Adolf Belka [Thu, 4 Feb 2021 12:55:41 +0000 (13:55 +0100)]
ghostscript: Addition of patch to fix freetype problem
-Addition of patch to ghoscript as freetype version 2.10.3 and later
have withdrawn a macro that ghostscript used. Confirmed that without
the patch ghostscript failed to build due to the lack of the
FT_CALLBACK_DEF() macro. The fix is to explicitly declare the
callbacks file static.
- Update lfs to apply patch
- Add patch to src/patches
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 4 Feb 2021 12:55:27 +0000 (13:55 +0100)]
freetype: Update to 2.10.4
- Update freetype from 2.10.2 to 2.10.4
- A heap buffer overflow has been found in the handling of embedded
PNG bitmaps, introduced in FreeType version 2.6.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
If you use option FT_CONFIG_OPTION_USE_PNG you should upgrade immediately.
- Version 2.10.3 and later breaks the build of ghostscript, due to ghostscripts
use of a withdrawn freetype macro that wasn't for external usage.
A patch has been created to fix this and is included in the connected
ghostcript patch.
- Updated rootfile
- Changelog for version 2.10.3 release is too long to add here. This can be
found in the changelog file in the tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 4 Feb 2021 22:17:22 +0000 (23:17 +0100)]
lzip: Installation of lzip-1.22
- Installation of lzip-1.22 into IPFire Build system.
Required for update of ddrescue addon as gnu only using lzip
compression for ddrescue from 2013.
- Created rootfiles
- Installed lzip into build sequence of make.sh at same location as other
compressor packages.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 4 Feb 2021 22:17:08 +0000 (23:17 +0100)]
ddrescue: Update to 1.25
- Update ddrescue from 1.12 to 1.25
- Updated rootfiles
- Since 2013 gnu started to only use lzip for compression of ddrescue
Therefore second patch of this series is the installation of lzip
in the IPFire Build.
- Changelog
2020-02-21 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.25 released.
* block.h: Add default constructors to classes Block and Sblock.
(Reported by Rosen Penev).
* check.sh: Quote all file name variables to allow names with spaces.
(Reported by David Morrison).
* In rescue mode, join non-finished subsectors read from mapfile.
(Reported by David Burton).
* mapbook.cc (update_mapfile): Exclude writing time from intervals.
(Reported by David Burton).
* rescuebook.cc (extend_outfile_size): Use ftruncate if it works.
* Print large numbers in groups of 3 digits separated by underscores.
* main.cc: Set a valid invocation_name even if argc == 0.
2019-02-24 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.24 released.
* Added new option '--command-mode'.
* Implemented mapfile backup.
* ddrescue.texi: Documented final contents of bad areas in outfile.
* configure: Accept appending to CXXFLAGS, 'CXXFLAGS+=OPTIONS'.
2018-02-13 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.23 released.
* rescuebook.cc (trim_errors): Fix wrong change to non-scraped.
* Added new option '--same-file'.
* Added new option '--shift' to ddrescuelog.
* fillbook.cc (fill_block): Write location data as one line.
* fillbook.cc (read_buffer): Do not require a seekable infile.
* ddrescue.texi: Added chapter 'Output'.
* check.sh: Added 'combined rescue' test.
* io.cc: Added missing '#include <cstdio>'.
2017-02-03 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.22 released.
* Option '-X, --exit-on-error' replaced by '-X, --max-read-errors'.
* Added new option '--max-slow-reads'.
* Added new option '--delay-slow'.
* Added new option '--reset-slow'.
* Added new option '--log-events'.
* Added new option '--mapfile-interval'.
* Added new option '--pause-on-error'.
* Option '--pause' has been renamed to '--pause-on-pass'.
* Option '--max-errors' has been renamed to '--max-bad-areas'.
* Renamed 'errsize' to 'bad_size' and 'errors' to 'bad_areas'
* Rescuebook: Show read_errors, error_rate and slow_reads.
* Added 'current_pass' field to mapfile.
* Added two new passes (3 and 4) to the copying phase.
* main.cc (parse_cpass): Accept ranges of passes.
* Option '-K, --skip-size' now accepts sizes up to 1 EiB.
* Initial skip size now defaults to (infile_size / 100_000).
* rescuebook.cc (copy_non_tried): Don't reduce min_read_rate,
enable it only for passes 1 and 2.
* rescuebook.cc (trim_errors): Don't trim bad edges.
* main_common.cc (getnum): Accept 's' after other multiplier.
* '--ask', '-vv' now show size along with model and serial number.
* non_posix.cc: Add 'device_id' for Cygwin.
(Patch written by Christian Franke <franke@computer.org>).
* rescuebook.cc (do_rescue): Show full sizes in domain warning.
* Added new option '-A, --annotate-mapfile' to ddrescuelog.
2016-03-17 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.21 released.
* mapbook.cc (Mapbook): Fix iobuf alignment.
(Reported by Heikki Tauriainen).
* Removed short option names '-1' and '-2'.
* Allow only regular files for '--log-rates' and '--log-reads'.
* Option '-D, --odirect' now works also in fill mode.
* rescuebook.cc (copy_block): Return 1 on unaligned read error.
Set e_code on any error if verify_on_error.
* Option '-X, --exit-on-error' has been extended to all phases.
* Assigned short name '-Z' to option '--max-read-rate'.
* mapbook.cc (update_mapfile): 'fsync' the mapfile every 5 minutes.
* Rescuebook: Show full range of sizes from non-tried to finished.
* rescuebook.cc (show_status): Show percentage rescued.
* configure: Avoid warning on some shells when testing for g++.
* Makefile.in: Detect the existence of install-info.
2015-09-10 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.20 released.
* 'logfile' has been renamed to 'mapfile' everywhere.
* Changed short name of option '--synchronous' to '-y'.
* Changed long name of option '-d' to '--idirect'.
* Added new option '-D, --odirect'.
* Added new option '-J, --verify-on-error'.
* Added new option '--max-read-rate'.
* rescuebook.cc (copy_block): Copy arbitrary blocks with '--idirect'.
* Include only bad-sector blocks in 'errsize'.
* rescuebook.cc (show_status): Show the estimated remaining time.
* io.cc (format_time): Show time in days, hours, minutes and seconds.
* Added per sector location data to fill mode.
* mapbook.cc: Added emergency save of the mapfile.
* Show device name with '--ask' or '-vv' on Haiku.
* mapfile.cc (read_mapfile): Read read-only mapfiles from stdin.
* ddrescuelog.cc: Allow multiple mapfiles for '-t, --show-status'.
* ddrescuelog.cc (create_mapfile): '-' writes mapfile to stdout.
* ddrescue.texi: Added new chapter 'Optical media'.
* ddrescue.texi: Documented maximum size of the rescue domain.
* configure: Option '--enable-linux' renamed to '--enable-non-posix'.
* Makefile.in: Added new targets 'install*-compress'.
* File 'ddrescue.h' renamed to 'mapbook.h'.
* File 'logbook.cc' renamed to 'mapbook.cc'.
* File 'logfile.cc' renamed to 'mapfile.cc'.
* Files linux.{h,cc} renamed to non_posix.{h,cc}.
2014-10-03 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.19 released.
* Fixed a race condition at start of run with '--timeout=0'.
* Added new option '-P, --data-preview'.
* Added new option '-u, --unidirectional'.
* Added new option '-X, --exit-on-error'.
* Added new option '--ask' to ask for user confirmation.
* Added new option '--cpass' to select passes during copying phase.
* Added new option '--pause' to insert a pause between passes.
* Removed option '-l, --logfile-size'.
* Skip on the first error during the copying phase.
* rescuebook.cc: Trimming done in one pass, may be run in reverse.
* The splitting phase has been replaced by a scraping phase.
* Changed long name of option '-n' to '--no-scrape'.
* rescuebook.cc: Alternate direction of passes during retrying phase.
* Show ATA model and serial number with '--ask' or '-vv' on Linux.
* configure: Added new option '--enable-linux'.
* New files linux.h linux.cc.
* License changed to GPL version 2 or later.
2014-06-10 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.18.1 released.
* ddrescuelog.cc (do_logic_ops): Fixed 'or' and 'xor'.
* Added new option '-H, --test-mode' to simulate read errors.
* Added new option '-L, --loose-domain' to ddrescue and ddrescuelog.
* Added new option '-N, --no-trim' to disable trimming of
damaged areas.
* Added new option '-O, --reopen-on-error'.
* Added new options '-1, --log-rates', '-2, --log-reads'.
* Extended '-K, --skip-size' with maximum and disable values.
* Changed long name of option '-r' to '--retry-passes'.
* Changed short name of option '--generate-mode' to '-G'.
* Default value of option '-l, --logfile-size' increased to 10000.
* If interrupted, ddrescue terminates by raising the signal received.
* rescuebook.cc (copy_non_tried): Don't mark skipped blocks as
non-trimmed. Try them in additional passes (before trimming).
* rescuebook.cc: Limit the copying phase to 3 passes.
* rescuebook.cc: Alternate direction of passes during copying phase.
* rescuebook.cc: Smallest blocks are trimmed first.
* rescuebook.cc (split_errors): Read largest first if logfile full.
* Improved speed when using option '-m, --domain-logfile'.
* io.cc (show_status): Show the current total run time.
* rescuebook.cc: Show pass number and direction during copying.
* rescuebook.cc (show_status): Show block pos instead of current_pos.
* main.cc: Show "an unknown number of bytes" for unknown insize.
* Added option '-B, --binary-prefixes' to ddrescuelog.
* Added new option '-C, --complete-logfile' to ddrescuelog.
* Added new option '-P, --compare-as-domain' to ddrescuelog.
* Improved speed of logic operations in ddrescuelog.
* rescuebook.cc (do_rescue): Show warning when domain is smaller
than logfile.
* ddrescuelog.cc (do_show_status): Show logfile and domain extents
when domain is smaller than logfile.
* block.h: Class Block now forces the invariant by itself.
* Code reorganization. New class 'Logfile'.
* Added status message to rescue logfile.
* Many improvements to documentation.
* ddrescue.texinfo: Renamed to ddrescue.texi.
2013-07-09 Antonio Diaz Diaz <antonio@gnu.org>
* Version 1.17 released.
* Added new option '-l, --logfile-size'.
* Added new option '-w, --ignore-write-errors'.
* Option '--fill' has been renamed to '--fill-mode'.
* Option '--generate-logfile' has been renamed to '--generate-mode'.
* Added option '--sector-size' as a synonym of '--block-size'.
* Added option '--retries' as a synonym of '--max-retries'.
* Added option '--size' as a synonym of '--max-size'.
* rescuebook.cc: Trimming is now done from both edges of each
non-trimmed block. Largest blocks are trimmed first.
* rescuebook.cc: Largest blocks are now split first until
logfile reaches '--logfile-size' entries.
* logbook.cc (extend_sblock_vector, truncate_vector): Terminate
if truncation would discard finished blocks.
* rescuebook.cc: Mark failed blocks with 1 sector as bad-sector.
* logbook.cc (extend_sblock_vector): Remove last block of
logfile if it starts at insize and is not marked as finished.
* io.cc (show_status, update_rates): Detect a jump back in time
and adjust status.
* ddrescue.h (slow_read): Return false for the first 10 seconds.
* io.cc (show_status) Leave cursor after message so that ^C does
not overwrite it.
* main.cc: Don't require '--force' for generate mode.
* ddrescue.h (Logbook::logfile_exists): Don't return false if
logfile exists but is empty.
* ddrescue.texinfo: Added new chapter 'Using ddrescue safely'.
* Documented that 'direct disc access' only reads whole sectors.
* configure: Options now accept a separate argument.
* Makefile.in: Added new target 'install-bin'.
2012-06-11 Antonio Diaz Diaz <ant_diaz@teleline.es>
* Version 1.16 released.
* Added new option '-K, --skip-size'.
* Added new option '-T, --timeout'.
* Changed short name of option '--try-again' to '-A'.
* Maximum skip size is now limited to 1% of infile size or 1 GiB
(whichever is smaller), rounded to the next multiple of sector
size.
* Set current_pos to end of block when reading backwards.
* The option '-E, --max-error-rate' now checks the rate of
actually failed reads, not the growth of error size.
* The option '-v, --verbose' now increases verbosity if repeated.
* Changed quote characters in messages as advised by GNU Standards.
* configure: 'datadir' renamed to 'datarootdir'.
* New files rational.h, rational.cc.
2012-01-01 Antonio Diaz Diaz <ant_diaz@teleline.es>
* Version 1.15 released.
* Added new option '-a, --min-read-rate'.
* Added new option '-I, --verify-input-size'.
* Added new option '-x, --extend-outfile'.
* main.cc: Verify that infile, outfile and logfile are all
different.
* Non-tried blocks are now read aligned to cluster-size sectors.
* rescuebook.cc: Improved skip algorithm for the split pass.
* main.cc: Removed spurious warning about '-D' ignored in fill mode.
* ddrescue.texinfo: Improved description of algorithm.
* logbook.cc (change_chunk_status): Return an adjust value (-1, 0, 1)
to keep "errors" updated without calling count_errors every time.
* ddrescue.cc: Renamed to io.cc.
* Added 'ddrescuelog', a program for logfile manipulation.
2011-01-10 Antonio Diaz Diaz <ant_diaz@teleline.es>
* Version 1.14 released.
* Added new option '-R, --reverse'.
* Added new option '-E, --max-error-rate'.
* Extended syntax '--max-errors=+N' to specify new errors.
* Changed short name of option '--retrim' to '-M'.
* Removed spurious warning about 'preallocation not available'.
* Code reorganization. New class 'Genbook'.
2010-08-27 Antonio Diaz Diaz <ant_diaz@teleline.es>
* Version 1.13 released.
* Non-regular output files are no longer overwritten by default.
* Added new option '-f, --force'.
* Added new option '-p, --preallocate'.
* main.cc (write_logfile_header): Write command line to logfile.
* ddrescue.texinfo: Added info about logfile and recoverable formats.
* ddrescue.texinfo: Added a couple more warnings to the tutorial.
* testsuite: 'test1' renamed to 'test.txt'
* Revert to use 'long' instead of 'time_t' for time variables.
Ddrescue only needs counting seconds and 'time_t' causes
warnings on some systems.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 4 Feb 2021 20:39:32 +0000 (21:39 +0100)]
Tor: update to 0.4.4.7
Full changelog of this version as per
https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.4.7:
Changes in version 0.4.4.7 - 2021-02-03
Tor 0.4.4.7 backports numerous bugfixes from later releases,
including one that made v3 onion services more susceptible to
denial-of-service attacks, and a feature that makes some kinds of
DoS attacks harder to perform.
o Major bugfixes (onion service v3, backport from 0.4.5.3-rc):
- Stop requiring a live consensus for v3 clients and services, and
allow a "reasonably live" consensus instead. This allows v3 onion
services to work even if the authorities fail to generate a
consensus for more than 2 hours in a row. Fixes bug 40237; bugfix
on 0.3.5.1-alpha.
o Major feature (exit, backport from 0.4.5.5-rc):
- Re-entry into the network is now denied at the Exit level to all
relays' ORPorts and authorities' ORPorts and DirPorts. This change
should help mitgate a set of denial-of-service attacks. Closes
ticket 2667.
o Minor feature (build system, backport from 0.4.5.4-rc):
- New "make lsp" command to generate the compile_commands.json file
used by the ccls language server. The "bear" program is needed for
this. Closes ticket 40227.
o Minor features (compilation, backport from 0.4.5.2-rc):
- Disable deprecation warnings when building with OpenSSL 3.0.0 or
later. There are a number of APIs newly deprecated in OpenSSL
3.0.0 that Tor still requires. (A later version of Tor will try to
stop depending on these APIs.) Closes ticket 40165.
o Minor features (crypto, backport from 0.4.5.3-rc):
- Fix undefined behavior on our Keccak library. The bug only
appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel)
and would result in wrong digests. Fixes bug 40210; bugfix on
0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and
weasel for diagnosing this.
o Minor bugfixes (compatibility, backport from 0.4.5.1-rc):
- Strip '\r' characters when reading text files on Unix platforms.
This should resolve an issue where a relay operator migrates a
relay from Windows to Unix, but does not change the line ending of
Tor's various state files to match the platform, and the CRLF line
endings from Windows end up leaking into other files such as the
extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5.
o Minor bugfixes (compilation, backport from 0.4.5.3-rc):
- Fix a compilation warning about unreachable fallthrough
annotations when building with "--enable-all-bugs-are-fatal" on
some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha.
o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc):
- Handle partial SOCKS5 messages correctly. Previously, our code
would send an incorrect error message if it got a SOCKS5 request
that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, backport from 0.4.5.2-alpha):
- Fix the `config/parse_tcp_proxy_line` test so that it works
correctly on systems where the DNS provider hijacks invalid
queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha.
- Fix our Python reference-implementation for the v3 onion service
handshake so that it works correctly with the version of hashlib
provided by Python 3.9. Fixes part of bug 40179; bugfix
on 0.3.1.6-rc.
- Fix the `tortls/openssl/log_one_error` test to work with OpenSSL
3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 4 Feb 2021 12:56:39 +0000 (13:56 +0100)]
pptp: Update to 1.10.0
- Update pptp from 1.7.2 (Jun 2008) to 1.10.0 (Jan 2018)
- No change to rootfile
- Removal of pptp-1.7.2-compat.patch as all changes to pptp_compat.c are
now included in the file in the new tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 4 Feb 2021 12:56:27 +0000 (13:56 +0100)]
less: Update to version 563
- Update less from 530 to 563
- No change in rootfile
- Changelog
Version 563 was released on 21 Oct 2020.
These are the differences between version 551 and version 563:
Update Unicode tables.
Treat Hangul Jamo medial vowels and final consonants as zero width.
Display error message immediately when -o is toggled and input is not a pipe.
Fix regression: make screen repaint when "squished" and a no-movement command is given.
Fix erroneous EOF calculation when F command is interrupted.
Make WIN32C version include this fix from 551: Don't count lines in initial screen if using -X with -F.
Fix display bug in WIN32C version.
Fix memory corruption when built with libtermcap.
Fix crash on some systems due to realpath incompatibility.
Support libtinfow.
Version 551 was released on 11 Jun 2019
551 is the same as 550 except for a few documentation changes.
Version 550 was released on 3 Jun 2019.
These are the differences between version 530 and version 550:
Add --mouse option.
Add --wheel-lines option.
Add --no-histdups option.
Add --save-marks option.
Support PCRE2 regular expression library.
Redraw screen on SIGWINCH even if screen size doesn't change.
Shell-escape filenames in history so they can be used again.
Ring bell if user enters invalid long option name.
Use PCRE_UTF8 flag for pcre regular expressions when in UTF-8 mode.
Windows: use wide-char string to set console title.
Don't count lines in initial screen if using -X with -F.
Support mingw build system.
Fix bug in v command on empty file.
Fix bug in v command when filename contains shell metacharacters.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 4 Feb 2021 12:55:08 +0000 (13:55 +0100)]
findutils: Update to 4.8.0
- Update findutils from 4.6.0 to 4.8.0
- Remove findutils-4.6.0-glibc2.28.patch from lfs as all patch items are now
in the new tarball files.
- Remove sed command on gl/lib/mountlist.c from lfs as all fixes are in the
mountlist.c file in the new tarball.
- Update rootfiles
- Changelog
Following are major changes. Further detailed info available in
changelog file in tarball.
* Noteworthy changes in release 4.8.0 (2021-01-09) [stable]
** Changes in xargs
'xargs -t' no longer outputs a trailing blank to stderr after the last argument
of each constructed command line to be executed. [#57291]
xargs now warns when more than one of the conflicting options --max-lines (-L,
-l), --replace (-i/-I) and --max-args (-n) are specified on the command line.
[#52137]
** Bug Fixes
find no longer crashes when an XFS filesystem is heavily changed during the run.
Discussed at: <https://lists.gnu.org/r/bug-gnulib/2020-04/msg00068.html>
find -used works again. This predicate was not working properly since adding
the support for sub-second timestamp resolution for various predicates in
FINDUTILS_4_3_3-1 back in 2007.
Discussed at: <https://lists.gnu.org/r/bug-findutils/2019-11/msg00010.html>
** Improvements
'find -D exec' now diagnoses all -exec, -execdir, -ok and -okdir runs including
the call arguments and the exit code of the launched process. [#59083]
** Documentation Changes
The documentation of 'find -printf %Ak' has been improved: it now refers to the
strftime(3) documentation for a complete list of supported conversion
specifiers, and documents the 'F' conversion specifier ('yyyy-mm-dd').
The man pages (find.1, locate.1, locatedb.5, updatedb.1, and xargs.1) now
consistently end with the sections "REPORTING BUGS", "COPYRIGHT" and "SEE ALSO",
with the latter referring to the online page on the GNU web server.
The "EXAMPLES" section in the find.1 man page now shows the examples in a better
structure and uses consistent formatting.
Various man page fixes - syntax issues and typos.
[#59745, #59330, #59012, #58193, #57807, #57775]
Other documentation changes:
#58654: doc: clarify that 'find -perm +MODE' is unrelated to umask
#58458: doc: improve section 'Hard links', especially fix the description
regarding 'find -L -samefile FILE'.
#58205: find.1: clarify double dash '--' option
#58149: 'xargs --help' now mentions that --replace (-I, -i) splits the input
at newline characters.
#57025: doc: enhance description of tests accepting numeric arguments in find.1
[see also #49640].
#54730: Add additional valuable example of find -quit
#48135: Fix testsuite error on Hurd and BSD related to ln
#35253: Clarify descriptions of -printf %f, %h.
** Changes to the build process
The configure option --without-fts has been removed. The attempt to use
it stopped configure with an error message since 4.5.18 (2015) anyway.
* Major changes in release 4.7.0, 2019-08-29
** Changes to locate / updatedb
Support for generating old-format databases (with updatedb
--old-format or updatedb --dbformat=old) has been removed. The old
database format was deprecated in 2007 (and updatedb has warned about
this since that time). The locate program will will read old-format
databases, though this support also will be removed.
The updatedb script now operates in the C locale only. This means
that character encoding issues are now not likely to cause sort to
fail. It also honours the TMPDIR environment variable if that was
set, and no longer sorts file names case-insensitively.
The (unspecified) order in which filenames are stored in the locate
database is now different to previous versions. However, you should
not rely on locate's output appearing in any particular order in any
case.
** Improvements
All utilities now only show the full usage text when requested via
the --help option. Previously, when the user passed invalid options
or arguments, the user's attention to the corresponding error
diagnostic was distracted by that lengthy text.
find now accepts multiple file type arguments to the -type and -xtype
options separated by comma ','. For example, to search for symbolic
links and directories simply provide the shorter '-type l,d' instead
of the - yet more portable - '( -type l -o -type d )'.
find now diagnoses failures returned by readdir(). This bug was inherent
in the use of FTS.
find now exits in more cases immediately after the error diagnostic, i.e.,
without the following usage text, to make the former more eye-catching.
find now outputs a better hint in case the user passed an unquoted shell-
glob pattern to options like -name, i.e., when the offending argument is
an existing file.
find now supports the debug option '-D all' to include all of the other
debug options at once.
xargs now supports the -o, --open-tty option to reopen stdin as /dev/tty
in the child process before executing the command; useful to run an
interactive application. Added for compatibility with BSD.
xargs now supports the GNU_FINDUTILS_FD_LEAK_CHECK environment
variable to enable/disable fd leak check.
'xargs -t' (--verbose) now properly quotes each part of the command to the
executed if needed when printing it to stderr; likewise -p (--interactive).
** Documentation Changes
Prefer https:// over http:// links where possible, e.g. for '*.gnu.org' servers.
Both find.1 and the find texinfo manual now consistently document all of the
'N', 'L' and '?' possibilities in '-printf %Y' output when the determination of
the type of a symlink target fails.
find.1 now correctly states the -prune has no effect when the -depth option is
given. Before, it wrongly stated that -prune would return false in that case.
Some minor documentation improvements are listed in "Bug Fixes" below.
** Bug Fixes
#56820: find: improve diagnostic when a global option like -maxdepth is
specified after another argument like a test, thus hopefully avoiding
translation issues (at least French, German).
#56142: doc: fix bug #56142 by specifying which actions inhibit the
default -print.
#55272: find: improve diagnostic when -name or -iname is used with a pattern
containing a directory separator ('/'), suggesting to use -wholename
or -iwholename respectively.
#54859: doc: fix typo in 'xargs -l' examples in texinfo manual.
Change from 'xargs -1' (minus one) to 'xargs -l' (minus El) in 3 places.
#54838: doc: fix the examples of the -perm option in the texinfo documentation.
The example '-perm -g+w,o+w' was misplaced.
Bug present since FINDUTILS_4_2_27-1.
#54262: 'find -printf "%Y"' now correctly outputs 'N' for broken symlinks
(ENOENT or ENOTDIR). Previously, it output 'l' in such a case.
Bug introduced while attempting to fix #29460 in version v4.5.8.
#54171: 'find -depth' now outputs the name of unreadable directories.
Previously, FTS-based find missed to output those entries.
Bug present since the FTS implementation in FINDUTILS_4_3_0-1.
#52981: find: the '-delete' action no longer complains about disappeared files
when the '-ignore_readdir_race' option is given, too. That action will
also returns true in such a case now.
#52220: 'find -D' without any further argument no longer crashes.
Bug present since the implementation of -D in FINDUTILS_4_3_1-1.
#51304: doc: use correct IEC unit prefixes in the documentation of 'find -size'.
find(1) uses binary-based units for the suffixes 'k', 'M', and 'G' of
the argument of the '-size' option: 1024, 1024*1024 and 1024^3.
Therefore, the documentation should use the correct IEC prefixes
kibibyte, mebibyte and gibibyte respectively (or their abbreviations
'KiB', 'MiB' and 'GiB').
#50758: doc: fix the description of the -perm examples matching the permission
mode "022" in find's texinfo manual: the match is for the file's group
and 'other' mode bits instead of for user and group.
Bug introduced when adding the -perm examples in FINDUTILS-4.2.11.
#50326: find no longer leaks memory for a recently added member in gnulib's
mount list structure.
#50259: find -printf '%h' now outputs the correct path for arguments with one or
more trailing slashes. Previously, it would e.g. output "foo" instead
of "." when "foo/" was passed; likewise, it would output "/user/xxx/"
instead of "/user" when "/user/xxx//" was passed.
Bug introduced in FINDUTILS-4.2.19.
#48180: find -noop (an internal option not intended to be exposed to the user)
no longer crashes. Bug introduced in FINDUTILS-4.3.1.
#48030: find -exec + does not pass all arguments for certain specific filename
lengths. After the internal (usually 128k) buffer is full and find(1)
executed the given command with these arguments, it would miss to run
the command yet another time if only one other file argument has to be
processed. Bug introduced in FINDUTILS-4.2.12.
#46784: frcode drops last char if no final newline
** Changes to the build process
The configure option --enable-id-cache has been removed. It has been
a no-op since findnutils-4.5.15.
The configure option --enable-debug has been removed. Debugging in
find is now controlled by its -D option only.
The configure option --enable-silent-rules is the default now.
Use --disable-silent-rules or "make V=1" to get verbose build output.
"make dist" no longer builds .tar.gz files.
xz is portable enough and in wide-enough use that distributing
only .tar.xz files is enough.
Maintainer builds from the Git repository now derive the version string from
the version control system instead of using a fixed string (changed after each
release manually). As a result, the inter-release builds can now be
distinguished: e.g. "4.6.0.152-fe9c" is the 152th commit after the tag "v4.6.0"
and has the Git short hash "fe9c". Builds from an unclean tree are marked with
the suffix "-dirty".
The translation files in the PO directory are no longer version controlled;
instead bootstrap auto-updates them from "translationproject.org" during a
maintainer build.
A shell-style test framework borrowed from GNU coreutils has been added.
This allows better tests with more control over stdin, stdout, stderr,
signals, preparatory steps, cleanup, return code verification, root-only
tests, etc.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 3 Feb 2021 15:01:48 +0000 (16:01 +0100)]
sed: Update to 4.8
- Update sed from 4.4 to 4.8
- Updated rootfile
- Changelog
* Noteworthy changes in release 4.8 (2020-01-14) [stable]
** Bug fixes
- "sed -i" now creates temporary files with correct umask (limited to u=rwx).
Previously sed would incorrectly set umask on temporary files, resulting
in problems under certain fuse-like file systems.
[bug introduced in sed 4.2.1]
** Release
distribute gzip-compressed tarballs once again
** Improvements
a year's worth of gnulib development, including improved DFA performance
* Noteworthy changes in release 4.7 (2018-12-20) [stable]
** Bug fixes
- Some uses of \b in the C locale and with the DFA matcher would fail, e.g.,
the following would mistakenly print "123-x" instead of "123":
echo 123-x|LC_ALL=C sed 's/.\bx//'
- Using a multibyte locale or certain regexp constructs (some ranges,
backreferences) would avoid the bug. [bug introduced in sed 4.6]
* Noteworthy changes in release 4.6 (2018-12-19) [stable]
** Improvements
- sed now prints a clear error message when r/R/w/W (and s///w) commands
are missing a filename. Previously, w/W commands would fail with confusing
error message, while r/R would be a silent no-op.
- sed now uses fully-buffered output (instead of line-buffered) when
writing to files. This should noticeably improve performance of "sed -i"
and other write commands.
Buffering can be disabled (as before) with "sed -u".
- sed in non-cygwin windows environments (e.g. mingw) now properly handles
'\n' newlines in -b/--binary mode.
** Bug fixes
- sed no longer accesses invalid memory (heap overflow) when given invalid
backreferences in 's' command [bug#32082, present at least since sed-4.0.6].
- sed no longer adds extraneous NUL when given s/$//n command.
[related to bug#32271, present since sed-4.0.7]
- sed no longer accesses invalid memory (heap overflow) with s/$//n regexes.
[bug#32271, present since sed-4.3].
** New Features
New option, --debug: print the input sed script in canonical form
and annotate program execution.
* Noteworthy changes in release 4.5 (2018-03-31) [stable]
** Bug fixes
- sed now fails when matching very long input lines (>2GB).
Before, sed would silently ignore the regex without indicating an
error. [Bug present at least since sed-3.02]
- sed no longer rejects comments and closing braces after y/// commands.
[Bug existed at least since sed-3.02]
- sed -E --posix no longer ignores special meaning of '+','?','|' .
[Bug introduced in the original implementation of --posix option in v4.1a-5-gba68fb4]
- sed -i now creates selinux context based on the context of the symlink
instead of the symlink target. [Bug present since at least sed-4.2]
- sed -i --follow-symlinks remains unchanged.
- sed now treats the sequence '\x5c' (ASCII 92, backslash) as literal
backslash character, not as an escape prefix character.
[Bug present since sed-3.02.80]
Old behavior:
$ echo z | sed -E 's/(z)/\x5c1/' # identical to 's/(z)/\1/'
z
New behavior:
$ echo z | sed -E 's/(z)/\x5c1/'
\1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 3 Feb 2021 15:01:36 +0000 (16:01 +0100)]
newt: Update to 0.52.21
- Update newt from 0.52.18 to 0.52.21
- Updated rootfile
- Changelog
0.52.21
- define env NEWT_NOFLOWCTRL to disable flow control (Robert Gill)
- don't leak memory on errors in dialogboxes
- fix radio button selection check in snack
- fix plural forms in Lithuanian translation (#1568999)
- fix parallel build (Émeric Dupont)
- allow python versions to be specified with --with-python option
0.52.20
- improve handling of long strings in whiptail menu (#1353792)
- support screen resize as hotkey in form (#1432926)
0.52.19
- support --notags in whiptail checklist and radiolist (#1319794)
- don't hard-code -I/usr/include/slang in CPPFLAGS (Alex Suykov)
- use $(CC) instead of $(CPP) to generate .depend files (Samuel Martin)
- update translations from Zanata
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 3 Feb 2021 15:01:21 +0000 (16:01 +0100)]
lvm2: Update to 2.02.187
- Update lvm2 from 2.02.181 to 2.02.187
- Updated rootfile
- Changelog
Version 2.02.187 - 24th March 2020
==================================
Avoid running cache input arg validation when creating vdo pool.
Prevent raid reshaping of stacked volumes.
Ensure minimum required region size on striped RaidLV creation.
Fix resize of thin-pool with data and metadata of different segtype.
Fix splitting mirror leg in cluster.
Fix activation order when removing merged snapshot.
Add support for DM_DEVICE_GET_TARGET_VERSION into device_mapper.
Add lvextend-raid.sh to check on RaidLV extensions synchronization.
Fix lvmetad shutdown and avoid lenghty timeouts when rebooting system.
Prevent creating VGs with PVs with different logical block sizes.
Pvmove runs in exlusively activating mode for exclusively active LVs.
Activate thin-pool layered volume as 'read-only' device.
Ignore crypto devices with UUID signature CRYPT-SUBDEV.
Enhance validation for thin and cache pool conversion and swapping.
Fixed activation on boot - lvm2 no longer activates incomplete VGs.
Version 2.02.186 - 27th August 2019
===================================
Improve internal removal of cached devices.
Synchronize with udev when dropping snapshot.
Add missing device synchronization point before removing pvmove node.
Correctly set read_ahead for LVs when pvmove is finished.
Fix metadata writes from corrupting with large physical block size.
Report no_discard_passdown for cache LVs with lvs -o+kernel_discards.
Prevent shared active mirror LVs with lvmlockd.
Version 2.02.185 - 13th May 2019
================================
Fix change of monitoring in clustered volumes.
Improve -lXXX%VG modifier which improves cache segment estimation.
Add synchronization with udev before removing cached devices.
Fix missing growth of _pmspare volume when extending _tmeta volume.
Automatically grow thin metadata, when thin data gets too big.
Add support for vgsplit with cached devices.
Fix signal delivery checking race in libdaemon (lvmetad).
Add missing Before=shutdown.target to LVM2 services to fix shutdown ordering.
Version 2.02.184 - 22nd March 2019
==================================
Fix (de)activation of RaidLVs with visible SubLVs
Change scan_lvs default to 0 so LVs are not scanned for PVs.
Add scan_lvs config setting to control if lvm scans LVs for PVs.
Fix missing proper initialization of pv_list struct when adding pv.
Version 2.02.183 - 07th December 2018
=====================================
Avoid disabling lvmetad when repair does nothing.
Fix component detection for md version 0.90.
Use sync io if async io_setup fails, or use_aio=0 is set in config.
Avoid opening devices to get block size by using existing open fd.
Version 2.02.182 - 30th October 2018
====================================
Fix possible write race between last metadata block and the first extent.
Fix filtering of md 1.0 devices so they are not seen as duplicate PVs.
Fix lvconvert striped/raid0/raid0_meta -> raid6 regression.
Add After=rbdmap.service to {lvm2-activation-net,blk-availability}.service.
Fix pvs with lvmetad to avoid too many open files from filter reads.
Fix pvscan --cache to avoid too many open files from filter reads.
Reduce max concurrent aios to avoid EMFILE with many devices.
Fix lvconvert conversion attempts to linear.
Fix lvconvert raid0/raid0_meta -> striped regression.
Fix lvconvert --splitmirror for mirror type (2.02.178).
Do not pair cache policy and cache metadata format.
Fix mirrors honoring read_only_volume_list.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 3 Feb 2021 15:00:54 +0000 (16:00 +0100)]
elfutils: Update to 0.182
- Update elfutils from 0.176 to 0.182
- Updated rootfile
- From version 0.178 debuginfod client/server capability was added.
Additional .configure options required to disable debuginfod
and libdebuginfod
- Changelog
2020-10-28 Mark Wielaard <mark@klomp.org>
* configure.ac: Set version to 0.182.
* NEWS: Add 0.182 section.
2020-10-28 Tom Tromey <tom@tromey.com>
* .gitignore: Add /tests/leb128.
2020-10-01 Frank Ch. Eigler <fche@redhat.com>
PR25461
* configure.ac: Add --enable-debuginfod-urls[=URLS] option.
2020-09-18 Mark Wielaard <mark@klomp.org>
* configure.ac: Check availability of libzstd and zstd.
2020-09-08 Mark Wielaard <mark@klomp.org>
* configure.ac: Set version to 0.181.
* NEWS: Add 0.181 section.
2020-08-20 Dmitry V. Levin <ldv@altlinux.org>
* configure.ac (--enable-libdebuginfod): AC_DEFINE ENABLE_LIBDEBUGINFOD.
2020-07-17 Mark Wielaard <mark@klomp.org>
* configure.ac: Set -DBAD_FTS=1 also for CXXFLAGS.
2020-06-19 Mark Wielaard <mark@klomp.org>
* Makefile.am (SUBDIRS): Always add debuginfod.
* configure.ac (debuginfod): Split off...
(libdebuginfod): ... this. Also add DUMME_DEBUGINFOD.
2020-06-15 Sergei Trofimovich <slyfox@gentoo.org>
* configure.ac: Use READELF in build-id check.
2020-06-11 Mark Wielaard <mark@klomp.org>
* configure.ac: Set version to 0.180.
* NEWS: Add 0.180 section.
* .gitignore: Update with new generated file.
2020-06-10 Mark Wielaard <mark@klomp.org>
* configure.ac (MODVERSION): Remove.
2020-03-30 Mark Wielaard <mark@klomp.org>
* configure.ac: Set version to 0.179.
* NEWS: Add 0.179 section.
2020-03-25 Mark Wielaard <mark@klomp.org>
* README: Update mailinglist subscription info.
* CONTRIBUTING: Likewise.
2020-02-03 Frank Ch. Eigler <fche@redhat.com>
* configure.ac: Tolerate CXX= for debuginfod configuration.
2019-12-11 Omar Sandoval <osandov@fb.com>
* configure.ac: Apply -Werror after user-defined CFLAGS in
-D_FORTIFY_SOURCE=2 check.
2019-12-06 Mark Wielaard <mark@klomp.org>
* configure.ac: Add ac_cv_buildid check.
2019-11-26 Mark Wielaard <mark@klomp.org>
* configure.ac: Set version to 0.178.
NEWS: Add 0.178 section.
2019-11-26 Mark Wielaard <mark@klomp.org>
* configure.ac: Add CXXFLAGS for gcov.
2019-10-28 Aaron Merey <amerey@redhat.com>
* debuginfod/: New directory for debuginfod code.
* Makefile.am (SUBDIRS): Recurse there.
* configure.ac (--enable-debuginfod): New flag & checks.
2019-08-25 Jonathon Anderson <jma14@rice.edu>
* configure.ac: Add new --enable-valgrind-annotations
* configure.ac: Add new --with-valgrind (headers only)
2019-07-05 Omar Sandoval <osandov@fb.com>
* configure.ac: Get rid of --enable-libebl-subdir.
* Makefile.am (SUBDIRS): Reorder backends and libcpu before libebl to
satisfy build dependencies.
2019-08-13 Mark Wielaard <mark@klomp.org>
* configure.ac: Set version to 0.177.
* NEWS: Mention elfclassify, readelf DW_AT_data_member_location
and DW_AT_discr_list attribute changes, dwarf.h DW_AT_GNU additions,
dwelf_elf_e_machine_string function, dwelf_elf_begin change and
C-SKY backend support.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 3 Feb 2021 15:01:07 +0000 (16:01 +0100)]
fcron: Update to 3.2.1
- Update fcron from 3.2.0 (Jul 2014) to 3.2.1 (Jun 2016 - latest version)
- Updated rootfile
- Changelog
From version 3.2.0 to 3.2.1
* @-line can now be run every second (minimum every 10s previously)
* Fixed occasional 1s slippage. This was due to a race condition
between when time_to_sleep is run and when we compute how long to
sleep for, which could happen in the following second: if that
happened we end up sleeping for 1s instead of not sleeping at all.
The fix was to replace time_to_sleep() by next_wake_time().
* add From: header to emails. Similarly to other crons, use: "From:
%s (fcron)" with %s being either the user the job is run as or the
value of MAILFROM.
* The installation script now supports systemd fully.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Feb 2021 21:46:14 +0000 (22:46 +0100)]
p7zip: Update to 17.03
- Update p7zip from 16.02 (Jul 2016) to 17.03 (Dec 2020)
- Version 16.02 was the last version by the previous dev team.
A fork was created in May 2020 with version 17.01
- Rootfile updated
- Changelog
Version 17.03
=============
- add zstd to zip
- add hash algorithm
- XXHASH32
- XXHASH64
- MD2
- MD4
- MD5
- sha384
- sha512
- add Lzfse to dmg
- add lz5 to 7z
- add lizard to 7z
- update lz4 to v1.9.3
- add brotli to 7z
- update cmake build
- fix xz crc64 error
- use system local to select OEM code
- add rpm install
- fix lzma2 and flzma22 call the same algorithm
- add 7zr build
- fix tar format link file compress and decompress
Version 17.02
=============
- p7zip 17.02 is more like 7zip 17.01(only 7za and 7z),The difference from 7zip 17.01
and older version p7zip is the following description
- Supports Fast lzma2 1.0.1 compression method
- Update Zstd method to 1.4.5
- Add zstd method parameters in 7z format
ZSTD parameters NEW name:
strategy -> strat
fast -> fast
long -> long
WindowLog -> wlog
HashLog -> hlog
ChainLog -> clog
SearchLog -> slog
MinMatch -> slen
TargetLen -> tlen
OverlapLog -> ovlog
LdmHashLog -> ldmhlog
LdmSearchLength -> ldmslen
LdmBucketSizeLog -> ldmblog
LdmHashRateLog -> ldmhevery
- Fix symlink files contained inside tar and squashfs as regular file
- Add lz4 and Zstd decompress method to squashfs
Version 17.01
=============
- Fix BUG CVE-2018-10115
- Fix BUG CVE-2018-5996
- Fix BUG CVE-2017-17969
- Fix BUG CVE-2016-9296
- The bug fixes in version 17.01 address the same CVE bugs as the
p7zip-16.02-consolidated_fixes-1.patch Therefore this patch is no longer needed
- The patches for CVE-2016-2334 & 2335 were for versions before 16.00 so are no longer needed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Feb 2021 21:46:01 +0000 (22:46 +0100)]
automake: Update to 1.16.3
- Update automake from 1.16.2 to 1.16.3
- No change to rootfile
- New in 1.16.3:
* New features added
- In the testsuite summary, the "for $(PACKAGE_STRING)" suffix
can be overridden with the AM_TESTSUITE_SUMMARY_HEADER variable.
* Bugs fixed
- Python 3.10 version number no longer considered to be 3.1.
- Broken links in manual fixed or removed, and new script
contrib/checklinkx (a small modification of W3C checklink) added,
with accompany target checklinkx to recheck urls.
- install-exec target depends on $(BUILT_SOURCES).
- valac argument matching more precise, to avoid garbage in DIST_COMMON.
- Support for Vala in VPATH builds fixed so that both freshly-generated and
distributed C files work, and operation is more reliable with or without
an installed valac.
- Dejagnu doesn't break on directories containing spaces.
* Distribution
- new variable AM_DISTCHECK_DVI_TARGET, to allow overriding the
"make dvi" that is done as part of distcheck.
* Miscellaneous changes
- install-sh tweaks:
. new option -p to preserve mtime, i.e., invoke cp -p.
. new option -S SUFFIX to attempt backup files using SUFFIX.
. no longer unconditionally uses -f when rm is overridden by RMPROG.
. does not chown existing directories.
- Removed function up_to_date_p in lib/Automake/FileUtils.pm.
We believe this function is completely unused.
- Support for in-tree Vala libraries improved.
- Full change details are in ChangeLog file in tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Feb 2021 21:45:41 +0000 (22:45 +0100)]
acl: Update to 2.2.53
- Update acl from 2.2.52 (May 2013) to 2.2.53 (Jun 2018 - latest version)
- Rootfile updated
- No make rules for install-lib or install-dev in new version. Only for install
- Changelog in tarball has 2.2.49 (Nov 2009) as the latest change
- Could not find changelog info anywhere else.
- Following changelog created by extracting from git commits (thanks for idea Peter Mueller)
- include: fix uninstall for `make distcheck` Mike Frysinger
- acl.5 man page: Update link to POSIX.1e draft Andreas Gruenbacher
- test: add regression test Dmitry V. Levin
- Enable large-file support on systems that do not enable it by default Dmitry V. Levin
- libacl: Fix acl_from_text() returning NULL on all input Dmitry V. Levin
- setfacl --restore: Silence valgrind Andreas Gruenbacher
- setfacl: Preserve special mode bits on filesystems without POSIX ACL support Andreas Gruenbacher
- setfacl.1: document the meaning of '-' in perms Kamil Dudka
- setfacl: Allow more than four characters in the perms field Andreas Gruenbacher
- permissions.test: Fix umask Andreas Gruenbacher
- Add additional group names for root-specific tests Andreas Gruenbacher
- libtestlookup: Add missing EXPORT and static declarations Andreas Gruenbacher
- Minor man-page clarifications Andreas Gruenbacher
- Remove ACL_ADD and ACL_DELETE Andreas Gruenbacher
- test: fixups on SELinux machines for root testcases He Zhe
- libacl: Ignore warning in parse_acl_entry() Andreas Gruenbacher
- Cleanup visibility of API functions Yury Usishchev
- Cleanup internal headers usage Yury Usishchev
- Rework config.h usage Yury Usishchev
- walk_tree_rec: Add parentheses to clarify code Andreas Gruenbacher
- __acl_from_xattr: Set errno for invalid tag types Andreas Gruenbacher
- Fix checks for valid permissions in input Corinna Vinschen
- use portable AC_C_BIGENDIAN Mike Frysinger
- quote: escape literal backslashes Jeff Mahoney
- test: Add helper library to fake passwd/group files Jeff Mahoney
- ignore configure.lineno Mike Frysinger
- walk_tree: mark internal variables as static Dmitry V. Levin
- Do not export symbols that are not supposed to be exported Dmitry V. Levin
- getfacl: Fix minor resource leak Andreas Gruenbacher
- setfacl man page: Minor wording improvements Andreas Gruenbacher
- Fix the display block nesting in acl.5 Andreas Gruenbacher
- getfacl: Fix memory leak Andreas Gruenbacher
- fix compilation with latest xattr git Brice De Bruyne
- libacl: acl_set_file: Remove unnecesary racy check Andreas Gruenbacher
- cp.test: Check permissions of the right file Andreas Gruenbacher
- add __acl_ prefixes to internal symbols Mike Frysinger
- mark libmisc funcs as hidden so they are not exported Mike Frysinger
- telldir return value and seekdir second parameters are of type long Cristian Rodríguez
- read_acl_{comments,seq}: switch to next_line Mike Frysinger
- read_acl_{comments,seq}: rename "line" to "lineno" Mike Frysinger
- build: ship a pkgconfig file for libacl Mike Frysinger
- build: make use of an aux-dir to stow away helper scripts Mike Frysinger
- build: drop aclincludedir, use pkgincludedir Mike Frysinger
- po: regenerate files after move Mike Frysinger
- modernize build system Mike Frysinger
- test: make running parallel/out-of-tree safe Mike Frysinger
- move gettext logic into misc.h Mike Frysinger
- punt debian/rpm packaging logic Mike Frysinger
- libacl: fix SIGSEGV of getfacl -e on overly long group name Kamil Dudka
- libacl: Make sure that acl_from_text() always sets errno when it fails Andreas Gruenbacher
- Use autoreconf rather than autoconf to regenerate the files. Fabrice Bauzac
- .gitignore: ignore *~ and config.h.in. Fabrice Bauzac
- Bad markup in acl.5 page Eric S. Raymond
- Makefile: rename configure.in to configure.ac Mike Frysinger
- test: fix insufficient quoting of '\' Kamil Dudka
- setfacl.1: fix typo 'inclu de' -> 'include' John Bradshaw
- Install the libraries to the appropriate directory Brandon Philips
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
i have added the gatewayfield at the line below the IP and Netmask
fields but prior this fields so the cursor jumps first the the gateway
and after this to the IP. This patch fix the activation order.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 1 Feb 2021 18:37:27 +0000 (19:37 +0100)]
lynis: update to 3.0.3
The changelog of lynis 3.0.3 is available at
https://github.com/CISOfy/lynis/releases/tag/3.0.3; all changes since
lynis 3.0.1 can be inspected at https://github.com/CISOfy/lynis/releases.
lynis 3.0.2 adds detection for IPFire, so we can hope to have those
"unknown operating system" messages omitted in future. :-)
Minor adjustments to LFS and rootfile were necessary to purge unused
CI/CD stuff as well as some markdown files (licence, code of conduct,
etc. pp.) from the extracted archive.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 1 Feb 2021 10:53:25 +0000 (10:53 +0000)]
make.sh: Do not decrease nice level of build
This was designed to keep a workstation that is compiling IPFire
responsive during the build. However, the kernel's scheduler has been
improved enough that this is no longer an issue.
Instead of telling the kernel that the build job is something with a
lower priority (which it isn't) we now simply run with the nicelevel of
the parent process that has called make.sh.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 31 Jan 2021 20:33:27 +0000 (21:33 +0100)]
libseccomp: update to 2.5.1
Release notes as per https://github.com/seccomp/libseccomp/releases/tag/v2.5.1:
Version 2.5.1 - November 20, 2020
Fix a bug where seccomp_load() could only be called once
Change the notification fd handling to only request a notification fd if
the filter has a _NOTIFY action
Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
Clarify the maintainers' GPG keys
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 31 Jan 2021 17:36:43 +0000 (18:36 +0100)]
qemu: Update to 5.2.0
- Update qemu from 5.0.0 to 5.2.0
- Changelogs for 5.1.0 and 5.2.0 available at https://wiki.qemu.org/ChangeLog/
- rootfile updated
- patch no longer needed as fix built into source. patch was not utilised
for 5.0.0 version. Patch line was commented out in previous lfs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 30 Jan 2021 22:40:47 +0000 (23:40 +0100)]
cups-filters: Update to 1.28.7
- Update cups-filters from 1.27.4 to 1.28.7
- Changelog
CHANGES IN V1.28.7
- driverless: Removed the support quality check from Pull
request #235 as it takes significant time for each printer
being listed, making cups-driverd (`lpinfo -m`) timing out
when there are many printers (OpenPrinting CUPS issue #65).
- libcupsfilters: In the PPD generator give priority to Apple
Raster against PDF (Issue #331).
- libcupsfilters: Added NULL check when removing ".Borderless"
suffixes from page size names (Issue #314, Pull request
#328).
- libcupsfilters: In the cupsRasterParseIPPOptions() map the
color spaces the same way as in the PPD generator (Issue
#326, Pull request #327).
- libcupsfilters: Fixed addition of grayscale mode in
generated PPD files, to avoid duplicate entries
(OpenPrinting CUPS issue #59).
CHANGES IN V1.28.6
- libcupsfilters: In generated PPDs add a grayscale mode if
there are only color printing modes (from OpenPrinting
CUPS).
- libcupsfilters: In generated PPDs add an "OutputBin" option
also if it has only one choice (OpenPrinting CUPS pull
request #18).
- libcupsfilters: Generated PPDs could have an "Unknown"
default InputSlot (OpenPrinting CUPS issue #44).
- cups-browsed: Removed unneeded IPP attribute additions
preventing the created local queues from preserving a
location or description the user assigns to them (Issue
#323).
- cups-browsed: Removed all calls of the resolve_uri() function
of libcupsfilters, as these are not actually needed and in case
the supplied DNS-SD-based URI is not resolvable, the function
gets stuck for ~5 seconds.
- cups-browsed: Fixed several memory leaks, mainly from the
code to merge printer IPP attributes for clusters (Pull
request #322).
- cups-browsed: Silenced compiler warning.
- foomatic-rip: Fix infinite loop and input from file on raw
printing (Pull request #318).
- foomatic-rip: Remove temporary file created during pdf-to-ps
conversion (Pull request #313).
CHANGES IN V1.28.5
- cups-browsed: UUID from IPP response was used after its
pointer was freed by ippDelete() (Pull request #311).
CHANGES IN V1.28.4
- driverless: Avoid duplicate PPD list entries from the same
device via UUID
- driverless: Reduce ippfind calls by "driverless" and
"driverless-fax"called by CUPS. Let "driverless list" list
both print and fax PPDs and "driverless-fax list" do
nothing.
- driverless: Avoid duplicate listings in printer discovery,
by "driverless-fax" not listing any URI as "driverless"
lists them all already.
- driverless: Vastly improve performance by doing only one
ippfind call instead of two (IPP, IPPS) as ippfind accepts
more than one reg type on the command line.
- Sample PPDs: Corrected manufacturer name in
Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd.
CHANGES IN V1.28.3
- libcupsfilters, cups-browsed: Fixed inconsistency between
resolvers for DNS-SD-based URIs, resolve_uri() and
ippfind_based_uri_converter(). Now both return a freeable
string.
- libcupsfilters: Fix uninitialized buffer and parsing ippfind
output in ippfind_based_uri_converter() function (Issue
#308, Pull request #309).
CHANGES IN V1.28.2
- driverless: Free allocated memory, use MAX_OUTPUT_LEN (Pull
request #304).
- driverless: Make the two ippfind tasks(for IPP
and IPPS) run in parallel (Pull request #302, #305, #306).
- braille: Support new liblouis tables not containing a
display name (Pull request #303)
- Build system: Let ./configure not error out when there is
more than one DejaVuSans.ttf test font candidate (Issue
#300).
- cups-browsed: Crash when a remote printer set as default
gets removed, due to missing variable in printf() call
(Issue #299).
- libcupsfilters: Removed all signal handling and global
variables from get_printer_attributes() and
ippfind_based_uri_converter(). This is overkill for these
quick operations and causes problems when shutting down
cups-browsed (Issue #298).
CHANGES IN V1.28.1
- COPYING: Fixed several typos
- libcupsfilters: Fixed typo in log message of
get_printer_attributes functions.
- cups-browsed: Fixed typos in configuration file and man page
- libcupsfilters: Let the PPD generator not suffix page size
names with ".Borderless" if all page sizes would get this
suffix, for example for printers which generally print
borderless.
- libcupsfilters: Added "faxPrefix" option for generated IPP
Fax Out PPDs, so that this option also appears in print
dialogs.
- driverless: List addresses for local services correctly when
using "--std-ipp-uris" (with "localhost" hostname).
- driverless: Make calls of the ippfind utility somewhat faster,
setting the timeout of ippfind to automatic.
- libcupsfilters: Resolve DNS-SD-based URIs for local services
correctly (using hostname "localhost").
- libcupsfilters: In get_printer_attributes() functions do not
try to convert URIs which are not DNS-SD-based (Issue #294).
- libcupsfilters: In get_printer_attributes() functions also
support URIs with "dnssd://..." scheme.
- libcupsfilters: Moved signal handling back into main
function of the get_printer_attributes() variants, it got
moved out accidentally.
- driverless: For generating a PPD, independent whether via
"driverless URI" or "driverless cat URI", always allow CUPS
driver URIs (prefixed with "driverless: " or
"driverless-fax:") and pure IPP URIs.
- driverless: Accept clean IPP URIs also for 'driverless cat
...' (Issue #295, Pull request #296).
- driverless-fax: Do not use fixed path for call of driverless
itself (Pull request #293).
CHANGES IN V1.28.0
- driverless, driverless-fax, libcupsfilters: Added IPP Fax
Out support. Now printer setup tools list an additional fax
"driver". A fax queue is created by selecting this
driver. Jobs have to be sent with "-o phone=12345" to supply
the destination phone number (Pull request #280).
- libfontembed: Silenced warning with gcc 10.x (Pull request
#287).
- cups-browsed: Added ./configure options
--enable-saving-created-queues and
--with-remote-cups-local-queue-naming (Pull request: #253,
#285).
- cups-browsed: Fixed several memory leaks, mainly from the
code to merge printer IPP attributes for clusters (Pull
request #281, #283).
- driverless: Added "--std-ipp-uris" command line option to
show listed URIs in standard hostname-based form (not the
CUPS DNS-SD-service-name-based form. Only for manual call of
the utility, for debugging purposes (Pull request #277).
- libfontembed: Removed assert() calls which cause crashes
when unsupported emoji fonts are installed (Issue #254, Pull
request #276).
- driverless: Added support for IPPS (use "ipps://..." URIs if
possible, Issue #251, Pull request #270, #273).
- gstoraster, gstopdf: When converting PostScript to PDF use
the "pdfwrite" output device with "-dPDFSETTINGS=/default"
instead of with "-dPDFSETTINGS=/printer". This reproduces
bitmaps in the PostScript file with their original image
quality (Issue #272).
- cups-browsed: Limit log file size and add backup file for
previous log entries. Introduced the configuration option
DebugLogFileSize in cups-browsed.conf to set the actual
limit in kilobytes or 0 to get the old behavior of an
unlimited size for the log file (Issue #260, Pull request
#267).
- gstoraster, gstopdf: Do not apply margins when output format
is PDF, as then we convert an incoming PostScript file to
PDF (pre-pdftopdf) and do not prepare the pages for the
printer (post-pdftopdf, Issue #250).
- cups-browsed: Do not write any log messages directly to
stderr, there were some concerning timeouts on queue
creation (Issue #260).
- Build system: Fix cross-compilation without DejaVu test font
in configure.ac (Issue #262, Pull request #263).
- libcupsfilters: Respect the fact that PPD keywords
are case-sensitive when adding "*cupsManualCopies: True" in
PPD file (Issue #242).
- libcupsfilters: Older versions of libcups (< 2.3.1)
had the enum name for fold-accordion finishings mistyped.
Added a workaround.
- cups-browsed: Remove left-over local queues from the
previous session more quickly when CUPS legacy browsing is
turned on.
- cups-browsed: Left-over local queues from the previous
session for which the corresponding remote printer did not
appear again did not get removed as they were considered
externally overwritten.
- gstoraster, gstopdf: Add option "-dDoNumCopies" to
Ghostscript command line if we are outputting PDF (called
via gstopdf wrapper) and the number of copies supplied to
CUPS is 1 (4th command line argument). In this case we
convert incoming PostScript to PDF and need to respect
embedded PostScript commands to implement the number of
copies (Issue #255, CUPS Issue #5796, OpenSUSE bug
#1173345).
- imagetoraster: Potential null dereference fix (when no valid
PPD is supplied, Pull request #256).
- cups-browsed: Call cupsGetNamedDest() only if
"OnlyUnsupportedByCUPS No"
- Sample PPDs: Corrected ColorModel default for Generic PWG
Raster PPD to Color (Pull request #247).
- cups-browsed: Mark the temp queue as cups-browsed-generated
during setting printer-is-shared (Pull request #246).
- cups-browsed: Remove mentions of README and AUTHORS files in
the man page (Pull request #244).
- pclmtoraster: Added new filter to extract Raster data from
raster-only PDF files, here for the special case of PCLm
files (Pull request #243, #257).
- Sample PPDs: In Generic-PDF_Printer-PDF.ppd add option to
switch between color and grayscale printing (Pull request
#237).
CHANGES IN V1.27.5
- cups-browsed: Do not remove the created local queues on
shutdown, to avoid their re-creation on restart, so that
desktops get no cluttered with notifications of new queues
being created. One can return to the old behavior via
"KeepGeneratedQueuesOnShutdown No" in cups-browsed.conf
(Ubuntu bug #1869981, #1878241).
- cups-browsed: Do not accept DNS-SD broadcasts of IPPS type
of "remote" CUPS queues of another CUPS instance on the
local machine. This way we get a local queue pointing to
such a printer only in unencrypted version (IPP). For some
reason printing from one CUPS server to another on the same
machine works only unencrypted.
- foomatic-rip: Map two-sided-short-edge to DuplexTumble (Pull
request #236)
- Build system: In configure.ac use AS_IF instead of
AC_CHECK_FILE for font check (Issue #239, Pull request #240)
- cups-browsed: Cleaned up code for determining to which CUPS
server (host/port/domain socket) to connect, so that
connection via DomainSocket cups-browsed.conf directive,
CUPS_SERVER and IPP_PORT environment variables and all
defaults and methods of libcups, including CUPS' client.conf
work.
- gstoraster, rastertopdf: Do not pass NULL to fprintf() (Pull
request #230).
- libcupsfilters: Silence compiler warning (Pull request #229).
- rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 30 Jan 2021 22:40:27 +0000 (23:40 +0100)]
cifs-utils: Update to 6.12
- Update cifs-utils from 5.9 to 6.12
- Changelog - URL for each change gives more details of changes
December, 2020: Release 6.12
get/setcifsacl tools are improved to support changing owner, group and SACLs
mount.cifs is enhanced to use SUDO_UID env variable for cruid
smbinfo is re-written in Python language
https://lists.samba.org/archive/samba-technical/2020-December/136156.html
September, 2020: Release 6.11
CVE-2020-14342: mount.cifs: fix shell command injection
https://lists.samba.org/archive/samba-technical/2020-September/135747.html
December 16, 2019: Release 6.10
smb3 alias/fstype is added
smb2-quota tool is added to display quota information
smb2-secdesc UI tool to view security descriptors is added
smbinfo is enhanced with capabilities to dump session keys and get/set compression of files
smbinfo bash completion is supported
getcifsacl tool is improved to support multiple files
https://lists.samba.org/archive/samba-technical/2019-December/134662.html
April 5, 2019: Release 6.9
smbinfo utility is added to query various kinds of information from the server (objectId, snapshots, different FileInfo* classes and other metadata)
server IP change is supported by expiring DNS key resolver entries
get/setcifsacl tools are improved to handle unexpected behavior
share snapshot are allowed to be specified by a GMT token or SMB 100-nanoseconds time
various new mount option are documented: bsize, handletimeout, handlecache, rdma, max_credits and others
https://lists.samba.org/archive/samba-technical/2019-April/133233.html
March 9, 2018: Release 6.8
man pages updates (auto-negotiate protocol version by default) and cleanups (moving to .rst format)
setcifsacl: fix security descriptor buffer size mismatch
cifscreds: fix a segfault for incorrect usage
minor mount.cifs fixes
https://lists.samba.org/archive/samba-technical/2018-March/126227.html
March 2, 2017: Release 6.7
fixes for regressions from cifs.upcall overhaul
mount.cifs cleanups
https://lists.samba.org/archive/samba-technical/2017-March/119036.html
September 3, 2016: Release 6.6
cleanup/overhaul of cifs.upcall krb5 credcache handling
https://lists.samba.org/archive/samba-technical/2016-September/115974.html
February 22, 2016: Release 6.5
mount.cifs: ignore x- mount options
minor build fixes
minor manpage fix
https://lists.samba.org/archive/samba-technical/2016-February/112372.html
July 11, 2014: Release 6.4
allow PAM directory to be configurable
better determination of default keytab file
better cifscreds error handling
uppercase devicename when retrying mount
https://lists.samba.org/archive/samba-technical/2014-July/101132.html
January 9, 2014: Release 6.3
fixes for various bugs turned up by Coverity
clean unused cruft out of upcall binary
add new pam_cifscreds PAM module for establishing NTLM creds on login
https://lists.samba.org/archive/samba-technical/2014-January/097124.html
October 4, 2013: Release 6.2
setcifsacl can now work without a plugin
systemd-ask-password is found using $PATH now
cifs.upcall now works with KEYRING: credcaches
https://lists.samba.org/archive/samba-technical/2013-October/095287.html
July 2, 2013: Release 6.1
minor bugfixes
allow cifs.upcall to use dedicated keytab
https://lists.samba.org/archive/samba-technical/2013-July/093601.html
March 25, 2013: Release 6.0
minor bugfixes and documentation updates
support for NFS-style device names removed
https://lists.samba.org/archive/samba-technical/2013-March/091169.html
- Rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 30 Jan 2021 22:40:11 +0000 (23:40 +0100)]
screen: Update to 4.8.0
- Update screen from 4.2.1 to 4.8.0
- Changelog
Version 4.8.0 (05/02/2020)
* Improve startup time by only polling for files to close
Fixes:
- Fix for segfault if termcap doesn't have Km entry
- Make screen exit code be 0 when checking --version
- Fix potential memory corruption when using OSC 49
Version 4.7.0 (02/10/2019)
* Add support for SGR (1006) mouse mode
* Add support for OSC 11
* Update Unicode ambiguous and wide tables to 12.1.0
* Fixes:
- cross-compilation support (bug #43223)
- a lot of manpage fixes and cleanups
Version 4.6.2 (23/10/2017):
* Fixes:
- revert changes to cursor position restore behavour (bug #51832)
- set freed pointer to NULL (bug #52133)
- documentation fixes
- fix windowlist crashes (bug #43054 & #51500)
Version 4.6.1 (10/07/2017):
* Fixes:
- problems with starting session in some cases
- parallel make install
- segfault when querying info on nonUTF locale (bug #51402)
Version 4.6.0 (28/06/2017):
* Update Unicode wide tables to 9.0 (bug #50044)
* Support more serial speeds
* Improved namespaces support
* Migrate from fifos to sockets
* Start viewing scrollback at first line of output (bug #49377)
Version 4.5.1 (25/02/2017):
* Fixes:
- logfile permissions problem (CVE-2017-5618)
- SunOS build problem (bug #50089)
- FreeBSD core dumps (bug #50143)
Version 4.5.0 (10/12/2016):
* Allow specifying logfile's name via command line parameter '-L'
* Fixes:
- broken handling of "bind u digraph U+" (bug #48691)
- crash with long $TERM (bug #48983)
- crash when bumping blank window
- build for AIX (bug #49149)
- %x improperly separating arguments
- install with custom DESTDIR (bug #48370)
Version 4.4.0 (19/06/2016):
* Support up to 24 function keys
* Fix runtime issues
* 'logfile' command, starts logging into new file upon changing
Version 4.3.1 (28/06/2015):
* Fix resize bug
Version 4.3.0 (13/06/2015):
* Introduce Xx string escape showing the executed command of a window
* Implement dead/zombie window polling, allowing for auto reconnecting
* Allow setting hardstatus on first line
New Commands:
* 'sort' command sorting windows by title
* 'bumpleft', 'bumpright' - manually move windows on window list
* 'collapse' removing numbering 'gaps' between windows, by renumbering
* 'windows' command now accepts arguments for use with querying
- Rootfile updated
- Two screen patchfiles deleted as the patch changes are now built into
the source files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 30 Jan 2021 13:26:11 +0000 (14:26 +0100)]
Postfix: update to 3.5.9
This release adds runtime detection of DNSSEC support; please refer to
http://www.postfix.org/announcements/postfix-3.5.9.html for its full
announcement.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 29 Jan 2021 21:58:23 +0000 (22:58 +0100)]
dbus: Update to 1.12.20
- Update dbus from 1.11.12 to 1.12.20 (latest in release line
1.13.x is also available but this is the development line
and not recommended for production use
- Changelog between these two versions is very long (750 lines long) and
can be found in the NEWS file in the source tarball.
- rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 28 Jan 2021 20:17:30 +0000 (21:17 +0100)]
dma: Update to 0.13
- Update dma from 0.12 to 0.13
- No changelog information available
- No change to the rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 28 Jan 2021 20:17:00 +0000 (21:17 +0100)]
ipset: Update to 7.10
- Update ipset from 7.6 to 7.10
- Changelog
7.10
Kernel part changes
Fix patch "Handle false warning from -Wstringop-overflow"
Backward compatibility: handle renaming nla_strlcpy to nla_strscpy
treewide: rename nla_strlcpy to nla_strscpy. (Francis Laniel)
netfilter: ipset: fix shift-out-of-bounds in htable_bits() (Vasily Averin)
netfilter: ipset: fixes possible oops in mtype_resize (Vasily Averin)
Handle false warning from -Wstringop-overflow
Backward compatibility: handle missing strscpy with a wrapper of strlcpy.
Move compiler specific compatibility support to separated file (broken compatibility support reported by Ed W)
7.9
Userspace changes
Fix library versioning (Jan Engelhardt)
7.8
Kernel part changes
Complete backward compatibility fix for package copy of <linux/jhash.h>
Compatibility: check for kvzalloc() and GFP_KERNEL_ACCOUNT
netfilter: ipset: enable memory accounting for ipset allocations (Vasily Averin)
netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet)
Compatibility: use skb_policy() from if_vlan.h if available
Compatibility: Check for the fourth arg of list_for_each_entry_rcu()
Backward compatibility fix for the package copy of <linux/jhash.h>
7.7
Userspace changes
Expose the initval hash parameter to userspace
Handle all variable header parts in helper scripts instead ot test tasks
Add bucketsize parameter to all hash types
Support the -exist flag with the destroy command
Kernel part changes
Expose the initval hash parameter to userspace
Add bucketsize parameter to all hash types
Use fallthrough pseudo-keyword in the package copy of too
Support the -exist flag with the destroy command
netfilter: Use fallthrough pseudo-keyword (Gustavo A. R. Silva)
netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva)
netfilter: ipset: call ip_set_free() instead of kfree() (Eric Dumazet)
netfiler: ipset: fix unaligned atomic access (Russell King)
netfilter: ipset: Fix subcounter update skip (Phil Sutter)
ipset: Update byte and packet counters regardless of whether they match (Stefano Brivio)
netfilter: ipset: Pass lockdep expression to RCU lists (Amol Grover)
ip_set: Fix compatibility with kernels between v3.3 and v4.5 (Serhey Popovych)
ip_set: Fix build on kernels without INIT_DEFERRABLE_WORK (Serhey Popovych)
ipset: Support kernels with at least system_wq support
ip_set: Fix build on kernels without system_power_efficient_wq (Serhey Popovych)
- Rootfiles updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 28 Jan 2021 18:43:22 +0000 (19:43 +0100)]
freetype: update to 2.10.4
This fixes a heap buffer overflow in the handling of embedded PNG
bitmaps (CVE-2020-15999). Further information is available at
https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/ .
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 28 Jan 2021 14:55:57 +0000 (15:55 +0100)]
minicom: Update to 2.8
- Update minicom from 2.7.1 to 2.8
- Changelog for version 2.8
New timestamp mode: Delta to previous line.
Add HPA ESC sequence
Add alternative window support (ti/te)
Fix file name of non-global configuration settings.
Update translations: Indonesian, French, Swedish, Spanish, German, Brazilian Portuguese, Vietnamese, Polish, Danish, Norwegian, Serbian
New translation: Serbian, Simplified chinese
Fix F10 macro key used in current setups
Add F11 and F12 for macro use
Fixed DTR for recent systems
Add support for RS485.
Add --capturefile-buffer-mode option
Bug fixes
- Updated rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 27 Jan 2021 22:17:00 +0000 (23:17 +0100)]
arping: Update to 2.21
- Update arping from 2.15 to 2.21
- Notable changes from 2.20 to 2.21:
* Use more modern pcap API calls, when available
* Add payload data to mac ping
* chdir(/) after chroot()
* Misc minor cleanup
- Notable changes from 2.19 to 2.20:
* Improved support for cross-compile
* Use unveil(2) and pledge(2) where available (i.e. OpenBSD)
* Fix false duplicates when destination address is *also* assigned to local interface
* Minor typo-level fixes
- Notable changes from 2.18 to 2.19:
* Added -g to drop privs to alternate user (for Android)
* Slightly improved error messages
- Notable changes from 2.17 to 2.18:
* Make -w/-W work like 'ping'
- Notable changes from 2.16 to 2.17:
* Add padding to packets to work on Raspberry Pi 3
- Notable changes from 2.15 to 2.16:
* VLAN tagging (Nikolay Aleksandrov)
* 802.1Q priority (Nikolay Aleksandrov)
* Added a bunch of unit tests.
* Be more lazy about initializing libnet.
This fixes issues where arping would sometimes pick an unsuitable
device during arg parsing, if the "first" device on the system is
not a "normal" device.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 28 Jan 2021 16:00:47 +0000 (17:00 +0100)]
libloc: ship a more recent database by default
The database we ship by default is meanwhile four weeks old, and since
the merge window for Core Update 154 is still open, there is no need to
ship data being more outdated than they have to be. :-)
The second version of this patch also updates the checksum for the
downloaded database file.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 27 Jan 2021 20:14:44 +0000 (21:14 +0100)]
sudo: Upgrade to 1.9.5p2
- Update sudo from 1.9.5p1 to 1.9.5p2
- Major changes between version 1.9.5p2 and 1.9.5p1:
Fixed sudo's setprogname(3) emulation on systems that don't provide it.
Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954.
Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically.
The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache.
When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 6 Jan 2021 14:38:03 +0000 (14:38 +0000)]
samba: Add helper script to pipe password
It is complicated to set the password in the C helper binary.
Therefore it is being set by a helper script.
This is still not an optimal solution since the password might be
exposed to the shell environment, but has the advantage that shell
command injection is no longer possible.
Fixes: #12562 Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 6 Jan 2021 12:00:32 +0000 (12:00 +0000)]
samba: Remove option to chose user group and shell
There is no need for this being implemented and it is dangerous to allow
the user to create any shell accounts or users that belong to groups
with higher privileges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 5 Jan 2021 16:01:56 +0000 (16:01 +0000)]
Drop launch-ether-wake
The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org> Fixes: #12562 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>