mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-22 00:42:59 +02:00
15818f9600a3e01c4bf813e757f916b951619745
9607 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
15818f9600 |
bwm-ng: Update to version 0.6.3
- Update from version 0.6.1-f54b3fa to 0.6.3
- Update of rootfile not required
- Changelog
0.6.3
* remove outdated copyright and email
* Merge pull request #25 from fweimer/patch-1 AC_QEF_C_NORETURN: Include
<stdlib.h> for exit
* Merge pull request #27 from ofalk/master Fix potential write to unallocated
memory.
* Merge pull request #28 from vgropp/#2-fix-csv-bits feat: #2 output bits in csv
* Merge pull request #29 from vgropp/#2-fix-csv-bits fix(doc): #2 output bits
in csv
* Merge pull request #32 from vgropp/new-netstat-#5 feat: add support for
newer (2016+) linux netstat #5
0.6.2
* Merge pull request #22 from vgropp/issue-#13 to fix windows build
* Merge pull request #20 from dreibh/master CSV file output: fix for timestamp
inaccuracy and Y-2038 problem
* Merge pull request #21 from vgropp/travisci add travisci
* Merge pull request #17 from Himura2la/master Add the started time in "sum" mode
* Merge pull request #18 from Himura2la/fix-dynamic Fix DYNAMIC and ANSIOUT in
config
* Merge pull request #10 from SoapGentoo/fixes Use `static inline` instead of
`inline`
* Merge pull request #9 from adventureloop/master Always fflush the pipe
* Merge pull request #7 from samueloph/fsf_address_clean Update FSF address
* Merge pull request #6 from samueloph/master Fix typos
* fix nan and inf values on fast refresh (fixes debian bug #532331
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
0216fe0228 |
libxml2: Update to version 2.13.3
- Update from version 2.12.3 to 2.13.3
- Update of rootfile
- CVE fixes in 2.13.3, 2.12.7, 2.12.5
- Changelog
2.13.3
### Security
- [CVE-2024-40896] Fix XXE protection in downstream code
### Regressions
- autotools: Use AC_CHECK_DECL to check for getentropy
- xinclude: Fix fallback for text includes
- io: Don't call getcwd in xmlParserGetDirectory
- io: Fix return value of xmlFileRead
- parser: Fix error return of xmlParseBalancedChunkMemory
### Improvements
- xinclude: Set error handler when parsing text
- Undeprecate xmlKeepBlanksDefault
2.13.2
### Regressions
- tree: Fix handling of empty strings in xmlNodeParseContent
- valid: Restore ID lookup
- parser: Reenable ctxt->directory
- uri: Handle filesystem paths in xmlBuildRelativeURISafe
- encoding: Make xmlFindCharEncodingHandler return UTF-8 handler
- encoding: Fix encoding lookup with xmlOpenCharEncodingHandler
- include: Define ATTRIBUTE_UNUSED for clang
- uri: Fix xmlBuildURI with NULL base
### Improvements
- uri: Enable Windows paths on Cygwin
- tests: Clarify licence of test/intsubset2.xml
2.13.1
### Regressions
- parser: Selectively reenable reading from "-"
- reader: Fix xmlTextReaderReadString
- xinclude: Set XPath context doc
- xinclude: Load included documents with XML_PARSE_DTDLOAD
- include: Don't redefine ATTRIBUTE_UNUSED
- include: Readd circular dependency between tree.h and parser.h
- xinclude: Add missing include (Jan Alexander Steffens (heftig))
- win32, msvc: fix missing linking against Bcrypt.lib (Miklos Vajna)
- xinclude: Don't raise error on empty nodeset
- parser: Make failure to load main document a warning
- tree: Fix freeing entities via xmlFreeNode
- parser: Pass global object to sax->setDocumentLocator
### Improvements
- io: Fix resetting xmlParserInputBufferCreateFilename hook
### Documentation
- Fix typo in NEWS (--with-html -> --with-http) (Ryan Carsten Schmidt)
- doc: Don't mention xmlNewInputURL
2.13.0
### Major changes
Most of the core code should now report malloc failures reliably. Some
API functions were extended with versions that report malloc failures.
New API functions for error handling were added:
- xmlCtxtSetErrorHandler
- xmlXPathSetErrorHandler
- xmlXIncludeSetErrorHandler
This makes it possible to register per-context error handlers without
resorting to global handlers.
A few error messages were improved and consolidated. Please update
downstream test suites accordingly.
A new parser option XML_PARSE_NO_XXE can be used to disable loading
of external entities or DTDs. This is most useful in connection with
XML_PARSE_NOENT.
Support for HTTP POST was removed.
Support for zlib, liblzma and HTTP is now disabled by default and has
to be enabled by passing --with-zlib, --with-lzma or --with-http to
configure. In legacy mode (--with-legacy) these options are enabled
by default as before.
Support for FTP will be removed in the next release.
Support for the range and point extensions of the xpointer() scheme
will be removed in the next release. The rest of the XPointer
implementation won't be affected. The xpointer() scheme will behave
like the xpath1() scheme.
Several more legacy symbols were deprecated. Users of the old "SAX1"
API functions are encouraged to upgrade to the new "SAX2" API,
available since version 2.6.0 from 2003.
Some deprecated global variables were made const:
- htmlDefaultSAXHandler
- oldXMLWDcompatibility
- xmlDefaultSAXHandler
- xmlDefaultSAXLocator
- xmlParserDebugEntities
### Deprecations and removals
- threads: Deprecate remaining ThrDef functions
- unicode: Deprecate most xmlUCSIs* functions
- memory: Remove memory debugging
- tree: Deprecate xmlRegisterNodeDefault
- tree: Deprecate xmlSetCompressMode
- html: Deprecate htmlHandleOmittedElem
- valid: Deprecate internal validation functions
- valid: Deprecate old DTD serialization API
- nanohttp: Deprecate public API
- Remove VMS support
- Remove Trio
### Bug fixes
- parser: Fix base URI of internal parameter entities
- tree: Handle predefined entities in xmlBufGetEntityRefContent
- schemas: Allow unlimited length decimals, integers etc. (Tomáš Ženčák)
- reader: Fix preservation of attributes
- parser: Always decode entities in namespace URIs
- relaxng: Fix tree corruption in xmlRelaxNGParseNameClass (Seiya Nakata)
- schemas: Fix ADD_ANNOTATION
- tree: Fix tree iteration in xmlDOMWrapRemoveNode
- tree: Declare namespace on clone in xmlDOMWrapCloneNode
- tree: Fix xmlAddSibling with last sibling
- tree: Fix xmlDocSetRootElement with multiple top-level elements
- catalog: Fetch XML catalog before dumping
- html: Don't close fd in htmlCtxtReadFd
### Improvements
- parser: Fix "Truncated multi-byte sequence" error
- Add missing _cplusplus processing clause (Sadaf Ebrahimi)
- parser: Rework handling of undeclared entities
- SAX2: Warn if URI resolution failed
- parser: Don't report error on invalid URI
- xmllint: Clean up option handling
- xmllint: Rework parsing
- parser: Don't create undeclared entity refs in substitution mode
- Make some globals const
- reader: Make xmlTextReaderReadString non-recursive
- reader: Rework xmlTextReaderRead{Inner,Outer}Xml
- Remove redundant size check (Niels Dossche)
- Remove redundant NULL check on cur (Niels Dossche)
- Remove always-false check old == cur (Niels Dossche)
- Remove redundant NULL check on cur (Niels Dossche)
- tree: Don't return empty localname in xmlSplitQName{2,3}
- xinclude: Don't try to fix base of non-elements
- tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling
- SAX2: Optimize appending children
- tree: Align xmlAddChild with other node insertion functions
- html: Use binary search in htmlEntityValueLookup
- io: Allocate output buffer with XML_BUFFER_ALLOC_IO
- encoding: Don't shrink input too early in xmlCharEncOutput
- tree: Tighten source doc check in xmlDOMWrapAdoptNode
- tree: Check destParent->doc in xmlDOMWrapCloneNode
- tree: Refactor text node updates
- tree: Refactor node insertion
- tree: Refactor element creation and parsing of attribute values
- tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent
- buf: Don't use default buffer size for small strings
- string: Fix xmlStrncatNew(NULL, "")
- entities: Don't allow null name in xmlNewEntity
- html: Fix quadratic behavior in htmlNodeDump
- tree: Rewrite xmlSetTreeDoc
- valid: Rework xmlAddID
- tree: Remove unused node types
- tree: Make namespace comparison more consistent
- tree: Don't allow NULL name in xmlSetNsProp
- tree: Rework xmlNodeListGetString
- tree: Rework xmlTextMerge
- tree: Rework xmlNodeSetName
- tree: Simplify xmlAddChild with text parent
- tree: Disallow setting content of entity reference nodes
- tree: Rework xmlReconciliateNs
- schemas: fix spurious warning about truncated snprintf output
(Benjamin Gilbert)
- xmlschemastypes: Remove unreachable if statement (Maks Mishin)
- relaxng: Remove useless if statement (Maks Mishin)
- tree: Check for integer overflow in xmlStringGetNodeList
- http: Improve error message for HTTPS redirects
- catalog: Remove Windows hack
- save: Move DTD serialization code to xmlsave.c
- parser: Report fatal error if document entity couldn't be loaded
- xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest
- SAX2: Limit entity URI length to 2000 bytes
- parser: Account for full size of non-well-formed entities
- parser: Pop inputs if parsing DTD failed
- parser: Fix quadratic behavior when copying entities
- writer: Implement xmlTextWriterClose
- parser: Avoid duplicate namespace errors
- parser: Add XML_PARSE_NO_XXE parser option
- parser: Make xmlParseContent more useful
- error: Make xmlFormatError public
- encoding: Check whether encoding handlers support input/output
- SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
- parser: Lower maximum entity nesting depth
- parser: Set depth limit to 2048 with XML_PARSE_HUGE
- parser: Implement xmlCtxtSetOptions
- parser: Always prefer option members over bitmask
- parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set
- parser: Rework parsing of attribute and entity values
- save: Output U+FFFD replacement characters
- parser: Simplify entity size accounting
- parser: Avoid unwanted expansion of parameter entities
- parser: Always copy content from entity to target
- parser: Simplify control flow in xmlParseReference
- parser: Remove xmlSetEntityReferenceFunc feature
- parser: Push general entity input streams on the stack
- parser: Move progressive flag into input struct
- parser: Fix in-parameter-entity and in-external-dtd checks
- xpath: Rewrite substring-before and substring-after
- xinclude: Only set xml:base if necessary
- xinclude: Allow empty nodesets
- parser: Rework general entity parsing
- io: Fix close error handling
- io: Fix read/write error handling
- io: More refactoring and unescaping fixes
- io: Move some code from xmlIO.c to parserInternals.c
- uri: Clean up special parsing modes
- xinclude: Rework xml:base fixup
- parser: Also set document properties when push parsing
- include: Move non-generated parts from xmlversion.h.in
- io: Remove support for HTTP POST
- dict: Move local RNG state to global state
- dict: Get random seed from system PRNG
- io: Don't use "-" to read from stdin
- io: Rework initialization
- io: Consolidate error messages
- xzlib: Fix harmless unsigned integer overflow
- io: Always use unbuffered input
- io: Fix detection of compressed streams
- io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile
- io: Rework default callbacks
- error: Stop printing some errors by default
- xpath: Don't free nodes of XSLT result value trees
- valid: Fix handling of enumerations
- parser: Allow recovery in xmlParseInNodeContext
- encoding: Support ASCII in xmlLookupCharEncodingHandler
- include: Remove useless 'const' from function arguments
- Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const'
conversions (makise-homura)
- Avoid EDG deprecation warnings for LCC compiler (makise-homura)
- Avoid EDG -Woverflow warnings on truncating conversions by manually
truncating operand (makise-homura)
- Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by
conversion from unsigned int to int (makise-homura)
- Avoid using no_sanitize attribute on EDG even if compiler shows as GCC
(makise-homura)
### Build systems
- meson: convert boolean options to feature option (Rosen Penev)
- meson: Pass LIBXML_STATIC in dependency (Andrew Potter)
- meson: fix compilation with local binaries (Rosen Penev)
- meson: don't use dl dependency on old meson (Rosen Penev)
- meson: fix usage as a subproject (Rosen Penev)
- autotools: Fix pthread detection on FreeBSD
- build: Remove --with-fexceptions configuration option
- autotools: Remove --with-coverage configuration option
- build: Disable HTTP support by default
- Stop defining _REENTRANT
- doc: Don't install example code
- meson: Initial commit (Vincent Torri)
- build: Disable support for compression libraries by default
- Set LIBXML2_FOUND if it has been properly configured (Michele Bianchi)
- Makefile.am: omit $(top_builddir) from DEPS and LDADDS (Mike Dalessio)
### Test suite
- runtest: Work around broken EUC-JP support in musl iconv
- runtest: Check for IBM-1141 encoding handler
- fuzz: Add xmllint fuzzer
- fuzz: Add fuzzer for XML reader API
- fuzz: New tree API fuzzer
- tests: Remove testOOM
- Don't let gentest.py cast types to 'const somethingPtr' to avoid
-Wignored-qualifiers (makise-homura)
2.12.8
### Regressions
- parser: Fix performance regression when parsing namespaces
2.12.7
### Security
- [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
### Regressions
- xmllint: Fix --pedantic option
- save: Handle invalid parent pointers in xhtmlNodeDumpOutput
2.12.6
### Regressions
- parser: Fix detection of duplicate attributes in XML namespace
- xmlreader: Fix xmlTextReaderConstEncoding
- html: Fix htmlCreatePushParserCtxt with encoding
- xmllint: Return error code if XPath returns empty nodeset
2.12.5
### Security
- [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
### Regressions
- parser: Fix crash in xmlParseInNodeContext with HTML documents
2.12.4
### Regressions
- parser: Fix regression parsing standalone declarations
- autotools: Readd --with-xptr-locs configuration option
- parser: Fix build --without-output
- parser: Don't grow or shrink pull parser memory buffers
- io: Fix memory lifetime issue with input buffers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
1e2a2ffca9 |
libuv: Update to version 1.48.0
- Update from version 1.44.2 to 1.48.0
- Update of rootfile not required
- Changelog
1.48.0
* misc: remove deprecated stalebot file (Jameson Nash)
* build: disable windows asan buildbot (Ben Noordhuis)
* test: don't run tcp_writealot under msan (Ben Noordhuis)
* build,win: remove extraneous -lshell32 (Ben Noordhuis)
* unix: ignore ifaddrs with NULL ifa_addr (Stephen Gallagher)
* unix,win: utility for setting priority for thread (Hao Hu)
* pipe: add back error handling to connect / bind (Jameson Nash)
* test: check if ipv6 link-local traffic is routable (Ben Noordhuis)
* win: remove check for UV_PIPE_NO_TRUNCATE (Jameson Nash)
* linux: disable io_uring on hppa below kernel 6.1.51 (matoro)
* unix,win: fix read past end of pipe name buffer (Ben Noordhuis)
* unix: unbreak macOS < 10.14 (Sergey Fedorov)
* aix: disable ipv6 link local (Abdirahim Musse)
* doc: move cjihrig to emeriti (cjihrig)
* unix: correct pwritev conditional (Bo Anderson)
* test_fs.c: Fix issue on 32-bit systems using btrfs (Stephen Gallagher)
* misc: ignore libuv-release-tool files (Jameson Nash)
* win: honor NoDefaultCurrentDirectoryInExePath env var (Ardi Nugraha)
* idna: fix compilation warning (Saúl Ibarra Corretgé)
* linux: remove HAVE_IFADDRS_H macro (Ben Noordhuis)
* test: skip tcp-write-in-a-row on IBM i (Abdirahim Musse)
* build,win: work around missing uuid.dll on MinGW (Anton Bachin)
* win: stop using deprecated names (Matheus Izvekov)
* unix,win: fix busy loop with zero timeout timers (Matheus Izvekov)
* aix,ibmi: use uv_interface_addresses instead of getifaddrs (Abdirahim Musse)
* linux: fix bind/connect for abstract sockets (Santiago Gimeno)
* win: replace c99 comments with c89 comments (Trevor Flynn)
* build: add .cache clangd folder to .gitignore (Juan José Arboleda)
* unix: support full TCP keep-alive on Solaris (Andy Pan)
* freebsd: fix F_KINFO file path handling (David Carlier)
* linux: retry fs op if unsupported by io_uring (Santiago Gimeno)
* freebsd: fix build on non-intel archs (David Carlier)
* unix: optimize uv__tcp_keepalive cpp directives (Andy Pan)
* linux: disable io_uring on ppc64 and ppc64le (Brad King)
* doc: add very basic Security Policy document (Santiago Gimeno)
* build: re-enable msvc-asan job on CI (Jameson Nash)
* win/spawn: optionally run executable paths with no file extension (Brad King)
* win: fix ESRCH implementation (Jameson Nash)
* unix,win: reset the timer queue on stop (Santiago Gimeno)
* fix: always zero-terminate idna output (Ben Noordhuis)
* fix: reject zero-length idna inputs (Ben Noordhuis)
* test: empty strings are not valid IDNA (Santiago Gimeno)
* Merge pull request from GHSA-f74f-cvh7-c6q6 (Ben Noordhuis)
1.47.0
* test: fix license blurb (Ben Noordhuis)
* linux: fix harmless warn_unused_result warning (Shuduo Sang)
* darwin: fix build warnings (小明)
* linux: don't use io_uring on pre-5.10.186 kernels (Ben Noordhuis)
* fs: fix WTF-8 decoding issue (Jameson Nash)
* test: enable disabled tcp_connect6_error_fault (Ben Noordhuis)
* test: enable disabled fs_link (Ben Noordhuis)
* test: enable disabled spawn_same_stdout_stderr (Ben Noordhuis)
* linux: handle UNAME26 personality (Ben Noordhuis)
* build: move cmake_minimum_required version to 3.9 (Keith Winstein)
* unix: set ipv6 scope id for link-local addresses (Ben Noordhuis)
* unix: match kqueue and epoll code (Trevor Norris)
* win,spawn: allow `%PATH%` to be unset (Kyle Edwards)
* doc: switch to Furo, a more modern Sphinx theme (Saúl Ibarra Corretgé)
* darwin: make TCP_KEEPINTVL and TCP_KEEPCNT available (小明)
* win,fs: avoid winapi macro redefinition (Brad King)
* linux: add missing riscv syscall numbers (michalbiesek)
* doc: fix broken "Shared library" Wikipedia link (Alois Klink)
* unix: get mainline kernel version in Ubuntu (Santiago Gimeno)
* unix: get mainline kernel version in Debian (Ben Noordhuis)
* build: fix qemu install in CI-unix workflow (Santiago Gimeno)
* unix: disable io_uring close on selected kernels (Santiago Gimeno)
* test: skip tests when ipv6 is not available (Santiago Gimeno)
* ibmi: implement ifaddrs, getifaddrs, freeifaddrs (Abdirahim Musse)
* unix: reset signal counters after fork (SmorkalovG)
* win,process: avoid assert after spawning Store app (Jameson Nash)
* unix: remove pread/preadv conditionals (Ben Noordhuis)
* unix: remove pwrite/pwritev conditionals (Ben Noordhuis)
* darwin: remove workaround for data corruption bug (Ben Noordhuis)
* src: default to stream=stderr in handle printer (Ben Noordhuis)
* test: switch to new-style ASSERT_EQ macros (Pleuvens)
* zos: correctly get cpu model in uv_cpu_info() (jolai)
* test: fix get_passwd2 on IBM i (Abdirahim Musse)
* unix: don't malloc on sync uv_fs_read (Ben Noordhuis)
* freebsd: get fs event path with fcntl(F_KINFO) (David Carlier)
* test: switch from ASSERT_* to ASSERT_PTR_* (Pleuvens)
* darwin: workaround apple pthread_cond_wait bug (Julien Roncaglia)
* doc: uv_close should be called after exit callback (Pleuvens)
* test: 192.0.2.0/24 is the actual -TEST-NET-1 (prubel)
* unix: add back preadv/pwritev fallback (Ben Noordhuis)
* unix: rename variable for consistency (Ben Noordhuis)
* unix: merge read/write code into single functions (Ben Noordhuis)
* doc: filename arg to uv_fs_event_cb can be NULL (Ben Noordhuis)
* build,win: we need to link against shell32.lib (Per Allansson)
* unix: no preadv/pwritev workaround if not needed (Jeffrey H. Johnson)
* build: add CI for Windows ARM64 (build only) (Per Allansson)
* linux: disable io_uring on 32 bits arm systems (Ben Noordhuis)
* build: run sanitizers on macos ci (Ben Noordhuis)
* misc: export WTF8 conversion utilities (Jameson Nash)
* build: fix libuv.a file name for cmake (Jameson Nash)
* build: add windows ubsan and clang ci (Matheus Izvekov)
* win: improve accuracy of ProductName between arch (Christian Heimlich)
1.46.0
* Add SHA to ChangeLog (Santiago Gimeno)
* misc: update readthedocs config (Jameson Nash)
* test: remove erroneous RETURN_SKIP (Ben Noordhuis)
* android: disable io_uring support (Ben Noordhuis)
* linux: add some more iouring backed fs ops (Santiago Gimeno)
* build: add autoconf option for disable-maintainer-mode (Jameson Nash)
* fs: use WTF-8 on Windows (Stefan Karpinski)
* unix,win: replace QUEUE with struct uv__queue (Ben Noordhuis)
* linux: fs_read to use io_uring if iovcnt > IOV_MAX (Santiago Gimeno)
* ios: fix uv_getrusage() ru_maxrss calculation (Ben Noordhuis)
* include: update outdated code comment (Ben Noordhuis)
* linux: support abstract unix sockets (Ben Noordhuis)
* unix,win: add UV_PIPE_NO_TRUNCATE flag (Ben Noordhuis)
* unix: add loongarch support (liuxiang88)
* doc: add DPS8M to LINKS.md (Jeffrey H. Johnson)
* include: add EUNATCH errno mapping (Abdirahim Musse)
* src: don't run timers if loop is stopped/unref'd (Trevor Norris)
* win: fix -Wpointer-to-int-cast warning (Ben Noordhuis)
* test,win: fix -Wunused-variable warning (Ben Noordhuis)
* test,win: fix -Wformat warning (Ben Noordhuis)
* linux: work around io_uring IORING_OP_CLOSE bug (Ben Noordhuis)
* win: remove unused functions (Ben Noordhuis)
* bench: add bench to check uv_loop_alive (Trevor Norris)
* test: add uv_cancel test for threadpool (Trevor Norris)
* unix: skip prohibited syscalls on tvOS and watchOS (小明)
* unix,fs: make no_pwritev access thread-safe (Santiago Gimeno)
* unix: fix build for lower versions of Android (小明)
1.45.0
* win: remove stdint-msvc2008.h (Ben Noordhuis)
* android: remove pthread-fixes.c (Ben Noordhuis)
* build: enable MSVC_RUNTIME_LIBRARY setting (自发对称破缺)
* unix: switch to c11 atomics (Ben Noordhuis)
* unix: don't accept() connections in a loop (Ben Noordhuis)
* win: fix off-by-1 buffer overrun in uv_exepath() (Ben Noordhuis)
* build: switch ci from macos-10.15 to macos-11 (Ben Noordhuis)
* win: fix thread race in uv_cwd() and uv_chdir() (Ben Noordhuis)
* unix,win: remove UV_HANDLE_SHUTTING flag (Santiago Gimeno)
* win: support Windows 11 in uv_os_uname() (Luan Devecchi)
* unix: fix uv_getrusage() ru_maxrss reporting (Ben Noordhuis)
* doc: add note about offset -1 in uv_fs_read/write (Steven Schveighoffer)
* test: fix musl libc.a dlerror() test expectation (Ben Noordhuis)
* kqueue: DRY file descriptor deletion logic (Ben Noordhuis)
* linux: teach uv_get_constrained_memory() cgroupsv2 (Ben Noordhuis)
* build: upgrade qemu-user-static package (Ben Noordhuis)
* linux: move epoll.c back into linux-core.c (Ben Noordhuis)
* unix: remove pre-macos 10.8 compatibility hack (Ben Noordhuis)
* unix,win: fix memory leak in uv_fs_scandir() (Ben Noordhuis)
* build: restore qemu download logic (Ben Noordhuis)
* win: fix uv__pipe_accept memory leak (number201724)
* doc: update LINKS.md (Daniel)
* unix: simplify atomic op in uv_tty_reset_mode() (Ben Noordhuis)
* build: add LIBUV_BUILD_SHARED cmake option (Christian Clason)
* linux: remove unused or obsolete syscall wrappers (Ben Noordhuis)
* linux: merge files back into single file (Ben Noordhuis)
* stream: process more than one write req per loop tick (ywave620)
* unix,win: give thread pool threads an 8 MB stack (Ben Noordhuis)
* build: add MemorySanitizer (MSAN) support (Ben Noordhuis)
* doc: add uv_poll_cb status==UV_EBADF note (jensbjorgensen)
* build: support AddressSanitizer on MSVC (Jameson Nash)
* win,pipe: improve method of obtaining pid for ipc (number201724)
* thread: add support for affinity (daomingq)
* include: map ENODATA error code (Ben Noordhuis)
* build: remove bashism from autogen.sh (Santiago Gimeno)
* win,tcp,udp: remove "active streams" optimization (Saúl Ibarra Corretgé)
* win: drop code checking for Windows XP / Server 2k3 (Saúl Ibarra Corretgé)
* unix,win: fix 'sprintf' is deprecated warning (twosee)
* doc: mention close_cb can be NULL (Qix)
* win: optimize udp receive performance (ywave620)
* win: fix an incompatible types warning (twosee)
* doc: document 0 return value for free/total memory (Ben Noordhuis)
* darwin: use hw.cpufrequency again for frequency info (Jameson Nash)
* win,test: change format of TEST_PIPENAME's (Santiago Gimeno)
* win,pipe: fixes in uv_pipe_connect() (Santiago Gimeno)
* misc: fix return value of memory functions (theanarkh)
* src: add new metrics APIs (Trevor Norris)
* thread: add uv_thread_getcpu() (daomingq)
* build: don't use ifaddrs.h on solaris 10 (Edward Humes)
* unix,win: add uv_get_available_memory() (Tim Besard)
* test: fix -Wunused-but-set-variable warnings (Ben Noordhuis)
* doc: bump min supported linux and freebsd versions (Ben Noordhuis)
* Add Socket Runtime to the LINKS.md (Sergey Rubanov)
* unix: drop kfreebsd support (Ben Noordhuis)
* win: fix fstat for pipes and character files (Stefan Stojanovic)
* win: fix -Wunused-variable warning (Ben Noordhuis)
* win: fix -Wunused-function warning (Ben Noordhuis)
* build: drop qemu-alpha from ci matrix (Ben Noordhuis)
* win: move child_stdio_buffer out of uv_process_t (Santiago Gimeno)
* test: fix some unreachable code warnings (Santiago Gimeno)
* linux: simplify uv_uptime() (Ben Noordhuis)
* test: unflake fs_event_watch_dir test (Ben Noordhuis)
* darwin: remove unused fsevents symbol lookups (Ben Noordhuis)
* build: add define guard around UV_EXTERN (Zvicii)
* build: add UndefinedBehaviorSanitizer support (Ben Noordhuis)
* build: enable platform_output test on qemu (Ben Noordhuis)
* linux: handle cpu hotplugging in uv_cpu_info() (Ben Noordhuis)
* build: remove unnecessary policy setting (dundargoc)
* docs: add vcpkg instruction step (Jack·Boos·Yu)
* win,fs: fix readlink errno for a non-symlink file (Darshan Sen)
* misc: extend getpw to take uid as an argument (Jameson Nash)
* unix,win: use static_assert when available (Ben Noordhuis)
* docs: delete code Makefile (Jameson Nash)
* docs: add CI for docs PRs (Jameson Nash)
* docs: update Sphinx version on RTD (Jameson Nash)
* doc: clean up license file (Ben Noordhuis)
* test: fix some warnings when compiling tests (panran)
* build,win: add mingw-w64 CI configuration (Jameson Nash)
* build: add CI for distcheck (Jameson Nash)
* unix: remove busy loop from uv_async_send (Jameson Nash)
* doc: document uv_fs_cb type (Tamás Bálint Misius)
* build: Improve build by cmake for Cygwin (erw7)
* build: add libuv:: namespace to libuvConfig.cmake (AJ Heller)
* test: fix ThreadSanitizer thread leak warning (Ben Noordhuis)
* test: fix ThreadSanitizer data race warning (Ben Noordhuis)
* test: fix ThreadSanitizer data race warning (Ben Noordhuis)
* test: fix ThreadSanitizer data race warning (Ben Noordhuis)
* test: cond-skip fork_threadpool_queue_work_simple (Ben Noordhuis)
* test: cond-skip signal_multiple_loops (Ben Noordhuis)
* test: cond-skip tcp_writealot (Ben Noordhuis)
* build: promote tsan ci to must-pass (Ben Noordhuis)
* build: add CI for OpenBSD and FreeBSD (James McCoy)
* build,test: fix distcheck errors (Jameson Nash)
* test: remove bad tty window size assumption (Ben Noordhuis)
* darwin,process: feed kevent the signal to reap children (Jameson Nash)
* unix: abort on clock_gettime() error (Ben Noordhuis)
* test: remove timing-sensitive check (Ben Noordhuis)
* unix: DRY and fix tcp bind error path (Jameson Nash)
* macos: fix fsevents thread race conditions (Ben Noordhuis)
* win: fix leak in uv_chdir (Trevor Norris)
* test: make valgrind happy (Trevor Norris)
* barrier: wait for prior out before next in (Jameson Nash)
* test: fix visual studio 2015 build error (Ben Noordhuis)
* linux: fix ceph copy error truncating readonly files (Bruno Passeri)
* test: silence more valgrind warnings (Trevor Norris)
* doc: add entries to LINKS.md (Trevor Norris)
* win,unix: change execution order of timers (Trevor Norris)
* doc: add trevnorris to maintainers (Trevor Norris)
* linux: remove epoll_pwait() emulation code path (Ben Noordhuis)
* linux: replace unsafe macro with inline function (Ben Noordhuis)
* linux: remove arm oabi support (Ben Noordhuis)
* unix,sunos: SO_REUSEPORT not valid on all sockets (Stacey Marshall)
* doc: consistent single backquote in misc.rst (Jason Zhang)
* src: switch to use C11 atomics where available (Trevor Norris)
* test: don't use static buffer for formatting (Ben Noordhuis)
* linux: introduce io_uring support (Ben Noordhuis)
* linux: fix academic valgrind warning (Ben Noordhuis)
* test: disable signal test under ASan and MSan (Ben Noordhuis)
* linux: add IORING_OP_OPENAT support (Ben Noordhuis)
* linux: add IORING_OP_CLOSE support (Ben Noordhuis)
* linux: remove bug workaround for obsolete kernels (Ben Noordhuis)
* doc: update active maintainers list (Ben Noordhuis)
* test: add ASSERT_OK (Trevor Norris)
* src: fix events/events_waiting metrics counter (Trevor Norris)
* unix,win: add uv_clock_gettime() (Ben Noordhuis)
* build: remove freebsd and openbsd buildbots (Ben Noordhuis)
* win: fix race condition in uv__init_console() (sivadeilra)
* linux: fix logic bug in sqe ring space check (Ben Noordhuis)
* linux: use io_uring to batch epoll_ctl calls (Ben Noordhuis)
* macos: update minimum supported version (Santiago Gimeno)
* docs: fix some typos (cui fliter)
* unix: use memcpy() instead of type punning (Ben Noordhuis)
* test: add additional assert (Mohammed Keyvanzadeh)
* build: export compile_commands.json (Lewis Russell)
* win,process: write minidumps when sending SIGQUIT (Elliot Saba)
* unix: constrained_memory should return UINT64_MAX (Tim Besard)
* unix: handle CQ overflow in iou ring (Santiago Gimeno)
* unix: remove clang compiler warning pragmas (Ben Noordhuis)
* win: fix mingw build (gengjiawen)
* test: fix -Wbool-compare compiler warning (Ben Noordhuis)
* win: define MiniDumpWithAvxXStateContext always (Santiago Gimeno)
* freebsd: hard-code UV_ENODATA definition (Santiago Gimeno)
* linux: work around EOWNERDEAD io_uring kernel bug (Ben Noordhuis)
* linux: fix WRITEV with lots of bufs using io_uring (Santiago Gimeno)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
5814de8054 |
libusb: Update to version 1.0.27
- Update from version 1.0.26 to 1.0.27
- Update of rootfile
- Changelog
1.0.27
* New libusb_init_context API to replace libusb_init
* New libusb_get_max_alt_packet_size API
* New libusb_get_platform_descriptor API (BOS)
* Allow setting log callback with libusb_set_option/libusb_init_context
* New WebAssembly + WebUSB backend using Emscripten
* Fix regression in libusb_set_interface_alt_setting
* Fix sync transfer completion race and use-after-free
* Fix hotplug exit ordering
* Linux: NO_DEVICE_DISCOVERY option set per context
* macOS: Fix missing device list cleanup locking
* macOS: Do not clear device data toggle for newer OS versions
* macOS: Fix running binaries on older OS than build host
* Windows: Allow claiming multiple associated interfaces
* Windows: Ignore non-configured devices instead of waiting
* Windows: Improved root hub detection
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
db9698c9cc |
libsodium: Update to version 1.0.20
- Update from version 1.0.19 to 1.0.20
- Update of rootfile
- Changelog
1.0.20
This point release includes all the changes from 1.0.19-stable,
mainly addressing compilation issues and improvements to the .NET
packages.
* Version 1.0.19-stable
- Building with `zig build` now requires Zig 0.12.
- When using the traditional build system, -O3 is used instead of -Ofast.
- Improved detection of the compiler flags required on aarch64.
- Improved compatibility with custom build systems on aarch64.
- apple-xcframework: VisionOS packages are not built if Xcode doesn't
include that SDK.
- `crypto_kdf_hkdf_sha512_statebytes()` was added.
- When using Visual Studio, runtime CPU feature detection is now enabled
on Windows/aarch64.
- There were issues with C++ guards affecting usage of libsodium
using Swift on Windows. This has been fixed.
- Emscripten: `crypto_aead_aegis*()` functions are now exported in
JavaScript builds
- Emscripten: unsupported `--memory-init-file` option has been removed.
- apple-xcframework: the minimal deployment target can be set to iOS 11+.
- .NET packages now include precompiled libraries for Windows/arm64,
iOS, TvOS and Catalyst.
- .NET precompiled libraries now work on any CPUs, using only runtime
feature detection.
- SYSV assembly should not be used when targeting Windows (reported by
@meiyese, thanks!)
- Compatibility issues with LLVM 18 and AVX512 have been addressed.
- GitHub attestation build provenance are now added to NuGet packages.
- JavaScript tests can now use Bun as an alternative to Node.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
41eeba3f9f |
libtirpc: Update to version 1.3.5
- Update from version 1.3.3 to 1.3.5 - Update of rootfile not required - Changelog is just the commits applied to each version. http://git.linux-nfs.org/?p=steved/libtirpc.git;a=shortlog;h=refs/heads/master Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
5bc1ac8143 |
libtiff: Update to version 4.6.0
- Update from version 4.5.1 to 4.6.0
- Update of rootfile
- Included options to disable static library and docs.
- The removed functionality mentioned in the changelog below was already mentioned in
earlier version updates. As far as I could tell none of the functionality that has
been removed is used in IPFire.
- Changelog
4.6.0
Major changes warning
This version removes a big number of utilities that have suffered from lack of
maintenance over the years and were the source of various reported security
issues. See "Removed functionality" below for the list of removed utilities.
Starting with libtiff v4.6.0, the source code for most TIFF tools
(except tiffinfo, tiffdump, tiffcp and tiffset) was discontinued, due to the
lack of contributors able to address reported security issues. tiff2ps and
tiff2pdf source code has been moved in a unsupported category, no longer built
by default, but are still part of the the source distribution. Other retired
utilities are in a archive/ directory, only available in the libtiff git
repository. Issues related to unsupported and archived tools will no longer be
accepted in the libtiff bug tracker.
Software configuration changes
TiffConfig.cmake.in: set TIFF_INCLUDE_DIR, TIFF_INCLUDE_DIRS and
TIFF_LIBRARIES for compatibility with FindTIFF.cmake as shipped by CMake
(fixes issue #589)
Update CMake and autoconf scripts to consistently update LibTIFF version
defines and references in various files when version definition in
configure.ac has been changed.
Move in tiffvers.h from libtiff source directory to libtiff build
directory.
Remove unused version information from tif_config.h
With every CMake build the version defines (e.g. 4.5.1) within tiffvers.h
are consistently updated from configure.ac. The version release-date is
taken from file RELEASE-DATE.
The files VERSION and RELEASE-DATE are only updated with a special CMake
target build: cmake --build . --target tiff_release.
For autotools, version information is updated from configure.ac with
./autogen.sh. LIBTIFF_RELEASE_DATE is taken form file RELEASE-DATE.
./configure generates tiffvers.h with the cached version information and
LIBTIFF_RELEASE_DATE.
"make release" updates tiffvers.h and VERSION file with cached version
info and RELEASE-DATE file and tiffves.h with the current date.
CMake: fix build with -Dstrip-chopping=off (fixes issue #600)
Library changes
New/improved functionalities:
Fix using __attribute__ libtiff with clang-for-windows
Bug fixes:
WebP decoder: validate WebP blob width, height, band count against TIFF
parameters to avoid use of uninitialized variable, or decoding corrupted
content without explicit error (fixes issue #581, issue #582).
WebP codec: turn exact mode when creating lossless files to avoid altering
R,G,B values in areas where alpha=0
(https://github.com/OSGeo/gdal/issues/8038)
Fix TransferFunction writing of only two transfer functions.
TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs, it
should be harmless in practice though
(https://gitlab.com/libtiff/libtiff/-/merge_requests/512)
Documentation
TiffField functions documentation updated with return behaviour for not
defined tags and determination of write-/read-count size.
Tools changes
Removed functionality:
The following tools are no longer compiled and have been moved to
archive/tools:
fax2ps
fax2tiff
pal2rgb
ppm2tiff
raw2tiff
rgb2ycbcr
thumbnail
tiff2bw
tiff2rgba
tiffcmp
tiffcrop
tiffdither
tiffgt
tiffmedian
The following tools are no longer compiled by default: tiff2ps and tiff2pdf.
They have been moved to tools/unsupported. They can be built by setting
--enable-tools-unsupported for autoconf, or -Dtiff-tools-unsupported for
CMake, but as the name imply, they are no longer supported by upstream.
Packagers are suggested not to enable those options.
tiffcp: remove -i option (ignore errors), because almost all fuzzer issues
were consequential errors from ignored errors because of the "-i" option.
Bug fixes:
tiffset: fix #597: warning: comparison of integer expressions of different
signedness. (fixes issue #597)
tiffcp: fix memory corruption (overflow) on hostile images (fixes issue #591)
Test changes
Add missing test_write_read_tags.c and test_transferfunction_write_read.c in
tarball (fixes issue #585) and correct "long" issue.
Don't use "long" because can be int32_t or int64_t, depending on compiler
and system.
Changes to contributed and unsupported tools
raw2tiff: fix integer overflow and bypass of the check (fixes issue #592)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
5d00ef14b0 |
libqmi: Update to version 1.34.0
- Update from version 1.30.8 to 1.34.0
- Update of rootfile
- Autotools build has been removed in 1.32.0 and changed to meson. In previous autotools
version other protocol options were auto checked and if dependencies were not present
then the options were not built. In meson those are defined by default as being
required and if dependencies are not present then the build fails. So those other
options have to be explicitly made false for meson.
- Library is only built in shared form.
- man pages have been disabled.
- Changelog
1.34.0
* Build:
** Flag types are now generated in their own 'qmi-flag-types.[c|h]' files.
** A new 'enable_fuzzer' option is available to build LLVM LibFuzzer
based unit testers.
* New services:
** New 'ATR' service to support AT commands over QMI, defined by Telit,
including "Send" request and "Received" indication.
** New 'IMS' service, including "Get IMS Services Enabled Setting"
request/response.
** New 'IMSA' (IMS Application) service, including "Get IMS Registration
Status" and "Get IMS Services Status" request/responses.
** New 'IMSP' (IMS Presence) service, including "Get Enabler State"
request/response.
** New 'SSC' service (Qualcomm Snapdragon Sensor Core), including the
"Control" request/response, and "Report Small"/"Report Large"
indications.
* New TLVs supported in existing messages:
** nas: added the "WCDMA RSCP" TLV in "Get Signal Info" response and "Signal
Info" indication.
** wds: added the "Report Profile Changes" TLV in "Indication Register".
* libqmi-glib:
** Support for 16-bit service ids added, used in the QRTR backend.
** Response and indication parser messages are now published in the API.
** The library now allows connecting to a unix domain socket named
'qmux_socket' instead of a device file.
** Extended the 'QmiWdsProfileType' enum type with EPC and ALL values.
** Extended the 'QmiUimCardApplicationPersonalizationFeature' enum type with
additional GW-related values.
** New 'QmiUimCardApplicationPersonalizationFeatureStatus' enum type.
** New 'QmiImspEnablerState' enum type, used in the IMPS service.
** New 'QmiImsaImsRegistrationStatus', 'QmiImsaServiceStatus' and
'QmiImsaRegistrationTechnology' enum types, used in the IMSA service.
** Updated the QRTR endpoint to ensure error responses are returned early
when the builtin CTL operations fail.
** Deprecated QMI_UIM_CARD_APPLICATION_PERSONALIZATION_FEATURE_UNKNOWN, and
provided compat symbols.
** Updated the enum type of the "Personalization Feature" field in the
Element struct type used in the Applications array in the "UIM Card
Status" response and indication messages, and provided appropriate compat
symbols.
** Flagged PIN/PUK value fields as personal info.
** Fixed missing 'since' tags in struct and common types.
* qmicli:
** New '--uim-remote-unlock' command.
** New '--imsp-get-enabler-state' command.
** New '--imsa-get-ims-registration-status' and
'--imsa-get-ims-services-status' commands.
** New '--ims-get-ims-services-enabled-setting' command.
** New '--atr-send', '--atr-send-only' and '--atr-monitor' commands.
* collections:
** basic: added NAS cell location retrieval commands.
** basic: added WDS profile event change commands.
* Several other minor improvements and fixes.
* All fixes and improvements that were backported to 1.32.x releases are also
present in libqmi 1.34.0.
1.32.0
* There is no longer an upstream-provided source tarball, please use the signed
git tag '1.32.0' instead to refer to the sources of this release.
* The verbose message logging will now by default hide all fields that are
considered personal information. Extended message logging including all
field contents should be explicitly requested.
* Build:
** The GNU autotools (autoconf/automake/libtool) support has been fully
removed, this release requires the use of the meson build system.
** The 'instrospection' meson option is now a boolean.
** New boolean 'man' meson option to allow disabling the man page generation.
* New services:
** New 'FOX' service for operations defined by Foxconn, including "Get
Firmware Version" for now.
* New request/response/indications:
** pdc: implement "Refresh" indication.
** gas: implement "DMS Get USB composition" request/response.
** gas: implement "DMS Set USB composition" request/response.
** wds: implement "Indication Register" request/response.
** wds: implement "Extended Ip Config" indication.
** dsd: implement "Get System Status" request/response.
** dsd: implement "System Status Change" request/response.
** dsd: implement "System Status" indication.
** voice: implement "Burst DTMF" request/response.
** voice: implement "Start Continuous DTMF" request/response.
** voice: implement "Stop Continuous DTMF" request/response.
** uim: implement "Remote Unlock" request/response.
** nas: implement "Config Signal Info v2" request/response.
* New TLVs supported in existing messages:
** pdc: added "Enable Refresh" TLV in "Register" request.
** nas: added "5G Signal Strength" TLV in "Signal Info" indication.
** dms: added "NR5G Band Capability" TLV in "Get Band Capabilities" response.
** nas: added "NR5G SA/NSA band preference" TLVs in "Get/Set System Selection
Preference" request/response.
** wds: added "Operator Reserved PCO" TLV in "Get Current Settings".
** wda: added "Uplink Data Aggregation Max Datagrams" TLV in "Set Data
Format" request.
** wda: added "Uplink Data Aggregation Max Size" TLV in "Set Data Format"
request.
* libqmi-glib:
** New 'QmiFoxFirmwareVersionType' enum type.
** New 'QmiPdcRefreshEventType' enum type.
** New 'QmiGasUsbCompositionEndpointType' enum type.
** New 'QmiDsdDataSystemNetworkType' enum type.
** New 'QmiDsdRadioAccessTechnology' enum type.
** New 'QmiDsdSoMask' enum type.
** New 'QMI_DMS_RADIO_INTERFACE_TDS' value in the 'QmiDmsRadioInterface' enum
type.
** New 'QMI_WDS_GET_CURRENT_SETTINGS_REQUESTED_SETTINGS_OPERATOR_RESERVED_PCO'
value in 'QmiWdsGetCurrentSettingsRequestedSettings'.
** New 'QMI_DEVICE_ADD_LINK_FLAGS_INGRESS_MAP_CKSUMV5' and
'QMI_DEVICE_ADD_LINK_FLAGS_INGRESS_MAP_CKSUMV5' values in the
'QmiDeviceAddLinkFlags' enum type, enabling support to request QMAPv5
checksum offload for both TX and RX paths.
** Extended the 'QmiNasActiveBand' enum type with 5GNR bands.
** Implemented support to monitor the consecutive QMI request timeouts in the
QmiDevice object, with a 'QMI_DEVICE_CONSECUTIVE_TIMEOUTS' signal and a
'qmi_device_get_consecutive_timeouts()' method.
** Fixed the "GERAN Info" TLV in "NAS Get Cell Location Info" compat layer.
** Fixed leak on unexpected message error processing in QmiDevice.
** Renamed the 'QmiWdsGetCurrentSettingsRequestedSettings' flags type to
'QmiWdsRequestedSettings'.
** Updated the code generator to avoid needing intermediate struct types in
several operations, and provided appropriate compat methods:
*** pdc: removed the 'QmiConfigTypeAndId' intermediate struct.
*** loc: removed the 'QmiIndicationLoc...GpsTime intermediate' structs.
*** loc: removed the 'QmiIndicationLoc...DilutionOfPrecision' intermediate
structs.
*** dms: removed the 'QmiMessageDmsGetStoredImageInfoInputImage'
intermediate struct.
*** dms: removed the 'QmiMessageDmsDeleteStoredImageInputImage'
intermediate struct.
** Updated the code generator to avoid needing arrays of arrays in several
operations, and provided appropriate compat methods:
*** uim: avoid array of arrays in "Slot EID Information".
*** uim: avoid array of arrays in "Personalization Status Other".
** Updated the code generator to generate GIR compat helpers for arrays of
structs, so that language bindings can properly use the methods using
that kind of types. This change makes the library include a lot of new
methods suffixed with _gir() which are only expected to be used via
introspection.
** Implemented a lot of cleanups and improvements in the code generator.
* qmicli:
** New '--verbose-full' option to request enabling logs that include personal
information.
** New '--pdc-monitor-refresh' command.
** New '--gas-dms-set-usb-composition' and '--gas-dms-get-usb-composition'
commands.
** New '--wms-set-routes' command.
** New '--dsd-get-system-status' command.
** Updated the '--wda-set-data-format' command with new optional fields to
configure the uplink data aggregation max size and max datagrams.
* qmi-firmware-update:
** Implemented support for normal upgrade operations even when udev is not
available in the system (e.g. openwrt).
* collections:
** basic: added UIM remote unlock operation.
** basic: added NAS signal info v2 operation.
** basic: added SAR management operations.
** basic: added LTE attach PDN list operation.
** basic: added PCO support related operations.
** basic: added Foxconn firmware version management operation.
** basic: added DSD system status and attach/detach related operations.
** basic: added voice DTMF support operations.
* Several other minor improvements and fixes.
The following features which were backported to 1.30.x releases are also present
in libqmi 1.32.0:
** libqmi-glib: use unaligned netlink attribute length.
** qmi-proxy: remove assert when attempting to close ghost device.
** qmi-firmware-update: use defaults if FLASH variables not reported,
enabling support to flash the Sierra Wireless EM91xx modules in USB mode.
** voice: implement "Get All Call Info" request/response.
** dms: implement "Foxconn Set FCC Authentication v2" request/response.
** qmicli: new '--dms-foxconn-set-fcc-authentication-v2' command.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
cd1b059731 |
libnl-3: Update to version 3.10.0
- Update from 3.9.0 to 3.10.0 - Update of rootfile not required\ - Changelog was discontinued quite a while back. Info on changes comes only from the git commits - https://github.com/thom311/libnl/commits/main/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
99b2ac48af |
libcap: Update to version 2.70
- Update from version 2.69 to 2.70 - Update of rootfile - sobump means following core packages need to be shipped arping cdrkit iproute2 iputils ntp squid udev and the following addons will be shipped with the pak_ver increments in the other patches that are part ofg this set avahi bacula cifs-utils dnsdist freeradius frr htop nfs rng-tools samba tor tshark vdr wavemon - Changelog 2.70 setcap changes to make it harder to set invalid file capabilities (Bug 217592\ reported by parke.nexus) Lots of documentation fixes (contributions from Jakub Wilk and Carlos Rodriguez-Fernandez) Fix c89 compilation syntax for the C code in the libraries. libpam has deprecated providing the _pam_overwrite() function, so use memset() instead Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
3192cd3036 |
libnet: Update to version 1.3
- Update from version 1.1.6 to 1.3
- Update of rootfile
- sobump gives suricata and arping as dependencies so those packages also need to be
shipped.
- Changelog
1.3
### Changes
- License change of critical files from 4-clause BSD to 3-clause and
2-clause BSD. This fixes issue #85: "GPL license compatibility".
- Migrate from Travis-CI (Linux) and Appveyor (Win32) to GitHub Actions
- Win32 changes:
- switch to npcap from winpcap
- Simplify and update build scripts
- Encode version in DLL instead of in filename
- Add support for LLDP, mandatory TLVs.
- Add support for Cisco UniDirectional Link Detection (UDLD), RFC5171
- Initial support for unit tests:
- `libnet-build_ethernet()`
- Complete UDLD API tests
- Initial "devcontainer": provide VS Code development environment for
rapid setup of a development environment
- Run unit tests in GitHub Actions
- New GitHub Action for FreeBSD 13 clang/gcc
- Calling `libnet_init()` with a RAW type no longer sets a TX buffer max
size. Use the new `libnet_setfd_max_sndbuf()` instead when needed.
- Remove support for `SOCK_PACKET` sockets causing invalid builds on,
e.g., musl libc. We assume everyone on Linux has `PF_PACKET` now.
### Fixes
- Fix #139: fail-to-build-from-source on FreeBSD
- Fix #122: unused parameter warnings
- Fix #123: potential memory leak in `libnet_cq_add()`
- Fix #124: potential name conflict with C++ keyword `new`
- Fix #96: pointer type warnings when dumping raw data with `%p`
- Fix #97: non-standard types:
- `int64_t` instead of `__int64_t` for mingw cross build
- `uint32_t` instead of `u_int` and `uint16_t` instead of `u_short`
- Fix #98: lots of signed vs unsigned comparisons
- Fix #102: possible buffer overflows in `libnet_plist_chain_dump_string()`
- Reproducible build fixes for man-page generation, use LC_ALL=C and UTC
- Simplify `fixmanpages`
- Fix #120: possible NULL pointer dereference in `libnet_cq_add()`
- Fix #120: memory leak in `libnet_plist_chain_new()`
- Fix segmentation fault in `libnet_ifaddrlist()`
- Fix #150: segfault when number of IPs > 512
1.2
### Changes
- Removed Lua bindings from repo and dist files, now available separately
- Removed generated HTML and Nroff (man pages) documentation files, must
be regenerated with Doxygen using `make doc`
- Add `pkg-config` support with `libnet.pc`, replaces `libnet-config`
tool, although it is kept for compatibility for now
- Factorize socket setup code for socket opening to provide output
device selection for IPv4
- Make `libnet_get_hwaddr()` work with 802.1q interfaces in bpf (BSD)
- New API for OSPF HELLO messages, with neighbor
### Fixes
- Use `getifaddrs()` on OpnBSD and Linux
- For samples, `netinet/in.h` is not on windows
- Fix errors with missing `IPPROTO_MH` on windows
- Fix build error on Mac OS X
- Fix #34 checksum caculation when IPv6 extension headers being used
- Remove unneeded trailing `-Wl` from `-version-info` line
- `libnet_build_snmp()` fix warning
- Use `LIBNET_*RESOLVE` const in `libnet_name2addr*`
- Fix i486 sample synflood6 warning
- Some samples need `#include<netinet/in.h>` for `IPPROTO_*` on OpenBSD 5.2
- Fix gcc warnings
- Check for `socklen_t`. Suggested by g.esp and Stefanos Harhalakis
- libnet: update for obsolete INCLUDE directive
- Fix warning inside comment
- Automatic link options `#pragma comment(lib, ...)` are only for MSVC
- Fix several warnings for MS C/C++ compiler
- `libnet_open_raw4()` doesn't return a SOCKET on win32
- Fixes error messages sometimes include newline, sometimes not
- Properly set `l->err_buf` if `libnet_ifaddrlist()` fails
- dlpi: Try harder to find the device for the interface
- dlpi: Correctly extract unit number from devices with numbers in their
name
- Make interface selection work for interfaces with multiple addresses
- Fix memory leak, device list needs to freed after use
- Fix file descriptor leak in `libnet_ifaddrlist()`
- Fix `libnet_get_hwaddr()` for large(!) number of interfaces
- Fix to support musl libc, removes support for GLIBC <2.1
- Fix win32 buffer overrun in `libnet_get_ipaddr4()`
- Interface selection was ignoring interfaces with IPv6
- Use `LIBNET_API` on public functions, instead of an export file
- Add Visual Studio 2010 project files, with build instructions
- Define INET6 on IRIX, making libnet compile cleanly
- Check for FreeBSD pre-11 before enabling `LIBNET_BSD_BYTE_SWAP`
- Use `LIBNET_BSDISH_OS` and `LIBNET_BSD_BYTE_SWAP` on Darwin
- Add BSD byteswap for Darwin. Otherwise `sendto(` returns `EINVAL`
- `netinet/in.h` is needed for `IPPROTO_` and `sockaddr_in`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
0382036f71 |
netatalk: Update to version 3.2.5
- Update from version 3.1.2 to 3.2.5
- Update of rootfile
- Change to meson build
- Bundled libevent was removed in 3.1.13 so configure option no longer needed.
- The latest netatalk places the prefix value onto all other directories. No way to change
this via the meson options. So sysconfdir and localstatedir would end up being under
/usr. Patch created to remove the prefix value at the beginning of sysconfdir and
localstatedir so that the locations stay the same as for the previous versions.
- The default value for pam.d is in /usr/etc/ but option available to change this.
- Large number of CVE fixes in some of the updates - 3.2.1, 3.1.18, 3.1.17, 3.1.16,
3.1.15, 3.1.13, 3.1.12,
- Changelog
3.2.5
* BREAKING: meson: Allow choosing shared or static libraries to build,
GitHub #1321
In practice, only shared libraries are built by default now.
Use the `default_library' option to control what is built.
* FIX: meson: Control the MySQL CNID backend, and support MariaDB, GitHub #1341
Introduces a new boolean `with-cnid-mysql-backend' option.
* FIX: meson: Implement with-init-dir option, GitHub #1346
* FIX: autotools/meson: Install FreeBSD init script into correct location,
GitHub #1345
* FIX: meson: Fix syntax error with libiconv path, GitHub #1279
* FIX: meson: Correct description for with-manual option, GitHub #1282
* FIX: meson: Correct prefix lookup for tracker-control, GitHub #1284
* FIX: meson: default OPEN_NOFOLLOW_ERRNO overwrites platform customization,
GitHub #1286
* FIX: meson: Don't make dtags depend on rpath, GitHub #1293
* FIX: meson: Remove duplicate dependency check for posix threads, GitHub #1297
* FIX: meson: Better output when cryptographic UAMs aren't built, GitHub #1302
* FIX: meson: Prioritize tests and run single-threaded to avoid race condition,
GitHub #1312
* FIX: meson: Better way to handle rpath executable targets, GitHub #1315
* FIX: meson: Refactor libcrypto check and print better status messages,
GitHub #1299
* FIX: meson: Look for libmariadb dependency to appease Fedora, GitHub #1348
* FIX: meson: Declare have_atfuncs globally to avoid failure later, GitHub #1357
* FIX: meson: Do a compiler sanity check before header checks, GitHub #1356
* FIX: Avoid using reserved keyword to build the tests on NetBSD, GitHub #1328
3.2.4
* UPD: autotools: Restore ABI versioning of libatalk,
and set it to 18.0.0, GitHub #1261
* UPD: meson: Define long-form soversion as 18.0.0, GitHub #1256
Previously, only `18' was defined.
* NEW: meson: Introduce pkgconfdir override option, GitHub #1241
The new option is called `with-pkgconfdir-path'
and is analogous to the `with-pkgconfdir' Autotools option.
Additionally, the hard-coded "netatalk" path suffix has been removed.
* NEW: meson: Introduce `debian' init style option
that installs both sysv and systemd, GitHub #1239
* FIX: meson: Add have_atfuncs check,
and make dtags dependent on rpath flag, GitHub #1236
* FIX: meson: Correct overwrite install logic for config files, GitHub #1253
* FIX: Fix typo in netatalk_conf.c log message
3.2.3
* UPD: Record note of permission to upgrade CNID code
to a later GPL, GitHub #1194
* UPD: Remove long-obsoleted cnid2_create script, GitHub #1203
* UPD: docker: Add option to enable ClearText and Guest UAMs, GitHub #1202
* FIX: docs: Standardize reference entry naming
for netatalk-config man page, GitHub #1208
* FIX: meson: Generate afppasswd manual html page, GitHub #1210
* UPD: meson: Remove obsolete 64 bit library check, GitHub #1207
* FIX: meson: Enable rpath for binaries
only when with-rpath is enabled, GitHub #1214
* FIX: meson: Require kerberos before enabling krb5 UAM,
not just GSSAPI, GitHub #1218
* FIX: meson: Restore linking with 64-bit libdb on Solaris, GitHub #1222
* FIX: meson: Fixing linking when building with
the `with-ssl-override' option, GitHub #1227
3.2.2
* UPD: meson: Use external SSL dependency to provide cast header, GitHub #1186
This reintroduces OpenSSL/LibreSSL as a dependency for the DHX UAM,
while removing all source files with the SSLeay copyright notice.
* UPD: meson: Add option to override system WolfSSL
with embedded WolfSSL: `with-ssl-override', GitHub #1176
* UPD: Remove obsolete Red Hat Upstart and SuSE SysV init scripts, GitHub #1163
* FIX: meson: Fix errors in PAM support macro, GitHub #1178
* FIX: meson: Fix perl shebang substitution in cnid2_create script, GitHub #1183
* FIX: meson: Fix operation of D-Bus path macros, GitHub #1182
* FIX: meson: Fix errors in shadow password macro, GitHub #1192
* FIX: autotools: gcc 8.5 expects explicit library flags
for libgcrypt, GitHub #1188
* NEW: Create a security policy, GitHub #1166
3.2.1
* FIX: CVE-2024-38439,CVE-2024-38440,CVE-2024-38441: Harden user login,
GitHub #1158
* BREAKING: meson: Rework option semantics and feature macros, GitHub #1099
- Consistent syntax of the build options to make them user-friendly
- Standardises the syntax of the feature macros
- Fixes the logic of the largefile support macro
- Disables gssapi support if the Kerberos V UAM is not required
- All options are now defined either as `with-*' or `with-*-path'
- Please see the Release Notes for a full list of changed options
* UPD: meson: Enable building with system WolfSSL library, GitHub #1160
- Build system will attempt to detect
that all required headers and symbols are supported
- Falls back to the bundled WolfSSL library
* FIX: meson: Fix -Doption paths on systems
where rpath is enabled by default, GitHub #1053
* FIX: meson: Fix library search macro on OmniOS hosts, GitHub #1056
* FIX: meson: Fix rules for installing scripts, GitHub #1070
- Install afpstats only when Perl is detected
- Don't install scripts only used by netatalk developers
* FIX: meson: set setuid bit to allow user afppasswd changing, GitHub #1071
* FIX: meson: Fix logic of libiconv detection macro, GitHub #1075
* FIX: meson: Address various issues with the meson build system, GitHub #1082
- Enables quota support on all flavours of linux and BSD, plus macOS
- Adds the quota provider to the configuration summary
- Adds a user option to disable LDAP support
- Sets dependencies according to user configuration
- Improves the syntax of the ACL macro
* FIX: meson: Further refinements to meson build system, GitHub #1086
- Adds user options to disable cracklib and GSSAPI support
- Automates Berkeley DB library detection on macOS
* FIX: meson: Fix issues with quota support on linux and macOS, GitHub #1092
- Enables quota support on macOS hosts
- Restores missing configuration option for linux hosts
- Removes obsolete quota configuration data for linux and macOS hosts
* FIX: meson: Set executable flags when installing scripts, GitHub #1117
* UPD: autotools and meson: Use pkg-config to find libgcrypt, GitHub #1132
- This removes dependency on the now-obsolete libgcrypt-config
* FIX: Use portable linux macro in etc/afpd header, GitHub #1083
* UPD: Debian Trixie expects systemd scripts in /usr/lib, GitHub #1135
* UPD: Add copyright for mac_roman.h, GitHub #1137
* FIX: Cleanup of copyright headers to make them scanner friendly, GitHub #1142
* FIX: Remove unused atalk/talloc.h header, GitHub #1154
* FIX: docker: Don't bail out when password is longer than 8 chars, GitHub #1067
* UPD: docker: Bump to Alpine 3.20 base image, GitHub #1111
* FIX: docker: Rework AFP user's GROUP and GID settings, GitHub #1116
- GID now requires GROUP to be set, and applies to that group
rather than that of the user.
* UPD: docs: Indicate license for software package,
and add SSLeay notice, GitHub #1125
* FIX: docs: Rephrase tarball section of manual, GitHub #1164
3.2.0
* NEW: BREAKING: Introduce the Meson build system, GitHub #707
GNU Autotools is still supported, but will be removed
in a future release. See the newly added INSTALL file.
* NEW: BREAKING: Bundle WolfSSL for DHX/RandNum UAM encryption, GitHub #358
This is enabled by default, controlled by option "-Dwith-embedded-ssl"
Requires the Meson build system.
External OpenSSL 1.1 and LibreSSL are still supported.
* NEW: BREAKING: LDAP API bump, OpenLDAP v2.3 or later required, GitHub #762
afp.conf option "ldap server" has been replaced with "ldap uri"
and has a new syntax. See the manual for details.
* UPD: BREAKING: Remove legacy cdb and tdb CNID backends, GitHub #508
* UPD: BREAKING: Remove Andrew File System (AFS) support, GitHub #554
* UPD: BREAKING: Remove bundled talloc, GitHub #479
For Spotlight support, use the talloc library supplied by your OS,
or get the source code from the Samba project and build it yourself.
* UPD: BREAKING: Remove generated SPARQL code, GitHub #337
This introduces a compile time dependency on
a yacc parser and a lexer to build with Spotlight support.
* UPD: BREAKING: Rename macOS launchd plist to io.netatalk.*, GitHub #778
Note: Only the Meson build system will clean up the old plist.
* UPD: BREAKING: Renamed Gentoo init script to openrc, GitHub #868
OpenRC is cross platform; confirmed working on Alpine Linux.
* NEW: FreeBSD init script, borrowed from FreeBSD ports, GitHub #876
Special thanks to the author, Joe Marcus Clarke.
* NEW: OpenBSD init script, GitHub #870
* NEW: Introduce an official Dockerfile and entry script, GitHub #713
* NEW: Option to log to file with second (not us) accuracy, GitHub #580
Enable with afp.conf option: "log microseconds = no"
* NEW: Option to add delay to FCE event emission, GitHub #849
Set a ms delay with afp.conf option: "fce sendwait"
* NEW: afppasswd: Add -w option to set password from the CLI, GitHub #936
* NEW: docs: Distribute a manual appendix with the GNU GPL v2, GitHub #745
* NEW: docs: Distribute the Japanese localization of the manual, GitHub #806
* NEW: docs: Generate a manual appendix with build instructions, GitHub #791
The appendix is generated from the GitHub CI workflow yaml file.
* UPD: docs: Document libraries, init scripts in manual, GitHub #808
* UPD: docs: Remove substituted file system paths from manual, GitHub #514
* FIX: afpd: Prevent theoretical crash in FPSetACL, GitHub #364
* FIX: libatalk: Fix parsing of macOS-created AppleDouble files, GitHub #270
* FIX: libatalk: Restore invalid EA metadata cleanup, GitHub #400
* FIX: quota: Use the NetBSD 6 quota API, GitHub #1028
* FIX: quota: Workaround for rquota.h symbol name on Fedora 40, GitHub #1040
* FIX: uams: Allow linking of the PGP UAM, GitHub #548
* FIX: Shore up error handling and type safety, GitHub #952
* UPD: Rewrite the afpstats script in Perl, GitHub #893
And, improve the formatting of the standard output.
Requires the Net::DBus Perl extension.
This removes the effective dependency on a Python runtime.
* UPD: Make Perl and grep optional requirements, GitHub #886
When either is missing, do not install the optional Perl scripts.
* NEW: Build system option "disable-init-hooks", GitHub #796
Will skip init script enablement commands that require
elevated privileges on the system.
* FIX: Make cracklib macro properly detect dictionary, GitHub #940
* FIX: Build with PAM support on FreeBSD 14, GitHub #560
* FIX: Allow libevent2 linking on OpenIndiana, GitHub #512
* FIX: Control all Spotlight dependencies at compile time, GitHub #571
* UPD: Remove redundant AUTHORS file, GitHub #538
3.1.18
* FIX: CVE-2022-22995: Harden create_appledesktop_folder(), GitHub #480
* FIX: Disable dtrace support on aarch64 FreeBSD hosts, Github #498
* FIX: Correct syntax for libwrap check in tcp-wrappers.m4, GitHub #500
* FIX: Correct syntax for libiconv check in iconv.m4, GitHub #491
* FIX: quota is not supported on macOS, GitHub #492
3.1.17
* FIX: CVE-2023-42464: Validate data type in dalloc_value_for_key(), GitHub #486
* FIX: Declare a variable before using it in a loop,
which was throwing off the default compiler on RHEL7, GitHub #481
* UPD: Distribute tarballs with xz compression by default, not gzip, GitHub #478
* UPD: Add AUTHOR sections to all man pages with a reference to CONTRIBUTORS,
and standardize headers and footers, GitHub #462
3.1.16
* FIX: libatalk: Fix CVE-2022-23121, CVE-2022-23123 regression
- Added guard check before access ad_entry(), GitHub#357
- Allow zero length entry, for AppleDouble specification, GitHub#368
- Remove special handling for COMMENT entries, GitHub#236
- The assertion for invalid entires is still enabled,
so please report any future "Invalid metadata EA" errors!
* FIX: build system: Fix autoconf warnings and modernize bootstrap
and configure.ac, GitHub#331
* FIX: build system: Correct syntax in libevent search macro,
summary macro and netatalk executable makefile, GitHub#342
* FIX: build system: Fix native libiconv detection on macOS, GitHub#343
* FIX: build system: Use non-interactive PAM session when available, GitHub#361
* FIX: build system: Fix detection of Berkeley DB installed
in multiarch location, GitHub#380
* FIX: build system: Fix support for cross-compilation
with mysql_config and dtrace, GitHub#384
* FIX: build system: Support building quota against libtirpc, GitHub#385
* FIX: build system: Fix variable substitution in configure summary, GitHub#443
* UPD: build system: Remove ABI checks and the --enable-developer option, GitHub#262
* FIX: initscript: Improvements to Debian SysV init script
- Source init-functions, GitHub#386
- Add a Description and Short-Description, GitHub#428
* FIX: docs: Clarify localstate dir configurability in manual, GitHub#401
* UPD: docs: Make BerkeleyDB 5.3.x the recommended version, GitHub#8
* FIX: docs: Update SourceForge URLs to fix CSS styles and download links
* FIX: docs: Remove obsoleted bug reporting sections, GitHub#455
* FIX: Sundry typo fixes in user visible strings and docs, GitHub#381, GitHub#382
* UPD: Rename asip-status.pl as asip-status
to make naming implementation-agnostic, GitHub#379
* UPD: Remove redundant uid.c|h files in etc/afpd
* UPD: Don't build and distribute deprecated cnid2_create tool, GitHub#412
* UPD: Remove deprecated megatron code and man page, GitHub#456
* UPD: Remove deprecated uniconv code and man page, GitHub#457
* UPD: Improvements to the GitHub CI workflow
3.1.15
* FIX: CVE-2022-43634
* FIX: CVE-2022-45188
* NEW: Support for macOS hosts, Intel and Apple silicon, GitHub#281
* FIX: configure.ac: update deprecated autoconf syntax
* UPD: configure.ac: Support linking with system shared libraries
Introduces the --with-talloc option
* FIX: macros: largefile-check macro for largefile (clang 16)
* UPD: macros: Update pthread macro to the latest from gnu.org
* FIX: initscripts: Modernize Systemd service file.
* FIX: libatalk/conf: include sys/file.h for LOCK_EX
* FIX: libatalk: Change log level for realpath() error, SF bug#666
* FIX: libatalk: Change log level for real_name error, SF bug#596
* FIX: libatalk: The my_bool type is deprecated as of MySQL 8.0.1, GitHub#129
* UPD: libatalk: allow afpd to read read-protected afp.conf, SF bug#546
* UPD: libatalk: Make the "valid users" option work in the Homes section, SF bug#449
* UPD: libatalk: Check that FPDisconnectOldSession is successful, SF bug#634
* UPD: libatalk: Bring iniparser library codebase in line with current version 4.1
* FIX: afpd: Provide MNTTYPE_NFS on OmniOS to make quota work, GitHub#117
* FIX: afpd: Avoid triggering realpath() lookups with empty path, GitHub#277
* FIX: spotlight: Spotlight searches can cause afpd to segfault, GitHub#56
* UPD: spotlight: add support for tracker3, SF patch#147
* FIX: macusers: Fix output for long usernames
* FIX: macusers: account for usernames with non-word characters
* FIX: macusers: Support NetBSD
* FIX: Fix all function declarations without a prototype
* FIX: Fix C99 compliance issues
* FIX: Fix gcc10 compiler warnings
* UPD: Remove acsiidocs sources and release notes script
* FIX: manpages: afp.conf: Parameters are not quoted, SF bug#617
* FIX: manpages: afp.conf: Document $u in home name, GitHub#123
* FIX: manpages: afp.conf: Document the usage of guest user, GitHub#298
* FIX: Document how the mysql cnid backend is configured, GitHub#69
* FIX: Fix user-visible typos in log output and man pages.
* FIX: Fix spelling, syntax, and dead URLs in html manual.
* NEW: Create README.md
* NEW: Set up GitHub workflow and static analysis with Sonarcloud
3.1.14
* FIX: fix build with libressl >= 2.7.0, GitHub#105
* NEW: Added Ignore Directories Feature
* UPD: Generate Unicode source code based on Unicode 14.0, GitHub#114
* FIX: Protect against removing AFP metadata xattr
* FIX: avoid setting adouble entries on symlinks
* FIX: add handling for cases where ad_entry() returns NULL, GitHub#175
* FIX: Fix setting of LD_LIBRARY_FLAGS ($shlibpath_var).
* FIX: afpstats: Fedora migrating away from IO::Socket::INET6, GitHub#130
* FIX: afpd: check return values from setXXid() functions, GitHub#115
* FIX: afpd: drop groups in become_user_permanently(), GitHub#126
* FIX: Fix use after free in get_tm_used()
* FIX: Fix sign extension problem in bsd_attr_list()
* FIX: Fix garbage read in bsd_attr_list
* FIX: make afpstats python 3 compatible
* UPD: docs: manual: Remove wrong TCP-over-TCP info; minor copy editing
* FIX: configure.ac: fix macro ordering for CentOS 6
* FIX: configure.ac: fix typo
* FIX: configure.ac: remove some trailing whitespace
* FIX: configure.ac: fix deprecated macro invocation
* FIX: configure.ac: replace obsolete macro
* FIX: libatalk/dsi/Makefile.am: fix deprecation warning
* FIX: Store AutoMake helper script in build-aux/
* FIX: configure.ac: define a dir for macros
* FIX: configure.ac: AM_CONFIG_HEADER is deprecated
* FIX: autotools: Fix another deprecation warning
* FIX: libgcrypt typo in configuration error message
* UPD: Various CI improvements
* FIX: libatalk/conf: re-generation of afp_voluuid.conf
* UPD: libatalk/conf: code cleanup and add locking to get_vol_uuid()
* UPD: add documentation for the lv_flags_t
* FIX: No need to check for attropen on Solaris, GitHub#44
3.1.13
* FIX: CVE-2021-31439
* FIX: CVE-2022-23121
* FIX: CVE-2022-23123
* FIX: CVE-2022-23122
* FIX: CVE-2022-23125
* FIX: CVE-2022-23124
* FIX: CVE-2022-0194
* FIX: afpd: make a variable declaration a definition
* UPD: Remove bundled libevent
3.1.12
* FIX: dhx uams: build with LibreSSL, GitHub#91
* FIX: various spelling errors
* FIX: CVE-2018-1160
3.1.11
* NEW: Global option "zeroconf name", FR#99
* NEW: show Zeroconf support by "netatalk -V", FR#100
* UPD: gentoo: Switch openrc init script to openrc-run, GitHub#77
* FIX: log message: name of function doese not match, GitHub#78
* UPD: volume capacity reporting to match Samba behavior, GitHub#83
* FIX: debian: sysv init status command exits with proper exit code, GitHub#84
* FIX: dsi_stream_read: len:0, unexpected EOF, GitHub#82
* UPD: dhx uams: OpenSSL 1.1 support, GitHub#87
3.1.10
* FIX: cannot build when ldap is not defined, bug #630
* FIX: SIGHUP can cause core dump when mdns is enabled, bug #72
* FIX: Solaris: stale pid file puts netatalk into maintenance mode, bug #73
* FIX: dsi_stream_read: len:0, unexpected EOF, bug #633
3.1.9
* FIX: afpd: fix "admin group" option
* NEW: afpd: new options "force user" and "force group"
* FIX: listening on IPv6 wildcard address may fail if IPv6 is
disabled, bug #606
* NEW: LibreSSL support, FR #98
* FIX: cannot build when acl is not defined, bug #574
* UPD: configure option "--with-init-style=" for Gentoo.
"gentoo" is renamed to "gentoo-openrc".
"gentoo-openrc" is same as "openrc".
"gentoo-systemd" is same as "systemd".
* NEW: configure option "--with-dbus-daemon=PATH" for Spotlight feature
* UPD: use "tracker daemon" command instead of "tracker-control" command
if Gnome Tracker is the recent version.
* NEW: configure options "--enable-rpath" and "--disable-rpath" which
can be used to force setting of RPATH (default on Solaris/NetBSD)
or disable it.
* NEW: configure option "--with-tracker-install-prefix" allows setting
an alternate install prefix for tracker when cross-compiling.
* UPD: asip-status.pl: IPv6 support
* UPD: asip-status.pl: show GSS-UAM SPNEGO blob
* FIX: afpd: don't use network IDs without LDAP, bug #621
* FIX: afpd: reading from file may fail, bug #619
* NEW: AFP clients should not be able to copy or manipulate special
extended attributes set by NFS and SMB servers on Solaris, issue #36
* FIX: ad: ad cp may crash, bug #622
* UPD: Update Unicode support to version 9.0.0
3.1.8
* FIX: CNID/MySQL: Quote UUID table names.
https://sourceforge.net/p/netatalk/bugs/585/
* FIX: Crash in cnid_metad, bug #593
* UPD: Update Unicode support to version 8.0.0
* FIX: larger server side copyfile buffer for improved IO performance,
bug #599
* NEW: afpd: new option "ea = samba". Use Samba vfs_streams_xattr
compatible xattrs which means adding a 0 byte at the end of
xattrs.
* FIX: remove #541 workaround patch. There was this problem with only early
Fedora 20.
* FIX: rpmbuild fails on Fedora x86_64, bug #598
* FIX: Listen on IPv6 wildcard address by default, bug #602
* FIX: FCE protocol version 1 packets, bug #603
* UPD: Update list of BerkeleyDB versions searched at configure time
3.1.7
* UPD: Spotlight: enhance behaviour for long running queries, client
will now show "progress wheel" while waiting for first results.
* FIX: netatalk: fix a crash on Solaris when registering with mDNS
* FIX: netatalk: SIGHUP would kill the process instead of being resent
to the other Netatalk processes, bug #579
* FIX: afpd: Solaris locking problem, bug #559
* FIX: Handling of malformed UTF8 strings, bug #524
* FIX: afpd: umask handling, bug #576
* FIX: Spotlight: Limiting searches to subfolders, bug #581
* FIX: afpd: reloading logging config may result in privilege
escalation in afpd processes
* FIX: afpd: ACL related error messages, now logged with loglevel
debug instead of error
* FIX: cnid_metad: fix tsockfd_create() return value on error
* FIX: CNID/MySQL: volume table name generation, bug #566.
3.1.6
* FIX: Spotlight: fix for long running queries
* UPD: afpd: distribute SIGHUP from parent afpd to children and force
reload shares
* FIX: netatalk: refresh Zeroconf registration when receiving SIGHUP
* NEW: configure option "--with-init-style=debian-systemd" for Debian 8 jessie
and later.
"--with-init-style=debian" is renamed "--with-init-style=debian-sysv".
3.1.5
* FIX: Spotlight: several important fixes
3.1.4
* FIX: afpd: Hangs in Netatalk which causes it to stop responding to
connections, bug #572.
* NEW: afpd: new option "force xattr with sticky bit = yes|no"
(default: no), FR #94
* UPD: afpd: FCE version 2 with new event types and new config options
"fce ignore names" and "fce notify script"
* UPD: afpd: check for modified included config file, FR #95.
* UPD: libatalk: logger: remove flood protection and allocate messages
* UPD: Spotlight: use async Tracker SPARQL API
* NEW: afpd: new option "case sensitive = yes|no" (default: yes)
In spite of being case sensitive as a matter of fact, netatalk
3.1.3 and earlier did not notify kCaseSensitive flag to the client.
Now, it is notified correctly by default, FR #62.
3.1.3
* UPD: Spotlight: more SPARQL query optimisations
* UPD: Spotlight: new options "sparql results limit", "spotlight
attributes" and "spotlight expr"
* FIX: afpd: Unarchiving certain ZIP archives fails, bug #569
* UPD: Update Unicode support to version 7.0.0
* FIX: Memory overflow caused by 'basedir regex', bug #567
* NEW: afpd: delete empty resource forks, from FR #92
* FIX: afpd: fix a crash when accessing ._ AppleDouble files created
by OS X via SMB, bug #564
* FIX: afpd and dbd: Converting from AppleDouble v2 to ea may corrupt
the resource fork. In some circumstances an offset calculation
is wrong resulting in corrupt resource forks after the
conversion. Bug #568.
* FIX: ad: fix for bug #563 broke ad file utilities, bug #570.
* NEW: afpd: new advanced option controlling permissions and ACLs,
from FR #93
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
05971bd7d0 |
libgcrypt: Update to version 1.11.0
- Update from version 1.10.3 to 1.11.0
- Update of rootfile
- Update of libgcrypt requires an update of netatalk as old version will not build with
libgcrypt-1.11.0
- Changelog
1.11.0
* New and extended interfaces:
- Add an API for Key Encapsulation Mechanism (KEM). [T6755]
- Add Streamlined NTRU Prime sntrup761 algorithm. [rCcf9923e1a5]
- Add Kyber algorithm according to FIPS 203 ipd 2023-08-24.
[rC18e5c0d268]
- Add Classic McEliece algorithm. [rC003367b912]
- Add One-Step KDF with hash and MAC. [T5964]
- Add KDF algorithm HKDF of RFC-5869. [T5964]
- Add KDF algorithm X963KDF for use in CMS. [rC3abac420b3]
- Add GMAC-SM4 and Poly1305-SM4. [rCd1ccc409d4]
- Add ARIA block cipher algorithm. [rC316c6d7715]
- Add explicit FIPS indicators for MD and MAC algorithms. [T6376]
- Add support for SHAKE as MGF in RSA. [T6557]
- Add gcry_md_read support for SHAKE algorithms. [T6539]
- Add gcry_md_hash_buffers_ext function. [T7035]
- Add cSHAKE hash algorithm. [rC065b3f4e02]
- Support internal generation of IV for AEAD cipher mode. [T4873]
* Performance:
- Add SM3 ARMv8/AArch64/CE assembly implementation. [rCfe891ff4a3]
- Add SM4 ARMv8/AArch64 assembly implementation. [rCd8825601f1]
- Add SM4 GFNI/AVX2 and GFI/AVX512 implementation.
[rC5095d60af4,rCeaed633c16]
- Add SM4 ARMv9 SVE CE assembly implementation. [rC2dc2654006]
- Add PowerPC vector implementation of SM4. [rC0b2da804ee]
- Optimize ChaCha20 and Poly1305 for PPC P10 LE. [T6006]
- Add CTR32LE bulk acceleration for AES on PPC. [rC84f2e2d0b5]
- Add generic bulk acceleration for CTR32LE mode (GCM-SIV) for SM4
and Camellia. [rCcf956793af]
- Add GFNI/AVX2 implementation of Camellia. [rC4e6896eb9f]
- Add AVX2 and AVX512 accelerated implementations for GHASH (GCM)
and POLYVAL (GCM-SIV). [rCd857e85cb4, rCe6f3600193]
- Add AVX512 implementation for SHA512. [rC089223aa3b]
- Add AVX512 implementation for Serpent. [rCce95b6ec35]
- Add AVX512 implementation for Poly1305 and ChaCha20
[rCcd3ed49770, rC9a63cfd617]
- Add AVX512 accelerated implementation for SHA3 and Blake2
[rCbeaad75f46,rC909daa700e]
- Add VAES/AVX2 accelerated i386 implementation for AES.
[rC4a42a042bc]
- Add bulk processing for XTS mode of Camellia and SM4.
[rC32b18cdb87, rCaad3381e93]
- Accelerate XTS and ECB modes for Twofish and Serpent.
[rCd078a928f5,rC8a1fe5f78f]
- Add AArch64 crypto/SHA512 extension implementation for
SHA512. [rCe51d3b8330]
- Add AArch64 crypto-extension implementation for Camellia.
[rC898c857206]
- Accelerate OCB authentication on AMD with AVX2. [rC6b47e85d65]
* Bug fixes:
- For PowerPC check for missing optimization level for vector
register usage. [T5785]
- Fix EdDSA secret key check. [T6511]
- Fix decoding of PKCS#1-v1.5 and OAEP padding. [rC34c2042792]
- Allow use of PKCS#1-v1.5 with SHA3 algorithms. [T6976]
- Fix AESWRAP padding length check. [T7130]
* Other:
- Allow empty password for Argon2 KDF. [rCa20700c55f]
- Various constant time operation imporvements.
- Add "bp256", "bp384", "bp512" aliases for Brainpool curves.
- Support for the random server has been removed. [T5811]
- The control code GCRYCTL_ENABLE_M_GUARD is deprecated and not
supported any more. Please use valgrind or other tools. [T5822]
- Logging is now done via the libgpg-error logging functions.
[rCab0bdc72c7]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
31f0c0b289 |
libjpeg: Update to version 3.0.3
- Update from version 2.1.4 to 3.0.3
- Update of rootfile
- CVE fix in 3.0.0
- Changelog
3.0.3
1. Fixed an issue in the build system, introduced in 3.0.2, that caused all
libjpeg-turbo components to depend on the Visual C++ run-time DLL when built
with Visual C++ and CMake 3.15 or later, regardless of value of the
`WITH_CRT_DLL` CMake variable.
2. The x86-64 SIMD extensions now include support for Intel Control-flow
Enforcement Technology (CET), which is enabled automatically if CET is enabled
in the C compiler.
3. Fixed a regression introduced by 3.0 beta2[6] that made it impossible for
calling applications to supply custom Huffman tables when generating
12-bit-per-component lossy JPEG images using the libjpeg API.
4. Fixed a segfault that occurred when attempting to use the jpegtran `-drop`
option with a specially-crafted malformed input image or drop image
(specifically an image in which all of the scans contain fewer components than
the number of components specified in the Start Of Frame segment.)
3.0.2
1. Fixed a signed integer overflow in the `tj3CompressFromYUV8()`,
`tj3DecodeYUV8()`, `tj3DecompressToYUV8()`, and `tj3EncodeYUV8()` functions,
detected by the Clang and GCC undefined behavior sanitizers, that could be
triggered by setting the `align` parameter to an unreasonably large value.
This issue did not pose a security threat, but removing the warning made it
easier to detect actual security issues, should they arise in the future.
2. Introduced a new parameter (`TJPARAM_MAXMEMORY` in the TurboJPEG C API and
`TJ.PARAM_MAXMEMORY` in the TurboJPEG Java API) and a corresponding TJBench
option (`-maxmemory`) for specifying the maximum amount of memory (in
megabytes) that will be allocated for intermediate buffers, which are used with
progressive JPEG compression and decompression, optimized baseline entropy
coding, lossless JPEG compression, and lossless transformation. The new
parameter and option serve the same purpose as the `max_memory_to_use` field in
the `jpeg_memory_mgr` struct in the libjpeg API, the `JPEGMEM` environment
variable, and the cjpeg/djpeg/jpegtran `-maxmemory` option.
3. Introduced a new parameter (`TJPARAM_MAXPIXELS` in the TurboJPEG C API and
`TJ.PARAM_MAXPIXELS` in the TurboJPEG Java API) and a corresponding TJBench
option (`-maxpixels`) for specifying the maximum number of pixels that the
decompression, lossless transformation, and packed-pixel image loading
functions/methods will process.
4. Fixed an error ("Unsupported color conversion request") that occurred when
attempting to decompress a 3-component lossless JPEG image without an Adobe
APP14 marker. The decompressor now assumes that a 3-component lossless JPEG
image without an Adobe APP14 marker uses the RGB colorspace if its component
IDs are 1, 2, and 3.
3.0.1
1. The x86-64 SIMD functions now use a standard stack frame, prologue, and
epilogue so that debuggers and profilers can reliably capture backtraces from
within the functions.
2. Fixed two minor issues in the interblock smoothing algorithm that caused
mathematical (but not necessarily perceptible) edge block errors when
decompressing progressive JPEG images exactly two MCU blocks in width or that
use vertical chrominance subsampling.
3. Fixed a regression introduced by 3.0 beta2[6] that, in rare cases, caused
the C Huffman encoder (which is not used by default on x86 and Arm CPUs) to
generate incorrect results if the Neon SIMD extensions were explicitly disabled
at build time (by setting the `WITH_SIMD` CMake variable to `0`) in an AArch64
build of libjpeg-turbo.
3.0.0
1. The TurboJPEG API now supports 4:4:1 (transposed 4:1:1) chrominance
subsampling, which allows losslessly transposed or rotated 4:1:1 JPEG images to
be losslessly cropped, partially decompressed, or decompressed to planar YUV
images.
2. Fixed various segfaults and buffer overruns (CVE-2023-2804) that occurred
when attempting to decompress various specially-crafted malformed
12-bit-per-component and 16-bit-per-component lossless JPEG images using color
quantization or merged chroma upsampling/color conversion. The underlying
cause of these issues was that the color quantization and merged chroma
upsampling/color conversion algorithms were not designed with lossless
decompression in mind. Since libjpeg-turbo explicitly does not support color
conversion when compressing or decompressing lossless JPEG images, merged
chroma upsampling/color conversion never should have been enabled for such
images. Color quantization is a legacy feature that serves little or no
purpose with lossless JPEG images, so it is also now disabled when
decompressing such images. (As a result, djpeg can no longer decompress a
lossless JPEG image into a GIF image.)
3. Fixed an oversight in 1.4 beta1[8] that caused various segfaults and buffer
overruns when attempting to decompress various specially-crafted malformed
12-bit-per-component JPEG images using djpeg with both color quantization and
RGB565 color conversion enabled.
4. Fixed an issue whereby `jpeg_crop_scanline()` sometimes miscalculated the
downsampled width for components with 4x2 or 2x4 subsampling factors if
decompression scaling was enabled. This caused the components to be upsampled
incompletely, which caused the color converter to read from uninitialized
memory. With 12-bit data precision, this caused a buffer overrun or underrun
and subsequent segfault if the sample value read from uninitialized memory was
outside of the valid sample range.
5. Fixed a long-standing issue whereby the `tj3Transform()` function, when used
with the `TJXOP_TRANSPOSE`, `TJXOP_TRANSVERSE`, `TJXOP_ROT90`, or
`TJXOP_ROT270` transform operation and without automatic JPEG destination
buffer (re)allocation or lossless cropping, computed the worst-case transformed
JPEG image size based on the source image dimensions rather than the
transformed image dimensions. If a calling program allocated the JPEG
destination buffer based on the transformed image dimensions, as the API
documentation instructs, and attempted to transform a specially-crafted 4:2:2,
4:4:0, 4:1:1, or 4:4:1 JPEG source image containing a large amount of metadata,
the issue caused `tj3Transform()` to overflow the JPEG destination buffer
rather than fail gracefully. The issue could be worked around by setting
`TJXOPT_COPYNONE`. Note that, irrespective of this issue, `tj3Transform()`
cannot reliably transform JPEG source images that contain a large amount of
metadata unless automatic JPEG destination buffer (re)allocation is used or
`TJXOPT_COPYNONE` is set.
6. Fixed a regression introduced by 3.0 beta2[6] that prevented the djpeg
`-map` option from working when decompressing 12-bit-per-component lossy JPEG
images.
7. Fixed an issue that caused the C Huffman encoder (which is not used by
default on x86 and Arm CPUs) to read from uninitialized memory when attempting
to transform a specially-crafted malformed arithmetic-coded JPEG source image
into a baseline Huffman-coded JPEG destination image.
2.1.91
1. Significantly sped up the computation of optimal Huffman tables. This
speeds up the compression of tiny images by as much as 2x and provides a
noticeable speedup for images as large as 256x256 when using optimal Huffman
tables.
2. All deprecated fields, constructors, and methods in the TurboJPEG Java API
have been removed.
3. Arithmetic entropy coding is now supported with 12-bit-per-component JPEG
images.
4. Overhauled the TurboJPEG API to address long-standing limitations and to
make the API more extensible and intuitive:
- All C function names are now prefixed with `tj3`, and all version
suffixes have been removed from the function names. Future API overhauls will
increment the prefix to `tj4`, etc., thus retaining backward API/ABI
compatibility without versioning each individual function.
- Stateless boolean flags have been replaced with stateful integer API
parameters, the values of which persist between function calls. New
functions/methods (`tj3Set()`/`TJCompressor.set()`/`TJDecompressor.set()` and
`tj3Get()`/`TJCompressor.get()`/`TJDecompressor.get()`) can be used to set and
query the value of a particular API parameter.
- The JPEG quality and subsampling are now implemented using API
parameters rather than stateless function arguments (C) or dedicated set/get
methods (Java.)
- `tj3DecompressHeader()` now stores all relevant information about the
JPEG image, including the width, height, subsampling type, entropy coding
algorithm, etc., in API parameters rather than returning that information
through pointer arguments.
- `TJFLAG_LIMITSCANS`/`TJ.FLAG_LIMITSCANS` has been reimplemented as an
API parameter (`TJPARAM_SCANLIMIT`/`TJ.PARAM_SCANLIMIT`) that allows the number
of scans to be specified.
- Optimized baseline entropy coding (the computation of optimal Huffman
tables, as opposed to using the default Huffman tables) can now be specified,
using a new API parameter (`TJPARAM_OPTIMIZE`/`TJ.PARAM_OPTIMIZE`), a new
transform option (`TJXOPT_OPTIMIZE`/`TJTransform.OPT_OPTIMIZE`), and a new
TJBench option (`-optimize`.)
- Arithmetic entropy coding can now be specified or queried, using a new
API parameter (`TJPARAM_ARITHMETIC`/`TJ.PARAM_ARITHMETIC`), a new transform
option (`TJXOPT_ARITHMETIC`/`TJTransform.OPT_ARITHMETIC`), and a new TJBench
option (`-arithmetic`.)
- The restart marker interval can now be specified, using new API
parameters (`TJPARAM_RESTARTROWS`/`TJ.PARAM_RESTARTROWS` and
`TJPARAM_RESTARTBLOCKS`/`TJ.PARAM_RESTARTBLOCKS`) and a new TJBench option
(`-restart`.)
- Pixel density can now be specified or queried, using new API parameters
(`TJPARAM_XDENSITY`/`TJ.PARAM_XDENSITY`,
`TJPARAM_YDENSITY`/`TJ.PARAM_YDENSITY`, and
`TJPARAM_DENSITYUNITS`/`TJ.PARAM_DENSITYUNITS`.)
- The accurate DCT/IDCT algorithms are now the default for both
compression and decompression, since the "fast" algorithms are considered to be
a legacy feature. (The "fast" algorithms do not pass the ISO compliance tests,
and those algorithms are not any faster than the accurate algorithms on modern
x86 CPUs.)
- All C initialization functions have been combined into a single function
(`tj3Init()`) that accepts an integer argument specifying the subsystems to
initialize.
- All C functions now use the `const` keyword for pointer arguments that
point to unmodified buffers (and for both dimensions of pointer arguments that
point to sets of unmodified buffers.)
- All C functions now use `size_t` rather than `unsigned long` to
represent buffer sizes, for compatibility with `malloc()` and to avoid
disparities in the size of `unsigned long` between LP64 (Un*x) and LLP64
(Windows) operating systems.
- All C buffer size functions now return 0 if an error occurs, rather than
trying to awkwardly return -1 in an unsigned data type (which could easily be
misinterpreted as a very large value.)
- Decompression scaling is now enabled explicitly, using a new
function/method (`tj3SetScalingFactor()`/`TJDecompressor.setScalingFactor()`),
rather than implicitly using awkward "desired width"/"desired height"
arguments.
- Partial image decompression has been implemented, using a new
function/method (`tj3SetCroppingRegion()`/`TJDecompressor.setCroppingRegion()`)
and a new TJBench option (`-crop`.)
- The JPEG colorspace can now be specified explicitly when compressing,
using a new API parameter (`TJPARAM_COLORSPACE`/`TJ.PARAM_COLORSPACE`.) This
allows JPEG images with the RGB and CMYK colorspaces to be created.
- TJBench no longer generates error/difference images, since identical
functionality is already available in ImageMagick.
- JPEG images with unknown subsampling configurations can now be
fully decompressed into packed-pixel images or losslessly transformed (with the
exception of lossless cropping.) They cannot currently be partially
decompressed or decompressed into planar YUV images.
- `tj3Destroy()` now silently accepts a NULL handle.
- `tj3Alloc()` and `tj3Free()` now return/accept void pointers, as
`malloc()` and `free()` do.
- The C image I/O functions now accept a TurboJPEG instance handle, which
is used to transmit/receive API parameter values and to receive error
information.
5. Added support for 8-bit-per-component, 12-bit-per-component, and
16-bit-per-component lossless JPEG images. A new libjpeg API function
(`jpeg_enable_lossless()`), TurboJPEG API parameters
(`TJPARAM_LOSSLESS`/`TJ.PARAM_LOSSLESS`,
`TJPARAM_LOSSLESSPSV`/`TJ.PARAM_LOSSLESSPSV`, and
`TJPARAM_LOSSLESSPT`/`TJ.PARAM_LOSSLESSPT`), and a cjpeg/TJBench option
(`-lossless`) can be used to create a lossless JPEG image. (Decompression of
lossless JPEG images is handled automatically.) Refer to
[libjpeg.txt](libjpeg.txt), [usage.txt](usage.txt), and the TurboJPEG API
documentation for more details.
6. Added support for 12-bit-per-component (lossy and lossless) and
16-bit-per-component (lossless) JPEG images to the libjpeg and TurboJPEG APIs:
- The existing `data_precision` field in `jpeg_compress_struct` and
`jpeg_decompress_struct` has been repurposed to enable the creation of
12-bit-per-component and 16-bit-per-component JPEG images or to detect whether
a 12-bit-per-component or 16-bit-per-component JPEG image is being
decompressed.
- New 12-bit-per-component and 16-bit-per-component versions of
`jpeg_write_scanlines()` and `jpeg_read_scanlines()`, as well as new
12-bit-per-component versions of `jpeg_write_raw_data()`,
`jpeg_skip_scanlines()`, `jpeg_crop_scanline()`, and `jpeg_read_raw_data()`,
provide interfaces for compressing from/decompressing to 12-bit-per-component
and 16-bit-per-component packed-pixel and planar YUV image buffers.
- New 12-bit-per-component and 16-bit-per-component compression,
decompression, and image I/O functions/methods have been added to the TurboJPEG
API, and a new API parameter (`TJPARAM_PRECISION`/`TJ.PARAM_PRECISION`) can be
used to query the data precision of a JPEG image. (YUV functions are currently
limited to 8-bit data precision but can be expanded to accommodate 12-bit data
precision in the future, if such is deemed beneficial.)
- A new cjpeg and TJBench command-line argument (`-precision`) can be used
to create a 12-bit-per-component or 16-bit-per-component JPEG image.
(Decompression and transformation of 12-bit-per-component and
16-bit-per-component JPEG images is handled automatically.)
2.1.5.1
1. The SIMD dispatchers in libjpeg-turbo 2.1.4 and prior stored the list of
supported SIMD instruction sets in a global variable, which caused an innocuous
race condition whereby the variable could have been initialized multiple times
if `jpeg_start_*compress()` was called simultaneously in multiple threads.
libjpeg-turbo 2.1.5 included an undocumented attempt to fix this race condition
by making the SIMD support variable thread-local. However, that caused another
issue whereby, if `jpeg_start_*compress()` was called in one thread and
`jpeg_read_*()` or `jpeg_write_*()` was called in a second thread, the SIMD
support variable was never initialized in the second thread. On x86 systems,
this led the second thread to incorrectly assume that AVX2 instructions were
always available, and when it attempted to use those instructions on older x86
CPUs that do not support them, an illegal instruction error occurred. The SIMD
dispatchers now ensure that the SIMD support variable is initialized before
dispatching based on its value.
2.1.5
1. Fixed issues in the build system whereby, when using the Ninja Multi-Config
CMake generator, a static build of libjpeg-turbo (a build in which
`ENABLE_SHARED` is `0`) could not be installed, a Windows installer could not
be built, and the Java regression tests failed.
2. Fixed a regression introduced by 2.0 beta1[15] that caused a buffer overrun
in the progressive Huffman encoder when attempting to transform a
specially-crafted malformed 12-bit-per-component JPEG image into a progressive
12-bit-per-component JPEG image using a 12-bit-per-component build of
libjpeg-turbo (`-DWITH_12BIT=1`.) Given that the buffer overrun was fully
contained within the progressive Huffman encoder structure and did not cause a
segfault or other user-visible errant behavior, given that the lossless
transformer (unlike the decompressor) is not generally exposed to arbitrary
data exploits, and given that 12-bit-per-component builds of libjpeg-turbo are
uncommon, this issue did not likely pose a security risk.
3. Fixed an issue whereby, when using a 12-bit-per-component build of
libjpeg-turbo (`-DWITH_12BIT=1`), passing samples with values greater than 4095
or less than 0 to `jpeg_write_scanlines()` caused a buffer overrun or underrun
in the RGB-to-YCbCr color converter.
4. Fixed a floating point exception that occurred when attempting to use the
jpegtran `-drop` and `-trim` options to losslessly transform a
specially-crafted malformed JPEG image.
5. Fixed an issue in `tjBufSizeYUV2()` whereby it returned a bogus result,
rather than throwing an error, if the `align` parameter was not a power of 2.
Fixed a similar issue in `tjCompressFromYUV()` whereby it generated a corrupt
JPEG image in certain cases, rather than throwing an error, if the `align`
parameter was not a power of 2.
6. Fixed an issue whereby `tjDecompressToYUV2()`, which is a wrapper for
`tjDecompressToYUVPlanes()`, used the desired YUV image dimensions rather than
the actual scaled image dimensions when computing the plane pointers and
strides to pass to `tjDecompressToYUVPlanes()`. This caused a buffer overrun
and subsequent segfault if the desired image dimensions exceeded the scaled
image dimensions.
7. Fixed an issue whereby, when decompressing a 12-bit-per-component JPEG image
(`-DWITH_12BIT=1`) using an alpha-enabled output color space such as
`JCS_EXT_RGBA`, the alpha channel was set to 255 rather than 4095.
8. Fixed an issue whereby the Java version of TJBench did not accept a range of
quality values.
9. Fixed an issue whereby, when `-progressive` was passed to TJBench, the JPEG
input image was not transformed into a progressive JPEG image prior to
decompression.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
42d514370a |
libinih: Update to version 58
- Update from version 56 to 58
- Update of rootfile not required
- Changelog
58
[oss-fuzz] fuzzing support by @0x34d in #153
[Fuzzing] fix harness by @0x34d in #156
[Fuzzing] using cifuzz for PR by @0x34d in #154
Specify C++11 std in meson build by @DownerCase in #157
Add ini_ prefix even to static names so inih can be used as an #include by
@benhoyt in #164
57
MSVC throws C4244 by @AbsintheScripting in #142
Added a GetUnsigned function for getting unsigned values. by @jcormier in #147
meson.build: fix start-of-line_comment_prefix variable name by @ihilt in #149
Added GetInteger64 and GetUnsigned64 to read 64-bit integers by @natcat256
in #151
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
157b603528 |
libcap-ng: Update to version 0.8.5
- Update from version 0.8.3 to 0.8.5
- Update of rootfile not required
- Changelog
0.8.5
- Remove python global exception handler since it's deprecated
- Make the utilities link against just built libraries
- Remove unused macro in cap-ng.h
0.8.4
- In capng_change_id, clear PR_SET_KEEPCAPS if returning an error
- pscap: add -p option for reporting a specified process (Masatake Yamato)
- Annotate function prototypes to warn if results are unused
- Drop python2 support
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
0a94237668 |
libgpg-error: Update to version 1.50
- Update from version 1.48 to 1.50
- Update of rootfile
- Changelog
1.50
* New set of process spawn functions. [T6249]
* Fixed return type for gpgrt_b64dec_proc and gpgrt_b64dec_finish to
gpg_err_code_t. This enum return type is in almost all cases
compatible to the formerly used gpg_error_t (i.e. unsigned int).
* Interface changes relative to the 1.49 release:
gpgrt_process_t CHANGED (never used).
gpgrt_spawn_actions_t NEW type.
gpgrt_process_requests NEW enum.
gpgrt_process_spawn NEW.
gpgrt_process_terminate NEW.
gpgrt_process_get_streams NEW.
gpgrt_process_ctl NEW.
gpgrt_process_wait NEW.
gpgrt_process_release NEW.
gpgrt_spawn_actions_new NEW.
gpgrt_spawn_actions_release NEW.
gpgrt_spawn_actions_set_redirect NEW.
gpgrt_spawn_actions_set_environ NEW (posix only).
gpgrt_spawn_actions_set_inherit_fds NEW (posix only).
gpgrt_spawn_actions_set_atfork NEW (posix only).
gpgrt_spawn_actions_set_envvars NEW (w32 only).
gpgrt_spawn_actions_set_inherit_handles NEW (w32 only).
GPGRT_PROCESS_DETACHED NEW.
GPGRT_PROCESS_NO_CONSOLE NEW.
GPGRT_PROCESS_NO_EUID_CHECK NEW.
GPGRT_PROCESS_STDIN_PIPE NEW.
GPGRT_PROCESS_STDOUT_PIPE NEW.
GPGRT_PROCESS_STDERR_PIPE NEW.
GPGRT_PROCESS_STDINOUT_SOCKETPAIR NEW.
GPGRT_PROCESS_STDIN_KEEP NEW.
GPGRT_PROCESS_STDOUT_KEEP NEW.
GPGRT_PROCESS_STDERR_KEEP NEW.
GPGRT_PROCESS_STDFDS_SETTING NEW.
GPGRT_SPAWN_INHERIT_FILE REMOVED (never used).
GPGRT_SPAWN_NONBLOCK REMOVED (never used).
GPGRT_SPAWN_RUN_ASFW REMOVED (never used).
GPGRT_SPAWN_DETACHED REMOVED (never used).
GPGRT_SPAWN_KEEP_STDIN REMOVED (never used).
GPGRT_SPAWN_KEEP_STDOUT REMOVED (never used).
GPGRT_SPAWN_KEEP_STDERR REMOVED (never used).
1.49
* Two new functions to improve the logging interface. The
gpgrt_logv_domain is currently the same as gpgrt_logv_prefix but
allows to pass a domain string so that in future we will be able to
select log output by domain. It also provide a non yet functional
feature to include a hex dump.
* Add a "trunc" keyword to gpgrt_log_printhex. [rE0a39fbefcb]
* Avoid an endless loop in the argparser due to a conf file read
error. [rE2dc93cfecc]
* Interface changes relative to the 1.48 release:
gpgrt_add_post_log_func NEW.
gpgrt_logv_domain NEW.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
1e639a1dfa |
libassuan: Update to version 3.0.1
- Update from version 2.5.5 to 3.0.1
- Update of rootfile
- Changelog
3.0.1
* Change Unix symbol versioning to help the Debian transitioning
process.
3.0.0
* API change: For new code, which uses libassuan with nPTH, please
use gpgrt_get_syscall_clamp and assuan_control, instead of the
system_hooks API. Use of ASSUAN_SYSTEM_NPTH is deprecated with new
API version 3. If it's really needed to keep using old
implementation of ASSUAN_SYSTEM_NPTH, you need to change your your
application code, to define
ASSUAN_REALLY_REQUIRE_V2_NPTH_SYSTEM_HOOKS before including
<assuan.h>. For an application which uses version 2 API
(NEED_LIBASSUAN_API=2 in its configure.ac), use of
ASSUAN_SYSTEM_NPTH is still supported. [T5914]
* New function assuan_control. [T6625]
* New function assuan_sock_accept. [T5925]
* New functions assuan_pipe_wait_server_termination and
assuan_pipe_kill_server to support abstraction of process. [T6487]
* Windows support for sendfd/recvfd. [T6236]
* Implement timeout in assuan_sock_connect_byname. [T3302]
* No support for WindowsCE, any more. [T6170]
* New socket flags "linger" and "reuseaddr". [rA87f92fe962]
* Interface changes relative to the 2.5.0 release:
assuan_sock_accept NEW.
assuan_pipe_wait_server_termination NEW.
assuan_pipe_kill_server NEW.
assuan_sock_set_flag EXTENDED.
assuan_sock_get_flag EXTENDED.
2.5.7
New configure option --with-libtool-modification. [T6619]
Change the naming of the 64 bit Windows DLL from libassuan6-0.dll to
libassuan-0.dll to sync this with what we did for libgpg-error.
2.5.6
* Fix logging of confidential data. [rA0fc31770fa]
* Fix memory wiping. [T5977]
* Fix macOS build problem. [T5440,T5610]
* Upgrade autoconf stuff.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
f6e2ccf3ab |
libarchive: Update to version 3.7.4
- Update from version 3.7.0 to 3.7.4
- Update of rootfile
- CVE fix in 3.7.4
- Changelog
3.7.4
Security fixes:
rar: Fix OOB in rar e8 filter (#2135) (CVE-2024-26256)
zip: Fix out of boundary access (#2145)
Important bugfixes:
7zip: Limit amount of properties (#2131)
bsdtar: Fix error handling around strtol() usages (#2110)
passphrase: Improve newline handling on Windows (#2115)
passphrase: Never allow empty passwords (#2116)
rar: Fix "File CRC Error" when extracting specific rar4 archives (#2124)
xar: Avoid infinite link loop (#2123)
zip: Update AppleDouble support for directories (#2108)
zstd: Implement core detection (#2083, #2071)
3.7.3
New features:
PCRE2 support (#2031)
add trailing letter b to bsdtar(1) substitute pattern (#2012)
add support for long options "--group" and "--owner" to tar(1) (#2054)
Security fixes:
Fix possible vulnerability in tar error reporting introduced in f27c173 (#2101)
Important bugfixes:
ISO9660: preserve the natural order of links (#1974)
rar5: fix decoding unicode filenames on Windows (#1978)
rar5: fix infinite loop if during rar5 decompression the last block produced
no data (#2105)
xz filter: fix incorrect eof at the end of an lzip member (#2027)
zip: fix end-of-data marker processing when decompressing zip archives (#2042)
multiple bsdunzip(1) fixes (#2022, #2030)
filetime truncation fix on Windows (#2050)
3.7.2
Security fixes:
Multiple vulnerabilities have been fixed in the PAX writer (1b4e0d0)
Important bugfixes:
bsdunzip(1) now correctly handles arguments following an -x after the zipfile
New features:
bsdunzip(1) now supports the "--version" flag
7-zip reader now translates Windows permissions into UNIX permissions (#1943)
uudecode filter in raw mode now supports file name and file mode
zstd filter now supports the "long" write option (#1962)
3.7.1
Security fixes:
SEGV and stack buffer overflow in verbose mode of cpio (#1934, #1935)
Feature updates:
bsdunzip updated to match latest upstream code (#1926)
Important bugfixes:
miscellaneous functional bugfixes (#1731, #1929, #1930)
build fixes on multiple platforms (Android #1921, older MacOS X #1919, #1933
and others)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
6c6959694a |
hostapd: Update to version 2_11
- Update from version 2_10 to 2_11
- Update of rootfile not required
- Update of patches to latest source tarball
- Changelog
2_11
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Michael Tremer
|
76f429d5d8 |
licenses: Remove the braindead GPL acception stage
The GPL is not an EULA and so there is no value in having users accept it. The UI is very broken and so I believe it is best to drop this entirely. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
f7879935a5 |
core-updates: Fix release number
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
fd4ee38136 |
cyrus-sasl: Update to 2.1.28
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
552cf4e825 |
cyrus-sasl: Remove unsed PASS build instructions
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
d44788101b |
libxslt: Update to 1.1.42
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
64feedbcf6 |
br2684ctl: Drop package
This tool is now part of linux-atm. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
b734e6f7b6 |
linux-atm: Update to 2.5.2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
acf2754880 |
openssl: Update to version 3.3.0
- Update from version 3.2.1 to 3.3.0
- Update of rootfile
- Changelog
3.3
This release adds the following new features:
* Support for qlog for tracing QUIC connections has been added
* Added APIs to allow configuring the negotiated idle timeout for QUIC
connections, and to allow determining the number of additional streams
that can currently be created for a QUIC connection.
* Added APIs to allow disabling implicit QUIC event processing for QUIC SSL
objects
* Added APIs to allow querying the size and utilisation of a QUIC stream's
write buffer
* New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN)
condition in an optimised way when using QUIC.
* Limited support for polling of QUIC connection and stream objects in a
non-blocking manner.
* Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple
times with different output sizes.
* Added exporter for CMake on Unix and Windows, alongside the pkg-config
exporter.
* The BLAKE2s hash algorithm matches BLAKE2b's support for configurable
output length.
* The EVP_PKEY_fromdata function has been augmented to allow for the
derivation of CRT (Chinese Remainder Theorem) parameters when requested
* Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
using time_t which is Y2038 safe on 32 bit systems when 64 bit time
is enabled
* Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
config options and the respective calls to SSL[_CTX]_set1_sigalgs() and
SSL[_CTX]_set1_client_sigalgs() that start with `?` character are
ignored and the configuration will still be used.
* Added `-set_issuer` and `-set_subject` options to `openssl x509` to
override the Issuer and Subject when creating a certificate. The `-subj`
option now is an alias for `-set_subject`.
* Added several new features of CMPv3 defined in RFC 9480 and RFC 9483
* New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3
server to prefer session resumption using PSK-only key exchange over PSK
with DHE, if both are available.
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
is registered when libcrypto is unloaded.
* Added X509_STORE_get1_objects to avoid issues with the existing
X509_STORE_get0_objects API in multi-threaded applications.
This release incorporates the following potentially significant or incompatible
changes:
* Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
* Optimized AES-CTR for ARM Neoverse V1 and V2
* Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems
similar to M1/M2.
* Various optimizations for cryptographic routines using RISC-V vector crypto
extensions
* Added assembly implementation for md5 on loongarch64
* Accept longer context for TLS 1.2 exporters
* The activate and soft_load configuration settings for providers in
openssl.cnf have been updated to require a value of [1|yes|true|on]
(in lower or UPPER case) to enable the setting. Conversely a value
of [0|no|false|off] will disable the setting.
* In `openssl speed`, changed the default hash function used with `hmac` from
`md5` to `sha256`.
* The `-verify` option to the `openssl crl` and `openssl req` will make the
program exit with 1 on failure.
* The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and
related functions have been augmented to check for a minimum length of
the input string, in accordance with ITU-T X.690 section 11.7 and 11.8.
* OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1
if called with a NULL stack argument.
* New limit on HTTP response headers is introduced to HTTP client. The
default limit is set to 256 header lines.
This release incorporates the following bug fixes and mitigations:
* The BIO_get_new_index() function can only be called 127 times before it
reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its
exhausted.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Matthias Fischer
|
6f6c9f6b6a |
rrdtool: Update tp 1.9.0
For details see: https://github.com/oetiker/rrdtool-1.x/releases/tag/v1.9.0 "RRDtool 1.9.0 — 2024-07-29 Bugfixes Fix ytop and ybase adjustments for overlaping area issue on transparent areas @turban Suppress warnings of implicit fall through @youpong Update tarball download link in doc @c72578 Fix unsigned integer overflow in rrdtool first. Add test for rrd_first() @c72578 Fix tests under MSYS2 (Windows) @c72578 Fix BUILD_DATE in rrdtool help output @c72578 acinclude.m4: Include <stdlib.h> when using exit @ryandesign rrdtool-release: Create NUMVERS from VERSION file @c72578 Avoids leaking of file descriptors in multi threaded programs by @ensc Avoids potential unterminated string because of fixed PATH_MAX buffer Fix extra reference of parameters of rrd_fetch_dbi_{long,double} @jamborm" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
31b10034e9 |
bird: Update to version 2.15.1
- Update from version 2.14 to 2.15.1
- Update of rootfile not required
- Changelog
2.15.1
o OSPF: Fix regression in handling PtP links
o RPKI: Handle connection resets properly
o Static: Reject invalid combination of options
o Fix builds with limited set of protocols
2.15
o BGP: Send hold timer
o BGP: New options to specify required BGP capabilities
o BFD: Improvements to 'show bfd sessions' command
o RPKI: New 'local address' configuration option
o Linux: Support for more route attributes, including
TCP congestion control algorithm
o Support for UDP logging
o Static routes can have both nexthop and interface specified
o Completion of command options in BIRD client
o Many bugfixes and improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Matthias Fischer
|
4e40a3e23f |
nasm: Update to 2.16.03
For details see: https://nasm.us/doc/nasmdocc.html Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
80de6b5647 |
vectorscan: Fix check for CPU support
According to the documentation, Vectorscan checks whether the CPU is supporting the minimum requirement of SSE4.2. However the check is still checking for SSSE3 which makes the library fail on systems without SSE4.2. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
d04dd6f2cd |
Config: Fix computing the package file size
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
df84336ef8 |
Config: Use the correct variable for the package release
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
e347899c16 |
nginx: Update to version 1.26.1
- Update from version 1.24.0 to 1.26.1
- Update of rootfile not required
- Version 1.24.0 is now a legacy version, no longer being supported. Stable version has
changed to 1.26.x series.
- Various CVE fixes in 1.26.1 and in 1.25.4, the development branch that became 1.26.0,
that the legacy version 1.24.0 is also vulnerable to.
- Changelog
1.26.1
*) Security: when using HTTP/3, processing of a specially crafted QUIC
session might cause a worker process crash, worker process memory
disclosure on systems with MTU larger than 4096 bytes, or might have
potential other impact (CVE-2024-32760, CVE-2024-31079,
CVE-2024-35200, CVE-2024-34161).
*) Bugfix: reduced memory consumption for long-lived requests if "gzip",
"gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.
*) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
option was used.
*) Bugfix: in HTTP/3.
1.26.0
*) 1.26.x stable branch.
1.25.5
*) Feature: virtual servers in the stream module.
*) Feature: the ngx_stream_pass_module.
*) Feature: the "deferred", "accept_filter", and "setfib" parameters of
the "listen" directive in the stream module.
*) Feature: cache line size detection for some architectures.
*) Feature: support for Homebrew on Apple Silicon.
*) Bugfix: Windows cross-compilation bugfixes and improvements.
*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
1.25.4
*) Security: when using HTTP/3 a segmentation fault might occur in a
worker process while processing a specially crafted QUIC session
(CVE-2024-24989, CVE-2024-24990).
*) Bugfix: connections with pending AIO operations might be closed
prematurely during graceful shutdown of old worker processes.
*) Bugfix: socket leak alerts no longer logged when fast shutdown was
requested after graceful shutdown of old worker processes.
*) Bugfix: a socket descriptor error, a socket leak, or a segmentation
fault in a worker process (for SSL proxying) might occur if AIO was
used in a subrequest.
*) Bugfix: a segmentation fault might occur in a worker process if SSL
proxying was used along with the "image_filter" directive and errors
with code 415 were redirected with the "error_page" directive.
*) Bugfixes and improvements in HTTP/3.
1.25.3
*) Change: improved detection of misbehaving clients when using HTTP/2.
*) Feature: startup speedup when using a large number of locations.
Thanks to Yusuke Nojima.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 without SSL; the bug had appeared in 1.25.1.
*) Bugfix: the "Status" backend response header line with an empty
reason phrase was handled incorrectly.
*) Bugfix: memory leak during reconfiguration when using the PCRE2
library.
*) Bugfixes and improvements in HTTP/3.
1.25.2
*) Feature: path MTU discovery when using HTTP/3.
*) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using
HTTP/3.
*) Change: now nginx uses appname "nginx" when loading OpenSSL
configuration.
*) Change: now nginx does not try to load OpenSSL configuration if the
--with-openssl option was used to built OpenSSL and the OPENSSL_CONF
environment variable is not set.
*) Bugfix: in the $body_bytes_sent variable when using HTTP/3.
*) Bugfix: in HTTP/3.
1.25.1
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
1.25.0
*) Feature: experimental HTTP/3 support.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Matthias Fischer
|
e001c59719 |
apache: Update to 2.4.62
"All good things go by three..." For details see: https://dlcdn.apache.org/httpd/CHANGES_2.4.62 "Changes with Apache 2.4.62 *) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (cve.mitre.org) SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. Credits: Smi1e (DBAPPSecurity Ltd.) *) SECURITY: CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. *) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets with BalancerMember(s). PR 69168. [Yann Ylavic] *) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs. PR 69160 [Yann Ylavic] *) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2. [Joe Orton] *) mod_ssl: Add support for loading certs/keys from pkcs11: URIs via OpenSSL 3.x providers. [Ingo Franzki <ifranzki linux.ibm.com>] *) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0. [Ruediger Pluem, Yann Ylavic] *) mpm_worker: Fix possible warning (AH00045) about children processes not terminating timely. [Yann Ylavic]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
a893eebb91 |
mpd: Patch mpd to deal with format function being const in fmt-11.0.0 onwards
- Commit has been made in mpd but no release has yet been made with the change. When the next version release of mpd occurs this patch can be removed. - The patch changes all format calls to be const . Without this patch mpd will not build with fmt-11.0.0 or newer. - Update of rootfile not required. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
6c0e02c80d |
fmt: Update to version 11.0.1
- Update from version 10.2.1 to 11.0.1
- Update of rootfile
- fmt from version 11.0.0 onwards has made the format function a constant. This was done to
enforce that formatter::format is const for compatibility with std::format.
- Changelog
11.0.1
Fixed version number in the inline namespace (#4047).
Fixed disabling Unicode support via CMake (#4051).
Fixed deprecated visit_format_arg (#4043).
Fixed handling of a sign and improved the std::complex formater (#4034, #4050).
Removed a redundant check in the formatter for std::expected (#4040).
11.0.0
Added fmt/base.h which provides a subset of the API with minimal include
dependencies and enough functionality to replace all uses of the printf family
of functions. This brings the compile time of code using {fmt} much closer to
the equivalent printf code.
This gives almost 4x improvement in build speed compared to version 10. Note
that the benchmark is purely formatting code and includes. In real projects the
difference from printf will be smaller partly because common standard headers
will be included in almost any translation unit (TU) anyway. In particular, in
every case except printf above ~1s is spent in total on including <type_traits>
in all TUs.
Optimized includes in other headers such as fmt/format.h which is now roughly
equivalent to the old fmt/core.h in terms of build speed.
Migrated the documentation at https://fmt.dev/ from Sphinx to MkDocs.
Improved C++20 module support (#3990, #3991, #3993, #3994, #3997, #3998, #4004,
#4005, #4006, #4013, #4027, #4029). In particular, native CMake support for
modules is now used if available.
Added an option to replace standard includes with import std enabled via the
FMT_IMPORT_STD macro (#3921, #3928).
Exported fmt::range_format, fmt::range_format_kind and fmt::compiled_string from
the fmt module (#3970, #3999).
Improved integration with stdio in fmt::print, enabling direct writes into a C
stream buffer in common cases. This may give significant performance
improvements ranging from tens of percent to 2x and eliminates dynamic memory
allocations on the buffer level. It is currently enabled for built-in and
string types with wider availability coming up in future releases.
For example, it gives ~24% improvement on a simple benchmark compiled with
Apple clang version 15.0.0 (clang-1500.1.0.2.5) and run on macOS 14.2.1
Improved safety of fmt::format_to when writing to an array (#3805). For example
(godbolt):
auto volkswagen = char[4];
auto result = fmt::format_to(volkswagen, "elephant");
no longer results in a buffer overflow. Instead the output will be truncated
and you can get the end iterator and whether truncation occurred from the
result object.
Enabled Unicode support by default in MSVC, bringing it on par with other
compilers and making it unnecessary for users to enable it explicitly. Most of
{fmt} is encoding-agnostic but this prevents mojibake in places where encoding
matters such as path formatting and terminal output. You can control the
Unicode support via the CMake FMT_UNICODE option. Note that some {fmt} packages
such as the one in vcpkg have already been compiled with Unicode enabled.
Added a formatter for std::expected (#3834).
Added a formatter for std::complex (#1467, #3886, #3892, #3900).
Added a formatter for std::type_info (#3978).
Specialized formatter for std::basic_string types with custom traits and
allocators (#3938, #3943).
Added formatters for std::chrono::day, std::chrono::month, std::chrono::year and
std::chrono::year_month_day (#3758, #3772, #3906, #3913).
Fixed handling of precision in %S (#3794, #3814). Thanks @js324.
Added support for the - specifier (glibc strftime extension) to day of the month
(%d) and week of the year (%W, %U, %V) specifiers (#3976).
Fixed the scope of the - extension in chrono formatting so that it doesn't apply
to subsequent specifiers (#3811, #3812).
Improved handling of time_point::min() (#3282).
Added support for character range formatting (#3857, #3863).
Added string and debug_string range formatters (#3973, #4024).
Enabled ADL for begin and end in fmt::join (#3813, #3824).
Made contiguous iterator optimizations apply to std::basic_string iterators
(#3798).
Added support for ranges with mutable begin and end (#3752, #3800, #3955).
Added support for move-only iterators to fmt::join (#3802, #3946).
Moved range and iterator overloads of fmt::join to fmt/ranges.h, next to other
overloads.
Fixed handling of types with begin returning void such as Eigen matrices (#3839,
#3964).
Added an fmt::formattable concept (#3974).
Added support for __float128 (#3494).
Fixed rounding issues when formatting long double with fixed precision (#3539).
Made fmt::isnan not trigger floating-point exception for NaN values (#3948, #3951).
Removed dependency on <memory> for std::allocator_traits when possible (#3804).
Enabled compile-time checks in formatting functions that take text colors and
styles.
Deprecated wide stream overloads of fmt::print that take text styles.
Made format string compilation work with clang 12 and later despite only partial
non-type template parameter support (#4000, #4001).
Made fmt::iterator_buffer's move constructor noexcept (#3808).
Started enforcing that formatter::format is const for compatibility with
std::format (#3447).
Added fmt::basic_format_arg::visit and deprecated fmt::visit_format_arg.
Made fmt::basic_string_view not constructible from nullptr for consistency with
std::string_view in C++23 (#3846).
Fixed fmt::group_digits for negative integers (#3891, #3901).
Fixed handling of negative ids in fmt::basic_format_args::get (#3945).
Improved named argument validation (#3817).
Disabled copy construction/assignment for fmt::format_arg_store and fixed moved
construction (#3833).
Worked around a locale issue in RHEL/devtoolset (#3858, #3859).
Added RTTI detection for MSVC (#3821, #3963).
Migrated the documentation from Sphinx to MkDocs.
Improved documentation and README.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Matthias Fischer
|
54cd26a96a |
nano: Update to 8.1
For details see: https://www.nano-editor.org/news.php "2024 July 12 - GNU nano 8.1 "de dag van de bitterkoekjespudding" The idiom nano filename:linenumber is understood only when the option --colonparsing (or 'set colonparsing') is used. Modern bindings are not activated when nano's invocation name starts with "e", as it jars with Debian's alternatives system. New bindable function 'cycle' first centers the current row, then moves it to the top of the viewport, then to the bottom. It is bound by default to ^L. Option --listsyntaxes/-z lists the names of available syntaxes." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
180d3e3eeb |
gettext: Update to version 0.22.5
- Update from version 0.22.4 to 0.22.5
- Update of rootfile
- Changelog
0.22.5
* The replacements for the printf()/fprintf()/... functions that are
provided through <libintl.h> on native Windows and NetBSD now enable
GCC's format string analysis (-Wformat).
* Bug fixes:
- xgettext's processing of Vala files with printf method invocations has
been corrected (regression in 0.22).
- Build fixes on macOS.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
2fc3c29093 |
coreutils: Update to version 9.5
- Update from version 9.0 to 9.5
- Update of the uname patch to 9.5
- Obtained the 9.5 version of the i18n patch. However this caused the coreutils build to
fail. Without the patch the build had no problems. After investigating for some time
I identified that coreutils used to have the mbchar.h and mbchar.c files in its
source tarball lib directory. However those are no longer needed by coreutils so they
have been deleted in the source tarball. However the i18n patch still requires them.
The patch creates the code for the mbchar.h and mbchar.c files. However it has made
the availability of the members buf & mb_setascii and some code related to old_mbc
dependent on GNULIB being defined. This is specified in configure.ac but that define
did not make it into the prepared configure file. This causes those members to not be
found and the build fails.
- Removing the three #if defined GNLIB_MBFILE statements from the coreutils-9.5-i18n
patch, so that the code is executed in the build, causes the members to be present
and the build is successfull.
- Update of rootfile
- Changelog
9.5
** Bug fixes
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
cp, mv, and install no longer issue spurious diagnostics like "failed
to preserve ownership" when copying to GNU/Linux CIFS file systems.
They do this by working around some Linux CIFS bugs.
cp --no-preserve=mode will correctly maintain set-group-ID bits
for created directories. Previously on systems that didn't support ACLs,
cp would have reset the set-group-ID bit on created directories.
[bug introduced in coreutils-8.20]
join and uniq now support multi-byte characters better.
For example, 'join -tX' now works even if X is a multi-byte character,
and both programs now treat multi-byte characters like U+3000
IDEOGRAPHIC SPACE as blanks if the current locale treats them so.
numfmt options like --suffix no longer have an arbitrary 127-byte limit.
[bug introduced with numfmt in coreutils-8.21]
mktemp with --suffix now better diagnoses templates with too few X's.
Previously it conflated the insignificant --suffix in the error.
[bug introduced in coreutils-8.1]
sort again handles thousands grouping characters in single-byte locales
where the grouping character is greater than CHAR_MAX. For e.g. signed
character platforms with a 0xA0 (aka  ) grouping character.
[bug introduced in coreutils-9.1]
split --line-bytes with a mixture of very long and short lines
no longer overwrites the heap (CVE-2024-0684).
[bug introduced in coreutils-9.2]
tail no longer mishandles input from files in /proc and /sys file systems,
on systems with a page size larger than the stdio BUFSIZ.
[This bug was present in "the beginning".]
timeout avoids a narrow race condition, where it might kill arbitrary
processes after a failed process fork.
[bug introduced with timeout in coreutils-7.0]
timeout avoids a narrow race condition, where it might fail to
kill monitored processes immediately after forking them.
[bug introduced with timeout in coreutils-7.0]
wc no longer fails to count unprintable characters as parts of words.
[bug introduced in textutils-2.1]
** Changes in behavior
base32 and base64 no longer require padding when decoding.
Previously an error was given for non padded encoded data.
base32 and base64 have improved detection of corrupted encodings.
Previously encodings with non zero padding bits were accepted.
basenc --base16 -d now supports lower case hexadecimal characters.
Previously an error was given for lower case hex digits.
cp --no-clobber, and mv -n no longer exit with failure status if
existing files are encountered in the destination. Instead they revert
to the behavior from before v9.2, silently skipping existing files.
ls --dired now implies long format output without hyperlinks enabled,
and will take precedence over previously specified formats or hyperlink mode.
numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input,
and uses lowercase 'k' when outputting such units in '--to=si' mode.
pinky no longer tries to canonicalize the user's login location by default,
rather requiring the new --lookup option to enable this often slow feature.
wc no longer ignores encoding errors when counting words.
Instead, it treats them as non white space.
** New features
chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files
with matching current OWNER and/or GROUP, as already supported by chown(1).
chmod adds support for -h, -H,-L,-P, and --dereference options, providing
more control over symlink handling. This supports more secure handling of
CLI arguments, and is more consistent with chown, and chmod on other systems.
cp now accepts the --keep-directory-symlink option (like tar), to preserve
and follow existing symlinks to directories in the destination.
cp and mv now accept the --update=none-fail option, which is similar
to the --no-clobber option, except that existing files are diagnosed,
and the command exits with failure status if existing files.
The -n,--no-clobber option is best avoided due to platform differences.
env now accepts the -a,--argv0 option to override the zeroth argument
of the command being executed.
mv now accepts an --exchange option, which causes the source and
destination to be exchanged. It should be combined with
--no-target-directory (-T) if the destination is a directory.
The exchange is atomic if source and destination are on a single
file system that supports atomic exchange; --exchange is not yet
supported in other situations.
od now supports printing IEEE half precision floating point with -t fH,
or brain 16 bit floating point with -t fB, where supported by the compiler.
tail now supports following multiple processes, with repeated --pid options.
** Improvements
cp,mv,install,cat,split now read and write a minimum of 256KiB at a time.
This was previously 128KiB and increasing to 256KiB was seen to increase
throughput by 10-20% when reading cached files on modern systems.
env,kill,timeout now support unnamed signals. kill(1) for example now
supports sending such signals, and env(1) will list them appropriately.
SELinux operations in file copy operations are now more efficient,
avoiding unneeded MCS/MLS label translation.
sort no longer dynamically links to libcrypto unless -R is used.
This decreases startup overhead in the typical case.
wc is now much faster in single-byte locales and somewhat faster in
multi-byte locales.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
da8ffd403d |
ncurses: Update to version 6.5
- Update from version 6.4 to 6.5
- Update of rootfile
- --with-pkg-config-libdir as the previous default has been changed to $(LIBDIR) and this
does not work and resulted in procps not building as it could not find ncurses.
- Likely other packages after procps would have also failed.
- Explicitly specifying the pkgconfig directory location worked.
- Changelog
6.5
The changelog details are in the NEWS file in the source tarball. Version 6.5
is covered by lines 49 to 530
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
ff6a50b9e4 |
tshark: Update to version 4.2.6
- Update from version 4.2.5 to 4.2.6
- Update of rootfile
- Changelog
4.2.6
Bug Fixes
A regression in the TCP Stream Graph "Time Sequence (tcptrace)"
receive window line behavior introduced in 4.2.5 and 4.0.15 has been
fixed. Issue 19846[3]
The following vulnerability has been fixed:
• wnpa-sec-2024-10[4] SPRT dissector crash. Issue 19559[5].
The following bugs have been fixed:
• RADIUS dissector’s dictionary loading broken in many ways. Issue
6466[6].
• 3.4 → 3.6.5 ASCII display is broken on CentOS 7. Issue 18096[7].
• Funnel/Lua: Closing child window disconnects buttons of parent.
Issue 18386[8].
• Lua detection fails with Alpine Linux: missing: LUA_LIBRARIES.
Issue 19841[9].
• vnd.3gpp.5gnas payloads of type SMS not decoded inside HTTP2 5GC.
Issue 19845[10].
• TCP Stream Graphs green sliding window line not displayed
correctly. Issue 19846[11].
• Wireshark window doesn’t fully fit on screen on small resolutions
and can’t be resized properly on Russian language. Issue
19861[12].
• Wireshark started from command line doesn’t set
gui.fileopen_remembered_dir correctly on Windows. Issue
19891[13].
• Wireshark expects wrong length for DHCP Relay Agent Information
Source Port Suboption. Issue 19909[14].
• SIP P-Access-Network-Info header not correctly decoded. Issue
19917[15].
Updated Protocol Support
DHCP, E.212, MySQL, NAS-5GS, PKT CCC, ProtoBuf, RADIUS, RLC-LTE, RTP,
SIP, SPRT, Thrift, and Wi-SUN
New and Updated Capture File Support
log3gpp
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
7674c7533e |
c-ares: Update to version 1.32.1
- Update from version 1.17.1 to 1.32.1
- Update of rootfile
- There have been 22 version updates that are now being applied. 4 of these releases had
security issues being addressed and there have been 5 CVE's and fixes
- Changelog
1.32.1
Bugfixes:
Channel lock needs to be recursive to ensure calls into c-ares functions can
be made from callbacks otherwise deadlocks will occur. This regression was
introduced in 1.32.0
1.32.0
Features:
Add support for DNS 0x20 to help prevent cache poisoning attacks, enabled by
specifying ARES_FLAG_DNS0x20. Disabled by default. PR #800
Rework query timeout logic to automatically adjust timeouts based on network
conditions. The timeout specified now is only used as a hint until there is
enough history to calculate a more valid timeout. PR #794
Changes:
DNS RR TXT strings should not be automatically concatenated as there are use
cases outside of RFC 7208. In order to maintain ABI compliance, the ability
to retrieve TXT strings concatenated is retained as well as a new API to
retrieve the individual strings. This restores behavior from c-ares 1.20.0.
PR #801
Clean up header inclusion logic to make hacking on code easier. PR #797
GCC/Clang: Enable even more strict warnings to catch more coding flaws. 253bdee
MSVC: Enable /W4 warning level. PR #792
Bugfixes:
Tests: Fix thread race condition in test cases for EventThread. PR #803
Windows: Fix building with UNICODE. PR #802
Thread Saftey: ares_timeout() was missing lock. 74a64e4
Fix building with DJGPP (32bit protected mode DOS). PR #789
1.31.0
Changes:
Enable Query Cache by default. PR #786
Bugfixes:
Enhance Windows DNS configuration change detection to also detect manual DNS
configuration changes. PR #785
Various legacy MacOS Build fixes. Issue #782
Ndots value of zero in resolv.conf was not being honored. 852a60a
Watt-32 build support had been broken for some time. PR #781
Distribute ares_dns_rec_type_tostr manpage. PR #778
1.30.0
Features:
Basic support for SIG RR record (RFC 2931 / RFC 2535) PR #773
Changes:
Validation that DNS strings can only consist of printable ascii characters
otherwise will trigger a parse failure. 75de16c and 40fb125
Windows: use GetTickCount64() for a monotonic timer that does not wrap. 1dff8f6
Bugfixes:
QueryCache: Fix issue where purging on server changes wasn’t working. a6c8fe6
Windows: Fix Y2K38 issue by creating our own ares_timeval_t datatype. PR #772
Fix packaging issue affecting MacOS due to a missing header. 55afad6
MacOS: Fix UBSAN warnings that are likely meaningless due to alignment issues
in new MacOS config reader.
Android: arm 32bit build failure due to missing symbol. d1722e6
1.29.0
Features:
When using ARES_OPT_EVENT_THREAD, automatically reload system configuration
when network conditions change. PR #759
Apple: reimplement DNS configuration reading to more accurately pull DNS
settings. PR #750
Add observability into DNS server health via a server state callback, invoked
whenever a query finishes. PR #744
Add server failover retry behavior, where failed servers are retried with
small probability after a minimum delay. PR #731
Changes:
Mark ares_channel_t * as const in more places in the public API. PR #758
Bugfixes:
Due to a logic flaw dns name compression writing was not properly implemented
which would result in the name prefix not being written for a partial match.
This could cause issues in various record types such as MX records when
using the deprecated API. Regression introduced in 1.28.0. Issue #757
Revert OpenBSD SOCK_DNS flag, it doesn’t do what the docs say it does and
causes c-ares to become non-functional. PR #754
ares_getnameinfo(): loosen validation on salen parameter. Issue #752
cmake: Android requires C99. PR #748
ares_queue_wait_empty() does not honor timeout_ms >= 0. Issue #742
1.28.1
This release contains a fix for a single significant regression introduced in
c-ares 1.28.0.
ares_search() and ares_getaddrinfo() resolution fails if no search domains
are specified. Issue #737
1.28.0
Features:
Emit warnings when deprecated c-ares functions are used. This can be disabled
by passing a compiler definition of CARES_NO_DEPRECATED. PR #732
Add function ares_search_dnsrec() to search for records using the new DNS
record data structures. PR #719
Rework internals to pass around ares_dns_record_t instead of binary data,
this introduces new public functions of ares_query_dnsrec() and
ares_send_dnsrec(). PR #730
Changes:
tests: when performing simulated queries, reduce timeouts to make tests run
faster
Replace configuration file parsers with memory-safe parser. PR #725
Remove acountry completely, the manpage might still get installed otherwise.
Issue #718
Bugfixes:
CMake: don’t overwrite global required libraries/definitions/includes which
could cause build errors for projects chain building c-ares. Issue #729
On some platforms, netinet6/in6.h is not included by netinet/in.h and needs
to be included separately. PR #728
Fix a potential memory leak in ares_init(). Issue #724
Some platforms don’t have the isascii() function. Implement as a macro. PR #721
CMake: Fix Chain building if CMAKE runtime paths not set
NDots configuration should allow a value of zero. PR #735
1.27.0
Security:
Moderate. CVE-2024-25629. Reading malformatted /etc/resolv.conf,
/etc/nsswitch.conf or the HOSTALIASES file could result in a crash.
GHSA-mg26-v6qh-x48q
Features:
New function ares_queue_active_queries() to retrieve number of in-flight
queries. PR #712
New function ares_queue_wait_empty() to wait for the number of in-flight
queries to reach zero. PR #710
New ARES_FLAG_NO_DEFLT_SVR for ares_init_options() to return a failure if no
DNS servers can be found rather than attempting to use 127.0.0.1. This also
introduces a new ares status code of ARES_ENOSERVER. PR #713
Changes:
EDNS Packet size should be 1232 as per DNS Flag Day. PR #705
Bugfixes:
Windows DNS suffix search list memory leak. PR #711
Fix warning due to ignoring return code of write(). PR #709
CMake: don’t override target output locations if not top-level. Issue #708
Fix building c-ares without thread support. PR #700
1.26.0
Features:
Event Thread support. Integrators are no longer required to monitor the file
descriptors registered by c-ares for events and call ares_process() when
enabling the event thread feature via ARES_OPT_EVENT_THREAD passed to
ares_init_options(). PR #696
Added flags to are_dns_parse() to force RAW packet parsing. PR #693
Changes:
Mark ares_fds() as deprecated. PR #691
Bugfixes:
adig: Differentiate between internal and server errors. e10b16a
Autotools allow make to override CFLAGS/CPPFLAGS/CXXFLAGS. PR #695
Autotools: fix building for 32bit windows due to stdcall symbol mangling.
PR #689
RR Name should not be sanity checked against the Question. PR #685
1.25.0
Changes:
AutoTools: rewrite build system to be lighter weight and fix issues in some
semi-modern systems. It is likely this has broken building on some less
common and legacy OSs, please report issues. PR #674
Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory safety
reasons. 88c444d
The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and IPv6
addresses by default. PR #669
OpenBSD: Add SOCK_DNS flag when creating socket. PR #659
Bugfixes:
Tests: Live reverse lookups for Google’s public DNS servers no longer return
results, replace with CloudFlare pubic DNS servers. 1231aa7
MacOS legacy SDKs require sys/socket.h before net/if.h PR #673
Connection failures should increment the server failure count first or a
retry might be enqueued to the same server. 05181a6
On systems that don’t implement the ability to enumerate network interfaces
the stubs used the wrong prototype. eebfe0c
Fix minor warnings and documentation typos. PR #666
Fix support for older GoogleTest versions. d186f11
getrandom() may require sys/random.h on some systems. Issue #665
Fix building tests with symbol hiding enabled. Issue #664
1.24.0
Features:
Add support for IPv6 link-local DNS servers. Nameserver formats can now
accept the %iface suffix, and a new ares_get_servers_csv() function was
added to return servers that can contain the link-local interface name.
Changes:
Unbundle GoogleTest for test cases. Package maintainers will now need to
require GoogleTest (GMock) as a build dependency if building tests. New
GoogleTest versions require C++14 or later.
Replace nameserver parsing code to use new memory-safe functions.
Replace the sortlist parser with new memory-safe functions.
Various warning fixes and dead code removal.
Bugfixes:
Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to compile with
thread safety support.
A non-responsive DNS server that caused timeouts wouldn’t increment the
failure count, this would lead to other servers not being tried. Regression
introduced in 1.22.0.
Some projects that depend on c-ares expect invalid parameter option values
passed into ares_init_options() to simply be ignored. This behavior has been
restored.
On linux getrandom() can fail if the kernel doesn’t support the syscall, fall
back to another random source.
ares_cancel() when performing ares_gethostbyname() or ares_getaddrinfo() with
AF_UNSPEC, if called after one address class was returned but before the
other address class, it would return ARES_SUCCESS rather than ARES_ECANCELLED.
1.23.0
Features:
Introduce optional (but on by default) thread-safety for the c-ares library.
This has no API nor ABI implications.
resolv.conf in modern systems uses attempts and timeouts options instead of
the old retrans and retry options.
Query caching support based on TTL of responses. Can be enabled via
ares_init_options() with ARES_OPT_QUERY_CACHE.
Bugfixes:
ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept the
port in host byte order, but it was reading it as network byte order.
Regression introduced in 1.20.0.
ares_init_options() for ARES_FLAG_NOSEARCH was not being honored for
ares_getaddrinfo() or ares_gethostbyname(). Regression introduced in 1.16.0.
Autotools MacOS and iOS version check was failing
Environment variables passed to c-ares are meant to be an override for system
configuration. Regression introduced in 1.22.0.
Spelling fixes as detected by codespell.
The timeout returned by ares_timeout() was truncated to milliseconds but
validated to microseconds which could cause a user to attempt to process
timeouts prior to the timeout actually expiring.
CMake was not honoring CXXFLAGS passed in via the environment which could
cause compile and link errors with distribution hardening flags during
packaging.
Fix Windows UWP and Cygwin compilation.
ares_set_servers_*() for legacy reasons needs to accept an empty server list
and zero out all servers. This results in an inoperable channel and thus is
only used in simulation testing, but we don’t want to break users.
Regression introduced in 1.21.0.
1.22.1
Bugfixes:
Fix /etc/hosts processing performance with all entries using same IPaddress.
Large hosts files using the same IP address for all entries could use
exponential time.
Fix typos in manpages
Fix OpenWatcom building
1.22.0
Features:
ares_reinit() is now implemented to re-read any system configuration and
immediately apply to an existing ares channel
The adig command line program has been rewritten and its format now more
closely matches that of BIND’s dig utility
The new DNS message parser and writer functions have now been made public
RFC9460 HTTPS and SVCB records are now supported
RFC6698 TLSA records are now supported
The server list is now internally dynamic and can be changed without
impacting existing queries
Hosts file processing is now cached until the file is detected to be changed
to speed up repetitive lookups of large hosts files
Changes:
Internally all DNS messages are now written using the new DNS writing functions
EDNS is now enabled by default
Internal cleanups in function prototypes
Bugfixes:
Randomize retry penalties to prevent thundering herd issues when dns servers
throttle requests
Fix Windows build error for missing if_indextoname()
1.21.0
Changes:
Provide better man page cross-links.
Introduce ares_status_t as an enum rather than using #define list and integer
data type for internal functions.
Introduce ares_bool_t datatype rather than using an integer with 0/1 so it is
clear based on the function prototype what it returns.
Increase compiler warning levels by default.
Use size_t and other more proper datatypes internally (rather than int).
Many developers have used different code styles over the years, standardize
on one and use clang-format to enforce the style.
CMake can now control symbol visibility
Replace multiple DNS hand-made parsers with new memory-safe DNS message parser.
Bugfixes:
Tools: STAYOPEN flag could make tools not terminate.
Socket callbacks were passed SOCK_STREAM instead of SOCK_DGRAM on udp.
1.20.1
Bugfixes:
Resolve use-after-free issue when TCP connection is terminated before a
response is returned
Reduce number of queries for a load test case to prevent overloading some
build systems
Fix fuzz test build target
1.20.0
Changes:
Update from 1989 MIT license text to modern MIT license text
Remove acountry from built tools as nerd.dk is gone
Add new ARES_OPT_UDP_MAX_QUERIES configuration option to limit the number of
queries that can be made from a single ephemeral port
Default per-query timeout has been reduced to 2s with a 3x retry count
Modernization: start implementing some common data structures that are easy
to use and hard to misuse. This will make code refactoring easier and remove
some varied implementations in use. This change also makes ares_timeout()
more efficient
Use SPDX identifiers and a REUSE CI job to verify
rand: add support for getrandom()
Bug fixes:
TCP back to back queries were broken
Ensure queries for ares_getaddrinfo() are not requeued during destruction
ares_getaddrinfo() should not retry other address classes if one address
class has already been returned
Avoid production ill-formed result when qualifying a name with the root domain
Fix missing prefix for CMake generated libcares.pc
DNS server ports will now be read from system configuration instead of
defaulting to port 53
Remove some unreachable code
Replace usages of sprintf with snprintf
Fix Watcom instructions and update Windows URLs
1.19.1
Security:
CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs
CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
compilation
Bug fixes:
Fix uninitialized memory warning in test
Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses
ares_getaddrinfo() should allow a port of 0
Fix memory leak in ares_send() on error
Fix comment style in ares_data.h
Remove unneeded ifdef for Windows
Fix typo in ares_init_options.3
Re-add support for Watcom compiler
Sync ax_pthread.m4 with upstream
Windows: Invalid stack variable used out of scope for HOSTS path
Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
1.19.0
Security:
Low. Stack overflow in ares_set_sortlist() which is used during c-ares
initialization and typically provided by an administrator and not an end user.
Changes:
Windows: Drop support for XP and derivatives which greatly cleans up
initialization code.
Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying a
custom hosts file location.
Add vcpkg installation instructions
Bug fixes:
Fix cross-compilation from Windows to Linux due to CPACK logic.
Fix memory leak in reading /etc/hosts when using localhost fallback.
Fix chain building c-ares when libresolv is already included by another project
File lookup should not immediately abort as there may be other tries due to
search criteria.
Asterisks should be allowed in host validation as CNAMEs may reference
wildcard domains
AutoTools build system referenced bad STDC_HEADERS macro
Even if one address class returns a failure for ares_getaddrinfo() we should
still return the results we have
CMake Windows: DLLs did not include resource file to include versions
CMake: Guard target creation in exported config
Fix ares_getaddrinfo() numerical address resolution with AF_UNSPEC
Apple: fix libresolv configured query times.
Fix tools and help information
Various documentation fixes and cleanups
Add include guards to ares_data.h
c-ares could try to exceed maximum number of iovec entries supported by system
CMake package config generation allow for absolute install paths
Intel compiler fixes
ares_strsplit bugs
The RFC6761 6.3 states localhost subdomains must be offline too.
1.18.1
Bug fixes:
ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 adddresses rather
than the sizeof(struct sockaddr_in6)
1.18.0
Changes:
Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
Provide ares_nameser.h as a public interface as needed by NodeJS
Update URLs from c-ares.haxx.se to c-ares.org
During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the
search process will continue to the next domain in the search.
Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo() as they
followed very similar code paths and ares_gethostbyaddr() has some more
desirable features such as priority sorting and parallel queries for
AF_UNSPEC.
ares_getaddrinfo() now contains a name element in the address info structure
as the last element. This is not an API or ABI break due to the structure
always being internally allocated and it being the last element.
ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly identical,
those now use the same helper functions for parsing rather than having
their own code.
RFC6761 Section 6.3 says “localhost” lookups need to be special cased to
return loopback addresses, and not forward queries to recursive dns servers.
On Windows this now returns all loopback addresses, on other systems it
returns 127.0.0.1 or ::1 always, and will never forward a request for
“localhost” to outside DNS servers.
Haiku: port
Bug fixes:
add build to .gitignore
z/OS minor update, add missing semicolon in ares_init.c
Fix building when latest ax_code_coverage.m4 is imported
Work around autotools ‘error: too many loops’ and other newer autotools
import related bugs.
MinGW cross builds need advapi32 link as lower case
Cygwin build fix due to containing both socket.h and winsock2.h
ares_expand_name should allow underscores (_) as SRV records legitimately
use them
Allow ‘/’ as a valid character for a returned name for CNAME in-addr.arpa
delegation
ares_getaddrinfo() was not honoring HOSTALIASES
ares_getaddrinfo() had some test cases disabled due to a bug in the test
framework itself which has now been resolved
1.17.2
Security:
NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on
systems where malloc(0) returns NULL. This would cause a crash.
When building c-ares with CMake, the RANDOM_FILE would not be set and
therefore downgrade to the less secure random number generator
If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a
crash
Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS
response
Expand number of escaped characters in DNS replies as per RFC1035 5.1 to
prevent spoofing follow-up
Perform validation on hostnames to prevent possible XSS due to applications
not performing valiation themselves
Changes:
Use non-blocking /dev/urandom for random data to prevent early startup
performance issues
z/OS port
ares_malloc(0) is now defined behavior (returns NULL) rather than
system-specific to catch edge cases
Bug fixes:
Fuzz testing files were not distributed with official archives
Building tests should not force building of static libraries except on Windows
Windows builds of the tools would fail if built as static due to a missing
CARES_STATICLIB definition
Relative headers must use double quotes to prevent pulling in a system library
Fix OpenBSD building by implementing portability updates for including
arpa/nameser.h
Fix building out-of-tree for autotools
Make install on MacOS/iOS with CMake was missing the bundle destination so
libraries weren’t actually installed
Fix retrieving DNS server configuration on MacOS and iOS if the configuration
did not include search domains
ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup()
instead of ares_strdup()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
ce757b5578 |
util-linux: Update to version 2.40.2
- Update from version 2.40.1 to 2.40.2
- Update of rootfiles not required.
- Changelog
2.40.2
autotools:
- Properly order install dependencies of pam_lastlog2 [Thomas Weißschuh]
- make pam install path configurable [Thomas Weißschuh]
bash-completion:
- add logger --sd-* completions [Ville Skyttä]
build-sys:
- _PATH_VENDORDIR workaround [Karel Zak]
cfdisk:
- fix possible integer overflow [coverity scan] [Karel Zak]
docs:
- update AUTHORS file [Karel Zak]
include/pidfd-utils:
- provide ENOSYS stubs if pidfd functions are missing [Thomas Weißschuh]
- remove hardcoded syscall fallback [Karel Zak]
lib/buffer:
- introduce ul_buffer_get_string() [Thomas Weißschuh]
lib/fileutils:
- add ul_basename() [Karel Zak]
lib/path:
- Fix ul_path_read_buffer() [Daan De Meyer]
lib/sysfs:
- abort device hierarchy walk at root of sysfs [Thomas Weißschuh]
- zero-terminate result of sysfs_blkdev_get_devchain() [Thomas Weißschuh]
libmount:
- fix syscall save function [Karel Zak]
- fix tree FD usage in subdir hook [Karel Zak]
- improving robustness in reading kernel messages [Karel Zak]
- add pidfs to pseudo fs list [Mike Yuan]
libsmartcols:
- fix reduction stages use [Karel Zak]
- ensure filter-scanner/paser.c file is newer than the .h file [Chen Qi]
libuuid:
- clear uuidd cache on fork() [Thomas Weißschuh]
- drop check for HAVE_TLS [Thomas Weißschuh]
- drop duplicate assignment liuuid_la_LDFLAGS [Karel Zak]
- split uuidd cache into dedicated struct [Thomas Weißschuh]
- Conditionally add uuid_time64 to sym. version map [Nicholas Vinson]
lscpu:
- New Arm Cortex part numbers [Jeremy Linton]
lsfd:
- Refactor the pidfd logic into lsfd-pidfd.c [Xi Ruoyao]
- Support pidfs [Xi Ruoyao]
- test Adapt test cases for pidfs [Xi Ruoyao]
meson:
- Correctly require the Python.h header for the python dependency [Jordan Williams]
- Fix build-python option [Jordan Williams]
- Only require Python module when building pylibmount [Jordan Williams]
misc-utils:
- uuidd Use ul_sig_err instead of errx [Cristian Rodríguez]
mkswap.8.adoc:
- update note regarding swapfile creation [Mike Yuan]
po:
- merge changes [Karel Zak]
- update es.po (from translationproject.org) [Antonio Ceballos Roa]
- update ja.po (from translationproject.org) [Hideki Yoshida]
po-man:
- merge changes [Karel Zak]
rename:
- use ul_basename() [Karel Zak]
sys-utils/setpgid:
- make -f work [Emanuele Torre]
wdctl:
- always query device node when sysfs is unavailable [Thomas Weißschuh]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
7e1596d07c |
pcre2: Update to version 10.44
- Update from version 10.43 to 10.44
- Update of rootfile
- Changelog
10.44
This is mostly a bug-fix and tidying release. There is one new function, to set
a maximum size for a compiled pattern. The maximum name length for groups is
increased to 128. Some auxiliary files for building under VMS are added.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
2e8e20eea1 |
man-pages: Update to version 6.9.1
- Update from 6.8 to 6.9.1 - Update of rootfile - Changelog details can be see in the file named Changes in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
6c38b383e0 |
less: Update to version 661
- Update from version 633 to 661
- Update of rootfile not required
- Changelog
661
* Add ^O^N, ^O^P, ^O^L and ^O^O commands and mouse clicks (with --mouse)
to find and open OSC8 hyperlinks (github #251).
* Add --match-shift option.
* Add --lesskey-content option (github #447).
* Add LESSKEY_CONTENT environment variable (github #447).
* Add --no-search-header-lines and --no-search-header-columns options
(github #397).
* Add ctrl-L search modifier (github #367).
* A ctrl-P at the start of a shell command suppresses the "done"
message (github #462).
* Add attribute characters ('*', '~', '_', '&') to --color
parameter (github #471).
* Allow expansion of environment variables in lesskey files.
* Add LESSSECURE_ALLOW environment variable (github #449).
* Add LESS_UNSUPPORT environment variable.
* Add line number parameter to --header option (github #436).
* Mouse right-click jumps to position marked by left-click (github #390).
* Ensure that the target line is not obscured by a header line
set by --header (github #444).
* Change default character set to "utf-8", except remains "dos" on MS-DOS.
* Add message when search with ^W wraps (github #459).
* UCRT builds on Windows 10 and later now support Unicode file names
(github #438).
* Improve behavior of interrupt while reading non-terminated pipe
(github #414).
* Improve parsing of -j, -x and -# options (github #393).
* Support files larger than 4GB on Windows (github #417).
* Support entry of Unicode chars larger than U+FFFF on Windows (github #391).
* Improve colors of bold, underline and standout text on Windows.
* Allow --rscroll to accept non-ASCII characters (github #483).
* Allow the parameter to certain options to be terminated with a
space (--color, --quotes, --rscroll, --search-options
and --intr) (github #495).
* Fix bug where # substitution failed after viewing help (github #420).
* Fix crash if files are deleted while less is viewing them (github #404).
* Workaround unreliable ReadConsoleInputW behavior on Windows
with non-ASCII input.
* Fix -J display when searching for non-ASCII characters (github #422).
* Don't filter header lines via the & command (github #423).
* Fix bug when horizontally shifting long lines (github #425).
* Add -x and -D options to lesstest, to make it easier to diagnose
a failed lesstest run.
* Fix bug searching long lines with --incsearch and -S (github #428).
* Fix bug that made ESC-} fail if top line on screen was empty (github #429).
* Fix bug with --mouse on Windows when used with pipes (github #440).
* Fix bug in --+OPTION command line syntax.
* Fix display bug when using -w with an empty line with a CR/LF
line ending (github #474).
* When substituting '#' or '%' with a filename, quote the filename
if it contains a space (github #480).
* Fix wrong sleep time when system has usleep but not nanosleep (github #489).
* Fix bug when file name contains a newline.
* Fix bug when file name contains nonprintable characters (github #503).
* Fix DJGPP build (github #497).
* Update Unicode tables.
643
* Fix problem when a program piping into less reads from the tty,
like sudo asking for password (github #368).
* Fix search modifier ^E after ^W.
* Fix bug using negated (^N) search (github #374).
* Fix bug setting colors with -D on Windows build (github #386).
* Fix reading special chars like PageDown on Windows (github #378).
* Fix mouse wheel scrolling on Windows (github #379).
* Fix erroneous EOF when terminal window size changes (github #372).
* Fix compile error with some definitions of ECHONL (github #395).
* Fix crash on Windows when writing logfile (github #405).
* Fix regression in exit code when stdin is /dev/null and
output is a file (github #373).
* Add lesstest test suite to production release (github #344).
* Change lesstest output to conform with
automake Simple Test Format (github #399).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d14bfc70ee |
iana-etc: Update to version 20240701
- Update from version 20240502 to 20240701 - Update of rootfile not required - Changelog is not created. These files are created automatically to collect all iana changes. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
ecf01e3607 |
findutils: Update to version 4.10.0
- Update from version 4.9.0 to 4.10.0
- Update of rootfile not required
- Changelog
4.10.0
** Bug Fixes
Find now defaults to optimization level 1 rather than 2 and the
cost-based optimizer will only run at level 2 and above. This
should prevent changes of operation order which result in
user-visible differences in behaviour. [#58427]
If the -P option to xargs is not used, xargs will not change the way
in which the SIGUSR1 and SIGUSR2 signals are handled. This means
that they will cause the program to terminate if the signals were
not ignored in the process which started xargs. This also means that
xargs does not use parallel execution at all.
If you start xargs with '-P 1', then xargs will not be killed by these
signals, and they instead change the degree of parallelism.
This change improves xargs' POSIX compliance.
'xargs -P' now waits for all its child processes to complete before
exiting, even if one of them exits with status 255. [#64451]
If the -P option of xargs is in use, reads on standard input which are
interrupted by a signal are re-started. [#64442]
'find -name /' no longer outputs a warning, because that is a valid pattern
to match the root directory "/". Previously, a diagnostic falsely claimed
that this pattern would not match anything. [#62227]
'find -gid' (without the mandatory argument) now outputs a correct error
diagnostic. Previously it output: "find: invalid argument `-gid' to `-gid'".
The error diagnostic for non-numeric arguments has been improved as well.
Likewise for -inum, -links and -uid.
'find -user' and 'find -group' now allow to specify larger UIDs/GIDs.
Previously, that was limited to INT_MAX, although the types uid_t and gid_t
are larger on many systems, including x86_64 GNU/Linux. [#64900]
'find -xtype l' no longer fails on symbolic links that point to
themselves. These are treated similarly to broken links. [#51926]
** Improvements
The find predicates -used, -amin, -cmin, -mmin, -atime, -ctime, and -mtime
now properly diagnose a not-a-number argument. Previously, find dumped
core via an assertion. [#64717]
** Changes to the build process
findutils now builds again on systems with musl-libc.
This requires gettext-0.19.8.
findutils programs no longer fail for timestamps past the year 2038
on obsolete configurations with 32-bit signed time_t, because the
build procedure now rejects these configurations.
On systems without any year2038 support configure with --disable-year2038.
** Documentation Changes
When generating the Texinfo manual, `makeinfo` is invoked with the --no-split
option for all output formats now; this avoids files like find.info-[12].
The xargs documentation now describes the double dash "--" option delimiter.
The xargs examples in the Texinfo manual now use the -L and --replace options
instead of the deprecated -l and -i options. [#64480]
The TexInfo manual now uses upper-case 'B' as birthtime for the -newerXY
comparison consistently. [#65378]
** Translations
Updated the following translations: Belarusian, Brazilian Portuguese,
Bulgarian, Catalan, Chinese (simplified), Chinese (traditional),
Croatian, Czech, Danish, Dutch, Esperanto, Estonian, Finnish, French,
Galician, Georgian, German, Greek, Hungarian, Indonesian, Irish,
Italian, Japanese, Korean, Lithuanian, Luganda, Malay, Norwegian
Bokmaal, Polish, Portuguese, Romanian, Russian, Serbian, Slovak,
Slovenian, Spanish, Swedish, Turkish, Ukrainian, Vietnamese.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|