Adolf Belka [Wed, 9 Nov 2022 18:27:59 +0000 (19:27 +0100)]
iotop: Modified rootfile with python-3.10.8
- rootfile for iotop is significantly different with python-3.10.8 compared to 3.10.1
Many entries now missing and iotop placed in bin instead of sbin despite source tarball
setup.py having a "dirty hack to make sure iotop is installed in sbin instead of bin"
- Added lines to lfs to move iotop from /bin to /sbin
- Tested iotop out with python-3.10.8 installed vm system and it worked without any
problems, the same as the existing version running with python-3.10.1
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 18:24:06 +0000 (19:24 +0100)]
libplist: Update rootfile for operation with python-3.10.8
- With python-3.10.8 the plist.so is no longer available in the site packages.
libplist libraries are still available.
- libplist is only used as a dependency for shairport-sync
Tested by installing shairport-sync and starting/stopping it. Started and stopped
successfully without any error messages. This would suggest that the libplist
libraries are probably being picked up successfully. Cannot test properly as I have
no Apple/iOS or related products.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 17:38:37 +0000 (18:38 +0100)]
python3-flit:Modify lfs to work with python-3.10.8
- The change to python-3.10.8 caused the rootfile to have temp build files from /root/.cache
to be included in it. Added commands to remove these temp build files so they were not
included to the rootfile.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 17:34:39 +0000 (18:34 +0100)]
python3-urllib3:Update to version 1.26.12 and to work with python-3.10.8
- Updated from version 1.26.9 to 1.26.12
- Update of rootfile
- Changelog
1.26.12 (2022-08-22)
* Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module.
Both will be removed in v2.x. See this `GitHub issue <https://github.com/urllib3/urllib3/issues/2680>`_
for justification and info on how to migrate.
1.26.11 (2022-07-25)
* Fixed an issue where reading more than 2 GiB in a call to ``HTTPResponse.read`` would
raise an ``OverflowError`` on Python 3.9 and earlier.
1.26.10 (2022-07-07)
* Removed support for Python 3.5
* Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP
instead of HTTPS could appear even when an HTTPS proxy wasn't configured.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 17:31:32 +0000 (18:31 +0100)]
python3-typing_extensions:Update to version 4.4.0 and to work with python-3.10.8
- Updated from version 4.1.1 to 4.4.0
- Update of rootfile
- Changelog
# Release 4.4.0 (October 6, 2022)
- Add `typing_extensions.Any` a backport of python 3.11's Any class which is
subclassable at runtime. (backport from python/cpython#31841, by Shantanu
and Jelle Zijlstra). Patch by James Hilton-Balfe (@Gobot1234).
- Add initial support for TypeVarLike `default` parameter, PEP 696.
Patch by Marc Mueller (@cdce8p).
- Runtime support for PEP 698, adding `typing_extensions.override`. Patch by
Jelle Zijlstra.
- Add the `infer_variance` parameter to `TypeVar`, as specified in PEP 695.
Patch by Jelle Zijlstra.
# Release 4.3.0 (July 1, 2022)
- Add `typing_extensions.NamedTuple`, allowing for generic `NamedTuple`s on
Python <3.11 (backport from python/cpython#92027, by Serhiy Storchaka). Patch
by Alex Waygood (@AlexWaygood).
- Adjust `typing_extensions.TypedDict` to allow for generic `TypedDict`s on
Python <3.11 (backport from python/cpython#27663, by Samodya Abey). Patch by
Alex Waygood (@AlexWaygood).
# Release 4.2.0 (April 17, 2022)
- Re-export `typing.Unpack` and `typing.TypeVarTuple` on Python 3.11.
- Add `ParamSpecArgs` and `ParamSpecKwargs` to `__all__`.
- Improve "accepts only single type" error messages.
- Improve the distributed package. Patch by Marc Mueller (@cdce8p).
- Update `typing_extensions.dataclass_transform` to rename the
`field_descriptors` parameter to `field_specifiers` and accept
arbitrary keyword arguments.
- Add `typing_extensions.get_overloads` and
`typing_extensions.clear_overloads`, and add registry support to
`typing_extensions.overload`. Backport from python/cpython#89263.
- Add `typing_extensions.assert_type`. Backport from bpo-46480.
- Drop support for Python 3.6. Original patch by Adam Turner (@AA-Turner).
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 17:23:20 +0000 (18:23 +0100)]
python3-setuptools:Update to version 65.4.1 and to work with python-3.10.8
- Updated from version 62.0.0 to 65.4.1
- Update of rootfile
- Changelog is too large to include here. Details can be found in the CHANGES.rst file
in the source tarball. Most of the changes are bug fixes
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 17:20:52 +0000 (18:20 +0100)]
python3-semantic_version:Update to version 2.10.0 and to work with python-3.10.8
- Updated from version 2.9.0 to 2.10.0
- Update of rootfile
- Changelog
2.10.0 (2022-05-26)
*New:*
* `132 <https://github.com/rbarrois/python-semanticversion/issues/132>`_:
Ensure sorting a collection of versions is always stable, even with
build metadata.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 17:16:09 +0000 (18:16 +0100)]
python3-rsa:Update to version 4.9 and to work with python-3.10.8
- Updated from version 4.8 to 4.9
- Update of rootfile
- Changelog
## Version 4.9 - release 2022-07-20
- Remove debug logging from `rsa/key.py`
([#194](https://github.com/sybrenstuvel/python-rsa/issues/194)).
- Remove overlapping slots in `PrivateKey` and `PublicKey`.
([#189](https://github.com/sybrenstuvel/python-rsa/pull/189)).
- Do not include CHANGELOG/LICENSE/README.md in wheel
([#191](https://github.com/sybrenstuvel/python-rsa/pull/191)).
- Fixed Key Generation Unittest: Public and Private keys are assigned the wrong way around
([#188](https://github.com/sybrenstuvel/python-rsa/pull/188)).
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 17:12:37 +0000 (18:12 +0100)]
python3-requests:Update to version 2.28.1 and to work with python-3.10.8
- Updated from version 2.27.1 to 2.28.1
- Update of rootfile
- Changelog
2.28.1 (2022-06-29)
**Improvements**
- Speed optimization in `iter_content` with transition to `yield from`. (#6170)
**Dependencies**
- Added support for chardet 5.0.0 (#6179)
- Added support for charset-normalizer 2.1.0 (#6169)
2.28.0 (2022-06-09)
**Deprecations**
- ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (#6091)
- Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091)
**Improvements**
- Wrap JSON parsing issues in Request's JSONDecodeError for payloads without
an encoding to make `json()` API consistent. (#6097)
- Parse header components consistently, raising an InvalidHeader error in
all invalid cases. (#6154)
- Added provisional 3.11 support with current beta build. (#6155)
- Requests got a makeover and we decided to paint it black. (#6095)
**Bugfixes**
- Fixed bug where setting `CURL_CA_BUNDLE` to an empty string would disable
cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)
- Fixed urllib3 exception leak, wrapping `urllib3.exceptions.SSLError` with
`requests.exceptions.SSLError` for `content` and `iter_content`. (#6057)
- Fixed issue where invalid Windows registry entires caused proxy resolution
to raise an exception rather than ignoring the entry. (#6149)
- Fixed issue where entire payload could be included in the error message for
JSONDecodeError. (#6036)
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 17:08:01 +0000 (18:08 +0100)]
python3-pytz:Update to version 2022.4 and to work with python-3.10.8
- Updated from version 2022.1 to 2022.4
- Update of rootfile
- Changelog
2022.4
An update to pytz has been released, containing the IANA 2022d timezone database.
There are no code changes.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 14:41:17 +0000 (15:41 +0100)]
python3-pyparsing:Update to version 3.0.9 and to work with python-3.10.8
- Updated from version 3.0.7 to 3.0.9
- Update of rootfile
- Changelog
Version 3.0.9 -
- Added Unicode set `BasicMultilingualPlane` (may also be referenced
as `BMP`) representing the Basic Multilingual Plane (Unicode
characters up to code point 65535). Can be used to parse
most language characters, but omits emojis, wingdings, etc.
Raised in discussion with Dave Tapley (issue #392).
- To address mypy confusion of `pyparsing.Optional` and `typing.Optional`
resulting in `error: "_SpecialForm" not callable` message
reported in issue #365, fixed the import in exceptions.py. Nice
sleuthing by Iwan Aucamp and Dominic Davis-Foster, thank you!
(Removed definitions of `OptionalType`, `DictType`, and `IterableType`
and replaced them with `typing.Optional`, `typing.Dict`, and
`typing.Iterable` throughout.)
- Fixed typo in jinja2 template for railroad diagrams, thanks for the
catch Nioub (issue #388).
- Removed use of deprecated `pkg_resources` package in
railroad diagramming code (issue #391).
- Updated bigquery_view_parser.py example to parse examples at
https://cloud.google.com/bigquery/docs/reference/legacy-sql
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 14:37:32 +0000 (15:37 +0100)]
python3-pyfuse3:Update to version 3.2.2 and to work with python-3.10.8
- Updated from version 3.2.1 to 3.2.2
- Version 3.2.2 is a cythonised version of 3.2.1 resulting in no longer requiring Cython
- Update of rootfile
- Changelog
Release 3.2.2 (2022-09-28)
* remove support for python 3.5 (broken, out of support by python devs)
* cythonize with latest Cython 0.29.x (brings Python 3.11 support)
* use github actions for CI, remove travis-ci
* update README: minimal maintenance, not developed
* update setup.py with tested python versions
* examples/tmpfs.py: work around strange kernel behaviour (calling SETATTR after
UNLINK of a (not open) file): respond with ENOENT instead of crashing.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 14:28:45 +0000 (15:28 +0100)]
python3-idna:Update to version 3.4 and to work with python-3.10.8
- Updated from version 3.3 to 3.4
- Update of rootfile
- Changelog
3.4 (2022-09-14)
- Update to Unicode 15.0.0
- Migrate to pyproject.toml for build information (PEP 621)
- Correct another instance where generic exception was raised instead of
IDNAError for malformed input
- Source distribution uses zeroized file ownership for improved
reproducibility
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 14:21:51 +0000 (15:21 +0100)]
python3-docutils:Update to version 0.19 and to work with python-3.10.8
- Updated from version 0.18.1 to 0.19
- Update of rootfile
- Changelog
Release 0.19 (2022-07-05)
* General
- Dropped support for Python 2.7, 3.5, and 3.6. and removed compatibility
hacks from code and tests.
- Code cleanup,
check PEP 8 conformity with `flake8` (exceptions in file tox.ini).
* docutils/__main__.py
- New module. Support for ``python -m docutils``.
Also used for the ``docutils`` console script `entry point`.
* docutils/core.py:
- Let `Publisher.publish()` print info and prompt when waiting for input
from a terminal (cf. https://clig.dev/#interactivity).
- Respect "input_encoding_error_handler" setting when opening a source.
* docutils/io.py
- New function `error_string()`
obsoletes `utils.error_reporting.ErrorString`.
- Class `ErrorOutput` moved here from `utils/error_reporting`.
- Use "utf-8-sig" instead of Python's default encoding if the
"input_encoding" setting is None.
- Fix error when reading of UTF-16 encoded source without trailing newline.
* docutils/parsers/__init__.py
- Aliases "markdown" and "commonmark" point to "commonmark_wrapper".
- Alias for the "myst" parser (https://pypi.org/project/myst-docutils).
- Use absolute module names in `_parser_aliases` instead of two
import attempts. (Keeps details if the `recommonmark_wrapper.py` module
raises an ImportError.)
- Prepend parser name to ImportError if importing a parser class fails.
* docutils/parsers/commonmark_wrapper.py
- New module for parsing CommonMark input. Selects a locally installed
3rd-party parser (pycmark, myst, or recommonmark).
* docutils/parsers/recommonmark_wrapper.py
- Raise ImportError, if import of the upstream parser module fails.
If called from an `"include" directive`_,
the system-message now has source/line info.
- Adapt to and test with "recommonmark" versions 0.6.0 and 0.7.1.
.. _"include" directive: docs/ref/rst/directives.html#include
* docutils/parsers/rst/__init__.py
- Update PEP base URL (fixes bug #445),
use "https:" scheme in RFC base URL.
- Add `reporter` to `Directive` class attributes.
* docutils/parsers/rst/directives/__init__.py
- `parser_name()` keeps details if converting ImportError to ValueError.
* docutils/parsers/rst/roles.py
- Don't use mutable default values for function arguments. Fixes bug #430.
* docutils/transforms/universal.py
- Fix bug #435: invalid references in `problematic` nodes
with report_level=4.
* docutils/utils/__init__.py
- `decode_path()` returns `str` instance instead of `nodes.reprunicode`.
* docutils/utils/error_reporting.py
- Add deprecation warning.
* docutils/writers/_html_base.py
- Add "html writers" to `config_section_dependencies`. Fixes bug #443.
- Write table column widths with 3 digits precision. Fixes bug #444.
* docutils/writers/html5_polyglot/__init__.py
- Add space before "charset" meta tag closing sequence.
- Remove class value "controls" from an `image` node with video content
after converting it to a "control" attribute of the <video> tag.
- Wrap groups of footnotes in an ``<aside>`` for easier styling.
* docutils/writers/pep_html/
- Use "https:" scheme in "python_home" URL default.
- Fix links in template.txt.
* setup.py:
- New "docutils" console script `entry point`__. Fixes bug #447.
__ https://packaging.python.org/en/latest/specifications/entry-points/
* test/alltests.py
- Always encode the log file "alltests.out" using 'utf-8'.
* test/DocutilsTestSupport.py
- `exception_data()` now returns None if no exception was raised.
- `recommonmark_wrapper` only imported if upstream parser is present.
* test/test_parsers/test_rst/test_directives/test_tables.py
- Fix bug #436: Null char valid in CSV since Python 3.11.
* tools/docutils-cli.py
- Allow 3rd-party drop-in components for reader and parser, too.
- Fix help output.
- Actual code moved to docutils.__main__.py.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 14:18:11 +0000 (15:18 +0100)]
python3-colorama:Update to version 0.4.5 and to work with python-3.10.8
- Updated from version 0.4.4 to 0.4.5
- Update of rootfile
- Changelog
0.4.5
* Catch a racy ValueError that could occur on exit.
* Create README-hacking.md, for Colorama contributors.
* Tweak some README unicode characters that don't render correctly on PyPI.
* Fix some tests that were failing on some operating systems.
* Add support for Python 3.9.
* Add support for PyPy3.
* Add support for pickling with the ``dill`` module.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 14:16:03 +0000 (15:16 +0100)]
python3-click:Update to version 8.1.3 and to work with python-3.10.8
- Updated from version 8.1.2 to 8.1.3
- Update of rootfile
- Changelog
Version 8.1.3
- Use verbose form of ``typing.Callable`` for ``@command`` and
``@group``. :issue:`2255`
- Show error when attempting to create an option with
``multiple=True, is_flag=True``. Use ``count`` instead.
:issue:`2246`
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 14:10:37 +0000 (15:10 +0100)]
python3-circuitbreaker:Update to version 1.4.0 and to work with python-3.10.8
- Updated from version 1.3.2 to 1.4.0
- Update of rootfile
- Changelog
1.4.0 Latest
The circuitbreaker project has been classified as "Critical Project" on PyPI, meaning it belongs to the top 1% of all projects on PyPI based on the downloads over the last 6 months. We're working an important peace here 🙂
Fallback Function
By default, the circuit breaker will raise a CircuitBreaker exception when the circuit is opened. You can instead specify a function to be called when the circuit is opened. This function can be specified with the fallback_function parameter and will be called with the same parameters as the decorated function would be.
Custom callable for handling exceptions
The logic for handling thrown exceptions as failures can now be customized by passing a callable. The callable will be passed the exception type and value, and should return True if the exception should be treated as a failure.
Monotonic clock
Using the wall clock to measure durations is vulnerable to changes in the system clock causing misbehavior - a clock accidentally set far in the future and later reset could result in the circuit breaker remaining open for a great deal longer than expected. To solve this, a monotonic clock is now used for timing open states.
Circuitbreaker default name
The circuitbreaker default names are now taken from __qualname__ if available for more precise default naming.
Fixes and tooling
the project is now built on Github Action instead of Travis CI
building for python 3.10
applied smaller flake8 fixes
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 14:06:24 +0000 (15:06 +0100)]
python3-charset-normalizer:Update to version 2.1.1 and to work with python-3.10.8
- Updated from version 2.0.12 to 2.1.1
- Update of rootfile
- Changelog
## [2.1.1](https://github.com/Ousret/charset_normalizer/compare/2.1.0...2.1.1) (2022-08-19)
### Deprecated
- Function `normalize` scheduled for removal in 3.0
### Changed
- Removed useless call to decode in fn is_unprintable (#206)
### Fixed
- Third-party library (i18n xgettext) crashing not recognizing utf_8 (PEP 263) with underscore from [@aleksandernovikov](https://github.com/aleksandernovikov) (#204)
## [2.1.0](https://github.com/Ousret/charset_normalizer/compare/2.0.12...2.1.0) (2022-06-19)
### Added
- Output the Unicode table version when running the CLI with `--version` (PR #194)
### Changed
- Re-use decoded buffer for single byte character sets from [@nijel](https://github.com/nijel) (PR #175)
- Fixing some performance bottlenecks from [@deedy5](https://github.com/deedy5) (PR #183)
### Fixed
- Workaround potential bug in cpython with Zero Width No-Break Space located in Arabic Presentation Forms-B, Unicode 1.1 not acknowledged as space (PR #175)
- CLI default threshold aligned with the API threshold from [@oleksandr-kuzmenko](https://github.com/oleksandr-kuzmenko) (PR #181)
### Removed
- Support for Python 3.5 (PR #192)
### Deprecated
- Use of backport unicodedata from `unicodedata2` as Python is quickly catching up, scheduled for removal in 3.0 (PR #194)
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 14:03:47 +0000 (15:03 +0100)]
python3-cffi:Update to version 1.15.1 and to work with python-3.10.8
- Updated from version 1.15.0 to 1.15.1
- Update of rootfile
- Changelog
v1.15.1
If you call ffi.embedding_api() but don’t write any extern “Python” function there, then the resulting C code would fail an assert. Fixed.
Updated Windows/arm64 embedded libffi static lib to v3.4.2, and scripted to ease future updates (thanks Niyas Sait!)
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 13:53:02 +0000 (14:53 +0100)]
python3-attrs:Update to version 22.1.0 and to work with python-3.10.8
- Updated from version 21.4.0 to 22.1.0
- Update of rootfile
- Changelog
22.1.0 (2022-07-28)
Backwards-incompatible Changes
- Python 2.7 is not supported anymore.
Dealing with Python 2.7 tooling has become too difficult for a volunteer-run project.
We have supported Python 2 more than 2 years after it was officially discontinued and feel that we have paid our dues.
All version up to 21.4.0 from December 2021 remain fully functional, of course.
`#936 <https://github.com/python-attrs/attrs/issues/936>`_
- The deprecated ``cmp`` attribute of ``attrs.Attribute`` has been removed.
This does not affect the *cmp* argument to ``attr.s`` that can be used as a shortcut to set *eq* and *order* at the same time.
`#939 <https://github.com/python-attrs/attrs/issues/939>`_
Changes
- Instantiation of frozen slotted classes is now faster.
`#898 <https://github.com/python-attrs/attrs/issues/898>`_
- If an ``eq`` key is defined, it is also used before hashing the attribute.
`#909 <https://github.com/python-attrs/attrs/issues/909>`_
- Added ``attrs.validators.min_len()``.
`#916 <https://github.com/python-attrs/attrs/issues/916>`_
- ``attrs.validators.deep_iterable()``'s *member_validator* argument now also accepts a list of validators and wraps them in an ``attrs.validators.and_()``.
`#925 <https://github.com/python-attrs/attrs/issues/925>`_
- Added missing type stub re-imports for ``attrs.converters`` and ``attrs.filters``.
`#931 <https://github.com/python-attrs/attrs/issues/931>`_
- Added missing stub for ``attr(s).cmp_using()``.
`#949 <https://github.com/python-attrs/attrs/issues/949>`_
- ``attrs.validators._in()``'s ``ValueError`` is not missing the attribute, expected options, and the value it got anymore.
`#951 <https://github.com/python-attrs/attrs/issues/951>`_
- Python 3.11 is now officially supported.
`#969 <https://github.com/python-attrs/attrs/issues/969>`_
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Nov 2022 13:49:44 +0000 (14:49 +0100)]
python3-arrow:Update to version 1.2.3 and to work with python-3.10.8
- Updated from version 1.2.2 to 1.2.3
- Update of rootfile
- Changelog
1.2.3 (2022-06-25)
- [NEW] Added Amharic, Armenian, Georgian, Laotian and Uzbek locales.
- [FIX] Updated Danish locale and associated tests.
- [INTERNAl] Small fixes to CI.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 8 Nov 2022 22:37:39 +0000 (23:37 +0100)]
rust-pyo3:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2
- Update of rootfile
- Changelog
## [0.15.2] - 2022-04-14
### Packaging
- Backport of PyPy 3.9 support from PyO3 0.16. [#2262](https://github.com/PyO3/pyo3/pull/2262)
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 8 Nov 2022 22:09:37 +0000 (23:09 +0100)]
rust-chrono:Update to version 0.4.22 required by python3-cryptography
- Updated from version 0.4.19 to 0.4.22
- Update of rootfile
- Update of metadata patch as more windows related entries in Cargo.toml to be excluded
- Changelog
## 0.4.22
* Allow wasmbindgen to be optional on `wasm32-unknown-unknown` target [(#771)](https://github.com/chronotope/chrono/pull/771)
* Fix compile error for `x86_64-fortanix-unknown-sgx` [(#767)](https://github.com/chronotope/chrono/pull/767)
* Update `iana-time-zone` version to 1.44 [(#773)](https://github.com/chronotope/chrono/pull/773)
## 0.4.21
* Fall back to UTC timezone in cases where no timezone is found [(#756)](https://github.com/chronotope/chrono/pull/756)
* Correctly detect timezone on Android [(#756)](https://github.com/chronotope/chrono/pull/756)
* Improve documentation for strftime `%Y` specifier [(#760)](https://github.com/chronotope/chrono/pull/760)
## 0.4.20
* Add more formatting documentation and examples.
* Add support for microseconds timestamps serde serialization/deserialization (#304)
* Fix `DurationRound` is not TZ aware (#495)
* Implement `DurationRound` for `NaiveDateTime`
* Implement `std::iter::Sum` for `Duration`
* Add `DateTime::from_local()` to construct from given local date and time (#572)
* Add a function that calculates the number of years elapsed between now and a given `Date` or `DateTime` (#557)
* Correct build for wasm32-unknown-emscripten target (#568)
* Change `Local::now()` and `Utc::now()` documentation from "current date" to "current date and time" (#647)
* Fix `duration_round` panic on rounding by `Duration::zero()` (#658)
* Add optional rkyv support.
* Add support for microseconds timestamps serde serialization for `NaiveDateTime`.
* Add support for optional timestamps serde serialization for `NaiveDateTime`.
* Fix build for wasm32-unknown-emscripten (@yu-re-ka #593)
* Make `ParseErrorKind` public and available through `ParseError::kind()` (#588)
* Implement `DoubleEndedIterator` for `NaiveDateDaysIterator` and `NaiveDateWeeksIterator`
* Fix panicking when parsing a `DateTime` (@botahamec)
* Add support for getting week bounds based on a specific `NaiveDate` and a `Weekday` (#666)
* Remove libc dependency from Cargo.toml.
* Add the `and_local_timezone` method to `NaiveDateTime`
* Fix the behavior of `Duration::abs()` for negative durations with non-zero nanos
* Add compatibility with rfc2822 comments (#733)
* Make `js-sys` and `wasm-bindgen` enabled by default when target is `wasm32-unknown-unknown` for ease of API discovery
* Add the `Months` struct and associated `Add` and `Sub` impls
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 8 Nov 2022 22:01:05 +0000 (23:01 +0100)]
python3-cryptography:Update to version 38.0.1 and to work with python-3.10.8
- Updated from version 36.0.2 to 38.0.1
- Update of rootfile
- Changelog
38.0.1 - 2022-09-07
Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs).
38.0.0 - 2022-09-06
Final deprecation of OpenSSL 1.1.0. The next release of cryptography will drop support.
We no longer ship many linux 2010 wheels. Users should upgrade to the latest pip to ensure this doesn’t cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms.
Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required.
decrypt() and related methods now accept both str and bytes tokens.
Parsing CertificateSigningRequest restores the behavior of enforcing that the Extension critical field must be correctly encoded DER. See the issue for complete details.
Added two new OpenSSL functions to the bindings to support an upcoming pyOpenSSL release.
When parsing CertificateRevocationList and CertificateSigningRequest values, it is now enforced that the version value in the input must be valid according to the rules of RFC 2986 and RFC 5280.
Using MD5 or SHA1 in CertificateBuilder and other X.509 builders is deprecated and support will be removed in the next version.
Added additional APIs to SignedCertificateTimestamp, including signature_hash_algorithm, signature_algorithm, signature, and extension_bytes.
Added tbs_precertificate_bytes, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification.
KBKDFHMAC and KBKDFCMAC now support MiddleFixed counter location.
Fixed RFC 4514 name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method from_rfc4514_string().
It is now possible to customize some aspects of encryption when serializing private keys, using encryption_builder().
Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade.
Added AES128 and AES256 classes. These classes do not replace AES (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length.
37.0.4 - 2022-07-05
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5.
37.0.3 - 2022-06-21 (YANKED)¶
Attention
This release was subsequently yanked from PyPI due to a regression in OpenSSL.
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4.
37.0.2 - 2022-05-03
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.3.
Added a constant needed for an upcoming pyOpenSSL release.
37.0.1 - 2022-04-27
Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error.
Restored some legacy symbols for older pyOpenSSL users. These will be removed again in the future, so pyOpenSSL users should still upgrade to the latest version of that package when they upgrade cryptography.
37.0.0 - 2022-04-26
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+.
BACKWARDS INCOMPATIBLE: Removed signer and verifier methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to sign and verify.
Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of cryptography will be the last to support compiling with OpenSSL 1.1.0.
Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future cryptography release.
Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required.
Deprecated CAST5, SEED, IDEA, and Blowfish because they are legacy algorithms with extremely low usage. These will be removed in a future version of cryptography.
Added limited support for distinguished names containing a bit string.
We now ship universal2 wheels on macOS, which contain both arm64 and x86_64 architectures. Users on macOS should upgrade to the latest pip to ensure they can use this wheel, although we will continue to ship x86_64 specific wheels for now to ease the transition.
This will be the final release for which we ship manylinux2010 wheels. Going forward the minimum supported manylinux ABI for our wheels will be manylinux2014. The vast majority of users will continue to receive manylinux wheels provided they have an up to date pip. For PyPy wheels this release already requires manylinux2014 for compatibility with binaries distributed by upstream.
Added support for multiple OCSPSingleResponse in a OCSPResponse.
Restored support for signing certificates and other structures in X.509 with SHA3 hash algorithms.
TripleDES is disabled in FIPS mode.
Added support for serialization of PKCS#12 CA friendly names/aliases in serialize_key_and_certificates()
Added support for 12-15 byte (96 to 120 bit) nonces to AESOCB3. This class previously supported only 12 byte (96 bit).
Added support for AESSIV when using OpenSSL 3.0.0+.
Added support for serializing PKCS7 structures from a list of certificates with serialize_certificates.
Added support for parsing RFC 4514 strings with from_rfc4514_string().
Added AUTO to PSS. This can be used to verify a signature where the salt length is not already known.
Added DIGEST_LENGTH to PSS. This constant will set the salt length to the same length as the PSS hash algorithm.
Added support for loading RSA-PSS key types with load_pem_private_key() and load_der_private_key(). This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 8 Nov 2022 21:49:34 +0000 (22:49 +0100)]
python3-setuptools-scm:Update to version 7.0.5 and to work with python-3.10.8
- Updated from version 6.4.2 to 7.0.5
- Update of rootfile
- Changelog
v7.0.5
Merge pull request #746 from RonnyPfannschmidt/release-prep
v7.0.4
Merge pull request #739 from RonnyPfannschmidt/fix-738-protect-relative-to
v7.0.3
What's Changed
Hg / pip compatibility by @paugier in #729
fix #728: remove git arguments that triggered wrong branch names by @RonnyPfannschmidt in #730
fix #691 - support root in pyproject.toml even for cli by @RonnyPfannschmidt in #731
fix #727: correctly handle incomplete archivals from setuptools_scm_g… by @RonnyPfannschmidt in #732
cleanup pyproject loading and allow cli relative roots to be specified by @RonnyPfannschmidt in #736
Update the README: document support for Git archives by @Changaco in #734
v7.0.2
Merge pull request #724 from RonnyPfannschmidt/fix-722-self-bootstrap
v7.0.1
Merge pull request #719 from kojiromike/missing-importlib
v7.0.0
pre-commit update
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 8 Nov 2022 21:42:03 +0000 (22:42 +0100)]
python3-setuptools-rust:Update to version 1.5.2 and to work with python-3.10.8
- Updated from version 1.2.0 to 1.5.2
- Update of rootfile
- Changelog
v1.5.2
Fixed
Fix regression in dylib build artifacts not being found since 1.5.0. #290
Fix regression in sdist missing examples and other supplementary files since 1.5.0. #291
v1.5.1
Fixed
Fix regression in get_lib_name crashing since 1.5.0. #280
Fix regression in Binding.Exec builds with multiple executables not finding built executables since 1.5.0. #283
v1.5.0
Added
Add support for extension modules built for wasm32-unknown-emscripten with Pyodide. #244
Changed
Locate cdylib artifacts by handling messages from cargo instead of searching target dir (fixes build on MSYS2). #267
No longer guess cross-compile environment using HOST_GNU_TYPE / BUILD_GNU_TYPE sysconfig variables. #269
Fixed
Fix RustBin build without wheel. #273
Fix RustBin setuptools install. #275
v1.4.1
Fixed
Fix crash when checking Rust version. #263
v1.4.0
Packaging
Increase minimum setuptools version to 62.4. #222
Added
Add cargo_manifest_args to support locked, frozen and offline builds. #234
Add RustBin for packaging binaries in scripts data directory. #248
Changed
Exec binding RustExtension with script=True is deprecated in favor of RustBin. #248
Errors while calling cargo metadata are now reported back to the user #254
quiet option will now suppress output of cargo metadata. #256
setuptools-rust will now match cargo behavior of not setting --target when the selected target is the rust host. #258
Deprecate native option of RustExtension. #258
Fixed
If the sysconfig for BLDSHARED has no flags, setuptools-rust won't crash anymore. #241
v1.3.0
Packaging
Increase minimum setuptools version to 58. #222
Fixed
Fix crash when python-distutils-extra linux package is installed. #222
Fix sdist built with vendored dependencies on Windows having incorrect cargo config. #223
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 8 Nov 2022 21:25:46 +0000 (22:25 +0100)]
python3-daemon: Update to version 2.3.1 and to work with python-3.10.8
- Updated from version 2.3.0 to 2.3.1
- Update of rootfile
- Changelog
Version 2.3.1
Bugs Fixed:
* Avoid operations on a closed stream file when detecting a socket. Closes: Pagure #64. Thanks to Mark Richman for the report.
* Correct use of names to allow `from daemon import *`. Closes: Pagure #65. Thanks to July Tikhonov for the report.
Changed:
* Speed daemon start time by computing candidate file descriptors once. Closes: Pagure #40. Thanks to Alex Pyrgiotis for the report.
* Remove incorrect double-patch of objects in test cases. Closes: Pagure #62. Thanks to Miro Hrončok for the report.
* Deprecate helper function `is_socket`.
The function incorrectly causes `ValueError` when the file object is already
closed. Migrate to the new `is_socket_file` helper function instead.
Removed:
* Drop backward-compatible helpers that provided Python 2 support.
* declaration of source encoding ‘utf-8’
* absolute_import
* unicode_literals
* module-level metaclass `type`
* unification of str with unicode type
* renamed standard library exceptions and modules
* raise exception from context exception
All these are default behaviour in Python 3 and need no special
handling.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 8 Nov 2022 21:08:44 +0000 (22:08 +0100)]
python3-build: Update to version 0.8.0 and to work with python-3.10.8
- Updated from version 0.7.0 to 0.8.0
- Update of rootfile
- Changelog
0.8.0 (2022-05-22)
Accept os.PathLike[str] in addition to str for paths in public API
(PR #392, Fixes #372)
Add schema validation for build-system table to check conformity with PEP 517
and PEP 518 (PR #365, Fixes #364)
Better support for Python 3.11 (sysconfig schemes PR #434, PR #463,
tomllib PR #443, warnings PR #420)
Improved error printouts (PR #442)
Avoid importing packaging unless needed (PR #395, Fixes #393)
Breaking Changes
Failure to create a virtual environment in the build.env module now raises
build.FailedProcessError (PR #442)
- As far as I can tell IPFire does not use the build.env module and the built iso
installed successfully
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 8 Nov 2022 20:53:19 +0000 (21:53 +0100)]
make.sh: Addition, deletion and re-orderiong of packages for Python-3.10.8
- Addition of rust-iana-time-zone and removal of python3-Cython as updated python3-pyfuse
can be built now without Cython.
- python3-toml and python3-pyproject2setuppy moved earlier as updated python3-pyparsing
no longer has setup.py file
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Tue, 8 Nov 2022 20:45:43 +0000 (21:45 +0100)]
python3: Update to version 3.10.8
- Update from version 3.10.1 to 3.10.8
- Update of rootfile
- Changelog is too large to include hear. More details can be found at
https://docs.python.org/3.10/whatsnew/changelog.html#changelog
- Installed Iso, created from build of this python update series, into a vm testbed clone.
All pages and contents worked. No issues found on any WUI page.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Peter Müller [Thu, 3 Nov 2022 15:29:32 +0000 (15:29 +0000)]
IPsec/OpenVPN: Use 4,096-bit RSA for host certificates as well
We already moved away from 2048-MODP in Core Update 170. Similarly,
German Federal Office for Information Security (BSI) recommends shifting
away from RSA keys below 3,000 bits by the end of 2022 at the latest.
The only place left in IPFire 2.x where we generate such keys is for
IPsec and OpenVPN host certificates. This patch increases their key
sizes to 4,096 bits as well - CA certificates already have this length.
Existing VPN connections cannot be migrated automatically. However, only
the respective host certificate has to be regenerated - thanks to the CA
certificates' key length being sufficient, there is no need to replace
the entire VPN CA.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 29 Oct 2022 09:04:07 +0000 (09:04 +0000)]
Core Update 172: Ship rules.pl
This file should have been shipped with Core Update 171, but that was
omitted by mistake. Core Update 172 therefore finally fixes #12934 on
existing installations.
Fixes: #12934 Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Robin Roevens [Tue, 11 Oct 2022 22:01:56 +0000 (00:01 +0200)]
services.cgi: add restart action and restrict action usage
* Add restart action to services.
* Only display available actions for a service:
Start when service is stopped or Stop and Restart when a service
is running.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Robin Roevens [Tue, 11 Oct 2022 22:01:54 +0000 (00:01 +0200)]
services.cgi: Fix status/actions on services with name != addon name
* addonctrl's new functionality to control explicit addon services was
implemented.
* Change 'Addon' column header to 'Addon Service' to be clear that
it's not addons but services listed here.
* Services not matching the name of the addon now display the addon
name between parentheses, so the user knows where the service comes
from.
* When no valid runlevel symlink is found by addonctrl for a service,
the 'enable on boot' checkbox is replaced by a small exclamation point
with alt-text "No valid runlevel symlink was found for the initscript of
this service." to inform user why a service can't be enabled.
* Added German and Dutch translation for above message.
Fixes: Bug#12935 Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Robin Roevens [Tue, 11 Oct 2022 22:01:53 +0000 (00:01 +0200)]
misc-progs: addonctrl: Add support for 'Services' metadata
* Addonctrl will now check in addon metadata for the exact initscript
names (Services). If more than one initscript is defined for an addon,
the requested action will be performed on all listed initscripts.
* Added posibility to perform action on a specific initscript of an
addon instead of on all initscripts of the addon.
* New action 'list-services' to display a list of services related to
an addon.
* New action 'boot-status' to display wether service(s) are enabled
to start on boot or not.
* More error checking and cleaner error reporting to user
* General cleanup and code restructuring to avoid code duplication
* Updated and made usage instructions more verbose.
Fixes: Bug#12935 Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://www.samba.org/samba/latest_news.html#4.17.0
This "just came my way" and I found the CVEs listed on
https://www.samba.org/samba/history/security.html which
address "All versions of Samba prior to 4.16.4" or
"All versions of Samba" rather long.
The 'glibc_headers' patch is now included.
Sad to say, due to the lack of hardware I can only include
the rootfile for x86_64.
Michael Tremer [Fri, 7 Oct 2022 14:50:17 +0000 (14:50 +0000)]
openvpnctrl: Update CRL before starting the client daemon
If the CRL is outdated for some reason (e.g. a backup restored from ISO
where we don't run the migration scripts), this will update it on
reboot/restart of the service.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 14 Oct 2022 19:09:35 +0000 (21:09 +0200)]
unbound: Update to 1.17.0
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-0
"Features
Merge #753: ACL per interface. (New interface-* configuration options).
Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option).
Bug Fixes
Fix #728: alloc_reg_obtain() core dump. Stop double alloc_reg_release
when serviced_create fails.
Fix edns subnet so that scope 0 answers only match sourcemask 0 queries
for answers from cache if from a query with sourcemask 0.
Fix unittest for edns subnet change.
Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to
unsupported IPV6_USER_MTU socket option being set.
Fix ratelimit inconsistency, for ip-ratelimits the value is the amount
allowed, like for ratelimits.
Fix #734 [FR] enable unbound-checkconf to detect more (basic) errors.
Fix to log accept error ENFILE and EMFILE errno, but slowly, once per
10 seconds. Also log accept failures when no slow down is used.
Fix to avoid process wide fcntl calls mixed with nonblocking operations
after a blocked write.
Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive
operations, so that instruction reordering does not cause mistakenly
blocking socket operations.
Fix to wait for blocked write on UDP sockets, with a timeout if it
takes too long the packet is dropped.
Fix for wait for udp send to stop when packet is successfully sent.
Fix #741: systemd socket activation fails on IPv6.
Fix to update config tests to fix checking if nonblocking sockets work
on OpenBSD.
Slow down log frequency of write wait failures.
Fix to set out of file descriptor warning to operational verbosity.
Fix to log a verbose message at operational notice level if a thread is
not responding, to stats requests. It is logged with thread
identifiers.
Remove include that was there for debug purposes.
Fix to check pthread_t size after pthread has been detected.
Convert tdir tests to use the new skip_test functionality.
Remove unused testcode/mini_tpkg.sh file.
Better output for skipped tdir tests.
Fix doxygen warning in respip.h.
Fix to remove erroneous TC flag from TCP upstream.
Fix test tdir skip report printout.
Fix windows compile, the identifier interface is defined in headers.
Fix to close errno block in comm_point_tcp_handle_read outside of ifdef.
Fix static analysis report to remove dead code from the
rpz_callback_from_iterator_module function.
Fix to clean up after the acl_interface unit test.
Merge #764: Leniency for target discovery when under load (for
NRDelegation changes).
Use DEBUG_TDIR from environment in mini_tdir.sh for debugging.
Fix string comparison in mini_tdir.sh.
Make ede.tdir test more predictable by using static data.
Fix checkconf test for dnscrypt and proxy port.
Fix dnscrypt compile for proxy protocol code changes.
Fix to stop responses with TC flag from resulting in partial responses.
It retries to fetch the data elsewhere, or fails the query and in depth
fix removes the TC flag from the cached item.
Fix proxy length debug output printout typecasts.
Fix to stop possible loops in the tcp reuse code (write_wait list and
tcp_wait list). Based on analysis and patch from Prad Seniappan and
Karthik Umashankar.
Fix PROXYv2 header read for TCP connections when no proxied addresses
are provided."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Jon Murphy [Fri, 7 Oct 2022 18:45:17 +0000 (13:45 -0500)]
manualpages: add and update help links to Wiki
- add help links for two new ipblocklist WebGUI pages
- update help links to proxy accounting
- add links to OpenVPN Net-to-Net Statistics,
MD Raid State, Update Accelerator,
OpenVPN Roadwarrior Connections Log
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 4 Oct 2022 13:32:47 +0000 (13:32 +0000)]
unbound-dhcp-leases-bridge: Fall back to the default domain
When the bridge cannot detect a domain name for any of the leases, it
uses localdomain which is not always the best choice. So instead, this
patches changes the behaviour that we read the default domain of the
firewall.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Mathew McBride [Mon, 3 Oct 2022 06:20:19 +0000 (06:20 +0000)]
initscripts: load RTC module (RX8025) for Ten64 board
For reasons I have not been able to determine, the RTC
module for the Ten64 board (rtc-rx8025) is not automatically
loaded at startup, despite every other relevant modules being
loaded.
modprobe it manually if we are on a Ten64 board.
Signed-off-by: Mathew McBride <matt@traverse.com.au> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Mathew McBride [Mon, 3 Oct 2022 06:20:18 +0000 (06:20 +0000)]
config: u-boot: bypass the u-boot script on Traverse Ten64
The Ten64 board runs a U-Boot which works best directly
booting EFI. Attempting to load your own DTB or other steps
will cause issues.
(see https://ten64doc.traverse.com.au/faq/#common-issues)
The current stable Ten64 firmware unfortunately searches for
boot.scr before bootaa64.efi. So redirect it back to the EFI path.
A future Ten64 firmware package will prefer EFI first before
any boot script avoiding this issue. I will provide a patch
reversing this when that day comes.
Signed-off-by: Mathew McBride <matt@traverse.com.au> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 4 Oct 2022 10:54:42 +0000 (12:54 +0200)]
rsync: Update to version 3.2.6 and fix Bug#12947
- Update from version 3.2.4 plus CVE-2022-29154 patch to 3.2.6
- Patch for CVE-2022-29154 applied in CU170 turned out to have a bug within it causing
rsync to fail with an error. Four additional commits were done to fix this bug and
its consequences but these were all applied in the rsync git repo after the patch had
been merged into CU170.
- Version 3.2.5 onwards contains the CVE-2022-29154 fix and associated commits.
- No update of rootfile required.
- Changelog
NEWS for rsync 3.2.6 (9 Sep 2022)
BUG FIXES:
More path-cleaning improvements in the file-list validation code to avoid
rejecting of valid args.
A file-list validation fix for a --files-from file that ends without a
line-terminating character.
Added a safety check that prevents the sender from removing destination
files when a local copy using --remove-source-files has some files that are
shared between the sending & receiving hierarchies, including the case
where the source dir & destination dir are identical.
Fixed a bug in the internal MD4 checksum code that could cause the digest to
be sporadically incorrect (the openssl version was/is fine).
A minor tweak to rrsync added "copy-devices" to the list of known args, but
left it disabled by default.
ENHANCEMENTS:
Rename --protect-args to --secluded-args to make it clearer how it differs
from the default backslash-escaped arg-protecting behavior of rsync. The
old option names are still accepted. The environment-variable override did
not change its name.
PACKAGING RELATED:
The configure option --with-protected-args was renamed to
--with-secluded-args. This option makes --secluded-args the default rsync
behavior instead of using backslash escaping for protecting args.
The mkgitver script now makes sure that a .git dir/file is in the top-level
source dir before calling git describe. It also runs a basic check on the
version value. This should avoid using an unrelated git description for
rsync's version.
DEVELOPER RELATED:
The configure script no longer sets the -pedantic-errors CFLAG (which it
used to try to do only for gcc).
The name_num_obj struct was modified to allow its dynamic name_num_item list
to be initialized in a better way.
NEWS for rsync 3.2.5 (14 Aug 2022)
SECURITY FIXES:
Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include
recursive names that should have been excluded by the sender. These extra
safety checks only require the receiver rsync to be updated. When dealing
with an untrusted sending host, it is safest to copy into a dedicated
destination directory for the remote content (i.e. don't copy into a
destination directory that contains files that aren't from the remote host
unless you trust the remote host). Fixes CVE-2022-29154.
A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
BUG FIXES:
Fixed the handling of filenames specified with backslash-quoted wildcards
when the default remote-arg-escaping is enabled.
Fixed the configure check for signed char that was causing a host that
defaults to unsigned characters to generate bogus rolling checksums. This
made rsync send mostly literal data for a copy instead of finding matching
data in the receiver's basis file (for a file that contains high-bit
characters).
Lots of manpage improvements, including an attempt to better describe how
include/exclude filters work.
If rsync is compiled with an xxhash 0.8 library and then moved to a system
with a dynamically linked xxhash 0.7 library, we now detect this and
disable the XX3 hashes (since these routines didn't stabilize until 0.8).
ENHANCEMENTS:
The --trust-sender option was added as a way to bypass the extra file-list
safety checking (should that be required).
PACKAGING RELATED:
A note to those wanting to patch older rsync versions: the changes in this
release requires the quoted argument change from 3.2.4. Then, you'll want
every single code change from 3.2.5 since there is no fluff in this release.
The build date that goes into the manpages is now based on the developer's
release date, not on the build's local-timezone interpretation of the date.
DEVELOPER RELATED:
Configure now defaults GETGROUPS_T to gid_t when cross compiling.
Configure now looks for the bsd/string.h include file in order to fix the
build on a host that has strlcpy() in the main libc but not defined in the
main string.h file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 19 Sep 2022 12:35:41 +0000 (12:35 +0000)]
linux: Enable seccomp filter on ARM
Since last time we checked, the kernel's security features on ARM have
improved notably (see CONFIG_RANDOMIZE_BASE discussion). This patch
therefore proposes to give the seccomp filter on both 32- and 64-bit ARM
another try, since it provides significant security benefit to
applications using it.
Due to operational constraints, rootfile changes have been omitted, and
will be conducted, should this patch be approved.
Note to future self: Once this patch is approved, applications using
seccomp (OpenSSH, Tor) need to be updated/shipped on ARM.
Fixes: #12366 Fixes: #12370 Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Peter Müller [Sun, 2 Oct 2022 14:47:52 +0000 (14:47 +0000)]
linux: Remove user-space probe support
From the kernels' documentation:
> Uprobes is the user-space counterpart to kprobes: they
> enable instrumentation applications (such as 'perf probe')
> to establish unintrusive probes in user-space binaries and
> libraries, by executing handler functions when the probes
> are hit by user-space applications.
>
> ( These probes come in the form of single-byte breakpoints,
> managed by the kernel and kept transparent to the probed
> application. )
To the best of the authors' understanding, no application on IPFire
needs this functionality, and given its abuse potential, we should
probably not enable it.
As expected, strace functionality is not impaired by this.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
projects / people / bonnietwin / ipfire-2.x.git / log
