- Update from version 2.5.0 to commit e1266c7
- Update of rootfile
- When ppp-2.5.0 was released it had a bug bin it that the lock and run directories
had non standard defaults but also that if the directory did not exist ppp just
ignored it and continued to start but would then have error messages in the logs about
not being able to cretae the lock file
- This issue was raised in the ppp github issues and a set of patches merged into ppp.
- The plan was written in Nov 2023 that this would be released as 2.5.1, however nearly
three months later there is no sight of 2.5.1 being released and people continue to
flag up the lock directory issues and have to apply a workaround to create the directory
in local.rc
- This patch has taken the zip source tarball of master at the commit e1266c7. The zip
tarball was then extracted and then tar'd back up as a tar.gz file with the version set
at e1266c7 rather than master. I could not find any other way to get a source tarball\
created at a certain commit stage.
- The patch ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch had to be updated due to some
changes in the source files.
- The patch ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch
was removed as the changes are now built into the source tarball.
- This will need to be tested thoroughly by people with ppp to confirm that the lock
directory is created if it doesn't exist on the system. I can't test that as I have
no access to a ppp connection system.
- For a view of the changelog between 2.5.0 and e1266c7 the github commits list needs to
be reviewed. https://github.com/ppp-project/ppp/commits/master/?before=e1266c76d1ad39f98f11676e34f180f78c5a510c+35
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.6.1 to 2.6.2
- Update of rootfile
- Changelog
2.6.2
Security fixes:
#839#842 CVE-2024-28757 -- Prevent billion laughs attacks with
isolated use of external parsers. Please see the commit
message of commit 1d50b80cf31de87750103656f6eb693746854aa8
for details.
Bug fixes:
#839#841 Reject direct parameter entity recursion
and avoid the related undefined behavior
Other changes:
#847 Autotools: Fix build for DOCBOOK_TO_MAN containing spaces
#837 Add missing #821 and #824 to 2.6.1 change log
#838#843 Version info bumped from 10:1:9 (libexpat*.so.1.9.1)
to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/
for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.6.0 to 5.6.1
- Update of rootfile
- Changelog
5.6.1
* liblzma: Fixed two bugs relating to GNU indirect function (IFUNC)
with GCC. The more serious bug caused a program linked with
liblzma to crash on start up if the flag -fprofile-generate was
used to build liblzma. The second bug caused liblzma to falsely
report an invalid write to Valgrind when loading liblzma.
* xz: Changed the messages for thread reduction due to memory
constraints to only appear under the highest verbosity level.
* Build:
- Fixed a build issue when the header file <linux/landlock.h>
was present on the system but the Landlock system calls were
not defined in <sys/syscall.h>.
- The CMake build now warns and disables NLS if both gettext
tools and pre-created .gmo files are missing. Previously,
this caused the CMake build to fail.
* Minor improvements to man pages.
* Minor improvements to tests.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.6.13 to 8.6.14
- Update of rootfile
- Changelog
8.6.14
This is a patch release, so it primarily includes bug fixes and corrections
to erratic behavior. Highlighted changes are noted below. The changes file
at the root of the source tree contains a more complete list. The Timelines
of all changes are online.
http://core.tcl-lang.org/tcl/timelinehttp://core.tcl-lang.org/tk/timeline
* [TIP 402] revise path normalization for x-platform UNC path support
*** POTENTIAL INCOMPATIBILITY ***
* Harmonize Tk's parse of numbers (screen distance, etc) with Tcl
*** POTENTIAL INCOMPATIBILITY ***
* Iconlist ignores options db for fg text color; affects dialogs
*** POTENTIAL INCOMPATIBILITY ***
* Aqua: XPutImage() swaps red and blue channels
*** POTENTIAL INCOMPATIBILITY ***
* [encoding convertfrom] handling of incomplete code sequences
*** POTENTIAL INCOMPATIBILITY ***
* Harmonize handling of ~ in paths across platforms.
*** POTENTIAL INCOMPATIBILITY ***
* Fix menu clone binding misbehavior, menu-20.1[2-6].
*** POTENTIAL INCOMPATIBILITY ***
* Improved performance of [exec] and [open |$cmd] on unix-lke
systems, especially with large memory footprints.
* Improve performance of large treeview destruction.
* Improve performance of large image insertions into text.
* Improve widget creation performance due to poor font caching.
* Fix notebook tab appearances when placed on edge other than top.
* Enable treeview display of partial final line.
* Win: restore [exec %var%] that was dropped in 8.6.13.
* Allow [chan create {} $cmd]. Enables simulation of server channels.
* Allow return from [tk scaling] in safe interps.
* Prevent navigation by word exposing clues to masked entry contents.
* Fix crashes or hangs in...
- [chan pop] with pending input
- thread finalization of reflected channels
- [label .l -bitmap floppy]
- [set tcl_precision 15; expr 6.4623485355705287e-27]
- [tk busy forget] and [tk busy hold]
- channel read into "string" Tcl_Obj can BO, and perform poorly
- KVO crash after destroying Aqua's first root toplevel
- Test treeview-6ee162c3f9
- Test tailcall-bug-784befb0ba
- Tests menu-40.[12]
* Repair memory leaks and errors
- Eliminate undefined realloc() calls
- Silence many warnings from -fsanitize=function
- Flawed interfacing with XIM
- Tcl_UtfToExternal writing to one-byte buffer
- Tcl_UtfToUniChar() handling of 0xC1.
- Tk_ConfigureValue could call wrong free() routine.
- tests getuncichar-1.* in utf.test
- ...and many more
* No more support for 32-bit Cygwin
* ::tcl_platform(osVersion) updated to report Windows 11
* Accommodate macOS deprecation of sprintf()
* Silence macOS 14 warnings about secure restorable state.
* Code changes to support ASan use-after-return detection
* Revise Tcl_MakeFileChannel() to better partner with pledge()
* Prevent false [clock format] error reports on FreeBSD
* Region clip & copy make better use of OS facilities.
* Update handling of Apple FourCC creator codes.
* Text selection omits first character, text-38.1
* Windows: improved support of non-BMP pathnames
* Fixed some Y2038 limitations
* Fix photo color drawing on X11 32-bit visuals.
* Fix <<MenuSelect>> regression on menus with -tearoff
* Correct rounding of [nsFont pointSize].
* zlib comment/filename error handling (zlib-8.19, zlib-8.2[012])
* Prevent theme change attempts after Tk finalize.
* Make dialogs robust against parent destruction.
* Make [tk_chooseColor] robust against failed grab.
* Fix menu parsing of @x,y indices. menu-22.[6-9]
* Fix inconsistent results from [font measure].
* Fixed [clock scan|add] handling of abbreviated options
* Avoid endless loops replacing [unknown] or [history].
* Fix polluted error messages from [send -option].
* PNG photo image decoder missed a 0xFF entry.
* Fix failing winTime-2.1 on Windows
* test string-2.20.1 failed on big endian platforms
* Updated bundled packages, libraries, standards, data
- Itcl 4.2.4
- sqlite3 3.44.2
- Thread 2.8.9
- TDBC* 1.1.7
- tcltest 2.5.7
- libtommath 1.2.1
- zlib 1.3.1
- Unicode 15.1
- tzdata 2024a
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 24.01.0 to 24.03.0
- Update of rootfile
- find-dependencies run due to sobump. No issues found
- Changelog
24.03.0:
core:
* Fix opening some malformed files. Issue #1447
* Skip drawing image when it has singular matrix. Issue #1114
* Fix crash on malformed files
* Small internal code cleanup
utils:
* pdfdetach: Fix potential directory traversal
* pdfimages: Enable to print filenames to stdout.
* pdfsig: Add visible name/date when signing an existing form signature field
24.02.0:
core:
* Fix reading some JBIG2 streams. Issue #1319
* Fix saving some annotation interior color when it's empty
* Make searching for fonts when adding annotations a bit faster
* Make sure images are compressed when adding them
* Small internal code cleanup
utils:
* pdfimages: return exit code 2 when error opening output files
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20231114 to 20240312
- Update of rootfile
- For the changelog details see the releasenote.md file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.52.23 to 0.52.24
- Update of rootfile
- Changelog
0.52.24
- add support for python3.13
- fix compiler warnings
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.2.4 to 3.3.5
- Update of rootfile
- Changelog
3.3.5 (2024-03-06)
Features:
- knotd: new module mod-authsignal for automatic authenticated DNSSEC
bootstrapping records synthesis (Thanks to Peter Thomassen)
- kzonecheck: new optional ZONEMD verification (see option '-z')
Improvements:
- knotd: new DNSSEC key rollover log informs about next planned key action
- knotd, kzonecheck: added limit on non-matching keys with a duplicate keytag
- knot-exporter: added counter-type variant for each metric (Thanks to Marcel Koch)
- libs: upgraded embedded libngtcp2 to 1.3.0
- doc: various fixes and updates
Bugfixes:
- knotd, kzonecheck: failed to validate RRSIG if there are more keys with the same keytag
- knotd, kzonecheck: failed to validate zone with more CSK keys
- libknot: insufficient check for malformed TCP header options over XDP
3.3.4 (2024-01-24)
Features:
- knotd: new configuration item for clearing configuration sections (see 'clear')
- knotc: configuration import can preserve database contents (see '+nopurge' flag)
- kxdpgun: new parameter for setting UDP payload size in EDNS (see '--edns-size') #915
Improvements:
- knotd: extended configuration check for 'zonefile-load' and 'journal-content'
- knotd: lowered check limit for additional NSEC3 iterations to 0
- knotd: lowered severity level of an informational backup log
- knotd: better log message when flushing the journal
- knotd: zone restore checks if requested contents are in the provided backup
- knotc: '+quic' is default for zone backup, '+noquic' is default for zone restore
- kdig: better processing of timeouts and reduced sent datagrams over QUIC
- kdig: no retries are attempted over QUIC
- keymgr: improved compatibility with bind9-generated keys
- libs: some improvements in XDP buffer allocation
- libs: upgraded embedded libngtcp2 to 1.2.0
- doc: various fixes and updates
Bugfixes:
- knotd: failed to build on macOS #909
- knotd: 'nsec3-salt-lifetime: -1' doesn't work if 'ixfr-from-axfr' is enabled
- knotd: unnecessarily updated RRSIGs if 'ixfr-from-axfr' and signing are enabled
- knotc: zone check complains about missing zone file #913
- kdig: failed to try another target address over QUIC
- libknot: infinite loop in knot_rrset_to_wire_extra() #916
3.3.3 (2023-12-13)
Features:
- knotd: new 'pattern' mode of ACL update owner matching (see 'acl.update-owner-match')
- knotc: new '+keysonly' filter for zone backup/restore
Improvements:
- knotd: zone purging waits for finished zone expiration for better reliability
- knotd: remote configuration considers more 'via' with the same address family
- knotd: refresh doesn't fall back from IXFR to AXFR upon a network error
- knotd: increased default for 'policy.rrsig-refresh' by (0.1 * 'rrsig-lifetime')
- knotd: new control flag 'u' for unix time output format from zone status
- knotd: extended check for inconsistent acl settings
- knotd/libknot: simplified TCP/QUIC sweep logging
- mod-dnsproxy: all configured remote addresses are used for fallback operation
- mod-dnsproxy: module responds locally if forwarding fails instead of SERVFAIL
- libs: upgraded embedded libngtcp2 to 1.1.0
- doc: various fixes and extensions
Bugfixes:
- knotd: zone backup fails due to improper backup context deinitialization #891
- knotd: failed to sign the zone if maximum zone's TTL is too high
- knotd: malformed TCP header if used with QUIC in the generic XDP mode
- knotd: server can crash when processing new TCP connections over XDP
- knotd: incorrect initialization of TCP limits
- knotd: orphaned PEM file not deleted when key generation fails
- knotd/libknot: connection timeouts over QUIC due to incomplete retransfer handling #894
- kdig: crashed when querying DNS over TLS if TLS handshake times out #896
- kzonecheck: failed to check DS with SHA-1 or GOST if not supported by local policy
- libdnssec: failed to compile with GnuTLS if PKCS #11 support is disabled
3.3.2 (2023-10-20)
Features:
- knotd: support for IXFR from AXFR computation (see 'zone.ixfr-from-axfr')
- knotd: support benevolent IXFR (see 'zone.ixfr-benevolent')
- knot-exporter: new configuration option '--no-zone-serial' #880
Improvements:
- libs: upgraded embedded libngtcp2 to 1.0.0
- knotd: added logging of new SOA serial when signing is finished
- knotd: unified some XDP-related logging
- keymgr: improved error message if a key file is not accessible
- keymgr: added offline RRSIGs validation at the end of their validity intervals
- kdig: upgraded EDNS presentation format to draft version -02
- kdig: simplified QUIC connection without extra PING frames
- kzonecheck: removed requirement that DS is at delegation point
- doc: various fixes and improvements
Bugfixes:
- knotd: logged incorrect new SOA serial if 'zonefile-load: difference' is set #875
- knotd: more signing threads with a PKCS #11 keystore has no effect #876
- knotd: DNAME record returned with query domain name instead of actual name #873
- knotd: failed to import configuration file if mod-geoip is in use #881
- knotd: failed to sign RRSet that fits to 64k only if compressed
- knotd: broken zone update context upon failed operation over control interface
- keymgr: offline RRSIGs not refreshed if 'rrsig-refresh' is not set
- knsupdate: incorrect processing of @ in the delete operation #879
- knot-exporter: failed to parse knotd PIDs on FreeBSD
Packaging:
- docker: added support for (inter-container) D-Bus signaling
3.3.1 (2023-09-11)
Improvements:
- knotd: multiple catalog groups per member are tolerated, but only one is used
- modules: added const qualifier to various function parameters #877 (Thanks to Robert Edmonds)
- libs: upgraded embedded libngtcp2 to 0.19.1
Bugfixes:
- knotd: TCP over XDP fails to respond
- knotd: server can crash when adjusting a wildcard glue
- knotd: failed to forward DDNS if 'zone.master' points to 'remotes'
- knotd: broken YAML statistics if more modules are configured #874
- knotd: DDNS forwarding isn't RFC 8945 compliant
3.3.0 (2023-08-28)
Features:
- knotd: full DNS over QUIC (DoQ, RFC 9250) implementation, also without XDP
- knotd: bidirectional XFR over QUIC (XoQ) support with opportunistic, strict,
and mutual authentication profiles
- knotd: automatic reverse PTR records pre-generation (see 'zone.reverse-generate')
- knotd: new per zone statistic counters 'zone.size' and 'zone.max-ttl'
- knotd: new primary server pinning (see 'zone.master-pin-tolerance')
- knotd: new SOA serial modulo policy (see 'zone.serial-modulo')
- knotd: new multi-signer operation mode (see 'policy.dnskey-sync' and 'DNSSEC multi-signer')
- kdig: support for EDNS presentation format, also in JSON mode (see '+optpresent')
- kxdpgun: new TCP/QUIC debug mode 'R' for connection reuse
- kxdpgun: new XDP mode parameter '--mode' (Thanks to Jan Včelák)
- kxdpgun: new parameter '--qlog' for qlog destination specification
- kzonecheck: new '--print' parameter for dumping the zone on stdout
Improvements:
- knotd: secondary can be configured not to forward DDNS (see 'zone.ddns-master')
- knotd: extended support for UNIX socket configuration (remote, acl)
- knotd: stats no longer dump empty or zero counters
- knotd: new 'keys-updated' D-Bus event
- knotd: added transport protocol information to outgoing event and nameserver logs
- knotd: server cleans up stale LMDB readers when opening a RW transaction
- knotd,kzonecheck: semantic check allows DS only at delegation point
- knotc: new zone backup filters '+quic' and '+noquic' for QUIC key backup
- mod-dnstap: DNS over QUIC traffic is marked as QUIC
- kxdpgun: QUIC connections are closed by default
- libs: upgraded embedded libngtcp2 to 0.18.0
- kdig: QUIC, TLS, or HTTPS protocol is printed in the final statistics
- doc: new sections 'DNS over QUIC' and 'DNSSEC multi-signer'
- doc: various improvements
Bugfixes:
- knotd: server can crash if a shared module is loaded and dynamic configuration used
- knotd: inaccurate transfer size is logged if EDNS EXPIRE, PADDING, or TSIG is present
- knotd: subsequent addition and removal to catalog zone isn't handled properly
- knotc: configuration import fails if an explicit shared module is configured
- utils: database transactions not properly closed when terminated prematurely
- kdig: double-free on some malformed responses over QUIC #869
- kdig: some TLS parameters override QUIC parameters
- libs: NULL record with empty RDATA isn't allowed
- tests: dthreads destructor test sometimes fails
Compatibility:
- knotd: responses to forwarded DDNS requests are signed with local TSIG key
- knotd: NOTIFY-initiated refresh tries all configured addresses of the remote
- knotd: configuration option 'xdp.quic-log' was replaced with 'log.quic'
- libs: removed embedded libbpf, an external one is necessary for XDP
- libs: DNS over QUIC implementation only supports 'doq' ALPN
- ctl: removed 'Version: ' prefix from 'status version' output
- modules: reduced parameters of 'knotd_qdata_local_addr()'
Packaging:
- knot-exporter: Prometheus exporter imported from GitHub
- knot-exporter: packages for Debian, Ubuntu, and PyPI
- debian,ubuntu: new self-hosted repository (see https://pkg.labs.nic.cz/doc/)
- docker: upgraded to Debian bookworm-slim
3.2.9 (2023-07-27)
Improvements:
- keymgr: 'import-pkcs11' not allowed if no PKCS #11 keystore backend is configured
- keymgr: more verbose key import errors
- doc: extended migration notes
- doc: various improvements
Bugfixes:
- knotd: server may crash when storing changeset of a big zone migrating to/from NSEC3
- knotd: zone refresh loop when all masters are outdated and timers cleared
- knotd: failed to active D-Bus notifications if not started as systemd service
- kjournalprint: database transaction not properly closed when terminated prematurely
3.2.8 (2023-06-26)
Improvements:
- kdig: malformed messages are parsed and printed using a best-effort approach
- python: new dname from wire initialization
Bugfixes:
- knotd: missing outgoing NOTIFY upon refresh if one of more primaries is up-to-date
- knotd: journal loop detection can prevent zone from loading
- knotd: cryptic error message when journal is full #842
- knotd: failed to query catalog zone over UDP
- configure: libngtcp2 check wrongly requires version 0.13.0 instead of 0.13.1
3.2.7 (2023-06-06)
Features:
- knotd: new configuration option for preserving incoming IXFR changeset history
(see 'zone.ixfr-by-one')
Improvements:
- knotd: journal ensures the stored changeset's SOA serials are strictly increasing
- knotd: more effective handling of zero KNOT_ZONE_LOAD_TIMEOUT_SEC environment value
- knotd, kdig: incoming transfer fails if a message has the TC bit set
- knotd, kjournalprint: store or print the timestamp of changeset creation
- kxdpgun: load only necessary number of queries (Thanks to Petr Špaček)
- kxdpgun: print ratio of sent vs. requested queries (Thanks to Petr Špaček)
- kxdpgun: print percentages as floats (Thanks to Petr Špaček)
- kjournalprint: ability to print a changeset loop
- kjournalprint: added changset serials information to '-z -d' output
- packaging: RHEL9 requires libxdp like fedora since RHEL 9.2 #844
- doc: various improvements
Bugfixes:
- knotd: journal loading can get stuck in a multi-changeset loop
- knotd: missing RCU lock when reading zone through the control interface
- knotd: server start D-Bus signaling doesn't work well if the zone file is
missing, catalog zones are used, or in the async-start mode
- knotd: test suite fails on 32bit architectures on musl 1.2 and newer #843
- knotd: failed to process zero-length messages over QUIC
- libs: compilation with embedded ngtcp2 fails if there is another ngtcp2 in the path
3.2.6 (2023-04-04)
Improvements:
- libs: upgraded embedded libngtcp2 to 0.13.1
- libs: added support for building on Cygwin and MSYS (Thanks to Christopher Ng)
- mod-dnstap: improved precision of stored time values
- kdig: added option for EDNS EXPIRE (see '+expire') #836
- kdig: extended description of SOA timers in the multiline mode
- kdig: reduced latency of TLS communication
- libknot: added EDE codes 28 and 29
- doc: various improvements
Bugfixes:
- knotd: generated catalog zone not updated upon server reload #834
- knotd: failed to check shared module configuration
- knotd: missing RCU registration of the statistics thread (Thanks to Qin Longfei)
- knotd: server logs failed to send QUIC packets in the XDP mode
- libs: inconsistent transformation of IPv4-Compatible IPv6 Addresses
- utils: failed to load configuration if dnstap module is enabled #831
- libknot: missing include string.h
3.2.5 (2023-02-02)
Features:
- knotd: new configuration option for enforcing IXFR fallback (see 'zone.provide-ixfr')
Improvements:
- knotd: changed UNIX socket file mode to 0222 for answering and 0220 for control
- mod-probe: new support for communication over a UNIX socket
- kdig: new support for communication over a UNIX socket
- libs: upgraded embedded libngtcp2 to 0.13.0
- doc: various improvements
Bugfixes:
- knotd: failed to get catalog member configuration if catalog template is in a template
- knotd: failed to respond over a UNIX socket with EDNS
- knotd: unexpected zone update upon restart or zone reload if ZONEMD generation is enabled
- knotd: redundant zone flush of unchanged zone if zone file load is 'difference-no-serial'
- knotd/kxdpgun: failed to receive messages over XDP with drivers tap or ena
- knotc: zone check doesn't report missing zone file #829
- kxdpgun: program crashes when remote closes QUIC connection instead of resumption
- mod-geoip: configuration check leaks memory in the geodb mode
- utils: unwanted color reset sequences in non-color output
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 13.2 to 14.2
- Update of rootfile
- Changelog
14.2
This is a minor corrective release over GDB 14.1, fixing the following issues:
PR symtab/31112 (DLL export forwarding is broken)
PR c++/31128 (gdb crashes when trying to print a global variable stub without
a running inferior)
PR tdep/31254 ([gdb/tdep, arm] FAIL: gdb.threads/staticthreads.exp: up 10)
PR gdb/31256 (Crash with basic 'list .')
PR python/31366 (Frame.static_link() segfaults)
14.1
This version of GDB includes the following changes and enhancements:
Removed features, removed configurations:
GDB no longer support AiX 4.x, 5.x and 6.x. The minimum version supported
is AiX 7.1.
GDB/MI version 1 support has been removed
Initial built-in support for Debugger Adapter Protocol (DAP)
GDB now recognizes the NO_COLOR environment variable
Initial support for integer types larger than 64 bits
Breakpoints can now be inferior-specific
New convenience function "$_shell", to execute a shell command and return its
result.
Python support
New class gdb.Thread
New class gdb.unwinder.FrameId
New class gdb.ValuePrinter
New gdb.Inferior.arguments attribute, holding the command-line arguments
to the inferior, if known
New gdb.Inferior.main_name attribute, holding the name of the inferior's
'main', if known.
New gdb.Breakpoint.inferior attribute
New gdb.Progspace.symbol_file attribute
New gdb.Progspace.executable_filename attribute
New function gdb.execute_mi(COMMAND, [ARG]...)
New function gdb.block_signals()
New method gdb.Frame.static_link
New gdb.Inferior 'clear_env', 'set_env' and 'unset_env' methods
New gdb.Type now has the 'is_array_like' and 'is_string_like' methods
New gdb.Value 'assign' method
New gdb.Value 'to_array' method
New gdb.Progspace 'objfile_for_address' method
New methods added to the gdb.PendingFrame class, with behavior which is
the same as the corresponding methods on gdb.Frame.
gdb.LazyString now implements the __str__ method
New event gdb.ThreadExitedEvent
New event gdb.ExecutableChangedEvent
New event gdb.NewProgspaceEvent
New event gdb.FreeProgspaceEvent
The frame-id passed to gdb.PendingFrame.create_unwind_info now use either
an integer or a gdb.Value object for each of its 'sp', 'pc', and
'special' attributes.
The Disassembler API from the gdb.disassembler module has been extended
to include styling support
gdb.parse_and_eval now has a new "global_context" parameter, allowing the
request to only examine global symbols.
The name argument passed to gdb.unwinder.Unwinder.__init__ must now be of
type 'str' otherwise a TypeError will be raised.
The gdb.unwinder.Unwinder.enabled attribute can now only accept values of
type 'bool'. Changing this attribute will now invalidate GDB's
frame-cache.
It is now no longer possible to sub-class the
gdb.disassembler.DisassemblerResult type.
Remote protocol
Support for enabling or disabling individual remote target features
GDB/MI support
New 'no-history' stop reason
Support for inferior-specific breakpoints
The bkpt tuple, which appears in breakpoint-created notifications, and in
the result of the -break-insert command can now include an optional
'inferior' field for both the main breakpoint, and each location, when
the breakpoint is inferior-specific.
Trying to create a thread-specific breakpoint using a non-existent thread
ID now results in an error
New "simple-values-ref-types" -list-feature value indicating how the
--simple-values option in various commands take reference types into
account.
Enhanced AArch64 support
Initial support for Scalable Matrix Extension (SME) and for Scalable
Matrix Extension 2 (SME2)
The 'org.gnu.gdb.aarch64.pauth' Pointer Authentication feature is now
deprecated in favor of the 'org.gnu.gdb.aarch64.pauth_v2' feature string
Enhanced Ada support
Support for the Ada 2022 target name symbol ('@')
Support for the The Ada 2022 'Enum_Rep and 'Enum_Val attributes
Miscellaneous
The 'list' command now accepts '.' as an argument, telling GDB to print
the location around the point of execution within the current frame
New '%V' output format for printf and dprintf commands.
The printf command now limits the size of strings fetched from the
inferior to the value of the 'max-value-size' setting.
Support for extending at configure time the default value of the
'debug-file-directory' GDB parameter via the new
--additional-debug-dirs=PATHs configure option.
New command "info main"
New command "set tui mouse-events [on|off]" (on by default)
New command "set always-read-ctf on|off" (off by default)
Various new debug and maitenance commands
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.190 to 0.191
- Update of rootfile
- Changelog
0.191
libdw: dwarf_addrdie now supports binaries lacking a .debug_aranges
section.
Improved support for DWARF package files. Add new function
dwarf_cu_dwp_section_info.
debuginfod: Caching eviction logic improvements to improve retention
of small/frequent/slow files such as Fedora's vdso.debug.
srcfiles: Can now fetch the source files of a DWARF/ELF file and
place them into a zip.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.4.6 to 5.6.0
- Update of rootfile
- Changelog
5.6.0 (2024-02-24)
This bumps the minor version of liblzma because new features were
added. The API and ABI are still backward compatible with liblzma
5.4.x and 5.2.x and 5.0.x.
NOTE: As described in the NEWS for 5.5.2beta, the core components
are now under the BSD Zero Clause License (0BSD).
Since 5.5.2beta:
* liblzma:
- Disabled the branchless C variant in the LZMA decoder based
on the benchmark results from the community.
- Disabled x86-64 inline assembly on x32 to fix the build.
* Sandboxing support in xz:
- Landlock is now used even when xz needs to create files.
In this case the sandbox is has to be more permissive than
when no files need to be created. A similar thing was
already in use with pledge(2) since 5.3.4alpha.
- Landlock and pledge(2) are now stricter when reading from
more than one input file and only writing to standard output.
- Added support for Landlock ABI version 4.
* CMake:
- Default to -O2 instead of -O3 with CMAKE_BUILD_TYPE=Release.
-O3 is not useful for speed and makes the code larger.
- Now builds lzmainfo and lzmadec.
- xzdiff, xzgrep, xzless, xzmore, and their symlinks are now
installed. The scripts are also tested during "make test".
- Added translation support for xz, lzmainfo, and the
man pages.
- Applied the symbol versioning workaround for MicroBlaze that
is used in the Autotools build.
- The general XZ Utils and liblzma API documentation is now
installed.
- The CMake component names were changed a little and several
were added. liblzma_Runtime and liblzma_Development are
unchanged.
- Minimum required CMake version is now 3.14. However,
translation support is disabled with CMake versions
older than 3.20.
- The CMake-based build is now close to feature parity with the
Autotools-based build. Most importantly a few tests aren't
run yet. Testing the CMake-based build on different operating
systems would be welcome now. See the comment at the top of
CMakeLists.txt.
* Fixed a bug in the Autotools feature test for ARM64 CRC32
instruction support for old versions of Clang. This did not
affect the CMake build.
* Windows:
- The build instructions in INSTALL and windows/INSTALL*.txt
were revised completely.
- windows/build-with-cmake.bat along with the instructions
in windows/INSTALL-MinGW-w64_with_CMake.txt should make
it very easy to build liblzma.dll and xz.exe on Windows
using CMake and MinGW-w64 with either GCC or Clang/LLVM.
- windows/build.bash was updated. It now works on MSYS2 and
on GNU/Linux (cross-compiling) to create a .zip and .7z
package for 32-bit and 64-bit x86 using GCC + MinGW-w64.
* The TODO file is no longer installed as part of the
documentation. The file is out of date and does not reflect
the actual tasks that will be completed in the future.
* Translations:
- Translated lzmainfo man pages are now installed. These
had been forgotten in earlier versions.
- Updated Croatian, Esperanto, German, Hungarian, Korean,
Polish, Romanian, Spanish, Swedish, Vietnamese, and Ukrainian
translations.
- Updated German, Korean, Romanian, and Ukrainian man page
translations.
* Added a few tests.
Summary of new features added in the 5.5.x development releases:
* liblzma:
- LZMA decoder: Speed optimizations to the C code and
added GCC & Clang compatible inline assembly for x86-64.
- Added lzma_mt_block_size() to recommend a Block size for
multithreaded encoding.
- Added CLMUL-based CRC32 on x86-64 and E2K with runtime
processor detection. Similar to CRC64, on 32-bit x86 it
isn't available unless --disable-assembler is used.
- Optimized the CRC32 calculation on ARM64 platforms using the
CRC32 instructions. Runtime detection for the instruction is
used on GNU/Linux, FreeBSD, Windows, and macOS. If the
compiler flags indicate unconditional CRC32 instruction
support (+crc) then the generic version is not built.
- Added definitions of mask values like
LZMA_INDEX_CHECK_MASK_CRC32 to <lzma/index.h>.
* xz:
- Multithreaded mode is now the default. This improves
compression speed and creates .xz files that can be
decompressed in multithreaded mode. The downsides are
increased memory usage and slightly worse compression ratio.
- Added a new command line option --filters to set the filter
chain using the liblzma filter string syntax.
- Added new command line options --filters1 ... --filters9 to
set additional filter chains using the liblzma filter string
syntax. The --block-list option now allows specifying filter
chains that were set using these new options.
- Ported the command line tools to Windows MSVC.
Visual Studio 2015 or later is required.
* Added lz4 support to xzdiff/xzcmp and xzgrep.
5.5.2beta (2024-02-14)
* Licensing change: The core components are now under the
BSD Zero Clause License (0BSD). In XZ Utils 5.4.6 and older
and 5.5.1alpha these components are in the public domain and
obviously remain so; the change affects the new releases only.
0BSD is an extremely permissive license which doesn't require
retaining or reproducing copyright or license notices when
distributing the code, thus in practice there is extremely
little difference to public domain.
* liblzma
- Significant speed optimizations to the LZMA decoder were
made. There are now three variants that can be chosen at
build time:
* Basic C version: This is a few percent faster than
5.4.x due to some new optimizations.
* Branchless C: This is currently the default on platforms
for which there is no assembly code. This should be a few
percent faster than the basic C version.
* x86-64 inline assembly. This works with GCC and Clang.
The default choice can currently be overridden by setting
LZMA_RANGE_DECODER_CONFIG in CPPFLAGS: 0 means the basic
version and 3 means that branchless C version.
- Optimized the CRC32 calculation on ARM64 platforms using the
CRC32 instructions. The instructions are optional in ARMv8.0
and are required in ARMv8.1 and later. Runtime detection for
the instruction is used on GNU/Linux, FreeBSD, Windows, and
macOS. If the compiler flags indicate unconditional CRC32
instruction support (+crc) then the generic version is not
built.
* Added lz4 support to xzdiff/xzcmp and xzgrep.
* Man pages of xzdiff/xzcmp, xzgrep, and xzmore were rewritten
to simplify licensing of the man page translations.
* Translations:
- Updated Chinese (simplified), German, Korean, Polish,
Romanian, Spanish, Swedish, and Ukrainian translations.
- Updated German, Korean, Romanian, and Ukrainian man page
translations.
* Small improvements to the tests.
* Added doc/examples/11_file_info.c. It was added to the Git
repository in 2017 but forgotten to be added into distribution
tarballs.
* Removed doc/examples_old. These were from 2012.
* Removed the macos/build.sh script. It had not been updated
since 2013.
5.5.1alpha (2024-01-26)
* Added a new filter for RISC-V binaries. The filter can be used
for 32-bit and 64-bit binaries with either little or big
endianness. In liblzma, the Filter ID is LZMA_FILTER_RISCV (0x0B)
and the xz option is --riscv. liblzma filter string syntax
recognizes this filter as "riscv".
* liblzma:
- Added lzma_mt_block_size() to recommend a Block size for
multithreaded encoding
- Added CLMUL-based CRC32 on x86-64 and E2K with runtime
processor detection. Similar to CRC64, on 32-bit x86 it
isn't available unless --disable-assembler is used.
- Implemented GNU indirect function (IFUNC) as a runtime
function dispatching method for CRC32 and CRC64 fast
implementations on x86. Only GNU/Linux (glibc) and FreeBSD
builds will use IFUNC, unless --enable-ifunc is specified to
configure.
- Added definitions of mask values like
LZMA_INDEX_CHECK_MASK_CRC32 to <lzma/index.h>.
- The XZ logo is now included in the Doxygen generated
documentation. It is licensed under Creative Commons
Attribution-ShareAlike 4.0.
* xz:
- Multithreaded mode is now the default. This improves
compression speed and creates .xz files that can be
decompressed multithreaded at the cost of increased memory
usage and slightly worse compression ratio.
- Added new command line option --filters to set the filter
chain using liblzma filter string syntax.
- Added new command line options --filters1 ... --filters9 to
set additional filter chains using liblzma filter string
syntax. The --block-list option now allows specifying filter
chains that were set using these new options.
- Added support for Linux Landlock as a sandboxing method.
- xzdec now supports pledge(2), Capsicum, and Linux Landlock as
sandboxing methods.
- Progress indicator time stats remain accurate after pausing
xz with SIGTSTP.
- Ported xz and xzdec to Windows MSVC. Visual Studio 2015 or
later is required.
* CMake Build:
- Supports pledge(2), Capsicum, and Linux Landlock sandboxing
methods.
- Replacement functions for getopt_long() are used on platforms
that do not have it.
* Enabled unaligned access by default on PowerPC64LE and on RISC-V
targets that define __riscv_misaligned_fast.
* Tests:
- Added two new fuzz targets to OSS-Fuzz.
- Implemented Continuous Integration (CI) testing using
GitHub Actions.
* Changed quoting style from `...' to '...' in all messages,
scripts, and documentation.
* Added basic Codespell support to help catch typo errors.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 11.7.0 to 11.9.0
- Update of rootfile
- Changelog
11.9.0
* Add ENABLE_COVERAGE cmake option to assist with generating
coverage reports.
* From M. Holger: add QPDFObjectHandle::writeJSON to directly
write a JSON representation to a pipeline. This is much faster
than writing the serialized result of getJSON.
* The previous fix to #1056 was incomplete. When setting a check
box value, the previous fix allowed any value other than /Off to
mean checked. Now we also set the actual value based on the
allowable non-/Off value in the normal appearance dictionary.
Fixes#1056.
* Add fuzz testing for JSON.
* Add JSON::getDictItem (from m-holger)
* Allow --overlay and --underlay to be repeated. They may appear
multiple times on the command-line and will be stacked in the
order in which they appear. In QPDFJob JSON, the overlay and
underlay keys may contain arrays. For compatibility, they may also
contain a single dictionary.
* Add new command-line arguments --file and --range which can be
used within --pages in place of positional arguments. Allow --file
to be used inside of --overlay and --underlay as well. These new
options can be freely intermixed with positional arguments. Also
add file(), range(), and password() to QPDFJob::PagesConfig as an
alternative to pageSpec.
11.8.0
* Bug fix: treat references to older generations of objects as
null.
* When recovering a file's xref table, attempt to find xref
streams if a traditional trailer dictionary is not found. Fixes
#1103.
* Add --set-page-labels command-line argument and supporting API.
Fixes#939.
- QPDFJob::Config::setPageLabels
- pdf_page_label_e enumerated type
- QPDFPageLabelDocumentHelper::pageLabelDict
* Support comma-separated numeric values with --collate to select
different group sizes from different files. Fixes#505.
* Support "x" before a group in a numeric range to exclude a group
from the previous group. Details are in the manual. Fixes#564,
#790.
* When flattening annotations, preserve annotations without any
appearance information at all, such as types /Link, /Popup, and
/Projection. Fixes#1039.
* Detect overlong UTF-8 in the UTF-8 decoder, and fix detection of
8-bit characters in erroneous UTF-8 strings.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.43.0 to 0.43.4
- Update of rootfile
- Changelog
0.43.4
Revert the changes to fix the problem in big-endian architectures
Allow to build pixman on clang/arm32
pixman-arm: Fix build on clang/arm32
pixman-x86: Use cpuid.h header
pixman-x86: Move #include "cpuid.h" inside conditionals
Revert "Allow to build pixman on clang/arm32"
pixman-arm: Use unified syntax
0.43.2
Note, in the past pixman used a numbering scheme with odd minor number
numbers for development versions and even minor number for stable
versions. This is no longer the case, all releases (including this one)
are stable production versions now.
Drop automatic DEBUG define
Drop ChangeLog
Drop contrib/ci.sh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.10.0 to 3.11.1
- Update of rootfile
- Changelog
3.11.1
* Fixed wrong API version in lib/pci.h.
* Updated README.Windows.
* Fix compilation on Windows.
3.11.0
* update-pciids now supports XZ compression. If libpci is configured
with support for compression, all downloaded files are recompressed
as gzip. Otherwise they are stored as plain text.
* update-pciids now sends itself as the User-Agent.
* Added a pcilmr utility for PCIe lane margining. Thanks to Nikita
Proshkin for contributing it.
* Re-factored access to i386 ports on all relevant platforms.
* Added i386 port access on OpenBSD.
* Back-ends for Windows received many bug fixes and improvements.
* ECAM back-end now scans ACPI and BIOS memory faster.
* Linux systems without pread/pwrite are no longer supported
as they are hopefully long gone. This helps avoid the tricky check
for presence of pread which was found to fail on musl libc.
* Improved decoding of PCIe control and status registers.
* Decoding of CXL capabilities now supports up to CXL 3.0.
* lspci now displays interrupt message numbers consistently across
different capabilities.
* Cache of IDs resolved via DNS, which was located in ~/.pci-ids
by default, is now stored according to the XDG base directory
specification in $XDG_CACHE_HOME/pci-ids.
* All source files now have SPDX license identifiers.
* Internal: The "aux" fields of structs pci_access and pci_dev
reserved for use by back-ends were renamed to backend_data to better
reflect their meaning.
* As usually, various minor bug fixes and updated pci.ids.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.50.13 to 1.52.0
- Update of rootfile
- Changelog
1.52.0
- Add pango_font_map_reload_font
- Improve formatting of font sizes
1.51.2
- Build improvements on Windows
- Use single fontconfig thread
- Fix problems with spaces at line ends
- Allow custom fonts on Windows
- pango-viewer: Fix hint-metrics options
- Pangofont: Add properties
1.51.0
- itemize: Improve script itemization
- build: Check for cairo DWrite dependency
- win32: Fix various issues and crashes
- layout: Add a missing switch case
1.50.14
- Fix underline thickness in scaled contexts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 6.2.0 to 6.2.1
- Update of rootfile
- Changelog
2.6.1 Thu February 29 2024
Bug fixes:
#817 Make tests independent of CPU speed, and thus more robust
#828#836 Expose billion laughs API with XML_DTD defined and
XML_GE undefined, regression from 2.6.0
Other changes:
#829 Hide test-only code behind new internal macro
#833 Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P
#819 Address compiler warnings
#832#834 Version info bumped from 10:0:9 (libexpat*.so.1.9.0)
to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/
for what these numbers do
Infrastructure:
#818 CI: Adapt to breaking changes in clang-format
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.47 to 1.48
- Update of rootfile
- Changelog
1.48
* New configure option --with-libtool-modification. [T6619]
* New option parser flag to detect commands given without a double
dash. There is also the new meta command "command-mode" to set
this flag via a config file. [T6978]
* Added an es_fopen mode flag "sequential" with support on Windows.
[rE7a42ff0ec9]
* Added an es_fopen mode flag "wipe" to cleanup internal buffers at
close time. [T6954]
* New function gpgrt_wipememory. [T6964]
* Improvements to setenv on Windows. [rE89e53ad90f]
* Fixed call to estream-printf string filters. [T6737]
* Many improvements to the yat2m tool.
* Updates to the build system.
* Interface changes relative to the 1.47 release:
ARGPARSE_FLAG_COMMAND NEW.
gpgrt_wipememory NEW.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.4.4 to 3.4.6
- Update of rootfile
- Changelog
3.4.6
Fix long double regression on mips64 and alpha.
3.4.5
Add support for wasm32.
Add support for aarch64 branch target identification (bti).
Add support for ARCv3: ARC32 & ARC64.
Add support for HPPA64, and many HPPA fixes.
Add support for Haikuos on PowerPC.
Fixes for AIX, loongson, MIPS, power, sparc64, and x86 Darwin.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
we had discussed this on december telco but it is not so
easy because our menusystem only shows entry's existing cgi's.
so i add a cgi redirect to http://$ENV{SERVER_ADDR}:3000
this add the entry under pakfire and also to service page.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 6.0.15 to 7.0.2
- Update of rootfile
- suricata 7.0.2 requires libhtp >= 0.5.45
it also requires libelf.so.1 for execution. Previous suricata versions only required
libelf for building. libelf or elfutils are not mentioned anywhere in the changelog
- Without elfutils available during starting then suricata fails to start due to
libelf.so.1 not being available.
- Tested out suricata7 with elfutils on my vm testbed and it successfully started.
- The suricata-5.0.8 patch has been removed as it got applied to configure.ac but this
is not available in suricata-7.0.2. It looks like that patch was never actually used in
suricata as all the builds I checked used the configure file from the source tarball
and the configure was never created by running autoconf on the configure.ac
- Changelog is too large to include here. Details can be found in the ChangeLog file in
the source tarball
Fixes: Bug#13516
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.5.0 to 2.6.0
- Update of rootfile
- This update fixes two CVE's. Not sure if IPFire would be vulnerable or not but safer
to update anyway.
- Changelog
2.6.0
Security fixes:
#789#814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
#777 CVE-2023-52426 -- Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
Bug fixes:
#753 Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
#780 Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
#812#813 Protect against closing entities out of order
Other changes:
#723 Improve support for arc4random/arc4random_buf
#771#788 Improve buffer growth in XML_GetBuffer and XML_Parse
#761#770 xmlwf: Support --help and --version
#759#770 xmlwf: Support custom buffer size for XML_GetBuffer and read
#744 xmlwf: Improve language and URL clickability in help output
#673 examples: Add new example "element_declarations.c"
#764 Be stricter about macro XML_CONTEXT_BYTES at build time
#765 Make inclusion to expat_config.h consistent
#726#727 Autotools: configure.ac: Support --disable-maintainer-mode
#678#705 ..
#706#733#792 Autotools: Sync CMake templates with CMake 3.26
#795 Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
#815 Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
#724#751 Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
#793 Autotools|CMake: Fix PACKAGE_BUGREPORT variable
#750#786 Autotools|CMake: Make test suite require a C++11 compiler
#749 CMake: Require CMake >=3.5.0
#672 CMake: Lowercase off_t and size_t to help a bug in Meson
#746 CMake: Sort xmlwf sources alphabetically
#785 CMake|Windows: Fix generation of DLL file version info
#790 CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
#745#757 docs: Document the importance of isFinal + adjust tests
accordingly
#736 docs: Improve use of "NULL" and "null"
#713 docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
#762 docs: reference.html: Promote function XML_ParseBuffer more
#779 docs: reference.html: Add HTML anchors to XML_* macros
#760 docs: reference.html: Upgrade to OK.css 1.2.0
#763#739 docs: Fix typos
#696 docs|CI: Use HTTPS URLs instead of HTTP at various places
#669#670 ..
#692#703 ..
#733#772 Address compiler warnings
#798#800 Address clang-tidy warnings
#775#776 Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
Infrastructure:
#700#701 docs: Document security policy in file SECURITY.md
#766 docs: Improve parse buffer variables in-code documentation
#674#738 ..
#740#747 ..
#748#781#782 Refactor coverage and conformance tests
#714#716 Refactor debug level variables to unsigned long
#671 Improve handling of empty environment variable value
in function getDebugLevel (without visible user effect)
#755#774 ..
#758#783 ..
#784#787 tests: Improve test coverage with regard to parse chunk size
#660#797#801 Fuzzing: Improve fuzzing coverage
#367#799 Fuzzing|CI: Start running OSS-Fuzz fuzzing regression tests
#698#721 CI: Resolve some Travis CI leftovers
#669 CI: Be robust towards absence of Git tags
#693#694 CI: Set permissions to "contents: read" for security
#709 CI: Pin all GitHub Actions to specific commits for security
#739 CI: Reject spelling errors using codespell
#798 CI: Enforce clang-tidy clean code
#773#808 ..
#809#810 CI: Upgrade Clang from 15 to 18
#796 CI: Start using Clang's Control Flow Integrity sanitizer
#675#720#722 CI: Adapt to breaking changes in GitHub Actions Ubuntu images
#689 CI: Adapt to breaking changes in Clang/LLVM Debian packaging
#763 CI: Adapt to breaking changes in codespell
#803 CI: Adapt to breaking changes in Cppcheck
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Updated lfs file to core program type
- Moved rootfile from packages to common
- Older suricata versions required elfutils only for building but suricata-7.0.2 fails to
start if elfutils is not present due to libelf.so.1 being missing.
- The requirement for elfutils is not mentioned at all in the changelog.
Fixes: Bug#13516
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.22 to 0.22.4
- Update of rootfile
- Changelog
0.22.4
* Bug fixes:
- AM_GNU_GETTEXT now recognizes a statically built libintl on macOS and AIX.
- Build fixes on AIX.
0.22.3
* Portability:
- The libintl library now works on macOS 14. (Older versions of libintl
crash on macOS 14, due to an incompatible change in macOS.)
0.22.2
* Bug fixes:
- The libintl shared library now exports again some symbols that were
accidentally missing.
<https://savannah.gnu.org/bugs/index.php?64323>
This bug was introduced in version 0.22.
0.22.1
* Bug fixes:
- xgettext's processing of large Perl files may have led to errors
<https://savannah.gnu.org/bugs/index.php?64552>
- "xgettext --join-existing" could encounter errors.
<https://savannah.gnu.org/bugs/index.php?64490>
These bugs were introduced in version 0.22.
* Portability:
- Building on Android is now supported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.3 to 1.3.1
- Update of rootfile
- Changelog
1.3.1
- Reject overflows of zip header fields in minizip
- Fix bug in inflateSync() for data held in bit buffer
- Add LIT_MEM define to use more memory for a small deflate speedup
- Fix decision on the emission of Zip64 end records in minizip
- Add bounds checking to ERR_MSG() macro, used by zError()
- Neutralize zip file traversal attacks in miniunz
- Fix a bug in ZLIB_DEBUG compiles in check_match()
- Various portability and appearance improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.4.5 to 5.4.6
- Update of rootfile
- Changelog
5.4.6
* Fixed a bug involving internal function pointers in liblzma not
being initialized to NULL. The bug can only be triggered if
lzma_filters_update() is called on a LZMA1 encoder, so it does
not affect xz or any application known to us that uses liblzma.
* xz:
- Fixed a regression introduced in 5.4.2 that caused encoding
in the raw format to unnecessarily fail if --suffix was not
used. For instance, the following command no longer reports
that --suffix must be used:
echo foo | xz --format=raw --lzma2 | wc -c
- Fixed an issue on MinGW-w64 builds that prevented reading
from or writing to non-terminal character devices like NUL.
* Added a new test.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.6.39 to 1.6.41
- Update of rootfile
- Changelog
1.6.41
Added SIMD-optimized code for the Loongarch LSX hardware.
(Contributed by GuXiWei, JinBo and ZhangLixia)
Fixed the run-time discovery of MIPS MSA hardware.
(Contributed by Sui Jingfeng)
Fixed an off-by-one error in the function `png_do_check_palette_indexes`,
which failed to recognize errors that might have existed in the first
column of a broken palette-encoded image. This was a benign regression
accidentally introduced in libpng-1.6.33. No pixel was harmed.
(Contributed by Adam Richter; reviewed by John Bowler)
Fixed, improved and modernized the contrib/pngminus programs, i.e.,
png2pnm.c and pnm2png.c
Removed old and peculiar portability hacks that were meant to silence
warnings issued by gcc version 7.1 alone.
(Contributed by John Bowler)
Fixed and modernized the CMake file, and raised the minimum required
CMake version from 3.1 to 3.6.
(Contributed by Clinton Ingram, Timothy Lyanguzov, Tyler Kropp, et al.)
Allowed the configure script to disable the building of auxiliary tools
and tests, thus catching up with the CMake file.
(Contributed by Carlo Bramini)
Fixed a build issue on Mac.
(Contributed by Zixu Wang)
Moved the Autoconf macro files to scripts/autoconf.
Moved the CMake files (except for the main CMakeLists.txt) to
scripts/cmake and moved the list of their contributing authors to
scripts/cmake/AUTHORS.md
Updated the CI configurations and scripts.
Relicensed the CI scripts to the MIT License.
Improved the test coverage.
(Contributed by John Bowler)
1.6.40
Fixed the eXIf chunk multiplicity checks.
Fixed a memory leak in pCAL processing.
Corrected the validity report about tRNS inside png_get_valid().
Fixed various build issues on *BSD, Mac and Windows.
Updated the configurations and the scripts for continuous integration.
Cleaned up the code, the build scripts, and the documentation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security
significant.
([CVE-2024-0727])
*Matt Caswell*
* When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
([CVE-2023-6237])
*Tomáš Mráz*
* Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to
have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey
rather than SM2.
*Richard Levitte*
* The POLY1305 MAC (message authentication code) implementation in OpenSSL
for PowerPC CPUs saves the contents of vector registers in different
order than they are restored. Thus the contents of some of these vector
registers is corrupted when returning to the caller. The vulnerable code is
used only on newer PowerPC processors supporting the PowerISA 2.07
instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the
application process. However unless the compiler uses the vector registers
for storing pointers, the most likely consequence, if any, would be an
incorrect result of some application dependent calculations or a crash
leading to a denial of service.
([CVE-2023-6129])
*Rohan McLure*
* Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
([CVE-2023-5678])
*Richard Levitte*
* Disable building QUIC server utility when OpenSSL is configured with
`no-apps`.
*Vitalii Koshura*
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- lfs and rootfile created.
- rootfile put into common as it is only used as a build dependency.
- Used setup.py build approach as the pyproject.toml approach failed to build successfully
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- lfs and rootfile created.
- rootfile put into common as it is only used as a build dependency.
- Used setup.py build approach as the pyproject.toml approach failed to build successfully.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- lfs and rootfile created.
- rootfile put into common as it is only used as a build dependency.
- Used setup.py build approach as pyproject.toml approach kept failing to build
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- lfs and rootfile created.
- rootfile put into common as it is only used as a build dependency.
- Used pyproject.toml build approach
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- lfs and rootfile created.
- rootfile put into common as it is only used as a build dependency.
- Used pyproject.toml build approach
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
