- Updated from version 0.13.0 to 0.15.5
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.8.7 to 0.12.2
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.8.7 to 0.12.2
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Install of version 0.1.51
- Definition of rootfile
- Creation of metadata patch to eliminate windows options
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.4.19 to 0.4.22
- Update of rootfile
- Update of metadata patch as more windows related entries in Cargo.toml to be excluded
- Changelog
## 0.4.22
* Allow wasmbindgen to be optional on `wasm32-unknown-unknown` target [(#771)](https://github.com/chronotope/chrono/pull/771)
* Fix compile error for `x86_64-fortanix-unknown-sgx` [(#767)](https://github.com/chronotope/chrono/pull/767)
* Update `iana-time-zone` version to 1.44 [(#773)](https://github.com/chronotope/chrono/pull/773)
## 0.4.21
* Fall back to UTC timezone in cases where no timezone is found [(#756)](https://github.com/chronotope/chrono/pull/756)
* Correctly detect timezone on Android [(#756)](https://github.com/chronotope/chrono/pull/756)
* Improve documentation for strftime `%Y` specifier [(#760)](https://github.com/chronotope/chrono/pull/760)
## 0.4.20
* Add more formatting documentation and examples.
* Add support for microseconds timestamps serde serialization/deserialization (#304)
* Fix `DurationRound` is not TZ aware (#495)
* Implement `DurationRound` for `NaiveDateTime`
* Implement `std::iter::Sum` for `Duration`
* Add `DateTime::from_local()` to construct from given local date and time (#572)
* Add a function that calculates the number of years elapsed between now and a given `Date` or `DateTime` (#557)
* Correct build for wasm32-unknown-emscripten target (#568)
* Change `Local::now()` and `Utc::now()` documentation from "current date" to "current date and time" (#647)
* Fix `duration_round` panic on rounding by `Duration::zero()` (#658)
* Add optional rkyv support.
* Add support for microseconds timestamps serde serialization for `NaiveDateTime`.
* Add support for optional timestamps serde serialization for `NaiveDateTime`.
* Fix build for wasm32-unknown-emscripten (@yu-re-ka #593)
* Make `ParseErrorKind` public and available through `ParseError::kind()` (#588)
* Implement `DoubleEndedIterator` for `NaiveDateDaysIterator` and `NaiveDateWeeksIterator`
* Fix panicking when parsing a `DateTime` (@botahamec)
* Add support for getting week bounds based on a specific `NaiveDate` and a `Weekday` (#666)
* Remove libc dependency from Cargo.toml.
* Add the `and_local_timezone` method to `NaiveDateTime`
* Fix the behavior of `Duration::abs()` for negative durations with non-zero nanos
* Add compatibility with rfc2822 comments (#733)
* Make `js-sys` and `wasm-bindgen` enabled by default when target is `wasm32-unknown-unknown` for ease of API discovery
* Add the `Months` struct and associated `Add` and `Sub` impls
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 36.0.2 to 38.0.1
- Update of rootfile
- Changelog
38.0.1 - 2022-09-07
Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs).
38.0.0 - 2022-09-06
Final deprecation of OpenSSL 1.1.0. The next release of cryptography will drop support.
We no longer ship many linux 2010 wheels. Users should upgrade to the latest pip to ensure this doesn’t cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms.
Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required.
decrypt() and related methods now accept both str and bytes tokens.
Parsing CertificateSigningRequest restores the behavior of enforcing that the Extension critical field must be correctly encoded DER. See the issue for complete details.
Added two new OpenSSL functions to the bindings to support an upcoming pyOpenSSL release.
When parsing CertificateRevocationList and CertificateSigningRequest values, it is now enforced that the version value in the input must be valid according to the rules of RFC 2986 and RFC 5280.
Using MD5 or SHA1 in CertificateBuilder and other X.509 builders is deprecated and support will be removed in the next version.
Added additional APIs to SignedCertificateTimestamp, including signature_hash_algorithm, signature_algorithm, signature, and extension_bytes.
Added tbs_precertificate_bytes, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification.
KBKDFHMAC and KBKDFCMAC now support MiddleFixed counter location.
Fixed RFC 4514 name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method from_rfc4514_string().
It is now possible to customize some aspects of encryption when serializing private keys, using encryption_builder().
Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade.
Added AES128 and AES256 classes. These classes do not replace AES (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length.
37.0.4 - 2022-07-05
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5.
37.0.3 - 2022-06-21 (YANKED)¶
Attention
This release was subsequently yanked from PyPI due to a regression in OpenSSL.
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4.
37.0.2 - 2022-05-03
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.3.
Added a constant needed for an upcoming pyOpenSSL release.
37.0.1 - 2022-04-27
Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error.
Restored some legacy symbols for older pyOpenSSL users. These will be removed again in the future, so pyOpenSSL users should still upgrade to the latest version of that package when they upgrade cryptography.
37.0.0 - 2022-04-26
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+.
BACKWARDS INCOMPATIBLE: Removed signer and verifier methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to sign and verify.
Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of cryptography will be the last to support compiling with OpenSSL 1.1.0.
Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future cryptography release.
Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required.
Deprecated CAST5, SEED, IDEA, and Blowfish because they are legacy algorithms with extremely low usage. These will be removed in a future version of cryptography.
Added limited support for distinguished names containing a bit string.
We now ship universal2 wheels on macOS, which contain both arm64 and x86_64 architectures. Users on macOS should upgrade to the latest pip to ensure they can use this wheel, although we will continue to ship x86_64 specific wheels for now to ease the transition.
This will be the final release for which we ship manylinux2010 wheels. Going forward the minimum supported manylinux ABI for our wheels will be manylinux2014. The vast majority of users will continue to receive manylinux wheels provided they have an up to date pip. For PyPy wheels this release already requires manylinux2014 for compatibility with binaries distributed by upstream.
Added support for multiple OCSPSingleResponse in a OCSPResponse.
Restored support for signing certificates and other structures in X.509 with SHA3 hash algorithms.
TripleDES is disabled in FIPS mode.
Added support for serialization of PKCS#12 CA friendly names/aliases in serialize_key_and_certificates()
Added support for 12-15 byte (96 to 120 bit) nonces to AESOCB3. This class previously supported only 12 byte (96 bit).
Added support for AESSIV when using OpenSSL 3.0.0+.
Added support for serializing PKCS7 structures from a list of certificates with serialize_certificates.
Added support for parsing RFC 4514 strings with from_rfc4514_string().
Added AUTO to PSS. This can be used to verify a signature where the salt length is not already known.
Added DIGEST_LENGTH to PSS. This constant will set the salt length to the same length as the PSS hash algorithm.
Added support for loading RSA-PSS key types with load_pem_private_key() and load_der_private_key(). This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 6.4.2 to 7.0.5
- Update of rootfile
- Changelog
v7.0.5
Merge pull request #746 from RonnyPfannschmidt/release-prep
v7.0.4
Merge pull request #739 from RonnyPfannschmidt/fix-738-protect-relative-to
v7.0.3
What's Changed
Hg / pip compatibility by @paugier in #729fix#728: remove git arguments that triggered wrong branch names by @RonnyPfannschmidt in #730fix#691 - support root in pyproject.toml even for cli by @RonnyPfannschmidt in #731fix#727: correctly handle incomplete archivals from setuptools_scm_g… by @RonnyPfannschmidt in #732
cleanup pyproject loading and allow cli relative roots to be specified by @RonnyPfannschmidt in #736
Update the README: document support for Git archives by @Changaco in #734
v7.0.2
Merge pull request #724 from RonnyPfannschmidt/fix-722-self-bootstrap
v7.0.1
Merge pull request #719 from kojiromike/missing-importlib
v7.0.0
pre-commit update
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 1.2.0 to 1.5.2
- Update of rootfile
- Changelog
v1.5.2
Fixed
Fix regression in dylib build artifacts not being found since 1.5.0. #290
Fix regression in sdist missing examples and other supplementary files since 1.5.0. #291
v1.5.1
Fixed
Fix regression in get_lib_name crashing since 1.5.0. #280
Fix regression in Binding.Exec builds with multiple executables not finding built executables since 1.5.0. #283
v1.5.0
Added
Add support for extension modules built for wasm32-unknown-emscripten with Pyodide. #244
Changed
Locate cdylib artifacts by handling messages from cargo instead of searching target dir (fixes build on MSYS2). #267
No longer guess cross-compile environment using HOST_GNU_TYPE / BUILD_GNU_TYPE sysconfig variables. #269
Fixed
Fix RustBin build without wheel. #273
Fix RustBin setuptools install. #275
v1.4.1
Fixed
Fix crash when checking Rust version. #263
v1.4.0
Packaging
Increase minimum setuptools version to 62.4. #222
Added
Add cargo_manifest_args to support locked, frozen and offline builds. #234
Add RustBin for packaging binaries in scripts data directory. #248
Changed
Exec binding RustExtension with script=True is deprecated in favor of RustBin. #248
Errors while calling cargo metadata are now reported back to the user #254
quiet option will now suppress output of cargo metadata. #256
setuptools-rust will now match cargo behavior of not setting --target when the selected target is the rust host. #258
Deprecate native option of RustExtension. #258
Fixed
If the sysconfig for BLDSHARED has no flags, setuptools-rust won't crash anymore. #241
v1.3.0
Packaging
Increase minimum setuptools version to 58. #222
Fixed
Fix crash when python-distutils-extra linux package is installed. #222
Fix sdist built with vendored dependencies on Windows having incorrect cargo config. #223
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.12.0 to 0.13.0
- Update of rootfile
- No Changelog available in the source tarball or pypi or the github repository
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 2.3.0 to 2.3.1
- Update of rootfile
- Changelog
Version 2.3.1
Bugs Fixed:
* Avoid operations on a closed stream file when detecting a socket.
Closes: Pagure #64. Thanks to Mark Richman for the report.
* Correct use of names to allow `from daemon import *`.
Closes: Pagure #65. Thanks to July Tikhonov for the report.
Changed:
* Speed daemon start time by computing candidate file descriptors once.
Closes: Pagure #40. Thanks to Alex Pyrgiotis for the report.
* Remove incorrect double-patch of objects in test cases.
Closes: Pagure #62. Thanks to Miro Hrončok for the report.
* Deprecate helper function `is_socket`.
The function incorrectly causes `ValueError` when the file object is already
closed. Migrate to the new `is_socket_file` helper function instead.
Removed:
* Drop backward-compatible helpers that provided Python 2 support.
* declaration of source encoding ‘utf-8’
* absolute_import
* unicode_literals
* module-level metaclass `type`
* unification of str with unicode type
* renamed standard library exceptions and modules
* raise exception from context exception
All these are default behaviour in Python 3 and need no special
handling.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.7.0 to 0.8.0
- Update of rootfile
- Changelog
0.8.0 (2022-05-22)
Accept os.PathLike[str] in addition to str for paths in public API
(PR #392, Fixes#372)
Add schema validation for build-system table to check conformity with PEP 517
and PEP 518 (PR #365, Fixes#364)
Better support for Python 3.11 (sysconfig schemes PR #434, PR #463,
tomllib PR #443, warnings PR #420)
Improved error printouts (PR #442)
Avoid importing packaging unless needed (PR #395, Fixes#393)
Breaking Changes
Failure to create a virtual environment in the build.env module now raises
build.FailedProcessError (PR #442)
- As far as I can tell IPFire does not use the build.env module and the built iso
installed successfully
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- New version of python3-pyfuse3 has been cythonised so Cython no longer required
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.10.1 to 3.10.8
- Update of rootfile
- Changelog is too large to include hear. More details can be found at
https://docs.python.org/3.10/whatsnew/changelog.html#changelog
- Installed Iso, created from build of this python update series, into a vm testbed clone.
All pages and contents worked. No issues found on any WUI page.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This has been discussed briefly in the telephone conference of
September: powertop is considered to be unnecessary, as IPFire is
optimized for performance, thus interfering with possible power
consumption reducing switches. Also, the need for powertop has been
diminished, given that x86 platforms are highly likely not to run on
batteries, and we are phasing out 32-bit ARM, where this could have been
the case.
Therefore, this patch proposes to drop powertop.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.9.14 to 2.10.3
- Update of rootfile
- Changelog
v2.10.3: Oct 14 2022
### Security
- [CVE-2022-40304] Fix dict corruption caused by entity reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
### Portability
- win32: Fix build with VS2013
### Build system
- cmake: Set SOVERSION
v2.10.2: Aug 29 2022
### Improvements
- Remove set-but-unused variable in xmlXPathScanName
- Silence -Warray-bounds warning
### Build system
- build: require automake-1.16.3 or later (Xi Ruoyao)
- Remove generated files from distribution
### Test suite
- Don't create missing.xml when running testapi
v2.10.1: Aug 25 2022
### Regressions
- Fix xmlCtxtReadDoc with encoding
### Bug fixes
- Fix HTML parser with threads and --without-legacy
### Build system
- Fix build with Python 3.10
- cmake: Disable version script on macOS
- Remove Makefile rule to build testapi.c
### Documentation
- Switch back to HTML output for API documentation
- Port doc/examples/index.py to Python 3
- Fix order of exports in libxml2-api.xml
- Remove libxml2-refs.xml
v2.10.0: Aug 17 2022
### Security
- [CVE-2022-2309] Reset nsNr in xmlCtxtReset
- Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer (David Kilzer)
- Fix missing NUL terminators in xmlBuf and xmlBuffer functions (David Kilzer)
- Fix integer overflow in xmlBufferDump() (David Kilzer)
- xmlBufAvail() should return length without including a byte for NUL
terminator (David Kilzer)
- Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc() (David
Kilzer)
- Use xmlNewDocText in xmlXIncludeCopyRange
- Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser (David Kilzer)
- Use UPDATE_COMPAT() consistently in buf.c (David Kilzer)
- fix: xmlXPathParserContext could be double-delete in OOM case. (jinsub ahn)
### Removals and deprecations
- Disable XPointer location support by default
- Remove outdated xml2Conf.sh
- Deprecate module init and cleanup functions
- Remove obsolete XML Software Autoupdate (XSA) file
- Remove DOCBparser
- Remove obsolete Python test framework
- Remove broken VxWorks support
- Remove broken Mac OS 9 support
- Remove broken bakefile support
- Remove broken Visual Studio 2010 support
- Remove broken Windows CE support
- Deprecate IDREF-related functions in valid.h
- Deprecate legacy functions
- Disable legacy support by default
- Deprecate all functions in nanoftp.h
- Disable FTP support by default
- Add XML_DEPRECATED macro
- Remove elfgcchack.h
### Regressions
- Skip incorrectly opened HTML comments
- Restore behavior of htmlDocContentDumpFormatOutput() (David Kilzer)
### Bug fixes
- Fix memory leak with invalid XSD
- Make XPath depth check work with recursive invocations
- Fix memory leak in xmlLoadEntityContent error path
- Avoid double-free if malloc fails in inputPush
- Properly fold whitespace around the QName value when validating an XSD
schema. (Damjan Jovanovic)
- Add whitespace folding for some atomic data types that it's missing on.
(Damjan Jovanovic)
- Don't add IDs containing unexpanded entity references
### Improvements
- Avoid calling xmlSetTreeDoc
- Simplify xmlFreeNode
- Don't reset nsDef when changing node content
- Fix unintended fall-through in xmlNodeAddContentLen
- Remove unused xmlBuf functions (David Kilzer)
- Implement xpath1() XPointer scheme
- Add configuration flag for XPointer locations support
- Fix compiler warnings in Python code
- Mark more static data as `const` (David Kilzer)
- Make xmlStaticCopyNode non-recursive
- Clean up encoding switching code
- Simplify recursive pthread mutex
- Use non-recursive mutex in dict.c
- Fix parser progress checks
- Avoid arithmetic on freed pointers
- Improve buffer allocation scheme
- Remove unneeded #includes
- Add support for some non-standard escapes in regular expressions. (Damjan
Jovanovic)
- htmlParseComment: handle abruptly-closed comments (Mike Dalessio)
- Add let variable tag support (Oliver Diehl)
- Add value-of tag support (Oliver Diehl)
- Remove useless call to xmlRelaxNGCleanupTypes
- Don't include ICU headers in public headers
- Update `xmlStrlen()` to use POSIX / ISO C `strlen()` (Mike Dalessio)
- Fix unused variable warnings with disabled features
- Only warn on invalid redeclarations of predefined entities
- Remove unneeded code in xmlreader.c
- Rework validation context flags
### Portability
- Use NAN/INFINITY if available to init XPath NaN/Inf (Sergey Kosukhin)
- Fix Python tests on macOS
- Fix xmlCleanupThreads on Windows
- Fix reinitialization of library on Windows
- Don't mix declarations and code in runtest.c
- Use portable python shebangs (David Seifert)
- Use critical sections as mutex on Windows
- Don't set HAVE_WIN32_THREADS in win32config.h
- Use stdint.h with newer MSVC
- Remove cruft from win32config.h
- Remove isinf/isnan emulation in win32config.h
- Always fopen files with "rb"
- Remove __DJGPP__ checks
- Remove useless __CYGWIN__ checks
### Build system
- Don't autogenerate doc/examples/Makefile.am
- cmake: Install libxml.m4 on UNIX-like platforms (Daniel E)
- cmake: Use symbol versioning on UNIX-like platforms (Daniel E)
- Port genUnicode.py to Python 3
- Port gentest.py to Python 3
- cmake: Fix build without thread support
- cmake: Install documentation in CMAKE_INSTALL_DOCDIR
- cmake: Remove non needed files in docs dir (Daniel E)
- configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
(Christopher Degawa)
- Move local Autoconf macros into m4 directory
- Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
- Update libxml-2.0-uninstalled.pc.in
- Remove LIBS from XML_PRIVATE_LIBS
- Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
- Don't overlink executables
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel Engberg)
- build: Make use of variables in libxml's pkg-config file (Daniel Engberg)
- Avoid obsolescent `test -a` constructs (David Seifert)
- Move AM_MAINTAINER_MODE to AM section
- configure.ac: make AM_SILENT_RULES([yes]) unconditional (David Seifert)
- Streamline documentation installation
- Don't try to recreate COPYING symlink
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- Makefile.am: install examples more idiomatically (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Respect `--sysconfdir` in source files (David Seifert)
- Ignore configure backup file created by recent autoreconf too (Vadim Zeitlin)
- Only install *.html and *.c example files
- Remove --with-html-dir option
- Rework documentation build system
- Remove old website
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Update genChRanges.py
- Update build_glob.py
- Remove ICONV_CONST test
- Remove obsolete AC_HEADER checks
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove special configuration for certain maintainers
### Test suite, CI
- Disable network in API tests
- testapi: remove leading slash from "/missing.xml" (Mike Gilbert)
- Build Autotools CI tests out of source tree (VPATH)
- Add --with-minimum build to CI tests
- Fix warnings when testing --with-minimum build
- cmake: Run all tests when threads are disabled
- Also build CI tests with -Werror
- Move doc/examples tests to new test suite
- Simplify 'make check' targets
- Fix schemas and relaxng tests
- Remove unused result files
- Allow missing result files in runtest
- Move regexp tests to runtest
- Move SVG tests to runtest.c
- Move testModule to new test suite
- Move testThreads to new test suite
- Remove major parts of old test suite
- Make testchar return an error on failure (Tony Tascioglu)
- Add CI job for static build
- python/tests: open() relative to test scripts (David Seifert)
- Port some test scripts to Python 3
### Documentation
- Improve documentation of tree manipulation API
- Update xml2-config man page
- Consolidate man pages
- Rename xmlcatalog_man.xml
- Make examples a standalone HTML page
- Fix documentation in entities.c
- Add note about optimization flags
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.4.9 to 2.5.0
- Update of rootfile.
- Changelog
Release 2.5.0 Tue October 25 2022
Security fixes:
#616#649#650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially
arbitrary code execution.
Bug fixes:
#612#645 Fix curruption from undefined entities
#613#654 Fix case when parsing was suspended while processing nested
entities
#616#652#653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
#656 CMake: Fix generation of pkg-config file
#658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
#667#668 Version info bumped from 9:9:8 to 9:10:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.2.12 to 1.2.13
- Update of rootfile
- Patches for CVE-2022-37434 removed as they are now integarted in the source tarball
- Changelog
Changes in 1.2.13 (13 Oct 2022)
- Fix configure issue that discarded provided CC definition
- Correct incorrect inputs provided to the CRC functions
- Repair prototypes and exporting of new CRC functions
- Fix inflateBack to detect invalid input with distances too far
- Have infback() deliver all of the available output up to any error
- Fix a bug when getting a gzip header extra field with inflate(CVE-2022-37434)
- Fix bug in block type selection when Z_FIXED used
- Tighten deflateBound bounds
- Remove deleted assembler code references
- Various portability and appearance improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This file should have been shipped with Core Update 171, but that was
omitted by mistake. Core Update 172 therefore finally fixes#12934 on
existing installations.
Fixes: #12934
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
After a backup is restored, the CRL might be out of data and client
won't be able to connect to the server any more.
This will immediately update the CRL should it require an update.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-0
"Features
Merge #753: ACL per interface. (New interface-* configuration options).
Merge #760: PROXYv2 downstream support. (New proxy-protocol-port configuration option).
Bug Fixes
Fix#728: alloc_reg_obtain() core dump. Stop double alloc_reg_release
when serviced_create fails.
Fix edns subnet so that scope 0 answers only match sourcemask 0 queries
for answers from cache if from a query with sourcemask 0.
Fix unittest for edns subnet change.
Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due to
unsupported IPV6_USER_MTU socket option being set.
Fix ratelimit inconsistency, for ip-ratelimits the value is the amount
allowed, like for ratelimits.
Fix#734 [FR] enable unbound-checkconf to detect more (basic) errors.
Fix to log accept error ENFILE and EMFILE errno, but slowly, once per
10 seconds. Also log accept failures when no slow down is used.
Fix to avoid process wide fcntl calls mixed with nonblocking operations
after a blocked write.
Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive
operations, so that instruction reordering does not cause mistakenly
blocking socket operations.
Fix to wait for blocked write on UDP sockets, with a timeout if it
takes too long the packet is dropped.
Fix for wait for udp send to stop when packet is successfully sent.
Fix#741: systemd socket activation fails on IPv6.
Fix to update config tests to fix checking if nonblocking sockets work
on OpenBSD.
Slow down log frequency of write wait failures.
Fix to set out of file descriptor warning to operational verbosity.
Fix to log a verbose message at operational notice level if a thread is
not responding, to stats requests. It is logged with thread
identifiers.
Remove include that was there for debug purposes.
Fix to check pthread_t size after pthread has been detected.
Convert tdir tests to use the new skip_test functionality.
Remove unused testcode/mini_tpkg.sh file.
Better output for skipped tdir tests.
Fix doxygen warning in respip.h.
Fix to remove erroneous TC flag from TCP upstream.
Fix test tdir skip report printout.
Fix windows compile, the identifier interface is defined in headers.
Fix to close errno block in comm_point_tcp_handle_read outside of ifdef.
Fix static analysis report to remove dead code from the
rpz_callback_from_iterator_module function.
Fix to clean up after the acl_interface unit test.
Merge #764: Leniency for target discovery when under load (for
NRDelegation changes).
Use DEBUG_TDIR from environment in mini_tdir.sh for debugging.
Fix string comparison in mini_tdir.sh.
Make ede.tdir test more predictable by using static data.
Fix checkconf test for dnscrypt and proxy port.
Fix dnscrypt compile for proxy protocol code changes.
Fix to stop responses with TC flag from resulting in partial responses.
It retries to fetch the data elsewhere, or fails the query and in depth
fix removes the TC flag from the cached item.
Fix proxy length debug output printout typecasts.
Fix to stop possible loops in the tcp reuse code (write_wait list and
tcp_wait list). Based on analysis and patch from Prad Seniappan and
Karthik Umashankar.
Fix PROXYv2 header read for TCP connections when no proxied addresses
are provided."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- add help links for two new ipblocklist WebGUI pages
- update help links to proxy accounting
- add links to OpenVPN Net-to-Net Statistics,
MD Raid State, Update Accelerator,
OpenVPN Roadwarrior Connections Log
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When the bridge cannot detect a domain name for any of the leases, it
uses localdomain which is not always the best choice. So instead, this
patches changes the behaviour that we read the default domain of the
firewall.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
The Ten64 board runs a U-Boot which works best directly
booting EFI. Attempting to load your own DTB or other steps
will cause issues.
(see https://ten64doc.traverse.com.au/faq/#common-issues)
The current stable Ten64 firmware unfortunately searches for
boot.scr before bootaa64.efi. So redirect it back to the EFI path.
A future Ten64 firmware package will prefer EFI first before
any boot script avoiding this issue. I will provide a patch
reversing this when that day comes.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This change enables support for NXP's QorIQ/Layerscape platforms,
specifically the Traverse Technologies Ten64 (LS1088A).
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Since last time we checked, the kernel's security features on ARM have
improved notably (see CONFIG_RANDOMIZE_BASE discussion). This patch
therefore proposes to give the seccomp filter on both 32- and 64-bit ARM
another try, since it provides significant security benefit to
applications using it.
Due to operational constraints, rootfile changes have been omitted, and
will be conducted, should this patch be approved.
Note to future self: Once this patch is approved, applications using
seccomp (OpenSSH, Tor) need to be updated/shipped on ARM.
Fixes: #12366Fixes: #12370
Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
From the kernels' documentation:
> Uprobes is the user-space counterpart to kprobes: they
> enable instrumentation applications (such as 'perf probe')
> to establish unintrusive probes in user-space binaries and
> libraries, by executing handler functions when the probes
> are hit by user-space applications.
>
> ( These probes come in the form of single-byte breakpoints,
> managed by the kernel and kept transparent to the probed
> application. )
To the best of the authors' understanding, no application on IPFire
needs this functionality, and given its abuse potential, we should
probably not enable it.
As expected, strace functionality is not impaired by this.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
