- Update from version 3390200 to 3400000
- Update of rootfile not required
- Changelog
version 3.40.0 On 2022-11-16
Add support for compiling SQLite to WASM and running it in web browsers. NB: The WASM build and its interfaces are considered "beta" and are subject to minor changes if the need arises. We anticipate finalizing the interface for the next release.
Add the recovery extension that might be able to recover some content from a corrupt database file.
Query planner enhancements:
Recognize covering indexes on tables with more than 63 columns where columns beyond the 63rd column are used in the query and/or are referenced by the index.
Extract the values of expressions contained within expression indexes where practical, rather than recomputing the expression.
The NOT NULL and IS NULL operators (and their equivalents) avoid loading the content of large strings and BLOB values from disk.
Avoid materializing a view on which a full scan is performed exactly once. Use and discard the rows of the view as they are computed.
Allow flattening of a subquery that is the right-hand operand of a LEFT JOIN in an aggregate query.
A new typedef named sqlite3_filename is added and used to represent the name of a database file. Various interfaces are modified to use the new typedef instead of "char*". This interface change should be fully backwards compatible, though it might cause (harmless) compiler warnings when rebuilding some legacy applications.
Add the sqlite3_value_encoding() interface.
Security enhancement: SQLITE_DBCONFIG_DEFENSIVE is augmented to prohibit changing the schema_version. The schema_version becomes read-only in defensive mode.
Enhancements to the PRAGMA integrity_check statement:
Columns in non-STRICT tables with TEXT affinity should not contain numeric values.
Columns in non-STRICT tables with NUMERIC affinity should not contain TEXT values that could be converted into numbers.
Verify that the rows of a WITHOUT ROWID table are in the correct order.
Enhance the VACUUM INTO statement so that it honors the PRAGMA synchronous setting.
Enhance the sqlite3_strglob() and sqlite3_strlike() APIs so that they are able to accept NULL pointers for their string parameters and still generate a sensible result.
Provide the new SQLITE_MAX_ALLOCATION_SIZE compile-time option for limiting the size of memory allocations.
Change the algorithm used by SQLite's built-in pseudo-random number generator (PRNG) from RC4 to Chacha20.
Allow two or more indexes to have the same name as long as they are all in separate schemas.
Miscellaneous performance optimizations result in about 1% fewer CPU cycles used on typical workloads.
version 3.39.3 (2022-09-05):
Use a statement journal on DML statement affecting two or more database rows if the statement makes use of a SQL functions that might abort. See forum thread 9b9e4716c0d7bbd1.
Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA data_store_directory statements, even though they are deprecated and documented as not being threadsafe. See forum post 719a11e1314d1c70.
Other bug and warning fixes. See the timeline for details.
version 3.39.4 (2022-09-29):
Fix the build on Windows so that it works with -DSQLITE_OMIT_AUTOINIT
Fix a long-standing problem in the btree balancer that might, in rare cases, cause database corruption if the application uses an application-defined page cache.
Enhance SQLITE_DBCONFIG_DEFENSIVE so that it disallows CREATE TRIGGER statements if one or more of the statements in the body of the trigger write into shadow tables.
Fix a possible integer overflow in the size computation for a memory allocation in FTS3.
Fix a misuse of the sqlite3_set_auxdata() interface in the ICU Extension.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.1.1q to 1.1.1s
- Update of rootfile
- Changelog
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
*) Added the loongarch64 target
*) Fixed a DRBG seed propagation thread safety issue
*) Fixed a memory leak in tls13_generate_secret
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
*) Added a missing header for memcmp that caused compilation failure on some
platforms
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.7.0 to 0.7.1
- Update of rootfile not required
- Changelog
## [0.7.1] - 2022-10-31
## Changed
- `--force` no longer forces domain name revalidation by default, a new argument `--force-validation` has been added for that
- Added support for EC secp521r1 algorithm (works with e.g. zerossl)
- `EC PARAMETERS` are no longer written to privkey.pem (didn't seem necessary and was causing issues with various software)
## Fixed
- Requests resulting in `badNonce` errors are now automatically retried (fixes operation with LE staging servers)
- Deprecated `egrep` usage has been removed
## Added
- Implemented EC for account keys
- Domain list now also read from domains.txt.d subdirectory (behaviour might change, see docs)
- Implemented RFC 8738 (validating/signing certificates for IP addresses instead of domain names) support (this will not work with most public CAs, if any!)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.0.8 to 1.0.9
- Update of rootfile
- Changelog
1.0.9
This release comes with the new nfct_nlmsg_build_filter() function that
allows to add metadata for kernel-side filtering of conntrack entries
during conntrack table dump.
The nfct_query() API supports the new NFCT_Q_FLUSH_FILTER argument,
it allows to flush only ipv4 or ipv6 entries from the connection
tracking table.
nfct_snprint family of functions have been updated.
SCTP conntrack entries now support 'heartbeat sent/acked' state.
Entries offloaded to hardware include '[HW_OFFLOAD]' in the formatted
output string.
Notable bugs fixed with this release include:
Fix buffer overflows and out-of-bounds accesses in the
nfct_snprintf() functions.
nfct_nlmsg_build() did not work for ICMP flows unless all ICMP attributes
were set in the reply tuple too, this affected the 'conntrack' tool
where updates (e.g. setting the conntrack mark to a different value)
of ICMP flows would not work.
- Detailed Changes
src: Handle negative snprintf return values properly
src: Fix nfexp_snprintf return value docs
conntrack: Replace strncpy with snprintf to improve null byte handling
conntrack: Fix incorrect snprintf size calculation
include: Add ARRAY_SIZE() macro
conntrack: Fix buffer overflow on invalid icmp type in setters
conntrack: Move icmp request>reply type mapping to common file
conntrack: Fix buffer overflow in protocol related snprintf functions
conntrack: Fix buffer overflows in __snprintf_protoinfo* like in *2str fns
examples: check return value of nfct_nlmsg_build()
libnetfilter_conntrack.pc.in: add LIBMNL_LIBS to Libs.Private
conntrack: dccp print function should use dccp state
conntrack: sctp: update states
include: add CTA_STATS_CLASH_RESOLVE
include: sync uapi header with nf-next
src: add support for status dump filter
include: add CTA_STATS_CHAIN_TOOLONG from linux 5.15 uapi
libnetfilter_conntrack: bump version to 1.0.9
build: use the right automake variables
Update .gitignore
build: update obsolete autoconf macros
conntrack: fix invmap_icmpv6 entries
conntrack: Don't use ICMP attrs in decision to build repl tuple
src: add IPS_HW_OFFLOAD flag
conntrack: add flush filter command
build: missing internal/proto.h in Makefile.am
conntrack: add nfct_nlmsg_build_filter() helper
conntrack: don't cancel nest on unknown layer 4 protocols
tests: Fix for missing qa-connlabel.conf in tarball
tests: Add simple tests to TESTS variable
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.4.6 to 1.4.7
- Update of rootfile not required
- Requires update fo libnetfilter_conntrack from 1.0.8 to 1.0.9
- Changelog
conntrack-tools 1.4.7
This release contains new features:
* IPS_HW_OFFLOAD flag specifies that a conntrack entry has been
offloaded into the hardware
* 'clash_resolve' and 'chaintoolong' stats counters
* Default to unspec family if '-f' flag is absent to improve support for
dual-stack setups
* Support filtering events by IP address family
* Support flushing per IP address family
* Add "save" output format representing data in conntrack parameters
* Support loading conntrack commands from a batch file, e.g. generated
by "save" output format
* Annotate portid in events by the program name (if found)
* Accept yes/no as synonyms to on/off in conntrackd.conf
* Support user space helper auto-loading upon daemon startup, relieving
users from manual 'nfct add helper' calls
* Filter dumps by status on kernel side if possible
* Accept to filter for any status other than SEEN_REPLY using
'UNREPLIED'
* Use libmnl internally
* Reuse netlink socket for improved performance with bulk CT entry loads
* Remove '-o userspace' flag and always tag user space triggered events
* Introduce '-A' command, a variant of '-I' which does not fail if the
entry exists already
... and fixes:
* ICMP entry creation would fail when reply data was specified
* Sync zone value also
* Log external inject problems as warning only
* Endianness bug parsing IP addresses
* Ignore conntrack ID when looking up cache entries to allow for stuck
old ones to be replaced eventually
* Broken parsing of IPv6 M-SEARCH requests in ssdp cthelper
* Eliminate the need for lazy binding in nfct
* Fix for use of unknown protocol values
* Sanitize protocol value parsing, catch illegal values
* Ensure unknown protocol values are included in '-o save' dumps
... and documentation updates:
* Fixed examples in manual
* Refer to nf_conntrack sysctl instead of the deprecated ip_conntrack
one
* Misc updates to the manual
* Add an older example script creating an active-active setup using the
cluster match
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Some users assume that "check filesystem" does more than just
trigger a simple "fsck" run. This patch changes the button label to avoid
confusion. - NL translation
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
For details for 9.16.35 and 9.16.34 (we skipped the last) see:
https://downloads.isc.org/isc/bind9/9.16.35/doc/arm/html/notes.html#notes-for-bind-9-16-35
"Notes for BIND 9.16.35
Bug Fixes
A crash was fixed that happened when a dnssec-policy zone that used
NSEC3 was reconfigured to enable inline-signing. [GL #3591]
In certain resolution scenarios, quotas could be erroneously reached
for servers, including any configured forwarders, resulting in SERVFAIL
answers being sent to clients. This has been fixed. [GL #3598]
rpz-ip rules in response-policy zones could be ineffective in some
cases if a query had the CD (Checking Disabled) bit set to 1. This has
been fixed. [GL #3247]
Previously, if Internet connectivity issues were experienced during the
initial startup of named, a BIND resolver with dnssec-validation set to
auto could enter into a state where it would not recover without
stopping named, manually deleting the managed-keys.bind and
managed-keys.bind.jnl files, and starting named again. This has been
fixed. [GL #2895]
The statistics counter representing the current number of clients
awaiting recursive resolution results (RecursClients) could overflow in
certain resolution scenarios. This has been fixed. [GL #3584]
Previously, BIND failed to start on Solaris-based systems with hundreds
of CPUs. This has been fixed. [GL #3563]
When a DNS resource record’s TTL value was equal to the resolver’s
configured prefetch “eligibility” value, the record was erroneously not
treated as eligible for prefetching. This has been fixed. [GL #3603]
...
Notes for BIND 9.16.34
Bug Fixes
Changing just the TSIG key names for primaries in catalog zones’ member
zones was not effective. This has been fixed. [GL #3557]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://blog.clamav.net/2022/10/new-packages-for-clamav-01037-01044.html
Fixes:
"CVE-2022-37434 - A critical severity vulnerability in the zlib library.
CVE-2022-40303 - A high severity vulnerability in the libxml2 library.
Note: As of writing, the details of this CVE are not published.
However, you can find additional details on other sites.
CVE-2022-40304 - A high severity vulnerability in the libxml2 library.
Note: As of writing, the details of this CVE are not published.
However, you can find additional details on other sites."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Some users assume that "check filesystem" does more than
just trigger a simple "fsck" run. This patch changes the
button label to avoid confusion.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- rootfile for iotop is significantly different with python-3.10.8 compared to 3.10.1
Many entries now missing and iotop placed in bin instead of sbin despite source tarball
setup.py having a "dirty hack to make sure iotop is installed in sbin instead of bin"
- Added lines to lfs to move iotop from /bin to /sbin
- Tested iotop out with python-3.10.8 installed vm system and it worked without any
problems, the same as the existing version running with python-3.10.1
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- With python-3.10.8 the plist.so is no longer available in the site packages.
libplist libraries are still available.
- libplist is only used as a dependency for shairport-sync
Tested by installing shairport-sync and starting/stopping it. Started and stopped
successfully without any error messages. This would suggest that the libplist
libraries are probably being picked up successfully. Cannot test properly as I have
no Apple/iOS or related products.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- The change to python-3.10.8 caused the rootfile to have temp build files from /root/.cache
to be included in it. Added commands to remove these temp build files so they were not
included to the rootfile.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 1.26.9 to 1.26.12
- Update of rootfile
- Changelog
1.26.12 (2022-08-22)
* Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module.
Both will be removed in v2.x. See this `GitHub issue <https://github.com/urllib3/urllib3/issues/2680>`_
for justification and info on how to migrate.
1.26.11 (2022-07-25)
* Fixed an issue where reading more than 2 GiB in a call to ``HTTPResponse.read`` would
raise an ``OverflowError`` on Python 3.9 and earlier.
1.26.10 (2022-07-07)
* Removed support for Python 3.5
* Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP
instead of HTTPS could appear even when an HTTPS proxy wasn't configured.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 4.1.1 to 4.4.0
- Update of rootfile
- Changelog
# Release 4.4.0 (October 6, 2022)
- Add `typing_extensions.Any` a backport of python 3.11's Any class which is
subclassable at runtime. (backport from python/cpython#31841, by Shantanu
and Jelle Zijlstra). Patch by James Hilton-Balfe (@Gobot1234).
- Add initial support for TypeVarLike `default` parameter, PEP 696.
Patch by Marc Mueller (@cdce8p).
- Runtime support for PEP 698, adding `typing_extensions.override`. Patch by
Jelle Zijlstra.
- Add the `infer_variance` parameter to `TypeVar`, as specified in PEP 695.
Patch by Jelle Zijlstra.
# Release 4.3.0 (July 1, 2022)
- Add `typing_extensions.NamedTuple`, allowing for generic `NamedTuple`s on
Python <3.11 (backport from python/cpython#92027, by Serhiy Storchaka). Patch
by Alex Waygood (@AlexWaygood).
- Adjust `typing_extensions.TypedDict` to allow for generic `TypedDict`s on
Python <3.11 (backport from python/cpython#27663, by Samodya Abey). Patch by
Alex Waygood (@AlexWaygood).
# Release 4.2.0 (April 17, 2022)
- Re-export `typing.Unpack` and `typing.TypeVarTuple` on Python 3.11.
- Add `ParamSpecArgs` and `ParamSpecKwargs` to `__all__`.
- Improve "accepts only single type" error messages.
- Improve the distributed package. Patch by Marc Mueller (@cdce8p).
- Update `typing_extensions.dataclass_transform` to rename the
`field_descriptors` parameter to `field_specifiers` and accept
arbitrary keyword arguments.
- Add `typing_extensions.get_overloads` and
`typing_extensions.clear_overloads`, and add registry support to
`typing_extensions.overload`. Backport from python/cpython#89263.
- Add `typing_extensions.assert_type`. Backport from bpo-46480.
- Drop support for Python 3.6. Original patch by Adam Turner (@AA-Turner).
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.21.0 to 0.22.0
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 1.2.0 to 1.3.0
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 62.0.0 to 65.4.1
- Update of rootfile
- Changelog is too large to include here. Details can be found in the CHANGES.rst file
in the source tarball. Most of the changes are bug fixes
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 0.5.2 to 0.6.0
- Update of rootfile- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 2.27.1 to 2.28.1
- Update of rootfile
- Changelog
2.28.1 (2022-06-29)
**Improvements**
- Speed optimization in `iter_content` with transition to `yield from`. (#6170)
**Dependencies**
- Added support for chardet 5.0.0 (#6179)
- Added support for charset-normalizer 2.1.0 (#6169)
2.28.0 (2022-06-09)
**Deprecations**
- ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (#6091)
- Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091)
**Improvements**
- Wrap JSON parsing issues in Request's JSONDecodeError for payloads without
an encoding to make `json()` API consistent. (#6097)
- Parse header components consistently, raising an InvalidHeader error in
all invalid cases. (#6154)
- Added provisional 3.11 support with current beta build. (#6155)
- Requests got a makeover and we decided to paint it black. (#6095)
**Bugfixes**
- Fixed bug where setting `CURL_CA_BUNDLE` to an empty string would disable
cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)
- Fixed urllib3 exception leak, wrapping `urllib3.exceptions.SSLError` with
`requests.exceptions.SSLError` for `content` and `iter_content`. (#6057)
- Fixed issue where invalid Windows registry entires caused proxy resolution
to raise an exception rather than ignoring the entry. (#6149)
- Fixed issue where entire payload could be included in the error message for
JSONDecodeError. (#6036)
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 2022.1 to 2022.4
- Update of rootfile
- Changelog
2022.4
An update to pytz has been released, containing the IANA 2022d timezone database.
There are no code changes.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 3.0.7 to 3.0.9
- Update of rootfile
- Changelog
Version 3.0.9 -
- Added Unicode set `BasicMultilingualPlane` (may also be referenced
as `BMP`) representing the Basic Multilingual Plane (Unicode
characters up to code point 65535). Can be used to parse
most language characters, but omits emojis, wingdings, etc.
Raised in discussion with Dave Tapley (issue #392).
- To address mypy confusion of `pyparsing.Optional` and `typing.Optional`
resulting in `error: "_SpecialForm" not callable` message
reported in issue #365, fixed the import in exceptions.py. Nice
sleuthing by Iwan Aucamp and Dominic Davis-Foster, thank you!
(Removed definitions of `OptionalType`, `DictType`, and `IterableType`
and replaced them with `typing.Optional`, `typing.Dict`, and
`typing.Iterable` throughout.)
- Fixed typo in jinja2 template for railroad diagrams, thanks for the
catch Nioub (issue #388).
- Removed use of deprecated `pkg_resources` package in
railroad diagramming code (issue #391).
- Updated bigquery_view_parser.py example to parse examples at
https://cloud.google.com/bigquery/docs/reference/legacy-sql
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
