- Update from version 6.0.0 to 7.0.1
- Update of rootfile
- Changelog
Overview of changes leading to 7.0.1
- Various build and bug fixes.
Overview of changes leading to 7.0.0
- New hb-paint API that is designed mainly to paint “COLRv1” glyphs, but can be
also used as a unified API to paint any of the glyph representations
supported by HarfBuzz (B/W outlines, color layers, or color bitmaps).
(Behdad Esfahbod, Matthias Clasen)
- New hb-cairo API for integrating with cairo graphics library. This is provided
as a separate harfbuzz-cairo library. (Behdad Esfahbod, Matthias Clasen)
- Support for instancing “CFF2” table. (Behdad Esfahbod)
- Support font emboldening. (Behdad Esfahbod)
- Support feature ranges with AAT shaping. (Behdad Esfahbod)
- Experimental support to cubic curves in “glyf” table, see
https://github.com/harfbuzz/boring-expansion-spec/blob/main/glyf1-cubicOutlines.md
for spec. (Behdad Esfahbod)
- Various subsetter improvements. (Garret Rieger, Qunxin Liu, Behdad Esfahbod)
- Various documentation improvements.
(Behdad Esfahbod, Matthias Clasen, Khaled Hosny)
- Significantly reduced memory use during shaping. (Behdad Esfahbod)
- Greatly reduced memory use during subsetting “CFF” table. (Behdad Esfahbod)
- New command line utility, hb-info, for querying various font information.
(Behdad Esfahbod, Matthias Clasen)
- New hb-shape/hb-view options: --glyphs, --color-palette, --font-bold,
--font-grade, and --named-instance. (Behdad Esfahbod)
- Miscellaneous fixes and improvements.
(Amir Masoud Abdol, Andres Salomon, Behdad Esfahbod, Chun-wei Fan,
Garret Rieger, Jens Kutilek, Khaled Hosny, Konstantin Käfer, Matthias Clasen,
Nirbheek Chauhan, Pedro J. Estébanez, Qunxin Liu, Sergei Trofimovich)
- New API:
+HB_FONT_NO_VAR_NAMED_INSTANCE
+HB_PAINT_IMAGE_FORMAT_BGRA
+HB_PAINT_IMAGE_FORMAT_PNG
+HB_PAINT_IMAGE_FORMAT_SVG
+hb_cairo_font_face_create_for_face
+hb_cairo_font_face_create_for_font
+hb_cairo_font_face_get_face
+hb_cairo_font_face_get_font
+hb_cairo_font_face_get_scale_factor
+hb_cairo_font_face_set_font_init_func
+hb_cairo_font_face_set_scale_factor
+hb_cairo_font_init_func_t
+hb_cairo_glyphs_from_buffer
+hb_cairo_scaled_font_get_font
+hb_color_line_get_color_stops
+hb_color_line_get_color_stops_func_t
+hb_color_line_get_extend
+hb_color_line_get_extend_func_t
+hb_color_line_t
+hb_color_stop_t
+hb_draw_funcs_get_empty
+hb_draw_funcs_get_user_data
+hb_draw_funcs_set_user_data
+hb_face_collect_nominal_glyph_mapping
+hb_font_draw_glyph
+hb_font_draw_glyph_func_t
+hb_font_funcs_set_draw_glyph_func
+hb_font_funcs_set_paint_glyph_func
+hb_font_get_synthetic_bold
+hb_font_get_var_named_instance
+hb_font_paint_glyph
+hb_font_paint_glyph_func_t
+hb_font_set_synthetic_bold
+hb_map_keys
+hb_map_next
+hb_map_update
+hb_map_values
+hb_ot_color_glyph_has_paint
+hb_ot_color_has_paint
+hb_ot_layout_script_select_language2
+hb_ot_name_id_predefined_t
+hb_paint_color
+hb_paint_color_func_t
+hb_paint_composite_mode_t
+hb_paint_custom_palette_color
+hb_paint_custom_palette_color_func_t
+hb_paint_extend_t
+hb_paint_funcs_create
+hb_paint_funcs_destroy
+hb_paint_funcs_get_empty
+hb_paint_funcs_get_user_data
+hb_paint_funcs_is_immutable
+hb_paint_funcs_make_immutable
+hb_paint_funcs_reference
+hb_paint_funcs_set_color_func
+hb_paint_funcs_set_custom_palette_color_func
+hb_paint_funcs_set_image_func
+hb_paint_funcs_set_linear_gradient_func
+hb_paint_funcs_set_pop_clip_func
+hb_paint_funcs_set_pop_group_func
+hb_paint_funcs_set_pop_transform_func
+hb_paint_funcs_set_push_clip_glyph_func
+hb_paint_funcs_set_push_clip_rectangle_func
+hb_paint_funcs_set_push_group_func
+hb_paint_funcs_set_push_transform_func
+hb_paint_funcs_set_radial_gradient_func
+hb_paint_funcs_set_sweep_gradient_func
+hb_paint_funcs_set_user_data
+hb_paint_funcs_t
+hb_paint_image
+hb_paint_image_func_t
+hb_paint_linear_gradient
+hb_paint_linear_gradient_func_t
+hb_paint_pop_clip
+hb_paint_pop_clip_func_t
+hb_paint_pop_group
+hb_paint_pop_group_func_t
+hb_paint_pop_transform
+hb_paint_pop_transform_func_t
+hb_paint_push_clip_glyph
+hb_paint_push_clip_glyph_func_t
+hb_paint_push_clip_rectangle
+hb_paint_push_clip_rectangle_func_t
+hb_paint_push_group
+hb_paint_push_group_func_t
+hb_paint_push_transform
+hb_paint_push_transform_func_t
+hb_paint_radial_gradient
+hb_paint_radial_gradient_func_t
+hb_paint_sweep_gradient
+hb_paint_sweep_gradient_func_t
+hb_set_is_inverted
+hb_subset_input_keep_everything
- Deprecated API:
+hb_font_funcs_set_glyph_shape_func
+hb_font_get_glyph_shape_func_t
+hb_font_get_glyph_shape
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.7.7 to 3.8.0
- Update of rootfile
- Changelog
Version 3.8.0 (unreleased 2023-02-09)
-- libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
[GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
-- libgnutls: C++ library is now header only. All definitions from
gnutlsxx.c have been moved into gnutlsxx.h. Users of the C++
interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
-- libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
-- libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used given
other implementations dropped support for it. To enable back
support for it, supply --enable-heartbeat-support to configure
script.
-- libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not up to
date with the latest TLS standards and its ciphersuites are based
on the CBC mode and SHA-1. To enable it back, supply
--enable-srp-authentication option to configure script.
-- libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
commit-check. You may run devel/indent-gnutls to fix any
indentation issues if you make code modifications.
-- guile: Guile-bindings removed.
They have been extracted into a separate project to reduce complexity
and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
-- minitasn1: Upgraded to libtasn1 version 4.19.
-- API and ABI modifications:
GNUTLS_NO_STATUS_REQUEST: New flag
GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member
GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member
Version 3.7.8 (released 2022-09-27)
-- libgnutls: In FIPS140 mode, RSA signature verification is an approved
operation if the key has modulus with known sizes (1024, 1280,
1536, and 1792 bits), in addition to any modulus sizes larger than
2048 bits, according to SP800-131A rev2.
-- libgnutls: gnutls_session_channel_binding performs additional checks when
GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
"tls-exporter" channel binding is only usable when the handshake is
bound to a unique master secret (i.e., either TLS 1.3 or extended
master secret extension is negotiated). Otherwise the function now
returns error.
-- libgnutls: usage of the following functions, which are designed to
loosen restrictions imposed by allowlisting mode of configuration,
has been additionally restricted. Invoking them is now only allowed
if system-wide TLS priority string has not been initialized yet:
gnutls_digest_set_secure
gnutls_sign_set_secure
gnutls_sign_set_secure_for_certs
gnutls_protocol_set_enabled
-- API and ABI modifications:
No changes since last version.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 6.1 to 6.2
- Update of rootfile not required
- Changelog
Version 6.2 - February 21, 2023
* Feature: link down event statistics (no option)
* Feature: JSON output for coalesce (-c)
* Feature: new link modes (no option)
* Feature: JSON output for ring (-g)
* Feature: netlink handler for RSS get (-x)
* Fix: fix boolean value output in JSON output
* Fix: fix build errors and warnings
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.46.5 to 1.47.0
- Update of rootfile not required
- Changelog
E2fsprogs 1.47.0 (February 5, 2023)
Updates/Fixes since v1.46.6:
UI and Features
Add support for the orphan_file feature, which speeds up workloads that
are deleting or truncating a large number files in parallel. This
compat feature was first supported in the v5.15 Linux kernel.
The mke2fs program (via the mke2fs.conf file) now enables the
metadata_csum_seed and orphan_file features by default. The
metadata_csum_seed feature is an incompat feature which is first
supported in the Linux kernel starting in the 4.4 kernel and e2fsprogs
1.43.
Mke2fs now supports the extended option "assume_storage_prezeroed" which
causes mke2fs to skip zeroing the journal and inode tables and to mark
the inode tables as zeroed.
Add support to tune2fs and e2label to set the label and UUID for a
mounted file system using a ioctl, which is more reliable than modifying
the superblock via writing to the block device. The kernel support for
setting the label landed in v5.17, while the support for adding the UUID
landed in v6.0. If the ioctls are not supported, tune2fs and e2label
will fall back old strategy of directly modifying the superblock.
Allow tune2fs to disable the casefold feature after scanning all of the
directories do not have the Casefold flag set.
Fixes
Fix a potential unbalanced mutex unlock when there is a short read while
using the bounce buffer when using direct I/O.
Performance, Internal Implementation, Development Support etc.
Fix various Coverity and compiler warnings.
Add the new function ext2fs_xattrs_read_inode() which takes an in-memory
inode to avoid needing to reread an inode that was already read into
memory.
Teach debugfs logdump command the -n option which forces printing a
specified number of transactions, even when a block missing a magic
number would have stopped the logdump. (This is for debugging
journalling problems.)
E2fsprogs 1.46.6 (February 1, 2023)
Updates/Fixes since v1.46.5:
UI and Features
Debugfs's ncheck command now allows the inode number to be surrounded by
angle brackets, to be consistent with other debugfs commands.
Debugfs no longer prints a scary message when debugfs -c (which enables
"catastrophic mode") is used. This was intended to allow debugfs to
operate on very badly corrupted file systems, but it is now sometimes
used to suppress reading the block and inode bitmaps when they are not
needed.
Resize2fs will round down the requested new file system size to the
nearest cluster boundary when resizing bigalloc file systems.
Improve error messages issued by badblocks.
Fuse2fs now supports an offset=<bytes> option which allows operating on
a file system image which is located starting at the specified offset
from the beginning of the image.
Fixes
Pre-v6.2 Linux kernels had long-standing bug in how the extended
attribute hash was calculated when there were non-ASCII characters in
the xattr name, when the hash would be different depending on whether
the C 'char' type was signed or unsigned. To address this bug, starting
with e2fsprogs 1.46.6+ and Linux 6.2+, we will accept either the signed
or unsigned hash variant, but only set the unsigned hash variant. Since
extended attribute names are in practice composed of ASCII characters,
other than various tests (such as generic/454), most users will
hopefully not notice this change.
Avoid triggering udev in dumpe2fs and "resize2fs -P" for file systems
with MMP enabled by opening the device read-only when reading the MMP
block.
Fix MMP handling so it can notice when another writer has modify the MMP
block out from under it when stopping a MMP sessions.
Fix tune2fs so it will detect another device stealing the MMP sessions
while rewriting metadata checksums.
E2fsck will now check to make sure the journal inode does not have the
encrypt flag set.
Fix a deadlock bug in e2fsck's error handler when there are errors
trying to write to the file system.
Fix a bug where e2fsck could fail when specifying an undo file and an
explicit superblock number.
Fix e2image so it won't potentially loop forever for certain invalid
file systems.
Fix resize2fs to honor the E2FSPROGS_FAKE_TIME environment variable.
This allows embedded system builders who use resize2fs as part of their
image build process to create reproducible images.
Fix tune2fs to avoid a crash if the journal replay fails and to make
sure its exit status is non-zero if there is some failure.
Fix tune2fs, fuse2fs, and debugsfs to update j_tail_sequence when
replaying the journal.
Add additional bullet-proofing for very badly corrupted file systems.
Try avoid UBSAN warnings, null pointer derferences, and other memory
bugs. (Addresses CVE-2022-1304)
Don't fail when the source directory for mke2fs -d doesn't support
extended attributese.
Check for and handle malloc() failures when computing the log filename
in e2fsck and in the libss library.
Fix tune2fs and e2fsck to accept pathames which include '=' characters.
Previously arguments to tune2fs and e2fsck which included '=' characters
are presumed to be blkid specifiers such as UUID=xxx or LABEL=yyy. If a
specifier is both a valid pathname name and blkid tag name specifier,
priority is given to a blkid resolved pathname.
Improve tune2fs's error messages.
Fix a bug in tune2fs which could cause it to crash if device goes
off-line just as it being opened.
Fix the fsck driver so if it is interrupted while running fsck -N it
doesn't end up kllling all processes on the system.
Fix a crash in badblocks when the user specifies an overly large
number of blocks tested at a time in read/write or nondestructive
mode.
Update and clarify's chattr's man page and usage message. Fix spelling
typo's in a variety of different man pages and comments.
Performance, Internal Implementation, Development Support etc.
Update to autoconf 2.71.
Update flags used to create shared library on Darwin/MacOS.
Speed up e2fsck's clonning of multiply-claimed blocks so it is
substantially faster on very large file systems.
Add tests/fuzz directory with fuzzers from oss-fuzz.
Add a Github Actions configuration file so that Github will run CI tests
on Linux, Windows and MacOS on a push to the e2fsprogs github repo.
Make the mtab parsing in ext2fs_check_mount_point() more careful so it
won't get confused when a block device shows up in the mnt_name field
for a virtual file system.
Fix the libss's Makefile to create the man page directory before trying
to install its man page.
Fix various Coverity and compiler warnings.
Make tests more portable on various different OS's and system
configurations (e.g., with SELinux enabled, MacOS, and Windows)
Use mallinfo2() instead of mallinfo() where avilable, since mallinfo()
is deprecated on newer glibc versions.
E2fsck will no longer do a full scan of disconnected directory when
trying to print the parent directory, which is pointless and can slow
down e2fsck if there are a large number of disconnected directories.
Debugfs will now print the extended attribute's e_hash field.
Fix the setup-schroot script to work on non-Linux platforms.
Fix ext2fs_compare_generic_bmap() so it correctly compares all of the
bits in the bitmap, and so that it works correctly when comparing a
bitarray bitmap with a rbtree-based bitmap. (Fortunately, none of the
programs in e2fsprogs uses bitmap comparison functions.)
Fix memory leaks on error paths.
Add support for the configure option --enable-largefile so that
e2fsprogs can utilize largefile support for the MUSL C library.
Add an note that the dict library code has been modified, as required by
the Kazlib license.
Synchronized changes from Android's AOSP e2fsprogs tree.
Updated config.guess and config.sub with newer versions from the FSF.
Add Friulian translation.
Update Chinese, Czech, Dutch, French, German, Malay, Polish, Serbian,
Spanish, Swedish, and Ukrainian translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 7.87.0 to 7.88.1
- Update of rootfile not required
- Patch removed as fix now built into source tarball
- Changelog
Fixed in 7.88.1 - February 20 2023
Bugfixes:
build-openssl.bat: keep OpenSSL 3 engine binaries
cmake: fix Windows check for CryptAcquireContext
connnect: fix timeout handling to use full duration
curl: make --silent work stand-alone
curl_setup: Suppress OpenSSL 3 deprecation warnings
CURLOPT_WS_OPTIONS.3: fix the availability version
GHA: update rustls dependency to 0.9.2
http2: buffer/pausedata and output flush fix.
http2: set drain on stream end
http: include stdint.h more readily
krb5: silence cast-align warning
lib1560: add IPv6 canonicalization tests
os400: correct Curl_os400_sendto()
remote-header-name.d: mention that filename* is not supported
runtests: fix "uninitialized value $port"
setopt: allow HTTP3 when HTTP2 is not defined
socketpair: allow EWOULDBLOCK when reading the pair check bytes
socks: allow using DoH to resolve host names
tests-httpd: add proxy tests
tests: make sure gnuserv-tls has SRP support before using it
tests: make the telnet server shut down a socket gracefully
tool_getparam: make --get a true boolean
tool_operate: allow debug builds to set buffersize
urlapi: do the port number extraction without using sscanf()
urldata: remove `now` from struct SingleRequest - not needed
Fixed in 7.88.0 - February 15 2023
Changes:
curl.h: add CURL_HTTP_VERSION_3ONLY
share: add sharing of HSTS cache among handles
src: add --http3-only
tool_operate: share HSTS between handles
urlapi: add CURLU_PUNYCODE
writeout: add %{certs} and %{num_certs}
Bugfixes:
cf-socket: fix build when not HAVE_GETPEERNAME
cf-socket: keep sockaddr local in the socket filters
cfilters:Curl_conn_get_select_socks: use the first non-connected filter
CI: add a workflow to automatically label pull requests
CI: add pytest GHA to CI test/tests-httpd on a HTTP/3 setup
CI: Retry failed downloads to reduce spurious failures
CI: update wolfssl / wolfssh to 5.5.4 / 1.4.12
cmake: bump requirement to 3.7
cmake: check for sendmsg
cmake: delete redundant macro definition `SECURITY_WIN32`
cmake: fix dev warning due to mismatched arg
cmake: fix the snprintf detection
cmake: remove deprecated symbols check
cmake: set SOVERSION also for macOS
cmake: use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
cmdline-opts/Makefile: on error, do not leave a partial
CODEOWNERS: remove the peeps mentioned as CI owners
connect: fix access of pointer before NULL check
connect: fix build when not ENABLE_IPV6
connect: fix strategy testing for attempts, timeouts and happy-eyeball
connections: introduce http/3 happy eyeballs
content_encoding: do not reset stage counter for each header
CONTRIBUTE: More formally specify the commit description
cookies: fp is always not NULL
copyright.pl: cease doing year verifications
copyright: update all copyright lines and remove year ranges
curl.1: make help, version and manual sections "custom"
curl.h: allow up to 10M buffer size
curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
curl/websockets.h: extend the websocket frame struct
curl: output warning at --verbose output for debug-enabled version
curl_free.3: fix return type of `curl_free`
curl_global_sslset.3: clarify the openssl situation
curl_log: for failf/infof and debug logging implementations
curl_setup: Disable by default recv-before-send in Windows
curl_version_info.3: fix typo
curl_ws_send.3: clarify how to send multi-frame messages
CURLOPT_HEADERDATA.3: warn DLL users must set write function
CURLOPT_READFUNCTION.3: the callback 'size' arg is always 1
CURLOPT_WRITEFUNCTION.3: fix memory leak in example
dict: URL decode the entire path always
docs/DEPRECATE.md: deprecate gskit
docs: add link to GitHub Discussions
docs: mention indirect effects of --insecure
docs: POSTFIELDSIZE must be set to -1 with read function
doh: ifdef IPv6 code
easyoptions: fix header printing in generation script
escape: hex decode with a lookup-table
escape: use table lookup when adding %-codes to output
examples: remove the curlgtk.c example
fopen: remove unnecessary assignment
ftpserver: lower the DATA connect timeout to speed up torture tests
GHA/macos.yml: bump to gcc-12
GHA/macos: use Xcode_14.0.1 for cmake builds
GHA: add job on Slackware 15.0
GHA: bump ngtcp2 workflow dependencies
GHA: enable websockets in the torture job
GHA: move the quiche job here from zuul
GHA: use designated ngtcp2 and its dependencies versions
haxproxy: send before TLS handhshake
header.d: add a header file example
hsts.d: explain hsts more
hsts: handle adding the same host name again
HTTP/[23]: continue upload when state.drain is set
http2: aggregate small SETTINGS/PRIO/WIN_UPDATE frames
http2: fix compiler warning due to uninitialized variable
http2: minor buffer and error path fixes
http2: when using printf %.*s, the length arg must be 'int'
HTTP3: mention what needs to be in place to remove EXPERIMENTAL label
http: add additional condition for including stdint.h
http: decode transfer encoding first
http: fix "part of conditional expression is always false"
http: remove the trace message "Mark bundle... multiuse"
http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
http_proxy: do not assign data->req.p.http use local copy
INSTALL: document how to use multiple TLS backends
lib670: make test.h the first include
lib: connect/h2/h3 refactor
lib: fix typos
lib: fix typos in comments which repeat a word
libssh2: try sha2 algos for hostkey methods
libtest: add a sleep macro for Windows
Linux CI: update some dependecies to latest tag
Makefile.mk: fix wolfssl and mbedtls default paths
man pages: call the custom user pointer 'clientp' consistently
md4: fix build with GnuTLS + OpenSSL v1
misc: fix grammar and spelling
misc: fix spelling
misc: reduce struct and struct field sizes
msh3: add support for request payload
msh3: update to v0.5 Release
msh3: update to v0.6
multi: stop sending empty HTTP/3 UDP datagrams on Windows
multihandle: turn bool struct fields into bits
ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
ngtcp2: fix the build without 'sendmsg'
ngtcp2: replace removed define and stop using removed function
no-clobber.d: only use long form options in man page text
noproxy: support for space-separated names is deprecated
nss: implement data_pending method
openldap: fix missing sasl symbols at build in specific configs
openssl: adapt to boringssl's error code type
openssl: don't ignore CA paths when using Windows CA store (redux)
openssl: don't log raw record headers
openssl: make the BIO_METHOD a local variable in the connection filter
openssl: only use CA_BLOB if verifying peer
openssl: remove attached easy handles from SSL instances
openssl: store the CA after first send (ClientHello)
os400: fixes to make-lib.sh and initscript.sh
packages: remove Android, update README
release-notes.pl: check fixes/closes lines better
Revert "x509asn1: avoid freeing unallocated pointers"
runtest.pl: add expected fourth return value
runtests: tear down http2/http3 servers when https server is stopped
runtests: consider warnings fatal and error on them
runtests: fix detection of TLS backends
runtests: make 'mbedtls' a testable feature
rustls: improve error messages
scripts/delta: show percent of number of files changed since last tag
scripts: fix Appveyor job detection in cijobs.pl
scripts: set file mode +x on all perl and shell scripts
sectransp: fix for incomplete read/writes
SECURITY-PROCESS.md: document severity levels
setopt: Address undefined behaviour by checking for null
setopt: move the SHA256 opt within #ifdef libssh2
setopt: use >, not >=, when checking if uarg is larger than uint-max
smb: return error on upload without size
socketpair: allow localhost MITM sniffers
strdup: name it Curl_strdup
system.h: assume OS400 is always built with ILEC compiler
test1560: use a UTF8-using locale when run
test2304: remove stdout verification
tests-httpd: basic infra to run curl against an apache httpd
tests: add 3 new HTTP/2 test cases, plus https: support for nghttpx
tests: add tests for HTTP/2 and HTTP/3 to verify the header API
tests: avoid use of sha1 in certificates
tls: fixes for wolfssl + openssl combo builds
tool_getparam: fix hiding of command line secrets
tool_operate: fix `CURLOPT_SOCKS5_GSSAPI_NEC` type
tool_operate: fix error codes during DOS filename sanitize
tool_operate: fix error codes on bad URL & OOM
tool_operate: fix headerfile writing
tool_operate: repair --rate
transfer: break the read loop when RECV is cleared
typecheck: accept expressions for option/info parameters
url: fix part of conditional expression is always true
urlapi: avoid Curl_dyn_addf() for hex outputs
urlapi: fix part of conditional expression is always true: qlen
urlapi: skip path checks if path is just "/"
urlapi: skip the extra dedotdot alloc if no dot in path
urldata: cease storing TLS auth type
urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
urldata: make set.http200aliases conditional on HTTP being present
urldata: move the cookefilelist to the 'set' struct
urldata: remove unused struct fields, made more conditional
vquic: stabilization and improvements
vtls: fix hostname handling in filters
vtls: manage current easy handle in nested cfilter calls
vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
winbuild: document that arm64 is supported
windows: always use curl's basename() implementation
wolfssl: remove deprecated post-quantum algorithms
workflows/linux.yml: merge 3 common packages
write-out.d: add 'since version' to %{header_json} documentation
write-out.d: clarify Windows % symbol escaping
ws: fix autoping handling
ws: fix multiframe send handling
ws: fix recv of larger frames
ws: remove bad assert
ws: unstick connect-only shutdown
ws: use %Ou for outputting curl_off_t with info()
x509asn1: fix compile errors and warnings
zuul: stop using this CI service
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.7.0 to 1.7.2
- Update of rootfile
- Changelog
Changes for APR 1.7.2
*) Correct a packaging issue in 1.7.1. The contents of the release were
correct, but the top level directory was misnamed.
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This is necessary, since the package version was already incremented to
91 in "master", due to the libtirpc changes in Core Update 173.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 4.17.4 to 4.17.5
- Update of rootfile not required
- Changelog
Release Notes for Samba 4.17.5
* BUG 14808: smbc_getxattr() return value is incorrect.
* BUG 15172: Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly.
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
* BUG 15226: samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS.
* BUG 15236: smbd crashes if an FSCTL request is done on a stream handle.
* BUG 15277: DFS links don't work anymore on Mac clients since 4.17.
* BUG 15283: vfs_virusfilter segfault on access, directory edgecase (accessing NULL value).
* BUG 15240: CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes).
* BUG 15243: %U for include directive doesn't work for share listing (netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15269: ctdb: use-after-free in run_proc.
* BUG 15243: %U for include directive doesn't work for share listing (netshareenum).
* BUG 15266: Shares missing from netshareenum response in samba 4.17.4.
* BUG 15280: irpc_destructor may crash during shutdown.
* BUG 15286: auth3_generate_session_info_pac leaks wbcAuthUserInfo.
* BUG 15268: smbclient segfaults with use after free on an optimized build.
* BUG 15282: smbstatus leaking files in msg.sock and msg.lock.
* BUG 15164: Leak in wbcCtxPingDc2.
* BUG 15265: Access based share enum does not work in Samba 4.16+.
* BUG 15267: Crash during share enumeration.
* BUG 15271: rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer.
* BUG 15281: Avoid relying on C89 features in a few places.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- This is happening due to the use of bgcolor which has been deprecated since HTML4.01 and
is no longer supported in HTML5
- Similar approach used here as was used in the same fix for the dhcp.cgi page
- CSS based approach utilised.
- Partially tested in my vm testbed. The percentage bar works withg no problems.
The table could not be confirmed as in my testbed I don't have updatexlrator running
as my updates are all based on https and not http.
- The table will need to be confirmed by the bug reporter or someone else that uses
updatexlrator
Fixes: Bug#13024
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
For details see:
https://mmonit.com/monit/changes/
"New: Added click-jacking protection headers to Monit HTTP GUI (the
SAMEORIGIN iframe is allowed).
Fixed: Issue #1035: If the start, stop or restart program statement
contains the equal sign, which is not followed by a space character,
the configuration is not parsed correctly.
Fixed: Issue #1047: If the MariaDB server doesn't allow access to the
host, from which Monit test is running, Monit reported: Invalid
handshake packet sequence id -- not MySQL protocol.
Fixed: Add the missing responsetime option to the ping test."
For more details see:
https://bitbucket.org/tildeslash/monit/commits/tag/release-5-33-0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.38/doc/arm/html/notes.html#notes-for-bind-9-16-38
"Notes for BIND 9.16.38
Bug Fixes
A constant stream of zone additions and deletions via rndc reconfig
could cause increased memory consumption due to delayed cleaning of
view memory. This has been fixed. [GL #3801]
The speed of the message digest algorithms (MD5, SHA-1, SHA-2), and of
NSEC3 hashing, has been improved. [GL #3795]
Building BIND 9 failed when the --enable-dnsrps switch for ./configure
was used. This has been fixed. [GL #3827]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from 4.17.0.3 to 4.19.0.1
- Changelog
v4.19.0.1 - Release date: 2023-02-02
Rebased with official coreboot repository commit 2ccbcc5
Removed configuration and mainboard files for apu1 due to the board being dropped from upstream coreboot
See: https://github.com/pcengines/coreboot/compare/v4.17.0.3...v4.19.0.1
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
- Update from version 0.15.1 to 0.16.0
- Update of rootfile
- According to the forked elinks developer if parallel build is required then meson
should be used for the build. With make they don't believe that it ever ran in
parallel mode.
- This patch modifies the build from autotools to meson and updates the version.
- Parallel build option added back in to meson/ninja flow.
- The build requires git to be present so git moved to just before elinks in make.sh
- Changelog
ELinks 0.16.0
* detect xterm on my computer
ELinks 0.16.0rc1
* alternative mujs engine for js
* bump mozjs to 102
* experimental XHR implementation
* macros in exmode #196
* removed infinite loop, which occurred under BSD #197
* optional terminal hyperlinks in dumps #198
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 20221108 to 20230214
- Update of rootfile
- Changelog - details can be found in the releasenote.md file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.12.1 to 2.13.0
- Update of rootfile
- Changelog
CHANGES BETWEEN 2.12.1 and 2.13.0 (2023-Feb-09)
I. IMPORTANT CHANGES
- The demo program `ftinspect` has been completely updated and much
enhanced. It now combines the functionality of almost all other
graphical FreeType demo programs into a single application based
on the Qt framework. This was Charlie Jiang's GSoC 2022 project.
- The 'COLR' v1 API is now considered as stable.
https://learn.microsoft.com/en-us/typography/opentype/spec/colr
III. MISCELLANEOUS
- For OpenType Variable Fonts, `avar` table format 2.0 is now
supported. The code was contributed by Behdad Esfahbod.
Note that this is an extension supported on recent Apple platforms
and by HarfBuzz, but not yet in the OpenType standard! See
https://github.com/harfbuzz/boring-expansion-spec/blob/main/avar2.md
for the specification. To deactivate it, define the configuration
macro 'TT_CONFIG_OPTION_NO_BORING_EXPANSION'.
- A new API `FT_GlyphSlot_Slant` to slant a glyph by a given angle
has been added. Note that this function is part of `ftsynth.h`,
which is still considered to be in alpha stage.
- TrueType interpreter version 38 (also known as 'Infinality') that
was first introduced about 10 years ago in FreeType 2.4.11 is now
deprecated and slated to be removed in the next version. TrueType
interpreter version 40 has been FreeType's default version for six
years now and provides an excellent alternative. This is the last
FreeType version with TT_INTERPRETER_VERSION_38 and
TT_INTERPRETER_VERSION_40 treated differently.
- The only referenced but never documented configuration macro
`FT_CONFIG_OPTION_NO_GLYPH_NAMES` has been removed.
- The `ftbench` demo program got a new command line option `-e` to
set a charmap index.
- Specifying a point size is now optional for the demo programs
`ftgrid`, `ftmulti`, `ftstring`, and `ftview`. If not given, a
default size is used.
- For `ftgrid`, `ftstring`, and `ftview`, option `-e` now also
accepts a numeric value to set a charmap index.
- In `ftstring`, it is now possible to set the displayed text
interactively by pressing the 'Enter' key.
- `ftmulti` can now handle up to 16 design axes.
- To avoid reserved identifiers that are globally defined, the
auto-hinter debugging macros (which are only available if
`FT_DEBUG_AUTOFIT` is defined)
```
_af_debug_disable_horz_hints
_af_debug_disable_vert_hints
_af_debug_disable_blue_hints
_af_debug_hints
```
have been renamed to
```
af_debug_disable_horz_hints_
af_debug_disable_vert_hints_
af_debug_disable_blue_hints_
af_debug_hints_
```
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.14.4 to 1.14.6
- Update of rootfile
- The Denial of service issue mentioned first in the changelog is not applicable to IPFire
as the build is done without asserts enabled.
- Changelog
dbus 1.14.6 (2023-02-08)
Denial of service fixes:
• Fix an incorrect assertion that could be used to crash dbus-daemon or
other users of DBusServer prior to authentication, if libdbus was compiled
with assertions enabled.
We recommend that production builds of dbus, for example in OS distributions,
should be compiled with checks but without assertions.
(dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
Other fixes:
• When connected to a dbus-broker, stop dbus-monitor from incorrectly
replying to Peer method calls that were sent to the dbus-broker with
a NULL destination (dbus#301, Kai A. Hiller)
• Fix out-of-bounds varargs read in the dbus-daemon's config-parser.
This is not attacker-triggerable and appears to be harmless in practice,
but is technically undefined behaviour and is detected as such by
AddressSanitizer. (dbus!357, Evgeny Vereshchagin)
• Avoid a data race in multi-threaded use of DBusCounter
(dbus#426, Ralf Habacker)
• Fix a crash with some glibc versions when non-auditable SELinux events
are logged (dbus!386, Jeremi Piotrowski)
• If dbus_message_demarshal() runs out of memory while validating a message,
report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)
• Use C11 _Alignof if available, for better standards-compliance
(dbus!389, Khem Raj)
• Stop including an outdated copy of pkg.m4 in the git tree
(dbus!365, Simon McVittie)
• Documentation:
· Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)
• Tests fixes:
· Fix the test-apparmor-activation test after dbus#416
(dbus!380, Dave Jones)
Internal changes:
• Fix CI builds with recent git versions (dbus#447, Simon McVittie)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
The developers do not provide a changelog, this time I couldn't
even find a comment.
All I can say:
Running her on Core 172. No seen problems.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from version 7.0.0.11 to 7.0.4
- Update of rootfile
- Changelog
updated language flags, catch abortcompile throw in non-ragel progs
7.0.3
This version of colm includes a critical fix for big-endian system. Fixes#61.
expect colm version 0.14.6 and version bump ragel to 7.0.3
7.0.2
Latest colm includes bugfixes for refcounting, which fixes a ragel issue with includes #58.
expect colm 0.14.5 and version bump to 7.0.2
7.0.1
removed accidental commit of ragel/.exrc
7.0.0.12
implemented NfaClear in asm codegen
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.13.0.6 to 0.14.7
- Update of rootfile
- patch from colm commit fc61ecb required to fix bug of make looking for static and
dynamic libs even if one of them was disabled
- Changelog is not available in source tarball or on website etc. Changes have to be
reviewed by the commits https://github.com/adrian-thurston/colm/commits/0.14.7
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.6.12 to 1.7.23
- Update of rootfile
- Changelog
Most changes are related to additional printers except for
1.7.10
* Fixed the problem that epson-escpr-wrapper filter would crash
when cupsRasterReadHeader failed.
1.7.7.2
* Supported new model.
* Fixed an issue of filter crash when FIFO I/O was closed.
1.7.0
* Supported new models.
* Applied Privacy Statement.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 6.4.34 to 6.4.36
- Update of rootfile nor required
- Changelog
fetchmail-6.4.36 (released 2023-01-28, 31710 LoC):
(in alphabetical order of language codes):
* cs: Petr Pisar [Czech]
* es: Cristian Othón Martínez Vera [Spanish]
* fr: Frédéric Marchal [French]
* ja: Takeshi Hamasaki [Japanese]
* pl: Jakub Bogusz [Polish]
* ro: Remus-Gabriel Chelu [Romanian]
* sq: Besnik Bleta [Albanian]
* sv: Göran Uddeborg [Swedish]
fetchmail-6.4.35 (released 2023-01-04, 31707 LoC):
* Fetchmail now warns about OpenSSL before 1.1.1s or 3.0.7,
and rejects wolfSSL older than 5.5.1.
(in reverse alphabetical order of language codes so as not to prefer people):
* sv: Göran Uddeborg [Swedish]
* eo: Keith Bowes [Esperanto]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2022e to 2022g
- Update of rootfile
- Changelog is too large to include here. See the NEWS file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Thunderbird and Roundcube mail clients presume that any mail with Content Type of
multipart/mixed has an attachment included rather than actually checking for
disposition attachment. This means that any mail with multipart/mixed gets the
attachment icon marked up even though there is no attachment.
- Although this is a problem of the clients involved, in this case the simplest solution
is to change multipart/mixed to multipart/alternative as WIO Mail only sends text
without any attachment or other part to indicate that a client is active or inactive.
- Confirmed on my vm testbed
Fixes: Bug#13040
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Thunderbird and Roundcube mail clients presume that any mail with Content Type of
multipart/mixed has an attachment included rather than actually checking for
disposition attachment. This means that any mail with multipart/mixed gets the
attachment icon marked up even though there is no attachment.
- Although this is a problem of the clients involved, in this case the simplest solution
is to change multipart/mixed to multipart/alternative as the Mail Service test mail only
sends text without any attachment or other part.
- Confirmed on my vm testbed
Fixes: Bug#13040
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- Original poster found this effect with using Vivaldi at 100% zoom.
- I tested it with Vivaldi and Firefox on Arch Linux and was not able to show the effect but
running SeaMonkey and changing the zoom from 100% to lower or higher caused the input
boxes to go outside of the WUI boundary as described by the bug reporter.
- It looks like the effect is dependent on the browser, the zoom setting and the OS
Distribution.
- In all cases the similar three input boxes in a row in the dhcp.cgi code for entering a
fixed lease stayed fixed in ratrio to the WUI page whatever zoom or browser was used.
- This patch changes the wio code for those three input boxes to use the approach from the
dhcp.cgi code.
- Tested on my vm testbed and change confirmed to fix the size of the input boxes
irrespective of the browser or zoom setting.
Fixes: Bug#13039
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Patch tested out on my production system that has apcupsd running on it. APCUPS was
in the list of options in the system logs and entries from apcupsd were extracted
correctly in the wui.
Fixes: Bug#12950
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
