- Update from version 5.1.16 to version 5.2 plus patches 1 to 9
- Update of rootfile
- Changelog
This is a terse description of the new features added to bash-5.2 since
the release of bash-5.1. As always, the manual page (doc/bash.1) is
the place to look for complete descriptions.
1. New Features in Bash
a. The bash malloc returns memory that is aligned on 16-byte boundaries.
b. There is a new internal timer framework used for read builtin timeouts.
c. Rewrote the command substitution parsing code to call the parser recursively
and rebuild the command string from the parsed command. This allows better
syntax checking and catches errors much earlier. Along with this, if
command substitution parsing completes with here-documents remaining to be
read, the shell prints a warning message and reads the here-document bodies
from the current input stream.
d. The `ulimit' builtin now treats an operand remaining after all of the options
and arguments are parsed as an argument to the last command specified by
an option. This is for POSIX compatibility.
e. Here-document parsing now handles $'...' and $"..." quoting when reading the
here-document body.
f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline
commands now understand $'...' and $"..." quoting.
g. There is a new `spell-correct-word' bindable readline command to perform
spelling correction on the current word.
h. The `unset' builtin now attempts to treat arguments as array subscripts
without parsing or expanding the subscript, even when `assoc_expand_once'
is not set.
i. There is a default value for $BASH_LOADABLES_PATH in config-top.h.
j. Associative array assignment and certain instances of referencing (e.g.,
`test -v' now allow `@' and `*' to be used as keys.
k. Bash attempts to expand indexed array subscripts only once when executing
shell constructs and word expansions.
l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with
that value for associative arrays instead of unsetting the entire array
(which you can still do with `unset arrayname'). For indexed arrays, it
removes all elements of the array without unsetting it (like `A=()').
m. Additional builtins (printf/test/read/wait) do a better job of not
parsing array subscripts if array_expand_once is set.
n. New READLINE_ARGUMENT variable set to numeric argument for readline commands
defined using `bind -x'.
o. The new `varredir_close' shell option causes bash to automatically close
file descriptors opened with {var}<fn and other styles of varassign
redirection unless they're arguments to the `exec' builtin.
p. The `$0' special parameter is now set to the name of the script when running
any (non-interactive) startup files such as $BASH_ENV.
q. The `enable' builtin tries to load a loadable builtin using the default
search path if `enable name' (without any options) attempts to enable a
non-existent builtin.
r. The `printf' builtin has a new format specifier: %Q. This acts like %q but
applies any specified precision to the original unquoted argument, then
quotes and outputs the result.
s. The new `noexpand_translations' option controls whether or not the translated
output of $"..." is single-quoted.
t. There is a new parameter transformation operator: @k. This is like @K, but
expands the result to separate words after word splitting.
u. There is an alternate array implementation, selectable at `configure' time,
that optimizes access speed over memory use (use the new configure
--enable-alt-array-implementation option).
v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty
string, treat the redirection as [N]<&- or [N]>&- and close file descriptor
N (default 0).
w. Invalid parameter transformation operators are now invalid word expansions,
and so cause fatal errors in non-interactive shells.
x. New shell option: patsub_replacement. When enabled, a `&' in the replacement
string of the pattern substitution expansion is replaced by the portion of
the string that matched the pattern. Backslash will escape the `&' and
insert a literal `&'.
y. `command -p' no longer looks in the hash table for the specified command.
z. The new `--enable-translatable-strings' option to `configure' allows $"..."
support to be compiled in or out.
aa. The new `globskipdots' shell option forces pathname expansion never to
return `.' or `..' unless explicitly matched. It is enabled by default.
bb. Array references using `@' and `*' that are the value of nameref variables
(declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if
set -u is enabled and the array (v) is unset.
cc. There is a new bindable readline command name:
`vi-edit-and-execute-command'.
dd. In posix mode, the `printf' builtin checks for the `L' length modifier and
uses long double for floating point conversion specifiers if it's present,
double otherwise.
ee. The `globbing' completion code now takes the `globstar' option into account.
ff. `suspend -f' now forces the shell to suspend even if job control is not
currently enabled.
gg. Since there is no `declare -' equivalent of `local -', make sure to use
`local -' in the output of `local -p'.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.1.1q to 1.1.1s
- Update of rootfile
- Changelog
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
*) Added the loongarch64 target
*) Fixed a DRBG seed propagation thread safety issue
*) Fixed a memory leak in tls13_generate_secret
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
*) Added a missing header for memcmp that caused compilation failure on some
platforms
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.0.8 to 1.0.9
- Update of rootfile
- Changelog
1.0.9
This release comes with the new nfct_nlmsg_build_filter() function that
allows to add metadata for kernel-side filtering of conntrack entries
during conntrack table dump.
The nfct_query() API supports the new NFCT_Q_FLUSH_FILTER argument,
it allows to flush only ipv4 or ipv6 entries from the connection
tracking table.
nfct_snprint family of functions have been updated.
SCTP conntrack entries now support 'heartbeat sent/acked' state.
Entries offloaded to hardware include '[HW_OFFLOAD]' in the formatted
output string.
Notable bugs fixed with this release include:
Fix buffer overflows and out-of-bounds accesses in the
nfct_snprintf() functions.
nfct_nlmsg_build() did not work for ICMP flows unless all ICMP attributes
were set in the reply tuple too, this affected the 'conntrack' tool
where updates (e.g. setting the conntrack mark to a different value)
of ICMP flows would not work.
- Detailed Changes
src: Handle negative snprintf return values properly
src: Fix nfexp_snprintf return value docs
conntrack: Replace strncpy with snprintf to improve null byte handling
conntrack: Fix incorrect snprintf size calculation
include: Add ARRAY_SIZE() macro
conntrack: Fix buffer overflow on invalid icmp type in setters
conntrack: Move icmp request>reply type mapping to common file
conntrack: Fix buffer overflow in protocol related snprintf functions
conntrack: Fix buffer overflows in __snprintf_protoinfo* like in *2str fns
examples: check return value of nfct_nlmsg_build()
libnetfilter_conntrack.pc.in: add LIBMNL_LIBS to Libs.Private
conntrack: dccp print function should use dccp state
conntrack: sctp: update states
include: add CTA_STATS_CLASH_RESOLVE
include: sync uapi header with nf-next
src: add support for status dump filter
include: add CTA_STATS_CHAIN_TOOLONG from linux 5.15 uapi
libnetfilter_conntrack: bump version to 1.0.9
build: use the right automake variables
Update .gitignore
build: update obsolete autoconf macros
conntrack: fix invmap_icmpv6 entries
conntrack: Don't use ICMP attrs in decision to build repl tuple
src: add IPS_HW_OFFLOAD flag
conntrack: add flush filter command
build: missing internal/proto.h in Makefile.am
conntrack: add nfct_nlmsg_build_filter() helper
conntrack: don't cancel nest on unknown layer 4 protocols
tests: Fix for missing qa-connlabel.conf in tarball
tests: Add simple tests to TESTS variable
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
For details for 9.16.35 and 9.16.34 (we skipped the last) see:
https://downloads.isc.org/isc/bind9/9.16.35/doc/arm/html/notes.html#notes-for-bind-9-16-35
"Notes for BIND 9.16.35
Bug Fixes
A crash was fixed that happened when a dnssec-policy zone that used
NSEC3 was reconfigured to enable inline-signing. [GL #3591]
In certain resolution scenarios, quotas could be erroneously reached
for servers, including any configured forwarders, resulting in SERVFAIL
answers being sent to clients. This has been fixed. [GL #3598]
rpz-ip rules in response-policy zones could be ineffective in some
cases if a query had the CD (Checking Disabled) bit set to 1. This has
been fixed. [GL #3247]
Previously, if Internet connectivity issues were experienced during the
initial startup of named, a BIND resolver with dnssec-validation set to
auto could enter into a state where it would not recover without
stopping named, manually deleting the managed-keys.bind and
managed-keys.bind.jnl files, and starting named again. This has been
fixed. [GL #2895]
The statistics counter representing the current number of clients
awaiting recursive resolution results (RecursClients) could overflow in
certain resolution scenarios. This has been fixed. [GL #3584]
Previously, BIND failed to start on Solaris-based systems with hundreds
of CPUs. This has been fixed. [GL #3563]
When a DNS resource record’s TTL value was equal to the resolver’s
configured prefetch “eligibility” value, the record was erroneously not
treated as eligible for prefetching. This has been fixed. [GL #3603]
...
Notes for BIND 9.16.34
Bug Fixes
Changing just the TSIG key names for primaries in catalog zones’ member
zones was not effective. This has been fixed. [GL #3557]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Updated from version 0.15.1 to 0.15.2
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.15.1 to 0.15.2
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.15.1 to 0.15.2
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 1.0.2 to 1.1.0
- Update of rootfile
- Changelog found in source tarball stops at version 1.0.1 No changelog found elsewhere
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.13.0 to 0.15.5
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.13.0 to 0.15.5
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.8.7 to 0.12.2
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.8.7 to 0.12.2
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Install of version 0.1.51
- Definition of rootfile
- Creation of metadata patch to eliminate windows options
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.4.19 to 0.4.22
- Update of rootfile
- Update of metadata patch as more windows related entries in Cargo.toml to be excluded
- Changelog
## 0.4.22
* Allow wasmbindgen to be optional on `wasm32-unknown-unknown` target [(#771)](https://github.com/chronotope/chrono/pull/771)
* Fix compile error for `x86_64-fortanix-unknown-sgx` [(#767)](https://github.com/chronotope/chrono/pull/767)
* Update `iana-time-zone` version to 1.44 [(#773)](https://github.com/chronotope/chrono/pull/773)
## 0.4.21
* Fall back to UTC timezone in cases where no timezone is found [(#756)](https://github.com/chronotope/chrono/pull/756)
* Correctly detect timezone on Android [(#756)](https://github.com/chronotope/chrono/pull/756)
* Improve documentation for strftime `%Y` specifier [(#760)](https://github.com/chronotope/chrono/pull/760)
## 0.4.20
* Add more formatting documentation and examples.
* Add support for microseconds timestamps serde serialization/deserialization (#304)
* Fix `DurationRound` is not TZ aware (#495)
* Implement `DurationRound` for `NaiveDateTime`
* Implement `std::iter::Sum` for `Duration`
* Add `DateTime::from_local()` to construct from given local date and time (#572)
* Add a function that calculates the number of years elapsed between now and a given `Date` or `DateTime` (#557)
* Correct build for wasm32-unknown-emscripten target (#568)
* Change `Local::now()` and `Utc::now()` documentation from "current date" to "current date and time" (#647)
* Fix `duration_round` panic on rounding by `Duration::zero()` (#658)
* Add optional rkyv support.
* Add support for microseconds timestamps serde serialization for `NaiveDateTime`.
* Add support for optional timestamps serde serialization for `NaiveDateTime`.
* Fix build for wasm32-unknown-emscripten (@yu-re-ka #593)
* Make `ParseErrorKind` public and available through `ParseError::kind()` (#588)
* Implement `DoubleEndedIterator` for `NaiveDateDaysIterator` and `NaiveDateWeeksIterator`
* Fix panicking when parsing a `DateTime` (@botahamec)
* Add support for getting week bounds based on a specific `NaiveDate` and a `Weekday` (#666)
* Remove libc dependency from Cargo.toml.
* Add the `and_local_timezone` method to `NaiveDateTime`
* Fix the behavior of `Duration::abs()` for negative durations with non-zero nanos
* Add compatibility with rfc2822 comments (#733)
* Make `js-sys` and `wasm-bindgen` enabled by default when target is `wasm32-unknown-unknown` for ease of API discovery
* Add the `Months` struct and associated `Add` and `Sub` impls
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 6.4.2 to 7.0.5
- Update of rootfile
- Changelog
v7.0.5
Merge pull request #746 from RonnyPfannschmidt/release-prep
v7.0.4
Merge pull request #739 from RonnyPfannschmidt/fix-738-protect-relative-to
v7.0.3
What's Changed
Hg / pip compatibility by @paugier in #729fix#728: remove git arguments that triggered wrong branch names by @RonnyPfannschmidt in #730fix#691 - support root in pyproject.toml even for cli by @RonnyPfannschmidt in #731fix#727: correctly handle incomplete archivals from setuptools_scm_g… by @RonnyPfannschmidt in #732
cleanup pyproject loading and allow cli relative roots to be specified by @RonnyPfannschmidt in #736
Update the README: document support for Git archives by @Changaco in #734
v7.0.2
Merge pull request #724 from RonnyPfannschmidt/fix-722-self-bootstrap
v7.0.1
Merge pull request #719 from kojiromike/missing-importlib
v7.0.0
pre-commit update
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 1.2.0 to 1.5.2
- Update of rootfile
- Changelog
v1.5.2
Fixed
Fix regression in dylib build artifacts not being found since 1.5.0. #290
Fix regression in sdist missing examples and other supplementary files since 1.5.0. #291
v1.5.1
Fixed
Fix regression in get_lib_name crashing since 1.5.0. #280
Fix regression in Binding.Exec builds with multiple executables not finding built executables since 1.5.0. #283
v1.5.0
Added
Add support for extension modules built for wasm32-unknown-emscripten with Pyodide. #244
Changed
Locate cdylib artifacts by handling messages from cargo instead of searching target dir (fixes build on MSYS2). #267
No longer guess cross-compile environment using HOST_GNU_TYPE / BUILD_GNU_TYPE sysconfig variables. #269
Fixed
Fix RustBin build without wheel. #273
Fix RustBin setuptools install. #275
v1.4.1
Fixed
Fix crash when checking Rust version. #263
v1.4.0
Packaging
Increase minimum setuptools version to 62.4. #222
Added
Add cargo_manifest_args to support locked, frozen and offline builds. #234
Add RustBin for packaging binaries in scripts data directory. #248
Changed
Exec binding RustExtension with script=True is deprecated in favor of RustBin. #248
Errors while calling cargo metadata are now reported back to the user #254
quiet option will now suppress output of cargo metadata. #256
setuptools-rust will now match cargo behavior of not setting --target when the selected target is the rust host. #258
Deprecate native option of RustExtension. #258
Fixed
If the sysconfig for BLDSHARED has no flags, setuptools-rust won't crash anymore. #241
v1.3.0
Packaging
Increase minimum setuptools version to 58. #222
Fixed
Fix crash when python-distutils-extra linux package is installed. #222
Fix sdist built with vendored dependencies on Windows having incorrect cargo config. #223
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.12.0 to 0.13.0
- Update of rootfile
- No Changelog available in the source tarball or pypi or the github repository
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 2.3.0 to 2.3.1
- Update of rootfile
- Changelog
Version 2.3.1
Bugs Fixed:
* Avoid operations on a closed stream file when detecting a socket.
Closes: Pagure #64. Thanks to Mark Richman for the report.
* Correct use of names to allow `from daemon import *`.
Closes: Pagure #65. Thanks to July Tikhonov for the report.
Changed:
* Speed daemon start time by computing candidate file descriptors once.
Closes: Pagure #40. Thanks to Alex Pyrgiotis for the report.
* Remove incorrect double-patch of objects in test cases.
Closes: Pagure #62. Thanks to Miro Hrončok for the report.
* Deprecate helper function `is_socket`.
The function incorrectly causes `ValueError` when the file object is already
closed. Migrate to the new `is_socket_file` helper function instead.
Removed:
* Drop backward-compatible helpers that provided Python 2 support.
* declaration of source encoding ‘utf-8’
* absolute_import
* unicode_literals
* module-level metaclass `type`
* unification of str with unicode type
* renamed standard library exceptions and modules
* raise exception from context exception
All these are default behaviour in Python 3 and need no special
handling.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.7.0 to 0.8.0
- Update of rootfile
- Changelog
0.8.0 (2022-05-22)
Accept os.PathLike[str] in addition to str for paths in public API
(PR #392, Fixes#372)
Add schema validation for build-system table to check conformity with PEP 517
and PEP 518 (PR #365, Fixes#364)
Better support for Python 3.11 (sysconfig schemes PR #434, PR #463,
tomllib PR #443, warnings PR #420)
Improved error printouts (PR #442)
Avoid importing packaging unless needed (PR #395, Fixes#393)
Breaking Changes
Failure to create a virtual environment in the build.env module now raises
build.FailedProcessError (PR #442)
- As far as I can tell IPFire does not use the build.env module and the built iso
installed successfully
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- New version of python3-pyfuse3 has been cythonised so Cython no longer required
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.10.1 to 3.10.8
- Update of rootfile
- Changelog is too large to include hear. More details can be found at
https://docs.python.org/3.10/whatsnew/changelog.html#changelog
- Installed Iso, created from build of this python update series, into a vm testbed clone.
All pages and contents worked. No issues found on any WUI page.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.9.14 to 2.10.3
- Update of rootfile
- Changelog
v2.10.3: Oct 14 2022
### Security
- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
### Portability
- win32: Fix build with VS2013
### Build system
- cmake: Set SOVERSION
v2.10.2: Aug 29 2022
### Improvements
- Remove set-but-unused variable in xmlXPathScanName
- Silence -Warray-bounds warning
### Build system
- build: require automake-1.16.3 or later (Xi Ruoyao)
- Remove generated files from distribution
### Test suite
- Don't create missing.xml when running testapi
v2.10.1: Aug 25 2022
### Regressions
- Fix xmlCtxtReadDoc with encoding
### Bug fixes
- Fix HTML parser with threads and --without-legacy
### Build system
- Fix build with Python 3.10
- cmake: Disable version script on macOS
- Remove Makefile rule to build testapi.c
### Documentation
- Switch back to HTML output for API documentation
- Port doc/examples/index.py to Python 3
- Fix order of exports in libxml2-api.xml
- Remove libxml2-refs.xml
v2.10.0: Aug 17 2022
### Security
- [CVE-2022-2309] Reset nsNr in xmlCtxtReset
- Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer (David Kilzer)
- Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
- Fix integer overflow in xmlBufferDump() (David Kilzer)
- xmlBufAvail() should return length without including a byte for NUL
terminator (David Kilzer)
- Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
Kilzer)
- Use xmlNewDocText in xmlXIncludeCopyRange
- Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser (David Kilzer)
- Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
- fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn)
### Removals and deprecations
- Disable XPointer location support by default
- Remove outdated xml2Conf.sh
- Deprecate module init and cleanup functions
- Remove obsolete XML Software Autoupdate (XSA) file
- Remove DOCBparser
- Remove obsolete Python test framework
- Remove broken VxWorks support
- Remove broken Mac OS 9 support
- Remove broken bakefile support
- Remove broken Visual Studio 2010 support
- Remove broken Windows CE support
- Deprecate IDREF-related functions in valid.h
- Deprecate legacy functions
- Disable legacy support by default
- Deprecate all functions in nanoftp.h
- Disable FTP support by default
- Add XML_DEPRECATED macro
- Remove elfgcchack.h
### Regressions
- Skip incorrectly opened HTML comments
- Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)
### Bug fixes
- Fix memory leak with invalid XSD
- Make XPath depth check work with recursive invocations
- Fix memory leak in xmlLoadEntityContent error path
- Avoid double-free if malloc fails in inputPush
- Properly fold whitespace around the QName value when validating an XSD
schema. (Damjan Jovanovic)
- Add whitespace folding for some atomic data types that it's missing on.
(Damjan Jovanovic)
- Don't add IDs containing unexpanded entity references
### Improvements
- Avoid calling xmlSetTreeDoc
- Simplify xmlFreeNode
- Don't reset nsDef when changing node content
- Fix unintended fall-through in xmlNodeAddContentLen
- Remove unused xmlBuf functions (David Kilzer)
- Implement xpath1() XPointer scheme
- Add configuration flag for XPointer locations support
- Fix compiler warnings in Python code
- Mark more static data as `const` (David Kilzer)
- Make xmlStaticCopyNode non-recursive
- Clean up encoding switching code
- Simplify recursive pthread mutex
- Use non-recursive mutex in dict.c
- Fix parser progress checks
- Avoid arithmetic on freed pointers
- Improve buffer allocation scheme
- Remove unneeded #includes
- Add support for some non-standard escapes in regular expressions. (Damjan
Jovanovic)
- htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
- Add let variable tag support (Oliver Diehl)
- Add value-of tag support (Oliver Diehl)
- Remove useless call to xmlRelaxNGCleanupTypes
- Don't include ICU headers in public headers
- Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
- Fix unused variable warnings with disabled features
- Only warn on invalid redeclarations of predefined entities
- Remove unneeded code in xmlreader.c
- Rework validation context flags
### Portability
- Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
- Fix Python tests on macOS
- Fix xmlCleanupThreads on Windows
- Fix reinitialization of library on Windows
- Don't mix declarations and code in runtest.c
- Use portable python shebangs (David Seifert)
- Use critical sections as mutex on Windows
- Don't set HAVE_WIN32_THREADS in win32config.h
- Use stdint.h with newer MSVC
- Remove cruft from win32config.h
- Remove isinf/isnan emulation in win32config.h
- Always fopen files with "rb"
- Remove __DJGPP__ checks
- Remove useless __CYGWIN__ checks
### Build system
- Don't autogenerate doc/examples/Makefile.am
- cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
- cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
- Port genUnicode.py to Python 3
- Port gentest.py to Python 3
- cmake: Fix build without thread support
- cmake: Install documentation in CMAKE_INSTALL_DOCDIR
- cmake: Remove non needed files in docs dir (Daniel E)
- configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
(Christopher Degawa)
- Move local Autoconf macros into m4 directory
- Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
- Update libxml-2.0-uninstalled.pc.in
- Remove LIBS from XML_PRIVATE_LIBS
- Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
- Don't overlink executables
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
- build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
- Avoid obsolescent `test -a` constructs (David Seifert)
- Move AM_MAINTAINER_MODE to AM section
- configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
- Streamline documentation installation
- Don't try to recreate COPYING symlink
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- Makefile.am: install examples more idiomatically (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Respect `--sysconfdir` in source files (David Seifert)
- Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin)
- Only install *.html and *.c example files
- Remove --with-html-dir option
- Rework documentation build system
- Remove old website
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Update genChRanges.py
- Update build_glob.py
- Remove ICONV_CONST test
- Remove obsolete AC_HEADER checks
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove special configuration for certain maintainers
### Test suite, CI
- Disable network in API tests
- testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
- Build Autotools CI tests out of source tree (VPATH)
- Add --with-minimum build to CI tests
- Fix warnings when testing --with-minimum build
- cmake: Run all tests when threads are disabled
- Also build CI tests with -Werror
- Move doc/examples tests to new test suite
- Simplify 'make check' targets
- Fix schemas and relaxng tests
- Remove unused result files
- Allow missing result files in runtest
- Move regexp tests to runtest
- Move SVG tests to runtest.c
- Move testModule to new test suite
- Move testThreads to new test suite
- Remove major parts of old test suite
- Make testchar return an error on failure (Tony Tascioglu)
- Add CI job for static build
- python/tests: open() relative to test scripts (David Seifert)
- Port some test scripts to Python 3
### Documentation
- Improve documentation of tree manipulation API
- Update xml2-config man page
- Consolidate man pages
- Rename xmlcatalog_man.xml
- Make examples a standalone HTML page
- Fix documentation in entities.c
- Add note about optimization flags
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.4.9 to 2.5.0
- Update of rootfile.
- Changelog
Release 2.5.0 Tue October 25 2022
Security fixes:
#616#649#650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially
arbitrary code execution.
Bug fixes:
#612#645 Fix curruption from undefined entities
#613#654 Fix case when parsing was suspended while processing nested
entities
#616#652#653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
#656 CMake: Fix generation of pkg-config file
#658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
#667#668 Version info bumped from 9:9:8 to 9:10:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.2.12 to 1.2.13
- Update of rootfile
- Patches for CVE-2022-37434 removed as they are now integarted in the source tarball
- Changelog
Changes in 1.2.13 (13 Oct 2022)
- Fix configure issue that discarded provided CC definition
- Correct incorrect inputs provided to the CRC functions
- Repair prototypes and exporting of new CRC functions
- Fix inflateBack to detect invalid input with distances too far
- Have infback() deliver all of the available output up to any error
- Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37434)
- Fix bug in block type selection when Z_FIXED used
- Tighten deflateBound bounds
- Remove deleted assembler code references
- Various portability and appearance improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-0
"Features
Merge #753: ACL per interface. (New interface-* configuration options).
Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option).
Bug Fixes
Fix#728: alloc_reg_obtain() core dump. Stop double alloc_reg_release
when serviced_create fails.
Fix edns subnet so that scope 0 answers only match sourcemask 0 queries
for answers from cache if from a query with sourcemask 0.
Fix unittest for edns subnet change.
Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to
unsupported IPV6_USER_MTU socket option being set.
Fix ratelimit inconsistency, for ip-ratelimits the value is the amount
allowed, like for ratelimits.
Fix#734 [FR] enable unbound-checkconf to detect more (basic) errors.
Fix to log accept error ENFILE and EMFILE errno, but slowly, once per
10 seconds. Also log accept failures when no slow down is used.
Fix to avoid process wide fcntl calls mixed with nonblocking operations
after a blocked write.
Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive
operations, so that instruction reordering does not cause mistakenly
blocking socket operations.
Fix to wait for blocked write on UDP sockets, with a timeout if it
takes too long the packet is dropped.
Fix for wait for udp send to stop when packet is successfully sent.
Fix#741: systemd socket activation fails on IPv6.
Fix to update config tests to fix checking if nonblocking sockets work
on OpenBSD.
Slow down log frequency of write wait failures.
Fix to set out of file descriptor warning to operational verbosity.
Fix to log a verbose message at operational notice level if a thread is
not responding, to stats requests. It is logged with thread
identifiers.
Remove include that was there for debug purposes.
Fix to check pthread_t size after pthread has been detected.
Convert tdir tests to use the new skip_test functionality.
Remove unused testcode/mini_tpkg.sh file.
Better output for skipped tdir tests.
Fix doxygen warning in respip.h.
Fix to remove erroneous TC flag from TCP upstream.
Fix test tdir skip report printout.
Fix windows compile, the identifier interface is defined in headers.
Fix to close errno block in comm_point_tcp_handle_read outside of ifdef.
Fix static analysis report to remove dead code from the
rpz_callback_from_iterator_module function.
Fix to clean up after the acl_interface unit test.
Merge #764: Leniency for target discovery when under load (for
NRDelegation changes).
Use DEBUG_TDIR from environment in mini_tdir.sh for debugging.
Fix string comparison in mini_tdir.sh.
Make ede.tdir test more predictable by using static data.
Fix checkconf test for dnscrypt and proxy port.
Fix dnscrypt compile for proxy protocol code changes.
Fix to stop responses with TC flag from resulting in partial responses.
It retries to fetch the data elsewhere, or fails the query and in depth
fix removes the TC flag from the cached item.
Fix proxy length debug output printout typecasts.
Fix to stop possible loops in the tcp reuse code (write_wait list and
tcp_wait list). Based on analysis and patch from Prad Seniappan and
Karthik Umashankar.
Fix PROXYv2 header read for TCP connections when no proxied addresses
are provided."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Changelog:
"6.0.8 -- 2022-09-27
Task #5552: libhtp 0.5.41
6.0.7 -- 2022-09-27
Security #5430: mqtt: DOS by quadratic with too many transactions in one parse (6.0.x backport)
Bug #5559: BUG_ON triggered from TmThreadsInjectFlowById (6.0.x backport)
Bug #5549: Failed assert DeStateSearchState (6.0.x)
Bug #5548: tcp: assertion failed in DoInsertSegment (BUG_ON) (6.0.x)
Bug #5547: rules: less strict parsing of unexpected flowbit options
Bug #5546: rules: don't error on bad hex in content
Bug #5540: detect: transform strip whitespace creates a 0-sized variable-length array: backport6
Bug #5505: http2: slow http2_frames_get_header_value_vec because of allocation [backport6]
Bug #5471: Reject action is no longer working (6.0.x backport)
Bug #5467: rules: more graceful handling of anomalies for stable versions
Bug #5459: Counters are not initialized in all places. (6.0.x backport)
Bug #5448: nfs: add maximum number of operations per compound (6.0.x backport)
Bug #5436: Infinite loop if the sniffing interface temporarily goes down (6.0.x backports)
Bug #5335: flow: vlan.use-for-tracking is not used for ICMPv4 (6.0.x backport)
Bug #4421: flow manager: using too much CPU during idle (6.0.x backport)
Feature #5535: ips: add "reject" action to exception policies (6.0.x backport)
Feature #5500: ips: midstream: add "exception policy" for midstream (6.0.x backport)
Task #5551: doc: add exception policy documentation (6.0.x)
Task #5533: detect/parse: add tests for parsing signatures with reject and drop action (6.0.x backport)
Task #5525: exceptions: error out when invalid configuration value is passed (6.0.x backport)
Task #5381: add `alert-queue-expand-fails` command-line option (6.0.x backport)
Task #5328: python: distutils deprecation warning (6.0.x backport)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.4.8 to 2.4.9
- Update of rootfile
- Changelog
Release 2.4.9 Tue September 20 2022
Security fixes:
#629#640 CVE-2022-40674 -- Heap use-after-free vulnerability in
function doContent. Expected impact is denial of service
or potentially arbitrary code execution.
Bug fixes:
#634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
#614 docs: Fix documentation on effect of switch XML_DTD on
symbol visibility in doc/reference.html
Other changes:
#638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
#596#625 Autotools: Sync CMake templates with CMake 3.22
#608 CMake: Migrate from use of CMAKE_*_POSTFIX to
dedicated variables EXPAT_*_POSTFIX to stop affecting
other projects
#597#599 Windows|CMake: Add missing -DXML_STATIC to test runners
and fuzzers
#512#621 Windows|CMake: Render .def file from a template to fix
linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
#611#621 MinGW|CMake: Apply MSVC .def file when linking
#622#624 MinGW|CMake: Sync library name with GNU Autotools,
i.e. produce libexpat-1.dll rather than libexpat.dll
by default. Filename libexpat.dll.a is unaffected.
#632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
toolchain file "cmake/mingw-toolchain.cmake" to avoid
error "windres: Command not found" on e.g. Ubuntu 20.04
#597#627 CMake: Unify inconsistent use of set() and option() in
context of public build time options to take need for
set(.. FORCE) in projects using Expat by means of
add_subdirectory(..) off Expat's users' shoulders
#626#641 Stop exporting API symbols when building a static library
#644 Resolve use of deprecated "fgrep" by "grep -F"
#620 CMake: Make documentation on variables a bit more consistent
#636 CMake: Drop leading whitespace from a #cmakedefine line in
file expat_config.h.cmake
#594 xmlwf: Fix harmless variable mix-up in function nsattcmp
#592#593#610 Address Cppcheck warnings
#643 Address Clang 15 compiler warnings
#642#644 Version info bumped from 9:8:8 to 9:9:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#597#598 CI: Windows: Start covering MSVC 2022
#619 CI: macOS: Migrate off deprecated macOS 10.15
#632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work
#643 CI: Upgrade Clang from 14 to 15
#637 apply-clang-format.sh: Add support for BSD find
#633 coverage.sh: Exclude MinGW headers
#635 coverage.sh: Fix name collision for -funsigned-char
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.33/doc/arm/html/notes.html#notes-for-bind-9-16-33
"Security Fixes
Previously, there was no limit to the number of database lookups
performed while processing large delegations, which could be abused to
severely impact the performance of named running as a recursive
resolver. This has been fixed. (CVE-2022-2795)
ISC would like to thank Yehuda Afek from Tel-Aviv University and Anat
Bremler-Barr & Shani Stajnrod from Reichman University for bringing
this vulnerability to our attention. [GL #3394]
named running as a resolver with the stale-answer-client-timeout option
set to 0 could crash with an assertion failure, when there was a stale
CNAME in the cache for the incoming query. This has been fixed.
(CVE-2022-3080) [GL #3517]
A memory leak was fixed that could be externally triggered in the
DNSSEC verification code for the ECDSA algorithm. (CVE-2022-38177) [GL
#3487]
Memory leaks were fixed that could be externally triggered in the
DNSSEC verification code for the EdDSA algorithm. (CVE-2022-38178) [GL
#3487]
Feature Changes
Response Rate Limiting (RRL) code now treats all QNAMEs that are
subject to wildcard processing within a given zone as the same name, to
prevent circumventing the limits enforced by RRL. [GL #3459]
Zones using dnssec-policy now require dynamic DNS or inline-signing to
be configured explicitly. [GL #3381]
A backward-compatible approach was implemented for encoding
internationalized domain names (IDN) in dig and converting the domain
to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. [GL
#3485]
Bug Fixes
A serve-stale bug was fixed, where BIND would try to return stale data
from cache for lookups that received duplicate queries or queries that
would be dropped. This bug resulted in premature SERVFAIL responses,
and has now been resolved. [GL #2982]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2022-September/007885.html
"This release fixes CVE-2022-3204 Non-Responsive Delegation
Attack. It was reported by Yehuda Afek from Tel-Aviv
University and Anat Bremler-Barr and Shani Stajnrod from
Reichman University.
This fixes for better performance when under load, by cutting
promiscuous queries for nameserver discovery and limiting the
number of times a delegation point can look in the cache for
missing records.
Bug Fixes
- Patch for CVE-2022-3204 Non-Responsive Delegation Attack."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Since we disabled Bluetooth support in the kernel a long time ago due to
security reasons, these do not serve any purpose anymore. Therefore, do
not ship them and delete them on existing installations.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
