mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
55b4bb70ec7e12339d1b37d3a89c7515f4aeef52
8489 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
bcef2fe0f6 |
elinks: Update to version 0.15.1
- Update from version 0.12pre6 (2012) to 0.15.1 (July 2022)
- Update of rootfile
- Original elinks was last updated in 2012. In Jan 2020 a fork was made of the package
and has been maintained since then on an ongoing basis. This new fork is used by Arch
Linux
- elinks has not been an addon since CU141 but the lfs file was still in the addon format
This has been adjusted to make it in line with a core program
- The previous patches related to ssl have been removed as the fixes are now part of the
source tarball.
- Changelog
ELinks 0.15.1 Released on 2022-07-31
* about:config
* option --always-load-config #137
* compilation fixes on Windows #140
* added ui.background_char #142
* sample build scripts and docker files
* experimental DGI support
* DOS port based on links code
* configurable Accept-Header #143
* minor compilation fixes
ELinks 0.15.0 Released on 2021-12-24
* Serbian translation update
ELinks 0.15.0rc2 Released on 2021-12-19
* Serbian translation update
* HOME_ETC
ELinks 0.15.0rc1 Released on 2021-12-04
* removed -Wno-pointer-sign from CFLAGS
* close stdin before calling a background program (sgerwk)
and options related to it #108, #109, #110, #113
* gemini protocol and text/gemini mime type
* changed rendering of blockquote element
* avoid tmpfile in lua (sgerwk) #115, #118
* console.log in js (mtatton) #93
* localstorage (mtatton) #98
* options document.browse.search.beginning_only
document.browse.search.ignore_history
ui.double_esc
* ui.temperature.* to show temperature of CPU
* document.plain.fixup_tables
* enhanced ecmascript code. Added QuickJS
* Notes on ECMAScript:
requires C++ compiler, sqlite3, libxml++5 >= 5.0.1.GIT
and either mozjs78-dev or QuickJS-2021-03-27
Most sites don't work, some crash. Some workarounds were implemented:
a) ECMAScript is disabled by default
b) ~/.elinks/allow.txt and ~/.elinks/disallow.txt with url prefixes
c) Added toggle-ecmascript action. You can bind it to some key
* other small fixes
ELinks 0.14.3 Released on 2021-09-26
* Fix issue with negative value of cells #126
ELinks 0.14.2 Released on 2021-08-29
* crash in nttp #114
* XSS in gopher #125
ELinks 0.14.1 Released on 2021-05-30
* Disable spidermonkey by default #85
* Show error message about libgcrypt-config. #86
* off by two. #88
* Check NULL. #99
* fix error message when no previous search was performed #100
* alert when moving to the next match of a failed search #101
* include unistd.h and errno.h to define safe_read() #107
ELinks 0.14.0 Released on 2020-12-27
No changes since 0.14.0rc2.
ELinks 0.14.0rc2 Released on 2020-12-13
* ~/.elinks/allow.txt - list of allowed url prefixes for js
ELinks 0.14.0rc1 Released on 2020-12-06
* dblatex for pdf. PR #64
* fixes CTRL-Z. #65
* changes in mime handlers. PR #66
* fixes in data protocol. #67, #68, #71, #72, #73
* allow to wrap text in PRE. #69
* pass #fragment to external command. #75
* introduced "document.browse.search.reset". #76
* added meson as alternative build system
* in #77 I'm going to attach static binaries for released versions
* mozjs dependency updated to 52.*
Note that, to compile with javascript support you must compile by g++ with -fpermissive option.
There is a lot of warnings. Unfortunately JS often crashes. Without help from someone familiar
with SpiderMonkey, we won't go far.
As you might notice, I renamed repo to elinks.
Thanks to all involved in this release.
ELinks 0.13.5 Released on 2020-08-30
* added clipboard selection using keyboard. #59
* fixed drawing menus over emoji characters. #60
* encoding to utf-8 and decoding back in python's pre_format_html_hook
This is likely the last release of 0.13.x series.
ELinks 0.13.4: Released on 2020-07-31.
* fixed segfault with gnutls. introduced in 0.13.3
* updated smart and dumb prefixes to https. Thanks Guido Cella. PR #54
* added the st terminal to config options. PR #55
* doc updates PR #57
* also pass the uri as %u to external handler. Thanks sgerwk. PR #58
* added the ui.clipboard_file config option
ELinks 0.13.3: Released on 2020-06-29.
* configure option --with-luapkg=name
You can choose lua version at compilation time. For example: --with-luapkg=luajit
* config option connection.ssl.https_by_default (Thanks Guido Cella)
not enabled by default
* docs updates (Guido Cella)
* fixes related to ui.mouse_disable and xterm-like terminals (Thanks sgerwk)
* show an alert when the search string is not found (sgerwk)
ELinks 0.13.2: Released on 2020-05-31.
* command line option -remote search(...) (thanks sgerwk)
* command line option -bind-address
* config option ui.mouse_disable (sgerwk)
* config option ui.tostop
* config option ui.sessions.fork_on_start
* compatibility (compilability) with lua-5.2 and 5.3
* modified cookies code (not well tested)
ELinks 0.13.1: Released on 2020-01-31.
* Fixed issue with uploading files to local cgi.
* Python scripts in contrib converted to python3.
ELinks 0.13.0: Released on 2019-12-27.
Incompatibilities:
* The protocol.fsp.sort option has been removed. ELinks always sorts.
* bug 1024: Verify the host name or IP address in the server certificate
if connection.ssl.cert_verify is not 0.
Miscellaneous:
* The configure script is no longer part of tarball, you must generate it.
For example running ./autogen.sh
* major bug 181: Slave ELinks processes can now run an external editor.
This used to work in the master process only.
* major bug 722: Filter CSS according to media types. New option
document.css.media.
* bug 638: Propagate the existence of $DISPLAY from slave terminals to
mailcap test commands.
* bugs 762, 1082: Small memory leak in goto_current_link/goto_imgmap
* bug 963: New option document.css.ignore_display_none.
* bug 977: Fixed crash when opening in new tab a non link with onclick
attribute.
* bug 1008: File upload fields in HTML forms now stream the files to
the server, instead of reading them to memory in advance. This lets
you upload larger files. The downsides are that ELinks may use a
cached response even if you have modified a file between requests,
and that ELinks can send inconsistent data if you modify a file
while it is being uploaded.
* bug 1054: Don't abort downloads when closing the terminal from which
they were started. When such a download ends, display the message
in the most recently used terminal. If the user chooses
``Background and Notify'' via the download manager in some terminal,
reassociate the download with that terminal. These changes do not
apply to downloads to external handlers.
* Really retry forever when connection.retries = 0.
* enhancement: Session-specific options. Any options changed with
toggle-* actions no longer affect other tabs or other terminals.
* Do not crash when document.browse.minimum_refresh_time = 0 and
a document has a meta refresh with a delay of 0.
* Properly update link highlighting and status bar information when the
repeat prefix is changed.
* Handle SSL rehandshakes
* Fix compatibility with Ruby >= 1.9
* enhancement 15: Domain-specific options. Use set_domain in
elinks.conf to e.g. disable cookies for google.com. The option
manager window does not yet support this.
* enhancement 867: Use bracketed paste mode on xterm. This requires
xterm patch #228 or later configured with --enable-readline-mouse.
* enhancement 824: Experimental support for combining characters.
See features.conf for details.
* enhancement: Add a new entry Link Info under Link main menu.
* enhancement: Indicate backgrounded downloads using an unused led.
* enhancement: Display the number of ECMAScript interpreters that have
been allocated for documents in the Resources dialog.
* Fedora enhancement 346861: Add support for nss_compat_ossl library
(OpenSSL replacement).
* enhancement: ``elinks --dump'' uses box-drawing characters if supported
by the charset.
* enhancement 1070: Support 256 colors on fbterm-1.4.
* enhancement 1075: Scrolling the entire contents of dialog boxes.
Especially useful for multi-file BitTorrent downloads.
* Report if the Lua function edit_bookmark_dialog receives the wrong
number or types of arguments instead of silently failing.
* enhancement: Add ``Invalidate'' button to the cache manager.
* enhancement: Add ``Search contents'' button to the cache manager with
which one can search through the cache items' data rather than their
metadata.
* enhancement: Add rudimentary support for the HTML5 media elements,
<video> and <audio>.
* enhancement: Add move-half-page-up and move-half-page-down actions.
* enhancement: Add option to change overlap for vertical scrolling.
* enhancement: HTML meta refresh allows semicolons in URLs, and the
syntax is more like in Firefox.
* link against lua51 not lua50
* SpiderMonkey must be mozjs-17.0. This version is latest with C API.
Find it with pkg-config.
* using iconv for some multibyte charsets. It works if the terminal codepage
is UTF-8. More charsets will be added on demand.
* enhancement: support SSL client certificate
* python scripting is Python3 only
* brotli and zstd encodings
* possibility to make use of libevent instead of select for event loop
* terminfo queries for output (not input) as compilation option
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
c5c0decb15 |
ddrescue: Update to version 1.26
- Update from version 1.25 to 1.26
- Update of rootfile not required
- Changelog
Changes in version 1.26:
While writing the mapfile, ddrescue now checks the return value of each call
to 'fprintf' to catch any temporary failure of 'fprintf' not reported by the
system when closing the file. (Hole in mapfile reported by Radomír Tomis).
Domain mapfiles may now contain unordered and overlapping blocks when
'-L, --loose-domain' is specified as long as no block overlaps with other
block of different status. (Suggested by Gábor Katona and Shaya Potter).
Ddrescue now shows the file name in all the diagnostics with a file involved.
(Reported by Radomír Tomis).
Ddrescue now exits with status 1 on fatal read errors.
(Suggested by Marco Marques).
Empty phases are now completely skipped.
Ddrescue now scrolls forward after each pass. This keeps on the screen the
final status of the previous pass, making it easier to estimate the amount
of work done by the current pass. (Based on a suggestion by David Morrison).
In case of error in a numerical argument to a command line option, ddrescue
now shows the name of the option and the range of valid values.
The option synonyms '--*-logfile' and '--pause' have been removed and are no
longer recognized.
Ddrescuelog now can convert between mapfiles and bitmaps of blocks (big and
little endian). The new option '-F, --format' has been added to ddrescuelog.
It selects the input format for '--create-mapfile', or the output format for
'--list-blocks'. (Bitmap format proposed by Florian Sedivy).
Option '-d, --delete-if-done' of ddrescuelog no longer returns an error if
the mapfile is read from standard input. Instead it behaves like
'-D, --done-status' because there is nothing to delete.
'ddrescuelog --show-status' now rounds percentages up to get the sum closer
to 100%.
Three missing '#include <algorithm>' have been added.
(Reported by Richard Burkert).
The description of the algorithm in the manual has been improved.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
c0fb958487 |
cups-filters: Update to version 1.28.16
- Update from version 1.28.14 to 1.;28 16
- Update of rootfile not required
- Changelog
CHANGES IN V1.28.16
- imagetoraster, imagetopdf, libcupsfilters: Added support for
reading the resolution of an image from its EXIF data when
loading it. This way we get the image reproduced in its
original size with "print-scaling=none" (Issue #362).
- libcupsfilters: Replaced deprecated data types uint16 and
uint32. The function to read TIFF image files via libtiff in
cupsfilters/image-tiff.c uses the deprecated types uint16
and uint32. The replacements for these types are uint16_t
and uint32_t.
CHANGES IN V1.28.15
- pdftops: In pdftops identify old LaserJets more precisely
for working around PostScript interpreter bugs, older
printers need Poppler, newer models need Ghostscript
(Ubuntu bug #1967816).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
24109ebef7 |
sudo: Update to version 1.9.12p1
- Update from version 1.9.11p3 to 1.9.12p1
- Update of rootfile
- Changelog
What's new in Sudo 1.9.12p1
* Sudo's configure script now does a better job of detecting when
the -fstack-clash-protection compiler option does not work.
GitHub issue #191.
* Fixed CVE-2022-43995, a potential out-of-bounds write for passwords
smaller than 8 characters when passwd authentication is enabled.
This does not affect configurations that use other authentication
methods such as PAM, AIX authentication or BSD authentication.
* Fixed a build error with some configurations compiling host_port.c.
What's new in Sudo 1.9.12
* Fixed a bug in the ptrace-based intercept mode where the current
working directory could include garbage at the end.
* Fixed a compilation error on systems that lack the stdint.h
header. Bug #1035
* Fixed a bug when logging the command's exit status in intercept
mode. The wrong command could be logged with the exit status.
* For ptrace-based intercept mode, sudo will now attempt to
verify that the command path name, arguments and environment
have not changed from the time when they were authorized by the
security policy. The new "intercept_verify" sudoers setting can
be used to control this behavior.
* Fixed running commands with a relative path (e.g. ./foo) in
intercept mode. Previously, this would fail if sudo's current
working directory was different from that of the command.
* Sudo now supports passing the execve(2) system call the NULL
pointer for the `argv` and/or `envp` arguments when in intercept
mode. Linux treats a NULL pointer like an empty array.
* The sudoers LDAP schema now allows sudoUser, sudoRunasUser and
sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII.
* Fixed a problem with "sudo -i" on SELinux when the target user's
home directory is not searchable by sudo. GitHub issue #160.
* Neovim has been added to the list of visudo editors that support
passing the line number on the command line.
* Fixed a bug in sudo's SHA384 and SHA512 message digest padding.
* Added a new "-N" (--no-update) command line option to sudo which
can be used to prevent sudo from updating the user's cached
credentials. It is now possible to determine whether or not a
user's cached credentials are currently valid by running:
$ sudo -Nnv
and checking the exit value. One use case for this is to indicate
in a shell prompt that sudo is "active" for the user.
* PAM approval modules are no longer invoked when running sub-commands
in intercept mode unless the "intercept_authenticate" option is set.
There is a substantial performance penalty for calling into PAM
for each command run. PAM approval modules are still called for
the initial command.
* Intercept mode on Linux now uses process_vm_readv(2) and
process_vm_writev(2) if available.
* The XDG_CURRENT_DESKTOP environment variable is now preserved
by default. This makes it possible for graphical applications
to choose the correct theme when run via sudo.
* On 64-bit systems, if sudo fails to load a sudoers group plugin,
it will use system-specific heuristics to try to locate a 64-bit
version of the plugin.
* The cvtsudoers manual now documents the JSON and CSV output
formats. GitHub issue #172.
* Fixed a bug where sub-commands were not being logged to a remote
log server when log_subcmds was enabled. GitHub issue #174.
* The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout
sudoers settings can be used to support more fine-grained I/O logging.
The sudo front-end no longer allocates a pseudo-terminal when running
a command if the I/O logging plugin requests logging of stdin, stdout,
or stderr but not terminal input/output.
* Quieted a libgcrypt run-time initialization warning.
This fixes Debian bug #1019428 and Ubuntu bug #1397663.
* Fixed a bug in visudo that caused literal backslashes to be removed
from the EDITOR environment variable. GitHub issue #179.
* The sudo Python plugin now implements the "find_spec" method instead
of the the deprecated "find_module". This fixes a test failure when
a newer version of setuptools that doesn't include "find_module" is
found on the system.
* Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created
the process ID file, usually /var/run/sudo/sudo_logsrvd.pid, as
a directory instead of a plain file. The same bug could result
in I/O log directories that end in six or more X's being created
literally in addition to the name being used as a template for
the mkdtemp(3) function.
* Fixed a long-standing bug where a sudoers rule with a command
line argument of "", which indicates the command may be run with
no arguments, would also match a literal "" on the command line.
GitHub issue #182.
* Added the -I option to visudo which only edits the main sudoers
file. Include files are not edited unless a syntax error is found.
* Fixed "sudo -l -U otheruser" output when the runas list is empty.
Previously, sudo would list the invoking user instead of the
list user. GitHub issue #183.
* Fixed the display of command tags and options in "sudo -l" output
when the RunAs user or group changes. A new line is started for
RunAs changes which means we need to display the command tags
and options again. GitHub issue #184.
* The sesh helper program now uses getopt_long(3) to parse the
command line options.
* The embedded copy of zlib has been updated to version 1.2.13.
* Fixed a bug that prevented event log data from being sent to the
log server when I/O logging was not enabled. This only affected
systems without PAM or configurations where the pam_session and
pam_setcred options were disabled in the sudoers file.
* Fixed a bug where "sudo -l" output included a carriage return
after the newline. This is only needed when displaying to a
terminal in raw mode. Bug #1042.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
90c1a2758b |
qemu-ga: Update to version 7.1.0
- Update in line with update of qemu from version 7.0.0 to 7.1.0 - Update of rootfile not required - Changelog - see changelog info in the qemu update Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
39ff37072e |
qemu: Update to version 7.1.0
- Update from 7.0.0 to 7.1.0 - Update of rootfile not required - Removal of qemu-7.0.0-fix-glibc-headers.patch as an alternative patch approach has been implemeted into thye source tarball. - Changelog is too large to include here. Details can be found at https://wiki.qemu.org/ChangeLog/7.1 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
da0b8e4fb9 |
nginx: Update to version 1.22.1
- Update from version 1.21.6 to 1.22.1
- Update of rootfile not required
- Changelog
Changes with nginx 1.22.1 19 Oct 2022
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, worker
process memory disclosure, or might have potential other impact
(CVE-2022-41741, CVE-2022-41742).
Changes with nginx 1.22.0 24 May 2022
*) 1.22.x stable branch.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
81c3f9e1b9 |
libvirt: Update to version 8.9.0
- Update from 7.10.0 to 8.9.0 - Update of rootfile - Removal of sheepdog_storage option in ./configure as it has been removed from libvirt - Removal of libvirt-7.10.0-fix-glibc-headers.patch as contents are now built in to source tarball. - Changelog is too large to include here. Details can be found in the NEWS.rst file in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
2bfcbac468 |
libpng: Update to version 1.6.39
- Update from version 1.6.37 to 1.6.39
- Update of rootfile
- Changelog
Version 1.6.39 [November 20, 2022]
Changed the error handler of oversized chunks (i.e. larger than
PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
Fixed a buffer overflow error in contrib/tools/pngfix.
Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
Disabled the ARM Neon optimizations by default in the CMake file,
following the default behavior of the configure script.
Allowed configure.ac to work with the trunk version of autoconf.
Removed the support for "install" targets from the legacy makefiles;
removed the obsolete makefile.cegcc.
Cleaned up the code and updated the internal documentation.
Version 1.6.38 [September 14, 2022]
Added configurations and scripts for continuous integration.
Fixed various errors in the handling of tRNS, hIST and eXIf.
Implemented many stability improvements across all platforms.
Updated the internal documentation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
6bdf47513b |
libedit: Update to version 20221030-3.1
- Update from 20210910-3.1 to 20221030-3.1 - Update of rootfile - Changelog * version-info: 0:70:0 * src/sys.h, src/reallocarr.c: Remove unused sys/cdefs.h include, to compile against musl libc * version-info: 0:69:0 * src/sys.h: Add __sun guard around sys/types.h in sys.h * all: sync with upstream source Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
8cb2214c3a |
curl: Update to version 7.86.0
- Update from version 7.84.0 to 7.86.0 - Update of rootfile - curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this is now built into the source tarball version - Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES file in the source tarballs. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
bff0999f03 |
pcmciautils: Remove package from IPFire
- Current version is 014 which was released in 2008. The latest version is 018 which was released in 2011. - In 2010 pcmcia was acquired by the USB Implementers forum and all work has been focussed on usb only with nothing on pcmcia. - pcmcia is only still used as a legacy requirement on industrial computing systems for machine control etc. pcmcia was introduced originally for laptop use. - All new laptops have no pcmcia slot. Searching on amazon for laptop with pcmcia gave 55 results none of which had any pcmcia capability. - Based on the above the package pcmciautils is being removed from IPFire. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Jon Murphy
|
ef3feaf566 |
pcengines-apu-firmware: Update to version 4.17.0.2
- Update from 4.17.0.1 to 4.17.0.2
- Changelog
v4.17.0.2 - Release date: 2022-07-29
Rebased with official coreboot repository commit df721bd
See: https://github.com/pcengines/coreboot/compare/v4.17.0.1...v4.17.0.2
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Matthias Fischer
|
437e0a7368 |
nano: Update to 7.0
For details see: https://www.nano-editor.org/news.php "2022 November 15 - GNU nano 7.0 "Una existencia simple bajo el sol" String binds may contain bindable function names between braces. For example, to move the current line down to after the next one: bind ^D "{cut}{down}{paste}{up}" main. Of course, braced function names may be mixed with literal text. If an existing string bind contains a literal {, replace it with {{}. Unicode codes can be entered (via M-V) without leading zeroes, by finishing short codes with <Space> or <Enter>. Word completion (^]) looks for candidates in all open buffers. No regular expression matches the final empty line any more." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
96adb79772 |
swig: Update to version 4.1.0
- Update from version 4.0.2 to 4.1.0
- Update of rootfile
- Changelog
SWIG-4.1.0 summary:
- Add Javascript Node v12-v18 support, remove support prior to v6.
- Octave 6.0 to 6.4 support added.
- Add PHP 8 support.
- PHP wrapping is now done entirely via PHP's C API - no more .php wrapper.
- Perl 5.8.0 is now the oldest version SWIG supports.
- Python 3.3 is now the oldest Python 3 version SWIG supports.
- Python 3.9-3.11 support added.
- Various memory leak fixes in Python generated code.
- Scilab 5.5-6.1 support improved.
- Many improvements for each and every target language.
- Various preprocessor expression handling improvements.
- Improved C99, C++11, C++14, C++17 support. Start adding C++20 standard.
- Make SWIG much more move semantics friendly.
- Add C++ std::unique_ptr support.
- Few minor C++ template handling improvements.
- Various C++ using declaration fixes.
- Few fixes for handling Doxygen comments.
- GitHub Actions is now used instead of Travis CI for continuous integration.
- Add building SWIG using CMake as a secondary build system.
- Update optional SWIG build dependency for regex support from PCRE to PCRE2.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
Arne Fitzenreiter
|
afa464fd4a |
u-boot: create signed bootscript at build time
before this was as binary in git which make no real sense. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Arne Fitzenreiter
|
6163e1b766 |
u-boot: update to 2022.10 and arm-trusted-firmware-2.7
this should fix keyboard issues on rpi-4 and many other problems. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
a2e50df0fa |
usbutils: Update to version 015
- Update from version 014 to 015
- Update of rootfile not required
- Changelog
usbutils 015
usb-devices: list the root devices in numerical order
usb-devices: use 'local' variable type to handle recursion
lsusb: remove unused wireless check
lsusb: remove wireless descriptor information
usb-devices: fix field width on device speed field
lsusb: fix up Midi Device specification devices
Fix an runtime error reported by undefind sanitizer
lsusb: Improve status display for SuperSpeedPlus hubs
lsusb-t: Fix recursive sorting on child devices.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
6948b9f7e9 |
sed: Update to version 4.9
- Update from version 4.8 to 4.9
- Update of rootfile not required
- Changelog
* Noteworthy changes in release 4.9 (2022-11-06) [stable]
** Bug fixes
'sed --follow-symlinks -i' no longer loops forever when its operand
is a symbolic link cycle.
[bug introduced in sed 4.2]
a program with an execution line longer than 2GB can no longer trigger
an out-of-bounds memory write.
using the R command to read an input line of length longer than 2GB
can no longer trigger an out-of-bounds memory read.
In locales using UTF-8 encoding, the regular expression '.' no
longer sometimes fails to match Unicode characters U+D400 through
U+D7FF (some Hangul Syllables, and Hangul Jamo Extended-B) and
Unicode characters U+108000 through U+10FFFF (half of Supplemental
Private Use Area plane B).
[bug introduced in sed 4.8]
I/O errors involving temp files no longer confuse sed into using a
FILE * pointer after fclosing it, which has undefined behavior in C.
** New Features
The 'r' command now accepts address 0, allowing inserting a file before
the first line.
** Changes in behavior
Sed now prints the less-surprising variant in a corner case of
POSIX-unspecified behavior. Before, this would print "n".
Now, it prints "X":
printf n | sed 'sn\nnXn'; echo
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
c86225c944 |
openvpn: Update to version 2.5.8
- Update from version 2.5.7 to 2.5.8
- Update of rootfile not required
- Changelog
Version 2.5.8
tls-crypt-v2: bail out if the client key is too small
Remove useless empty line from CR_RESPONSE message
Allow running a default configuration with TLS libraries without BF-CBC
Change command help to match man page and implementation
Fix OpenVPN querying user/password if auth-token with user expires
t_client: Allow to force FAIL on prerequisite fails
t_client.sh: do not require fping6
Preparing release 2.5.8
msvc: add branch name and commit hash to version output
Update the replay-window backtrack log message
Do not skip ERROR:/SUCCESS: response from management interface
Fix auth-token usage with management-def-auth
Allow a few levels of recursion in virtual_output_callback()
Ensure --auth-nocache is handled during renegotiation
Purge auth-token as well while purging passwords
Do not copy auth_token username to itself
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
6ff6ba85ba |
xz: Update to version 5.2.8
- Update from version 5.2.5 to 5.2.8
- Update of rootfile
- Remove xzgrep-ZDI-CAN-16587 patch as the contents are now integrated into the source
tarball and with an improved quicker method - see changelog below.
- Changelog
5.2.8 (2022-11-13)
* xz:
- If xz cannot remove an input file when it should, this
is now treated as a warning (exit status 2) instead of
an error (exit status 1). This matches GNU gzip and it
is more logical as at that point the output file has
already been successfully closed.
- Fix handling of .xz files with an unsupported check type.
Previously such printed a warning message but then xz
behaved as if an error had occurred (didn't decompress,
exit status 1). Now a warning is printed, decompression
is done anyway, and exit status is 2. This used to work
slightly before 5.0.0. In practice this bug matters only
if xz has been built with some check types disabled. As
instructed in PACKAGERS, such builds should be done in
special situations only.
- Fix "xz -dc --single-stream tests/files/good-0-empty.xz"
which failed with "Internal error (bug)". That is,
--single-stream was broken if the first .xz stream in
the input file didn't contain any uncompressed data.
- Fix displaying file sizes in the progress indicator when
working in passthru mode and there are multiple input files.
Just like "gzip -cdf", "xz -cdf" works like "cat" when the
input file isn't a supported compressed file format. In
this case the file size counters weren't reset between
files so with multiple input files the progress indicator
displayed an incorrect (too large) value.
* liblzma:
- API docs in lzma/container.h:
* Update the list of decoder flags in the decoder
function docs.
* Explain LZMA_CONCATENATED behavior with .lzma files
in lzma_auto_decoder() docs.
- OpenBSD: Use HW_NCPUONLINE to detect the number of
available hardware threads in lzma_physmem().
- Fix use of wrong macro to detect x86 SSE2 support.
__SSE2_MATH__ was used with GCC/Clang but the correct
one is __SSE2__. The first one means that SSE2 is used
for floating point math which is irrelevant here.
The affected SSE2 code isn't used on x86-64 so this affects
only 32-bit x86 builds that use -msse2 without -mfpmath=sse
(there is no runtime detection for SSE2). It improves LZMA
compression speed (not decompression).
- Fix the build with Intel C compiler 2021 (ICC, not ICX)
on Linux. It defines __GNUC__ to 10 but doesn't support
the __symver__ attribute introduced in GCC 10.
* Scripts: Ignore warnings from xz by using --quiet --no-warn.
This is needed if the input .xz files use an unsupported
check type.
* Translations:
- Updated Croatian and Turkish translations.
- One new translations wasn't included because it needed
technical fixes. It will be in upcoming 5.4.0. No new
translations will be added to the 5.2.x branch anymore.
- Renamed the French man page translation file from
fr_FR.po to fr.po and thus also its install directory
(like /usr/share/man/fr_FR -> .../fr).
- Man page translations for upcoming 5.4.0 are now handled
in the Translation Project.
* Update doc/faq.txt a little so it's less out-of-date.
5.2.7 (2022-09-30)
* liblzma:
- Made lzma_filters_copy() to never modify the destination
array if an error occurs. lzma_stream_encoder() and
lzma_stream_encoder_mt() already assumed this. Before this
change, if a tiny memory allocation in lzma_filters_copy()
failed it would lead to a crash (invalid free() or invalid
memory reads) in the cleanup paths of these two encoder
initialization functions.
- Added missing integer overflow check to lzma_index_append().
This affects xz --list and other applications that decode
the Index field from .xz files using lzma_index_decoder().
Normal decompression of .xz files doesn't call this code
and thus most applications using liblzma aren't affected
by this bug.
- Single-threaded .xz decoder (lzma_stream_decoder()): If
lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
to use lzma_memlimit_set() to increase the limit and continue
decoding. This was supposed to work from the beginning
but there was a bug. With other decoders (.lzma or
threaded .xz decoder) this already worked correctly.
- Fixed accumulation of integrity check type statistics in
lzma_index_cat(). This bug made lzma_index_checks() return
only the type of the integrity check of the last Stream
when multiple lzma_indexes were concatenated. Most
applications don't use these APIs but in xz it made
xz --list not list all check types from concatenated .xz
files. In xz --list --verbose only the per-file "Check:"
lines were affected and in xz --robot --list only the "file"
line was affected.
- Added ABI compatibility with executables that were linked
against liblzma in RHEL/CentOS 7 or other liblzma builds
that had copied the problematic patch from RHEL/CentOS 7
(xz-5.2.2-compat-libs.patch). For the details, see the
comment at the top of src/liblzma/validate_map.sh.
WARNING: This uses __symver__ attribute with GCC >= 10.
In other cases the traditional __asm__(".symver ...")
is used. Using link-time optimization (LTO, -flto) with
GCC versions older than 10 can silently result in
broken liblzma.so.5 (incorrect symbol versions)! If you
want to use -flto with GCC, you must use GCC >= 10.
LTO with Clang seems to work even with the traditional
__asm__(".symver ...") method.
* xzgrep: Fixed compatibility with old shells that break if
comments inside command substitutions have apostrophes (').
This problem was introduced in 5.2.6.
* Build systems:
- New #define in config.h: HAVE_SYMBOL_VERSIONS_LINUX
- Windows: Fixed liblzma.dll build with Visual Studio project
files. It broke in 5.2.6 due to a change that was made to
improve CMake support.
- Windows: Building liblzma with UNICODE defined should now
work.
- CMake files are now actually included in the release tarball.
They should have been in 5.2.5 already.
- Minor CMake fixes and improvements.
* Added a new translation: Turkish
5.2.6 (2022-08-12)
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files. Previously this required
using --force.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
- Visual Studio: Use non-standard _MSVC_LANG to detect C++
standard version in the lzma.h API header. It's used to
detect when "noexcept" can be used.
* xzgrep:
- Fixed arbitrary command injection via a malicious filename
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
this was released to the public on 2022-04-07. A slight
robustness improvement has been made since then and, if
using GNU or *BSD grep, a new faster method is now used
that doesn't use the old sed-based construct at all. This
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
when xzgrepping binary files.
This vulnerability was discovered by:
cleemy desu wayo working with Trend Micro Zero Day Initiative
- Fixed detection of corrupt .bz2 files.
- Improved error handling to fix exit status in some situations
and to fix handling of signals: in some situations a signal
didn't make xzgrep exit when it clearly should have. It's
possible that the signal handling still isn't quite perfect
but hopefully it's good enough.
- Documented exit statuses on the man page.
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
of the deprecated egrep and fgrep commands.
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
problem occurred when multiple options were specied in
a single argument, for example,
echo foo | xzgrep -Fe foo
treated foo as a filename because -Fe wasn't correctly
split into -F -e.
- Added zstd support.
* xzdiff/xzcmp:
- Fixed wrong exit status. Exit status could be 2 when the
correct value is 1.
- Documented on the man page that exit status of 2 is used
for decompression errors.
- Added zstd support.
* xzless:
- Fix less(1) version detection. It failed if the version number
from "less -V" contained a dot.
* Translations:
- Added new translations: Catalan, Croatian, Esperanto,
Korean, Portuguese, Romanian, Serbian, Spanish, Swedish,
and Ukrainian
- Updated the Brazilian Portuguese translation.
- Added French man page translation. This and the existing
German translation aren't complete anymore because the
English man pages got a few updates and the translators
weren't reached so that they could update their work.
* Build systems:
- Windows: Fix building of resource files when config.h isn't
used. CMake + Visual Studio can now build liblzma.dll.
- Various fixes to the CMake support. Building static or shared
liblzma should work fine in most cases. In contrast, building
the command line tools with CMake is still clearly incomplete
and experimental and should be used for testing only.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
c81385f7f8 |
libxcrypt: Update to version 4.4.33
- Update from version 4.4.28 to 4.4.33 - Update of rootfile not required - Changelog Version 4.4.33 * Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c. With commit 894aee75433b4dc8d9724b126da6e79fa5f6814b we introduced some changes to huge page handling, that show this error when building with GCC v12.2.1, and thus need a small fix. Version 4.4.32 * Improvements to huge page handling in lib/alg-yescrypt-platform.c. When explicitly using huge pages, request the 2 MiB page size. This should fix the issue where on a system configured to use 1 GiB huge pages we'd fail on munmap() as we're only rounding the size up to a multiple of 2 MiB. With the fix, we wouldn't use huge pages on such a system. Unfortunately, now we also wouldn't use huge pages on Linux kernels too old to have MAP_HUGE_2MB (issue #152). Version 4.4.31 * Fix -Werror=conversion in lib/alg-yescrypt-opt.c (issues #161 and #162). * Add some SHA-2 Maj() optimization in lib/alg-sha256.c. * Fix issues found by Covscan in test/getrandom-fallback.c. * Fix -Werror=strict-overflow in lib/crypt-des.c, which is seen by GCC 12.x (issues #155 and #163). Version 4.4.30 * configure: Restore ucontext api functionality check. In c3f01c72b303cbbb0cc8983120677edee2f3fa4b the use of the ucontext api in the main program was removed, and with it the configure check for it. However, the ucontext api is still used in the "explicit_bzero" test and thus this test still needs to be in place. See also: https://bugs.gentoo.org/838172 * configure: Restore the functionality of the '--disable-symvers' switch. Without this fix the build was simply broken, if symbol versioning was disabled for any reason, e.g. whether the compiler nor the linker supporting it, or if disabled on purpose by the user (issue #142). * Fix variable name in crypt(3) for a datamember of 'struct crypt_data' (issue #153). Version 4.4.29 * Add glibc-on-loongarch-lp64 (Loongson LA464 / LA664) entry to libcrypt.minver. This was added in GNU libc 2.36. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
fa3f331a2e |
libuv: Update to version 1.44.2
- Update from 1.42.0 to 1.44.2 - Update of rootfile not required. - Changelog Version 1.44.2 * Add SHA to ChangeLog (Jameson Nash) * aix, ibmi: handle server hang when remote sends TCP RST (V-for-Vasili) * build: make CI a bit noisier (Jameson Nash) * process: reset the signal mask if the fork fails (Jameson Nash) * zos: implement cmpxchgi() using assembly (Shuowang (Wayne) Zhang) * build: AC_SUBST for AM_CFLAGS (Claes Nästén) * ibmi: Implement UDP disconnect (V-for-Vasili) * doc: update active maintainers list (Ben Noordhuis) * build: fix kFreeBSD build (James McCoy) * build: remove Windows 2016 workflows (Darshan Sen) * Revert "win,errors: remap ERROR_ACCESS_DENIED to UV_EACCES" (Darshan Sen) * unix: simplify getpwuid call (Jameson Nash) * build: filter CI by paths and branches (Jameson Nash) * build: add iOS to macos CI (Jameson Nash) * build: re-enable CI for windows changes (Jameson Nash) * process,iOS: fix build breakage in process.c (Denny C. Dai) * test: remove unused declarations in tcp_rst test (V-for-Vasili) * core: add thread-safe strtok implementation (Guilherme Íscaro) * win: fix incompatible-types warning (twosee) * test: fix flaky file watcher test (Ben Noordhuis) * build: fix AIX xlc autotools build (V-for-Vasili) * unix,win: fix UV_RUN_ONCE + uv_idle_stop loop hang (Ben Noordhuis) * win: fix unexpected ECONNRESET error on TCP socket (twosee) * doc: make sample cross-platform build (gengjiawen) * test: separate some static variables by test cases (Hannah Shi) * sunos: fs-event callback can be called after uv_close() (Andy Fiddaman) * uv: re-register interest in a file after change (Shuowang (Wayne) Zhang) * uv: register UV_RENAME event for _RFIM_UNLINK (Shuowang (Wayne) Zhang) * uv: register __rfim_event 156 as UV_RENAME (Shuowang (Wayne) Zhang) * doc: remove smartos from supported platforms (Ben Noordhuis) * macos: avoid posix_spawnp() cwd bug (Jameson Nash) * release: check versions of autogen scripts are newer (Jameson Nash) * test: rewrite embed test (Ben Noordhuis) * openbsd: use utimensat instead of lutimes (tuftedocelot) * doc: fix link to uvwget example main() function (blogdaren) * unix: use MSG_CMSG_CLOEXEC where supported (Ben Noordhuis) * test: remove disabled callback_order test (Ben Noordhuis) * win,pipe: fix bugs with pipe resource lifetime management (Jameson Nash) * loop: better align order-of-events behavior between platforms (Jameson Nash) * aix,test: uv_backend_fd is not supported by poll (V-for-Vasili) * kqueue: skip EVFILT_PROC when invalidating fds (chucksilvers) * darwin: fix atomic-ops.h ppc64 build (Sergey Fedorov) * zos: don't err when killing a zombie process (Shuowang (Wayne) Zhang) * zos: avoid fs event callbacks after uv_close() (Shuowang (Wayne) Zhang) * zos: correctly format interface addresses names (Shuowang (Wayne) Zhang) * zos: add uv_interface_addresses() netmask support (Shuowang (Wayne) Zhang) * zos: improve memory management of ip addresses (Shuowang (Wayne) Zhang) * tcp,pipe: fail `bind` or `listen` after `close` (theanarkh) * zos: implement uv_available_parallelism() (Shuowang (Wayne) Zhang) * udp,win: fix UDP compiler warning (Jameson Nash) * zos: fix early exit of epoll_wait() (Shuowang (Wayne) Zhang) * unix,tcp: fix errno handling in uv__tcp_bind() (Samuel Cabrero) * shutdown,unix: reduce code duplication (Jameson Nash) * unix: fix c99 comments (Ben Noordhuis) * unix: retry tcgetattr/tcsetattr() on EINTR (Ben Noordhuis) * docs: update introduction.rst (Ikko Ashimine) * unix,stream: optimize uv_shutdown() codepath (Jameson Nash) * zos: delay signal handling until after normal i/o (Shuowang (Wayne) Zhang) * stream: uv__drain() always needs to stop POLLOUT (Jameson Nash) * unix,tcp: allow EINVAL errno from setsockopt in uv_tcp_close_reset() (Stacey Marshall) * win,shutdown: improve how shutdown is dispatched (Jameson Nash) Version 1.44.1 * process: simplify uv__write_int calls (Jameson Nash) * macos: don't use thread-unsafe strtok() (Ben Noordhuis) * process: fix hang after NOTE_EXIT (Jameson Nash) Version 1.44.0 * darwin: remove EPROTOTYPE error workaround (Ben Noordhuis) * doc: fix v1.43.0 changelog entries (cjihrig) * win: replace CRITICAL_SECTION+Semaphore with SRWLock (David Machaj) * darwin: translate EPROTOTYPE to ECONNRESET (Ben Noordhuis) * android: use libc getifaddrs() (Ben Noordhuis) * unix: fix STATIC_ASSERT to check what it means to check (Jessica Clarke) * unix: ensure struct msghdr is zeroed in recvmmsg (Ondřej Surý) * test: test with maximum recvmmsg buffer (Ondřej Surý) * unix: don't allow too small thread stack size (Ben Noordhuis) * bsd: ensure mutex is initialized (Ben Noordhuis) * doc: add gengjiawen as maintainer (gengjiawen) * process: monitor for exit with kqueue on BSDs (Jeremy Rose) * test: fix flaky uv_fs_lutime test (Momtchil Momtchev) * build: fix cmake install locations (Jameson Nash) * thread,win: fix C90 style nit (ssrlive) * build: rename CFLAGS to AM_CFLAGS (Jameson Nash) * doc/guide: update content and sample code (woclass) * process,bsd: handle kevent NOTE_EXIT failure (Jameson Nash) * test: remove flaky test ipc_closed_handle (Ben Noordhuis) * darwin: bump minimum supported version to 10.15 (Ben Noordhuis) * win: return fractional seconds in uv_uptime() (Luca Adrian L) * build: export uv_a for cmake (WenTao Ou) * loop: add pending work to loop-alive check (Jameson Nash) * win: use GetTickCount64 for uptime again (Jameson Nash) * win: restrict system DLL load paths (jonilaitinen) * win,errors: remap ERROR_ACCESS_DENIED to UV_EACCES (Darshan Sen) * bench: add `uv_queue_work` ping-pong measurement (Momtchil Momtchev) * build: fix error C4146 on MSVC (UMU) * test: fix benchmark-ping-udp (Ryan Liptak) * win,fs: consider broken pipe error a normal EOF (Momtchil Momtchev) * document the values of enum uv_stdio_flags (Paul Evans) * win,loop: add missing uv_update_time (twosee) * win,fs: avoid closing an invalid handle (Jameson Nash) * fix oopsie from * doc: clarify android api level (Ben Noordhuis) * win: fix style nits [NFC] (Jameson Nash) * test: fix flaky udp_mmsg test (Santiago Gimeno) * test: fix ipc_send_recv_pipe flakiness (Ben Noordhuis) * doc: checkout -> check out (wyckster) * core: change uv_get_password uid/gid to unsigned (Jameson Nash) * hurd: unbreak build on GNU/Hurd (Vittore F. Scolari) * freebsd: use copy_file_range() in uv_fs_sendfile() (David Carlier) * test: use closefd in runner-unix.c (Guilherme Íscaro) * Reland "macos: use posix_spawn instead of fork" (Jameson Nash) * android: fix build error when no ifaddrs.h (ssrlive) * unix,win: add uv_available_parallelism() (Ben Noordhuis) * process: remove OpenBSD from kevent list (Jameson Nash) * zos: fix build breakage (Ben Noordhuis) * process: only use F_DUPFD_CLOEXEC if it is defined (Jameson Nash) * win,poll: add the MSAFD GUID for AF_UNIX (roflcopter4) * unix: simplify uv__cloexec_fcntl() (Ben Noordhuis) * doc: add secondary GPG ID for vtjnash (Jameson Nash) * unix: remove uv__cloexec_ioctl() (Jameson Nash) Version 1.43.0 * run test named ip6_sin6_len (Jameson Nash) * docs: fix wrong information about scheduling (Mohamed Edrah) * unix: protect fork in uv_spawn from signals (Jameson Nash) * drop only successfully sent packets post sendmmsg (Supragya Raj) * test: fix typo in test-tty-escape-sequence-processing.c (Ikko Ashimine) * cmake: use standard installation layout always (Sylvain Corlay) * win,spawn: allow UNC path with forward slash (earnal) * win,fsevent: fix uv_fs_event_stop() assert (Ben Noordhuis) * unix: remove redundant include in unix.h (Juan José Arboleda) * doc: mark SmartOS as Tier 3 support (Ben Noordhuis) * doc: fix broken links for netbsd's sysctl manpage (YAKSH BARIYA) * misc: adjust stalebot deadline (Ben Noordhuis) * test: remove `dns-server.c` as it is not used anywhere (Darshan Sen) * build: fix non-cmake android builds (YAKSH BARIYA) * doc: replace pyuv with uvloop (Ofek Lev) * asan: fix some tests (Jameson Nash) * build: add experimental TSAN configuration (Jameson Nash) * pipe: remove useless assertion (~locpyl-tidnyd) * bsd: destroy mutex in uv__process_title_cleanup() (Darshan Sen) * build: add windows build to CI (Darshan Sen) * win,fs: fix error code in uv_fs_read() and uv_fs_write() (Darshan Sen) * build: add macos-latest to ci matrix (Ben Noordhuis) * udp: fix &/&& typo in macro condition (Evan Miller) * build: install cmake package module (Petr Menšík) * win: fix build for mingw32 (Nicolas Noble) * build: fix build failures with MinGW new headers (erw7) * build: fix win build with cmake versions before v3.14 (AJ Heller) * unix: support aarch64 in uv_cpu_info() (Juan José Arboleda) * linux: work around CIFS EPERM bug (Ben Noordhuis) * sunos: Oracle Developer Studio support (Stacey Marshall) * Revert "sunos: Oracle Developer Studio support (cjihrig) * sunos: Oracle Developer Studio support (Stacey Marshall) * stream: permit read after seeing EOF (Jameson Nash) * thread: initialize uv_thread_self for all threads (Jameson Nash) * kqueue: ignore write-end closed notifications (Jameson Nash) * macos: fix the cfdata length in uv__get_cpu_speed (Jesper Storm Bache) * unix,win: add uv_ip_name to get name from sockaddr (Campbell He) * win,test: fix a few typos (AJ Heller) * zos: use destructor for uv__threadpool_cleanup() (Wayne Zhang) * linux: use MemAvailable instead of MemFree (Andrey Hohutkin) * freebsd: call dlerror() only if necessary (Jameson Nash) * bsd,windows,zos: fix udp disconnect EINVAL (deal) Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
a8e3499f78 |
libpipeline: Update to version 1.5.7
- Update from 1.5.6 to 1.5.7
- Update of rootfile
- Changelog
Version: 1.5.7
* lib/Makefile.am (libpipeline_la_LDFLAGS): Bump -version-info to 6:7:5.
Make socketpair configure tests compatible with C23
K&R-style zero-argument function definitions will no longer be
permitted.
* m4/pipeline-socketpair.m4 (PIPELINE_SOCKETPAIR_PIPE,
PIPELINE_SOCKETPAIR_MODE): Use `int main(void)`, not `int main()`.
* NEWS.md: Document this.
Update pre-commit hooks
* .pre-commit-config.yaml (pre-commit-hooks): Update to v4.3.0.
(clang-format): Update to v14.0.6.
Update manual page date
* man/libpipeline.3 (.Dd): Update to the date of the last substantial
modification. Leaving this as 2010 suggested more antiquity than we
need to suggest.
Update home page URL
* README.md: Use `https://libpipeline.gitlab.io/libpipeline/`.
* lib/libpipeline.pc.in (URL): Likewise.
web: Update last release
* web/index.html: Update to 1.5.6.
web: Fix last-modified date generation
* .gitlab-ci.yml: Replace `@DATE@` with the current date in
`public/index.html`.
* web/index.html: Use `@DATE@` template.
web: Assorted URL updates
* web/index.html: Update Git URLs to GitLab. Chase various redirects
and/or switch to HTTPS. Remove old Savannah link.
Add GitLab Pages site
* .gitlab-ci.yml (stages): Add deploy.
(pages): New job.
* web/index.html, web/libpipeline-lightning-talk.odp, web/standard.css,
web/white.css: New files.
Transferred Git repository to new group
* README.md: Change GitLab URL to
https://gitlab.com/libpipeline/libpipeline.
* NEWS.md: Document this.
Add notes to libpipeline(3) of when functions were added
* man/libpipeline.3 (DESCRIPTION, ENVIRONMENT): Add various "Added in"
notes.
* NEWS.md: Document this.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
b830e457e7 |
libassuan: Update to version 2.5.5
- Update from 2.5.4 to 2.5.5
- Update of rootfile
- Changelog
Release 2.5.5.
Support Unicode when starting servers on Windows.
* src/assuan-socket.c (utf8_to_wchar): Rename to
(_assuan_utf8_to_wchar): this and give global scope.
* src/system-w32.c (__assuan_spawn): Use CreateProcessW.
m4: Update with newer autoconf constructs.
* src/libassuan.m4: Replace AC_HELP_STRING to AS_HELP_STRING.
build: Update to newer autoconf constructs.
* configure.ac: Use AC_CONFIG_HEADERS instead of AM_CONFIG_HEADER.
Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
Use AS_HELP_STRING instead of AC_HELP_STRING.
(AC_TYPE_SIGNAL): Remove.
(AC_DECL_SYS_SIGLIST): Remove.
* m4/Makefile.am (EXTRA_DIST): Update.
* m4/gnupg-pth.m4: Remove.
* m4/onceonly.m4: Remove.
* m4/socklen.m4: Update from gnulib.
* m4/libtool.m4: Update from libgpg-error.
* m4/gpg-error.m4: Update from libgpg-error.
Fix crash when logging.
* src/assuan-logging.c (_assuan_log_control_channel): Use gpgrt_malloc.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
f86ae7d1a6 |
gdb: Patch for building with readline-8.2
- Patch required for successful building with readline-8.2 In readline 8.2 the type of rl_completer_word_break_characters changed to include const. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
1ad5a01388 |
readline: Update to version 8.2 plus patch 1
- Update from version 8.1 to 8.2 plus patch 1
- Update of rootfile
- Changelog
version 8.2
There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times out.
There is a new state value to indicate a timeout. There is a new option:
`enable-active-region'. This separates control of the active region and
bracketed-paste. It has the same default value as bracketed-paste, and
enabling bracketed paste enables the active region. Users can now turn off
the active region while leaving bracketed paste enabled. Two new bindable
string variables are available; their values are terminal escape sequences
that set the color used to display the active region and turn it off,
respectively. If set, these are used in place of terminal standout mode.
Finally, Readline now checks for changes to locale settings
(LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate
locale-specific display and key binding variables when the locale changes.
There are a few bug fixes in the redisplay code when restoring the prompt
after a digit-argument prompt or incremental search back to a prompt that
contains invisible multibyte characters. There are more checks for read
errors, especially in the middle of readline commands; previous versions
could loop or return incorrect data. Full details are below.
GNU Readline is a library which provides programs with an input
facility including command-line editing and history. Editing
commands similar to both emacs and vi are included. The GNU
History library, which provides facilities for managing a list of
previously-typed command lines and an interactive command line
recall facility similar to that provided by csh, is also present.
The history library is built as part of the readline as well as
separately.
1. Changes to Readline
a. Fixed a problem with cleaning up active marks when using callback mode.
b. Fixed a problem with arithmetic comparison operators checking the version.
c. Fixed a problem that could cause readline not to build on systems without
POSIX signal functions.
d. Fixed a bug that could cause readline to crash if the application removed
the callback line handler before readline read all typeahead.
e. Added additional checks for read errors in the middle of readline commands.
f. Fixed a redisplay problem that occurred when switching from the digit-
argument prompt `(arg: N)' back to the regular prompt and the regular
prompt contained invisible characters.
g. Fixed a problem with restoring the prompt when aborting an incremental
search.
h. Fix a problem with characters > 128 not being displayed correctly in certain
single-byte encodings.
i. Fixed a problem with unix-filename-rubout that caused it to delete too much
when applied to a pathname consisting only of one or more slashes.
j. Fixed a display problem that caused the prompt to be wrapped incorrectly if
the screen changed dimensions during a call to readline() and the prompt
became longer than the screen width.
k. Fixed a problem that caused the \r output by turning off bracketed paste
to overwrite the line if terminal echo was disabled.
l. Fixed a bug that could cause colored-completion-prefix to not display if
completion-prefix-display-length was set.
m. Fixed a problem with line wrapping prompts when a group of invisible
characters runs to the right edge of the screen and the prompt extends
longer then the screen width.
n. Fixed a couple problems that could cause rl_end to be set incorrectly by
transpose-words.
o. Prevent some display problems when running a command as the result of a
trap or one bound using `bind -x' and the command generates output.
p. Fixed an issue with multi-line prompt strings that have one or more
invisible characters at the end of a physical line.
q. Fixed an issue that caused a history line's undo list to be cleared when
it should not have been.
r. When replacing a history entry, make sure the existing entry has a non-NULL
timestamp before copying it; it may have been added by the application, not
the history library.
2. New Features in Readline
a. There is now an HS_HISTORY_VERSION containing the version number of the
history library for applications to use.
b. History expansion better understands multiple history expansions that may
contain strings that would ordinarily inhibit history expansion (e.g.,
`abc!$!$').
c. There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times
out. There is a new state value to indicate a timeout.
d. Automatically bind termcap key sequences for page-up and page-down to
history-search-backward and history-search-forward, respectively.
e. There is a new `fetch-history' bindable command that retrieves the history
entry corresponding to its numeric argument. Negative arguments count back
from the end of the history.
f. `vi-undo' is now a bindable command.
g. There is a new option: `enable-active-region'. This separates control of
the active region and bracketed-paste. It has the same default value as
bracketed-paste, and enabling bracketed paste enables the active region.
Users can now turn off the active region while leaving bracketed paste
enabled.
h. rl_completer_word_break_characters is now `const char *' like
rl_basic_word_break_characters.
i. Readline looks in $LS_COLORS for a custom filename extension
(*.readline-colored-completion-prefix) and uses that as the default color
for the common prefix displayed when `colored-completion-prefix' is set.
j. Two new bindable string variables: active-region-start-color and
active-region-end-color. The first sets the color used to display the
active region; the second turns it off. If set, these are used in place
of terminal standout mode.
k. New readline state (RL_STATE_EOF) and application-visible variable
(rl_eof_found) to allow applications to detect when readline reads EOF
before calling the deprep-terminal hook.
l. There is a new configuration option: --with-shared-termcap-library, which
forces linking the shared readline library with the shared termcap (or
curses/ncurses/termlib) library so applications don't have to do it.
m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG)
each time it is called, and modifies the appropriate locale-specific display
and key binding variables when the locale changes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
5be71d2a6e |
bash: Update to version 5.2 plus patches 1 to 9
- Update from version 5.1.16 to version 5.2 plus patches 1 to 9
- Update of rootfile
- Changelog
This is a terse description of the new features added to bash-5.2 since
the release of bash-5.1. As always, the manual page (doc/bash.1) is
the place to look for complete descriptions.
1. New Features in Bash
a. The bash malloc returns memory that is aligned on 16-byte boundaries.
b. There is a new internal timer framework used for read builtin timeouts.
c. Rewrote the command substitution parsing code to call the parser recursively
and rebuild the command string from the parsed command. This allows better
syntax checking and catches errors much earlier. Along with this, if
command substitution parsing completes with here-documents remaining to be
read, the shell prints a warning message and reads the here-document bodies
from the current input stream.
d. The `ulimit' builtin now treats an operand remaining after all of the options
and arguments are parsed as an argument to the last command specified by
an option. This is for POSIX compatibility.
e. Here-document parsing now handles $'...' and $"..." quoting when reading the
here-document body.
f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline
commands now understand $'...' and $"..." quoting.
g. There is a new `spell-correct-word' bindable readline command to perform
spelling correction on the current word.
h. The `unset' builtin now attempts to treat arguments as array subscripts
without parsing or expanding the subscript, even when `assoc_expand_once'
is not set.
i. There is a default value for $BASH_LOADABLES_PATH in config-top.h.
j. Associative array assignment and certain instances of referencing (e.g.,
`test -v' now allow `@' and `*' to be used as keys.
k. Bash attempts to expand indexed array subscripts only once when executing
shell constructs and word expansions.
l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with
that value for associative arrays instead of unsetting the entire array
(which you can still do with `unset arrayname'). For indexed arrays, it
removes all elements of the array without unsetting it (like `A=()').
m. Additional builtins (printf/test/read/wait) do a better job of not
parsing array subscripts if array_expand_once is set.
n. New READLINE_ARGUMENT variable set to numeric argument for readline commands
defined using `bind -x'.
o. The new `varredir_close' shell option causes bash to automatically close
file descriptors opened with {var}<fn and other styles of varassign
redirection unless they're arguments to the `exec' builtin.
p. The `$0' special parameter is now set to the name of the script when running
any (non-interactive) startup files such as $BASH_ENV.
q. The `enable' builtin tries to load a loadable builtin using the default
search path if `enable name' (without any options) attempts to enable a
non-existent builtin.
r. The `printf' builtin has a new format specifier: %Q. This acts like %q but
applies any specified precision to the original unquoted argument, then
quotes and outputs the result.
s. The new `noexpand_translations' option controls whether or not the translated
output of $"..." is single-quoted.
t. There is a new parameter transformation operator: @k. This is like @K, but
expands the result to separate words after word splitting.
u. There is an alternate array implementation, selectable at `configure' time,
that optimizes access speed over memory use (use the new configure
--enable-alt-array-implementation option).
v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty
string, treat the redirection as [N]<&- or [N]>&- and close file descriptor
N (default 0).
w. Invalid parameter transformation operators are now invalid word expansions,
and so cause fatal errors in non-interactive shells.
x. New shell option: patsub_replacement. When enabled, a `&' in the replacement
string of the pattern substitution expansion is replaced by the portion of
the string that matched the pattern. Backslash will escape the `&' and
insert a literal `&'.
y. `command -p' no longer looks in the hash table for the specified command.
z. The new `--enable-translatable-strings' option to `configure' allows $"..."
support to be compiled in or out.
aa. The new `globskipdots' shell option forces pathname expansion never to
return `.' or `..' unless explicitly matched. It is enabled by default.
bb. Array references using `@' and `*' that are the value of nameref variables
(declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if
set -u is enabled and the array (v) is unset.
cc. There is a new bindable readline command name:
`vi-edit-and-execute-command'.
dd. In posix mode, the `printf' builtin checks for the `L' length modifier and
uses long double for floating point conversion specifiers if it's present,
double otherwise.
ee. The `globbing' completion code now takes the `globstar' option into account.
ff. `suspend -f' now forces the shell to suspend even if job control is not
currently enabled.
gg. Since there is no `declare -' equivalent of `local -', make sure to use
`local -' in the output of `local -p'.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
f7e5582a56 |
sqlite: Update to version 3400000
- Update from version 3390200 to 3400000 - Update of rootfile not required - Changelog version 3.40.0 On 2022-11-16 Add support for compiling SQLite to WASM and running it in web browsers. NB: The WASM build and its interfaces are considered "beta" and are subject to minor changes if the need arises. We anticipate finalizing the interface for the next release. Add the recovery extension that might be able to recover some content from a corrupt database file. Query planner enhancements: Recognize covering indexes on tables with more than 63 columns where columns beyond the 63rd column are used in the query and/or are referenced by the index. Extract the values of expressions contained within expression indexes where practical, rather than recomputing the expression. The NOT NULL and IS NULL operators (and their equivalents) avoid loading the content of large strings and BLOB values from disk. Avoid materializing a view on which a full scan is performed exactly once. Use and discard the rows of the view as they are computed. Allow flattening of a subquery that is the right-hand operand of a LEFT JOIN in an aggregate query. A new typedef named sqlite3_filename is added and used to represent the name of a database file. Various interfaces are modified to use the new typedef instead of "char*". This interface change should be fully backwards compatible, though it might cause (harmless) compiler warnings when rebuilding some legacy applications. Add the sqlite3_value_encoding() interface. Security enhancement: SQLITE_DBCONFIG_DEFENSIVE is augmented to prohibit changing the schema_version. The schema_version becomes read-only in defensive mode. Enhancements to the PRAGMA integrity_check statement: Columns in non-STRICT tables with TEXT affinity should not contain numeric values. Columns in non-STRICT tables with NUMERIC affinity should not contain TEXT values that could be converted into numbers. Verify that the rows of a WITHOUT ROWID table are in the correct order. Enhance the VACUUM INTO statement so that it honors the PRAGMA synchronous setting. Enhance the sqlite3_strglob() and sqlite3_strlike() APIs so that they are able to accept NULL pointers for their string parameters and still generate a sensible result. Provide the new SQLITE_MAX_ALLOCATION_SIZE compile-time option for limiting the size of memory allocations. Change the algorithm used by SQLite's built-in pseudo-random number generator (PRNG) from RC4 to Chacha20. Allow two or more indexes to have the same name as long as they are all in separate schemas. Miscellaneous performance optimizations result in about 1% fewer CPU cycles used on typical workloads. version 3.39.3 (2022-09-05): Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. See forum thread 9b9e4716c0d7bbd1. Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are deprecated and documented as not being threadsafe. See forum post 719a11e1314d1c70. Other bug and warning fixes. See the timeline for details. version 3.39.4 (2022-09-29): Fix the build on Windows so that it works with -DSQLITE_OMIT_AUTOINIT Fix a long-standing problem in the btree balancer that might, in rare cases, cause database corruption if the application uses an application-defined page cache. Enhance SQLITE_DBCONFIG_DEFENSIVE so that it disallows CREATE TRIGGER statements if one or more of the statements in the body of the trigger write into shadow tables. Fix a possible integer overflow in the size computation for a memory allocation in FTS3. Fix a misuse of the sqlite3_set_auxdata() interface in the ICU Extension. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
f30206c39a |
openssl: Update to version 1.1.1s
- Update from version 1.1.1q to 1.1.1s
- Update of rootfile
- Changelog
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
*) Added the loongarch64 target
*) Fixed a DRBG seed propagation thread safety issue
*) Fixed a memory leak in tls13_generate_secret
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
*) Added a missing header for memcmp that caused compilation failure on some
platforms
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
f299e312fa |
dehydrated: Update to version 0.7.1
- Update from version 0.7.0 to 0.7.1
- Update of rootfile not required
- Changelog
## [0.7.1] - 2022-10-31
## Changed
- `--force` no longer forces domain name revalidation by default, a new argument `--force-validation` has been added for that
- Added support for EC secp521r1 algorithm (works with e.g. zerossl)
- `EC PARAMETERS` are no longer written to privkey.pem (didn't seem necessary and was causing issues with various software)
## Fixed
- Requests resulting in `badNonce` errors are now automatically retried (fixes operation with LE staging servers)
- Deprecated `egrep` usage has been removed
## Added
- Implemented EC for account keys
- Domain list now also read from domains.txt.d subdirectory (behaviour might change, see docs)
- Implemented RFC 8738 (validating/signing certificates for IP addresses instead of domain names) support (this will not work with most public CAs, if any!)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
bea1d4aef1 |
libnetfilter_conntrack: Update to version 1.0.9
- Update from version 1.0.8 to 1.0.9
- Update of rootfile
- Changelog
1.0.9
This release comes with the new nfct_nlmsg_build_filter() function that
allows to add metadata for kernel-side filtering of conntrack entries
during conntrack table dump.
The nfct_query() API supports the new NFCT_Q_FLUSH_FILTER argument,
it allows to flush only ipv4 or ipv6 entries from the connection
tracking table.
nfct_snprint family of functions have been updated.
SCTP conntrack entries now support 'heartbeat sent/acked' state.
Entries offloaded to hardware include '[HW_OFFLOAD]' in the formatted
output string.
Notable bugs fixed with this release include:
Fix buffer overflows and out-of-bounds accesses in the
nfct_snprintf() functions.
nfct_nlmsg_build() did not work for ICMP flows unless all ICMP attributes
were set in the reply tuple too, this affected the 'conntrack' tool
where updates (e.g. setting the conntrack mark to a different value)
of ICMP flows would not work.
- Detailed Changes
src: Handle negative snprintf return values properly
src: Fix nfexp_snprintf return value docs
conntrack: Replace strncpy with snprintf to improve null byte handling
conntrack: Fix incorrect snprintf size calculation
include: Add ARRAY_SIZE() macro
conntrack: Fix buffer overflow on invalid icmp type in setters
conntrack: Move icmp request>reply type mapping to common file
conntrack: Fix buffer overflow in protocol related snprintf functions
conntrack: Fix buffer overflows in __snprintf_protoinfo* like in *2str fns
examples: check return value of nfct_nlmsg_build()
libnetfilter_conntrack.pc.in: add LIBMNL_LIBS to Libs.Private
conntrack: dccp print function should use dccp state
conntrack: sctp: update states
include: add CTA_STATS_CLASH_RESOLVE
include: sync uapi header with nf-next
src: add support for status dump filter
include: add CTA_STATS_CHAIN_TOOLONG from linux 5.15 uapi
libnetfilter_conntrack: bump version to 1.0.9
build: use the right automake variables
Update .gitignore
build: update obsolete autoconf macros
conntrack: fix invmap_icmpv6 entries
conntrack: Don't use ICMP attrs in decision to build repl tuple
src: add IPS_HW_OFFLOAD flag
conntrack: add flush filter command
build: missing internal/proto.h in Makefile.am
conntrack: add nfct_nlmsg_build_filter() helper
conntrack: don't cancel nest on unknown layer 4 protocols
tests: Fix for missing qa-connlabel.conf in tarball
tests: Add simple tests to TESTS variable
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
b685b5e7e9 |
conntrack-tools: Update to version 1.4.7
- Update from 1.4.6 to 1.4.7
- Update of rootfile not required
- Requires update fo libnetfilter_conntrack from 1.0.8 to 1.0.9
- Changelog
conntrack-tools 1.4.7
This release contains new features:
* IPS_HW_OFFLOAD flag specifies that a conntrack entry has been
offloaded into the hardware
* 'clash_resolve' and 'chaintoolong' stats counters
* Default to unspec family if '-f' flag is absent to improve support for
dual-stack setups
* Support filtering events by IP address family
* Support flushing per IP address family
* Add "save" output format representing data in conntrack parameters
* Support loading conntrack commands from a batch file, e.g. generated
by "save" output format
* Annotate portid in events by the program name (if found)
* Accept yes/no as synonyms to on/off in conntrackd.conf
* Support user space helper auto-loading upon daemon startup, relieving
users from manual 'nfct add helper' calls
* Filter dumps by status on kernel side if possible
* Accept to filter for any status other than SEEN_REPLY using
'UNREPLIED'
* Use libmnl internally
* Reuse netlink socket for improved performance with bulk CT entry loads
* Remove '-o userspace' flag and always tag user space triggered events
* Introduce '-A' command, a variant of '-I' which does not fail if the
entry exists already
... and fixes:
* ICMP entry creation would fail when reply data was specified
* Sync zone value also
* Log external inject problems as warning only
* Endianness bug parsing IP addresses
* Ignore conntrack ID when looking up cache entries to allow for stuck
old ones to be replaced eventually
* Broken parsing of IPv6 M-SEARCH requests in ssdp cthelper
* Eliminate the need for lazy binding in nfct
* Fix for use of unknown protocol values
* Sanitize protocol value parsing, catch illegal values
* Ensure unknown protocol values are included in '-o save' dumps
... and documentation updates:
* Fixed examples in manual
* Refer to nf_conntrack sysctl instead of the deprecated ip_conntrack
one
* Misc updates to the manual
* Add an older example script creating an active-active setup using the
cluster match
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Peter Müller
|
1c609e13de |
linux-firmware: Update to 20221109
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
bad01e1257 |
intel-microcode: Update to 20221108
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Matthias Fischer
|
ae45b1217a |
bind: Update to 9.16.35
For details for 9.16.35 and 9.16.34 (we skipped the last) see: https://downloads.isc.org/isc/bind9/9.16.35/doc/arm/html/notes.html#notes-for-bind-9-16-35 "Notes for BIND 9.16.35 Bug Fixes A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. [GL #3591] In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. This has been fixed. [GL #3598] rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. This has been fixed. [GL #3247] Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. This has been fixed. [GL #2895] The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. This has been fixed. [GL #3584] Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. This has been fixed. [GL #3563] When a DNS resource record’s TTL value was equal to the resolver’s configured prefetch “eligibility” value, the record was erroneously not treated as eligible for prefetching. This has been fixed. [GL #3603] ... Notes for BIND 9.16.34 Bug Fixes Changing just the TSIG key names for primaries in catalog zones’ member zones was not effective. This has been fixed. [GL #3557]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
35494eac83 |
OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096
Initial patch: https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=2ccc799f8bd6a12c3edab5f1a89fab4d2cd05ea8 Minor adjustments to make it apply to the current state of "next", and removal of chown operation in OpenSSL's LFS file, which would have lead to the Diffie-Hellman group file being writable by nobody, for which there is no necessity. Fixes: #12632 From: Erik Kapfer <erik.kapfer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Matthias Fischer
|
c899c04b11 |
clamav 0.105.1: New package to resolve several CVEs
For details see: https://blog.clamav.net/2022/10/new-packages-for-clamav-01037-01044.html Fixes: "CVE-2022-37434 - A critical severity vulnerability in the zlib library. CVE-2022-40303 - A high severity vulnerability in the libxml2 library. Note: As of writing, the details of this CVE are not published. However, you can find additional details on other sites. CVE-2022-40304 - A high severity vulnerability in the libxml2 library. Note: As of writing, the details of this CVE are not published. However, you can find additional details on other sites." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> |
||
|
Peter Müller
|
e87bc0b456 |
Postfix: Update to 3.7.3
This is an urgent bugfix release, see https://www.postfix.org/announcements/postfix-3.7.3.html for its announcement. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Arne Fitzenreiter
|
ad73008393 |
memtest: update to memtest86+ v6.00
This is now a version 64bit version that can also boot via efi. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Peter Müller
|
c8274d4cfa |
configroot: menu.d files do not have to be writable by "nobody"
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
362c5537af |
Ensure /var/ipfire/updatexlrator/updxlrator-lib.pl is not writable by "nobody"
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
3135e76ea1 |
configroot: Ensure connscheduler/lib.pl is not writable by "nobody"
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
a26967c4b7 |
Tor: Update to 0.4.7.11
Please refer to https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes for this versions' release notes. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
f6afaf5625 |
iotop: Modified rootfile with python-3.10.8
- rootfile for iotop is significantly different with python-3.10.8 compared to 3.10.1 Many entries now missing and iotop placed in bin instead of sbin despite source tarball setup.py having a "dirty hack to make sure iotop is installed in sbin instead of bin" - Added lines to lfs to move iotop from /bin to /sbin - Tested iotop out with python-3.10.8 installed vm system and it worked without any problems, the same as the existing version running with python-3.10.1 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
0bae316983 |
python3-flit:Modify lfs to work with python-3.10.8
- The change to python-3.10.8 caused the rootfile to have temp build files from /root/.cache to be included in it. Added commands to remove these temp build files so they were not included to the rootfile. Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
d9a6af2841 |
python3-urllib3:Update to version 1.26.12 and to work with python-3.10.8
- Updated from version 1.26.9 to 1.26.12
- Update of rootfile
- Changelog
1.26.12 (2022-08-22)
* Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module.
Both will be removed in v2.x. See this `GitHub issue <https://github.com/urllib3/urllib3/issues/2680>`_
for justification and info on how to migrate.
1.26.11 (2022-07-25)
* Fixed an issue where reading more than 2 GiB in a call to ``HTTPResponse.read`` would
raise an ``OverflowError`` on Python 3.9 and earlier.
1.26.10 (2022-07-07)
* Removed support for Python 3.5
* Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP
instead of HTTPS could appear even when an HTTPS proxy wasn't configured.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
03446e1efb |
python3-typing_extensions:Update to version 4.4.0 and to work with python-3.10.8
- Updated from version 4.1.1 to 4.4.0
- Update of rootfile
- Changelog
# Release 4.4.0 (October 6, 2022)
- Add `typing_extensions.Any` a backport of python 3.11's Any class which is
subclassable at runtime. (backport from python/cpython#31841, by Shantanu
and Jelle Zijlstra). Patch by James Hilton-Balfe (@Gobot1234).
- Add initial support for TypeVarLike `default` parameter, PEP 696.
Patch by Marc Mueller (@cdce8p).
- Runtime support for PEP 698, adding `typing_extensions.override`. Patch by
Jelle Zijlstra.
- Add the `infer_variance` parameter to `TypeVar`, as specified in PEP 695.
Patch by Jelle Zijlstra.
# Release 4.3.0 (July 1, 2022)
- Add `typing_extensions.NamedTuple`, allowing for generic `NamedTuple`s on
Python <3.11 (backport from python/cpython#92027, by Serhiy Storchaka). Patch
by Alex Waygood (@AlexWaygood).
- Adjust `typing_extensions.TypedDict` to allow for generic `TypedDict`s on
Python <3.11 (backport from python/cpython#27663, by Samodya Abey). Patch by
Alex Waygood (@AlexWaygood).
# Release 4.2.0 (April 17, 2022)
- Re-export `typing.Unpack` and `typing.TypeVarTuple` on Python 3.11.
- Add `ParamSpecArgs` and `ParamSpecKwargs` to `__all__`.
- Improve "accepts only single type" error messages.
- Improve the distributed package. Patch by Marc Mueller (@cdce8p).
- Update `typing_extensions.dataclass_transform` to rename the
`field_descriptors` parameter to `field_specifiers` and accept
arbitrary keyword arguments.
- Add `typing_extensions.get_overloads` and
`typing_extensions.clear_overloads`, and add registry support to
`typing_extensions.overload`. Backport from python/cpython#89263.
- Add `typing_extensions.assert_type`. Backport from bpo-46480.
- Drop support for Python 3.6. Original patch by Adam Turner (@AA-Turner).
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
da165e095a |
python3-trio:Update to version 0.22.0 and to work with python-3.10.8
- Updated from version 0.21.0 to 0.22.0 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
ba9c2b56ac |
python3-sniffio:Update to version 1.3.0 and to work with python-3.10.8
- Updated from version 1.2.0 to 1.3.0 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |