Adolf Belka [Mon, 23 Jan 2023 09:06:38 +0000 (10:06 +0100)]
ragel: Update to version 7.0.4
- Update from version 7.0.0.11 to 7.0.4
- Update of rootfile
- Changelog
updated language flags, catch abortcompile throw in non-ragel progs
7.0.3
This version of colm includes a critical fix for big-endian system. Fixes #61.
expect colm version 0.14.6 and version bump ragel to 7.0.3
7.0.2
Latest colm includes bugfixes for refcounting, which fixes a ragel issue with includes #58.
expect colm 0.14.5 and version bump to 7.0.2
7.0.1
removed accidental commit of ragel/.exrc
7.0.0.12
implemented NfaClear in asm codegen
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Mon, 23 Jan 2023 09:06:34 +0000 (10:06 +0100)]
colm: Update to version 0.14.7
- Update from version 0.13.0.6 to 0.14.7
- Update of rootfile
- patch from colm commit fc61ecb required to fix bug of make looking for static and
dynamic libs even if one of them was disabled
- Changelog is not available in source tarball or on website etc. Changes have to be
reviewed by the commits https://github.com/adrian-thurston/colm/commits/0.14.7
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sat, 21 Jan 2023 18:03:32 +0000 (19:03 +0100)]
python3-packaging: Update to version 23.0
- Update from version 21.3 to 23.0
- Update of rootfile
- Changelog
23.0
What's Changed
Remove unused LPAREN token from tokenizer by @hrnciar in #630
Reorganise the project layout and version management by @pradyunsg in #626
Correctly handle non-normalised specifiers in requirements by @pradyunsg in #634
Use stable Python 3.11 in tests by @153957 in #641
Fix typing for specifiers.BaseSpecifier.filter() by @henryiii in #643
Correctly handle trailing whitespace on URL requirements by @pradyunsg in #642
refactor _generic_api to use EXT_SUFFIX by @mattip in #607
Allow "extra" to be None in the marker environment by @pradyunsg in #650
Fix typos by @kianmeng in #648
Update changelog for release by @pradyunsg in #656
22.0
What's Changed
Fix compatible version specifier incorrectly strip trailing '0' by @kasium in #493
Remove support for Python 3.6 by @abravalheri in #500
Use concurrency limit in ci by @blink1073 in #510
Fix issue link in changelog. by @bdice in #509
chore: test with PyPy 3.8 & 3.9 by @mayeut in #512
Accept locally installed prereleases by @q0w in #515
Always run GHA workflows when they change by @mayeut in #516
Add __hash__/__eq__ to requirements by @abravalheri in #499
Upgrade to setup-python v3 and use caching for GHA by @brettcannon in #521
allow pre-release versions in marker evaluation by @graingert in #523
Error out from workflow on missing interpreter by @mayeut in #525
chore: update pre-commit config to the latest repos' versions by @mayeut in #534
chore: remove Windows PyPy 3.9 workaround on GHA by @mayeut in #533
Use pipx to run nox / build in GHA workflows by @mayeut in #517
Run tests with all PyPy versions locally by @mayeut in #535
Adhere to PEP 685 when evaluating markers with extras by @hroncok in #545
chore: update mypy and move to toml by @henryiii in #547
Normalize extra comparison in markers for output by @brettcannon in #549
Evaluate markers under environment with empty "extra" by @MrMino in #550
Do not set extra in default_environment() by @sbidoul in #554
Update extlinks strings to use a format string by @mayeut in #555
Update CI test workflow to use setup-python@v4 by @mayeut in #556
CI: Update actions/* to their latest major versions by @mayeut in #557
Fix a spelling mistake by @venthur in #558
fix: macOS platform tags with old macOS SDK by @mayeut in #513
Correctly parse ELF for musllinux on Big Endian by @uranusjr in #538
A metadata module with a data class for core metadata by @brettcannon in #518
Document utils.NormalizedName by @brettcannon in #565
Drop LegacySpecifier and LegacyVersion by @pradyunsg in #407
Move metadata, versions and specifiers API documentation to sphinx.ext.autodoc by @pradyunsg in #572
Demonstrate behaviour of SpecifierSet.__iter__ by @hauntsaninja in #575
Handwritten parser for parsing requirements by @hrnciar in #484
Add changelog entry for removal of pyparsing dependency by @hroncok in #581
Use Iterator instead of Iterable for specifier filter methods by @ichard26 in #584
Better output on linter failure by @henryiii in #478
Add a "cpNNN-none-any" tag by @joonis in #541
Document exceptions raised by functions in utils by @MrMino in #544
Refactor ELF parsing logic to standlone class by @uranusjr in #553
Forbid prefix version matching on pre-release/post-release segments by @mayeut in #563
Update coverage to >=5.0.0 by @mayeut in #586
Normalize specifier version for prefix matching by @mayeut in #561
Add python 3.11 by @mayeut in #587
Fix prefix version matching by @mayeut in #564
Remove duplicate namedtuple by @layday in #589
Update changelog by @pradyunsg in #595
Change email-related fields in Metadata to str by @brettcannon in #596
Add versionchanged for 21.3 by @brettcannon in #599
refactor: use flit as a backend by @henryiii in #546
Remove packaging.metadata by @pradyunsg in #603
Refactor nox requirements to use requirements files (#601) by @strokirk in #609
Improve Requirement/Marker parser with context-sensitive tokenisation by @pradyunsg in #624
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Sat, 21 Jan 2023 18:03:30 +0000 (19:03 +0100)]
borgbackup: Update to version 1.2.3 and fix bug 13032
- Update from version 1.2.0 to 1.2.3
- Update of rootfile
- This update works with python3-msgpack-1.0.4 and fixes bug 13032
- To make it work then the borgbackup-1.2.3-py3.10.egg-info directory must be the only
egg-info directory for borgbackup otherwise version 1.2.3 will end up with an error.
Versions 1.2.2 and earlier workled without any problem if there was an earlier egg-info
directory for a different version number. The borgbackup rootfile had the egg-info
directory commented out so an uninstall cleared the directory but did not remove it.
This patch has the egg-info directory in the rootfile uncommented and so an uninstall
removes the directory.
- borgbackup paks files created so that the uninstall.sh file will remove any egg-info
directory that starts with "borgbackup-1." as the first ever borgbackup was 1.0.12
When the old 1.2.0 or earlier borgbackup is uninstalled it will use the old default
paks uninstall.sh file and rootfile which will leave the old egg-info directory in
place. When version 1.2.3 is installed it will use the new install.sh script which
will remove any existing egg-info directories present still.
- Changelog
Version 1.2.3 (2022-12-24)
Upgrade notes:
Some things can be recommended for the upgrade process from borg 1.1.x (please also read the important compatibility notes below):
do you already want to upgrade? 1.1.x also will get fixes for a while.
be careful, first upgrade your less critical / smaller repos.
first upgrade to a recent 1.1.x release - especially if you run some older 1.1.* or even 1.0.* borg release.
using that, run at least one borg create (your normal backup), prune and especially a check to see everything is in a good state.
check the output of borg check - if there is anything special, consider a borg check --repair followed by another borg check.
if everything is fine so far (borg check reports no issues), you can consider upgrading to 1.2.x. if not, please first fix any already existing issue.
if you want to play safer, first create a backup of your borg repository.
upgrade to latest borg 1.2.x release (you could use the fat binary from github releases page)
run borg compact --cleanup-commits to clean up a ton of 17 bytes long files in your repo caused by a borg 1.1 bug
run borg check again (now with borg 1.2.x) and check if there is anything special.
run borg info (with borg 1.2.x) to build the local pre12-meta cache (can take significant time, but after that it will be fast) - for more details see below.
check the compatibility notes (see below) and adapt your scripts, if needed.
if you run into any issues, please check the github issue tracker before posting new issues there or elsewhere.
If you follow this procedure, you can help avoiding that we get a lot of “borg 1.2” issue reports that are not really 1.2 issues, but existed before and maybe just were not noticed.
Compatibility notes:
matching of path patterns has been aligned with borg storing relative paths. Borg archives file paths without leading slashes. Previously, include/exclude patterns could contain leading slashes. You should check your patterns and remove leading slashes.
dropped support / testing for older Pythons, minimum requirement is 3.8. In case your OS does not provide Python >= 3.8, consider using our binary, which does not need an external Python interpreter. Or continue using borg 1.1.x, which is still supported.
freeing repository space only happens when “borg compact” is invoked.
mount: the default for --numeric-ids is False now (same as borg extract)
borg create --noatime is deprecated. Not storing atime is the default behaviour now (use --atime if you want to store the atime).
--prefix is deprecated, use -a / --glob-archives, see #6806
list: corrected mix-up of “isomtime” and “mtime” formats. Previously, “isomtime” was the default but produced a verbose human format, while “mtime” produced a ISO-8601-like format. The behaviours have been swapped (so “mtime” is human, “isomtime” is ISO-like), and the default is now “mtime”. “isomtime” is now a real ISO-8601 format (“T” between date and time, not a space).
create/recreate --list: file status for all files used to get announced AFTER the file (with borg < 1.2). Now, file status is announced BEFORE the file contents are processed. If the file status changes later (e.g. due to an error or a content change), the updated/final file status will be printed again.
removed deprecated-since-long stuff (deprecated since):
command “borg change-passphrase” (2017-02), use “borg key …”
option “--keep-tag-files” (2017-01), use “--keep-exclude-tags”
option “--list-format” (2017-10), use “--format”
option “--ignore-inode” (2017-09), use “--files-cache” w/o “inode”
option “--no-files-cache” (2017-09), use “--files-cache=disabled”
removed BORG_HOSTNAME_IS_UNIQUE env var. to use borg you must implement one of these 2 scenarios:
the combination of FQDN and result of uuid.getnode() must be unique and stable (this should be the case for almost everybody, except when having duplicate FQDN and MAC address or all-zero MAC address)
if you are aware that 1) is not the case for you, you must set BORG_HOST_ID env var to something unique.
exit with 128 + signal number, #5161. if you have scripts expecting rc == 2 for a signal exit, you need to update them to check for >= 128.
Fixes:
create: fix --list --dry-run output for directories, #7209
diff/recreate: normalize chunker params before comparing them, #7079
check: fix uninitialised variable if repo is completely empty, #7034
xattrs: improve error handling, #6988
fix args.paths related argparsing, #6994
archive.save(): always use metadata from stats (e.g. nfiles, size, …), #7072
tar_filter: recognize .tar.zst as zstd, #7093
get_chunker: fix missing sparse=False argument, #7056
file_integrity.py: make sure file_fd is always closed on exit
repository: cleanup(): close segment before unlinking
repository: use os.replace instead of os.rename
Other changes:
remove python < 3.7 compatibility code
do not use version_tuple placeholder in setuptools_scm template
CI: fix tox4 passenv issue, #7199
vagrant: update to python 3.9.16, use the openbsd 7.1 box
misc. test suite and docs fixes / improvements
remove deprecated --prefix from docs, #7109
Windows: use MSYS2 for Github CI, remove Appveyor CI
Version 1.2.2 (2022-08-20)
New features:
prune/delete --checkpoint-interval=1800 and ctrl-c/SIGINT support, #6284
Fixes:
SaveFile: use a custom mkstemp with mode support, #6933, #6400, #6786. This fixes umask/mode/ACL issues (and also “chmod not supported” exceptions seen in 1.2.1) of files updated using SaveFile, e.g. the repo config.
hashindex_compact: fix eval order (check idx before use), #5899
create --paths-from-(stdin|command): normalize paths, #6778
secure_erase: avoid collateral damage, #6768. If a hardlink copy of a repo was made and a new repo config shall be saved, do NOT fill in random garbage before deleting the previous repo config, because that would damage the hardlink copy.
list: fix {flags:<WIDTH>} formatting, #6081
check: try harder to create the key, #5719
misc commands: ctrl-c must not kill other subprocesses, #6912
borg create with a remote repo via ssh
borg create --content-from-command
borg create --paths-from-command
(de)compression filter process of import-tar / export-tar
Other changes:
deprecate --prefix, use -a / --glob-archives, see #6806
make setuptools happy (“package would be ignored”), #6874
fix pyproject.toml to create a fixed _version.py file, compatible with both old and new setuptools_scm version, #6875
automate asciinema screencasts
CI: test on macOS 12 without fuse / fuse tests (too troublesome on github CI due to kernel extensions needed by macFUSE)
tests: fix test_obfuscate byte accounting
repository: add debug logging for issue #6687
_chunker.c: fix warnings on macOS
requirements.lock.txt: use the latest cython 0.29.32
docs:
add info on man page installation, #6894
update archive_progress json description about “finished”, #6570
json progress_percent: some values are optional, #4074
FAQ: full quota / full disk, #5960
correct shell syntax for installation using git
Version 1.2.1 (2022-06-06)
Fixes:
create: skip with warning if opening the parent dir of recursion root fails, #6374
create: fix crash. metadata stream can produce all-zero chunks, #6587
fix crash when computing stats, escape % chars in archive name, #6500
fix transaction rollback: use files cache filename as found in txn.active/, #6353
import-tar: kill filter process in case of borg exceptions, #6401 #6681
import-tar: fix mtime type bug
ensure_dir: respect umask for created directory modes, #6400
SaveFile: respect umask for final file mode, #6400
check archive: improve error handling for corrupt archive metadata block, make robust_iterator more robust, #4777
pre12-meta cache: do not use the cache if want_unique is True, #6612
fix scp-style repo url parsing for ip v6 address, #6526
mount -o versions: give clear error msg instead of crashing. it does not make sense to request versions view if you only look at 1 archive, but the code shall not crash in that case as it did, but give a clear error msg.
show_progress: add finished=true/false to archive_progress json, #6570
delete/prune: fix --iec mode output (decimal vs. binary units), #6606
info: fix authenticated mode repo to show “Encrypted: No”, #6462
diff: support presence change for blkdev, chrdev and fifo items, #6615
New features:
delete: add repository id and location to prompt, #6453
borg debug dump-repo-objs --ghost: new --segment=S --offset=O options
Other changes:
support python 3.11
allow msgpack 1.0.4, #6716
load_key: no key is same as empty key, #6441
give a more helpful error msg for unsupported key formats, #6561
better error msg for defect or unsupported repo configs, #6566
docs:
document borg 1.2 pattern matching behavior change, #6407 Make clear that absolute paths always go into the matcher as if they are relative (without leading slash). Adapt all examples accordingly.
authentication primitives: improved security and performance infos
mention BORG_FILES_CACHE_SUFFIX as alternative to BORG_FILES_CACHE_TTL, #5602
FAQ: add a hint about --debug-topic=files_cache
improve borg check --max-duration description
fix values of TAG bytes, #6515
borg compact --cleanup-commits also runs a normal compaction, #6324
virtualization speed tips
recommend umask for passphrase file perms
borg 1.2 is security supported
update link to ubuntu packages, #6485
use --numeric-ids in pull mode docs
remove blake2 docs, blake2 code not bundled any more, #6371
clarify on-disk order and size of segment file log entry fields, #6357
docs building: do not transform --/--- to unicode dashes
tests:
check that borg does not require pytest for normal usage, fixes #6563
fix OpenBSD symlink mode test failure, #2055
vagrant:
darwin64: remove fakeroot, #6314
update development.lock.txt
use pyinstaller 4.10 and python 3.9.13 for binary build
upgrade VMCPUS and xdistn from 4 to 16, maybe this speeds up the tests
crypto:
use hmac.compare_digest instead of ==, #6470
hmac_sha256: replace own cython wrapper code by hmac.digest python stdlib (since py38)
hmac and blake2b minor optimizations and cleanups
removed some unused crypto related code, #6472
avoid losing the key (potential use-after-free). this never could happen in 1.2 due to the way we use the code. The issue was discovered in master after other changes, so we also “fixed” it here before it bites us.
setup / build:
add pyproject.toml, fix sys.path, #6466
setuptools_scm: also require it via pyproject.toml
allow extra compiler flags for every extension build
fix misc. C / Cython compiler warnings, deprecation warnings
fix zstd.h include for bundled zstd, #6369
source using python 3.8 features: pyupgrade --py38-plus ./**/*.py
Fixes: Bug #13032 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Mon, 23 Jan 2023 09:06:36 +0000 (10:06 +0100)]
fontconfig: Update to version 2.14.1
- Update from version 2.13.1 (2018) to 2.14.1 (Oct 2022) - 8 versions
- Update of rootfile
- Changelog is the gitlab repository commits
https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commits/main/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Mon, 23 Jan 2023 09:06:35 +0000 (10:06 +0100)]
ethtool: Update to version 6.1
- Update from version 6.0 to 6.1
- Update of rootfile not required
- Changelog after 2005 is only available by reviewing the git commits
https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Mon, 23 Jan 2023 09:06:37 +0000 (10:06 +0100)]
fuse: Update to version 3.13.0
- Update from version 3.11.0 to 3.13.0
- Update of rootfile
- Changelog
libfuse 3.13.0 (2023-01-13)
- There is a new low-level API function `fuse_session_custom_io` that allows to implement
a daemon with a custom io. This can be used to create a daemon that can process incoming
FUSE requests to other destinations than `/dev/fuse`.
- A segfault when loading custom FUSE modules has been fixed.
- There is a new `fuse_notify_expire_entry` function.
- A deadlock when resolving paths in the high-level API has been fixed.
- libfuse can now be build explicitly for C libraries without symbol versioning support.
libfuse 3.12.0 (2022-09-08)
- There is a new build parameter to specify where the SysV init script should be
installed.
- The *max_idle_threads* parameter has been deprecated in favor of the new max_threads*
parameter (which avoids the excessive overhead of creating and destructing threads).
Using max_threads == 1 and calling fuse_session_loop_mt() will run single threaded
similar to fuse_session_loop().
The following changes apply when using the most recent API (-DFUSE_USE_VERSION=312,
see `example/passthrough_hp.cc` for an example for how to usse the new API):
- `struct fuse_loop_config` is now private and has to be constructed using
- fuse_loop_cfg_create()* and detroyed with *fuse_loop_cfg_destroy()*. Parameters can be
- changed using `fuse_loop_cfg_set_*()` functions.
- fuse_session_loop_mt()* now accepts `struct fuse_loop_config *` as NULL pointer.
- fuse_parse_cmdline()* now accepts a *max_threads* option.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 19 Jan 2023 19:07:01 +0000 (20:07 +0100)]
sudo: Update to version 1.9.12p2
- Update from version 1.9.12p1 to 1.9.12p2
- Update of rootfile not required
- Changelog
1.9.12p2
Fixed a compilation error on Linux/aarch64. GitHub issue #197.
Fixed a potential crash introduced in the fix GitHub issue #134. If a user’s
sudoers entry did not have any RunAs user’s set, running sudo -U otheruser -l
would dereference a NULL pointer.
Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a
I/O files when the iolog_file sudoers setting contains six or more Xs.
Fixed a compilation issue on AIX with the native compiler. GitHub issue #231.
Fixed CVE-2023-22809, a flaw in sudo’s -e option (aka sudoedit) that could
allow a malicious user with sudoedit privileges to edit arbitrary files. For
more information, see https://www.sudo.ws/security/advisories/sudoedit_any
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 19 Jan 2023 19:06:44 +0000 (20:06 +0100)]
hwdata: Update of pci and usb ids files
- Update pci.ids from version 2022.12.04 to 2023.01.18
- Update usb.ids from version 2022.12.09 to 2023.01.16
- Update of rootfile not required
- Update of LFS not required
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Matthias Fischer [Thu, 19 Jan 2023 17:40:34 +0000 (18:40 +0100)]
mc: Update to 4.8.29
For details see:
https://midnight-commander.org/wiki/NEWS-4.8.29
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.29
Summary:
"Major changes since 4.8.28
Core
Add more options for panel filter (#1373):
"Files only" (#4209)
"Case sensitive" (#4334)
"Using shell patterns"
Continue copy after interrupt (#4409)
Restore menu accelerator for "Sort order": back to "S"; change menu
accelerator for "SFTP link" to "N" (#4373)
Add support for cross-compilation with PERL path different between
--build and --host (#4399)
Bootstrap with autotools providing direct support for Apple M1
Port mc.ext to INI format and rename to mc.ext.ini (#4141, #3742,
#3191)
Implement compound (AND) conditions (Type/Shell? and Type/Regex?
pairs) to disambiguate overloaded extensions
There is no fallback to previous mc.ext format
VFS
Editor
Change location of all user's syntax related stuff to
~/.local/share/mc/syntax/ directory (#4413)
syntax/Syntax: document location of syntax files (#4320)
Improvements of syntax highlighting:
YAML: improve multiline blocks highliting (#4059)
New syntax highlighting:
Privoxy (https://www.privoxy.org) actions files (#4384)
TOML (Tom's Obvious Minimal Language) (#4412)
Viewer
Diff viewer
Misc
Code cleanup (#4357, #4397, #4425)
sqlite3 view: use 'immutable=1' URI parameter to prevent leaving
wal/shm files after viewing sqlite database (#4369) Support of contour
terminal emulator (https://github.com/contour-terminal/contour)
(#4396)
mc.ext.ini: clarify regex for makefiles (#4419)
Remove empty hints translations by setting 5% threshold (#3608)
Fixes
Fail to build with only SFTP network VFS is enabled (#4420)
Crash on quick view of archives (#4398)
Wrong description of --enable-configure-args option (#4400)
Wrong version sort (#4374)
No subshell if subshell is initializing more than 1 second (#3121)
Filter keyboard shortcut only affects left panel (#4383)
File type check does not work with special character in filename
(#4377) Select files keeping the right mouse button pressed doesn't
select all files (#4381)
Cannot scroll panel listing upwards using mouse (#4119)
"Directory Compare" doesn't correct work with panelization (#3220)
Wrong decompressing of zip files in quick view panel (#4404)
mc.ext: 'include' keyword (for command class def) have no effect if it
was defined before 'Include' keyword (for command def) (#2773) mcedit:
infinite loop when deleting a macro (#4391)
mcviewer: segfault when switching from raw to parsed mode and back
(#4401) Broken handling of zip archives (#4368)
FISH subshell: commands don't work after window resize (#4372)
FTP VFS: doesn't reconnect to server after timeout (#3670)
FISH VFS: cannot remove non-empty directory (#4364)
EXTFS VFS: segfault if archive contains file(s) in the parent directory
(#4422, #4427) Tests: variable redeclaration in filevercmp_test5
(#4358)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Mon, 19 Dec 2022 09:12:36 +0000 (10:12 +0100)]
general-functions.pl: Fix for bug#12937
- The check for validwildcarddomainname did not allow wildcards of the form
*.ipfire.org* which is the example given on the proxy.cgi page for excluded url's
for the wpad file.
- A forum user sufferred from this problem and the bug was raised for it.
https://community.ipfire.org/t/proxy-cgi-error-message-when-use-wildcard-in-wpad-excluded-url-s/8597
forum user has tested the patch change and confirmed it solves the problem.
Fixes: Bug#12937 Suggested-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Adolf Belka [Thu, 5 Jan 2023 18:21:10 +0000 (19:21 +0100)]
sdl2: Update to version 2.26.2
- Update from version 2.26.0 to 2.26.2
- Update of rootfile
- Changelog
2.26.2 Latest
This is a stable bugfix release, with the following changes:
Fixed long delay at startup when a Razer keyboard is connected
Fixed not receiving SDLK_5 or SDL_SCANCODE_5 when using the AZERTY keyboard
layout on Linux
2.26.1
This is a stable bugfix release, with the following changes:
Improved audio resampling quality
Fixed crash if SDL_GetPointDisplayIndex() or SDL_GetRectDisplayIndex() are
called before SDL_VideoInit()
Fixed building with older Xcode and macOS SDK
Fixed building when not using shared Wayland libraries
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 5 Jan 2023 18:21:07 +0000 (19:21 +0100)]
hdparm: Update to version 9.65
- Update from version 9.64 to 9.65
- Update of rootfile not required
- fix glibc headers patch updated for hdparm-9.65
- Changelog
hdparm-9.65:
- Another --Istdin fix: cannot read log pages when no device specified
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 5 Jan 2023 18:21:05 +0000 (19:21 +0100)]
grep: Update to version 3.8
- Update from version 3.7 to 3.8
- Update of rootfile not required
- Changelog
* Noteworthy changes in release 3.8 (2022-09-02) [stable]
** Changes in behavior
The -P option is now based on PCRE2 instead of the older PCRE,
thanks to code contributed by Carlo Arenas.
The egrep and fgrep commands, which have been deprecated since
release 2.5.3 (2007), now warn that they are obsolescent and should
be replaced by grep -E and grep -F.
The confusing GREP_COLOR environment variable is now obsolescent.
Instead of GREP_COLOR='xxx', use GREP_COLORS='mt=xxx'. grep now
warns if GREP_COLOR is used and is not overridden by GREP_COLORS.
Also, grep now treats GREP_COLOR like GREP_COLORS by silently
ignoring it if it attempts to inject ANSI terminal escapes.
Regular expressions with stray backslashes now cause warnings, as
their unspecified behavior can lead to unexpected results.
For example, '\a' and 'a' are not always equivalent
<https://bugs.gnu.org/39678>. Similarly, regular expressions or
subexpressions that start with a repetition operator now also cause
warnings due to their unspecified behavior; for example, *a(+b|{1}c)
now has three reasons to warn. The warnings are intended as a
transition aid; they are likely to be errors in future releases.
Regular expressions like [:space:] are now errors even if
POSIXLY_CORRECT is set, since POSIX now allows the GNU behavior.
** Bug fixes
In locales using UTF-8 encoding, the regular expression '.' no
longer sometimes fails to match Unicode characters U+D400 through
U+D7FF (some Hangul Syllables, and Hangul Jamo Extended-B) and
Unicode characters U+108000 through U+10FFFF (half of Supplemental
Private Use Area plane B).
[bug introduced in grep 3.4]
The -s option no longer suppresses "binary file matches" messages.
[Bug#51860 introduced in grep 3.5]
** Documentation improvements
The manual now covers unspecified behavior in patterns like \x, (+),
and range expressions outside the POSIX locale.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Thu, 5 Jan 2023 18:21:06 +0000 (19:21 +0100)]
haproxy: Update to version 2.7.1
- Update from version 2.6.0 to 2.7.1
- Update of rootfile not required
- Changelog is too large to include here. Details can be obtained from CHANGELOG in source
tarball or from https://www.haproxy.org/download/2.7/src/CHANGELOG
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 20221107 to 20221226
- Update of rootfile not required
- Update of IANA's Assigned Internet Protocol Numbers - updated on daily basis and
provided as tarball on a weekly basis.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 17 Jan 2023 12:41:31 +0000 (13:41 +0100)]
iptables: Update to version 1.8.9
- Update from version 1.8.8 to 1.8.9
- Update of rootfile
- Changelog
xtables-monitor: add missing spaces in printed str
build: Fix error during out of tree build
iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode
iptables.8: mention that iptables exits when setuid
extensions: libxt_conntrack: remove always-false conditionals
nft: fix ebtables among match when mac+ip addresses are used
nft: support dissection of meta pkktype mode
nft: prefer native 'meta pkttype' instead of xt match
extensions: libxt_pkttype: support otherhost
nft: support ttl/hoplimit dissection
nft: prefer payload to ttl/hl module
nft: un-break among match with concatenation
Revert "nft: prefer payload to ttl/hl module"/'meta pkttype' match.
nft: track each register individually
tests: extend native delinearize script
nft: check for unknown meta keys
iptables-nft: exit nonzero when iptables-save cannot decode all expressions
xlate: get rid of escape_quotes
extensions: change expected output for new format
xlate-test: avoid shell entanglements
nft-bridge: work around recent "among" decode breakage
extensions: add xt_statistics random mode translation
netfilter: add nf_log.h
treewide: use uint* instead of u_int*
nft: replace nftnl_.*_nlmsg_build_hdr() by nftnl_nlmsg_build_hdr()
nft-shared: replace nftnl_expr_get_data() by nftnl_expr_get()
xshared: Fix build for -Werror=format-security
Revert "fix build for missing ETH_ALEN definition"
tests: shell: Check overhead in iptables-save and -restore
libxtables: Unexport init_extensions*() declarations
arptables: Support -x/--exact flag
iptables-legacy: Drop redundant include of xtables-multi.h
xshared: Make some functions static
Makefile: Add --enable-profiling configure option
tests: shell: Add some more rules to 0002-verbose-output_0
tests: shell: Extend iptables-xml test a bit
tests: shell: Extend zero counters test a bit further
extensions: libebt_standard.t: Test logical-{in,out} as well
ebtables-restore: Deny --init-table
extensions: string: Do not print default --to value
extensions: string: Review parse_string() function
extensions: string: Fix and enable tests
nft: Exit if nftnl_alloc_expr fails
libxtables: Move struct xtables_afinfo into xtables.h
libxtables: Define XT_OPTION_OFFSET_SCALE in xtables.h
libxtables: Fix unsupported extension warning corner case
tests: shell: Fix testcases for changed ip6tables opts output
xshared: Fix for missing space after 'prot' column
xshared: Print protocol numbers if --numeric was given
xtables-restore: Extend failure error message
nft: Expand extended error reporting to nft_cmd, too
tests: shell: Test delinearization of native nftables expressions
ebtables: Drop unused OPT_* defines
ebtables: Eliminate OPT_TABLE
ebtables: Merge OPT_* flags with xshared ones
nft-shared: Introduce __get_cmp_data()
ebtables: Support '-p Length'
ebtables: Fix among match
nft: Fix meta statement parsing
nft-bridge: Drop 'sreg_count' variable
tests: iptables-test: Simplify '-N' option a bit
tests: iptables-test: Simplify execute_cmd() calling
tests: iptables-test: Pass netns to execute_cmd()
tests: iptables-test: Test both variants by default
extensions: among: Remove pointless fall through
extensions: among: Fix for use with ebtables-restore
extensions: libebt_stp: Eliminate duplicate space in output
extensions: libip6t_dst: Fix output for empty options
extensions: TCPOPTSTRIP: Do not print empty options
extensions: libebt_log: Avoid empty log-prefix in output
tests: IDLETIMER.t: Fix syntax, support for restore input
tests: libebt_stp.t: Drop duplicate whitespace
tests: shell: Fix expected output for ip6tables dst match
tests: shell: Fix expected ebtables log target output
libiptc: Fix for segfault when renaming a chain
nft: Fix compile with -DDEBUG
extensions: NFQUEUE: Document queue-balance limitation
tests: iptables-test: Implement fast test mode
tests: iptables-test: Cover for obligatory -j CONTINUE in ebtables
tests: *.t: Fix expected output for simple calls
tests: *.t: Fix for hexadecimal output
tests: libebt_redirect.t: Plain redirect prints with trailing whitespace
tests: libxt_length.t: Fix odd use-case output
tests: libxt_recent.t: Add missing default values
tests: libxt_tos.t, libxt_TOS.t: Add missing masks in output
tests: libebt_vlan.t: Drop trailing whitespace from rules
tests: libxt_connlimit.t: Add missing default values
tests: *.t: Add missing all-one's netmasks to expected output
extensions: DNAT: Fix bad IP address error reporting
extensions: *NAT: Drop NF_NAT_RANGE_PROTO_RANDOM* flag checks
extensions: DNAT: Use __DNAT_xlate for REDIRECT, too
extensions: DNAT: Generate print, save and xlate callbacks
extensions: DNAT: Rename some symbols
extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE
tests: xlate-test: Cleanup file reading loop
tests: xlate-test.py: Introduce run_proc()
tests: xlate-test: Replay results for reverse direction testing
xshared: Share make_delete_mask() between ip{,6}tables
nft-shared: Introduce port_match_single_to_range()
extensions: libip*t_LOG: Merge extensions
extensions: libebt_ip: Include kernel header
extensions: libebt_arp, libebt_ip: Use xtables_ipparse_any()
extensions: Collate ICMP types/codes in libxt_icmp.h
extensions: Unify ICMP parser into libxt_icmp.h
Drop extra newline from xtables_error() calls
extensions: mark: Test double bitwise in a rule
extensions: libebt_mark: Fix mark target xlate
extensions: libebt_mark: Fix xlate test case
extensions: libebt_redirect: Fix xlate return code
extensions: libipt_ttl: Sanitize xlate callback
extensions: CONNMARK: Fix xlate callback
extensions: MARK: Sanitize MARK_xlate()
extensions: TCPMSS: Use xlate callback for IPv6, too
extensions: TOS: Fix v1 xlate callback
extensions: ecn: Sanitize xlate callback
extensions: tcp: Translate TCP option match
extensions: libebt_log: Add comment to clarify xlate callback
extensions: frag: Add comment to clarify xlate callback
extensions: ipcomp: Add comment to clarify xlate callback
libxtables: xt_xlate_add() to take care of spacing
extensions: Leverage xlate auto-spacing
extensions: libxt_conntrack: Drop extra whitespace in xlate
extensions: xlate: Format sets consistently
tests: shell: Test selective ebtables flushing
tests: shell: Fix valgrind mode for 0008-unprivileged_0
iptables-restore: Free handle with --test also
iptables-xml: Free allocated chain strings
nft: Plug memleak in nft_rule_zero_counters()
iptables: Plug memleaks in print_firewall()
xtables: Introduce xtables_clear_iptables_command_state()
iptables: Properly clear iptables_command_state object
xshared: Free data after printing help
libiptc: Eliminate garbage access
ebtables: Implement --check command
tests: xlate: Use --check to verify replay
nft: Fix for comparing ifname matches against nft-generated ones
nft: Fix match generator for '! -i +'
nft: Recognize INVAL/D interface name
xtables-translate: Fix for interfaces with asterisk mid-string
ebtables: Fix MAC address match translation
Makefile: Create LZMA-compressed dist-files
Drop INCOMPATIBILITIES file
Drop libiptc/linux_stddef.h
Makefile: Generate ip6tables man pages on the fly
extensions: Makefile: Merge initext targets
iptables/Makefile: Reorg variable assignments
iptables/Makefile: Split nft-variant man page list
Makefile: Fix for 'make distcheck'
Makefile: Generate .tar.xz archive with 'make dist'
include/Makefile: xtables-version.h is generated
tests: Adjust testsuite return codes to automake guidelines
Makefile.am: Integrate testsuites
nft: Parse icmp header matches
arptables: Check the mandatory ar_pln match
nft: Increase rule parser strictness
nft: Make rule parsing errors fatal
nft: Reject tcp/udp extension without proper protocol match
gitignore: Ignore utils/nfsynproxy
gitignore: Ignore generated ip6tables man pages
ebtables-translate: Install symlink
Makefile: Replace brace expansion
configure: Bump version for 1.8.9 release
tests: add ebtables among testcase
xt_sctp: support a couple of new chunk types
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 8 Jan 2023 21:40:49 +0000 (22:40 +0100)]
ghostscript: Update to version 10.0.0
- Update from version 9.56.1 to 10.0.0
- Update of rootfile
- Changelog on website has following entry
From 9.55.0 onwards, in recognition of how unwieldy very large HTML files can become
(History9.html had reached 8.1Mb!), we intend to only include the summary highlights
For anyone wanting the full details of the changes in a release, we ask them to look
at the history in our public git repository: ghostpdl-10.00.0 log.
If this change does not draw negative feedback, History?.htm file(s) will be removed
from the release archives.
- History?.htm files are no longer part of the release tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 8 Jan 2023 21:41:36 +0000 (22:41 +0100)]
libtiff: Update to version 4.5.0
- Update from version 4.4.0 to 4.5.0
- Update o0f rootfile
- sobump requires shipping of core programs poppler (covered by update patch) and perl
together with addons cups-filters and spandsp (covered by PAK_VER updates in patch
series.
- Changelog is t6oo long to include here. For details see the ChangeLog file in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 17 Jan 2023 14:03:58 +0000 (15:03 +0100)]
ovpnmain.cgi: Fix for bug 13030 - Table style rendering bug
- In six places <td class'base'> has been used instead of <td class='base'>
- This patch fixes that error - tested on my vm testbed. Selecting Inspect Element now
shows the corrrect result rather than class 'base' being set to null.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Adolf Belka [Sun, 8 Jan 2023 21:40:53 +0000 (22:40 +0100)]
xfsprogs: Update to version 6.1.0
- Update from version 5.18.0 to 6.1.0
- Update of rootfile
- Changelog
There is no changelog in the source tarball or in the kernel site where the source
tarballs are available from. xfs.org, which normally provides access to the git
repository, fails to connect. xfs.wiki.kernel.org has no changelog info in it.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 8 Jan 2023 21:40:51 +0000 (22:40 +0100)]
poppler: Update to version 23.01.0
- Update from version 22.11.0 to 23.01.0
- Update of rootfile
- sobump checked with find-dependencies but not other programs other than from poppler
are flagged up.
- Changelog
Release 23.01.0:
core:
* PDFDoc::sign: Fix crash if font can't be found
* PDFDoc::sign: Try Arial to sign if Helvetica isn't found
* FoFiType1::parse: Be more flexible parsing the encoding content. Issue #1324
* Gfx::opBeginMarkedContent: Support Span with Name. Issue #1327
* Splash: Avoid color issues due to implicit rounding
* Splash: Fix crash on malformed file.
* CairoOutputDev: Ignore text rendering mode for type3 fonts
* Remove unused FoFiType1::load function
build system:
* Increase minimum required versions of several dependencies
* Improve include path handling
qt6:
- Use less deprecated functions
Release 22.12.0:
core:
* Form::addFontToDefaultResources: Be stubborn in finding a font we can use.
Issue #1272
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 8 Jan 2023 21:40:50 +0000 (22:40 +0100)]
mpfr: Update to version 4.2.0
- Update from version 4.1.1 to 4.2.0
- Update of rootfile
- Changelog
Changes from versions 4.1.1 to version 4.2.0
Binary compatible with MPFR 4.0.* and 4.1.*, though some minor changes in
the behavior of the formatted output functions may be visible, regarded as
underspecified behavior or bug fixes (see below).
New functions mpfr_cosu, mpfr_sinu, mpfr_tanu, mpfr_acosu, mpfr_asinu,
mpfr_atanu and mpfr_atan2u.
New functions mpfr_cospi, mpfr_sinpi, mpfr_tanpi, mpfr_acospi, mpfr_asinpi,
mpfr_atanpi and mpfr_atan2pi.
New functions mpfr_log2p1, mpfr_log10p1, mpfr_exp2m1, mpfr_exp10m1 and
mpfr_compound_si.
New functions mpfr_fmod_ui, mpfr_powr, mpfr_pown, mpfr_pow_uj, mpfr_pow_sj
and mpfr_rootn_si (mpfr_pown is actually a macro defined as an alias for
mpfr_pow_sj).
Bug fixes.
In particular, for the formatted output functions (mpfr_printf, etc.),
the case where the precision consists only of a period has been fixed
to be like .0 as specified in the ISO C standard, and the manual has
been corrected and clarified.
The macros of the custom interface have also been fixed: they now behave
like functions (except a minor limitation for mpfr_custom_init_set).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 1 Jan 2023 11:34:34 +0000 (12:34 +0100)]
file: Update to version 5.44
- Update from version 5.40 to 5.44
- Update of rootfile not required
- Changelog
* release 5.44
* Handle nan's so that we don't get internal floating point exceptions
when they are enabled (Vincent Mihalkovic)
* PR/397: Restore the ability to process files from stdin immediately.
* fixed various clustefuzz issues
* Fix error detection for decompression code (Vincent Mihalkovic)
* Add MAGIC_NO_COMPRESS_FORK and use it to produce a more
meaningful error message if we are sandboxing.
* Add built-in lzip decompression support (Michal Gorny)
* Add built-in zstd decompression support (Martin Rodriguez Reboredo)
* release 5.43
* Add octal indirect magic (Michal Gorny)
* PR/374: avoid infinite loop in non-wide code (piru)
* PR/373: Obey MAGIC_CONTINUE with multiple magic files (vismarli)
* Fix bug with large flist (Florian Weimer)
* PR/364: Detect non-nul-terminated core filenames from QEMU
(mam-ableton)
* PR/359: Add support for http://ndjson.org/ (darose)
* PR/362: Fix wide printing (ro-ee)
* PR/358: Fix width for -f - (jpalus)
* PR/356: Fix JSON constant parsing (davewhite)
* release 5.42
* PR/348: add missing cases to prevent file from aborting on
random magic files.
* PR/351: octalify filenames when not raw before printing.
* fix regex cacheing bug (Dirk Mueller)
* merge file_regcomp and file_regerror() to simplify the code
and reduce memory requirements for storing regexes (Dirk Mueller)
* cache regex (Dirk Mueller)
* detect filesystem full by flushing output (Dirk Mueller)
* implement running decompressor programs using
posix_spawnp(2) instead of vfork(2)
* Add support for msdos dates and times
* use the system byte swapping functions if available (Werner Fink)
* release 5.41
* Avinash Sonawane: Fix tzname detection
* Fix relationship tests with "search" magic, don't short circuit
logic
* Fix memory leak in compile mode
* PR/272: kiefermat: Only set returnval = 1 when we printed something
(in all cases print or !print). This simplifies the logic and fixes
the issue in the PR with -k and --mime-type there was no continuation
printed before the default case.
* PR/270: Don't translate unprintable characters in %s magic formats
when -r
* PR/269: Avoid undefined behavior with clang (adding offset to NULL)
* Add a new flag (f) that requires that the match is a full word,
not a partial word match.
* Add varint types (unused)
* PR/256: mutableVoid: If the file is less than 3 bytes, use the file
length to determine type
* PR/259: aleksandr.v.novichkov: mime printing through indirect magic
is not taken into account, use match directly so that it does.
* count the total bytes found not the total byte positions
in order to determine encoding (Anatol Belski)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3400000 to 3400100
- Update of rootfile not required
- Changelog
3.40.1
-Fix the --safe command-line option to the CLI such that it correctly disallows
the use of SQL functions like writefile() that can cause harmful side-effects.
-Fix a potential infinite loop in the memsys5 alternative memory allocator. This
bug was introduced by a performance optimization in version 3.39.0.
-Various other obscure fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 1 Jan 2023 14:07:12 +0000 (15:07 +0100)]
keyutils: Update to version 1.6.3
- Update from version 1.5.11 to 1.6.3
- Update of rootfile
- Changelog is not available in source tarball. Only source for changes is the git repository
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 1 Jan 2023 14:07:13 +0000 (15:07 +0100)]
knot: Update to version 3.2.4
- Update from version 3.1.7 to 3.2.4
- Update of rootfile
- find-dependencies run and only thing showing as depending on the libs are knot itself.
- Changelog
Knot DNS 3.2.4 (2022-12-12)
Improvements:
- knotd: significant speed-up of catalog zone update processing
- knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh
- knotd: reworked zone re-bootstrap scheduling to be less progressive
- mod-synthrecord: module can work with CIDR-style reverse zones #826
- python: new libknot wrappers for some dname transformation functions
- doc: a few fixes and improvements
Bugfixes:
- knotd: incomplete zone is received when IXFR falls back to AXFR due to
connection timeout if primary puts initial SOA only to the first message
- knotd: first zone re-bootstrap is planned after 24 hours
- knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone
- knotd: catalog zone can expire upon EDNS EXPIRE processing
- knotd: DNSSEC signing doesn't fail if no offline KSK records available
Knot DNS 3.2.3 (2022-11-20)
Improvements:
- knotd: new per-zone DS push configuration option (see 'zone.ds-push')
- libs: upgraded embedded libngtcp2 to 0.11.0
Bugfixes:
- knsupdate: program crashes when sending an update
- knotd: server drops more responses over UDP under higher load
- knotd: missing EDNS padding in responses over QUIC
- knotd: some memory issues when handling unusual QUIC traffic
- kxdpgun: broken IPv4 source subnet processing
- kdig: incorrect handling of unsent data over QUIC
Knot DNS 3.2.2 (2022-11-01)
Features:
- knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode
- knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay')
- kdig: support for JSON (RFC 8427) output format (see '+json')
- kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk)
Improvements:
- mod-geoip: module respects the server configuration of answer rotation
- libs: upgraded embedded libngtcp2 to 0.10.0
- tests: improved robustness of some unit tests
- doc: added description of zone bootstrap re-planning
Bugfixes:
- knotd: catalog confusion when a member is added and immediately deleted #818
- knotd: defective handling of short messages with PROXYv2 header #816
- knotd: inconsistent processing of malformed messages with PROXYv2 header #817
- kxdpgun: incorrect XDP mode is logged
- packaging: outdated dependency check in RPM packages
Knot DNS 3.2.1 (2022-09-09)
Improvements:
- libknot: added compatibility with libbpf 1.0 and libxdp
- libknot: removed some trailing white space characters from textual RR format
- libs: upgraded embedded libngtcp2 to 0.8.1
Bugfixes:
- knotd: some non-DNS packets not passed to OS if XDP mode enabled
- knotd: inappropriate log about QUIC port change if QUIC not enabled
- knotd/kxdpgun: various memory leaks related to QUIC and TCP
- kxdpgun: can crash at high rates in emulated XDP mode
- tests: broken XDP-TCP test on 32-bit platforms
- kdig: failed to build with enabled QUIC on OpenBSD
- systemd: failed to start server due to TemporaryFileSystem setting
- packaging: missing knot-dnssecutils package on CentOS 7
Knot DNS 3.2.0 (2022-08-22)
Features:
- knotd: finalized TCP over XDP implementation
- knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic')
- knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management')
- knotd: support for remote grouping in configuration (see 'groups' section)
- knotd: implemented EDNS Expire option (RFC 7314)
- knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1
- knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762
- knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label')
- knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https
- keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens)
- kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter)
- kdig: new DNS over QUIC support (see '+quic')
Improvements:
- knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS
- knotd: RRSIG refresh values don't have to match in the mode Offline KSK
- knotd: better decision whether AXFR fallback is needed upon a refresh error
- knotd: NSEC3 resalt event was merged with the DNSSEC event
- knotd: server logs when the connection to remote was taken from the pool
- knotd: server logs zone expiration time when the zone is loaded
- knotd: DS check verifies removal of old DS during algorithm rollover
- knotd: DNSSEC-related records can be updated via DDNS
- knotd: new 'xdp.udp' configuration option for disabling UDP over XDP
- knotd: outgoing NOTIFY is replanned if failed
- knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones
- knotd: DNSSEC-related zone semantic checks use DNSSEC validation
- knotd: new configuration value 'query' for setting ACL action
- knotd: new check on near end of imported Offline KSK records
- knotd/knotc: implemented zone catalog purge, including orphaned member zones
- knotc: interactive mode supports catalog zone completion, value completion, and more
- knotc: new default brief and colorized output from zone status
- knotc: unified empty values in zone status output
- keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode
- kjournalprint: path to journal DB is automatically taken from the configuration,
which can be specified using '-c', '-C' (or '-D')
- kcatalogprint: path to catalog DB is automatically taken from the configuration,
which can be specified using '-c', '-C' (or '-D')
- kzonesign: added automatic configuration file detection and '-C' parameter
for configuration DB specificaion
- kzonesign: all CPU threads are used for DNSSEC validation
- libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765
- libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780
- libknot: reduced memory consumption of the XDP mode
- libknot: XDP filter supports up to 256 NIC queues
- kxdpgun: new options for specifying source and remote MAC addresses
- utils: extended logging of LMDB-related errors
- utils: improved error outputs
- kdig: query has AD bit set by default
- doc: various improvements
Bugfixes:
- knotd: zone changeset is stored to journal even if disabled
- knotd: journal not applied to zone file if zone file changed during reload
- knotd: possible out-of-order processing or postponed zone events to far future
- knotd: incorrect TTL is used if updated RRSet is empty over control interface
- knotd/libs: serial arithmetics not used for RRSIG expiration processing
- knsupdate: incorrect RRTYPE in the question section
Compatibility:
- knotd: default value for 'zone.journal-max-depth' was lowered to 20
- knotd: default value for 'policy.nsec3-iterations' was lowered to 0
- knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL
- knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low
- knotd: configuration option 'server.listen-xdp' has no effect
- knotd: new configuration check on deprecated DNSSEC algorithm
- knotc: new '-e' parameter for full zone status output
- keymgr: new '-e' parameter for full key list output
- keymgr: brief key listing mode is enabled by default
- keymgr: renamed parameter '-d' to '-D'
- knsupdate: default TTL is set to 3600
- knsupdate: default zone is empty
- kjournalprint: renamed parameter '-c' to '-H'
- python/libknot: removed compatibility with Python 2
Packaging:
- systemd: removed knot.tmpfile
- systemd: added some hardening options
- distro: Debian 9 and Ubuntu 16.04 no longer supported
- distro: packages for CentOS 7 are built in a separate COPR repository
- kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils
Knot DNS 3.1.9 (2022-08-10)
Improvements:
- knotd: new configuration checks on unsupported catalog settings
- knotd: semantic check issues have notice log level in the soft mode
- keymgr: command generate-ksr automatically sets 'from' parameter to last
offline KSK records' timestamp if it's not specified
- keymgr: command show-offline starts from the first offline KSK record set
if 'from' parameter isn't specified
- kcatalogprint: new parameters for filtering catalog or member zone
- mod-probe: default rate limit was increased to 100000
- libknot: default control timeout was increased to 30 seconds
- python/libknot: various exceptions are raised from class KnotCtl
- doc: some improvements
Bugfixes:
- knotd: incomplete outgoing IXFR is responded if journal history is inconsistent
- knotd: manually triggered zone flush is suppressed if disabled zone synchronization
- knotd: failed to configure XDP listen interface without port specification
- knotd: de-cataloged member zone's file isn't deleted #805
- knotd: member zone leaks memory when reloading catalog during dynamic configuration change
- knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei)
- knotd: server crashes during shutdown if PKCS #11 keystore is used
- keymgr: command del-all-old isn't applied to all keys in the removed state
- kxdpgun: user specified network interface isn't used
- libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins)
Knot DNS 3.1.8 (2022-04-28)
Features:
- knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl')
- knotd: new soft zone semantic check mode for allowing defective zone loading
- knotc: added zone transfer freeze state to the zone status output
Improvements:
- knotd: added configuration check for serial policy of generated catalogs
Bugfixes:
- knotd/libknot: the server can crash when validating a malformed TSIG record
- knotd: outgoing zone transfer freeze not preserved during server reload
- knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790
- knotd: zone refresh not started if planned during server reload
- knotd: generated catalogs can be queried over UDP
- knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 1 Jan 2023 14:07:14 +0000 (15:07 +0100)]
lcms2: Update to version 2.14
- Update from version 2.13.1 to 2.14
- Update of rootfile
- Changelog
2.14 Featured release
lcms2 now implements ICC specification 4.4
New multi-threaded plug-in
several fixes to keep fuzzers happy
Remove check on DLL when CMS_NO_REGISTER_KEYWORD is used
Added more validation against broken profiles
Add more help to several tools
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sun, 1 Jan 2023 14:07:15 +0000 (15:07 +0100)]
less: Update to version 608
- Update from version 590 to 608
- Update of rootfile not required
- Changelog
Major changes between "less" versions 590 and 608
* Add the --header option (github #43).
* Add the --no-number-headers option (github #178).
* Add the --status-line option.
* Add the --redraw-on-quit option (github #36).
* Add the --search-options option (github #213).
* Add the --exit-follow-on-close option (github #244).
* Add 'H' color type to set color of header lines.
* Add #version conditional to lesskey.
* Add += syntax to variable section in lesskey files.
* Allow option name in -- command to end with '=' in addition to '\n'.
* Add $HOME/.config to possible locations of lesskey file (github #153).
* Add $XDG_STATE_HOME and $HOME/.local/state to possible locations
of history file (github #223).
* Don't read or write history file in secure mode (github #201).
* Fix display of multibyte and double-width chars in prompt.
* Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08
(github #188).
* Add more \k codes to lesskey format.
* Fix bug when empty file is modified while viewing it.
* Fix bug when parsing a malformed lesskey file (githb #234).
* Fix bug scrolling history when --incsearch is set (github #214).
* Fix buffer overflow when invoking lessecho with more than 63 -m/-n
options (github #198).
* Fix buffer overflow in bin_file (github #271).
* Fix bug restoring color at end of highlighted text.
* Fix bug in parsing lesskey file.
* Defer moving cursor to lower left in some more cases.
* Suppress TAB filename expansion in some cases where it doesn't make sense.
* Fix termlib detection when compiler doesn't accept
calls to undeclared functions.
* Fix bug in input of non-ASCII characters on Windows (github #247)
* Escape filenames when invoking LESSCLOSE.
* Fix bug using multibyte UTF-8 char in search string
with --incsearch (github #273).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Sat, 17 Dec 2022 12:14:26 +0000 (13:14 +0100)]
samba: Update to version 4.17.4
- Update from version 4.17.3 to 4.17.4
- Update of rootfile (Only the x86_64 rootfile updated with this patch)
- Changelog
Release Notes for Samba 4.17.4
This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
RC4-HMAC Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac
session keys for use between modern clients and servers
despite all modern Kerberos implementations supporting
the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy' would force
rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
o CVE-2022-37967: This is the Samba CVE for the Windows
Kerberos Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained
delegation permission could forge a more powerful
ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
same algorithms as rc4-hmac cryptography in Kerberos,
and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
Note that there are several important behavior changes
included in this release, which may cause compatibility problems
interacting with system still expecting the former behavior.
Please read the advisories of CVE-2022-37966,
CVE-2022-37967 and CVE-2022-38023 carefully!
samba-tool got a new 'domain trust modify' subcommand
This allows "msDS-SupportedEncryptionTypes" to be changed
on trustedDomain objects. Even against remote DCs (including Windows)
using the --local-dc-ipaddress= (and other --local-dc-* options).
See 'samba-tool domain trust modify --help' for further details.
smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
allow nt4 crypto Deprecated no
allow nt4 crypto:COMPUTERACCOUNT New
kdc default domain supported enctypes New (see manpage)
kdc supported enctypes New (see manpage)
kdc force enable rc4 weak session keys New No
reject md5 clients New Default, Deprecated Yes
reject md5 servers New Default, Deprecated Yes
server schannel Deprecated Yes
server schannel require seal New, Deprecated Yes
server schannel require seal:COMPUTERACCOUNT New
winbind sealed pipes Deprecated Yes
Changes since 4.17.3
o Jeremy Allison <jra@samba.org>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15237: CVE-2022-37966.
* BUG 15258: filter-subunit is inefficient with large numbers of knownfails.
o Ralph Boehme <slow@samba.org>
* BUG 15240: CVE-2022-38023.
* BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.
o Stefan Metzmacher <metze@samba.org>
* BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
Windows.
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
vulnerability.
* BUG 15206: libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4().
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15230: Memory leak in snprintf replacement functions.
* BUG 15237: CVE-2022-37966.
* BUG 15240: CVE-2022-38023.
* BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression).
o Noel Power <noel.power@suse.com>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Anoop C S <anoopcs@samba.org>
* BUG 15198: Prevent EBADF errors with vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15237: CVE-2022-37966.
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15257: Stack smashing in net offlinejoin requestodj.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15231: CVE-2022-37967.
* BUG 15237: CVE-2022-37966.
o Nicolas Williams <nico@twosigma.com>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
projects / people / pmueller / ipfire-2.x.git / log
