- Update from version 20230404 to 20230625
- Update of rootfile carried out based on Peter Mueller's description from last
linux-firmware update.
- It would be good to have it checked that my results are in line with what they should be.
- Changelog
For changes see the commits in the git repo
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Changelog is too long to include it here, please refer to the ChangeLog
file in the sourcecode tarball.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.15.4 to 1.20.4
- Update of x86_64 rootfile
aarch64 rootfile needs to be created on a aarch64 build system
- Changelog is very large. For details see https://go.dev/doc/devel/release
50 mentions of security fixes in the changes from 1.15.4 to 1.20.4
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This patch does not include the rootfile for riscv64 because GCC FTBFS.
Bug #13156 has been opened to address this.
But since we don't officially support IPFire riscv64, yet, this should
not delay this going into next.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3.9.0 to 3.10.0
- Update of rootfile
- version 3.9.0 failed to output some of the symbols. This was found as a bug in Fedora but
also seen by some people in IPFire CU175 with flashrom where the version 3.3 symbol is
provided.
Fedora made a patch to resolve this issue for 3.9.0 but 3.10.0 has been released since
then and Fedora removed the patch that was used for 2.9.0 as pciutils has had that bug
fixed - see first item in changelog.
- Changelog
Released as 3.10.0.
Fixed bug in definition of versioned symbol aliases
in shared libpci, which made compiling with link-time
optimization fail.
Filters now accept "0x..." syntax for backward compatibility.
Windows: The cfgmgr32 back-end which provides the list of devices
can be combined with another back-end which provides access
to configuration space.
ECAM (Enhanced Configuration Access Mechanism), which is defined
by the PCIe standard, is now supported. It requires root privileges,
access to physical memory, and also manual configuration on some
systems.
lspci: Tree view now works on multi-domain systems. It now respects
filters properly.
Last but not least, pci.ids were updated to the current snapshot
of the database. This includes overall cleanup of entries with
non-ASCII characters in their names -- such characters are allowed,
but only if they convey interesting information (e.g., umlauts
in German company names, but not the "registered trade mark" sign).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Excerpt from changelog:
"6.0.13 -- 2023-06-15
Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)
Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport)
Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport)
Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport)
Bug #6113: ips: txs still logged for dropped flow (6.0.x backport)
Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #6055: ftp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport)
Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport)
Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport)
Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport)
Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport)
Task #5984: libhtp 0.5.44 (6.0.x backport)
Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport)
Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.5.2 to 1.5.3
- Update of rootfile
- Changelog
Release 1.5.3
* configure: added options to configure stylesheets.
* configure: added --enable-logind option to use logind instead of utmp
in pam_issue and pam_timestamp.
* pam_modutil_getlogin: changed to use getlogin() from libc instead of parsing
utmp.
* Added libeconf support to pam_env and pam_shells.
* Added vendor directory support to pam_access, pam_env, pam_group, pam_faillock,
pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, pam_shells, and pam_time.
* pam_limits: changed to not fail on missing config files.
* pam_pwhistory: added conf= option to specify config file location.
* pam_pwhistory: added file= option to specify password history file location.
* pam_shells: added shells.d support when libeconf and vendordir are enabled.
* Deprecated pam_lastlog: this module is no longer built by default because
it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe,
even on 64bit architectures.
pam_lastlog will be removed in one of the next releases, consider using
pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or
pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead.
* Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() macros
provided by _pam_macros.h; the memory override performed by these macros can
be optimized out by the compiler and therefore can no longer be relied upon.
* Multiple minor bug fixes, portability fixes, documentation improvements,
and translation updates.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.8.1 to 3.9
- Update of rootfile
- Changelog
NEWS for the Nettle 3.9 release
This release includes bug fixes, several new features, a few
performance improvements, and one performance regression
affecting GCM on certain platforms.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.7 and libhogweed.so.6.7, with sonames
libnettle.so.8 and libhogweed.so.6.
This release includes a rewrite of the C implementation of
GHASH (dating from 2011), as well as the plain x86_64 assembly
version, to use precomputed tables in a different way, with
tables always accessed in the same sequential manner.
This should make Nettle's GHASH implementation side-channel
silent on all platforms, but considerably slower on platforms
without carry-less mul instructions. E.g., benchmarks of the C
implementation on x86_64 showed a slowdown of 3 times.
Bug fixes:
* Fix bug in ecdsa and gostdsa signature verify operation, for
the unlikely corner case that point addition really is point
duplication.
* Fix for chacha on Power7, nettle's assembly used an
instruction only available on later processors. Fixed by
Mamone Tarsha.
* GHASH implementation should now be side-channel silent on
all architectures.
* A few portability fixes for *BSD.
New features:
* Support for the SM4 block cipher, contributed by Tianjia
Zhang.
* Support for the Balloon password hash, contributed by Zoltan
Fridrich.
* Support for SIV-GCM authenticated encryption mode,
contributed by Daiki Ueno.
* Support for OCB authenticated encryption mode.
* New exported functions md5_compress, sha1_compress,
sha256_compress, sha512_compress, based on patches from
Corentin Labbe.
Optimizations:
* Improved sha256 performance, in particular for x86_64 and
s390x.
* Use GMP's mpn_sec_tabselect, which is implemented in
assembly on many platforms, and delete the similar nettle
function. Gives a modest speedup to all ecc operations.
* Faster poly1305 for x86_64 and ppc64. New ppc code
contributed by Mamone Tarsha.
Miscellaneous:
* New ASM_FLAGS variable recognized by configure.
* Delete all arcfour assembly code. Affects 32-bit x86, 32-bit
and 64-bit sparc.
Known issues:
* Version 6.2.1 of GNU GMP (the most recent GMP release as of
this writing) has a known issue for MacOS on 64-bit ARM: GMP
assembly files use the reserved x18 register. On this
platform it is recommended to use a GMP snapshot where this
bug is fixed, and upgrade to a later GMP release when one
becomes available.
* Also on MacOS, Nettle's testsuite may still break due to
DYLD_LIBRARY_PATH being discarded under some circumstances.
As a workaround, use
* make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.67 to 2.69
- Update of rootfile
- Changelog
Release notes for 2.69
2023-05-14 19:10:04 -0700
An audit was performed on libcap and friends by https://x41-dsec.de/https://x41-dsec.de/news/2023/05/15/libcap-source-code-audit/
The audit (final report, 2023-05-10)
https://drive.google.com/file/d/1lsuC_tQbQ5pCE2Sy_skw0a7hTzQyQh2C/view?usp=sharing
was sponsored by the the Open Source Technology Improvement Fund,
https://ostif.org/ (blog). Five issues were found. Four of them are
addressed in this release. Each issue was labeled in the audit results as
follows:
LCAP-CR-23-01 (SEVERITY) LOW (CVE-2023-2602) - found by David Gstir
LCAP-CR-23-02 (SEVERITY) MEDIUM (CVE-2023-2603) - found by Richard Weinberger
LCAP-CR-23-100 (SEVERITY) NONE
LCAP-CR-23-101 (SEVERITY) NONE
Man page style improvement from Emanuele Torre
Partially revive the ability to build the binaries fully statically.
This was needed to make bleeding edge kernel debugging/testing via
qemu+busybox work again. Addressing an issue I realized only when I
tried to answer this stackexchange question.
https://unix.stackexchange.com/questions/741532/launch-process-with-limited-capabilities-on-minimal-busybox-based-system
Release notes for 2.68
2023-03-25 17:03:17 -0700
Force libcap internal functions to be hidden outside the library (Bug 217014)
Expanded the list of man page (links) to all of the supported API functions.
fixed some formatting issues with the libpsx(3) manpage.
Add support for a markdown preamble and postscript when generating .md
versions of the man pages (Bug 217007)
psx package clean up
fix some copy-paste errors with TestShared()
added a more complete psx testing into this test as well
cap package clean up
drop an unnecessary use of ", _" in the sources
cleaned up cap.NamedCount documentation
Converted goapps/web/README to .md format and fixed the instructions to
indicate go mod tidy is needed.
cap_compare test binary now cleans up after itself (Bug 217018)
Figured out how to cross compile Go programs for arm (i.e. RPi) that use C
code, don't use cgo but do use the psx package (all part of investigating
bug 216610).
Eliminate use of vendor directory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 7.2.0 to 7.3.0
- Update of rootfile
- Changelog
Overview of changes leading to 7.3.0
Tuesday, May 9, 2023
- Speedup applying glyph variation in VarComposites fonts (over 40% speedup).
(Behdad Esfahbod)
- Speedup instancing some fonts (over 20% speedup in instancing RobotoFlex).
(Behdad Esfahbod)
- Speedup shaping some fonts (over 30% speedup in shaping Roboto).
(Behdad Esfahbod)
- Support subsetting VarComposites and beyond-64k fonts. (Behdad Esfahbod)
- New configuration macro HB_MINIMIZE_MEMORY_USAGE to favor optimizing memory
usage over speed. (Behdad Esfahbod)
- Supporting setting the mapping between old and new glyph indices during
subsetting. (Garret Rieger)
- Various fixes and improvements.
(Behdad Esfahbod, Denis Rochette, Garret Rieger, Han Seung Min, Qunxin Liu)
- New API:
+hb_subset_input_old_to_new_glyph_mapping()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version v4.0.0 to v4.0.3
- Update of rootfile
- Changed souce from gz to bz2
- Changelog
procps-ng-4.0.3
* library
Only changes were in copyright headers and tests
* docs: Don't install English manpages twice
* pgrep: Add -H match on userspace signal handler merge #165
* pgrep: make --terminal respect other criteria
* ps: c flag shows command name again Debian #1026326
* ps.1: Match drs description from top.1 merge #156
* skill: Match on -p again Debian #1025915
* top: E/P-core toggle ('5' key) added to help
* vmstat: Referesh memory statistics Debian #1027963
* vmstat: Fix initial si,so,bi,bo,in & cs values issue #15
Debian #668580
* vmstat: Fix conversion errors due to precision merge #75
* w: Add --pids option merge #159
* watch: Pass through beep issue #104
* watch: -r option to not re-exec on SIGWINCH merge #125
* watch: find eol with --no-linewrap merge #157
procps-ng-4.0.2
* library revision - 0:1:0
Handle absent 'core_id' in /proc/cpuinfo
* w: Show time with D_TIME_BITS=64 on 32bit env issue #256
procps-ng-4.0.1
* library
Re-add elogind support merge #151
Used memory is Total - Available
Renaming, it is now libproc2
* free: Use --kilo when only specifying --si merge #163
* pgrep: Add -A to ignore ancestors merge #160
* pidwait: Better warning if pidfd_open not implemented
* pmap: Dont reuse stdin filehandle issue #231
* ps: threads again display when -L is used with -q issue #234
* ps: proper aix format string behavior was restored
* sysctl: print dotted keys again
* top: fix 'smaps' bug preventing build under clang issue #235
* top: column highlighting allowed under 'L' or 'O'
* top: can alter autogroup nice value (like 'r' renice)
* top: can display the following with no need to scroll
* cmdline, control groups, environment,
supplimentary groups, namespaces
* top: adds a 'message log' recall capability
* top: will accept utf8 multi-byte input with support
for full line editing and previous line recall
* top: can show more than 2 abreast in summary display
* top: can distinguish P-Core and E-core cpus
* top: can filter both P-Core and E-core cpus
* watch: Add equexit no-change and exit option merge #153
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.10.2 to 2.11.2
- Update of rootfile
- Changelog
man-db 2.11.2 (8 January 2023)
Fixes:
* Fix compile and test failures when `troff` is not `groff`.
* Fix segfault in typical uses of `man` when `nroff` is not installed.
* Fix crash in `mandb` when processing stray cats.
Improvements:
* Check for stray cats even if no manual pages in a given manpath were
changed.
man-db 2.11.1 (15 November 2022)
Build:
* Transfer Git repository to https://gitlab.com/man-db/man-db.
Fixes:
* SECURITY: Replace `$` characters in page names with `?` when constructing
`less` prompts.
* Silence error message when processing an empty manual page hierarchy with
a nonexistent cache directory.
* `man(1)` now sorts whatis references below real pages, even if the whatis
references are from a section with higher priority.
Improvements:
* Add section `3type` to the default section list just after `2`. This is
used by the Linux man-pages package.
* Recognize more Hungarian translations of the `NAME` section.
man-db 2.11.0 (15 October 2022)
Fixes:
* `mandb` now correctly records filters in the database if it uses cached
whatis information.
* Upgrade Gnulib, fixing syntax error on glibc systems with GCC 11.
* The `CATWIDTH` configuration file directive now overrides `MINCATWIDTH`
and `MAXCATWIDTH`.
* Database entries for links were often incorrectly stored as if they were
entries for the ultimate source of the page. They are now stored with
the correct type.
* Store links in the database using the section and extension of the link
rather than of the ultimate source file.
* Consider pages for adding to the database even if they seem to already
exist; this performance optimization is no longer needed due to caching,
and it produced inconsistent results in some unusual cases.
* `man` now runs any required preprocessors in the same order that `groff`
does, rather than trusting the order of filters in a page's preprocessor
string.
* Fix building on MinGW. (I haven't been able to test this; help from
MinGW experts would be welcome.)
Improvements:
* Add more recognized case variants for localized versions of the `NAME`
section.
* Maintain multi keys in sorted order, improving database reproducibility.
* Pick a more consistent name for the target of a whatis entry in the
database.
* Extend rules for when to replace one database entry with another,
producing more stable behaviour.
* Fully reorganize databases after writing them, allowing the reproduction
of bitwise-identical databases regardless of scan order (at least with
GDBM).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.1.1 to 5.2.2
- Update of rootfile
- Changelog
Changes from 5.2.1 to 5.2.2
1. Infrastructure upgrades: makeinfo 7.0.1 must be used to format
the manual. As a result, the manual can also now be formatted
with LaTeX by running it through `makeinfo --latex'.
2. Gawk no longer builds an x86_64 executable on M1 macOS systems.
This means that PMA is unavailable on those systems.
3. Gawk will now diagnose if a heap file was created with a different
setting of -M/--bignum than in the current invocation and exit with
a fatal message if so.
4. Gawk no longer "leaks" its free list of NODEs in the heap file, resulting
in much more efficient usage of persistent storage.
5. PROCINFO["pma"] exists if the PMA allocator is compiled into gawk.
Its value is the PMA version.
6. The time extension is no longer deprecated. The strptime() function
from gawkextlib's timex extension has been added to it.
7. Better information is passed to input parsers for when they want to
decide whether or not to take control of a file. In particular, the
readdir extension is simplified for Windows because of this.
8. The various PNG files are now installed for Info and HTML. The
images files now have gawk_ prefixed names to avoid any conflicts
with other installed PNG file names.
9. As usual, there have been several minor code cleanups and bug fixes.
See the ChangeLog for details.
Changes from 5.2.0 to 5.2.1
1. Infrastructure upgrades: PMA version Avon 8.
2. Issues related to the sign of NaN and Inf values on RiscV have
been fixed; gawk now gives identical results on that platform as
it does on others.
3. A few issues with the debugger have been fixed.
4. More subtle issues with untyped array elements being passed to
functions have been fixed.
5. The rwarray extension's readall() function has had some bugs fixed.
6. The PMA allocator is now supported on FreeBSD, OpenBSD and Linux on S/390x.
It is now supported also on both Intel and M1 macOS systems.
7. There have been several minor code cleanups and bug fixes. See the
ChangeLog for details.
Changes from 5.1.x to 5.2.0
*****************************************************************************
* MPFR mode (the -M option) is now ON PAROLE. This feature is now being *
* supported by a volunteer in the development team and not by the primary *
* maintainer. If this situation changes, then the feature will be removed. *
* For more information see this section in the manual: *
* https://www.gnu.org/software/gawk/manual/html_node/MPFR-On-Parole.html *
*****************************************************************************
1. Infrastructure upgrades: Libtool 2.4.7, Bison 3.8.2.
2. Numeric scalars now compare in the same way as C for the relational
operators. Comparison order for sorting has not changed. This only
makes a difference when comparing Infinity and NaN values with
regular numbers; it should not be noticeable most of the time.
3. If the AWK_HASH environment variable is set to "fnv1a" gawk will
use the FNV1-A hash function for associative arrays.
4. The CMake infrastructure has been removed. In the five years it was in
the tree, nobody used it, and it was not updated.
5. There is now a new function, mkbool(), that creates Boolean-typed
values. These values *are* numbers, but they are also tagged as
Boolean. This is mainly for use with data exchange to/from languages
or environments that support real Boolean values. See the manual
for details.
6. As BWK awk has supported interval expressions since 2019, they are
now enabled even if --traditional is supplied. The -r/--re-interval option
remains, but it does nothing.
7. The rwarray extension has two new functions, writeall() and readall(),
for saving / restoring all of gawk's variables and arrays.
8. The new `gawkbug' script should be used for reporting bugs.
9. The manual page (doc/gawk.1) has been considerably reduced in size.
Wherever possible, details were replaced with references to the online
copy of the manual.
10. Gawk now supports Terence Kelly's "persistent malloc" (pma),
allowing gawk to preserve its variables, arrays and user-defined
functions between runs. THIS IS AN EXPERIMENTAL FEATURE!
For more information, see the manual. A new pm-gawk.1 man page
is included, as is a separate user manual that focuses on the feature.
11. Support for OS/2 has been removed. It was not being actively
maintained.
12. Similarly, support for DJGPP has been removed. It also was not
being actively maintained.
13. VAX/VMS is no longer supported, as it can no longer be tested.
The files for it remain in the distribution but will be removed
eventually.
14. Some subtle issues with untyped array elements being passed to
functions have been fixed.
15. Syntax errors are now immediately fatal. This prevents problems
with errors from fuzzers and other such things.
16. There have been numerous minor code cleanups and bug fixes. See the
ChangeLog for details.
Changes from 5.1.1 to 5.1.x
1. Infrastructure upgrades: Automake 1.16.5, Texinfo 6.8.
2. The rwarray extension now supports writing and reading GMP and
MPFR values. As a result, a bug in the API code was fixed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- OpenSSL-3.x gives an error when trying to open insecure .p12 files to extract the cert
and key for the insecure package download option.
- To make this work the -legacy option is needed in the openssl command, which requires
the legacy.so library to be available.
- Successfully tested on a vm system.
- Patch set built on Master (CU175 Testing)
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- This uses a padlock icon from https://commons.wikimedia.org/wiki/File:Encrypted.png
- The license for this image is the following:-
This library is free software; you can redistribute it and/or modify it under the terms
of the GNU Lesser General Public License as published by the Free Software Foundation;
either version 2.1 of the License, or (at your option) any later version. This library
is distributed in the hope that it will be useful, but without any warranty; without
even the implied warranty of merchantability or fitness for a particular purpose. See
version 2.1 and version 3 of the GNU Lesser General Public License for more details.
- Based on the above license I believe it can be used by IPFire covered by the GNU General
Public License that is used for it.
- The icon image was made by taking the existing openvpn.png file and superimposing the
padlock icon on top of it at a 12x12 pixel format and naming it openvpn_encrypted.png
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Moved rootfile from common to packages and commented out all entries.
- Updated lfs file from addon to core package that is only used for build
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- libcap places the files by default in /lib and not /usr/lib etc. To fix this libcap made
a symlink for the library file from /lib to /usr/lib. However the .pc files were left
in /lib/pkgconfig and not /usr/lib/pkgconfig and were therefore not found by the update
of rng-tools which now required libcap to be found.
- Changed the prefix settings for libcap which placed the libraries and .pc files in the
correct locations while keeping the executables in their existing location.
- This removed the need for symlinking /usr/lib/libcap.so to /lib/libcap.so.2.67 as the
libraries are now placed in /usr/lib
- Installed the ipfire build with these changes into a vm system and confirmed that
everything worked. Input from Michael Tremer that if ping worked then libcap was
functioning correctly.
- The prefixes have to be applied to both make and make install to end up with the files
in the correct places.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- With the last update of lvm2 lvmetad was removed from lvm2. I did not recognise that
lvmetad had been setup as an automatic initscript, so it no longer works as the
binary is no longer provided.
- This patch removes the lvmetad initscript, the reference to lvmetad in the initscript
lfs file and the lvmetad initscript entries in the rootfile for each architecture.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.40/doc/arm/html/notes.html#notes-for-bind-9-16-40
"Notes for BIND 9.16.40
Bug Fixes
Logfiles using timestamp-style suffixes were not always correctly
removed when the number of files exceeded the limit set by versions.
This has been fixed for configurations which do not explicitly specify
a directory path as part of the file argument in the channel
specification. [GL #3959] [GL #3991]
Performance of DNSSEC validation in zones with many DNSKEY records has
been improved. [GL #3981]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 1.5.4 to 1.5.5
- Update of rootfile
- Changelog
v1.5.5 (Apr 2023)
fix: fix rare corruption bug affecting the high compression mode, reported by @danlark1 (#3517, @terrelln)
perf: improve mid-level compression speed (#3529, #3533, #3543, @yoniko and #3552, @terrelln)
lib: deprecated bufferless block-level API (#3534) by @terrelln
cli: mmap large dictionaries to save memory, by @daniellerozenblit
cli: improve speed of --patch-from mode (~+50%) (#3545) by @daniellerozenblit
cli: improve i/o speed (~+10%) when processing lots of small files (#3479) by @felixhandte
cli: zstd no longer crashes when requested to write into write-protected directory (#3541) by @felixhandte
cli: fix decompression into block device using -o, reported by @georgmu (#3583)
build: fix zstd CLI compiled with lzma support but not zlib support (#3494) by @Hello71
build: fix cmake does no longer require 3.18 as minimum version (#3510) by @kou
build: fix MSVC+ClangCL linking issue (#3569) by @tru
build: fix zstd-dll, version of zstd CLI that links to the dynamic library (#3496) by @yoniko
build: fix MSVC warnings (#3495) by @embg
doc: updated zstd specification to clarify corner cases, by @Cyan4973
doc: document how to create fat binaries for macos (#3568) by @rickmark
misc: improve seekable format ingestion speed (~+100%) for very small chunk sizes (#3544) by @Cyan4973
misc: tests/fullbench can benchmark multiple files (#3516) by @dloidolt
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 2.02.188 to 2.03.21
- Update of rootfile
- Changelog
version 2.03.21 - 21st April 2023
Fix activation of vdo-pool for with 0 length headers (converted pools).
Avoid printing internal init messages when creation integration devices.
Allow (write)cache over raid+integrity LV.
version 2.03.20 - 21st March 2023
Fix segfault if using -S|--select with log/report_command_log=1 setting.
Configure now fails when requested lvmlockd dependencies are missing.
Add some configure Gentoo enhancements for static builds.
version 2.03.19 - 21st February 2023
Configure supports --with-systemd-run executed from udev rules.
Enhancement for build with MuslC systemd and non-bash system shells (dash).
Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices.
Ensure udev is processing origin LV before its thick snapshots LVs.
Fix and improve runtime memory size detection for VDO volumes.
version 2.03.18 - 22nd December 2022
Fix issues reported by coverity scan.
Fix warning for thin pool overprovisioning on lvextend (2.03.17).
Add support for writecache metadata_only and pause_writeback settings.
Fix missing error messages in lvmdbusd.
Version 2.03.17 - 10th November 2022
Add new options (--fs, --fsmode) for FS handling when resizing LVs.
Fix 'lvremove -S|--select LV' to not also remove its historical LV right away.
Fix lv_active field type to binary so --select and --binary applies properly.
Switch to use mallinfo2 and use it only with glibc.
Error out in lvm shell if using a cmd argument not supported in the shell.
Fix lvm shell's lastlog command to report previous pre-command failures.
Extend VDO and VDOPOOL without flushing and locking fs.
Add --valuesonly option to lvmconfig to print only values without keys.
Updates configure with recent autoconf tooling.
Fix lvconvert --test --type vdo-pool execution.
Add json_std output format for more JSON standard compliant version of output.
Fix vdo_slab_size_mb value for converted VDO volume.
Fix many corner cases in device_id, including handling of S/N duplicates.
Fix various issues in lvmdbusd.
Version 2.03.16 - 18th May 2022
Fix segfault when handling selection with historical LVs.
Add support --vdosettings with lvcreate, lvconvert, lvchange.
Filtering multipath devices respects blacklist setting from multipath
configuration.
lvmdevices support for removing by device id using --deviceidtype and
--deldev.
Display writecache block size with lvs -o writecache_block_size.
Improve cachesettings description in man lvmcache.
Fix lossing of delete message on thin-pool extension.
Version 2.03.15 - 07th February 2022
Remove service based autoactivation. global/event_activation = 0 is NOOP.
Improve support for metadata profiles for --type writecache.
Use cache or active DM device when available with new kernels.
Introduce function to utilize UUIDs from DM_DEVICE_LIST.
Increase some hash table size to better support large device sets.
Version 2.03.14 - 20th October 2021
Device scanning is skipping directories on different filesystems.
Print info message with too many or too large archived files.
Reduce metadata readings during scanning phase.
Optimize computation of crc32 check sum with multiple PVs.
Enhance recover path on cache creation failure.
Filter out unsupported MQ/SMQ cache policy setting.
Fix memleak in mpath filter.
Support newer location for VDO statistics.
Add support for VDO async-unsafe write policy.
Improve lvm_import_vdo script.
Support VDO LV with lvcreate -ky.
Fix lvconvert for VDO LV bigger then 2T.
Create VDO LVs automatically without zeroing.
Rename vdoimport to lvm_import_vdo.
Version 2.03.13 - 11th August 2021
Changes in udev support:
- obtain_device_list_from_udev defaults to 0.
- see devices/external_device_info_source,
devices/obtain_device_list_from_udev, and devices/multipath_wwids_file help
in lvm.conf
Fix devices file handling of loop with deleted backing file.
Fix devices file handling of scsi_debug WWIDs.
Fix many static analysis issues.
Support --poolmetadataspare with vgsplit and vgmerge.
Fix detection of active components of external origin volume.
Add vdoimport tool to support conversion of VDO volumes.
Support configurable allocation/vdo_pool_header_size.
Fix handling of lvconvert --type vdo-pool --virtualsize.
Simplified handling of archive() and backup() internal calls.
Add 'idm' locking type for IDM lock manager.
Fix load of kvdo target when it is not present in memory (2.03.12).
Version 2.03.12 - 07th May 2021
Allow attaching cache to thin data volume.
Fix memleak when generating list of outdated pvs.
Better hyphenation usage in man pages.
Replace use of deprecated security_context_t with char*.
Configure supports AIO_LIBS and AIO_CFLAGS.
Improve build process for static builds.
New --setautoactivation option to modify LV or VG auto activation.
New metadata based autoactivation property for LVs and VGs.
Improve signal handling with lvmpolld.
Signal handler can interrupt command also for SIGTERM.
Lvreduce --yes support.
Add configure option --with/out-symvers for non-glibc builds.
Report error when the filesystem is missing on fsadm resized volume.
Handle better blockdev with --getsize64 support for fsadm.
Do not include editline/history.h when using editline library.
Support error and zero segtype for thin-pool data for testing.
Support mixed extension for striped, error and zero segtypes.
Support resize also for stacked virtual volumes.
Skip dm-zero devices just like with dm-error target.
Reduce ioctl() calls when checking target status.
Merge polling does not fail, when LV is found to be already merged.
Poll volumes with at least 100ms delays.
Do not flush dm cache when cached LV is going to be removed.
New lvmlockctl_kill_command configuration option.
Support interruption while waiting on device close before deactivation.
Flush thin-pool messages before removing more thin volumes.
Improve hash function with less collisions and make it faster.
Reduce ioctl count when deactivating volumes.
Reduce number of metadata parsing.
Enhance performance of lvremove and vgremove commands.
Support interruption when taking archive and backup.
Accelerate large lvremoves.
Speedup search for cached device nodes.
Speedup command initialization.
Add devices file feature, off by default for now.
Support extension of writecached volumes.
Fix problem with unbound variable usage within fsadm.
Fix IMSM MD RAID detection on 4k devices.
Check for presence of VDO target before starting any conversion.
Support metatadata profiles with volume VDO pool conversions.
Support -Zn for conversion of already formated VDO pools.
Avoid removing LVs on error path of lvconvert during creation volumes.
Fix crashing lvdisplay when thin volume was waiting for merge.
Support option --errorwhenfull when converting volume to thin-pool.
Improve thin-performance profile support conversion to thin-pool.
Add workaround to avoid read of internal 'converted' devices.
Prohibit merging snapshot into the read-only thick snapshot origin.
Restore support for flipping rw/r permissions for thin snapshot origin.
Support resize of cached volumes.
Disable autoactivation with global/event_activation=0.
Check if lvcreate passes read_only_volume_list with tags and skips zeroing.
Allocation prints better error when metadata cannot fit on a single PV.
Pvmove can better resolve full thin-pool tree move.
Limit pool metadata spare to 16GiB.
Improves conversion and allocation of pool metadata.
Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0.
Enhance lvdisplay to report raid available/partial.
Support online rename of VDO pools.
Improve removal of pmspare when last pool is removed.
Fix problem with wiping of converted LVs.
Fix memleak in scanning (2.03.11).
Fix corner case allocation for thin-pools.
Version 2.03.11 - 08th January 2021
Fix pvck handling MDA at offset different from 4096.
Partial or degraded activation of writecache is not allowed.
Enhance error handling for fsadm and handle correct fsck result.
Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values.
Support using BLKZEROOUT for clearing devices.
Support interruption when wipping LVs.
Support interruption for bcache waiting.
Fix bcache when device has too many failing writes.
Fix bcache waiting for IO completion with failing disks.
Configure use own python path name order to prefer using python3.
Add configure --enable-editline support as an alternative to readline.
Enhance reporting and error handling when creating thin volumes.
Enable vgsplit for VDO volumes.
Lvextend of vdo pool volumes ensure at least 1 new VDO slab is added.
Use revert_lv() on reload error path after vg_revert().
Configure --with-integrity enabled.
Restore lost signal blocking while VG lock is held.
Improve estimation of needed extents when creating thin-pool.
Use extra 1% when resizing thin-pool metadata LV with --use-policy.
Enhance --use-policy percentage rounding.
Configure --with-vdo and --with-writecache as internal segments.
Improving VDO man page examples.
Allow pvmove of writecache origin.
Report integrity fields.
Integrity volumes defaults to journal mode.
Switch code base to use flexible array syntax.
Fix 64bit math when calculation cachevol size.
Preserve uint32_t for seqno handling.
Switch from mmap to plain read when loading regular files.
Update lvmvdo man page and better explain DISCARD usage.
Version 2.03.10 - 09th August 2020
Add writecache and integrity support to lvmdbusd.
Generate unique cachevol name when default required from lvcreate.
Converting RAID1 volume to one with same number of legs now succeeds with a
warning.
Fix conversion to raid from striped lagging type.
Fix conversion to 'mirrored' mirror log with larger regionsize.
Zero pool metadata on allocation (disable with allocation/zero_metadata=0).
Failure in zeroing or wiping will fail command (bypass with -Zn, -Wn).
Add lvcreate of new cache or writecache lv with single command.
Fix running out of free buffers for async writing for larger writes.
Add integrity with raid capability.
Fix support for lvconvert --repair used by foreign apps (i.e. Docker).
Version 2.03.09 - 26th March 2020
Fix formatting of vdopool (vdo_slab_size_mb was smaller by 2 bits).
Fix showing of a dm kernel error when uncaching a volume with cachevol.
Version 2.03.08 - 11th February 2020
Prevent problematic snapshots of writecache volumes.
Add error handling for failing allocation in _reserve_area().
Fix memleak in syncing of internal cache.
Fix pvck dump_current_text memleak.
Fix lvmlockd result code on error path for _query_lock_lv().
Update pvck man page and help output.
Reject invalid writecache high/low_watermark setting.
Report writecache status.
Accept more output lines from vdo_format.
Prohibit reshaping of stacked raid LVs.
Avoid running cache input arg validation when creating vdo pool.
Prevent raid reshaping of stacked volumes.
Added VDO lvmdbusd methods for enable/disable compression & dedupe.
Added VDO lvmdbusd method for converting LV to VDO pool.
Version 2.03.07 - 30th November 2019
Subcommand in vgck for repairing headers and metadata.
Ensure minimum required region size on striped RaidLV creation.
Fix resize of thin-pool with data and metadata of different segtype.
Improve mirror type leg splitting.
Improve error path handling in daemons on shutdown.
Fix activation order when removing merged snapshot.
Experimental VDO support for lvmdbusd.
Version 2.03.06 - 23rd October 2019
Add _cpool suffix to cache-pool LV name when used by caching LV.
No longer store extra UUID for cmeta and cdata cachevol layer.
Enhance activation of cache devices with cachevols.
Add _cvol in list of protected suffixes and start use it with DM UUID.
Rename LV converted to cachevol to use _cvol suffix.
Use normal LVs for wiping of cachevols.
Reload cleanered cache DM only with cleaner policy.
Fix cmd return when zeroing of cachevol fails.
Extend lvs to show all VDO properties.
Preserve VDO write policy with vdopool.
Increase default vdo bio threads to 4.
Continue report when cache_status fails.
Add support for DM_DEVICE_GET_TARGET_VERSION into device_mapper.
Fix cmirrord usage of header files from device_mapper subdir.
Allow standalone activation of VDO pool just like for thin-pools.
Activate thin-pool layered volume as 'read-only' device.
Ignore crypto devices with UUID signature CRYPT-SUBDEV.
Enhance validation for thin and cache pool conversion and swapping.
Improve internal removal of cached devices.
Synchronize with udev when dropping snapshot.
Add missing device synchronization point before removing pvmove node.
Correctly set read_ahead for LVs when pvmove is finished.
Remove unsupported OPTIONS+="event_timeout" udev rule from 11-dm-lvm.rules.
Prevent creating VGs with PVs with different logical block sizes.
Fix metadata writes from corrupting with large physical block size.
Version 2.03.05 - 15th June 2019
Fix command definition for pvchange -a.
Add vgck --updatemetadata command that will repair metadata problems.
Improve VG reading to work if one good copy of metadata is found.
Report/display/scan commands that read VGs will no longer write/repair.
Move metadata repairs from VG reading to VG writing.
Add config setting md_component_checks to control MD component checks.
Add end of device MD component checks when dev has no udev info.
Version 2.03.04 - 10th June 2019
Remove unused_duplicate_devs from cmd causing segfault in dmeventd.
Version 2.03.03 - 07th June 2019
Report no_discard_passdown for cache LVs with lvs -o+kernel_discards.
Add pvck --dump option to extract metadata.
Fix signal delivery checking race in libdaemon (lvmetad).
Add missing Before=shutdown.target to LVM2 services to fix shutdown ordering.
Skip autoactivation for a PV when PV size does not match device size.
Remove first-pvscan-initialization which should no longer be needed.
Add remote refresh through lvmlockd/dlm for shared LVs after lvextend.
Ignore foreign and shared PVs for pvscan online files.
Add config setting to control fields in debug file and verbose output.
Add command[pid] and timestamp to debug file and verbose output.
Fix missing growth of _pmsmare volume when extending _tmeta volume.
Automatically grow thin metadata, when thin data gets too big.
Add synchronization with udev before removing cached devices.
Add support for caching VDO LVs and VDOPOOL LVs.
Add support for vgsplit with cached devices.
Query mpath device only once per command for its state.
Use device INFO instead of STATUS when checking for mpath device uuid.
Change default io_memory_size from 4 to 8 MiB.
Add config setting io_memory_size to set bcache size.
Fix pvscan autoactivation for concurrent pvscans.
Change scan_lvs default to 0 so LVs are not scanned for PVs.
Thin-pool selects power-of-2 chunk size by default.
Cache selects power-of-2 chunk size by default.
Support reszing for VDOPoolLV and VDOLV.
Improve -lXXX%VG modifier which improves cache segment estimation.
Ensure migration_threshold for cache is at least 8 chunks.
Restore missing man info lvcreate --zero for thin-pools.
Drop misleadning comment for metadata minimum_io_size for VDO segment.
Add device hints to reduce scanning.
Introduce LVM_SUPPRESS_SYSLOG to suppress syslog usage by generator.
Fix generator quering lvmconfig unpresent config option.
Fix memleak on bcache error path code.
Fix missing unlock on lvm2 dmeventd plugin error path initialization.
Improve Makefile dependency tracking.
Move VDO support towards V2 target (6.2) support.
Version 2.03.02 - 18th December 2018
Fix missing proper initialization of pv_list struct when adding pv.
Fix (de)activation of RaidLVs with visible SubLVs.
Prohibit mirrored 'mirror' log via lvcreate and lvconvert.
Use sync io if async io_setup fails, or use_aio=0 is set in config.
Fix more issues reported by coverity scan.
Version 2.03.01 - 31st October 2018
Version 2.03.00 - 10th October 2018
Add hot fix to avoiding locking collision when monitoring thin-pools.
Allow raid4 -> linear conversion request.
Fix lvconvert striped/raid0/raid0_meta -> raid6 regression.
Add 'lvm2-activation-generator:' prefix for kmsg messages logged by generator.
Add After=rbdmap.service to {lvm2-activation-net,blk-availability}.service.
Reduce max concurrent aios to avoid EMFILE with many devices.
Fix lvconvert conversion attempts to linear.
Fix lvconvert raid0/raid0_meta -> striped regression.
Fix lvconvert --splitmirror for mirror type (2.02.178).
Do not pair cache policy and cache metadata format.
lvconvert: reject conversions on raid1 LVs with split tracked SubLVs
lvconvert: reject conversions on raid1 split tracked SubLVs
Add basic creation support for VDO target.
Never send any discard ioctl with test mode.
Fix thin-pool alloc which needs same PV for data and metadata.
Extend list of non-memlocked areas with newly linked libs.
Enhance vgcfgrestore to check for active LVs in restored VG.
Configure supports --disable-silent-rules for verbose builds.
Fix unmonitoring of merging snapshots.
Cache can uses metadata format 2 with cleaner policy.
Fix check if resized PV can also fit metadata area.
Avoid showing internal error in lvs output or pvmoved LVs.
Remove clvmd
Remove lvmlib (api)
Remove lvmetad
Use versionsort to fix archive file expiry beyond 100000 files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 2.10.3 to 2.11.1
- Update of rootfile
- Changelog
There were two CVE's in version 2.10.4
v2.11.1: Apr 30 2023
Fixes build and ABI issues.
- cmake: Fix va_copy detection (Luca Niccoli)
- libxml.m4: Fix quoting
- Link with --undefined-version
- libxml2.syms: Revert removal of version information
v2.11.0: Apr 28 2023
### Major changes
Protection against entity expansion attacks, also known as "billion laughs"
has been greatly improved. Malicious files should be detected reliably now
and false positives should be reduced. It is possible though that large
documents which make heavy use of entities are rejected now.
This release finally fixes symbol visibility on UNIX systems. Internal
symbols will now be hidden. While these symbols were never declared in public
headers, it was still possible to declare them manually. Now this won't work.
All symbol information has been removed from the ELF version script to fix
link errors with --no-undefined-version. The version nodes are kept so it
should still be possible to run binaries linked against older versions.
About 90 memory errors in code paths handling malloc failures have been fixed.
While these issues shouldn't impact security, this improves robustness under
memory pressure.
The XInclude engine has been reworked to properly support nested includes.
Several cases of quadratic behavior in the XML push parser have been fixed.
Refactoring has begun on some buffering and encoding code with the goal of
simplifying this part of the code base and improving error reporting.
Other highlights:
- Consolidated private header files.
- Major rework of the autoconf build.
- Deprecated several outdated and internal functions.
Special thanks to Google's Open Source Security Subsidies program for
sponsoring much of the work on this release!
Ongoing work on libxml2 relies on funding. For a list of important open
issues see <https://gitlab.gnome.org/GNOME/libxml2/-/issues/507>
### Security
- Fix use-after-free in xmlParseContentInternal() (David Kilzer)
- xmllint: Fix use-after-free with --maxmem
- parser: Fix OOB read when formatting error message
- entities: Rework entity amplification checks
### Regressions
- parser: Fix regression in xmlParserNodeInfo accounting
### Bug fixes
- Fix memory errors in code handling malloc failures
- encoding: Fix error code in asciiToUTF8
- xpath: number('-') should return NaN
- xmlParseStartTag2() contains typo when checking for default definitions for
an attribute in a namespace (David Kilzer)
- uri: Fix handling of port numbers
- error: Make sure that error messages are valid UTF-8
- xinclude: Fix nested includes
### Improvements
- xmllint: Validate --maxmem integer option
- xmlValidatePopElement() can return invalid value (-1) (David Kilzer)
- parser: Rework EBCDIC code page detection
- parser: Limit name length in xmlParseEncName
- parser: Rework shrinking of input buffers
- html: Rely on CUR_CHAR to grow the input buffer
- parser: Rely on CUR_CHAR/NEXT to grow the input buffer
- valid: Make xmlValidateElement non-recursive
- html: Fix quadratic behavior in htmlParseTryOrFinish
- xmllint: Fix memory leak with --pattern --stream
- parser: Stop calling xmlParserInputShrink
- html: Impose some length limits
- valid: Allow xmlFreeValidCtxt(NULL)
- parser: Stop calling xmlParserInputGrow
- xinclude: Fix quadratic behavior in xmlXIncludeLoadTxt
- xinclude: Abort immediately if max depth was exceeded
- xpath: Only report the first error
- error: Don't move past current position
- error: Limit number of parser errors
- parser: Lower entity nesting limit with XML_PARSE_HUGE
- parser: Don't increase depth twice when parsing internal entities
- parser: Improve detection of entity loops
- parser: Only report a single entity error
- libxml.h: Remove dubious definition of LIBXML_STATIC
- html: Improve parsing of nested lists
- memory: Don't use locks in xmlMemUsed
- encoding: Remove unused variable xmlDefaultCharEncodingHandler
- Rework initialization code
- Add .editorconfig
- parser: Merge misc, prolog and epilog cases in push parser
- parser: Fix 'consumed' accounting when switching encodings
- html: Fix check for end of comment in push parser
- parser: Fix push parser with 1-3 byte initial chunk
- parser: Rewrite push parser boundary checks
- reader: Switch to xmlParserInputBufferCreateMem
- html: Don't escape ASCII chars in href attributes
- io: Don't shrink memory input buffers
- parser: Don't call xmlSHRINK from push parser
- parser: Ignore cdata argument in xmlParseCharData
- parser: Rework push parser parser progress checks
- io: Fix a few integer overflows in I/O statistics
- io: Rework xmlParserInputBufferGrow with encodings
- io: Remove xmlInputReadCallbackNop
- io: Check for memory buffer early in xmlParserInputGrow
- parser: Fix error message in xmlParseCommentComplex
- Bypass proxy in nanoHTTP for hosts in "no_proxy" (Markus Jörg)
- schemas: Fix infinite loop in xmlSchemaCheckElemSubstGroup
- threads: Remove check for pthread_equal
- xinclude: Rework XInclude cache
- xinclude: Remove inefficient refcounting scheme
- xmllint: Improve handling of empty XPath node sets
- parser: Fix potential memory leak in xmlParseAttValueInternal
- error: Don't use initGenericErrorDefaultFunc
- xpath: Lower XPath recursion limit on Windows
- Stop including sys/types.h
- Don't define WIN32 macro
- Make xmlNewSAXParserCtx take a const sax handler
- Consolidate private header files
- Remove internal macros from parserInternals.h
- Move some HTML functions to correct header file
- xmllint: Stop calling xmlSAXDefaultVersion
- Introduce xmlNewSAXParserCtxt and htmlNewSAXParserCtxt
- Don't mess with parser options in htmlParseDocument
- Remove useless call to htmlDefaultSAXHandlerInit
- Remove htmlDefaultSAXHandler from non-SAX1 build
- Don't initialize SAX handler in htmlReadMemory
- Fix htmlReadMemory mixing up XML and HTML functions
- Don't use default SAX handler to report unrelated errors
- Create stream with buffer in xmlNewStringInputStream
- xmlcatalog: Fix memory leaks
### Code quality
- xzlib: Fix implicit sign change in xz_open
- parser: Simplify calculation of available buffer space
- parser: Use size_t when subtracting input buffer pointers
- parser: Check for integer overflow when updating checkIndex
- xpath: Fix harmless integer overflow in xmlXPathTranslateFunction
- schematron: Use logical and
- relaxng: Remove useless if statement
- schemas: Remove useless if statement
- pattern: Merge identical branches
- regexp: Add sanity check in xmlRegCalloc2
- regexp: Simplify xmlRegAtomPush
- encoding: Cast toupper argument to unsigned char
- uri: Add explicit cast in xmlSaveUri
- buf: Fix return value of xmlBufGetInputBase
- parser: Fix integer overflow of input ID
- parser: Remove useless ent->etype test in xmlParseReference
- parser: Remove useless ent->children tests in xmlParseReference
- xmlmemory.c: Remove xmlMemContentShow
- libxml.h: Add comments and indentation
- libxml.h: Don't include stdio.h
- xmlexports.h: Disable docs for internal macro XMLPUBLIC
- parser: Simplify xmlParseConditionalSections
- io: Rearrange code in xmlSwitchInputEncodingInt
- warnings: Fix -Wstrict-prototypes warning
- warnings: Remove set-but-unused variables
- Fix compiler warnings in SAX2.c
- Fix unused variable warning in python/types.c
- Fix compiler warning in examples
- Fix compiler warnings in fuzzing code
- Remove unused code in nanohttp.c
- Remove or annotate char casts
- Don't use sizeof(xmlChar) or sizeof(char)
- Remove explicit integer casts
### Deprecations
- parser: Deprecate more internal functions
- parser: Deprecate some parser input functions
- parser: Deprecate xmlString*DecodeEntities
- threads: Deprecate some internal functions
- buf: Deprecate static/immutable buffers
- Deprecate internal parser functions
- Deprecate old HTML SAX API
- Generate deprecation warnings for old SAX API
- Mark more functions setting globals as deprecated
- Mark more parser functions as deprecated
- Mark most SAX1 functions as deprecated
- Deprecate some global variables
### Portability
- autoconf: Warn about outdated C compilers
- win32: Remove broken libxml2.def.src
- Remove symbols from version script
- catalog.c: Silence a cast warning on VS 2022 (Lukáš Tyrychtr)
- libxml.h: Remove ancient LynxOS setup
- Use python3 not python (Ross Burton)
- xstc/fixup-tests.py: port to Python 3 (Ross Burton)
- xstc/fixup-tests.py: unify whitespace (Ross Burton)
- Remove hacky heuristic from b2dc5675 (Alex Richardson)
- Avoid creating an out-of-bounds pointer by rewriting a check
(Alex Richardson)
- Hide internal functions
- Correctly relocate internal pointers after realloc() (Alex Richardson)
- Visual Studio builds: Allow silencing deprecation warnings (Chun-wei Fan)
- Visual Studio: Define XML_DEPRECATED (Chun-wei Fan)
- xmllint: Include <io.h> on Windows
- warnings: Work around MSVC bug
- sources: Silence C4013 warnings on Visual Studio (Chun-wei Fan)
- python/setup.py.in: Improve Windows import patching (Chun-wei Fan)
- python: Create .pyd on Windows
- Fix Python build on Windows
- Fix Windows compiler warnings in python/types.c
- Fix libxml_PyFileGet
- Remove BeOS support
- Fix libxml_PyFileGet with stdout on macOS
- Migrate from PyEval_ to PyObject_
- Port build_glob.py to Python 3
- Port genChRanges.py to Python 3
- xmlexports.h: Remove LIBXML_FASTCALL optimization
- Remove XMLCALL and XMLCDECL macros from public headers
- Remove XMLDECL macro from .c files
### Build systems
- cmake: Link against `dl` and `dld` only when `LIBXML2_WITH_MODULES` is
enabled (Alexander Kutelev)
- autotools: Fix make distcheck
- Remove RPM build, Makefile.tests, README.tests
- libxml.m4: deprecate AM_PATH_XML2, wrap PKG_CHECK_MODULES instead
(Ross Burton)
- libxml.m4: fix -Wstrict-prototypes (Sam James)
- cmake: Build static library with -DLIBXML_STATIC
- autotools: Don't use version script on Windows
- autotools: Fix winsock detection
- autotools: Only add network libraries if HTTP/FTP enabled
- autotools: Disable parallel Python build
- python: Don't output missing generators during build
- build: Remove check for broken ss_family
- http: Simplify IPv6 checks
- autotools: Fix network checks on Windows
- Fix detection of GNU libiconv
- cmake: Fix Python installation
- cmake: Don't check for Python 2
- configure.ac: Also check for MSYS host
- Improve network library detection
- Detect ws2_32 with AC_SEARCH_LIBS
- Rework network configure checks
- Remove arg cast configure checks
- Fix dlopen check
- Remove HAVE_WIN32_THREADS configuration flag
- Rework dlopen and pthread detection
- Fix test in configure.ac
- cmake: Enable GCC compiler warnings
- Always link with -no-undefined
- Use AM_CFLAGS and AM_LDFLAGS consistently
- Remove -Wredundant-decls
- Call AC_CHECK_* with multiple arguments
- configure.ac: Remove checks for unused programs
- Rework library detection in configure.ac
- Rearrange configure.ac
- Consolidate zlib and lzma detection
- Remove "runtime debugging"
- Consolidate simple API modules in configure.ac
- Fix dependency resolution in configure.ac
- Fix --with-valid --without-regexps build
- Fix --with-schemas --without-xpath build
- Don't build unneeded .c source files
- Move xmlIsXHTML to tree.c
- Cleanup distribution settings in Makefile.am
- Also clean *.pyc files for Python 2
- Don't distribute libxml2.spec
### Tests
- testchar: Add test for memory pull parser with encoding
- fuzz: Also test init function of URI fuzzer
- fuzz: Separate fuzzer for DTD validation
- gitlab-ci: Enable all "integer" sanitizers
- fuzz: Inject random malloc failures
- fuzz: Support variable integer sizes in fuzz data
- fuzz: Fix duplicate detection in fuzzEntityRecorder
- fuzz: Set filename in xmlFuzzEntityLoader
- fuzz: Allow xmlFuzzReadString(NULL)
- fuzz: Fix Makefile dependencies
- fuzz: Add test/recurse to seed corpus
- fuzz: Add separate XInclude fuzzer
- runsuite: Some errors are expected
- testrecurse: Test entity expansion stats
- testapi.c: Initialize catalog early
- gentest.py: Fix memory leak in API tests
- tests: Enable "runsuite" test
- python/tests/reader2: use absolute paths everywhere (Ross Burton)
- python/tests/reader2: always exit(1) if a test fails (Ross Burton)
- testModule: exit if the module can't be opened (Ross Burton)
- CI: disable modules in gcc:static build (Ross Burton)
- CI: fix CI on MinGW builds (Ross Burton)
- python: Fix memory leak checks
- tests: Check that xmlInitParser doesn't allocate memory
- tests: Fix use-after-free in Python tests
- tests: Remove unneeded #includes
- gitlab-ci: Make Test-Msvc exit if ctest fails
- gitlab-ci: Treat compiler warnings as errors on MSVC
- test: Add test for push parser boundaries
- gitlab-ci: Upgrade image to Ubuntu 22.10, reenable MSan
- gitlab-ci: Reenable LeakSanitizer
- gitlab-ci: Fix llvm-symbolizer
- xinclude: Don't create result doc for test with errors
- xinclude: Also test error messages
- gitlab-ci: Allow cast-align warnings from clang
- gitlab-ci: Fix tar invocation
- gitlab-ci: Move MSVC test to separate script
- gitlab-ci: Fix SUFFIX, remove MINGW_PATH
- gitlab-ci: Consolidate CMake test scripts
- gitlab-ci: Only install MinGW autotools if needed
- gitlab-ci: Only install cmake MinGW package if needed
- gitlab-ci: Install 7-Zip using the .msi
- Use $MSYSTEM and 'bash -lc' in MinGW CI
- Add CI job for MinGW/Autotools
- Consolidate CI scripts
- Allow empty MINGW_PACKAGE_PREFIX
- Move Dockerfile to .gitlab-ci directory
- testapi: Disable on Windows for now
- Disable fuzzer tests if glob.h wasn't found
- Move automata test to runtest.c
- Fix testapi when building --without-sax1
# Documentation
- doc: Remove ancient files
- Remove ancient TODOs
- html: Fix htmlInitAutoClose documentation
- doc: Mention new location of XML catalog as breaking change
- doc: Mention potentially breaking changes in NEWS
- doc: Remove xmlDllMain from documentation and version script
- doc: Mention ${sysconfdir} in man pages
- doc: Document xmlcatalog --convert
- doc: Document xmllint --nodict and --pedantic
- doc: Fix indentation in source XML files
- xmllint: Document --quiet option
- Improve cross-references in API docs
- Improve documentation of globals
- Fix documentation parser
- Support comments for global variables in documentation
- Fix update call in apibuild.py
- Don't index anything in DOC_DISABLE sections
- Fix warnings from apibuild.py
- Start with documentation for maintainers
v2.10.4: Apr 11 2023
### Security
- [CVE-2023-29469] Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484] Fix null deref in xmlSchemaFixupComplexType
- schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
### Regressions
- SAX2: Ignore namespaces in HTML documents
- io: Fix "buffer full" error with certain buffer sizes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 7.0.1 to 7.2.0
- Update of rootfile
- Changelog
Overview of changes leading to 7.2.0
- Add Tifinagh to the list of scripts that can natively be either right-to-left
or left-to-right, to improve handling of its glyph positioning.
(Simon Cozens)
- Return also single substitution from hb_ot_layout_lookup_get_glyph_alternates()
(Behdad Esfahbod)
- Fix 4.2.0 regression in applying across syllables in syllabic scripts.
(Behdad Esfahbod)
- Add flag to avoid glyph substitution closure during subsetting, and the
corresponding “--no-layout-closure” option to “hb-subset” command line tool.
(Garret Rieger)
- Support instancing COLRv1 table. (Qunxin Liu)
- Don’t drop used user-defined name table entries during subsetting.
(Qunxin Liu)
- Optimize handling of “gvar” table. (Behdad Esfahbod)
- Various subsetter bug fixes and improvements. (Garret Rieger, Qunxin Liu)
- Various documentation improvements. (Behdad Esfahbod, Josef Friedrich)
- New API:
+HB_SUBSET_FLAGS_NO_LAYOUT_CLOSURE
+HB_UNICODE_COMBINING_CLASS_CCC132
- Deprecated API:
+HB_UNICODE_COMBINING_CLASS_CCC133
Overview of changes leading to 7.1.0
- New experimental hb_shape_justify() API that uses font variations to expand
or shrink the text to a given advance. (Behdad Esfahbod)
- Various build and bug fixes. (Behdad Esfahbod, Garret Rieger, Qunxin Liu)
- New API:
+hb_font_set_variation()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
this patch add nanopi r2c plus support.
if this u-boot is installed on the eMMC this is also
supported.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 3.5 to 3.6
- Update of rootfile
- Changelog
Noteworthy changes in release 3.6 (2023-04-10) [stable]
Promoting alpha release to stable release 3.6
Noteworthy changes in release 3.5.28 (2023-03-24) [alpha]
New Features
Support GPT partition attribute bit 63 as no_automount flag.
Add type commands to set type-id on MS-DOS and type-uuid on GPT.
Add swap flag support to the dasd disklabel
Add display of GPT disk and partition UUIDs in JSON output
Bug Fixes
Fix use of enums in flag limits by switching to using #define
Fix ending sector location when using kibi IEC suffix
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
