This helper function is used to load a previously exported list of
networks for a given country code into the ipset module, so it can be
used for any kind of firewall rules.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.5.2 to 3.6.0
- Update of rootfile
- Changelog
Libarchive 3.6.0 is a feature and bugfix release.
New features:
tar: new option "--no-read-sparse" (#1614)
tar: threads support for zstd (#1567)
RAR reader: filter support (#1503)
RAR5 reader: self-extracting archive support (#1585)
ZIP reader: zstd decompression support (#1518)
Other notable bugfixes and improvements:
tar: respect "--ignore-zeros" in c, r and u modes (#1620)
reduced size of application binaries (#1625)
internal code optimizations
Libarchive 3.5.3 is a security release
Security Fixes:
extended fix for following symlinks when processing the fixup list
(#1566, #1617, CVE-2021-31566)
fix invalid memory access and out of bounds read in RAR5 reader
(#1491, #1492, #1493, CVE-2021-36976)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 5.58 to 5.62
- Update of rootfile
- Changelog
### Version 5.62, 2022.01.17, urgency: MEDIUM
* New features
- Added a bash completion script.
* Bugfixes
- Fixed a transfer() loop bug.
### Version 5.61, 2021.12.22, urgency: LOW
* New features sponsored by the University of Maryland
- Added new "protocol = capwin" and "protocol = capwinctrl"
configuration file options.
* New features for the Windows platform
- Added client mode allowing authenticated users to view
logs, reconfigure and terminate running stunnel services.
- Added support for multiple GUI and service instances
distinguised by the location of stunnel.conf.
- Improved log window scrolling.
- Added a new 'Pause auto-scroll' GUI checkbox.
- Double click on the icon tray replaced with single click.
- OpenSSL DLLs updated to version 3.0.1.
* Other new features
- Rewritten the testing framework in python (thx to
Peter Pentchev for inspiration and initial framework).
- Added support for missing SSL_set_options() values.
- Updated stunnel.spec to support RHEL8.
* Bugfixes
- Fixed OpenSSL 3.0 build.
- Fixed reloading configuration with
"systemctl reload stunnel.service".
- Fixed incorrect messages logged for OpenSSL errors.
- Fixed printing IPv6 socket option defaults on FreeBSD.
### Version 5.60, 2021.08.16, urgency: LOW
* New features
- New 'sessionResume' service-level option to allow
or disallow session resumption
- Added support for the new SSL_set_options() values.
- Download fresh ca-certs.pem for each new release.
* Bugfixes
- Fixed 'redirect' with 'protocol'. This combination is
not supported by 'smtp', 'pop3' and 'imap' protocols.
- Enforced minimum WIN32 log window size.
- Fixed support for password-protected private keys with
OpenSSL 3.0 (thx to Dmitry Belyavskiy).
### Version 5.59, 2021.04.05, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.1.1k.
* New features
- Client-side "protocol = ldap" support (thx to Bart
Dopheide and Seth Grover).
* Bugfixes
- The test suite fixed not to require external connectivity.
- Fixed paths in generated manuals (thx to Tatsuki Makino).
- Fixed configuration reload when compression is used.
- Fixed compilation with early releases of OpenSSL 1.1.1.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.12 to 2.13.1
- Update of rootfile
- Changelog
2.13.1 Hot fix
Fix for pure white going gray in grayscale transforms.
2.13 Featured release
Added support for premultiplied alpha
tifficc can now handle alpha channels, both unassociated and premultiplied
Better documentation
CGATS parser can now deal with very long strings
Added Projects for Visual Studio 2020
Travis CI discontinued, GitHub actions used instead
Added a very preliminar meson build script (thanks to xclaesse)
Added ARM64 target to visual studio 2019 (thanks to gaborkertesz-linaro)
Added thread safe code to get time
Added automatic linear space detection
Added cmsGetStageContextID function
Added cmsDetectRGBProfileGamma function
configure now accepts --without-fastfloat to turn plugin off
autogen.sh has now a --distclean toggle to get rid of all autotools generated files
Checked to work on STM32 Cortex-A, Cortex-M families
Bug & typos fixing (thanks to many reporters and contributors)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.50.0 to 1.50.3
- Update of rootfile
- Changelog
Overview of changes in 1.50.3, 21-12-2021
* pango-view: Add --serialize-to option for easy bug reporting
* Revert a transformation change that broke metrics for vertical text
* Handle fonts without space glyph (such as icon fonts) better
* Fix some corner cases of line width accounting
* Fix line height with emulated Small Caps
Overview of changes in 1.50.2, 16-12-2021
* Fix a problem with font fallback for Arabic
* Fix handling of fonts without a space glyph
* Various documentation improvements
* Fix build issues
Overview of changes in 1.50.1, 10-12-2021
* Fix a crash in tab handling
* Fix tab positioning without line wrapping
* Fix an assertion failure found by fuzzing
* Make underlines work again for broken fonts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 3.1.2 to 3.3.2
- Update of rootfile
- Changelog
Overview of changes leading to 3.3.2
- Revert splitting of pair positioning values introduced in 3.3.0 as it proved
problematic. (Behdad Esfahbod)
Overview of changes leading to 3.3.1
- Fix heap-use-after-free in harfbuzz-subset introduced in previous release.
(Garret Rieger)
Overview of changes leading to 3.3.0
- Improved documentation. (Matthias Clasen)
- Internal code cleanup, using C++ standard library more. (Behdad Esfahbod)
- The low 16-bits of face index will be used by hb_face_create() to select a
face inside a font collection file format, while the high 16-bits will be
used by hb_font_create() to load the named instance. (Behdad Esfahbod)
- Glyph positions and other font metrics now apply synthetic slant set by
hb_font_set_synthetic_slant(), for improved positioning for synthetically
slanted fonts. (Behdad Esfahbod)
- Fixed unintentional locale dependency in hb_variation_to_string() for decimal
point representation. (Matthias Clasen)
- When applying pair positioning (kerning) the positioning value is split
between the two sides of the pair for improved cursor positioning between
such pairs. (Behdad Esfahbod)
- Introduced new HB_GLYPH_FLAG_UNSAFE_TO_CONCAT, to be used in conjunction
with HB_GLYPH_FLAG_UNSAFE_TO_BREAK for optimizing re-shaping during line
breaking. Check the documentation for further details. (Behdad Esfahbod)
- Improved handling of macrolanguages when mapping BCP 47 codes to OpenType
tags. (David Corbett)
- New API:
+HB_GLYPH_FLAG_UNSAFE_TO_CONCAT
+hb_segment_properties_overlay()
+hb_buffer_create_similar()
+hb_font_set_synthetic_slant()
+hb_font_get_synthetic_slant()
+hb_font_get_var_coords_design()
Overview of changes leading to 3.2.0
“harfbuzz” library improvements:
- Fixed shaping of Apple Color Emoji flags in right-to-left context. (Behdad Esfahbod)
- Fixed positioning of CFF fonts in HB_TINY profile. (Behdad Esfahbod)
- OpenType 1.9 language tags update. (David Corbett)
- Add HB_NO_VERTICAL config option.
- Add HB_CONFIG_OVERRIDE_H for easier configuration. (Behdad Esfahbod)
“harfbuzz-subset” library improvements:
- Improved packing of cmap, loca, and Ligature tables. (Garret Rieger)
- Significantly improved overflow-resolution strategy in the repacker. (Garret Rieger)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update of lfs PAK_VER from 82 to 83
- Update of rootfiles for each architecture
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 1.26.2 to 1.27.7
- Update of rootfile
- Changelog
1.26.7 (2021-09-22)
* Fixed a bug with HTTPS hostname verification involving IP addresses and lack
of SNI. (Issue #2400)
* Fixed a bug where IPv6 braces weren't stripped during certificate hostname
matching. (Issue #2240)
1.26.6 (2021-06-25)
* Deprecated the ``urllib3.contrib.ntlmpool`` module. urllib3 is not able to support
it properly due to `reasons listed in this issue <https://github.com/urllib3/urllib3/issues/2282>`_.
If you are a user of this module please leave a comment.
* Changed ``HTTPConnection.request_chunked()`` to not erroneously emit multiple
``Transfer-Encoding`` headers in the case that one is already specified.
* Fixed typo in deprecation message to recommend ``Retry.DEFAULT_ALLOWED_METHODS``.
1.26.5 (2021-05-26)
* Fixed deprecation warnings emitted in Python 3.10.
* Updated vendored ``six`` library to 1.16.0.
* Improved performance of URL parser when splitting
the authority component.
1.26.4 (2021-03-15)
* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``.
1.26.3 (2021-01-26)
* Fixed bytes and string comparison issue with headers (Pull #2141)
* Changed ``ProxySchemeUnknown`` error message to be
more actionable if the user supplies a proxy URL without
a scheme. (Pull #2107)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 56.2.0 to 59.5.0
- Update of rootfile
- Changelog
v59.5.0
* #2914: Merge with pypa/distutils@8f2df0bf6.
v59.4.0
* #2893: Restore deprecated support for newlines in the Summary field.
v59.3.0
* #2902: Merge with pypa/distutils@85db7a4124.
* #2906: In ensure_local_distutils, re-use DistutilsMetaFinder to load the module. Avoids race conditions when _distutils_system_mod is employed.
v59.2.0
* #2875: Introduce changes from pypa/distutils@514e9d0, including support for overrides from Debian and pkgsrc, unlocking the possibility of making SETUPTOOLS_USE_DISTUTILS=local the default again.
v59.1.1
* #2885: Fixed errors when encountering LegacyVersions.
v59.1.0
* #2497: Update packaging to 21.2.
* #2877: Back out deprecation of setup_requires and replace instead by a deprecation of setuptools.installer and fetch_build_egg. Now setup_requires is still supported when installed as part of a PEP 517 build, but is deprecated when an unsatisfied requirement is encountered.
* #2879: Bump packaging to 21.2.
* #2867: PNG/ICO images replaced with SVG in the docs.
* #2867: Added support to SVG "favicons" via "in-tree" Sphinx extension.
v59.0.1
* #2880: Removed URL requirement for ``pytest-virtualenv`` in ``setup.cfg``.
PyPI rejects packages with dependencies external to itself.
Instead the test dependency was overwritten via ``tox.ini``
v59.0.0
* #2856: Support for custom commands that inherit directly from ``distutils`` is
**deprecated**. Users should extend classes provided by setuptools instead.
* #2870: Started failing on invalid inline description with line breaks :class:`ValueError` -- by :user:`webknjaz`
* #2698: Exposed exception classes from ``distutils.errors`` via ``setuptools.errors``.
* #2866: Incorporate changes from pypa/distutils@f1b0a2b.
* #2227: Added sphinx theme customisations to display the new logo in the sidebar and
use its colours as "accent" in the documentation -- by :user:`abravalheri`
* #2227: Added new setuptools logo, including editable files and artwork documentation
-- by :user:`abravalheri`
* #2698: Added mentions to ``setuptools.errors`` as a way of handling custom command
errors.
* #2698: Added instructions to migrate from ``distutils.commands`` and
``distutils.errors`` in the porting guide.
* #2871: Added a note to the docs that it is possible to install
``setup.py``-less projects in editable mode with :doc:`pip v21.1+
<pip:index>`, only having ``setup.cfg`` and ``pyproject.toml`` in
project root -- by :user:`webknjaz`
v58.5.3
* #2849: Add fallback for custom ``build_py`` commands inheriting directly from
:mod:`distutils`, while still handling ``include_package_data=True`` for
``sdist``.
v58.5.2
* #2847: Suppress 'setup.py install' warning under bdist_wheel.
v58.5.1
* #2846: Move PkgResourcesDeprecationWarning above implicitly-called function so that it's in the namespace when version warnings are generated in an environment that contains them.
v58.5.0
* #1461: Fix inconsistency with ``include_package_data`` and ``packages_data`` in sdist
by replacing the loop breaking mechanism between the ``sdist`` and
``egg_info`` commands -- by :user:`abravalheri`
v58.4.0
* #2497: Officially deprecated PEP 440 non-compliant versions.
* #2832: Removed the deprecated ``data_files`` option from the example in the
declarative configuration docs -- by :user:`abravalheri`
* #2832: Change type of ``data_files`` option from ``dict`` to ``section`` in
declarative configuration docs (to match previous example) -- by
:user:`abravalheri`
v58.3.0
* #917: ``setup.py install`` and ``easy_install`` commands are now officially deprecated. Use other standards-based installers (like pip) and builders (like build). Workloads reliant on this behavior should pin to this major version of Setuptools. See `Why you shouldn't invoke setup.py directly <https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html>`_ for more background.
* #1988: Deprecated the ``bdist_rpm`` command. Binary packages should be built as wheels instead.
-- by :user:`hugovk`
* #2785: Replace ``configparser``'s ``readfp`` with ``read_file``, deprecated since Python 3.2.
-- by :user:`hugovk`
* #2823: Officially deprecated support for ``setup_requires``. Users are encouraged instead to migrate to PEP 518 ``build-system.requires`` in ``pyproject.toml``. Users reliant on ``setup_requires`` should consider pinning to this major version to avoid disruption.
* #2762: Changed codecov.yml to configure the threshold to be lower
-- by :user:`tanvimoharir`
v58.2.0
* #2757: Add windows arm64 launchers for scripts generated by easy_install.
* #2800: Added ``--owner`` and ``--group`` options to the ``sdist`` command,
for specifying file ownership within the produced tarball (similarly
to the corresponding distutils ``sdist`` options).
* #2792: Document how the legacy and non-legacy versions are compared, and reference to the `PEP 440 <https://www.python.org/dev/peps/pep-0440/>`_ scheme.
v58.1.0
* #2796: Merge with pypa/distutils@02e9f65ab0
v58.0.4
* #2773: Retain case in setup.cfg during sdist.
v58.0.3
* #2777: Build does not fail fast when ``use_2to3`` is supplied but set to a false value.
v58.0.2
* #2769: Build now fails fast when ``use_2to3`` is supplied.
v58.0.1
* #2765: In Distribution.finalize_options, suppress known removed entry points to avoid issues with older Setuptools.
v58.0.0
* #2086: Removed support for 2to3 during builds. Projects should port to a unified codebase or pin to an older version of Setuptools using PEP 518 build-requires.
* #2746: add python_requires example
v57.5.0
* #2712: Added implicit globbing support for `[options.data_files]` values.
* #2737: fix various syntax and style errors in code snippets in docs
v57.4.0
* #2722: Added support for ``SETUPTOOLS_EXT_SUFFIX`` environment variable to override the suffix normally detected from the ``sysconfig`` module.
v57.3.0
* #2465: Documentation is now published using the Furo theme.
v57.2.0
* #2724: Added detection of Windows ARM64 build environments using the ``VSCMD_ARG_TGT_ARCH`` environment variable.
v57.1.0
* #2692: Globs are now sorted in 'license_files' restoring reproducibility by eliminating variance from disk order.
* #2714: Update to distutils at pypa/distutils@e2627b7.
* #2715: Removed reliance on deprecated ssl.match_hostname by removing the ssl support. Now any index operations rely on the native SSL implementation.
* #2604: Revamped the backward/cross tool compatibility section to remove
some confusion.
Add some examples and the version since when ``entry_points`` are
supported in declarative configuration.
Tried to make the reading flow a bit leaner, gather some information
that were a bit dispersed.
v57.0.0
* #2645: License files excluded via the ``MANIFEST.in`` but matched by either
the ``license_file`` (deprecated) or ``license_files`` options,
will be nevertheless included in the source distribution. - by :user:`cdce8p`
* #2628: Write long description in message payload of PKG-INFO file. - by :user:`cdce8p`
* #2645: Added ``License-File`` (multiple) to the output package metadata.
The field will contain the path of a license file, matched by the
``license_file`` (deprecated) and ``license_files`` options,
relative to ``.dist-info``. - by :user:`cdce8p`
* #2678: Moved Setuptools' own entry points into declarative config.
* #2680: Vendored `more_itertools <https://pypi.org/project/more-itertools>`_ for Setuptools.
* #2681: Setuptools own setup.py no longer declares setup_requires, but instead expects wheel to be installed as declared by pyproject.toml.
* #2650: Updated the docs build tooling to support the latest version of
Towncrier and show the previews of not-yet-released setuptools versions
in the changelog -- :user:`webknjaz`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 0.3.3 to 0.5.0
- Update of rootfile
- Changelog
0.5.0
feature:Python: Dropped support for Python 2.7
0.4.2
enhancement:s3: Add support for ExpectedBucketOwner. Fixes#181.
0.4.1
enhancement:crt: Add set_exception to CRTTransferFuture to allow setting exceptions in subscribers.
0.4.0
feature:crt: Add optional AWS Common Runtime (CRT) support. The AWS CRT provides a C-based S3 transfer client that can improve transfer throughput.
0.3.7
bugfix:ReadFileChunk: Fix seek behavior in ReadFileChunk class
0.3.6
bugfix:packaging: Fix setup.py metadata for futures on Python 2.7
0.3.5
enhancement:s3: Block TransferManager methods for S3 Object Lambda resources
0.3.4
enhancement:s3: Add server side encryption context into allowed list
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 4.0 to 4.8
- Update of rootfile
- Changelog
- Switch to [Poetry](https://python-poetry.org/) for dependency and release management.
- Compatibility with Python 3.10.
- Chain exceptions using `raise new_exception from old_exception`
([#157](https://github.com/sybrenstuvel/python-rsa/pull/157))
- Added marker file for PEP 561. This will allow type checking tools in dependent projects
to use type annotations from Python-RSA
([#136](https://github.com/sybrenstuvel/python-rsa/pull/136)).
- Use the Chinese Remainder Theorem when decrypting with a private key. This
makes decryption 2-4x faster
([#163](https://github.com/sybrenstuvel/python-rsa/pull/163)).
- Fix picking/unpickling issue introduced in 4.7
([#173](https://github.com/sybrenstuvel/python-rsa/issues/173))
- Fix threading issue introduced in 4.7
([#173](https://github.com/sybrenstuvel/python-rsa/issues/173))
- Fix [#165](https://github.com/sybrenstuvel/python-rsa/issues/165):
CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption
code
- Add padding length check as described by PKCS#1 v1.5 (Fixes
[#164](https://github.com/sybrenstuvel/python-rsa/issues/164))
- Reuse of blinding factors to speed up blinding operations.
Fixes [#162](https://github.com/sybrenstuvel/python-rsa/issues/162).
- Declare & test support for Python 3.9
Version 4.4 and 4.6 are almost a re-tagged release of version 4.2. It requires
Python 3.5+. To avoid older Python installations from trying to upgrade to RSA
4.4, this is now made explicit in the `python_requires` argument in `setup.py`.
There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to
retag 4.4 as 4.6 as well.
No functional changes compared to version 4.2.
Version 4.3 and 4.5 are almost a re-tagged release of version 4.0. It is the
last to support Python 2.7. This is now made explicit in the `python_requires`
argument in `setup.py`. Python 3.4 is not supported by this release. There was a
mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.3 as
4.5 as well.
Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes.
- Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
- Reject cyphertexts (when decrypting) and signatures (when verifying) that have
been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks
Carnil for pointing this out.
- Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py
for dependency management. There apparently is an issue no-binary installs of
packages build with Poetry. This fixes
[#148](https://github.com/sybrenstuvel/python-rsa/issues/148)
- Limited SHA3 support to those Python versions (3.6+) that support it natively.
The third-party library that adds support for this to Python 3.5 is a binary
package, and thus breaks the pure-Python nature of Python-RSA.
This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147).
- Added support for Python 3.8.
- Dropped support for Python 2 and 3.4.
- Added type annotations to the source code. This will make Python-RSA easier to use in
your IDE, and allows better type checking.
- Added static type checking via [MyPy](http://mypy-lang.org/).
- Fix [#129](https://github.com/sybrenstuvel/python-rsa/issues/129) Installing from source
gives UnicodeDecodeError.
- Switched to using [Poetry](https://poetry.eustace.io/) for package
management.
- Added support for SHA3 hashing: SHA3-256, SHA3-384, SHA3-512. This
is natively supported by Python 3.6+ and supported via a third-party
library on Python 3.5.
- Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
- Reject cyphertexts (when decrypting) and signatures (when verifying) that have
been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks
Adelapie for pointing this out.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
