- Update from version 0.21 to 0.22
- Update of rootfile
- Changelog
0.22 - June 2023
* PO file format:
- When a #: line contains references to file names that contain spaces,
these file names are surrounded by Unicode characters U+2068 and U+2069.
This makes it possible to parse such references correctly.
* Improvements for maintainers:
- The AM_GNU_GETTEXT macro now defines two variables localedir_c and
localedir_c_make, that can be used in C code or in Makefiles,
respectively, for representing the value of the --localedir configure
option.
* Programming languages support:
- C, C++:
o xgettext now supports gettext-like functions that take wide strings
(of type 'const wchar_t *', 'const char16_t *', or 'const char32_t *')
as arguments.
o xgettext now recognizes numbers with digit separators, as defined by
ISO C 23, as tokens.
o xgettext and msgfmt now recognize the format string directive %b
(for binary integer output, as defined by ISO C 23) in format strings.
o xgettext and msgfmt now recognize the argument size specifiers
w8, w16, w32, w64, wf8, wf16, wf32, wf64 (as defined by ISO C 23)
in format strings.
o xgettext and msgfmt now recognize C++ format strings, as defined by
ISO C++ 20. They are marked as 'c++-format' in POT and PO files.
A new example has been added, 'hello-c++20', that illustrates how
to use these format strings with gettext.
- Java:
o The build system and tools now also support Java versions newer than
Java 11. This is known to work up to Java 20, at least. On the other
hand, support for old versions of Java (Java 1.5 and GCJ) has been
dropped.
- Tcl: xgettext now supports the \x, \u, and \U escapes as defined in
Tcl 8.6.
* Portability:
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with an encoding other than UTF-8.
To this effect, the msgfmt program now converts the messages to UTF-8
encoding before storing them in a MO file. You can prevent this by
using the msgfmt --no-convert option.
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with ISO C 99 <inttypes.h> format
string directive macros. To this effect, the msgfmt program pre-expands
strings with such macros. You can prevent this by using the msgfmt
--no-redundancy option.
* xgettext:
- The xgettext option '--sorted-output' is now deprecated.
- xgettext input files of type PO that are not all ASCII and not UTF-8
encoded are now handled correctly.
* The base Unicode standard is now updated to 15.0.0.
* Emacs PO mode:
Fix an incompatibility with Emacs version 29 or newer.
0.21.1 - October 2022
* Runtime behaviour:
- On AIX, locale names with a script or with an uppercase language are now
supported.
For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and
EN_US.UTF-8 is treated like en_US.UTF-8.
* The base Unicode standard is now updated to 14.0.0.
* Portability:
- Building on macOS 11/arm64 is now supported.
- Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is another fragment of rngd - the gift that keeps giving.
The udev rules file contains a lot of stuff for a prototype which never
went into production. So, that can be dropped.
It would have been left with one rule that starts rngd whenever a HWRNG
is being found. That is however no longer needed as rngd is being
started in the init process. We no longer need to initialize it as early
as possible to seed the kernel's PRNG.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.71.1 to 2.77.0
- Update of rootfile
- Changelog is too large to include here. Details can be found in the NEWS file in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.22.4 to 1.23.0
- Update of rootfile
- Changelog is too large to show here.
See the NEWS file in the source tarball for user visible changes. This does not
include any bug fixes.
For bug fixes and all commits see the ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.6.2 to 3.7.0
- Update of rootfile
- Changelog
3.7.0 is a feature and bugfix release.
New features:
bsdunzip: new tool ported from FreeBSD (#1873)
drop-in replacement for Info-ZIP unzip, not yet ported for Windows
7zip reader: support for Zstandard compression (#1894)
7zip reader: support for ARM64 filter (#1918)
zstd filter: support for multi-frame zstd archives (#1818)
Other notable bugfixes and improvements:
pax: fix year 2038 problem on platforms with 64-bit time_t (#1840)
Windows: Universal Windows Platform (UWP) fixes and improvements (#1879, #1883, #1885, #1840)
Windows: bcrypt usage fixes and improvements (#1881, #1887)
Windows: time function usage fixes and improvements (#1820, #1824, #1830)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.13.0 to 3.15.0
- Update of rootfile
- Changelog
3.15.0 (2023-06-09)
* Improved support for some less common systems (32 bit, alternative libcs)
* Unsupported mount options are no longer silently accepted.
* auto_unmount is now compatible with allow_other.
3.14.1 (2023-03-26)
* The extended attribute name passed to the setxattr() handler is no longer
truncated at the beginning (bug introduced in 3.13.0).
* As a result of the above, the additional setattr() flags introduced in 3.14 are no
longer available for now. They will hopefully be reintroduced in the next release.
* Further improvements of configuration header handling.
3.14.0 (2023-02-17)
* Properly fix the header installation issue. The fix in 3.13.1 resulted
in conflicts with other packages.
* Introduce additional setattr() flags (FORCE, KILL_SUID, KILL_SGID, FILE,
KILL_PRIV, OPEN, TIMES_SET)
3.13.1 (2023-02-03)
* Fixed an issue that resulted in errors when attempting to compile against
installed libfuse headers (because libc symbol versioning support was not
detected correctly in this case).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.1.0 to 8.2.0
- Update of rootfile
- Changelog
8.2.0
Changes:
curl: add --ca-native and --proxy-ca-native
curl: add --trace-ids
CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS
haproxy: add --haproxy-clientip flag to set client IPs
lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID
Bugfixes:
bufq: make write/pass methods more robust
build: drop unused/redundant `HAVE_WINLDAP_H`
cf-socket: don't bypass fclosesocket callback if cancelled before connect
cf-socket: move ctx declaration under HAVE_GETPEERNAME
cf-socket: skip getpeername()/getsockname for TFTP
checksrc: modernise perl file open
checksrc: quote the file name to work with "funny" letters
CI: brew fix for openssl in default path
CI: don't install impacket if tests are not run
CI: enable parallel make in more builds
circleci: install impacket & wolfssl 5.6.0
cmake: add support for "unity" builds
cmake: make use of snprintf
cmake: stop CMake from quietly ignoring missing Brotli
configure: add check for ldap_init_fd
configure: fix run-compiler for old /bin/sh
configure: the --without forms of the options are also gone
connect-timeout.d: mention that the DNS lookup is included
curl.h: include <sys/select.h> for vxworks
curl: count uploaded data to stop at the originally given size
curl: return error when asked to use an unsupported HTTP version
curl_easy_nextheader.3: add missing open parenthesis examples
curl_log: evaluate log statement only when transfer is verbose
curl_mprintf.3: minor fix of the example
curl_pushheader_byname/bynum.3: document in their own man pages
curl_url_set: enforce the max string length check for all parts
CURLOPT_AWS_SIGV4.3: remove unused variable from example
CURLOPT_INFILESIZE.3: mention -1 triggers chunked
CURLOPT_MIMEPOST.3: clarify what setting to NULL means
CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search
docs/libcurl/libcurl.3: cleanups and improvements
docs: add more .IP after .RE to fix indentation of generate paragraphs
docs: fix missing parameter names in examples
docs: update CURLOPT_UPLOAD.3
docs: update HTTP3.md for newer ngtcp2 and nghttp3
docs: use a space after RFC when spelling out RFC numbers
example/connect-to: show CURLOPT_CONNECT_TO
example/crawler: also set CURLOPT_AUTOREFERER
example/crawler: make it use a few more options
example/default-scheme: set the default scheme for schemeless URLs
example/hsts-preload: show one way to HSTS preload
example/http2-download: set CURLOPT_BUFFERSIZE
example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use
example/maxconnects: set maxconnect example
example/opensslthreadlock: remove
examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS
examples/http-options: show how to send "OPTIONS *"
examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT
examples/multi-debugcallback.c: avoid the bool typedef
examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS
examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH
examples/websocket.c: websocket example using CONNECT_ONLY
examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR
fopen: fix conversion warning on 32-bit Android
fopen: optimize
hostip.c: Move macOS-specific calls into global init call
HTTP/2: upload handling fixes
http2: better support for --limit-rate
http2: error stream resets with code CURLE_HTTP2_STREAM
http2: fix crash in handling stream weights
http2: fix variable type
http2: h2 and h2-PROXY connection alive check fixes
http2: raise header limitations above and beyond
http2: send HEADER & DATA together if possible
http2: treat initial SETTINGS as a WINDOW_UPDATE
HTTP3.md: update openssl version
http3/ngtcp2: upload EAGAIN handling
http: rectify the outgoing Cookie: header field size check
hyper: fix EOF handling on input
hyper: unslow
imap-append.c: update to make it more likely to work
imap: Provide method to disable SASL if it is advertised
krb5: add typecast to please Coverity
libcurl-url.3: also mention CURLUPART_ZONEID
libcurl-ws.3. WebSocket API overview
libssh2: provide error message when setting host key type fails
libssh2: use custom memory functions
ngtcp2: assigning timeout, but value is overwritten before used
ngtcp2: build with 0.17.0 and nghttp3 0.13.0
ngtcp2: use ever increasing timestamp in io
quiche: avoid NULL deref in debug logging
quiche: fix defects found in latest coverity report
quote.d: fix indentation of generated paragraphs
runtests: abort test run after failure without -a
runtests: better handle ^C during slow tests
runtests: consistently write the test check summary block
runtests: create multiple test runners when requested
runtests: include missing valgrind package
runtests: make test file directories in log/N
runtests: rename server command file
runtests: use more consistent failure lines
runtests: work around a perl without SIGUSR1
runtests; give each server a unique log lock file
scripts: Fix GHA matrix job detection in cijobs.pl
sectransp: fix EOF handling
system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles
test2600: fix the description
test427: verify sending more cookies than fit in a 8190 bytes line
tests/http: Add mod_h2 directive `H2ProxyRequests`
tests/servers.pm: pick unused port number with a server socket
tests/servers: generate temp names in /tmp for unix domain sockets
tests: fix error messages & handling around sockets
tests: improve reliability of TFTP tests
testutil: allow multiple %-operators on the same line
timeval: use CLOCK_MONOTONIC_RAW if available
tls13-ciphers.d: include Schannel
tool: remove exclamation marks from error/warning messages
tool: remove newlines from all helpf/notef/warnf/errorf calls
tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION`
tool_getparam: fix comment
tool_operate: allow cookie lines up to 8200 bytes
tool_parsecfg: accept line lengths up to 10M
tool_urlglob: use curl_off_t instead of longs
tool_writeout_json: fix encoding of control characters
transfer: clear credentials when redirecting to absolute URL
urlapi: have *set(PATH) prepend a slash if one is missing
urlapi: scheme must start with alpha
vtls: avoid memory leak if sha256 call fails
websocket-cb: example doing WebSocket download using callback
wolfssl: detect when TLS 1.2 support is not built into wolfssl
wolfssl: support setting CA certificates as blob
ws: make the curl_ws_meta() return pointer a const
8.1.2
Bugfixes:
configure: quote the assignments for run-compiler
configure: without pkg-config and no custom path, use -lnghttp2
curl: cache the --trace-time value for a second
http2: fix EOF handling on uploads with auth negotiation
http3: send EOF indicator early as possible
lib1560: verify more scheme guessing
lib: remove unused functions, make single-use static
libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
libssh: when keyboard-interactive auth fails, try password
misc: fix spelling mistakes
page-header: mention curl version and how to figure out current release
page-header: minor wording polish in the URL segment
scripts/singleuse.pl: add more API calls
urlapi: remove superfluous host name check
8.1.1
Bugfixes:
cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND
checksrc: disallow spaces before labels
cmake: avoid `list(PREPEND)` for compatibility
cmake: repair cross compiling
configure: fix --help alignment
configure: generate a script to run the compiler
curl_easy_getinfo: clarify on return data types
docs: document that curl_url_cleanup(NULL) is a safe no-op
hostip: move easy_lock.h include above curl_memory.h
http2: double http request parser max line length
http2: increase stream window size to 10 MB
http2: upload improvements
lib: fix conversion warnings with gcc on macOS
lib: rename struct 'http_req' to 'httpreq'
ngtcp2: fix compiler warning about possible null-deref
ngtcp2: proper handling of uint64_t when adjusting send buffer
os400: update chkstrings.c
runtests: handle interrupted reads from IPC pipes
runtests: use the correct fd after select
sectransp.c: make the code c89 compatible
select: avoid returning an error on EINTR from select() or poll()
test425: fix the log directory for the upload
url: provide better error message when URLs fail to parse
urlapi: allow numerical parts in the host name
vquic.c: make recvfrom_packets static, avoid compiler warning
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 7.3.0 to 8.0.1
- Update of rootfile
- Changelog
Overview of changes leading to 8.0.1
- Build fix on 32-bit arm.
- More speed optimizations:
- 60% speedup in retaingids subsetting SourceHanSans-VF.
- 38% speed up in subsetting (beyond-64k) mega-merged Noto.
- 16% speed up in retain-gid (used for IFT) subsetting of NotoSansCJKkr.
Overview of changes leading to 8.0.0
- New, experimental, WebAssembly (WASM) shaper, that provides greater
flexibility over OpenType/AAT/Graphite shaping, using WebAssembly embedded
inside the font file. Currently WASM shaper is disabled by default and needs
to be enabled at build time. For details, see:
https://github.com/harfbuzz/harfbuzz/blob/main/docs/wasm-shaper.md
For example fonts making use of the WASM shaper, see:
https://github.com/simoncozens/wasm-examples
- Improvements to Experimental features introduced in earlier releases:
- Support for subsetting beyond-64k and VarComposites fonts.
- Support for instancing variable fonts with cubic “glyf” table.
- Many big speed optimizations:
- Up to 89% speedup loading variable fonts for shaping.
- Up to 88% speedup in small subsets of large (eg. CJK) fonts (both TTF and
OTF), essential for Incremental Font Transfer (IFT).
- Over 50% speedup in loading Roboto font for shaping.
- Up to 40% speed up in loading (sanitizing) complex fonts.
- 30% speed up in shaping Gulzar font.
- Over 25% speedup in glyph loading Roboto font.
- 10% speed up loading glyph shapes in VarComposite Hangul font.
- hb-hashmap optimizations & hashing improvements.
- New macro HB_ALWAYS_INLINE. HarfBuzz now inlines functions more aggressively,
which results in some speedup at the expense of bigger code size. To disable
this feature define the macro to just inline.
- New API:
+HB_CODEPOINT_INVALID
+hb_ot_layout_get_baseline2()
+hb_ot_layout_get_baseline_with_fallback2()
+hb_ot_layout_get_font_extents()
+hb_ot_layout_get_font_extents2()
+hb_subset_input_set_axis_range()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.2.11 to 3.2.12
- Update of rootfile
- Changelog
3.2.12
-rules/50-udev-default.rules: add PTP entry for Hyper-V/Azure by @dermotbradley
in #218
-Add the BUILD instructions for Gentoo by @lu-zero in #224
-Fix warnings by @bbonev in #222
-udev: add udev_dir as synonym of udevdir by @oreo639 in #225
-build: Remove dead g-i-r configuration by @akiernan in #231
-Hwdb.7 by @bbonev in #221
-Precompiled hwdb by @bbonev in #223
-Merge suitable rules changes from systemd by @bbonev in #220
-Merge hwdb from systemd by @bbonev in #219
-Fix problems detected by fortified builds by @bbonev in #232
-Avoid warning on 32bit by @bbonev in #233
-Systemd PR 24353 by @bbonev in #239
-Do not free a static string by @bbonev in #238
-man: udev.7, mention /usr/lib with split-usr by @omnivagant in #246
-Missing tools by @bbonev in #240
-Fix compile-time issue on very old kernels by @cockroach in #247
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20230404 to 20230625
- Update of rootfile carried out based on Peter Mueller's description from last
linux-firmware update.
- It would be good to have it checked that my results are in line with what they should be.
- Changelog
For changes see the commits in the git repo
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Changelog is too long to include it here, please refer to the ChangeLog
file in the sourcecode tarball.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.15.4 to 1.20.4
- Update of x86_64 rootfile
aarch64 rootfile needs to be created on a aarch64 build system
- Changelog is very large. For details see https://go.dev/doc/devel/release
50 mentions of security fixes in the changes from 1.15.4 to 1.20.4
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This patch does not include the rootfile for riscv64 because GCC FTBFS.
Bug #13156 has been opened to address this.
But since we don't officially support IPFire riscv64, yet, this should
not delay this going into next.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3.9.0 to 3.10.0
- Update of rootfile
- version 3.9.0 failed to output some of the symbols. This was found as a bug in Fedora but
also seen by some people in IPFire CU175 with flashrom where the version 3.3 symbol is
provided.
Fedora made a patch to resolve this issue for 3.9.0 but 3.10.0 has been released since
then and Fedora removed the patch that was used for 2.9.0 as pciutils has had that bug
fixed - see first item in changelog.
- Changelog
Released as 3.10.0.
Fixed bug in definition of versioned symbol aliases
in shared libpci, which made compiling with link-time
optimization fail.
Filters now accept "0x..." syntax for backward compatibility.
Windows: The cfgmgr32 back-end which provides the list of devices
can be combined with another back-end which provides access
to configuration space.
ECAM (Enhanced Configuration Access Mechanism), which is defined
by the PCIe standard, is now supported. It requires root privileges,
access to physical memory, and also manual configuration on some
systems.
lspci: Tree view now works on multi-domain systems. It now respects
filters properly.
Last but not least, pci.ids were updated to the current snapshot
of the database. This includes overall cleanup of entries with
non-ASCII characters in their names -- such characters are allowed,
but only if they convey interesting information (e.g., umlauts
in German company names, but not the "registered trade mark" sign).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Excerpt from changelog:
"6.0.13 -- 2023-06-15
Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)
Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport)
Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport)
Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport)
Bug #6113: ips: txs still logged for dropped flow (6.0.x backport)
Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #6055: ftp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport)
Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport)
Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport)
Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport)
Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport)
Task #5984: libhtp 0.5.44 (6.0.x backport)
Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport)
Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.5.2 to 1.5.3
- Update of rootfile
- Changelog
Release 1.5.3
* configure: added options to configure stylesheets.
* configure: added --enable-logind option to use logind instead of utmp
in pam_issue and pam_timestamp.
* pam_modutil_getlogin: changed to use getlogin() from libc instead of parsing
utmp.
* Added libeconf support to pam_env and pam_shells.
* Added vendor directory support to pam_access, pam_env, pam_group, pam_faillock,
pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, pam_shells, and pam_time.
* pam_limits: changed to not fail on missing config files.
* pam_pwhistory: added conf= option to specify config file location.
* pam_pwhistory: added file= option to specify password history file location.
* pam_shells: added shells.d support when libeconf and vendordir are enabled.
* Deprecated pam_lastlog: this module is no longer built by default because
it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
even on 64bit architectures.
pam_lastlog will be removed in one of the next releases, consider using
pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
* Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() macros
provided by _pam_macros.h; the memory override performed by these macros can
be optimized out by the compiler and therefore can no longer be relied upon.
* Multiple minor bug fixes, portability fixes, documentation improvements,
and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.8.1 to 3.9
- Update of rootfile
- Changelog
NEWS for the Nettle 3.9 release
This release includes bug fixes, several new features, a few
performance improvements, and one performance regression
affecting GCM on certain platforms.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.7 and libhogweed.so.6.7, with sonames
libnettle.so.8 and libhogweed.so.6.
This release includes a rewrite of the C implementation of
GHASH (dating from 2011), as well as the plain x86_64 assembly
version, to use precomputed tables in a different way, with
tables always accessed in the same sequential manner.
This should make Nettle's GHASH implementation side-channel
silent on all platforms, but considerably slower on platforms
without carry-less mul instructions. E.g., benchmarks of the C
implementation on x86_64 showed a slowdown of 3 times.
Bug fixes:
* Fix bug in ecdsa and gostdsa signature verify operation, for
the unlikely corner case that point addition really is point
duplication.
* Fix for chacha on Power7, nettle's assembly used an
instruction only available on later processors. Fixed by
Mamone Tarsha.
* GHASH implementation should now be side-channel silent on
all architectures.
* A few portability fixes for *BSD.
New features:
* Support for the SM4 block cipher, contributed by Tianjia
Zhang.
* Support for the Balloon password hash, contributed by Zoltan
Fridrich.
* Support for SIV-GCM authenticated encryption mode,
contributed by Daiki Ueno.
* Support for OCB authenticated encryption mode.
* New exported functions md5_compress, sha1_compress,
sha256_compress, sha512_compress, based on patches from
Corentin Labbe.
Optimizations:
* Improved sha256 performance, in particular for x86_64 and
s390x.
* Use GMP's mpn_sec_tabselect, which is implemented in
assembly on many platforms, and delete the similar nettle
function. Gives a modest speedup to all ecc operations.
* Faster poly1305 for x86_64 and ppc64. New ppc code
contributed by Mamone Tarsha.
Miscellaneous:
* New ASM_FLAGS variable recognized by configure.
* Delete all arcfour assembly code. Affects 32-bit x86, 32-bit
and 64-bit sparc.
Known issues:
* Version 6.2.1 of GNU GMP (the most recent GMP release as of
this writing) has a known issue for MacOS on 64-bit ARM: GMP
assembly files use the reserved x18 register. On this
platform it is recommended to use a GMP snapshot where this
bug is fixed, and upgrade to a later GMP release when one
becomes available.
* Also on MacOS, Nettle's testsuite may still break due to
DYLD_LIBRARY_PATH being discarded under some circumstances.
As a workaround, use
* make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.67 to 2.69
- Update of rootfile
- Changelog
Release notes for 2.69
2023-05-14 19:10:04 -0700
An audit was performed on libcap and friends by https://x41-dsec.de/https://x41-dsec.de/news/2023/05/15/libcap-source-code-audit/
The audit (final report, 2023-05-10)
https://drive.google.com/file/d/1lsuC_tQbQ5pCE2Sy_skw0a7hTzQyQh2C/view?usp=sharing
was sponsored by the the Open Source Technology Improvement Fund,
https://ostif.org/ (blog). Five issues were found. Four of them are
addressed in this release. Each issue was labeled in the audit results as
follows:
LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir
LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger
LCAP-CR-23-100 (SEVERITY) NONE
LCAP-CR-23-101 (SEVERITY) NONE
Man page style improvement from Emanuele Torre
Partially revive the ability to build the binaries fully statically.
This was needed to make bleeding edge kernel debugging/testing via
qemu+busybox work again. Addressing an issue I realized only when I
tried to answer this stackexchange question.
https://unix.stackexchange.com/questions/741532/launch-process-with-limited-capabilities-on-minimal-busybox-based-system
Release notes for 2.68
2023-03-25 17:03:17 -0700
Force libcap internal functions to be hidden outside the library (Bug 217014)
Expanded the list of man page (links) to all of the supported API functions.
fixed some formatting issues with the libpsx(3) manpage.
Add support for a markdown preamble and postscript when generating .md
versions of the man pages (Bug 217007)
psx package clean up
fix some copy-paste errors with TestShared()
added a more complete psx testing into this test as well
cap package clean up
drop an unnecessary use of ", _" in the sources
cleaned up cap.NamedCount documentation
Converted goapps/web/README to .md format and fixed the instructions to
indicate go mod tidy is needed.
cap_compare test binary now cleans up after itself (Bug 217018)
Figured out how to cross compile Go programs for arm (i.e. RPi) that use C
code, don't use cgo but do use the psx package (all part of investigating
bug 216610).
Eliminate use of vendor directory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 7.2.0 to 7.3.0
- Update of rootfile
- Changelog
Overview of changes leading to 7.3.0
Tuesday, May 9, 2023
- Speedup applying glyph variation in VarComposites fonts (over 40% speedup).
(Behdad Esfahbod)
- Speedup instancing some fonts (over 20% speedup in instancing RobotoFlex).
(Behdad Esfahbod)
- Speedup shaping some fonts (over 30% speedup in shaping Roboto).
(Behdad Esfahbod)
- Support subsetting VarComposites and beyond-64k fonts. (Behdad Esfahbod)
- New configuration macro HB_MINIMIZE_MEMORY_USAGE to favor optimizing memory
usage over speed. (Behdad Esfahbod)
- Supporting setting the mapping between old and new glyph indices during
subsetting. (Garret Rieger)
- Various fixes and improvements.
(Behdad Esfahbod, Denis Rochette, Garret Rieger, Han Seung Min, Qunxin Liu)
- New API:
+hb_subset_input_old_to_new_glyph_mapping()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version v4.0.0 to v4.0.3
- Update of rootfile
- Changed souce from gz to bz2
- Changelog
procps-ng-4.0.3
* library
Only changes were in copyright headers and tests
* docs: Don't install English manpages twice
* pgrep: Add -H match on userspace signal handler merge #165
* pgrep: make --terminal respect other criteria
* ps: c flag shows command name again Debian #1026326
* ps.1: Match drs description from top.1 merge #156
* skill: Match on -p again Debian #1025915
* top: E/P-core toggle ('5' key) added to help
* vmstat: Referesh memory statistics Debian #1027963
* vmstat: Fix initial si,so,bi,bo,in & cs values issue #15
Debian #668580
* vmstat: Fix conversion errors due to precision merge #75
* w: Add --pids option merge #159
* watch: Pass through beep issue #104
* watch: -r option to not re-exec on SIGWINCH merge #125
* watch: find eol with --no-linewrap merge #157
procps-ng-4.0.2
* library revision - 0:1:0
Handle absent 'core_id' in /proc/cpuinfo
* w: Show time with D_TIME_BITS=64 on 32bit env issue #256
procps-ng-4.0.1
* library
Re-add elogind support merge #151
Used memory is Total - Available
Renaming, it is now libproc2
* free: Use --kilo when only specifying --si merge #163
* pgrep: Add -A to ignore ancestors merge #160
* pidwait: Better warning if pidfd_open not implemented
* pmap: Dont reuse stdin filehandle issue #231
* ps: threads again display when -L is used with -q issue #234
* ps: proper aix format string behavior was restored
* sysctl: print dotted keys again
* top: fix 'smaps' bug preventing build under clang issue #235
* top: column highlighting allowed under 'L' or 'O'
* top: can alter autogroup nice value (like 'r' renice)
* top: can display the following with no need to scroll
* cmdline, control groups, environment,
supplimentary groups, namespaces
* top: adds a 'message log' recall capability
* top: will accept utf8 multi-byte input with support
for full line editing and previous line recall
* top: can show more than 2 abreast in summary display
* top: can distinguish P-Core and E-core cpus
* top: can filter both P-Core and E-core cpus
* watch: Add equexit no-change and exit option merge #153
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.10.2 to 2.11.2
- Update of rootfile
- Changelog
man-db 2.11.2 (8 January 2023)
Fixes:
* Fix compile and test failures when `troff` is not `groff`.
* Fix segfault in typical uses of `man` when `nroff` is not installed.
* Fix crash in `mandb` when processing stray cats.
Improvements:
* Check for stray cats even if no manual pages in a given manpath were
changed.
man-db 2.11.1 (15 November 2022)
Build:
* Transfer Git repository to https://gitlab.com/man-db/man-db.
Fixes:
* SECURITY: Replace `$` characters in page names with `?` when constructing
`less` prompts.
* Silence error message when processing an empty manual page hierarchy with
a nonexistent cache directory.
* `man(1)` now sorts whatis references below real pages, even if the whatis
references are from a section with higher priority.
Improvements:
* Add section `3type` to the default section list just after `2`. This is
used by the Linux man-pages package.
* Recognize more Hungarian translations of the `NAME` section.
man-db 2.11.0 (15 October 2022)
Fixes:
* `mandb` now correctly records filters in the database if it uses cached
whatis information.
* Upgrade Gnulib, fixing syntax error on glibc systems with GCC 11.
* The `CATWIDTH` configuration file directive now overrides `MINCATWIDTH`
and `MAXCATWIDTH`.
* Database entries for links were often incorrectly stored as if they were
entries for the ultimate source of the page. They are now stored with
the correct type.
* Store links in the database using the section and extension of the link
rather than of the ultimate source file.
* Consider pages for adding to the database even if they seem to already
exist; this performance optimization is no longer needed due to caching,
and it produced inconsistent results in some unusual cases.
* `man` now runs any required preprocessors in the same order that `groff`
does, rather than trusting the order of filters in a page's preprocessor
string.
* Fix building on MinGW. (I haven't been able to test this; help from
MinGW experts would be welcome.)
Improvements:
* Add more recognized case variants for localized versions of the `NAME`
section.
* Maintain multi keys in sorted order, improving database reproducibility.
* Pick a more consistent name for the target of a whatis entry in the
database.
* Extend rules for when to replace one database entry with another,
producing more stable behaviour.
* Fully reorganize databases after writing them, allowing the reproduction
of bitwise-identical databases regardless of scan order (at least with
GDBM).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.1.1 to 5.2.2
- Update of rootfile
- Changelog
Changes from 5.2.1 to 5.2.2
1. Infrastructure upgrades: makeinfo 7.0.1 must be used to format
the manual. As a result, the manual can also now be formatted
with LaTeX by running it through `makeinfo --latex'.
2. Gawk no longer builds an x86_64 executable on M1 macOS systems.
This means that PMA is unavailable on those systems.
3. Gawk will now diagnose if a heap file was created with a different
setting of -M/--bignum than in the current invocation and exit with
a fatal message if so.
4. Gawk no longer "leaks" its free list of NODEs in the heap file, resulting
in much more efficient usage of persistent storage.
5. PROCINFO["pma"] exists if the PMA allocator is compiled into gawk.
Its value is the PMA version.
6. The time extension is no longer deprecated. The strptime() function
from gawkextlib's timex extension has been added to it.
7. Better information is passed to input parsers for when they want to
decide whether or not to take control of a file. In particular, the
readdir extension is simplified for Windows because of this.
8. The various PNG files are now installed for Info and HTML. The
images files now have gawk_ prefixed names to avoid any conflicts
with other installed PNG file names.
9. As usual, there have been several minor code cleanups and bug fixes.
See the ChangeLog for details.
Changes from 5.2.0 to 5.2.1
1. Infrastructure upgrades: PMA version Avon 8.
2. Issues related to the sign of NaN and Inf values on RiscV have
been fixed; gawk now gives identical results on that platform as
it does on others.
3. A few issues with the debugger have been fixed.
4. More subtle issues with untyped array elements being passed to
functions have been fixed.
5. The rwarray extension's readall() function has had some bugs fixed.
6. The PMA allocator is now supported on FreeBSD, OpenBSD and Linux on S/390x.
It is now supported also on both Intel and M1 macOS systems.
7. There have been several minor code cleanups and bug fixes. See the
ChangeLog for details.
Changes from 5.1.x to 5.2.0
*****************************************************************************
* MPFR mode (the -M option) is now ON PAROLE. This feature is now being *
* supported by a volunteer in the development team and not by the primary *
* maintainer. If this situation changes, then the feature will be removed. *
* For more information see this section in the manual: *
* https://www.gnu.org/software/gawk/manual/html_node/MPFR-On-Parole.html *
*****************************************************************************
1. Infrastructure upgrades: Libtool 2.4.7, Bison 3.8.2.
2. Numeric scalars now compare in the same way as C for the relational
operators. Comparison order for sorting has not changed. This only
makes a difference when comparing Infinity and NaN values with
regular numbers; it should not be noticeable most of the time.
3. If the AWK_HASH environment variable is set to "fnv1a" gawk will
use the FNV1-A hash function for associative arrays.
4. The CMake infrastructure has been removed. In the five years it was in
the tree, nobody used it, and it was not updated.
5. There is now a new function, mkbool(), that creates Boolean-typed
values. These values *are* numbers, but they are also tagged as
Boolean. This is mainly for use with data exchange to/from languages
or environments that support real Boolean values. See the manual
for details.
6. As BWK awk has supported interval expressions since 2019, they are
now enabled even if --traditional is supplied. The -r/--re-interval option
remains, but it does nothing.
7. The rwarray extension has two new functions, writeall() and readall(),
for saving / restoring all of gawk's variables and arrays.
8. The new `gawkbug' script should be used for reporting bugs.
9. The manual page (doc/gawk.1) has been considerably reduced in size.
Wherever possible, details were replaced with references to the online
copy of the manual.
10. Gawk now supports Terence Kelly's "persistent malloc" (pma),
allowing gawk to preserve its variables, arrays and user-defined
functions between runs. THIS IS AN EXPERIMENTAL FEATURE!
For more information, see the manual. A new pm-gawk.1 man page
is included, as is a separate user manual that focuses on the feature.
11. Support for OS/2 has been removed. It was not being actively
maintained.
12. Similarly, support for DJGPP has been removed. It also was not
being actively maintained.
13. VAX/VMS is no longer supported, as it can no longer be tested.
The files for it remain in the distribution but will be removed
eventually.
14. Some subtle issues with untyped array elements being passed to
functions have been fixed.
15. Syntax errors are now immediately fatal. This prevents problems
with errors from fuzzers and other such things.
16. There have been numerous minor code cleanups and bug fixes. See the
ChangeLog for details.
Changes from 5.1.1 to 5.1.x
1. Infrastructure upgrades: Automake 1.16.5, Texinfo 6.8.
2. The rwarray extension now supports writing and reading GMP and
MPFR values. As a result, a bug in the API code was fixed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- OpenSSL-3.x gives an error when trying to open insecure .p12 files to extract the cert
and key for the insecure package download option.
- To make this work the -legacy option is needed in the openssl command, which requires
the legacy.so library to be available.
- Successfully tested on a vm system.
- Patch set built on Master (CU175 Testing)
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png
- The license for this image is the following:-
This library is free software; you can redistribute it and/or modify it under the terms
of the GNU Lesser General Public License as published by the Free Software Foundation;
either version 2.1 of the License, or (at your option) any later version. This library
is distributed in the hope that it will be useful, but without any warranty; without
even the implied warranty of merchantability or fitness for a particular purpose. See
version 2.1 and version 3 of the GNU Lesser General Public License for more details.
- Based on the above license I believe it can be used by IPFire covered by the GNU General
Public License that is used for it.
- The icon image was made by taking the existing openvpn.png file and superimposing the
padlock icon on top of it at a 12x12 pixel format and naming it openvpn_encrypted.png
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Moved rootfile from common to packages and commented out all entries.
- Updated lfs file from addon to core package that is only used for build
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
