAM session when available, GitHub#361
* FIX: build system: Fix detection of Berkeley DB installed
in multiarch location, GitHub#380
* FIX: build system: Fix support for cross-compilation
with mysql_config and dtrace, GitHub#384
* FIX: build system: Support building quota against libtirpc, GitHub#385
* FIX: build system: Fix variable substitution in configure summary, GitHub#443
* UPD: build system: Remove ABI checks and the --enable-developer option, GitHub#262
* FIX: initscript: Improvements to Debian SysV init script
- Source init-functions, GitHub#386
- Add a Description and Short-Description, GitHub#428
* FIX: docs: Clarify localstate dir configurability in manual, GitHub#401
* UPD: docs: Make BerkeleyDB 5.3.x the recommended version, GitHub#8
* FIX: docs: Update SourceForge URLs to fix CSS styles and download links
* FIX: docs: Remove obsoleted bug reporting sections, GitHub#455
* FIX: Sundry typo fixes in user visible strings and docs, GitHub#381, GitHub#382
* UPD: Rename asip-status.pl as asip-status
to make naming implementation-agnostic, GitHub#379
* UPD: Remove redundant uid.c|h files in etc/afpd
* UPD: Don't build and distribute deprecated cnid2_create tool, GitHub#412
* UPD: Remove deprecated megatron code and man page, GitHub#456
* UPD: Remove deprecated uniconv code and man page, GitHub#457
* UPD: Improvements to the GitHub CI workflow
3.1.15
* FIX: CVE-2022-43634
* FIX: CVE-2022-45188
* NEW: Support for macOS hosts, Intel and Apple silicon, GitHub#281
* FIX: configure.ac: update deprecated autoconf syntax
* UPD: configure.ac: Support linking with system shared libraries
Introduces the --with-talloc option
* FIX: macros: largefile-check macro for largefile (clang 16)
* UPD: macros: Update pthread macro to the latest from gnu.org
* FIX: initscripts: Modernize Systemd service file.
* FIX: libatalk/conf: include sys/file.h for LOCK_EX
* FIX: libatalk: Change log level for realpath() error, SF bug#666
* FIX: libatalk: Change log level for real_name error, SF bug#596
* FIX: libatalk: The my_bool type is deprecated as of MySQL 8.0.1, GitHub#129
* UPD: libatalk: allow afpd to read read-protected afp.conf, SF bug#546
* UPD: libatalk: Make the "valid users" option work in the Homes section, SF bug#449
* UPD: libatalk: Check that FPDisconnectOldSession is successful, SF bug#634
* UPD: libatalk: Bring iniparser library codebase in line with current version 4.1
* FIX: afpd: Provide MNTTYPE_NFS on OmniOS to make quota work, GitHub#117
* FIX: afpd: Avoid triggering realpath() lookups with empty path, GitHub#277
* FIX: spotlight: Spotlight searches can cause afpd to segfault, GitHub#56
* UPD: spotlight: add support for tracker3, SF patch#147
* FIX: macusers: Fix output for long usernames
* FIX: macusers: account for usernames with non-word characters
* FIX: macusers: Support NetBSD
* FIX: Fix all function declarations without a prototype
* FIX: Fix C99 compliance issues
* FIX: Fix gcc10 compiler warnings
* UPD: Remove acsiidocs sources and release notes script
* FIX: manpages: afp.conf: Parameters are not quoted, SF bug#617
* FIX: manpages: afp.conf: Document $u in home name, GitHub#123
* FIX: manpages: afp.conf: Document the usage of guest user, GitHub#298
* FIX: Document how the mysql cnid backend is configured, GitHub#69
* FIX: Fix user-visible typos in log output and man pages.
* FIX: Fix spelling, syntax, and dead URLs in html manual.
* NEW: Create README.md
* NEW: Set up GitHub workflow and static analysis with Sonarcloud
3.1.14
* FIX: fix build with libressl >= 2.7.0, GitHub#105
* NEW: Added Ignore Directories Feature
* UPD: Generate Unicode source code based on Unicode 14.0, GitHub#114
* FIX: Protect against removing AFP metadata xattr
* FIX: avoid setting adouble entries on symlinks
* FIX: add handling for cases where ad_entry() returns NULL, GitHub#175
* FIX: Fix setting of LD_LIBRARY_FLAGS ($shlibpath_var).
* FIX: afpstats: Fedora migrating away from IO::Socket::INET6, GitHub#130
* FIX: afpd: check return values from setXXid() functions, GitHub#115
* FIX: afpd: drop groups in become_user_permanently(), GitHub#126
* FIX: Fix use after free in get_tm_used()
* FIX: Fix sign extension problem in bsd_attr_list()
* FIX: Fix garbage read in bsd_attr_list
* FIX: make afpstats python 3 compatible
* UPD: docs: manual: Remove wrong TCP-over-TCP info; minor copy editing
* FIX: configure.ac: fix macro ordering for CentOS 6
* FIX: configure.ac: fix typo
* FIX: configure.ac: remove some trailing whitespace
* FIX: configure.ac: fix deprecated macro invocation
* FIX: configure.ac: replace obsolete macro
* FIX: libatalk/dsi/Makefile.am: fix deprecation warning
* FIX: Store AutoMake helper script in build-aux/
* FIX: configure.ac: define a dir for macros
* FIX: configure.ac: AM_CONFIG_HEADER is deprecated
* FIX: autotools: Fix another deprecation warning
* FIX: libgcrypt typo in configuration error message
* UPD: Various CI improvements
* FIX: libatalk/conf: re-generation of afp_voluuid.conf
* UPD: libatalk/conf: code cleanup and add locking to get_vol_uuid()
* UPD: add documentation for the lv_flags_t
* FIX: No need to check for attropen on Solaris, GitHub#44
3.1.13
* FIX: CVE-2021-31439
* FIX: CVE-2022-23121
* FIX: CVE-2022-23123
* FIX: CVE-2022-23122
* FIX: CVE-2022-23125
* FIX: CVE-2022-23124
* FIX: CVE-2022-0194
* FIX: afpd: make a variable declaration a definition
* UPD: Remove bundled libevent
3.1.12
* FIX: dhx uams: build with LibreSSL, GitHub#91
* FIX: various spelling errors
* FIX: CVE-2018-1160
3.1.11
* NEW: Global option "zeroconf name", FR#99
* NEW: show Zeroconf support by "netatalk -V", FR#100
* UPD: gentoo: Switch openrc init script to openrc-run, GitHub#77
* FIX: log message: name of function doese not match, GitHub#78
* UPD: volume capacity reporting to match Samba behavior, GitHub#83
* FIX: debian: sysv init status command exits with proper exit code, GitHub#84
* FIX: dsi_stream_read: len:0, unexpected EOF, GitHub#82
* UPD: dhx uams: OpenSSL 1.1 support, GitHub#87
3.1.10
* FIX: cannot build when ldap is not defined, bug #630
* FIX: SIGHUP can cause core dump when mdns is enabled, bug #72
* FIX: Solaris: stale pid file puts netatalk into maintenance mode, bug #73
* FIX: dsi_stream_read: len:0, unexpected EOF, bug #633
3.1.9
* FIX: afpd: fix "admin group" option
* NEW: afpd: new options "force user" and "force group"
* FIX: listening on IPv6 wildcard address may fail if IPv6 is
disabled, bug #606
* NEW: LibreSSL support, FR #98
* FIX: cannot build when acl is not defined, bug #574
* UPD: configure option "--with-init-style=" for Gentoo.
"gentoo" is renamed to "gentoo-openrc".
"gentoo-openrc" is same as "openrc".
"gentoo-systemd" is same as "systemd".
* NEW: configure option "--with-dbus-daemon=PATH" for Spotlight feature
* UPD: use "tracker daemon" command instead of "tracker-control" command
if Gnome Tracker is the recent version.
* NEW: configure options "--enable-rpath" and "--disable-rpath" which
can be used to force setting of RPATH (default on Solaris/NetBSD)
or disable it.
* NEW: configure option "--with-tracker-install-prefix" allows setting
an alternate install prefix for tracker when cross-compiling.
* UPD: asip-status.pl: IPv6 support
* UPD: asip-status.pl: show GSS-UAM SPNEGO blob
* FIX: afpd: don't use network IDs without LDAP, bug #621
* FIX: afpd: reading from file may fail, bug #619
* NEW: AFP clients should not be able to copy or manipulate special
extended attributes set by NFS and SMB servers on Solaris, issue #36
* FIX: ad: ad cp may crash, bug #622
* UPD: Update Unicode support to version 9.0.0
3.1.8
* FIX: CNID/MySQL: Quote UUID table names.
https://sourceforge.net/p/netatalk/bugs/585/
* FIX: Crash in cnid_metad, bug #593
* UPD: Update Unicode support to version 8.0.0
* FIX: larger server side copyfile buffer for improved IO performance,
bug #599
* NEW: afpd: new option "ea = samba". Use Samba vfs_streams_xattr
compatible xattrs which means adding a 0 byte at the end of
xattrs.
* FIX: remove #541 workaround patch. There was this problem with only early
Fedora 20.
* FIX: rpmbuild fails on Fedora x86_64, bug #598
* FIX: Listen on IPv6 wildcard address by default, bug #602
* FIX: FCE protocol version 1 packets, bug #603
* UPD: Update list of BerkeleyDB versions searched at configure time
3.1.7
* UPD: Spotlight: enhance behaviour for long running queries, client
will now show "progress wheel" while waiting for first results.
* FIX: netatalk: fix a crash on Solaris when registering with mDNS
* FIX: netatalk: SIGHUP would kill the process instead of being resent
to the other Netatalk processes, bug #579
* FIX: afpd: Solaris locking problem, bug #559
* FIX: Handling of malformed UTF8 strings, bug #524
* FIX: afpd: umask handling, bug #576
* FIX: Spotlight: Limiting searches to subfolders, bug #581
* FIX: afpd: reloading logging config may result in privilege
escalation in afpd processes
* FIX: afpd: ACL related error messages, now logged with loglevel
debug instead of error
* FIX: cnid_metad: fix tsockfd_create() return value on error
* FIX: CNID/MySQL: volume table name generation, bug #566.
3.1.6
* FIX: Spotlight: fix for long running queries
* UPD: afpd: distribute SIGHUP from parent afpd to children and force
reload shares
* FIX: netatalk: refresh Zeroconf registration when receiving SIGHUP
* NEW: configure option "--with-init-style=debian-systemd" for Debian 8 jessie
and later.
"--with-init-style=debian" is renamed "--with-init-style=debian-sysv".
3.1.5
* FIX: Spotlight: several important fixes
3.1.4
* FIX: afpd: Hangs in Netatalk which causes it to stop responding to
connections, bug #572.
* NEW: afpd: new option "force xattr with sticky bit = yes|no"
(default: no), FR #94
* UPD: afpd: FCE version 2 with new event types and new config options
"fce ignore names" and "fce notify script"
* UPD: afpd: check for modified included config file, FR #95.
* UPD: libatalk: logger: remove flood protection and allocate messages
* UPD: Spotlight: use async Tracker SPARQL API
* NEW: afpd: new option "case sensitive = yes|no" (default: yes)
In spite of being case sensitive as a matter of fact, netatalk
3.1.3 and earlier did not notify kCaseSensitive flag to the client.
Now, it is notified correctly by default, FR #62.
3.1.3
* UPD: Spotlight: more SPARQL query optimisations
* UPD: Spotlight: new options "sparql results limit", "spotlight
attributes" and "spotlight expr"
* FIX: afpd: Unarchiving certain ZIP archives fails, bug #569
* UPD: Update Unicode support to version 7.0.0
* FIX: Memory overflow caused by 'basedir regex', bug #567
* NEW: afpd: delete empty resource forks, from FR #92
* FIX: afpd: fix a crash when accessing ._ AppleDouble files created
by OS X via SMB, bug #564
* FIX: afpd and dbd: Converting from AppleDouble v2 to ea may corrupt
the resource fork. In some circumstances an offset calculation
is wrong resulting in corrupt resource forks after the
conversion. Bug #568.
* FIX: ad: fix for bug #563 broke ad file utilities, bug #570.
* NEW: afpd: new advanced option controlling permissions and ACLs,
from FR #93
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 05971bd7d0d9a6195824c54afe970f2791125971
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 9 12:37:33 2024 +0200
libgcrypt: Update to version 1.11.0
- Update from version 1.10.3 to 1.11.0
- Update of rootfile
- Update of libgcrypt requires an update of netatalk as old version will not build with
libgcrypt-1.11.0
- Changelog
1.11.0
* New and extended interfaces:
- Add an API for Key Encapsulation Mechanism (KEM). [T6755]
- Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
- Add Kyber algorithm according to FIPS 203 ipd 2023-08-24.
[rC18e5c0d268]
- Add Classic McEliece algorithm. [rC003367b912]
- Add One-Step KDF with hash and MAC. [T5964]
- Add KDF algorithm HKDF of RFC-5869. [T5964]
- Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
- Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
- Add ARIA block cipher algorithm. [rC316c6d7715]
- Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
- Add support for SHAKE as MGF in RSA. [T6557]
- Add gcry_md_read support for SHAKE algorithms. [T6539]
- Add gcry_md_hash_buffers_ext function. [T7035]
- Add cSHAKE hash algorithm. [rC065b3f4e02]
- Support internal generation of IV for AEAD cipher mode. [T4873]
* Performance:
- Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
- Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
- Add SM4 GFNI/AVX2 and GFI/AVX512 implementation.
[rC5095d60af4,rCeaed633c16]
- Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
- Add PowerPC vector implementation of SM4. [rC0b2da804ee]
- Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
- Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
- Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
and Camellia. [rCcf956793af]
- Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
- Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]
- Add AVX512 implementation for SHA512. [rC089223aa3b]
- Add AVX512 implementation for Serpent. [rCce95b6ec35]
- Add AVX512 implementation for Poly1305 and ChaCha20
[rCcd3ed49770, rC9a63cfd617]
- Add AVX512 accelerated implementation for SHA3 and Blake2
[rCbeaad75f46,rC909daa700e]
- Add VAES/AVX2 accelerated i386 implementation for AES.
[rC4a42a042bc]
- Add bulk processing for XTS mode of Camellia and SM4.
[rC32b18cdb87, rCaad3381e93]
- Accelerate XTS and ECB modes for Twofish and Serpent.
[rCd078a928f5,rC8a1fe5f78f]
- Add AArch64 crypto/SHA512 extension implementation for
SHA512. [rCe51d3b8330]
- Add AArch64 crypto-extension implementation for Camellia.
[rC898c857206]
- Accelerate OCB authentication on AMD with AVX2. [rC6b47e85d65]
* Bug fixes:
- For PowerPC check for missing optimization level for vector
register usage. [T5785]
- Fix EdDSA secret key check. [T6511]
- Fix decoding of PKCS#1-v1.5 and OAEP padding. [rC34c2042792]
- Allow use of PKCS#1-v1.5 with SHA3 algorithms. [T6976]
- Fix AESWRAP padding length check. [T7130]
* Other:
- Allow empty password for Argon2 KDF. [rCa20700c55f]
- Various constant time operation imporvements.
- Add "bp256", "bp384", "bp512" aliases for Brainpool curves.
- Support for the random server has been removed. [T5811]
- The control code GCRYCTL_ENABLE_M_GUARD is deprecated and not
supported any more. Please use valgrind or other tools. [T5822]
- Logging is now done via the libgpg-error logging functions.
[rCab0bdc72c7]
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit efd4db4bb016bd282e1f9442f908a1c61139bca5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 9 10:40:43 2024 +0000
core188: Ship libjpeg
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 31f0c0b2896d6c2c49cf22f9444df03ee26424dc
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 9 12:05:38 2024 +0200
libjpeg: Update to version 3.0.3
- Update from version 2.1.4 to 3.0.3
- Update of rootfile
- CVE fix in 3.0.0
- Changelog
3.0.3
1. Fixed an issue in the build system, introduced in 3.0.2, that caused all
libjpeg-turbo components to depend on the Visual C++ run-time DLL when built
with Visual C++ and CMake 3.15 or later, regardless of value of the
`WITH_CRT_DLL` CMake variable.
2. The x86-64 SIMD extensions now include support for Intel Control-flow
Enforcement Technology (CET), which is enabled automatically if CET is enabled
in the C compiler.
3. Fixed a regression introduced by 3.0 beta2[6] that made it impossible for
calling applications to supply custom Huffman tables when generating
12-bit-per-component lossy JPEG images using the libjpeg API.
4. Fixed a segfault that occurred when attempting to use the jpegtran `-drop`
option with a specially-crafted malformed input image or drop image
(specifically an image in which all of the scans contain fewer components than
the number of components specified in the Start Of Frame segment.)
3.0.2
1. Fixed a signed integer overflow in the `tj3CompressFromYUV8()`,
`tj3DecodeYUV8()`, `tj3DecompressToYUV8()`, and `tj3EncodeYUV8()` functions,
detected by the Clang and GCC undefined behavior sanitizers, that could be
triggered by setting the `align` parameter to an unreasonably large value.
This issue did not pose a security threat, but removing the warning made it
easier to detect actual security issues, should they arise in the future.
2. Introduced a new parameter (`TJPARAM_MAXMEMORY` in the TurboJPEG C API and
`TJ.PARAM_MAXMEMORY` in the TurboJPEG Java API) and a corresponding TJBench
option (`-maxmemory`) for specifying the maximum amount of memory (in
megabytes) that will be allocated for intermediate buffers, which are used with
progressive JPEG compression and decompression, optimized baseline entropy
coding, lossless JPEG compression, and lossless transformation. The new
parameter and option serve the same purpose as the `max_memory_to_use` field in
the `jpeg_memory_mgr` struct in the libjpeg API, the `JPEGMEM` environment
variable, and the cjpeg/djpeg/jpegtran `-maxmemory` option.
3. Introduced a new parameter (`TJPARAM_MAXPIXELS` in the TurboJPEG C API and
`TJ.PARAM_MAXPIXELS` in the TurboJPEG Java API) and a corresponding TJBench
option (`-maxpixels`) for specifying the maximum number of pixels that the
decompression, lossless transformation, and packed-pixel image loading
functions/methods will process.
4. Fixed an error ("Unsupported color conversion request") that occurred when
attempting to decompress a 3-component lossless JPEG image without an Adobe
APP14 marker. The decompressor now assumes that a 3-component lossless JPEG
image without an Adobe APP14 marker uses the RGB colorspace if its component
IDs are 1, 2, and 3.
3.0.1
1. The x86-64 SIMD functions now use a standard stack frame, prologue, and
epilogue so that debuggers and profilers can reliably capture backtraces from
within the functions.
2. Fixed two minor issues in the interblock smoothing algorithm that caused
mathematical (but not necessarily perceptible) edge block errors when
decompressing progressive JPEG images exactly two MCU blocks in width or that
use vertical chrominance subsampling.
3. Fixed a regression introduced by 3.0 beta2[6] that, in rare cases, caused
the C Huffman encoder (which is not used by default on x86 and Arm CPUs) to
generate incorrect results if the Neon SIMD extensions were explicitly disabled
at build time (by setting the `WITH_SIMD` CMake variable to `0`) in an AArch64
build of libjpeg-turbo.
3.0.0
1. The TurboJPEG API now supports 4:4:1 (transposed 4:1:1) chrominance
subsampling, which allows losslessly transposed or rotated 4:1:1 JPEG images to
be losslessly cropped, partially decompressed, or decompressed to planar YUV
images.
2. Fixed various segfaults and buffer overruns (CVE-2023-2804) that occurred
when attempting to decompress various specially-crafted malformed
12-bit-per-component and 16-bit-per-component lossless JPEG images using color
quantization or merged chroma upsampling/color conversion. The underlying
cause of these issues was that the color quantization and merged chroma
upsampling/color conversion algorithms were not designed with lossless
decompression in mind. Since libjpeg-turbo explicitly does not support color
conversion when compressing or decompressing lossless JPEG images, merged
chroma upsampling/color conversion never should have been enabled for such
images. Color quantization is a legacy feature that serves little or no
purpose with lossless JPEG images, so it is also now disabled when
decompressing such images. (As a result, djpeg can no longer decompress a
lossless JPEG image into a GIF image.)
3. Fixed an oversight in 1.4 beta1[8] that caused various segfaults and buffer
overruns when attempting to decompress various specially-crafted malformed
12-bit-per-component JPEG images using djpeg with both color quantization and
RGB565 color conversion enabled.
4. Fixed an issue whereby `jpeg_crop_scanline()` sometimes miscalculated the
downsampled width for components with 4x2 or 2x4 subsampling factors if
decompression scaling was enabled. This caused the components to be upsampled
incompletely, which caused the color converter to read from uninitialized
memory. With 12-bit data precision, this caused a buffer overrun or underrun
and subsequent segfault if the sample value read from uninitialized memory was
outside of the valid sample range.
5. Fixed a long-standing issue whereby the `tj3Transform()` function, when used
with the `TJXOP_TRANSPOSE`, `TJXOP_TRANSVERSE`, `TJXOP_ROT90`, or
`TJXOP_ROT270` transform operation and without automatic JPEG destination
buffer (re)allocation or lossless cropping, computed the worst-case transformed
JPEG image size based on the source image dimensions rather than the
transformed image dimensions. If a calling program allocated the JPEG
destination buffer based on the transformed image dimensions, as the API
documentation instructs, and attempted to transform a specially-crafted 4:2:2,
4:4:0, 4:1:1, or 4:4:1 JPEG source image containing a large amount of metadata,
the issue caused `tj3Transform()` to overflow the JPEG destination buffer
rather than fail gracefully. The issue could be worked around by setting
`TJXOPT_COPYNONE`. Note that, irrespective of this issue, `tj3Transform()`
cannot reliably transform JPEG source images that contain a large amount of
metadata unless automatic JPEG destination buffer (re)allocation is used or
`TJXOPT_COPYNONE` is set.
6. Fixed a regression introduced by 3.0 beta2[6] that prevented the djpeg
`-map` option from working when decompressing 12-bit-per-component lossy JPEG
images.
7. Fixed an issue that caused the C Huffman encoder (which is not used by
default on x86 and Arm CPUs) to read from uninitialized memory when attempting
to transform a specially-crafted malformed arithmetic-coded JPEG source image
into a baseline Huffman-coded JPEG destination image.
2.1.91
1. Significantly sped up the computation of optimal Huffman tables. This
speeds up the compression of tiny images by as much as 2x and provides a
noticeable speedup for images as large as 256x256 when using optimal Huffman
tables.
2. All deprecated fields, constructors, and methods in the TurboJPEG Java API
have been removed.
3. Arithmetic entropy coding is now supported with 12-bit-per-component JPEG
images.
4. Overhauled the TurboJPEG API to address long-standing limitations and to
make the API more extensible and intuitive:
- All C function names are now prefixed with `tj3`, and all version
suffixes have been removed from the function names. Future API overhauls will
increment the prefix to `tj4`, etc., thus retaining backward API/ABI
compatibility without versioning each individual function.
- Stateless boolean flags have been replaced with stateful integer API
parameters, the values of which persist between function calls. New
functions/methods (`tj3Set()`/`TJCompressor.set()`/`TJDecompressor.set()` and
`tj3Get()`/`TJCompressor.get()`/`TJDecompressor.get()`) can be used to set and
query the value of a particular API parameter.
- The JPEG quality and subsampling are now implemented using API
parameters rather than stateless function arguments (C) or dedicated set/get
methods (Java.)
- `tj3DecompressHeader()` now stores all relevant information about the
JPEG image, including the width, height, subsampling type, entropy coding
algorithm, etc., in API parameters rather than returning that information
through pointer arguments.
- `TJFLAG_LIMITSCANS`/`TJ.FLAG_LIMITSCANS` has been reimplemented as an
API parameter (`TJPARAM_SCANLIMIT`/`TJ.PARAM_SCANLIMIT`) that allows the number
of scans to be specified.
- Optimized baseline entropy coding (the computation of optimal Huffman
tables, as opposed to using the default Huffman tables) can now be specified,
using a new API parameter (`TJPARAM_OPTIMIZE`/`TJ.PARAM_OPTIMIZE`), a new
transform option (`TJXOPT_OPTIMIZE`/`TJTransform.OPT_OPTIMIZE`), and a new
TJBench option (`-optimize`.)
- Arithmetic entropy coding can now be specified or queried, using a new
API parameter (`TJPARAM_ARITHMETIC`/`TJ.PARAM_ARITHMETIC`), a new transform
option (`TJXOPT_ARITHMETIC`/`TJTransform.OPT_ARITHMETIC`), and a new TJBench
option (`-arithmetic`.)
- The restart marker interval can now be specified, using new API
parameters (`TJPARAM_RESTARTROWS`/`TJ.PARAM_RESTARTROWS` and
`TJPARAM_RESTARTBLOCKS`/`TJ.PARAM_RESTARTBLOCKS`) and a new TJBench option
(`-restart`.)
- Pixel density can now be specified or queried, using new API parameters
(`TJPARAM_XDENSITY`/`TJ.PARAM_XDENSITY`,
`TJPARAM_YDENSITY`/`TJ.PARAM_YDENSITY`, and
`TJPARAM_DENSITYUNITS`/`TJ.PARAM_DENSITYUNITS`.)
- The accurate DCT/IDCT algorithms are now the default for both
compression and decompression, since the "fast" algorithms are considered to be
a legacy feature. (The "fast" algorithms do not pass the ISO compliance tests,
and those algorithms are not any faster than the accurate algorithms on modern
x86 CPUs.)
- All C initialization functions have been combined into a single function
(`tj3Init()`) that accepts an integer argument specifying the subsystems to
initialize.
- All C functions now use the `const` keyword for pointer arguments that
point to unmodified buffers (and for both dimensions of pointer arguments that
point to sets of unmodified buffers.)
- All C functions now use `size_t` rather than `unsigned long` to
represent buffer sizes, for compatibility with `malloc()` and to avoid
disparities in the size of `unsigned long` between LP64 (Un*x) and LLP64
(Windows) operating systems.
- All C buffer size functions now return 0 if an error occurs, rather than
trying to awkwardly return -1 in an unsigned data type (which could easily be
misinterpreted as a very large value.)
- Decompression scaling is now enabled explicitly, using a new
function/method (`tj3SetScalingFactor()`/`TJDecompressor.setScalingFactor()`),
rather than implicitly using awkward "desired width"/"desired height"
arguments.
- Partial image decompression has been implemented, using a new
function/method (`tj3SetCroppingRegion()`/`TJDecompressor.setCroppingRegion()`)
and a new TJBench option (`-crop`.)
- The JPEG colorspace can now be specified explicitly when compressing,
using a new API parameter (`TJPARAM_COLORSPACE`/`TJ.PARAM_COLORSPACE`.) This
allows JPEG images with the RGB and CMYK colorspaces to be created.
- TJBench no longer generates error/difference images, since identical
functionality is already available in ImageMagick.
- JPEG images with unknown subsampling configurations can now be
fully decompressed into packed-pixel images or losslessly transformed (with the
exception of lossless cropping.) They cannot currently be partially
decompressed or decompressed into planar YUV images.
- `tj3Destroy()` now silently accepts a NULL handle.
- `tj3Alloc()` and `tj3Free()` now return/accept void pointers, as
`malloc()` and `free()` do.
- The C image I/O functions now accept a TurboJPEG instance handle, which
is used to transmit/receive API parameter values and to receive error
information.
5. Added support for 8-bit-per-component, 12-bit-per-component, and
16-bit-per-component lossless JPEG images. A new libjpeg API function
(`jpeg_enable_lossless()`), TurboJPEG API parameters
(`TJPARAM_LOSSLESS`/`TJ.PARAM_LOSSLESS`,
`TJPARAM_LOSSLESSPSV`/`TJ.PARAM_LOSSLESSPSV`, and
`TJPARAM_LOSSLESSPT`/`TJ.PARAM_LOSSLESSPT`), and a cjpeg/TJBench option
(`-lossless`) can be used to create a lossless JPEG image. (Decompression of
lossless JPEG images is handled automatically.) Refer to
[libjpeg.txt](libjpeg.txt), [usage.txt](usage.txt), and the TurboJPEG API
documentation for more details.
6. Added support for 12-bit-per-component (lossy and lossless) and
16-bit-per-component (lossless) JPEG images to the libjpeg and TurboJPEG APIs:
- The existing `data_precision` field in `jpeg_compress_struct` and
`jpeg_decompress_struct` has been repurposed to enable the creation of
12-bit-per-component and 16-bit-per-component JPEG images or to detect whether
a 12-bit-per-component or 16-bit-per-component JPEG image is being
decompressed.
- New 12-bit-per-component and 16-bit-per-component versions of
`jpeg_write_scanlines()` and `jpeg_read_scanlines()`, as well as new
12-bit-per-component versions of `jpeg_write_raw_data()`,
`jpeg_skip_scanlines()`, `jpeg_crop_scanline()`, and `jpeg_read_raw_data()`,
provide interfaces for compressing from/decompressing to 12-bit-per-component
and 16-bit-per-component packed-pixel and planar YUV image buffers.
- New 12-bit-per-component and 16-bit-per-component compression,
decompression, and image I/O functions/methods have been added to the TurboJPEG
API, and a new API parameter (`TJPARAM_PRECISION`/`TJ.PARAM_PRECISION`) can be
used to query the data precision of a JPEG image. (YUV functions are currently
limited to 8-bit data precision but can be expanded to accommodate 12-bit data
precision in the future, if such is deemed beneficial.)
- A new cjpeg and TJBench command-line argument (`-precision`) can be used
to create a 12-bit-per-component or 16-bit-per-component JPEG image.
(Decompression and transformation of 12-bit-per-component and
16-bit-per-component JPEG images is handled automatically.)
2.1.5.1
1. The SIMD dispatchers in libjpeg-turbo 2.1.4 and prior stored the list of
supported SIMD instruction sets in a global variable, which caused an innocuous
race condition whereby the variable could have been initialized multiple times
if `jpeg_start_*compress()` was called simultaneously in multiple threads.
libjpeg-turbo 2.1.5 included an undocumented attempt to fix this race condition
by making the SIMD support variable thread-local. However, that caused another
issue whereby, if `jpeg_start_*compress()` was called in one thread and
`jpeg_read_*()` or `jpeg_write_*()` was called in a second thread, the SIMD
support variable was never initialized in the second thread. On x86 systems,
this led the second thread to incorrectly assume that AVX2 instructions were
always available, and when it attempted to use those instructions on older x86
CPUs that do not support them, an illegal instruction error occurred. The SIMD
dispatchers now ensure that the SIMD support variable is initialized before
dispatching based on its value.
2.1.5
1. Fixed issues in the build system whereby, when using the Ninja Multi-Config
CMake generator, a static build of libjpeg-turbo (a build in which
`ENABLE_SHARED` is `0`) could not be installed, a Windows installer could not
be built, and the Java regression tests failed.
2. Fixed a regression introduced by 2.0 beta1[15] that caused a buffer overrun
in the progressive Huffman encoder when attempting to transform a
specially-crafted malformed 12-bit-per-component JPEG image into a progressive
12-bit-per-component JPEG image using a 12-bit-per-component build of
libjpeg-turbo (`-DWITH_12BIT=1`.) Given that the buffer overrun was fully
contained within the progressive Huffman encoder structure and did not cause a
segfault or other user-visible errant behavior, given that the lossless
transformer (unlike the decompressor) is not generally exposed to arbitrary
data exploits, and given that 12-bit-per-component builds of libjpeg-turbo are
uncommon, this issue did not likely pose a security risk.
3. Fixed an issue whereby, when using a 12-bit-per-component build of
libjpeg-turbo (`-DWITH_12BIT=1`), passing samples with values greater than 4095
or less than 0 to `jpeg_write_scanlines()` caused a buffer overrun or underrun
in the RGB-to-YCbCr color converter.
4. Fixed a floating point exception that occurred when attempting to use the
jpegtran `-drop` and `-trim` options to losslessly transform a
specially-crafted malformed JPEG image.
5. Fixed an issue in `tjBufSizeYUV2()` whereby it returned a bogus result,
rather than throwing an error, if the `align` parameter was not a power of 2.
Fixed a similar issue in `tjCompressFromYUV()` whereby it generated a corrupt
JPEG image in certain cases, rather than throwing an error, if the `align`
parameter was not a power of 2.
6. Fixed an issue whereby `tjDecompressToYUV2()`, which is a wrapper for
`tjDecompressToYUVPlanes()`, used the desired YUV image dimensions rather than
the actual scaled image dimensions when computing the plane pointers and
strides to pass to `tjDecompressToYUVPlanes()`. This caused a buffer overrun
and subsequent segfault if the desired image dimensions exceeded the scaled
image dimensions.
7. Fixed an issue whereby, when decompressing a 12-bit-per-component JPEG image
(`-DWITH_12BIT=1`) using an alpha-enabled output color space such as
`JCS_EXT_RGBA`, the alpha channel was set to 255 rather than 4095.
8. Fixed an issue whereby the Java version of TJBench did not accept a range of
quality values.
9. Fixed an issue whereby, when `-progressive` was passed to TJBench, the JPEG
input image was not transformed into a progressive JPEG image prior to
decompression.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f389d702dc647df2b72c440fb5cb0bce2ac640ac
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 9 10:40:16 2024 +0000
core188: Ship libinih
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 42d514370a4ebf063f8153e36dcc045f645d075e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 9 12:05:37 2024 +0200
libinih: Update to version 58
- Update from version 56 to 58
- Update of rootfile not required
- Changelog
58
[oss-fuzz] fuzzing support by @0x34d in #153
[Fuzzing] fix harness by @0x34d in #156
[Fuzzing] using cifuzz for PR by @0x34d in #154
Specify C++11 std in meson build by @DownerCase in #157
Add ini_ prefix even to static names so inih can be used as an #include by
@benhoyt in #164
57
MSVC throws C4244 by @AbsintheScripting in #142
Added a GetUnsigned function for getting unsigned values. by @jcormier in #147
meson.build: fix start-of-line_comment_prefix variable name by @ihilt in #149
Added GetInteger64 and GetUnsigned64 to read 64-bit integers by @natcat256
in #151
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c80163aad261230f981a99da753cdcc3f70be454
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 9 10:39:52 2024 +0000
core188: Ship libcap-ng
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 157b603528ae0f02a34f396cd49371ac35e3b2a2
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 9 12:05:35 2024 +0200
libcap-ng: Update to version 0.8.5
- Update from version 0.8.3 to 0.8.5
- Update of rootfile not required
- Changelog
0.8.5
- Remove python global exception handler since it's deprecated
- Make the utilities link against just built libraries
- Remove unused macro in cap-ng.h
0.8.4
- In capng_change_id, clear PR_SET_KEEPCAPS if returning an error
- pscap: add -p option for reporting a specified process (Masatake Yamato)
- Annotate function prototypes to warn if results are unused
- Drop python2 support
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b2d848bd819ce551ff3b58d27507c18a1e1aa491
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 9 10:39:26 2024 +0000
core188: Ship libgpg-error
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0a942376687049e6bcce8c1e5f18c5c505d0810b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Aug 9 12:05:36 2024 +0200
libgpg-error: Update to version 1.50
- Update from version 1.48 to 1.50
- Update of rootfile
- Changelog
1.50
* New set of process spawn functions. [T6249]
* Fixed return type for gpgrt_b64dec_proc and gpgrt_b64dec_finish to
gpg_err_code_t. This enum return type is in almost all cases
compatible to the formerly used gpg_error_t (i.e. unsigned int).
* Interface changes relative to the 1.49 release:
gpgrt_process_t CHANGED (never used).
gpgrt_spawn_actions_t NEW type.
gpgrt_process_requests NEW enum.
gpgrt_process_spawn NEW.
gpgrt_process_terminate NEW.
gpgrt_process_get_streams NEW.
gpgrt_process_ctl NEW.
gpgrt_process_wait NEW.
gpgrt_process_release NEW.
gpgrt_spawn_actions_new NEW.
gpgrt_spawn_actions_release NEW.
gpgrt_spawn_actions_set_redirect NEW.
gpgrt_spawn_actions_set_environ NEW (posix only).
gpgrt_spawn_actions_set_inherit_fds NEW (posix only).
gpgrt_spawn_actions_set_atfork NEW (posix only).
gpgrt_spawn_actions_set_envvars NEW (w32 only).
gpgrt_spawn_actions_set_inherit_handles NEW (w32 only).
GPGRT_PROCESS_DETACHED NEW.
GPGRT_PROCESS_NO_CONSOLE NEW.
GPGRT_PROCESS_NO_EUID_CHECK NEW.
GPGRT_PROCESS_STDIN_PIPE NEW.
GPGRT_PROCESS_STDOUT_PIPE NEW.
GPGRT_PROCESS_STDERR_PIPE NEW.
GPGRT_PROCESS_STDINOUT_SOCKETPAIR NEW.
GPGRT_PROCESS_STDIN_KEEP NEW.
GPGRT_PROCESS_STDOUT_KEEP NEW.
GPGRT_PROCESS_STDERR_KEEP NEW.
GPGRT_PROCESS_STDFDS_SETTING NEW.
GPGRT_SPAWN_INHERIT_FILE REMOVED (never used).
GPGRT_SPAWN_NONBLOCK REMOVED (never used).
GPGRT_SPAWN_RUN_ASFW REMOVED (never used).
GPGRT_SPAWN_DETACHED REMOVED (never used).
GPGRT_SPAWN_KEEP_STDIN REMOVED (never used).
GPGRT_SPAWN_KEEP_STDOUT REMOVED (never used).
GPGRT_SPAWN_KEEP_STDERR REMOVED (never used).
1.49
* Two new functions to improve the logging interface. The
gpgrt_logv_domain is currently the same as gpgrt_logv_prefix but
allows to pass a domain string so that in future we will be able to
select log output by domain. It also provide a non yet functional
feature to include a hex dump.
* Add a "trunc" keyword to gpgrt_log_printhex. [rE0a39fbefcb]
* Avoid an endless loop in the argparser due to a conf file read
error. [rE2dc93cfecc]
* Interface changes relative to the 1.48 release:
gpgrt_add_post_log_func NEW.
gpgrt_logv_domain NEW.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1e639a1dfa86011656001c9612d11d7bdcfca1cb
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 8 21:32:17 2024 +0200
libassuan: Update to version 3.0.1
- Update from version 2.5.5 to 3.0.1
- Update of rootfile
- Changelog
3.0.1
* Change Unix symbol versioning to help the Debian transitioning
process.
3.0.0
* API change: For new code, which uses libassuan with nPTH, please
use gpgrt_get_syscall_clamp and assuan_control, instead of the
system_hooks API. Use of ASSUAN_SYSTEM_NPTH is deprecated with new
API version 3. If it's really needed to keep using old
implementation of ASSUAN_SYSTEM_NPTH, you need to change your your
application code, to define
ASSUAN_REALLY_REQUIRE_V2_NPTH_SYSTEM_HOOKS before including
<assuan.h>. For an application which uses version 2 API
(NEED_LIBASSUAN_API=2 in its configure.ac), use of
ASSUAN_SYSTEM_NPTH is still supported. [T5914]
* New function assuan_control. [T6625]
* New function assuan_sock_accept. [T5925]
* New functions assuan_pipe_wait_server_termination and
assuan_pipe_kill_server to support abstraction of process. [T6487]
* Windows support for sendfd/recvfd. [T6236]
* Implement timeout in assuan_sock_connect_byname. [T3302]
* No support for WindowsCE, any more. [T6170]
* New socket flags "linger" and "reuseaddr". [rA87f92fe962]
* Interface changes relative to the 2.5.0 release:
assuan_sock_accept NEW.
assuan_pipe_wait_server_termination NEW.
assuan_pipe_kill_server NEW.
assuan_sock_set_flag EXTENDED.
assuan_sock_get_flag EXTENDED.
2.5.7
New configure option --with-libtool-modification. [T6619]
Change the naming of the 64 bit Windows DLL from libassuan6-0.dll to
libassuan-0.dll to sync this with what we did for libgpg-error.
2.5.6
* Fix logging of confidential data. [rA0fc31770fa]
* Fix memory wiping. [T5977]
* Fix macOS build problem. [T5440,T5610]
* Upgrade autoconf stuff.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7e6ba7113752e724ce5dc92e432af9b05eb0aef0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 9 10:38:28 2024 +0000
core188: Ship libarchive
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f6e2ccf3ab33e8680705f82aed54218ca6675b71
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 8 21:32:16 2024 +0200
libarchive: Update to version 3.7.4
- Update from version 3.7.0 to 3.7.4
- Update of rootfile
- CVE fix in 3.7.4
- Changelog
3.7.4
Security fixes:
rar: Fix OOB in rar e8 filter (#2135) (CVE-2024-26256)
zip: Fix out of boundary access (#2145)
Important bugfixes:
7zip: Limit amount of properties (#2131)
bsdtar: Fix error handling around strtol() usages (#2110)
passphrase: Improve newline handling on Windows (#2115)
passphrase: Never allow empty passwords (#2116)
rar: Fix "File CRC Error" when extracting specific rar4 archives (#2124)
xar: Avoid infinite link loop (#2123)
zip: Update AppleDouble support for directories (#2108)
zstd: Implement core detection (#2083, #2071)
3.7.3
New features:
PCRE2 support (#2031)
add trailing letter b to bsdtar(1) substitute pattern (#2012)
add support for long options "--group" and "--owner" to tar(1) (#2054)
Security fixes:
Fix possible vulnerability in tar error reporting introduced in f27c173 (#2101)
Important bugfixes:
ISO9660: preserve the natural order of links (#1974)
rar5: fix decoding unicode filenames on Windows (#1978)
rar5: fix infinite loop if during rar5 decompression the last block produced
no data (#2105)
xz filter: fix incorrect eof at the end of an lzip member (#2027)
zip: fix end-of-data marker processing when decompressing zip archives (#2042)
multiple bsdunzip(1) fixes (#2022, #2030)
filetime truncation fix on Windows (#2050)
3.7.2
Security fixes:
Multiple vulnerabilities have been fixed in the PAX writer (1b4e0d0)
Important bugfixes:
bsdunzip(1) now correctly handles arguments following an -x after the zipfile
New features:
bsdunzip(1) now supports the "--version" flag
7-zip reader now translates Windows permissions into UNIX permissions (#1943)
uudecode filter in raw mode now supports file name and file mode
zstd filter now supports the "long" write option (#1962)
3.7.1
Security fixes:
SEGV and stack buffer overflow in verbose mode of cpio (#1934, #1935)
Feature updates:
bsdunzip updated to match latest upstream code (#1926)
Important bugfixes:
miscellaneous functional bugfixes (#1731, #1929, #1930)
build fixes on multiple platforms (Android #1921, older MacOS X #1919, #1933
and others)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/libarchive | 2 +-
config/rootfiles/common/libgcrypt | 3 +--
config/rootfiles/common/libgpg-error | 2 +-
config/rootfiles/common/libjpeg | 6 ++---
.../{oldcore/104 => core/188}/filelists/libarchive | 0
.../{oldcore/131 => core/188}/filelists/libcap-ng | 0
.../{oldcore/105 => core/188}/filelists/libgcrypt | 0
.../106 => core/188}/filelists/libgpg-error | 0
.../{oldcore/168 => core/188}/filelists/libinih | 0
.../{oldcore/107 => core/188}/filelists/libjpeg | 0
config/rootfiles/packages/libassuan | 7 +++---
config/rootfiles/packages/netatalk | 28 ++++------------------
lfs/libarchive | 10 ++++----
lfs/libassuan | 11 +++++----
lfs/libcap-ng | 6 ++---
lfs/libgcrypt | 4 ++--
lfs/libgpg-error | 7 +++---
lfs/libinih | 6 ++---
lfs/libjpeg | 6 ++---
lfs/netatalk | 28 ++++++++++++----------
..._prefix_from_sysconfdir_and_localstatedir.patch | 15 ++++++++++++
21 files changed, 70 insertions(+), 71 deletions(-)
copy config/rootfiles/{oldcore/104 => core/188}/filelists/libarchive (100%)
copy config/rootfiles/{oldcore/131 => core/188}/filelists/libcap-ng (100%)
copy config/rootfiles/{oldcore/105 => core/188}/filelists/libgcrypt (100%)
copy config/rootfiles/{oldcore/106 => core/188}/filelists/libgpg-error (100%)
copy config/rootfiles/{oldcore/168 => core/188}/filelists/libinih (100%)
copy config/rootfiles/{oldcore/107 => core/188}/filelists/libjpeg (100%)
create mode 100644 src/patches/netatalk-3.2.5_remove_prefix_from_sysconfdir_and_localstatedir.patch
Difference in files:
diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive
index 81089e9e2..2f38c29a7 100644
--- a/config/rootfiles/common/libarchive
+++ b/config/rootfiles/common/libarchive
@@ -7,7 +7,7 @@
#usr/lib/libarchive.la
#usr/lib/libarchive.so
usr/lib/libarchive.so.13
-usr/lib/libarchive.so.13.7.0
+usr/lib/libarchive.so.13.7.4
#usr/lib/pkgconfig/libarchive.pc
#usr/share/man/man1/bsdcat.1
#usr/share/man/man1/bsdcpio.1
diff --git a/config/rootfiles/common/libgcrypt b/config/rootfiles/common/libgcrypt
index f08cf1db3..d00f191b7 100644
--- a/config/rootfiles/common/libgcrypt
+++ b/config/rootfiles/common/libgcrypt
@@ -1,12 +1,11 @@
#usr/bin/dumpsexp
#usr/bin/hmac256
-#usr/bin/libgcrypt-config
#usr/bin/mpicalc
#usr/include/gcrypt.h
#usr/lib/libgcrypt.la
#usr/lib/libgcrypt.so
usr/lib/libgcrypt.so.20
-usr/lib/libgcrypt.so.20.4.3
+usr/lib/libgcrypt.so.20.5.0
#usr/lib/pkgconfig/libgcrypt.pc
#usr/share/aclocal/libgcrypt.m4
#usr/share/info/gcrypt.info
diff --git a/config/rootfiles/common/libgpg-error b/config/rootfiles/common/libgpg-error
index ce3492a24..b6742cde6 100644
--- a/config/rootfiles/common/libgpg-error
+++ b/config/rootfiles/common/libgpg-error
@@ -6,7 +6,7 @@ usr/bin/gpg-error
#usr/lib/libgpg-error.la
#usr/lib/libgpg-error.so
usr/lib/libgpg-error.so.0
-usr/lib/libgpg-error.so.0.35.0
+usr/lib/libgpg-error.so.0.37.0
#usr/lib/pkgconfig/gpg-error.pc
#usr/share/aclocal/gpg-error.m4
#usr/share/aclocal/gpgrt.m4
diff --git a/config/rootfiles/common/libjpeg b/config/rootfiles/common/libjpeg
index 74c101854..740df676a 100644
--- a/config/rootfiles/common/libjpeg
+++ b/config/rootfiles/common/libjpeg
@@ -16,17 +16,17 @@
#usr/lib/cmake/libjpeg-turbo/libjpeg-turboTargets.cmake
#usr/lib/libjpeg.so
usr/lib/libjpeg.so.8
-usr/lib/libjpeg.so.8.2.2
+usr/lib/libjpeg.so.8.3.2
#usr/lib/libturbojpeg.so
usr/lib/libturbojpeg.so.0
-usr/lib/libturbojpeg.so.0.2.0
+usr/lib/libturbojpeg.so.0.3.0
#usr/lib/pkgconfig/libjpeg.pc
#usr/lib/pkgconfig/libturbojpeg.pc
#usr/share/doc/libjpeg-turbo
#usr/share/doc/libjpeg-turbo/LICENSE.md
#usr/share/doc/libjpeg-turbo/README.ijg
#usr/share/doc/libjpeg-turbo/README.md
-#usr/share/doc/libjpeg-turbo/example.txt
+#usr/share/doc/libjpeg-turbo/example.c
#usr/share/doc/libjpeg-turbo/libjpeg.txt
#usr/share/doc/libjpeg-turbo/structure.txt
#usr/share/doc/libjpeg-turbo/tjexample.c
diff --git a/config/rootfiles/core/188/filelists/libarchive b/config/rootfiles/core/188/filelists/libarchive
new file mode 120000
index 000000000..551f1f743
--- /dev/null
+++ b/config/rootfiles/core/188/filelists/libarchive
@@ -0,0 +1 @@
+../../../common/libarchive
\ No newline at end of file
diff --git a/config/rootfiles/core/188/filelists/libcap-ng b/config/rootfiles/core/188/filelists/libcap-ng
new file mode 120000
index 000000000..f58b21141
--- /dev/null
+++ b/config/rootfiles/core/188/filelists/libcap-ng
@@ -0,0 +1 @@
+../../../common/libcap-ng
\ No newline at end of file
diff --git a/config/rootfiles/core/188/filelists/libgcrypt b/config/rootfiles/core/188/filelists/libgcrypt
new file mode 120000
index 000000000..2df12a20e
--- /dev/null
+++ b/config/rootfiles/core/188/filelists/libgcrypt
@@ -0,0 +1 @@
+../../../common/libgcrypt
\ No newline at end of file
diff --git a/config/rootfiles/core/188/filelists/libgpg-error b/config/rootfiles/core/188/filelists/libgpg-error
new file mode 120000
index 000000000..cad431339
--- /dev/null
+++ b/config/rootfiles/core/188/filelists/libgpg-error
@@ -0,0 +1 @@
+../../../common/libgpg-error
\ No newline at end of file
diff --git a/config/rootfiles/core/188/filelists/libinih b/config/rootfiles/core/188/filelists/libinih
new file mode 120000
index 000000000..7f703bed7
--- /dev/null
+++ b/config/rootfiles/core/188/filelists/libinih
@@ -0,0 +1 @@
+../../../common/libinih
\ No newline at end of file
diff --git a/config/rootfiles/core/188/filelists/libjpeg b/config/rootfiles/core/188/filelists/libjpeg
new file mode 120000
index 000000000..3b1a782fb
--- /dev/null
+++ b/config/rootfiles/core/188/filelists/libjpeg
@@ -0,0 +1 @@
+../../../common/libjpeg
\ No newline at end of file
diff --git a/config/rootfiles/packages/libassuan b/config/rootfiles/packages/libassuan
index fd57c7dd6..625cd061a 100644
--- a/config/rootfiles/packages/libassuan
+++ b/config/rootfiles/packages/libassuan
@@ -1,9 +1,8 @@
-usr/bin/libassuan-config
#usr/include/assuan.h
#usr/lib/libassuan.la
-usr/lib/libassuan.so
-usr/lib/libassuan.so.0
-usr/lib/libassuan.so.0.8.5
+#usr/lib/libassuan.so
+usr/lib/libassuan.so.9
+usr/lib/libassuan.so.9.0.1
#usr/lib/pkgconfig/libassuan.pc
#usr/share/aclocal/libassuan.m4
#usr/share/info/assuan.info
diff --git a/config/rootfiles/packages/netatalk b/config/rootfiles/packages/netatalk
index 074ae442d..d23b05390 100644
--- a/config/rootfiles/packages/netatalk
+++ b/config/rootfiles/packages/netatalk
@@ -1,4 +1,5 @@
etc/afp.conf
+#etc/dbus-1/system.d/netatalk-dbus.conf
etc/dbus-session.conf
etc/extmap.conf
etc/pam.d/netatalk
@@ -8,8 +9,7 @@ usr/bin/afpldaptest
usr/bin/afppasswd
usr/bin/afpstats
usr/bin/apple_dump
-usr/bin/asip-status.pl
-usr/bin/cnid2_create
+usr/bin/asip-status
usr/bin/dbd
usr/bin/macusers
#usr/bin/netatalk-config
@@ -19,7 +19,6 @@ usr/bin/macusers
#usr/include/atalk/afp.h
#usr/include/atalk/bstrlib.h
#usr/include/atalk/cnid.h
-#usr/include/atalk/compat.h
#usr/include/atalk/dictionary.h
#usr/include/atalk/ea.h
#usr/include/atalk/globals.h
@@ -36,8 +35,6 @@ usr/bin/macusers
#usr/include/atalk/util.h
#usr/include/atalk/vfs.h
#usr/include/atalk/volume.h
-#usr/lib/libatalk.a
-#usr/lib/libatalk.la
#usr/lib/libatalk.so
usr/lib/libatalk.so.18
usr/lib/libatalk.so.18.0.0
@@ -45,45 +42,28 @@ usr/lib/libatalk.so.18.0.0
#usr/lib/netatalk/uams_clrtxt.so
usr/lib/netatalk/uams_dhx.so
usr/lib/netatalk/uams_dhx2.so
-#usr/lib/netatalk/uams_dhx2_pam.a
-#usr/lib/netatalk/uams_dhx2_pam.la
usr/lib/netatalk/uams_dhx2_pam.so
-#usr/lib/netatalk/uams_dhx2_passwd.a
-#usr/lib/netatalk/uams_dhx2_passwd.la
usr/lib/netatalk/uams_dhx2_passwd.so
-#usr/lib/netatalk/uams_dhx_pam.a
-#usr/lib/netatalk/uams_dhx_pam.la
usr/lib/netatalk/uams_dhx_pam.so
-#usr/lib/netatalk/uams_dhx_passwd.a
-#usr/lib/netatalk/uams_dhx_passwd.la
usr/lib/netatalk/uams_dhx_passwd.so
-#usr/lib/netatalk/uams_guest.a
-#usr/lib/netatalk/uams_guest.la
+usr/lib/netatalk/uams_gss.so
usr/lib/netatalk/uams_guest.so
-#usr/lib/netatalk/uams_pam.a
-#usr/lib/netatalk/uams_pam.la
usr/lib/netatalk/uams_pam.so
-#usr/lib/netatalk/uams_passwd.a
-#usr/lib/netatalk/uams_passwd.la
usr/lib/netatalk/uams_passwd.so
-#usr/lib/netatalk/uams_randnum.a
-#usr/lib/netatalk/uams_randnum.la
usr/lib/netatalk/uams_randnum.so
usr/sbin/afpd
usr/sbin/cnid_dbd
usr/sbin/cnid_metad
usr/sbin/netatalk
-#usr/share/aclocal/netatalk.m4
#usr/share/man/man1/ad.1
#usr/share/man/man1/afpldaptest.1
#usr/share/man/man1/afppasswd.1
#usr/share/man/man1/afpstats.1
#usr/share/man/man1/apple_dump.1
-#usr/share/man/man1/asip-status.pl.1
+#usr/share/man/man1/asip-status.1
#usr/share/man/man1/dbd.1
#usr/share/man/man1/macusers.1
#usr/share/man/man1/netatalk-config.1
-#usr/share/man/man1/uniconv.1
#usr/share/man/man5/afp.conf.5
#usr/share/man/man5/afp_signature.conf.5
#usr/share/man/man5/afp_voluuid.conf.5
diff --git a/lfs/libarchive b/lfs/libarchive
index 91041023b..668f2a87e 100644
--- a/lfs/libarchive
+++ b/lfs/libarchive
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 3.7.0
+VER = 3.7.4
THISAPP = libarchive-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 8fb72a0504038c71584c0416c1d747b7f5c82266518704353e7fdf794bd9f9e2dc22b8fa2538fa8d12a3b9776581077040371d25647fe72c02a4ec5f3bb8d950
+$(DL_FILE)_BLAKE2 = 128f72235da61e112201046c0cfe62a8c580cf73b426c4cfe270ae913356f6ad430ba33a663dcd617b082c7baf45ada8d1c9928c45fea16fd57e8020693a60bc
install : $(TARGET)
@@ -74,7 +74,9 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr --disable-static
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --disable-static
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/libassuan b/lfs/libassuan
index 4b59508ab..d796c6055 100644
--- a/lfs/libassuan
+++ b/lfs/libassuan
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2020 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = IPC library used by GnuPG version 2
-VER = 2.5.5
+VER = 3.0.1
THISAPP = libassuan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = libassuan
-PAK_VER = 7
+PAK_VER = 8
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 24952e97c757b97c387ab4c2c4bf7b040f2874e9326c129805c7f5326fa14d80e083b0842e336a635531a2c8d4a66d428c816bae6b175f1c4518add1ffa3554d
+$(DL_FILE)_BLAKE2 = 5d6a7e4e9ce1b196bc7d126786716d95896de6145b8d753e2289bd36cbc96efa216360ac127fadb7be2d577e7fa203c8c8695d4aa11afcca6ed5397dd40209cb
install : $(TARGET)
@@ -82,7 +82,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/libcap-ng b/lfs/libcap-ng
index 1bf9945c4..8bd5ba6fb 100644
--- a/lfs/libcap-ng
+++ b/lfs/libcap-ng
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 0.8.3
+VER = 0.8.5
THISAPP = libcap-ng-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c54dd753e0ef6dd21bcf6af7b003f85ded9faf2fbf1ea834cda6b181b165ff4b11a0284c23c73d0e6f97a810b3e6a63fceeb57ff583a2b32f23924bdee597ef5
+$(DL_FILE)_BLAKE2 = ce0fc4ebceaa66d6f888f8b752e501bed7513d45231425054340016a6215ce52f0cd81b3a4a54c7c9ec0b623965002d66316c6c37844f0bd132b186ff7c6a41f
install : $(TARGET)
diff --git a/lfs/libgcrypt b/lfs/libgcrypt
index dfd7a9a2f..341683bfb 100644
--- a/lfs/libgcrypt
+++ b/lfs/libgcrypt
@@ -24,7 +24,7 @@
include Config
-VER = 1.10.3
+VER = 1.11.0
THISAPP = libgcrypt-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 1a228e02820e886016eb55dee75936c4422a15fb4f95a2f9bcd1e4faac4015d4321c7c8d23f164eb08ece5d62935ab3b3d3104eabfdd22db997ab3e5689dfa6f
+$(DL_FILE)_BLAKE2 = fe3f42480c0b9a0c50c24f4c54197404b4e1056d8baa9c0c07c671c9c05b90777580b4cbcde931b50ecb4dd93f5ddad89cea99aa36a35f86f796a003e3816f7d
install : $(TARGET)
diff --git a/lfs/libgpg-error b/lfs/libgpg-error
index c402d0bf8..e06a34937 100644
--- a/lfs/libgpg-error
+++ b/lfs/libgpg-error
@@ -24,7 +24,7 @@
include Config
-VER = 1.48
+VER = 1.50
THISAPP = libgpg-error-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 4ced63058586558f4d001bcc468f4bd419b8ec29fbd7dbcaa1a21f959d847c9e12c10c548a0038fd4eac0bdfc9907b61e9f6be71c95fc61c964c649e2415dfd7
+$(DL_FILE)_BLAKE2 = 621d9a604585daa1fbd08aaa94f3b177f6265046ccf452317e126e73079c567c555cbb8ab8b63e09b76bdf4f11a1aad7effd118651fe9e9cbcf01229f20ab297
install : $(TARGET)
@@ -70,7 +70,8 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
diff --git a/lfs/libinih b/lfs/libinih
index 6cd9d353a..2df1d7799 100644
--- a/lfs/libinih
+++ b/lfs/libinih
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 56
+VER = 58
THISAPP = inih-r$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 51935959a9eb4e393b17302f0932a232963883680f10d404c63d5f2ebbd3bf0b740f44edfa1b2541d0e130016eb853ebedf68a1c40797f658496e2a8c966af3d
+$(DL_FILE)_BLAKE2 = ba71b21b30c039df026adbd29b422b064934046ced21a37479421e866b73969826dc1fea4e3bc0c5ea427248c774d8f80b83056c54769d454bafa2f336d08024
install : $(TARGET)
diff --git a/lfs/libjpeg b/lfs/libjpeg
index b9c9d3cd8..311ce4bc9 100644
--- a/lfs/libjpeg
+++ b/lfs/libjpeg
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 2.1.4
+VER = 3.0.3
THISAPP = libjpeg-turbo-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 80ffd77d58a37eae0bdc1868d994f34ea52c13e2624c720b1d0b6ec4d6d14b16911163ccd4009c8d6eda214f31e1fff78bb7eb4739ae6589d0fd8c7008c0e972
+$(DL_FILE)_BLAKE2 = 9d141dadd0dce970bf857b51352c57a8e15180438abd7d6d66f9dfd24e23889add8c6c89120b84026e40ab61611516b0567984bd1db37e9c45b41917cf32e9a6
install : $(TARGET)
diff --git a/lfs/netatalk b/lfs/netatalk
index 5875fb1b2..57f6bcaf9 100644
--- a/lfs/netatalk
+++ b/lfs/netatalk
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,15 +26,15 @@ include Config
SUMMARY = AppleShare file server
-VER = 3.1.12
+VER = 3.2.5
THISAPP = netatalk-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+DL_FILE = $(THISAPP).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = netatalk
-PAK_VER = 8
+PAK_VER = 9
DEPS = avahi dbus
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 912bb85045952202becc42899f87ada33427ded987de6c7a6b56c061c1eb6d1a96d95a1700522bfe2119c6db8bbec94eeb4c64c480f59ff7d406542390705efc
+$(DL_FILE)_BLAKE2 = 017c8390f4d6e7f81fcc9ddde459af48a47acd9e3fdf3b230887d36ebf96518a96e3483ac063ee734b20e9bca39c7cc2c9c1720265fb05d49358447bedc2976d
install : $(TARGET)
@@ -82,15 +82,17 @@ $(subst %,%_BLAKE2,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
$(UPDATE_AUTOMAKE)
- cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var/state \
- --without-libevent
- cd $(DIR_APP) && make $(MAKETUNING)
- cd $(DIR_APP) && make install
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/netatalk-3.2.5_remove_prefix_from_sysconfdir_and_localstatedir.patch
+ cd $(DIR_APP) && meson setup \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var/state \
+ -Dwith-pam-config-path=/etc/pam.d \
+ builddir/
+ cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING)
+ cd $(DIR_APP) && ninja -C builddir/ install
# Backup
install -v -m 644 $(DIR_SRC)/config/backup/includes/netatalk \
diff --git a/src/patches/netatalk-3.2.5_remove_prefix_from_sysconfdir_and_localstatedir.patch b/src/patches/netatalk-3.2.5_remove_prefix_from_sysconfdir_and_localstatedir.patch
new file mode 100644
index 000000000..51ce3d648
--- /dev/null
+++ b/src/patches/netatalk-3.2.5_remove_prefix_from_sysconfdir_and_localstatedir.patch
@@ -0,0 +1,15 @@
+--- netatalk-3.2.5/meson.build.orig 2024-08-01 12:16:47.000000000 +0200
++++ netatalk-3.2.5/meson.build 2024-08-08 16:07:31.337732788 +0200
+@@ -39,10 +39,10 @@
+ datadir = prefix / get_option('datadir')
+ includedir = prefix / get_option('includedir')
+ libdir = prefix / get_option('libdir')
+-localstatedir = prefix / get_option('localstatedir')
++localstatedir = get_option('localstatedir')
+ mandir = prefix / get_option('mandir')
+ sbindir = prefix / get_option('sbindir')
+-sysconfdir = prefix / get_option('sysconfdir')
++sysconfdir = get_option('sysconfdir')
+
+ pkgconfdir = get_option('with-pkgconfdir-path')
+ if pkgconfdir == ''
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2024-08-09 10:45 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4WgLDQ6H8dz2xT1@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox