- Update from 4.1.4 to 5.1.0
- Update of rootfile carried out
- Changelog is too long to fit in here.
Changes for versions 5.0.0 and 5.1.0 can be found in the ChangeLog file
in the source tarball
Changes for versions 4.2.0 and 4.2.1 can be found in the ChangeLog.1
file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 0.2 to 1.17
- Update of rootfile carried out
- ed-0.2-mkstemp-1.patch from LFS is no longer required in later versions
of ed or LFS
- Changelog is a bit too long to add here.
Full change log can be found by viewing ChangeLog file in tar sourceball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.0.6 to 1.0.8
- Update of rootfile
- Changelog
1.0.8 (13 Jul 19)
* Accept as many selectors as the file format allows.
This relaxes the fix for CVE-2019-12900 from 1.0.7
so that bzip2 allows decompression of bz2 files that
use (too) many selectors again.
* Fix handling of large (> 4GB) files on Windows.
* Cleanup of bzdiff and bzgrep scripts so they don't use
any bash extensions and handle multiple archives correctly.
* There is now a bz2-files testsuite at
https://sourceware.org/git/bzip2-tests.git
1.0.7 (27 Jun 19)
* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH
* bzip2: Fix return value when combining --test,-t and -q.
* bzip2recover: Fix buffer overflow for large argv[0]
* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189)
* Make sure nSelectors is not out of range (CVE-2019-12900)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.2 to 3.4
- Updated rootfile
- parted-3.2-device-mapper.patch and parted-3.2-sysmacros.patch are no
longer needed as changes are now included in the tarball
- Changelog is too large to put in here.
11 bug fixes included in logs
Full changelog can be viewed in the tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 3.0.12 to 4.0.2
- Updated rootfile
- Changelog is too large to include here
Full chagelog can be found in the tarball in CHANGES and CHANGES.current
Large number of bugs fixed in the two versions between 3.0.12 and 4.0.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.4.48 to 2.5.1
- Update rootfile
- Changelog
Version 2.5.1
Fix libtool library versioning regression Andreas Gruenbacher
Version 2.4.48
Update po files and German translation Andreas Gruenbacher
getfattr: Add --one-file-system option Andreas Gruenbacher
Move struct stat into struct walk_tree_args Andreas Gruenbacher
Move list of open directories into struct walk_tree_args Andreas Gruenbacher
Move walk_tree_rec arguments into a separate struct Andreas Gruenbacher
xattr.conf: Indicate afs metadata xattrs should be skipped when copying David Howells
Fix typos in manual pages Samanta Navarro
Update my email address Andreas Gruenbacher
man: add examples to setfattr.1 Achilles Gaikwad
install-data: Don't remove unrelated empty directories Andreas Gruenbacher
attr: Replace bzero with memset Rosen Penev
getfattr: don't count terminating NULL in well_enough_printable Jeff Layton
attr_list, attr_listf: Guard against unterminated buffer Andreas Gruenbacher
attr_multi, attr_multif: Don't set errno to -EINVAL Andreas Gruenbacher
Switch back to syscall() Andreas Gruenbacher
attr_list.3: Fix the attributes.h include path Andreas Gruenbacher
getfattr.1: by default only user namespace attributes are dumped Simon Ruderich
Enable large-file support on systems that do not enable it by default Dmitry V. Levin
man: standardize AUTHORS section Mike Frysinger
man: fix bold style in SEE ALSO section Mike Frysinger
test: escape left brace in a regex in test/run Troy Dawson
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.2.53 to 2.3.1
- Updated rootfile
- Changelog
Version 2.3.1
Fix libtool library versioning regression Andreas Gruenbacher
Version 2.3.0
Update po files and German translation Andreas Gruenbacher
getfacl: fix indent in --help output Valentin Vidic
getfacl: Add --one-file-system optionnext Pavel Polacek
Move struct stat into struct walk_tree_args Andreas Gruenbacher
Move list of open directories into struct walk_tree_args Andreas Gruenbacher
Move walk_tree_rec arguments into a separate struct Andreas Gruenbacher
acl_from_mode, acl_copy_int: Fix segfault on allocation failure Tavian Barnes
__acl_create_entry_obj: do not break strict aliasing rules Kamil Dudka
Fix typo in getfacl(1) man page Anthony Sottile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update sqlite from 3.34.0 to 3.34.1
- Update rootfile
- Changelog
Fix a potential use-after-free bug when processing a a subquery with
both a correlated WHERE clause and a "HAVING 0" clause and where the
parent query is an aggregate.
Fix documentation typos
Fix minor problems in extensions.
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update qpdf from 10.1.0 to 10.3.0
- Updated rootfile
- Changelog is too long to fully include here
See ChangeLog file in source tarball
Bug fixes in 10.3.0
* The last several changes are in support of fixing more complex
cases of keeping form fields working properly through page copying
operations. Fixes#509.
Bug fixes in 10.2.0
* From qpdf CLI, --pages and --split-pages will properly preserve
interactive form functionality. Fixes#340.
* From qpdf CLI, --overlay and --underlay will copy annotations
and form fields from overlay/underlay file. Fixes#395.
* Add new option --password-file=file for reading the decryption
password from a file. file may be "-" to read from standard input.
Fixes#499.
* By default, give an error if a user attempts to encrypt a file
with a 256-bit key, a non-empty user password, and an empty owner
password. Such files are insecure since they can be opened with no
password. To allow explicit creation of files like this, pass the
new --allow-insecure option. Thanks to github user RobK88 for a
detailed analysis and for reporting this issue. Fixes#501.
* Bug fix: if a form XObject lacks a resources dictionary,
consider any names in that form XObject to be referenced from the
containing page. This is compliant with older PDF versions. Also
detect if any form XObjects have any unresolved names and, if so,
don't remove unreferenced resources from them or from the page
that contains them. Fixes#494.
* Give warnings instead of segfaulting if a QPDF operation is
attempted after calling closeInputSource(). Fixes#495.
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update iproute2 from 5.10.0 to 5.11.0
- Updated rootfile
- Changelog extracted from commits
lib/fs: Fix single return points for get_cgroup2_* Andrea Claudi
lib/fs: avoid double call to mkdir on make_path() Andrea Claudi
lib/bpf: Fix and simplify bpf_mnt_check_target() Andrea Claudi
lib/namespace: fix ip -all netns return code Andrea Claudi
ip: lwtunnel: seg6: bail out if table ids are invalid Andrea Claudi
tc: m_gate: use SPRINT_BUF when needed Andrea Claudi
man8/bridge.8: be explicit that "flood" is an egress setting Vladimir Oltean
man8/bridge.8: explain self vs master for "bridge fdb add" Vladimir Oltean
man8/bridge.8: fix which one of self/master is default for "bridge fdb" Vladimir Oltean
man8/bridge.8: explain what a local FDB entry is Vladimir Oltean
man8/bridge.8: document that "local" is default for "bridge fdb add" Vladimir Oltean
man8/bridge.8: document the "permanent" flag for "bridge fdb add" Vladimir Oltean
rdma: Fix statistics bind/unbing argument handling Ido Kalir
uapi: pick up rpl.h fix Stephen Hemminger
iproute: force rtm_dst_len to 32/128 Luca Boccassi
ss: Add clarification about host conditions with multiple familes to man Thayne McCombs
Add documentation of ss filter to man page Thayne McCombs
iplink: print warning for missing VF data Edwin Peer
ss: do not emit warn while dumping MPTCP on old kernels Paolo Abeni
man: tc-taprio.8: document the full offload feature Vladimir Oltean
iplink_bareudp: cleanup help message and man page Guillaume Nault
vrf: fix ip vrf exec with libbpf Luca Boccassi
vrf: print BPF log buffer if bpf_program_load fails Luca Boccassi
build: Fix link errors on some systems Roi Dayan
tc: flower: fix json output with mpls lse Guillaume Nault
dcb: Change --Netns/-N to --netns/-n Petr Machata
dcb: Plug a leaking DCB socket buffer Petr Machata
dcb: Set values with RTM_SETDCB type Petr Machata
uapi: update if_link.h from upstream Stephen Hemminger
include: uapi: Carry dcbnl.h Petr Machata
uapi: update kernel headers to 5.11 pre rc1
Signed-off-by: Adolf Belka (ipfire) <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.11.28/RELEASE-NOTES-bind-9.11.28.html
"Notes for BIND 9.11.28
Security Fixes
When tkey-gssapi-keytab or tkey-gssapi-credential was configured,
a specially crafted GSS-TSIG query could cause a buffer overflow in the
ISC implementation of SPNEGO (a protocol enabling negotiation of the
security mechanism to use for GSSAPI authentication). This flaw could
be exploited to crash named. Theoretically, it also enabled remote code
execution, but achieving the latter is very difficult in real-world
conditions. (CVE-2020-8625)
This vulnerability was responsibly reported to us as ZDI-CAN-12302
by Trend Micro Zero Day Initiative. [GL #2354]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841)
====================================================================
Severity: Moderate
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to
create a unique hash value based on the issuer and serial number data contained
within an X509 certificate. However it fails to correctly handle any errors
that may occur while parsing the issuer field (which might occur if the issuer
field is maliciously constructed). This may subsequently result in a NULL
pointer deref and a crash leading to a potential denial of service attack.
The function X509_issuer_and_serial_hash() is never directly called by OpenSSL
itself so applications are only vulnerable if they use this function directly
and they use it on certificates that may have been obtained from untrusted
sources.
OpenSSL versions 1.1.1i and below are affected by this issue. Users of these
versions should upgrade to OpenSSL 1.1.1j.
OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL
1.0.2 is out of support and no longer receiving public updates. Premium support
customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade
to 1.1.1j.
This issue was reported to OpenSSL on 15th December 2020 by Tavis Ormandy from
Google. The fix was developed by Matt Caswell.
Incorrect SSLv2 rollback protection (CVE-2021-23839)
====================================================
Severity: Low
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a
server that is configured to support both SSLv2 and more recent SSL and TLS
versions then a check is made for a version rollback attack when unpadding an
RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are
supposed to use a special form of padding. A server that supports greater than
SSLv2 is supposed to reject connection attempts from a client where this special
form of padding is present, because this indicates that a version rollback has
occurred (i.e. both client and server support greater than SSLv2, and yet this
is the version that is being requested).
The implementation of this padding check inverted the logic so that the
connection attempt is accepted if the padding is present, and rejected if it
is absent. This means that such as server will accept a connection if a version
rollback attack has occurred. Further the server will erroneously reject a
connection if a normal SSLv2 connection attempt is made.
Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this
issue. In order to be vulnerable a 1.0.2 server must:
1) have configured SSLv2 support at compile time (this is off by default),
2) have configured SSLv2 support at runtime (this is off by default),
3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite
list)
OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to
this issue. The underlying error is in the implementation of the
RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING
padding mode used by various other functions. Although 1.1.1 does not support
SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the
RSA_SSLV23_PADDING padding mode. Applications that directly call that function
or use that padding mode will encounter this issue. However since there is no
support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a
security issue in that version.
OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium
support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should
upgrade to 1.1.1j.
This issue was reported to OpenSSL on 21st January 2021 by D. Katz and Joel
Luellwitz from Trustwave. The fix was developed by Matt Caswell.
Integer overflow in CipherUpdate (CVE-2021-23840)
=================================================
Severity: Low
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow
the output length argument in some cases where the input length is close to the
maximum permissable length for an integer on the platform. In such cases the
return value from the function call will be 1 (indicating success), but the
output length value will be negative. This could cause applications to behave
incorrectly or crash.
OpenSSL versions 1.1.1i and below are affected by this issue. Users of these
versions should upgrade to OpenSSL 1.1.1j.
OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL
1.0.2 is out of support and no longer receiving public updates. Premium support
customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade
to 1.1.1j.
This issue was reported to OpenSSL on 13th December 2020 by Paul Kehrer. The fix
was developed by Matt Caswell.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update sysvinit from 2.88dsf to 2.98
- From version 2.89 mounpoint build was not enabled as standard
- Patch created to modify Makefile to define mountpoint to be built
- Update of rootfiles
- Changelog is ~400 lines long from 2.88dsf to 2.98
- For details see the Changelog in the doc directory in the tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update attr from 2.4.47 (2013) to 2.4.48 (2018)
- Update rootfiles
- Changelog in tarball only goes up to 2.4.44 so extracted changes
from commits between 2.4.47 and release of 2.4.48
v2.4.48
attr: Fix segmentation fault Andreas Gruenbacher
po: update Andreas Gruenbacher
setfacl: Include errno.h Andreas Gruenbacher
copy_action: drop unused alloca.h include Mike Frysinger
include: add uninstall target to fix distcheck Mike Frysinger
attr_copy_{fd,file}: sync changes between the files Mike Frysinger
xattr.conf: do not copy security.evm Stefan Berger
Cleanup visibility of API functions Yury Usishchev
Cleanup config.h usage Yury Usishchev
Use stdint types consistently Felix Janda
walk_tree_rec: Add parentheses to clarify code Andreas Gruenbacher
Reintroduce symbols that used to be syscall wrappers Dmitry V. Levin
Do not export symbols that are not supposed to be exported Dmitry V. Levin
Add explicit symbol versioning for attr_copy_action Dmitry V. Levin
ignore configure.lineno Mike Frysinger
walk_tree: mark internal variables as static Dmitry V. Levin
Remove the attr.5 man page (moved to man-pages) Andreas Gruenbacher
Remove <attr/xattr.h> and the syscall wrappers Andreas Gruenbacher
Remove the section 2 man pages Andreas Gruenbacher
Remove outdated tests from test/attr.test Andreas Gruenbacher
Remove test/ext/fs.test Andreas Gruenbacher
Add setfattr --raw option Andreas Gruenbacher
Properly set and report empty attribute values Andreas Gruenbacher
Man pages: Minor fixes Andreas Gruenbacher
build: unbreak attr_copy_fd() and attr_copy_file(). Nick Alcock
attr: Don't report a NULL attribute name when -l (list) fails Andreas Gruenbacher
attr_list / attr_listf: Fix cursor off-by-one error Andreas Gruenbacher
Portability fix: <alloca.h> is Linux specific Emmanuel Dreyfus
Portability fixes Emmanuel Dreyfus
telldir return value and seekdir second parameters are of type long Cristian Rodríguez
License fixes Andreas Gruenbacher
test: fix cleanup & running as root Mike Frysinger
include examples/ in dist tarball Mike Frysinger
build: ship a pkgconfig file for libattr Jan Engelhardt
build: make use of an aux-dir to stow away helper scripts Jan Engelhardt
avoid glibc-specific DECLS defines Mike Frysinger
build: drop attrincludedir, use pkgincludedir Jan Engelhardt
disable installation of man(2) pages by default Mike Frysinger
po: regenerate files after move Mike Frysinger
modernize build system Mike Frysinger
test: make running parallel/out-of-tree safe Mike Frysinger
move gettext logic into misc.h Mike Frysinger
punt debian/rpm packaging logic Mike Frysinger
Suppress deprecation warnings when building attr and libattr Andreas Gruenbacher
Add a default /etc/xattr.conf file Andreas Gruenbacher
Mark the Irix compatibility functions as deprecated Andreas Gruenbacher
Make attr_get and attr_getf behave as described in the man page Andreas Gruenbacher
Use autoreconf rather than autoconf to regenerate the files. Fabrice Bauzac
.gitignore: ignore *~ and config.h.in. Fabrice Bauzac
Fix ATTR_OP_REMOVE operation in attr_multi()
Makefile: rename configure.in to configure.ac
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update autoconf from 2.69 to 2.71
- Updated rootfile
- Changelog
Large amount of changes, especially in 2.70 - too many to add in here.
Details of changes can be found in the NEWS file in the tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This version of the library is outdated for a long time and we have been
shipping newer versions for long enough so that everyone should have
been migrated by now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
pcre is no longer receiving any feature updates, but only bug fixes.
pcre2 is the successor which is replacing pcre.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update qpdf from 10.0.1 to 10.1.0
- Update rootfile
- Changelog
2021-01-05 Jay Berkenbilt <ejb@ql.org>
* 10.1.0: release
2021-01-04 Jay Berkenbilt <ejb@ql.org>
* When qpdf CLI extracts pages, it now only attempts to remove
unreferenced resources from the pages that it is keeping. This
change dramatically reduces the time it takes to extract a small
number of pages from a large, complex file.
* Move getNext()->write() calls in some pipelines to ensure that
state gates properly reset even if the next pipeline's write
throws an exception (fuzz issue 28262).
2021-01-03 Jay Berkenbilt <ejb@ql.org>
* Don't include -o nospace with zsh completion setup so file
completion works normally. Fixes#473.
2021-01-02 Jay Berkenbilt <ejb@ql.org>
* Make QPDFPageObjectHelper methods pipeContents, parseContents,
and addContentTokenFilter work with form XObjects.
* Rename some QPDFPageObjectHelper methods and make them support
form XObjects as well as pages. The old names will be preserved
from compatibility.
- pipePageContents -> pipeContents
- parsePageContents -> parseContents
* Add QPDFObjectHandle::parseAsContents to apply ParserCallbacks
to a form XObject.
* QPDFPageObjectHelper::externalizeInlineImages can be called with
form XObjects as well as pages.
* Bug fix: QPDFPageObjectHelper::externalizeInlineImages was not
descending into form XObjects on a page. It now does this by
default. In the extremely unlikely event that anyone was actually
depending on the old behavior, it is available by passing
shallow=true to the externalizeInlineImages call.
* Bug fix: QPDFObjectHandle::filterPageContents was broken for
pages with an array of content streams. This caused
externalize-inline-images to also be broken for this case.
2021-01-01 Jay Berkenbilt <ejb@ql.org>
* Add methods to QPDFPageObjectHelper: forEachXObject,
forEachImage, forEachFormXObject to call a function on each
XObject (or image or form XObject) in a page or form XObject,
possibly recursing into nested form XObjects.
* Add method QPDFPageObjectHelper::getFormXObjects to return a map
of keys to form XObjects (non-recursively) from a page or form
XObject.
* Add method QPDFObjectHandle::isImage to test whether an object
is an image.
2020-12-31 Jay Berkenbilt <ejb@ql.org>
* QPDFPageObjectHelper::removeUnreferencedResources can now be
called with a QPDFPageObjectHelper created from a form XObject.
The method already recursed into form XObjects.
* Rename some QPDFPageObjectHelper methods and make them support
form XObjects as well as pages. The old names will be preserved
from compatibility.
- getPageImages -> getImages
- filterPageContents -> filterContents
* Add QPDFObjectHandle::isFormXObject to test whether an object is
a form XObject.
2020-12-30 Jay Berkenbilt <ejb@ql.org>
* Add QPDFPageObjectHelper::flattenRotation and --flatten-rotation
option to the qpdf CLI. The flattenRotation method removes any
/Rotate key from a page dictionary and implements the same
rotation by modifying the page's contents such that the various
page boxes are altered and the page renders identically. This can
be used to work around buggy PDF applications that don't properly
handle page rotation. The --flatten-rotation option to the qpdf
CLI calls flattenRotation for every page.
2020-12-26 Jay Berkenbilt <ejb@ql.org>
* Add QPDFObjectHandle::setFilterOnWrite, which can be used to
tell QPDFWriter not to filter a stream on output even if it can.
You can use this to prevent QPDFWriter from touching a stream
(either uncompressing or compressing) that you have optimized or
otherwise ensured looks exactly the way you want it, even if
decode level or stream compression would otherwise cause
QPDFWriter to modify the stream.
* Add ostream << for QPDFObjGen. (Don't ask why it took 7.5 years
for me to decide to do this.)
2020-12-25 Jay Berkenbilt <ejb@ql.org>
* Refactor write code to eliminate an extra full traversal of
objects in the file and to remove assumptions that preclude stream
references from appearing in /DecodeParms of filterable streams.
This results in an approximately 8% performance reduction in write
times.
2020-12-23 Jay Berkenbilt <ejb@ql.org>
* Allow library users to provide their own decoders for stream
filters by deriving classes from QPDFStreamFilter and registering
them using QPDF::registerStreamFilter. Registered stream filters
provide code to validate and interpret /DecodeParms for a specific
/Filter and also to provide a pipeline that will decode. Note that
it is possible to encode to a filter type that is not supported
even without this feature. See examples/pdf-custom-filter.cc for
an example of using custom stream filters.
2020-12-22 Jay Berkenbilt <ejb@ql.org>
* Add QPDFObjectHandle::makeDirect(bool allow_streams) -- if
allow_streams is true, preserve indirect references to streams
rather than throwing an exception. This allows the object to be
made as direct as possible while preserving stream references.
2020-12-20 Jay Berkenbilt <ejb@ql.org>
* Add qpdf_register_progress_reporter method to C API,
corresponding to QPDFWriter::registerProgressReporter. Fixes#487.
2020-11-28 Jay Berkenbilt <ejb@ql.org>
* Add new functions to the C API for manipulating
QPDFObjectHandles. The new functions allow creation and
modification of objects, which brings a lot of additional power to
the C API. See include/qpdf/qpdf-c.h for details and
examples/pdf-c-objects.c for a simple example.
2020-11-21 Jay Berkenbilt <ejb@ql.org>
* 10.0.4: release
* Fix QIntC::range_check to handle negative numbers properly (fuzz
issue 26994).
2020-11-11 Jay Berkenbilt <ejb@ql.org>
* Treat a direct page object as a runtime error rather than a
logic error since it is actually possible to create a file that
has this (fuzz issue 27393).
2020-11-09 Jay Berkenbilt <ejb@ql.org>
* Handle "." appearing in --pages not preceded by a numeric range
as a special case in command-line parsing code.
2020-11-04 Jay Berkenbilt <ejb@ql.org>
* Ignore the value of the offset/generation field in an xref entry
for a deleted object. Also attempt file recovery on lower-level
exceptions thrown while reading the xref table. Fixes#482.
2020-10-31 Jay Berkenbilt <ejb@ql.org>
* 10.0.3: release
* Don't enter extension initialization in QPDFWriter on a direct
object. Fixes stack overflow in pathological case of /Root being a
direct object (fuzz issue 26761).
* My previous fix to #449 (handling foreign streams with indirect
objects in /Filter and/or /DecodeParms) was incorrect and caused
other problems. There is a now a correct fix to the original
problem. Fixes#478.
2020-10-27 Jay Berkenbilt <ejb@ql.org>
* 10.0.2: release
2020-10-25 Jay Berkenbilt <ejb@ql.org>
* When signing distribution files, generate sha256 checksums
instead of md5, sha1, and sha512. sha256 seems to be more widely
used, and there's no reason to use md5 or sha1 anymore.
* Official Windows releases are now built using the openssl crypto
provider. The native provider is still available for selection at
runtime using the QPDF_CRYPTO_PROVIDER environment variable.
* Bug fix: --no-warn was not suppressing some warnings that might
be generated by --split-pages.
2020-10-23 Jay Berkenbilt <ejb@ql.org>
* Bug fix: when concatenating content streams, insert a newline if
needed to prevent the last token from the old stream from being
merged with the first token of the new stream. Qpdf was mistakenly
concatenating the streams without regard to the specification that
content streams are to be broken on token boundaries. Fixes#444.
* fix-qdf: handle empty streams better with ignore newline by
treating them as empty even though, technically, a blank line
would be required inside the Stream. This just makes it easier to
add place-holder empty streams while editing qdf files by hand.
2020-10-22 Jay Berkenbilt <ejb@ql.org>
* Fix memory leak that could occur if objects in object streams
were resolved more than once and the objects within the object
streams contained circular references. This leak could be
triggered when qpdf was run with --object-streams=generate on
files that already had object streams containing circular
references (fuzz issue 23642).
* Add QIntC::range_check for checking to see whether adding two
numbers together will cause an overflow.
* Fix loop detection problem when traversing page thumbnails
during optimization (fuzz issue 23172).
2020-10-21 Jay Berkenbilt <ejb@ql.org>
* Bug fix: properly handle copying foreign streams that have
indirect /Filter or /DecodeParms keys when stream data has been
replaced. The circumstances leading to this bug are very unusual
but would cause qpdf to either generate an internal error or some
other kind of warning situation if it would occur. Fixes#449.
* Qpdf's build and CI has been migrated from Azure Pipelines
(Azure DevOps) to GitHub Actions.
* Remove some fuzz files that triggered Mal/PDFEx-H with some
virus scanners. There's plenty of coverage in the fuzz corpus
without these files, and it's a nuisance to have virus checkers
remove them. Fixes#460.
* Ensure that numeric conversion is not affected by the user's
global locale setting. Fixes#459.
* Add qpdf-<version>-linux-x86_64.zip to the list of built
distributions. This is a simple zip file that contains just the
qpdf executables and the dependent shared libraries that would not
ordinarily be present on a base system. This minimal binary
distribution works as is when used as a Lambda layer in AWS and
could be suitable for inclusion in a docker image or other
standalone Linux/x86_64 environment where you want minimal support
for running the qpdf executable. Fixes#352.
2020-10-20 Jay Berkenbilt <ejb@ql.org>
* Add --warning-exit-0 option to the qpdf command line. When
specified, qpdf will exit with a status of 0 rather than 3 when
there are warnings without errors. Combine with --no-warn to
completely ignore warnings.
* Bug fix: fix further cases in which errors were written to
stdout. Fixes#438.
* Build option: add --disable-rpath option to ./configure, which
disables passing -rpath to the linker when building shared
libraries with libtool. Fixes#422.
2020-10-16 Jay Berkenbilt <ejb@ql.org>
* Accept pull request that improves how the Windows native crypto
provider is obtained.
* Accept pull request that improves performance in processing
files in memory.
* Accept pull requests that improve openssl configuration and
error reporting.
* Build using GitHub Actions. The intention is that this will
replace Azure Pipelines as the official CI for qpdf for the next
release.
2020-10-15 Jay Berkenbilt <ejb@ql.org>
* Make many minor improvements to the build process and code
health, including fixing a lgtm warning and compiler warnings from
newer version of gcc and MSVC toolchains. Add several cosmetic
improvements to build output in CI.
* Added LL_FMT to config.h.in. This is populated automatically by
autoconf, but if build with your own build system, you may need to
define it as whatever the format string needed by printf for long
long is. Usually this is "%lld", but it can be "%I64d" for some
older Windows-based compilers.
2020-04-29 Jay Berkenbilt <ejb@ql.org>
* Bug fix: qpdf --check was writing errors and warnings reported
by checkLinearization to stdout instead of stderr. Fixes#438.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update lzo from 2.09 to 2.10
- Update rootfile
- Changelog
Changes in 2.10 (01 Mar 2017)
* Improve CMake build support.
* Add support for pkg-config.
* Do not redefine "snprintf" so that the examples build with MSVC 2015.
* Assorted cleanups.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update lz4 from 1.9.2 to 1.9.3
- Updated rootfile
- Removed old patches and updated to new version name
- Changelog
v1.9.3
perf: highly improved speed in kernel space, by @terrelln
perf: faster speed with Visual Studio, thanks to @wolfpld and @remittor
perf: improved dictionary compression speed, by @felixhandte
perf: fixed LZ4_compress_HC_destSize() ratio, detected by @hsiangkao
perf: reduced stack usage in high compression mode, by @Yanpas
api : LZ4_decompress_safe_partial() supports unknown compressed size, requested by @jfkthame
api : improved LZ4F_compressBound() with automatic flushing, by Christopher Harvie
api : can (de)compress to/from NULL without UBs
api : fix alignment test on 32-bit systems (state initialization)
api : fix LZ4_saveDictHC() in corner case scenario, detected by @IgorKorkin
cli : `-l` legacy format is now compatible with `-m` multiple files, by Filipe Calasans
cli : benchmark mode supports dictionary, by @rkoradi
cli : fix --fast with large argument, detected by @picoHz
build: link to user-defined memory functions with LZ4_USER_MEMORY_FUNCTIONS, suggested by Yuriy Levchenko
build: contrib/cmake_unofficial/ moved to build/cmake/
build: visual/* moved to build/
build: updated meson script, by @neheb
build: tinycc support, by Anton Kochkov
install: Haiku support, by Jerome Duval
doc : updated LZ4 frame format, clarify EndMark
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update lcms2 from 2.9 to 2.12
- Updated rootfile
- Changelog
-----------------------
2.12 Maintenance release
-----------------------
Added new build-in sigmoidal tone curve
Added XCode 12 project
Added support for multichannel input up to 15 channels
Fix LUT8 write matrix
Fix version mess on 10/11
Fix tools & samples xgetopt
Fix warnings on different function pointers
Fix matlab MEX compilation
plugin: cleanup and better SSE detection
plugin: add lab to any on float
plugin: it can now be compiled as C++
recover PDF documentation, but try to keep it under a resonable size.
Prevent a rare but possible out-of-bounds read in postscript generator
Remove unused variables
-----------------------
2.11 Maintenance release
-----------------------
Fixed __cpuid() on fast float plugin to allow gnu gcc
Fixed copy alpha bounds check
Fixed data race condition on contexts pool
Fixed LUT16 write matrix on multichannel V2 profiles
-----------------------
2.10 Featured release
-----------------------
Added a compilation toggle to remove "register" keyword in API.
Previously commercial, fast_float plug-in is now released as open source under GPL3 license.
MD5 functions are now accesible through plug-in API.
Added support for Visual Studio 2019
Bug fixing.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
