mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
5bf383da9ec7c46066bb8b1efda72c18687207d2
4680 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jonatan Schlag
|
80c1cb5a0a |
initscripts fkt: Fix shebang
We use features only available in bash. So we should state correctly that the script should be executed in bash. As sh is a symlink to bash this makes not differences on a ipfire system. But my linter is less chatty with this change. Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Jonatan Schlag
|
14ecdd86f1 |
initscripts fkt: keep readhash compatible with older implementation
With the use of eval BLUE_DEV='blue0 net0' stored "blue0 net0" in the variable BLUE_DEV not "'blue0 net0'" Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Jonatan Schlag
|
f1d94e7457 |
initscripts fkt: readhash should only parse lines with a =
A line without a = is clearly invalid. Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Jonatan Schlag
|
9f72b7bc5f |
initscripts fkt: Check for invalid values in readhash
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Jonatan Schlag
|
02254f5543 |
initscripts fkt: ignore invalid keys in readhash
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Jonatan Schlag
|
d289bc28be |
initscripts fkt: Ignore comments in readhash
As '#Another Comment' is a valid key we test this change by checking if the comments do not end up as keys in our array. Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Jonatan Schlag
|
59e3c2a217 |
initscript fkt: ignore blank lines in readhash
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Jonatan Schlag
|
96bb3ba8b8 |
initscript functions: add readhash
To avoid the usage of eval and to store the config in an key value array, we introduce an new function. The tests only check if we read the correct value to the correct variable. One comment on the implementation as this has created some headache: >From https://www.gnu.org/software/bash/manual/bash.html#Bourne-Shell-Builtins "When used in a function, declare makes each name local, as with the local command, unless the -g option is used." So we need to use -g here Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Adolf Belka
|
c48dfb2d8f |
minidlna: Add patch to add compatibility with ffmpeg-7.0
- From ffmpeg-7.0 the channel_layout variable has been changed to ch_layout. A minidlna user has submitted a patch to minidlna in May 2024 to fix this. Without this patch minidlna fails to build with ffmpeg-7.0 onwards. - The patch has not yet been merged with minidlna (last commit was in May 2023) so I have taken the patch and applied it to the minidlna source tarball. - Update of rootfile not required Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
ba6d6014ff |
ffmpeg: Update to version 7.0.2
- Update from version 6.0 to 7.0.2
- Removal of mathpops patch as content now included in source tarball.
- Update of rootfile
- sobump means that mpd, shairport-sync and minidlna need to be shipped
- minidlna also requires an update due to a variable name change from ffmpeg-7.0 onwards
- Changelog
7.0.2
avcodec/snow: Fix off by 1 error in run_buffer
avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow
avformat/iamf_parse: Check for 0 samples
swscale: [loongarch] Fix checkasm-sw_yuv2rgb failure.
avcodec/aacps_tablegen_template: don't redefine CONFIG_HARDCODED_TABLES
avutil/hwcontext_vaapi: use the correct type for VASurfaceAttribExternalBuffers.buffers
avcodec/pcm-bluray/dvd: Use correct pointer types on BE
avcodec/pngenc: fix sBIT writing for indexed-color PNGs
avcodec/pngdec: use 8-bit sBIT cap for indexed PNGs per spec
avformat/mov: check that child boxes of trak are only present inside it
avformat/mov: check that sample and chunk count is 1 for HEIF
avcodec/videotoolboxenc: Fix bitrate doesn't work as expected
avdevice/dshow: Don't skip audio devices if no video device is present
avcodec/hdrenc: Allocate more space
avcodec/cfhdenc: Height of 16 is not supported
avcodec/cfhdenc: Allocate more space
avcodec/osq: fix integer overflow when applying factor
avcodec/osq: avoid using too large numbers for shifts and integers in update_residue_parameter()
avcodec/vaapi_encode: Check hwctx
avcodec/proresdec: Consider negative bits left
avcodec/alsdec: Clear shift_value
avcodec/hevc/hevcdec: Do not allow slices to depend on failed slices
avformat/mov: add an EOF check in IPRP
avfilter/vf_xfade: Check ff_inlink_consume_frame() for failure
avutil/slicethread: Check pthread_*_init() for failure
avutil/frame: Check log2_crop_align
avutil/buffer: Check ff_mutex_init() for failure
avformat/xmv: Check this_packet_size
avformat/webpenc: Check filesize in trailer
avformat/ty: rec_size seems to only need 32bit
avformat/tty: Check avio_size()
avformat/siff: Basic pkt_size check
avformat/sauce: Check avio_size() for failure
avformat/sapdec: Check ffurl_get_file_handle() for error
avformat/nsvdec: Check asize for PCM
avformat/mp3dec: Check header_filesize
avformat/mp3dec; Check for avio_size() failure
avformat/mov: Use 64bit for str_size
avformat/mm: Check length
avformat/hnm: Check *chunk_size
avformat/hlsenc: Check ret
avformat/bintext: Check avio_size() return
avformat/asfdec_o: Check size of index object
avfilter/vf_scale: Check ff_scale_adjust_dimensions() for failure
avfilter/scale_eval: Use 64bit, check values in ff_scale_adjust_dimensions()
avfilter/vf_lut3d: Check av_scanf()
avfilter/vf_elbg: Use unsigned for shifting into the top bit
avfilter/vf_premultiply: Use AV_PIX_MAX_PLANES
avfilter/vf_deshake_opencl: Ensure that the first iteration initializes the best variables
avformat/iamf_parse: Check for negative sample sizes
swscale/output: Fix integer overflows in yuv2rgba64_X_c_template
avformat/mxfdec: Reorder elements of expression in bisect loop
avutil/timecode: Use a 64bit framenum internally
avcodec/pnmdec: Use 64bit for input size check
avformat/mov: Check extradata in mov_read_iacb()
avcodec/mpeg12enc: Use av_rescale() in vbv_buffer_size computation
avcodec/utvideoenc: Use unsigned shift to build flags
avcodec/j2kenc: Merge dwt_norm into lambda
avcodec/vc2enc: Fix overflows with storing large values
avcodec/mpegvideo_enc: Do not duplicate pictures on shifting
avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create()
avcodec/tiff: Check value on positive signed targets
avfilter/vf_convolution_opencl: Assert that the filter name is one of the filters
avfilter/vf_bm3d: Dont round MSE2SSE to an integer
avdevice/dshow: Remove NULL check on pin
avdevice/dshow: check ff_dshow_pin_ConnectionMediaType() for failure
avdevice/dshow: Check device_filter_unique_name before use
avdevice/dshow: Cleanup also on av_log case
avdevice/dshow_filter: Use wcscpy_s()
avcodec/flac_parser: Assert that we do not overrun the link_penalty array
avcodec/osq: avoid signed overflow in downsample path
avcodec/pixlet: Simplify pfx computation
avcodec/motion_est: Fix score squaring overflow
avcodec/mlpenc: Use 64 for ml, mr
avcodec/loco: Check loco_get_rice() for failure
avcodec/loco: check get_ur_golomb_jpegls() for failure
avcodec/leaddec: Check init_get_bits8() for failure
avcodec/imm4: check cbphi for error
avcodec/iff: Use signed count
avcodec/golomb: Assert that k is in the supported range for get_ur/sr_golomb()
avcodec/golomb: Document return for get_ur_golomb_jpegls() and get_sr_golomb_flac()
avcodec/dxv: Fix type in get_opcodes()
avcodec/cri: Check length
avcodec/xsubdec: Check parse_timecode()
avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit
avfilter/vf_tiltandshift: Free dst on error
doc/examples/mux: remove nop
avcodec/proresenc_kostya: use unsigned alpha for rotation
avformat/rtpenc_rfc4175: Use 64bit in computation if copy_offset
avformat/rtmpproto: Use AV_DICT_MATCH_CASE instead of litteral number
avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly
avformat/rmdec: use 64bit for audio_framesize checks
avutil/wchar_filename: Correct sizeof
avutil/hwcontext_d3d11va: correct sizeof IDirect3DSurface9
avutil/hwcontext_d3d11va: Free AVD3D11FrameDescriptor on error
avutil/hwcontext_d3d11va: correct sizeof AVD3D11FrameDescriptor
avcodec/vvc/refs: Use unsigned mask
doc/examples/vaapi_encode: Try to check fwrite() for failure
avformat/usmdec: Initialize value
avformat/tls_schannel: Initialize ret
avformat/subfile: Assert that whence is a known case
avformat/subfile: Merge if into switch()
avformat/rtsp: Check that lower transport is handled in one of the if()
avformat/rtsp: initialize reply1
avformat/rtsp: use < 0 for error check
avformat/rtpenc_vc2hq: Check sizes
avfilter/af_aderivative: Free out on error
swscale/swscale: Use ptrdiff_t for linesize computations
avfilter/af_amerge: Cleanup on av_channel_layout_copy() failure
avfilter/af_afir: Assert format
avfilter/af_afftdn: Assert format
avfilter/af_pan: check nb_output_channels before use
cbs_av1: Reject thirty-two zero bits in uvlc code
avfilter/af_mcompand: compute half frequency in double
avfilter/af_channelsplit: Assert that av_channel_layout_channel_from_index() succeeds
avfilter/af_aresample: Cleanup on av_channel_layout_copy() failure
tools/coverity: Phase 1 study of anti-halicogenic for coverity av_rescale()
avfilter/vf_avgblur: Check plane instead of AVFrame
avfilter/drawutils: Fix depthb computation
avfilter/avf_showcwt: Check av_parse_video_rate() for failure
avformat/rdt: Check pkt_len
avformat/mpeg: Check len in mpegps_probe()
avformat/mxfenc: resurrects the error print
avdevice/dshow: Check ICaptureGraphBuilder2_SetFiltergraph() for failure
avcodec/mfenc: check IMFSample_ConvertToContiguousBuffer() for failure
avcodec/vc1_loopfilter: Factor duplicate code in vc1_b_h_intfi_loop_filter()
avcodec/vvc/ctu: Remove dead ret check
avcodec/vvc/dec: Remove constant eos_at_start
avformat/img2dec: assert no pipe on ts_from_file
avcodec/cbs_jpeg: Try to move the read entity to one side in a test
fftools/ffplay: Check vulkan_params
fftools/ffmpeg_enc: Initialize Decoder
fftools/ffmpeg_enc: Initialize fd
fftools/ffmpeg_enc: simplify opaque_ref check
avformat/mov: Check edit list for overflow
fftools/ffmpeg: Check read() for failure
avcodec/vvc/dec: Check ff_init_cabac_decoder() for failure
swscale/output: Avoid undefined overflow in yuv2rgb_write_full()
swscale/output: alpha can become negative after scaling, use multiply
avcodec/targaenc: Allocate space for the palette
avcodec/r210enc: Use av_rescale for bitrate
avcodec/jfdctint_template: Fewer integer anomalies
avcodec/snowenc: MV limits due to mv_penalty table size
tools/target_dec_fuzzer: Adjust threshold for MV30
tools/target_dec_fuzzer: Adjust threshold for jpeg2000
avformat/mxfdec: Check container_ul->desc before use
avcodec/libvpxenc: Cleanup on error
doc/developer: Provide information about git send-email and gmail
avfilter/vf_rotate: Check ff_draw_init2() return value
avformat/mov: Use int64_t in intermediate for corrected_dts
avformat/mov: Use 64bit in intermediate for current_dts
avformat/matroskadec: Assert that num_levels is non negative
avformat/libzmq: Check av_strstart()
avformat/img2dec: Little JFIF / Exif cleanup
avformat/img2dec: Move DQT after unrelated if()
avformat/imfdec: Simplify get_next_track_with_minimum_timestamp()
avdevice/xcbgrab: Check sscanf() return
fftools/cmdutils: Add protective () to FLAGS
avformat/sdp: Check before appending ","
avcodec/libx264: Check init_get_bits8() return code
avcodec/ilbcdec: Remove dead code
avcodec/vp8: Check cond init
avcodec/vp8: Check mutex init
avcodec/proresenc_anatoliy: Assert that AV_PROFILE_UNKNOWN is replaced
avcodec/pcm-dvdenc: 64bit pkt-size
avcodec/notchlc: Check init_get_bits8() for failure
avcodec/tests/dct: Use 64bit in intermediate for error computation
avcodec/scpr3: Check add_dec() for failure
avcodec/rv34: assert that size is not 0 in rv34_gen_vlc_ext()
avcodec/wavpackenc: Use unsigned for potential 31bit shift
avcodec/vvc/mvs: Initialize mvf
avcodec/tests/jpeg2000dwt: Use 64bit in comparission
avcodec/tests/jpeg2000dwt: Use 64bit in err2 computation
avformat/fwse: Remove always false expression
avcodec/sga: Make it clear that the return is intentionally not checked
avformat/asfdec_f: Use 64bit for preroll computation
avformat/argo_asf: Use 64bit in offset intermediate
avformat/ape: Use 64bit for final frame size
avformat/ac4dec: Check remaining space in ac4_probe()
avdevice/pulse_audio_enc: Use av_rescale() to avoid integer overflow
avcodec/vlc: Cleanup on multi table alloc failure in ff_vlc_init_multi_from_lengths()
avcodec/tiff: Assert init_get_bits8() success in unpack_gray()
avcodec/tiff: Assert init_get_bits8() success in horizontal_fill()
tools/decode_simple: Check avcodec_send_packet() for errors on flushing
swscale/yuv2rgb: Use 64bit for brightness computation
swscale/x86/swscale: use a clearer name for INPUT_PLANER_RGB_A_FUNC_CASE
avutil/tests/opt: Check av_set_options_string() for failure
avutil/tests/dict: Check av_dict_set() before get for failure
avdevice/dshow: fix badly indented line
avformat/demux: resurrect dead stores
avcodec/tests/bitstream_template: Assert bits_init8() return
tools/enc_recon_frame_test: Assert that av_image_get_linesize() succeeds
avformat/iamf_writer: disallow Opus extradata with mapping family other than 0
avformat/iamf_parse: sanitize audio_roll_distance values
avformat/iamf: byteswap values in OpusHeader
avformat/iamf: rename Codec Config seek_preroll to audio_roll_distance
avformat/iamf_writer: fix coded audio_roll_distance values
avformat/iamf_writer: fix PCM endian-ness flag
avformat/movenc: fix channel count and samplerate fields for IAMF tracks
avformat/iamf_parse: keep substream count consistent
avformat/iamf_parse: add missing padding to AAC extradata
avformat/iamf_parse: 0 layers are not allowed
avformat/iamf_parse: consider nb_substreams when accessing substreams array
avformat/iamf_parse: Remove dead case
avcodec/png: more informative error message for invalid sBIT size
avcodec/pngdec: avoid erroring with sBIT on indexed-color images
avfilter/vf_tiltandshift: fix buffer offset for yuv422p input
avutil/timestamp: avoid possible FPE when 0 is passed to av_ts_make_time_string2()
avformat/mov: add more checks for infe atom size
avformat/mov: check for EOF inside the infe list parsing loop
avformat/mov: check extent_offset calculation for overflow
avformat/mov: check that iloc offset values fit on an int64_t
avcodec/pngenc: fix mDCv typo
avcodec/pngdec: fix mDCv typo
avcodec/nvenc: fix segfault in intra-only mode
avdevice/avfoundation: add external video devices
aarch64: Add OpenBSD runtime detection of dotprod and i8mm using sysctl
fftools/ffplay_renderer: use correct NULL value for Vulkan type
qsv: Initialize impl_value
avutil/hwcontext_qsv: fix GCC 14.1 warnings
avcodec/mediacodecenc: workaround the alignment requirement for H.265
avcodec/mediacodecenc: workaround the alignment requirement only for H.264
lavc/lpc: fix off-by-one in R-V V compute_autocorr
lavc/vp9: reset segmentation fields when segmentation isn't enabled
configure: enable ffnvcodec, nvenc, nvdec for FreeBSD
lavc/sbrdsp: fix potential overflow in noise table
7.0.1
lavc/flacdsp: do not assume maximum R-V VL
avformat/flacdec: Reorder allocations to avoid leak on error
avcodec/adts_parser: Don't presume buffer to be padded
avformat/movenc: Check av_malloc()
avcodec/vp8: Return error on error
avformat/mov: store sample_sizes as unsigned ints
avformat/vvc: fix parsing sps_subpic_id
avformat/vvc: initialize some ptl flags
avcodec/mscc & mwsc: Check loop counts before use
avcodec/mpegvideo_enc: Fix potential overflow in RD
avcodec/mpeg4videodec: assert impossible wrap points
avcodec/mpeg12dec: Use 64bit in bit computation
avcodec/vqcdec: Check init_get_bits8() for failure
avcodec/vvc/dec: Check init_get_bits8() for failure
avcodec/vble: Check av_image_get_buffer_size() for failure
avcodec/vp3: Replace check by assert
avcodec/vp8: Forward return of ff_vpx_init_range_decoder()
avcodec/jpeg2000dec: remove ST=3 case
avcodec/qsvdec: Check av_image_get_buffer_size() for failure
avcodec/exr: Fix preview overflow
avcodec/decode: decode_simple_internal() only implements audio and video
avcodec/fmvc: remove dead assignment
avcodec/h2645_sei: Remove dead checks
avcodec/h264_slice: Remove dead sps check
avcodec/lpc: copy levenson coeffs only when they have been computed
avutil/tests/base64: Check with too short output array
libavutil/base64: Try not to write over the array end
avcodec/cbs_av1: Avoid shift overflow
fftools/ffplay: Check return of swr_alloc_set_opts2()
tools/opt_common: Check for malloc failure
doc/examples/demux_decode: Simplify loop
avformat/concatdec: Check file
avcodec/mpegvideo_enc: Fix 1 line and one column images
avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector()
avcodec/wavarc: fix integer overflow in decode_5elp() block type 2
swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
avcodec/av1dec: Change bit_depth to int
avcodec/av1dec: bit_depth cannot be another values than 8,10,12
avcodec/avs3_parser: assert the return value of init_get_bits()
avcodec/avs2_parser: Assert init_get_bits8() success with const size 15
avfilter/avfiltergraph: return value of ff_request_frame() is unused
avformat/mxfdec: Check body_offset
avformat/kvag: Check sample_rate
avcodec/atrac9dec: Check init_get_bits8() for failure
avcodec/ac3_parser: Check init_get_bits8() for failure
avcodec/pngdec: Check last AVFrame before deref
avcodec/hevcdec: Check ref frame
doc/examples/qsv_transcode: Initialize pointer before free
doc/examples/qsv_transcode: Simplify str_to_dict() loop
doc/examples/vaapi_transcode: Simplify loop
doc/examples/qsv_transcode: Simplify loop
avcodec/cbs_h2645: Check NAL space
avfilter/vf_thumbnail_cuda: Set ret before checking it
avfilter/signature_lookup: Dont copy uninitialized stuff around
avfilter/signature_lookup: Fix 2 differences to the refernce SW
avcodec/x86/vp3dsp_init: Set correct function pointer, fix crash
avformat/mp3dec: change bogus error message if read_header encounters EOF
avformat/mp3dec: simplify inner frame size check in mp3_read_header
avformat/mp3dec: only call ffio_ensure_seekback once
avcodec/cbs_h266: read vps_ptl_max_tid before using it
avcodec/cbs_h266: fix sh_collocated_from_l0_flag and sh_collocated_ref_idx infer
avformat/vvc: fix parsing some early VPS bitstream values
avformat/vvc: fix writing general_constraint_info bytes
avutil/ppc/cpu: Also use the machdep.altivec sysctl on NetBSD
lavd/v4l2: Use proper field type for second parameter of ioctl() with BSD's
vulkan_av1: Fix force_integer_mv value
vaapi_av1: Fix force_integer_mv value
av1dec: Add force_integer_mv derived field for decoder use
avutil/iamf: fix offsets for mix_gain options
avformat/iamfdec: check nb_streams in header read
avformat/mov: free the infe allocated item data on failure
avformat/iamf_writer: reject duplicated stream ids in a stream group
avformat/mov: don't read key_size bytes twice in the keys atom
avformat/mov: take into account the first eight bytes in the keys atom
avformat/mov: fix the check for the heif item parsing loop
avutil/iamf: fix mix_gain_class name
av1dec: Fix RefFrameSignBias calculation
avcodec/codec_par: always clear extradata_size in avcodec_parameters_to_context()
avcodec/mediacodecenc: Fix return empty packet when bsf is used
avcodec/hevcdec: Fix precedence, bogus film grain warning
avcodec/hevcdec: fix segfault on invalid film grain metadata
lavc/vvc: Skip enhancement layer NAL units
avformat/mov: ignore old infe box versions
vulkan_av1: add workaround for NVIDIA drivers tested on broken CTS
lavc/vulkan_av1: Use av1dec reference order hint information
lavc/av1: Record reference ordering information for each frame
doc/encoders: add missing libxvid option
doc/encoders: remove non-existent flag
fate/ffmpeg: Avoid dependency on samples
avcodec/wavpack: Remove always-false check
avcodec/wavpack: Fix leak and segfault on reallocation error
avcodec/lossless_videoencdsp: Don't presume alignment in diff_bytes
avcodec/ppc/h264dsp: Fix left shifts of negative numbers
7.0
- DXV DXT1 encoder
- LEAD MCMP decoder
- EVC decoding using external library libxevd
- EVC encoding using external library libxeve
- QOA decoder and demuxer
- aap filter
- demuxing, decoding, filtering, encoding, and muxing in the
ffmpeg CLI now all run in parallel
- enable gdigrab device to grab a window using the hwnd=HANDLER syntax
- IAMF raw demuxer and muxer
- D3D12VA hardware accelerated H264, HEVC, VP9, AV1, MPEG-2 and VC1 decoding
- tiltandshift filter
- qrencode filter and qrencodesrc source
- quirc filter
- lavu/eval: introduce randomi() function in expressions
- VVC decoder (experimental)
- fsync filter
- Raw Captions with Time (RCWT) closed caption muxer
- ffmpeg CLI -bsf option may now be used for input as well as output
- ffmpeg CLI options may now be used as -/opt <path>, which is equivalent
to -opt <contents of file <path>>
- showinfo bitstream filter
- a C11-compliant compiler is now required; note that this requirement
will be bumped to C17 in the near future, so consider updating your
build environment if it lacks C17 support
- Change the default bitrate control method from VBR to CQP for QSV encoders.
- removed deprecated ffmpeg CLI options -psnr and -map_channel
- DVD-Video demuxer, powered by libdvdnav and libdvdread
- ffprobe -show_stream_groups option
- ffprobe (with -export_side_data film_grain) now prints film grain metadata
- AEA muxer
- ffmpeg CLI loopback decoders
- Support PacketTypeMetadata of PacketType in enhanced flv format
- ffplay with hwaccel decoding support (depends on vulkan renderer via libplacebo)
- dnn filter libtorch backend
- Android content URIs protocol
- AOMedia Film Grain Synthesis 1 (AFGS1)
- RISC-V optimizations for AAC, FLAC, JPEG-2000, LPC, RV4.0, SVQ, VC1, VP8, and more
- Loongarch optimizations for HEVC decoding
- Important AArch64 optimizations for HEVC
- IAMF support inside MP4/ISOBMFF
- Support for HEIF/AVIF still images and tiled still images
- Dolby Vision profile 10 support in AV1
- Support for Ambient Viewing Environment metadata in MP4/ISOBMFF
- HDR10 metadata passthrough when encoding with libx264, libx265, and libsvtav1
6.1
- libaribcaption decoder
- Playdate video decoder and demuxer
- Extend VAAPI support for libva-win32 on Windows
- afireqsrc audio source filter
- arls filter
- ffmpeg CLI new option: -readrate_initial_burst
- zoneplate video source filter
- command support in the setpts and asetpts filters
- Vulkan decode hwaccel, supporting H264, HEVC and AV1
- color_vulkan filter
- bwdif_vulkan filter
- nlmeans_vulkan filter
- RivaTuner video decoder
- xfade_vulkan filter
- vMix video decoder
- Essential Video Coding parser, muxer and demuxer
- Essential Video Coding frame merge bsf
- bwdif_cuda filter
- Microsoft RLE video encoder
- Raw AC-4 muxer and demuxer
- Raw VVC bitstream parser, muxer and demuxer
- Bitstream filter for editing metadata in VVC streams
- Bitstream filter for converting VVC from MP4 to Annex B
- scale_vt filter for videotoolbox
- transpose_vt filter for videotoolbox
- support for the P_SKIP hinting to speed up libx264 encoding
- Support HEVC,VP9,AV1 codec in enhanced flv format
- apsnr and asisdr audio filters
- OSQ demuxer and decoder
- Support HEVC,VP9,AV1 codec fourcclist in enhanced rtmp protocol
- CRI USM demuxer
- ffmpeg CLI '-top' option deprecated in favor of the setfield filter
- VAAPI AV1 encoder
- ffprobe XML output schema changed to account for multiple
variable-fields elements within the same parent element
- ffprobe -output_format option added as an alias of -of
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
b673eaeba7 |
sysvinit: Update to version 3.10
- Update from version 3.08 to 3.10
- Update of rootfile not required
- Renamed build_mountpoint patch
- Changelog
3.10
When the user executes "machinectl stop", systemd sends SIGRTMIN+4 to PID 1
in the container, and expects that to initiate a graceful shutdown
(power-off). SysV init now catches this signal and initiates a shutdown
(shutdown -hP now).
Fix issue in bootlogd which could cause the service to enter an endless loop
(and use too much CPU) when it is able to open a device for writing, but not
actually able to write to it. This resulted in bootlogd closing and
re-opening the device over and over. Now bootlogd should simply fail
gracefully when it cannot write to an open file/device.
Fix formatting in shutdown.8 manual page. Cleaned up whitespace and special
characters.
3.09
On Linux distributions which use the musl C library (instead of glibc) we can now
build properly. Specifically, the hddown helper program now builds on musl C
systems.
The reboot command is now able to pass messages to the underlying firmware on
Linux systems during a reboot. This allows the admin to pass information to the
underlying firmware to, for example, ask the system to boot from another
partition. Should be helpful on Raspberry Pi systems.
The reboot command can pass a message to the firmware when using the "-m"
command line flag.
This release also improves the Makefile's clean directive.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Michael Tremer
|
d1f7d501c1 | Merge remote-tracking branch 'ms/toolchain-2024-08-02' into next | ||
Arne Fitzenreiter
|
da7dbb1af2 |
kernel: remove obsolete asix patch
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Michael Tremer
|
cef89b9436 |
tftpd: Fix build with GCC 14
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
ec054262e9 |
syslinux: Fix build with GCC 14
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
7c41a2e4a1 |
ghostscript: Fix compilation with GCC 14
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
859a8aadaa |
squidguard: Fix compliation with GCC 14
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
8972cf22a0 |
berkeley: Fix build with GCC 14
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
74ee0ecd40 |
setup: Fix compilation issues with GCC 14
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
9ab0b2fbd2 |
ntp: Fix build with GCC 14
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
5468844b21 |
misc-progs: Fix compilation with GCC 14
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
1a28d6ef4b |
GCC: Update to 14.2.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
7efa490668 |
coreutils: Drop uname patch
This is a patch that has been backported from Gentoo for quite a while now. However, I did not forget why. And now it won't build with GCC 14, and since I don't remember why we needed this, I would rather drop it. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
0bef4d65f7 |
expect: Fix build with GCC 14.2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Stefan Schantl
|
823ece817f |
suricata: Use correct red device when using QMI
When using QMI the dial-in option has to be set to "ppp" during setup. In this case the initscript of suricata will create all related firewall rules for the ppp0 interface which is not correct when using QMI where the RED device is called red0. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
16bc85bcea |
readline: Update patches to include 11 - 13
- Update patches from 1 - 10 to 1 - 13
- Update of rootfile not required
- Changelog of patches
11 Some systems (e.g., macOS) send signals early on in interactive initialization,
so readline should retry a failed open of the init file.
12 If a user happens to bind do-lowercase-version to something that isn't a
capital letter, so _rl_to_lower doesn't change anything and the result is
still bound to do-lowercase-version, readline can recurse infinitely.
13 When readline is accumulating bytes until it reads a complete multibyte
character, reading a byte that makes the multibyte character invalid can
result in discarding the bytes in the partial character.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
c3b45c6fb3 |
hwdata: Update to the latest versions of pci.ids & usb.ids
- pci.ids - update from 2023-09-22 to 2024-06-23 - usb.ids - update from 2023-11-08 to 2024-07-04 - Update of rootfile not required - Changelog is not available. It is just the latest update of the information Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
bebbb0423d |
bash: Update to include patches 27 to 32
- Update from patches 1-26 to 1-32 - Update of rootfile not required - Changelog of patches 27 The configure test for the presence of strtoimax(3) is inverted. 28 A DEBUG trap in an asynchronous process can steal the controlling terminal away from the calling shell, causing it to exit. 29 There are problems with recovery after parser errors when parsing compound assignments. For instance, the `local' builtin reports an error but never cleans up the function context. 30 `wait -n' can fail to return some jobs if they exit due to signals the shell does not report to the user. 31 There is a memory leak in the code that implements the optimized $(<file) expansion for some code paths. 32 When printing functions containing coprocesses, the displayed coproc command has the word COPROC inserted unconditionally, resulting in function bodies that cannot be re-read as input. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
0382036f71 |
netatalk: Update to version 3.2.5
- Update from version 3.1.2 to 3.2.5
- Update of rootfile
- Change to meson build
- Bundled libevent was removed in 3.1.13 so configure option no longer needed.
- The latest netatalk places the prefix value onto all other directories. No way to change
this via the meson options. So sysconfdir and localstatedir would end up being under
/usr. Patch created to remove the prefix value at the beginning of sysconfdir and
localstatedir so that the locations stay the same as for the previous versions.
- The default value for pam.d is in /usr/etc/ but option available to change this.
- Large number of CVE fixes in some of the updates - 3.2.1, 3.1.18, 3.1.17, 3.1.16,
3.1.15, 3.1.13, 3.1.12,
- Changelog
3.2.5
* BREAKING: meson: Allow choosing shared or static libraries to build,
GitHub #1321
In practice, only shared libraries are built by default now.
Use the `default_library' option to control what is built.
* FIX: meson: Control the MySQL CNID backend, and support MariaDB, GitHub #1341
Introduces a new boolean `with-cnid-mysql-backend' option.
* FIX: meson: Implement with-init-dir option, GitHub #1346
* FIX: autotools/meson: Install FreeBSD init script into correct location,
GitHub #1345
* FIX: meson: Fix syntax error with libiconv path, GitHub #1279
* FIX: meson: Correct description for with-manual option, GitHub #1282
* FIX: meson: Correct prefix lookup for tracker-control, GitHub #1284
* FIX: meson: default OPEN_NOFOLLOW_ERRNO overwrites platform customization,
GitHub #1286
* FIX: meson: Don't make dtags depend on rpath, GitHub #1293
* FIX: meson: Remove duplicate dependency check for posix threads, GitHub #1297
* FIX: meson: Better output when cryptographic UAMs aren't built, GitHub #1302
* FIX: meson: Prioritize tests and run single-threaded to avoid race condition,
GitHub #1312
* FIX: meson: Better way to handle rpath executable targets, GitHub #1315
* FIX: meson: Refactor libcrypto check and print better status messages,
GitHub #1299
* FIX: meson: Look for libmariadb dependency to appease Fedora, GitHub #1348
* FIX: meson: Declare have_atfuncs globally to avoid failure later, GitHub #1357
* FIX: meson: Do a compiler sanity check before header checks, GitHub #1356
* FIX: Avoid using reserved keyword to build the tests on NetBSD, GitHub #1328
3.2.4
* UPD: autotools: Restore ABI versioning of libatalk,
and set it to 18.0.0, GitHub #1261
* UPD: meson: Define long-form soversion as 18.0.0, GitHub #1256
Previously, only `18' was defined.
* NEW: meson: Introduce pkgconfdir override option, GitHub #1241
The new option is called `with-pkgconfdir-path'
and is analogous to the `with-pkgconfdir' Autotools option.
Additionally, the hard-coded "netatalk" path suffix has been removed.
* NEW: meson: Introduce `debian' init style option
that installs both sysv and systemd, GitHub #1239
* FIX: meson: Add have_atfuncs check,
and make dtags dependent on rpath flag, GitHub #1236
* FIX: meson: Correct overwrite install logic for config files, GitHub #1253
* FIX: Fix typo in netatalk_conf.c log message
3.2.3
* UPD: Record note of permission to upgrade CNID code
to a later GPL, GitHub #1194
* UPD: Remove long-obsoleted cnid2_create script, GitHub #1203
* UPD: docker: Add option to enable ClearText and Guest UAMs, GitHub #1202
* FIX: docs: Standardize reference entry naming
for netatalk-config man page, GitHub #1208
* FIX: meson: Generate afppasswd manual html page, GitHub #1210
* UPD: meson: Remove obsolete 64 bit library check, GitHub #1207
* FIX: meson: Enable rpath for binaries
only when with-rpath is enabled, GitHub #1214
* FIX: meson: Require kerberos before enabling krb5 UAM,
not just GSSAPI, GitHub #1218
* FIX: meson: Restore linking with 64-bit libdb on Solaris, GitHub #1222
* FIX: meson: Fixing linking when building with
the `with-ssl-override' option, GitHub #1227
3.2.2
* UPD: meson: Use external SSL dependency to provide cast header, GitHub #1186
This reintroduces OpenSSL/LibreSSL as a dependency for the DHX UAM,
while removing all source files with the SSLeay copyright notice.
* UPD: meson: Add option to override system WolfSSL
with embedded WolfSSL: `with-ssl-override', GitHub #1176
* UPD: Remove obsolete Red Hat Upstart and SuSE SysV init scripts, GitHub #1163
* FIX: meson: Fix errors in PAM support macro, GitHub #1178
* FIX: meson: Fix perl shebang substitution in cnid2_create script, GitHub #1183
* FIX: meson: Fix operation of D-Bus path macros, GitHub #1182
* FIX: meson: Fix errors in shadow password macro, GitHub #1192
* FIX: autotools: gcc 8.5 expects explicit library flags
for libgcrypt, GitHub #1188
* NEW: Create a security policy, GitHub #1166
3.2.1
* FIX: CVE-2024-38439,CVE-2024-38440,CVE-2024-38441: Harden user login,
GitHub #1158
* BREAKING: meson: Rework option semantics and feature macros, GitHub #1099
- Consistent syntax of the build options to make them user-friendly
- Standardises the syntax of the feature macros
- Fixes the logic of the largefile support macro
- Disables gssapi support if the Kerberos V UAM is not required
- All options are now defined either as `with-*' or `with-*-path'
- Please see the Release Notes for a full list of changed options
* UPD: meson: Enable building with system WolfSSL library, GitHub #1160
- Build system will attempt to detect
that all required headers and symbols are supported
- Falls back to the bundled WolfSSL library
* FIX: meson: Fix -Doption paths on systems
where rpath is enabled by default, GitHub #1053
* FIX: meson: Fix library search macro on OmniOS hosts, GitHub #1056
* FIX: meson: Fix rules for installing scripts, GitHub #1070
- Install afpstats only when Perl is detected
- Don't install scripts only used by netatalk developers
* FIX: meson: set setuid bit to allow user afppasswd changing, GitHub #1071
* FIX: meson: Fix logic of libiconv detection macro, GitHub #1075
* FIX: meson: Address various issues with the meson build system, GitHub #1082
- Enables quota support on all flavours of linux and BSD, plus macOS
- Adds the quota provider to the configuration summary
- Adds a user option to disable LDAP support
- Sets dependencies according to user configuration
- Improves the syntax of the ACL macro
* FIX: meson: Further refinements to meson build system, GitHub #1086
- Adds user options to disable cracklib and GSSAPI support
- Automates Berkeley DB library detection on macOS
* FIX: meson: Fix issues with quota support on linux and macOS, GitHub #1092
- Enables quota support on macOS hosts
- Restores missing configuration option for linux hosts
- Removes obsolete quota configuration data for linux and macOS hosts
* FIX: meson: Set executable flags when installing scripts, GitHub #1117
* UPD: autotools and meson: Use pkg-config to find libgcrypt, GitHub #1132
- This removes dependency on the now-obsolete libgcrypt-config
* FIX: Use portable linux macro in etc/afpd header, GitHub #1083
* UPD: Debian Trixie expects systemd scripts in /usr/lib, GitHub #1135
* UPD: Add copyright for mac_roman.h, GitHub #1137
* FIX: Cleanup of copyright headers to make them scanner friendly, GitHub #1142
* FIX: Remove unused atalk/talloc.h header, GitHub #1154
* FIX: docker: Don't bail out when password is longer than 8 chars, GitHub #1067
* UPD: docker: Bump to Alpine 3.20 base image, GitHub #1111
* FIX: docker: Rework AFP user's GROUP and GID settings, GitHub #1116
- GID now requires GROUP to be set, and applies to that group
rather than that of the user.
* UPD: docs: Indicate license for software package,
and add SSLeay notice, GitHub #1125
* FIX: docs: Rephrase tarball section of manual, GitHub #1164
3.2.0
* NEW: BREAKING: Introduce the Meson build system, GitHub #707
GNU Autotools is still supported, but will be removed
in a future release. See the newly added INSTALL file.
* NEW: BREAKING: Bundle WolfSSL for DHX/RandNum UAM encryption, GitHub #358
This is enabled by default, controlled by option "-Dwith-embedded-ssl"
Requires the Meson build system.
External OpenSSL 1.1 and LibreSSL are still supported.
* NEW: BREAKING: LDAP API bump, OpenLDAP v2.3 or later required, GitHub #762
afp.conf option "ldap server" has been replaced with "ldap uri"
and has a new syntax. See the manual for details.
* UPD: BREAKING: Remove legacy cdb and tdb CNID backends, GitHub #508
* UPD: BREAKING: Remove Andrew File System (AFS) support, GitHub #554
* UPD: BREAKING: Remove bundled talloc, GitHub #479
For Spotlight support, use the talloc library supplied by your OS,
or get the source code from the Samba project and build it yourself.
* UPD: BREAKING: Remove generated SPARQL code, GitHub #337
This introduces a compile time dependency on
a yacc parser and a lexer to build with Spotlight support.
* UPD: BREAKING: Rename macOS launchd plist to io.netatalk.*, GitHub #778
Note: Only the Meson build system will clean up the old plist.
* UPD: BREAKING: Renamed Gentoo init script to openrc, GitHub #868
OpenRC is cross platform; confirmed working on Alpine Linux.
* NEW: FreeBSD init script, borrowed from FreeBSD ports, GitHub #876
Special thanks to the author, Joe Marcus Clarke.
* NEW: OpenBSD init script, GitHub #870
* NEW: Introduce an official Dockerfile and entry script, GitHub #713
* NEW: Option to log to file with second (not us) accuracy, GitHub #580
Enable with afp.conf option: "log microseconds = no"
* NEW: Option to add delay to FCE event emission, GitHub #849
Set a ms delay with afp.conf option: "fce sendwait"
* NEW: afppasswd: Add -w option to set password from the CLI, GitHub #936
* NEW: docs: Distribute a manual appendix with the GNU GPL v2, GitHub #745
* NEW: docs: Distribute the Japanese localization of the manual, GitHub #806
* NEW: docs: Generate a manual appendix with build instructions, GitHub #791
The appendix is generated from the GitHub CI workflow yaml file.
* UPD: docs: Document libraries, init scripts in manual, GitHub #808
* UPD: docs: Remove substituted file system paths from manual, GitHub #514
* FIX: afpd: Prevent theoretical crash in FPSetACL, GitHub #364
* FIX: libatalk: Fix parsing of macOS-created AppleDouble files, GitHub #270
* FIX: libatalk: Restore invalid EA metadata cleanup, GitHub #400
* FIX: quota: Use the NetBSD 6 quota API, GitHub #1028
* FIX: quota: Workaround for rquota.h symbol name on Fedora 40, GitHub #1040
* FIX: uams: Allow linking of the PGP UAM, GitHub #548
* FIX: Shore up error handling and type safety, GitHub #952
* UPD: Rewrite the afpstats script in Perl, GitHub #893
And, improve the formatting of the standard output.
Requires the Net::DBus Perl extension.
This removes the effective dependency on a Python runtime.
* UPD: Make Perl and grep optional requirements, GitHub #886
When either is missing, do not install the optional Perl scripts.
* NEW: Build system option "disable-init-hooks", GitHub #796
Will skip init script enablement commands that require
elevated privileges on the system.
* FIX: Make cracklib macro properly detect dictionary, GitHub #940
* FIX: Build with PAM support on FreeBSD 14, GitHub #560
* FIX: Allow libevent2 linking on OpenIndiana, GitHub #512
* FIX: Control all Spotlight dependencies at compile time, GitHub #571
* UPD: Remove redundant AUTHORS file, GitHub #538
3.1.18
* FIX: CVE-2022-22995: Harden create_appledesktop_folder(), GitHub #480
* FIX: Disable dtrace support on aarch64 FreeBSD hosts, Github #498
* FIX: Correct syntax for libwrap check in tcp-wrappers.m4, GitHub #500
* FIX: Correct syntax for libiconv check in iconv.m4, GitHub #491
* FIX: quota is not supported on macOS, GitHub #492
3.1.17
* FIX: CVE-2023-42464: Validate data type in dalloc_value_for_key(), GitHub #486
* FIX: Declare a variable before using it in a loop,
which was throwing off the default compiler on RHEL7, GitHub #481
* UPD: Distribute tarballs with xz compression by default, not gzip, GitHub #478
* UPD: Add AUTHOR sections to all man pages with a reference to CONTRIBUTORS,
and standardize headers and footers, GitHub #462
3.1.16
* FIX: libatalk: Fix CVE-2022-23121, CVE-2022-23123 regression
- Added guard check before access ad_entry(), GitHub#357
- Allow zero length entry, for AppleDouble specification, GitHub#368
- Remove special handling for COMMENT entries, GitHub#236
- The assertion for invalid entires is still enabled,
so please report any future "Invalid metadata EA" errors!
* FIX: build system: Fix autoconf warnings and modernize bootstrap
and configure.ac, GitHub#331
* FIX: build system: Correct syntax in libevent search macro,
summary macro and netatalk executable makefile, GitHub#342
* FIX: build system: Fix native libiconv detection on macOS, GitHub#343
* FIX: build system: Use non-interactive PAM session when available, GitHub#361
* FIX: build system: Fix detection of Berkeley DB installed
in multiarch location, GitHub#380
* FIX: build system: Fix support for cross-compilation
with mysql_config and dtrace, GitHub#384
* FIX: build system: Support building quota against libtirpc, GitHub#385
* FIX: build system: Fix variable substitution in configure summary, GitHub#443
* UPD: build system: Remove ABI checks and the --enable-developer option, GitHub#262
* FIX: initscript: Improvements to Debian SysV init script
- Source init-functions, GitHub#386
- Add a Description and Short-Description, GitHub#428
* FIX: docs: Clarify localstate dir configurability in manual, GitHub#401
* UPD: docs: Make BerkeleyDB 5.3.x the recommended version, GitHub#8
* FIX: docs: Update SourceForge URLs to fix CSS styles and download links
* FIX: docs: Remove obsoleted bug reporting sections, GitHub#455
* FIX: Sundry typo fixes in user visible strings and docs, GitHub#381, GitHub#382
* UPD: Rename asip-status.pl as asip-status
to make naming implementation-agnostic, GitHub#379
* UPD: Remove redundant uid.c|h files in etc/afpd
* UPD: Don't build and distribute deprecated cnid2_create tool, GitHub#412
* UPD: Remove deprecated megatron code and man page, GitHub#456
* UPD: Remove deprecated uniconv code and man page, GitHub#457
* UPD: Improvements to the GitHub CI workflow
3.1.15
* FIX: CVE-2022-43634
* FIX: CVE-2022-45188
* NEW: Support for macOS hosts, Intel and Apple silicon, GitHub#281
* FIX: configure.ac: update deprecated autoconf syntax
* UPD: configure.ac: Support linking with system shared libraries
Introduces the --with-talloc option
* FIX: macros: largefile-check macro for largefile (clang 16)
* UPD: macros: Update pthread macro to the latest from gnu.org
* FIX: initscripts: Modernize Systemd service file.
* FIX: libatalk/conf: include sys/file.h for LOCK_EX
* FIX: libatalk: Change log level for realpath() error, SF bug#666
* FIX: libatalk: Change log level for real_name error, SF bug#596
* FIX: libatalk: The my_bool type is deprecated as of MySQL 8.0.1, GitHub#129
* UPD: libatalk: allow afpd to read read-protected afp.conf, SF bug#546
* UPD: libatalk: Make the "valid users" option work in the Homes section, SF bug#449
* UPD: libatalk: Check that FPDisconnectOldSession is successful, SF bug#634
* UPD: libatalk: Bring iniparser library codebase in line with current version 4.1
* FIX: afpd: Provide MNTTYPE_NFS on OmniOS to make quota work, GitHub#117
* FIX: afpd: Avoid triggering realpath() lookups with empty path, GitHub#277
* FIX: spotlight: Spotlight searches can cause afpd to segfault, GitHub#56
* UPD: spotlight: add support for tracker3, SF patch#147
* FIX: macusers: Fix output for long usernames
* FIX: macusers: account for usernames with non-word characters
* FIX: macusers: Support NetBSD
* FIX: Fix all function declarations without a prototype
* FIX: Fix C99 compliance issues
* FIX: Fix gcc10 compiler warnings
* UPD: Remove acsiidocs sources and release notes script
* FIX: manpages: afp.conf: Parameters are not quoted, SF bug#617
* FIX: manpages: afp.conf: Document $u in home name, GitHub#123
* FIX: manpages: afp.conf: Document the usage of guest user, GitHub#298
* FIX: Document how the mysql cnid backend is configured, GitHub#69
* FIX: Fix user-visible typos in log output and man pages.
* FIX: Fix spelling, syntax, and dead URLs in html manual.
* NEW: Create README.md
* NEW: Set up GitHub workflow and static analysis with Sonarcloud
3.1.14
* FIX: fix build with libressl >= 2.7.0, GitHub#105
* NEW: Added Ignore Directories Feature
* UPD: Generate Unicode source code based on Unicode 14.0, GitHub#114
* FIX: Protect against removing AFP metadata xattr
* FIX: avoid setting adouble entries on symlinks
* FIX: add handling for cases where ad_entry() returns NULL, GitHub#175
* FIX: Fix setting of LD_LIBRARY_FLAGS ($shlibpath_var).
* FIX: afpstats: Fedora migrating away from IO::Socket::INET6, GitHub#130
* FIX: afpd: check return values from setXXid() functions, GitHub#115
* FIX: afpd: drop groups in become_user_permanently(), GitHub#126
* FIX: Fix use after free in get_tm_used()
* FIX: Fix sign extension problem in bsd_attr_list()
* FIX: Fix garbage read in bsd_attr_list
* FIX: make afpstats python 3 compatible
* UPD: docs: manual: Remove wrong TCP-over-TCP info; minor copy editing
* FIX: configure.ac: fix macro ordering for CentOS 6
* FIX: configure.ac: fix typo
* FIX: configure.ac: remove some trailing whitespace
* FIX: configure.ac: fix deprecated macro invocation
* FIX: configure.ac: replace obsolete macro
* FIX: libatalk/dsi/Makefile.am: fix deprecation warning
* FIX: Store AutoMake helper script in build-aux/
* FIX: configure.ac: define a dir for macros
* FIX: configure.ac: AM_CONFIG_HEADER is deprecated
* FIX: autotools: Fix another deprecation warning
* FIX: libgcrypt typo in configuration error message
* UPD: Various CI improvements
* FIX: libatalk/conf: re-generation of afp_voluuid.conf
* UPD: libatalk/conf: code cleanup and add locking to get_vol_uuid()
* UPD: add documentation for the lv_flags_t
* FIX: No need to check for attropen on Solaris, GitHub#44
3.1.13
* FIX: CVE-2021-31439
* FIX: CVE-2022-23121
* FIX: CVE-2022-23123
* FIX: CVE-2022-23122
* FIX: CVE-2022-23125
* FIX: CVE-2022-23124
* FIX: CVE-2022-0194
* FIX: afpd: make a variable declaration a definition
* UPD: Remove bundled libevent
3.1.12
* FIX: dhx uams: build with LibreSSL, GitHub#91
* FIX: various spelling errors
* FIX: CVE-2018-1160
3.1.11
* NEW: Global option "zeroconf name", FR#99
* NEW: show Zeroconf support by "netatalk -V", FR#100
* UPD: gentoo: Switch openrc init script to openrc-run, GitHub#77
* FIX: log message: name of function doese not match, GitHub#78
* UPD: volume capacity reporting to match Samba behavior, GitHub#83
* FIX: debian: sysv init status command exits with proper exit code, GitHub#84
* FIX: dsi_stream_read: len:0, unexpected EOF, GitHub#82
* UPD: dhx uams: OpenSSL 1.1 support, GitHub#87
3.1.10
* FIX: cannot build when ldap is not defined, bug #630
* FIX: SIGHUP can cause core dump when mdns is enabled, bug #72
* FIX: Solaris: stale pid file puts netatalk into maintenance mode, bug #73
* FIX: dsi_stream_read: len:0, unexpected EOF, bug #633
3.1.9
* FIX: afpd: fix "admin group" option
* NEW: afpd: new options "force user" and "force group"
* FIX: listening on IPv6 wildcard address may fail if IPv6 is
disabled, bug #606
* NEW: LibreSSL support, FR #98
* FIX: cannot build when acl is not defined, bug #574
* UPD: configure option "--with-init-style=" for Gentoo.
"gentoo" is renamed to "gentoo-openrc".
"gentoo-openrc" is same as "openrc".
"gentoo-systemd" is same as "systemd".
* NEW: configure option "--with-dbus-daemon=PATH" for Spotlight feature
* UPD: use "tracker daemon" command instead of "tracker-control" command
if Gnome Tracker is the recent version.
* NEW: configure options "--enable-rpath" and "--disable-rpath" which
can be used to force setting of RPATH (default on Solaris/NetBSD)
or disable it.
* NEW: configure option "--with-tracker-install-prefix" allows setting
an alternate install prefix for tracker when cross-compiling.
* UPD: asip-status.pl: IPv6 support
* UPD: asip-status.pl: show GSS-UAM SPNEGO blob
* FIX: afpd: don't use network IDs without LDAP, bug #621
* FIX: afpd: reading from file may fail, bug #619
* NEW: AFP clients should not be able to copy or manipulate special
extended attributes set by NFS and SMB servers on Solaris, issue #36
* FIX: ad: ad cp may crash, bug #622
* UPD: Update Unicode support to version 9.0.0
3.1.8
* FIX: CNID/MySQL: Quote UUID table names.
https://sourceforge.net/p/netatalk/bugs/585/
* FIX: Crash in cnid_metad, bug #593
* UPD: Update Unicode support to version 8.0.0
* FIX: larger server side copyfile buffer for improved IO performance,
bug #599
* NEW: afpd: new option "ea = samba". Use Samba vfs_streams_xattr
compatible xattrs which means adding a 0 byte at the end of
xattrs.
* FIX: remove #541 workaround patch. There was this problem with only early
Fedora 20.
* FIX: rpmbuild fails on Fedora x86_64, bug #598
* FIX: Listen on IPv6 wildcard address by default, bug #602
* FIX: FCE protocol version 1 packets, bug #603
* UPD: Update list of BerkeleyDB versions searched at configure time
3.1.7
* UPD: Spotlight: enhance behaviour for long running queries, client
will now show "progress wheel" while waiting for first results.
* FIX: netatalk: fix a crash on Solaris when registering with mDNS
* FIX: netatalk: SIGHUP would kill the process instead of being resent
to the other Netatalk processes, bug #579
* FIX: afpd: Solaris locking problem, bug #559
* FIX: Handling of malformed UTF8 strings, bug #524
* FIX: afpd: umask handling, bug #576
* FIX: Spotlight: Limiting searches to subfolders, bug #581
* FIX: afpd: reloading logging config may result in privilege
escalation in afpd processes
* FIX: afpd: ACL related error messages, now logged with loglevel
debug instead of error
* FIX: cnid_metad: fix tsockfd_create() return value on error
* FIX: CNID/MySQL: volume table name generation, bug #566.
3.1.6
* FIX: Spotlight: fix for long running queries
* UPD: afpd: distribute SIGHUP from parent afpd to children and force
reload shares
* FIX: netatalk: refresh Zeroconf registration when receiving SIGHUP
* NEW: configure option "--with-init-style=debian-systemd" for Debian 8 jessie
and later.
"--with-init-style=debian" is renamed "--with-init-style=debian-sysv".
3.1.5
* FIX: Spotlight: several important fixes
3.1.4
* FIX: afpd: Hangs in Netatalk which causes it to stop responding to
connections, bug #572.
* NEW: afpd: new option "force xattr with sticky bit = yes|no"
(default: no), FR #94
* UPD: afpd: FCE version 2 with new event types and new config options
"fce ignore names" and "fce notify script"
* UPD: afpd: check for modified included config file, FR #95.
* UPD: libatalk: logger: remove flood protection and allocate messages
* UPD: Spotlight: use async Tracker SPARQL API
* NEW: afpd: new option "case sensitive = yes|no" (default: yes)
In spite of being case sensitive as a matter of fact, netatalk
3.1.3 and earlier did not notify kCaseSensitive flag to the client.
Now, it is notified correctly by default, FR #62.
3.1.3
* UPD: Spotlight: more SPARQL query optimisations
* UPD: Spotlight: new options "sparql results limit", "spotlight
attributes" and "spotlight expr"
* FIX: afpd: Unarchiving certain ZIP archives fails, bug #569
* UPD: Update Unicode support to version 7.0.0
* FIX: Memory overflow caused by 'basedir regex', bug #567
* NEW: afpd: delete empty resource forks, from FR #92
* FIX: afpd: fix a crash when accessing ._ AppleDouble files created
by OS X via SMB, bug #564
* FIX: afpd and dbd: Converting from AppleDouble v2 to ea may corrupt
the resource fork. In some circumstances an offset calculation
is wrong resulting in corrupt resource forks after the
conversion. Bug #568.
* FIX: ad: fix for bug #563 broke ad file utilities, bug #570.
* NEW: afpd: new advanced option controlling permissions and ACLs,
from FR #93
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
6c6959694a |
hostapd: Update to version 2_11
- Update from version 2_10 to 2_11
- Update of rootfile not required
- Update of patches to latest source tarball
- Changelog
2_11
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
76f429d5d8 |
licenses: Remove the braindead GPL acception stage
The GPL is not an EULA and so there is no value in having users accept it. The UI is very broken and so I believe it is best to drop this entirely. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
64feedbcf6 |
br2684ctl: Drop package
This tool is now part of linux-atm. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
b734e6f7b6 |
linux-atm: Update to 2.5.2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
80de6b5647 |
vectorscan: Fix check for CPU support
According to the documentation, Vectorscan checks whether the CPU is supporting the minimum requirement of SSE4.2. However the check is still checking for SSSE3 which makes the library fail on systems without SSE4.2. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
10210334fe | Merge remote-tracking branch 'ms/cleanup' into next | ||
|
Adolf Belka
|
a893eebb91 |
mpd: Patch mpd to deal with format function being const in fmt-11.0.0 onwards
- Commit has been made in mpd but no release has yet been made with the change. When the next version release of mpd occurs this patch can be removed. - The patch changes all format calls to be const . Without this patch mpd will not build with fmt-11.0.0 or newer. - Update of rootfile not required. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
2fc3c29093 |
coreutils: Update to version 9.5
- Update from version 9.0 to 9.5
- Update of the uname patch to 9.5
- Obtained the 9.5 version of the i18n patch. However this caused the coreutils build to
fail. Without the patch the build had no problems. After investigating for some time
I identified that coreutils used to have the mbchar.h and mbchar.c files in its
source tarball lib directory. However those are no longer needed by coreutils so they
have been deleted in the source tarball. However the i18n patch still requires them.
The patch creates the code for the mbchar.h and mbchar.c files. However it has made
the availability of the members buf & mb_setascii and some code related to old_mbc
dependent on GNULIB being defined. This is specified in configure.ac but that define
did not make it into the prepared configure file. This causes those members to not be
found and the build fails.
- Removing the three #if defined GNLIB_MBFILE statements from the coreutils-9.5-i18n
patch, so that the code is executed in the build, causes the members to be present
and the build is successfull.
- Update of rootfile
- Changelog
9.5
** Bug fixes
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
cp, mv, and install no longer issue spurious diagnostics like "failed
to preserve ownership" when copying to GNU/Linux CIFS file systems.
They do this by working around some Linux CIFS bugs.
cp --no-preserve=mode will correctly maintain set-group-ID bits
for created directories. Previously on systems that didn't support ACLs,
cp would have reset the set-group-ID bit on created directories.
[bug introduced in coreutils-8.20]
join and uniq now support multi-byte characters better.
For example, 'join -tX' now works even if X is a multi-byte character,
and both programs now treat multi-byte characters like U+3000
IDEOGRAPHIC SPACE as blanks if the current locale treats them so.
numfmt options like --suffix no longer have an arbitrary 127-byte limit.
[bug introduced with numfmt in coreutils-8.21]
mktemp with --suffix now better diagnoses templates with too few X's.
Previously it conflated the insignificant --suffix in the error.
[bug introduced in coreutils-8.1]
sort again handles thousands grouping characters in single-byte locales
where the grouping character is greater than CHAR_MAX. For e.g. signed
character platforms with a 0xA0 (aka  ) grouping character.
[bug introduced in coreutils-9.1]
split --line-bytes with a mixture of very long and short lines
no longer overwrites the heap (CVE-2024-0684).
[bug introduced in coreutils-9.2]
tail no longer mishandles input from files in /proc and /sys file systems,
on systems with a page size larger than the stdio BUFSIZ.
[This bug was present in "the beginning".]
timeout avoids a narrow race condition, where it might kill arbitrary
processes after a failed process fork.
[bug introduced with timeout in coreutils-7.0]
timeout avoids a narrow race condition, where it might fail to
kill monitored processes immediately after forking them.
[bug introduced with timeout in coreutils-7.0]
wc no longer fails to count unprintable characters as parts of words.
[bug introduced in textutils-2.1]
** Changes in behavior
base32 and base64 no longer require padding when decoding.
Previously an error was given for non padded encoded data.
base32 and base64 have improved detection of corrupted encodings.
Previously encodings with non zero padding bits were accepted.
basenc --base16 -d now supports lower case hexadecimal characters.
Previously an error was given for lower case hex digits.
cp --no-clobber, and mv -n no longer exit with failure status if
existing files are encountered in the destination. Instead they revert
to the behavior from before v9.2, silently skipping existing files.
ls --dired now implies long format output without hyperlinks enabled,
and will take precedence over previously specified formats or hyperlink mode.
numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input,
and uses lowercase 'k' when outputting such units in '--to=si' mode.
pinky no longer tries to canonicalize the user's login location by default,
rather requiring the new --lookup option to enable this often slow feature.
wc no longer ignores encoding errors when counting words.
Instead, it treats them as non white space.
** New features
chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files
with matching current OWNER and/or GROUP, as already supported by chown(1).
chmod adds support for -h, -H,-L,-P, and --dereference options, providing
more control over symlink handling. This supports more secure handling of
CLI arguments, and is more consistent with chown, and chmod on other systems.
cp now accepts the --keep-directory-symlink option (like tar), to preserve
and follow existing symlinks to directories in the destination.
cp and mv now accept the --update=none-fail option, which is similar
to the --no-clobber option, except that existing files are diagnosed,
and the command exits with failure status if existing files.
The -n,--no-clobber option is best avoided due to platform differences.
env now accepts the -a,--argv0 option to override the zeroth argument
of the command being executed.
mv now accepts an --exchange option, which causes the source and
destination to be exchanged. It should be combined with
--no-target-directory (-T) if the destination is a directory.
The exchange is atomic if source and destination are on a single
file system that supports atomic exchange; --exchange is not yet
supported in other situations.
od now supports printing IEEE half precision floating point with -t fH,
or brain 16 bit floating point with -t fB, where supported by the compiler.
tail now supports following multiple processes, with repeated --pid options.
** Improvements
cp,mv,install,cat,split now read and write a minimum of 256KiB at a time.
This was previously 128KiB and increasing to 256KiB was seen to increase
throughput by 10-20% when reading cached files on modern systems.
env,kill,timeout now support unnamed signals. kill(1) for example now
supports sending such signals, and env(1) will list them appropriately.
SELinux operations in file copy operations are now more efficient,
avoiding unneeded MCS/MLS label translation.
sort no longer dynamically links to libcrypto unless -R is used.
This decreases startup overhead in the typical case.
wc is now much faster in single-byte locales and somewhat faster in
multi-byte locales.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
4830e79f3c |
make.sh: Rewrite how we are looking for rootfiles
No function changes, just performance. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
319619f3b6 |
archive.files: Make this slightly more efficient
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
175ba983f4 |
firewall: Implement generating SYNPROXY rules
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
8711955b38 |
firewall: Enable SYNPROXY for untracked packets
This enables some DoS protection using SYNPROXY which will complete a SYN handshake with the client before the connection is being forwarded. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
be2774c0c6 |
firewall: Don't filter output INVALID packets
This should never cause any problems, but will cause that certain more complicated featured like SYNPROXY won't work. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
6342bb596b |
firewall: Split CONNTRACK chain
This is preparation to handle incoming/outgoing packets differently. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
c3ed8a7ba6 |
traceroute: Update to version 2.1.5
- Update from version 2.1.2 to 2.1.5
- Update of rootfile not required
- Update of traceroute patch as the source tarball has version number specified in its
directory structure.
- Changelog
2.1.5
* Fix rfc5837 parsing (Francois Rigault)
2.1.4
* Parse interface information (rfc5837) for ICMP extensions
* Add `fastopen' tcp module option (cookie negotiation only)
* Complete tcp module option `mss' to discover possible mss clamping
along the path being traced (idea and testing from Francois Rigault).
The argument is optional now.
Changed mss is printed once in a form of `M=NUM' at the first probe
it was detected on. (Actually, the mss clamping performed by
some previous hop).
Note, some routers may return too short original fragment
in the time exceeded message, making the check impossible.
Besides that the responses may come in a different order.
All this can lead to a later place of the report
(using -N 1 can help for the order).
* Complete tcp module option `info' to print returned tcp header options too
(all those that can be set or altered by `-O' for tcp module).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Peter Müller
|
893a6ff865 |
strongswan: Create firewall rules for outgoing IPsec traffic as well
This will avoid outgoing IPsec traffic being dropped by IPFire itself, if the default firewall behavior for outgoing traffic is set to "blocked", and no appropriate rules have been manually configured in the web interface. To ensure configured IPsec tunnels will always work flawlessly, regardless of the firewall default policy and any manually created firewall rules, create and delete outgoing iptables rules accordingly when bringing an IPsec connection up or down. Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
4748e517ea |
curl: Update to version 8.8.0
- Update from version 8.2.1 to 8.8.0
- Update of rootfile
- Removal of patch as the content now included in the source tarball.
- Changelog
8.8.0
Changes:
curl_version_info: provide librtmp version
file: add support for directory listings
idn: add native AppleIDN (icucore) support for macOS/iOS
lib: add curl_multi_waitfds
mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option
NTLM_WB: drop support
TLS: add support for ECH (Encrypted Client Hello)
urlapi: add CURLU_GET_EMPTY for empty queries and fragments
Bugfixes:
appveyor: drop unnecessary `--clean-first` cmake option
appveyor: guard against crash-build with VS2008
appveyor: make gcc 6 mingw64 job build-only
asyn-thread: fix curl_global_cleanup crash in Windows
asyn-thread: fix Curl_thread_create result check
autotools: delete unused functions
autotools: fix `HAVE_IOCTLSOCKET_FIONBIO` test for gcc 14
autotools: only probe for SGI MIPS compilers on IRIX
bearssl: fix compiler warnings
bearssl: use common code for cipher suite lookup
bufq: remove duplicate word in comment
BUG-BOUNTY.md: clarify the third party situation
build: prefer `USE_IPV6` macro internally (was: `ENABLE_IPV6`)
build: remove MacOSX-Framework script
cd2nroff/manage: use UTC when SOURCE_DATE_EPOCH is set
cf-https-connect: use timeouts as unsigned ints
cf-socket: don't try getting local IP without socket
cf-socket: remove references to l_ip, l_port
ci: add curl-for-win builds: Linux MUSL, macOS, Windows
cmake: add `BUILD_EXAMPLES` option to build examples
cmake: add librtmp/rtmpdump option and detection
cmake: check fseeko after detecting HAVE_FILE_OFFSET_BITS
cmake: do not pass linker flags to the static library tool
cmake: enable `-pedantic-errors` for clang when `CURL_WERROR=ON`
cmake: FindNGHTTP2 add static lib name to find_library call
cmake: fix `CURL_WERROR=ON` for old CMake and use it in GHA/linux-old
cmake: fix `HAVE_IOCTLSOCKET_FIONBIO` test with gcc 14
cmake: fixup `DEPENDS` filename
cmake: forward `USE_LIBRTMP` option to C
cmake: generate misc manpages and install `mk-ca-bundle.pl`
cmake: initialize `BUILD_TESTING` before first use
cmake: speed up libcurl doc building again
cmake: tidy-up to use `WORKING_DIRECTORY`
cmake: use namespaced custom target names
cmdline-docs: fix make install with configure --disable-docs
configure: error on missing perl if docs or manual is enabled
configure: make --disable-docs imply --disable-manual
content_encoding: brotli and others, pass through 0-length writes
content_encoding: ignore duplicate chunked encoding
content_encoding: reject transfer-encoding after chunked
contrithanks: honor `CURLWWW` variable
curl-confopts.m4: define CARES_NO_DEPRECATED when c-ares is used
curl.h: change CURL_SSLVERSION_* from enum to defines
curl: make --help adapt to the terminal width
curl: use curl_getenv instead of the curlx_ version
Curl_creader_read: init two variables to avoid using them uninited
curl_easy_pause.md: use correct defines in example
curl_getdate.md: document two-digit year handling
curl_global_trace.md: shorten the description
curl_multibyte: remove access() function wrapper for Windows
curl_path: make Curl_get_pathname use dynbuf
curl_setup.h: add support for IAR compiler
curl_setup.h: detect 'inline' support
curl_sha512_256: do not use workaround for NetBSD when not needed
curl_sha512_256: fix detection of OpenSSL 1.1.1 or later
curl_url_get.md: clarify queries and fragments and CURLU_GET_EMPTY
CURLINFO_REQUEST_SIZE: fixed, add tests for transfer infos reported
CURLOPT_WRITEFUNCTION.md: fix the callback proto in the example
cw-out: improved error handling
DEPRECATE.md: TLS libraries without 1.3 support
digest: replace strcpy for empty string with simple assignment
dist: `set -eu`, fix shellcheck, make reproducible and smaller tarballs
dist: add files missing from release tarball
dist: add reproducible dir entries to tarballs
dist: do not require Perl in `maketgz`
dist: remove the curl-config.1 from the tarball
dist: verify tarball reproducibility in CI
DISTROS: add patch and issues link for curl-for-win
DISTROS: Cygwin updates
dllmain: Call OpenSSL thread cleanup for Windows and Cygwin
doc: pytest `--repeat` -> `--count`
docs/cmdline-opts: invoke managen using a relative path
docs/cmdline-opts: mention STARTTLS for --ssl and --ssl-reqd
docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example
docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE
docs: fix some CURLINFO examples
doh: fix typo in comment
doh: remove unused function prototype
dynbuf: fix returncode on memory error
examples: fix/silence `-Wsign-conversion`
EXPERIMENTAL: add graduation requirements for each feature
file: remove useless assignment
ftp: add tracing support
ftp: fix build for CURL_DISABLE_VERBOSE_STRINGS
ftp: fix socket leak on rare error
GHA: add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs
GHA: add shellcheck job and fix warnings, shell tidy-ups
GHA: add valgrind to a wolfSSL build
GHA: on macOS remove $HOME/.curlrc
GHA: pin dependencies
gnutls: lazy init the trust settings
h3/ngtcp2: improve error handling
hash: change 'slots' to size_t from int
hash: delete unused debug function
hsts: explicitly skip blank lines
hsts: remove single-use single-line function
http tests: in CI skip test_02_23* for quiche
http2 + ngtcp2: pass CURLcode errors from callbacks
http2, http3: decouple stream state from easy handle
http2: emit RST when client write fails
http3: quiche+ngtcp2 improvements
http: acknowledge a returned error code
http: HEAD response body tolerance
http: reject HTTP major version switch mid connection
http: remove redundant check
http: with chunked POST forced, disable length check on read callback
http_aws_sigv4: remove useless assignment
idn: make Curl_idnconvert_hostname() use Curl_idn_decode()
if2ip: make the buf_size arg a size_t
INSTALL-CMAKE.md: explain `cmake -G <generator-name>`
krb5: use dynbuf
ldap: fix unused variables (seen on OmniOS)
lib/cf-h1-proxy: silence compiler warnings (gcc 14)
lib: add trace support for client reads and writes
lib: bump hash sizes to `size_t`
lib: clear the easy handle's saved errno before transfer
lib: fix compiler warnings (gcc)
lib: make protocol handlers store scheme name lowercase
lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3`
lib: remove two instances of "only only" messages
lib: silence `-Wsign-conversion` in base64, strcase, mprintf
lib: silence warnings on comma misuse
lib: use `#error` instead of invalid syntax in `curl_setup_once.h`
lib: use multi instead of multi_easy for the active multi
libcurl-opts: mention pipelining less
libssh2: delete redundant feature guard
libssh2: replace `access()` with `stat()`
libssh2: set length to 0 if strdup failed
m4: fix rustls pkg-config codepath
MAIL-ETIQUETTE: convert to markdown
makefile: remove the sorting from the vc-ide action
maketgz: put docs/RELEASE-TOOL.md into the tarball
managen: fix the option sort order
mbedtls: call mbedtls_ssl_setup() after RNG callback is set
mbedtls: cut off trailing newlines from debug logs
mbedtls: fix building with v3 in CMake Unity mode
mbedtls: support TLS 1.3
mime: avoid using access()
misc: fix typos
misc: fix typos, quoting and spelling
mprintf: check fputc error rather than matching returned character
mqtt: when Curl_xfer_recv returns error, don't use nread
multi: avoid memory-leak risk
multi: introduce SETUP state for better timeouts
multi: multi_wait improvements
multi: remove the unused Curl_preconnect function
multi: remove useless assignment
multi: timeout handles even without connection
openldap: create ldap URLs correctly for IPv6 addresses
openssl: do not set SSL_MODE_RELEASE_BUFFERS
openssl: revert keylog_callback support for LibreSSL
OS400: fix shellcheck warnings in scripts
projects: drop MSVC project files for recent versions
pytest: add DELETE tests, check server version
pytest: fixes for recent python, add FTP tests
quic: fixup duplicate static function name (for cmake unity)
quiche: expire all active transfers on connection close
quiche: trust its timeout handling
RELEASE-PROCEDURE: mention an initial working build
request: make Curl_req_init return void
request: paused upload on completed download, assess connection
reuse: add copyright + license info to individual docs/*.md files
ROADMAP: remove completed entries, mention websocket
rustls: fix handshake done handling
rustls: fix partial send handling
rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag
rustsls: fix error code on receive
sendf: fix two typos in comments
sendf: useless assignment in cr_lc_read()
setopt: acknowledge errors proper for CURLOPT_COOKIEJAR
setopt: make the setstropt_userpwd args compulsory
setopt: remove check for 'option' that is always true
setopt: warn on Curl_set*opt() uses not using the return value
smtp: result of Curl_bufq_cread was not used
socket: remove redundant call to getsockname
socketpair: fix compilation when USE_UNIX_SOCKETS is not defined
src: tidy up types, add necessary casts
telnet: check return code from fileno()
tests/http: fix compiler warning
tests: add -q as first option when invoking curl for tests
tests: check caddy server version to match test expectations
tests: enable test 1117 for hyper
tests: fix feature case in test1481
tests: fix test 1167 to skip digit-only symbols
tests: make the unit test result type `CURLcode`
tests: Mark tftpd timer function as noreturn
tests: tidy up types in server code
tls: fix SecureTransport + BearSSL cmake unity builds
tls: remove EXAMPLEs from deprecated options
tls: use shared init code for TCP+QUIC
tool: move tool_ftruncate64 to tool_util.c
tool_cb_rea: limit rate unpause for -T . uploads
tool_cfgable: free {proxy_}cipher13_list on exit
tool_getparam: output warning for leading unicode quote character
tool_getparam: remove two redundant conditions
tool_operate: don't truncate the etag save file by default
tool_operate: init vars unconditionally in post_per_transfer
tool_paramhlp: remove duplicate assign
tool_xattr: "guess" URL scheme if none is provided
tool_xattr: in debug builds, act normally if CURL_FAKE_XATTR is not set
transfer: remove useless assignment
url: do not URL decode proxy crendentials
url: fix use of an uninitialized variable
url: make parse_login_details use memdup0
url: remove duplicate call to Curl_conncache_remove_conn when pruning
urlapi: allow setting port number zero
urlapi: fix relative redirects to fragment-only
urldata: remove fields not used depending on used features
vauth: make two functions void that always just returned OK
version: use msnprintf instead of strncpy
vquic-tls: use correct cert name check API for wolfSSL
vquic: use CURL_FORMAT_CURL_OFF_T for 64 bit printf output
vtls: TLS session storage overhaul
wakeup_create: use FD_CLOEXEC/SOCK_CLOEXEC
warnless: delete orphan declarations
websocket: avoid memory leak in error path
winbuild: add ENABLE_WEBSOCKETS option
winbuild: use $(RC) correctly
wolfssl: plug memory leak in wolfssl_connect_step2()
x509asn1: return error on missing OID
8.7.1
Bugfixes:
Fixed empty tool_hugehelp.c file
8.7.0
Changes:
configure: add --disable-docs flag
CURLINFO_USED_PROXY: return bool whether the proxy was used
digest: support SHA-512/256
DoH: add trace configuration
write-out: add '%{proxy_used}'
Bugfixes:
ALTSVC.md: correct a typo
asyn-ares: fix data race warning
asyn-thread: use wakeup_close to close the read descriptor
badwords: use hostname, not host name
BINDINGS: add mcurl, the python binding
bufq: writing into a softlimit queue cannot be partial
c-hyper: add header collection writer in hyper builds
cd2nroff: gen: make `\>` in input to render as plain '>' in output
cd2nroff: remove backticks from titles
checksrc.pl: fix handling .checksrc with CRLF
cmake: add USE_OPENSSL_QUIC support
cmake: add warning for using TLS libraries without 1.3 support
cmake: enable `ENABLE_CURL_MANUAL` by default
cmake: fix `CURL_WINDOWS_SSPI=ON` with Schannel disabled
cmake: fix function description in comment
cmake: fix install for older CMake versions
cmake: fix libcurl.pc and curl-config library specifications
cmdline-docs/Makefile: avoid using a fixed temp file name
cmdline-docs: quote and angle bracket cleanup
cmdline-opts/_EXITCODES: sync with libcurl-errors
cmdline-opts/_VARIABLES.md: improve the description
cmdline-opts/_VERSION: provide %VERSION correctly
cmdline-opts: shorter help texts
configure: add pkg-config support to rustls detection
configure: add warning for using TLS libraries without 1.3 support
configure: build & install shell completions when enabled
configure: do not link with nghttp3 unless necessary
configure: Don't build shell completions when disabled
configure: Don't make shell completions without perl
configure: find libpsl with pkg-config
connect.c: fix typo
CONTRIBUTE: update the section on documentation format
cookie.md: provide an example sending a fixed cookie
cookie: if psl fails, reject the cookie
curl: exit on config file parser errors
curl: make --libcurl output better CURLOPT_*SSLVERSION
curl: when allocating variables, add the name into the struct
curl_setup.h: add curl_uint64_t internal type
curldown: fix email address in Copyright
CURLMOPT_MAX*: mention what happens if changed mid-transfer
CURLOPT_INTERFACE.md: remove spurious amp, add see-also
CURLOPT_POSTQUOTE.md: fix typo
CURLOPT_SSL_CTX_FUNCTION.md: no promises of lifetime after return
CURLOPT_WRITEFUNCTION.md: typo fix
digest: add check for hashing error
dist: make sure the http tests are in the tarball
DISTROS: add document with distro pointers
docs/libcurl: add TLS backend info for all TLS options
docs/libcurl: generate PROTOCOLS from meta-data
docs: add missing slashes to SChannel client certificate documentation
docs: add necessary setup for nghttp3
docs: ascii version of manpage without nroff
docs: dist curl*.1 and install without perl
docs: make curldown do angle brackets like markdown
docs: make each libcurl man specify protocol(s)
docs: make sure curl.1 is included in dist tarballs
docs: update minimal binary size in INSTALL.md
docs: use present tense
examples: use present tense in comments
file: use xfer buf for file:// transfers
fopen: fix narrowing conversion warning on 32-bit Android
form-string.md: correct the example
ftp: do lineend conversions in client writer
ftp: fix socket wait activity in ftp_domore_getsock
ftp: tracing improvements
ftp: treat a 226 arriving before data as a signal to read data
gen.pl: make the "manpageification" faster
gen: make `\>` in input to render as plain '>' in output
getparam: make --ftp-ssl work again
GHA/linux: add sysctl trick to work-around GitHub runner issue
GIT-INFO: convert to markdown
GOVERNANCE: document the core team
header.md: remove backslash, make nicer markdown
HTTP/2: write response directly
http2, http3: return CURLE_PARTIAL_FILE when bytes were received
http2: fix push discard
http2: memory errors in the push callbacks are fatal
http2: minor tweaks to optimize two struct sizes
http2: push headers better cleanup
http2: remove the third (unused) argument from http2_data_done()
HTTP3.md: adjust the OpenSSL QUIC install instructions
http: better error message for HTTP/1.x response without status line
http: improve response header handling, save cpu cycles
http: move headers collecting to writer
http: remove stale comment about rewindbeforesend
http: separate response parsing from response action
http_chunks: fix the accounting of consumed bytes
http_chunks: remove unused 'endptr' variable
https-proxy: use IP address and cert with ip in alt names
hyper: implement unpausing via client reader
ipv6.md: mention IPv4 mapped addresses
KNOWN_BUGS: POP3 issue when reading small chunks
lib1598: fix `CURLOPT_POSTFIELDSIZE` usage
lib582: remove code causing warning that is never run
lib: add `void *ctx` to reader/writer instances
lib: convert Curl_get_line to use dynbuf
lib: Curl_read/Curl_write clarifications
lib: enhance client reader resume + rewind
lib: initialize output pointers to NULL before calling strto[ff,l,ul]
lib: keep conn IP information together
lib: move 'done' parameter to SingleRequests
lib: remove curl_mimepart object when CURL_DISABLE_MIME
libcurl-docs: cleanups
libcurl-security.md: Active FTP passes on the local IP address
libssh/libssh2: return error on too big range
MANUAL.md: fix typo
mbedtls: fix building when MBEDTLS_X509_REMOVE_INFO flag is defined
mbedtls: fix pytest for newer versions
mbedtls: properly cleanup the thread-shared entropy
mbedtls: use mbedtls_ssl_conf_{min|max}_tls_version
md4: include strdup.h for the memdup proto
mime: add client reader
misc: fix typos in docs and lib
mkhelp: simplify the generated hugehelp program
mprintf: fix format prefix I32/I64 for windows compilers
multi: add xfer_buf to multi handle
multi: fix multi_sock handling of select_bits
multi: make add_handle free any multi_easy
ngtcp2: no recvbuf for stream
ntml_wb: fix buffer type typo
OpenSSL QUIC: adapt to v3.3.x
openssl-quic: check on Windows that socket conv to int is possible
openssl-quic: fix BIO leak and Windows warning
openssl-quic: fix unity build, casing, indentation
OS400: avoid using awk in the build scripts
paramhlp: fix CRLF-stripping files with "-d @file"
proxy1.0.md: fix example
pytest: adapt to API change
request: clarify message when request has been sent off
rustls: make curl compile with 0.12.0
schannel: fix hang on unexpected server close
scripts: fix cijobs.pl for Azure and GHA
sendf: ignore response body to HEAD
setopt: fix check for CURLOPT_PROXY_TLSAUTH_TYPE value
setopt: fix disabling all protocols
sha512_256: add support for GnuTLS and OpenSSL
smtp: fix STARTTLS
SPONSORS: describe the basics
strtoofft: fix the overflow check
test 1541: verify getinfo values on first header callback
test1165: improve pattern matching
tests: support setting/using blank content env variables
TIMER_STARTTRANSFER: set the same for everyone
TLS: start shutdown only when peer did not already close
TODO: update 13.11 with more information
tool_cb_hdr: only parse etag + content-disposition for 2xx
tool_getparam: accept a blank -w ""
tool_getparam: handle non-existing (out of range) short-options
tool_operate: change precedence of server Retry-After time
tool_operate: do not set CURLOPT_QUICK_EXIT in debug builds
trace-config.md: remove the mutexed options list
transfer.c: break receive loop in speed limited transfers
transfer: improve Windows SO_SNDBUF update limit
urldata: move authneg bit from conn to Curl_easy
version: allow building with ancient libpsl
vquic-tls: fix the error code returned for bad CA file
vtls: fix tls proxy peer verification
vtls: revert "receive max buffer" + add test case
VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
websocket: fix curl_ws_recv()
wolfSSL: do not call the stub function wolfSSL_BIO_set_init()
write-out.md: clarify error handling details
8.6.0
Changes:
add CURLE_TOO_LARGE
add CURLINFO_QUEUE_TIME_T
add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add
asyn-thread: use GetAddrInfoExW on >= Windows 8
configure: make libpsl detection failure cause error
docs/cmdline: change to .md for cmdline docs
docs: introduce "curldown" for libcurl man page format
runtests: support -gl. Like -g but for lldb.
Bugfixes:
altsvc: free 'as' when returning error
appveyor: replace PowerShell with bash + parallel autotools
appveyor: switch to out-of-tree builds
asyn-ares: with modern c-ares, use its default timeout
build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}`
build: delete/replace clang warning pragmas
build: enable missing OpenSSF-recommended warnings, with fixes
build: fix `-Wconversion`/`-Wsign-conversion` warnings
build: fix Windows ADDRESS_FAMILY detection
build: more `-Wformat` fixes
build: remove redundant `CURL_PULL_*` settings
cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper
cf-socket: show errno in tcpkeepalive error messages
CI/distcheck: run full tests
cmake: add option to disable building docs
cmake: fix generation for system name iOS
cmake: fix typo
cmake: freshen up docs/INSTALL.cmake
cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE`
cmake: rework options to enable curl and libcurl docs
cmake: when USE_MANUAL=YES, build the curl.1 man page
cmdline-opts/write-out.d: remove spurious double quotes
cmdline-opts: update availability for the *-ca-native options
cmdline/gen: fix the sorting of the man page options
configure: add libngtcp2_crypto_boringssl detection
configure: fix no default int compile error in ipv6 detection
configure: when enabling QUIC, check that TLS supports QUIC
connect: remove margin from eyeballer alloc
content_encoding: change return code to typedef'ed enum
cookie.d: document use of empty string to enable cookie engine
cookie: avoid fopen with empty file name
curl.h: CURLOPT_DNS_SERVERS is only available with c-ares
curl: show ipfs and ipns as supported "protocols"
curl_easy_getinfo.3: remove the wrong time value count
curl_multi_fdset.3: remove mention of null pointer support
CURLINFO_REFERER.3: clarify that it is the *request* header
CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example
CURLOPT_SSH_*_KEYFILE: clarify
dist: add tests/errorcodes.pl to the tarball
docs: clean up Protocols: for cmdline options
docs: describe and highlight super cookies
docs: do not start lines/sentences with So, But nor And
docs: install curl.1 with cmake
docs: mention env vars not used by schannel
doh: remove unused local variable
examples: add four new examples
file+ftp: use stack buffers instead of data->state.buffer
ftp: handle the PORT parsing without allocation
ftp: use dynbuf to store entrypath
ftp: use memdup0 to store the OS from a SYST 215 response
ftpserver.pl: send 213 SIZE response without spurious newline
gen.pl: support ## for doing .IP in table-like lists
gen: do italics/bold for a range of letters, not just single word
GHA: add a job scanning for "bad words" in markdown
GHA: bump ngtcp2, gnutls, mod_h2, quiche
gnutls: fix build with --disable-verbose
haproxy-clientip.d: document the arg
headers: make sure the trailing newline is not stored
headers: remove assert from Curl_headers_push
hostip: return error immediately when Curl_ip2addr() fails
hsts: remove assert for zero length domain
http2: improved on_stream_close/data_done handling
http3/quiche: fix result code on a stream reset
http3: initial support for OpenSSL 3.2 QUIC stack
http: adjust_pollset fix
http: check for "Host:" case insensitively
http: fix off-by-one error in request method length check
http: only act on 101 responses when they are HTTP/1.1
http: remove comment reference to a removed solution
http: use stack scratch buffer
http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT
krb5: add prototype to silence clang warnings on mvsnprintf()
lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT
lib: error out on multissl + http3
lib: fix variable undeclared error caused by `infof` changes
lib: reduce use of strncpy
lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding
lib: replace readwrite with write_resp
lib: strndup/memdup instead of malloc, memcpy and null-terminate
libssh2: use `libssh2_session_callback_set2()` with v1.11.1
libssh: improve the deprecation warning dismissal
libssh: supress warnings without version check
Makefile.am: fix the MSVC project generation
Makefile.mk: drop Windows support
mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls`
mbedtls: free the entropy when threaded
mime: use memdup0 instead of malloc + memcpy
mksymbolsmanpage.pl: provide references to where the symbol is used
mprintf: overhaul and bugfixes
mqtt: use stack scratch buffer for recv+publish
multi: remove total timer reset in file_do() while fetching file://
ngtcp2: put h3 at the front of alpn
ntlm_wb: do not use data->state.buffer any longer
openldap: fix an LDAP crash
openldap: fix STARTTLS
openssl: re-match LibreSSL deinit with init
openssl: when verifystatus fails, remove session id from cache
OS400: sync ILE/RPG binding
pingpong: stop using the download buffer
pop3: replace calloc + memcpy with memdup0
pytest: scorecard tracking CPU and RSS
quiche: return CURLE_HTTP3 on send to invalid stream
readwrite_data: loop less
Revert "urldata: move async resolver state from easy handle to connectdata"
rtsp: deal with borked server responses
runtests: for mode="text" on <stdout>, fix newlines on both parts
sasl: make login option string override http auth
schannel: fix `-Warith-conversion` gcc 13 warning
sectransp: do verify_cert without memdup for blobs
sectransp_ make TLSCipherNameForNumber() available in non-verbose config
sendf: fix compiler warning with CURL_DISABLE_HEADERS_API
setopt: clear mimepost when formp is freed
setopt: use memdup0 when cloning COPYPOSTFIELDS
socks: fix generic output string to say SOCKS instead of SOCKS4
socks: use own buffer instead of data->state.buffer
ssh: fix namespace of two local macros
ssh: use stack scratch buffer for seeks
strerror: repair get_winsock_error()
system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers
system_win32: fix a function pointer assignment warning
telnet: use dynbuf instad of malloc for escape buffer
telnet: use stack scratch buffer for do
tests/server: delete workaround for old-mingw
tests: avoid int/size_t conversion size/sign warnings
tests: respect $TMPDIR when creating unix domain sockets
tool: make parser reject blank arguments if not supported
tool: prepend output_dir in header callback
tool_getparam: bsearch cmdline options
tool_getparam: do not try to expand without an argument
tool_getparam: stop supporting `@filename` style for --cookie
tool_listhelp: regenerate after recent .d updates
tool_operate: make --remove-on-error only remove "real" files
tool_operate: stop setting the file comment on Amiga
transfer: adjust_pollset improvements
transfer: fix upload rate limiting, add test cases
transfer: make the select_bits_paused condition check both directions
transfer: remove warning: Value stored to 'blen' is never read
url: don't set default CA paths for Secure Transport backend
url: for disabled protocols, mention if found in redirect
urlapi: remove assert
verify-examples.pl: fail verification on unescaped backslash
version: show only the libpsl version, not its dependencies
vquic: extract TLS setup into own source
vtls: fix missing multissl version info
vtls: receive max buffer
vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY
websockets: check for negative payload lengths
websockets: refactor decode chain
windows: delete redundant headers
windows: simplify detecting and using system headers
wolfssl: load certificate *chain* for PEM client certs
x509asn1: remove code for WANT_VERIFYHOST
x509asn1: switch from malloc to dynbuf
8.5.0
Changes:
gnutls: support CURLSSLOPT_NATIVE_CA
HTTP3: ngtcp2 builds are no longer experimental
Bugfixes:
appveyor: make VS2008-built curl tool runnable
asyn-thread: use pipe instead of socketpair for IPC when available
autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}`
autotools: avoid passing `LDFLAGS` twice to libcurl
autotools: delete LCC compiler support bits
autotools: fix/improve gcc and Apple clang version detection
autotools: stop setting `-std=gnu89` with `--enable-warnings`
autotools: update references to deleted `crypt-auth` option
BINDINGS: add V binding
build: add `src/.checksrc` to source tarball
build: add more picky warnings and fix them
build: always revert `#pragma GCC diagnostic` after use
build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H`
build: delete support bits for obsolete Windows compilers
build: fix 'threadsafe' feature detection for older gcc
build: fix builds that disable protocols but not digest auth
build: fix compiler warning with auths disabled
build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS`
build: picky warning updates
build: require Windows XP or newer
cfilter: provide call to tell connection to forget a socket
CI: add autotools, out-of-tree, debug build to distro check job
CI: ignore test 286 on Appveyor gcc 9 build
cmake: add `CURL_DISABLE_BINDLOCAL` option
cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API`
cmake: dedupe Windows system libs
cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection
cmake: fix CURL_DISABLE_GETOPTIONS
cmake: fix multiple include of CURL package
cmake: fix OpenSSL quic detection in quiche builds
cmake: option to disable install & drop `curlu` target when unused
cmake: pre-fill rest of detection values for Windows
cmake: replace `check_library_exists_concat()`
cmake: speed up threads setup for Windows
cmake: speed up zstd detection
config-win32: set `HAVE_SNPRINTF` for mingw-w64
configure: better --disable-http
configure: check for the fseeko declaration too
conncache: use the closure handle when disconnecting surplus connections
content_encoding: make Curl_all_content_encodings allocless
cookie: lowercase the domain names before PSL checks
curl.h: delete Symbian OS references
curl.h: on FreeBSD include sys/param.h instead of osreldate.h
curl.rc: switch out the copyright symbol for plain ASCII
curl: improved IPFS and IPNS URL support
curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped
Curl_http_body: cleanup properly when Curl_getformdata errors
curl_setup: disallow Windows IPv6 builds missing getaddrinfo
curl_sspi: support more revocation error names in error messages
CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation
CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range
CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does
CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR
CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO
docs/example/keepalive.c: show TCP keep-alive options
docs/example/localport.c: show off CURLOPT_LOCALPORT
docs/examples/interface.c: show CURLOPT_INTERFACE use
docs/libcurl: fix three minor man page format mistakes
docs/libcurl: SYNSOPSIS cleanup
docs: add supported version for the json write-out
docs: clarify that curl passes on input unfiltered
docs: fix function typo in curl_easy_option_next.3
docs: KNOWN_BUGS cleanup
docs: preserve the modification date when copying the prebuilt man page
docs: remove bold from some man page SYNOPSIS sections
docs: use SOURCE_DATE_EPOCH for generated manpages
doh: provide better return code for responses w/o addresses
doh: use PIPEWAIT when HTTP/2 is attempted
duphandle: also free 'outcurl->cookies' in error path
duphandle: make dupset() not return with pointers to old alloced data
duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set
easy: in duphandle, init the cookies for the new handle
easy: remove duplicate wolfSSH init call
easy_lock: add a pthread_mutex_t fallback
fopen: create new file using old file's mode
fopen: create short(er) temporary file name
getenv: PlayStation doesn't have getenv()
GHA: move mod_h2 version in CI to v2.0.25
hostip: show the list of IPs when resolving is done
hostip: silence compiler warning `-Wparentheses-equality`
hsts: skip single-dot hostname
HTTP/2, HTTP/3: handle detach of onoing transfers
http2: header conversion tightening
http2: provide an error callback and failf the message
http2: safer invocation of populate_binsettings
http: allow longer HTTP/2 request method names
http: avoid Expect: 100-continue if Upgrade: is used
http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine
http: fix `-Wunused-parameter` with no auth and no proxy
http: fix `-Wunused-variable` compiler warning
http: fix empty-body warning
http_aws_sigv4: canonicalise valueless query params
hyper: temporarily remove HTTP/2 support
INSTALL: update list of ports and CPU archs
IPFS: fix IPFS_PATH and file parsing
keylog: disable if unused
lib: add and use Curl_strndup()
lib: apache style infof and trace macros/functions
lib: fix gcc warning in printf call
libcurl-errors.3: sync with current public headers
libcurl-thread.3: simplify the TLS section
Makefile.am: drop vc10, vc11 and vc12 projects from dist
Makefile.mk: fix `-rtmp` option for non-Windows
mime: store "form escape" as a single bit
misc: fix -Walloc-size warnings
msh3: error when built with CURL_DISABLE_SOCKETPAIR set
multi: during ratelimit multi_getsock should return no sockets
multi: use pipe instead of socketpair to *wakeup()
ngtcp2: fix races in stream handling
ntlm_wb: use pipe instead of socketpair when possible
openldap: move the alloc of ldapconninfo to *connect()
openldap: set the callback argument in oldap_do
openssl: avoid BN_num_bits() NULL pointer derefs
openssl: fix building with v3 `no-deprecated` + add CI test
openssl: fix infof() to avoid compiler warning for %s with null
openssl: identify the "quictls" backend correctly
openssl: include SIG and KEM algorithms in verbose
openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs
openssl: two multi pointer checks should probably rather be asserts
openssl: when a session-ID is reused, skip OCSP stapling
page-footer: clarify exit code 25
projects: add VC14.20 project files
pytest: use lower count in repeat tests
quic: make eyeballers connect retries stop at weird replies
quic: manage connection idle timeouts
quiche: use quiche_conn_peer_transport_params()
rand: fix build error with autotools + LibreSSL
resolve.d: drop a multi use-sentence
RTSP: improved RTP parser
sasl: fix `-Wunused-function` compiler warning
schannel: add CA cache support for files and memory blobs
setopt: check CURLOPT_TFTP_BLKSIZE range on set
setopt: remove outdated cookie comment
setopt: remove superfluous use of ternary expressions
socks: better buffer size checks for socks4a user and hostname
socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice
symbols-in-versions: the CLOSEPOLICY options are deprecated
test1683: remove commented-out check alternatives
test3103: add missing quotes around a test tag attribute
test613: stop showing an error on missing output file
tests/README: SOCKS tests are not using OpenSSH, it has its own server
tests/server: add more SOCKS5 handshake error checking
tests: Fix Windows test helper tool search & use it for handle64
tidy-up: casing typos, delete unused Windows version aliases
tool: fix --capath when proxy support is disabled
tool: support bold headers in Windows
tool_cb_hdr: add an additional parsing check
tool_cb_prg: make the carriage return fit for wide progress bars
tool_cb_wrt: fix write output for very old Windows versions
tool_getparam: limit --rate to be smaller than number of ms
tool_operate: do not mix memory models
tool_operate: fix links in ipfs errors
tool_parsecfg: make warning output propose double-quoting
tool_urlglob: fix build for old gcc versions
tool_urlglob: make multiply() bail out on negative values
tool_writeout_json: fix JSON encoding of non-ascii bytes
transfer: abort pause send when connection is marked for closing
transfer: avoid calling the read callback again after EOF
transfer: only reset the FTP wildcard engine in CLEAR state
url: don't touch the multi handle when closing internal handles
url: find scheme with a "perfect hash"
url: fix `-Wzero-length-array` with no protocols
url: fix builds with `CURL_DISABLE_HTTP`
url: protocol handler lookup tidy-up
url: proxy ssl connection reuse fix
urlapi: avoid null deref if setting blank host to url encode
urlapi: skip appending NULL pointer query
urlapi: when URL encoding the fragment, pass in the right length
urldata: make maxconnects a 32 bit value
urldata: move async resolver state from easy handle to connectdata
urldata: move cookielist from UserDefined to UrlState
urldata: move hstslist from 'set' to 'state'
urldata: move the 'internal' boolean to the state struct
vssh: remove the #ifdef for Curl_ssh_init, use empty macro
vtls: cleanup SSL config management
vtls: consistently use typedef names for OpenSSL structs
vtls: late clone of connection ssl config
vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0
VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw
windows: use built-in `_WIN32` macro to detect Windows
wolfssh: remove redundant static prototypes
wolfssl: add default case for wolfssl_connect_step1 switch
wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA
8.4.0
Changes:
curl: add support for the IPFS protocols via HTTP gateway
curl_multi_get_handles: get easy handles from a multi handle
mingw: delete support for legacy mingw.org toolchain
Bugfixes:
acinclude.m4: Document proper system truststore on FreeBSD
appveyor: fix yamlint issues, indent
appveyor: rewrite batch in PowerShell + CI improvements
autotools: adjust `CURL_CA_PATH` value to CMake
autotools: restore `HAVE_IOCTL_*` detections
base64: also build for curl
bufq: remove Curl_bufq_skip_and_shift (unused)
build: delete checks for C89 standard headers
build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
cf-socket: simulate slow/blocked receives in debug
cmake, configure: also link with CoreServices
cmake: add check for suseconds_t
cmake: add feature checks for `memrchr` and `getifaddrs`
cmake: add missing checks
cmake: delete old `HAVE_LDAP_URL_PARSE` logic
cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW`
cmake: detect `HAVE_GETADDRINFO_THREADSAFE`
cmake: detect `sys/wait.h` and `netinet/udp.h`
cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
cmake: disable unity mode with Windows Unicode + TrackMemory
cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows
cmake: fix `HAVE_WRITABLE_ARGV` detection
cmake: fix duplicate symbols when linking tests
cmake: fix missing `zlib.h` when compiling `libcurltool`
cmake: fix stderr initialization in unity builds
cmake: fix the help text to the static build option in CMakeLists.txt
cmake: fix unity builds for more build combinations
cmake: fix unity symbol collisions in h2 builds
cmake: fix unity with Windows Unicode + TrackMemory
cmake: improve OpenLDAP builds
cmake: lib `CURL_STATICLIB` fixes (Windows)
cmake: move global headers to specific checks
cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC
cmake: pre-cache `HAVE_POLL_FINE` on Windows
cmake: tidy-up `NOT_NEED_LBER_H` detection
cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value
configure: check for the capath by default
configure: remove unused checks
configure: replace adhoc domain with `localhost` in tests
configure: sort AC_CHECK_FUNCS
connect: expire the timeout when trying next
connect: only start the happy eyeballs timer when needed
cookie: do not store the expire or max-age strings
cookie: remove unnecessary struct fields
cookie: set ->running in cookie_init even if data is NULL
create-dirs.d: clarify it also uses --output-dirs
curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
curl_easy_pause.3: mention h2/h3 buffering
curl_easy_pause.3: mention it works within callbacks
curl_easy_pause: set "in callback" true on exit if true
CURLOPT_DEBUGFUNCTION.3: warn about internal handles
docs/libcurl/opts/Makefile.inc: add missing manpage files
docs: adapt SEE ALSO sections to new requirements
docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER
docs: replace made up domains with example.com
docs: update curl man page references
docs: use CURLSSLBACKEND_NONE
doh: inherit DEBUGFUNCTION/DATA
escape: replace Curl_isunreserved with ISUNRESERVED
FAQ: How do I upgrade curl.exe in Windows?
GHA/linux: run singleuse to detect single-use global functions
GHA: add workflow to compare configure vs cmake outputs
h2-proxy: remove left-over mistake in drain_tunnel()
h2: testcase and fix for pausing h2 streams
h3: add support for ngtcp2 with AWS-LC builds
http2: refused stream handling for retry
http: fix CURL_DISABLE_BEARER_AUTH breakage
http: h1/h2 proxy unification
http: remove wrong comment for http_should_fail
http: use per-request counter to check too large headers
http_aws_sigv4: fix sorting with empty parts
idn: fix WinIDN null ptr deref on bad host
idn: if idn2_check_version returns NULL, return error
inet_ntop: add typecast to silence Coverity
lib: disambiguate Curl_client_write flag semantics
lib: enable hmac for digest as well
lib: failf/infof compiler warnings
lib: let the max filesize option stop too big transfers too
lib: move handling of `data->req.writer_stack` into Curl_client_write()
lib: provide and use Curl_hexencode
lib: remove TIME_WITH_SYS_TIME
lib: use wrapper for curl_mime_data fseek callback
libssh2: fix error message on failed pubkey-from-file
libssh: cap SFTP packet size sent
Makefile.mk: always set `CURL_STATICLIB` for lib (Windows)
MANUAL.md: change domain to example.com
misc: better random strings
MQTT: improve receive of ACKs
multi: do CURLM_CALL_MULTI_PERFORM at two more places
multi: fix small timeouts
multi: remove Curl_multi_dump
multi: round the timeout up to prevent early wakeups
multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
openssl: improve ssl shutdown handling
openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
pytest: exclude test_03_goaway in CI runs due to timing dependency
quic: set ciphers/curves the same way regular TLS does
quiche: fix build error with --with-ca-fallback
RELEASE-PROCEDURE.md: updated coming release dates
runtests: display the test status if tests appear hung
runtests: eliminate a warning on old perl versions
socks: return error if hostname too long for remote resolve
src/mkhelp: make generated code pass `checksrc`
test1056: disable on Windows
test1474: disable test on NetBSD, OpenBSD and Solaris 10
test1592: greatly increase the maximum test timeout
test1903: actually verify the cookies after the test
test1906: set a lower timeout since it's hit on Windows
test2600: remove special case handling for USE_ALARM_TIMEOUT
test650: fix an end tag typo
test661: return from test early in case of curl error
test: add missing <feature>s
tests: close the shell used to start sshd
tests: fix a race condition in ftp server disconnect
tests: fix compiler warnings
tests: Fix zombie processes left behind by FTP tests.
tests: improve SLOWDOWN test reliability by reducing sent data
tests: increase lib571 timeout from 3s to 30s
tests: log the test result code after each libtest
tests: propagate errors in libtests
tests: set --expect100-timeout to improve test reliability
tests: show which curl tool `runtests.pl` is using
tests: stop overriding the lock timeout
tftpd: always use curl's own tftp.h
tool: use our own stderr variable
tool_cb_wrt: fix debug assertion
tool_getparam: accept variable expansion on file names too
tool_setopt: remove unused function tool_setopt_flags
upload-file.d: describe the file name slash/backslash handling
url: fall back to http/https proxy env-variable if ws/wss not set
url: fix netrc info message
warnless: remove unused functions
wolfssh: do cleanup in Curl_ssh_cleanup
wolfssl: allow capath with CURLOPT_CAINFO_BLOB
wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files
wolfssl: ignore errors in CA path
8.3.0
Changes:
curl: make %output{} in -w specify a file to write to
gskit: remove
lib: --disable-bindlocal builds curl without local binding support
nss: remove support for this TLS library
tool: add "variable" support
trace: make tracing available in non-debug builds
url: change default value for CURLOPT_MAXREDIRS to 30
urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
wolfssl: support loading system CA certificates
Bugfixes:
altsvc: accept and parse IPv6 addresses in response headers
asyn-ares: reduce timeout to 2000ms
aws-sigv4: canonicalize the query
aws-sigv4: fix having date header twice in some cases
aws-sigv4: handle no-value user header entries
bearssl: don't load CA certs when peer verification is disabled
bearssl: handshake fix, provide proper get_select_socks() implementation
build: fix portability of mancheck and checksrc targets
build: streamline non-UWP wincrypt detections
c-hyper: adjust the hyper to curlcode conversion
c-hyper: fix memory leaks in `Curl_http`
cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP
cf-socket: log successful interface bind
CI/cirrus: disable python install on FreeBSD
CI: add a 32-bit i686 Linux build
CI: add caching to many jobs
CI: move on to ngtcp2 v0.19.1
CI: move the Alpine build from Cirrus to GHA
CI: ngtcp2-linux: use separate caches for tls libraries
CI: remove Windows builds from Cirrus, without replacement
CI: switch macOS ARM build from Cirrus to Circle CI
CI: use master again for wolfssl
cirrus: install everthing with pkg, avoid pip
cmake: add GnuTLS option
cmake: add support for `CURL_DEFAULT_SSL_BACKEND`
cmake: add support for single libcurl compilation pass
cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms
cmake: assume `wldap32` availability on Windows
cmake: cache more config and delete unused ones
cmake: detect `SSL_set0_wbio` in OpenSSL
cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
cmake: fix to use variable for the curl namespace
cmake: fixup H2 duplicate symbols for unity builds
cmake: set SIZEOF_LONG_LONG in curl_config.h
cmake: support building static and shared libcurl in one go
cmdline-docs: make sure to phrase it as "added in ...."
cmdline-docs: use present tense, not future
cmdline-opts/docs: mention the negative option part
cmdline-opts/page-header: clarify stronger that !opt == URL
cmdline-opts/page-header: reorder, clean up
configure, cmake, lib: more form api deprecation
configure: fix `HAVE_TIME_T_UNSIGNED` check
configure: trust pkg-config when it's used for zlib
configure: use the pkg-config --libs-only-l flag for libssh2
connect: stop halving the remaining timeout when less than 600 ms left
cookie-jar.d: emphasize that this option is ONLY writing cookies
crypto: ensure crypto initialization works
curl_url_get/set.3: add missing semicolon in SYNOPSIS
CURLINFO_CERTINFO.3: better explain curl_certinfo struct
CURLINFO_TLS_SSL_PTR.3: clarify a recommendation
CURLOPT_*TIMEOUT*: extend and clarify
CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled
CURLOPT_URL.3: add two URL API calls in the see-also section
CURLOPT_URL.3: explain curl_url_set() uses the same parser
digest: Use hostname to generate spn instead of realm
disable.d: explain --disable not implemented prior to 7.50.0
docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0
docs/cmdline-opts: match the current output
docs/cmdline-opts: spellfixes, typos and polish
docs/cmdline: add small "warning" to verbose options
docs/cmdline: remove repeated working for negotiate + ntlm
docs/HYPER.md: document a workaround for a link error
docs: add curl_global_trace to some SEE ALSO sections
docs: link to the website versions instead of markdowns
docs: mark --ssl-revoke-best-effort as Schannel specific
docs: mention critical files in same directories as curl saves
docs: removing "pausing transfers" from HYPER.md.
docs: rewrite to present tense
easy: remove #ifdefs to make code easier on the eye
egd: delete feature detection and related source code
ftp: fix temp write of ipv6 address
gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens
gen.pl: replace all single quotes with aq
GHA: adding quiche workflow
headers: accept leading whitespaces on first response header
http2: avoid too early connection re-use/multiplexing
http2: cleanup trace messages
http2: disable asssertion blocking OSSFuzz testing
http2: fix in h2 proxy tunnel: progress in ingress on sending
http2: polish things around POST
http2: upgrade tests and add fix for non-existing stream
http3/ngtcp2: shorten handshake, trace cleanup
http3: quiche, handshake optimization, trace cleanup
http: close the connection after a late 417 is received
http: do not require a user name when using CURLAUTH_NEGOTIATE
http: fix sending of large requests
http: remove the p_pragma struct field
http: return error when receiving too large header set
hyper: fix a progress upload counter bug
hyper: fix ownership problems
hyper: remove `hyptransfer->endtask`
imap: add a check for failing strdup()
imap: remove the only sscanf() call in the IMAP code
include.d: explain headers not printed with --fail before 7.75.0
include/curl/mprintf.h: add __attribute__ for the prototypes
krb5: fix "implicit conversion loses integer precision" warnings
lib: add ability to disable auths individually
lib: build fixups when built with most things disabled
lib: fix a few *printf() flag mistakes
lib: fix null ptr derefs and uninitialized vars (h2/h3)
lib: move mimepost data from ->req.p.http to ->state
libtest: use curl_free() to free libcurl allocated data
list-only.d: mention SFTP as supported protocol
macOS: fix target detection more
misc: fix various typos
multi.h: the 'revents' field of curl_waitfd is supported
multi: more efficient pollfd count for poll
multi: remove 'processing: <url>' debug message
ngtcp2: fix handling of large requests
openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED`
openssl: clear error queue after SSL_shutdown
openssl: make aws-lc version support OCSP
openssl: Support async cert verify callback
openssl: switch to modern init for LibreSSL 2.7.0+
openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1
openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0
openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
os400: build test servers
os400: do not check translatable options at build time
os400: implement CLI tool
page-footer: QLOGDIR works with ngtcp2 and quiche
page-header: move up a URL paragraph from GLOBBING to URL
pytest: fix check for slow_network skips to only apply when intended
quic: don't set SNI if hostname is an IP address
quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s
quiche: enable quiche to handle timeout events
resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
revert "schannel: reverse the order of certinfo insertions"
schannel: fix ordering of cert chain info
schannel: fix user-set legacy algorithms in Windows 10 & 11
schannel: verify hostname independent of verify cert
sectransp: fix compiler warnings
sectransp: prevent CFRelease() of NULL
secureserver.pl: fix stunnel path quoting
secureserver.pl: fix stunnel version parsing
SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
system.h: add CURL_OFF_T definitions on HP-UX with HP aCC
test1304: build and skip without netrc support
test1554: check translatable string options in OS400 wrapper
test1608: make it build and get skipped without shuffle DNS support
test687/688: two more basic --xattr tests
tests/tftpd+mqttd: make variables static to silence picky warnings
tests: add 'large-time' as a testable feature
tests: add support for nested %if conditions
tests: don't call HTTP errors OK in test cases
tests: ensure `libcurl.def` contains all exports
tests: fix h3 server check and parallel instances
tests: TLS session sharing test
tests: update cookie expiry dates to far in the future
time-cond.d: mention what happens on a missing file
tool: avoid including leading spaces in the Location hyperlink
tool: change some fopen failures from warnings to errors
tool: make the length argument an int for printf()-.* flags
tool_cb_wrt: fix invalid unicode for windows console
tool_filetime: make -z work with file dates before 1970
tool_operate: allow both SSL_CERT_FILE and SSL_CERT_DIR
tool_operate: make aws-sigv4 not require TLS to be used
tool_paramhlp: improve str2num(): avoid unnecessary call to strlen()
tool_urlglob: use the correct format specifier for curl_off_t in msnprintf
transfer: also stop the sending on closed connection
transfer: don't set TIMER_STARTTRANSFER on first send
unit2600: fix build warning if built without verbose messages
url: remove infof() output for "still name resolving"
urlapi: fix heap buffer overflow
urlapi: make sure zoneid is also duplicated in curl_url_dup
urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
urlapi: setting a blank URL ("") is not an ok URL
vquic: show stringified messages for errno
vtls: clarify "ALPN: offers" message
winbuild: improve check for static zlib
wolfSSL: avoid the OpenSSL compat API when not needed
workflows/macos.yml: disable zstd and alt-svc in the http-only build
write-out.d: clarify %{time_starttransfer}
ws: fix spelling mistakes in examples and tests
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
232b3297ea |
vim: Update to version 9.1
- Update from version 9.0 to 9.1 - Update of rootfile - Update of hardening crash patch - Changelog can be found at https://www.vim.org/vim-9.1-released.php Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Adolf Belka
|
be3cf06729 |
pam: Update to version 1.6.1
- Update from version 1.6.0 to 1.6.1
- Update of rootfile
- Removal of patch for as changes now incorporated in source tarball.
- Changelog
1.6.1
build: fail if specified configure options cannot be satisfied.
pam_env: fixed --disable-econf --enable-vendordir support.
pam_unix: do not warn if password aging is disabled.
pam_unix: try to set uid to 0 before unix_chkpwd invocation.
pam_unix: allow empty passwords with non-empty hashes.
Multiple minor bug fixes, build fixes, portability fixes,
documentation improvements, and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
|
||
|
Adolf Belka
|
a03adc928e |
postfix: Update to version 3.9.0
- Update from version 3.8.4 to 3.9.0 - Update of rootfile - With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With previous versions the default value was no but to prevent the possibility of an smtp smuggling attack the option should be yes. Previous version therefore actively set the value to yes and added it to the main.cf file when being installed. With version 3.9.0 the default value is now yes so the option no longer needs to be added into main.cf, so smtp smuggling attack is protected by default now. - Removed the section from the install.sh file that added the option into main.cf with version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be actively added into main.cf - Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Arne Fitzenreiter
|
db27ff326e | Merge remote-tracking branch 'origin/master' into next |