Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Tested-by: Adolf Belka <adolf.belka@ipfire.org> Tested-by: Bernhard Bitsch <bernhard.bitsch@ipfire.org>
Stefan Schantl [Wed, 23 Mar 2022 17:08:52 +0000 (18:08 +0100)]
rules.pl: Fix creating rules for location based groups.
The former used hash value only contains the country code when
a rule for a single country should be created.
In case a location group is used the hash value refers to the group name,
which does not work here.
The required country code is part of the processed string and can be omitted
from here. This works well for single codes and location groups, because those
are processed in a loop.
Fixes #12809.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Wed, 23 Mar 2022 17:08:52 +0000 (18:08 +0100)]
rules.pl: Fix creating rules for location based groups.
The former used hash value only contains the country code when
a rule for a single country should be created.
In case a location group is used the hash value refers to the group name,
which does not work here.
The required country code is part of the processed string and can be omitted
from here. This works well for single codes and location groups, because those
are processed in a loop.
Fixes #12809.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Wed, 23 Mar 2022 11:18:34 +0000 (11:18 +0000)]
firewall: Fix placement of HOSTILE chains
They were mistakenly placed after the IPS chains in commit 7b529f5417254c68b6bd33732f30578182893d34, but should be placed after the
connection tracking and before the IPS.
Fixes: #12815 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 22 Mar 2022 15:24:49 +0000 (15:24 +0000)]
linux-firmware: Compress firmware on disk
This patch enabled that we can compress any firmware files on disk. This
will save some space since /lib/firmware is becoming larger with every
release.
From formerly 828MiB, this is now using ~349MiB which is a saving of
about 480MiB on disk. This is helping us a lot fighting to contain the
distribution to 2GB on /.
Some other firmware that is installed in other packages is not
compressed with this patch which is a bit sad, but potentially not worth
the effort.
In order to ship this change with a Core Update, it might be intuitive
to remove /lib/firmware first and then extract the new update with all
new files. However, I do not know if this all will compress as well as
before since now the files are already individually compressed. It might
be a challenge to ship this.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 23 Mar 2022 11:18:34 +0000 (11:18 +0000)]
firewall: Fix placement of HOSTILE chains
They were mistakenly placed after the IPS chains in commit 7b529f5417254c68b6bd33732f30578182893d34, but should be placed after the
connection tracking and before the IPS.
Fixes: #12815 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 22 Mar 2022 17:32:03 +0000 (18:32 +0100)]
bind: Update to 9.16.27
For details see:
https://downloads.isc.org/isc/bind9/9.16.27/doc/arm/html/notes.html#notes-for-bind-9-16-27
"Security Fixes
The rules for acceptance of records into the cache have been
tightened to prevent the possibility of poisoning if forwarders send
records outside the configured bailiwick. (CVE-2021-25220)
ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from
Network and Information Security Lab, Tsinghua University, and
Changgen Zou from Qi An Xin Group Corp. for bringing this
vulnerability to our attention. [GL #2950]
TCP connections with keep-response-order enabled could leave the TCP
sockets in the CLOSE_WAIT state when the client did not properly
shut down the connection. (CVE-2022-0396) [GL #3112]
Feature Changes
DEBUG(1)-level messages were added when starting and ending the BIND
9 task-exclusive mode that stops normal DNS operation (e.g. for
reconfiguration, interface scans, and other events that require
exclusive access to a shared resource). [GL #3137]
Bug Fixes
The max-transfer-time-out and max-transfer-idle-out options were not
implemented when the BIND 9 networking stack was refactored in 9.16.
The missing functionality has been re-implemented and outgoing zone
transfers now time out properly when not progressing. [GL #1897]
TCP connections could hang indefinitely if the other party did not
read sent data, causing the TCP write buffers to fill. This has been
fixed by adding a “write” timer. Connections that are hung while
writing now time out after the tcp-idle-timeout period has elapsed.
[GL #3132]
The statistics counter representing the current number of clients
awaiting recursive resolution results (RecursClients) could
be miscalculated in certain resolution scenarios, potentially
causing the value of the counter to drop below zero. This has been
fixed. [GL #3147]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 22 Mar 2022 17:37:43 +0000 (18:37 +0100)]
rrdtool: Update to 1.8.0
For details see:
https://github.com/oetiker/rrdtool-1.x/releases/tag/v1.8.0
"Bugfixes
python bindings: properly convert double values of rrd info
failed to expand 'Py_UNUSED', Invalid usage when expanding 'Py_UNUSED'
document --showtime in xport help output
fix --use-nan-for-all-missing-data
update rrdruby.pod
add missing rrdruby.pod and rrdpython.pod to dist
Set first_weekday to 0 (Sunday), when HAVE__NL_TIME_WEEK_1STDAY is not defined
fix median calculation for all NaN inputs
fix potential leak in xport during failure
fix many warnings raised by Cppcheck
fix many compiler warnings from latest gcc
ensure proper initialization in rrd_daemon
cleanup testsuite
better testing
avoid invalid read in rrd_client
add symbols from rrdc to librrd
Fix duplicate write_changes_to_disk() calls when HAVE_LIBRADOS is true and HAVE_MMAP is false
documentation updates
for SMIN example in docs
fix for pyton3 compatibility
freemem only for valid status <Christian Kr"oger>
fix double meaning of time 0 as uninitialized value
fix for zfs not supporting fallocate. this makes resize work on zfs
add rrdrados.pod to dist
fetch - do not call rrd_freemem on uninitialized pointers
use separate pango fontmap per thread
switch to python 3
do not leak filename when opening a broken file
fix leaks in rrdcached
avoid segfault when flushing cache
escape json in legend entries
fix leak in xport
make rrdcgi param parsing more robust
fix race in journal_write"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 21 Mar 2022 15:35:22 +0000 (15:35 +0000)]
Core Update 166: Perform spring clean of orphaned files
On an IPFire installation that has been around since Core Update 110
(released April 28, 2017), these files have been identified as being
orphaned, comparing to a fresh installation of Core Update 164.
To avoid such a list of files agglomerating, persons responsible for a
Core Update should check whether an updated package contains deleted
files in its rootfile. If so, they should be deleted on existing systems
via update.sh as well.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Tue, 22 Mar 2022 10:42:51 +0000 (10:42 +0000)]
strongswan: Remove redundant iptables rules
We used to create some iptables rules that permitted traffic to the
firewall from IPsec peers. This however doesn't work due to changes in
iana-etc and it looks like those rules are entirely absolete now.
This patch removes them which should not cause any functional changes.
Fixes: #12808 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org>
Jon Murphy [Thu, 17 Mar 2022 17:06:29 +0000 (12:06 -0500)]
Nano: Move nano editor from packages to core system
- this will not change the default editor `vim`
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 21 Mar 2022 13:47:58 +0000 (13:47 +0000)]
Improve README and CONTRIBUTING
- Strip tailing whitespaces
- Use shorter line length to make reading the files with editors or
terminals without automatic line break easier
- Slightly improve the content of these files
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Jonatan Schlag [Tue, 8 Mar 2022 11:18:24 +0000 (12:18 +0100)]
Add Readme and Contributing guidelines.
For people which just have found our source code especially over GitHub
sometimes seem to have problems finding out how to contribute. This is
sad as it prevents us building a bigger community. While we have a wiki
which conatins a lot informations, this seems to get overlooked. I guess
a contributing fact is that most software today has these informations
contained in the repository itself. While I am not going to duplicate
the wiki to have these informations in our repository I still think it
is a good idea to have a short guide to lead new contributers into the
right direction.
Someone now could argue that new people just a too * to look at the
right place and that's why we do not need these documents. I do not
think so because of several points:
First people get used to look for information at a readme. I guees that
is because of the fact both GitHub and Gitlab place the readme so
prominently.
Second starting in a new project is hard. Finding the right place where
to start is also not easy as every project is different. Giving people a
short introduction what the first steps could be is definitely needed.
Peter Müller [Mon, 21 Mar 2022 11:44:48 +0000 (11:44 +0000)]
Core Update 166: Drop old 2007 Pakfire key, and remove it from existing installations
It is not necessary to have this key present on IPFire systems anymore,
since it has not been in use for years, and we can expect systems to be
sufficiently up-to-date, so they no longer need to rely on old updates
or add-ons signed with this key.
Also, given the current key was generated in 2018, we should consider a
Pakfire key rollover soon.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 17 Mar 2022 21:27:15 +0000 (22:27 +0100)]
sysvinit: Update rootfile to fix bug 12797
- In sysvinit-2.97 (Dec2020) a patch was added which allows init to load configuration data
from files stored in /etc/inittab.d/
This modification would have come in with Core Update 155.
- When sysvinit was updated from 2.88dsf to 2.98 the /etc/inittab.d/ directory in the
rootfile was commented out.
Sysvinit looks to see if there are any files in inittab.d but as that directory does not
exist then the message "No inittab.d directory found" is written during the boot and is
also shown in the log summary.
- This patch uncomments the directory so that it will be present. No files will be placed
in it but its prescence will stop the error message being shown during boot.
Fixes: Bug #12797 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 19 Mar 2022 16:35:35 +0000 (16:35 +0000)]
Drop orphaned ovpn-ccd-convert script
This script appeared in the rootfiles for Core Updates 65 and 66, being
released in late 2012 and early 2013. It is not used elsewhere, and
there is no sense in keeping it around on IPFire installations.
Should this patch be accepted, a corresponding 'rm' statement is
necessary in the update.sh script of the Core Update it will go into.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 16 Mar 2022 16:09:12 +0000 (17:09 +0100)]
apache: Update to 2.4.53
For details see:
https://dlcdn.apache.org/httpd/CHANGES_2.4.53
Short summary of the most important SECURITY changes:
"Changes with Apache 2.4.53
*) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds
(cve.mitre.org)
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP
Server allows an attacker to overwrite heap memory with possibly
attacker provided data.
This issue affects Apache HTTP Server 2.4 version 2.4.52 and
prior versions.
Credits: Ronald Crane (Zippenhop LLC)
*) SECURITY: CVE-2022-22721: core: Possible buffer overflow with
very large or unlimited LimitXMLRequestBody (cve.mitre.org)
If LimitXMLRequestBody is set to allow request bodies larger
than 350MB (defaults to 1M) on 32 bit systems an integer
overflow happens which later causes out of bounds writes.
This issue affects Apache HTTP Server 2.4.52 and earlier.
Credits: Anonymous working with Trend Micro Zero Day Initiative
*) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability
in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org)
Apache HTTP Server 2.4.52 and earlier fails to close inbound
connection when errors are encountered discarding the request
body, exposing the server to HTTP Request Smuggling
Credits: James Kettle <james.kettle portswigger.net>
*) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of
in r:parsebody (cve.mitre.org)
A carefully crafted request body can cause a read to a random
memory area which could cause the process to crash.
This issue affects Apache HTTP Server 2.4.52 and earlier.
Credits: Chamal De Silva
..."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 15 Mar 2022 17:25:57 +0000 (18:25 +0100)]
ids-functions.pl: Skip deleted.rules files
These rulefiles are used by various providers as a kind of reference and
to store rules which have been taken out for correctness, performance
reasons or because of other reasons.
Fixes #12794.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Mar 2022 17:51:13 +0000 (17:51 +0000)]
openssl: Update to 1.1.1n
OpenSSL Security Advisory [15 March 2022]
============================================
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(CVE-2022-0778)
==================================================================================
Severity: High
The BN_mod_sqrt() function, which computes a modular square root,
contains
a bug that can cause it to loop forever for non-prime moduli.
Internally this function is used when parsing certificates that contain
elliptic curve public keys in compressed form or explicit elliptic curve
parameters with a base point encoded in compressed form.
It is possible to trigger the infinite loop by crafting a certificate
that
has invalid explicit curve parameters.
Since certificate parsing happens prior to verification of the
certificate
signature, any process that parses an externally supplied certificate
may thus
be subject to a denial of service attack. The infinite loop can also be
reached when parsing crafted private keys as they can contain explicit
elliptic curve parameters.
Thus vulnerable situations include:
- TLS clients consuming server certificates
- TLS servers consuming client certificates
- Hosting providers taking certificates or private keys from customers
- Certificate authorities parsing certification requests from
subscribers
- Anything else which parses ASN.1 elliptic curve parameters
Also any other applications that use the BN_mod_sqrt() where the
attacker
can control the parameter values are vulnerable to this DoS issue.
In the OpenSSL 1.0.2 version the public key is not parsed during initial
parsing of the certificate which makes it slightly harder to trigger
the infinite loop. However any operation which requires the public key
from the certificate will trigger the infinite loop. In particular the
attacker can use a self-signed certificate to trigger the loop during
verification of the certificate signature.
This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was
addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022.
OpenSSL 1.0.2 users should upgrade to 1.0.2zd (premium support customers
only)
OpenSSL 1.1.1 users should upgrade to 1.1.1n
OpenSSL 3.0 users should upgrade to 3.0.2
This issue was reported to OpenSSL on the 24th February 2022 by Tavis
Ormandy
from Google. The fix was developed by David Benjamin from Google and
Tomáš Mráz
from OpenSSL.
Note
====
OpenSSL 1.0.2 is out of support and no longer receiving public updates.
Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html
OpenSSL 1.1.0 is out of support and no longer receiving updates of any
kind.
It is affected by the issue.
Users of these versions should upgrade to OpenSSL 3.0 or 1.1.1.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20220315.txt
Note: the online version of the advisory may be updated with additional
details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 15 Mar 2022 17:25:57 +0000 (18:25 +0100)]
ids-functions.pl: Skip deleted.rules files
These rulefiles are used by various providers as a kind of reference and
to store rules which have been taken out for correctness, performance
reasons or because of other reasons.
Fixes #12794.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Mar 2022 17:51:13 +0000 (17:51 +0000)]
openssl: Update to 1.1.1n
OpenSSL Security Advisory [15 March 2022]
============================================
Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(CVE-2022-0778)
==================================================================================
Severity: High
The BN_mod_sqrt() function, which computes a modular square root,
contains
a bug that can cause it to loop forever for non-prime moduli.
Internally this function is used when parsing certificates that contain
elliptic curve public keys in compressed form or explicit elliptic curve
parameters with a base point encoded in compressed form.
It is possible to trigger the infinite loop by crafting a certificate
that
has invalid explicit curve parameters.
Since certificate parsing happens prior to verification of the
certificate
signature, any process that parses an externally supplied certificate
may thus
be subject to a denial of service attack. The infinite loop can also be
reached when parsing crafted private keys as they can contain explicit
elliptic curve parameters.
Thus vulnerable situations include:
- TLS clients consuming server certificates
- TLS servers consuming client certificates
- Hosting providers taking certificates or private keys from customers
- Certificate authorities parsing certification requests from
subscribers
- Anything else which parses ASN.1 elliptic curve parameters
Also any other applications that use the BN_mod_sqrt() where the
attacker
can control the parameter values are vulnerable to this DoS issue.
In the OpenSSL 1.0.2 version the public key is not parsed during initial
parsing of the certificate which makes it slightly harder to trigger
the infinite loop. However any operation which requires the public key
from the certificate will trigger the infinite loop. In particular the
attacker can use a self-signed certificate to trigger the loop during
verification of the certificate signature.
This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was
addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022.
OpenSSL 1.0.2 users should upgrade to 1.0.2zd (premium support customers
only)
OpenSSL 1.1.1 users should upgrade to 1.1.1n
OpenSSL 3.0 users should upgrade to 3.0.2
This issue was reported to OpenSSL on the 24th February 2022 by Tavis
Ormandy
from Google. The fix was developed by David Benjamin from Google and
Tomáš Mráz
from OpenSSL.
Note
====
OpenSSL 1.0.2 is out of support and no longer receiving public updates.
Extended
support is available for premium support customers:
https://www.openssl.org/support/contracts.html
OpenSSL 1.1.0 is out of support and no longer receiving updates of any
kind.
It is affected by the issue.
Users of these versions should upgrade to OpenSSL 3.0 or 1.1.1.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20220315.txt
Note: the online version of the advisory may be updated with additional
details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 11 Mar 2022 14:43:11 +0000 (14:43 +0000)]
firewall: Make blocking all traffic impossible on HOSTILE
The current setup can fail and block all traffic on RED if the RETURN
rules could not be created.
This can happen when the kernel fails to load the ipset module, as it is
the case after upgrading to a new kernel. Restarting the firewall will
cause that the system is being cut off the internet.
This design now changes that if those rules cannot be created, the
DROP_HOSTILE feature is just inactive, but it would not disrupt any
traffic.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 11 Mar 2022 14:43:11 +0000 (14:43 +0000)]
firewall: Make blocking all traffic impossible on HOSTILE
The current setup can fail and block all traffic on RED if the RETURN
rules could not be created.
This can happen when the kernel fails to load the ipset module, as it is
the case after upgrading to a new kernel. Restarting the firewall will
cause that the system is being cut off the internet.
This design now changes that if those rules cannot be created, the
DROP_HOSTILE feature is just inactive, but it would not disrupt any
traffic.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 11 Mar 2022 14:43:38 +0000 (14:43 +0000)]
make.sh: Build acl/attr earlier for coreutils to link against
dracut requires the cp command to be compiled with support for extended
attributes (xattr) which we didn't have due to the required libraries
not being available to coreutils at build time.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 11 Mar 2022 14:43:37 +0000 (14:43 +0000)]
dracut: Update to 056
This one was desperately in need of an upgrade, as dracut 038 was
released 8 YEARS ago. Hence, the changelog since is way too long to
include it here; refer to https://git.kernel.org/pub/scm/boot/dracut/dracut.git/tree/NEWS.md
for details.
See also: #12773
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
ReiserFS is an old file system which has not been actively maintained in
the Linux kernel for a long time. It is potentially going to be removed
soon which is why we shouldn't encourage people to create new
installations with ReiserFS any more.
This patch removes support for ReiserFS from the installer.
We should keep it enabled in the kernel for as long as it is available,
but we will have to encourage users potentially to re-install on a
different file system.
Since ReiserFS isn't very popular any more, I don't think that there
will be many users left.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 3 Mar 2022 11:40:31 +0000 (12:40 +0100)]
pango: Update to version 1.50.4
- Update from 1.50.0 to 1.50.4
- Update of rootfile
- Changelog
Overview of changes in 1.50.4, 09-02-2022
* Tweak synthetic space sizes
* itemize: Try harder to avoid NULL fonts
* docs: Some additions
* Pass synthetic slant to harfbuzz
* Make sloped carets work with uneven scales
* Fix serialiation on arm
* Avoid an uninitialized variable warning
* Reinstate previous behavior of pango_attr_list_splice
* Deprecated pango_coverage_ref/unref
* Fix serialization on non-glibc systems
* Fix allow-breaks handling
Overview of changes in 1.50.3, 21-12-2021
* pango-view: Add --serialize-to option for easy bug reporting
* Revert a transformation change that broke metrics for vertical text
* Handle fonts without space glyph (such as icon fonts) better
* Fix some corner cases of line width accounting
* Fix line height with emulated Small Caps
Overview of changes in 1.50.2, 16-12-2021
* Fix a problem with font fallback for Arabic
* Fix handling of fonts without a space glyph
* Various documentation improvements
* Fix build issues
Overview of changes in 1.50.1, 10-12-2021
* Fix a crash in tab handling
* Fix tab positioning without line wrapping
* Fix an assertion failure found by fuzzing
* Make underlines work again for broken fonts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 3 Mar 2022 11:40:18 +0000 (12:40 +0100)]
hplip: Update to version 3.22.2
- Update from 3.21.6 to 3.22.2
- Update of rootfile
- Changelog
HPLIP 3.22.2 - This release has the following changes:
Added support for following new Distro's:
Elementary OS 6.1
RHEL 8.5
Linux Mint 20.3
Added support for the following new Printers:
HP LaserJet Tank MFP 1602a
HP LaserJet Tank MFP 1602w
HP LaserJet Tank MFP 1604w
HP LaserJet Tank MFP 2602dn
HP LaserJet Tank MFP 2602sdn
HP LaserJet Tank MFP 2602sdw
HP LaserJet Tank MFP 2602dw
HP LaserJet Tank MFP 2604dw
HP LaserJet Tank MFP 2604sdw
HP LaserJet Tank MFP 2603dw
HP LaserJet Tank MFP 2603sdw
HP LaserJet Tank MFP 2605sdw
HP LaserJet Tank MFP 2606dn
HP LaserJet Tank MFP 2606sdn
HP LaserJet Tank MFP 2606sdw
HP LaserJet Tank MFP 2606dw
HP LaserJet Tank MFP 2606dc
HP LaserJet Tank MFP 1005
HP LaserJet Tank MFP 1005w
HP LaserJet Tank MFP 1005nw
HP LaserJet Tank 1502a
HP LaserJet Tank 1502w
HP LaserJet Tank 1504w
HP LaserJet Tank 2502dw
HP LaserJet Tank 2502dn
HP LaserJet Tank 2504dw
HP LaserJet Tank 2503dw
HP LaserJet Tank 2506dw
HP LaserJet Tank 2506d
HP LaserJet Tank 2506dn
HP LaserJet Tank 1020
HP LaserJet Tank 1020w
HP LaserJet Tank 1020nw
HPLIP 3.21.12- This release has the following changes:
Added support for following new Distro's:
MX Linux 21
Elementary OS 6
Fedora 35
HPLIP 3.21.10 - This release has the following changes:
Added support for following new Distro's:
Ubuntu 21.10
Debian 11
Zorin 15
Zorin 16
Added support for the following new Printers:
HP ENVY Inspire 7200e series
HP ENVY Inspire 7900e series
HP LaserJet MFP M140a
HP LaserJet MFP M139a
HP LaserJet MFP M141a
HP LaserJet MFP M142a
HP LaserJet MFP M140w
HP LaserJet MFP M140we
HP LaserJet MFP M139w
HP LaserJet MFP M139we
HP LaserJet MFP M141w
HP LaserJet MFP M141we
HP LaserJet MFP M142we
HP LaserJet MFP M142w
HP LaserJet M109a
HP LaserJet M110a
HP LaserJet M111a
HP LaserJet M112a
HP LaserJet M109w
HP LaserJet M109we
HP LaserJet M110w
HP LaserJet M110we
HP LaserJet M111w
HP LaserJet M111we
HP LaserJet M112we
HP LaserJet M112w
HP DesignJet Z6 Pro 64in
HP DesignJet Z9 Pro 64in
HP PageWide XL Pro 5200 PS MFP series
HP PageWide XL Pro 8200 PS MFP series
HP PageWide XL 3920 MFP
HP PageWide XL 4200 Printer
HP PageWide XL 4200 Multifunction Printer
HP PageWide XL 4700 Printer
HP PageWide XL 4700 Multifunction Printer
HP PageWide XL 5200 Printer
HP PageWide XL 5200 Multifunction Printer
HP PageWide XL 8200 Printer
HPLIP 3.21.8 - This release has the following changes:
Added support for following new Distro's:
Linux Mint 20.2
RHEL 8.4
Manjaro 21.0.7
Added support for the following new Printers:
HP Smart Tank 500 series
HP Smart Tank 530 series
HP Smart Tank Plus 570 series
HP Smart Tank 7600
HP Smart Tank 750
HP Smart Tank 790
HP Smart Tank Plus 710-720
HP Smart Tank Plus 7000
HP Smart Tank Plus 660-670
HP Smart Tank Plus 6000
HP DeskJet Ink Advantage Ultra 4800 All-in-One Printer series
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 3 Mar 2022 11:40:01 +0000 (12:40 +0100)]
aws-cli: Update to version 1.22.64
- Update from 1.18.188 to 1.22.64
- Update of rootfile
- Ran aws in shell and got help response so it is working in principle
- Changelog is too large, with nearly 1700 lines, to include here as there appears to be
a new release nearly every day. so there are a huge number of releases between 1.18.188
from Dec 2nd 2020 to 1.22.64 from Feb 28 2022. It appears that only at weekends no
releases are done. Full changelog can be viewed at
https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 28 Feb 2022 21:10:42 +0000 (22:10 +0100)]
ntfs-3g: Update to version 2021.8.22
- Update from 2017.3.23 to 2021.8.22
- Update of rootfile
- Added link to mkfs.ntfs in lfs to provide the binary in sbin as the new package places it
in usr/sbin
- Ran find-dependencies and no problems flagged up.
- Changelog
Stable Version 2021.8.22 (August 30, 2021)
Fixed compile error when building with libfuse < 2.8.0
Fixed obsolete macros in configure.ac
Signalled support of UTIME_OMIT to external libfuse2
Fixed an improper macro usage in ntfscp.c
Updated the repository change in the README
Fixed vulnerability threats caused by maliciously tampered NTFS partitions
Stable Version 2017.3.23AR.6 (February 1, 2021)
Used kernel cacheing on read-only mounts or with lowntfs-3g
Avoided information leak when processing garbled compressed data
Defined option posix_nlink to compute a Posix compliant st_nlink
Recovered space when an index root is shortened
Replaced ENODATA with ENOATTR in xattrs functions for macOS
Added support for 'position' argument in macOS xattr functions
Changed default xattr access method to 'openxattr' for macOS builds
Allowed redefining the target location of the ntfsprogs tools
Fixed updating the allocated size when attribute lies in an extent
Enabled actions on directories in reparse plugins
Inserted the reparse tag in the bad reparse symlink
Supported use of WSL special files
Dropped rejecting having both EA and reparse data
Enabled Creating special files the same way as WSL
Checked the locations of MFT and MFTMirr at startup
Stable Version 2017.3.23AR.5 (April 1, 2020)
Processed the request argument of ioctl() as unsigned
Accepted alternative recording of cluster size
Fixed a poorly sized string in ntfsinfo
Fixed ntfsfallocate on a void file
Decoded execlink reparse points
Fixed object type returned in readdir() for reparse points
Exported the translations of Windows paths to current ones
Stable Version 2017.3.23AR.4 (March 1, 2019)
Fixed reporting an error when failed to build the mountpoint
Reverted accessing reparse directory through internal plugins
Cleaned object ids beyond the updated part
Fixed reacting to missing plugin
Returned a low level error when an ioctl fails
Truncated SSD trimming zones to granularity supported by the device
Stable Version 2017.3.23AR.3 (September 1, 2018)
Made sure log file buffers are properly aligned
Made reparse directories visible through internal plugins
Added an option to ntfscp to copy the modification time
Renamed undeleted files to avoid overwriting existing ones
Extended the allowed cluster size to 2MB
Allocated full clusters for reading and rescuing in ntfsclone
Prevented locally defined headers from interfering with ntfs-3g ones
Attempted mounting read-only after failed permission to read-write
Fixed collecting the label argument in mkntfs
Stable Version 2017.3.23AR.2 (March 1, 2018)
Made sure log file buffers are properly aligned
Checked log file blocks more recent than temporary ones
Processed redo log actions associated to undoing a CompensationlogRecord
Allowed setting a file object id without defining its birth ids
Documented read-only mount when Windows is hibernated
Stopped checking matches of MFTMirr against MFT at record 16
Filtered out reparse flags for selecting plugins
Delayed updating the MFT runlist when resizing in read-only mode
Double-checked whether record 15 is an extent of MFT
Checked whether the device to mount was forced read-only
Stable Version 2017.3.23AR.1 (October 1, 2017)
Bypassed cluster allocation errors using --ignore-fs-check in ntfsclone
Upgraded ntfsrecover to support log files for Windows 10
Fixed the computation of highest_vcn when applying a runlist fixup
Fixed updating the vcn of subtree in ntfsrecover
Relaxed checks on security descriptors
Enabled directory operations in plugins
Decoded more reparse tags in ntfsinfo
Logged falling back to mounting read-only
Fixed compiling on MacOSX (Erik Larsson)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 28 Feb 2022 21:10:29 +0000 (22:10 +0100)]
libdnet: Update to version 1.14
- Update from 1.11 (2005) to 1.14 (2020)
- Update of rootfile
- find-dependencies run and no problems flagged
- Package was originally provided by Dug Song in source forge and with a github repository
No response was received from Dug Song to requests for updates and fixes so Oliver Falk
forked the repository and has been working on it and now the Dug Song repository is no
longer present and the old repoistory url redirects to the new ofalk repository
https://github.com/ofalk/libdnet
- Issues raised in this new repository are being actively responded to
- Changelog comment is
Finally release 1.14 with latest fixes included.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 28 Feb 2022 21:09:56 +0000 (22:09 +0100)]
harfbuzz: Update to version 3.4.0
- Update from 3.1.2 to 3.4.0
- Update of rootfile
- Changelog
3.4.0
Perform sanity checks on shaping results is now part of “harfbuzz” library and can be enabled by setting the buffer flag HB_BUFFER_FLAG_VERIFY. (Behdad Esfahbod)
Arabic Mark Transient Reordering Algorithm have been updated to revision 6. (Khaled Hosny)
ISO 15924 code for mathematical notation, ‘Zmth’, now maps to the OpenType ‘math’ tag. (Alexis King)
It is now possible to get at once all math kerning values for a given glyph at a given corner. (Alexis King)
Fix locale_t portability issues on systems the typedef’s it to a void pointer. (Behdad Esfahbod)
New API:
+HB_BUFFER_FLAG_VERIFY
+HB_OT_TAG_MATH_SCRIPT
+HB_SCRIPT_MATH
+hb_ot_math_kern_entry_t
+hb_ot_math_get_glyph_kernings
Deprecated API
+HB_OT_MATH_SCRIPT
3.3.2
Revert splitting of pair positioning values introduced in 3.3.0 as it proved problematic. (Behdad Esfahbod)
3.3.1
Fix heap-use-after-free in harfbuzz-subset introduced in previous release. (Garret Rieger)
3.3.0
Improved documentation. (Matthias Clasen)
Internal code cleanup, using C++ standard library more. (Behdad Esfahbod)
The low 16-bits of face index will be used by hb_face_create() to select a face inside a font collection file format, while the high 16-bits will be used by hb_font_create() to load the named instance. (Behdad Esfahbod)
Glyph positions and other font metrics now apply synthetic slant set by hb_font_set_synthetic_slant(), for improved positioning for synthetically slanted fonts. (Behdad Esfahbod)
Fixed unintentional locale dependency in hb_variation_to_string() for decimal point representation. (Matthias Clasen)
When applying pair positioning (kerning) the positioning value is split between the two sides of the pair for improved cursor positioning between such pairs. (Behdad Esfahbod)
Introduced new HB_GLYPH_FLAG_UNSAFE_TO_CONCAT, to be used in conjunction with HB_GLYPH_FLAG_UNSAFE_TO_BREAK for optimizing re-shaping during line breaking. Check the documentation for further details. (Behdad Esfahbod)
Improved handling of macrolanguages when mapping BCP 47 codes to OpenType tags. (David Corbett)
New API:
+HB_GLYPH_FLAG_UNSAFE_TO_CONCAT
+hb_segment_properties_overlay()
+hb_buffer_create_similar()
+hb_font_set_synthetic_slant()
+hb_font_get_synthetic_slant()
+hb_font_get_var_coords_design()
3.2.0
harfbuzz library improvements:
Fixed shaping of Apple Color Emoji flags in right-to-left context. (Behdad Esfahbod)
Fixed positioning of CFF fonts in HB_TINY profile. (Behdad Esfahbod)
OpenType 1.9 language tags update. (David Corbett)
Add HB_NO_VERTICAL config option. (Behdad Esfahbod)
Add HB_CONFIG_OVERRIDE_H for easier configuration. (Behdad Esfahbod)
harfbuzz-subset library improvements:
Improved packing of cmap, loca, and Ligature tables. (Garret Rieger)
Significantly improved overflow-resolution strategy in the repacker. (Garret Rieger)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 27 Feb 2022 13:53:17 +0000 (14:53 +0100)]
wireless-regdb: Update to version 2022.02.18
- Update from 2020.11.20 to 2022.02.18
- Update of rootfile not required
- Changelog
There is no changelog provided for this file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3370200 to 3380000
- Update of rootfile not required
- Changelog
SQLite Release 3.38.0 On 2022-02-22
Added the -> and ->> operators for easier processing of JSON. The new operators are
compatible with MySQL and PostgreSQL.
The JSON functions are now built-ins. It is no longer necessary to use the
-DSQLITE_ENABLE_JSON1 compile-time option to enable JSON support. JSON is on by
default. Disable the JSON interface using the new -DSQLITE_OMIT_JSON compile-time
option.
Enhancements to date and time functions:
Added the unixepoch() function.
Added the auto modifier and the julianday modifier.
Rename the printf() SQL function to format() for better compatibility. The original
printf() name is retained as an alias for backwards compatibility.
Added the sqlite3_error_offset() interface, which can sometimes help to localize an
SQL error to a specific character in the input SQL text, so that applications can
provide better error messages.
Enhanced the interface to virtual tables as follows:
Added the sqlite3_vtab_distinct() interface.
Added the sqlite3_vtab_rhs_value() interface.
Added new operator types SQLITE_INDEX_CONSTRAINT_LIMIT and
SQLITE_INDEX_CONSTRAINT_OFFSET.
Added the sqlite3_vtab_in() interface (and related) to enable a virtual table to
process IN operator constraints all at once, rather than processing each value of
the right-hand side of the IN operator separately.
CLI enhancements:
Columnar output modes are enhanced to correctly handle tabs and newlines embedded
in text.
Added options like "--wrap N", "--wordwrap on", and "--quote" to the columnar
output modes.
Added the .mode qbox alias.
The .import command automatically disambiguates column names.
Use the new sqlite3_error_offset() interface to provide better error messages.
Query planner enhancements:
Use a Bloom filter to speed up large analytic queries.
Use a balanced merge tree to evaluate UNION or UNION ALL compound SELECT
statements that have an ORDER BY clause.
The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema
table that do not parse when PRAGMA writable_schema=ON.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>