Stefan Schantl [Thu, 1 Sep 2016 11:35:25 +0000 (13:35 +0200)]
systemd: Generate machine-id on first run.
Do not longer generate the machine-id during the installation progress,
it will be gernerated (if not exists) on the first run of the system
automatically.
Fixes #10078.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
One of the most important advantages against the current used powerDNS 3 series is,
that the next major version will be able use openssl for crytographic operations and not
longer require polarssl/mbedtls for them.
Fixes: #11126
Reference #10947, #11125
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Thu, 19 May 2016 14:52:31 +0000 (16:52 +0200)]
grep: Update to 2.25
Fixes: #11104
** Bug fixes
In the C or POSIX locale, grep now treats all bytes as valid
characters even if the C runtime library says otherwise. The
revised behavior is more compatible with the original intent of
POSIX, and the next release of POSIX will likely make this official.
[bug introduced in grep-2.23]
grep -Pz no longer mistakenly diagnoses patterns like [^a] that use
negated character classes. [bug introduced in grep-2.24]
grep -oz now uses null bytes, not newlines, to terminate output lines.
[bug introduced in grep-2.5]
** Improvements
grep now outputs details more consistently when reporting a write error.
E.g., "grep: write error: No space left on device" rather than just
"grep: write error".
also posted as:
https://savannah.gnu.org/forum/forum.php?forum_id=8523
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Fri, 20 May 2016 05:39:58 +0000 (07:39 +0200)]
dejagnu: Update to 1.6
Fixes: #11101
Important changes include decent SSH support, many bug fixes and a
much improved manual. Many old and defunct board files have been
removed. Refer to the NEWS file for full details.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 17 May 2016 21:31:58 +0000 (22:31 +0100)]
kernel: Remove grsecurity patchset
It is currently very hard to maintain the kernel with the
grsecurity patchset since there is no stable version publicly
available and we have to fight all bugs ourselves.
To be able to put our small resource towards other development
tasks we decided to drop this patchset for now and will
eventually reconsider adding it again. This will allow us
to update the kernel quicker and grsecurity is not too
relevant in the current development status of the distribution.
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 11 May 2016 09:32:20 +0000 (11:32 +0200)]
rsync: Update to 3.1.2.
This is a minor update to the latest stable version of rsync.
* Drop patch which got upstream.
* Link/Use system libpopt and zlib instead of bundled ones.
* Enable testsuite.
* Drop xinetd support and add service files for systemd.
* Ship a sample configuration file.
Fixes #11118.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Wed, 27 Apr 2016 09:18:53 +0000 (11:18 +0200)]
compat-cyrus-sasl: New package.
As a result of a *.so bump in the latest cyrus-sasl package
and binaries wich are still linked against the old version
we have to create a compatibility package to cover this
bump.
Fixes #10892.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Mon, 18 Apr 2016 07:07:48 +0000 (09:07 +0200)]
lzo: Update to 2.09
Changes in 2.09 (04 Feb 2015)
* Work around gcc bug #64516 that could affect architectures like
armv4, armv5 and sparc.
Changes in 2.08 (29 Jun 2014)
* Updated the Autoconf scripts to fix some reported build problems.
* Added CMake build support.
* Fixed lzo_init() on big-endian architectures like Sparc.
Changes in 2.07 (25 Jun 2014)
* Fixed a potential integer overflow condition in the "safe" decompressor
variants which could result in a possible buffer overrun when
processing maliciously crafted compressed input data.
Fortunately this issue only affects 32-bit systems and also can only happen
if you use uncommonly huge buffer sizes where you have to decompress more
than 16 MiB (> 2^24 bytes) untrusted compressed bytes within a single
function call, so the practical implications are limited.
POTENTIAL SECURITY ISSUE. CVE-2014-4607.
* Removed support for ancient configurations like 16-bit "huge" pointers -
LZO now requires a flat 32-bit or 64-bit memory model.
* Assorted cleanups.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Mon, 18 Apr 2016 07:13:03 +0000 (09:13 +0200)]
mc: Update to: 4.8.16
Version 4.8.16
- Core
* Support for ash + bugfixes for bash, fish (#2742)
* Find file: empty file name matches any file name (#3593)
* Find file: empty value of "Content" is used instead of "Search for content" checkbox to disable search for content (#3594)
* Listbox: don't wraparound on mouse scroll (#3554)
* Internals:
* Listbox: various fixups (#3569: #3562, #3563, #3565, #3161)
* Split MSG_ACTION into MSG_ACTION and MSG_NOTIFY (#3566)
- VFS
* Support lzip compression format (#2673, #1541)
* Support lz4 compression format (#3523)
* patchfs: support xz compression (#3443)
* Update uc1541 version (#3527)
* Add mc.ext patterns for initramfs / initrd (#3115)
- Misc
* Code cleanup (#3555, #3547, #3587)
* Better subshell documentation (#3556)
* Fixes to the English man pages by Denys Vlasenko
- Fixes
* Insufficient quoting in `mc.menu` (#2947)
* Broken ./configure --without-internal-edit (#3601)
* Memory leaks (#3547, #3561, #3567, #3572)
* No preallocation if appending during file copy (#3577)
* Cannot set mini-format for "brief" listing type (#3588)
* Info panel: incorrect inode information in some cases (#3214)
* Info panel: wrong device name with symbolic link (#3412)
* Info panel: buffer overflow (#3582)
* Regression: match filename, not full path in mc.ext (#3578)
* Broken case insensitive search in non-unicode locale (#3491)
* Error message prefixed with no sense "0:" (#3269)
* mcedit: buffer overflow (#3579)
* mcedit: "Lower case selection" command in User Menu (#3586)
* mcedit: close on ctrl-g (#3557)
* mcview: "Not found" result isn't reported in some cases (#3543)
* VFS: isofs doesn't show .dotfiles (#3537)
* VFS: isofs: cannot copy file from iso when Joliet without RockRidge is used (#2851)
* VFS: extfs/unzip: enter into zip file fails with "inconsistent extfs archive" (#3433)
* VFS: SFTP: various bugs (#3581)
* VFS: FISH: provide major/minor info for block/char devices (#3599)
* Bashism in gitfs+ extfs helper (#3379)
* Non-portable invocation of man (#3509)
* mc-wrapper leaves MC_USER set (#3550)
* Broken silent opening of files in background (#3574)
* Run `identify` on JPEGs even if `exif` is not installed (#3568)
Version 4.8.15
- Core
* Minimal version of GLib is 2.26.0
* Use the PATH environment variable to search for the executable when opening pipe (#3444)
* Support more than 2 (up to 9) columns in file panel in brief mode (#3212)
* Clarify file sorting in "Unsorted" mode (#3496)
* WGroupbox: respect dialog's colors (#3468)
* Highlight find file's result in internal viewer (#3530)
- Editor
* Add hidden option to choose full or base file name in the status line (#3445)
* Improvements of syntax highlighting:
- Lua (#3471)
- PKGBUILD (#3484)
- Misc
* Text alignment in Info panel (#3155)
* Select of menu file edit: change default button to "User" (#3493)
* Recognize .gmo files as well as .mo ones (#3422)
* Fix mc.pot comment tripping up Transifex and unportable inplace sed (#3479)
* A lot of code clean up (#3420, #3424, #3426, #3427, #3428, #3429, #3430, #3431, #3434, #3435, #3437, #3463, #3464, #3465, #3466, #3467, #3494, #3495, #3539)
* Documentation updates:
- Spanish man and help: Diff Viewer section and minor fixes (#3477)
- VFS garbage collection (#3472)
- Fixes
* Various memory leaks (#3438, #3439, #3440, #3457, #3458, #3459, #3460, #3461, #3462, #3475, #3520, #3521, #3522)
* Linux kernel-specific segfault on startup (#3441)
* Lost of Panelize contents in some cases (#3032, #3489, #3498, #3507)
* Wrong highlight of search result in case of "Regular expression" and "Whole words" (#3524)
* "Whole words" search works only in Normal mode (#3525)
* View find results doesn't jump to match line if file is too short to scroll page (#3530)
* SFTP VFS: segfault (#3456)
* Segfault in "Find file" due to invalid UTF-8 sequences (#3449)
* Bash variable 'PROMPT_COMMAND' in pantheon-terminal (#3534)
Version 4.8.14
- Core
* Minimal version of GLib is 2.14.0
* Add new panel binding "!SelectExt" to select/unselect files with the same extension as the current file (#3228)
* Speed up of directory size calculation (#3247)
* Support of italic text (#3065)
- Editor
* New syntax highlighting support:
- puppet (#3266)
- Viewer
* Rewrite mcview's rendering and scrolling (#3250, #3256)
- no more partial lines at the top and failure to scroll when Up or Down is pressed;
- better handling of CJK characters;
- handle combining accents;
- improved nroff support;
- more conventional scrolling behavior at the end of the file.
* Use VIEW_SELECTED_COLOR in plain mode (#3405)
* In !QuickView panel, don't pass any chars to command line to avoid unexpected command execution (#3253)
- Misc
* Code cleanup (#3265, #3262)
* Bind poedit to Edit action for .po files (#3287)
* Better grammar mcedit user menu (#3246)
- Fixes
* Fail to build against musl libc (#3267)
* Error compiling with glib 2.20.3 (#3333)
* Overwrite of the PROMPT_COMMAND bash variable (#2027)
* contrib/*.?sh are not recreated after rerun of configure (#3181)
* File rename handles zero-length substitutions incorrectly (#2952)
* Lose files on "Skip" when "Cannot preallocate space for target file" (#3297)
* Info panel can't obtain file system statistics on Solaris (#3277)
* "Shell patterns" broken beyond repair (#2309)
* File selection by patterns uses bytes instead of unicode characters (#2743)
* Copy files dosn't work as expected, when copying to a directory with the special symbol in its name (#3235)
* Wrong order of old_colors table items (#3404)
* Input line: Alt+Backspace on one-letter word erases too much (#3390)
* "Directory scanning" window is too narrow (#3162)
* No Help for User Menu (#3409)
* mcedit: paste from clipboard does not work (#3339)
* mcviewer: hang when viewing broken man page (#2966)
* mcview hex: incorrect highlight when search string not found (#3263)
* mcview hex edit: UTF-8 chars are not updated (#3259)
* mcview hex edit: can't enter certain UTF-8 characters (#3260)
* mcview hex edit: CJK overflow (#3261)
* mcedit: status line doesn't show full path to file (#3285)
* Freeze when copying from one FTP location to another (#358)
Version 4.8.13
- Core
* New engine of user-friendly interruption of long-time operations (#2136)
- Editor
* Improvements of syntax highlighting:
* CMake (#3216)
* PHP (#3230)
* Translate language names in the spelling assistant dialogue (#3233)
- Viewer
* Add separate normal(default) colour pair for viewer (#3204)
* Dealing with utf-8 man pages in view/open (#1539)
* "Goto line" is 1-based now (#3245)
- Misc
* Code cleanup (#3189, #3223, #3242)
* Add new skins: gray-green-purple256 and gray-orange-blue256 (#3190)
- Fixes
* First Backspace/Delete is ignored after mouse click in an input widget (#3225)
* Recursive find file doesn't work on Samba share (#3097)
* Recursive find file doesn't work on Windows NFS share (#3202)
* Incorrect file counter in move operation (#3196, #3209)
* "Directory scanning" window is too narrow (#3162)
* Colon is not recognized inside escape seq in prompt (#3241)
* Quick view doesn't grab focus on mouse click (#3251)
* fish subshell: overridden prompt (#3232, #3237)
* mcviewer: broken switch between raw and parse modes (#3219)
* mcviewer: incorrect percentage in mcview hex mode (#3258)
* RAR VFS incorrectly recognizes UnRAR version (#3240)
* viewbold and viewselected are missing from some skins (#3244)
* Incorrect enconding name for manual page (#3239)
* "User menu -> View manual page" doesn't do coloring (#3243)
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Thu, 14 Apr 2016 08:37:44 +0000 (10:37 +0200)]
libusb: Update to 1.0.20
* Add Haiku support
* Fix multiple memory and resource leaks (#16, #52, #76, #81)
* Fix possible deadlock when executing transfer callback
* New libusb_free_pollfds() API
* Linux: Allow larger isochronous transfer submission (#23)
* Examples: Add two-stage load support to fxload (#12)
* Correctly report cancellations due to timeouts
* Improve efficiency of event handling
* Improve speed of transfer submission in multi-threaded environments
* Various other bug fixes and improvements
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 31 Mar 2016 12:59:10 +0000 (13:59 +0100)]
glibc: Update to version 2.23
Requires Linux kernel 3.2 now.
Security related changes:
* An out-of-bounds value in a broken-out struct tm argument to strftime no
longer causes a crash. Reported by Adam Nielsen. (CVE-2015-8776)
* The LD_POINTER_GUARD environment variable can no longer be used to disable
the pointer guard feature. It is always enabled. Previously,
LD_POINTER_GUARD could be used to disable security hardening in binaries
running in privileged AT_SECURE mode. Reported by Hector Marco-Gisbert.
(CVE-2015-8777)
* An integer overflow in hcreate and hcreate_r could lead to an
out-of-bounds memory access. Reported by Szabolcs Nagy. (CVE-2015-8778)
* The catopen function no longer has unbounded stack usage. Reported by
Max. (CVE-2015-8779)
* The nan, nanf and nanl functions no longer have unbounded stack usage
depending on the length of the string passed as an argument to the
functions. Reported by Joseph Myers. (CVE-2014-9761)
* A stack-based buffer overflow was found in libresolv when invoked from
libnss_dns, allowing specially crafted DNS responses to seize control
of execution flow in the DNS client. The buffer overflow occurs in
the functions send_dg (send datagram) and send_vc (send TCP) for the
NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
family. The use of AF_UNSPEC triggers the low-level resolver code to
send out two parallel queries for A and AAAA. A mismanagement of the
buffers used for those queries could result in the response of a query
writing beyond the alloca allocated buffer created by
_nss_dns_gethostbyname4_r. Buffer management is simplified to remove
the overflow. Thanks to the Google Security Team and Red Hat for
reporting the security impact of this issue, and Robert Holiday of
Ciena for reporting the related bug 18665. (CVE-2015-7547)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 29 Mar 2016 16:02:43 +0000 (17:02 +0100)]
glibc: Update to version 2.22
Security fix:
A buffer overflow in gethostbyname_r and related functions performing DNS
requests has been fixed. If the NSS functions were called with a
misaligned buffer, the buffer length change due to pointer alignment was
not taken into account. This could result in application crashes or,
potentially arbitrary code execution, using crafted, but syntactically
valid DNS responses. (CVE-2015-1781)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>