mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-05-10 01:08:28 +02:00
094bbe083b20dfe8404ca3f27ae8f2b3d7821864
1410 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
094bbe083b |
pmacct: Update to version 1.7.8
- Update from version 1.7.6 to 1.7.8
- Update of rootfile not required
- patch to remove Werror no longer required as the build with this version of pmacct
had no problems with errors being flagged as warnings anymore unlike with the
previous version.
- Changelog
The keys used are:
!: fixed/modified feature, -: deleted feature, +: new feature
1.7.8 -- 31-12-2022
+ Introduced support for eBPF for all daemons: if SO_REUSEPORT is
supported by the OS and eBPF support is compiled in, this allows
to load a custom load-balancer. To load-share, daemons have to
be part of the same cluster_name and each be configured with a
distinct cluster_id.
+ Introduced support for listening on VRF interfaces on Linux for
all daemons. The feature can be enabled via nfacctd_interface,
bgp_daemon_interface and equivalent knobs. Many thanks to
Marcel Menzel ( @WRMSRwasTaken ) for this contribution.
+ pre_tag_map: introduced limited tagging / labelling support for
BGP (pmbgpd), BMP (pmbmpd), Streaming Telemetry (pmtelemetryd)
daemons. ip, set_tag, set_label keys being currently supported.
+ pre_tag_map: defined a new pre_tag_label_encode_as_map config
knob to encode the output 'label' value as a map for JSON and
Apache Avro encodings, ie. in JSON "label": { "key1": "value1",
"key2": "value2" }. For keys and values to be correctly mapped,
the '%' delimiter is used when composing a pre_tag_map, ie.
"set_label=key1%value1,key2%value2 ip=0.0.0.0/0". Thanks to
Salvatore Cuzzilla ( @scuzzilla ) for this contribution.
+ pre_tag_map: introduced support for IP prefixes for src_net
and dst_net keys for indexed maps (maps_index set to true).
Indexing being an hash map, this feature currently tests data
against all defined IP prefix lenghts in the map for a match
(first defined matching prefix wins).
+ pre_tag_map: introduced two new 'is_nsel', 'is_nel' keys to
check for the presence of firewallEvent field (233) and
natEvent field (230) in NetFlow/IPFIX respectively in order
to infer whether data is NSEL / NEL. If set to 'true' this
does match NSEL / NEL data, if set to 'false' it does match
non NSEL / NEL data respectively.
+ Introduced a new mpls_label_stack primitive, encoded as a
string and includes a comma-separated list of integers (label
values). Thanks to Salvatore Cuzzilla ( @scuzzilla ) for this
contribution.
+ Introduced a new fw_event primitive, to support NetFlow v9/
IPFIX firewallEvent 233 Information Element.
+ Introduced a new tunnel_tcp_flags primitive for pmacctd and
sfacctd to record TCP flags for the inner layer of a tunneled
technology (ie. VXLAN). Also tunnel_dst_port decoding was
fixed for sfacctd.
+ Introduced support for in/out VLAN support for sfacctd. To be
savy, 'in_vlan' and 'vlan' were muxed onto the same primitive
depending on the daemon being used. Thanks to Jim Westfall
( @jwestfall69 ) for this contribution.
+ Introduced a new mpls_label_stack_encode_as_array config knob
to encode the MPLS label stack as an array for JSON and Apache
Avro encodings, ie. in JSON "mpls_label_stack": [ "0-label0",
"1-label1", "2-label2", "3-label3", "4-label4", "5-label5" ]
and in Avro "name": "mpls_label_stack", "type": { "type":
"array", "items": { "type": "string" } }. Thanks to Salvatore
Cuzzilla ( @scuzzilla ) for this contribution.
+ Introduced a new tcpflags_encode_as_array config knob to encode
TCP flags as an array for JSON and Apache Avro, ie. in JSON
"tcp_flags": [ "URG", "ACK", "PSH", "RST", "SYN", "FIN" ] and
in Avro "name": "tcp_flags", "type": { "type": "array",
"items": { "type": "string" } }. Thanks to Salvatore Cuzzilla
( @scuzzilla ) for this contribution.
+ Introduced a new fwd_status_encode_as_string config knob to
encode the 'fwd_status' primitive in human-readable format
like described by RFC-7270 Section 4.12 when JSON or Avro
formats are selected for output. Thanks to Salvatore Cuzzilla
( @scuzzilla ) for this contribution.
+ Introduced a new protos_file to define a list of (known/
interesting/meaningful) IP protocols. Both protocol names, ie.
"tcp", and protocol numbers, ie. 1 (for icmp), are accepted.
IANA reserved protocol value 255 is used to bucket as 'others'
those IP protocols not matching the ones defined in the list.
+ Introduced a new tos_file to define a list of (meaningful) IP
ToS values; if tos_encode_as_dscp is set to true then DSCP
values are expected as part of the file. The directive uses
value 255 to bucket as 'others' those ToS/DSCP values not
matching the ones defined in the list.
+ A new tos_encode_as_dscp config knob makes pmacct to honour
only the 6 bits used by DSCP and report only on those.
+ BGP, BMP, Streaming Telemetry daemons: introduced a new
dump_time_slots config knob to spread the load deriving by
dumps over the configured refresh time interval. The interval
is divided into time slots and nodes are assigned to such
slots. The slot for each node is determined using its IP
address. Thanks to Raphael Barazzutti ( @rbarazzutti ) for
this contribution.
+ BGP, BMP daemons: End-of-RIB messages are now being exposed
in the output feed in order to facilitate tracking their
arrival (or not!).
+ pmtelemetryd: aligned daemon to the latest Unyte UDP-Notif API
(0.6.1) and related standardization draft-ietf-netconf-udp-notif
+ RPKI daemon: added case for input "asn" value being integer (ie.
"asn" : 2914) on top of the string case (ie. "asn" : "AS2914").
+ Kafka, amqp plugins: introduced a new writer_id_string config
knob to allow to customize the the "writer_id" field value. A
few variables are supported along with static text definitions.
+ Added a new aggregate_unknown_etype config knob to account also
frames with EtherTypes for which there is no decoding support
and allow to aggregate them by the available Ethernet L2 fields
(ie. 'src_mac', 'dst_mac', 'vlan', 'cos', 'etype'). Thanks to
@singularsyntax for this contribution.
+ Added a new bgp_daemon_add_path_ignore config knob to ignore
(do not advertise back) the ADD-PATH capability advertised by
remote BGP peers.
+ nfacctd, sfacctd: extended the possibility to run daemons from
a user with non root privileges to these daemons.
+ nfacctd: if Information Element 90 (MPLS VPN RD) is present in
NetFlow v9/IPFIX, make it available for BGP/BMP correlation.
+ pmacctd, sfacctd: introduced basic support for QinQ, 802.1AD.
+ [print|kafka|amqp]_preprocess: added suppport for 'maxp',
'maxb' and 'maxf' keys when preprocessing aggregates of non-
SQL plugins. Thanks to Andrew R. Lake ( @arlake228 ) for this
contribution.
+ nDPI: newer versions of the library (ie. >= 4.0) bring changes
to the API. pmacct is now aligned to compile against these. At
the same time support for nDPI 3.x was dropped.
! fix, plugin_common.[ch]: when stitching feature was enabled,
ie. nfacctd_stitching, timestamp_min was never reset. Also both
timestamp_min and timestamp_max were clamped to sec granularity.
! fix, BGP, BMP daemons: added a tmp_bgp_daemon_origin_type_int to
print out BGP "origin" field as int (legacy behaviour) instead
of string (current behaviour). In a future major release the
legacy behaviour will be dropped.
! fix, BGP, BMP daemons: MPLS labels are now encoded in both JSON
and Apache Avro as 'mpls_label' instead of 'label'. This is to
align behaviour with pre_tag_map where 'label' has a different
semantic.
! fix, BGP, BMP daemons: resolved memory leak when encoding log
messaging (logmsg) in Avro format with Schema Registry support.
! fix, BGP daemon: improved handling of ADD-PATH capability,
making it per-AF (as it is supposed to be) and not global.
! fix, BMP daemon: now checking that ADD-PATH capability is
enabled at both ends of the monitored session (check both BGP
OPEN in a Peer Up message) in order to infer that the capability
exchange was successful. Also some heuristics were added to
conciliate BGP Open vs BGP Update 4-bytes ASN reality.
! fix, nfacctd: improved parsing of NetFlow v9 Options data
particularly when multiple IEs are packed as part of a flowset.
! fix, nfacctd: corrected parsing of Information Element 351
(layer2SegmentId).
! fix, pmacctd: improved processing of pcap_interfaces_map for
cases where the same interface is present multiple times (maybe
with different directions). Also, if the map is empty then bail
out at startup.
! fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed and
'flows' primitive was enabled.
! fix, pmacctd: sampling_rate primitive value was not reported
correctly when 'sampling_rate' config directive was specified.
! fix, pmbgpd, pmpmbd, pmtelemtryd: changed SIGCHLD handler to
prevent zombification of last spawned data dump writer.
! fix, Kafka plugin: moved the schema registration from the dump
writer to the plugin process in order to register the schemas
only once at plugin startup and not on every start of a writer
process. Thanks to Uwe Storbeck ( @ustorbeck ) for this
contribution.
! fix, Kafka plugin: a check for kafka_partition was missing,
leading the plugin to always use the default partitioner
instead of sending data to the configured fixed partition.
Thanks to Martin Pels ( @rodecker ) for this contribution.
! fix, nfprobe plugin: BGP data enrichment was not working due to
a mistakenly moved pointer.
! fix, sfprobe plugin: AS-PATH was being populated even when null;
added a check to see if the destination AS is not zero in order
to put the destination AS into the AS-PATH for sFlow packets.
Thanks to Marcel Menzel ( @WRMSRwasTaken ) for this contribution.
! fix, networks_file: remove_dupes() was making partial commits
of valid rows hence creating data inconsistencies.
! fix, pre_tag_map: resolved a potential string overflow that was
being triggered in pretag_append_label() when data would be
assigned more than one single label. Also now allow ',' chars
in set_label.
! fix, maps_index: uninitialized var could cause SEGV in case no
results are found in the map index. Also introduced support for
catch-all rules, ie. "set_label=unknown".
! fix, maps_index: optimized the case of no 'ip' key specified
(for nfacctd and sfacctd): when indexing is enabled, prevent
recirculation from happening, ie. test v4 first then v6, since
the 'ip' key is not going to be part of the hash serializer.
! fix, pretag.c: allow to allocate maps greater than 2GB in size.
Also several optimizations were carried out yelding to a better
memory utilization for allocated maps along with improved times
to resolve JEQs.
! fix, pre_tag_label_filter: optimized and improved runtime
evaluation part of this feature, avoiding a costly strdup() and
returning immediately on certain basic mismatch conditions.
! fix, kafka_common.[ch]: a new p_kafka_produce_data_and_free()
is invoked to optimize memory allocations and releases.
! fix, plugin_cmn_avro.c: when a schema registry is being defined,
ie. kafka_avro_schema_registry, the logic to generate the schema
name has been changed: use topic plus record name as the schema
name, use underscore as separator within the record name, stop
adding a "-value" suffix. Thanks to Uwe Storbeck ( @ustorbeck )
for this contribution.
! fix, util.c: roundoff_time() to reason always with the locally
configured time, like for the rest of functional (as in non-data)
timestamps, ie. refresh time, deadline, etc.
! fix, log.c: when log messages are longer than message buffer,
the message gets cut off. As the trailing newline also gets cut
off the message will be concatenated with the following message
which makes the log hard to read. Thanks to Uwe Storbeck
( @ustorbeck ) for this contribution.
- Completed the retirement of legacy packet classification based
on home-grown code (Shared Objects) and the L7 layer project.
- Removed the mpls_stck_depth primitive due to the introduction
of the mpls_label_stack primitive.
1.7.7 -- 07-11-2021
+ BGP, BMP, Streaming Telemetry daemons: introduced parallelization
of dump events via a configurable amount of workers where the unit
of parallelization is the exporter (BGP, BMP, telemetry exporter),
ie. in a scenario where there are 4 workers and 4 exporters each
worker is assigned one exporter data to dump.
+ pmtelemetryd: added support for draft-ietf-netconf-udp-notif:
a UDP-based notification mechanism to collect data from networking
devices. A shim header is proposed to facilitate the data streaming
directly from the publishing process on network processor of line
cards to receivers. The objective is a lightweight approach to
enable higher frequency and less performance impact on publisher
and receiver process compared to already established notification
mechanisms. Many thanks to Alex Huang Feng ( @ahuangfeng ) and the
whole Unyte team.
+ BGP, BMP, Streaming Telemetry daemons: now correctly honouring the
supplied Kafka partition key for BGP, BMP and Telemetry msg logs
and dump events.
+ BGP, BMP daemons: a new "rd_origin" field is added to output log/
dump to specify the source of Route Distinguisher information (ie.
flow vs BGP vs BMP).
+ pre_tag_map: added ability to tag new NetFlow/IPFIX and sFlow
sample_type types: "flow-ipv4", "flow-ipv6", "flow-mpls-ipv4" and
"flow-mpls-ipv6". Also added a new "is_bi_flow" true/false key to
tag (or exclude) NSEL bidirectional flows. Added as well a new
"is_multicast" true/false config key to tag (or exclude) IPv4/IPv6
multicast destinations.
+ maps_index: enables indexing of maps to increase lookup speeds on
large maps and/or sustained lookup rates. The feature has been
remplemented using stream-lined structures from libcdada. This is
a major work that helps preventing the unpredictable behaviours
caused by the homegrown map indexing mechanism. Many thanks to
Marc Sune ( @msune ).
+ maps_index: support for indexing src_net and dst_net keywords has
been added.
+ Added <daemon_name>_ipv6_only config directives to optionally
enable the IPV6_V6ONLY socket option. Also changed the wrong
setsockopt() IPV6_BINDV6ONLY id to IPV6_V6ONLY.
+ Added log function to libserdes to debug transactions with the
Schema Registry when kafka_avro_schema_registry is set.
+ nDPI: newer versions of the library (ie. >= 3.5) bring changes
to the API. pmacct is now aligned to compile against these.
+ pmacctd: added pcap_arista_trailer_offset config directive since
Arista has changed the structure of the trailer format in recent
releases of EOS. Thanks to Jeremiah Millay ( @floatingstatic )
for his patch.
+ More improvements carried out on the Continuous Integration
(CI) side by migrating from Travis CI to GitHub Actions. Huge
thanks to Marc Sune ( @msune ) to make all of this possible.
+ More improvements also carried out in the space of the Docker
images being created: optimized image size and a better layered
pipeline. Thanks to Marc Sune ( @msune ) and Daniel Caballero
( @dcaba ) to make all of this possible.
+ libcdada shipped with pmacct was upgraded to version 0.3.5. Many
thanks Marc Sune ( @msune ) for his work with libcdada.
! build system: several improvements carried out in this area,
ie. improved MySQL checks, introduced pcap-config tool for
libpcap, compiling on BSD/old compilers, etc. Monumental thanks
to Marc Sune ( @msune ) for his continued help.
! fix, nfacctd: improved euristics to support the case of flows
with both IPv4 and IPv6 source / destination addresses (either
or populated). Also improved euristics to distinguish event data
vs traffic data in NetFlow v9/IPFIX from Cisco 9300/9500, ASA
firewalls and Cisco 4500X.
! fix, nfacctd: improved support for initiatorOctets (IE #231) and
responderOctets (IE #232). Thanks to Esben Laursen ( @hyberdk )
for reporting the issue.
! fix, nfacctd: in NF_mpls_vpn_id_handler() double ntohl() calls
were applied for the case of 'vrfid'-encoded mpls_vpn_rd field.
! fix, sfacctd: wrong ethertype set for VLAN-tagged, MPLS-labelled
IPv6 traffic. Impacting BGP resolution among others. Thanks to
Jeremiah Millay ( @floatingstatic ) for his help resolving the
problem.
! fix, BGP, BMP daemons: parsing improvements: added a check for
BGP Open message and BGP Open Options lengths. Strengthened
parsing of Peer Up, Route Monitoring and Peer Down v4 messages.
! fix, BGP, BMP daemon: when using Avro encoding and Avro Schema
Registry, attempt to reconnect if serdes schemas are voided.
Also now checking for serdes schema definitions before doing a
serdes_schema_serialize_avro() to avoid triggering a SEGV.
Finally improved serdes logging.
! fix, BGP, Streaming Telemetry daemons: in daemon logs, summary
counters for amount of tables / entries dumped were wrong.
! fix, BGP daemon: distinguish among null and zero value AIGP
and Prefix SID attributes. Same applies for Local Preference
and MED attributes.
! fix, BMP daemon: resolved a memory leak in bgp_peers_free().
Thanks to Pether Pothier ( @pothier-peter ) for his patch. Also
resolved a leak caused by an invalid BGP message contained in a
BMP Route Message v4.
! fix, BMP daemon: correctly setting peer_ip and peer_tcp_port
JSON fields for Term messages. Also the correct bmp_router
value when bmp_daemon_parse_proxy_header feature is enabled.
! fix, BMP daemon: several encoding issues when using Apache Avro
ie. u_int64_t now correctly encoded with avro_value_set_long(),
certain u_int32_t fields switched to avro_value_set_long() due
to lack of unsignedness in Avro encoding, improved various
aspectes of Avro-JSON format output, etc.
! fix, pmtelemetryd: wrong parsing of pm_tfind() output was
leading to mistaken data attribution of UDP-based peers (always
first peer to connect was being picked).
! fix, pmtelemetryd: when set, the pidfile config directive was
not being correctly honoured.
! fix, RPKI: the RTR PDU element for maxLength is uint8, therefore
it might have been possible to transmit incorrect RTR data.
Thanks to Job Snijders ( @job ) for his patch.
! fix, SQL plugins: amended the text composition of SQL queries
that are involving latitude and longitude keys.
! fix, MySQL plugin: check for 'unix:' prefix string only when a
sql_host configuration directive is specified.
! fix, nfprobe: modernized Application Information export. Until
the previous release pmacct was adhering to aging NBAR model
whereas now NBAR2 has been implemented. Thanks to Rob Cowart
( @robcowart ) for helping out resolving this issue.
! fix, tee plugin: restored usefulness of tee_source_ip which was
broken in 1.7.6. Thanks to Jeremiah Millay ( @floatingstatic )
for reporting the issue.
! fix, maps_index: indexing of mpls_pw_id was broken. Also now,
when the feature is enabled, actual data is being referenced in
the index structure instead of creating a copy of it; thanks to
Sander van Delden ( @SanderDelden ) for reporting the memory
leak that was resulting from the copy.
! fix, kafka_common.c: solved memory leak in p_kafka_set_topic()
when Kafka session was getting in down state. Many thanks to
Peter Pothier ( @pothier-peter ) for nailing the issue.
! fix, net_aggr.[ch]: when a networks_file is specified in the
config, gracefully handle max memory structure depth; added
also de-duplication of entries.
! fix, pmacct-defines.h: if PCAP_NETMASK_UNKNOWN is not defined,
ie. in libpcap < 1.1.0, let's define it.
! fix, SO_REUSEPORT feature was being restricted to Linux only in
previous releases: now it has been unlocked to all other OS that
do support the feature.
! fix, split SO_REUSEPORT and SO_REUSEADDR setsockopt() calls.
Thanks to @eduarrrd for reporting and resolving the issue.
! fix, several code warnings catched gcc9 and clang.
- Obsoleted sql_history_since_epoch, pre_tag_map_entries and
refresh_maps configuration directives.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
7ea6cba07a |
bash: Update version to 5.2 with patches 1 to 15
- Update from version 5.2 patches 1-9 to 5.2 patches 1-15 - Update of rootfile not required - Changelog bash52-015 There are several cases where bash is too aggressive when optimizing out forks in subshells. For example, `eval' and traps should never be optimized. bash52-014 Bash defers processing additional terminating signals when running the EXIT trap while exiting due to a terminating signal. This patch allows the new terminating signal to kill the shell immediately. bash52-013 Bash can leak memory when referencing a non-existent associative array element. bash52-012 When running in bash compatibility mode, nested command substitutions can leave the `extglob' option enabled. bash52-011 Using timeouts and readline editing with the `read' builtin (read -e -t) can leave the readline timeout enabled, potentially resulting in an erroneous timeout on the next call. bash52-010 Bash-5.2 checks the first 128 characters of an executable file that execve() refuses to execute to see whether it's a binary file before trying to execute it as a shell script. This defeats some previously-supported use cases like "self-executing" jar files or "self-uncompressing" scripts. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
48af3df725 |
openssh: Update to version 9.3p1
- Update from version 9.2p1 to 9.3p1
- Update of rootfile not required
- Removal of patch as this was only required for i586 builds which are no longer done in
IPFire
- Changelog
9.3p1 (2023-03-15)
This release fixes a number of security bugs.
Security
This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.
* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.
* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.
The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.
New features
* ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when
outputting SSHFP fingerprints to allow algorithm selection. bz3493
* sshd(8): add a `sshd -G` option that parses and prints the
effective configuration without attempting to load private keys
and perform other checks. This allows usage of the option before
keys have been generated and for configuration evaluation and
verification by unprivileged users.
Bugfixes
* scp(1), sftp(1): fix progressmeter corruption on wide displays;
bz3534
* ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability
of private keys as some systems are starting to disable RSA/SHA1
in libcrypto.
* sftp-server(8): fix a memory leak. GHPR363
* ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol
compatibility code and simplify what's left.
* Fix a number of low-impact Coverity static analysis findings.
These include several reported via bz2687
* ssh_config(5), sshd_config(5): mention that some options are not
first-match-wins.
* Rework logging for the regression tests. Regression tests will now
capture separate logs for each ssh and sshd invocation in a test.
* ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage
says it should; bz3532.
* ssh(1): ensure that there is a terminating newline when adding a
new entry to known_hosts; bz3529
Portability
* sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
mmap(2), madvise(2) and futex(2) flags, removing some concerning
kernel attack surface.
* sshd(8): improve Linux seccomp-bpf sandbox for older systems;
bz3537
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
Peter Müller
|
53c4a960ce |
ca-certificates: Rebase patch for removing TrustCor root CAs
This is necessary since the certdata2pem.py script does not take meta information such as "distrust after date" into account, hence Mozilla's changes to TrustCor's root CAs are not sufficient to have them removed from or distrusted on IPFire installations. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
56db79acab |
texinfo: Update to version 7.0.2
- Update from version 6.8 to 7.0.2
- Update of rootfile
- Removal of patch which was needed due to inability to build texinfo-6.8 with glibc-2.34
Problem was fixed for building with glibc-2.34 and onwards with texinfo-7.0
- Changelog
7.0.2 (22 January 2023)
This is a bug-fix release with minimal changes.
* texi2any
. do not distribute architecture-dependent files
. build fixed on OpenIndiana 11
* info
. further fix of recoding of UTF-8 files to ASCII
. fix check for presence of man pages on Solaris
* install-info
. fix build by avoiding function name clash on some platforms
. compiler warning re strncat silenced
7.0.1 (30 November 2022)
This is a bug-fix release with minimal changes.
* texi2any
. avoid crashes on empty @image argument and other potential crashes
(with "Can't use an undefined value as an ARRAY reference" message)
. avoid hang on @ref command inside section command
* info
. fix recoding of UTF-8 files to ASCII when run in C locale
* js
. index search fixed for new HTML output
. some obsolete files removed from distribution
7.0 (7 November 2022)
* texi2any
. LaTeX added as an output format, selected with --latex
. EPUB 3 added as an output format, selected with --epub3
. reform throughout the code in general
. thorough review of character encoding issues
. new customization variables involved with character encoding:
INPUT_FILE_NAME_ENCODING, OUTPUT_FILE_NAME_ENCODING,
DOC_ENCODING_FOR_INPUT_FILE_NAME, DOC_ENCODING_FOR_OUTPUT_FILE_NAME,
MESSAGE_ENCODING and COMMAND_LINE_ENCODING
. warn if full-text commands (@ref, @footnote, @anchor) appear in @w
. new variable NO_TOP_NODE_OUTPUT
. IGNORE_BEFORE_SETFILENAME variable removed. former effect
is now always on.
. HTML output:
. use manual_name_html as output directory for split HTML instead of
manual_name or manual_name.html
. default DOCTYPE declaration changed to plain HTML5 style rather than
HTML4 DTD reference
. output only the CSS rules that are needed in an output file
. remove CSS_LINES variable and add SHOW_BUILTIN_CSS_RULES
(custom CSS can still be output using EXTRA_HEAD)
. use <code> tag for the output of @t and @verb instead of <tt>
. use <abbr> for @acronym instead of <acronym>
. link to table of contents from short table of contents only if a
table of contents is actually output
. prefix classes from @example arguments with `user-'
. percent encode URL in @url/@uref, @email, @image and external
manual file
. new USE_XML_SYNTAX, HTML_ROOT_ELEMENT_ATTRIBUTES and
NO_CUSTOM_HTML_ATTRIBUTE variables can be used to output
valid XHTML
. systematic addition of classes attribute in HTML elements based on the
Texinfo @-command names. renaming of class attributes to avoid
confusion with @-commands formatting and describe the role in the
document rather than the formatting style.
. COPIABLE_ANCHORS renamed to COPIABLE_LINKS
. do not add a title by default; SHOW_TITLE or NO_TOP_NODE_OUTPUT has
to be set
. USE_TITLEPAGE_FOR_TITLE is now true by default
. L2H variable removed, replaced by HTML_MATH set to `l2h'
. rename OVERVIEW_LINK_TO_TOC to SHORT_TOC_LINK_TO_TOC
. rename BEFORE_OVERVIEW to BEFORE_SHORT_TOC_LINE
. rename AFTER_OVERVIEW to AFTER_SHORT_TOC_LINES
. remove PRE_ABOUT, AFTER_ABOUT, and add PROGRAM_NAME_IN_ABOUT
. remove KEEP_TOP_EXTERNAL_REF
. new variables IGNORE_REF_TO_TOP_NODE_UP, CONVERT_TO_LATEX_IN_MATH,
HTMLXREF_MODE and HTMLXREF_FILE
. DocBook output:
. do not output Top node or text before the first @node or sectioning
@-command. NO_TOP_NODE_OUTPUT can be set to false to output Top node
for now.
. replace @definfocenlose defined @-commands by the argument as-is
to be more consistent with printed output
. HTML/DocBook output:
. USE_NUMERIC_ENTITY changed to mean to use numeric entities instead
of named entities. former effect is now always on.
. ENABLE_ENCODING_USE_ENTITY variable removed. former effect is now
always off.
. Info output
. quote problematic node names (with :, comma...) by default
. new customization variable ASCII_PUNCTUATION to use plain ASCII
characters for quotation marks and a few other symbols
* texinfo.tex
. `@microtype on' uses microtypography in formatting for pdfTeX and LuaTeX
. do not ignore @part page immediately following Top node
. do `@set txicodevaristt' to get slanted typewriter for @var in code,
`@clear txicodevaristt' to use slanted, variable-width roman font for
@var everywhere. flag is @set by default, but we may turn this off
in the future.
. new file doc/texinfo-zh.tex for Texinfo documents in Chinese.
new support file doc/txi-zh.tex for Chinese. doc/short-sample-zh.texi is
a sample document.
* info
. better support for index entries containing parentheses
. better support for getting bold text etc. when displaying manpages
. bug fixed where the first index entry in a file could be ignored
. M-C-f closes as well as opens footnotes window
. do not crash if run in Brazilian Portuguese locale
* Language
. @deftype* commands use typewriter font in argument list
. new commands @latex, @iflatex, @ifnotlatex for new LaTeX output format
. do `@set txidefnamenospace' to omit space after a definition name
* Other
. build fixed for glibc 2.34
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
4de715dbe2 |
curl: Update to version 7.88.1
- Update from version 7.87.0 to 7.88.1
- Update of rootfile not required
- Patch removed as fix now built into source tarball
- Changelog
Fixed in 7.88.1 - February 20 2023
Bugfixes:
build-openssl.bat: keep OpenSSL 3 engine binaries
cmake: fix Windows check for CryptAcquireContext
connnect: fix timeout handling to use full duration
curl: make --silent work stand-alone
curl_setup: Suppress OpenSSL 3 deprecation warnings
CURLOPT_WS_OPTIONS.3: fix the availability version
GHA: update rustls dependency to 0.9.2
http2: buffer/pausedata and output flush fix.
http2: set drain on stream end
http: include stdint.h more readily
krb5: silence cast-align warning
lib1560: add IPv6 canonicalization tests
os400: correct Curl_os400_sendto()
remote-header-name.d: mention that filename* is not supported
runtests: fix "uninitialized value $port"
setopt: allow HTTP3 when HTTP2 is not defined
socketpair: allow EWOULDBLOCK when reading the pair check bytes
socks: allow using DoH to resolve host names
tests-httpd: add proxy tests
tests: make sure gnuserv-tls has SRP support before using it
tests: make the telnet server shut down a socket gracefully
tool_getparam: make --get a true boolean
tool_operate: allow debug builds to set buffersize
urlapi: do the port number extraction without using sscanf()
urldata: remove `now` from struct SingleRequest - not needed
Fixed in 7.88.0 - February 15 2023
Changes:
curl.h: add CURL_HTTP_VERSION_3ONLY
share: add sharing of HSTS cache among handles
src: add --http3-only
tool_operate: share HSTS between handles
urlapi: add CURLU_PUNYCODE
writeout: add %{certs} and %{num_certs}
Bugfixes:
cf-socket: fix build when not HAVE_GETPEERNAME
cf-socket: keep sockaddr local in the socket filters
cfilters:Curl_conn_get_select_socks: use the first non-connected filter
CI: add a workflow to automatically label pull requests
CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup
CI: Retry failed downloads to reduce spurious failures
CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12
cmake: bump requirement to 3.7
cmake: check for sendmsg
cmake: delete redundant macro definition `SECURITY_WIN32`
cmake: fix dev warning due to mismatched arg
cmake: fix the snprintf detection
cmake: remove deprecated symbols check
cmake: set SOVERSION also for macOS
cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
cmdline-opts/Makefile: on error, do not leave a partial
CODEOWNERS: remove the peeps mentioned as CI owners
connect: fix access of pointer before NULL check
connect: fix build when not ENABLE_IPV6
connect: fix strategy testing for attempts, timeouts and happy-eyeball
connections: introduce http/3 happy eyeballs
content_encoding: do not reset stage counter for each header
CONTRIBUTE: More formally specify the commit description
cookies: fp is always not NULL
copyright.pl: cease doing year verifications
copyright: update all copyright lines and remove year ranges
curl.1: make help, version and manual sections "custom"
curl.h: allow up to 10M buffer size
curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
curl/websockets.h: extend the websocket frame struct
curl: output warning at --verbose output for debug-enabled version
curl_free.3: fix return type of `curl_free`
curl_global_sslset.3: clarify the openssl situation
curl_log: for failf/infof and debug logging implementations
curl_setup: Disable by default recv-before-send in Windows
curl_version_info.3: fix typo
curl_ws_send.3: clarify how to send multi-frame messages
CURLOPT_HEADERDATA.3: warn DLL users must set write function
CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1
CURLOPT_WRITEFUNCTION.3: fix memory leak in example
dict: URL decode the entire path always
docs/DEPRECATE.md: deprecate gskit
docs: add link to GitHub Discussions
docs: mention indirect effects of --insecure
docs: POSTFIELDSIZE must be set to -1 with read function
doh: ifdef IPv6 code
easyoptions: fix header printing in generation script
escape: hex decode with a lookup-table
escape: use table lookup when adding %-codes to output
examples: remove the curlgtk.c example
fopen: remove unnecessary assignment
ftpserver: lower the DATA connect timeout to speed up torture tests
GHA/macos.yml: bump to gcc-12
GHA/macos: use Xcode_14.0.1 for cmake builds
GHA: add job on Slackware 15.0
GHA: bump ngtcp2 workflow dependencies
GHA: enable websockets in the torture job
GHA: move the quiche job here from zuul
GHA: use designated ngtcp2 and its dependencies versions
haxproxy: send before TLS handhshake
header.d: add a header file example
hsts.d: explain hsts more
hsts: handle adding the same host name again
HTTP/[23]: continue upload when state.drain is set
http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames
http2: fix compiler warning due to uninitialized variable
http2: minor buffer and error path fixes
http2: when using printf %.*s, the length arg must be 'int'
HTTP3: mention what needs to be in place to remove EXPERIMENTAL label
http: add additional condition for including stdint.h
http: decode transfer encoding first
http: fix "part of conditional expression is always false"
http: remove the trace message "Mark bundle... multiuse"
http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
http_proxy: do not assign data->req.p.http use local copy
INSTALL: document how to use multiple TLS backends
lib670: make test.h the first include
lib: connect/h2/h3 refactor
lib: fix typos
lib: fix typos in comments which repeat a word
libssh2: try sha2 algos for hostkey methods
libtest: add a sleep macro for Windows
Linux CI: update some dependecies to latest tag
Makefile.mk: fix wolfssl and mbedtls default paths
man pages: call the custom user pointer 'clientp' consistently
md4: fix build with GnuTLS + OpenSSL v1
misc: fix grammar and spelling
misc: fix spelling
misc: reduce struct and struct field sizes
msh3: add support for request payload
msh3: update to v0.5 Release
msh3: update to v0.6
multi: stop sending empty HTTP/3 UDP datagrams on Windows
multihandle: turn bool struct fields into bits
ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
ngtcp2: fix the build without 'sendmsg'
ngtcp2: replace removed define and stop using removed function
no-clobber.d: only use long form options in man page text
noproxy: support for space-separated names is deprecated
nss: implement data_pending method
openldap: fix missing sasl symbols at build in specific configs
openssl: adapt to boringssl's error code type
openssl: don't ignore CA paths when using Windows CA store (redux)
openssl: don't log raw record headers
openssl: make the BIO_METHOD a local variable in the connection filter
openssl: only use CA_BLOB if verifying peer
openssl: remove attached easy handles from SSL instances
openssl: store the CA after first send (ClientHello)
os400: fixes to make-lib.sh and initscript.sh
packages: remove Android, update README
release-notes.pl: check fixes/closes lines better
Revert "x509asn1: avoid freeing unallocated pointers"
runtest.pl: add expected fourth return value
runtests: tear down http2/http3 servers when https server is stopped
runtests: consider warnings fatal and error on them
runtests: fix detection of TLS backends
runtests: make 'mbedtls' a testable feature
rustls: improve error messages
scripts/delta: show percent of number of files changed since last tag
scripts: fix Appveyor job detection in cijobs.pl
scripts: set file mode +x on all perl and shell scripts
sectransp: fix for incomplete read/writes
SECURITY-PROCESS.md: document severity levels
setopt: Address undefined behaviour by checking for null
setopt: move the SHA256 opt within #ifdef libssh2
setopt: use >, not >=, when checking if uarg is larger than uint-max
smb: return error on upload without size
socketpair: allow localhost MITM sniffers
strdup: name it Curl_strdup
system.h: assume OS400 is always built with ILEC compiler
test1560: use a UTF8-using locale when run
test2304: remove stdout verification
tests-httpd: basic infra to run curl against an apache httpd
tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx
tests: add tests for HTTP/2 and HTTP/3 to verify the header API
tests: avoid use of sha1 in certificates
tls: fixes for wolfssl + openssl combo builds
tool_getparam: fix hiding of command line secrets
tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type
tool_operate: fix error codes during DOS filename sanitize
tool_operate: fix error codes on bad URL & OOM
tool_operate: fix headerfile writing
tool_operate: repair --rate
transfer: break the read loop when RECV is cleared
typecheck: accept expressions for option/info parameters
url: fix part of conditional expression is always true
urlapi: avoid Curl_dyn_addf() for hex outputs
urlapi: fix part of conditional expression is always true: qlen
urlapi: skip path checks if path is just "/"
urlapi: skip the extra dedotdot alloc if no dot in path
urldata: cease storing TLS auth type
urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
urldata: make set.http200aliases conditional on HTTP being present
urldata: move the cookefilelist to the 'set' struct
urldata: remove unused struct fields, made more conditional
vquic: stabilization and improvements
vtls: fix hostname handling in filters
vtls: manage current easy handle in nested cfilter calls
vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
winbuild: document that arm64 is supported
windows: always use curl's basename() implementation
wolfssl: remove deprecated post-quantum algorithms
workflows/linux.yml: merge 3 common packages
write-out.d: add 'since version' to %{header_json} documentation
write-out.d: clarify Windows % symbol escaping
ws: fix autoping handling
ws: fix multiframe send handling
ws: fix recv of larger frames
ws: remove bad assert
ws: unstick connect-only shutdown
ws: use %Ou for outputting curl_off_t with info()
x509asn1: fix compile errors and warnings
zuul: stop using this CI service
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
60cbad9204 |
colm: Update to version 0.14.7
- Update from version 0.13.0.6 to 0.14.7 - Update of rootfile - patch from colm commit fc61ecb required to fix bug of make looking for static and dynamic libs even if one of them was disabled - Changelog is not available in source tarball or on website etc. Changes have to be reviewed by the commits https://github.com/adrian-thurston/colm/commits/0.14.7 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
Arne Fitzenreiter
|
66a5ad1e88 |
efivar: fix build for correct cpu
the makefile add --march=native which optimize the code to the cpu of the buildhost which can result in unsupported instructions on other machines. |
||
|
Arne Fitzenreiter
|
1b6047b3ee |
riscv64: enable EFI support and tools for riscv64
grub is still buggy! grub-install fails with an error: Relocation 0x13 is not implented! Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Arne Fitzenreiter
|
8e28bbc067 |
xradio: remove driver and firmware
this module was build only for arm 32bit arch. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Michael Tremer
|
a6c331a8d6 |
glibc: Update to 2.37
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
32bbae10a0 |
gcc: Update to 12.2.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
39f94ee8eb |
Drop support for armv6l (and armv7hl)
This removes support for building IPFire for 32 bit ARM architectures. This has been decided in August 2022 with six months notice as there are not very many users and hardware is generally not available any more. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Peter Müller
|
f964e92579 |
libloc: Update to 0.9.16
https://lists.ipfire.org/pipermail/location/2022-October/000602.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
d95e4d0dd5 |
Revert "colm: Update to version 0.14.7"
This reverts commit
|
||
|
Adolf Belka
|
e44d567877 |
cairo: Update to version 1.17.6
- Update from version 1.16.0 to 1.17.6 - Update of rootfile - Next version will only build with meson and as there were some bugs with the autoconf tools build which required a hack to overcome, this version was changed to run with meson. beos and os2 backends are no longer supported and windows only builds if the platform being used for the build is windows based. Therefore those options are no longer needed. meson uses shared libraries only by default. - The cairo-1.16.0-binutils-2.34 patch is no longer needed as the changes have been included in the source tarball. - tarball had to be changed to .bz2 as xz is no longer provided. - Changelog Release 1.17.6 (2022-03-18 Emmanuele Bassi <ebassi@gnome.org>) I spy with my little eye… a Cairo snapshot! First of all, many, many thanks to everyone who contributed to Cairo during this development cycle. A special thank you goes to: - Adrian Johnson - Uli Schlachter for their tireless efforts in ensuring that the lights are still on in the Cairo project. This snapshot sees the removal of the following backends and platform support: - Qt4 - BeOS - OS/2 - DirectFB - DRM - Cogl - OpenVG Thanks to all past contributors for their work on them. If you were using any of these backends then you will need to stick to Cairo 1.16. To offset the removal of the backends above, Adrian Johnson landed the DWrite font rendering backend on Windows. There have been multiple improvements in the Quartz backend, courtesy of John Ralls. Tim-Philipp Müller has kept the Meson build in top shape. This snapshot is going to be the **last** release of Cairo with the Autotools build system. The Meson build has seen many improvements and it is considerably easier to maintain and faster to build. Release 1.17.4 (2020-11-27 Bryce Harrington <bryce@bryceharrington.org>) Thank you to the many people who have contributed the large number of bug fixes and refinements since 1.17.2. A particularly noteworthy improvement in this release is the addition of the meson build system as an alternative to autotools. Autotools is still used for producing the releases, so will be the default in the tarball and presumably will still be preferred by distro packagers of Cairo. It should be possible to build the release tarball using meson, but as this is new functionality consider it still a work in progress. The meson configuration has striven to track the autotools implementation but be aware there may still be some differences between the two. Continuous Integration configurations have been added that enable testing on a variety of platforms including Fedora, Windows MSVC, etc. This work has helped in identifying updates and fixes including adjusting to changes in API calls in dependencies like rsvg and fontconfig, and to fix platform-specific build issues. The cogl Cairo backend underwent significant development this cycle. Cogl provides GPU accelerated drawing support. The development work includes implementation of core functionality, performance optimizations, and stabilization. Subpixel positioning support allows improved glyph outlines with the Freetype font backend. For a complete log of changes, please see https://cairographics.org/releases/ChangeLog.1.17.4 [On a personal note, this will be my last release for Cairo. My Cairo time availability has been non-existent (particularly this crazy past year). The release process is well documented and hopefully will help whomever picks up the baton from here.] Release 1.17.2 (2019-01-31 Bryce Harrington <bryce@bryceharrington.org>) This snapshot provides the new support for writing floating point formats as 16 bpc PNGs, with support for RGBA128F and RGB96F formats. This new feature increases Cairo's pixman version requirement to 0.36.0. Beyond this are a range of bugfixes and some work on establishing CI for Cairo. For a complete log of changes, please see https://cairographics.org/releases/ChangeLog.1.17.2 API Changes None Dependency Changes pixman 0.36.0 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
a72263c6c5 |
lz4: Update to version 1.9.4
- Update from version 1.9.3 to 1.9.4 - Update of rootfile - Changelog v1.9.4 perf : faster decoding speed (~+20%) on aarch64 platforms perf : faster decoding speed (~+70%) for -BD4 setting in CLI api : new function `LZ4_decompress_safe_partial_usingDict()` by @yawqi api : lz4frame: ability to provide custom allocators at state creation api : can skip checksum validation for improved decoding speed api : new experimental unit `lz4file` for file i/o API, by @anjiahao1 api : new experimental function `LZ4F_uncompressedUpdate()`, by @alexmohr cli : `--list` works on `stdin` input, by @Low-power cli : `--no-crc` does not produce (compression) nor check (decompression) checksums cli : fix: `--test` and `--list` produce an error code when parsing invalid input cli : fix: support skippable frames when passed via `stdin`, reported by @davidmankin build: fix: Makefile respects CFLAGS directives passed via environment variable build: `LZ4_FREESTANDING`, new build macro for freestanding environments, by @t-mat build: `make` and `make test` are compatible with `-j` parallel run build: AS/400 compatibility, by @jonrumsey build: Solaris 10 compatibility, by @pekdon build: MSVC 2022 support, by @t-mat build: improved meson script, by @eli-schwartz doc : Updated LZ4 block format, provide an "implementation notes" section Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
31c0c32779 |
libtool: Update to version 2.4.7
- Update from version 2.4.6 (Feb 2015) to 2.4.7 (Mar 2022)
- Update of rootfile
- The shebang in the libtoolize script has changed from ! /bin/sh to ! /usr/bin/env sh
because apparently the previous version presented challenges for containerised
environments. For IPFire build it meant that using libtoolize in the build of libxcrypt
failed because it could not deal with the changed shebang.
- Patch created to change the shebang for libtoolize.in back to the version in 2.4.6 and
earlier.
- The change of libtoolize.in then caused the libtool build to try and rebuild the man
page for it but this fails as help2man is required for this. There is no option in the
configure to not build the docs so hence there is an associated patch with this one
that build help2man but the rootfile is completely commented out as it is only
required for the build
- Added --disable-static to the configure options
- Changelog
Noteworthy changes in release 2.4.7 (2022-03-16) [stable]
New features:
- Libtool script now supports (configure-time and runtime) ARFLAGS
variable, which obsoletes AR_FLAGS. This is due to naming conventions
among other *FLAGS and to be consistent with Automake's ARFLAGS.
- Gnulib testsuite is enabled and run during 'make check'.
- Support the Windows version of the Intel C Compiler (icl) in
libtool script.
- Pass '-fsanitize=*' flags for GCC and LLVM, and '-specs=*' for GCC
to linker.
- Pass '-Xassembler=*' and '-Wa,*' flag to compilers and linkers.
- The variable 'FILECMD' with default value of '/usr/bin/file' was used to
replace existing hard coded references to '/usr/bin/file'.
- Add MidnightBSD support.
Important incompatible changes:
- Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'.
- Do not pass '-pthread' to Solaris linker.
- 'libtool' and 'libtoolize' scripts now use '#! /usr/bin/env sh' shebang.
Previously '#! /bin/sh' was used, which presents challenges for
containerized environments.
Bug fixes:
- Fix significant slowdown of libtoolize for certain projects (regression
introduced in 2.4.3 release) caused by infinite m4 macro recursion.
- Mitigate the slowdown of libtool script (introduced in v2.4.3) caused by
increased number of calls to '$SED $sed_quote_subst' (bug#20006).
- Properly parse and export TLS symbols on AIX.
- Various bug fixes surrounding use of 'sed'.
- Darwin systems set proper "allow undefined" flag on OSX 11, and
PowerPC 10.5.
- Removed some deprecated tests related to 'Makefile.inc' files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
0645867f1d |
shadow: Update to version 4.13
- Update from version 4.11.1 to 4.13 - Update of rootfile not required - Changelog 4.13 * useradd.8: fix default group ID (Tim Biermann) * Revert drop of subid_init() (Serge Hallyn) * Georgian translation (NorwayFun) * useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog (David Kalnischkies) * relax username restrictions (Alexander Kanavin) * selinux: check MLS enabled before setting serange (genBTC) * copy_tree: use fchmodat instead of chmod (Samanta Navarro) * copy_tree: don't block on FIFOs (Samanta Navarro) * add shell linter (Jan Macku) * copy_tree: carefully treat permissions (Samanta Navarro) * lib/commonio: make lock failures more detailed (Luca BRUNO) * lib: use strzero and memzero where applicable (Christian Göttsche) * Update Dutch translation (Frans Spiesschaert) * Don't test for NULL before calling free (Alex Colomar) * Use libc MAX() and MIN() (Alejandro Colomar) * chage: Fix regression in print_date (Xiami) * usermod: report error if homedir does not exist (Iker Pedrosa) * libmisc: minimum id check for system accounts (Iker Pedrosa) * fix usermod -rG x y wrongly adding a group (xyz) * man: add missing space in useradd.8.xml (Iker Pedrosa) * lastlog: check for localtime() return value (Iker Pedrosa) * Raise limit for passwd and shadow entry length (Iker Pedrosa) * Remove adduser-old.c (Alejandro Colomar) * useradd: Fix buffer overflow when using a prefix (David Michael) * Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn) 4.12.3 Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users. 4.12.2 This includes the fix by Christian Göttsche for a TOCTTOU when copying directories. 4.12.1 This should fix the broken uk manpages in 4.12. 4.12 This release includes the following changes: * Add absolute path hint to --root (Celeste Liu) * Various cleanups (Christian Göttsche) * Fix Ubuntu release used in CI tests (Jeremy Whiting) * add -F options to useradd (and tests) (Masatake YAMATO) * useradd manpage updates (Masatake YAMATO and Alexander Zhang)) * Check for ownerid (not just username) in subid ranges (Iker Pedrosa) * Declare file local functions static (Christian Göttsche) * Use strict prototypes (Christian Göttsche) * Do not drop const qualifier for Basename (Christian Göttsche) * Constify various pointers (Christian Göttsche) * Don't return uninitialized memory (Christian Göttsche) * Don't let compiler optimize away memory cleaning (Christian Göttsche) * Remove many obsolete compatibility checks and defines (Alejandro Colomar) * Modify ID range check in useradd (Iker Pedrosa) * Use "extern "C"" to make libsubid easier to use from C++ (Alois Wohlschlager) * French translation updates (bubu) * Fix s/with-pam/with-libpam/ (serge) * Spanish translation updates (Fernando) * French translation fixes (Balint Reczey) * Default max group name length to 32 (Jami Kettunen) * Fix PAM service files without-selinux (Ali Riza KESKIN) * Improve manpages (Markus Hiereth) - groupadd, useradd, usermod - groups and id - pwck * Add fedora to CI builds (Iker Pedrosa) * Fix condition under which pw_dir check happens (Ed Neville) * logoutd: switch to strncat (Steve Grubb) * AUTHORS: improve markdown output (Iker Pedrosa) * Handle ERANGE errors correctly (Niko) * Check for fopen NULL return (juyin) * Split get_salt() into its own fn juyin) * Get salt before chroot to ensure /dev/urandom. (juyin) * Chpasswd code cleanup (juyin) * Work around git safe.directory enforcement (serge) * Alphabetize order in usermod help (Matheus Marques) * Erase password copy on error branches (Christian Göttsche) * Suggest using --badname if needed (Iker Pedrosa) * Update translation files (Iker Pedrosa) * Correct badnames option to badname (Iker Pedrosa) * configure: replace obsolete autoconf macros (Christian Göttsche) * tests: replace egrep with grep -E (Sam James) * Update Ukrainian translations (Yuri Chornoivan) * Cleanups (Iker Pedrosa) - Remove redeclared variable - Remove commented out code and FIXMEs - Add header guards - Initialize local variables * CI updates (Iker Pedrosa) - Create github workflow to install dependencies - Enable CodeQL - Update actions version * libmisc: use /dev/urandom as fallback if other methods fail (Xi Ruoyao) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
59408f2cbf |
colm: Update to version 0.14.7
- Update from version 0.13.0.6 to 0.14.7 - Update of rootfile - patch from colm commit fc61ecb required to fix bug of make looking for static and dynamic libs even if one of them was disabled - Changelog is not available in source tarball or on website etc. Changes have to be reviewed by the commits https://github.com/adrian-thurston/colm/commits/0.14.7 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
0d82593f67 |
hdparm: Update to version 9.65
- Update from version 9.64 to 9.65
- Update of rootfile not required
- fix glibc headers patch updated for hdparm-9.65
- Changelog
hdparm-9.65:
- Another --Istdin fix: cannot read log pages when no device specified
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Peter Müller
|
177db98c21 | Merge remote-tracking branch 'arne_f/kernel-6.1' into next | ||
|
Adolf Belka
|
3d0cdaea87 |
mpfr: Update to version 4.2.0
- Update from version 4.1.1 to 4.2.0
- Update of rootfile
- Changelog
Changes from versions 4.1.1 to version 4.2.0
Binary compatible with MPFR 4.0.* and 4.1.*, though some minor changes in
the behavior of the formatted output functions may be visible, regarded as
underspecified behavior or bug fixes (see below).
New functions mpfr_cosu, mpfr_sinu, mpfr_tanu, mpfr_acosu, mpfr_asinu,
mpfr_atanu and mpfr_atan2u.
New functions mpfr_cospi, mpfr_sinpi, mpfr_tanpi, mpfr_acospi, mpfr_asinpi,
mpfr_atanpi and mpfr_atan2pi.
New functions mpfr_log2p1, mpfr_log10p1, mpfr_exp2m1, mpfr_exp10m1 and
mpfr_compound_si.
New functions mpfr_fmod_ui, mpfr_powr, mpfr_pown, mpfr_pow_uj, mpfr_pow_sj
and mpfr_rootn_si (mpfr_pown is actually a macro defined as an alias for
mpfr_pow_sj).
Bug fixes.
In particular, for the formatted output functions (mpfr_printf, etc.),
the case where the precision consists only of a period has been fixed
to be like .0 as specified in the ISO C standard, and the manual has
been corrected and clarified.
The macros of the custom interface have also been fixed: they now behave
like functions (except a minor limitation for mpfr_custom_init_set).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Arne Fitzenreiter
|
6535255270 |
kernel: update to 6.1.3
the kernel-6.1.x series should be the next lts series... |
||
|
Arne Fitzenreiter
|
be88f0696e |
rtl8822bu: update to 20210702-2590672d717e2516dd2e96ed66f1037a6815bced
this is needed for kernel-6.1.x |
||
|
Arne Fitzenreiter
|
f5be1e572f |
rtl8189fs: update to 476020109b3841421af289a7b78c7a25b0c45fac
this is needed for kernel 6.1.x |
||
|
Arne Fitzenreiter
|
5cf1e265a9 |
rtl8189es: update to e58bd86c9d9408c648b1246a0dd76b16856ec172
this is needed for kernel 6.1.x |
||
|
Arne Fitzenreiter
|
0c3838cb40 | postfix: patch for build with kernel 6.x | ||
|
Adolf Belka
|
43692f1f2e |
iperf3: Update to version 3.12
- Update from version 3.10.1 to 3.12
- Update of rootfile not required
- patch to remove pg flag no longer needed. Source code no longer has pg flag set
in CFLAGS
- Changelog
iperf-3.12 2022-09-30
* Notable user-visible changes
* cJSON has been updated to version 1.7.15 (#1383).
* The --bind <host>%<dev> option syntax now works properly (#1360 /
#1371).
* A server-side file descriptor leak with the --logfile option has
been fixed (#1369 / #1360 / #1369 / #1389 / #1393).
* A bug that caused some large values from TCP_INFO to be misprinted
as negative numbers has been fixed (#1372).
* Using the -k or -n flags with --reverse no longer leak into future
tests (#1363 / #1364).
* There are now various debug level options available with the
--debug option. These can be used to adjust the amount of
debugging output (#1327).
* A new --snd-timeout option has been added to set a termination
timeout for idle TCP connections (#1215 / #1282).
* iperf3 is slightly more robust to out-of-order packets during UDP
connection setup in --reverse mode (#914 / #1123 / #1182 / #1212 /
#1260).
* iperf3 will now use different ports for each direction when the
--cport and --bdir options are set (#1249 / #1259).
* The iperf3 server will now exit if it can't open its log file
(#1225 / #1251).
* Various help message and output fixes have been made (#1299 /
#1330 / #1345 / #1350).
* Various compiler warnings have been fixed (#1211 / #1316).
* Developer-visible changes
* Operation of bootstrap.sh has been fixed and simplified (#1335 /
#1325).
* Flow label support / compatibility under Linux has been improved
(#1310).
* Various minor memory leaks have been fixed (#1332 / #1333).
* A getter/setter has been added for the bind_port parameter
(--cport option). (#1303, #1305)
* Various internal documentation improvements (#1265 / #1285 / #1304).
iperf-3.11 2022-01-31
* Notable user-visible changes
* Update links to Discussions in documentation
* Fix DSCP so that TOS = DSCP * 4 (#1162)
* Fix --bind-dev for TCP streams (#1153)
* Fix interface specification so doesn't overlap with IPv6 link-local
addresses for -c and -B (#1157, #1180)
* Add get/set test_unit_format function declaration to iperf_api.h
* Auto adjustment of test-end condition for file transfers (-F), if no end
condition is set, it will automatically adjust it to file size in bytes
* Exit if idle time expires waiting for a connection in one-off mode (#1187,
#1197)
* Support zerocopy by reverse mode (#1204)
* Update help and manpage text for #1157, support bind device
* Consistently print target_bandwidth in JSON start section (#1177)
* Test bitrate added to JSON output (#1168)
* Remove fsync call after every write to receiving --file (#1176, #1159)
* Update documentation for -w (#1175)
* Fix for #952, different JSON object names for bidir reverse channel
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
63b3a6edb3 |
linux: Update to 5.15.85
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
f5a57a8d6a |
curl: Update to version 7.87.0
- Update from version 7.86.0 to 7.87.0
- Update of rootfile
- version 7.87.0 changed hoiw it deals with deprecated typecheck expressions. This caused
zabbix_agentd build to fail. Curl developers created a commit to fix this in next
version release. Added as patch here. Should be able to be removed with next curl
update.
- Changelog
curl and libcurl 7.87.0
This release includes the following changes:
o curl: add --url-query [52]
o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75]
o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47]
o openssl: reduce CA certificate bundle reparsing by caching [11]
o version: add a feature names array to curl_version_info_data [67]
This release includes the following bugfixes:
o altsvc: fix rejection of negative port numbers [144]
o aws_sigv4: consult x-%s-content-sha256 for payload hash [102]
o aws_sigv4: fix typos in aws_sigv4.c [101]
o base64: better alloc size [124]
o base64: encode without using snprintf [123]
o base64: faster base64 decoding [120]
o build: assume assert.h is always available [111]
o build: assume errno.h is always available [110]
o c-hyper: CONNECT respones are not server responses [137]
o c-hyper: fix multi-request mechanism [115]
o CI: Change FreeBSD image from 12.3 to 12.4 [108]
o CI: LGTM.com will be shut down in December 2022 [112]
o ci: Remove zuul fuzzing job as it's superseded by CIFuzz
o cmake: check for cross-compile, not for toolchain [54]
o CMake: fix build with `CURL_USE_GSSAPI` [78]
o cmake: really enable warnings with clang [25]
o cmake: set the soname on the shared library [140]
o cmdline-opts/gen.pl: fix the linkifier [64]
o cmdline-opts/page-footer: remove long option nroff formatting
o config-mac: define HAVE_SYS_IOCTL_H [107]
o config-mac: fix typo: size_T -> size_t [125]
o config-mac: remove HAVE_SYS_SELECT_H [116]
o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41]
o configure: require fork for NTLM-WB [36]
o contributors.sh: actually use $CURLWWW instead of just setting it [129]
o cookie: compare cookie prefixes case insensitively [14]
o cookie: expire cookies at once when max-age is negative [45]
o cookie: open cookie jar as a binary file [89]
o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90]
o curl-rustls.m4: on macOS, rustls also needs the Security framework [44]
o curl.h: include <sys/select.h> on SerenityOS [104]
o curl.h: name all public function parameters [118]
o curl.h: reword comment to not use deprecated option [132]
o curl: override the numeric locale and set "C" by force [60]
o curl: timeout in the read callback [15]
o curl_endian: remove Curl_write64_le from header [81]
o curl_get_line: allow last line without newline char [88]
o curl_path: do not add '/' if homedir ends with one [4]
o curl_url_get.3: remove spurious backtick [127]
o curl_url_set.3: document CURLU_DISALLOW_USER [139]
o curl_url_set.3: fix typo [148]
o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1]
o CURLOPT_COOKIEFILE.3: advice => advise [131]
o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31]
o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130]
o CURLOPT_POST.3: Explain setting to 0 changes request type [61]
o docs/curl_ws_send: Fixed typo in websocket docs [114]
o docs/EARLY-RELEASE.md: how to determine an early release [37]
o docs/examples: spell correction ('Retrieve') [119]
o docs/INSTALL.md: expand on static builds [62]
o docs/WEBSOCKET.md: explain the URL use [71]
o docs: add missing parameters for --retry flag [2]
o docs: add more "SEE ALSO" links to CA related pages [82]
o docs: explain the noproxy CIDR notation support [17]
o docs: extend the dump-header documentation [150]
o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13]
o examples/10-at-a-time: fix possible skipped final transfers [85]
o examples: update descriptions [83]
o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96]
o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10]
o GHA: clarify workflows permissions, set least possible privilege [79]
o GHA: NSS use clang instead of clang-9 [103]
o gnutls: use common gnutls init and verify code for ngtcp2 [98]
o headers: add endif comments [51]
o HTTP-COOKIES.md: mention that http://localhost is a secure context [76]
o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70]
o http: do not send PROXY more than once [46]
o http: fix the ::1 comparison for IPv6 localhost for cookies [155]
o http: set 'this_is_a_follow' in the Location: logic [40]
o http: use the IDN decoded name in HSTS checks [154]
o hyper: classify headers as CONNECT and 1XX [56]
o hyper: fix handling of hyper_task's when reusing the same address [33]
o idn: remove Curl_win32_ascii_to_idn [153]
o INSTALL: update operating systems and CPU archs [91]
o KNOWN_BUGS: remove eight entries [50]
o lib1560: add some basic IDN host name tests [151]
o lib: connection filters (cfilter) addition to curl: [43]
o lib: feature deprecation warnings in gcc >= 4.3 [58]
o lib: fix some type mismatches and remove unneeded typecasts [12]
o lib: parse numbers with fixed known base 10 [77]
o lib: remove bad set.opt_no_body assignments [42]
o lib: rewind BEFORE request instead of AFTER previous [65]
o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6]
o lib: use size_t or int etc instead of longs [145]
o libcurl-errors.3: remove duplicate word [3]
o libssh2: return error when ssh_hostkeyfunc returns error [121]
o limit-rate.d: see also --rate
o log2changes.pl: wrap long lines at 80 columns [59]
o Makefile.mk: address minor issues [87]
o Makefile.mk: improve a GNU Make hack [122]
o Makefile.mk: portable Makefile.m32 [86]
o maketgz: set the right version in lib/libcurl.plist [53]
o mime: relax easy/mime structures binding [94]
o misc: Fix incorrect spelling [113]
o misc: remove duplicated include files [28]
o misc: typo and grammar fixes [23]
o negtelnetserver.py: have it call its close() method [68]
o netrc.d: provide mutext info [63]
o netware: remove leftover traces [80]
o noproxy: also match with adjacent comma [19]
o noproxy: guard against empty hostnames in noproxy check [136]
o noproxy: tailmatch like in 7.85.0 and earlier [35]
o nroff-scan.pl: detect double highlights
o ntlm: improve comment for encrypt_des [55]
o ntlm: silence ubsan warning about copying from null target_info pointer [69]
o openssl/mbedtls: use %d for outputing port with failf (int) [72]
o openssl: prefix errors with '[lib]/[version]: ' [105]
o os400: use platform socklen_t in Curl_getnameinfo_a [18]
o page-header: grammar improvement (display transfer rate) [126]
o proxy: refactor haproxy protocol handling as connection filter [57]
o README.md: remove badges and xmas-tree garnish [9]
o rtsp: fix RTSP auth [49]
o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100]
o runtests: do CRLF replacements per section only [97]
o scripts/checksrc.pl: detect duplicated include files [29]
o sendf: change Curl_read_plain to wrap Curl_recv_plain [48]
o sendf: remove unnecessary if condition [26]
o setup: do not require __MRC__ defined for Mac OS 9 builds [117]
o smb/telnet: do not free the protocol struct in *_done() [152]
o socks: fix username max size is 255 (0xFF) [146]
o spellcheck.words: remove 'github' as an accepted word [22]
o ssl-reqd.d: clarify that this is for upgrading connections only [138]
o strcase: use curl_str(n)equal for case insensitive matches [8]
o styled-output.d: this option does not work on Windows [93]
o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133]
o system.h: support 64-bit curl_off_t for NonStop 32-bit [21]
o test1421: fix typo [109]
o test3026: reduce runtime in legacy mingw builds [73]
o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
o tests: add authorityInfoAccess to generated certs [99]
o tests: add HTTP/3 test case, custom location for proper nghttpx [106]
o tls: backends use connection filters for IO, enabling HTTPS-proxy [92]
o tool: determine the correct fopen option for -D [95]
o tool_cfgable: free the ssl_ec_curves on exit [142]
o tool_cfgable: make socks5_gssapi_nec a boolean [128]
o tool_formparse: avoid clobbering on function params [135]
o tool_getparam: make --no-get work as the opposite of --get [39]
o tool_operate: provide better errmsg for -G with bad URL [16]
o tool_operate: when aborting, make sure there is a non-NULL error buffer [20]
o tool_paramhlp: free the proto strings on exit [141]
o url: move back the IDN conversion of proxy names [74]
o urlapi: reject more bad letters from the host name: &+() [143]
o urldata: change port num storage to int and unsigned short [66]
o vms: remove SIZEOF_SHORT [134]
o vtls: fix build without proxy support [38]
o vtls: localization of state data in filters [84]
o WEBSOCKET.md: fix broken link [30]
o Websocket: fixes for partial frames and buffer updates [7]
o websockets: fix handling of partial frames [32]
o windows: fail early with a missing windres in autotools [5]
o windows: fix linking .rc to shared curl with autotools [24]
o winidn: drop WANT_IDN_PROTOTYPES [27]
o ws: if no connection is around, return error [149]
o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34]
o x509asn1: avoid freeing unallocated pointers [147]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
2d8367ddb6 |
libcdada: Update to version 0.4.0
- Update from version 0.3.5 to 0.4.0
- Update of rootfile not required
- Update of patch in line with libcdada version
- Changelog
v0.4.0 (12th March 2022)
Add `cdada_map_insert_replace()`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
bdfe675987 |
libarchive: Update to version 3.6.2
- Update from version 3.6.1 to 3.6.2
- Update of rootfile
- patch to fix glibc 2.36 headers is now part of the source code
- Changelog
Libarchive 3.6.2 is a bugfix and security release.
Important bug fixes:
include ZSTD in Windows builds (#1688)
SSL fixes on Windows (#1714, #1723, #1724)
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
5e1db85c4f |
mpfr: Update to version 4.1.1 with patch 1
- Update from version 4.1.0 with patch set 1 to 13 to 4.1.1 with aptch set 1 to 1
- Update of rootfile
- Changelog
Changes from version 4.1.0 to version 4.1.1:
- Bug fixes (see <https://www.mpfr.org/mpfr-4.1.0/#fixed> and/or the
ChangeLog file), in particular for macros implementing functions.
- Improved manual formatting.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
8d1f604b4a |
ca-certificates: Remove TrustCor Systems root CAs
On November 30, 2022, Mozilla decided to take the following actions as a response to the concerns raised about the merits of this root CA operator (excerpt taken from https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ): > 1. Set "Distrust for TLS After Date" and "Distrust for S/MIME > After Date" to November 30, 2022, for the 3 TrustCor root > certificates (TrustCor RootCert CA-1, TrustCor ECA-1, > TrustCor RootCert CA-2) that are currently included in > Mozilla's root store. > > 2. Remove those root certificates from Mozilla's root store > after the existing end-entity TLS certificates have expired. As far as the latter is concerned, the offending certificates have these expiry dates set: - TrustCor RootCert CA-1: Mon, 31 Dec 2029 17:23:16 GMT - TrustCor RootCert CA-2: Sun, 31 Dec 2034 17:26:39 GMT - TrustCor ECA-1: Mon, 31 Dec 2029 17:28:07 GMT The way IPFire 2 currently processes Mozilla's trust store does not feature a way of incorporate a "Distrust for XYZ After Date" attribute. This means that despite TrustCor Systems root CAs are no longer trusted by browsers using Mozilla's trust store, IPFire would still accept certificates directly or indirectly issued by this CA until December 2029 or December 2034. To protect IPFire users, this patch therefore suggests to patch our copy of Mozilla's trust store in order to remove TrustCor Systems' root CAs: The vast majority of HTTPS connections established from an IPFire machine take place in a non-interactive context, so there is no security benefit from a "Distrust After Date" information. Instead, if we do not want IPFire installations to trust this CA, we have no other option other than remove it unilaterally from our copy of Mozilla's trust store. See also: https://lists.ipfire.org/pipermail/development/2022-November/014681.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
bcef2fe0f6 |
elinks: Update to version 0.15.1
- Update from version 0.12pre6 (2012) to 0.15.1 (July 2022)
- Update of rootfile
- Original elinks was last updated in 2012. In Jan 2020 a fork was made of the package
and has been maintained since then on an ongoing basis. This new fork is used by Arch
Linux
- elinks has not been an addon since CU141 but the lfs file was still in the addon format
This has been adjusted to make it in line with a core program
- The previous patches related to ssl have been removed as the fixes are now part of the
source tarball.
- Changelog
ELinks 0.15.1 Released on 2022-07-31
* about:config
* option --always-load-config #137
* compilation fixes on Windows #140
* added ui.background_char #142
* sample build scripts and docker files
* experimental DGI support
* DOS port based on links code
* configurable Accept-Header #143
* minor compilation fixes
ELinks 0.15.0 Released on 2021-12-24
* Serbian translation update
ELinks 0.15.0rc2 Released on 2021-12-19
* Serbian translation update
* HOME_ETC
ELinks 0.15.0rc1 Released on 2021-12-04
* removed -Wno-pointer-sign from CFLAGS
* close stdin before calling a background program (sgerwk)
and options related to it #108, #109, #110, #113
* gemini protocol and text/gemini mime type
* changed rendering of blockquote element
* avoid tmpfile in lua (sgerwk) #115, #118
* console.log in js (mtatton) #93
* localstorage (mtatton) #98
* options document.browse.search.beginning_only
document.browse.search.ignore_history
ui.double_esc
* ui.temperature.* to show temperature of CPU
* document.plain.fixup_tables
* enhanced ecmascript code. Added QuickJS
* Notes on ECMAScript:
requires C++ compiler, sqlite3, libxml++5 >= 5.0.1.GIT
and either mozjs78-dev or QuickJS-2021-03-27
Most sites don't work, some crash. Some workarounds were implemented:
a) ECMAScript is disabled by default
b) ~/.elinks/allow.txt and ~/.elinks/disallow.txt with url prefixes
c) Added toggle-ecmascript action. You can bind it to some key
* other small fixes
ELinks 0.14.3 Released on 2021-09-26
* Fix issue with negative value of cells #126
ELinks 0.14.2 Released on 2021-08-29
* crash in nttp #114
* XSS in gopher #125
ELinks 0.14.1 Released on 2021-05-30
* Disable spidermonkey by default #85
* Show error message about libgcrypt-config. #86
* off by two. #88
* Check NULL. #99
* fix error message when no previous search was performed #100
* alert when moving to the next match of a failed search #101
* include unistd.h and errno.h to define safe_read() #107
ELinks 0.14.0 Released on 2020-12-27
No changes since 0.14.0rc2.
ELinks 0.14.0rc2 Released on 2020-12-13
* ~/.elinks/allow.txt - list of allowed url prefixes for js
ELinks 0.14.0rc1 Released on 2020-12-06
* dblatex for pdf. PR #64
* fixes CTRL-Z. #65
* changes in mime handlers. PR #66
* fixes in data protocol. #67, #68, #71, #72, #73
* allow to wrap text in PRE. #69
* pass #fragment to external command. #75
* introduced "document.browse.search.reset". #76
* added meson as alternative build system
* in #77 I'm going to attach static binaries for released versions
* mozjs dependency updated to 52.*
Note that, to compile with javascript support you must compile by g++ with -fpermissive option.
There is a lot of warnings. Unfortunately JS often crashes. Without help from someone familiar
with SpiderMonkey, we won't go far.
As you might notice, I renamed repo to elinks.
Thanks to all involved in this release.
ELinks 0.13.5 Released on 2020-08-30
* added clipboard selection using keyboard. #59
* fixed drawing menus over emoji characters. #60
* encoding to utf-8 and decoding back in python's pre_format_html_hook
This is likely the last release of 0.13.x series.
ELinks 0.13.4: Released on 2020-07-31.
* fixed segfault with gnutls. introduced in 0.13.3
* updated smart and dumb prefixes to https. Thanks Guido Cella. PR #54
* added the st terminal to config options. PR #55
* doc updates PR #57
* also pass the uri as %u to external handler. Thanks sgerwk. PR #58
* added the ui.clipboard_file config option
ELinks 0.13.3: Released on 2020-06-29.
* configure option --with-luapkg=name
You can choose lua version at compilation time. For example: --with-luapkg=luajit
* config option connection.ssl.https_by_default (Thanks Guido Cella)
not enabled by default
* docs updates (Guido Cella)
* fixes related to ui.mouse_disable and xterm-like terminals (Thanks sgerwk)
* show an alert when the search string is not found (sgerwk)
ELinks 0.13.2: Released on 2020-05-31.
* command line option -remote search(...) (thanks sgerwk)
* command line option -bind-address
* config option ui.mouse_disable (sgerwk)
* config option ui.tostop
* config option ui.sessions.fork_on_start
* compatibility (compilability) with lua-5.2 and 5.3
* modified cookies code (not well tested)
ELinks 0.13.1: Released on 2020-01-31.
* Fixed issue with uploading files to local cgi.
* Python scripts in contrib converted to python3.
ELinks 0.13.0: Released on 2019-12-27.
Incompatibilities:
* The protocol.fsp.sort option has been removed. ELinks always sorts.
* bug 1024: Verify the host name or IP address in the server certificate
if connection.ssl.cert_verify is not 0.
Miscellaneous:
* The configure script is no longer part of tarball, you must generate it.
For example running ./autogen.sh
* major bug 181: Slave ELinks processes can now run an external editor.
This used to work in the master process only.
* major bug 722: Filter CSS according to media types. New option
document.css.media.
* bug 638: Propagate the existence of $DISPLAY from slave terminals to
mailcap test commands.
* bugs 762, 1082: Small memory leak in goto_current_link/goto_imgmap
* bug 963: New option document.css.ignore_display_none.
* bug 977: Fixed crash when opening in new tab a non link with onclick
attribute.
* bug 1008: File upload fields in HTML forms now stream the files to
the server, instead of reading them to memory in advance. This lets
you upload larger files. The downsides are that ELinks may use a
cached response even if you have modified a file between requests,
and that ELinks can send inconsistent data if you modify a file
while it is being uploaded.
* bug 1054: Don't abort downloads when closing the terminal from which
they were started. When such a download ends, display the message
in the most recently used terminal. If the user chooses
``Background and Notify'' via the download manager in some terminal,
reassociate the download with that terminal. These changes do not
apply to downloads to external handlers.
* Really retry forever when connection.retries = 0.
* enhancement: Session-specific options. Any options changed with
toggle-* actions no longer affect other tabs or other terminals.
* Do not crash when document.browse.minimum_refresh_time = 0 and
a document has a meta refresh with a delay of 0.
* Properly update link highlighting and status bar information when the
repeat prefix is changed.
* Handle SSL rehandshakes
* Fix compatibility with Ruby >= 1.9
* enhancement 15: Domain-specific options. Use set_domain in
elinks.conf to e.g. disable cookies for google.com. The option
manager window does not yet support this.
* enhancement 867: Use bracketed paste mode on xterm. This requires
xterm patch #228 or later configured with --enable-readline-mouse.
* enhancement 824: Experimental support for combining characters.
See features.conf for details.
* enhancement: Add a new entry Link Info under Link main menu.
* enhancement: Indicate backgrounded downloads using an unused led.
* enhancement: Display the number of ECMAScript interpreters that have
been allocated for documents in the Resources dialog.
* Fedora enhancement 346861: Add support for nss_compat_ossl library
(OpenSSL replacement).
* enhancement: ``elinks --dump'' uses box-drawing characters if supported
by the charset.
* enhancement 1070: Support 256 colors on fbterm-1.4.
* enhancement 1075: Scrolling the entire contents of dialog boxes.
Especially useful for multi-file BitTorrent downloads.
* Report if the Lua function edit_bookmark_dialog receives the wrong
number or types of arguments instead of silently failing.
* enhancement: Add ``Invalidate'' button to the cache manager.
* enhancement: Add ``Search contents'' button to the cache manager with
which one can search through the cache items' data rather than their
metadata.
* enhancement: Add rudimentary support for the HTML5 media elements,
<video> and <audio>.
* enhancement: Add move-half-page-up and move-half-page-down actions.
* enhancement: Add option to change overlap for vertical scrolling.
* enhancement: HTML meta refresh allows semicolons in URLs, and the
syntax is more like in Firefox.
* link against lua51 not lua50
* SpiderMonkey must be mozjs-17.0. This version is latest with C API.
Find it with pkg-config.
* using iconv for some multibyte charsets. It works if the terminal codepage
is UTF-8. More charsets will be added on demand.
* enhancement: support SSL client certificate
* python scripting is Python3 only
* brotli and zstd encodings
* possibility to make use of libevent instead of select for event loop
* terminfo queries for output (not input) as compilation option
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
39ff37072e |
qemu: Update to version 7.1.0
- Update from 7.0.0 to 7.1.0 - Update of rootfile not required - Removal of qemu-7.0.0-fix-glibc-headers.patch as an alternative patch approach has been implemeted into thye source tarball. - Changelog is too large to include here. Details can be found at https://wiki.qemu.org/ChangeLog/7.1 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
81c3f9e1b9 |
libvirt: Update to version 8.9.0
- Update from 7.10.0 to 8.9.0 - Update of rootfile - Removal of sheepdog_storage option in ./configure as it has been removed from libvirt - Removal of libvirt-7.10.0-fix-glibc-headers.patch as contents are now built in to source tarball. - Changelog is too large to include here. Details can be found in the NEWS.rst file in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
8cb2214c3a |
curl: Update to version 7.86.0
- Update from version 7.84.0 to 7.86.0 - Update of rootfile - curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this is now built into the source tarball version - Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES file in the source tarballs. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
6ff6ba85ba |
xz: Update to version 5.2.8
- Update from version 5.2.5 to 5.2.8
- Update of rootfile
- Remove xzgrep-ZDI-CAN-16587 patch as the contents are now integrated into the source
tarball and with an improved quicker method - see changelog below.
- Changelog
5.2.8 (2022-11-13)
* xz:
- If xz cannot remove an input file when it should, this
is now treated as a warning (exit status 2) instead of
an error (exit status 1). This matches GNU gzip and it
is more logical as at that point the output file has
already been successfully closed.
- Fix handling of .xz files with an unsupported check type.
Previously such printed a warning message but then xz
behaved as if an error had occurred (didn't decompress,
exit status 1). Now a warning is printed, decompression
is done anyway, and exit status is 2. This used to work
slightly before 5.0.0. In practice this bug matters only
if xz has been built with some check types disabled. As
instructed in PACKAGERS, such builds should be done in
special situations only.
- Fix "xz -dc --single-stream tests/files/good-0-empty.xz"
which failed with "Internal error (bug)". That is,
--single-stream was broken if the first .xz stream in
the input file didn't contain any uncompressed data.
- Fix displaying file sizes in the progress indicator when
working in passthru mode and there are multiple input files.
Just like "gzip -cdf", "xz -cdf" works like "cat" when the
input file isn't a supported compressed file format. In
this case the file size counters weren't reset between
files so with multiple input files the progress indicator
displayed an incorrect (too large) value.
* liblzma:
- API docs in lzma/container.h:
* Update the list of decoder flags in the decoder
function docs.
* Explain LZMA_CONCATENATED behavior with .lzma files
in lzma_auto_decoder() docs.
- OpenBSD: Use HW_NCPUONLINE to detect the number of
available hardware threads in lzma_physmem().
- Fix use of wrong macro to detect x86 SSE2 support.
__SSE2_MATH__ was used with GCC/Clang but the correct
one is __SSE2__. The first one means that SSE2 is used
for floating point math which is irrelevant here.
The affected SSE2 code isn't used on x86-64 so this affects
only 32-bit x86 builds that use -msse2 without -mfpmath=sse
(there is no runtime detection for SSE2). It improves LZMA
compression speed (not decompression).
- Fix the build with Intel C compiler 2021 (ICC, not ICX)
on Linux. It defines __GNUC__ to 10 but doesn't support
the __symver__ attribute introduced in GCC 10.
* Scripts: Ignore warnings from xz by using --quiet --no-warn.
This is needed if the input .xz files use an unsupported
check type.
* Translations:
- Updated Croatian and Turkish translations.
- One new translations wasn't included because it needed
technical fixes. It will be in upcoming 5.4.0. No new
translations will be added to the 5.2.x branch anymore.
- Renamed the French man page translation file from
fr_FR.po to fr.po and thus also its install directory
(like /usr/share/man/fr_FR -> .../fr).
- Man page translations for upcoming 5.4.0 are now handled
in the Translation Project.
* Update doc/faq.txt a little so it's less out-of-date.
5.2.7 (2022-09-30)
* liblzma:
- Made lzma_filters_copy() to never modify the destination
array if an error occurs. lzma_stream_encoder() and
lzma_stream_encoder_mt() already assumed this. Before this
change, if a tiny memory allocation in lzma_filters_copy()
failed it would lead to a crash (invalid free() or invalid
memory reads) in the cleanup paths of these two encoder
initialization functions.
- Added missing integer overflow check to lzma_index_append().
This affects xz --list and other applications that decode
the Index field from .xz files using lzma_index_decoder().
Normal decompression of .xz files doesn't call this code
and thus most applications using liblzma aren't affected
by this bug.
- Single-threaded .xz decoder (lzma_stream_decoder()): If
lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
to use lzma_memlimit_set() to increase the limit and continue
decoding. This was supposed to work from the beginning
but there was a bug. With other decoders (.lzma or
threaded .xz decoder) this already worked correctly.
- Fixed accumulation of integrity check type statistics in
lzma_index_cat(). This bug made lzma_index_checks() return
only the type of the integrity check of the last Stream
when multiple lzma_indexes were concatenated. Most
applications don't use these APIs but in xz it made
xz --list not list all check types from concatenated .xz
files. In xz --list --verbose only the per-file "Check:"
lines were affected and in xz --robot --list only the "file"
line was affected.
- Added ABI compatibility with executables that were linked
against liblzma in RHEL/CentOS 7 or other liblzma builds
that had copied the problematic patch from RHEL/CentOS 7
(xz-5.2.2-compat-libs.patch). For the details, see the
comment at the top of src/liblzma/validate_map.sh.
WARNING: This uses __symver__ attribute with GCC >= 10.
In other cases the traditional __asm__(".symver ...")
is used. Using link-time optimization (LTO, -flto) with
GCC versions older than 10 can silently result in
broken liblzma.so.5 (incorrect symbol versions)! If you
want to use -flto with GCC, you must use GCC >= 10.
LTO with Clang seems to work even with the traditional
__asm__(".symver ...") method.
* xzgrep: Fixed compatibility with old shells that break if
comments inside command substitutions have apostrophes (').
This problem was introduced in 5.2.6.
* Build systems:
- New #define in config.h: HAVE_SYMBOL_VERSIONS_LINUX
- Windows: Fixed liblzma.dll build with Visual Studio project
files. It broke in 5.2.6 due to a change that was made to
improve CMake support.
- Windows: Building liblzma with UNICODE defined should now
work.
- CMake files are now actually included in the release tarball.
They should have been in 5.2.5 already.
- Minor CMake fixes and improvements.
* Added a new translation: Turkish
5.2.6 (2022-08-12)
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files. Previously this required
using --force.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
- Visual Studio: Use non-standard _MSVC_LANG to detect C++
standard version in the lzma.h API header. It's used to
detect when "noexcept" can be used.
* xzgrep:
- Fixed arbitrary command injection via a malicious filename
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
this was released to the public on 2022-04-07. A slight
robustness improvement has been made since then and, if
using GNU or *BSD grep, a new faster method is now used
that doesn't use the old sed-based construct at all. This
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
when xzgrepping binary files.
This vulnerability was discovered by:
cleemy desu wayo working with Trend Micro Zero Day Initiative
- Fixed detection of corrupt .bz2 files.
- Improved error handling to fix exit status in some situations
and to fix handling of signals: in some situations a signal
didn't make xzgrep exit when it clearly should have. It's
possible that the signal handling still isn't quite perfect
but hopefully it's good enough.
- Documented exit statuses on the man page.
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
of the deprecated egrep and fgrep commands.
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
problem occurred when multiple options were specied in
a single argument, for example,
echo foo | xzgrep -Fe foo
treated foo as a filename because -Fe wasn't correctly
split into -F -e.
- Added zstd support.
* xzdiff/xzcmp:
- Fixed wrong exit status. Exit status could be 2 when the
correct value is 1.
- Documented on the man page that exit status of 2 is used
for decompression errors.
- Added zstd support.
* xzless:
- Fix less(1) version detection. It failed if the version number
from "less -V" contained a dot.
* Translations:
- Added new translations: Catalan, Croatian, Esperanto,
Korean, Portuguese, Romanian, Serbian, Spanish, Swedish,
and Ukrainian
- Updated the Brazilian Portuguese translation.
- Added French man page translation. This and the existing
German translation aren't complete anymore because the
English man pages got a few updates and the translators
weren't reached so that they could update their work.
* Build systems:
- Windows: Fix building of resource files when config.h isn't
used. CMake + Visual Studio can now build liblzma.dll.
- Various fixes to the CMake support. Building static or shared
liblzma should work fine in most cases. In contrast, building
the command line tools with CMake is still clearly incomplete
and experimental and should be used for testing only.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
f86ae7d1a6 |
gdb: Patch for building with readline-8.2
- Patch required for successful building with readline-8.2 In readline 8.2 the type of rl_completer_word_break_characters changed to include const. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
1ad5a01388 |
readline: Update to version 8.2 plus patch 1
- Update from version 8.1 to 8.2 plus patch 1
- Update of rootfile
- Changelog
version 8.2
There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times out.
There is a new state value to indicate a timeout. There is a new option:
`enable-active-region'. This separates control of the active region and
bracketed-paste. It has the same default value as bracketed-paste, and
enabling bracketed paste enables the active region. Users can now turn off
the active region while leaving bracketed paste enabled. Two new bindable
string variables are available; their values are terminal escape sequences
that set the color used to display the active region and turn it off,
respectively. If set, these are used in place of terminal standout mode.
Finally, Readline now checks for changes to locale settings
(LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate
locale-specific display and key binding variables when the locale changes.
There are a few bug fixes in the redisplay code when restoring the prompt
after a digit-argument prompt or incremental search back to a prompt that
contains invisible multibyte characters. There are more checks for read
errors, especially in the middle of readline commands; previous versions
could loop or return incorrect data. Full details are below.
GNU Readline is a library which provides programs with an input
facility including command-line editing and history. Editing
commands similar to both emacs and vi are included. The GNU
History library, which provides facilities for managing a list of
previously-typed command lines and an interactive command line
recall facility similar to that provided by csh, is also present.
The history library is built as part of the readline as well as
separately.
1. Changes to Readline
a. Fixed a problem with cleaning up active marks when using callback mode.
b. Fixed a problem with arithmetic comparison operators checking the version.
c. Fixed a problem that could cause readline not to build on systems without
POSIX signal functions.
d. Fixed a bug that could cause readline to crash if the application removed
the callback line handler before readline read all typeahead.
e. Added additional checks for read errors in the middle of readline commands.
f. Fixed a redisplay problem that occurred when switching from the digit-
argument prompt `(arg: N)' back to the regular prompt and the regular
prompt contained invisible characters.
g. Fixed a problem with restoring the prompt when aborting an incremental
search.
h. Fix a problem with characters > 128 not being displayed correctly in certain
single-byte encodings.
i. Fixed a problem with unix-filename-rubout that caused it to delete too much
when applied to a pathname consisting only of one or more slashes.
j. Fixed a display problem that caused the prompt to be wrapped incorrectly if
the screen changed dimensions during a call to readline() and the prompt
became longer than the screen width.
k. Fixed a problem that caused the \r output by turning off bracketed paste
to overwrite the line if terminal echo was disabled.
l. Fixed a bug that could cause colored-completion-prefix to not display if
completion-prefix-display-length was set.
m. Fixed a problem with line wrapping prompts when a group of invisible
characters runs to the right edge of the screen and the prompt extends
longer then the screen width.
n. Fixed a couple problems that could cause rl_end to be set incorrectly by
transpose-words.
o. Prevent some display problems when running a command as the result of a
trap or one bound using `bind -x' and the command generates output.
p. Fixed an issue with multi-line prompt strings that have one or more
invisible characters at the end of a physical line.
q. Fixed an issue that caused a history line's undo list to be cleared when
it should not have been.
r. When replacing a history entry, make sure the existing entry has a non-NULL
timestamp before copying it; it may have been added by the application, not
the history library.
2. New Features in Readline
a. There is now an HS_HISTORY_VERSION containing the version number of the
history library for applications to use.
b. History expansion better understands multiple history expansions that may
contain strings that would ordinarily inhibit history expansion (e.g.,
`abc!$!$').
c. There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times
out. There is a new state value to indicate a timeout.
d. Automatically bind termcap key sequences for page-up and page-down to
history-search-backward and history-search-forward, respectively.
e. There is a new `fetch-history' bindable command that retrieves the history
entry corresponding to its numeric argument. Negative arguments count back
from the end of the history.
f. `vi-undo' is now a bindable command.
g. There is a new option: `enable-active-region'. This separates control of
the active region and bracketed-paste. It has the same default value as
bracketed-paste, and enabling bracketed paste enables the active region.
Users can now turn off the active region while leaving bracketed paste
enabled.
h. rl_completer_word_break_characters is now `const char *' like
rl_basic_word_break_characters.
i. Readline looks in $LS_COLORS for a custom filename extension
(*.readline-colored-completion-prefix) and uses that as the default color
for the common prefix displayed when `colored-completion-prefix' is set.
j. Two new bindable string variables: active-region-start-color and
active-region-end-color. The first sets the color used to display the
active region; the second turns it off. If set, these are used in place
of terminal standout mode.
k. New readline state (RL_STATE_EOF) and application-visible variable
(rl_eof_found) to allow applications to detect when readline reads EOF
before calling the deprep-terminal hook.
l. There is a new configuration option: --with-shared-termcap-library, which
forces linking the shared readline library with the shared termcap (or
curses/ncurses/termlib) library so applications don't have to do it.
m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG)
each time it is called, and modifies the appropriate locale-specific display
and key binding variables when the locale changes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
5be71d2a6e |
bash: Update to version 5.2 plus patches 1 to 9
- Update from version 5.1.16 to version 5.2 plus patches 1 to 9
- Update of rootfile
- Changelog
This is a terse description of the new features added to bash-5.2 since
the release of bash-5.1. As always, the manual page (doc/bash.1) is
the place to look for complete descriptions.
1. New Features in Bash
a. The bash malloc returns memory that is aligned on 16-byte boundaries.
b. There is a new internal timer framework used for read builtin timeouts.
c. Rewrote the command substitution parsing code to call the parser recursively
and rebuild the command string from the parsed command. This allows better
syntax checking and catches errors much earlier. Along with this, if
command substitution parsing completes with here-documents remaining to be
read, the shell prints a warning message and reads the here-document bodies
from the current input stream.
d. The `ulimit' builtin now treats an operand remaining after all of the options
and arguments are parsed as an argument to the last command specified by
an option. This is for POSIX compatibility.
e. Here-document parsing now handles $'...' and $"..." quoting when reading the
here-document body.
f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline
commands now understand $'...' and $"..." quoting.
g. There is a new `spell-correct-word' bindable readline command to perform
spelling correction on the current word.
h. The `unset' builtin now attempts to treat arguments as array subscripts
without parsing or expanding the subscript, even when `assoc_expand_once'
is not set.
i. There is a default value for $BASH_LOADABLES_PATH in config-top.h.
j. Associative array assignment and certain instances of referencing (e.g.,
`test -v' now allow `@' and `*' to be used as keys.
k. Bash attempts to expand indexed array subscripts only once when executing
shell constructs and word expansions.
l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with
that value for associative arrays instead of unsetting the entire array
(which you can still do with `unset arrayname'). For indexed arrays, it
removes all elements of the array without unsetting it (like `A=()').
m. Additional builtins (printf/test/read/wait) do a better job of not
parsing array subscripts if array_expand_once is set.
n. New READLINE_ARGUMENT variable set to numeric argument for readline commands
defined using `bind -x'.
o. The new `varredir_close' shell option causes bash to automatically close
file descriptors opened with {var}<fn and other styles of varassign
redirection unless they're arguments to the `exec' builtin.
p. The `$0' special parameter is now set to the name of the script when running
any (non-interactive) startup files such as $BASH_ENV.
q. The `enable' builtin tries to load a loadable builtin using the default
search path if `enable name' (without any options) attempts to enable a
non-existent builtin.
r. The `printf' builtin has a new format specifier: %Q. This acts like %q but
applies any specified precision to the original unquoted argument, then
quotes and outputs the result.
s. The new `noexpand_translations' option controls whether or not the translated
output of $"..." is single-quoted.
t. There is a new parameter transformation operator: @k. This is like @K, but
expands the result to separate words after word splitting.
u. There is an alternate array implementation, selectable at `configure' time,
that optimizes access speed over memory use (use the new configure
--enable-alt-array-implementation option).
v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty
string, treat the redirection as [N]<&- or [N]>&- and close file descriptor
N (default 0).
w. Invalid parameter transformation operators are now invalid word expansions,
and so cause fatal errors in non-interactive shells.
x. New shell option: patsub_replacement. When enabled, a `&' in the replacement
string of the pattern substitution expansion is replaced by the portion of
the string that matched the pattern. Backslash will escape the `&' and
insert a literal `&'.
y. `command -p' no longer looks in the hash table for the specified command.
z. The new `--enable-translatable-strings' option to `configure' allows $"..."
support to be compiled in or out.
aa. The new `globskipdots' shell option forces pathname expansion never to
return `.' or `..' unless explicitly matched. It is enabled by default.
bb. Array references using `@' and `*' that are the value of nameref variables
(declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if
set -u is enabled and the array (v) is unset.
cc. There is a new bindable readline command name:
`vi-edit-and-execute-command'.
dd. In posix mode, the `printf' builtin checks for the `L' length modifier and
uses long double for floating point conversion specifiers if it's present,
double otherwise.
ee. The `globbing' completion code now takes the `globstar' option into account.
ff. `suspend -f' now forces the shell to suspend even if job control is not
currently enabled.
gg. Since there is no `declare -' equivalent of `local -', make sure to use
`local -' in the output of `local -p'.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d116f35a36 |
rust-iana-time-zone: Required by updated rust-chrono
- Install of version 0.1.51 - Definition of rootfile - Creation of metadata patch to eliminate windows options Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
9745d784b9 |
rust-chrono:Update to version 0.4.22 required by python3-cryptography
- Updated from version 0.4.19 to 0.4.22 - Update of rootfile - Update of metadata patch as more windows related entries in Cargo.toml to be excluded - Changelog ## 0.4.22 * Allow wasmbindgen to be optional on `wasm32-unknown-unknown` target [(#771)](https://github.com/chronotope/chrono/pull/771) * Fix compile error for `x86_64-fortanix-unknown-sgx` [(#767)](https://github.com/chronotope/chrono/pull/767) * Update `iana-time-zone` version to 1.44 [(#773)](https://github.com/chronotope/chrono/pull/773) ## 0.4.21 * Fall back to UTC timezone in cases where no timezone is found [(#756)](https://github.com/chronotope/chrono/pull/756) * Correctly detect timezone on Android [(#756)](https://github.com/chronotope/chrono/pull/756) * Improve documentation for strftime `%Y` specifier [(#760)](https://github.com/chronotope/chrono/pull/760) ## 0.4.20 * Add more formatting documentation and examples. * Add support for microseconds timestamps serde serialization/deserialization (#304) * Fix `DurationRound` is not TZ aware (#495) * Implement `DurationRound` for `NaiveDateTime` * Implement `std::iter::Sum` for `Duration` * Add `DateTime::from_local()` to construct from given local date and time (#572) * Add a function that calculates the number of years elapsed between now and a given `Date` or `DateTime` (#557) * Correct build for wasm32-unknown-emscripten target (#568) * Change `Local::now()` and `Utc::now()` documentation from "current date" to "current date and time" (#647) * Fix `duration_round` panic on rounding by `Duration::zero()` (#658) * Add optional rkyv support. * Add support for microseconds timestamps serde serialization for `NaiveDateTime`. * Add support for optional timestamps serde serialization for `NaiveDateTime`. * Fix build for wasm32-unknown-emscripten (@yu-re-ka #593) * Make `ParseErrorKind` public and available through `ParseError::kind()` (#588) * Implement `DoubleEndedIterator` for `NaiveDateDaysIterator` and `NaiveDateWeeksIterator` * Fix panicking when parsing a `DateTime` (@botahamec) * Add support for getting week bounds based on a specific `NaiveDate` and a `Weekday` (#666) * Remove libc dependency from Cargo.toml. * Add the `and_local_timezone` method to `NaiveDateTime` * Fix the behavior of `Duration::abs()` for negative durations with non-zero nanos * Add compatibility with rfc2822 comments (#733) * Make `js-sys` and `wasm-bindgen` enabled by default when target is `wasm32-unknown-unknown` for ease of API discovery * Add the `Months` struct and associated `Add` and `Sub` impls Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
634f46dc34 |
zlib: Update to version 1.2.13
- Update from version 1.2.12 to 1.2.13
- Update of rootfile
- Patches for CVE-2022-37434 removed as they are now integarted in the source tarball
- Changelog
Changes in 1.2.13 (13 Oct 2022)
- Fix configure issue that discarded provided CC definition
- Correct incorrect inputs provided to the CRC functions
- Repair prototypes and exporting of new CRC functions
- Fix inflateBack to detect invalid input with distances too far
- Have infback() deliver all of the available output up to any error
- Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37434)
- Fix bug in block type selection when Z_FIXED used
- Tighten deflateBound bounds
- Remove deleted assembler code references
- Various portability and appearance improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Matthias Fischer
|
3e5190f5c7 |
samba: Update to 4.17.0
For details see: https://www.samba.org/samba/latest_news.html#4.17.0 This "just came my way" and I found the CVEs listed on https://www.samba.org/samba/history/security.html which address "All versions of Samba prior to 4.16.4" or "All versions of Samba" rather long. The 'glibc_headers' patch is now included. Sad to say, due to the lack of hardware I can only include the rootfile for x86_64. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> |
||
|
Peter Müller
|
0d0bfd0e5c |
libloc: Update to 0.9.15
Please refer to https://lists.ipfire.org/pipermail/location/2022-September/000579.html for the release announcement of this version. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Peter Müller
|
ee2e7db90b |
linux: Add upstream patches for CVE-2022-4{1674,2719-2722}
https://lists.ipfire.org/pipermail/development/2022-October/014562.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Michael Tremer
|
692d18285f |
glibc: Fix added whitespace in syslog messages
Fixes: #12949 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |