Matthias Fischer [Mon, 10 Feb 2025 09:02:47 +0000 (10:02 +0100)]
vnstat: Update to 2.13
For details see:
https://humdi.net/vnstat/CHANGES
"- Fixed
- Opening of body html tag was missing on some pages in image output
example cgi (examples/vnstat.cgi)
- New
- Add database data merge support as --merge
- Add --db for specifying database file for queries (vnstat and vnstati)
- Add exit status 2 options to --alert for making it possible to
differentiate alerts from errors (exit status 1)
- Add --dbiflist also to vnstati command
- Image output example cgi (examples/vnstat.cgi) improvements
- Remove dependency to vnstat command
- Add option for selecting how many images are shown per row on the index
page when the database has more than one interface
- Add option for selecting which image output is used on the index page
when the database has more than one interface
- Add options for selecting which interfaces are shown or hidden from the
index page without disabling access to all interface specific page when
the database has more than one interface
- Harmonize layout style between pages"
this is needed for booting kvm machines in uEFI mode.
Currently we unpack the firmware from the debain binary package.
Maybee later we wuill compile self, but currently the needed compilers
are missing in the IPFire build environment.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The processes graph was removed some month ago but it was not correct cleaned.
I asume because the updater has cleaned the ramdisk but not the persistant copy.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 25 Jan 2025 09:28:42 +0000 (10:28 +0100)]
mc: Update to 4.8.33
For details see:
https://midnight-commander.org/wiki/NEWS-4.8.33
"Major changes since 4.8.32
Starting with this release, we will be using language features that require
a C99 compiler to build.
Core
Minimal version of Automake is 1.14 (#4604)
Upgrade C standard to C99 (#4604)
Support ksh variants as subshell (#3748)
Improve fish 4.0 shell support (#4597)
Add support for bash PROMPT_COMMAND being an array (#4599)
Don't override ENV variable for ash/dash subshell (#4605)
Don't disable verbose mode if tty baudrate can't be reliably determined
(#2452)
New keymap for vim users (#4588)
Misc
Code cleanup (#4572, #4593, #4595, #4598)
Adjust mc-wrappers to work with the new MC_TMPDIR creation logic (#4575)
Prefer console players for sound, images and video in non-graphical
sessions (#4479, #4596)
Support TERM=xterm-clear for FreeBSD users (#2633)
mc.ext.ini:
Support for Rust crates file format (#4609)
Support for OpenEmbedded ipk archives (#4626)
ext.d: select browser at runtime (#4615)
Move CI from Travis to GitHub Actions (#4170, #3738, #4602)
Fixes
Segfault if filter makes file panel empty (#4600)
Segfault in built-in help when going to the previous topic (#4627)
Incorrect handling of ext2 attributes of a directory (#4590)
Failed copy/move operations make ETA inaccurate (#3205, #4613, #4623)
Hotlist: use after free (#4621)
mc.ext.ini: typo for apt view command line (#4583)
mcedit: visual glitches if built with aspell, but libraries not
installed (#4576)
mcedit: segfault on new file creation (#4580)
mcedit: PageDown skips lines in edit window (#4617)
mcedit: cursor jumps during PageDown in edit window (#4618)
mvciew: false-positive regex search of BOL (#4587)
mcdiff: segmentation fault on empty files merge (#4608)
tar vfs: double free (#4616)
sftpfs vfs: use after free (#4620)
tests: fix charset-related code on non-glibc platforms (Alpine,
Illumos) (#3972, #4495)
tests: use weak symbols instead of symbol duplication to support
non-GNU linkers / macOS (#4584, #3542)"
Adolf Belka [Mon, 13 Jan 2025 21:41:08 +0000 (22:41 +0100)]
protobuf: Update to version 29.3
- Update from version 28.3 to 29.3
- Update of rootfile
- Changelog
29.3
Announcements
Protobuf News may include additional announcements or pre-announcements
for upcoming changes.
C++
Fix cmake installation location of java and go features (#19773) (1dc5842)
Other
Add .bazeliskrc for protobuf repo to tell bazelisk to use 7.1.2 by
default. (#19884) (9a5d2c3)
Update artifact actions to v4 (#19703) (8e7e6b0)
29.2
Announcements
Protobuf News may include additional announcements or pre-announcements
for upcoming changes.
C++
Automated rollback of commit 23aada2. (#19692) (1772657)
Remove unused / invalid C++ lazy repeated field code from OSS. (#19682)
(3649f87)
Java
Automated rollback of commit 23aada2. (#19692) (1772657)
Other
Export environment variables so bazelisk picks them up (#19690) (8b9d76c)
Pin staleness check to Bazel 7 (#19689) (a1c9b6a)
Remove CMake downgrade workaround from Windows CI tests (#19630) (3a7bb4a)
29.1
Announcements
Protobuf News may include additional announcements or pre-announcements
for upcoming changes.
Java
Rename maven to protobuf_maven in MODULE.bazel (#18641) (#19477) (ba6da44)
Kotlin
Rename maven to protobuf_maven in MODULE.bazel (#18641) (#19477) (ba6da44)
Python
Revert "Remove deprecated service.py usages from test". For 29.x only
(#19434) (5864b50)
29.0
Announcements
Protobuf News may include additional announcements or pre-announcements
for upcoming changes.
Bazel
Add missing line to docstring after Args (#19213) (6f310d5)
Fix proto_info_bzl (#18918) (083de5f)
Use rules_cc everywhere in protobuf (ddadd0b)
Upgrade rules_cc to 0.0.13 (3dd4835)
Convert proto toolchain string to Label (aa181e2)
Prepare supporting targets for testing (a748b10)
Support --incompatible_enable_proto_toolchain_resolution (372ddb3)
Move ProtoInfo and ProtoLangToolchainInfo from Bazel (426ca8a)
Move java_{lite_}proto_library from Bazel repository (d77bdac)
Move proto_toolchain from rules_proto to protobuf (9f9cb7a)
Move proto_library from Bazel repository (3ff2cf0)
Move proto_common implementation from Bazel binary (b19fbe6)
Compiler
Begin adding extension numbers to SourceCodeInfo and FileDescriptorSet for
tooling purposes. (07e489d)
Update protoc release to include editions language features proto for Go
(#19013) (63d966b)
Introduce lifetimes for individual feature values. (0b6e768)
Windows - Fix handling of utf8 command line arguments (#17854) (b9d1800)
Limit feature deprecation warnings to reduce noise. (5cd9a46)
C++
Fix C++ ifndef_guard printer to also convert "-" to "_". (7331b77)
Fix C++ codegen namespace printer to print closing namespaces in reverse
order. (3bf9c40)
Fix raw_ptr.cc on exotic architectures (#18193) (63f6262)
Fix cord handling in DynamicMessage and oneofs. (9e8b30c)
Fix packed reflection handling bug in edition 2023. (4c92328)
Add JsonStreamToMessage method (0259cc3)
Introduce lifetimes for individual feature values. (0b6e768)
Insert software prefetches into merge functions. This improves performance
when hardware prefetchers are disabled on AMD machines. (d993365)
Insert software prefetches into proto parsing functions. This improves
performance when hardware prefetchers are disabled on AMD platforms.
(8aa0add)
Add prefetching of subsequent extensions in ExtensionSet::ForEach. (9b019ee)
Remove the AnyMetadata class and use free functions instead. (920d5c3)
Add [[deprecated]] attribute when generating enums and classes. (23aada2)
Use linear search instead of binary search in flat mode of ExtensionSet.
(0ed61f0)
Prepare MessageLite::GetTypeName to be upgraded to return (30a8ef5)
Limit feature deprecation warnings to reduce noise. (5cd9a46)
Add Compiler Condition to use inline assembly optimizations with ARM64 for
Compatibility with MSVC (#17671) (c5f6231)
Enable small object optimization (SOO) for RepeatedField in order to
reduce data indirections. (e2525e6)
Return backing array memory to arena in ExtensionSet. (5ac8ee1)
In edition 2024, Enum_Name(value) functions return absl::string_view by
default. (e3fa6aa)
Add Prefetchers to Proto Copy Construct to help address load misses (cdb7238)
Reduced nesting in GenerateByteSize: slight readability improvements in
generated code. (162a740)
Introduce FieldDescriptor::cpp_string_type() API to replace direct ctype
inspection which will be removed in the next breaking change (d0e49df)
Update the comment of TextFormat::Printer::RegisterMessagePrinter that the
method takes ownerhip of the printer pointer. (d911161)
Prepare the code for migrating return types from const std::string& to
(e13b8e9)
Java
Remove deprecation warnings for Timestamp and Duration add/subtract/between
that we do not yet have alternatives to. (f606c13)
[29.x] Add missing java load (#19016) (bb287be)
Give Kotlin jars an OSGi Manifest (#18812) (0c51eba)
Re-export includingDefaultValueFields in deprecated state for important
Cloud customer. (7321b2f)
Restore compatibility with 3.22 gencode by re-adding mutableCopy helpers
(1b1e90b)
Speed up CodedOutputStream by extracting rarely-executed string formatting
code (f8f5136)
Return constant Value objects for true, false, and "" (4fbb0c5)
Optimise CodedOutputStream.ArrayEncoder.writeFixed32NoTag/writeFixed64NoTag
(a51f98c)
CodedOutputStream: avoid updating position to go beyond end of array.
(76ab5f2)
Convert IndexOutOfBoundsException to OutOfSpaceException in
UnsafeDirectNioEncoder (0e75d92)
Suppress ReturnValueIgnored errorprone issues (bbbc7b9)
Fix packed reflection handling bug in edition 2023. (4c92328)
Move cc_proto_library from Bazel repository (5254448)
Protobuf Lite ArrayLists: Defer allocating backing array until we have
some idea how much to allocate. (05a8a40)
Allocate correct-sized array when parsing packed fixed-width primitives
(4e8469c)
Bugfix: Make extensions beyond n=16 immutable. (ee419f2)
Reserve capacity in ProtobufArrayList when calling
Builder.addAllRepeatedMessage(Collection) (e3cc31a)
Avoid allocating iterators when calling
Message.Builder.addAllFoo(RandomAccess List) (bd1887e)
Remove the AnyMetadata class and use free functions instead.
(https://github.com/protocolbuffers/protobuf/com...
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 13 Jan 2025 21:41:07 +0000 (22:41 +0100)]
postfix: Update to version 3.9.1
- Update from version 3.9.0 to 3.9.1
- Update of rootfile not required
- Changelog
3.9.1
The mail_version configuration parameter did not have a three-number value
(3.9 instead of 3.9.0; it still had the two-number version from the
development releases postfix-3.9-yyyymmdd). This broke pathnames derived
from the mail_version value, such as shlib_directory. Problem reported by
Michael Orlitzky.
Bugfix (defect introduced: Postfix 2.9, date 20111218): with
"smtpd_sasl_auth_enable = no", the permit_sasl_authenticated feature
ignored information that was received with the XCLIENT LOGIN command, so
that the client was treated as unauthenticated. This was fixed by removing
an unnecessary test. Problem reported by Antonin Verrier.
Bugfix (defect introduced: postfix 3.0): the default master.cf syslog_name
setting for the relay service did not preserve multi-instance information,
which complicated logfile analysis. Found during a support discussion.
Bugfix (defect introduced: Postfix 2.3, date 20051222): file descriptor
leak after failure to connect to a Dovecot auth server. The impact is
limited because Dovecot auth failures are rare, there are limits on the
number of retries (one), on the number of errors per SMTP session
(smtpd_hard_error_limit), on the number of sessions per SMTP server
process (max_use), and on the number of file handles per process (managed
with sysctl). Found during code maintenance.
Bugfix (defect introduced: Postfix 3.4, date 20190121): the postsuper
command failed with "open logfile '/path/to/file': Permission denied" when
the maillog_file parameter specified a filename and Postfix was not
running. This was fixed by opening the maillog_file before dropping root
privileges. Found during code maintenance.
Bugfix (defect introduced Postfix 3.0). No autodetection of UTF8 text when
missing message headers were automatically added by Postfix (for example,
a From: header with UTF8 full name information from the password file).
This caused Postfix to send UTF8 in message headers without using the
SMTPUTF8 protocol. Problem reported by Michael Tokarev.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 13 Jan 2025 21:41:06 +0000 (22:41 +0100)]
frr: Update to version 10.2.1
- Update from version 10.1 to 10.2.1
- Update of rootfile not required
- Changelog
10.2.1
Fixed CVE-2024-55553
More details: https://frrouting.org/security/cve-2024-55553
Bug Fixes
bfdd
retain remote dplane client socket
bgpd
Fix to pop items off zebra_announce FIFO for few EVPN triggers
Check if as_type is not specified when peer is a peer-group member
Do not reset peers on suppress-fib toggling
Fix bgp core with a possible Intf delete
Fix enforce-first-as per peer-group removal
Fix evpn bestpath calculation when path is not established
Fix graceful-restart for peer-groups
Fix memory leak when creating BMP connection with a source interface
Fix memory leak when reconfiguring a route distinguisher
Fix unconfigure asdot neighbor
Fix use single whitespace when displaying flowspec entries
Fix version attribute is an int, not a string
Import allowed routes with self AS if desired
Initialize as_type for peer-group as AS_UNSPECIFIED
Use gracefulRestart JSON field
Validate both nexthop information (NEXTHOP and NLRI)
Validate only affected RPKI prefixes instead of a full RIB
When calling bgp_process, prevent infinite loop
lib
Allow setsockopt functions to return size set
Fix session re-establishment
Take ge/le into consideration when checking the prefix with the prefix-list
Use backoff setsockopt option for freebsd
ospfd
OSPF multi-instance default origination fixes
pimd
Fix access-list memory leak in pimd
Free igmp proxy joins on interface deletion
igmp proxy joins should not be written as part of config
Prevent crash of pim when auto-rp's socket is not initialized
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 13 Jan 2025 21:41:04 +0000 (22:41 +0100)]
fetchmail: Update to version 6.5.2
- Update from version 6.4.39 to 6.5.2
- Update of rootfile not required
- Changelog
6.5.2
ADVANCE WARNING OF FEATURES TO BE REMOVED OR CHANGED IN FUTURE VERSIONS
(There are no plans to remove features from a 6.5.X release, but they may be
removed from a 6.6.0 or newer release.)
* Support for operating systems that are not sufficiently POSIX compliant may be
removed or operation on such systems may be suboptimal for future releases.
* Future fetchmail releases may require compilers and operating systems
that adhere to standards issued 2011 or later. (See README for requirements.)
* Future fetchmail releases may tighten up security and lean towards
it a bit more by, for instance, implementing recommendations from
RFC-7817 or RFC-8314. This may, for instance, require that TLS v1.1
or newer be used.
* The MX and host alias DNS lookups that fetchmail performs in multidrop mode
are based on assumptions that are rarely met in practice, somewhat defective,
deprecated and may be removed from a future fetchmail version.
They have never supported IPv6 (including IPv6-mapped IPv4).
Non-DNS based alias keywords such as "aka" will remain in fetchmail.
* The monitor and interface options may be removed from a future fetchmail
version as they are not reasonably portable across operating systems.
* POP2 is obsolete, support will be removed from a future fetchmail version.
* IMAP2 and IMAP4 (not IMAP4r1) are obsolete, support may be removed from a
future fetchmail version.
* RPOP is obsolete, support will be removed from a future fetchmail release.
* The multidrop To/Cc guessing code along with the fragile duplicate suppressor
is deprecated and may be removed from a future release.
* The "envelope Received" option may be removed from a future release, because
the Received header was never meant to be machine-readable, the format varies
widely, and various other differences in behavior make parsing Received an
unreliable undertaking. The envelope option as such will remain though, in
order to support Delivered-To, X-Envelope-To, X-Original-To and similar.
See also <http://home.pages.de/~mandree/mail/multidrop>.
* The "protocol auto" default inside fetchmail may be removed from a future
fetchmail release. Explicit configuration of the protocol is recommended.
* Kerberos IV support may be removed from a future fetchmail release.
* Kerberos 5 support may be removed from a future fetchmail release.
(Although GSS-API support should remain as long as it's viable.)
* The --principal option may be removed from a future fetchmail release.
* SIGHUP wakeup support may be removed from a future fetchmail release and
cause fetchmail to terminate - it was broken for many years.
* The maintainer may migrate fetchmail to C++, and impose further requirements
(dependencies), such as Boost or other class libraries.
* The softbounce option default will change to "false" in the next release.
* The --bsmtp - mode of operation may be removed in a future release.
* Fetchmailconf is deprecated and will be removed from a future release.
* Fetchmail does not guarantee compatibility with EOL OpenSSL versions. Support
for end-of-life OpenSSL versions may be removed even from patchlevel releases.
* Nonstandard or by today's standards insufficiently secure authentication
schemes (such as OPIE, RPA) may be removed from future fetchmail versions.
* Nonstandard protocol extensions (such as SDPS/*ENV) may be removed from future
fetchmail versions.
* --auth ssh may be removed from future fetchmail versions. Use --auth implicit.
* Future fetchmail releases (even minor ones) may change undocumented parts of
the .netrc parser in incompatible ways to enhance compatibility with typical
ftp(1) .netrc parsers.
KNOWN BUGS AND WORKAROUNDS
* Fetchmail does not handle messages without Message-ID header well
(See sourceforge.net bug #780933)
* Fetchmail currently uses 31-bit signed integers in several places
where unsigned and/or wider types should have been used. Please report
issues with this.
* BSMTP is mostly untested and errors can cause corrupt output.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
no or no global IPv6 addresses are configured.
(No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
messages. This will not be fixed, because the maintainer has no Kerberos 5
server to test against. Use GSSAPI.
* For IMAP connections, fetchmail will print "will idle after poll" in
verbose mode even though --idle is not given, as an artifact of the 6.4.22
security fixes. Fetchmail means "could idle after poll", but this would
have required another loop through the translators.
* aka ... hostnames are not considered for upstream server X.509 certificate
verification, aka was meant for alias detection with multidrop mailboxes.
* When compiled against wolfSSL, note that it is not a feature-complete
emulation of OpenSSL. Main functionality is given, but some minor details
may not work the same as in OpenSSL builds.
* When compiled against LibreSSL (due to licensing, this only works on OpenBSD
where LibreSSL is part of the OS), note that LibreSSL is somewhat behind
recent OpenSSL versions, so prefer OpenSSL to LibreSSL if you can.
* FreeBSD's OPIE implementation cannot be found when using a C++ compiler.
This should not affect the normal build, which uses a C compiler.
* Using ccache may trigger "implicit fallthrough" warnings because
the comments that, for instance, GCC understands, are removed by ccache's
separate preprocessing. Fixing this portably requires C++17.
* Fetchmail's RFC-2047 encoder (used for localized Subject: lines of locally-
originated e-mail messages) is simplistic and violates the RFC-2047
requirement that multibyte characters must not be split across
encoded-words.
TRANSLATIONS: fetchmail's translations were updated, courtesy of:
* cs: Petr Pisar [Czech]
* sr: Мирослав Николић (Miroslav Nikolić) [Serbian]
CHANGES:
* Minor documentation consistency fixes (versions, dates).
6.5.1
BUG AND PORTABILITY FIXES:
* Drop two wolfSSL compile-time checks that were for older 6.4 or for future
7.0 releases and broke compilation with wolfSSL 5.7.4.
Fixes https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282413#c4
* Use %p instead of non-portable %#p for one wolfSSL-related diagnostic message
(FreeBSD defines %#p to be %p, on many other platforms it's undefined
behavior).
* Add regex_helper.c to list of files that contain translatable strings,
which contains two strings we missed to translate.
CHANGES:
* Simplify EVP_MD_fetch API detection ("like OpenSSL 3" vs. "like OpenSSL 1")
for version switch and base it on the claimed OpenSSL version of the crypto
SSL, which works for LibreSSL (claims OpenSSL 2) and wolfSSL alike.
TRANSLATIONS: fetchmail's messages were translated by these fine people:
* sq: Besnik Bleta [Albanian]
* es: Cristian Othón Martínez Vera [Spanish]
* ro: Remus-Gabriel Chelu [Romanian]
* fr: Frédéric Marchal [French]
* pl: Jakub Bogusz [Polish]
* sv: Göran Uddeborg [Swedish]
* ja: Takeshi Hamasaki [Japanese]
* eo: Keith Bowes [Esperanto]
6.5.0
SECURITY FIX:
* .netrc now may not have more than 0700 permission if it contains passwords,
else fetchmail will warn and ignore the file.
REMOVED FEATURES
* fetchmail no longer supports using an MDA as SMTP fallback. This is required
to make deliveries consistent.
The --enable-fallback configure option is gone.
* fetchmail no longer supports SSLv3. --sslproto ssl3 and ssl3+ options have
been removed and behave as though "--sslproto auto" had been given.
INCOMPATIBLE CHANGES
* fetchmail by default only negotiates TLS v1.2 or higher. (RFC-7525)
* fetchmail can auto-negotiate TLS v1.1 through the --sslproto tls1.1+ option.
* fetchmail can auto-negotiate TLS v1.0 through the --sslproto tls1+ option.
* fetchmailconf now requires Python 3.7.0 or newer.
* fetchmail, with --logfile, now logs time stamps into the file, in localtime
and in the format "Jun 20 23:45:01 fetchmail: ". It will be localized through
the environment variables LC_TIME (or LC_ALL) and TZ.
Contributed by Holger Hoffstätte.
* fetchmail sets the OPENSSL security level to 2 by default.
Override is possible from an environment variable,
see EXPERIMENTAL CHANGES below.
* The ca, da, en_GB, id, it, nl, ru, zh_CN translations have been disabled,
they are too far behind.
CHANGED REQUIREMENTS
* fetchmail 6.5.0 is written in C99 and requires a SUSv3 (Single Unix
Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
XSI extension) compliant system.
In particular, older fetchmail versions had workarounds or replacement code
for several functions standardized in the Single Unix Specification v3, these
have been removed. Hence:
- The trio/ library has been removed from the distribution.
- The libesmtp/getaddrinfo.? library has been removed from the distribution.
- The KAME/getnameinfo.c file has been removed from the distribution.
* fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL or wolfSSL,
at a minimum OpenSSL v3.0.9 or wolfSSL v5.7.2.
TRANSLATIONS: fetchmail's messages were translated by these fine people:
* cs: Petr Pisar [Czech]
* eo: Keith Bowes [Esperanto]
* es: Cristian Othón Martínez Vera [Spanish]
* fr: Frédéric Marchal [French]
* ja: Takeshi Hamasaki [Japanese]
* ro: Remus-Gabriel Chelu [Romanian]
* sv: Göran Uddeborg [Swedish]
* sq: Besnik Bleta [Albanian]
* pl: Jakub Bogusz [Polish]
BUG FIXES
* fetchmail can now report mailbox sizes of 2^31 octets and beyond (2 GibiB).
This required C99 support (for the long long type).
Fixes Debian Bug#873668, reported by Andreas Schmidt.
* fetchmail now defines its OpenSSL API level to 3.0.0 so as to expose the
3.0.0 APIs from OpenSSL.
* The .netrc parser no longer permits "machine" after "default".
* Add manpage info on the .netrc syntax, as ftp(1) is not standardized and
may not be installed. Fixes Launchpad Bug #1976361 reported by Bill Yikes.
* Received: lines now return GMT time if the tzoffset cannot be represented
as whole minutes. Reported by @rriddicc via Gitlab #49.
* If fetchmail was running localized, generated an error e-mail message locally,
and if the selected translation would require the Subject: line to wrap
inside an RFC-2047 encoded word (=?UTF-8?Q?...?=), the wrapped encoded-word
was not indented, thus not marked as a continuation line.
* SSL error handling was improved, fetchmail now consistently clears the
thread/SSL error queue before SSL I/O operations and checks SSL_get_error
afterwards. The SSL_connect() error handling has been revised to log more
consistently.
CHANGES
* When fetchmail attempts to log out from an IMAP4 server and the server messes
up its responses (it is supposed to send an untagged * BYE and a tagged
A4711 OK) and sends a tagged A4711 BYE response, tolerate that, rather than
reporting a protocol error. We don't intend to chat any more so the protocol
violation is harmless, and we know the server cannot send more untagged
status responses.
Analysis and fix courtesy of Maciej S. Szmigiero, GitLab merge request !20.
* The configure script now spends more effort for getting --with-ssl right, by
running pkg-config in the right environment, and using the AC_LIB_LINKFLAGS
macro to obtain run-time library path setting flags.
* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
do not match, emit a warning and continue. Closes Gitlab #31.
* There is now a --idletimeout feature contributed by Eric Durand, to
permit setting a shorter timeout for the --idle option, because many
servers violate the protocol (requiring 30 minutes) and hang up sooner than
the 28 minutes fetchmail waits before refreshing IDLE.
GitLab merge request !35.
* There is now a --forceidle feature to force idle mode even if not advertised
in the server capabilities. This is a dangerous option, use it carefully.
Courtesy of Eric Durand, GitLab merge request !39.
* There is now a --moveto feature (only feasible in IMAP) that, instead of
flushing mail, moves it to a user-specified folder. This is to assist with
archiving, or when providers (G...) break the IMAP model.
Courteously provided by Damjan Jovanovic.
* rcfile parsing errors are now reported in more detail, and with -vv mode,
also lead to a non-importable Python dump of what was obtained, for debugging.
* fetchmail's --auth option ssh was renamed to implicit, to make clear that it
does *NOT* imply any particular type or features of the --plugin. --auth ssh
will be understood for a while for compatibility but fetchmail will report it
as implicit.
* fetchmail no longer warns about port/service mismatches with/without ssl
option when a "plugin" is in use because fetchmail cannot know whether the
plugin talks SSL or STARTTLS/STLS. Fixes Debian Bug#1076604.
* fetchmail re-executes itself if the .netrc file's modification change
is found to be newer at the beginning of a new run.
* fetchmail can now use other digest algorithms than MD5 for the
--sslfingerprint option. To use, specify the algorithm's name in
curly braces as prefix in the finger print, say,
--sslfingerprint '{SHA256}00:01:[...]:1F'. This will also switch the
algorithm for printing. All algorithms supported by the TLS/SSL library
can be specified. Fixes Gitlab issue #19, Debian Bug#700266.
EXPERIMENTAL CHANGES - these are not documented anywhere else, only here:
* fetchmail supports a FETCHMAIL_SSL_SECLEVEL environment variable that
can be used to override the OpenSSL security level. Fetchmail by default
raises the security level to 2 if lower. This variable can be used to lower it.
Use with extreme caution. Note that levels 3 or higher will frequently cause
incompabilities with servers because server-side data sizes are often too low.
Valid range: 0 to 5 for OpenSSL 1.1.1 and 3.0.
* fetchmail supports a FETCHMAIL_SSL_CIPHERS environment variable that
sets the cipher string (through two different OpenSSL functions) for SSL and
TLS versions up to TLSv1.2.
If setting the ciphers fails, fetchmail will not connect.
If not given, defaults to Postfix's "medium" list,
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH".
* fetchmail supports a FETCHMAIL_TLS13_CIPHERSUITES environment variable
that sets the ciphersuites (a colon-separated list, without + ! -) for
TLSv1.3. If not given, defaults to OpenSSL's built-in list. If setting the
ciphersuites fails, fetchmail refuses to connect.
* NOTE the features above are simplistic. For instance, even though you
configure --sslproto tls1.3, a failure to set tls1.2 ciphers could cause
a connection abort.
* fetchmail can be built with meson 1.30 or newer <https://mesonbuild.com/>.
fetchmail is not currently written in a way that supports unity
(amalgamated) builds.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 13 Jan 2025 21:41:03 +0000 (22:41 +0100)]
dnsdist: Update to version 1.9.8
- Update from version 1.9.7 to 1.9.8
- Update of rootfile not required
- Changelog
1.9.8
Improvements
Add the ability to load a given TLS tickets key
References: pull request 14877
Custom metrics: better error messages, small doc improvements
References: pull request 14978
Add elapsed time to dq object (@phonedph1)
References: pull request 14887
Bug Fixes
setTicketsKeyAddedHook: pass a std::string to the hook to avoid luawrapper
to truncate content at potential null chars
References: pull request 14878
Fix ECS zero-scope caching with incoming DoH queries
References: #14959, pull request 14977
Allow resetting setWeightedBalancingFactor() to zero
References: pull request 14929
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 13 Jan 2025 21:40:30 +0000 (22:40 +0100)]
qemu: Update to version 9.2.0
- Update from version 9.0.2 to 9.2.0
- Update of rootfile
- Changelog
9.2.0
https://wiki.qemu.org/ChangeLog/9.2
9.1.0
https://wiki.qemu.org/ChangeLog/9.1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 13 Jan 2025 12:24:42 +0000 (13:24 +0100)]
backup-exclude: Add suricata ruleset-sources to backup exclude file
- This will ensure that an old version will no longer be restored back onto a users
system.
- The suricata ruleset-sources file should also be shipped in the CU that this will be
applied to make sure that all usders have the correct version installed, in case they
have done a restore from an old backup after doing a fresh install.
- Tested on my vm testbed system and after making the change, the ruleset-sources file
is no longer added to the backup set but also it is excluded from the restore if it
is included in an old backup.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 11 Jan 2025 14:43:33 +0000 (15:43 +0100)]
tshark: Update to version 4.4.3
- Update from version 4.4.2 to 4.4.3
- Update of rootfile
- Changelog
4.4.3
Bug Fixes
Potential mis-match in GSM MAP dissector for uncertainty radius and its
filter key. Issue 20247.
Macro eNodeB ID and Extended Macro eNodeB ID not decoded by User Location
Information. Issue 20276.
The NFSv2 Dissector appears to be swapping Character Special File and
Directory in mode decoding. Issue 20290.
CMake discovers Strawberry Perl’s zlib DLL when it shouldn’t. Issue 20304.
VOIP Calls call flow displaying hours. Issue 20311.
Fuzz job issue: fuzz-2024-12-26-7898.pcap. Issue 20313.
sFlow: Incorrect length passed to header sample dissector. Issue 20320.
wsutil: Should link against -lm due to missing fabs() when built with
-fno-builtin. Issue 20326.
Updated Protocol Support
ARTNET, ASN.1 PER, BACapp, BBLog, BT BR/EDR RF, CQL, Diameter, DOF,
ECMP, FiveCo RAP, FTDI FT, GSM COMMON, GTPv2, HCI_MON, HSRP, HTTP2,
ICMPv6, IEEE 802.11, Kafka, LTE RRC, MBIM, MMS, Modbus/TCP, MPEG PES,
NAS-EPS, NFS, NGAP, NR RRC, PLDM, PN-DCP, POP, ProtoBuf, PTP, RLC, RPC,
RTCP, sFlow, SIP, SRT, TCP, UCP, USBCCID, Wi-SUN, and ZigBee ZCL
New and Updated Capture File Support
CLLog EMS ERF
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 11 Jan 2025 14:43:32 +0000 (15:43 +0100)]
samba: Update to version 4.21.3
- Update from version 4.21.2 to 4.21.3
- Update of rootfile not required
- Changelog
4.21.3
* BUG 15701: More possible replication loops against Azure AD.
* BUG 15697: Compound rename from Mac clients can fail with
NT_STATUS_INTERNAL_ERROR if the file has a lease.
* BUG 15724: vfs crossrename seems not work correctly.
* BUG 6750: After 'machine password timeout' /etc/krb5.keytab is not updated.
* BUG 15771: Memory leak wbcCtxLookupSid.
* BUG 15765: Fix heap-user-after-free with association groups.
* BUG 15758: Segfault in vfs_btrfs.
* BUG 15755: Avoid event failure race when disabling an event script.
* BUG 15724: vfs crossrename seems not work correctly.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 11 Jan 2025 14:43:31 +0000 (15:43 +0100)]
nettle: Update to version 3.10.1
- Update from version 3.10 to 3.10.1
- Update of rootfile
- Changelog
3.10.1
This is a maintenance release, with only a few bugfixes and
portability improvements.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.10 and libhogweed.so.6.10, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fix buffer overread in the new sha256 assembly for
powerpc64, as well as a stack alignment issue.
* Added missing nettle_mac structs for hmac-gosthash.
* Fix configure test for valgrind, to not attempt to run
valgrind on executables built using memory sanitizers.
Optimizations:
* Improved runtime detection of cpu features for OpenBSD and
FreeBSD, using elf_aux_info when available. This also adds
runtime detection for FreeBSD on arm64. Contributed by Brad
Smith.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 11 Jan 2025 14:43:30 +0000 (15:43 +0100)]
nano: Update to version 8.3
- Update from version 8.2 to 8.3
- Update of rootfile not required
- Changelog
8.3
• A build failure with gcc-15 is fixed.
• Several translations were updated.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 11 Jan 2025 14:43:29 +0000 (15:43 +0100)]
mdadm: Update to version 4.4
- Update from version 4.3 to 4.4
- Update of rootfile not required
- mdadm has been formally moved to github.
- Changelog
4.4
Features:
- Remobe custom bitmap file support from Yu Kuai.
- Custom device policies implementation from Mariusz Tkaczyk.
- Self encrypted drives (**SED**) support for IMSM metadata from Blazej Kucman.
- Support more than 4 disks for **IMSM** RAID10 from Mateusz Kusiak.
- Read **IMSM** license information from ACPI tables from Blazej Kucman.
- Support devnode in **--Incremental --remove** from Mariusz Tkaczyk.
- Printing **IMSM** license type in **--detail-platform** from Blazej Kucman.
- README.md from Mariusz Tkaczyk and Anna Sztukowska.
Fixes:
- Tests improvements from Xiao Ni and Kinga Stefaniuk.
- Mdmon's Checkpointing improvements from Mateusz Kusiak.
- Pass mdadm environment flags to systemd-env to enable tests from Mateusz Kusiak.
- Superblock 1.0 uuid printing fixes from Mariusz Tkaczyk.
- Find VMD bus manually if link is not available from Mariusz Tkaczyk.
- Unconditional devices count printing in --detail from Anna Sztukowska.
- Improve SIGTERM handling during reshape, from Mateusz Kusiak.
- **Monitor.c** renamed to **Mdmonitor.c** from Kinga Stefaniuk.
- Mdmonitor service documentation update from Mariusz Tkaczyk.
- Rework around writing to sysfs files from Mariusz Tkaczyk.
- Drop of HOT_REMOVE_DISK ioctl in Manage in favour of sysfs from Mariusz Tkaczyk.
- Delegate disk removal to managemon from Mariusz Tkaczyk.
- Some clean-ups of legacy code and functionalities like **--auto=md** from Mariusz Tkaczyk.
- Manual clean-up, references to old kernels removed from Mariusz Tkaczyk.
- Various static code analysis fixes.
In this release we created github repository and allowed participation through
Github. It allowed us to use Github actions adn create CI. Currently, we have:
- Compilation tests with various gcc.
- **mdadm** tests.
- Checkpatch test.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 11 Jan 2025 14:43:27 +0000 (15:43 +0100)]
libpng: Update to version 1.6.45
- Update from version 1.6.44 to 1.6.45
- Update of rootfile
- Changelog
1.6.45
Added support for the cICP chunk.
(Contributed by Lucas Chollet and John Bowler)
Adjusted and improved various checks in colorspace calculations.
(Contributed by John Bowler)
Rearranged the write order of colorspace chunks for better conformance
with the PNG v3 draft specification.
(Contributed by John Bowler)
Raised the minimum required CMake version from 3.6 to 3.14.
Forked off a development branch for libpng version 1.8.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 11 Jan 2025 14:43:25 +0000 (15:43 +0100)]
fping: Update to version 5.3
- Update from version 5.2 to 5.3
- Update of rootfile not required
- Changelog
5.3
New features
- New option --icmp-timestamp to send ICMP timestamp requests (ICMP type 13)
instead of ICMP Echo requests (#353 #363, thanks @auerswal and @gsnw-sebast)
- New option --print-ttl to print returned TTL value (#354, thanks @nalves599)
- New option --print-tos to print returned TOS value (#335 #346 #347, thanks
@auerswal and @gsnw-sebast)
- New option --check-source (#334, thanks @auerswal)
- Predefined various timestamp formats (#321, thanks @auerswal and @gsnw-sebast)
- Print cumulative stats with -Q SECS,cumulative (#315, thanks @auerswal)
Bugfixes and other changes
- ci: Upgrade actions/upload-artifact to v4 (#360, thanks @gsnw-sebast)
- ci: Azure Pipeline only trigger when changes are made in the development branch
(#359, thanks @gsnw-sebast)
- ci: Upgrade actions/upload-artifact to v3 (#355, thanks @pevik)
- ci: Azure Pipeline YAML add docker build (#354, thanks @gsnw-sebast)
- Dockerfile: change distribution from ubuntu to debian (#350, thanks
@gsnw-sebast)
- Fix warning unused parameter 'reply_timestamp' under macOS (#348, thanks
@gsnw-sebast)
- Fix increase maximum -s value to 65507 (#344, thanks @pevik)
- ci: use File::Temp to create temporary directory (#343, thanks @auerswal)
- Fix -k, --fwmark with setuid fping executable (#342, thanks @auerswal)
- Another batch of additional tests (take 2) (#341, thanks @auerswal)
- Document that -a and -u are overridden by -c and -C (#338, thanks @auerswal)
- Fix macOS build warning sets SEQMAP_TIMEOUT_IN_NSSEQMAP_TIMEOUT_IN_NS as INT64_C
(#336, thanks @gsnw-sebast)
- Fix inconsistent limits for address generation via -g, --generator using either
range or CIDR (#331, thanks @auerswal)
- Some additional tests (#329, thanks @auerswal)
- ci: skip an unreliable test on macOS (#328, thanks @auerswal)
- Fix incorrect return-value check for a scanf like function (CWE-253) (#323,
thanks @gsnw-sebast)
- A few more tests to increase code coverage a little bit (#320, thanks @auerswal)
- Github fix: Change to codeql-action-v2 (#319, thanks @gsnw-sebast)
- Developer function: Debug with Visual Studio Code (#318, thanks @gsnw-sebast)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 11 Jan 2025 14:43:24 +0000 (15:43 +0100)]
e2fsprogs: Update to version 1.47.2
- Update from version 1.47.1 to 1.47.2
- Update of rootfile not required
- Changelog
1.47.2
UI and Features
Drop the tune2fs -r option and replace it with -E revision=<fs-rev>.
Revision 0 file systems are needed for compatibility with pre-1995 Linux
kernels (older that version 1.2). Most of the time, users shouldn't be
using the -r option and they can confuse themselves and end up creating
a file system that is missing most modern ext4 features, including no
online resizing, no support for post-2038 timestamps, etc. (Addresses
Debian Bug #1086603)
Add support for gnu.translator extended attributes in tar files fed to
mke2fs -d. (Addresses Github issue
https://github.com/tytso/e2fsprogs/issues/192)
Add a debugfs command to list all of the inodes in the orphan list.
Fixes
Fix orphan_file support on big endian systems.
Fix resize2fs to update the checksums in blocks belonging to the orphan
file if it needs to move them.
Fix e2fsck to clear the orphan file after processing it so that e2fsck
-E journal_only doesn't leave the file system in a corrupted state.
Avoid a spurious failure in badblocks when -n or -w is specified twice.
(Addresses Debian Bug #1087341)
Fix a bug where e2fsck could skip checking a file systems with the
orphan_file feature if there are orphaned files that need to be cleaned
up. (Addresses Red Hat Bugzilla 2318710, SuSE Bugzilla #1226043)
Tune2fs will now upgrade a revision 0 file system to revision 1 before
trying to change the inode size. Otherwise, this could result in a
corrupted file system.
Fix fuse2fs --helpfull so that it displays the full help message.
Allow resize2fs to perform an offline resize past the 256 TiB boundary
(which the kernel could do as part of an online resize).
Performance, Internal Implementation, Development Support etc.
Fix various Coverity and compiler warnings.
Speed up tune2fs -g when the group is not changed by the command.
Fix build failures on GCC 15 due to it switched to using -std=c23 by
default. (Addresses https://github.com/tytso/e2fsprogs/issues/202)
Fix build failure when linking fuse2fs with old (2.9.9) version of
libfuse2 on aarch64. This hack was needed to fix a regression caused by
another hacky workaround needed to work around a build failure on
mipsel64 thanks to glibc using different struct stat layouts depending
_FILE_OFFSET_BITS is set and this caused failures when dynamic linking
against libarchive on Debian's mipsel64. (Sigh.)
Fix unused parameter warnings for packages which including ext2fs.h.
(Addresses Debian Bug #1082500)
Fix bug where packages including ext2fs.h would get the 32-bit versions
of the timestamp routines even on 64-bit platforms due to a missing
SIZEOF_TIME_T autoconf definiton in public_config.h.
Teach dumpe2fs and e2mmpstatus to support LABEL= and UUID= specifiers
since the e2mmpstatus man page claims that it supports LABEL= and UUID=.
This support was accidentally dropped when e2mmpstatus was reimplemented
in terms of dumpe2fs. (Addresses
https://github.com/tytso/e2fsprogs/issues/106)
Suppress mke2fs's "Creating regular file" message when the -q option is
in force.
Enable Continuous Integration testing in Debian's Salsa forge.
Fix a memory leak in oss-fuzz test programs.
Provide fuseext2 to replace the debian package src:fuse-umfuse-ext2.
(Addresses Debian Bug #1085590, #1088838)
In the Debian package for e2fsprogs, add a suggestion to install the
package libarchive13t64. (Addresses DebianBug #1089085)
In the Debian package for e2fsprogs, decrease the priority from required
to important. (Addresses Debian Bug #897277)
Fix the f_badjour_encrypted test to write the error output from mke2fs
and debugfs to a log file so it doesn't mess up the "make check" output
and to make those error messages available in the case of test failure.
Fix my_llseek() declaration when building against musl libc.
Clean up groff warnings in man pages. (Addresses Debian Bugs #1086892,
#1082787, #1072866, #1087898)
Document the orphan_file feature in the ext4(5) and tune2fs(8) man
pages. (Addresses Debian Bug #1073062)
Allow building e2fsprogs without libarchive-dev installed to make life
easier for bootstrapping for new Debian ports (Addresses Debian Bug
#1078693)
Various man page cleanups.
Update Chinese, Czech, French, Malay, Polish, Romainian, Spanish,
Swedish, and Ukrainian translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 9 Jan 2025 19:04:38 +0000 (20:04 +0100)]
language files: Updated de, en, es, fr & tr language files
- Changed the phrase in the code from Captive wrong ext to Captive wrong type as it is
now the type and not the extension that is being checked.
Fixes: Bug13795 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 9 Jan 2025 19:04:37 +0000 (20:04 +0100)]
perl-File-LibMagic: New package implemented for content type extraction of a file
- It was placed in make.sh after perl-Config-AutoConf as that package is at least one
build dependency.
Fixes: Bug13795 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 9 Jan 2025 19:04:36 +0000 (20:04 +0100)]
captive.cgi: Update code to check for the image content type not just the extension
- The File-LibMagic used to do this content type check. As this requires the actual
file and path name to access, the CGI::upload command had to be brought to before
the content type check and download the file to /tmp/. Then the content type can be
identified. If it is either image/png or image/jpeg then the logo.tmp file is
moved to replace the existing logo.dat. If the uploaded logo is not a png or jpeg
image content then the logo.tmp file in /tmp/ is deleted by unlinking it.
- I also added the actual content type to the error message if it is not a png or jpeg.
- Tested the code out on my vm testbed and it worked fine. Only png or jpeg content
type is accepted It makes no difference what the extension on the file is. When not
the correct content type the old logo.dat is left alone and not changed and the new
logo stored in /tmp/ is removed. If the content type is correct then the new logo file
in /tmp/ is moved to replace the existing logo.data file.
- When the wrong type of content was in the file, for example html code, then the error
message is shown saying that the content type is not correct and showing the actual
content type, in this case text/html.
Fixes: Bug13795 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Thu, 9 Jan 2025 19:04:35 +0000 (20:04 +0100)]
logo.cgi: Fix for bug13795 - captive portal not displaying uploaded logo
- This v2 version now includes the use of File-LibMagic to identify the specific
content type and apply that to the modified header command so that image/png or
image/jp[eg are used depending on the type of image provided.
- Something changed in some package in CU188 that means that the existing method of
printing the content type to the browser no longer worked.
- I tested it in some stand alone code and even if using text/txt for the content-type
print statement the File::Copy::copy then resulted in an Internal Server Error with
the same message as with the image file which was "malformed header from script
'logo.cgi': Bad header:".
- I tested it with text, html, image and application. In all cases the error message
about a bad header was provided.
- Did some searching and found an alternative way to explicitly print the header info
which is what I have used in this patch change.
- With this approach, in the stand alone code, I was able to get an image, html code or
text shown in the browser correctly and without any error message.
- I then used this new method in the logo.cgi code as submitted here and tested the
change in my vm testbed and the image was shown in the captive portal correctly.
- So this change fixes the problem with the logo not being shown but I have been unable
to identify what changed to stop the method that worked prior to CU188 from working
any more.
Fixes: Bug13795 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 6 Jan 2025 09:52:08 +0000 (10:52 +0100)]
root.hints: Update to version Dec 18, 2024
- Update from version Jul 3, 2019 to Dec 18, 2024
- Not sure if there have been other version in between or not as no history is stored
anywhere on this.
- No changelog for any changes to the root.hints file but the diff in the file shows that
just one change has been done to the B.ROOT-SERVERS.NET. entry with a change in IP.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Tested-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 3 Jan 2025 14:21:22 +0000 (15:21 +0100)]
ppp: Update to version 2.5.2
- Update from version 2.5.1 to 2.5.2
- Update of rootfile
- Changelog
2.5.2
Some old and probably unused code has been removed, notably the pppgetpass program and the passprompt plugin, and some of the files in the sample and
scripts directories.
If a remote number has been set, it is available to scripts in the REMOTENUMBER
environment variable.
The Solaris port has been updated, including updated installation instructions
in README.sol2.
Various other bug fixes and minor enhancements.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 3 Jan 2025 14:21:21 +0000 (15:21 +0100)]
liburcu: Update to version 0.15.0
- Update from version 0.14.1 to 0.15.0
- Update of rootfile
- Changelog
0.15.0
* Fix compilation errors
* Document cmm_cast_volatile
* Honor URCU_DEREFERENCE_USE_VOLATILE
* arm: Use atomic builtins for xchg if supported
* Introduce _CMM_TOOLCHAIN_SUPPORT_C11_MM
* Seperate uatomic and uatomic_mo
* uatomic: Fix header guard comment
* Fix: missing typename in URCU_FORCE_CAST
* Allow building with GCC >= 13.3 on RISC-V
* pointer.h: Fix the rcu_cmpxchg_pointer documentation
* rculfhash: make cds_lfht_iter_get_node argument const
* lfstack: make cds_lfs_empty argument const
* wfcqueue: make cds_wfcq_empty arguments const
* wfstack: make cds_wfs_empty argument const
* cds_list: make cds_list_replace @old argument const
* cds_list: make cds_list_empty const
* Adjust shell script to allow Bash in other locations
* futex.h: Indent preprocessor directives
* futex.h: Use urcu_posix_assert to validate unused values
* Use futex on OpenBSD
* fix: handle EINTR correctly in get_cpu_mask_from_sysfs
* Relicense src/compat-smp.h to MIT
* uatomic/x86: Remove redundant memory barriers
* cleanup: move rand_r compat code to tests
* ppc: Document cache line size choice
* Fix: change order of _cds_lfht_new_with_alloc parameters
* Add support for custom memory allocators for rculfhash
* ppc.h: use mftb on ppc
* rcutorture: Check histogram of ages
* docs: Add links to project resources
* Fix: allow clang to build liburcu on RISC-V
* Fix -Walloc-size
* cleanup: use an enum for the error states of nr_cpus_mask
* fix: add missing SPDX licensing tags
* urcu/uatomic/riscv: Mark RISC-V as broken
* Fix: urcu-bp: misaligned reader accesses
* rculfhash: Only pass integral types to atomic builtins
* LoongArch: Document that byte and short atomics are implemented with LL/SC
* Add LoongArch support
* Tests: Add test for byte/short atomics on addresses which are not word-aligned
* Complete removal of urcu-signal flavor
* doc/examples: Remove urcu-signal example
* tests/common: Remove urcu-signal common test files
* tests/benchmark: Remove urcu-signal benchmark tests
* tests/regression: Remove urcu-signal regression tests
* tests/unit: Remove urcu-signal unit tests
* Fix: Add missing cmm_smp_mb() in deprecated urcu-signal
* urcu/uatomic.h: Improve verbosity of static assert error messages
* urcu/compiler: Add urcu_static_assert
* Phase 1 of deprecating liburcu-signal
* uatomic/generic: Fix redundant declaration warning
* tests: Add tests for checking race conditions
* Add cmm_emit_legacy_smp_mb()
* urcu/annotate: Add CMM annotation
* tests/unit/test_build: Quiet unused return value
* benchmark: Use uatomic for accessing global states
* tests: Use uatomic for accessing global states
* urcu-wait: Fix wait state load/store
* Add CMM memory model
* urcu/arch/generic: Use atomic builtins if configured
* urcu/compiler: Use atomic builtins if configured
* configure: Add --enable-compiler-atomic-builtins option
* Fix: tests/rcutorture: Put thread offline on busy-wait
* tests/regression/rcutorture: Use urcu-wait
* tests/rcutorture: Factor out thread registration
* tests/regression/rcutorture: Add wait state
* urcu-wait: Initialize node in URCU_WAIT_NODE_INIT
* Complete REUSE support
* extras/abi: license data files under CC-1.0
* examples: use SPDX identifiers
* tests: use SPDX identifiers
* src: use SPDX identifiers
* Public headers: use SPDX identifiers
* Build system: use SPDX identifiers
* Fix: urcu-wait: add missing futex.h include
* doc: update GCC baseline to 4.8
* doc: update FreeBSD tested version
* doc: Remove Solaris from tested platforms
* Revert "compiler.h: Introduce caa_unqual_scalar_typeof"
* rculfhash: Use caa_container_of_check_null in cds_lfht_entry
* compiler.h: Introduce caa_container_of_check_null
* compiler.h: Introduce caa_unqual_scalar_typeof
* Avoid calling caa_container_of on NULL pointer in cds_lfht macros
* Fix: revise urcu_read_lock_update() comment
* Fix: uatomic powerpc comment about lwsync
* fix: aarch64: allow RHEL7 gcc 4.8.5-11
* aarch64: Implement caa_cpu_relax as yield instruction
* fix: warning 'noreturn' function does return on ppc
* Fix: use __noreturn__ for C11-compatibility
* Adjust shell scripts to allow Bash in other locations
* Add support for OpenBSD
* Bump version to 0.15.0-pre
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 3 Jan 2025 14:21:20 +0000 (15:21 +0100)]
kbd: Update to version 2.7.1
- Update from version 2.6.4 to 2.7.1
- Update of rootfile
- Changelog
2.7.1
setfont:
Fixed regression in argument parsing. Allow arguments and options to
be mixed.
dumpkeys:
Fixed dumpkeys on pc and non-pc architectures. The value of keycode 0
has a special meaning, but on some architectures (like powerpc)
keyboards may generate keycode zero.
2.7.0
libkeymap:
Add API to get/set keymap keywords.
Export functions to convert the value to kernel code.
Fix double kbdfile open.
Dump action codes for keycode 0.
libkfont:
Fix buffer allocation for doubled font.
Check console mode.
keymaps:
Add hcesar layout, for portuguese speaking countries.
Update Colemak-DH keymaps with upstream changes.
sv-latin1.map: make Ctrl+AltGr+9 act as Ctrl+].
fonts:
Remove non-free Agafari fonts.
build-sys:
Use autoconf 2.72.
Do not substitute variables from configure.
Makefiles cleanup.
Fix build warning.
other:
Add configure option to control keymaps compression.
Update man pages.
Remove deprecated startup scripts.
Remove outdated docs.
Update translations (from translationproject.org)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 3 Jan 2025 14:21:19 +0000 (15:21 +0100)]
dbus: Update to version 1.16.0
- Update from version 1.14.10 to 1.16.0
- Update of rootfile
- Autotools has been removed from dbus so build converted to meson
- Changelog
1.16.0
Build system and dependencies:
• The Meson build system is the recommended way to build dbus on Unix.
This requires Meson 0.56 and Python 3.5.
· Projects that depend on libdbus can build it as a Meson subproject.
See tests/use-as-subproject/meson.build for suggested build options.
• CMake continues to be available as an alternative build system,
and is recommended on Windows. This requires CMake 3.10.
• A C99 compiler such as gcc, clang, or Visual Studio 2015 is required.
A C11 compiler such as gcc, clang, or Visual Studio 2019 is recommended.
• On platforms with larger-than-64-bit pointers, a C11 compiler is required
Behaviour changes:
• On Unix, the well-known system bus socket is in the runtime state
directory by default (normally /run)
(see 1.15.4 for more details)
• On Linux with systemd, dbus-daemon starts as the target user/group
(retaining CAP_AUDIT_WRITE) instead of starting as root and
dropping privileges
Feature removals:
• Autotools build system
• pam_console/pam_foreground integration
(Autotools --with-console-auth, CMake -DDBUS_CONSOLE_AUTH_DIR)
New features and significant bug fixes:
• ProcessFD in GetConnectionCredentials() on Linux
(see 1.15.8 for more details)
• On Unix, the system message bus now loads .service files from /etc and /run
• Use close_range() to close unwanted file descriptors or mark them
close-on-exec, if available
• Use 64-bit timestamps internally on 32-bit platforms, for Y2038 safety
• Use APIs that can return 64-bit timestamps and inode numbers on
32-bit glibc
• AF_UNIX sockets are available on sufficiently recent Windows
• dbus-send can send arrays of variants, variant values in dictionaries,
and nested variants
• Portability to CPU architectures with larger-than-64-bit pointers
Dependencies:
• Building with CMake now requires CMake ≥ 3.10.
Bug fixes:
• Avoid deprecation warnings with newer Meson versions
(dbus!507, Simon McVittie)
• Avoid deprecation warnings with newer CMake versions
(dbus#541, Ralf Habacker)
Tests and CI enhancements:
• When building with CMake, set the same environment variables as Meson.
This improves test coverage. (dbus#533, Ralf Habacker)
• Remove a remaining reference to Debian 11, which is EOL
(dbus!508, Simon McVittie)
1.15.92
Build-time configuration changes:
• When building with Meson, the embedded_tests option has been renamed
to intrusive_tests. This option adds test instrumentation in libdbus
and dbus-daemon, which reduces performance and is not secure.
For production builds of dbus in OS distributions, it must be false
(-Dintrusive_tests=false, which is the default)
During development, it should be set true (-Dintrusive_tests=true)
for full test coverage. (dbus#537, Simon McVittie)
• Similarly, when building with CMake, the DBUS_BUILD_TESTS option no
longer enables intrusive test instrumentation. A new option
-DDBUS_ENABLE_INTRUSIVE_TESTS=ON is equivalent to the Meson build
system's -Dintrusive_tests=true.
Bug fixes:
• If a DBusWatch callback fails because there is insufficient memory,
make sure to retry it within a finite time (dbus#536, Petr Malat)
• On macOS with launchd enabled, if the session bus launchd integration
is not correctly configured, don't treat that as a fatal error that
prevents connecting to the system bus (dbus#510, Mohamed Akram)
• If intrusive test instrumentation is enabled, older versions of dbus
would simulate an out-of-memory condition once per 2**32 allocations,
even if not specifically requested. This is no longer done.
(dbus#535, Simon McVittie)
• Fix compilation on non-Linux platforms with glibc, such as
Debian GNU/Hurd (dbus#539, Simon McVittie)
• Avoid test failures with non-trivial NSS modules, similar to dbus#256
(dbus#540, Simon McVittie)
• When built with CMake, make paths in DBus1Config relocatable
(dbus!499, Ralf Habacker)
1.15.90
Build-time configuration changes:
• The experimental Containers1 interface has been removed from this branch.
It is incomplete and not ready for production use, and has been
compile-time-disabled and impossible to enable without patching
since 1.13.20. To reduce confusion, delete the code completely.
It remains present on the git `master` branch for 1.17.x, and will
hopefully be reinstated during the 1.17.x cycle.
(dbus!488, dbus!490; Simon McVittie)
Bug fixes:
• Fix the Devhelp index for API documentation (dbus!486, Simon McVittie)
• Fix detection of socketpair() on Solaris 10 (dbus#531, Simon McVittie)
• Avoid undefined signed integer overflow when calculating hash table
indexes (dbus!487, Jami Kettunen)
1.15.12
Enhancements:
• D-Bus Specification 0.43:
· Recommend loading system services from /etc/dbus-1/system-services
and /run/dbus-1/system-services (dbus!467, Luca Boccassi)
· Reorganise documentation of the message bus to make it easier to add
new interfaces (dbus!472, Simon McVittie)
· Document o.fd.DBus.Debug.Stats interface (dbus!472, Simon McVittie)
· Document o.fd.DBus.Verbose interface (dbus!472, Simon McVittie)
· Formatting improvements (dbus!471, dbus!472; Simon McVittie)
· Don't imply that all clients need to support obsolete message bus
implementations (dbus!471, Simon McVittie)
• API design advice:
· Document typical approaches to emulating nullable types in the D-Bus
type system (dbus!446, Zeeshan Ali Khan)
• On Unix, additionally load system services from:
· /etc/dbus-1/system-services, reserved for use by either the local system
administrator, or software such as asset managers and configuration
management frameworks acting on their behalf
· /run/dbus-1/system-services, for ephemeral services
(dbus!467, Luca Boccassi)
Bug fixes:
• Increase file descriptor soft limit to hard limit before testing file
descriptor passing, and correctly skip the test for flooding the bus
with fds when the limit is too low, fixing test failures on Solaris
(dbus#176, Alan Coopersmith)
• When building API documentation with Doxygen, always generate a working
link in the index HTML page
(dbus#519, dbus!470; Ralf Habacker, Simon McVittie)
• When building with Meson, add (more) test dependencies so that 'meson test'
does not always need to be preceded by 'meson compile'
(dbus!468, Simon McVittie)
• When installing with Meson, don't fail if we are installing as root but
the user/group that will own the setuid dbus-daemon-launch-helper do not
yet exist (dbus#492, Jordan Williams)
• When building with Meson on Solaris, fix detection and build of
Solaris audit API integration
(dbus!477, Alan Coopersmith)
• Fix service activation timeouts when built with embedded tests (test
instrumentation) and run on a platform with a large file descriptor limit
(dbus#527, Simon McVittie)
• Fix test failures on platforms where deleting the current working
directory is not allowed, such as Solaris
(dbus!480, Alan Coopersmith)
Internal changes:
• CI fixes (dbus!474, Simon McVittie)
1.15.10
Build-time configuration changes:
• The Autotools build system has been removed. Its replacement is Meson.
(dbus#443, Ralf Habacker)
Enhancements:
• Use 64-bit timestamps internally.
This will allow 32-bit builds of libdbus to continue working after 2038
if there is OS-level support for 64-bit time_t, either opt-in
(as on 32-bit glibc systems) or by default. (dbus!444, Alexander Kanavin)
• When building with CMake, build more HTML documentation
(dbus#504, Ralf Habacker)
Bug fixes:
• Don't crash if configured to watch more than 128 directories with
inotify (dbus#481, hongjinghao)
• Never add (uid_t) -1, (gid_t) -1 or (pid_t) 0 to credentials
(dbus!464, Alyssa Ross)
• Fix a regression since 1.15.0 for "autolaunch:" on Windows
(dbus#503, Thomas Sondergaard)
• When building with Meson, don't use stdatomic.h if it exists but is
non-functional, for example under Visual Studio 2022
(dbus#494, Thomas Sondergaard)
• When building with Meson, add test dependencies so that 'meson test'
does not always need to be preceded by 'meson compile'
(dbus!465, Alyssa Ross)
• When building with Meson, really enable launchd if appropriate
(dbus!463, Alyssa Ross)
• In the test suite, use a more widely-implemented group name 'tty'
in preference to 'bin' (dbus#514, Alyssa Ross)
• Ensure that `dbus-test-tool spam` options cannot leave the payload
length uninitialized (dbus!469, Simon McVittie)
• Fix compiler warnings with gcc 14 (dbus!469, Simon McVittie)
Documentation:
• Clarify ownership transfer of pending call in
dbus_connection_send_with_reply() (dbus!455, Wiebe Cazemier)
• Explicitly document dbus-send exit status (dbus#452, Philip Withnall)
• Refer to d-spy in preference to unmaintaned D-Feet
(dbus!460, Ludovico de Nittis)
• Update URL to Bustle tool (dbus!460, Ludovico de Nittis)
Internal changes:
• Replace _dbus_string_append_int(), _dbus_string_append_uint() with
calls to _dbus_string_append_printf()
(dbus!445, Simon McVittie)
• Clean up unused macros in CMake build
(dbus!463, Alyssa Ross)
• Internal CI changes
(dbus#487, dbus#488, dbus#489, dbus#509;
Ralf Habacker, Simon McVittie)
1.15.8
Build-time configuration changes:
• For this version of dbus, Meson is the recommended build system for all
Unix platforms. CMake continues to be recommended for Windows, but this
recommendation might change to Meson in a future release, so please
test the Meson build. See INSTALL for details.
• Autotools-generated files are no longer included in the tarball release.
The Autotools build system is likely to be removed in a future dbus
release, so Autotools users should migrate to Meson as soon as possible.
It is still possible to build using Autotools, by following the same
procedure as for a git clone (starting with the `./autogen.sh` script).
Enhancements:
• D-Bus Specification 0.42:
· GetConnectionCredentials can return ProcessFD
(dbus!420, dbus!398; Luca Boccassi)
• On Linux with sufficiently new glibc and kernel headers, report a pinned
process file descriptor (pidfd) as the ProcessFD member of the
GetConnectionCredentials() result
(dbus!420, dbus!398; Luca Boccassi)
• On Linux with systemd, start as the target user/group (retaining
CAP_AUDIT_WRITE to preserve the ability to write to the audit log),
instead of starting as root and dropping privileges
(dbus!399, Luca Boccassi)
• On 32-bit glibc systems, opt-in to 64-bit timestamps if possible.
This will allow 32-bit builds of libdbus to continue working after 2038.
(dbus#465, Simon McVittie)
• On 32-bit glibc systems when built with CMake, also opt-in to large
file sizes, offsets and inode numbers, as was done for Autotools
since 1.12.x and Meson since the Meson build was introduced
(dbus#465, fd.o #93545; Simon McVittie)
• Avoid known dbus-daemon options being interpreted as optional arguments
(dbus#467, Xin Shi)
• If libdbus is a Meson subproject in a larger project, announce it as an
implementation of the dbus-1 dependency (dbus!415, Barnabás Pőcze)
• When built with CMake, get the version number from Meson instead of
Autotools, in preparation for the Autotools build system being removed
(dbus!382, Ralf Habacker)
• When built with Meson, disable some unwanted warnings when either
assertions or checks is disabled (dbus!412, Simon McVittie)
• Use C11 <stdatomic.h> if possible (dbus!431, Simon McVittie)
• Expand coverage of SPDX/REUSE copyright/license information
(dbus!427, Simon McVittie)
• On Linux, let dbus-daemon start up successfully (with a warning) if
inotify initialization fails, even if DBUS_FATAL_WARNINGS=1 is present
in the environment (dbus#473, Simon McVittie)
• On Unix, provide a better error message when looking up a user by name
or user ID fails (dbus!442, Simon McVittie)
Bug fixes:
• Avoid a dbus-daemon crash if re-creating a connection's policy fails.
If it isn't possible to re-create its policy (for example if it belongs
to a user account that has been deleted or if the Name Service Switch is
broken, on a system not supporting SO_PEERGROUPS), we now log a warning,
continue to use its current policy, and continue to reload other
connections' policies. (dbus#343; Peter Benie, Simon McVittie)
• If getting the groups from a user ID fails, report the error correctly,
instead of logging "(null)" (dbus#343, Simon McVittie)
• Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs
field for processes with a valid-but-empty supplementary group list
(dbus!422, cptpcrd)
• `sudo meson install` without a DESTDIR is now possible, although
strongly discouraged on production systems (dbus#436, Simon McVittie)
• Fix a Meson deprecation warning (dbus#439, Simon McVittie)
Tests and CI enhancements:
• Internal CI changes
(dbus#455, dbus!414, dbus#468, dbus#469, dbus!424, dbus!430, dbus#436,
dbus#470; Ralf Habacker, Simon McVittie)
1.15.6
Denial-of-service fixes:
• Fix an assertion failure in dbus-daemon when a privileged Monitoring
connection (dbus-monitor, busctl monitor, gdbus monitor or similar)
is active, and a message from the bus driver cannot be delivered to a
client connection due to <deny> rules or outgoing message quota. This
is a denial of service if triggered maliciously by a local attacker.
(dbus#457; hongjinghao, Simon McVittie)
Enhancements:
• Special-case reading pseudo-files from Linux /proc to take into
account the filesystem's unusual semantics (dbus!401, Luca Boccassi)
Other fixes:
• Fix compilation on compilers not supporting __FUNCTION__
(dbus!404, Barnabás Pőcze)
• Fix some memory leaks on out-of-memory conditions
(dbus!403, Barnabás Pőcze)
• Documentation:
· Update the README to recommend building with Meson
(dbus!402, Ahmed Abdelfattah)
· Fix syntax of a code sample in dbus-api-design
(dbus!396; Yen-Chin, Lee)
• CMake build fixes:
· Detect presence of <sys/syscall.h> (dbus!400, Luca Boccassi)
Tests and CI enhancements:
• Fix CI pipelines after freedesktop/freedesktop#540
(dbus!405, dbus#456; Simon McVittie)
• Ensure the messagebus user is created if necessary
(dbus#445, Ralf Habacker)
1.15.4
Dependencies:
• Building with CMake now requires CMake ≥ 3.9.
Build-time configuration changes:
• On Unix platforms, a path in the runtime state directory (often /run)
is now used for the well-known system bus socket by default. OS
distributors should check that the path used is equivalent to the
interoperable path /var/run/dbus/system_bus_socket, especially if
running on an OS where /var/run is not guaranteed to be a symbolic
link to /run.
(dbus#180; Issam E. Maghni, Simon McVittie)
· With Autotools, this is controlled by --runstatedir, which defaults
to ${localstatedir}/run but is often set to /run by OS distributors.
The path to the system bus socket can be overridden with the
--with-system-socket option if required.
· With CMake, this is controlled by the RUNSTATEDIR option, which has
behaviour similar to Autotools. There is no separate option for the
path to the system bus socket.
· With Meson, this is controlled by the runtime_dir option, which
defaults to /run if the installation prefix is set to /usr, or has
behaviour similar to Autotools otherwise. The path to the system bus
socket can be overridden with the system_socket option if required.
Denial of service fixes:
• Fix an incorrect assertion that could be used to crash dbus-daemon or
other users of DBusServer prior to authentication, if libdbus was compiled
with assertions enabled.
We recommend that production builds of dbus, for example in OS distributions,
should be compiled with checks but without assertions.
(dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
Enhancements:
• D-Bus Specification 0.41:
· Clarify handling of /run vs. /var/run on Unix systems
(dbus#180, Simon McVittie)
• Add dbus_connection_set_builtin_filters_enabled(), intended to be called
by tools that use BecomeMonitor() such as dbus-monitor
(dbus#301, Kai A. Hiller)
• When using the Meson build system, dbus can now be used as a subproject.
To avoid colliding with a separate system copy of dbus, building it as a
static library with tests, tools and the message bus disabled is
strongly recommended. See test/use-as-subproject for sample code.
(dbus!368, dbus!388; Daniel Wagner)
Other fixes:
• When connected to a dbus-broker, stop dbus-monitor from incorrectly
replying to Peer method calls that were sent to the dbus-broker with
a NULL destination (dbus#301, Kai A. Hiller)
• Fix out-of-bounds varargs read in the dbus-daemon's config-parser.
This is not attacker-triggerable and appears to be harmless in practice,
but is technically undefined behaviour and is detected as such by
AddressSanitizer. (dbus!357, Evgeny Vereshchagin)
• Avoid a data race in multi-threaded use of DBusCounter
(dbus#426, Ralf Habacker)
• Fix a crash with some glibc versions when non-auditable SELinux events
are logged (dbus!386, Jeremi Piotrowski)
• If dbus_message_demarshal() runs out of memory while validating a message,
report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)
• Use C11 _Alignof if available, for better standards-compliance
(dbus!389, Khem Raj)
• Stop including an outdated copy of pkg.m4 in the git tree
(dbus!365, Simon McVittie)
• Meson build fixes:
· Use -fvisibility=hidden on Unix if supported, in particular on Linux
(dbus!383, dbus#437; Simon McVittie)
· Fix build on macOS, and any other platform that has
CLOCK_MONOTONIC but not pthread_condattr_setclock()
(dbus#419, Jordan Williams)
• Documentation:
· Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)
• Licensing:
· Use MIT license for some test files that did not previous specify a
license, with permission from their authors (dbus!359, Simon McVittie)
· Add more SPDX/REUSE license markers
(dbus!311, dbus!369, dbus!370, dbus!371, dbus!375, dbus!376;
Ralf Habacker, Simon McVittie)
· Correct syntax of some SPDX license markers (dbus!360, Ralf Habacker)
• Tests fixes:
· Fix an assertion failure in test-autolaunch-win
(dbus#422, Ralf Habacker)
· Expand test coverage under CMake (dbus!322, Ralf Habacker)
· Fix the test-apparmor-activation test after dbus#416
(dbus!380, Dave Jones)
Internal changes:
• Add static assertions for some things we assume about pointers
(dbus!345, Simon McVittie)
• Refactoring (dbus!356, dbus#430, dbus#431; Simon McVittie, Xin Shi)
• Fix CI builds with recent git versions (dbus#447, Simon McVittie)
• Build dbus with clang during CI (dbus!358, Evgeny Vereshchagin)
1.15.2
Behaviour changes:
• On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
Denial of service fixes:
Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote attacker.
• An invalid array of fixed-length elements where the length of the array
is not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
• A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (dbus#418, CVE-2022-42010; Simon McVittie)
• A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. This was a regression in
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
Enhancements:
• D-Bus Specification 0.40 (dbus#416, Simon McVittie)
· Clarify that unix:tmpdir is not required to use abstract sockets,
even where supported
· Mention implications of abstract sockets for Linux namespacing
1.15.0
Dependencies:
• On platforms where a pointer is larger than 64 bits, dbus requires at
least a C11 compiler.
On other platforms, dbus now requires either a C99 compiler such as
gcc or clang, or Microsoft Visual Studio 2015 or later. Some workarounds
for pre-C99 environments are currently still present, but we plan to
remove them during this development cycle.
• Building with CMake now requires CMake ≥ 3.4.
• Building with Meson requires Meson ≥ 0.56 and Python ≥ 3.5.
Feature removal:
• Remove support for the obsolete pam_console and pam_foreground modules
(the Autotools --with-console-auth-dir= and CMake -DDBUS_CONSOLE_AUTH_DIR=
options, which have been deprecated since dbus 1.11.18).
(dbus#181, fd.o#101629)
Build-time configuration changes:
• Add a Meson build system. This is currently considered experimental,
but the intention is for it to replace Autotools and/or CMake in future
releases, preferably both. Please test!
(dbus!303, dbus!325; Félix Piédallu, Marc-André Lureau, Simon McVittie)
· This requires Meson 0.56 or newer, and Python 3.5 or newer.
· Expat can be built as a subproject using Meson's "wrap" mechanism,
if desired. This should make it considerably easier to build dbus
for Windows or other platforms without a library packaging system.
· GLib can also be built as a subproject using Meson's "wrap" mechanism,
if desired. This should make it considerably easier to build full
test coverage on Windows or other platforms without a library
packaging system.
• Please note that not all Meson build options correspond 1:1 to how
the closest equivalents in Autotools or CMake behave, and the Meson
build options are subject to change.
Distributors and developers evaluating the Meson build should check
that they are configuring dbus the way they intend to.
Enhancements:
• D-Bus Specification 0.39:
· Document how to represent internationalized domain names in D-Bus
names (dbus!324, Simon McVittie)
· Improve documentation of AF_UNIX sockets (Marc-André Lureau)
• On Unix, speed up closing file descriptors for subprocesses by using
closefrom() or close_range() where available
(dbus#278; rim, Simon McVittie)
• On Windows, dbus can now use AF_UNIX sockets, not just TCP.
This requires Windows 10 build 17063 or later at runtime,
and either Windows 10 SDK 17063 or mingw-w64 version 9.0.0 or later
at compile-time. (dbus!249, Marc-André Lureau)
• Teach dbus-send to handle variants in containers: arrays of variants,
variant values in dictionaries, and nested variants
(dbus!206, Frederik Van Bogaert)
• Detect programming errors with Windows mutexes if assertions are
enabled, similar to what we already did for pthreads mutexes
(dbus#369, Ralf Habacker)
• Move license text into LICENSES, and start to use SPDX markers
(Simon McVittie, Ralf Habacker)
Fixes:
• Portability to CPU architectures with larger-than-64-bit pointers
(dbus!335, dbus!318; Alex Richardson)
• Fix build failure on FreeBSD (dbus!277, Alex Richardson)
• Fix build failure on macOS with launchd enabled
(dbus!287, Dawid Wróbel)
• Preserve errno on failure to open /proc/self/oom_score_adj
(dbus!285, Gentoo#834725; Mike Gilbert)
• Improve dbus-launch --autolaunch so it can pick up an existing bus from
Linux XDG_RUNTIME_DIR or macOS launchd, even if X11 autolaunching was
disabled (dbus#385, dbus#392; Simon McVittie, Alex Richardson)
• Correctly escape AF_UNIX socket paths when converting them to D-Bus
address strings (dbus#405, Marc-André Lureau)
• On Linux, don't log warnings if oom_score_adj is read-only but does not
need to be changed (dbus!291, Simon McVittie)
• Slightly improve error-handling for inotify
(dbus!235, Simon McVittie)
• Don't crash if dbus-daemon is asked to watch more than 128 directories
for changes (dbus!302, Jan Tojnar)
• Silence various compiler warnings
(dbus!275, dbus!289, dbus!305, dbus!307, dbus!312, dbus!315;
Ralf Habacker, Simon McVittie, Alex Richardson, Marc-André Lureau)
• On Windows, use safer locking patterns for the system-global mutex used
to implement autolaunching (dbus#368, dbus#370; Ralf Habacker)
• Index dbus-arch-deps.h for API documentation when building out-of-tree
(dbus!312, Marc-André Lureau)
• Silence xmlto warnings when building man pages
(dbus!312, Marc-André Lureau)
• Fix build failure when checks are disabled but assertions are enabled
(dbus#412, Johannes Kauffmann)
• Use C99 flexible arrays in the memory pool implementation for better
support for modern compilers
(dbus!343, dbus!344; Alex Richardson, Simon McVittie)
• Autotools build system fixes:
· Don't treat --with-x or --with-x=yes as a request to disable X11,
fixing a regression in 1.13.20. Instead, require X11 libraries and
fail if they cannot be detected. (dbus!263, Lars Wendler)
· When a CMake project uses an Autotools-built libdbus in a
non-standard prefix, find dbus-arch-deps.h successfully
(dbus#314, Simon McVittie)
· Don't include generated XML catalog in source releases
(dbus!317, Jan Tojnar)
· Improve robustness of detecting gcc __sync atomic builtins
(dbus!320, Alex Richardson)
• CMake build system fixes:
· Detect endianness correctly, fixing interoperability with other D-Bus
implementations on big-endian systems (dbus#375, Ralf Habacker)
· Fix a race condition generating man pages and HTML documentation
(dbus#381, Ralf Habacker)
· When building for Unix, install session and system bus setup
in the intended locations
(dbus!267, dbus!297; Ralf Habacker, Alex Richardson)
· Detect setresuid() and getresuid() (dbus!319, Alex Richardson)
· Detect backtrace() on FreeBSD (dbus!281, Alex Richardson)
· Don't include headers from parent directory (dbus!282, Alex Richardson)
· Fix -Wunused-command-line-argument on FreeBSD
(dbus!278, Alex Richardson)
· Only add warning flags if the compiler supports them
(dbus!276, Alex Richardson)
· Distinguish between host and target TMPDIR when cross-compiling
(dbus!279, Alex Richardson)
· Improve compiler warning detection (dbus#387, Ralf Habacker)
· Allow TEST_SOCKET_DIR to be overridden (dbus!295, Ralf Habacker)
· Fix detection of atomic operations (dbus!306, Alex Richardson)
· Use DWARF 2 instead of STABS for debug symbols on Windows, for
compatibility with newer gcc versions (dbus!323, Marc-André Lureau)
· Fix use of paths relative to the dbus project directory when dbus is
vendored into a larger CMake project (dbus!332, Jordan Williams)
Tests and CI enhancements:
• Add an automated test for Windows autolaunching
(dbus#235, Ralf Habacker)
• Avoid compiler warnings in test code
(dbus#383, dbus!274, dbus!275; Simon McVittie, Ralf Habacker)
• Avoid LeakSanitizer warnings in test code
(dbus!326, Simon McVittie)
• Speed up a particularly slow unit test by a factor of 30
(dbus!328, Simon McVittie)
• On Unix, skip tests that switch uid if run in a container that is
unable to do so, instead of failing (dbus#407, Simon McVittie)
• On Unix, consistently create test sockets in DBUS_TEST_SOCKET_DIR and
not the build directory, allowing the build directory to be mounted with
a non-POSIX filesystem (dbus!334, Alex Richardson)
• Gitlab-CI improvements
(dbus#383, dbus#388, dbus!262, dbus!288, dbus!292, dbus!296, dbus!299,
dbus!301;
Ralf Habacker, Simon McVittie, Alex Richardson)
• Added FreeBSD Gitlab-CI build jobs
(dbus!280, dbus!347; Alex Richardson)
• Use the latest MSYS2 packages for CI
(Ralf Habacker, Simon McVittie)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 22 Jan 2025 21:07:00 +0000 (22:07 +0100)]
clamav: Update to version 1.4.2
- Update from version 1.4.1 to 1.4.2
- Update of rootfile
- Changelog
1.4.2
- [CVE-2025-20128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128):
Fixed a possible buffer overflow read bug in the OLE2 file parser that could
cause a denial-of-service (DoS) condition.
This issue was introduced in version 1.0.0 and affects all currently
supported versions. It will be fixed in:
- 1.4.2
- 1.0.8
Thank you to OSS-Fuzz for identifying this issue.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 15 Jan 2025 14:57:45 +0000 (14:57 +0000)]
openssl: Dynamically link zlib
The former way was to open libz.so whenever it was needed. This is
however not a very good solution and we will have trouble in dependency
tracking and discover any linking problems much later.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 25 Dec 2024 13:48:28 +0000 (14:48 +0100)]
nut: Update to enable collectd to find the nut files
- with-dev is required as a configure option to ensure that the package-config files
are installed during the build so that collectd can find the libupsclient library
files which are needed for the nut plugin.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 25 Dec 2024 13:48:27 +0000 (14:48 +0100)]
make.sh: Change of position for nut and dependant programs
- With nut enabled in collectd as a plugin (to match with apcupsd) then it had to be
moved to before collectd.
- netsnmpd is required by nut for one of its rootfiles and therefore has to stay before
nut.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 25 Dec 2024 13:48:26 +0000 (14:48 +0100)]
update.sh: Update to migrate rrd directories for collectd-5.x
- Not tested by myself but it uses the same code as in the backup.pl changes which were
tested and worked. So expectation is that they will work in the Core Update but this
will be able to be evaluated when the Testing Release is issued.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 25 Dec 2024 13:48:25 +0000 (14:48 +0100)]
backup.pl: Update to migrate rrd directories for collectd-5.x
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 25 Dec 2024 13:48:24 +0000 (14:48 +0100)]
graphs.pl: Update to names used by collectd-5.x
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 25 Dec 2024 13:48:22 +0000 (14:48 +0100)]
collectd: Update to version 5.12.0
- Update from version 4.10.9 to 5.12.0
- Update of rootfile
- Removal of the patches that were used for version 4.10.9. Checking these they have
either been included, are no longer applicable as the involved code is no longer
present or were changes specific to BSD or Solaris OS's or were related to plugins
that were not enabled on IPFire such as mysql.
- If anyone is aware of patches that should be applied to version 5.12.0 then let me
know.
- Updated the plugin lists to disable some that were enabled such as multimeter and
battery. We shouldn't need to use IPFire as a multimeter and it should not really
be running on a laptop in battery mode.
- Re-arranged the order of the plugins to make them alphabetical again.
- Added nut to the enabled plugins. apcupsd was already enabled but nut was not.
- Disabled making warnings into errors, updated the librrd directory and specified
the libgcrypt directory so that the build was successfull.
- collecvtd-5.x supports parallel builds
- copied the 4.x to 5.x migration program into IPFire. This is then used when restoring
older backups or for the update script for when collectd-5.12.0 is merged.
- The change set was installed on my vm and the graphs all worked as expected and got
updated. Doing a restore from an earlier backup with the 4.x format of files was
correctly migrated and installed.
- Changelog is rather large covering everything that has changed and been updated.
Details can be found at https://github.com/collectd/collectd/releases
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
projects / people / mfischer / ipfire-2.x.git / log
