The GPL is not an EULA and so there is no value in having users
accept it.
The UI is very broken and so I believe it is best to drop this entirely.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.2.1 to 3.3.0
- Update of rootfile
- Changelog
3.3
This release adds the following new features:
* Support for qlog for tracing QUIC connections has been added
* Added APIs to allow configuring the negotiated idle timeout for QUIC
connections, and to allow determining the number of additional streams
that can currently be created for a QUIC connection.
* Added APIs to allow disabling implicit QUIC event processing for QUIC SSL
objects
* Added APIs to allow querying the size and utilisation of a QUIC stream's
write buffer
* New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN)
condition in an optimised way when using QUIC.
* Limited support for polling of QUIC connection and stream objects in a
non-blocking manner.
* Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple
times with different output sizes.
* Added exporter for CMake on Unix and Windows, alongside the pkg-config
exporter.
* The BLAKE2s hash algorithm matches BLAKE2b's support for configurable
output length.
* The EVP_PKEY_fromdata function has been augmented to allow for the
derivation of CRT (Chinese Remainder Theorem) parameters when requested
* Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
using time_t which is Y2038 safe on 32 bit systems when 64 bit time
is enabled
* Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
config options and the respective calls to SSL[_CTX]_set1_sigalgs() and
SSL[_CTX]_set1_client_sigalgs() that start with `?` character are
ignored and the configuration will still be used.
* Added `-set_issuer` and `-set_subject` options to `openssl x509` to
override the Issuer and Subject when creating a certificate. The `-subj`
option now is an alias for `-set_subject`.
* Added several new features of CMPv3 defined in RFC 9480 and RFC 9483
* New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3
server to prefer session resumption using PSK-only key exchange over PSK
with DHE, if both are available.
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
is registered when libcrypto is unloaded.
* Added X509_STORE_get1_objects to avoid issues with the existing
X509_STORE_get0_objects API in multi-threaded applications.
This release incorporates the following potentially significant or incompatible
changes:
* Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
* Optimized AES-CTR for ARM Neoverse V1 and V2
* Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems
similar to M1/M2.
* Various optimizations for cryptographic routines using RISC-V vector crypto
extensions
* Added assembly implementation for md5 on loongarch64
* Accept longer context for TLS 1.2 exporters
* The activate and soft_load configuration settings for providers in
openssl.cnf have been updated to require a value of [1|yes|true|on]
(in lower or UPPER case) to enable the setting. Conversely a value
of [0|no|false|off] will disable the setting.
* In `openssl speed`, changed the default hash function used with `hmac` from
`md5` to `sha256`.
* The `-verify` option to the `openssl crl` and `openssl req` will make the
program exit with 1 on failure.
* The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and
related functions have been augmented to check for a minimum length of
the input string, in accordance with ITU-T X.690 section 11.7 and 11.8.
* OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1
if called with a NULL stack argument.
* New limit on HTTP response headers is introduced to HTTP client. The
default limit is set to 256 header lines.
This release incorporates the following bug fixes and mitigations:
* The BIO_get_new_index() function can only be called 127 times before it
reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its
exhausted.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://github.com/oetiker/rrdtool-1.x/releases/tag/v1.9.0
"RRDtool 1.9.0 — 2024-07-29
Bugfixes
Fix ytop and ybase adjustments for overlaping area issue on transparent areas @turban
Suppress warnings of implicit fall through @youpong
Update tarball download link in doc @c72578
Fix unsigned integer overflow in rrdtool first. Add test for rrd_first() @c72578
Fix tests under MSYS2 (Windows) @c72578
Fix BUILD_DATE in rrdtool help output @c72578
acinclude.m4: Include <stdlib.h> when using exit @ryandesign
rrdtool-release: Create NUMVERS from VERSION file @c72578
Avoids leaking of file descriptors in multi threaded programs by @ensc
Avoids potential unterminated string because of fixed PATH_MAX buffer
Fix extra reference of parameters of rrd_fetch_dbi_{long,double} @jamborm"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 10.2.1 to 11.0.1
- Update of rootfile
- fmt from version 11.0.0 onwards has made the format function a constant. This was done to
enforce that formatter::format is const for compatibility with std::format.
- Changelog
11.0.1
Fixed version number in the inline namespace (#4047).
Fixed disabling Unicode support via CMake (#4051).
Fixed deprecated visit_format_arg (#4043).
Fixed handling of a sign and improved the std::complex formater (#4034, #4050).
Removed a redundant check in the formatter for std::expected (#4040).
11.0.0
Added fmt/base.h which provides a subset of the API with minimal include
dependencies and enough functionality to replace all uses of the printf family
of functions. This brings the compile time of code using {fmt} much closer to
the equivalent printf code.
This gives almost 4x improvement in build speed compared to version 10. Note
that the benchmark is purely formatting code and includes. In real projects the
difference from printf will be smaller partly because common standard headers
will be included in almost any translation unit (TU) anyway. In particular, in
every case except printf above ~1s is spent in total on including <type_traits>
in all TUs.
Optimized includes in other headers such as fmt/format.h which is now roughly
equivalent to the old fmt/core.h in terms of build speed.
Migrated the documentation at https://fmt.dev/ from Sphinx to MkDocs.
Improved C++20 module support (#3990, #3991, #3993, #3994, #3997, #3998, #4004,
#4005, #4006, #4013, #4027, #4029). In particular, native CMake support for
modules is now used if available.
Added an option to replace standard includes with import std enabled via the
FMT_IMPORT_STD macro (#3921, #3928).
Exported fmt::range_format, fmt::range_format_kind and fmt::compiled_string from
the fmt module (#3970, #3999).
Improved integration with stdio in fmt::print, enabling direct writes into a C
stream buffer in common cases. This may give significant performance
improvements ranging from tens of percent to 2x and eliminates dynamic memory
allocations on the buffer level. It is currently enabled for built-in and
string types with wider availability coming up in future releases.
For example, it gives ~24% improvement on a simple benchmark compiled with
Apple clang version 15.0.0 (clang-1500.1.0.2.5) and run on macOS 14.2.1
Improved safety of fmt::format_to when writing to an array (#3805). For example
(godbolt):
auto volkswagen = char[4];
auto result = fmt::format_to(volkswagen, "elephant");
no longer results in a buffer overflow. Instead the output will be truncated
and you can get the end iterator and whether truncation occurred from the
result object.
Enabled Unicode support by default in MSVC, bringing it on par with other
compilers and making it unnecessary for users to enable it explicitly. Most of
{fmt} is encoding-agnostic but this prevents mojibake in places where encoding
matters such as path formatting and terminal output. You can control the
Unicode support via the CMake FMT_UNICODE option. Note that some {fmt} packages
such as the one in vcpkg have already been compiled with Unicode enabled.
Added a formatter for std::expected (#3834).
Added a formatter for std::complex (#1467, #3886, #3892, #3900).
Added a formatter for std::type_info (#3978).
Specialized formatter for std::basic_string types with custom traits and
allocators (#3938, #3943).
Added formatters for std::chrono::day, std::chrono::month, std::chrono::year and
std::chrono::year_month_day (#3758, #3772, #3906, #3913).
Fixed handling of precision in %S (#3794, #3814). Thanks @js324.
Added support for the - specifier (glibc strftime extension) to day of the month
(%d) and week of the year (%W, %U, %V) specifiers (#3976).
Fixed the scope of the - extension in chrono formatting so that it doesn't apply
to subsequent specifiers (#3811, #3812).
Improved handling of time_point::min() (#3282).
Added support for character range formatting (#3857, #3863).
Added string and debug_string range formatters (#3973, #4024).
Enabled ADL for begin and end in fmt::join (#3813, #3824).
Made contiguous iterator optimizations apply to std::basic_string iterators
(#3798).
Added support for ranges with mutable begin and end (#3752, #3800, #3955).
Added support for move-only iterators to fmt::join (#3802, #3946).
Moved range and iterator overloads of fmt::join to fmt/ranges.h, next to other
overloads.
Fixed handling of types with begin returning void such as Eigen matrices (#3839,
#3964).
Added an fmt::formattable concept (#3974).
Added support for __float128 (#3494).
Fixed rounding issues when formatting long double with fixed precision (#3539).
Made fmt::isnan not trigger floating-point exception for NaN values (#3948, #3951).
Removed dependency on <memory> for std::allocator_traits when possible (#3804).
Enabled compile-time checks in formatting functions that take text colors and
styles.
Deprecated wide stream overloads of fmt::print that take text styles.
Made format string compilation work with clang 12 and later despite only partial
non-type template parameter support (#4000, #4001).
Made fmt::iterator_buffer's move constructor noexcept (#3808).
Started enforcing that formatter::format is const for compatibility with
std::format (#3447).
Added fmt::basic_format_arg::visit and deprecated fmt::visit_format_arg.
Made fmt::basic_string_view not constructible from nullptr for consistency with
std::string_view in C++23 (#3846).
Fixed fmt::group_digits for negative integers (#3891, #3901).
Fixed handling of negative ids in fmt::basic_format_args::get (#3945).
Improved named argument validation (#3817).
Disabled copy construction/assignment for fmt::format_arg_store and fixed moved
construction (#3833).
Worked around a locale issue in RHEL/devtoolset (#3858, #3859).
Added RTTI detection for MSVC (#3821, #3963).
Migrated the documentation from Sphinx to MkDocs.
Improved documentation and README.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.22.4 to 0.22.5
- Update of rootfile
- Changelog
0.22.5
* The replacements for the printf()/fprintf()/... functions that are
provided through <libintl.h> on native Windows and NetBSD now enable
GCC's format string analysis (-Wformat).
* Bug fixes:
- xgettext's processing of Vala files with printf method invocations has
been corrected (regression in 0.22).
- Build fixes on macOS.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 9.0 to 9.5
- Update of the uname patch to 9.5
- Obtained the 9.5 version of the i18n patch. However this caused the coreutils build to
fail. Without the patch the build had no problems. After investigating for some time
I identified that coreutils used to have the mbchar.h and mbchar.c files in its
source tarball lib directory. However those are no longer needed by coreutils so they
have been deleted in the source tarball. However the i18n patch still requires them.
The patch creates the code for the mbchar.h and mbchar.c files. However it has made
the availability of the members buf & mb_setascii and some code related to old_mbc
dependent on GNULIB being defined. This is specified in configure.ac but that define
did not make it into the prepared configure file. This causes those members to not be
found and the build fails.
- Removing the three #if defined GNLIB_MBFILE statements from the coreutils-9.5-i18n
patch, so that the code is executed in the build, causes the members to be present
and the build is successfull.
- Update of rootfile
- Changelog
9.5
** Bug fixes
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
cp, mv, and install no longer issue spurious diagnostics like "failed
to preserve ownership" when copying to GNU/Linux CIFS file systems.
They do this by working around some Linux CIFS bugs.
cp --no-preserve=mode will correctly maintain set-group-ID bits
for created directories. Previously on systems that didn't support ACLs,
cp would have reset the set-group-ID bit on created directories.
[bug introduced in coreutils-8.20]
join and uniq now support multi-byte characters better.
For example, 'join -tX' now works even if X is a multi-byte character,
and both programs now treat multi-byte characters like U+3000
IDEOGRAPHIC SPACE as blanks if the current locale treats them so.
numfmt options like --suffix no longer have an arbitrary 127-byte limit.
[bug introduced with numfmt in coreutils-8.21]
mktemp with --suffix now better diagnoses templates with too few X's.
Previously it conflated the insignificant --suffix in the error.
[bug introduced in coreutils-8.1]
sort again handles thousands grouping characters in single-byte locales
where the grouping character is greater than CHAR_MAX. For e.g. signed
character platforms with a 0xA0 (aka  ) grouping character.
[bug introduced in coreutils-9.1]
split --line-bytes with a mixture of very long and short lines
no longer overwrites the heap (CVE-2024-0684).
[bug introduced in coreutils-9.2]
tail no longer mishandles input from files in /proc and /sys file systems,
on systems with a page size larger than the stdio BUFSIZ.
[This bug was present in "the beginning".]
timeout avoids a narrow race condition, where it might kill arbitrary
processes after a failed process fork.
[bug introduced with timeout in coreutils-7.0]
timeout avoids a narrow race condition, where it might fail to
kill monitored processes immediately after forking them.
[bug introduced with timeout in coreutils-7.0]
wc no longer fails to count unprintable characters as parts of words.
[bug introduced in textutils-2.1]
** Changes in behavior
base32 and base64 no longer require padding when decoding.
Previously an error was given for non padded encoded data.
base32 and base64 have improved detection of corrupted encodings.
Previously encodings with non zero padding bits were accepted.
basenc --base16 -d now supports lower case hexadecimal characters.
Previously an error was given for lower case hex digits.
cp --no-clobber, and mv -n no longer exit with failure status if
existing files are encountered in the destination. Instead they revert
to the behavior from before v9.2, silently skipping existing files.
ls --dired now implies long format output without hyperlinks enabled,
and will take precedence over previously specified formats or hyperlink mode.
numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input,
and uses lowercase 'k' when outputting such units in '--to=si' mode.
pinky no longer tries to canonicalize the user's login location by default,
rather requiring the new --lookup option to enable this often slow feature.
wc no longer ignores encoding errors when counting words.
Instead, it treats them as non white space.
** New features
chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files
with matching current OWNER and/or GROUP, as already supported by chown(1).
chmod adds support for -h, -H,-L,-P, and --dereference options, providing
more control over symlink handling. This supports more secure handling of
CLI arguments, and is more consistent with chown, and chmod on other systems.
cp now accepts the --keep-directory-symlink option (like tar), to preserve
and follow existing symlinks to directories in the destination.
cp and mv now accept the --update=none-fail option, which is similar
to the --no-clobber option, except that existing files are diagnosed,
and the command exits with failure status if existing files.
The -n,--no-clobber option is best avoided due to platform differences.
env now accepts the -a,--argv0 option to override the zeroth argument
of the command being executed.
mv now accepts an --exchange option, which causes the source and
destination to be exchanged. It should be combined with
--no-target-directory (-T) if the destination is a directory.
The exchange is atomic if source and destination are on a single
file system that supports atomic exchange; --exchange is not yet
supported in other situations.
od now supports printing IEEE half precision floating point with -t fH,
or brain 16 bit floating point with -t fB, where supported by the compiler.
tail now supports following multiple processes, with repeated --pid options.
** Improvements
cp,mv,install,cat,split now read and write a minimum of 256KiB at a time.
This was previously 128KiB and increasing to 256KiB was seen to increase
throughput by 10-20% when reading cached files on modern systems.
env,kill,timeout now support unnamed signals. kill(1) for example now
supports sending such signals, and env(1) will list them appropriately.
SELinux operations in file copy operations are now more efficient,
avoiding unneeded MCS/MLS label translation.
sort no longer dynamically links to libcrypto unless -R is used.
This decreases startup overhead in the typical case.
wc is now much faster in single-byte locales and somewhat faster in
multi-byte locales.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 6.4 to 6.5
- Update of rootfile
- --with-pkg-config-libdir as the previous default has been changed to $(LIBDIR) and this
does not work and resulted in procps not building as it could not find ncurses.
- Likely other packages after procps would have also failed.
- Explicitly specifying the pkgconfig directory location worked.
- Changelog
6.5
The changelog details are in the NEWS file in the source tarball. Version 6.5
is covered by lines 49 to 530
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 4.2.5 to 4.2.6
- Update of rootfile
- Changelog
4.2.6
Bug Fixes
A regression in the TCP Stream Graph "Time Sequence (tcptrace)"
receive window line behavior introduced in 4.2.5 and 4.0.15 has been
fixed. Issue 19846[3]
The following vulnerability has been fixed:
• wnpa-sec-2024-10[4] SPRT dissector crash. Issue 19559[5].
The following bugs have been fixed:
• RADIUS dissector’s dictionary loading broken in many ways. Issue
6466[6].
• 3.4 → 3.6.5 ASCII display is broken on CentOS 7. Issue 18096[7].
• Funnel/Lua: Closing child window disconnects buttons of parent.
Issue 18386[8].
• Lua detection fails with Alpine Linux: missing: LUA_LIBRARIES.
Issue 19841[9].
• vnd.3gpp.5gnas payloads of type SMS not decoded inside HTTP2 5GC.
Issue 19845[10].
• TCP Stream Graphs green sliding window line not displayed
correctly. Issue 19846[11].
• Wireshark window doesn’t fully fit on screen on small resolutions
and can’t be resized properly on Russian language. Issue
19861[12].
• Wireshark started from command line doesn’t set
gui.fileopen_remembered_dir correctly on Windows. Issue
19891[13].
• Wireshark expects wrong length for DHCP Relay Agent Information
Source Port Suboption. Issue 19909[14].
• SIP P-Access-Network-Info header not correctly decoded. Issue
19917[15].
Updated Protocol Support
DHCP, E.212, MySQL, NAS-5GS, PKT CCC, ProtoBuf, RADIUS, RLC-LTE, RTP,
SIP, SPRT, Thrift, and Wi-SUN
New and Updated Capture File Support
log3gpp
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.17.1 to 1.32.1
- Update of rootfile
- There have been 22 version updates that are now being applied. 4 of these releases had
security issues being addressed and there have been 5 CVE's and fixes
- Changelog
1.32.1
Bugfixes:
Channel lock needs to be recursive to ensure calls into c-ares functions can
be made from callbacks otherwise deadlocks will occur. This regression was
introduced in 1.32.0
1.32.0
Features:
Add support for DNS 0x20 to help prevent cache poisoning attacks, enabled by
specifying ARES_FLAG_DNS0x20. Disabled by default. PR #800
Rework query timeout logic to automatically adjust timeouts based on network
conditions. The timeout specified now is only used as a hint until there is
enough history to calculate a more valid timeout. PR #794
Changes:
DNS RR TXT strings should not be automatically concatenated as there are use
cases outside of RFC 7208. In order to maintain ABI compliance, the ability
to retrieve TXT strings concatenated is retained as well as a new API to
retrieve the individual strings. This restores behavior from c-ares 1.20.0.
PR #801
Clean up header inclusion logic to make hacking on code easier. PR #797
GCC/Clang: Enable even more strict warnings to catch more coding flaws. 253bdee
MSVC: Enable /W4 warning level. PR #792
Bugfixes:
Tests: Fix thread race condition in test cases for EventThread. PR #803
Windows: Fix building with UNICODE. PR #802
Thread Saftey: ares_timeout() was missing lock. 74a64e4
Fix building with DJGPP (32bit protected mode DOS). PR #789
1.31.0
Changes:
Enable Query Cache by default. PR #786
Bugfixes:
Enhance Windows DNS configuration change detection to also detect manual DNS
configuration changes. PR #785
Various legacy MacOS Build fixes. Issue #782
Ndots value of zero in resolv.conf was not being honored. 852a60a
Watt-32 build support had been broken for some time. PR #781
Distribute ares_dns_rec_type_tostr manpage. PR #778
1.30.0
Features:
Basic support for SIG RR record (RFC 2931 / RFC 2535) PR #773
Changes:
Validation that DNS strings can only consist of printable ascii characters
otherwise will trigger a parse failure. 75de16c and 40fb125
Windows: use GetTickCount64() for a monotonic timer that does not wrap. 1dff8f6
Bugfixes:
QueryCache: Fix issue where purging on server changes wasn’t working. a6c8fe6
Windows: Fix Y2K38 issue by creating our own ares_timeval_t datatype. PR #772
Fix packaging issue affecting MacOS due to a missing header. 55afad6
MacOS: Fix UBSAN warnings that are likely meaningless due to alignment issues
in new MacOS config reader.
Android: arm 32bit build failure due to missing symbol. d1722e6
1.29.0
Features:
When using ARES_OPT_EVENT_THREAD, automatically reload system configuration
when network conditions change. PR #759
Apple: reimplement DNS configuration reading to more accurately pull DNS
settings. PR #750
Add observability into DNS server health via a server state callback, invoked
whenever a query finishes. PR #744
Add server failover retry behavior, where failed servers are retried with
small probability after a minimum delay. PR #731
Changes:
Mark ares_channel_t * as const in more places in the public API. PR #758
Bugfixes:
Due to a logic flaw dns name compression writing was not properly implemented
which would result in the name prefix not being written for a partial match.
This could cause issues in various record types such as MX records when
using the deprecated API. Regression introduced in 1.28.0. Issue #757
Revert OpenBSD SOCK_DNS flag, it doesn’t do what the docs say it does and
causes c-ares to become non-functional. PR #754
ares_getnameinfo(): loosen validation on salen parameter. Issue #752
cmake: Android requires C99. PR #748
ares_queue_wait_empty() does not honor timeout_ms >= 0. Issue #742
1.28.1
This release contains a fix for a single significant regression introduced in
c-ares 1.28.0.
ares_search() and ares_getaddrinfo() resolution fails if no search domains
are specified. Issue #737
1.28.0
Features:
Emit warnings when deprecated c-ares functions are used. This can be disabled
by passing a compiler definition of CARES_NO_DEPRECATED. PR #732
Add function ares_search_dnsrec() to search for records using the new DNS
record data structures. PR #719
Rework internals to pass around ares_dns_record_t instead of binary data,
this introduces new public functions of ares_query_dnsrec() and
ares_send_dnsrec(). PR #730
Changes:
tests: when performing simulated queries, reduce timeouts to make tests run
faster
Replace configuration file parsers with memory-safe parser. PR #725
Remove acountry completely, the manpage might still get installed otherwise.
Issue #718
Bugfixes:
CMake: don’t overwrite global required libraries/definitions/includes which
could cause build errors for projects chain building c-ares. Issue #729
On some platforms, netinet6/in6.h is not included by netinet/in.h and needs
to be included separately. PR #728
Fix a potential memory leak in ares_init(). Issue #724
Some platforms don’t have the isascii() function. Implement as a macro. PR #721
CMake: Fix Chain building if CMAKE runtime paths not set
NDots configuration should allow a value of zero. PR #735
1.27.0
Security:
Moderate. CVE-2024-25629. Reading malformatted /etc/resolv.conf,
/etc/nsswitch.conf or the HOSTALIASES file could result in a crash.
GHSA-mg26-v6qh-x48q
Features:
New function ares_queue_active_queries() to retrieve number of in-flight
queries. PR #712
New function ares_queue_wait_empty() to wait for the number of in-flight
queries to reach zero. PR #710
New ARES_FLAG_NO_DEFLT_SVR for ares_init_options() to return a failure if no
DNS servers can be found rather than attempting to use 127.0.0.1. This also
introduces a new ares status code of ARES_ENOSERVER. PR #713
Changes:
EDNS Packet size should be 1232 as per DNS Flag Day. PR #705
Bugfixes:
Windows DNS suffix search list memory leak. PR #711
Fix warning due to ignoring return code of write(). PR #709
CMake: don’t override target output locations if not top-level. Issue #708
Fix building c-ares without thread support. PR #700
1.26.0
Features:
Event Thread support. Integrators are no longer required to monitor the file
descriptors registered by c-ares for events and call ares_process() when
enabling the event thread feature via ARES_OPT_EVENT_THREAD passed to
ares_init_options(). PR #696
Added flags to are_dns_parse() to force RAW packet parsing. PR #693
Changes:
Mark ares_fds() as deprecated. PR #691
Bugfixes:
adig: Differentiate between internal and server errors. e10b16a
Autotools allow make to override CFLAGS/CPPFLAGS/CXXFLAGS. PR #695
Autotools: fix building for 32bit windows due to stdcall symbol mangling.
PR #689
RR Name should not be sanity checked against the Question. PR #685
1.25.0
Changes:
AutoTools: rewrite build system to be lighter weight and fix issues in some
semi-modern systems. It is likely this has broken building on some less
common and legacy OSs, please report issues. PR #674
Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory safety
reasons. 88c444d
The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and IPv6
addresses by default. PR #669
OpenBSD: Add SOCK_DNS flag when creating socket. PR #659
Bugfixes:
Tests: Live reverse lookups for Google’s public DNS servers no longer return
results, replace with CloudFlare pubic DNS servers. 1231aa7
MacOS legacy SDKs require sys/socket.h before net/if.h PR #673
Connection failures should increment the server failure count first or a
retry might be enqueued to the same server. 05181a6
On systems that don’t implement the ability to enumerate network interfaces
the stubs used the wrong prototype. eebfe0c
Fix minor warnings and documentation typos. PR #666
Fix support for older GoogleTest versions. d186f11
getrandom() may require sys/random.h on some systems. Issue #665
Fix building tests with symbol hiding enabled. Issue #664
1.24.0
Features:
Add support for IPv6 link-local DNS servers. Nameserver formats can now
accept the %iface suffix, and a new ares_get_servers_csv() function was
added to return servers that can contain the link-local interface name.
Changes:
Unbundle GoogleTest for test cases. Package maintainers will now need to
require GoogleTest (GMock) as a build dependency if building tests. New
GoogleTest versions require C++14 or later.
Replace nameserver parsing code to use new memory-safe functions.
Replace the sortlist parser with new memory-safe functions.
Various warning fixes and dead code removal.
Bugfixes:
Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to compile with
thread safety support.
A non-responsive DNS server that caused timeouts wouldn’t increment the
failure count, this would lead to other servers not being tried. Regression
introduced in 1.22.0.
Some projects that depend on c-ares expect invalid parameter option values
passed into ares_init_options() to simply be ignored. This behavior has been
restored.
On linux getrandom() can fail if the kernel doesn’t support the syscall, fall
back to another random source.
ares_cancel() when performing ares_gethostbyname() or ares_getaddrinfo() with
AF_UNSPEC, if called after one address class was returned but before the
other address class, it would return ARES_SUCCESS rather than ARES_ECANCELLED.
1.23.0
Features:
Introduce optional (but on by default) thread-safety for the c-ares library.
This has no API nor ABI implications.
resolv.conf in modern systems uses attempts and timeouts options instead of
the old retrans and retry options.
Query caching support based on TTL of responses. Can be enabled via
ares_init_options() with ARES_OPT_QUERY_CACHE.
Bugfixes:
ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept the
port in host byte order, but it was reading it as network byte order.
Regression introduced in 1.20.0.
ares_init_options() for ARES_FLAG_NOSEARCH was not being honored for
ares_getaddrinfo() or ares_gethostbyname(). Regression introduced in 1.16.0.
Autotools MacOS and iOS version check was failing
Environment variables passed to c-ares are meant to be an override for system
configuration. Regression introduced in 1.22.0.
Spelling fixes as detected by codespell.
The timeout returned by ares_timeout() was truncated to milliseconds but
validated to microseconds which could cause a user to attempt to process
timeouts prior to the timeout actually expiring.
CMake was not honoring CXXFLAGS passed in via the environment which could
cause compile and link errors with distribution hardening flags during
packaging.
Fix Windows UWP and Cygwin compilation.
ares_set_servers_*() for legacy reasons needs to accept an empty server list
and zero out all servers. This results in an inoperable channel and thus is
only used in simulation testing, but we don’t want to break users.
Regression introduced in 1.21.0.
1.22.1
Bugfixes:
Fix /etc/hosts processing performance with all entries using same IPaddress.
Large hosts files using the same IP address for all entries could use
exponential time.
Fix typos in manpages
Fix OpenWatcom building
1.22.0
Features:
ares_reinit() is now implemented to re-read any system configuration and
immediately apply to an existing ares channel
The adig command line program has been rewritten and its format now more
closely matches that of BIND’s dig utility
The new DNS message parser and writer functions have now been made public
RFC9460 HTTPS and SVCB records are now supported
RFC6698 TLSA records are now supported
The server list is now internally dynamic and can be changed without
impacting existing queries
Hosts file processing is now cached until the file is detected to be changed
to speed up repetitive lookups of large hosts files
Changes:
Internally all DNS messages are now written using the new DNS writing functions
EDNS is now enabled by default
Internal cleanups in function prototypes
Bugfixes:
Randomize retry penalties to prevent thundering herd issues when dns servers
throttle requests
Fix Windows build error for missing if_indextoname()
1.21.0
Changes:
Provide better man page cross-links.
Introduce ares_status_t as an enum rather than using #define list and integer
data type for internal functions.
Introduce ares_bool_t datatype rather than using an integer with 0/1 so it is
clear based on the function prototype what it returns.
Increase compiler warning levels by default.
Use size_t and other more proper datatypes internally (rather than int).
Many developers have used different code styles over the years, standardize
on one and use clang-format to enforce the style.
CMake can now control symbol visibility
Replace multiple DNS hand-made parsers with new memory-safe DNS message parser.
Bugfixes:
Tools: STAYOPEN flag could make tools not terminate.
Socket callbacks were passed SOCK_STREAM instead of SOCK_DGRAM on udp.
1.20.1
Bugfixes:
Resolve use-after-free issue when TCP connection is terminated before a
response is returned
Reduce number of queries for a load test case to prevent overloading some
build systems
Fix fuzz test build target
1.20.0
Changes:
Update from 1989 MIT license text to modern MIT license text
Remove acountry from built tools as nerd.dk is gone
Add new ARES_OPT_UDP_MAX_QUERIES configuration option to limit the number of
queries that can be made from a single ephemeral port
Default per-query timeout has been reduced to 2s with a 3x retry count
Modernization: start implementing some common data structures that are easy
to use and hard to misuse. This will make code refactoring easier and remove
some varied implementations in use. This change also makes ares_timeout()
more efficient
Use SPDX identifiers and a REUSE CI job to verify
rand: add support for getrandom()
Bug fixes:
TCP back to back queries were broken
Ensure queries for ares_getaddrinfo() are not requeued during destruction
ares_getaddrinfo() should not retry other address classes if one address
class has already been returned
Avoid production ill-formed result when qualifying a name with the root domain
Fix missing prefix for CMake generated libcares.pc
DNS server ports will now be read from system configuration instead of
defaulting to port 53
Remove some unreachable code
Replace usages of sprintf with snprintf
Fix Watcom instructions and update Windows URLs
1.19.1
Security:
CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs
CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
compilation
Bug fixes:
Fix uninitialized memory warning in test
Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses
ares_getaddrinfo() should allow a port of 0
Fix memory leak in ares_send() on error
Fix comment style in ares_data.h
Remove unneeded ifdef for Windows
Fix typo in ares_init_options.3
Re-add support for Watcom compiler
Sync ax_pthread.m4 with upstream
Windows: Invalid stack variable used out of scope for HOSTS path
Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
1.19.0
Security:
Low. Stack overflow in ares_set_sortlist() which is used during c-ares
initialization and typically provided by an administrator and not an end user.
Changes:
Windows: Drop support for XP and derivatives which greatly cleans up
initialization code.
Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying a
custom hosts file location.
Add vcpkg installation instructions
Bug fixes:
Fix cross-compilation from Windows to Linux due to CPACK logic.
Fix memory leak in reading /etc/hosts when using localhost fallback.
Fix chain building c-ares when libresolv is already included by another project
File lookup should not immediately abort as there may be other tries due to
search criteria.
Asterisks should be allowed in host validation as CNAMEs may reference
wildcard domains
AutoTools build system referenced bad STDC_HEADERS macro
Even if one address class returns a failure for ares_getaddrinfo() we should
still return the results we have
CMake Windows: DLLs did not include resource file to include versions
CMake: Guard target creation in exported config
Fix ares_getaddrinfo() numerical address resolution with AF_UNSPEC
Apple: fix libresolv configured query times.
Fix tools and help information
Various documentation fixes and cleanups
Add include guards to ares_data.h
c-ares could try to exceed maximum number of iovec entries supported by system
CMake package config generation allow for absolute install paths
Intel compiler fixes
ares_strsplit bugs
The RFC6761 6.3 states localhost subdomains must be offline too.
1.18.1
Bug fixes:
ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 adddresses rather
than the sizeof(struct sockaddr_in6)
1.18.0
Changes:
Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
Provide ares_nameser.h as a public interface as needed by NodeJS
Update URLs from c-ares.haxx.se to c-ares.org
During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the
search process will continue to the next domain in the search.
Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo() as they
followed very similar code paths and ares_gethostbyaddr() has some more
desirable features such as priority sorting and parallel queries for
AF_UNSPEC.
ares_getaddrinfo() now contains a name element in the address info structure
as the last element. This is not an API or ABI break due to the structure
always being internally allocated and it being the last element.
ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly identical,
those now use the same helper functions for parsing rather than having
their own code.
RFC6761 Section 6.3 says “localhost” lookups need to be special cased to
return loopback addresses, and not forward queries to recursive dns servers.
On Windows this now returns all loopback addresses, on other systems it
returns 127.0.0.1 or ::1 always, and will never forward a request for
“localhost” to outside DNS servers.
Haiku: port
Bug fixes:
add build to .gitignore
z/OS minor update, add missing semicolon in ares_init.c
Fix building when latest ax_code_coverage.m4 is imported
Work around autotools ‘error: too many loops’ and other newer autotools
import related bugs.
MinGW cross builds need advapi32 link as lower case
Cygwin build fix due to containing both socket.h and winsock2.h
ares_expand_name should allow underscores (_) as SRV records legitimately
use them
Allow ‘/’ as a valid character for a returned name for CNAME in-addr.arpa
delegation
ares_getaddrinfo() was not honoring HOSTALIASES
ares_getaddrinfo() had some test cases disabled due to a bug in the test
framework itself which has now been resolved
1.17.2
Security:
NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on
systems where malloc(0) returns NULL. This would cause a crash.
When building c-ares with CMake, the RANDOM_FILE would not be set and
therefore downgrade to the less secure random number generator
If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a
crash
Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS
response
Expand number of escaped characters in DNS replies as per RFC1035 5.1 to
prevent spoofing follow-up
Perform validation on hostnames to prevent possible XSS due to applications
not performing valiation themselves
Changes:
Use non-blocking /dev/urandom for random data to prevent early startup
performance issues
z/OS port
ares_malloc(0) is now defined behavior (returns NULL) rather than
system-specific to catch edge cases
Bug fixes:
Fuzz testing files were not distributed with official archives
Building tests should not force building of static libraries except on Windows
Windows builds of the tools would fail if built as static due to a missing
CARES_STATICLIB definition
Relative headers must use double quotes to prevent pulling in a system library
Fix OpenBSD building by implementing portability updates for including
arpa/nameser.h
Fix building out-of-tree for autotools
Make install on MacOS/iOS with CMake was missing the bundle destination so
libraries weren’t actually installed
Fix retrieving DNS server configuration on MacOS and iOS if the configuration
did not include search domains
ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup()
instead of ares_strdup()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 10.43 to 10.44
- Update of rootfile
- Changelog
10.44
This is mostly a bug-fix and tidying release. There is one new function, to set
a maximum size for a compiled pattern. The maximum name length for groups is
increased to 128. Some auxiliary files for building under VMS are added.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 6.8 to 6.9.1
- Update of rootfile
- Changelog details can be see in the file named Changes in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 6.7.1 to 6.9.2
- Update of rootfile
- Update of e2fsprogs to 1.47.1 changed a variable from inode_includes to
ext2fs_inode_includes. btrfs-progs version 6.7.1 failed to build as it was still looking
for the old variable name. The fix for e2fsprogs 1.47.1 was implemented in btrfs-progs
version 6.9
- Changelog
6.9.2
subvol list: fix accidental trimming of subvolume name
check: revert checking file extent item 'ram_bytes'
libbtrfsutil:
patchlevel version update 1.3.2
fix accidentally closing fd passed to subvolume iterator
6.9.1 (Not to be used)
fix detection of intermediate super block flags (e.g. csum change and other conversions)
raid-stripe-tree support (still experimental):
moved under experimental build flags (mkfs, convert)
format change, removed encoding type; backward incompatible
receive dump: escape special chars in xattr names and values, and clone source path
tune change csum: fix reservation size when starting a transaction
other:
new and updated tests
updated CI images, new reference build targets
cleanups and refactoring
6.9
mkfs:
if --force used, don't continue if the mount status cannot be determined (e.g. due to permissions)
fix minimum size calculation on zoned devices, make it work with option -b
check:
option --clear-ino-cache removed (functionality still provided in 'rescue' command group)
detect and repair wrong file extent item ram_bytes value
qgroup clear-stale:
sync the filesystem before search to read the up to date state
handle cases where qgroup cannot be deleted due to uncleaned subvolume or when squota is enabled
qgroup show: display status of qgroup regarding the cleaning of the subvolume or if it's squota
receive: fix stream parsing on strict alignment hosts (e.g. ARM v5 or v6)
tune change-csum: fix check of dev-replace status item, continue if no dev-replace in progress
dump-tree: print contents of dev-replace status item
convert: fix extent iteration to handle prealloc/unwritten extents
libbtrfsutil:
patchlevel version update 1.3.1
fix potentially unaligned access to send stream
create library links to all version levels
libbtrfs:
patchlevel version update 0.1.3
fix potentially unaligned access to send stream
create library links to all version levels
build:
fix compatibility with e2fsprogs 1.47.1
fix header file dependency tracking
-O2 by default
other:
new and updated tests
ASAN and UBSAN test coverage in CI
documentation updates
6.8.1
mkfs: fix writing on zoned device when block-group-tree is selected
tune: fix writing on zoned device with option --convert-to-block-group-tree
check:
more progress and error messages
unify handling of unknown command line options with other commands
subvolume delete: remove options --delete-qgroup and --no-delete-qgroup (added in 6.6.3), qgroup deletion does not always work due to delayed background processing of subvolume or set value in sysfs:ggroup/drop_subtree_threshold
other:
misc refactoring
error handling fixes reported by gcc -fanalyzer
documentation updates
new and updated tests
6.8
fix --enqueue option timeout handling
subvolume: remove support for undocumented options -c and -x, functionality disabled in kernel
libbtrfsutil:
version 0.1.3, backward compabile
add aliases for all existing functions with unified naming scheme
updated header defintions for recently added kernel features
send: v3 supported in experimental mode
other:
docs: manual page references, graphs, enhancements, clarifications
error handling fixes
cleanups and refactoring
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 4.15.1 to 4.16.0
- Update rootfile
- sobump in rootfile. Ran find-dependencies but no other linked programs identified.
- nscd is disabled in glibc so it has been disabled in shadow. nscd is enabled by default.
- id and groups (deprecated in shadow) are used from coreutils in IPFire.
- Changelog
4.16.0
The shadow implementations of id(1) and groups(1) are deprecated in favor of the
GNU coreutils and binutils versions. They will be removed in 4.17.0.
Support for rlogind in the login(1) implementation has been removed. That is, the
login(1) -r flag has been removed.
The libsubid major version has been bumped, since it now requires specification of
the module's free() implementation.
4.15.2
Bugfix release.
This release includes a large amount of fixes, including memory leaks,
leaks of other resources such as file descriptors, added missing error
handling, and more.
4.15.3
Bugfix release.
This release includes changes to the build system, packaging, and tests;
most of which, were reported by Debian packagers. There's also a fix
for check_subid_range.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
