mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-21 16:32:59 +02:00
2a0d7a03d7df63806dc37b93ea10a93c2da4e4ea
3414 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
416f317376 |
openssl: Fix for Bug#13117 - adds legacy option in for openssl extraction of cert & key
- OpenSSL-3.x gives an error when trying to open insecure .p12 files to extract the cert and key for the insecure package download option. - To make this work the -legacy option is needed in the openssl command, which requires the legacy.so library to be available. - Successfully tested on a vm system. - Patch set built on Master (CU175 Testing) Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
18bece0edb |
web-user-interface: Addition of new icon for secure connection certificate download
- This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png - The license for this image is the following:- This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See version 2.1 and version 3 of the GNU Lesser General Public License for more details. - Based on the above license I believe it can be used by IPFire covered by the GNU General Public License that is used for it. - The icon image was made by taking the existing openvpn.png file and superimposing the padlock icon on top of it at a 12x12 pixel format and naming it openvpn_encrypted.png Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
f9e2cd1c0b |
wio: add references to wio cgi and image files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
b6b59014a3 |
wio: add reference to wio menu
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
Peter Müller
|
e8a73cfe94 |
initscripts: Remove re-added lvmetad initscript from rootfiles
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
Jonatan Schlag
|
3a96d482f6 |
initscripts: Sort rootfiles
This simply sorts the rootfiles. Everything should be sorted :-). Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
0a54896b20 |
python3-pkgconfig: Identified that this module is only required as a build time dependency
- Moved rootfile from common to packages and commented out all entries. - Updated lfs file from addon to core package that is only used for build Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
e6cfa25714 |
python3-flit_scm: Fixes Bug#13076 - Build time dependency for python3-exceptiongroup
Fixes: Bug#13076 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
Arne Fitzenreiter
|
6a005bd9aa |
kernel: update to 6.1.28
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Peter Müller
|
ccd793b360 |
linux: Update rootfiles
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
133b2ae6bb |
libcap: Adjust the lfs file to place pkg-config files in the correct place
- libcap places the files by default in /lib and not /usr/lib etc. To fix this libcap made a symlink for the library file from /lib to /usr/lib. However the .pc files were left in /lib/pkgconfig and not /usr/lib/pkgconfig and were therefore not found by the update of rng-tools which now required libcap to be found. - Changed the prefix settings for libcap which placed the libraries and .pc files in the correct locations while keeping the executables in their existing location. - This removed the need for symlinking /usr/lib/libcap.so to /lib/libcap.so.2.67 as the libraries are now placed in /usr/lib - Installed the ipfire build with these changes into a vm system and confirmed that everything worked. Input from Michael Tremer that if ping worked then libcap was functioning correctly. - The prefixes have to be applied to both make and make install to end up with the files in the correct places. Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
0921556c85 |
initscripts: removal of lvmetad initscript
- With the last update of lvm2 lvmetad was removed from lvm2. I did not recognise that lvmetad had been setup as an automatic initscript, so it no longer works as the binary is no longer provided. - This patch removes the lvmetad initscript, the reference to lvmetad in the initscript lfs file and the lvmetad initscript entries in the rootfile for each architecture. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Matthias Fischer
|
cb251d2fbb |
bind: Update to 9.16.40
For details see: https://downloads.isc.org/isc/bind9/9.16.40/doc/arm/html/notes.html#notes-for-bind-9-16-40 "Notes for BIND 9.16.40 Bug Fixes Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. [GL #3959] [GL #3991] Performance of DNSSEC validation in zones with many DNSKEY records has been improved. [GL #3981]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Adolf Belka
|
51c7cfed81 |
zstd: Update to version 1.5.5
- Update from version 1.5.4 to 1.5.5
- Update of rootfile
- Changelog
v1.5.5 (Apr 2023)
fix: fix rare corruption bug affecting the high compression mode, reported by @danlark1 (#3517, @terrelln)
perf: improve mid-level compression speed (#3529, #3533, #3543, @yoniko and #3552, @terrelln)
lib: deprecated bufferless block-level API (#3534) by @terrelln
cli: mmap large dictionaries to save memory, by @daniellerozenblit
cli: improve speed of --patch-from mode (~+50%) (#3545) by @daniellerozenblit
cli: improve i/o speed (~+10%) when processing lots of small files (#3479) by @felixhandte
cli: zstd no longer crashes when requested to write into write-protected directory (#3541) by @felixhandte
cli: fix decompression into block device using -o, reported by @georgmu (#3583)
build: fix zstd CLI compiled with lzma support but not zlib support (#3494) by @Hello71
build: fix cmake does no longer require 3.18 as minimum version (#3510) by @kou
build: fix MSVC+ClangCL linking issue (#3569) by @tru
build: fix zstd-dll, version of zstd CLI that links to the dynamic library (#3496) by @yoniko
build: fix MSVC warnings (#3495) by @embg
doc: updated zstd specification to clarify corner cases, by @Cyan4973
doc: document how to create fat binaries for macos (#3568) by @rickmark
misc: improve seekable format ingestion speed (~+100%) for very small chunk sizes (#3544) by @Cyan4973
misc: tests/fullbench can benchmark multiple files (#3516) by @dloidolt
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
|
||
|
Adolf Belka
|
84c21e12ec |
lvm2: Update to version 2.03.21
- Update from version 2.02.188 to 2.03.21
- Update of rootfile
- Changelog
version 2.03.21 - 21st April 2023
Fix activation of vdo-pool for with 0 length headers (converted pools).
Avoid printing internal init messages when creation integration devices.
Allow (write)cache over raid+integrity LV.
version 2.03.20 - 21st March 2023
Fix segfault if using -S|--select with log/report_command_log=1 setting.
Configure now fails when requested lvmlockd dependencies are missing.
Add some configure Gentoo enhancements for static builds.
version 2.03.19 - 21st February 2023
Configure supports --with-systemd-run executed from udev rules.
Enhancement for build with MuslC systemd and non-bash system shells (dash).
Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices.
Ensure udev is processing origin LV before its thick snapshots LVs.
Fix and improve runtime memory size detection for VDO volumes.
version 2.03.18 - 22nd December 2022
Fix issues reported by coverity scan.
Fix warning for thin pool overprovisioning on lvextend (2.03.17).
Add support for writecache metadata_only and pause_writeback settings.
Fix missing error messages in lvmdbusd.
Version 2.03.17 - 10th November 2022
Add new options (--fs, --fsmode) for FS handling when resizing LVs.
Fix 'lvremove -S|--select LV' to not also remove its historical LV right away.
Fix lv_active field type to binary so --select and --binary applies properly.
Switch to use mallinfo2 and use it only with glibc.
Error out in lvm shell if using a cmd argument not supported in the shell.
Fix lvm shell's lastlog command to report previous pre-command failures.
Extend VDO and VDOPOOL without flushing and locking fs.
Add --valuesonly option to lvmconfig to print only values without keys.
Updates configure with recent autoconf tooling.
Fix lvconvert --test --type vdo-pool execution.
Add json_std output format for more JSON standard compliant version of output.
Fix vdo_slab_size_mb value for converted VDO volume.
Fix many corner cases in device_id, including handling of S/N duplicates.
Fix various issues in lvmdbusd.
Version 2.03.16 - 18th May 2022
Fix segfault when handling selection with historical LVs.
Add support --vdosettings with lvcreate, lvconvert, lvchange.
Filtering multipath devices respects blacklist setting from multipath
configuration.
lvmdevices support for removing by device id using --deviceidtype and
--deldev.
Display writecache block size with lvs -o writecache_block_size.
Improve cachesettings description in man lvmcache.
Fix lossing of delete message on thin-pool extension.
Version 2.03.15 - 07th February 2022
Remove service based autoactivation. global/event_activation = 0 is NOOP.
Improve support for metadata profiles for --type writecache.
Use cache or active DM device when available with new kernels.
Introduce function to utilize UUIDs from DM_DEVICE_LIST.
Increase some hash table size to better support large device sets.
Version 2.03.14 - 20th October 2021
Device scanning is skipping directories on different filesystems.
Print info message with too many or too large archived files.
Reduce metadata readings during scanning phase.
Optimize computation of crc32 check sum with multiple PVs.
Enhance recover path on cache creation failure.
Filter out unsupported MQ/SMQ cache policy setting.
Fix memleak in mpath filter.
Support newer location for VDO statistics.
Add support for VDO async-unsafe write policy.
Improve lvm_import_vdo script.
Support VDO LV with lvcreate -ky.
Fix lvconvert for VDO LV bigger then 2T.
Create VDO LVs automatically without zeroing.
Rename vdoimport to lvm_import_vdo.
Version 2.03.13 - 11th August 2021
Changes in udev support:
- obtain_device_list_from_udev defaults to 0.
- see devices/external_device_info_source,
devices/obtain_device_list_from_udev, and devices/multipath_wwids_file help
in lvm.conf
Fix devices file handling of loop with deleted backing file.
Fix devices file handling of scsi_debug WWIDs.
Fix many static analysis issues.
Support --poolmetadataspare with vgsplit and vgmerge.
Fix detection of active components of external origin volume.
Add vdoimport tool to support conversion of VDO volumes.
Support configurable allocation/vdo_pool_header_size.
Fix handling of lvconvert --type vdo-pool --virtualsize.
Simplified handling of archive() and backup() internal calls.
Add 'idm' locking type for IDM lock manager.
Fix load of kvdo target when it is not present in memory (2.03.12).
Version 2.03.12 - 07th May 2021
Allow attaching cache to thin data volume.
Fix memleak when generating list of outdated pvs.
Better hyphenation usage in man pages.
Replace use of deprecated security_context_t with char*.
Configure supports AIO_LIBS and AIO_CFLAGS.
Improve build process for static builds.
New --setautoactivation option to modify LV or VG auto activation.
New metadata based autoactivation property for LVs and VGs.
Improve signal handling with lvmpolld.
Signal handler can interrupt command also for SIGTERM.
Lvreduce --yes support.
Add configure option --with/out-symvers for non-glibc builds.
Report error when the filesystem is missing on fsadm resized volume.
Handle better blockdev with --getsize64 support for fsadm.
Do not include editline/history.h when using editline library.
Support error and zero segtype for thin-pool data for testing.
Support mixed extension for striped, error and zero segtypes.
Support resize also for stacked virtual volumes.
Skip dm-zero devices just like with dm-error target.
Reduce ioctl() calls when checking target status.
Merge polling does not fail, when LV is found to be already merged.
Poll volumes with at least 100ms delays.
Do not flush dm cache when cached LV is going to be removed.
New lvmlockctl_kill_command configuration option.
Support interruption while waiting on device close before deactivation.
Flush thin-pool messages before removing more thin volumes.
Improve hash function with less collisions and make it faster.
Reduce ioctl count when deactivating volumes.
Reduce number of metadata parsing.
Enhance performance of lvremove and vgremove commands.
Support interruption when taking archive and backup.
Accelerate large lvremoves.
Speedup search for cached device nodes.
Speedup command initialization.
Add devices file feature, off by default for now.
Support extension of writecached volumes.
Fix problem with unbound variable usage within fsadm.
Fix IMSM MD RAID detection on 4k devices.
Check for presence of VDO target before starting any conversion.
Support metatadata profiles with volume VDO pool conversions.
Support -Zn for conversion of already formated VDO pools.
Avoid removing LVs on error path of lvconvert during creation volumes.
Fix crashing lvdisplay when thin volume was waiting for merge.
Support option --errorwhenfull when converting volume to thin-pool.
Improve thin-performance profile support conversion to thin-pool.
Add workaround to avoid read of internal 'converted' devices.
Prohibit merging snapshot into the read-only thick snapshot origin.
Restore support for flipping rw/r permissions for thin snapshot origin.
Support resize of cached volumes.
Disable autoactivation with global/event_activation=0.
Check if lvcreate passes read_only_volume_list with tags and skips zeroing.
Allocation prints better error when metadata cannot fit on a single PV.
Pvmove can better resolve full thin-pool tree move.
Limit pool metadata spare to 16GiB.
Improves conversion and allocation of pool metadata.
Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0.
Enhance lvdisplay to report raid available/partial.
Support online rename of VDO pools.
Improve removal of pmspare when last pool is removed.
Fix problem with wiping of converted LVs.
Fix memleak in scanning (2.03.11).
Fix corner case allocation for thin-pools.
Version 2.03.11 - 08th January 2021
Fix pvck handling MDA at offset different from 4096.
Partial or degraded activation of writecache is not allowed.
Enhance error handling for fsadm and handle correct fsck result.
Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values.
Support using BLKZEROOUT for clearing devices.
Support interruption when wipping LVs.
Support interruption for bcache waiting.
Fix bcache when device has too many failing writes.
Fix bcache waiting for IO completion with failing disks.
Configure use own python path name order to prefer using python3.
Add configure --enable-editline support as an alternative to readline.
Enhance reporting and error handling when creating thin volumes.
Enable vgsplit for VDO volumes.
Lvextend of vdo pool volumes ensure at least 1 new VDO slab is added.
Use revert_lv() on reload error path after vg_revert().
Configure --with-integrity enabled.
Restore lost signal blocking while VG lock is held.
Improve estimation of needed extents when creating thin-pool.
Use extra 1% when resizing thin-pool metadata LV with --use-policy.
Enhance --use-policy percentage rounding.
Configure --with-vdo and --with-writecache as internal segments.
Improving VDO man page examples.
Allow pvmove of writecache origin.
Report integrity fields.
Integrity volumes defaults to journal mode.
Switch code base to use flexible array syntax.
Fix 64bit math when calculation cachevol size.
Preserve uint32_t for seqno handling.
Switch from mmap to plain read when loading regular files.
Update lvmvdo man page and better explain DISCARD usage.
Version 2.03.10 - 09th August 2020
Add writecache and integrity support to lvmdbusd.
Generate unique cachevol name when default required from lvcreate.
Converting RAID1 volume to one with same number of legs now succeeds with a
warning.
Fix conversion to raid from striped lagging type.
Fix conversion to 'mirrored' mirror log with larger regionsize.
Zero pool metadata on allocation (disable with allocation/zero_metadata=0).
Failure in zeroing or wiping will fail command (bypass with -Zn, -Wn).
Add lvcreate of new cache or writecache lv with single command.
Fix running out of free buffers for async writing for larger writes.
Add integrity with raid capability.
Fix support for lvconvert --repair used by foreign apps (i.e. Docker).
Version 2.03.09 - 26th March 2020
Fix formatting of vdopool (vdo_slab_size_mb was smaller by 2 bits).
Fix showing of a dm kernel error when uncaching a volume with cachevol.
Version 2.03.08 - 11th February 2020
Prevent problematic snapshots of writecache volumes.
Add error handling for failing allocation in _reserve_area().
Fix memleak in syncing of internal cache.
Fix pvck dump_current_text memleak.
Fix lvmlockd result code on error path for _query_lock_lv().
Update pvck man page and help output.
Reject invalid writecache high/low_watermark setting.
Report writecache status.
Accept more output lines from vdo_format.
Prohibit reshaping of stacked raid LVs.
Avoid running cache input arg validation when creating vdo pool.
Prevent raid reshaping of stacked volumes.
Added VDO lvmdbusd methods for enable/disable compression & dedupe.
Added VDO lvmdbusd method for converting LV to VDO pool.
Version 2.03.07 - 30th November 2019
Subcommand in vgck for repairing headers and metadata.
Ensure minimum required region size on striped RaidLV creation.
Fix resize of thin-pool with data and metadata of different segtype.
Improve mirror type leg splitting.
Improve error path handling in daemons on shutdown.
Fix activation order when removing merged snapshot.
Experimental VDO support for lvmdbusd.
Version 2.03.06 - 23rd October 2019
Add _cpool suffix to cache-pool LV name when used by caching LV.
No longer store extra UUID for cmeta and cdata cachevol layer.
Enhance activation of cache devices with cachevols.
Add _cvol in list of protected suffixes and start use it with DM UUID.
Rename LV converted to cachevol to use _cvol suffix.
Use normal LVs for wiping of cachevols.
Reload cleanered cache DM only with cleaner policy.
Fix cmd return when zeroing of cachevol fails.
Extend lvs to show all VDO properties.
Preserve VDO write policy with vdopool.
Increase default vdo bio threads to 4.
Continue report when cache_status fails.
Add support for DM_DEVICE_GET_TARGET_VERSION into device_mapper.
Fix cmirrord usage of header files from device_mapper subdir.
Allow standalone activation of VDO pool just like for thin-pools.
Activate thin-pool layered volume as 'read-only' device.
Ignore crypto devices with UUID signature CRYPT-SUBDEV.
Enhance validation for thin and cache pool conversion and swapping.
Improve internal removal of cached devices.
Synchronize with udev when dropping snapshot.
Add missing device synchronization point before removing pvmove node.
Correctly set read_ahead for LVs when pvmove is finished.
Remove unsupported OPTIONS+="event_timeout" udev rule from 11-dm-lvm.rules.
Prevent creating VGs with PVs with different logical block sizes.
Fix metadata writes from corrupting with large physical block size.
Version 2.03.05 - 15th June 2019
Fix command definition for pvchange -a.
Add vgck --updatemetadata command that will repair metadata problems.
Improve VG reading to work if one good copy of metadata is found.
Report/display/scan commands that read VGs will no longer write/repair.
Move metadata repairs from VG reading to VG writing.
Add config setting md_component_checks to control MD component checks.
Add end of device MD component checks when dev has no udev info.
Version 2.03.04 - 10th June 2019
Remove unused_duplicate_devs from cmd causing segfault in dmeventd.
Version 2.03.03 - 07th June 2019
Report no_discard_passdown for cache LVs with lvs -o+kernel_discards.
Add pvck --dump option to extract metadata.
Fix signal delivery checking race in libdaemon (lvmetad).
Add missing Before=shutdown.target to LVM2 services to fix shutdown ordering.
Skip autoactivation for a PV when PV size does not match device size.
Remove first-pvscan-initialization which should no longer be needed.
Add remote refresh through lvmlockd/dlm for shared LVs after lvextend.
Ignore foreign and shared PVs for pvscan online files.
Add config setting to control fields in debug file and verbose output.
Add command[pid] and timestamp to debug file and verbose output.
Fix missing growth of _pmsmare volume when extending _tmeta volume.
Automatically grow thin metadata, when thin data gets too big.
Add synchronization with udev before removing cached devices.
Add support for caching VDO LVs and VDOPOOL LVs.
Add support for vgsplit with cached devices.
Query mpath device only once per command for its state.
Use device INFO instead of STATUS when checking for mpath device uuid.
Change default io_memory_size from 4 to 8 MiB.
Add config setting io_memory_size to set bcache size.
Fix pvscan autoactivation for concurrent pvscans.
Change scan_lvs default to 0 so LVs are not scanned for PVs.
Thin-pool selects power-of-2 chunk size by default.
Cache selects power-of-2 chunk size by default.
Support reszing for VDOPoolLV and VDOLV.
Improve -lXXX%VG modifier which improves cache segment estimation.
Ensure migration_threshold for cache is at least 8 chunks.
Restore missing man info lvcreate --zero for thin-pools.
Drop misleadning comment for metadata minimum_io_size for VDO segment.
Add device hints to reduce scanning.
Introduce LVM_SUPPRESS_SYSLOG to suppress syslog usage by generator.
Fix generator quering lvmconfig unpresent config option.
Fix memleak on bcache error path code.
Fix missing unlock on lvm2 dmeventd plugin error path initialization.
Improve Makefile dependency tracking.
Move VDO support towards V2 target (6.2) support.
Version 2.03.02 - 18th December 2018
Fix missing proper initialization of pv_list struct when adding pv.
Fix (de)activation of RaidLVs with visible SubLVs.
Prohibit mirrored 'mirror' log via lvcreate and lvconvert.
Use sync io if async io_setup fails, or use_aio=0 is set in config.
Fix more issues reported by coverity scan.
Version 2.03.01 - 31st October 2018
Version 2.03.00 - 10th October 2018
Add hot fix to avoiding locking collision when monitoring thin-pools.
Allow raid4 -> linear conversion request.
Fix lvconvert striped/raid0/raid0_meta -> raid6 regression.
Add 'lvm2-activation-generator:' prefix for kmsg messages logged by generator.
Add After=rbdmap.service to {lvm2-activation-net,blk-availability}.service.
Reduce max concurrent aios to avoid EMFILE with many devices.
Fix lvconvert conversion attempts to linear.
Fix lvconvert raid0/raid0_meta -> striped regression.
Fix lvconvert --splitmirror for mirror type (2.02.178).
Do not pair cache policy and cache metadata format.
lvconvert: reject conversions on raid1 LVs with split tracked SubLVs
lvconvert: reject conversions on raid1 split tracked SubLVs
Add basic creation support for VDO target.
Never send any discard ioctl with test mode.
Fix thin-pool alloc which needs same PV for data and metadata.
Extend list of non-memlocked areas with newly linked libs.
Enhance vgcfgrestore to check for active LVs in restored VG.
Configure supports --disable-silent-rules for verbose builds.
Fix unmonitoring of merging snapshots.
Cache can uses metadata format 2 with cleaner policy.
Fix check if resized PV can also fit metadata area.
Avoid showing internal error in lvs output or pvmoved LVs.
Remove clvmd
Remove lvmlib (api)
Remove lvmetad
Use versionsort to fix archive file expiry beyond 100000 files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
|
||
|
Adolf Belka
|
d2130887f7 |
libxml2: Update to version 2.11.1
- Update from version 2.10.3 to 2.11.1
- Update of rootfile
- Changelog
There were two CVE's in version 2.10.4
v2.11.1: Apr 30 2023
Fixes build and ABI issues.
- cmake: Fix va_copy detection (Luca Niccoli)
- libxml.m4: Fix quoting
- Link with --undefined-version
- libxml2.syms: Revert removal of version information
v2.11.0: Apr 28 2023
### Major changes
Protection against entity expansion attacks, also known as "billion laughs"
has been greatly improved. Malicious files should be detected reliably now
and false positives should be reduced. It is possible though that large
documents which make heavy use of entities are rejected now.
This release finally fixes symbol visibility on UNIX systems. Internal
symbols will now be hidden. While these symbols were never declared in public
headers, it was still possible to declare them manually. Now this won't work.
All symbol information has been removed from the ELF version script to fix
link errors with --no-undefined-version. The version nodes are kept so it
should still be possible to run binaries linked against older versions.
About 90 memory errors in code paths handling malloc failures have been fixed.
While these issues shouldn't impact security, this improves robustness under
memory pressure.
The XInclude engine has been reworked to properly support nested includes.
Several cases of quadratic behavior in the XML push parser have been fixed.
Refactoring has begun on some buffering and encoding code with the goal of
simplifying this part of the code base and improving error reporting.
Other highlights:
- Consolidated private header files.
- Major rework of the autoconf build.
- Deprecated several outdated and internal functions.
Special thanks to Google's Open Source Security Subsidies program for
sponsoring much of the work on this release!
Ongoing work on libxml2 relies on funding. For a list of important open
issues see <https://gitlab.gnome.org/GNOME/libxml2/-/issues/507>
### Security
- Fix use-after-free in xmlParseContentInternal() (David Kilzer)
- xmllint: Fix use-after-free with --maxmem
- parser: Fix OOB read when formatting error message
- entities: Rework entity amplification checks
### Regressions
- parser: Fix regression in xmlParserNodeInfo accounting
### Bug fixes
- Fix memory errors in code handling malloc failures
- encoding: Fix error code in asciiToUTF8
- xpath: number('-') should return NaN
- xmlParseStartTag2() contains typo when checking for default definitions for
an attribute in a namespace (David Kilzer)
- uri: Fix handling of port numbers
- error: Make sure that error messages are valid UTF-8
- xinclude: Fix nested includes
### Improvements
- xmllint: Validate --maxmem integer option
- xmlValidatePopElement() can return invalid value (-1) (David Kilzer)
- parser: Rework EBCDIC code page detection
- parser: Limit name length in xmlParseEncName
- parser: Rework shrinking of input buffers
- html: Rely on CUR_CHAR to grow the input buffer
- parser: Rely on CUR_CHAR/NEXT to grow the input buffer
- valid: Make xmlValidateElement non-recursive
- html: Fix quadratic behavior in htmlParseTryOrFinish
- xmllint: Fix memory leak with --pattern --stream
- parser: Stop calling xmlParserInputShrink
- html: Impose some length limits
- valid: Allow xmlFreeValidCtxt(NULL)
- parser: Stop calling xmlParserInputGrow
- xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt
- xinclude: Abort immediately if max depth was exceeded
- xpath: Only report the first error
- error: Don't move past current position
- error: Limit number of parser errors
- parser: Lower entity nesting limit with XML_PARSE_HUGE
- parser: Don't increase depth twice when parsing internal entities
- parser: Improve detection of entity loops
- parser: Only report a single entity error
- libxml.h: Remove dubious definition of LIBXML_STATIC
- html: Improve parsing of nested lists
- memory: Don't use locks in xmlMemUsed
- encoding: Remove unused variable xmlDefaultCharEncodingHandler
- Rework initialization code
- Add .editorconfig
- parser: Merge misc, prolog and epilog cases in push parser
- parser: Fix 'consumed' accounting when switching encodings
- html: Fix check for end of comment in push parser
- parser: Fix push parser with 1-3 byte initial chunk
- parser: Rewrite push parser boundary checks
- reader: Switch to xmlParserInputBufferCreateMem
- html: Don't escape ASCII chars in href attributes
- io: Don't shrink memory input buffers
- parser: Don't call xmlSHRINK from push parser
- parser: Ignore cdata argument in xmlParseCharData
- parser: Rework push parser parser progress checks
- io: Fix a few integer overflows in I/O statistics
- io: Rework xmlParserInputBufferGrow with encodings
- io: Remove xmlInputReadCallbackNop
- io: Check for memory buffer early in xmlParserInputGrow
- parser: Fix error message in xmlParseCommentComplex
- Bypass proxy in nanoHTTP for hosts in "no_proxy" (Markus Jörg)
- schemas: Fix infinite loop in xmlSchemaCheckElemSubstGroup
- threads: Remove check for pthread_equal
- xinclude: Rework XInclude cache
- xinclude: Remove inefficient refcounting scheme
- xmllint: Improve handling of empty XPath node sets
- parser: Fix potential memory leak in xmlParseAttValueInternal
- error: Don't use initGenericErrorDefaultFunc
- xpath: Lower XPath recursion limit on Windows
- Stop including sys/types.h
- Don't define WIN32 macro
- Make xmlNewSAXParserCtx take a const sax handler
- Consolidate private header files
- Remove internal macros from parserInternals.h
- Move some HTML functions to correct header file
- xmllint: Stop calling xmlSAXDefaultVersion
- Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt
- Don't mess with parser options in htmlParseDocument
- Remove useless call to htmlDefaultSAXHandlerInit
- Remove htmlDefaultSAXHandler from non-SAX1 build
- Don't initialize SAX handler in htmlReadMemory
- Fix htmlReadMemory mixing up XML and HTML functions
- Don't use default SAX handler to report unrelated errors
- Create stream with buffer in xmlNewStringInputStream
- xmlcatalog: Fix memory leaks
### Code quality
- xzlib: Fix implicit sign change in xz_open
- parser: Simplify calculation of available buffer space
- parser: Use size_t when subtracting input buffer pointers
- parser: Check for integer overflow when updating checkIndex
- xpath: Fix harmless integer overflow in xmlXPathTranslateFunction
- schematron: Use logical and
- relaxng: Remove useless if statement
- schemas: Remove useless if statement
- pattern: Merge identical branches
- regexp: Add sanity check in xmlRegCalloc2
- regexp: Simplify xmlRegAtomPush
- encoding: Cast toupper argument to unsigned char
- uri: Add explicit cast in xmlSaveUri
- buf: Fix return value of xmlBufGetInputBase
- parser: Fix integer overflow of input ID
- parser: Remove useless ent->etype test in xmlParseReference
- parser: Remove useless ent->children tests in xmlParseReference
- xmlmemory.c: Remove xmlMemContentShow
- libxml.h: Add comments and indentation
- libxml.h: Don't include stdio.h
- xmlexports.h: Disable docs for internal macro XMLPUBLIC
- parser: Simplify xmlParseConditionalSections
- io: Rearrange code in xmlSwitchInputEncodingInt
- warnings: Fix -Wstrict-prototypes warning
- warnings: Remove set-but-unused variables
- Fix compiler warnings in SAX2.c
- Fix unused variable warning in python/types.c
- Fix compiler warning in examples
- Fix compiler warnings in fuzzing code
- Remove unused code in nanohttp.c
- Remove or annotate char casts
- Don't use sizeof(xmlChar) or sizeof(char)
- Remove explicit integer casts
### Deprecations
- parser: Deprecate more internal functions
- parser: Deprecate some parser input functions
- parser: Deprecate xmlString*DecodeEntities
- threads: Deprecate some internal functions
- buf: Deprecate static/immutable buffers
- Deprecate internal parser functions
- Deprecate old HTML SAX API
- Generate deprecation warnings for old SAX API
- Mark more functions setting globals as deprecated
- Mark more parser functions as deprecated
- Mark most SAX1 functions as deprecated
- Deprecate some global variables
### Portability
- autoconf: Warn about outdated C compilers
- win32: Remove broken libxml2.def.src
- Remove symbols from version script
- catalog.c: Silence a cast warning on VS 2022 (Lukáš Tyrychtr)
- libxml.h: Remove ancient LynxOS setup
- Use python3 not python (Ross Burton)
- xstc/fixup-tests.py: port to Python 3 (Ross Burton)
- xstc/fixup-tests.py: unify whitespace (Ross Burton)
- Remove hacky heuristic from b2dc5675 (Alex Richardson)
- Avoid creating an out-of-bounds pointer by rewriting a check
(Alex Richardson)
- Hide internal functions
- Correctly relocate internal pointers after realloc() (Alex Richardson)
- Visual Studio builds: Allow silencing deprecation warnings (Chun-wei Fan)
- Visual Studio: Define XML_DEPRECATED (Chun-wei Fan)
- xmllint: Include <io.h> on Windows
- warnings: Work around MSVC bug
- sources: Silence C4013 warnings on Visual Studio (Chun-wei Fan)
- python/setup.py.in: Improve Windows import patching (Chun-wei Fan)
- python: Create .pyd on Windows
- Fix Python build on Windows
- Fix Windows compiler warnings in python/types.c
- Fix libxml_PyFileGet
- Remove BeOS support
- Fix libxml_PyFileGet with stdout on macOS
- Migrate from PyEval_ to PyObject_
- Port build_glob.py to Python 3
- Port genChRanges.py to Python 3
- xmlexports.h: Remove LIBXML_FASTCALL optimization
- Remove XMLCALL and XMLCDECL macros from public headers
- Remove XMLDECL macro from .c files
### Build systems
- cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is
enabled (Alexander Kutelev)
- autotools: Fix make distcheck
- Remove RPM build, Makefile.tests, README.tests
- libxml.m4: deprecate AM_PATH_XML2, wrap PKG_CHECK_MODULES instead
(Ross Burton)
- libxml.m4: fix -Wstrict-prototypes (Sam James)
- cmake: Build static library with -DLIBXML_STATIC
- autotools: Don't use version script on Windows
- autotools: Fix winsock detection
- autotools: Only add network libraries if HTTP/FTP enabled
- autotools: Disable parallel Python build
- python: Don't output missing generators during build
- build: Remove check for broken ss_family
- http: Simplify IPv6 checks
- autotools: Fix network checks on Windows
- Fix detection of GNU libiconv
- cmake: Fix Python installation
- cmake: Don't check for Python 2
- configure.ac: Also check for MSYS host
- Improve network library detection
- Detect ws2_32 with AC_SEARCH_LIBS
- Rework network configure checks
- Remove arg cast configure checks
- Fix dlopen check
- Remove HAVE_WIN32_THREADS configuration flag
- Rework dlopen and pthread detection
- Fix test in configure.ac
- cmake: Enable GCC compiler warnings
- Always link with -no-undefined
- Use AM_CFLAGS and AM_LDFLAGS consistently
- Remove -Wredundant-decls
- Call AC_CHECK_* with multiple arguments
- configure.ac: Remove checks for unused programs
- Rework library detection in configure.ac
- Rearrange configure.ac
- Consolidate zlib and lzma detection
- Remove "runtime debugging"
- Consolidate simple API modules in configure.ac
- Fix dependency resolution in configure.ac
- Fix --with-valid --without-regexps build
- Fix --with-schemas --without-xpath build
- Don't build unneeded .c source files
- Move xmlIsXHTML to tree.c
- Cleanup distribution settings in Makefile.am
- Also clean *.pyc files for Python 2
- Don't distribute libxml2.spec
### Tests
- testchar: Add test for memory pull parser with encoding
- fuzz: Also test init function of URI fuzzer
- fuzz: Separate fuzzer for DTD validation
- gitlab-ci: Enable all "integer" sanitizers
- fuzz: Inject random malloc failures
- fuzz: Support variable integer sizes in fuzz data
- fuzz: Fix duplicate detection in fuzzEntityRecorder
- fuzz: Set filename in xmlFuzzEntityLoader
- fuzz: Allow xmlFuzzReadString(NULL)
- fuzz: Fix Makefile dependencies
- fuzz: Add test/recurse to seed corpus
- fuzz: Add separate XInclude fuzzer
- runsuite: Some errors are expected
- testrecurse: Test entity expansion stats
- testapi.c: Initialize catalog early
- gentest.py: Fix memory leak in API tests
- tests: Enable "runsuite" test
- python/tests/reader2: use absolute paths everywhere (Ross Burton)
- python/tests/reader2: always exit(1) if a test fails (Ross Burton)
- testModule: exit if the module can't be opened (Ross Burton)
- CI: disable modules in gcc:static build (Ross Burton)
- CI: fix CI on MinGW builds (Ross Burton)
- python: Fix memory leak checks
- tests: Check that xmlInitParser doesn't allocate memory
- tests: Fix use-after-free in Python tests
- tests: Remove unneeded #includes
- gitlab-ci: Make Test-Msvc exit if ctest fails
- gitlab-ci: Treat compiler warnings as errors on MSVC
- test: Add test for push parser boundaries
- gitlab-ci: Upgrade image to Ubuntu 22.10, reenable MSan
- gitlab-ci: Reenable LeakSanitizer
- gitlab-ci: Fix llvm-symbolizer
- xinclude: Don't create result doc for test with errors
- xinclude: Also test error messages
- gitlab-ci: Allow cast-align warnings from clang
- gitlab-ci: Fix tar invocation
- gitlab-ci: Move MSVC test to separate script
- gitlab-ci: Fix SUFFIX, remove MINGW_PATH
- gitlab-ci: Consolidate CMake test scripts
- gitlab-ci: Only install MinGW autotools if needed
- gitlab-ci: Only install cmake MinGW package if needed
- gitlab-ci: Install 7-Zip using the .msi
- Use $MSYSTEM and 'bash -lc' in MinGW CI
- Add CI job for MinGW/Autotools
- Consolidate CI scripts
- Allow empty MINGW_PACKAGE_PREFIX
- Move Dockerfile to .gitlab-ci directory
- testapi: Disable on Windows for now
- Disable fuzzer tests if glob.h wasn't found
- Move automata test to runtest.c
- Fix testapi when building --without-sax1
# Documentation
- doc: Remove ancient files
- Remove ancient TODOs
- html: Fix htmlInitAutoClose documentation
- doc: Mention new location of XML catalog as breaking change
- doc: Mention potentially breaking changes in NEWS
- doc: Remove xmlDllMain from documentation and version script
- doc: Mention ${sysconfdir} in man pages
- doc: Document xmlcatalog --convert
- doc: Document xmllint --nodict and --pedantic
- doc: Fix indentation in source XML files
- xmllint: Document --quiet option
- Improve cross-references in API docs
- Improve documentation of globals
- Fix documentation parser
- Support comments for global variables in documentation
- Fix update call in apibuild.py
- Don't index anything in DOC_DISABLE sections
- Fix warnings from apibuild.py
- Start with documentation for maintainers
v2.10.4: Apr 11 2023
### Security
- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
### Regressions
- SAX2: Ignore namespaces in HTML documents
- io: Fix "buffer full" error with certain buffer sizes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
|
||
|
Adolf Belka
|
9d0add9f82 |
harfbuzz: Update to version 7.2.0
- Update from version 7.0.1 to 7.2.0
- Update of rootfile
- Changelog
Overview of changes leading to 7.2.0
- Add Tifinagh to the list of scripts that can natively be either right-to-left
or left-to-right, to improve handling of its glyph positioning.
(Simon Cozens)
- Return also single substitution from hb_ot_layout_lookup_get_glyph_alternates()
(Behdad Esfahbod)
- Fix 4.2.0 regression in applying across syllables in syllabic scripts.
(Behdad Esfahbod)
- Add flag to avoid glyph substitution closure during subsetting, and the
corresponding “--no-layout-closure” option to “hb-subset” command line tool.
(Garret Rieger)
- Support instancing COLRv1 table. (Qunxin Liu)
- Don’t drop used user-defined name table entries during subsetting.
(Qunxin Liu)
- Optimize handling of “gvar” table. (Behdad Esfahbod)
- Various subsetter bug fixes and improvements. (Garret Rieger, Qunxin Liu)
- Various documentation improvements. (Behdad Esfahbod, Josef Friedrich)
- New API:
+HB_SUBSET_FLAGS_NO_LAYOUT_CLOSURE
+HB_UNICODE_COMBINING_CLASS_CCC132
- Deprecated API:
+HB_UNICODE_COMBINING_CLASS_CCC133
Overview of changes leading to 7.1.0
- New experimental hb_shape_justify() API that uses font variations to expand
or shrink the text to a given advance. (Behdad Esfahbod)
- Various build and bug fixes. (Behdad Esfahbod, Garret Rieger, Qunxin Liu)
- New API:
+hb_font_set_variation()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
|
||
|
Matthias Fischer
|
237b88914d |
libpcap: Update to 1.10.4
For details see: https://git.tcpdump.org/libpcap/blob/HEAD:/CHANGES#l50 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Arne Fitzenreiter
|
edb153e209 |
kernel: arm64 rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Arne Fitzenreiter
|
8b251380b6 |
u-boot: add OrangePi R1 Plus LTS
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Arne Fitzenreiter
|
2b1a701ec4 |
kernel: add OrangePi R1 Plus LTS
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Peter Müller
|
092ff6670a |
apr: Update rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
87e90e2164 |
Fix typo in aarch64 linux rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Arne Fitzenreiter
|
acb3aa6abd |
kernel: add nanopi r2c patches
https://git.ipfire.org/?p=people/arne_f/kernel.git;a=commit;h=4a06c119e0065bf8794a98bd21a71ff6236d32d1 https://git.ipfire.org/?p=people/arne_f/kernel.git;a=commit;h=716f69f11cf3bf328453cc3e284d5bce7feb9a0e Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Arne Fitzenreiter
|
0a7f6097bc |
u-boot: add nanopi r2c support
this patch add nanopi r2c plus support. if this u-boot is installed on the eMMC this is also supported. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Adolf Belka
|
2336495142 |
parted: Update to version 3.6
- Update from version 3.5 to 3.6
- Update of rootfile
- Changelog
Noteworthy changes in release 3.6 (2023-04-10) [stable]
Promoting alpha release to stable release 3.6
Noteworthy changes in release 3.5.28 (2023-03-24) [alpha]
New Features
Support GPT partition attribute bit 63 as no_automount flag.
Add type commands to set type-id on MS-DOS and type-uuid on GPT.
Add swap flag support to the dasd disklabel
Add display of GPT disk and partition UUIDs in JSON output
Bug Fixes
Fix use of enums in flag limits by switching to using #define
Fix ending sector location when using kibi IEC suffix
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
b47528525d |
libgcrypt: Update to version 1.10.2
- Update from version 1.10.1 to 1.10.2 - Update of rootfile - Changelog Noteworthy changes in version 1.10.2 (2023-04-06) [C24/A4/R2] * Bug fixes: - Fix Argon2 for the case output > 64. [rC13b5454d26] - Fix missing HWF_PPC_ARCH_3_10 in HW feature. [rCe073f0ed44] - Fix RSA key generation failure in forced FIPS mode. [T5919] - Fix gcry_pk_hash_verify for explicit hash. [T6066] - Fix a wrong result of gcry_mpi_invm. [T5970] - Allow building with --disable-asm for HPPA. [T5976] - Fix Jitter RNG for building native on Windows. [T5891] - Allow building with -Oz. [T6432] - Enable the fast path to ChaCha20 only when supported. [T6384] - Use size_t to avoid counter overflow in Keccak when directly feeding more than 4GiB. [T6217] * Other: - Do not use secure memory for a DRBG instance. [T5933] - Do not allow PKCS#1.5 padding for encryption in FIPS mode. [T5918] - Fix the behaviour for child process re-seeding in the DRBG. [rC019a40c990] - Allow verification of small RSA signatures in FIPS mode. [T5975] - Allow the use of a shorter salt for KDFs in FIPS mode. [T6039] - Run digest+sign self tests for RSA and ECC in FIPS mode. [rC06c9350165] - Add function-name based FIPS indicator function. GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION. This is not considered an ABI changes because the new FIPS features were not yet approved. [rC822ee57f07] - Improve PCT in FIPS mode. [rC285bf54b1a, rC4963c127ae, T6397] - Use getrandom (GRND_RANDOM) in FIPS mode. [rCcf10c74bd9] - Disable RSA-OAEP padding in FIPS mode. [rCe5bfda492a] - Check minimum allowed key size in PBKDF in FIPS mode. [T6039,T6219] - Get maximum 32B of entropy at once in FIPS mode. [rCce0df08bba] - Prefer gpgrt-config when available. [T5034] - Mark AESWRAP as approved FIPS algorithm. [T5512] - Prevent usage of long salt for PSS in FIPS mode. [rCfdd2a8b332] - Prevent usage of X9.31 keygen in FIPS mode. [rC392e0ccd25] - Remove GCM mode from the allowed FIPS indicators. [rC1540698389] - Add explicit FIPS indicators for hash and MAC algorithms. [T6376] Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
71a5008927 |
libgpg-error: Update to version 1.47
- Update from version 1.46 to 1.47 - Update of rootfile - Changelog Noteworthy changes in version 1.47 (2023-04-06) [C34/A34/R0] * New error codes for PUKs and reset codes. [T6421] * Avoid segv in logging with improper use of the "socket://". [rE68333be630] * Fixed translation of argparse's internal option --help. [rE885a287a57] * Interface changes relative to the 1.46 release: GPG_ERR_SOURCE_TKD NEW. GPG_ERR_BAD_PUK NEW. GPG_ERR_NO_RESET_CODE NEW. GPG_ERR_BAD_RESET_CODE NEW. GPGRT_SPAWN_KEEP_STDIN NEW. GPGRT_SPAWN_KEEP_STDOUT NEW. GPGRT_SPAWN_KEEP_STDERR NEW. GPGRT_SPAWN_INHERIT_FILE NEW. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Matthias Fischer
|
d92134b818 |
unbound: Update to 1.17.1
For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-1 "Features Expose 'statistics-inhibit-zero' as a configuration option; the default value retains Unbound's behavior. Expose 'max-sent-count' as a configuration option; the default value retains Unbound's behavior. Merge #461 from Christian Allred: Add max-query-restarts option. Exposes an internal configuration but the default value retains Unbound's behavior. Merge #569 from JINMEI Tatuya: add keep-cache option to 'unbound-control reload' to keep caches. Bug Fixes Merge #768 from fobser: Arithmetic on a pointer to void is a GNU extension. In unit test, print python script name list correctly. testcode/dohclient sets log identity to its name. Clarify the use of MAX_SENT_COUNT in the iterator code. Fix that cachedb does not store failures in the external cache. Merge #767 from jonathangray: consistently use IPv4/IPv6 in unbound.conf.5. Fix to ignore tcp events for closed comm points. Fix to make sure to not read again after a tcp comm point is closed. Fix #775: libunbound: subprocess reap causes parent process reap to hang. iana portlist update. Complementary fix for distutils.sysconfig deprecation in Python 3.10 to commit 62c5039ab9da42713e006e840b7578e01d66e7f2. Fix #779: [doc] Missing documention in ub_resolve_event() for callback parameter was_ratelimited. Ignore expired error responses. Merge #720 from jonathangray: fix use after free when WSACreateEvent() fails. Fix for the ignore of tcp events for closed comm points, preserve the use after free protection features. Fix #782: Segmentation fault in stats.c:404. Add SVCB and HTTPS to the types removed by 'unbound-control flush'. Clear documentation for interactivity between the subnet module and the serve-expired and prefetch configuration options. Fix #773: When used with systemd-networkd, unbound does not start until systemd-networkd-wait-online.service times out. Merge #808: Wrap Makefile script's directory variables in quotes. Fix to wrap Makefile scripts directory in quotes for uninstall. Fix windows compile for libunbound subprocess reap comm point closes. Update github workflows to use checkout v3. Fix wildcard in hyperlocal zone service degradation, reported by Sergey Kacheev." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> |
||
|
Peter Müller
|
489e0494dc |
OpenSSL: Update to 3.1.0
In a future Core Update, the following remnants of OpenSSL 1.1.1 need to be removed: /usr/lib/engines-1.1/afalg.so /usr/lib/engines-1.1/capi.so /usr/lib/engines-1.1/padlock.so /usr/lib/libcrypto.so.1.1 /usr/lib/libssl.so.1.1 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
962c7bf244 |
linux-firmware: Update to 20230404
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
6aa0837d24 |
linux: Update to 6.1.24
Compiling the kernel has automatically introduced CONFIG_INIT_STACK_ALL_ZERO=y and removed GCC's structleak plugin (not to be confused with its stackleak counterpart). However, according to related documentation, this neither introduces a security nor performance disadvantage. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
d330a6803e |
housekeeping: removal of menu items for no longer available addons
- removal of EX-addonsvc.menu entry in config/menu/ as the lfs file for this could not be found in the IPFire git repo all the way back to CU30 - removal of EX-addonsvc.menu, EX-asterisk.menu and EX-bluetooth.menu which are no longer in IPfire for two years or longer. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
ece70b1fcc |
aprutil: Update to version 1.6.3
- Update from version 1.6.1 to 1.6.3
- Update of rootfile
- Changelog
1.6.3
*) Correct a packaging issue in 1.6.2. The contents of the release were
correct, but the top level directory was misnamed.
1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
*) Teach configure how to find and build against MariaDB 10.2. PR 61517
[Kris Karas <bugs-a17 moonlit-rail.com>]
*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
prevented commoncrypto being enabled. [Graham Leggett]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
apr_dbm_gdbm will now also return error codes starting with
APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always
returning APR_EGENERAL. [Stefan Fritsch]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
dd5a9f733a |
acpid: Update to version 2.0.34
- Update from version 2.0.32 to 2.0.34 - Update of rootfile - Changelog 2.0.34 2022-09-15 Ted Felix <ted@tedfelix.com> - 2.0.34 release (configure.ac) (Ted Felix) - Add MSG_CMSG_CLOEXEC for systems that are missing it. (libnetlink.h libnetlink.c kacpimon/libnetlink.h kacpimon/libnetlink.c) (Fabrice Fontaine <fontaine.fabrice@gmail.com>) - Fix a bug with input layer event table not working on 32-bit builds with 64-bit time types. (input_layer.c) (Ted Felix) - Use binary search to find input layer events in the table. (input_layer.c) (Ted Felix) - Use AC_PROG_CC instead of the obsolete AC_PROG_CC_STDC. (configure.ac) (Ted Felix) - Add support for more input layer events. (input_layer.c) (Ted Felix) 2.0.33 2021-09-15 Ted Felix <ted@tedfelix.com> - 2.0.33 release (configure.ac) (Ted Felix) - Detect newer GNOME power manager. (powerbtn.sh) (Andrey Utkin <andrey_utkin@gentoo.org>) - openrc-shutdown: Set shutdown time to 'now'. (powerbtn.sh) (Jonathan Davies <jpds@protonmail.com>) - Attempt to open input layer devices whose permissions have changed. (inotify_handler.c) (Torsten Hilbrich <torsten.hilbrich@secunet.com>) - Comments added. (TESTPLAN inotify_handler.c) (Ted Felix) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
90a3a2b88f |
slang: Update to version 2.3.3
- Update from version 2.3.2 to 2.3.3 - Update of rootfile - Changelog 2.3.3 1. src/slposdir.c: stat_file now support open file descriptors, in addition to filenames. 2. src/sltoken.c: Ignore the \r character in multiline strings that appear to have CRLF line terminators. (Manfred Hanke) 3. *.tm: minor documentation updates 4. src/slang.h: SLANG_VERSION_STRING was missing the "pre" prefix. 5. src/sltermin.c: Added support for TERMINFO_DIRS (based upon a patch forwarded by Jörg Thalheim) 6. src/slarray.c: src/slarray.c: some integer overflow checks were resulting undefined behavior (reported by Sergey) 7. modules/csv.sl: Strip leading/trailing whitespace from column names 8. src/slsmg.c,sldisply.c: Removed static buffers with sizes dependent upon SLTT_MAX_SCREEN_ROWS/COLS in favor of dynamically allocated ones. 9. modules/chksum-module: added CRC-8,16,32 checksums to the chksum module 10. modules/csv.sl: An error message in the form of a dollar-string was not marked as such. 11. modules/csv.sl: Added support for empty CSV files 12. src/sltime.c: The timegm function will ignore the tm_wday and tm_yday fields, and instead use the tm_mon and tm_mday fields. 13. modules/mkfiles/makefile.all: Added a target for chksum_crc.o for win32/64 platforms (see change #9) 14. modules/chksum-module.c: The memset function was used with the wrong structure size causing a buffer overflow on 32 bit systems. 15. src/terminfo/parsecaps.sl: Tweaked an auto-generated comment produced by parsecaps.sl to produce a more deterministic build (Ian Rogers). 16. src/slarray.c: Changed two instances of index errors to throw an IndexError exception instead of InvalidParmError exception. 17. src/slposdir.c; The statvfs function was returning a struct with duplicated f_bsize fields. 18. *.c: In switch statements, changed the /* drop */ comment to /* fall through */ to avoid gcc-8 warnings. 19. modules/csv.sl: If a comment string appears at the start of a line forming a multiline string, then treat it as part of the string. 20. slsh/lib/timestamp.sl: Added a function timestamp_parse that parses strings such as `Thu May 14 18:05:05 2020` and returns the number of seconds since the Unix epoch. 21. src/slregexp.c: Added \D (non-digit), \s (whitespace), and \S (non-whitespace). 22. src/slstrops.c: Added a compiled regexp cache 23. src/slstdio.c: Added trim qualifier to the fgetlines intrinsic: ;trim=1 ==> trim trailing whitespace ;trim=2 ==> trim leading whitespace ;trim=3 ==> trim leading and trailing whitespace 24. slsh/lib/timestamp.sl: When matching a regexp to a timestamp, start with the RE that was used in the previous match. 25. Another timestamp RE tweak to pickup additional irregular forms 26. modules/csv.sl: If a CSV file has a byte-order mark (BOM), ignore it. 27. src/sldisply.c: Increased the buffer size for the SLtt_tgoto function to allow for larger terminfo strings 28. modules/Makefile.in: Added STATS_OBJS to the clean target 29. src/slstrops.c: The is_substr function was not handling a NULL argument 30. slsh/lib/timestamp.sl: Corrected a regular expression for a timestamp with "Z" as the timezone. 31. modules/csv-module.c: Fields with an embedded \r were not being properly handled. 32. src/slarray.c: Improved the speed of multi-dimensional array indexing by about a factor of 2 33. slsh/lib/timestamp.sl: The computation of leap days was incorrect for some years 34. src/slang.h: Added `typedef void (*SLFVOID_STAR)(void)', which will replace FVOID_STAR in version 3. The library code was updated to use this. 35. slsh/lib/fswalk.sl: Added an optional callback argument to the fswalk that is called when leaving a directory. 36. modules/termios-module.c: Avoid a potential problem with the tcgetpgrp intrinsic in the unlikely case that sizeof(pid_t) is larger than sizeof(int). 37. src/slarray.c: Simplified the range checking in the linear_get_data_addr function and removed unused code. 38. Updated the copyright year 39. slsh/lib/fswalk.sl: Change #35 regression: The get_stat function was being called with the wrong number of arguments. 40. src/slarith.c: Additional binary arithmetic optimizations involving arrays of char and short. 41. src/slang.c,slarray.c: Added qualifier support to the array_map function. 42. src/slang.c: Flagged the use of an uninitialized variable as soon as it is accessed ("pushed") rather than waiting until it is used ("popped"). Fixed a bug in slsh/lib/setfuns.sl:union that was detected by this change. 43. src/sl-feat.h: Floating point support by the interpreter is now required. The library has not compiled without it for a long time. As such, this option is no longer available. 44. */test/*.sl: Surrounded regression test code that makes use of complex numbers with `#ifexists Complex_Type' so that they run when the interpreter is compiled without complex variable support. 45. src/slarray.c: The _pSLarray1d_push_elem needed to be exposed when compiling the interpreter without optimization. 46. src/slarith.c,...: Rewrote the various macros used by this file to simplify the code, permit better optimization, and easier maintenance. Some of the loops were also unrolled. 47. src/slarray.c: Made the array bounds index checking code more uniform for better readability. 48. src/slarray.c: The previous change introduced a bug that caused array indexing with no (empty) indices to fail. 49. modules/chksum-module.c: When a CRC object went out of scope without being closed, it would leave its value on the stack. 50. slsh/lib/process.sl: If the file descriptor that is used to communicate messages from the child process back to the parent is requested by the caller, then dup an unused one. To facilitate testing, two additional hooks were added: exit_hook and exec_hook. 51. slsh/lib/cmdopt.sl: If a command line option is associated with a callback function, and the value of the command line argument is optional, pass the default value to the callback if not given on the command line. 52. modules: Added cumulant function to the stats module; updated regression scripts/unit tests for better code coverage; fixed a bug in the _zlib_inflate_reset function where deflateReset was being called instead of inflateReset. 53. slsh/lib: Updated unit/regression tests for better coverage 54. slsh/lib/print.sl: Use >= instead of > when comparing the number of screen rows to determine if the pager should be used. 55. modules/chksum-module: Added sha224, sha256, sha384, and sha512 algorithms kindly provided by Jakob Stierhof 56. modules/chksum-module: Added HMAC message authentication code algorithm (Jakob Stierhof) 57. modules/mkfiles/makefile.all: Added chksum_sha2 to the non-Unix makefile. 58. src/slgetkey.c: Use memmove instead of SLMEMCPY to avoid issues with coping to an overlapping buffer. (William Ahern) 59. modules/pcre.sl: The options qualifier was not being properly handled by the pcre_matches function. 60. src/_slang.h,etc: replaced the dependence of the internal _pSLang_get_run_stack* functions, which return absolute pointers, in favor of relative offsets. 61. src/slang.c: Made the run-time stack dynamically growable up to a maximum configured size. 62. modules/: Documentation updates 63. src/: Added _set_bos/f_compile_hook functions to specify a function to get called when a statement or function gets compiled. 64. src/sllimits.h: Reduced the initial stack size to a value similar to what it was before change #61. 65. src/slarrfun.c: array_swap was returning a copy of the input array when when swapping an array element with itself (bug reported by Jakob Stierhof) 66. modules/csv.sl: If _csv_decode_row fails, include in the error message the line number of the file where the error was detected 67. modules/socket-module.c: Corrected an error message for the bind function 68. Updated the copyright year 69. Added slcov script which generates lcov-compatible code coverage data 70. autoconf/aclocal.m4: Updated to v0.3.4.1 71. slsh/Makefile.in: Changed the order of the linker flags to avoid a linking problem on MacPorts (Ryan Schmidt) 72. slsh/lib/cmdopt.sl: Corrected a usage message 73. src/slposio.c: Added the flock function for the creation of advisory locks 74. src/slcurses.h: Added 'extern "C"' to enable the file to be used in C++ programs; also marked some variables as dynamically exportable by using SL_EXTERN (Gisle Vanem) 75. src/slstrops.c: "%0*" was being flagged as invalid by the sprintf function (Jakob Stierhof) 76. modules/csv.sl: When writing a CSV file with a single row, convert any scalar data values to single element arrays. 77. src/Makefile.in, slsh/Makefile.in: Addressed some dependency problems found by `make --shuffle` that were causing parallel builds to fail (Sergei Trofimovich) 78. src/slarray.c: Flag out-of-range indexing of indefinite ranges involving negative indexes, e.g., x = [1]; y = x[[-2:]]; Previousely this resulted in y = [1,1] instead of an error. 79. modules/csv.sl: Avoid indexing an empty array with a negative index (detected by change #78) 80. src/slarray:c: #78 was flagging x[[:-2]] as invalid instead of producing an empty array for x=[1] 81. src/slarray.c: Tweaked the handling of negative indices in indefinite ranges such that x[[:-i]] will produce an empty array wheneve i > length(x) 82. src/sltermin.c: Added support for so-called user-defined terminfo extensions. In particular, if the terminfo file defines RGB=true, then truecolor support will be enabled. 83. src/sldisply.c: The Has_True_Color variable was not defined for 32 bit systems 84. modules/csv.sl: Improved read speed for large CSV files 85. src/test/posixio.sl: Do not test the flock function using an NFS mounted direcory, which requires lockd to be running on the server Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
3856fa45c9 |
pciutils: Update to version 3.9.0
- Update from version 3.8.0 to 3.9.0
- Update of rootfile
- Changelog
3.9.0.
* We decode Compute Express Link (CXL) capabilities.
* The tree mode of lspci is now compatible with filtering options.
* When setpci is used with a named register, it checks whether
the register is present in the particular header type.
* Linux: The intel-conf[12] back-ends prefer to use ioperm() instead
of iopl() to gain access to I/O ports.
* Windows: We have two new back-ends thanks to Pali Rohár.
One uses the NT SysDbg interface, the other uses kldbgdrv.sys
(which is a part of the Microsoft WinDbg tool).
* Windows: We support building libpci as a DLL. Also, Windows
binaries now include meta-data with version.
* Hurd: The Hurd back-end works again.
* mmio-conf1(-ext): Added a new back-end implementing the intel-conf1
interface over MMIO. This is useful on some ARM machines, but it
requires manual configuration of the MMIO addresses.
* As usually, updated pci.ids to the current snapshot of the database.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
7ace13e5c1 |
newt: Update to version 0.52.23
- Update from version 0.52.21 to 0.52.23 - Update of rootfile - Changelog 0.52.23 - fix automatic height of menu/list in whiptail (broken in 0.52.22) - fix automatic width of whiptail --yesno box - fix automatic width in whiptail with unicode characters - fix automatic width with whiptail --noitem and --notags options - fix spacing with longer tags in whiptail - avoid overlapping backtitle in whiptail with automatic height 0.52.22 - fix crash in whiptail with new libpopt - switch from usleep to nanosleep (Rosen Penev) - fix libnewt.pc to enable static linking (Alexey Sheplyakov) - fix LDFLAGS order in snack linking (Sam James) - use CFLAGS when compiling snack - improve configure.ac (Thomas Kuehne) - install header and libnewt.pc with shared library (Michael Olbrich) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
00bf577610 |
libcap: Update to version 2.67
- Update from version 2.66 to 2.67
- Update of rootfile
- Changelog
Release notes for 2.67
Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch
from David Seifert.
Added SPDX identifiers to License file(s). Hopefully this will help the various
robots out there correctly identify the longstanding licenses for libcap and friends.
(Bug: 216609 reported by Günther Noack)
Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther
Noack on behalf of Michael Stapelberg)
The basic issue is how to link C code with Go psx without using CGo. This is all
a low level hackery. If you are interested, browse the source.
Correct for bad whatis entries in man pages (this was throwing a Debian build test,
detail)
Also reviewed man pages and addressed cross linkage issues (Bug: 216585)
Cleaned up some README.md files (made a github mirror now just so I can
automatically render them).
Changed meaning of DYNAMIC=no builds.
This now builds everything with static linking except for libc. The reason for
this exception is explained in the commit message.
Inserted demonstration exploit code in capso.so to support article.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Matthias Fischer
|
0ddd17b790 |
bind: Update to 9.16.39
For details see: https://downloads.isc.org/isc/bind9/9.16.39/doc/arm/html/notes.html#notes-for-bind-9-16-39 "Notes for BIND 9.16.39 Feature Changes libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. [GL #3840] Bug Fixes named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. [GL #3911]" When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [GL #3673]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> |
||
|
Peter Müller
|
35abb51eb7 |
linux-firmware: Do not ship the qca/ directory
It only contains firmware files for some Qualcomm Bluetooth devices, for which there is no use on IPFire, since we disabled Bluetooth support in the kernel a long time ago due to security reasons. To save some space (~ 1.9 MByte), do not ship these files, and delete them on existing IPFire installations as well. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
3562922c43 |
linux-firmware: Update to version 20230210
- Update from version 20221214 to 20230210 - Update of rootfile - Changelog For changes see the commits in the git repo https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
6828b9bcd6 |
qpdf: Update to version 11.3.0
- Update from version 10.4.0 to 11.3.0 - Update of rootfile - Build changed to cmake from version 11.0 onwards - find-dependencies run due to lib so bump. Only qpdf and cups-filters are linked to the changed libs. cups-filters being shipped due to a change required because of qpdf-11.3.0 - Changelog is too large to include here. Details can be found in the ChangeLog file in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Peter Müller
|
cf66a3f133 |
Revert "grub: Fix for riscv64 rootfile"
This reverts commit
|
||
|
Adolf Belka
|
ee5c0d09dc |
zstd: Update to version 1.5.4
- Update from version 1.5.2 to 1.5.4 - Update of rootfile - Changelog v1.5.4 (Feb 2023) perf: +20% faster huffman decompression for targets that can't compile x64 assembly (#3449, @terrelln) perf: up to +10% faster streaming compression at levels 1-2 (#3114, @embg) perf: +4-13% for levels 5-12 by optimizing function generation (#3295, @terrelln) pref: +3-11% compression speed for `arm` target (#3199, #3164, #3145, #3141, #3138, @JunHe77 and #3139, #3160, @danlark1) perf: +5-30% faster dictionary compression at levels 1-4 (#3086, #3114, #3152, @embg) perf: +10-20% cold dict compression speed by prefetching CDict tables (#3177, @embg) perf: +1% faster compression by removing a branch in ZSTD_fast_noDict (#3129, @felixhandte) perf: Small compression ratio improvements in high compression mode (#2983, #3391, @Cyan4973 and #3285, #3302, @daniellerozenblit) perf: small speed improvement by better detecting `STATIC_BMI2` for `clang` (#3080, @TocarIP) perf: Improved streaming performance when `ZSTD_c_stableInBuffer` is set (#2974, @Cyan4973) cli: Asynchronous I/O for improved cli speed (#2975, #2985, #3021, #3022, @yoniko) cli: Change `zstdless` behavior to align with `zless` (#2909, @binhdvo) cli: Keep original file if `-c` or `--stdout` is given (#3052, @dirkmueller) cli: Keep original files when result is concatenated into a single output with `-o` (#3450, @Cyan4973) cli: Preserve Permissions and Ownership of regular files (#3432, @felixhandte) cli: Print zlib/lz4/lzma library versions with `-vv` (#3030, @terrelln) cli: Print checksum value for single frame files with `-lv` (#3332, @Cyan4973) cli: Print `dictID` when present with `-lv` (#3184, @htnhan) cli: when `stderr` is *not* the console, disable status updates, but preserve final summary (#3458, @Cyan4973) cli: support `--best` and `--no-name` in `gzip` compatibility mode (#3059, @dirkmueller) cli: support for `posix` high resolution timer `clock_gettime()`, for improved benchmark accuracy (#3423, @Cyan4973) cli: improved help/usage (`-h`, `-H`) formatting (#3094, @dirkmueller and #3385, @jonpalmisc) cli: Fix better handling of bogus numeric values (#3268, @ctkhanhly) cli: Fix input consists of multiple files _and_ `stdin` (#3222, @yoniko) cli: Fix tiny files passthrough (#3215, @cgbur) cli: Fix for `-r` on empty directory (#3027, @brailovich) cli: Fix empty string as argument for `--output-dir-*` (#3220, @embg) cli: Fix decompression memory usage reported by `-vv --long` (#3042, @u1f35c, and #3232, @zengyijing) cli: Fix infinite loop when empty input is passed to trainer (#3081, @terrelln) cli: Fix `--adapt` doesn't work when `--no-progress` is also set (#3354, @terrelln) api: Support for Block-Level Sequence Producer (#3333, @embg) api: Support for in-place decompression (#3432, @terrelln) api: New `ZSTD_CCtx_setCParams()` function, set all parameters defined in a `ZSTD_compressionParameters` structure (#3403, @Cyan4973) api: Streaming decompression detects incorrect header ID sooner (#3175, @Cyan4973) api: Window size resizing optimization for edge case (#3345, @daniellerozenblit) api: More accurate error codes for busy-loop scenarios (#3413, #3455, @Cyan4973) api: Fix limit overflow in `compressBound` and `decompressBound` (#3362, #3373, Cyan4973) reported by @nigeltao api: Deprecate several advanced experimental functions: streaming (#3408, @embg), copy (#3196, @mileshu) bug: Fix corruption that rarely occurs in 32-bit mode with wlog=25 (#3361, @terrelln) bug: Fix for block-splitter (#3033, @Cyan4973) bug: Fixes for Sequence Compression API (#3023, #3040, @Cyan4973) bug: Fix leaking thread handles on Windows (#3147, @animalize) bug: Fix timing issues with cmake/meson builds (#3166, #3167, #3170, @Cyan4973) build: Allow user to select legacy level for cmake (#3050, @shadchin) build: Enable legacy support by default in cmake (#3079, @niamster) build: Meson build script improvements (#3039, #3120, #3122, #3327, #3357, @eli-schwartz and #3276, @neheb) build: Add aarch64 to supported architectures for zstd_trace (#3054, @ooosssososos) build: support AIX architecture (#3219, @qiongsiwu) build: Fix `ZSTD_LIB_MINIFY` build macro, which now reduces static library size by half (#3366, @terrelln) build: Fix Windows issues with Multithreading translation layer (#3364, #3380, @yoniko) and ARM64 target (#3320, @cwoffenden) build: Fix `cmake` script (#3382, #3392, @terrelln and #3252 @Tachi107 and #3167 @Cyan4973) doc: Updated man page, providing more details for `--train` mode (#3112, @Cyan4973) doc: Add decompressor errata document (#3092, @terrelln) misc: Enable Intel CET (#2992, #2994, @hjl-tools) misc: Fix `contrib/` seekable format (#3058, @yhoogstrate and #3346, @daniellerozenblit) misc: Improve speed of the one-file library generator (#3241, @wahern and #3005, @cwoffenden) v1.5.3 (dev version, unpublished) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
56db79acab |
texinfo: Update to version 7.0.2
- Update from version 6.8 to 7.0.2
- Update of rootfile
- Removal of patch which was needed due to inability to build texinfo-6.8 with glibc-2.34
Problem was fixed for building with glibc-2.34 and onwards with texinfo-7.0
- Changelog
7.0.2 (22 January 2023)
This is a bug-fix release with minimal changes.
* texi2any
. do not distribute architecture-dependent files
. build fixed on OpenIndiana 11
* info
. further fix of recoding of UTF-8 files to ASCII
. fix check for presence of man pages on Solaris
* install-info
. fix build by avoiding function name clash on some platforms
. compiler warning re strncat silenced
7.0.1 (30 November 2022)
This is a bug-fix release with minimal changes.
* texi2any
. avoid crashes on empty @image argument and other potential crashes
(with "Can't use an undefined value as an ARRAY reference" message)
. avoid hang on @ref command inside section command
* info
. fix recoding of UTF-8 files to ASCII when run in C locale
* js
. index search fixed for new HTML output
. some obsolete files removed from distribution
7.0 (7 November 2022)
* texi2any
. LaTeX added as an output format, selected with --latex
. EPUB 3 added as an output format, selected with --epub3
. reform throughout the code in general
. thorough review of character encoding issues
. new customization variables involved with character encoding:
INPUT_FILE_NAME_ENCODING, OUTPUT_FILE_NAME_ENCODING,
DOC_ENCODING_FOR_INPUT_FILE_NAME, DOC_ENCODING_FOR_OUTPUT_FILE_NAME,
MESSAGE_ENCODING and COMMAND_LINE_ENCODING
. warn if full-text commands (@ref, @footnote, @anchor) appear in @w
. new variable NO_TOP_NODE_OUTPUT
. IGNORE_BEFORE_SETFILENAME variable removed. former effect
is now always on.
. HTML output:
. use manual_name_html as output directory for split HTML instead of
manual_name or manual_name.html
. default DOCTYPE declaration changed to plain HTML5 style rather than
HTML4 DTD reference
. output only the CSS rules that are needed in an output file
. remove CSS_LINES variable and add SHOW_BUILTIN_CSS_RULES
(custom CSS can still be output using EXTRA_HEAD)
. use <code> tag for the output of @t and @verb instead of <tt>
. use <abbr> for @acronym instead of <acronym>
. link to table of contents from short table of contents only if a
table of contents is actually output
. prefix classes from @example arguments with `user-'
. percent encode URL in @url/@uref, @email, @image and external
manual file
. new USE_XML_SYNTAX, HTML_ROOT_ELEMENT_ATTRIBUTES and
NO_CUSTOM_HTML_ATTRIBUTE variables can be used to output
valid XHTML
. systematic addition of classes attribute in HTML elements based on the
Texinfo @-command names. renaming of class attributes to avoid
confusion with @-commands formatting and describe the role in the
document rather than the formatting style.
. COPIABLE_ANCHORS renamed to COPIABLE_LINKS
. do not add a title by default; SHOW_TITLE or NO_TOP_NODE_OUTPUT has
to be set
. USE_TITLEPAGE_FOR_TITLE is now true by default
. L2H variable removed, replaced by HTML_MATH set to `l2h'
. rename OVERVIEW_LINK_TO_TOC to SHORT_TOC_LINK_TO_TOC
. rename BEFORE_OVERVIEW to BEFORE_SHORT_TOC_LINE
. rename AFTER_OVERVIEW to AFTER_SHORT_TOC_LINES
. remove PRE_ABOUT, AFTER_ABOUT, and add PROGRAM_NAME_IN_ABOUT
. remove KEEP_TOP_EXTERNAL_REF
. new variables IGNORE_REF_TO_TOP_NODE_UP, CONVERT_TO_LATEX_IN_MATH,
HTMLXREF_MODE and HTMLXREF_FILE
. DocBook output:
. do not output Top node or text before the first @node or sectioning
@-command. NO_TOP_NODE_OUTPUT can be set to false to output Top node
for now.
. replace @definfocenlose defined @-commands by the argument as-is
to be more consistent with printed output
. HTML/DocBook output:
. USE_NUMERIC_ENTITY changed to mean to use numeric entities instead
of named entities. former effect is now always on.
. ENABLE_ENCODING_USE_ENTITY variable removed. former effect is now
always off.
. Info output
. quote problematic node names (with :, comma...) by default
. new customization variable ASCII_PUNCTUATION to use plain ASCII
characters for quotation marks and a few other symbols
* texinfo.tex
. `@microtype on' uses microtypography in formatting for pdfTeX and LuaTeX
. do not ignore @part page immediately following Top node
. do `@set txicodevaristt' to get slanted typewriter for @var in code,
`@clear txicodevaristt' to use slanted, variable-width roman font for
@var everywhere. flag is @set by default, but we may turn this off
in the future.
. new file doc/texinfo-zh.tex for Texinfo documents in Chinese.
new support file doc/txi-zh.tex for Chinese. doc/short-sample-zh.texi is
a sample document.
* info
. better support for index entries containing parentheses
. better support for getting bold text etc. when displaying manpages
. bug fixed where the first index entry in a file could be ignored
. M-C-f closes as well as opens footnotes window
. do not crash if run in Brazilian Portuguese locale
* Language
. @deftype* commands use typewriter font in argument list
. new commands @latex, @iflatex, @ifnotlatex for new LaTeX output format
. do `@set txidefnamenospace' to omit space after a definition name
* Other
. build fixed for glibc 2.34
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
88b06e23f1 |
sudo: Update to version 1.9.13p2
- Update from version 1.9.12p2 to 1.9.13p2 - Update of rootfile - Changelog What's new in Sudo 1.9.13p2 * Fixed the --enable-static-sudoers option, broken in sudo 1.9.13. GitHub issue #245. * Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). This bug was introduced in sudo 1.9.8. What's new in Sudo 1.9.13p1 * Fixed a typo in the configure script that resulted in a line like "]: command not found" in the output. GitHub issue #238. * Corrected the order of the C23 [[noreturn]] attribute in function prototypes. This fixes a build error with GCC 13. GitHub issue #239. * The "check" make target misbehaved when there was more than one version of the UTF-8 C locale in the output of "locale -a". GitHub issue #241. * Removed a dependency on the AC_SYS_YEAR2038 macro in configure.ac. This was added in autoconf 2.72 but sudo's configure.ac only required autoconf 2.70. * Relaxed the autoconf version requirement to version 2.69. What's new in Sudo 1.9.13 * Fixed a bug running relative commands via sudo when "log_subcmds" is enabled. GitHub issue #194. * Fixed a signal handling bug when running sudo commands in a shell script. Signals were not being forwarded to the command when the sudo process was not run in its own process group. * Fixed a bug in cvtsudoers' LDIF parsing when the file ends without a newline and a backslash is the last character of the file. * Fixed a potential use-after-free bug with cvtsudoers filtering. GitHub issue #198. * Added a reminder to the default lecture that the password will not echo. This line is only displayed when the pwfeedback option is disabled. GitHub issue #195. * Fixed potential memory leaks in error paths. GitHub issues #199, #202. * Fixed potential NULL dereferences on memory allocation failure. GitHub issues #204, #211. * Sudo now uses C23-style attributes in function prototypes instead of gcc-style attributes if supported. * Added a new "list" pseudo-command in sudoers to allow a user to list another user's privileges. Previously, only root or a user with the ability to run any command as either root or the target user on the current host could use the -U option. This also includes a fix to the log entry when a user lacks permission to run "sudo -U otheruser -l command". Previously, the logs would indicate that the user tried to run the actual command, now the log entry includes the list operation. * JSON logging now escapes control characters if they happen to appear in the command or environment. * New Albanian translation from translationproject.org. * Regular expressions in sudoers or logsrvd.conf may no longer contain consecutive repetition operators. This is implementation- specific behavior according to POSIX, but some implementations will allocate excessive amounts of memory. This mainly affects the fuzzers. * Sudo now builds AIX-style shared libraries and dynamic shared objects by default instead of svr4-style. This means that the default sudo plugins are now .a (archive) files that contain a .so shared object file instead of bare .so files. This was done to improve compatibility with the AIX Freeware ecosystem, specifically, the AIX Freeware build of OpenSSL. Sudo will still load svr4-style .so plugins and if a .so file is requested, either via sudo.conf or the sudoers file, and only the .a file is present, sudo will convert the path from plugin.so to plugin.a(plugin.so) when loading it. This ensures compatibility with existing configurations. To restore the old, pre-1.9.13 behavior, run configure using the --with-aix-soname=svr4 option. * Sudo no longer checks the ownership and mode of the plugins that it loads. Plugins are configured via either the sudo.conf or sudoers file which are trusted configuration files. These checks suffered from time-of-check vs. time-of-use race conditions and complicate loading plugins that are not simple paths. Ownership and mode checks are still performed when loading the sudo.conf and sudoers files, which do not suffer from race conditions. The sudo.conf "developer_mode" setting is no longer used. * Control characters in sudo log messages and "sudoreplay -l" output are now escaped in octal format. Space characters in the command path are also escaped. Command line arguments that contain spaces are surrounded by single quotes and any literal single quote or backslash characters are escaped with a backslash. This makes it possible to distinguish multiple command line arguments from a single argument that contains spaces. * Improved support for DragonFly BSD which uses a different struct procinfo than either FreeBSD or 4.4BSD. * Fixed a compilation error on Linux arm systems running older kernels that may not define EM_ARM in linux/elf-em.h. GitHub issue #232. * Fixed a compilation error when LDFLAGS contains -Wl,--no-undefined. Sudo will now link using -Wl,--no-undefined by default if possible. GitHub issue #234. * Fixed a bug executing a command with a very long argument vector when "log_subcmds" or "intercept" is enabled on a system where "intercept_type" is set to "trace". GitHub issue #194. * When sudo is configured to run a command in a pseudo-terminal but the standard input is not connected to a terminal, the command will now be run as a background process. This works around a problem running sudo commands in the background from a shell script where changing the terminal to raw mode could interfere with the interactive shell that ran the script. GitHub issue #237. * A missing include file in sudoers is no longer a fatal error unless the error_recovery plugin argument has been set to false. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
9e5de6c132 |
pango: Update to version 1.50.13
- Update from version 1.50.6 to 1.50.13 - Update of rootfile - Changelog Overview of changes in 1.50.13, 20-02-2023 - win32: Add back fallback for empty fontsets - win32: Improve DirectWrite support - Fix word segmentation for Japanese - Don't set backspace-deletes-char for math symbols - coretext: Fix a crash - cairo: Apply metrics hinting to underlines too - Treat COLRv1 fonts as color fonts Overview of changes in 1.50.12, 18-11-2022 - Fix weight conversion on MacOS - Update to Unicode 15 - Some introspection annotation fixes - Improve PangoAttrList serialization - Fix char offset calculatiosn in multi-paragraph layouts Overview of changes in 1.50.11, 03-10-2022 - Don't crash for lack of fonts - Avoid a crash in shaping Overview of changes in 1.50.10, 16-09-2022 - Avoid some unnecessary strdups - Fix line height computations with a non-trivial CTM Overview of changes in 1.50.9, 09-08-2022 - Apply show flags to line separators - Fix a thread-safety problem Overview of changes in 1.50.8, 02-07-2022 - Add some properties to fontmap and family - Fix handling of ligature carets in mixed directions Overview of changes in 1.50.7, 14-04-2022 - coretext: Fix the build - editing: Fix moving across paragraph boundaries in rtl - layout: Try harder to survive without fonts - Windows: Register a sans-serif font - Windows: Try harder to load a font Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
fe9264e588 |
liburcu: Update to version 0.14.0
- Update from version 0.13.2 to 0.14.0 - Update of rootfile - Changelog 2023-02-14 Userspace RCU 0.14.0 * Fix: urcu-bp: only teardown call-rcu worker in destructor * Fix: rculfhash: urcu_die() takes positive error value * Fix: call_rcu: teardown default call_rcu worker on application exit * Fix: join worker thread in call_rcu_data_free * Docs: clarify grace period polling API * Document grace period polling in rcu-api.md * Implement poll rcu stress test in rcutorture * urcu-memb,mb,signal: Implement grace period polling * Fix: auto-resize hash table destroy deadlock * Fix building on MSYS2 * rculfhash: Include rculfhash-internal.h from local directory * Remove "Darwin" from "should also work on list" * Merge branch 'adah1972-improve-md' * Add semicolons at the end of function prototypes * Wrap a file name in backticks * Wrap command-line options in backticks * Fix a wrong format * Wrap URLs in angle brackets * Fix Markdown issues * Fix: Always check pthread_create for failures * Disable signals in URCU background threads * Fix: futex.h: include headers outside extern C * Fix: add missing unused attribute to _rcu_dereference * Fix: change method used by _rcu_dereference to strip type constness * Fix: remove type constness in URCU_FORCE_CAST's C++ version * Move extern "C" down in include/urcu/urcu-bp.h * fix: ifdef linux specific cpu count compat * Add unit tests for possible_cpus_array_len * fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id * Fix: revise obsolete command in README.md * Fix: workqueue: remove unused variable "ret" * Fix: urcu-qsbr: futex wait: handle spurious futex wakeups * Fix: urcu: futex wait: handle spurious futex wakeups * Fix: urcu-wait: futex wait: handle spurious futex wakeups * Fix: defer_rcu: futex wait: handle spurious futex wakeups * Fix: call_rcu: futex wait: handle spurious futex wakeups * Fix: workqueue: futex wait: handle spurious futex wakeups * Fix: Use %lu rather than %ld to print count * Update ABI definition files * Bump version current and age * alpha: allocate membarrier system call number * Bump version to 0.14.0-pre * Improved test framework * rculfhash: introduce cds_lfht_node_init_deleted * Fix: changelog: v0.13.0 was released in 2021 * cleanup: i386 arch detection * fix: properly detect 'cmpxchg' on x86-32 * fix: use urcu-tls compat with c++ compiler * Fix typo * fix: remove autoconf features default value in help message * fix: add missing pkgconfig file for memb flavour lib * Cleanup: Tests: Remove useless pre-C99 compatibility code from tap.h * Document C99 and C++11 requirement in README.md * Always use '__thread' for Thread local storage except on MSVC * Fix: powerpc32: transparent unions alter calling convention * fix: don't use C++ thread_local on MacOs * wfcqueue API: implement overloaded wrappers with templates * wfcqueue: combine C++ API cds_wfcq_head_cast with overloading * wfstack C++ API: implement overloaded wrappers with templates * lfstack C++ API: implement overloaded wrappers with templates * wfstack: combine C++ API cds_wfs_stack_cast with overloading * lfstack: combine C++ API cds_lfs_stack_cast with overloading * fix: test_build tap plan * Test C++ build of list head init * Fix order of initializers in CDS_LIST_HEAD_INIT * unit tests: test wfcqueue, wfstack, lfstack empty check functions in C++ * wfcqueue: implement C++ API based on function overloading * wfstack: implement C++ API based on function overloading * lfstack: implement C++ API based on function overloading * Fix tap.h: remove extra semicolon in pass/fail macros * Add C++ build tests * Build and run regression and unit tests as C++ programs * Add --enable-Werror configure switch * Add `urcu_posix_assert()` as `assert()` replacement * Rename `urcu_assert()` to `urcu_assert_debug()` * cleanup: spelling fixes in comments * Make temporary variable in _rcu_dereference non-const * (tls-ie2) Fix: x86 and s390: uatomic __hp() macro C++ support * Fix: x86 and s390: uatomic __hp() macro clang support * Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
aefb33df1b |
iproute2: Update to version 6.2.0
- Update from version 6.1.0 to 6.2.0 - Update of rootfile - Changelog No Changelog in website or in source tarball. Only source of changes is the git commits https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
