Michael Tremer [Fri, 4 Feb 2022 16:47:25 +0000 (16:47 +0000)]
binutils+gcc: Fix that the toolchain compiler is trying to link against host libraries
Binutils and GCC were misconfigured and used host libraries to build
toolchain programs. That resulted in that those programs were correctly
linked, but could not be executed, because the runtime linker did not
search in the host system.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Feb 2022 16:47:21 +0000 (16:47 +0000)]
gcc: toolchain stage 2: Set sysroot to /tools_${arch}
The stage 2 compiler was looking for libraries outside the bootstrapped
toolchain environment which causes that linked programs cannot be
executied because the runtime linker only looks for libraries inside the
toolchain environment.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:52:38 +0000 (22:52 +0100)]
poppler: Update to version 22.02.0
- Update from 21.11.0 to 22.02.0
- Update of rootfile
- Changelog
Release 22.02.0:
core:
* Signature: Add a way to detect unsigned FormFieldSignature
* Signature: Suport background image when using left and right text
* Signature: Fix path where to search for Firefox NSS in Windows
* Signature: Fix NSS code to work correctly in Windows/Android
* Count only signature fields in PDFDoc::getNumSignatureFields
* Minor code improvements
qt:
* Allow signing unsigned signature fields
* Allow passing a background image for the signature when signing
* Allow passing the document password when signing
* Fix leftFontSize being ignored when signing
glib:
* try with utf8 password if latin1 fails
* New method for getting all signature fields of a document
* Fix compile with MSVC
utils:
* pdfsig: Fix compile with MSVC
build system:
* Fix NSS cmake check for MSVC
Release 22.01.0:
core:
* Allow local (relative to dll) fonts dir on Windows
* TextOutputDev: require more spacing between columns. Issue #1093
* Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183
* Fix crash when calling Form::reset()
* GfxSeparationColorSpace: Check validity of colorspace and function. Issue #1184
* Minor code improvements
glib:
* Include glib.h before using defines from it
* Close file descriptors on error
* Plug some memory leaks
* Replace use of deprecated g_memdup/g_time_zone_new
* Remove FD-taking functions on windows
utils:
* pdfsig: Add support for documents with passwords
* pdfsig: Fix signing with -sign if nss password is needed
Release 21.12.0:
core:
* Add API to add images
* CairoOutputDev: Fix de-duping of Flate images
* Fix crash on broken files when using non-default ENABLE_ZLIB_UNCOMPRESS. Issue #393
* Minor code improvements
glib:
* Add API for validation of signatures
* Add API to read/save to file descriptor
utils:
* pdftohtml: Reduce sensitivity of duplicate detection. Issue #1117
build system:
* Increase C++ standard to 17
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:53:04 +0000 (22:53 +0100)]
samba: Update to version 4.15.5
- Update from 4.14.6 to 4.15.5
- Update of rootfile
- Changelog is too long to include everything. Full details can be found in the
WHATSNEW.txt file in the source tarball. The following highlights those releases
that were security releases. The other releases had a range of bug fixes.
4.15.5 is a security release and includes the following CVE fixes
o CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target
of a symlink exists.
https://www.samba.org/samba/security/CVE-2021-44141.html
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
4.15.2 was a security release and included the following CVE fixes
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
(PLEASE READ! There are important behaviour changes described)
o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
o CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
4.14.12 was a security release and included the following CVE fixes
o CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module.
https://www.samba.org/samba/security/CVE-2021-44142.html
o CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks.
https://www.samba.org/samba/security/CVE-2022-0336.html
4.14.10 was a security release and included the following CVE fixes
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/security/CVE-2020-25717.html
(PLEASE READ! There are important behaviour changes described)
o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued
by an RODC.
https://www.samba.org/samba/security/CVE-2020-25718.html
o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos
tickets.
https://www.samba.org/samba/security/CVE-2020-25719.html
o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers
(eg objectSid).
https://www.samba.org/samba/security/CVE-2020-25721.html
o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance
checking of data stored.
https://www.samba.org/samba/security/CVE-2020-25722.html
o CVE-2021-3738: Use after free in Samba AD DC RPC server.
https://www.samba.org/samba/security/CVE-2021-3738.html
o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability.
https://www.samba.org/samba/security/CVE-2021-23192.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 3 Feb 2022 21:53:25 +0000 (22:53 +0100)]
sdl2: Update to version 2.0.20
- Update from 2.0.18 to 2.0.20
- Update of rootfile
- Changelog
2.0.20:
General:
* SDL_RenderGeometryRaw() takes a pointer to SDL_Color, not int. You can cast color
data in SDL_PIXELFORMAT_RGBA32 format (SDL_PIXELFORMAT_ABGR8888 on little endian
systems) for this parameter.
* Improved accuracy of horizontal and vertical line drawing when using OpenGL or
OpenGLES
* Added the hint SDL_HINT_RENDER_LINE_METHOD to control the method of line drawing
used, to select speed, correctness, and compatibility.
Windows:
* Fixed size of custom cursors
Linux:
* Fixed hotplug controller detection, broken in 2.0.18
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 2 Feb 2022 13:09:24 +0000 (14:09 +0100)]
manualpages: Update to include addon help links for addons with menu entries
- Some addons have menu entries and currentlky these do not have any links to their
help pages
- Ran check_manualpages and confirmed that all links to wiki pages are existing.
- Tested for guardian and wio
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 28 Jan 2022 13:08:00 +0000 (14:08 +0100)]
p11-kit: Update to version 0.24.1
- Update from 0.24.0 to 0.24.1
- Update of rootfile not required
- Changelog
0.24.1 (stable)
* rpc: Support protocol version negotiation [PR#371, PR#385]
* proxy: Support copying attribute array recursively [PR#368]
* Link libp11-kit so that it cannot unload [PR#383]
* Translation improvements [PR#381]
* Build fixes [PR#372, PR#373, PR#375, PR#377, PR#384, PR#407]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 28 Jan 2022 13:07:40 +0000 (14:07 +0100)]
mdadm: Update to version 4.2
- Update from 4.1 to 4.2
- Update of rootfile not required
- Changelog is no longer updated. The package directs you to the git commits to find
the changes. https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/log/
- Announcement of update says-
The release includes more than two years of development and bugfixes,
so it is difficult to remember everything. Highlights include
enhancements and bug fixes including for IMSM RAID, Partial Parity
Log, clustered RAID support, improved testing, and gcc-9 support.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
checkrootfiles: exclude some rust paks and fix armv6l
some new rust packages contain files with x86_64 or aarch64 on
all archictectures. They are now excluded from check.
also this fix the check for armv6l.
Michael Tremer [Mon, 31 Jan 2022 13:30:20 +0000 (14:30 +0100)]
rust-pyo3: New package.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>