Michael Tremer [Fri, 14 Mar 2025 10:25:18 +0000 (10:25 +0000)]
pixman: Update to 0.44.2
This project transitioned to meson, and it seems that instead of
figuring out on what kind of system it is running, we are now supposed
to tell it. Weird.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 16 Feb 2025 13:24:36 +0000 (13:24 +0000)]
ncurses: Fix linking without libtinfo
This patch will automatically add libtinfo to everywhere we are linking
against any of the other libraries. It will also provide an easy way to
link against libtermcap.
Finally, this patch enabled symbol versioning.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 8 Jan 2025 16:41:31 +0000 (16:41 +0000)]
kernel: Update to 6.12.8 and strip modules
Since we sign the modules we cannot strip them afterwards. However,
there is currently no need to keep any debug information in the
production system, so we strip it all away.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- IPFire-3.x
- Update from version 0.16-20220414 to 0.17020230812
- Changelog
0.17 (up to commit 077661f, 2023-08-08)
New features
* json_patch: add first implementation only with patch application
* Add --disable-static and --disable-dynamic options to the cmake-configure
script.
* Add -DBUILD_APPS=NO option to disable app build
* Minimum cmake version is now 3.9
Significant changes and bug fixes
* When serializing with JSON_C_TO_STRING_PRETTY set, keep the opening and
closing curly or square braces on same line for empty objects or arrays.
* Disable locale handling when targeting a uClibc system due to problems
with its duplocale() function.
* When parsing with JSON_TOKENER_STRICT set, integer overflow/underflow
now result in a json_tokener_error_parse_number. Without that flag
values are capped at INT64_MIN/UINT64_MAX.
* Fix memory leak with emtpy strings in json_object_set_string
* json_object_from_fd_ex: fail if file is too large (>=INT_MAX bytes)
* Add back json_number_chars, but only because it's part of the public API.
* Entirely drop mode bits from open(O_RDONLY) to avoid warnings on certain
platforms.
* Specify dependent libraries, including -lbsd, in a more consistent way so
linking against a static json-c works better
* Fix a variety of build problems and add & improve tests
* Update RFC reference to https://www.rfc-editor.org/rfc/rfc8259
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 12 Dec 2023 17:21:58 +0000 (18:21 +0100)]
keyutils: Update to version 1.6.3
- IPFire-3.x
- Update from version 1.6.1 to 1.6.3
- The old url and download url have not been updated for 4 years. Current updates are now
done in the new git repository
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/
The two latest updates, 1.6.2 and 1.6.3 were both released in 2020
- Changelog is not available. All changes can be found by reviewing the commits in the new
git repository.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 12 Dec 2023 15:08:24 +0000 (16:08 +0100)]
less: Update to version 643
- IPFire-3.x
- Update from version 608 to 643
- Changelog
643
Fix problem when a program piping into less reads from the tty, like sudo asking for password (github #368).
Fix search modifier ^E after ^W.
Fix bug using negated (^N) search (github #374).
Fix bug setting colors with -D on Windows build (github #386).
Fix reading special chars like PageDown on Windows (github #378).
Fix mouse wheel scrolling on Windows (github #379).
Fix erroneous EOF when terminal window size changes (github #372).
Fix compile error with some definitions of ECHONL (github #395).
Fix crash on Windows when writing logfile (github #405).
Fix regression in exit code when stdin is /dev/null and output is a file (github #373).
Add lesstest test suite to production release (github #344).
Change lesstest output to conform with automake Simple Test Format (github #399).
633
Add LESSUTFCHARDEF environment variable (github #275).
Add # command (github #330).
Add ^S search modifier (github #196).
Add --wordwrap option (github #113).
Add --no-vbell option (github #304).
Add --no-search-headers option (github #44).
Add --modelines option (github #89).
Add --intr option (github #224).
Add --proc-backspace, --proc-tab and --proc-return options (github #335).
Add --show-preproc-errors option (github #258).
Add LESS_LINES and LESS_COLUMNS environment variables (github #84).
Add LESS_DATA_DELAY environment variable (github #337).
Allow empty "lines" field in --header option.
Update Unicode tables.
Improve ability of ^X to interrupt F command (github #49).
Status column (-J) shows off-screen matches.
Parenthesized sub-patterns in searches are colored with unique colors, if supported by the regular expression library (github #196).
Don't allow opening a tty as file input unless -f is set (github #309).
Don't require newline input after +&... option (github #339).
Fix incorrect handling of some Private Use Unicode characters.
Fix ANSI color bug when overstriking with colored chars (github #276).
Fix compiler const warning (github #279).
Fix signal race in iread (github #280).
Fix reading procfs files on Linux (github #282).
Fix --ignore-case with ctrl-R (no regex) search (github #300).
Fix bug doing repeat search after setting & filter (github #299).
Fix bug doing repeat search before non-repeat search.
Fix crash with -R and certain line lengths (github #338).
Fix input of Windows dead keys (github #352).
Don't retain search options from a cancelled search (github #302).
Don't call realpath on fake filenames like "-" (github #289).
Implement lesstest test suite.
Convert function parameter definitions from K&R to C89 (github #316).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 3 Dec 2023 16:54:17 +0000 (17:54 +0100)]
make: Update to version 4.4.1
- IPFire-3.x
- Update from version 4.4 to 4.4.1
- Changelog
4.4.1
This release is primarily a bug-fix release.
A complete list of bugs fixed in this version is available here:
https://sv.gnu.org/bugs/index.php?group=make&report_id=111&fix_release_id=110&set=custom
* WARNING: Backward-incompatibility!
In previous releases it was not well-defined when updates to MAKEFLAGS made
inside a makefile would be visible. This release ensures they are visible
immediately, even when invoking $(shell ...) functions. Also, command line
variable assignments are now always present in MAKEFLAGS, even when parsing
makefiles.
Implementation provided by Dmitry Goncharov <dgoncharov@users.sf.net>
* New feature: Parallel builds of archives
Previously it was not possible to use parallel builds with archives. It is
still not possible using the built-in rules, however you can now override
the built-in rules with a slightly different set of rules and use parallel
builds with archive creation. See the "Dangers When Using Archives" section
of the GNU Make manual, and https://savannah.gnu.org/bugs/index.php?14927
* Previously target-specific variables would inherit their "export" capability
from parent target-specific variables even if they were marked private. Now
private parent target-specific variables have no affect. For more details
see https://savannah.gnu.org/bugs/index.php?61463
* Disable FIFO jobserver on GNU/Hurd and Cygwin
Experimentation shows that the new FIFO-based jobserver doesn't work well on
GNU/Hurd or Cygwin: revert these systems to use the pipe-based jobserver.
* Updates to allow building on OS/2
Provided by KO Myung-Hun <komh78@gmail.com>
* New platform: GNU Make is supported on z/OS
Thanks to Igor Todorovski <itodorov@ca.ibm.com> for the patches and testing
assistance.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 3 Dec 2023 15:02:35 +0000 (16:02 +0100)]
man-pages: Update to version 6.05.01
- IPFire-3.x
- Update from version 6.03 to 6.05.01
- Changelog
6.05.01
- Build system:
- Ignore dot-dirs within $MANDIR
6.05
New and rewritten pages
man2/
ioctl_pipe.2
man3/
regex.3
man5/
erofs.5
Newly documented interfaces in existing pages
bpf.2
EAGAIN
ioctl_userfaultfd.2
UFFD_FEATURE_EXACT_ADDRESS
prctl.2
PR_GET_AUXV
recv.2
MSG_CMSG_CLOEXEC
statx.2
STAT_ATTR_MOUNT_ROOT
syscall.2
ENOSYS
resolv.conf.5
no-aaaa
RES_NOAAAA
tmpfs.5
CONFIG_TRANSPARENT_HUGEPAGE
ip.7
IP_LOCAL_PORT_RANGE
rtnetlink.7
IFLA_PERM_ADDRESS
New and changed links
man3type/
regex_t.3type (regex(3))
regmatch_t.3type (regex(3))
regoff_t.3type (regex(3))
Global changes
- Types:
- Document functions using off64_t as if they used off_t (except
for lseek64()).
- Build system:
- Keep file modes in the release tarball.
- Fix symlink installation (`make install LINK_PAGES=symlink`).
- Add support for using bzip2(1), lzip(1), and xz(1) when installing
pages and creating release tarballs.
- Create reproducible release tarballs.
- Move makefiles from lib/ to share/mk/.
- Support mdoc(7) pages.
- Relicense Makefiles as GPL-3.0-or-later.
- Build PostScript and PDF manual pages.
- Add support for running our build system on arbitrary source
trees; this makes it possible to easily run our linters on another
project's manual pages as easily as `make lint MANDIR=~/src/groff`
- Licenses:
- Relicense ddp.7 from VERBATIM_ONE_PARA to Linux-man-pages-copyleft.
- Relicense dir_colors.5 from LDPv1 to GPL-2.0-or-later.
- Use new SPDX license identifiers:
- Linux-man-pages-1-para (was VERBATIM_ONE_PARA)
- Linux-man-pages-copyleft-2-para (was VERBATIM_TWO_PARA)
- Linux-man-pages-copyleft-var (was VERBATIM_PROF)
- ffix:
- use `\%`
- un-bracket tbl(1) tables
Changes to individual pages
The manual pages (and other files in the repository) have been improved
beyond what this changelog covers. To learn more about changes applied
to individual pages, use git(1).
6.04
Newly documented interfaces in existing pages
proc.5
KPF_PGTABLE (Linux 4.18)
landlock.7
LANDLOCK_ACCESS_FS_REFER (Linux 5.19)
LANDLOCK_ACCESS_FS_TRUNCATE (Linux 6.02)
udp.7
UDP_GRO (Linux 5.0)
UDP_SEGMENT (Linux 4.18)
Global changes
- Sections:
- Add HISTORY.
- HISTORY: Restore C89 references.
- Repurpose VERSIONS.
- Simplify STANDARDS.
- SYNOPSIS: Mark several functions as deprecated.
- Build system:
- Support installing in different mandirs
(e.g., man3typedir='/usr/share/man/man3').
- Support installing compressed pages (Z='.gz').
- Support installing link pages as symlinks (LINK_PAGES='symlink').
- Add make(1) 'check' target. This has been split from 'lint'.
'lint' will check the source code, and 'check' will check the
rendered pages (as a user will read them). There are currently
several pages that fail this `make check`, and distributors that
depend on this can workaround it by touching a few files:
$ make check -k -j >/dev/null 2>/dev/null;
$ make check -k 2>/dev/null;
GREP .tmp/man/man1/memusage.1.check-catman.touch
TROFF .tmp/man/man2/fanotify_init.2.cat.set
TROFF .tmp/man/man2/gettimeofday.2.cat.set
TROFF .tmp/man/man2/s390_sthyi.2.cat.set
GREP .tmp/man/man3/mallopt.3.check-catman.touch
TROFF .tmp/man/man3/unlocked_stdio.3.cat.set
TROFF .tmp/man/man4/console_codes.4.cat.set
TROFF .tmp/man/man4/lirc.4.cat.set
GREP .tmp/man/man4/smartpqi.4.check-catman.touch
GREP .tmp/man/man4/veth.4.check-catman.touch
TROFF .tmp/man/man5/proc.5.cat.set
GREP .tmp/man/man5/slabinfo.5.check-catman.touch
TROFF .tmp/man/man5/tzfile.5.cat.set
TROFF .tmp/man/man7/address_families.7.cat.set
TROFF .tmp/man/man7/ascii.7.cat.set
TROFF .tmp/man/man7/bpf-helpers.7.cat.set
GREP .tmp/man/man7/keyrings.7.check-catman.touch
GREP .tmp/man/man7/uri.7.check-catman.touch
TROFF .tmp/man/man8/tzselect.8.cat.set
TROFF .tmp/man/man8/zdump.8.cat.set
TROFF .tmp/man/man8/zic.8.cat.set
After touching the previous files, `make check` will succeed:
$ make check -k 2>/dev/null | awk '{print $2}' | xargs touch;
$ make check -j >/dev/null;
$ echo $?
0
Changes to individual pages
The manual pages (and other files in the repository) have been improved
beyond what this changelog covers. To learn more about changes applied
to individual pages, use git(1).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 1 Dec 2023 18:18:47 +0000 (19:18 +0100)]
meson: Update to version 1.3.0
- IPFire-3.x
- Update from version 0.64.1 to 1.3.0
- Changelog is too large to include here. Details can be reviewed at
https://mesonbuild.com/Release-notes.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 1 Dec 2023 18:04:26 +0000 (19:04 +0100)]
multipath-tools: Update to version 0.9.7
- IPFire-3.x
- Update from version 0.9.4 to 0.9.7
- Changelog is the commits from the naster branch since version 0.4.5
https://github.com/opensvc/multipath-tools/commits/master
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 1 Dec 2023 17:53:14 +0000 (18:53 +0100)]
netpbm: Update to version 10.73.43
- IPFire-3.x
- Update from version 10.73.42 to 10.73.43
- Changelog
10.73.43
jpegtopnm: Many fixes to -dumpexif. Always broken.
(-dumpexif was new in Netpbm 9.18 (September 2001))
pamtopng: fix -chroma option: always rejected. Always broken.
pamtopng was new in Netpbm 10.70 (June 2015).
pnmtopng: fix -rgb option: always rejected. Always broken
-rgb was new in Netpbm 10.30 (October 2005).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 1 Dec 2023 17:32:23 +0000 (18:32 +0100)]
newt: Update to version 0.52.24
- IPFire-3.x
- Update from version 0.52.21 to 0.52.24
- Changelog
0.52.24
- add support for python3.13
- fix compiler warnings
0.52.23
- fix automatic height of menu/list in whiptail (broken in 0.52.22)
- fix automatic width of whiptail --yesno box
- fix automatic width in whiptail with unicode characters
- fix automatic width with whiptail --noitem and --notags options
- fix spacing with longer tags in whiptail
- avoid overlapping backtitle in whiptail with automatic height
0.52.22
- fix crash in whiptail with new libpopt
- switch from usleep to nanosleep (Rosen Penev)
- fix libnewt.pc to enable static linking (Alexey Sheplyakov)
- fix LDFLAGS order in snack linking (Sam James)
- use CFLAGS when compiling snack
- improve configure.ac (Thomas Kuehne)
- install header and libnewt.pc with shared library (Michael Olbrich)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 1 Dec 2023 17:01:20 +0000 (18:01 +0100)]
openssl: Update to version 3.1.4
- IPFire-3.x
- Update from version 3.1.2 to 3.1.4
- Changelog
3.1.4
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
that alter the key or IV length ([CVE-2023-5363]).
3.1.3
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
The POLY1305 MAC (message authentication code) implementation in OpenSSL
does not save the contents of non-volatile XMM registers on Windows 64
platform when calculating the MAC of data larger than 64 bytes. Before
returning to the caller all the XMM registers are set to zero rather than
restoring their previous content. The vulnerable code is used only on newer
x86_64 processors supporting the AVX512-IFMA instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the
application process. However given the contents of the registers are just
zeroized so the attacker cannot put arbitrary values inside, the most likely
consequence, if any, would be an incorrect result of some application
dependent calculations or a crash leading to a denial of service.
([CVE-2023-4807])
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Nov 2023 12:36:48 +0000 (13:36 +0100)]
p11-kit: Update to version 0.25.3
- IPFire-3.x
- Update from version 0.25.0 to 0.25.3
- Changelog
0.25.3
rpc: fix serialization of NULL mechanism pointer [#601]
fix meson build failure in macOS (appleframeworks not found) [#603]
0.25.2
fix error code checking of readpassphrase for --login option [#595]
build fixes [#594]
test fixes [#596]
0.25.1
fix probing of C_GetInterface [#535]
p11-kit: add command to list tokens [#581]
p11-kit: add command to list mechanisms supported by a token [#576]
p11-kit: add command to generate private-public keypair on a token [#551, #582]
p11-kit: add commands to import/export certificates and public keys into/from a token [#543, #549, #568, #588]
p11-kit: add commands to list and delete objects of a token [#533, #544, #571]
p11-kit: add --login option to login into a token with object and profile management commands [#587]
p11-kit: adjust behavior of PKCS#11 profile management commands [#558, #560, #583, #591]
p11-kit: print PKCS#11 URIs in list-modules [#532]
bug and build fixes [#528 #529, #534, #537, #540, #541, #545, #547, #550, #557, #572, #575, #579, #585, #586, #590]
test fixes [#553, #580]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Nov 2023 12:21:36 +0000 (13:21 +0100)]
pango: Update to version 1.51.0
- IPFire-3.x
- Update from version 1.50.12 to 1.51.0
- Changelog
1.51.0
- itemize: Improve script itemization
- build: Check for cairo DWrite dependency
- win32: Fix various issues and crashes
- layout: Add a missing switch case
1.50.14
- Fix underline thickness in scaled contexts
1.50.13
- win32: Add back fallback for empty fontsets
- win32: Improve DirectWrite support
- Fix word segmentation for Japanese
- Don't set backspace-deletes-char for math symbols
- coretext: Fix a crash
- cairo: Apply metrics hinting to underlines too
- Treat COLRv1 fonts as color fonts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Nov 2023 11:57:13 +0000 (12:57 +0100)]
patchelf: Update to version 0.18.0
- IPFire-3.x
- Update from version 0.17.2 to 0.18.0
- Changelog
0.18.0
Add options to print, clear and set executable stack state by @cgzones
in #456
Modernizations and strictness improvements by @cgzones in #464
Add feature to rename dynamic symbols by @brenoguim in #459
Adjust roundUp for 0 as input by @cgzones in #466
Avoid overlapping program header table with section header table #457 by
@brenoguim in #460
Other switches might set changed as true. Use extraStrings size. #416 by
@brenoguim in #473
Use the largest segment alignment for libraries requiring non-standard
alignments #474 by @brenoguim in #475
Add one extra page to avoid overlapping with next page if its rounded…
by @brenoguim in #469
Add zsh completion by @Freed-Wu in #490
Do not let modifyRPath taint shared strings in strtab. Fix #315 by
@brenoguim in #481
Resize segment mapping rewritten sections if needed #482 by @brenoguim
in #485
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Nov 2023 11:31:18 +0000 (12:31 +0100)]
polkit: Update to version 123
- IPFire-3.x
- Update from version 122 to 123
- Changelog
123
Highlights:
- better safety with deeper resctiction of the configuration files
- better safety with restricting the daemon's owner under systemd
- better safety with the systemd unit sandboxing
- less thread races during upload of the configuration
Changes
* prevent wrongful termination of runaway thread
* Stop installing /usr/share/polkit-1/rules.d as 700/polkitd
* set User/Group and don't change uid/gid if already set
* general and/or buildsystem fixes
* systemd service hardening
* Packit service integration
* pkcheck: manpage and help sync
* general fixes
* Packit service integration
* change of ownership of custom configs
* general fixes
* localization
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Nov 2023 11:11:47 +0000 (12:11 +0100)]
samba: Update to version 4.19.3
- IPFire-3.x
- Upfate from version 4.19.0 to 4.19.3
- Changelog
4.19.3
This is the latest stable release of the Samba 4.19 release series.
It contains the security-relevant bugfix CVE-2018-14628:
Wrong ntSecurityDescriptor values for "CN=Deleted Objects"
allow read of object tombstones over LDAP
(Administrator action required!)
https://www.samba.org/samba/security/CVE-2018-14628.html
Description of CVE-2018-14628
All versions of Samba from 4.0.0 onwards are vulnerable to an
information leak (compared with the established behaviour of
Microsoft's Active Directory) when Samba is an Active Directory Domain
Controller.
When a domain was provisioned with an unpatched Samba version,
the ntSecurityDescriptor is simply inherited from Domain/Partition-HEAD-Object
instead of being very strict (as on a Windows provisioned domain).
This means also non privileged users can use the
LDAP_SERVER_SHOW_DELETED_OID control in order to view,
the names and preserved attributes of deleted objects.
No information that was hidden before the deletion is visible, but in
with the correct ntSecurityDescriptor value in place the whole object
is also not visible without administrative rights.
There is no further vulnerability associated with this error, merely an
information disclosure.
Action required in order to resolve CVE-2018-14628!
The patched Samba does NOT protect existing domains!
The administrator needs to run the following command
(on only one domain controller)
in order to apply the protection to an existing domain:
samba-tool dbcheck --cross-ncs --attrs=nTSecurityDescriptor --fix
The above requires manual interaction in order to review the
changes before they are applied. Typicall question look like this:
Reset nTSecurityDescriptor on CN=Deleted Objects,DC=samba,DC=org back to provision default?
Owner mismatch: SY (in ref) DA(in current)
Group mismatch: SY (in ref) DA(in current)
Part dacl is different between reference and current here is the detail:
(A;;LCRPLORC;;;AU) ACE is not present in the reference
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY) ACE is not present in the reference
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA) ACE is not present in the reference
(A;;CCDCLCSWRPWPSDRCWDWO;;;SY) ACE is not present in the current
(A;;LCRP;;;BA) ACE is not present in the current
[y/N/all/none] y
Fixed attribute 'nTSecurityDescriptor' of 'CN=Deleted Objects,DC=samba,DC=org'
The change should be confirmed with 'y' for all objects starting with
'CN=Deleted Objects'.
4.19.2
o Jeremy Allison <jra@samba.org>
* BUG 15423: Use-after-free in aio_del_req_from_fsp during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE.
* BUG 15426: clidfs.c do_connect() missing a "return" after a cli_shutdown()
call.
o Ralph Boehme <slow@samba.org>
* BUG 15463: macOS mdfind returns only 50 results.
o Volker Lendecke <vl@samba.org>
* BUG 15481: GETREALFILENAME_CACHE can modify incoming new filename with
previous cache entry value.
o Stefan Metzmacher <metze@samba.org>
* BUG 15464: libnss_winbind causes memory corruption since samba-4.18,
impacts sendmail, zabbix, potentially more.
o Martin Schwenke <mschwenke@ddn.com>
* BUG 15479: ctdbd: setproctitle not initialized messages flooding logs.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15491: CVE-2023-5568 Heap buffer overflow with freshness tokens in the
Heimdal KDC in Samba 4.19
* BUG 15477: The heimdal KDC doesn't detect s4u2self correctly when fast is
in use.
4.19.1
This is a security release in order to address the following defects:
o CVE-2023-3961: Unsanitized pipe names allow SMB clients to connect as root to
existing unix domain sockets on the file system.
https://www.samba.org/samba/security/CVE-2023-3961.html
o CVE-2023-4091: SMB client can truncate files to 0 bytes by opening files with
OVERWRITE disposition when using the acl_xattr Samba VFS
module with the smb.conf setting
"acl_xattr:ignore system acls = yes"
https://www.samba.org/samba/security/CVE-2023-4091.html
o CVE-2023-4154: An RODC and a user with the GET_CHANGES right can view all
attributes, including secrets and passwords. Additionally,
the access check fails open on error conditions.
https://www.samba.org/samba/security/CVE-2023-4154.html
o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
server block for a user-defined amount of time, denying
service.
https://www.samba.org/samba/security/CVE-2023-42669.html
o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
listeners, disrupting service on the AD DC.
https://www.samba.org/samba/security/CVE-2023-42670.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 30 Nov 2023 08:48:11 +0000 (09:48 +0100)]
strace: Update to version 6.6
- IPFire-3.x
- Update from version 6.5 to 6.6
- Changelog
6.6
Improvements
Implemented --kill-on-exit option that instructs the tracer to set
PTRACE_O_EXITKILL option to all tracee processes and not to detach them
on cleanup so they will not be left running after the tracer exit.
Implemented automatic activation of --kill-on-exit option when
--seccomp-bpf is enabled and -p/--attach option is not used.
Implemented decoding of map_shadow_stack syscall.
Implemented decoding of FSCONFIG_CMD_CREATE_EXCL fsconfig command.
Implemented decoding of IFLA_BRPORT_BACKUP_NHID netlink attribute.
Implemented decoding of SECCOMP_IOCTL_NOTIF_SET_FLAGS ioctl.
Implemented decoding of UFFDIO_CONTINUE, UFFDIO_POISON, and
UFFDIO_WRITEPROTECT ioctls.
Updated lists of ARCH_*, BPF_*, DEVCONF_*, IORING_*, KEXEC_*, MAP_*, NT_*,
PTRACE_*, QFMT_*, SEGV_*, UFFD_*, V4L2_*, and XDP_* constants.
Updated lists of ioctl commands from Linux 6.6.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 28 Nov 2023 11:49:43 +0000 (12:49 +0100)]
texinfo: Update to version 7.1
- IPFire-3.x
- Update from version 7.0.3 to 7.1
- Changelog
7.1 (18 October 2023)
* Language
. new generic definition commands, @defblock, @defline and @deftypeline,
for definitions without automatic index entries
. new @linemacro facility eases use of generic definition commands
. new command @link creates plain links (supported output formats only)
. @cartouche takes an argument to specify the cartouche title
. you can use the new commands @nodedescription and @nodedescriptionblock
to give text to be used in menu descriptions in Info and HTML output
* texi2any
. @itemx at the beginning of a @table is now an error, not a warning
. better validity checking of deeply nested commands
. check that @set and @clear only appear at the start of a line
. warn about missing menu entries even if CHECK_NORMAL_MENU_STRUCTURE is
not set. you can turn this off by setting CHECK_MISSING_MENU_ENTRY to 0.
. no longer use --enable-encoding and --disable-encoding to determine
whether to output encoded characters (instead of entities or commands)
for HTML, XML, DocBook and LaTeX; instead, use the value of the
OUTPUT_CHARACTERS customization variable.
. stricter checks on input encoding, in particular more warnings and
errors with malformed UTF-8
. support any input file encoding if support exists in the operating
system, not just a selected list of encodings
. resolve an alias referring to another alias at definition time
. internally, use "source marks" to keep all Texinfo source information that
is not in the final tree (location of macros, values and included files
expansion, @if* blocks, DEL comment, and @ protecting end of line on @def*
lines)
. HTML output:
. format @subentry and index entries with @seealso or @seeentry in a more
similar way to printed output
. output @shortcontents before @contents by default
. omit colons after index entries by default. this can still be
configured with INDEX_ENTRY_COLON.
. add @example syntax highlighting as a texi2any extension
. no more capitalization of @sc argument in HTML Cross-references
. change @point expansion to U+22C6 in HTML Cross-references
. if a @node is not associated with a sectioning command but is
followed by a heading command not usually associated to nodes
such as @heading and this command appears before other formatted
content, the heading command is assumed to supply the node heading.
you can customize this with USE_NEXT_HEADING_FOR_LONE_NODE.
. Info output:
. new variable ASCII_DASHES_AND_QUOTES, on by default,
outputs ASCII characters for literal quote or hyphen characters
in source, rather than UTF-8. this makes it easier to search
Info files.
. new ASCII_GLYPH variable for using ASCII renditions for glyph
commands (like @bullet)
. ASCII_PUNCTUATION still includes the effect of these new variables.
. new variables AUTO_MENU_DESCRIPTION_ALIGN_COLUMN and AUTO_MENU_MAX_WIDTH
control the format of descriptions in generated menus
. XML output:
. place menu leading text and menu separators in elements instead
of attributes
* texi2dvi
. macro expansion with texi2any requires at least version 5.0 (only
happens with --expand option or with very old texinfo.tex)
* texinfo.tex
. in @code, ` and ' output by default with backtick and undirected
single quote glyphs in the typewriter font. you can still configure
this using the @codequoteundirected/@codequotebacktick commands.
. do not insert a space for @ def line continuation, matching the behavior
of texi2any
. align section titles in table of contents when more than 10 sections
. microtype is off by default, for speed
. page headings generation is no longer linked to the @titlepage command
* info
. when going Up, position cursor on menu entry for current node
. allow mouse scrolling support regardless of termcap entries. this
supports some more xterm configurations.
. do not use "/index" as a possible file extension for Info files
* Distribution
. autoconf 2.71, automake 1.16.5, gettext 0.21
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 28 Nov 2023 11:31:45 +0000 (12:31 +0100)]
usbutils: Update to version 017
- IPFire-3.x
- Update from version 015 to 017
- Changelog
017
lsusb: fix up [unknown] vendor and product strings.
lsusb: fix build warning for dump_billboard_alt_mode_capability_desc()
lsusb: add fallback names for 'lsusb -v' output
names: simplify get_vendor_product_with_fallback() a bit
Honor system libdir and includedir
016
usbutils: lsusb-t: print entries for devices with no interfaces
Fix a typo in usb-spec.h
lsusb.py.in: Display (device) power/wakeup via -w option.
Fix an incorrect length value in hid descriptor.
Fix misalignments in hid device descripptor.
Use bigger buffer to place speed value string
lsusb -h returns an error
lsusb -h fixups
lsusb -t: sort in bus order, not reverse order
lsusb -t: print ports and busses and devices with same width
lsusb -t: assign_interface_to_parent() fixups
lsusb.8.in: fix up missing '-' in text
README.md: add source location
lsusb.py: fix up wakeup logic for devices that do not support it
lsusb.py.in: add another default path for usb.ids
names.c: if a string can not be found in the usb.ids file, return [unknown]
lsusb-t: if a driver is not bound to an interface, report "[none]"
Generate usbutils.pc pkgconfig file
usbreset: Allow idProduct and idVendor to be 0
usb-devices: make shellcheck happy
lsusb: Add function that sorts the output by device ID.
lsusb: Additional sorting by bus number.
lsusb: This is a more compact implementation of the device list sort
implemented within this pull request. The output remains the same as
the one demonstrated in the previous commit.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 28 Nov 2023 11:15:36 +0000 (12:15 +0100)]
vim: Update to version 9.0.2134
- IPFire-3.x
- Update from version 9.0.1916 to 9.0.2134
- Changelog can be viewed by looking at the github commits
https://github.com/vim/vim/commits/v9.0.2134
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-3.x.git / log
