Stefan Schantl [Mon, 24 May 2021 17:38:20 +0000 (19:38 +0200)]
pakfire: Prevent from get launched multiple times.
When pakfire gets launched a check if a so called lockfile exists and
the process will be aborted, otherwise the file will be created which
prevents any other pakfire instance to perform any operations until the
first process gets finished and the lock will be released again.
Because the release of the lock is located in an END block, the lock
also will be released in case the pakfire process gets interuped or
gains an error.
This prevents from an lock loop and an unuseable pakfire.
Reference: #12621.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 23 May 2021 15:43:38 +0000 (17:43 +0200)]
libusb: update to 1.0.24
Full changelog as per CHANGELOG file:
2020-12-09: v1.0.24
* Add new platform abstraction (#252)
* Add Null POSIX backend
* Add support for eventfd
* Add support for thread IDs on Haiku, NetBSD and Solaris
* New API libusb_hotplug_get_user_data()
* Darwin (macOS): Fix race condition that results in segmentation fault (#701)
* Darwin (macOS): Fix stale descriptor information post reset (#733)
* Darwin (macOS): use IOUSBDevice as darwin_device_class explicitly (#693)
* Linux: Drop support for kernel older than 2.6.32
* Linux: Provide an event thread name (#689)
* Linux: Wait until all USBs have been reaped before freeing them (#607)
* NetBSD: Recognize device timeouts (#710)
* OpenBSD: Allow opening ugen devices multiple times (#763)
* OpenBSD: Support libusb_get_port_number() (#764)
* SunOS: Fix a memory leak (#756)
* SunOS: Various fixes (#627, #628, #629)
* Windows: Add Visual Studio 2019 support
* Windows: Drop support for WinCE and Visual Studio older than 2013
* Windows: Drop support for Windows XP
* Windows: Support building all examples using Visual Studio (#151)
* Documentation fixes and improvements
* Various other bug fixes and improvements
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The changelog between version "s20160803" is too large to include it
here, please refer to https://github.com/iputils/iputils/releases for a
human-readable version.
Due to build system changes, single binaries cannot be compiled by
running "make [program]" anymore, updated rootfiles to reflect that
change.
20210202's version of /usr/bin/ping is bug-compatible to s20160803's
one, hence does not cause trouble in ~/src/ppp/ip-up. Tested, works.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 22 May 2021 13:29:30 +0000 (15:29 +0200)]
bind: Update to 9.11.32
For details see:
https://downloads.isc.org/isc/bind9/9.11.31/RELEASE-NOTES-bind-9.11.32.html
"Notes for BIND 9.11.32
Feature Changes
DNSSEC responses containing NSEC3 records with iteration counts
greater than 150 are now treated as insecure. [GL #2445]
The maximum supported number of NSEC3 iterations that can be
configured for a zone has been reduced to 150. [GL #2642]
The implementation of the ZONEMD RR type has been updated to match
RFC 8976. [GL #2658]
Notes for BIND 9.11.31
Security Fixes
A malformed incoming IXFR transfer could trigger an assertion
failure in named, causing it to quit abnormally. (CVE-2021-25214)
ISC would like to thank Greg Kuechle of SaskTel for bringing this
vulnerability to our attention. [GL #2467]
named crashed when a DNAME record placed in the ANSWER section
during DNAME chasing turned out to be the final answer to a client
query. (CVE-2021-25215)
ISC would like to thank Siva Kakarla for bringing this vulnerability
to our attention. [GL #2540]
When a server's configuration set the tkey-gssapi-keytab
or tkey-gssapi-credential option, a specially crafted GSS-TSIG query
could cause a buffer overflow in the ISC implementation of SPNEGO
(a protocol enabling negotiation of the security mechanism used for
GSSAPI authentication). This flaw could be exploited to crash named
binaries compiled for 64-bit platforms, and could enable remote code
execution when named was compiled for 32-bit platforms.
(CVE-2021-25216)
This vulnerability was reported to us as ZDI-CAN-13347 by Trend
Micro Zero Day Initiative. [GL #2604]
Feature Changes
The ISC implementation of SPNEGO was removed from BIND 9 source
code. Instead, BIND 9 now always uses the SPNEGO implementation
provided by the system GSSAPI library when it is built with GSSAPI
support. All major contemporary Kerberos/GSSAPI libraries contain
an implementation of the SPNEGO mechanism. [GL #2607]
Notes for BIND 9.11.30
The BIND 9.11.30 release was withdrawn after a backporting bug was
discovered during pre-release testing. ISC would like to acknowledge the
assistance of Natan Segal of Bluecat Networks.2"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 22 May 2021 13:25:11 +0000 (15:25 +0200)]
vnstat: Update to 2.7
For details see:
https://humdi[dot]net/vnstat/CHANGES
"2.7 / 16-May-2021
- Fixed
- Possibility of segmentation fault with image list output when database
existed but no data was available
- ./configure output could show invalid install paths with some parameter
combinations (pull request by Severin Glöckner)
- Columns in text hours graph output could get misaligned if the selected
system locale used a UTF-8 sequence for the thousands separator instead
of a single character
- New
- Add -5g / --fivegraph options to image output with sizing related
parameters for the output of a 5 minute resolution bar graph
- Add configuration option SummaryGraph and optional parameter for
--hsummary and --vsummary for selecting which graph is shown next to
the summary data in the horizontal and vertical summary image outputs
- Add --large / --small options and configuration option LargeFonts for
controlling the image output font size
- Add --scale and configuration option ImageScale for scaling the image
output to a given percent
- Add configuration option LineSpacingAdjustment for adjusting the line
spacing of list format image outputs
- Add bar visualizations for traffic estimations in image output
- Allow writing image output to a filename starting with -
- Add --initdb to daemon for creating a new empty database without having
the daemon process staying running, doesn't discard data if a database
already exists
- Add configuration option BarColumnShowsRate for having the bar column in
image list outputs be scaled according to the average rate column values
when those values are visible, disabled by default
- Add --dbiflist for getting a list of interfaces in the database, both
--iflist and --dbiflist also get alternative more parseable outputs
- Add configuration option for large font output and make 5 minute
resolution graph visible in vnstat.cgi"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 May 2021 12:22:50 +0000 (14:22 +0200)]
backup.pl: Fix #12626 backup/include.user entries will not override backup/exclude
- Current situation is that any restrictions in the exclude file will not
be overwritten by the include.user file
- For example the global exclude file has *.tmp preventing any tmp files
being backed up from the globally included IPFire files
If a user has some specific tmp files they want to backup and include
them in the include.user file they will not override the global
exclude file.
- This fix does the backup of the global and user backups as two separate
events and then appends them. This means that any tmp files in the
include.user file will be backed up.
- The backups are created as a global tar file and then have the user
tar file appended and then the combined file gzipped and given the .ipf
suffix. This has to be done this was as gzipped files can not be
appended to each other whereas tar files can.
Fixes: 12626 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 21 May 2021 13:42:36 +0000 (15:42 +0200)]
Icinga: Do not ship event handlers for Nagios
These are owned (hence being writable) by "nobody", posing a potential
security risk. Since the files itself were already exluded from being
shipped, their parent directory should be as well.
This patch should reduce the amount of executable files being owned by
nobody to zero after upgrading to Core Update 157. Due to complexity
reasons, not all applications available in Pakfire could be tested,
though, so your mileage may vary.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 21 May 2021 13:41:29 +0000 (15:41 +0200)]
pppd: Explicitly ship pppd shared object files
These are needed by pppd, but were not previously shipped as such.
Instead, since their parent directory at /usr/lib/pppd/${version}/ was
not commented out, we implicitly shipped the entire directory.
This patch does not change our behaviour in the end, but makes things
more transparent to developers.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 21 May 2021 13:40:38 +0000 (15:40 +0200)]
Core Update 157: Apply changed SSH configurations
This is necessary to fix SSH not starting after upgrading to Core Update
157 unless it's settings are manually written via the WebUI.
Reported-by: Erik Kapfer <ummeegge@ipfire.org> Reported-by: Tom Rymes <tom@rymes.net> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 20 May 2021 21:25:05 +0000 (23:25 +0200)]
Clean up various files left from dropped add-ons and packages
Since I only ran "find . -type f -name ...", I missed mostly directories
containing configuration and initscripts of recently dropped add-ons and
packages.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 16 May 2021 17:25:49 +0000 (19:25 +0200)]
python3-setuptools: Create a python3 version of python-setuptools
- python3-setuptools works with python3-daemon but not with
python-m2crypto. m2crypto has to stay with python2 because crda
will not find the python3 version of m2crypto.
- python-m2crypto only works with python-setuptools so both the
python2 and python3 versions of setuptools need to stay in place.
- Therefore this patch only creates python3-setuptools, it does not
remove python-setuptools
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 May 2021 15:10:38 +0000 (17:10 +0200)]
ethtool: Update to 5.12
- Update from 3.16 (2014) to 5.12 (2021)
- Update of rootfile
- Changelog is too large to include here. Changelog details are available
at https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 May 2021 12:31:22 +0000 (14:31 +0200)]
qpdf: Update to 10.3.2
- Update from 10.3.0 to 10.3.2
- Update rootfiles
- Changelog
* 10.3.2: release
* Fix problem that caused the generated manual from being included
in the Windows distributions. Fixes #521.
* Fix 11-year-old bug of leaving unreferenced objects in preserved
object streams. Fixes #520.
* Portability fix: use tm_gmtoff rather than global timezone
variable if available to get timezone offset. This fixes
compilation on BSD and also results in a daylight saving
time-aware offset for Linux or other GNU systems. Fixes #515.
* When adding a page, if the page already exists, make a shallow
copy of the page instead of throwing an exception. This makes the
behavior of adding a page from the library consistent with what
the CLI does and also with what the library does if it starts with
a file that already has a duplicated page. Note that this means
that, in some cases, the page you pass to addPage or addPageAt
(either in QPDF or QPDFPageDocumentHelper) will not be the same
object that actually gets added. (This has actually always been
the case.) That means that, if you are going to do subsequent
modification on the page, you should retrieve it again.
* 10.3.1: release
* Bug fix: allow /DR to be direct in /AcroForm
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 May 2021 12:30:48 +0000 (14:30 +0200)]
glib: Update to 2.68.2
- Update from 2.68.1 to 2.68.2
- Update rootfiles
- Changelog
Overview of changes in GLib 2.68.2
* Fix building third-party projects against GLib on CentOS 7 (work by
Ignacio Casal Quinteiro) (#2387)
* Bugs fixed:
- #2387 json-glib does not build with glib 2.68.1
- !2060 gmacros: check that __cplusplus or _MSC_VER is defined
- !2068 gmacros: missing check if __STDC_VERSION__ is defined
- !2079 Backport !2078 “gthreadedresolver: don't ignore flags in lookup_by_name_with_flags” to glib-2-68
* Translation updates:
- Nepali
- Serbian
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 May 2021 12:30:12 +0000 (14:30 +0200)]
flac: Update to 1.3.3
- Update from 1.3.2 to 1.3.3
- Update rootfiles
- Changelog
General:
Fix CPU detection (Janne Hyvärinen).
Switch from unsigned types to uint32_t (erikd).
CppCheck fixes (erikd).
Improve SIMD decoding of 24 bit files (lvqcl).
POWER* amnd POWER9 improvements (Anton Blanchard).
More tests.
FLAC format:
(none)
Ogg FLAC format:
(none)
flac:
When converting to WAV, use WAVEFORMATEXTENSIBLE when bits per
second is not 8 or 16 (erikd).
Fix --output-prefix with input-files in sub-directories (orbea).
metaflac:
(none)
plugins:
(none)
build system:
Cmake support (Vitaliy Kirsanov, evpobr).
Visual Studio updates (Janne Hyvärinen).
Fix for MSVC when UNICODE is enabled (lvqcl).
Fix for OpenBSD/i386 (Christian Weisgerber).
documentation:
(none)
libraries:
(none).
Interface changes:
libFLAC:
(none)
libFLAC++:
(none)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Make the default that Additional DHCP options Enabled checkbox is
checked when entering a new option.
- For existing options the Enabled checkbox status is honoured.
Fixes: #10400 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Tue, 18 May 2021 21:33:43 +0000 (23:33 +0200)]
Drop libupnp
This library has received no attention within the last three years. By
design, UPnP is a security risk on any firewall, and and outdated
version of a UPnP library definitely is.
This patch therefore drops libupnp completely.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 May 2021 16:58:31 +0000 (18:58 +0200)]
sarg: Update to 2.4.0
- Update from 2.3.11 to 2.4.0
- Update of rootfile not required
- Update of patches as the source code is different enough that the
patches failed to work.
- Changelog has information on changes for version 2.4.0. Prior version
information is for 2.3.3 from 2012. All intervening versions have no
changelog information available.
Version 2.4.0
- Update translations.
- Useragent report is produced if information is available.
- Don't abort if DNS resolution is failing to resolve a host IP address.
- xz compressed log files are supported.
- Compressed redirector logs are now supported.
- Filter converted and split logs using -t command line option.
- Add many new buffer overflow checks.
- Use random temporary directory name by default.
- Many bug fixed.
- Many new features added.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 May 2021 12:29:44 +0000 (14:29 +0200)]
elfutils: Update to 0.184
- Update from 0.183 to 0.184
- Update rootfiles
- Changelog
2021-05-10 Mark Wielaard <mark@klomp.org>
* configure.ac (AC_INIT): Set version to 0.184.
* NEWS: Add libdw, translation and debuginfod-client entries.
2021-03-30 Frank Ch. Eigler <fche@redhat.com>
* configure.ac: Look for pthread_setname_np.
2021-02-17 Timm Bäder <tbaeder@redhat.com>
* configure.ac: Add -Wno-packed-not-aligned check.
2021-02-17 Timm Bäder <tbaeder@redhat.com>
* configure.ac: Add -Wtrampolines check.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 17 May 2021 12:30:32 +0000 (14:30 +0200)]
gdb: Update to 10.2
- Update from 10.1 to 10.2
- Update rootfiles
- Changelog
GDB 10.2 brings the following fixes and enhancements over GDB 10.1:
* PR remote/26614 (AddressSanitizer: heap-use-after-free of extended_remote_target in remote_async_inferior_event_handler)
* PR gdb/26828 (SIGSEGV in follow_die_offset dwarf2/read.c:22950)
* PR gdb/26861 (internal-error: void target_mourn_inferior(ptid_t): Assertion `ptid == inferior_ptid' failed. OS: Mac OSX Catalina; Compiler: GCC; Language: C)
* PR gdb/26876 (gdb error: internal-error: Unknown CFA rule when debugging the linux kernel with qemu)
* PR breakpoints/26881 (infrun.c:6384: internal-error: void process_event_stop_test(execution_control_state*): Assertion `ecs->event_thread->control.exception_resume_breakpoint != NULL' failed)
* PR gdb/26901 (Array subscript fails with flexible array member without size)
* PR tui/26973 (gdb crashes when not including the status window in a new layout)
* PR python/26974 (Wrong Value.format_string docu for static members argument)
* PR breakpoints/27009 ([s390] GDB branches randomly for BC instruction while displaced stepping)
* PR tdep/27015 (ARC: "eret" value is collected from the wrong data in register cache)
* PR backtrace/27147 ([GNU/Linux, sparc64] GDB is unable to print full stack trace (got "previous frame inner to this frame" errors))
* PR rust/27194 (put rust demangler on 10.x branch)
* PR threads/27239 (gdb/cp-support.c:1619:(.text+0x5502): relocation truncated to fit: R_X86_64_PC32 against undefined symbol `TLS init function for thread_local_segv_handler')
* PR breakpoints/27330 (nextoverthrow.exp FAILs on arm-none-eabi)
* PR symtab/27333 ([dwarf-5] abort on unhandled DW_TAG_type_unit in process_psymtab_comp_unit)
* PR fortran/27341 ([dwarf-5] FAIL: gdb.fortran/function-calls.exp: p derived_types_and_module_calls::pass_cart_nd(c_nd))
* PR tdep/27369 (ARC: Stepping over atomic instruction sequences loops infinitely)
* PR build/27385 (Cannot compile arc.c with gcc-4.8 (error: no matching function for call to 'std::pair...'))
* PR gdb/27435 (Attach on solaris segfaults GDB)
* PR build/27535 (amd64-linux-siginfo.c fails to compile after updating to glibc-2.33 headers)
* PR build/27536 (aarch64-linux-hw-point.c fails to compile after updating to glibc-2.33)
* PR symtab/27541 (gdb crashes on "file -readnow")
* PR gdb/27750 (local variables have wrong address and values on sparc64)
* PR varobj/27757 (-var-list-children coredump)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 17 May 2021 19:02:36 +0000 (21:02 +0200)]
DMA: do not ship a binary for creating mail boxes
This is only needed in case of bounces generated by locally emitted
messages. We neither store these, nor do we create mail boxes on a
firewall. Safe to drop.
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 17 May 2021 19:01:54 +0000 (21:01 +0200)]
/usr/bin/ping does not need a SUID bit if appropriate capabilities are set
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 16 May 2021 20:48:58 +0000 (22:48 +0200)]
OpenSSH: do not ship ssh-keysign anymore
To my surprise, this binary comes with suid flag set, and since we do
not have SSH key signing enabled, there is no need to ship it with
IPFire.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:34 +0000 (23:50 +0200)]
python-distutils-extra: Removal of this python2 module
- python-distutils-extra is linked to python-distutils which is no longer
used as it has been replaced by setuptools.
- python-distutils-extra is currently from 2011 and the latest version
is from 2016. No development occurring on this.
- No problem on a clean build with this module being removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:33 +0000 (23:50 +0200)]
python-distutils: Removal of this python2 module
- python-distutils has been replaced by setuptools.
- python-distutils was not being built anyway as it was not listed in
make.sh
- lfs has missing sections. There are no source and no build sections
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:32 +0000 (23:50 +0200)]
python-optional-src: Removal of this python2 module
- python-optional-src was not getting built anyway as it was not listed
in make.sh
- lfs file was missing most of the standard content. No source info
and no build instructions
- missing source file from IPFire source system
- grep on build/ found no dependencies on this module
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:31 +0000 (23:50 +0200)]
make.sh: Removal of three python2 modules
- Removal of python-distutils and python-distutils-extra as these have
been replaced by setuptools.
- Removal of python-optional-src
- Only python-distutils-extra line is removed from make.sh as
python-distutils and python-optional-src were not in make.sh
These two modules have not been getting built historically
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:03 +0000 (23:50 +0200)]
nmap: Migrate to python3
- Added PYTHON=python3 prior to configure. This then builds nmap with
python3.
- ndiff is written as python2 only and currently no patches to make it
work wih python3 have been accepted by the nmap team. It looks like ndiff
will stay as it is for some time so ndiff will be removed from the nmap
package install.
- Added --without-ndiff to configure so nmap is built without ndiff
- Updated rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 14 May 2021 21:11:49 +0000 (23:11 +0200)]
Tor: update to 0.4.5.8
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.5.8:
Changes in version 0.4.5.8 - 2021-05-10
Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes
from the 0.4.6.x series.
o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc):
- Add a workaround to enable the Linux sandbox to work correctly
with Glibc 2.33. This version of Glibc has started using the
fstatat() system call, which previously our sandbox did not allow.
Closes ticket 40382; see the ticket for a discussion of trade-offs.
o Minor features (compilation, backport from 0.4.6.3-rc):
- Make the autoconf script build correctly with autoconf versions
2.70 and later. Closes part of ticket 40335.
o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
- Regenerate the list of fallback directories to contain a new set
of 200 relays. Closes ticket 40265.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/05/07.
o Minor features (onion services):
- Add warning message when connecting to now deprecated v2 onion
services. As announced, Tor 0.4.5.x is the last series that will
support v2 onions. Closes ticket 40373.
o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha):
- Fix a regression that made it impossible start Tor using a bridge
line with a transport name and no fingerprint. Fixes bug 40360;
bugfix on 0.4.5.4-rc.
o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc):
- Allow a custom "ar" for cross-compilation. Our previous build
script had used the $AR environment variable in most places, but
it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha):
- Fix a non-fatal BUG() message due to a too-early free of a string,
when listing a client connection from the DoS defenses subsystem.
Fixes bug 40345; bugfix on 0.4.3.4-rc.
o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
- Fix an indentation problem that led to a warning from GCC 11.1.1.
Fixes bug 40380; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (controller, backport from 0.4.6.1-alpha):
- Fix a "BUG" warning that would appear when a controller chooses
the first hop for a circuit, and that circuit completes. Fixes bug
40285; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion service, client, memory leak, backport from 0.4.6.3-rc):
- Fix a bug where an expired cached descriptor could get overwritten
with a new one without freeing it, leading to a memory leak. Fixes
bug 40356; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha):
- Fix pattern-matching errors when patterns expand to invalid paths
on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by
Daniel Pinto.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>