Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bacula: new package #39

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Bacula: new package #39

wants to merge 8 commits into from

Conversation

teissler
Copy link
Contributor

No description provided.

@mtremer
Copy link
Member

mtremer commented Jul 19, 2014

Is there a bug report for this somewhere?

@teissler
Copy link
Contributor Author

mtremer pushed a commit that referenced this pull request Feb 14, 2022
- Update from 2.1.1 (2016) to 2.3.0 (2021)
- Update of rootfile
- A build dependency has been added for twine. As this is to support the upload of
   packages to PyPI it will not be used for IPFire. The changelog just notes the addition
   of twine as a build dependency without any explanation. See entry in version 2.2.4
   No other change was made when this dependency was added to setup.py
  Adding twine added 9 further dependencies some of which caused further dependencies and
   so on. 19 additional new packages were reached and the system was still coming up with
   more.
  Created a patch to remove the twine build dependency from setup.py
  Subsequently found other people had done the same thing as there was no response to
   requests from other people to not have it as a build dependency for situations where
   packages were not going to be uploaded to PyPI.
- Changelog
Version 2.3.0
:Released: 2021-02-21
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Removed:
* Remove support for Python versions older than Python 3.
  Python 2 has been unsupported by the Python project since 2020.
* Remove dependency on back-ported `unittest2` and `mock`.
  Depend instead on standard library `unittest` and `unittest.mock`.
  Thanks to Michał Górny for the merge requests.
Version 2.2.4
:Released: 2019-10-27
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Run the Setuptools `egg-info` command as part of the `build`
  command.
  Closes: Pagure #31. Thanks to Stanislav Levin for the bug report and
  diagnosis.
* Create the socket and catch “non-socket” errors.
  Closes: Pagure #34. Thanks to Miro Hrončok for the bug report and
  patch.
* Only deal with a range of file descriptors if the range is not empty.
  Closes: Pagure #39. Thanks to Alex Pyrgiotis for the test scenario.
* Declare Twine as a build dependency.
* Reformat the change log entries with keepachangelog.com sub-sections.
Changed:
* Upgrade Tox dependency to version “3.7.0”.
  Thanks to Miro Hrončok for the contribution.
* Significant speed-up to discovery of file descriptors to close.
  By using a native `tuple` for the heavily-used file descriptor range
  representation, this gives approximately 5× faster calls to
  `close_all_open_files` in the typical case. This partially addresses
  Pagure #40.
  Thanks to Alex Pyrgiotis for testing various alternative proposals.
* Refactor the build system to use Makefile modules for each topic.
Version 2.2.3
:Released: 2019-01-21
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Use custom fake file type for testing `fileno` behaviour.
  This works around an incompatibility in Python 2.7 `file` type that
  caused test cases to fail.
Deprecated:
* Promote the warning for `runner` module to a `DeprecationWarning`.
  This has been an unofficial example module from the beginning, and
  it will be removed in a future version.
Version 2.2.2
:Released: 2019-01-19
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Remove from the build system specification a white space character
  not permitted in TOML format.
Added:
* Implement test suite automation in virtualenvs, using Tox.
Version 2.2.1
:Released: 2019-01-18
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Added:
* Add a :PEP:`518` conformant build system specification (the
  ``pyproject.toml`` file).
Version 2.2.0
:Released: 2018-08-15
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Correct the description of the return value for
  `daemon.is_detach_process_context_required`.
  Closes: Pagure #6.
* Set a sensible default for `Distribution.script_name`.
  This works around a bug in Setuptools which calls commands before
  the `Distribution` is initialised.
  Closes: Pagure #2.
Changed:
* The test suite now relies on the test discovery feature in
  ‘unittest’. This feature is in Python version 2.7 and later.
* Improve performance of `daemon.close_all_open_files`.
  Thanks to Darek Działak for the implementation.
  Closes: Pagure #10.
Version 2.1.2
:Released: 2016-10-26
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Added:
* Add a README document for the code base.
Changed:
* Migrate code project hosting to Pagure.
  Record the change of homepage URL in PyPI metadata.
Deprecated:
* Raise a warning that the ‘runner’ module is pending deprecation.
  This has been an unofficial example module from the beginning, and
  it will be removed in a future version.
Bugs Fixed:
* Ensure custom types are part of the Python type hierarchy.
* Avoid a circular dependency for the version string at install time.
  Thanks to Maarten van Gompel for the reproducible test case.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
mtremer pushed a commit that referenced this pull request Sep 13, 2022
- Update from version 6.4.19 to 6.4.32
- Update of rootfile not required
- Changelog - range of security and bug fixes
    fetchmail-6.4.32 (released 2022-07-30, 31696 LoC):
	# FIXES:
		* Use configure to find rst2html, some systems install it only with .py suffix,
		  others only without, and some install both.
		* Update README.maintainer
	# TRANSLATIONS: language translations were updated by these fine people:
		(in alphabetical order of language codes so as not to prefer people):
		* cs:    Petr Pisar [Czech]
		* es:    Cristian Othón Martínez Vera [Spanish]
		* ja:    Takeshi Hamasaki [Japanese]
		* pl:    Jakub Bogusz [Polish]
		* ro:    Remus-Gabriel Chelu [Romanian]
		* sq:    Besnik Bleta [Albanian]
		* sv:    Göran Uddeborg [Swedish]
    fetchmail-6.4.31 (released 2022-07-16, 31694 LoC):
	# BUG FIXES:
		* Try to fix ./configure --with-ssl=... for systems that have multiple OpenSSL
		  versions installed.  Issues reported by Dennis Putnam.
		* The netrc parser now reports its errors to syslog or logfile when appropriate,
		  previously it would always log to stderr.
		* Add error checking to .netrc parser.
	# CHANGES:
		* manpage: use .UR/.UE macros instead of .URL for URIs.
		* manpage: fix contractions. Found with FreeBSD's igor tool.
		* manpage: HTML now built with pandoc -> python-docutils
		  (manServer.pl was dropped)
    fetchmail-6.4.30 (released 2022-04-26, 31666 LoC):
	# BREAKING CHANGES:
		* Bump wolfSSL minimum required version to 5.2.0 to pull in security fix.
	# CHANGES:
		* Using OpenSSL 1.* before 1.1.1n elicits a compile-time warning.
		* Using OpenSSL 3.* before 3.0.2  elicits a compile-time warning.
		* configure.ac was tweaked in order to hopefully fix cross-compilation issues
		  report, and different patch suggested, by Fabrice Fontaine,
		  https://gitlab.com/fetchmail/fetchmail/-/merge_requests/42
	# TRANSLATIONS: language translations were updated by this fine person:
		* ro:    Remus-Gabriel Chelu [Romanian]
    fetchmail-6.4.29 (released 2022-03-20, 31661 LoC):
	# TRANSLATIONS: language translations were updated by this fine person:
		* vi:    Trần Ngọc Quân [Vietnamese]
    fetchmail-6.4.28 (released 2022-03-05, 31661 LoC):
	# DOCUMENTATION:
		* Fix a typo in the manual page, courtesy of Jeremy Petch.
	# TRANSLATIONS: language translations were updated by this fine person:
		* es:    Cristian Othón Martínez Vera [Spanish]
    fetchmail-6.4.27 (released 2022-01-26, 31661 LoC):
	# BREAKING CHANGES:
		* Bump wolfSSL minimum required version to 5.1.1 to pull in security fix.
	# TRANSLATIONS: language translations were updated by this fine person:
		* ro:    Remus-Gabriel Chelu [Romanian]
    fetchmail-6.4.26 (released 2021-12-26, 31661 LoC):
	# FIXES:
		* When using wolfSSL 5.0.0, work around a bug that appears to hit wolfSSL when
		  receiving handshake records while still in SSL_peek(). Workaround is to read
		  1 byte and cache it, then call SSL_peek() again.
		  This affects only some servers. wolfSSL/wolfssl#4593
	# TRANSLATIONS: language translations were updated by this fine person:
		* sr:    Мирослав Николић (Miroslav Nikolić) [Serbian]
    fetchmail-6.4.25 (released 2021-12-10, 31653 LoC):
	# BREAKING CHANGES:
		* Since distributions continue patching for LibreSSL use, which cannot be
		  linked legally, block out LibreSSL in configure.ac and socket.c, and
		  refer to COPYING, unless on OpenBSD (which ships it in the base system).
		  OpenSSL and wolfSSL 5 can be used.  SSL-related documentation was updated, do
		  re-read COPYING, INSTALL, README, README.packaging, README.SSL.
		* Bump OpenSSL version requirement to 1.0.2f in order to safely remove
		  the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE. This blocks out 1.0.2e and
		  older 1.0.2 versions. 1.0.2f was a security fix release, and 1.0.2u is
		  publicly available from https://www.openssl.org/source/old/1.0.2/
		* Some of the configure.ac fiddling MIGHT have broken cross-compilation
		  again. The maintainer does not test cross-compiling fetchmail; if you
		  have difficulties, try setting PKG_CONFIG_LIBDIR to the pkg-config path
		  containing your target/host libraries, or see if --with-ssl-prefix or
		  --with-wolfssl-prefix, or overriding LDFLAGS/LIBS/CPPFLAGS, can help.
		  Feedback solicited on compliant systems that are before end-of-life.
	# BUG FIXES:
		* 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag
		  contained a typo and would not kick in properly.
		* Library and/or rpath setting from configure.ac was fixed.
	# ADDITIONS:
		* Added an example systemd unit file and instructions to contrib/systemd/
		  which runs fetchmail as a daemon with 5-minute poll intervals.
		  Courteously contributed by Barak A. Pearlmutter, Debian Bug#981464.
		* fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer,
		  see INSTALL and README.SSL. This is considered experimental.
		  Feedback solicited.
	# CHANGES:
		* The getstats.py dist-tool now counts lines of .ac and .am files.
		* ./configure --with-ssl now supports pkg-config module names, too. See INSTALL.
	# TRANSLATIONS: language translations were updated by these fine people:
		(in reverse alphabetical order of language codes so as not to prefer people):
		* sv:    Göran Uddeborg [Swedish]
		* sq:    Besnik Bleta [Albanian]
		* pl:    Jakub Bogusz [Polish]
		* ja:    Takeshi Hamasaki [Japanese]
		* fr:    Frédéric Marchal [French]
		* eo:    Keith Bowes [Esperanto]
		* cs:    Petr Pisar [Czech]
    fetchmail-6.4.24 (released 2021-11-20, 30218 LoC):
	# OPENSSL AND LICENSING NOTE:
		> see fetchmail-6.4.22 below, and the file COPYING.
		  Note that distribution of packages linked with LibreSSL is not feasible
		  due to a missing GPLv2 clause 2(b) exception.
	# COMPATIBILITY:
		* Bison 3.8 dropped yytoknum altogether, breaking compilation due to a
		  warning workaround. Remove the cast of yytoknum to void.  This may cause
		  a compiler warning to reappear with older Bison versions.
		* OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3
		  certificate in its trust store because OpenSSL by default prefers the
		  untrusted certificate and fails.  Fetchmail now sets the
		  X509_V_FLAG_TRUSTED_FIRST flag (on OpenSSL 1.0.2 only).
		  This is workaround #2 from the OpenSSL Blog.  For details, see both:
		  https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
		  https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
		  NOTE: OpenSSL 1.0.2 is end of life, it is assumed that the OpenSSL library
		  is kept up to date by a distributor or via OpenSSL support contract.
		  Where this is not the case, please upgrade to a supported OpenSSL version.
	# DOCUMENTATION:
		* The manual page was revised after re-checking with mandoc -Tlint, aspell,
		  igor. Some more revisions were made for clarity.
	# TRANSLATIONS: language translations were updated by these fine people:
		* sv:    Göran Uddeborg [Swedish]
		* pl:    Jakub Bogusz [Polish]
		* fr:    Frédéric Marchal [French]
		* cs:    Petr Pisar [Czech]
		* eo:    Keith Bowes [Esperanto]
		* ja:    Takeshi Hamasaki [Japanese]
    fetchmail-6.4.23 (released 2021-10-31, 30206 LoC):
	# USABILITY:
		* For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin
		  - no matter its contents - and that set auth ssh), change the STARTTLS
		  error message to suggest sslproto '' instead.
		  This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22.
		  Fixes Redhat Bugzilla 2008160. Fixes GitLab #39.
	# TRANSLATIONS: language translations were updated by these fine people:
		* ja:    Takeshi Hamasaki [Japanese]
		* sr:	 Мирослав Николић (Miroslav Nikolić) [Serbian]
    fetchmail-6.4.22 (released 2021-09-13, 30201 LoC):
	# OPENSSL AND LICENSING NOTE:
		* fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0.
		  OpenSSL's licensing changed between these releases from dual OpenSSL/SSLeay
		  license to Apache License v2.0, which is considered incompatible with GPL v2
		  by the FSF.  For implications and details, see the file COPYING.
	# SECURITY FIXES:
		* CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections, without --ssl and
		  with nonempty --sslproto, meaning that fetchmail is to enforce TLS, and when
		  the server or an attacker sends a PREAUTH greeting, fetchmail used to continue
		  an unencrypted connection.  Now, log the error and abort the connection.
		  --Recommendation for servers that support SSL/TLS-wrapped or "implicit" mode on
		  a dedicated port (default 993): use --ssl, or the ssl user option in an rcfile.
		  --Reported by: Andrew C. Aitchison, based on the USENIX Security 21 paper "Why
		  TLS is better without STARTTLS - A Security Analysis of STARTTLS in the Email
		  Context" by Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian
		  Schinzel.  The paper did not mention fetchmail.
		* On IMAP and POP3 connections, --auth ssh no longer prevents STARTTLS
		  negotiation.
		* On IMAP connections, fetchmail does not permit overriding a server-side
		  LOGINDISABLED with --auth password any more.
		* On POP3 connections, the possibility for RPA authentication (by probing with
		  an AUTH command without arguments) no longer prevents STARTTLS negotiation.
		* For POP3 connections, only attempt RPA if the authentication type is "any".
	# BUG FIXES:
		* On IMAP connections, when AUTHENTICATE EXTERNAL fails and we have received the
		  tagged (= final) response, do not send "*".
		* On IMAP connections, AUTHENTICATE EXTERNAL without username will properly send
		  a "=" for protocol compliance.
		* On IMAP connections, AUTHENTICATE EXTERNAL will now check if the server
		  advertised SASL-IR (RFC-4959) support and otherwise refuse (fetchmail <= 6.4
		  has not supported and does not support the separate challenge/response with
		  command continuation)
		* On IMAP connections, when --auth external is requested but not advertised by
		  the server, log a proper error message.
		* Fetchmail no longer crashes when attempting a connection with --plugin "" or
		  --plugout "".
		* Fetchmail no longer leaks memory when processing the arguments of --plugin or
		  --plugout on connections.
		* On POP3 connections, the CAPAbilities parser is now caseblind.
		* Fix segfault on configurations with "defaults ... no envelope". Reported by
		  Bjørn Mork. Fixes Debian Bug#992400.  This is a regression in fetchmail 6.4.3
		  and happened when plugging memory leaks, which did not account for that the
		  envelope parameter is special when set as "no envelope". The segfault happens
		  in a constant strlen(-1), triggered by trusted local input => no vulnerability.
		* Fix program abort (SIGABRT) with "internal error" when invalid sslproto is
		  given with OpenSSL 1.1.0 API compatible SSL implementations.
	# CHANGES:
		* IMAP: When fetchmail is in not-authenticated state and the server volunteers
		  CAPABILITY information, use it and do not re-probe. (After STARTTLS, fetchmail
		  must and will re-probe explicitly.)
		* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
		  do not match, emit a warning and continue. Closes Gitlab #31.
		  (cherry-picked from 6.5 beta branch "legacy_6x")
		* fetchmail.man and README.SSL were updated in line with RFC-8314/8996/8997
		  recommendations to prefer Implicit TLS (--ssl/ssl) and TLS v1.2 or newer,
		  placing --sslproto tls1.2+ more prominently.
		  The defaults shall not change between 6.4.X releases for compatibility.
	# TRANSLATIONS: language translations were updated by these fine people:
		* sq:    Besnik Bleta [Albanian]
		* cs:    Petr Pisar [Czech]
		* eo:    Keith Bowes [Esperanto]
		* fr:    Frédéric Marchal [French]
		* pl:    Jakub Bogusz [Polish]
		* sv:    Göran Uddeborg [Swedish]
    fetchmail-6.4.21 (released 2021-08-09, 30042 LoC):
	# REGRESSION FIX:
		* The new security fix in 6.4.20 for CVE-2021-36386 caused truncation of
		  messages logged to buffered outputs, from --logfile and --syslog.
		  This also caused lines in the logfile to run into one another because
		  the fragment containing the '\n' line-end character was usually lost.
		  Reason is that on all modern systems (with <stdarg.h> header and vsnprintf()
		  interface), the length of log message fragments was added up twice, so
		  that these ended too deep into a freshly allocated buffer, after the '\0'
		  byte.  Unbuffered outputs flushed the fragments right away, which masked the
		  bug.
    fetchmail-6.4.20 (released 2021-07-28, 30042 LoC):
	# SECURITY FIX:
		* When a log message exceeds c. 2 kByte in size, for instance, with very long
		  header contents, and depending on verbosity option, fetchmail can crash or
		  misreport each first log message that requires a buffer reallocation.
		  fetchmail then reallocates memory and re-runs vsnprintf() without another
		  call to va_start(), so it reads garbage. The exact impact depends on
		  many factors around the compiler and operating system configurations used and
		  the implementation details of the stdarg.h interfaces of the two functions
		  mentioned before. To fix CVE-2021-36386.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants