* [git.ipfire.org] IPFire 2.x development tree branch, core192, created. 2112342dd3ccaf6008c742dddd4ca26b17c5651d
@ 2025-02-19 15:23 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-02-19 15:23 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 162436 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core192 has been created
at 2112342dd3ccaf6008c742dddd4ca26b17c5651d (commit)
- Log -----------------------------------------------------------------
commit 2112342dd3ccaf6008c742dddd4ca26b17c5651d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 19 15:13:42 2025 +0000
core192: Ship OpenSSH
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 28e698dd30ec0dc53a92a8e8fbbeffee1ca1479d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Feb 19 14:30:43 2025 +0100
openssh: Update to version 9.9p2
- Update from version 9.9p1 to 9.9p2
- Update of rootfile not required
- Changelog
9.9p2
Security
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2_MSG_PING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.
Bugfixes
* ssh(1), sshd(8): fix regression in Match directive that caused
failures when predicates and their arguments were separated by '='
characters instead of whitespace (bz3739).
* sshd(8): fix the "Match invalid-user" predicate, which was matching
incorrectly in the initial pass of config evaluation.
* ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key
exchange on big-endian systems.
* Fix a number of build problems on particular operating systems /
configurations.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 09dd8d7085448ea01637c9cd14d7a8b63e9036d0
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Feb 12 16:25:45 2025 +0100
openssl: update to 3.4.1
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 77a942d735713f3117f967f9995c0e7ca6d68d14
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Feb 11 10:15:44 2025 +0100
core192: ship libyang
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9ad59410624beaccef5c75bcca4e1d4ddb0be98b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Feb 11 08:49:51 2025 +0100
backup.cgi: allow iso backup only on x86_64
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a19e6bce428394ff596599b943a6bdf13f4e81f4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Feb 10 08:24:17 2025 +0100
samba: bump package
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ffdf4462fc2d9984a5ce9df7f84f504448bdf189
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Feb 8 21:07:39 2025 +0100
initskripts: remove symlinks for removed addons
imspector and motion was removed years ago. removed the leftover
initskript symlinks.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4a991cd92943bb673b003aa475400a62f5a4804a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Feb 8 20:25:33 2025 +0100
core192: remove cups symlinks
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 89c366f3557f2b6e9ab99a93d2f33980cdd566c6
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Feb 8 20:25:15 2025 +0100
kernel: update to 6.12.13
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6fb6199bb71f3fd8ecff4ff688bba3612acd35e7
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Feb 5 17:29:54 2025 +0100
samba: remove perl-JSON from deps
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1000035ea4f1c4ca1518878ce730e2e9f045bc5f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Feb 5 15:32:34 2025 +0100
core192: remove dropped packages
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 041adb61486a06517ece8323668b6ebb199f2825
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Feb 5 06:53:38 2025 +0100
ovmf: add open virtual machine firmware
this is needed for booting kvm machines in uEFI mode.
Currently we unpack the firmware from the debain binary package.
Maybee later we wuill compile self, but currently the needed compilers
are missing in the IPFire build environment.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 43df1bce368a1bd3f176cce06ef227e4444eb44d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Feb 2 15:19:32 2025 +0100
kernel: update to 6.12.12
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit debac0e634bac4f6a0db970067ec85b9071c6f9a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jan 30 17:50:57 2025 +0100
collectd: cleanup iptables-filter-HOSTILE and HOSTILE_DROP
this chains are splittet to seperate IN and OUT chains so this
files are also useless.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8c60e0425a9b2474b8f403888cfaaaa06b2e6c1a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jan 30 13:49:16 2025 +0100
collectd: add processes* to cleanup list
The processes graph was removed some month ago but it was not correct cleaned.
I asume because the updater has cleaned the ramdisk but not the persistant copy.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7909dc2194718f7f929261cd33fba06f145fd856
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jan 30 12:52:51 2025 +0100
collectd: another fix at converting rrd databases
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 23772010b193df17abfd5d250a8a7da165256475
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jan 30 10:25:43 2025 +0100
kernel: update riscv64 rootfile
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ebceac121adffbf8b8690101e4a50e3f4c1566e5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jan 30 10:23:10 2025 +0100
collectd: add more changes to the converter
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7ba01388d488ea2cefe704b31d14acf43648bfb8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jan 30 10:18:01 2025 +0100
collectd: add some devices to the ignore list
disks: cdroms, tape, loop and ram
cooling-devices: 0-7 was already disabled but there are more possible
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2b892c6863960fd35034fb2bee6c1fd69372b587
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Jan 27 19:08:04 2025 +0100
core192: ship system.cgi
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 26997d4f9309d9f4409cfa9624ba7d49c27266f8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Jan 27 14:11:42 2025 +0100
core192: fix another typo
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bad1dc36abed9d2a623e34d4e3add7080f53eb40
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Jan 26 17:33:33 2025 +0100
core192: fix typo and add verbose output to rm for collectd data
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8d0df657b53e9f9930827278bf22a3892e47e456
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Jan 26 11:41:54 2025 +0100
core192: fix some collectd convertion issues
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit cd2e22704336c533c188b8418f2f48c99513a466
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Jan 26 11:22:44 2025 +0100
system.cgi: update cpufreq graph
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4d7c9a860f5e3e98b0289097d15c25a40e52de86
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Jan 26 11:21:47 2025 +0100
graphs.pl: update cpufreq and themalzone graph
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6ca4e2f29feb17401815aac2fb046e4354c1def2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Jan 26 09:39:05 2025 +0100
toolchain: bump version
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e556984600411ec7953efefddff5b60666103be9
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 14:27:31 2025 +0100
core192: ship protobuf
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6311a62c229ca08ee72687da341658ba4006a4b7
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:41:08 2025 +0100
protobuf: Update to version 29.3
- Update from version 28.3 to 29.3
- Update of rootfile
- Changelog
29.3
Announcements
Protobuf News may include additional announcements or pre-announcements
for upcoming changes.
C++
Fix cmake installation location of java and go features (#19773) (1dc5842)
Other
Add .bazeliskrc for protobuf repo to tell bazelisk to use 7.1.2 by
default. (#19884) (9a5d2c3)
Update artifact actions to v4 (#19703) (8e7e6b0)
29.2
Announcements
Protobuf News may include additional announcements or pre-announcements
for upcoming changes.
C++
Automated rollback of commit 23aada2. (#19692) (1772657)
Remove unused / invalid C++ lazy repeated field code from OSS. (#19682)
(3649f87)
Java
Automated rollback of commit 23aada2. (#19692) (1772657)
Other
Export environment variables so bazelisk picks them up (#19690) (8b9d76c)
Pin staleness check to Bazel 7 (#19689) (a1c9b6a)
Remove CMake downgrade workaround from Windows CI tests (#19630) (3a7bb4a)
29.1
Announcements
Protobuf News may include additional announcements or pre-announcements
for upcoming changes.
Java
Rename maven to protobuf_maven in MODULE.bazel (#18641) (#19477) (ba6da44)
Kotlin
Rename maven to protobuf_maven in MODULE.bazel (#18641) (#19477) (ba6da44)
Python
Revert "Remove deprecated service.py usages from test". For 29.x only
(#19434) (5864b50)
29.0
Announcements
Protobuf News may include additional announcements or pre-announcements
for upcoming changes.
Bazel
Add missing line to docstring after Args (#19213) (6f310d5)
Fix proto_info_bzl (#18918) (083de5f)
Use rules_cc everywhere in protobuf (ddadd0b)
Upgrade rules_cc to 0.0.13 (3dd4835)
Convert proto toolchain string to Label (aa181e2)
Prepare supporting targets for testing (a748b10)
Support --incompatible_enable_proto_toolchain_resolution (372ddb3)
Move ProtoInfo and ProtoLangToolchainInfo from Bazel (426ca8a)
Move java_{lite_}proto_library from Bazel repository (d77bdac)
Move proto_toolchain from rules_proto to protobuf (9f9cb7a)
Move proto_library from Bazel repository (3ff2cf0)
Move proto_common implementation from Bazel binary (b19fbe6)
Compiler
Begin adding extension numbers to SourceCodeInfo and FileDescriptorSet for
tooling purposes. (07e489d)
Update protoc release to include editions language features proto for Go
(#19013) (63d966b)
Introduce lifetimes for individual feature values. (0b6e768)
Windows - Fix handling of utf8 command line arguments (#17854) (b9d1800)
Limit feature deprecation warnings to reduce noise. (5cd9a46)
C++
Fix C++ ifndef_guard printer to also convert "-" to "_". (7331b77)
Fix C++ codegen namespace printer to print closing namespaces in reverse
order. (3bf9c40)
Fix raw_ptr.cc on exotic architectures (#18193) (63f6262)
Fix cord handling in DynamicMessage and oneofs. (9e8b30c)
Fix packed reflection handling bug in edition 2023. (4c92328)
Add JsonStreamToMessage method (0259cc3)
Introduce lifetimes for individual feature values. (0b6e768)
Insert software prefetches into merge functions. This improves performance
when hardware prefetchers are disabled on AMD machines. (d993365)
Insert software prefetches into proto parsing functions. This improves
performance when hardware prefetchers are disabled on AMD platforms.
(8aa0add)
Add prefetching of subsequent extensions in ExtensionSet::ForEach. (9b019ee)
Remove the AnyMetadata class and use free functions instead. (920d5c3)
Add [[deprecated]] attribute when generating enums and classes. (23aada2)
Use linear search instead of binary search in flat mode of ExtensionSet.
(0ed61f0)
Prepare MessageLite::GetTypeName to be upgraded to return (30a8ef5)
Limit feature deprecation warnings to reduce noise. (5cd9a46)
Add Compiler Condition to use inline assembly optimizations with ARM64 for
Compatibility with MSVC (#17671) (c5f6231)
Enable small object optimization (SOO) for RepeatedField in order to
reduce data indirections. (e2525e6)
Return backing array memory to arena in ExtensionSet. (5ac8ee1)
In edition 2024, Enum_Name(value) functions return absl::string_view by
default. (e3fa6aa)
Add Prefetchers to Proto Copy Construct to help address load misses (cdb7238)
Reduced nesting in GenerateByteSize: slight readability improvements in
generated code. (162a740)
Introduce FieldDescriptor::cpp_string_type() API to replace direct ctype
inspection which will be removed in the next breaking change (d0e49df)
Update the comment of TextFormat::Printer::RegisterMessagePrinter that the
method takes ownerhip of the printer pointer. (d911161)
Prepare the code for migrating return types from const std::string& to
(e13b8e9)
Java
Remove deprecation warnings for Timestamp and Duration add/subtract/between
that we do not yet have alternatives to. (f606c13)
[29.x] Add missing java load (#19016) (bb287be)
Give Kotlin jars an OSGi Manifest (#18812) (0c51eba)
Re-export includingDefaultValueFields in deprecated state for important
Cloud customer. (7321b2f)
Restore compatibility with 3.22 gencode by re-adding mutableCopy helpers
(1b1e90b)
Speed up CodedOutputStream by extracting rarely-executed string formatting
code (f8f5136)
Return constant Value objects for true, false, and "" (4fbb0c5)
Optimise CodedOutputStream.ArrayEncoder.writeFixed32NoTag/writeFixed64NoTag
(a51f98c)
CodedOutputStream: avoid updating position to go beyond end of array.
(76ab5f2)
Convert IndexOutOfBoundsException to OutOfSpaceException in
UnsafeDirectNioEncoder (0e75d92)
Suppress ReturnValueIgnored errorprone issues (bbbc7b9)
Fix packed reflection handling bug in edition 2023. (4c92328)
Move cc_proto_library from Bazel repository (5254448)
Protobuf Lite ArrayLists: Defer allocating backing array until we have
some idea how much to allocate. (05a8a40)
Allocate correct-sized array when parsing packed fixed-width primitives
(4e8469c)
Bugfix: Make extensions beyond n=16 immutable. (ee419f2)
Reserve capacity in ProtobufArrayList when calling
Builder.addAllRepeatedMessage(Collection) (e3cc31a)
Avoid allocating iterators when calling
Message.Builder.addAllFoo(RandomAccess List) (bd1887e)
Remove the AnyMetadata class and use free functions instead.
(https://github.com/protocolbuffers/protobuf/com...
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 31457b85124fd445f585268ef3add1a6a2e8602d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:41:07 2025 +0100
postfix: Update to version 3.9.1
- Update from version 3.9.0 to 3.9.1
- Update of rootfile not required
- Changelog
3.9.1
The mail_version configuration parameter did not have a three-number value
(3.9 instead of 3.9.0; it still had the two-number version from the
development releases postfix-3.9-yyyymmdd). This broke pathnames derived
from the mail_version value, such as shlib_directory. Problem reported by
Michael Orlitzky.
Bugfix (defect introduced: Postfix 2.9, date 20111218): with
"smtpd_sasl_auth_enable = no", the permit_sasl_authenticated feature
ignored information that was received with the XCLIENT LOGIN command, so
that the client was treated as unauthenticated. This was fixed by removing
an unnecessary test. Problem reported by Antonin Verrier.
Bugfix (defect introduced: postfix 3.0): the default master.cf syslog_name
setting for the relay service did not preserve multi-instance information,
which complicated logfile analysis. Found during a support discussion.
Bugfix (defect introduced: Postfix 2.3, date 20051222): file descriptor
leak after failure to connect to a Dovecot auth server. The impact is
limited because Dovecot auth failures are rare, there are limits on the
number of retries (one), on the number of errors per SMTP session
(smtpd_hard_error_limit), on the number of sessions per SMTP server
process (max_use), and on the number of file handles per process (managed
with sysctl). Found during code maintenance.
Bugfix (defect introduced: Postfix 3.4, date 20190121): the postsuper
command failed with "open logfile '/path/to/file': Permission denied" when
the maillog_file parameter specified a filename and Postfix was not
running. This was fixed by opening the maillog_file before dropping root
privileges. Found during code maintenance.
Bugfix (defect introduced Postfix 3.0). No autodetection of UTF8 text when
missing message headers were automatically added by Postfix (for example,
a From: header with UTF8 full name information from the password file).
This caused Postfix to send UTF8 in message headers without using the
SMTPUTF8 protocol. Problem reported by Michael Tokarev.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7488c240679fed1872ea3ed0514901bce3aa164e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:41:06 2025 +0100
frr: Update to version 10.2.1
- Update from version 10.1 to 10.2.1
- Update of rootfile not required
- Changelog
10.2.1
Fixed CVE-2024-55553
More details: https://frrouting.org/security/cve-2024-55553
Bug Fixes
bfdd
retain remote dplane client socket
bgpd
Fix to pop items off zebra_announce FIFO for few EVPN triggers
Check if as_type is not specified when peer is a peer-group member
Do not reset peers on suppress-fib toggling
Fix bgp core with a possible Intf delete
Fix enforce-first-as per peer-group removal
Fix evpn bestpath calculation when path is not established
Fix graceful-restart for peer-groups
Fix memory leak when creating BMP connection with a source interface
Fix memory leak when reconfiguring a route distinguisher
Fix unconfigure asdot neighbor
Fix use single whitespace when displaying flowspec entries
Fix version attribute is an int, not a string
Import allowed routes with self AS if desired
Initialize as_type for peer-group as AS_UNSPECIFIED
Use gracefulRestart JSON field
Validate both nexthop information (NEXTHOP and NLRI)
Validate only affected RPKI prefixes instead of a full RIB
When calling bgp_process, prevent infinite loop
lib
Allow setsockopt functions to return size set
Fix session re-establishment
Take ge/le into consideration when checking the prefix with the prefix-list
Use backoff setsockopt option for freebsd
ospfd
OSPF multi-instance default origination fixes
pimd
Fix access-list memory leak in pimd
Free igmp proxy joins on interface deletion
igmp proxy joins should not be written as part of config
Prevent crash of pim when auto-rp's socket is not initialized
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 77ccf4949b96f1326932d77496f64c76134428a8
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:41:04 2025 +0100
fetchmail: Update to version 6.5.2
- Update from version 6.4.39 to 6.5.2
- Update of rootfile not required
- Changelog
6.5.2
ADVANCE WARNING OF FEATURES TO BE REMOVED OR CHANGED IN FUTURE VERSIONS
(There are no plans to remove features from a 6.5.X release, but they may be
removed from a 6.6.0 or newer release.)
* Support for operating systems that are not sufficiently POSIX compliant may be
removed or operation on such systems may be suboptimal for future releases.
* Future fetchmail releases may require compilers and operating systems
that adhere to standards issued 2011 or later. (See README for requirements.)
* Future fetchmail releases may tighten up security and lean towards
it a bit more by, for instance, implementing recommendations from
RFC-7817 or RFC-8314. This may, for instance, require that TLS v1.1
or newer be used.
* The MX and host alias DNS lookups that fetchmail performs in multidrop mode
are based on assumptions that are rarely met in practice, somewhat defective,
deprecated and may be removed from a future fetchmail version.
They have never supported IPv6 (including IPv6-mapped IPv4).
Non-DNS based alias keywords such as "aka" will remain in fetchmail.
* The monitor and interface options may be removed from a future fetchmail
version as they are not reasonably portable across operating systems.
* POP2 is obsolete, support will be removed from a future fetchmail version.
* IMAP2 and IMAP4 (not IMAP4r1) are obsolete, support may be removed from a
future fetchmail version.
* RPOP is obsolete, support will be removed from a future fetchmail release.
* The multidrop To/Cc guessing code along with the fragile duplicate suppressor
is deprecated and may be removed from a future release.
* The "envelope Received" option may be removed from a future release, because
the Received header was never meant to be machine-readable, the format varies
widely, and various other differences in behavior make parsing Received an
unreliable undertaking. The envelope option as such will remain though, in
order to support Delivered-To, X-Envelope-To, X-Original-To and similar.
See also <http://home.pages.de/~mandree/mail/multidrop>.
* The "protocol auto" default inside fetchmail may be removed from a future
fetchmail release. Explicit configuration of the protocol is recommended.
* Kerberos IV support may be removed from a future fetchmail release.
* Kerberos 5 support may be removed from a future fetchmail release.
(Although GSS-API support should remain as long as it's viable.)
* The --principal option may be removed from a future fetchmail release.
* SIGHUP wakeup support may be removed from a future fetchmail release and
cause fetchmail to terminate - it was broken for many years.
* The maintainer may migrate fetchmail to C++, and impose further requirements
(dependencies), such as Boost or other class libraries.
* The softbounce option default will change to "false" in the next release.
* The --bsmtp - mode of operation may be removed in a future release.
* Fetchmailconf is deprecated and will be removed from a future release.
* Fetchmail does not guarantee compatibility with EOL OpenSSL versions. Support
for end-of-life OpenSSL versions may be removed even from patchlevel releases.
* Nonstandard or by today's standards insufficiently secure authentication
schemes (such as OPIE, RPA) may be removed from future fetchmail versions.
* Nonstandard protocol extensions (such as SDPS/*ENV) may be removed from future
fetchmail versions.
* --auth ssh may be removed from future fetchmail versions. Use --auth implicit.
* Future fetchmail releases (even minor ones) may change undocumented parts of
the .netrc parser in incompatible ways to enhance compatibility with typical
ftp(1) .netrc parsers.
KNOWN BUGS AND WORKAROUNDS
* Fetchmail does not handle messages without Message-ID header well
(See sourceforge.net bug #780933)
* Fetchmail currently uses 31-bit signed integers in several places
where unsigned and/or wider types should have been used. Please report
issues with this.
* BSMTP is mostly untested and errors can cause corrupt output.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
no or no global IPv6 addresses are configured.
(No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
messages. This will not be fixed, because the maintainer has no Kerberos 5
server to test against. Use GSSAPI.
* For IMAP connections, fetchmail will print "will idle after poll" in
verbose mode even though --idle is not given, as an artifact of the 6.4.22
security fixes. Fetchmail means "could idle after poll", but this would
have required another loop through the translators.
* aka ... hostnames are not considered for upstream server X.509 certificate
verification, aka was meant for alias detection with multidrop mailboxes.
* When compiled against wolfSSL, note that it is not a feature-complete
emulation of OpenSSL. Main functionality is given, but some minor details
may not work the same as in OpenSSL builds.
* When compiled against LibreSSL (due to licensing, this only works on OpenBSD
where LibreSSL is part of the OS), note that LibreSSL is somewhat behind
recent OpenSSL versions, so prefer OpenSSL to LibreSSL if you can.
* FreeBSD's OPIE implementation cannot be found when using a C++ compiler.
This should not affect the normal build, which uses a C compiler.
* Using ccache may trigger "implicit fallthrough" warnings because
the comments that, for instance, GCC understands, are removed by ccache's
separate preprocessing. Fixing this portably requires C++17.
* Fetchmail's RFC-2047 encoder (used for localized Subject: lines of locally-
originated e-mail messages) is simplistic and violates the RFC-2047
requirement that multibyte characters must not be split across
encoded-words.
TRANSLATIONS: fetchmail's translations were updated, courtesy of:
* cs: Petr Pisar [Czech]
* sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
CHANGES:
* Minor documentation consistency fixes (versions, dates).
6.5.1
BUG AND PORTABILITY FIXES:
* Drop two wolfSSL compile-time checks that were for older 6.4 or for future
7.0 releases and broke compilation with wolfSSL 5.7.4.
Fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282413#c4
* Use %p instead of non-portable %#p for one wolfSSL-related diagnostic message
(FreeBSD defines %#p to be %p, on many other platforms it's undefined
behavior).
* Add regex_helper.c to list of files that contain translatable strings,
which contains two strings we missed to translate.
CHANGES:
* Simplify EVP_MD_fetch API detection ("like OpenSSL 3" vs. "like OpenSSL 1")
for version switch and base it on the claimed OpenSSL version of the crypto
SSL, which works for LibreSSL (claims OpenSSL 2) and wolfSSL alike.
TRANSLATIONS: fetchmail's messages were translated by these fine people:
* sq: Besnik Bleta [Albanian]
* es: Cristian Othón Martínez Vera [Spanish]
* ro: Remus-Gabriel Chelu [Romanian]
* fr: Frédéric Marchal [French]
* pl: Jakub Bogusz [Polish]
* sv: Göran Uddeborg [Swedish]
* ja: Takeshi Hamasaki [Japanese]
* eo: Keith Bowes [Esperanto]
6.5.0
SECURITY FIX:
* .netrc now may not have more than 0700 permission if it contains passwords,
else fetchmail will warn and ignore the file.
REMOVED FEATURES
* fetchmail no longer supports using an MDA as SMTP fallback. This is required
to make deliveries consistent.
The --enable-fallback configure option is gone.
* fetchmail no longer supports SSLv3. --sslproto ssl3 and ssl3+ options have
been removed and behave as though "--sslproto auto" had been given.
INCOMPATIBLE CHANGES
* fetchmail by default only negotiates TLS v1.2 or higher. (RFC-7525)
* fetchmail can auto-negotiate TLS v1.1 through the --sslproto tls1.1+ option.
* fetchmail can auto-negotiate TLS v1.0 through the --sslproto tls1+ option.
* fetchmailconf now requires Python 3.7.0 or newer.
* fetchmail, with --logfile, now logs time stamps into the file, in localtime
and in the format "Jun 20 23:45:01 fetchmail: ". It will be localized through
the environment variables LC_TIME (or LC_ALL) and TZ.
Contributed by Holger Hoffstätte.
* fetchmail sets the OPENSSL security level to 2 by default.
Override is possible from an environment variable,
see EXPERIMENTAL CHANGES below.
* The ca, da, en_GB, id, it, nl, ru, zh_CN translations have been disabled,
they are too far behind.
CHANGED REQUIREMENTS
* fetchmail 6.5.0 is written in C99 and requires a SUSv3 (Single Unix
Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
XSI extension) compliant system.
In particular, older fetchmail versions had workarounds or replacement code
for several functions standardized in the Single Unix Specification v3, these
have been removed. Hence:
- The trio/ library has been removed from the distribution.
- The libesmtp/getaddrinfo.? library has been removed from the distribution.
- The KAME/getnameinfo.c file has been removed from the distribution.
* fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL or wolfSSL,
at a minimum OpenSSL v3.0.9 or wolfSSL v5.7.2.
TRANSLATIONS: fetchmail's messages were translated by these fine people:
* cs: Petr Pisar [Czech]
* eo: Keith Bowes [Esperanto]
* es: Cristian Othón Martínez Vera [Spanish]
* fr: Frédéric Marchal [French]
* ja: Takeshi Hamasaki [Japanese]
* ro: Remus-Gabriel Chelu [Romanian]
* sv: Göran Uddeborg [Swedish]
* sq: Besnik Bleta [Albanian]
* pl: Jakub Bogusz [Polish]
BUG FIXES
* fetchmail can now report mailbox sizes of 2^31 octets and beyond (2 GibiB).
This required C99 support (for the long long type).
Fixes Debian Bug#873668, reported by Andreas Schmidt.
* fetchmail now defines its OpenSSL API level to 3.0.0 so as to expose the
3.0.0 APIs from OpenSSL.
* The .netrc parser no longer permits "machine" after "default".
* Add manpage info on the .netrc syntax, as ftp(1) is not standardized and
may not be installed. Fixes Launchpad Bug #1976361 reported by Bill Yikes.
* Received: lines now return GMT time if the tzoffset cannot be represented
as whole minutes. Reported by @rriddicc via Gitlab #49.
* If fetchmail was running localized, generated an error e-mail message locally,
and if the selected translation would require the Subject: line to wrap
inside an RFC-2047 encoded word (=?UTF-8?Q?...?=), the wrapped encoded-word
was not indented, thus not marked as a continuation line.
* SSL error handling was improved, fetchmail now consistently clears the
thread/SSL error queue before SSL I/O operations and checks SSL_get_error
afterwards. The SSL_connect() error handling has been revised to log more
consistently.
CHANGES
* When fetchmail attempts to log out from an IMAP4 server and the server messes
up its responses (it is supposed to send an untagged * BYE and a tagged
A4711 OK) and sends a tagged A4711 BYE response, tolerate that, rather than
reporting a protocol error. We don't intend to chat any more so the protocol
violation is harmless, and we know the server cannot send more untagged
status responses.
Analysis and fix courtesy of Maciej S. Szmigiero, GitLab merge request !20.
* The configure script now spends more effort for getting --with-ssl right, by
running pkg-config in the right environment, and using the AC_LIB_LINKFLAGS
macro to obtain run-time library path setting flags.
* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
do not match, emit a warning and continue. Closes Gitlab #31.
* There is now a --idletimeout feature contributed by Eric Durand, to
permit setting a shorter timeout for the --idle option, because many
servers violate the protocol (requiring 30 minutes) and hang up sooner than
the 28 minutes fetchmail waits before refreshing IDLE.
GitLab merge request !35.
* There is now a --forceidle feature to force idle mode even if not advertised
in the server capabilities. This is a dangerous option, use it carefully.
Courtesy of Eric Durand, GitLab merge request !39.
* There is now a --moveto feature (only feasible in IMAP) that, instead of
flushing mail, moves it to a user-specified folder. This is to assist with
archiving, or when providers (G...) break the IMAP model.
Courteously provided by Damjan Jovanovic.
* rcfile parsing errors are now reported in more detail, and with -vv mode,
also lead to a non-importable Python dump of what was obtained, for debugging.
* fetchmail's --auth option ssh was renamed to implicit, to make clear that it
does *NOT* imply any particular type or features of the --plugin. --auth ssh
will be understood for a while for compatibility but fetchmail will report it
as implicit.
* fetchmail no longer warns about port/service mismatches with/without ssl
option when a "plugin" is in use because fetchmail cannot know whether the
plugin talks SSL or STARTTLS/STLS. Fixes Debian Bug#1076604.
* fetchmail re-executes itself if the .netrc file's modification change
is found to be newer at the beginning of a new run.
* fetchmail can now use other digest algorithms than MD5 for the
--sslfingerprint option. To use, specify the algorithm's name in
curly braces as prefix in the finger print, say,
--sslfingerprint '{SHA256}00:01:[...]:1F'. This will also switch the
algorithm for printing. All algorithms supported by the TLS/SSL library
can be specified. Fixes Gitlab issue #19, Debian Bug#700266.
EXPERIMENTAL CHANGES - these are not documented anywhere else, only here:
* fetchmail supports a FETCHMAIL_SSL_SECLEVEL environment variable that
can be used to override the OpenSSL security level. Fetchmail by default
raises the security level to 2 if lower. This variable can be used to lower it.
Use with extreme caution. Note that levels 3 or higher will frequently cause
incompabilities with servers because server-side data sizes are often too low.
Valid range: 0 to 5 for OpenSSL 1.1.1 and 3.0.
* fetchmail supports a FETCHMAIL_SSL_CIPHERS environment variable that
sets the cipher string (through two different OpenSSL functions) for SSL and
TLS versions up to TLSv1.2.
If setting the ciphers fails, fetchmail will not connect.
If not given, defaults to Postfix's "medium" list,
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH".
* fetchmail supports a FETCHMAIL_TLS13_CIPHERSUITES environment variable
that sets the ciphersuites (a colon-separated list, without + ! -) for
TLSv1.3. If not given, defaults to OpenSSL's built-in list. If setting the
ciphersuites fails, fetchmail refuses to connect.
* NOTE the features above are simplistic. For instance, even though you
configure --sslproto tls1.3, a failure to set tls1.2 ciphers could cause
a connection abort.
* fetchmail can be built with meson 1.30 or newer <https://mesonbuild.com/>.
fetchmail is not currently written in a way that supports unity
(amalgamated) builds.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 46da743318cb03d76992541b6571e1a0af7fdfac
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:41:03 2025 +0100
dnsdist: Update to version 1.9.8
- Update from version 1.9.7 to 1.9.8
- Update of rootfile not required
- Changelog
1.9.8
Improvements
Add the ability to load a given TLS tickets key
References: pull request 14877
Custom metrics: better error messages, small doc improvements
References: pull request 14978
Add elapsed time to dq object (@phonedph1)
References: pull request 14887
Bug Fixes
setTicketsKeyAddedHook: pass a std::string to the hook to avoid luawrapper
to truncate content at potential null chars
References: pull request 14878
Fix ECS zero-scope caching with incoming DoH queries
References: #14959, pull request 14977
Allow resetting setWeightedBalancingFactor() to zero
References: pull request 14929
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 3caaf256c7c2652fa579ae5338a60429b1b58558
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 14:25:01 2025 +0100
core192: ship dma
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d53adf3d1d434b139fde81a26be2d308e2c40a60
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:41:02 2025 +0100
dma: Update to version 0.14
- Update from version 0.13 to 0.14
- Update of rootfile not required
- Changelog
0.14
https://github.com/corecode/dma/commits/v0.14/
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 44b8e06f7814129c4c4cbc2800e5282042593333
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:40:32 2025 +0100
make.sh: Move python3-tomli to before qemu as it is now needed for the build
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 672af0ab2c6d3af01b879cfad0577c69f752d724
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:40:31 2025 +0100
qemu-ga: Update to version 9.2.0
- Update from version 9.0.2 to 9.2.0
- Update of rootfile not required
- Changelog same as in the commit for qemu to 9.2.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ade79737a329213e7872a035a30a705f7a9e31f2
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:40:30 2025 +0100
qemu: Update to version 9.2.0
- Update from version 9.0.2 to 9.2.0
- Update of rootfile
- Changelog
9.2.0
https://wiki.qemu.org/ChangeLog/9.2
9.1.0
https://wiki.qemu.org/ChangeLog/9.1
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 38c13c04fcd4b7a5e2d08ffeb1b85a77b5461bec
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:40:07 2025 +0100
asciidoctor: Update of rootfile to take account of ruby update to 3.4.0 branch
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4234436fc76d48706b7c7f336e7ddb1503d56737
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 22:40:06 2025 +0100
ruby: Update to version 3.4.1
- Update from version 3.3.6 to 3.4.1
- Update of rootfile
- Changelog
3.4.0 changes compared to 3.3.0
See file NEWS.md in source tarball
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d226ab59914488fe9660542b6797711c9625779d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 14:14:27 2025 +0100
core192: ship backup exclude
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 83df9ec1753af193da7d72f795af2894d528c031
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 13 13:24:42 2025 +0100
backup-exclude: Add suricata ruleset-sources to backup exclude file
- This will ensure that an old version will no longer be restored back onto a users
system.
- The suricata ruleset-sources file should also be shipped in the CU that this will be
applied to make sure that all usders have the correct version installed, in case they
have done a restore from an old backup after doing a fresh install.
- Tested on my vm testbed system and after making the change, the ruleset-sources file
is no longer added to the backup set but also it is excluded from the restore if it
is included in an old backup.
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7d42fc3576cbb130193361b4e68015398998b2c8
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Jan 11 15:43:33 2025 +0100
tshark: Update to version 4.4.3
- Update from version 4.4.2 to 4.4.3
- Update of rootfile
- Changelog
4.4.3
Bug Fixes
Potential mis-match in GSM MAP dissector for uncertainty radius and its
filter key. Issue 20247.
Macro eNodeB ID and Extended Macro eNodeB ID not decoded by User Location
Information. Issue 20276.
The NFSv2 Dissector appears to be swapping Character Special File and
Directory in mode decoding. Issue 20290.
CMake discovers Strawberry Perl’s zlib DLL when it shouldn’t. Issue 20304.
VOIP Calls call flow displaying hours. Issue 20311.
Fuzz job issue: fuzz-2024-12-26-7898.pcap. Issue 20313.
sFlow: Incorrect length passed to header sample dissector. Issue 20320.
wsutil: Should link against -lm due to missing fabs() when built with
-fno-builtin. Issue 20326.
Updated Protocol Support
ARTNET, ASN.1 PER, BACapp, BBLog, BT BR/EDR RF, CQL, Diameter, DOF,
ECMP, FiveCo RAP, FTDI FT, GSM COMMON, GTPv2, HCI_MON, HSRP, HTTP2,
ICMPv6, IEEE 802.11, Kafka, LTE RRC, MBIM, MMS, Modbus/TCP, MPEG PES,
NAS-EPS, NFS, NGAP, NR RRC, PLDM, PN-DCP, POP, ProtoBuf, PTP, RLC, RPC,
RTCP, sFlow, SIP, SRT, TCP, UCP, USBCCID, Wi-SUN, and ZigBee ZCL
New and Updated Capture File Support
CLLog EMS ERF
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4657aed760f81c0c0faf7be5873238f98ef6ccff
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Jan 11 15:43:32 2025 +0100
samba: Update to version 4.21.3
- Update from version 4.21.2 to 4.21.3
- Update of rootfile not required
- Changelog
4.21.3
* BUG 15701: More possible replication loops against Azure AD.
* BUG 15697: Compound rename from Mac clients can fail with
NT_STATUS_INTERNAL_ERROR if the file has a lease.
* BUG 15724: vfs crossrename seems not work correctly.
* BUG 6750: After 'machine password timeout' /etc/krb5.keytab is not updated.
* BUG 15771: Memory leak wbcCtxLookupSid.
* BUG 15765: Fix heap-user-after-free with association groups.
* BUG 15758: Segfault in vfs_btrfs.
* BUG 15755: Avoid event failure race when disabling an event script.
* BUG 15724: vfs crossrename seems not work correctly.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 86f25118f96caf6e58433276acaa89fd27798aff
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 14:11:56 2025 +0100
core192: ship nettle
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c1dd437f246f23d683478ef582c93d8a3f8159a0
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Jan 11 15:43:31 2025 +0100
nettle: Update to version 3.10.1
- Update from version 3.10 to 3.10.1
- Update of rootfile
- Changelog
3.10.1
This is a maintenance release, with only a few bugfixes and
portability improvements.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.10 and libhogweed.so.6.10, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fix buffer overread in the new sha256 assembly for
powerpc64, as well as a stack alignment issue.
* Added missing nettle_mac structs for hmac-gosthash.
* Fix configure test for valgrind, to not attempt to run
valgrind on executables built using memory sanitizers.
Optimizations:
* Improved runtime detection of cpu features for OpenBSD and
FreeBSD, using elf_aux_info when available. This also adds
runtime detection for FreeBSD on arm64. Contributed by Brad
Smith.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b9671e1644b45a9353b81a3c7ca47d8b5ff04f5a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 14:11:05 2025 +0100
core192: ship nano
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d6b378f3f0a86d78c5ef18d7a2243c8a57dd2a7b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Jan 11 15:43:30 2025 +0100
nano: Update to version 8.3
- Update from version 8.2 to 8.3
- Update of rootfile not required
- Changelog
8.3
• A build failure with gcc-15 is fixed.
• Several translations were updated.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1e3176c9074a480fd6bfe25aff5f9f4e1ab017f2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 14:10:03 2025 +0100
core192: ship mdadm
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 47fa1360ac84a1f4563d9ffc258017b2fb66c07d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Jan 11 15:43:29 2025 +0100
mdadm: Update to version 4.4
- Update from version 4.3 to 4.4
- Update of rootfile not required
- mdadm has been formally moved to github.
- Changelog
4.4
Features:
- Remobe custom bitmap file support from Yu Kuai.
- Custom device policies implementation from Mariusz Tkaczyk.
- Self encrypted drives (**SED**) support for IMSM metadata from Blazej Kucman.
- Support more than 4 disks for **IMSM** RAID10 from Mateusz Kusiak.
- Read **IMSM** license information from ACPI tables from Blazej Kucman.
- Support devnode in **--Incremental --remove** from Mariusz Tkaczyk.
- Printing **IMSM** license type in **--detail-platform** from Blazej Kucman.
- README.md from Mariusz Tkaczyk and Anna Sztukowska.
Fixes:
- Tests improvements from Xiao Ni and Kinga Stefaniuk.
- Mdmon's Checkpointing improvements from Mateusz Kusiak.
- Pass mdadm environment flags to systemd-env to enable tests from Mateusz Kusiak.
- Superblock 1.0 uuid printing fixes from Mariusz Tkaczyk.
- Find VMD bus manually if link is not available from Mariusz Tkaczyk.
- Unconditional devices count printing in --detail from Anna Sztukowska.
- Improve SIGTERM handling during reshape, from Mateusz Kusiak.
- **Monitor.c** renamed to **Mdmonitor.c** from Kinga Stefaniuk.
- Mdmonitor service documentation update from Mariusz Tkaczyk.
- Rework around writing to sysfs files from Mariusz Tkaczyk.
- Drop of HOT_REMOVE_DISK ioctl in Manage in favour of sysfs from Mariusz Tkaczyk.
- Delegate disk removal to managemon from Mariusz Tkaczyk.
- Some clean-ups of legacy code and functionalities like **--auto=md** from Mariusz Tkaczyk.
- Manual clean-up, references to old kernels removed from Mariusz Tkaczyk.
- Various static code analysis fixes.
In this release we created github repository and allowed participation through
Github. It allowed us to use Github actions adn create CI. Currently, we have:
- Compilation tests with various gcc.
- **mdadm** tests.
- Checkpatch test.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 3bdf61a453f8c6980309b70d890d8da59b6c0da1
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 14:08:59 2025 +0100
core192: ship libpng
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8610ff4b77fe3c66ef3858fb2ea04e503edf9d5a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Jan 11 15:43:27 2025 +0100
libpng: Update to version 1.6.45
- Update from version 1.6.44 to 1.6.45
- Update of rootfile
- Changelog
1.6.45
Added support for the cICP chunk.
(Contributed by Lucas Chollet and John Bowler)
Adjusted and improved various checks in colorspace calculations.
(Contributed by John Bowler)
Rearranged the write order of colorspace chunks for better conformance
with the PNG v3 draft specification.
(Contributed by John Bowler)
Raised the minimum required CMake version from 3.6 to 3.14.
Forked off a development branch for libpng version 1.8.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2688b78f179448017ff15af77e72c695a1fc91ac
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 14:07:57 2025 +0100
core192: ship hwdata
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b30e089176b87df03800b8cbf909d23394c01d57
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Jan 11 15:43:26 2025 +0100
hwdata: Update to version 0.391
- Update from version 0.389 to 0.391
- Update of rootfile not required
- Changelog
0.391
Update usb and vendor ids
0.390
Update pci and vendor ids
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d35a0fc715c2cbf1abf90955be105819ed2a731c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Jan 11 15:43:25 2025 +0100
fping: Update to version 5.3
- Update from version 5.2 to 5.3
- Update of rootfile not required
- Changelog
5.3
New features
- New option --icmp-timestamp to send ICMP timestamp requests (ICMP type 13)
instead of ICMP Echo requests (#353 #363, thanks @auerswal and @gsnw-sebast)
- New option --print-ttl to print returned TTL value (#354, thanks @nalves599)
- New option --print-tos to print returned TOS value (#335 #346 #347, thanks
@auerswal and @gsnw-sebast)
- New option --check-source (#334, thanks @auerswal)
- Predefined various timestamp formats (#321, thanks @auerswal and @gsnw-sebast)
- Print cumulative stats with -Q SECS,cumulative (#315, thanks @auerswal)
Bugfixes and other changes
- ci: Upgrade actions/upload-artifact to v4 (#360, thanks @gsnw-sebast)
- ci: Azure Pipeline only trigger when changes are made in the development branch
(#359, thanks @gsnw-sebast)
- ci: Upgrade actions/upload-artifact to v3 (#355, thanks @pevik)
- ci: Azure Pipeline YAML add docker build (#354, thanks @gsnw-sebast)
- Dockerfile: change distribution from ubuntu to debian (#350, thanks
@gsnw-sebast)
- Fix warning unused parameter 'reply_timestamp' under macOS (#348, thanks
@gsnw-sebast)
- Fix increase maximum -s value to 65507 (#344, thanks @pevik)
- ci: use File::Temp to create temporary directory (#343, thanks @auerswal)
- Fix -k, --fwmark with setuid fping executable (#342, thanks @auerswal)
- Another batch of additional tests (take 2) (#341, thanks @auerswal)
- Document that -a and -u are overridden by -c and -C (#338, thanks @auerswal)
- Fix macOS build warning sets SEQMAP_TIMEOUT_IN_NSSEQMAP_TIMEOUT_IN_NS as INT64_C
(#336, thanks @gsnw-sebast)
- Fix inconsistent limits for address generation via -g, --generator using either
range or CIDR (#331, thanks @auerswal)
- Some additional tests (#329, thanks @auerswal)
- ci: skip an unreliable test on macOS (#328, thanks @auerswal)
- Fix incorrect return-value check for a scanf like function (CWE-253) (#323,
thanks @gsnw-sebast)
- A few more tests to increase code coverage a little bit (#320, thanks @auerswal)
- Github fix: Change to codeql-action-v2 (#319, thanks @gsnw-sebast)
- Developer function: Debug with Visual Studio Code (#318, thanks @gsnw-sebast)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c2e664ed119ecd6bcbebac110f2a55ff4d7aa39d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 14:06:25 2025 +0100
core192: ship e2fsprogs
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 630b37c57c4a671c5be9ab1bcfc6aa4980723035
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Jan 11 15:43:24 2025 +0100
e2fsprogs: Update to version 1.47.2
- Update from version 1.47.1 to 1.47.2
- Update of rootfile not required
- Changelog
1.47.2
UI and Features
Drop the tune2fs -r option and replace it with -E revision=<fs-rev>.
Revision 0 file systems are needed for compatibility with pre-1995 Linux
kernels (older that version 1.2). Most of the time, users shouldn't be
using the -r option and they can confuse themselves and end up creating
a file system that is missing most modern ext4 features, including no
online resizing, no support for post-2038 timestamps, etc. (Addresses
Debian Bug #1086603)
Add support for gnu.translator extended attributes in tar files fed to
mke2fs -d. (Addresses Github issue
https://github.com/tytso/e2fsprogs/issues/192)
Add a debugfs command to list all of the inodes in the orphan list.
Fixes
Fix orphan_file support on big endian systems.
Fix resize2fs to update the checksums in blocks belonging to the orphan
file if it needs to move them.
Fix e2fsck to clear the orphan file after processing it so that e2fsck
-E journal_only doesn't leave the file system in a corrupted state.
Avoid a spurious failure in badblocks when -n or -w is specified twice.
(Addresses Debian Bug #1087341)
Fix a bug where e2fsck could skip checking a file systems with the
orphan_file feature if there are orphaned files that need to be cleaned
up. (Addresses Red Hat Bugzilla 2318710, SuSE Bugzilla #1226043)
Tune2fs will now upgrade a revision 0 file system to revision 1 before
trying to change the inode size. Otherwise, this could result in a
corrupted file system.
Fix fuse2fs --helpfull so that it displays the full help message.
Allow resize2fs to perform an offline resize past the 256 TiB boundary
(which the kernel could do as part of an online resize).
Performance, Internal Implementation, Development Support etc.
Fix various Coverity and compiler warnings.
Speed up tune2fs -g when the group is not changed by the command.
Fix build failures on GCC 15 due to it switched to using -std=c23 by
default. (Addresses https://github.com/tytso/e2fsprogs/issues/202)
Fix build failure when linking fuse2fs with old (2.9.9) version of
libfuse2 on aarch64. This hack was needed to fix a regression caused by
another hacky workaround needed to work around a build failure on
mipsel64 thanks to glibc using different struct stat layouts depending
_FILE_OFFSET_BITS is set and this caused failures when dynamic linking
against libarchive on Debian's mipsel64. (Sigh.)
Fix unused parameter warnings for packages which including ext2fs.h.
(Addresses Debian Bug #1082500)
Fix bug where packages including ext2fs.h would get the 32-bit versions
of the timestamp routines even on 64-bit platforms due to a missing
SIZEOF_TIME_T autoconf definiton in public_config.h.
Teach dumpe2fs and e2mmpstatus to support LABEL= and UUID= specifiers
since the e2mmpstatus man page claims that it supports LABEL= and UUID=.
This support was accidentally dropped when e2mmpstatus was reimplemented
in terms of dumpe2fs. (Addresses
https://github.com/tytso/e2fsprogs/issues/106)
Suppress mke2fs's "Creating regular file" message when the -q option is
in force.
Enable Continuous Integration testing in Debian's Salsa forge.
Fix a memory leak in oss-fuzz test programs.
Provide fuseext2 to replace the debian package src:fuse-umfuse-ext2.
(Addresses Debian Bug #1085590, #1088838)
In the Debian package for e2fsprogs, add a suggestion to install the
package libarchive13t64. (Addresses DebianBug #1089085)
In the Debian package for e2fsprogs, decrease the priority from required
to important. (Addresses Debian Bug #897277)
Fix the f_badjour_encrypted test to write the error output from mke2fs
and debugfs to a log file so it doesn't mess up the "make check" output
and to make those error messages available in the case of test failure.
Fix my_llseek() declaration when building against musl libc.
Clean up groff warnings in man pages. (Addresses Debian Bugs #1086892,
#1082787, #1072866, #1087898)
Document the orphan_file feature in the ext4(5) and tune2fs(8) man
pages. (Addresses Debian Bug #1073062)
Allow building e2fsprogs without libarchive-dev installed to make life
easier for bootstrapping for new Debian ports (Addresses Debian Bug
#1078693)
Various man page cleanups.
Update Chinese, Czech, French, Malay, Polish, Romainian, Spanish,
Swedish, and Ukrainian translations.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5e84cecc11037d3a8e728c1de084c57ebb68b7de
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 09:59:52 2025 +0100
core192: ship captive portal changes
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9b3462a2ca55192b6330f9df839247859eec1e69
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jan 9 20:04:38 2025 +0100
language files: Updated de, en, es, fr & tr language files
- Changed the phrase in the code from Captive wrong ext to Captive wrong type as it is
now the type and not the extension that is being checked.
Fixes: Bug13795
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d705f5e58801d6116e09af9dfaec8d6ed58827b3
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jan 9 20:04:37 2025 +0100
perl-File-LibMagic: New package implemented for content type extraction of a file
- It was placed in make.sh after perl-Config-AutoConf as that package is at least one
build dependency.
Fixes: Bug13795
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 01de28ec05cde5d945500ef6bd5ce25c3586f686
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jan 9 20:04:36 2025 +0100
captive.cgi: Update code to check for the image content type not just the extension
- The File-LibMagic used to do this content type check. As this requires the actual
file and path name to access, the CGI::upload command had to be brought to before
the content type check and download the file to /tmp/. Then the content type can be
identified. If it is either image/png or image/jpeg then the logo.tmp file is
moved to replace the existing logo.dat. If the uploaded logo is not a png or jpeg
image content then the logo.tmp file in /tmp/ is deleted by unlinking it.
- I also added the actual content type to the error message if it is not a png or jpeg.
- Tested the code out on my vm testbed and it worked fine. Only png or jpeg content
type is accepted It makes no difference what the extension on the file is. When not
the correct content type the old logo.dat is left alone and not changed and the new
logo stored in /tmp/ is removed. If the content type is correct then the new logo file
in /tmp/ is moved to replace the existing logo.data file.
- When the wrong type of content was in the file, for example html code, then the error
message is shown saying that the content type is not correct and showing the actual
content type, in this case text/html.
Fixes: Bug13795
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 36391d1d0d2dfb69077e2d860d2af3c975cf86f6
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jan 9 20:04:35 2025 +0100
logo.cgi: Fix for bug13795 - captive portal not displaying uploaded logo
- This v2 version now includes the use of File-LibMagic to identify the specific
content type and apply that to the modified header command so that image/png or
image/jp[eg are used depending on the type of image provided.
- Something changed in some package in CU188 that means that the existing method of
printing the content type to the browser no longer worked.
- I tested it in some stand alone code and even if using text/txt for the content-type
print statement the File::Copy::copy then resulted in an Internal Server Error with
the same message as with the image file which was "malformed header from script
'logo.cgi': Bad header:".
- I tested it with text, html, image and application. In all cases the error message
about a bad header was provided.
- Did some searching and found an alternative way to explicitly print the header info
which is what I have used in this patch change.
- With this approach, in the stand alone code, I was able to get an image, html code or
text shown in the browser correctly and without any error message.
- I then used this new method in the logo.cgi code as submitted here and tested the
change in my vm testbed and the image was shown in the captive portal correctly.
- So this change fixes the problem with the logo not being shown but I have been unable
to identify what changed to stop the method that worked prior to CU188 from working
any more.
Fixes: Bug13795
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 55b13b3b94713ab800bf28d919cd2b2b036f3f31
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 09:54:04 2025 +0100
core192: ship unbound root.hints
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit dda60a8af902f383eb291b3cbe09f8d7f0150698
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 6 10:52:08 2025 +0100
root.hints: Update to version Dec 18, 2024
- Update from version Jul 3, 2019 to Dec 18, 2024
- Not sure if there have been other version in between or not as no history is stored
anywhere on this.
- No changelog for any changes to the root.hints file but the diff in the file shows that
just one change has been done to the B.ROOT-SERVERS.NET. entry with a change in IP.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 637b614f1c73d004a5eca20696958a4aa85c0c2a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 09:51:54 2025 +0100
core192: ship ppp
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e8dc56382628fab7d970a6e799269aa73e4ec2ae
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jan 3 15:21:22 2025 +0100
ppp: Update to version 2.5.2
- Update from version 2.5.1 to 2.5.2
- Update of rootfile
- Changelog
2.5.2
Some old and probably unused code has been removed, notably the pppgetpass program and the passprompt plugin, and some of the files in the sample and
scripts directories.
If a remote number has been set, it is available to scripts in the REMOTENUMBER
environment variable.
The Solaris port has been updated, including updated installation instructions
in README.sol2.
Various other bug fixes and minor enhancements.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c3a156c047d34770da7e8f1c67c5301204cf1b44
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 09:47:16 2025 +0100
core192: ship liburcu
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 33bbc4aee45173cf17f22a11bee3ccbe30f0daaf
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jan 3 15:21:21 2025 +0100
liburcu: Update to version 0.15.0
- Update from version 0.14.1 to 0.15.0
- Update of rootfile
- Changelog
0.15.0
* Fix compilation errors
* Document cmm_cast_volatile
* Honor URCU_DEREFERENCE_USE_VOLATILE
* arm: Use atomic builtins for xchg if supported
* Introduce _CMM_TOOLCHAIN_SUPPORT_C11_MM
* Seperate uatomic and uatomic_mo
* uatomic: Fix header guard comment
* Fix: missing typename in URCU_FORCE_CAST
* Allow building with GCC >= 13.3 on RISC-V
* pointer.h: Fix the rcu_cmpxchg_pointer documentation
* rculfhash: make cds_lfht_iter_get_node argument const
* lfstack: make cds_lfs_empty argument const
* wfcqueue: make cds_wfcq_empty arguments const
* wfstack: make cds_wfs_empty argument const
* cds_list: make cds_list_replace @old argument const
* cds_list: make cds_list_empty const
* Adjust shell script to allow Bash in other locations
* futex.h: Indent preprocessor directives
* futex.h: Use urcu_posix_assert to validate unused values
* Use futex on OpenBSD
* fix: handle EINTR correctly in get_cpu_mask_from_sysfs
* Relicense src/compat-smp.h to MIT
* uatomic/x86: Remove redundant memory barriers
* cleanup: move rand_r compat code to tests
* ppc: Document cache line size choice
* Fix: change order of _cds_lfht_new_with_alloc parameters
* Add support for custom memory allocators for rculfhash
* ppc.h: use mftb on ppc
* rcutorture: Check histogram of ages
* docs: Add links to project resources
* Fix: allow clang to build liburcu on RISC-V
* Fix -Walloc-size
* cleanup: use an enum for the error states of nr_cpus_mask
* fix: add missing SPDX licensing tags
* urcu/uatomic/riscv: Mark RISC-V as broken
* Fix: urcu-bp: misaligned reader accesses
* rculfhash: Only pass integral types to atomic builtins
* LoongArch: Document that byte and short atomics are implemented with LL/SC
* Add LoongArch support
* Tests: Add test for byte/short atomics on addresses which are not word-aligned
* Complete removal of urcu-signal flavor
* doc/examples: Remove urcu-signal example
* tests/common: Remove urcu-signal common test files
* tests/benchmark: Remove urcu-signal benchmark tests
* tests/regression: Remove urcu-signal regression tests
* tests/unit: Remove urcu-signal unit tests
* Fix: Add missing cmm_smp_mb() in deprecated urcu-signal
* urcu/uatomic.h: Improve verbosity of static assert error messages
* urcu/compiler: Add urcu_static_assert
* Phase 1 of deprecating liburcu-signal
* uatomic/generic: Fix redundant declaration warning
* tests: Add tests for checking race conditions
* Add cmm_emit_legacy_smp_mb()
* urcu/annotate: Add CMM annotation
* tests/unit/test_build: Quiet unused return value
* benchmark: Use uatomic for accessing global states
* tests: Use uatomic for accessing global states
* urcu-wait: Fix wait state load/store
* Add CMM memory model
* urcu/arch/generic: Use atomic builtins if configured
* urcu/compiler: Use atomic builtins if configured
* configure: Add --enable-compiler-atomic-builtins option
* Fix: tests/rcutorture: Put thread offline on busy-wait
* tests/regression/rcutorture: Use urcu-wait
* tests/rcutorture: Factor out thread registration
* tests/regression/rcutorture: Add wait state
* urcu-wait: Initialize node in URCU_WAIT_NODE_INIT
* Complete REUSE support
* extras/abi: license data files under CC-1.0
* examples: use SPDX identifiers
* tests: use SPDX identifiers
* src: use SPDX identifiers
* Public headers: use SPDX identifiers
* Build system: use SPDX identifiers
* Fix: urcu-wait: add missing futex.h include
* doc: update GCC baseline to 4.8
* doc: update FreeBSD tested version
* doc: Remove Solaris from tested platforms
* Revert "compiler.h: Introduce caa_unqual_scalar_typeof"
* rculfhash: Use caa_container_of_check_null in cds_lfht_entry
* compiler.h: Introduce caa_container_of_check_null
* compiler.h: Introduce caa_unqual_scalar_typeof
* Avoid calling caa_container_of on NULL pointer in cds_lfht macros
* Fix: revise urcu_read_lock_update() comment
* Fix: uatomic powerpc comment about lwsync
* fix: aarch64: allow RHEL7 gcc 4.8.5-11
* aarch64: Implement caa_cpu_relax as yield instruction
* fix: warning 'noreturn' function does return on ppc
* Fix: use __noreturn__ for C11-compatibility
* Adjust shell scripts to allow Bash in other locations
* Add support for OpenBSD
* Bump version to 0.15.0-pre
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 06683f9630e7ab5dc33fc65b6d63ef3317f4804b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 09:45:53 2025 +0100
core192: ship kbd
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 00124b6d9faa53e278f03c6d0504a7d0cae25330
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jan 3 15:21:20 2025 +0100
kbd: Update to version 2.7.1
- Update from version 2.6.4 to 2.7.1
- Update of rootfile
- Changelog
2.7.1
setfont:
Fixed regression in argument parsing. Allow arguments and options to
be mixed.
dumpkeys:
Fixed dumpkeys on pc and non-pc architectures. The value of keycode 0
has a special meaning, but on some architectures (like powerpc)
keyboards may generate keycode zero.
2.7.0
libkeymap:
Add API to get/set keymap keywords.
Export functions to convert the value to kernel code.
Fix double kbdfile open.
Dump action codes for keycode 0.
libkfont:
Fix buffer allocation for doubled font.
Check console mode.
keymaps:
Add hcesar layout, for portuguese speaking countries.
Update Colemak-DH keymaps with upstream changes.
sv-latin1.map: make Ctrl+AltGr+9 act as Ctrl+].
fonts:
Remove non-free Agafari fonts.
build-sys:
Use autoconf 2.72.
Do not substitute variables from configure.
Makefiles cleanup.
Fix build warning.
other:
Add configure option to control keymaps compression.
Update man pages.
Remove deprecated startup scripts.
Remove outdated docs.
Update translations (from translationproject.org)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b7420d15630e62a20e43ad385c92133b82e5f673
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Fri Jan 3 15:21:19 2025 +0100
dbus: Update to version 1.16.0
- Update from version 1.14.10 to 1.16.0
- Update of rootfile
- Autotools has been removed from dbus so build converted to meson
- Changelog
1.16.0
Build system and dependencies:
• The Meson build system is the recommended way to build dbus on Unix.
This requires Meson 0.56 and Python 3.5.
· Projects that depend on libdbus can build it as a Meson subproject.
See tests/use-as-subproject/meson.build for suggested build options.
• CMake continues to be available as an alternative build system,
and is recommended on Windows. This requires CMake 3.10.
• A C99 compiler such as gcc, clang, or Visual Studio 2015 is required.
A C11 compiler such as gcc, clang, or Visual Studio 2019 is recommended.
• On platforms with larger-than-64-bit pointers, a C11 compiler is required
Behaviour changes:
• On Unix, the well-known system bus socket is in the runtime state
directory by default (normally /run)
(see 1.15.4 for more details)
• On Linux with systemd, dbus-daemon starts as the target user/group
(retaining CAP_AUDIT_WRITE) instead of starting as root and
dropping privileges
Feature removals:
• Autotools build system
• pam_console/pam_foreground integration
(Autotools --with-console-auth, CMake -DDBUS_CONSOLE_AUTH_DIR)
New features and significant bug fixes:
• ProcessFD in GetConnectionCredentials() on Linux
(see 1.15.8 for more details)
• On Unix, the system message bus now loads .service files from /etc and /run
• Use close_range() to close unwanted file descriptors or mark them
close-on-exec, if available
• Use 64-bit timestamps internally on 32-bit platforms, for Y2038 safety
• Use APIs that can return 64-bit timestamps and inode numbers on
32-bit glibc
• AF_UNIX sockets are available on sufficiently recent Windows
• dbus-send can send arrays of variants, variant values in dictionaries,
and nested variants
• Portability to CPU architectures with larger-than-64-bit pointers
Dependencies:
• Building with CMake now requires CMake ≥ 3.10.
Bug fixes:
• Avoid deprecation warnings with newer Meson versions
(dbus!507, Simon McVittie)
• Avoid deprecation warnings with newer CMake versions
(dbus#541, Ralf Habacker)
Tests and CI enhancements:
• When building with CMake, set the same environment variables as Meson.
This improves test coverage. (dbus#533, Ralf Habacker)
• Remove a remaining reference to Debian 11, which is EOL
(dbus!508, Simon McVittie)
1.15.92
Build-time configuration changes:
• When building with Meson, the embedded_tests option has been renamed
to intrusive_tests. This option adds test instrumentation in libdbus
and dbus-daemon, which reduces performance and is not secure.
For production builds of dbus in OS distributions, it must be false
(-Dintrusive_tests=false, which is the default)
During development, it should be set true (-Dintrusive_tests=true)
for full test coverage. (dbus#537, Simon McVittie)
• Similarly, when building with CMake, the DBUS_BUILD_TESTS option no
longer enables intrusive test instrumentation. A new option
-DDBUS_ENABLE_INTRUSIVE_TESTS=ON is equivalent to the Meson build
system's -Dintrusive_tests=true.
Bug fixes:
• If a DBusWatch callback fails because there is insufficient memory,
make sure to retry it within a finite time (dbus#536, Petr Malat)
• On macOS with launchd enabled, if the session bus launchd integration
is not correctly configured, don't treat that as a fatal error that
prevents connecting to the system bus (dbus#510, Mohamed Akram)
• If intrusive test instrumentation is enabled, older versions of dbus
would simulate an out-of-memory condition once per 2**32 allocations,
even if not specifically requested. This is no longer done.
(dbus#535, Simon McVittie)
• Fix compilation on non-Linux platforms with glibc, such as
Debian GNU/Hurd (dbus#539, Simon McVittie)
• Avoid test failures with non-trivial NSS modules, similar to dbus#256
(dbus#540, Simon McVittie)
• When built with CMake, make paths in DBus1Config relocatable
(dbus!499, Ralf Habacker)
1.15.90
Build-time configuration changes:
• The experimental Containers1 interface has been removed from this branch.
It is incomplete and not ready for production use, and has been
compile-time-disabled and impossible to enable without patching
since 1.13.20. To reduce confusion, delete the code completely.
It remains present on the git `master` branch for 1.17.x, and will
hopefully be reinstated during the 1.17.x cycle.
(dbus!488, dbus!490; Simon McVittie)
Bug fixes:
• Fix the Devhelp index for API documentation (dbus!486, Simon McVittie)
• Fix detection of socketpair() on Solaris 10 (dbus#531, Simon McVittie)
• Avoid undefined signed integer overflow when calculating hash table
indexes (dbus!487, Jami Kettunen)
1.15.12
Enhancements:
• D-Bus Specification 0.43:
· Recommend loading system services from /etc/dbus-1/system-services
and /run/dbus-1/system-services (dbus!467, Luca Boccassi)
· Reorganise documentation of the message bus to make it easier to add
new interfaces (dbus!472, Simon McVittie)
· Document o.fd.DBus.Debug.Stats interface (dbus!472, Simon McVittie)
· Document o.fd.DBus.Verbose interface (dbus!472, Simon McVittie)
· Formatting improvements (dbus!471, dbus!472; Simon McVittie)
· Don't imply that all clients need to support obsolete message bus
implementations (dbus!471, Simon McVittie)
• API design advice:
· Document typical approaches to emulating nullable types in the D-Bus
type system (dbus!446, Zeeshan Ali Khan)
• On Unix, additionally load system services from:
· /etc/dbus-1/system-services, reserved for use by either the local system
administrator, or software such as asset managers and configuration
management frameworks acting on their behalf
· /run/dbus-1/system-services, for ephemeral services
(dbus!467, Luca Boccassi)
Bug fixes:
• Increase file descriptor soft limit to hard limit before testing file
descriptor passing, and correctly skip the test for flooding the bus
with fds when the limit is too low, fixing test failures on Solaris
(dbus#176, Alan Coopersmith)
• When building API documentation with Doxygen, always generate a working
link in the index HTML page
(dbus#519, dbus!470; Ralf Habacker, Simon McVittie)
• When building with Meson, add (more) test dependencies so that 'meson test'
does not always need to be preceded by 'meson compile'
(dbus!468, Simon McVittie)
• When installing with Meson, don't fail if we are installing as root but
the user/group that will own the setuid dbus-daemon-launch-helper do not
yet exist (dbus#492, Jordan Williams)
• When building with Meson on Solaris, fix detection and build of
Solaris audit API integration
(dbus!477, Alan Coopersmith)
• Fix service activation timeouts when built with embedded tests (test
instrumentation) and run on a platform with a large file descriptor limit
(dbus#527, Simon McVittie)
• Fix test failures on platforms where deleting the current working
directory is not allowed, such as Solaris
(dbus!480, Alan Coopersmith)
Internal changes:
• CI fixes (dbus!474, Simon McVittie)
1.15.10
Build-time configuration changes:
• The Autotools build system has been removed. Its replacement is Meson.
(dbus#443, Ralf Habacker)
Enhancements:
• Use 64-bit timestamps internally.
This will allow 32-bit builds of libdbus to continue working after 2038
if there is OS-level support for 64-bit time_t, either opt-in
(as on 32-bit glibc systems) or by default. (dbus!444, Alexander Kanavin)
• When building with CMake, build more HTML documentation
(dbus#504, Ralf Habacker)
Bug fixes:
• Don't crash if configured to watch more than 128 directories with
inotify (dbus#481, hongjinghao)
• Never add (uid_t) -1, (gid_t) -1 or (pid_t) 0 to credentials
(dbus!464, Alyssa Ross)
• Fix a regression since 1.15.0 for "autolaunch:" on Windows
(dbus#503, Thomas Sondergaard)
• When building with Meson, don't use stdatomic.h if it exists but is
non-functional, for example under Visual Studio 2022
(dbus#494, Thomas Sondergaard)
• When building with Meson, add test dependencies so that 'meson test'
does not always need to be preceded by 'meson compile'
(dbus!465, Alyssa Ross)
• When building with Meson, really enable launchd if appropriate
(dbus!463, Alyssa Ross)
• In the test suite, use a more widely-implemented group name 'tty'
in preference to 'bin' (dbus#514, Alyssa Ross)
• Ensure that `dbus-test-tool spam` options cannot leave the payload
length uninitialized (dbus!469, Simon McVittie)
• Fix compiler warnings with gcc 14 (dbus!469, Simon McVittie)
Documentation:
• Clarify ownership transfer of pending call in
dbus_connection_send_with_reply() (dbus!455, Wiebe Cazemier)
• Explicitly document dbus-send exit status (dbus#452, Philip Withnall)
• Refer to d-spy in preference to unmaintaned D-Feet
(dbus!460, Ludovico de Nittis)
• Update URL to Bustle tool (dbus!460, Ludovico de Nittis)
Internal changes:
• Replace _dbus_string_append_int(), _dbus_string_append_uint() with
calls to _dbus_string_append_printf()
(dbus!445, Simon McVittie)
• Clean up unused macros in CMake build
(dbus!463, Alyssa Ross)
• Internal CI changes
(dbus#487, dbus#488, dbus#489, dbus#509;
Ralf Habacker, Simon McVittie)
1.15.8
Build-time configuration changes:
• For this version of dbus, Meson is the recommended build system for all
Unix platforms. CMake continues to be recommended for Windows, but this
recommendation might change to Meson in a future release, so please
test the Meson build. See INSTALL for details.
• Autotools-generated files are no longer included in the tarball release.
The Autotools build system is likely to be removed in a future dbus
release, so Autotools users should migrate to Meson as soon as possible.
It is still possible to build using Autotools, by following the same
procedure as for a git clone (starting with the `./autogen.sh` script).
Enhancements:
• D-Bus Specification 0.42:
· GetConnectionCredentials can return ProcessFD
(dbus!420, dbus!398; Luca Boccassi)
• On Linux with sufficiently new glibc and kernel headers, report a pinned
process file descriptor (pidfd) as the ProcessFD member of the
GetConnectionCredentials() result
(dbus!420, dbus!398; Luca Boccassi)
• On Linux with systemd, start as the target user/group (retaining
CAP_AUDIT_WRITE to preserve the ability to write to the audit log),
instead of starting as root and dropping privileges
(dbus!399, Luca Boccassi)
• On 32-bit glibc systems, opt-in to 64-bit timestamps if possible.
This will allow 32-bit builds of libdbus to continue working after 2038.
(dbus#465, Simon McVittie)
• On 32-bit glibc systems when built with CMake, also opt-in to large
file sizes, offsets and inode numbers, as was done for Autotools
since 1.12.x and Meson since the Meson build was introduced
(dbus#465, fd.o #93545; Simon McVittie)
• Avoid known dbus-daemon options being interpreted as optional arguments
(dbus#467, Xin Shi)
• If libdbus is a Meson subproject in a larger project, announce it as an
implementation of the dbus-1 dependency (dbus!415, Barnabás Pőcze)
• When built with CMake, get the version number from Meson instead of
Autotools, in preparation for the Autotools build system being removed
(dbus!382, Ralf Habacker)
• When built with Meson, disable some unwanted warnings when either
assertions or checks is disabled (dbus!412, Simon McVittie)
• Use C11 <stdatomic.h> if possible (dbus!431, Simon McVittie)
• Expand coverage of SPDX/REUSE copyright/license information
(dbus!427, Simon McVittie)
• On Linux, let dbus-daemon start up successfully (with a warning) if
inotify initialization fails, even if DBUS_FATAL_WARNINGS=1 is present
in the environment (dbus#473, Simon McVittie)
• On Unix, provide a better error message when looking up a user by name
or user ID fails (dbus!442, Simon McVittie)
Bug fixes:
• Avoid a dbus-daemon crash if re-creating a connection's policy fails.
If it isn't possible to re-create its policy (for example if it belongs
to a user account that has been deleted or if the Name Service Switch is
broken, on a system not supporting SO_PEERGROUPS), we now log a warning,
continue to use its current policy, and continue to reload other
connections' policies. (dbus#343; Peter Benie, Simon McVittie)
• If getting the groups from a user ID fails, report the error correctly,
instead of logging "(null)" (dbus#343, Simon McVittie)
• Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs
field for processes with a valid-but-empty supplementary group list
(dbus!422, cptpcrd)
• `sudo meson install` without a DESTDIR is now possible, although
strongly discouraged on production systems (dbus#436, Simon McVittie)
• Fix a Meson deprecation warning (dbus#439, Simon McVittie)
Tests and CI enhancements:
• Internal CI changes
(dbus#455, dbus!414, dbus#468, dbus#469, dbus!424, dbus!430, dbus#436,
dbus#470; Ralf Habacker, Simon McVittie)
1.15.6
Denial-of-service fixes:
• Fix an assertion failure in dbus-daemon when a privileged Monitoring
connection (dbus-monitor, busctl monitor, gdbus monitor or similar)
is active, and a message from the bus driver cannot be delivered to a
client connection due to <deny> rules or outgoing message quota. This
is a denial of service if triggered maliciously by a local attacker.
(dbus#457; hongjinghao, Simon McVittie)
Enhancements:
• Special-case reading pseudo-files from Linux /proc to take into
account the filesystem's unusual semantics (dbus!401, Luca Boccassi)
Other fixes:
• Fix compilation on compilers not supporting __FUNCTION__
(dbus!404, Barnabás Pőcze)
• Fix some memory leaks on out-of-memory conditions
(dbus!403, Barnabás Pőcze)
• Documentation:
· Update the README to recommend building with Meson
(dbus!402, Ahmed Abdelfattah)
· Fix syntax of a code sample in dbus-api-design
(dbus!396; Yen-Chin, Lee)
• CMake build fixes:
· Detect presence of <sys/syscall.h> (dbus!400, Luca Boccassi)
Tests and CI enhancements:
• Fix CI pipelines after freedesktop/freedesktop#540
(dbus!405, dbus#456; Simon McVittie)
• Ensure the messagebus user is created if necessary
(dbus#445, Ralf Habacker)
1.15.4
Dependencies:
• Building with CMake now requires CMake ≥ 3.9.
Build-time configuration changes:
• On Unix platforms, a path in the runtime state directory (often /run)
is now used for the well-known system bus socket by default. OS
distributors should check that the path used is equivalent to the
interoperable path /var/run/dbus/system_bus_socket, especially if
running on an OS where /var/run is not guaranteed to be a symbolic
link to /run.
(dbus#180; Issam E. Maghni, Simon McVittie)
· With Autotools, this is controlled by --runstatedir, which defaults
to ${localstatedir}/run but is often set to /run by OS distributors.
The path to the system bus socket can be overridden with the
--with-system-socket option if required.
· With CMake, this is controlled by the RUNSTATEDIR option, which has
behaviour similar to Autotools. There is no separate option for the
path to the system bus socket.
· With Meson, this is controlled by the runtime_dir option, which
defaults to /run if the installation prefix is set to /usr, or has
behaviour similar to Autotools otherwise. The path to the system bus
socket can be overridden with the system_socket option if required.
Denial of service fixes:
• Fix an incorrect assertion that could be used to crash dbus-daemon or
other users of DBusServer prior to authentication, if libdbus was compiled
with assertions enabled.
We recommend that production builds of dbus, for example in OS distributions,
should be compiled with checks but without assertions.
(dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
Enhancements:
• D-Bus Specification 0.41:
· Clarify handling of /run vs. /var/run on Unix systems
(dbus#180, Simon McVittie)
• Add dbus_connection_set_builtin_filters_enabled(), intended to be called
by tools that use BecomeMonitor() such as dbus-monitor
(dbus#301, Kai A. Hiller)
• When using the Meson build system, dbus can now be used as a subproject.
To avoid colliding with a separate system copy of dbus, building it as a
static library with tests, tools and the message bus disabled is
strongly recommended. See test/use-as-subproject for sample code.
(dbus!368, dbus!388; Daniel Wagner)
Other fixes:
• When connected to a dbus-broker, stop dbus-monitor from incorrectly
replying to Peer method calls that were sent to the dbus-broker with
a NULL destination (dbus#301, Kai A. Hiller)
• Fix out-of-bounds varargs read in the dbus-daemon's config-parser.
This is not attacker-triggerable and appears to be harmless in practice,
but is technically undefined behaviour and is detected as such by
AddressSanitizer. (dbus!357, Evgeny Vereshchagin)
• Avoid a data race in multi-threaded use of DBusCounter
(dbus#426, Ralf Habacker)
• Fix a crash with some glibc versions when non-auditable SELinux events
are logged (dbus!386, Jeremi Piotrowski)
• If dbus_message_demarshal() runs out of memory while validating a message,
report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)
• Use C11 _Alignof if available, for better standards-compliance
(dbus!389, Khem Raj)
• Stop including an outdated copy of pkg.m4 in the git tree
(dbus!365, Simon McVittie)
• Meson build fixes:
· Use -fvisibility=hidden on Unix if supported, in particular on Linux
(dbus!383, dbus#437; Simon McVittie)
· Fix build on macOS, and any other platform that has
CLOCK_MONOTONIC but not pthread_condattr_setclock()
(dbus#419, Jordan Williams)
• Documentation:
· Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)
• Licensing:
· Use MIT license for some test files that did not previous specify a
license, with permission from their authors (dbus!359, Simon McVittie)
· Add more SPDX/REUSE license markers
(dbus!311, dbus!369, dbus!370, dbus!371, dbus!375, dbus!376;
Ralf Habacker, Simon McVittie)
· Correct syntax of some SPDX license markers (dbus!360, Ralf Habacker)
• Tests fixes:
· Fix an assertion failure in test-autolaunch-win
(dbus#422, Ralf Habacker)
· Expand test coverage under CMake (dbus!322, Ralf Habacker)
· Fix the test-apparmor-activation test after dbus#416
(dbus!380, Dave Jones)
Internal changes:
• Add static assertions for some things we assume about pointers
(dbus!345, Simon McVittie)
• Refactoring (dbus!356, dbus#430, dbus#431; Simon McVittie, Xin Shi)
• Fix CI builds with recent git versions (dbus#447, Simon McVittie)
• Build dbus with clang during CI (dbus!358, Evgeny Vereshchagin)
1.15.2
Behaviour changes:
• On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
Denial of service fixes:
Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote attacker.
• An invalid array of fixed-length elements where the length of the array
is not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
• A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (dbus#418, CVE-2022-42010; Simon McVittie)
• A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. This was a regression in
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
Enhancements:
• D-Bus Specification 0.40 (dbus#416, Simon McVittie)
· Clarify that unix:tmpdir is not required to use abstract sockets,
even where supported
· Mention implications of abstract sockets for Linux namespacing
1.15.0
Dependencies:
• On platforms where a pointer is larger than 64 bits, dbus requires at
least a C11 compiler.
On other platforms, dbus now requires either a C99 compiler such as
gcc or clang, or Microsoft Visual Studio 2015 or later. Some workarounds
for pre-C99 environments are currently still present, but we plan to
remove them during this development cycle.
• Building with CMake now requires CMake ≥ 3.4.
• Building with Meson requires Meson ≥ 0.56 and Python ≥ 3.5.
Feature removal:
• Remove support for the obsolete pam_console and pam_foreground modules
(the Autotools --with-console-auth-dir= and CMake -DDBUS_CONSOLE_AUTH_DIR=
options, which have been deprecated since dbus 1.11.18).
(dbus#181, fd.o#101629)
Build-time configuration changes:
• Add a Meson build system. This is currently considered experimental,
but the intention is for it to replace Autotools and/or CMake in future
releases, preferably both. Please test!
(dbus!303, dbus!325; Félix Piédallu, Marc-André Lureau, Simon McVittie)
· This requires Meson 0.56 or newer, and Python 3.5 or newer.
· Expat can be built as a subproject using Meson's "wrap" mechanism,
if desired. This should make it considerably easier to build dbus
for Windows or other platforms without a library packaging system.
· GLib can also be built as a subproject using Meson's "wrap" mechanism,
if desired. This should make it considerably easier to build full
test coverage on Windows or other platforms without a library
packaging system.
• Please note that not all Meson build options correspond 1:1 to how
the closest equivalents in Autotools or CMake behave, and the Meson
build options are subject to change.
Distributors and developers evaluating the Meson build should check
that they are configuring dbus the way they intend to.
Enhancements:
• D-Bus Specification 0.39:
· Document how to represent internationalized domain names in D-Bus
names (dbus!324, Simon McVittie)
· Improve documentation of AF_UNIX sockets (Marc-André Lureau)
• On Unix, speed up closing file descriptors for subprocesses by using
closefrom() or close_range() where available
(dbus#278; rim, Simon McVittie)
• On Windows, dbus can now use AF_UNIX sockets, not just TCP.
This requires Windows 10 build 17063 or later at runtime,
and either Windows 10 SDK 17063 or mingw-w64 version 9.0.0 or later
at compile-time. (dbus!249, Marc-André Lureau)
• Teach dbus-send to handle variants in containers: arrays of variants,
variant values in dictionaries, and nested variants
(dbus!206, Frederik Van Bogaert)
• Detect programming errors with Windows mutexes if assertions are
enabled, similar to what we already did for pthreads mutexes
(dbus#369, Ralf Habacker)
• Move license text into LICENSES, and start to use SPDX markers
(Simon McVittie, Ralf Habacker)
Fixes:
• Portability to CPU architectures with larger-than-64-bit pointers
(dbus!335, dbus!318; Alex Richardson)
• Fix build failure on FreeBSD (dbus!277, Alex Richardson)
• Fix build failure on macOS with launchd enabled
(dbus!287, Dawid Wróbel)
• Preserve errno on failure to open /proc/self/oom_score_adj
(dbus!285, Gentoo#834725; Mike Gilbert)
• Improve dbus-launch --autolaunch so it can pick up an existing bus from
Linux XDG_RUNTIME_DIR or macOS launchd, even if X11 autolaunching was
disabled (dbus#385, dbus#392; Simon McVittie, Alex Richardson)
• Correctly escape AF_UNIX socket paths when converting them to D-Bus
address strings (dbus#405, Marc-André Lureau)
• On Linux, don't log warnings if oom_score_adj is read-only but does not
need to be changed (dbus!291, Simon McVittie)
• Slightly improve error-handling for inotify
(dbus!235, Simon McVittie)
• Don't crash if dbus-daemon is asked to watch more than 128 directories
for changes (dbus!302, Jan Tojnar)
• Silence various compiler warnings
(dbus!275, dbus!289, dbus!305, dbus!307, dbus!312, dbus!315;
Ralf Habacker, Simon McVittie, Alex Richardson, Marc-André Lureau)
• On Windows, use safer locking patterns for the system-global mutex used
to implement autolaunching (dbus#368, dbus#370; Ralf Habacker)
• Index dbus-arch-deps.h for API documentation when building out-of-tree
(dbus!312, Marc-André Lureau)
• Silence xmlto warnings when building man pages
(dbus!312, Marc-André Lureau)
• Fix build failure when checks are disabled but assertions are enabled
(dbus#412, Johannes Kauffmann)
• Use C99 flexible arrays in the memory pool implementation for better
support for modern compilers
(dbus!343, dbus!344; Alex Richardson, Simon McVittie)
• Autotools build system fixes:
· Don't treat --with-x or --with-x=yes as a request to disable X11,
fixing a regression in 1.13.20. Instead, require X11 libraries and
fail if they cannot be detected. (dbus!263, Lars Wendler)
· When a CMake project uses an Autotools-built libdbus in a
non-standard prefix, find dbus-arch-deps.h successfully
(dbus#314, Simon McVittie)
· Don't include generated XML catalog in source releases
(dbus!317, Jan Tojnar)
· Improve robustness of detecting gcc __sync atomic builtins
(dbus!320, Alex Richardson)
• CMake build system fixes:
· Detect endianness correctly, fixing interoperability with other D-Bus
implementations on big-endian systems (dbus#375, Ralf Habacker)
· Fix a race condition generating man pages and HTML documentation
(dbus#381, Ralf Habacker)
· When building for Unix, install session and system bus setup
in the intended locations
(dbus!267, dbus!297; Ralf Habacker, Alex Richardson)
· Detect setresuid() and getresuid() (dbus!319, Alex Richardson)
· Detect backtrace() on FreeBSD (dbus!281, Alex Richardson)
· Don't include headers from parent directory (dbus!282, Alex Richardson)
· Fix -Wunused-command-line-argument on FreeBSD
(dbus!278, Alex Richardson)
· Only add warning flags if the compiler supports them
(dbus!276, Alex Richardson)
· Distinguish between host and target TMPDIR when cross-compiling
(dbus!279, Alex Richardson)
· Improve compiler warning detection (dbus#387, Ralf Habacker)
· Allow TEST_SOCKET_DIR to be overridden (dbus!295, Ralf Habacker)
· Fix detection of atomic operations (dbus!306, Alex Richardson)
· Use DWARF 2 instead of STABS for debug symbols on Windows, for
compatibility with newer gcc versions (dbus!323, Marc-André Lureau)
· Fix use of paths relative to the dbus project directory when dbus is
vendored into a larger CMake project (dbus!332, Jordan Williams)
Tests and CI enhancements:
• Add an automated test for Windows autolaunching
(dbus#235, Ralf Habacker)
• Avoid compiler warnings in test code
(dbus#383, dbus!274, dbus!275; Simon McVittie, Ralf Habacker)
• Avoid LeakSanitizer warnings in test code
(dbus!326, Simon McVittie)
• Speed up a particularly slow unit test by a factor of 30
(dbus!328, Simon McVittie)
• On Unix, skip tests that switch uid if run in a container that is
unable to do so, instead of failing (dbus#407, Simon McVittie)
• On Unix, consistently create test sockets in DBUS_TEST_SOCKET_DIR and
not the build directory, allowing the build directory to be mounted with
a non-POSIX filesystem (dbus!334, Alex Richardson)
• Gitlab-CI improvements
(dbus#383, dbus#388, dbus!262, dbus!288, dbus!292, dbus!296, dbus!299,
dbus!301;
Ralf Habacker, Simon McVittie, Alex Richardson)
• Added FreeBSD Gitlab-CI build jobs
(dbus!280, dbus!347; Alex Richardson)
• Use the latest MSYS2 packages for CI
(Ralf Habacker, Simon McVittie)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 86a84624f5723774cfb0df337cbaec0681d9aa7d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Jan 22 22:07:00 2025 +0100
clamav: Update to version 1.4.2
- Update from version 1.4.1 to 1.4.2
- Update of rootfile
- Changelog
1.4.2
- [CVE-2025-20128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128):
Fixed a possible buffer overflow read bug in the OLE2 file parser that could
cause a denial-of-service (DoS) condition.
This issue was introduced in version 1.0.0 and affects all currently
supported versions. It will be fixed in:
- 1.4.2
- 1.0.8
Thank you to OSS-Fuzz for identifying this issue.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 66e1d282c8e46168677abed8606cbbfb6c1ffe1c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 09:30:05 2025 +0100
kernel: update to 6.12.11
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9a8d32f8ede08be18c8b2db56e04fe06b27ee22b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 24 08:37:49 2025 +0100
collectd: load syslog plugin first
this remove the plugin load ouptput on the console at collectd startup.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a23189d202df8c3b80e0594b0e4a1710f9831252
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jan 23 08:37:34 2025 +0100
rootfile consistency check: check also commented lines
report also commented files to build rootfiles matching for all arches.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 3e85c21e8a122c041245ac06f6d2e65b955e522d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jan 23 06:23:33 2025 +0100
collectd: fix rootfile
we need this machine type check for the perl modules back!
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 31bc8f934bfe90a2b66b0bb8575053acf9a19487
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Jan 22 13:00:47 2025 +0100
collectd: fix rootfiles
the turbostat plugin is only present on x86_64 so we need a separate rootfile
on x86_64.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c77cc6646e22c689b2efbd8e3654fad34506deb2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Jan 22 07:07:56 2025 +0100
core192: ship openssl
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 51203ff501aadda962e06d90b382b7fec4f762c2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jan 15 14:57:50 2025 +0000
slang: This package does not build the zlib module any more
This is due to the removal of the static version of zlib, but we don't
need this module anyways.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bb0dff6f0b8c1b86f614a783951778c0fb0f569d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jan 15 14:57:49 2025 +0000
core192: Remove the old version of zlib
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1e21f69e81fb0b681478713583a07c898be2a585
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jan 15 14:57:48 2025 +0000
zlib-ng: Don't install the static version of the library
We want everythink to link against zlib dynamically so that we can
easily replace the library in case there is some urgent reason to do so.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 29119178f5b1dde27a1c90d8b202828e4e90b3bb
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jan 15 14:57:47 2025 +0000
zlib-ng: Install the compat library into /lib again
This is just to remain compatible with the older version which was also
installed in /lib.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0290bf4d643d1c4c4e2c1bb36a0f5c9ea9e78713
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jan 15 14:57:46 2025 +0000
Revert "zlib-ng: ship /usr/lib/libz.so"
This reverts commit 2dbfc2f042839d2942b2a38790123c480d087cd8.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c706e7601bb3be8ffbcbc4414af71110a38e4dfa
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jan 15 14:57:45 2025 +0000
openssl: Dynamically link zlib
The former way was to open libz.so whenever it was needed. This is
however not a very good solution and we will have trouble in dependency
tracking and discover any linking problems much later.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 66557751042e081147de7347da8a549e10b1468a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Jan 21 19:39:19 2025 +0100
core192: ship collectd changes.
- collectd
- backup.pl
- graphs.pl
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 79d6ae8caf28366401fe230b131dde9e35f2e1cd
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Dec 25 14:48:28 2024 +0100
nut: Update to enable collectd to find the nut files
- with-dev is required as a configure option to ensure that the package-config files
are installed during the build so that collectd can find the libupsclient library
files which are needed for the nut plugin.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4145cffd4303eeaab0cf4d4725c95eb51b3cd068
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Dec 25 14:48:27 2024 +0100
make.sh: Change of position for nut and dependant programs
- With nut enabled in collectd as a plugin (to match with apcupsd) then it had to be
moved to before collectd.
- netsnmpd is required by nut for one of its rootfiles and therefore has to stay before
nut.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 60ccc0901996449fcc2121039fc5ebf9d1c765c3
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Dec 25 14:48:26 2024 +0100
update.sh: Update to migrate rrd directories for collectd-5.x
- Not tested by myself but it uses the same code as in the backup.pl changes which were
tested and worked. So expectation is that they will work in the Core Update but this
will be able to be evaluated when the Testing Release is issued.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7a317798d47b0b6154815362b081147c65eab6a4
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Dec 25 14:48:25 2024 +0100
backup.pl: Update to migrate rrd directories for collectd-5.x
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 03d6ab55162c35533fb89881750900ddd346a19c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Dec 25 14:48:24 2024 +0100
graphs.pl: Update to names used by collectd-5.x
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2653023bdd90d03d8fb1b45c74554e7a10e4995c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Dec 25 14:48:23 2024 +0100
collectd: Removal of old patches that are no longer needed
Tested-by: Adolof Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 698639e3597607381ed340b252fbc5e9998e15f7
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Dec 25 14:48:22 2024 +0100
collectd: Update to version 5.12.0
- Update from version 4.10.9 to 5.12.0
- Update of rootfile
- Removal of the patches that were used for version 4.10.9. Checking these they have
either been included, are no longer applicable as the involved code is no longer
present or were changes specific to BSD or Solaris OS's or were related to plugins
that were not enabled on IPFire such as mysql.
- If anyone is aware of patches that should be applied to version 5.12.0 then let me
know.
- Updated the plugin lists to disable some that were enabled such as multimeter and
battery. We shouldn't need to use IPFire as a multimeter and it should not really
be running on a laptop in battery mode.
- Re-arranged the order of the plugins to make them alphabetical again.
- Added nut to the enabled plugins. apcupsd was already enabled but nut was not.
- Disabled making warnings into errors, updated the librrd directory and specified
the libgcrypt directory so that the build was successfull.
- collecvtd-5.x supports parallel builds
- copied the 4.x to 5.x migration program into IPFire. This is then used when restoring
older backups or for the update script for when collectd-5.12.0 is merged.
- The change set was installed on my vm and the graphs all worked as expected and got
updated. Doing a restore from an earlier backup with the 4.x format of files was
correctly migrated and installed.
- Changelog is rather large covering everything that has changed and been updated.
Details can be found at https://github.com/collectd/collectd/releases
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bd475ad3b9fa1106d45d723764313397717d0fe1
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Jan 20 00:21:56 2025 +0100
kernel: update to 6.12.10
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5dd0babeda2e6f03536b934c69e2c76ac84a02f3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Jan 19 22:44:46 2025 +0100
kernel: update riscv64 config and rootfile
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 356bfb56925800ef0347bf30d738fa633d9d3bed
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 18 17:40:17 2025 +0100
linux-headers: riscv64 rootfile update
commit 8423327e6b09d9438d04a4acf7d544102fb705c4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 18 17:33:04 2025 +0100
gdb: rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 42823268d0356da39370a97002bf7bc78802434e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 18 17:26:10 2025 +0100
flash-images: increase initial rootsize to 2.5GB
the riscv64 build run out of diskspace.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2e16824b87c6803b5df75c33407d7ef094b4daf2
Merge: e0bc608bf8 6c8b544494
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jan 17 09:43:05 2025 +0000
Merge remote-tracking branch 'origin/master' into next
commit e0bc608bf8d1f7e81f3bd35a5d4454eed495f858
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Jan 14 14:05:44 2025 +0100
core192: ship zlib-ng
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2dbfc2f042839d2942b2a38790123c480d087cd8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Jan 14 13:30:15 2025 +0100
zlib-ng: ship /usr/lib/libz.so
openssl needs this for dso library loading
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4a7cd2a5d6dbf51d07293b82e614d696bae2b2ba
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Jan 9 20:32:44 2025 +0100
tr.pl: Update tr.pl
- Corrected some sentences amd miss-uasages of words.
Suggested-by: Onur Erden <onur_erden(a)hotmail.com>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c5fc76563baf2f6e1f62a7b78dca1f82630a346d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jan 9 15:08:22 2025 +0000
kernel: Strip modules
The kernel does not strip modules by default. This can be enabled by
passing INSTALL_MOD_STRIP=1 when installing the modules.
Since we are not actually building the kernel with debuginfo and we are
comressing the modules afterwards, there is not a huge saving on disk
space, but there is a small saving of memory when loading the modules.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0934e36ef7d2a16c03cb7a0d3919b3d3b1b911c3
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Jan 8 13:18:54 2025 +0100
fr.pl: Additional update to French translations for the optionsfw.cgi page
Reported-by: Phil SCAR <p27m(a)orange.fr>
Fixes: Bug13800
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 18e20aef568362f7b772bd72ab88ee520fb6f8c9
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Tue Jan 7 17:34:18 2025 +0100
web-user-interface: Update rootfile
- Comment out the wlanap.cgi rootfile entry as this is tied to the hostapd addon and is
installed when hostapd is installed.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2dc005c68b24f7e3d5d59258da26c9ff6e25ffdc
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Jan 6 14:52:26 2025 +0100
speedtest-cli: Fix for bug13805 - error message if run on hour or half hour
- Created a self consistent patch set out of four patches on the speedtest-cli
github site. Slight changes needed in each to allow them to be successfully applied
in sequence.
- Additional comments added to top of the various patches.
- Tested out this modified package on my vm testbed and it fixes the bug of
speedtest-cli giving an error message if run on the hour or on the half hour. I
tested it out with the original system first and it failed with the error message
for 7 half hour tests. With this modified version it ran for 9 half hour slots with
no problems at all. Tested with the command being run via fcrontab.
- None of these patches have ben merged by the speedtest-cli github owner as the last
commit was July 2021 and the patches were proposed in Feb 2023. There has been no
resposne to anything on the speedtest-cli github site by the owner.
- I have reviewed all the patches and the content looks fine to me with no concerns
from a security point of view although it would be good to get feedback from
alternative eyes.
- Update of rootfile not required.
Fixes: Bug13805
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7aa181ec1fd492c1a60df67782257c144bb693dc
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 11 08:47:27 2025 +0000
kernel: update to 6.12.9
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 93f8b568175a73a7f1ad52b47cf44013544266a4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Jan 8 20:19:37 2025 +0100
core192: ship suricata
this is now build with updated rust compiler.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c4a21542834c0a5dc13192aa5a30be2fd60c10e0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jan 3 10:39:28 2025 +0000
zlib-ng: Migrate to zlib-ng
This is a new and improved version of zlib that merges various fixes and
optimizations from various contributors.
Amonst those are taking advantage of AVX and instruction sets if they
are available.
This patch adds the new API and a compat library that is a drop-in
replacement for the legacy version of zlib.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit df7d6c99a9831d47d93df5258eeddc26f8568d89
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jan 3 10:40:03 2025 +0000
make.sh: Actually perform the build in the toolchain stage
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4aae2b40b94222cff29dd2797ad3b2e17b33afad
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:39 2024 +0100
clamav: Update to version 1.4.1
- Update from version 1.3.2 to 1.4.1
- Update of rootfile
- Changelog
1.4.1
ClamAV 1.4.1 is a critical patch release with the following fixes:
- [CVE-2024-20506](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506):
Changed the logging module to disable following symlinks on Linux and Unix
systems so as to prevent an attacker with existing access to the 'clamd' or
'freshclam' services from using a symlink to corrupt system files.
This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12
Thank you to Detlef for identifying this issue.
- [CVE-2024-20505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505):
Fixed a possible out-of-bounds read bug in the PDF file parser that could
cause a denial-of-service (DoS) condition.
This issue affects all currently supported versions. It will be fixed in:
- 1.4.1
- 1.3.2
- 1.0.7
- 0.103.12
Thank you to OSS-Fuzz for identifying this issue.
- Removed unused Python modules from freshclam tests including deprecated
'cgi' module that is expected to cause test failures in Python 3.13.
1.4.0
Major changes
- Added support for extracting ALZ archives.
The new ClamAV file type for ALZ archives is `CL_TYPE_ALZ`.
Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
option to enable or disable ALZ archive support.
> _Tip_: DCONF (Dynamic CONFiguration) is a feature that allows for some
> configuration changes to be made via ClamAV `.cfg` "signatures".
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1183)
- Added support for extracting LHA/LZH archives.
The new ClamAV file type for LHA/LZH archives is `CL_TYPE_LHA_LZH`.
Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
option to enable or disable LHA/LZH archive support.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1192)
- Added the ability to disable image fuzzy hashing, if needed. For context,
image fuzzy hashing is a detection mechanism useful for identifying malware
by matching images included with the malware or phishing email/document.
New ClamScan options:
```
--scan-image[=yes(*)/no]
--scan-image-fuzzy-hash[=yes(*)/no]
```
New ClamD config options:
```
ScanImage yes(*)/no
ScanImageFuzzyHash yes(*)/no
```
New libclamav scan options:
```c
options.parse &= ~CL_SCAN_PARSE_IMAGE;
options.parse &= ~CL_SCAN_PARSE_IMAGE_FUZZY_HASH;
```
Added a [DCONF](https://docs.clamav.net/manual/Signatures/DynamicConfig.html)
option to enable or disable image fuzzy hashing support.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186)
Other improvements
- Added cross-compiling instructions for targeting ARM64/aarch64 processors for
[Windows](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-windows-arm64.md)
and
[Linux](https://github.com/Cisco-Talos/clamav/blob/main/INSTALL-cross-linux-arm64.md).
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1116)
- Improved the Freshclam warning messages when being blocked or rate limited
so as to include the Cloudflare Ray ID, which helps with issue triage.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1195)
- Removed unnecessary memory allocation checks when the size to be allocated
is fixed or comes from a trusted source.
We also renamed internal memory allocation functions and macros, so it is
more obvious what each function does.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1137)
- Improved the Freshclam documentation to make it clear that the `--datadir`
option must be an absolute path to a directory that already exists, is
writable by Freshclam, and is readable by ClamScan and ClamD.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1199)
- Added an optimization to avoid calculating the file hash if the clean file
cache has been disabled. The file hash may still be calculated as needed to
perform hash-based signature matching if any hash-based signatures exist that
target a file of the same size, or if any hash-based signatures exist that
target "any" file size.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1167)
- Added an improvement to the SystemD service file for ClamOnAcc so that the
service will shut down faster on some systems.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1164)
- Added a CMake build dependency on the version map files so that the build
will re-run if changes are made to the version map files.
Work courtesy of Sebastian Andrzej Siewior.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1294)
- Added an improvement to the CMake build so that the RUSTFLAGS settings
are inherited from the environment.
Work courtesy of liushuyu.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1301)
Bug fixes
- Silenced confusing warning message when scanning some HTML files.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1252)
- Fixed minor compiler warnings.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1197)
- Since the build system changed from Autotools to CMake, ClamAV no longer
supports building with configurations where bzip2, libxml2, libz, libjson-c,
or libpcre2 are not available. Libpcre is no longer supported in favor of
libpcre2. In this release, we removed all the dead code associated with those
unsupported build configurations.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1217)
- Fixed assorted typos. Patch courtesy of RainRat.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1228)
- Added missing documentation for the ClamScan `--force-to-disk` option.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1186)
- Fixed an issue where ClamAV unit tests would prefer an older
libclamunrar_iface library from the install path, if present, rather than
the recently compiled library in the build path.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1258)
- Fixed a build issue on Windows with newer versions of Rust.
Also upgraded GitHub Actions imports to fix CI failures.
Fixes courtesy of liushuyu.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307)
- Fixed an unaligned pointer dereference issue on select architectures.
Fix courtesy of Sebastian Andrzej Siewior.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293)
- Fixed a bug that prevented loading plaintext (non-CVD) signature files
when using the `--fail-if-cvd-older-than=DAYS` / `FailIfCvdOlderThan` option.
Fix courtesy of Bark.
- [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1309)
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2491a8377dec09d1653cd81c82519accf4122f77
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:38 2024 +0100
make.sh: Addition of new and pinned rust crates
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a47b54a291e126a77fd48fb7e9d5cd4d13f54c3a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:37 2024 +0100
rust-winnow: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 38ba7f31ea1494ea7b77c6b7481e606589def442
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:36 2024 +0100
rust-unicode-ident: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 3d7053d9d344cb42812f70bd457646dc314f19a0
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:35 2024 +0100
rust-toml_edit: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1fb656b2d794c900f43a6f9935b2228506c3656e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:34 2024 +0100
rust-toml_datetime: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 19a2333d665d3ac645f860d8000570d75e3efb7e
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:33 2024 +0100
rust-target-triple: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1816b14124737452da09f741accc94d72b6f29a0
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:32 2024 +0100
rust-syn-1.0.109: Crate required pinned at version 1.0.109
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 21487812db8b754b4d7b86fefdd3c6ce74654f41
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:31 2024 +0100
rust-serde_spanned: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 61b7f8d5b0b13f1f67367a06add063df96cc9161
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:30 2024 +0100
rust-indoc-impl-0.3.6: Crate required to be pinned at version 0.3.6
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit cd456f9154a9e69bfecce17ee4adb6d75bf9789b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:29 2024 +0100
rust-indexmap: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 66f6d14002a28886d510856091bb122ce9f889d6
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:28 2024 +0100
rust-hashbrown: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a57ea02b22f952c2db068de96590948915335b50
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:27 2024 +0100
rust-foldhash: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit abd4591d0835186cf3f4a3b577adcfbe51223ea1
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:26 2024 +0100
rust-equivalent: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6504114f013f275fb212791ef006425199c7bda4
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:25 2024 +0100
rust-allocfator-api2: New crate required by rust-1.83.0
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit add6ad00799bb4d649530c432fdf32b9bf2359bd
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:24 2024 +0100
rust-unindent: Update to version 0.1.11 from 0.1.7
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b22d6d51dce07204dfba6adf26a8b0a8e2e93a4c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:23 2024 +0100
rust-trybuild: Update to version 1.0.101 from 1.0.54
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c21208205ed0f1cd37608398b98d74d2b1590bac
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:22 2024 +0100
rust-toml: Update to version 0.8.19 from 0.5.8
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f958ce5d7e5c70b0221e97b9e7a3f9660f934d64
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:21 2024 +0100
rust-synstructure: Update to version 0.13.1 from 0.12.6
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 23b1ddf5d60e6bca64e2da94092beda623f325d2
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:20 2024 +0100
rust-syn: Update to version 2.0.90 from 1.0.86
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b653dee1a6a0fbffd0badf1226792a8b9f395a5c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:19 2024 +0100
rust-serde_json: Update to version 1.0.133 from 1.0.78
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8d22a6f9476f577eb80c367437bbd7bc3af8aa92
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:18 2024 +0100
rust-serde_derive: Update to version 1.0.216 from 1.0.136
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d0a954d10456371deb2e8b7760675ed4850cbdec
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:17 2024 +0100
rust-serde: Update to version 1.0.216 from 1.0.136
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1a9d05b3bd2f6880f18b106be8b4037a49e48ed9
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:16 2024 +0100
rust-rand: Update for template to add removal of Cargo.toml.orig from source file
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5289fd8591b15948dfb0d795735f52f78ef73dc4
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:15 2024 +0100
rust-quote: Update to version 1.0.37 from 1.0.15
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8845196a159bad9e4aaa5c7d9491bf16d3fa1a23
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:14 2024 +0100
rust-proc-macro2: Update to version 1.0.36 from 1.0.92
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9a81b0bfa90a88594a6a717f54363b15ec250c27
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:13 2024 +0100
rust-memchr: Update to version 2.7.4 from 2.4.1
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a067bd801e9d084a75d6fdfca525862380562b6f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:12 2024 +0100
rust-inventory-impl: Update to version 0.1.11 from 0.1.4
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6a11a83ac7ebc0fafb2f791270805b8f436f945b
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:11 2024 +0100
rust-inventory: Update to version 0.1.4 from 0.3.15
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ada6d56583ba0e9d3240de37dbf6219e97dcd907
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:10 2024 +0100
rust-indoc-impl: Update to version 0.3.7 from 0.3.6
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d584ba5c7280d69f8d241a9a3e6ad0b00255be8a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:09 2024 +0100
rust-ctor: Update to version 0.2.9 from 0.1.21
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 51949018d02b6e0e9a541f9a6932a3863b44b295
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Sat Dec 21 13:55:08 2024 +0100
rust: Update to version 1.83.0
- Update from version 1.67.0 to 1.83.0
- Update x86_64, aarch64 & riscv64 rootfiles
- This version of rust hasd the fix to ensure that ruby builds okay with aarch64 &
riscv64. This required a fix to be applied to the LLVM and then for the updated
LLVM to be built into rust. That has occurred with this version.
- Tested out the build on aarch64 and riscv64 and confirmed that ruby built without
any problems with this version of rust.
- The update of rust required a range of updates of other rust crates plus the
inclusion of new crates and the pinning of some crates to older versions. This patch
set includes all the rust crate changes.
- The download-rust-crate script results in source tarballs that have a Cargo.toml.orig
file included in them. This is not allowed in the rust building so the rust-rand file
which is used as a template for the rust crate script has been modified to remove
this .orig file so that the build can complete.
- With this updated version of rust the clamav addon can also now be updated and so is
also included in this patch set.
- There are 29 rust crate changes.
- Changelog is too large to include here. Details can be found at
https://releases.rs/docs/
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 201dd22052b178718142c593dbcbf1bd268f5028
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Jan 8 20:01:37 2025 +0100
qemu: update rootfile
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9ce7664513091dfec6c770906a1121b7f4a8099a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:17 2024 +0200
samba: Modification to disable cups for samba build and install
- As discussed at IPFire conf call on 7th Oct
- disable cups for the samba configure stage
- Update of rootfiles
- Update of samba.cgi to remove the printing of a printer share into the samba
configuration file.
- Tested out on vm system. Installed samba with only avahi, perl-Parse-Yapp, perl-JSON
and wsdd as dependencies. Installed without any problems. Existing share was able
to be accessed without any problems and a new share was created and was also able
to be accessed without problems.
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9a05bf8e6beb16ab186051156fd14a589dc5c9d6
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:16 2024 +0200
perl-Imager: Removal of all tiff related lines in rootfile
- With removal of libtiff, the perl-Imager rootfile has to have tiff related lines
removed.
- perl-Imager works without the tiff lines in place. Only no tiff images will be able
to be processed by perl-Imager but that is not required for its use in IPFire.
- Tested out creating an OpenVPN connection with OTP enabled and the OTP QR code was
produced and able to be viewed.
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c5d2db20e4df204c46dd3c0da19e8a65c6899597
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:15 2024 +0200
make.sh: All removed packages removed from make.sh
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 891ec92e339a5cabc926a242701ea8163e3a7fd7
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:14 2024 +0200
qpdf: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 45dd83171b2b01ecbe68ea80228ef7944fedb71c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:13 2024 +0200
poppler-data: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 728f1e8ea04e03a33761ca2f4dfea8162515d3bc
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:12 2024 +0200
poppler: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 42175db71b55909ada801cd497e137aa5bb6807f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:11 2024 +0200
openjpeg: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 61688b35c36fa26d8f1c79c99aabd48759e03714
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:10 2024 +0200
libtiff: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9c72de7ac492429b23531159e5d2a0d7f68cfad9
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:09 2024 +0200
lcms2: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4677b1fec5fecc1549d14ca579ac3555b7bb33b1
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:08 2024 +0200
hplip: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6101e448354318bf912673e8a36a2c8f6ae34f02
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:07 2024 +0200
gutenprint: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit faeb6046cf41e21b52c0f20235fbb8a0d4b73ff6
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:06 2024 +0200
ghostscript: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0b0a2a4eeb0769caba19e7311523bf99e324b98d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:05 2024 +0200
foomatic: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 450de5a2d58bb8c55613dedcc78609d975555760
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:04 2024 +0200
epson-inkjet-printer-escpr: Removal of package
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bba7bf37eba7ee7e6e8a5358db93629bd5e8be13
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:03 2024 +0200
cups-pdf: Removal of cups-pdf
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8f89cc08187e605a4288eb9c0c2ef221f5a7c8d0
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:02 2024 +0200
cups-filters: Removal of cups-filters
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 70d59110a445ecf5ab8776027763a0124c196b9c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Oct 14 18:51:01 2024 +0200
cups: Removal of cups and associated packages
- As discussed at IPFire conf call on 7th Oct
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 99790b2a1c30a06c7bb91fb9ba364828eb20638f
Merge: b9dd3e205b 0ba187b4d3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Jan 8 06:36:20 2025 +0100
Merge remote-tracking branch 'origin/master' into next
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b9dd3e205bca7b7d1cedc38b44ff72be346a4998
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Jan 5 19:59:27 2025 +0100
u-boot: update rootfile
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7c7868104c03efca79b88dcbb381a2e5f0a38110
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Jan 5 18:00:14 2025 +0100
kernel: update to 6.12.8
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2e1528a90095ad8f0421d631f75844a7ad26e04c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Jan 5 14:14:19 2025 +0000
u-boot: add support for OrangePi PC 2
this board can also boot with the OrangePi Zero+ u-boot
but then it not support video out.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 15667b3394ff07a9970f0c7ea76f27f08b5d1323
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 4 22:50:40 2025 +0100
u-boot: remove some arm32bit parts from bootscript
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 318c037092abe862bdf1cbea0fe5e28fb8278b7d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 4 22:46:29 2025 +0100
rpi-firmware: update to 20240424
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f7a575cebb35155372a32bc26e062dac32be9b3d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 4 22:31:13 2025 +0100
mympd: update to 19.0.2
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4f9ffb9f20c739c49dfafe256e9674f4d8262c11
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 4 17:30:06 2025 +0100
mympd: fix typo
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bbbe9111da6aaef3b0855bd85867accc5275e20e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 4 09:12:05 2025 +0000
mympd: set loglevel 2
this silence the log to errors only.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 113750aae50a352a234a72527ed22729c0fb2bcc
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jan 4 09:10:04 2025 +0000
u-boot: fix usb boot on rpi4
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ec6f65d9cc6be9863f39b896b479907f96416c4e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 3 23:44:06 2025 +0000
u-boot: revert rpi boards to distro_bootcmd
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 23e8b462f3775ffe0511ecc736a9d4fe490047a4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jan 3 00:48:18 2025 +0000
u-boot: fix settings and patch for rk3399
distro_bootcmd was not correct added for this board.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit de8edcf515c7f856d10fad1f5d1421538048fa09
Merge: fb0fc29abc e3b5000b83
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jan 2 10:16:08 2025 +0100
Merge remote-tracking branch 'origin/master' into next
commit fb0fc29abc107cf356ecdfe01299427e683144e0
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Dec 30 18:04:14 2024 +0000
u-boot: fix distro_bootcmd on rockchip boards
this function was removed but we need it for
our configuration.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d95af1ad4a5aeb7c2ce7b71d1e392c6355013db6
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Dec 30 19:02:26 2024 +0100
core192: ship u-boot for aarch64
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4bd8107bf940d5cbcb7ed0b7ddfe13f76190549f
Merge: c6e9d9d9cb 8ceaf358ae
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Dec 30 19:00:07 2024 +0100
Merge remote-tracking branch 'origin/master' into next
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c6e9d9d9cb069c7b7b22ccd8bda120943c909dba
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Dec 28 08:55:38 2024 +0000
u-boot: update to 2024.10
removed also some leftover arm32 patches.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2186f19f13c6086675ba42aacb3707e30cb5f4e6
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Dec 28 08:51:45 2024 +0000
python3-pyelftools: add new package
this is a buildtime dependency for u-boot but i have
also added the files to build an addon. Maybee it is
usefull later.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9849d383efb6e031937aadaa7a4f08a0d3c29ed7
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Dec 27 08:24:57 2024 +0000
kernel: update aarch64 rootfiles
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c7717b75b0a598bbcf5384885b9a1d6e5363dbac
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 26 19:35:30 2024 +0100
kernel: update x86_64 rootfiles
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit fecd75593d10fe3e32482f0803efe64f751ecc55
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 26 19:22:49 2024 +0100
core192: start updater and add kernel and udev
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 40f02625e128d87498275b2a74f43b2db5bc55ac
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 26 10:26:08 2024 +0100
kernel: update to 6.12.6
todo: rootfiles and riscv64 config
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7e7c59872bdd82b9aee09d5e50d8688ceba8c87c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 26 10:23:08 2024 +0100
rtl8812au: update to 20210820-ad90dfb072ed4aed0703f1209272195214fb4300
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ca6c720173da888af68651232b80f24ce0aa5ee4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 26 10:21:10 2024 +0100
strace: update to 6.12
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d19b71301d08db94341eae1d62500a928a8f6712
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 26 10:19:20 2024 +0100
udev: patch to handle pidfs and bcachefs
this is needed to build udev with kernel 6.12 headers
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-02-19 15:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-19 15:23 [git.ipfire.org] IPFire 2.x development tree branch, core192, created. 2112342dd3ccaf6008c742dddd4ca26b17c5651d Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox