Traceback (most recent call last):
File "/usr/bin/aws", line 27, in <module>
sys.exit(main())
File "/usr/bin/aws", line 23, in main
return awscli.clidriver.main()
File "/usr/lib/python3.10/site-packages/awscli/clidriver.py", line 73, in main
driver = create_clidriver()
File "/usr/lib/python3.10/site-packages/awscli/clidriver.py", line 82, in create_clidriver
load_plugins(
File "/usr/lib/python3.10/site-packages/awscli/plugin.py", line 44, in load_plugins
modules = _import_plugins(plugin_mapping)
File "/usr/lib/python3.10/site-packages/awscli/plugin.py", line 61, in _import_plugins
module = __import__(path, fromlist=[module])
File "/usr/lib/python3.10/site-packages/awscli/handlers.py", line 106, in <module>
from awscli.customizations.s3.s3 import s3_plugin_initialize
File "/usr/lib/python3.10/site-packages/awscli/customizations/s3/s3.py", line 15, in <module>
from awscli.customizations.s3.subcommands import ListCommand, WebsiteCommand, \
File "/usr/lib/python3.10/site-packages/awscli/customizations/s3/subcommands.py", line 18, in <module>
from botocore.utils import is_s3express_bucket, ensure_boolean
ImportError: cannot import name 'is_s3express_bucket' from 'botocore.utils' (/usr/lib/python3.10/site-packages/botocore/utils.py)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 13 Jan 2025 21:41:05 +0000 (22:41 +0100)]
freeradius: Update to version 3.2.6
- Update from version 3.2.5 to 3.2.6
- Update of rootfile
- Changelog
3.2.6
Configuration changes
* require_message_authenticator=auto and limit_proxy_state=auto
are not applied for wildcard clients. This likely will
leave your network in an insecure state. Upgrade all clients!
Feature improvements
* Allow for "auth+acct" dynamic home servers.
* Allow for setting "Home-Server-Pool", etc. for proxying
accounting packets, just like authentication packets.
* Fix spelling in starent SN[1]-Subscriber-Acct-Mode attribute
value. Patch from John Thacker.
* Update dictionary.iea. Patch from John Thacker.
* Add warning for secrets that are too short.
* More debugging for SSL ciphers. Patch from Nick Porter.
* Update 3GPP dictionary. Patch from Nick Porter.
* Fix ZTE dictionary.
* Make radsecret more portable and avoid extra dependencies.
* Add timestamp for Client-Lost so we don't think it's 1970. Patch
from Alexander Clouter. #5353
Bug fixes
* Dynamic clients now inherit require_message_authenticator
and limit_proxy_state from dynamic client {...} definition.
* Fix radsecret build rules to better support parallel builds.
* Checkpoint systems should be reconfigured for the BlastRADIUS
attack: https://support.checkpoint.com/results/sk/sk182516
The Checkpoint systems drop packets containing Message-Authenticator,
which violates the RFCs and is completely ridiculous.
* Fix duplicate CoA packet issue. #5397
* Several fixes in the event code
* Don't leak memory in rlm_sql_sqlite. #5392
* Don't stop processing RadSec data too early.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 16 Jan 2025 17:19:10 +0000 (18:19 +0100)]
libxxhash: Update to version 0.8.3 and make available to rsync
- Update from version 0.8.2 to 0.8.3
- Update of rootfile
- Move libxxhash to before rsync in make.sh
- Changelog
0.8.3
- fix : variant `XXH3_128bits_withSecretandSeed()` could produce an invalid
result in some specific set of conditions, #894 by @hltj
- cli : vector extension detected at runtime on x86/x64, enabled by default
- cli : new commands `--filelist` and `--files-from`, by @Ian-Clowes
- cli : XXH3 64-bits GNU format can now be generated and checked (command `-H3`)
- portability: LoongArch SX SIMD extension, by @lrzlin
- portability: can build on AIX, suggested by @likema
- portability: validated for SPARC cpus
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 16 Jan 2025 17:19:09 +0000 (18:19 +0100)]
rsync: Update to version 3.4.1
- Update from version 3.3.0 to 3.4.1 as the previous patch which went from 3.3.0 to 3.4.0
has only been merged into CU190 and not into next where this patch is being done.
Not sure if this will cause problems or not. I updated the PAK_VER of rsynce from
19 to 21 so that it went over the PAK_VER of the version merged into CU190.
- If how I have done it is not the best or not correct just let me know how I should do
it and I will re-do it.
- Update of rootfile not required.
- Added in enabling xxhash as we have that available in IPFire as another addon.
- Ran rsync -V and confirmed that xxhash is now available to rsync.
- Changelog
3.4.1
Release 3.4.1 is a fix for regressions introduced in 3.4.0
BUG FIXES:
- fixed handling of -H flag with conflict in internal flag values
- fixed a user after free in logging of failed rename
- fixed build on systems without openat()
- removed dependency on alloca() in bundled popt
DEVELOPER RELATED:
- fix to permissions handling in the developer release script
3.4.0 (This was already in the previous patch that went from 3.3.0 to 3.4.0
Release 3.4.0 is a security release that fixes a number of important
vulnerabilities. For more details on the vulnerabilities please see the CERT
report https://kb.cert.org/vuls/id/952657
PROTOCOL NUMBER:
- The protocol number was changed to 32 to make it easier for
administrators to check their servers have been updated
SECURITY FIXES:
Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at
Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for
discovering these vulnerabilities and working with the rsync project
to develop and test fixes.
- CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing.
- CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR.
- CVE-2024-12086 - Server leaks arbitrary client files.
- CVE-2024-12087 - Server can make client write files outside of destination directory using symbolic links.
- CVE-2024-12088 - --safe-links Bypass.
- CVE-2024-12747 - symlink race condition.
BUG FIXES:
- Fixed the included popt to avoid a memory error on modern gcc versions.
- Fixed an incorrect extern variable's type that caused an ACL issue on macOS.
- Fixed IPv6 configure check
INTERNAL:
- Updated included popt to version 1.19.
DEVELOPER RELATED:
- Various improvements to the release scripts and git setup.
- Improved packaging/var-checker to identify variable type issues.
- added FreeBSD and Solaris CI builds
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 2 Jan 2025 16:29:26 +0000 (17:29 +0100)]
miniupnpc: revert the addition of this package due to transmission reversion
- As transmission has been reverted back to version 4.0.5 then miniupnpc is no longer
needed for building or runtime.
- This removes the minupnpc lfs and rootfile files. It also removes miniupnpc from
the make.sh file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 2 Jan 2025 16:29:25 +0000 (17:29 +0100)]
transmission: revert version back to 4.0.5
- Revert back from 4.0.6 to 4.0.5 due to a bug in 4.0.6 that has resulted in a variety
of torrent mirrors banning transmission-4.0.6
- The update from 4.0.5 to 4.0.6 did not have any security fixes in it so there is no
issue in moving backward to 4.0.5
- A fix has been created but it is unclear when (and if) version 4.0.7 will be released.
The fix has also been included in version 4.1.0 but this is still in beta development
form.
- Version 4.0.6 required minupnpc for building and run time. This reversion is also
removing miniupnpc in an associated patch in this patch set.
- No change required in the rootfile.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 27 Dec 2024 09:10:00 +0000 (09:10 +0000)]
Tor: Update to 0.4.8.13
Full changelog according to
https://gitlab.torproject.org/tpo/core/tor/-/blob/tor-0.4.8.13/ChangeLog :
Changes in version 0.4.8.13 - 2024-10-24
This is minor release fixing an important client circuit building (Conflux
related) bug which lead to performance degradation and extra load on the
network. Some minor memory leaks fixes as well as an important minor feature
for pluggable transports. We strongly recommend to update as soon as possible
for clients in order to neutralize this conflux bug.
o Major bugfixes (circuit building):
- Conflux circuit building was ignoring the "predicted ports"
feature, which aims to make Tor stop building circuits if there
have been no user requests lately. This bug led to every idle Tor
on the network building and discarding circuits every 30 seconds,
which added overall load to the network, used bandwidth and
battery from clients that weren't actively using their Tor, and
kept sockets open on guards which added connection padding
essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha;
o Minor feature (bridges, pluggable transport):
- Add STATUS TYPE=version handler for Pluggable Transport. This
allows us to gather version statistics on Pluggable Transport
usage from bridge servers on our metrics portal. Closes
ticket 11101.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on October 24, 2024.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2024/10/24.
o Minor bugfixes (memleak, authority):
- Fix a small memleak when computing a new consensus. This only
affects directory authorities. Fixes bug 40966; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (memory):
- Fix memory leaks of the CPU worker code during shutdown. Fixes bug
833; bugfix on 0.3.5.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 20 Dec 2024 10:04:05 +0000 (11:04 +0100)]
backup.pl: Fix Bug13799 - addon restore not working
- This fixes the existence check for the addon .ipf file from a check of existence
of a directory to a check of existence of a file.
Suggested-by: Bernhard Bitsch <bbitsch@ipfire.org> Tested-by: Bernhard Bitsch <bbitsch@ipfire.org> Fixes: Bug13799 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 21 Dec 2024 10:54:42 +0000 (10:54 +0000)]
make.sh: Explicitely check the source tarballs
The Makefiles do not automatically perform the check that I expected
them to perform when running a build. They check if the source tarballs
are all present, but they don't check whether they match the checksum.
This is only being done when "./make.sh downloadsrc" is being run.
In case of the automated builds, we explicitely run "./make.sh
downloadsrc", so I don't think that this might have introduced any
malicious source into the published builds.
Reported-by: Stephen Cuka <stephen@firemypi.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 20 Dec 2024 11:40:02 +0000 (12:40 +0100)]
libyajl: Removal of addon as no longer required by libvirt
- libyajl is no longer being used by libvirt. libvirt now uses json-c which is a core
package in IPFire. libyajl was stopped being used as it had not been updated and
is considered effectively dead upstream.
- lfs, rootfile and libyajl entry in make.sh removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 20 Dec 2024 11:40:01 +0000 (12:40 +0100)]
libvirt: Update to version 10.10.0
- Update from version 10.7.0 to 10.10.0
- Update of rootfile
- version 10.7.0 had a change in it which meant that the script friendly output of
``virsh list --uuid`` was replaced. This change was reverted in version 10.8.0
- In version 10.8.0 libyajl was replaced by json-c for JSON parsing and formatting.
Therefore this patch set also removes libyajl from IPFire as it is no longer
required.
- Changelog
10.10.0
New features
* qemu: add multi boot device support on s390x
For classical mainframe guests (i.e. LPAR or z/VM installations), you
always have to explicitly specify the disk where you want to boot from (or
"IPL" from, in s390x-speak -- IPL means "Initial Program Load").
In the past QEMU only used the first device in the boot order to IPL from.
With the new multi boot device support on s390x that is available with QEMU
version 9.2 and newer, this limitation is lifted. If the IPL fails for the
first device with the lowest boot index, the device with the second lowest
boot index will be tried and so on until IPL is successful or there are no
remaining boot devices to try.
Limitation: The s390x BIOS will try to IPL up to 8 total devices, any
number of which may be disks or network devices.
* qemu: Add support for versioned CPU models
Updates to QEMU CPU models with -vN suffix can now be used in libvirt just
like any other CPU model.
* qemu: Support for the 'data-file' QCOW2 image feature
The QEMU hypervisor driver now supports QCOW2 images with 'data-file'
feature present (both when probing form the image itself and when specified
explicitly via ``<dataStore>`` element). This can be useful when it's
required to keep data "raw" on disk, but the use case requires features
of the QCOW2 format such as incremental backups.
* swtpm: Add support for profiles
Upcoming swtpm release will have TPM profile support that allows to
restrict a TPM's provided set of crypto algorithms and commands. Users can
now select profile by using ``<profile/>`` in their TPM XML definition.
Improvements
* qemu: Support UEFI NVRAM images on block storage
Libvirt now allows users to use block storage as backend for UEFI NVRAM
images and allows them to be in format different than the template. When
qcow2 is used as the format, the images are now also auto-populated from the
template.
* qemu: Automatically add IOMMU when needed
When domain of 'qemu' or 'kvm' type has more than 255 vCPUs IOMMU with EIM
mode is required. Starting with this release libvirt automatically adds one
(or turns on the EIM mode if there's IOMMU without it).
* ch: allow hostdevs in domain definition
The Cloud Hypervisor driver (ch) now supports ``<hostdev/>``-s.
* ch: Enable callbacks for ch domain events
The Cloud Hypervisor driver (ch) now supports emitting events on domain
define, undefine, start, boot, stop and destroy.
Bug fixes
* qemu: Fix reversion and inactive deletion of internal snapshots with UEFI
NVRAM. In `v10.9.0 (2024-11-01)`_ creation of internal snapshots of VMs
with UEFI firmware was allowed, but certain operations such as reversion
or inactive deletion didn't work properly as they didn't consider the
NVRAM qcow2 file.
* virnetdevopenvswitch: Warn on unsupported QoS settings
For OpenVSwitch vNICs libivrt does not set QoS directly using 'tc' but
offloads setting to OVS. But OVS is not as feature full as libvirt in this
regard and setting different 'peak' than 'average' results in vNIC always
sticking with 'peak'. Produce a warning if that's the case.
10.9.0
New features
* qemu: zero block detection for non-shared-storage migration
Users can now request that all-zero blocks are not transferred when migrating
non-shared disk data without actually enabling zero detection on the disk
itself. This allows sparsifying images during migration where the source
has no access to the allocation state of blocks at the cost of CPU overhead.
This feature is available via the ``--migrate-disks-detect-zeroes`` option
for ``virsh migrate`` or ``VIR_MIGRATE_PARAM_MIGRATE_DISKS_DETECT_ZEROES``
migration parameter. See the documentation for caveats.
Improvements
* qemu: internal snapshot improvements
The qemu internal snapshot handling code was updated to use modern commands
which avoid the problems the old ones had, preventing use of internal
snapshots on VMs with UEFI NVRAM. Internal snapshots of VMs using UEFI are
now possible provided that the NVRAM is in ``qcow2`` format.
The new code also allows better control when deleting snapshots. To prevent
possible regressions no strict checking is done, but in case inconsistent
state is encountered a log message is added::
warning : qemuSnapshotActiveInternalDeleteGetDevices:3841 : inconsistent
internal snapshot state (deletion): VM='snap' snapshot='1727959843'
missing='vda ' unexpected='' extra=''
Users are encouraged to report any occurence of the above message along
with steps they took to the upstream tracker.
* qemu: improve documentation of image format settings
The documentation of the various ``*_image_format`` settings in ``qemu.conf``
imply they can only be used to control compression of the image. The
documentation has been improved to clarify the settings describe the
representation of guest memory blocks on disk, which includes compression
among other possible layouts.
* Report CPU model blockers in domain capabilities
When a CPU model is reported as usable='no' an additional
``<blockers model='...'>`` element is added for that CPU model listing
features required by the CPU model, but not supported on the host.
10.8.0
Improvements
* network: make networks with ``<forward mode='open'/>`` more useful
It is now permissable to have a ``<forward mode='open'>`` network that
has no IP address assigned to the host's port of the bridge. This
is the only way to create a libvirt network where guests are
unreachable from the host (and vice versa) and also 0 firewall
rules are added on the host.
It is now also possible for a ``<forward mode='open'/>`` network to
use the ``zone`` attribute of ``<bridge>`` to set the firewalld zone of
the bridge interface (normally it would not be set, as is done
with other forward modes).
* storage: Lessen dependancy on the ``showmount`` program
Libvirt now automatically detects presence of ``showmount`` during runtime
as we do with other helper programs and also the
``daemon-driver-storage-core`` RPM package now doesn't strongly depend on it
if the users wish for a more minimal deployment.
* Switch from YAJL to json-c for JSON parsing and formatting
The parser and formatter in the libvirt library, as well
as the parsers in the nss plugin were rewritten to use json-c
instead of YAJL, which is effectively dead upstream.
* Relax restrictions for memorytune settings
It should now be possible to use resctrl on AMD CPUs as well as Intel CPUs
when the resctrl filesystem is mounted with ``mba_MBps`` option.
Bug fixes
* virsh: Fix script-friedly output of ``virsh list --uuid``
The script-friendly output of just 1 UUID per line was mistakenly replaced
by the full human-targetted table view full of redundant information
and very hard to parse. Users who wish to see the UUIDs in the tabular
output need to use ``virsh list --table --uuid`` as old behaviour was
reverted.
Note that this also broke the ``libvirt-guests`` script. The bug was
introduced in `v10.7.0 (2024-09-02)`_.
* network/qemu: fix some cases where ``device-update`` of a network
interface was failing:
* If the interface was connected to a libvirt network that was
providing a pool of VFs to be used with macvtap passthrough
mode, then *any* update to the interface would fail, even
changing the link state. Updating (the updateable parts of) a
macvtap passthrough interface will now succeed.
* It previously was not possible to move an interface from a Linux
host bridge to an OVS bridge. This (and the opposite direction)
now works.
* qemu: backup: Fix possible crashes when running monitoring commands during
backup job The qemu monitor code was fixed to not crash in specific cases
when monitoing APIs are called during a backup job.
* Fix various memleaks and overflows
Multiple memory leaks and overflows in corner cases were fixed based on
upstream issues reported.
* network: Better cleanup after disappeared networks
If a network disappeared while virtnetworkd was not running not all clean up
was done properly once the daemon was started, especially when only the
network interface disappeared. This could have in some cases resulted in
the network being shown as inactive, but not being able to start.
* qemu: Remember memory backing directory for domains
If ``memory_backing_dir`` is changed during the lifetime of a domain with
file backed memory, files in the old directory would not be cleaned up once
the domain is shut down. Now the directory that was used during startup is
remembered for each running domain.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Robin Roevens [Tue, 5 Nov 2024 22:36:18 +0000 (23:36 +0100)]
zabbix_agentd: Add IPS throughput and guardian blocked IP count items
- Adds Zabbix Agent userparameter `ipfire.ips.throughput.get` for the agent to get details about IPS throughput bypassed/scanned/whitelisted in bytes (JSON)
- Adds Zabbix Agent userparameter `ipfire.guardian.blocked.count` for the agent to get the number of currently blocked IP's by Addon: Guardian.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 14 Dec 2024 12:49:04 +0000 (13:49 +0100)]
fr.pl: Update to French translations for the optionsfw.cgi page
Reported-by: Phil SCAR <p27m@orange.fr> Fixes: Bug13800 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Wed, 11 Dec 2024 16:33:21 +0000 (17:33 +0100)]
monit: Update to 5.34.3
For details see:
https://mmonit.com/monit/changes/
"Fixed: If the ping statement did not explicitly specify an outgoing
address but a previous ping statement did, the same address was
shared by both statements.
Fixed: Monit may crash upon stopping if the ping statement is used
in conjunction with the address option.
Fixed: If a directory is set in the allow option of the set httpd
statement, instead of a file or string, Monit hangs on startup."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 11 Dec 2024 11:51:44 +0000 (12:51 +0100)]
en.pl: Update the wording for the check on the CA Name for upload
- This changes the wording to allowing characters and spaces.
Fixes: Bug10595 part 2 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 11 Dec 2024 11:51:43 +0000 (12:51 +0100)]
vpnmain.cgi: Fix for 2nd part of bug10595
- Bug10595 had two parts in it and was closed after the first part was fixed. The second
part was still unfixed at that time. I cam across it when checking out an open bug on
a similar issue with OpenVPN.
- I found the section that checks on the CA Name and modified it to also allow spaces.
- Having modified that then the subroutines getsubjectfromcert and getCNfromcert required
to have quotation marks put around the parameter that had the CA Name with spaces in it
otherwise the openssl statement only got a filename with the first portion of the ca
name until the first space was encountered.
- Tested this change out on my vm and it worked fine. I was able to upload a ca
certificate into IPSec and use spaces in the CA Name.
Fixes: Bug10595 part 2 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 10 Dec 2024 14:11:21 +0000 (15:11 +0100)]
samba: Update to version 4.21.2
- Update from version 4.21.0 to 4.21.2
- Update of the rootfiles for x86_64, aarch64 & riscv64
- Version 4.21.0 mentioned that LDB is no longer available to build as a distinct
tarball. However version 4.21.0 previously built without any problem so it looks like
it was still available. Now with version 4.21.2 the lmdb package needs to be available
or you have to disable all ldb options. As these options were uncommented in the
previous versions of samba, it looks like they are intended to be present. To make
this version support in the same way the lmdb package had to be moved so it was built
before samba is built. Hence the shift of lmdb in make.sh
- Changelog
4.21.2
* BUG 15732: smbd fails to correctly check sharemode against OVERWRITE
dispositions.
* BUG 15754: Panic in close_directory.
* BUG 15752: winexe no longer works with samba 4.21.
* BUG 14356: protocol error - Unclear debug message "pad length mismatch" for
invalid bind packet.
* BUG 15425: NetrGetLogonCapabilities QueryLevel 2 needs to be implemented.
* BUG 15740: gss_accept_sec_context() from Heimdal does not imply
GSS_C_MUTUAL_FLAG with GSS_C_DCE_STYLE.
* BUG 15749: winbindd should call process_set_title() for locator child.
* BUG 15320: Update CTDB to track all TCP connections to public IP addresses.
4.21.1
* BUG 15624: DH reconnect error handling can lead to stale sharemode entries.
* BUG 15695: "inherit permissions = yes" triggers assert() in vfs_default
when creating a stream.
* BUG 15715: Samba 4.21.0 broke FreeIPA domain member integration.
* BUG 15692: Missing conversion for msDS-UserTGTLifetime, msDS-
ComputerTGTLifetime and msDS-ServiceTGTLifetime on "samba-tool
domain auth policy modify".
* BUG 15280: irpc_destructor may crash during shutdown.
* BUG 15624: DH reconnect error handling can lead to stale sharemode entries.
* BUG 15649: Durable handle is not granted when a previous OPEN exists with
NoOplock.
* BUG 15651: Durable handle is granted but reconnect fails.
* BUG 15708: Disconnected durable handles with RH lease should not be purged
by a new non conflicting open.
* BUG 15714: net ads testjoin and other commands use the wrong secrets.tdb in
a cluster.
* BUG 15726: 4.21 using --with-system-mitkrb5 requires MIT krb5 1.16 as rfc
8009 etypes are used.
* BUG 15730: VFS_OPEN_HOW_WITH_BACKUP_INTENT breaks shadow_copy2.
* BUG 15643: Samba 4.20.0 DLZ module crashes BIND on startup.
* BUG 15721: Cannot build libldb lmdb backend on a build without AD DC.
* BUG 15706: Consistent log level for sighup handler.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 10 Dec 2024 13:23:55 +0000 (14:23 +0100)]
suricata.yaml: Fix bug13646 - Adjust the include syntax to use array format
- Suricata-8.x will only accept include statements in array format and not in multiple
single lines. Suricata-7.x still accepts the multiple single lines but flags up that
the format is deprecated and will be removed in suricata-8.x
- This patch adjusts the address-groups include into the array format.
- This change has been tested out on my vm and the IPS started up and from the logs you
can see that all the include files were taken on board and the derprecation message
is no longer shown.
- This change can be implemented with Suricata-7.x and will make sure that IPFire has
the include syntax that Suricata-8.x will require.
Fixes: Bug13646 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 9 Dec 2024 11:42:51 +0000 (12:42 +0100)]
update.sh: Remove the lines related to FEODO_RECOMMENDED
- This removes the lines related to removing any time entries in the modified file for
FEODO_RECOMMENDED.
- This also removes the lines realted to removing the blocklists for the
FEODO_RECOMMENDED sources from the /var/lib/ipblocklist directory.
- This patch will ensure that FEODO_RECOMMENDED stays in place if it was being used.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 9 Dec 2024 11:42:50 +0000 (12:42 +0100)]
sources: Replacement of Feodo Recommended Tracker list to ipblocklist sources file
- FEODO_RECOMMENDED list is still being updated but the number of events can be very
low. However as it is still active then it has been added back in as discussed in
the Dev Conf Call on Nov 4th.
- FEODO_IP list covers any IP that has been detected as a botnet in the last 30 days.
This could lead to false positives if the botnet has been fixed within one day of
being detected. So it was agreed that this list would stay removed.
- FEODO_AGGRESSIVE list contains all IP's that havce ever been detected as botnets since
the list was started. It is not intended to be used for blocking as it would have a
huge false positive effect. This list will also stay removed as it should not have
been included originally.
- This patch set adds back in the FEODO_RECOMMENDED list into the sources file and in the
associated patch for the update.sh file removes the lines that removed the files
related to FEODO_RECOMMENDED.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 3460100 to 3470200
- Update of rootfile not required
- Changelog 3470200
Fix a problem in text-to-floating-point conversion for SQLite that can cause
values between '1.8446744073709550592eNNN' and '1.8446744073709551609eNNN'
for any exponent NNN to be rendered incorrectly. In other words, some numeric
text values where the first 16 significant digits are '1844674407370955'
might be converted into the wrong floating-point value. See forum thread 569a7209179a7f5e. This problem only arises on x64 and i386 hardware. The
problem was introduced in 3.47.0.
Other minor bug fixes. 3470100
Fix the makefiles so that they once again honored DESTDIR for the "install"
target.
Add the SQLITE_IOCAP_SUBPAGE_READ capability to the VFS, to work around issues
on some non-standard VFSes caused by making SQLITE_DIRECT_OVERFLOW_READ the
default in version 3.45.0.
Fix problems with line endings in the new sqlite3_rsync.exe utility on Windows.
Fix incorrect answers to certain obscure IN queries caused by new query
optimizations added in the 3.47.0 release.
Other minor bug fixes. 3470000
Allow arbitrary expressions in the second argument to the RAISE function.
If the RHS of the ->> operator is negative, then access array elements counting
from the right.
Fix a problem with rolling back hot journal files in the seldom-used
unix-dotfile VFS.
FTS5 tables can now be dropped even if they use a non-standard tokenizer that
has not been registered.
Fix the group_concat() aggregate function so that it returns an empty string,
not a NULL, if it receives a single input value which is an empty string.
Enhance the generate_series() table-valued function so that it is able to
recognize and use constraints on its output value.
Preupdate hooks now recognize when a column added by ALTER TABLE ADD COLUMN has
a non-null default value.
Performance optimizations:
Improved reuse of subqueries associated with the IN operator, especially
when the IN operator has been duplicated due to predicate push-down.
Use a Bloom filter on subqueries on the right-hand side of the IN operator,
in cases where that seems likely to improve performance.
Ensure that queries like "SELECT func(a) FROM tab GROUP BY 1" only invoke
the func() function once per row.
No attempt is made to create automatic indexes on a column that is known to
be non-selective because of its use in other indexes that have been
analyzed.
Adjustments to the query planner so that it produces better plans for star
queries with a large number of dimension tables.
Add the "order-by-subquery" optimization, that seeks to disable sort
operations in outer queries if the desired order is obtained naturally due
to ORDER BY clauses in subqueries.
The "indexed-subtype-expr" optimization strives to use expressions that are
part of an index rather than recomputing the expression based on table
values, as long as the query planner can prove that the subtype of the
expression will never be used.
Miscellaneous coding tweaks for faster runtimes.
Enhancements to SQLite-related command-line programs:
Add the experimental sqlite3_rsync program.
Add extension functions median(), percentile(), percentile_cont(), and
percentile_disc() to the CLI.
Add the .www dot-command to the CLI.
The sqlite3_analyzer utility now provides a break-out of statistics for
WITHOUT ROWID tables.
The sqldiff utility avoids creating an empty database if its second
argument does not exist.
Enhance the sqlite_dbpage table-valued function such that INSERT can be used to
increase or decrease the size of the database file.
SQLite no longer makes any use of the "long double" data type, as hardware
support for long double is becoming less common and long double creates
challenges for some compiler tool chains. Instead, SQLite uses Dekker's
algorithm when extended precision is needed.
The TCL Interface for SQLite supports TCL9. Everything probably still works for
TCL 8.5 and later, though this is not guaranteed. Users are encouraged to
upgrade to TCL9.
JavaScript/WASM:
Fix a corruption-causing bug in the JavaScript "opfs" VFS.
Correct "mode=ro" handling for the "opfs" VFS.
Work around a couple of browser-specific OPFS quirks.
FTS5 Changes:
Add the fts5_tokenizer_v2 API and the locale=1 option, for creating custom
locale-aware tokenizers and fts5 tables that may take advantage of them.
Add the contentless_unindexed=1 option, for creating contentless fts5
tables that store the values of any UNINDEXED columns persistently in the
database.
Allow an FTS5 table to be dropped even if it uses a custom tokenizer whose
implementation is not available.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 6 Dec 2024 16:44:14 +0000 (16:44 +0000)]
connections.cgi: Fix colour of destination country
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 6 Dec 2024 16:42:17 +0000 (16:42 +0000)]
initscripts: readhash: Fix handling = signs
The function expected that a line only contains exactly one equals sign
(=) which is not fit for purpose. In the WireGuard code we hold key
material that is encoded in base64 and therefore contains padding that
uses =.
This patch fixes that we expect exactly one equals sign immediately
after the key and we will then accept more = in the value - which was
already permitted.
Furthermore, this patch fixes the splitting if the key and value at the
first =.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:16:46 +0000 (14:16 +0100)]
libtalloc: Update to version 2.4.2 plus moved before cifs-utils
- Update from version 2.4.1 to 2.4.2
- Update of rootfile
- Moved to before cifs-utils in make.sh as now a required dependency for cifs-utils
- The last changelog is recorded in the sourcde tarball is from 2007 and I have been
unable to find anywhere where the changes can be identified. So updated on the
principle of having the latest version and both samba and cifs-utils now require it.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:16:45 +0000 (14:16 +0100)]
cifs-utils: Update to version 7.1
- Update from version 7.0 to 7.1
- Update of rootfile not required
- libtalloc now required as a build and run-time dependency for cifs-utils
- Changelog
7.1
LDAP Ping capability
smbinfo adds gettconinfo command
Various improvements to man pages
Detailed list of changes since 7.0 was released: 0fae4c7 cifs-utils: bump version to 7.1 2cd7b1f cifs: update documentation for sloppy mount option 9918019 docs: add closetimeo description c4c30b5 docs: add compress description 454870a checkopts: update it to work with latest kernel version 465f213 cifs-utils: add documentation for multichannel and max_channels b3fe25c cifs-utils: smbinfo: add gettconinfo command c6bf4d9 Implement CLDAP Ping to find the closest site 4718e09 (for-next) mount.cifs.rst: update section about xattr/acl support e7ec003 mount.cifs.rst: add missing reference for sssd 3870f5b getcifsacl, setcifsacl: add missing <endian.h> include for le32toh c8ec7d1 getcifsacl, setcifsacl: add missing <linux/limits.h> include
for XATTR_SIZE_MAX 25d6552 cifs-utils: Make automake treat /sbin as exec, not data dac3301 pam_cifscreds: fix warning on NULL arg passed to %s in
pam_syslog() 7314638 cifs.upcall: fix UAF in get_cachename_from_process_env() ef0d95e cifs-utils: add documentation for acregmax and acdirmax 2260c0d setcifsacl: Fix uninitialized value. 1eee8e8 Use explicit "#!/usr/bin/python3"
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:15:46 +0000 (14:15 +0100)]
dnsdist: Update to version 1.9.7
- Update from version 1.9.6 to 1.9.7
- Update of rootfilke not required
- Changelog
1.9.7
New Features
Add a FFI accessor to incoming proxy protocol values
References: #14664, pull request 14716
Improvements
Update Quiche to 0.22.0 (in our packages)
References: pull request 14647
Update the Rust version we use in our packages to 1.78
References: pull request 14695
Fix build with boost 1.86.0
References: #14562, pull request 14638
Stop reporting timeouts in topSlow(), add topTimeouts()
References: #14568, pull request 14641
Fix compilation with GCC 15 (Holger Hoffstätte)
References: #14549, pull request 14645
Add warnings about large values passed to setMaxTCPClientThreads
References: pull request 14646
Bug Fixes
Disable eBPF filtering on QUIC (DoQ, DoH3) sockets
References: #14736, pull request 14740
Fix handling of proxy protocol payload outside of TLS for DoT
References: #14631, pull request 14639
Prevent a data race in incoming DNS over TLS connections by storing the
OpenSSLTLSIOCtx in the connection
References: pull request 14677
Return a valid unix timestamp for Dynamic Block’s until
References: #14552, pull request 14643
Fix EDNS flags confusion when editing the OPT header
References: #14548, pull request 14644
Handle a nonexistent default pool when removing a server
References: pull request 14640
Add EDNS to responses generated from raw record data
References: pull request 14730
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:15:45 +0000 (14:15 +0100)]
aws-cli: Update to version 1.36.15
- Update from version 1.27.100 to 1.36.15 (398 update versions between thgese two)
- Update of rootfile not required
- Changelog is around 4,500 lines long so not suitable to include here. Changes can
be found in the CHANGELOG.rst file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:15:44 +0000 (14:15 +0100)]
amazon-ssm-agent: Update to version 3.3.1345.0
- Update from version 3.2.582.0 to 3.3.1345.0
- Update of rootfile not required
- Changelog
3.3.1345.0
Revert "Update configurePackage to use fixed download method"
Revert "Use a single syscall for route table for health check IP"
3.3.13110.0
Add alternative to wmic to support Windows 2025
Add armv7 architecture support for greengrass component
Add support in ssm-setup-cli for standalone installation in on-premises environments
Fail ssm-setup-cli install command if agent config is not loadable
Implement S3 ownership verification as an optional parameter for plugins
Mark Session task as cancelled when MGS indicates that session is over
Update configurePackage to use fixed download method
Update Docker Engine version and use system environment variables in installation path
Update GreenGrass component minor version to 1.3.1
3.3.1230.0
Revert compatibility hook for future Windows versions as it increased CPU consumption for document execution on Windows.
Revert Increase RunCommand timeout during the registration process for the on-prem instances
3.3.1142.0
Fail windows update when installed version does not match
Reduced length of IMDS errors to shorter format
Increase the RunCommand timeout during the registration process for the on-prem instances
Add nil check when calling GetRepository content in aws:downloadContent
Worker process to exit if they are not successfully started and became idle
Fix bug where unforeseen failures cause time to be incorrectly displayed in RunCommand
Update GreenGrass component minor version to 1.3.0
Ensure agent thread always exit after the corresponding worker process exits
Fix IPC file filtering bug where usernames or session names containing tmp causes agent worker to not correctly receive IPC
Load directly from appconfig file when calling UpdateInstanceInformation during credential refresher
Use a single syscall for route table for health check IP
3.3.987.0
Update default session logging destination to none
Specify a minimum of TLS v1.2 in http client calls
Add web-socket heartbeat to detect connection drops in the web-socket for control and data channels sooner
Use exponential retry for document worker, increase retry interval and attempt count when reading IPC files
Add wait for cloud-init in the agent updater
Fix timeouts for update without yum endpoint connectivity
Change in orchestration directory removal process to reduce disk space usage
Fix Inventory detailed information invalid value check
Fix parsing issue with DomainJoin Plugin
Modify DomainJoin Plugin to use Kerberos REALM in username for RHEL and variants
Change the SUSE linux zypper commands to quiet mode for the DomainJoin Plugin
Move high volume info logs to debug level
Remove deprecated go coverage library (golang.org/x/tools/cmd/cover)
Add lock on session orchestration cleanup to prevent quadratic file system lookup for large volume session users
Upgrade GoLang to version 1.22.7
3.3.859.0
Updated snapcraft.yml specification
3.3.808.0
Add enhancements related to KMS sessions
Add support for RHEL 8.10 & 9.4
Allow in-place upgrade for hybrid distributor packages
Fix idempotency not found error during agent startup
Fix bug that could cause unexpected behavior during parameter replacement in document
Gather metrics during agent version validation in Windows agent update
Make long sleep for onprem same as long sleep for EC2, and cap sleep time at 30 minutes for OnPrem instances
Migrated snap package builder from core18 to core22
Parse version from OS release file correctly when contains special chars
Suppress logs from the go-routine that checks the session manager's orchestration directory
Update go git dependency to v5.12.0
Update seelog config to have default time format with Milliseconds
Update TMP/TEMP env variable during windows installer launch in Updater
Upgrade GoLang to version 1.21.12
3.3.551.0
Agent updater attempts yum install/uninstall before falling back to attempt with rpm
Updated golang.org/x/net from v0.19.0 to v0.26.0
Upgrade GoLang to version 1.21.11
Add IPv6 addresses for NTP and EC2Config to default DenyList
Update Distributor to only use Systems Manager APIs to fetch package contents
3.3.484.0
Update SSM-Setup-CLI logs related to checksum validation of latest version
3.3.418.0
Upgrade go-github version from v8 to v61
Increase timeouts in SSM-Setup-CLI
Fix darwin build issue in SSM-Setup-CLI
Fix the command builder bug to handle space char in input value
Fix an inaccurate log when validating allowDowngrade parameter during Agent update
Signing SSM Agent vended Windows executables
3.3.380.0
Update AWS GO SDK to v1.51.20
3.3.337.0
Remove yum as package manager in linux install/uninstall script
Verify TrustedInstaller status before posting WindowsUpdate information in aws:softwareInventory plugin
3.3.217.0
Add alternative outputs for agent package generation scripts
Add support for Oracle 8.8 & 8.9, Rocky 8.8 & 8.9, AlmaLinux 8.8 & 8.9, and RHEL 8.9 & 9.3
Fix flaky integration test
Fix setup-cli error code for non English systems
Set IPR creds expiry to 30 mins for ssm agent worker
Switch installer package manager from rpm to yum on OSes that support yum
Upgrade GoLang to version 1.21.8
3.3.131.0
Add integration tests for control channel and data channel module
Remove data channel and control channel acknowledgement functionality in MGS Interactor
3.3.40.0
Fix issue to execute aws:updateSSMAgent plugin through aws:rundocument plugin
Update Messaging module to switch off ec2messages when ssmmessages connected successfully
Update SSM Agent Minor version from 3.2 to 3.3
3.2.2303.0
Add integration tests for control channel module
Revert data channel and control channel acknowledgement functionality in MGS Interactor
Update Greengrass component minor version to 1.2.4
3.2.2222.0
Upgrade minimum go version in go.mod file to go 1.19
Upgrade go-git package to v5.11.0
Fix for bad default manifest url when updating EC2Config
3.2.2143.0
Fixed plugin path traversal logic
Updated aws:application plugin default param
Fixed default param in psmodule
Upgraded GoLang to version 1.21.5
3.2.2086.0
Added Agent config to configure session logs destination
Added data channel acknowledgement functionalities
Added redirect handler and timeout for HTTP client
Added steps to verify aws-cli installation for domainJoin plugin
Added support for Ubuntu 23.04, Debian 11.7 & 12, and SUSE 15.5
Adjusted random number generator logic used to get filename in downloadContent plugin
Fixed Agent to gather application inventory from both rpm and dpkg package managers if present in Unix instances
Bump golang.org/x/crypto/ssh from 0.14.0 to 0.17.0
3.2.2016.0
Added telemetry for agent core in-proc executor usage
Added retries for Agent installation with snap on Greengrass
Added code to update Agent config to use only Onprem Identity in Greengrass
Added support for macOS 14 (Sonoma)
Added Onprem registration support using ssm-setup-cli
Fixed docker installation issues in aws:configureDocker plugin
Fix for document worker and session worker not logging when custom seelog configuration missing parameters
Updated allowed regex pattern in S3 URI
Update Agent IoT Greengrass component minor version
Updated SUSE version in Seamless Domain Join script
Updated Greengrass component workflow to get installed Agent version and update Agent only when the installed Agent version doesn't match with Greengrass component Agent version
Upgraded GoLang version that builds agent binaries with to 1.20.11
3.2.1798.0
Bump golang.org/x/net from 0.15.0 to 0.17.0
Upgraded GoLang to version 1.20.10
Fixing race condition in session datachannel unit test
3.2.1705.0
Updated MGS Interactor to send 'Failed' status on agentJob parsing error
Added error handling for Linux DomainJoin when service account credentials empty
Fix for panic scenario in when running aws:configureDocker plugin
Upgraded GoLang to version 1.20.8
Upgraded golang.org/x/net to v0.15.0
Added support for macOS 13 (Ventura)
3.2.1630.0
Fix credential retrieval retry logic in credential refresher
Reducing retrieval log level to debug in the credential refresher after more than 3 retrieval retries
Fix for EC2 credential retrieval errors not being propagated to the credential refresher
Fixing agent version input format validation
Fix downloadPlatformOverride for AlmaLinux
Fixed issue where removing seelog.xml file doesn't revert minimum log level back to INFO
Ignore non-audit files in audit folder
3.2.1542.0
Add aws:updateSSMAgent plugin support for Flatcar Linux
Add fix to resolve manifest url during agent update when using stable keyword
Fix multiple issues causing tight loops during IPC connection scenarios
Sign deb and rpm installer packages for Linux instances using new key
Use file based IPC by default for amazon-ssm-agent and ssm-agent-worker communication in Darwin
3.2.1478.0
Added fix to propagate exit code properly when command fails to start
Added control channel acknowledgement functionalities
Added flag to specify go version used for gosec and govulncheck in static analysis script
Added support for RHEL 8.7, 8.8, 9.1, 9.2
Added support for Rocky Linux 8.7, 9.0, 9.1, 9.2
Added support for Oracle Linux 8.7, 9.1, 9.2
Update go version to 1.20.7
3.2.1377.0
Stopped saving instance profile credentials to disk
Added static agent security scans to makefile
Updated Greengrass component minor version
3.2.1297.0
Added retries to snap uninstall call in setupcli
Fix for windows shutdown executable not found when compiled with golang1.19+
Fix to return correct Agent Job ID for ack after AgentJobParseError
Pass golang contexts for network calls in agent core to terminate cleanly
Remove credential file dependency in agent workers implemented in 3.2.x.x versions
Report MGS Connection Channel status to Health table
Update Dockerfile to use Golang image from ECR repository
3.2.1241.0
Get bucket region using signed HeadBucket request
Updated golang.org/x/net version to 0.10.0 and golang.org/x/crypto version to 0.9.0
Update go version to 1.19.10
3.2.1041.0
Add retry to handle stream data acknowledge messages
Support latest as a version in configurePackage plugin
Updated AWS GO SDK to v1.44.261 and disabled IMDSv1 fallback logic
Use IP address to connect to destination server in port session
3.2.985.0
Add Domain Join support for RHEL 8.7 and AL2022
Add Support to send aws:updateSSMAgent replies through MGS
Retrieve and set interface name dynamically in aws:domainJoin plugin for Ubuntu
3.2.923.0
Update Dockerfile Go version to 1.19
Add reporting of MGS connection status
Add support for updating to agent version marked stable
Add status code to MGS ack and send on message process failure
Update golangci-lint configuration
Add e2e tag to session shell tests
3.2.815.0
Add EC2 credential fallback for AssumeRoleUnauthorizedAccess error
Add CloudWatch log upload support for document and session worker
Add set-hostname support in domainjoin plugin for windows
Add wait time in Agent updater to avoid installation issues caused during reboots initiated by domainjoin plugin
Add support for AlmaLinux
Fix KeepHostName parameter without DNS IP address parameter in domainJoin plugin
Fix issue where carriage returns cause json conversion to fail in aws:softwareInventory plugin
Remove IMDS calls in Onprem during health check
Remove S3 global endpoint fallback logic
Update cli descriptions for registration parameters
Update go version to 1.19.6
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 5 Dec 2024 13:15:43 +0000 (14:15 +0100)]
alsa: Update to version 1.2.13
- Update from version 1.2.10 to 1.2.13
- alsa-lib, alsa-utils & alsa-ucm-conf all updated
- Update of rootfile
- Changelog
1.2.13
alsa-lib
Core
configure: do allow to use --with-pic for static build
configure: bumb version to 1.2.13pre1 (for alsa-utils)
github: use upload-artifacts@v4
src/Versions.in: Add the new snd_pcm_hw_params_get_sync for 1.2.13
seq: Add snd_seq_{get|set}_ump_is_midi1() API functions
seq: Add API functions to set different tempo base values
ump: Add a function to provide the packet word length of a UMP type
src/Versions.in: Add guards for sequencer and rawmidi syms
src/Versions.in: Add new seq / rawmidi functions for UMP
Control API
control: remap - clarify comments and docs
control: remap - fix copy-n-paste in _snd_ctl_remap_open's comment
Fix TLV dB parser in case of used container
control: Make ump_{endpoint|block}_info calls optional
PCM API
pcm: close - deactivate async handler before snd_pcm_drop()
pcm: dmix: Don't clear scpm->info flag
pcm: dmix: Fix resume with multiple instances
pcm: implement snd_pcm_hw_params_get_sync() and obsolete snd_pcm_info_get_sync()
RawMidi API
ump: Add a function to provide the packet word length of a UMP type
ump: Add descriptions for UMP RawMidi interface
ump: Fix doxygen error for snd_ump_endpoint_info_set_protocol()
ump: Add missing *_set variants for snd_ump_endpoint_info and snd_ump_block_info
Sequencer API
seq: Correct a typo in documentation
seq: Add snd_seq_{get|set}_ump_is_midi1() API functions
seq: Avoid strlcat()
seq: Fix wrong FB direction at snd_seq_create_ump_block()
seq: Add API functions to set different tempo base values
seq: Correct section descriptions for UMP
seq: Add description about MIDI 2.0 and UMP handling
seq: Add API helper functions for creating UMP Endpoint and Blocks
/src/Makefile.am
src/Versions.in: Add guards for sequencer and rawmidi syms
Async helpers Fixes: 5600b901 ("async: snd_async_del_handler - move clear signal using sigaction as last")
Configuration
conf: fix snd_config_substitute (for src->parent)
Documentation
ump: Add descriptions for UMP RawMidi interface
Kernel Headers
Sync UAPI asound.h and asequencer.h with 6.12 kernel
pcm: implement snd_pcm_hw_params_get_sync() and obsolete snd_pcm_info_get_sync()
seq: Add snd_seq_{get|set}_ump_is_midi1() API functions
seq: Add API functions to set different tempo base values
MIDI 2.0 (UMP)
ump_msg: Add missing definition for Set Key Signature Message
ump_msg: Define types for UMP Mixed Data Set messages
ump_msg: Add a new helper snd_ump_get_byte()
ump_msg: Correct a typo in snd_ump_msg_flex_data_t definition.
ump: Add a function to provide the packet word length of a UMP type
ump_msg: Drop unsuitable comments
ump_msg: Add definitions for Utility, Stream and Flex Data messages
ump_msg: Fix the wrong snd_ump_msg_system_t argument in little-endian
ump: Add descriptions for UMP RawMidi interface
ump_msg.h: Fix doxygen comments
seq: Add API helper functions for creating UMP Endpoint and Blocks
ump: Add missing *_set variants for snd_ump_endpoint_info and snd_ump_block_info
Test/Example code
test: Add an example program to inquire UMP Endpoint and Block info
test: Add an example program to create a virtual UMP Endpoint
alsa-utils
Core
alsactl: 90-alsa-restore.rules - add support for AMD ACP digital microphone
configure: bumb required alsa-lib version to 1.2.13
github: use upload-artifacts@v4
configure: Drop unused conditionals
configure: Requires the latest ALSA-lib release 1.2.12
aplaymidi2: Add initial version
/seq/Makefile.am
aplaymidi2: Add initial version
ALSA Control (alsactl)
alsactl: 90-alsa-restore.rules - add support for AMD ACP digital microphone
alsactl: state: verify only control count not numids
alsactl: state: recode set_control() to use newer functions
aconnect
aconnect: Drop superfluous ifdefs
aconnect: Fix the indication of inactive ports
alsatplg (topology)
topology: Fix strcat() to uninitialized memory in
Topology: NHLT: Intel: SSP: Handle differences for ACE3.x
Topology: NHLT: Intel: SSP: Always set SSC0 Network mode
Topology: NHLT: Intel: SSP: Add support for blob format
topology: pre_process_create_items - remove useless class_id_local
topology: pre-processor: Introduce a new feature for subtree
Topology: NHLT: Intel: Fix compile warning in dmic-process.c
aplay/arecord
aplay: Print '=== PAUSE ===' only if it is supported
aplaymidi/arecordmidi
aplaymidi: Allow to pass 0 to -u option, too
aplaymidi: Drop ifdef for UMP support
aplaymidi2/arecordmidi2 (MIDI v2.0)
aplaymidi2: Use snd_ump_get_byte() helper
aplaymidi2: Add -a option to pass all UMP packets
aplaymidi2: Fix --silent option handling
arecordmidi2: Fix truncated text in meta data text handling
arecordmidi2: Add options to put meta data texts
arecordmidi2: Add --profile option
arecordmidi2: Add stdout output and --silent option
aplaymidi2: Add --silent option
Revert "arecordmidi2: Correct the MIDI FB direction"
aplaymidi2: Show meta data texts
arecordmidi2: Fix the tick in 1us tempo-base
arecordmidi2: Correct the MIDI FB direction
arecordmidi2: Start queue at starting the stream
arecordmidi2: Add passive mode and interactive mode
arecordmidi2: Add initial version
aplaymidi2: Add initial version
aseqdump
aseqdump: Add missing dump of UMP Set Key Signature Message
aseqdump: Add dump of UMP Mixed Data Set messages
aseqdump: Use snd_ump_get_byte() helper
aseqdump: Correct the limit of UMP 7-bit SysEx bytes
aseqdump: Avoid OOB access with broken SysEx UMP packets
aseqdump: Support of UMP 8-bit SysEx messages
aseqdump: Show SysEx prefix to UMP SysEx data dump
aseqdump: Check the -u option value properly
aseqdump: Drop ifdef for UMP support
aseqdump: Fix bogus velocity value output in UMP MIDI2 mode
aseqdump: Support of UMP Stream and Flex Data message types
aseqdump: Refactor UMP SysEx dump
aseqdump: Show UMP SysEx messages
aseqsend
change getopt_long return variable from char to int
aseqsend: Simplify using the standard helper function
aseqsend: Move snd_seq_set_client_midi_version() call out of main()
aseqsend: Refine man page
aseqsend: Update the help texts for long options
aseqsend: Support long options
aseqsend: Support UMP mode
aseqsend: Support realtime / system messages
aseqdump: White-space and slight code refactoring
gitcompile
gitcompile: restore ACLOCAL_FLAGS ability to use
alsa-ucm-conf
Core
bug: Fix verbose logging in GitHub Workflow
Configuration
USB-Audio: ALC4080 - change ID 26ce:0a08 to list multiple motherboards
USB-Audio: ALC4080: Add support for MSI MPG X870E CARBON (ID: 0db0:0b58)
USB-Audio: fix bracket location for If.motu-D828
USB-Audio: add missing bracket for If.motu-D828
USB-Audio: ALC4080 - add MSI X870 Tomahawk motherboard (ID 0db0:cd0e)
ucm2: MediaTek: mt8395-evk: Add headset jack detection
ucm2: MediaTek: mt8390-evk: Add headset jack detection
ucm2: MediaTek: mt8370-evk: Add headset jack detection
ucm2: MediaTek: mt8395-evk: Add dynamic configuration for
ucm2: MediaTek: mt8390-evk: Add dynamic configuration for
ucm2: MediaTek: mt8370-evk: Add dynamic configuration for
USB-Audio: ALC4080 - add ASRock X870E Taichi (ID 26ce:0a0b)
ucm2: Qualcomm: sm8650-qrd: fix codec initialisation
ucm2: Qualcomm: sm8650-mtp: fix codec initialisation
ucm2: Qualcomm: sm8550-hdk: fix codec initialisation
Revert "ucm2: Qualcomm: x1e80100: add USB DisplayPort
acppdmmach: add support for ACP 7.0
sof-soundwire: Add sequence for controlling Mic Mute LED
sof-soundwire: Change map control names to make them unique and user friendly
rt722: add mic led support
ucm2: wsa884x: fix typo in mixer names
ucm2: USB-Audio: add Steinberg UR22C (USB0499:172f)
USB-Audio: Add Roland Bridge Cast V2
ucm2: sof-soundwire: add RT1320 amplifier
ucm2: sof-soundwire: add rt712 VA device
USB-Audio: Add support for Focusrite 4th Gen devices
ucm2: Intel: avs_nau8825 - reuse configurations
ucm2: Intel: avs: Add UCM files for HDMI configuration
ucm2: Intel: avs: Add UCM files for ssm4567 configuration
ucm2: Intel: avs: Add UCM files for rt5663 configuration
ucm2: Intel: avs: Add UCM files for rt5514 configuration
ucm2: Intel: avs: Add UCM files for nau8825 configuration
ucm2: Intel: avs: Add UCM files for max98927 configuration
ucm2: Intel: avs: Add UCM files for max98373 configuration
ucm2: Intel: avs: Add UCM files for max98357a configuration
ucm2: Intel: avs: Add UCM files for da7219 configuration
ucm2: Intel: avs: Add UCM files for DMIC configuration
ucm2: sof-soundwire: Use the HdmiDevice macro for hdmi device creation
ucm2: Intel/sof-hda-dsp: Use the HdmiDevice macro for
ucm2: common: pcm: hdmi: Add new macro to conditionally
USB-Audio: Add support for Motu 828
common: pcm/split: add support up to 32 / 8 channels
USB-Audio: Add support for MOTU Ultralite mk5
Qualcomm: Add SM8550 HDK HiFi config
codes: wcd938x: Add Analog Microphones 1 & 5 Sequences
USB-Audio: Add 0582:01d8 BOSS Katana HEAD MkII support
USB-Audio: Add support for Solid State Labs SSL 2+
ucm2/conf.d: add symlink for Qualcomm DB820c
ucm2: Qualcomm: x1e80100: add Headset capture
ucm2: codecs: wcd938x: correct 'cset' command
ucm2: Qualcomm: x1e80100: add USB DisplayPort playback
USB-Audio: ALC4080: Add 0db0:543d MSI TRX40 Pro 10G
sof-soundwire: Add support for cs42l43/cs35l56 bridge configuration
sof-soundwire: Add missing match for cs42l43 speakers
sof-hda-dsp: Fix the case where sysfs dmi sys_vendor attribute is not set
1.2.12
alsa-lib
Core
GitHub Actions: Use actions/checkout@v4
pcm: plug - add automatic conversion for iec958 subframe samples
PCM API
pcm: extend doc for snd_pcm_hw_params_get_sbits()
pcm: clarify and fix default sbits (msbits) value for all formats
pcm: ladspa - Skip missing ladspa directories
pcm: snd_pcm_(physical_)format_width() - change documentation
pcm: plug - add automatic conversion for iec958 subframe samples
PCM Plugin API
pcm: plug - add automatic conversion for iec958 subframe samples
Topology API
topology: correct version script path
Use Case Manager API
use-case.h: add DisplayPort to HDMI device description
ucm: doc - add Variant and Macro to the evaluation order
ucm: define and describe Syntax 7
ucm: raise error when macro argument is already defined (used)
ucm: do argument value substitution for Macros
ucm: fix Path condition - substitute Path
ucm: fix Path condition - substitute Path and Mode fields
Async helpers
async: snd_async_del_handler - move clear signal using sigaction as last
Configuration
conf: aliases: hdmi: Include unconditionally the
conf: USB-Audio: Add Corsair HS60 Pro to the IEC958 blacklist
conf: USB-Audio: Add more Scarlett devices to the IEC958 blacklist
Test/Example code
tests: latency.c - fix copy-n-paste typos (sw -> hw params) in error messages
alsa-utils
Core
aseqsend: initial version
chore: Use actions/checkout@v4
/seq/Makefile.am
aseqsend: initial version
ALSA Control (alsactl)
alsactl: don't free a card pointing NULL
alsa-info.sh
alsa-info.sh: log SoundWire devices reported in ACPI
alsamixer
alsamixer: fix calculation in set_normalized_volume (overflow)
alsatplg (topology)
topology: nhlt: Intel: Improve all error prints
topology: nhlt: Intel: Clear DMIC BFTH bits for version
topology: nhlt: Intel: Add check for DMIC version
aplay/arecord
aplay: fix S24_LE wav header
aseqdump
aseqdump: Add dump for UMP Utility and System messages
aseqsend
aseqsend: initial version
alsa-ucm-conf
Configuration
sof-soundwire: fix missing MultiCodec1 initialization and Empty condition
UCM2: Intel: sof-hda-dsp: Control SOF processing from UCM
UCM2: SOF: Add example blobs customization for AAEON
UCM2: Add sample SOF processing configuration blobs
codecs: qcom-lpass/tx-macro: Move TX1 MODE ctrl to
ucm2: codecs: wcd937x: add codec sequences
ucm2: soundwire: add rt722 SDCA device
ucm2: Qualcomm: x1e80100: add recording via DMIC01
ucm2: sof-soundwire: Create ALSA config file for hdmi:
ucm2: Intel/sof-hda-dsp: Create ALSA config file for
ucm2: common: pcm: Add hdmi.conf to handle the creation
sof-soundwire: Add basic support for cs42l43's speaker
qcom: sdm845: MM1: enable jack detection
qcom: sdm845: MM1: use analog volume controls instead of
ucm2: Qualcomm: x1e80100: correct headphones
ucm2: Qualcomm: x1e80100: add number of channels
Add support for Coachz with HDMI disabled
USB-Audio: ALC4080: Add support for MSI MEG Z790 Ace
ucm2: MediaTek: mt8195-sof: Add support for Tomato RT5682s
sof-soundwire: rt1316/rt1318 - fix channel selection for one amp
sof-soundwire: rt1308: Fix single amp configuration
sof-soundwire: fix rt1318 config copy-n-paste error in rt1318spk macro
sof-soundwire: fix rt1318 config typo in rt1318spk macro
USB-Audio: ALC4080: add 0b05:1af1 ASUS ROG Strix Z790-A Gaming Wifi II
1.2.11
alsa-lib
Core
src/Versions.in: Add guards for pcm and timer syms
src/Versions.in: Add guards for opt. alisp symbols
configure.ac: Update AC_OUTPUT() function
configure: bumb version to 1.2.11pre1 (for aplay/alsa-utils)
seq: Fix typos in symbol version definitions
global.h: move __STRING() macro outside !PIC ifdef block
gitcompile: Add static build
Control API
control: remap - fix the endless loop in remap_numid_child_new()
reshuffle included files to include config.h as first - v2
control.h: Fix ump header file detection
Mixer API
mixer: simple: Support dB TLVs for CTL_SINGLE controls
Mixer Abstraction API
headers: avoid c++ keyword
PCM API
pcm: document interaction of drain silence and sw silence
pcm: route plugin: allocate temporary array on stack only one time
pcm: sofvol plugin: fix signed overflow
pcm: documentation improvement mostly regarding samples and frames
pcm: handle start_treshold in snd_pcm_write_areas more robustly
pcm: plug plugin - fast_ops may be changed when sw_params are set
pcm: fix the documentation for snd_pcm_poll_descriptors again
pcm: clarify documentation of poll descriptor usage
pcm: clarify documentation on some hw params related functions
pcm: Fix incompatible-pointer-type warnings
pcm: Add MSBITS subformat options
pcm: Introduce snd_pcm_subformat_value()
pcm: Fix segfault with 32bit libs
RawMidi API
reshuffle included files to include config.h as first - v2
Sequencer API
seq: Add snd_seq_ump_ev_clear()
seq: Check protocol compatibility with the current version
seq: Simplify snd_seq_extract_output()
seq: Clear UMP event flag for legacy apps
seq: Fix invalid sanity-check in snd_seq_set_input_buffer_size()
reshuffle included files to include config.h as first - v2
Topology API
topology: fix Versions file
add back Versions source file to EXTRA_DIST to fix packaging
topology: separate Versions linker script
/src/Makefile.am
add back Versions source file to EXTRA_DIST to fix packaging
src/Versions.in: Add guards for pcm and timer syms
src/Versions.in: Add guards for opt. alisp symbols
ALSA Server
aserver: fix buffer overwriting
Configuration
conf: pcm: Set C-Media USB 7.1 sound card (ICUSBAUDIO7D) to six_channel for surround40
Filename helpers
reshuffle included files to include config.h as first - v2
Kernel Headers
pcm: Add MSBITS subformat options
alsa-utils
Core
configure.ac: fix UMP support detection
github: Try to fix the build with the release tag
ALSA Control (alsactl)
alsactl: fix potential buffer overwrite
alsa-restore.rules: use devnode instead number atribute
ALSA RawMidi Utility (amidi)
amidi: use ATTRIBUTE_UNUSED instead remove argument name
Audio Transfer utility
axfer: use ATTRIBUTE_UNUSED instead remove argument name
NHLT ACPI parser
nhlt-dmic-info: fix simple memory leak issue
misc: fix incorrect usages of `strerror`
Revert "nhlt-dmic-info.c: include sys/types.h"
nhlt: use stdint.h types
nhlt-dmic-info.c: include sys/types.h
Speaker Test
speaker-test: Use smaller periods in the default settings
speaker-test: Add bandwidth-limited pink noise at -18.5dB AES FS Based
aconnect
seq: use ATTRIBUTE_UNUSED instead remove argument name
alsaloop
alsaloop: use ATTRIBUTE_UNUSED instead remove argument name
alsatplg (topology)
topology: Fix one character typo in code comments
topology: Expand attribute references inside $[] expressions
topology: nhlt: Fix dmic configuration blob building
topology: nhlt: fix simple memory leak
misc: fix incorrect usages of `strerror`
nhlt: Revert SSP_ANALOG device_type field
topology: add include for ENABLE_NLS on musl
topology: pre-processor: Add support for enum controls
topology: include locale.h
topology: use ATTRIBUTE_UNUSED instead remove argument name
alsaucm
misc: fix incorrect usages of `strerror`
alsaucm: use ATTRIBUTE_UNUSED instead remove argument name
aplay/arecord
aplay: status dumps are called only in verbose mode
aplay: enable timestamps by default
aplay: log pcm status before reporting a fatal error
aplay: allow to compile with older alsa-lib (subformat)
aplay: Add option for specifying subformat
aplay: fix buffer overflow and tainted format string
aplay: use stdint.h types instead u_int/u_short/u_char
aplaymidi/arecordmidi
aplaymidi: Set event completely for tempo event
seq: use ATTRIBUTE_UNUSED instead remove argument name
aseqdump
seq: use ATTRIBUTE_UNUSED instead remove argument name
aseqnet
seq: use ATTRIBUTE_UNUSED instead remove argument name
bat (basic audio tester)
bat: really skip analysis of the first period and update related comment
bat: use ATTRIBUTE_UNUSED instead remove argument name
alsa-ucm-conf
Configuration
ucm2: acp3x-es83xx: introduce UCM support for acp3x-es83xx
Qualcomm: Add SM8650 MTP HiFi config
Qualcomm: Add SM8650 QRD HiFi config
codecs: qcom-lpass/tx-macro: Add Soundwire Analog
codecs: wcd939x: Add wcd939x configs
codecs: wsa884x: add two-speakers DefaultEnableSeq.conf
USB-Audio: ALC4080: Add support for MSI MPG B650 Carbon Wifi
ucm: MediaTek: mt8395-evk: Add HDMIRX config
USB-Audio: ALC4080: Add support for Asus ROG Maximus Z790 Apex Encore motherboard (0b05:1a97)
ucm2: Qualcomm: Lenovo-X13s: reduce default headphones volume further
ucm2: conf.d: mt8370-evk: Fix the type of mt8370-evk.conf
sof-soundwire: Add basic support for cs42l43
ucm2: MediaTek: mt8370-evk: Add alsa-ucm support
ucm2: MediaTek: mt8395-evk: Add alsa-ucm support
ucm2: MediaTek: mt8390-evk: Add alsa-ucm support
ucm2: Qualcomm: sc8280xp: rename include identifier
ucm2: Qualcomm: Lenovo-X13s: reduce default headphones volume
ucm2: Qualcomm: sc8280xp/x1e80100: fix default volume settings
ucm2: Qualcomm: x1e80100: fix hardware volume control
ucm2: Qualcomm: sc8280xp: fix hardware volume control
USB-Audio: Fix ProfileName for HeadphonesOnly for Topping DX3 Pro+
USB-Audio: Move Topping DX3 Pro+ config to Common/Headphones
USB-Audio: Add UCM2 configuration for Topping DX3 Pro+
USB-Audio: move zedi10 block to follow USB ID sort order
USB-Audio: Add support for Solid State Labs SSL 2
USB-Audio: add MOTU M6 config
USB-Audio: fix comment in MOTU M4 config
USB-Audio: ALC4080: Add MSI MEG Z690 ACE support (0db0:124b)
USB-Audio: ALC4080 - disable S/PDIF for 0db0:36e7 (MSI MPG B650I EDGE WIFI)
Initialise AIF2 ADC Stereo Capture Route
Documentation: Add ucm URL
ucm2: Qualcomm: x1e80100: add Qualcomm X1E80100 CRD
ucm2: codecs: wsa-macro: add 2xWSA arrangements
ucm2: codecs: wsa884x: add codec sequences
sof-soundwire: Add basic support for basic cs35l56 configurations
sof-soundwire: Use one file for speaker codec initialization
acp5x: add Stream Deck OLED Model
Arturia Minifuse 4: Use forced S32_LE format like for Minifuse 1 and 2
USB-Audio: ALC4080: Fix S/PDIF for 0b05:1a5c
USB-Audio: ALC4080: Fix S/PDIF for 0b05:1a53
USB-Audio: ALC4080: add MPG Z590M GAMING EDGE WIFI
bytcr-wm5102: Add support for different microphone routes
bytcr-wm5102: Add support for speakers connected to HPOUT2
chtnau8824: Mono speaker fixes
codecs/es8316: Fix mono speaker settings from previous boot getting applied
ucm2: acpd7219m98357: Use common da7219 BootSequence
ucm2: add acpd7219m98357
ucm2: soundwire: add rt713 SDCA device
Add UCM2 configuration for Behringer UMC404HD
ucm2: acp3xalc5682m98: Add priority values
ucm2: acp3xalc5682m98: Add JackControls
meson: add initial libretech cc support
meson: add initial p241 support
Add a config for the Allen & Heath Zedi 10 mixer.
Roland/BridgeCast - adjust capture priority for input channels
Roland/BridgeCast - adjust new input channels after latest FW update
Roland/BridgeCast - config, improve config title
Roland Bridgecast - add missing intermediate config file
ucm2: codecs: lpass-rx: use set Digital gain at 0dB
ucm2: codecs: lpass-wsa: use set Digital gain at 0dB
ucm2: Qualcomm: sc8280xp: use Speakers volume control
ucm2: codecs: wsa883x: add Speakers Volume in init conf
ucm2: codecs: wcd938x: use Analog volume for HeadPhones
SplitPCM: Device argument may not be set
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 4 Dec 2024 13:15:41 +0000 (14:15 +0100)]
libtool: Update to version 2.5.4
- Update from version 2.4.7 to 2.5.4
- Update of rootfile
- Update of patch vgersion number
- Changelog
2.5.4
** New features:
- New libtool command line flag, --no-finish, to skip executing
finish_cmds that would alter the shared library cache during testing.
- New libtool command line flag, --reorder-cache=DIRS, to reorder the
shared library cache, only on OpenBSD.
** Bug fixes:
- Fix incorrect use of workarounds designed for Darwin versions that
don't have -single_module support.
- Fix errors when executing 'make distclean' and 'make maintainer-clean'.
- Fix bug where the constructed rpath omit directories, instead of
appending them to the end.
- Fix configure error for when variable 'multlib' is unset.
- Fix searching for -L in link paths being over-greedy and incorrectly
handling paths with -L in them.
- Avoid using AC_TRY_EVAL macro, "dangerous and undocumented".
- Fix linking libraries at runtime with tcc by adding run path.
- Fix path comparison by removing trailing slashes on install commands.
- Fix linking for mingw with lld by prefering response files over the
linker script.
- Fix '-Fe' usage with linking in MSVC.
- Fix '--no-warnings' flag.
- Fix handling xlc(1)-specific options.
- Fix Haiku support.
** Changes in supported systems or compilers:
- Support additional flang-based compilers, 'f18' and 'f95'.
- Support for 'netbsdelf*-gnu'.
- Support for '*-mlibc', and subsequently Ironclad and Managarm.
- Support for SerenityOS.
- Support for wasm32-emscripten.
2.5.3
** New features:
- Add 'aarch64' support to the file magic test, which allows for
shared libraries to be built with Mingw for aarch64.
** Bug fixes:
- The configure options --with-pic and --without-pic have been renamed
to --enable-pic and --disable-pic, respectively. The old names
--with-pic and --without-pic are still supported, though, for
backward compatibility.
- The configure option --with-aix-soname has been renamed to
--enable-aix-soname. The old name --with-aix-soname is still
supported, though, for backward compatibility.
- Fix conflicting warnings about AC_PROG_RANLIB.
- Document situations where -export-symbols does not work.
- Update FSF office address with URL in each file's license block.
- Add checks for aclocal in standalone.at and subproject.at test files
that report failures in Linux From Scratch and Darwin builds.
2.5.2
** Bug fixes:
- Use shared objects built in source tree instead of the installed
versions for more reliable testing.
- Fix test in bug_62343.at for confirmed Cygwin/Mingw32 where the
incorrect architecture version of a compiler was generating
object files that could not be linked with a library file.
- Fix typos found with codespell.
** Changes in supported systems or compilers:
- Add support for 32-bit mode on FreeBSD/powerpc64.
2.5.1
** New features:
- Support C++17 compilers in the C++ tests.
- Add sysroot to library path for cross builds.
** Important incompatible changes:
- Autoconf 2.64 is required for libtool.m4 to use AS_VAR_APPEND.
** Bug fixes:
- Fix for uninitialized variable in libtoolize.
- Skip Fortran/C demo tests when using Clang with fsanitize to
avoid an incompatible ASan runtime.
- Updated documentation for testing.
- Fix failing test to account for program-prefix usage.
- Replaced a deprecated macro to remove warning messages in the
testsuite logs.
- Fix number of arguments for AC_CHECK_PROG call.
- Fix test failures with no-canonical-prefixes flag by checking
if the flag is supported first.
- Fix test failures with no-undefined flag by checking host OS
before appending the flag.
- Skip test when passing CXX flags through libtool to avoid test
failure on NetBSD.
- Remove texinfo warning for period in node name of pxref.
- Alter syntax in sed command to fix numerous test failures
on 64-bit windows/cygwin/mingw.
- Fix 'Wstrict-prototypes' warnings.
- Correct DLL Installation Path for mingw multilib builds.
- Fix '--preserve-dup-deps' stripping duplicates.
- Disable chained fixups for macOS, since it is not compatible with
'-undefined dynamic_lookup'.
** Changes in supported systems or compilers:
- Support additional flang-based compilers, 'flang-new' and 'ftn'.
2.5.0
** New features:
- Pass '-fdiagnostics-color', '-frecord-gcc-switches',
'-fno-sanitize*', '-Werror', and 'prefix-map' flags.
- Pass the '-no-canonical-prefixes' linker flag.
- Pass '-fopenmp=*' for Clang to allow choosing between libgomp and
libomp.
- Pass '-shared-libsan', '-static-libsan', 'rtlib=*', and
'unwindlib=*' for Clang.
- Expanded process.h inclusion on Windows for more than the
proprietary MSVC compiler. Other alternative Windows compilers
also require process.h.
- Pass 'elf32_x86_64' and 'elf64_x86_64' to the linker on hurd-amd64.
- Recognize *-*-windows* config triplets.
** Important incompatible changes:
- Removed test_compile from command line options.
- By default executables are created with the RUNPATH property for
the Android linker. RUNPATH works for libraries which are not
installed in system locations.
- Removed AC_PROG_SED fallback, as the macro has been supported
in Autoconf since the 90's.
** Bug fixes:
- Check for space after -l, -L, and -R linker flags.
- Updated documentation for tests, the demo directory, and
elsewhere.
- Fixed Solaris 11 builds.
- Clean trailing "/" from sysroot path.
- Fixed shared library builds for System V.
- Added mingw to the list of systems not requiring libm.
- Fixed support for nios2 systems.
- Fixed linker check for '--whole-archive' support for linkers other
than ld.
- Use -Fe instead of -o with MSVC to avoid deprecation warnings.
- Improved reproducibility of libtool scripts.
- Avoided MinGW warning by adding CRTIMP.
- Improved grep portability.
- Fixed cross-building warnings when checking for file.
** Changes in supported systems or compilers:
- Removed support for bitrig (*-*-bitrig*).
- Added support for flang (Fortran LLVM-based) compilers.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 4 Dec 2024 13:15:40 +0000 (14:15 +0100)]
c-ares: Update to version 1.34.3
- Update from version 1.32.1 to 1.34.3
- Update of rootfile
- Changelog
1.34.3
Changes:
Build the release package in an automated way so we can provide provenance
as per SLSA3. PR #906
Bugfixes:
Some upstream servers are non-compliant with EDNS options, resend queries
without EDNS. Issue #911
Android: <=7 needs sys/system_properties.h a70637c
Android: CMake needs -D_GNU_SOURCE and others. PR #915
TSAN warns on missing lock, but lock isn’t actually necessary. PR #915
ares_getaddrinfo() for AF_UNSPEC should retry IPv4 if only IPv6 is
received. 765d558
ares_send() shouldn’t return ARES_EBADRESP, its ARES_EBADQUERY. 91519e7
Fix typos in man pages. PR #905
1.34.2
This release contains a fix for downstream packages detecting the c-ares
version based on the contents of the header file rather than the distributed
pkgconf or cmake files.
1.34.1
This release fixes a packaging issue.
1.34.0
Features:
adig: read arguments from adigrc. PR #856
Add new pending write callback optimization via ares_set_pending_write_cb.
PR #857
New function ares_process_fds(). PR #875
Failed servers should be probed rather than redirecting queries which
could cause unexpected latency. PR #877
adig: rework command line arguments to mimic dig from bind. PR #890
Add new method for overriding network functions
ares_set_socket_function_ex() to properly support all new functionality.
PR #894
Fix regression with custom socket callbacks due to DNS cookie support.
PR #895
ares_socket: set IP_BIND_ADDRESS_NO_PORT on ares_set_local_ip* tcp sockets
PR #887
URI parser/writer for ares_set_servers_csv()/ares_get_servers_csv(). PR #882
Changes:
Connection handling modularization. PR #857, PR #876
Expose library/utility functions to tools. PR #860
Remove ares__ prefix, just use ares_ for internal functions. PR #872
Bugfixes:
fix: potential WIN32_LEAN_AND_MEAN redefinition. PR #869
Fix googletest v1.15 compatibility. PR #874
Fix pkgconfig thread dependencies. PR #884
1.33.1
Bugfixes:
Work around systemd-resolved quirk that returns unexpected codes for
single label names. Also adds test cases to validate the work around
works and will continue to work in future releases. PR #863, See Also
systemd/systemd#34101
Fix sysconfig ndots default value, also adds containerized test case to
prevent future regressions. PR #862
Fix blank DNS name returning error code rather than valid record for
commands like: adig -t SOA .. Also adds test case to prevent future
regressions. 9e574af
Fix calculation of query times > 1s. 2b2eae7
Fix building on old Linux releases that don’t have TCP_FASTOPEN_CONNECT. b7a89b9
Fix minor Android build warnings. PR #848
1.33.0
Features:
Add DNS cookie support (RFC7873 + RFC9018) to help prevent off-path cache
poisoning attacks. PR #833
Implement TCP FastOpen (TFO) RFC7413, which will make TCP reconnects 0-RTT
on supported systems. PR #840
Changes:
Reorganize source tree. PR #822
Refactoring of connection handling to prevent code duplication. PR #839
New dynamic array data structure to prevent simple logic flaws in array
handling in various code paths. PR #841
Bugfixes:
ares_destroy() race condition during shutdown due to missing lock. PR #831
Android: Preserve thread name after attaching it to JVM. PR #838
Windows UWP (Store) support fix. PR #845
1.32.3
Changes:
Prevent complex recursion during query requeuing and connection cleanup
for stability. e8b32b8
Better propagate error codes on requeue situations. a9bc0a2
Try to prevent SIGPIPE from being generated and delivered to integrations. de01baa
Bugfixes:
Missing manpage for ares_dns_record_set_id() aa462b3
Memory leak in ares__hosts_entry_to_hostent() due to allocation strategy.
PR #824
UDP write failure detected via ICMP unreachable should trigger faster
failover. PR #821
Fix pycares test case regression due to wrong error code being returned.
Regression from 1.31.0. PR #820
Fix possible Windows crash during ares_destroy() when using event threads. 5609bd4
ARES_OPT_MAXTIMEOUTMS wasn’t being honored in all cases. a649c60
1.32.2
Bugfixes:
Windows: rework EventThread AFD code for better stability. PR #811
Windows: If an IP address was detected to have changed, it could lead to a
crash due to a bad pointer. Regression introduced in 1.31.0. 59e3a1f4
Windows: use QueryPerformanceCounters() instead of GetTickCount64() for
better time accuracy (~15ms -> ~1us). 8a50fc6c
Windows 32bit config change callback needs to be tagged as stdcall
otherwise could result in a crash. 5c2bab35
Tests that need accurate timing should not depend on internal symbols as
there are C++ equivalents in std::chrono. PR #809
Kqueue (MacOS, *BSD): If the open socket count exceeded 8 (unlikely), it
would try to allocate a new buffer that was too small. 5aad7981
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 29 Nov 2024 15:00:09 +0000 (16:00 +0100)]
sudo: Update to version 1.9.16p2
- Update fromn version 1.9.16 to 1.9.16p2
- This v2 version replaces the one that went from 1.9.16 to 1.9.16p1
- The previous version has been marked as superceded in Patchwork.
- Update of rootfile not required
1.9.16p2
* Sudo now passes the terminal device number to the policy plugin
even if it cannot resolve it to a path name. This allows sudo
to run without warnings in a chroot jail when the terminal device
files are not present. GitHub issue #421.
* On Linux systems, sudo will now attempt to use the symbolic links
in /proc/self/fd/{0,1,2} when resolving the terminal device
number. This can allow sudo to map a terminal device to its
path name even when /dev/pts is not mounted in a chroot jail.
* Fixed compilation errors with gcc and clang in C23 mode.
C23 no longer supports functions with unspecified arguments.
1.9.16p1
* Fixed the test for cross-compiling when checking for C99 snprintf().
The changes made to the test in sudo 1.9.16 resulted in a different
problem. GitHub issue #386.
* Fixed the date used by the exit record in sudo-format log files.
This was a regression introduced in sudo 1.9.16 and only affected
file-based logs, not syslog. GitHub issue #405.
* Fixed the root cause of the "unable to find terminal name for
device" message when running sudo on AIX when no terminal is
present. In sudo 1.9.16 this was turned from a debug message
into a warning. GitHub issue #408
* When a duplicate alias is found in the sudoers file, the warning
message now includes the file and line number of the previous
definition.
* Added support for the --with-secure-path-value=no configure
option to allow packagers to ship the default sudoers file with
the secure path line commented out.
* Sudo no longer sends mail when a user runs "sudo -nv" or "sudo -nl",
even if "mail_badpass" or "mail_always" are set. Sudo already
avoids logging to a file or syslog in this case. Bug #1072.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 28 Nov 2024 11:49:07 +0000 (12:49 +0100)]
xz: Update to version 5.6.3
- Update from version 5.4.5 to 5.6.3
- Update of rootfile
- This update is now done only by the xz originator Lasse Collin (Larhzu). A new github
repo was created by Lasse for xz and this does not contain the malicious versions -
5.6.0 & 5.6.1 https://github.com/tukaani-project/xz/releases
- Version 5.6.3 is being used by Arch Linux and Ubuntu plucky
- Changelog
5.6.3
IMPORTANT: This includes a Windows-specific security fix to
the command line tools. liblzma isn't affected by this issue.
* liblzma:
- Fix x86-64 inline assembly compatibility with GNU Binutils
older than 2.27.
- Fix the build with GCC 4.2 on OpenBSD/sparc64.
* xzdec: Display an error instead of failing silently if the
unsupported option -M is specified.
* lzmainfo: Fix integer overflows when rounding the dictionary and
uncompressed sizes to the nearest mebibyte.
* Windows (except Cygwin and MSYS2): Add an application manifest to
xz, xzdec, lzmadec, and lzmainfo executables:
- Declare them compatible with Vista/7/8/8.1/10/11. This way
the programs won't needlessly use Operating System Context
of Vista when running on later Windows versions. This setting
doesn't mean that the executables cannot run on even older
versions if otherwise built that way.
- Declare them as UAC-compliant. MSVC added this by default
already but it wasn't done with MinGW-w64, at least not
with all toolchain variants.
- Declare them long path aware. This makes long path names
work on Windows 10 and 11 if the feature has been enabled
in the Windows registry.
- Use the UTF-8 code page on Windows 10 version 1903 and later.
* Now command line tools can access files whose names
contain characters that don't exist in the current
legacy code page.
* The options --files and --files0 now expect file lists
to be in UTF-8 instead of the legacy code page.
* This fixes a security issue: If a command line contains
Unicode characters (for example, filenames) that don't
exist in the current legacy code page, the characters are
converted to similar-looking characters with best-fit
mapping. Some best-fit mappings result in ASCII
characters that change the meaning of the command line,
which can be exploited with malicious filenames to do
argument injection or directory traversal attacks.
UTF-8 avoids best-fit mappings and thus fixes the issue.
Forcing the process code page to UTF-8 is possible only
on Windows 10 version 1903 and later. The command line
tools remain vulnerable if used on an old older
version of Windows.
This issue was discovered by Orange Tsai and splitline
from DEVCORE Research Team.
A related smaller issue remains: Windows filenames may
contain unpaired surrogates (invalid UTF-16). These are
converted to the replacement character U+FFFD in the
UTF-8 code page. Thus, filenames with different unpaired
surrogates appear identical and aren't distinguishable
from filenames that contain the actual replacement
character U+FFFD.
* When building with MinGW-w64, it is recommended to use
UCRT version instead of the old MSVCRT. For example,
non-ASCII characters from filenames won't print
correctly in messages to console with MSVCRT with
the UTF-8 code page (a cosmetic issue). liblzma-only
builds are still fine with MSVCRT.
- Cygwin and MSYS2 process command line options differently and
the above issues don't exist. There is no need to replace the
default application manifest on Cygwin and MSYS2.
* Autotools-based build:
- Fix feature checks with link-time optimization (-flto).
- Solaris: Fix a compatibility issue in version.sh. It matters
if one wants to regenerate configure by running autoconf.
* CMake:
- Use paths relative to ${prefix} in liblzma.pc when possible.
This is done only with CMake >= 3.20.
- MSVC: Install liblzma.pc as it can be useful with MSVC too.
- Windows: Fix liblzma filename prefix, for example:
* Cygwin: The DLL was incorrectly named liblzma-5.dll.
Now it is cyglzma-5.dll.
* MSVC: Rename import library from liblzma.lib to lzma.lib
while keeping liblzma.dll name as is. This helps with
"pkgconf --msvc-syntax --libs liblzma" because it mungles
"-llzma" in liblzma.pc to "lzma.lib".
* MinGW-w64: No changes.
- Windows: Use the correct resource file for lzmadec.exe.
Previously the resource file for xzdec.exe was used for both.
Autotools-based build isn't affected.
- Prefer a C11 compiler over a C99 compiler but accept both.
- Link Threads::Threads against liblzma using PRIVATE so that
-pthread and such flags won't unnecessarily get included in
the usage requirements of shared liblzma. That is,
target_link_libraries(foo PRIVATE liblzma::liblzma) no
longer adds -pthread if using POSIX threads and linking
against shared liblzma. The threading flags are still added
if linking against static liblzma.
* Updated translations: Catalan, Chinese (simplified), and
Brazilian Portuguese.
5.6.2
* Remove the backdoor (CVE-2024-3094).
* Not changed: Memory sanitizer (MSAN) has a false positive
in the CRC CLMUL code which also makes OSS Fuzz unhappy.
Valgrind is smarter and doesn't complain.
A revision to the CLMUL code is coming anyway and this issue
will be cleaned up as part of it. It won't be backported to
5.6.x or 5.4.x because the old code isn't wrong. There is
no reason to risk introducing regressions in old branches
just to silence a false positive.
* liblzma:
- lzma_index_decoder() and lzma_index_buffer_decode(): Fix
a missing output pointer initialization (*i = NULL) if the
functions are called with invalid arguments. The API docs
say that such an initialization is always done. In practice
this matters very little because the problem can only occur
if the calling application has a bug and these functions
return LZMA_PROG_ERROR.
- lzma_str_to_filters(): Fix a missing output pointer
initialization (*error_pos = 0). This is very similar
to the fix above.
- Fix C standard conformance with function pointer types.
- Remove GNU indirect function (IFUNC) support. This is *NOT*
done for security reasons even though the backdoor relied on
this code. The performance benefits of IFUNC are too tiny in
this project to make the extra complexity worth it.
- FreeBSD on ARM64: Add error checking to CRC32 instruction
support detection.
- Fix building with NVIDIA HPC SDK.
* xz:
- Fix a C standard conformance issue in --block-list parsing
(arithmetic on a null pointer).
- Fix a warning from GNU groff when processing the man page:
"warning: cannot select font 'CW'"
* xzdec: Add support for Linux Landlock ABI version 4. xz already
had the v3-to-v4 change but it had been forgotten from xzdec.
* Autotools-based build system (configure):
- Symbol versioning variant can now be overridden with
--enable-symbol-versions. Documentation in INSTALL was
updated to match.
- Add new configure option --enable-doxygen to enable
generation and installation of the liblzma API documentation
using Doxygen. Documentation in INSTALL and PACKAGERS was
updated to match.
CMake:
- Fix detection of Linux Landlock support. The detection code
in CMakeLists.txt had been sabotaged.
- Disable symbol versioning on non-glibc Linux to match what
the Autotools build does. For example, symbol versioning
isn't enabled with musl.
- Symbol versioning variant can now be overridden by setting
SYMBOL_VERSIONING to "OFF", "generic", or "linux".
- Add support for all tests in typical build configurations.
Now the only difference to the tests coverage to Autotools
is that CMake-based build will skip more tests if features
are disabled. Such builds are only for special cases like
embedded systems.
- Separate the CMake code for the tests into tests/tests.cmake.
It is used conditionally, thus it is possible to
rm -rf tests
and the CMake-based build will still work normally except
that no tests are then available.
- Add a option ENABLE_DOXYGEN to enable generation and
installation of the liblzma API documentation using Doxygen.
* Documentation:
- Omit the Doxygen-generated liblzma API documentation from the
package. Instead, the generation and installation of the API
docs can be enabled with a configure or CMake option if
Doxygen is available.
- Remove the XZ logo which was used in the API documentation.
The logo has been retired and isn't used by the project
anymore. However, it's OK to use it in contexts that refer
to the backdoor incident.
- Remove the PDF versions of the man pages from the source
package. These existed primarily for users of operating
systems which don't come with tools to render man page
source files. The plain text versions are still included
in doc/man/txt. PDF files can still be generated to doc/man,
if the required tools are available, using "make pdf" after
running "configure".
- Update home page URLs back to their old locations on
tukaani.org.
- Update maintainer info.
* Tests:
- In tests/files/README, explain how to recreate the ARM64
test files.
- Remove two tests that used tiny x86 and SPARC object files
as the input files. The matching .c file was included but
the object files aren't easy to reproduce. The test cases
weren't great anyway; they were from the early days (2009)
of the project when the test suite had very few tests.
- Improve a few tests.
5.4.7
* Not changed: Memory sanitizer (MSAN) has a false positive
in the CRC CLMUL code which also makes OSS Fuzz unhappy.
Valgrind is smarter and doesn't complain.
A revision to the CLMUL code is coming anyway and this issue
will be cleaned up as part of it. It won't be backported to
5.6.x or 5.4.x because the old code isn't wrong. There is
no reason to risk introducing regressions in old branches
just to silence a false positive.
* liblzma:
- lzma_index_decoder() and lzma_index_buffer_decode(): Fix
a missing output pointer initialization (*i = NULL) if the
functions are called with invalid arguments. The API docs
say that such an initialization is always done. In practice
this matters very little because the problem can only occur
if the calling application has a bug and these functions
return LZMA_PROG_ERROR.
- lzma_str_to_filters(): Fix a missing output pointer
initialization (*error_pos = 0). This is very similar
to the fix above.
- Fix C standard conformance with function pointer types.
This newly showed up with Clang 17 with -fsanitize=undefined.
There are no bug reports about this.
- Fix building with NVIDIA HPC SDK.
* xz:
- Fix a C standard conformance issue in --block-list parsing
(arithmetic on a null pointer).
- Fix a warning from GNU groff when processing the man page:
"warning: cannot select font 'CW'"
- Fix outdated threading related information on the man page.
* xzless:
- With "less" version 451 and later, use "||-" instead of "|-"
in the environment variable LESSOPEN. This way compressed
files that contain no uncompressed data are shown correctly
as empty.
- With "less" version 632 and later, use --show-preproc-errors
to make "less" show a warning on decompression errors.
* Autotools-based build system (configure):
- Symbol versioning variant can now be overridden with
--enable-symbol-versions. Documentation in INSTALL was
updated to match.
CMake:
- Linux on MicroBlaze is handled specially now. This matches
the changes made to the Autotools-based build in XZ Utils
5.4.2 and 5.2.11.
- Disable symbol versioning on non-glibc Linux to match what
the Autotools build does. For example, symbol versioning
isn't enabled with musl.
- Symbol versioning variant can now be overridden by setting
SYMBOL_VERSIONING to "OFF", "generic", or "linux".
* Documentation:
- Clarify the description of --disable-assembler in INSTALL.
The option only affects 32-bit x86 assembly usage.
- Add doc/examples/11_file_info.c. It was added to the
Git repository in 2017 but forgotten to be added into
distribution tarballs.
- Don't install the TODO file as part of the documentation.
The file is out of date.
- Update home page URLs back to their old locations on
tukaani.org.
- Update maintainer info.
5.4.6
* Fixed a bug involving internal function pointers in liblzma not
being initialized to NULL. The bug can only be triggered if
lzma_filters_update() is called on a LZMA1 encoder, so it does
not affect xz or any application known to us that uses liblzma.
* xz:
- Fixed a regression introduced in 5.4.2 that caused encoding
in the raw format to unnecessarily fail if --suffix was not
used. For instance, the following command no longer reports
that --suffix must be used:
echo foo | xz --format=raw --lzma2 | wc -c
- Fixed an issue on MinGW-w64 builds that prevented reading
from or writing to non-terminal character devices like NUL.
* Added a new test.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 28 Nov 2024 11:49:06 +0000 (12:49 +0100)]
xfsprogs: Update to version 6.11.0
- Update from version 6.9.0 to 6.11.0
- Update of rootfile
- The existing CONFIGURE_OPTIONS variable was empty so ./configure was run with a
standard PREFIX=/usr but split /usr has been removed from the build so the default
for all directories goes to being under /usr, including the library etc.
- Added entries for prefix, libdir and localstatedir into the variable
CONFIGURE_OPTIONS so that most files ended up in the same locxations as with previous
versions. fsck.xfs, mkfs.xfs & xfs_repair end up in /usr/sbin the same as all the
other xfs programs. A mv command addeed to move these three files into /sbin to match
the previous versions.
- Tested out this change in a vm system on my testbed. The xfs filesystem was created
without any issues and I ended up with a normally working system. I also rebooted
with fsck selected and the reboot occurred without any issues. No messages about
problems in the logs, only messages about a successful clean xfs mount. So both
fsck.xfs and mkfs.xfs seem to be working without any problems.
- Changelog
6.11.0
Cleanups and bugfixes in mkfs/xfs_db/repair/scrub/mdrestore (Darrick J. Wong)
Drop libattr dependency (Darrick J. Wong)
Debian and Ubuntu archive changes (Bastian Germann)
6.10.1
fix C++ compilation errors in xfs_fs.h (Darrick J. Wong)
6.10.0
debian: enable xfs_scrub_all systemd timer services by default (Darrick J. Wong)
mkfs: set autofsck filesystem property (Darrick J. Wong)
xfs_scrub: use the autofsck fsproperty to select mode (Darrick J. Wong)
xfs_scrub: allow sysadmin to control background scrubs (Darrick J. Wong)
xfs_property: add a new tool to administer fs properties (Darrick J. Wong)
xfs_db: add a command to list xattrs (Darrick J. Wong)
xfs_db: improve getting and setting extended attributes (Darrick J. Wong)
xfs_io: edit filesystem properties (Darrick J. Wong)
xfs_scrub: defer phase5 file scans if dirloop fails (Darrick J. Wong)
xfs_repair: wipe ondisk parent pointers when there are none (Darrick J. Wong)
xfs_scrub: detect and repair directory tree corruptions (Darrick J. Wong)
xfs_repair: update ondisk parent pointer records (Darrick J. Wong)
xfs_spaceman: report directory tree corruption in the health information (Darrick J. Wong)
xfsprogs: support vectored scrub (Darrick J. Wong)
man: document vectored scrub mode (Darrick J. Wong)
man2: update ioctl_xfs_scrub_metadata.2 for parent pointers (Darrick J. Wong)
mkfs: enable formatting with parent pointers (Allison Henderson)
mkfs: Add parent pointers during protofile creation (Allison Henderson)
xfs_repair: check parent pointers (Darrick J. Wong)
xfs_db: compute hashes of parent pointers (Darrick J. Wong)
xfs_db: add link and unlink expert commands (Darrick J. Wong)
xfs_repair: build a parent pointer index (Darrick J. Wong)
xfs_db: add a parents command to list the parents of a file (Darrick J. Wong)
xfs_db: obfuscate dirent and parent pointer names consistently (Darrick J. Wong)
xfs_db: report parent pointers embedded in xattrs (Darrick J. Wong)
xfs_db: report parent bit on xattrs (Darrick J. Wong)
xfs_db: report parent pointers in version command (Darrick J. Wong)
xfs_scrub: use parent pointers to report lost file data (Darrick J. Wong)
xfs_scrub: use parent pointers when possible to report file operations (Darrick J. Wong)
xfs_logprint: decode parent pointers in ATTRI items fully (Allison Henderson)
xfs_io: Add i, n and f flags to parent command (Allison Henderson)
xfs_io: adapt parent command to new parent pointer ioctls (Darrick J. Wong)
libfrog: report parent pointers to userspace (Darrick J. Wong)
libfrog: add parent pointer support code (Darrick J. Wong)
man: document the XFS_IOC_GETPARENTS ioctl (Darrick J. Wong)
xfs_logprint: dump new attr log item fields (Darrick J. Wong)
xfs_scrub_all: failure reporting for the xfs_scrub_all job (Darrick J. Wong)
xfs_repair: check free space requirements before allowing upgrades (Darrick J. Wong)
xfs_scrub_all: convert systemctl calls to dbus (Darrick J. Wong)
xfs_scrub_all: trigger automatic media scans once per month (Darrick J. Wong)
xfs_scrub: add an optimization-only mode (Darrick J. Wong)
xfs_scrub_all: add CLI option for easier debugging (Darrick J. Wong)
xfs_scrub_all: enable periodic file data scrubs automatically (Darrick J. Wong)
xfs_scrub: automatic downgrades to dry-run mode in service mode (Darrick J. Wong)
xfs_scrub_all: support metadata+media scans of all filesystems (Darrick J. Wong)
xfs_scrub_all: fail fast on masked units (Darrick J. Wong)
xfs_scrub_all: remove journalctl background process (Darrick J. Wong)
xfs_scrub_all: only use the xfs_scrub@ systemd services in service mode (Darrick J. Wong)
xfs_scrub: tune fstrim minlen parameter based on free space histograms (Darrick J. Wong)
xfs_scrub: improve responsiveness while trimming the filesystem (Darrick J. Wong)
xfs_scrub: tighten up the security on the background systemd service (Darrick J. Wong)
xfs_scrub: don't call FITRIM after runtime errors (Darrick J. Wong)
xfs_scrub: use dynamic users when running as a systemd service (Darrick J. Wong)
xfs_scrub: report FITRIM errors properly (Darrick J. Wong)
xfs_scrub.service: reduce background CPU usage to less than one core if possible (Darrick J. Wong)
xfs_scrub: don't close stdout when closing the progress bar (Darrick J. Wong)
xfs_scrub: fix the work estimation for phase 8 (Darrick J. Wong)
libfrog: print cdf of free space buckets (Darrick J. Wong)
libfrog: print wider columns for free space histogram (Darrick J. Wong)
xfs_scrub: ignore phase 8 if the user disabled fstrim (Darrick J. Wong)
xfs_scrub: move FITRIM to phase 8 (Darrick J. Wong)
xfs_scrub: improve thread scheduling repair items during phase 4 (Darrick J. Wong)
xfs_scrub: avoid potential UAF after freeing a duplicate name entry (Darrick J. Wong)
xfs_scrub: enable users to bump information messages to warnings (Darrick J. Wong)
xfs_scrub: retry incomplete repairs (Darrick J. Wong)
xfs_scrub: warn about difficult repairs to rt and quota metadata (Darrick J. Wong)
xfs_scrub: any inconsistency in metadata should trigger difficulty warnings (Darrick J. Wong)
mkfs: add a formatting option for exchange-range (Darrick J. Wong)
xfs_repair: add exchange-range to file systems (Darrick J. Wong)
xfs_scrub: fix missing scrub coverage for broken inodes (Darrick J. Wong)
xfs_scrub: log when a repair was unnecessary (Darrick J. Wong)
libfrog: advertise exchange-range support (Darrick J. Wong)
xfs_io: create exchangerange command to test file range exchange ioctl (Darrick J. Wong)
xfs_fsr: skip the xattr/forkoff levering with the newer swapext implementations (Darrick J. Wong)
xfs_fsr: convert to bulkstat v5 ioctls (Darrick J. Wong)
xfs_logprint: support dumping exchmaps log items (Darrick J. Wong)
xfs_db: advertise exchange-range in the version command (Darrick J. Wong)
libfrog: add support for exchange range ioctl family (Darrick J. Wong)
libhandle: add support for bulkstat v5 (Darrick J. Wong)
man: document XFS_FSOP_GEOM_FLAGS_EXCHRANGE (Darrick J. Wong)
man: document the exchange-range ioctl (Darrick J. Wong)
xfs_repair: don't crash on -vv (Darrick J. Wong)
xfsprogs: Remove support for split-/usr installs (Chris Hofstaedtler)
libxfs: kernel sync (Darrick J. Wong)
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 28 Nov 2024 11:49:05 +0000 (12:49 +0100)]
vim: Update to version 9.1.0886
- Update from version 9.1 to 9.1.0886
- vim-9.1 came out at start of 2024. Since then patches fixing various bugs have been
commited into the vim git repository - nealy 900 patches. It looks like vim intends
to only infrequently do normal version updates but to issue tagged versions for
each patch fix. This release has patch 9.1.0886 and todays's version (2024-11-28) is
9.1.0891
- hardening patch was re-created with this latest patch.
- Update of rootfile
- Changelog is basically the commits from the github repo.
https://github.com/vim/vim/commits/v9.1.0886
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 28 Nov 2024 11:49:03 +0000 (12:49 +0100)]
usbutils: Update to version 018
- Update from version 017 to 018
- Update of rootfile
- meson is now the only build method
- Changelog
018
Add a manpage for lsusb.py
Add lsusb.py.1 to DISTCLEANFILES
Add a manpage for usbreset
usb-devices: fix bashism
autogen.sh: use valid email for 2024 copyright
README: list libudev as a requirement
meson: bump to libusb-1.0.22, reinstate libusb_set_option()
meson: set project details
meson: always include config.h first, use -include
meson: add compiler warnings to the build
meson: add all* CFLAGS from travis-autogen.sh
meson: temporary disable extra noisy warning
man: remove version from the manual pages
lsusb.py: remove inline lsusb-VERSION.py note
lsusb.py: remove @DATADIR@ instance
README: add Contributing section
lsusb.py: mention both usb.ids paths
Rename .in files to their final state
Update .gitignore files
meson: convert Wswitch-enum to Wswitch and enable
meson: enable commented out warnings
meson: add a bunch more warnings to the mix
travis: remove travis-ci files
ci: add build ci (Alpline) based on kmod's
ci: add Arch permutation
ci: add Debian permutation
ci: add Fedora permutation
ci: add Ubuntu permutation
ci: add codeql (static analysis) based on main.yml
ci: add SPDX copyright/licence identifiers
README: fix link, add DCO and SPDX details
lsusb: make internal API const-aware
lsusb: const annotate most data, re-enable -Wdiscarded-qualifiers
ci: run monthly checks by dependabot
meson: fold usbhid-dump/meson.build in
.gitmodules: remove no longer needed file
ci: add/update the final SPDX identifiers
man: move manual pages in designated sub-folder
ci: add reuse lint stage
lsusb: drop the audioterminal hash table
lsusb: drop the videoterminal hash table
lsusb: drop the genericstrtable hash tables
meson: re-enable some warnings
editorconfig: add initial config file
.clang-format: import from Linux kernel as of v6.11.-rc6
.clang-format: update for_each pattern and list
ci: add clang-format action
clang-format: bump column limit to 120
ci: directly use archlinux:multilib-devel
ci: drop the mkdir && cd dance
ci: add clang permutation, for 64bit only
lsusb: reformat and add trailing commas for multi-line arrays
usb-spec: move the opening curly brackets to end of line
ci: add codespell action, fix all typos
Include "negotiated speed" in device dump
lsusb: remove autotools checks for iconv
lsusb: remove byteswap.h check
lsusb: always include config.h
usbutils: remove usbutils.pc
usbutils: convert build system to use meson
usbutils.spdx: update file based on recent file movements
lsusb: fix memory leak in libusb
lsusb: billboard alternate mode is in little endian format
README: update based on build tool changes
lsusb: add support to show superspeed++
usbhid-dump: clean up meson.build a bit
justfile: add one
meson: disable -Wswitch-enum
usbutils.spdx: update the SPDX file
README.md: update the SPDX wording a bit
README.md: add the linux-usb mailing list to the README.
LICENSE: add LGPL-2.1 license text
usbutils.spdx: update the data
update usbutils.spdx file
editorconfig: make the line length 120
clang-format: add proper copyright information
clang-format: fix SPDX license
lsusb-t: get rid of custom list.h logic
LICENSES: add CC0 and MIT licenses
lsusb-t: fix memory leak
justfile: add some more targets
usbutils.spdx: update based on file additions
usbutils.spdx: update due to new file and checksums
usbreset: replace some unbounded strcpy() calls
sysfs.c: fix an theoretical issue with snprintf()
usbutils.spdx: update checksums
usbmisc: fix possible stack-buffer-overflow Running lsusb with -D argument and
path, which len is more than PATH_MAX + 1, cause stack-buffer-overflow because
of copy to the buf a string without null-terminator Force setting 0 byte to
the end of the buf fixes this error Fix #190
update ccid descriptor dumping to V1.1 spec
V1.1 is actually V1.10..
remove one space
usb-devices: Fix usb-devices with busybox
Do not warn about missing LPM bit when not required
lsusb: add VideoControl Endpoint Descriptor
ci: bump github/codeql-action in the all-actions group
ci: bump the all-actions group with 2 updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 28 Nov 2024 11:49:01 +0000 (12:49 +0100)]
chkconfig: Update to version 1.30
- Update from version 1.5 (2015) to 1.30 (Aug 2024)
- Fedora now have a github site for chkconfig which has had releases since 2023
- Update of rootfile not required
- Changelog
1.30
ostree: move admindir to /etc/alternatives.admindir by @vrothberg in #135
1.29
Translations update from Fedora Weblate by @weblate in #133
Avoid possible leaks in readConfig() by @dtardon in #128
fix issues found by static analyzers by @lnykryn in #125
Mkosi by @lnykryn in #127
1.28
test: return failures from the test suite by @lnykryn in #130
Prepare for bin-sbin merge by @jamacku in #131
1.27
Translations update from Fedora Weblate by @weblate in #124
Alternatives: Fix issues found by static analyzers by @lnykryn in #126
1.26
build(deps): bump actions/checkout from 3 to 4 by @dependabot in #113
Translations update from Fedora Weblate by @weblate in #114
build(deps): bump redhat-plumbers-in-action/differential-shellcheck from 4 to 5 by @dependabot in #115
Fix systemdActive() by @marcosfrm in #117
build(deps): bump github/codeql-action from 2 to 3 by @dependabot in #119
build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in #120
Translations update from Fedora Weblate by @weblate in #121
Add support for running using tmt by @jamacku in #123
1.25
Translations update from Fedora Weblate by @weblate in #110
Translations update from Fedora Weblate by @weblate in #111
alternatives: fix possible buffer overrun by @lnykryn in #112
1.24
Revert recent rpmautospec and Packit changes by @jamacku in #107
Fix way how we generate next version by @jamacku in #108
1.23
Remove changelog and update translations by @jamacku in #100
Translations update from Fedora Weblate by @weblate in #101
Fix --keep-foreign when the target is missing completely by @lnykryn in #104
Translations update from Fedora Weblate by @weblate in #103
Translations update from Fedora Weblate by @weblate in #105
1.22
Fedora release process (Packit, rpmautospec) by @jamacku in #91
releng: Packit remove extra job trigger by @jamacku in #92
Bump redhat-plumbers-in-action/differential-shellcheck from 3 to 4 by @dependabot in #94
test: fix ShellCheck error[SC2070] by @jamacku in #95
Add Locale linter (Weblate) by @jamacku in #98
Translations update from Fedora Weblate by @weblate in #96
migrate to SPDX license by @lzaoral in #99
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 24 Nov 2024 12:27:15 +0000 (13:27 +0100)]
sysvinit: Update to version 3.11
- Update from version 3.10 to 3.11
- Update of rootfile not required
- Changelog
3.11
* Some escape characters were included in the inittab manual page, but not
displayed by the "man" command because they were not (ironically)
properly escaped. This has been fixed.
* Enabled chaining commands together in the inittab file. This allows the
admin to run commands like "task1 && task2" or "task2 || task2" from the
inittab file.
* Fix typoes in halt manual page. Fixes provided by Bjarni Ingi Gislason.
* Fix typos/markdown in fstab-decode manual page.
Patch provided by Bjarni Ingi Gislason.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 24 Nov 2024 12:27:14 +0000 (13:27 +0100)]
sysstat: Update to version 12.7.6
- Update from version 12.7.1 to 12.7.6
- Update of rootfile
- Changelog
12.7.6
* sar/sadf: [A_NET_ETCP]: Rename retrans/s field to retrseg/s
because it was already used in A_NET_NFS report.
* sadf: SVG: Fix oversized SVG canvas height.
* sadf: Don't cap SVG graph output at 100%.
* sadf: A_NET_SOFT: Don't display graphs for offline CPU.
* sadf: SVG: Don't ignore other views when one has to be skipped.
* sadf: Make sure structures will be alloacated for every installed
CPU.
* sadf: Define MIN_CANVAS_HEIGHT constant.
* sar: Display min/max values only when available.
* Define macros for CPU manipulation.
* SREALLOC() macro: Make sure size is not zero.
* Fix a warning given by gcc v13 with -fanalyzer option.
* [Eli Schwartz]: configure.ac: fix erroneous bashisms.
* sar manual page updated.
* DTD and XSD documents updated.
* Year updated in copyright messages.
* Other cosmetic changes in code.
* FAQ and README files updated.
* Non regression tests updated. New tests added.
12.7.5
* [Quan quan Cao]: sar/sadc: Add new metrics pgprom/s and pgdem/s.
* sar: Remove %vmeff metric.
* sadf: Update various output formats to take into account metrics
that have been added or removed.
* Update DTD and XSD documents.
* Update sar manual page.
* sar: Add a cron entry and a new systemd service and timer to rotate
daily data file at midnight.
* Option -V with sysstat commands also displays environment contents.
* [Sam Morris]: Use correct encoding to produce hyphen-minus when
rendering man pages.
* Add UMASK variable definition to sysstat(5) manual page.
* Update non regression tests.
* Add --getenv option to commands that didn't have it.
* Update README file for Debian-based distros.
* Update link to my personal web page in README and manual pages.
* NLS: Translations updated.
12.7.4
* Makefile.in: Fix installation error.
* Makefile.in: Remove gcc warning displayed in LTO mode.
12.7.3
* sar: Add new option '-x' used to display extended reports.
* [Pavel Kopylov]: Fix an overflow which is still possible for
some values.
* [Jan Kurik]: Fix export of PSI metrics to a PCP archive.
* [Lukáš Zaoral]: Tools that take `--dec=X` option should only accept
digits.
* common.c: Fix an overflow which was still possible for some values.
* iostat: Try to avoid displaying negative values.
* Free pointer if realloc() fails.
* Don't check if unsigned expressions are less than zero.
* Declare parameters with "const" when possible.
* Remove conditions which are always true.
* Reduce variables scope when relevant.
* Don't assign values that are never used.
* Fix types used in format strings.
* Split large functions into smaller ones.
* Specify field width when using sscanf() function.
* search_list_item(): Return position in list instead of a boolean.
* add_list_item(): Also return item position in list.
* svg_stats.c: Ignore negative values for fields position.
* svg_stats.c: Reuse buffers pointers definition.
* svg_stats.c: Reuse intermediate calculations.
* svg_stats.c: Don't repeat test on DISPLAY_CPU_DEF().
* sa_common.c: Don't use (void *) pointer in calculation.
* iostat.c: Clarify calculation precedence for '+' and '?'.
* sar/sadf: Refactor buffer allocation functions.
* sar/sadf: Add a check on file's records header data.
* sar/sadf: Stop when invalid data are read in records header.
* sar/sadf: Check upper bounds of value read from file.
* sadf_misc.c: Fix indentation in code.
* activity.c: Init item_list even for other commands than sadf.
* sa_conv.c: Reallocate buffers only when needed.
* sa_conv.c: Fix untrusted allocation size.
* pr_stats.c: Remove some dead code.
* sar.c: Make sure buffer is null terminated.
* do_test: Add several new options.
* do_test: Don't strip binaries when in TEST mode.
* Update non regression tests.
* simtest: Change default _unix_time value.
* Makefile.in: Simplify dependencies.
* Makefile_in: Small update made to copyyear target.
* sadf: XML: Update DTD and XSD documents.
* sadf: XML: Remove references to my personal web site.
* Restore mode for iconfig file.
* Fix typo in sar's manual page. Sar manual page updated.
* Other manual pages updated.
12.7.2
* All commands: Avoid displaying healthy metrics values in "red".
* sar/sadf: Add new activity: Battery statistics (A_PWR_BAT).
* [Kevin Stubbings]: Add CodeQL workflow.
* sar: Make sure timestamps are always displayed in local time.
* sar/sadf: Starting and ending times used with options -s/-e can now
be entered as a number of seconds since the epoch.
* sar/sadf: Strengthen tests made on arguments given to options -s/-e.
* sadf: PCP: Fix pmiID used for two USB metrics [12.6.2].
* [Nathanael P Wilson]: sadf: Fix extra space when no TZ printed.
* sadc: Add another overflow check [12.6.2].
* DTD and XSD documents updated.
* Makefile: Fix dependencies.
* NLS translations updated. New Belarusian translation added.
* Remove LGTM links from README file.
* Manual pages updated.
* Non regression tests updated.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 24 Nov 2024 12:27:13 +0000 (13:27 +0100)]
swig: Update to version 4.3.0
- Update from version 4.1.0 to 4.3.0
- Update of rootfile
- Changelog
4.3.0
- Add experimental support for C as a target language.
- MzScheme/Racket is deprecated and planned for removal in SWIG-4.4.
- The distributed Windows binary is now a 64-bit executable.
- Add some missing use of move semantics for performance improvements.
- Enhanced handling of namespaces when using the nspace feature.
- STL wrapper enhancements for std::unique_ptr, std::string_view,
std::filesystem.
- Various enum and enum class wrapping improvements.
- Other C++ handling improvements around templates, friends, C++11
trailing return types and C++17 fold expressions.
- Many parser improvements for both C and C++, especially expressions.
- Improvements to handling of string and character literals.
- Minor preprocessor fixes.
- Python: Stricter stable ABI conformance, add support for python-3.13.
- C#: Add support for converting Doxygen comments into XML C# comments.
- Various other target language specific enhancements and updates for
Java, Javascript, Lua, MzScheme, Ocaml, Octave, Perl, Python, R, Ruby.
4.2.1
- Tcl 9.0 support.
- Octave 9.0 support.
- Improvements wrapping friend functions.
- Variadic templated functions within a template support.
- Type deduction enhancements.
- Stability and regression fixes.
4.2.0
- Various template wrapping improvements: template template parameters,
variadic templates, partially specialized templates, const template
parameters and improved error checking instantiating templates.
- Improved decltype() support for expressions.
- C++14 auto without trailing return type and C++11 auto variables.
- Numerous C++ using declarations improvements.
- Numerous fixes for constructors, destructors and assignment operators:
implicit, default and deleted and related non-assignable variable
wrappers.
- STL: std::array and std::map improvements, std::string_view support
added.
- Various C preprocessor improvements.
- Various issues fixed to do with architecture specific long type.
- Various Doxygen improvements.
- D1/Tango support removed. D2/Phobos is now the supported D version
and SWIG now generates code which works with recent D2 releases.
- New Javascript generator targeting Node.js binary stable ABI Node-API.
- Octave 8.1 support added.
- PHP7 support removed, PHP8 is now the supported PHP version.
- Python STL container wrappers now use the Python Iterator Protocol.
- Python stable ABI support added.
- Python 3.12 support added.
- Ruby 3.2 and 3.3 support.
- Scilab 2023.* support added.
- Various minor enhancements for C#, Go, Guile, Javascript, Lua, Ocaml,
Perl, PHP, R, Racket, Ruby, Scilab and Tcl.
- A number of deprecated features have been removed.
4.1.1
- Couple of stability fixes.
- Stability fix in ccache-swig when calculating hashes of inputs.
- Some template handling improvements.
- R - minor fixes plus deprecation for rtypecheck typemaps being optional.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 24 Nov 2024 12:27:12 +0000 (13:27 +0100)]
sshfs: Update to version 3.7.3
- Update from version 3.7.2 to 3.7.3 (May 2022)
- Update of rootfile not required
- Changelog
3.7.3
* Minor bugfixes.
* This is the last release from the current maintainer. SSHFS is now no longer
maintained or developed. Github issue tracking and pull requests have
therefore been disabled. The mailing list (see below) is still available for
use.
If you would like to take over this project, you are welcome to do so. Please
fork it
and develop the fork for a while. Once there has been 6 months of reasonable
activity, please contact Nikolaus@rath.org and I'll be happy to give you
ownership of this repository or replace with a pointer to the fork.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 24 Nov 2024 12:27:11 +0000 (13:27 +0100)]
screen: Update to version 5.0.0
- Update from version 4.9.1 to 5.0.0
- Update of rootfile
- Changelog
5.0.0
* Rewriten autentication mechanism
* Add escape %T to show current tty for window
* Add escape %O to show number of currently open windows
* Use wcwdith() instead of UTF-8 hard-coded tables
* New commands:
- auth [on|off]
Provides password protection
- status [top|up|down|bottom] [left|right]
The status window by default is in bottom-left corner.
This command can move status messages to any corner of the screen.
- truecolor [on|off]
- multiinput
Input to multiple windows at the same time
* Removed commands:
- time
- debug
- password
- maxwin
- nethack
* Fixes:
- Screen buffers ESC keypresses indefinitely
- Crashes after passing through a zmodem transfer
- Fix double -U issue
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 24 Nov 2024 12:27:10 +0000 (13:27 +0100)]
ruby: Update to version 3.3.6
- Update from version 3.3.4 to 3.3.6
- Update of rootfile
- Changelog
3.3.6
Merge JSON 2.7.2 for Ruby 3.3 by hsbt · Pull Request #11541
Merge reline-0.5.10 by hsbt · Pull Request #11558
Bug #20718: Objects created with Data_Make_Struct and the default free function are not freed
Bug #20737: Accidentally changed warning target on Ruby 3.3
Bug #20723: IO#close is broken on Ruby 3.3+ when using the Fiber scheduler.
Use PRIuSIZE instead of %zu for size_t by nobu · Pull Request #9359
Bump REXML to 3.3.9 for Ruby 3.3 by ajmyers01 · Pull Request #11972
Bug #13831: error when try to install
Bug #20777: 3.3: RUBY_DESCRIPTION is corrupt when --yjit and --parser=prism
Bug #20704: Windows: -C option does not work for multibyte path name
Bug #20719: Float converts ASCII-incompatible string
Bug #20752: IO::Buffer#slice creates mutable IO::Buffer instance that points to readonly memory (e.g. fronzen String)
Bug #20755: IO::Buffer#transfer transfers mutable reference to String's memory but not lock ownership
Bug #20716: Different instance_method behavior in Ruby 2.7 and Ruby 3.x
Bug #20853: Hash key retrieval after Process.warmup
3.3.5
retry on cancelling of getaddrinfo by ko1 · Pull Request #11131
Bug #20633: compile error at vm_insnhelper.c when HAVE_DECL_ATOMIC_SIGNAL_FENCE is 0
Bug #20641: lib/bundled_gems.rb makes Kernel.require over 100x slower
Bug #20650: Memory leak in Regexp capture group when timeout
Bug #20088: Ruby 3.3.0 does not cross-complie on arm64-darwin
Bug #20653: Memory leak in String#start_with? when regexp times out
Bug #20654: Floor and ceil have unexpected behaviour when ndigits is large
Update RubyGems 3.5.16 and Bundler 2.5.16 for Ruby 3.3 by hsbt · Pull Request #11252
Bug #20668: [3.3] shareable_constant_value: literal crash
Backport warning feature for bundled gems from master by hsbt · Pull Request #11420
Bug #20688: Use-after-free in WeakMap and WeakKeyMap
Bug #20691: Use-after-free in WeakKeyMap#clear
Merge URI-0.13.1 for Ruby 3.3 by hsbt · Pull Request #11466
Bug #20667: Backport REXML CVE fixes
Bug #20651: false && (1 in 1) produces argument stack underflow (-1)
Bug #20649: Ripper fails to tokenize def f; (x)::A =
Bug #20344: argument stack underflow (-1)
Bug #20701: Hash argument passed as keyword splat can be mutated inside method
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 24 Nov 2024 12:27:09 +0000 (13:27 +0100)]
qpdf: Updarte to version 11.9.1
- Update from version 11.9.0 to 11.9.1
- Update of rootfile
- Changelog
11.9.1
* Rewrite a recursive function to be iterative in linearization to
enable more complex files to be linearized, especially on Windows.
* Avoid non-standard use of `std::basic_string_view`. Contribution
from Zoe Clifford.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 24 Nov 2024 12:27:08 +0000 (13:27 +0100)]
pciutils: Update to version 3.13.0
- Update from version 3.11.1 to 3.13.0
- Update of rootfile
- Changelog
3.13.0
* lspci decodes CXL 1.1 device link status information.
This requires a recent kernel which exports rcd_* atributes via
sysfs.
* Further development of the pcilmr (the link margining utility)
* Dump parsing supports 6-digit domain numbers.
* Bug fixes in PCIe link state reporting.
* Decode more fields in PCIe AER capability.
* Fixed build on Linux systems with musl libc.
* Updated pci.ids.
3.12.0
* lspci decodes the IDE (Integrity & Data Encryption) and TEE-IO
extended capabilities.
* Several bugs in back-ends for Windows were fixed and the
README.Windows updated.
* Fixed building on Haiku.
* We now use more C99 features.
* Optimization flags used for compiling individual object files
should be the same as optimization flags for linking the final
executable to make link-time optimization possible.
* We no longer look up subsystems in the HWDB, because there is
no API for querying only the subsystem. The lookup we used
previously returned a device name if there was no entry for
the particular subsystem.
* Updated pci.ids.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 24 Nov 2024 12:27:06 +0000 (13:27 +0100)]
pam: Update to version 1.7.0
- Update from version 1.6.1 to 1.7.0
- Update of rootfile
- pam is now only built via meson. Therefore meson and ninja had to be moved to before
pam. This required python3 and python3-setuptools, expta, libffi, gdbm & sqlite to
also be moved before meson to ensure build was successful and that the python3
rootfile had all the required python files included.
- Changelog
1.7.0
* build: changed build system from autotools to meson.
* libpam_misc: use ECHOCTL in the terminal input
* pam_access: support UID and GID in access.conf
* pam_env: install environment file in vendordir if vendordir is enabled
* pam_issue: only count class user if logind support is enabled
* pam_limits: use systemd-logind instead of utmp if logind support is enabled
* pam_unix: compare password hashes in constant time
* Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 22 Nov 2024 15:06:50 +0000 (16:06 +0100)]
tshark: Update to version 4.4.2
- Update from version 4.4.1 to 4.4.2
- Update of rootfile
- Changelog
4.4.2
vulnerabilities fixed:
wnpa-sec-2024-14 FiveCo RAP dissector infinite loop. Issue 20176.
wnpa-sec-2024-15 ECMP dissector crash. Issue 20214.
bugs fixed:
CIP I/O is not detected by "enip" filter anymore. Issue 19517.
Fuzz job issue: fuzz-2024-09-03-7550.pcap. Issue 20041.
OSS-Fuzz 71476: wireshark:fuzzshark_ip_proto-udp: Index-out-of-bounds in
DOFObjectID_Create_Unmarshal. Issue 20065.
JA4_c hashes an empty field to e3b0c44298fc when it should be 000000000000.
Issue 20066.
Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone Mirroring.
Issue 20082.
PTP analysis loses track of message associations in case of sequence
number resets. Issue 20099.
USB CCID: response packet in case SetParameters command is unsupported is
flagged as malformed. Issue 20107.
dumpcap crashes when run from TShark with a capture filter. Issue 20108.
SRT dissector: The StreamID (SID) in the handshake extension is displayed
without regarding the control characters and with NUL as terminating.
Issue 20113.
Ghost error message on POP3 packets. Issue 20124.
Building against c-ares 1.34 fails. Issue 20125.
D-Bus is not optional anymore. Issue 20126.
macOS Intel DMGs aren’t fully notarized. Issue 20129.
Incorrect name for MLD Capabilities and Operations Present flag in
dissection of MLD Capabilities for MLO wifi-7 capture. Issue 20134.
CQL Malformed Packet v4 S → C Type RESULT: Prepared[Malformed Packet]
Issue 20142.
Wi-Fi: 256 Block Ack (BA) is not parsed properly. Issue 20156.
BACnet ReadPropertyMultiple request Maximum allowed recursion depth
reached. Issue 20159.
Statistics→I/O Graph crashes when using simple moving average. Issue 20163.
HTTP2 body decompression fails on DATA with a single padded frame.
Issue 20167.
Compiler warning for ui/tap-rtp-common.c (ignoring return value) Issue 20169.
SIP dissector bug due to "be-route" param in VIA header. Issue 20173.
Coredump after trying to open 'Follow TCP stream' Issue 20174.
Protobuf JSON mapping error. Issue 20182.
Display filter "!stp.pvst.origvlan in { vlan.id }" causes a crash
(Version 4.4.1) Issue 20183.
Extcap plugins shipped with Wireshark Portable are not found in version
4.4.1. Issue 20184.
IEEE 802.11be: Wrong regulatory info in HE Operation IE in Beacon frame.
Issue 20187.
Wireshark 4.4.1 does not decode RTCP packets. Issue 20188.
Qt: Display filter sub-menu can only be opened on the triangle, not the
full name. Issue 20190.
Qt: Changing the display filter does not update the Conversations or
Endpoints dialogs. Issue 20191.
MODBUS Dissector bug. Issue 20192.
Modbus dissector bug - Field Occurence and Layer Operator modbus.bitval
field. Issue 20193.
Wireshark crashes when a field is dragged from packet details towards the
find input. Issue 20204.
Lua DissectorTable("") : set ("10,11") unexpected behavior in locales with
comma as decimal separator. Issue 20216.
The TCP dissector no longer falls back to using the client port as a
criterion for selecting a payload dissector when the server port does not
select a payload dissector (except for port 20, active FTP). This
behavior can be changed using the "Client port dissectors" preference.
Display filters now correctly handle floating point conversion errors.
The Lua API now has better support for comma-separated ranges in different
locales.
New and Updated Features
The TShark syntax for dumping only fields with a certain prefix has
changed from -G fields prefix to -G fields,prefix. This allows tshark -G
fields to again support also specifying the configuration profile to use.
Updated Protocol Support
ARTNET, ASN.1 PER, BACapp, BT BR/EDR, CQL, DOF, ECMP, ENIP, FiveCo RAP,
Frame, FTDI FT, HSRP, HTTP/2, ICMPv6, IEEE 802.11, MBTCP, MMS,
MPEG PES, PN-DCP, POP, ProtoBuf, PTP, RPC, RTCP, SIP, SRT, Syslog,
TCP, UMTS RLC, USB CCID, Wi-SUN, and ZigBee ZCL
New and Updated Capture File Support
BLF
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 20 Nov 2024 21:49:09 +0000 (22:49 +0100)]
openssl: Update to version 3.4.0
- Update from version 3.3.2 to 3.4.0
- Update of rootfile
- Changelog
3.4.0
This release incorporates the following potentially significant or incompatible
changes:
* Deprecation of TS_VERIFY_CTX_set_* functions and addition of replacement
TS_VERIFY_CTX_set0_* functions with improved semantics
* Redesigned use of OPENSSLDIR/ENGINESDIR/MODULESDIR on Windows such that
what were formerly build time locations can now be defined at run time
with registry keys
* The X25519 and X448 key exchange implementation in the FIPS provider
is unapproved and has `fips=no` property.
* SHAKE-128 and SHAKE-256 implementations have no default digest length
anymore. That means these algorithms cannot be used with
EVP_DigestFinal/_ex() unless the `xoflen` param is set before.
* Setting `config_diagnostics=1` in the config file will cause errors to
be returned from SSL_CTX_new() and SSL_CTX_new_ex() if there is an error
in the ssl module configuration.
* An empty renegotiate extension will be used in TLS client hellos instead
of the empty renegotiation SCSV, for all connections with a minimum TLS
version > 1.0.
* Deprecation of SSL_SESSION_get_time(), SSL_SESSION_set_time() and
SSL_CTX_flush_sessions() functions in favor of their respective `_ex`
functions which are Y2038-safe on platforms with Y2038-safe `time_t`
This release adds the following new features:
* Support for directly fetched composite signature algorithms such as
RSA-SHA2-256 including new API functions
* FIPS indicators support in the FIPS provider and various updates of the FIPS
provider required for future FIPS 140-3 validations
* Implementation of RFC 9579 (PBMAC1) in PKCS#12
* An optional additional random seed source RNG `JITTER` using a statically
linked jitterentropy library
* New options `-not_before` and `-not_after` for explicit setting start and
end dates of certificates created with the `req` and `x509` apps
* Support for integrity-only cipher suites TLS_SHA256_SHA256 and
TLS_SHA384_SHA384 in TLS 1.3, as defined in RFC 9150
* Support for requesting CRL in CMP
* Support for additional X.509v3 extensions related to Attribute Certificates
* Initial Attribute Certificate (RFC 5755) support
* Possibility to customize ECC groups initialization to use precomputed values
to save CPU time and use of this feature by the P-256 implementation
3.3.3
security patch release.
The most severe CVE fixed in this release is Low.
This release incorporates the following bug fixes and mitigations:
* Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
curve parameters.
([CVE-2024-9143])
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 20 Nov 2024 21:49:08 +0000 (22:49 +0100)]
openldap: Update to version 2.6.8
- Update from version 2.6.5 to 2.6.8
- Update of rootfile
- Replacement of previous 2.6.5-consolideated patch with 2.6.8-consolidated patch
- Changelog
2.6.8
Fixed libldap exit handling with OpenSSL3 again (ITS#9952)
Fixed libldap OpenSSL channel binding digest (ITS#10216)
Fixed slapd handling of large uid/gids peercred auth (ITS#10211)
Fixed slapd-asyncmeta/meta target structure allocations (ITS#10197)
Fixed slapd-meta with dynlist (ITS#10164)
Fixed slapd-meta binds when proxying internal op (ITS#10165)
Added slapo-nestgroup overlay (ITS#10161)
Added slapo-memberof 'addcheck' option (ITS#10167)
Fixed slapo-accesslog startup initialization (ITS#10170)
Fixed slapo-constraint double free on invalid attr (ITS#10204)
Fixed slapo-dynlist with abandoned operations (ITS#10044)
Build
Fixed build with gcc14.x (ITS#10166)
Fixed back-perl with clang15 (ITS#10177)
Fixed to reduce systemd dependencies (ITS#10214)
Contrib
Added slapo-alias contrib module (ITS#10104, ITS#10182)
Fixed slapo-autogroup to work with slapo-dynlist (ITS#10185)
Fixed smbk5pwd implicit function declaration (ITS#10206)
Documentation
Fixed slapo-memberof exattr requirements (ITS#7400)
Fixed slapo-memberof is no longer deprecated (ITS#7400)
Minor Cleanup
ITS#9921
ITS#10103
ITS#10171
ITS#10172
ITS#10173
ITS#10179
ITS#10183
ITS#10186
ITS#10188
ITS#10193
ITS#10209
2.6.7
Added slapo-dynlist option to disable filter support (ITS#10025)
Fixed liblber missing newline on long msg (ITS#10105)
Fixed libldap exit handling with OpenSSL3 (ITS#9952)
Fixed libldap with TLS and multiple ldap URIs (ITS#10101)
Fixed libldap OpenSSL cipher suite handling (ITS#10094)
Fixed libldap OpenSSL 3.0 and Diffie-Hellman param files (ITS#10124)
Fixed libldap timestamps on Windows (ITS#10100)
Fixed lloadd to work when resolv.conf is missing (ITS#10070)
Fixed lloadd handling of closing connection (ITS#10083)
Fixed lloadd tiers to be correctly linked on startup (ITS#10142)
Fixed slapd to honour disclose in matchedDN handling (ITS#10139)
Fixed slapd handling of regex testing in ACLs (ITS#10089)
Fixed slapd sync replication with glued database (ITS#10080)
Fixed slapd local logging on Windows (ITS#10092)
Fixed slapd-asyncmeta when remote suffix is empty (ITS#10076)
Fixed slapo-dynlist so it can't be global (ITS#10091)
Build
Fixed lloadd type mismatches (ITS#10074)
Fixed builds for Windows (ITS#10117)
Fixed build with clang16 (ITS#10123)
Documentation
Fixed slapo-homedir(5) attribute name for olcHomedirArchivePath (ITS#10057)
Minor Cleanup
ITS#10059
ITS#10068
ITS#10098
ITS#10109
ITS#10110
ITS#10129
ITS#10130
ITS#10135
ITS#10143
ITS#10144
ITS#10145
ITS#10153
2.6.6
Fixed slapd cn=config incorrect handling of paused (ITS#10045)
Fixed slapd-meta to account for MOD ops being optional (ITS#10067)
Fixed slapd-asyncmeta to account for MOD ops being optional (ITS#10067)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
projects / ipfire-2.x.git / log
