mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-22 17:02:58 +02:00
41dfd30c9a34faeff8d8cd549e5583ad2919ce4f
3260 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
8005b23bc4 |
sysstat: Update to version 12.7.1
- Update from version 12.5.4 to 12.7.1 - Update of rootfile - Changelog 2022/11/06: Version 12.7.1: Fix possible overflow in sa_common.c (GHSL-2022-074) [12.6.1]. sadf: Add support for option -t with SVG output to make it possible to display timestamps in the same locale as that of the file creator. sadf: Print timezone instead of UTC in true time mode. Timezone is also displayed in local time. sadf: PCP: Fix timestamps written to PCP archive file. sar: Add new environment variable S_REPEAT_HEADER. pidstat: Return exit code of the process that was monitored with option -e. mpstat: Add option -H to handle vCPU physical hotplug. Add local, xlocal and debug targets to iconfig script. Turn off gcc's tree-slp-vectorize option which was making sadf crash in some situations. sa_conv.c: Make size of statistics structures from older sysstat versions immutable [12.6.1]. [Bernhard M. Wiedemann]: Declare sadc dependency on libsyscom.a [12.6.1]. [Steve Kay]: Fix gcc v11.2 warnings [12.6.1]. [Steve Kay]: Various cosmetic fixes [12.6.1]. [Jan Christoph Uhde]: sar: Remove `-I int_list` from man-page and help [12.6.1]. [Frank Dana]: Consolidate systemctl commands in README file [12.6.1]. [Rong Tao]: Remove whitespace characters at the end of lines [12.6.1]. Update configure file to deal with newer autoconf version. configure.in file is renamed to configure.ac. Update DTD and XSD documents. sar and sysstat manual pages updated. NLS updated. Add new Georgian translation. Non regression tests updated. 2022/05/29: Version 12.6.0: sar: Fix maximum value for A_IRQ activity. sar/sadf: A_NET_SOFT: Add new metric softnet network backlog. sadc: A_NET_SOFT: Use CPU id from /proc/net/softnet_stat. Update DTD and XSD documents (softnet backlog). [Chris Bagwell]: sar/sadf: Convert 64-bit time value to time_t as needed. sadf: Add basic colorization to sadf's output. sadf: Add sanity checks on values read from file. sadf: PCP: Fix multiple metrics name problems. sa_common.c: Remove unneeded variable assignment. [Lukáš Zaoral]: Take into account LDFLAGS passer to configure script. Various janitorial fixes and updated. Update FAQ. Update sar manual page. Update NLS translations. Update non regression tests. 2022/02/28: Version 12.5.6: sar/sadc: Rewrite code used to collect and display interrupts statistics. Statistics are now collected from /proc/interrupts (instead of /proc/stat) and are displayed for each installed CPU. sar/sadf: Add new "--int=" option to enter a list of interrupts on the command line. sadf: Update the various output formats to deal with the new per-CPU interrupts statistics. Update DTD and XSD documents. CPU elements may be non-existent when all selected CPU are offline. Update sar and sadf manual pages. mpstat: Create its own function to read the total number of interrupts from /proc/stat file. mpstat: Remove unneeded "aligned" attribute from struct stats_irqcpu definition. sar: Fix index value used in online_cpu_bitmap array. sar/sadf: Make sure that datafiles with unknown activities can be read by sar and sadf [12.4.5]. sar/sadf: Don't reallocate buffers for activities not present in file [12.4.5]. sar: Make sure that all buffers are copied in copy_structures() function [12.4.5]. PCP: Fix flow_limit_count metric's unit (A_NET_SOFT activity). PCP: Fix instance names for getattr call (A_NET_NFS(D) activities). Use sizeof() macro instead of hard-coded values with snprintf() functions. rndr_stats.c: Use NOVAL instead of NULL as last argument for cons() function. Use strings definitions whenever possible. Add new non regression tests. Update some existing ones. Various cosmetic fixes. 2021/12/05: Version 12.5.5: iostat: Add --compact option. iostat: Always display persistent names with option -j [12.4.4]. iostat: Fix how device mapper names are taken into account when entered on the command line [12.4.4]. iostat: Update manual page. mpstat: Don't display offline CPU [12.4.4]. mpstat: Fix values displayed when an offline CPU goes back online [12.4.4]. mpstat: Fix untrusted loop bound [12.4.4]. mpstat: Update non regression tests [12.4.4]. sar: Tell the user to convert the file when needed. sadc: Reuse count results for sub-items. [Ville Skyttä]: Use `grep -E` instead of deprecated `egrep` [12.4.4]. [Ville Skyttä]: Spelling and grammar fixes [12.4.4]. Update FAQ. [Nathan Naze]: Update man pages with correct spelling of "JavaScript" [12.4.4]. Update non regression tests. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
47b5dd080a |
poppler: Update to version 22.11.0
- Update from 22.04.0 to 22.11.0
- Update of rootfile
- Changelog
Release 22.11.0:
core:
* CairoOutputDev: Update font after restore
* Protect against broken files
* Small code refactoring
Release 22.10.0:
core:
* SplashOutputDev::tilingPatternFill: Properly restore CTM on failure. Issue #1292
* Protect against malformed files
* Refactor code to not use strndup
* Other small code refactoring
utils:
* pdftoppm: Avoid round-off errors when determining raster dimensions
* pdftocairo: Avoid round-off errors when determining raster dimensions
* pdftotext: Simplify memory handling
qt:
* Take into account flagNoView when getting/setting the visible status. KDE bug #456313
build system:
* Fix sed invocation
Release 22.09.0:
core:
* Splash: Do not truncate line dash patterns with more than 20 entries. Issue #1281
* Various signature related improvements
* Fix FormField::getFullyQualifiedName in some scenarios
* Splash: Small optimization on dash pattern handling
* JBIG2Stream::readHalftoneRegionSeg: Fix potential memory leak
* Fix crashes on malformed files. Including CVE-2022-38784
* Fix string formatting in error reporting
glib:
* Fix two potential memory leaks in poppler_document_create_dests_tree
utils:
* pdfsig: List signature field names when listing signature information
* pdfsig: Add support for specifying signature by field name
* pdfunite: Fix crashes on malformed files
* pdfunite: Fix potential memory leak of docs
Release 22.08.0:
core:
* Fix rendering text on some forms
* CairoOutputDev: Support Type3 charprocs having Resources
* Fix crashes on malformed files
Release 22.07.0:
core:
* Fix crash when filling in forms in some files. Issue #1258
* Fix first lines of Annotations sometimes being cut off. Issue #1246
* Signatures: Don't crash if the signature doesn't have a common name
* CairoFontEngine: increment font_face reference when retrieving from the cache
* Add ToUnicode support for lessorequalslant and greaterorequalslant
glib:
* Add support for stamp annotation
build system:
* Tweaks on how gperf is run
Release 22.06.0:
core:
* Forms: Fix crash in forms with their own DR
* Refactor CairoFontEngine caching
* CairoOutputDev: preserve text color when drawing type 3 glyphs
* Windows: font code simplification
* Minor code improvements
cpp:
* Add missing header
utils:
* pdfattach: Assume filename is utf8 encoded
* pdftohtml: Fix type 3 font size calculation
Release 22.05.0:
core:
* Annotations: Make sure we embed fonts for the FreeText annots
* Forms: Make sure we embedd fonts as needed
* Signatures: Make sure we embed the needed fonts
* CairoOutputDev: color type 3 fonts
* fix two bugs in multiline find_text()
* code improvements
utils:
* pdftotext: added TSV mode
* HtmlOutputDev: don't use png.h
cpp:
* Use time_t for time
* Add page_transition::durationReal
qt:
* Pass leftFontSize down to `FormWidgetSignature::signDocumentWithAppearence`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d1ade1d63f |
meson: Update to version 0.64.1
- Update from version 0.62.1 to 0.64.1
- Update of rootfile
- Changelog is too long to include here. Details can be found at
0.63.0 https://mesonbuild.com/Release-notes-for-0-63-0.html
0.64.0 https://mesonbuild.com/Release-notes-for-0-64-0.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d7cb4f6535 |
liburcu: Update to version 0.13.2
- Update from version 0.13.0 to 0.13.2
- Update of rootfile
- Changelog
2022-08-18 Userspace RCU 0.13.2
* Revert "Fix: remove type constness in URCU_FORCE_CAST's C++ version"
* Fix: futex.h: include headers outside extern C
* Fix: add missing unused attribute to _rcu_dereference
* Fix: change method used by _rcu_dereference to strip type constness
* Fix: remove type constness in URCU_FORCE_CAST's C++ version
* Move extern "C" down in include/urcu/urcu-bp.h
* fix: ifdef linux specific cpu count compat
* Set git-review branch to stable-0.13
* fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id
* Fix: revise obsolete command in README.md
* Fix: workqueue: remove unused variable "ret"
* Fix: urcu-qsbr: futex wait: handle spurious futex wakeups
* Fix: urcu: futex wait: handle spurious futex wakeups
* Fix: urcu-wait: futex wait: handle spurious futex wakeups
* Fix: defer_rcu: futex wait: handle spurious futex wakeups
* Fix: call_rcu: futex wait: handle spurious futex wakeups
* Fix: workqueue: futex wait: handle spurious futex wakeups
* Fix: Use %lu rather than %ld to print count
2022-01-05 Userspace RCU 0.13.1
* fix: properly detect 'cmpxchg' on x86-32
* fix: use urcu-tls compat with c++ compiler
* fix: remove autoconf features default value in help message
* fix: add missing pkgconfig file for memb flavour lib
* Make temporary variable in _rcu_dereference non-const
* Fix: x86 and s390: uatomic __hp() macro C++ support
* Fix: x86 and s390: uatomic __hp() macro clang support
* Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11
* Fix: changelog: v0.13.0 was released in 2021
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
194dd04102 |
libtiff: Update to version 4.4.0
- Update from version 4.3.0 to 4.4.0 - Update of rootfile - Changelog is too long to include here (~1000 lines). Details can be found in ChangeLog file in the source tarball. There are at least 31 bug closures in this release. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
4bdb98bc25 |
libtasn1: Update to version 4.19.0
- Update from version 4.18.0 to 4.19.0
- Update of rootfile
- Changelog
* Noteworthy changes in release 4.19.0 (2022-08-23) [stable]
- Clarify libtasn1.map license. Closes: #38.
- Fix ETYPE_OK out of bounds read. Closes: #32.
- Update gnulib files and various maintenance fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
4d9cdf1e4f |
iproute2: Update to version 6.0.0
- Update from 5.19.0 to 6.0.0 - Update of rootfile - Changelog can only be obtained by reviewing the git commits from https://git.kernel.org/pub/scm/network/iproute2/iproute2.git Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
bcef2fe0f6 |
elinks: Update to version 0.15.1
- Update from version 0.12pre6 (2012) to 0.15.1 (July 2022)
- Update of rootfile
- Original elinks was last updated in 2012. In Jan 2020 a fork was made of the package
and has been maintained since then on an ongoing basis. This new fork is used by Arch
Linux
- elinks has not been an addon since CU141 but the lfs file was still in the addon format
This has been adjusted to make it in line with a core program
- The previous patches related to ssl have been removed as the fixes are now part of the
source tarball.
- Changelog
ELinks 0.15.1 Released on 2022-07-31
* about:config
* option --always-load-config #137
* compilation fixes on Windows #140
* added ui.background_char #142
* sample build scripts and docker files
* experimental DGI support
* DOS port based on links code
* configurable Accept-Header #143
* minor compilation fixes
ELinks 0.15.0 Released on 2021-12-24
* Serbian translation update
ELinks 0.15.0rc2 Released on 2021-12-19
* Serbian translation update
* HOME_ETC
ELinks 0.15.0rc1 Released on 2021-12-04
* removed -Wno-pointer-sign from CFLAGS
* close stdin before calling a background program (sgerwk)
and options related to it #108, #109, #110, #113
* gemini protocol and text/gemini mime type
* changed rendering of blockquote element
* avoid tmpfile in lua (sgerwk) #115, #118
* console.log in js (mtatton) #93
* localstorage (mtatton) #98
* options document.browse.search.beginning_only
document.browse.search.ignore_history
ui.double_esc
* ui.temperature.* to show temperature of CPU
* document.plain.fixup_tables
* enhanced ecmascript code. Added QuickJS
* Notes on ECMAScript:
requires C++ compiler, sqlite3, libxml++5 >= 5.0.1.GIT
and either mozjs78-dev or QuickJS-2021-03-27
Most sites don't work, some crash. Some workarounds were implemented:
a) ECMAScript is disabled by default
b) ~/.elinks/allow.txt and ~/.elinks/disallow.txt with url prefixes
c) Added toggle-ecmascript action. You can bind it to some key
* other small fixes
ELinks 0.14.3 Released on 2021-09-26
* Fix issue with negative value of cells #126
ELinks 0.14.2 Released on 2021-08-29
* crash in nttp #114
* XSS in gopher #125
ELinks 0.14.1 Released on 2021-05-30
* Disable spidermonkey by default #85
* Show error message about libgcrypt-config. #86
* off by two. #88
* Check NULL. #99
* fix error message when no previous search was performed #100
* alert when moving to the next match of a failed search #101
* include unistd.h and errno.h to define safe_read() #107
ELinks 0.14.0 Released on 2020-12-27
No changes since 0.14.0rc2.
ELinks 0.14.0rc2 Released on 2020-12-13
* ~/.elinks/allow.txt - list of allowed url prefixes for js
ELinks 0.14.0rc1 Released on 2020-12-06
* dblatex for pdf. PR #64
* fixes CTRL-Z. #65
* changes in mime handlers. PR #66
* fixes in data protocol. #67, #68, #71, #72, #73
* allow to wrap text in PRE. #69
* pass #fragment to external command. #75
* introduced "document.browse.search.reset". #76
* added meson as alternative build system
* in #77 I'm going to attach static binaries for released versions
* mozjs dependency updated to 52.*
Note that, to compile with javascript support you must compile by g++ with -fpermissive option.
There is a lot of warnings. Unfortunately JS often crashes. Without help from someone familiar
with SpiderMonkey, we won't go far.
As you might notice, I renamed repo to elinks.
Thanks to all involved in this release.
ELinks 0.13.5 Released on 2020-08-30
* added clipboard selection using keyboard. #59
* fixed drawing menus over emoji characters. #60
* encoding to utf-8 and decoding back in python's pre_format_html_hook
This is likely the last release of 0.13.x series.
ELinks 0.13.4: Released on 2020-07-31.
* fixed segfault with gnutls. introduced in 0.13.3
* updated smart and dumb prefixes to https. Thanks Guido Cella. PR #54
* added the st terminal to config options. PR #55
* doc updates PR #57
* also pass the uri as %u to external handler. Thanks sgerwk. PR #58
* added the ui.clipboard_file config option
ELinks 0.13.3: Released on 2020-06-29.
* configure option --with-luapkg=name
You can choose lua version at compilation time. For example: --with-luapkg=luajit
* config option connection.ssl.https_by_default (Thanks Guido Cella)
not enabled by default
* docs updates (Guido Cella)
* fixes related to ui.mouse_disable and xterm-like terminals (Thanks sgerwk)
* show an alert when the search string is not found (sgerwk)
ELinks 0.13.2: Released on 2020-05-31.
* command line option -remote search(...) (thanks sgerwk)
* command line option -bind-address
* config option ui.mouse_disable (sgerwk)
* config option ui.tostop
* config option ui.sessions.fork_on_start
* compatibility (compilability) with lua-5.2 and 5.3
* modified cookies code (not well tested)
ELinks 0.13.1: Released on 2020-01-31.
* Fixed issue with uploading files to local cgi.
* Python scripts in contrib converted to python3.
ELinks 0.13.0: Released on 2019-12-27.
Incompatibilities:
* The protocol.fsp.sort option has been removed. ELinks always sorts.
* bug 1024: Verify the host name or IP address in the server certificate
if connection.ssl.cert_verify is not 0.
Miscellaneous:
* The configure script is no longer part of tarball, you must generate it.
For example running ./autogen.sh
* major bug 181: Slave ELinks processes can now run an external editor.
This used to work in the master process only.
* major bug 722: Filter CSS according to media types. New option
document.css.media.
* bug 638: Propagate the existence of $DISPLAY from slave terminals to
mailcap test commands.
* bugs 762, 1082: Small memory leak in goto_current_link/goto_imgmap
* bug 963: New option document.css.ignore_display_none.
* bug 977: Fixed crash when opening in new tab a non link with onclick
attribute.
* bug 1008: File upload fields in HTML forms now stream the files to
the server, instead of reading them to memory in advance. This lets
you upload larger files. The downsides are that ELinks may use a
cached response even if you have modified a file between requests,
and that ELinks can send inconsistent data if you modify a file
while it is being uploaded.
* bug 1054: Don't abort downloads when closing the terminal from which
they were started. When such a download ends, display the message
in the most recently used terminal. If the user chooses
``Background and Notify'' via the download manager in some terminal,
reassociate the download with that terminal. These changes do not
apply to downloads to external handlers.
* Really retry forever when connection.retries = 0.
* enhancement: Session-specific options. Any options changed with
toggle-* actions no longer affect other tabs or other terminals.
* Do not crash when document.browse.minimum_refresh_time = 0 and
a document has a meta refresh with a delay of 0.
* Properly update link highlighting and status bar information when the
repeat prefix is changed.
* Handle SSL rehandshakes
* Fix compatibility with Ruby >= 1.9
* enhancement 15: Domain-specific options. Use set_domain in
elinks.conf to e.g. disable cookies for google.com. The option
manager window does not yet support this.
* enhancement 867: Use bracketed paste mode on xterm. This requires
xterm patch #228 or later configured with --enable-readline-mouse.
* enhancement 824: Experimental support for combining characters.
See features.conf for details.
* enhancement: Add a new entry Link Info under Link main menu.
* enhancement: Indicate backgrounded downloads using an unused led.
* enhancement: Display the number of ECMAScript interpreters that have
been allocated for documents in the Resources dialog.
* Fedora enhancement 346861: Add support for nss_compat_ossl library
(OpenSSL replacement).
* enhancement: ``elinks --dump'' uses box-drawing characters if supported
by the charset.
* enhancement 1070: Support 256 colors on fbterm-1.4.
* enhancement 1075: Scrolling the entire contents of dialog boxes.
Especially useful for multi-file BitTorrent downloads.
* Report if the Lua function edit_bookmark_dialog receives the wrong
number or types of arguments instead of silently failing.
* enhancement: Add ``Invalidate'' button to the cache manager.
* enhancement: Add ``Search contents'' button to the cache manager with
which one can search through the cache items' data rather than their
metadata.
* enhancement: Add rudimentary support for the HTML5 media elements,
<video> and <audio>.
* enhancement: Add move-half-page-up and move-half-page-down actions.
* enhancement: Add option to change overlap for vertical scrolling.
* enhancement: HTML meta refresh allows semicolons in URLs, and the
syntax is more like in Firefox.
* link against lua51 not lua50
* SpiderMonkey must be mozjs-17.0. This version is latest with C API.
Find it with pkg-config.
* using iconv for some multibyte charsets. It works if the terminal codepage
is UTF-8. More charsets will be added on demand.
* enhancement: support SSL client certificate
* python scripting is Python3 only
* brotli and zstd encodings
* possibility to make use of libevent instead of select for event loop
* terminfo queries for output (not input) as compilation option
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
24109ebef7 |
sudo: Update to version 1.9.12p1
- Update from version 1.9.11p3 to 1.9.12p1
- Update of rootfile
- Changelog
What's new in Sudo 1.9.12p1
* Sudo's configure script now does a better job of detecting when
the -fstack-clash-protection compiler option does not work.
GitHub issue #191.
* Fixed CVE-2022-43995, a potential out-of-bounds write for passwords
smaller than 8 characters when passwd authentication is enabled.
This does not affect configurations that use other authentication
methods such as PAM, AIX authentication or BSD authentication.
* Fixed a build error with some configurations compiling host_port.c.
What's new in Sudo 1.9.12
* Fixed a bug in the ptrace-based intercept mode where the current
working directory could include garbage at the end.
* Fixed a compilation error on systems that lack the stdint.h
header. Bug #1035
* Fixed a bug when logging the command's exit status in intercept
mode. The wrong command could be logged with the exit status.
* For ptrace-based intercept mode, sudo will now attempt to
verify that the command path name, arguments and environment
have not changed from the time when they were authorized by the
security policy. The new "intercept_verify" sudoers setting can
be used to control this behavior.
* Fixed running commands with a relative path (e.g. ./foo) in
intercept mode. Previously, this would fail if sudo's current
working directory was different from that of the command.
* Sudo now supports passing the execve(2) system call the NULL
pointer for the `argv` and/or `envp` arguments when in intercept
mode. Linux treats a NULL pointer like an empty array.
* The sudoers LDAP schema now allows sudoUser, sudoRunasUser and
sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII.
* Fixed a problem with "sudo -i" on SELinux when the target user's
home directory is not searchable by sudo. GitHub issue #160.
* Neovim has been added to the list of visudo editors that support
passing the line number on the command line.
* Fixed a bug in sudo's SHA384 and SHA512 message digest padding.
* Added a new "-N" (--no-update) command line option to sudo which
can be used to prevent sudo from updating the user's cached
credentials. It is now possible to determine whether or not a
user's cached credentials are currently valid by running:
$ sudo -Nnv
and checking the exit value. One use case for this is to indicate
in a shell prompt that sudo is "active" for the user.
* PAM approval modules are no longer invoked when running sub-commands
in intercept mode unless the "intercept_authenticate" option is set.
There is a substantial performance penalty for calling into PAM
for each command run. PAM approval modules are still called for
the initial command.
* Intercept mode on Linux now uses process_vm_readv(2) and
process_vm_writev(2) if available.
* The XDG_CURRENT_DESKTOP environment variable is now preserved
by default. This makes it possible for graphical applications
to choose the correct theme when run via sudo.
* On 64-bit systems, if sudo fails to load a sudoers group plugin,
it will use system-specific heuristics to try to locate a 64-bit
version of the plugin.
* The cvtsudoers manual now documents the JSON and CSV output
formats. GitHub issue #172.
* Fixed a bug where sub-commands were not being logged to a remote
log server when log_subcmds was enabled. GitHub issue #174.
* The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout
sudoers settings can be used to support more fine-grained I/O logging.
The sudo front-end no longer allocates a pseudo-terminal when running
a command if the I/O logging plugin requests logging of stdin, stdout,
or stderr but not terminal input/output.
* Quieted a libgcrypt run-time initialization warning.
This fixes Debian bug #1019428 and Ubuntu bug #1397663.
* Fixed a bug in visudo that caused literal backslashes to be removed
from the EDITOR environment variable. GitHub issue #179.
* The sudo Python plugin now implements the "find_spec" method instead
of the the deprecated "find_module". This fixes a test failure when
a newer version of setuptools that doesn't include "find_module" is
found on the system.
* Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created
the process ID file, usually /var/run/sudo/sudo_logsrvd.pid, as
a directory instead of a plain file. The same bug could result
in I/O log directories that end in six or more X's being created
literally in addition to the name being used as a template for
the mkdtemp(3) function.
* Fixed a long-standing bug where a sudoers rule with a command
line argument of "", which indicates the command may be run with
no arguments, would also match a literal "" on the command line.
GitHub issue #182.
* Added the -I option to visudo which only edits the main sudoers
file. Include files are not edited unless a syntax error is found.
* Fixed "sudo -l -U otheruser" output when the runas list is empty.
Previously, sudo would list the invoking user instead of the
list user. GitHub issue #183.
* Fixed the display of command tags and options in "sudo -l" output
when the RunAs user or group changes. A new line is started for
RunAs changes which means we need to display the command tags
and options again. GitHub issue #184.
* The sesh helper program now uses getopt_long(3) to parse the
command line options.
* The embedded copy of zlib has been updated to version 1.2.13.
* Fixed a bug that prevented event log data from being sent to the
log server when I/O logging was not enabled. This only affected
systems without PAM or configurations where the pam_session and
pam_setcred options were disabled in the sudoers file.
* Fixed a bug where "sudo -l" output included a carriage return
after the newline. This is only needed when displaying to a
terminal in raw mode. Bug #1042.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
2bfcbac468 |
libpng: Update to version 1.6.39
- Update from version 1.6.37 to 1.6.39
- Update of rootfile
- Changelog
Version 1.6.39 [November 20, 2022]
Changed the error handler of oversized chunks (i.e. larger than
PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
Fixed a buffer overflow error in contrib/tools/pngfix.
Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
Disabled the ARM Neon optimizations by default in the CMake file,
following the default behavior of the configure script.
Allowed configure.ac to work with the trunk version of autoconf.
Removed the support for "install" targets from the legacy makefiles;
removed the obsolete makefile.cegcc.
Cleaned up the code and updated the internal documentation.
Version 1.6.38 [September 14, 2022]
Added configurations and scripts for continuous integration.
Fixed various errors in the handling of tRNS, hIST and eXIf.
Implemented many stability improvements across all platforms.
Updated the internal documentation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
6bdf47513b |
libedit: Update to version 20221030-3.1
- Update from 20210910-3.1 to 20221030-3.1 - Update of rootfile - Changelog * version-info: 0:70:0 * src/sys.h, src/reallocarr.c: Remove unused sys/cdefs.h include, to compile against musl libc * version-info: 0:69:0 * src/sys.h: Add __sun guard around sys/types.h in sys.h * all: sync with upstream source Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
8cb2214c3a |
curl: Update to version 7.86.0
- Update from version 7.84.0 to 7.86.0 - Update of rootfile - curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this is now built into the source tarball version - Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES file in the source tarballs. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
bff0999f03 |
pcmciautils: Remove package from IPFire
- Current version is 014 which was released in 2008. The latest version is 018 which was released in 2011. - In 2010 pcmcia was acquired by the USB Implementers forum and all work has been focussed on usb only with nothing on pcmcia. - pcmcia is only still used as a legacy requirement on industrial computing systems for machine control etc. pcmcia was introduced originally for laptop use. - All new laptops have no pcmcia slot. Searching on amazon for laptop with pcmcia gave 55 results none of which had any pcmcia capability. - Based on the above the package pcmciautils is being removed from IPFire. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
96adb79772 |
swig: Update to version 4.1.0
- Update from version 4.0.2 to 4.1.0
- Update of rootfile
- Changelog
SWIG-4.1.0 summary:
- Add Javascript Node v12-v18 support, remove support prior to v6.
- Octave 6.0 to 6.4 support added.
- Add PHP 8 support.
- PHP wrapping is now done entirely via PHP's C API - no more .php wrapper.
- Perl 5.8.0 is now the oldest version SWIG supports.
- Python 3.3 is now the oldest Python 3 version SWIG supports.
- Python 3.9-3.11 support added.
- Various memory leak fixes in Python generated code.
- Scilab 5.5-6.1 support improved.
- Many improvements for each and every target language.
- Various preprocessor expression handling improvements.
- Improved C99, C++11, C++14, C++17 support. Start adding C++20 standard.
- Make SWIG much more move semantics friendly.
- Add C++ std::unique_ptr support.
- Few minor C++ template handling improvements.
- Various C++ using declaration fixes.
- Few fixes for handling Doxygen comments.
- GitHub Actions is now used instead of Travis CI for continuous integration.
- Add building SWIG using CMake as a secondary build system.
- Update optional SWIG build dependency for regex support from PCRE to PCRE2.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
6ff6ba85ba |
xz: Update to version 5.2.8
- Update from version 5.2.5 to 5.2.8
- Update of rootfile
- Remove xzgrep-ZDI-CAN-16587 patch as the contents are now integrated into the source
tarball and with an improved quicker method - see changelog below.
- Changelog
5.2.8 (2022-11-13)
* xz:
- If xz cannot remove an input file when it should, this
is now treated as a warning (exit status 2) instead of
an error (exit status 1). This matches GNU gzip and it
is more logical as at that point the output file has
already been successfully closed.
- Fix handling of .xz files with an unsupported check type.
Previously such printed a warning message but then xz
behaved as if an error had occurred (didn't decompress,
exit status 1). Now a warning is printed, decompression
is done anyway, and exit status is 2. This used to work
slightly before 5.0.0. In practice this bug matters only
if xz has been built with some check types disabled. As
instructed in PACKAGERS, such builds should be done in
special situations only.
- Fix "xz -dc --single-stream tests/files/good-0-empty.xz"
which failed with "Internal error (bug)". That is,
--single-stream was broken if the first .xz stream in
the input file didn't contain any uncompressed data.
- Fix displaying file sizes in the progress indicator when
working in passthru mode and there are multiple input files.
Just like "gzip -cdf", "xz -cdf" works like "cat" when the
input file isn't a supported compressed file format. In
this case the file size counters weren't reset between
files so with multiple input files the progress indicator
displayed an incorrect (too large) value.
* liblzma:
- API docs in lzma/container.h:
* Update the list of decoder flags in the decoder
function docs.
* Explain LZMA_CONCATENATED behavior with .lzma files
in lzma_auto_decoder() docs.
- OpenBSD: Use HW_NCPUONLINE to detect the number of
available hardware threads in lzma_physmem().
- Fix use of wrong macro to detect x86 SSE2 support.
__SSE2_MATH__ was used with GCC/Clang but the correct
one is __SSE2__. The first one means that SSE2 is used
for floating point math which is irrelevant here.
The affected SSE2 code isn't used on x86-64 so this affects
only 32-bit x86 builds that use -msse2 without -mfpmath=sse
(there is no runtime detection for SSE2). It improves LZMA
compression speed (not decompression).
- Fix the build with Intel C compiler 2021 (ICC, not ICX)
on Linux. It defines __GNUC__ to 10 but doesn't support
the __symver__ attribute introduced in GCC 10.
* Scripts: Ignore warnings from xz by using --quiet --no-warn.
This is needed if the input .xz files use an unsupported
check type.
* Translations:
- Updated Croatian and Turkish translations.
- One new translations wasn't included because it needed
technical fixes. It will be in upcoming 5.4.0. No new
translations will be added to the 5.2.x branch anymore.
- Renamed the French man page translation file from
fr_FR.po to fr.po and thus also its install directory
(like /usr/share/man/fr_FR -> .../fr).
- Man page translations for upcoming 5.4.0 are now handled
in the Translation Project.
* Update doc/faq.txt a little so it's less out-of-date.
5.2.7 (2022-09-30)
* liblzma:
- Made lzma_filters_copy() to never modify the destination
array if an error occurs. lzma_stream_encoder() and
lzma_stream_encoder_mt() already assumed this. Before this
change, if a tiny memory allocation in lzma_filters_copy()
failed it would lead to a crash (invalid free() or invalid
memory reads) in the cleanup paths of these two encoder
initialization functions.
- Added missing integer overflow check to lzma_index_append().
This affects xz --list and other applications that decode
the Index field from .xz files using lzma_index_decoder().
Normal decompression of .xz files doesn't call this code
and thus most applications using liblzma aren't affected
by this bug.
- Single-threaded .xz decoder (lzma_stream_decoder()): If
lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
to use lzma_memlimit_set() to increase the limit and continue
decoding. This was supposed to work from the beginning
but there was a bug. With other decoders (.lzma or
threaded .xz decoder) this already worked correctly.
- Fixed accumulation of integrity check type statistics in
lzma_index_cat(). This bug made lzma_index_checks() return
only the type of the integrity check of the last Stream
when multiple lzma_indexes were concatenated. Most
applications don't use these APIs but in xz it made
xz --list not list all check types from concatenated .xz
files. In xz --list --verbose only the per-file "Check:"
lines were affected and in xz --robot --list only the "file"
line was affected.
- Added ABI compatibility with executables that were linked
against liblzma in RHEL/CentOS 7 or other liblzma builds
that had copied the problematic patch from RHEL/CentOS 7
(xz-5.2.2-compat-libs.patch). For the details, see the
comment at the top of src/liblzma/validate_map.sh.
WARNING: This uses __symver__ attribute with GCC >= 10.
In other cases the traditional __asm__(".symver ...")
is used. Using link-time optimization (LTO, -flto) with
GCC versions older than 10 can silently result in
broken liblzma.so.5 (incorrect symbol versions)! If you
want to use -flto with GCC, you must use GCC >= 10.
LTO with Clang seems to work even with the traditional
__asm__(".symver ...") method.
* xzgrep: Fixed compatibility with old shells that break if
comments inside command substitutions have apostrophes (').
This problem was introduced in 5.2.6.
* Build systems:
- New #define in config.h: HAVE_SYMBOL_VERSIONS_LINUX
- Windows: Fixed liblzma.dll build with Visual Studio project
files. It broke in 5.2.6 due to a change that was made to
improve CMake support.
- Windows: Building liblzma with UNICODE defined should now
work.
- CMake files are now actually included in the release tarball.
They should have been in 5.2.5 already.
- Minor CMake fixes and improvements.
* Added a new translation: Turkish
5.2.6 (2022-08-12)
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files. Previously this required
using --force.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
- Visual Studio: Use non-standard _MSVC_LANG to detect C++
standard version in the lzma.h API header. It's used to
detect when "noexcept" can be used.
* xzgrep:
- Fixed arbitrary command injection via a malicious filename
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
this was released to the public on 2022-04-07. A slight
robustness improvement has been made since then and, if
using GNU or *BSD grep, a new faster method is now used
that doesn't use the old sed-based construct at all. This
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
when xzgrepping binary files.
This vulnerability was discovered by:
cleemy desu wayo working with Trend Micro Zero Day Initiative
- Fixed detection of corrupt .bz2 files.
- Improved error handling to fix exit status in some situations
and to fix handling of signals: in some situations a signal
didn't make xzgrep exit when it clearly should have. It's
possible that the signal handling still isn't quite perfect
but hopefully it's good enough.
- Documented exit statuses on the man page.
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
of the deprecated egrep and fgrep commands.
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
problem occurred when multiple options were specied in
a single argument, for example,
echo foo | xzgrep -Fe foo
treated foo as a filename because -Fe wasn't correctly
split into -F -e.
- Added zstd support.
* xzdiff/xzcmp:
- Fixed wrong exit status. Exit status could be 2 when the
correct value is 1.
- Documented on the man page that exit status of 2 is used
for decompression errors.
- Added zstd support.
* xzless:
- Fix less(1) version detection. It failed if the version number
from "less -V" contained a dot.
* Translations:
- Added new translations: Catalan, Croatian, Esperanto,
Korean, Portuguese, Romanian, Serbian, Spanish, Swedish,
and Ukrainian
- Updated the Brazilian Portuguese translation.
- Added French man page translation. This and the existing
German translation aren't complete anymore because the
English man pages got a few updates and the translators
weren't reached so that they could update their work.
* Build systems:
- Windows: Fix building of resource files when config.h isn't
used. CMake + Visual Studio can now build liblzma.dll.
- Various fixes to the CMake support. Building static or shared
liblzma should work fine in most cases. In contrast, building
the command line tools with CMake is still clearly incomplete
and experimental and should be used for testing only.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
a8e3499f78 |
libpipeline: Update to version 1.5.7
- Update from 1.5.6 to 1.5.7
- Update of rootfile
- Changelog
Version: 1.5.7
* lib/Makefile.am (libpipeline_la_LDFLAGS): Bump -version-info to 6:7:5.
Make socketpair configure tests compatible with C23
K&R-style zero-argument function definitions will no longer be
permitted.
* m4/pipeline-socketpair.m4 (PIPELINE_SOCKETPAIR_PIPE,
PIPELINE_SOCKETPAIR_MODE): Use `int main(void)`, not `int main()`.
* NEWS.md: Document this.
Update pre-commit hooks
* .pre-commit-config.yaml (pre-commit-hooks): Update to v4.3.0.
(clang-format): Update to v14.0.6.
Update manual page date
* man/libpipeline.3 (.Dd): Update to the date of the last substantial
modification. Leaving this as 2010 suggested more antiquity than we
need to suggest.
Update home page URL
* README.md: Use `https://libpipeline.gitlab.io/libpipeline/`.
* lib/libpipeline.pc.in (URL): Likewise.
web: Update last release
* web/index.html: Update to 1.5.6.
web: Fix last-modified date generation
* .gitlab-ci.yml: Replace `@DATE@` with the current date in
`public/index.html`.
* web/index.html: Use `@DATE@` template.
web: Assorted URL updates
* web/index.html: Update Git URLs to GitLab. Chase various redirects
and/or switch to HTTPS. Remove old Savannah link.
Add GitLab Pages site
* .gitlab-ci.yml (stages): Add deploy.
(pages): New job.
* web/index.html, web/libpipeline-lightning-talk.odp, web/standard.css,
web/white.css: New files.
Transferred Git repository to new group
* README.md: Change GitLab URL to
https://gitlab.com/libpipeline/libpipeline.
* NEWS.md: Document this.
Add notes to libpipeline(3) of when functions were added
* man/libpipeline.3 (DESCRIPTION, ENVIRONMENT): Add various "Added in"
notes.
* NEWS.md: Document this.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
1ad5a01388 |
readline: Update to version 8.2 plus patch 1
- Update from version 8.1 to 8.2 plus patch 1
- Update of rootfile
- Changelog
version 8.2
There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times out.
There is a new state value to indicate a timeout. There is a new option:
`enable-active-region'. This separates control of the active region and
bracketed-paste. It has the same default value as bracketed-paste, and
enabling bracketed paste enables the active region. Users can now turn off
the active region while leaving bracketed paste enabled. Two new bindable
string variables are available; their values are terminal escape sequences
that set the color used to display the active region and turn it off,
respectively. If set, these are used in place of terminal standout mode.
Finally, Readline now checks for changes to locale settings
(LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate
locale-specific display and key binding variables when the locale changes.
There are a few bug fixes in the redisplay code when restoring the prompt
after a digit-argument prompt or incremental search back to a prompt that
contains invisible multibyte characters. There are more checks for read
errors, especially in the middle of readline commands; previous versions
could loop or return incorrect data. Full details are below.
GNU Readline is a library which provides programs with an input
facility including command-line editing and history. Editing
commands similar to both emacs and vi are included. The GNU
History library, which provides facilities for managing a list of
previously-typed command lines and an interactive command line
recall facility similar to that provided by csh, is also present.
The history library is built as part of the readline as well as
separately.
1. Changes to Readline
a. Fixed a problem with cleaning up active marks when using callback mode.
b. Fixed a problem with arithmetic comparison operators checking the version.
c. Fixed a problem that could cause readline not to build on systems without
POSIX signal functions.
d. Fixed a bug that could cause readline to crash if the application removed
the callback line handler before readline read all typeahead.
e. Added additional checks for read errors in the middle of readline commands.
f. Fixed a redisplay problem that occurred when switching from the digit-
argument prompt `(arg: N)' back to the regular prompt and the regular
prompt contained invisible characters.
g. Fixed a problem with restoring the prompt when aborting an incremental
search.
h. Fix a problem with characters > 128 not being displayed correctly in certain
single-byte encodings.
i. Fixed a problem with unix-filename-rubout that caused it to delete too much
when applied to a pathname consisting only of one or more slashes.
j. Fixed a display problem that caused the prompt to be wrapped incorrectly if
the screen changed dimensions during a call to readline() and the prompt
became longer than the screen width.
k. Fixed a problem that caused the \r output by turning off bracketed paste
to overwrite the line if terminal echo was disabled.
l. Fixed a bug that could cause colored-completion-prefix to not display if
completion-prefix-display-length was set.
m. Fixed a problem with line wrapping prompts when a group of invisible
characters runs to the right edge of the screen and the prompt extends
longer then the screen width.
n. Fixed a couple problems that could cause rl_end to be set incorrectly by
transpose-words.
o. Prevent some display problems when running a command as the result of a
trap or one bound using `bind -x' and the command generates output.
p. Fixed an issue with multi-line prompt strings that have one or more
invisible characters at the end of a physical line.
q. Fixed an issue that caused a history line's undo list to be cleared when
it should not have been.
r. When replacing a history entry, make sure the existing entry has a non-NULL
timestamp before copying it; it may have been added by the application, not
the history library.
2. New Features in Readline
a. There is now an HS_HISTORY_VERSION containing the version number of the
history library for applications to use.
b. History expansion better understands multiple history expansions that may
contain strings that would ordinarily inhibit history expansion (e.g.,
`abc!$!$').
c. There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times
out. There is a new state value to indicate a timeout.
d. Automatically bind termcap key sequences for page-up and page-down to
history-search-backward and history-search-forward, respectively.
e. There is a new `fetch-history' bindable command that retrieves the history
entry corresponding to its numeric argument. Negative arguments count back
from the end of the history.
f. `vi-undo' is now a bindable command.
g. There is a new option: `enable-active-region'. This separates control of
the active region and bracketed-paste. It has the same default value as
bracketed-paste, and enabling bracketed paste enables the active region.
Users can now turn off the active region while leaving bracketed paste
enabled.
h. rl_completer_word_break_characters is now `const char *' like
rl_basic_word_break_characters.
i. Readline looks in $LS_COLORS for a custom filename extension
(*.readline-colored-completion-prefix) and uses that as the default color
for the common prefix displayed when `colored-completion-prefix' is set.
j. Two new bindable string variables: active-region-start-color and
active-region-end-color. The first sets the color used to display the
active region; the second turns it off. If set, these are used in place
of terminal standout mode.
k. New readline state (RL_STATE_EOF) and application-visible variable
(rl_eof_found) to allow applications to detect when readline reads EOF
before calling the deprep-terminal hook.
l. There is a new configuration option: --with-shared-termcap-library, which
forces linking the shared readline library with the shared termcap (or
curses/ncurses/termlib) library so applications don't have to do it.
m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG)
each time it is called, and modifies the appropriate locale-specific display
and key binding variables when the locale changes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
5be71d2a6e |
bash: Update to version 5.2 plus patches 1 to 9
- Update from version 5.1.16 to version 5.2 plus patches 1 to 9
- Update of rootfile
- Changelog
This is a terse description of the new features added to bash-5.2 since
the release of bash-5.1. As always, the manual page (doc/bash.1) is
the place to look for complete descriptions.
1. New Features in Bash
a. The bash malloc returns memory that is aligned on 16-byte boundaries.
b. There is a new internal timer framework used for read builtin timeouts.
c. Rewrote the command substitution parsing code to call the parser recursively
and rebuild the command string from the parsed command. This allows better
syntax checking and catches errors much earlier. Along with this, if
command substitution parsing completes with here-documents remaining to be
read, the shell prints a warning message and reads the here-document bodies
from the current input stream.
d. The `ulimit' builtin now treats an operand remaining after all of the options
and arguments are parsed as an argument to the last command specified by
an option. This is for POSIX compatibility.
e. Here-document parsing now handles $'...' and $"..." quoting when reading the
here-document body.
f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline
commands now understand $'...' and $"..." quoting.
g. There is a new `spell-correct-word' bindable readline command to perform
spelling correction on the current word.
h. The `unset' builtin now attempts to treat arguments as array subscripts
without parsing or expanding the subscript, even when `assoc_expand_once'
is not set.
i. There is a default value for $BASH_LOADABLES_PATH in config-top.h.
j. Associative array assignment and certain instances of referencing (e.g.,
`test -v' now allow `@' and `*' to be used as keys.
k. Bash attempts to expand indexed array subscripts only once when executing
shell constructs and word expansions.
l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with
that value for associative arrays instead of unsetting the entire array
(which you can still do with `unset arrayname'). For indexed arrays, it
removes all elements of the array without unsetting it (like `A=()').
m. Additional builtins (printf/test/read/wait) do a better job of not
parsing array subscripts if array_expand_once is set.
n. New READLINE_ARGUMENT variable set to numeric argument for readline commands
defined using `bind -x'.
o. The new `varredir_close' shell option causes bash to automatically close
file descriptors opened with {var}<fn and other styles of varassign
redirection unless they're arguments to the `exec' builtin.
p. The `$0' special parameter is now set to the name of the script when running
any (non-interactive) startup files such as $BASH_ENV.
q. The `enable' builtin tries to load a loadable builtin using the default
search path if `enable name' (without any options) attempts to enable a
non-existent builtin.
r. The `printf' builtin has a new format specifier: %Q. This acts like %q but
applies any specified precision to the original unquoted argument, then
quotes and outputs the result.
s. The new `noexpand_translations' option controls whether or not the translated
output of $"..." is single-quoted.
t. There is a new parameter transformation operator: @k. This is like @K, but
expands the result to separate words after word splitting.
u. There is an alternate array implementation, selectable at `configure' time,
that optimizes access speed over memory use (use the new configure
--enable-alt-array-implementation option).
v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty
string, treat the redirection as [N]<&- or [N]>&- and close file descriptor
N (default 0).
w. Invalid parameter transformation operators are now invalid word expansions,
and so cause fatal errors in non-interactive shells.
x. New shell option: patsub_replacement. When enabled, a `&' in the replacement
string of the pattern substitution expansion is replaced by the portion of
the string that matched the pattern. Backslash will escape the `&' and
insert a literal `&'.
y. `command -p' no longer looks in the hash table for the specified command.
z. The new `--enable-translatable-strings' option to `configure' allows $"..."
support to be compiled in or out.
aa. The new `globskipdots' shell option forces pathname expansion never to
return `.' or `..' unless explicitly matched. It is enabled by default.
bb. Array references using `@' and `*' that are the value of nameref variables
(declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if
set -u is enabled and the array (v) is unset.
cc. There is a new bindable readline command name:
`vi-edit-and-execute-command'.
dd. In posix mode, the `printf' builtin checks for the `L' length modifier and
uses long double for floating point conversion specifiers if it's present,
double otherwise.
ee. The `globbing' completion code now takes the `globstar' option into account.
ff. `suspend -f' now forces the shell to suspend even if job control is not
currently enabled.
gg. Since there is no `declare -' equivalent of `local -', make sure to use
`local -' in the output of `local -p'.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Peter Müller
|
ace891f719 |
intel-microcode: Update rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
f30206c39a |
openssl: Update to version 1.1.1s
- Update from version 1.1.1q to 1.1.1s
- Update of rootfile
- Changelog
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
*) Added the loongarch64 target
*) Fixed a DRBG seed propagation thread safety issue
*) Fixed a memory leak in tls13_generate_secret
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
*) Added a missing header for memcmp that caused compilation failure on some
platforms
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
bea1d4aef1 |
libnetfilter_conntrack: Update to version 1.0.9
- Update from version 1.0.8 to 1.0.9
- Update of rootfile
- Changelog
1.0.9
This release comes with the new nfct_nlmsg_build_filter() function that
allows to add metadata for kernel-side filtering of conntrack entries
during conntrack table dump.
The nfct_query() API supports the new NFCT_Q_FLUSH_FILTER argument,
it allows to flush only ipv4 or ipv6 entries from the connection
tracking table.
nfct_snprint family of functions have been updated.
SCTP conntrack entries now support 'heartbeat sent/acked' state.
Entries offloaded to hardware include '[HW_OFFLOAD]' in the formatted
output string.
Notable bugs fixed with this release include:
Fix buffer overflows and out-of-bounds accesses in the
nfct_snprintf() functions.
nfct_nlmsg_build() did not work for ICMP flows unless all ICMP attributes
were set in the reply tuple too, this affected the 'conntrack' tool
where updates (e.g. setting the conntrack mark to a different value)
of ICMP flows would not work.
- Detailed Changes
src: Handle negative snprintf return values properly
src: Fix nfexp_snprintf return value docs
conntrack: Replace strncpy with snprintf to improve null byte handling
conntrack: Fix incorrect snprintf size calculation
include: Add ARRAY_SIZE() macro
conntrack: Fix buffer overflow on invalid icmp type in setters
conntrack: Move icmp request>reply type mapping to common file
conntrack: Fix buffer overflow in protocol related snprintf functions
conntrack: Fix buffer overflows in __snprintf_protoinfo* like in *2str fns
examples: check return value of nfct_nlmsg_build()
libnetfilter_conntrack.pc.in: add LIBMNL_LIBS to Libs.Private
conntrack: dccp print function should use dccp state
conntrack: sctp: update states
include: add CTA_STATS_CLASH_RESOLVE
include: sync uapi header with nf-next
src: add support for status dump filter
include: add CTA_STATS_CHAIN_TOOLONG from linux 5.15 uapi
libnetfilter_conntrack: bump version to 1.0.9
build: use the right automake variables
Update .gitignore
build: update obsolete autoconf macros
conntrack: fix invmap_icmpv6 entries
conntrack: Don't use ICMP attrs in decision to build repl tuple
src: add IPS_HW_OFFLOAD flag
conntrack: add flush filter command
build: missing internal/proto.h in Makefile.am
conntrack: add nfct_nlmsg_build_filter() helper
conntrack: don't cancel nest on unknown layer 4 protocols
tests: Fix for missing qa-connlabel.conf in tarball
tests: Add simple tests to TESTS variable
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Peter Müller
|
28b9df01a6 |
linux-firmware: Do not ship firmware for Realtek Bluetooth devices
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
1c609e13de |
linux-firmware: Update to 20221109
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
Matthias Fischer
|
ae45b1217a |
bind: Update to 9.16.35
For details for 9.16.35 and 9.16.34 (we skipped the last) see: https://downloads.isc.org/isc/bind9/9.16.35/doc/arm/html/notes.html#notes-for-bind-9-16-35 "Notes for BIND 9.16.35 Bug Fixes A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. [GL #3591] In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. This has been fixed. [GL #3598] rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. This has been fixed. [GL #3247] Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. This has been fixed. [GL #2895] The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. This has been fixed. [GL #3584] Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. This has been fixed. [GL #3563] When a DNS resource record’s TTL value was equal to the resolver’s configured prefetch “eligibility” value, the record was erroneously not treated as eligible for prefetching. This has been fixed. [GL #3603] ... Notes for BIND 9.16.34 Bug Fixes Changing just the TSIG key names for primaries in catalog zones’ member zones was not effective. This has been fixed. [GL #3557]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
9d5d747799 |
dtc: Update rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
35494eac83 |
OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096
Initial patch: https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=2ccc799f8bd6a12c3edab5f1a89fab4d2cd05ea8 Minor adjustments to make it apply to the current state of "next", and removal of chown operation in OpenSSL's LFS file, which would have lead to the Diffie-Hellman group file being writable by nobody, for which there is no necessity. Fixes: #12632 From: Erik Kapfer <erik.kapfer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
Arne Fitzenreiter
|
ad73008393 |
memtest: update to memtest86+ v6.00
This is now a version 64bit version that can also boot via efi. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Peter Müller
|
d41f25bd96 |
Python3: Update 32-bit ARM rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
f9ab4c432a |
Core Update 172: Ship Python 3.10.8 and related changes
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
fa613d31c8 |
rust-pyo3-build-config:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
c74a3eead3 |
rust-pyo3-macros-backend:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
fd9d183c21 |
rust-pyo3-macros:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
9ab0df2c67 |
rust-pyo3:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2
- Update of rootfile
- Changelog
## [0.15.2] - 2022-04-14
### Packaging
- Backport of PyPy 3.9 support from PyO3 0.16. [#2262](https://github.com/PyO3/pyo3/pull/2262)
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
7b43fb6b7d |
rust-pem:Update to version 1.1.0 - required by python3-cryptography
- Updated from version 1.0.2 to 1.1.0 - Update of rootfile - Changelog found in source tarball stops at version 1.0.1 No changelog found elsewhere Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
217e9db591 |
rust-ouroboros_macro:Update to version 0.15.5 - required by python3-cryptography
- Updated from version 0.13.0 to 0.15.5 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
c8e187ba8e |
rust-ouroboros:Update to version 0.15.5 - required by python3-cryptography
- Updated from version 0.13.0 to 0.15.5 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
f80eb8b8f6 |
rust-asn1_derive:Update to version 0.12.2 - required by python3-cryptography
- Updated from version 0.8.7 to 0.12.2 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
db101b368a |
rust-asn1: Update to version 0.12.2 - required by python3-cryptography
- Updated from version 0.8.7 to 0.12.2 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
d116f35a36 |
rust-iana-time-zone: Required by updated rust-chrono
- Install of version 0.1.51 - Definition of rootfile - Creation of metadata patch to eliminate windows options Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
9745d784b9 |
rust-chrono:Update to version 0.4.22 required by python3-cryptography
- Updated from version 0.4.19 to 0.4.22 - Update of rootfile - Update of metadata patch as more windows related entries in Cargo.toml to be excluded - Changelog ## 0.4.22 * Allow wasmbindgen to be optional on `wasm32-unknown-unknown` target [(#771)](https://github.com/chronotope/chrono/pull/771) * Fix compile error for `x86_64-fortanix-unknown-sgx` [(#767)](https://github.com/chronotope/chrono/pull/767) * Update `iana-time-zone` version to 1.44 [(#773)](https://github.com/chronotope/chrono/pull/773) ## 0.4.21 * Fall back to UTC timezone in cases where no timezone is found [(#756)](https://github.com/chronotope/chrono/pull/756) * Correctly detect timezone on Android [(#756)](https://github.com/chronotope/chrono/pull/756) * Improve documentation for strftime `%Y` specifier [(#760)](https://github.com/chronotope/chrono/pull/760) ## 0.4.20 * Add more formatting documentation and examples. * Add support for microseconds timestamps serde serialization/deserialization (#304) * Fix `DurationRound` is not TZ aware (#495) * Implement `DurationRound` for `NaiveDateTime` * Implement `std::iter::Sum` for `Duration` * Add `DateTime::from_local()` to construct from given local date and time (#572) * Add a function that calculates the number of years elapsed between now and a given `Date` or `DateTime` (#557) * Correct build for wasm32-unknown-emscripten target (#568) * Change `Local::now()` and `Utc::now()` documentation from "current date" to "current date and time" (#647) * Fix `duration_round` panic on rounding by `Duration::zero()` (#658) * Add optional rkyv support. * Add support for microseconds timestamps serde serialization for `NaiveDateTime`. * Add support for optional timestamps serde serialization for `NaiveDateTime`. * Fix build for wasm32-unknown-emscripten (@yu-re-ka #593) * Make `ParseErrorKind` public and available through `ParseError::kind()` (#588) * Implement `DoubleEndedIterator` for `NaiveDateDaysIterator` and `NaiveDateWeeksIterator` * Fix panicking when parsing a `DateTime` (@botahamec) * Add support for getting week bounds based on a specific `NaiveDate` and a `Weekday` (#666) * Remove libc dependency from Cargo.toml. * Add the `and_local_timezone` method to `NaiveDateTime` * Fix the behavior of `Duration::abs()` for negative durations with non-zero nanos * Add compatibility with rfc2822 comments (#733) * Make `js-sys` and `wasm-bindgen` enabled by default when target is `wasm32-unknown-unknown` for ease of API discovery * Add the `Months` struct and associated `Add` and `Sub` impls Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
7a251a1fa3 |
python3-setuptools-scm:Update to version 7.0.5 and to work with python-3.10.8
- Updated from version 6.4.2 to 7.0.5 - Update of rootfile - Changelog v7.0.5 Merge pull request #746 from RonnyPfannschmidt/release-prep v7.0.4 Merge pull request #739 from RonnyPfannschmidt/fix-738-protect-relative-to v7.0.3 What's Changed Hg / pip compatibility by @paugier in #729 fix #728: remove git arguments that triggered wrong branch names by @RonnyPfannschmidt in #730 fix #691 - support root in pyproject.toml even for cli by @RonnyPfannschmidt in #731 fix #727: correctly handle incomplete archivals from setuptools_scm_g… by @RonnyPfannschmidt in #732 cleanup pyproject loading and allow cli relative roots to be specified by @RonnyPfannschmidt in #736 Update the README: document support for Git archives by @Changaco in #734 v7.0.2 Merge pull request #724 from RonnyPfannschmidt/fix-722-self-bootstrap v7.0.1 Merge pull request #719 from kojiromike/missing-importlib v7.0.0 pre-commit update Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
47cfdd293e |
python3-setuptools-rust:Update to version 1.5.2 and to work with python-3.10.8
- Updated from version 1.2.0 to 1.5.2 - Update of rootfile - Changelog v1.5.2 Fixed Fix regression in dylib build artifacts not being found since 1.5.0. #290 Fix regression in sdist missing examples and other supplementary files since 1.5.0. #291 v1.5.1 Fixed Fix regression in get_lib_name crashing since 1.5.0. #280 Fix regression in Binding.Exec builds with multiple executables not finding built executables since 1.5.0. #283 v1.5.0 Added Add support for extension modules built for wasm32-unknown-emscripten with Pyodide. #244 Changed Locate cdylib artifacts by handling messages from cargo instead of searching target dir (fixes build on MSYS2). #267 No longer guess cross-compile environment using HOST_GNU_TYPE / BUILD_GNU_TYPE sysconfig variables. #269 Fixed Fix RustBin build without wheel. #273 Fix RustBin setuptools install. #275 v1.4.1 Fixed Fix crash when checking Rust version. #263 v1.4.0 Packaging Increase minimum setuptools version to 62.4. #222 Added Add cargo_manifest_args to support locked, frozen and offline builds. #234 Add RustBin for packaging binaries in scripts data directory. #248 Changed Exec binding RustExtension with script=True is deprecated in favor of RustBin. #248 Errors while calling cargo metadata are now reported back to the user #254 quiet option will now suppress output of cargo metadata. #256 setuptools-rust will now match cargo behavior of not setting --target when the selected target is the rust host. #258 Deprecate native option of RustExtension. #258 Fixed If the sysconfig for BLDSHARED has no flags, setuptools-rust won't crash anymore. #241 v1.3.0 Packaging Increase minimum setuptools version to 58. #222 Fixed Fix crash when python-distutils-extra linux package is installed. #222 Fix sdist built with vendored dependencies on Windows having incorrect cargo config. #223 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
8d7395e666 |
python3-pep517:Update to version 0.13.0 and to work with python-3.10.8
- Updated from version 0.12.0 to 0.13.0 - Update of rootfile - No Changelog available in the source tarball or pypi or the github repository Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
d8c94dabb5 |
python3-daemon: Update to version 2.3.1 and to work with python-3.10.8
- Updated from version 2.3.0 to 2.3.1
- Update of rootfile
- Changelog
Version 2.3.1
Bugs Fixed:
* Avoid operations on a closed stream file when detecting a socket.
Closes: Pagure #64. Thanks to Mark Richman for the report.
* Correct use of names to allow `from daemon import *`.
Closes: Pagure #65. Thanks to July Tikhonov for the report.
Changed:
* Speed daemon start time by computing candidate file descriptors once.
Closes: Pagure #40. Thanks to Alex Pyrgiotis for the report.
* Remove incorrect double-patch of objects in test cases.
Closes: Pagure #62. Thanks to Miro Hrončok for the report.
* Deprecate helper function `is_socket`.
The function incorrectly causes `ValueError` when the file object is already
closed. Migrate to the new `is_socket_file` helper function instead.
Removed:
* Drop backward-compatible helpers that provided Python 2 support.
* declaration of source encoding ‘utf-8’
* absolute_import
* unicode_literals
* module-level metaclass `type`
* unification of str with unicode type
* renamed standard library exceptions and modules
* raise exception from context exception
All these are default behaviour in Python 3 and need no special
handling.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
b7fbfaded5 |
python3-build: Update to version 0.8.0 and to work with python-3.10.8
- Updated from version 0.7.0 to 0.8.0
- Update of rootfile
- Changelog
0.8.0 (2022-05-22)
Accept os.PathLike[str] in addition to str for paths in public API
(PR #392, Fixes #372)
Add schema validation for build-system table to check conformity with PEP 517
and PEP 518 (PR #365, Fixes #364)
Better support for Python 3.11 (sysconfig schemes PR #434, PR #463,
tomllib PR #443, warnings PR #420)
Improved error printouts (PR #442)
Avoid importing packaging unless needed (PR #395, Fixes #393)
Breaking Changes
Failure to create a virtual environment in the build.env module now raises
build.FailedProcessError (PR #442)
- As far as I can tell IPFire does not use the build.env module and the built iso
installed successfully
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
9d8a588351 |
python3-Cython: Removal of this module from IPFire
- New version of python3-pyfuse3 has been cythonised so Cython no longer required Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
a3e169e897 |
python3: Update to version 3.10.8
- Update from version 3.10.1 to 3.10.8 - Update of rootfile - Changelog is too large to include hear. More details can be found at https://docs.python.org/3.10/whatsnew/changelog.html#changelog - Installed Iso, created from build of this python update series, into a vm testbed clone. All pages and contents worked. No issues found on any WUI page. Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
639e23b847 |
libxml2: Update to version 2.10.3
- Update from version 2.9.14 to 2.10.3
- Update of rootfile
- Changelog
v2.10.3: Oct 14 2022
### Security
- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
### Portability
- win32: Fix build with VS2013
### Build system
- cmake: Set SOVERSION
v2.10.2: Aug 29 2022
### Improvements
- Remove set-but-unused variable in xmlXPathScanName
- Silence -Warray-bounds warning
### Build system
- build: require automake-1.16.3 or later (Xi Ruoyao)
- Remove generated files from distribution
### Test suite
- Don't create missing.xml when running testapi
v2.10.1: Aug 25 2022
### Regressions
- Fix xmlCtxtReadDoc with encoding
### Bug fixes
- Fix HTML parser with threads and --without-legacy
### Build system
- Fix build with Python 3.10
- cmake: Disable version script on macOS
- Remove Makefile rule to build testapi.c
### Documentation
- Switch back to HTML output for API documentation
- Port doc/examples/index.py to Python 3
- Fix order of exports in libxml2-api.xml
- Remove libxml2-refs.xml
v2.10.0: Aug 17 2022
### Security
- [CVE-2022-2309] Reset nsNr in xmlCtxtReset
- Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer (David Kilzer)
- Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
- Fix integer overflow in xmlBufferDump() (David Kilzer)
- xmlBufAvail() should return length without including a byte for NUL
terminator (David Kilzer)
- Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
Kilzer)
- Use xmlNewDocText in xmlXIncludeCopyRange
- Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser (David Kilzer)
- Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
- fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn)
### Removals and deprecations
- Disable XPointer location support by default
- Remove outdated xml2Conf.sh
- Deprecate module init and cleanup functions
- Remove obsolete XML Software Autoupdate (XSA) file
- Remove DOCBparser
- Remove obsolete Python test framework
- Remove broken VxWorks support
- Remove broken Mac OS 9 support
- Remove broken bakefile support
- Remove broken Visual Studio 2010 support
- Remove broken Windows CE support
- Deprecate IDREF-related functions in valid.h
- Deprecate legacy functions
- Disable legacy support by default
- Deprecate all functions in nanoftp.h
- Disable FTP support by default
- Add XML_DEPRECATED macro
- Remove elfgcchack.h
### Regressions
- Skip incorrectly opened HTML comments
- Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)
### Bug fixes
- Fix memory leak with invalid XSD
- Make XPath depth check work with recursive invocations
- Fix memory leak in xmlLoadEntityContent error path
- Avoid double-free if malloc fails in inputPush
- Properly fold whitespace around the QName value when validating an XSD
schema. (Damjan Jovanovic)
- Add whitespace folding for some atomic data types that it's missing on.
(Damjan Jovanovic)
- Don't add IDs containing unexpanded entity references
### Improvements
- Avoid calling xmlSetTreeDoc
- Simplify xmlFreeNode
- Don't reset nsDef when changing node content
- Fix unintended fall-through in xmlNodeAddContentLen
- Remove unused xmlBuf functions (David Kilzer)
- Implement xpath1() XPointer scheme
- Add configuration flag for XPointer locations support
- Fix compiler warnings in Python code
- Mark more static data as `const` (David Kilzer)
- Make xmlStaticCopyNode non-recursive
- Clean up encoding switching code
- Simplify recursive pthread mutex
- Use non-recursive mutex in dict.c
- Fix parser progress checks
- Avoid arithmetic on freed pointers
- Improve buffer allocation scheme
- Remove unneeded #includes
- Add support for some non-standard escapes in regular expressions. (Damjan
Jovanovic)
- htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
- Add let variable tag support (Oliver Diehl)
- Add value-of tag support (Oliver Diehl)
- Remove useless call to xmlRelaxNGCleanupTypes
- Don't include ICU headers in public headers
- Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
- Fix unused variable warnings with disabled features
- Only warn on invalid redeclarations of predefined entities
- Remove unneeded code in xmlreader.c
- Rework validation context flags
### Portability
- Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
- Fix Python tests on macOS
- Fix xmlCleanupThreads on Windows
- Fix reinitialization of library on Windows
- Don't mix declarations and code in runtest.c
- Use portable python shebangs (David Seifert)
- Use critical sections as mutex on Windows
- Don't set HAVE_WIN32_THREADS in win32config.h
- Use stdint.h with newer MSVC
- Remove cruft from win32config.h
- Remove isinf/isnan emulation in win32config.h
- Always fopen files with "rb"
- Remove __DJGPP__ checks
- Remove useless __CYGWIN__ checks
### Build system
- Don't autogenerate doc/examples/Makefile.am
- cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
- cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
- Port genUnicode.py to Python 3
- Port gentest.py to Python 3
- cmake: Fix build without thread support
- cmake: Install documentation in CMAKE_INSTALL_DOCDIR
- cmake: Remove non needed files in docs dir (Daniel E)
- configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
(Christopher Degawa)
- Move local Autoconf macros into m4 directory
- Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
- Update libxml-2.0-uninstalled.pc.in
- Remove LIBS from XML_PRIVATE_LIBS
- Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
- Don't overlink executables
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
- build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
- Avoid obsolescent `test -a` constructs (David Seifert)
- Move AM_MAINTAINER_MODE to AM section
- configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
- Streamline documentation installation
- Don't try to recreate COPYING symlink
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- Makefile.am: install examples more idiomatically (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Respect `--sysconfdir` in source files (David Seifert)
- Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin)
- Only install *.html and *.c example files
- Remove --with-html-dir option
- Rework documentation build system
- Remove old website
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Update genChRanges.py
- Update build_glob.py
- Remove ICONV_CONST test
- Remove obsolete AC_HEADER checks
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove special configuration for certain maintainers
### Test suite, CI
- Disable network in API tests
- testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
- Build Autotools CI tests out of source tree (VPATH)
- Add --with-minimum build to CI tests
- Fix warnings when testing --with-minimum build
- cmake: Run all tests when threads are disabled
- Also build CI tests with -Werror
- Move doc/examples tests to new test suite
- Simplify 'make check' targets
- Fix schemas and relaxng tests
- Remove unused result files
- Allow missing result files in runtest
- Move regexp tests to runtest
- Move SVG tests to runtest.c
- Move testModule to new test suite
- Move testThreads to new test suite
- Remove major parts of old test suite
- Make testchar return an error on failure (Tony Tascioglu)
- Add CI job for static build
- python/tests: open() relative to test scripts (David Seifert)
- Port some test scripts to Python 3
### Documentation
- Improve documentation of tree manipulation API
- Update xml2-config man page
- Consolidate man pages
- Rename xmlcatalog_man.xml
- Make examples a standalone HTML page
- Fix documentation in entities.c
- Add note about optimization flags
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
cf25086eea |
expat: Update to version 2.5.0
- Update from version 2.4.9 to 2.5.0
- Update of rootfile.
- Changelog
Release 2.5.0 Tue October 25 2022
Security fixes:
#616 #649 #650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially
arbitrary code execution.
Bug fixes:
#612 #645 Fix curruption from undefined entities
#613 #654 Fix case when parsing was suspended while processing nested
entities
#616 #652 #653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
#656 CMake: Fix generation of pkg-config file
#658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
#667 #668 Version info bumped from 9:9:8 to 9:10:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
634f46dc34 |
zlib: Update to version 1.2.13
- Update from version 1.2.12 to 1.2.13
- Update of rootfile
- Patches for CVE-2022-37434 removed as they are now integarted in the source tarball
- Changelog
Changes in 1.2.13 (13 Oct 2022)
- Fix configure issue that discarded provided CC definition
- Correct incorrect inputs provided to the CRC functions
- Repair prototypes and exporting of new CRC functions
- Fix inflateBack to detect invalid input with distances too far
- Have infback() deliver all of the available output up to any error
- Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37434)
- Fix bug in block type selection when Z_FIXED used
- Tighten deflateBound bounds
- Remove deleted assembler code references
- Various portability and appearance improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|