Adolf Belka [Sat, 5 Feb 2022 20:33:43 +0000 (21:33 +0100)]
sudo: Update to version 1.9.9
- Update from 1.9.8p2 to 1.9.9
- Update of rootfile
- Changelog
What's new in Sudo 1.9.9
* Sudo can now be built with OpenSSL 3.0 without generating warnings
about deprecated OpenSSL APIs.
* A digest can now be specified along with the "ALL" command in
the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for
this in the sudoers file but did not include corresponding changes
for the other back-ends.
* visudo now only warns about an undefined alias or a cycle in an
alias once for each alias.
* The sudoRole cn was truncated by a single character in warning messages.
GitHub issue #115.
* The cvtsudoers utility has new --group-file and --passwd-file options
to use a custom passwd or group file when the --match-local option is
also used.
* The cvtsudoers utility can now filter or match based on a command.
* The cvtsudoers utility can now produce output in csv (comma-separated
value) format. This can be used to help generate entitlement reports.
* Fixed a bug in sudo_logsrvd that could result in the connection being
dropped for very long command lines.
* Fixed a bug where sudo_logsrvd would not accept a restore point
of zero.
* Fixed a bug in visudo where the value of the "editor" setting was not
used if it did not match the user's EDITOR environment variable.
This was only a problem if the "env_editor" setting was not enabled.
Bug #1000.
* Sudo now builds with the -fcf-protection compiler option and the
"-z now" linker option if supported.
* The output of "sudoreplay -l" now more closely matches the
traditional sudo log format.
* The sudo_sendlog utility will now use the full contents of the log.json
file, if present. This makes it possible to send sudo-format I/O logs
that use the newer log.json format to sudo_logsrvd without losing any
information.
* Fixed compilation of the arc4random_buf() replacement on systems with
arc4random() but no arc4random_buf(). Bug #1008.
* Sudo now uses its own getentropy() by default on Linux. The GNU libc
version of getentropy() will fail on older kernels that don't support
the getrandom() system call.
* It is now possible to build sudo with WolfSSL's OpenSSL compatibility
layer by using the --enable-wolfssl configure option.
* Fixed a bug related to Daylight Saving Time when parsing timestamps
in Generalized Time format. This affected the NOTBEFORE and
NOTAFTER options in sudoers. Bug #1006
* Added the -O and -P options to visudo, which can be used to check
or set the owner and permissions. This can be used in conjunction
with the -c option to check that the sudoers file ownership and
permissions are correct. Bug #1007.
* It is now possible to set resource limits in the sudoers file itself.
The special values "default" and "user" refer to the default system
limit and invoking user limit respectively. The core dump size limit
is now set to 0 by default unless overridden by the sudoers file.
* The cvtsudoers utility can now merge multiple sudoers sources into
a single, combined sudoers file. If there are conflicting entries,
cvtsudoers will attempt to resolve them but manual intervention
may be required. The merging of sudoers rules is currently fairly
simplistic but will be improved in a future release.
* Sudo was parsing but not applying the "deref" and "tls_reqcert"
ldap.conf settings. This meant the options were effectively
ignored which broke dereferencing of aliases in LDAP. Bug #1013.
* Clarified in the sudo man page that the security policy may
override the user's PATH environment variable. Bug #1014.
* When sudo is run in non-interactive mode (with the -n option), it
will now attempt PAM authentication and only exit with an error
if user interaction is required. This allows PAM modules that
don't interact with the user to succeed. Previously, sudo
would not attempt authentication if the -n option was specified.
Bug #956 and GitHub issue #83.
* Fixed a regression introduced in version 1.9.1 when sudo is
built with the --with-fqdn configure option. The local host
name was being resolved before the sudoers file was processed,
making it impossible to disable DNS lookups by negating the
"fqdn" sudoers option. Bug #1016.
* Added support for negated sudoUser attributes in the LDAP and
SSSD sudoers back ends. A matching sudoUser that is negated
will cause the sudoRole containing it to be ignored.
* Fixed a bug where the stack resource limit could be set to a
value smaller than that of the invoking user and not be reset
before the command was run. Bug #1017.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 5 Feb 2022 20:33:12 +0000 (21:33 +0100)]
iproute2: Update to version 5.16.0
- Update from 5.15.0 to 5.16.0
- Update of rootfile
routef has been removed
Commit message - This script is old and limited to IPv4. Using ip route command
directly is better option.
rtpr has been removed
Commit message - This script was a one off hack for a special case. Now that ip
commands have better formatting, there is no real reason for it
ifcfg has been removed
Commit message - This script was from olden days of ifcfg. I don't see any
distribution using it and it is time to put it out to pasture.
- Changelog - There is no changelog. For details of changes you have to review the
commits in the git repository
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 5 Feb 2022 20:32:57 +0000 (21:32 +0100)]
glib: Update to version 2.71.1
- Update from 2.70.1 to 2.71.1
- Update of rootfile
- Changelog
Overview of changes in GLib 2.71.1
* Basic support for static builds on Windows (work by Loïc Le Page,
Marc-André Lureau, with contributions from Xavier Claessens, Nirbheek Chauhan,
Charlie Barto, Luca Bacci, Amos Wenger) (#692, #2585, !2442)
* Add `GDebugController` and a D-Bus implementation which exposes whether
debug output is enabled in a process using the `org.gtk.Debugging` D-Bus
interface (work by Philip Withnall) (#1190)
* Support for `AF_UNIX` sockets on Windows 10 (and later) (work by Marc-André Lureau) (#2487)
* Several important fixes to GDBus message and GVariant parsing of invalid data (work by Sebastian Wilhelmi) (#2557, #2572)
* Fix potential data loss due to missing fsync when saving files on btrfs (work by Sebastian Keller) (!2425)
* Fix potential buffer overflows in `garray.c` for very large `GArray`s and `GPtrArray`s (work by Tobias Stoeckmann) (#2578)
* Fix FDs in gspawn not being closed and causing process hangs if `close_range()` fails unexpectedly (work by Dan Nicholson) (#2580)
* Fix `g_find_program_in_path()` not returning an absolute path if `$PATH` is relative (work by Christoph Niethammer) (#2586)
* Add support for loading PKCS#12 encrypted files in `GTlsCertificate` (work by Patrick Griffis) (!2239)
* A number of improvements to unit tests (work by Emmanuel Fleury, Charlie Barto) (!2399, !2400, !2402, !2403, !2428, !2431, !2432, !2434)
* Support `LOCAL_PEERPID` on macOS, giving partial support for PIDs in
`GCredentials` on that platform (work by Ignacio Casal Quinteiro) (!2362)
* Add `g_get_user_state_dir()` to support `XDG_STATE_HOME` (work by Sophie Herold) (!2395)
* Add `g_hash_table_new_similar()` to copy a hash table and its hash/equal functions without its data (work by Jonas Ådahl) (!2405)
* Support D-Bus client authentication with `EXTERNAL` on Windows (work by Marc-André Lureau) (!2429)
* Add a reStructuredText documentation generator to `gdbus-codegen` (work by Emmanuele Bassi) (!2448)
* Add a Windows implementation of `GMemoryMonitor` (work by Marc-André Lureau) (!2452)
* Bugs fixed:
- #692 meta: Fix static build on Windows
- #1190 gapplication: Add an org.gtk.Debugging interface
- #2487 Add support for native unix domain sockets on WIN32 to GLib.Socket and related classes
- #2550 possible GDateTime issue with localtime on Illumos/Solaris
- #2557 Arrays of zero-element tuples with non-zero length lead to infinite loops in g_dbus_message_new_from_blob
- #2559 2.71.0: compile and link time warnings
- #2560 Link error xdgmime.c: unresolved external symbol S_ISREG when building with VS2022
- #2564 Hangul Jamo Extended-B should be 0-width
- #2565 Build glib-2.71.0 failed in Windows using MSYS2-MINGW64
- #2571 Cross build error "undefined reference to `_g_binary_test1_resource_data'" when building tests for Windows on openSUSE Leap
- #2572 Check for GVariant recursion depth before recursing
- #2578 buffer overflows in garray.c
- #2579 Outdated paths in INSTALL.in
- #2580 gspawn doesn't set CLOEXEC if close_range fails unexpectedly
- #2582 glib 2.71.0 muslc - build error missing sentinel in function call
- #2585 Static link issue on Windows due to resource files being linked in twice
- #2586 g_find_program_in_path not returning an absolute path
- !2239 gtlscertificate: Add ability to load PKCS#12 encrypted files
- !2362 credentials: support the local peerpid on macos
- !2384 meson: Fix linking with static library in Windows
- !2395 utils: Add XDG_STATE_HOME support
- !2399 Move tests/env-test.c into glib/tests/environment.c
- !2400 Prevent gtest tests from popping up dialog boxes
- !2402 Improving glib/tests/environment.c
- !2403 Improve test coverage of glib/tests/asyncqueue.c
- !2405 ghash: Add g_hash_table_new_similar
- !2407 tests: Fix environment test on FreeBSD
- !2411 annotate `g_content_type_guess` parameter as filename
- !2412 paramspec: fix unref annotation
- !2413 Use meson dependency to link against apple framework
- !2414 docs: Improve docs for gdbusutils.c
- !2417 gtestutils: Fix minor typos in the g_test_get_filename() docs
- !2423 Make clear in doc that signals are emitted synchroniously
- !2425 gfileutils: Remove outdated BTRFS fsync optimization from set_contents
- !2426 gdbus-codegen: Fix a typo in a comment
- !2428 Merge tests/gobject/gvalue-test.c with gobject/tests/value.c
- !2429 gdbus: make client work with EXTERNAL on Windows
- !2431 Merge tests/gobject/paramspec-test.c into gobject/tests/param.c
- !2432 Merge test/unicode-caseconv.c into glib/tests/unicode.c
- !2434 Remove a disabled test case that was covered by glib/tests/collate.c
- !2440 Improve g_ascii_formatd docs and preconditions
- !2441 Reduce the amount of compile-time warnings
- !2442 Fix tests with static build on Windows
- !2447 giowin32: use gint64 and _lseeki64
- !2448 Add reStructuredText documentation generator for gdbus-codegen
- !2452 gio/win32: add GMemoryMonitorWin32
- !2453 Add `(array length)` annotation to `g_tls_certificate_new_from_pkcs12()`
- !2454 gdbusmessage, gvariant and garray fixes
- !2456 tests: Pass --internal and -z noexecstack to glib-compile-resources tests
- !2459 gio: add missing zlib dependency in gio-windows-2.0.pc
- !2461 Fix memory leak in gio/gdbusauthmechanismsha1.c
- !2463 Revert "Merge branch 'fix-windows-pc' into 'main'"
* Translation updates:
- Catalan
- Chinese (China)
- Czech
- Galician
- Hebrew
- Indonesian
- Lithuanian
- Polish
- Portuguese
- Portuguese (Brazil)
- Russian
- Spanish
- Ukrainian
Overview of changes in GLib 2.71.0
* Fix network changes not being signalled from NetworkManager (work by
Julian Andres Klode) (#2505)
* Fix build when building with --fatal-meson-warnings (work by Eli Schwartz) (!2304)
* Fix use of the default log writer with journald namespaces (diagnosis by Ilya Basin) (#2530)
* Fix hang in `dbus-daemon` under `GTestDBus` when `G_MESSAGES_DEBUG=all` is set (work by Marco Trevisan) (#2537)
* Speed up `g_canonicalize_filename()` to avoid pathogenic cases with `..` (work by Sebastian Wilhelmi) (#2541)
* Fix URI for pcre subproject as it’s moved upstream (work by Albert Astals Cid) (!2324)
* Fix storing GSettings dictionaries on macOS (work by Maurice) (#2527)
* Speed up ‘remove dot segments’ algorithm in `GUri` to avoid pathogenic cases with `..` (work by Sebastian Wilhelmi) (#2526)
* Fix infinite loops in D-Bus message parsing for truncated inputs (work by Sebastian Wilhelmi) (#2528)
* Improve correctness of version information returned by `g_get_os_info()` for Windows 10/Server 2019+ (work by Chun-wei Fan) (#2443)
* Various fixes to GWeakRef cleanup (#865, #2390) and toggle refs (#2394) (work by Marco Trevisan)
* Add `G_DBUS_PROXY_FLAGS_NO_MATCH_RULE` flag for disabling match rules when creating a `GDBusProxy` (#1109)
* Fix FD remapping in `g_spawn_async_with_pipes_and_fds()` with certain values of target FDs (#2503, #2506) (work by Michael Catanzaro)
* Make `GDBusProxy::g-signal` signal detailed with D-Bus signal names (#2536) (work by Aleksandr Mezin)
* Emit `launched` signal for D-Bus activation of apps with `GDesktopAppInfo` (!2227) (work by Guido Günther)
* Fix IDs of `GDesktopAppInfo`s which are constructed from a `.desktop` file in a subdirectory (!2283) (work by Ivalyo Dimitrov)
* Add `--interactive` option to `gdbus call` (!2329)
* Add `G_SUBPROCESS_FLAGS_SEARCH_PATH_FROM_ENVP` to `GSubprocess` (!2333) (work by Hristo Venev)
* Bugs fixed:
- #475 Add g_alloca0() and g_newa0()
- #847 g_set_prgname() should be thread-safe
- #865 GWeakRefs not cleared by g_object_run_dispose()
- #1109 [PATCH] GDBusProxy: add G_DBUS_PROXY_FLAGS_NO_MATCH_RULE flag
- #1231 gobject declare macros cause alignment warnings on armhf/armhf/mipsel
- #1331 GArray with 10 million items overflows index arithmetic
- #1735 Get back to a -werror build
- #1781 Sort output of gsettings command-line tool
- #2310 contenttype test leaks xdg-mime internal data
- #2390 GWeakRef's aren't cleared again on finalization (and not fully thread-safe)
- #2394 Toggle refs notification may not handle multiple threads correctly
- #2400 Use-after-free in invoke_set_property_in_idle_cb()
- #2401 GDBus runtime warning from remove_interfaces()
- #2404 GTask: clarify that GTask assumes are running mainloop
- #2426 GSettings delayed apply generates runtime warnings
- #2443 Add Windows 11 support to get_windows_version()
- #2468 GSequence pessimizes itself and slows down
- #2471 g_output_stream_write_all_async prints error when count == 0 and content == NULL
- #2488 Unix password unit test fails on FreeBSD 13
- #2489 Add a (diagnostic) warning for finalized objects with floating refs
- #2490 Upgrade to Unicode Character Database 14.0
- #2496 Wrong parameter type for g_simple_proxy_resolver_set_ignore_hosts
- #2498 GIR: Remove non-existing IOModule methods `load`, `unload`
- #2500 Able to export object manager and object on root path, but not other paths
- #2503 gspawn.c may clobber target fds
- #2505 g_network_monitor_nm never updates on connection change (listens for signal on wrong dbus interface)
- #2506 gspawn.c fails to close child_err_report_fd if it is duped to avoid conflation with one of the target_fds
- #2507 Strange behavior of GFileEnumerator with GVfs locations
- #2514 test suite failure in glib/tests/gdatetime.c if German locale de_DE.ISO-8859-1 is available
- #2518 Misleading message when privileged program starts G_BUS_TYPE_SESSION
- #2520 g_date_new_ functions return NULL on invalid input
- #2523 MacOS generates warnings for g_size_checked_mul()
- #2526 fuzz_uri_parse failure
- #2527 Error storing dictionary with string keys as GSettings on macOS
- #2528 g_dbus_message_new_from_blob goes into infinite loop for certain inputs
- #2529 load_user_special_dirs returns NULL in certain cases
- #2530 g_log_writer_is_journald fails if a Journal Namespace is used
- #2536 GDBusProxy: make g-signal detailed
- #2537 GTestDBus dbus daemon causes child process to hang when using verbose output
- #2541 g_canonicalize_filename should work in linear time complexity
- #2553 Consider not depending on strtoull_l and strtoll_l as much
- !1960 Add g_main_context_new_with_flags() and ownerless polling option
- !1968 gspawn: Implement fd remapping for posix_spawn codepath, and fix file descriptor conflation issues
- !1991 Keyfile parsing performance improvements
- !2029 Updating xdgmime
- !2064 gobject: Cleanup GWeakRef locations on object finalization
- !2114 Coerce type cast to void* because it causes compiler warnings
- !2191 docs: Add .editorconfig file
- !2214 Document potential footgun with GTlsCertificateFlags and deprecate certain usages
- !2223 Better detection of the cleanup attribute.
- !2227 gdesktopappinfo: Emit "launched" signal for D-Bus activation too
- !2242 gsettings: Add various missing (nullable) or (not nullable) annotations
- !2244 gutils: Avoid segfault in g_get_user_database_entry
- !2245 gdesktopappinfo: Do not call xterm when it does not exist, inform the caller the launch failed
- !2246 gobject: Document it’s unsafe to call g_object_ref() from GWeakNotify
- !2249 Add version macros for GLib 2.72 and bump version to 2.71.0
- !2251 GString: Bump minimum size
- !2254 Small optimization for g_object_set
- !2255 gobject: Clarify behaviour of adding weak refs during disposal
- !2257 Fix documentation for g_dbus_object_manager_get_object().
- !2260 GWin32AppInfo: Do not assert about successful open'ing of registry keys
- !2261 Provide built DLLs as Gitlab-CI artifacts
- !2266 fix uninitial variable
- !2273 Fix more (Windows) warnings
- !2277 Revert "Don't compile some unused functions in gio/xdgmime/"
- !2283 GDesktopAppInfo: Try to always correctly set id
- !2284 update the proxy-libintl subproject to the latest release
- !2285 fix issues found by svace static code analyzer
- !2286 meson: fix warnings for extract_all_objects function
- !2287 ci: Update CI images to latest stable Debian and Fedora, bump Meson dependency to 0.52
- !2288 Update g_source_remove doc comment: the function doesn't always return TRUE
- !2289 Update g_source_remove documentation for the returned value
- !2290 mkdir path specified by XDG_RUNTIME_DIR
- !2292 Fix cast from pointer to integer of different size warning in gio/gwin32appinfo.c
- !2293 glib-private: Fix MSVC build with AddressSanitizer
- !2294 Fix windows warnings
- !2295 gutf8: Document that out args from g_utf16_to_utf8() are non-negative
- !2303 Fix more windows warnings
- !2305 gio: document GFile API when relative path is absolute
- !2306 gunixmounts: Drop references to pamconsole mount option
- !2308 gthread-win32: Remove an unnecessary volatile qualifier
- !2309 Rename libpcre.wrap to pcre.wrap
- !2310 tests: Fix a typo in a test message in gdatetime.c
- !2311 Fix always true comparison warning in glib/garray.c
- !2319 docs: Fix the GListModel description
- !2323 Fix final warnings in Windows code
- !2324 Fix link to pcre-8.37.tar.bz2
- !2326 Improve some documentation related to GTlsDatabase
- !2328 gutf8: add string length check when ending character offset is -1
- !2329 gdbus: Add --interactive option to `gdbus call`
- !2332 Changed gendered terms to be gender-neutral
- !2333 gsubprocess: Add G_SUBPROCESS_FLAGS_SEARCH_PATH_FROM_ENVP
- !2336 tests: Drop arbitrary and flaky waits from actions tests
- !2339 ci: Bump Meson version to 0.60.1 on macOS
- !2341 tests: Wait for gdbus-testserver to die when killing it
- !2342 tests: Reformat mkenums.py slightly to make run-black.sh happy
- !2345 gutils: Disable some dead code on macOS
- !2347 Removing tests/asyncqueue-test.c from tests/
- !2348 gio/tests/codegen.py: bump timeout to 100 seconds
- !2349 Annotate `g_getenv()` and `g_environ_getenv()` return value as `nullable`
- !2352 tests: Fix a flaky wait in converter-stream
- !2353 Address some oddities around GResolver::reload
- !2357 ci: Upgrade to clang-format-11 from clang-format-7
- !2360 meson: specify when commands need to succeed in run_command
- !2364 tests: Allow `objcopy --help` to fail, because it fails on FreeBSD
- !2365 Add vfunc checks in gappinfo.c
- !2368 De-duplicate g_nearest_pow() implementation and add some overflow protections to g_ptr_array_maybe_expand(), g_string_maybe_expand() and g_string_chunk_insert_len()
- !2370 gqsort: Move test to glib/tests/
- !2371 Freeze notification during object destruction
- !2372 docs: Improve GVariant docs
- !2373 glib.supp: Suppress one-time allocation in g_get_home_dir()
- !2376 GSource: move test to glib/tests/
- !2379 Merging tests/bit-test.c into glib/tests/utils.c
- !2381 tests: Test the function forms of g_bit_*() APIs too
- !2382 gfileutils: Correctly reset start value when canonicalising paths
- !2385 gfileutils: Fix transfer annotation and whitespace issues
- !2386 docs: Add API documentation links to the README
- !2387 docs: Update the README a little
- !2390 Merging tests/child-test.c into glib/tests/spawn-multithreaded.c
- !2391 Removing redundant cxx test tests/cxx-test.cpp
- !2392 Move tests/completion-test.c to glib/tests/completion.c
- !2393 Removing unnecessary test on gdatetime.c
- !2396 fuzzing: Add a fuzz test for parsing DNS records
- !2397 Moving tests/dirname-test.c to glib/tests/fileutils.c
- !2398 fix /list/position test
* Translation updates:
- Croatian
- Friulian
- Galician
- Hebrew
- Indonesian
- Italian
- Latvian
- Lithuanian
- Occitan (post 1500)
- Persian
- Polish
- Portuguese
- Portuguese (Brazil)
- Romanian
- Russian
- Serbian
- Slovak
- Spanish
- Swedish
- Ukrainian
Overview of changes in GLib 2.70.3
* Several important fixes to FD handling in gspawn (#2503, #2506, #2580)
* Several important fixes to GDBus message and GVariant parsing of invalid data (#2557, #2572)
* Fix potential data loss due to missing fsync when saving files on btrfs (!2437)
* Bugs fixed:
- #2503 gspawn.c may clobber target fds
- #2506 gspawn.c fails to close child_err_report_fd if it is duped to avoid conflation with one of the target_fds
- #2557 Arrays of zero-element tuples with non-zero length lead to infinite loops in g_dbus_message_new_from_blob
- #2572 Check for GVariant recursion depth before recursing
- #2580 gspawn doesn't set CLOEXEC if close_range fails unexpectedly
- !2394 Backport !1968 “gspawn: Fix file descriptor conflation issues” to glib-2-70
- !2415 Backport !2412 “paramspec: fix unref annotation” to glib-2-70
- !2437 Backport !2425 “gfileutils: Remove outdated BTRFS fsync optimization from set_contents” to glib-2-70
- !2444 Backport !2435 “gspawn: Report errors with closing file descriptors between fork/exec” to glib-2-70
- !2455 Backport !2454 gdbusmessage and gvariant fixes to glib-2-70
* Translation updates:
- Czech
- Indonesian
- Italian
- Lithuanian
- Polish
- Portuguese
- Romanian
- Serbian
- Slovenian
- Spanish
- Swedish
- Turkish
- Ukrainian
Overview of changes in GLib 2.70.2
* Fix use of the default log writer with journald namespaces (diagnosis by Ilya Basin) (#2530)
* Fix hang in `dbus-daemon` under `GTestDBus` when `G_MESSAGES_DEBUG=all` is set (work by Marco Trevisan) (#2537)
* Speed up `g_canonicalize_filename()` to avoid pathogenic cases with `..` (work by Sebastian Wilhelmi) (#2541)
* Fix URI for pcre subproject as it’s moved upstream (work by Albert Astals Cid) (!2324)
* Fix storing GSettings dictionaries on macOS (work by Maurice) (#2527)
* Speed up ‘remove dot segments’ algorithm in `GUri` to avoid pathogenic cases with `..` (work by Sebastian Wilhelmi) (#2526)
* Fix infinite loops in D-Bus message parsing for truncated inputs (work by Sebastian Wilhelmi) (#2528)
* Improve correctness of version information returned by `g_get_os_info()` for Windows 10/Server 2019+ (work by Chun-wei Fan) (#2443)
* Bugs fixed:
- #2400 Use-after-free in invoke_set_property_in_idle_cb()
- #2426 GSettings delayed apply generates runtime warnings
- #2528 g_dbus_message_new_from_blob goes into infinite loop for certain inputs
- #2530 g_log_writer_is_journald fails if a Journal Namespace is used
- #2537 GTestDBus dbus daemon causes child process to hang when using verbose output
- #2541 g_canonicalize_filename should work in linear time complexity
- !2312 Backport !2265 “gdbusconnection: Fix race between method calls and object unregistration” to glib-2-70
- !2313 Backport !2260 “GWin32AppInfo: Remove assertion on the opened registry key” to glib-2-70
- !2314 Backport !2308 “gthread-win32: Remove an unnecessary volatile qualifier” to glib-2-70
- !2316 Backport !2309 “Rename libpcre.wrap to pcre.wrap” to glib-2-70
- !2320 Backport !2161 “gdelayedsettingsbackend: Fix applying after calling g_settings_reset()” to glib-2-70
- !2335 Backport !2324 “Fix link to pcre-8.37.tar.bz2” to glib-2-70
- !2337 Backport !2325 “Fix GSettings dict error macOS” to glib-2-70
- !2340 Backport !2338 “gmessages: Support namespaced journals” to glib-2-70
- !2344 Backport !2327 “guri: Improve performance of remove_dot_segments() algorithm” to glib-2-70
- !2356 Backport !2355 “gdbusmessage: Add more bounds checking when parsing D-Bus messages” to glib-2-70
- !2359 gutils.c: Improve g_get_os_info() for Windows 10/Server 2019+
- !2361 Backport !2354 “gtestdbus: Print the dbus address on a specific FD intead of stdout” to glib-2-70
- !2363 Backport !2360 “meson: specify when commands need to succeed in run_command” to glib-2-70
- !2366 Backport !2364 “tests: Allow `objcopy --help` to fail, because it fails on FreeBSD” to glib-2-70
- !2375 Backport !2374 “gfileutils: Improve performance of g_canonicalize_filename()” to glib-2-70
- !2383 Backport !2382 “gfileutils: Correctly reset start value when canonicalising paths” to glib-2-70
* Translation updates:
- Croatian
- Italian
- Occitan (post 1500)
- Polish
- Portuguese
- Portuguese (Brazil)
- Russian
- Swedish
- Ukrainian
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 5 Feb 2022 20:32:39 +0000 (21:32 +0100)]
git: Update to version 2.35.1
- Update from 2.34.1 to 2.35.1
- Update of rootfile not required
- Changelog
Git 2.35.1 Release Notes
* Git 2.35 shipped with a regression that broke use of "rebase" and
"stash" in a secondary worktree. This maintenance release ought to
fix it.
Git 2.35 Release Notes
Updates since Git 2.34
Backward compatibility warts
* "_" is now treated as any other URL-valid characters in an URL when
matching the per-URL configuration variable names.
* The color palette used by "git grep" has been updated to match that
of GNU grep.
Note to those who build from the source
* You may need to define NO_UNCOMPRESS2 Makefile macro if you build
with zlib older than 1.2.9.
* If your compiler cannot grok C99, the build will fail. See the
instruction at the beginning of git-compat-util.h if this happens
to you.
UI, Workflows & Features
* "git status --porcelain=v2" now show the number of stash entries
with --show-stash like the normal output does.
* "git stash" learned the "--staged" option to stash away what has
been added to the index (and nothing else).
* "git var GIT_DEFAULT_BRANCH" is a way to see what name is used for
the newly created branch if "git init" is run.
* Various operating modes of "git reset" have been made to work
better with the sparse index.
* "git submodule deinit" for a submodule whose .git metadata
directory is embedded in its working tree refused to work, until
the submodule gets converted to use the "absorbed" form where the
metadata directory is stored in superproject, and a gitfile at the
top-level of the working tree of the submodule points at it. The
command is taught to convert such submodules to the absorbed form
as needed.
* The completion script (in contrib/) learns that the "--date"
option of commands from the "git log" family takes "human" and
"auto" as valid values.
* "Zealous diff3" style of merge conflict presentation has been added.
* The "git log --format=%(describe)" placeholder has been extended to
allow passing selected command-line options to the underlying "git
describe" command.
* "default" and "reset" have been added to our color palette.
* The cryptographic signing using ssh keys can specify literal keys
for keytypes whose name do not begin with the "ssh-" prefix by
using the "key::" prefix mechanism (e.g. "key::ecdsa-sha2-nistp256").
* "git fetch" without the "--update-head-ok" option ought to protect
a checked out branch from getting updated, to prevent the working
tree that checks it out to go out of sync. The code was written
before the use of "git worktree" got widespread, and only checked
the branch that was checked out in the current worktree, which has
been updated.
* "git name-rev" has been tweaked to give output that is shorter and
easier to understand.
* "git apply" has been taught to ignore a message without a patch
with the "--allow-empty" option. It also learned to honor the
"--quiet" option given from the command line.
* The "init" and "set" subcommands in "git sparse-checkout" have been
unified for a better user experience and performance.
* Many git commands that deal with working tree files try to remove a
directory that becomes empty (i.e. "git switch" from a branch that
has the directory to another branch that does not would attempt
remove all files in the directory and the directory itself). This
drops users into an unfamiliar situation if the command was run in
a subdirectory that becomes subject to removal due to the command.
The commands have been taught to keep an empty directory if it is
the directory they were started in to avoid surprising users.
* "git am" learns "--empty=(stop|drop|keep)" option to tweak what is
done to a piece of e-mail without a patch in it.
* The default merge message prepared by "git merge" records the name
of the current branch; the name can be overridden with a new option
to allow users to pretend a merge is made on a different branch.
* The way "git p4" shows file sizes in its output has been updated to
use human-readable units.
* "git -c branch.autosetupmerge=inherit branch new old" makes "new"
to have the same upstream as the "old" branch, instead of marking
"old" itself as its upstream.
Performance, Internal Implementation, Development Support etc.
* The use of errno as a means to carry the nature of error in the ref
API implementation has been reworked and reduced.
* Teach and encourage first-time contributors to this project to
state the base commit when they submit their topic.
* The command line completion for "git send-email" options have been
tweaked to make it easier to keep it in sync with the command itself.
* Ensure that the sparseness of the in-core index matches the
index.sparse configuration specified by the repository immediately
after the on-disk index file is read.
* Code clean-up to eventually allow information on remotes defined
for an arbitrary repository to be read.
* Build optimization.
* Tighten code for testing pack-bitmap.
* Weather balloon to break people with compilers that do not support
C99.
* The "reftable" backend for the refs API, without integrating into
the refs subsystem, has been added.
* More tests are marked as leak-free.
* The test framework learns to list unsatisfied test prerequisites,
and optionally error out when prerequisites that are expected to be
satisfied are not.
* The default setting for trace2 event nesting was too low to cause
test failures, which is worked around by bumping it up in the test
framework.
* Drop support for TravisCI and update test workflows at GitHub.
* Many tests that used to need GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME
mechanism to force "git" to use 'master' as the default name for
the initial branch no longer need it; the use of the mechanism from
them have been removed.
* Allow running our tests while disabling fsync.
* Document the parameters given to the reflog entry iterator callback
functions.
(merge e6e94f34b2 jc/reflog-iterator-callback-doc later to maint).
* The test helper for refs subsystem learned to write bogus and/or
nonexistent object name to refs to simulate error situations we
want to test Git in.
* "diff --histogram" optimization.
* Weather balloon to find compilers that do not grok variable
declaration in the for() loop.
* diff and blame commands have been taught to work better with sparse
index.
* The chainlint test script linter in the test suite has been updated.
* The DEVELOPER=yes build uses -std=gnu99 now.
* "git format-patch" uses a single rev_info instance and then exits.
Mark the structure with UNLEAK() macro to squelch leak sanitizer.
* New interface into the tmp-objdir API to help in-core use of the
quarantine feature.
* Broken &&-chains in the test scripts have been corrected.
* The RCS keyword substitution in "git p4" used to be done assuming
that the contents are UTF-8 text, which can trigger decoding
errors. We now treat the contents as a bytestring for robustness
and correctness.
* The conditions to choose different definitions of the FLEX_ARRAY
macro for vendor compilers has been simplified to make it easier to
maintain.
* Correctness and performance update to "diff --color-moved" feature.
* "git upload-pack" (the other side of "git fetch") used a 8kB buffer
but most of its payload came on 64kB "packets". The buffer size
has been enlarged so that such a packet fits.
* "git fetch" and "git pull" are now declared sparse-index clean.
Also "git ls-files" learns the "--sparse" option to help debugging.
* Similar message templates have been consolidated so that
translators need to work on fewer number of messages.
Fixes since v2.34
* "git grep" looking in a blob that has non-UTF8 payload was
completely broken when linked with certain versions of PCREv2
library in the latest release.
* Other code cleanup, docfix, build fix, etc.
* "git pull" with any strategy when the other side is behind us
should succeed as it is a no-op, but doesn't.
* An earlier change in 2.34.0 caused JGit application (that abused
GIT_EDITOR mechanism when invoking "git config") to get stuck with
a SIGTTOU signal; it has been reverted.
* An earlier change that broke .gitignore matching has been reverted.
* Things like "git -c branch.sort=bogus branch new HEAD", i.e. the
operation modes of the "git branch" command that do not need the
sort key information, no longer errors out by seeing a bogus sort
key.
(merge 98e7ab6d42 jc/fix-ref-sorting-parse later to maint).
* The compatibility implementation for unsetenv(3) were written to
mimic ancient, non-POSIX, variant seen in an old glibc; it has been
changed to return an integer to match the more modern era.
(merge a38989bd5b jc/unsetenv-returns-an-int later to maint).
* The clean/smudge conversion code path has been prepared to better
work on platforms where ulong is narrower than size_t.
(merge 596b5e77c9 mc/clean-smudge-with-llp64 later to maint).
* Redact the path part of packfile URI that appears in the trace output.
(merge 0ba558ffb1 if/redact-packfile-uri later to maint).
* CI has been taught to catch some Unicode directional formatting
sequence that can be used in certain mischief.
(merge 0e7696c64d js/ci-no-directional-formatting later to maint).
* The "--date=format:<strftime>" gained a workaround for the lack of
system support for a non-local timezone to handle "%s" placeholder.
(merge 9b591b9403 jk/strbuf-addftime-seconds-since-epoch later to maint).
* The "merge" subcommand of "git jump" (in contrib/) silently ignored
pathspec and other parameters.
(merge 67ba13e5a4 jk/jump-merge-with-pathspec later to maint).
* The code to decode the length of packed object size has been
corrected.
(merge 34de5b8eac jt/pack-header-lshift-overflow later to maint).
* The advice message given by "git pull" when the user hasn't made a
choice between merge and rebase still said that the merge is the
default, which no longer is the case. This has been corrected.
(merge 71076d0edd ah/advice-pull-has-no-preference-between-rebase-and-merge later to maint).
* "git fetch", when received a bad packfile, can fail with SIGPIPE.
This wasn't wrong per-se, but we now detect the situation and fail
in a more predictable way.
(merge 2a4aed42ec jk/fetch-pack-avoid-sigpipe-to-index-pack later to maint).
* The function to cull a child process and determine the exit status
had two separate code paths for normal callers and callers in a
signal handler, and the latter did not yield correct value when the
child has caught a signal. The handling of the exit status has
been unified for these two code paths. An existing test with
flakiness has also been corrected.
(merge 5263e22cba jk/t7006-sigpipe-tests-fix later to maint).
* When a non-existent program is given as the pager, we tried to
reuse an uninitialized child_process structure and crashed, which
has been fixed.
(merge f917f57f40 em/missing-pager later to maint).
* The single-key-input mode in "git add -p" had some code to handle
keys that generate a sequence of input via ReadKey(), which did not
handle end-of-file correctly, which has been fixed.
(merge fc8a8126df cb/add-p-single-key-fix later to maint).
* "git rebase -x" added an unnecessary 'exec' instructions before
'noop', which has been corrected.
(merge cc9dcdee61 en/rebase-x-fix later to maint).
* When the "git push" command is killed while the receiving end is
trying to report what happened to the ref update proposals, the
latter used to die, due to SIGPIPE. The code now ignores SIGPIPE
to increase our chances to run the post-receive hook after it
happens.
(merge d34182b9e3 rj/receive-pack-avoid-sigpipe-during-status-reporting later to maint).
* "git worktree add" showed "Preparing worktree" message to the
standard output stream, but when it failed, the message from die()
went to the standard error stream. Depending on the order the
stdio streams are flushed at the program end, this resulted in
confusing output. It has been corrected by sending all the chatty
messages to the standard error stream.
(merge b50252484f es/worktree-chatty-to-stderr later to maint).
* Coding guideline document has been updated to clarify what goes to
standard error in our system.
(merge e258eb4800 es/doc-stdout-vs-stderr later to maint).
* The sparse-index/sparse-checkout feature had a bug in its use of
the matching code to determine which path is in or outside the
sparse checkout patterns.
(merge 8c5de0d265 ds/sparse-deep-pattern-checkout-fix later to maint).
* "git rebase -x" by mistake started exporting the GIT_DIR and
GIT_WORK_TREE environment variables when the command was rewritten
in C, which has been corrected.
(merge 434e0636db en/rebase-x-wo-git-dir-env later to maint).
* When "git log" implicitly enabled the "decoration" processing
without being explicitly asked with "--decorate" option, it failed
to read and honor the settings given by the "--decorate-refs"
option.
* "git fetch --set-upstream" did not check if there is a current
branch, leading to a segfault when it is run on a detached HEAD,
which has been corrected.
(merge 17baeaf82d ab/fetch-set-upstream-while-detached later to maint).
* Among some code paths that ask an yes/no question, only one place
gave a prompt that looked different from the others, which has been
updated to match what the others create.
(merge 0fc8ed154c km/help-prompt-fix later to maint).
* "git log --invert-grep --author=<name>" used to exclude commits
written by the given author, but now "--invert-grep" only affects
the matches made by the "--grep=<pattern>" option.
(merge 794c000267 rs/log-invert-grep-with-headers later to maint).
* "git grep --perl-regexp" failed to match UTF-8 characters with
wildcard when the pattern consists only of ASCII letters, which has
been corrected.
(merge 32e3e8bc55 rs/pcre2-utf later to maint).
* Certain sparse-checkout patterns that are valid in non-cone mode
led to segfault in cone mode, which has been corrected.
* Use of certain "git rev-list" options with "git fast-export"
created nonsense results (the worst two of which being "--reverse"
and "--invert-grep --grep=<foo>"). The use of "--first-parent" is
made to behave a bit more sensible than before.
(merge 726a228dfb ws/fast-export-with-revision-options later to maint).
* Perf tests were run with end-user's shell, but it has been
corrected to use the shell specified by $TEST_SHELL_PATH.
(merge 9ccab75608 ja/perf-use-specified-shell later to maint).
* Fix dependency rules to generate hook-list.h header file.
(merge d3fd1a6667 ab/makefile-hook-list-dependency-fix later to maint).
* "git stash" by default triggers its "push" action, but its
implementation also made "git stash -h" to show short help only for
"git stash push", which has been corrected.
(merge ca7990cea5 ab/do-not-limit-stash-help-to-push later to maint).
* "git apply --3way" bypasses the attempt to do a three-way
application in more cases to address the regression caused by the
recent change to use direct application as a fallback.
(merge 34d607032c jz/apply-3-corner-cases later to maint).
* Fix performance-releated bug in "git subtree" (in contrib/).
(merge 3ce8888fb4 jl/subtree-check-parents-argument-passing-fix later to maint).
* Extend the guidance to choose the base commit to build your work
on, and hint/nudge contributors to read others' changes.
(merge fdfae830f8 jc/doc-submitting-patches-choice-of-base later to maint).
* A corner case bug in the ort merge strategy has been corrected.
(merge d30126c20d en/merge-ort-renorm-with-rename-delete-conflict-fix later to maint).
* "git stash apply" forgot to attempt restoring untracked files when
it failed to restore changes to tracked ones.
(merge 71cade5a0b en/stash-df-fix later to maint).
* Calling dynamically loaded functions on Windows has been corrected.
(merge 4a9b204920 ma/windows-dynload-fix later to maint).
* Some lockfile code called free() in signal-death code path, which
has been corrected.
(merge 58d4d7f1c5 ps/lockfile-cleanup-fix later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge 74db416c9c cw/protocol-v2-doc-fix later to maint).
(merge f9b2b6684d ja/doc-cleanup later to maint).
(merge 7d1b866778 jc/fix-first-object-walk later to maint).
(merge 538ac74604 js/trace2-avoid-recursive-errors later to maint).
(merge 152923b132 jk/t5319-midx-corruption-test-deflake later to maint).
(merge 9081a421a6 ab/checkout-branch-info-leakfix later to maint).
(merge 42c456ff81 rs/mergesort later to maint).
(merge ad506e6780 tl/midx-docfix later to maint).
(merge bf5b83fd8a hk/ci-checkwhitespace-commentfix later to maint).
(merge 49f1eb3b34 jk/refs-g11-workaround later to maint).
(merge 7d3fc7df70 jt/midx-doc-fix later to maint).
(merge 7b089120d9 hn/create-reflog-simplify later to maint).
(merge 9e12400da8 cb/mingw-gmtime-r later to maint).
(merge 0bf0de6cc7 tb/pack-revindex-on-disk-cleanup later to maint).
(merge 2c68f577fc ew/cbtree-remove-unused-and-broken-cb-unlink later to maint).
(merge eafd6e7e55 ab/die-with-bug later to maint).
(merge 91028f7659 jc/grep-patterntype-default-doc later to maint).
(merge 47ca93d071 ds/repack-fixlets later to maint).
(merge e6a9bc0c60 rs/t4202-invert-grep-test-fix later to maint).
(merge deb5407a42 gh/gpg-doc-markup-fix later to maint).
(merge 999bba3e0b rs/daemon-plug-leak later to maint).
(merge 786eb1ba39 js/l10n-mention-ngettext-early-in-readme later to maint).
(merge 2f12b31b74 ab/makefile-msgfmt-wo-stats later to maint).
(merge 0517f591ca fs/gpg-unknown-key-test-fix later to maint).
(merge 97d6fb5a1f ma/header-dup-cleanup later to maint).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3370000 to 3370200
- Update of rootfile not required
- Changelog
Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption
if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other
changes are made, and then the outer transaction commits. Check-in 73c2b50211d3ae26
Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a
cache of the bytecode used to implement the cascading change was not being reset
following a local DDL change. Check-in 5232c9777fe4fb13.
Other minor fixes that should not impact production builds.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 5 Feb 2022 12:01:43 +0000 (13:01 +0100)]
lua: Update to version 5.4.4
- Update from 5.4.3 to 5.4.4
- Update of rootfile
- Update of pkgconfig file
- Changelog
11 bugs from version 5.4.3 or earlier fixed
See https://www.lua.org/bugs.html#5.4.3 for details
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 5 Feb 2022 12:01:30 +0000 (13:01 +0100)]
libgpg-error: Update to version 1.44
- Update from 1.43 to 1.44
- Update of rootfile
- Changelog
Noteworthy changes in version 1.44 (More details can be found in the ChangeLog file in
the source tarball which lists each commit)
* Fix dependency to gpg-error-config-test.sh. [T5696]
* Run the posix locking test only on supported platforms. [T5699]
* Detect Linux systems using musl. [T5762]
* Fix gpg-error-config-test for PKG_CONFIG_LIBDIR. [T5740]
* Fix returning of option attributes for options with args. [T5799]
* Add Turkish translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 5 Feb 2022 12:01:10 +0000 (13:01 +0100)]
libcap: Update to version 2.63
- Update from 2.61 to 2.63
- Update of rootfile
- Changelog
Release notes for 2.63
Restore errno to zero by the time main() is executed
Bug reported by Yang Xu
Consistent psx handling (a panic) for syscalls that return thread dependent status
Inconsistend behavior noticed by Lorenz Bauer (Bug: 215283)
Add a test case for a deadlock under investigation in golang #50113
Bug reported by Weixiao Huang
Trim some of the #include file use to make the tree compile more efficiently
Release notes for 2.62
Bug fix for Go package "cap" and launching:
There was a race condition, reported by Lorenz Bauer (Bug: 215283)
Build cleanups:
David Seifert cleaned up warnings for 32-bit builds
No longer use Perl in the libcap build process (Gentoo had a compelling reason to
avoid this dependency)
Documentation updates: cap_max_bits has a man page entry; Go module cap updates for
Launch detail.
Recognize default securebits as a libcap mode: HYBRID.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Fri, 4 Feb 2022 16:47:25 +0000 (16:47 +0000)]
binutils+gcc: Fix that the toolchain compiler is trying to link against host libraries
Binutils and GCC were misconfigured and used host libraries to build
toolchain programs. That resulted in that those programs were correctly
linked, but could not be executed, because the runtime linker did not
search in the host system.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Feb 2022 16:47:21 +0000 (16:47 +0000)]
gcc: toolchain stage 2: Set sysroot to /tools_${arch}
The stage 2 compiler was looking for libraries outside the bootstrapped
toolchain environment which causes that linked programs cannot be
executied because the runtime linker only looks for libraries inside the
toolchain environment.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:52:38 +0000 (22:52 +0100)]
poppler: Update to version 22.02.0
- Update from 21.11.0 to 22.02.0
- Update of rootfile
- Changelog
Release 22.02.0:
core:
* Signature: Add a way to detect unsigned FormFieldSignature
* Signature: Suport background image when using left and right text
* Signature: Fix path where to search for Firefox NSS in Windows
* Signature: Fix NSS code to work correctly in Windows/Android
* Count only signature fields in PDFDoc::getNumSignatureFields
* Minor code improvements
qt:
* Allow signing unsigned signature fields
* Allow passing a background image for the signature when signing
* Allow passing the document password when signing
* Fix leftFontSize being ignored when signing
glib:
* try with utf8 password if latin1 fails
* New method for getting all signature fields of a document
* Fix compile with MSVC
utils:
* pdfsig: Fix compile with MSVC
build system:
* Fix NSS cmake check for MSVC
Release 22.01.0:
core:
* Allow local (relative to dll) fonts dir on Windows
* TextOutputDev: require more spacing between columns. Issue #1093
* Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183
* Fix crash when calling Form::reset()
* GfxSeparationColorSpace: Check validity of colorspace and function. Issue #1184
* Minor code improvements
glib:
* Include glib.h before using defines from it
* Close file descriptors on error
* Plug some memory leaks
* Replace use of deprecated g_memdup/g_time_zone_new
* Remove FD-taking functions on windows
utils:
* pdfsig: Add support for documents with passwords
* pdfsig: Fix signing with -sign if nss password is needed
Release 21.12.0:
core:
* Add API to add images
* CairoOutputDev: Fix de-duping of Flate images
* Fix crash on broken files when using non-default ENABLE_ZLIB_UNCOMPRESS. Issue #393
* Minor code improvements
glib:
* Add API for validation of signatures
* Add API to read/save to file descriptor
utils:
* pdftohtml: Reduce sensitivity of duplicate detection. Issue #1117
build system:
* Increase C++ standard to 17
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:53:04 +0000 (22:53 +0100)]
samba: Update to version 4.15.5
- Update from 4.14.6 to 4.15.5
- Update of rootfile
- Changelog is too long to include everything. Full details can be found in the
WHATSNEW.txt file in the source tarball. The following highlights those releases
that were security releases. The other releases had a range of bug fixes.
4.15.5 is a security release and includes the following CVE fixes
o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target
of a symlink exists.
https://www.samba.org/samba/security/CVE-2021-44141.html
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
4.15.2 was a security release and included the following CVE fixes
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
(PLEASE READ! There are important behaviour changes described)
o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
o CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
4.14.12 was a security release and included the following CVE fixes
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
4.14.10 was a security release and included the following CVE fixes
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
(PLEASE READ! There are important behaviour changes described)
o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
o CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:53:25 +0000 (22:53 +0100)]
sdl2: Update to version 2.0.20
- Update from 2.0.18 to 2.0.20
- Update of rootfile
- Changelog
2.0.20:
General:
* SDL_RenderGeometryRaw() takes a pointer to SDL_Color, not int. You can cast color
data in SDL_PIXELFORMAT_RGBA32 format (SDL_PIXELFORMAT_ABGR8888 on little endian
systems) for this parameter.
* Improved accuracy of horizontal and vertical line drawing when using OpenGL or
OpenGLES
* Added the hint SDL_HINT_RENDER_LINE_METHOD to control the method of line drawing
used, to select speed, correctness, and compatibility.
Windows:
* Fixed size of custom cursors
Linux:
* Fixed hotplug controller detection, broken in 2.0.18
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 2 Feb 2022 13:09:24 +0000 (14:09 +0100)]
manualpages: Update to include addon help links for addons with menu entries
- Some addons have menu entries and currentlky these do not have any links to their
help pages
- Ran check_manualpages and confirmed that all links to wiki pages are existing.
- Tested for guardian and wio
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 28 Jan 2022 13:08:00 +0000 (14:08 +0100)]
p11-kit: Update to version 0.24.1
- Update from 0.24.0 to 0.24.1
- Update of rootfile not required
- Changelog
0.24.1 (stable)
* rpc: Support protocol version negotiation [PR#371, PR#385]
* proxy: Support copying attribute array recursively [PR#368]
* Link libp11-kit so that it cannot unload [PR#383]
* Translation improvements [PR#381]
* Build fixes [PR#372, PR#373, PR#375, PR#377, PR#384, PR#407]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 28 Jan 2022 13:07:40 +0000 (14:07 +0100)]
mdadm: Update to version 4.2
- Update from 4.1 to 4.2
- Update of rootfile not required
- Changelog is no longer updated. The package directs you to the git commits to find
the changes. https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/log/
- Announcement of update says-
The release includes more than two years of development and bugfixes,
so it is difficult to remember everything. Highlights include
enhancements and bug fixes including for IMSM RAID, Partial Parity
Log, clustered RAID support, improved testing, and gcc-9 support.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
checkrootfiles: exclude some rust paks and fix armv6l
some new rust packages contain files with x86_64 or aarch64 on
all archictectures. They are now excluded from check.
also this fix the check for armv6l.
Michael Tremer [Mon, 31 Jan 2022 13:30:20 +0000 (14:30 +0100)]
rust-pyo3: New package.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / pmueller / ipfire-2.x.git / log
