- Update from 5.2.0 to 6.1.0
- Update of rootfile
- Removal of --no-pie patch as the changes are now built into the qemu source files
- Changelog is too long to fully include here. Full details can be read at
https://wiki.qemu.org/ChangeLog/
Following are the deprecated options and features from each version.
6.1.0
Using non-persistent backing file with pmem=on is now deprecated.
'-display sdl,window_close=...' should be replaced with '-display sdl,window-close=...'
(i.e. with a minus instead of an underscore between “window” and “close”).
'-no-quit' is deprecated. '-display ...,window-close=off' should be used instead.
The Aspeed swift-bmc machine is deprecated and should be replaced by the
witherspoon-bmc or the romulus-bmc machines.
6.0.0
The --enable-fips option has been deprecated. Consumers wishing to have FIPS
compliance must build QEMU with libcrypt and gnutls, NOT nettle.
The -writeconfig option has been deprecated. The functionality of -writeconfig is
limited and the code does not even try to detect cases where it prints incorrect
syntax (for example if values have a quote in them). It will be removed without
replacement.
Boolean parameters such as share=on / share=off could be written in short form as
share and noshare. This is now deprecated and will cause a warning.
-chardev backend aliases tty and parport are aliases that will be removed. Instead,
the actual backend names serial and parallel should be used.
The delay option for socket character devices is now deprecated.
Userspace local APIC with KVM (-M kernel-irqchip=off)
hexadecimal sizes with scaling multipliers (e.g. 0x20M)
-spice password=string is deprecated now. Use password-secret option instead.
opened property of rng-* objects
loaded property of secret and secret_keyring
MIPS Trap-and-Emulate KVM support
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 0.185 to 0.186
- Update of rootfile
- find-dependencies with old libs did not report any issues
- Changelog
2021-11-10 Mark Wielaard <mark@klomp.org>
* configure.ac (AC_INIT): Set version to 0.186.
* NEWS: Add translation item.
2021-09-03 John Mellor-Crummey <johnmc@rice.edu>
* NEWS: Read inlining info in NVIDIA extended line map
2021-08-10 Adrian Ratiu <adrian.ratiu@collabora.com>
* configure.ac (AC_CACHE_CHECK): Rework std=gnu99 check to allow clang.
2021-08-20 Saleem Abdulrasool <abdulras@google.com>
* Add AC_CHECK_HEADERS for error.h and err.h.
2021-07-28 Mark Wielaard <mark@klomp.org>
* configure.ac (AC_CHECK_DECLS): Add reallocarray check.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Release annnouncement as per https://github.com/seccomp/libseccomp/releases/tag/v2.5.3:
Version 2.5.3 - November 5, 2021
Update the syscall table for Linux v5.15
Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
Document that seccomp_rule_add() may return -EACCES
Fix issues with test 11-basic-basic_errors on old kernels (API level < 5)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.7a (2013) to 1.22c (2021)
- Update rootfile
- Changelog is too large to include here. Full details can be read in the ChangeLog file
in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.31.0 to 2.33.1
- Update rootfile
- Changelog is too long to show here. The details can be found in the 2.31.1.txt,
2.32.0.txt, 2.33.0.txt and 2.33.1.txt files in the Documentation/RelNotes
directory in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Backup definition missing - created ro backup config file
- Update of rootfile
- Addition of backup definition install into lfs file
- Addition of restore and backup statements into install.sh and uninstall.sh pak scripts
Fixes: 12710
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.28.9 to 1.28 10
- Update rootfile
- Changelog
CHANGES IN V1.28.10
- Sample PPDs: Add borderless page size definitions to Generic
PDF Printer, HP Color LaserJet CM3530 MFP PDF, and Ricoh PDF
Printer PPD files.
- Sample PPDs: From the PDF PPD files removed the unneeded
"*cupsFilters2: ..." line. For CUPS it does not make any
difference.
- libcupsfilters: Fixed pdftopdf filter to correctly support
page ranges without upper limit, like "10-" (Pull request
#399).
- libcupsfilters: Use wildcard tag (IPP_TAG_ZERO) search for
"media-type" and "media-type-supported" in the PPD
generator (Pull request #398).
- implicitclass, parallel: Added missing newlines at error
messages.
- libfontembed: Removed unneeded fontembed/main.c and ttfread
executable. Eliminates the dependency on DejaVuSans.ttf
(Issue #386).
- gstoraster: Refactor the filter a little to clarify handling
of page counts and set job-impressions for TotalPageCount in
PWG-Raster header (Pull request #394).
- cups-browsed: Make NotifLeaseDuration configurable and renew
after half the lease duration not 60 sec before end. The
early renewal improves reliability on busy systems a
lot. For easier development and debugging short durations
from 300 sec on can get selected (Pull request #378).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 9.54 to 9.55.0
- Update rootfile
- Changelog
Version 9.55.0 (2021-09-27)
Highlights in this release include:
This release includes the fix for the %pipe% security issue (CVE-2021-3781).
New PDF Interpreter: This is an entirely new implementation written in C (rather
than PostScript, as before). For a full discussion of this change and reasons for
it see: Changes Coming to the PDF Interpreter.
In this (9.55.0) release, the new PDF interpreter is disabled by default in
Ghostscript, but can be used by specifying -dNEWPDF. We hope to make it the
default in 9.56.0, and fully deprecate the PostScript implementation shortly
after that (depending on the feedback we get).
This also allows us to offer a new executable (gpdf, or gpdfwin??.exe on Windows)
which is purely for PDF input. For this release, those new binaries are not
included in the "install" make targets, nor in the Windows installers (they will
be from 9.56.0 onwards).
We would ask that as many users as possible take the opportunity to test with the
new PDF implementation (i.e. using -dNEWPDF on your gs command line), and discuss
any problems with us, before the new implementation becomes the default.
The pdfwrite device now supports "passthrough" for JPX/JPG2000 data images (as
well as the already supported JPEG/DCT Encoded). That means that if no rescaling
or color conversion of the image data is required, the encoded/compressed image
data from the input file will be written unchanged to the output, preventing
potential image degradation caused by decompressing and recompressing.
The Ghostscript/GhostPDL demo apps for C, C#, Java and Python have all had
improvements and the C#/Java/Python language bindings have now been documented,
see Ghostscript Language Bindings
The Zugferd compliant PDF generating definitions (lib/zugferd.ps) have been
updated and expanded to support the current version (2.1.1) of the Zugferd spec,
and optionally different versions of the specification.
The PCL/m output devices now support Duplex/Tumble.
The internal support for "n-up" style simple imposition (introduced in 9.54.0) has
been extended and improved for better support across all input formats.
Ghostscript now supports object specific halftone - for example, different
halftones can be specified for text and images, reflecting the differing needs of
rendering those two types of object.
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In
such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render
the output file to an image, OCR that image, and output the image "wrapped" up as
a PDF file, with the OCR generated text information included as "invisible" text
(in PDF terms, text rendering mode 3).
Mainly due to time constraints, we only support including Tesseract from source
included in our release packages, and not linking to Tesseract/Leptonica shared
libraries. Whether we add this capability will be largely dependent on community
demand for the feature.
See Enabling OCR for more details.
For a list of open issues, or to report problems, please visit bugs.ghostscript.com.
Incompatible changes
(9.55.0) Changes to the device API. This will affect developers and maintainers of
Ghostscript devices. Firstly, and most importantly, the way device-specific
"procs" are specified has been rewritten to make it (we think!) clearer and less
confusing. See The Interface between Ghostscript and Device Drivers and The Great
Device Rework Of 2021 for more details.
(9.55.0) The command line options -sGraphicsICCProfile=___, -dGraphicsIntent=#,
-dGraphicsBlackPt=#, -dGraphicsKPreserve=# have been changed to
-sVectorICCProfile=___, -dVectorIntent=#, -dVectorBlackPt=#,
-dVectorKPreserve=#.
From 9.55.0 onwards, in recognition of how unwieldy very large HTML files can become
(History9.html had reached 8.1Mb!), we intend to only include the summary
highlights (above).
For anyone wanting the full details of the changes in a release, we ask them to look
at the history in our public git repository: ghostpdl-9.55.0 log.
If this change does not draw negative feedback, History?.htm file(s) will be removed
from the release archives.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 4.14.0.2 to 4.14.0.4
- Update of rootfile
- Changelog
v4.14.0.4 Release date: 2021-09-17
Changed:
Rebased with official coreboot repository commit d9f5d90
Enabled EHCI controller by default on apu3-apu6 platforms
Updated sortbootorder to v4.6.22
Added:
Safeguard against setting watchdog timeout too low
Known issues:
apuled driver doesn't work in FreeBSD. Check the GPIOs document for workaround.
Some PCIe cards are not detected on certain OSes and/or in certain mPCIe slots.
Check the mPCIe modules document for solution/workaround.
Booting with 2 USB 3.x sticks plugged in apu4 sometimes results in detecting
only 1 stick
Certain USB 3.x sticks happen to not appear in boot menu
Booting Xen is unstable
v4.14.0.3 Release date: 2021-08-06
Changed:
Rebased with official coreboot repository commit c049c80
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This v2 version used the frr-8.0.1 source instead of the frr-frr-8.0 source
- Update from 6.0 to 8.0.1
- 8.0.1 requires libyang for the build. Introduced with separate patch in this series.
- 6.0 is only compilable with python2.
python3 compatability was introduced in version 7.4
- Previously confirmed that building frr-8.0 was successful with only python3 available
- Added --disable-static to the ./configure options.
- Rootfile updated
- Changelog from 6.0 to 8.0.1 is too large to include here. It can be viewed to obtain
more details at https://github.com/FRRouting/frr/releases
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Added --without-rlm_python to ./configure to allow running without python2
- Updated rootfile
- Updated patch for preventing cert generation during buildtime to work with new
version of source code
- Update from 3.0.21 to 3.0.23
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- v2 version of series to add $(MAKETUNING) variable to ninja in spice-protocol
- Update from 0.14.0 to 0.15.0
- Update rootfile
- Version 0.15.0 of spice requires version 0.14.3 or higher of spice-protocol
- Changelog
Major Changes in 0.15:
This is the first release in the new 0.15.x stable series. This release should
be ready for production use.
* Minor updates to CI
* Some compatibility with OpenSSL
* Change the behavior of handle_dev_start ignoring multiple start requests
* Ignore multiple calls to handle_dev_stop
* Pick up newer spice-common to fix a buffer overflow issue
Major Changes in 0.14.91:
**IMPORTANT**
0.14.91 is the first release candidate for the stable 0.15.x series. While some
bugs might still be present, it should be reasonably stable. If you are looking
for stability for daily use, please keep using the latest 0.14.x release.
* Support UNIX abstract sockets
* Fix some potential thread race condition in RedClient
* Many cleanups in the code
* Improve migration test script
* Update in protocol documentation
* Improve Meson build
* Removed CELT support
* Update CI
* Removed QXLWorker definition, it was deprecated 6 years ago
* Fix some compatibility with MacOS
* Fix some compatibility with Windows
* Move the project to C++
* Some fixes for SASL dealing with WebDAV
* Fix minor Coverity reports
* Add Doxygen support, manually built with "make doxy"
* Support more mouse buttons (up to 16 buttons)
* CVE-2020-14355 multiple buffer overflow vulnerabilities in QUIC decoding
code
Major Changes in 0.14.3:
Main changes are WebSocket and support for Windows.
* Add support for WebSocket, this will allow to use spice-html5 without proxy
* Support Windows, now Qemu Windows can be build enabling Spice
* Fix some alignment problem
* Converted some documentation to Asciidoc format to make easier to update,
updated some
* Minor compatibility fix for PPC64EL and ARMHF
* Minor fixes for big endian machines like MIPS
* Avoid some crashes with some buggy guest drivers, simply ignore the invalid
request
* Fix for old OpenSSL versions
* Minor fix for Windows clients and brushes, fixed an issue with Photoshop
under Windows 7
* Add ability to query video-codecs
* Small use-after-free fix
* Fix for debugging recording/replaying using QUIC images
* Fix a regression where spice reported no monitors to the client
* Fix DoS in spicevmc if WebDAV used
* Updated and improved test migration script
* Some minor fixes to smartcard support
* Avoid possible disconnection using proxies using a in-flow keepalive
mechanism
Major Changes in 0.14.2:
Main changes are support for Meson build and graphic device info
messages allowing to better support multi-monitor configurations.
* CVE-2019-3813: fix off-by-one error in group/slot boundary check
* support H265 in stream-channel
* add support for building with meson/ninja
* minor tests fixes improving CI
* set char device state for smartcard, allowing Qemu optimization
* improve red-parse-qxl.c interface making it more consistent
* add some instrumentation for streaming device
* QXL interface: add a function to identify monitors in the guest
(spice_qxl_set_device_info)
* add support for GraphicsDeviceInfo messages
* video-stream: prevent crash on stream reattach
* make channel client callbacks virtual functions
* bumped minimum required glib version to 2.38
* attempt to have a reliable led state for keyboard modifiers
Major Changes in 0.14.1:
The main change in this release is the addition of a new protocol extension
in order to support streaming the remote display as a video stream rather than
going through the QXL protocol. Together with spice-streaming-agent, and/or with
more work on the qemu/spice-server side, this should allow streaming of 3D
accelerated VMs in the future. At this point, this part of spice-server is
still a work in progress (multi-monitor support and various features are
missing).
* add new org.spice-space.stream.0 channel used for passing an encoded video
stream from the guest to the client
* add support for TCP_CORK to reduce the amount of packets that we send
* fix CVE-2018-10873
* fix cursor related migration crash
* fix regression causing sound recording to be muted after
client disconnection/reconnection (introduced in 0.13.90)
* fix regression in corner cases where images could be sent uncompressed
when they used to be compressed with QUIC
* disable TLS 1.0 support
* CELT 0.5.1 support is now disabled by default. If celt051-devel is installed
at build-time, --enable-celt051/--disable-celt051 must be explicitly specified
* drop support for unsupported OpenSSL version. OpenSSL 1.0.0 or newer is now
required
* bumped minimum required glib version to 2.32
* endianness fixes
* (small) leak fixes
* usual round of code cleanups
* not directly related to this release, but the upstream git repository is now
hosted on gitlab.freedesktop.org
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.2.15 (2013) to 2.0.16 (2021)
- Source file name changed from SDL to SDL2 so also deleted old sdl and created sdl2
files for rootfile and lfs
- Changelog is too large to include here. Details can be found in the WhatsNew.txt file
in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://blog.clamav.net/2021/09/clamav-01040-released.html
New requirements and major changes:
"As of ClamAV 0.104, CMake is required to build ClamAV
...
The built-in LLVM for the bytecode runtime has been removed."
But since the current 'llvm 12.0.1' version refused to be build
"...you will need to supply the development libraries for LLVM
version 3.6.2" - which is ~6 years old - I gave up with 'llvm'
and stayed with the bytecode "interpreter".
Cited:
"The bytecode interpreter is the default runtime for bytecode
signatures just as it was in ClamAV 0.103.
@ALL:
In 'clamav 0.104.0' there is no appropriate cmake option for
"CONFIGURE_FLAGS = --disable-fanotify" for ARM buildings anymore.
Perhaps there is a kernel option for this?
=> https://docs.clamav.net/manual/OnAccess.html#requirements
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 2.8.8 to 2.10.0
- Update of rootfile carried out
- Changelog
2.10.0:
[ tatsuz ]
* updated Visual Studio projects to VS 2019 (#54)
[ Fabian Greffrath ]
* mp4read.c: fix stack-buffer-overflow in stringin()/ftypin()
* fix heap-buffer-overflow in mp4read.c
[ Clayton Smith ]
* Remove non-ASCII characters
* Remove trailing whitespace
[ Andrew Wesie ]
* Check return value of ltp_data.
* Restrict SBR frame length to 960 and 1024 samples.
* Support object type 29.
* Support implicit SBR signaling in frontend.
* Fix PNS decoding when only right channel is noise.
* Initialize element_id array with an invalid id.
* Fix NULL pointer dereferences.
* Fix infinite loop in adts_parse.
* Fix infinite loop in huffman_getescape.
* Check for error after each channel decode.
* Check for inconsistent number of channels.
2.9.2:
[ Michał Janiszewski ]
* Only use x86-assembly when explicitly on x86
* Use unsigned integers correctly
* Initialize pointers that might otherwise not be
[ Fabian Greffrath ]
* update README esp. WRT directory structure
[ Rosen Penev ]
* fix compilation without SBR/PS_DEC (#48)
* fix compilation with LC_ONLY_DECODER (#47)
[ Fabian Greffrath ]
* fix "inline function 'cfftf1' declared but never defined" compiler warning
* fix some inconsistencies in the frontend output
* mp4read_open: add check for failed frame buffer allocation
* stszin: add check for allocation error and integer overflow
* add a pkg-config file
[ Stefan Pöschel ]
* frontend: address compile warning + add missing LF (#50)
[ François Cartegnie ]
* library name is faad (#52)
* Unbreak PS audio (#51)
2.9.1:
[ Fabian Greffrath ]
* Include stdio.h in libfaad/ps_dec.c for stderr (Michael Fink)
* Fix Tille -> Title typo in frontend/mp4read.c (Alexander Thomas)
2.9.0:
[ Krzysztof Nikiel ]
* Build system fixes and code clean-up
[ LoRd_MuldeR ]
* Fix compiler warnings and code indentation
* Fix compilation with GCC <= 4.7.3
* MSVC solution file clean-up
[ Cameron Cawley ]
* Fix compilation with GCC 4.7.4
* Fix compilation with MinGW
[ Michael Fink ]
* MSVC 2017 project file update
[ Hugo Lefeuvre ]
* Fix crash with unsupported MP4 files (NULL pointer dereference,
division by zero)
* CVE-2019-6956: ps_dec: sanitize iid_index before mixing
* CVE-2018-20196: sbr_fbt: sanitize sbr->M (should not exceed MAX_M)
* CVE-2018-20199, CVE-2018-20360: specrec: better handle unexpected
parametric stereo (PS)
* CVE-2018-20362, CVE-2018-19504, CVE-2018-20195, CVE-2018-20198,
CVE-2018-20358: syntax.c: check for syntax element inconsistencies
* CVE-2018-20194, CVE-2018-19503, CVE-2018-20197, CVE-2018-20357,
CVE-2018-20359, CVE-2018-20361: sbr_hfadj: sanitize frequency band
borders
[ Hugo Beauzée-Luyssen ]
* CVE-2019-15296, CVE-2018-19502: Fix a couple buffer overflows
[ Filip Roséen ]
* Prevent crash on SCE followed by CPE
[ Gianfranco Costamagna ]
* Fix linking with GCC 9 and "-Wl,--as-needed"
[ Fabian Greffrath ]
* Enable the frontend to be built reproducibly
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 3.0.3 to 3.0.6
- Update of rootfile carried out
- Changelog
## Lynis 3.0.6 (2021-07-22)
### Added
- OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
- Check for outdated translation files
### Changed
- DBS-1826 - Check if PostgreSQL is being used
- DBS-1828 - Test multiple PostgreSQL configuration file(s)
- KRNL-5830 - Sort kernels by version instead of modification date
- PKGS-7410 - Don't show exception for systems using LXC
- GetHostID function: fallback options added for Linux systems
- Fix: macOS Big Sur detection
- Fix: show correct text when egrep is missing
- Fix: variable name for PostgreSQL
- German and Spanish translations extended
## Lynis 3.0.5 (2021-07-02)
### Added
- OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
- CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
### Changed
- ACCT-9622 - Corrected typo
- HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
- PKGS-7320 - extended to Arch Linux 32
- Generation of host identifiers (hostid/hostid2) extended
- Linux host identifiers are now using ip as preferred input source
- Improved logging in several areas
## Lynis 3.0.4 (2021-05-11)
### Added
- ACCT-9670 - Detection of cmd tooling
- ACCT-9672 - Test cmd configuration file
- BOOT-5140 - Check for ELILO boot loader presence
- OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
### Changed
- BOOT-5104 - Add service manager detection support for runit
- FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
- FIRE-4540 - Corrected nftables empy ruleset test
- LOGG-2138 - Do not check for klogd when metalog is being used
- TIME-3185 - Improved support for Debian stretch
- Corrected issue when Lynis is not executed directly from lynis directory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.11.1 to 1.12
- Update rootfile
- Changelog
TagLib 1.12 (Feb 16, 2021)
* Added support for WinRT.
* Added support for Linux on POWER.
* Added support for classical music tags of iTunes 12.5.
* Added support for file descriptor to FileStream.
* Added support for 'cmID', 'purl', 'egid' MP4 atoms.
* Added support for 'GRP1' ID3v2 frame.
* Added support for extensible WAV subformat.
* Enabled FileRef to detect file types based on the stream content.
* Dropped support for Windows 9x and NT 4.0 or older.
* Check for mandatory header objects in ASF files.
* More tolerant handling of RIFF padding, WAV files, broken MPEG streams.
* Improved calculation of Ogg, Opus, Speex, WAV, MP4 bitrates.
* Improved Windows compatibility by storing FLAC picture after comments.
* Fixed numerical genres in ID3v2.3.0 'TCON' frames.
* Fixed consistency of API removing MP4 items when empty values are set.
* Fixed consistency of API preferring COMM frames with no description.
* Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439).
* Fixed handling of empty MPEG files.
* Fixed parsing MP4 mdhd timescale.
* Fixed reading MP4 atoms with zero length.
* Fixed reading FLAC files with zero-sized seektables.
* Fixed handling of lowercase field names in Vorbis Comments.
* Fixed handling of 'rate' atoms in MP4 files.
* Fixed handling of invalid UTF-8 sequences.
* Fixed possible file corruptions when saving Ogg files.
* Fixed handling of non-audio blocks, sampling rates, DSD audio in WavPack files.
* TableOfContentsFrame::toString() improved.
* UserTextIdentificationFrame::toString() improved.
* Marked FileRef::create() deprecated.
* Marked MPEG::File::save() with boolean parameters deprecated,
provide overloads with enum parameters.
* Several smaller bug fixes and performance improvements.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 3.21.2 to 3.21.6
- Update of rootfile
- Changelog
3.21.6
Added support for following new Distro's:
Fedora 34
Ubuntu 21.04
OpenSuse 15.3
Debian 10.9
3.21.4
Added support for following new Distro's:
LinuxMint 20.1
Debian 10.8
Added support for the following new Printers:
HP Envy 6400 series
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 9.53.3 to 9.54.0
- Update rootfile
- delete patch related to FT_CALLBACK_DEF as fix has been implemented in the source
tarball
- Changelog highlights
Version 9.54.0 (2021-03-30)
The 9.54.0 release is a maintenance release, and also adds new functionality.
Highlights in this release include:
Overprint simulation is now available to all output devices, allowing quality previewing/proofing of PostScript and PDF jobs that rely on overprint. See the -dOverprint option documentation in: Overprint
The "docxwrite" device adds the ability to output to Microsoft Word "docx" format. See: docxwrite
The pdfwrite device is now capable of using the Tesseract OCR engine when it is built into Ghostscript to improve searchability and copy and paste functionality when the input lacks the metadata for that purpose. See: UseOCR
Ghostscript/GhostPDL now includes a "map text to black" function, where text drawn by an input job (except when drawn using a Type 3 font) can be forced to draw in solid black. See: BlackText
Ghostscript/GhostPDL now supports simple N-up imposition "internally". See: NupControl
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
Full details of above highlights can be found at https://www.ghostscript.com/doc/9.54.0/History9.htm
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Not really sure if a sound support capability is really appropriate for a firewall. I
wouldn't have it. However if it stays as an add-on then it should be up to date.
- Update alsa-lib from 1.0.27.1 (2013) to 1.2.5.1 (2021)
- Update alsa-utils from 1.0.27.1 (2013) to 1.2.5.1 (2021)
- Update alsa-firmware from 1.0.27 (2013) to 1.2.4 (2020)
- Update rootfile
- Changelog is too large to include here. Changes back to 2019-11-20 can be found at
https://www.alsa-project.org/wiki/Main_Page
Earlier changes have to be found from the git commits at
https://github.com/alsa-project/alsa-lib and
https://github.com/alsa-project/alsa-utils
There is no changelog or git commits that I have been able to find for alsa-firmware
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 3.4.3 to 3.4.6
- Update rootfile
- Changelog
Wireshark 3.4.6 Release Notes
What’s New
The Windows installers now ship with Npcap 1.31. They previously
shipped with Npcap 1.10.
The Windows installers now ship with Qt 5.15.2. They previously
shipped with Qt 5.12.1.
Bug Fixes
• wnpa-sec-2021-04[1] DVB-S2-BB dissector infinite loop
The following bugs have been fixed:
• Macro filters can’t handle escaped characters Issue 17160[2].
• Display filter crashes Wireshark Issue 17316[3].
• IEEE-1588 Signalling Unicast TLV incorrectly reported as being
malformed Issue 17355[4].
• IETF QUIC TLS decryption error with extraneous packets during the
handshake Issue 17383[5].
• Statistics → Resolved Addresses: multi-protocol (TCP/UDP/…)
ports not displayed Issue 17395[6].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DNP, DVB-S2-BB, ProtoBuf, PTP, QUIC, RANAP, and TACACS
New and Updated Capture File Support
Ascend, ERF, K12, NetScaler, and pcapng
Wireshark 3.4.5 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-04[1] MS-WSP dissector excessive memory
consumption. Issue 17331[2].
The following bugs have been fixed:
• TShark does not print GeoIP information Issue 14691[3].
• TShark error when piping to "head" Issue 16192[4].
• Parts of ASCII representation in Packet Bytes pane are missing
Issue 17087[5].
• Buildbot crash output: fuzz-2021-02-22-1012761.pcap Issue
17254[6].
• NDPE attribute of NAN packet is not dissected Issue 17278[7].
• TECMP: reserved flag interpreted as part of timestamp Issue
17279[8].
• Master branch does not compile at least with gcc-11 Issue
17281[9].
• DNS IXFR/AXFR multiple response Issue 17293[10].
• File too large Issue 17301[11].
• Build fails with CMake 3.20 Issue 17314[12].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DECT, DNS, EAP, Kerberos, LDAP, MS-WSP, SMB2, Sysdig, TECMP, and WiFi
NAN
New and Updated Capture File Support
pcapng
Wireshark 3.4.4 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-03[1] Wireshark could open unsafe URLs. Issue
17232[2]. CVE-2021-22191[3].
The following bugs have been fixed:
• NTP Version 3 Client Decode PDML output issue (Reference ID
Issue) Issue 17112[4].
• 3.4.2: public wireshark include files are including build time
"config.h" Issue 17190[5].
• wireshark-3.4.3/epan/dissectors/packet-s7comm.c:3521: bad array
index ? Issue 17198[6].
• SIP protocol: P-Called-Party-ID header mixed up with
P-Charge-Info header Issue 17215[7].
• Asterix CAT010 Decode Error Issue 17226[8].
• _ws.expert columns not populated for IPv4 Issue 17228[9].
• Buildbot crash output: fuzz-2021-02-12-1651908.pcap Issue
17233[10].
• gQUIC: Wireshark 3.4.3 fails to dissect a packet (gQUIC q024)
that v3.2.6 succeeds. Issue 17250[11].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ASTERIX, Frame Relay, GQUIC, NTP, NVMe Fabrics RDMA, S7COMM, and SIP
New and Updated Capture File Support
iSeries
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 0.48 (2007) to 5.2 (2011)
Version 5.2 is the last update made to this program
- Update to rootfile
- Changelog
Changes in 5.2:
Fix breakage on newer Linux when a single interface has
multiple IP addresses.
Changes in 5.1:
Add -P option to write a PID file. Patch by Ferenc Wagner.
Bounce the syslog socket in standalone mode, in case the
syslog daemon has been restarted. Patch by Ferenc Wagner.
Build fixes.
Fix handling of block number wraparound after a successful
options negotiation.
Fix a buffer overflow in option parsing.
Changes in 5.0:
Try to on platforms with getaddrinfo() without AI_ADDRCONFIG or
AI_CANONNAME.
Implement the "rollover" option, for clients which want block
number to rollover to anything other than zero.
Correctly disable PMTU in standalone mode. Patch by Florian
Lohoff.
Changes in 0.49:
Add IPv6 support. Patch by Karsten Keil.
Support systems with editline instead of readline.
Support long options in the server.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
we have no supported armv5tel board left so we can switch to the higher
arch. This now can use the vpu (still in softfp calling convention to
not break existing installations.)
this fix many compile problems, also boost is now working again.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 1.3.4 to 1.3.5
- Update rootfile
- Changelog
Version 1.3.5 (2020 June 3)
* Fix unsigned typedef problem on macOS.
* Fix overflow check in ogg_sync_buffer.
* Clean up cmake and autotools build files.
* Remove Symbian and Apple XCode build files.
* Fix documentation cross-reference links.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 0.184 to 0.185
- Update rootfile
- Changelog
Version 0.185
debuginfod-client: Simplify curl handle reuse so downloads which
return an error are retried.
elfcompress: Always exit with code 0 when the operation succeeds (even
when nothing was done). On error the exit code is now always 1.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.20(2009) to 2.33(2020)
- Update rootfile
- Changelog
2.33 -- Wed May 19 11:34:00 MT 2020
* Remove PAX Headers in tarball using GNU tar
2.32 -- Wed Mar 04 14:41:00 MT 2020
* Fix t/date.t to run on leap years [arc]
2.31 -- Thu Jan 16 14:00:00 MT 2020
* Fix year 2020 bug from t/getdate.t [Prajith]
* Fix warnings from t/date.t
* Fix pod issue in lib/Date/Parse.pm
* Fix for French language using English day suffixes in %o [mitchjacksontech]
* RT#84075: Fix Date::Parse::str2time century issue. [perlpilot]
* Adds Occitan language. [Quenty31]
* Migrate GitHub repo and bugtracker to atoomic/perl-TimeDate
2.30 -- Mon Feb 18 13:31:03 CST 2013
* Syncing distribution version number with Date::Parse, not functional changes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 5.8 to 5.9.1
- Update rootfile
- find-dependencies run to check impact of so lib bump
no issues found
- Changelog - for more details on the Many bug fixes for 5.9.1 see the
ChangeLog file in the source tarball
The following is from the CHANGES file in the source tarball
*5.9.1*:
General: Many bug fixes
*5.9*
snmplib:
- Add IPv6 support to DTLSUDP transport
- use new netsnmp_sockaddr_storage in netsnmp_addr_pair
- add base_transport ptr for tunneled transports
- Add support for OpenSSL 1.1.1
- Dtls: overhaul of debug
- Remove inline versions of container funcs
snmpd:
- Use ETHTOOL_GLINKSETTINGS when available Newer Linux kernels
support ETHTOOL_GLINKSETTINGS. Use it when available instead of the
older and deprecated ETHTOOL_GSET. This patch avoids that the Linux
kernel reports the following kernel warning: warning: 'snmpd' uses
legacy ethtool link settings API, link modes are only partially
reported See also https://sourceforge.net/p/net-snmp/patches/1387/.
[bvanassche: reworked this patch significantly]
- Reduce the time needed to execute "pass" scripts on BSD systems See
also https://github.com/net-snmp/net-snmp/issues/8.
- [BUG 2926]: Make it possible to set agentXPingInterval for a
subagent - register agentXPingInterval for the subagent list
handler, before it was registered for snmp - added agentxTimeout to
the subagent list handler. It's now possible to set for snmpd and
the subagent. See 'man snmpd.conf' - added agentxRetries to the
subagent list handler. See 'man snmpd.conf'. It's never used in the
subagent, but it's now following the documentation Signed-off-by:
Anders Wallin <wallinux@gmail.com>
snmptrap:
- BUG: 2899: Patch from Drew Roedersheimer to set library
engineboots/time values before sending
snmptrapd:
- Add support for the latest libmysqlclient version
libsnmp:
- Scan MIB directories in alphabetical order This guarantees that
e.g. mibs/RFC1213-MIB.txt is read before mibs/SNMPv2-MIB.txt. The
order in which these MIBs is read matters because both define
sysLocation but with different attributes.
unspecified:
- [BUG 2930]: Fix a Solaris hrSWInst crash Avoid that snmpd crashes
on Solaris when querying software packages with an empty CATEGORY
field. See also https://sourceforge.net/p/net-snmp/bugs/2930/. See
also https://sourceforge.net/p/net-snmp/patches/1390/.
FreeBSD:
- Fix first byte of IF-MIB::ifPhysAddress Don't write past the
interface name, and use temporary copy instead. This fixes the
first byte of ifPhysAddress always being 0 on FreeBSD. See also
https://sourceforge.net/p/net-snmp/code/merge-requests/20/. [
bvanassche: edited patch title / added test for malloc() result /
reduced number of free(if_name) calls ]
Win32:
- BUG: 2779541 Fixed handle leak in pass_persist.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package seems to be unmaintained for at least five years. It's
(former?) upstream traces back to https://section5.ch/index.php/2011/01/13/dpf-hacking/,
but download links to both dpfhack and a patched version of lcd4linux
point to http://localhost/.
http://tech.section5.ch/files/dpfhack-0.1alpha.tgz still serves
something apparently related to dpfhack, but it is unclear whether that
is a previous version than the "0.12devel" we know about, or a
successor. https://tech.section5.ch/files/dpfhack-0.1alpha.tgz, just to
have it noticed, comes with a X.509 certificate not issued for this
FQDN.
dpfhack is solely needed as a dependancy for lcd4linux, which appears to
be unmaintained as well, hence being dropped in a dedicated patch.
Given the status quo, bugs in dpfhack cannot be reported properly,
security issues won't be addressed (by anybody else then ourselves), and
technical questions cannot be clarified aside a reverse engineering
approach.
We should not allow such an add-on to be installed on a firewall system.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not received any updates or attention within the last
three years. It's sole known upstream URL (https://ssl.bulix.org/projects/lcd4linux/)
returns a HTTP error 404 nowadays, and the author was unable to locate
any upstream source that appears to be still maintained today.
Given the status quo, bugs in lcd4linux cannot be reported properly,
security issues won't be addressed (by anybody else then ourselves), and
technical questions cannot be clarified aside a reverse engineering
approach.
We should not allow such an add-on to be installed on a firewall system.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
These are owned (hence being writable) by "nobody", posing a potential
security risk. Since the files itself were already exluded from being
shipped, their parent directory should be as well.
This patch should reduce the amount of executable files being owned by
nobody to zero after upgrading to Core Update 157. Due to complexity
reasons, not all applications available in Pakfire could be tested,
though, so your mileage may vary.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.2.0 to 2.4.7
- Migrate from python2 to python3
- Move the rootfile from common to packages as pyparsing is an addon
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- python3-setuptools works with python3-daemon but not with
python-m2crypto. m2crypto has to stay with python2 because crda
will not find the python3 version of m2crypto.
- python-m2crypto only works with python-setuptools so both the
python2 and python3 versions of setuptools need to stay in place.
- Therefore this patch only creates python3-setuptools, it does not
remove python-setuptools
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.3.2 to 1.3.3
- Update rootfiles
- Changelog
General:
Fix CPU detection (Janne Hyvärinen).
Switch from unsigned types to uint32_t (erikd).
CppCheck fixes (erikd).
Improve SIMD decoding of 24 bit files (lvqcl).
POWER* amnd POWER9 improvements (Anton Blanchard).
More tests.
FLAC format:
(none)
Ogg FLAC format:
(none)
flac:
When converting to WAV, use WAVEFORMATEXTENSIBLE when bits per
second is not 8 or 16 (erikd).
Fix --output-prefix with input-files in sub-directories (orbea).
metaflac:
(none)
plugins:
(none)
build system:
Cmake support (Vitaliy Kirsanov, evpobr).
Visual Studio updates (Janne Hyvärinen).
Fix for MSVC when UNICODE is enabled (lvqcl).
Fix for OpenBSD/i386 (Christian Weisgerber).
documentation:
(none)
libraries:
(none).
Interface changes:
libFLAC:
(none)
libFLAC++:
(none)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
