- Update from 2.11.0 to 2.11.1
- Update of rootfile
- Changelog is too long to include here - more than 1500 lines.
Details can be found in the ChangeLog file in the source tarball.
24 bug fixes listed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.4.1 to 2.4.2
- Update of rootfile
- Changelog
Release 2.4.2 Sun December 19 2021
Other changes:
#509#510 Link againgst libm for function "isnan"
#513#514 Include expat_config.h as early as possible
#498 Autotools: Include files with release archives:
- buildconf.sh
- fuzz/*.c
#507#519 Autotools: Sync CMake templates
#495#524 CMake: MinGW: Fix pkg-config section "Libs" for
- non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
- multi-config CMake generators (e.g. Ninja Multi-Config)
#502#503 docs: Document that function XML_GetBuffer may return NULL
when asking for a buffer of 0 (zero) bytes size
#522#523 docs: Fix return value docs for both
XML_SetBillionLaughsAttackProtection* functions
#525#526 Version info bumped from 9:1:8 to 9:2:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 8.6.11 to 8.6.12
- Update of rootfile
- Changelog is no longer supported by tcl. All changes are put into a timeline which can
be viewed at https://core.tcl-lang.org/tcl/timeline although I can't figure out from
the timeline what change goes with what version. Hopefully other people are better
able to understand the information. This timelien cannot be easily summarised or
copied into this commit.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 10.37 to 10.39
- Update of rootfile
- Changelog
Version 10.39 29-October-2021
1. Fix incorrect detection of alternatives in first character search in JIT.
2. Merged patch from @carenas (GitHub #28):
Visual Studio 2013 includes support for %zu and %td, so let newer
versions of it avoid the fallback, and while at it, make sure that
the first check is for DISABLE_PERCENT_ZT so it will be always
honoured if chosen.
prtdiff_t is signed, so use a signed type instead, and make sure
that an appropiate width is chosen if pointers are 64bit wide and
long is not (ex: Windows 64bit).
IMHO removing the cast (and therefore the positibilty of truncation)
make the code cleaner and the fallback is likely portable enough
with all 64-bit POSIX systems doing LP64 except for Windows.
3. Merged patch from @carenas (GitHub #29) to update to Unicode 14.0.0.
4. Merged patch from @carenas (GitHub #30):
* Cleanup: remove references to no longer used stdint.h
Since 19c50b9d (Unconditionally use inttypes.h instead of trying for stdint.h
(simplification) and remove the now unnecessary inclusion in
pcre2_internal.h., 2018-11-14), stdint.h is no longer used.
Remove checks for it in autotools and CMake and document better the expected
build failures for systems that might have stdint.h (C99) and not inttypes.h
(from POSIX), like old Windows.
* Cleanup: remove detection for inttypes.h which is a hard dependency
CMake checks for standard headers are not meant to be used for hard
dependencies, so will prevent a possible fallback to work.
Alternatively, the header could be checked to make the configuration fail
instead of breaking the build, but that was punted, as it was missing anyway
from autotools.
5. Merged patch from @carenas (GitHub #32):
* jit: allow building with ancient MSVC versions
Visual Studio older than 2013 fails to build with JIT enabled, because it is
unable to parse non C89 compatible syntax, with mixed declarations and code.
While most recent compilers wouldn't even report this as a warning since it
is valid C99, it could be also made visible by adding to gcc/clang the
-Wdeclaration-after-statement flag at build time.
Move the code below the affected definitions.
* pcre2grep: avoid mixing declarations with code
Since d5a61ee8 (Patch to detect (and ignore) symlink loops in pcre2grep,
2021-08-28), code will fail to build in a strict C89 compiler.
Reformat slightly to make it C89 compatible again.
Version 10.38 01-October-2021
1. Fix invalid single character repetition issues in JIT when the repetition
is inside a capturing bracket and the bracket is preceeded by character
literals.
2. Installed revised CMake configuration files provided by Jan-Willem Blokland.
This extends the CMake build system to build both static and shared libraries
in one go, builds the static library with PIC, and exposes PCRE2 libraries
using the CMake config files. JWB provided these notes:
- Introduced CMake variable BUILD_STATIC_LIBS to build the static library.
- Make a small modification to config-cmake.h.in by removing the PCRE2_STATIC
variable. Added PCRE2_STATIC variable to the static build using the
target_compile_definitions() function.
- Extended the CMake config files.
- Introduced CMake variable PCRE2_USE_STATIC_LIBS to easily switch between
the static and shared libraries.
- Added the PCRE_STATIC variable to the target compile definitions for the
import of the static library.
Building static and shared libraries using MSVC results in a name clash of
the libraries. Both static and shared library builds create, for example, the
file pcre2-8.lib. Therefore, I decided to change the static library names by
adding "-static". For example, pcre2-8.lib has become pcre2-8-static.lib.
[Comment by PH: this is MSVC-specific. It doesn't happen on Linux.]
3. Increased the minimum release number for CMake to 3.0.0 because older than
2.8.12 is deprecated (it was set to 2.8.5) and causes warnings. Even 3.0.0 is
quite old; it was released in 2014.
4. Implemented a modified version of Thomas Tempelmann's pcre2grep patch for
detecting symlink loops. This is dependent on the availability of realpath(),
which is now tested for in ./configure and CMakeLists.txt.
5. Implemented a modified version of Thomas Tempelmann's patch for faster
case-independent "first code unit" searches for unanchored patterns in 8-bit
mode in the interpreters. Instead of just remembering whether one case matched
or not, it remembers the position of a previous match so as to avoid
unnecessary repeated searching.
6. Perl now locks out \K in lookarounds, so PCRE2 now does the same by default.
However, just in case anybody was relying on the old behaviour, there is an
option called PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK that enables the old behaviour.
An option has also been added to pcre2grep to enable this.
7. Re-enable a JIT optimization which was unintentionally disabled in 10.35.
8. There is a loop counter to catch excessively crazy patterns when checking
the lengths of lookbehinds at compile time. This was incorrectly getting reset
whenever a lookahead was processed, leading to some fuzzer-generated patterns
taking a very long time to compile when (?|) was present in the pattern,
because (?|) disables caching of group lengths.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Full changelog as given in the NEWS file:
kmod 29
=======
- Improvements
- Add support to use /usr/local as a place for configuration files. This makes it easier
to install locally without overriding distro files.
- Bug fixes
- Fix `modinfo -F` when module is builtin: when we asked by a specific field from modinfo,
it was not working correctly if the module was builtin
- Documentation fixes on precedence order of /etc and /run: the correct order is
/etc/modprobe.d, /run/modprobe.d, /lib/modprobe.d
- Fix the priority order that we use for searching configuration files. The
correct one is /etc, /run, /usr/local/lib, /lib, for both modprobe.d
and depmo.d
- Fix kernel command line parsing when there are quotes present. Grub
mangles the command line and changes it from 'module.option="val with
spaces"' to '"module.option=val with spaces"'. Although this is weird
behavior and grub could have been fixed, the kernel understands it
correctly for builtin modules. So change libkmod to also parse it
correctly. This also brings another hidden behavior from the kernel:
newline in the kernel command line is also allowed and can be used to
separate options.
- Fix a memory leak, overflow and double free on error path
- Fix documentation for return value from kmod_module_get_info(): we
return the number of entries we added to the list
- Fix output of modules.builtin.alias.bin index: we were writing an empty file due to
the misuse of kmod_module_get_info()
- Infra/internal
- Retire integration with semaphoreci
- Declare the github mirror also as an official upstream source: now besides accepting
patches via mailing list, PRs on github are also acceptable
- Misc improvements to testsuite, so we can use it reliably regardless
of the configuration used: now tests will skip if we don't have the
build dependencies)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.0.3 to 3.0.6
- Communication had with cisofy about the website and github versions of lynis and the
lack of a signature file on github. Following response received from Michael Boelen
of cisofy.
"GitHub releases are different as they (the tarballs) are created by GitHub itself. So
yes, the hashes will differ. In fact, the contents of the files will be different as
well. These files are not signed by GitHub or us. We consider GitHub the work version.
When we release a new version, we tag them on GitHub with a version as well. For the
stable releases, use the version on the website."
- Based on the above the version used in this build is from the website. The signature
file for version 3.0.6 on the website is now available.
- The lynis-3.0.6.tar.gz in the IPFire Source location will probably need to be removed
as it is from the Github location and running ./make.sh uploadsrc will probably not
upload the correct version because the filenames are the same. The tarball used in this
patch was from https://cisofy.com/downloads/lynis/
- The lfs file modified to take account of the tarball expanding to just lynis without
any version number. Also the rm -rf line has been modified due to the file differences
with the previous Github versions.
- Update rootfile to take account of the plugin_pam_phase1 and plugin_systemd_phase1
plugins not being included in the cisofy website version of the tarball. If these two
plugins that are available for community users are needed then they have to be
downloaded separately from cisofy via an email subscription to the notification test.
All other plugins are only available for paying customers.
- Changelog
Version 3.0.6 (2021-07-22)
### Added
- OS detection: Artix Linux, macOS Monterey, NethServer, openSUSE MicroOS
- Check for outdated translation files
### Changed
- DBS-1826 - Check if PostgreSQL is being used
- DBS-1828 - Test multiple PostgreSQL configuration file(s)
- KRNL-5830 - Sort kernels by version instead of modification date
- PKGS-7410 - Don't show exception for systems using LXC
- GetHostID function: fallback options added for Linux systems
- Fix: macOS Big Sur detection
- Fix: show correct text when egrep is missing
- Fix: variable name for PostgreSQL
- German and Spanish translations extended
Version 3.0.5 (2021-07-02)
### Added
- OS detection of Arch Linux 32, BunsenLabs Linux, and Rocky Linux
- CRYP-8006 - Check MemoryOverwriteRequest bit to protect against cold-boot attacks (Linux)
### Changed
- ACCT-9622 - Corrected typo
- HRDN-7231 - When calling wc, use the short -l flag instead of --lines (Busybox compatibility)
- PKGS-7320 - extended to Arch Linux 32
- Generation of host identifiers (hostid/hostid2) extended
- Linux host identifiers are now using ip as preferred input source
- Improved logging in several areas
Version 3.0.4 (2021-05-11)
### Added
- ACCT-9670 - Detection of cmd tooling
- ACCT-9672 - Test cmd configuration file
- BOOT-5140 - Check for ELILO boot loader presence
- OS detection of AlmaLinux, Garuda Linux, Manjaro (ARM), and others
### Changed
- BOOT-5104 - Add service manager detection support for runit
- FILE-6430 - Report suggestion only when at least one kernel module is not in the blacklist
- FIRE-4540 - Corrected nftables empy ruleset test
- LOGG-2138 - Do not check for klogd when metalog is being used
- TIME-3185 - Improved support for Debian stretch
- Corrected issue when Lynis is not executed directly from lynis directory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- util-macros was originally installed as a build requirement for pciaccess which is
a dependency of libvirt
- Along the way of updates of pciaccess the build requirement for util-macros is no
longer needed. pciaccess built without problems with util-macros removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 3.6 to 3.7
- Update of rootfile not required
- Changelog
* Noteworthy changes in release 3.7 (2021-08-14) [stable]
** Changes in behavior
Use of the --unix-byte-offsets (-u) option now evokes a warning.
Since 3.1, this Windows-only option has had no effect.
** Bug fixes
Preprocessing N patterns would take at least O(N^2) time when too many
patterns hashed to too few buckets. This now takes seconds, not days:
: | grep -Ff <(seq 6400000 | tr 0-9 A-J)
[Bug#44754 introduced in grep 3.5]
- More details of the changes can be found in the ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 10.2 to 11.1
- Update of rootfile
- Changelog
Version 11.1 of GDB includes the following changes and enhancements:
Support for ARM Symbian (arm*-*-symbianelf*) has been removed.
Building GDB now requires GMP (The GNU Multiple Precision Arithmetic Library).
New command-line options "--early-init-command" (or "-eix") and
"--early-init-eval-command" (or "-eiex")
GDB/MI Changes:
New --qualified option for the '-break-insert' and '-dprintf-insert' commands.
New --force-condition option for the '-break-insert' and '-dprintf-insert' commands.
New --force option for the '-break-condition' command.
The '-file-list-exec-source-files' now accepts an optional regular expression to
filter the source files included in the result.
The results from '-file-list-exec-source-files' now include a 'debug-fully-read'
field to indicate if the corresponding source's debugging information has been
partially read (false) or has been fully read (true).
TUI Improvements:
Mouse actions are now supported. The mouse wheel scrolls the appropriate window.
Key combinations that do not have a specific action on the focused window are now
passed to GDB.
Python enhancements:
Inferior objects now contain a read-only 'connection_num' attribute that gives the
connection number as seen in 'info connections' and 'info inferiors'.
New method gdb.Frame.level() which returns the stack level of the frame object.
New method gdb.PendingFrame.level() which returns the stack level of the frame
object.
When hitting a catchpoint, the Python API will now emit a gdb.BreakpointEvent
rather than a gdb.StopEvent. The gdb.Breakpoint attached to the event will have
type BP_CATCHPOINT.
Python TUI windows can now receive mouse click events. If the Window object
implements the click method, it is called for each mouse click event in this
window.
New setting "python ignore-environment on|off"; if "on", causes GDB's builtin
Python to ignore any environment variable that would otherwise affect how Python
behaves (needs to be set during "early initialization" (see above).
New setting "python dont-write-bytecode auto|on|off".
Guile API enhancements:
Improved support for rvalue reference values.
New procedures for obtaining value variants: value-reference-value,
value-rvalue-reference-value and value-const-value.
New "qMemTags" and "QMemTags" remote protocol packets (associated with Memory Tagging).
GDB will now look for the .gdbinit file in a config directory before looking for
~/.gdbinit. The file is searched for in the following locations: $XDG_CONFIG_HOME/gdb/gdbinit, $HOME/.config/gdb/gdbinit, $HOME/.gdbinit. On Apple hosts the search order is instead: $HOME/Library/Preferences/gdb/gdbinit, $HOME/.gdbinit.
The "break [...] if CONDITION" command no longer returns an error when the condition
is invalid at one or more locations. Instead, if the condition is valid at one or
more locations, the locations where the condition is not valid are disabled.
The behavior of the "condition" command is changed to match the new behavior of the
"break" command.
Support for general memory tagging functionality (currently limited to AArch64 MTE)
Core file debugging now supported for x86_64 Cygwin programs.
New "org.gnu.gdb.riscv.vector" feature for RISC-V targets.
GDB now supports fixed point types which are described in DWARF as base types with a
fixed-point encoding. Additionally, support for the DW_AT_GNU_numerator and
DW_AT_GNU_denominator has also been added.
Miscellaneous:
New "startup-quietly on|off" setting; when "on", behaves the same as passing the
"-silent" option on the command line.
New "print type hex on|off" setting; when 'on', the 'ptype' command uses
hexadecimal notation to print sizes and offsets of struct members. When 'off',
decimal notation is used.
The "inferior" command, when run without argument, prints information about the
current inferior.
The "ptype" command now supports "/x" and "/d", affecting the base used to print
sizes and offsets.
The output of the "info source" has been restructured.
New "style version foreground | background | intensity" commands to control the
styling of the GDB version number.
Various debug and maintenance commands (mostly useful for the GDB developers)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 6.12 to 6.14
- Update of rootfile not required
- patch for building rng-tools also for i586 removed as 32 bit will no longer be EOL at
end of 2021
- Building 6.14 caused an error for not finding librtlsdr. The same check is in the
makefile in 6.12 but it does not get checked. I could not find why the check was being
carried out in 6.14 - it was not due to the removal of the patch. In the end I added
the --disable-rtlsdr option to configure and this allowed the build to occur without
the check for the prescence of librtlsdr being carried out.
- Changelog
rng-tools 6.14
Bug Fixes:
Fixed a null pointer deref in nistbeacon entropy source
fixed some confguration tests
clarified some rngd behavior in the man page
update init code to do proper logging
various covscan fixes
fixed a memory leak in jitter entropy source
fixed possible NULL deref in rdrand source
various fixed in openssl mangling code
added randstat binary to build
minor modernizations to configure.ac
rng-tools 6.13
Features:
Support rndr instruction on arm
Support jitter software timer on coarse time systems
Bug Fixes:
Merged all openssl use into a single helper library
Improved console output readability
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.46.3 to 1.46.5
- Update of rootfile not required
- Changelog
1.46.5 (December 30, 2021)
Updates/Fixes since v1.46.4:
UI and Features
When resizing a file system and the inode count exceeds the 2**32
maximum, if resize2fs can successfully perform the resize by dropping
the last block group, resize2fs will do that in order to allow the file
system grow operation to succeed. For example, using the default inode
ratio size of 16k, this will allow a successful resize to 64TB - 128MB
when the storage device is 64TB.
Fixes
Avoid a potential infinite loop in resize2fs -P when the file system is
corrupted (introduced in e2fsprogs 1.45.5). (Addresses github issue
https://github.com/tytso/e2fsprogs/issues/94)
E2fsck now updates the bg_checksum after fixing problems in the block
group descriptor, which eliminates some unnecessary messages printed or
asked of the system administrator.
Fixed some potential deadlock problems in the unix_io handler in the case
of I/O errors. The fix should also improve the performance of parallel
bitmap loading.
Fixed e2fsck's fast commit handling which could result it in crashing
when trying to merge extents when there were none available to be
merged.
Fix e2fsck's support of quota limit data, which could sometimes get
dropped when the quota data needs to be regenerated, or when processing
the orphan list.
Fix tune2fs to correctly transfer the quota limits when converting quota
files to the internal quota inodes. Also add support for tune2fs to
properly handle the older version 0 quota files.
Fix debugfs's get_quota and list_quota commands so that the header of
the report printed by these commands correctly reflect that the units of
used space is in bytes instead of blocks.
Performance, Internal Implementation, Development Support etc.
Add some additional packages to the setup-schroot script to account for
the fact that the script can be run on older Debian distributions and so
the build dependencies might omit some packages needed to build
e2fsprogs on unstable version of Debian.
Reduce resize2fs's CPU overhead when counting the number of blocks in
use which can reduce the wall clock time for very large file systems
by substantial amount.
Teach libuuid to use getrandom() or getentropy() if available in favor
of reading from /dev/[u]random.
Teach libss to use libreadline.so.8 if it is available.
Update some test expect files to fix some regression tests that were
broken in e2fsprogs 1.46.4.
If the PRINT_FAILED environment variable is set, failed tests will
display the diff output to make it easier to debug test failures on
autobuilders.
Fix various compiler warnings.
Update tst_getsize to use ext2fs_get_size2() to support testing devices
which are larger than 2**32 sectors.
Fixed spelling mistakes in the mke2fs.conf man page.
Update Chinese, Malay, Serbian, Spanish, Swedish, and Ukrainian
translations.
1.46.4 (August 18, 2021)
Updates/Fixes since v1.46.3:
UI and Features
The defaults for mke2fs now call for 256 byte inodes for all file
systems (with the exception of file systems for the GNU Hurd, which only
supports 128 byte inodes). Creating non-Hurd file systems with 128 byte
inodes will trigger a warning message to make sure users are aware of
the potential problems of using small/legacy inode sizes.
The bigalloc feature is now considered supported if the cluster size no
more than 16 times the block size. So the mke2fs program has been
changes to only warn if the cluster size is larger than that.
Fixes
E2fsck now checks to make sure directory entries do not reference
internal quota inodes.
E2image now includes the quota inodes when creating file system image,
since they are part of the file system metadata.
E2fsck now properly accounts the quota usage of the project quota file.
Fix a regression introduced in 1.64.3 where attempting to create a file
system image using mke2fs into a non-existent file would fail.
(Addresses Debian Bug: #992094)
Fix mke2fs to correctly create Posix ACL's on big-endian systems when
copying files from a directory hierarchy.
Updated and clarified the resize2fs man page. (Addresses Debian Bug:
#979411)
Performance, Internal Implementation, Development Support etc.
Improve various regression tests to be more portable and to reflect the
new default inode size of 256 byte inodes, even for small file systems.
Fixed a GNU Hurd portability problem which was causing tests to fail.
Fixed a test failure in f_baddotdir on big-endian systems. This wasn't
necessarily a bug per se in e2fsck, but rather e2fsck having different
behaviour on big-endian systems. (Addresses Debian Bug: #991922)
Use WantedBy=multi-user.target in e2scrub_reap.service. (Addresses
Debian Bug: #991349)
Synchronize e2fsck/recovery.c with the kernel's fs/jbd2/recovery.c
Fix various Coverity and compiler warnings.
Fix various error pathes to make sure we don't leak resources or
potentially use or try to free uninitialized pointers.
Added a setup-schroot command for use on Debian porter boxes.
Updated config.guess and config.sub with newer versions from the FSF.
Update Czech, Dutch, French, Polish, Portuguese, and Swedish translations.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
xfsprogs-5.14.2 (06 Dec 2021)
- libxfs: move rogue fallthrough macro out of linux.h (Darrick J. Wong)
xfsprogs-5.14.1 (02 Dec 2021)
- libxfs: fix atomic64_t for 32-bit architectures (Darrick J. Wong)
- libfrog: fix crc32c self test code on cross builds (Darrick J. Wong)
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://dlcdn.apache.org//httpd/CHANGES_2.4.52
Excerpt from changelog:
""Changes with Apache 2.4.52
*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: 漂亮é¼
TengMA(@Te3t123)
..."
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog:
Changes in version 0.4.6.9 - 2021-12-15
This version fixes several bugs from earlier versions of Tor. One important
piece is the removal of DNS timeout metric from the overload general signal.
See below for more details.
o Major bugfixes (relay, overload):
- Don't make Tor DNS timeout trigger an overload general state.
These timeouts are different from DNS server timeout. They have to
be seen as timeout related to UX and not because of a network
problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha.
o Minor feature (reproducible build):
- The repository can now build reproducible tarballs which adds the
build command "make dist-reprod" for that purpose. Closes
ticket 26299.
o Minor features (compilation):
- Give an error message if trying to build with a version of
LibreSSL known not to work with Tor. (There's an incompatibility
with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of
their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes
ticket 40511.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on December 15, 2021.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/12/15.
o Minor bugfixes (compilation):
- Fix our configuration logic to detect whether we had OpenSSL 3:
previously, our logic was reversed. This has no other effect than
to change whether we suppress deprecated API warnings. Fixes bug
40429; bugfix on 0.3.5.13.
o Minor bugfixes (relay):
- Reject IPv6-only DirPorts. Our reachability self-test forces
DirPorts to be IPv4, but our configuration parser allowed them to
be IPv6-only, which led to an assertion failure. Fixes bug 40494;
bugfix on 0.4.5.1-alpha.
o Documentation (man, relay):
- Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504;
bugfix on 0.4.6.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.14.0.4 to 4.15.0.1
- Update of rootfile
- Changelog
v4.15.0.1
rebased with official coreboot repository commit 6973a3e7
v4.14.0.6
rebased with official coreboot repository commit d06c0917
Re-added GPIO bindings to fix LED and button functionality
v4.14.0.5
rebased with official coreboot repository commit d4c55353
Updated CPU declarations in ACPI to comply with newer ACPI standard
Removed GPIO bindings to fix conflict with OS drivers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- v3 version uses newer version of fribidi
- lfs file created
- rootfile created
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- v3 version has updated pango version
- Update from 1.30.1 (2012) to 1.50.0 (2021)
- Update of rootfile - Pango modules, engines, and config have been removed (#733882) in
version 1.37.0 in 2014.
- pango now has dependencies of harfbuzz and fribidi so patches for these two are
included in the following two patches for this series.
- make.sh modified to include
build of these two packages before pango is built
- Build is done via meson/ninja now
- Changelog is too large to show here but the details can be found in the NEWS file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.14.0.4 to 4.15.0.1
- Update of rootfile
- Changelog
v4.15.0.1
rebased with official coreboot repository commit 6973a3e7
v4.14.0.6
rebased with official coreboot repository commit d06c0917
Re-added GPIO bindings to fix LED and button functionality
v4.14.0.5
rebased with official coreboot repository commit d4c55353
Updated CPU declarations in ACPI to comply with newer ACPI standard
Removed GPIO bindings to fix conflict with OS drivers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update main file from 5.1 to 5.1.8 (includes patches 1 to 8)
- Remove patches 1 to 4
- Changelog - Patches 1 to 4 from the previous IPFire version together with patches 5 to
8 are now included into bash-5.1.8 followed by application of patches 9 to 12
Patch 12
There is a possible race condition that arises when a child process receives
a signal trapped by the parent before it can reset the signal dispositions.
The child process is not supposed to trap the signal in this circumstance.
Patch 11
When reading a compound assignment, and running it through the parser to
split it into words, we need to save and restore any alias we're currently
expanding.
Patch 10
If `wait -n' is interrupted by a trapped signal other than SIGINT, it does
not completely clean up state, and that can prevent subsequent calls to
`wait -n' from working correctly.
Patch 9
The bash malloc implementation of malloc_usable_size() does not follow the
specification. This can cause library functions that use it to overwrite
memory bounds checking.
Patch 8
Process substitution FIFOs opened by child processes as targets of redirections
were not removed appropriately, leaving remnants in the file system.
Patch 7
The code to check readline versions in an inputrc file had the sense of the
comparisons reversed.
Patch 6
Make sure child processes forked to run command substitutions are in the
proper process group.
Patch 5
Fix two memory leaks when assigning arrays using compound assignment syntax.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.99 to 3.00
- Update of rootfile not required
- Changelog
sysvinit (3.00) released; urgency=low
* Applied patch from Matthias Schiffer which allows bootlogd to read from
a wider range of consoles. The console name is already passed in from the
kernel command line using "console=". We no longer filter out names as strictly
but do now check to confirm the "console=" device points to a valid TTY.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.1.1 to 3.1.2
- Update of rootfile not required
- Changelog
version 3.1.2
* Bugfix for crash when storing modified settings at exit
* Generate xz-compressed source tarball (with configure) using github actions
* Allow -u UID with numerical value as argument
* Added documentation for obsolete/state libraries/program files highlighting
* Some obsolete/stale library highlighting refinements
* Column width issues resolved
* Dynamic UID column sizing improved
* Discard stale information from Disk and Network I/O meters
* Refined Linux kernel thread detection
* Reworked process state handling
* New CCGROUP column showing abbreviated cgroup name
* New OFFSET column in the list of open files screen
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.33.1 to 2.34.1
- Update of rootfile - The "--preserve-merges" option of "git rebase" has been removed.
- Changelog is too large to include here.
The changes for version 2.34.0 can be found in the source tarball in
Documentation/RelNotes/2.34.0.txt and for version 2.34.1 in
Documentation/RelNotes/2.34.1.txt
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 6.85 to 6.86
- Update of rootfile
- Changelog
6.86 2021-11-15
-Change warn to carp
All warnings are now issued with the carp command rather than warn.
Requested in GitHup pull request #18, but that request was not used
because it only changed the uses in the Date::Manip::Date module.
-Bug fixes
Fixed a bug where the next/prev Date::Manip::Recur methods gave
incorrect results when there are no dates that match the criteria.
(GitHub #36)
-Time zone fixes
There were no new timezone fixes on 2021-06-01 or 2021-09-01, so no
releases made then.
Newest zoneinfo data (tzdata 2021e). (GitHub #37)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.0.16 to 2.0.18
- Update of rootfile
- Changelog
2.0.18
General:
* The SDL wiki documentation and development headers are automatically kept in sync
* Each function has information about in which version of SDL it was introduced
* Added the hint SDL_HINT_APP_NAME to let SDL know the name of your application for
various places it might show up in system information
* Added SDL_RenderGeometry() and SDL_RenderGeometryRaw() to allow rendering of
arbitrary shapes using the SDL 2D render API
* Added SDL_SetTextureUserData() and SDL_GetTextureUserData() to associate
application data with an SDL texture
* Added SDL_RenderWindowToLogical() and SDL_RenderLogicalToWindow() to convert
between window coordinates and logical render coordinates
* Added SDL_RenderSetVSync() to change whether a renderer present is synchronized
with vblank at runtime
* Added SDL_PremultiplyAlpha() to premultiply alpha on a block of
SDL_PIXELFORMAT_ARGB8888 pixels
* Added a window event SDL_WINDOWEVENT_DISPLAY_CHANGED which is sent when a window
changes what display it's centered on
* Added SDL_GetWindowICCProfile() to query a window's ICC profile, and a window
event SDL_WINDOWEVENT_ICCPROF_CHANGED that is sent when it changes
* Added the hint SDL_HINT_VIDEO_EGL_ALLOW_TRANSPARENCY to allow EGL windows to be
transparent instead of opaque
* SDL_WaitEvent() has been redesigned to use less CPU in most cases
* Added SDL_SetWindowMouseRect() and SDL_GetWindowMouseRect() to confine the mouse
cursor to an area of a window
* You can now read precise mouse wheel motion using 'preciseX' and 'preciseY' event
fields
* Added SDL_GameControllerHasRumble() and SDL_GameControllerHasRumbleTriggers() to
query whether a game controller supports rumble
* Added SDL_JoystickHasRumble() and SDL_JoystickHasRumbleTriggers() to query whether
a joystick supports rumble
* SDL's hidapi implementation is now available as a public API in SDL_hidapi.h
Windows:
* Improved relative mouse motion over Windows Remote Desktop
* Added the hint SDL_HINT_IME_SHOW_UI to show native UI components instead of hiding
them (defaults off)
Windows/UWP:
* WGI is used instead of XInput for better controller support in UWP apps
Linux:
* Added the hint SDL_HINT_SCREENSAVER_INHIBIT_ACTIVITY_NAME to set the activity
that's displayed by the system when the screensaver is disabled
* Added the hint SDL_HINT_LINUX_JOYSTICK_CLASSIC to control whether /dev/input/js*
or /dev/input/event* are used as joystick devices
* Added the hint SDL_HINT_JOYSTICK_DEVICE to allow the user to specify devices that
will be opened in addition to the normal joystick detection
* Added SDL_LinuxSetThreadPriorityAndPolicy() for more control over a thread
priority on Linux
Android:
* Added support for audio output and capture using AAudio on Android 8.1 and newer
* Steam Controller support is disabled by default, and can be enabled by setting the
hint SDL_HINT_JOYSTICK_HIDAPI_STEAM to "1" before calling SDL_Init()
Apple Arcade:
* Added SDL_GameControllerGetAppleSFSymbolsNameForButton() and
SDL_GameControllerGetAppleSFSymbolsNameForAxis() to support Apple Arcade titles
iOS:
* Added documentation that the UIApplicationSupportsIndirectInputEvents key must be
set to true in your application's Info.plist in order to get real Bluetooth mouse
events.
* Steam Controller support is disabled by default, and can be enabled by setting the
hint SDL_HINT_JOYSTICK_HIDAPI_STEAM to "1" before calling SDL_Init()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This patch removes support for i586 according to the decision being
taken over a year ago.
It removes the architecture from the build system and removes all
required hacks and other quirks that have been necessary before.
There is no need to ship any changed files to the remaining
architectures as the removed code branches have not been used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch re-enables this package for build and it builds against next
with Linux 5.15.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 2.10.4 to 2.11.0
- Update rootfile
- Changelog
CHANGES BETWEEN 2.10.4 and 2.11.0
I. IMPORTANT CHANGES
- A new rendering module has been added to create 8-bit Signed Distance Field (SDF)
bitmaps for both outline and bitmap glyphs. The new rendering mode is called
`FT_RENDER_MODE_SDF`, the pixel mode is `FT_PIXEL_MODE_GRAY8`, and the
corresponding raster flag is `FT_RASTER_FLAG_SDF`. This work was Anuj Verma's
GSoC 2020 project.
- A new, experimental API is now available for surfacing properties of 'COLR' v1
color fonts (as the name says, this is an extension to the 'COLR' table for
outline color fonts using the SFNT container format). 'COLR' v1 fonts are a
recently proposed addition to OFF and OpenType; specification work currently
happens in https://github.com/googlefonts/colr-gradients-spec/ 'COLR' v1 is
expected to be merged to OpenType; the ISO standardisation process for adding
'COLR' v1 as an amendment to OFF is underway. Functions similar to the already
existing 'COLR' API have been added to access the corresponding data.
FT_Get_Color_Glyph_Paint Retrieve the root paint for a given glyph ID.
FT_Get_Paint_Layers Access the layers of a `PaintColrLayers` table.
FT_Get_Colorline_Stops Retrieve the 'color stops' on a color line. As an input,
a color stop iterator gets used, which in turn is retrieved from a paint.
FT_Get_Paint Dereference an `FT_OpaquePaint` object and retrieve the
corresponding `FT_COLR_Paint` object, which contains details on how to draw the
respective 'COLR' v1 `Paint` table.
II. MISCELLANEOUS
- FreeType has moved its infrastructure to https://gitlab.freedesktop.org/freetype
A side effect is that the git repositories are now called `freetype.git` and
`freetype-demos.git`, which by default expand to the directories `freetype` and
`freetype-demos`, respectively. The documentation has been updated accordingly.
FreeType's Savannah repositories will stay; they are now mirrors of the
'freedesktop.org' repositories.
- A new function `FT_Get_Transform` returns the values set by `FT_Set_Transform`.
- A new configuration macro `FT_DEBUG_LOGGING` is available. It provides extended
debugging capabilities for FreeType, for example showing a time stamp or
displaying the component a tracing message comes from. See file `docs/DEBUG` for
more information. This work was Priyesh Kumar's GSoC 2020 project.
- The legacy Type 1 and CFF engines are further demoted due to lack of CFF2
charstring support. You now need to use `FT_Property_Set` to enable them besides
the `T1_CONFIG_OPTION_OLD_ENGINE` and `CFF_CONFIG_OPTION_OLD_ENGINE` options,
respectively.
- The experimental 'warp' mode (AF_CONFIG_OPTION_USE_WARPER) for the auto-hinter
has been removed.
- The smooth rasterizer performance has been improved by >10%. Note that due to
necessary code changes there might be very subtle differences in rendering. They
are not visible by the eye, however.
- PCF bitmap fonts compressed with LZW (these are usually files with the extension
`.pcf.Z`) are now handled correctly.
- Improved Meson build files, including support to build the FreeType demo programs.
- A new demo program `ftsdf` is available to display Signed Distance Fields of
glyphs.
- The `ftlint` demo program has been extended to do more testing of its input. In
particular, it can display horizontal and vertical acutances for quality
assessment, together with computing MD5 checksums of rendered glyphs. [The
acutance measures how sharply the pixel coverage changes at glyph edges. For
monochrome bitmaps, it is always 2.0 in either X or Y direction. For
anti-aliased bitmaps, it depends on the hinting and the shape of a glyph and
might approach or even reach value 2.0 for glyphs like 'I', 'L', '+', '-', or
'=', while it might be lower for glyphs like 'O', 'S', or 'W'.]
- The `ttdebug` demo program didn't show changed point coordinates (bug introduced
in version 2.10.3).
- It is now possible to adjust the axis increment for variable fonts in the
`ftmulti` demo program.
- It is now possible to change the hinting engine in the `ftstring` demo program.
- The graphical demo programs work better now in native color depth on win32 and
x11.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 1.35 (2004) to 5.09 (2021)
- Update of rootfile required
- Changelog is too large to include here.
Full details can be found in Changes file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 0.100 (2002) to 1.1 (2007 - latest version)
- Update rootfile
- Changelog
1.1 Sun May 18 21:13:38 2007
- Released version 1.1.
- Clearly marked MSWin32 systems as unsupported. (How do
64bit Windows system identify themselves?)
- Fixed bug that caused Perl to segfault when closelog() was
called before openlog().
1.0 Tue Oct 2 22:22:43 2007
- Bumped version number to 1.0.
- License has changed to Artistic 2.0!
- (Syslog.pm) Get rid of `require AutoLoader', which was wrong
to begin with.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 0.7.14 to 0.7.19
- Update of rootfile not required
- Changelog
These are the major changes between libsolv versions:
Version 0.7.19
- selected bug fixes:
* fix rare segfault in resolve_jobrules() that could happen
if new rules are learnt
* fix a couple of memory leaks in error cases
* fix error handling in solv_xfopen_fd()
Version 0.7.18
- selected bug fixes:
* fixed regex code on win32
* fixed memory leak in choice rule generation
- new features:
* repo_add_conda: add flag to skip v2 packages
Version 0.7.17
- selected bug fixes:
* repo_write: fix handling of nested flexarray
* improve choicerule generation a bit more to cover more cases
* harden testcase parser against repos being added too late
* support python-3.10
* check %_dbpath macro in rpmdb code
- new features:
* handle default/visible/langonly attributes in comps parser
* support multiple collections in updateinfo parser
* add '-D' option in rpmdb2solv to set the dbpath
Version 0.7.16
- selected bug fixes:
* do not ask the namespace callback for splitprovides when writing
a testcase
* fix add_complex_recommends() selecting conflicted packages in
rare cases leading to crashes
* improve choicerule generation so that package updates are
prefered in more cases
* deal with missing repos in testcase_mangle_repo_names
Version 0.7.15
- selected bug fixes:
* fix deduceq2addedmap clearing bits outside of the map
* conda: feature depriorization first
* conda: fix startswith implementation
* move find_update_seeds() call in cleandeps calculation
- new features:
* set SOLVABLE_BUILDHOST in rpm and rpmmd parsers
* new testcase_mangle_repo_names() function
* new solv_fmemopen() function
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 0.2.1 to 0.3
- Update of rootfile not required
- Changelog
2021-01-04 18:40:01 +0100 Pali Rohár <pali.rohar@gmail.com>
* Release version 0.3
2020-09-05 13:52:50 +0200 Pali Rohár <pali.rohar@gmail.com>
* Remove duplicate code in mcgroup.c file
Existing functionality is provided by k_join and k_leave functions.
2020-09-05 13:07:38 +0200 Pali Rohár <pali.rohar@gmail.com>
* Fix initialization and deinitialization of mrouter socket
Ensure that uninitialized socket is invalid (-1) and not stdin (0).
2020-09-05 13:07:00 +0200 Pali Rohár <pali.rohar@gmail.com>
* Use main mrouter socket also for sending join/leave messages to upstream router
There is no need to open additional UDP socket which is used just for calling
IP_ADD_MEMBERSHIP/IP_DROP_MEMBERSHIP setsockopt. Main mrouter socket is can
be used for these operations too.
2020-05-20 09:59:11 +0200 Uglymotha <uglymotha@wizdom.nu>
* Free BSD Compilation Patch
On FreeBSD compilation failed due to missing includes in os-freebsd.h.
This was causing errors about undefined structs and types in missing includes.
Also defines __BSD_VISIBLE due to FreeBSD not providing u_int, u_long etc
in a default _POSIX_C_SOURCE environment.
Fixes: https://github.com/pali/igmpproxy/issues/68
2020-05-08 22:54:06 +0200 Pali Rohár <pali.rohar@gmail.com>
* Remove MAX_MC_VIFS macro
Its value is same as MAXVIFS, so use MAXVIFS instead.
2020-03-06 11:51:21 +0100 Pali Rohár <pali.rohar@gmail.com>
* Improve downstream host tracking for quickleave mode
Use bit based per multicast route hash table for tracking downstream hosts.
For hasing function is used 32bit MurmurHash3 with pseudorandom seed and
size of hash table can be configured via a new "hashtablesize" token in
config file. Default size of hash table is 32 bytes, so it can store
approximatelly 128 hosts which is half of /24 subnet. For home networks
this should be sane default value.
Fixes: https://github.com/pali/igmpproxy/pull/57
2020-02-26 20:27:08 +0100 Pali Rohár <pali.rohar@gmail.com>
* Show error message when IP_ADD_MEMBERSHIP fails with errno ENOBUFS
Also on Linux show hint how to increase maximum number of multicast groups.
Fixes: https://github.com/pali/igmpproxy/issues/30
2020-02-25 23:46:57 +0100 Pali Rohár <pali.rohar@gmail.com>
* Fix gcc-7 and clang-9 on Travis
2020-02-25 23:24:26 +0100 Pali Rohár <pali.rohar@gmail.com>
* Update Travis config file
2019-06-26 17:42:15 +0200 Pali Rohár <pali.rohar@gmail.com>
* Use AS_IF macro for C99 check in configure.ac
2018-09-30 00:28:05 +0200 Pali Rohár <pali.rohar@gmail.com>
* Fix makefile rules for generating AUTHORS and ChangeLog files
2018-02-13 20:17:30 +0100 Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 10.3.2 to 10.4.0
- Update of rootfile
- Changelog
10.4.0: release
* Add --allow-weak-crypto option to suppress warnings about use of
weak cryptographic algorithms. Update documentation around this
issue. Fixes#358.
* Relax xref recovery logic a bit so that files whose objects are
either missing endobj or have endobj at other than the beginning
of a line can still be recovered. Fixes#573.
* Add support for OpenSSL 3. Fixes#568.
The OpenSSL version is detected at compile-time. If you want to
build with OpenSSL 3 on a system that has OpenSSL 1 installed, you
can run configure like this (or similar to this depending on how
you installed openssl3):
pc_openssl_CFLAGS=-I/path/to/openssl3/include \
pc_openssl_LIBS='-L/path/to/openssl3/lib64 -lssl -lcrypto' \
./configure
where /path/to/openssl3 is wherever your OpenSSL 3 distribution is
installed. You may also need to set the LD_LIBRARY_PATH
environment variable if it's not installed in a standard location.
* Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740).
* Add QIntC::range_check_subtract to do range checking on
subtraction, which has different boundary conditions from
addition.
* Bug fix: fix crash that could occur under certain conditions
when using --pages with files that had form fields. Fixes#548.
* Add an extra check to the library to detect when foreign objects
are inserted directly (instead of using
<function>QPDF::copyForeignObject</function>) at the time of
insertion rather than when the file is written. Catching the error
sooner makes it much easier to locate the incorrect code.
* Bug fix: make overlay/underlay work on a page with no resource
dictionary. Fixes#527.
* Add QPDF::findPage to the public API. This is primarily to help
improve the efficiency of code that wraps the qpdf library, such
as pikepdf. Fixes#516.
* zlib-flate: warn and exit with code 3 when there is corrupted
input data even when decompression is possible. We do this in the
zlib-flate CLI so that it can be more reliably used to test the
validity of zlib streams, but we don't warn by default in qpdf
itself because PDF files in the wild exist with this problem and
other readers appear to tolerate it. There is a PDF in the qpdf
test suite (form-filled-by-acrobat.pdf) that was written by a
version of Adobe Acrobat that exhibits this problem. Fixes#562.
* Add Pl_Flate::setWarnCallback to make it possible to be notified
of data errors that are recoverable but still indicate invalid
data.
* Improve error reporting when someone forgets the -- after
--pages. Fixes#555.
* Bug fix: ensure we don't overflow any string bounds while
handling completion, even when we are given bogus input values.
Fixes#441.
* Improve performance of preservation of object streams by
avoiding unnecessary traversal of objects when there are no object
streams.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 21.07.0 to 21.11.0
- Update of rootfile
- find-dependencies run to check so bump. No issues found
- Changelog
Release 21.11.0:
core:
* Fix rendering of some non-standard confirming annotations
* Support rendering of some non-standard Type3 charprocs. Issue #1150
* TextOutputDev: Respect orientation when selecting words. Issue #499
* CairoOutputDev: Don't override the antialias settings from the cairo_t
* StructElement: support MCID in XObjects
* Fix detection of monospace fonts
* Ignore Adobe-Identity for non embedded CID fonts
* PageLabelInfo::labelToIndex: work on some special no style intervals
* Fix crash in malformed files
* Minor code improvements
utils:
* pdfinfo: add -url option to print all URLs in a PDF
* pdftohtml: document what zoom means in regard to DPI
qt6:
* Require Qt 6.1
* Minor code improvements
Release 21.10.0:
core:
* Add support for setting custom stamp annotations
* Add default appearance for the well known stamp names
* Correct encoding of signature's properties Reason & Location
* Splash: Fix rendering of some odd patterns
* SignatureHandler::validateCertificate: Add option to not do OCSP revocation check
* SignatureHandler::validateCertificate: Add support for AIA fetching to verify certificates
* greallocn: if memory allocation fails, free the previous pointer to avoid memory leak
* Fix issues with malformed files
* Internal code improvements
utils:
* pdfsig: Add a way to list certificate nicknames
* pdfsig: You can now add signatures from pdfsig
* pdfsig: Add option to not do OCSP revocation check
* pdfsig: Add option for AIA fetching to verify certificates
* pdfinfo: Add -custom option to print custom metadata
* pdfinfo: add metadata flags
qt:
* Add support for setting custom stamp annotations
* Add getters for signature's properties Reason & Location
* Internal code improvements
glib:
* Remove incorrect PopplerAttachment deprecation
Release 21.09.0:
core:
* Splash: Massive spped improvement on files that use lots of save/restore (q/Q) operators
* Correct decoding of signature properties Reason & Location when they are Unicode
* Fix issues with malformed files
* MSVC build fixes
build system:
* Call cmake_minium_required() before project()
* Always append to CMAKE_{C,CXX}_FLAGS_${CMAKE_BUILD_TYPE}
* correctly forward user-provided flags to try_compile()
Release 21.08.0:
core:
* Add API to allow addition and modification of outlines into a PDF
* Use additional samples to test for constant parts of an axial gradient
* forms: Create fallback fonts for some well known font names
* Support reading the PDF Version from the Catalog
* Fix XRef::copy when there are modified objects
* Take into account that Date string may be in unicode
* JBIG2Stream: Fix regression in "Do not consider a size-0 to be an error"
* Replace a local bubble sort implementation by std::sort
* Fix issues with malformed files
build system:
* Better error message when libjpeg is not found
* Better error messages when libopenjpeg2 is not found
qt5/qt6:
* Document that a document has to outlive its pages
* Make getPdfVersion return a dedicated version object
glib:
* mimick TextSelectionDumper logic change for spaceAfter
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- v2 version is to extend from 20210714-3.1 to 20210910-3.1
- Update from 20210522-3.1 to 20210910-3.1
- Update rootfile
- Changelog
2021-09-10 Jess Thrysoee
* all: sync with upstream source
2021-07-14 Jess Thrysoee
* all: sync with upstream source
* src/histedit.h: Add wcsdup declaration when ifndef HAVE_WCSDUP. Patch by Rainer Jung.
* examples/wtc1.c: Fix warnings and add missing brace. Patch by Rainer Jung.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- v2 version is to extend from 1.9.8p1 to 1.9.8p2
- Update from 1.9.7p2 to 1.9.8p2
- Update rootfile
- Changelog
What's new in Sudo 1.9.8p2
* Fixed a potential out-of-bounds read with "sudo -i" when the
target user's shell is bash. This is a regression introduced
in sudo 1.9.8. Bug #998.
* sudo_logsrvd now only sends a log ID for first command of a session.
There is no need to send the log ID for each sub-command.
* Fixed a few minor memory leaks in intercept mode.
* Fixed a problem with sudo_logsrvd in relay mode if "store_first"
was enabled when handling sub-commands. A new zero-length journal
file was created for each sub-command instead of simply using
the existing journal file.
What's new in Sudo 1.9.8p1
* Fixed support for passing a prompt (sudo -p) or a login class
(sudo -l) on the command line. This is a regression introduced
in sudo 1.9.8. Bug #993.
* Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
This is a regression introduced in sudo 1.9.8. Bug #994.
* Fixed a compilation error when the --enable-static-sudoers configure
option was specified. This is a regression introduced in sudo
1.9.8 caused by a symbol clash with the intercept and log server
protobuf functions.
What's new in Sudo 1.9.8
* It is now possible to transparently intercepting sub-commands
executed by the original command run via sudo. Intercept support
is implemented using LD_PRELOAD (or the equivalent supported by
the system) and so has some limitations. The two main limitations
are that only dynamic executables are supported and only the
execl, execle, execlp, execv, execve, execvp, and execvpe library
functions are currently intercepted. Its main use case is to
support restricting privileged shells run via sudo.
To support this, there is a new "intercept" Defaults setting and
an INTERCEPT command tag that can be used in sudoers. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
Defaults!SHELLS intercept
would cause sudo to run the listed shells in intercept mode.
This can also be set on a per-rule basis. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
chuck ALL = INTERCEPT: SHELLS
would only apply intercept mode to user "chuck" when running one
of the listed shells.
In intercept mode, sudo will not prompt for a password before
running a sub-command and will not allow a set-user-ID or
set-group-ID program to be run by default. The new
intercept_authenticate and intercept_allow_setid sudoers settings
can be used to change this behavior.
* The new "log_subcmds" sudoers setting can be used to log additional
commands run in a privileged shell. It uses the same mechanism as
the intercept support described above and has the same limitations.
* The new "log_exit_status" sudoers setting can be used to log
the exit status commands run via sudo. This is also a corresponding
"log_exit" setting in the sudo_logsrvd.conf eventlog stanza.
* Support for logging sudo_logsrvd errors via syslog or to a file.
Previously, most sudo_logsrvd errors were only visible in the
debug log.
* Better diagnostics when there is a TLS certificate validation error.
* Using the "+=" or "-=" operators in a Defaults setting that takes
a string, not a list, now produces a warning from sudo and a
syntax error from inside visudo.
* Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
had no effect when creating I/O log parent directories if the I/O log
file name ended with the string "XXXXXX".
* Fixed a bug in the sudoers custom prompt code where the size
parameter that was passed to the strlcpy() function was incorrect.
No overflow was possible since the correct amount of memory was
already pre-allocated.
* The mksigname and mksiglist helper programs are now built with
the host compiler, not the target compiler, when cross-compiling.
Bug #989.
* Fixed compilation error when the --enable-static-sudoers configure
option was specified. This was due to a typo introduced in sudo
1.9.7. GitHub PR #113.
For more details of the changes then view the ChangeLog file in the source tarball
or at https://www.sudo.ws/changes.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 1.21.1 to 1.21.2
- Update of rootfile not required
- Changelog
Noteworthy changes in release 1.21.2 (2021-09-07) - (user visible changes)
* Support for autoconf 2.71
* Fix a double free in FTP when using an absolute path
* Release tarballs no longer have a dependency on Python.
* --page-requisites will now also download links marked as "alternate
stylesheet" or "icon"
Full changelog is too long to include here but can be viewed in the ChangeLog file in
the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
