Stefan Schantl [Fri, 14 Apr 2023 16:32:54 +0000 (18:32 +0200)]
rules.pl: Avoid creating iptables rules if the corresponding blocklist is not loaded
In case a blocklist is empty after de-duplication of the entries, it
would not be loaded. In such a case we also can skip creating any
iptables rules for this list.
This avoids us checking against an empty list and therefore saves a few cpu cycles.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Peter Müller [Fri, 7 Apr 2023 14:35:11 +0000 (14:35 +0000)]
parse-func.pl: Adjust regular expression to changed 'tc' output
It is not clear at all why they choose to change the tool's output this
way in upstream commit 010a8388aea11e767ba3a2506728b9ad9760df0e, but
we'll have to make do with this.
Fixes: #13075 Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Symlink will remain in place to ensure the reverted version is always
shipped to our users, including those that have installed Core Update
174 (testing).
Fixes: #13073 Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 16 Mar 2023 10:34:03 +0000 (11:34 +0100)]
header.pl: Add reference to colors.txt into header.pl
- With change of common css entries into header.pl with commit
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=b52a84ddc77f9db7e4ad7b129f21fbf528c6f990
I had missed that color20 and color22 etc, that come from colors.txt, are not known in
header.pl so that the alternate colours in tables were missing. Even though I tested the
previous commit I obviously did not look well enough because I missed that the tables
had no alternate colours. I just found it now when looking at Core Update 174 Testing.
- Confirmed by copying this version of header.pl into my CU174 Testing system and the
alternate colour rows came back again as they should be. I am sure now that they are
correct.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Adolf Belka [Sun, 12 Mar 2023 12:48:11 +0000 (13:48 +0100)]
Language files: Fixes bug#12701 - Line removed from proxy.cgi no longer needed in lang files
- v2 version that has only the removed line in the language files diffs
- Line removed from de, en, es & fr
- No translations had been done for the other languages for that line.
Fixes: Bug#12701 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Sat, 11 Mar 2023 17:04:18 +0000 (17:04 +0000)]
linux-firmware: Do not ship the qca/ directory
It only contains firmware files for some Qualcomm Bluetooth devices, for
which there is no use on IPFire, since we disabled Bluetooth support in
the kernel a long time ago due to security reasons.
To save some space (~ 1.9 MByte), do not ship these files, and delete
them on existing IPFire installations as well.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 20221214 to 20230210
- Update of rootfile
- Changelog
For changes see the commits in the git repo
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 14 Feb 2023 13:08:46 +0000 (14:08 +0100)]
procy.cgi: Fix bug#12701 - remove advproxy wpad notice line
- This line is no longer needed with the help button at the top of each WUI page that was
implemented by @Leo
- Sorry for long time for me to get around to finalising this patch but it is done now.
Fixes: bug#12701 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Mon, 6 Mar 2023 17:04:24 +0000 (18:04 +0100)]
updatexlrator.cgi: Update to naming of variables in css section
- This updates the updatexlrator.cgi page to the same central use of extraHead from
header.pl and simplifying of css variables where appropriate.
- The variables for the percentage bar will also be able to be used in other cgi pages
with a percent bar.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Mon, 6 Mar 2023 17:04:23 +0000 (18:04 +0100)]
dhcp.cgi: Update to naming of variables in css section
- After looking at other .cgi files I realised that I had named the variables based on
their dhcp usage only. However colouryellow or color20 etc can be used not only in a
row but also in a cell or a column. Rather than ending up with multiple copies of the
same colour for rows, cells, columns etc I have simplified the variable names to just
the colour. They can then be used in whatever situation is wanted. The rest of the cgi
code will give the view of what structure the colour is being applied to.
- This will limit the number of different css variables defined in the header.pl file
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Stefan Schantl [Tue, 7 Mar 2023 11:53:49 +0000 (12:53 +0100)]
traffic.cgi: Do not use hard-coded red interface name
If QMI is used the dial in mode has to be set as ppp dialin but the
interface name is red. In such a case the old code tried to display
the stats for the ppp0 interface which is wrong.
This patch fixes this issue by calling the handy function to get
the correct interface name for red.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:01:24 +0000 (23:01 +0100)]
grep: Update to version 3.9
- Update from version 3.8 to 3.9
- Update of rootfile not required
- Changelog
Noteworthy changes in release 3.9 (2023-03-05) [stable]
Bug fixes
With -P, some non-ASCII UTF8 characters were not recognized as
word-constituent due to our omission of the PCRE2_UCP flag. E.g.,
given f(){ echo Perú|LC_ALL=en_US.UTF-8 grep -Po "$1"; } and
this command, echo $(f 'r\w'):$(f '.\b'), before it would print ":r".
After the fix, it prints the correct results: "rú:ú".
When given multiple patterns the last of which has a back-reference,
grep no longer sometimes mistakenly matches lines in some cases.
[Bug#36148#13 introduced in grep 3.4]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:01:26 +0000 (23:01 +0100)]
python3-setuptools: Update to version 67.5.1
- Update from version 65.4.1 to 67.5.1
- Update of rootfile
- Changelog
v67.5.1
Misc
* #3836: Fixed interaction between ``setuptools``' package auto-discovery and
auto-generated ``htmlcov`` files.
Previously, the ``htmlcov`` name was ignored when searching for single-file
modules, however the correct behaviour is to ignore it when searching for
packages (since it is supposed to be a directory, see `coverage config`_)
-- by :user:`yukihiko-shinoda`.
.. _coverage config: https://coverage.readthedocs.io/en/stable/config.html#html-directory
* #3838: Improved error messages for ``pyproject.toml`` validations.
* #3839: Fixed ``pkg_resources`` errors caused when parsing metadata of packages that
are already installed but do not conform with PEP 440.
v67.5.0
Changes
* #3843: Although pkg_resources has been discouraged for use, some projects still
consider pkg_resources viable for usage. This change makes it clear that
pkg_resources should not be used, emitting a DeprecationWarning when imported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:01:27 +0000 (23:01 +0100)]
sudo: Update to version 1.9.13p3
- Update from version 1.9.13p2 to 1.9.13p3
- Update of rootfile not required
- Changelog
What's new in Sudo 1.9.13p3
* Fixed a bug introduced in sudo 1.9.13 that caused a syntax error
when "list" was used as a user or host name. GitHub issue #246.
* Fixed a bug that could cause sudo to hang when running a command
in a pseudo-terminal when there is still input buffered after a
command has exited.
* Fixed "sudo -U otheruser -l command". This is a regression in
sudo 1.9.13. GitHub issue #248.
* Fixed "sudo -l command args" when matching a command in sudoers
with command line arguments. This is a regression in sudo 1.9.13.
GitHub issue #249.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:05:15 +0000 (23:05 +0100)]
qpdf: Update to version 11.3.0
- Update from version 10.4.0 to 11.3.0
- Update of rootfile
- Build changed to cmake from version 11.0 onwards
- find-dependencies run due to lib so bump. Only qpdf and cups-filters are linked to
the changed libs. cups-filters being shipped due to a change required because of
qpdf-11.3.0
- Changelog is too large to include here. Details can be found in the ChangeLog file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:02:18 +0000 (23:02 +0100)]
poppler-data: Update to version 0.4.12
- Update from version 0.4.11 to 0.4.12
- Update of rootfile not required
- No Changelog available but the latest version of poppler-data is required by poppler
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 7 Mar 2023 22:02:17 +0000 (23:02 +0100)]
poppler: Update to version 23.03.0
- Update from version 23.01.0 to 23.03.0
- Update of rootfile not required
- Changelog
Release 23.03.0:
core:
* PngWriter: Fix potential uninitialized memory use
Release 23.02.0:
core:
* CairoOutputDev: Fix rendering of color type 3 fonts
* CairoOutputDev: Add handling matte entry
* Fix segfault on wrong nssdir
* Fix "NSS could not shutdown"
utils:
* pdfsig: Point out supports PKCS#11 URIs as nickname
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 8 Mar 2023 14:59:55 +0000 (15:59 +0100)]
log.dat: Fixes Bug#12922 - adjusts regex to catch hostname for hostname or FQDN
- Most of the packages being searched for in the system logs section only put hostname into
the logs. However HAProxy puts the FQDN. Reviewing RFC 5424 shows that this is following
the requirements. The preferred order fromn the RFC is
1. FQDN
2. Static IP address
3. hostname
4. Dynamic IP address
5. the NILVALUE
- Most of the programs are using option 3 but option 1 is valid for HAProxy
- The regex change filters out the hostname from the FQDN if an extra 'dot' is present
Fixes: Bug#12922 Suggested-by: Michael <ip.fire@die-fritzens.de> Tested-by: Michael <ip.fire@die-fritzens.de> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 8 Mar 2023 14:59:54 +0000 (15:59 +0100)]
log.dat: Fix bug#12922 - add HAProxy to System Log drop down list
Fixes: Bug#12922 Suggested-by: Michael <ip.fire@die-fritzens.de> Tested-by: Michael <ip.fire@die-fritzens.de> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 8 Mar 2023 10:33:35 +0000 (11:33 +0100)]
cups: Update to version 2.4.2
- Update from 2.4.1 to 2.4.2
- Update of rootfile not required
- Changelog
Changes in CUPS v2.4.2 (26th May 2022)
- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
- The `cupsFileOpen` function no longer opens files for append in read-write
mode (Issue #291)
- The cupsd daemon removed processing temporary queue (Issue #364)
- Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm
closing the connection (Issue #365)
- Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329)
- Fixed CSS related issues in CUPS Web UI (Issue #344)
- Fixed copyright in CUPS Web UI trailer template (Issue #346)
- mDNS hostname in device uri is not resolved when installaling a permanent
IPP Everywhere queue (Issues #340, #343)
- The `lpstat` command now reports when the scheduler is not running
(Issue #352)
- Updated the man pages concerning the `-h` option (Issue #357)
- Re-added LibreSSL/OpenSSL support (Issue #362)
- Updated the Solaris smf service file (Issue #368)
- Fixed a regression in lpoptions option support (Issue #370)
- The scheduler now regenerates the PPD cache information after changing the
"cupsd.conf" file (Issue #371)
- Updated the scheduler to set "auth-info-required" to "username,password" if a
backend reports it needs authentication info but doesn't set a method for
authentication (Issue #373)
- Updated the configure script to look for the OpenSSL library the old way if
pkg-config is not available (Issue #375)
- Fixed the prototype for the `httpWriteResponse` function (Issue #380)
- Brought back minimal AIX support (Issue #389)
- `cupsGetResponse` did not always set the last error.
- Fixed a number of old references to the Apple CUPS web page.
- Restored the default/generic printer icon file for the web interface.
- Removed old stylesheet classes that are no longer used by the web
interface.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://dlcdn.apache.org/httpd/CHANGES_2.4.56
"Changes with Apache 2.4.56
*) SECURITY: CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi
HTTP response splitting (cve.mitre.org)
HTTP Response Smuggling vulnerability in Apache HTTP Server via
mod_proxy_uwsgi. This issue affects Apache HTTP Server: from
2.4.30 through 2.4.55.
Special characters in the origin response header can
truncate/split the response forwarded to the client.
Credits: Dimas Fariski Setyawan Putra (nyxsorcerer)
*) SECURITY: CVE-2023-25690: HTTP request splitting with
mod_rewrite and mod_proxy (cve.mitre.org)
Some mod_proxy configurations on Apache HTTP Server versions
2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with
some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and
is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:
RewriteEngine on
RewriteRule "^/here/(.*)" "
http://example.com:8080/elsewhere?$1"
http://example.com:8080/elsewhere ; [P]
ProxyPassReverse /here/ http://example.com:8080/
http://example.com:8080/
Request splitting/smuggling could result in bypass of access
controls in the proxy server, proxying unintended URLs to
existing origin servers, and cache poisoning.
Credits: Lars Krapf of Adobe
*) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be
truncated without the initial logfile being truncated. [Eric Covener]
*) mod_ldap: LDAPConnectionPoolTTL should accept negative values in order to
allow connections of any age to be reused. Up to now, a negative value
was handled as an error when parsing the configuration file. PR 66421.
[nailyk <bzapache nailyk.fr>, Christophe Jaillet]
*) mod_proxy_ajp: Report an error if the AJP backend sends an invalid number
of headers. [Ruediger Pluem]
*) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errors
reported in access logs and error documents. The processing of the
reset was correct, only unneccesary reporting was caused.
[Stefan Eissing]
Peter Müller [Sun, 5 Mar 2023 20:39:51 +0000 (20:39 +0000)]
ca-certificates: Rebase patch for removing TrustCor root CAs
This is necessary since the certdata2pem.py script does not take
meta information such as "distrust after date" into account, hence
Mozilla's changes to TrustCor's root CAs are not sufficient to have them
removed from or distrusted on IPFire installations.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Mon, 6 Mar 2023 15:33:55 +0000 (16:33 +0100)]
strongswan: Update to version 5.9.10
- Update from version 5.9.9 to 5.9.10
- Update of rootfile not required
- Changelog
strongswan-5.9.10
- Fixed a vulnerability related to certificate verification in TLS-based EAP
methods that leads to an authentication bypass followed by an expired pointer
dereference that results in a denial of service and possibly even remote code
execution.
This vulnerability has been registered as CVE-2023-26463.
- Added support for full packet hardware offload for IPsec SAs and policies with
Linux 6.2 kernels to the kernel-netlink plugin.
- TLS-based EAP methods now use the standardized key derivation when used
with TLS 1.3.
- The eap-tls plugin properly supports TLS 1.3 according to RFC 9190, by
implementing the "protected success indication".
- With the `prefer` value for the `childless` setting, initiators will create
a childless IKE_SA if the responder supports the extension.
- Routes via XFRM interfaces can optionally be installed automatically by
enabling the `install_routes_xfrmi` option of the kernel-netlink plugin.
- charon-nm now uses XFRM interfaces instead of dummy TUN devices to avoid
issues with name resolution if they are supported by the kernel.
- The `pki --req` command can encode extendedKeyUsage (EKU) flags in the
PKCS#10 certificate signing request.
- The `pki --issue` command adopts EKU flags from CSRs but allows modifying them
(replace them completely, or adding/removing specific flags).
- On Linux 6.2 kernels, the last use times of CHILD_SAs are determined via the
IPsec SAs instead of the policies.
- For libcurl with MultiSSL support, the curl plugin provides an option to
select the SSL/TLS backend.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Arne informed me via the phone that this patch has to be reverted, since
his changes for riscv64 already made it redundant. Keeping it would
cause rootfile quirks to the riscv64 builds.
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 2 Mar 2023 10:14:19 +0000 (11:14 +0100)]
zstd: Update to version 1.5.4
- Update from version 1.5.2 to 1.5.4
- Update of rootfile
- Changelog
v1.5.4 (Feb 2023)
perf: +20% faster huffman decompression for targets that can't compile x64 assembly (#3449, @terrelln)
perf: up to +10% faster streaming compression at levels 1-2 (#3114, @embg)
perf: +4-13% for levels 5-12 by optimizing function generation (#3295, @terrelln)
pref: +3-11% compression speed for `arm` target (#3199, #3164, #3145, #3141, #3138, @JunHe77 and #3139, #3160, @danlark1)
perf: +5-30% faster dictionary compression at levels 1-4 (#3086, #3114, #3152, @embg)
perf: +10-20% cold dict compression speed by prefetching CDict tables (#3177, @embg)
perf: +1% faster compression by removing a branch in ZSTD_fast_noDict (#3129, @felixhandte)
perf: Small compression ratio improvements in high compression mode (#2983, #3391, @Cyan4973 and #3285, #3302, @daniellerozenblit)
perf: small speed improvement by better detecting `STATIC_BMI2` for `clang` (#3080, @TocarIP)
perf: Improved streaming performance when `ZSTD_c_stableInBuffer` is set (#2974, @Cyan4973)
cli: Asynchronous I/O for improved cli speed (#2975, #2985, #3021, #3022, @yoniko)
cli: Change `zstdless` behavior to align with `zless` (#2909, @binhdvo)
cli: Keep original file if `-c` or `--stdout` is given (#3052, @dirkmueller)
cli: Keep original files when result is concatenated into a single output with `-o` (#3450, @Cyan4973)
cli: Preserve Permissions and Ownership of regular files (#3432, @felixhandte)
cli: Print zlib/lz4/lzma library versions with `-vv` (#3030, @terrelln)
cli: Print checksum value for single frame files with `-lv` (#3332, @Cyan4973)
cli: Print `dictID` when present with `-lv` (#3184, @htnhan)
cli: when `stderr` is *not* the console, disable status updates, but preserve final summary (#3458, @Cyan4973)
cli: support `--best` and `--no-name` in `gzip` compatibility mode (#3059, @dirkmueller)
cli: support for `posix` high resolution timer `clock_gettime()`, for improved benchmark accuracy (#3423, @Cyan4973)
cli: improved help/usage (`-h`, `-H`) formatting (#3094, @dirkmueller and #3385, @jonpalmisc)
cli: Fix better handling of bogus numeric values (#3268, @ctkhanhly)
cli: Fix input consists of multiple files _and_ `stdin` (#3222, @yoniko)
cli: Fix tiny files passthrough (#3215, @cgbur)
cli: Fix for `-r` on empty directory (#3027, @brailovich)
cli: Fix empty string as argument for `--output-dir-*` (#3220, @embg)
cli: Fix decompression memory usage reported by `-vv --long` (#3042, @u1f35c, and #3232, @zengyijing)
cli: Fix infinite loop when empty input is passed to trainer (#3081, @terrelln)
cli: Fix `--adapt` doesn't work when `--no-progress` is also set (#3354, @terrelln)
api: Support for Block-Level Sequence Producer (#3333, @embg)
api: Support for in-place decompression (#3432, @terrelln)
api: New `ZSTD_CCtx_setCParams()` function, set all parameters defined in a `ZSTD_compressionParameters` structure (#3403, @Cyan4973)
api: Streaming decompression detects incorrect header ID sooner (#3175, @Cyan4973)
api: Window size resizing optimization for edge case (#3345, @daniellerozenblit)
api: More accurate error codes for busy-loop scenarios (#3413, #3455, @Cyan4973)
api: Fix limit overflow in `compressBound` and `decompressBound` (#3362, #3373, Cyan4973) reported by @nigeltao
api: Deprecate several advanced experimental functions: streaming (#3408, @embg), copy (#3196, @mileshu)
bug: Fix corruption that rarely occurs in 32-bit mode with wlog=25 (#3361, @terrelln)
bug: Fix for block-splitter (#3033, @Cyan4973)
bug: Fixes for Sequence Compression API (#3023, #3040, @Cyan4973)
bug: Fix leaking thread handles on Windows (#3147, @animalize)
bug: Fix timing issues with cmake/meson builds (#3166, #3167, #3170, @Cyan4973)
build: Allow user to select legacy level for cmake (#3050, @shadchin)
build: Enable legacy support by default in cmake (#3079, @niamster)
build: Meson build script improvements (#3039, #3120, #3122, #3327, #3357, @eli-schwartz and #3276, @neheb)
build: Add aarch64 to supported architectures for zstd_trace (#3054, @ooosssososos)
build: support AIX architecture (#3219, @qiongsiwu)
build: Fix `ZSTD_LIB_MINIFY` build macro, which now reduces static library size by half (#3366, @terrelln)
build: Fix Windows issues with Multithreading translation layer (#3364, #3380, @yoniko) and ARM64 target (#3320, @cwoffenden)
build: Fix `cmake` script (#3382, #3392, @terrelln and #3252 @Tachi107 and #3167 @Cyan4973)
doc: Updated man page, providing more details for `--train` mode (#3112, @Cyan4973)
doc: Add decompressor errata document (#3092, @terrelln)
misc: Enable Intel CET (#2992, #2994, @hjl-tools)
misc: Fix `contrib/` seekable format (#3058, @yhoogstrate and #3346, @daniellerozenblit)
misc: Improve speed of the one-file library generator (#3241, @wahern and #3005, @cwoffenden)
v1.5.3 (dev version, unpublished)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 2 Mar 2023 10:14:18 +0000 (11:14 +0100)]
texinfo: Update to version 7.0.2
- Update from version 6.8 to 7.0.2
- Update of rootfile
- Removal of patch which was needed due to inability to build texinfo-6.8 with glibc-2.34
Problem was fixed for building with glibc-2.34 and onwards with texinfo-7.0
- Changelog
7.0.2 (22 January 2023)
This is a bug-fix release with minimal changes.
* texi2any
. do not distribute architecture-dependent files
. build fixed on OpenIndiana 11
* info
. further fix of recoding of UTF-8 files to ASCII
. fix check for presence of man pages on Solaris
* install-info
. fix build by avoiding function name clash on some platforms
. compiler warning re strncat silenced
7.0.1 (30 November 2022)
This is a bug-fix release with minimal changes.
* texi2any
. avoid crashes on empty @image argument and other potential crashes
(with "Can't use an undefined value as an ARRAY reference" message)
. avoid hang on @ref command inside section command
* info
. fix recoding of UTF-8 files to ASCII when run in C locale
* js
. index search fixed for new HTML output
. some obsolete files removed from distribution
7.0 (7 November 2022)
* texi2any
. LaTeX added as an output format, selected with --latex
. EPUB 3 added as an output format, selected with --epub3
. reform throughout the code in general
. thorough review of character encoding issues
. new customization variables involved with character encoding:
INPUT_FILE_NAME_ENCODING, OUTPUT_FILE_NAME_ENCODING,
DOC_ENCODING_FOR_INPUT_FILE_NAME, DOC_ENCODING_FOR_OUTPUT_FILE_NAME,
MESSAGE_ENCODING and COMMAND_LINE_ENCODING
. warn if full-text commands (@ref, @footnote, @anchor) appear in @w
. new variable NO_TOP_NODE_OUTPUT
. IGNORE_BEFORE_SETFILENAME variable removed. former effect
is now always on.
. HTML output:
. use manual_name_html as output directory for split HTML instead of
manual_name or manual_name.html
. default DOCTYPE declaration changed to plain HTML5 style rather than
HTML4 DTD reference
. output only the CSS rules that are needed in an output file
. remove CSS_LINES variable and add SHOW_BUILTIN_CSS_RULES
(custom CSS can still be output using EXTRA_HEAD)
. use <code> tag for the output of @t and @verb instead of <tt>
. use <abbr> for @acronym instead of <acronym>
. link to table of contents from short table of contents only if a
table of contents is actually output
. prefix classes from @example arguments with `user-'
. percent encode URL in @url/@uref, @email, @image and external
manual file
. new USE_XML_SYNTAX, HTML_ROOT_ELEMENT_ATTRIBUTES and
NO_CUSTOM_HTML_ATTRIBUTE variables can be used to output
valid XHTML
. systematic addition of classes attribute in HTML elements based on the
Texinfo @-command names. renaming of class attributes to avoid
confusion with @-commands formatting and describe the role in the
document rather than the formatting style.
. COPIABLE_ANCHORS renamed to COPIABLE_LINKS
. do not add a title by default; SHOW_TITLE or NO_TOP_NODE_OUTPUT has
to be set
. USE_TITLEPAGE_FOR_TITLE is now true by default
. L2H variable removed, replaced by HTML_MATH set to `l2h'
. rename OVERVIEW_LINK_TO_TOC to SHORT_TOC_LINK_TO_TOC
. rename BEFORE_OVERVIEW to BEFORE_SHORT_TOC_LINE
. rename AFTER_OVERVIEW to AFTER_SHORT_TOC_LINES
. remove PRE_ABOUT, AFTER_ABOUT, and add PROGRAM_NAME_IN_ABOUT
. remove KEEP_TOP_EXTERNAL_REF
. new variables IGNORE_REF_TO_TOP_NODE_UP, CONVERT_TO_LATEX_IN_MATH,
HTMLXREF_MODE and HTMLXREF_FILE
. DocBook output:
. do not output Top node or text before the first @node or sectioning
@-command. NO_TOP_NODE_OUTPUT can be set to false to output Top node
for now.
. replace @definfocenlose defined @-commands by the argument as-is
to be more consistent with printed output
. HTML/DocBook output:
. USE_NUMERIC_ENTITY changed to mean to use numeric entities instead
of named entities. former effect is now always on.
. ENABLE_ENCODING_USE_ENTITY variable removed. former effect is now
always off.
. Info output
. quote problematic node names (with :, comma...) by default
. new customization variable ASCII_PUNCTUATION to use plain ASCII
characters for quotation marks and a few other symbols
* texinfo.tex
. `@microtype on' uses microtypography in formatting for pdfTeX and LuaTeX
. do not ignore @part page immediately following Top node
. do `@set txicodevaristt' to get slanted typewriter for @var in code,
`@clear txicodevaristt' to use slanted, variable-width roman font for
@var everywhere. flag is @set by default, but we may turn this off
in the future.
. new file doc/texinfo-zh.tex for Texinfo documents in Chinese.
new support file doc/txi-zh.tex for Chinese. doc/short-sample-zh.texi is
a sample document.
* info
. better support for index entries containing parentheses
. better support for getting bold text etc. when displaying manpages
. bug fixed where the first index entry in a file could be ignored
. M-C-f closes as well as opens footnotes window
. do not crash if run in Brazilian Portuguese locale
* Language
. @deftype* commands use typewriter font in argument list
. new commands @latex, @iflatex, @ifnotlatex for new LaTeX output format
. do `@set txidefnamenospace' to omit space after a definition name
* Other
. build fixed for glibc 2.34
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 2 Mar 2023 10:14:17 +0000 (11:14 +0100)]
sudo: Update to version 1.9.13p2
- Update from version 1.9.12p2 to 1.9.13p2
- Update of rootfile
- Changelog
What's new in Sudo 1.9.13p2
* Fixed the --enable-static-sudoers option, broken in sudo 1.9.13.
GitHub issue #245.
* Fixed a potential double-free bug when matching a sudoers rule
that contains a per-command chroot directive (CHROOT=dir). This
bug was introduced in sudo 1.9.8.
What's new in Sudo 1.9.13p1
* Fixed a typo in the configure script that resulted in a line
like "]: command not found" in the output. GitHub issue #238.
* Corrected the order of the C23 [[noreturn]] attribute in function
prototypes. This fixes a build error with GCC 13. GitHub issue
#239.
* The "check" make target misbehaved when there was more than
one version of the UTF-8 C locale in the output of "locale -a".
GitHub issue #241.
* Removed a dependency on the AC_SYS_YEAR2038 macro in configure.ac.
This was added in autoconf 2.72 but sudo's configure.ac only
required autoconf 2.70.
* Relaxed the autoconf version requirement to version 2.69.
What's new in Sudo 1.9.13
* Fixed a bug running relative commands via sudo when "log_subcmds"
is enabled. GitHub issue #194.
* Fixed a signal handling bug when running sudo commands in a shell
script. Signals were not being forwarded to the command when
the sudo process was not run in its own process group.
* Fixed a bug in cvtsudoers' LDIF parsing when the file ends without
a newline and a backslash is the last character of the file.
* Fixed a potential use-after-free bug with cvtsudoers filtering.
GitHub issue #198.
* Added a reminder to the default lecture that the password will
not echo. This line is only displayed when the pwfeedback option
is disabled. GitHub issue #195.
* Fixed potential memory leaks in error paths. GitHub issues #199,
#202.
* Fixed potential NULL dereferences on memory allocation failure.
GitHub issues #204, #211.
* Sudo now uses C23-style attributes in function prototypes instead
of gcc-style attributes if supported.
* Added a new "list" pseudo-command in sudoers to allow a user to
list another user's privileges. Previously, only root or a user
with the ability to run any command as either root or the target
user on the current host could use the -U option. This also
includes a fix to the log entry when a user lacks permission to
run "sudo -U otheruser -l command". Previously, the logs would
indicate that the user tried to run the actual command, now the
log entry includes the list operation.
* JSON logging now escapes control characters if they happen to
appear in the command or environment.
* New Albanian translation from translationproject.org.
* Regular expressions in sudoers or logsrvd.conf may no longer
contain consecutive repetition operators. This is implementation-
specific behavior according to POSIX, but some implementations
will allocate excessive amounts of memory. This mainly affects
the fuzzers.
* Sudo now builds AIX-style shared libraries and dynamic shared
objects by default instead of svr4-style. This means that the
default sudo plugins are now .a (archive) files that contain a
.so shared object file instead of bare .so files. This was done
to improve compatibility with the AIX Freeware ecosystem,
specifically, the AIX Freeware build of OpenSSL. Sudo will still
load svr4-style .so plugins and if a .so file is requested,
either via sudo.conf or the sudoers file, and only the .a file
is present, sudo will convert the path from plugin.so to
plugin.a(plugin.so) when loading it. This ensures compatibility
with existing configurations. To restore the old, pre-1.9.13
behavior, run configure using the --with-aix-soname=svr4 option.
* Sudo no longer checks the ownership and mode of the plugins that
it loads. Plugins are configured via either the sudo.conf or
sudoers file which are trusted configuration files. These checks
suffered from time-of-check vs. time-of-use race conditions and
complicate loading plugins that are not simple paths. Ownership
and mode checks are still performed when loading the sudo.conf
and sudoers files, which do not suffer from race conditions.
The sudo.conf "developer_mode" setting is no longer used.
* Control characters in sudo log messages and "sudoreplay -l"
output are now escaped in octal format. Space characters in the
command path are also escaped. Command line arguments that
contain spaces are surrounded by single quotes and any literal
single quote or backslash characters are escaped with a backslash.
This makes it possible to distinguish multiple command line
arguments from a single argument that contains spaces.
* Improved support for DragonFly BSD which uses a different struct
procinfo than either FreeBSD or 4.4BSD.
* Fixed a compilation error on Linux arm systems running older
kernels that may not define EM_ARM in linux/elf-em.h.
GitHub issue #232.
* Fixed a compilation error when LDFLAGS contains -Wl,--no-undefined.
Sudo will now link using -Wl,--no-undefined by default if possible.
GitHub issue #234.
* Fixed a bug executing a command with a very long argument vector
when "log_subcmds" or "intercept" is enabled on a system where
"intercept_type" is set to "trace". GitHub issue #194.
* When sudo is configured to run a command in a pseudo-terminal
but the standard input is not connected to a terminal, the command
will now be run as a background process. This works around a
problem running sudo commands in the background from a shell
script where changing the terminal to raw mode could interfere
with the interactive shell that ran the script.
GitHub issue #237.
* A missing include file in sudoers is no longer a fatal error
unless the error_recovery plugin argument has been set to false.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 2 Mar 2023 10:14:16 +0000 (11:14 +0100)]
pango: Update to version 1.50.13
- Update from version 1.50.6 to 1.50.13
- Update of rootfile
- Changelog
Overview of changes in 1.50.13, 20-02-2023
- win32: Add back fallback for empty fontsets
- win32: Improve DirectWrite support
- Fix word segmentation for Japanese
- Don't set backspace-deletes-char for math symbols
- coretext: Fix a crash
- cairo: Apply metrics hinting to underlines too
- Treat COLRv1 fonts as color fonts
Overview of changes in 1.50.12, 18-11-2022
- Fix weight conversion on MacOS
- Update to Unicode 15
- Some introspection annotation fixes
- Improve PangoAttrList serialization
- Fix char offset calculatiosn in multi-paragraph
layouts
Overview of changes in 1.50.11, 03-10-2022
- Don't crash for lack of fonts
- Avoid a crash in shaping
Overview of changes in 1.50.10, 16-09-2022
- Avoid some unnecessary strdups
- Fix line height computations with a non-trivial CTM
Overview of changes in 1.50.9, 09-08-2022
- Apply show flags to line separators
- Fix a thread-safety problem
Overview of changes in 1.50.8, 02-07-2022
- Add some properties to fontmap and family
- Fix handling of ligature carets in mixed directions
Overview of changes in 1.50.7, 14-04-2022
- coretext: Fix the build
- editing: Fix moving across paragraph boundaries in rtl
- layout: Try harder to survive without fonts
- Windows: Register a sans-serif font
- Windows: Try harder to load a font
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 2 Mar 2023 10:14:15 +0000 (11:14 +0100)]
make: Update to version 4.4.1
- Update from version 4.4 to 4.4.1
- Update of rootfile not required
- Changelog
Version 4.4.1 (26 Feb 2023)
This release is primarily a bug-fix release.
A complete list of bugs fixed in this version is available here:
https://sv.gnu.org/bugs/index.php?group=make&report_id=111&fix_release_id=110&set=custom
* WARNING: Backward-incompatibility!
In previous releases it was not well-defined when updates to MAKEFLAGS made
inside a makefile would be visible. This release ensures they are visible
immediately, even when invoking $(shell ...) functions. Also, command line
variable assignments are now always present in MAKEFLAGS, even when parsing
makefiles.
Implementation provided by Dmitry Goncharov <dgoncharov@users.sf.net>
* New feature: Parallel builds of archives
Previously it was not possible to use parallel builds with archives. It is
still not possible using the built-in rules, however you can now override
the built-in rules with a slightly different set of rules and use parallel
builds with archive creation. See the "Dangers When Using Archives" section
of the GNU Make manual, and https://savannah.gnu.org/bugs/index.php?14927
* Previously target-specific variables would inherit their "export" capability
from parent target-specific variables even if they were marked private. Now
private parent target-specific variables have no affect. For more details
see https://savannah.gnu.org/bugs/index.php?61463
* Disable FIFO jobserver on GNU/Hurd and Cygwin
Experimentation shows that the new FIFO-based jobserver doesn't work well on
GNU/Hurd or Cygwin: revert these systems to use the pipe-based jobserver.
* Updates to allow building on OS/2
Provided by KO Myung-Hun <komh78@gmail.com>
* New platform: GNU Make is supported on z/OS
Thanks to Igor Todorovski <itodorov@ca.ibm.com> for the patches and testing
assistance.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
projects / people / stevee / ipfire-2.x.git / log
