mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-24 18:03:06 +02:00
252a5d4d06c4eefd102502a175bbc5264553002f
3763 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
c2cd03024f |
miniupnpc: Required for build of transmission to replace bundled version
- miniupnpc is required for the build of transmiossion but the bundled version was not working properly with version 4.0.6 and we prefer to not use bundled versions. - Only used for the build so rootfile is 100% commented out. No miniupnpc installed on IPFire. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Jonatan Schlag
|
a070e76010 |
Ship Compress/Raw/Zlib.pm
This is needed for the captive portal. This was maybe caused by
|
||
Michael Tremer
|
6ca5fb74ab | Merge branch 'master' into next | ||
|
Michael Tremer
|
17887e69a8 |
suricata: Add a watcher to restart on unexpected termination
This patch adds a watcher process that will restart suricata when it is being killed by SIGKILL (e.g. by the OOM killer) or after a SEGV. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
853e1e41e9 |
curl: Update to version 8.10.0
- Update from vesion 8.9.1 to 8.10.0
- Update of rootfile
- In previous versions if libpsl was not found then the build excluded it. Now it needs
to be explicitly disabled otherwise the build will stop with a warning that it could
not be found.
- Changelog
8.10.0
changes:
o autotools: add `--enable-windows-unicode` option [103]
o curl: --help [option] displays documentation for given cmdline option [19]
o curl: add --skip-existing [54]
o curl: for -O, use "default" as filename when the URL has none [34]
o curl: make --rate accept "number of units" [4]
o curl: make --show-headers the same as --include [6]
o curl: support --dump-header % to direct to stderr [31]
o curl: support embedding a CA bundle and --dump-ca-embed [20]
o curl: support repeated use of the verbose option; -vv etc [35]
o curl: use libuv for parallel transfers with --test-event [82]
o getinfo: add CURLINFO_POSTTRANSFER_TIME_T [87]
o mbedtls: add CURLOPT_TLS13_CIPHERS support [78]
o rustls: add support for setting TLS version and ciphers [113]
o vtls: stop offering alpn http/1.1 for http2-prior-knowledge [53]
o wolfssl: add CURLOPT_TLS13_CIPHERS support [76]
o wolfssl: add support for ssl cert blob / ssl key blob options [50]
bugfixes:
o asyn-thread: stop using GetAddrInfoExW on Windows [241]
o autotools: fix MS-DOS builds [249]
o autotools: fix typo in tests/data target [30]
o aws_sigv4: fix canon order for headers with same prefix [74]
o bearssl: fix setting tls version [203]
o bearssl: improve shutdown handling [45]
o BINDINGS: add zig binding [100]
o build: add `iphlpapi` lib for libssh on Windows [166]
o build: add `poll()` detection for cross-builds [244]
o build: add options to disable SHA-512/256 hash algo [239]
o build: check OS-native IDN first, then libidn2 [223]
o build: delete unused `REQUIRE_LIB_DEPS` [226]
o build: drop unused `NROFF` reference [253]
o build: drop unused feature-detection code for Apple `poll()` [227]
o build: generate `buildinfo.txt` for test logs [256]
o build: improve compiler version detection portability
o build: make `CURL_FORMAT_CURL_OFF_T[U]` work with mingw-w64 <=7.0.0 [207]
o build: silence C4232 MSVC warnings in vcpkg ngtcp2 builds [137]
o build: use -Wno-format-overflow [195]
o buildconf.bat: fix tool_hugehelp.c generation [173]
o cf-socket: fix pollset for listening [179]
o cf-socket: prevent KEEPALIVE_FACTOR being set to 1000 for Windows [185]
o cfilters: send flush [13]
o CHANGES: rename to CHANGES.md, no longer generated [40]
o CI: enable parallel testing in CI builds [18]
o ci: Update actions/upload-artifact digest to 89ef406 [24]
o cmake: `Libs.private` improvements [215]
o cmake: add `CURL_USE_PKGCONFIG` option [138]
o cmake: add Linux CI job, fix pytest with cmake [71]
o cmake: add math library when using wolfssl and ngtcp2 [66]
o cmake: add missing `pkg-config` hints to Find modules [158]
o cmake: add missing version detection to Find modules [170]
o cmake: add rustls [116]
o cmake: add support for versioned symbols option [51]
o cmake: add wolfSSH support [117]
o cmake: allow `pkg-config` in more envs [147]
o cmake: cleanup header paths [59]
o cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP` [231]
o cmake: delete MSVC warning suppression for tests/server [101]
o cmake: detect `nghttp2` via `pkg-config`, enable by default [21]
o cmake: detect and show VCPKG in platform flags [84]
o cmake: distcheck for files in CMake subdir [9]
o cmake: drop custom `CMakeOutput.log`/`CMakeError.log` logs [27]
o cmake: drop libssh CONFIG-style detection [167]
o cmake: drop no-op `tests/data/CMakeLists.txt` [26]
o cmake: drop reference to undefined variable [25]
o cmake: drop unused `HAVE_IDNA_STRERROR` [62]
o cmake: drop unused internal variable [22]
o cmake: exclude tests/http/clients builds by default [110]
o cmake: fix `GSS_VERSION` for Heimdal found via pkg-config [77]
o cmake: fix `pkg-config`-based detection in `FindGSS.cmake` [94]
o cmake: fix and tidy up c-ares builds, enable in more CI jobs [156]
o cmake: fix find rustls [148]
o cmake: fixup linking libgsasl when detected via CMake-native
o cmake: honor custom `CMAKE_UNITY_BUILD_BATCH_SIZE` [163]
o cmake: limit `pkg-config` to UNIX and MSVC+vcpkg by default [188]
o cmake: limit libidn2 `pkg-config` detection to `UNIX` [109]
o cmake: migrate dependency detections to Find modules [183]
o cmake: more small tidy-ups and fixes [80]
o cmake: rename wolfSSL and zstd config variables to uppercase [151]
o cmake: respect cflags/libdirs of native pkg-config detections [175]
o cmake: show CMake platform/compiler flags [63]
o cmake: show warning if libpsl is not found [154]
o cmake: sync code between test/example targets [234]
o cmake: sync up formatting in Find modules [129]
o cmake: TLS 1.3 warning only for bearssl and sectranp [118]
o cmake: update `curl-config.cmake.in` template var list
o cmake: update list of "advanced" variables [119]
o cmake: use numeric comparison for `HAVE_WIN32_WINNT` [69]
o cmdline-opts: language fix for expect100-timeout.md and max-time.md [192]
o configure: delete unused `CURL_DEFINE_UNQUOTED` function [224]
o configure: delete unused `HAVE_OPENSSL3` macro [225]
o configure: delete unused `m4/xc-translit.m4` [114]
o configure: detect AppleIDN [70]
o configure: fail if PSL is not disabled but not found [46]
o configure: fix WinIDN builds targeting old Windows [210]
o configure: remove USE_EXPLICIT_LIB_DEPS [199]
o configure: replace nonportable grep -o with awk [111]
o connect: always prefer ipv6 in IP eyeballing [209]
o connect: limit update IP info [191]
o cookie.md: try to articulate the two different uses this option has [92]
o curl: allow 500MB data URL encode strings [38]
o curl: find curlrc in XDG_CONFIG_HOME without leading dot [186]
o curl: fix --proxy-pinnedpubkey [91]
o curl: fix the -w urle.* variables [153]
o curl: make the progress bar detect terminal width changes [169]
o curl: warn on unsupported SSL options [106]
o Curl_rand_bytes to control env override [17]
o curl_sha512_256: fix symbol collisions with nettle library [131]
o CURLMOPT_SOCKETFUNCTION.md: expand on the easy argument [216]
o CURLOPT_XFERINFOFUNCTION: clarify the callback return codes [141]
o dist: add missing `docs/examples/CMakeLists.txt` [58]
o dist: add missing `FindNettle.cmake` [11]
o dist: add missing `lib/optiontable.pl` [115]
o dist: add missing `test_*.py` scripts [102]
o dist: drop buildconf [65]
o dist: fix reproducible build from release tarball [36]
o dmaketgz: only run 'make distclean' if Makefile exists
o docs/SSLCERTS: rewrite [174]
o docs: add description of effect of --location-trusted on cookie [157]
o docs: document the (weak) random value situation in rustls builds [252]
o docs: fix some examples in man pages
o docs: improve cipher options documentation [159]
o docs: mention "@-" in more places [67]
o docs: remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md [105]
o docs: update CIPHERS.md [140]
o doh-url.md: point out DOH server IP pinning [37]
o doh: remove redundant checks [242]
o easy: fix curl_easy_upkeep for shared connection caches [52]
o escape: allow curl_easy_escape to generate 3*input length output [39]
o FEATURES.md: fix typo [180]
o ftp: always offer line end conversions [219]
o ftp: flush pingpong before response [73]
o getinfo: return zero for unsupported options (when disabled) [189]
o GHA/windows: enable MulitSSL in an MSVC job [2]
o GHA: scan git repository and detect unvetted binary files [3]
o gnutls/wolfssl: improve error message when certificate fails [125]
o gnutls: send all data [230]
o gtls: fix OCSP stapling management [206]
o haproxy: send though next filter [222]
o hash: provide asserts to verify API use [96]
o http/2: simplify eos/blocked handling [90]
o http2+h3 filters: fix ctx init [142]
o http2: fix GOAWAY message sent to server [171]
o http2: improve rate limiting of downloads [33]
o http2: improved upload eos handling [41]
o http3.md: mention how the fallback can be h1 or h2 [194]
o hyper: call Curl_req_set_upload_done() [126]
o idn: more strictly check AppleIDN errors [98]
o idn: support non-UTF-8 input under AppleIDN [99]
o INSTALL.md: MultiSSL and QUIC are mutually exclusive [7]
o KNOWN_BUGS: "special characers" in URL works with aws-sigv4 [81]
o krb5: add Linux/macOS CI tests, fix cmake GSS detection [83]
o krb5: fix `-Wcast-align` [95]
o lib: add eos flag to send methods [14]
o lib: avoid macro collisions between wolfSSL and GnuTLS headers [133]
o lib: convert some debugf()s into traces [8]
o lib: delete stray undefs for `vsnprintf`, `vsprintf` [152]
o lib: fix AIX build issues [112]
o lib: fix building with wolfSSL without DES support [134]
o lib: make SSPI global symbols use Curl_ prefix [251]
o lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name [132]
o lib: remove the final strncpy() calls [240]
o lib: remove use of RANDOM_FILE [235]
o libcurl.def: move from / into lib [238]
o libcurl.pc: add `Cflags.private` [10]
o libcurl.pc: add reference to `libgsasl` [150]
o libcurl/docs: expand on redirect following and secrets to other hosts [85]
o llist: remove direct struct accesses, use only functions [72]
o Makefile.dist: fix `ca-firefox` target [254]
o Makefile.mk: fixup enabling libidn2 [61]
o Makefile: remove 'scripts' duplicate from DIST_SUBDIRS
o maketgz: accept option to include latest commit hash [5]
o maketgz: fix RELEASE-TOOLS.md for daily tarballs [243]
o maketgz: move from / into scripts [237]
o managen: fix superfluous leading blank line in quoted sections [211]
o managen: in man output, remove the leading space from examples [198]
o managen: wordwrap long example lines in ASCII output [143]
o manpage: ensure a maximum width for the text version [75]
o max-filesize.md: mention zero disables the limit [93]
o mbedtls: add more informative logging [162]
o mbedtls: fix setting tls version [200]
o mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL [181]
o mime: avoid inifite loop in client reader [155]
o mk-ca-bundle.pl: include a link to the caextract webpage [68]
o multi: make the "general" list of easy handles a Curl_llist [97]
o multi: on socket callback error, remove socket hash entry nonetheless [149]
o ngtcp2/osslq: remove NULL pointer dereferences [213]
o ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks [79]
o openssl quic: fix memory leak [229]
o openssl: certinfo errors now fail correctly [250]
o openssl: fix the data race when sharing an SSL session between threads [221]
o openssl: improve shutdown handling [44]
o pingpong: drain the input buffer when reading responses [193]
o POP3: fix multi-line responses [168]
o pop3: use the protocol handler ->write_resp [220]
o printf: fix mingw-w64 format checks [228]
o progress: ratelimit/progress tweaks [32]
o pytests: add tests for HEAD requests in all HTTP versions [42]
o rand: only provide weak random when needed [233]
o runtests: if DISABLED cannot be read, error out [56]
o runtests: log ignored but passed tests [130]
o runtests: remove "has_textaware" [217]
o rustls: fix setting tls version [202]
o rustls: make all tests pass [1]
o schannel: avoid malloc for CAinfo_blob_digest [247]
o scorecard: tweak request measurements [139]
o sectransp: fix setting tls version [204]
o SECURITY: mention OpenSSF best practices gold badge [161]
o setopt: allow CURLOPT_INTERFACE to be set to NULL [165]
o setopt: let CURLOPT_ECH set to NULL reset to default [187]
o setopt: make CURLOPT_TFTP_BLKSIZE accept bad values [184]
o sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL [135]
o share: don't reinitialize conncache [214]
o sigpipe: init the struct so that first apply ignores [49]
o smb: convert superflous assign into assert [246]
o smtp: add tracing feature [120]
o splay: use access functions, add asserts, use Curl_timediff [121]
o spnego_gssapi: implement TLS channel bindings for openssl [146]
o src: delete `curlx_m*printf()` aliases [197]
o src: fix potential macro confusion in cmake unity builds [208]
o src: namespace symbols clashing with lib [248]
o src: replace copy of printf mappings with an include [190]
o ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) [177]
o system_win32: fix typo
o test httpd: tweak cipher list [124]
o test1521: verify setting options to NULL better [182]
o test1707: output diff more for debugging differences in CI outputs
o test556: improve robustness [64]
o test579: improve robustness [60]
o test587: improve robustness [123]
o test649: improve robustness [122]
o test677: improve robustness [47]
o tests/runner: only allow [!A-Za-z0-9_-] in %if feature names [55]
o tests: constrain http pytest to tests/http directory [205]
o tests: don't mangle output if hostname or type unknown
o tests: ignore QUIT from FTP protocol comparisons [108]
o tests: provide docs as curldown, not nroff [12]
o tidy-up: misc build, tests, `lib/macos.c` [172]
o tidy-up: OS names [57]
o tool_operhlp: fix "potentially uninitialized local variable 'pc' used" [48]
o tool_paramhlp: bump maximum post data size in memory to 16GB [128]
o transfer: Curl_sendrecv() and event related improvements [164]
o transfer: remove comments, add asserts [218]
o transfer: skip EOS read when download done [196]
o url: dns_entry related improvements [16]
o url: fix connection reuse for HTTP/2 upgrades [236]
o urlapi: verify URL *decoded* hostname when set [160]
o urldata: introduce `data->mid`, a unique identifier inside a multi [127]
o urldata: remove 'scratch' from the UrlState struct [86]
o urldata: remove crlf_conversions counter [232]
o urldata: remove proxy_connect_closed bit [178]
o verify-release: shell script that verifies a release tarball [29]
o version: fix shadowing a `libssh.h` symbol [176]
o vtls: add SSLSUPP_CIPHER_LIST [107]
o vtls: fix MSVC 'cast truncates constant value' warning [23]
o vtls: fix static function name collisions between TLS backends [136]
o vtls: init ssl peer only once [15]
o websocket: introduce blocking sends [145]
o wolfssl: avoid taking cached x509 store ref if sslctx already using it [88]
o wolfssl: fix CURLOPT_SSLVERSION [144]
o wolfssl: fix setting tls version [201]
o wolfssl: improve shutdown handling [43]
o ws: flags to opcodes should ignore CURLWS_CONT flag [104]
o x509asn1: raise size limit for x509 certification information [28]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
8ce034f7d2 |
core189: Ship libfdt (from dtc)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Peter Müller
|
578b22e4d7 |
apr: Update to 1.7.5
Full changelog of this release:
*) SECURITY: CVE-2023-49582: Apache Portable Runtime (APR):
Unexpected lax shared memory permissions (cve.mitre.org)
Lax permissions set by the Apache Portable Runtime library on
Unix platforms would allow local users read access to named
shared memory segments, potentially revealing sensitive
application data.
This issue does not affect non-Unix platforms, or builds with
APR_USE_SHMEM_SHMGET=1 (apr.h)
Users are recommended to upgrade to APR version 1.7.5, which
fixes this issue.
Credits: Thomas Stangner
*) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()"
and "classic mmap" shared memory implementations. [Joe Orton,
Ruediger Pluem]
*) Fix missing ';' for XML/HTML hex entities from apr_escape_entity().
[Yann Ylavic]
*) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner.
[Yann Ylavic]
*) Improve platform detection by updating config.guess and config.sub.
[Rainer Jung]
*) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov]
*) CMake: Enable support for MSVC runtime library selection by abstraction.
[Ivan Zhakov]
*) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1)
to apr:: namespace. [Ivan Zhakov]
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
5b75ddfff2 |
collectd: Fixes bug-13074, create collectd.d directory
- As requested in bug 13074, create a collectd.d directory to enable any addon definitions to be created. - Added include statement in conf file to load everything that is stored in the collectd.d directory. - collectd.precache and collectd.thermal have been left in their original locations - Removed the arm section in the initscript as only aarch64 is now used. - Modified the lfs to create the collectd.d directory - Removal of collectd.custom file as this was the previous way to define custom collectd profiles but would have been overwritten by any update of collectd. - Update of rootfile to take account of new path and removal of collectd.custom - Tested out in vm testbed with Core Update 188 and all existing graphs were still created and updated. From my evaluation the changes have not affected anything. - The creation of the collectd.d directory now allows users to add their own desired profiles but also if it is decided that an addon should be included in the processes graph, or if a new graph for addons is created then profiles for that addon can be placed in the collectd.d directory and will be automatically included by collectd. Fixes: Bug13074 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
0953f7f0ea |
logwatch: Fixes bug13762 - ssh logins not shown on Log Summary page
- Due to the update of openssh to version 9.8 in CU187, logwatch no longer found the sshd login data from the messages log as the daemon was changed to sshd-session. - Therefore the daily logwatch files were missing the sshd information in them. - A patch to add support for openssh-9.8 sshd-session and port info has been merged into the logwatch git system and will be included into the next released version of logwatch - Update logwatch from version 7.8 to 7.11 and add patch for openssh-9.8 support. - Update the previous three logwatch patches for version 7.11 - Tested on my vm testbed. Confirmed that logwatch now includes back the sshd information into the Log Summary page. - When logwatch is updated to version 7.12 then the openssh-9.8 support patch will be able to be removed. Fixes: bug13762 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
429901b419 |
nettle: Update to version 3.10
- Update from version 3.9 to 3.10
- Update of rootfile
- Changelog
3.10
This is a maintenance release, including a few each of bug
fixes, new features and optimizations.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.9 and libhogweed.so.6.9, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Add missing hash functions sha512_224 and sha512_256 to the
nettle_get_hashes() list. The name values in the
corresponding nettle_hash structs also changed to use
underscore instead of dash, for consistency.
* Fix a few cases of formally undefined calls to memcpy(dst,
NULL, 0), resulting from valid calls to, e.g.,
sha256_update(ctx, 0, NULL).
New features:
* Support RSA-OAEP encryption. Contributed by Nicolas Mora and
Daiki Ueno.
* New function sha3_256_shake_output, new functions
sha3_128_init, sha3_128_update, sha3_128_shake,
sha3_128_shake_output. Contributed by Daiki Ueno.
* Added DRBG-CTR with AES256, contributed by Simon Josefsson.
Optimizations:
* New combined gcm-aes assembly for powerpc64, contributed by
Danny Tsen.
* New sha256 assembly for powerpc64, contributed by Eric
Richter.
* Improved performance for powerpc64 AES decrypt, by skipping
subkey transformations that don't suit the vncipher
instructions.
* Add arm64 CPU feature detection for Android and for Apple systems,
contributed by Foolbar and Tim Kosse, prespectively.
Miscellaneous:
* New tests for side-channel silence, based on valgrind.
* Delete all md5 assembly code. Delete all sparc32 assembly code.
3.9.1
This is a bugfix release, fixing a few bugs reported for
Nettle-3.9. The bug in the new OCB code may be exploitable for
denial of service or worse, since triggering it leads to
memory corruption. Upgrading from Nettle-3.9 to the new
version is strongly recommended.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.8 and libhogweed.so.6.8, with sonames
libnettle.so.8 and libhogweed.so.6.
Bug fixes:
* Fix OCB loop for processing messages of size 272 bytes or
larger. Reported and fixed by Jussi Kivilinna.
* Fix alignment bug in the new x86_64 non-pclmul assembly
implementation of ghash. Reported by Henrik Grubbström.
* Fix build-time memory leak in eccdata. Reported by Noah
Watkins.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
4996d46902 |
libpng: Update to version 1.6.44
- Update from version 1.6.42 to 1.6.44
- Update of rootfile
- Changelog
1.6.44
Hardened calculations in chroma handling to prevent overflows, and
relaxed a constraint in cHRM validation to accomodate the standard
ACES AP1 set of color primaries.
(Contributed by John Bowler)
Removed the ASM implementation of ARM Neon optimizations and updated
the build accordingly. Only the remaining C implementation shall be
used from now on, thus ensuring the support of the PAC/BTI security
features on ARM64.
(Contributed by Ross Burton and John Bowler)
Fixed the pickup of the PNG_HARDWARE_OPTIMIZATIONS option in the
CMake build on FreeBSD/amd64. This is an important performance fix
on this platform.
Applied various fixes and improvements to the CMake build.
(Contributed by Eric Riff, Benjamin Buch and Erik Scholz)
Added fuzzing targets for the simplified read API.
(Contributed by Mikhail Khachayants)
Fixed a build error involving pngtest.c under a custom config.
This was a regression introduced in a code cleanup in libpng-1.6.43.
(Contributed by Ben Wagner)
Fixed and improved the config files for AppVeyor CI and Travis CI.
1.6.43
Fixed the row width check in png_check_IHDR().
This corrected a bug that was specific to the 16-bit platforms,
and removed a spurious compiler warning from the 64-bit builds.
(Reported by Jacek Caban; fixed by John Bowler)
Added eXIf chunk support to the push-mode reader in pngpread.c.
(Contributed by Chris Blume)
Added contrib/pngexif for the benefit of the users who would like
to inspect the content of eXIf chunks.
Added contrib/conftest/basic.dfa, a basic build-time configuration.
(Contributed by John Bowler)
Fixed a preprocessor condition in pngread.c that broke build-time
configurations like contrib/conftest/pngcp.dfa.
(Contributed by John Bowler)
Added CMake build support for LoongArch LSX.
(Contributed by GuXiWei)
Fixed a CMake build error that occurred under a peculiar state of the
dependency tree. This was a regression introduced in libpng-1.6.41.
(Contributed by Dan Rosser)
Marked the installed libpng headers as system headers in CMake.
(Contributed by Benjamin Buch)
Updated the build support for RISCOS.
(Contributed by Cameron Cawley)
Updated the makefiles to allow cross-platform builds to initialize
conventional make variables like AR and ARFLAGS.
Added various improvements to the CI scripts in areas like version
consistency verification and text linting.
Added version consistency verification to pngtest.c also.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d70b66e7a6 |
perl-Digest-HMAC: removal of module as it is now in the perl core modules
- Used in install-ipfire.sh script that is run by the install of vdradmin. - With the old separate module removed vdradmin still successfully built and installed. Fixes: bug13640 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
008eca2c2f |
perl-Compress-Zlib: removal of module as it is now in the perl core modules
- Used in install-ipfire.sh script that is run by the install of vdradmin. - With the old separate module removed vdradmin still successfully built and installed. Fixes: bug13640 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
74a8183c59 |
perl-Digest-SHA1: removal of module as it is now in the perl core modules
- Not referenced in the IPFire git repo so looks like not actively used Fixes: bug13640 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
f2ea63f467 |
perl-Digest: removal of module as it is now in the perl core modules
- Not referenced in the IPFire git repo so looks like not actively used Fixes: bug13640 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
1a5c1c9032 |
perl-Archive-Tar: removal of module as it is now in the perl core modules
- Not referenced in the IPFire git repo so looks like not actively used Fixes: bug13640 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
d3ad8411a6 |
protobuf: Update to version 28.1
- Update from version 25.2 to 28.1 - Update of rootfile - Changelog is too large to include here. Details can be found at https://github.com/protocolbuffers/protobuf/releases Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
afa503e9a7 |
liburcu: Update to version 0.14.1
- Update from version 0.14.0 to 0.14.1
- Update of rootfile
- Changelog
0.14.1
* Fix: missing typename in URCU_FORCE_CAST
* Allow building with GCC >= 13.3 on RISC-V
* pointer.h: Fix the rcu_cmpxchg_pointer documentation
* Adjust shell script to allow Bash in other locations
* fix: handle EINTR correctly in get_cpu_mask_from_sysfs
* Relicense src/compat-smp.h to MIT
* ppc.h: use mftb on ppc
* Fix: allow clang to build liburcu on RISC-V
* Fix -Walloc-size
* urcu/uatomic/riscv: Mark RISC-V as broken
* Fix: urcu-bp: misaligned reader accesses
* LoongArch: Document that byte and short atomics are implemented with LL/SC
* Add LoongArch support
* tests/regression/rcutorture: Add wait state
* urcu-wait: Initialize node in URCU_WAIT_NODE_INIT
* Fix: urcu-wait: add missing futex.h include
* Adjust shell scripts to allow Bash in other locations
* Add support for OpenBSD
* Revert "compiler.h: Introduce caa_unqual_scalar_typeof"
* rculfhash: Use caa_container_of_check_null in cds_lfht_entry
* compiler.h: Introduce caa_container_of_check_null
* compiler.h: Introduce caa_unqual_scalar_typeof
* Avoid calling caa_container_of on NULL pointer in cds_lfht macros
* Fix: revise urcu_read_lock_update() comment
* Fix: uatomic powerpc comment about lwsync
* fix: aarch64: allow RHEL7 gcc 4.8.5-11
* fix: warning 'noreturn' function does return on ppc
* Fix: use __noreturn__ for C11-compatibility
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
905f98a3f5 |
curl: Update to version 8.10.0
- Update from vesion 8.9.1 to 8.10.0
- Update of rootfile
- In previous versions if libpsl was not found then the build excluded it. Now it needs
to be explicitly disabled otherwise the build will stop with a warning that it could
not be found.
- Changelog
8.10.0
changes:
o autotools: add `--enable-windows-unicode` option [103]
o curl: --help [option] displays documentation for given cmdline option [19]
o curl: add --skip-existing [54]
o curl: for -O, use "default" as filename when the URL has none [34]
o curl: make --rate accept "number of units" [4]
o curl: make --show-headers the same as --include [6]
o curl: support --dump-header % to direct to stderr [31]
o curl: support embedding a CA bundle and --dump-ca-embed [20]
o curl: support repeated use of the verbose option; -vv etc [35]
o curl: use libuv for parallel transfers with --test-event [82]
o getinfo: add CURLINFO_POSTTRANSFER_TIME_T [87]
o mbedtls: add CURLOPT_TLS13_CIPHERS support [78]
o rustls: add support for setting TLS version and ciphers [113]
o vtls: stop offering alpn http/1.1 for http2-prior-knowledge [53]
o wolfssl: add CURLOPT_TLS13_CIPHERS support [76]
o wolfssl: add support for ssl cert blob / ssl key blob options [50]
bugfixes:
o asyn-thread: stop using GetAddrInfoExW on Windows [241]
o autotools: fix MS-DOS builds [249]
o autotools: fix typo in tests/data target [30]
o aws_sigv4: fix canon order for headers with same prefix [74]
o bearssl: fix setting tls version [203]
o bearssl: improve shutdown handling [45]
o BINDINGS: add zig binding [100]
o build: add `iphlpapi` lib for libssh on Windows [166]
o build: add `poll()` detection for cross-builds [244]
o build: add options to disable SHA-512/256 hash algo [239]
o build: check OS-native IDN first, then libidn2 [223]
o build: delete unused `REQUIRE_LIB_DEPS` [226]
o build: drop unused `NROFF` reference [253]
o build: drop unused feature-detection code for Apple `poll()` [227]
o build: generate `buildinfo.txt` for test logs [256]
o build: improve compiler version detection portability
o build: make `CURL_FORMAT_CURL_OFF_T[U]` work with mingw-w64 <=7.0.0 [207]
o build: silence C4232 MSVC warnings in vcpkg ngtcp2 builds [137]
o build: use -Wno-format-overflow [195]
o buildconf.bat: fix tool_hugehelp.c generation [173]
o cf-socket: fix pollset for listening [179]
o cf-socket: prevent KEEPALIVE_FACTOR being set to 1000 for Windows [185]
o cfilters: send flush [13]
o CHANGES: rename to CHANGES.md, no longer generated [40]
o CI: enable parallel testing in CI builds [18]
o ci: Update actions/upload-artifact digest to 89ef406 [24]
o cmake: `Libs.private` improvements [215]
o cmake: add `CURL_USE_PKGCONFIG` option [138]
o cmake: add Linux CI job, fix pytest with cmake [71]
o cmake: add math library when using wolfssl and ngtcp2 [66]
o cmake: add missing `pkg-config` hints to Find modules [158]
o cmake: add missing version detection to Find modules [170]
o cmake: add rustls [116]
o cmake: add support for versioned symbols option [51]
o cmake: add wolfSSH support [117]
o cmake: allow `pkg-config` in more envs [147]
o cmake: cleanup header paths [59]
o cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP` [231]
o cmake: delete MSVC warning suppression for tests/server [101]
o cmake: detect `nghttp2` via `pkg-config`, enable by default [21]
o cmake: detect and show VCPKG in platform flags [84]
o cmake: distcheck for files in CMake subdir [9]
o cmake: drop custom `CMakeOutput.log`/`CMakeError.log` logs [27]
o cmake: drop libssh CONFIG-style detection [167]
o cmake: drop no-op `tests/data/CMakeLists.txt` [26]
o cmake: drop reference to undefined variable [25]
o cmake: drop unused `HAVE_IDNA_STRERROR` [62]
o cmake: drop unused internal variable [22]
o cmake: exclude tests/http/clients builds by default [110]
o cmake: fix `GSS_VERSION` for Heimdal found via pkg-config [77]
o cmake: fix `pkg-config`-based detection in `FindGSS.cmake` [94]
o cmake: fix and tidy up c-ares builds, enable in more CI jobs [156]
o cmake: fix find rustls [148]
o cmake: fixup linking libgsasl when detected via CMake-native
o cmake: honor custom `CMAKE_UNITY_BUILD_BATCH_SIZE` [163]
o cmake: limit `pkg-config` to UNIX and MSVC+vcpkg by default [188]
o cmake: limit libidn2 `pkg-config` detection to `UNIX` [109]
o cmake: migrate dependency detections to Find modules [183]
o cmake: more small tidy-ups and fixes [80]
o cmake: rename wolfSSL and zstd config variables to uppercase [151]
o cmake: respect cflags/libdirs of native pkg-config detections [175]
o cmake: show CMake platform/compiler flags [63]
o cmake: show warning if libpsl is not found [154]
o cmake: sync code between test/example targets [234]
o cmake: sync up formatting in Find modules [129]
o cmake: TLS 1.3 warning only for bearssl and sectranp [118]
o cmake: update `curl-config.cmake.in` template var list
o cmake: update list of "advanced" variables [119]
o cmake: use numeric comparison for `HAVE_WIN32_WINNT` [69]
o cmdline-opts: language fix for expect100-timeout.md and max-time.md [192]
o configure: delete unused `CURL_DEFINE_UNQUOTED` function [224]
o configure: delete unused `HAVE_OPENSSL3` macro [225]
o configure: delete unused `m4/xc-translit.m4` [114]
o configure: detect AppleIDN [70]
o configure: fail if PSL is not disabled but not found [46]
o configure: fix WinIDN builds targeting old Windows [210]
o configure: remove USE_EXPLICIT_LIB_DEPS [199]
o configure: replace nonportable grep -o with awk [111]
o connect: always prefer ipv6 in IP eyeballing [209]
o connect: limit update IP info [191]
o cookie.md: try to articulate the two different uses this option has [92]
o curl: allow 500MB data URL encode strings [38]
o curl: find curlrc in XDG_CONFIG_HOME without leading dot [186]
o curl: fix --proxy-pinnedpubkey [91]
o curl: fix the -w urle.* variables [153]
o curl: make the progress bar detect terminal width changes [169]
o curl: warn on unsupported SSL options [106]
o Curl_rand_bytes to control env override [17]
o curl_sha512_256: fix symbol collisions with nettle library [131]
o CURLMOPT_SOCKETFUNCTION.md: expand on the easy argument [216]
o CURLOPT_XFERINFOFUNCTION: clarify the callback return codes [141]
o dist: add missing `docs/examples/CMakeLists.txt` [58]
o dist: add missing `FindNettle.cmake` [11]
o dist: add missing `lib/optiontable.pl` [115]
o dist: add missing `test_*.py` scripts [102]
o dist: drop buildconf [65]
o dist: fix reproducible build from release tarball [36]
o dmaketgz: only run 'make distclean' if Makefile exists
o docs/SSLCERTS: rewrite [174]
o docs: add description of effect of --location-trusted on cookie [157]
o docs: document the (weak) random value situation in rustls builds [252]
o docs: fix some examples in man pages
o docs: improve cipher options documentation [159]
o docs: mention "@-" in more places [67]
o docs: remove ALTSVC.md, HSTS.md, HTTP2.md and PARALLEL-TRANSFERS.md [105]
o docs: update CIPHERS.md [140]
o doh-url.md: point out DOH server IP pinning [37]
o doh: remove redundant checks [242]
o easy: fix curl_easy_upkeep for shared connection caches [52]
o escape: allow curl_easy_escape to generate 3*input length output [39]
o FEATURES.md: fix typo [180]
o ftp: always offer line end conversions [219]
o ftp: flush pingpong before response [73]
o getinfo: return zero for unsupported options (when disabled) [189]
o GHA/windows: enable MulitSSL in an MSVC job [2]
o GHA: scan git repository and detect unvetted binary files [3]
o gnutls/wolfssl: improve error message when certificate fails [125]
o gnutls: send all data [230]
o gtls: fix OCSP stapling management [206]
o haproxy: send though next filter [222]
o hash: provide asserts to verify API use [96]
o http/2: simplify eos/blocked handling [90]
o http2+h3 filters: fix ctx init [142]
o http2: fix GOAWAY message sent to server [171]
o http2: improve rate limiting of downloads [33]
o http2: improved upload eos handling [41]
o http3.md: mention how the fallback can be h1 or h2 [194]
o hyper: call Curl_req_set_upload_done() [126]
o idn: more strictly check AppleIDN errors [98]
o idn: support non-UTF-8 input under AppleIDN [99]
o INSTALL.md: MultiSSL and QUIC are mutually exclusive [7]
o KNOWN_BUGS: "special characers" in URL works with aws-sigv4 [81]
o krb5: add Linux/macOS CI tests, fix cmake GSS detection [83]
o krb5: fix `-Wcast-align` [95]
o lib: add eos flag to send methods [14]
o lib: avoid macro collisions between wolfSSL and GnuTLS headers [133]
o lib: convert some debugf()s into traces [8]
o lib: delete stray undefs for `vsnprintf`, `vsprintf` [152]
o lib: fix AIX build issues [112]
o lib: fix building with wolfSSL without DES support [134]
o lib: make SSPI global symbols use Curl_ prefix [251]
o lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed name [132]
o lib: remove the final strncpy() calls [240]
o lib: remove use of RANDOM_FILE [235]
o libcurl.def: move from / into lib [238]
o libcurl.pc: add `Cflags.private` [10]
o libcurl.pc: add reference to `libgsasl` [150]
o libcurl/docs: expand on redirect following and secrets to other hosts [85]
o llist: remove direct struct accesses, use only functions [72]
o Makefile.dist: fix `ca-firefox` target [254]
o Makefile.mk: fixup enabling libidn2 [61]
o Makefile: remove 'scripts' duplicate from DIST_SUBDIRS
o maketgz: accept option to include latest commit hash [5]
o maketgz: fix RELEASE-TOOLS.md for daily tarballs [243]
o maketgz: move from / into scripts [237]
o managen: fix superfluous leading blank line in quoted sections [211]
o managen: in man output, remove the leading space from examples [198]
o managen: wordwrap long example lines in ASCII output [143]
o manpage: ensure a maximum width for the text version [75]
o max-filesize.md: mention zero disables the limit [93]
o mbedtls: add more informative logging [162]
o mbedtls: fix setting tls version [200]
o mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL [181]
o mime: avoid inifite loop in client reader [155]
o mk-ca-bundle.pl: include a link to the caextract webpage [68]
o multi: make the "general" list of easy handles a Curl_llist [97]
o multi: on socket callback error, remove socket hash entry nonetheless [149]
o ngtcp2/osslq: remove NULL pointer dereferences [213]
o ngtcp2: use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks [79]
o openssl quic: fix memory leak [229]
o openssl: certinfo errors now fail correctly [250]
o openssl: fix the data race when sharing an SSL session between threads [221]
o openssl: improve shutdown handling [44]
o pingpong: drain the input buffer when reading responses [193]
o POP3: fix multi-line responses [168]
o pop3: use the protocol handler ->write_resp [220]
o printf: fix mingw-w64 format checks [228]
o progress: ratelimit/progress tweaks [32]
o pytests: add tests for HEAD requests in all HTTP versions [42]
o rand: only provide weak random when needed [233]
o runtests: if DISABLED cannot be read, error out [56]
o runtests: log ignored but passed tests [130]
o runtests: remove "has_textaware" [217]
o rustls: fix setting tls version [202]
o rustls: make all tests pass [1]
o schannel: avoid malloc for CAinfo_blob_digest [247]
o scorecard: tweak request measurements [139]
o sectransp: fix setting tls version [204]
o SECURITY: mention OpenSSF best practices gold badge [161]
o setopt: allow CURLOPT_INTERFACE to be set to NULL [165]
o setopt: let CURLOPT_ECH set to NULL reset to default [187]
o setopt: make CURLOPT_TFTP_BLKSIZE accept bad values [184]
o sha256: fix symbol collision between nettle (GnuTLS) and OpenSSL [135]
o share: don't reinitialize conncache [214]
o sigpipe: init the struct so that first apply ignores [49]
o smb: convert superflous assign into assert [246]
o smtp: add tracing feature [120]
o splay: use access functions, add asserts, use Curl_timediff [121]
o spnego_gssapi: implement TLS channel bindings for openssl [146]
o src: delete `curlx_m*printf()` aliases [197]
o src: fix potential macro confusion in cmake unity builds [208]
o src: namespace symbols clashing with lib [248]
o src: replace copy of printf mappings with an include [190]
o ssh: deduplicate SSH backend includes (and fix libssh cmake unity build) [177]
o system_win32: fix typo
o test httpd: tweak cipher list [124]
o test1521: verify setting options to NULL better [182]
o test1707: output diff more for debugging differences in CI outputs
o test556: improve robustness [64]
o test579: improve robustness [60]
o test587: improve robustness [123]
o test649: improve robustness [122]
o test677: improve robustness [47]
o tests/runner: only allow [!A-Za-z0-9_-] in %if feature names [55]
o tests: constrain http pytest to tests/http directory [205]
o tests: don't mangle output if hostname or type unknown
o tests: ignore QUIT from FTP protocol comparisons [108]
o tests: provide docs as curldown, not nroff [12]
o tidy-up: misc build, tests, `lib/macos.c` [172]
o tidy-up: OS names [57]
o tool_operhlp: fix "potentially uninitialized local variable 'pc' used" [48]
o tool_paramhlp: bump maximum post data size in memory to 16GB [128]
o transfer: Curl_sendrecv() and event related improvements [164]
o transfer: remove comments, add asserts [218]
o transfer: skip EOS read when download done [196]
o url: dns_entry related improvements [16]
o url: fix connection reuse for HTTP/2 upgrades [236]
o urlapi: verify URL *decoded* hostname when set [160]
o urldata: introduce `data->mid`, a unique identifier inside a multi [127]
o urldata: remove 'scratch' from the UrlState struct [86]
o urldata: remove crlf_conversions counter [232]
o urldata: remove proxy_connect_closed bit [178]
o verify-release: shell script that verifies a release tarball [29]
o version: fix shadowing a `libssh.h` symbol [176]
o vtls: add SSLSUPP_CIPHER_LIST [107]
o vtls: fix MSVC 'cast truncates constant value' warning [23]
o vtls: fix static function name collisions between TLS backends [136]
o vtls: init ssl peer only once [15]
o websocket: introduce blocking sends [145]
o wolfssl: avoid taking cached x509 store ref if sslctx already using it [88]
o wolfssl: fix CURLOPT_SSLVERSION [144]
o wolfssl: fix setting tls version [201]
o wolfssl: improve shutdown handling [43]
o ws: flags to opcodes should ignore CURLWS_CONT flag [104]
o x509asn1: raise size limit for x509 certification information [28]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
ac50fd4bf9 |
sudo: Update to version 1.9.16
- Update from version 1.9.15p5 to 1.9.16
- Update of rootfile
- Changelog
1.9.16
* Added the "cmddenial_message" sudoers option to provide additional
information to the user when a command is denied by the sudoers
policy. The default message is still displayed.
* The time stamp used for file-based logs is now more consistent
with the time stamp produced by syslog. GitHub issues #327.
* Sudo will now warn the user if it can detect the user's terminal
but cannot determine the path to the terminal device. The sudoers
time stamp file will now use the terminal device number directly.
GitHub issue #329.
* The embedded copy of zlib has been updated to version 1.3.1.
* Improved error handling if generating the list of signals and signal
names fails at build time.
* Fixed a compilation issue on Linux systems without process_vm_readv().
* Fixed cross-compilation with WolfSSL.
* Added a "json_compact" value for the sudoers "log_format" option
which can be used when logging to a file. The existing "json"
value has been aliased to "json_pretty". In a future release,
"json" will be an alias for "json_compact". GitHub issue #357.
* A new "pam_silent" sudoers option has been added which may be
negated to avoid suppressing output from PAM authentication modules.
GitHub issue #216.
* Fixed several cvtsudoers JSON output problems.
GitHub issues #369, #370, #371, #373, #381.
* When sudo runs a command in a pseudo-terminal and the user's
terminal is revoked, the pseudo-terminal's foreground process
group will now receive SIGHUP before the terminal is revoked.
This emulates the behavior of the session leader exiting and is
consistent with what happens when, for example, an ssh session
is closed. GitHub issue #367.
* Fixed "make test" with Python 3.12. GitHub issue #374.
* In schema.ActiveDirectory, fixed the quoting in the example command.
GitHub issue #376.
* Paths specified via a Chdir_Spec or Chroot_Spec in sudoers may
now be double-quoted.
* Sudo insults are now included by default, but disabled unless
the --with-insults configure option is specified or the "insults"
sudoers option is enabled.
* The default sudoers file now enables the "secure_path" option by
default and preserves the EDITOR, VISUAL, and SUDO_EDITOR environment
variables when running visudo. The new --with-secure-path-value
configure option can be used to set the value of "secure_path" in
the default sudoers file. GitHub issue #387.
* A sudoers schema for IBM Directory Server (aka IBM Tivoli Directory
Server, IBM Security Directory Server, and IBM Security Verify
Directory) is now included.
* When cross-compiling sudo, the configure script now assumes that
the snprintf() function is C99-compliant if the C compiler
supports the C99 standard. Previously, configure would use
sudo's own snprintf() when cross-compiling. GitHub issue #386.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
dbaba25987 |
expat: Update to version 2.6.3
- Update from version 2.6.2 to 2.6.3
- Update of rootfile
- 3 CVE Fixes in this release.
- Changelog
2.6.3
Security fixes:
#887 #890 CVE-2024-45490 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
#888 #891 CVE-2024-45491 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
#889 #892 CVE-2024-45492 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
Other changes:
#851 #879 Autotools: Sync CMake templates with CMake 3.28
#853 Autotools: Always provide path to find(1) for portability
#861 Autotools: Ensure that the m4 directory always exists.
#870 Autotools: Simplify handling of SIZEOF_VOID_P
#869 Autotools: Support non-GNU sed
#856 Autotools|CMake: Fix main() to main(void)
#865 Autotools|CMake: Fix compile tests for HAVE_SYSCALL_GETRANDOM
#863 Autotools|CMake: Stop requiring dos2unix
#854 #855 CMake: Fix check for symbols size_t and off_t
#864 docs|tests: Convert README to Markdown and update
#741 Windows: Drop support for Visual Studio <=15.0/2017
#886 Drop needless XML_DTD guards around is_param access
#885 Fix typo in a code comment
#894 #896 Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
for what these numbers do
Infrastructure:
#880 Readme: Promote the call for help
#868 CI: Fix various issues
#849 CI: Allow triggering GitHub Actions workflows manually
#851 #872 ..
#873 #879 CI: Adapt to breaking changes in GitHub Actions
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
82c9e495d5 |
dtc: update to version 1.7.1 and move to before qemu build
- Update from version 1.6.1 to 1.7.1
- Move to before qemu build as it now requires a system libfdt for build as the bundled
version has been removed.
- Change HOME= to HOME=/usr so that the include files are placed in /usr/include which
is where qemu is looking for them when it checks that libfdt is available.
- Update disable_Werror patch to take account of differences in the source tarball
- Update of architectures from only aarch64 to all.
- Move rootfile from common/aarch64 to common/
- The previous fdt python files were commented out, hence not used at runtime and are
not needed at buildtime. From 9.0.1 onwards they require swig and python to be built
but as they are not needed there was no point to move swig to before dtc
- Changelog
1.7.1
* dtc
* Fix -Oasm output on PA-RISC by avoiding ';' separators
* Put symbolic label references in -Odts output when possible
* Add label relative path references
* Don't incorrectly attempt to create fixups for reference to path
in overlays
* Warning rather than hard error if integer expression results are
truncated due to cell size
* libfdt
* Add fdt_get_property_by_offset_w() function
* pylibfdt
* Fixed to work with Python 3.10
* A number of extra methods
* Fix out of tree build
* fdtget
* Add raw bytes output mode
* General
* Fixes for mixed-signedness comparison warnings
* Assorted other warning fixes
* Assorted updates to checks
* Assorted bugfixes
* Fix scripts to work with dash as well as bash
* Allow static builds
* Formalize Signed-off-by usage
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
4aba01cbc8 |
binutils: Update rootfile for riscv64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
eb8b141b63 |
binutils: Fix rootfile for aarch64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
441666f33b |
linux-firmware: Update to version 20240811
- Update from version 20231030 to 20240811 - Update of rootfile - Rootfile reviewed and modified as per steps outlined by @Peter Müller - AMD have issued firmware fixes for processors affected by the SinkClose vulnerability. I don't know if they are in this version already or not but I will check for any new updates periodically. Worth having the fixes just in case even though the likelyhood is that those processors more likely to be used for IPFire (Ryzen 1000, 2000 & 3000) will not be getting the fixes generated and provided. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
33ee3958de |
Revert "rust: Update to version 1.80.1"
This reverts commit |
||
|
Adolf Belka
|
8814ec11f0 |
ruby: Update to version 3.3.4
- Update from version 3.3.3 to 3.3.4
- Update of all rootfiles
- Changelog
3.3.4
Bug #20573: Warning.warn shouldn't be called for disabled warnings
Bug #20585: Size of memory allocated by String.new(:capacity) is different
from the specified value
Bug #20581: Ruby 3.3.3 install has missing deps for bundled net-pop gem
Bug #20595: Corruption of encoding name string
Bug #20598: Corruption of internal encoding string
Bug #20562: Categorize RUBY_FREE_AT_EXIT warning
Bug #20468: Segfault on safe navigation in for target
Bug #20592: Interrupting Addrinfo causes Segmentation fault on alpine
Bug #20239: Segmentation fault when using Regex on a large String
Bug #20570: Nokey behavior changed since 3.3.
Bug #20605: Add explicit compiler fence when pushing frames to ensure safe
profiling
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
e8df3770fa |
meson: update to version 1.5.1
- Update from version 1.4.0 to 1.5.1 - Update of rootfile - Changelog of all changes in 1.5.x can be found at https://mesonbuild.com/Release-notes-for-1-5-0.html Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
893dd25c88 |
lua: Update to version 5.4.7
- Update from version 5.4.6 to 5.4.7 - Update of rootfile - Rename of patch file to make it clear that it works with 5.4.7 - Changelog is not available. Details of changes have to be founbd via the list of commits https://github.com/lua/lua/commits/master Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
9d58c441e2 |
bind: Update to version 9.20.1
- Update from version 9.16.50 to 9.20.1 - Update of rootfile - The use of liburcu has replaced isc_qsbr in 9.19.4 and therefore the position of liburcu in make.sh had to be changed. - --enable-threads, --with-libtool, --without-python & --disable-linux-caps are no longer reconised configure options (it looks like not recognised for a while. --without-python is explicitly mentioned as being removed in version 9.15.7 The others are not mentioned in the changelog notes. - The lib/bind9 and lib/irs directories in the source tarball have been removed. The The comtents of lib/bind9 have been moved to lib/isc and lib/isccfg and the contents of lib/irs have been moved to dns. - The order of the make instructions had to be changed as lib/isccfg required the results of lib/dns and the build failed without it. Changing the order solved the build problem. - A large number of CVE fixes have been applied between the new and old version. 5 9.20.0 2 9.19.21 3 9.19.20 1 9.19.17 1 9.19.14 3 9.19.9 5 9.19.5 1 9.19.1 4 9.19.0 1 9.17.19 1 9.17.17 2 9.17.12 5 9.17.4 4 9.17.2 - Changelog is too long to include here - around 5000 lines. For details see the NEWS file in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
5bf383da9e |
automake: Update to version 1.17
- Update from version 1.16.5 to 1.17
- Update of rootfile
- Changelog
1.17
* New features added
- AM_PATH_PYTHON will, after checking "python", prefer any Python 3
version (latest versions checked first) over any Python 2
version. If a specific version of Python 2 is still needed, the
$PYTHON variable should be set beforehand.
- AM_PATH_PYTHON will also search for Python versions 3.20 through 3.10.
It previously searched for 3.9 through 3.0. (bug#53530)
- RANLIB may be overridden on a per-target basis.
- AM_TEXI2FLAGS may be defined to pass extra flags to TEXI2DVI & TEXI2PDF.
- New option "posix" to emit the special target .POSIX for make.
(bug#55025, bug#67891)
- Systems with non-POSIX "rm -f" behavior are now supported, and the
prior intent to drop support for them has been reversed.
The ACCEPT_INFERIOR_RM_PROGRAM setting no longer exists.
(bug#10828)
- Variables using escaped \# will trigger portability warnings, but be
retained when appended. GNU Make & BSD Makes are known to support it.
(bug#7610)
- GNU Make's default pattern rules are disabled, for speed and debugging.
(.SUFFIXES was already cleared.) (bug#64743)
- For Texinfo documents, if a .texi.in file exists, but no .texi, the
.texi.in will be read. Texinfo source files need not be present at
all, and if present, need not contain @setfilename. Then the file name
as given in the Makefile.am will be used. If @setfilename is present,
it should be the basename of the Texinfo file, extended with .info.
(bug#54063)
- aclocal has a new option --aclocal-path to override $ACLOCAL_PATH.
(https://lists.gnu.org/archive/html/automake-patches/2022-01/msg00029.html)
- The missing script also supports autoreconf, autogen, and perl.
(https://lists.gnu.org/archive/html/automake-patches/2015-08/msg00000.html)
- test-suite.log now contains basic system information, and the
console message about bug reporting on failure has a bit more detail.
(bug#68746, bug#71421)
- When using the (default) "parallel" test driver, you can now omit the
output of skipped tests from test-suite.log by defining the
variable IGNORE_SKIPPED_LOGS to a non-empty value. (bug#71422)
* Bugs fixed
- Generated file timestamp checks handle filesystems with subsecond
timestamp granularity dynamically, greatly speeding up the sleep
done by AC_OUTPUT when generating config.status (all packages) and
Automake's make check.
However, this subsecond-mtime support requires an autom4te from
Autoconf 2.72 or later (or random test failures and other timing
problems may ensue), as well as a Perl, sleep program, make program,
and filesystem that all support subsecond resolution; otherwise, we
fall back to a two-second granularity, not even testing the (common)
1s case since that would induce a 2s delay for all configure scripts
in all packages on all systems that don't support subsecond mtimes.
When everything is supported, a line "Features: subsecond-mtime" is
now printed by automake --version and autom4te --version.
To override this check and delay, e.g. to use 1 second:
am_cv_filesystem_timestamp_resolution=1
export am_cv_filesystem_timestamp_resolution
(commit 720a11531,
https://lists.gnu.org/archive/html/automake-commit/2022-02/msg00009.html
then bug#60808, bug#64756, bug#67670, bug#68808, bug#71652,
history reviewed in
https://lists.gnu.org/archive/html/automake/2024-06/msg00054.html
and more info in surrounding threads.)
- The default value of $ARFLAGS is now "cr" instead of "cru", to better
support deterministic builds. (bug#20082)
- Automake's make dist now uses -9 instead of --best with gzip,
because Alpine gzip does not support --best. Also, GZIP_ENV is used
only for compression, not decompression, because of the same system.
(bug#68151)
- Dependency files are now empty, instead of "# dummy", for speed.
(https://lists.gnu.org/archive/html/automake/2022-05/msg00006.html)
- Compiling Python modules with Python 3.5+ uses multiple optimization
levels. (bug#38043)
- If the Python installation "scheme" is set to posix_local (Debian),
it is reset to either deb_system (if the prefix = /usr), or
posix_prefix (otherwise). (bug#54412, bug#64837)
- As a result of the Python scheme change, the installation directory
for Python files again defaults to "site-packages" under the usual
installation prefix, even on systems (generally Debian-based) that
would normally use the "dist-packages" subdirectory under
/usr/local.
- When compiling Emacs Lisp files, emacs is run with --no-site-file to
disable user config files that might hang or access the terminal;
and -Q is not used, since its support and behavior varies. (bug#58102)
- Emacs Lisp compilations respect silent make output.
- Automake no longer incorrectly warns that the POSIX make variables
$(*D) and the like are non-POSIX. Unfortunately, the make
implementations which do not correctly implement all the POSIX
variables are not detected, but this seems to have little impact
in practice. (bug#9587)
- Pass libtool tags OBJC and OBJCXX for the respective languages.
(bug#67539)
- distcleancheck ignores "silly rename" files (.nfs* .smb* .__afs*)
that can show up on network file systems.
(https://lists.gnu.org/archive/html/automake/2022-09/msg00002.html)
- Pass any options given to AM_PROG_LEX on to AC_PROG_LEX.
(bug#65600, bug#65730)
- aclocal: recognize ; as path separator on OS/2 and Windows. (bug#71534)
- Hash iterations with external effects now consistently sort keys.
(bug#25629, bug#46744)
- tests: avoid some declaration conflicts for lex et al. on SunOS.
(bug#34151 and others)
- tests: declare yyparse before use and use (void) parameter lists
instead of (), to placate C23. (bug#71425)
- Typos in code and other doc fixes. (bug#68003, bug#68004, et al.)
* Obsolescence:
- py-compile no longer supports Python 0.x or 1.x versions. Python 2.0,
released in 2000, is currently the minimum required version.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
34b3e9a0a2 |
rust: Update to version 1.80.1
- Update from version 1.67.0 to 1.80.1 - Update of rootfile (x86_64 & aarch64) - Changelog is too large to include here. There are more than 1000 lines from 1.67.0 to 1.80.1 Details can be found at https://doc.rust-lang.org/stable/releases.html Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
c26ea9ee01 |
p11-kit: Update to version 0.25.5
- Update from version 0.25.3 to 0.25.5
- Update of rootfile
- Changelog
0.25.5
* iter: fix recursive attribute loading [PR#642]
* fix building on FreeBSD 14.0 (amd64) [PR#644]
* test fix [PR#645]
0.25.4
* rpc: add support for recursive attributes [PR#624, PR#629, PR#631, PR#633]
* p11-kit: add function to check run-time version of the library [PR#637]
* p11-kit: expose version information through macros [PR#635]
* p11-kit: add option to specify CKA_ID in generate-keypair and import-object
commands [PR#615]
* p11-kit: add --provider option to specify PKCS#11 module when using p11-kit
commands [PR#611]
* p11-kit: fix a bug where eddsa mechanism isn't recognized in generate-keypair
[PR#617]
* p11-kit: fallback to C_GetFunctionList when C_GetInterface returns
CKR_FUNCTION_NOT_SUPPORTED [PR#622]
* bug and build fixes [PR#603, PR#604, PR#605, PR#606, PR#609, PR#614, PR#616,
PR#619, PR#627, PR#628, PR#632, PR#636, PR#639]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
c5fe41d3f9 |
gnutls: Update to version 3.8.7
- Update from version 3.8.5 to 3.8.7
- Update of rootfile
- Changelog
3.8.7
** libgnutls: New configure option to compile out DSA support
The --disable-dsa configure option has been added to completely disable DSA
algorithm support.
** libgnutls: Experimental support for X25519Kyber768Draft00 key exchange in TLS
For testing purposes, the hybrid post-quantum key exchange defined
in draft-tls-westerbaan-xyber768d00 has been implemented using
liboqs. Since the algorithm is still not finalized, the support of
this key exchange is disabled by default and can be enabled with
the --with-liboqs configure option.
3.8.6
** libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12
To be compliant with FIPS 140-3, PKCS#12 files with MAC based on
PBKDF2 (PBMAC1) is now supported, according to the specification
proposed in draft-ietf-lamps-pkcs12-pbmac1.
** libgnutls: SHA3 extendable output functions (XOF) are now supported
SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new
public API gnutls_hash_squeeze.
** API and ABI modifications:
gnutls_pkcs12_generate_mac3: New function
gnutls_pkcs12_flags_t: New enum
gnutls_hash_squeeze: New function
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
f093cb3fbe |
binutils: Update to version 2.43
- Update from version 2.42 to 2.43
- Update of rootfile (x86_64 & aarch64)
- Changelog
2.43
* Update copyright years
* config.sub: recognize nanoMIPS CPUs
* config.guess: recognize ironclad OS
* config.sub: recognize ironclad OS
* config.sub: recognize *-*-uefi
* Recognize the VideoCore 4 processor
* config.guess: detect LLVM-libc via features.h
* config.sub: add LLVM-libc support
* .pre-commit-config.yaml: Bump black hook to 24.3.0
* .pre-commit-config.yaml: New.
* Makefile.def: Add configure-gdbserver and all-gdbserver
dependencies on all-libiconv.
* Makefile.in: Re-generate.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
d1f7d501c1 | Merge remote-tracking branch 'ms/toolchain-2024-08-02' into next | ||
|
Michael Tremer
|
9db251ee0b |
linux: Tidy up the messy KVER variable
This variable never actually held the kernel version. There were always suffixes appended and other things changed about it. This makes it a lot simpler as this variable now holds the actual kernel version. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
d54e39f935 |
gnupg: This package no longer seems to be able to link against LDAP
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
79ed909531 |
autoconf-archive: New package
These macros are needed to run autoreconf for db-5.3.28. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
1a28d6ef4b |
GCC: Update to 14.2.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
dec1a72c6c |
glibc: Update to 2.40
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Matthias Fischer
|
d388d0c103 |
unbound: Update to 1.21.0
For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-21-0 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
90dfbe816a |
lz4: Update to version 1.10.0
- Update from version 1.9.4 to 1.10.0
- Update of rootfile
- Changelog
1.10.0
cli : multithreading compression support: improves speed by X times threads allocated
cli : overlap decompression with i/o, improving speed by ~+60%
cli : support environment variables LZ4_CLEVEL and LZ4_NBWORKERS
cli : license of CLI more clearly labelled GPL-2.0-or-later
cli : fix: refuse to compress directories
cli : fix dictionary compression benchmark on multiple files
cli : change: no more implicit `stdout` (except when input is `stdin`)
lib : new level 2, offering mid-way performance (speed and compression)
lib : Improved lz4frame compression speed for small data (up to +160% at 1KB)
lib : Slightly faster (+5%) HC compression speed (levels 3-9), by @JunHe77
lib : dictionary compression support now in stable status
lib : lz4frame states can be safely reset and reused after a processing error (described by @QrczakMK)
lib : `lz4file` API improvements, by @vsolontsov-volant and @t-mat
lib : new experimental symbol `LZ4_compress_destSize_extState()`
build: cmake minimum version raised to 3.5
build: cmake improvements, by @foxeng, @Ohjurot, @LocalSpook, @teo-tsirpanis, @ur4t and @t-mat
build: meson scripts are now hosted into `build/` directory, by @eli-schwartz
build: meson improvements, by @tristan957
build: Visual Studio solutions generated by `cmake` via scripts
port : support for loongArch, risc-v, m68k, mips and sparc architectures
port : improved Visual Studio compatibility, by @t-mat
port : freestanding support improvements, by @t-mat
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
cca1ef9a56 |
exfatprogs: Update to version 1.2.5
- Update from version 1.1.3 to 1.2.5
- Update of rootfile
- Changelog
1.2.5
CHANGES :
* exfatprogs: remove the limitation that the device
path length cannot exceed 254 bytes.
* exfatprogs: include the test images in the release
package.
NEW FEATURES :
* fsck.exfat: check and repair the filename which has
invalid characters.
BUG FIXES :
* tune.exfat: check whether the volume has invalid
characters correctly.
* fsck.exfat: check whether the filename and volume
has invalid characters correctly.
* fsck.exfat: fix endianess issues which happen
in the big-endian system.
1.2.4
BUG FIXES :
* tune.exfat: Fix "invalid serial number" error when
setting an serial number.
* fsck.exfat: Fix memory leak in an error path
1.2.3
CHANGES :
* dump.exfat: Report sector size in bytes and cluster size in
terms of sectors.
* fsck.exfat: Show checksum value if the SetChecksum of File
directory entry is invalid.
* mkfs.exfat: Improve FAT length calculation to reduce
the FAT size.
NEW FEATURES :
* mkfs.exfat: Add the option "--sector-size".
* fsck.exfat: Support checking and repairing VendorAllcation and
VendorExtension directory entries.
BUG FIXES :
* exfatprogs: Remove unnecessary memory allocations.
* fsck.exfat: Fix corruption that can occur if the cluster size
is 512-byte.
* fsck.exfat: Fix the SecondaryCount of File directory entry
when the count of Name directory entries is 17 or higher.
* tune.exfat: Fix an error that accepts invalid serial numbers.
1.2.2
CHANGES :
* exfat2img: Allow dumps for read-only devices.
* fsck.exfat: Revert Repairing zero size directory.
NEW FEATURES :
* fsck.exfat: Repair duplicated filename.
* mkfs.exfat: Add the option "q" to print only error messages.
* mkfs.exfat: Add the option "U" to set volume GUID.
* tune.exfat: Add the option "U" / "-u" to set or print volume GUID.
BUG FIXES:
* fsck.exfat: Fix some out-of-bounds memory accesses.
* fsck.exfat: Change not to delete volume GUID directory entry.
1.2.1
CHANGES :
* fsck.exfat: Repair zero size directory.
* fsck.exfat: Four small clean-ups.
1.2.0
CHANGES :
* fsck.exfat: Keep traveling files even if there is a corrupted
directory entry set.
* fsck.exfat: Introduce the option "b" to recover a boot sector even
if an exFAT filesystem is not found.
* fsck.exfat: Introduce the option "s" to create files in
"/LOST+FOUND", which have clusters allocated but was not belonged to
any files.
* fsck.exfat: Rename '.' and '..' entry name to the one user want.
NEW FEATURES :
* fsck.exfat: Repair corruptions of an exFAT filesystem. Please refer
to fsck.exfat manpage to see what kind of corruptions can be repaired.
* exfat2img: Dump metadata of an exFAT filesystem. Please refer to
exfat2img manpage to see how to use it.
BUG FIXES:
* fsck.exfat: Fix an infinite loop while traveling files.
* tune.exfat: Fix bitmap entry corruption when adding new volume lablel.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
b1be6000fe |
curl: Update to version 8.9.1
- Update from version 8.8.0 to 8.9.1
- Update of rootfile
- Changelog
8.9.1
Bugfixes:
cmake: detect `libssh` via `pkg-config`
cmake: detect `nettle` when building with GnuTLS
cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()`
configure: limit `__builtin_available` test to Darwin
connect: fix connection shutdown for event based processing
contrithanks.sh: use -F with -v to match lines as strings
curl: more defensive socket code for --ip-tos
CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching
CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe
example/multi-uv: remove the use of globals
ftpserver.pl: make POP3 LIST serve content from the test file
GHA/windows: increase timeout for vcpkg build step
lib: survive some NULL input args
macos: fix Apple SDK bug workaround for non-macOS targets
misc: cleanup after removing years from copyright
os400: build cli manual.
os400: workaround an IBM ASCII run-time library bug
RELEASE-PROCEDURE.md: remove the initial build step
runtests: fold timing details with GHA, sync `-r` tflags
tests: provide FTP directory contents in the test file
tidy-up: URL updates
TODO: thread-safe sharing
transfer: speed limiting fix for 32bit systems
vtls: avoid forward declaration in MultiSSL builds
wolfSSL: allow wolfSSL's implementation of kyber to be used
wolfssl: avoid calling get_cached_x509_store if store is uncachable
wolfssl: CA store share fix
x509asn1: unittests and fixes for gtime2str
8.9.0
Changes:
curl: add --ip-tos (IP Type of Service / Traffic Class)
curl: add --mptcp
curl: add --vlan-priority
curl: add -w '%{num_retries}'
gnutls: support CA caching
mbedtls: support CURLOPT_CERTINFO
noproxy: patterns need to be comma separated
socket: support binding to interface *AND* IP
tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt
urlapi: add CURLU_NO_GUESS_SCHEME
wolfssl: support CA caching
Bugfixes:
(lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS`
asyn-thread: avoid using GetAddrInfoExW with impersonation
aws-sigv4: url encode the canonical path
BINDINGS: update java link to one that exists
build: add Debug, TrackMemory, ECH to feature list
build: add more supported attributes to the IAR compiler
build: fix llvm 16 or older + Xcode 15 or newer, and gcc
build: fix llvm 17 and older + macOS SDK 14.4 and newer
build: sync warning options between autotools, cmake & compilers
build: tidy up `__builtin_available` feature checks (Apple)
build: untangle `CURLDEBUG` and `DEBUGBUILD` macros
build: use `#error` instead of invalid syntax
cd2nroff: convert two warnings to errors
cd2nroff: use an empty "##" to signal end of .IP sequence
cf-socket: improve SO_SNDBUF update for Winsock
cf-socket: optimize curlx_nonblock() and check its return error
cf-socket: remove obsolete recvbuf
cf-socket: remove two "useless" assignments
cfilters: make Curl_conn_connect always assign 'done'
cmake: add CURL_USE_GSASL option with detection + CI test
cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON`
cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION`
cmake: alpha-sort feature list
cmake: always build unit tests with the `testdeps` target
cmake: bring `curl-config.cmake` closer to `FindCURL`
cmake: create `configurehelp.pm` like autotools does
cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros
cmake: detect `libidn2` also via `pkg-config`
cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION`
cmake: fix `-Wredundant-decls` in unity/mingw-w64 builds
cmake: fix brotli lib order
cmake: fix building `unit1600` due to missing `ssl/openssl.h`
cmake: fix building in unity mode
cmake: fix building with both md4 and md5 in unity mode
cmake: fix builds with detected libidn2 lib but undetected header
cmake: fix feature and protocol lists for SecureTransport
cmake: fix quotes when appending multiple options (SecureTransport)
cmake: fix test 1013 with websockets enabled and no TLS
cmake: improve wolfSSL detection
cmake: show protocols, then features
cmake: stop setting SOVERSION for the static lib target
cmake: sync CA bundle/path detection with autotools
cmake: sync protocol/feature list with `curl -V` output
cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string
cmake: whitespace, formatting/tidy-up in comments
cmdline-docs: "added in" cleanups
cmdline-docs: fix `--proxy-ca-native` example + tidy-ups
cmdline-opts/_PROTOCOLS.md: mention WS(S)
cmdline-opts/ech.md: shorten the help text
cmdline-opts/fail.md: expand and clarify
cmdline-opts/interface.md: expand the documentation
cmdline-opts: category cleanup
cmdline-opts: expand the parallel explanations
cmdline-opts: shorten six help texts
cmdline: expand proxy option explanations
code: language cleanup in comments
configure: CA bundle/path detection fixes
configure: fix `SystemConfiguration` detection
configure: fix pkg-config library name 'libnghttp3'
configure: fix pkg-config names (zstd, ngtcp2*)
configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds
configure: remove 'deeper' checks for `AC_CHECK_FUNCS`
configure: require a QUIC library if nghttp3 is used
configure: sort feature list, lowercase protocols, use backticks
configure: use `$EGREP` in place of `grep -E`
configure: use AC_MSG_WARN for TLS/experimental warning texts
connect-to.md: expand with examples
connection: shutdown TLS (for FTP) better
cookie-jar.md: see also --junk-session-cookies
curl-config: revert to backticks to support old target envs
curl: allow etag and content-disposition for 3xx reply
curl: bsearch the --write-out variable name
curl: check for --disable case *sensitively*
curl: list categories in --help
curl: make warnings and other messages aware of terminal width
curl: output "flying saucers" with leading carriage return
curl_easy_escape: elaborate a little on encoding a URL
curl_mprintf.md: add missing comma
curl_multi_poll.md: expand the example with an custom file descriptor
curl_str[n]equal.md: tidy up text to make them stand-alone
curl_url_set.md: libcurl only parses :// URLs
curl_url_set: elaborate on scheme guessing
curldown: make 'added-in:' a mandatory header field
CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version
CURLOPT_ECH.md: remove repeated 'if'
CURLOPT_NETRC.md: clarify what it does on Windows
CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*')
CURLOPT_SSL_VERIFYHOST.md: refresh
CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: language fixups
DISTROS: add a link to the list archive
DISTROS: add AlmaLinux package source link
DISTROS: add MSYS2 (native) links
docs/cmdline-opts: fix mail-auth example TLD typo
docs/cmdline-opts: remove two superfluous "Added in" mentions
docs/libcurl: polish the single-line descriptions
docs/Makefile.am: make curl-config.1 install
docs: reference non deprecated libcurl options
docs: start markdown headers with capital letter where applicable
doh-insecure.md: expand
doh: fix cleanup
doh: fix leak and zero-length HTTPS RR crash
dump-header.md: mention minus for stdout
examples/threaded-ssl: remove locking callback code
examples: add missing binaries to .gitignore
examples: delete unused includes
examples: fix compiling with MSVC
examples: suppress deprecation warnings locally
FEATURES.md: refresh
file: separate fake headers and body with a stand-alone CRLF
ftp: remove redundant null pointer check in loop condition
get.d: clarify the explanation
GHA/windows: add MSVC wolfSSL job with test
GHA/windows: ignore FTP test results for old-mingw-w64
GHA: add MSVC UWP job, expand jobs with more options
GHA: detect and warn for more English contractions
GHA: disable MQTT and WebSocket tests in Windows jobs
GHA: disable TFTP tests in Windows jobs
GHA: enable tests 1139, 1177, 1477 on Windows
GHA: improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs
GHA: unify http3 workflows into one
GHA: use vcpkg to install packages for MSVC jobs
GIT-INFO.md: remove version requirements
gnutls: improve TLS shutdown
gnutls: pass in SNI name, not hostname when checking cert
help: add flags to output and ssh categories
hostip: skip error check for infallible function call
http/3: add shutdown support
http/3: resume upload on ack if we have more data to send
http: remove "struct HTTP"
http: write last header line late
idn: fix ß with AppleIDN
idn: make macidn fail before trying conversion if name too long
idn: tweak buffer use when converting with macidn
lib/v*: tidy up types and casts
lib: add a few DEBUGASSERT(data) to aid code analyzers
lib: add failure reason on bind errors
lib: fix gcc warning in certain debug builds
lib: fix thread entry point to return `DWORD` on WinCE
lib: graceful connection shutdown
lib: prefer `var = time(NULL)` over `time(&var)`
lib: tidy up types and casts
lib: xfer_setup and non-blocking shutdown
libcurl-docs: make option lists alpha-sorted
libcurl-easy.md: now *more* than 300 options
libcurl.pc: add `Requires.private`, `Requires` for static linking
libcurl.pc: add more `Requires.private`/`Requires` dependencies
libssh: remove CURLOPT_SSL_VERIFYHOST check
macos: add workaround for gcc, non-c-ares, IPv6, compile error
macos: undo `availability` macro enabled by Homebrew gcc
managen: "added in" fixes
managen: cleanups to generate nicer-looking output
managen: error on trailing blank lines in input files
managen: fix removing backticks from subtitles
managen: insert final .fi for files ending with a quote
managen: introduce "Multi: per-URL"
managen: only output .RE for manpage output
managen: output tabs for each 8 leading spaces
managen: warn on excessively long help texts
MANUAL.md: wrap two example urls that overrun styling
mbedtls: check version before getting tls version
mbedtls: check version for cipher id
mbedtls: correct the error message for cert blob parsing failure
mbedtls: send close-notify on close
mbedtls: v3.6.0 workarounds
md4: fix compilation with OpenSSL 1.x with md4 disabled
misc: fix typos
mk-ca-bundle.pl: delay 'curl -V' execution until it is needed
multi: add multi->proto_hash, a key-value store for protocol data
multi: do a final progress update on connect failure
multi: fix multi_wait() timeout handling
multi: fix pollset during RESOLVING phase
multi: multi_getsock(), check correct socket
ngtcp2+quictls: fix cert-status use
noproxy: test bad ipv6 net size first
openssl/gnutls: rectify the TLS version checks for QUIC
openssl: fix %-specifier in infof() call
openssl: fix hostname handling when using ECH
openssl: stop duplicate ssl key logging for legacy OpenSSL
os400: make it compilable again
pytest: add ftp upload tests
pytest: include testenv/vsftpd.py in dist tarball
quic: enable UDP GRO
quic: openssl quic, cmake and doc version update to 3.3.0
quic: require at least OpenSSL 3.3 for QUIC
quic: update to quiche 0.22.0
quiche: fix operand of ‘?:’ changes signedness
request.md: language fix
request: change the struct field bodywrites to a bool, only for hyper
reuse: switch to REUSE 3.2 and REUSE.toml
runtests: show name and keywords for failed tests in summary
runtests: sort test IDs in summary lines
runtests: support %DATEfor YYYY-MM-DD of right now
runtests: support %VERNUM
runtests: support crlf="yes" for the <stderr> section
sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings
sectransp: fix clang compiler warnings, stop silencing them
sectransp: remove large cipher table
sectransp: use common code for cipher suite lookup
sendf: fix CRLF conversion of input
smtp: for starttls, do full upgrade
socket: change TCP keepalive from ms to seconds on DragonFly BSD
socket: use SOCK_NONBLOCK to eliminate extra system call
socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()`
src/Makefile.am: remove SUBDIRS assignment
system_win32: add missing curl.h include
tcpkeepalive: support TCP keep-alive parameters on Solaris <11.4
test1119: adapt for `.md` input
test1139: scan .md files instead of .3 ones
test1175: scan libcurl-errors.md, not the generated .3 version
test1486: verify that write-out.md and tool_writeout.c are in sync
test2600: disable on win32
test: add test1484, for HEAD with content
test: add test1546, chunked not last transfer encoding
tests/scripts: call it 'manpage' (single word)
tests: add pytest for --ciphers and --tls13-ciphers options
tests: delete `CharConv` remains
tests: delete redundant `!MSDOS` guard
tests: extend user/password parsing test1620
tests: fix sshd IdentityFile path for MinGW/Cygwin
tests: fix sshd UserKnownHostsFile path for MinGW/Cygwin
tests: include current directory when running test Perl commands
tests: log "Throwing away" messages before throwing away
tests: run with "--trace-config all" to provide even more info
tests: sync feature names with `curl -V`
tests: test_17_ssl_use.py clarify mbedTLS TLSv1.3 support
tests: use exec when spawning nghttpx
tidy-up: use consistent casing for Windows directories
TODO: remove some old, clarify, add something
tool_cb_hdr: return error for failed header writes
tool_operate: avoid explicitly setting verifypeer to 1
tool_operate: simplify return code handling from url_proto()
tool_writeout: get certinfo only when needing it
trace-ascii.md: mention "%" for stderr
transfer: avoid polling socket every transfer loop
transfer: conn close on paused upload
transfer: do not use EXPIRE_NOW while blocked
transfer: remove curl_upload_refill_watermark, no longer used
transfer: set CSELECT_IN if there is data pending
unit2604: use 'unitfail' instead of 'error' variable
url: allow DoH transfers to override max connection limit
urlapi: remove unused definition of HOST_BAD
variable.md: make example use expand
verify-synopsis.pl: work with .md files
vms: fixed language in comment
vtls: deprioritize Secure Transport
vtls: replace addsessionid with set_sessionid
winbuild: fix PE version info debug flag
winbuild: MS-DOS batch tidy-ups
winbuild: remove outdated WIN32 defines
windows: fix UWP builds, add GHA job
winsock: move SO_SNDBUF update into cf-socket
wolfssl: assume key_file equal to clientcert if no key_file
wolfssl: use larger error buffer when formatting errors
x509asn1: add some common ECDSA OIDs
x509asn1: ASN1tostr() should fail when 'constructed' is set
x509asn1: fallback to dotted OID representation
x509asn1: make Curl_extract_certinfo store error message
x509asn1: prevent NULL dereference
x509asn1: remove superfluous free()
x509asn1: remove two static variables
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
e891c3beca |
poppler: Update to version 24.08.0
- Update from version 24.03.0 to 24.08.0
- Update of rootfile
- sobump has dependency of cups-filters
- Changelog
24.08.0
core:
* Add support for modifying the appearance stream text in form field choice
* Fix buffer overflow in Windows specific font selection code
* Fix crashes in malformed files
* Internal code improvements
qt5:
* Add support for modifying the appearance stream text in form field choice
qt6:
* Add support for modifying the appearance stream text in form field choice
utils:
* pdfinfo: Fix crash in malformed documents
24.07.0
core:
* Fix crashes in broken files
* Internal code improvements
qt6:
* Add getters for document additional actions
* Implement reset forms link
qt5:
* Add getters for document additional actions
* Implement reset forms link
utils:
* pdfinfo: Fix crash in broken documents when using -dests
build system:
* Mark glib-mkenums as required
24.06.0
core:
* Performance improvements in some files
* Fix some issues with files bigger than 2^31 bytes
* Remove all cairo include guards for cairo < 1.16
* Fix MSVC build
* Internal code improvements
qt6:
* Update Qt6 doc example
* Use the non deprecated version of QString::fromUcs4
glib:
* properly document return value from poppler_font_info_scan
24.05.0
core:
* Fix signing not being totally correct in some kind of PDF files
* Assume "Adobe-Identity" for character collection. Issue #1465
* Small improvements in annotation font rendering
* Remove some GooString methods, use std::string ones instead
* Move some GooString methods to UTF.h
* Fix crash in broken files
cpp:
* cpp: Fix crash extracting text and font in some files. Issue #1477
* Change base class of ustring to char16_t
qt6:
* Add async API for certificate validation
* Fix text extraction for Landscape/Seascape pages
qt5:
* Add async API for certificate validation
* Fix text extraction for Landscape/Seascape pages
utils:
* pdfdetach: Small code improvements
* pdftops: Write compliant ps header
build system:
* Increase minimum supported base to that provided by Ubuntu 22.04
24.04.0
core:
* Optimize page text extraction speed
* Fix clipping path handling in some files. Issue #739
* Fix regression in text selection
* Fix text search across lines between paragraphs
qt6:
* Fix crash in SoundObject::data
utils:
* pdfsig: Add Catalan translation
build system:
* Build code as C++20
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
b058000c23 | Merge remote-tracking branch 'ms/unbound-socket' into next | ||
|
Adolf Belka
|
0216fe0228 |
libxml2: Update to version 2.13.3
- Update from version 2.12.3 to 2.13.3
- Update of rootfile
- CVE fixes in 2.13.3, 2.12.7, 2.12.5
- Changelog
2.13.3
### Security
- [CVE-2024-40896] Fix XXE protection in downstream code
### Regressions
- autotools: Use AC_CHECK_DECL to check for getentropy
- xinclude: Fix fallback for text includes
- io: Don't call getcwd in xmlParserGetDirectory
- io: Fix return value of xmlFileRead
- parser: Fix error return of xmlParseBalancedChunkMemory
### Improvements
- xinclude: Set error handler when parsing text
- Undeprecate xmlKeepBlanksDefault
2.13.2
### Regressions
- tree: Fix handling of empty strings in xmlNodeParseContent
- valid: Restore ID lookup
- parser: Reenable ctxt->directory
- uri: Handle filesystem paths in xmlBuildRelativeURISafe
- encoding: Make xmlFindCharEncodingHandler return UTF-8 handler
- encoding: Fix encoding lookup with xmlOpenCharEncodingHandler
- include: Define ATTRIBUTE_UNUSED for clang
- uri: Fix xmlBuildURI with NULL base
### Improvements
- uri: Enable Windows paths on Cygwin
- tests: Clarify licence of test/intsubset2.xml
2.13.1
### Regressions
- parser: Selectively reenable reading from "-"
- reader: Fix xmlTextReaderReadString
- xinclude: Set XPath context doc
- xinclude: Load included documents with XML_PARSE_DTDLOAD
- include: Don't redefine ATTRIBUTE_UNUSED
- include: Readd circular dependency between tree.h and parser.h
- xinclude: Add missing include (Jan Alexander Steffens (heftig))
- win32, msvc: fix missing linking against Bcrypt.lib (Miklos Vajna)
- xinclude: Don't raise error on empty nodeset
- parser: Make failure to load main document a warning
- tree: Fix freeing entities via xmlFreeNode
- parser: Pass global object to sax->setDocumentLocator
### Improvements
- io: Fix resetting xmlParserInputBufferCreateFilename hook
### Documentation
- Fix typo in NEWS (--with-html -> --with-http) (Ryan Carsten Schmidt)
- doc: Don't mention xmlNewInputURL
2.13.0
### Major changes
Most of the core code should now report malloc failures reliably. Some
API functions were extended with versions that report malloc failures.
New API functions for error handling were added:
- xmlCtxtSetErrorHandler
- xmlXPathSetErrorHandler
- xmlXIncludeSetErrorHandler
This makes it possible to register per-context error handlers without
resorting to global handlers.
A few error messages were improved and consolidated. Please update
downstream test suites accordingly.
A new parser option XML_PARSE_NO_XXE can be used to disable loading
of external entities or DTDs. This is most useful in connection with
XML_PARSE_NOENT.
Support for HTTP POST was removed.
Support for zlib, liblzma and HTTP is now disabled by default and has
to be enabled by passing --with-zlib, --with-lzma or --with-http to
configure. In legacy mode (--with-legacy) these options are enabled
by default as before.
Support for FTP will be removed in the next release.
Support for the range and point extensions of the xpointer() scheme
will be removed in the next release. The rest of the XPointer
implementation won't be affected. The xpointer() scheme will behave
like the xpath1() scheme.
Several more legacy symbols were deprecated. Users of the old "SAX1"
API functions are encouraged to upgrade to the new "SAX2" API,
available since version 2.6.0 from 2003.
Some deprecated global variables were made const:
- htmlDefaultSAXHandler
- oldXMLWDcompatibility
- xmlDefaultSAXHandler
- xmlDefaultSAXLocator
- xmlParserDebugEntities
### Deprecations and removals
- threads: Deprecate remaining ThrDef functions
- unicode: Deprecate most xmlUCSIs* functions
- memory: Remove memory debugging
- tree: Deprecate xmlRegisterNodeDefault
- tree: Deprecate xmlSetCompressMode
- html: Deprecate htmlHandleOmittedElem
- valid: Deprecate internal validation functions
- valid: Deprecate old DTD serialization API
- nanohttp: Deprecate public API
- Remove VMS support
- Remove Trio
### Bug fixes
- parser: Fix base URI of internal parameter entities
- tree: Handle predefined entities in xmlBufGetEntityRefContent
- schemas: Allow unlimited length decimals, integers etc. (Tomáš Ženčák)
- reader: Fix preservation of attributes
- parser: Always decode entities in namespace URIs
- relaxng: Fix tree corruption in xmlRelaxNGParseNameClass (Seiya Nakata)
- schemas: Fix ADD_ANNOTATION
- tree: Fix tree iteration in xmlDOMWrapRemoveNode
- tree: Declare namespace on clone in xmlDOMWrapCloneNode
- tree: Fix xmlAddSibling with last sibling
- tree: Fix xmlDocSetRootElement with multiple top-level elements
- catalog: Fetch XML catalog before dumping
- html: Don't close fd in htmlCtxtReadFd
### Improvements
- parser: Fix "Truncated multi-byte sequence" error
- Add missing _cplusplus processing clause (Sadaf Ebrahimi)
- parser: Rework handling of undeclared entities
- SAX2: Warn if URI resolution failed
- parser: Don't report error on invalid URI
- xmllint: Clean up option handling
- xmllint: Rework parsing
- parser: Don't create undeclared entity refs in substitution mode
- Make some globals const
- reader: Make xmlTextReaderReadString non-recursive
- reader: Rework xmlTextReaderRead{Inner,Outer}Xml
- Remove redundant size check (Niels Dossche)
- Remove redundant NULL check on cur (Niels Dossche)
- Remove always-false check old == cur (Niels Dossche)
- Remove redundant NULL check on cur (Niels Dossche)
- tree: Don't return empty localname in xmlSplitQName{2,3}
- xinclude: Don't try to fix base of non-elements
- tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling
- SAX2: Optimize appending children
- tree: Align xmlAddChild with other node insertion functions
- html: Use binary search in htmlEntityValueLookup
- io: Allocate output buffer with XML_BUFFER_ALLOC_IO
- encoding: Don't shrink input too early in xmlCharEncOutput
- tree: Tighten source doc check in xmlDOMWrapAdoptNode
- tree: Check destParent->doc in xmlDOMWrapCloneNode
- tree: Refactor text node updates
- tree: Refactor node insertion
- tree: Refactor element creation and parsing of attribute values
- tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent
- buf: Don't use default buffer size for small strings
- string: Fix xmlStrncatNew(NULL, "")
- entities: Don't allow null name in xmlNewEntity
- html: Fix quadratic behavior in htmlNodeDump
- tree: Rewrite xmlSetTreeDoc
- valid: Rework xmlAddID
- tree: Remove unused node types
- tree: Make namespace comparison more consistent
- tree: Don't allow NULL name in xmlSetNsProp
- tree: Rework xmlNodeListGetString
- tree: Rework xmlTextMerge
- tree: Rework xmlNodeSetName
- tree: Simplify xmlAddChild with text parent
- tree: Disallow setting content of entity reference nodes
- tree: Rework xmlReconciliateNs
- schemas: fix spurious warning about truncated snprintf output
(Benjamin Gilbert)
- xmlschemastypes: Remove unreachable if statement (Maks Mishin)
- relaxng: Remove useless if statement (Maks Mishin)
- tree: Check for integer overflow in xmlStringGetNodeList
- http: Improve error message for HTTPS redirects
- catalog: Remove Windows hack
- save: Move DTD serialization code to xmlsave.c
- parser: Report fatal error if document entity couldn't be loaded
- xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest
- SAX2: Limit entity URI length to 2000 bytes
- parser: Account for full size of non-well-formed entities
- parser: Pop inputs if parsing DTD failed
- parser: Fix quadratic behavior when copying entities
- writer: Implement xmlTextWriterClose
- parser: Avoid duplicate namespace errors
- parser: Add XML_PARSE_NO_XXE parser option
- parser: Make xmlParseContent more useful
- error: Make xmlFormatError public
- encoding: Check whether encoding handlers support input/output
- SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
- parser: Lower maximum entity nesting depth
- parser: Set depth limit to 2048 with XML_PARSE_HUGE
- parser: Implement xmlCtxtSetOptions
- parser: Always prefer option members over bitmask
- parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set
- parser: Rework parsing of attribute and entity values
- save: Output U+FFFD replacement characters
- parser: Simplify entity size accounting
- parser: Avoid unwanted expansion of parameter entities
- parser: Always copy content from entity to target
- parser: Simplify control flow in xmlParseReference
- parser: Remove xmlSetEntityReferenceFunc feature
- parser: Push general entity input streams on the stack
- parser: Move progressive flag into input struct
- parser: Fix in-parameter-entity and in-external-dtd checks
- xpath: Rewrite substring-before and substring-after
- xinclude: Only set xml:base if necessary
- xinclude: Allow empty nodesets
- parser: Rework general entity parsing
- io: Fix close error handling
- io: Fix read/write error handling
- io: More refactoring and unescaping fixes
- io: Move some code from xmlIO.c to parserInternals.c
- uri: Clean up special parsing modes
- xinclude: Rework xml:base fixup
- parser: Also set document properties when push parsing
- include: Move non-generated parts from xmlversion.h.in
- io: Remove support for HTTP POST
- dict: Move local RNG state to global state
- dict: Get random seed from system PRNG
- io: Don't use "-" to read from stdin
- io: Rework initialization
- io: Consolidate error messages
- xzlib: Fix harmless unsigned integer overflow
- io: Always use unbuffered input
- io: Fix detection of compressed streams
- io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile
- io: Rework default callbacks
- error: Stop printing some errors by default
- xpath: Don't free nodes of XSLT result value trees
- valid: Fix handling of enumerations
- parser: Allow recovery in xmlParseInNodeContext
- encoding: Support ASCII in xmlLookupCharEncodingHandler
- include: Remove useless 'const' from function arguments
- Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const'
conversions (makise-homura)
- Avoid EDG deprecation warnings for LCC compiler (makise-homura)
- Avoid EDG -Woverflow warnings on truncating conversions by manually
truncating operand (makise-homura)
- Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by
conversion from unsigned int to int (makise-homura)
- Avoid using no_sanitize attribute on EDG even if compiler shows as GCC
(makise-homura)
### Build systems
- meson: convert boolean options to feature option (Rosen Penev)
- meson: Pass LIBXML_STATIC in dependency (Andrew Potter)
- meson: fix compilation with local binaries (Rosen Penev)
- meson: don't use dl dependency on old meson (Rosen Penev)
- meson: fix usage as a subproject (Rosen Penev)
- autotools: Fix pthread detection on FreeBSD
- build: Remove --with-fexceptions configuration option
- autotools: Remove --with-coverage configuration option
- build: Disable HTTP support by default
- Stop defining _REENTRANT
- doc: Don't install example code
- meson: Initial commit (Vincent Torri)
- build: Disable support for compression libraries by default
- Set LIBXML2_FOUND if it has been properly configured (Michele Bianchi)
- Makefile.am: omit $(top_builddir) from DEPS and LDADDS (Mike Dalessio)
### Test suite
- runtest: Work around broken EUC-JP support in musl iconv
- runtest: Check for IBM-1141 encoding handler
- fuzz: Add xmllint fuzzer
- fuzz: Add fuzzer for XML reader API
- fuzz: New tree API fuzzer
- tests: Remove testOOM
- Don't let gentest.py cast types to 'const somethingPtr' to avoid
-Wignored-qualifiers (makise-homura)
2.12.8
### Regressions
- parser: Fix performance regression when parsing namespaces
2.12.7
### Security
- [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
### Regressions
- xmllint: Fix --pedantic option
- save: Handle invalid parent pointers in xhtmlNodeDumpOutput
2.12.6
### Regressions
- parser: Fix detection of duplicate attributes in XML namespace
- xmlreader: Fix xmlTextReaderConstEncoding
- html: Fix htmlCreatePushParserCtxt with encoding
- xmllint: Return error code if XPath returns empty nodeset
2.12.5
### Security
- [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
### Regressions
- parser: Fix crash in xmlParseInNodeContext with HTML documents
2.12.4
### Regressions
- parser: Fix regression parsing standalone declarations
- autotools: Readd --with-xptr-locs configuration option
- parser: Fix build --without-output
- parser: Don't grow or shrink pull parser memory buffers
- io: Fix memory lifetime issue with input buffers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
5814de8054 |
libusb: Update to version 1.0.27
- Update from version 1.0.26 to 1.0.27
- Update of rootfile
- Changelog
1.0.27
* New libusb_init_context API to replace libusb_init
* New libusb_get_max_alt_packet_size API
* New libusb_get_platform_descriptor API (BOS)
* Allow setting log callback with libusb_set_option/libusb_init_context
* New WebAssembly + WebUSB backend using Emscripten
* Fix regression in libusb_set_interface_alt_setting
* Fix sync transfer completion race and use-after-free
* Fix hotplug exit ordering
* Linux: NO_DEVICE_DISCOVERY option set per context
* macOS: Fix missing device list cleanup locking
* macOS: Do not clear device data toggle for newer OS versions
* macOS: Fix running binaries on older OS than build host
* Windows: Allow claiming multiple associated interfaces
* Windows: Ignore non-configured devices instead of waiting
* Windows: Improved root hub detection
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
db9698c9cc |
libsodium: Update to version 1.0.20
- Update from version 1.0.19 to 1.0.20
- Update of rootfile
- Changelog
1.0.20
This point release includes all the changes from 1.0.19-stable,
mainly addressing compilation issues and improvements to the .NET
packages.
* Version 1.0.19-stable
- Building with `zig build` now requires Zig 0.12.
- When using the traditional build system, -O3 is used instead of -Ofast.
- Improved detection of the compiler flags required on aarch64.
- Improved compatibility with custom build systems on aarch64.
- apple-xcframework: VisionOS packages are not built if Xcode doesn't
include that SDK.
- `crypto_kdf_hkdf_sha512_statebytes()` was added.
- When using Visual Studio, runtime CPU feature detection is now enabled
on Windows/aarch64.
- There were issues with C++ guards affecting usage of libsodium
using Swift on Windows. This has been fixed.
- Emscripten: `crypto_aead_aegis*()` functions are now exported in
JavaScript builds
- Emscripten: unsupported `--memory-init-file` option has been removed.
- apple-xcframework: the minimal deployment target can be set to iOS 11+.
- .NET packages now include precompiled libraries for Windows/arm64,
iOS, TvOS and Catalyst.
- .NET precompiled libraries now work on any CPUs, using only runtime
feature detection.
- SYSV assembly should not be used when targeting Windows (reported by
@meiyese, thanks!)
- Compatibility issues with LLVM 18 and AVX512 have been addressed.
- GitHub attestation build provenance are now added to NuGet packages.
- JavaScript tests can now use Bun as an alternative to Node.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|