- Update from 4.2.1 (2015) to 4.11.1 (2021)
- Update rootfile
- Update patch for suppression of groups installation
- Change default hash from sha512 to yescrypt in lfs and logins.def
- Changelog
* Release 4.11.1
* build: include lib/shadowlog_internal.h in dist tarballs (Sam James)
* Release 4.11
* Handle possible TOCTTOU issues in usermod/userdel (edneville)
* (CVE-2013-4235)
* Use O_NOFOLLOW when copying file
* Kill all user tasks in userdel
* Fix useradd -D segfault (Xi Ruoyao)
* Clean up obsolete libc feature-check ifdefs (Alejandro Colomar)
* Fix -fno-common build breaks due to duplicate Prog declarations
(Adam Sampson)
* Have single date_to_str definition (Alejandro Colomar)
* Fix libsubid SONAME version (Sam James)
* Clarify licensing info, use SPDX.
* Release 4.10
Note: From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su from
util-linux. Please open an issue if there is a problem with that.
We intend to remove it in an upcoming release.
This release features many fixes expecially to the building of
libsubid, some SELinux labeling issues, and a few signaling
issues.
* libsubid fixes (Xi Ruoyao, Serge Hallyn, Iker Pedrosa, Mike Gilbert,
GalaxyMaster, and Luís Ferreira)
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it. (Iker Pedrosa)
* Add libeconf dep for new*idmap (Iker Pedrosa)
* Allow all group types with usermod -G (Iker Pedrosa)
* Avoid useradd generating empty subid range (Iker Pedrosa)
* Handle NULL pw_passwd (Jaroslav Jindrak)
* Fix default value SHA_get_salt_rounds (Mike Gilbert)
* Use https where possible in README (Paul Menzel)
* Update content and format of README (Iker Pedrosa)
* Translation updates (Balint Reczey, Frans Spiesschaert)
* Switch from xml2po to itstool in 'make dist' (Serge Hallyn)
* Fix double frees (Michael Vetter)
* Add LOG_INIT configurable to useradd (Andy Zaugg)
* Add CREATE_MAIL_SPOOL documentation (Andy Zaugg)
* Create a security.md
* Fix su never being SIGKILLd when trapping TERM (Ruihan li)
* Fix wrong SELinux labels in several possible cases (Iker Pedrosa)
* Fix missing chmod in chadowtb_move (GalaxyMaster)
* Handle malformed hushlogins entries (Tobias Stoeckmann)
* Fix groupdel segv when passwd does not exist (François Rigault)
* Fix covscan-found newgrp segfault (Iker Pedrosa)
* Remove trailing slash on hoedir (Ed Neville)
* Fix passwd -l message - it does not change expirey (Ed Neville)
* Fix SIGCHLD handling bugs in su and vipw (Tobias Stoeckmann)
* Remove special case for "" in usermod (Alejandro Colomar)
* Implement usermod -rG to remove a specific group
(Andy Zaugg)
* call pam_end() after fork in child path for su and login
(Björn Fischer)
* useradd: In absence of /etc/passwd, assume 0 == root
(Ludwig Nussel)
* lib: check NULL before freeing data (Iker Pedrosa)
* Fix pwck segfault (Iker Pedrosa)
* Release 4.9
2021-07-22 Serge Hallyn <serge@hallyn.com>
* Updated translations (Björn Esser, Juergen Hoetzel)
* Major salt updates (Björn Esser)
* Various coverity and cleanup fixes (Iker Pedrosa)
* Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct)
* Implement NSS support for subids and a libsubid (Serge Hallyn)
* setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
* login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
* selinux fixes (Christian Göttsche)
* Fix path prefix path handling (Lucas Servén Marín)
* Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
* Treat an empty passwd field as invalid (Haelwenn Monnier)
* newxidmap: allow running under alternative gid (Martijn de Gouw)
* usermod: check that shell is executable (Geert Ijewski)
* Add yescript support (Rodolphe Bréard)
* useradd memleak fixes (whzhe)
* useradd: use built-in settings by default (Ludwig Nussel)
* getdefs: add foreign (non-shadow-utils) items (Karel Zak)
* buffer overflow fixes (Tobias Stoeckmann)
* Adding run-parts style for pre and post useradd/del (ed@s5h.net)
2020-01-23 Serge Hallyn <serge@hallyn.com>
* selinux: inclue stdio (Michael Vetter)
* man: don't suggest making groupmems user-writeable (Michael Weiser)
* Makefile: bail out on error in for loops (Wolfgang Bumiller)
* Adding logging of SSH_ORIGINAL_COMMAND to nologin. (ed@s5h.net)
* add new HOME_MODE login.defs option (Duncan Overbruck)
* Add tty logging to useradd (ed@s5h.net)
* Useradd: make non-executable shell check only a warning (Tomas Mraz)
* Update Dutch translation (Frans-Spiesschaert)
* user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz)
* Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean)
2019-12-20 Dave Reisner <dreisner@archlinux.org>
* Do not auto-enable acct_tools_setuid just because
pam is enabled. NOTE - any distros which are relying
on this behavior will need to switch to configure
--enable-account-tools-setuid
* Release 4.8
2019-12-01 Serge Hallyn <serge@hallyn.com>
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
* Release 4.7
2019-06-13 Serge Hallyn <serge@hallyn.com>
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
* Release 4.6
2018-04-29 Serge Hallyn <serge@hallyn.com>
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option
2017-07-16 Serge Hallyn <serge@hallyn.com>
* Import new Dutch translations.
2017-07-10 Serge Hallyn <serge@hallyn.com>
* Expand error codes for groupmod.
2017-05-17 Serge Hallyn <serge@hallyn.com>
* Release 4.5
2017-05-17 Serge Hallyn <serge@hallyn.com>
* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
preventing SIGTERM to su from being propagated to the job.
* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
* Merge Russian translation updates from Yuri Kozlov
* Fix missing close of subuid file on error
2017-02-23 Serge Hallyn <serge@hallyn.com>
* Merge patch by Tobias Stoeckmann <tobias@stoeckmann.org> to fix
the equivalent of util-linux CVE-2017-2616.
2017-02-08 Serge Hallyn <serge@hallyn.com>
* Update Kazakh translations
* Consult configuration before calculating subuids
* Remove misplaced semicolon
2017-01-29 Serge Hallyn <serge@hallyn.com>
* Patch from Fedora to improve performance with SSSD, Winbind,
or nss_ldap. (Tomas Mraz)
* Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer)
2016-12-21 Serge Hallyn <serge@hallyn.com>
* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
* Fix readability in usermod error messages.
* Reset user in tallylog
* Add audit support to su
* Changes since 4.4
2016-12-02 Serge Hallyn <serge@hallyn.com>
- Use sizeof rather than hardcoding snprintf args
- Fix useradd improper default loading
- Update Vietnamese translations
- Update Polish translations
- Remove non-POSIX chmod option in Makefile
- Fix suidubins assignments
- Fix --add-subuids etc spelling in manpages
- Audit homedir ownership change.
- Print error on selinux file context update failure
- Keep original file perms when creating a backup
* Changes since 4.2.1:
2016-12-02 Serge Hallyn <serge@hallyn.com>
- Documentation, error report and translations updates
- Replace path_max with 32
- User namespace support fixes/updates including:
- Correct sanity checks in newXidmap
- Fix building without subuid support
- Add /etc/subuid support for UID matching
- Support subuid for nonlocal users
- Default to 65536 subuid allocations
- Respect -r
- Check for range overflows
- Add tests from svn tree
- Use AC_CHECK_SIZEOF for uid_t size checks
- Accomodate missing /etc and login.defs
- Support FORCE_SHADOW
- Be more robust in hostile environment
- Allow removing a primary group
- Clear passwords on __pw_dup errors
- Memory leak fix in commonio_update and get_map_ranges
- Fix resource leak in syslog_sg
- Fix user busy error at userdel
- Support set/clear lastlog record via lastlog command
- Add --no-create-home as longopt for -M
- Fix signal races
- Reduce syslog priority of common usage events
Fixes: Bug 12762
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This is a more generic term since CoDel is no longer being used
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from 007 (2013) to 013 (2020)
- Update rootfile
- Changelog
usbutils 013
Aurelien Jarno (1):
lsusb.8.in: do not mention usb.ids
Baruch Siach (1):
usb-devices.1: don't mention bash
Greg Kroah-Hartman (15):
usbhid-dump: move manpage to main directory out of subdir
usbhid-dump.8: add SPDX header
usbhid-dump.8: autogenerate it with the usbutils version number
.gitignore: add usbhid-dump.8
usbhid-dump: add SPDX identifiers to all files.
usbhid-dump: remove libusb.h libusb_strerror() implementation
usbhid-dump: remove lib directory
usbhid-dump: move .h files into src/ directory
Makefile.am: add usbhid-dump.8 to distclean list
usbhid-dump: some autoconf cleanup
usbhid-dump: remove some dev_list functions that were never used
dump_audiostreaming_interface(): remove unused variable
usbmisc: initialize string buffer before reading from device.
lsusb.py: drop trailing space on non-hub devices
lsusb.py: strip whitespace from device strings
Jakub Wilk (2):
lsusb(8): fix formatting
lsusb(8): document --tree
Pino Toscano (1):
lsusb.py: remove private paths for usb.ids
Rob Gill (1):
Additional device classes for usb-devices script
Rosen Penev (1):
usbhid-dump: Do not use rindex
Thomas Hebb (4):
Move read_sysfs_prop() from names.c to its own file
sysfs: Don't return bogus data for devices under a hub
lsusb: Use vendor and product name fallback logic in -D mode too
lsusb: Get manufacturer, product, and serial from sysfs
Timothy Robert Bednarzyk (1):
bootstrap: change /bin/bash to /bin/sh
Torleiv Sundre (1):
lsusb: fix two typos in UVC Extension Unit descriptor
Tormod Volden (1):
usbhid-dump: Put back autoconf check for libusb_set_option()
usbutils 012
Greg Kroah-Hartman:
Merge usbhid-dump into main usbutils repository
usbutils 011
Clemens Fruhwirth (1):
Add usbreset.c as noinst_PROGRAMS target.
Daniel Schaefer (1):
lsusb: Read unkown names from sysfs device desc.
Darsey Litzenberger (3):
Remove a small hack that no longer has any effect.
Cleanup grammar
lsusb-t: Emit USB IDs and other handy info when verbosity is increased
Emmanuele Bassi (1):
Require newer version of libusb
Georg Brandl (1):
lsusb.py: fix up Python 3 conversion
Greg Kroah-Hartman (10):
SPDX bill-of-material is supposed to be project_name.spdx
usbutils.spdx: rerun report, it is properly sorted.
desc-dump.c: fix compiler warning about unused variable
add usbreset to .gitignore
usbreset: fix some build warnings
usbhid-dump: update to latest version
fix up standard int types
update usbhid-dump git id
usbhid-dump: update to a newer version of usbhid-dump again.
usbutils.spdx: update with latest information
Kurt Garloff (4):
lsusb.py: Search multiple paths for usb.ids.
lsusb.py: Usb enum for parser state machine.
lsusb.py: Add driver names for usbhid.
lsusb.py: python2 compatibility
Lukas Nykryn (1):
Makefile.am: add files with licenses to archive
Mantas Mikulėnas (33):
lsusb.py: sort devices and interfaces numerically
lsusb.py: sort toplevel entries
lsusb.py: improve usage text
lsusb.py: replace fake deepcopy()
lsusb.py: remove -w (warn if usb.ids not sorted) option
lsusb.py: ensure all error messages are written to stderr
lsusb.py: support long options
lsusb.py: use regular print() instead of hand-rolling the same thing
lsusb.py: avoid shadowing Python's built-in 'str'
lsusb.py: replace usb.ids binary search with dict lookup
lsusb.py: remove now-unused bin_search()
lsusb.py: avoid manual calls to __foo__()
lsusb.py: replace __repr__() for USB IDs with __str__()
lsusb.py: insert class FF:FF:FF into usbclasses to avoid special casing
lsusb.py: entirely remove Usb* classes
lsusb.py: cosmetic - replace tuples-as-"immutable lists" with regular lists
lsusb.py: use 'elif' where suitable
lsusb.py: remove dead code
lsusb.py: move unrelated code out of try..except
lsusb.py: allow - as well as _ when matching hci module names
lsusb.py: use a constant for the magic class number 9
lsusb.py: Usb* classes: call read() automatically from constructor
lsusb.py: UsbEndpoint: indent is a class implementation detail
lsusb.py: a few cosmetic changes
lsusb.py: shorten find_usb_class()
lsusb.py: give all Usb* objects a .path attribute
lsusb.py: add an actual __repr__() to classes
lsusb.py: give all Usb* classes a superclass
lsusb.py: convert readattr() and readlink() to methods of the container
lsusb.py: use color by default
lsusb.py: rework output for more consistent indent of both columns
lsusb.py: fix endpoint interval spacing
lsusb.py: visually group USB-version-related fields
Michael Drake (4):
lsusb: Split out routine that fetches value for given field.
lsusb: Split out field name rendering.
lsusb: Add support for descriptor extensions.
lsusb: Add support for audio processing unit type-specific fields.
Philip Langdale (2):
lsusb: Added support for Billboard Alternate Mode Capability descriptor
lsusb.py: Fix formatting of 10Gbps speeds
Ross Burton (1):
usb-devices: use /bin/sh hashbang
Solomon Peachy (1):
lsusb: Add support for decoding IPP printer descriptors
Stefan Tauner (1):
Depend on libusb 1.0.14
Valerii Zapodovnikov (1):
man pages: add information on verbosity levels of -t option
junjie (1):
fix typo
usbutils 010
Aurelien Jarno (2):
usbreset.c: add missing <stdlib.h> include
Do not create and install usbutils.pc
Greg Kroah-Hartman (32):
fix dump_videocontrol_interface for unitialized variable usage
Add correct SPDX license identifiers to all files
Add SPDX identifiers on files that did not have a specific license.
wTotalLength should be printed as a hex number
usbmisc: fix up some strncpy() issues
lsusb-t: fix up error with readlink()
lsusb.py.in: add proper SPDX license identifier
usb-devices: reword the copyright identifier
LICENSES: move the GPL 2 license to the LICENSES directory
LICENSES/GPL-3.0.txt: add the file
lsusb.h: add copyright notice
lsusb-t: add copyright info
bom.spdx: Add bill of materials file in SPDX format.
ChangeLog: remove it.
AUTHORS: remove file
do_release: drop file
NEWS: add SPDX header and comment
autogen.sh: add SPDX and copyright header
list.h: add copyright information
travis-autogen.sh: add SPDX and copyright information.
INSTALL: remove the file, it's boiler-plate
configure.ac: add SPDX and copyright
man pages: add SPDX and copyright information
Makefile.am: add SPDX and copyright information
.gitmodules: add SPDX and copyright lines
lsusb.py.in: fix up Copyright strings
usbreset.c: add Alan's copyright
.travis.yml: add correct SPDX and copyright notices
bom.spdx: update with latest copyright and SPDX identifier additions
README.md: move the README file to markdown
README.md: fix fomatting
bom.spdx: upate with README -> README.md change
Lukas Nykryn (1):
lsusb.py: convert to python3
Michael Drake (11):
lsusb: Split subtype mapping out of AudioControl interface handling.
lsusb: Add declarative definitions for UAC1 and UAC2 descriptors.
lsusb: Add code to dump descriptor data using descriptor definition.
lsusb: Switch to descriptor-definition based dump for UAC1 and UAC2.
lsusb: Add descriptor definitions for UAC3.
lsusb: Add initial support for USB Audio Device Class 3.
lsusb: Add descriptor definition for USB3 BOS Configuration Summary.
lsusb: Dump USB3 BOS Configuration Summary Descriptor.
lsusb: Squash Wpointer-compare warning.
lsusb: Remove unused function.
lsusb: Fix array entry count for variable sized entries.
Robby Workman (1):
Makefile.am: Include usbreset.c in the release tarball
Torleiv Sundre (1):
lsusb: Dump UVC Stream based payload descriptor.
usbutils 009
Bjørn Mork (1):
usbreset: coding style
Emmanuele Bassi (1):
Don't use C99-ism
Greg Kroah-Hartman (22):
usbhid-dump: update submodule to latest version
add usbreset.c example program
update usbhid-dump to latest
lsusb.py: Don't dump a trace dump if usb.ids is not present
Grueninger, Tobias (1):
USB: usb-devices: Interface number can be a string
Heinrich Schuchardt (1):
autogen.sh: checkout usbhid-dump
Jaejoong Kim (4):
lsusb : add support for the Encoding Unit Desc for uvc 1.5 device
lsusb: fix alignment for Video Streaming interface desc
lsusb: parse additional control fileds in USB video control interfaces for UVC1.5
lsusb: proper display hexadecimal value for UVC control interface
Jakub Wilk (1):
Fix typos
Jo-Philipp Wich (1):
usbreset.c: import usability improvements from OpenWrt
Justin McBride (2):
Update lsusb.c
Un-indent bVariableSize for Frame-Based Format descriptors
Kylie McClain (1):
Makefile: install pkgconfig file to arch-dependent location
Mathias Nyman (2):
lsusb: Allocate the BOS descriptor buffer dynamically
lsusb: Add support for the USB 3.1 SuperSpeedPlus device capability desc
Muthu M (2):
lsusb: Fix issue with lengthy string descriptors
lsusb: Added support for Billboard Capability descriptor
Nikolai Kondrashov (2):
Update usbhid-dump repo URL
Update usbhid-dump to v1.4
Stephan Linz (7):
travis-ci: add control files borrowed from libusb
configure: remove summary about unused USE_ZLIB
drop unused input file for usb.ids update script
substitute usb.id location in lsusb Python script
travis-ci: cleanup before second run
travis-ci: rework travis-autogen.sh
lsusb: remove unused variable procbususb
Tobias Klauser (4):
lsusb: Report correct MaxPower for USB 3.0 devices
lsusb: Request proper descriptor type for USB 3.1
lsusb: Store link state descriptions without preceding space
build: Request at least libusb 1.0.9
Torleiv Sundre (2):
Added support for Platform Device Capability descriptor
lsusb: change endianness of first three fields when printing UUID/GUIDs.
Vianney le Clément de Saint-Marcq (3):
lsusb: Fix UVC STILL_IMAGE_FRAME descriptor
lsusb: Fix UVC VideoStreaming interface header descriptor
lsusb: Fix UVC OUTPUT_TERMINAL descriptor
Vincent Palatin (1):
lsusb: print WebUSB platform descriptor
usbutils 008
Alexandra Yates (2):
lsusb: Reports if USB2.0 port is on L1 state
lsusb: Reports devices that support BESL on USB2.0
Aurelien Jarno (1):
dump_ccid_device: fix a typo
Ben Chan (1):
lsusb: decode CDC MBIM extended functional descriptor
Greg Kroah-Hartman (8):
lsusb: fix incorrect printf() for CAPS
lsusb-t: handle problem if there is no usb bus list
.gitignore: add compile to the list of things we need to ignore
John Freed (1):
Fix logic error
Kurt Garloff (1):
Update lsusb.py in usbutils
Lukas Nykryn (2):
update COPYING file
lsusb-t: don't segfault when usbbuslist is empty
Peter Wu (1):
Ignore invalid string descriptors
Raphaël Droz (1):
usb-devices: hexadecimal bInterfaceNumber handling
Tom Gundersen (2):
lsusb: port to hwdb
drop dependency on usb.ids
Vadim Rutkovsky (1):
New path for usbhid-dump submodule
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 5.803 (2004) to 6.60 (2021)
- Rename lfs and rootfile from libwww-perl to perl-libwww making it consistent with other
perl programs that start with perl rather than end with it in the name
- Update of rootfile
- Changelog is too long to include here (~900 lines long)
The details can be found in the Changes file in the source tarball. Looks like more
than 200 bugs fixed between the existing and new versions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.8.3 (2002) to 1.20 (2021)
- Update rootfile
- There is no longer a make process for make install-compat
To have the compat libraries you have to add --enable-libgdbm-compat to the configure
command but then you don't get the non compat libraries.
So the full configure, make, make install has to be run twice with
--enable-libgdbm-compat added to the second instance.
- Both static and shared libs are built by default so added --disable-static to both
build instances
- Nothing flagged from find-dependencies run against the old library versions
- Changelog is too large to include here but full details can be found from the
ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 2.9.10 to 2.9.12
- Update rootfile
- Changelog for 2.9.11 is too large to put all of it here. Full details can be found at
http://www.xmlsoft.org/news.html
Git commit comments:-
2.9.12
Brown paper bag release, some recently added sources were missing from
the 2.9.11 tarball
2.9.11
Prompted by CVE-2021-3541, but this includes an awful lot of serious bug
fixes by Nick and others
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 1.5.0 to 1.5.1
- Update of rootfile
- Changelog
v1.5.1 (Dec, 2021)
perf: rebalanced compression levels, to better match the intended speed/level curve,
by @senhuang42
perf: faster huffman decoder, using x64 assembly, by @terrelln
perf: slightly faster high speed modes (strategies fast & dfast), by @felixhandte
perf: improved binary size and faster compilation times, by @terrelln
perf: new row64 mode, used notably in level 12, by @senhuang42
perf: faster mid-level compression speed in presence of highly repetitive patterns,
by @senhuang42
perf: minor compression ratio improvements for small data at high levels, by @cyan4973
perf: reduced stack usage (mostly useful for Linux Kernel), by @terrelln
perf: faster compression speed on incompressible data, by @bindhvo
perf: on-demand reduced ZSTD_DCtx state size, using build macro
ZSTD_DECODER_INTERNAL_BUFFER, at a small cost of performance, by @bindhvo
build: allows hiding static symbols in the dynamic library, using build macro,
by @skitt
build: support for m68k (Motorola 68000's), by @cyan4973
build: improved AIX support, by @Helflym
build: improved meson unofficial build, by @eli-schwartz
cli : custom memory limit when training dictionary (#2925), by @embg
cli : report advanced parameters information when compressing in very verbose mode
(``-vv`), by @Svetlitski-FB
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.11.0 to 2.11.1
- Update of rootfile
- Changelog is too long to include here - more than 1500 lines.
Details can be found in the ChangeLog file in the source tarball.
24 bug fixes listed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.4.1 to 2.4.2
- Update of rootfile
- Changelog
Release 2.4.2 Sun December 19 2021
Other changes:
#509#510 Link againgst libm for function "isnan"
#513#514 Include expat_config.h as early as possible
#498 Autotools: Include files with release archives:
- buildconf.sh
- fuzz/*.c
#507#519 Autotools: Sync CMake templates
#495#524 CMake: MinGW: Fix pkg-config section "Libs" for
- non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
- multi-config CMake generators (e.g. Ninja Multi-Config)
#502#503 docs: Document that function XML_GetBuffer may return NULL
when asking for a buffer of 0 (zero) bytes size
#522#523 docs: Fix return value docs for both
XML_SetBillionLaughsAttackProtection* functions
#525#526 Version info bumped from 9:1:8 to 9:2:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 8.6.11 to 8.6.12
- Update of rootfile
- Changelog is no longer supported by tcl. All changes are put into a timeline which can
be viewed at https://core.tcl-lang.org/tcl/timeline although I can't figure out from
the timeline what change goes with what version. Hopefully other people are better
able to understand the information. This timelien cannot be easily summarised or
copied into this commit.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 10.37 to 10.39
- Update of rootfile
- Changelog
Version 10.39 29-October-2021
1. Fix incorrect detection of alternatives in first character search in JIT.
2. Merged patch from @carenas (GitHub #28):
Visual Studio 2013 includes support for %zu and %td, so let newer
versions of it avoid the fallback, and while at it, make sure that
the first check is for DISABLE_PERCENT_ZT so it will be always
honoured if chosen.
prtdiff_t is signed, so use a signed type instead, and make sure
that an appropiate width is chosen if pointers are 64bit wide and
long is not (ex: Windows 64bit).
IMHO removing the cast (and therefore the positibilty of truncation)
make the code cleaner and the fallback is likely portable enough
with all 64-bit POSIX systems doing LP64 except for Windows.
3. Merged patch from @carenas (GitHub #29) to update to Unicode 14.0.0.
4. Merged patch from @carenas (GitHub #30):
* Cleanup: remove references to no longer used stdint.h
Since 19c50b9d (Unconditionally use inttypes.h instead of trying for stdint.h
(simplification) and remove the now unnecessary inclusion in
pcre2_internal.h., 2018-11-14), stdint.h is no longer used.
Remove checks for it in autotools and CMake and document better the expected
build failures for systems that might have stdint.h (C99) and not inttypes.h
(from POSIX), like old Windows.
* Cleanup: remove detection for inttypes.h which is a hard dependency
CMake checks for standard headers are not meant to be used for hard
dependencies, so will prevent a possible fallback to work.
Alternatively, the header could be checked to make the configuration fail
instead of breaking the build, but that was punted, as it was missing anyway
from autotools.
5. Merged patch from @carenas (GitHub #32):
* jit: allow building with ancient MSVC versions
Visual Studio older than 2013 fails to build with JIT enabled, because it is
unable to parse non C89 compatible syntax, with mixed declarations and code.
While most recent compilers wouldn't even report this as a warning since it
is valid C99, it could be also made visible by adding to gcc/clang the
-Wdeclaration-after-statement flag at build time.
Move the code below the affected definitions.
* pcre2grep: avoid mixing declarations with code
Since d5a61ee8 (Patch to detect (and ignore) symlink loops in pcre2grep,
2021-08-28), code will fail to build in a strict C89 compiler.
Reformat slightly to make it C89 compatible again.
Version 10.38 01-October-2021
1. Fix invalid single character repetition issues in JIT when the repetition
is inside a capturing bracket and the bracket is preceeded by character
literals.
2. Installed revised CMake configuration files provided by Jan-Willem Blokland.
This extends the CMake build system to build both static and shared libraries
in one go, builds the static library with PIC, and exposes PCRE2 libraries
using the CMake config files. JWB provided these notes:
- Introduced CMake variable BUILD_STATIC_LIBS to build the static library.
- Make a small modification to config-cmake.h.in by removing the PCRE2_STATIC
variable. Added PCRE2_STATIC variable to the static build using the
target_compile_definitions() function.
- Extended the CMake config files.
- Introduced CMake variable PCRE2_USE_STATIC_LIBS to easily switch between
the static and shared libraries.
- Added the PCRE_STATIC variable to the target compile definitions for the
import of the static library.
Building static and shared libraries using MSVC results in a name clash of
the libraries. Both static and shared library builds create, for example, the
file pcre2-8.lib. Therefore, I decided to change the static library names by
adding "-static". For example, pcre2-8.lib has become pcre2-8-static.lib.
[Comment by PH: this is MSVC-specific. It doesn't happen on Linux.]
3. Increased the minimum release number for CMake to 3.0.0 because older than
2.8.12 is deprecated (it was set to 2.8.5) and causes warnings. Even 3.0.0 is
quite old; it was released in 2014.
4. Implemented a modified version of Thomas Tempelmann's pcre2grep patch for
detecting symlink loops. This is dependent on the availability of realpath(),
which is now tested for in ./configure and CMakeLists.txt.
5. Implemented a modified version of Thomas Tempelmann's patch for faster
case-independent "first code unit" searches for unanchored patterns in 8-bit
mode in the interpreters. Instead of just remembering whether one case matched
or not, it remembers the position of a previous match so as to avoid
unnecessary repeated searching.
6. Perl now locks out \K in lookarounds, so PCRE2 now does the same by default.
However, just in case anybody was relying on the old behaviour, there is an
option called PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK that enables the old behaviour.
An option has also been added to pcre2grep to enable this.
7. Re-enable a JIT optimization which was unintentionally disabled in 10.35.
8. There is a loop counter to catch excessively crazy patterns when checking
the lengths of lookbehinds at compile time. This was incorrectly getting reset
whenever a lookahead was processed, leading to some fuzzer-generated patterns
taking a very long time to compile when (?|) was present in the pattern,
because (?|) disables caching of group lengths.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Full changelog as given in the NEWS file:
kmod 29
=======
- Improvements
- Add support to use /usr/local as a place for configuration files. This makes it easier
to install locally without overriding distro files.
- Bug fixes
- Fix `modinfo -F` when module is builtin: when we asked by a specific field from modinfo,
it was not working correctly if the module was builtin
- Documentation fixes on precedence order of /etc and /run: the correct order is
/etc/modprobe.d, /run/modprobe.d, /lib/modprobe.d
- Fix the priority order that we use for searching configuration files. The
correct one is /etc, /run, /usr/local/lib, /lib, for both modprobe.d
and depmo.d
- Fix kernel command line parsing when there are quotes present. Grub
mangles the command line and changes it from 'module.option="val with
spaces"' to '"module.option=val with spaces"'. Although this is weird
behavior and grub could have been fixed, the kernel understands it
correctly for builtin modules. So change libkmod to also parse it
correctly. This also brings another hidden behavior from the kernel:
newline in the kernel command line is also allowed and can be used to
separate options.
- Fix a memory leak, overflow and double free on error path
- Fix documentation for return value from kmod_module_get_info(): we
return the number of entries we added to the list
- Fix output of modules.builtin.alias.bin index: we were writing an empty file due to
the misuse of kmod_module_get_info()
- Infra/internal
- Retire integration with semaphoreci
- Declare the github mirror also as an official upstream source: now besides accepting
patches via mailing list, PRs on github are also acceptable
- Misc improvements to testsuite, so we can use it reliably regardless
of the configuration used: now tests will skip if we don't have the
build dependencies)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- util-macros was originally installed as a build requirement for pciaccess which is
a dependency of libvirt
- Along the way of updates of pciaccess the build requirement for util-macros is no
longer needed. pciaccess built without problems with util-macros removed.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 10.2 to 11.1
- Update of rootfile
- Changelog
Version 11.1 of GDB includes the following changes and enhancements:
Support for ARM Symbian (arm*-*-symbianelf*) has been removed.
Building GDB now requires GMP (The GNU Multiple Precision Arithmetic Library).
New command-line options "--early-init-command" (or "-eix") and
"--early-init-eval-command" (or "-eiex")
GDB/MI Changes:
New --qualified option for the '-break-insert' and '-dprintf-insert' commands.
New --force-condition option for the '-break-insert' and '-dprintf-insert' commands.
New --force option for the '-break-condition' command.
The '-file-list-exec-source-files' now accepts an optional regular expression to
filter the source files included in the result.
The results from '-file-list-exec-source-files' now include a 'debug-fully-read'
field to indicate if the corresponding source's debugging information has been
partially read (false) or has been fully read (true).
TUI Improvements:
Mouse actions are now supported. The mouse wheel scrolls the appropriate window.
Key combinations that do not have a specific action on the focused window are now
passed to GDB.
Python enhancements:
Inferior objects now contain a read-only 'connection_num' attribute that gives the
connection number as seen in 'info connections' and 'info inferiors'.
New method gdb.Frame.level() which returns the stack level of the frame object.
New method gdb.PendingFrame.level() which returns the stack level of the frame
object.
When hitting a catchpoint, the Python API will now emit a gdb.BreakpointEvent
rather than a gdb.StopEvent. The gdb.Breakpoint attached to the event will have
type BP_CATCHPOINT.
Python TUI windows can now receive mouse click events. If the Window object
implements the click method, it is called for each mouse click event in this
window.
New setting "python ignore-environment on|off"; if "on", causes GDB's builtin
Python to ignore any environment variable that would otherwise affect how Python
behaves (needs to be set during "early initialization" (see above).
New setting "python dont-write-bytecode auto|on|off".
Guile API enhancements:
Improved support for rvalue reference values.
New procedures for obtaining value variants: value-reference-value,
value-rvalue-reference-value and value-const-value.
New "qMemTags" and "QMemTags" remote protocol packets (associated with Memory Tagging).
GDB will now look for the .gdbinit file in a config directory before looking for
~/.gdbinit. The file is searched for in the following locations: $XDG_CONFIG_HOME/gdb/gdbinit, $HOME/.config/gdb/gdbinit, $HOME/.gdbinit. On Apple hosts the search order is instead: $HOME/Library/Preferences/gdb/gdbinit, $HOME/.gdbinit.
The "break [...] if CONDITION" command no longer returns an error when the condition
is invalid at one or more locations. Instead, if the condition is valid at one or
more locations, the locations where the condition is not valid are disabled.
The behavior of the "condition" command is changed to match the new behavior of the
"break" command.
Support for general memory tagging functionality (currently limited to AArch64 MTE)
Core file debugging now supported for x86_64 Cygwin programs.
New "org.gnu.gdb.riscv.vector" feature for RISC-V targets.
GDB now supports fixed point types which are described in DWARF as base types with a
fixed-point encoding. Additionally, support for the DW_AT_GNU_numerator and
DW_AT_GNU_denominator has also been added.
Miscellaneous:
New "startup-quietly on|off" setting; when "on", behaves the same as passing the
"-silent" option on the command line.
New "print type hex on|off" setting; when 'on', the 'ptype' command uses
hexadecimal notation to print sizes and offsets of struct members. When 'off',
decimal notation is used.
The "inferior" command, when run without argument, prints information about the
current inferior.
The "ptype" command now supports "/x" and "/d", affecting the base used to print
sizes and offsets.
The output of the "info source" has been restructured.
New "style version foreground | background | intensity" commands to control the
styling of the GDB version number.
Various debug and maintenance commands (mostly useful for the GDB developers)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://dlcdn.apache.org//httpd/CHANGES_2.4.52
Excerpt from changelog:
""Changes with Apache 2.4.52
*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: 漂亮é¼
TengMA(@Te3t123)
..."
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This converter does all the magic to convert any suricata
based IPFire version to work with the new multiple providers
IDS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
- v3 version uses newer version of fribidi
- lfs file created
- rootfile created
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- v3 version has updated pango version
- Update from 1.30.1 (2012) to 1.50.0 (2021)
- Update of rootfile - Pango modules, engines, and config have been removed (#733882) in
version 1.37.0 in 2014.
- pango now has dependencies of harfbuzz and fribidi so patches for these two are
included in the following two patches for this series.
- make.sh modified to include
build of these two packages before pango is built
- Build is done via meson/ninja now
- Changelog is too large to show here but the details can be found in the NEWS file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
This patch removes support for i586 according to the decision being
taken over a year ago.
It removes the architecture from the build system and removes all
required hacks and other quirks that have been necessary before.
There is no need to ship any changed files to the remaining
architectures as the removed code branches have not been used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.10.4 to 2.11.0
- Update rootfile
- Changelog
CHANGES BETWEEN 2.10.4 and 2.11.0
I. IMPORTANT CHANGES
- A new rendering module has been added to create 8-bit Signed Distance Field (SDF)
bitmaps for both outline and bitmap glyphs. The new rendering mode is called
`FT_RENDER_MODE_SDF`, the pixel mode is `FT_PIXEL_MODE_GRAY8`, and the
corresponding raster flag is `FT_RASTER_FLAG_SDF`. This work was Anuj Verma's
GSoC 2020 project.
- A new, experimental API is now available for surfacing properties of 'COLR' v1
color fonts (as the name says, this is an extension to the 'COLR' table for
outline color fonts using the SFNT container format). 'COLR' v1 fonts are a
recently proposed addition to OFF and OpenType; specification work currently
happens in https://github.com/googlefonts/colr-gradients-spec/ 'COLR' v1 is
expected to be merged to OpenType; the ISO standardisation process for adding
'COLR' v1 as an amendment to OFF is underway. Functions similar to the already
existing 'COLR' API have been added to access the corresponding data.
FT_Get_Color_Glyph_Paint Retrieve the root paint for a given glyph ID.
FT_Get_Paint_Layers Access the layers of a `PaintColrLayers` table.
FT_Get_Colorline_Stops Retrieve the 'color stops' on a color line. As an input,
a color stop iterator gets used, which in turn is retrieved from a paint.
FT_Get_Paint Dereference an `FT_OpaquePaint` object and retrieve the
corresponding `FT_COLR_Paint` object, which contains details on how to draw the
respective 'COLR' v1 `Paint` table.
II. MISCELLANEOUS
- FreeType has moved its infrastructure to https://gitlab.freedesktop.org/freetype
A side effect is that the git repositories are now called `freetype.git` and
`freetype-demos.git`, which by default expand to the directories `freetype` and
`freetype-demos`, respectively. The documentation has been updated accordingly.
FreeType's Savannah repositories will stay; they are now mirrors of the
'freedesktop.org' repositories.
- A new function `FT_Get_Transform` returns the values set by `FT_Set_Transform`.
- A new configuration macro `FT_DEBUG_LOGGING` is available. It provides extended
debugging capabilities for FreeType, for example showing a time stamp or
displaying the component a tracing message comes from. See file `docs/DEBUG` for
more information. This work was Priyesh Kumar's GSoC 2020 project.
- The legacy Type 1 and CFF engines are further demoted due to lack of CFF2
charstring support. You now need to use `FT_Property_Set` to enable them besides
the `T1_CONFIG_OPTION_OLD_ENGINE` and `CFF_CONFIG_OPTION_OLD_ENGINE` options,
respectively.
- The experimental 'warp' mode (AF_CONFIG_OPTION_USE_WARPER) for the auto-hinter
has been removed.
- The smooth rasterizer performance has been improved by >10%. Note that due to
necessary code changes there might be very subtle differences in rendering. They
are not visible by the eye, however.
- PCF bitmap fonts compressed with LZW (these are usually files with the extension
`.pcf.Z`) are now handled correctly.
- Improved Meson build files, including support to build the FreeType demo programs.
- A new demo program `ftsdf` is available to display Signed Distance Fields of
glyphs.
- The `ftlint` demo program has been extended to do more testing of its input. In
particular, it can display horizontal and vertical acutances for quality
assessment, together with computing MD5 checksums of rendered glyphs. [The
acutance measures how sharply the pixel coverage changes at glyph edges. For
monochrome bitmaps, it is always 2.0 in either X or Y direction. For
anti-aliased bitmaps, it depends on the hinting and the shape of a glyph and
might approach or even reach value 2.0 for glyphs like 'I', 'L', '+', '-', or
'=', while it might be lower for glyphs like 'O', 'S', or 'W'.]
- The `ttdebug` demo program didn't show changed point coordinates (bug introduced
in version 2.10.3).
- It is now possible to adjust the axis increment for variable fonts in the
`ftmulti` demo program.
- It is now possible to change the hinting engine in the `ftstring` demo program.
- The graphical demo programs work better now in native color depth on win32 and
x11.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 1.35 (2004) to 5.09 (2021)
- Update of rootfile required
- Changelog is too large to include here.
Full details can be found in Changes file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 0.100 (2002) to 1.1 (2007 - latest version)
- Update rootfile
- Changelog
1.1 Sun May 18 21:13:38 2007
- Released version 1.1.
- Clearly marked MSWin32 systems as unsupported. (How do
64bit Windows system identify themselves?)
- Fixed bug that caused Perl to segfault when closelog() was
called before openlog().
1.0 Tue Oct 2 22:22:43 2007
- Bumped version number to 1.0.
- License has changed to Artistic 2.0!
- (Syslog.pm) Get rid of `require AutoLoader', which was wrong
to begin with.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 10.3.2 to 10.4.0
- Update of rootfile
- Changelog
10.4.0: release
* Add --allow-weak-crypto option to suppress warnings about use of
weak cryptographic algorithms. Update documentation around this
issue. Fixes#358.
* Relax xref recovery logic a bit so that files whose objects are
either missing endobj or have endobj at other than the beginning
of a line can still be recovered. Fixes#573.
* Add support for OpenSSL 3. Fixes#568.
The OpenSSL version is detected at compile-time. If you want to
build with OpenSSL 3 on a system that has OpenSSL 1 installed, you
can run configure like this (or similar to this depending on how
you installed openssl3):
pc_openssl_CFLAGS=-I/path/to/openssl3/include \
pc_openssl_LIBS='-L/path/to/openssl3/lib64 -lssl -lcrypto' \
./configure
where /path/to/openssl3 is wherever your OpenSSL 3 distribution is
installed. You may also need to set the LD_LIBRARY_PATH
environment variable if it's not installed in a standard location.
* Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740).
* Add QIntC::range_check_subtract to do range checking on
subtraction, which has different boundary conditions from
addition.
* Bug fix: fix crash that could occur under certain conditions
when using --pages with files that had form fields. Fixes#548.
* Add an extra check to the library to detect when foreign objects
are inserted directly (instead of using
<function>QPDF::copyForeignObject</function>) at the time of
insertion rather than when the file is written. Catching the error
sooner makes it much easier to locate the incorrect code.
* Bug fix: make overlay/underlay work on a page with no resource
dictionary. Fixes#527.
* Add QPDF::findPage to the public API. This is primarily to help
improve the efficiency of code that wraps the qpdf library, such
as pikepdf. Fixes#516.
* zlib-flate: warn and exit with code 3 when there is corrupted
input data even when decompression is possible. We do this in the
zlib-flate CLI so that it can be more reliably used to test the
validity of zlib streams, but we don't warn by default in qpdf
itself because PDF files in the wild exist with this problem and
other readers appear to tolerate it. There is a PDF in the qpdf
test suite (form-filled-by-acrobat.pdf) that was written by a
version of Adobe Acrobat that exhibits this problem. Fixes#562.
* Add Pl_Flate::setWarnCallback to make it possible to be notified
of data errors that are recoverable but still indicate invalid
data.
* Improve error reporting when someone forgets the -- after
--pages. Fixes#555.
* Bug fix: ensure we don't overflow any string bounds while
handling completion, even when we are given bogus input values.
Fixes#441.
* Improve performance of preservation of object streams by
avoiding unnecessary traversal of objects when there are no object
streams.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 21.07.0 to 21.11.0
- Update of rootfile
- find-dependencies run to check so bump. No issues found
- Changelog
Release 21.11.0:
core:
* Fix rendering of some non-standard confirming annotations
* Support rendering of some non-standard Type3 charprocs. Issue #1150
* TextOutputDev: Respect orientation when selecting words. Issue #499
* CairoOutputDev: Don't override the antialias settings from the cairo_t
* StructElement: support MCID in XObjects
* Fix detection of monospace fonts
* Ignore Adobe-Identity for non embedded CID fonts
* PageLabelInfo::labelToIndex: work on some special no style intervals
* Fix crash in malformed files
* Minor code improvements
utils:
* pdfinfo: add -url option to print all URLs in a PDF
* pdftohtml: document what zoom means in regard to DPI
qt6:
* Require Qt 6.1
* Minor code improvements
Release 21.10.0:
core:
* Add support for setting custom stamp annotations
* Add default appearance for the well known stamp names
* Correct encoding of signature's properties Reason & Location
* Splash: Fix rendering of some odd patterns
* SignatureHandler::validateCertificate: Add option to not do OCSP revocation check
* SignatureHandler::validateCertificate: Add support for AIA fetching to verify certificates
* greallocn: if memory allocation fails, free the previous pointer to avoid memory leak
* Fix issues with malformed files
* Internal code improvements
utils:
* pdfsig: Add a way to list certificate nicknames
* pdfsig: You can now add signatures from pdfsig
* pdfsig: Add option to not do OCSP revocation check
* pdfsig: Add option for AIA fetching to verify certificates
* pdfinfo: Add -custom option to print custom metadata
* pdfinfo: add metadata flags
qt:
* Add support for setting custom stamp annotations
* Add getters for signature's properties Reason & Location
* Internal code improvements
glib:
* Remove incorrect PopplerAttachment deprecation
Release 21.09.0:
core:
* Splash: Massive spped improvement on files that use lots of save/restore (q/Q) operators
* Correct decoding of signature properties Reason & Location when they are Unicode
* Fix issues with malformed files
* MSVC build fixes
build system:
* Call cmake_minium_required() before project()
* Always append to CMAKE_{C,CXX}_FLAGS_${CMAKE_BUILD_TYPE}
* correctly forward user-provided flags to try_compile()
Release 21.08.0:
core:
* Add API to allow addition and modification of outlines into a PDF
* Use additional samples to test for constant parts of an axial gradient
* forms: Create fallback fonts for some well known font names
* Support reading the PDF Version from the Catalog
* Fix XRef::copy when there are modified objects
* Take into account that Date string may be in unicode
* JBIG2Stream: Fix regression in "Do not consider a size-0 to be an error"
* Replace a local bubble sort implementation by std::sort
* Fix issues with malformed files
build system:
* Better error message when libjpeg is not found
* Better error messages when libopenjpeg2 is not found
qt5/qt6:
* Document that a document has to outlive its pages
* Make getPdfVersion return a dedicated version object
glib:
* mimick TextSelectionDumper logic change for spaceAfter
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- v2 version is to extend from 20210714-3.1 to 20210910-3.1
- Update from 20210522-3.1 to 20210910-3.1
- Update rootfile
- Changelog
2021-09-10 Jess Thrysoee
* all: sync with upstream source
2021-07-14 Jess Thrysoee
* all: sync with upstream source
* src/histedit.h: Add wcsdup declaration when ifndef HAVE_WCSDUP. Patch by Rainer Jung.
* examples/wtc1.c: Fix warnings and add missing brace. Patch by Rainer Jung.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- v2 version is to extend from 1.9.8p1 to 1.9.8p2
- Update from 1.9.7p2 to 1.9.8p2
- Update rootfile
- Changelog
What's new in Sudo 1.9.8p2
* Fixed a potential out-of-bounds read with "sudo -i" when the
target user's shell is bash. This is a regression introduced
in sudo 1.9.8. Bug #998.
* sudo_logsrvd now only sends a log ID for first command of a session.
There is no need to send the log ID for each sub-command.
* Fixed a few minor memory leaks in intercept mode.
* Fixed a problem with sudo_logsrvd in relay mode if "store_first"
was enabled when handling sub-commands. A new zero-length journal
file was created for each sub-command instead of simply using
the existing journal file.
What's new in Sudo 1.9.8p1
* Fixed support for passing a prompt (sudo -p) or a login class
(sudo -l) on the command line. This is a regression introduced
in sudo 1.9.8. Bug #993.
* Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
This is a regression introduced in sudo 1.9.8. Bug #994.
* Fixed a compilation error when the --enable-static-sudoers configure
option was specified. This is a regression introduced in sudo
1.9.8 caused by a symbol clash with the intercept and log server
protobuf functions.
What's new in Sudo 1.9.8
* It is now possible to transparently intercepting sub-commands
executed by the original command run via sudo. Intercept support
is implemented using LD_PRELOAD (or the equivalent supported by
the system) and so has some limitations. The two main limitations
are that only dynamic executables are supported and only the
execl, execle, execlp, execv, execve, execvp, and execvpe library
functions are currently intercepted. Its main use case is to
support restricting privileged shells run via sudo.
To support this, there is a new "intercept" Defaults setting and
an INTERCEPT command tag that can be used in sudoers. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
Defaults!SHELLS intercept
would cause sudo to run the listed shells in intercept mode.
This can also be set on a per-rule basis. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
chuck ALL = INTERCEPT: SHELLS
would only apply intercept mode to user "chuck" when running one
of the listed shells.
In intercept mode, sudo will not prompt for a password before
running a sub-command and will not allow a set-user-ID or
set-group-ID program to be run by default. The new
intercept_authenticate and intercept_allow_setid sudoers settings
can be used to change this behavior.
* The new "log_subcmds" sudoers setting can be used to log additional
commands run in a privileged shell. It uses the same mechanism as
the intercept support described above and has the same limitations.
* The new "log_exit_status" sudoers setting can be used to log
the exit status commands run via sudo. This is also a corresponding
"log_exit" setting in the sudo_logsrvd.conf eventlog stanza.
* Support for logging sudo_logsrvd errors via syslog or to a file.
Previously, most sudo_logsrvd errors were only visible in the
debug log.
* Better diagnostics when there is a TLS certificate validation error.
* Using the "+=" or "-=" operators in a Defaults setting that takes
a string, not a list, now produces a warning from sudo and a
syntax error from inside visudo.
* Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
had no effect when creating I/O log parent directories if the I/O log
file name ended with the string "XXXXXX".
* Fixed a bug in the sudoers custom prompt code where the size
parameter that was passed to the strlcpy() function was incorrect.
No overflow was possible since the correct amount of memory was
already pre-allocated.
* The mksigname and mksiglist helper programs are now built with
the host compiler, not the target compiler, when cross-compiling.
Bug #989.
* Fixed compilation error when the --enable-static-sudoers configure
option was specified. This was due to a typo introduced in sudo
1.9.7. GitHub PR #113.
For more details of the changes then view the ChangeLog file in the source tarball
or at https://www.sudo.ws/changes.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from 3.5.1 to 3.5.2
- Update rootfile
- Changelog
Libarchive 3.5.2 is a feature and security release.
New minor features:
CPIO: Support for PWB and v7 binary cpio formats (#1502)
ZIP reader: Support of deflate algorithm in symbolic link decompression (#1509)
Important Security Fixes:
fix handling of symbolic link ACLs on Linux (#1565)
never follow symlinks when setting file flags on Linux (e2ad1a2)
do not follow symlinks when processing the fixup list (#1566)
Important Bugfixes:
fix extraction of hardlinks to symlinks (#1044)
7zip reader and writer fixes (#1480, #1532)
RAR reader fixes (#1504, #1521)
ZIP reader: fix excessive read for padded zip (#1514)
CAB reader: fix double free (#1520)
handle short writes from archive_write_callback (#1530)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 1.9.3 to 1.9.4
- Update rootfile
- Changelog
Release 1.9.4.
2021-08-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
mpi/longlong.h: fix missing macro parameter parentheses.
* mpi/longlong.h [__alpha] (umul_ppmm): Add parentheses around
used parameters.
[__i370__] (sdiv_qrnnd): Ditto.
[__mips__] (umul_ppmm): Ditto.
[__vax__] (sdiv_qrnnd): Ditto.
tests/t-mpi-point: add NIST curve multiplication test vectors.
* tests/t-mpi-point.c (mpi_base10_scan, check_ec_mul): New.
(main): Call 'check_ec_mul'.
2021-08-22 Werner Koch <wk@gnupg.org>
ecc: Fix bug in gcry_pk_get_param for Curve25519.
* cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Simplify.
* cipher/pubkey.c (map_algo): Also map EDDSA to ECC.
* tests/curves.c (check_get_params): Add simple param lookup tests by
for all curves.
2021-08-22 Johannes Schindelin via Gcrypt-devel <gcrypt-devel@gnupg.org>
build: Fix broken mlock detection.
* acinclude.m4 [GNUPG_CHECK_MLOCK]: Use size_t for the ptr test.
2021-08-22 Werner Koch <wk@gnupg.org>
cipher: Extend convenience OID mapping table for AES.
* cipher/rijndael.c: Add OIDs for GCM and CCM.
Minor tweak to gcry_free.
* src/global.c (_gcry_free): Avoid setting errno again if it did not
change.
2021-08-22 NIIBE Yutaka <gniibe@fsij.org>
random: Silence a warning for building rndjent by Clang.
* random/jitterentropy-base.c: Conditionalize by __OPTIMIZE__.
2021-08-22 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
cipher: Fix memory leaks for EdDSA.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Initialize point Q when used.
2021-08-22 NIIBE Yutaka <gniibe@fsij.org>
ecc: Check the input length for the point.
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Check the length
of valid point representation.
2021-08-22 Jussi Kivilinna <jussi.kivilinna@iki.fi>
hwf-x86: fix use of wrong operand type.
* src/hwf-x86.c (get_cpuid): Use xchg for swapping %ebx back
and forth between operand register.
2021-05-27 NIIBE Yutaka <gniibe@fsij.org>
build: _DARWIN_C_SOURCE should be 1.
* configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.
2021-05-26 NIIBE Yutaka <gniibe@fsij.org>
cipher: Fix ElGamal encryption for other implementations.
* cipher/elgamal.c (gen_k): Remove support of smaller K.
(do_encrypt): Never use smaller K.
(sign): Folllow the change of gen_k.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.17.0 to 4.18.0
- Update of rootfile
- Changelog - Full details can be found in the ChangeLog file in the source tarball
* Noteworthy changes in release 4.18.0 (2021-11-09) [stable]
- Improve GTK-DOC manual. Closes: #35.
- Improve --help and --version for tools with gnulib. Closes: #37.
- Update gnulib files and various maintenance fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
