- Update from version 3.1.4 to 3.2.0
- Update of rootfile
- Changelog
3.2.0
This release incorporates the following potentially significant or incompatible
changes:
* The default SSL/TLS security level has been changed from 1 to 2.
* The `x509`, `ca`, and `req` apps now always produce X.509v3 certificates.
* Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
by default.
From my understanding these above changes should not create any problem for
IPFire.
This release adds the following new features:
* Support for client side QUIC, including support for
multiple streams (RFC 9000)
* Support for Ed25519ctx, Ed25519ph and Ed448ph in addition
to existing support for Ed25519 and Ed448 (RFC 8032)
* Support for deterministic ECDSA signatures (RFC 6979)
* Support for AES-GCM-SIV, a nonce-misuse-resistant AEAD (RFC 8452)
* Support for the Argon2 KDF, along with supporting thread pool
functionality (RFC 9106)
* Support for Hybrid Public Key Encryption (HPKE) (RFC 9180)
* Support for SM4-XTS
* Support for Brainpool curves in TLS 1.3
* Support for TLS Raw Public Keys (RFC 7250)
* Support for TCP Fast Open on Linux, macOS and FreeBSD,
where enabled and supported (RFC 7413)
* Support for TLS certificate compression, including library
support for zlib, Brotli and zstd (RFC 8879)
* Support for provider-based pluggable signature algorithms
in TLS 1.3 with supporting CMS and X.509 functionality
With a suitable provider this enables the use of post-quantum/quantum-safe
cryptography.
* Support for using the Windows system certificate store as a source of
trusted root certificates
This is not yet enabled by default and must be activated using an
environment variable. This is likely to become enabled by default
in a future feature release.
* Support for using the IANA standard names in TLS ciphersuite configuration
* Multiple new features and improvements to CMP protocol support
The following known issues are present in this release and will be rectified
in a future release:
* Provider-based signature algorithms cannot be configured using the
SignatureAlgorithms configuration file parameter (#22761)
This release incorporates the following documentation enhancements:
* Added multiple tutorials on the OpenSSL library and in particular
on writing various clients (using TLS and QUIC protocols) with libssl
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 11.6.1 to 11.7.0
- Update of rootfile
- Changelog
11.7.0
* Define CPACK_NSIS_MODIFY_PATH for the Windows builds so the
official installers will offer to modify PATH when installing
qpdf. Fixes#1054.
* Add QPDFAcroFormDocumentHelper::disableDigitalSignatures, which
disables any digital signature fields, leaving their visual
representations intact. The --remove-restrictions command-line
argument now calls this. Fixes#1015.
* Generate a more complete qpdf "man page" from the same source as
qpdf --help. Fixes#1064.
* Allow the syntax "--encrypt --user-password=user-password
--owner-password=owner-password --bits={40,128,256}" when
encrypting PDF files. This is an alternative to the syntax
"--encrypt user-password owner-password {40,128,256}", which will
continue to be supported. The new syntax works better with shell
completion and allows creation of passwords that start with "-".
Fixes#874.
* When setting a check box value, allow any value other than /Off
to mean checked. This is permitted by the spec. Previously, any
value other than /Yes or /Off was rejected. Fixes#1056.
* Fix to QPDF JSON: a floating point number that appears in
scientific notation will be converted to fixed-point notation,
rounded to six digits after the decimal point. Fixes#1079.
* Fix to QPDF JSON: the syntax "n:/pdf-syntax" is now accepted as
an alternative way to represent names. This can be used for any
name (e.g. "n:/text#2fplain"), but it is necessary when the name
contains binary characters. For example, /one#a0two must be
represented as "n:/one#a0two" since the single byte a0 is not
valid in JSON. Fixes#1072.
* From M. Holger: Refactor QPDFParser for performance. See #1059
for a discussion.
* Update code and tests so that qpdf's test suite no longer
depends on the output of any specific zlib implementation. This
makes it possible to get a fully passing test suite with any
API-compatible zlib library. CI tests with the default zlib as
well as zlib-ng (including verifying that zlib-ng is not the
default), but any zlib implementation should work. Fixes#774.
* Bug fix: with --compress-streams=n, don't compress object, XRef,
or linearization hint streams.
* Add new C++ functions "qpdf_c_get_qpdf" and "qpdf_c_wrap" to
qpdf-c.h that make it possible to write your own extern "C"
functions in C++ that interoperate with the C API. See
examples/extend-c-api for more information.
* Bug fix from M. Holger: the default for /Columns in PNG filter
is 1, but libqpdf was acting like it was 0.
* Enhancement from M. Holger: add methods to Buffer to work more
easily with std::string.
11.6.4
* Install fix: include cmake files with the dev component.
* Build AppImage with an older Linux distribution to support AWS
Lambda. Fixes#1086.
11.6.3
* Tweak linearization code to better handle files between 2 GB and
4 GB in size. Fixes#1023.
* Fix data loss bug: qpdf could discard a the character after an
escaped octal string consisting of less than three digits. For
content, this would only happen with QDF or when normalizing
content. Outside of content, it could have happened in any binary
string, such as /ID, if the encoding software used octal escape
strings with less than three digits. This bug was introduced
between 10.6.3 and 11.0.0. Fixes#1050.
11.6.2
* Bug fix: when piping stream data, don't call finish on failure
if the failure was caused by a previous call to finish. Fixes
#1042.
* Push .idea directory with the beginning of a sharable JetBrains
CLion configuration.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
the kernel has no CONFIG_MICROCODE_{AMD|INTEL} anymore so this patch change the check
to CONFIG_MICROCODE.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Housekeeping in case it has already been installed on a system that is
following the unstable Pakfire branch.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.11.2 to 2.12.0
- Update of rootfile
- Changelog
2.12.0
Fixes:
* Fix some manual page portability issues with groff 1.23.0.
* Fix test failures when a working `iconv` is not available.
* Ensure that timestamps read from the database can go past the year 2038,
even on systems where this is not the default.
* Fix `manpath` not parsing `PATH` entries with trailing slash correctly
for guessing `MANPATH` entries.
* More accurately document the behaviour of passing file names as arguments
to `man` without the `-l`/`--local-file` option.
* Avoid duplicate cleanup of old cat pages by both `man-db.service` and
`systemd-tmpfiles-clean.service`.
Improvements:
* Update system call lists in `seccomp` sandbox from `systemd`.
* Upgrade to Gnulib `stable-202307`.
* Work around the Firebuild accelerator in `seccomp` sandbox: if this is in
use then we need to allow some socket-related system calls.
* `man -K` now deduplicates search results that point to the same page.
* Warn if `mandb` drops to `--user-db` mode due to running as the wrong
user.
* Change section title recommendations in `man(1)` to mention `STANDARDS`
rather than `CONFORMING TO`, in line with `man-pages(7)`.
* Add a `STANDARDS` section to `man(1)` itself.
* Document that `man -K` may suffer from false negatives as well as false
positives.
* Take advantage of newer `groff` facilities to implement `man
--no-hyphenation` and `man --no-justification`, if available.
* `man -f` and `man -k` now pass any `-r`/`--regex` or `-w`/`--wildcard`
options on to `whatis` and `apropos` respectively.
* Always pass a line length to `nroff`, even if we believe that it matches
the default.
* Allow disabling `groff` warnings via `man --warnings`, by prefixing a
warning name with `!`.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 6.4.0 to 6.6.0
- Update of rootfile
- iproute2 has implemented stateless configuration pattern. This now puts all the files
that were in /etc/iproute2 into /usr/lib/iproute2. Therefore command added to lfs to
move /usr/lib/iproute2 to /etc/iproute2 to match the previous situation.
- Changelog is only provided by the git commits.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
this is the first version that support booting linux kernel on
riscv. The release of the final version was delayed again and again
so i have bootstrapped the rc1 from the git and fixed the path in 25_bli.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20230808 to 20231114
- Update of rootfile
- Changelog details can be found in the releasenote.md file from the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
the "xxxKVERxxx" placeholder is replaced by the buildsystem with the current build kernel
version. KVER is used a few lines later to build the arm initrd so this is needed.
This reverts commit bef1bf4526.
- With the 7.1 version of texinfo function names have changed which caused ffmpeg to fail
to build. There were some unofficial patches to fix ffmpeg to work with the new texinfo
but the simplest solution was to stop the docs being built in the configure command.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 7.0.3 to 7.1
- Update of rootfile
- Changelog
7.1 (18 October 2023)
* Language
. new generic definition commands, @defblock, @defline and @deftypeline,
for definitions without automatic index entries
. new @linemacro facility eases use of generic definition commands
. new command @link creates plain links (supported output formats only)
. @cartouche takes an argument to specify the cartouche title
. you can use the new commands @nodedescription and @nodedescriptionblock
to give text to be used in menu descriptions in Info and HTML output
* texi2any
. @itemx at the beginning of a @table is now an error, not a warning
. better validity checking of deeply nested commands
. check that @set and @clear only appear at the start of a line
. warn about missing menu entries even if CHECK_NORMAL_MENU_STRUCTURE is
not set. you can turn this off by setting CHECK_MISSING_MENU_ENTRY to 0.
. no longer use --enable-encoding and --disable-encoding to determine
whether to output encoded characters (instead of entities or commands)
for HTML, XML, DocBook and LaTeX; instead, use the value of the
OUTPUT_CHARACTERS customization variable.
. stricter checks on input encoding, in particular more warnings and
errors with malformed UTF-8
. support any input file encoding if support exists in the operating
system, not just a selected list of encodings
. resolve an alias referring to another alias at definition time
. internally, use "source marks" to keep all Texinfo source information that
is not in the final tree (location of macros, values and included files
expansion, @if* blocks, DEL comment, and @ protecting end of line on @def*
lines)
. HTML output:
. format @subentry and index entries with @seealso or @seeentry in a more
similar way to printed output
. output @shortcontents before @contents by default
. omit colons after index entries by default. this can still be
configured with INDEX_ENTRY_COLON.
. add @example syntax highlighting as a texi2any extension
. no more capitalization of @sc argument in HTML Cross-references
. change @point expansion to U+22C6 in HTML Cross-references
. if a @node is not associated with a sectioning command but is
followed by a heading command not usually associated to nodes
such as @heading and this command appears before other formatted
content, the heading command is assumed to supply the node heading.
you can customize this with USE_NEXT_HEADING_FOR_LONE_NODE.
. Info output:
. new variable ASCII_DASHES_AND_QUOTES, on by default,
outputs ASCII characters for literal quote or hyphen characters
in source, rather than UTF-8. this makes it easier to search
Info files.
. new ASCII_GLYPH variable for using ASCII renditions for glyph
commands (like @bullet)
. ASCII_PUNCTUATION still includes the effect of these new variables.
. new variables AUTO_MENU_DESCRIPTION_ALIGN_COLUMN and AUTO_MENU_MAX_WIDTH
control the format of descriptions in generated menus
. XML output:
. place menu leading text and menu separators in elements instead
of attributes
* texi2dvi
. macro expansion with texi2any requires at least version 5.0 (only
happens with --expand option or with very old texinfo.tex)
* texinfo.tex
. in @code, ` and ' output by default with backtick and undirected
single quote glyphs in the typewriter font. you can still configure
this using the @codequoteundirected/@codequotebacktick commands.
. do not insert a space for @ def line continuation, matching the behavior
of texi2any
. align section titles in table of contents when more than 10 sections
. microtype is off by default, for speed
. page headings generation is no longer linked to the @titlepage command
* info
. when going Up, position cursor on menu entry for current node
. allow mouse scrolling support regardless of termcap entries. this
supports some more xterm configurations.
. do not use "/index" as a possible file extension for Info files
* Distribution
. autoconf 2.71, automake 1.16.5, gettext 0.21
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
