- Update from 3.7.2 to 3.7.3
- Update rootfile
- Changelog
2021-05-22 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bump package version, to 3.7.3.
(LIBNETTLE_MINOR): Bump minor number, to 8.4.
(LIBHOGWEED_MINOR): Bump minor number, to 6.4.
2021-05-17 Niels Möller <nisse@lysator.liu.se>
* rsa-decrypt-tr.c (rsa_decrypt_tr): Check up-front that input is
in range.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* rsa-decrypt.c (rsa_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Add tests with input > n.
2021-05-14 Niels Möller <nisse@lysator.liu.se>
* rsa-sign-tr.c (rsa_sec_blind): Delete mn argument.
(_rsa_sec_compute_root_tr): Delete mn argument, instead require
that input size matches key size. Rearrange use of temporary
storage, to support in-place operation, x == m. Update all
callers.
* rsa-decrypt-tr.c (rsa_decrypt_tr): Make zero-padded copy of
input, for calling _rsa_sec_compute_root_tr.
* rsa-sec-decrypt.c (rsa_sec_decrypt): Likewise.
* testsuite/rsa-encrypt-test.c (test_main): Test calling all of
rsa_decrypt, rsa_decrypt_tr, and rsa_sec_decrypt with zero input.
2021-05-06 Niels Möller <nisse@lysator.liu.se>
* pkcs1-sec-decrypt.c (_pkcs1_sec_decrypt): Check that message
length is valid, for given key size.
* testsuite/rsa-sec-decrypt-test.c (test_main): Add test cases for
calls to rsa_sec_decrypt specifying a too large message length.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 20210419-3.1 to 20210522-3.1
- Update rootfile
- Changelog
2021-05-22 Jess Thrysoee
* version-info: 0:66:0
* all: sync with upstream source
* src/el.c: editrc not read on systems without issetugid
Patch by Trevor Cordes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Core Update 158 specifically ships files that are new or have changed to
keep the size of the update down.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 10.36 to 10.37
- Update rootfile
- find-dependencies run to check impact of so lib bump
No issues found
- Changelog
Version 10.37 26-May-2021
1. Change RunGrepTest to use tr instead of sed when testing with binary
zero bytes, because sed varies a lot from system to system and has problems
with binary zeros. This is from Bugzilla #2681. Patch from Jeremie
Courreges-Anglas via Nam Nguyen. This fixes RunGrepTest for OpenBSD. Later:
it broke it for at least one version of Solaris, where tr can't handle binary
zeros. However, that system had /usr/xpg4/bin/tr installed, which works OK, so
RunGrepTest now checks for that command and uses it if found.
2. Compiling with gcc 10.2's -fanalyzer option showed up a hypothetical problem
with a NULL dereference. I don't think this case could ever occur in practice,
but I have put in a check in order to get rid of the compiler error.
3. An alternative patch for CMakeLists.txt because 10.36 #4 breaks CMake on
Windows. Patch from email@cs-ware.de fixes bugzilla #2688.
4. Two bugs related to over-large numbers have been fixed so the behaviour is
now the same as Perl.
(a) A pattern such as /\214748364/ gave an overflow error instead of being
treated as the octal number \214 followed by literal digits.
(b) A sequence such as {65536 that has no terminating } so is not a
quantifier was nevertheless complaining that a quantifier number was too big.
5. A run of autoconf suggested that configure.ac was out-of-date with respect
to the lastest autoconf. Running autoupdate made some valid changes, some valid
suggestions, and also some invalid changes, which were fixed by hand. Autoconf
now runs clean and the resulting "configure" seems to work, so I hope nothing
is broken. Later: the requirement for autoconf 2.70 broke some automatic test
robots. It doesn't seem to be necessary: trying a reduction to 2.60.
6. The pattern /a\K.(?0)*/ when matched against "abac" by the interpreter gave
the answer "bac", whereas Perl and JIT both yield "c". This was because the
effect of \K was not propagating back from the full pattern recursion. Other
recursions such as /(a\K.(?1)*)/ did not have this problem.
7. Restore single character repetition optimization in JIT. Currently fewer
character repetitions are optimized than in 10.34.
8. When the names of the functions in the POSIX wrapper were changed to
pcre2_regcomp() etc. (see change 10.33 #4 below), functions with the original
names were left in the library so that pre-compiled programs would still work.
However, this has proved troublesome when programs link with several libraries,
some of which use PCRE2 via the POSIX interface while others use a native POSIX
library. For this reason, the POSIX function names are removed in this release.
The macros in pcre2posix.h should ensure that re-compiling fixes any programs
that haven't been compiled since before 10.33.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.2.25 (2014) to 3.5.0 (2019)
- Update rootfile
- Added --disable-static to ./configure
- Added --bindir=/usr/sbin otherwise binaries were installed in /usr/bin
Previous version installed the binaries in /usr/sbin without any command
This maintains location of binaries the same across the versions
- Changelog is no longer provided. Changes have to be found by reading
through the commits. https://github.com/thom311/libnl/releases
This is too large to include here.
There are 664 commits across 7 releases
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.49 to 2.50
- Update rootfile
- Version 2.50 failed to install capsh - bug raised for this
https://bugzilla.kernel.org/show_bug.cgi?id=213261
patch to fix this bug created and used in this build
- Changelog
Release notes for 2.50
2021-05-24 12:05:16 -0700
Some new capsh features:
--explain=cap_foo: describe what cap_foo does (Bug 212451)
--suggest=phrase: search all the cap descriptions and describe those that match the phrase
Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
extend libcap to include cap_prctl() and cap_prctlw() functions to regain feature parity with Go "cap" package. These are only needed when linking against -lpsx for keepcaps POSIX semantics.
this likely requires substantial application changes to make Ambient capability support usable in general, but doing our part for the admin.
Add a test case for recent kernel fix (Bug 212737)
Go pragma fix for convenience functions in "cap" module (reported by Lorenz Bauer. Bug 212321)
Minor man documentation updates
Minor build tree improvements (mostly for maintainer)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.6.14 to 3.6.16
- Update rootfile
- Changelog
* Version 3.6.16 (released 2021-05-24)
** libgnutls: Fixed potential miscalculation of ECDSA/EdDSA code backported from
Nettle. In GnuTLS, as long as it is built and linked against the fixed
version of Nettle, this only affects GOST curves. [CVE-2021-20305]
** libgnutls: Fixed potential use-after-free in sending "key_share"
and "pre_shared_key" extensions. When sending those extensions, the
client may dereference a pointer no longer valid after
realloc. This happens only when the client sends a large Client
Hello message, e.g., when HRR is sent in a resumed session
previously negotiated large FFDHE parameters, because the initial
allocation of the buffer is large enough without having to call
realloc (#1151). [GNUTLS-SA-2021-03-10, CVSS: low]
* Version 3.6.15 (released 2020-09-04)
** libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
The server sending a "no_renegotiation" alert in an unexpected timing,
followed by an invalid second handshake was able to cause a TLS 1.3 client to
crash via a null-pointer dereference. The crash happens in the application's
error handling path, where the gnutls_deinit function is called after
detecting a handshake failure (#1071). [GNUTLS-SA-2020-09-04, CVSS: medium]
** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
indicates that with a false return value (!1306).
** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
accordingly to SP800-56A rev 3 (!1295, !1299).
** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
the size of the internal base64 blob (#1025). The new behavior aligns to the
existing documentation.
** libgnutls: Certificate verification failue due to OCSP must-stapling is not
honered is now correctly marked with the GNUTLS_CERT_INVALID flag
(!1317). The new behavior aligns to the existing documentation.
** libgnutls: The audit log message for weak hashes is no longer printed twice
(!1301).
** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
disabled in the priority string. Previously, even when TLS 1.2 is explicitly
disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
enabled (#1054).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch removes translations, directives in LFS files, and ALG shared
object files which all became orphaned after we disabled ALGs due to NAT
Slipstreaming vulnerability in Core Update 155.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Notable changes as per https://git.savannah.gnu.org/cgit/dmidecode.git/plain/NEWS:
Version 3.3 (Wed Oct 14 2020)
- [BUILD] Allow overriding build settings from the environment.
- [COMPATIBILITY] Document how the UUID fields are interpreted.
- [PORTABILITY] Don't use memcpy on /dev/mem on arm64.
- [PORTABILITY] Only scan /dev/mem for entry point on x86.
- Support for SMBIOS 3.3.0. This includes new processor names, new port
connector types, and new memory device form factors, types and
technologies.
- Add bios-revision, firmware-revision and system-sku-number to -s option.
- Use the most appropriate unit for cache size.
- Decode system slot base bus width and peers.
- Important bug fixes:
Fix Redfish Hostname print length
Fix formatting of TPM table output
Fix System Slot Information for PCIe SSD
Don't choke on invalid processor voltage
- Use the most appropriate unit for cache size.
Version 3.2 (Wed Sep 14 2018)
- [COMPATIBILITY] The UUID is now displayed using lowercase letters, per
RFC 4122 (#53569). You must ensure that any code parsing it is
case-insensitive.
- Support for SMBIOS 3.2.0. This includes new processor names, new socket
and port connector types, new system slot state and property, and support
for non-volatile memory (NVDIMM).
- Support for Redfish management controllers.
- A new command line option to query a specific structure by its handle.
- A new command line option to query the system family string.
- Support for 3 ThinkPad-specific structures (patch #9642).
- Support for HPE's new company name.
- Support UEFI on FreeBSD.
- Important bug fixes:
Fix firmware version of TPM device
Fix the HPE UEFI feature flag check
- (biosdecode) A new command line option to fully decode PIR information
(support request #109339).
This patch also features two new patches recommended by upstream, whose
online version can be retrieved at
https://git.savannah.gnu.org/cgit/dmidecode.git/commit/?id=1117390ccd9cea139638db6f460bb6de70e28f94https://git.savannah.gnu.org/cgit/dmidecode.git/commit/?id=11e134e54d15e67a64c39a623f492a28df922517.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.3.0 to 2.4.1
- Update rootfile
- Changelog (URL in changelog changed to https://verbump(dot)de as mail was
rejected by IPFire mail system due to policy violation because URL was
highlighted as a blacklisted addresss
Release 2.4.1 Sun May 23 2021
Bug fixes:
#488#490 Autotools: Fix installed header expat_config.h for multilib
systems; regression introduced in 2.4.0 by pull request #486
Other changes:
#491#492 Version info bumped from 9:0:8 to 9:1:8;
see https://verbump(dot)de/ for what these numbers do
Special thanks to:
Gentoo's QA check "multilib_check_headers"
Release 2.4.0 Sun May 23 2021
Security fixes:
#34#466#484 CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
(denial-of-service; flavors targeting CPU time or RAM or both,
leveraging general entities or parameter entities or both)
by tracking and limiting the input amplification factor
(<amplification> := (<direct> + <indirect>) / <direct>).
By conservative default, amplification up to a factor of 100.0
is tolerated and rejection only starts after 8 MiB of output bytes
(=<direct> + <indirect>) have been processed.
The fix adds the following to the API:
- A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
signals this specific condition.
- Two new API functions ..
- XML_SetBillionLaughsAttackProtectionMaximumAmplification and
- XML_SetBillionLaughsAttackProtectionActivationThreshold
.. to further tighten billion laughs protection parameters
when desired. Please see file "doc/reference.html" for details.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
- Two new XML_FEATURE_* constants ..
- that can be queried using the XML_GetFeatureList function, and
- that are shown in "xmlwf -v" output.
- Two new environment variable switches ..
- EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
- EXPAT_ENTITY_DEBUG=(0|1)
.. for runtime debugging of accounting and entity processing.
Specific behavior of these values may change in the future.
- Two new command line arguments "-a FACTOR" and "-b BYTES"
for xmlwf to further tighten billion laughs protection
parameters when desired.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
Bug fixes:
#332#470 For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
for UTF-16 payloads containing CDATA sections.
#485#486 Autotools: Fix generated CMake files for non-64bit and
non-Linux platforms (e.g. macOS and MinGW in particular)
that were introduced with release 2.3.0
Other changes:
#468#469 xmlwf: Improve help output and the xmlwf man page
#463 xmlwf: Improve maintainability through some refactoring
#477 xmlwf: Fix man page DocBook validity
#458#459 CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
and CMAKE_INSTALL_INCLUDEDIR
#471#481 CMake: Add support for standard variable BUILD_SHARED_LIBS
#457 Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
#467 Resolve macro HAVE_EXPAT_CONFIG_H
#472 Delete unused legacy helper file "conftools/PrintPath"
#473#483 Improve attribution
#464#465#477 doc/reference.html: Fix XHTML validity
#475#478 doc/reference.html: Replace the 90s look by OK.css
#479 Version info bumped from 8:0:7 to 9:0:8
due to addition of new symbols and error codes;
see https://verbump(dot)de/ for what these numbers do
Infrastructure:
#456 CI: Enable periodic runs
#457 CI: Start covering the list of exported symbols
#474 CI: Isolate coverage task
#476#482 CI: Adapt to breaking changes in image "ubuntu-18.04"
#477 CI: Cover well-formedness and DocBook/XHTML validity
of doc/reference.html and doc/xmlwf.xml
Special thanks to:
Dimitry Andric
Eero Helenius
Nick Wellnhofer
Rhodri James
Tomas Korbar
Yury Gribov and Clang LeakSan
JetBrains
OSS-Fuzz
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 7.76.1 to 7.77.0
- Update rootfile
- Changelog is too large to include here. It can be accesed at
https://curl.se/changes.html
There are 5 changes and 133 bug fixes of which 3 are related to CVE's
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.4.9 to 1.5.0
- Update of rootfile
- Changelog
v1.5.0 (May 11, 2021)
api: Various functions promoted from experimental to stable API: (#2579-2581, @senhuang42)
`ZSTD_defaultCLevel()`
`ZSTD_getDictID_fromCDict()`
api: Several experimental functions have been deprecated and will emit a compiler warning (#2582, @senhuang42)
`ZSTD_compress_advanced()`
`ZSTD_compress_usingCDict_advanced()`
`ZSTD_compressBegin_advanced()`
`ZSTD_compressBegin_usingCDict_advanced()`
`ZSTD_initCStream_srcSize()`
`ZSTD_initCStream_usingDict()`
`ZSTD_initCStream_usingCDict()`
`ZSTD_initCStream_advanced()`
`ZSTD_initCStream_usingCDict_advanced()`
`ZSTD_resetCStream()`
api: ZSTDMT_NBWORKERS_MAX reduced to 64 for 32-bit environments (@Cyan4973)
perf: Significant speed improvements for middle compression levels (#2494, @senhuang42 @terrelln)
perf: Block splitter to improve compression ratio, enabled by default for high compression levels (#2447, @senhuang42)
perf: Decompression loop refactor, speed improvements on `clang` and for `--long` modes (#2614#2630, @Cyan4973)
perf: Reduced stack usage during compression and decompression entropy stage (#2522#2524, @terrelln)
bug: Improve setting permissions of created files (#2525, @felixhandte)
bug: Fix large dictionary non-determinism (#2607, @terrelln)
bug: Fix non-determinism test failures on Linux i686 (#2606, @terrelln)
bug: Fix various dedicated dictionary search bugs (#2540#2586, @senhuang42 @felixhandte)
bug: Ensure `ZSTD_estimateCCtxSize*() `monotonically increases with compression level (#2538, @senhuang42)
bug: Fix --patch-from mode parameter bound bug with small files (#2637, @occivink)
bug: Fix UBSAN error in decompression (#2625, @terrelln)
bug: Fix superblock compression divide by zero bug (#2592, @senhuang42)
bug: Make the number of physical CPU cores detection more robust (#2517, @PaulBone)
doc: Improve `zdict.h` dictionary training API documentation (#2622, @terrelln)
doc: Note that public `ZSTD_free*()` functions accept NULL pointers (#2521, @animalize)
doc: Add style guide docs for open source contributors (#2626, @Cyan4973)
tests: Better regression test coverage for different dictionary modes (#2559, @senhuang42)
tests: Better test coverage of index reduction (#2603, @terrelln)
tests: OSS-Fuzz coverage for seekable format (#2617, @senhuang42)
tests: Test coverage for ZSTD threadpool API (#2604, @senhuang42)
build: Dynamic library built multithreaded by default (#2584, @senhuang42)
build: Move `zstd_errors.h` and `zdict.h` to `lib/` root (#2597, @terrelln)
build: Allow `ZSTDMT_JOBSIZE_MIN` to be configured at compile-time, reduce default to 512KB (#2611, @Cyan4973)
build: Single file library build script moved to `build/` directory (#2618, @felixhandte)
build: `ZBUFF_*()` is no longer built by default (#2583, @senhuang42)
build: Fixed Meson build (#2548, @SupervisedThinking @kloczek)
build: Fix excessive compiler warnings with clang-cl and CMake (#2600, @nickhutchinson)
build: Detect presence of `md5` on Darwin (#2609, @felixhandte)
build: Avoid SIGBUS on armv6 (#2633, @bmwiedmann)
cli: `--progress` flag added to always display progress bar (#2595, @senhuang42)
cli: Allow reading from block devices with `--force` (#2613, @felixhandte)
cli: Fix CLI filesize display bug (#2550, @Cyan4973)
cli: Fix windows CLI `--filelist` end-of-line bug (#2620, @Cyan4973)
contrib: Various fixes for linux kernel patch (#2539, @terrelln)
contrib: Seekable format - Decompression hanging edge case fix (#2516, @senhuang42)
contrib: Seekable format - New seek table-only API (#2113#2518, @mdittmer @Cyan4973)
contrib: Seekable format - Fix seek table descriptor check when loading (#2534, @foxeng)
contrib: Seekable format - Decompression fix for large offsets, (#2594, @azat)
misc: Automatically published release tarballs available on Github (#2535, @felixhandte)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.34 to 2.46
- Update rootfile
- Changelog
2.46 2019-09-24 (by Todd Rinaldo)
- use foreach not for for loops
- produce README.md so travis will show up on github
- remove use vars and switch to our.
- travis-ci testing from 5.8..5.28
- Convert XML::Parser to use 3 arg opens with no barewords.
- Migrate tracker to github
- Switch to XSLoader
- Fix a buffer overwrite in parse_stream()
2.44 2015-01-12 (by Todd Rinaldo)
- RT 99098 - Revert "Add more useful error message on parse to Expat". It breaks
XML::Twig. Calling code will need to do this if it's needed.
- RT 100959 - Add use FileHandle to t/astress.t - Make perl 5.10.0 happy.
2.43 2014-12-11 (by Todd Rinaldo)
- POD patch to man from Debian via Nicholas Bamber
- POD patch from Debian via gregor herrmann.
- Add more useful error message on parse to Expat
- Fix LWP dependency to be LWP::Useragent
- Bump to 2.43 for overdue release to CPAN.
2.42_01 2013-07-12 (by Todd Rinaldo)
- Added instructions to README for OSX
- XS changes: stop using SvPV(string, PL_na)
- Fix documentation typos
2.41 2011-06-01 (by Todd Rinaldo)
- Tests are cleaned. promoting to stable. No changes since 2.40_02
2.40_02 2011-05-31 (by Todd Rinaldo)
- TODO some tests which fail in Free BSD due to improper expat CVE patch
http://www.freebsd.org/cgi/query-pr.cgi?pr=157469
2.40_01 2011-05-24 (by Todd Rinaldo)
- better installation instructions
- Small spelling patches from Debian package - Thanks Nicholas Bamber
- RT 68399 - Upgrade Devel::CheckLib to 0.93 to make it
perl 5.14 compliant - qw()
- RT 67207 - Stop doing tied on globs - Thanks sprout
- RT 31319 - Fix doc links in POD for XML/Parser.pm
2.40 2010-09-16 (by Alexandr Ciornii)
- Add windows-1251.enc, ibm866.enc, koi8-r.enc (Russian)
- Add windows-1255.enc (Hebrew)
- Update iso-8859-7.enc (RT#40712)
- Use Devel::CheckLib
- Better description of expat packages
- Better Perl style in both code and docs
2.36
- Fix for Carp::Heavy bugs
2.35 (mostly by Alexandr Ciornii)
- Works in 5.10 (Andreas J. Koenig)
- Added license in Makefile.PL (Alexandr Ciornii)
- Makefile.PL also searches for expat in C:/lib/Expat-2.0.0 (Alexandr Ciornii)
- No longer uses variable named 'namespace' in Expat.xs (Jeff Hunter)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Full changelog as per CHANGELOG file:
2020-12-09: v1.0.24
* Add new platform abstraction (#252)
* Add Null POSIX backend
* Add support for eventfd
* Add support for thread IDs on Haiku, NetBSD and Solaris
* New API libusb_hotplug_get_user_data()
* Darwin (macOS): Fix race condition that results in segmentation fault (#701)
* Darwin (macOS): Fix stale descriptor information post reset (#733)
* Darwin (macOS): use IOUSBDevice as darwin_device_class explicitly (#693)
* Linux: Drop support for kernel older than 2.6.32
* Linux: Provide an event thread name (#689)
* Linux: Wait until all USBs have been reaped before freeing them (#607)
* NetBSD: Recognize device timeouts (#710)
* OpenBSD: Allow opening ugen devices multiple times (#763)
* OpenBSD: Support libusb_get_port_number() (#764)
* SunOS: Fix a memory leak (#756)
* SunOS: Various fixes (#627, #628, #629)
* Windows: Add Visual Studio 2019 support
* Windows: Drop support for WinCE and Visual Studio older than 2013
* Windows: Drop support for Windows XP
* Windows: Support building all examples using Visual Studio (#151)
* Documentation fixes and improvements
* Various other bug fixes and improvements
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The changelog between version "s20160803" is too large to include it
here, please refer to https://github.com/iputils/iputils/releases for a
human-readable version.
Due to build system changes, single binaries cannot be compiled by
running "make [program]" anymore, updated rootfiles to reflect that
change.
20210202's version of /usr/bin/ping is bug-compatible to s20160803's
one, hence does not cause trouble in ~/src/ppp/ip-up. Tested, works.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.11.31/RELEASE-NOTES-bind-9.11.32.html
"Notes for BIND 9.11.32
Feature Changes
DNSSEC responses containing NSEC3 records with iteration counts
greater than 150 are now treated as insecure. [GL #2445]
The maximum supported number of NSEC3 iterations that can be
configured for a zone has been reduced to 150. [GL #2642]
The implementation of the ZONEMD RR type has been updated to match
RFC 8976. [GL #2658]
Notes for BIND 9.11.31
Security Fixes
A malformed incoming IXFR transfer could trigger an assertion
failure in named, causing it to quit abnormally. (CVE-2021-25214)
ISC would like to thank Greg Kuechle of SaskTel for bringing this
vulnerability to our attention. [GL #2467]
named crashed when a DNAME record placed in the ANSWER section
during DNAME chasing turned out to be the final answer to a client
query. (CVE-2021-25215)
ISC would like to thank Siva Kakarla for bringing this vulnerability
to our attention. [GL #2540]
When a server's configuration set the tkey-gssapi-keytab
or tkey-gssapi-credential option, a specially crafted GSS-TSIG query
could cause a buffer overflow in the ISC implementation of SPNEGO
(a protocol enabling negotiation of the security mechanism used for
GSSAPI authentication). This flaw could be exploited to crash named
binaries compiled for 64-bit platforms, and could enable remote code
execution when named was compiled for 32-bit platforms.
(CVE-2021-25216)
This vulnerability was reported to us as ZDI-CAN-13347 by Trend
Micro Zero Day Initiative. [GL #2604]
Feature Changes
The ISC implementation of SPNEGO was removed from BIND 9 source
code. Instead, BIND 9 now always uses the SPNEGO implementation
provided by the system GSSAPI library when it is built with GSSAPI
support. All major contemporary Kerberos/GSSAPI libraries contain
an implementation of the SPNEGO mechanism. [GL #2607]
Notes for BIND 9.11.30
The BIND 9.11.30 release was withdrawn after a backporting bug was
discovered during pre-release testing. ISC would like to acknowledge the
assistance of Natan Segal of Bluecat Networks.2"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
These are needed by pppd, but were not previously shipped as such.
Instead, since their parent directory at /usr/lib/pppd/${version}/ was
not commented out, we implicitly shipped the entire directory.
This patch does not change our behaviour in the end, but makes things
more transparent to developers.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.2.0 to 2.4.7
- Migrate from python2 to python3
- Move the rootfile from common to packages as pyparsing is an addon
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 10.3.0 to 10.3.2
- Update rootfiles
- Changelog
* 10.3.2: release
* Fix problem that caused the generated manual from being included
in the Windows distributions. Fixes#521.
* Fix 11-year-old bug of leaving unreferenced objects in preserved
object streams. Fixes#520.
* Portability fix: use tm_gmtoff rather than global timezone
variable if available to get timezone offset. This fixes
compilation on BSD and also results in a daylight saving
time-aware offset for Linux or other GNU systems. Fixes#515.
* When adding a page, if the page already exists, make a shallow
copy of the page instead of throwing an exception. This makes the
behavior of adding a page from the library consistent with what
the CLI does and also with what the library does if it starts with
a file that already has a duplicated page. Note that this means
that, in some cases, the page you pass to addPage or addPageAt
(either in QPDF or QPDFPageDocumentHelper) will not be the same
object that actually gets added. (This has actually always been
the case.) That means that, if you are going to do subsequent
modification on the page, you should retrieve it again.
* 10.3.1: release
* Bug fix: allow /DR to be direct in /AcroForm
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.68.1 to 2.68.2
- Update rootfiles
- Changelog
Overview of changes in GLib 2.68.2
* Fix building third-party projects against GLib on CentOS 7 (work by
Ignacio Casal Quinteiro) (#2387)
* Bugs fixed:
- #2387 json-glib does not build with glib 2.68.1
- !2060 gmacros: check that __cplusplus or _MSC_VER is defined
- !2068 gmacros: missing check if __STDC_VERSION__ is defined
- !2079 Backport !2078 “gthreadedresolver: don't ignore flags in lookup_by_name_with_flags” to glib-2-68
* Translation updates:
- Nepali
- Serbian
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
These include rootfiles, firewall menue entries that have been
unmaintained for a long time, and firewall chains which were never used
in recent time.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This library has received no attention within the last three years. By
design, UPnP is a security risk on any firewall, and and outdated
version of a UPnP library definitely is.
This patch therefore drops libupnp completely.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 10.1 to 10.2
- Update rootfiles
- Changelog
GDB 10.2 brings the following fixes and enhancements over GDB 10.1:
* PR remote/26614 (AddressSanitizer: heap-use-after-free of extended_remote_target in remote_async_inferior_event_handler)
* PR gdb/26828 (SIGSEGV in follow_die_offset dwarf2/read.c:22950)
* PR gdb/26861 (internal-error: void target_mourn_inferior(ptid_t): Assertion `ptid == inferior_ptid' failed. OS: Mac OSX Catalina; Compiler: GCC; Language: C)
* PR gdb/26876 (gdb error: internal-error: Unknown CFA rule when debugging the linux kernel with qemu)
* PR breakpoints/26881 (infrun.c:6384: internal-error: void process_event_stop_test(execution_control_state*): Assertion `ecs->event_thread->control.exception_resume_breakpoint != NULL' failed)
* PR gdb/26901 (Array subscript fails with flexible array member without size)
* PR tui/26973 (gdb crashes when not including the status window in a new layout)
* PR python/26974 (Wrong Value.format_string docu for static members argument)
* PR breakpoints/27009 ([s390] GDB branches randomly for BC instruction while displaced stepping)
* PR tdep/27015 (ARC: "eret" value is collected from the wrong data in register cache)
* PR backtrace/27147 ([GNU/Linux, sparc64] GDB is unable to print full stack trace (got "previous frame inner to this frame" errors))
* PR rust/27194 (put rust demangler on 10.x branch)
* PR threads/27239 (gdb/cp-support.c:1619:(.text+0x5502): relocation truncated to fit: R_X86_64_PC32 against undefined symbol `TLS init function for thread_local_segv_handler')
* PR breakpoints/27330 (nextoverthrow.exp FAILs on arm-none-eabi)
* PR symtab/27333 ([dwarf-5] abort on unhandled DW_TAG_type_unit in process_psymtab_comp_unit)
* PR fortran/27341 ([dwarf-5] FAIL: gdb.fortran/function-calls.exp: p derived_types_and_module_calls::pass_cart_nd(c_nd))
* PR tdep/27369 (ARC: Stepping over atomic instruction sequences loops infinitely)
* PR build/27385 (Cannot compile arc.c with gcc-4.8 (error: no matching function for call to 'std::pair...'))
* PR gdb/27435 (Attach on solaris segfaults GDB)
* PR build/27535 (amd64-linux-siginfo.c fails to compile after updating to glibc-2.33 headers)
* PR build/27536 (aarch64-linux-hw-point.c fails to compile after updating to glibc-2.33)
* PR symtab/27541 (gdb crashes on "file -readnow")
* PR gdb/27750 (local variables have wrong address and values on sparc64)
* PR varobj/27757 (-var-list-children coredump)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is only needed in case of bounces generated by locally emitted
messages. We neither store these, nor do we create mail boxes on a
firewall. Safe to drop.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
To my surprise, this binary comes with suid flag set, and since we do
not have SSH key signing enabled, there is no need to ship it with
IPFire.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
we merging from python2 to 3 and this is not needed anymore
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- python-ipaddress is the python2 backport of the python3 built in
ipaddress module. Therefore python-ipaddress is not needed with the
move to try and remove python2
- Remove the lfs and rootfiles and adjust make.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 0.2.7 to 0.2.10
- Convert from python-inotify to python3-inotify
make.sh, lfs & rootfiles
- Update rootfiles
- Changelog
0.2.8: - We now just *skip* the event if not known
- Implement InotifyTree and InotifyTrees as sub-classes of new BaseTree
class
- Made InotifyTree and InotifyTrees sub-classes of new base class
BaseTree
- Recursively watch a list of paths/trees
0.2.9: - Added getter for Inotify object from tree objects
- Added note to docs about race-conditions. Added small change for
redundant adds.
- Slightly reorganized documentation. Updated example.
- Merge pull request #35 from dsoprea/dustin. Added extensive unit-test
coverage. Closes all bug requests.
- Added large amount of unit-test coverage.
- Now handle rename-specific events.
- Can now also ignore issues with new directories not existing if
you're created *and* deleted or renamed a folder since the last
time events were read.
- Adjusted requirements for simplicity.
- Added Python 3 compatibility.
- Fixed Unicode support.
- Can now provide `filter_predicate` to event_gen() to allow custom
loop termination based on events.
- We'll now terminate the loop when certain events are encountered.
These events are passed into event_gen() as `terminal_events`. By
default these are the IN_Q_OVERFLOW and IN_UNMOUNT types.
- Fixes#28
- Fixes#23
- Fixes#22
- Fixes#19
- Fixes#16
- Fixes#15
- Fixes#5
- Check presence of both glibc errno and musl libc err
- Support for musl libc (Alpine Linux)
- Merge pull request #27 from jessesuen/master. Support for musl libc
(Alpine Linux)
- Check presence of both glibc errno and musl libc err
- Merge pull request #26 from hathcock/hathcock/issue-25. resolves#25,
list of binary paths can't be logged with existing call
- Support for musl libc (Alpine Linux)
- Resolves#25, list of binary paths can't be logged with existing
call
0.2.10: - Merge pull request #34 from davidparsson/
feature/support-moved-directories
- Support MOVED_FROM and MOVED_TO in BaseTree
- events: Now log event types from epoll vs data stream.
- This release implicitly fixed the botched binary package released
in 0.2.9
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- six is a python compatibility module to enable modules to run on
both python2 and python3. The code from six has to be copied into
any other module/project that is intending to use it.
- With the planned removal of python2 then neither version of this
compatibility module is needed.
- Removal of the lfs and rootfiles. Although python-six is an addon
its rootfile was installed into the common folder rather than the
packages folder.
- Removal of the python-six and python3-six entries in make.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Add --without-python and --disable-static to the configure section
python2 modules not required for libxslt use in IPFire
disable build of static libraries
- Update rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Added --without-python to configure section to not build the python2
modules which are not required for libxml2 use in IPFire
- Update rootfile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
"g++" -fvisibility-inlines-hidden -fPIC -O3 -finline-functions -Wno-inline -Wall -fvisibility=hidden -O2 -pipe -Wall -fexceptions -fPIC -march=armv5te -mfloat-abi=soft -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -O3 -fno-strict-aliasing -O2 -pipe -Wall -fexceptions -fPIC -march=armv5te -mfloat-abi=soft -fomit-frame-pointer -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -O3 -fno-strict-aliasing -DBOOST_ALL_NO_LIB=1 -DBOOST_REGEX_DYN_LINK=1 -DNDEBUG -I"." -c -o "serial/boost/bin.v2/libs/regex/build/gcc-10.2.0/release/pch-off/visibility-hidden/wide_posix_api.o" "libs/regex/build/../src/wide_posix_api.cpp"
In file included from ./boost/regex/v5/perl_matcher_non_recursive.hpp:23,
from ./boost/regex/v5/perl_matcher.hpp:572,
from ./boost/regex/v5/regex.hpp:45,
from ./boost/regex.hpp:34,
from libs/regex/build/../src/wide_posix_api.cpp:25:
./boost/regex/v5/mem_block_cache.hpp:91:11: error: 'static_mutex' in namespace 'boost' does not name a type
91 | boost::static_mutex mut;
| ^~~~~~~~~~~~
./boost/regex/v5/mem_block_cache.hpp: In member function 'void* boost::re_detail_500::mem_block_cache::get()':
./boost/regex/v5/mem_block_cache.hpp:106:37: error: 'mut' was not declared in this scope; did you mean 'put'?
106 | std::lock_guard<std::mutex> g(mut);
| ^~~
| put
./boost/regex/v5/mem_block_cache.hpp: In member function 'void boost::re_detail_500::mem_block_cache::put(void*)':
./boost/regex/v5/mem_block_cache.hpp:120:37: error: 'mut' was not declared in this scope; did you mean 'put'?
120 | std::lock_guard<std::mutex> g(mut);
| ^~~
| put
./boost/regex/v5/mem_block_cache.hpp: In static member function 'static boost::re_detail_500::mem_block_cache& boost::re_detail_500::mem_block_cache::instance()':
./boost/regex/v5/mem_block_cache.hpp:137:52: error: 'BOOST_STATIC_MUTEX_INIT' was not declared in this scope; did you mean 'BOOST_STATIC_CONSTANT'?
137 | static mem_block_cache block_cache = { 0, 0, BOOST_STATIC_MUTEX_INIT, };
| ^~~~~~~~~~~~~~~~~~~~~~~
| BOOST_STATIC_CONSTANT
./boost/regex/v5/mem_block_cache.hpp:137:77: error: too many initializers for 'boost::re_detail_500::mem_block_cache'
137 | static mem_block_cache block_cache = { 0, 0, BOOST_STATIC_MUTEX_INIT, };
| ^
...failed updating 2 targets...
make: *** [boost:102: /usr/src/log/boost_1_76_0] Error 1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1_71_0 to 1_76_0
- Update rootfile for x86_64 and copy for other architectures by replacing
x64 with x32 for i586, a32 for armv5tel and a64 for aarch64
- Make build use python3
- add link=shared to build to only have shared libraries created, except for
libboost_exception and libboost_test_exec_monitor which are only
created as static versions
- Changelog
Fixes
algorithm::reduce with crop now does not remove the counts in flow
bins anymore if the selected range actually overlaps with the flow
bins, making the treatment of flow bins consistent with inner bins
accumulators::mean and accumulators::weighted_mean now compute the
correct variance when operator+= was called, for example, when
histograms with accumulators are added; this was wrong before
leading to too small variances
detection of weight support in user-defined accumulators was broken
at compile-time if accumulator used operator+= instead of
operator(); tests only accidentally passed for builtin weighted_sum
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 21.04.0 to 21.05.0
- Update of rootfile
- Ran find-dependencies - nothing found
- Changelog
Release 21.05.0:
core:
* Fix crashes in malformed files
* Export SplashFont* symbols used by Scribus
* Minor code improvements
glib:
* Enhance find to support multi-line matching
qt5/qt6:
* Make sure new signatures are always properly oriented
* Allow to pass the border width when signing
utils:
* pdftoppm: Fix regression when using single scaleTo. Issue #1062
build system:
* Allow to disable building manual tests
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.20.0 to 3.20.2
- Update rootfile
- Changelog
3.20.1
-The FindIntl module in CMake 3.20.0 added checks
Intl_HAVE_GETTEXT_BUILTIN, Intl_HAVE_DCGETTEXT_BUILTIN, and
Intl_IS_BUILTIN, but they were not implemented correctly. These have
been removed and replaced with a single Intl_IS_BUILT_IN check, whose
name is consistent with the FindIconv module.
-The -rpath linker flag is now specified as supported on all Apple
platforms, not just macOS. The install_name_dir used for iOS, tvOS
and watchOS should now default to @rpath instead of using a full
absolute path and failing at runtime when the library or framework
is embedded in an application bundle (see XCODE_EMBED_<type>).
3.20.2
-The Intel Classic 2021 compiler version numbers are now detected
correctly as having major version 2021. CMake 3.20.1 and below were
not aware of a change to the identification macro version scheme
made by Intel starting in version 2021, and detected the version
as 20.2.
-The Intel oneAPI Fortran compiler is now identified as IntelLLVM.
The oneAPI 2021.1 Fortran compiler is missing an identification
macro, so CMake 3.20.1 and below identified it as Intel. CMake now
has a special case to recognize oneAPI 2021.1 Fortran as IntelLLVM.
The oneAPI 2021.2 Fortran compiler defines the proper identification
macro and so is identified as IntelLLVM by all CMake 3.20 versions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
