Michael Tremer [Tue, 31 May 2022 11:26:19 +0000 (11:26 +0000)]
cdrom: Drop menu option for HDT
The Hardware Detection Tool does not work and I do not think it is worth
to investigate. It is an ancient piece of software which does not work
on EFI systems which are becoming more and more common.
Since this has presumably been broken for a long time which nobody has
reported I assume that nobody is using it. There are indeed lots better
live CDs out there with much better diagnostic tools.
Fixes: #12870 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 10 May 2022 10:30:44 +0000 (12:30 +0200)]
libxslt: Update to version 1.1.35
- Update from version 1.1.34 to 1.1.35
- Update of rootfile
- Changelog
v1.1.35: Feb 16 2022:
- Security:
[CVE-2021-30560] Fix use-after-free in xsltApplyTemplates
Fix memory leak in xsltDocumentElem (David King)
Fix memory leak in xsltCompileIdKeyPattern (David King)
Fix double-free with stylesheets containing entity nodes
- Fixed regressions:
Fix performance regression with predicates in patterns
Fix regression in xsltComputeSortResult
- Bug fixes:
Fix conflict resolution for templates with same priority
Fix xsl:number generating invalid UTF-8
Support attribute value templates in xsl:sort lang attributes
Don't pass first <xsl:sort> in <xsl:apply-templates> twice
Fix quadratic runtime with text and <xsl:message>
Don't allow empty EXSLT durations
- Improvements:
Add xsltproc --huge Argument via libxml XML_PARSE_HUGE (William N. Braswell, Jr.)
- Tests, code quality, fuzzing:
Remove .travis.yml
Fix some misleading indentation (David King)
Use actual types for templates in struct _xsltStylesheet
Add CI for CMake on MSVC (Markus Rickert)
Check for null pointer before calling freelocale
Add CI test for Python 3
Don't set maxDepth in XPath contexts
Transfer XPath limits to XPtr context
Stop using maxParserDepth XPath limit
Make long-to-double cast explicit in date.c
Disable LeakSanitizer
Run clang CI tests with -Wimplicit-int-conversion
Fix implicit-int-conversion warning in exslt/crypto.c
Fix clang -Wimplicit-int-conversion warning (David Kilzer)
Fix clang -Wconditional-uninitialized warning in libxslt/numbers.c (David Kilzer)
Fix -Wshadow warnings in libexslt/dynamic.c (David Kilzer)
Also search parent dir for source XML when fuzzing
- Build system, portability:
Add CMake build files (Markus Rickert)
Initial support for Python 3 (Suleyman Poyraz)
Call ANSI versions of WinAPI functions explicitly
Remove redundant flags from pkg-config files
Suppress automake warning in tests/XSLTMark
Fix linking libexslt dynamic library when using MinGW (Vadim Zeitlin)
Added platform specific path separators (Dmitriy Korovkin)
win32: allow passing *FLAGS on command line
Fix export of xsltExtMarker on Windows (David Kilzer)
Fix redundant includes already in libexslt.h (David Kilzer)
Minor fixes to configure.js
Fix variable syntax in Python configuration
Add new EXSLT string tests to EXTRA_DIST
Fix xml2-config check in configure script
win32: Add configuration for profiler (Chun-wei Fan)
Check whether 'xml2-config --dynamic' is supported
- Documentation:
Add Makefile rule to regenerate xsltproc.html
Update links
Remove MAINTAINERS
Upload documentation to GitLab Pages
Add documentation in devhelp format
Add --enable-rebuild-docs configure option
Fix libexslt header summaries
Fix validity of tutorial XML (David King)
Use DocBook URL for tutorial DTD (David King)
Update libxslt.doap
Add missing options to xsltproc man page
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 10 May 2022 10:30:32 +0000 (12:30 +0200)]
libxml2: Update to version 2.9.14
- Update from version 2.9.12 to 2.9.14
- Update of rootfile
- Changelog
v2.9.14: May 02 2022:
- Security:
[CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
Fix potential double-free in xmlXPtrStringRangeFunction
Fix memory leak in xmlFindCharEncodingHandler
Normalize XPath strings in-place
Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()
(David Kilzer)
Fix leak of xmlElementContent (David Kilzer)
- Bug fixes:
Fix parsing of subtracted regex character classes
Fix recursion check in xinclude.c
Reset last error in xmlCleanupGlobals
Fix certain combinations of regex range quantifiers
Fix range quantifier on subregex
- Improvements:
Fix recovery from invalid HTML start tags
- Build system, portability:
Define LFS macros before including system headers
Initialize XPath floating-point globals
configure: check for icu DEFS (James Hilliard)
configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
Fix build with older Python versions
Fix --without-valid build
v2.9.13: Feb 19 2022:
- Security:
[CVE-2022-23308] Use-after-free of ID and IDREF attributes
(Thanks to Shinji Sato for the report)
Use-after-free in xmlXIncludeCopyRange (David Kilzer)
Fix Null-deref-in-xmlSchemaGetComponentTargetNs (huangduirong)
Fix memory leak in xmlXPathCompNodeTest
Fix null pointer deref in xmlStringGetNodeList
Fix several memory leaks found by Coverity (David King)
- Fixed regressions:
Fix regression in RelaxNG pattern matching
Properly handle nested documents in xmlFreeNode
Fix regression with PEs in external DTD
Fix random dropping of characters on dumping ASCII encoded XML (Mohammad Razavi)
Revert "Make schema validation fail with multiple top-level elements"
Fix regression when parsing invalid HTML tags in push mode
Fix regression parsing public IDs literals in HTML
Fix buffering in xmlOutputBufferWrite
Fix whitespace when serializing empty HTML documents
Fix XPath recursion limit
Fix regression in xmlNodeDumpOutputInternal
Work around lxml API abuse
- Bug fixes:
Fix xmlSetTreeDoc with entity references
Fix double counting of CRLF in comments
Make sure to grow input buffer in xmlParseMisc
Don't ignore xmllint options after "-"
Don't normalize namespace URIs in XPointer xmlns() scheme
Fix handling of XSD with empty namespace
Also register HTML document nodes
Make xmllint return an error if arguments are missing
Fix handling of ctxt->base in xmlXPtrEvalXPtrPart
Fix xmllint --maxmem
Fix htmlReadFd, which was using a mix of xml and html context functions (Finn Barber)
Move current position before possible calling of ctxt->sax->characters (Yulin Li)
Fix parse failure when 4-byte character in UTF-16 BE is split across a chunk (David Kilzer)
Patch to forbid epsilon-reduction of final states (Arne Becker)
Avoid segfault at exit when using custom memory functions (Mike Dalessio)
- Tests, code quality, fuzzing:
Remove .travis.yml
Make xmlFuzzReadString return a zero size in error case
Fix unused function warning in testapi.c
Update NewsML DTD in test suite
Add more checks for malloc failures in xmllint.c
Avoid potential integer overflow in xmlstring.c
Run CI tests with UBSan implicit-conversion checks
Fix casting of line numbers in SAX2.c
Fix integer conversion warnings in hash.c
Add explicit casts in runtest.c
Fix integer conversion warning in xmlIconvWrapper
Add suffix to unsigned constant in xmlmemory.c
Add explicit casts in testchar.c
Fix integer conversion warnings in xmlstring.c
Add explicit cast in xmlURIUnescapeString
Remove unused variable in xmlCharEncOutFunc (David King)
- Build system, portability:
Remove xmlwin32version.h
Fix fuzzer test with VPATH build
Support custom prefix when installing Python module
Remove Makefile.win
Remove CVS and SVN-related code
Port python 3.x module to Windows and improve distutils (Chun-wei Fan)
Correctly install the HTML examples into their subdirectory (Mattia Rizzolo)
Refactor the settings of $docdir (Mattia Rizzolo)
Remove unused configure checks (Ben Boeckel)
python/Makefile.am: use *_LIBADD, not *_LDFLAGS for LIBS (Sam James)
Fix check for libtool in autogen.sh
Use version in configure.ac for CMake (Timothy Lyanguzov)
Add CMake alias targets for embedded projects (Markus Rickert)
- Documentation:
Remove SVN keyword anchors
Rework README
Remove README.cvs-commits
Remove old ChangeLog
Update hyperlinks
Remove README.docs
Remove MAINTAINERS
Remove xmltutorial.pdf
Upload documentation to GitLab pages
Document how to escape XML_CATALOG_FILES
Fix libxml2.doap
Update URL for libxml++ C++ binding (Kjell Ahlstedt)
Generate devhelp2 index file (Emmanuele Bassi)
Mention XML_CATALOG_FILES is space-separated (Jan Tojnar)
Add documentaiton for xmllint exit code 10 (Rainer Canavan)
Fix some validation errors in the FAQ (David King)
Add instructions on how to use CMake to compile libxml (Markus Rickert)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 10 May 2022 10:30:58 +0000 (12:30 +0200)]
libyang: Update to version 2.0.194
- Update from version 2.0.7 to 2.0.194
- Update of rootfile
- Changelog
Version 2.0.194 Latest
major yanglint improvements
minor XPath fixes
nested extension handling fixes
other minor bugfixes
RPM scripts updated
Version 2.0.164
Windows support (thanks to @jktjkt)
Schema Mount support
schema compilation fixes
minor schema printer fixes
user-ordered list diff bugfix
JSON anyxml/anydata format fixed
XML parser CDATA support
module caching improvements
doc improvements
many other various bugfixes
Version 2.0.112
support for XPath variables
minor doxygen improvements
LYB format bugfixes
many other bugfixes
Version 2.0.97
LYB format data length limit of 64kB lifted
YANG error-app-tag and error-message improved support
XPath * evaluation fix
other minor XPath fixes
Version 2.0.88
changed compilation to pedantic and use C11 standard
major JSON parser fixes
LYB format updated and performance improved
LYB big-endian fixes
opaque node fixes
major identity handling fixes
schema compilation refactorization and fixes
data validation fixes
NETCONF RPC filter attribute support
many other minor fixes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3380300 to 3380500
- Update of rootfile not required
- Changelog
Version 3.38.5
The 3.38.4 patch release included a minor change to the CLI source code that did not
work. The release manager only ran a subset of the normal release tests, and hence
did not catch the problem. As a result, the CLI will segfault when using columnar
output modes in version 3.38.4. This blunder did not affect the core SQLite library.
It only affected the CLI.
Take-away lesson: Always run all of your tests prior to a release - even a trival
patch release. Always.
The 3.38.5 patch release fixes the 3.38.4 blunder.
Version 3.38.4
Another user-discovered problem in the new Bloom filter optimization is fixed in this
patch release. Without the fix, it is possible for a multi-way join that uses a
Bloom filters for two or more tables in the join to enter an infinite loop if the
key constraint on one of those tables contains a NULL value.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 22 May 2022 21:43:00 +0000 (23:43 +0200)]
gdb: Update to version 12.1
- Update from version 11.2 to 12.1
- Update of rootfile
- Changelog
GDB 12.1 Released!
This version of GDB includes the following changes and enhancements:
New support for the following native configuration:
GNU/Linux/OpenRISC or1k*-*-linux*
New support for the following targets:
GNU/Linux/LoongArch loongarch*-*-linux*
New GDBserver support on the following configuration:
GNU/Linux/OpenRISC or1k*-*-linux*
Support for the following target has been removed:
S+core score-*-*
Multithreaded symbol loading is now enabled by default
Deprecation Notices:
GDB 12 is the last release of GDB that will support building against Python 2
DBX mode is deprecated, and will be removed in GDB 13
GDB/MI changes:
The '-add-inferior' with no option flags now inherits the connection of the
current inferior, this restores the behaviour of GDB as it was prior to
GDB 10.
The '-add-inferior' command now accepts a '--no-connection' option, which
causes the new inferior to start without a connection.
Python API enhancements:
It is now possible to add GDB/MI commands implemented in Python
New function gdb.Architecture.integer_type()
New gdb.events.gdb_exiting event
New 'gdb.events.connection_removed' event registry
New gdb.TargetConnection object
New gdb.Inferior.connection property
New read-only attribute gdb.InferiorThread.details
New gdb.RemoteTargetConnection.send_packet method
New read-only attributes gdb.Type.is_scalar and gdb.Type.is_signed
The gdb.Value.format_string method now takes a 'styling' argument
Various new function in the "gdb" module
Miscellaneous:
The FreeBSD native target now supports async mode
Improved C++ template support
Support for disabling source highlighting through GNU of the Pygments
library instead.
The "print" command has been changed so as to print floating-point values
with a base-modifying formats such as "/x" to display the underlying bytes
of the value in the desired base.
The "clone-inferior" command now ensures that the TTY, CMD and ARGS settings
are copied from the original inferior to the new one. All modifications to
the environment variables done using the 'set environment' or 'unset
environment' commands are also copied to the new inferior.
Various new commands have been introduced
GDB 11.2 Released!
This is a minor corrective release over GDB 11.1, fixing the following issues:
PR sim/28302 (gdb fails to build with glibc 2.34)
PR build/28318 (std::thread support configure check does not use CXX_DIALECT)
PR gdb/28405 (arm-none-eabi: internal-error: ptid_t
remote_target::select_thread_for_ambiguous_stop_reply(const target_waitstatus*):
Assertion `first_resumed_thread != nullptr' failed)
PR tui/28483 ([gdb/tui] breakpoint creation not displayed)
PR build/28555 (uclibc compile failure since commit 4655f8509fd44e6efabefa373650d9982ff37fd6)
PR rust/28637 (Rust characters will be encoded using DW_ATE_UTF)
PR gdb/28758 (GDB 11 doesn't work correctly on binaries with a SHT_RELR
(.relr.dyn) section)
PR gdb/28785 (Support SHT_RELR (.relr.dyn) section)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Thu, 19 May 2022 09:40:27 +0000 (09:40 +0000)]
aws-cli: Update to 1.23.12
This package and python3-botocore have to match exactly. Amazon does not
seem to care too much about compatibility between different versions
which is why we need to keep both in sync.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 19 May 2022 09:40:25 +0000 (09:40 +0000)]
cloud: Execute user-data scripts at the end of initialization
This is useful when the user-data needs to reboot an instance.
Previously, some initialization did not happen which is now being done
first before the user-data script is being executed.
This gives users more flexibility about what they are doing in those
scripts.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 11 May 2022 08:40:30 +0000 (10:40 +0200)]
xfsprogs: Update to version 5.16.0
- Update from 5.14.2 to 5.16.0
- Update of rootfile
- Changelog
5.16.0
This release is almost 100% a libxfs sync. I'm trying to catch up, and the
next release will be 5.18.0-rc0, with both 5.17 and 5.18 libxfs changes synced.
(there are very few).
At that point I'll finally start pulling in more functional changes.
xfsprogs-5.16.0 (04 May 2022)
- libxfs: remove kernel stubs from xfs_shared.h (Eric Sandeen)
- debian: Generate .gitcensus instead of .census (Bastian Germann))
xfsprogs-5.16.0-rc0 (28 Apr 2022)
- libxfs changes merged from kernel 5.16
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 10 May 2022 10:31:55 +0000 (12:31 +0200)]
lzip: Update to version 1.23
- Update from 1.22 to 1.23
- Update of rootfile not required
- Changelog
Version 1.23 released.
* Decompression time has been reduced by 5-12% depending on the file.
* main.cc (getnum): Show option name and valid range if error.
* Improve several descriptions in manual, '--help', and man page.
* lzip.texi: Change GNU Texinfo category to 'Compression'.
(Reported by Alfred M. Szmidt).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 11 May 2022 08:39:35 +0000 (10:39 +0200)]
libnetfilter_cthelper: Update to version 1.0.1
- Update from version 1.0.0 to 1.0.1
- Update of rootfile not required
- Changelog
1.0.1
* Allow build on uclinux
* Use after free in nfct_helper_free()
* Double free in nfct-helper-add example
* Invalid argument error in nftc-helper-add
* Incorrect netlink message building with multiple nfct helper policies
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 11 May 2022 08:40:02 +0000 (10:40 +0200)]
libnetfilter_cttimeout: Update to version 1.0.1
- Update from 1.0.0 to 1.0.1
- Update of rootfile not required
- Changelog
1.0.1
* Warnings with automake-1.12
* Allow building on uclinux
* Fix building with clang
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 22 May 2022 21:43:15 +0000 (23:43 +0200)]
git: Update to version 2.36.1
- Update from version 2.36.0 to 2.36.1
- Update of rootfile not required
- Changelog
Git v2.36.1 Release Notes
Fixes since v2.36
* "git submodule update" without pathspec should silently skip an
uninitialized submodule, but it started to become noisy by mistake.
* "diff-tree --stdin" has been broken for about a year, but 2.36
release broke it even worse by breaking running the command with
<pathspec>, which in turn broke "gitk" and got noticed. This has
been corrected by aligning its behaviour to that of "log".
* Regression fix for 2.36 where "git name-rev" started to sometimes
reference strings after they are freed.
* "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec
when showing the second and subsequent commits, which has been
corrected.
* "git fast-export -- <pathspec>" lost the pathspec when showing the
second and subsequent commits, which has been corrected.
* "git format-patch <args> -- <pathspec>" lost the pathspec when
showing the second and subsequent commits, which has been
corrected.
* Get rid of a bogus and over-eager coccinelle rule.
* Correct choices of C compilers used in various CI jobs.
Also contains minor documentation updates and code clean-ups.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Matthias Fischer [Thu, 26 May 2022 15:25:38 +0000 (17:25 +0200)]
logrotate: Update to 3.20.1
For details since v3.18.0 see:
https://github.com/logrotate/logrotate/releases/tag/3.20.1
https://github.com/logrotate/logrotate/releases/tag/3.20.0
https://github.com/logrotate/logrotate/releases/tag/3.19.0
logrotate-3.20.1
drop world-readable permission on state file even when ACLs are enabled (#446)
logrotate-3.20.0
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
fix a misleading debug message with copytruncate and rotate 0 (#443)
add support for unsigned time_t (#438)
do not lock state file /dev/null (#433)
logrotate-3.19.0
continue on EINTR in compressLogFile() (#430)
enforce stricter parsing of configuration files (#427, #431)
avoid confusing error message in debug mode (#426)
fix full_write() on incomplete write (#415)
do not use alloca() any more (#412)
do not rotate hard links unless allowhardlink is used (#407)
change directory after dropping privileges (#397)
add defence in depth when dropping privileges (#400)
remove invalid configuration on error (#408)
do not open symbolic link log files by accident (#399)
do not write state if state file is /dev/null (#395)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 22 May 2022 21:43:28 +0000 (23:43 +0200)]
iptables: Update to version 1.8.8
- Update from version 1.8.7 to 1.8.8
- Update of rootfile
- Changelog
Version 1.8.8
extensions: libxt_conntrack: use bitops for state negation
extensions: libxt_conntrack: use bitops for status negation
xtables: Call init_extensions6() for static builds
xtables: Call init_extensions{,a,b}() for static builds
iptables-nft: fix -Z option
libxtables: exit if called by setuid executeable
iptables-nft: allow removal of empty builtin chains
extensions: tcpmss: add iptables-translate support
nft-shared: set correct register value
nft-shared: support native tcp port delinearize
nft-shared: support native tcp port range delinearize
nft-shared: support native udp port delinearize
nft: prefer native expressions instead of udp match
nft: prefer native expressions instead of tcp match
nft-shared: add tcp flag dissection
nft: add support for native tcp flag matching
tests: shell: fix bashism
nft: fix indentation error.
tests: iptables-test: correct misspelt variable
extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases
extensions: libxt_NFLOG: remove extra space when saving targets with prefixes
build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT`
extensions: libxt_NFLOG: fix typo
tests: iptables-test: rename variable
tests: add `NOMATCH` test result
tests: support explicit variant test result
tests: NFLOG: enable `--nflog-range` tests
xshared: Implement xtables lock timeout using signals
extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG
extensions: libxt_NFLOG: don't truncate log prefix on print/save
extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases
fix build for missing ETH_ALEN definition
libxtables: extend xlate infrastructure
tests: xlate-test: support multiline expectation
extensions: libxt_connlimit: add translation
extensions: libxt_tcp: rework translation to use flags match representation
extensions: libxt_conntrack: simplify translation using negation
extensions: libxt_multiport: add translation for -m multiport --ports
nft-shared: update context register for bitwise expression
nft: pass struct nft_xt_ctx to parse_meta()
nft: native mark matching support
nft: pass handle to helper functions to build netlink payload
nft: prepare for dynamic register allocation
nft: split gen_payload() to allocate register and initialize expression
configure: bump version for 1.8.8 release
ip6tables: masquerade: use fully-random so that nft can understand the rule
ebtables: Exit gracefully on invalid table names
include: Drop libipulog.h
nft: Fix bitwise expression avoidance detection
xtables-translate: Fix translation of odd netmasks
libxtables: Simplify xtables_ipmask_to_cidr() a bit
nft: cache: Sort chains on demand only
nft: Increase BATCH_PAGE_SIZE to support huge rulesets
extensions: sctp: Explain match types in man page
Eliminate inet_aton() and inet_ntoa()
nft-arp: Make use of ipv4_addr_to_string()
extensions: SECMARK: Implement revision 1
xtables: Make invflags 16bit wide
xshared: Eliminate iptables_command_state->invert
xshared: Merge invflags handling code
ebtables-translate: Use shared ebt_get_current_chain() function
Use proto_to_name() from xshared in more places
extensions: sctp: Fix nftables translation
extensions: sctp: Translate --chunk-types option
libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
extensions: libebt_ip6: Drop unused variables
libxtables: Fix memleak in xtopt_parse_hostmask()
nft: Avoid memleak in error path of nft_cmd_new()
nft: Avoid buffer size warnings copying iface names
iptables-apply: Drop unused variable
extensions: libebt_ip6: Use xtables_ip6parse_any()
libxtables: Introduce xtables_strdup() and use it everywhere
extensions: libxt_string: Avoid buffer size warning for strncpy()
doc: ebtables-nft.8: Adjust for missing atomic-options
ebtables: Dump atomic waste
nft: Fix for non-verbose check command
tests/shell: Assert non-verbose mode is silent
extensions: hashlimit: Fix tests with HZ=100
iptables-test: Make netns spawning more robust
extensions: libxt_mac: Fix for missing space in listing
nft: Use xtables_malloc() in mnl_err_list_node_add()
nft: Use xtables_{m,c}alloc() everywhere
tests: iptables-test: Fix missing chain case
tests: xlate-test: Don't skip any input after the first empty line
tests: xlate-test: Print errors to stderr
tests: iptables-test: Print errors to stderr
tests: xlate-test: Exit non-zero on error
tests: iptables-test: Exit non-zero on error
tests: shell: Return non-zero on error
ebtables: Avoid dropping policy when flushing
tests: iptables-test: Fix conditional colors on stderr
nft: cache: Avoid double free of unrecognized base-chains
nft: Check base-chain compatibility when adding to cache
nft-chain: Introduce base_slot field
nft: Delete builtin chains compatibly
nft: Introduce builtin_tables_lookup()
xshared: Store optstring in xtables_globals
nft-shared: Introduce init_cs family ops callback
xtables: Simplify addr_mask freeing
nft: Add family ops callbacks wrapping different nft_cmd_* functions
xtables-standalone: Drop version number from init errors
libxtables: Introduce xtables_globals print_help callback
arptables: Use standard data structures when parsing
nft-arp: Introduce post_parse callback
nft-shared: Make nft_check_xt_legacy() family agnostic
xtables: Derive xtables_globals from family
xtables: arptables accepts empty interface names
nft: Merge xtables-arp-standalone.c into xtables-standalone.c
Unbreak xtables-translate
xlate-test: Print full path if testing all files
extensions: hashlimit: Fix tests with HZ=1000
xshared: Merge and share parse_chain()
nft: Change whitespace printing in save_rule callback
xshared: Share print_iface() function
xshared: Share save_rule_details() with legacy
xshared: Share save_ipv{4,6}_addr() with legacy
xshared: Share print_rule_details() with legacy
xshared: Share print_fragment() with legacy
xshared: Share print_header() with legacy iptables
nft-shared: Drop unused function print_proto()
xshared: Make load_proto() static
xshared: Share print_match_save() between legacy ip*tables
xshared: Share a common printhelp function
xshared: Share exit_tryhelp()
xtables_globals: Embed variant name in .program_version
libxtables: Extend basic_exit_err()
iptables-*-restore: Drop pointless line reference
xtables: Drop xtables' family on demand feature
xtables: Pull table validity check out of do_parse()
xtables: Move struct nft_xt_cmd_parse to xshared.h
xtables: Pass xtables_args to check_empty_interface()
xtables: Pass xtables_args to check_inverse()
xtables: Do not pass nft_handle to do_parse()
xshared: Move do_parse to shared space
xshared: Store parsed wait and wait_interval in xtables_args
nft: Move proto_parse and post_parse callbacks to xshared
iptables: Use xtables' do_parse() function
ip6tables: Use the shared do_parse, too
extensions: *NAT: Kill multiple IPv4 range support
xshared: Fix response to unprivileged users
nft: Use verbose flag to toggle debug output
iptables-restore: Support for extra debug output
nft: Set NFTNL_CHAIN_FAMILY in new chains
ebtables: Support verbose mode
nft: Add debug output to table creation
nft: cache: Dump rules if debugging
tests: iptables-test: Support variant deviation
iptables.8: Describe the effect of multiple -v flags
libxtables: Register only the highest revision extension
Improve error messages for unsupported extensions
nft: Simplify immediate parsing
nft: Speed up immediate parsing
xshared: Prefer xtables_chain_protos lookup over getprotoent
nft: Don't pass command state opaque to family ops callbacks
libxtables: Fix for warning in xtables_ipmask_to_numeric
Simplify static build extension loading
nft: Review static extension loading
tests: shell: Fix 0004-return-codes_0 for static builds
nft: Reject standard targets as chain names when restoring
libxtables: Implement notargets hash table
libxtables: Boost rule target checks by announcing chain names
xlate-test: Fix for empty source line on failure
man: DNAT: Describe shifted port range feature
Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
extensions: ipt_DNAT: Merge v1 and v2 parsers
extensions: ipt_DNAT: Merge v1/v2 print/save code
extensions: ipt_DNAT: Combine xlate functions also
extensions: DNAT: Rename from libipt to libxt
extensions: Merge IPv4 and IPv6 DNAT targets
extensions: Merge REDIRECT into DNAT
extensions: man: Document service name support in DNAT and REDIRECT
extensions: MARK: Drop extra newline at end of help
xshared: Move arp_opcodes into shared space
xshared: Extend xtables_printhelp() for arptables
libxtables: Drop xtables_globals 'optstring' field
libxtables: Revert change to struct xtables_pprot
extensions: DNAT: Merge core printing functions
man: *NAT: Review --random* option descriptions
extensions: LOG: Document --log-macdecode in man page
nft: Fix EPERM handling for extensions without rev 0
xtables-translate: add missing argument and option to usage
Fix a few doc typos
iptables-test.py: print with color escapes only when stdout isatty
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 22 May 2022 21:42:40 +0000 (23:42 +0200)]
fuse: Update to version 3.11.0
- Update from 3.10.4 to 3.11.0
- Update of rootfile
- Changelog
fuse 3.11.0 (2022-05-02)
* Add support for flag FOPEN_NOFLUSH for avoiding flush on close.
* Fixed returning an error condition to ioctl(2)
fuse 3.10.5 (2021-09-06)
* Various improvements to make unit tests more robust.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 22 May 2022 21:42:17 +0000 (23:42 +0200)]
curl: Update to version 7.83.1
- Update from version 7.83.0 to 7.83.1
- Update of rootfile not required
- Changelog
version 7.83.1
This release includes the following bugfixes:
o altsvc: fix host name matching for trailing dots [31]
o cirrus: Update to FreeBSD 12.3 [24]
o cirrus: Use pip for Python packages on FreeBSD [23]
o conn: fix typo 'connnection' -> 'connection' in two function names [1]
o cookies: make bad_domain() not consider a trailing dot fine [26]
o curl: free resource in error path [3]
o curl: guard against size_t wraparound in no-clobber code [4]
o CURLOPT_DOH_URL.3: mention the known bug [19]
o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
o data/test376: set a proper name
o GHA/mbedtls: enabled nghttp2 in the build [11]
o gha: build msh3 [5]
o gskit: fixed bogus setsockopt calls [17]
o gskit: remove unused function set_callback [2]
o hsts: ignore trailing dots when comparing hosts names [28]
o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
o http: move Curl_allow_auth_to_host() [9]
o http_proxy/hyper: handle closed connections [34]
o hyper: fix test 357 [32]
o Makefile: fix "make ca-firefox" [37]
o mbedtls: bail out if rng init fails [14]
o mbedtls: fix compile when h2-enabled [12]
o mbedtls: fix some error messages
o misc: use "autoreconf -fi" instead buildconf [22]
o msh3: get msh3 version from MsH3Version [6]
o msh3: print boolean value as text representation [10]
o msh3: psss remote_port to MsH3ConnectionOpen [7]
o ngtcp2: add ca-fallback support for OpenSSL backend [35]
o nss: return error if seemingly stuck in a cert loop [30]
o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
o post_per_transfer: remove the updated file name [27]
o sectransp: bail out if SSLSetPeerDomainName fails [33]
o tests/server: declare variable 'reqlogfile' static [39]
o tests: fix markdown formatting in README [38]
o test{898,974,976}: add 'HTTP proxy' keywords [16]
o tls: check more TLS details for connection reuse [25]
o url: check SSH config match on connection reuse [21]
o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
o urlapi: reject percent-decoding host name into separator bytes [29]
o x509asn1: make do_pubkey handle EC public keys [13]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Mon, 16 May 2022 14:48:14 +0000 (14:48 +0000)]
dracut: Enable automatic assembly of any RAID/LVM devices
This has changed in dracut 24 and we have used various hacks to enable
this behaviour again when it would have been so easy to just enable this
parameter.
Fixes: #12862 - Upgrade from Core 166 to 167 does not use RAID anymore Reported-by: Dirk Sihling <dsihling@web.de> Reported-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Stefan Schantl [Fri, 13 May 2022 17:10:44 +0000 (19:10 +0200)]
update-ids-ruleset: Silent script if no providers settings file exists.
Only try to read-in the providers settings file, in case it exists.
Otherwise the script produces an error message, about the missing file,
each time it gets executed.
Because of the fcron job this would be twice a day in most cases.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Fri, 13 May 2022 04:30:57 +0000 (06:30 +0200)]
expat: Fix rootfile.
The libexpat.so.1 file is just a symlink to libexpat.so.1.8.8 which
contains all the functions and symbols required by the binaries, linked
against it. Therefore this file needs to be present on the systems.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Since this addresses security issues, and also with regards to reports
such as https://community.ipfire.org/t/core-update-167-ipsec-issue/7893,
I take the liberty to push this straight into Core Update 168.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Refreshing the Pakfire page may cause a command to be
executed multiple times and induce odd errors.
This patch implements a HTTP 303 redirect after form processing,
which causes the browser to discard the POST form data.
Navigating backward or reloading the page now does not trigger
multiple executions anymore.
Fixes: #12781 Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Acked-by: Peter Müller <peter.muelle@ipfire.org>
Adolf Belka [Thu, 5 May 2022 16:39:53 +0000 (18:39 +0200)]
nut: Update to version 2.8.0
- Update from version 2.7.4 to 2.8.0
- 2.7.4 was released in 2016 and since then not a lot of progress was made with it but
since the start of 2022 new work on nut has ocurred culminating in this release
- Update of rootfile
- Ran find-dependencies on the old libraries due to the sobump to confirm that nothing
else than nut used them, which was the case.
- Changelog
After a long and windy trip since the last official release v2.7.4 half a dozen
years ago, we the community, contributors and maintainers are proud to announce
at last the general availability of NUT v2.8.0!
As always, the new release includes numerous new drivers, sub-drivers, protocols
and bug-fixes, with many companies and individuals chipping in with contributions
of code.Thanks to everyone involved in making this happen, inspiring the changes,
and providing the open-source friendly infrastructure.
This release also culminates a significant effort in improvements of NUT QA and
CI, and as a result -- in codebase quality and portability across a decade or
two of recent platforms, third-party tools and other dependencies. As a side
effect, public API (in headers and libraries) has changed a bit, hence a new
semantic "minor" number is claimed for this major body of work.
During this time, the https://networkupstools.org/ web site has changed to a
rolling-release model to serve current information to match the evolving
codebase. There are now special Sub-sites for historic releases to keep
documentation snapshots relevant for users of packages which are typically based
on official NUT releases.
We recognize that NUT is an important piece of infrastructure which gets built
into all sorts of devices, projects and operating systems -- some of which the
team never heard of until they pop up in a question, and others we haven't heard
of for years -- so we take a seriously omnivorous stance towards covering many
versions and implementations of compiler suites, C/C++ revisions, make programs,
shell and other scripted language interpreters, OSes and CPUs, and other similar
variables tamed with our new NUT CI farm test matrix dynamically driven by
currently registered build agents and their declared capabilities.
Sections in the NEWS and UPGRADING files about changes since last release are
several pages long, so would not all be repeated here. A few important
highlights for distribution packagers and custom builders follow, however:
NUT now supports more i2c and modbus devices, as well as libusb-1.0 support
as an alternative to earlier libusb-0.1 (so new dependency-based categories
of packages for drivers may be due);
NUT Python modules and scripts (e.g. NUT-Monitor variants) should work with
python-2.7 and with python-3.x, so covering historic distro releases as
well as new ones (and so your distro can deliver one or both, probably in
several packages with different dependencies in the latter case);
NUT provides revised reference systemd and SMF service unit definitions,
including support of drivers wrapped into individual service instances with
varying dependencies based on different media required (networked stack, USB
stack, etc.), and many daemons include -F option for running "in foreground"
to avoid extra forking after one already done by a service framework - you
may want to use those in your packaged deliverables;
NUT newly provides the "nut-driver-enumerator" script and service, which
allows it to follow edition of ups.conf and dynamically define+(re)start and
stop+undefine service instances for drivers - there are several ways it can
be integrated for different use-cases;
There are several new configuration keywords and CLI options - so while new
NUT builds should work with old configs and scripts, the opposite is not
necessarily true (old binaries may reject configurations taking advantage
of new features);
There are several new protocol keywords - but old and new NUT daemons (data
server and clients) should be able to communicate both ways;
It is assumed that API/ABI changes may require third-party NUT clients
(library consumers of libnutclient, libupsclient, libnutscan... -- their
version info was bumped accordingly) to get rebuilt, in order to work with
the new NUT release in a stable fashion;
The dummy-ups driver used in automated testing now processes *.dev filename
patterns once and does not loop, like it still does for *.seq and other
files (by default);
USB code is now more strict about logical minimum/maximum ranges for data
reported from devices, and some devices were already found to make mistakes
- so there is also a mechanism for turning a blind eye to known issues and
fix-up such report descriptors to produce intended sane values;
New documentation page docs/config-prereqs.txt highlights packaged
dependencies installable on a large range of platforms to build as much of
NUT as possible (incidentally, ones NUT CI farm uses to test every iteration);
Finally, we hope that NUT codebase might be able to cater for everyone "out
of the box" (it also simplifies local builds from GitHub sources on any
systems, for troubleshooting and checking pre-release enhancements): if you
as a packager have to apply patches for your distribution, give it a thought
-- whether they address a common issue best solved upstream once and behave
similarly for everyone (and conversely, if your platform can do with
existing solutions already tracked in the NUT version du-jour). PRs welcome!
Or at least Wiki entries to list all the distro efforts for cross-pollination
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 May 2022 19:51:00 +0000 (21:51 +0200)]
freetype: Update to version 2.12.1
- Update from version 2.11.1 to 2.12.1
- Update of rootfile
- Changelog
CHANGES BETWEEN 2.12.0 and 2.12.1
I. IMPORTANT BUG FIXES
- Loading CFF fonts sometimes made FreeType crash (bug introduced in
version 2.12.0)
- Loading a fully hinted TrueType glyph a second time (without
caching) sometimes yielded different rendering results if TrueType
hinting was active (bug introduced in version 2.12.0).
- The generation of the pkg-config file `freetype2.pc` was broken if
the build was done with cmake (bug introduced in version 2.12.0).
II. MISCELLANEOUS
- New option `--with-librsvg` for the `configure` script for better
FreeType demo support.
- The meson build no longer enforces both static and dynamic
versions of the library by default.
- The internal zlib library was updated to version 1.2.12. Note,
however, that FreeType is *not* affected by CVE-2018-25032 since
it only does decompression.
CHANGES BETWEEN 2.11.1 and 2.12.0
I. IMPORTANT CHANGES
- FreeType now handles OT-SVG fonts, to be controlled with
`FT_CONFIG_OPTION_SVG` configuration macro. By default, it can
only load the 'SVG ' table of an OpenType font. However, by using
the `svg-hooks` property of the new 'ot-svg' module it is possible
to register an external SVG rendering engine. The FreeType demo
programs have been set up to use 'librsvg' as the rendering
library.
This work was Moazin Khatti's GSoC 2019 project.
II. MISCELLANEOUS
- The handling of fonts with an 'sbix' table has been improved.
- Corrected bitmap offsets.
- A new tag `FT_PARAM_TAG_IGNORE_SBIX` for `FT_Open_Face` makes
FreeType ignore an 'sbix' table in a font, allowing applications
to access the font's outline glyphs.
- `FT_FACE_FLAG_SBIX` and `FT_FACE_FLAG_SBIX_OVERLAY` together
with their corresponding preprocessor macros `FT_HAS_SBIX` and
`FT_HAS_SBIX_OVERLAY` enable applications to treat 'sbix' tables
as described in the OpenType specification.
- The internal 'zlib' code has been updated to be in sync with the
current 'zlib' version (1.2.11).
- The previously internal load flag `FT_LOAD_SBITS_ONLY` is now
public.
- Some minor improvements of the building systems, in particular
handling of the 'zlib' library (internal vs. external).
- Support for non-desktop Universal Windows Platform.
- Various other minor bug and documentation fixes.
- The `ftdump` demo program shows more information for Type1 fonts
if option `-n` is given.
- `ftgrid` can now display embedded bitmap strikes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 May 2022 19:51:28 +0000 (21:51 +0200)]
sdl2: Update to version 2.0.22
- Update from version 2.0.20 to 2.0.22
- Update of rootfile
- Changelog
2.0.22:
General:
* Added SDL_RenderGetWindow() to get the window associated with a renderer
* Added floating point rectangle functions:
* SDL_PointInFRect()
* SDL_FRectEmpty()
* SDL_FRectEquals()
* SDL_FRectEqualsEpsilon()
* SDL_HasIntersectionF()
* SDL_IntersectFRect()
* SDL_UnionFRect()
* SDL_EncloseFPoints()
* SDL_IntersectFRectAndLine()
* Added SDL_IsTextInputShown() which returns whether the IME window is currently
shown
* Added SDL_ClearComposition() to dismiss the composition window without disabling
IME input
* Added SDL_TEXTEDITING_EXT event for handling long composition text, and a hint
SDL_HINT_IME_SUPPORT_EXTENDED_TEXT to enable it
* Added the hint SDL_HINT_MOUSE_RELATIVE_MODE_CENTER to control whether the mouse
should be constrained to the whole window or the center of the window when
relative mode is enabled
* The mouse is now automatically captured when mouse buttons are pressed, and the
hint SDL_HINT_MOUSE_AUTO_CAPTURE allows you to control this behavior
* Added the hint SDL_HINT_VIDEO_FOREIGN_WINDOW_OPENGL to let SDL know that a
foreign window will be used with OpenGL
* Added the hint SDL_HINT_VIDEO_FOREIGN_WINDOW_VULKAN to let SDL know that a
foreign window will be used with Vulkan
* Added the hint SDL_HINT_QUIT_ON_LAST_WINDOW_CLOSE to specify whether an
SDL_QUIT event will be delivered when the last application window is closed
* Added the hint SDL_HINT_JOYSTICK_ROG_CHAKRAM to control whether ROG Chakram
mice show up as joysticks
Windows:
* Added support for SDL_BLENDOPERATION_MINIMUM and SDL_BLENDOPERATION_MAXIMUM to
the D3D9 renderer
Linux:
* Compiling with Wayland support requires libwayland-client version 1.18.0 or later
* Added the hint SDL_HINT_X11_WINDOW_TYPE to specify the _NET_WM_WINDOW_TYPE of
SDL windows
* Added the hint SDL_HINT_VIDEO_WAYLAND_PREFER_LIBDECOR to allow using libdecor
with compositors that support xdg-decoration
Android:
* Added SDL_AndroidSendMessage() to send a custom command to the SDL java activity
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 May 2022 19:51:15 +0000 (21:51 +0200)]
hplip: Update to version 3.22.4
- Update from version 3.22.2 to 3.22.4
- Update of rootfile
- Changelog
HPLIP 3.22.4 - This release has the following changes:
Added support for following new Distro's:
Manjaro 21.2
Added support for the following new Printers:
HP LaserJet Pro 4001ne
HP LaserJet Pro 4001n
HP LaserJet Pro 4001dne
HP LaserJet Pro 4001dn
HP LaserJet Pro 4001dwe
HP LaserJet Pro 4001dw
HP LaserJet Pro 4001d
HP LaserJet Pro 4001de
HP LaserJet Pro 4002ne
HP LaserJet Pro 4002n
HP LaserJet Pro 4002dne
HP LaserJet Pro 4002dn
HP LaserJet Pro 4002dwe
HP LaserJet Pro 4002dw
HP LaserJet Pro 4002d
HP LaserJet Pro 4002de
HP LaserJet Pro 4003dn
HP LaserJet Pro 4003dw
HP LaserJet Pro 4003n
HP LaserJet Pro 4003d
HP LaserJet Pro 4004d
HP LaserJet Pro 4004dn
HP LaserJet Pro 4004dw
HP LaserJet Pro MFP 4101dwe
HP LaserJet Pro MFP 4101dw
HP LaserJet Pro MFP 4101fdn
HP LaserJet Pro MFP 4101fdne
HP LaserJet Pro MFP 4101fdw
HP LaserJet Pro MFP 4101fdwe
HP LaserJet Pro MFP 4102dwe
HP LaserJet Pro MFP 4102dw
HP LaserJet Pro MFP 4102fdn
HP LaserJet Pro MFP 4102fdw
HP LaserJet Pro MFP 4102fdwe
HP LaserJet Pro MFP 4102fdne
HP LaserJet Pro MFP 4102fnw
HP LaserJet Pro MFP 4102fnwe
HP LaserJet Pro MFP 4103dw
HP LaserJet Pro MFP 4103dn
HP LaserJet Pro MFP 4103fdn
HP LaserJet Pro MFP 4103fdw
HP LaserJet Pro MFP 4104dw
HP LaserJet Pro MFP 4104fdw
HP LaserJet Pro MFP 4104fdn
HP ScanJet Pro 3600 f1
HP ScanJet Pro N4600 fnw1
HP ScanJet Pro 2600 f1
HP ScanJet Enterprise Flow N6600 fnw1
HPLIP 3.22.2 - This release has the following changes:
Added support for following new Distro's:
Elementary OS 6.1
RHEL 8.5
Linux Mint 20.3
Added support for the following new Printers:
HP LaserJet Tank MFP 1602a
HP LaserJet Tank MFP 1602w
HP LaserJet Tank MFP 1604w
HP LaserJet Tank MFP 2602dn
HP LaserJet Tank MFP 2602sdn
HP LaserJet Tank MFP 2602sdw
HP LaserJet Tank MFP 2602dw
HP LaserJet Tank MFP 2604dw
HP LaserJet Tank MFP 2604sdw
HP LaserJet Tank MFP 2603dw
HP LaserJet Tank MFP 2603sdw
HP LaserJet Tank MFP 2605sdw
HP LaserJet Tank MFP 2606dn
HP LaserJet Tank MFP 2606sdn
HP LaserJet Tank MFP 2606sdw
HP LaserJet Tank MFP 2606dw
HP LaserJet Tank MFP 2606dc
HP LaserJet Tank MFP 1005
HP LaserJet Tank MFP 1005w
HP LaserJet Tank MFP 1005nw
HP LaserJet Tank 1502a
HP LaserJet Tank 1502w
HP LaserJet Tank 1504w
HP LaserJet Tank 2502dw
HP LaserJet Tank 2502dn
HP LaserJet Tank 2504dw
HP LaserJet Tank 2503dw
HP LaserJet Tank 2506dw
HP LaserJet Tank 2506d
HP LaserJet Tank 2506dn
HP LaserJet Tank 1020
HP LaserJet Tank 1020w
HP LaserJet Tank 1020nw
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:33:36 +0000 (12:33 +0200)]
haproxy: Update to version 2.5.5
- Update from 2.4.15 to 2.5.5
- Update of rootfile not required
- Changelog
2.5.5
- CI: github actions: add the output of $CC -dM -E-
- CI: github actions: use cache for OpenTracing
- CI: refactor OpenTracing build script
- CI: github actions: use cache for SSL libs
- CI: Consistently use actions/checkout@v2
- BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
- BUILD: tree-wide: mark a few numeric constants as explicitly long long
- BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
- BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
- REGTESTS: fix the race conditions in normalize_uri.vtc
- REGTESTS: fix the race conditions in secure_memcmp.vtc
- BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
- BUG/MINOR: pool: always align pool_heads to 64 bytes
- BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
- BUILD: fix kFreeBSD build.
- MINOR: pools: add a new global option "no-memory-trimming"
- MINOR: stats: Add dark mode support for socket rows
- BUILD: pools: fix backport of no-memory-trimming on non-linux OS
- BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
- BUG/MINOR: add missing modes in proxy_mode_str()
- BUG/MINOR: cli: shows correct mode in "show sess"
- BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
- BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
- DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
- BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
- DEBUG: stream: Add the missing descriptions for stream trace events
- DEBUG: stream: Fix stream trace message to print response buffer state
- BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
- BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
- BUG/MEDIUM: httpclient: don't consume data before it was analyzed
- CLEANUP: htx: remove unused co_htx_remove_blk()
- BUG/MINOR: httpclient: consume partly the blocks when necessary
- BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
- BUG/MEDIUM: httpclient: must manipulate head, not first
- REGTESTS: fix the race conditions in be2hex.vtc
2.5.4
- BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
- BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
- BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
- DOC: Fix usage/examples of deprecated ACLs
- BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
- REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
- CI: github: enable pool debugging by default
- BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
2.5.3
- MINOR: sock: move the unused socket cleaning code into its own function
- BUG/MEDIUM: mworker: close unused transferred FDs on load failure
- BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
- BUG/MINOR: sink: Use the right field in appctx context in release callback
- BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
- BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
- BUG/MAJOR: compiler: relax alignment constraints on certain structures
- MINOR: httpclient: Don't limit data transfer to 1024 bytes
- BUG/MINOR: httpclient: reinit flags in httpclient_start()
- BUG/MINOR: mailers: negotiate SMTP, not ESMTP
- BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
- BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
- BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
- CLEANUP: httpclient/cli: fix indentation alignment of the help message
- BUG/MINOR: tools: url2sa reads ipv4 too far
- BUG/MEDIUM: httpclient: limit transfers to the maximum available room
- DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
2.5.2
- BUG/MEDIUM: connection: properly leave stopping list on error
- BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
- BUG/MINOR: httpclient: don't send an empty body
- BUG/MINOR: httpclient: set default Accept and User-Agent headers
- BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
- BUILD/MINOR: fix solaris build with clang.
- BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
- DOC: management: mark "set server ssl" as deprecated
- MEDIUM: cli: yield between each pipelined command
- MINOR: channel: add new function co_getdelim() to support multiple delimiters
- BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
- MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
- BUG/MEDIUM: cli: Never wait for more data on client shutdown
- BUG/MEDIUM: mcli: do not try to parse empty buffers
- BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
- BUG/MINOR: stream: make the call_rate only count the no-progress calls
- DEBUG: cli: add a new "debug dev fd" expert command
- BUILD: debug/cli: condition test of O_ASYNC to its existence
- DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
- REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
- BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
- BUG/MINOR: mworker: does not add the -sf in wait mode
- BUG/MINOR: pools: always flush pools about to be destroyed
- DEBUG: pools: add extra sanity checks when picking objects from a local cache
- DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
- DEBUG: pools: replace the link pointer with the caller's address on pool_free()
- BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
- BUG/MINOR: mworker: does not erase the pidfile upon reload
- DEBUG: fd: make sure we never try to insert/delete an impossible FD number
- MINOR: listener: replace the listener's spinlock with an rwlock
- BUG/MEDIUM: listener: read-lock the listener during accept()
- BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
- BUG/MEDIUM: httpclient: Xfer the request when the stream is created
- BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
- BUG/MINOR: jwt: Double free in deinit function
- BUG/MINOR: jwt: Missing pkey free during cleanup
- BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
- BUG/MINOR: httpclient/cli: display junk characters in vsn
- BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
- BUG/MAJOR: spoe: properly detach all agents when releasing the applet
- REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
- REGTESTS: peers: leave a bit more time to peers to synchronize
- BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
- BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
2.5.1
- BUG/MINOR: cache: Fix loop on cache entries in "show cache"
- BUG/MINOR: httpclient: allow to replace the host header
- BUG/MINOR: lua: don't expose internal proxies
- BUG/MINOR: lua: remove loop initial declarations
- BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
- BUILD: evports: remove a leftover from the dead_fd cleanup
- BUG/MINOR: vars: Fix the set-var and unset-var converters
- BUG/MINOR: server: Don't rely on last default-server to init server SSL context
- BUG/MEDIUM: resolvers: Detach query item on response error
- BUG/MAJOR: segfault using multiple log forward sections.
- BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
- BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
- BUG/MINOR: mworker: deinit of thread poller was called when not initialized
- MINOR: mux-h1: Improve H1 traces by adding info about http parsers
- BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
- BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query
- MINOR: cli: "show version" displays the current process version
- BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
- IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
- MINOR: http-rules: Add capture action to http-after-response ruleset
- BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
- DOC: spoe: Clarify use of the event directive in spoe-message section
- DOC: config: Specify %Ta is only available in HTTP mode
- DOC: config: retry-on list is space-delimited
- DOC: config: fix error-log-format example
- BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
- MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
- MINOR: pools: work around possibly slow malloc_trim() during gc
- BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
- BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
- BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
- BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
- BUILD: ssl: unbreak the build with newer libressl
- DOC: fix misspelled keyword "resolve_retries" in resolvers
- DEBUG: ssl: make sure we never change a servername on established connections
- BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time
- BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
- REGTESTS: ssl: fix ssl_default_server.vtc
- MINOR: compat: detect support for dl_iterate_phdr()
- MINOR: debug: add ability to dump loaded shared libraries
- MINOR: debug: add support for -dL to dump library names at boot
- MINOR: proxy: add option idle-close-on-response
- MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
- BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
- CI: Github Actions: do not show VTest failures if build failed
- BUG/MINOR: ssl: free the fields in srv->ssl_ctx
- BUG/MEDIUM: ssl: free the ckch instance linked to a server
- REGTESTS: ssl: update of a crt with server deletion
- BUILD/MINOR: cpuset FreeBSD 14 build fix.
- CI: github actions: update OpenSSL to 3.0.1
- BUILD/MINOR: tools: solaris build fix on dladdr.
- BUG/MINOR: cli: fix _getsocks with musl libc
- BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
- BUG/MEDIUM: mworker: don't use _getsocks in wait mode
- BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
- BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
- BUILD: cpuset: fix build issue on macos introduced by previous change
- CI: github actions: clean default step conditions
2.5.0
- BUILD: SSL: add quictls build to scripts/build-ssl.sh
- BUILD: SSL: add QUICTLS to build matrix
- CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis
- BUILD: cli: clear a maybe-unused warning on some older compilers
- BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword
- BUG/MINOR: ssl: make SSL counters atomic
- CLEANUP: assorted typo fixes in the code and comments
- BUG/MINOR: ssl: free correctly the sni in the backend SSL cache
- MINOR: version: mention that it's stable now
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 4 May 2022 11:14:29 +0000 (13:14 +0200)]
boost: Fix rootfile entries that referred to python3.8 instead of 3.10
- In Jan 2022 I updated python from 3.8 to 3.10 but I missed that boost had rootfile
entries with python38 in it.
- Running a build just now for another package it got flagged up that the rootfile for
boost had been changed and the logfile now had the entries with python310 instead of
python38
- Not clear why it only flagged this up now but this patch is to correct that error
- Running find-dependencies on both the pyton38 and python310 versions of the libraries
flagged nothing as being linked to either, so probably lucky with this being missed
first time around.
- Boost will need to be shipped with a Core Update
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 May 2022 10:59:48 +0000 (12:59 +0200)]
openssl: Update to version 1.1.1o
- Update from version 1.1.1n to 1.1.1o
- Update of rootfile not required
- This patch is to go into CU168 as this update is for fixing a moderate severity CVE
- Changelog
1.1.1o [3 May 2022]
(CVE-2022-1292)
Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>