Peter Müller [Mon, 17 May 2021 19:02:36 +0000 (21:02 +0200)]
DMA: do not ship a binary for creating mail boxes
This is only needed in case of bounces generated by locally emitted
messages. We neither store these, nor do we create mail boxes on a
firewall. Safe to drop.
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 17 May 2021 19:01:54 +0000 (21:01 +0200)]
/usr/bin/ping does not need a SUID bit if appropriate capabilities are set
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 16 May 2021 20:48:58 +0000 (22:48 +0200)]
OpenSSH: do not ship ssh-keysign anymore
To my surprise, this binary comes with suid flag set, and since we do
not have SSH key signing enabled, there is no need to ship it with
IPFire.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:34 +0000 (23:50 +0200)]
python-distutils-extra: Removal of this python2 module
- python-distutils-extra is linked to python-distutils which is no longer
used as it has been replaced by setuptools.
- python-distutils-extra is currently from 2011 and the latest version
is from 2016. No development occurring on this.
- No problem on a clean build with this module being removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:33 +0000 (23:50 +0200)]
python-distutils: Removal of this python2 module
- python-distutils has been replaced by setuptools.
- python-distutils was not being built anyway as it was not listed in
make.sh
- lfs has missing sections. There are no source and no build sections
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:32 +0000 (23:50 +0200)]
python-optional-src: Removal of this python2 module
- python-optional-src was not getting built anyway as it was not listed
in make.sh
- lfs file was missing most of the standard content. No source info
and no build instructions
- missing source file from IPFire source system
- grep on build/ found no dependencies on this module
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:31 +0000 (23:50 +0200)]
make.sh: Removal of three python2 modules
- Removal of python-distutils and python-distutils-extra as these have
been replaced by setuptools.
- Removal of python-optional-src
- Only python-distutils-extra line is removed from make.sh as
python-distutils and python-optional-src were not in make.sh
These two modules have not been getting built historically
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:50:03 +0000 (23:50 +0200)]
nmap: Migrate to python3
- Added PYTHON=python3 prior to configure. This then builds nmap with
python3.
- ndiff is written as python2 only and currently no patches to make it
work wih python3 have been accepted by the nmap team. It looks like ndiff
will stay as it is for some time so ndiff will be removed from the nmap
package install.
- Added --without-ndiff to configure so nmap is built without ndiff
- Updated rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 14 May 2021 21:11:49 +0000 (23:11 +0200)]
Tor: update to 0.4.5.8
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.5.8:
Changes in version 0.4.5.8 - 2021-05-10
Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes
from the 0.4.6.x series.
o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc):
- Add a workaround to enable the Linux sandbox to work correctly
with Glibc 2.33. This version of Glibc has started using the
fstatat() system call, which previously our sandbox did not allow.
Closes ticket 40382; see the ticket for a discussion of trade-offs.
o Minor features (compilation, backport from 0.4.6.3-rc):
- Make the autoconf script build correctly with autoconf versions
2.70 and later. Closes part of ticket 40335.
o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
- Regenerate the list of fallback directories to contain a new set
of 200 relays. Closes ticket 40265.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/05/07.
o Minor features (onion services):
- Add warning message when connecting to now deprecated v2 onion
services. As announced, Tor 0.4.5.x is the last series that will
support v2 onions. Closes ticket 40373.
o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha):
- Fix a regression that made it impossible start Tor using a bridge
line with a transport name and no fingerprint. Fixes bug 40360;
bugfix on 0.4.5.4-rc.
o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc):
- Allow a custom "ar" for cross-compilation. Our previous build
script had used the $AR environment variable in most places, but
it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha):
- Fix a non-fatal BUG() message due to a too-early free of a string,
when listing a client connection from the DoS defenses subsystem.
Fixes bug 40345; bugfix on 0.4.3.4-rc.
o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
- Fix an indentation problem that led to a warning from GCC 11.1.1.
Fixes bug 40380; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (controller, backport from 0.4.6.1-alpha):
- Fix a "BUG" warning that would appear when a controller chooses
the first hop for a circuit, and that circuit completes. Fixes bug
40285; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion service, client, memory leak, backport from 0.4.6.3-rc):
- Fix a bug where an expired cached descriptor could get overwritten
with a new one without freeing it, leading to a memory leak. Fixes
bug 40356; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha):
- Fix pattern-matching errors when patterns expand to invalid paths
on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by
Daniel Pinto.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 May 2021 21:49:32 +0000 (23:49 +0200)]
sudo: Update to 1.9.7
- Update from 1.9.6p1 to 1.9.7
- Update of rootfile not required
- Changelog
The fuzz Makefile target now runs all the fuzzers for 8192 passes (can be overridden via the FUZZ_RUNS variable). This makes it easier to run the fuzzers in-tree. To run a fuzzer indefinitely, set FUZZ_RUNS=-1, e.g. make FUZZ_RUNS=-1 fuzz.
Fixed fuzzing on FreeBSD where the ld.lld linker returns an error by default when a symbol is multiply-defined.
Added support for determining local IPv6 addresses on systems that lack the getifaddrs() function. This now works on AIX, HP-UX and Solaris (at least). Bug #969.
Fixed a bug introduced in sudo 1.9.6 that caused sudo -V to report a usage error. Also, when invoked as sudoedit, sudo now allows a more restricted set of options that matches the usage statement and documentation. GitHub Issue #95.
Fixed a crash in sudo_sendlog when the specified certificate or key does not exist or is invalid. Bug #970.
Fixed a compilation error when sudo is configured with the disable-log-clientoption.
Sudo's limited support for SUCCESS=return entries in nsswitch.conf is now documented. Bug #971.
Sudo now requires autoconf 2.70 or higher to regenerate the configure script. Bug #972.
sudo_logsrvd now has a relay mode which can be used to create a hierarchy of log servers. By default, when a relay server is defined, messages from the client are forwarded immediately to the relay. However, if the store_first setting is enabled, the log will be stored locally until the command completes and then relayed. Bug #965.
Sudo now links with OpenSSL by default if it is available unless the --disable-openssl configure option is used or both the --disable-log-client and --disable-log-server configure options are specified.
Fixed configure's Python version detection when the version minor number is more than a single digit, for example Python 3.10.
The sudo Python module tests now pass for Python 3.10.
Sudo will now avoid changing the datasize resource limit as long as the existing value is at least 1GB. This works around a problem on 64-bit HP-UX where it is not possible to exactly restore the original datasize limit. Bug #973.
Fixed a race condition that could result in a hang when sudo is executed by a process where the SIGCHLD handler is set to SIG_IGN. This fixes the bug described by GitHub PR #98.
Fixed an out-of-bounds read in sudoedit and visudo when the EDITOR, VISUAL or SUDO_EDITOR environment variables end in an unescaped backslash. Also fixed the handling of quote characters that are escaped by a backslash. GitHub Issue #99.
Fixed a bug that prevented the log_server_verify sudoers option from taking effect.
The sudo_sendlog utility has a new -s option to cause it to stop sending I/O records after a user-specified elapsed time. This can be used to test the I/O log restart functionality of sudo_logsrvd.
Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when attempting to restart an interrupted I/O log transfer.
The TLS connection timeout in the sudoers log client was previously hard-coded to 10 seconds. It now uses the value of log_server_timeout.
The configure script now outputs a summary of the user-configurable options at the end, separate from output of configure script tests. Bug #820.
Corrected the description of which groups may be specified via the -g option in the Runas_Spec section. Bug #975.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 14 May 2021 10:30:17 +0000 (12:30 +0200)]
python-ipaddress: Remove this python2 module
- python-ipaddress is the python2 backport of the python3 built in
ipaddress module. Therefore python-ipaddress is not needed with the
move to try and remove python2
- Remove the lfs and rootfiles and adjust make.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 May 2021 20:44:30 +0000 (22:44 +0200)]
python3-inotify: Update to 0.2.10 and convert to python3
- Update from 0.2.7 to 0.2.10
- Convert from python-inotify to python3-inotify
make.sh, lfs & rootfiles
- Update rootfiles
- Changelog
0.2.8: - We now just *skip* the event if not known
- Implement InotifyTree and InotifyTrees as sub-classes of new BaseTree
class
- Made InotifyTree and InotifyTrees sub-classes of new base class
BaseTree
- Recursively watch a list of paths/trees
0.2.9: - Added getter for Inotify object from tree objects
- Added note to docs about race-conditions. Added small change for
redundant adds.
- Slightly reorganized documentation. Updated example.
- Merge pull request #35 from dsoprea/dustin. Added extensive unit-test
coverage. Closes all bug requests.
- Added large amount of unit-test coverage.
- Now handle rename-specific events.
- Can now also ignore issues with new directories not existing if
you're created *and* deleted or renamed a folder since the last
time events were read.
- Adjusted requirements for simplicity.
- Added Python 3 compatibility.
- Fixed Unicode support.
- Can now provide `filter_predicate` to event_gen() to allow custom
loop termination based on events.
- We'll now terminate the loop when certain events are encountered.
These events are passed into event_gen() as `terminal_events`. By
default these are the IN_Q_OVERFLOW and IN_UNMOUNT types.
- Fixes #28
- Fixes #23
- Fixes #22
- Fixes #19
- Fixes #16
- Fixes #15
- Fixes #5
- Check presence of both glibc errno and musl libc err
- Support for musl libc (Alpine Linux)
- Merge pull request #27 from jessesuen/master. Support for musl libc
(Alpine Linux)
- Check presence of both glibc errno and musl libc err
- Merge pull request #26 from hathcock/hathcock/issue-25. resolves #25,
list of binary paths can't be logged with existing call
- Support for musl libc (Alpine Linux)
- Resolves #25, list of binary paths can't be logged with existing
call
0.2.10: - Merge pull request #34 from davidparsson/
feature/support-moved-directories
- Support MOVED_FROM and MOVED_TO in BaseTree
- events: Now log event types from epoll vs data stream.
- This release implicitly fixed the botched binary package released
in 0.2.9
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 May 2021 16:47:08 +0000 (18:47 +0200)]
python3-dateutil: Removal of python3-six as a dependency
- python3-dateutil is installed as a python3 module.
- It had python3-six defined as a dependency. Python3-six is a module that
allows a project to be capable of neing run under python2 or under
python3
- With the planned removal of python2 there is no need to have
python3-dateutil capable of working with python2.
- python3-six addon is being removed as there is no need for any python3
module in IPFire to also be capable o0f running under python2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 May 2021 16:47:07 +0000 (18:47 +0200)]
python-six: Removal of python2 & 3 addon versions of six
- six is a python compatibility module to enable modules to run on
both python2 and python3. The code from six has to be copied into
any other module/project that is intending to use it.
- With the planned removal of python2 then neither version of this
compatibility module is needed.
- Removal of the lfs and rootfiles. Although python-six is an addon
its rootfile was installed into the common folder rather than the
packages folder.
- Removal of the python-six and python3-six entries in make.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 May 2021 11:43:31 +0000 (13:43 +0200)]
make.sh: Removal of four python2 modules
- Removal of python-clientform, python-feedparser, python-mechanize
and python-rssdler addons - lfs and rootfiles
- python-clientform was made obsolete in 2008 and its functions taken
over by python-mechanize
- python-rssdler is an RSS feed downloader to facilitate downloading of
podcasts, videocasts and torrents. Current IPFire version is 0.4.0a
from 2008. The most recent version available is 0.4.2 from 2009. No
further development is being done with this module. An RSS feed
downloader is not appropriate for use in a firewall system, even
less so when it is 12 years old.
- python-feedparser and python-mechanize are both dependencies for
python-rssdler. They are not dependencies for any other addon.
- Full clean build with these four modules fully removed gave no problems.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 11 May 2021 19:16:39 +0000 (21:16 +0200)]
libxslt: Update to remove python2 modules and disable static libraries
- Add --without-python and --disable-static to the configure section
python2 modules not required for libxslt use in IPFire
disable build of static libraries
- Update rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 27 Mar 2021 21:14:50 +0000 (22:14 +0100)]
libcdada: New addon - dependency for pmacct
- This package is required for its library which is a dependency for pmacct
- url for developer is https://msune.github.io/libcdada/
- No change for this patch compared to the V1 version
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 27 Mar 2021 21:14:49 +0000 (22:14 +0100)]
pmacct: New addon
- What is it?
pmacct is a monitoring tool for network management tasks. Data collected
can be used for analysis and troubleshooting purposes to maintain the
health of the network. pmacct can collect, replicate and export network
information. It can cache in memory tables, store persistently to SQLite3
and output to flat-files like CSV, formatted, and JSON.
- Why is it needed?
To monitor data usage (IP-based or MAC-based data accounting) down to the
client level. Net-Traffic will monitor traffic for the entire RED, GREEN,
etc. networks, but it cannot pinpoint which client is using lots of data.
Connections will take a snapshot but not show day by day sums. pmacct can
help admins keep tabs on users that use too much data.
- What are the use cases?
An ISP may implement data caps and if the limit is over-run then you have
to pay for every additional xxGB of data used. Typical charges can be
around $10 per 50GB. With pmacct you can identify the high users and take
action, hopefully before the limit is breached.
- This is being introduced as a command line only tool. However, at a later
date, if it is useful to enough additional users a WUI page could be
developed as discussed in the development mailing list
https://lists.ipfire.org/pipermail/development/2021-January/009174.html
- Changes in V2 version
- Initscript is using IPFire template and installed with IPFire method.
- All other daemons except pmacct and pmacctd have been removed from the install.
- Example conf files have been removed from /etc/pmacct
Both example conf files are described in the pmacct wiki draft.
Tested-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 10 May 2021 17:03:08 +0000 (19:03 +0200)]
iotop: Update to work with python3
- v2 version has updated rootfile. One line was accidentally missed out of
original patch submission.
- Change from building with python2 to python3
- iotop setup.py used "itervalues" which is no longer used by python3
In python3 this has been changed to "values". Patch created to update
this in the source tarball setup.py
- Update lfs file with patch application and use of python3
- Update of rootfile
- Installed updated version into vm testbed and iotop confirmed working
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
In file included from ./boost/regex/v5/perl_matcher_non_recursive.hpp:23,
from ./boost/regex/v5/perl_matcher.hpp:572,
from ./boost/regex/v5/regex.hpp:45,
from ./boost/regex.hpp:34,
from libs/regex/build/../src/wide_posix_api.cpp:25:
./boost/regex/v5/mem_block_cache.hpp:91:11: error: 'static_mutex' in namespace 'boost' does not name a type
91 | boost::static_mutex mut;
| ^~~~~~~~~~~~
./boost/regex/v5/mem_block_cache.hpp: In member function 'void* boost::re_detail_500::mem_block_cache::get()':
./boost/regex/v5/mem_block_cache.hpp:106:37: error: 'mut' was not declared in this scope; did you mean 'put'?
106 | std::lock_guard<std::mutex> g(mut);
| ^~~
| put
./boost/regex/v5/mem_block_cache.hpp: In member function 'void boost::re_detail_500::mem_block_cache::put(void*)':
./boost/regex/v5/mem_block_cache.hpp:120:37: error: 'mut' was not declared in this scope; did you mean 'put'?
120 | std::lock_guard<std::mutex> g(mut);
| ^~~
| put
./boost/regex/v5/mem_block_cache.hpp: In static member function 'static boost::re_detail_500::mem_block_cache& boost::re_detail_500::mem_block_cache::instance()':
./boost/regex/v5/mem_block_cache.hpp:137:52: error: 'BOOST_STATIC_MUTEX_INIT' was not declared in this scope; did you mean 'BOOST_STATIC_CONSTANT'?
137 | static mem_block_cache block_cache = { 0, 0, BOOST_STATIC_MUTEX_INIT, };
| ^~~~~~~~~~~~~~~~~~~~~~~
| BOOST_STATIC_CONSTANT
./boost/regex/v5/mem_block_cache.hpp:137:77: error: too many initializers for 'boost::re_detail_500::mem_block_cache'
137 | static mem_block_cache block_cache = { 0, 0, BOOST_STATIC_MUTEX_INIT, };
| ^
...failed updating 2 targets...
make: *** [boost:102: /usr/src/log/boost_1_76_0] Error 1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 7 May 2021 16:22:10 +0000 (18:22 +0200)]
boost: Update to 1_76_0 and using python3
- Update from 1_71_0 to 1_76_0
- Update rootfile for x86_64 and copy for other architectures by replacing
x64 with x32 for i586, a32 for armv5tel and a64 for aarch64
- Make build use python3
- add link=shared to build to only have shared libraries created, except for
libboost_exception and libboost_test_exec_monitor which are only
created as static versions
- Changelog
Fixes
algorithm::reduce with crop now does not remove the counts in flow
bins anymore if the selected range actually overlaps with the flow
bins, making the treatment of flow bins consistent with inner bins
accumulators::mean and accumulators::weighted_mean now compute the
correct variance when operator+= was called, for example, when
histograms with accumulators are added; this was wrong before
leading to too small variances
detection of weight support in user-defined accumulators was broken
at compile-time if accumulator used operator+= instead of
operator(); tests only accidentally passed for builtin weighted_sum
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 7 May 2021 11:44:25 +0000 (13:44 +0200)]
poppler: Update to 21.05.0
- Update from 21.04.0 to 21.05.0
- Update of rootfile
- Ran find-dependencies - nothing found
- Changelog
Release 21.05.0:
core:
* Fix crashes in malformed files
* Export SplashFont* symbols used by Scribus
* Minor code improvements
glib:
* Enhance find to support multi-line matching
qt5/qt6:
* Make sure new signatures are always properly oriented
* Allow to pass the border width when signing
utils:
* pdftoppm: Fix regression when using single scaleTo. Issue #1062
build system:
* Allow to disable building manual tests
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 7 May 2021 11:44:11 +0000 (13:44 +0200)]
nano: Update to 5.7
- Update from 5.6 to 5.7
- Update of rootfile not required
- Changelog
Changes between v5.6.1 and v5.7:
build: drop the check for two functions that we don't use any more
build: fix compilation for --enable-tiny plus --enable-multibuffer
build: fix compilation when configured with --disable-multibuffer
build: fix compilation when configured with --enable-tiny
bump version numbers and add a news item for the 5.7 release
chars: implement mblen() ourselves, for efficiency
chars: implement mbtowc() ourselves, for more efficiency
chars: work around a UTF-8 bug in glibc, to display invalid codes right
chars: work around the wrong private-use-character widths on OpenBSD
display: avoid determining twice from and until where to draw each row
display: make the output of --constantshow less jittery
editing: prevent the pointer for the top row from becoming dangling
feedback: upon first switch to a buffer, show its error message (if any)
files: always register the format, also when the file is unwritable
files: create a new buffer earlier, so that error messages can be stored
files: when Mac format has been detected, stay with it
gnulib: pull in the fix for a build problem on older Debian
gnulib: update to its current upstream state
indicator: adjust the size to the number of visible lines, not chunks
input: accept Unicode codes for non-characters as valid, since they are
memory: do not allocate space for multidata when it's already allocated
memory: fix an off-by-one error to free also the last line in a group
memory: prevent a use-after-free when the user respects a lock file
oops: that doesn't work -- you can't break out of two for loops at once
options: retire the obsolete 'smooth', 'morespace', and 'nopauses'
softwrap: avoid time-consuming computations, to burden large files less
startup: do not crash when trying to open a device or directory
startup: do not store an error message in the record of another buffer
startup: save the compiled file-matching regexes, to avoid recompiling
startup: show the helpful message only when ^G has not been rebound
syntax: c: colorize also labels that contain digits, and uncolorize colon
syntax: po: improve the coloring of format specifiers
syntaxes: replace [[:space:]] with [[:blank:]] to exclude carriage return
tweaks: adjust and improve one comment, and frob another
tweaks: adjust two comments, and reshuffle two fragments
tweaks: avoid a warning on newer compilers, by writing an extra byte
tweaks: avoid calling extra_chunks_in() when not softwrapping
tweaks: avoid converting a file name for more than will fit on screen
tweaks: avoid parsing a multibyte character twice
tweaks: condense three comments, drop another, and rewrap a line
tweaks: drop unneeded braces and adjust indentation after previous change
tweaks: elide a call of strlen() for every row
tweaks: elide a function that is now basically just two lines
tweaks: elide an unneeded resetting NULL call to wctomb()
tweaks: elide a small function that is used just once
tweaks: elide the pointless is_valid_unicode() function
tweaks: elide two more instances of useless character copying
tweaks: improve a couple of comments
tweaks: morph a function into what it is actually used for
tweaks: normalize the indentation after an earlier change
tweaks: put the most likely condition first, for a quicker return
tweaks: reduce the maximum character length from six bytes to four
tweaks: remove a misplaced (and nested) #ifdef
tweaks: rename a variable, away from an abbreviation
tweaks: rename a variable, for contrast with another
tweaks: reshuffle a comment, and put the main extension first
tweaks: reshuffle a fragment of code, to prepare for the next change
tweaks: reshuffle two conditions, to have the most unlikely one first
tweaks: set the file format only when unset, so it doesn't need saving
tweaks: shorten a comment and trim an #ifdef
tweaks: simplify two fragments of code
tweaks: simplify two fragments of code, eliding useless character copying
syntax: c: make the highlighting of '#include <...>' more compliant
syntax: tcl: support Expect scripts too
Changes between v5.6 and v5.6.1:
bump version numbers and add a news item for the 5.6.1 release
options: rename 'highlightcolor' to the more distinct 'spotlightcolor'
search: correctly colorize a match also when softwrapping is active
tweaks: rename a symbol, to better match the corresponding option
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 7 May 2021 11:43:56 +0000 (13:43 +0200)]
meson: Update to 0.58.0
- Update from 0.57.2 to 0.58.0
- Updated rootfile
- Changelog is too long to include here.
Full details can be found at
https://mesonbuild.com/Release-notes-for-0-58-0.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 7 May 2021 11:43:36 +0000 (13:43 +0200)]
libxcrypt: Update to 4.4.20
- Update from 4.4.19 to 4.4.20
- Update of rootfile not required
- Changelog
Version 4.4.20
* Fix build when the CFLAGS variable, that is passed into the
configure script, has a leading whitespace character in it
(issue #125).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 30 Apr 2021 16:13:32 +0000 (18:13 +0200)]
samba: Update to 4.14.4
- Update from 4.14.3 to 4.14.4
- Update of rootfile not required
- Changelog
Release Notes for Samba 4.14.4 April 29, 2021
This is a security release in order to address the following defect:
o CVE-2021-20254: Negative idmap cache entries can cause incorrect
group entries in the Samba file server process token.
Details
o CVE-2021-20254:
The Samba smbd file server must map Windows group identities (SIDs) into unix
group ids (gids). The code that performs this had a flaw that could allow it
to read data beyond the end of the array in the case where a negative cache
entry had been added to the mapping cache. This could cause the calling code
to return those values into the process token that stores the group
membership for a user.
Most commonly this flaw caused the calling code to crash, but an alert user
(Peter Eriksson, IT Department, Linköping University) found this flaw by
noticing an unprivileged user was able to delete a file within a network
share that they should have been disallowed access to.
Analysis of the code paths has not allowed us to discover a way for a
remote user to be able to trigger this flaw reproducibly or on demand,
but this CVE has been issued out of an abundance of caution.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 30 Apr 2021 16:13:18 +0000 (18:13 +0200)]
cmake: Update to 3.20.2
- Update from 3.20.0 to 3.20.2
- Update rootfile
- Changelog
3.20.1
-The FindIntl module in CMake 3.20.0 added checks
Intl_HAVE_GETTEXT_BUILTIN, Intl_HAVE_DCGETTEXT_BUILTIN, and
Intl_IS_BUILTIN, but they were not implemented correctly. These have
been removed and replaced with a single Intl_IS_BUILT_IN check, whose
name is consistent with the FindIconv module.
-The -rpath linker flag is now specified as supported on all Apple
platforms, not just macOS. The install_name_dir used for iOS, tvOS
and watchOS should now default to @rpath instead of using a full
absolute path and failing at runtime when the library or framework
is embedded in an application bundle (see XCODE_EMBED_<type>).
3.20.2
-The Intel Classic 2021 compiler version numbers are now detected
correctly as having major version 2021. CMake 3.20.1 and below were
not aware of a change to the identification macro version scheme
made by Intel starting in version 2021, and detected the version
as 20.2.
-The Intel oneAPI Fortran compiler is now identified as IntelLLVM.
The oneAPI 2021.1 Fortran compiler is missing an identification
macro, so CMake 3.20.1 and below identified it as Intel. CMake now
has a special case to recognize oneAPI 2021.1 Fortran as IntelLLVM.
The oneAPI 2021.2 Fortran compiler defines the proper identification
macro and so is identified as IntelLLVM by all CMake 3.20 versions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 5 May 2021 21:43:06 +0000 (23:43 +0200)]
fetchmail: Update to 6.4.19 and using python3
- Update from 6.3.26 (2013-04-23) to 6.4.19 (2021-04-24)
- Update rootfile
- Delete fetchmail-6.3.26-permit-build-without-ssl3.patch as it is not
needed with version 6.4.19
- Added command to use python3 to lfs
- Changelog is too large to include here
Full details can be found in NEWS file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Robin Roevens [Tue, 27 Apr 2021 20:07:32 +0000 (22:07 +0200)]
misc-progs: getipstat: Refactor + extend
* Return output of iptables directly instead of writing it to files.
* Make iptables wait for 5s if xtables is locked by another iptables
process. (--wait 5 argument)
* Add optional parameter "-x" to have iptables report exact numbers.
* Add optional parameter "-f" to display the filter table (default).
* Add optional parameter "-n" to display the nat table.
* Add optional parameter "-m" to display the mangle table.
* Adapt iptables.cgi and guardian.cgi to catch getipstat output
instead of reading temp-files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 30 Apr 2021 08:09:42 +0000 (10:09 +0200)]
xfsprogs: Update to 5.11.0
- Update from 5.9.0 to 5.11.0
- Update of rootfile not required
- libinih is now a dependency for xfsprogs build
- Changelog
xfsprogs-5.11.0 (12 Mar 2021)
- xfs_admin: don't hide xfs_repair output when upgrading (Darrick Wong)
- man: document attr2, ikeep option deprecation in xfs.5 (Pavel Reichl)
xfsprogs-5.11.0-rc1 (23 Feb 2021)
- mkfs: make use of xfs_validate_stripe_geometry() (Gao Xiang)
- mkfs: fix wrong inobtcount usage error output (Zorro Lang)
- xfs_repair: enable bigtime upgrade via repair (Darrick J. Wong)
- xfs_repair: enable inobtcount upgrade via repair (Darrick J. Wong)
- xfs_repair: set NEEDSREPAIR on first write (Darrick J. Wong)
- xfs_repair: clear the needsrepair flag when done (Darrick J. Wong)
- xfs_repair: check dquot id and type (Darrick J. Wong)
- xfs_fsr: Verify bulkstat version in qsort's cmp() (Chandan Babu R)
- xfs_fsr: Interpret args of qsort's cmp() correctly (Chandan Babu R)
- xfs_scrub: load and unload libicu properly (Darrick J. Wong)
- xfs_scrub: various fixes (Darrick J. Wong)
- xfs_admin: support adding features to V5 filesystems (Darrick J. Wong)
- xfs_admin: support filesystems with realtime devices (Darrick J. Wong)
- man: mark all deprecated V4 format options (Darrick J. Wong)
- misc: fix valgrind complaints (Darrick J. Wong)
- xfs_db: disallow label/uuid setting if NEEDSREPAIR (Darrick J. Wong)
- xfs_db: show NEEDSREPAIR in check & version commands (Darrick J. Wong)
- xfs_db: add an ls command (Darrick J. Wong)
- xfs_db: add a directory path lookup command (Darrick J. Wong)
xfsprogs-5.11.0-rc0 (12 Feb 2021)
- libxfs changes merged from kernel 5.10
- Debian packaging fixes (Bastian Germann)
xfsprogs-5.10.0 (11 Dec 2020)
- xfs_repair: remove old code for mountpoint inodes (Anthony Iliopoulos)
xfsprogs-5.10.0-rc1 (04 Dec 2020)
- xfsprogs: Add inode btree counter feature (Darrick Wong)
- xfsprogs: Add bigtime feature for Y2038 (Darrick Wong)
- xfsprogs: Polish translation update (Jakub Bogusz)
- mkfs.xfs: Add config file feature (Dave Chinner)
- mkfs.xfs: allow users to specify rtinherit=0 (Darrick Wong)
- xfs_repair: simplify bmap_next_offset (Christoph Hellwig)
- man: various manpage updates (Eric Sandeen)
- libxfs: remove some old dead code (Dave Chinner)
- libxfs: add realtime extent tracking (Darrick Wong)
xfsprogs-5.10.0-rc0 (17 Nov 2020)
- libxfs changes merged from kernel 5.10
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 30 Apr 2021 08:09:43 +0000 (10:09 +0200)]
libinih: New dependency for build of xfsprogs
- libinih dependency for xfsprogs build from 5.10.0
- Creation of lfs file
- Creation of rootfile - all entries commented out as this is only
required during the build
- Addition of libinih to make.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 30 Apr 2021 08:08:58 +0000 (10:08 +0200)]
less: Update to 581.2
- Update from 581 to 581.2
- Update of rootfile not required
- Changelog
This fixes a bug found in less-581 where the terminal was sometimes
left in mouse-reporting mode after exiting less
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 30 Apr 2021 08:08:41 +0000 (10:08 +0200)]
iproute2: Update to 5.12.0
- Update from 5.11.0 to 5.12.0
- Update rootfile
- Changelog
No Changelog in the source tarball or in the git repository
Changes taken from the git commits from 5.11.0 to 5.12.0
remove trailing whitespace Stephen Hemminger
lib: bpf_legacy: fix missing socket close when connect() fails Andrea Claudi
lib: bpf_legacy: treat 0 as a valid file descriptor Andrea Claudi
tc: e_bpf: fix memory leak in parse_bpf() Andrea Claudi
ip: netns: fix missing netns close on some error paths Andrea Claudi
uapi: add missing virtio related headers Stephen Hemminger
rdma: stat: fix return code Andrea Claudi
rdma: stat: initialize ret in stat_qp_show_parse_cb() Andrea Claudi
nexthop: fix memory leak in add_nh_group_attr() Andrea Claudi
q_cake: remove useless check on argv Andrea Claudi
devlink: always check strslashrsplit() return value Andrea Claudi
uapi: update can.h Stephen Hemminger
erspan: fix JSON output Stephen Hemminger
uapi: bpf.h update from upstream Stephen Hemminger
ip: Fix batch processing Petr Machata
uapi: minor header update for l2tp Stephen Hemminger
README: remove doc instructions Stephen Hemminger
ip: cleanup help message text Stephen Hemminger
lib/bpf: add missing limits.h includes Tony Ambardar
ip: xfrm: limit the length of the security context name when printing Sabrina Dubroca
q_cake: Fix incorrect printing of signed values in class statistics Toke Høiland-Jørgensen
dcb: Fix compilation warning about reallocarray Roi Dayan
iproute: fix printing resolved localhost Luca Boccassi
vdpa: add .gitignore Stephen Hemminger
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 28 Apr 2021 11:31:32 +0000 (13:31 +0200)]
libdvbpsi: Remove this package from IPFire
- Input from Arne Fitzenreiter
libdvbpsi can be safely dropped. It was used by videolan client which
was dropped many years ago because newer versions had too many
dependencies
- Input from Michael Tremer
Confirmed that libdvbpsi is not used by anything
- Delete lfs, rootfile and remove libdvbpsi entry in make.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 20:47:16 +0000 (22:47 +0200)]
libaio: Update to 0.3.112
- Update from 0.3.111 to 0.3.112
- Update of rootfile not required
- Changelog
The ChangeLog file in the source tarball has the last entry
for version 0.3.107
The AIO website has no change history
The following commits were found on the Fedora git repository for libaio
Makefile: add missing DESTDIR variable use
Thomas Petazzoni • 2 years ago
src/Makefile: add ENABLE_SHARED boolean to allow static-only build
Thomas Petazzoni • 2 years ago
Add README.md
Jeff Moyer • 2 years ago
Merge #7 `Link against libgcc to avoid unresolved symbols`
Jeffrey E. Moyer • 2 years ago
harness: fix POLLIN test case
Jeff Moyer • 2 years ago
Merge branch 'aio-poll'
Jeff Moyer • 2 years ago
Link against libgcc to avoid unresolved symbols
Guillem Jover • 2 years ago
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:32:55 +0000 (14:32 +0200)]
libmicrohttpd: Update to 0.9.73
- Update from 0.9.71 to 0.9.73
- Update rootfile
- Changelog
Sun 25 Apr 2021 14:00:00 MSK
Releasing GNU libmicrohttpd 0.9.73. -EG
Sat 24 Apr 2021 23:00:00 MSK
Fixed build with Clang and Visual Studio.
MSVS project files updated.
Enabled bind port autodetection with MSVS builds. -EG
Fri 23 Apr 2021 14:27:00 MSK
Fixed build without TLS lib.
Fixed build without system poll() function.
Fixed compiler warnings on 32-bit platforms.
Fixed various compiler warnings. -EG
Thu 22 Apr 2021 12:32:00 MSK
Fixed some typos.
Force disable TCP_CORK, TCP_NOPUSH, and TCP_NODELAY before switching
connection to "upgraded" mode.
Improved portability of the test-suite for upgraded connections. -EG
Tue 20 Apr 2021 17:11:00 MSK
Disabled NLS by default in configure. -EG
Mon 19 Apr 2021 18:58:00 MSK
Fixed testzzuf/test_put_chanked to correctly use MHD.
Added internal error code for TLS errors.
Added all missing messages to the .pot file.
Detect more types of errors for receiving data and report
error description in the MHD log.
Added support for ALPN on TLS connections if supported by
used TLS library. -EG
Sun 18 Apr 2021 20:47:00 MSK
Removed dead code.
Limited iov-backed responses size to SSIZE_MAX as limited by
system calls.
Report error message in MHD log for send errors. -EG
Sat 17 Apr 2021 18:50:00 MSK
Unified upgrade test behavior for all platforms.
Some code simplification and unification.
Compiler warning (false positive) fixed. -EG
Fri 16 Apr 2021 17:58:00 MSK
Used run-time value if IOV_MAX if available.
Fixed portability of error handling for sending functions.
Detect pipes/unix sockets on fly and do not use TCP/IP specific
functions with them.
Fixed support of UNIX sockets on non-Linux kernels. -EG
Fri 16 Apr 2021 10:23:39 AM CEST
Detect if a socket is a UNIX domain socket and do not try to play
with TCP corking options in this case (avoids useless failed
syscalls). -CG
Thu 15 Apr 2021 18:56:00 MSK
Fixed configure '--enable-sanitizer' parameter.
Stopped pushing of partial responses when limited by system maximum size
for sendmsg(). -EG
Web 14 Apr 2021 22:20:00 MSK
Fixed: use sendmsg() in POSIX-compatible way, do not try to send more
than IOV_MAX elements per single call. -EG
Sun 11 Apr 2021 15:44:00 MSK
Updated test TLS certificates to not expired modern versions, restored
HTTPS examples compatibility with modern browsers.
TCP_NODELAY is not pre-enabled for HTTPS connection as it actually
does not speed-up TLS handshakes on moders OSes. -EG
Thu 01 Apr 2021 21:29:46 MSK
Fixed MD5 digest authorization broken when compiled without variable
length arrays support (notably with MSVC).
Fixed and muted compiler warning.
Deeper test with zzuf if configured with --enable-heavy-tests.
Removed run-check of assert() in configure to avoid core dumps. -EG
Thu 01 Apr 2021 17:46:00 MSK
Added new function MHD_run_wait() useful for single-threaded applications
without other network activity.
Added tests for the new function. -EG
Wed 17 Mar 2021 20:53:33 MSK
Re-factored startup log parameters processing. Warn user if wrong logger
could be used potentially.
Added headers doxy with information about minimal MHD version when
particular symbols were introduced.
Added new daemon option to indicate SIGPIPE handling by application for
daemons being run in application thread. -EG
Wed 24 Feb 2021 19:23:00 MSK
SIGPIPE-related macro minor refactoring for readability.
Added new response iov function (and related framework), based on the patch
provided by Lawrence Sebald and Damon N. Earp from NASA. -EG
Thu 04 Feb 2021 06:41:34 PM CET
Fix PostProcessor to always properly stop iteration when application callback
tells it to do so. -CG
Sun 24 Jan 2021 21:30:00 MSK
Added '--enable-heavy-tests' configure parameter.
Minor configure.ac and Makefiles fixes. -EG
Tue 19 Jan 2021 17:59:00 MSK
Fixed compatibility with autoconf. 2.70
Updated M4 macros. -EG
Wed 06 Jan 2021 08:39:58 PM CET
Return timeout of zero also for connections awaiting cleanup. -CG
Tue 29 Dec 2020 15:39:00 MSK
Improved speed of TLS handshake by pre-enabling TCP_NODELAY. -EG
Mon 28 Dec 2020 21:36:00 MSK
Releasing libmicrohttpd 0.9.72. -EG
Mon 28 Dec 2020 09:37:00 MSK
Completely reworked and rewritten TCP_CORK, TCP_NOPUSH, TCP_NODELAY and
MSG_MORE handling. Reduced number of sys-calls, fixed portability for
FreeBSD, OpenBSD, NetBSD, Darwin, W32, Solaris.
Removed usage of gnutls_record_cork() as it fully blocks stream until
final block is ready.
Fixed compatibility with C90 compilers.
Really started using sendmsg() for header + body combined single-call
response sending.
Fixed sending of response body by sendmsg() when it shouldn't be sent,
like responses for HEAD requests.
Improved error handling for gnutls_record_send().
Updated W32 resources for .DLLs.
Fixed building with various disabled features (like messages, HTTPS,
http-upgrade, authorization etc.)
Fixed possible SIGPIPE generation when sendfile() is used (it was always
possible on Linux that sendfile() produce SIGPIPE, now it's fixed).
Several compiler warnings muted and/or fixed in the lib code and in
the examples. -EG
Sun 01 Nov 2020 17:17:00 MSK
Fixed conflict with system CPU_COUNT macro.
Minor improvements of error reporting in MHD daemon.
Fixed FTBFS with GnuTLS versions before 3.1.9
Fixed test_add_conn for multi-CPU machines.
Fixed analyzer warnings.
Fixed use-after-free and resources leaks for upgraded connections
in TLS mode with thread-per-connection. -EG
Sun 25 Oct 2020 19:31:00 MSK
Fixed epoll mode without listening socket.
Minor improvements of thread sync.
Fixed broken sendfile on FreeBSD.
Fixed broken MHD with thread-pool and without listening socket.
Added four tests for MHD_add_connection().
Fixed several resources leaks in error handlers.
Re-implemented scheme of handling of externally added connections,
fixed thread-safety. -EG
Wed 21 Oct 2020 10:00:58 AM CEST
Corking should be OFF when sending the footer (#6610). -AP/CG
Wed 07 Oct 2020 11:07:00 MSK
W32 default target version changed to Vista, XP is still supported.
Minor fixes and additional asserts for memorypool.
IPv6 tests are not used if IPv6 is disabled at run-time. -EG
Sun 27 Sep 2020 10:08:03 PM CEST
Fixed incorrect triggering of epoll edge polling for
"upgraded" TLS connections. Fixed a few cases where
gnutls_record_uncork() return value was still ignored,
possibly causing buffer to not be flushed correctly. -CG
Sat 26 Sep 2020 08:18:02 PM CEST
Make MHD_USE_NO_LISTEN_SOCKET work in conjunction with
MHD internal threads. -CG/DE
Thu 24 Sep 2020 16:55:00 MSK
Fixed compiler warnings on W32.
Minor optimisation of MHD_YES/MHD_NO internal usage.
Refactor and cleanup of internal debugging macros.
Updated HTTP status codes, header names and methods from
the registries.
Fixed portability of test_upgrade_large.
Minor testsuite fixes.
Restored parallel build of libmicrohttpd (except tests). -EG
Fri 11 Sep 2020 10:08:22 PM CEST
Fix crash problem in PostProcessor reported by MD. -CG
Fix GnuTLS configure test to check for gnutls_record_uncork. -CG
Wed 19 Aug 2020 09:40:39 AM CEST
Add logic to check on MHD_pool_reallocate() failure reported on the
mailinglist (will NOT yet fix the issue). -CG
Sun 26 Jul 2020 01:56:54 PM CEST
Add MHD_create_response_from_pipe() to allow creating a response based
on data read from a pipe. -CG
Fri Jul 10 15:04:51 CEST 2020
Fixed Postprocessor URL-encoded parsing if '%' fell on boundary. -CG/MD
Thu 02 Jul 2020 09:56:23 PM CEST
Fixed return type of MHD_queue_basic_auth_fail_response. -CA/CG
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:32:31 +0000 (14:32 +0200)]
libgpg-error: Update to 1.42
- Update from 1.41 to 1.42
- Update rootfile
- Changelog
2021-03-22 Werner Koch <wk@gnupg.org>
core: Add GPG_ERR_SOURCE_TPM2D.
+ commit 200bf2ed9d610219cc0b12a91dedb3bfd52d36b7
* src/err-sources.h.in (GPG_ERR_SOURCE_TPM2D): New.
2021-03-05 Werner Koch <wk@gnupg.org>
w32: Allow Unicode paths for the gettext domain.
+ commit 618ce381f9d70f3a94e87f58f667a6138411018e
* src/w32-gettext.c: Remove remaining WindowsCE support
(load_domain): Use CreateFileW.
2021-03-04 Werner Koch <wk@gnupg.org>
w32: Minor cleanup of w32-gettext.
+ commit 3bf1de7b72be8e1d9fa78eb94730772d9cf61c44
* src/w32-gettext.c: Include gpgrt.h instead gpg-error.h.
(utf8_to_wchar): Use underscored function.
(_gpg_w32_textdomain): Ditto.
2021-02-18 NIIBE Yutaka <gniibe@fsij.org>
build: Support --disable-threads by gen-lock-obj.sh.
+ commit 1fb90a7da186ee2ee098a666f6f3a35bb1720e59
* configure.ac: Supply --disable-threads to gen-lock-obj.sh.
Tighten the condition of using gen-lock-obj.sh for GNU/Linux.
* src/gen-lock-obj.sh: Support --disable-threads.
2021-02-16 NIIBE Yutaka <gniibe@fsij.org>
build: Fix gpgrt-config.
+ commit ed3cd20de8d3eab92dd8fff02bcc214c55d08398
* src/gpgrt-config.in: Remove delimiter variable.
build: More fix for determining libdir for gpgrt-config.
+ commit 28a21addc2e30b0756cdc6774c79f69070df8829
* src/gpg-error.m4: Use CC -print-search-dirs for better support of
GNU style cross prefix.
2021-02-15 NIIBE Yutaka <gniibe@fsij.org>
build: Fix the previous change.
+ commit d7fd25bbfb83cd445bc81aa695b2c6127c22fa59
* src/gpg-error.m4: Fix test condition for GPGRT_CONFIG.
Fix behaviour when there is no GPG_ERROR_CONFIG.
2021-02-12 NIIBE Yutaka <gniibe@fsij.org>
build: Improve how to determine $libdir for gpgrt-config.
+ commit 3cabbad4eec0e5bc6bdaa9f8626578934138adee
* src/gpg-error.m4: Fix $gpgrt_libdir handling.
2021-02-09 NIIBE Yutaka <gniibe@fsij.org>
Support cross-compiling on more platforms.
+ commit 99ae862a96a569724f49a604ebb7d3f6d2c2d374
* src/gen-lock-obj.sh (ECHO_C, ECHO_N): Portability fix.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:32:18 +0000 (14:32 +0200)]
libexif: Update to 0.6.22
- Update from 0.6.21 (2012) to 0.6.22 (2020)
- Update rootfile
- Changelog
* New translations: ms
* Updated translations for most languages
* Fixed C89 compatibility
* Fixed warnings on recent versions of autoconf
* Some useful EXIF 2.3 tag added:
* EXIF_TAG_GAMMA
* EXIF_TAG_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
* EXIF_TAG_GPS_H_POSITIONING_ERROR
* EXIF_TAG_CAMERA_OWNER_NAME
* EXIF_TAG_BODY_SERIAL_NUMBER
* EXIF_TAG_LENS_SPECIFICATION
* EXIF_TAG_LENS_MAKE
* EXIF_TAG_LENS_MODEL
* EXIF_TAG_LENS_SERIAL_NUMBER
* Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others.
* CVE-2018-20030: Fix for recursion DoS
* CVE-2020-13114: Time consumption DoS when parsing canon array markers
* CVE-2020-13113: Potential use of uninitialized memory
* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
* CVE-2020-0093: read overflow
* CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs
* CVE-2020-12767: fixed division by zero
* CVE-2016-6328: fixed integer overflow when parsing maker notes
* CVE-2017-7544: fixed buffer overread
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:32:06 +0000 (14:32 +0200)]
libevent2: Update to 2.1.12
- Update from 2.1.11 to 2.1.12
- Update rootfile
- Changelog
Changes in version 2.1.12-stable (05 Jul 2020)
This release contains mostly bug fixes (I decided not to port some features
that can be ported even without ABI breakage, if you cannot find feature that
you are interested in, please give us a note!)
Since 2.1.12 libevent will use github actions as main CI, since
it recommends itself better then travis/appveyor (and had been removed from
upstream).
Look carefully at "slightly touches the behaviour" section.
Below you will find some of changes (this list has been cleaned up from the
patches that touches only tests and similar):
CI:
o Backport github actions to 2.1 (be3acd7c Azat Khuzhin)
o Merge branch 'event_rpcgen.py-cleanup' (f0ded5f3, 48e04887 Enji Cooper)
o Add API/ABI checker (using LVC) (709210d4, 2af1f6cc yuangongji)
test:
o tinytest: support timeout on Windows (794e8f75 yuangongji)
o Merge branch 'osx-clock' (e85afbe3 Azat Khuzhin)
o test-ratelim: calculate timers bias (for slow CPUs) to avoid false-positive (8ad26d0b Azat Khuzhin)
fixes:
o buffer: do not pass NULL to memcpy() from evbuffer_pullup() (5b063049 Azat Khuzhin)
o http: fix undefined-shift in EVUTIL_IS*_ helpers (6b8d02a7 Azat Khuzhin)
o Check error code of evhttp_add_header_internal() in evhttp_parse_query_impl() (97e28f09 Azat Khuzhin)
o http: fix EVHTTP_CON_AUTOFREE in case of timeout (and some else) (1be25938 Azat Khuzhin)
o evdns: Add additional validation for values of dns options (c2972453 ayuseleznev)
o There is typo in GetAdaptersAddresses windows library. It should be iphlpapi.dll (891adda9 Aleksandr-Melnikov)
o Merge branch 'EV_CLOSED-and-EV_ET-fixes' (db2efdf5 Azat Khuzhin)
o Fix memory corruption in EV_CLOSURE_EVENT_FINALIZE with debug enabled (8ccd8f56 Jan Kasiak)
o increase segment refcnt only if evbuffer_add_file_segment() succeeds (30662a3c yuangongji)
o evdns: fix a crash when evdns_base with waiting requests is freed (6f8e0e97 ayuseleznev)
o event_base_once: fix potential null pointer threat (2e9ceb16 chenguolong)
o http: do not assume body for CONNECT (1b42270b Azat Khuzhin)
o evbuffer_add_file: fix freeing of segment in the error path (5f017bde Azat Khuzhin)
o Fix checking return value of the evdns_base_resolv_conf_parse() (fc51bf2c Azat Khuzhin)
o Merge branch 'fix-signal-leak' (poll/select now needs reinit) (1c9cc07b Azat Khuzhin)
improvements:
o evutil_time: improve evutil_gettimeofday on Windows (a8219143 Nick Grifka)
o Support EV_CLOSED on linux for poll(2) (2530e7c6 Azat Khuzhin)
o Parse IPv6 scope IDs. (f602211f Philip Homburg)
o evutil_time: Implements usleep() using wait funtion on Windows (d42240d1 yuangongji)
o evutil_time: detect and use _gmtime64_s()/_gmtime64() (f4a6152c yuangongji)
slightly touches the behaviour:
o bufferevent: allow setting priority on socket and openssl type (4dd3acdd Nicolas J. Bouliane)
o Fix EV_CLOSED detection/reporting (epoll only) (1df324d4 Azat Khuzhin) (XXX)
o Revert "Warn if forked from the event loop during event_reinit()" (71f5c0d3 Azat Khuzhin)
samples:
o https-client: load certificates from the system cert store on Windows (e9478640 yuangongji)
build fixes:
o Do not use sysctl.h on linux (it had been deprecated) (d2871a37 Azat Khuzhin)
o cmake: avoid problems from use of CMAKE_USE_PTHREADS_INIT (a62ec765 Paul Osborne)
o Update list of cmake files for autotools dist archive (2016f017 Azat Khuzhin)
o LibeventConfig.cmake: restore CMAKE_FIND_LIBRARY_SUFFIXES and LIBEVENT_STATIC_LINK default (640f9cf6 Mario Emmenlauer)
o cmake: fix getaddrinfo checking error (dea51c2e yuangongji)
o autoconf: fix getaddrinfo checking errors on mingw (b9bf7fa7 yuangongji)
o Do not use shared global structures on CYGWIN (8a9b5655 Azat Khuzhin)
o Added uninstall target check to cmakelists (3f1fb1f9 Dimo Markov)
o Fix compilation without OPENSSL_API_COMPAT (921bdcdd Azat Khuzhin)
o cmake: improve package config file (1c047618, baec84f2 yuangongji)
o Link with iphlpapi only on windows (976f7d34 Azat Khuzhin)
o autotools: fails build when need but can not find openssl (93174bb5 yuangongji)
o Merge branch 'http-connect' (e2424229 Azat Khuzhin)
o Fix compat with NetBSD >= 10 (5febb4e1 Kamil Rytarowski)
o cmake: fix getrandom() detection (e0e5f3bd Azat Khuzhin)
o arc4random: replace sysctl() with getrandom (on linux) (66ec78fd Azat Khuzhin)
o Upgrade autoconf (after upgrading minimum required to 2.67) (45da7d9d yuangongji)
o eliminate some C4267 warnings in Windows (9e468c77 yuangongji)
o autotools: attach doxygen target into all target (5d1e8570 yuangongji)
o cmake: attach doxygen target into all target (7a85300a yuangongji)
o Change the minimum version of automake to 1.13 and autoconf to 2.67 (fdb8fb66 ygj6)
o Add Uninstall.cmake.in into dist archive (877f2355 Azat Khuzhin)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 20190324-3.1 to 20210419-3.1
- Update rootfile
- Changelog - note source tarbal version uses date not the version-info
in the changelog file
2021-04-19 Jess Thrysoee
* version-info: 0:65:0
* all: sync with upstream source
* src/getline.c,src/sys.h: Provide getline.c implementation if not available
Patch by Claes Nästén
* src/makelist: Use Posix locale; mainly to get ASCII character classes in e.g. `tr`
Patch by Claes Nästén
* examples/test_filecompletion.c, examples/wtc1.c: err.h not supported by
Solaris
2021-02-16 Jess Thrysoee
* version-info: 0:64:0
* all: sync with upstream source
2019-12-31 Jess Thrysoee
* version-info: 0:63:0
* configure.ac: Support -ltinfo as split in newer ncurses
The newer versions of ncurses support building terminfo routines as a split -ltinfo library.
Patch by Michał Górny
2019-12-11 Jess Thrysoee
* version-info: 0:62:0
* all: sync with upstream source
2019-10-25 Jess Thrysoee
* version-info: 0:61:0
* all: sync with upstream source
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:31:35 +0000 (14:31 +0200)]
libdvbpsi: Update to 1.3.3
- Update from 1.2.0 to 1.3.3
- Update rootfile
- Ran find-dependencies - nothing found
- Changelog
Changes between 1.3.2 and 1.3.3:
* Fix regression in dvbpsi_decoder_psi_section_add() set i_last_section_number
Changes between 1.3.1 and 1.3.2:
* Fix bug in dvbpsi_decoder_psi_section_add() set i_last_section_number
* Fix bug in descriptor 0x8a that prevented it from being parsed properly
* Fix bug in descriptor 0x56 generation with multiple teletext page entries
* Fix bug in descriptor 0x41 correct maximum service count
Changes between 1.3.0 and 1.3.1:
* Fix bugs in table: EIT
* Fix test_dr
Changes between 1.2.0 and 1.3.0:
* New descriptor:
- 0x10 Smoothing Buffer
- 0x11 STD descriptor
- 0x12 IBP descriptor
- 0x1b MPEG-4 video descriptor
- 0x1c MPEG-4 audio descriptor
* Fix bugs in descriptor: 0x02, 0x0a, 0x45, 0x48, 0x50, 0x56, 0x7c
* Fix bugs in table: EIT, NIT
* Fix bugs in demux.c
* Build with mingw32
* Generate descriptors: 0x83, 0xa1
* Documentation fixes:
- tables: NIT
- descriptors: 0xa1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:31:18 +0000 (14:31 +0200)]
libcap-ng: Update to 0.8.2
- Update from 0.7.9 to 0.8.2
- Update rootfile
- Changelog
0.8.2
- In capng_apply, if we blew up in bounding set, allow setting capabilities
- If PR_CAP_AMBIENT is not available, do not build libdrop_ambient
- Improve last_cap check
0.8.1
- If procfs is not available, leave last_cap as CAP_LAST_CAP
- If bounding and ambient not found in status, try prctl method
- In capng_apply, move ambient caps to the end of the transaction
- In capng_apply, return errors more aggressively.
- In capng_apply, if the action includes the bounding set,resync with the kernel
- Fix signed/unsigned warning in cap-ng.c
- In capng_apply, return a unique error code to diagnose any failure
- In capng_have_capability, return 0 for failure
- Add the libdrop_ambient admin tool
0.8
- Add vararg support to python bindings for capng_updatev
- Add support for ambient capabilities
- Add support for V3 filesystem capabilities
0.7.11
- Really clear bounding set if asked in capng_change_id
- Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE
- Avoid malloc/free in capng_apply (Natanael Copa)
- If procfs is not available, get bounding set via prctl
- Cleanup some compiler warnings
0.7.10
- Update capng_change_id man page
- Add capng_have_permitted_capabilities function
- Update filecap to output which set the capabilities are in
- Fix filecap to not output an error when a file has no capabilities
- Add udplite support to netcap
- Fix usage of pthread_atfork (Joe Orton)
- Mark processes in child user namespaces with * (Danila Kiver)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:31:03 +0000 (14:31 +0200)]
libarchive: Update to 3.5.1
- Update from 3.4.0 to 3.5.1
- Update rootfile
- Changelog
Libarchive 3.5.1 Released: Dec 26, 2020
Important bugfixes
various compilation fixes
fixed undefined behavior in a function in warc reader
Windows binary uses xz 5.2.5
Libarchive 3.5.0 Released: Dec 1, 2020
New features
mtree digest reader support
completed support for UTF-8 encoding conversion
minor API enhancements
support for system extended attributes
support for decompression of symbolic links in zipx archives
Important bugfixes
fixed extraction of archives with hard links pointing to itself
fixed writing of cpio archives containing hardlinks without file type
fixed rdev field in cpio format for device nodes
fixed uninitialized size in rar5_read_data
fixed memory leaks in error case of archive_write_open() functions
Libarchive 3.4.3 Released: May 20, 2020
New features
support for pzstd compressed files
support for RHT.security.selinux tar extended attribute
Important bugfixes
various zstd fixes and improvements child process
handling fixes
Libarchive 3.4.2 Released: Feb 11, 2020
New features
Atomic file extraction support (bsdtar -x --safe-writes)
mbed TLS (PolarSSL) support
Important bugfixes
security fixes in RAR5 reader
compression buffer fix in XAR writer
fix for uname and gname longer than 32 characters in PAX writer
fix segfault when archiving hard links in ISO9660 and XAR writers
fix support for extracting 7z archive entries with Delta filter
Libarchive 3.4.1 Released: Dec 30, 2019
New features
Unicode filename support for reading lha/lzh archives
New pax write option "xattrhdr"
Important bugfixes
security fixes in wide string processing
security fixes in RAR5 reader
security fixes and optimizations to write filter logic
security fix related to use of readlink(2)
sparse file handling fixes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 Apr 2021 11:24:11 +0000 (13:24 +0200)]
lua: Update to 5.4.3
- v2 patch version has required libraries not commented
- v2 patch version has lua.pc file commented out in the rootfile
pkgconfig file is only required for build or development and not
for normal running of IPFire
- v2 patch version has make linux changed to make all
INSTALL_TOP is required - default is /usr/local
INSTALL_DATA is required - default results in an empty rootfile
TO_LIB is required - default results in only lua.a in rootfile
- v2 patch version includes PAK_VER updates for dnsdist and haproxy due to
sobump. These packages showed up as dependencies to the old lua library
ncat was also linked but already had a PAK_VER change due to a package
upgrade and so no longer showed up in the find-dependencies scan
- Update from 5.3.5 to 5.4.3
- Autotoolize patch not update since 5.3 series
Based on input from Michael Tremer implemented build approach
from BLFS. This approach also used by Arch Linux. Updated lfs in
line with approach. Added pkgconfig file lua.pc as used in BLFS.
- Update of shared_library patch obtained from BLFS
- Update of rootfile
- Removal of old lua-5.3.5 patches
- Changelog
Main changes
new generational mode for garbage collection
to-be-closed variables
const variables
userdata can have multiple user values
new implementation for math.random
warning system
debug information about function arguments and returns
new semantics for the integer 'for' loop
optional 'init' argument to 'string.gmatch'
new functions 'lua_resetthread' and 'coroutine.close'
string-to-number coercions moved to the string library
allocation function allowed to fail when shrinking a memory block
new format '%p' in 'string.format'
utf8 library accepts codepoints up to 2^31
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Apr 2021 20:04:39 +0000 (22:04 +0200)]
libupnp: Update to 1.14.6
- Update from 1.14.5 to 1.14.6
- Update of rootfile
- Changelog
2021-04-19 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
Fix for a DNS Rebind exploit. A special thanks for the collaboration
of the following people:
- Alaric Senat
- Fabrice Fontaine
- Gabriel Corona
- Ian Whyman
- Jean-Francois Dockes
- Marvin Scholz
- Werner Mahr
2021-04-06 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
Fix for Github #250:
When upnp uses ixml to parse SOAP messages which contains too many
node, services are unavailable.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Apr 2021 20:04:27 +0000 (22:04 +0200)]
libtiff: Update to 4.3.0
- Update from 4.1.0 to 4.3.0
- Update of rootfile
- Changelog is too large to include here
Full details can be found in ChangeLog file in source tarball
49 bug fixes implemented between 4.1.0 and 4.3.0
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Apr 2021 20:04:07 +0000 (22:04 +0200)]
libjpeg: Update to 2.1.0
- Update from 2.0.4 to 2.1.0
- Update rootfile
- Changelog is too large to include here
Full details can be found in ChangeLog.md file in source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>