mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-10 02:55:55 +02:00
68b8511f1dbceb267429a4f71f94ccba262e94de
3323 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Matthias Fischer
|
249819695d |
bind: Update to 9.16.37
For details for 9.16.36 and 9.16.37 see: https://downloads.isc.org/isc/bind9/9.16.37/doc/arm/html/notes.html#notes-for-bind-9-16-37 "Notes for BIND 9.16.37 Security Fixes An UPDATE message flood could cause named to exhaust all available memory. This flaw was addressed by adding a new update-quota option that controls the maximum number of outstanding DNS UPDATE messages that named can hold in a queue at any given time (default: 100). (CVE-2022-3094) ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention. [GL #3523] named could crash with an assertion failure when an RRSIG query was received and stale-answer-client-timeout was set to a non-zero value. This has been fixed. (CVE-2022-3736) ISC would like to thank Borja Marcos from Sarenet (with assistance by Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to our attention. [GL #3622] named running as a resolver with the stale-answer-client-timeout option set to any value greater than 0 could crash with an assertion failure, when the recursive-clients soft quota was reached. This has been fixed. (CVE-2022-3924) ISC would like to thank Maksym Odinintsev from AWS for bringing this vulnerability to our attention. [GL #3619] New Features The new update-quota option can be used to control the number of simultaneous DNS UPDATE messages that can be processed to update an authoritative zone on a primary server, or forwarded to the primary server by a secondary server. The default is 100. A new statistics counter has also been added to record events when this quota is exceeded, and the version numbers for the XML and JSON statistics schemas have been updated. [GL #3523] Feature Changes The Differentiated Services Code Point (DSCP) feature in BIND has been deprecated. Configuring DSCP values in named.conf now causes a warning to be logged. Note that this feature has only been partly operational since the new Network Manager was introduced in BIND 9.16.0. [GL #3773] The catalog zone implementation has been optimized to work with hundreds of thousands of member zones. [GL #3744] Bug Fixes In certain query resolution scenarios (e.g. when following CNAME records), named configured to answer from stale cache could return a SERVFAIL response despite a usable, non-stale answer being present in the cache. This has been fixed. [GL #3678] ... Notes for BIND 9.16.36 Feature Changes The auto-dnssec option has been deprecated and will be removed in a future BIND 9.19.x release. Please migrate to dnssec-policy. [GL #3667] Bug Fixes When a catalog zone was removed from the configuration, in some cases a dangling pointer could cause the named process to crash. This has been fixed. [GL #3683] When a zone was deleted from a server, a key management object related to that zone was inadvertently kept in memory and only released upon shutdown. This could lead to constantly increasing memory use on servers with a high rate of changes affecting the set of zones being served. This has been fixed. [GL #3727] In certain cases, named waited for the resolution of outstanding recursive queries to finish before shutting down. This was unintended and has been fixed. [GL #3183] The zone <name>/<class>: final reference detached log message was moved from the INFO log level to the DEBUG(1) log level to prevent the named-checkzone tool from superfluously logging this message in non-debug mode. [GL #3707]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> |
||
Adolf Belka
|
37f48533d7 |
help2man: Install new package required for updated libtool
- package only needed for build of libtool so rootfile is all commented out. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
31c0c32779 |
libtool: Update to version 2.4.7
- Update from version 2.4.6 (Feb 2015) to 2.4.7 (Mar 2022)
- Update of rootfile
- The shebang in the libtoolize script has changed from ! /bin/sh to ! /usr/bin/env sh
because apparently the previous version presented challenges for containerised
environments. For IPFire build it meant that using libtoolize in the build of libxcrypt
failed because it could not deal with the changed shebang.
- Patch created to change the shebang for libtoolize.in back to the version in 2.4.6 and
earlier.
- The change of libtoolize.in then caused the libtool build to try and rebuild the man
page for it but this fails as help2man is required for this. There is no option in the
configure to not build the docs so hence there is an associated patch with this one
that build help2man but the rootfile is completely commented out as it is only
required for the build
- Added --disable-static to the configure options
- Changelog
Noteworthy changes in release 2.4.7 (2022-03-16) [stable]
New features:
- Libtool script now supports (configure-time and runtime) ARFLAGS
variable, which obsoletes AR_FLAGS. This is due to naming conventions
among other *FLAGS and to be consistent with Automake's ARFLAGS.
- Gnulib testsuite is enabled and run during 'make check'.
- Support the Windows version of the Intel C Compiler (icl) in
libtool script.
- Pass '-fsanitize=*' flags for GCC and LLVM, and '-specs=*' for GCC
to linker.
- Pass '-Xassembler=*' and '-Wa,*' flag to compilers and linkers.
- The variable 'FILECMD' with default value of '/usr/bin/file' was used to
replace existing hard coded references to '/usr/bin/file'.
- Add MidnightBSD support.
Important incompatible changes:
- Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'.
- Do not pass '-pthread' to Solaris linker.
- 'libtool' and 'libtoolize' scripts now use '#! /usr/bin/env sh' shebang.
Previously '#! /bin/sh' was used, which presents challenges for
containerized environments.
Bug fixes:
- Fix significant slowdown of libtoolize for certain projects (regression
introduced in 2.4.3 release) caused by infinite m4 macro recursion.
- Mitigate the slowdown of libtool script (introduced in v2.4.3) caused by
increased number of calls to '$SED $sed_quote_subst' (bug#20006).
- Properly parse and export TLS symbols on AIX.
- Various bug fixes surrounding use of 'sed'.
- Darwin systems set proper "allow undefined" flag on OSX 11, and
PowerPC 10.5.
- Removed some deprecated tests related to 'Makefile.inc' files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Matthias Fischer
|
68e2844141 |
rust: Update to 1.65
For details see: https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1650-2022-11-03 I started updating rust to 1.65 mainly because 'clamav 0.105.1-3' and the shortly thereafter released version 'clamav 1.0.0' need at least 'rust 1.56': "Building ClamAV requires, at a minimum, Rust compiler version 1.56, as it relies on features introduced in the Rust 2021 Edition." At this point we were still on 'nightly 2022-01-27'. Ok then... But it was a bit more tricky than I thought, because this update wouldn't build without patching most of the existing rust-crate-lfs files in a way I didn't expect. Please note the patch series following this update... Nevertheless, the update to 1.65 and ALL testbuilds completed without any errors. Unfortunately, I can only provide the rootfile for x86_64 - I don't have the appropriate hardware for anything else. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> |
||
|
Adolf Belka
|
fcc21cadf3 |
ragel: Update to version 7.0.4
- Update from version 7.0.0.11 to 7.0.4 - Update of rootfile - Changelog updated language flags, catch abortcompile throw in non-ragel progs 7.0.3 This version of colm includes a critical fix for big-endian system. Fixes #61. expect colm version 0.14.6 and version bump ragel to 7.0.3 7.0.2 Latest colm includes bugfixes for refcounting, which fixes a ragel issue with includes #58. expect colm 0.14.5 and version bump to 7.0.2 7.0.1 removed accidental commit of ragel/.exrc 7.0.0.12 implemented NfaClear in asm codegen Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
59408f2cbf |
colm: Update to version 0.14.7
- Update from version 0.13.0.6 to 0.14.7 - Update of rootfile - patch from colm commit fc61ecb required to fix bug of make looking for static and dynamic libs even if one of them was disabled - Changelog is not available in source tarball or on website etc. Changes have to be reviewed by the commits https://github.com/adrian-thurston/colm/commits/0.14.7 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
c4597ec47e |
fontconfig: Update to version 2.14.1
- Update from version 2.13.1 (2018) to 2.14.1 (Oct 2022) - 8 versions - Update of rootfile - Changelog is the gitlab repository commits https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commits/main/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Matthias Fischer
|
ca92e035a7 |
apache: Update to 2.4.55
Again: huge changelog, for details see: https://dlcdn.apache.org/httpd/CHANGES_2.4.55 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
cdb528e22f |
fuse: Update to version 3.13.0
- Update from version 3.11.0 to 3.13.0 - Update of rootfile - Changelog libfuse 3.13.0 (2023-01-13) - There is a new low-level API function `fuse_session_custom_io` that allows to implement a daemon with a custom io. This can be used to create a daemon that can process incoming FUSE requests to other destinations than `/dev/fuse`. - A segfault when loading custom FUSE modules has been fixed. - There is a new `fuse_notify_expire_entry` function. - A deadlock when resolving paths in the high-level API has been fixed. - libfuse can now be build explicitly for C libraries without symbol versioning support. libfuse 3.12.0 (2022-09-08) - There is a new build parameter to specify where the SysV init script should be installed. - The *max_idle_threads* parameter has been deprecated in favor of the new max_threads* parameter (which avoids the excessive overhead of creating and destructing threads). Using max_threads == 1 and calling fuse_session_loop_mt() will run single threaded similar to fuse_session_loop(). The following changes apply when using the most recent API (-DFUSE_USE_VERSION=312, see `example/passthrough_hp.cc` for an example for how to usse the new API): - `struct fuse_loop_config` is now private and has to be constructed using - fuse_loop_cfg_create()* and detroyed with *fuse_loop_cfg_destroy()*. Parameters can be - changed using `fuse_loop_cfg_set_*()` functions. - fuse_session_loop_mt()* now accepts `struct fuse_loop_config *` as NULL pointer. - fuse_parse_cmdline()* now accepts a *max_threads* option. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
Peter Müller
|
22f2aa2187 |
boost: Update 32-bit ARM rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
731fb11b8d |
python3: Update 32-bit ARM rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
76ae491a19 |
linux: Update 32-bit ARM rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
13b65c78bf |
python3: Fix x86_64 rootfile
https://lists.ipfire.org/pipermail/nightly-builds/2023-January/004089.html Reported-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
dce8d55955 |
linux: Update x86_64 rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
Michael Tremer
|
debf583b42 |
rootfiles: Remove further spaces
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Michael Tremer
|
f5c45515b5 |
linux-firmware: Drop hack to remove spaces in filenames
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
ffec5f3ce1 |
iptables: Update to version 1.8.9
- Update from version 1.8.8 to 1.8.9
- Update of rootfile
- Changelog
xtables-monitor: add missing spaces in printed str
build: Fix error during out of tree build
iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode
iptables.8: mention that iptables exits when setuid
extensions: libxt_conntrack: remove always-false conditionals
nft: fix ebtables among match when mac+ip addresses are used
nft: support dissection of meta pkktype mode
nft: prefer native 'meta pkttype' instead of xt match
extensions: libxt_pkttype: support otherhost
nft: support ttl/hoplimit dissection
nft: prefer payload to ttl/hl module
nft: un-break among match with concatenation
Revert "nft: prefer payload to ttl/hl module"/'meta pkttype' match.
nft: track each register individually
tests: extend native delinearize script
nft: check for unknown meta keys
iptables-nft: exit nonzero when iptables-save cannot decode all expressions
xlate: get rid of escape_quotes
extensions: change expected output for new format
xlate-test: avoid shell entanglements
nft-bridge: work around recent "among" decode breakage
extensions: add xt_statistics random mode translation
netfilter: add nf_log.h
treewide: use uint* instead of u_int*
nft: replace nftnl_.*_nlmsg_build_hdr() by nftnl_nlmsg_build_hdr()
nft-shared: replace nftnl_expr_get_data() by nftnl_expr_get()
xshared: Fix build for -Werror=format-security
Revert "fix build for missing ETH_ALEN definition"
tests: shell: Check overhead in iptables-save and -restore
libxtables: Unexport init_extensions*() declarations
arptables: Support -x/--exact flag
iptables-legacy: Drop redundant include of xtables-multi.h
xshared: Make some functions static
Makefile: Add --enable-profiling configure option
tests: shell: Add some more rules to 0002-verbose-output_0
tests: shell: Extend iptables-xml test a bit
tests: shell: Extend zero counters test a bit further
extensions: libebt_standard.t: Test logical-{in,out} as well
ebtables-restore: Deny --init-table
extensions: string: Do not print default --to value
extensions: string: Review parse_string() function
extensions: string: Fix and enable tests
nft: Exit if nftnl_alloc_expr fails
libxtables: Move struct xtables_afinfo into xtables.h
libxtables: Define XT_OPTION_OFFSET_SCALE in xtables.h
libxtables: Fix unsupported extension warning corner case
tests: shell: Fix testcases for changed ip6tables opts output
xshared: Fix for missing space after 'prot' column
xshared: Print protocol numbers if --numeric was given
xtables-restore: Extend failure error message
nft: Expand extended error reporting to nft_cmd, too
tests: shell: Test delinearization of native nftables expressions
ebtables: Drop unused OPT_* defines
ebtables: Eliminate OPT_TABLE
ebtables: Merge OPT_* flags with xshared ones
nft-shared: Introduce __get_cmp_data()
ebtables: Support '-p Length'
ebtables: Fix among match
nft: Fix meta statement parsing
nft-bridge: Drop 'sreg_count' variable
tests: iptables-test: Simplify '-N' option a bit
tests: iptables-test: Simplify execute_cmd() calling
tests: iptables-test: Pass netns to execute_cmd()
tests: iptables-test: Test both variants by default
extensions: among: Remove pointless fall through
extensions: among: Fix for use with ebtables-restore
extensions: libebt_stp: Eliminate duplicate space in output
extensions: libip6t_dst: Fix output for empty options
extensions: TCPOPTSTRIP: Do not print empty options
extensions: libebt_log: Avoid empty log-prefix in output
tests: IDLETIMER.t: Fix syntax, support for restore input
tests: libebt_stp.t: Drop duplicate whitespace
tests: shell: Fix expected output for ip6tables dst match
tests: shell: Fix expected ebtables log target output
libiptc: Fix for segfault when renaming a chain
nft: Fix compile with -DDEBUG
extensions: NFQUEUE: Document queue-balance limitation
tests: iptables-test: Implement fast test mode
tests: iptables-test: Cover for obligatory -j CONTINUE in ebtables
tests: *.t: Fix expected output for simple calls
tests: *.t: Fix for hexadecimal output
tests: libebt_redirect.t: Plain redirect prints with trailing whitespace
tests: libxt_length.t: Fix odd use-case output
tests: libxt_recent.t: Add missing default values
tests: libxt_tos.t, libxt_TOS.t: Add missing masks in output
tests: libebt_vlan.t: Drop trailing whitespace from rules
tests: libxt_connlimit.t: Add missing default values
tests: *.t: Add missing all-one's netmasks to expected output
extensions: DNAT: Fix bad IP address error reporting
extensions: *NAT: Drop NF_NAT_RANGE_PROTO_RANDOM* flag checks
extensions: DNAT: Use __DNAT_xlate for REDIRECT, too
extensions: DNAT: Generate print, save and xlate callbacks
extensions: DNAT: Rename some symbols
extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE
tests: xlate-test: Cleanup file reading loop
tests: xlate-test.py: Introduce run_proc()
tests: xlate-test: Replay results for reverse direction testing
xshared: Share make_delete_mask() between ip{,6}tables
nft-shared: Introduce port_match_single_to_range()
extensions: libip*t_LOG: Merge extensions
extensions: libebt_ip: Include kernel header
extensions: libebt_arp, libebt_ip: Use xtables_ipparse_any()
extensions: Collate ICMP types/codes in libxt_icmp.h
extensions: Unify ICMP parser into libxt_icmp.h
Drop extra newline from xtables_error() calls
extensions: mark: Test double bitwise in a rule
extensions: libebt_mark: Fix mark target xlate
extensions: libebt_mark: Fix xlate test case
extensions: libebt_redirect: Fix xlate return code
extensions: libipt_ttl: Sanitize xlate callback
extensions: CONNMARK: Fix xlate callback
extensions: MARK: Sanitize MARK_xlate()
extensions: TCPMSS: Use xlate callback for IPv6, too
extensions: TOS: Fix v1 xlate callback
extensions: ecn: Sanitize xlate callback
extensions: tcp: Translate TCP option match
extensions: libebt_log: Add comment to clarify xlate callback
extensions: frag: Add comment to clarify xlate callback
extensions: ipcomp: Add comment to clarify xlate callback
libxtables: xt_xlate_add() to take care of spacing
extensions: Leverage xlate auto-spacing
extensions: libxt_conntrack: Drop extra whitespace in xlate
extensions: xlate: Format sets consistently
tests: shell: Test selective ebtables flushing
tests: shell: Fix valgrind mode for 0008-unprivileged_0
iptables-restore: Free handle with --test also
iptables-xml: Free allocated chain strings
nft: Plug memleak in nft_rule_zero_counters()
iptables: Plug memleaks in print_firewall()
xtables: Introduce xtables_clear_iptables_command_state()
iptables: Properly clear iptables_command_state object
xshared: Free data after printing help
libiptc: Eliminate garbage access
ebtables: Implement --check command
tests: xlate: Use --check to verify replay
nft: Fix for comparing ifname matches against nft-generated ones
nft: Fix match generator for '! -i +'
nft: Recognize INVAL/D interface name
xtables-translate: Fix for interfaces with asterisk mid-string
ebtables: Fix MAC address match translation
Makefile: Create LZMA-compressed dist-files
Drop INCOMPATIBILITIES file
Drop libiptc/linux_stddef.h
Makefile: Generate ip6tables man pages on the fly
extensions: Makefile: Merge initext targets
iptables/Makefile: Reorg variable assignments
iptables/Makefile: Split nft-variant man page list
Makefile: Fix for 'make distcheck'
Makefile: Generate .tar.xz archive with 'make dist'
include/Makefile: xtables-version.h is generated
tests: Adjust testsuite return codes to automake guidelines
Makefile.am: Integrate testsuites
nft: Parse icmp header matches
arptables: Check the mandatory ar_pln match
nft: Increase rule parser strictness
nft: Make rule parsing errors fatal
nft: Reject tcp/udp extension without proper protocol match
gitignore: Ignore utils/nfsynproxy
gitignore: Ignore generated ip6tables man pages
ebtables-translate: Install symlink
Makefile: Replace brace expansion
configure: Bump version for 1.8.9 release
tests: add ebtables among testcase
xt_sctp: support a couple of new chunk types
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
d64553af77 |
libtiff: Update to version 4.5.0
- Update from version 4.4.0 to 4.5.0 - Update o0f rootfile - sobump requires shipping of core programs poppler (covered by update patch) and perl together with addons cups-filters and spandsp (covered by PAK_VER updates in patch series. - Changelog is t6oo long to include here. For details see the ChangeLog file in the source tarball. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Matthias Fischer
|
73cb5771b1 |
libpcap: Update to 1.10.3
For deails see: https://git.tcpdump.org/libpcap/blob/HEAD:/CHANGES#43 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
177db98c21 | Merge remote-tracking branch 'arne_f/kernel-6.1' into next | ||
Arne Fitzenreiter
|
3e066f550b |
kernel: update rootfiles and config
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Adolf Belka
|
275ca7abb8 |
xfsprogs: Update to version 6.1.0
- Update from version 5.18.0 to 6.1.0 - Update of rootfile - Changelog There is no changelog in the source tarball or in the kernel site where the source tarballs are available from. xfs.org, which normally provides access to the git repository, fails to connect. xfs.wiki.kernel.org has no changelog info in it. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
268c91d163 |
poppler: Update to version 23.01.0
- Update from version 22.11.0 to 23.01.0
- Update of rootfile
- sobump checked with find-dependencies but not other programs other than from poppler
are flagged up.
- Changelog
Release 23.01.0:
core:
* PDFDoc::sign: Fix crash if font can't be found
* PDFDoc::sign: Try Arial to sign if Helvetica isn't found
* FoFiType1::parse: Be more flexible parsing the encoding content. Issue #1324
* Gfx::opBeginMarkedContent: Support Span with Name. Issue #1327
* Splash: Avoid color issues due to implicit rounding
* Splash: Fix crash on malformed file.
* CairoOutputDev: Ignore text rendering mode for type3 fonts
* Remove unused FoFiType1::load function
build system:
* Increase minimum required versions of several dependencies
* Improve include path handling
qt6:
- Use less deprecated functions
Release 22.12.0:
core:
* Form::addFontToDefaultResources: Be stubborn in finding a font we can use.
Issue #1272
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
3d0cdaea87 |
mpfr: Update to version 4.2.0
- Update from version 4.1.1 to 4.2.0
- Update of rootfile
- Changelog
Changes from versions 4.1.1 to version 4.2.0
Binary compatible with MPFR 4.0.* and 4.1.*, though some minor changes in
the behavior of the formatted output functions may be visible, regarded as
underspecified behavior or bug fixes (see below).
New functions mpfr_cosu, mpfr_sinu, mpfr_tanu, mpfr_acosu, mpfr_asinu,
mpfr_atanu and mpfr_atan2u.
New functions mpfr_cospi, mpfr_sinpi, mpfr_tanpi, mpfr_acospi, mpfr_asinpi,
mpfr_atanpi and mpfr_atan2pi.
New functions mpfr_log2p1, mpfr_log10p1, mpfr_exp2m1, mpfr_exp10m1 and
mpfr_compound_si.
New functions mpfr_fmod_ui, mpfr_powr, mpfr_pown, mpfr_pow_uj, mpfr_pow_sj
and mpfr_rootn_si (mpfr_pown is actually a macro defined as an alias for
mpfr_pow_sj).
Bug fixes.
In particular, for the formatted output functions (mpfr_printf, etc.),
the case where the precision consists only of a period has been fixed
to be like .0 as specified in the ISO C standard, and the manual has
been corrected and clarified.
The macros of the custom interface have also been fixed: they now behave
like functions (except a minor limitation for mpfr_custom_init_set).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
e3377abbb1 |
keyutils: Update to version 1.6.3
- Update from version 1.5.11 to 1.6.3 - Update of rootfile - Changelog is not available in source tarball. Only source for changes is the git repository https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/log/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
3816b8b5bc |
knot: Update to version 3.2.4
- Update from version 3.1.7 to 3.2.4
- Update of rootfile
- find-dependencies run and only thing showing as depending on the libs are knot itself.
- Changelog
Knot DNS 3.2.4 (2022-12-12)
Improvements:
- knotd: significant speed-up of catalog zone update processing
- knotd: new runtime check if RRSIG lifetime is lower than RRSIG refresh
- knotd: reworked zone re-bootstrap scheduling to be less progressive
- mod-synthrecord: module can work with CIDR-style reverse zones #826
- python: new libknot wrappers for some dname transformation functions
- doc: a few fixes and improvements
Bugfixes:
- knotd: incomplete zone is received when IXFR falls back to AXFR due to
connection timeout if primary puts initial SOA only to the first message
- knotd: first zone re-bootstrap is planned after 24 hours
- knotd: EDNS EXPIRE option is present in outgoing transfer of a catalog zone
- knotd: catalog zone can expire upon EDNS EXPIRE processing
- knotd: DNSSEC signing doesn't fail if no offline KSK records available
Knot DNS 3.2.3 (2022-11-20)
Improvements:
- knotd: new per-zone DS push configuration option (see 'zone.ds-push')
- libs: upgraded embedded libngtcp2 to 0.11.0
Bugfixes:
- knsupdate: program crashes when sending an update
- knotd: server drops more responses over UDP under higher load
- knotd: missing EDNS padding in responses over QUIC
- knotd: some memory issues when handling unusual QUIC traffic
- kxdpgun: broken IPv4 source subnet processing
- kdig: incorrect handling of unsent data over QUIC
Knot DNS 3.2.2 (2022-11-01)
Features:
- knotd,kxdpgun: support for VLAN (802.1Q) traffic in the XDP mode
- knotd: added configurable delay upon D-Bus initialization (see 'server.dbus-init-delay')
- kdig: support for JSON (RFC 8427) output format (see '+json')
- kdig: support for PROXYv2 (see '+proxy') (Gift for Peter van Dijk)
Improvements:
- mod-geoip: module respects the server configuration of answer rotation
- libs: upgraded embedded libngtcp2 to 0.10.0
- tests: improved robustness of some unit tests
- doc: added description of zone bootstrap re-planning
Bugfixes:
- knotd: catalog confusion when a member is added and immediately deleted #818
- knotd: defective handling of short messages with PROXYv2 header #816
- knotd: inconsistent processing of malformed messages with PROXYv2 header #817
- kxdpgun: incorrect XDP mode is logged
- packaging: outdated dependency check in RPM packages
Knot DNS 3.2.1 (2022-09-09)
Improvements:
- libknot: added compatibility with libbpf 1.0 and libxdp
- libknot: removed some trailing white space characters from textual RR format
- libs: upgraded embedded libngtcp2 to 0.8.1
Bugfixes:
- knotd: some non-DNS packets not passed to OS if XDP mode enabled
- knotd: inappropriate log about QUIC port change if QUIC not enabled
- knotd/kxdpgun: various memory leaks related to QUIC and TCP
- kxdpgun: can crash at high rates in emulated XDP mode
- tests: broken XDP-TCP test on 32-bit platforms
- kdig: failed to build with enabled QUIC on OpenBSD
- systemd: failed to start server due to TemporaryFileSystem setting
- packaging: missing knot-dnssecutils package on CentOS 7
Knot DNS 3.2.0 (2022-08-22)
Features:
- knotd: finalized TCP over XDP implementation
- knotd: initial implementation of DNS over QUIC in the XDP mode (see 'xdp.quic')
- knotd: new incremental DNSKEY management for multi-signer deployment (see 'policy.dnskey-management')
- knotd: support for remote grouping in configuration (see 'groups' section)
- knotd: implemented EDNS Expire option (RFC 7314)
- knotd: NSEC3 salt is changed with every ZSK rollover if lifetime is set to -1
- knotd: support for PROXY v2 protocol over UDP (Thanks to Robert Edmonds) #762
- knotd: support for key labels with PKCS #11 keystore (see 'keystore.key-label')
- knotd: SVCB/HTTPS treatment according to draft-ietf-dnsop-svcb-https
- keymgr: new JSON output format (see '-j' parameter) for listing keys or zones (Thanks to JP Mens)
- kxdpgun: support for DNS over QUIC with some testing modes (see '-U' parameter)
- kdig: new DNS over QUIC support (see '+quic')
Improvements:
- knotd: reduced memory consumption when processing IXFR, DNSSEC, catalog, or DDNS
- knotd: RRSIG refresh values don't have to match in the mode Offline KSK
- knotd: better decision whether AXFR fallback is needed upon a refresh error
- knotd: NSEC3 resalt event was merged with the DNSSEC event
- knotd: server logs when the connection to remote was taken from the pool
- knotd: server logs zone expiration time when the zone is loaded
- knotd: DS check verifies removal of old DS during algorithm rollover
- knotd: DNSSEC-related records can be updated via DDNS
- knotd: new 'xdp.udp' configuration option for disabling UDP over XDP
- knotd: outgoing NOTIFY is replanned if failed
- knotd: configuration checks if zone MIN interval values are lower or equal to MAX ones
- knotd: DNSSEC-related zone semantic checks use DNSSEC validation
- knotd: new configuration value 'query' for setting ACL action
- knotd: new check on near end of imported Offline KSK records
- knotd/knotc: implemented zone catalog purge, including orphaned member zones
- knotc: interactive mode supports catalog zone completion, value completion, and more
- knotc: new default brief and colorized output from zone status
- knotc: unified empty values in zone status output
- keymgr: DNSKEY TTL is taken from KSR in the Offline KSK mode
- kjournalprint: path to journal DB is automatically taken from the configuration,
which can be specified using '-c', '-C' (or '-D')
- kcatalogprint: path to catalog DB is automatically taken from the configuration,
which can be specified using '-c', '-C' (or '-D')
- kzonesign: added automatic configuration file detection and '-C' parameter
for configuration DB specificaion
- kzonesign: all CPU threads are used for DNSSEC validation
- libknot: dname pointer cannot point to another dname pointer when encoding RRsets #765
- libknot: QNAME case is preserved in knot_pkt_t 'wire' field (Thanks to Robert Edmonds) #780
- libknot: reduced memory consumption of the XDP mode
- libknot: XDP filter supports up to 256 NIC queues
- kxdpgun: new options for specifying source and remote MAC addresses
- utils: extended logging of LMDB-related errors
- utils: improved error outputs
- kdig: query has AD bit set by default
- doc: various improvements
Bugfixes:
- knotd: zone changeset is stored to journal even if disabled
- knotd: journal not applied to zone file if zone file changed during reload
- knotd: possible out-of-order processing or postponed zone events to far future
- knotd: incorrect TTL is used if updated RRSet is empty over control interface
- knotd/libs: serial arithmetics not used for RRSIG expiration processing
- knsupdate: incorrect RRTYPE in the question section
Compatibility:
- knotd: default value for 'zone.journal-max-depth' was lowered to 20
- knotd: default value for 'policy.nsec3-iterations' was lowered to 0
- knotd: default value for 'policy.rrsig-refresh' is propagation delay + zone maximum TTL
- knotd: server fails to load configuration if 'policy.rrsig-refresh' is too low
- knotd: configuration option 'server.listen-xdp' has no effect
- knotd: new configuration check on deprecated DNSSEC algorithm
- knotc: new '-e' parameter for full zone status output
- keymgr: new '-e' parameter for full key list output
- keymgr: brief key listing mode is enabled by default
- keymgr: renamed parameter '-d' to '-D'
- knsupdate: default TTL is set to 3600
- knsupdate: default zone is empty
- kjournalprint: renamed parameter '-c' to '-H'
- python/libknot: removed compatibility with Python 2
Packaging:
- systemd: removed knot.tmpfile
- systemd: added some hardening options
- distro: Debian 9 and Ubuntu 16.04 no longer supported
- distro: packages for CentOS 7 are built in a separate COPR repository
- kzonecheck/kzonesign/knsec3hash: moved to new package knot-dnssecutils
Knot DNS 3.1.9 (2022-08-10)
Improvements:
- knotd: new configuration checks on unsupported catalog settings
- knotd: semantic check issues have notice log level in the soft mode
- keymgr: command generate-ksr automatically sets 'from' parameter to last
offline KSK records' timestamp if it's not specified
- keymgr: command show-offline starts from the first offline KSK record set
if 'from' parameter isn't specified
- kcatalogprint: new parameters for filtering catalog or member zone
- mod-probe: default rate limit was increased to 100000
- libknot: default control timeout was increased to 30 seconds
- python/libknot: various exceptions are raised from class KnotCtl
- doc: some improvements
Bugfixes:
- knotd: incomplete outgoing IXFR is responded if journal history is inconsistent
- knotd: manually triggered zone flush is suppressed if disabled zone synchronization
- knotd: failed to configure XDP listen interface without port specification
- knotd: de-cataloged member zone's file isn't deleted #805
- knotd: member zone leaks memory when reloading catalog during dynamic configuration change
- knotd: server can crash when reloading modules with DNSSEC signing (Thanks to iqinlongfei)
- knotd: server crashes during shutdown if PKCS #11 keystore is used
- keymgr: command del-all-old isn't applied to all keys in the removed state
- kxdpgun: user specified network interface isn't used
- libs: fixed compilation on illumos derivatives (Thanks to Nick Ewins)
Knot DNS 3.1.8 (2022-04-28)
Features:
- knotd: optional automatic ACL for XFR and NOTIFY (see 'remote.automatic-acl')
- knotd: new soft zone semantic check mode for allowing defective zone loading
- knotc: added zone transfer freeze state to the zone status output
Improvements:
- knotd: added configuration check for serial policy of generated catalogs
Bugfixes:
- knotd/libknot: the server can crash when validating a malformed TSIG record
- knotd: outgoing zone transfer freeze not preserved during server reload
- knotd: catalog UPDATE not processed if previous UPDATE processing not finished #790
- knotd: zone refresh not started if planned during server reload
- knotd: generated catalogs can be queried over UDP
- knotd/utils: failed to open LMDB database if too many stale slots occupy the lock table
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
7faaa713df |
lcms2: Update to version 2.14
- Update from version 2.13.1 to 2.14
- Update of rootfile
- Changelog
2.14 Featured release
lcms2 now implements ICC specification 4.4
New multi-threaded plug-in
several fixes to keep fuzzers happy
Remove check on DLL when CMS_NO_REGISTER_KEYWORD is used
Added more validation against broken profiles
Add more help to several tools
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Arne Fitzenreiter
|
6535255270 |
kernel: update to 6.1.3
the kernel-6.1.x series should be the next lts series... |
||
|
Peter Müller
|
ed6310bc6a |
linux-firmware: Update to 20221214
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
a3fc79f127 |
ipset: Update to version 7.17
- Update from version 7.15 to 7.17
- Update of rootfile
- Changelog
7.17
- Tests: When verifying comments/timeouts, make sure entries don't expire
- Tests: Make sure the internal batches add the correct number of elements
- Tests: Verify that hash:net,port,net type can handle 0/0 properly
- Makefile: Create LZMA-compressed dist-files (Phil Sutter)
7.16
- Add new ipset_parse_bitmask() function to the library interface
- test: Make sure no more than 64 clashing elements can be added
to hash:net,iface sets
- netfilter: ipset: add tests for the new bitmask feature (Vishwanath Pai)
- netfilter: ipset: Update the man page to include netmask/bitmask options
(Vishwanath Pai)
- netfilter: ipset: Add bitmask support to hash:netnet (Vishwanath Pai)
- netfilter: ipset: Add bitmask support to hash:ipport (Vishwanath Pai)
- netfilter: ipset: Add bitmask support to hash:ip (Vishwanath Pai)
- netfilter: ipset: Add support for new bitmask parameter (Vishwanath Pai)
- ipset-translate: allow invoking with a path name (Quentin Armitage)
- Fix IPv6 sets nftables translation (Pablo Neira Ayuso)
- Fix typo in ipset-translate man page (Bernhard M. Wiedemann)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
42b0bb0d7a |
iputils: Update to version 20221126
- Update from version 20210202 to 20221126
- Update of rootfile - none of the removed tools were in the rootfile
- Changelog
20221126
* removed tools (issue: #363)
- ninfod (commit: 8f0d897, reason: experimental unused protocol)
- rarpd (commit: fba7b62, reason: superseded by DHCP protocol)
- rdisc (commit: 7447806, reason: superseded by DHCP protocol)
* license
- use SPDX identifiers for license names
* tree
- make _GNU_SOURCE mandatory (commit: 2410ed1, PR: #402)
* arping
- fix: exit 0 if running in deadline mode and we see replies (commit: 854873b,
PR: #395)
- fix: check correct variable (commit: 8a6a2ce, PR: #395)
- man: Mention IPv4 only and ndisc6(8) (commit: 6becbb3)
* clockdiff
- setcap-setuid.sh: Add cap_sys_nice for clockdiff (commit: 9139397, issue:
#326, #422)
- document CAP_SYS_NICE requirement (PR: #416)
* ping
- feature: add option -C to call connect() before sending/receiving - useful
when using Path MTU Discovery (commit: 07eca4a, PR: #391)
- feature: add option -e to set Identifier field for ICMP ECHO_REQUEST (commit:
43e38f2, PR: #426)
- feature: print various debug info on -v (issue: #411)
- feature: print config options on -V (PR: #432)
- fix: -m (SO_MARK) in 32-bit archs (commit: fecf335, PR: #394, more fixes will
come next release)
- fix: potential memory leakage on -p option (commit: 626ea66, PR: #409)
- fix: socket error reporting (commit: bbe451f, issue: #406)
- fix: make ping_rts struct static - fix occasional segfault (commit: 7861af9,
issue: #423)
- fix: add SA_RESTART to sa_flags - avoid missing output in write on aarch64
(commit: 09f1b37, issue: #424)
- security: drop capabilities for IPv4 (commit: 5990843, PR: #400)
- print warning on missing '%'-notation (commit: c4b8b44, issue: #398, PR: #405)
- man: add "IPV6 LINK-LOCAL DESTINATIONS" section (PR: #405)
- man: use "ICMP datagram socket" (PR: #405)
* CI
- Debian: unstable -> testing (stability)
- Ubuntu: xenial -> bionic, groovy -> jammy (EOL)
- remove CentOS 8 (EOL, commit: 931504a)
* localization
- new translations: Georgian (by Temuri Doghonadze)
- many updates
- 100% translated: Czech, Finnish, Georgian, Korean, Turkish, Ukrainian
* tests
- don't fail when ip binary missing (issue: #383, PR: #390)
20211215
* removed tools (issue: #363)
- tftpd: removing commit: 341975a, PR: #369
replacement:
- tftp-hpa (https://git.kernel.org/pub/scm/network/tftp/tftp-hpa.git)
- dnsmasq (https://thekelleys.org.uk/dnsmasq/doc.html)
- traceroute6: removing commit: a139421, PR: #362
replacement:
- mtr (https://www.bitwizard.nl/mtr/)
- traceroute (http://traceroute.sourceforge.net/)
- tracepath (https://github.com/iputils/iputils/blob/master/tracepath.c)
WARNING: More tools (ninfod, rarpd, rdisc) are going to be removed in next
release, see issue: #363
* Meson build system
- require version 0.40 (due multiple install_dir for custom_target; commit: 65941ab)
* arping
- fix: ARP protocol field for AX.25 and NETROM (PR: #360)
* clockdiff
- fix man: remove duplicated word (PR: #384)
* ninfod
- fix: build with -DNINFOD_MESSAGES=false (commit: a0b3917)
- systemd unit: add ProtectHostname, ProtectKernelLogs (PR: #375)
* ping
- fix: remove 'unsupported IPv6' warning on disabled IPv6 (issue: #293, PR: #370)
- fix: ping6 binding to VRF and address (PR: #344)
- fix: print reply from Subnet-Router anycast address (issue: #371)
- fix: print reply with wrong source with warning (issue: #371)
- fix: set mark (SO_MARK) on probe socket (PR: #340)
- fix: man: update lowered minimum ping interval (issue: #367)
- fix: mark is unsigned int, not signed (PR: #345)
* rarpd
- systemd unit: add ProtectHostname, ProtectKernelLogs (PR: #375)
* rdisc
- systemd unit: add ProtectHostname, ProtectKernelLogs (PR: #375)
* localization
- fix: add missing cs, id, ko languages (commit: be8f704)
- new translations: Finnish, Korean
- updated translations: German, Japanese, Turkish, Ukrainian
* CI
- add build with some non-default options (commit: c4a5373)
- remove Tumbleweed (not only ocassional bugs: 086de3c, b19df68, but the way
how repos are published often breaks using it)
- add latest CentOS (currently CentOS 8, commit: 5f3711e)
* tests
- add -V test for all binaries (commit: 802fade)
- make tests optional with -DSKIP_TESTS=true (PR: #359)
20210722
* Meson build system
- enable NO_SETCAP_OR_SUID by default
* clockdiff
- fix missing new line
* ping
- lower minimal interval for flooding to 2 (issue: #317)
- revert f7710a1 ("Add strict pattern matching on response when pattern was
provided") to fix broken report of truncated packets (issue: #320, PR: #331)
* rdisc
- systemd unit: remove PrivateUsers=yes from systemd service file (issue: #314)
- systemd unit: support /etc/default/rdisc environment file (for Debian, PR: #356)
- systemd unit: Add DynamicUser=yes (PR: #358)
- systemd unit: add CAP_NET_ADMIN capability (PR: #351)
- Add support for capability/setuid (PR: #347, #348) NOTE: This is strongly
discouraged as normal uses could possibly modify routing tables, recommended
way is to run it as systemd service which does not require it to be enabled.
It's added just for non-systemd users, which should run allow it to run just
for dedicated user.
- set correct caps in setcap-setuid.sh
* traceroute6
- mention -V in usage() (PR: #323)
* localization
- new translations: Czech (100%), Indonesian (94%)
- updated translations: Portuguese (Brazil, 95%), Indonesian (94%), French:
(58%), Chinese (Simplified, 53%)
- fully translated languages in this release: Czech, Turkish, Ukrainian
* CI
- migrate from Travis CI to GitHub Actions (PR: #336)
- add very basic ping testing (issue: #338, PR: #243)
- skip tests on Ubuntu Xenial (commit: 9833cae)
- various build.sh improvements
* tests
- skip tests on disabled IPv6 (commit: f10bfd8)
- fix: flood ping test should pass on root (commit: 3dff080)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
5a6795f155 |
json-c: Update to version 0.16
- Update from version 0.13.1 to 0.16
- Update of rootfile
- json-c moved from building with autotools to building with cmake
This required cmake, curl and libarchive to be moved earlier in make.sh than json-c
- sobump occurs with this change. Identified 28 addons that are linked to json-c
using find-dependencies and added them as additional patches to this patch as a series
for shipping with the core update.
- Changelog
0.16 (up to commit 66dcdf5, 2022-04-13)
Deprecated and removed features:
* JSON_C_OBJECT_KEY_IS_CONSTANT is deprecated in favor of
JSON_C_OBJECT_ADD_CONSTANT_KEY
* Direct access to lh_table and lh_entry structure members is deprecated.
Use access functions instead, lh_table_head(), lh_entry_next(), etc...
* Drop REFCOUNT_DEBUG code.
New features
* The 0.16 release introduces no new features
Build changes
* Add a DISABLE_EXTRA_LIBS option to skip using libbsd
* Add a DISABLE_JSON_POINTER option to skip compiling in json_pointer support.
Significant changes and bug fixes
* Cap string length at INT_MAX to avoid various issues with very long strings.
* json_object_deep_copy: fix deep copy of strings containing '\0'
* Fix read past end of buffer in the "json_parse" command
* Avoid out of memory accesses in the locally provided vasprintf() function
(for those platforms that use it)
* Handle allocation failure in json_tokener_new_ex
* Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL
* printbuf_memset(): set gaps to zero - areas within the print buffer which
have not been initialized by using printbuf_memset
* printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX)
* sprintbuf(): propagate printbuf_memappend errors back to the caller
Optimizations
* Speed up parsing by replacing ctype functions with simplified, faster
non-locale-sensitive ones in json_tokener and json_object_to_json_string.
* Neither vertical tab nor formfeed are considered whitespace per the JSON spec
* json_object: speed up creation of objects, calloc() -> malloc() + set fields
* Avoid needless extra strlen() call in json_c_shallow_copy_default() and
json_object_equal() when the object is known to be a json_type_string.
Other changes
* Validate size arguments in arraylist functions.
* Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c
very early during boot, such as part of cryptsetup.
* Use arc4random() if it's available.
* random_seed: on error, continue to next method instead of exiting the process
* Close file when unable to read from /dev/urandom in get_dev_random_seed()
0.15 (up to commit 870965e, 2020/07/26)
Deprecated and removed features:
* Deprecate `array_list_new()` in favor of `array_list_new2()`
* Remove the THIS_FUNCTION_IS_DEPRECATED define.
* Remove config.h.win32
New features
* Add a `JSON_TOKENER_ALLOW_TRAILING_CHARS` flag to allow multiple objects
to be parsed even when `JSON_TOKENER_STRICT` is set.
* Add `json_object_new_array_ext(int)` and `array_list_new_2(int)` to allow
arrays to be allocated with the exact size needed, when known.
* Add `json_object_array_shrink()` (and `array_list_shrink()`) and use it in
json_tokener to minimize the amount of memory used.
* Add a json_parse binary, for use in testing changes (not installed, but
available in the apps directory).
Build changes
* #639/#621 - Add symbol versions to all exported symbols
* #508/#634 - Always enable -fPIC to allow use of the json-c static library in
other libraries
* Build both static and shared libraries at the same time.
* #626 - Restore compatibility with cmake 2.8
* #471 - Always create directories with mode 0755, regardless of umask.
* #606/#604 - Improve support for OSes like AIX and IBM i, as well as for
MINGW32 and old versions of MSVC
* #451/#617 - Add a DISABLE_THREAD_LOCAL_STORAGE cmake option to disable
the use of thread-local storage.
Significant changes and bug fixes
* Split the internal json_object structure into several sub-types, one for
each json_type (json_object_object, json_object_string, etc...).
This improves memory usage and speed, with the benchmark under
bench/ report 5.8% faster test time and 6%(max RSS)-12%(peak heap)
less memory usage.
Memory used just for json_object structures decreased 27%, so use cases
with fewer arrays and/or strings would benefit more.
* Minimize memory usage in array handling in json_tokener by shrinking
arrays to the exact number of elements parsed. On bench/ benchmark:
9% faster test time, 39%(max RSS)-50%(peak heap) less memory usage.
Add json_object_array_shrink() and array_list_shrink() functions.
* #616 - Parsing of surrogate pairs in unicode escapes now properly handles
incremental parsing.
* Fix incremental parsing of numbers, especially those with exponents, e.g.
so parsing "[0", "e+", "-]" now properly returns an error.
Strict mode now rejects missing exponents ("0e").
* Successfully return number objects at the top level even when they are
followed by a "-", "." or "e". This makes parsing things like "123-45"
behave consistently with things like "123xyz".
Other changes
* #589 - Detect broken RDRAND during initialization; also, fix segfault
in the CPUID check.
* #592 - Fix integer overflows to prevert out of bounds write on large input.
* Protect against division by zero in linkhash, when created with zero size.
* #602 - Fix json_parse_uint64() internal error checking, leaving the retval
untouched in more failure cases.
* #614 - Prevent truncation when custom double formatters insert extra \0's
0.14 (up to commit 9ed00a6, 2020/04/14)
Deprecated and removed features:
* bits.h has been removed
* lh_abort() has been removed
* lh_table_lookup() has been removed, use lh_table_lookup_ex() instead.
* Remove TRUE and FALSE defines, use 1 and 0 instead.
Build changes:
Deprecated and removed features:
* bits.h has been removed
* lh_abort() has been removed
* lh_table_lookup() has been removed, use lh_table_lookup_ex() instead.
* Remove TRUE and FALSE defines, use 1 and 0 instead.
* autoconf support, including autogen.sh, has been removed. See details about cmake, below.
* With the addition of json_tokener_get_parse_end(), access to internal fields of json_tokener, as well as use of many other symbols and types in json_tokener.h, is deprecated now.
* The use of Android.configure.mk to build for Android no longer works, and it is unknown how (or if) the new cmake-based build machinery can be used.
* Reports of success, or pull requests to correct issues are welcome.
Notable improvements and new features
Builds and documentation
* Build machinery has been switched to CMake. See README.md for details about how to build.
* TL;DR: `mkdir build ; cd build ; cmake -DCMAKE_INSTALL_PREFIX=/some/path ../json-c ; make all test install`
* To ease the transition, there is a `cmake-configure` wrapper that emulates the old autoconf-based configure script.
* This has enabled improvements to the build on Windows system; also all public functions have been fixed to be properly exported. For best results, use Visual Studio 2015 or newer.
* The json-c style guide has been updated to specify the use of clang-format, and all code has been reformatted.
* Since many lines of code have trivial changes now, when using git blame, be sure to specify -w
* Numerous improvements have been made to the documentation including function effects on refcounts, when passing a NULL is safe, and so on.
json_tokener changes
* Added a json_tokener_get_parse_end() function to replace direct access of tok->char_offset.
* The char_offset field, and the rest of the json_tokener structure remain exposed for now, but expect a future release to hide it like is done with json_object_private.h
* json_tokener_parse_ex() now accepts a new JSON_TOKENER_VALIDATE_UTF8 flag to validate that input is UTF8.
* If validation fails, json_tokener_get_error(tok) will return json_tokener_error_parse_utf8_string (see enum json_tokener_error).
Other changes and additions
* Add support for unsigned 64-bit integers, uint64_t, to gain one extra bit of magnitude for positive ints.
* json_tokener will now parse values up to UINT64_MAX (18446744073709551615)
* Existing methods returning int32_t or int64_t will cap out-of-range values at INT32_MAX or INT64_MAX, preserving existing behavior.
* The implementation includes the possibility of easily extending this to larger sizes in the future.
* A total of 7 new functions were added:
* json_object_get_uint64 ( struct json_object const* jso )
* json_object_new_uint64 ( uint64_t i )
* json_object_set_uint64 ( struct json_object* jso, uint64_t new_value )
* json_parse_uint64 ( char const* buf, uint64_t* retval )
* See description of uint64 support, above.
* json_tokener_get_parse_end ( struct json_tokener* tok )
* See details under "json_tokener changes", above.
* json_object_from_fd_ex ( int fd, int in_depth )
* Allows the max nesting depth to be specified.
* json_object_new_null ( )
* Simply returns NULL. Its use is not recommended.
* The size of struct json_object has decreased from 96 bytes to 88 bytes.
Testing
* Many updates were made to test cases, increasing code coverage.
* There is now a quick way (JSONC_TEST_TRACE=1) to turn on shell tracing in tests.
* To run tests, use `make test`; the old "check" target no longer exists.
Significant bug fixes
For the full list of issues and pull requests since the previous release, please see issues_closed_for_0.14.md
* [Issue #389](https://github.com/json-c/json-c/issues/389): Add an assert to explicitly crash when _ref_count is corrupted, instead of a later "double free" error.
* [Issue #407](https://github.com/json-c/json-c/issues/407): fix incorrect casts in calls to ctype functions (isdigit and isspace) so we don't crash when asserts are enabled on certain platforms and characters > 128 are parsed.
* [Issue #418](https://github.com/json-c/json-c/issues/418): Fix docs for json_util_from_fd and json_util_from_file to say that they return NULL on failures.
* [Issue #422](https://github.com/json-c/json-c/issues/422): json_object.c:set errno in json_object_get_double() when called on a json_type_string object with bad content.
* [Issue #453](https://github.com/json-c/json-c/issues/453): Fixed misalignment in JSON serialization when JSON_C_TO_STRING_SPACED and JSON_C_TO_STRING_PRETTY are used together.
* [Issue #463](https://github.com/json-c/json-c/issues/463): fix newlocale() call to use LC_NUMERIC_MASK instead of LC_NUMERIC, and remove incorrect comment.
* [Issue #486](https://github.com/json-c/json-c/issues/486): append a missing ".0" to negative double values to ensure they are serialized as floating point numbers.
* [Issue #488](https://github.com/json-c/json-c/issues/488): use JSON_EXPORT on functions so they are properly exported on Windows.
* [Issue #539](https://github.com/json-c/json-c/issues/539): use an internal-only serializer function in json_object_new_double_s() to avoid potential conflicts with user code that uses the json_object_userdata_to_json_string serializer.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
5f2d660967 |
linux: Align ARM rootfiles and configurations
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Matthias Fischer
|
5e768852f3 |
libpcap: Update to 1.10.2
For details see: https://git.tcpdump.org/libpcap/blob/HEAD:/CHANGES#l42 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Matthias Fischer
|
61a1248605 |
ncurses: Update to 6.4
For details see: https://invisible-island.net/ncurses/announce.html#h2-release-notes Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
cada5b5387 |
perl-HTML-Parser: Update to version 3.78
- Update from 3.45 (2005) to 3.78 (2022)
- Update to rootfile
- Changelog
3.78 2022-03-28
* Remove unused variable (GH#26) (Michal Josef Špaček)
3.77 2022-03-14
* Update tests to remove HTML4 specific tags (GH#25) (Jess)
3.76 2021-03-04
* Add a fix for a stack confusion error on `eof`. (GH#21) (Matthew Horsfall
and Chase Whitener)
3.75 2020-08-30
* Clean up the prereqs a bit
* Mark HTML::Filter as deprecated as the docs point out
* Move Parser.pm into the lib directory with the others. This will help
with everything from auto version bumps after releases, to scanning for
prerequisites and spelling errors.
* Fix a few spelling errors in the POD for HTML::Parser
* Clean up the spacing on many examples in HTML::Parser
3.74 2020-08-30
* Fix the order of date and version in this change log. (Thanks, haarg)
* Convert to Dist::Zilla
* Build all prereqs from our cpanfile
* Go through all test files and:
* perltidy
* Use strict/warnings
* Get rid of two-arg open
* Get rid of BAREWORD filehandles
* Fix the eval pattern used
* Only use -w where we catch $SIG{__WARN__}
* Fix encoding problems
* use utf8 where we have unicode in the source
* Fix a typo here and there
* perltidy all of the example apps in eg/
* Add comments explaining the apps in eg/ (GH#13 Thanks, Salvatore Bonaccorso)
* Print out UTF-8 encoded data where sensible in eg/
3.73 2020-08-24
* Cleaned up this changes log.
* Added a .mailmap file to organize contributions accurately.
* Ensure all versions are equal and on the current version
* Add the .mailmap to the MANIFEST
* Change the META information to point to the new GH repository
* Add a .perltidyrc to use going forward
* Add hctype.h and pfunc.h to the dist as static files and stop asking
for them to be built on the user's end.
* Remove t/pod.t from userland testing
* Remove t/pod-coverage.t from userland testing
* Clean up the MANIFEST
* Start testing via GitHub Actions/Workflows
* Protect active parser from being freed (PR 13, RT #115034)
3.72 2016-01-19
* Avoid more clang casting warnings
* Remove trailing whitespace
* Ensure entities expand to utf8 sequences under 'utf8_mode' [RT#99755]
* typo fixes (David Steinbrunner)
* Silence clang warning (Jacques Germishuys)
* const+static-ing (bulk88)
3.71 2013-05-09
* Transform ':' in headers to '-' [RT#80524]
3.70 2013-03-28
* Fix for cross-compiling with Buildroot (François Perrad)
* Comment typo fix
* Fix Issue #3 / RT #84144: HTML::Entities::decode_entities() needs
to call SV_CHECK_THINKFIRST() before checking READONLY flag (Yves Orton)
3.69 2011-10-15
* Documentation fix; encode_utf8 mixup [RT#71151]
* Make it clearer that there are 2 (actually 3) options for handing "UTF-8 garbage"
* Github is the official repo
* Can't be bothered to try to fix the failures that occur on perl-5.6
* fix to TokeParser to correctly handle option configuration (Barbie)
* Aesthetic change: remove extra ; (Jon Jensen)
* Trim surrounding whitespace from extracted URLs. (Ville Skyttä)
3.68 2010-09-01
* Declare the encoding of the POD to be utf8
3.67 2010-08-17
* bleadperl 2154eca7 breaks HTML::Parser 3.66 [RT#60368] (Nicholas Clark)
3.66 2010-07-09
* Fix entity decoding in utf8_mode for the title header
3.65 2010-04-04
* Eliminate buggy entities_decode_old
* Fixed endianness typo [RT#50811] (Salvatore Bonaccorso)
* Documentation Fixes. (Ville Skyttä)
3.64 2009-10-25
* Convert files to UTF-8
* Don't allow decode_entities() to generate illegal Unicode chars
* Copyright 2009
* Remove rendundant (repeated) test
* Make parse_file() method use 3-arg open [RT#49434]
3.63 2009-10-22
* Take more care to prepare the char range for encode_entities [RT#50170]
* decode_entities confused by trailing incomplete entity
3.62 2009-08-13
* Doc patch: Make it clearer what the return value from ->parse is
* HTTP::Header doc typo fix. (Ville Skyttä)
* Do not bother tracking style or script, they're ignored. (Ville Skyttä)
* Bring HTML 5 head elements up to date with WD-html5-20090423. (Ville Skyttä)
* Improve HeadParser performance. (Ville Skyttä)
3.61 2009-06-20
* Test that triggers the crash that Chip fixed
* Complete documented list of literal tags
* Avoid crash (referenced pend_text instead of skipped_text) (Chip Salzenberg)
* Reference HTML::LinkExttor [RT#43164] (Antonio Radici)
3.60 2009-02-09
* Spelling fixes. (Ville Skyttä)
* Test multi-value headers. (Ville Skyttä)
* Documentation improvements. (Ville Skyttä)
* Do not terminate head parsing on the <object> element (added in HTML 4.0). (Ville Skyttä)
* Add support for HTML 5 <meta charset> and new HEAD elements. (Ville Skyttä)
* Short description of the htextsub example (Damyan Ivanov)
* Suppress warning when encode_entities is called with undef [RT#27567] (Mike South)
* HTML::Parser doesn't compile with perl 5.8.0. (Zefram)
3.59 2008-11-24
* Restore perl-5.6 compatibility for HTML::HeadParser.
* Improved META.yml
3.58 2008-11-17
* Suppress "Parsing of undecoded UTF-8 will give garbage" warning
with attr_encoded [RT#29089]
* HTML::HeadParser:
- Recognize the Unicode BOM in utf8_mode as well [RT#27522]
- Avoid ending up with '/' keys attribute in Link headers.
3.57 2008-11-16
* The <iframe> element content is now parsed in literal mode.
* Parsing of <script> and <style> content ends on the first end tag
even when that tag was in a quoted string. That seems to be the
behaviour of all modern browsers.
* Implement backquote() attribute as requested by Alex Kapranoff.
* Test and documentation tweaks from Alex Kapranoff.
3.56 2007-01-12
* Cloning of parser state for compatibility with threads.
Fixed by Bo Lindbergh <blgl@hagernas.com>.
* Don't require whitespace between declaration tokens.
<http://rt.cpan.org/Ticket/Display.html?id=20864>
3.55 2006-07-10
* Treat <> at the end of document as text. Used to be
reported as a comment.
* Improved Firefox compatibility for bad HTML:
- Unclosed <script>, <style> are now treated as empty tags.
- Unclosed <textarea>, <xmp> and <plaintext> treat rest as text.
- Unclosed <title> closes at next tag.
* Make <!a'b> a comment by itself.
3.54 2006-04-28
* Yaakov Belch discovered yet another issue with <script> parsing.
Enabling of 'empty_element_tags' got the parser confused
if it found such a tag for elements that are normally parsed
in literal mode. Of these <script src="..."/> is the only
one likely to be found in documents.
<http://rt.cpan.org//Ticket/Display.html?id=18965>
3.53 2006-04-27
* When ignore_element was enabled it got confused if the
corresponding tags did not nest properly; the end tag
was treated it as if it was a start tag.
Found and fixed by Yaakov Belch <code@yaakovnet.net>.
<http://rt.cpan.org/Ticket/Display.html?id=18936>
3.52 2006-04-26
* Make sure the 'start_document' fires exactly once for
each document parsed. For earlier releases it did not
fire at all for empty documents and could fire multiple
times if parse was called with empty chunks.
* Documentation tweaks and typo fixes.
3.51 2006-03-22
* Named entities outside the Latin-1 range are now only expanded
when properly terminated with ";". This makes HTML::Parser
compatible with Firefox/Konqueror/MSIE when it comes to how these
entities are expanded in attribute values. Firefox does expand
unterminated non-Latin-1 entities in plain text, so here
HTML::Parser only stays compatible with Konqueror/MSIE.
Fixes <http://rt.cpan.org/Ticket/Display.html?id=17962>.
* Fixed some documentation typos spotted by <william@knowmad.com>.
<http://rt.cpan.org/Ticket/Display.html?id=18062>
3.50 2006-02-14
* The 3.49 release didn't compile with VC++ because it mixed code
and declarations. Fixed by Steve Hay <steve.hay@uk.radan.com>.
3.49 2006-02-08
* Events could sometimes still fire after a handler has signaled eof.
* Marked_sections with text ending in square bracket parsed wrong.
Fix provided by <paul.bijnens@xplanation.com>.
<http://rt.cpan.org/Ticket/Display.html?id=16749>
3.48 2005-12-02
* Enabling empty_element_tags by default for HTML::TokeParser
was a mistake. Reverted that change.
<http://rt.cpan.org/Ticket/Display.html?id=16164>
* When processing a document with "marked_sections => 1", the
skipped text missed the first 3 bytes "<![".
<http://rt.cpan.org/Ticket/Display.html?id=16207>
3.47 2005-11-22
* Added empty_element_tags and xml_pic configuration
options. These make it possible to enable these XML
features without enabling the full XML-mode.
* The empty_element_tags is enabled by default for
HTML::TokeParser.
3.46 2005-10-24
* Don't try to treat an literal as space.
This breaks Unicode parsing.
<http://rt.cpan.org/Ticket/Display.html?id=15068>
* The unbroken_text option is now on by default
for HTML::TokeParser.
* HTML::Entities::encode will now encode "'" by default.
* Improved report/ignore_tags documentation by
Norbert Kiesel <nkiesel@tbdnetworks.com>.
* Test suite now use Test::More, by
Norbert Kiesel <nkiesel@tbdnetworks.com>.
* Fix HTML::Entities typo spotted by
Stefan Funke <bundy@adm.arcor.net>.
* Faster load time with XSLoader (perl-5.6 or better now required).
* Fixed POD markup errors in some of the modules.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Peter Müller
|
f46f939827 |
linux: Update configuration files and x86_64 rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
63b3a6edb3 |
linux: Update to 5.15.85
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
f5a57a8d6a |
curl: Update to version 7.87.0
- Update from version 7.86.0 to 7.87.0
- Update of rootfile
- version 7.87.0 changed hoiw it deals with deprecated typecheck expressions. This caused
zabbix_agentd build to fail. Curl developers created a commit to fix this in next
version release. Added as patch here. Should be able to be removed with next curl
update.
- Changelog
curl and libcurl 7.87.0
This release includes the following changes:
o curl: add --url-query [52]
o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75]
o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47]
o openssl: reduce CA certificate bundle reparsing by caching [11]
o version: add a feature names array to curl_version_info_data [67]
This release includes the following bugfixes:
o altsvc: fix rejection of negative port numbers [144]
o aws_sigv4: consult x-%s-content-sha256 for payload hash [102]
o aws_sigv4: fix typos in aws_sigv4.c [101]
o base64: better alloc size [124]
o base64: encode without using snprintf [123]
o base64: faster base64 decoding [120]
o build: assume assert.h is always available [111]
o build: assume errno.h is always available [110]
o c-hyper: CONNECT respones are not server responses [137]
o c-hyper: fix multi-request mechanism [115]
o CI: Change FreeBSD image from 12.3 to 12.4 [108]
o CI: LGTM.com will be shut down in December 2022 [112]
o ci: Remove zuul fuzzing job as it's superseded by CIFuzz
o cmake: check for cross-compile, not for toolchain [54]
o CMake: fix build with `CURL_USE_GSSAPI` [78]
o cmake: really enable warnings with clang [25]
o cmake: set the soname on the shared library [140]
o cmdline-opts/gen.pl: fix the linkifier [64]
o cmdline-opts/page-footer: remove long option nroff formatting
o config-mac: define HAVE_SYS_IOCTL_H [107]
o config-mac: fix typo: size_T -> size_t [125]
o config-mac: remove HAVE_SYS_SELECT_H [116]
o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41]
o configure: require fork for NTLM-WB [36]
o contributors.sh: actually use $CURLWWW instead of just setting it [129]
o cookie: compare cookie prefixes case insensitively [14]
o cookie: expire cookies at once when max-age is negative [45]
o cookie: open cookie jar as a binary file [89]
o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90]
o curl-rustls.m4: on macOS, rustls also needs the Security framework [44]
o curl.h: include <sys/select.h> on SerenityOS [104]
o curl.h: name all public function parameters [118]
o curl.h: reword comment to not use deprecated option [132]
o curl: override the numeric locale and set "C" by force [60]
o curl: timeout in the read callback [15]
o curl_endian: remove Curl_write64_le from header [81]
o curl_get_line: allow last line without newline char [88]
o curl_path: do not add '/' if homedir ends with one [4]
o curl_url_get.3: remove spurious backtick [127]
o curl_url_set.3: document CURLU_DISALLOW_USER [139]
o curl_url_set.3: fix typo [148]
o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1]
o CURLOPT_COOKIEFILE.3: advice => advise [131]
o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31]
o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130]
o CURLOPT_POST.3: Explain setting to 0 changes request type [61]
o docs/curl_ws_send: Fixed typo in websocket docs [114]
o docs/EARLY-RELEASE.md: how to determine an early release [37]
o docs/examples: spell correction ('Retrieve') [119]
o docs/INSTALL.md: expand on static builds [62]
o docs/WEBSOCKET.md: explain the URL use [71]
o docs: add missing parameters for --retry flag [2]
o docs: add more "SEE ALSO" links to CA related pages [82]
o docs: explain the noproxy CIDR notation support [17]
o docs: extend the dump-header documentation [150]
o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13]
o examples/10-at-a-time: fix possible skipped final transfers [85]
o examples: update descriptions [83]
o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96]
o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10]
o GHA: clarify workflows permissions, set least possible privilege [79]
o GHA: NSS use clang instead of clang-9 [103]
o gnutls: use common gnutls init and verify code for ngtcp2 [98]
o headers: add endif comments [51]
o HTTP-COOKIES.md: mention that http://localhost is a secure context [76]
o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70]
o http: do not send PROXY more than once [46]
o http: fix the ::1 comparison for IPv6 localhost for cookies [155]
o http: set 'this_is_a_follow' in the Location: logic [40]
o http: use the IDN decoded name in HSTS checks [154]
o hyper: classify headers as CONNECT and 1XX [56]
o hyper: fix handling of hyper_task's when reusing the same address [33]
o idn: remove Curl_win32_ascii_to_idn [153]
o INSTALL: update operating systems and CPU archs [91]
o KNOWN_BUGS: remove eight entries [50]
o lib1560: add some basic IDN host name tests [151]
o lib: connection filters (cfilter) addition to curl: [43]
o lib: feature deprecation warnings in gcc >= 4.3 [58]
o lib: fix some type mismatches and remove unneeded typecasts [12]
o lib: parse numbers with fixed known base 10 [77]
o lib: remove bad set.opt_no_body assignments [42]
o lib: rewind BEFORE request instead of AFTER previous [65]
o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6]
o lib: use size_t or int etc instead of longs [145]
o libcurl-errors.3: remove duplicate word [3]
o libssh2: return error when ssh_hostkeyfunc returns error [121]
o limit-rate.d: see also --rate
o log2changes.pl: wrap long lines at 80 columns [59]
o Makefile.mk: address minor issues [87]
o Makefile.mk: improve a GNU Make hack [122]
o Makefile.mk: portable Makefile.m32 [86]
o maketgz: set the right version in lib/libcurl.plist [53]
o mime: relax easy/mime structures binding [94]
o misc: Fix incorrect spelling [113]
o misc: remove duplicated include files [28]
o misc: typo and grammar fixes [23]
o negtelnetserver.py: have it call its close() method [68]
o netrc.d: provide mutext info [63]
o netware: remove leftover traces [80]
o noproxy: also match with adjacent comma [19]
o noproxy: guard against empty hostnames in noproxy check [136]
o noproxy: tailmatch like in 7.85.0 and earlier [35]
o nroff-scan.pl: detect double highlights
o ntlm: improve comment for encrypt_des [55]
o ntlm: silence ubsan warning about copying from null target_info pointer [69]
o openssl/mbedtls: use %d for outputing port with failf (int) [72]
o openssl: prefix errors with '[lib]/[version]: ' [105]
o os400: use platform socklen_t in Curl_getnameinfo_a [18]
o page-header: grammar improvement (display transfer rate) [126]
o proxy: refactor haproxy protocol handling as connection filter [57]
o README.md: remove badges and xmas-tree garnish [9]
o rtsp: fix RTSP auth [49]
o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100]
o runtests: do CRLF replacements per section only [97]
o scripts/checksrc.pl: detect duplicated include files [29]
o sendf: change Curl_read_plain to wrap Curl_recv_plain [48]
o sendf: remove unnecessary if condition [26]
o setup: do not require __MRC__ defined for Mac OS 9 builds [117]
o smb/telnet: do not free the protocol struct in *_done() [152]
o socks: fix username max size is 255 (0xFF) [146]
o spellcheck.words: remove 'github' as an accepted word [22]
o ssl-reqd.d: clarify that this is for upgrading connections only [138]
o strcase: use curl_str(n)equal for case insensitive matches [8]
o styled-output.d: this option does not work on Windows [93]
o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133]
o system.h: support 64-bit curl_off_t for NonStop 32-bit [21]
o test1421: fix typo [109]
o test3026: reduce runtime in legacy mingw builds [73]
o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
o tests: add authorityInfoAccess to generated certs [99]
o tests: add HTTP/3 test case, custom location for proper nghttpx [106]
o tls: backends use connection filters for IO, enabling HTTPS-proxy [92]
o tool: determine the correct fopen option for -D [95]
o tool_cfgable: free the ssl_ec_curves on exit [142]
o tool_cfgable: make socks5_gssapi_nec a boolean [128]
o tool_formparse: avoid clobbering on function params [135]
o tool_getparam: make --no-get work as the opposite of --get [39]
o tool_operate: provide better errmsg for -G with bad URL [16]
o tool_operate: when aborting, make sure there is a non-NULL error buffer [20]
o tool_paramhlp: free the proto strings on exit [141]
o url: move back the IDN conversion of proxy names [74]
o urlapi: reject more bad letters from the host name: &+() [143]
o urldata: change port num storage to int and unsigned short [66]
o vms: remove SIZEOF_SHORT [134]
o vtls: fix build without proxy support [38]
o vtls: localization of state data in filters [84]
o WEBSOCKET.md: fix broken link [30]
o Websocket: fixes for partial frames and buffer updates [7]
o websockets: fix handling of partial frames [32]
o windows: fail early with a missing windres in autotools [5]
o windows: fix linking .rc to shared curl with autotools [24]
o winidn: drop WANT_IDN_PROTOTYPES [27]
o ws: if no connection is around, return error [149]
o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34]
o x509asn1: avoid freeing unallocated pointers [147]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
2e65bba2a0 |
harfbuzz: Update to version 6.0.0
- Update from version 4.4.1 to 6.0.0
- Update of rootfile
- Changelog
Overview of changes leading to 6.0.0
- A new API have been added to pre-process the face and speed up future
subsetting operations on that face. Provides up to a 95% reduction in
subsetting times when the same face is subset more than once.
For more details and benchmarks, see:
https://github.com/harfbuzz/harfbuzz/blob/main/docs/subset-preprocessing.md
- Shaping have been speedup by skipping entire lookups when the buffer contents
don't intersect with the lookup. Shows up to a 10% speedup in shaping some
fonts. (Behdad Esfahbod)
- A new experimental feature, “Variable Composites” (enabled by passing
-Dexperimental_api=true to meson), is also featured in this release.
This technology enables drastic compression of fonts in the Chinese,
Japanese, Korean, and other writing systems, by reusing the OpenType Font
Variations technology for encoding “smart components” into the font.
The specification for these extensions to the font format can be found in:
https://github.com/harfbuzz/boring-expansion-spec/blob/glyf1/glyf1.md
A test variable-font with ~7160 Hangul syllables derived from the
NotoSerifKR-VF font has been built, with existing OpenType technology, as
well as with the new Variable Composites (VarComposites) technology. The
VarComposites font is over 90% smaller than the OpenType version of the font!
Both fonts can be obtained from the “smarties” repository:
https://github.com/behdad/smarties/tree/3.0/fonts/hangul/serif
When building HarfBuzz with experimental features enabled, you can test
the “smarties” font with a sample character like this:
$ hb-view butchered-hangul-serif-smarties-variable.ttf -u AE01 --variations=wght=700
- The HarfBuzz subsetter can now drop axes by pinning them to specific values
(also referred to as instancing). There are a couple of restrictions
currently:
- Only works with TrueType (“glyf”) based fonts. “CFF2” fonts are not yet
supported.
- Only supports the case where all axes in a font are pinned.
- Miscellaneous fixes and improvements.
- New API
+hb_subset_input_pin_axis_location()
+hb_subset_input_pin_axis_to_default()
+hb_subset_preprocess()
Overview of changes leading to 5.3.1
- Subsetter repacker fixes. (Garret Rieger)
- Adjust Grapheme clusters for Katakana voiced sound marks. (Behdad Esfahbod)
- New “hb-subset” option “--preprocess-face”. (Garret Rieger)
Overview of changes leading to 5.3.0
- Don’t add glyphs from dropped MATH or COLR tables to the subset glyphs.
(Khaled Hosny)
- Map “rlig” to appropriate AAT feature selectors. (Jonathan Kew)
- Update USE data files to latest version. (David Corbett)
- Check “CBDT” extents first before outline tables, to help with fonts that
also include an empty “glyf” table. (Khaled Hosny)
- More work towards variable font instancing in the subsetter. (Qunxin Liu)
- Subsetter repacker improvements. (Garret Rieger)
- New API:
+hb_ot_layout_lookup_get_optical_bound()
+hb_face_builder_sort_tables()
Overview of changes leading to 5.2.0
- Fix regressions in hb-ft font functions for FT_Face’s with transformation
matrix. (Behdad Esfahbod)
- The experimental hb-repacker API now supports splitting several GPOS subtable
types when needed. (Garret Rieger)
- The HarfBuzz extensions to OpenType font format are now opt-in behind
build-time flags. (Behdad Esfahbod)
- The experimental hb-subset variable fonts instantiation API can now
instantiate more font tables and arbitrary axis locations. (Qunxin Liu)
- Unicode 15 support. (David Corbett)
- Various documentation improvements. (Behdad Esfahbod, Matthias Clasen)
- The hb-view command line tool now detects WezTerm inline images support.
(Wez Furlong)
- Fix FreeType and ICU dependency lookup with meson. (Xavier Claessens)
- New API:
+HB_SCRIPT_KAWI
+HB_SCRIPT_NAG_MUNDARI
Overview of changes leading to 5.1.0
- More extensive buffer tracing messages. (Behdad Esfahbod)
- Fix hb-ft regression in bitmap fonts rendering. (Behdad Esfahbod)
- Support extension promotion of lookups in hb-subset-repacker. (Garret Rieger)
- A new HB_GLYPH_FLAG_SAFE_TO_INSERT_TATWEEL for scripts that use elongation
(e.g. Arabic) to signify where it is safe to insert tatweel glyph without
interrupting shaping. (Behdad Esfahbod)
- Add “--safe-to-insert-tatweel” to “hb-shape” tool. (Behdad Esfahbod)
- New API
+HB_GLYPH_FLAG_SAFE_TO_INSERT_TATWEEL
+HB_BUFFER_FLAG_PRODUCE_SAFE_TO_INSERT_TATWEEL
Overview of changes leading to 5.0.1
- Fix version 2 “avar” table with hb-ft. (Behdad Esfahbod)
Overview of changes leading to 5.0.0
- Support fonts with more than 65535 glyphs in “GDEF”, “GSUB”, and “GPOS”
tables. This is part of https://github.com/be-fonts/boring-expansion-spec to
extend OpenType in a backward-compatible way.
(Behdad Esfahbod, Garret Rieger)
- Complete support for more than 65535 glyphs in “glyf” table that started in
4.0.0 release. Part of boring-expansion-spec. (Behdad Esfahbod)
- Support version 2 of “avar” table. Part of boring-expansion-spec.
(Behdad Esfahbod)
- Fix mark attachment on multiple substitutions in some cases.
(Behdad Esfahbod)
- Fix application of “calt”, “rclt”, and “ccmp” features to better match
Uniscribe behaviour with some Arabic fonts. (Behdad Esfahbod)
- Improvement to interaction between multiple cursive attachments.
(Behdad Esfahbod)
- Improve multiple mark interactions in Hebrew. (Behdad Esfahbod)
- Implement language-specific forms in AAT shaping. (Behdad Esfahbod)
- Fix variation of “VORG” table. (Behdad Esfahbod)
- Support for specific script tags to be retained in the subsetter, and add
“--layout-scripts” option to “hb-subset” tool. (Garret Rieger)
- Accept space as delimiter for --features/--variations in command line tools.
- Improve subsetting of “COLR” table. (Qunxin Liu)
- Improved fuzzing coverage for ot-math API. (Frédéric Wang)
- Fix “kern” table version 2 (AAT) sanitization on 32-bit systems.
(Behdad Esfahbod)
- Allow negative glyph advances from “graphite2” shaper. (Stephan Bergmann)
- Implement loading (color) bitmap fonts with hb-ft. (Behdad Esfahbod)
- Fix regression in hb-ft when changing font size. (Behdad Esfahbod)
- Fix build on GCC < 7. (Kleis Auke Wolthuizen)
- Dynamically load dwrite.dll on windows if “directwrite” shaper is enabled.
(Luca Bacci)
- Provide a single-file harfbuzz-subset.cc file for easier alternate building
of hb-subset library, similar to harfbuzz.cc. (Khaled Hosny)
- New API
+HB_SUBSET_SETS_LAYOUT_SCRIPT_TAG
+hb_language_matches()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
f05a2a1a6f |
libcap: Update to version 2.66
- Update from version 2.64 to 2.66
- Update of rootfile
- Changelog
Release notes for 2.66
Fix documentation typos in cap_from_text.3 (Bug: 216514 reported by Paulo
Andrade.)
Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk.
Slightly more robust Makefiles to address an error with make -j48 test
observed by Tomasz Kłoczko.
Include a simple Go program, captrace, to trace kernel capability validation
checks
This program can be used to figure out what capabilities a program needs
to operate.
captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel
for capability checks and whether or not they succeed for the system, a
specific PID or a program's direct execution.
Trim down the default file capabilities for contrib/sucap/su to those
actually needed and set USER and HOME environment variables so bash doesn't
complain about a sourcing error.
Release notes for 2.65
Fix syntax error in DEBUG build of protected code in setcap.c. (Bug reported
by yixiangzhike.)
Prevent bash from reading the wrong startup files when the capsh --user=xxx
argument is used to invoke a shell as the user xxx. This is done by capsh
now changing the USER and HOME environment variables when --user is
specified. The argument --noenv can be used to suppress this behavior to
what used to be the problematic default. (Bug: 215926)
Improved documentation:
Man page info for cap_get_pid() and cap_reset_ambient(). (Bug reports
from nomonemo and Tinkerer One.)
Improve documentation and help for the captree program.
Updated go/Makefile comment about an unfixed Go runtime bug in go1.16 and
go1.17 (resolved in go1.18+), and the deadlock behavior of the psx-fd test.
Refresh the signatures on the two GPG keys morgan@ uses. The 4096 bit one is
preferred, but the older one is also used for continuity reasons. This set
of signatures should also be available from the various key servers out there.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
c90bb8d683 |
libgpg-error: Update to version 1.46
- Update from version 1.44 to 1.46
- Update of rootfile
- Changelog
Noteworthy changes in version 1.46 (2022-10-07) [C33/A33/R1]
* Support for bidirectional pipes under Windows. [T6112]
* REG_DWORD types are now support in the Windows Registry.
[rE745d333cf7]
* Added ES_SYSHD_SOCK support for gpgrt_sysopen under Windows.
[rE018ea46a30]
* Fixed gpgrt_log_get_fd for the file case. [T5922]
* Avoids header problem with C11 and "noreturn". [T4002]
* The gpg-error-config command is not installed by default, because
it is now replaced by use of pkg-config/gpgrt-config with
gpg-error.pc. Supply --enable-install-gpg-error-config configure
option, if it's really needed.
* Fixed support of posix-lock for FreeBSD. [rE6e17e70bb7]
* Build fixes for some Mingw tool chain versions. [T5890, T4656]
* Removed remaining support for WindowsCE. [T5912]
* Updated config.guess, config.sub, and config.rpath. [T6078]
* gpg-error-config is now only installed when enabled. [T5683]
* System paths are now stripped from --cflags --and --libs. [T6136]
Release-info: https://dev.gnupg.org/T5923
Noteworthy changes in version 1.45 (2022-04-07) [C33/A33/R0]
* Support the "sysopen" mode parameter for gpgrt_fopen so that file
names longer than MAX_PATH can be supported under Windows.
* gpgrt_access and gpgrt_mkdir now support file names longer than
MAX_PATH.
* gpgrt_fopen now maps "/dev/null" to "nul" on Windows.
* Published some internal helper functions for Windows.
* Interface changes relative to the 1.42 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgrt_free_wchar NEW.
gpgrt_fname_to_wchar NEW.
gpgrt_utf8_to_wchar NEW.
gpgrt_wchar_to_utf8 NEW.
Release-info: https://dev.gnupg.org/T5802
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Peter Müller
|
511d6e416a |
libqmi: Update rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
c4cbb74cb3 |
expat: Update rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
de663df0a8 |
aprutil: Update rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
6c88ad32af |
glib: Update rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
c4cd2b213e |
xz: Update to version 5.4.0
- Update from version 5.2.8 to 5.4.0
- Update of rootfile
- Changelog
5.4.0 (2022-12-13)
This bumps the minor version of liblzma because new features were
added. The API and ABI are still backward compatible with liblzma
5.2.x and 5.0.x.
Since 5.3.5beta:
* All fixes from 5.2.10.
* The ARM64 filter is now stable. The xz option is now --arm64.
Decompression requires XZ Utils 5.4.0. In the future the ARM64
filter will be supported by XZ for Java, XZ Embedded (including
the version in Linux), LZMA SDK, and 7-Zip.
* Translations:
- Updated Catalan, Croatian, German, Romanian, and Turkish
translations.
- Updated German man page translations.
- Added Romanian man page translations.
Summary of new features added in the 5.3.x development releases:
* liblzma:
- Added threaded .xz decompressor lzma_stream_decoder_mt().
It can use multiple threads with .xz files that have multiple
Blocks with size information in Block Headers. The threaded
encoder in xz has always created such files.
Single-threaded encoder cannot store the size information in
Block Headers even if one used LZMA_FULL_FLUSH to create
multiple Blocks, so this threaded decoder cannot use multiple
threads with such files.
If there are multiple Streams (concatenated .xz files), one
Stream will be decompressed completely before starting the
next Stream.
- A new decoder flag LZMA_FAIL_FAST was added. It makes the
threaded decompressor report errors soon instead of first
flushing all pending data before the error location.
- New Filter IDs:
* LZMA_FILTER_ARM64 is for ARM64 binaries.
* LZMA_FILTER_LZMA1EXT is for raw LZMA1 streams that don't
necessarily use the end marker.
- Added lzma_str_to_filters(), lzma_str_from_filters(), and
lzma_str_list_filters() to convert a preset or a filter chain
string to a lzma_filter[] and vice versa. These should make
it easier to write applications that allow users to specify
custom compression options.
- Added lzma_filters_free() which can be convenient for freeing
the filter options in a filter chain (an array of lzma_filter
structures).
- lzma_file_info_decoder() to makes it a little easier to get
the Index field from .xz files. This helps in getting the
uncompressed file size but an easy-to-use random access
API is still missing which has existed in XZ for Java for
a long time.
- Added lzma_microlzma_encoder() and lzma_microlzma_decoder().
It is used by erofs-utils and may be used by others too.
The MicroLZMA format is a raw LZMA stream (without end marker)
whose first byte (always 0x00) has been replaced with
bitwise-negation of the LZMA properties (lc/lp/pb). It was
created for use in EROFS but may be used in other contexts
as well where it is important to avoid wasting bytes for
stream headers or footers. The format is also supported by
XZ Embedded (the XZ Embedded version in Linux got MicroLZMA
support in Linux 5.16).
The MicroLZMA encoder API in liblzma can compress into a
fixed-sized output buffer so that as much data is compressed
as can be fit into the buffer while still creating a valid
MicroLZMA stream. This is needed for EROFS.
- Added lzma_lzip_decoder() to decompress the .lz (lzip) file
format version 0 and the original unextended version 1 files.
Also lzma_auto_decoder() supports .lz files.
- lzma_filters_update() can now be used with the multi-threaded
encoder (lzma_stream_encoder_mt()) to change the filter chain
after LZMA_FULL_BARRIER or LZMA_FULL_FLUSH.
- In lzma_options_lzma, allow nice_len = 2 and 3 with the match
finders that require at least 3 or 4. Now it is internally
rounded up if needed.
- CLMUL-based CRC64 on x86-64 and E2K with runtime processor
detection. On 32-bit x86 it currently isn't available unless
--disable-assembler is used which can make the non-CLMUL
CRC64 slower; this might be fixed in the future.
- Building with --disable-threads --enable-small
is now thread-safe if the compiler supports
__attribute__((__constructor__)).
* xz:
- Using -T0 (--threads=0) will now use multi-threaded encoder
even on a single-core system. This is to ensure that output
from the same xz binary is identical on both single-core and
multi-core systems.
- --threads=+1 or -T+1 is now a way to put xz into
multi-threaded mode while using only one worker thread.
The + is ignored if the number is not 1.
- A default soft memory usage limit is now used for compression
when -T0 is used and no explicit limit has been specified.
This soft limit is used to restrict the number of threads
but if the limit is exceeded with even one thread then xz
will continue with one thread using the multi-threaded
encoder and this limit is ignored. If the number of threads
is specified manually then no default limit will be used;
this affects only -T0.
This change helps on systems that have very many cores and
using all of them for xz makes no sense. Previously xz -T0
could run out of memory on such systems because it attempted
to reserve memory for too many threads.
This also helps with 32-bit builds which don't have a large
amount of address space that would be required for many
threads. The default soft limit for -T0 is at most 1400 MiB
on all 32-bit platforms.
- Previously a low value in --memlimit-compress wouldn't cause
xz to switch from multi-threaded mode to single-threaded mode
if the limit cannot otherwise be met; xz failed instead. Now
xz can switch to single-threaded mode and then, if needed,
scale down the LZMA2 dictionary size too just like it already
did when it was started in single-threaded mode.
- The option --no-adjust no longer prevents xz from scaling down
the number of threads as that doesn't affect the compressed
output (only performance). Now --no-adjust only prevents
adjustments that affect compressed output, that is, with
--no-adjust xz won't switch from multi-threaded mode to
single-threaded mode and won't scale down the LZMA2
dictionary size.
- Added a new option --memlimit-mt-decompress=LIMIT. This is
used to limit the number of decompressor threads (possibly
falling back to single-threaded mode) but it will never make
xz refuse to decompress a file. This has a system-specific
default value because without any limit xz could end up
allocating memory for the whole compressed input file, the
whole uncompressed output file, multiple thread-specific
decompressor instances and so on. Basically xz could
attempt to use an insane amount of memory even with fairly
common files. The system-specific default value is currently
the same as the one used for compression with -T0.
The new option works together with the existing option
--memlimit-decompress=LIMIT. The old option sets a hard limit
that must not be exceeded (xz will refuse to decompress)
while the new option only restricts the number of threads.
If the limit set with --memlimit-mt-decompress is greater
than the limit set with --memlimit-compress, then the latter
value is used also for --memlimit-mt-decompress.
- Added new information to the output of xz --info-memory and
new fields to the output of xz --robot --info-memory.
- In --lzma2=nice=NUMBER allow 2 and 3 with all match finders
now that liblzma handles it.
- Don't mention endianness for ARM and ARM-Thumb filters in
--long-help. The filters only work for little endian
instruction encoding but modern ARM processors using
big endian data access still use little endian
instruction encoding. So the help text was misleading.
In contrast, the PowerPC filter is only for big endian
32/64-bit PowerPC code. Little endian PowerPC would need
a separate filter.
- Added decompression support for the .lz (lzip) file format
version 0 and the original unextended version 1. It is
autodetected by default. See also the option --format on
the xz man page.
- Sandboxing enabled by default:
* Capsicum (FreeBSD)
* pledge(2) (OpenBSD)
* Scripts now support the .lz format using xz.
* A few new tests were added.
* The liblzma-specific tests are now supported in CMake-based
builds too ("make test").
5.2.10 (2022-12-13)
* xz: Don't modify argv[] when parsing the --memlimit* and
--block-list command line options. This fixes confusing
arguments in process listing (like "ps auxf").
* GNU/Linux only: Use __has_attribute(__symver__) to detect if
that attribute is supported. This fixes build on Mandriva where
Clang is patched to define __GNUC__ to 11 by default (instead
of 4 as used by Clang upstream).
5.2.9 (2022-11-30)
* liblzma:
- Fixed an infinite loop in LZMA encoder initialization
if dict_size >= 2 GiB. (The encoder only supports up
to 1536 MiB.)
- Fixed two cases of invalid free() that can happen if
a tiny allocation fails in encoder re-initialization
or in lzma_filters_update(). These bugs had some
similarities with the bug fixed in 5.2.7.
- Fixed lzma_block_encoder() not allowing the use of
LZMA_SYNC_FLUSH with lzma_code() even though it was
documented to be supported. The sync-flush code in
the Block encoder was already used internally via
lzma_stream_encoder(), so this was just a missing flag
in the lzma_block_encoder() API function.
- GNU/Linux only: Don't put symbol versions into static
liblzma as it breaks things in some cases (and even if
it didn't break anything, symbol versions in static
libraries are useless anyway). The downside of the fix
is that if the configure options --with-pic or --without-pic
are used then it's not possible to build both shared and
static liblzma at the same time on GNU/Linux anymore;
with those options --disable-static or --disable-shared
must be used too.
* New email address for bug reports is <xz@tukaani.org> which
forwards messages to Lasse Collin and Jia Tan.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
b2f108fea7 |
libmpc: Update to version 1.3.1
- Update from version 1.2.1 to 1.3.1
- Update of rootfile
- Changelog
Changes in version 1.3.1, released in December 2022:
- Bug fix: It is again possible to include mpc.h without including
stdio.h.
Changes in version 1.3.0 ("Ipomoea batatas"), released in December 2022:
- New function: mpc_agm
- New rounding modes "away from zero", indicated by the letter "A" and
corresponding to MPFR_RNDA on the designated real or imaginary part.
- New experimental ball arithmetic.
- New experimental function: mpc_eta_fund
- Bug fixes:
- mpc_asin for asin(z) with small |Re(z)| and tiny |Im(z)|
- mpc_pow_fr: sign of zero part of result when the base has up to sign
the same real and imaginary part, and the exponent is an even
positive integer
- mpc_fma: the returned 'int' value was incorrect in some cases (indicating
whether the rounded real/imaginary parts were smaller/equal/greater
than the exact values), but the computed complex value was correct.
- Remove the unmaintained Makefile.vc; build files for Visual Studio
can be found at https://github.com/BrianGladman/mpc .
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Matthias Fischer
|
f43be66179 |
pcre2: Update to 10.42
See: https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.41 and https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.42 Excerpts from changelogs: "Version 10.41 06-December-2022 ------------------------------ 1. Add fflush() before and after a fork callout in pcre2grep to get its output to be the same on all systems. (There were previously ordering differences in Alpine Linux). 2. Merged patch from @carenas (GitHub #110) for pthreads support in CMake. 3. SSF scorecards grumbled about possible overflow in an expression in pcre2test. It never would have overflowed in practice, but some casts have been added and at the some time there's been some tidying of fprints that output size_t values. 4. PR #94 showed up an unused enum in pcre2_convert.c, which is now removed. 5. Minor code re-arrangement to remove gcc warning about realloc() in pcre2test. 6. Change a number of int variables that hold buffer and line lengths in pcre2grep to PCRE2_SIZE (aka size_t). 7. Added an #ifdef to cut out a call to PRIV(jit_free) when JIT is not supported (even though that function would do nothing in that case) at the request of a user who doesn't even want to link with pcre_jit_compile.o. Also tidied up an untidy #ifdef arrangement in pcre2test. 8. Fixed an issue in the backtracking optimization of character repeats in JIT. Furthermore optimize star repetitions, not just plus repetitions. 9. Removed the use of an initial backtracking frames vector on the system stack in pcre2_match() so that it now always uses the heap. (In a multi-thread environment with very small stacks there had been an issue.) This also is tidier for JIT matching, which didn't need that vector. The heap vector is now remembered in the match data block and re-used if that block itself is re-used. It is freed with the match data block. 10. Adjusted the find_limits code in pcre2test to work with change 9 above. 11. Added find_limits_noheap to pcre2test, because the heap limits are now different in different environments and so cannot be included in the standard tests. 12. Created a test for pcre2_match() heap processing that is not part of the tests run by 'make check', but can be run manually. The current output is from a 64-bit system. 13. Implemented -Z aka --null in pcre2grep. 14. A minor change to pcre2test and the addition of several new pcre2grep tests have improved LCOV coverage statistics. At the same time, code in pcre2grep and elsewhere that can never be obeyed in normal testing has been excluded from coverage. 15. Fixed a bug in pcre2grep that could cause an extra newline to be written after output generaed by --output. 16. If a file has a .bz2 extension but is not in fact compressed, pcre2grep should process it as a plain text file. A bug stopped this happening; now fixed and added to the tests. 17. When pcre2grep was running not in UTF mode, if a string specified by --output or obtained from a callout in a pattern contained a character (byte) greater than 127, it was incorrectly output in UTF-8 format. 18. Added some casts after warnings from Clang sanitize. 19. Merged patch from cbouc (GitHub #139): 4 function prototypes were missing PCRE2_CALL_CONVENTION in src/pcre2posix.h. All function prototypes returning pointers had out of place PCRE2_CALL_CONVENTION in src/pcre2.h.*. These produced errors when building for Windows with #define PCRE2_CALL_CONVENTION __stdcall. 20. A negative repeat value in a pcre2test subject line was not being diagnosed, leading to infinite looping. 21. Updated RunGrepTest to discard the warning that Bash now gives when setting LC_CTYPE to a bad value (because older versions didn't). 22. Updated pcre2grep so that it behaves like GNU grep when matching more than one pattern and a later pattern matches at an earlier point in the subject when the matched substrings are being identified by colour or by offsets. 23. Updated the PrepareRelease script so that the man page that it makes for the pcre2demo demonstration program is more standard and does not cause errors when processed by lexgrog or mandb -c (GitHub issue #160). 24. The JIT compiler was updated." Version 10.42 11-December-2022 ------------------------------ "This release is mainly to fix a problem with 10.41, which is broken for programs that include pcre2posix.h but not pcre2.h. Some other minor fixes are included. 1. Change 19 of 10.41 wasn't quite right; it put the definition of a default, empty value for PCRE2_CALL_CONVENTION in src/pcre2posix.c instead of src/pcre2posix.h, which meant that programs that included pcre2posix.h but not pcre2.h failed to compile. 2. To catch similar issues to the above in future, a new small test program that includes pcre2posix.h but not pcre2.h has been added to the test suite. 3. When the -S option of pcre2test was used to set a stack size greater than the allowed maximum, the error message displayed the hard limit incorrectly. This was pointed out on GitHub pull request #171, but the suggested patch didn't cope with all cases. Some further modification was required. 4. Supplying an ovector count of more than 65535 to pcre2_match_data_create() caused a crash because the field in the match data block is only 16 bits. A maximum of 65535 is now silently applied. 5. Merged @carenas patch #175 which fixes #86 - segfault on aarch64 (ARM)," Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
7fa435b3bb |
libffi: Update to version 3.4.4
- Update from version 3.4.2 to 3.4.4 - Update of rootfile - Changelog 3.4.4 Oct-23-2022 Important aarch64 fixes, including support for linux builds with Link Time Optimization (-flto). Fix x86 stdcall stack alignment. Fix x86 Windows msvc assembler compatibility. Fix moxie and or1k small structure args. 3.4.3 Sep-19-22 All struct args are passed by value, regardless of size, as per ABIs. Enable static trampolines for Cygwin. Add support for Loongson's LoongArch64 architecture. Fix x32 static trampolines. Fix 32-bit x86 stdcall stack corruption. Fix ILP32 aarch64 support. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |