Adolf Belka [Tue, 2 Feb 2021 21:46:14 +0000 (22:46 +0100)]
p7zip: Update to 17.03
- Update p7zip from 16.02 (Jul 2016) to 17.03 (Dec 2020)
- Version 16.02 was the last version by the previous dev team.
A fork was created in May 2020 with version 17.01
- Rootfile updated
- Changelog
Version 17.03
=============
- add zstd to zip
- add hash algorithm
- XXHASH32
- XXHASH64
- MD2
- MD4
- MD5
- sha384
- sha512
- add Lzfse to dmg
- add lz5 to 7z
- add lizard to 7z
- update lz4 to v1.9.3
- add brotli to 7z
- update cmake build
- fix xz crc64 error
- use system local to select OEM code
- add rpm install
- fix lzma2 and flzma22 call the same algorithm
- add 7zr build
- fix tar format link file compress and decompress
Version 17.02
=============
- p7zip 17.02 is more like 7zip 17.01(only 7za and 7z),The difference from 7zip 17.01
and older version p7zip is the following description
- Supports Fast lzma2 1.0.1 compression method
- Update Zstd method to 1.4.5
- Add zstd method parameters in 7z format
ZSTD parameters NEW name:
strategy -> strat
fast -> fast
long -> long
WindowLog -> wlog
HashLog -> hlog
ChainLog -> clog
SearchLog -> slog
MinMatch -> slen
TargetLen -> tlen
OverlapLog -> ovlog
LdmHashLog -> ldmhlog
LdmSearchLength -> ldmslen
LdmBucketSizeLog -> ldmblog
LdmHashRateLog -> ldmhevery
- Fix symlink files contained inside tar and squashfs as regular file
- Add lz4 and Zstd decompress method to squashfs
Version 17.01
=============
- Fix BUG CVE-2018-10115
- Fix BUG CVE-2018-5996
- Fix BUG CVE-2017-17969
- Fix BUG CVE-2016-9296
- The bug fixes in version 17.01 address the same CVE bugs as the
p7zip-16.02-consolidated_fixes-1.patch Therefore this patch is no longer needed
- The patches for CVE-2016-2334 & 2335 were for versions before 16.00 so are no longer needed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Feb 2021 21:46:01 +0000 (22:46 +0100)]
automake: Update to 1.16.3
- Update automake from 1.16.2 to 1.16.3
- No change to rootfile
- New in 1.16.3:
* New features added
- In the testsuite summary, the "for $(PACKAGE_STRING)" suffix
can be overridden with the AM_TESTSUITE_SUMMARY_HEADER variable.
* Bugs fixed
- Python 3.10 version number no longer considered to be 3.1.
- Broken links in manual fixed or removed, and new script
contrib/checklinkx (a small modification of W3C checklink) added,
with accompany target checklinkx to recheck urls.
- install-exec target depends on $(BUILT_SOURCES).
- valac argument matching more precise, to avoid garbage in DIST_COMMON.
- Support for Vala in VPATH builds fixed so that both freshly-generated and
distributed C files work, and operation is more reliable with or without
an installed valac.
- Dejagnu doesn't break on directories containing spaces.
* Distribution
- new variable AM_DISTCHECK_DVI_TARGET, to allow overriding the
"make dvi" that is done as part of distcheck.
* Miscellaneous changes
- install-sh tweaks:
. new option -p to preserve mtime, i.e., invoke cp -p.
. new option -S SUFFIX to attempt backup files using SUFFIX.
. no longer unconditionally uses -f when rm is overridden by RMPROG.
. does not chown existing directories.
- Removed function up_to_date_p in lib/Automake/FileUtils.pm.
We believe this function is completely unused.
- Support for in-tree Vala libraries improved.
- Full change details are in ChangeLog file in tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 2 Feb 2021 21:45:41 +0000 (22:45 +0100)]
acl: Update to 2.2.53
- Update acl from 2.2.52 (May 2013) to 2.2.53 (Jun 2018 - latest version)
- Rootfile updated
- No make rules for install-lib or install-dev in new version. Only for install
- Changelog in tarball has 2.2.49 (Nov 2009) as the latest change
- Could not find changelog info anywhere else.
- Following changelog created by extracting from git commits (thanks for idea Peter Mueller)
- include: fix uninstall for `make distcheck` Mike Frysinger
- acl.5 man page: Update link to POSIX.1e draft Andreas Gruenbacher
- test: add regression test Dmitry V. Levin
- Enable large-file support on systems that do not enable it by default Dmitry V. Levin
- libacl: Fix acl_from_text() returning NULL on all input Dmitry V. Levin
- setfacl --restore: Silence valgrind Andreas Gruenbacher
- setfacl: Preserve special mode bits on filesystems without POSIX ACL support Andreas Gruenbacher
- setfacl.1: document the meaning of '-' in perms Kamil Dudka
- setfacl: Allow more than four characters in the perms field Andreas Gruenbacher
- permissions.test: Fix umask Andreas Gruenbacher
- Add additional group names for root-specific tests Andreas Gruenbacher
- libtestlookup: Add missing EXPORT and static declarations Andreas Gruenbacher
- Minor man-page clarifications Andreas Gruenbacher
- Remove ACL_ADD and ACL_DELETE Andreas Gruenbacher
- test: fixups on SELinux machines for root testcases He Zhe
- libacl: Ignore warning in parse_acl_entry() Andreas Gruenbacher
- Cleanup visibility of API functions Yury Usishchev
- Cleanup internal headers usage Yury Usishchev
- Rework config.h usage Yury Usishchev
- walk_tree_rec: Add parentheses to clarify code Andreas Gruenbacher
- __acl_from_xattr: Set errno for invalid tag types Andreas Gruenbacher
- Fix checks for valid permissions in input Corinna Vinschen
- use portable AC_C_BIGENDIAN Mike Frysinger
- quote: escape literal backslashes Jeff Mahoney
- test: Add helper library to fake passwd/group files Jeff Mahoney
- ignore configure.lineno Mike Frysinger
- walk_tree: mark internal variables as static Dmitry V. Levin
- Do not export symbols that are not supposed to be exported Dmitry V. Levin
- getfacl: Fix minor resource leak Andreas Gruenbacher
- setfacl man page: Minor wording improvements Andreas Gruenbacher
- Fix the display block nesting in acl.5 Andreas Gruenbacher
- getfacl: Fix memory leak Andreas Gruenbacher
- fix compilation with latest xattr git Brice De Bruyne
- libacl: acl_set_file: Remove unnecesary racy check Andreas Gruenbacher
- cp.test: Check permissions of the right file Andreas Gruenbacher
- add __acl_ prefixes to internal symbols Mike Frysinger
- mark libmisc funcs as hidden so they are not exported Mike Frysinger
- telldir return value and seekdir second parameters are of type long Cristian Rodríguez
- read_acl_{comments,seq}: switch to next_line Mike Frysinger
- read_acl_{comments,seq}: rename "line" to "lineno" Mike Frysinger
- build: ship a pkgconfig file for libacl Mike Frysinger
- build: make use of an aux-dir to stow away helper scripts Mike Frysinger
- build: drop aclincludedir, use pkgincludedir Mike Frysinger
- po: regenerate files after move Mike Frysinger
- modernize build system Mike Frysinger
- test: make running parallel/out-of-tree safe Mike Frysinger
- move gettext logic into misc.h Mike Frysinger
- punt debian/rpm packaging logic Mike Frysinger
- libacl: fix SIGSEGV of getfacl -e on overly long group name Kamil Dudka
- libacl: Make sure that acl_from_text() always sets errno when it fails Andreas Gruenbacher
- Use autoreconf rather than autoconf to regenerate the files. Fabrice Bauzac
- .gitignore: ignore *~ and config.h.in. Fabrice Bauzac
- Bad markup in acl.5 page Eric S. Raymond
- Makefile: rename configure.in to configure.ac Mike Frysinger
- test: fix insufficient quoting of '\' Kamil Dudka
- setfacl.1: fix typo 'inclu de' -> 'include' John Bradshaw
- Install the libraries to the appropriate directory Brandon Philips
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
i have added the gatewayfield at the line below the IP and Netmask
fields but prior this fields so the cursor jumps first the the gateway
and after this to the IP. This patch fix the activation order.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 1 Feb 2021 18:37:27 +0000 (19:37 +0100)]
lynis: update to 3.0.3
The changelog of lynis 3.0.3 is available at
https://github.com/CISOfy/lynis/releases/tag/3.0.3; all changes since
lynis 3.0.1 can be inspected at https://github.com/CISOfy/lynis/releases.
lynis 3.0.2 adds detection for IPFire, so we can hope to have those
"unknown operating system" messages omitted in future. :-)
Minor adjustments to LFS and rootfile were necessary to purge unused
CI/CD stuff as well as some markdown files (licence, code of conduct,
etc. pp.) from the extracted archive.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 1 Feb 2021 10:53:25 +0000 (10:53 +0000)]
make.sh: Do not decrease nice level of build
This was designed to keep a workstation that is compiling IPFire
responsive during the build. However, the kernel's scheduler has been
improved enough that this is no longer an issue.
Instead of telling the kernel that the build job is something with a
lower priority (which it isn't) we now simply run with the nicelevel of
the parent process that has called make.sh.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 31 Jan 2021 20:33:27 +0000 (21:33 +0100)]
libseccomp: update to 2.5.1
Release notes as per https://github.com/seccomp/libseccomp/releases/tag/v2.5.1:
Version 2.5.1 - November 20, 2020
Fix a bug where seccomp_load() could only be called once
Change the notification fd handling to only request a notification fd if
the filter has a _NOTIFY action
Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
Clarify the maintainers' GPG keys
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 31 Jan 2021 17:36:43 +0000 (18:36 +0100)]
qemu: Update to 5.2.0
- Update qemu from 5.0.0 to 5.2.0
- Changelogs for 5.1.0 and 5.2.0 available at https://wiki.qemu.org/ChangeLog/
- rootfile updated
- patch no longer needed as fix built into source. patch was not utilised
for 5.0.0 version. Patch line was commented out in previous lfs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 30 Jan 2021 22:40:47 +0000 (23:40 +0100)]
cups-filters: Update to 1.28.7
- Update cups-filters from 1.27.4 to 1.28.7
- Changelog
CHANGES IN V1.28.7
- driverless: Removed the support quality check from Pull
request #235 as it takes significant time for each printer
being listed, making cups-driverd (`lpinfo -m`) timing out
when there are many printers (OpenPrinting CUPS issue #65).
- libcupsfilters: In the PPD generator give priority to Apple
Raster against PDF (Issue #331).
- libcupsfilters: Added NULL check when removing ".Borderless"
suffixes from page size names (Issue #314, Pull request
#328).
- libcupsfilters: In the cupsRasterParseIPPOptions() map the
color spaces the same way as in the PPD generator (Issue
#326, Pull request #327).
- libcupsfilters: Fixed addition of grayscale mode in
generated PPD files, to avoid duplicate entries
(OpenPrinting CUPS issue #59).
CHANGES IN V1.28.6
- libcupsfilters: In generated PPDs add a grayscale mode if
there are only color printing modes (from OpenPrinting
CUPS).
- libcupsfilters: In generated PPDs add an "OutputBin" option
also if it has only one choice (OpenPrinting CUPS pull
request #18).
- libcupsfilters: Generated PPDs could have an "Unknown"
default InputSlot (OpenPrinting CUPS issue #44).
- cups-browsed: Removed unneeded IPP attribute additions
preventing the created local queues from preserving a
location or description the user assigns to them (Issue
#323).
- cups-browsed: Removed all calls of the resolve_uri() function
of libcupsfilters, as these are not actually needed and in case
the supplied DNS-SD-based URI is not resolvable, the function
gets stuck for ~5 seconds.
- cups-browsed: Fixed several memory leaks, mainly from the
code to merge printer IPP attributes for clusters (Pull
request #322).
- cups-browsed: Silenced compiler warning.
- foomatic-rip: Fix infinite loop and input from file on raw
printing (Pull request #318).
- foomatic-rip: Remove temporary file created during pdf-to-ps
conversion (Pull request #313).
CHANGES IN V1.28.5
- cups-browsed: UUID from IPP response was used after its
pointer was freed by ippDelete() (Pull request #311).
CHANGES IN V1.28.4
- driverless: Avoid duplicate PPD list entries from the same
device via UUID
- driverless: Reduce ippfind calls by "driverless" and
"driverless-fax"called by CUPS. Let "driverless list" list
both print and fax PPDs and "driverless-fax list" do
nothing.
- driverless: Avoid duplicate listings in printer discovery,
by "driverless-fax" not listing any URI as "driverless"
lists them all already.
- driverless: Vastly improve performance by doing only one
ippfind call instead of two (IPP, IPPS) as ippfind accepts
more than one reg type on the command line.
- Sample PPDs: Corrected manufacturer name in
Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd.
CHANGES IN V1.28.3
- libcupsfilters, cups-browsed: Fixed inconsistency between
resolvers for DNS-SD-based URIs, resolve_uri() and
ippfind_based_uri_converter(). Now both return a freeable
string.
- libcupsfilters: Fix uninitialized buffer and parsing ippfind
output in ippfind_based_uri_converter() function (Issue
#308, Pull request #309).
CHANGES IN V1.28.2
- driverless: Free allocated memory, use MAX_OUTPUT_LEN (Pull
request #304).
- driverless: Make the two ippfind tasks(for IPP
and IPPS) run in parallel (Pull request #302, #305, #306).
- braille: Support new liblouis tables not containing a
display name (Pull request #303)
- Build system: Let ./configure not error out when there is
more than one DejaVuSans.ttf test font candidate (Issue
#300).
- cups-browsed: Crash when a remote printer set as default
gets removed, due to missing variable in printf() call
(Issue #299).
- libcupsfilters: Removed all signal handling and global
variables from get_printer_attributes() and
ippfind_based_uri_converter(). This is overkill for these
quick operations and causes problems when shutting down
cups-browsed (Issue #298).
CHANGES IN V1.28.1
- COPYING: Fixed several typos
- libcupsfilters: Fixed typo in log message of
get_printer_attributes functions.
- cups-browsed: Fixed typos in configuration file and man page
- libcupsfilters: Let the PPD generator not suffix page size
names with ".Borderless" if all page sizes would get this
suffix, for example for printers which generally print
borderless.
- libcupsfilters: Added "faxPrefix" option for generated IPP
Fax Out PPDs, so that this option also appears in print
dialogs.
- driverless: List addresses for local services correctly when
using "--std-ipp-uris" (with "localhost" hostname).
- driverless: Make calls of the ippfind utility somewhat faster,
setting the timeout of ippfind to automatic.
- libcupsfilters: Resolve DNS-SD-based URIs for local services
correctly (using hostname "localhost").
- libcupsfilters: In get_printer_attributes() functions do not
try to convert URIs which are not DNS-SD-based (Issue #294).
- libcupsfilters: In get_printer_attributes() functions also
support URIs with "dnssd://..." scheme.
- libcupsfilters: Moved signal handling back into main
function of the get_printer_attributes() variants, it got
moved out accidentally.
- driverless: For generating a PPD, independent whether via
"driverless URI" or "driverless cat URI", always allow CUPS
driver URIs (prefixed with "driverless: " or
"driverless-fax:") and pure IPP URIs.
- driverless: Accept clean IPP URIs also for 'driverless cat
...' (Issue #295, Pull request #296).
- driverless-fax: Do not use fixed path for call of driverless
itself (Pull request #293).
CHANGES IN V1.28.0
- driverless, driverless-fax, libcupsfilters: Added IPP Fax
Out support. Now printer setup tools list an additional fax
"driver". A fax queue is created by selecting this
driver. Jobs have to be sent with "-o phone=12345" to supply
the destination phone number (Pull request #280).
- libfontembed: Silenced warning with gcc 10.x (Pull request
#287).
- cups-browsed: Added ./configure options
--enable-saving-created-queues and
--with-remote-cups-local-queue-naming (Pull request: #253,
#285).
- cups-browsed: Fixed several memory leaks, mainly from the
code to merge printer IPP attributes for clusters (Pull
request #281, #283).
- driverless: Added "--std-ipp-uris" command line option to
show listed URIs in standard hostname-based form (not the
CUPS DNS-SD-service-name-based form. Only for manual call of
the utility, for debugging purposes (Pull request #277).
- libfontembed: Removed assert() calls which cause crashes
when unsupported emoji fonts are installed (Issue #254, Pull
request #276).
- driverless: Added support for IPPS (use "ipps://..." URIs if
possible, Issue #251, Pull request #270, #273).
- gstoraster, gstopdf: When converting PostScript to PDF use
the "pdfwrite" output device with "-dPDFSETTINGS=/default"
instead of with "-dPDFSETTINGS=/printer". This reproduces
bitmaps in the PostScript file with their original image
quality (Issue #272).
- cups-browsed: Limit log file size and add backup file for
previous log entries. Introduced the configuration option
DebugLogFileSize in cups-browsed.conf to set the actual
limit in kilobytes or 0 to get the old behavior of an
unlimited size for the log file (Issue #260, Pull request
#267).
- gstoraster, gstopdf: Do not apply margins when output format
is PDF, as then we convert an incoming PostScript file to
PDF (pre-pdftopdf) and do not prepare the pages for the
printer (post-pdftopdf, Issue #250).
- cups-browsed: Do not write any log messages directly to
stderr, there were some concerning timeouts on queue
creation (Issue #260).
- Build system: Fix cross-compilation without DejaVu test font
in configure.ac (Issue #262, Pull request #263).
- libcupsfilters: Respect the fact that PPD keywords
are case-sensitive when adding "*cupsManualCopies: True" in
PPD file (Issue #242).
- libcupsfilters: Older versions of libcups (< 2.3.1)
had the enum name for fold-accordion finishings mistyped.
Added a workaround.
- cups-browsed: Remove left-over local queues from the
previous session more quickly when CUPS legacy browsing is
turned on.
- cups-browsed: Left-over local queues from the previous
session for which the corresponding remote printer did not
appear again did not get removed as they were considered
externally overwritten.
- gstoraster, gstopdf: Add option "-dDoNumCopies" to
Ghostscript command line if we are outputting PDF (called
via gstopdf wrapper) and the number of copies supplied to
CUPS is 1 (4th command line argument). In this case we
convert incoming PostScript to PDF and need to respect
embedded PostScript commands to implement the number of
copies (Issue #255, CUPS Issue #5796, OpenSUSE bug
#1173345).
- imagetoraster: Potential null dereference fix (when no valid
PPD is supplied, Pull request #256).
- cups-browsed: Call cupsGetNamedDest() only if
"OnlyUnsupportedByCUPS No"
- Sample PPDs: Corrected ColorModel default for Generic PWG
Raster PPD to Color (Pull request #247).
- cups-browsed: Mark the temp queue as cups-browsed-generated
during setting printer-is-shared (Pull request #246).
- cups-browsed: Remove mentions of README and AUTHORS files in
the man page (Pull request #244).
- pclmtoraster: Added new filter to extract Raster data from
raster-only PDF files, here for the special case of PCLm
files (Pull request #243, #257).
- Sample PPDs: In Generic-PDF_Printer-PDF.ppd add option to
switch between color and grayscale printing (Pull request
#237).
CHANGES IN V1.27.5
- cups-browsed: Do not remove the created local queues on
shutdown, to avoid their re-creation on restart, so that
desktops get no cluttered with notifications of new queues
being created. One can return to the old behavior via
"KeepGeneratedQueuesOnShutdown No" in cups-browsed.conf
(Ubuntu bug #1869981, #1878241).
- cups-browsed: Do not accept DNS-SD broadcasts of IPPS type
of "remote" CUPS queues of another CUPS instance on the
local machine. This way we get a local queue pointing to
such a printer only in unencrypted version (IPP). For some
reason printing from one CUPS server to another on the same
machine works only unencrypted.
- foomatic-rip: Map two-sided-short-edge to DuplexTumble (Pull
request #236)
- Build system: In configure.ac use AS_IF instead of
AC_CHECK_FILE for font check (Issue #239, Pull request #240)
- cups-browsed: Cleaned up code for determining to which CUPS
server (host/port/domain socket) to connect, so that
connection via DomainSocket cups-browsed.conf directive,
CUPS_SERVER and IPP_PORT environment variables and all
defaults and methods of libcups, including CUPS' client.conf
work.
- gstoraster, rastertopdf: Do not pass NULL to fprintf() (Pull
request #230).
- libcupsfilters: Silence compiler warning (Pull request #229).
- rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 30 Jan 2021 22:40:27 +0000 (23:40 +0100)]
cifs-utils: Update to 6.12
- Update cifs-utils from 5.9 to 6.12
- Changelog - URL for each change gives more details of changes
December, 2020: Release 6.12
get/setcifsacl tools are improved to support changing owner, group and SACLs
mount.cifs is enhanced to use SUDO_UID env variable for cruid
smbinfo is re-written in Python language
https://lists.samba.org/archive/samba-technical/2020-December/136156.html
September, 2020: Release 6.11
CVE-2020-14342: mount.cifs: fix shell command injection
https://lists.samba.org/archive/samba-technical/2020-September/135747.html
December 16, 2019: Release 6.10
smb3 alias/fstype is added
smb2-quota tool is added to display quota information
smb2-secdesc UI tool to view security descriptors is added
smbinfo is enhanced with capabilities to dump session keys and get/set compression of files
smbinfo bash completion is supported
getcifsacl tool is improved to support multiple files
https://lists.samba.org/archive/samba-technical/2019-December/134662.html
April 5, 2019: Release 6.9
smbinfo utility is added to query various kinds of information from the server (objectId, snapshots, different FileInfo* classes and other metadata)
server IP change is supported by expiring DNS key resolver entries
get/setcifsacl tools are improved to handle unexpected behavior
share snapshot are allowed to be specified by a GMT token or SMB 100-nanoseconds time
various new mount option are documented: bsize, handletimeout, handlecache, rdma, max_credits and others
https://lists.samba.org/archive/samba-technical/2019-April/133233.html
March 9, 2018: Release 6.8
man pages updates (auto-negotiate protocol version by default) and cleanups (moving to .rst format)
setcifsacl: fix security descriptor buffer size mismatch
cifscreds: fix a segfault for incorrect usage
minor mount.cifs fixes
https://lists.samba.org/archive/samba-technical/2018-March/126227.html
March 2, 2017: Release 6.7
fixes for regressions from cifs.upcall overhaul
mount.cifs cleanups
https://lists.samba.org/archive/samba-technical/2017-March/119036.html
September 3, 2016: Release 6.6
cleanup/overhaul of cifs.upcall krb5 credcache handling
https://lists.samba.org/archive/samba-technical/2016-September/115974.html
February 22, 2016: Release 6.5
mount.cifs: ignore x- mount options
minor build fixes
minor manpage fix
https://lists.samba.org/archive/samba-technical/2016-February/112372.html
July 11, 2014: Release 6.4
allow PAM directory to be configurable
better determination of default keytab file
better cifscreds error handling
uppercase devicename when retrying mount
https://lists.samba.org/archive/samba-technical/2014-July/101132.html
January 9, 2014: Release 6.3
fixes for various bugs turned up by Coverity
clean unused cruft out of upcall binary
add new pam_cifscreds PAM module for establishing NTLM creds on login
https://lists.samba.org/archive/samba-technical/2014-January/097124.html
October 4, 2013: Release 6.2
setcifsacl can now work without a plugin
systemd-ask-password is found using $PATH now
cifs.upcall now works with KEYRING: credcaches
https://lists.samba.org/archive/samba-technical/2013-October/095287.html
July 2, 2013: Release 6.1
minor bugfixes
allow cifs.upcall to use dedicated keytab
https://lists.samba.org/archive/samba-technical/2013-July/093601.html
March 25, 2013: Release 6.0
minor bugfixes and documentation updates
support for NFS-style device names removed
https://lists.samba.org/archive/samba-technical/2013-March/091169.html
- Rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 30 Jan 2021 22:40:11 +0000 (23:40 +0100)]
screen: Update to 4.8.0
- Update screen from 4.2.1 to 4.8.0
- Changelog
Version 4.8.0 (05/02/2020)
* Improve startup time by only polling for files to close
Fixes:
- Fix for segfault if termcap doesn't have Km entry
- Make screen exit code be 0 when checking --version
- Fix potential memory corruption when using OSC 49
Version 4.7.0 (02/10/2019)
* Add support for SGR (1006) mouse mode
* Add support for OSC 11
* Update Unicode ambiguous and wide tables to 12.1.0
* Fixes:
- cross-compilation support (bug #43223)
- a lot of manpage fixes and cleanups
Version 4.6.2 (23/10/2017):
* Fixes:
- revert changes to cursor position restore behavour (bug #51832)
- set freed pointer to NULL (bug #52133)
- documentation fixes
- fix windowlist crashes (bug #43054 & #51500)
Version 4.6.1 (10/07/2017):
* Fixes:
- problems with starting session in some cases
- parallel make install
- segfault when querying info on nonUTF locale (bug #51402)
Version 4.6.0 (28/06/2017):
* Update Unicode wide tables to 9.0 (bug #50044)
* Support more serial speeds
* Improved namespaces support
* Migrate from fifos to sockets
* Start viewing scrollback at first line of output (bug #49377)
Version 4.5.1 (25/02/2017):
* Fixes:
- logfile permissions problem (CVE-2017-5618)
- SunOS build problem (bug #50089)
- FreeBSD core dumps (bug #50143)
Version 4.5.0 (10/12/2016):
* Allow specifying logfile's name via command line parameter '-L'
* Fixes:
- broken handling of "bind u digraph U+" (bug #48691)
- crash with long $TERM (bug #48983)
- crash when bumping blank window
- build for AIX (bug #49149)
- %x improperly separating arguments
- install with custom DESTDIR (bug #48370)
Version 4.4.0 (19/06/2016):
* Support up to 24 function keys
* Fix runtime issues
* 'logfile' command, starts logging into new file upon changing
Version 4.3.1 (28/06/2015):
* Fix resize bug
Version 4.3.0 (13/06/2015):
* Introduce Xx string escape showing the executed command of a window
* Implement dead/zombie window polling, allowing for auto reconnecting
* Allow setting hardstatus on first line
New Commands:
* 'sort' command sorting windows by title
* 'bumpleft', 'bumpright' - manually move windows on window list
* 'collapse' removing numbering 'gaps' between windows, by renumbering
* 'windows' command now accepts arguments for use with querying
- Rootfile updated
- Two screen patchfiles deleted as the patch changes are now built into
the source files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 30 Jan 2021 13:26:11 +0000 (14:26 +0100)]
Postfix: update to 3.5.9
This release adds runtime detection of DNSSEC support; please refer to
http://www.postfix.org/announcements/postfix-3.5.9.html for its full
announcement.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 29 Jan 2021 21:58:23 +0000 (22:58 +0100)]
dbus: Update to 1.12.20
- Update dbus from 1.11.12 to 1.12.20 (latest in release line
1.13.x is also available but this is the development line
and not recommended for production use
- Changelog between these two versions is very long (750 lines long) and
can be found in the NEWS file in the source tarball.
- rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 28 Jan 2021 20:17:30 +0000 (21:17 +0100)]
dma: Update to 0.13
- Update dma from 0.12 to 0.13
- No changelog information available
- No change to the rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 28 Jan 2021 20:17:00 +0000 (21:17 +0100)]
ipset: Update to 7.10
- Update ipset from 7.6 to 7.10
- Changelog
7.10
Kernel part changes
Fix patch "Handle false warning from -Wstringop-overflow"
Backward compatibility: handle renaming nla_strlcpy to nla_strscpy
treewide: rename nla_strlcpy to nla_strscpy. (Francis Laniel)
netfilter: ipset: fix shift-out-of-bounds in htable_bits() (Vasily Averin)
netfilter: ipset: fixes possible oops in mtype_resize (Vasily Averin)
Handle false warning from -Wstringop-overflow
Backward compatibility: handle missing strscpy with a wrapper of strlcpy.
Move compiler specific compatibility support to separated file (broken compatibility support reported by Ed W)
7.9
Userspace changes
Fix library versioning (Jan Engelhardt)
7.8
Kernel part changes
Complete backward compatibility fix for package copy of <linux/jhash.h>
Compatibility: check for kvzalloc() and GFP_KERNEL_ACCOUNT
netfilter: ipset: enable memory accounting for ipset allocations (Vasily Averin)
netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet)
Compatibility: use skb_policy() from if_vlan.h if available
Compatibility: Check for the fourth arg of list_for_each_entry_rcu()
Backward compatibility fix for the package copy of <linux/jhash.h>
7.7
Userspace changes
Expose the initval hash parameter to userspace
Handle all variable header parts in helper scripts instead ot test tasks
Add bucketsize parameter to all hash types
Support the -exist flag with the destroy command
Kernel part changes
Expose the initval hash parameter to userspace
Add bucketsize parameter to all hash types
Use fallthrough pseudo-keyword in the package copy of too
Support the -exist flag with the destroy command
netfilter: Use fallthrough pseudo-keyword (Gustavo A. R. Silva)
netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva)
netfilter: ipset: call ip_set_free() instead of kfree() (Eric Dumazet)
netfiler: ipset: fix unaligned atomic access (Russell King)
netfilter: ipset: Fix subcounter update skip (Phil Sutter)
ipset: Update byte and packet counters regardless of whether they match (Stefano Brivio)
netfilter: ipset: Pass lockdep expression to RCU lists (Amol Grover)
ip_set: Fix compatibility with kernels between v3.3 and v4.5 (Serhey Popovych)
ip_set: Fix build on kernels without INIT_DEFERRABLE_WORK (Serhey Popovych)
ipset: Support kernels with at least system_wq support
ip_set: Fix build on kernels without system_power_efficient_wq (Serhey Popovych)
- Rootfiles updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 28 Jan 2021 18:43:22 +0000 (19:43 +0100)]
freetype: update to 2.10.4
This fixes a heap buffer overflow in the handling of embedded PNG
bitmaps (CVE-2020-15999). Further information is available at
https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/ .
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 28 Jan 2021 14:55:57 +0000 (15:55 +0100)]
minicom: Update to 2.8
- Update minicom from 2.7.1 to 2.8
- Changelog for version 2.8
New timestamp mode: Delta to previous line.
Add HPA ESC sequence
Add alternative window support (ti/te)
Fix file name of non-global configuration settings.
Update translations: Indonesian, French, Swedish, Spanish, German, Brazilian Portuguese, Vietnamese, Polish, Danish, Norwegian, Serbian
New translation: Serbian, Simplified chinese
Fix F10 macro key used in current setups
Add F11 and F12 for macro use
Fixed DTR for recent systems
Add support for RS485.
Add --capturefile-buffer-mode option
Bug fixes
- Updated rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 27 Jan 2021 22:17:00 +0000 (23:17 +0100)]
arping: Update to 2.21
- Update arping from 2.15 to 2.21
- Notable changes from 2.20 to 2.21:
* Use more modern pcap API calls, when available
* Add payload data to mac ping
* chdir(/) after chroot()
* Misc minor cleanup
- Notable changes from 2.19 to 2.20:
* Improved support for cross-compile
* Use unveil(2) and pledge(2) where available (i.e. OpenBSD)
* Fix false duplicates when destination address is *also* assigned to local interface
* Minor typo-level fixes
- Notable changes from 2.18 to 2.19:
* Added -g to drop privs to alternate user (for Android)
* Slightly improved error messages
- Notable changes from 2.17 to 2.18:
* Make -w/-W work like 'ping'
- Notable changes from 2.16 to 2.17:
* Add padding to packets to work on Raspberry Pi 3
- Notable changes from 2.15 to 2.16:
* VLAN tagging (Nikolay Aleksandrov)
* 802.1Q priority (Nikolay Aleksandrov)
* Added a bunch of unit tests.
* Be more lazy about initializing libnet.
This fixes issues where arping would sometimes pick an unsuitable
device during arg parsing, if the "first" device on the system is
not a "normal" device.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 28 Jan 2021 16:00:47 +0000 (17:00 +0100)]
libloc: ship a more recent database by default
The database we ship by default is meanwhile four weeks old, and since
the merge window for Core Update 154 is still open, there is no need to
ship data being more outdated than they have to be. :-)
The second version of this patch also updates the checksum for the
downloaded database file.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 27 Jan 2021 20:14:44 +0000 (21:14 +0100)]
sudo: Upgrade to 1.9.5p2
- Update sudo from 1.9.5p1 to 1.9.5p2
- Major changes between version 1.9.5p2 and 1.9.5p1:
Fixed sudo's setprogname(3) emulation on systems that don't provide it.
Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954.
Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically.
The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache.
When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.
Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.
- No change to rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 6 Jan 2021 14:38:03 +0000 (14:38 +0000)]
samba: Add helper script to pipe password
It is complicated to set the password in the C helper binary.
Therefore it is being set by a helper script.
This is still not an optimal solution since the password might be
exposed to the shell environment, but has the advantage that shell
command injection is no longer possible.
Fixes: #12562 Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 6 Jan 2021 12:00:32 +0000 (12:00 +0000)]
samba: Remove option to chose user group and shell
There is no need for this being implemented and it is dangerous to allow
the user to create any shell accounts or users that belong to groups
with higher privileges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 5 Jan 2021 16:01:56 +0000 (16:01 +0000)]
Drop launch-ether-wake
The helper binary is being dropped and etherwake is enabled
for CAP_NET_RAW. This allows execution by unprivileged users
as needed by the web user interface (nobody).
Reported-by: Albert Schwarzkopf <ipfire@quitesimple.org> Fixes: #12562 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Jan 2021 20:17:06 +0000 (21:17 +0100)]
iptables: Update to version 1.8.7
- Update from 1.8.6 to 1.8.7
Florian Westphal (4):
xtables-monitor: fix rule printing
xtables-monitor: fix packet family protocol
xtables-monitor: print packet first
xtables-monitor:
Pablo Neira Ayuso (2):
tests: shell: update format of registers in bitwise payloads.
configure: bump version for 1.8.7 release
Phil Sutter (21):
nft: Optimize class-based IP prefix matches
ebtables: Optimize masked MAC address matches
tests/shell: Add test for bitwise avoidance fixes
ebtables: Fix for broken chain renaming
iptables-test.py: Accept multiple test files on commandline
iptables-test.py: Try to unshare netns by default
libxtables: Extend MAC address printing/parsing support
xtables-arp: Don't use ARPT_INV_*
xshared: Merge some command option-related code
tests/shell: Test for fixed extension registration
extensions: dccp: Fix for DCCP type 'INVALID'
nft: Fix selective chain compatibility checks
nft: cache: Introduce nft_cache_add_chain()
nft: Implement nft_chain_foreach()
nft: cache: Move nft_chain_find() over
nft: Introduce struct nft_chain
nft: Introduce a dedicated base chain array
nft: cache: Sort custom chains by name
tests: shell: Drop any dump sorting in place
nft: Avoid pointless table/chain creation
tests/shell: Fix nft-only/0009-needless-bitwise_0
- Rootfile updated
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 16 Jan 2021 15:57:56 +0000 (16:57 +0100)]
logrotate: Update to 3.18.0
Exerpt from 'ChangeLog.md':
"## [3.18.0] - 2021-01-08
- allow UIDs and GIDs to be specified numerically (#217)
- add support for Zstandard compressed files (#355)
- make `delaycompress` not to fail with `rotate 0` (#341)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 14 Jan 2021 18:37:11 +0000 (19:37 +0100)]
sudo: Upgrade to 1.9.5p1
- Upgrade sudo from 1.8.10p3 to 1.9.5p1
- Move sudo from legacy release (1.8) branch to stable release (1.9) branch
- Update rootfile
- Changelog available at https://www.sudo.ws/changes.html
- Tested out on vm testbed and sudo is working correctly
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 13 Jan 2021 11:12:03 +0000 (11:12 +0000)]
ssh: Ignore any errors when stopping daemon
The SSH init script only kills the main daemon which leads to any child
processes (for remaining connections) being untouched.
killproc returns 4 (unknown error) when not all processes were killed
which is not intended here. Therefore we ignore the error and do not
pause the shut down process for a minute.
Fixes: #12544 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / pmueller / ipfire-2.x.git / log
