Adolf Belka [Sat, 30 Mar 2024 08:14:58 +0000 (09:14 +0100)]
xz: Revert back to version 5.4.5 due to backdoor issue
- xz version 5.6.0 and 5.6.1 discovered to have been backdoored by what looks to have
been one of the xz devs.
- IPFire looks not to be affected by the problem as we don't patch openssh to be linked
with liblzma
- However due to question marks about what else might be in these 5.6.x versions it is
better to revert back to a version that did not have the build-to-host.m4 file with the
code that modifies the build if it meets certain criteria.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 25 Mar 2024 17:44:56 +0000 (18:44 +0100)]
CU185-update.sh: Add drop hostile in & out logging entries if not already present
- This v2 patch corrects that the previous script was looking for =on. If a user had
modified the preferences to change it to =off then the script would have resulted in
both =on and =off versions being in the settings file.
- This patch ensures that those people who updated to CU184 before the CU184-update.sh
patch fix to add the logging entries was added will get their optionsfw settings file
correctly updated with CU185
- This only adds the LOGDROPHOSTILEIN & LOGDROPHOSTILEOUT entries if they do not already
exist in the optionsfw settings file.
- This change also does the check for LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT as two
separate checks and then runs the firewall update command
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 24 Mar 2024 12:39:53 +0000 (13:39 +0100)]
grub-btrfs: New package
This kind of grub addon will extend the grub boot menu by a additional
submenu where a BTRFS snapshot can be selected to directly use as root
volume and boot into it.
The grub-btrfsd daemon is using inotify(tools) to watch the snapshot directory for
new or deleted snapshots and calls grub-mkconfig to adjust the snapshot grub submenu
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Sun, 24 Mar 2024 12:37:35 +0000 (13:37 +0100)]
installer: Pass choosen filesystem to hw_make_destination
This is required to proper choose if a seperate boot partition should be
created or must not created (BTRFS)
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Sat, 23 Mar 2024 10:56:21 +0000 (11:56 +0100)]
installer: Ensure to always create the /boot directory.
Ensure to always create the /boot directory during the mounting
of the various created file systems. If the /boot directory does not
exist some following mount operations could not be performed correctly
and the installation/mounting will fail.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 25 Mar 2024 13:41:38 +0000 (14:41 +0100)]
shadow: Update login.defs to remove reference to cracklib
- From shadow-15.0.0 all references to cracklib were removed from shadow. Apparently
some functions were no longer accessible and the shadow team decided to remove cracklib
references completely. This was not mentioned in the changelkog for 15.0.0
- This resulkts in gettinbg the message configuration error - unknown item
'CRACKKLIB_DICTPATH' ( notify administrator ) when logging in to the console.
- The login to the console occurs successfully so the message is only a warning that
cracklib is no longer used.
- IPfire does not use cracklkib anyway so this patch removes the section referring to
cracklib from the login.defs configuration file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Mar 2024 14:43:27 +0000 (15:43 +0100)]
CU185-update.sh: Add drop hostile in & out logging entries if not already present
- This patch ensures that those people who updated to CU184 before the CU184-update.sh
patch fix to add the logging entries was added will get their optionsfw settings file
correctly updated with CU185
- This only adds the LOGDROPHOSTILEIN & LOGDROPHOSTILEOUT entries if they do noit already
exist in the optionsfw settings file.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 18 Mar 2024 18:43:14 +0000 (19:43 +0100)]
wsdd: Update install and uninstall pak files
- As wsdd is now started by samba when it is started then the wsdd install and uninstall
paks no longer need to create the symlinks for starting and stopping wsdd and no longer
need the start_service and stop_service commands in the paks.
Fixes: bug#13445 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 18 Mar 2024 18:43:13 +0000 (19:43 +0100)]
wsdd: Update of lfs file - fixes bug#13445
- Removal of services line as wsdd will now be started by the samba option in the addon
services wui page
- Removal of installing separate wsdd initscript as it is nowe integrated into the samba
initscript.
Fixes: bug#13445 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 18 Mar 2024 18:43:12 +0000 (19:43 +0100)]
wsdd: remove wsdd initscript as now covered by samba - fixes bug#13445
Fixes: bug#13445 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 18 Mar 2024 18:43:11 +0000 (19:43 +0100)]
samba: Integrate wsdd initscript into samba initscript - bug#13445
- This integrates the wsdd initscript functions into the samba initscript. When samba is
started or stopped or the status requested then wsdd is part of that process.
- Tested in my vm testbed and confirmed to work for start, stop and status. Confirmed
pid's shown with status command are in the appropriate pid files.
Fixes: bug#13445 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 15 Mar 2024 12:38:06 +0000 (13:38 +0100)]
ppp: Update to include bug fixes that should be in 2.5.1 but not yet released
- Update from version 2.5.0 to commit e1266c7
- Update of rootfile
- When ppp-2.5.0 was released it had a bug bin it that the lock and run directories
had non standard defaults but also that if the directory did not exist ppp just
ignored it and continued to start but would then have error messages in the logs about
not being able to cretae the lock file
- This issue was raised in the ppp github issues and a set of patches merged into ppp.
- The plan was written in Nov 2023 that this would be released as 2.5.1, however nearly
three months later there is no sight of 2.5.1 being released and people continue to
flag up the lock directory issues and have to apply a workaround to create the directory
in local.rc
- This patch has taken the zip source tarball of master at the commit e1266c7. The zip
tarball was then extracted and then tar'd back up as a tar.gz file with the version set
at e1266c7 rather than master. I could not find any other way to get a source tarball\
created at a certain commit stage.
- The patch ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch had to be updated due to some
changes in the source files.
- The patch ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch
was removed as the changes are now built into the source tarball.
- This will need to be tested thoroughly by people with ppp to confirm that the lock
directory is created if it doesn't exist on the system. I can't test that as I have
no access to a ppp connection system.
- For a view of the changelog between 2.5.0 and e1266c7 the github commits list needs to
be reviewed. https://github.com/ppp-project/ppp/commits/master/?before=e1266c76d1ad39f98f11676e34f180f78c5a510c+35
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 16 Mar 2024 09:32:54 +0000 (10:32 +0100)]
CU184-update.sh: Add drop hostile in & out logging entries
- My drop hostile patch set updated the WUI entries to include in and out logging options
but the values need to be added to the optionsfw entries for existing systems being
upgraded.
- After the existing CU184 update the LOGDROPHOSTILEIN and LOGDROPHO)STILEOUT entries
are not in the settings file which trewats them as being set to off, even though they
are enabled in the WUI update.
- This patch adds the LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries into the settings
file and then runs the firewallctrl command to apply to the firewall.
- Ran a CU184 update on a CU183 vm system and then ran the comands added into the update.sh
script and then did a reboot. Entries include and DROP_HOSTILE entries start to be
logged again.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jon Murphy [Mon, 11 Mar 2024 23:45:00 +0000 (18:45 -0500)]
time.cgi: add current date-time to this WebGUI page
- added words and date-time format to english (en.pl)
- other languages are needed
- seconds included since time is accurate to < .1s
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=2234e8aacac2e0d0b06dac4513585c15c2b3b440
Code-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Signed-off-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 16:52:08 +0000 (17:52 +0100)]
expat: Update to version 2.6.2
- Update from version 2.6.1 to 2.6.2
- Update of rootfile
- Changelog
2.6.2
Security fixes:
#839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with
isolated use of external parsers. Please see the commit
message of commit 1d50b80cf31de87750103656f6eb693746854aa8
for details.
Bug fixes:
#839 #841 Reject direct parameter entity recursion
and avoid the related undefined behavior
Other changes:
#847 Autotools: Fix build for DOCBOOK_TO_MAN containing spaces
#837 Add missing #821 and #824 to 2.6.1 change log
#838 #843 Version info bumped from 10:1:9 (libexpat*.so.1.9.1)
to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/
for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 13:32:58 +0000 (14:32 +0100)]
xz: Update to version 5.6.1
- Update from version 5.6.0 to 5.6.1
- Update of rootfile
- Changelog
5.6.1
* liblzma: Fixed two bugs relating to GNU indirect function (IFUNC)
with GCC. The more serious bug caused a program linked with
liblzma to crash on start up if the flag -fprofile-generate was
used to build liblzma. The second bug caused liblzma to falsely
report an invalid write to Valgrind when loading liblzma.
* xz: Changed the messages for thread reduction due to memory
constraints to only appear under the highest verbosity level.
* Build:
- Fixed a build issue when the header file <linux/landlock.h>
was present on the system but the Landlock system calls were
not defined in <sys/syscall.h>.
- The CMake build now warns and disables NLS if both gettext
tools and pre-created .gmo files are missing. Previously,
this caused the CMake build to fail.
* Minor improvements to man pages.
* Minor improvements to tests.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 13:32:57 +0000 (14:32 +0100)]
wget: Update to version 1.24.5
- Update from version 1.21.4 to 1.24.5
- Update of rootfile not required
- Changelog
1.24.5
** Fix how subdomain matches are checked for HSTS.
Fixes a minor issue where cookies may be leaked to the wrong domain
** Wget will now also parse the srcset attribute in <source> HTML tags
** Support reading fetchmail style "user" and "passwd" fields from netrc
** In some cases, prevent the confusing "Cannot write to... (success)" error messages
** Support extremely fast download speeds (TB/s).
Previously this would cause Wget to crash when printing the speed
** Improve portability on OpenBSD to run the test suite
** Ensure that CSS URLs are corectly quoted (Bug: 64082)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3450100 to 3450200
- Update of rootfile not required
- Changelog 3450200 (3.45.2)
Fix an error in UPSERT, introduced by enhancement 3a in version 3.35.0
(2021-03-12), that could cause an index to get out-of-sync with its table. Forum
thread 919c6579c8.
Reduce the scope of the NOT NULL strength reduction optimization that was added as
item 8e in version 3.35.0 (2021-03-12). The optimization was being attempted in
some contexts where it did not work, resulting in incorrect query results. Forum
thread 440f2a2f17.
Other trifling corrections and compiler warning fixes that have come up since the
previous patch release.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 13:32:56 +0000 (14:32 +0100)]
tcl: Update to version 8.6.14
- Update from version 8.6.13 to 8.6.14
- Update of rootfile
- Changelog
8.6.14
This is a patch release, so it primarily includes bug fixes and corrections
to erratic behavior. Highlighted changes are noted below. The changes file
at the root of the source tree contains a more complete list. The Timelines
of all changes are online.
http://core.tcl-lang.org/tcl/timeline
http://core.tcl-lang.org/tk/timeline
* [TIP 402] revise path normalization for x-platform UNC path support
*** POTENTIAL INCOMPATIBILITY ***
* Harmonize Tk's parse of numbers (screen distance, etc) with Tcl
*** POTENTIAL INCOMPATIBILITY ***
* Iconlist ignores options db for fg text color; affects dialogs
*** POTENTIAL INCOMPATIBILITY ***
* Aqua: XPutImage() swaps red and blue channels
*** POTENTIAL INCOMPATIBILITY ***
* [encoding convertfrom] handling of incomplete code sequences
*** POTENTIAL INCOMPATIBILITY ***
* Harmonize handling of ~ in paths across platforms.
*** POTENTIAL INCOMPATIBILITY ***
* Fix menu clone binding misbehavior, menu-20.1[2-6].
*** POTENTIAL INCOMPATIBILITY ***
* Improved performance of [exec] and [open |$cmd] on unix-lke
systems, especially with large memory footprints.
* Improve performance of large treeview destruction.
* Improve performance of large image insertions into text.
* Improve widget creation performance due to poor font caching.
* Fix notebook tab appearances when placed on edge other than top.
* Enable treeview display of partial final line.
* Win: restore [exec %var%] that was dropped in 8.6.13.
* Allow [chan create {} $cmd]. Enables simulation of server channels.
* Allow return from [tk scaling] in safe interps.
* Prevent navigation by word exposing clues to masked entry contents.
* Fix crashes or hangs in...
- [chan pop] with pending input
- thread finalization of reflected channels
- [label .l -bitmap floppy]
- [set tcl_precision 15; expr 6.4623485355705287e-27]
- [tk busy forget] and [tk busy hold]
- channel read into "string" Tcl_Obj can BO, and perform poorly
- KVO crash after destroying Aqua's first root toplevel
- Test treeview-6ee162c3f9
- Test tailcall-bug-784befb0ba
- Tests menu-40.[12]
* Repair memory leaks and errors
- Eliminate undefined realloc() calls
- Silence many warnings from -fsanitize=function
- Flawed interfacing with XIM
- Tcl_UtfToExternal writing to one-byte buffer
- Tcl_UtfToUniChar() handling of 0xC1.
- Tk_ConfigureValue could call wrong free() routine.
- tests getuncichar-1.* in utf.test
- ...and many more
* No more support for 32-bit Cygwin
* ::tcl_platform(osVersion) updated to report Windows 11
* Accommodate macOS deprecation of sprintf()
* Silence macOS 14 warnings about secure restorable state.
* Code changes to support ASan use-after-return detection
* Revise Tcl_MakeFileChannel() to better partner with pledge()
* Prevent false [clock format] error reports on FreeBSD
* Region clip & copy make better use of OS facilities.
* Update handling of Apple FourCC creator codes.
* Text selection omits first character, text-38.1
* Windows: improved support of non-BMP pathnames
* Fixed some Y2038 limitations
* Fix photo color drawing on X11 32-bit visuals.
* Fix <<MenuSelect>> regression on menus with -tearoff
* Correct rounding of [nsFont pointSize].
* zlib comment/filename error handling (zlib-8.19, zlib-8.2[012])
* Prevent theme change attempts after Tk finalize.
* Make dialogs robust against parent destruction.
* Make [tk_chooseColor] robust against failed grab.
* Fix menu parsing of @x,y indices. menu-22.[6-9]
* Fix inconsistent results from [font measure].
* Fixed [clock scan|add] handling of abbreviated options
* Avoid endless loops replacing [unknown] or [history].
* Fix polluted error messages from [send -option].
* PNG photo image decoder missed a 0xFF entry.
* Fix failing winTime-2.1 on Windows
* test string-2.20.1 failed on big endian platforms
* Updated bundled packages, libraries, standards, data
- Itcl 4.2.4
- sqlite3 3.44.2
- Thread 2.8.9
- TDBC* 1.1.7
- tcltest 2.5.7
- libtommath 1.2.1
- zlib 1.3.1
- Unicode 15.1
- tzdata 2024a
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 13:32:54 +0000 (14:32 +0100)]
shadow: Update to version 4.15.0
- Update from 4.14.5 to 4.15.0
- Update of rootfile not required
- Changelog
4.15.0
libshadow:
Fix build error (parameter name omitted).
Build system:
Link correctly with libdl.
Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
Merge libshadow and libmisc into a single libshadow. This fixes
problems in the linker, which were reported at least in Gentoo.
Fix build with musl libc.
Support out of tree builds
useradd(8):
Set proper SELinux labels for def_usrtemplate
4.14.6
login(1):
Fix off-by-one bugs.
passwd(1):
Don't silently truncate passwords of length >= 200 characters.
Instead, accept a length of PASS_MAX, and reject longer ones.
libshadow:
Fix calculation in strtoday(), which caused a wrong half-day
offset in some cases.
Fix parsing of dates in get_date().
Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 13:32:53 +0000 (14:32 +0100)]
sdl2: Update to version 2.30.1
- Update from version 2.28.5 to 2.30.1
- Update of rootfile
- Changelog
2.30.1
Fixed a regression causing SDL_WaitEvent() to return spurious failures
Fixed X11 cursors on the latest release of GNOME
Wayland windows automatically have OpenGL enabled again
Fixed memory corruption when converting signed 16-bit audio to float
Fixed audio artifacts when converting signed 8-bit audio to float
Fixed the clip rectangle not being updated when the viewport changes in the SDL renderer
Convert mouse wheel coordinates to the rendering view in the SDL renderer
Fixed a crash handling controllers on macOS
Fixed a crash setting a window fullscreen with Emscripten
Fixed the keyboard automatically popping up when resuming an application on Android
2.30.0
In addition to lots of bug fixes, here are the major changes in this release:
General:
Added support for 2 bits-per-pixel indexed surface formats
Added the function SDL_GameControllerGetSteamHandle() to get the Steam API handle for a controller, if available
Added the event SDL_CONTROLLERSTEAMHANDLEUPDATED which is sent when the Steam API handle for a controller changes. This could also change the name, VID, and PID of the controller.
Added the environment variable SDL_LOGGING to control default log output
macOS:
Added the hint SDL_HINT_JOYSTICK_IOKIT to control whether the IOKit controller driver should be used
Added the hint SDL_HINT_JOYSTICK_MFI to control whether the GCController controller driver should be used
Added the hint SDL_HINT_RENDER_METAL_PREFER_LOW_POWER_DEVICE to choose whether high or low power GPU should be used for rendering, in the case where there are multiple GPUs available
Xbox:
Added the function SDL_GDKGetDefaultUser()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 13:32:52 +0000 (14:32 +0100)]
poppler: Update to version 24.03.0
- Update from version 24.01.0 to 24.03.0
- Update of rootfile
- find-dependencies run due to sobump. No issues found
- Changelog
24.03.0:
core:
* Fix opening some malformed files. Issue #1447
* Skip drawing image when it has singular matrix. Issue #1114
* Fix crash on malformed files
* Small internal code cleanup
utils:
* pdfdetach: Fix potential directory traversal
* pdfimages: Enable to print filenames to stdout.
* pdfsig: Add visible name/date when signing an existing form signature field
24.02.0:
core:
* Fix reading some JBIG2 streams. Issue #1319
* Fix saving some annotation interior color when it's empty
* Make searching for fonts when adding annotations a bit faster
* Make sure images are compressed when adding them
* Small internal code cleanup
utils:
* pdfimages: return exit code 2 when error opening output files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 13:32:51 +0000 (14:32 +0100)]
opus: Update to version 1.5.1
- Update from version 1.4 to 1.5.1
- Update of rootfile
- Changelog
1.5.1
Opus 1.5.1 fixes the meson build that was broken in 1.5.
1.5
Opus 1.5 is the first release to make extended use of ML in the encoder and
decoder. You can read all the details in the release demo page. In summary, major
changes since 1.4 include:
Significant improvement to packet loss robustness using Deep Redundancy (DRED)
Improved packet loss concealment through Deep PLC
Low-bitrate speech quality enhancement down to 6 kb/s wideband
Improved x86 (AVX2) and Arm (Neon) optimizations
Support for 4th and 5th order ambisonics
In addition to the improvements above, this release includes many minor bug fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 13:32:50 +0000 (14:32 +0100)]
meson: Update to version 1.4.0
- Update from version 1.3.1 to 1.4.0
- Update of rootfile
- Changelog is available on meson website https://mesonbuild.com/Release-notes-for-1-4-0.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Mar 2024 13:32:49 +0000 (14:32 +0100)]
iproute2: Update to version 6.8.0
- Update from version 6.7.0 to 6.8.0
- Update of rootfile
- Changelog is only available from the git commits.
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>