Michael Tremer [Thu, 19 May 2022 09:40:25 +0000 (09:40 +0000)]
cloud: Execute user-data scripts at the end of initialization
This is useful when the user-data needs to reboot an instance.
Previously, some initialization did not happen which is now being done
first before the user-data script is being executed.
This gives users more flexibility about what they are doing in those
scripts.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 11 May 2022 08:40:30 +0000 (10:40 +0200)]
xfsprogs: Update to version 5.16.0
- Update from 5.14.2 to 5.16.0
- Update of rootfile
- Changelog
5.16.0
This release is almost 100% a libxfs sync. I'm trying to catch up, and the
next release will be 5.18.0-rc0, with both 5.17 and 5.18 libxfs changes synced.
(there are very few).
At that point I'll finally start pulling in more functional changes.
xfsprogs-5.16.0 (04 May 2022)
- libxfs: remove kernel stubs from xfs_shared.h (Eric Sandeen)
- debian: Generate .gitcensus instead of .census (Bastian Germann))
xfsprogs-5.16.0-rc0 (28 Apr 2022)
- libxfs changes merged from kernel 5.16
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 10 May 2022 10:31:55 +0000 (12:31 +0200)]
lzip: Update to version 1.23
- Update from 1.22 to 1.23
- Update of rootfile not required
- Changelog
Version 1.23 released.
* Decompression time has been reduced by 5-12% depending on the file.
* main.cc (getnum): Show option name and valid range if error.
* Improve several descriptions in manual, '--help', and man page.
* lzip.texi: Change GNU Texinfo category to 'Compression'.
(Reported by Alfred M. Szmidt).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 11 May 2022 08:39:35 +0000 (10:39 +0200)]
libnetfilter_cthelper: Update to version 1.0.1
- Update from version 1.0.0 to 1.0.1
- Update of rootfile not required
- Changelog
1.0.1
* Allow build on uclinux
* Use after free in nfct_helper_free()
* Double free in nfct-helper-add example
* Invalid argument error in nftc-helper-add
* Incorrect netlink message building with multiple nfct helper policies
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 11 May 2022 08:40:02 +0000 (10:40 +0200)]
libnetfilter_cttimeout: Update to version 1.0.1
- Update from 1.0.0 to 1.0.1
- Update of rootfile not required
- Changelog
1.0.1
* Warnings with automake-1.12
* Allow building on uclinux
* Fix building with clang
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 22 May 2022 21:43:15 +0000 (23:43 +0200)]
git: Update to version 2.36.1
- Update from version 2.36.0 to 2.36.1
- Update of rootfile not required
- Changelog
Git v2.36.1 Release Notes
Fixes since v2.36
* "git submodule update" without pathspec should silently skip an
uninitialized submodule, but it started to become noisy by mistake.
* "diff-tree --stdin" has been broken for about a year, but 2.36
release broke it even worse by breaking running the command with
<pathspec>, which in turn broke "gitk" and got noticed. This has
been corrected by aligning its behaviour to that of "log".
* Regression fix for 2.36 where "git name-rev" started to sometimes
reference strings after they are freed.
* "git show <commit1> <commit2>... -- <pathspec>" lost the pathspec
when showing the second and subsequent commits, which has been
corrected.
* "git fast-export -- <pathspec>" lost the pathspec when showing the
second and subsequent commits, which has been corrected.
* "git format-patch <args> -- <pathspec>" lost the pathspec when
showing the second and subsequent commits, which has been
corrected.
* Get rid of a bogus and over-eager coccinelle rule.
* Correct choices of C compilers used in various CI jobs.
Also contains minor documentation updates and code clean-ups.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Matthias Fischer [Thu, 26 May 2022 15:25:38 +0000 (17:25 +0200)]
logrotate: Update to 3.20.1
For details since v3.18.0 see:
https://github.com/logrotate/logrotate/releases/tag/3.20.1
https://github.com/logrotate/logrotate/releases/tag/3.20.0
https://github.com/logrotate/logrotate/releases/tag/3.19.0
logrotate-3.20.1
drop world-readable permission on state file even when ACLs are enabled (#446)
logrotate-3.20.0
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
fix a misleading debug message with copytruncate and rotate 0 (#443)
add support for unsigned time_t (#438)
do not lock state file /dev/null (#433)
logrotate-3.19.0
continue on EINTR in compressLogFile() (#430)
enforce stricter parsing of configuration files (#427, #431)
avoid confusing error message in debug mode (#426)
fix full_write() on incomplete write (#415)
do not use alloca() any more (#412)
do not rotate hard links unless allowhardlink is used (#407)
change directory after dropping privileges (#397)
add defence in depth when dropping privileges (#400)
remove invalid configuration on error (#408)
do not open symbolic link log files by accident (#399)
do not write state if state file is /dev/null (#395)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 22 May 2022 21:43:28 +0000 (23:43 +0200)]
iptables: Update to version 1.8.8
- Update from version 1.8.7 to 1.8.8
- Update of rootfile
- Changelog
Version 1.8.8
extensions: libxt_conntrack: use bitops for state negation
extensions: libxt_conntrack: use bitops for status negation
xtables: Call init_extensions6() for static builds
xtables: Call init_extensions{,a,b}() for static builds
iptables-nft: fix -Z option
libxtables: exit if called by setuid executeable
iptables-nft: allow removal of empty builtin chains
extensions: tcpmss: add iptables-translate support
nft-shared: set correct register value
nft-shared: support native tcp port delinearize
nft-shared: support native tcp port range delinearize
nft-shared: support native udp port delinearize
nft: prefer native expressions instead of udp match
nft: prefer native expressions instead of tcp match
nft-shared: add tcp flag dissection
nft: add support for native tcp flag matching
tests: shell: fix bashism
nft: fix indentation error.
tests: iptables-test: correct misspelt variable
extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases
extensions: libxt_NFLOG: remove extra space when saving targets with prefixes
build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT`
extensions: libxt_NFLOG: fix typo
tests: iptables-test: rename variable
tests: add `NOMATCH` test result
tests: support explicit variant test result
tests: NFLOG: enable `--nflog-range` tests
xshared: Implement xtables lock timeout using signals
extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG
extensions: libxt_NFLOG: don't truncate log prefix on print/save
extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases
fix build for missing ETH_ALEN definition
libxtables: extend xlate infrastructure
tests: xlate-test: support multiline expectation
extensions: libxt_connlimit: add translation
extensions: libxt_tcp: rework translation to use flags match representation
extensions: libxt_conntrack: simplify translation using negation
extensions: libxt_multiport: add translation for -m multiport --ports
nft-shared: update context register for bitwise expression
nft: pass struct nft_xt_ctx to parse_meta()
nft: native mark matching support
nft: pass handle to helper functions to build netlink payload
nft: prepare for dynamic register allocation
nft: split gen_payload() to allocate register and initialize expression
configure: bump version for 1.8.8 release
ip6tables: masquerade: use fully-random so that nft can understand the rule
ebtables: Exit gracefully on invalid table names
include: Drop libipulog.h
nft: Fix bitwise expression avoidance detection
xtables-translate: Fix translation of odd netmasks
libxtables: Simplify xtables_ipmask_to_cidr() a bit
nft: cache: Sort chains on demand only
nft: Increase BATCH_PAGE_SIZE to support huge rulesets
extensions: sctp: Explain match types in man page
Eliminate inet_aton() and inet_ntoa()
nft-arp: Make use of ipv4_addr_to_string()
extensions: SECMARK: Implement revision 1
xtables: Make invflags 16bit wide
xshared: Eliminate iptables_command_state->invert
xshared: Merge invflags handling code
ebtables-translate: Use shared ebt_get_current_chain() function
Use proto_to_name() from xshared in more places
extensions: sctp: Fix nftables translation
extensions: sctp: Translate --chunk-types option
libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
extensions: libebt_ip6: Drop unused variables
libxtables: Fix memleak in xtopt_parse_hostmask()
nft: Avoid memleak in error path of nft_cmd_new()
nft: Avoid buffer size warnings copying iface names
iptables-apply: Drop unused variable
extensions: libebt_ip6: Use xtables_ip6parse_any()
libxtables: Introduce xtables_strdup() and use it everywhere
extensions: libxt_string: Avoid buffer size warning for strncpy()
doc: ebtables-nft.8: Adjust for missing atomic-options
ebtables: Dump atomic waste
nft: Fix for non-verbose check command
tests/shell: Assert non-verbose mode is silent
extensions: hashlimit: Fix tests with HZ=100
iptables-test: Make netns spawning more robust
extensions: libxt_mac: Fix for missing space in listing
nft: Use xtables_malloc() in mnl_err_list_node_add()
nft: Use xtables_{m,c}alloc() everywhere
tests: iptables-test: Fix missing chain case
tests: xlate-test: Don't skip any input after the first empty line
tests: xlate-test: Print errors to stderr
tests: iptables-test: Print errors to stderr
tests: xlate-test: Exit non-zero on error
tests: iptables-test: Exit non-zero on error
tests: shell: Return non-zero on error
ebtables: Avoid dropping policy when flushing
tests: iptables-test: Fix conditional colors on stderr
nft: cache: Avoid double free of unrecognized base-chains
nft: Check base-chain compatibility when adding to cache
nft-chain: Introduce base_slot field
nft: Delete builtin chains compatibly
nft: Introduce builtin_tables_lookup()
xshared: Store optstring in xtables_globals
nft-shared: Introduce init_cs family ops callback
xtables: Simplify addr_mask freeing
nft: Add family ops callbacks wrapping different nft_cmd_* functions
xtables-standalone: Drop version number from init errors
libxtables: Introduce xtables_globals print_help callback
arptables: Use standard data structures when parsing
nft-arp: Introduce post_parse callback
nft-shared: Make nft_check_xt_legacy() family agnostic
xtables: Derive xtables_globals from family
xtables: arptables accepts empty interface names
nft: Merge xtables-arp-standalone.c into xtables-standalone.c
Unbreak xtables-translate
xlate-test: Print full path if testing all files
extensions: hashlimit: Fix tests with HZ=1000
xshared: Merge and share parse_chain()
nft: Change whitespace printing in save_rule callback
xshared: Share print_iface() function
xshared: Share save_rule_details() with legacy
xshared: Share save_ipv{4,6}_addr() with legacy
xshared: Share print_rule_details() with legacy
xshared: Share print_fragment() with legacy
xshared: Share print_header() with legacy iptables
nft-shared: Drop unused function print_proto()
xshared: Make load_proto() static
xshared: Share print_match_save() between legacy ip*tables
xshared: Share a common printhelp function
xshared: Share exit_tryhelp()
xtables_globals: Embed variant name in .program_version
libxtables: Extend basic_exit_err()
iptables-*-restore: Drop pointless line reference
xtables: Drop xtables' family on demand feature
xtables: Pull table validity check out of do_parse()
xtables: Move struct nft_xt_cmd_parse to xshared.h
xtables: Pass xtables_args to check_empty_interface()
xtables: Pass xtables_args to check_inverse()
xtables: Do not pass nft_handle to do_parse()
xshared: Move do_parse to shared space
xshared: Store parsed wait and wait_interval in xtables_args
nft: Move proto_parse and post_parse callbacks to xshared
iptables: Use xtables' do_parse() function
ip6tables: Use the shared do_parse, too
extensions: *NAT: Kill multiple IPv4 range support
xshared: Fix response to unprivileged users
nft: Use verbose flag to toggle debug output
iptables-restore: Support for extra debug output
nft: Set NFTNL_CHAIN_FAMILY in new chains
ebtables: Support verbose mode
nft: Add debug output to table creation
nft: cache: Dump rules if debugging
tests: iptables-test: Support variant deviation
iptables.8: Describe the effect of multiple -v flags
libxtables: Register only the highest revision extension
Improve error messages for unsupported extensions
nft: Simplify immediate parsing
nft: Speed up immediate parsing
xshared: Prefer xtables_chain_protos lookup over getprotoent
nft: Don't pass command state opaque to family ops callbacks
libxtables: Fix for warning in xtables_ipmask_to_numeric
Simplify static build extension loading
nft: Review static extension loading
tests: shell: Fix 0004-return-codes_0 for static builds
nft: Reject standard targets as chain names when restoring
libxtables: Implement notargets hash table
libxtables: Boost rule target checks by announcing chain names
xlate-test: Fix for empty source line on failure
man: DNAT: Describe shifted port range feature
Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
extensions: ipt_DNAT: Merge v1 and v2 parsers
extensions: ipt_DNAT: Merge v1/v2 print/save code
extensions: ipt_DNAT: Combine xlate functions also
extensions: DNAT: Rename from libipt to libxt
extensions: Merge IPv4 and IPv6 DNAT targets
extensions: Merge REDIRECT into DNAT
extensions: man: Document service name support in DNAT and REDIRECT
extensions: MARK: Drop extra newline at end of help
xshared: Move arp_opcodes into shared space
xshared: Extend xtables_printhelp() for arptables
libxtables: Drop xtables_globals 'optstring' field
libxtables: Revert change to struct xtables_pprot
extensions: DNAT: Merge core printing functions
man: *NAT: Review --random* option descriptions
extensions: LOG: Document --log-macdecode in man page
nft: Fix EPERM handling for extensions without rev 0
xtables-translate: add missing argument and option to usage
Fix a few doc typos
iptables-test.py: print with color escapes only when stdout isatty
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 22 May 2022 21:42:40 +0000 (23:42 +0200)]
fuse: Update to version 3.11.0
- Update from 3.10.4 to 3.11.0
- Update of rootfile
- Changelog
fuse 3.11.0 (2022-05-02)
* Add support for flag FOPEN_NOFLUSH for avoiding flush on close.
* Fixed returning an error condition to ioctl(2)
fuse 3.10.5 (2021-09-06)
* Various improvements to make unit tests more robust.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 22 May 2022 21:42:17 +0000 (23:42 +0200)]
curl: Update to version 7.83.1
- Update from version 7.83.0 to 7.83.1
- Update of rootfile not required
- Changelog
version 7.83.1
This release includes the following bugfixes:
o altsvc: fix host name matching for trailing dots [31]
o cirrus: Update to FreeBSD 12.3 [24]
o cirrus: Use pip for Python packages on FreeBSD [23]
o conn: fix typo 'connnection' -> 'connection' in two function names [1]
o cookies: make bad_domain() not consider a trailing dot fine [26]
o curl: free resource in error path [3]
o curl: guard against size_t wraparound in no-clobber code [4]
o CURLOPT_DOH_URL.3: mention the known bug [19]
o CURLOPT_HSTS*FUNCTION.3: document the involved structs as well [20]
o CURLOPT_SSH_AUTH_TYPES.3: fix the default [18]
o data/test376: set a proper name
o GHA/mbedtls: enabled nghttp2 in the build [11]
o gha: build msh3 [5]
o gskit: fixed bogus setsockopt calls [17]
o gskit: remove unused function set_callback [2]
o hsts: ignore trailing dots when comparing hosts names [28]
o HTTP-COOKIES: add missing CURLOPT_COOKIESESSION [40]
o http: move Curl_allow_auth_to_host() [9]
o http_proxy/hyper: handle closed connections [34]
o hyper: fix test 357 [32]
o Makefile: fix "make ca-firefox" [37]
o mbedtls: bail out if rng init fails [14]
o mbedtls: fix compile when h2-enabled [12]
o mbedtls: fix some error messages
o misc: use "autoreconf -fi" instead buildconf [22]
o msh3: get msh3 version from MsH3Version [6]
o msh3: print boolean value as text representation [10]
o msh3: psss remote_port to MsH3ConnectionOpen [7]
o ngtcp2: add ca-fallback support for OpenSSL backend [35]
o nss: return error if seemingly stuck in a cert loop [30]
o openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl [8]
o post_per_transfer: remove the updated file name [27]
o sectransp: bail out if SSLSetPeerDomainName fails [33]
o tests/server: declare variable 'reqlogfile' static [39]
o tests: fix markdown formatting in README [38]
o test{898,974,976}: add 'HTTP proxy' keywords [16]
o tls: check more TLS details for connection reuse [25]
o url: check SSH config match on connection reuse [21]
o urlapi: address (harmless) UndefinedBehavior sanitizer warning [15]
o urlapi: reject percent-decoding host name into separator bytes [29]
o x509asn1: make do_pubkey handle EC public keys [13]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Mon, 16 May 2022 14:48:14 +0000 (14:48 +0000)]
dracut: Enable automatic assembly of any RAID/LVM devices
This has changed in dracut 24 and we have used various hacks to enable
this behaviour again when it would have been so easy to just enable this
parameter.
Fixes: #12862 - Upgrade from Core 166 to 167 does not use RAID anymore Reported-by: Dirk Sihling <dsihling@web.de> Reported-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Stefan Schantl [Fri, 13 May 2022 17:10:44 +0000 (19:10 +0200)]
update-ids-ruleset: Silent script if no providers settings file exists.
Only try to read-in the providers settings file, in case it exists.
Otherwise the script produces an error message, about the missing file,
each time it gets executed.
Because of the fcron job this would be twice a day in most cases.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Fri, 13 May 2022 04:30:57 +0000 (06:30 +0200)]
expat: Fix rootfile.
The libexpat.so.1 file is just a symlink to libexpat.so.1.8.8 which
contains all the functions and symbols required by the binaries, linked
against it. Therefore this file needs to be present on the systems.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Since this addresses security issues, and also with regards to reports
such as https://community.ipfire.org/t/core-update-167-ipsec-issue/7893,
I take the liberty to push this straight into Core Update 168.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Refreshing the Pakfire page may cause a command to be
executed multiple times and induce odd errors.
This patch implements a HTTP 303 redirect after form processing,
which causes the browser to discard the POST form data.
Navigating backward or reloading the page now does not trigger
multiple executions anymore.
Fixes: #12781 Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Acked-by: Peter Müller <peter.muelle@ipfire.org>
Adolf Belka [Thu, 5 May 2022 16:39:53 +0000 (18:39 +0200)]
nut: Update to version 2.8.0
- Update from version 2.7.4 to 2.8.0
- 2.7.4 was released in 2016 and since then not a lot of progress was made with it but
since the start of 2022 new work on nut has ocurred culminating in this release
- Update of rootfile
- Ran find-dependencies on the old libraries due to the sobump to confirm that nothing
else than nut used them, which was the case.
- Changelog
After a long and windy trip since the last official release v2.7.4 half a dozen
years ago, we the community, contributors and maintainers are proud to announce
at last the general availability of NUT v2.8.0!
As always, the new release includes numerous new drivers, sub-drivers, protocols
and bug-fixes, with many companies and individuals chipping in with contributions
of code.Thanks to everyone involved in making this happen, inspiring the changes,
and providing the open-source friendly infrastructure.
This release also culminates a significant effort in improvements of NUT QA and
CI, and as a result -- in codebase quality and portability across a decade or
two of recent platforms, third-party tools and other dependencies. As a side
effect, public API (in headers and libraries) has changed a bit, hence a new
semantic "minor" number is claimed for this major body of work.
During this time, the https://networkupstools.org/ web site has changed to a
rolling-release model to serve current information to match the evolving
codebase. There are now special Sub-sites for historic releases to keep
documentation snapshots relevant for users of packages which are typically based
on official NUT releases.
We recognize that NUT is an important piece of infrastructure which gets built
into all sorts of devices, projects and operating systems -- some of which the
team never heard of until they pop up in a question, and others we haven't heard
of for years -- so we take a seriously omnivorous stance towards covering many
versions and implementations of compiler suites, C/C++ revisions, make programs,
shell and other scripted language interpreters, OSes and CPUs, and other similar
variables tamed with our new NUT CI farm test matrix dynamically driven by
currently registered build agents and their declared capabilities.
Sections in the NEWS and UPGRADING files about changes since last release are
several pages long, so would not all be repeated here. A few important
highlights for distribution packagers and custom builders follow, however:
NUT now supports more i2c and modbus devices, as well as libusb-1.0 support
as an alternative to earlier libusb-0.1 (so new dependency-based categories
of packages for drivers may be due);
NUT Python modules and scripts (e.g. NUT-Monitor variants) should work with
python-2.7 and with python-3.x, so covering historic distro releases as
well as new ones (and so your distro can deliver one or both, probably in
several packages with different dependencies in the latter case);
NUT provides revised reference systemd and SMF service unit definitions,
including support of drivers wrapped into individual service instances with
varying dependencies based on different media required (networked stack, USB
stack, etc.), and many daemons include -F option for running "in foreground"
to avoid extra forking after one already done by a service framework - you
may want to use those in your packaged deliverables;
NUT newly provides the "nut-driver-enumerator" script and service, which
allows it to follow edition of ups.conf and dynamically define+(re)start and
stop+undefine service instances for drivers - there are several ways it can
be integrated for different use-cases;
There are several new configuration keywords and CLI options - so while new
NUT builds should work with old configs and scripts, the opposite is not
necessarily true (old binaries may reject configurations taking advantage
of new features);
There are several new protocol keywords - but old and new NUT daemons (data
server and clients) should be able to communicate both ways;
It is assumed that API/ABI changes may require third-party NUT clients
(library consumers of libnutclient, libupsclient, libnutscan... -- their
version info was bumped accordingly) to get rebuilt, in order to work with
the new NUT release in a stable fashion;
The dummy-ups driver used in automated testing now processes *.dev filename
patterns once and does not loop, like it still does for *.seq and other
files (by default);
USB code is now more strict about logical minimum/maximum ranges for data
reported from devices, and some devices were already found to make mistakes
- so there is also a mechanism for turning a blind eye to known issues and
fix-up such report descriptors to produce intended sane values;
New documentation page docs/config-prereqs.txt highlights packaged
dependencies installable on a large range of platforms to build as much of
NUT as possible (incidentally, ones NUT CI farm uses to test every iteration);
Finally, we hope that NUT codebase might be able to cater for everyone "out
of the box" (it also simplifies local builds from GitHub sources on any
systems, for troubleshooting and checking pre-release enhancements): if you
as a packager have to apply patches for your distribution, give it a thought
-- whether they address a common issue best solved upstream once and behave
similarly for everyone (and conversely, if your platform can do with
existing solutions already tracked in the NUT version du-jour). PRs welcome!
Or at least Wiki entries to list all the distro efforts for cross-pollination
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 May 2022 19:51:00 +0000 (21:51 +0200)]
freetype: Update to version 2.12.1
- Update from version 2.11.1 to 2.12.1
- Update of rootfile
- Changelog
CHANGES BETWEEN 2.12.0 and 2.12.1
I. IMPORTANT BUG FIXES
- Loading CFF fonts sometimes made FreeType crash (bug introduced in
version 2.12.0)
- Loading a fully hinted TrueType glyph a second time (without
caching) sometimes yielded different rendering results if TrueType
hinting was active (bug introduced in version 2.12.0).
- The generation of the pkg-config file `freetype2.pc` was broken if
the build was done with cmake (bug introduced in version 2.12.0).
II. MISCELLANEOUS
- New option `--with-librsvg` for the `configure` script for better
FreeType demo support.
- The meson build no longer enforces both static and dynamic
versions of the library by default.
- The internal zlib library was updated to version 1.2.12. Note,
however, that FreeType is *not* affected by CVE-2018-25032 since
it only does decompression.
CHANGES BETWEEN 2.11.1 and 2.12.0
I. IMPORTANT CHANGES
- FreeType now handles OT-SVG fonts, to be controlled with
`FT_CONFIG_OPTION_SVG` configuration macro. By default, it can
only load the 'SVG ' table of an OpenType font. However, by using
the `svg-hooks` property of the new 'ot-svg' module it is possible
to register an external SVG rendering engine. The FreeType demo
programs have been set up to use 'librsvg' as the rendering
library.
This work was Moazin Khatti's GSoC 2019 project.
II. MISCELLANEOUS
- The handling of fonts with an 'sbix' table has been improved.
- Corrected bitmap offsets.
- A new tag `FT_PARAM_TAG_IGNORE_SBIX` for `FT_Open_Face` makes
FreeType ignore an 'sbix' table in a font, allowing applications
to access the font's outline glyphs.
- `FT_FACE_FLAG_SBIX` and `FT_FACE_FLAG_SBIX_OVERLAY` together
with their corresponding preprocessor macros `FT_HAS_SBIX` and
`FT_HAS_SBIX_OVERLAY` enable applications to treat 'sbix' tables
as described in the OpenType specification.
- The internal 'zlib' code has been updated to be in sync with the
current 'zlib' version (1.2.11).
- The previously internal load flag `FT_LOAD_SBITS_ONLY` is now
public.
- Some minor improvements of the building systems, in particular
handling of the 'zlib' library (internal vs. external).
- Support for non-desktop Universal Windows Platform.
- Various other minor bug and documentation fixes.
- The `ftdump` demo program shows more information for Type1 fonts
if option `-n` is given.
- `ftgrid` can now display embedded bitmap strikes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 May 2022 19:51:28 +0000 (21:51 +0200)]
sdl2: Update to version 2.0.22
- Update from version 2.0.20 to 2.0.22
- Update of rootfile
- Changelog
2.0.22:
General:
* Added SDL_RenderGetWindow() to get the window associated with a renderer
* Added floating point rectangle functions:
* SDL_PointInFRect()
* SDL_FRectEmpty()
* SDL_FRectEquals()
* SDL_FRectEqualsEpsilon()
* SDL_HasIntersectionF()
* SDL_IntersectFRect()
* SDL_UnionFRect()
* SDL_EncloseFPoints()
* SDL_IntersectFRectAndLine()
* Added SDL_IsTextInputShown() which returns whether the IME window is currently
shown
* Added SDL_ClearComposition() to dismiss the composition window without disabling
IME input
* Added SDL_TEXTEDITING_EXT event for handling long composition text, and a hint
SDL_HINT_IME_SUPPORT_EXTENDED_TEXT to enable it
* Added the hint SDL_HINT_MOUSE_RELATIVE_MODE_CENTER to control whether the mouse
should be constrained to the whole window or the center of the window when
relative mode is enabled
* The mouse is now automatically captured when mouse buttons are pressed, and the
hint SDL_HINT_MOUSE_AUTO_CAPTURE allows you to control this behavior
* Added the hint SDL_HINT_VIDEO_FOREIGN_WINDOW_OPENGL to let SDL know that a
foreign window will be used with OpenGL
* Added the hint SDL_HINT_VIDEO_FOREIGN_WINDOW_VULKAN to let SDL know that a
foreign window will be used with Vulkan
* Added the hint SDL_HINT_QUIT_ON_LAST_WINDOW_CLOSE to specify whether an
SDL_QUIT event will be delivered when the last application window is closed
* Added the hint SDL_HINT_JOYSTICK_ROG_CHAKRAM to control whether ROG Chakram
mice show up as joysticks
Windows:
* Added support for SDL_BLENDOPERATION_MINIMUM and SDL_BLENDOPERATION_MAXIMUM to
the D3D9 renderer
Linux:
* Compiling with Wayland support requires libwayland-client version 1.18.0 or later
* Added the hint SDL_HINT_X11_WINDOW_TYPE to specify the _NET_WM_WINDOW_TYPE of
SDL windows
* Added the hint SDL_HINT_VIDEO_WAYLAND_PREFER_LIBDECOR to allow using libdecor
with compositors that support xdg-decoration
Android:
* Added SDL_AndroidSendMessage() to send a custom command to the SDL java activity
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 May 2022 19:51:15 +0000 (21:51 +0200)]
hplip: Update to version 3.22.4
- Update from version 3.22.2 to 3.22.4
- Update of rootfile
- Changelog
HPLIP 3.22.4 - This release has the following changes:
Added support for following new Distro's:
Manjaro 21.2
Added support for the following new Printers:
HP LaserJet Pro 4001ne
HP LaserJet Pro 4001n
HP LaserJet Pro 4001dne
HP LaserJet Pro 4001dn
HP LaserJet Pro 4001dwe
HP LaserJet Pro 4001dw
HP LaserJet Pro 4001d
HP LaserJet Pro 4001de
HP LaserJet Pro 4002ne
HP LaserJet Pro 4002n
HP LaserJet Pro 4002dne
HP LaserJet Pro 4002dn
HP LaserJet Pro 4002dwe
HP LaserJet Pro 4002dw
HP LaserJet Pro 4002d
HP LaserJet Pro 4002de
HP LaserJet Pro 4003dn
HP LaserJet Pro 4003dw
HP LaserJet Pro 4003n
HP LaserJet Pro 4003d
HP LaserJet Pro 4004d
HP LaserJet Pro 4004dn
HP LaserJet Pro 4004dw
HP LaserJet Pro MFP 4101dwe
HP LaserJet Pro MFP 4101dw
HP LaserJet Pro MFP 4101fdn
HP LaserJet Pro MFP 4101fdne
HP LaserJet Pro MFP 4101fdw
HP LaserJet Pro MFP 4101fdwe
HP LaserJet Pro MFP 4102dwe
HP LaserJet Pro MFP 4102dw
HP LaserJet Pro MFP 4102fdn
HP LaserJet Pro MFP 4102fdw
HP LaserJet Pro MFP 4102fdwe
HP LaserJet Pro MFP 4102fdne
HP LaserJet Pro MFP 4102fnw
HP LaserJet Pro MFP 4102fnwe
HP LaserJet Pro MFP 4103dw
HP LaserJet Pro MFP 4103dn
HP LaserJet Pro MFP 4103fdn
HP LaserJet Pro MFP 4103fdw
HP LaserJet Pro MFP 4104dw
HP LaserJet Pro MFP 4104fdw
HP LaserJet Pro MFP 4104fdn
HP ScanJet Pro 3600 f1
HP ScanJet Pro N4600 fnw1
HP ScanJet Pro 2600 f1
HP ScanJet Enterprise Flow N6600 fnw1
HPLIP 3.22.2 - This release has the following changes:
Added support for following new Distro's:
Elementary OS 6.1
RHEL 8.5
Linux Mint 20.3
Added support for the following new Printers:
HP LaserJet Tank MFP 1602a
HP LaserJet Tank MFP 1602w
HP LaserJet Tank MFP 1604w
HP LaserJet Tank MFP 2602dn
HP LaserJet Tank MFP 2602sdn
HP LaserJet Tank MFP 2602sdw
HP LaserJet Tank MFP 2602dw
HP LaserJet Tank MFP 2604dw
HP LaserJet Tank MFP 2604sdw
HP LaserJet Tank MFP 2603dw
HP LaserJet Tank MFP 2603sdw
HP LaserJet Tank MFP 2605sdw
HP LaserJet Tank MFP 2606dn
HP LaserJet Tank MFP 2606sdn
HP LaserJet Tank MFP 2606sdw
HP LaserJet Tank MFP 2606dw
HP LaserJet Tank MFP 2606dc
HP LaserJet Tank MFP 1005
HP LaserJet Tank MFP 1005w
HP LaserJet Tank MFP 1005nw
HP LaserJet Tank 1502a
HP LaserJet Tank 1502w
HP LaserJet Tank 1504w
HP LaserJet Tank 2502dw
HP LaserJet Tank 2502dn
HP LaserJet Tank 2504dw
HP LaserJet Tank 2503dw
HP LaserJet Tank 2506dw
HP LaserJet Tank 2506d
HP LaserJet Tank 2506dn
HP LaserJet Tank 1020
HP LaserJet Tank 1020w
HP LaserJet Tank 1020nw
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 12 Apr 2022 10:33:36 +0000 (12:33 +0200)]
haproxy: Update to version 2.5.5
- Update from 2.4.15 to 2.5.5
- Update of rootfile not required
- Changelog
2.5.5
- CI: github actions: add the output of $CC -dM -E-
- CI: github actions: use cache for OpenTracing
- CI: refactor OpenTracing build script
- CI: github actions: use cache for SSL libs
- CI: Consistently use actions/checkout@v2
- BUILD: atomic: make the old HA_ATOMIC_LOAD() support const pointers
- BUILD: tree-wide: mark a few numeric constants as explicitly long long
- BUG/MEDIUM: mux-fcgi: Don't rely on SI src/dst addresses for FCGI health-checks
- BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
- REGTESTS: fix the race conditions in normalize_uri.vtc
- REGTESTS: fix the race conditions in secure_memcmp.vtc
- BUG/MEDIUM: httpclient/lua: infinite appctx loop with POST
- BUG/MINOR: pool: always align pool_heads to 64 bytes
- BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
- BUILD: fix kFreeBSD build.
- MINOR: pools: add a new global option "no-memory-trimming"
- MINOR: stats: Add dark mode support for socket rows
- BUILD: pools: fix backport of no-memory-trimming on non-linux OS
- BUILD: fix recent build breakage of freebsd caused by kFreeBSD build fix
- BUG/MINOR: add missing modes in proxy_mode_str()
- BUG/MINOR: cli: shows correct mode in "show sess"
- BUG/MINOR: httpclient: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
- BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
- BUG/MEDIUM: stream: Use the front analyzers for new listener-less streams
- DEBUG: cache: Update underlying buffer when loading HTX message in cache applet
- BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing
- DEBUG: stream: Add the missing descriptions for stream trace events
- DEBUG: stream: Fix stream trace message to print response buffer state
- BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
- BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
- BUG/MEDIUM: httpclient: don't consume data before it was analyzed
- CLEANUP: htx: remove unused co_htx_remove_blk()
- BUG/MINOR: httpclient: consume partly the blocks when necessary
- BUG/MINOR: httpclient: remove the UNUSED block when parsing headers
- BUG/MEDIUM: httpclient: must manipulate head, not first
- REGTESTS: fix the race conditions in be2hex.vtc
2.5.4
- BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
- BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
- BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
- DOC: Fix usage/examples of deprecated ACLs
- BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
- REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
- CI: github: enable pool debugging by default
- BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
2.5.3
- MINOR: sock: move the unused socket cleaning code into its own function
- BUG/MEDIUM: mworker: close unused transferred FDs on load failure
- BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
- BUG/MINOR: sink: Use the right field in appctx context in release callback
- BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
- BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
- BUG/MAJOR: compiler: relax alignment constraints on certain structures
- MINOR: httpclient: Don't limit data transfer to 1024 bytes
- BUG/MINOR: httpclient: reinit flags in httpclient_start()
- BUG/MINOR: mailers: negotiate SMTP, not ESMTP
- BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
- BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
- BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
- CLEANUP: httpclient/cli: fix indentation alignment of the help message
- BUG/MINOR: tools: url2sa reads ipv4 too far
- BUG/MEDIUM: httpclient: limit transfers to the maximum available room
- DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
2.5.2
- BUG/MEDIUM: connection: properly leave stopping list on error
- BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
- BUG/MINOR: httpclient: don't send an empty body
- BUG/MINOR: httpclient: set default Accept and User-Agent headers
- BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
- BUILD/MINOR: fix solaris build with clang.
- BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
- DOC: management: mark "set server ssl" as deprecated
- MEDIUM: cli: yield between each pipelined command
- MINOR: channel: add new function co_getdelim() to support multiple delimiters
- BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
- MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
- BUG/MEDIUM: cli: Never wait for more data on client shutdown
- BUG/MEDIUM: mcli: do not try to parse empty buffers
- BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
- BUG/MINOR: stream: make the call_rate only count the no-progress calls
- DEBUG: cli: add a new "debug dev fd" expert command
- BUILD: debug/cli: condition test of O_ASYNC to its existence
- DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
- REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
- BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
- BUG/MINOR: mworker: does not add the -sf in wait mode
- BUG/MINOR: pools: always flush pools about to be destroyed
- DEBUG: pools: add extra sanity checks when picking objects from a local cache
- DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
- DEBUG: pools: replace the link pointer with the caller's address on pool_free()
- BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
- BUG/MINOR: mworker: does not erase the pidfile upon reload
- DEBUG: fd: make sure we never try to insert/delete an impossible FD number
- MINOR: listener: replace the listener's spinlock with an rwlock
- BUG/MEDIUM: listener: read-lock the listener during accept()
- BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
- BUG/MEDIUM: httpclient: Xfer the request when the stream is created
- BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
- BUG/MINOR: jwt: Double free in deinit function
- BUG/MINOR: jwt: Missing pkey free during cleanup
- BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
- BUG/MINOR: httpclient/cli: display junk characters in vsn
- BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
- BUG/MAJOR: spoe: properly detach all agents when releasing the applet
- REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
- REGTESTS: peers: leave a bit more time to peers to synchronize
- BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
- BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
2.5.1
- BUG/MINOR: cache: Fix loop on cache entries in "show cache"
- BUG/MINOR: httpclient: allow to replace the host header
- BUG/MINOR: lua: don't expose internal proxies
- BUG/MINOR: lua: remove loop initial declarations
- BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time
- BUILD: evports: remove a leftover from the dead_fd cleanup
- BUG/MINOR: vars: Fix the set-var and unset-var converters
- BUG/MINOR: server: Don't rely on last default-server to init server SSL context
- BUG/MEDIUM: resolvers: Detach query item on response error
- BUG/MAJOR: segfault using multiple log forward sections.
- BUG/MEDIUM: h1: Properly reset h1m flags when headers parsing is restarted
- BUG/MEDIUM: mworker: FD leak of the eventpoll in wait mode
- BUG/MINOR: mworker: deinit of thread poller was called when not initialized
- MINOR: mux-h1: Improve H1 traces by adding info about http parsers
- BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH
- BUG/MEDIUM: sample: Fix memory leak in sample_conv_jwt_member_query
- MINOR: cli: "show version" displays the current process version
- BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types
- IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode
- MINOR: http-rules: Add capture action to http-after-response ruleset
- BUG/MINOR: cli/server: Don't crash when a server is added with a custom id
- DOC: spoe: Clarify use of the event directive in spoe-message section
- DOC: config: Specify %Ta is only available in HTTP mode
- DOC: config: retry-on list is space-delimited
- DOC: config: fix error-log-format example
- BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
- MINOR: ssl: Remove empty lines from "show ssl ocsp-response" output
- MINOR: pools: work around possibly slow malloc_trim() during gc
- BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch
- BUG/MEDIUM: peers: properly skip conn_cur from incoming messages
- BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message
- BUG/MINOR: mux-h1: Fix splicing for messages with unknown length
- BUILD: ssl: unbreak the build with newer libressl
- DOC: fix misspelled keyword "resolve_retries" in resolvers
- DEBUG: ssl: make sure we never change a servername on established connections
- BUILD: opentracing: display warning in case of using OT_USE_VARS at compile time
- BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
- REGTESTS: ssl: fix ssl_default_server.vtc
- MINOR: compat: detect support for dl_iterate_phdr()
- MINOR: debug: add ability to dump loaded shared libraries
- MINOR: debug: add support for -dL to dump library names at boot
- MINOR: proxy: add option idle-close-on-response
- MINOR: cpuset: switch to sched_setaffinity for FreeBSD 14 and above.
- BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning
- CI: Github Actions: do not show VTest failures if build failed
- BUG/MINOR: ssl: free the fields in srv->ssl_ctx
- BUG/MEDIUM: ssl: free the ckch instance linked to a server
- REGTESTS: ssl: update of a crt with server deletion
- BUILD/MINOR: cpuset FreeBSD 14 build fix.
- CI: github actions: update OpenSSL to 3.0.1
- BUILD/MINOR: tools: solaris build fix on dladdr.
- BUG/MINOR: cli: fix _getsocks with musl libc
- BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry
- BUG/MEDIUM: mworker: don't use _getsocks in wait mode
- BUG/MINOR: ssl: Store client SNI in SSL context in case of ClientHello error
- BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data
- BUILD: cpuset: fix build issue on macos introduced by previous change
- CI: github actions: clean default step conditions
2.5.0
- BUILD: SSL: add quictls build to scripts/build-ssl.sh
- BUILD: SSL: add QUICTLS to build matrix
- CLEANUP: sock: Wrap `accept4_broken = 1` into additional parenthesis
- BUILD: cli: clear a maybe-unused warning on some older compilers
- BUG/MEDIUM: cli: make sure we can report a warning from a bind keyword
- BUG/MINOR: ssl: make SSL counters atomic
- CLEANUP: assorted typo fixes in the code and comments
- BUG/MINOR: ssl: free correctly the sni in the backend SSL cache
- MINOR: version: mention that it's stable now
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 4 May 2022 11:14:29 +0000 (13:14 +0200)]
boost: Fix rootfile entries that referred to python3.8 instead of 3.10
- In Jan 2022 I updated python from 3.8 to 3.10 but I missed that boost had rootfile
entries with python38 in it.
- Running a build just now for another package it got flagged up that the rootfile for
boost had been changed and the logfile now had the entries with python310 instead of
python38
- Not clear why it only flagged this up now but this patch is to correct that error
- Running find-dependencies on both the pyton38 and python310 versions of the libraries
flagged nothing as being linked to either, so probably lucky with this being missed
first time around.
- Boost will need to be shipped with a Core Update
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 May 2022 10:59:48 +0000 (12:59 +0200)]
openssl: Update to version 1.1.1o
- Update from version 1.1.1n to 1.1.1o
- Update of rootfile not required
- This patch is to go into CU168 as this update is for fixing a moderate severity CVE
- Changelog
1.1.1o [3 May 2022]
(CVE-2022-1292)
Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Fri, 29 Apr 2022 12:05:22 +0000 (14:05 +0200)]
mpc: Update to version 0.34
- Update from version 0.33 to 0.34
- Combined this patch with update to mpd as mpc depends on mpd
- Changelog
0.34 (2021/11/30)
* add commands "albumart", "readpicture"
* don't print status after error
* custom status format
* support grouping "list" results
* meson: auto-build libmpdclient if not available
* require libmpdclient 2.16 or newer
* require MPD 0.21 or newer
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Fri, 29 Apr 2022 12:05:20 +0000 (14:05 +0200)]
mpd: Update to version 0.23.6
- Update from version 0.22.6 to 0.23.6
- Update of rootfile not required
- Since version 0.23 there is a new build time dependency for libfmt so a separate
patch has been created to add fmt to the system but only for build
- Changelog
ver 0.23.6 (2022/03/14)
* protocol
- support filename "cover.webp" for "albumart" command
- support "readcomments" and "readpicture" on CUE tracks
* decoder
- ffmpeg: fix end-of-file check (update stuck at empty files)
- opus: fix "readpicture" on Opus files
* output
- pipewire: fix crash bug if setting volume before playback starts
- wasapi: fix resume after pause
ver 0.23.5 (2021/12/01)
* protocol
- support relative offsets for "searchadd"
- fix "searchaddpl" bug (bogus error "Bad position")
* database
- upnp: fix crash bug
* tags
- fix MixRamp support
* migrate to PCRE2
* GCC 12 build fixes
ver 0.23.4 (2021/11/11)
* protocol
- add optional position parameter to "searchaddpl"
* decoder
- ffmpeg: support libavcodec 59
* output
- alsa: add option "thesycon_dsd_workaround" to work around device bug
* fix crash on debug builds if startup fails
* systemd
- remove "RuntimeDirectory" directive because it caused problems
- ignore the "pid_file" setting if started as systemd service
* Windows
- enable the "openmpt" decoder plugin
ver 0.23.3 (2021/10/31)
* protocol
- add optional position parameter to "add" and "playlistadd"
- allow range in "playlistdelete"
* database
- fix scanning files with question mark in the name
- inotify: fix use-after-free bug
* output
- alsa: add option "stop_dsd_silence" to work around DSD DAC noise
* macOS: fix libfmt related build failure
* systemd: add "RuntimeDirectory" directive
ver 0.23.2 (2021/10/22)
* protocol
- fix "albumart" timeout bug
* input
- nfs: fix playback bug
* output
- pipewire: send artist and title to PipeWire
- pipewire: DSD support
* neighbor
- mention failed plugin name in error message
* player
- fix cross-fade regression
* fix crash with libfmt versions older than 7
ver 0.23.1 (2021/10/19)
* protocol
- use decimal notation instead of scientific notation
- "load" supports relative positions
* output
- emit "mixer" idle event when replay gain changes volume
- pipewire: emit "mixer" idle events on external volume change
- pipewire: attempt to change the graph sample rate
- snapcast: fix time stamp bug which caused "Failed to get chunk"
* fix libfmt linker problems
* fix broken password authentication
ver 0.23 (2021/10/14)
* protocol
- new command "getvol"
- show the audio format in "playlistinfo"
- support "listfiles" with arbitrary storage plugins
- support relative positions in "addid"
- fix relative positions in "move" and "moveid"
- add "position" parameter to "findadd" and "searchadd"
- add position parameter to "load"
* database
- proxy: require MPD 0.20 or later
- proxy: require libmpdclient 2.11 or later
- proxy: split search into chunks to avoid exceeding the output buffer
- simple: add option to hide CUE target songs
- upnp: support libnpupnp instead of libupnp
* archive
- zzip, iso9660: ignore file names which are invalid UTF-8
* decoder
- openmpt: new plugin
- wavpack: fix WVC file support
* player
- do not cross-fade songs shorter than 20 seconds
* output
- oss: support DSD over PCM
- pipewire: new plugin
- snapcast: new plugin
* tags
- new tags "ComposerSort", "Ensemble", "Movement", "MovementNumber", and "Location"
* split permission "player" from "control"
* add option "host_permissions"
* new build-time dependency: libfmt
ver 0.22.11 (2021/08/24)
* protocol
- fix "albumart" crash
* filter
- ffmpeg: pass "channel_layout" instead of "channels" to buffersrc
- ffmpeg: fix "av_buffersink_get_frame() failed: Resource temporarily unavailable"
- ffmpeg: support double-precision samples (by converting to single precision)
* Android
- build with NDK r23
- playlist_directory defaults to "/sdcard/Android/data/org.musicpd/files/playlists"
ver 0.22.10 (2021/08/06)
* protocol
- support "albumart" for virtual tracks in CUE sheets
* database
- simple: fix crash bug
- simple: fix absolute paths in CUE "as_directory" entries
- simple: prune CUE entries from database for non-existent songs
* input
- curl: fix crash bug after stream with Icy metadata was closed by peer
- tidal: remove defunct unmaintained plugin
* tags
- fix crash caused by bug in TagBuilder and a few potential reference leaks
* output
- httpd: fix missing tag after seeking into a new song
- oss: fix channel order of multi-channel files
* mixer
- alsa: fix yet more rounding errors
ver 0.22.9 (2021/06/23)
* database
- simple: load all .mpdignore files of all parent directories
* tags
- fix "readcomments" and "readpicture" on remote files with ID3 tags
* decoder
- ffmpeg: support the tags "sort_album", "album-sort", "artist-sort"
- ffmpeg: fix build failure with FFmpeg 3.4
* Android
- fix auto-start on boot in Android 8 or later
* Windows
- fix build failure with SQLite
ver 0.22.8 (2021/05/22)
* fix crash bug in "albumart" command (0.22.7 regression)
ver 0.22.7 (2021/05/19)
* protocol
- don't use glibc extension to parse time stamps
- optimize the "albumart" command
* input
- curl: send user/password in the first request, save one roundtrip
* decoder
- ffmpeg: fix build problem with FFmpeg 3.4
- gme: support RSN files
* storage
- curl: don't use glibc extension
* database
- simple: fix database corruption bug
* output
- fix crash when pausing with multiple partitions
- jack: enable on Windows
- httpd: send header "Access-Control-Allow-Origin: *"
- wasapi: add algorithm for finding usable audio format
- wasapi: use default device only if none was configured
- wasapi: add DoP support
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sun, 1 May 2022 13:47:13 +0000 (15:47 +0200)]
gcc: Update mpfr with patches for use in toolchain build
- Added mpfr consolidated patches file to mpfr in gcc. mpfr is built internally for use
in the toolchain.
- Confirmed working by running./make toolchain which ran successfully
confirmed from the _build.toolchain.log file that the patches were successfully
implemented for gcc pass 1, gcc pass L and gcc pass 2
- Full toolchain build successfully completed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Sat, 30 Apr 2022 10:05:44 +0000 (10:05 +0000)]
Do not permit world-readability of /etc/sudoers.d/
Lynis (rightly) complains about this directory and its contents being
world-readable on current IPFire installations. Since there is no
necessity for this, we might as well chmod them to 750 / 640.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Jon Murphy [Sun, 1 May 2022 23:16:23 +0000 (18:16 -0500)]
pcengines-apu-firmware: Update to version 4.16.0.3
- Update from 4.15.0.1 to 4.16.0.3
- Update of rootfile
- Changelog
v4.16.0.3 - Release date: 2022-04-21
Rebased with official coreboot repository commit 2c4b426557
See: https://github.com/pcengines/coreboot/compare/v4.16.0.2...v4.16.0.3
v4.16.0.2 - Release date: 2022-03-29
Rebased with official coreboot repository commit 66f99f7fa7
See: https://github.com/pcengines/coreboot/compare/v4.16.0.1...v4.16.0.2
v4.16.0.1 - Release date: 2022-03-08
Rebased with official coreboot repository commit b4ba289fa5
Disabled loglevel prefixes introduced in coreboot 4.16
Disabled ANSI escape sequences introduced in coreboot 4.16
Fixed AMD PSP CCP as entropy source
v4.15.0.3 - Release date: 2022-02-16
Rebased with official coreboot repository commit 36425312ee
Added checking hardware matrix before regression tests
Fixed the hard disk not visible in the Seabios Boot Menu
v4.15.0.2 - Release date: 2022-01-11
rebased with official coreboot repository commit 3990da0b
disabled SMM
enabled parallel AP initialization for apu2-6 for faster boot time
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Sat, 30 Apr 2022 09:45:27 +0000 (09:45 +0000)]
sysctl: Use strict Reverse Path Filtering
The strict mode, as specified in RFC 3704, section 2.2, causes packets
to be dropped by the kernel if they arrive with a source IP address that
is not expected on the interface they arrived in. This prevents internal
spoofing attacks, and is considered best practice among the industry.
After a discussion with Michael, we reached the conclusion that
permitting users to configure the operating mode of RPF in IPFire causes
more harm than good. The scenarios where strict RPF is not usable are
negligible, and the vast majority of IPFire's userbase won't even
notice a difference.
Suggested-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
The include file that was added in a previous commit allowed to manually
create a backup, but none was created when the addon was installed,
uninstalled or updated.
Signed-off-by: Daniel Weismueller <daniel.weismueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sat, 30 Apr 2022 17:34:58 +0000 (19:34 +0200)]
minidlna: Addition of patches to fix CVE-2022-26505
- CVE-2022-26505 A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1
allows a remote web server to exfiltrate media files. CVE created on 6th March 2022
- minidlna have created the patches to fix CVE-2022-26505 and have created a git tag for
version 1.3.1 but have not provided any 1.3.1 source tarballs. A ticket was raised on
14th March 2022 in the source forge support system asking to "Please publish a tarball
for 1.3.1" but there was no reply from the developer so far.
- In the NIST National Vulnerability Database it refers to a fix implemented in 1.3.1 but
the link to the sourceforge page is only the patches applied for the fix
- I used those diff descriptions to create a patch to implement on the existing 1.3.0
version in IPFire and this patch submission applies that fix
- Incremented the lfs PAK_VER
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 30 Apr 2022 17:34:42 +0000 (19:34 +0200)]
man-pages: Update to version 5.13
- Update from version 2.34 (2006) to 5.13 (2021)
- Update of rootfile
- Changelog is too long to include here (~50000 lines)
Details for version 5.13 can be found in the file Changes in the source tarball
Details for version back to 2.34 can be found in the file Changes.old in the
source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>