- Update from version 7.0.3 to 7.1
- Update of rootfile
- Changelog
7.1 (18 October 2023)
* Language
. new generic definition commands, @defblock, @defline and @deftypeline,
for definitions without automatic index entries
. new @linemacro facility eases use of generic definition commands
. new command @link creates plain links (supported output formats only)
. @cartouche takes an argument to specify the cartouche title
. you can use the new commands @nodedescription and @nodedescriptionblock
to give text to be used in menu descriptions in Info and HTML output
* texi2any
. @itemx at the beginning of a @table is now an error, not a warning
. better validity checking of deeply nested commands
. check that @set and @clear only appear at the start of a line
. warn about missing menu entries even if CHECK_NORMAL_MENU_STRUCTURE is
not set. you can turn this off by setting CHECK_MISSING_MENU_ENTRY to 0.
. no longer use --enable-encoding and --disable-encoding to determine
whether to output encoded characters (instead of entities or commands)
for HTML, XML, DocBook and LaTeX; instead, use the value of the
OUTPUT_CHARACTERS customization variable.
. stricter checks on input encoding, in particular more warnings and
errors with malformed UTF-8
. support any input file encoding if support exists in the operating
system, not just a selected list of encodings
. resolve an alias referring to another alias at definition time
. internally, use "source marks" to keep all Texinfo source information that
is not in the final tree (location of macros, values and included files
expansion, @if* blocks, DEL comment, and @ protecting end of line on @def*
lines)
. HTML output:
. format @subentry and index entries with @seealso or @seeentry in a more
similar way to printed output
. output @shortcontents before @contents by default
. omit colons after index entries by default. this can still be
configured with INDEX_ENTRY_COLON.
. add @example syntax highlighting as a texi2any extension
. no more capitalization of @sc argument in HTML Cross-references
. change @point expansion to U+22C6 in HTML Cross-references
. if a @node is not associated with a sectioning command but is
followed by a heading command not usually associated to nodes
such as @heading and this command appears before other formatted
content, the heading command is assumed to supply the node heading.
you can customize this with USE_NEXT_HEADING_FOR_LONE_NODE.
. Info output:
. new variable ASCII_DASHES_AND_QUOTES, on by default,
outputs ASCII characters for literal quote or hyphen characters
in source, rather than UTF-8. this makes it easier to search
Info files.
. new ASCII_GLYPH variable for using ASCII renditions for glyph
commands (like @bullet)
. ASCII_PUNCTUATION still includes the effect of these new variables.
. new variables AUTO_MENU_DESCRIPTION_ALIGN_COLUMN and AUTO_MENU_MAX_WIDTH
control the format of descriptions in generated menus
. XML output:
. place menu leading text and menu separators in elements instead
of attributes
* texi2dvi
. macro expansion with texi2any requires at least version 5.0 (only
happens with --expand option or with very old texinfo.tex)
* texinfo.tex
. in @code, ` and ' output by default with backtick and undirected
single quote glyphs in the typewriter font. you can still configure
this using the @codequoteundirected/@codequotebacktick commands.
. do not insert a space for @ def line continuation, matching the behavior
of texi2any
. align section titles in table of contents when more than 10 sections
. microtype is off by default, for speed
. page headings generation is no longer linked to the @titlepage command
* info
. when going Up, position cursor on menu entry for current node
. allow mouse scrolling support regardless of termcap entries. this
supports some more xterm configurations.
. do not use "/index" as a possible file extension for Info files
* Distribution
. autoconf 2.71, automake 1.16.5, gettext 0.21
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.0.18 to 1.0.19
- Update of rootfile
- sobump so find-dependencies run. Identified dnsdist and shairport-sync to be shipped.
- Changelog
1.0.19
- New AEADs: AEGIS-128L and AEGIS-256 are now available in the
`crypto_aead_aegis128l_*()` and `crypto_aead_aegis256_*()` namespaces.
AEGIS is a family of authenticated ciphers for high-performance applications,
leveraging hardware AES acceleration on `x86_64` and `aarch64`. In addition
to performance, AEGIS ciphers have unique properties making them easier and
safer to use than AES-GCM. They can also be used as high-performance MACs.
- The HKDF key derivation mechanism, required by many standard protocols, is
now available in the `crypto_kdf_hkdf_*()` namespace. It is implemented for
the SHA-256 and SHA-512 hash functions.
- The `osx.sh` build script was renamed to `macos.sh`.
- Support for android-mips was removed.
1.0.18-stable
- Visual Studio: support for Windows/ARM64 builds has been added.
- Visual Studio: AVX512 implementations are enabled on supported CPUs.
- Visual Studio: an MSVC 2022 solution was added.
- Apple XCFramework: support for VisionOS was added.
- Apple XCFranework: support for Catalyst was added.
- Apple XCFramework: building the simulators is now optional.
- iOS: bitcode is not generated any more, as it was deprecated by Apple.
- watchOS: support for arm64 was added.
- The Zig toolchain can now be used as a modern build system to replace
autoconf/automake/libtool/make/ccache and the compiler. This enables faster
compilation times, easier cross compilation, and static libraries optimized
for any CPU.
- The Zig toolchain is now the recommended way to compile `libsodium`
to WebAssembly/WASI(X).
- libsodium can now be added as a dependency to Zig projects.
- Memory fences were added to remove some gadgets that could be used
alongside speculative loads.
- The AES-GCM implementation was completely rewritten. It is now faster,
and also available on aarch64, including Windows/ARM64.
- Compatibility with CET instrumentation / IBT / Shadow Stack was added.
- Emscripten: the `crypto_pwhash_*()` functions have been removed from Sumo
builds, as they reserve a substantial amount of JavaScript memory, even when
not used.
- Benchmarks now use `CLOCK_MONOTONIC` if possible.
- WebAssembly: tests can now run using Bun, WasmEdge, Wazero, wasm3 and
wasmer-js. Support for WAVM and Lucet have been removed, as these projects
have reached EOL.
- .NET: the minimum supported macOS version is now 1.0.15; this matches
Microsoft guidelines.
- .NET: all the packages are now built using Zig, on all platforms. This
allows us to easily match Microsoft's requirements, including supported glibc
versions. However, on x86_64, targets are expected to support at least the
AVX instruction set.
- .NET: packages for ARM64 are now available.
- C23 `memset_explicit()` is now used, when available.
- Compilation now uses `-Ofast` or `-O3` instead of `-O2` by default.
- Portability improvements to help compile libsodium to modern game consoles.
- JavaScript: a default `unhandledRejection` handler is not set any more.
- Slightly faster 25519 operations.
- OpenBSD: leverage `MAP_CONCEAL`.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 20230804 to 20231030
- Update of rootfile - process defined by Peter Mueller used on rootfile to identify
changes and check if the entries were commented out in previous rootfile.
This is second time that I have used this approach so probably still worthwhile for
Peter to confirm I got it correct.
- Patch for amd family 19h removed as it is now included in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 5.9.11 to 5.9.12
- Update of rootfile
- Changelog
5.9.12
Vulnerabilities
Fixed a vulnerability in charon-tkm (the TKM-backed version of the charon IKE
daemon) related to processing DH public values that can lead to a buffer
overflow and potentially remote code execution. This vulnerability has been
registered as CVE-2023-41913. Please refer to our blog for details.
New Feature Additions
The new pki --ocsp command produces OCSP responses based on certificate status
information provided by implementations of the new ocsp_responder_t interface
(#1958).
Two sources are currently available, the openxpki plugin that directly
accesses the OpenXPKI database and the command's --index argument, which
reads certificate status information from OpenSSL-style index.txt files
(multiple CAs are supported concurrently).
The new cert-enroll script handles the initial enrollment of an X.509 host
certificate with a PKI server via the EST or SCEP protocols.
Run as a systemd timer or via a crontab entry, the script checks the
expiration date of the host certificate daily. When a given deadline is
reached, the host certificate is automatically renewed via EST or SCEP
re-enrollment based on the possession of the old private key and the
matching certificate.
Added a global option (charon.reject_trusted_end_entity) to prevent peers
from authenticating with certificates that are locally trusted, in
particular, our own local certificate, which safeguards against accidental
reuse of certificates on multiple peers. As the name suggests, all trusted
end-entity certificates are rejected if enabled, so peer certificates can't
be configured explicitly anymore (e.g. via remote.certs in swanctl.conf).
The --priv argument for charon-cmd allows the use of any type of private key
(previously, only RSA keys were supported).
The openssl plugin now supports the nameConstraints extension in X.509
certificates (#1990).
Support for nameConstraints of type iPAddress are now supported by the x509,
openssl and constraints plugins (#1991).
Support for encoding subjectAlternativeName extensions of type
uniformResourceIdentifier in X.509 certificates has been added via the uri:
prefix (e.g. for URNs, #1983).
Support for password-less PKCS#12 and PKCS#8 files has been added (#1955).
Enhancements and Optimizations
Because of a relatively recent NIAP requirement (TD0527, Test 8b), loading of
certificates with ECDSA keys that explicitly encode the curve parameters is
rejected if possible. Explicit encoding is pretty rare to begin with and
e.g. wolfSSL already rejects such keys, by default. All crypto plugins that
support ECDSA enforce this by rejecting such public keys, except when using
older versions of OpenSSL (< 1.1.1h) or Botan (< 3.2.0) (#1949).
Make the NetworkManager plugin (charon-nm) actually use the XFRM interface it
creates since 5.9.10. This involves setting interface IDs on SAs and
policies, and installing routes via the interface. To avoid routing loops if
the remote traffic selectors include the VPN server, IKE and ESP packets are
marked to bypass the routing table that contains the routes via XFRM
interface (69e0c11).
If available, the plugin now also adopts the interface name configured in
connection.interface-name in a *.nmconnection file as name for the XFRM
interface instead of generating one randomly (e8f8d32).
The resolve plugin tries to maintain the order of DNS servers it installs via
resolvconf or resolv.conf (6440975, 8238ad4).
The kernel-libipsec plugin now always installs routes to remote networks even
if no address is found in the local traffic selectors, which allows
forwarding traffic from networks the VPN host is not part of (190d8cb).
Increased the default receive buffer size for Netlink sockets to 8 MiB
(doubled by the kernel to account for overhead) and simplified the
configuration (no need for a separate option to force overriding rmem_max).
It's now also set for event sockets, which previously could cause issues on
hosts with e.g. lots of route changes (#1757).
When issuing certificates, the subjectKeyIdentifier of the issuing
certificate, if available, is now copied as authorityKeyIdentifier, instead
of always generating a SHA-1 hash of the issuer's subjectPublicKey
(#1992, 6941dcb).
Explicitly request permission to display notifications on Android 13+
(ddf84c1), also enabled hardware acceleration for the Android-specific
OpenSSL build.
Fixes
Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
unrelated traffic selectors (#1855).
Fixed an issue in watcher_t with handling errors on sockets (e.g. if the
receive buffer is full), which caused an infinite loop if poll() only
signaled POLLERR as event (#1757).
Fixed an issue in the IKE_SA_INIT tracking code that was added with 5.9.6,
which did not correctly untrack invalid messages with non-zero message IDs
or SPIs (0b47357).
Fixed a regression introduced with 5.9.8 when handling IKE redirects during
IKE_AUTH (595fa07).
Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs in
the kernel-netlink plugin, which prevented MOBIKE updates if a large
anti-replay window was used (#1967).
Fixed a race condition in the kernel-pfroute plugin when adding virtual IPs
if the TUN device is activated after the address was already added
internally, which caused the installed route not to go via TUN device in
order to force the virtual IP as source address (#1807).
Fixed an issue in libtls that could cause the wrong ECDH group to get
instantiated (b5e4bf4).
Fixed the encoding of the CHILD_SA_NOT_FOUND notify if a CHILD_SA is not
found during rekeying. It was previously empty, now contains the SPI and
sets the protocol to the values received in the REKEY_SA notify (849c2c9).
Fixed a possible issue with MOBIKE in the Android client on certain devices
(#1691).
For Developers
The new ocsp_responder_t interface can be implemented to provide certificate
status information to the pki --ocsp command. Responders can be
(un-)registered via the ocsp_responders_t instance at lib->ocsp.
For the watcher_t component, WATCHER_EXCEPT has been removed as there is no
way to explicitly listen for errors on sockets and poll() actually can
return POLLERR for any FD and it might even be the only signaled event
(which caused an infinite loop previously). Now we simply notify the
registered callbacks. The error is then reported by e.g. recvfrom(), which
was already the case before if POLLERR was returned together with
e.g. POLLIN.
The reqids allocated for CHILD_SAs (including trap policies) via
kernel_interface_t::alloc_reqid() are now refcounted. When recreating a
CHILD_SA, a reference to the reqid can be requested via
child_sa_t::get_reqid_ref(). If another reference is required afterwards,
one can be acquired directly via kernel_interface_t::ref_reqid(). Each
reference has to be released via kernel_interface_t::release_reqid(), whose
interface was simplified.
The testing environment is now based on Debian 12 (bookworm), by default.
Also, when copying files to guests, the guest-specific files are now copied
after the default files, which allows overriding files per guest (fixes an
issue with winnetou's /etc/fstab and mounting the test results).
Refer to the 5.9.12 milestone for a list of all closed issues and pull requests.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.8 to 2.9
- Update of rootfile
- Changelog
This file (NEWS) lists the most important changes to
the previous released version. For a full list of changes
please refer to the ChangeLog file.
New for version 2.9:
- Change Hardware Flow Control Default to No.
- Timestamping mode is now saved and restored.
- Split "Screen and Keyboard" menu into two menus.
- Update to gettext-0.21.
- Change return values of --help and --version to success.
- Support higher baud rates on MacOS
- Save character send delay to config file
- Save newline send delay to config file
- Update translations: Romanian, German, French, Norwegian/Bookmal, Polish,
Serbian, Swedish
- New translation: Georgian, Korean
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.2.0 to 1.2.3
- Update of rootfile
- Changelog
The meson changelog is defined only at the 1.2 level. So what changes are related in
going from 1.2.0 to 1.2.3 can not be determined.
The changes have to be reviewed from the 1.2 branch of commits
https://github.com/mesonbuild/meson/commits/1.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 5.4.4 to 5.4.6
- Update of rootfile
- Updated version number in shared library patch
- Changelog
5.4.6
read overflow in 'l_strcmp'. Reported by Xmilia Hermit on 09 Jun 2023. existed
since 5.0 (at least). fixed in github.
Call hook may be called twice when count hook yields. Reported by G.k Ray on
20 Jul 2023. existed since 5.4.0 (at least). fixed in github.
Wrong line number for function calls. Reported by Thadeu de Paula on 20 Aug 2023.
existed since 5.2. fixed in github.
5.4.5
Changing the signature of 'lua_resetthread' broke ABI. Reported by Andrew Gierth
on 29 Apr 2023. fixed in 5.4.6. fixed in github
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 5.4.0 to 5.4.5
- Update of rootfile
- Changelog
5.4.5 (2023-11-01)
* liblzma:
- Use __attribute__((__no_sanitize_address__)) to avoid address
sanitization with CRC64 CLMUL. It uses 16-byte-aligned reads
which can extend past the bounds of the input buffer and
inherently trigger address sanitization errors. This isn't
a bug.
- Fixed an assertion failure that could be triggered by a large
unpadded_size argument. It was verified that there was no
other bug than the assertion failure.
- Fixed a bug that prevented building with Windows Vista
threading when __attribute__((__constructor__)) is not
supported.
* xz now properly handles special files such as "con" or "nul" on
Windows. Before this fix, the following wrote "foo" to the
console and deleted the input file "con_xz":
echo foo | xz > con_xz
xz --suffix=_xz --decompress con_xz
* Build systems:
- Allow builds with Windows win95 threading and small mode when
__attribute__((__constructor__)) is supported.
- Added a new line to liblzma.pc for MSYS2 (Windows):
Cflags.private: -DLZMA_API_STATIC
When compiling code that will link against static liblzma,
the LZMA_API_STATIC macro needs to be defined on Windows.
- CMake specific changes:
* Fixed a bug that allowed CLOCK_MONOTONIC to be used even
if the check for it failed.
* Fixed a bug where configuring CMake multiple times
resulted in HAVE_CLOCK_GETTIME and HAVE_CLOCK_MONOTONIC
not being set.
* Fixed the build with MinGW-w64-based Clang/LLVM 17.
llvm-windres now has more accurate GNU windres emulation
so the GNU windres workaround from 5.4.1 is needed with
llvm-windres version 17 too.
* The import library on Windows is now properly named
"liblzma.dll.a" instead of "libliblzma.dll.a"
* Fixed a bug causing the Ninja Generator to fail on
UNIX-like systems. This bug was introduced in 5.4.0.
* Added a new option to disable CLMUL CRC64.
* A module-definition (.def) file is now created when
building liblzma.dll with MinGW-w64.
* The pkg-config liblzma.pc file is now installed on all
builds except when using MSVC on Windows.
* Added large file support by default for platforms that
need it to handle files larger than 2 GiB. This includes
MinGW-w64, even 64-bit builds.
* Small fixes and improvements to the tests.
* Updated translations: Chinese (simplified) and Esperanto.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 015 to 017
- Update of rootfile
- Changelog
017
lsusb: fix up [unknown] vendor and product strings.
lsusb: fix build warning for dump_billboard_alt_mode_capability_desc()
lsusb: add fallback names for 'lsusb -v' output
names: simplify get_vendor_product_with_fallback() a bit
Honor system libdir and includedir
016
usbutils: lsusb-t: print entries for devices with no interfaces
Fix a typo in usb-spec.h
lsusb.py.in: Display (device) power/wakeup via -w option.
Fix an incorrect length value in hid descriptor.
Fix misalignments in hid device descripptor.
Use bigger buffer to place speed value string
lsusb -h returns an error
lsusb -h fixups
lsusb -t: sort in bus order, not reverse order
lsusb -t: print ports and busses and devices with same width
lsusb -t: assign_interface_to_parent() fixups
lsusb.8.in: fix up missing '-' in text
README.md: add source location
lsusb.py: fix up wakeup logic for devices that do not support it
lsusb.py.in: add another default path for usb.ids
names.c: if a string can not be found in the usb.ids file, return [unknown]
lsusb-t: if a driver is not bound to an interface, report "[none]"
Generate usbutils.pc pkgconfig file
usbreset: Allow idProduct and idVendor to be 0
usb-devices: make shellcheck happy
lsusb: Add function that sorts the output by device ID.
lsusb: Additional sorting by bus number.
lsusb: This is a more compact implementation of the device list sort implemented
within this pull request. The output remains the same as the one demonstrated in
the previous commit.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.9.14p2 to 1.9.15p2
- Update of rootfile
- Changelog
1.9.15p2
* Fixed a bug on BSD systems where sudo would not restore the
terminal settings on exit if the terminal had parity enabled.
GitHub issue #326.
1.9.15p1
* Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
sudoers from being able to read the ldap.conf file.
GitHub issue #325.
1.9.15
* Fixed an undefined symbol problem on older versions of macOS
when "intercept" or "log_subcmds" are enabled in sudoers.
GitHub issue #276.
* Fixed "make check" failure related to getpwent(3) wrapping
on NetBSD.
* Fixed the warning message for "sudo -l command" when the command
is not permitted. There was a missing space between "list" and
the actual command due to changes in sudo 1.9.14.
* Fixed a bug where output could go to the wrong terminal if
"use_pty" is enabled (the default) and the standard input, output
or error is redirected to a different terminal. Bug #1056.
* The visudo utility will no longer create an empty file when the
specified sudoers file does not exist and the user exits the
editor without making any changes. GitHub issue #294.
* The AIX and Solaris sudo packages on www.sudo.ws now support
"log_subcmds" and "intercept" with both 32-bit and 64-bit
binaries. Previously, they only worked when running binaries
with the same word size as the sudo binary. GitHub issue #289.
* The sudoers source is now logged in the JSON event log. This
makes it possible to tell which rule resulted in a match.
* Running "sudo -ll command" now produces verbose output that
includes matching rule as well as the path to the sudoers file
the matching rule came from. For LDAP sudoers, the name of the
matching sudoRole is printed instead.
* The embedded copy of zlib has been updated to version 1.3.
* The sudoers plugin has been modified to make it more resilient
to ROWHAMMER attacks on authentication and policy matching.
This addresses CVE-2023-42465.
* The sudoers plugin now constructs the user time stamp file path
name using the user-ID instead of the user name. This avoids a
potential problem with user names that contain a path separator
('/') being interpreted as part of the path name. A similar
issue in sudo-rs has been assigned CVE-2023-42456.
* A path separator ('/') in a user, group or host name is now
replaced with an underbar character ('_') when expanding escapes
in @include and @includedir directives as well as the "iolog_file"
and "iolog_dir" sudoers Default settings.
* The "intercept_verify" sudoers option is now only applied when
the "intercept" option is set in sudoers. Previously, it was
also applied when "log_subcmds" was enabled. Sudo 1.9.14
contained an incorrect fix for this. Bug #1058.
* Changes to terminal settings are now performed atomically, where
possible. If the command is being run in a pseudo-terminal and
the user's terminal is already in raw mode, sudo will not change
the user's terminal settings. This prevents concurrent sudo
processes from restoring the terminal settings to the wrong values.
GitHub issue #312.
* Reverted a change from sudo 1.9.4 that resulted in PAM session
modules being called with the environment of the command to be
run instead of the environment of the invoking user.
GitHub issue #318.
* New Indonesian translation from translationproject.org.
* The sudo_logsrvd server will now raise its open file descriptor
limit to the maximum allowed value when it starts up. Each
connection can require up to nine open file descriptors so the
default soft limit may be too low.
* Better log message when rejecting a command if the "intercept"
option is enabled and the "intercept_allow_setid" option is
disabled. Previously, "command not allowed" would be logged and
the user had no way of knowing what the actual problem was.
* Sudo will now log the invoking user's environment as "submitenv"
in the JSON logs. The command's environment ("runenv") is no
longer logged for commands rejected by the sudoers file or an
approval plugin.
1.9.14p3
* Fixed a crash with Python 3.12 when the sudo Python plugin is
unloaded. This only affects "make check" for the Python plugin.
* Adapted the sudo Python plugin test output to match Python 3.12.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.28.3 to 2.28.5
- Update of rootfile
- Changelog
2.28.5
This is a stable bugfix release, with the following changes:
Added support for the HP HyperX Clutch Gladiate controller
Fixed a crash if a controller is disconnected while SDL is opening it
Fixed a crash on Linux if XInput2 isn't available at runtime
2.28.4
This is a stable bugfix release, with the following changes:
Enable clipping for zero sized rectangles in the SDL renderer
Notify X11 clipboard managers when the clipboard changes
Fixed sensor timestamps for third-party PS5 controllers
Added detection for Logitech and Simagic racing wheels
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.8.0 to 2.8.1
- Update of rootfile
- Disable creating docs i9n configure statement
- Changelog is too large to include here (~500 lines). For more details read the NEWS.adoc
file in thye source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.189 to 0.190
- Update of rootfile
- Changelog
0.190
CONTRIBUTING: Switch from real name policy to known identity policy.
Updated ChangeLog policy (no more separate ChangeLog files).
There is a SECURITY bug policy now.
The default branch is now 'main'.
libelf: Add RELR support.
libdw: Recognize .debug_[ct]u_index sections
readelf: Support readelf -Ds, --use-dynamic --symbol.
Support .gdb_index version 9
scrlines: New tool that compiles a list of source files associated
with a specified dwarf/elf file.
debuginfod: Schema change (reindexing required, sorry!) for a 60%
compression in filename representation, which was a large
part of the sqlite index; also, more deliberate sqlite
-wal management during scanning using the
--scan-checkpoint option.
backends: Various LoongArch updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 8.1.1 to 8.2.2
- Update of rootfile
- Changelog
8.2.2
- Fix regression from 8.1.0 in shaping fonts with duplicate feature tags.
- Fix regression from 8.2.0 in parsing CSS-style feature strings.
- Variable fonts instanciation now handles more tables.
- Various CMake build improvements.
- various fixes to build without errors with gcc 4.9.2.
8.2.1
- Unicode 15.1 support.
8.2.0
- Various build and fuzzing fixes
- Improvements to COLRv1 painting.
- New API:
+hb_paint_color_glyph_func_t
+hb_paint_funcs_set_color_glyph_func
+hb_paint_color_glyph
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 10.01.2 to 10.02.1
- Update of rootfile
- Changelog - these are highlights. For more details the git commits have to be used.
10.02.1
release fixes CVE-2023-43115.
CVE-2023-43115 affects all Ghostscript/GhostPDL versions prior to 10.02.0.
CVE-2023-43115 is a remote code execution risk, so we recommend upgrading to
version 10.02.0 as a matter of urgency
10.02.0
release fixes CVE-2023-43115.
CVE-2023-43115 affects all Ghostscript/GhostPDL versions prior to 10.02.0.
CVE-2023-43115 is a remote code execution risk, so we recommend upgrading to
version 10.02.0 as a matter of urgency
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 5.2.2 to 5.3.0
- Update of rootfile
- Changelog
5.3.0
1. Infrastructure changes: Removed the use of libsigsegv. The
value-add was never very much and it caused problems in some
environments.
2. In keeping with new features in BWK awk, gawk now has built-in
CSV file parsing. The behavior is intended to be identical to
that of the "One True AWK" when --csv is applied. See the
manual for details.
3. Also in keeping with BWK awk, gawk now supports a new \u escape
sequence. This should be followed by 1-8 hexadecimal digits. The
given code point is converted to its corresponding multibyte encoding
for storage inside gawk. See the manual.
4. If PROCINFO["BUFFERPIPE"] exists, then pipe output is buffered.
You can also use PROCINFO["command", "BUFFERPIPE"]. See the manual
for details.
5. Because of the additional `do_csv' variable in the API, which breaks
binary compatibility, the API major version was updated to 4 and
the minor version was reset to zero. The API remains source code
compatible; that is, existing extensions should only require recompilation.
6. The manual now requires Texinfo 7.1 and its texinfo.tex for formatting.
As a result, we no longer need to pre-process it, removing the need
for gawktexi.in and leaving just gawk.texi.
7. And of course, there have been several minor code cleanups and bug fixes.
See the ChangeLog for details.
5.2.x
1. The readdir extension has been updated with additonal code and
features, see the manual or its man page. As a result, the
readdir_test.c extension has been removed.
2. We have a new translation: Ukranian.
3. Several subtle issues related to null regexp matches around
multibyte characters have been fixed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
For details see:
https://blog.clamav.net/2023/10/clamav-121-113-104-010311-patch.html
Excerpt:
"ClamAV 1.2.1 is a patch release with the following fixes:
Eliminate security warning about unused "atty" dependency.
Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.
Build system: Fix link error with Clang/LLVM/LLD version 17. Patch courtesy of Yasuhiro Kimura.
Fix alert-exceeds-max feature for files > 2GB and < max-filesize."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
This will affect new IPFire installations only, implementing a
long-standing BCP for preemptively combating botnet spam. Reject is
chosen over drop to reduce the likelihood for confusion during network
troubleshooting.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 11.5.0 to 11.6.1
- Update of rootfile
- Changelog
11.6.1: release
* Fix a logic error introduced in 11.6.0 in the fix to
copyForeignObject. The bug could result in some pages not being
copied.
11.6.0: release
* ascii85 parser: ignore spaces everywhere including between ~
and >. Fixes#973.
* Bug fix: with --pages, if one of the external files had warnings
but the main file did not, the warning was previously not taken
into consideration when determining the exit status.
* Put quotation marks around the command in completion output to
better handle spaces in paths. It is not a perfect fix (ideally,
full shell-compatible quoting should be used), but it handles more
cases than the old code and should handle all reasonable cases of
qpdf being in a directory with a space in its name, which is
common in Windows. Fixes#1021.
* Move check for random number device to runtime instead of
compile time. Since, by default, the crypto provider provides
random numbers, runtime determination of a random number device is
usually not needed. Fixes#1022.
* Maintain links to foreign pages when copying foreign objects.
This allows hyperlinks in imported files to work. Fixes#1003.
* Bug fix: Return a null object if an attempt is made to to copy a
foreign /Pages object with copyForeignObject. This corrects a
possible crash. Fixes#1010.
* Bug fix: Return a null object if an attempt is made to to copy a
foreign /Pages object with copyForeignObject. Fixes#1003.
* Add /MediaBox to a page if absent. Thanks M. Holger.
* Use std::vector internally for Pl_Buffer to
avoid incompatibility with C++20. Thanks to Zoe Clifford. Fixes#1024.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.6 to 1.7
- This project had little happen to it for 5 years but is now going again
https://jqlang.github.io/jq/
- Update of rootfile
- Changelog
1.7
After a five year hiatus we're back with a GitHub organization, with new admins
and new maintainers who have brought a great deal of energy to make a
long-awaited and long-needed new release. We're very grateful for all the new
owners, admins, and maintainers. Special thanks go to Owen Ou (@owenthereal)
for pushing to set up a new GitHub organization for jq, Stephen Dolan (@stedolan)
for transferring the jq repository to the new organization, @itchyny for doing a
great deal of work to get the release done, Mattias Wadman (@wader) and Emanuele
Torre (@emanuele6) for many PRs and code reviews. Many others also contributed
PRs, issues, and code reviews as well, and you can find their contributions in
the Git log and on the [closed issues and PRs page]
(https://github.com/jqlang/jq/issues?q=is%3Aclosed+sort%3Aupdated-desc).
Since the last stable release many things have happened:
- jq now lives at <https://github.com/jqlang>
- New maintainers, admins, and owners have been recruited.
- A list of [current maintainers](https://github.com/jqlang/jq/blob/jq-1.7/AUTHORS#L4-L14)
- NEWS file is replaced by NEWS.md with Markdown format. @wader #2599
- CI, scan builds, release, website builds etc now use GitHub actions. @owenthereal @wader @itchyny #2596#2603#2620#2723
- Lots of documentation improvements and fixes.
- Website updated with new section search box, better section ids for linking, dark mode, etc. @itchyny #2628
- Release builds for:
- Linux `amd64`, `arm64`, `armel`, `armhf`, `i386`, `mips`, `mips64`, `mips64el`, `mips64r6`, `mips64r6el`, `mipsel`, `mipsr6`, `mipsr6el`, `powerpc`, `ppc64el`, `riscv64` and `s390x`
- macOS `amd64` and `arm64`
- Windows `i386` and `amd64`
- Docker `linux/386`, `linux/amd64`, `linux/arm64`, `linux/mips64le`, `linux/ppc64le`, `linux/riscv64` and `linux/s390x`
- More details see @owenthereal #2665
- Docker images are now available from `ghcr.io/jqlang/jq` instead of Docker Hub. @itchyny #2652#2686
- OSS-fuzz. @DavidKorczynski #2760#2762
Full commit log can be found at <https://github.com/jqlang/jq/compare/jq-1.6...jq-1.7> but here are some highlights:
CLI changes
- Make object key color configurable using `JQ_COLORS` environment variable. @itchyny @haguenau @ericpruitt #2703
- Change the default color of null to Bright Black. @itchyny #2824
- Respect `NO_COLOR` environment variable to disable color output. See <https://no-color.org> for details. @itchyny #2728
- Improved `--help` output. Now mentions all options and nicer order. @itchyny @wader #2747#2766#2799
- Fix multiple issues of exit code using `--exit-code`/`-e` option. @ryo1kato #1697
- Add `--binary`/`-b` on Windows for binary output. To get `\n` instead of `\r\n` line endings. @nicowilliams 0dab2b1
- Add `--raw-output0` for NUL (zero byte) separated output. @asottile @pabs3 @itchyny #1990#2235#2684
- Fix assert crash and validate JSON for `--jsonarg`. @wader #2658
- Remove deprecated `--argfile` option. @itchyny #2768
- Enable stack protection. @nicowilliams #2801
Language changes
- Use decimal number literals to preserve precision. Comparison operations respects precision but arithmetic operations might truncate. @leonid-s-usov #1752
- Adds new builtin `pick(stream)` to emit a projection of the input object or array. @pkoppstein #2656#2779
- Adds new builtin `debug(msgs)` that works like `debug` but applies a filter on the input before writing to stderr. @pkoppstein #2710
- Adds new builtin `scan($re; $flags)`. Was documented but not implemented. @itchyny #1961
- Adds new builtin `abs` to get absolute value. This potentially allows the literal value of numbers to be preserved as `length` and `fabs` convert to float. @pkoppstein #2767
- Allow `if` without `else`-branch. When skipped the `else`-branch will be `.` (identity). @chancez @wader #1825#2481
- Allow use of `$binding` as key in object literals. @nicowilliams 8ea4a55
- Allow dot between chained indexes when using `.["index"]` @nicowilliams #1168
- Allow dot for chained value iterator `.[]`, `.[]?` @wader #2650
- Fix try/catch catches more than it should. @nicowilliams #2750
- Speed up and refactor some builtins, also remove `scalars_or_empty/0`. @muhmuhten #1845
- Now `halt` and `halt_error` exit immediately instead of continuing to the next input. @emanuele6 #2667
- Fix issue converting string to number after previous convert error. @thalman #2400
- Fix issue representing large numbers on some platforms causing invalid JSON output. @itchyny #2661
- Fix deletion using assigning empty against arrays. @itchyny #2133
- Allow keywords to be used as binding name in more places. @emanuele6 #2681
- Allow using `nan` as NaN in JSON. @emanuele6 #2712
- Expose a module's function names in `modulemeta`. @mrwilson #2837
- Fix `contains/1` to handle strings with NUL. @nicowilliams 61cd6db
- Fix `stderr/0` to output raw text without any decoration. @itchyny #2751
- Fix `nth/2` to emit empty on index out of range. @itchyny #2674
- Fix `implode` to not assert and instead replace invalid unicode codepoints. @wader #2646
- Fix `indices/1` and `rindex/1` in case of overlapping matches in strings. @emanuele6 #2718
- Fix `sub/3` to resolve issues involving global search-and-replace (gsub) operations. @pkoppstein #2641
- Fix `significand/0`, `gamma/0` and `drem/2` to be available on macOS. @itchyny #2756#2775
- Fix empty regular expression matches. @itchyny #2677
- Fix overflow exception of the modulo operator. @itchyny #2629
- Fix string multiplication by 0 (and less than 1) to emit empty string. @itchyny #2142
- Fix segfault when using libjq and threads. @thalman #2546
- Fix constant folding of division and reminder with zero divisor. @itchyny #2797
- Fix `error/0`, `error/1` to throw null error. @emanuele6 #2823
- Simpler and faster `transpose`. @pkoppstein #2758
- Simple and efficient implementation of `walk/1`. @pkoppstein #2795
- Remove deprecated filters `leaf_paths`, `recurse_down`. @itchyny #2666
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.14.6 to 1.14.10
- Update of rootfile
- Changelog
dbus 1.14.10 (2023-09-01)
Bug fixes:
• Avoid a dbus-daemon crash if re-creating a connection's policy fails.
If it isn't possible to re-create its policy (for example if it belongs
to a user account that has been deleted or if the Name Service Switch is
broken, on a system not supporting SO_PEERGROUPS), we now log a warning,
continue to use its current policy, and continue to reload other
connections' policies. (dbus#343; Peter Benie, Simon McVittie)
• If getting the groups from a user ID fails, report the error correctly,
instead of logging "(null)" (dbus#343, Simon McVittie)
• Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs
field for processes with a valid-but-empty supplementary group list
(dbus!422, cptpcrd)
dbus 1.14.8 (2023-06-06)
Denial-of-service fixes:
• Fix an assertion failure in dbus-daemon when a privileged Monitoring
connection (dbus-monitor, busctl monitor, gdbus monitor or similar)
is active, and a message from the bus driver cannot be delivered to a
client connection due to <deny> rules or outgoing message quota. This
is a denial of service if triggered maliciously by a local attacker.
(dbus#457; hongjinghao, Simon McVittie)
Other fixes:
• Fix compilation on compilers not supporting __FUNCTION__
(dbus!404, Barnabás Pőcze)
• Fix some memory leaks on out-of-memory conditions
(dbus!403, Barnabás Pőcze)
• Documentation:
· Fix syntax of a code sample in dbus-api-design
(dbus!396; Yen-Chin, Lee)
Tests and CI enhancements:
• Fix CI pipelines after freedesktop/freedesktop#540
(dbus!405, dbus#456; Simon McVittie)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
