- Update from 3.5.2 to 3.6.0
- Update of rootfile
- Changelog
Libarchive 3.6.0 is a feature and bugfix release.
New features:
tar: new option "--no-read-sparse" (#1614)
tar: threads support for zstd (#1567)
RAR reader: filter support (#1503)
RAR5 reader: self-extracting archive support (#1585)
ZIP reader: zstd decompression support (#1518)
Other notable bugfixes and improvements:
tar: respect "--ignore-zeros" in c, r and u modes (#1620)
reduced size of application binaries (#1625)
internal code optimizations
Libarchive 3.5.3 is a security release
Security Fixes:
extended fix for following symlinks when processing the fixup list
(#1566, #1617, CVE-2021-31566)
fix invalid memory access and out of bounds read in RAR5 reader
(#1491, #1492, #1493, CVE-2021-36976)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.12 to 2.13.1
- Update of rootfile
- Changelog
2.13.1 Hot fix
Fix for pure white going gray in grayscale transforms.
2.13 Featured release
Added support for premultiplied alpha
tifficc can now handle alpha channels, both unassociated and premultiplied
Better documentation
CGATS parser can now deal with very long strings
Added Projects for Visual Studio 2020
Travis CI discontinued, GitHub actions used instead
Added a very preliminar meson build script (thanks to xclaesse)
Added ARM64 target to visual studio 2019 (thanks to gaborkertesz-linaro)
Added thread safe code to get time
Added automatic linear space detection
Added cmsGetStageContextID function
Added cmsDetectRGBProfileGamma function
configure now accepts --without-fastfloat to turn plugin off
autogen.sh has now a --distclean toggle to get rid of all autotools generated files
Checked to work on STM32 Cortex-A, Cortex-M families
Bug & typos fixing (thanks to many reporters and contributors)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.50.0 to 1.50.3
- Update of rootfile
- Changelog
Overview of changes in 1.50.3, 21-12-2021
* pango-view: Add --serialize-to option for easy bug reporting
* Revert a transformation change that broke metrics for vertical text
* Handle fonts without space glyph (such as icon fonts) better
* Fix some corner cases of line width accounting
* Fix line height with emulated Small Caps
Overview of changes in 1.50.2, 16-12-2021
* Fix a problem with font fallback for Arabic
* Fix handling of fonts without a space glyph
* Various documentation improvements
* Fix build issues
Overview of changes in 1.50.1, 10-12-2021
* Fix a crash in tab handling
* Fix tab positioning without line wrapping
* Fix an assertion failure found by fuzzing
* Make underlines work again for broken fonts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 3.1.2 to 3.3.2
- Update of rootfile
- Changelog
Overview of changes leading to 3.3.2
- Revert splitting of pair positioning values introduced in 3.3.0 as it proved
problematic. (Behdad Esfahbod)
Overview of changes leading to 3.3.1
- Fix heap-use-after-free in harfbuzz-subset introduced in previous release.
(Garret Rieger)
Overview of changes leading to 3.3.0
- Improved documentation. (Matthias Clasen)
- Internal code cleanup, using C++ standard library more. (Behdad Esfahbod)
- The low 16-bits of face index will be used by hb_face_create() to select a
face inside a font collection file format, while the high 16-bits will be
used by hb_font_create() to load the named instance. (Behdad Esfahbod)
- Glyph positions and other font metrics now apply synthetic slant set by
hb_font_set_synthetic_slant(), for improved positioning for synthetically
slanted fonts. (Behdad Esfahbod)
- Fixed unintentional locale dependency in hb_variation_to_string() for decimal
point representation. (Matthias Clasen)
- When applying pair positioning (kerning) the positioning value is split
between the two sides of the pair for improved cursor positioning between
such pairs. (Behdad Esfahbod)
- Introduced new HB_GLYPH_FLAG_UNSAFE_TO_CONCAT, to be used in conjunction
with HB_GLYPH_FLAG_UNSAFE_TO_BREAK for optimizing re-shaping during line
breaking. Check the documentation for further details. (Behdad Esfahbod)
- Improved handling of macrolanguages when mapping BCP 47 codes to OpenType
tags. (David Corbett)
- New API:
+HB_GLYPH_FLAG_UNSAFE_TO_CONCAT
+hb_segment_properties_overlay()
+hb_buffer_create_similar()
+hb_font_set_synthetic_slant()
+hb_font_get_synthetic_slant()
+hb_font_get_var_coords_design()
Overview of changes leading to 3.2.0
“harfbuzz” library improvements:
- Fixed shaping of Apple Color Emoji flags in right-to-left context. (Behdad Esfahbod)
- Fixed positioning of CFF fonts in HB_TINY profile. (Behdad Esfahbod)
- OpenType 1.9 language tags update. (David Corbett)
- Add HB_NO_VERTICAL config option.
- Add HB_CONFIG_OVERRIDE_H for easier configuration. (Behdad Esfahbod)
“harfbuzz-subset” library improvements:
- Improved packing of cmap, loca, and Ligature tables. (Garret Rieger)
- Significantly improved overflow-resolution strategy in the repacker. (Garret Rieger)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.1.1 (2016) to 2.3.0 (2021)
- Update of rootfile
- A build dependency has been added for twine. As this is to support the upload of
packages to PyPI it will not be used for IPFire. The changelog just notes the addition
of twine as a build dependency without any explanation. See entry in version 2.2.4
No other change was made when this dependency was added to setup.py
Adding twine added 9 further dependencies some of which caused further dependencies and
so on. 19 additional new packages were reached and the system was still coming up with
more.
Created a patch to remove the twine build dependency from setup.py
Subsequently found other people had done the same thing as there was no response to
requests from other people to not have it as a build dependency for situations where
packages were not going to be uploaded to PyPI.
- Changelog
Version 2.3.0
:Released: 2021-02-21
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Removed:
* Remove support for Python versions older than Python 3.
Python 2 has been unsupported by the Python project since 2020.
* Remove dependency on back-ported `unittest2` and `mock`.
Depend instead on standard library `unittest` and `unittest.mock`.
Thanks to Michał Górny for the merge requests.
Version 2.2.4
:Released: 2019-10-27
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Run the Setuptools `egg-info` command as part of the `build`
command.
Closes: Pagure #31. Thanks to Stanislav Levin for the bug report and
diagnosis.
* Create the socket and catch “non-socket” errors.
Closes: Pagure #34. Thanks to Miro Hrončok for the bug report and
patch.
* Only deal with a range of file descriptors if the range is not empty.
Closes: Pagure #39. Thanks to Alex Pyrgiotis for the test scenario.
* Declare Twine as a build dependency.
* Reformat the change log entries with keepachangelog.com sub-sections.
Changed:
* Upgrade Tox dependency to version “3.7.0”.
Thanks to Miro Hrončok for the contribution.
* Significant speed-up to discovery of file descriptors to close.
By using a native `tuple` for the heavily-used file descriptor range
representation, this gives approximately 5× faster calls to
`close_all_open_files` in the typical case. This partially addresses
Pagure #40.
Thanks to Alex Pyrgiotis for testing various alternative proposals.
* Refactor the build system to use Makefile modules for each topic.
Version 2.2.3
:Released: 2019-01-21
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Use custom fake file type for testing `fileno` behaviour.
This works around an incompatibility in Python 2.7 `file` type that
caused test cases to fail.
Deprecated:
* Promote the warning for `runner` module to a `DeprecationWarning`.
This has been an unofficial example module from the beginning, and
it will be removed in a future version.
Version 2.2.2
:Released: 2019-01-19
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Remove from the build system specification a white space character
not permitted in TOML format.
Added:
* Implement test suite automation in virtualenvs, using Tox.
Version 2.2.1
:Released: 2019-01-18
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Added:
* Add a :PEP:`518` conformant build system specification (the
``pyproject.toml`` file).
Version 2.2.0
:Released: 2018-08-15
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Bugs Fixed:
* Correct the description of the return value for
`daemon.is_detach_process_context_required`.
Closes: Pagure #6.
* Set a sensible default for `Distribution.script_name`.
This works around a bug in Setuptools which calls commands before
the `Distribution` is initialised.
Closes: Pagure #2.
Changed:
* The test suite now relies on the test discovery feature in
‘unittest’. This feature is in Python version 2.7 and later.
* Improve performance of `daemon.close_all_open_files`.
Thanks to Darek Działak for the implementation.
Closes: Pagure #10.
Version 2.1.2
:Released: 2016-10-26
:Maintainer: Ben Finney <ben+python@benfinney.id.au>
Added:
* Add a README document for the code base.
Changed:
* Migrate code project hosting to Pagure.
Record the change of homepage URL in PyPI metadata.
Deprecated:
* Raise a warning that the ‘runner’ module is pending deprecation.
This has been an unofficial example module from the beginning, and
it will be removed in a future version.
Bugs Fixed:
* Ensure custom types are part of the Python type hierarchy.
* Avoid a circular dependency for the version string at install time.
Thanks to Maarten van Gompel for the reproducible test case.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- python3-packaging only required for build of python3-six so rootfile has all entries
commented out.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- python3-toml only required for build of python3-pyproject2setuppy so rootfile has all
entries commented out.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- pyproject2setuppy only required for build of python3-tomli so rootfile has all entries
commented out.
- python3-tomli has no setup.py file so pyproject2setuppy used to convert pyproject.toml
file into a setup.py file
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- tomli only required for build of python3-setuptools-scm so rootfile has all entries
commented out.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.2.0 (Jan 2019) to 6.3.2 (Sep 2021)
- Update of rootfile
- Changelog
6.3.2
* fix#629: correctly convert Version data in tags_to_version parser to avoid errors
6.3.1
* fix#625: restore tomli in install_requires after the regression changes in took it out
and some users never added it even tho they have pyproject.toml files
6.3.0
.. warning::
This release explicitly warns on unsupported setuptools.
This unfortunately has to happen as the legacy ``setup_requires`` mechanism
incorrectly configures the setuptools working-set when a more recent setuptools
version than available is required.
As all releases of setuptools are affected as the historic mechanism
for ensuring a working setuptools setup was shipping a ``ez_setup`` file
next to ``setup.py``, which would install the required version of setuptools.
This mechanism has long since been deprecated and removed
as most people haven't been using it
* fix#612: depend on packaging to ensure version parsing parts
* fix#611: correct the typo that hid away the toml extra and add it in ``setup.py`` as well
* fix#615: restore support for the git_archive plugin which doesn't pass over the config
* restore the ability to run on old setuptools while to avoid breaking pipelines
v6.2.0
* fix#608: resolve tomli dependency issue by making it a hard dependency
as all intended/supported install options use pip/wheel this is only a feature release
* ensure python 3.10 works
v6.1.1
* fix#605: completely disallow bdist_egg - modern enough setuptools>=45 uses pip
* fix#606: re-integrate and harden toml parsing
* fix#597: harden and expand support for figuring the current distribution name from
`pyproject.toml` (`project.name` or `tool.setuptools_scm.dist_name`) section or `setup.cfg` (`metadata.name`)
v6.1.0
* fix#587: don't fail file finders when distribution is not given
* fix#524: new parameters ``normalize`` and ``version_cls`` to customize the version normalization class.
* fix#585: switch from toml to tomli for toml 1.0 support
* fix#591: allow to opt in for searching parent directories in the api
* fix#589: handle yaml encoding using the expected defaults
* fix#575: recommend storing the version_module inside of ``mypkg/_version.py``
* fix#571: accept branches starting with ``v`` as release branches
* fix#557: Use ``packaging.version`` for ``version_tuple``
* fix#544: enhance errors on unsupported python/setuptools versions
v6.0.1
* fix#537: drop node_date on old git to avoid errors on missing %cI
v6.0.0
* fix#517: drop dead python support >3.6 required
* drop dead setuptools support > 45 required (can install wheels)
* drop egg building (use wheels)
* add git node_date metadata to get the commit time-stamp of HEAD
* allow version schemes to be priority ordered lists of version schemes
* support for calendar versioning (calver) by date
v5.0.2
* fix#415: use git for matching prefixes to support the windows situation
v5.0.1
* fix#509: support ``SETUPTOOLS_SCM_PRETEND_VERSION_FOR_${DISTRIBUTION_NAME}`` for ``pyproject.toml``
v5.0.0
Breaking changes:
* fix#339: strict errors on missing scms when parsing a scm dir to avoid false version lookups
v5.0.2
* fix#415: use git for matching prefixes to support the windows situation
v5.0.1
* fix#509: support ``SETUPTOOLS_SCM_PRETEND_VERSION_FOR_${DISTRIBUTION_NAME}`` for ``pyproject.toml``
v5.0.0
Breaking changes:
* fix#339: strict errors on missing scms when parsing a scm dir to avoid false version lookups
* fix#337: if relative_to is a directory instead of a file,
consider it as direct target instead of the containing folder and print a warning
Bugfixes:
* fix#352: add support for generally ignoring specific vcs roots
* fix#471: better error for version bump failing on complex but accepted tag
* fix#479: raise indicative error when tags carry non-parsable information
* Add `no-guess-dev` which does no next version guessing, just adds `.post1.devN` in
case there are new commits after the tag
* add python3.9
* enhance documentation
* consider SOURCE_DATE_EPOCH for versioning
* add a version_tuple to write_to templates
* fix#321: add support for the ``SETUPTOOLS_SCM_PRETEND_VERSION_FOR_${DISTRIBUTION_NAME}`` env var to target the pretend key
* fix#142: clearly list supported scm
* fix#213: better error message for non-zero dev numbers in tags
* fix#356: add git branch to version on describe failure
v4.1.2
* disallow git tags without dots by default again - #449
v4.1.1
* drop jaraco.windows from pyproject.toml, allows for wheel builds on python2
v4.1.0
* include python 3.9 via the deadsnakes action
* return release_branch_semver scheme (it got dropped in a bad rebase)
* undo the devendoring of the samefile backport for python2.7 on windows
* re-enable the building of universal wheels
* fix handling of missing git/hg on python2.7 (python 3 exceptions where used)
* correct the tox flake8 invocation
* trigger builds on tags again
v4.0.0
* Add ``parentdir_prefix_version`` to support installs from GitHub release
tarballs.
* use Coordinated Universal Time (UTC)
* switch to github actions for ci
* fix documentation for ``tag_regex`` and add support for single digit versions
* document handling of enterprise distros with unsupported setuptools versions #312
* switch to declarative metadata
* drop the internal copy of samefile and use a dependency on jaraco.windows on legacy systems
* select git tags based on the presence of numbers instead of dots
* enable getting a version form a parent folder prefix
* add release-branch-semver version scheme
* make global configuration available to version metadata
* drop official support for python 3.4
v3.5.0
* add ``no-local-version`` local scheme and improve documentation for schemes
v3.4.4
* fix#403: also sort out resource warnings when dealing with git file finding
v3.4.3
* fix#399: ensure the git file finder terminates subprocess after reading archive
v3.4.2
* fix#395: correctly transfer tag regex in the Configuration constructor
* rollback --first-parent for git describe as it turns out to be a regression for some users
v3.4.1
* pull in #377 to fix#374: correctly set up the default version scheme for pyproject usage.
this bugfix got missed when ruushing the release.
v3.4.0
* fix#181 - add support for projects built under setuptools declarative config
by way of the setuptools.finalize_distribution_options hook in Setuptools 42.
* fix#305 - ensure the git file finder closes filedescriptors even when errors happen
* fix#381 - clean out env vars from the git hook system to ensure correct function from within
* modernize docs wrt importlib.metadata
*edited*
* use --first-parent for git describe
v3.3.3
* add eggs for python3.7 and 3.8 to the deploy
v3.3.2
* fix#335 - fix python3.8 support and add builds for up to python3.8
v3.3.1
* fix#333 (regression from #198) - use a specific fallback root when calling fallbacks. Remove old
hack that resets the root when fallback entrypoints are present.
v3.3.0
this bugfix got missed when ruushing the release.
v3.4.0
* fix#181 - add support for projects built under setuptools declarative config
by way of the setuptools.finalize_distribution_options hook in Setuptools 42.
* fix#305 - ensure the git file finder closes filedescriptors even when errors happen
* fix#381 - clean out env vars from the git hook system to ensure correct function from within
* modernize docs wrt importlib.metadata
*edited*
* use --first-parent for git describe
v3.3.3
* add eggs for python3.7 and 3.8 to the deploy
v3.3.2
* fix#335 - fix python3.8 support and add builds for up to python3.8
v3.3.1
* fix#333 (regression from #198) - use a specific fallback root when calling fallbacks. Remove old
hack that resets the root when fallback entrypoints are present.
v3.3.0
* fix#198 by adding the ``fallback_version`` option, which sets the version to be used when everything else fails.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.8.7 to 3.10.1
- Update of rootfile
- libvirt needs to be updated to 7.10.0 before this patch series is implemented
otherwise the old libvirt (6.5.0) will fail to build with the new python3.
- Changelog is w2ay to big to show here. Details can be found by viewing 3.9.rst and
3.10.rst in the Doc/whatsnew/ folder in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.4.2 to 2.4.4
- Update of rootfile
- Changelog
Release 2.4.4 Sun January 30 2022
Security fixes:
#550 CVE-2022-23852 -- Fix signed integer overflow
(undefined behavior) in function XML_GetBuffer
(that is also called by function XML_Parse internally)
for when XML_CONTEXT_BYTES is defined to >0 (which is both
common and default).
Impact is denial of service or more.
#551 CVE-2022-23990 -- Fix unsigned integer overflow in function
doProlog triggered by large content in element type
declarations when there is an element declaration handler
present (from a prior call to XML_SetElementDeclHandler).
Impact is denial of service or more.
Bug fixes:
#544#545 xmlwf: Fix a memory leak on output file opening error
Other changes:
#546 Autotools: Fix broken CMake support under Cygwin
#554 Windows: Add missing files to the installer to fix
compilation with CMake from installed sources
#552#554 Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
Release 2.4.3 Sun January 16 2022
Security fixes:
#531#534 CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
"<r xmlns:a='[..]' a:a123='[..]' [..] />"
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
#532#538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
#539 CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.
Other changes:
#535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19
#541 Autotools|CMake: MinGW: Make run.sh(.in) work for Cygwin
and MSYS2 by not going through Wine on these platforms
#527#528 Address compiler warnings
#533#543 Version info bumped from 9:2:8 to 9:3:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#536 CI: Check for realistic minimum CMake version
#529#539 CI: Cover compilation with -m32
#529 CI: Store coverage reports as artifacts for download
#528 CI: Upgrade Clang from 11 to 13
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 7.80.0 to 7.81.0
- Update of rootfile
- Changelog
7.81.0
This release includes the following changes:
o mime: use percent-escaping for multipart form field and file names [1]
This release includes the following bugfixes:
o asyn-ares: ares_getaddrinfo needs no happy eyeballs timer [73]
o azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper [12]
o BINDINGS: add cURL client for PostgreSQL [68]
o BINDINGS: add one from Everything curl and update a link
o checksrc: detect more kinds of NULL comparisons we avoid [105]
o CI: build examples for additional code verification [75]
o CI: bump job to use mbedtls 3.1.0 [90]
o cmake: don't set _USRDLL on a static Windows build [22]
o cmake: prevent dev warning due to mismatched arg [94]
o cmake: private identifiers use CURL_ instead of CMAKE_ prefix [40]
o config.d: update documentation to match the path search
o configure: add -lm to configure for rustls build. [13]
o configure: better diagnostics if hyper is built wrong [6]
o configure: don't enable TLS when --without-* flags are used [17]
o configure: fix runtime-lib detection on macOS [21]
o curl.1: require "see also" for every documented option [27]
o curl: improve error message for --head with -J [42]
o curl_easy_cleanup.3: remove from multi handle first [3]
o curl_easy_escape.3: call curl_easy_cleanup in example [58]
o curl_easy_unescape.3: call curl_easy_cleanup in example [57]
o curl_multi_init.3: fix EXAMPLE formatting
o curl_multi_perform/socket_action.3: clarify what errors mean [70]
o curl_share_setopt.3: split out options into their own manpages [14]
o CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL [51]
o digest: compute user:realm:pass digest w/o userhash [45]
o docs/checksrc: Add documentation for STRERROR [18]
o docs/cmdline-opts: do not say "protocols: all" [26]
o docs/examples: workaround broken -Wno-pedantic-ms-format
o docs/HTTP3: describe how to setup a h3 reverse-proxy for testing [88]
o docs/INSTALL.md: typo fix : added missing "get" verb [31]
o docs/URL-SYNTAX.md: space is not fine in a given URL
o docs: add known bugs list to HTTP3.md [83]
o docs: address proselint nits [16]
o docs: consistent manpage SYNOPSIS [47]
o docs: fix dead links, remove ECH.md
o docs: fix typo in OpenSSL 3 build instructions [80]
o docs: Update the Reducing Size section
o example/progressfunc: remove code for old libcurls [78]
o examples/multi-single.c: remove WAITMS() [98]
o FAQ: typo fix : "yout" ➤ "your" [30]
o ftp: disable warning 4706 in MSVC [85]
o gen.pl: improve example output format [29]
o github workflow: add wolfssl (removed from zuul) [103]
o github/workflows: add mbedtls and mbedtls-clang (removed from zuul) [92]
o gtls: check return code for gnutls_alpn_set_protocols [86]
o hash: lazy-alloc the table in Curl_hash_add() [54]
o http2:set_transfer_url() return early on OOM [53]
o HTTP3: update quiche build instructions [37]
o http: enable haproxy support for hyper backend [20]
o http: Fix CURLOPT_HTTP200ALIASES [89]
o http_proxy: don't close the socket (too early) [100]
o insecure.d: detail its use for SFTP and SCP as well [32]
o insecure.d: expand and clarify [28]
o libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
o libcurl-security.3: mention address and URL mitigations
o libssh2: fix error message for sha256 mismatch
o libtest: avoid "assignment within conditional expression" [84]
o lift: ignore is a deprecated config option, use ignoreRules [35]
o linkcheck.yml: add CI job that checks markdown links [82]
o m4/curl-compilers: tell clang -Wno-pointer-bool-conversion [99]
o Makefile.m32: rename -winssl option to -schannel and tidy up [33]
o mbedTLS: add support for CURLOPT_CAINFO_BLOB [44]
o mbedtls: fix CURLOPT_SSLCERT_BLOB [72]
o mbedtls: fix private member designations for v3.1.0 [93]
o misc: remove unused doh flags when CURL_DISABLE_DOH is defined [71]
o misc: s/e-mail/email [74]
o multi: cleanup the socket hash when destroying it [55]
o multi: handle errors returned from socket/timer callbacks [52]
o multi: shut down CONNECT in Curl_detach_connnection [2]
o netrc.d: edit the .netrc example to look nicer [24]
o ngtcp2: verify the server cert on connect (quictls) [102]
o ngtcp2: verify the server certificate for the gnutls case [101]
o nss:set_cipher don't clobber the cipher list [38]
o openldap: implement STARTTLS [56]
o openldap: process search query response messages one by one [50]
o openldap: several minor improvements [69]
o openldap: simplify ldif generation code [77]
o openssl: check the return value of BIO_new() [43]
o openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
o openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
o openssl: remove usage of deprecated `SSL_get_peer_certificate`
o openssl: use non-deprecated API to read key parameters
o page-footer: add a mention of how to report bugs to the man page
o page-footer: document more environment variables [23]
o request.d: refer to 'method' rather than 'command' [59]
o retry-all-errors.d: make the example complete
o runtests: make the SSH library a testable feature
o rustls: read of zero bytes might be okay [9]
o rustls: remove comment about checking handshaking [15]
o rustls: remove incorrect EOF check [10]
o sha256/md5: return errors when init fails [79]
o socks5: use appropriate ATYP for numerical IP address host names [91]
o test1156: enable for hyper [65]
o test1156: fixup the stdout check for Windows [60]
o test1525: tweaked for hyper [64]
o test1526: enable for hyper [63]
o test1527: enable for hyper [62]
o test1528: enable for hyper [61]
o test1554: adjust for hyper [49]
o test1556: adjust for hyper [48]
o test302[12]: run only with the libssh2 backend [8]
o test661: enable for hyper [66]
o tests/CI.md: add more information on CI environments [39]
o tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 [76]
o tftp: mark protocol as not possible to do over CONNECT [25]
o tool_findfile: updated search for a file in the homedir [46]
o tool_operate: only set SSH related libcurl options for SSH URLs [11]
o tool_operate: warn if too many output arguments were found [87]
o url.c: fix the SIGPIPE comment for Curl_close [4]
o url: check ssl_config when re-use proxy connection [81]
o url: reduce ssl backend count for CURL_DISABLE_PROXY builds [96]
o urlapi: accept port number zero [34]
o urlapi: if possible, shorten given numerical IPv6 addresses [95]
o urlapi: provide more detailed return codes [36]
o urlapi: reject short file URLs [41]
o version_win32: Check build number and platform id
o vtls/rustls: adapt to the updated rustls_version proto [19]
o writeout: fix %{http_version} for HTTP/3 [7]
o x509asn1: return early on errors [67]
o zuul.d: update rustls-ffi to version 0.8.2 [5]
o zuul: fix quiche build pointing to wrong Cargo [104]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.9.8p2 to 1.9.9
- Update of rootfile
- Changelog
What's new in Sudo 1.9.9
* Sudo can now be built with OpenSSL 3.0 without generating warnings
about deprecated OpenSSL APIs.
* A digest can now be specified along with the "ALL" command in
the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for
this in the sudoers file but did not include corresponding changes
for the other back-ends.
* visudo now only warns about an undefined alias or a cycle in an
alias once for each alias.
* The sudoRole cn was truncated by a single character in warning messages.
GitHub issue #115.
* The cvtsudoers utility has new --group-file and --passwd-file options
to use a custom passwd or group file when the --match-local option is
also used.
* The cvtsudoers utility can now filter or match based on a command.
* The cvtsudoers utility can now produce output in csv (comma-separated
value) format. This can be used to help generate entitlement reports.
* Fixed a bug in sudo_logsrvd that could result in the connection being
dropped for very long command lines.
* Fixed a bug where sudo_logsrvd would not accept a restore point
of zero.
* Fixed a bug in visudo where the value of the "editor" setting was not
used if it did not match the user's EDITOR environment variable.
This was only a problem if the "env_editor" setting was not enabled.
Bug #1000.
* Sudo now builds with the -fcf-protection compiler option and the
"-z now" linker option if supported.
* The output of "sudoreplay -l" now more closely matches the
traditional sudo log format.
* The sudo_sendlog utility will now use the full contents of the log.json
file, if present. This makes it possible to send sudo-format I/O logs
that use the newer log.json format to sudo_logsrvd without losing any
information.
* Fixed compilation of the arc4random_buf() replacement on systems with
arc4random() but no arc4random_buf(). Bug #1008.
* Sudo now uses its own getentropy() by default on Linux. The GNU libc
version of getentropy() will fail on older kernels that don't support
the getrandom() system call.
* It is now possible to build sudo with WolfSSL's OpenSSL compatibility
layer by using the --enable-wolfssl configure option.
* Fixed a bug related to Daylight Saving Time when parsing timestamps
in Generalized Time format. This affected the NOTBEFORE and
NOTAFTER options in sudoers. Bug #1006
* Added the -O and -P options to visudo, which can be used to check
or set the owner and permissions. This can be used in conjunction
with the -c option to check that the sudoers file ownership and
permissions are correct. Bug #1007.
* It is now possible to set resource limits in the sudoers file itself.
The special values "default" and "user" refer to the default system
limit and invoking user limit respectively. The core dump size limit
is now set to 0 by default unless overridden by the sudoers file.
* The cvtsudoers utility can now merge multiple sudoers sources into
a single, combined sudoers file. If there are conflicting entries,
cvtsudoers will attempt to resolve them but manual intervention
may be required. The merging of sudoers rules is currently fairly
simplistic but will be improved in a future release.
* Sudo was parsing but not applying the "deref" and "tls_reqcert"
ldap.conf settings. This meant the options were effectively
ignored which broke dereferencing of aliases in LDAP. Bug #1013.
* Clarified in the sudo man page that the security policy may
override the user's PATH environment variable. Bug #1014.
* When sudo is run in non-interactive mode (with the -n option), it
will now attempt PAM authentication and only exit with an error
if user interaction is required. This allows PAM modules that
don't interact with the user to succeed. Previously, sudo
would not attempt authentication if the -n option was specified.
Bug #956 and GitHub issue #83.
* Fixed a regression introduced in version 1.9.1 when sudo is
built with the --with-fqdn configure option. The local host
name was being resolved before the sudoers file was processed,
making it impossible to disable DNS lookups by negating the
"fqdn" sudoers option. Bug #1016.
* Added support for negated sudoUser attributes in the LDAP and
SSSD sudoers back ends. A matching sudoUser that is negated
will cause the sudoRole containing it to be ignored.
* Fixed a bug where the stack resource limit could be set to a
value smaller than that of the invoking user and not be reset
before the command was run. Bug #1017.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
