Peter Müller [Mon, 14 Aug 2023 23:15:00 +0000 (23:15 +0000)]
Tor: Update to 0.4.7.14
Full changelog:
Changes in version 0.4.7.14 - 2023-07-26
This version contains several minor fixes and one major bugfix affecting
vanguards (onion service). As usual, we recommend upgrading to this version
as soon as possible.
o Major bugfixes (vanguards):
- Rotate to a new L2 vanguard whenever an existing one loses the
Stable or Fast flag. Previously, we would leave these relays in
the L2 vanguard list but never use them, and if all of our
vanguards end up like this we wouldn't have any middle nodes left
to choose from so we would fail to make onion-related circuits.
Fixes bug 40805; bugfix on 0.4.7.1-alpha.
o Minor feature (CI):
- Update CI to use Debian Bullseye for runners.
o Minor feature (lzma):
- Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741.
o Minor features (directory authorities):
- Directory authorities now include their AuthDirMaxServersPerAddr
config option in the consensus parameter section of their vote.
Now external tools can better predict how they will behave.
Implements ticket 40753.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on July 26, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/07/26.
o Minor bugfix (relay, logging):
- The wrong max queue cell size was used in a protocol warning
logging statement. Fixes bug 40745; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (compilation):
- Fix all -Werror=enum-int-mismatch warnings. No behavior change.
Fixes bug 40824; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (metrics):
- Decrement hs_intro_established_count on introduction circuit
close. Fixes bug 40751; bugfix on 0.4.7.12.
o Minor bugfixes (sandbox):
- Allow membarrier for the sandbox. And allow rt_sigprocmask when
compiled with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 9 Aug 2023 21:16:40 +0000 (23:16 +0200)]
libloc: Update to version 0.9.17
- Update from version 0.9.16 to 0.9.17
- Update of rootfile
- Changelog
0.9.17
* The importer is now parsing Geofeeds where available. This helps us to create a
database with better accuracy for large ISPs or cloud providers.
* The database writer is trying to compress the database harder: It will now look
for any duplicate networks and merge neighbouring networks which will reduce the
size of the database by about half.
* The importer has been improved so that it runs more efficient SQL queries to
create the database faster.
* Temuri Doghonadze contributed a Georgian translation.
* Hans-Christoph Steiner contributed bash-completion for the location(8) command.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 20:51:07 +0000 (22:51 +0200)]
qpdf: Update to version 11.5.0
- Update from version 11.3.0 to 11.5.0
- Update of rootfile
- Changelog
11.5.0: release
* This release consists entirely of changes made by M. Holger.
Mostly this is changes to the private API, performance
enhancements, code cleanup, and reformatting to 100 columns
instead of 80. For qpdf development, we are starting to use
JetBrains CLion, so a lot of the changes are moving us toward a
cleaner development experience in that environment.
* Bug fix: when a the same page is copied multiple times, copy
the annotations rather than having multiple pages share an
annotation object. Thanks to M. Holger for the fix. Fixes #600.
* Add "FUTURE" build option for enabling experimental APIs. Do not
package qpdf built with the FUTURE option as there are no binary
compatibility or even source compatibility guarantees. The option
is intended for developers who want to ensure that future
potentially breaking changes are compatible with their code or
provide feedback on upcoming changes. At present, the only feature
enabled by FUTURE is a move constructor for QPDFObjectHandle.
While this shouldn't break any code, it would change details about
how many copies of a specific QPDFObjectHandle were in existence,
so it could potentially break code that was relying on internal
shared pointer reference counts. Thanks to M. Holger for the idea
and contribution.
* Add new method Buffer::copy and deprecate Buffer copy
constructor and assignment operator. Buffer copy operations are
expensive as they always involve copying the buffer content. Use
"buffer2 = buffer1.copy();" or "Buffer buffer2{buffer1.copy()};"
to make it explicit that copying is intended. This change was
contributed by M. Holger.
11.4.0: release
* From M. Holger: add QPDF::newReserved as a better alternative to
QPDFObjectHandle::newReserved. The operation of creating a new
reserved object fits better in the QPDF API. The old call just
delegates to the new one.
* When an annotation dictionary's appearance dictionary (`/AP`)
has a key that is a stream, disregard `/AS` (which is supposed to
point to a subkey). This enables qpdf to not ignore annotations
that have incorrect values for `/AS` when the appearance stream is
directly in the `/AP` dictionary instead of in a subkey.
Fixes #949.
* Allow QPDFJob's workflow to be split into a reading phase and a
writing phase to allow the caller to operate on the QPDF object
before it is written. This adds methods QPDFJob::createQPDF and
QPDFJob::writeQPDF and corresponding C API functions
qpdfjob_create_qpdf and qpdfjob_write_qpdf. Thanks to M. Holger
for the contribution.
* From M. Holger: throw a logic error if an uninitialized or
foreign QPDFObjectHandle is added to an array.
* Enhance --optimize-images to support images nested inside of
form XObjects. Thanks to Connor Osborne (github user cdosborn) for
the contribution. Fixes #923.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 20:51:06 +0000 (22:51 +0200)]
qemu: Update to version 8.0.3
- Update from version 7.1.0 to 8.0.3
- Update of rootfile
- Changelog is too large to include here. See the following links for more details
8.0
https://wiki.qemu.org/ChangeLog/8.0
7.2
https://wiki.qemu.org/ChangeLog/7.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 20:51:05 +0000 (22:51 +0200)]
popt: Update to version 1.19
- Update from version 1.18 to 1.19
- Update of rootfile
- Changelog
1.19
Clarify license: we are not the X Consortium, use straight MIT license text
Fix build without glob_pattern_p()
Fix missing libiconv dependency for static linkage in popt.pc
Fix segfault regression when NLS is enabled but libintl.h cannot be found (#32)
Fix the handling of superfluous args passed with =
Fix iconv resource leak on errors
Fix POPT_CONTEXT_KEEP_FIRST handling in poptResetContext()
Fix '=' getting shown for short options
Fix memory corruption issues with poptStuffArgs()
Fix handling of large files in poptReadFile() on 32bit systems
Fix build without wchar / mbstate_t
Fix potential memory leak in poptReadConfigFile()
Fix "Usage" string calculated length
Fix memory leak regressions in popt 1.18
Add --enable-werror configure option
Add CREDITS file
Improve random number handling
Various code cleanups, const and type hygiene improvements
Adjust test-suite expectations for libtool changes
Various translation updates
Various documentation improvements
Various test-suite improvements
Appease autoconf 2.70
Update gettext to 1.98.8
Run CI on fixed Fedora version (36 for now), use stricter compiler settings
Drop unmaintained CHANGES file from tarballs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 20:51:04 +0000 (22:51 +0200)]
poppler: Update to version 23.08.0
- Update from version 23.03.0 to 23.08.0
- Update rootfile
- Changelog
23.08.0:
core:
* Fix GWG 19.2 - DeviceN Overprint (White)
* Splash: avoid bogus memory allocation size in doTilingPatternFill
* Fix use-of-uninitialized-value in XRef
* Fix float-cast-overflow error in Catalog
* Cleanup gpgme backend code
* Version symbols in poppler core
glib:
* Improve poppler_get_available_signing_certificates
* Add new members to PopplerCertificateInfo
utils:
* pdftotext: small improvement to man page
23.07.0:
core:
* Fix reading of utf8-with-bom files
* Fix crash if CERT_ExtractPublicKey doesn't return a public key
* Fix rendering of some malformed documents. Issue #1395
* Allow for stream compression and compress font streams in forms
* Remove method Hints::getPageRanges
qt5:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not configured
qt6:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not configured
utils:
* pdfsig: Allow showung and selecting signature backend
* pdfsig: Describe signature dump format in manual page
glib:
* Add signing API
build system:
* zlib is now mandatory
23.06.0:
core:
* CairoOutputDev: Fix crash when doing type3 rendering
* Fix crash with unknown signature hashing algorithms
* Add gpgme backend for signature handling
* Windows: Fix crash when signing existing signature
* FontInfo: Make it return proper information about font substitution
* FontInfo: Try harder to get Type 3 font name
* Store embedded fonts widths table in a more effective manner
* Skip font lookup for nonprintable characters
* Windows: Look for fonts in both windows font dir and poppler fonts dir
* Windows: symbol.ttf is not a good Symbol font
* Windows: Fix memory leak when looking for fonts
* Fix crash on malformed files
qt5:
* Add API to allow selecting signature backend (nss or gpgme)
* Convert embedded files to bytearray a bit smarter
qt6:
* Add API to allow selecting signature backend (nss or gpgme)
* Convert embedded files to bytearray a bit smarter
23.05.0:
core:
* Fix crash when filling some forms
* Set SigFlags when signing unsigned signature
* Add some infrastructure code to support multiple signing backends
* Fix potential stack overflow in PostScriptFunction::parseCode
* Fix some minor uninitialised memory reads
23.04.0:
core:
* Fix memory issue when signing fails. Issue #1372
* Internal improvements of signature related code
* CairoOutputDev: improve type3 font rendering
* Fix memory leak in GlobalParams::findSystemFontFileForFamilyAndStyle
utils:
* pdftocairo: Fix crash in some special situations
* pdfsig: allow holes in -dump signature list
* pdfsig: Support --help
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:42 +0000 (18:45 +0200)]
xz: Update to version 5.4.4
- Update from version 5.4.1 to 5.4.4
- Update of rootfile
- Changelog
5.4.4 (2023-08-02)
* liblzma and xzdec can now build against WASI SDK when threading
support is disabled. xz and tests don't build yet.
* CMake:
- Fixed a bug preventing other projects from including liblzma
multiple times using find_package().
- Don't create broken symlinks in Cygwin and MSYS2 unless
supported by the environment. This prevented building for the
default MSYS2 environment. The problem was introduced in
xz 5.4.0.
* Documentation:
- Small improvements to man pages.
- Small improvements and typo fixes for liblzma API
documentation.
* Tests:
- Added a new section to INSTALL to describe basic test usage
and address recent questions about building the tests when
cross compiling.
- Small fixes and improvements to the tests.
* Translations:
- Fixed a mistake that caused one of the error messages to not
be translated. This only affected versions 5.4.2 and 5.4.3.
- Updated the Chinese (simplified), Croatian, Esperanto, German,
Korean, Polish, Romanian, Spanish, Swedish, Ukrainian, and
Vietnamese translations.
- Updated the German, Korean, Romanian, and Ukrainian man page
translations.
5.4.3 (2023-05-04)
* All fixes from 5.2.12
* Features in the CMake build can now be disabled as CMake cache
variables, similar to the Autotools build.
* Minor update to the Croatian translation.
5.4.2 (2023-03-18)
* All fixes from 5.2.11 that were not included in 5.4.1.
* If xz is built with support for the Capsicum sandbox but running
in an environment that doesn't support Capsicum, xz now runs
normally without sandboxing instead of exiting with an error.
* liblzma:
- Documentation was updated to improve the style, consistency,
and completeness of the liblzma API headers.
- The Doxygen-generated HTML documentation for the liblzma API
header files is now included in the source release and is
installed as part of "make install". All JavaScript is
removed to simplify license compliance and to reduce the
install size.
- Fixed a minor bug in lzma_str_from_filters() that produced
too many filters in the output string instead of reporting
an error if the input array had more than four filters. This
bug did not affect xz.
* Build systems:
- autogen.sh now invokes the doxygen tool via the new wrapper
script doxygen/update-doxygen, unless the command line option
--no-doxygen is used.
- Added microlzma_encoder.c and microlzma_decoder.c to the
VS project files for Windows and to the CMake build. These
should have been included in 5.3.2alpha.
* Tests:
- Added a test to the CMake build that was forgotten in the
previous release.
- Added and refactored a few tests.
* Translations:
- Updated the Brazilian Portuguese translation.
- Added Brazilian Portuguese man page translation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:41 +0000 (18:45 +0200)]
smartmontools: Update to version 7.4
- Update from version 7.3 to 7.4
- Update of rootfile not required
- Changelog
7.4
- The docker image used for CI and release builds is now based on
Debian 12 instead of Ubuntu 18.04.
- macOS: CI and release builds are now generated for the x86_64 and arm64
targets. 32 bit platforms will require to be compiled from the source.
- smartctl '-t short', '-t long' and '-X': NVMe support.
- smartctl '-l selftest': NVMe support.
- smartctl '-l farm': Prints Seagate's vendor-specific Field Access
Reliability Metrics (FARM) log for ATA and SCSI drives.
- smartctl '-l error': Now also prints an error message for each entry
of NVMe error information log.
- smartctl '-l genstats': Prints SCSI General statistics and performance
log page.
- smartctl '-i' and '--identify': ACS-4/5/6 enhancements.
- smartctl '-c': Added NVMe 2.0 capability flags.
- smartctl '-g security': Added 'ata_security.master_password_id'
to JSON output. Plaintext output shows Master Password ID if set
to a non-default value.
- smartctl '-q noserial': Now also suppresses the output of NVMe Namespace
IEEE EUI-64.
- smartctl '-j': '-l error -l selftest' JSON output for NVMe devices.
- smartctl '-j': Avoid invalid UTF-8 sequences in JSON/YAML strings.
- smartctl '-j': Fixed a bogus exception during SCSI JSON output.
- smartctl '-j': Renamed JSON element 'scsi_temperature' back to
'temperature' (regression).
- smartctl '-a': Now suggests '-x' for ATA devices because '-a' only
provides legacy SMART information.
- smartd: No longer issues LOG_CRIT warnings if new entries of NVMe error
information log do not indicate device problems.
- smartd: Now detects accidental use of smartd_warning script as
'-M exec' parameter.
- smartd: No longer writes the 'Copyright...' line to syslog.
- smartd.conf '-M always': Sends reminder emails without any delay.
- smartd.conf '-M diminishing': Limited email delay to 32 days.
- ATA: Fixed decoding of extended self-test log on big endian hosts.
- ATA: Enhanced LBA range for device types '-d jmb39x-q,...' and
'-d jms56x,...' from 33-62 to 1-255.
- ATA: Device type '-d intelliprop,N' now fails with a deprecation message.
Added '-d intelliprop,N,force' flag to use it anyway.
- ATA/USB: Device type '-d usbasm1352r,N' for ASMedia ASM1352R USB to SATA
RAID bridges
- SCSI: Fixed possible corruption issue with the Error Counter and
Non medium Error log pages.
- SCSI: Added more "Informational Exceptions" strings.
- SCSI: Added initial support for REPORT SUPPORTED OPERATION command.
- SCSI: Initial rework of SCSI debug output.
- NVMe: Added error messages for NVMe status values.
- NVMe: Fixed crash after read of error information log on big endian hosts.
- HDD, SSD and USB additions to drive database.
- update-smart-drivedb: Fixed syntax for 'sed' versions which require
';' before '}' or do not support ';' at all.
- update-smart-drivedb: Replaced a usually not executed bashism.
- configure: Default for '--with-nvme-devicescan' is now 'yes' also on
Darwin and FreeBSD. It is still 'no' on NetBSD only.
- configure: Defines '_FORTIFY_SOURCE=3' if supported and not predefined.
- configure: No longer fails if libsystemd-dev is installed and
'LDFLAGS=-static' is used.
- Compile fix for systems without legacy 'getdtablesize()'.
- Pre-releases from SVN snapshots now show "pre-VERSION" in version
information and 'smartctl.pre_release=true' in JSON output.
- Linux: Device type '-d sssraid' for 3SNIC RAID controllers.
- Linux: Device type '-d marvell' now fails with a deprecation message.
Added '-d marvell,force' flag to use it anyway.
- Linux: The generic SCSI code now defaults to SG_IO_V3 and does no
longer fall back to the deprecated SCSI_IOCTL_SEND_COMMAND
(but this ioctl is still used for '-d 3ware' and '-d marvell,force').
- Linux smartd: Now prevents systemd unit startup timeout when many
devices are registered and then initially checked.
- Linux smartd: Systemd no longer reports a service failure if no device
is present and a '-q *nodev0*' option is used.
- Solaris SPARC: Dropped legacy ATA support. Dropped configure option
'--with-solaris-sparc-ata'.
- Windows: IOCTL_STORAGE_PROTOCOL_COMMAND variant for NVMe self-tests.
- Windows: Installer now defaults to 64-bit executables.
- Windows: No longer prints bogus 'Local Time' if enhanced TZ syntax is used.
- Windows: Workaround to keep backward compatibility with old versions
of Windows if some versions of MinGW-w64 are used.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:40 +0000 (18:45 +0200)]
lvm2: Update to version 2.03.22
- Update from version 2.03.21 to 2.03.22
- Update of rootfile not required
- Changelog
2.03.22 - 02nd August 2023
Fix pv_major/pv_minor report field types so they are integers, not strings.
Add lvmdevices --delnotfound to delete entries for missing devices.
Always use cachepool name for metadata backup LV for lvconvert --repair.
Make metadata backup LVs read-only after pool's lvconvert --repair.
Improve VDO and Thin support with lvmlockd.
Handle 'lvextend --usepolicies' for pools for all activation variants.
Fix memleak in vgchange autoactivation setup.
Update py-compile building script.
Support conversion from thick to fully provisioned thin LV.
Cache/Thin-pool can use error and zero volumes for testing.
Individual thin volume can be cached, but cannot take snapshot.
Better internal support for handling error and zero target (for testing).
Resize COW above trimmed maximal size is does not return error.
Support parsing of vdo geometry format version 4.
Add lvm.conf thin_restore and cache_restore settings.
Handle multiple mounts while resizing volume with a FS.
Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id.
Enhance lvm_import_vdo and use snapshot when converting VDO volume.
Fix parsing of VDO metadata.
Fix failing -S|--select for non-reporting cmds if using LV info/status fields.
Allow snapshots of raid+integrity LV.
Fix multisegment RAID1 allocator to prevent using single disk for more legs.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:39 +0000 (18:45 +0200)]
harfbuzz: Update to version 8.1.1
- Update from version 8.0.1 to 8.1.1
- Update of rootfile
- Changelog
8.1.1
- Fix shaping of contextual rules at the end of string, introduced in 8.1.0
- Fix stack-overflow in repacker with malicious fonts.
- 30% speed up loading Noto Duployan font.
8.1.0
- Fix long-standing build issue with the AIX compiler and older Apple clang.
- Revert optimization that could cause timeout during subsetting with malicious fonts.
- More optimization work:
- 45% speed up in shaping Noto Duployan font.
- 10% speed up in subsetting Noto Duployan font.
- Another 8% speed up in shaping Gulzar.
- 5% speed up in loading Roboto.
- New API:
+hb_ot_layout_collect_features_map()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 7 Aug 2023 16:45:38 +0000 (18:45 +0200)]
gmp: Update to version 6.3.0
- Update fromn version 6.2.1 to 6.3.0
- Update of rootfile
- Changelog
Changes between GMP version 6.2.* and 6.3.*.
BUGS FIXED
* A possible overflow of type int is avoided for mpz_cmp on huge operands.
* A possible error condition when a malformed file is read with
mpz_inp_raw is now correctly handled.
FEATURES
* New public function mpz_prevprime, companion of the existing
mpz_nextprime.
* New documented pointer types mpz_ptr, mpz_srcptr, and similar for
other GMP types. Refer to the manual for full list and suggested
usage. These types have been present in gmp.h at least since
GMP-4.0, but previously not advertised to users.
* Support for 64-bit Arm under Macos.
* Support for the loongarch64 CPU family.
* Support for building with LTO, link-time optimisations.
SPEEDUPS
* New special code for base = 2 in mpz_powm reduces the average time
for the functions that test primality.
* Speedup for the function mpz_nextprime on large operands.
* Speedup for multiplications (some sizes only) thanks to new
internal functions to compute small negacyclic products.
* Special assembly code for IBM z13 and later "mainframe" CPUs, resulting in
a huge speedup.
* Improved assembly for several 64-bit x86 CPUs, Risc-V, 64-bit Arm.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 4 Jul 2023 09:04:46 +0000 (11:04 +0200)]
red: Fixes bug#13164 adjust pppoe plugin name in red initscript
- This patch goes together with the patch for the ppp update to 2.5.0
- The rp-pppoe.so option is no longer available. There is only the pppoe.so available now
Fixes: Bug#13164 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 2 Jul 2023 09:54:32 +0000 (11:54 +0200)]
ppp: Fixes bug#13164 - Update to version 2.5.0
- Update from version 2.4.9 to 2.5.0
This includes breaking changes for third-party plugins but as far as I can see IPFire
is not using any third party plugins
- Update of rootfile
- Update of patches and sed commands
- pcap-int.h and if_pppol2tp.h files have not been in source file since at least 2014
- Some of the patches required updates as additional lines needing to be patched are
now present. nThis was related to the O_CLOEXEC & SOCK_CLOEXEC related patches
- connect-errors file location is now defined by a configure command --with-logfile-dir
- install-etcppp is no longer provided. However the install command in this version still
has the same files available in /etc/ppp as previously. There is a new file,
openssl.cnf, which I have commented out. If it is required in future it can always be
uncommented in future releases.
- Build went without any problems with the updated patches.
- I cannot test this as I don't use ppp, however the original bug reporter has agreed to
test this out when it is released into Testing unless anyone else is capable of testing
it.
- Changelog
What's new in ppp-2.5.0.
The 2.5.0 release is a major release of pppd which contains breaking
changes for third-party plugins, a complete revamp of the build-system
and that allows for flexibility of configuring features as needed.
In Summary:
* Support for PEAP authentication by Eivind Næss and Rustam Kovhaev
* Support for loading PKCS12 certificate envelopes
* Adoption of GNU Autoconf / Automake build environment, by Eivind Næss
and others.
* Support for pkgconfig tool has been added by Eivind Næss.
* Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár.
* Major revision to PPPD's Plugin API by Eivind Næss.
- Defines in which describes what features was included in pppd
- Functions now prefixed with explicit ppp_* to indicate that
pppd functions being called.
- Header files were renamed to better align with their features,
and now use proper include guards
- A pppdconf.h file is supplied to allow third-party modules to use
the same feature defines pppd was compiled with.
- No extern declarations of internal variable names of pppd,
continued use of these extern variables are considered
unstable.
* Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon
* Dropped IPX support, as Linux has dropped support in version 5.15
for this protocol.
* Many more fixes and cleanups.
* Pppd is no longer installed setuid-root.
* New pppd options:
- ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
ipv6-up-script, ipv6-down-script
- -v, show-options
- usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
* On Linux, any baud rate can be set on a serial port provided the
kernel serial driver supports that.
Note that if you have built and installed previous versions of this
package and you want to continue having configuration and TDB files in
/etc/ppp, you will need to use the --sysconfdir option to ./configure.
For a list of the changes made during the 2.4 series releases of this
package, see the Changes-2.4 file.
Compression methods.
This package supports two packet compression methods: Deflate and
BSD-Compress. Other compression methods which are in common use
include Predictor, LZS, and MPPC. These methods are not supported for
two reasons - they are patent-encumbered, and they cause some packets
to expand slightly, which pppd doesn't currently allow for.
BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
ever expand packets.
Fixes: bug#13164 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 2 Aug 2023 20:09:55 +0000 (22:09 +0200)]
fwhosts.cgi: Fixes bug#13206 - no validation of location group name
- Added validation code for the location group name. This is only validated when edited
and not when created.
- The code was copied from the section for creating the Services Group Name or the
Network/Host Group Name.
Fixes: Bug#13206 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Jul 2023 21:03:59 +0000 (23:03 +0200)]
samba.cgi: Fixes bug#13193 - disables smb1 unix extensions in smb.conf
- Around three years ago the samba wui page was simplified and several parts were removed
including the ability to set either wide links or unix extensions to be enabled
- When the above was done wide links = yes was defined in the samba.cgi code
- unix extenstions was not defined and therefore took the default value which was/is yes
- unix extensions is now called smb1 unix extensions and has the same default value of yes
- With both wide links = yes and smb1 unix extensions = yes means that when there is a
wide symlink (one that goes outside the share directory tree) then wide links is disabled
because smb1 unix extensions is enabled. This is even though the smb1 protocol is disabled
by default.
- This patch sets smb1 unix extensions = no in the configuration.
- This has been tested in my vm testbed and confirmed that the error message is no longer
shown and that any wide links are able to be accessed from the share mounted on a client
Fixes: Bug#13193 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:18 +0000 (18:16 +0200)]
tar: Update to version 1.35
- Update from version 1.34 to 1.35
- Update of rootfile not required
- Changelog
1.35 - Sergey Poznyakoff, 2023-07-18
* Fail when building GNU tar, if the platform supports 64-bit time_t
but the build uses only 32-bit time_t.
* Leave the devmajor and devminor fields empty (rather than zero) for
non-special files, as this is more compatible with traditional tar.
* Bug fixes
** Fix interaction of --update with --wildcards.
** When extracting archives into an empty directory, do not create
hard links to files outside that directory.
** Handle partial reads from regular files.
** Warn "file changed as we read it" less often.
Formerly, tar warned if the file's size or ctime changed.
However, this generated a false positive if tar read a file
while another process hard-linked to it, changing its ctime.
Now, tar warns if the file's size, mtime, user ID, group ID,
or mode changes. Although neither heuristic is perfect,
the new one should work better in practice.
** Fix --ignore-failed-read to ignore file-changed read errors
as far as exit status is concerned. You can now suppress file-changed
issues entirely with --ignore-failed-read --warning=no-file-changed.
** Fix --remove-files to not remove a file that changed while we read it.
** Fix --atime-preserve=replace to not fail if there was no need to replace,
either because we did not read the file, or the atime did not change.
** Fix race when creating a parent directory while another process is
also doing so.
** Fix handling of prefix keywords not followed by "." in pax headers.
** Fix handling of out-of-range sparse entries in pax headers.
** Fix handling of --transform='s/s/@/2'.
** Fix treatment of options ending in / in files-from list.
** Fix crash on 'tar --checkpoint-action exec=\"'.
** Fix low-memory crash when reading incremental dumps.
** Fix --exclude-vcs-ignores memory allocation misuse.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 2 Aug 2023 09:52:02 +0000 (09:52 +0000)]
openssl: Update to 3.1.2
* Fix excessive time spent checking DH q parameter value.
The function DH_check() performs various checks on DH parameters. After
fixing CVE-2023-3446 it was discovered that a large q parameter value can
also trigger an overly long computation during some of these checks.
A correct q value, if present, cannot be larger than the modulus p
parameter, thus it is unnecessary to perform these checks if q is larger
than p.
If DH_check() is called with such q parameter value,
DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
intensive checks are skipped.
([CVE-2023-3817])
*Tomáš Mráz*
* Fix DH_check() excessive time with over sized modulus.
The function DH_check() performs various checks on DH parameters. One of
those checks confirms that the modulus ("p" parameter) is not too large.
Trying to use a very large modulus is slow and OpenSSL will not normally use
a modulus which is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the supplied
modulus value even if it has already been found to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying a
key/parameters with a modulus over this size will simply cause DH_check() to
fail.
([CVE-2023-3446])
*Matt Caswell*
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
with NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated. ([CVE-2023-2975])
Thanks to Juerg Wullschleger (Google) for discovering the issue.
The fix changes the authentication tag value and the ciphertext for
applications that use empty associated data entries with AES-SIV.
To decrypt data encrypted with previous versions of OpenSSL the application
has to skip calls to `EVP_DecryptUpdate()` for empty associated data
entries.
*Tomáš Mráz*
* When building with the `enable-fips` option and using the resulting
FIPS provider, TLS 1.2 will, by default, mandate the use of an extended
master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will
not operate with truncated digests (FIPS 140-3 IG G.R).
*Paul Dale*
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 31 Jul 2023 20:36:54 +0000 (22:36 +0200)]
mpd: Update to version 0.23.13
- Update from version 0.23.12 to 0.23.13
- Update of rootfile not required
- mpd needs version 0.23.13 to build with fmt-10.0.0
- Changelog
0.23.13 (2023/05/22)
* input
- curl: fix busy loop after connection failed
- curl: hide "404" log messages for non-existent ".mpdignore" files
* archive
- zzip: fix crash bug
* database
- simple: reveal hidden songs after deleting containing CUE
* decoder
- ffmpeg: reorder to a lower priority than "gme"
- gme: require GME 0.6 or later
* output
- pipewire: fix corruption bug due to missing lock
* Linux
- shut down if parent process dies in --no-daemon mode
- determine systemd unit directories via pkg-config
* support libfmt 10
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 31 Jul 2023 20:36:53 +0000 (22:36 +0200)]
fmt: Update to version 10.0.0
- Update from version 9.1.0 to 10.0.0
- Update of rootfile
- sobump so ran ./make find dependencies. This highlighted mpd but that needs to be
updated anyway as the existing version does not build with fmt-10.0.0
- Changelog is too large to include here. See the file ChangeLog.rst in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 31 Jul 2023 16:15:43 +0000 (18:15 +0200)]
procps: Add patch to fix errors that prevent build with gettext-0.22
- Gettext earlier than 0.21 would still build when it found errors in language files etc.
With gettext-0.22 if it finds any errors it now stops.
- There were two lines in the french po file in procps that had erros in them. procps have
raised a commit to fix those. The patch included here carries out that commit.
- Update of rootfile not required.
- This patch will not be needed when the next update of procps occurs.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 31 Jul 2023 16:15:42 +0000 (18:15 +0200)]
gettext: Update to version 0.22
- Update from version 0.21 to 0.22
- Update of rootfile
- Changelog
0.22 - June 2023
* PO file format:
- When a #: line contains references to file names that contain spaces,
these file names are surrounded by Unicode characters U+2068 and U+2069.
This makes it possible to parse such references correctly.
* Improvements for maintainers:
- The AM_GNU_GETTEXT macro now defines two variables localedir_c and
localedir_c_make, that can be used in C code or in Makefiles,
respectively, for representing the value of the --localedir configure
option.
* Programming languages support:
- C, C++:
o xgettext now supports gettext-like functions that take wide strings
(of type 'const wchar_t *', 'const char16_t *', or 'const char32_t *')
as arguments.
o xgettext now recognizes numbers with digit separators, as defined by
ISO C 23, as tokens.
o xgettext and msgfmt now recognize the format string directive %b
(for binary integer output, as defined by ISO C 23) in format strings.
o xgettext and msgfmt now recognize the argument size specifiers
w8, w16, w32, w64, wf8, wf16, wf32, wf64 (as defined by ISO C 23)
in format strings.
o xgettext and msgfmt now recognize C++ format strings, as defined by
ISO C++ 20. They are marked as 'c++-format' in POT and PO files.
A new example has been added, 'hello-c++20', that illustrates how
to use these format strings with gettext.
- Java:
o The build system and tools now also support Java versions newer than
Java 11. This is known to work up to Java 20, at least. On the other
hand, support for old versions of Java (Java 1.5 and GCJ) has been
dropped.
- Tcl: xgettext now supports the \x, \u, and \U escapes as defined in
Tcl 8.6.
* Portability:
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with an encoding other than UTF-8.
To this effect, the msgfmt program now converts the messages to UTF-8
encoding before storing them in a MO file. You can prevent this by
using the msgfmt --no-convert option.
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with ISO C 99 <inttypes.h> format
string directive macros. To this effect, the msgfmt program pre-expands
strings with such macros. You can prevent this by using the msgfmt
--no-redundancy option.
* xgettext:
- The xgettext option '--sorted-output' is now deprecated.
- xgettext input files of type PO that are not all ASCII and not UTF-8
encoded are now handled correctly.
* The base Unicode standard is now updated to 15.0.0.
* Emacs PO mode:
Fix an incompatibility with Emacs version 29 or newer.
0.21.1 - October 2022
* Runtime behaviour:
- On AIX, locale names with a script or with an uppercase language are now
supported.
For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and
EN_US.UTF-8 is treated like en_US.UTF-8.
* The base Unicode standard is now updated to 14.0.0.
* Portability:
- Building on macOS 11/arm64 is now supported.
- Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 1 Aug 2023 15:48:36 +0000 (17:48 +0200)]
extrahd.cgi: Drop select for FS selection.
This feature does not have any benefit because the linux kernel
knows best which filesystem a device/partition has.
So there is no need for a user to specify this by-hand. This also
prevents from choosing a wrong fs type and as a direct result in a
not mountable device.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 1 Aug 2023 15:48:28 +0000 (17:48 +0200)]
extrahd.cgi: Add various perl functions deal with block devices
This functions are going to replace the former used scan/write to file/read from
file approach by directly collecting the required informations from the
kernel sysfs and devfs.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 31 Jul 2023 13:43:47 +0000 (13:43 +0000)]
udev: Drop hwrng rules
This is another fragment of rngd - the gift that keeps giving.
The udev rules file contains a lot of stuff for a prototype which never
went into production. So, that can be dropped.
It would have been left with one rule that starts rngd whenever a HWRNG
is being found. That is however no longer needed as rngd is being
started in the init process. We no longer need to initialize it as early
as possible to seed the kernel's PRNG.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 13 Jul 2023 17:03:49 +0000 (19:03 +0200)]
pmacct: Fix for Bug#13163 - no such column: vlan_in [CU 175]
- This problem occurred with pmacct-1.7.8 and was raised with upstream. They identified a
bug and provided a commit with a fix.
- Unfortunately the commit can not be used on version 1.7.8 from Dec 2022 as it depends on
other commits applied in the period from Dec 2022 to July 2023.
- The next version release is likely to come out around Dec 2023 to Mar 2024 based on the
previous release frequency (6 to 9 months)
- The only alternative was to make a release from the commit stage of the fix. In Github
this only provides a zip file. So I extracted the zip file and then re-archived it
as a .tar.gz file
- Build went successfully and the .ipfire package file was tested successfully by @Jon
Fixes: Bug#13163 Tested-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 10 Jul 2023 09:23:49 +0000 (11:23 +0200)]
glib: Update to version 2.77.0
- Update from 2.71.1 to 2.77.0
- Update of rootfile
- Changelog is too large to include here. Details can be found in the NEWS file in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 10 Jul 2023 09:23:50 +0000 (11:23 +0200)]
groff: Update to version 1.23.0
- Update from version 1.22.4 to 1.23.0
- Update of rootfile
- Changelog is too large to show here.
See the NEWS file in the source tarball for user visible changes. This does not
include any bug fixes.
For bug fixes and all commits see the ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 27 Jul 2023 13:57:25 +0000 (15:57 +0200)]
ovpnmain.cgi: Fixes bug#13190 - connection status shows disconnected for connected client
- If the certificate name has underscores in it then the status always shows as DISCONNECTED
alothough the actual connection is working and can be used.
- The certificate with underscores works fine. RFC5280 accepts underscores in the name.
- The code for checking the status splits up the status message and takes the first part
as the common name for the connection. Then there is a regex command which rerplaces
any underscores in the status common name with spaces. This results in the connection
with underscores in the certificate name never matching any status feedback common
name as the underscores have been replaced by spaces.
- This has been tested to work with my vm test bed. With existing code the connection with
underscores in the certificate name permanently showed DISCONNECTED. With the code change
the connection shows as CONNECTED very quickly.
Fixes: Bug#13190 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 21:29:25 +0000 (23:29 +0200)]
gnump3d: Update perl directory in gnump3d.conf to current version
- Update perl dircetory for plugin from 5.32.1 to 5.36.0
- Perl was updated in August 2022 but this directory was missed when that update was done.
A forum member has tried to use gnump3d and had problems because it was trying to use
the perl 5.32.1 directory for a plugin in the gnump3d.conf file
- Bumped the PAK_VER to ensure that gniump3d is shipped.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:19 +0000 (18:16 +0200)]
xfsprogs: Update to version 6.4.0
- Update from version 6.2.0 to 6.4.0
- Update of rootfile not required
- Changelog is not available in the source tarball or on the website. Changes can be viewed
in the git log https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:17 +0000 (18:16 +0200)]
mpfr: Update to version 4.2.0p12
- Update from version 4.2.0p9 to 4.2.0p12
- Update of rootfile not required
- Changelog - additional patches from 10 to 12 over previous update
10 - GCC 12 emits a spurious "may be used uninitialized" warning on tests/tfpif.c
with -O1, and GCC 13 has the same issue also with -O2 (GCC bug 106155). This can
make some test scripts fail for the developers. The gcc-pr106155-workaround
patch provides a workaround for this bug in GCC.
Corresponding changeset in the 4.2 branch: c0031f1af.
11 - The mpfr_inp_str function does not handle the '\0' character correctly when it
is not a whitespace character (which is almost always the case in practice, or
really always the case). For instance, if the word is the sequence
{ '1', '\0', '2' }, the string "1" is passed to mpfr_set_str because '\0' is
regarded as a terminating null character, and one gets a valid number (1) while
'\0' in a word is necessarily invalid. This is fixed by the inp_str-nullchar
patch. The testcase in the repository cannot be provided in the patch because of
the null character in one of the files.
Corresponding changeset in the 4.2 branch: 6a68387b2.
12 - When '\0' is a whitespace character, i.e. when isspace(0) is true in the current
locale (as allowed by ISO C for non-"C" locales), the mpfr_strtofr function
regards a '\0' in the leading whitespace sequence as a whitespace. This is
incorrect, since from the definition of a string, the first '\0' is the
terminating null character (before the notion of whitespace is involved). In
such locales, this is a vulnerability, because characters after the terminating
null character are read to determine the result; however, such locales are rare
or nonexistent (Mutt's lib.h suggests that some systems have such locales, but
this was in 1998). This is fixed by the strtofr-nullchar patch.
Corresponding changeset in the 4.2 branch: 964fbaa31.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:16 +0000 (18:16 +0200)]
libarchive: Update to version 3.7.0
- Update from version 3.6.2 to 3.7.0
- Update of rootfile
- Changelog
3.7.0 is a feature and bugfix release.
New features:
bsdunzip: new tool ported from FreeBSD (#1873)
drop-in replacement for Info-ZIP unzip, not yet ported for Windows
7zip reader: support for Zstandard compression (#1894)
7zip reader: support for ARM64 filter (#1918)
zstd filter: support for multi-frame zstd archives (#1818)
Other notable bugfixes and improvements:
pax: fix year 2038 problem on platforms with 64-bit time_t (#1840)
Windows: Universal Windows Platform (UWP) fixes and improvements (#1879, #1883, #1885, #1840)
Windows: bcrypt usage fixes and improvements (#1881, #1887)
Windows: time function usage fixes and improvements (#1820, #1824, #1830)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 29 Jul 2023 16:16:15 +0000 (18:16 +0200)]
curl: Update to version 8.2.1
- Update from version 8.2.0 to 8.2.1
- Update of rootfile not required
-Changelog
8.2.1
Bugfixes
o amigaos: fix sys/mbuf.h m_len macro clash [9]
o amissl: add missing signal.h include [8]
o amissl: fix AmiSSL v5 detection [2]
o cfilters: rename close/connect functions to avoid clashes [12]
o ciphers.d: put URL in first column [1]
o cmake: add `libcurlu`/`libcurltool` for unit tests [5]
o cmake: update ngtcp2 detection [4]
o configure: check for nghttp2_session_get_stream_local_window_size [14]
o CONTRIBUTE: drop mention of copyright year ranges [20]
o CONTRIBUTE: fix syntax in commit message description [21]
o curl_multi_wait.3: fix arg quoting to doc macro .BR [27]
o docs: mark two TLS options for TLS, not SSL [26]
o docs: provide more see also for cipher options [23]
o hostip: return IPv6 first for localhost resolves [16]
o http2: fix regression on upload EOF handling [13]
o http: VLH, very large header test and fixes [19]
o libcurl-errors.3: add CURLUE_OK [11]
o os400: correct EXPECTED_STRING_LASTZEROTERMINATED [7]
o quiche: fix lookup of transfer at multi [18]
o quiche: fix segfault and other things [15]
o rustls: update rustls-ffi 0.10.0 [24]
o socks: print ipv6 address within brackets [10]
o src/mkhelp: strip off escape sequences [22]
o tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T [17]
o transfer: do not clear the credentials on redirect to absolute URL [6]
o unittest: remove unneeded *_LDADD [3]
o websocket: rename arguments/variables to match docs [25]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / pmueller / ipfire-2.x.git / log
