- Update from version 3.6.0 to 3.6.3
- There is no rootfile for this package
- Changelog
3.6.3
Build
remove stale Insight package from custom builds (81d5bd17)
Updating the 3.x-stable version to 3.6.3-pre. (2c5b47c4)
Selector
Update Sizzle from 2.3.8 to 2.3.9 (#5177, 8989500e)
3.6.2
CSS
Return undefined for whitespace-only CSS variable values (#5120) (8bea1dec)
Don’t trim whitespace of undefined custom property (#5105, c0db6d70)
Selector
Manipulation: Fix DOM manip within template contents (#5147, 5318e311)
Update Sizzle from 2.3.7 to 2.3.8 (#5147, a1b7ae3b)
Update Sizzle from 2.3.6 to 2.3.7 (#5098, ee0fec05)
Tests
Remove a workaround for a Firefox XML parsing issue (965391ab)
Make Ajax tests pass in iOS 9 (d051e0e3)
3.6.1
CSS
Skip falsy values in `addClass( array )`, compress code (#4998, 9b34bdb1)
Justify use of rtrim on CSS property values (a1373e2e)
Remove a redundant extension from rtrimCSS inclusion in curCSS (509eeb89)
Trim whitespace surrounding CSS Custom Properties values (#4926, 219ccf5c)
Deprecated
Improve $.trim performance for strings with lots of whitespace (69940100)
Docs
Update webpack website in README (410d5cf0)
add link to preview the new CLAs (b24e83bd)
Replace `#NUMBER` Trac issue references with `trac-NUMBER` (95e34b69)
remove expired links from old jquery source (c3c4d207)
Remove links to Web Archive from source (#4981, 4b0d8900)
Update the URL to the latest jQuery build in CONTRIBUTING.md (4bb7d069)
Remove the CLA checkbox in the pull request template (93406490)
Event
Don’t break focus triggering after `.on(focus).off(focus)` (#4867, b3e4a7eb)
Manipulation
Don’t remove HTML comments from scripts (#4904, 924b515d)
Tests
Exclude tests based on compilation flags, not API presence (3.x version) (#5069, bc165128)
Workaround an XML parsing bug in Firefox (be3bd560)
lock colors version to 1.4.0 (fa70e8fd)
Skip ETag AJAX tests on TestSwarm (81fa1e2a)
Allow statusText to be “success” in AJAX tests (7439e221)
Disable CSS Custom Properties tests in old Safari/iOS (e9f77267)
Make Karma browser timeout larger than the QUnit one (a51eec74)
Don’t remove csp.log in the cspClean action of mock.php (ba81326f)
Load the TestSwarm listener via HTTPS (f6f07204)
Switch background image from online file to local 1×1.jpg (8d20cb97)
Strip untypical callback parameter characters from mock.php (b14b62c8)
Infrastructure
Update GitHub Actions (0f6c3d9e)
Add dependabot.yml config (GitHub Actions) (5a363017)
Test on Node 17, update Grunt & `karma-*` packages (9bc0df70)
Separate the install step from running tests in GitHub Actions (cb35067f)
remove travis.yml and travis mentions from core (#4984) (55669883)
Migrate CI to GitHub Actions (b39cfa15)
Test on Node.js 16 instead of 15 (f12cac60)
Take core-js from the external directory as well (752b8981)
Updating the 3.x-stable version to 3.6.1-pre. (3642471e)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 7.86.0 to 7.87.0
- Update of rootfile
- version 7.87.0 changed hoiw it deals with deprecated typecheck expressions. This caused
zabbix_agentd build to fail. Curl developers created a commit to fix this in next
version release. Added as patch here. Should be able to be removed with next curl
update.
- Changelog
curl and libcurl 7.87.0
This release includes the following changes:
o curl: add --url-query [52]
o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75]
o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47]
o openssl: reduce CA certificate bundle reparsing by caching [11]
o version: add a feature names array to curl_version_info_data [67]
This release includes the following bugfixes:
o altsvc: fix rejection of negative port numbers [144]
o aws_sigv4: consult x-%s-content-sha256 for payload hash [102]
o aws_sigv4: fix typos in aws_sigv4.c [101]
o base64: better alloc size [124]
o base64: encode without using snprintf [123]
o base64: faster base64 decoding [120]
o build: assume assert.h is always available [111]
o build: assume errno.h is always available [110]
o c-hyper: CONNECT respones are not server responses [137]
o c-hyper: fix multi-request mechanism [115]
o CI: Change FreeBSD image from 12.3 to 12.4 [108]
o CI: LGTM.com will be shut down in December 2022 [112]
o ci: Remove zuul fuzzing job as it's superseded by CIFuzz
o cmake: check for cross-compile, not for toolchain [54]
o CMake: fix build with `CURL_USE_GSSAPI` [78]
o cmake: really enable warnings with clang [25]
o cmake: set the soname on the shared library [140]
o cmdline-opts/gen.pl: fix the linkifier [64]
o cmdline-opts/page-footer: remove long option nroff formatting
o config-mac: define HAVE_SYS_IOCTL_H [107]
o config-mac: fix typo: size_T -> size_t [125]
o config-mac: remove HAVE_SYS_SELECT_H [116]
o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41]
o configure: require fork for NTLM-WB [36]
o contributors.sh: actually use $CURLWWW instead of just setting it [129]
o cookie: compare cookie prefixes case insensitively [14]
o cookie: expire cookies at once when max-age is negative [45]
o cookie: open cookie jar as a binary file [89]
o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90]
o curl-rustls.m4: on macOS, rustls also needs the Security framework [44]
o curl.h: include <sys/select.h> on SerenityOS [104]
o curl.h: name all public function parameters [118]
o curl.h: reword comment to not use deprecated option [132]
o curl: override the numeric locale and set "C" by force [60]
o curl: timeout in the read callback [15]
o curl_endian: remove Curl_write64_le from header [81]
o curl_get_line: allow last line without newline char [88]
o curl_path: do not add '/' if homedir ends with one [4]
o curl_url_get.3: remove spurious backtick [127]
o curl_url_set.3: document CURLU_DISALLOW_USER [139]
o curl_url_set.3: fix typo [148]
o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1]
o CURLOPT_COOKIEFILE.3: advice => advise [131]
o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31]
o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130]
o CURLOPT_POST.3: Explain setting to 0 changes request type [61]
o docs/curl_ws_send: Fixed typo in websocket docs [114]
o docs/EARLY-RELEASE.md: how to determine an early release [37]
o docs/examples: spell correction ('Retrieve') [119]
o docs/INSTALL.md: expand on static builds [62]
o docs/WEBSOCKET.md: explain the URL use [71]
o docs: add missing parameters for --retry flag [2]
o docs: add more "SEE ALSO" links to CA related pages [82]
o docs: explain the noproxy CIDR notation support [17]
o docs: extend the dump-header documentation [150]
o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13]
o examples/10-at-a-time: fix possible skipped final transfers [85]
o examples: update descriptions [83]
o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96]
o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10]
o GHA: clarify workflows permissions, set least possible privilege [79]
o GHA: NSS use clang instead of clang-9 [103]
o gnutls: use common gnutls init and verify code for ngtcp2 [98]
o headers: add endif comments [51]
o HTTP-COOKIES.md: mention that http://localhost is a secure context [76]
o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70]
o http: do not send PROXY more than once [46]
o http: fix the ::1 comparison for IPv6 localhost for cookies [155]
o http: set 'this_is_a_follow' in the Location: logic [40]
o http: use the IDN decoded name in HSTS checks [154]
o hyper: classify headers as CONNECT and 1XX [56]
o hyper: fix handling of hyper_task's when reusing the same address [33]
o idn: remove Curl_win32_ascii_to_idn [153]
o INSTALL: update operating systems and CPU archs [91]
o KNOWN_BUGS: remove eight entries [50]
o lib1560: add some basic IDN host name tests [151]
o lib: connection filters (cfilter) addition to curl: [43]
o lib: feature deprecation warnings in gcc >= 4.3 [58]
o lib: fix some type mismatches and remove unneeded typecasts [12]
o lib: parse numbers with fixed known base 10 [77]
o lib: remove bad set.opt_no_body assignments [42]
o lib: rewind BEFORE request instead of AFTER previous [65]
o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6]
o lib: use size_t or int etc instead of longs [145]
o libcurl-errors.3: remove duplicate word [3]
o libssh2: return error when ssh_hostkeyfunc returns error [121]
o limit-rate.d: see also --rate
o log2changes.pl: wrap long lines at 80 columns [59]
o Makefile.mk: address minor issues [87]
o Makefile.mk: improve a GNU Make hack [122]
o Makefile.mk: portable Makefile.m32 [86]
o maketgz: set the right version in lib/libcurl.plist [53]
o mime: relax easy/mime structures binding [94]
o misc: Fix incorrect spelling [113]
o misc: remove duplicated include files [28]
o misc: typo and grammar fixes [23]
o negtelnetserver.py: have it call its close() method [68]
o netrc.d: provide mutext info [63]
o netware: remove leftover traces [80]
o noproxy: also match with adjacent comma [19]
o noproxy: guard against empty hostnames in noproxy check [136]
o noproxy: tailmatch like in 7.85.0 and earlier [35]
o nroff-scan.pl: detect double highlights
o ntlm: improve comment for encrypt_des [55]
o ntlm: silence ubsan warning about copying from null target_info pointer [69]
o openssl/mbedtls: use %d for outputing port with failf (int) [72]
o openssl: prefix errors with '[lib]/[version]: ' [105]
o os400: use platform socklen_t in Curl_getnameinfo_a [18]
o page-header: grammar improvement (display transfer rate) [126]
o proxy: refactor haproxy protocol handling as connection filter [57]
o README.md: remove badges and xmas-tree garnish [9]
o rtsp: fix RTSP auth [49]
o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100]
o runtests: do CRLF replacements per section only [97]
o scripts/checksrc.pl: detect duplicated include files [29]
o sendf: change Curl_read_plain to wrap Curl_recv_plain [48]
o sendf: remove unnecessary if condition [26]
o setup: do not require __MRC__ defined for Mac OS 9 builds [117]
o smb/telnet: do not free the protocol struct in *_done() [152]
o socks: fix username max size is 255 (0xFF) [146]
o spellcheck.words: remove 'github' as an accepted word [22]
o ssl-reqd.d: clarify that this is for upgrading connections only [138]
o strcase: use curl_str(n)equal for case insensitive matches [8]
o styled-output.d: this option does not work on Windows [93]
o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133]
o system.h: support 64-bit curl_off_t for NonStop 32-bit [21]
o test1421: fix typo [109]
o test3026: reduce runtime in legacy mingw builds [73]
o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
o tests: add authorityInfoAccess to generated certs [99]
o tests: add HTTP/3 test case, custom location for proper nghttpx [106]
o tls: backends use connection filters for IO, enabling HTTPS-proxy [92]
o tool: determine the correct fopen option for -D [95]
o tool_cfgable: free the ssl_ec_curves on exit [142]
o tool_cfgable: make socks5_gssapi_nec a boolean [128]
o tool_formparse: avoid clobbering on function params [135]
o tool_getparam: make --no-get work as the opposite of --get [39]
o tool_operate: provide better errmsg for -G with bad URL [16]
o tool_operate: when aborting, make sure there is a non-NULL error buffer [20]
o tool_paramhlp: free the proto strings on exit [141]
o url: move back the IDN conversion of proxy names [74]
o urlapi: reject more bad letters from the host name: &+() [143]
o urldata: change port num storage to int and unsigned short [66]
o vms: remove SIZEOF_SHORT [134]
o vtls: fix build without proxy support [38]
o vtls: localization of state data in filters [84]
o WEBSOCKET.md: fix broken link [30]
o Websocket: fixes for partial frames and buffer updates [7]
o websockets: fix handling of partial frames [32]
o windows: fail early with a missing windres in autotools [5]
o windows: fix linking .rc to shared curl with autotools [24]
o winidn: drop WANT_IDN_PROTOTYPES [27]
o ws: if no connection is around, return error [149]
o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34]
o x509asn1: avoid freeing unallocated pointers [147]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 4.4.1 to 6.0.0
- Update of rootfile
- Changelog
Overview of changes leading to 6.0.0
- A new API have been added to pre-process the face and speed up future
subsetting operations on that face. Provides up to a 95% reduction in
subsetting times when the same face is subset more than once.
For more details and benchmarks, see:
https://github.com/harfbuzz/harfbuzz/blob/main/docs/subset-preprocessing.md
- Shaping have been speedup by skipping entire lookups when the buffer contents
don't intersect with the lookup. Shows up to a 10% speedup in shaping some
fonts. (Behdad Esfahbod)
- A new experimental feature, “Variable Composites” (enabled by passing
-Dexperimental_api=true to meson), is also featured in this release.
This technology enables drastic compression of fonts in the Chinese,
Japanese, Korean, and other writing systems, by reusing the OpenType Font
Variations technology for encoding “smart components” into the font.
The specification for these extensions to the font format can be found in:
https://github.com/harfbuzz/boring-expansion-spec/blob/glyf1/glyf1.md
A test variable-font with ~7160 Hangul syllables derived from the
NotoSerifKR-VF font has been built, with existing OpenType technology, as
well as with the new Variable Composites (VarComposites) technology. The
VarComposites font is over 90% smaller than the OpenType version of the font!
Both fonts can be obtained from the “smarties” repository:
https://github.com/behdad/smarties/tree/3.0/fonts/hangul/serif
When building HarfBuzz with experimental features enabled, you can test
the “smarties” font with a sample character like this:
$ hb-view butchered-hangul-serif-smarties-variable.ttf -u AE01 --variations=wght=700
- The HarfBuzz subsetter can now drop axes by pinning them to specific values
(also referred to as instancing). There are a couple of restrictions
currently:
- Only works with TrueType (“glyf”) based fonts. “CFF2” fonts are not yet
supported.
- Only supports the case where all axes in a font are pinned.
- Miscellaneous fixes and improvements.
- New API
+hb_subset_input_pin_axis_location()
+hb_subset_input_pin_axis_to_default()
+hb_subset_preprocess()
Overview of changes leading to 5.3.1
- Subsetter repacker fixes. (Garret Rieger)
- Adjust Grapheme clusters for Katakana voiced sound marks. (Behdad Esfahbod)
- New “hb-subset” option “--preprocess-face”. (Garret Rieger)
Overview of changes leading to 5.3.0
- Don’t add glyphs from dropped MATH or COLR tables to the subset glyphs.
(Khaled Hosny)
- Map “rlig” to appropriate AAT feature selectors. (Jonathan Kew)
- Update USE data files to latest version. (David Corbett)
- Check “CBDT” extents first before outline tables, to help with fonts that
also include an empty “glyf” table. (Khaled Hosny)
- More work towards variable font instancing in the subsetter. (Qunxin Liu)
- Subsetter repacker improvements. (Garret Rieger)
- New API:
+hb_ot_layout_lookup_get_optical_bound()
+hb_face_builder_sort_tables()
Overview of changes leading to 5.2.0
- Fix regressions in hb-ft font functions for FT_Face’s with transformation
matrix. (Behdad Esfahbod)
- The experimental hb-repacker API now supports splitting several GPOS subtable
types when needed. (Garret Rieger)
- The HarfBuzz extensions to OpenType font format are now opt-in behind
build-time flags. (Behdad Esfahbod)
- The experimental hb-subset variable fonts instantiation API can now
instantiate more font tables and arbitrary axis locations. (Qunxin Liu)
- Unicode 15 support. (David Corbett)
- Various documentation improvements. (Behdad Esfahbod, Matthias Clasen)
- The hb-view command line tool now detects WezTerm inline images support.
(Wez Furlong)
- Fix FreeType and ICU dependency lookup with meson. (Xavier Claessens)
- New API:
+HB_SCRIPT_KAWI
+HB_SCRIPT_NAG_MUNDARI
Overview of changes leading to 5.1.0
- More extensive buffer tracing messages. (Behdad Esfahbod)
- Fix hb-ft regression in bitmap fonts rendering. (Behdad Esfahbod)
- Support extension promotion of lookups in hb-subset-repacker. (Garret Rieger)
- A new HB_GLYPH_FLAG_SAFE_TO_INSERT_TATWEEL for scripts that use elongation
(e.g. Arabic) to signify where it is safe to insert tatweel glyph without
interrupting shaping. (Behdad Esfahbod)
- Add “--safe-to-insert-tatweel” to “hb-shape” tool. (Behdad Esfahbod)
- New API
+HB_GLYPH_FLAG_SAFE_TO_INSERT_TATWEEL
+HB_BUFFER_FLAG_PRODUCE_SAFE_TO_INSERT_TATWEEL
Overview of changes leading to 5.0.1
- Fix version 2 “avar” table with hb-ft. (Behdad Esfahbod)
Overview of changes leading to 5.0.0
- Support fonts with more than 65535 glyphs in “GDEF”, “GSUB”, and “GPOS”
tables. This is part of https://github.com/be-fonts/boring-expansion-spec to
extend OpenType in a backward-compatible way.
(Behdad Esfahbod, Garret Rieger)
- Complete support for more than 65535 glyphs in “glyf” table that started in
4.0.0 release. Part of boring-expansion-spec. (Behdad Esfahbod)
- Support version 2 of “avar” table. Part of boring-expansion-spec.
(Behdad Esfahbod)
- Fix mark attachment on multiple substitutions in some cases.
(Behdad Esfahbod)
- Fix application of “calt”, “rclt”, and “ccmp” features to better match
Uniscribe behaviour with some Arabic fonts. (Behdad Esfahbod)
- Improvement to interaction between multiple cursive attachments.
(Behdad Esfahbod)
- Improve multiple mark interactions in Hebrew. (Behdad Esfahbod)
- Implement language-specific forms in AAT shaping. (Behdad Esfahbod)
- Fix variation of “VORG” table. (Behdad Esfahbod)
- Support for specific script tags to be retained in the subsetter, and add
“--layout-scripts” option to “hb-subset” tool. (Garret Rieger)
- Accept space as delimiter for --features/--variations in command line tools.
- Improve subsetting of “COLR” table. (Qunxin Liu)
- Improved fuzzing coverage for ot-math API. (Frédéric Wang)
- Fix “kern” table version 2 (AAT) sanitization on 32-bit systems.
(Behdad Esfahbod)
- Allow negative glyph advances from “graphite2” shaper. (Stephan Bergmann)
- Implement loading (color) bitmap fonts with hb-ft. (Behdad Esfahbod)
- Fix regression in hb-ft when changing font size. (Behdad Esfahbod)
- Fix build on GCC < 7. (Kleis Auke Wolthuizen)
- Dynamically load dwrite.dll on windows if “directwrite” shaper is enabled.
(Luca Bacci)
- Provide a single-file harfbuzz-subset.cc file for easier alternate building
of hb-subset library, similar to harfbuzz.cc. (Khaled Hosny)
- New API
+HB_SUBSET_SETS_LAYOUT_SCRIPT_TAG
+hb_language_matches()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.64 to 2.66
- Update of rootfile
- Changelog
Release notes for 2.66
Fix documentation typos in cap_from_text.3 (Bug: 216514 reported by Paulo
Andrade.)
Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk.
Slightly more robust Makefiles to address an error with make -j48 test
observed by Tomasz Kłoczko.
Include a simple Go program, captrace, to trace kernel capability validation
checks
This program can be used to figure out what capabilities a program needs
to operate.
captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel
for capability checks and whether or not they succeed for the system, a
specific PID or a program's direct execution.
Trim down the default file capabilities for contrib/sucap/su to those
actually needed and set USER and HOME environment variables so bash doesn't
complain about a sourcing error.
Release notes for 2.65
Fix syntax error in DEBUG build of protected code in setcap.c. (Bug reported
by yixiangzhike.)
Prevent bash from reading the wrong startup files when the capsh --user=xxx
argument is used to invoke a shell as the user xxx. This is done by capsh
now changing the USER and HOME environment variables when --user is
specified. The argument --noenv can be used to suppress this behavior to
what used to be the problematic default. (Bug: 215926)
Improved documentation:
Man page info for cap_get_pid() and cap_reset_ambient(). (Bug reports
from nomonemo and Tinkerer One.)
Improve documentation and help for the captree program.
Updated go/Makefile comment about an unfixed Go runtime bug in go1.16 and
go1.17 (resolved in go1.18+), and the deadlock behavior of the psx-fd test.
Refresh the signatures on the two GPG keys morgan@ uses. The 4096 bit one is
preferred, but the older one is also used for continuity reasons. This set
of signatures should also be available from the various key servers out there.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 0.3.5 to 0.4.0
- Update of rootfile not required
- Update of patch in line with libcdada version
- Changelog
v0.4.0 (12th March 2022)
Add `cdada_map_insert_replace()`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.44 to 1.46
- Update of rootfile
- Changelog
Noteworthy changes in version 1.46 (2022-10-07) [C33/A33/R1]
* Support for bidirectional pipes under Windows. [T6112]
* REG_DWORD types are now support in the Windows Registry.
[rE745d333cf7]
* Added ES_SYSHD_SOCK support for gpgrt_sysopen under Windows.
[rE018ea46a30]
* Fixed gpgrt_log_get_fd for the file case. [T5922]
* Avoids header problem with C11 and "noreturn". [T4002]
* The gpg-error-config command is not installed by default, because
it is now replaced by use of pkg-config/gpgrt-config with
gpg-error.pc. Supply --enable-install-gpg-error-config configure
option, if it's really needed.
* Fixed support of posix-lock for FreeBSD. [rE6e17e70bb7]
* Build fixes for some Mingw tool chain versions. [T5890, T4656]
* Removed remaining support for WindowsCE. [T5912]
* Updated config.guess, config.sub, and config.rpath. [T6078]
* gpg-error-config is now only installed when enabled. [T5683]
* System paths are now stripped from --cflags --and --libs. [T6136]
Release-info: https://dev.gnupg.org/T5923
Noteworthy changes in version 1.45 (2022-04-07) [C33/A33/R0]
* Support the "sysopen" mode parameter for gpgrt_fopen so that file
names longer than MAX_PATH can be supported under Windows.
* gpgrt_access and gpgrt_mkdir now support file names longer than
MAX_PATH.
* gpgrt_fopen now maps "/dev/null" to "nul" on Windows.
* Published some internal helper functions for Windows.
* Interface changes relative to the 1.42 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgrt_free_wchar NEW.
gpgrt_fname_to_wchar NEW.
gpgrt_utf8_to_wchar NEW.
gpgrt_wchar_to_utf8 NEW.
Release-info: https://dev.gnupg.org/T5802
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 5.2.8 to 5.4.0
- Update of rootfile
- Changelog
5.4.0 (2022-12-13)
This bumps the minor version of liblzma because new features were
added. The API and ABI are still backward compatible with liblzma
5.2.x and 5.0.x.
Since 5.3.5beta:
* All fixes from 5.2.10.
* The ARM64 filter is now stable. The xz option is now --arm64.
Decompression requires XZ Utils 5.4.0. In the future the ARM64
filter will be supported by XZ for Java, XZ Embedded (including
the version in Linux), LZMA SDK, and 7-Zip.
* Translations:
- Updated Catalan, Croatian, German, Romanian, and Turkish
translations.
- Updated German man page translations.
- Added Romanian man page translations.
Summary of new features added in the 5.3.x development releases:
* liblzma:
- Added threaded .xz decompressor lzma_stream_decoder_mt().
It can use multiple threads with .xz files that have multiple
Blocks with size information in Block Headers. The threaded
encoder in xz has always created such files.
Single-threaded encoder cannot store the size information in
Block Headers even if one used LZMA_FULL_FLUSH to create
multiple Blocks, so this threaded decoder cannot use multiple
threads with such files.
If there are multiple Streams (concatenated .xz files), one
Stream will be decompressed completely before starting the
next Stream.
- A new decoder flag LZMA_FAIL_FAST was added. It makes the
threaded decompressor report errors soon instead of first
flushing all pending data before the error location.
- New Filter IDs:
* LZMA_FILTER_ARM64 is for ARM64 binaries.
* LZMA_FILTER_LZMA1EXT is for raw LZMA1 streams that don't
necessarily use the end marker.
- Added lzma_str_to_filters(), lzma_str_from_filters(), and
lzma_str_list_filters() to convert a preset or a filter chain
string to a lzma_filter[] and vice versa. These should make
it easier to write applications that allow users to specify
custom compression options.
- Added lzma_filters_free() which can be convenient for freeing
the filter options in a filter chain (an array of lzma_filter
structures).
- lzma_file_info_decoder() to makes it a little easier to get
the Index field from .xz files. This helps in getting the
uncompressed file size but an easy-to-use random access
API is still missing which has existed in XZ for Java for
a long time.
- Added lzma_microlzma_encoder() and lzma_microlzma_decoder().
It is used by erofs-utils and may be used by others too.
The MicroLZMA format is a raw LZMA stream (without end marker)
whose first byte (always 0x00) has been replaced with
bitwise-negation of the LZMA properties (lc/lp/pb). It was
created for use in EROFS but may be used in other contexts
as well where it is important to avoid wasting bytes for
stream headers or footers. The format is also supported by
XZ Embedded (the XZ Embedded version in Linux got MicroLZMA
support in Linux 5.16).
The MicroLZMA encoder API in liblzma can compress into a
fixed-sized output buffer so that as much data is compressed
as can be fit into the buffer while still creating a valid
MicroLZMA stream. This is needed for EROFS.
- Added lzma_lzip_decoder() to decompress the .lz (lzip) file
format version 0 and the original unextended version 1 files.
Also lzma_auto_decoder() supports .lz files.
- lzma_filters_update() can now be used with the multi-threaded
encoder (lzma_stream_encoder_mt()) to change the filter chain
after LZMA_FULL_BARRIER or LZMA_FULL_FLUSH.
- In lzma_options_lzma, allow nice_len = 2 and 3 with the match
finders that require at least 3 or 4. Now it is internally
rounded up if needed.
- CLMUL-based CRC64 on x86-64 and E2K with runtime processor
detection. On 32-bit x86 it currently isn't available unless
--disable-assembler is used which can make the non-CLMUL
CRC64 slower; this might be fixed in the future.
- Building with --disable-threads --enable-small
is now thread-safe if the compiler supports
__attribute__((__constructor__)).
* xz:
- Using -T0 (--threads=0) will now use multi-threaded encoder
even on a single-core system. This is to ensure that output
from the same xz binary is identical on both single-core and
multi-core systems.
- --threads=+1 or -T+1 is now a way to put xz into
multi-threaded mode while using only one worker thread.
The + is ignored if the number is not 1.
- A default soft memory usage limit is now used for compression
when -T0 is used and no explicit limit has been specified.
This soft limit is used to restrict the number of threads
but if the limit is exceeded with even one thread then xz
will continue with one thread using the multi-threaded
encoder and this limit is ignored. If the number of threads
is specified manually then no default limit will be used;
this affects only -T0.
This change helps on systems that have very many cores and
using all of them for xz makes no sense. Previously xz -T0
could run out of memory on such systems because it attempted
to reserve memory for too many threads.
This also helps with 32-bit builds which don't have a large
amount of address space that would be required for many
threads. The default soft limit for -T0 is at most 1400 MiB
on all 32-bit platforms.
- Previously a low value in --memlimit-compress wouldn't cause
xz to switch from multi-threaded mode to single-threaded mode
if the limit cannot otherwise be met; xz failed instead. Now
xz can switch to single-threaded mode and then, if needed,
scale down the LZMA2 dictionary size too just like it already
did when it was started in single-threaded mode.
- The option --no-adjust no longer prevents xz from scaling down
the number of threads as that doesn't affect the compressed
output (only performance). Now --no-adjust only prevents
adjustments that affect compressed output, that is, with
--no-adjust xz won't switch from multi-threaded mode to
single-threaded mode and won't scale down the LZMA2
dictionary size.
- Added a new option --memlimit-mt-decompress=LIMIT. This is
used to limit the number of decompressor threads (possibly
falling back to single-threaded mode) but it will never make
xz refuse to decompress a file. This has a system-specific
default value because without any limit xz could end up
allocating memory for the whole compressed input file, the
whole uncompressed output file, multiple thread-specific
decompressor instances and so on. Basically xz could
attempt to use an insane amount of memory even with fairly
common files. The system-specific default value is currently
the same as the one used for compression with -T0.
The new option works together with the existing option
--memlimit-decompress=LIMIT. The old option sets a hard limit
that must not be exceeded (xz will refuse to decompress)
while the new option only restricts the number of threads.
If the limit set with --memlimit-mt-decompress is greater
than the limit set with --memlimit-compress, then the latter
value is used also for --memlimit-mt-decompress.
- Added new information to the output of xz --info-memory and
new fields to the output of xz --robot --info-memory.
- In --lzma2=nice=NUMBER allow 2 and 3 with all match finders
now that liblzma handles it.
- Don't mention endianness for ARM and ARM-Thumb filters in
--long-help. The filters only work for little endian
instruction encoding but modern ARM processors using
big endian data access still use little endian
instruction encoding. So the help text was misleading.
In contrast, the PowerPC filter is only for big endian
32/64-bit PowerPC code. Little endian PowerPC would need
a separate filter.
- Added decompression support for the .lz (lzip) file format
version 0 and the original unextended version 1. It is
autodetected by default. See also the option --format on
the xz man page.
- Sandboxing enabled by default:
* Capsicum (FreeBSD)
* pledge(2) (OpenBSD)
* Scripts now support the .lz format using xz.
* A few new tests were added.
* The liblzma-specific tests are now supported in CMake-based
builds too ("make test").
5.2.10 (2022-12-13)
* xz: Don't modify argv[] when parsing the --memlimit* and
--block-list command line options. This fixes confusing
arguments in process listing (like "ps auxf").
* GNU/Linux only: Use __has_attribute(__symver__) to detect if
that attribute is supported. This fixes build on Mandriva where
Clang is patched to define __GNUC__ to 11 by default (instead
of 4 as used by Clang upstream).
5.2.9 (2022-11-30)
* liblzma:
- Fixed an infinite loop in LZMA encoder initialization
if dict_size >= 2 GiB. (The encoder only supports up
to 1536 MiB.)
- Fixed two cases of invalid free() that can happen if
a tiny allocation fails in encoder re-initialization
or in lzma_filters_update(). These bugs had some
similarities with the bug fixed in 5.2.7.
- Fixed lzma_block_encoder() not allowing the use of
LZMA_SYNC_FLUSH with lzma_code() even though it was
documented to be supported. The sync-flush code in
the Block encoder was already used internally via
lzma_stream_encoder(), so this was just a missing flag
in the lzma_block_encoder() API function.
- GNU/Linux only: Don't put symbol versions into static
liblzma as it breaks things in some cases (and even if
it didn't break anything, symbol versions in static
libraries are useless anyway). The downside of the fix
is that if the configure options --with-pic or --without-pic
are used then it's not possible to build both shared and
static liblzma at the same time on GNU/Linux anymore;
with those options --disable-static or --disable-shared
must be used too.
* New email address for bug reports is <xz@tukaani.org> which
forwards messages to Lasse Collin and Jia Tan.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 7.0 to 7.1
- Update of rootfile not required
- Changelog
2022.12.14 - GNU nano 7.1 "And the devices shall be made of wood"
• When --autoindent and --breaklonglines are combined, pressing
<Enter> at a specific position no longer eats characters.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.2.1 to 1.3.1
- Update of rootfile
- Changelog
Changes in version 1.3.1, released in December 2022:
- Bug fix: It is again possible to include mpc.h without including
stdio.h.
Changes in version 1.3.0 ("Ipomoea batatas"), released in December 2022:
- New function: mpc_agm
- New rounding modes "away from zero", indicated by the letter "A" and
corresponding to MPFR_RNDA on the designated real or imaginary part.
- New experimental ball arithmetic.
- New experimental function: mpc_eta_fund
- Bug fixes:
- mpc_asin for asin(z) with small |Re(z)| and tiny |Im(z)|
- mpc_pow_fr: sign of zero part of result when the base has up to sign
the same real and imaginary part, and the exponent is an even
positive integer
- mpc_fma: the returned 'int' value was incorrect in some cases (indicating
whether the rounded real/imaginary parts were smaller/equal/greater
than the exact values), but the computed complex value was correct.
- Remove the unmaintained Makefile.vc; build files for Visual Studio
can be found at https://github.com/BrianGladman/mpc .
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://github.com/logrotate/logrotate/releases/tag/3.21.0
"add ignoreduplicates directive to allow duplicate file matches (#473)
add --wait-for-state-lock option to wait for lock on the state file (#457)
avoid failure when an anonymous non-privileged user runs logrotate (#463)
support home dir expansion in olddir (#454)
reduce unnecessary rename operations with start N where N > 1 (#450)
unify handling of log levels (#239#449)
do not print error: when exit code is unaffected (#448)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
See:
https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.41
and
https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.42
Excerpts from changelogs:
"Version 10.41 06-December-2022
------------------------------
1. Add fflush() before and after a fork callout in pcre2grep to get its output
to be the same on all systems. (There were previously ordering differences in
Alpine Linux).
2. Merged patch from @carenas (GitHub #110) for pthreads support in CMake.
3. SSF scorecards grumbled about possible overflow in an expression in
pcre2test. It never would have overflowed in practice, but some casts have been
added and at the some time there's been some tidying of fprints that output
size_t values.
4. PR #94 showed up an unused enum in pcre2_convert.c, which is now removed.
5. Minor code re-arrangement to remove gcc warning about realloc() in
pcre2test.
6. Change a number of int variables that hold buffer and line lengths in
pcre2grep to PCRE2_SIZE (aka size_t).
7. Added an #ifdef to cut out a call to PRIV(jit_free) when JIT is not
supported (even though that function would do nothing in that case) at the
request of a user who doesn't even want to link with pcre_jit_compile.o. Also
tidied up an untidy #ifdef arrangement in pcre2test.
8. Fixed an issue in the backtracking optimization of character repeats in
JIT. Furthermore optimize star repetitions, not just plus repetitions.
9. Removed the use of an initial backtracking frames vector on the system stack
in pcre2_match() so that it now always uses the heap. (In a multi-thread
environment with very small stacks there had been an issue.) This also is
tidier for JIT matching, which didn't need that vector. The heap vector is now
remembered in the match data block and re-used if that block itself is re-used.
It is freed with the match data block.
10. Adjusted the find_limits code in pcre2test to work with change 9 above.
11. Added find_limits_noheap to pcre2test, because the heap limits are now
different in different environments and so cannot be included in the standard
tests.
12. Created a test for pcre2_match() heap processing that is not part of the
tests run by 'make check', but can be run manually. The current output is from
a 64-bit system.
13. Implemented -Z aka --null in pcre2grep.
14. A minor change to pcre2test and the addition of several new pcre2grep tests
have improved LCOV coverage statistics. At the same time, code in pcre2grep and
elsewhere that can never be obeyed in normal testing has been excluded from
coverage.
15. Fixed a bug in pcre2grep that could cause an extra newline to be written
after output generaed by --output.
16. If a file has a .bz2 extension but is not in fact compressed, pcre2grep
should process it as a plain text file. A bug stopped this happening; now fixed
and added to the tests.
17. When pcre2grep was running not in UTF mode, if a string specified by
--output or obtained from a callout in a pattern contained a character (byte)
greater than 127, it was incorrectly output in UTF-8 format.
18. Added some casts after warnings from Clang sanitize.
19. Merged patch from cbouc (GitHub #139): 4 function prototypes were missing
PCRE2_CALL_CONVENTION in src/pcre2posix.h. All function prototypes returning
pointers had out of place PCRE2_CALL_CONVENTION in src/pcre2.h.*. These
produced errors when building for Windows with #define PCRE2_CALL_CONVENTION
__stdcall.
20. A negative repeat value in a pcre2test subject line was not being
diagnosed, leading to infinite looping.
21. Updated RunGrepTest to discard the warning that Bash now gives when setting
LC_CTYPE to a bad value (because older versions didn't).
22. Updated pcre2grep so that it behaves like GNU grep when matching more than
one pattern and a later pattern matches at an earlier point in the subject when
the matched substrings are being identified by colour or by offsets.
23. Updated the PrepareRelease script so that the man page that it makes for
the pcre2demo demonstration program is more standard and does not cause errors
when processed by lexgrog or mandb -c (GitHub issue #160).
24. The JIT compiler was updated."
Version 10.42 11-December-2022
------------------------------
"This release is mainly to fix a problem with 10.41, which is broken for
programs that include pcre2posix.h but not pcre2.h. Some other minor fixes
are included.
1. Change 19 of 10.41 wasn't quite right; it put the definition of a default,
empty value for PCRE2_CALL_CONVENTION in src/pcre2posix.c instead of
src/pcre2posix.h, which meant that programs that included pcre2posix.h but not
pcre2.h failed to compile.
2. To catch similar issues to the above in future, a new small test program
that includes pcre2posix.h but not pcre2.h has been added to the test suite.
3. When the -S option of pcre2test was used to set a stack size greater than
the allowed maximum, the error message displayed the hard limit incorrectly.
This was pointed out on GitHub pull request #171, but the suggested patch
didn't cope with all cases. Some further modification was required.
4. Supplying an ovector count of more than 65535 to pcre2_match_data_create()
caused a crash because the field in the match data block is only 16 bits. A
maximum of 65535 is now silently applied.
5. Merged @carenas patch #175 which fixes#86 - segfault on aarch64 (ARM),"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.3.1 to 2.3.4
- Update of rootfile
- No Changelog available in the source tarball or on the website. talloc uses the samba
technical mailing list for any communications but there was no announcement for the
updated versions found.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 0.6.22 to 0.6.24
- Update of rootfile not required
- source file no longer provided in xz format - changed to bz2
- Changelog (Two CVE's fixed in 0.6.23)
libexif-0.6.24 (2021-11-25):
* Translation updates: sr, vi, pl, uk, french
* fixed regression in exif_data_load_data which could not load EXIF in JPEG data anymore
* Decode lots of Canon tag names
* removed empty strings from translation (empty string would translate to the PO info header)
* various warning removals and code improvements
* added sample "persistent" afl fuzzer (100x faster than normal afl fuzzer)
libexif-0.6.23 (2021-09-12):
* Translation updates: es, pl, uk, fr
* EXIF_TAG_SENSITIVITY_TYPE decoder added, added some more Exif 2.3 tags:
- EXIF_TAG_STANDARD_OUTPUT_SENSITIVITY
- EXIF_TAG_RECOMMENDED_EXPOSURE_INDEX
- EXIF_TAG_ISO_SPEED
- EXIF_TAG_ISO_SPEEDLatitudeYYY
- EXIF_TAG_ISO_SPEEDLatitudeZZZ
- EXIF_TAG_OFFSET_TIME
- EXIF_TAG_OFFSET_TIME_ORIGINAL
- EXIF_TAG_OFFSET_TIME_DIGITIZED
- EXIF_TAG_IMAGE_DEPTH
* be more relaxed to out of order JPG / EXIF dataheaders in files generated by some tools
* default GPS IFD table added
* Decode more Nikon Makernote tag names
* Added Apple iOS Makernote
* Security fixes:
* CVE-2020-0198: unsigned integer overflow in exif_data_load_data_content
* CVE-2020-0452: compiler optimization could remove an a
bufferoverflow check, making a buffer overflow possible with some
EXIF tags
* some more denial of service (compute time or stack exhaustion) counter-measures
added that avoid minutes of decoding time with malformed files found
by OSS-Fuzz
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3.4.2 to 3.4.4
- Update of rootfile
- Changelog
3.4.4 Oct-23-2022
Important aarch64 fixes, including support for linux builds
with Link Time Optimization (-flto).
Fix x86 stdcall stack alignment.
Fix x86 Windows msvc assembler compatibility.
Fix moxie and or1k small structure args.
3.4.3 Sep-19-22
All struct args are passed by value, regardless of size, as per ABIs.
Enable static trampolines for Cygwin.
Add support for Loongson's LoongArch64 architecture.
Fix x32 static trampolines.
Fix 32-bit x86 stdcall stack corruption.
Fix ILP32 aarch64 support.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.38 to 1.41
- Update of rootfile
- Changelog
* Noteworthy changes in release 1.41 (2022-06-25) [stable]
** Bump LT_REVISION for new release.
It was mistakenly left at the same value since 1.38.
** Add version number related self-checks.
* Noteworthy changes in release 1.40 (2022-06-20) [stable]
** lib: Bump STRINGPREP_VERSION to 1.40.
It was mistakenly left at 1.38 in the 1.39 release.
* Noteworthy changes in release 1.39 (2022-06-20) [stable]
** lib: Code detecting current locale broken since 1.36.
The code always returned ASCII. The precise cause is complicated to
track down but likely boils down to the new autotools/gettext
bootstrapping sequence introduced in release 1.36. Reported by Богдан
Пилипенко <bogdan.pylypenko107@gmail.com>.
** maint: Java JAR archive no longer included in source tarball.
** Minor fixes: typos, makefiles, indentation, gnulib update, etc.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version r55 to r56
- Update of rootfile not required
- Changelog
version 56
Fix redundant cast-to-int when INI_USE_STACK!=0
Make inline comments work on subsequent lines of multiline values
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.0.4 to 2.1.4
- Update of rootfile
- Changelog
2.1.4
### Significant changes relative to 2.1.3
1. Fixed a regression introduced in 2.1.3 that caused build failures with
Visual Studio 2010.
2. The `tjDecompressHeader3()` function in the TurboJPEG C API and the
`TJDecompressor.setSourceImage()` method in the TurboJPEG Java API now accept
"abbreviated table specification" (AKA "tables-only") datastreams, which can be
used to prime the decompressor with quantization and Huffman tables that can be
used when decompressing subsequent "abbreviated image" datastreams.
3. libjpeg-turbo now performs run-time detection of AltiVec instructions on
OS X/PowerPC systems if AltiVec instructions are not enabled at compile time.
This allows both AltiVec-equipped (PowerPC G4 and G5) and non-AltiVec-equipped
(PowerPC G3) CPUs to be supported using the same build of libjpeg-turbo.
4. Fixed an error ("Bogus virtual array access") that occurred when attempting
to decompress a progressive JPEG image with a height less than or equal to one
iMCU (8 * the vertical sampling factor) using buffered-image mode with
interblock smoothing enabled. This was a regression introduced by
2.1 beta1[6(b)].
5. Fixed two issues that prevented partial image decompression from working
properly with buffered-image mode:
- Attempting to call `jpeg_crop_scanline()` after
`jpeg_start_decompress()` but before `jpeg_start_output()` resulted in an error
("Improper call to JPEG library in state 207".)
- Attempting to use `jpeg_skip_scanlines()` resulted in an error ("Bogus
virtual array access") under certain circumstances.
2.1.3
### Significant changes relative to 2.1.2
1. Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM
input files into full-color JPEG images unless the `-grayscale` option was
used.
2. cjpeg now automatically compresses GIF and 8-bit BMP input files into
grayscale JPEG images if the input files contain only shades of gray.
3. The build system now enables the intrinsics implementation of the AArch64
(Arm 64-bit) Neon SIMD extensions by default when using GCC 12 or later.
4. Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using
the merged (non-fancy) upsampling algorithms (that is, with
`cinfo.do_fancy_upsampling` set to `FALSE`) along with `jpeg_crop_scanline()`.
Specifically, the segfault occurred if the number of bytes remaining in the
output buffer was less than the number of bytes required to represent one
uncropped scanline of the output image. For that reason, the issue could only
be reproduced using the libjpeg API, not using djpeg.
2.1.2
### Significant changes relative to 2.1.1
1. Fixed a regression introduced by 2.1 beta1[13] that caused the remaining
GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used
by default with GCC for performance reasons) to be placed in the `.rodata`
section rather than in the `.text` section. This caused the GNU linker to
automatically place the `.rodata` section in an executable segment, which
prevented libjpeg-turbo from working properly with other linkers and also
represented a potential security risk.
2. Fixed an issue whereby the `tjTransform()` function incorrectly computed the
MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus
unduly rejected some cropping regions, even though those regions aligned with
8x8 MCU block boundaries.
3. Fixed a regression introduced by 2.1 beta1[13] that caused the build system
to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy
architectures that do not support Neon instructions.
4. libjpeg-turbo now performs run-time detection of AltiVec instructions on
FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile
time. This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be
supported using the same build of libjpeg-turbo.
5. cjpeg now accepts a `-strict` argument similar to that of djpeg and
jpegtran, which causes the compressor to abort if an LZW-compressed GIF input
image contains incomplete or corrupt image data.
2.1.1
### Significant changes relative to 2.1.0
1. Fixed a regression introduced in 2.1.0 that caused build failures with
non-GCC-compatible compilers for Un*x/Arm platforms.
2. Fixed a regression introduced by 2.1 beta1[13] that prevented the Arm 32-bit
(AArch32) Neon SIMD extensions from building unless the C compiler flags
included `-mfloat-abi=softfp` or `-mfloat-abi=hard`.
3. Fixed an issue in the AArch32 Neon SIMD Huffman encoder whereby reliance on
undefined C compiler behavior led to crashes ("SIGBUS: illegal alignment") on
Android systems when running AArch32/Thumb builds of libjpeg-turbo built with
recent versions of Clang.
4. Added a command-line argument (`-copy icc`) to jpegtran that causes it to
copy only the ICC profile markers from the source file and discard any other
metadata.
5. libjpeg-turbo should now build and run on CHERI-enabled architectures, which
use capability pointers that are larger than the size of `size_t`.
6. Fixed a regression (CVE-2021-37972) introduced by 2.1 beta1[5] that caused a
segfault in the 64-bit SSE2 Huffman encoder when attempting to losslessly
transform a specially-crafted malformed JPEG image.
2.1.0
### Significant changes relative to 2.1 beta1
1. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
decompress certain progressive JPEG images with one or more component planes of
width 8 or less caused a buffer overrun.
2. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
decompress a specially-crafted malformed progressive JPEG image caused the
block smoothing algorithm to read from uninitialized memory.
3. Fixed an issue in the Arm Neon SIMD Huffman encoders that caused the
encoders to generate incorrect results when using the Clang compiler with
Visual Studio.
4. Fixed a floating point exception (CVE-2021-20205) that occurred when
attempting to compress a specially-crafted malformed GIF image with a specified
image width of 0 using cjpeg.
5. Fixed a regression introduced by 2.0 beta1[15] whereby attempting to
generate a progressive JPEG image on an SSE2-capable CPU using a scan script
containing one or more scans with lengths divisible by 32 and non-zero
successive approximation low bit positions would, under certain circumstances,
result in an error ("Missing Huffman code table entry") and an invalid JPEG
image.
6. Introduced a new flag (`TJFLAG_LIMITSCANS` in the TurboJPEG C API and
`TJ.FLAG_LIMIT_SCANS` in the TurboJPEG Java API) and a corresponding TJBench
command-line argument (`-limitscans`) that causes the TurboJPEG decompression
and transform functions/operations to return/throw an error if a progressive
JPEG image contains an unreasonably large number of scans. This allows
applications that use the TurboJPEG API to guard against an exploit of the
progressive JPEG format described in the report
["Two Issues with the JPEG Standard"](https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf).
7. The PPM reader now throws an error, rather than segfaulting (due to a buffer
overrun) or generating incorrect pixels, if an application attempts to use the
`tjLoadImage()` function to load a 16-bit binary PPM file (a binary PPM file
with a maximum value greater than 255) into a grayscale image buffer or to load
a 16-bit binary PGM file into an RGB image buffer.
8. Fixed an issue in the PPM reader that caused incorrect pixels to be
generated when using the `tjLoadImage()` function to load a 16-bit binary PPM
file into an extended RGB image buffer.
9. Fixed an issue whereby, if a JPEG buffer was automatically re-allocated by
one of the TurboJPEG compression or transform functions and an error
subsequently occurred during compression or transformation, the JPEG buffer
pointer passed by the application was not updated when the function returned.
2.0.90 (2.1 beta1)
### Significant changes relative to 2.0.6:
1. The build system, x86-64 SIMD extensions, and accelerated Huffman codec now
support the x32 ABI on Linux, which allows for using x86-64 instructions with
32-bit pointers. The x32 ABI is generally enabled by adding `-mx32` to the
compiler flags.
Caveats:
- CMake 3.9.0 or later is required in order for the build system to
automatically detect an x32 build.
- Java does not support the x32 ABI, and thus the TurboJPEG Java API will
automatically be disabled with x32 builds.
2. Added Loongson MMI SIMD implementations of the RGB-to-grayscale, 4:2:2 fancy
chroma upsampling, 4:2:2 and 4:2:0 merged chroma upsampling/color conversion,
and fast integer DCT/IDCT algorithms. Relative to libjpeg-turbo 2.0.x, this
speeds up:
- the compression of RGB source images into grayscale JPEG images by
approximately 20%
- the decompression of 4:2:2 JPEG images by approximately 40-60% when
using fancy upsampling
- the decompression of 4:2:2 and 4:2:0 JPEG images by approximately
15-20% when using merged upsampling
- the compression of RGB source images by approximately 30-45% when using
the fast integer DCT
- the decompression of JPEG images into RGB destination images by
approximately 2x when using the fast integer IDCT
The overall decompression speedup for RGB images is now approximately
2.3-3.7x (compared to 2-3.5x with libjpeg-turbo 2.0.x.)
3. 32-bit (Armv7 or Armv7s) iOS builds of libjpeg-turbo are no longer
supported, and the libjpeg-turbo build system can no longer be used to package
such builds. 32-bit iOS apps cannot run in iOS 11 and later, and the App Store
no longer allows them.
4. 32-bit (i386) OS X/macOS builds of libjpeg-turbo are no longer supported,
and the libjpeg-turbo build system can no longer be used to package such
builds. 32-bit Mac applications cannot run in macOS 10.15 "Catalina" and
later, and the App Store no longer allows them.
5. The SSE2 (x86 SIMD) and C Huffman encoding algorithms have been
significantly optimized, resulting in a measured average overall compression
speedup of 12-28% for 64-bit code and 22-52% for 32-bit code on various Intel
and AMD CPUs, as well as a measured average overall compression speedup of
0-23% on platforms that do not have a SIMD-accelerated Huffman encoding
implementation.
6. The block smoothing algorithm that is applied by default when decompressing
progressive Huffman-encoded JPEG images has been improved in the following
ways:
- The algorithm is now more fault-tolerant. Previously, if a particular
scan was incomplete, then the smoothing parameters for the incomplete scan
would be applied to the entire output image, including the parts of the image
that were generated by the prior (complete) scan. Visually, this had the
effect of removing block smoothing from lower-frequency scans if they were
followed by an incomplete higher-frequency scan. libjpeg-turbo now applies
block smoothing parameters to each iMCU row based on which scan generated the
pixels in that row, rather than always using the block smoothing parameters for
the most recent scan.
- When applying block smoothing to DC scans, a Gaussian-like kernel with a
5x5 window is used to reduce the "blocky" appearance.
7. Added SIMD acceleration for progressive Huffman encoding on Arm platforms.
This speeds up the compression of full-color progressive JPEGs by about 30-40%
on average (relative to libjpeg-turbo 2.0.x) when using modern Arm CPUs.
8. Added configure-time and run-time auto-detection of Loongson MMI SIMD
instructions, so that the Loongson MMI SIMD extensions can be included in any
MIPS64 libjpeg-turbo build.
9. Added fault tolerance features to djpeg and jpegtran, mainly to demonstrate
methods by which applications can guard against the exploits of the JPEG format
described in the report
["Two Issues with the JPEG Standard"](https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf).
- Both programs now accept a `-maxscans` argument, which can be used to
limit the number of allowable scans in the input file.
- Both programs now accept a `-strict` argument, which can be used to
treat all warnings as fatal.
10. CMake package config files are now included for both the libjpeg and
TurboJPEG API libraries. This facilitates using libjpeg-turbo with CMake's
`find_package()` function. For example:
find_package(libjpeg-turbo CONFIG REQUIRED)
add_executable(libjpeg_program libjpeg_program.c)
target_link_libraries(libjpeg_program PUBLIC libjpeg-turbo::jpeg)
add_executable(libjpeg_program_static libjpeg_program.c)
target_link_libraries(libjpeg_program_static PUBLIC
libjpeg-turbo::jpeg-static)
add_executable(turbojpeg_program turbojpeg_program.c)
target_link_libraries(turbojpeg_program PUBLIC
libjpeg-turbo::turbojpeg)
add_executable(turbojpeg_program_static turbojpeg_program.c)
target_link_libraries(turbojpeg_program_static PUBLIC
libjpeg-turbo::turbojpeg-static)
11. Since the Unisys LZW patent has long expired, cjpeg and djpeg can now
read/write both LZW-compressed and uncompressed GIF files (feature ported from
jpeg-6a and jpeg-9d.)
12. jpegtran now includes the `-wipe` and `-drop` options from jpeg-9a and
jpeg-9d, as well as the ability to expand the image size using the `-crop`
option. Refer to jpegtran.1 or usage.txt for more details.
13. Added a complete intrinsics implementation of the Arm Neon SIMD extensions,
thus providing SIMD acceleration on Arm platforms for all of the algorithms
that are SIMD-accelerated on x86 platforms. This new implementation is
significantly faster in some cases than the old GAS implementation--
depending on the algorithms used, the type of CPU core, and the compiler. GCC,
as of this writing, does not provide a full or optimal set of Neon intrinsics,
so for performance reasons, the default when building libjpeg-turbo with GCC is
to continue using the GAS implementation of the following algorithms:
- 32-bit RGB-to-YCbCr color conversion
- 32-bit fast and accurate inverse DCT
- 64-bit RGB-to-YCbCr and YCbCr-to-RGB color conversion
- 64-bit accurate forward and inverse DCT
- 64-bit Huffman encoding
A new CMake variable (`NEON_INTRINSICS`) can be used to override this
default.
Since the new intrinsics implementation includes SIMD acceleration
for merged upsampling/color conversion, 1.5.1[5] is no longer necessary and has
been reverted.
14. The Arm Neon SIMD extensions can now be built using Visual Studio.
15. The build system can now be used to generate a universal x86-64 + Armv8
libjpeg-turbo SDK package for both iOS and macOS.
2.0.6
### Significant changes relative to 2.0.5:
1. Fixed "using JNI after critical get" errors that occurred on Android
platforms when using any of the YUV encoding/compression/decompression/decoding
methods in the TurboJPEG Java API.
2. Fixed or worked around multiple issues with `jpeg_skip_scanlines()`:
- Fixed segfaults or "Corrupt JPEG data: premature end of data segment"
errors in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or
4:2:0 JPEG images using merged (non-fancy) upsampling/color conversion (that
is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.) 2.0.0[6] was a
similar fix, but it did not cover all cases.
- `jpeg_skip_scanlines()` now throws an error if two-pass color
quantization is enabled. Two-pass color quantization never worked properly
with `jpeg_skip_scanlines()`, and the issues could not readily be fixed.
- Fixed an issue whereby `jpeg_skip_scanlines()` always returned 0 when
skipping past the end of an image.
3. The Arm 64-bit (Armv8) Neon SIMD extensions can now be built using MinGW
toolchains targetting Arm64 (AArch64) Windows binaries.
4. Fixed unexpected visual artifacts that occurred when using
`jpeg_crop_scanline()` and interblock smoothing while decompressing only the DC
scan of a progressive JPEG image.
5. Fixed an issue whereby libjpeg-turbo would not build if 12-bit-per-component
JPEG support (`WITH_12BIT`) was enabled along with libjpeg v7 or libjpeg v8
API/ABI emulation (`WITH_JPEG7` or `WITH_JPEG8`.)
2.0.5
### Significant changes relative to 2.0.4:
1. Worked around issues in the MIPS DSPr2 SIMD extensions that caused failures
in the libjpeg-turbo regression tests. Specifically, the
`jsimd_h2v1_downsample_dspr2()` and `jsimd_h2v2_downsample_dspr2()` functions
in the MIPS DSPr2 SIMD extensions are now disabled until/unless they can be
fixed, and other functions that are incompatible with big endian MIPS CPUs are
disabled when building libjpeg-turbo for such CPUs.
2. Fixed an oversight in the `TJCompressor.compress(int)` method in the
TurboJPEG Java API that caused an error ("java.lang.IllegalStateException: No
source image is associated with this instance") when attempting to use that
method to compress a YUV image.
3. Fixed an issue (CVE-2020-13790) in the PPM reader that caused a buffer
overrun in cjpeg, TJBench, or the `tjLoadImage()` function if one of the values
in a binary PPM/PGM input file exceeded the maximum value defined in the file's
header and that maximum value was less than 255. libjpeg-turbo 1.5.0 already
included a similar fix for binary PPM/PGM files with maximum values greater
than 255.
4. The TurboJPEG API library's global error handler, which is used in functions
such as `tjBufSize()` and `tjLoadImage()` that do not require a TurboJPEG
instance handle, is now thread-safe on platforms that support thread-local
storage.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 23.4 to 23.6
- Update of rootfile
- Changelog
Changes in 23.6
* buildsys: Fix DEJAGNU work-around Debian #1015089
* killall: Use kill if pidfd_send_signal fails Debian #1015228
* fuser: Do not mention nonexistent - reset option #42
* fuser: Use modern statn where possible
* pstree: Better AppArmor support !30
Changes in 23.5
* killall: Check truncated names !28
* killall: Use openat and pidfd_send_signal #37
* killall: Don't check paths of sockets #35
* pstree: Check for process with show_parents #38
* pstree: Don't disable compaction with show pgids #34
* pstree: Fix storage leak !29
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3.6.1 to 3.6.2
- Update of rootfile
- patch to fix glibc 2.36 headers is now part of the source code
- Changelog
Libarchive 3.6.2 is a bugfix and security release.
Important bug fixes:
include ZSTD in Windows builds (#1688)
SSL fixes on Windows (#1714, #1723, #1724)
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.20 to 1.20.1
- Update of rootfile not required
- Changelog
Major changes in 1.20.1 (2022-11-15)
Fix integer overflows in PAC parsing [CVE-2022-42898].
Fix null deref in KDC when decoding invalid NDR.
Fix memory leak in OTP kdcpreauth module.
Fix PKCS11 module path search.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from vesrion 0.92 to 0.92.1
- Update of rootfile
- Changelog
libstatgrab 0.92.1 (27 July 2021)
* Fix build with autoconf 2.70+.
* Fix CPU stats on older Linux kernels.
* Make sure to count processes in an unknown state.
* Check if -ltinfo is needed when linking ncurses.
* Fixes to build when cross-compiling.
* Fix build with -DNDEBUG.
* Handle vmmeter changes in FreeBSD 12.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 0.9.6 to 0.10.4
- Update of rootfile
- Changelog
version 0.10.4 (released 2022-09-07)
* Fixed issues with KDF on big endian
version 0.10.3 (released 2022-09-05)
* Fixed possible infinite loop in known hosts checking
version 0.10.2 (released 2022-09-02)
* Fixed tilde expansion when handling include directives
* Fixed building the shared torture library
* Made rekey test more robust (fixes running on i586 build systems e.g koji)
version 0.10.1 (released 2022-08-30)
* Fixed proxycommand support
* Fixed musl libc support
version 0.10.0 (released 2022-08-26)
* Added support for OpenSSL 3.0
* Added support for mbedTLS 3
* Added support for Smart Cards (through openssl pkcs11 engine)
* Added support for chacha20-poly1305@openssh.com with libgcrypt
* Added support ed25519 keys in PEM files
* Added support for sk-ecdsa and sk-ed25519 (server side)
* Added support for limiting RSA key sizes and not accepting small one by
default
* Added support for ssh-agent on Windows
* Added ssh_userauth_publickey_auto_get_current_identity() API
* Added ssh_vlog() API
* Added ssh_send_issue_banner() API
* Added ssh_session_set_disconnect_message() API
* Added new configuration options:
+ IdentityAgent
+ ModuliFile
* Provided X11 client example
* Disabled DSA support at build time by default (will be removed in the next
release)
* Deprecated the SCP API!
* Deprecated old pubkey, privatekey API
* Avoided some needless large stack buffers to minimize memory footprint
* Removed support for OpenSSL < 1.0.1
* Fixed parsing username@host in login name
* Free global init mutex in the destructor on Windows
* Fixed PEM parsing in mbedtls to support both legacy and new PKCS8 formats
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
