The "ping" plugin does not re-resolve the gateway IP address after
pinging it for the first time. For most people this won't be a big
problem, but if the default gateway changes, the latency graph won't
work any more.
In order to do re-resolve "gateway", the only way is to restart
collectd.
Fixes: #13522
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
According to the source tarball's NEWS file:
- Improvements
- Allow passing a path to modprobe so the module is loaded from
anywhere from the filesystem, but still handling the module
dependencies recorded in the indexes. This is mostly intended for kernel
developers to speedup testing their kernel modules without having to load the
dependencies manually or override the module in /usr/lib/modules/.
Now it's possible to do:
# modprobe ./drivers/gpu/drm/i915/i915.ko
As long as the dependencies didn't change, this should do the right thing
- Use in-kernel decompression if available. This will check the runtime support
in the kernel for decompressing modules and use it through finit_module().
Previously kmod would fallback to the older init_module() when using
compressed modules since there wasn't a way to instruct the kernel to
uncompress it on load or check if the kernel supported it or not.
This requires a recent kernel (>= 6.4) to have that support and
in-kernel decompression properly working in the kernel.
- Make modprobe fallback to syslog when stderr is not available, as was
documented in the man page, but not implemented
- Better explaing `modprobe -r` and how it differentiates from rmmod
- depmod learned a `-o <dir>` option to allow using a separate output
directory. With this, it's possible to split the output files from
the ones used as input from the kernel build system
- Add compat with glibc >= 2.32.9000 that dropped __xstat
- Improve testsuite to stop skipping tests when sysconfdir is something
other than /etc
- Build system improvements and updates
- Change a few return codes from -ENOENT to -ENODATA to avoid confusing output
in depmod when the module itself lacks a particular ELF section due to e.g.
CONFIG_MODVERSIONS=n in the kernel.
- Bug Fixes
- Fix testsuite using uninitialized memory when testing module removal
with --wait
- Fix testsuite not correctly overriding the stat syscall on 32-bit
platforms. For most architectures this was harmless, but for MIPS it
was causing some tests to fail.
- Fix handling unknown signature algorithm
- Fix linking with a static liblzma, libzstd or zlib
- Fix memory leak when removing module holders
- Fix out-of-bounds access when using very long paths as argument to rmmod
- Fix warnings reported by UBSan
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Noteworthy changes in this release, according to
https://lists.gnu.org/archive/html/info-gnu/2023-05/msg00001.html :
* New option --ignore-dirnlink
Valid in copy-out mode, it instructs cpio to ignore the actual number
of links reported for each directory member and always store 2
instead.
* Changes in --reproducible option
The --reproducible option implies --ignore-dirlink. In other words,
it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes.
* Use GNU ls algorithm for deciding timestamp format in -tv mode
* Bugfixes
** Fix cpio header verification.
** Fix handling of device numbers on copy out.
** Fix calculation of CRC in copy-out mode.
** Rewrite the fix for CVE-2015-1197.
** Fix combination of --create --append --directory.
** Fix appending to archives bigger than 2G.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.2.0 to 2.3.0
- Update of rootfile
2.3.0
- Changes:
* Rename PLIST_UINT to PLIST_INT and add plist_new_int() and plist_get_int_val()
* Add support for JSON format
* Add support for OpenStep format
* Introduce error codes and format constants
* Add return value to import/export functions to allow returning error codes
* Add new plist_sort function
* Add several human-readable output-only formats
* Add new plist_write_to_string/_stream/_file functions
* Add new plist_print function
* Add new plist_read_from_file function
* Add new plist_mem_free() function
* Add a few C++ methods
* Add C++ interface test
* Add PLIST_NULL type
* Some code housekeeping (mostly clang-tidy)
- Breaking:
* plist_from_memory() gets additional parameter
- Bugfixes:
* Fix multiple bugs in all of the parsers
* Fix handling of PLIST_UID nodes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.5.4 to 2.5.5
- Update of rootfile
- Changelog
2.5.5 - December 1, 2023
* Update the syscall table for Linux v6.7-rc3
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.14.1 to 2.15.0
- Update of rootfile
- Autogen no longer required
- fcobjshash.h is no longer in tarball from version 2.13.1
- Changelog
2.15
Do not change the order of orth files
Convert tabs to spaces
Convert more tabs to spaces in docs
src/meson.build: Store correct paths to fontconfig.pc.
Fix a typo in description for HAVE_STDATOMIC_PRIMITIVES
Report more detailed logs instead of assertion.
Add some missing constant names for weight.
Adujst indentation between programlisting in fontconfig-user.sgml
Bump version to 2.14.2
Clean up unused code
Add another test case for flatpak
Update 65-nonlatin.conf for macOS
Change the order of the properties to the order of fontconfig cache format
Add missing property descriptions
Add namedinstance property
Remove the problematic language from code and doc
Fix a typo
Fix a typo for FcCharSetDelChar doc
Fix a typo in scalable property
Use 'outline' instead of 'scalable' for bitmaps
Add more docs about selectfont
Rework CI implementation
Fix a typo
Rework CI implementation v2
Apply a fix of ci-templates
Fix uninitialized memory access when failing memory allocation.
Create a symlink with relative path
Fix an error of "initializer element is not constant"
Update CaseFolding.txt to Unicode 15.1
Update the encoding table for Simplified Chinese
Retry to decode strings in the name table as UTF-16BE in some cases.
Work around decoding strings in Macintosh encoding for the name table.
Add iconv detection for meson build
.gitlab-ci: Update
CI: Update
CI: static build only for rawhide
Use memmove instead of memcpy
Rename README to NEWS and add README.md
Update so version
Fix leak of `reason` in _FcConfigParse when not complaining
Ignore LC_CTYPE if set to "UTF-8"
Some doc clarifications
Add FC_FONT_WRAPPER
Detect standalone CFF fonts for FC_FONT_WRAPPER
Add anp.orth, bhb.orth, hif.orth, mag.orth, raj.orth, and the.orth
Add {agr,ayc,bem,ckb,cmn,dsb,hak,lij,lzh,mfe,mhr,miq,mjw,mnw,nan,nhn,niu,rif,sgs,shn,szl,tcy,tpi,unm,wae,yue,yuw}.orth
Change index type to 16 bit and bump cache version to 9
Expand ~ in glob
Add optional 11-lcdfilter-none configuration
Fix filepaths added when scanning with sysroot
Fix false-positive CFI failure
In fcfreetype.c, `GetScriptTags`: fix `use_of_uninitialized_value` and return the correct number of parsed tags in case the font file contains less tags than indicated.
meson: Support any compiler with gcc or msvc argument syntax
fix typo
Reload MM/VF metadata for each font face in font collection
fixed typos in fc-conflist.sgml
Add aliases for Helvetica LT Std
2.14.2
Fix the build issue on meson when -g option is added to c_args
Store artifacts for meson windows CI
Add FC_DESKTOP_NAME property
Add --with-default-sub-pixel-rendering option
Update po-conf/POTFILES.in
Ignore null pointer on Fc*Destroy functions
Convert tabs to spaces
Convert more tabs to spaces in docs
src/meson.build: Store correct paths to fontconfig.pc.
Fix a typo in description for HAVE_STDATOMIC_PRIMITIVES
Report more detailed logs instead of assertion.
Add some missing constant names for weight.
Adujst indentation between programlisting in fontconfig-user.sgml
meson: modify gperf test to remove sh dependency
meson: Update freetype2 git repository to upstream
Ignore LC_CTYPE if set to "UTF-8"
Expand ~ in glob
fix typo
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.11.4 to 2.12.3
- Update of rootfile
- Changelog
2.12.3: Dec 12 2023
### Regressions
- parser: Fix namespaces redefined from default attributes
### Build fixes
- include: Rename XML_EMPTY helper macro
- include: Move declaration of xmlInitGlobals
- include: Add missing includes
- include: Move globals from xmlsave.h to parser.h
- include: Readd circular dependency between tree.h and parser.h
2.12.2: Dec 5 2023
### Regressions
- parser: Fix invalid free in xmlParseBalancedChunkMemoryRecover
- globals: Disable TLS in static Windows builds
- html: Reenable buggy detection of XML declarations
- tree: Fix regression when copying DTDs
- parser: Make CRLF increment line number
### Build fixes
- build: Disable compiler TLS by default
- cmake: Update config.h.cmake.in
- tests: Fix tests --with-valid --without-xinclude
2.12.1: Nov 23 2023
### Regressions
- hash: Fix deletion of entries during scan
- parser: Only enable SAX2 if there are SAX2 element handlers
### Build fixes
- autotools: Stop checking for snprintf
- dict: Fix '__thread' before 'static'
- fix: pthread weak references in globals.c (Mike Dalessio)
- tests: Fix build with older MSVC
2.12.0: Nov 16 2023
### Major changes
Most of the known issues leading to quadratic behavior in the XML parser
were fixed. Internal hash tables were rewritten to reduce memory
consumption.
Starting with this release, it should be enough to add the --with-legacy
configuration option to provide maximum ABI compatibility. For example,
if a code module was removed from the default configuration, the option
will add stubs for the removed symbols.
libxml2 will now store global variables in thread-local storage if supported
by the compiler. This avoids allocating the data lazily which can result in
a fatal error condition. A new API function xmlCheckThreadLocalStorage
was added so the allocation can be checked earlier if compiler TLS is not
supported. To prepare for future improvements, some API functions now expect
or return a const xmlError struct.
Several cyclic dependencies in public header files were fixed. As a result,
certain headers won't include other headers as before.
Refactoring of the encoding code has been mostly completed. Calling
xmlSwitchEncoding from client code is now fully supported, for example to
override the encoding for the push parser.
When parsing data from memory, libxml2 will now stream data chunk by chunk
instead of copying the whole buffer (possibly twice with encodings),
reducing peak memory consumption considerably.
A new API function xmlCtxtSetMaxAmplification was added to allow parsing
of files that would otherwise trigger the billion laughs protection.
Several bugs in the regex determinism checks were fixed. Invalid XML
Schemas which previous versions erroneously accepted will now be
rejected.
### Deprecations
- globals: Deprecate xmlLastError
- parser: Deprecate global parser options
- win32: Deprecate old Windows build system
### Bug fixes
- parser: Stop switching to ISO-8859-1 on encoding errors
- parser: Support encoded external PEs in entity values
- string: Fix UTF-8 validation in xmlGetUTF8Char
- SAX2: Allow multiple top-level elements
- parser: Update line number after coalescing text nodes
- parser: Check for truncated multi-byte sequences
### Improvements
- error: Make more xmlError structs constant
- parser: Remove redundant IS_CHAR check in xmlCurrentChar
- parser: Fix stack handling in xmlParseTryOrFinish
- parser: Protect against quadratic default attribute expansion
- parser: Missing checks for disableSAX
- entities: Make xmlFreeEntity public
- examples: Don't use sprintf
- encoding: Suppress -Wcast-align warnings
- parser: Use hash tables to avoid quadratic behavior
- parser: Don't skip CR in xmlCurrentChar
- dict: Rewrite dictionary hash table code
- hash: Rewrite hash table code
- malloc-fail: Report malloc failure in xmlFARegExec
- malloc-fail: Report malloc failure in xmlRegEpxFromParse
- parser: Simplify xmlStringCurrentChar
- regexp: Fix status codes and handle invalid UTF-8
- error: Make xmlGetLastError return a const error
- html: Fix logic in htmlAutoClose
- globals: Move globals back to correct header files
- globals: Use thread-local storage if available
- globals: Rework global state destruction on Windows
- globals: Define globals using macros
- globals: Introduce xmlCheckThreadLocalStorage
- globals: Make xmlGlobalState private
- threads: Move library initialization code to threads.c
- debug: Remove debugging code
- globals: Move code from threads.c to globals.c
- parser: Avoid undefined behavior in xmlParseStartTag2
- schemas: Fix memory leak of annotations in notations
- dict: Update hash function
- dict: Use thread-local storage for PRNG state
- dict: Use xoroshiro64** as PRNG
- xmllint: Fix error messages
- parser: Fix detection of null bytes
- parser: Improve error handling in push parser
- parser: Don't check inputNr in xmlParseTryOrFinish
- parser: Remove push parser debugging code
- tree: Fix copying of DTDs
- legacy: Add stubs for disabled modules
- parser: Allow to set maximum amplification factor
- entities: Don't change doc when encoding entities
- parser: Never use UTF-8 encoding handler
- encoding: Remove debugging code
- malloc-fail: Fix unsigned integer overflow in xmlTextReaderPushData
- html: Remove encoding hack in htmlCreateFileParserCtxt
- parser: Decode all data in xmlCharEncInput
- parser: Stream data when reading from memory
- parser: Optimize xmlLoadEntityContent
- parser: Don't overwrite EOF parser state
- parser: Simplify input pointer updates
- parser: Don't reinitialize parser input members
- encoding: Move rawconsumed accounting to xmlCharEncInput
- parser: Rework encoding detection
- parser: Always create UTF-8 in xmlParseReference
- html: Remove some debugging code in htmlParseTryOrFinish
- malloc-fail: Fix memory leak in xmlCompileAttributeTest
- parser: Recover more input from encoding errors
- malloc-fail: Handle malloc failures in xmlAddEncodingAlias
- malloc-fail: Fix null-deref with xmllint --copy
- xpath: Ignore entity ref nodes when computing node hash
- malloc-fail: Fix null deref after xmlXIncludeNewRef
- SAX: Always validate xml:ids
- Stop using sprintf
- Fix compiler warning on GCC < 8
- regexp: Fix determinism checks
- regexp: Fix checks for eliminated transitions
- regexp: Simplify xmlFAReduceEpsilonTransitions
- regexp: Fix cycle check in xmlFAReduceEpsilonTransitions
- schemas: Fix filename in xmlSchemaValidateFile
- schemas: Fix line numbers in streaming validation
- writer: Add error check in xmlTextWriterEndDocument
- encoding: Stop calling xmlEncodingErr
- xmlIO: Remove some calls to xmlIOErr
- parser: Improve handling of encoding and IO errors
- parser: Move xmlFatalErr to parserInternals.c
- encoding: Rework error codes
- .gitignore: Split up and rearrange .gitignore files
- .gitignore: Add runsuite.log
- Stop calling xmlMemoryDump
- examples: Don't call xmlCleanupParser and xmlMemoryDump
- xpath: Remove remaining references to valueFrame
### Portability
- python: Make it compatible with python3.12 (Daniel Garcia Moreno)
### Build systems
- cmake: Check whether static linking dependencies found in config files
(James Le Cuirot)
- autotools: Make --with-minimum disable lzma support
- build: Remove some GCC warnings
- Handle NOCONFIG case when setting locations from CMake target properties
(Markus Rickert)
- cmake: Generate better pkg-config file for SYSROOT builds under CMake
(James Le Cuirot)
- autoconf: Include non-pkg-config dependency flags in the pkg-config file
(James Le Cuirot)
- autoconf: Don't bake build time CFLAGS into pkg-config file (James Le Cuirot)
- build: Generate better pkg-config files for static-only builds (James
Le Cuirot)
- build: Generate better pkg-config file for SYSROOT builds (James Le Cuirot)
- autoconf: Allow custom --with-icu configure option
### Tests
- tests: Also test xmlNextChar in testchar.c
- tests: Start with testparser.c for extra tests
- fuzz: Raise rss_limit_mb
- fuzz: Test xmlTextReaderRead after EOF or failure
- fuzz: Test XML_PARSE_XINCLUDE | XML_PARSE_VALID
- tests: Handle entities in SAX tests
- fuzz: Disable XML_PARSE_SAX1 option in xml fuzzer
- tests: Add more tests for redefined attributes
- hash: Add hash table tests
- tests: Add ATTRIBUTE_NO_SANITIZE_INTEGER macro
- fuzz: Allow to fuzz without push, reader or output modules
- gitlab-ci: Add a "medium" config build
- python: Fix tests on MinGW
- test: Add push parser test with overridden encoding
- testapi: test_xmlSAXDefaultVersion() leaves xmlSAX2DefaultVersionValue set
to 1 with LIBXML_SAX1_ENABLED (David Kilzer)
- gitlab-ci: Lower _XOPEN_SOURCE value
- testapi: Don't set http_proxy environment variable
- test: Add push parser tests for split UTF-8 sequences
- xinclude: Lower initial table size when fuzzing
- tests: Test streaming schema validation
- runtest: Skip element name in schema error messages
### Documentation
- doc: Add notes about runtest to MAINTAINERS.md
- doc: Don't document internal macros in xmlversion.h
- doc: Allow 'unsigned' without 'int'
- doc: Improve documentation of configuration options
2.11.6: Nov 16 2023
### Regressions
- threads: Fix --with-thread-alloc
- xinclude: Fix 'last' pointer in xmlXIncludeCopyNode
### Bug fixes
- parser: Fix potential use-after-free in xmlParseCharDataInternal
2.11.5: Aug 9 2023
### Regressions
- parser: Make xmlSwitchEncoding always skip the BOM
- autotools: Improve iconv check
### Bug fixes
- valid: Fix c1->parent pointer in xmlCopyDocElementContent
- encoding: Always call ucnv_convertEx with flush set to false
### Portability
- autotools: fix Python module file ext for cygwin/msys2 (Christoph Reiter)
### Tests
- runtest: Fix compilation without LIBXML_HTML_ENABLED
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.8.0 to 3.8.2
- Update of rootfile
- Changelog
3.8.2 (released 2023-11-14)
** libgnutls: Fix timing side-channel inside RSA-PSK key exchange.
[GNUTLS-SA-2023-10-23, CVSS: medium] [CVE-2023-5981]
** libgnutls: Add API functions to perform ECDH and DH key agreement
The functionality has been there for a long time though they were
not available as part of the public API. This enables applications
to implement custom protocols leveraging non-interactive key
agreement with ECDH and DH.
** libgnutls: Added support for AES-GCM-SIV ciphers (RFC 8452)
The new algorithms GNUTLS_CIPHER_AES_128_SIV_GCM and
GNUTLS_CIPHER_AES_256_SIV_GCM have been added to be used through
the AEAD interface. Note that, unlike
GNUTLS_CIPHER_AES_{128,256}_SIV_GCM, the authentication tag is
appended to the ciphertext, not prepended.
** libgnutls: transparent KTLS support is extended to FreeBSD kernel
The kernel TLS feature can now be enabled on FreeBSD as well as
Linux when compiled with the --enable-ktls configure option.
** gnutls-cli: New option --starttls-name
Depending on deployment, application protocols such as XMPP may
require a different origin address than the external address to be
presented prior to STARTTLS negotiation. The --starttls-name can
be used to specify specify the addresses separately.
** API and ABI modifications:
gnutls_pubkey_import_dh_raw: New function
gnutls_privkey_import_dh_raw: New function
gnutls_pubkey_export_dh_raw: New function
gnutls_privkey_export_dh_raw: New function
gnutls_x509_privkey_import_dh_raw: New function
gnutls_privkey_derive_secret: New function
GNUTLS_KEYGEN_DH: New enum member of gnutls_keygen_types_t
GNUTLS_CIPHER_AES_128_SIV_GCM: Added
GNUTLS_CIPHER_AES_256_SIV_GCM: Added
3.8.1 (released 2023-08-03)
** libgnutls: ClientHello extensions are randomized by default
To make fingerprinting harder, TLS extensions in ClientHello
messages are shuffled. As this behavior may cause compatibility
issue with legacy applications that do not accept the last
extension without payload, the behavior can be reverted with the
%NO_SHUFFLE_EXTENSIONS priority keyword.
** libgnutls: Add support for RFC 9258 external PSK importer.
This enables to deploy the same PSK across multiple TLS versions
(TLS 1.2 and TLS 1.3) in a secure manner. To use, the application
needs to set up a callback that formats the PSK identity using
gnutls_psk_format_imported_identity().
** libgnutls: %GNUTLS_NO_EXTENSIONS has been renamed to
%GNUTLS_NO_DEFAULT_EXTENSIONS.
** libgnutls: Add additional PBKDF limit checks in FIPS mode as
defined in SP 800-132. Minimum salt length is 128 bits and
minimum iterations bound is 1000 for PBKDF in FIPS mode.
** libgnutls: Add a mechanism to control whether to enforce extended
master secret (RFC 7627). FIPS 140-3 mandates the use of TLS
session hash (extended master secret, EMS) in TLS 1.2. To enforce
this, a new priority keyword %FORCE_SESSION_HASH is added and if
it is set and EMS is not set, the peer aborts the connection. This
behavior is the default in FIPS mode, though it can be overridden
through the configuration file with the "tls-session-hash" option.
In either case non-EMS PRF is reported as a non-approved operation
through the FIPS service indicator.
** New option --attime to specify current time.
To make testing with different timestamp to the system easier, the
tools doing certificate verification now provide a new option
--attime, which takes an arbitrary time.
** API and ABI modifications:
gnutls_psk_client_credentials_function3: New typedef
gnutls_psk_server_credentials_function3: New typedef
gnutls_psk_set_server_credentials_function3: New function
gnutls_psk_set_client_credentials_function3: New function
gnutls_psk_format_imported_identity: New function
GNUTLS_PSK_KEY_EXT: New enum member of gnutls_psk_key_flags
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 2.14 to 2.16
- Update of rootfile
- Changelog
2.16 Featured release
New import .CUBE files as RGB devicelinks
New Read/Write MHC2 tags for Windows GPU access
New Support for UTF8 on multilocalized unicode functions
New Suppot for OkLab color space, built-in and formatter.
Improved floating point transforms float -> integer are now honored as float
Improved MSYS2, mingw is now supported
Improved proferred CMM, platform and creator now survives profile edition.
Fixed tificc now can deal with Lab TIFF
Fixed code can now be compiled by a C++17 compiler, "register" keywork use detected at compile time.
Fixed Reverted postcript creation that corrupted some interpreters.
2.15 Maintenance release
New MESON build system, many thanks to amispark and Lovell Fuller for bringing this.
Fixed a bug that caused memory corruption on colord
cmsReadRawTag can read portions of tags again. Removing this caused colord to segfault when dumping profiles
Added more checks based of fuzzer discoveries.
MSYS2 can now compile lcms2
Checked on Apple Silicon M1 and M2
Fixed a bug of fastfloat plug-in that affected Krita CMYK color selector
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.25.2 to 0.25.3
- Update of rootfile
- Changelog
0.25.3
rpc: fix serialization of NULL mechanism pointer [PR#601]
fix meson build failure in macOS (appleframeworks not found) [PR#603]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.1.4 to 3.2.0
- Update of rootfile
- Changelog
3.2.0
This release incorporates the following potentially significant or incompatible
changes:
* The default SSL/TLS security level has been changed from 1 to 2.
* The `x509`, `ca`, and `req` apps now always produce X.509v3 certificates.
* Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
by default.
From my understanding these above changes should not create any problem for
IPFire.
This release adds the following new features:
* Support for client side QUIC, including support for
multiple streams (RFC 9000)
* Support for Ed25519ctx, Ed25519ph and Ed448ph in addition
to existing support for Ed25519 and Ed448 (RFC 8032)
* Support for deterministic ECDSA signatures (RFC 6979)
* Support for AES-GCM-SIV, a nonce-misuse-resistant AEAD (RFC 8452)
* Support for the Argon2 KDF, along with supporting thread pool
functionality (RFC 9106)
* Support for Hybrid Public Key Encryption (HPKE) (RFC 9180)
* Support for SM4-XTS
* Support for Brainpool curves in TLS 1.3
* Support for TLS Raw Public Keys (RFC 7250)
* Support for TCP Fast Open on Linux, macOS and FreeBSD,
where enabled and supported (RFC 7413)
* Support for TLS certificate compression, including library
support for zlib, Brotli and zstd (RFC 8879)
* Support for provider-based pluggable signature algorithms
in TLS 1.3 with supporting CMS and X.509 functionality
With a suitable provider this enables the use of post-quantum/quantum-safe
cryptography.
* Support for using the Windows system certificate store as a source of
trusted root certificates
This is not yet enabled by default and must be activated using an
environment variable. This is likely to become enabled by default
in a future feature release.
* Support for using the IANA standard names in TLS ciphersuite configuration
* Multiple new features and improvements to CMP protocol support
The following known issues are present in this release and will be rectified
in a future release:
* Provider-based signature algorithms cannot be configured using the
SignatureAlgorithms configuration file parameter (#22761)
This release incorporates the following documentation enhancements:
* Added multiple tutorials on the OpenSSL library and in particular
on writing various clients (using TLS and QUIC protocols) with libssl
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 11.6.1 to 11.7.0
- Update of rootfile
- Changelog
11.7.0
* Define CPACK_NSIS_MODIFY_PATH for the Windows builds so the
official installers will offer to modify PATH when installing
qpdf. Fixes#1054.
* Add QPDFAcroFormDocumentHelper::disableDigitalSignatures, which
disables any digital signature fields, leaving their visual
representations intact. The --remove-restrictions command-line
argument now calls this. Fixes#1015.
* Generate a more complete qpdf "man page" from the same source as
qpdf --help. Fixes#1064.
* Allow the syntax "--encrypt --user-password=user-password
--owner-password=owner-password --bits={40,128,256}" when
encrypting PDF files. This is an alternative to the syntax
"--encrypt user-password owner-password {40,128,256}", which will
continue to be supported. The new syntax works better with shell
completion and allows creation of passwords that start with "-".
Fixes#874.
* When setting a check box value, allow any value other than /Off
to mean checked. This is permitted by the spec. Previously, any
value other than /Yes or /Off was rejected. Fixes#1056.
* Fix to QPDF JSON: a floating point number that appears in
scientific notation will be converted to fixed-point notation,
rounded to six digits after the decimal point. Fixes#1079.
* Fix to QPDF JSON: the syntax "n:/pdf-syntax" is now accepted as
an alternative way to represent names. This can be used for any
name (e.g. "n:/text#2fplain"), but it is necessary when the name
contains binary characters. For example, /one#a0two must be
represented as "n:/one#a0two" since the single byte a0 is not
valid in JSON. Fixes#1072.
* From M. Holger: Refactor QPDFParser for performance. See #1059
for a discussion.
* Update code and tests so that qpdf's test suite no longer
depends on the output of any specific zlib implementation. This
makes it possible to get a fully passing test suite with any
API-compatible zlib library. CI tests with the default zlib as
well as zlib-ng (including verifying that zlib-ng is not the
default), but any zlib implementation should work. Fixes#774.
* Bug fix: with --compress-streams=n, don't compress object, XRef,
or linearization hint streams.
* Add new C++ functions "qpdf_c_get_qpdf" and "qpdf_c_wrap" to
qpdf-c.h that make it possible to write your own extern "C"
functions in C++ that interoperate with the C API. See
examples/extend-c-api for more information.
* Bug fix from M. Holger: the default for /Columns in PNG filter
is 1, but libqpdf was acting like it was 0.
* Enhancement from M. Holger: add methods to Buffer to work more
easily with std::string.
11.6.4
* Install fix: include cmake files with the dev component.
* Build AppImage with an older Linux distribution to support AWS
Lambda. Fixes#1086.
11.6.3
* Tweak linearization code to better handle files between 2 GB and
4 GB in size. Fixes#1023.
* Fix data loss bug: qpdf could discard a the character after an
escaped octal string consisting of less than three digits. For
content, this would only happen with QDF or when normalizing
content. Outside of content, it could have happened in any binary
string, such as /ID, if the encoding software used octal escape
strings with less than three digits. This bug was introduced
between 10.6.3 and 11.0.0. Fixes#1050.
11.6.2
* Bug fix: when piping stream data, don't call finish on failure
if the failure was caused by a previous call to finish. Fixes
#1042.
* Push .idea directory with the beginning of a sharable JetBrains
CLion configuration.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
