Adolf Belka [Sat, 5 Feb 2022 12:01:30 +0000 (13:01 +0100)]
libgpg-error: Update to version 1.44
- Update from 1.43 to 1.44
- Update of rootfile
- Changelog
Noteworthy changes in version 1.44 (More details can be found in the ChangeLog file in
the source tarball which lists each commit)
* Fix dependency to gpg-error-config-test.sh. [T5696]
* Run the posix locking test only on supported platforms. [T5699]
* Detect Linux systems using musl. [T5762]
* Fix gpg-error-config-test for PKG_CONFIG_LIBDIR. [T5740]
* Fix returning of option attributes for options with args. [T5799]
* Add Turkish translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 5 Feb 2022 12:01:10 +0000 (13:01 +0100)]
libcap: Update to version 2.63
- Update from 2.61 to 2.63
- Update of rootfile
- Changelog
Release notes for 2.63
Restore errno to zero by the time main() is executed
Bug reported by Yang Xu
Consistent psx handling (a panic) for syscalls that return thread dependent status
Inconsistend behavior noticed by Lorenz Bauer (Bug: 215283)
Add a test case for a deadlock under investigation in golang #50113
Bug reported by Weixiao Huang
Trim some of the #include file use to make the tree compile more efficiently
Release notes for 2.62
Bug fix for Go package "cap" and launching:
There was a race condition, reported by Lorenz Bauer (Bug: 215283)
Build cleanups:
David Seifert cleaned up warnings for 32-bit builds
No longer use Perl in the libcap build process (Gentoo had a compelling reason to
avoid this dependency)
Documentation updates: cap_max_bits has a man page entry; Go module cap updates for
Launch detail.
Recognize default securebits as a libcap mode: HYBRID.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Fri, 4 Feb 2022 16:47:25 +0000 (16:47 +0000)]
binutils+gcc: Fix that the toolchain compiler is trying to link against host libraries
Binutils and GCC were misconfigured and used host libraries to build
toolchain programs. That resulted in that those programs were correctly
linked, but could not be executed, because the runtime linker did not
search in the host system.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Feb 2022 16:47:21 +0000 (16:47 +0000)]
gcc: toolchain stage 2: Set sysroot to /tools_${arch}
The stage 2 compiler was looking for libraries outside the bootstrapped
toolchain environment which causes that linked programs cannot be
executied because the runtime linker only looks for libraries inside the
toolchain environment.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:52:38 +0000 (22:52 +0100)]
poppler: Update to version 22.02.0
- Update from 21.11.0 to 22.02.0
- Update of rootfile
- Changelog
Release 22.02.0:
core:
* Signature: Add a way to detect unsigned FormFieldSignature
* Signature: Suport background image when using left and right text
* Signature: Fix path where to search for Firefox NSS in Windows
* Signature: Fix NSS code to work correctly in Windows/Android
* Count only signature fields in PDFDoc::getNumSignatureFields
* Minor code improvements
qt:
* Allow signing unsigned signature fields
* Allow passing a background image for the signature when signing
* Allow passing the document password when signing
* Fix leftFontSize being ignored when signing
glib:
* try with utf8 password if latin1 fails
* New method for getting all signature fields of a document
* Fix compile with MSVC
utils:
* pdfsig: Fix compile with MSVC
build system:
* Fix NSS cmake check for MSVC
Release 22.01.0:
core:
* Allow local (relative to dll) fonts dir on Windows
* TextOutputDev: require more spacing between columns. Issue #1093
* Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183
* Fix crash when calling Form::reset()
* GfxSeparationColorSpace: Check validity of colorspace and function. Issue #1184
* Minor code improvements
glib:
* Include glib.h before using defines from it
* Close file descriptors on error
* Plug some memory leaks
* Replace use of deprecated g_memdup/g_time_zone_new
* Remove FD-taking functions on windows
utils:
* pdfsig: Add support for documents with passwords
* pdfsig: Fix signing with -sign if nss password is needed
Release 21.12.0:
core:
* Add API to add images
* CairoOutputDev: Fix de-duping of Flate images
* Fix crash on broken files when using non-default ENABLE_ZLIB_UNCOMPRESS. Issue #393
* Minor code improvements
glib:
* Add API for validation of signatures
* Add API to read/save to file descriptor
utils:
* pdftohtml: Reduce sensitivity of duplicate detection. Issue #1117
build system:
* Increase C++ standard to 17
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:53:04 +0000 (22:53 +0100)]
samba: Update to version 4.15.5
- Update from 4.14.6 to 4.15.5
- Update of rootfile
- Changelog is too long to include everything. Full details can be found in the
WHATSNEW.txt file in the source tarball. The following highlights those releases
that were security releases. The other releases had a range of bug fixes.
4.15.5 is a security release and includes the following CVE fixes
o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target
of a symlink exists.
https://www.samba.org/samba/security/CVE-2021-44141.html
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
4.15.2 was a security release and included the following CVE fixes
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
(PLEASE READ! There are important behaviour changes described)
o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
o CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
4.14.12 was a security release and included the following CVE fixes
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
4.14.10 was a security release and included the following CVE fixes
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
(PLEASE READ! There are important behaviour changes described)
o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
o CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:53:25 +0000 (22:53 +0100)]
sdl2: Update to version 2.0.20
- Update from 2.0.18 to 2.0.20
- Update of rootfile
- Changelog
2.0.20:
General:
* SDL_RenderGeometryRaw() takes a pointer to SDL_Color, not int. You can cast color
data in SDL_PIXELFORMAT_RGBA32 format (SDL_PIXELFORMAT_ABGR8888 on little endian
systems) for this parameter.
* Improved accuracy of horizontal and vertical line drawing when using OpenGL or
OpenGLES
* Added the hint SDL_HINT_RENDER_LINE_METHOD to control the method of line drawing
used, to select speed, correctness, and compatibility.
Windows:
* Fixed size of custom cursors
Linux:
* Fixed hotplug controller detection, broken in 2.0.18
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 2 Feb 2022 13:09:24 +0000 (14:09 +0100)]
manualpages: Update to include addon help links for addons with menu entries
- Some addons have menu entries and currentlky these do not have any links to their
help pages
- Ran check_manualpages and confirmed that all links to wiki pages are existing.
- Tested for guardian and wio
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 28 Jan 2022 13:08:00 +0000 (14:08 +0100)]
p11-kit: Update to version 0.24.1
- Update from 0.24.0 to 0.24.1
- Update of rootfile not required
- Changelog
0.24.1 (stable)
* rpc: Support protocol version negotiation [PR#371, PR#385]
* proxy: Support copying attribute array recursively [PR#368]
* Link libp11-kit so that it cannot unload [PR#383]
* Translation improvements [PR#381]
* Build fixes [PR#372, PR#373, PR#375, PR#377, PR#384, PR#407]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 28 Jan 2022 13:07:40 +0000 (14:07 +0100)]
mdadm: Update to version 4.2
- Update from 4.1 to 4.2
- Update of rootfile not required
- Changelog is no longer updated. The package directs you to the git commits to find
the changes. https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/log/
- Announcement of update says-
The release includes more than two years of development and bugfixes,
so it is difficult to remember everything. Highlights include
enhancements and bug fixes including for IMSM RAID, Partial Parity
Log, clustered RAID support, improved testing, and gcc-9 support.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
checkrootfiles: exclude some rust paks and fix armv6l
some new rust packages contain files with x86_64 or aarch64 on
all archictectures. They are now excluded from check.
also this fix the check for armv6l.
Michael Tremer [Mon, 31 Jan 2022 13:30:20 +0000 (14:30 +0100)]
rust-pyo3: New package.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>