Adolf Belka [Tue, 26 Sep 2023 13:24:09 +0000 (15:24 +0200)]
python3-gobject3: Update to version 3.46.0-1
- IPFire-3.x
- Update from version 3.42.2-2 to 3.46.0-1
- Changelog
3.46.0
build: Drop Python 3.7 support !238
build: Require glib 2.64 and gobject-introspection 1.64 !243
Add support for Python 3.12 (minor test fixes) !247
Drop GTK 2 support (after being effectively unsupported for 12 years) !182
meson: Require meson 0.56.0 !220
meson: Set PYTHONPATH in devenv !235
meson: define pycairo_dep in case pycairo=disabled !242
meson: Use pycairo from target python before pkg-config !223
Complete the PEP-451 implementation in gi.importer !229
Replace usage of deprecated FFI closure API !241
Fix invalid marshalling in some cases for boxed values, for example with
Gtk.StyleContext.get_property() !213
Consistent setting of enum and flag property !192
Fix docstring for methods that return an array and have a length (out)
argument !249
overrides: Fix incompatibility for CssProvider.load_from_data()
(GTK 4.10) !231
overrides: Allow Gdk.{Color,RGBA} instances to be compared with other
objects !233
overrides: Add overrides for Gdk.FileList in Gdk-4.0 !245
docs: Fix underline too short warning !246
docs: Fix build failure due to extlinks with Sphinx 6 !244
docs: List additional projects using PyGObject !230
docs: Update Development Environment Docs !232
docs: Update docs and code examples to GTK 4 !215
3.44.1
Fix tests with glib 2.76 !240
3.44.0
No changes compared to 3.43.1
3.43.1
Note: PyGObject is in need of more maintainers, please read
https://www.bassi.io/articles/2022/12/02/on-pygobject/
Note: This is an unstable release.
Drop support for Python 3.6 !184
meson: bump minimum version to 0.53.0 and update subprojects !227
gimodule: fix floating state of python objects created with g_object_new
!129
Gtk.Template: Accept PathLike objects as a filename !195
info: Show which type/object callables are bound to !194
IntrospectionModule: handle two threads loading type at same time !149
Port to Py_TRASHCAN_BEGIN !226
Other cleanups/improvements: !181 !173
This release also includes all changes from 3.42.1 and 3.42.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 26 Sep 2023 13:24:08 +0000 (15:24 +0200)]
python3-docutils: Update to version 0.20.1
- IPFire-3.x
- Update from version 0.19-1 to 0.20.1-1
- Changelog
0.20.1 (2023-05-17)
Bugfix release. See HISTORY for details.
0.20 (2023-05-04)
Docutils 0.20 is the last version supporting Python 3.7 and 3.8.
General
Support Python 3.11 (patch #198 by Hugo van Kemenade).
Output changes:
HTML5:
Use dpub-ARIA role "doc-footnote" (instead of ARIA role "note") for
footnotes.
LaTeX:
Do not load the inputenc package in UTF-8 encoded LaTeX sources.
(UTF-8 is the default encoding for LaTeX2e since 2018).
Configuration changes:
Settings in the [latex2e writer] configuration file section are now
ignored by the "xetex" writer. Place common settings in section
[latex writers].
New command line setting output. Obsoletes the <destination>
positional argument (cf. future changes).
utils.find_file_in_dirs() now returns a POSIX path also on Windows;
utils.get_stylesheet_list() no longer converts \ to /.
docutils/languages/ docutils/parsers/rst/languages/
Support Ukrainian. Patch by Dmytro Kazanzhy.
test/coverage.sh
Removed. Use the coverage.py project instead, coverage run
test/alltests.py and coverage report.
tools/
Moved quicktest.py to tools/dev/.
Bugfixes and improvements (see HISTORY).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 26 Sep 2023 13:24:07 +0000 (15:24 +0200)]
python3-dns: Update to version 2.4.2-1
- IPFire-3.x
- Update from version 2.3.0-1 to 2.4.2-1
- Changelog
2.4.2
Async queries could wait forever instead of respecting the timeout if
the timeout was 0 and a packet was lost. The timeout is now respected.
Restore HTTP/2 support which was accidentally broken during the https
refactoring done as part of 2.4.0.
When an inception time and lifetime are specified, the signer now sets
the expiration to the inception time plus lifetime, instead of the
current time plus the lifetime.
2.4.1
Importing dns.dnssecalgs without the cryptography module installed no
longer causes an ImportError.
A number of timeout bugs with the asyncio backend have been fixed.
DNS-over-QUIC for the asyncio backend now works for IPv6.
Dnspython now enforces that the candidate DNSKEYs for DNSSEC signatures
have protocol 3 and have the ZONE flag set. This is a standards
compliance issue more than a security issue as the legitimate authority
would have to have published the non-compliant keys as well as updated
their DS record in order for the records to validate (the DS digest
includes both flags and protocol). Dnspython will not make invalid keys
by default, but does allow them to be created and used for testing
purposes.
Dependency specifications for optional features in the package metadata
have been improved.
2.4.0
Python 3.8 or newer is required.
The stub resolver now uses instances of dns.nameserver.Nameserver to
represent remote recursive resolvers, and can communicate using DNS
over UDP/TCP, HTTPS, TLS, and QUIC. In additional to being able to
specify an IPv4, IPv6, or HTTPS URL as a nameserver, instances of
dns.nameserver.Nameserver are now permitted.
The DNS-over-HTTPS bootstrap address no longer causes URL rewriting.
DNS-over-HTTPS now only uses httpx; support for requests has been
dropped. A source port may now be supplied when using httpx.
DNSSEC zone signing with NSEC records is now supported. Thank you very
much (again!) Jakob Schlyter!
The resolver and async resolver now have the try_ddr() method, which
will try to use Discovery of Designated Resolvers (DDR) to upgrade the
connection from the stub resolver to the recursive server so that it
uses DNS-over-HTTPS, DNS-over-TLS, or DNS-over-QUIC. This feature is
currently experimental as the standard is still in draft stage.
The resolver and async resolver now have the make_resolver_at() and
resolve_at() functions, as a convenience for making queries to specific
recursive servers.
Curio support has been removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 26 Sep 2023 13:24:06 +0000 (15:24 +0200)]
python3-cairo: Update to version 1.24.0-1
- IPFire-3.x
- Update from version 1.23.0-2 to 1.24.0-1
- Changelog
1.24.0
Dropped Python 3.7 support
Bumped meson version requirement from 0.53.0 to 0.56.0
Various cairo dependency updates for the Windows wheel build
examples: update to GTK4 #pr-307
examples: add a clip_image example #pr-316
docs: fix the build with Sphinx 6 #pr-318
Various code cleanups #pr-306
Added Python 3.12 Windows wheels
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 18:43:30 +0000 (20:43 +0200)]
python3-pytz: Update to version 2023.3
- IPFire-3.x
- Update from version 2022.6 to 2023.3
- As for python3-setuptools the source_dl had to be updated for the new version of pytz
- Changelog - no info on the changes could be found but it seems to follow what tzdata
updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 18:34:16 +0000 (20:34 +0200)]
python3-setuptools: Update to version 68.2.2-1
- IPFire-3.x
- Update from version 65.6.3-1 to 68.2.2-1
- arches = noarch had to be removed otherwise the build came up with the error message that
python3-setuptools could not be built for x86_64 and failed. Removing that line allowed
the build to complete successfully. All the other python3 packages that I checked did not
have that line in them.
- The source_dl line required a change for the new version as the url is not maintained with
the same structure for each version.
- Changelog is too large to include here. Details can be read at the following link
https://setuptools.pypa.io/en/stable/history.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 15:48:08 +0000 (17:48 +0200)]
rhash: Update to version 1.4.4-1
- IPFire-3.x
- Update from version 1.4.3-1 to 1.4.4-1
- Changelog
1.4.4
New option --unverified to print unverified files
New option --missing to print missing files
New printf-format directive '%d' to print file directory
Print the algorithms being calculated on -vv
Renamed --maxdepth option to --max-depth
Support leading and trailing spaces in a file names
Support escaping of special characters in file paths
Change the simple file format to fit the sfv format
LibRHash: Remove obsolete rhash_timer functions (API breaking change)
Bugfix: Fix slash usage with wilcards on Windows
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 15:48:07 +0000 (17:48 +0200)]
python3-tornado: Update to version 6.3.3-1
- IPFire-3.x
- Update from version 6.2.0-1 to 6.3.3-1
- Changelog
6.3.3
The Content-Length header and chunked Transfer-Encoding sizes are now parsed
more strictly (according to the relevant RFCs) to avoid potential
request-smuggling vulnerabilities when deployed behind certain proxies.
6.3.2
Fixed an open redirect vulnerability in StaticFileHandler under certain
configurations.
6.3.1
RequestHandler.set_cookie once again accepts capitalized keyword arguments
for backwards compatibility. This is deprecated and in Tornado 7.0 only
lowercase arguments will be accepted.
6.3.0
Highlights¶
The new Application setting xsrf_cookie_name can now be used to take
advantage of the __Host cookie prefix for improved security. To use it,
add {"xsrf_cookie_name": "__Host-xsrf", "xsrf_cookie_kwargs":
{"secure": True}} to your Application settings. Note that this feature
currently only works when HTTPS is used.
WSGIContainer now supports running the application in a
ThreadPoolExecutor so the event loop is no longer blocked.
AsyncTestCase and AsyncHTTPTestCase, which were deprecated in Tornado
6.2, are no longer deprecated.
WebSockets are now much faster at receiving large messages split into
many fragments.
General changes¶
Python 3.7 is no longer supported; the minimum supported Python version
is 3.8. Python 3.12 is now supported.
To avoid spurious deprecation warnings, users of Python 3.10 should
upgrade to at least version 3.10.9, and users of Python 3.11 should
upgrade to at least version 3.11.1.
Tornado submodules are now imported automatically on demand. This means
it is now possible to use a single import tornado statement and refer
to objects in submodules such as tornado.web.RequestHandler.
Deprecation notices¶
In Tornado 7.0, tornado.testing.ExpectLog will match WARNING and above
regardless of the current logging configuration, unless the level
argument is used.
RequestHandler.get_secure_cookie is now a deprecated alias for
RequestHandler.get_signed_cookie. RequestHandler.set_secure_cookie is
now a deprecated alias for RequestHandler.set_signed_cookie.
RequestHandler.clear_all_cookies is deprecated. No direct replacement is
provided; RequestHandler.clear_cookie should be used on individual
cookies.
Calling the IOLoop constructor without a make_current argument, which
was deprecated in Tornado 6.2, is no longer deprecated.
AsyncTestCase and AsyncHTTPTestCase, which were deprecated in Tornado
6.2, are no longer deprecated.
AsyncTestCase.get_new_ioloop is deprecated.
tornado.auth¶
New method GoogleOAuth2Mixin.get_google_oauth_settings can now be
overridden to get credentials from a source other than the Application
settings.
tornado.gen¶
contextvars now work properly when a @gen.coroutine calls a native
coroutine.
tornado.options¶
parse_config_file now recognizes single comma-separated strings (in
addition to lists of strings) for options with multiple=True.
tornado.web¶
New Application setting xsrf_cookie_name can be used to change the name
of the XSRF cookie. This is most useful to take advantage of the
__Host- cookie prefix.
RequestHandler.get_secure_cookie and RequestHandler.set_secure_cookie
(and related methods and attributes) have been renamed to
get_signed_cookie and set_signed_cookie. This makes it more explicit
what kind of security is provided, and avoids confusion with the
Secure cookie attribute and __Secure- cookie prefix. The old names
remain supported as deprecated aliases.
RequestHandler.clear_cookie now accepts all keyword arguments accepted
by set_cookie. In some cases clearing a cookie requires certain
arguments to be passed the same way in which it was set.
RequestHandler.clear_all_cookies now accepts additional keyword
arguments for the same reason as clear_cookie. However, since the
requirements for additional arguments mean that it cannot reliably
clear all cookies, this method is now deprecated.
tornado.websocket¶
It is now much faster (no longer quadratic) to receive large messages
that have been split into many fragments.
websocket_connect now accepts a resolver parameter.
tornado.wsgi¶
WSGIContainer now accepts an executor parameter which can be used to
run the WSGI application on a thread pool.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 15:48:06 +0000 (17:48 +0200)]
python3-setproctitle: Update to version 1.3.2-1
- IPFire-3.x
- Update from version 1.3.1-1 to 1.3.2-1
- Changelog
1.3.2
Restore import-time initialization of macOS to avoid crash on thread+fork
(issue #113).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 15:48:05 +0000 (17:48 +0200)]
python3-psutil: Update to version 5.9.5-1
- IPFirer-3.x
- Update from version 5.9.4-1 to 5.9.5-1
- Changelog
5.9.5
**Enhancements**
- 2196_: in case of exception, display a cleaner error traceback by hiding the
`KeyError` bit deriving from a missed cache hit.
- 2217_: print the full traceback when a `DeprecationWarning` or `UserWarning`
is raised.
- 2230_, [OpenBSD]: `psutil.net_connections`_ implementation was rewritten
from scratch:
- We're now able to retrieve the path of AF_UNIX sockets (before it was an
empty string)
- The function is faster since it no longer iterates over all processes.
- No longer produces duplicate connection entries.
- 2238_: there are cases where `Process.cwd()`_ cannot be determined
(e.g. directory no longer exists), in which case we returned either ``None``
or an empty string. This was consolidated and we now return ``""`` on all
platforms.
- 2239_, [UNIX]: if process is a zombie, and we can only determine part of the
its truncated `Process.name()`_ (15 chars), don't fail with `ZombieProcess`_
when we try to guess the full name from the `Process.cmdline()`_. Just
return the truncated name.
- 2240_, [NetBSD], [OpenBSD]: add CI testing on every commit for NetBSD and
OpenBSD platforms (python 3 only).
**Bug fixes**
- 1043_, [OpenBSD] `psutil.net_connections`_ returns duplicate entries.
- 1915_, [Linux]: on certain kernels, ``"MemAvailable"`` field from
``/proc/meminfo`` returns ``0`` (possibly a kernel bug), in which case we
calculate an approximation for ``available`` memory which matches "free"
CLI utility.
- 2164_, [Linux]: compilation fails on kernels < 2.6.27 (e.g. CentOS 5).
- 2186_, [FreeBSD]: compilation fails with Clang 15. (patch by Po-Chuan
Hsieh)
- 2191_, [Linux]: `disk_partitions()`_: do not unnecessarily read
/proc/filesystems and raise `AccessDenied`_ unless user specified
`all=False` argument.
- 2216_, [Windows]: fix tests when running in a virtual environment (patch by
Matthieu Darbois)
- 2225_, [POSIX]: `users()`_ loses precision for ``started`` attribute (off by
1 minute).
- 2229_, [OpenBSD]: unable to properly recognize zombie processes.
`NoSuchProcess`_ may be raised instead of `ZombieProcess`_.
- 2231_, [NetBSD]: *available* `virtual_memory()`_ is higher than *total*.
- 2234_, [NetBSD]: `virtual_memory()`_ metrics are wrong: *available* and
*used* are too high. We now match values shown by *htop* CLI utility.
- 2236_, [NetBSD]: `Process.num_threads()`_ and `Process.threads()`_ return
threads that are already terminated.
- 2237_, [OpenBSD], [NetBSD]: `Process.cwd()`_ may raise ``FileNotFoundError``
if cwd no longer exists. Return an empty string instead.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 15:48:04 +0000 (17:48 +0200)]
python3-parted-3.13.0-1
- IPFire-3.x
- Update from vesrion 3.12.0-1 to 3.13.0-1
- Changelog
3.13.0
Help the _ped module garbage collection in the test suite (dcantrell)
Use 'return NULL' rather than 'return (PyObject *) NULL' in pydisk.c
(dcantrell)
Use Py_VISIT() in *_traverse() functions (dcantrell)
Free allocated memory for temporary string buffers (dcantrell)
Use Py_RETURN_NONE through the _ped module code (dcantrell)
Coding style updates for the C code. (dcantrell)
Some minor cleanups for the test case code (dcantrell)
Remove DeprecationWarning in py_ped_constraint_duplicate() (dcantrell)
Drop remaining Python 2.x handling from the Makefile (dcantrell)
drop six (pgajdos)
Reformat all Python source code using Python black (dcantrell)
Update the AUTHORS file (dcantrell)
Replace outdated Red Hat sample GPLv2+ boilerplates (dcantrell)
Add support for loongarch (mahailiang)
tests: Add PARTITION_LINUX_HOME to flag tests (bcl)
Add support for no_automount partition flag (bcl)
Add new disk types - disk uuid and partition uuid (bcl)
tests: Remove feature values from DiskTypeStrTestCase (bcl)
Add tests for high level partition type ID / UUID (berrange)
Add tests for low level partition type ID / UUID (berrange)
Add test base class helper for re-opening the device (berrange)
Add test base class for GPT partitions (berrange)
Fix start sector for test partition (berrange)
Add example for viewing and changing GPT partition type UUID (berrange)
Accept device path via argv for partition dump example (berrange)
Add type ID / UUID to partition dump example (berrange)
Map partition type ID / UUID accessors to Partition class (berrange)
Bind low level APIs for type ID and UUID accessors (berrange)
tests: Remove DeviceFreeAllTestCase (bcl)
Add support for new libparted disk type features in parted-3.5 (dcantrell)
Small Makefile updates (dcantrell)
Remove .travis.yml file (dcantrell)
Rename COPYING to LICENSE (dcantrell)
A few minor updates to README.md (dcantrell)
Change README to README.md (dcantrell)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 21 Sep 2023 17:01:35 +0000 (17:01 +0000)]
hwloc: Update to 2.9.3
This patch also fixes the testsuite by disabling the gather topology
test which runs fine in the hosted build environment, but fails on my
own build VM.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 13:18:08 +0000 (15:18 +0200)]
squid: Update to version 6.3-1
- IPFire-3.x
- Update from version 5.7-2 to 6.3-1
- Changelog
6.3 (03 Sep 2023):
- Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
- Bug 4981: Work around in-call job invalidation bugs
- basic_smb_lm_auth: fix 'no previous declaration' warnings
- CacheManager: require /squid-internal-mgr/ URL path prefix
- ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
- ... and some documentation changes
6.2 (06 Aug 2023):
- Bug 5187: Work around REQMOD satisfaction regression
- Bug 5290: pure virtual call in Ftp::Client constructor
- Fix memory leak when reconfiguring multiline all-of ACLs
- ... and a lot of code cleanups
- ... and some portability fixes on GNU/Hurd and MSWindows
6.1 (06 Jul 2023):
- Bug 5278: Log %err_code for "early" request handling errors
- Do not cache (and do not serve cached) cache manager responses
- Fix key equality comparison in LookupTable map
- Honor DNS RR TTLs larger than negative_dns_ttl
- ... and some documentation changes
6.0.3 (07 Jun 2023):
- Bug 5148: Log %Ss of failed tunnels as TCP_TUNNEL
- Do not leak Security::CertErrors created in X509_verify_cert()
- Do not erase aborted StoreMap entries that are still being read
- Fix build in environments lacking syslog
- Fix build failures in some environments due to time_t type conflicts in libdebug
- Remove obsolete caddr_t
- ... and some documentation changes
6.0.2 (30 Apr 2023):
- Avoid excessive disk I/O in some environments
- ... and several build and portability fixes
- ... and all fixes from 5.9
6.0.1 (28 Feb 2023):
- Bug 5256: Intercepting port fails to accept
- Bug 5241: Block all non-localhost requests by default
- Bug 5241: Block to-localhost, to-link-local requests by default
- Bug 5232: Fix GCC v12 build [-Wuse-after-free]
- Bug 5211: support.cc:355: "!filledCheck->sslErrors" assertion
- Bug 5194: Remove all unused debug sections
- Bug 5162: mgr:index URL do not produce MGR_INDEX template
- Bug 5129 pt1: remove Lock use from HttpRequestMethod
- Bug 5128: Translation: Fix % i typo in es/ERR_FORWARDING_DENIED
- Bug 5021: Add a script to fix spelling error with codespell
- Bug 4946: client_side_request.cc: "request != newRequest"
- Bug 4832: '!schemeAccess' assertion on exit
- Bug 4572: squidclient: Remove deprecated cache_object:// support
- Bug 4528: ICAP transactions quit on async DNS lookups
- Add scripts/trace-context.pl: a debugging tool
- Remove cache_diff tool
- Remove membanger tool
- Remove pconn-banger tool
- Remove recv-announce tool
- Remove send-announce tool
- Remove tcp-banger* tools
- Remove ufsdump tool
- Remove support for Gopher protocol
- Remove support for unused libbsd
- Remove bundled GnuRegex library
- Remove CPU profiler mechanism
- Remove leakfinder (--enable-leakfinder)
- Remove --enable-kill-parent-hack
- Remove --disable-loadable-modules
- Remove unused/disabled/broken LEAK_CHECK_MODE code
- Remove SCO 3.2 support
- Remove m88k-specific support
- Remove NeXTSTEP support
- Remove HPUX compiler support
- Remove CBDATA debugging
- Require C++17
- cachemgr.cgi: Remove deprecated cache_object:// support
- ext_kerberos_ldap_group_acl: Support -b with -D
- ext_lm_group_acl: Improved username handling
- negotiate_wrapper: ensure null-termination of strings
- pinger: Fix MAX_PKT{4,6}_SZ to account for icmpEchoData padding
- HTTP: Replaced X-Cache and X-Cache-Lookup headers with Cache-Status
- HTTP: Update Host, Via, and other headers in-place when possible
- HTTP: Update status code 413 compliance
- RFC 9110: Reject different HTTP requests with unusual framing
- RFC 9111: Stop treating Warning specially
- RFC 9113: update documentation references
- RFC 9218: Priority header registration
- SSL-Bump: Remove step2+ stare-and-splice and peek-and-bump support
- TLS: Do not send more than one self-signed certificate
- TLS: Sort CA certificates in tls-cert=bundle
- TLS: Preserve configured order of intermediate CA certificate chain
- WCCP: Validate packets better
- CI: Support "negative" squid-conf-tests
- CI: Maintenance: Support custom astyle versions
- CI: test-builds.sh: in case of error dump full log
- CI: Add --progress option to test-builds.sh
- CI: Change time_units test to also work on 32bit systems
- CI: Maintenance: Update astyle version to 3.1
- Add cache_log_message directive
- Add paranoid_hit_validation directive
- Add tls_key_log to report TLS communication secrets
- Add %busy_time logformat code
- Add %transport::>connection_id logformat code
- Add %request_attempts logformat code
- Warn about some bad from-helper annotations
- Ban acl key changes in req_header, rep_header, and note ACLs
- Optimize ephemeral port reuse with IP_BIND_ADDRESS_NO_PORT
- Honor httpd_suppress_version_string in more contexts
- Honor ftp_port worker-queues option
- Log early level-0/1 debugs() messages to cache_log
- Support reliable zeroing of sensitive buffers
- Do not overwrite caching bans
- Do not blame cache_peer for 4xx CONNECT responses
- Mimic GET reforwarding decisions when our CONNECT fails
- Discarded connections do not contribute to forward_max_tries
- Honor assertions during shutdown
- Do not stop listening after "ERROR: NAT/TPROXY lookup failed..."
- Do not skip problematic regexes in ACLs
- Improve coredump_dir on FreeBSD and Solaris based OS
- Avoid reverse DNS lookups when logformat %>A is unused
- BUG: Unexpected state while connecting to ... server
- Properly track (and mark) truncated store entries
- Support "file" syntax for 'squid_error' and 'has' ACL parameters
- Allow sending "squid -k ..." signals to PID 1
- Remove bogus "found KEY_PRIVATE" WARNINGs
- Avoid "BUG #3329: Lost orphan ..." during accept problems
- Report SMP store queues state (mgr:store_queues)
- Remove 8K limit for single access.log line
- Rename ./configure option --with-libxml2 to --with-xml2
- Rename ./configure option --with-libcap to --with-cap
- Match ./configure --help parameter names with their defaults
- Remove broken -sha1 option from server_cert_fingerprint
- Fix typo in manager ACL
- Fix milliseconds in certain cache.log messages
- Fix ignore-cc/act-as-origin in wildcard split-stack ports
- Fix comm.cc:644: "address.port() != 0" assertion
- Fix StoreMap.cc "anchorAt(anchorId).reading()" assertions
- Fix double-free segmentation fault on shutdown
- Fix client_side_request.cc:2028 "request->method.id()" assertion
- Fix reconfiguration leaking tls-cert=... memory
- Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling
- Fix "mem_obj->inmem_lo == 0" assertion in StoreEntry::swapOut()
- Fix TCP keepalive
- Fix SslBump reconfiguration leaking public key memory
- Fix socket accounting for TCP accept()
- ... and many documentation changes
- ... and much code cleanup and polishing
- ... and all fixes from 5.8
5.9 (30 Apr 2023):
- Improve reply_body_max_size matching accuracy
- ... and some documentation changes
- ... and many portability fixes
5.8 (28 Feb 2023):
- Bug 5162: mgr:index URL do not produce MGR_INDEX template
- Bug 5241: Block all non-localhost requests by default
- Bug 5241: Block to-localhost, to-link-local requests by default
- ext_kerberos_ldap_group_acl: Support -b with -D
- Fix ACL type typo in req_header, rep_header key-changing ERRORs
- ... and several compile fixes
- ... and some code cleanup and polishing
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 12:38:32 +0000 (14:38 +0200)]
samba: Update to version 4.19.0-1
- IPFire-3.x
- Update from version 4.17.5-2 to 4.19.0-1
- This is a patch series together with updates to libldb, libtalloc, libtdb and
libtevent as version 4.19.0 of samba requires newer versions of all these libs.
- Changelog is a bit too large to include here.
The release notes for each of the versions can be found in the left hand
column of this link https://www.samba.org/samba/history/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 12:38:31 +0000 (14:38 +0200)]
libtevent: Update to version 0.15.0-1
- IPFire-3.x
- Update from version 0.13.0-2 to 0.15.0-1
- This version is required by samba-4.19.0
- Changelog - I could not find any changelog info on this package.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 12:38:30 +0000 (14:38 +0200)]
libtdb: Update to version 1.4.9-1
- IPFire-3.x
- Update from version 1.4.7-2 to 1.4.9-1
- This version is required by samba-4.19.0
- Changelog - I could not find any changelog info on this package.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 12:38:29 +0000 (14:38 +0200)]
libtalloc: Update to version 2.4.1-1
- IPFire-3.x
- Update from version 2.3.4-2 to 2.4.1-1
- This version is required by samba-4.19.0
- Changelog - I could not find any changelog info on this package.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 21 Sep 2023 12:38:28 +0000 (14:38 +0200)]
libldb: Update to version 2.8.0-1
- IPFire-3.x
- Update from version 2.6.1-2 to 2.8.0-1
- This version is required for samba-4.19.0
- Changelog - I could not find any changelog info anywhere. Apparently there is a
git repo for this package but I could not find it.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 20:44:19 +0000 (22:44 +0200)]
sssd: Update to version 2.9.2-1
- IPFire-3.x
- Update from version 2.8.2-2 to 2.9.2-1
- version 2.8.2-2 was failing to build.
- Initially version 2.9.2-1 failed with the same error messages.
/usr/lib/sssd/sss_analyze [INVALID-INTERPRETER]
There was also the following two messages in the log
"/usr/lib/sssd/sss_analyze: Found command python ((null))
/usr/lib/sssd/sss_analyze: Could not find path for command python"
Based on the above error I checked sss_analyze and found the following first line
"#!/usr/bin/env python" but the python program in IPFire is called python3
Added the sed line to change python to python3 and the build then was successful.
- Changelog
2.9.2
Highlights
SSSD 2.9 branch is now in long-term maintenance (LTM) phase.
General information
libkrb5-1.21 can now be used to build PAC plugin.
sssctl cert-show and cert-show cert-eval-rule can now be run as non-root
user.
Important fixes
SSSD does no longer crash if PIN is introduced but the tactile trigger
isn’t pressed during passkey authentication.
SSSD can now recover if memory-cache files under /var/lib/sss/mc where
truncated while SSSD is running.
Chaining of identical D-Bus requests that run in parallel to avoid
multiple backend queries works again.
Configuration changes
New option local_auth_policy is added to control which offline
authentication methods will be enabled by SSSD. This option is relevant
for authentication methods which have online, and offline capability
such as passkey, and smartcard authentication. The default value match
sets the offline methods to their corresponding online value. This
enables offline authentication when online kerberos pre-authentication
such as PKINIT, or passkey is supported by the backend, note that
online methods will still be attempted first. Option value only can be
used to disable online authentication entirely, or the value
enable:method to explicitly enable specific authentication methods,
e.g. enable:passkey.
Tickets Fixed
#5198 - monatomically should have been monotonically
#6733 - New covscan errors in ‘passkey’ code
#6802 - sss_certmap_test fail in v2.9.1 on Arch Linux
#6803 - [sssd] SSSD enters failed state after heavy load in the system
#6889 - Crash in pam_passkey_auth_done
#6911 - SBUS chaining is broken for getAccountInfo and other internal
D-Bus calls
2.9.1
New features
Passkey: added option to write key mapping data to file.
Important fixes
A regression was fixed that prevented autofs lookups to function
correctly when cache_first is set to True. Since this was set as a
new default value in sssd-2.9.0, it is considered as a regression.
A regression where SSSD failed to properly watch for changes in
‘/etc/resolv.conf’ when it was a symbolic link or was a relative path,
was fixed.
Tickets Fixed
#6442 - PAC errors when no PAC configured
#6652 - IPA: previously cached netgroup member is not remove correctly
after it is removed from ipa
#6659 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988
error 4 in libc-2.28.so[7f16b5e72000+1bc000]
#6718 - file_watch-tests fail in v2.9.0 on Arch Linux
#6720 - [sssd] User lookup on IPA client fails with ‘s2n get_fqlist
request failed’
#6739 - autofs mounts: Access to non-existent file very slow since 2.9.0
#6744 - sssd-be tends to run out of system resources, hitting the
maximum number of open files
#6766 - [RHEL8] sssd : AD user login problem when modify
ldap_user_name= name and restricted by GPO Policy
#6768 - [RHEL8] sssd attempts LDAP password modify extended op after
BIND failure
2.9.0
General information
sss_simpleifp library is deprecated and might be removed in further
releases. Those who are interested to keep using it awhile should
configure its build explicitly using --with-libsifp ./configure option.
“Files provider” (i.e. id_provider = files) is deprecated and might be
removed in further releases. Those who are interested to keep using it
awhile should configure its build explicitly using
--with-files-provider ./configure option. Or consider using
“Proxy provider” with proxy_lib_name = files instead.
Previously deprecated --enable-files-domain configure option, which was
used to manage default value of the enable_files_domain config option,
is now removed.
Long time unused ‘–enable-all-experimental-features’ configure option
was removed.
SSSD will no longer warn about changed defaults when using
ldap_schema = rfc2307 and default autofs mapping. This warning was
introduced in 1.14 to loudly warn about different default values.
New features
New passkey functionality, which will allow the use of FIDO2 compliant
devices to authenticate a centrally managed user locally. Moreover, in
the case of a FreeIPA user, it can also issue a Kerberos ticket
automatically with upcoming FreeIPA version 4.11.
Add support for ldapi:// URLs to allow connections to local LDAP servers
NSS IDMAP has two new methods: getsidbyusername and getsidbygroupname
Note: support for passkey is in its initial phase and the authentication
policy will be adjusted in future versions.
Packaging changes for passkey
Include passkey subpackage and dependency for libfido2.
Configuration changes for passkey
New options to enable and tune passkey behavior: pam_passkey_auth,
ldap_user_passkey, passkey_verification, passkey_child_timeout,
interactive, interactive_prompt, touch and touch_prompt.
--with-passkey is a new configuration option to enable building passkey
authentication.
Important fixes
A regression when running sss_cache when no SSSD domain is enabled
would produce a syslog critical message was fixed.
Configuration changes
Default value of cache_first option was changed to true in case SSSD
is built without files provider.
ipa_access_order parameter introduced. It behaves much like
ldap_access_order but affects IPA domains (id_provider = ipa) and
accepts limited values. Please see sssd-ipa(5) for more information.
Tickets Fixed
#5390 - sssd failing to register dynamic DNS addresses against an AD
server due to unnecessary DNS search
#6383 - sssd is not waiting for network-online.target
#6403 - Add new Active Directory related certificate mapping templates
#6404 - [RFE] Add digest mapping feature from pam_pkcs11 in SSSD
#6451 - UPN check cannot be disabled explicitly but requires
krb5_validate = false’ as a work-around
#6479 - Smart Card auth does not work with p11_uri
(with-smartcard-required)
#5080 - [RFE] - Show password expiration warning when IdM users login
with SSH keys
#5390 - sssd failing to register dynamic DNS addresses against an AD
server due to unnecessary DNS search
#6228 - Enable passkey authentication in a centralized environment
#6324 - coredump occurs when I restart sssd-ifp.service with
sssd.service is inactive
#6357 - KCM erroneously changes primary cache when renewing credentials
#6360 - [D-Bus] ListByName() returns several times the same entry
#6361 - [D-Bus] ListByName() fails when not using wildcards
#6383 - sssd is not waiting for network-online.target
#6387 - Fatal errors in log during Anaconda installation:
“CRIT sss_cache:No domains configured, fatal error!”
#6398 - [D-Bus] Groups.ListByName() and Groups.ListByDomainAndName()
not working
#6403 - Add new Active Directory related certificate mapping templates
#6404 - [RFE] Add digest mapping feature from pam_pkcs11 in SSSD
#6451 - UPN check cannot be disabled explicitly but requires
krb5_validate = false’ as a work-around
#6465 - SBUS:A core dump occurs when dbus_server_get_address()
#6477 - changing password with ldap_password_policy = shadow does not
take effect immediately
#6479 - Smart Card auth does not work with p11_uri
(with-smartcard-required)
#6487 - implicit declaration of function fgetpwent in test_negcache_2.c
#6505 - SSS_CLIENT: general library destructor should cancel
thread-at-exit destructors
#6531 - FAST/OTP with Anonymous PKINIT - oddly requires a keytab to
exist (can be a bogus keytab)
#6544 - AD: Nested group processing can fail or return invalid members
(security issue)
#6548 - sssd-ipa
#6551 - passkey_child cannot be used to register passkey due to too
strict permissions
#6558 - enabling passkey authentication breaks idp support
#6565 - Improvement: sss_client: add ‘getsidbyusername()’ and
‘getsidbygroupname()’ and corresponding python bindings
#6588 - Integration Tests:The sssd_hosts module is missing in release
tarball
#6592 - pid wrapping caused sss_cli_check_socket to close the file
descriptor opened by the process
#6600 - [sssd] Auth fails if client cannot speak to forest root domain
(ldap_sasl_interactive_bind_s failed)
#6610 - BUILD: Clear compilation alarms.
#6612 - MIT Kerberos confusion over password expiry
#6617 - filter_groups doesn’t filter GID from ‘id’ output: AD +
‘ldap_id_mapping = True’ corner case
#6626 - Unable to lookup AD user from child domain
(or “make filtering of the domains more configurable”)
#6635 - sss allows extraneous @ characters prefixed to username
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 17:58:37 +0000 (19:58 +0200)]
shadow-utils: Update to version 4.14.0-1
- IPFire-3.x
- Update from version 4.13-2 to 4.14.0-1
- The build now has --with-libbsd as default yes so --without-libbsd has been added
so that it uses its own readpassphrase code as previously.
- Changelog
4.14.0
This release includes some steps toward preparing for the Y2038 (e.g.
removing lastlog conditionally), a great deal of removal of obsolete
function checks (like rmdir), and overhaul of some string manipulation
functions, of which there is more to come. And a great deal more. The
abbreviated git log follows:
Serge Hallyn: configure.ac: check for strlcpy
Michael Vetter: Remove intree website
Serge Hallyn: 4.14.0-rc4 pre-release
Serge Hallyn: Releases: add etc/shadow-maint to distfiles
Serge Hallyn: 4.14.0-rc3
Iker Pedrosa: libmisc: include freezero
Iker Pedrosa: libmisc: add freezero source code
Iker Pedrosa: libmisc: add readpassphrase source code
Iker Pedrosa: configure: add with-libbsd option
Iker Pedrosa: man: include shadow-man.xsl in tarball
Iker Pedrosa: man: include its.rules in tarball
Iker Pedrosa: autogen: enable lastlog build
Christian Göttsche: Add wrapper for write(2)
Serge Hallyn: tag 4.14.0-rc2
Michael Vetter: Add new files to libmisc_la_SOURCES
Serge Hallyn: Add a make dist CI test
Serge Hallyn: 4.14.0-rc1
Serge Hallyn: remove xmalloc.c from POTFILES.in
Iker Pedrosa: logoutd: add missing <utmp.h> include
Iker Pedrosa: CI: compile old utmp interface in Fedora
Iker Pedrosa: src: add SELINUX library
Iker Pedrosa: libmisc: conditionally compile utmp.c and logind.c
Iker Pedrosa: lib: replace USER_NAME_MAX_LENGTH macro
Iker Pedrosa: libmisc: call active_sessions_count()
Iker Pedrosa: libmisc: implement active_sessions_count()
Iker Pedrosa: utmp: update update_utmp()
Iker Pedrosa: utmp: move update_utmp
Iker Pedrosa: utmp: move failtmp()
Iker Pedrosa: libmisc: implement get_session_host()
Iker Pedrosa: configure: new option enable-logind
xiongshenglan: shadow userdel: add the adaptation to the busybox ps in
01-kill_user_procs.sh
Michael Vetter: chsh: warn if root sets a shell not listed in /etc/shells
Michael Vetter: doc: mention ci workflow file to learn about deps
Serge Hallyn: man/po/Makefile: add a comment to shadow-man-pages.pot
Vegard Nossum: newgrp: fix potential string injection
Todd Zullinger: lastlog: fix alignment of Latest header
Iker Pedrosa: configure: fix lastlog check
Alan D. Salewski: subuid.5: reference newusers(8) rather than newusers(1)
Iker Pedrosa: CI: build lastlog in Fedora
Iker Pedrosa: man: conditionally build lastlog documentation
Iker Pedrosa: usermod: conditionally build lastlog functionality
Iker Pedrosa: useradd: conditionally build lastlog functionality
Iker Pedrosa: login: conditionally build lastlog functionality
Iker Pedrosa: lastlog: stop building by default
Iker Pedrosa: CI: update debian repos
Bernd Kuhls: Fix yescrypt support
Jeffrey Bencteux: chgpasswd: fix segfault in command-line options
Alejandro Colomar: gpasswd(1): Fix password leak
Alejandro Colomar: src/useradd.c: create_mail(): Cosmetic
Alejandro Colomar: src/useradd.c: create_home(): Cosmetic
Alejandro Colomar: src/useradd.c: create_home(): Cosmetic
Alejandro Colomar: src/useradd.c: create_home(): Cosmetic
Alejandro Colomar: src/useradd.c: close_group_files(): Cosmetic
Alejandro Colomar: src/useradd.c: check_uid_range(): Cosmetic
Jaroslav Jindrak: build: link passwd, chpasswd and chage against libdl
Jaroslav Jindrak: configure: check whether fgetpwent_r is available before
marking xprefix_getpwnam_r as reentrant
Jaroslav Jindrak: passwd: fall back to non-PAM code when prefix is used
Jaroslav Jindrak: chpasswd: fall back to non-PAM code when prefix is used
Jaroslav Jindrak: chpasswd: add --prefix/-P options
Jaroslav Jindrak: chage: add --prefix/-P options
Jaroslav Jindrak: passwd: Respect --prefix/-P options
Michael Vetter: prefix: add prefix support
Iker Pedrosa: strtoday: remove unnecessary cast
Alejandro Colomar: Use temporary variable
Alejandro Colomar: realloc(NULL, ...) is equivalent to malloc(...)
Alejandro Colomar: Simplify allocation APIs
Christian Göttsche: Drop alloca(3)
Christian Göttsche: usermod: fix off-by-one issues
Alejandro Colomar: libmisc/csrand.c: Update comments
Alejandro Colomar: lib/nss.c: Fix use of invalid p
Alejandro Colomar: lib/nss.c: Fix use of uninitialized p
Alejandro Colomar: Centralize error handling
Alejandro Colomar: Second verse, it gets worse; it gets no better than this
Alejandro Colomar: ROFL: Rolling on the floor looping
Alejandro Colomar: This ain't no loop
Iker Pedrosa: newusers: Improve error message
Martin Kletzander: ch(g)passwd: Check selinux permissions upon startup
Skyler Ferrante: Check if crypt_method null before dereferencing
Alejandro Colomar: xgetXXbyYY: Simplify elifs
Alejandro Colomar: xgetXXbyYY: Centralize error handling
Alejandro Colomar: xgetXXbyYY: tfix
Samanta Navarro: xgetXXbyYY: Avoid duplicated error handling block
Samanta Navarro: xgetXXbyYY: Handle DUP_FUNCTION failure
Serge Hallyn: sub_[ug]id_{add,remove}: fix return values
Martin Kletzander: usermod: Small optimization using memmove for password
unlock
Alejandro Colomar: Reorder logic to improve comprehensibility
Alejandro Colomar: newusers: Fail early
Alejandro Colomar: newusers: Add missing error handling
Samanta Navarro: libmisc: Use safer chroot/chdir sequence
Samanta Navarro: su: Prevent stack overflow in check_perms
Samanta Navarro: subsystem: Prevent endless loop
Serge Hallyn: def_load: avoid NULL deref
Serge Hallyn: def_load: split the econf from non-econf definition
Tobias Stoeckmann: Plug econf memory leaks
Samanta Navarro: chsh: Verify that login shell path is absolute
Samanta Navarro: process_prefix_flag: Drop privileges
bubu: Update French translations
Samanta Navarro: get_pid.c: Use tighter validation checks
Markus Hiereth: replace inadequate German translation of login error message
Markus Hiereth: Update German translations
Samanta Navarro: Remove some static char arrays
Samanta Navarro: commonio: Use do_lock_file again
Serge Hallyn: Fix broken docbook translations
ed neville: open with O_CREAT when lock path does not exist
Samanta Navarro: commonio_open: Remove fcntl call
Samanta Navarro: commonio_lock_nowait: Remove deprecated code
Samanta Navarro: login_prompt: Simplify login_prompt API
Samanta Navarro: login_prompt: Use _exit in signal handler
Samanta Navarro: login_prompt: Do not parse environment variables
Samanta Navarro: libmisc/yesno.c: Fix regression
Alejandro Colomar: libmisc, man: Drop old check and advice for complex
character sets in passwords
Christian Göttsche: semanage: disconnect to free libsemanage internals
Christian Göttsche: commonio: free removed database entries
ed neville: run_parts for groupadd and groupdel
lilinjie: fix typos
Alejandro Colomar: libmisc/yesno.c: Use getline(3) and rpmatch(3)
Samanta Navarro: newgrp/useradd: always set SIGCHLD to default
Serge Hallyn: Update AUTHORS to add Marek Michałkiewicz
Samanta Navarro: Read whole line in yes_or_no
Christian Göttsche: useradd/usermod: add --selinux-range argument
Alejandro Colomar: CI: Make build logs more readable
Iker Pedrosa: ci: remove explicit fedora dependencies
Iker Pedrosa: README: add reference to contribution guidelines
Iker Pedrosa: doc: add contributions introduction
Iker Pedrosa: doc: add license
Iker Pedrosa: doc: add releases
Iker Pedrosa: doc: add Continuous Integration
Iker Pedrosa: doc: add tests
Iker Pedrosa: doc: add coding style
Iker Pedrosa: doc: add build & install
Serge Hallyn: trivial: vipw.8: fix grammar
Christian Göttsche: sssd: skip flushing if executable does not exist
Christian Göttsche: Overhaul valid_field()
Martin Kletzander: semanage: Do not set default SELinux range
Michael Vetter: Fix typo in groupadd usage
Christian Göttsche: ci: update Differential ShellCheck
tomspiderlabs: Added control character check
Mike Gilbert: usermod: respect --prefix for --gid option
Alejandro Colomar: Fix su(1) silent truncation
Alejandro Colomar: Simplify is_my_tty()
Alejandro Colomar: Fix is_my_tty() buffer overrun
Alejandro Colomar: Add STRLEN(): a constexpr strlen(3) for string literals
Alejandro Colomar: Fix crash with large timestamps
Paul Eggert: Prefer strcpy(3) to strlcpy(3) when either works
Paul Eggert: Fix change_field() buffer underrun
Paul Eggert: Omit unneeded test in change_field()
Paul Eggert: Simplify change_field() by using strcpy
skyler-ferrante: Fix null dereference in basename
Iker Pedrosa: CI: script for local container build
Iker Pedrosa: CI: build project in containers
Iker Pedrosa: container: add fedora
Iker Pedrosa: container: add debian
Iker Pedrosa: container: add alpine
Iker Pedrosa: SECURITY.md: add Iker Pedrosa
Christian Göttsche: selinux: use type safe function pointer assignment
Christian Göttsche: Use strict prototype in definition
Vinícius dos Santos Oliveira: Add .editorconfig
Serge Hallyn: run_some: fix shellcheck warning
Serge Hallyn: fail on any run_some test failure
Serge Hallyn: ignore first test in run_some
Serge Hallyn: swap first two tests - does the first one still fail?
Serge Hallyn: tests: remove some github runner PATH tweaking
Alejandro Colomar: tests: Support git-worktree(1)
Serge Hallyn: tests: newuidmap and newgidmap: update expected fail message
Serge Hallyn: libsubid: include alloc.h
Serge Hallyn: run_some: log stderr
Vinícius dos Santos Oliveira: Validate fds created by the user
Serge Hallyn: get_pidfd_from_fd: return -1 on error, not 0
Serge Hallyn: g-h-a workflow: workaround
Serge Hallyn: Fix regression in some translation strings
Iker Pedrosa: lib: bit_ceil_wrapul(): stop recursion
Iker Pedrosa: lib: define ULONG_WIDTH if non-existent
maqi: Update translation
Serge Hallyn: newuidmap and newgidmap: support passing pid as fd
Alejandro Colomar: Fix use-after-free of pointer after realloc(3)
Alejandro Colomar: Use safer allocation macros
Alejandro Colomar: libmisc: Add safer allocation macros
Alejandro Colomar: Use xreallocarray() instead of its pattern
Alejandro Colomar: Use reallocarrayf() instead of its pattern
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 17:01:16 +0000 (19:01 +0200)]
tcpdump: Update to version 4.99.4-1
- IPFire-3.x
- Update from version 4.99.1-2 to 4.99.4-1
- Changelog
4.99.4
Source code:
Fix spaces before tabs in indentation.
Updated printers:
LSP ping: Fix "Unused value" warnings from Coverity.
CVE-2023-1801: Fix an out-of-bounds write in the SMB printer.
DNS: sync resource types with IANA.
ICMPv6: Update the output to show a RPL DAO field name.
Geneve: Fix the Geneve UDP port test.
Building and testing:
Require at least autoconf 2.69.
Don't check for strftime(), as it's in C90 and beyond.
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21.
Documentation:
man: Document TCP flag names better.
4.99.3
Updated printers:
PTP: Use the proper values for the control field and print un-allocated
values for the message field as "Reserved" instead of "none".
Source code:
smbutil.c: Replace obsolete function call (asctime)
Building and testing:
cmake: Update the minimum required version to 2.8.12 (except Windows).
CI: Introduce and use TCPDUMP_CMAKE_TAINTED.
Makefile.in: Add the releasecheck target.
Makefile.in: Add "make -s install" in the releasecheck target.
Cirrus CI: Run the "make releasecheck" command in the Linux task.
Makefile.in: Add the whitespacecheck target.
Cirrus CI: Run the "make whitespacecheck" command in the Linux task.
Address all shellcheck warnings in update-test.sh.
Makefile.in: Get rid of a remain of gnuc.h.
Documentation:
Reformat the installation notes (INSTALL.txt) in Markdown.
Convert CONTRIBUTING to Markdown.
CONTRIBUTING.md: Document the use of "protocol: " in a commit summary.
Add a README file for NetBSD.
Fix CMake build to set man page section numbers in tcpdump.1
4.99.2
Updated printers:
BGP: Update cease notification decoding to RFC 9003.
BGP: decode BGP link-bandwidth extended community properly.
BGP: Fix parsing the AIGP attribute
BGP: make sure the path attributes don't go past the end of the packet.
BGP: Shutdown message can be up to 255 bytes length according to rfc9003
DSA: correctly determine VID.
EAP: fix some length checks and output issues.
802.11: Fix the misleading comment regarding "From DS", "To DS" Frame
Control Flags.
802.11: Fetch the CF and TIM IEs a field at a time.
802.15.4, BGP, LISP: fix some length checks, compiler warnings,
and undefined behavior warnings.
PFLOG: handle LINKTYPE_PFLOG/DLT_PFLOG files from all OSes on all
OSes.
RRCP: support more Realtek protocols than just RRCP.
MPLS: show the EXP field as TC, as per RFC 5462.
ICMP: redo MPLS Extension code as general ICMP Extension code.
VQP: Do not print unknown error codes twice.
Juniper: Add some bounds checks.
Juniper: Don't treat known DLT_ types as "Unknown".
lwres: Fix a length check, update a variable type.
EAP: Fix some undefined behaviors at runtime.
Ethernet: Rework the length checks, add a length check.
IPX: Add two length checks.
Zephyr: Avoid printing non-ASCII characters.
VRRP: Print the protocol name before any GET_().
DCCP: Get rid of trailing commas in lists.
Juniper: Report invalid packets as invalid, not truncated.
IPv6: Remove an obsolete code in an always-false #if wrapper.
ISAKMP: Use GET_U_1() to replace a direct dereference.
RADIUS: Use GET_U_1() to replace a direct dereference.
TCP: Fix an invalid check.
RESP: Fix an invalid check.
RESP: Remove an unnecessary test.
Arista: Refine the output format and print HwInfo.
sFlow: add support for IPv6 agent, add a length check.
VRRP: add support for IPv6.
OSPF: Update to match the Router Properties registry.
OSPF: Remove two unnecessary dereferences.
OSPF: Add support bit Nt RFC3101.
OSPFv3: Remove two unnecessary dereferences.
ICMPv6: Fix output for Router Renumbering messages.
ICMPv6: Fix the Node Information flags.
ICMPv6: Remove an unused macro and extra blank lines.
ICMPv6: Add a length check in the rpl_dio_print() function.
ICMPv6: Use GET_IP6ADDR_STRING() in the rpl_dio_print() function.
IPv6: Add some checks for the Hop-by-Hop Options header
IPv6: Add a check for the Jumbo Payload Hop-by-Hop option.
NFS: Fix the format for printing an unsigned int
PTP: fix printing of the correction fields
PTP: Use ND_LCHECK_U for checking invalid length.
WHOIS: Add its own printer source file and printer function
MPTCP: print length before subtype inside MPTCP options
ESP: Add a workaround to a "use-of-uninitialized-value".
PPP: Add tests to avoid incorrectly re-entering ppp_hdlc().
PPP: Don't process further if protocol is unknown (-e option).
PPP: Change the pointer to packet data.
ZEP: Add three length checks.
Add some const qualifiers.
Building and testing:
Update config.guess and config.sub.
Use AS_HELP_STRING macro instead of AC_HELP_STRING.
Handle some Autoconf/make errors better.
Fix an error when cross-compiling.
Use "git archive" for the "make releasetar" process.
Remove the release candidate rcX targets.
Mend "make check" on Solaris 9 with Autoconf.
Address assorted compiler warnings.
Fix auto-enabling of Capsicum on FreeBSD with Autoconf.
Treat "msys" as Windows for test exit statuses.
Clean up some help messages in configure.
Use unified diff by default.
Remove awk code from mkdep.
Fix configure test errors with Clang 15
CMake: Prevent stripping of the RPATH on installation.
AppVeyor CI: update Npcap site, update to 1.12 SDK.
Cirrus CI: Use the same configuration as for the main branch.
CI: Add back running tcpdump -J/-L and capture, now with Cirrus VMs.
Remove four test files (They are now in the libpcap tests directory).
On Solaris, for 64-bit builds, use the 64-bit pcap-config.
Tell CMake not to check for a C++ compiler.
CMake: Add a way to request -Werror and equivalents.
configure: Special-case macOS /usr/bin/pcap-config as we do in CMake.
configure: Use pcap-config --static-pcap-only if available.
configure: Use ac_c_werror_flag to force unknown compiler flags to fail.
configure: Use AC_COMPILE_IFELSE() and AC_LANG_SOURCE() for testing
flags.
Run the test that fails on OpenBSD only if we're not on OpenBSD.
Source code:
Fix some snapend-changing routines to protect against pointer
underflow.
Use __func__ from C99 in some function calls.
Memory allocator: Update nd_add_alloc_list() to a static function.
addrtoname.c: Fix two invalid tests.
Use more S_SUCCESS and S_ERR_HOST_PROGRAM in main().
Add some comments about "don't use GET_IP6ADDR_STRING()".
Assign ndo->ndo_packetp in pretty_print_packet().
Add ND_LCHECKMSG_U, ND_LCHECK_U, ND_LCHECKMSG_ZU and ND_LCHECK_ZU macros.
Update tok2strbuf() to a static function.
netdissect.h: Keep the link-layer dissectors names sorted.
setsignal(): Set SA_RESTART on non-lethal signals (REQ_INFO, FLUSH_PCAP)
to avoid corrupting binary pcap output.
Use __builtin_unreachable().
Fail if nd_push_buffer() or nd_push_snaplen() fails.
Improve code style and fix many typos.
Documentation:
Some man page cleanups.
Update the print interface for the packet count to stdout.
Note that we require compilers to support at least some of C99.
Update AIX and Solaris-related specifics.
INSTALL.txt: Add doc/README.*, delete the deleted win32 directory.
Update README.md and README.Win32.md.
Update some comments with new RFC numbers.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 17:01:15 +0000 (19:01 +0200)]
tar: Update to version 1.35-1
- IPFire-3.x
- Update from version 1.34-1 to 1.35-1
- Changelog
1.35
This is mainly a bug-fixing release.
Noteworthy changes in this release:
* Fail when building GNU tar, if the platform supports 64-bit time_t
but the build uses only 32-bit time_t.
* Leave the devmajor and devminor fields empty (rather than zero) for
non-special files, as this is more compatible with traditional tar.
Bug fixes
** Fix interaction of --update with --wildcards.
** When extracting archives into an empty directory, do not create
hard links to files outside that directory.
** Handle partial reads from regular files.
** Warn "file changed as we read it" less often.
Formerly, tar warned if the file's size or ctime changed.
However, this generated a false positive if tar read a file
while another process hard-linked to it, changing its ctime.
Now, tar warns if the file's size, mtime, user ID, group ID,
or mode changes. Although neither heuristic is perfect,
the new one should work better in practice.
** Fix --ignore-failed-read to ignore file-changed read errors
as far as exit status is concerned. You can now suppress file-changed
issues entirely with --ignore-failed-read --warning=no-file-changed.
** Fix --remove-files to not remove a file that changed while we read it.
** Fix --atime-preserve=replace to not fail if there was no need to replace,
either because we did not read the file, or the atime did not change.
** Fix race when creating a parent directory while another process is
also doing so.
** Fix handling of prefix keywords not followed by "." in pax headers.
** Fix handling of out-of-range sparse entries in pax headers.
** Fix handling of --transform='s/s/@/2'.
** Fix treatment of options ending in / in files-from list.
** Fix crash on 'tar --checkpoint-action exec=\"'.
** Fix low-memory crash when reading incremental dumps.
** Fix --exclude-vcs-ignores memory allocation misuse.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 17:01:14 +0000 (19:01 +0200)]
squashfs-tools: Update to version 4.6.1-1
- IPFire-3.x
- Update from version 4.5.1-1 to 4.6.1-1
- Changelog
4.6.1
Bug fix release to fix race condition and XATTRs code
1. Race condition which can cause corruption of the "fragment table"
fixed. This is a regression introduced in August 2022, and it has
been seen when tailend packing is used (-tailends option).
2. Fix build failure when the tools are being built without extended
attribute (XATTRs) support.
3. Fix XATTR error message when an unrecognised prefix is found
(Christian Hesse).
4. Fix incorrect free of pointer when an unrecognised XATTR prefix is
found.
4.6
Major improvements in extended attribute handling, pseudo file handling,
and miscellaneous new options and improvements
1. Extended attribute handling improved in Mksquashfs and Sqfstar
1.1.New -xattrs-exclude option to exclude extended attributes
from files using a regular expression.
1.2 New -xattrs-include option to include extended attributes
from files using a regular expression.
1.3 New -xattrs-add option to add extended attributes to files.
1.4 New Pseudo file xattr definition to add extended attributes
to files.
1.5 New xattrs-add Action to add extended attributes to files
(Mksquashfs only).
2. Extended attribute handling improved in Unsquashfs
2.1 New -xattrs-exclude option to exclude extended attributes
from files using a regular expression.
2.2 New -xattrs-include option to include extended attributes
from files using a regular expression.
2.3 Extended attributes are now supported in Pseudo file output.
3. Other major improvements
3.1 Unsquashfs can now output Pseudo files to standard out.
3.2 Mksquashfs can now input Pseudo files from standard in.
3.3 Squashfs filesystems can now be converted (different block
size compression etc) without unpacking to an intermediate
filesystem or mounting, by piping the output of Unsquashfs
to Mksquashfs.
3.4 Pseudo files are now supported by Sqfstar.
3.5 "Non-anchored" excludes are now supported by Unsquashfs.
4. Mksquashfs minor improvements
4.1 A new -max-depth option has been added, which limits
the depth Mksquashfs descends when creating the filesystem.
4.2 A new -mem-percent option which allows memory for caches to
be specified as a percentage of physical RAM, rather than
requiring an absolute value.
4.3 A new -percentage option added which rather than generating
the full progress-bar instead outputs a percentage. This
can be used with dialog --gauge etc.
4.4 -mkfs-time, -all-time and -root-time options now take
a human date string, in addition to the seconds since
the epoch of 1970 00:00 UTC. For example "now",
"last week", "Wed Mar 8 05:55:01 GMT 2023" are supported.
4.5 -root-uid, -root-gid, -force-uid and -force-gid options now
take a user/group name in addition to the integer uid/gid.
4.6 A new -mem-default option which displays default memory
usage for caches in Mbytes.
4.7 A new -no-compression option which produces no compression,
and it is a short-cut for -noI, -noD, -noF and -noX.
4.8 A new -pseudo-override option which makes pseudo file uids
and gids override -all-root, -force-uid and -force-gid
options. Normally these options take precedence.
5. Unsquashfs minor improvements
5.1 New -all-time option which sets all file timestamps to
<time>, rather than the time stored in the filesystem
inode. <time> can be an integer indicating seconds since
the epoch (1970-01-01) or a human string value such as
"now", "last week", or "Wed Feb 15 21:02:39 GMT 2023".
5.2 New -full-precision option which uses full precision when
displaying times including seconds. Use with -linfo, -lls,
-lln and -llc options.
5.3 New -match option where Unsquashfs will abort if any
extract file does not match on anything, and can not be
resolved.
5.4 New -percentage option added which rather than generating
the full progress-bar instead outputs a percentage. This
can be used with dialog --gauge etc.
6. Sqfstar minor improvements
6.1 A new -ignore-zeros option added which allows tar files to
be concatenated together and fed to Sqfstar. Normally a
tarfile has two consecutive 512 byte blocks filled with
zeros which means EOF and Sqfstar will stop reading after
the first tar file on encountering them. This option makes
Sqfstar ignore the zero filled blocks.
6.2 A new -mem-percent option which allows memory for caches to
be specified as a percentage of physical RAM, rather than
requiring an absolute value.
6.3 A new -percentage option added which rather than generating
the full progress-bar instead outputs a percentage. This
can be used with dialog --gauge etc.
6.4 -mkfs-time, -all-time and -root-time options now take
a human date string, in addition to the seconds since
the epoch of 1970 00:00 UTC. For example "now",
"last week", "Wed Mar 8 05:55:01 GMT 2023" are supported.
6.5 -root-uid, -root-gid, -force-uid and -force-gid options now
take a user/group name in addition to the integer uid/gid.
6.6 A new -mem-default option which displays default memory
usage for caches in Mbytes.
6.7 A new -no-compression option which produces no compression,
and it is a short-cut for -noI, -noD, -noF and -noX.
6.8 A new -pseudo-override option which makes pseudo file uids
and gids override -all-root, -force-uid and -force-gid
options. Normally these options take precedence.
6.9 Do not abort if ZERO filled blocks indicating end of the
TAR archive are missing.
7. Other minor improvements
7.1 If Mksquashfs/Unsquashfs fails to execute generating the
manpages because they have been cross-compiled, fall back
to using the pre-built manpages.
7.2 Add new Makefile configure option USE_PREBUILT_MANPAGES
to always use pre-built manpages rather than generating
them when "make install" is run.
8. Major bug fixes
8.1 Following a symlink in Sqfscat or where -follow-symlinks
option is given with Unsquashfs, incorrectly triggered the
corrupted filesystem loop detection code.
8.2 In Unsquashfs if a file was not writable it could not add
extended attributes to it.
8.3 Sqfstar would incorrectly reject compressor specific
options that have an argument.
8.4 Sqfstar would incorrectly strip pathname components in PAX
header linkpath if symbolic.
8.5 Sqfstar -root-uid, -root-gid and -root-time options were
documented but not implemented.
8.6 Mksquashfs -one-file-system option would not create empty
mount point directory when filesystem boundary crossed.
8.7 Mksquashfs did not check the close() return result.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 17:01:13 +0000 (19:01 +0200)]
smartmontools: Update to version 7.4-1
- IPFire-3.x
- Update from version 7.3-1.1 to 7.4-1
- Changelog
7.4
- The docker image used for CI and release builds is now based on
Debian 12 instead of Ubuntu 18.04.
- macOS: CI and release builds are now generated for the x86_64 and arm64
targets. 32 bit platforms will require to be compiled from the source.
- smartctl '-t short', '-t long' and '-X': NVMe support.
- smartctl '-l selftest': NVMe support.
- smartctl '-l farm': Prints Seagate's vendor-specific Field Access
Reliability Metrics (FARM) log for ATA and SCSI drives.
- smartctl '-l error': Now also prints an error message for each entry
of NVMe error information log.
- smartctl '-l genstats': Prints SCSI General statistics and performance
log page.
- smartctl '-i' and '--identify': ACS-4/5/6 enhancements.
- smartctl '-c': Added NVMe 2.0 capability flags.
- smartctl '-g security': Added 'ata_security.master_password_id'
to JSON output. Plaintext output shows Master Password ID if set
to a non-default value.
- smartctl '-q noserial': Now also suppresses the output of NVMe Namespace
IEEE EUI-64.
- smartctl '-j': '-l error -l selftest' JSON output for NVMe devices.
- smartctl '-j': Avoid invalid UTF-8 sequences in JSON/YAML strings.
- smartctl '-j': Fixed a bogus exception during SCSI JSON output.
- smartctl '-j': Renamed JSON element 'scsi_temperature' back to
'temperature' (regression).
- smartctl '-a': Now suggests '-x' for ATA devices because '-a' only
provides legacy SMART information.
- smartd: No longer issues LOG_CRIT warnings if new entries of NVMe error
information log do not indicate device problems.
- smartd: Now detects accidental use of smartd_warning script as
'-M exec' parameter.
- smartd: No longer writes the 'Copyright...' line to syslog.
- smartd.conf '-M always': Sends reminder emails without any delay.
- smartd.conf '-M diminishing': Limited email delay to 32 days.
- ATA: Fixed decoding of extended self-test log on big endian hosts.
- ATA: Enhanced LBA range for device types '-d jmb39x-q,...' and
'-d jms56x,...' from 33-62 to 1-255.
- ATA: Device type '-d intelliprop,N' now fails with a deprecation message.
Added '-d intelliprop,N,force' flag to use it anyway.
- ATA/USB: Device type '-d usbasm1352r,N' for ASMedia ASM1352R USB to SATA
RAID bridges
- SCSI: Fixed possible corruption issue with the Error Counter and
Non medium Error log pages.
- SCSI: Added more "Informational Exceptions" strings.
- SCSI: Added initial support for REPORT SUPPORTED OPERATION command.
- SCSI: Initial rework of SCSI debug output.
- NVMe: Added error messages for NVMe status values.
- NVMe: Fixed crash after read of error information log on big endian hosts.
- HDD, SSD and USB additions to drive database.
- update-smart-drivedb: Fixed syntax for 'sed' versions which require
';' before '}' or do not support ';' at all.
- update-smart-drivedb: Replaced a usually not executed bashism.
- configure: Default for '--with-nvme-devicescan' is now 'yes' also on
Darwin and FreeBSD. It is still 'no' on NetBSD only.
- configure: Defines '_FORTIFY_SOURCE=3' if supported and not predefined.
- configure: No longer fails if libsystemd-dev is installed and
'LDFLAGS=-static' is used.
- Compile fix for systems without legacy 'getdtablesize()'.
- Pre-releases from SVN snapshots now show "pre-VERSION" in version
information and 'smartctl.pre_release=true' in JSON output.
- Linux: Device type '-d sssraid' for 3SNIC RAID controllers.
- Linux: Device type '-d marvell' now fails with a deprecation message.
Added '-d marvell,force' flag to use it anyway.
- Linux: The generic SCSI code now defaults to SG_IO_V3 and does no
longer fall back to the deprecated SCSI_IOCTL_SEND_COMMAND
(but this ioctl is still used for '-d 3ware' and '-d marvell,force').
- Linux smartd: Now prevents systemd unit startup timeout when many
devices are registered and then initially checked.
- Linux smartd: Systemd no longer reports a service failure if no device
is present and a '-q *nodev0*' option is used.
- Solaris SPARC: Dropped legacy ATA support. Dropped configure option
'--with-solaris-sparc-ata'.
- Windows: IOCTL_STORAGE_PROTOCOL_COMMAND variant for NVMe self-tests.
- Windows: Installer now defaults to 64-bit executables.
- Windows: No longer prints bogus 'Local Time' if enhanced TZ syntax is used.
- Windows: Workaround to keep backward compatibility with old versions
of Windows if some versions of MinGW-w64 are used.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 17:01:12 +0000 (19:01 +0200)]
screen: Update to version 4.9.1
- IPFire-3.x
- Update from version 4.9.0-2 to 4.9.1-1
- Changelog
4.9.1
* Support stop/parity bits on serial port (#23952)
* Add needed system headers in checks and return values
for implicit function declarations
* Fixes:
- Avoid zombies after shell exit (#25089)
- Missed signal sending permission check on failed
query messages (CVE-2023-24626)
- manpage fixes
- source code fixes during cleanup
- UTF-8 encoding can emit invalid UTF-8 sequences
for out of range unicode values (#62097)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 11:52:58 +0000 (13:52 +0200)]
texinfo: Update to version 7.0.3-1
- IPFire-3.x
- Update from version 7.0.1-1.1 to 7.0.3-1
- Changelog
7.0.3 (26 March 2023)
* texi2any
. fix performance regression when Perl binary extension (XS) modules
are not being used (e.g. with TEXINFO_XS=omit)
* info
. further fix of recoding of UTF-8 files to ASCII to avoid text
disappearing from nodes
. avoid possible freeze at start of a file with `-v nodeline=pointers'
7.0.2 (22 January 2023)
* texi2any
. do not distribute architecture-dependent files
. build fixed on OpenIndiana 11
* info
. further fix of recoding of UTF-8 files to ASCII
. fix check for presence of man pages on Solaris
* install-info
. fix build by avoiding function name clash on some platforms
. compiler warning re strncat silenced
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 11:39:42 +0000 (13:39 +0200)]
traceroute: Update to version 2.1.3-1
- IPFire-3.x
- Update from version 2.1.1-2 to 2.1.3-1
- Changelog
2.1.3
Fix command line parsing in wrappers.
2.1.2
Fix unprivileged ICMP tracerouting with Linux kernel >= 6.1
(Eric Dumazet, SF bug #14)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 11:30:56 +0000 (13:30 +0200)]
tree: Update to version 2.1.1-1
- IPFire-3.x
- Update from version 2.1.0-2 to 2.1.1-1
- Changelog
2.1.1
- Various spelling corrections.
- Fix issue where following links while doing JSON output would lead to
incorrect JSON output. (simonpmind)
- Fix issue where .info patterns relative to the .info file that did not use
a wildcard for matching the prefix were not matching files properly.
(German Lashevich)
- Added support for making trees from tab indented files (--fromtabfile)
(gitlab @AvidSeeker), also cleaned up some other issues in the fromfile
code.
- Fix buffer overflow in listdir() when file names are allowed to be longer
than 256 characters (like when using fromfile.) (Javier Jaramago Fernández)
- If when attempting to open a .gitignore or .info file from a top level
directory and failing, recursively check the parents for such a file. This
stops when successful at opening such a file. This behavior might in the
future be modified to open all such files in all parents to until root is
reached. (Damien Bezborodov) Note that this requires the use of realpath()
which I think may be an issue for some OSes.
- Fix issue where tree would never descend (-l) a symbolic link when a full
tree is gathered (--du/matchdirs/prune) (gitlab @6ramr)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 11:24:23 +0000 (13:24 +0200)]
tzdata: Update to version 2023c-1
- IPFire-3.x
- Update from verrsion 2022g-2 to 2023c-1
- Changelog
2023c
This release's code and data are identical to 2023a. In other words,
this release reverts all changes made in 2023b other than commentary, as
that appears to be the best of a bad set of short-notice choices for
modeling this week's daylight saving chaos in Lebanon. (Thanks to Rany
Hany for the heads-up about the government's announcement this week.)
2023b
The 2023b release of the tz code and data is available. It follows so
closely on the 2023a release because Lebanon's government announced that
Lebanon's spring-forward transition previously scheduled for the end of
this week has been delayed until April 20.
This release contains the following change:
Briefly:
Lebanon delays the start of DST this year.
Changes to future timestamps
This year Lebanon springs forward April 20/21 not March 25/26.
(Thanks to Saadallah Itani.)
2023a
Briefly:
Egypt now uses DST again, from April through October.
This year Morocco springs forward April 23, not April 30.
Palestine delays the start of DST this year.
Much of Greenland still uses DST from 2024 on.
America/Yellowknife now links to America/Edmonton.
tzselect can now use current time to help infer timezone.
The code now defaults to C99 or later.
Fix use of C23 attributes.
Changes to future timestamps
Starting in 2023, Egypt will observe DST from April's last Friday
through October's last Thursday. (Thanks to Ahmad ElDardiry.)
Assume the transition times are 00:00 and 24:00, respectively.
In 2023 Morocco's spring-forward transition after Ramadan
will occur April 23, not April 30. (Thanks to Milamber.)
Adjust predictions for future years accordingly. This affects
predictions for 2023, 2031, 2038, and later years.
This year Palestine will delay its spring forward from
March 25 to April 29 due to Ramadan. (Thanks to Heba Hamad.)
Make guesses for future Ramadans too.
Much of Greenland, represented by America/Nuuk, will continue to
observe DST using European Union rules. When combined with
Greenland's decision not to change the clocks in fall 2023,
America/Nuuk therefore changes from -03/-02 to -02/-01 effective
2023-10-29 at 01:00 UTC. (Thanks to Thomas M. Steenholdt.)
This change from 2022g doesn't affect timestamps until 2024-03-30,
and doesn't affect tm_isdst until 2023-03-25.
Changes to past timestamps
America/Yellowknife has changed from a Zone to a backward
compatibility Link, as it no longer differs from America/Edmonton
since 1970. (Thanks to Almaz Mingaleev.) This affects some
pre-1948 timestamps. The old data are now in 'backzone'.
Changes to past time zone abbreviations
When observing Moscow time, Europe/Kirov and Europe/Volgograd now
use the abbreviations MSK/MSD instead of numeric abbreviations,
for consistency with other timezones observing Moscow time.
Changes to code
You can now tell tzselect local time, to simplify later choices.
Select the 'time' option in its first prompt.
You can now compile with -DTZNAME_MAXIMUM=N to limit time zone
abbreviations to N bytes (default 255). The reference runtime
library now rejects POSIX-style TZ strings that contain longer
abbreviations, treating them as UTC. Previously the limit was
platform dependent and abbreviations were silently truncated to
16 bytes even when the limit was greater than 16.
The code by default is now designed for C99 or later. To build in
a C89 environment, compile with -DPORT_TO_C89. To support C89
callers of the tzcode library, compile with -DSUPPORT_C89. The
two new macros are transitional aids planned to be removed in a
future version, when C99 or later will be required.
The code now builds again on pre-C99 platforms, if you compile
with -DPORT_TO_C89. This fixes a bug introduced in 2022f.
On C23-compatible platforms tzcode no longer uses syntax like
'static [[noreturn]] void usage(void);'. Instead, it uses
'[[noreturn]] static void usage(void);' as strict C23 requires.
(Problem reported by Houge Langley.)
The code's functions now constrain their arguments with the C
'restrict' keyword consistently with their documentation.
This may allow future optimizations.
zdump again builds standalone with ckdadd and without setenv,
fixing a bug introduced in 2022g. (Problem reported by panic.)
leapseconds.awk can now process a leap seconds file that never
expires; this might be useful if leap seconds are discontinued.
Changes to commentary
tz-link.html has a new section "Coordinating with governments and
distributors". (Thanks to Neil Fuller for some of the text.)
To improve tzselect diagnostics, zone1970.tab's comments column is
now limited to countries that have multiple timezones.
Note that leap seconds are planned to be discontinued by 2035.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 11:05:33 +0000 (13:05 +0200)]
usbutils: Update to version 015-1
- IPFire-3.x
- Update from version 014-4 to 105-1
- Changelog
015
usb-devices: list the root devices in numerical order
usb-devices: use 'local' variable type to handle recursion
lsusb: remove unused wireless check
lsusb: remove wireless descriptor information
usb-devices: fix field width on device speed field
lsusb: fix up Midi Device specification devices
Fix an runtime error reported by undefind sanitizer
lsusb: Improve status display for SuperSpeedPlus hubs
lsusb-t: Fix recursive sorting on child devices.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 10:57:08 +0000 (12:57 +0200)]
util-linux: Update to version 2.39.2-1
- IPFire-3.x
- Update from version 2.38.1-3 to 2.39.2-1
- Changelogs for each version update are available at
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.39/v2.39.2-ChangeLog
for version 2.39.2 and for earlier versions by modifying the url
Alternatively the github commits can be reviewed at
https://github.com/util-linux/util-linux/commits/v2.39.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 10:38:41 +0000 (12:38 +0200)]
vala: Update to version 0.56.13-1
- IPFire-3.x
- Update from version 0.56.3-1.1 to 0.56.13-1
- Changelog
0.56.13
* Bindings:
- gtk4: Restore CssProvider.load_from_data() signature to take an array
[#1478]
0.56.12
* Regression fix:
- vala: Only transform default initializers of parameters [#1474]
* Bindings:
- gtk4: Preserve compatibility with <= 4.8.x [#1475]
0.56.11
* Various improvements and bug fixes:
- vala: Infer generic type from typeof() initializer of parameters
- girparser: Support glib:ref-func, glib:unref-func, copy-function
and free-function
* Bindings:
- gtk4: Update to 4.12.0
0.56.10
* Various improvements and bug fixes:
- codegen: Don't emit casts in static field initializers [#1459]
- parser: Reset tokens buffer when parsing a new source file
- vala: Output additional information when accessing unknown member
- vala: Allow "set" method of an container to return void or bool
- vala: Correctly handle possible null from SourceFile.get_source_line()
[#1464]
* Bindings:
- glib-2.0: Update return-type of HashTable.add/insert/replace() and
GenericSet.add() [#1465]
- linux: Add resolution field to Input.AbsInfo
- libpq: Fix a few binding errors
0.56.9
* Various improvements and bug fixes:
- codegen: Add missing EXTERN flag for GType function of error domains
[#1449]
- codegen: Improve handling of sealed classes [#1451]
- vala: Report an error when trying to chain up to inaccessible private
ctor [#1445]
- vala: Fix spaces for attributes when writing property accessors
- girwriter: Fix c:type attribute for real struct parameters [#1444]
- testrunner: Add support to check generated header
- manual: Update from wiki.gnome.org
* Bindings:
- gio-2.0: Ease implemention of GLib.ActionGroup [#1447]
- glib-2.0: Fix return-type of GLib.SourceOnceFunc [#1446]
- glib-2.0: Add ConvertError.{NO_MEMORY,EMBEDDED_NUL}
- gtk4: Pick up fix for Gdk.Toplevel.compute_size.size parameter
- vapi: Add documentation to GLib.Math that '-X -lm' may be needed when
compiling [#1388]
0.56.8
* Various improvements and bug fixes:
- codegen: Include "glib-object.h" when using GType/GBoxedCopyFunc
- valadoc: Backing method of lambda-expression isn't included in valadoc AST
- valadoc/tests: Add girwriter test
- build: Improve usage of AC_PATH_PROG() for valacs
- build: valadoc requires valac 0.18.1
* Bindings:
- gio-2.0: Add new symbols from 2.76
- glib-2.0: Add new symbols from 2.76
- glib-2.0: Fix binding of g_variant_type_n_items()
- gtk4: Don't skip AlertDialog ctor
0.56.7
* Various improvements and bug fixes:
- codegen:
+ Fix usage of lambda-expression from delegate initializer [#1428]
- vala:
+ Check type-argument count of interface prerequisites
+ Improve Symbol.to_string() to include TypeParameters
+ Improve error message for wrong number of type-arguments
+ Improve check of type_reference in ObjectCreationExpression
+ Allow inheritance from sealed class in bindings [#1036]
- Fix a couple of type-argument issues in vala itself
- g-i: Fix compiling with mingw clang
* Bindings:
- gio-2.0,glib-2.0,gtk+-3.0,gtk4: Fix a few binding issues
- glib-2.0: g_chdir is declared in <glib/gstdio.h>
0.56.6
* Regression fix:
- vala: Improve initialization of namespace fields with compound
literal [#1424]
* Bindings:
- gio-2.0,glib-2.0,gobject-2.0: Update 2.74 symbols
- webkit2gtk-4.*: Update to 2.40.0
- webkitgtk-6.0: Update to 2.40.0
0.56.5
* Various improvements and bug fixes:
- codegen:
+ Consistently handle GLib.Error as boxed type [#1418]
+ Add cast to accessor calls for generic property implementations
+ Use g_object_class_override_property to implement generic interface
properties [#1419]
+ Add declaration for register call of dynamic DBus interfaces [#1422]
- vala:
+ Correctly handle pre/post-increment expression as index of element
access [#1417]
+ Set proper value-type of unary ref/out expression in initializers [#1421]
+ Allow assignment of namespace fields with inline allocated arrays
- gtkmodule: Improve error messages
* Bindings:
- gtk4: Update to 4.10.1~40b154bf from 0.58
- gtk4: Add sealed to all the final types
- gtk+-3.0: Fix ToolPalette.icon_size get-accessor type
- webkitgtk-6.0: Update to 2.39.90
0.56.4
* Various improvements and bug fixes:
- codegen:
+ Add glib.h include for TRUE/FALSE literal
+ Append VALA_EXTERN also when using fast-vapi
+ Perform required casts for generic types of return-values and
in/out-parameters [#1407]
+ Correctly handle fixed-length array initialization of fields in classes
+ Perform required cast while assigning and passing function pointers [#1408]
+ Cast return value of generic type accessor functions [#1408]
+ Cast vfunc of property accessors by using cast_method_pointer() [#1408]
- vala:
+ Report error in real literal if exponent has no digits
+ Improve compatibility type checks of array elements in assignments
+ Improve missing exponent check for real literals
+ Better handling of [NoReturn] call inside finally clause
- Properly check for colored terminal output on Windows [#1383]
- Fix output decoding error of non-ASCII character on Win32 [#1379]
- parser: Properly handle chained equality expressions [#1385]
- manual: Update from wiki.gnome.org
* Bindings:
- cairo: Add missing Cairo.Pattern.get_rgba() [#1381]
- glib-2.0: Add `double_hash` and `double_equal`
- gtk4: Make Gtk.show_uri_full() an instance method of Gtk.Window [#1347]
- gtk4: Update workaround for DropTarget.drop() signal conflict [#1312]
- libgvc: Fix `cheader_filename` of the `Gvc` namespace
- pango: Fix a few binding errors
- pixman-1: Fix instance position of region copy methods
- webkit2gtk-*.*: Update to 2.37.91
- Add webkitgtk-6.0 bindings
- Update gnome-desktop-3.0 and gnome-desktop-4
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 20 Sep 2023 10:18:41 +0000 (12:18 +0200)]
vim: Update to version 9.0.1916-1
- IPFire-3.x
- Update from version 8.0.1184-3 to 9.0.1916-1
- Patches directory removed as the patch that was in there has now been included
into the vim tarball
- Changelog is the github commits at
https://github.com/vim/vim/commits/master
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 Sep 2023 13:01:30 +0000 (15:01 +0200)]
whois: Update to version 5.5.18
- IPFire-3.x
- Update from version 5.5.15 to 5.5.18
- Changelog
5.5.18
Updated the .ga TLD server. (Closes: #1037288)
Added new recovered IPv4 allocations.
Removed the delegation of 43.0.0.0/8 to JPNIC.
Removed 12 new gTLDs which are no longer active.
Improved the man page source, courtesy of Bjarni Ingi Gislason.
(Closes: #1040613)
Added the .edu.za SLD server.
Updated the .alt.za SLD server.
Added the -ru and -su NIC handles servers.
5.5.17
Added the .cd TLD server.
Updated the -kg NIC handles server name.
Removed 2 new gTLDs which are no longer active.
5.5.16
Add bash completion support, courtesy of Ville Skyttä.
Updated the .tr TLD server.
Removed support for -metu NIC handles.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is needed for the network stack.
The patch reverts https://github.com/systemd/systemd/commit/dd35a61
as systemd currently does not export sd-netlink.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 Sep 2023 12:46:26 +0000 (14:46 +0200)]
xxhash: Update to version 0.8.2
- IPFire-3.x
- Update from version 0.8.1 to 0.8.2
- Changelog major items. More details can be found at
https://github.com/Cyan4973/xxHash/releases/tag/v0.8.2
0.8.2
xxHash v0.8.2 is an incremental update featuring multiple small improvements
and fixes spread out over ~300 commits. Faster performance
Several updates by @easyaspi314 and @hzhuang1 impact arm platform, most
notably the neon code path. On the M1 Pro, this translates into +20% speed
for xxh3 and xxh128 (from 30.0 GB/s to 36 GB/s).
Some of the changes are generic, so other platforms can be affected too,
though typically to a lesser extend (~5%).
On wasm, speed fo xxh3 is improved by a large factor x2 to x3 (depending on
underlying hardware) through the use of simd128 (@easyaspi314). This is
especially efficient under the v8 js engine, notably used by chrome and
node.js.
Finally, @hzhuang1 added support for the arm's SVE vector extension. This
is useful for server-side aarch64 cpus with hardware support for wide
vectors, such as Fujitsu's A64FX.
Fixes and improvements
Notable fixes in this update include the resolution of issues with XXH3
S390x vector implementation, PowerPC vector compilation with IBM XL
compiler, and -Og compilation.
Furthermore, the command line interface (CLI) was refined with features
such as support for comment lines in check files and commands such as
--binary and --ignore-missing (@t-mat). Additionally, issues with filename
containing /LF character were resolved.
The build process was also refined, with improvements such as fixing
pkgconfig generation with cmake (@ilya-fedin), icc compilation, cmake
install directories, and new build options to reduce binary size
(@easyaspi314). Dedicated install targets were introduced (@ffontaine),
and support for DISPATCH mode in cmake was added (@hzhuang1).
In terms of portability, the update includes the SVE vector implementation
of XXH3, compatibility with freestanding environments using XXH_NO_STDLIB,
and the ability to build on Haiku. The code has also been validated on
m68k and risc-v.
Documentation
XXH3 finally has a written specification, thanks to @adrien1018 !
Source code can also be digested by doxygen to generate code documentation
automatically. An instance is now available at homepage.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 Sep 2023 12:06:41 +0000 (14:06 +0200)]
xz: Update to version 5.4.4
- IPFire-3.x
- Update from version 5.2.8 to 5.4.4
- Changelog is too large to include here. Details can be found at
https://github.com/tukaani-project/xz/releases
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 Sep 2023 11:53:42 +0000 (13:53 +0200)]
zlib: Update to version 1.3
- IPFire-3.x
- Update from version 1.2.13 to 1.3
- Changelog
1.3
Building using K&R (pre-ANSI) function definitions is no longer supported.
Fixed a bug in deflateBound() for level 0 and memLevel 9.
Fixed a bug when gzungetc() is used immediately after gzopen().
Fixed a bug when using gzflush() with a very small buffer.
Fixed a crash when gzsetparams() is attempted for a transparent write.
Fixed test/example.c to work with FORCE_STORED.
Fixed minizip to allow it to open an empty zip file.
Fixed reading disk number start on zip64 files in minizip.
Fixed a logic error in minizip argument processing.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 19 Sep 2023 11:42:17 +0000 (13:42 +0200)]
zstd: Update to version 1.5.5
- IPFire-s.x
- Update from version 1.5.2 to 1.5.5
- Changelog is too large to include here. See the following github page for the
details. https://github.com/facebook/zstd/releases
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 18 Sep 2023 14:16:54 +0000 (16:16 +0200)]
libxcrypt: Update to version 4.4.36
- IPFire3.x
- Update from version 4.4.33 to 4.4.36
- Changelog
Version 4.4.36
* Fix left over bits failing with Perl v5.38.0 (issue #173).
Version 4.4.35
* Fix build with Perl v5.38.0 (issue #170).
* Fix build with MinGW-w(32|64).
Version 4.4.34
* Update build-aux/m4/ax_valgrind_check.m4 to v23.
* Optimize some cast operation for performance in
lib/alg-yescrypt-platform.c.
* Add SHA-2 Maj() optimization proposed by Wei Dai in lib/alg-sha512.c.
* Explicitly clean the stack and context state after computation in
lib/alg-gost3411-2012-hmac.c, lib/alg-hmac-sha1.c, and lib/alg-sha256.c
(issue #168).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 18 Sep 2023 14:16:56 +0000 (16:16 +0200)]
apr-util: Update version to 1.6.3 and add libxcrypt as dependency
- IPFire3.x
- Update version from 1.6.1 to 1.6.3
- libxcrypt dependency required for apache
- Changelog
1.6.3
*) Correct a packaging issue in 1.6.2. The contents of the release were
correct, but the top level directory was misnamed.
1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
*) Teach configure how to find and build against MariaDB 10.2. PR 61517
[Kris Karas <bugs-a17 moonlit-rail.com>]
*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
prevented commoncrypto being enabled. [Graham Leggett]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
apr_dbm_gdbm will now also return error codes starting with
APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always
returning APR_EGENERAL. [Stefan Fritsch]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 17 Sep 2023 14:29:32 +0000 (16:29 +0200)]
apr: Update to version 1.7.4
- IPFire3.x
- Update from version 1.7.2 to 1.7.4
- Changelog
1.7.4
*) Fix a regression where writing to a file opened with both APR_FOPEN_APPEND
and APR_FOPEN_BUFFERED did not properly append the data on Windows.
(This regression was introduced in APR 1.7.3) [Evgeny Kotkov]
1.7.3
*) apr-1-config: Fix crosscompiling detection in apr-1-config. PR 66510
[Ruediger Pluem]
*) configure: Add --enable-sysv-shm to use SysV shared memory (shmget) if
available. [Ruediger Pluem]
*) apr_socket_sendfile: Use WSAIoctl() to get TransmitFile function
pointer on Windows. [Ivan Zhakov]
*) apr_dir_read: Do not request short file names on Windows 7
and later. [Ivan Zhakov]
*) apr_file_gets: Optimize for buffered files on Windows.
[Evgeny Kotkov]
*) Fix a deadlock when writing to locked files opened with APR_FOPEN_APPEND
on Windows. PR 50058. [Evgeny Kotkov]
*) Don't seek to the end when opening files with APR_FOPEN_APPEND on Windows.
[Evgeny Kotkov]
*) apr_file_write: Optimize large writes to buffered files on Windows.
[Evgeny Kotkov]
*) apr_file_read: Optimize large reads from buffered files on Windows.
[Evgeny Kotkov]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 17 Sep 2023 20:18:20 +0000 (20:18 +0000)]
sudo: Fix incorrect location of libsudo_utils.so
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 18 Sep 2023 10:04:29 +0000 (10:04 +0000)]
OpenSSL: Add missing Perl dependency
Reported-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 17 Sep 2023 13:42:04 +0000 (15:42 +0200)]
ppp: Update to version 2.5.0
- IPFire3.x
- Update from version 2.4.9 to 2.5.0
- Update based on the changes from ipfire2.x
- More work still needed once networking has been put in place.
define location of secrets and the IPFire3.x replacements for
the dialer, ip-up and ip_down helper scripts that were used in
IPFire2.x
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 17 Sep 2023 13:39:23 +0000 (13:39 +0000)]
ipfire-release: Install a lot of useful packages
This is a list of packages that should be installed on the core system.
If that is impossible for whatever reason, we won't break the
installation because of these.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / pmueller / ipfire-3.x.git / log
