Adolf Belka [Sun, 2 Jul 2023 09:54:32 +0000 (11:54 +0200)]
ppp: Fixes bug#13164 - Update to version 2.5.0
- Update from version 2.4.9 to 2.5.0
This includes breaking changes for third-party plugins but as far as I can see IPFire
is not using any third party plugins
- Update of rootfile
- Update of patches and sed commands
- pcap-int.h and if_pppol2tp.h files have not been in source file since at least 2014
- Some of the patches required updates as additional lines needing to be patched are
now present. nThis was related to the O_CLOEXEC & SOCK_CLOEXEC related patches
- connect-errors file location is now defined by a configure command --with-logfile-dir
- install-etcppp is no longer provided. However the install command in this version still
has the same files available in /etc/ppp as previously. There is a new file,
openssl.cnf, which I have commented out. If it is required in future it can always be
uncommented in future releases.
- Build went without any problems with the updated patches.
- I cannot test this as I don't use ppp, however the original bug reporter has agreed to
test this out when it is released into Testing unless anyone else is capable of testing
it.
- Changelog
What's new in ppp-2.5.0.
The 2.5.0 release is a major release of pppd which contains breaking
changes for third-party plugins, a complete revamp of the build-system
and that allows for flexibility of configuring features as needed.
In Summary:
* Support for PEAP authentication by Eivind Næss and Rustam Kovhaev
* Support for loading PKCS12 certificate envelopes
* Adoption of GNU Autoconf / Automake build environment, by Eivind Næss
and others.
* Support for pkgconfig tool has been added by Eivind Næss.
* Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár.
* Major revision to PPPD's Plugin API by Eivind Næss.
- Defines in which describes what features was included in pppd
- Functions now prefixed with explicit ppp_* to indicate that
pppd functions being called.
- Header files were renamed to better align with their features,
and now use proper include guards
- A pppdconf.h file is supplied to allow third-party modules to use
the same feature defines pppd was compiled with.
- No extern declarations of internal variable names of pppd,
continued use of these extern variables are considered
unstable.
* Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon
* Dropped IPX support, as Linux has dropped support in version 5.15
for this protocol.
* Many more fixes and cleanups.
* Pppd is no longer installed setuid-root.
* New pppd options:
- ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
ipv6-up-script, ipv6-down-script
- -v, show-options
- usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
* On Linux, any baud rate can be set on a serial port provided the
kernel serial driver supports that.
Note that if you have built and installed previous versions of this
package and you want to continue having configuration and TDB files in
/etc/ppp, you will need to use the --sysconfdir option to ./configure.
For a list of the changes made during the 2.4 series releases of this
package, see the Changes-2.4 file.
Compression methods.
This package supports two packet compression methods: Deflate and
BSD-Compress. Other compression methods which are in common use
include Predictor, LZS, and MPPC. These methods are not supported for
two reasons - they are patent-encumbered, and they cause some packets
to expand slightly, which pppd doesn't currently allow for.
BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
ever expand packets.
Fixes: bug#13164 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 2 Aug 2023 20:09:55 +0000 (22:09 +0200)]
fwhosts.cgi: Fixes bug#13206 - no validation of location group name
- Added validation code for the location group name. This is only validated when edited
and not when created.
- The code was copied from the section for creating the Services Group Name or the
Network/Host Group Name.
Fixes: Bug#13206 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Jul 2023 21:03:59 +0000 (23:03 +0200)]
samba.cgi: Fixes bug#13193 - disables smb1 unix extensions in smb.conf
- Around three years ago the samba wui page was simplified and several parts were removed
including the ability to set either wide links or unix extensions to be enabled
- When the above was done wide links = yes was defined in the samba.cgi code
- unix extenstions was not defined and therefore took the default value which was/is yes
- unix extensions is now called smb1 unix extensions and has the same default value of yes
- With both wide links = yes and smb1 unix extensions = yes means that when there is a
wide symlink (one that goes outside the share directory tree) then wide links is disabled
because smb1 unix extensions is enabled. This is even though the smb1 protocol is disabled
by default.
- This patch sets smb1 unix extensions = no in the configuration.
- This has been tested in my vm testbed and confirmed that the error message is no longer
shown and that any wide links are able to be accessed from the share mounted on a client
Fixes: Bug#13193 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:18 +0000 (18:16 +0200)]
tar: Update to version 1.35
- Update from version 1.34 to 1.35
- Update of rootfile not required
- Changelog
1.35 - Sergey Poznyakoff, 2023-07-18
* Fail when building GNU tar, if the platform supports 64-bit time_t
but the build uses only 32-bit time_t.
* Leave the devmajor and devminor fields empty (rather than zero) for
non-special files, as this is more compatible with traditional tar.
* Bug fixes
** Fix interaction of --update with --wildcards.
** When extracting archives into an empty directory, do not create
hard links to files outside that directory.
** Handle partial reads from regular files.
** Warn "file changed as we read it" less often.
Formerly, tar warned if the file's size or ctime changed.
However, this generated a false positive if tar read a file
while another process hard-linked to it, changing its ctime.
Now, tar warns if the file's size, mtime, user ID, group ID,
or mode changes. Although neither heuristic is perfect,
the new one should work better in practice.
** Fix --ignore-failed-read to ignore file-changed read errors
as far as exit status is concerned. You can now suppress file-changed
issues entirely with --ignore-failed-read --warning=no-file-changed.
** Fix --remove-files to not remove a file that changed while we read it.
** Fix --atime-preserve=replace to not fail if there was no need to replace,
either because we did not read the file, or the atime did not change.
** Fix race when creating a parent directory while another process is
also doing so.
** Fix handling of prefix keywords not followed by "." in pax headers.
** Fix handling of out-of-range sparse entries in pax headers.
** Fix handling of --transform='s/s/@/2'.
** Fix treatment of options ending in / in files-from list.
** Fix crash on 'tar --checkpoint-action exec=\"'.
** Fix low-memory crash when reading incremental dumps.
** Fix --exclude-vcs-ignores memory allocation misuse.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 2 Aug 2023 09:52:02 +0000 (09:52 +0000)]
openssl: Update to 3.1.2
* Fix excessive time spent checking DH q parameter value.
The function DH_check() performs various checks on DH parameters. After
fixing CVE-2023-3446 it was discovered that a large q parameter value can
also trigger an overly long computation during some of these checks.
A correct q value, if present, cannot be larger than the modulus p
parameter, thus it is unnecessary to perform these checks if q is larger
than p.
If DH_check() is called with such q parameter value,
DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
intensive checks are skipped.
([CVE-2023-3817])
*Tomáš Mráz*
* Fix DH_check() excessive time with over sized modulus.
The function DH_check() performs various checks on DH parameters. One of
those checks confirms that the modulus ("p" parameter) is not too large.
Trying to use a very large modulus is slow and OpenSSL will not normally use
a modulus which is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the supplied
modulus value even if it has already been found to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying a
key/parameters with a modulus over this size will simply cause DH_check() to
fail.
([CVE-2023-3446])
*Matt Caswell*
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
with NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated. ([CVE-2023-2975])
Thanks to Juerg Wullschleger (Google) for discovering the issue.
The fix changes the authentication tag value and the ciphertext for
applications that use empty associated data entries with AES-SIV.
To decrypt data encrypted with previous versions of OpenSSL the application
has to skip calls to `EVP_DecryptUpdate()` for empty associated data
entries.
*Tomáš Mráz*
* When building with the `enable-fips` option and using the resulting
FIPS provider, TLS 1.2 will, by default, mandate the use of an extended
master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will
not operate with truncated digests (FIPS 140-3 IG G.R).
*Paul Dale*
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 31 Jul 2023 20:36:54 +0000 (22:36 +0200)]
mpd: Update to version 0.23.13
- Update from version 0.23.12 to 0.23.13
- Update of rootfile not required
- mpd needs version 0.23.13 to build with fmt-10.0.0
- Changelog
0.23.13 (2023/05/22)
* input
- curl: fix busy loop after connection failed
- curl: hide "404" log messages for non-existent ".mpdignore" files
* archive
- zzip: fix crash bug
* database
- simple: reveal hidden songs after deleting containing CUE
* decoder
- ffmpeg: reorder to a lower priority than "gme"
- gme: require GME 0.6 or later
* output
- pipewire: fix corruption bug due to missing lock
* Linux
- shut down if parent process dies in --no-daemon mode
- determine systemd unit directories via pkg-config
* support libfmt 10
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 31 Jul 2023 20:36:53 +0000 (22:36 +0200)]
fmt: Update to version 10.0.0
- Update from version 9.1.0 to 10.0.0
- Update of rootfile
- sobump so ran ./make find dependencies. This highlighted mpd but that needs to be
updated anyway as the existing version does not build with fmt-10.0.0
- Changelog is too large to include here. See the file ChangeLog.rst in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 31 Jul 2023 16:15:43 +0000 (18:15 +0200)]
procps: Add patch to fix errors that prevent build with gettext-0.22
- Gettext earlier than 0.21 would still build when it found errors in language files etc.
With gettext-0.22 if it finds any errors it now stops.
- There were two lines in the french po file in procps that had erros in them. procps have
raised a commit to fix those. The patch included here carries out that commit.
- Update of rootfile not required.
- This patch will not be needed when the next update of procps occurs.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 31 Jul 2023 16:15:42 +0000 (18:15 +0200)]
gettext: Update to version 0.22
- Update from version 0.21 to 0.22
- Update of rootfile
- Changelog
0.22 - June 2023
* PO file format:
- When a #: line contains references to file names that contain spaces,
these file names are surrounded by Unicode characters U+2068 and U+2069.
This makes it possible to parse such references correctly.
* Improvements for maintainers:
- The AM_GNU_GETTEXT macro now defines two variables localedir_c and
localedir_c_make, that can be used in C code or in Makefiles,
respectively, for representing the value of the --localedir configure
option.
* Programming languages support:
- C, C++:
o xgettext now supports gettext-like functions that take wide strings
(of type 'const wchar_t *', 'const char16_t *', or 'const char32_t *')
as arguments.
o xgettext now recognizes numbers with digit separators, as defined by
ISO C 23, as tokens.
o xgettext and msgfmt now recognize the format string directive %b
(for binary integer output, as defined by ISO C 23) in format strings.
o xgettext and msgfmt now recognize the argument size specifiers
w8, w16, w32, w64, wf8, wf16, wf32, wf64 (as defined by ISO C 23)
in format strings.
o xgettext and msgfmt now recognize C++ format strings, as defined by
ISO C++ 20. They are marked as 'c++-format' in POT and PO files.
A new example has been added, 'hello-c++20', that illustrates how
to use these format strings with gettext.
- Java:
o The build system and tools now also support Java versions newer than
Java 11. This is known to work up to Java 20, at least. On the other
hand, support for old versions of Java (Java 1.5 and GCJ) has been
dropped.
- Tcl: xgettext now supports the \x, \u, and \U escapes as defined in
Tcl 8.6.
* Portability:
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with an encoding other than UTF-8.
To this effect, the msgfmt program now converts the messages to UTF-8
encoding before storing them in a MO file. You can prevent this by
using the msgfmt --no-convert option.
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with ISO C 99 <inttypes.h> format
string directive macros. To this effect, the msgfmt program pre-expands
strings with such macros. You can prevent this by using the msgfmt
--no-redundancy option.
* xgettext:
- The xgettext option '--sorted-output' is now deprecated.
- xgettext input files of type PO that are not all ASCII and not UTF-8
encoded are now handled correctly.
* The base Unicode standard is now updated to 15.0.0.
* Emacs PO mode:
Fix an incompatibility with Emacs version 29 or newer.
0.21.1 - October 2022
* Runtime behaviour:
- On AIX, locale names with a script or with an uppercase language are now
supported.
For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and
EN_US.UTF-8 is treated like en_US.UTF-8.
* The base Unicode standard is now updated to 14.0.0.
* Portability:
- Building on macOS 11/arm64 is now supported.
- Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 1 Aug 2023 15:48:36 +0000 (17:48 +0200)]
extrahd.cgi: Drop select for FS selection.
This feature does not have any benefit because the linux kernel
knows best which filesystem a device/partition has.
So there is no need for a user to specify this by-hand. This also
prevents from choosing a wrong fs type and as a direct result in a
not mountable device.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 1 Aug 2023 15:48:28 +0000 (17:48 +0200)]
extrahd.cgi: Add various perl functions deal with block devices
This functions are going to replace the former used scan/write to file/read from
file approach by directly collecting the required informations from the
kernel sysfs and devfs.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 31 Jul 2023 13:43:47 +0000 (13:43 +0000)]
udev: Drop hwrng rules
This is another fragment of rngd - the gift that keeps giving.
The udev rules file contains a lot of stuff for a prototype which never
went into production. So, that can be dropped.
It would have been left with one rule that starts rngd whenever a HWRNG
is being found. That is however no longer needed as rngd is being
started in the init process. We no longer need to initialize it as early
as possible to seed the kernel's PRNG.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 Jul 2023 17:03:49 +0000 (19:03 +0200)]
pmacct: Fix for Bug#13163 - no such column: vlan_in [CU 175]
- This problem occurred with pmacct-1.7.8 and was raised with upstream. They identified a
bug and provided a commit with a fix.
- Unfortunately the commit can not be used on version 1.7.8 from Dec 2022 as it depends on
other commits applied in the period from Dec 2022 to July 2023.
- The next version release is likely to come out around Dec 2023 to Mar 2024 based on the
previous release frequency (6 to 9 months)
- The only alternative was to make a release from the commit stage of the fix. In Github
this only provides a zip file. So I extracted the zip file and then re-archived it
as a .tar.gz file
- Build went successfully and the .ipfire package file was tested successfully by @Jon
Fixes: Bug#13163 Tested-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 10 Jul 2023 09:23:49 +0000 (11:23 +0200)]
glib: Update to version 2.77.0
- Update from 2.71.1 to 2.77.0
- Update of rootfile
- Changelog is too large to include here. Details can be found in the NEWS file in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 10 Jul 2023 09:23:50 +0000 (11:23 +0200)]
groff: Update to version 1.23.0
- Update from version 1.22.4 to 1.23.0
- Update of rootfile
- Changelog is too large to show here.
See the NEWS file in the source tarball for user visible changes. This does not
include any bug fixes.
For bug fixes and all commits see the ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 27 Jul 2023 13:57:25 +0000 (15:57 +0200)]
ovpnmain.cgi: Fixes bug#13190 - connection status shows disconnected for connected client
- If the certificate name has underscores in it then the status always shows as DISCONNECTED
alothough the actual connection is working and can be used.
- The certificate with underscores works fine. RFC5280 accepts underscores in the name.
- The code for checking the status splits up the status message and takes the first part
as the common name for the connection. Then there is a regex command which rerplaces
any underscores in the status common name with spaces. This results in the connection
with underscores in the certificate name never matching any status feedback common
name as the underscores have been replaced by spaces.
- This has been tested to work with my vm test bed. With existing code the connection with
underscores in the certificate name permanently showed DISCONNECTED. With the code change
the connection shows as CONNECTED very quickly.
Fixes: Bug#13190 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 21:29:25 +0000 (23:29 +0200)]
gnump3d: Update perl directory in gnump3d.conf to current version
- Update perl dircetory for plugin from 5.32.1 to 5.36.0
- Perl was updated in August 2022 but this directory was missed when that update was done.
A forum member has tried to use gnump3d and had problems because it was trying to use
the perl 5.32.1 directory for a plugin in the gnump3d.conf file
- Bumped the PAK_VER to ensure that gniump3d is shipped.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:19 +0000 (18:16 +0200)]
xfsprogs: Update to version 6.4.0
- Update from version 6.2.0 to 6.4.0
- Update of rootfile not required
- Changelog is not available in the source tarball or on the website. Changes can be viewed
in the git log https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:17 +0000 (18:16 +0200)]
mpfr: Update to version 4.2.0p12
- Update from version 4.2.0p9 to 4.2.0p12
- Update of rootfile not required
- Changelog - additional patches from 10 to 12 over previous update
10 - GCC 12 emits a spurious "may be used uninitialized" warning on tests/tfpif.c
with -O1, and GCC 13 has the same issue also with -O2 (GCC bug 106155). This can
make some test scripts fail for the developers. The gcc-pr106155-workaround
patch provides a workaround for this bug in GCC.
Corresponding changeset in the 4.2 branch: c0031f1af.
11 - The mpfr_inp_str function does not handle the '\0' character correctly when it
is not a whitespace character (which is almost always the case in practice, or
really always the case). For instance, if the word is the sequence
{ '1', '\0', '2' }, the string "1" is passed to mpfr_set_str because '\0' is
regarded as a terminating null character, and one gets a valid number (1) while
'\0' in a word is necessarily invalid. This is fixed by the inp_str-nullchar
patch. The testcase in the repository cannot be provided in the patch because of
the null character in one of the files.
Corresponding changeset in the 4.2 branch: 6a68387b2.
12 - When '\0' is a whitespace character, i.e. when isspace(0) is true in the current
locale (as allowed by ISO C for non-"C" locales), the mpfr_strtofr function
regards a '\0' in the leading whitespace sequence as a whitespace. This is
incorrect, since from the definition of a string, the first '\0' is the
terminating null character (before the notion of whitespace is involved). In
such locales, this is a vulnerability, because characters after the terminating
null character are read to determine the result; however, such locales are rare
or nonexistent (Mutt's lib.h suggests that some systems have such locales, but
this was in 1998). This is fixed by the strtofr-nullchar patch.
Corresponding changeset in the 4.2 branch: 964fbaa31.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:16 +0000 (18:16 +0200)]
libarchive: Update to version 3.7.0
- Update from version 3.6.2 to 3.7.0
- Update of rootfile
- Changelog
3.7.0 is a feature and bugfix release.
New features:
bsdunzip: new tool ported from FreeBSD (#1873)
drop-in replacement for Info-ZIP unzip, not yet ported for Windows
7zip reader: support for Zstandard compression (#1894)
7zip reader: support for ARM64 filter (#1918)
zstd filter: support for multi-frame zstd archives (#1818)
Other notable bugfixes and improvements:
pax: fix year 2038 problem on platforms with 64-bit time_t (#1840)
Windows: Universal Windows Platform (UWP) fixes and improvements (#1879, #1883, #1885, #1840)
Windows: bcrypt usage fixes and improvements (#1881, #1887)
Windows: time function usage fixes and improvements (#1820, #1824, #1830)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:15 +0000 (18:16 +0200)]
curl: Update to version 8.2.1
- Update from version 8.2.0 to 8.2.1
- Update of rootfile not required
-Changelog
8.2.1
Bugfixes
o amigaos: fix sys/mbuf.h m_len macro clash [9]
o amissl: add missing signal.h include [8]
o amissl: fix AmiSSL v5 detection [2]
o cfilters: rename close/connect functions to avoid clashes [12]
o ciphers.d: put URL in first column [1]
o cmake: add `libcurlu`/`libcurltool` for unit tests [5]
o cmake: update ngtcp2 detection [4]
o configure: check for nghttp2_session_get_stream_local_window_size [14]
o CONTRIBUTE: drop mention of copyright year ranges [20]
o CONTRIBUTE: fix syntax in commit message description [21]
o curl_multi_wait.3: fix arg quoting to doc macro .BR [27]
o docs: mark two TLS options for TLS, not SSL [26]
o docs: provide more see also for cipher options [23]
o hostip: return IPv6 first for localhost resolves [16]
o http2: fix regression on upload EOF handling [13]
o http: VLH, very large header test and fixes [19]
o libcurl-errors.3: add CURLUE_OK [11]
o os400: correct EXPECTED_STRING_LASTZEROTERMINATED [7]
o quiche: fix lookup of transfer at multi [18]
o quiche: fix segfault and other things [15]
o rustls: update rustls-ffi 0.10.0 [24]
o socks: print ipv6 address within brackets [10]
o src/mkhelp: strip off escape sequences [22]
o tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T [17]
o transfer: do not clear the credentials on redirect to absolute URL [6]
o unittest: remove unneeded *_LDADD [3]
o websocket: rename arguments/variables to match docs [25]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 28 Jul 2023 21:39:52 +0000 (23:39 +0200)]
sox: Remove from IPFire as no longer needed for asterix
- sox was used for asterix but that addon was removed in Core Update 158 so sox is no
longer needed.
- remove the lfs and rootfile files and remove sox from the make.sh script
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 24 Jul 2023 16:15:44 +0000 (18:15 +0200)]
openjpeg: Update to version 2.5.0
- Update from version 2.4.0 to 2.5.0
- Update of rootfile
- Changelog
2.5.0 (May 2022)
No API/ABI break compared to v2.4.0, but additional symbols for subset of
components decoding (hence the MINOR version bump).
* Encoder: add support for generation of TLM markers [\#1359]
(https://github.com/uclouvain/openjpeg/pull/1359)
* Decoder: add support for high throughput \(HTJ2K\) decoding. [\#1381]
(https://github.com/uclouvain/openjpeg/pull/1381)
* Decoder: add support for partial bitstream decoding [\#1407]
(https://github.com/uclouvain/openjpeg/pull/1407)
* Bug fixes (including security fixes)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 24 Jul 2023 16:15:43 +0000 (18:15 +0200)]
oci-python-sdk: Update to version 2.107.0
- Update from version 2.64.0 to 2.107.0
- Update of rootfile
- Changelog is too large to include here. For details look at the CHANGELOG.rst file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 24 Jul 2023 16:15:42 +0000 (18:15 +0200)]
oci-cli: Update to version 3.29.4
- Update from version 3.7.3 to 3.29.4
- Update of rootfile
- Changelog is too large to include here. For details of the changes see the CHANGELOG.rst
file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 24 Jul 2023 16:15:41 +0000 (18:15 +0200)]
observium-agent: Update to version 23.1
- Update from version 18.9.1 to 23.1
- Update of rootfile not required
- Changelog - There is no changelog file inb the source tarball.
The commit changes are done in a SVN change management system. There is a Changelog
page on the website, https://changelog.observium.org/, but this identifies all changes
by their SVN number but with no relationship to the release version number.
- I have not been able to find out how to identify what changes have been made between
version 18.9.1 and 23.1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 24 Jul 2023 16:15:40 +0000 (18:15 +0200)]
oath-toolkit: Update to version 2.6.9
- Update from version 2.6.7 to 2.6.9
- Update of rootfile not required
- Changelog
2.6.9 (released 2023-07-09)
** Improve compatibility with recent libxmlsec.
** Update gnulib files, dropping gnulib self-tests.
2.6.8 (released 2023-07-09)
** libpskc: Fixes for recent libxmlsec releases.
** pam_oath: Provide fallback pam_modutil_getpwnam implementation.
Fixes <https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/26> on
Mac OS. Patch from Nick Gaya <nicholasgaya+github@gmail.com>.
** pam_oath: Don't fail authentication when pam_modutil_getpwnam doesn't
** know the user when usersfile don't include ${USER} or ${HOME}. Closes: #27.
Regression introduced in previous release. Reported by Nick Gaya
<nicholasgaya+github@gmail.com>.
** pam_oath: Self-test improvements.
Patch from Nick Gaya <nicholasgaya+github@gmail.com>.
** liboath: Builds on Windows.
The oath_authenticate_usersfile function is just a stub that returns
an error. This allows for use of the rest of the library on Windows.
Thanks to David Woodhouse, see
<https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/15>.
** Disable PAM self-tests on Mac. Fix --enable-root-tests logic.
** Don't ship gtk-doc PDF's in tarball.
** Use gitlog-to-changelog instead of git2cl.
** Codespell typo fixes. Patch by Dimitri Papadopoulos.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 24 Jul 2023 16:15:39 +0000 (18:15 +0200)]
ntfs-3g: Update to version 2022.10.3
- Update from version 2021.8.22 to 2022.10.3
- Update of rootfile not required
- Changelog
Security release 2022.10.3 (Oct 3, 2022)
Rejected zero-sized runs
Avoided merging runlists with no runs
Security release 2022.5.17 (May 26, 2022)
Improved defence against maliciously tampered NTFS partitions
Improved defence against improper use of options
Updated the documentation
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 24 Jul 2023 16:15:46 +0000 (18:15 +0200)]
ncat: Update to version 7.94
- Update from version 7.92 to 7.94
- Update of rootfile not required
- Changelog
7.94 [2023-05-19]
o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
this effort possible:
+ [GH#2088][GH#1176][Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík]
+ [GH#1807][GH#1176][Ndiff] Updated Ndiff to Python 3. [Brian Quigley]
+ Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
to those who opened Python 3-related issues and pull requests: Eli
Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
Hasan Aliyev, and others.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.71 to the latest version 1.75. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M
(28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC
prefix used previously for lookups.
o Added partial silent-install support to the Nmap Windows
installer. It previously didn't offer silent mode (/S) because the
free/demo version of Npcap Windoes packet capturing driver that it
needs and ships with doesn't include a silent installer. Now with
the /S option, Nmap checks whether Npcap is already installed
(either the free version or OEM) and will silently install itself if
so. This is similar to how the Wireshark installer works and is
particularly helpful for organizations that want to fully automate
their Nmap (and Npcap) deployments. See
https://nmap.org/nmap-silent-install for more details.
o Lots of profile-guided memory and processing improvements for Nmap, including
OS fingerprint matching, probe matching and retransmission lookups for large
hostgroups, and service name lookups. Overhauled Nmap's string interning and
several other startup-related procedures to speed up start times, especially
for scans using OS detection. [Daniel Miller]
o Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints,
bringing the new total to 5700!
o [NSE][GH#548] Added the tftp-version script which requests a
nonexistent file from a TFTP server and matches the error message
to a database of known software. [Mak Kolybabi]
o [Ncat][GH#1223] Ncat can now accept "connections" from multiple UDP hosts in
listen mode with the --keep-open option. This also enables --broker and
--chat via UDP. [Daniel Miller]
o [GH#2575] Upgraded OpenSSL binaries (for the Windows builds and for
RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602;
CVE-2022-3786) which don't impact Nmap proper since it doesn't do
certificate validation, but could possibly impact Ncat when the
--ssl-verify option is used.
o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
o [GH#2532] Removed the bogus OpenSSL message from the Windows Nmap
executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL
legacy provider failed to load." We actually already have the legacy
provider built-in to our OpenSSL builds, and that's why loading the
external one fails.
o [GH#2541] UDP port scan (-sU) and version scan (-sV) now both use the same
data source, nmap-service-probes, for data payloads. Previously, the
nmap-payloads file was used for port scan. Port scan responses will be used
to kick-start the version matching process. [Daniel Miller]
o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption. The
DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent
sooner in the scan. [Daniel Miller]
o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming
connections. [Daniel Miller]
o [GH#1023] Handle Internationalized Domain Names (IDN) like Яндекс.рф on
platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
o [Ncat] Addressed an issue from the Debian bug tracker
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
received immediately after a SOCKS CONNECT response. Ncat can now be
correctly used in the ProxyCommand option of OpenSSH.
o Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted DNS
server responses, reported by Philippe Antoine.
o [GH#2338][NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]
o [GH#2507] Updates to the Japanese manpage translation by Taichi Kotake.
o [Ncat][GH#1026][GH#2426] Dramatically speed up Ncat transfers on
Windows by avoiding a 125ms wait for every read from
STDIN. [scriptjunkie]
o [GH#1192][Windows] Periodically reset the system idle timer to keep the
system from going to sleep while scans are in process. This only affects port
scans and OS detection scans, since NSE and version scan do not rely on
timing data to adjust speed.
o Updated the Nmap Public Source License (NPSL) to Version 0.95. This
just clarifies that the derivative works definition and all other
license clauses only apply to parties who choose to accept the
license in return for the special rights granted (such as Nmap
redistribution rights). If a party can do everything they need to
using copyright provisions outside of this license such as fair use,
we support that and aren't trying to claim any control over their
work. Versions of Nmap released under previous versions of the NPSL
may also be used under the NPSL 0.95 terms.
o Avoid storing many small strings from IPv4 OS detection results in the global
string_pool. These were effectively leaked after a host is done being
scanned, since string_pool allocations are not freed until Nmap quits.
7.93 [2022-09-01]
o This release commemorates Nmap's 25th anniversary! It all started with this
September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.50 to the latest version 1.71. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions.
Binaries for this release include OpenSSL 3.0.5.
o Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
o [GH#2416] Fix a bug that prevented Nmap from discovering interfaces on Linux
when no IPv4 addresses were configured. [Daniel Miller, nnposter]
o [NSE][GH#2463] NSE "exception handling" with nmap.new_try() will no longer
result in a stack traceback in debug output nor a "ERROR: script execution
failed" message in script output, since the intended behavior has always been
to end the script immediately without output. [Daniel Miller]
o [GH#2494] Update the Nmap output DTD to match actual output since the
`<hosthint>` element was added in Nmap 7.90.
o [NSE][GH#2496] Fix newtargets support: since Nmap 7.92, scripts could not add
targets in script pre-scanning phase. [Daniel Miller]
o [GH#2468] Scripts dhcp-discover and broadcast-dhcp-discover now support
setting a client identifier. [nnposter]
o [GH#2331][GH#2471] Script oracle-tns-version was not reporting the version
correctly for Oracle 19c or newer [linholmes]
o [GH#2296][GH#2342] Script redis-info was crashing or producing inaccurate
information about client connections and/or cluster nodes. [nnposter]
o [GH#2379] Nmap and Nping were unable to obtain system routes on FreeBSD
[benpratt, nnposter]
o [GH#2464] Script ipidseq was broken due to calling an unreachable library
function. [nnposter]
o [GH#2420][GH#2436] Support for EC crypto was not properly enabled if Nmap
was compiled with OpenSSL in a custom location. [nnposter]
o [NSE] Improvements to event handling and pcap socket garbage collection,
fixing potential hangs and crashes. [Daniel Miller]
o We ceased creating the Nmap win32 binary zipfile. It was useful back when
you could just unzip it and run Nmap from there, but that hasn't worked well
for many years. The win32 self-installer handles Npcap installation and many
other dependencies and complexities. Anyone who needs the binaries for some
reason can still install Nmap on any system and retrieve them from there.
For now we're keeping the Win32 zipfile in the Nmap OEM Edition
(https://nmap.org/oem) for companies building Nmap into their own
products. But even in that case we believe that running the Nmap OEM
self-installer in silent mode is a better approach.
o [GH#2388] Fix TDS7 password encoding for mssql.lua, which had been assuming
ASCII input even though other parts of the library had been passing it Unicode.
o [GH#2402] Replace deprecated CPEs for IIS with their updated identifier,
cpe:/a:microsoft:internet_information_services [Esa Jokinen]
o [NSE][GH#2393] Fix script-terminating error when unknown BSON data types are
encountered. Added parsers for most standard data types. [Daniel Miller]
o [Ncat] Fix hostname/certificate comparison and matching to handle ASN.1
strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
o [Ncat][GH#2365] Added support for SOCKS5 proxies that return bind addresses
as hostnames, instead of IPv4/IPv6 addresses. [pomu0325]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 24 Jul 2023 16:15:38 +0000 (18:15 +0200)]
nmap: Update to version 7.94
- Update from version 7.92 to 7.94
- Update of rootfile
- Changelog
7.94 [2023-05-19]
o Zenmap and Ndiff now use Python 3! Thanks to the many contributors who made
this effort possible:
+ [GH#2088][GH#1176][Zenmap] Updated Zenmap to Python 3 and PyGObject. [Jakub Kulík]
+ [GH#1807][GH#1176][Ndiff] Updated Ndiff to Python 3. [Brian Quigley]
+ Additional Python 3 update fixes by Sam James, Daniel Miller. Special thanks
to those who opened Python 3-related issues and pull requests: Eli
Schwartz, Romain Leonard, Varunram Ganesh, Pavel Zhukov, Carey Balboa,
Hasan Aliyev, and others.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.71 to the latest version 1.75. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Nmap now prints vendor names based on MAC address for MA-S (24-bit), MA-M
(28-bit), and MA-L (36-bit) registrations instead of the fixed 3-byte MAC
prefix used previously for lookups.
o Added partial silent-install support to the Nmap Windows
installer. It previously didn't offer silent mode (/S) because the
free/demo version of Npcap Windoes packet capturing driver that it
needs and ships with doesn't include a silent installer. Now with
the /S option, Nmap checks whether Npcap is already installed
(either the free version or OEM) and will silently install itself if
so. This is similar to how the Wireshark installer works and is
particularly helpful for organizations that want to fully automate
their Nmap (and Npcap) deployments. See
https://nmap.org/nmap-silent-install for more details.
o Lots of profile-guided memory and processing improvements for Nmap, including
OS fingerprint matching, probe matching and retransmission lookups for large
hostgroups, and service name lookups. Overhauled Nmap's string interning and
several other startup-related procedures to speed up start times, especially
for scans using OS detection. [Daniel Miller]
o Integrated many of the most-submitted IPv4 OS fingerprints for recent
versions of Windows, iOS, macOS, Linux, and BSD. Added 22 fingerprints,
bringing the new total to 5700!
o [NSE][GH#548] Added the tftp-version script which requests a
nonexistent file from a TFTP server and matches the error message
to a database of known software. [Mak Kolybabi]
o [Ncat][GH#1223] Ncat can now accept "connections" from multiple UDP hosts in
listen mode with the --keep-open option. This also enables --broker and
--chat via UDP. [Daniel Miller]
o [GH#2575] Upgraded OpenSSL binaries (for the Windows builds and for
RPM's) to version 3.0.8. This resolves some CVE's (CVE-2022-3602;
CVE-2022-3786) which don't impact Nmap proper since it doesn't do
certificate validation, but could possibly impact Ncat when the
--ssl-verify option is used.
o Upgrade included libraries: zlib 1.2.13, Lua 5.4.4, libpcap 1.10.4
o [GH#2532] Removed the bogus OpenSSL message from the Windows Nmap
executable which looked like "NSOCK ERROR ssl_init_helper(): OpenSSL
legacy provider failed to load." We actually already have the legacy
provider built-in to our OpenSSL builds, and that's why loading the
external one fails.
o [GH#2541] UDP port scan (-sU) and version scan (-sV) now both use the same
data source, nmap-service-probes, for data payloads. Previously, the
nmap-payloads file was used for port scan. Port scan responses will be used
to kick-start the version matching process. [Daniel Miller]
o Nmap's service scan (-sV) can now probe the UDP service behind a DTLS tunnel,
the same as it already does for TCP services with SSL/TLS encryption. The
DTLSSessionReq probe has had its rarity lowered to 2 to allow it to be sent
sooner in the scan. [Daniel Miller]
o [Ncat] Ncat in listen mode with --udp --ssl will use DTLS to secure incoming
connections. [Daniel Miller]
o [GH#1023] Handle Internationalized Domain Names (IDN) like Яндекс.рф on
platforms where getaddrinfo supports the AI_IDN flag. [Daniel Miller]
o [Ncat] Addressed an issue from the Debian bug tracker
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
received immediately after a SOCKS CONNECT response. Ncat can now be
correctly used in the ProxyCommand option of OpenSSH.
o Improved DNS domain name parsing to avoid recursion and enforce name length
limits, avoiding a theoretical stack overflow issue with certain crafted DNS
server responses, reported by Philippe Antoine.
o [GH#2338][NSE] Fix mpint packing in ssh2 library, which was causing OpenSSH
errors like "ssh_dispatch_run_fatal: bignum is negative" [Sami Loone]
o [GH#2507] Updates to the Japanese manpage translation by Taichi Kotake.
o [Ncat][GH#1026][GH#2426] Dramatically speed up Ncat transfers on
Windows by avoiding a 125ms wait for every read from
STDIN. [scriptjunkie]
o [GH#1192][Windows] Periodically reset the system idle timer to keep the
system from going to sleep while scans are in process. This only affects port
scans and OS detection scans, since NSE and version scan do not rely on
timing data to adjust speed.
o Updated the Nmap Public Source License (NPSL) to Version 0.95. This
just clarifies that the derivative works definition and all other
license clauses only apply to parties who choose to accept the
license in return for the special rights granted (such as Nmap
redistribution rights). If a party can do everything they need to
using copyright provisions outside of this license such as fair use,
we support that and aren't trying to claim any control over their
work. Versions of Nmap released under previous versions of the NPSL
may also be used under the NPSL 0.95 terms.
o Avoid storing many small strings from IPv4 OS detection results in the global
string_pool. These were effectively leaked after a host is done being
scanned, since string_pool allocations are not freed until Nmap quits.
7.93 [2022-09-01]
o This release commemorates Nmap's 25th anniversary! It all started with this
September 1, 1997 Phrack article by Fyodor: https://nmap.org/p51-11.html.
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.50 to the latest version 1.71. It
includes dozens of performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Ensure Nmap builds with OpenSSL 3.0 using no deprecated API functions.
Binaries for this release include OpenSSL 3.0.5.
o Upgrade included libraries: libssh2 1.10.0, zlib 1.2.12, Lua 5.3.6, libpcap 1.10.1
o [GH#2416] Fix a bug that prevented Nmap from discovering interfaces on Linux
when no IPv4 addresses were configured. [Daniel Miller, nnposter]
o [NSE][GH#2463] NSE "exception handling" with nmap.new_try() will no longer
result in a stack traceback in debug output nor a "ERROR: script execution
failed" message in script output, since the intended behavior has always been
to end the script immediately without output. [Daniel Miller]
o [GH#2494] Update the Nmap output DTD to match actual output since the
`<hosthint>` element was added in Nmap 7.90.
o [NSE][GH#2496] Fix newtargets support: since Nmap 7.92, scripts could not add
targets in script pre-scanning phase. [Daniel Miller]
o [GH#2468] Scripts dhcp-discover and broadcast-dhcp-discover now support
setting a client identifier. [nnposter]
o [GH#2331][GH#2471] Script oracle-tns-version was not reporting the version
correctly for Oracle 19c or newer [linholmes]
o [GH#2296][GH#2342] Script redis-info was crashing or producing inaccurate
information about client connections and/or cluster nodes. [nnposter]
o [GH#2379] Nmap and Nping were unable to obtain system routes on FreeBSD
[benpratt, nnposter]
o [GH#2464] Script ipidseq was broken due to calling an unreachable library
function. [nnposter]
o [GH#2420][GH#2436] Support for EC crypto was not properly enabled if Nmap
was compiled with OpenSSL in a custom location. [nnposter]
o [NSE] Improvements to event handling and pcap socket garbage collection,
fixing potential hangs and crashes. [Daniel Miller]
o We ceased creating the Nmap win32 binary zipfile. It was useful back when
you could just unzip it and run Nmap from there, but that hasn't worked well
for many years. The win32 self-installer handles Npcap installation and many
other dependencies and complexities. Anyone who needs the binaries for some
reason can still install Nmap on any system and retrieve them from there.
For now we're keeping the Win32 zipfile in the Nmap OEM Edition
(https://nmap.org/oem) for companies building Nmap into their own
products. But even in that case we believe that running the Nmap OEM
self-installer in silent mode is a better approach.
o [GH#2388] Fix TDS7 password encoding for mssql.lua, which had been assuming
ASCII input even though other parts of the library had been passing it Unicode.
o [GH#2402] Replace deprecated CPEs for IIS with their updated identifier,
cpe:/a:microsoft:internet_information_services [Esa Jokinen]
o [NSE][GH#2393] Fix script-terminating error when unknown BSON data types are
encountered. Added parsers for most standard data types. [Daniel Miller]
o [Ncat] Fix hostname/certificate comparison and matching to handle ASN.1
strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
o [Ncat][GH#2365] Added support for SOCKS5 proxies that return bind addresses
as hostnames, instead of IPv4/IPv6 addresses. [pomu0325]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 Jul 2023 20:51:44 +0000 (22:51 +0200)]
hplip: Update to version 3.23.5
- Update from version 3.22.6 to 3.23.5
- Update of rootfile
- Changelog
3.23.5 - This release has the following changes:
Added support for the following new Printers:
HP Color LaserJet Enterprise 6700dn
HP Color LaserJet Enterprise 6700
HP Color LaserJet Enterprise 6701dn
HP Color LaserJet Enterprise 6701
HP Color LaserJet Enterprise X654dn
HP Color LaserJet Enterprise X65455dn
HP Color LaserJet Enterprise X654
HP Color LaserJet Enterprise X65465dn
HP Color LaserJet Enterprise X654 65 PPM
HP Color LaserJet Enterprise X654 55 to 65ppm License
HP Color LaserJet Enterprise X654 Down License
HP Color LaserJet Enterprise MFP 6800dn
HP Color LaserJet Enterprise Flow MFP 6800zf
HP Color LaserJet Enterprise Flow MFP 6800zfsw
HP Color LaserJet Enterprise Flow MFP 6800zfw+
HP Color LaserJet Enterprise MFP 6800
HP Color LaserJet Enterprise MFP 6801
HP Color LaserJet Enterprise MFP 6801 zfsw
HP Color LaserJet Enterprise Flow MFP 6801zfw+
HP Color LaserJet Enterprise MFP X677 55 to 65ppm License
HP Color LaserJet Enterprise MFP X677 65ppm
HP Color LaserJet Enterprise MFP X677s
HP Color LaserJet Enterprise Flow MFP X677z
HP Color LaserJet Enterprise MFP X67765dn
HP Color LaserJet Enterprise Flow MFP X67765zs
HP Color LaserJet Enterprise Flow MFP X67765z+
HP Color LaserJet Enterprise MFP X677
HP Color LaserJet Enterprise MFP X67755dn
HP Color LaserJet Enterprise Flow MFP X67755zs
HP Color LaserJet Enterprise Flow MFP X67755z+
HP Color LaserJet Enterprise MFP X677dn
HP Color LaserJet Enterprise Flow MFP X677zs
HP Color LaserJet Enterprise Flow MFP X677z+
HP Color LaserJet Enterprise 5700dn
HP Color LaserJet Enterprise 5700
HP Color LaserJet Enterprise X55745dn
HP Color LaserJet Enterprise X55745
HP Color LaserJet Enterprise MFP 5800dn
HP Color LaserJet Enterprise MFP 5800f
HP Color LaserJet Enterprise Flow MFP 5800zf
HP Color LaserJet Enterprise MFP 5800
HP Color LaserJet Enterprise MFP X57945
HP Color LaserJet Enterprise Flow MFP X57945zs
HP Color LaserJet Enterprise MFP X57945dn
HP Color LaserJet Enterprise Flow MFP X57945z
3.23.3 - This release has the following changes:
Added support for following new Distro's:
LinuxMint 21.1
MxLinux 21.3
Elementary OS 7
Ubuntu 22.10
RHEL 8.6
RHEL 8.7
RHEL 9.1
Fedora 37
Added support for the following new Printers:
HP Smart Tank 520_540 series
HP Smart Tank 580-590 series
HP Smart Tank 5100 series
HP Smart Tank 210-220 series
3.22.10 - This release has the following changes:
Added support for following new Distro's:
Manjaro 21.3
Suse 15.4
RHEL 9
Linux Mint 21.0
Mx Linux 21.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 Jul 2023 20:51:43 +0000 (22:51 +0200)]
haproxy: Update to version 2.8.1
- Update from version 2.7.4 to 2.8.1
- Update of rootfile not required
- Changelog is too large to include here. Look in the CHANGELOG file in the source
tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 Jul 2023 20:51:42 +0000 (22:51 +0200)]
git: Update to version 2.41.0
- Update from version 2.38.1 to 2.41.0
- Update of rootfile
- Changelog is too large to show here. Look in the Source tarball in Documentation
RelNotes and each of the version numbers released - 2.38.2, 2.38.3, 2.38.4, 2.38.5,
2.39.0, 2.39.1, 2.39.2, 2.39.3, 2.40.0, 2.40.1, 2.41.0
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 Jul 2023 20:51:41 +0000 (22:51 +0200)]
fuse: Update to version 3.15.0
- Update from version 3.13.0 to 3.15.0
- Update of rootfile
- Changelog
3.15.0 (2023-06-09)
* Improved support for some less common systems (32 bit, alternative libcs)
* Unsupported mount options are no longer silently accepted.
* auto_unmount is now compatible with allow_other.
3.14.1 (2023-03-26)
* The extended attribute name passed to the setxattr() handler is no longer
truncated at the beginning (bug introduced in 3.13.0).
* As a result of the above, the additional setattr() flags introduced in 3.14 are no
longer available for now. They will hopefully be reintroduced in the next release.
* Further improvements of configuration header handling.
3.14.0 (2023-02-17)
* Properly fix the header installation issue. The fix in 3.13.1 resulted
in conflicts with other packages.
* Introduce additional setattr() flags (FORCE, KILL_SUID, KILL_SGID, FILE,
KILL_PRIV, OPEN, TIMES_SET)
3.13.1 (2023-02-03)
* Fixed an issue that resulted in errors when attempting to compile against
installed libfuse headers (because libc symbol versioning support was not
detected correctly in this case).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 Jul 2023 20:51:40 +0000 (22:51 +0200)]
frr: Update to version 8.5.2
- Update from version 8.0.1 to 8.5.2
- Update of rootfile
- tar.xz versions are no longer provided by the developers. They onl provide the tar.gz
that is automatically created by github. This started shortly after 8.0.1 was released
- Changelog is too large to include here. For full details see the changelog details at
https://github.com/FRRouting/frr/releases
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 Jul 2023 20:51:39 +0000 (22:51 +0200)]
freeradius: Update to version 3.2.3
- Update from version 3.0.26 to 3.2.3
- Update of rootfile
- Changelog
3.2.3
Feature Improvements
Add "max_retries" for connection pools. Fixes #4908. Patch from Nick Porter.
Update dictionary.ciena, dictionary.huawei, dictionary.wifialliance and
dictionary.wispr; add dictionary.eleven.
You can now list "eap" in the "pre-proxy" section. If the packet contains a
malformed EAP message, then the request will be rejected The home server
will either reject (or discard) this packet anyways, so this change can only
help with large proxy scenarios.
Show warnings if libldap is not using OpenSSL.
Support RADIUS/1.1. See
https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by
default, can be enabled by passing `--with-radiusv11` to the configure
script. For now, this is for testing interoperability.
Add extra sanity checks for malformed EAP attributes.
More TLS debugging output.
Clear old module instance data before HUP reload. Avoids burst memory use
when e.g. using large data files with rlm_files. Patch from Nick Porter.
`rlm_cache_redis` is now included in the freeradius-redis packages.
Separate out python2/python3 in Debian Packages. Previously python 2 or 3 was
built depending on the system default which led to confusion. We now build
both freeradius-python2 and freeradius-python3 packages where possible.
Bug Fixes
Don't leak MD contexts with OpenSSL 3.0.
Increase internal buffer size for TLS connections, which can help with
high-load proxies.
Send Status-Server checks for TLS connections.
Give descriptive error if "update CoA" is used with "fake" packets, as it
won't work. i.e. inner-tunnel and virtual home servers.
Many small ASAN / LSAN fixes from Jorge Pereira.
Close inbound RADIUS/TLS socket on TLS errors. When a home server sees a TLS
error, it will now close the socket, so proxies do not have an open (but
dead) TLS connection.
Fix mutex locking issues on inbound RADIUS/TLS connections This change avoids
random issues with "bad record mac".
Improve REST encoding loop. Patch from Herwin Weststrate. Closes #4950.
Correctly report the LDAP group a user was found in. Fixes #3084 Patch from
Nick Porter.
Force correct packet type when running Post-Auth-Type. Helps with #4980.
Fix small leak in Client-Lost code. Patch from Terry Burton. PR #4996.
Fix TCP socket statistics. Closes #4990.
Use NAS-Port-Id instead of NAS-Port during SQL simultaneous-use checks. Helps
with #5010.
3.2.2
Feature Improvements
The "configure" process now gives a much clearer report when it's finished.
Patches by Matthew Newton.
Fallback to "uname -n" on missing "hostname". Fixes #4771.
Export thread details in radmin "stats threads". Fixes #4770.
Improve queries for processing radacct into periodic usage data Fix from Nick
Porter.
Update dictionary.juniper.
Add dictionary.calix.
Fix dictionary.rfc6519 DS-Lite-Tunnel-Name to be "octets".
Update documentation for robust-proxy-accounting, and be more aggressive
about sending packets.
Add per-module README.md files in the source.
Add default Visual Studio configuration for developers.
Postgres can now automatically use alternate queries for errors other than
duplicate keys.
%{listen:TLS-PSK-Identity} is now set when using PSK and psk_query This helps
the server track the identity of the client which is connecting.
Include thread stats in Status-Server attributes. Fixes #4870.
Mark rlm_unbound stable and add to packages. Patches by Nick Porter.
Remove broken/unsupported Dockerfiles for centos8 and debian9.
Ensure Docker containers have stable uid/gid. Patches from Terry Burton.
Bug Fixes
Preliminary support for non-blocking TLS sockets. Helps with #3501.
Fix support for partial certificate chains after adding reload support.
Fixes #4753.
Fix handling of debug_condition.
Clean up home server states, and re-sync with the dictionaries.
Correct certificate order when creating TLS-* attributes Fixes #4785.
Update use of isalpha() etc. so broken configurations have less impact on the
server.
Outgoing TLS sockets now set SNI correctly from the "hostname" configuration
item.
Support Apple Homebrew on the M1. Fixes #4754.
Better error messages when %{listen:TLS-...} is used.
Getting statistics via Status-Server can now be done within a virtual server.
Fixes #4868.
Make TTLS+MS-CHAP work with TLS 1.3. Fixes #4878.
Fix md5 xlat memory leak when using OpenSSL 3. Fix by Terry Burton.
3.2.1
Feature Improvements
Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries,.
Add simultaneous-use queries for MS SQL.
Add radmin command for "stats pool <module-name>" Which prints out statistics
about the connection pools.
Client statistics now shows "conflicts", to count conflicting packets.
New optional "lightweight accounting-on/off" strategy. When refreshing
queries.conf you should also add the new nasreload table and corresponding
GRANTs to your DB schema.
Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps with Eduroam.
Suggested by Stefan Winter.
Allow auth+acct for TCP sockets, too.
Add rlm_cache_redis. See raddb/mods-available/cache for details.
Allow radmin to look up home servers by name, too.
Ensure that dynamic clients don't create loops on duplicates Reported by Sam
Yee.
Removed rlm_sqlhpwippool. There was no documentation, no configuration, and
the module was ~15 years old with no one using it.
Marked rlm_python3 as stable.
Add sigalgs_list. See raddb/mods-available/eap. Patch from Boris Lytochkin.
For rlm_linelog, when opening files in /dev, look at "permissions" to see
whether to open them r/w.
More flexibility for dynamic home servers. See
doc/configuration/dynamic_home_servers.md and raddb/home_servers/README.md.
Allow setting of application_name for PostgreSQL. See mods-available/sql.
Bug Fixes
Correct test for open sessions in radacct for MS SQL.
The linelog module now opens /dev/stdout in "write-only" mode if the
permissions are set to "u+w" (0002).
Various fixes to rlm_unbound from Nick Porter.
PEAP now correctly runs Post-Auth-Type Accept.
Create "TLS-Cert-*" for outbound Radsec, instead of TLS-Client-Cert-*
Fixes #4698. See sites-available/tls, and fix_cert_order.
Minor updates and fixes to CI, Dockerfiles and packaging.
Fix rlm_python3 build with python >= 3.10. Fixes #4441.
3.2.0
Feature Improvements
All features from 3.0.x are included in the 3.2.x releases. In addition:.
Add 'reset_day' and '%%r' parameter for rlm_sqlcounter to specify which day
of the month the counter should be reset.
Partial backport of rlm_json from v4, providing the json_encode xlat See
mods-available/json for documentation.
Support for haproxy "PROXY" protocol See sites-available/tls,
"proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/.
Support for sending CoA-Request and Disconnect-Request packets in "reverse"
down RadSec tunnels. Experimental for now, and undocumented.
It is now possible to run a virtual server when saving / loading TLS cache
attributes. See sites-available/tls-cache for more information.
Removed the "cram" module. It was undocumented, and used old and insecure
authentication methods.
Remove the "otp" module. The "otpd" program it needs is no longer available,
and the module has not been usable since at least 2015.
All features from 3.0.x are included in the 3.2.x releases.
3.2.0 requires OpenSSL 1.0.2 or greater.
Bug Fixes
All bug fixes from 3.0.x are included in the 3.2.x releases.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20060126 to 20100919
- Version 20100919 is the most recent version that is available as a .tar.gz file
There is a 20120503 version but it is only available as a .zip file
- This patch brings this package as up to date as it can be.
- Update of rootfile not required
- Changelog for changes made from Feb 2006 till 2010 is too large to show here - approx
5000 lines. See the contents of the ChangeLog file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 Jul 2023 20:51:37 +0000 (22:51 +0200)]
curl: Update to version 8.2.0
- Update from version 8.1.0 to 8.2.0
- Update of rootfile
- Changelog
8.2.0
Changes:
curl: add --ca-native and --proxy-ca-native
curl: add --trace-ids
CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS
haproxy: add --haproxy-clientip flag to set client IPs
lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID
Bugfixes:
bufq: make write/pass methods more robust
build: drop unused/redundant `HAVE_WINLDAP_H`
cf-socket: don't bypass fclosesocket callback if cancelled before connect
cf-socket: move ctx declaration under HAVE_GETPEERNAME
cf-socket: skip getpeername()/getsockname for TFTP
checksrc: modernise perl file open
checksrc: quote the file name to work with "funny" letters
CI: brew fix for openssl in default path
CI: don't install impacket if tests are not run
CI: enable parallel make in more builds
circleci: install impacket & wolfssl 5.6.0
cmake: add support for "unity" builds
cmake: make use of snprintf
cmake: stop CMake from quietly ignoring missing Brotli
configure: add check for ldap_init_fd
configure: fix run-compiler for old /bin/sh
configure: the --without forms of the options are also gone
connect-timeout.d: mention that the DNS lookup is included
curl.h: include <sys/select.h> for vxworks
curl: count uploaded data to stop at the originally given size
curl: return error when asked to use an unsupported HTTP version
curl_easy_nextheader.3: add missing open parenthesis examples
curl_log: evaluate log statement only when transfer is verbose
curl_mprintf.3: minor fix of the example
curl_pushheader_byname/bynum.3: document in their own man pages
curl_url_set: enforce the max string length check for all parts
CURLOPT_AWS_SIGV4.3: remove unused variable from example
CURLOPT_INFILESIZE.3: mention -1 triggers chunked
CURLOPT_MIMEPOST.3: clarify what setting to NULL means
CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search
docs/libcurl/libcurl.3: cleanups and improvements
docs: add more .IP after .RE to fix indentation of generate paragraphs
docs: fix missing parameter names in examples
docs: update CURLOPT_UPLOAD.3
docs: update HTTP3.md for newer ngtcp2 and nghttp3
docs: use a space after RFC when spelling out RFC numbers
example/connect-to: show CURLOPT_CONNECT_TO
example/crawler: also set CURLOPT_AUTOREFERER
example/crawler: make it use a few more options
example/default-scheme: set the default scheme for schemeless URLs
example/hsts-preload: show one way to HSTS preload
example/http2-download: set CURLOPT_BUFFERSIZE
example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use
example/maxconnects: set maxconnect example
example/opensslthreadlock: remove
examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS
examples/http-options: show how to send "OPTIONS *"
examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT
examples/multi-debugcallback.c: avoid the bool typedef
examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS
examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH
examples/websocket.c: websocket example using CONNECT_ONLY
examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR
fopen: fix conversion warning on 32-bit Android
fopen: optimize
hostip.c: Move macOS-specific calls into global init call
HTTP/2: upload handling fixes
http2: better support for --limit-rate
http2: error stream resets with code CURLE_HTTP2_STREAM
http2: fix crash in handling stream weights
http2: fix variable type
http2: h2 and h2-PROXY connection alive check fixes
http2: raise header limitations above and beyond
http2: send HEADER & DATA together if possible
http2: treat initial SETTINGS as a WINDOW_UPDATE
HTTP3.md: update openssl version
http3/ngtcp2: upload EAGAIN handling
http: rectify the outgoing Cookie: header field size check
hyper: fix EOF handling on input
hyper: unslow
imap-append.c: update to make it more likely to work
imap: Provide method to disable SASL if it is advertised
krb5: add typecast to please Coverity
libcurl-url.3: also mention CURLUPART_ZONEID
libcurl-ws.3. WebSocket API overview
libssh2: provide error message when setting host key type fails
libssh2: use custom memory functions
ngtcp2: assigning timeout, but value is overwritten before used
ngtcp2: build with 0.17.0 and nghttp3 0.13.0
ngtcp2: use ever increasing timestamp in io
quiche: avoid NULL deref in debug logging
quiche: fix defects found in latest coverity report
quote.d: fix indentation of generated paragraphs
runtests: abort test run after failure without -a
runtests: better handle ^C during slow tests
runtests: consistently write the test check summary block
runtests: create multiple test runners when requested
runtests: include missing valgrind package
runtests: make test file directories in log/N
runtests: rename server command file
runtests: use more consistent failure lines
runtests: work around a perl without SIGUSR1
runtests; give each server a unique log lock file
scripts: Fix GHA matrix job detection in cijobs.pl
sectransp: fix EOF handling
system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles
test2600: fix the description
test427: verify sending more cookies than fit in a 8190 bytes line
tests/http: Add mod_h2 directive `H2ProxyRequests`
tests/servers.pm: pick unused port number with a server socket
tests/servers: generate temp names in /tmp for unix domain sockets
tests: fix error messages & handling around sockets
tests: improve reliability of TFTP tests
testutil: allow multiple %-operators on the same line
timeval: use CLOCK_MONOTONIC_RAW if available
tls13-ciphers.d: include Schannel
tool: remove exclamation marks from error/warning messages
tool: remove newlines from all helpf/notef/warnf/errorf calls
tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION`
tool_getparam: fix comment
tool_operate: allow cookie lines up to 8200 bytes
tool_parsecfg: accept line lengths up to 10M
tool_urlglob: use curl_off_t instead of longs
tool_writeout_json: fix encoding of control characters
transfer: clear credentials when redirecting to absolute URL
urlapi: have *set(PATH) prepend a slash if one is missing
urlapi: scheme must start with alpha
vtls: avoid memory leak if sha256 call fails
websocket-cb: example doing WebSocket download using callback
wolfssl: detect when TLS 1.2 support is not built into wolfssl
wolfssl: support setting CA certificates as blob
ws: make the curl_ws_meta() return pointer a const
8.1.2
Bugfixes:
configure: quote the assignments for run-compiler
configure: without pkg-config and no custom path, use -lnghttp2
curl: cache the --trace-time value for a second
http2: fix EOF handling on uploads with auth negotiation
http3: send EOF indicator early as possible
lib1560: verify more scheme guessing
lib: remove unused functions, make single-use static
libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
libssh: when keyboard-interactive auth fails, try password
misc: fix spelling mistakes
page-header: mention curl version and how to figure out current release
page-header: minor wording polish in the URL segment
scripts/singleuse.pl: add more API calls
urlapi: remove superfluous host name check
8.1.1
Bugfixes:
cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND
checksrc: disallow spaces before labels
cmake: avoid `list(PREPEND)` for compatibility
cmake: repair cross compiling
configure: fix --help alignment
configure: generate a script to run the compiler
curl_easy_getinfo: clarify on return data types
docs: document that curl_url_cleanup(NULL) is a safe no-op
hostip: move easy_lock.h include above curl_memory.h
http2: double http request parser max line length
http2: increase stream window size to 10 MB
http2: upload improvements
lib: fix conversion warnings with gcc on macOS
lib: rename struct 'http_req' to 'httpreq'
ngtcp2: fix compiler warning about possible null-deref
ngtcp2: proper handling of uint64_t when adjusting send buffer
os400: update chkstrings.c
runtests: handle interrupted reads from IPC pipes
runtests: use the correct fd after select
sectransp.c: make the code c89 compatible
select: avoid returning an error on EINTR from select() or poll()
test425: fix the log directory for the upload
url: provide better error message when URLs fail to parse
urlapi: allow numerical parts in the host name
vquic.c: make recvfrom_packets static, avoid compiler warning
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Robin Roevens [Wed, 19 Jul 2023 20:29:18 +0000 (22:29 +0200)]
zabbix_agentd: Add ovpn monitoring items
Added new IPFire specific monitoring capabilities to Zabbix Agent:
- ipfire.ovpn.clients.discovery: Discovery of configured ovpn
clients. Returns a JSON array.
- ipfire.ovpn.statusreport.get: Parses and returns
/var/run/ovpnserver.log in a JSON array
Since /var/run/ovpnserver.log is only readable by root, 'cat' of that
file is added to sudoers.d/zabbix_agentd.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Robin Roevens [Wed, 19 Jul 2023 20:29:17 +0000 (22:29 +0200)]
zabbix_agentd: Update to 6.0.19 (LTS)
- Update from version 6.0.16 to 6.0.19
- Update of rootfile not required
Bugs fixed:
- ZBX-22798:
Incorrect output of vfs.file.contents when reading frequently
modified file
- ZBX-22470:
Zabbix Agent locks in tls_recv() when using DebugLevel=5
- ZBX-21892:
vfs.fs.get returns wrong data if multiple file systems have identical
mount point
Full changelogs since 6.0.16:
- https://www.zabbix.com/rn/rn6.0.17
- https://www.zabbix.com/rn/rn6.0.18
- https://www.zabbix.com/rn/rn6.0.19
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Jul 2023 20:04:26 +0000 (22:04 +0200)]
ebtables: Update to version 2.0.11
- Update from version 2.0.10-4 (Sep 2014) to 2.0.11 (Dec 2019)
- Update of rootfile
- Deletion of patch to prevent installing in usr/local as new tarball now has a ./configure
file that enables setting prefix to /usr and sysconfdir to /etc
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Jul 2023 11:12:37 +0000 (13:12 +0200)]
sdl2: Update to version 2.28.1
- Update from version 2.26.5 to 2.28.1
- Update of rootfile
- Changelog
2.28.1
This is a stable bugfix release, with the following changes:
Added support for the Nintendo Online Famicom controllers
Improved support for third-party Nintendo Switch controllers
Fixed setting the player LED on Nintendo Switch controllers
Added Linux controller mapping for the Logitech Chillstream
Fixed appending to a file greater than 4GB in size on Windows
2.28.0
Thanks to all the people who contributed code and feedback, SDL 2.28.0 is now
available!
In addition to lots of bug fixes, here are the major changes in this release:
General:
Added SDL_HasWindowSurface() and SDL_DestroyWindowSurface() to switch between
the window surface and rendering APIs
Added a display event SDL_DISPLAYEVENT_MOVED which is sent when the primary
monitor changes or displays change position relative to each other
Added the hint SDL_HINT_ENABLE_SCREEN_KEYBOARD to control whether the
on-screen keyboard should be shown when text input is active
With this release, SDL 2.0 is entering maintenance mode. While we will continue
to support the library and provide stable bug fix updates, the SDL team is
focusing on SDL 3.0 and all new feature development will be happening there. We
are simultaneously bringing up sdl2-compat so your existing SDL 2.0 applications
can run on the SDL 3.0 runtime in the future.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Jul 2023 11:12:35 +0000 (13:12 +0200)]
meson: Update to version 1.2.0
- Update from version 0.64.1 to 1.2.0
- Update of rootfile
- Changelog is too large to include here. To see details for the versions 1.0.0, 1.1.0
and 1.2.0 see https://mesonbuild.com/Release-notes.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Jul 2023 11:12:34 +0000 (13:12 +0200)]
harfbuzz: Update to version 8.0.1
- Update from version 7.3.0 to 8.0.1
- Update of rootfile
- Changelog
Overview of changes leading to 8.0.1
- Build fix on 32-bit arm.
- More speed optimizations:
- 60% speedup in retaingids subsetting SourceHanSans-VF.
- 38% speed up in subsetting (beyond-64k) mega-merged Noto.
- 16% speed up in retain-gid (used for IFT) subsetting of NotoSansCJKkr.
Overview of changes leading to 8.0.0
- New, experimental, WebAssembly (WASM) shaper, that provides greater
flexibility over OpenType/AAT/Graphite shaping, using WebAssembly embedded
inside the font file. Currently WASM shaper is disabled by default and needs
to be enabled at build time. For details, see:
https://github.com/harfbuzz/harfbuzz/blob/main/docs/wasm-shaper.md
For example fonts making use of the WASM shaper, see:
https://github.com/simoncozens/wasm-examples
- Improvements to Experimental features introduced in earlier releases:
- Support for subsetting beyond-64k and VarComposites fonts.
- Support for instancing variable fonts with cubic “glyf” table.
- Many big speed optimizations:
- Up to 89% speedup loading variable fonts for shaping.
- Up to 88% speedup in small subsets of large (eg. CJK) fonts (both TTF and
OTF), essential for Incremental Font Transfer (IFT).
- Over 50% speedup in loading Roboto font for shaping.
- Up to 40% speed up in loading (sanitizing) complex fonts.
- 30% speed up in shaping Gulzar font.
- Over 25% speedup in glyph loading Roboto font.
- 10% speed up loading glyph shapes in VarComposite Hangul font.
- hb-hashmap optimizations & hashing improvements.
- New macro HB_ALWAYS_INLINE. HarfBuzz now inlines functions more aggressively,
which results in some speedup at the expense of bigger code size. To disable
this feature define the macro to just inline.
- New API:
+HB_CODEPOINT_INVALID
+hb_ot_layout_get_baseline2()
+hb_ot_layout_get_baseline_with_fallback2()
+hb_ot_layout_get_font_extents()
+hb_ot_layout_get_font_extents2()
+hb_subset_input_set_axis_range()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 12 Jul 2023 11:30:55 +0000 (13:30 +0200)]
udev: Update to version 3.2.12
- Update from version 3.2.11 to 3.2.12
- Update of rootfile
- Changelog
3.2.12
-rules/50-udev-default.rules: add PTP entry for Hyper-V/Azure by @dermotbradley
in #218
-Add the BUILD instructions for Gentoo by @lu-zero in #224
-Fix warnings by @bbonev in #222
-udev: add udev_dir as synonym of udevdir by @oreo639 in #225
-build: Remove dead g-i-r configuration by @akiernan in #231
-Hwdb.7 by @bbonev in #221
-Precompiled hwdb by @bbonev in #223
-Merge suitable rules changes from systemd by @bbonev in #220
-Merge hwdb from systemd by @bbonev in #219
-Fix problems detected by fortified builds by @bbonev in #232
-Avoid warning on 32bit by @bbonev in #233
-Systemd PR 24353 by @bbonev in #239
-Do not free a static string by @bbonev in #238
-man: udev.7, mention /usr/lib with split-usr by @omnivagant in #246
-Missing tools by @bbonev in #240
-Fix compile-time issue on very old kernels by @cockroach in #247
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 10 Jul 2023 09:23:51 +0000 (11:23 +0200)]
libxcrypt: Update to version 4.4.36
- Update from version 4.4.33 to 4.4.36
- Update of rootfile not required
- Changelog
Version 4.4.36
* Fix left over bits failing with Perl v5.38.0 (issue #173).
Version 4.4.35
* Fix build with Perl v5.38.0 (issue #170).
* Fix build with MinGW-w(32|64).
Version 4.4.34
* Update build-aux/m4/ax_valgrind_check.m4 to v23.
* Optimize some cast operation for performance in
lib/alg-yescrypt-platform.c.
* Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c.
* Explicitly clean the stack and context state after computation in
lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c
(issue #168).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
