Matthias Fischer [Wed, 23 Aug 2023 15:08:09 +0000 (17:08 +0200)]
mc: Update to 4.8.30
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.30
Summary:
"Major changes since 4.8.29
Core
Support PCRE2 as search engine (via --with-search-engine=pcre2) (#4450)
Implement panelization buffers for both file panels (#4370)
VFS
tar: support extended headers (including long file names and sparse files) (#1952, #2201)
extfs helpers: replace "perl -w" with "use warnings" (MidnightCommander?/mc#174)
extfs/patchfs: be more specific in error message (#4485)
Editor
Add syntax highlighting:
Jenkinsfiles (#4469)
B language (#4470)
Improve syntax highlighting:
ECMAScript (MidnightCommander?/mc#172)
ECMAScript in TypeScript? (MidnightCommander?/mc#172)
use diff syntax highlighting for git commit messages (COMMIT_EDITMSG) (MidnightCommander?/mc#85)
Misc
Code cleanup (#4426, #4438)
Filehighlight:
recognize vsix files as zip files (MidnightCommander?/mc#171)
Skin updates:
julia256 (#4441, #4445)
Fixes
Usage of 'sed' in build system/makefiles is not portable (#4459, #4466)
Unportable '$<' in Makefiles (#4460)
FTBFS if ncurses used without --with-ncurses-includes= configure parameter (#4462)
Ncurses library is duplicated in MCLIBS (#4463, #4465)
FTBFS without ext2fs attributes support (#4464)
Wrong sort order after swapping panels (#4432)
Incorrect time delimiter in the copy/move progress window (#4437)
Incorrect redraw of overlapped file panels (#4408)
Subshell/Command? line prompt is empty/missing (#3121)
Find file: relative ignore directory is applied to the start search directory (#4235)
Diff viewer: options are not applied on second run (#4486)
mc.ext.ini: 'Edit' command from 'Default' section is ignored (#4434)
mc.ext.ini: .md files are not recognized as Markdown ones by extension (#4444)
mcedit: off-by-one error in paragraph formatting (#4446)
ftp: incomplete file listing: block and character devices, pipes, sockets are missed (#4472)
Various typos in the source code (MidnightCommander?/mc#177, MidnightCommander?/mc#178)"
Matthias Fischer [Sun, 20 Aug 2023 17:15:23 +0000 (19:15 +0200)]
vnstat: Update to 2.11
For details see:
https://humdi.net/vnstat/CHANGES
"2.11 / 19-Aug-2023
- Fixed
- Database queries worked only if SQLite double-quoted string (DQS)
feature (https://www.sqlite.org/quirks.html#dblquote) was enabled
- Disabling data resolutions in data retention configuration didn't result
in possibly existing database entries getting removed from the database
- Disabling data resolutions in data retention configuration didn't result
in the data resolution getting disabled but instead storing data forever
- "expr: syntax error" during configure in BSD (pull request by namtsui)
- Image output summary would show only "no data available" text in case of
zero total traffic even when the historical data of no traffic could have
been shown instead
- Image output "-o -" content could get corrupted due to info, warning and
error messages also using stdout, configuration file warnings being the
most likely source, now uses stderr in image output
- Configuration validation was too heavily limiting and enforcing image
output 5 minute graph related configuration options for combinations that
would have resulted in usable images
- New
- Database cleanup has been changed to interpret data retention
configuration as number of entries to be kept instead of calendar time,
this restores the behaviour to similar as it was up to version 1.18, the
difference is visible only on systems that aren't powered all the time
- Database is vacuumed during daemon startup and reload, behaviour is
configurable using VacuumOnStartup and VacuumOnHUPSignal configuration
options
- Add configuration option InterfaceOrder for controlling the interface
order in outputs with multiple interfaces
- Used data retention configuration is made visible during daemon startup
and after configuration reloads
- Daemon will no longer start if all data resolutions have been disabled
in the configuration file
- SQLite version is visible in --version outputs
- Notes
- "Not enough data available yet." message has been replaced with
"No data. Timestamp of last update is same YYYY-MM-DD HH:MM:SS as of
database creation." to better explain the reason why there's nothing to
show, this message is expected to disappear within configured
SaveInterval if the interface is active"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 20 Aug 2023 14:11:02 +0000 (16:11 +0200)]
index.cgi: Add warning about reiserfs deprecation and removal if reiserfs used
- Reiserfs was stopped in IPFire in Core Update 167. It has been announced that reiserfs
will be removed from the kernel in 2025.
- This patch gives a warning about this deprecation and removal if reiserfs is used. The
warning also requests that the user does a re-installation using either ext4 or xfs
filesystems.
- Tested out on a vm installation with reiserfs, ext4 and xfs. Messgae shown on system
with reiserfs filesystem but nopt on the other two.
- Warning message added into the English language file and ./make.sh lang run.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 20 Aug 2023 14:11:01 +0000 (16:11 +0200)]
dhcpcd: Update to version 10.0.2
- Update from version 10.0.1 to 10.0.2
- Update of rootfile not required
- Changelog
10.0.2
Major changes listed as:-
chore: Link to GitHub for the updated commit log by @frazar in #203
Additional DHCP options by @rrobgill in #214
risc-v fix vendor error by @Im-0xea in #213
compat sync by @tobhe in #226
Commit list can be seen at
https://github.com/NetworkConfiguration/dhcpcd/compare/v10.0.1...v10.0.2
This includes two bug fixes for two situations causing segfaults
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 19 Aug 2023 15:45:28 +0000 (17:45 +0200)]
clamav: Update to 1.1.1
For details see:
https://blog.clamav.net/2023/07/2023-08-16-releases.html
Excerpts from changelog:
"ClamAV 1.1.1 is a critical patch release with the following fixes:
CVE-2023-20197 Fixed a possible denial of service vulnerability
in the HFS+ file parser. This issue affects versions 1.1.0,
1.0.1 through 1.0.0, 0.105.2 through 0.105.0, 0.104.4 through
0.104.0, and 0.103.8 through 0.103.0.
Fixed a build issue when using the Rust nightly toolchain, which
was affecting the oss-fuzz build environment used for regression tests.
Fixed a build issue on Windows when using Rust version 1.70 or newer.
CMake build system improvement to support compiling with OpenSSL 3.x on
macOS with the Xcode toolchain. The official ClamAV installers and
packages are now built with OpenSSL 3.1.1 or newer.
Removed a warning message showing the HTTP response codes during the
Freshclam database update process."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 18 Aug 2023 18:46:45 +0000 (20:46 +0200)]
ppp: Bug#13164 - Update configure options to have correct directory for pid
- The original poster of the bug#13164 has already tested out ppp-2.5.0 in CU179 (master)
and identified that the startup could not find the directory /usr/var/run/. This is due
to the change in use of the prefix command in 2.5.0 vs 2.4.9 so --localstatedir set to
/var. runstatedir is then set to localstatedir/run ie /var/run which is then correct
for IPFire.
- This fix needs to be implemented into CU179 so that the bug poster can test out the update
- Updated rootfile to remove additional empty line
Fixes: Bug#13164 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 16 Aug 2023 12:35:30 +0000 (14:35 +0200)]
openvpn: Update to version 2.5.9
- Update from version 2.5.8 to 2.5.9 which is the last version in the 2.5 series
- Update of rootfile not required
- Tested openvpn-2.5.9 in my vm testbed. OpenVPN RW connection worked fine. Also tested
OpenVPN N2N connection with CU179 & OpenVPN version 2.5.9 at one end and CU177 &
OpenVPN version 2.5.8 at the other end. N2N connection worked with no problemns.
- Changelog
2.5.9
Implement optional cipher in --data-ciphers prefixed with ?
Fix handling an optional invalid cipher at the end of data-ciphers
Ensure that argument to parse_line has always space for final sentinel
Improve documentation on user/password requirement and unicodize function
Remove unused gc_arena
Fix corner case that might lead to leaked file descriptor
msvc: always call git-version.py
git-version.py: proper support for tags
Check if pkcs11_cert is NULL before freeing it
Do not add leading space to pushed options
pull-filter: ignore leading "spaces" in option names
Do not include auth-token in pulled option digest
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 15 Aug 2023 12:13:00 +0000 (14:13 +0200)]
keepalived: Update to version 2.2.8
- Update from version 2.2.7 to 2.2.8
- Update of rootfile not required
- Changelog
2.2.8 31th May 2023
This release brings improvements and fix some minor issues reported. It add some
new VRRP and BFD features as well.
New
vrrp: Add support for Infiniband over IPv6. Github issue #2100 reported that
attempting to use IPv6 over Infinband was causing keepalived to segfault
It turned out that vrrp_ndisc.c had a comment that it still needed to be
implemented, which we have now been able to do with someone in a position
to test it. With many thanks for Itel Levy of NVIDIA, Israel for
reporting the issue and and testing the patch to confirm that it works.
vrrp: Add no_virtual_ipaddress keyword. This keyword suppresses warnings for
no virtual ipaddresses configured and allows none to be configured when
using VRRPv3.
vrrp: Add –enable-nm configure option. –enable-nm adds support for Keepalived
telling NetworkManager not to manage VMAC interfaces the keepalived
creates. Early versions of NM (i.e. at least up to v1.12, but resolved
at the latest by v1.18) would set the VMAC inerfaces as managed by
NetworkManager, and then if the underlying interface went down, NM
would down the VMAC interface and the VRRP instance would never recover
from fault state.
vrrp: add v3_checksum_as_v2 configuration option. RFC 5798 (the VRRPv3 RFC)
states regarging the checksum:
5.2.8. Checksum
The checksum field is used to detect data corruption in the VRRP
message. The checksum is the 16-bit one’s complement of the one’s
complement sum of the entire VRRP message starting with the
version field and a “pseudo-header” as defined in Section 8.1 of
[RFC2460]. The next header field in the “pseudo-header” should be
set to 112 (decimal) for VRRP. For computing the checksum, the
checksum field is set to zero. See RFC1071 for more detail
Some manufacturers (e.g. Cisco) interpret this to mean that the
pseudo- header is not included in the checksum calculation, since
RFC2460 only defines a pseudo-header for IPv6. RFC3768 (the last
VRRPv2 RFC) did not include a pseudo-header in the checksum.
However, keepalived has always included a pseudo-header in the
VRRPv3 IPv4 checksum, which is also consistent with the default
setting in Wireshark. In order to allow interoperation with
Cisco routers, and possibly other manufacturers, the
“v3_checksum_as_v2” keyword, when configured in global_defs to
set the default for all vrrp_instances, or in individual
vrrp_instances, causes those vrrp_instances to exclude the
pseudo- header from the checksum. The default action of including
the pseudo- header in the checksum remains unchanged.
vrrp: Add option to revert to backup if thread timer expires. If the VRRP
process is not scheduled for sufficiently long, another VRRP instance
may have taken over as master. For some users, minimising the number of
master switches is desired, and so if nopreempt is configured (if it is
not configured the highest priority instance will take over as master
again), and if it is too long after a thread timer expires before
keepalived is scheduled to run so that another instance will probably
have taken over as master, we will just revert to backup state rather
than sending further adverts. The keyword that configures this is
thread_timer_expired.
vrrp: Add optional new JSON format including track_process details. The
original JSON format did not allow for adding additional object types
other than the original vrrp instances. This commit adds a json_version
2, which puts the vrrp instances in a named array and adds an array of
the track_processes.
core: add option to check for malloc’s etc returning NULL. Configure option
–enable-malloc-check will cause the returned value of
malloc/realloc/strdup/strndup to be checked to ensure that they do not
return NULL. If any such call does return NULL a message will be logged
and the process will terminate. Unless sysctl vm.overcommit_memory == 2
(default is usually 0), or the malloc would cause the process virtual
address space to exceed the limit, malloc etc will not return NULL. It
is only once there is a write into the memory block that the memory is
actually allocated, and if there is insufficient memory (including swap
space), then the OOM killer will step in to either kill keepalived, or
kill another process. Consequently checking for NULL being returned is
generally a waste of time and program size.
ipvs: Add option to check OpenSSL mallocs/frees for validity.
ipvs: Add option to let SSL_GET shutdown comply with TLS spec.
bfd: Add multihop option to conform with RFC5883. RFCs 5881 and 5883 state
that port 3784 is used for single hop BFD and port 4784 is used for
multihop. The commit adds configuration option “multihop” to use port
4784 rather than port 3784.
Improvements
vrrp: Don’t adjust vrrp receive timeout during delayed start. The timeout for
a vrrp instance to become master should not be changed if an advert is
received during the delayed start - the timeout is set to include the
delayed start and the (3 to 4) * advert int delay to take over as master.
vrrp: Remove redundant checks of snmp_option.
vrrp: deley freeing vrrp instances until all references are freed. Trackers
etc have lists for vrrp instances that are tracking them. Therefore the
trackers, and their references, must be freed before the vrrp instances
are freed.
vrrp: restore the vmac ipv6 link-local after flapping. The user is not
supposed to shutdown a vmac interface created by keepalived. However,
it can mistakenly happen. When the link is re-established, the
link-local has disappear (the kernel removes all IPv6 addresses on link
down except if keep_addr_on_down sysctl is on) and sending VRRP packet
is no nore possible. Restore the IPv6 Link-Local after a VMAC interface
flapping. A Link-Local is not set when the VRRP packets are sent from
the base interface (vmac-xmit-base). Note that the IPv6 Virtual
Addresses are also removed on link down which is the desired behavior.
Enabling keep_addr_on_down sysctl would keep the link-local without
this patch but would break this behavior.
doc: Man pages and documentation updates. Add explanation of why unicast
VRRPv3 checksum changed.
configure: Add systemd auto option. fix default config file with ${prefix}
use. use back-ticks rather than $(…) for commmands. Improve
checking for ${prefix}.
ipvs: Don’t report HTTP_CHECK when it is an SSL_CHECK.
ipvs: Work around OpenSSL memory leak in versions 3.0.0 to 3.0.4. The memory
leak was observed with OpenSSL 3.0.1, and it is resolved by version
3.0.5. Also the leak is not observed in v1.1.1n.
ipvs: Simplify SSL_GET handling code.
Fixes
rpm: Fix RPM spec file to use kmod-lib and kmod-devel rather than libkmod.
vrrp: Fix NFT support to properly handle build with L4PROTO support.
vrrp: Resolve segfault when enable_snmp_vrrp is added at a reload.
vrrp: workaround GCC LTO bug causing incorrect VRRPv3 checksum. The problem
was observed with GCC versions 11.2, 11.3.1 and 12.1.1, on Ubuntu 22.04,
Fedora 34, Fedora 36 and Fedora 37 (Rawhide). The problem did not occur
when not using LTO, nor when using clang, even with LTO.
vrrp: fix ipv6 vrrp in fault state because no ipv4 address. Setting an IPv6
VRRP virtual address on an interface that has no IPv4 address results
in a persistent FAULT state.
core: Fix segfault when receive netlink message for static default route added.
build: Fix order of -lssl -lcrypto. This needs to be correct in order to be
able to use static library linking on Alpine Linux.
build: Fix build with libressl. SSL_set0_rbio is provided by libressl since
version 3.4.0 and libressl/openbsd@c99939f but SSL_set0_wbio is not
provided resulting in build failure.
build: Fix out of tree builds. Fix build error with –disable-track-process.
build: Fix building with –disable-vmac.
build: Fix compiler warning when building without VRRP authentication.
parser: Fix segfault caused by extra ‘}’ and other parser fixes. If there was
a configuration error in a block, e.g. a vrrp_instance, keepalived
would apply the configuration in the rest of the block to the
previous object of that type, e.g. the previous vrrp instance. If
there had been no previous instance, keepalived would probably
segfault. This commit changes the way the parser works. A new
instance of an object, e.g. a VRRP instance or a virtual server, is
only added to the list of those objects once the configuration of
that object is complete. In particular it no longer applies the
configuration to the last entry on the list of the relevant object
type, but keeps a point to the object currently being configured.
parser: Optimise fixing recalculating updated line length.
ipvs: Fix memory leaks when configuration is repeated. Use last entry if
duplicate definition.
lib: Fix malloc check code for CPUs without unaligned memory access.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Michael Tremer [Tue, 15 Aug 2023 09:48:35 +0000 (09:48 +0000)]
mountfs: Remove excessive sync-ing before umount
The system should perform all write operations when sync is called and
only return when the write queues are empty.
There is no additional benefit for calling sync again as the buffers
should be empty. If data is still being lost, then that is a bug in
either the storage device or driver.
As the (re-)boot process is already so slow, I would like to get rid of
any unnecessary delays.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 14 Aug 2023 23:15:00 +0000 (23:15 +0000)]
Tor: Update to 0.4.7.14
Full changelog:
Changes in version 0.4.7.14 - 2023-07-26
This version contains several minor fixes and one major bugfix affecting
vanguards (onion service). As usual, we recommend upgrading to this version
as soon as possible.
o Major bugfixes (vanguards):
- Rotate to a new L2 vanguard whenever an existing one loses the
Stable or Fast flag. Previously, we would leave these relays in
the L2 vanguard list but never use them, and if all of our
vanguards end up like this we wouldn't have any middle nodes left
to choose from so we would fail to make onion-related circuits.
Fixes bug 40805; bugfix on 0.4.7.1-alpha.
o Minor feature (CI):
- Update CI to use Debian Bullseye for runners.
o Minor feature (lzma):
- Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741.
o Minor features (directory authorities):
- Directory authorities now include their AuthDirMaxServersPerAddr
config option in the consensus parameter section of their vote.
Now external tools can better predict how they will behave.
Implements ticket 40753.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on July 26, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/07/26.
o Minor bugfix (relay, logging):
- The wrong max queue cell size was used in a protocol warning
logging statement. Fixes bug 40745; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (compilation):
- Fix all -Werror=enum-int-mismatch warnings. No behavior change.
Fixes bug 40824; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (metrics):
- Decrement hs_intro_established_count on introduction circuit
close. Fixes bug 40751; bugfix on 0.4.7.12.
o Minor bugfixes (sandbox):
- Allow membarrier for the sandbox. And allow rt_sigprocmask when
compiled with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 9 Aug 2023 21:16:40 +0000 (23:16 +0200)]
libloc: Update to version 0.9.17
- Update from version 0.9.16 to 0.9.17
- Update of rootfile
- Changelog
0.9.17
* The importer is now parsing Geofeeds where available. This helps us to create a
database with better accuracy for large ISPs or cloud providers.
* The database writer is trying to compress the database harder: It will now look
for any duplicate networks and merge neighbouring networks which will reduce the
size of the database by about half.
* The importer has been improved so that it runs more efficient SQL queries to
create the database faster.
* Temuri Doghonadze contributed a Georgian translation.
* Hans-Christoph Steiner contributed bash-completion for the location(8) command.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 20:51:07 +0000 (22:51 +0200)]
qpdf: Update to version 11.5.0
- Update from version 11.3.0 to 11.5.0
- Update of rootfile
- Changelog
11.5.0: release
* This release consists entirely of changes made by M. Holger.
Mostly this is changes to the private API, performance
enhancements, code cleanup, and reformatting to 100 columns
instead of 80. For qpdf development, we are starting to use
JetBrains CLion, so a lot of the changes are moving us toward a
cleaner development experience in that environment.
* Bug fix: when a the same page is copied multiple times, copy
the annotations rather than having multiple pages share an
annotation object. Thanks to M. Holger for the fix. Fixes #600.
* Add "FUTURE" build option for enabling experimental APIs. Do not
package qpdf built with the FUTURE option as there are no binary
compatibility or even source compatibility guarantees. The option
is intended for developers who want to ensure that future
potentially breaking changes are compatible with their code or
provide feedback on upcoming changes. At present, the only feature
enabled by FUTURE is a move constructor for QPDFObjectHandle.
While this shouldn't break any code, it would change details about
how many copies of a specific QPDFObjectHandle were in existence,
so it could potentially break code that was relying on internal
shared pointer reference counts. Thanks to M. Holger for the idea
and contribution.
* Add new method Buffer::copy and deprecate Buffer copy
constructor and assignment operator. Buffer copy operations are
expensive as they always involve copying the buffer content. Use
"buffer2 = buffer1.copy();" or "Buffer buffer2{buffer1.copy()};"
to make it explicit that copying is intended. This change was
contributed by M. Holger.
11.4.0: release
* From M. Holger: add QPDF::newReserved as a better alternative to
QPDFObjectHandle::newReserved. The operation of creating a new
reserved object fits better in the QPDF API. The old call just
delegates to the new one.
* When an annotation dictionary's appearance dictionary (`/AP`)
has a key that is a stream, disregard `/AS` (which is supposed to
point to a subkey). This enables qpdf to not ignore annotations
that have incorrect values for `/AS` when the appearance stream is
directly in the `/AP` dictionary instead of in a subkey.
Fixes #949.
* Allow QPDFJob's workflow to be split into a reading phase and a
writing phase to allow the caller to operate on the QPDF object
before it is written. This adds methods QPDFJob::createQPDF and
QPDFJob::writeQPDF and corresponding C API functions
qpdfjob_create_qpdf and qpdfjob_write_qpdf. Thanks to M. Holger
for the contribution.
* From M. Holger: throw a logic error if an uninitialized or
foreign QPDFObjectHandle is added to an array.
* Enhance --optimize-images to support images nested inside of
form XObjects. Thanks to Connor Osborne (github user cdosborn) for
the contribution. Fixes #923.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 20:51:06 +0000 (22:51 +0200)]
qemu: Update to version 8.0.3
- Update from version 7.1.0 to 8.0.3
- Update of rootfile
- Changelog is too large to include here. See the following links for more details
8.0
https://wiki.qemu.org/ChangeLog/8.0
7.2
https://wiki.qemu.org/ChangeLog/7.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 20:51:05 +0000 (22:51 +0200)]
popt: Update to version 1.19
- Update from version 1.18 to 1.19
- Update of rootfile
- Changelog
1.19
Clarify license: we are not the X Consortium, use straight MIT license text
Fix build without glob_pattern_p()
Fix missing libiconv dependency for static linkage in popt.pc
Fix segfault regression when NLS is enabled but libintl.h cannot be found (#32)
Fix the handling of superfluous args passed with =
Fix iconv resource leak on errors
Fix POPT_CONTEXT_KEEP_FIRST handling in poptResetContext()
Fix '=' getting shown for short options
Fix memory corruption issues with poptStuffArgs()
Fix handling of large files in poptReadFile() on 32bit systems
Fix build without wchar / mbstate_t
Fix potential memory leak in poptReadConfigFile()
Fix "Usage" string calculated length
Fix memory leak regressions in popt 1.18
Add --enable-werror configure option
Add CREDITS file
Improve random number handling
Various code cleanups, const and type hygiene improvements
Adjust test-suite expectations for libtool changes
Various translation updates
Various documentation improvements
Various test-suite improvements
Appease autoconf 2.70
Update gettext to 1.98.8
Run CI on fixed Fedora version (36 for now), use stricter compiler settings
Drop unmaintained CHANGES file from tarballs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 20:51:04 +0000 (22:51 +0200)]
poppler: Update to version 23.08.0
- Update from version 23.03.0 to 23.08.0
- Update rootfile
- Changelog
23.08.0:
core:
* Fix GWG 19.2 - DeviceN Overprint (White)
* Splash: avoid bogus memory allocation size in doTilingPatternFill
* Fix use-of-uninitialized-value in XRef
* Fix float-cast-overflow error in Catalog
* Cleanup gpgme backend code
* Version symbols in poppler core
glib:
* Improve poppler_get_available_signing_certificates
* Add new members to PopplerCertificateInfo
utils:
* pdftotext: small improvement to man page
23.07.0:
core:
* Fix reading of utf8-with-bom files
* Fix crash if CERT_ExtractPublicKey doesn't return a public key
* Fix rendering of some malformed documents. Issue #1395
* Allow for stream compression and compress font streams in forms
* Remove method Hints::getPageRanges
qt5:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not configured
qt6:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not configured
utils:
* pdfsig: Allow showung and selecting signature backend
* pdfsig: Describe signature dump format in manual page
glib:
* Add signing API
build system:
* zlib is now mandatory
23.06.0:
core:
* CairoOutputDev: Fix crash when doing type3 rendering
* Fix crash with unknown signature hashing algorithms
* Add gpgme backend for signature handling
* Windows: Fix crash when signing existing signature
* FontInfo: Make it return proper information about font substitution
* FontInfo: Try harder to get Type 3 font name
* Store embedded fonts widths table in a more effective manner
* Skip font lookup for nonprintable characters
* Windows: Look for fonts in both windows font dir and poppler fonts dir
* Windows: symbol.ttf is not a good Symbol font
* Windows: Fix memory leak when looking for fonts
* Fix crash on malformed files
qt5:
* Add API to allow selecting signature backend (nss or gpgme)
* Convert embedded files to bytearray a bit smarter
qt6:
* Add API to allow selecting signature backend (nss or gpgme)
* Convert embedded files to bytearray a bit smarter
23.05.0:
core:
* Fix crash when filling some forms
* Set SigFlags when signing unsigned signature
* Add some infrastructure code to support multiple signing backends
* Fix potential stack overflow in PostScriptFunction::parseCode
* Fix some minor uninitialised memory reads
23.04.0:
core:
* Fix memory issue when signing fails. Issue #1372
* Internal improvements of signature related code
* CairoOutputDev: improve type3 font rendering
* Fix memory leak in GlobalParams::findSystemFontFileForFamilyAndStyle
utils:
* pdftocairo: Fix crash in some special situations
* pdfsig: allow holes in -dump signature list
* pdfsig: Support --help
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:42 +0000 (18:45 +0200)]
xz: Update to version 5.4.4
- Update from version 5.4.1 to 5.4.4
- Update of rootfile
- Changelog
5.4.4 (2023-08-02)
* liblzma and xzdec can now build against WASI SDK when threading
support is disabled. xz and tests don't build yet.
* CMake:
- Fixed a bug preventing other projects from including liblzma
multiple times using find_package().
- Don't create broken symlinks in Cygwin and MSYS2 unless
supported by the environment. This prevented building for the
default MSYS2 environment. The problem was introduced in
xz 5.4.0.
* Documentation:
- Small improvements to man pages.
- Small improvements and typo fixes for liblzma API
documentation.
* Tests:
- Added a new section to INSTALL to describe basic test usage
and address recent questions about building the tests when
cross compiling.
- Small fixes and improvements to the tests.
* Translations:
- Fixed a mistake that caused one of the error messages to not
be translated. This only affected versions 5.4.2 and 5.4.3.
- Updated the Chinese (simplified), Croatian, Esperanto, German,
Korean, Polish, Romanian, Spanish, Swedish, Ukrainian, and
Vietnamese translations.
- Updated the German, Korean, Romanian, and Ukrainian man page
translations.
5.4.3 (2023-05-04)
* All fixes from 5.2.12
* Features in the CMake build can now be disabled as CMake cache
variables, similar to the Autotools build.
* Minor update to the Croatian translation.
5.4.2 (2023-03-18)
* All fixes from 5.2.11 that were not included in 5.4.1.
* If xz is built with support for the Capsicum sandbox but running
in an environment that doesn't support Capsicum, xz now runs
normally without sandboxing instead of exiting with an error.
* liblzma:
- Documentation was updated to improve the style, consistency,
and completeness of the liblzma API headers.
- The Doxygen-generated HTML documentation for the liblzma API
header files is now included in the source release and is
installed as part of "make install". All JavaScript is
removed to simplify license compliance and to reduce the
install size.
- Fixed a minor bug in lzma_str_from_filters() that produced
too many filters in the output string instead of reporting
an error if the input array had more than four filters. This
bug did not affect xz.
* Build systems:
- autogen.sh now invokes the doxygen tool via the new wrapper
script doxygen/update-doxygen, unless the command line option
--no-doxygen is used.
- Added microlzma_encoder.c and microlzma_decoder.c to the
VS project files for Windows and to the CMake build. These
should have been included in 5.3.2alpha.
* Tests:
- Added a test to the CMake build that was forgotten in the
previous release.
- Added and refactored a few tests.
* Translations:
- Updated the Brazilian Portuguese translation.
- Added Brazilian Portuguese man page translation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:41 +0000 (18:45 +0200)]
smartmontools: Update to version 7.4
- Update from version 7.3 to 7.4
- Update of rootfile not required
- Changelog
7.4
- The docker image used for CI and release builds is now based on
Debian 12 instead of Ubuntu 18.04.
- macOS: CI and release builds are now generated for the x86_64 and arm64
targets. 32 bit platforms will require to be compiled from the source.
- smartctl '-t short', '-t long' and '-X': NVMe support.
- smartctl '-l selftest': NVMe support.
- smartctl '-l farm': Prints Seagate's vendor-specific Field Access
Reliability Metrics (FARM) log for ATA and SCSI drives.
- smartctl '-l error': Now also prints an error message for each entry
of NVMe error information log.
- smartctl '-l genstats': Prints SCSI General statistics and performance
log page.
- smartctl '-i' and '--identify': ACS-4/5/6 enhancements.
- smartctl '-c': Added NVMe 2.0 capability flags.
- smartctl '-g security': Added 'ata_security.master_password_id'
to JSON output. Plaintext output shows Master Password ID if set
to a non-default value.
- smartctl '-q noserial': Now also suppresses the output of NVMe Namespace
IEEE EUI-64.
- smartctl '-j': '-l error -l selftest' JSON output for NVMe devices.
- smartctl '-j': Avoid invalid UTF-8 sequences in JSON/YAML strings.
- smartctl '-j': Fixed a bogus exception during SCSI JSON output.
- smartctl '-j': Renamed JSON element 'scsi_temperature' back to
'temperature' (regression).
- smartctl '-a': Now suggests '-x' for ATA devices because '-a' only
provides legacy SMART information.
- smartd: No longer issues LOG_CRIT warnings if new entries of NVMe error
information log do not indicate device problems.
- smartd: Now detects accidental use of smartd_warning script as
'-M exec' parameter.
- smartd: No longer writes the 'Copyright...' line to syslog.
- smartd.conf '-M always': Sends reminder emails without any delay.
- smartd.conf '-M diminishing': Limited email delay to 32 days.
- ATA: Fixed decoding of extended self-test log on big endian hosts.
- ATA: Enhanced LBA range for device types '-d jmb39x-q,...' and
'-d jms56x,...' from 33-62 to 1-255.
- ATA: Device type '-d intelliprop,N' now fails with a deprecation message.
Added '-d intelliprop,N,force' flag to use it anyway.
- ATA/USB: Device type '-d usbasm1352r,N' for ASMedia ASM1352R USB to SATA
RAID bridges
- SCSI: Fixed possible corruption issue with the Error Counter and
Non medium Error log pages.
- SCSI: Added more "Informational Exceptions" strings.
- SCSI: Added initial support for REPORT SUPPORTED OPERATION command.
- SCSI: Initial rework of SCSI debug output.
- NVMe: Added error messages for NVMe status values.
- NVMe: Fixed crash after read of error information log on big endian hosts.
- HDD, SSD and USB additions to drive database.
- update-smart-drivedb: Fixed syntax for 'sed' versions which require
';' before '}' or do not support ';' at all.
- update-smart-drivedb: Replaced a usually not executed bashism.
- configure: Default for '--with-nvme-devicescan' is now 'yes' also on
Darwin and FreeBSD. It is still 'no' on NetBSD only.
- configure: Defines '_FORTIFY_SOURCE=3' if supported and not predefined.
- configure: No longer fails if libsystemd-dev is installed and
'LDFLAGS=-static' is used.
- Compile fix for systems without legacy 'getdtablesize()'.
- Pre-releases from SVN snapshots now show "pre-VERSION" in version
information and 'smartctl.pre_release=true' in JSON output.
- Linux: Device type '-d sssraid' for 3SNIC RAID controllers.
- Linux: Device type '-d marvell' now fails with a deprecation message.
Added '-d marvell,force' flag to use it anyway.
- Linux: The generic SCSI code now defaults to SG_IO_V3 and does no
longer fall back to the deprecated SCSI_IOCTL_SEND_COMMAND
(but this ioctl is still used for '-d 3ware' and '-d marvell,force').
- Linux smartd: Now prevents systemd unit startup timeout when many
devices are registered and then initially checked.
- Linux smartd: Systemd no longer reports a service failure if no device
is present and a '-q *nodev0*' option is used.
- Solaris SPARC: Dropped legacy ATA support. Dropped configure option
'--with-solaris-sparc-ata'.
- Windows: IOCTL_STORAGE_PROTOCOL_COMMAND variant for NVMe self-tests.
- Windows: Installer now defaults to 64-bit executables.
- Windows: No longer prints bogus 'Local Time' if enhanced TZ syntax is used.
- Windows: Workaround to keep backward compatibility with old versions
of Windows if some versions of MinGW-w64 are used.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:40 +0000 (18:45 +0200)]
lvm2: Update to version 2.03.22
- Update from version 2.03.21 to 2.03.22
- Update of rootfile not required
- Changelog
2.03.22 - 02nd August 2023
Fix pv_major/pv_minor report field types so they are integers, not strings.
Add lvmdevices --delnotfound to delete entries for missing devices.
Always use cachepool name for metadata backup LV for lvconvert --repair.
Make metadata backup LVs read-only after pool's lvconvert --repair.
Improve VDO and Thin support with lvmlockd.
Handle 'lvextend --usepolicies' for pools for all activation variants.
Fix memleak in vgchange autoactivation setup.
Update py-compile building script.
Support conversion from thick to fully provisioned thin LV.
Cache/Thin-pool can use error and zero volumes for testing.
Individual thin volume can be cached, but cannot take snapshot.
Better internal support for handling error and zero target (for testing).
Resize COW above trimmed maximal size is does not return error.
Support parsing of vdo geometry format version 4.
Add lvm.conf thin_restore and cache_restore settings.
Handle multiple mounts while resizing volume with a FS.
Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id.
Enhance lvm_import_vdo and use snapshot when converting VDO volume.
Fix parsing of VDO metadata.
Fix failing -S|--select for non-reporting cmds if using LV info/status fields.
Allow snapshots of raid+integrity LV.
Fix multisegment RAID1 allocator to prevent using single disk for more legs.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:39 +0000 (18:45 +0200)]
harfbuzz: Update to version 8.1.1
- Update from version 8.0.1 to 8.1.1
- Update of rootfile
- Changelog
8.1.1
- Fix shaping of contextual rules at the end of string, introduced in 8.1.0
- Fix stack-overflow in repacker with malicious fonts.
- 30% speed up loading Noto Duployan font.
8.1.0
- Fix long-standing build issue with the AIX compiler and older Apple clang.
- Revert optimization that could cause timeout during subsetting with malicious fonts.
- More optimization work:
- 45% speed up in shaping Noto Duployan font.
- 10% speed up in subsetting Noto Duployan font.
- Another 8% speed up in shaping Gulzar.
- 5% speed up in loading Roboto.
- New API:
+hb_ot_layout_collect_features_map()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:38 +0000 (18:45 +0200)]
gmp: Update to version 6.3.0
- Update fromn version 6.2.1 to 6.3.0
- Update of rootfile
- Changelog
Changes between GMP version 6.2.* and 6.3.*.
BUGS FIXED
* A possible overflow of type int is avoided for mpz_cmp on huge operands.
* A possible error condition when a malformed file is read with
mpz_inp_raw is now correctly handled.
FEATURES
* New public function mpz_prevprime, companion of the existing
mpz_nextprime.
* New documented pointer types mpz_ptr, mpz_srcptr, and similar for
other GMP types. Refer to the manual for full list and suggested
usage. These types have been present in gmp.h at least since
GMP-4.0, but previously not advertised to users.
* Support for 64-bit Arm under Macos.
* Support for the loongarch64 CPU family.
* Support for building with LTO, link-time optimisations.
SPEEDUPS
* New special code for base = 2 in mpz_powm reduces the average time
for the functions that test primality.
* Speedup for the function mpz_nextprime on large operands.
* Speedup for multiplications (some sizes only) thanks to new
internal functions to compute small negacyclic products.
* Special assembly code for IBM z13 and later "mainframe" CPUs, resulting in
a huge speedup.
* Improved assembly for several 64-bit x86 CPUs, Risc-V, 64-bit Arm.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 4 Jul 2023 09:04:46 +0000 (11:04 +0200)]
red: Fixes bug#13164 adjust pppoe plugin name in red initscript
- This patch goes together with the patch for the ppp update to 2.5.0
- The rp-pppoe.so option is no longer available. There is only the pppoe.so available now
Fixes: Bug#13164 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 2 Jul 2023 09:54:32 +0000 (11:54 +0200)]
ppp: Fixes bug#13164 - Update to version 2.5.0
- Update from version 2.4.9 to 2.5.0
This includes breaking changes for third-party plugins but as far as I can see IPFire
is not using any third party plugins
- Update of rootfile
- Update of patches and sed commands
- pcap-int.h and if_pppol2tp.h files have not been in source file since at least 2014
- Some of the patches required updates as additional lines needing to be patched are
now present. nThis was related to the O_CLOEXEC & SOCK_CLOEXEC related patches
- connect-errors file location is now defined by a configure command --with-logfile-dir
- install-etcppp is no longer provided. However the install command in this version still
has the same files available in /etc/ppp as previously. There is a new file,
openssl.cnf, which I have commented out. If it is required in future it can always be
uncommented in future releases.
- Build went without any problems with the updated patches.
- I cannot test this as I don't use ppp, however the original bug reporter has agreed to
test this out when it is released into Testing unless anyone else is capable of testing
it.
- Changelog
What's new in ppp-2.5.0.
The 2.5.0 release is a major release of pppd which contains breaking
changes for third-party plugins, a complete revamp of the build-system
and that allows for flexibility of configuring features as needed.
In Summary:
* Support for PEAP authentication by Eivind Næss and Rustam Kovhaev
* Support for loading PKCS12 certificate envelopes
* Adoption of GNU Autoconf / Automake build environment, by Eivind Næss
and others.
* Support for pkgconfig tool has been added by Eivind Næss.
* Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár.
* Major revision to PPPD's Plugin API by Eivind Næss.
- Defines in which describes what features was included in pppd
- Functions now prefixed with explicit ppp_* to indicate that
pppd functions being called.
- Header files were renamed to better align with their features,
and now use proper include guards
- A pppdconf.h file is supplied to allow third-party modules to use
the same feature defines pppd was compiled with.
- No extern declarations of internal variable names of pppd,
continued use of these extern variables are considered
unstable.
* Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon
* Dropped IPX support, as Linux has dropped support in version 5.15
for this protocol.
* Many more fixes and cleanups.
* Pppd is no longer installed setuid-root.
* New pppd options:
- ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
ipv6-up-script, ipv6-down-script
- -v, show-options
- usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
* On Linux, any baud rate can be set on a serial port provided the
kernel serial driver supports that.
Note that if you have built and installed previous versions of this
package and you want to continue having configuration and TDB files in
/etc/ppp, you will need to use the --sysconfdir option to ./configure.
For a list of the changes made during the 2.4 series releases of this
package, see the Changes-2.4 file.
Compression methods.
This package supports two packet compression methods: Deflate and
BSD-Compress. Other compression methods which are in common use
include Predictor, LZS, and MPPC. These methods are not supported for
two reasons - they are patent-encumbered, and they cause some packets
to expand slightly, which pppd doesn't currently allow for.
BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
ever expand packets.
Fixes: bug#13164 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 2 Aug 2023 20:09:55 +0000 (22:09 +0200)]
fwhosts.cgi: Fixes bug#13206 - no validation of location group name
- Added validation code for the location group name. This is only validated when edited
and not when created.
- The code was copied from the section for creating the Services Group Name or the
Network/Host Group Name.
Fixes: Bug#13206 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Jul 2023 21:03:59 +0000 (23:03 +0200)]
samba.cgi: Fixes bug#13193 - disables smb1 unix extensions in smb.conf
- Around three years ago the samba wui page was simplified and several parts were removed
including the ability to set either wide links or unix extensions to be enabled
- When the above was done wide links = yes was defined in the samba.cgi code
- unix extenstions was not defined and therefore took the default value which was/is yes
- unix extensions is now called smb1 unix extensions and has the same default value of yes
- With both wide links = yes and smb1 unix extensions = yes means that when there is a
wide symlink (one that goes outside the share directory tree) then wide links is disabled
because smb1 unix extensions is enabled. This is even though the smb1 protocol is disabled
by default.
- This patch sets smb1 unix extensions = no in the configuration.
- This has been tested in my vm testbed and confirmed that the error message is no longer
shown and that any wide links are able to be accessed from the share mounted on a client
Fixes: Bug#13193 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / mfischer / ipfire-2.x.git / log
