mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-25 02:12:58 +02:00
e36f341ee554eec800dcaca954c0ee8f4972464e
3274 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
7fa435b3bb |
libffi: Update to version 3.4.4
- Update from version 3.4.2 to 3.4.4 - Update of rootfile - Changelog 3.4.4 Oct-23-2022 Important aarch64 fixes, including support for linux builds with Link Time Optimization (-flto). Fix x86 stdcall stack alignment. Fix x86 Windows msvc assembler compatibility. Fix moxie and or1k small structure args. 3.4.3 Sep-19-22 All struct args are passed by value, regardless of size, as per ABIs. Enable static trampolines for Cygwin. Add support for Loongson's LoongArch64 architecture. Fix x32 static trampolines. Fix 32-bit x86 stdcall stack corruption. Fix ILP32 aarch64 support. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
cdb071978d |
libidn: Update to version 1.41
- Update from version 1.38 to 1.41
- Update of rootfile
- Changelog
* Noteworthy changes in release 1.41 (2022-06-25) [stable]
** Bump LT_REVISION for new release.
It was mistakenly left at the same value since 1.38.
** Add version number related self-checks.
* Noteworthy changes in release 1.40 (2022-06-20) [stable]
** lib: Bump STRINGPREP_VERSION to 1.40.
It was mistakenly left at 1.38 in the 1.39 release.
* Noteworthy changes in release 1.39 (2022-06-20) [stable]
** lib: Code detecting current locale broken since 1.36.
The code always returned ASCII. The precise cause is complicated to
track down but likely boils down to the new autotools/gettext
bootstrapping sequence introduced in release 1.36. Reported by Богдан
Пилипенко <bogdan.pylypenko107@gmail.com>.
** maint: Java JAR archive no longer included in source tarball.
** Minor fixes: typos, makefiles, indentation, gnulib update, etc.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
b0025e53ff |
libjpeg: Update to version 2.1.4
- Update from version 2.0.4 to 2.1.4
- Update of rootfile
- Changelog
2.1.4
### Significant changes relative to 2.1.3
1. Fixed a regression introduced in 2.1.3 that caused build failures with
Visual Studio 2010.
2. The `tjDecompressHeader3()` function in the TurboJPEG C API and the
`TJDecompressor.setSourceImage()` method in the TurboJPEG Java API now accept
"abbreviated table specification" (AKA "tables-only") datastreams, which can be
used to prime the decompressor with quantization and Huffman tables that can be
used when decompressing subsequent "abbreviated image" datastreams.
3. libjpeg-turbo now performs run-time detection of AltiVec instructions on
OS X/PowerPC systems if AltiVec instructions are not enabled at compile time.
This allows both AltiVec-equipped (PowerPC G4 and G5) and non-AltiVec-equipped
(PowerPC G3) CPUs to be supported using the same build of libjpeg-turbo.
4. Fixed an error ("Bogus virtual array access") that occurred when attempting
to decompress a progressive JPEG image with a height less than or equal to one
iMCU (8 * the vertical sampling factor) using buffered-image mode with
interblock smoothing enabled. This was a regression introduced by
2.1 beta1[6(b)].
5. Fixed two issues that prevented partial image decompression from working
properly with buffered-image mode:
- Attempting to call `jpeg_crop_scanline()` after
`jpeg_start_decompress()` but before `jpeg_start_output()` resulted in an error
("Improper call to JPEG library in state 207".)
- Attempting to use `jpeg_skip_scanlines()` resulted in an error ("Bogus
virtual array access") under certain circumstances.
2.1.3
### Significant changes relative to 2.1.2
1. Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM
input files into full-color JPEG images unless the `-grayscale` option was
used.
2. cjpeg now automatically compresses GIF and 8-bit BMP input files into
grayscale JPEG images if the input files contain only shades of gray.
3. The build system now enables the intrinsics implementation of the AArch64
(Arm 64-bit) Neon SIMD extensions by default when using GCC 12 or later.
4. Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using
the merged (non-fancy) upsampling algorithms (that is, with
`cinfo.do_fancy_upsampling` set to `FALSE`) along with `jpeg_crop_scanline()`.
Specifically, the segfault occurred if the number of bytes remaining in the
output buffer was less than the number of bytes required to represent one
uncropped scanline of the output image. For that reason, the issue could only
be reproduced using the libjpeg API, not using djpeg.
2.1.2
### Significant changes relative to 2.1.1
1. Fixed a regression introduced by 2.1 beta1[13] that caused the remaining
GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used
by default with GCC for performance reasons) to be placed in the `.rodata`
section rather than in the `.text` section. This caused the GNU linker to
automatically place the `.rodata` section in an executable segment, which
prevented libjpeg-turbo from working properly with other linkers and also
represented a potential security risk.
2. Fixed an issue whereby the `tjTransform()` function incorrectly computed the
MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus
unduly rejected some cropping regions, even though those regions aligned with
8x8 MCU block boundaries.
3. Fixed a regression introduced by 2.1 beta1[13] that caused the build system
to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy
architectures that do not support Neon instructions.
4. libjpeg-turbo now performs run-time detection of AltiVec instructions on
FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile
time. This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be
supported using the same build of libjpeg-turbo.
5. cjpeg now accepts a `-strict` argument similar to that of djpeg and
jpegtran, which causes the compressor to abort if an LZW-compressed GIF input
image contains incomplete or corrupt image data.
2.1.1
### Significant changes relative to 2.1.0
1. Fixed a regression introduced in 2.1.0 that caused build failures with
non-GCC-compatible compilers for Un*x/Arm platforms.
2. Fixed a regression introduced by 2.1 beta1[13] that prevented the Arm 32-bit
(AArch32) Neon SIMD extensions from building unless the C compiler flags
included `-mfloat-abi=softfp` or `-mfloat-abi=hard`.
3. Fixed an issue in the AArch32 Neon SIMD Huffman encoder whereby reliance on
undefined C compiler behavior led to crashes ("SIGBUS: illegal alignment") on
Android systems when running AArch32/Thumb builds of libjpeg-turbo built with
recent versions of Clang.
4. Added a command-line argument (`-copy icc`) to jpegtran that causes it to
copy only the ICC profile markers from the source file and discard any other
metadata.
5. libjpeg-turbo should now build and run on CHERI-enabled architectures, which
use capability pointers that are larger than the size of `size_t`.
6. Fixed a regression (CVE-2021-37972) introduced by 2.1 beta1[5] that caused a
segfault in the 64-bit SSE2 Huffman encoder when attempting to losslessly
transform a specially-crafted malformed JPEG image.
2.1.0
### Significant changes relative to 2.1 beta1
1. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
decompress certain progressive JPEG images with one or more component planes of
width 8 or less caused a buffer overrun.
2. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
decompress a specially-crafted malformed progressive JPEG image caused the
block smoothing algorithm to read from uninitialized memory.
3. Fixed an issue in the Arm Neon SIMD Huffman encoders that caused the
encoders to generate incorrect results when using the Clang compiler with
Visual Studio.
4. Fixed a floating point exception (CVE-2021-20205) that occurred when
attempting to compress a specially-crafted malformed GIF image with a specified
image width of 0 using cjpeg.
5. Fixed a regression introduced by 2.0 beta1[15] whereby attempting to
generate a progressive JPEG image on an SSE2-capable CPU using a scan script
containing one or more scans with lengths divisible by 32 and non-zero
successive approximation low bit positions would, under certain circumstances,
result in an error ("Missing Huffman code table entry") and an invalid JPEG
image.
6. Introduced a new flag (`TJFLAG_LIMITSCANS` in the TurboJPEG C API and
`TJ.FLAG_LIMIT_SCANS` in the TurboJPEG Java API) and a corresponding TJBench
command-line argument (`-limitscans`) that causes the TurboJPEG decompression
and transform functions/operations to return/throw an error if a progressive
JPEG image contains an unreasonably large number of scans. This allows
applications that use the TurboJPEG API to guard against an exploit of the
progressive JPEG format described in the report
["Two Issues with the JPEG Standard"](https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf).
7. The PPM reader now throws an error, rather than segfaulting (due to a buffer
overrun) or generating incorrect pixels, if an application attempts to use the
`tjLoadImage()` function to load a 16-bit binary PPM file (a binary PPM file
with a maximum value greater than 255) into a grayscale image buffer or to load
a 16-bit binary PGM file into an RGB image buffer.
8. Fixed an issue in the PPM reader that caused incorrect pixels to be
generated when using the `tjLoadImage()` function to load a 16-bit binary PPM
file into an extended RGB image buffer.
9. Fixed an issue whereby, if a JPEG buffer was automatically re-allocated by
one of the TurboJPEG compression or transform functions and an error
subsequently occurred during compression or transformation, the JPEG buffer
pointer passed by the application was not updated when the function returned.
2.0.90 (2.1 beta1)
### Significant changes relative to 2.0.6:
1. The build system, x86-64 SIMD extensions, and accelerated Huffman codec now
support the x32 ABI on Linux, which allows for using x86-64 instructions with
32-bit pointers. The x32 ABI is generally enabled by adding `-mx32` to the
compiler flags.
Caveats:
- CMake 3.9.0 or later is required in order for the build system to
automatically detect an x32 build.
- Java does not support the x32 ABI, and thus the TurboJPEG Java API will
automatically be disabled with x32 builds.
2. Added Loongson MMI SIMD implementations of the RGB-to-grayscale, 4:2:2 fancy
chroma upsampling, 4:2:2 and 4:2:0 merged chroma upsampling/color conversion,
and fast integer DCT/IDCT algorithms. Relative to libjpeg-turbo 2.0.x, this
speeds up:
- the compression of RGB source images into grayscale JPEG images by
approximately 20%
- the decompression of 4:2:2 JPEG images by approximately 40-60% when
using fancy upsampling
- the decompression of 4:2:2 and 4:2:0 JPEG images by approximately
15-20% when using merged upsampling
- the compression of RGB source images by approximately 30-45% when using
the fast integer DCT
- the decompression of JPEG images into RGB destination images by
approximately 2x when using the fast integer IDCT
The overall decompression speedup for RGB images is now approximately
2.3-3.7x (compared to 2-3.5x with libjpeg-turbo 2.0.x.)
3. 32-bit (Armv7 or Armv7s) iOS builds of libjpeg-turbo are no longer
supported, and the libjpeg-turbo build system can no longer be used to package
such builds. 32-bit iOS apps cannot run in iOS 11 and later, and the App Store
no longer allows them.
4. 32-bit (i386) OS X/macOS builds of libjpeg-turbo are no longer supported,
and the libjpeg-turbo build system can no longer be used to package such
builds. 32-bit Mac applications cannot run in macOS 10.15 "Catalina" and
later, and the App Store no longer allows them.
5. The SSE2 (x86 SIMD) and C Huffman encoding algorithms have been
significantly optimized, resulting in a measured average overall compression
speedup of 12-28% for 64-bit code and 22-52% for 32-bit code on various Intel
and AMD CPUs, as well as a measured average overall compression speedup of
0-23% on platforms that do not have a SIMD-accelerated Huffman encoding
implementation.
6. The block smoothing algorithm that is applied by default when decompressing
progressive Huffman-encoded JPEG images has been improved in the following
ways:
- The algorithm is now more fault-tolerant. Previously, if a particular
scan was incomplete, then the smoothing parameters for the incomplete scan
would be applied to the entire output image, including the parts of the image
that were generated by the prior (complete) scan. Visually, this had the
effect of removing block smoothing from lower-frequency scans if they were
followed by an incomplete higher-frequency scan. libjpeg-turbo now applies
block smoothing parameters to each iMCU row based on which scan generated the
pixels in that row, rather than always using the block smoothing parameters for
the most recent scan.
- When applying block smoothing to DC scans, a Gaussian-like kernel with a
5x5 window is used to reduce the "blocky" appearance.
7. Added SIMD acceleration for progressive Huffman encoding on Arm platforms.
This speeds up the compression of full-color progressive JPEGs by about 30-40%
on average (relative to libjpeg-turbo 2.0.x) when using modern Arm CPUs.
8. Added configure-time and run-time auto-detection of Loongson MMI SIMD
instructions, so that the Loongson MMI SIMD extensions can be included in any
MIPS64 libjpeg-turbo build.
9. Added fault tolerance features to djpeg and jpegtran, mainly to demonstrate
methods by which applications can guard against the exploits of the JPEG format
described in the report
["Two Issues with the JPEG Standard"](https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf).
- Both programs now accept a `-maxscans` argument, which can be used to
limit the number of allowable scans in the input file.
- Both programs now accept a `-strict` argument, which can be used to
treat all warnings as fatal.
10. CMake package config files are now included for both the libjpeg and
TurboJPEG API libraries. This facilitates using libjpeg-turbo with CMake's
`find_package()` function. For example:
find_package(libjpeg-turbo CONFIG REQUIRED)
add_executable(libjpeg_program libjpeg_program.c)
target_link_libraries(libjpeg_program PUBLIC libjpeg-turbo::jpeg)
add_executable(libjpeg_program_static libjpeg_program.c)
target_link_libraries(libjpeg_program_static PUBLIC
libjpeg-turbo::jpeg-static)
add_executable(turbojpeg_program turbojpeg_program.c)
target_link_libraries(turbojpeg_program PUBLIC
libjpeg-turbo::turbojpeg)
add_executable(turbojpeg_program_static turbojpeg_program.c)
target_link_libraries(turbojpeg_program_static PUBLIC
libjpeg-turbo::turbojpeg-static)
11. Since the Unisys LZW patent has long expired, cjpeg and djpeg can now
read/write both LZW-compressed and uncompressed GIF files (feature ported from
jpeg-6a and jpeg-9d.)
12. jpegtran now includes the `-wipe` and `-drop` options from jpeg-9a and
jpeg-9d, as well as the ability to expand the image size using the `-crop`
option. Refer to jpegtran.1 or usage.txt for more details.
13. Added a complete intrinsics implementation of the Arm Neon SIMD extensions,
thus providing SIMD acceleration on Arm platforms for all of the algorithms
that are SIMD-accelerated on x86 platforms. This new implementation is
significantly faster in some cases than the old GAS implementation--
depending on the algorithms used, the type of CPU core, and the compiler. GCC,
as of this writing, does not provide a full or optimal set of Neon intrinsics,
so for performance reasons, the default when building libjpeg-turbo with GCC is
to continue using the GAS implementation of the following algorithms:
- 32-bit RGB-to-YCbCr color conversion
- 32-bit fast and accurate inverse DCT
- 64-bit RGB-to-YCbCr and YCbCr-to-RGB color conversion
- 64-bit accurate forward and inverse DCT
- 64-bit Huffman encoding
A new CMake variable (`NEON_INTRINSICS`) can be used to override this
default.
Since the new intrinsics implementation includes SIMD acceleration
for merged upsampling/color conversion, 1.5.1[5] is no longer necessary and has
been reverted.
14. The Arm Neon SIMD extensions can now be built using Visual Studio.
15. The build system can now be used to generate a universal x86-64 + Armv8
libjpeg-turbo SDK package for both iOS and macOS.
2.0.6
### Significant changes relative to 2.0.5:
1. Fixed "using JNI after critical get" errors that occurred on Android
platforms when using any of the YUV encoding/compression/decompression/decoding
methods in the TurboJPEG Java API.
2. Fixed or worked around multiple issues with `jpeg_skip_scanlines()`:
- Fixed segfaults or "Corrupt JPEG data: premature end of data segment"
errors in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or
4:2:0 JPEG images using merged (non-fancy) upsampling/color conversion (that
is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.) 2.0.0[6] was a
similar fix, but it did not cover all cases.
- `jpeg_skip_scanlines()` now throws an error if two-pass color
quantization is enabled. Two-pass color quantization never worked properly
with `jpeg_skip_scanlines()`, and the issues could not readily be fixed.
- Fixed an issue whereby `jpeg_skip_scanlines()` always returned 0 when
skipping past the end of an image.
3. The Arm 64-bit (Armv8) Neon SIMD extensions can now be built using MinGW
toolchains targetting Arm64 (AArch64) Windows binaries.
4. Fixed unexpected visual artifacts that occurred when using
`jpeg_crop_scanline()` and interblock smoothing while decompressing only the DC
scan of a progressive JPEG image.
5. Fixed an issue whereby libjpeg-turbo would not build if 12-bit-per-component
JPEG support (`WITH_12BIT`) was enabled along with libjpeg v7 or libjpeg v8
API/ABI emulation (`WITH_JPEG7` or `WITH_JPEG8`.)
2.0.5
### Significant changes relative to 2.0.4:
1. Worked around issues in the MIPS DSPr2 SIMD extensions that caused failures
in the libjpeg-turbo regression tests. Specifically, the
`jsimd_h2v1_downsample_dspr2()` and `jsimd_h2v2_downsample_dspr2()` functions
in the MIPS DSPr2 SIMD extensions are now disabled until/unless they can be
fixed, and other functions that are incompatible with big endian MIPS CPUs are
disabled when building libjpeg-turbo for such CPUs.
2. Fixed an oversight in the `TJCompressor.compress(int)` method in the
TurboJPEG Java API that caused an error ("java.lang.IllegalStateException: No
source image is associated with this instance") when attempting to use that
method to compress a YUV image.
3. Fixed an issue (CVE-2020-13790) in the PPM reader that caused a buffer
overrun in cjpeg, TJBench, or the `tjLoadImage()` function if one of the values
in a binary PPM/PGM input file exceeded the maximum value defined in the file's
header and that maximum value was less than 255. libjpeg-turbo 1.5.0 already
included a similar fix for binary PPM/PGM files with maximum values greater
than 255.
4. The TurboJPEG API library's global error handler, which is used in functions
such as `tjBufSize()` and `tjLoadImage()` that do not require a TurboJPEG
instance handle, is now thread-safe on platforms that support thread-local
storage.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
b000e8e466 |
psmisc: Update to version 23.6
- Update from version 23.4 to 23.6
- Update of rootfile
- Changelog
Changes in 23.6
* buildsys: Fix DEJAGNU work-around Debian #1015089
* killall: Use kill if pidfd_send_signal fails Debian #1015228
* fuser: Do not mention nonexistent - reset option #42
* fuser: Use modern statn where possible
* pstree: Better AppArmor support !30
Changes in 23.5
* killall: Check truncated names !28
* killall: Use openat and pidfd_send_signal #37
* killall: Don't check paths of sockets #35
* pstree: Check for process with show_parents #38
* pstree: Don't disable compaction with show pgids #34
* pstree: Fix storage leak !29
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
bdfe675987 |
libarchive: Update to version 3.6.2
- Update from version 3.6.1 to 3.6.2
- Update of rootfile
- patch to fix glibc 2.36 headers is now part of the source code
- Changelog
Libarchive 3.6.2 is a bugfix and security release.
Important bug fixes:
include ZSTD in Windows builds (#1688)
SSL fixes on Windows (#1714, #1723, #1724)
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
a39a7ffdad |
libstatgrab: Update to version 0.92.1
- Update from vesrion 0.92 to 0.92.1
- Update of rootfile
- Changelog
libstatgrab 0.92.1 (27 July 2021)
* Fix build with autoconf 2.70+.
* Fix CPU stats on older Linux kernels.
* Make sure to count processes in an unknown state.
* Check if -ltinfo is needed when linking ncurses.
* Fixes to build when cross-compiling.
* Fix build with -DNDEBUG.
* Handle vmmeter changes in FreeBSD 12.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
8e93f8a545 |
libssh: Update to version 0.10.4
- Update from version 0.9.6 to 0.10.4 - Update of rootfile - Changelog version 0.10.4 (released 2022-09-07) * Fixed issues with KDF on big endian version 0.10.3 (released 2022-09-05) * Fixed possible infinite loop in known hosts checking version 0.10.2 (released 2022-09-02) * Fixed tilde expansion when handling include directives * Fixed building the shared torture library * Made rekey test more robust (fixes running on i586 build systems e.g koji) version 0.10.1 (released 2022-08-30) * Fixed proxycommand support * Fixed musl libc support version 0.10.0 (released 2022-08-26) * Added support for OpenSSL 3.0 * Added support for mbedTLS 3 * Added support for Smart Cards (through openssl pkcs11 engine) * Added support for chacha20-poly1305@openssh.com with libgcrypt * Added support ed25519 keys in PEM files * Added support for sk-ecdsa and sk-ed25519 (server side) * Added support for limiting RSA key sizes and not accepting small one by default * Added support for ssh-agent on Windows * Added ssh_userauth_publickey_auto_get_current_identity() API * Added ssh_vlog() API * Added ssh_send_issue_banner() API * Added ssh_session_set_disconnect_message() API * Added new configuration options: + IdentityAgent + ModuliFile * Provided X11 client example * Disabled DSA support at build time by default (will be removed in the next release) * Deprecated the SCP API! * Deprecated old pubkey, privatekey API * Avoided some needless large stack buffers to minimize memory footprint * Removed support for OpenSSL < 1.0.1 * Fixed parsing username@host in login name * Free global init mutex in the destructor on Windows * Fixed PEM parsing in mbedtls to support both legacy and new PKCS8 formats Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
e10a8583ae |
libyang: Update to version 2.1.4
- Update from version 2.0.194 to 2.1.4
- Update of rootfile
- Changelog
Version 2.1.4 Latest
Main changes of this release are:
large extensions refactoring
increased ext plugin API version
new callbacks and capabilities of plugins
changes in the parsed and compiled ext instance structures
native support for structure extension
error path logging improvements
fixed unions with leafrefs
yanglint schema mount support
huge number of other fixes and improvements
Version 2.0.231
Main changes of this release are:
XPath axes support
schema-mount fixes
many other fixes in various parts of the library
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
410dcc25ca |
libxslt: Update to version 1.1.37
- Update from version 1.1.35 to 1.1.37
- Update of rootfile
- Changelog
v1.1.37: Aug 29 2022
### Improvements
- Don't use deprecated libxml2 macros
- Don't mess with xmlDefaultSAXHandler
### Build system
- Require automake-1.16.3 or later
- Remove generated files from distribution
- Add missing compile definition for static builds to Autotools (Mike Dalessio)
v1.1.36: Aug 17 2022
### Removals and deprecations
- Remove SVN keyword anchors
- Remove CVS and SVN-related code
- Remove README.cvs-commits
- Remove ChangeLog
- Remove xsltwin32config.h
### Improvements
- Simplify xsltexports.h and exsltexports.h
- Don't overlink executables with gcrypt
- Fix quadratic behavior with variables and parameters
- Remove case labels with XPointer location types
- Add configure~ to .gitignore
- Stop calling deprecated libxml2 functions
### Portability
- Use portable python shebangs (David Seifert)
- Remove useless __CYGWIN__ checks
- Remove cruft from win32config.h
- crypto.c: Silence a compiler warning on Windows (Chun-wei Fan)
### Build system
- Add missing compile definition for static builds to CMake
- Avoid obsolescent `test -a` constructs (David Seifert)
- Only link libxml2 statically in purely static build
- Set AC_CONFIG_MACRO_DIR
- Allow AM_MAINTAINER_MODE to be disabled
- Streamline and fix documentation installation
- Don't try to recreate COPYING symlink
- Remove special configuration for certain maintainers
- configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Change libxml2 Python config
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove --with-html-dir option
- Also check for glibtoolize in autogen.sh
- Rework documentation build system
- Remove old website
- CMake: Relax check for enabling crypto support on Windows (Chun-wei Fan)
- Remove obsolete AC_HEADER_STDC autoconf macro (Vadim Zeitlin)
- Remove special configuration for old maintainers
### Test suite, CI
- Remove test involving XPointer range-to function
- Test recursion in EXSLT dynamic functions
- Add CI job for static build
### Documentation
- Move tutorial images
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
5e1db85c4f |
mpfr: Update to version 4.1.1 with patch 1
- Update from version 4.1.0 with patch set 1 to 13 to 4.1.1 with aptch set 1 to 1
- Update of rootfile
- Changelog
Changes from version 4.1.0 to version 4.1.1:
- Bug fixes (see <https://www.mpfr.org/mpfr-4.1.0/#fixed> and/or the
ChangeLog file), in particular for macros implementing functions.
- Improved manual formatting.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
Matthias Fischer
|
5d34a9171c |
libconfig: Update to 1.7.3
...it just came my way... For details see: https://github.com/hyperrealm/libconfig/releases/tag/v1.7.3 This release includes some bugfixes and enhancements. Fixed a memory access violation bug in config_clear() Various fixes to CMake and Visual Studio build files Added a Setting::isString() method Fixed a bug in config_setting_lookup() where the setting itself (instead of NULL) would be returned if the path was not found. Renamed all remaining internal methods that lacked a 'libconfig_' prefix. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Michael Tremer
|
a0918657c9 |
network: Drop any traces of ISDN
This has been removed a long time ago and we should probably spend a little bit more time on keeping the networking code tidy :) Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
1d66c3509f |
libqmi: New package
This library implements the QMI modem protocol. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
47a57621b0 |
libgudev: New package
This is required for libqmi. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
8005b23bc4 |
sysstat: Update to version 12.7.1
- Update from version 12.5.4 to 12.7.1 - Update of rootfile - Changelog 2022/11/06: Version 12.7.1: Fix possible overflow in sa_common.c (GHSL-2022-074) [12.6.1]. sadf: Add support for option -t with SVG output to make it possible to display timestamps in the same locale as that of the file creator. sadf: Print timezone instead of UTC in true time mode. Timezone is also displayed in local time. sadf: PCP: Fix timestamps written to PCP archive file. sar: Add new environment variable S_REPEAT_HEADER. pidstat: Return exit code of the process that was monitored with option -e. mpstat: Add option -H to handle vCPU physical hotplug. Add local, xlocal and debug targets to iconfig script. Turn off gcc's tree-slp-vectorize option which was making sadf crash in some situations. sa_conv.c: Make size of statistics structures from older sysstat versions immutable [12.6.1]. [Bernhard M. Wiedemann]: Declare sadc dependency on libsyscom.a [12.6.1]. [Steve Kay]: Fix gcc v11.2 warnings [12.6.1]. [Steve Kay]: Various cosmetic fixes [12.6.1]. [Jan Christoph Uhde]: sar: Remove `-I int_list` from man-page and help [12.6.1]. [Frank Dana]: Consolidate systemctl commands in README file [12.6.1]. [Rong Tao]: Remove whitespace characters at the end of lines [12.6.1]. Update configure file to deal with newer autoconf version. configure.in file is renamed to configure.ac. Update DTD and XSD documents. sar and sysstat manual pages updated. NLS updated. Add new Georgian translation. Non regression tests updated. 2022/05/29: Version 12.6.0: sar: Fix maximum value for A_IRQ activity. sar/sadf: A_NET_SOFT: Add new metric softnet network backlog. sadc: A_NET_SOFT: Use CPU id from /proc/net/softnet_stat. Update DTD and XSD documents (softnet backlog). [Chris Bagwell]: sar/sadf: Convert 64-bit time value to time_t as needed. sadf: Add basic colorization to sadf's output. sadf: Add sanity checks on values read from file. sadf: PCP: Fix multiple metrics name problems. sa_common.c: Remove unneeded variable assignment. [Lukáš Zaoral]: Take into account LDFLAGS passer to configure script. Various janitorial fixes and updated. Update FAQ. Update sar manual page. Update NLS translations. Update non regression tests. 2022/02/28: Version 12.5.6: sar/sadc: Rewrite code used to collect and display interrupts statistics. Statistics are now collected from /proc/interrupts (instead of /proc/stat) and are displayed for each installed CPU. sar/sadf: Add new "--int=" option to enter a list of interrupts on the command line. sadf: Update the various output formats to deal with the new per-CPU interrupts statistics. Update DTD and XSD documents. CPU elements may be non-existent when all selected CPU are offline. Update sar and sadf manual pages. mpstat: Create its own function to read the total number of interrupts from /proc/stat file. mpstat: Remove unneeded "aligned" attribute from struct stats_irqcpu definition. sar: Fix index value used in online_cpu_bitmap array. sar/sadf: Make sure that datafiles with unknown activities can be read by sar and sadf [12.4.5]. sar/sadf: Don't reallocate buffers for activities not present in file [12.4.5]. sar: Make sure that all buffers are copied in copy_structures() function [12.4.5]. PCP: Fix flow_limit_count metric's unit (A_NET_SOFT activity). PCP: Fix instance names for getattr call (A_NET_NFS(D) activities). Use sizeof() macro instead of hard-coded values with snprintf() functions. rndr_stats.c: Use NOVAL instead of NULL as last argument for cons() function. Use strings definitions whenever possible. Add new non regression tests. Update some existing ones. Various cosmetic fixes. 2021/12/05: Version 12.5.5: iostat: Add --compact option. iostat: Always display persistent names with option -j [12.4.4]. iostat: Fix how device mapper names are taken into account when entered on the command line [12.4.4]. iostat: Update manual page. mpstat: Don't display offline CPU [12.4.4]. mpstat: Fix values displayed when an offline CPU goes back online [12.4.4]. mpstat: Fix untrusted loop bound [12.4.4]. mpstat: Update non regression tests [12.4.4]. sar: Tell the user to convert the file when needed. sadc: Reuse count results for sub-items. [Ville Skyttä]: Use `grep -E` instead of deprecated `egrep` [12.4.4]. [Ville Skyttä]: Spelling and grammar fixes [12.4.4]. Update FAQ. [Nathan Naze]: Update man pages with correct spelling of "JavaScript" [12.4.4]. Update non regression tests. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
47b5dd080a |
poppler: Update to version 22.11.0
- Update from 22.04.0 to 22.11.0
- Update of rootfile
- Changelog
Release 22.11.0:
core:
* CairoOutputDev: Update font after restore
* Protect against broken files
* Small code refactoring
Release 22.10.0:
core:
* SplashOutputDev::tilingPatternFill: Properly restore CTM on failure. Issue #1292
* Protect against malformed files
* Refactor code to not use strndup
* Other small code refactoring
utils:
* pdftoppm: Avoid round-off errors when determining raster dimensions
* pdftocairo: Avoid round-off errors when determining raster dimensions
* pdftotext: Simplify memory handling
qt:
* Take into account flagNoView when getting/setting the visible status. KDE bug #456313
build system:
* Fix sed invocation
Release 22.09.0:
core:
* Splash: Do not truncate line dash patterns with more than 20 entries. Issue #1281
* Various signature related improvements
* Fix FormField::getFullyQualifiedName in some scenarios
* Splash: Small optimization on dash pattern handling
* JBIG2Stream::readHalftoneRegionSeg: Fix potential memory leak
* Fix crashes on malformed files. Including CVE-2022-38784
* Fix string formatting in error reporting
glib:
* Fix two potential memory leaks in poppler_document_create_dests_tree
utils:
* pdfsig: List signature field names when listing signature information
* pdfsig: Add support for specifying signature by field name
* pdfunite: Fix crashes on malformed files
* pdfunite: Fix potential memory leak of docs
Release 22.08.0:
core:
* Fix rendering text on some forms
* CairoOutputDev: Support Type3 charprocs having Resources
* Fix crashes on malformed files
Release 22.07.0:
core:
* Fix crash when filling in forms in some files. Issue #1258
* Fix first lines of Annotations sometimes being cut off. Issue #1246
* Signatures: Don't crash if the signature doesn't have a common name
* CairoFontEngine: increment font_face reference when retrieving from the cache
* Add ToUnicode support for lessorequalslant and greaterorequalslant
glib:
* Add support for stamp annotation
build system:
* Tweaks on how gperf is run
Release 22.06.0:
core:
* Forms: Fix crash in forms with their own DR
* Refactor CairoFontEngine caching
* CairoOutputDev: preserve text color when drawing type 3 glyphs
* Windows: font code simplification
* Minor code improvements
cpp:
* Add missing header
utils:
* pdfattach: Assume filename is utf8 encoded
* pdftohtml: Fix type 3 font size calculation
Release 22.05.0:
core:
* Annotations: Make sure we embed fonts for the FreeText annots
* Forms: Make sure we embedd fonts as needed
* Signatures: Make sure we embed the needed fonts
* CairoOutputDev: color type 3 fonts
* fix two bugs in multiline find_text()
* code improvements
utils:
* pdftotext: added TSV mode
* HtmlOutputDev: don't use png.h
cpp:
* Use time_t for time
* Add page_transition::durationReal
qt:
* Pass leftFontSize down to `FormWidgetSignature::signDocumentWithAppearence`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d1ade1d63f |
meson: Update to version 0.64.1
- Update from version 0.62.1 to 0.64.1
- Update of rootfile
- Changelog is too long to include here. Details can be found at
0.63.0 https://mesonbuild.com/Release-notes-for-0-63-0.html
0.64.0 https://mesonbuild.com/Release-notes-for-0-64-0.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d7cb4f6535 |
liburcu: Update to version 0.13.2
- Update from version 0.13.0 to 0.13.2
- Update of rootfile
- Changelog
2022-08-18 Userspace RCU 0.13.2
* Revert "Fix: remove type constness in URCU_FORCE_CAST's C++ version"
* Fix: futex.h: include headers outside extern C
* Fix: add missing unused attribute to _rcu_dereference
* Fix: change method used by _rcu_dereference to strip type constness
* Fix: remove type constness in URCU_FORCE_CAST's C++ version
* Move extern "C" down in include/urcu/urcu-bp.h
* fix: ifdef linux specific cpu count compat
* Set git-review branch to stable-0.13
* fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id
* Fix: revise obsolete command in README.md
* Fix: workqueue: remove unused variable "ret"
* Fix: urcu-qsbr: futex wait: handle spurious futex wakeups
* Fix: urcu: futex wait: handle spurious futex wakeups
* Fix: urcu-wait: futex wait: handle spurious futex wakeups
* Fix: defer_rcu: futex wait: handle spurious futex wakeups
* Fix: call_rcu: futex wait: handle spurious futex wakeups
* Fix: workqueue: futex wait: handle spurious futex wakeups
* Fix: Use %lu rather than %ld to print count
2022-01-05 Userspace RCU 0.13.1
* fix: properly detect 'cmpxchg' on x86-32
* fix: use urcu-tls compat with c++ compiler
* fix: remove autoconf features default value in help message
* fix: add missing pkgconfig file for memb flavour lib
* Make temporary variable in _rcu_dereference non-const
* Fix: x86 and s390: uatomic __hp() macro C++ support
* Fix: x86 and s390: uatomic __hp() macro clang support
* Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11
* Fix: changelog: v0.13.0 was released in 2021
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
194dd04102 |
libtiff: Update to version 4.4.0
- Update from version 4.3.0 to 4.4.0 - Update of rootfile - Changelog is too long to include here (~1000 lines). Details can be found in ChangeLog file in the source tarball. There are at least 31 bug closures in this release. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
4bdb98bc25 |
libtasn1: Update to version 4.19.0
- Update from version 4.18.0 to 4.19.0
- Update of rootfile
- Changelog
* Noteworthy changes in release 4.19.0 (2022-08-23) [stable]
- Clarify libtasn1.map license. Closes: #38.
- Fix ETYPE_OK out of bounds read. Closes: #32.
- Update gnulib files and various maintenance fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
4d9cdf1e4f |
iproute2: Update to version 6.0.0
- Update from 5.19.0 to 6.0.0 - Update of rootfile - Changelog can only be obtained by reviewing the git commits from https://git.kernel.org/pub/scm/network/iproute2/iproute2.git Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
bcef2fe0f6 |
elinks: Update to version 0.15.1
- Update from version 0.12pre6 (2012) to 0.15.1 (July 2022)
- Update of rootfile
- Original elinks was last updated in 2012. In Jan 2020 a fork was made of the package
and has been maintained since then on an ongoing basis. This new fork is used by Arch
Linux
- elinks has not been an addon since CU141 but the lfs file was still in the addon format
This has been adjusted to make it in line with a core program
- The previous patches related to ssl have been removed as the fixes are now part of the
source tarball.
- Changelog
ELinks 0.15.1 Released on 2022-07-31
* about:config
* option --always-load-config #137
* compilation fixes on Windows #140
* added ui.background_char #142
* sample build scripts and docker files
* experimental DGI support
* DOS port based on links code
* configurable Accept-Header #143
* minor compilation fixes
ELinks 0.15.0 Released on 2021-12-24
* Serbian translation update
ELinks 0.15.0rc2 Released on 2021-12-19
* Serbian translation update
* HOME_ETC
ELinks 0.15.0rc1 Released on 2021-12-04
* removed -Wno-pointer-sign from CFLAGS
* close stdin before calling a background program (sgerwk)
and options related to it #108, #109, #110, #113
* gemini protocol and text/gemini mime type
* changed rendering of blockquote element
* avoid tmpfile in lua (sgerwk) #115, #118
* console.log in js (mtatton) #93
* localstorage (mtatton) #98
* options document.browse.search.beginning_only
document.browse.search.ignore_history
ui.double_esc
* ui.temperature.* to show temperature of CPU
* document.plain.fixup_tables
* enhanced ecmascript code. Added QuickJS
* Notes on ECMAScript:
requires C++ compiler, sqlite3, libxml++5 >= 5.0.1.GIT
and either mozjs78-dev or QuickJS-2021-03-27
Most sites don't work, some crash. Some workarounds were implemented:
a) ECMAScript is disabled by default
b) ~/.elinks/allow.txt and ~/.elinks/disallow.txt with url prefixes
c) Added toggle-ecmascript action. You can bind it to some key
* other small fixes
ELinks 0.14.3 Released on 2021-09-26
* Fix issue with negative value of cells #126
ELinks 0.14.2 Released on 2021-08-29
* crash in nttp #114
* XSS in gopher #125
ELinks 0.14.1 Released on 2021-05-30
* Disable spidermonkey by default #85
* Show error message about libgcrypt-config. #86
* off by two. #88
* Check NULL. #99
* fix error message when no previous search was performed #100
* alert when moving to the next match of a failed search #101
* include unistd.h and errno.h to define safe_read() #107
ELinks 0.14.0 Released on 2020-12-27
No changes since 0.14.0rc2.
ELinks 0.14.0rc2 Released on 2020-12-13
* ~/.elinks/allow.txt - list of allowed url prefixes for js
ELinks 0.14.0rc1 Released on 2020-12-06
* dblatex for pdf. PR #64
* fixes CTRL-Z. #65
* changes in mime handlers. PR #66
* fixes in data protocol. #67, #68, #71, #72, #73
* allow to wrap text in PRE. #69
* pass #fragment to external command. #75
* introduced "document.browse.search.reset". #76
* added meson as alternative build system
* in #77 I'm going to attach static binaries for released versions
* mozjs dependency updated to 52.*
Note that, to compile with javascript support you must compile by g++ with -fpermissive option.
There is a lot of warnings. Unfortunately JS often crashes. Without help from someone familiar
with SpiderMonkey, we won't go far.
As you might notice, I renamed repo to elinks.
Thanks to all involved in this release.
ELinks 0.13.5 Released on 2020-08-30
* added clipboard selection using keyboard. #59
* fixed drawing menus over emoji characters. #60
* encoding to utf-8 and decoding back in python's pre_format_html_hook
This is likely the last release of 0.13.x series.
ELinks 0.13.4: Released on 2020-07-31.
* fixed segfault with gnutls. introduced in 0.13.3
* updated smart and dumb prefixes to https. Thanks Guido Cella. PR #54
* added the st terminal to config options. PR #55
* doc updates PR #57
* also pass the uri as %u to external handler. Thanks sgerwk. PR #58
* added the ui.clipboard_file config option
ELinks 0.13.3: Released on 2020-06-29.
* configure option --with-luapkg=name
You can choose lua version at compilation time. For example: --with-luapkg=luajit
* config option connection.ssl.https_by_default (Thanks Guido Cella)
not enabled by default
* docs updates (Guido Cella)
* fixes related to ui.mouse_disable and xterm-like terminals (Thanks sgerwk)
* show an alert when the search string is not found (sgerwk)
ELinks 0.13.2: Released on 2020-05-31.
* command line option -remote search(...) (thanks sgerwk)
* command line option -bind-address
* config option ui.mouse_disable (sgerwk)
* config option ui.tostop
* config option ui.sessions.fork_on_start
* compatibility (compilability) with lua-5.2 and 5.3
* modified cookies code (not well tested)
ELinks 0.13.1: Released on 2020-01-31.
* Fixed issue with uploading files to local cgi.
* Python scripts in contrib converted to python3.
ELinks 0.13.0: Released on 2019-12-27.
Incompatibilities:
* The protocol.fsp.sort option has been removed. ELinks always sorts.
* bug 1024: Verify the host name or IP address in the server certificate
if connection.ssl.cert_verify is not 0.
Miscellaneous:
* The configure script is no longer part of tarball, you must generate it.
For example running ./autogen.sh
* major bug 181: Slave ELinks processes can now run an external editor.
This used to work in the master process only.
* major bug 722: Filter CSS according to media types. New option
document.css.media.
* bug 638: Propagate the existence of $DISPLAY from slave terminals to
mailcap test commands.
* bugs 762, 1082: Small memory leak in goto_current_link/goto_imgmap
* bug 963: New option document.css.ignore_display_none.
* bug 977: Fixed crash when opening in new tab a non link with onclick
attribute.
* bug 1008: File upload fields in HTML forms now stream the files to
the server, instead of reading them to memory in advance. This lets
you upload larger files. The downsides are that ELinks may use a
cached response even if you have modified a file between requests,
and that ELinks can send inconsistent data if you modify a file
while it is being uploaded.
* bug 1054: Don't abort downloads when closing the terminal from which
they were started. When such a download ends, display the message
in the most recently used terminal. If the user chooses
``Background and Notify'' via the download manager in some terminal,
reassociate the download with that terminal. These changes do not
apply to downloads to external handlers.
* Really retry forever when connection.retries = 0.
* enhancement: Session-specific options. Any options changed with
toggle-* actions no longer affect other tabs or other terminals.
* Do not crash when document.browse.minimum_refresh_time = 0 and
a document has a meta refresh with a delay of 0.
* Properly update link highlighting and status bar information when the
repeat prefix is changed.
* Handle SSL rehandshakes
* Fix compatibility with Ruby >= 1.9
* enhancement 15: Domain-specific options. Use set_domain in
elinks.conf to e.g. disable cookies for google.com. The option
manager window does not yet support this.
* enhancement 867: Use bracketed paste mode on xterm. This requires
xterm patch #228 or later configured with --enable-readline-mouse.
* enhancement 824: Experimental support for combining characters.
See features.conf for details.
* enhancement: Add a new entry Link Info under Link main menu.
* enhancement: Indicate backgrounded downloads using an unused led.
* enhancement: Display the number of ECMAScript interpreters that have
been allocated for documents in the Resources dialog.
* Fedora enhancement 346861: Add support for nss_compat_ossl library
(OpenSSL replacement).
* enhancement: ``elinks --dump'' uses box-drawing characters if supported
by the charset.
* enhancement 1070: Support 256 colors on fbterm-1.4.
* enhancement 1075: Scrolling the entire contents of dialog boxes.
Especially useful for multi-file BitTorrent downloads.
* Report if the Lua function edit_bookmark_dialog receives the wrong
number or types of arguments instead of silently failing.
* enhancement: Add ``Invalidate'' button to the cache manager.
* enhancement: Add ``Search contents'' button to the cache manager with
which one can search through the cache items' data rather than their
metadata.
* enhancement: Add rudimentary support for the HTML5 media elements,
<video> and <audio>.
* enhancement: Add move-half-page-up and move-half-page-down actions.
* enhancement: Add option to change overlap for vertical scrolling.
* enhancement: HTML meta refresh allows semicolons in URLs, and the
syntax is more like in Firefox.
* link against lua51 not lua50
* SpiderMonkey must be mozjs-17.0. This version is latest with C API.
Find it with pkg-config.
* using iconv for some multibyte charsets. It works if the terminal codepage
is UTF-8. More charsets will be added on demand.
* enhancement: support SSL client certificate
* python scripting is Python3 only
* brotli and zstd encodings
* possibility to make use of libevent instead of select for event loop
* terminfo queries for output (not input) as compilation option
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
24109ebef7 |
sudo: Update to version 1.9.12p1
- Update from version 1.9.11p3 to 1.9.12p1
- Update of rootfile
- Changelog
What's new in Sudo 1.9.12p1
* Sudo's configure script now does a better job of detecting when
the -fstack-clash-protection compiler option does not work.
GitHub issue #191.
* Fixed CVE-2022-43995, a potential out-of-bounds write for passwords
smaller than 8 characters when passwd authentication is enabled.
This does not affect configurations that use other authentication
methods such as PAM, AIX authentication or BSD authentication.
* Fixed a build error with some configurations compiling host_port.c.
What's new in Sudo 1.9.12
* Fixed a bug in the ptrace-based intercept mode where the current
working directory could include garbage at the end.
* Fixed a compilation error on systems that lack the stdint.h
header. Bug #1035
* Fixed a bug when logging the command's exit status in intercept
mode. The wrong command could be logged with the exit status.
* For ptrace-based intercept mode, sudo will now attempt to
verify that the command path name, arguments and environment
have not changed from the time when they were authorized by the
security policy. The new "intercept_verify" sudoers setting can
be used to control this behavior.
* Fixed running commands with a relative path (e.g. ./foo) in
intercept mode. Previously, this would fail if sudo's current
working directory was different from that of the command.
* Sudo now supports passing the execve(2) system call the NULL
pointer for the `argv` and/or `envp` arguments when in intercept
mode. Linux treats a NULL pointer like an empty array.
* The sudoers LDAP schema now allows sudoUser, sudoRunasUser and
sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII.
* Fixed a problem with "sudo -i" on SELinux when the target user's
home directory is not searchable by sudo. GitHub issue #160.
* Neovim has been added to the list of visudo editors that support
passing the line number on the command line.
* Fixed a bug in sudo's SHA384 and SHA512 message digest padding.
* Added a new "-N" (--no-update) command line option to sudo which
can be used to prevent sudo from updating the user's cached
credentials. It is now possible to determine whether or not a
user's cached credentials are currently valid by running:
$ sudo -Nnv
and checking the exit value. One use case for this is to indicate
in a shell prompt that sudo is "active" for the user.
* PAM approval modules are no longer invoked when running sub-commands
in intercept mode unless the "intercept_authenticate" option is set.
There is a substantial performance penalty for calling into PAM
for each command run. PAM approval modules are still called for
the initial command.
* Intercept mode on Linux now uses process_vm_readv(2) and
process_vm_writev(2) if available.
* The XDG_CURRENT_DESKTOP environment variable is now preserved
by default. This makes it possible for graphical applications
to choose the correct theme when run via sudo.
* On 64-bit systems, if sudo fails to load a sudoers group plugin,
it will use system-specific heuristics to try to locate a 64-bit
version of the plugin.
* The cvtsudoers manual now documents the JSON and CSV output
formats. GitHub issue #172.
* Fixed a bug where sub-commands were not being logged to a remote
log server when log_subcmds was enabled. GitHub issue #174.
* The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout
sudoers settings can be used to support more fine-grained I/O logging.
The sudo front-end no longer allocates a pseudo-terminal when running
a command if the I/O logging plugin requests logging of stdin, stdout,
or stderr but not terminal input/output.
* Quieted a libgcrypt run-time initialization warning.
This fixes Debian bug #1019428 and Ubuntu bug #1397663.
* Fixed a bug in visudo that caused literal backslashes to be removed
from the EDITOR environment variable. GitHub issue #179.
* The sudo Python plugin now implements the "find_spec" method instead
of the the deprecated "find_module". This fixes a test failure when
a newer version of setuptools that doesn't include "find_module" is
found on the system.
* Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created
the process ID file, usually /var/run/sudo/sudo_logsrvd.pid, as
a directory instead of a plain file. The same bug could result
in I/O log directories that end in six or more X's being created
literally in addition to the name being used as a template for
the mkdtemp(3) function.
* Fixed a long-standing bug where a sudoers rule with a command
line argument of "", which indicates the command may be run with
no arguments, would also match a literal "" on the command line.
GitHub issue #182.
* Added the -I option to visudo which only edits the main sudoers
file. Include files are not edited unless a syntax error is found.
* Fixed "sudo -l -U otheruser" output when the runas list is empty.
Previously, sudo would list the invoking user instead of the
list user. GitHub issue #183.
* Fixed the display of command tags and options in "sudo -l" output
when the RunAs user or group changes. A new line is started for
RunAs changes which means we need to display the command tags
and options again. GitHub issue #184.
* The sesh helper program now uses getopt_long(3) to parse the
command line options.
* The embedded copy of zlib has been updated to version 1.2.13.
* Fixed a bug that prevented event log data from being sent to the
log server when I/O logging was not enabled. This only affected
systems without PAM or configurations where the pam_session and
pam_setcred options were disabled in the sudoers file.
* Fixed a bug where "sudo -l" output included a carriage return
after the newline. This is only needed when displaying to a
terminal in raw mode. Bug #1042.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
2bfcbac468 |
libpng: Update to version 1.6.39
- Update from version 1.6.37 to 1.6.39
- Update of rootfile
- Changelog
Version 1.6.39 [November 20, 2022]
Changed the error handler of oversized chunks (i.e. larger than
PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
Fixed a buffer overflow error in contrib/tools/pngfix.
Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
Disabled the ARM Neon optimizations by default in the CMake file,
following the default behavior of the configure script.
Allowed configure.ac to work with the trunk version of autoconf.
Removed the support for "install" targets from the legacy makefiles;
removed the obsolete makefile.cegcc.
Cleaned up the code and updated the internal documentation.
Version 1.6.38 [September 14, 2022]
Added configurations and scripts for continuous integration.
Fixed various errors in the handling of tRNS, hIST and eXIf.
Implemented many stability improvements across all platforms.
Updated the internal documentation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
6bdf47513b |
libedit: Update to version 20221030-3.1
- Update from 20210910-3.1 to 20221030-3.1 - Update of rootfile - Changelog * version-info: 0:70:0 * src/sys.h, src/reallocarr.c: Remove unused sys/cdefs.h include, to compile against musl libc * version-info: 0:69:0 * src/sys.h: Add __sun guard around sys/types.h in sys.h * all: sync with upstream source Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
8cb2214c3a |
curl: Update to version 7.86.0
- Update from version 7.84.0 to 7.86.0 - Update of rootfile - curl-7.84.0-easy_lock_h_include_sched_h_if_available_to_fix_build.patch removed as this is now built into the source tarball version - Changelog - is too large to inclkude here. The details can be found in the RELEASE_NOTES file in the source tarballs. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
bff0999f03 |
pcmciautils: Remove package from IPFire
- Current version is 014 which was released in 2008. The latest version is 018 which was released in 2011. - In 2010 pcmcia was acquired by the USB Implementers forum and all work has been focussed on usb only with nothing on pcmcia. - pcmcia is only still used as a legacy requirement on industrial computing systems for machine control etc. pcmcia was introduced originally for laptop use. - All new laptops have no pcmcia slot. Searching on amazon for laptop with pcmcia gave 55 results none of which had any pcmcia capability. - Based on the above the package pcmciautils is being removed from IPFire. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
96adb79772 |
swig: Update to version 4.1.0
- Update from version 4.0.2 to 4.1.0
- Update of rootfile
- Changelog
SWIG-4.1.0 summary:
- Add Javascript Node v12-v18 support, remove support prior to v6.
- Octave 6.0 to 6.4 support added.
- Add PHP 8 support.
- PHP wrapping is now done entirely via PHP's C API - no more .php wrapper.
- Perl 5.8.0 is now the oldest version SWIG supports.
- Python 3.3 is now the oldest Python 3 version SWIG supports.
- Python 3.9-3.11 support added.
- Various memory leak fixes in Python generated code.
- Scilab 5.5-6.1 support improved.
- Many improvements for each and every target language.
- Various preprocessor expression handling improvements.
- Improved C99, C++11, C++14, C++17 support. Start adding C++20 standard.
- Make SWIG much more move semantics friendly.
- Add C++ std::unique_ptr support.
- Few minor C++ template handling improvements.
- Various C++ using declaration fixes.
- Few fixes for handling Doxygen comments.
- GitHub Actions is now used instead of Travis CI for continuous integration.
- Add building SWIG using CMake as a secondary build system.
- Update optional SWIG build dependency for regex support from PCRE to PCRE2.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
6ff6ba85ba |
xz: Update to version 5.2.8
- Update from version 5.2.5 to 5.2.8
- Update of rootfile
- Remove xzgrep-ZDI-CAN-16587 patch as the contents are now integrated into the source
tarball and with an improved quicker method - see changelog below.
- Changelog
5.2.8 (2022-11-13)
* xz:
- If xz cannot remove an input file when it should, this
is now treated as a warning (exit status 2) instead of
an error (exit status 1). This matches GNU gzip and it
is more logical as at that point the output file has
already been successfully closed.
- Fix handling of .xz files with an unsupported check type.
Previously such printed a warning message but then xz
behaved as if an error had occurred (didn't decompress,
exit status 1). Now a warning is printed, decompression
is done anyway, and exit status is 2. This used to work
slightly before 5.0.0. In practice this bug matters only
if xz has been built with some check types disabled. As
instructed in PACKAGERS, such builds should be done in
special situations only.
- Fix "xz -dc --single-stream tests/files/good-0-empty.xz"
which failed with "Internal error (bug)". That is,
--single-stream was broken if the first .xz stream in
the input file didn't contain any uncompressed data.
- Fix displaying file sizes in the progress indicator when
working in passthru mode and there are multiple input files.
Just like "gzip -cdf", "xz -cdf" works like "cat" when the
input file isn't a supported compressed file format. In
this case the file size counters weren't reset between
files so with multiple input files the progress indicator
displayed an incorrect (too large) value.
* liblzma:
- API docs in lzma/container.h:
* Update the list of decoder flags in the decoder
function docs.
* Explain LZMA_CONCATENATED behavior with .lzma files
in lzma_auto_decoder() docs.
- OpenBSD: Use HW_NCPUONLINE to detect the number of
available hardware threads in lzma_physmem().
- Fix use of wrong macro to detect x86 SSE2 support.
__SSE2_MATH__ was used with GCC/Clang but the correct
one is __SSE2__. The first one means that SSE2 is used
for floating point math which is irrelevant here.
The affected SSE2 code isn't used on x86-64 so this affects
only 32-bit x86 builds that use -msse2 without -mfpmath=sse
(there is no runtime detection for SSE2). It improves LZMA
compression speed (not decompression).
- Fix the build with Intel C compiler 2021 (ICC, not ICX)
on Linux. It defines __GNUC__ to 10 but doesn't support
the __symver__ attribute introduced in GCC 10.
* Scripts: Ignore warnings from xz by using --quiet --no-warn.
This is needed if the input .xz files use an unsupported
check type.
* Translations:
- Updated Croatian and Turkish translations.
- One new translations wasn't included because it needed
technical fixes. It will be in upcoming 5.4.0. No new
translations will be added to the 5.2.x branch anymore.
- Renamed the French man page translation file from
fr_FR.po to fr.po and thus also its install directory
(like /usr/share/man/fr_FR -> .../fr).
- Man page translations for upcoming 5.4.0 are now handled
in the Translation Project.
* Update doc/faq.txt a little so it's less out-of-date.
5.2.7 (2022-09-30)
* liblzma:
- Made lzma_filters_copy() to never modify the destination
array if an error occurs. lzma_stream_encoder() and
lzma_stream_encoder_mt() already assumed this. Before this
change, if a tiny memory allocation in lzma_filters_copy()
failed it would lead to a crash (invalid free() or invalid
memory reads) in the cleanup paths of these two encoder
initialization functions.
- Added missing integer overflow check to lzma_index_append().
This affects xz --list and other applications that decode
the Index field from .xz files using lzma_index_decoder().
Normal decompression of .xz files doesn't call this code
and thus most applications using liblzma aren't affected
by this bug.
- Single-threaded .xz decoder (lzma_stream_decoder()): If
lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
to use lzma_memlimit_set() to increase the limit and continue
decoding. This was supposed to work from the beginning
but there was a bug. With other decoders (.lzma or
threaded .xz decoder) this already worked correctly.
- Fixed accumulation of integrity check type statistics in
lzma_index_cat(). This bug made lzma_index_checks() return
only the type of the integrity check of the last Stream
when multiple lzma_indexes were concatenated. Most
applications don't use these APIs but in xz it made
xz --list not list all check types from concatenated .xz
files. In xz --list --verbose only the per-file "Check:"
lines were affected and in xz --robot --list only the "file"
line was affected.
- Added ABI compatibility with executables that were linked
against liblzma in RHEL/CentOS 7 or other liblzma builds
that had copied the problematic patch from RHEL/CentOS 7
(xz-5.2.2-compat-libs.patch). For the details, see the
comment at the top of src/liblzma/validate_map.sh.
WARNING: This uses __symver__ attribute with GCC >= 10.
In other cases the traditional __asm__(".symver ...")
is used. Using link-time optimization (LTO, -flto) with
GCC versions older than 10 can silently result in
broken liblzma.so.5 (incorrect symbol versions)! If you
want to use -flto with GCC, you must use GCC >= 10.
LTO with Clang seems to work even with the traditional
__asm__(".symver ...") method.
* xzgrep: Fixed compatibility with old shells that break if
comments inside command substitutions have apostrophes (').
This problem was introduced in 5.2.6.
* Build systems:
- New #define in config.h: HAVE_SYMBOL_VERSIONS_LINUX
- Windows: Fixed liblzma.dll build with Visual Studio project
files. It broke in 5.2.6 due to a change that was made to
improve CMake support.
- Windows: Building liblzma with UNICODE defined should now
work.
- CMake files are now actually included in the release tarball.
They should have been in 5.2.5 already.
- Minor CMake fixes and improvements.
* Added a new translation: Turkish
5.2.6 (2022-08-12)
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files. Previously this required
using --force.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
- Visual Studio: Use non-standard _MSVC_LANG to detect C++
standard version in the lzma.h API header. It's used to
detect when "noexcept" can be used.
* xzgrep:
- Fixed arbitrary command injection via a malicious filename
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
this was released to the public on 2022-04-07. A slight
robustness improvement has been made since then and, if
using GNU or *BSD grep, a new faster method is now used
that doesn't use the old sed-based construct at all. This
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
when xzgrepping binary files.
This vulnerability was discovered by:
cleemy desu wayo working with Trend Micro Zero Day Initiative
- Fixed detection of corrupt .bz2 files.
- Improved error handling to fix exit status in some situations
and to fix handling of signals: in some situations a signal
didn't make xzgrep exit when it clearly should have. It's
possible that the signal handling still isn't quite perfect
but hopefully it's good enough.
- Documented exit statuses on the man page.
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
of the deprecated egrep and fgrep commands.
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
problem occurred when multiple options were specied in
a single argument, for example,
echo foo | xzgrep -Fe foo
treated foo as a filename because -Fe wasn't correctly
split into -F -e.
- Added zstd support.
* xzdiff/xzcmp:
- Fixed wrong exit status. Exit status could be 2 when the
correct value is 1.
- Documented on the man page that exit status of 2 is used
for decompression errors.
- Added zstd support.
* xzless:
- Fix less(1) version detection. It failed if the version number
from "less -V" contained a dot.
* Translations:
- Added new translations: Catalan, Croatian, Esperanto,
Korean, Portuguese, Romanian, Serbian, Spanish, Swedish,
and Ukrainian
- Updated the Brazilian Portuguese translation.
- Added French man page translation. This and the existing
German translation aren't complete anymore because the
English man pages got a few updates and the translators
weren't reached so that they could update their work.
* Build systems:
- Windows: Fix building of resource files when config.h isn't
used. CMake + Visual Studio can now build liblzma.dll.
- Various fixes to the CMake support. Building static or shared
liblzma should work fine in most cases. In contrast, building
the command line tools with CMake is still clearly incomplete
and experimental and should be used for testing only.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
a8e3499f78 |
libpipeline: Update to version 1.5.7
- Update from 1.5.6 to 1.5.7
- Update of rootfile
- Changelog
Version: 1.5.7
* lib/Makefile.am (libpipeline_la_LDFLAGS): Bump -version-info to 6:7:5.
Make socketpair configure tests compatible with C23
K&R-style zero-argument function definitions will no longer be
permitted.
* m4/pipeline-socketpair.m4 (PIPELINE_SOCKETPAIR_PIPE,
PIPELINE_SOCKETPAIR_MODE): Use `int main(void)`, not `int main()`.
* NEWS.md: Document this.
Update pre-commit hooks
* .pre-commit-config.yaml (pre-commit-hooks): Update to v4.3.0.
(clang-format): Update to v14.0.6.
Update manual page date
* man/libpipeline.3 (.Dd): Update to the date of the last substantial
modification. Leaving this as 2010 suggested more antiquity than we
need to suggest.
Update home page URL
* README.md: Use `https://libpipeline.gitlab.io/libpipeline/`.
* lib/libpipeline.pc.in (URL): Likewise.
web: Update last release
* web/index.html: Update to 1.5.6.
web: Fix last-modified date generation
* .gitlab-ci.yml: Replace `@DATE@` with the current date in
`public/index.html`.
* web/index.html: Use `@DATE@` template.
web: Assorted URL updates
* web/index.html: Update Git URLs to GitLab. Chase various redirects
and/or switch to HTTPS. Remove old Savannah link.
Add GitLab Pages site
* .gitlab-ci.yml (stages): Add deploy.
(pages): New job.
* web/index.html, web/libpipeline-lightning-talk.odp, web/standard.css,
web/white.css: New files.
Transferred Git repository to new group
* README.md: Change GitLab URL to
https://gitlab.com/libpipeline/libpipeline.
* NEWS.md: Document this.
Add notes to libpipeline(3) of when functions were added
* man/libpipeline.3 (DESCRIPTION, ENVIRONMENT): Add various "Added in"
notes.
* NEWS.md: Document this.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
1ad5a01388 |
readline: Update to version 8.2 plus patch 1
- Update from version 8.1 to 8.2 plus patch 1
- Update of rootfile
- Changelog
version 8.2
There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times out.
There is a new state value to indicate a timeout. There is a new option:
`enable-active-region'. This separates control of the active region and
bracketed-paste. It has the same default value as bracketed-paste, and
enabling bracketed paste enables the active region. Users can now turn off
the active region while leaving bracketed paste enabled. Two new bindable
string variables are available; their values are terminal escape sequences
that set the color used to display the active region and turn it off,
respectively. If set, these are used in place of terminal standout mode.
Finally, Readline now checks for changes to locale settings
(LC_ALL/LC_CTYPE/LANG) each time it is called, and modifies the appropriate
locale-specific display and key binding variables when the locale changes.
There are a few bug fixes in the redisplay code when restoring the prompt
after a digit-argument prompt or incremental search back to a prompt that
contains invisible multibyte characters. There are more checks for read
errors, especially in the middle of readline commands; previous versions
could loop or return incorrect data. Full details are below.
GNU Readline is a library which provides programs with an input
facility including command-line editing and history. Editing
commands similar to both emacs and vi are included. The GNU
History library, which provides facilities for managing a list of
previously-typed command lines and an interactive command line
recall facility similar to that provided by csh, is also present.
The history library is built as part of the readline as well as
separately.
1. Changes to Readline
a. Fixed a problem with cleaning up active marks when using callback mode.
b. Fixed a problem with arithmetic comparison operators checking the version.
c. Fixed a problem that could cause readline not to build on systems without
POSIX signal functions.
d. Fixed a bug that could cause readline to crash if the application removed
the callback line handler before readline read all typeahead.
e. Added additional checks for read errors in the middle of readline commands.
f. Fixed a redisplay problem that occurred when switching from the digit-
argument prompt `(arg: N)' back to the regular prompt and the regular
prompt contained invisible characters.
g. Fixed a problem with restoring the prompt when aborting an incremental
search.
h. Fix a problem with characters > 128 not being displayed correctly in certain
single-byte encodings.
i. Fixed a problem with unix-filename-rubout that caused it to delete too much
when applied to a pathname consisting only of one or more slashes.
j. Fixed a display problem that caused the prompt to be wrapped incorrectly if
the screen changed dimensions during a call to readline() and the prompt
became longer than the screen width.
k. Fixed a problem that caused the \r output by turning off bracketed paste
to overwrite the line if terminal echo was disabled.
l. Fixed a bug that could cause colored-completion-prefix to not display if
completion-prefix-display-length was set.
m. Fixed a problem with line wrapping prompts when a group of invisible
characters runs to the right edge of the screen and the prompt extends
longer then the screen width.
n. Fixed a couple problems that could cause rl_end to be set incorrectly by
transpose-words.
o. Prevent some display problems when running a command as the result of a
trap or one bound using `bind -x' and the command generates output.
p. Fixed an issue with multi-line prompt strings that have one or more
invisible characters at the end of a physical line.
q. Fixed an issue that caused a history line's undo list to be cleared when
it should not have been.
r. When replacing a history entry, make sure the existing entry has a non-NULL
timestamp before copying it; it may have been added by the application, not
the history library.
2. New Features in Readline
a. There is now an HS_HISTORY_VERSION containing the version number of the
history library for applications to use.
b. History expansion better understands multiple history expansions that may
contain strings that would ordinarily inhibit history expansion (e.g.,
`abc!$!$').
c. There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times
out. There is a new state value to indicate a timeout.
d. Automatically bind termcap key sequences for page-up and page-down to
history-search-backward and history-search-forward, respectively.
e. There is a new `fetch-history' bindable command that retrieves the history
entry corresponding to its numeric argument. Negative arguments count back
from the end of the history.
f. `vi-undo' is now a bindable command.
g. There is a new option: `enable-active-region'. This separates control of
the active region and bracketed-paste. It has the same default value as
bracketed-paste, and enabling bracketed paste enables the active region.
Users can now turn off the active region while leaving bracketed paste
enabled.
h. rl_completer_word_break_characters is now `const char *' like
rl_basic_word_break_characters.
i. Readline looks in $LS_COLORS for a custom filename extension
(*.readline-colored-completion-prefix) and uses that as the default color
for the common prefix displayed when `colored-completion-prefix' is set.
j. Two new bindable string variables: active-region-start-color and
active-region-end-color. The first sets the color used to display the
active region; the second turns it off. If set, these are used in place
of terminal standout mode.
k. New readline state (RL_STATE_EOF) and application-visible variable
(rl_eof_found) to allow applications to detect when readline reads EOF
before calling the deprep-terminal hook.
l. There is a new configuration option: --with-shared-termcap-library, which
forces linking the shared readline library with the shared termcap (or
curses/ncurses/termlib) library so applications don't have to do it.
m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG)
each time it is called, and modifies the appropriate locale-specific display
and key binding variables when the locale changes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
5be71d2a6e |
bash: Update to version 5.2 plus patches 1 to 9
- Update from version 5.1.16 to version 5.2 plus patches 1 to 9
- Update of rootfile
- Changelog
This is a terse description of the new features added to bash-5.2 since
the release of bash-5.1. As always, the manual page (doc/bash.1) is
the place to look for complete descriptions.
1. New Features in Bash
a. The bash malloc returns memory that is aligned on 16-byte boundaries.
b. There is a new internal timer framework used for read builtin timeouts.
c. Rewrote the command substitution parsing code to call the parser recursively
and rebuild the command string from the parsed command. This allows better
syntax checking and catches errors much earlier. Along with this, if
command substitution parsing completes with here-documents remaining to be
read, the shell prints a warning message and reads the here-document bodies
from the current input stream.
d. The `ulimit' builtin now treats an operand remaining after all of the options
and arguments are parsed as an argument to the last command specified by
an option. This is for POSIX compatibility.
e. Here-document parsing now handles $'...' and $"..." quoting when reading the
here-document body.
f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline
commands now understand $'...' and $"..." quoting.
g. There is a new `spell-correct-word' bindable readline command to perform
spelling correction on the current word.
h. The `unset' builtin now attempts to treat arguments as array subscripts
without parsing or expanding the subscript, even when `assoc_expand_once'
is not set.
i. There is a default value for $BASH_LOADABLES_PATH in config-top.h.
j. Associative array assignment and certain instances of referencing (e.g.,
`test -v' now allow `@' and `*' to be used as keys.
k. Bash attempts to expand indexed array subscripts only once when executing
shell constructs and word expansions.
l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with
that value for associative arrays instead of unsetting the entire array
(which you can still do with `unset arrayname'). For indexed arrays, it
removes all elements of the array without unsetting it (like `A=()').
m. Additional builtins (printf/test/read/wait) do a better job of not
parsing array subscripts if array_expand_once is set.
n. New READLINE_ARGUMENT variable set to numeric argument for readline commands
defined using `bind -x'.
o. The new `varredir_close' shell option causes bash to automatically close
file descriptors opened with {var}<fn and other styles of varassign
redirection unless they're arguments to the `exec' builtin.
p. The `$0' special parameter is now set to the name of the script when running
any (non-interactive) startup files such as $BASH_ENV.
q. The `enable' builtin tries to load a loadable builtin using the default
search path if `enable name' (without any options) attempts to enable a
non-existent builtin.
r. The `printf' builtin has a new format specifier: %Q. This acts like %q but
applies any specified precision to the original unquoted argument, then
quotes and outputs the result.
s. The new `noexpand_translations' option controls whether or not the translated
output of $"..." is single-quoted.
t. There is a new parameter transformation operator: @k. This is like @K, but
expands the result to separate words after word splitting.
u. There is an alternate array implementation, selectable at `configure' time,
that optimizes access speed over memory use (use the new configure
--enable-alt-array-implementation option).
v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty
string, treat the redirection as [N]<&- or [N]>&- and close file descriptor
N (default 0).
w. Invalid parameter transformation operators are now invalid word expansions,
and so cause fatal errors in non-interactive shells.
x. New shell option: patsub_replacement. When enabled, a `&' in the replacement
string of the pattern substitution expansion is replaced by the portion of
the string that matched the pattern. Backslash will escape the `&' and
insert a literal `&'.
y. `command -p' no longer looks in the hash table for the specified command.
z. The new `--enable-translatable-strings' option to `configure' allows $"..."
support to be compiled in or out.
aa. The new `globskipdots' shell option forces pathname expansion never to
return `.' or `..' unless explicitly matched. It is enabled by default.
bb. Array references using `@' and `*' that are the value of nameref variables
(declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if
set -u is enabled and the array (v) is unset.
cc. There is a new bindable readline command name:
`vi-edit-and-execute-command'.
dd. In posix mode, the `printf' builtin checks for the `L' length modifier and
uses long double for floating point conversion specifiers if it's present,
double otherwise.
ee. The `globbing' completion code now takes the `globstar' option into account.
ff. `suspend -f' now forces the shell to suspend even if job control is not
currently enabled.
gg. Since there is no `declare -' equivalent of `local -', make sure to use
`local -' in the output of `local -p'.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
Peter Müller
|
ace891f719 |
intel-microcode: Update rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
f30206c39a |
openssl: Update to version 1.1.1s
- Update from version 1.1.1q to 1.1.1s
- Update of rootfile
- Changelog
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
*) Added the loongarch64 target
*) Fixed a DRBG seed propagation thread safety issue
*) Fixed a memory leak in tls13_generate_secret
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
*) Added a missing header for memcmp that caused compilation failure on some
platforms
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
bea1d4aef1 |
libnetfilter_conntrack: Update to version 1.0.9
- Update from version 1.0.8 to 1.0.9
- Update of rootfile
- Changelog
1.0.9
This release comes with the new nfct_nlmsg_build_filter() function that
allows to add metadata for kernel-side filtering of conntrack entries
during conntrack table dump.
The nfct_query() API supports the new NFCT_Q_FLUSH_FILTER argument,
it allows to flush only ipv4 or ipv6 entries from the connection
tracking table.
nfct_snprint family of functions have been updated.
SCTP conntrack entries now support 'heartbeat sent/acked' state.
Entries offloaded to hardware include '[HW_OFFLOAD]' in the formatted
output string.
Notable bugs fixed with this release include:
Fix buffer overflows and out-of-bounds accesses in the
nfct_snprintf() functions.
nfct_nlmsg_build() did not work for ICMP flows unless all ICMP attributes
were set in the reply tuple too, this affected the 'conntrack' tool
where updates (e.g. setting the conntrack mark to a different value)
of ICMP flows would not work.
- Detailed Changes
src: Handle negative snprintf return values properly
src: Fix nfexp_snprintf return value docs
conntrack: Replace strncpy with snprintf to improve null byte handling
conntrack: Fix incorrect snprintf size calculation
include: Add ARRAY_SIZE() macro
conntrack: Fix buffer overflow on invalid icmp type in setters
conntrack: Move icmp request>reply type mapping to common file
conntrack: Fix buffer overflow in protocol related snprintf functions
conntrack: Fix buffer overflows in __snprintf_protoinfo* like in *2str fns
examples: check return value of nfct_nlmsg_build()
libnetfilter_conntrack.pc.in: add LIBMNL_LIBS to Libs.Private
conntrack: dccp print function should use dccp state
conntrack: sctp: update states
include: add CTA_STATS_CLASH_RESOLVE
include: sync uapi header with nf-next
src: add support for status dump filter
include: add CTA_STATS_CHAIN_TOOLONG from linux 5.15 uapi
libnetfilter_conntrack: bump version to 1.0.9
build: use the right automake variables
Update .gitignore
build: update obsolete autoconf macros
conntrack: fix invmap_icmpv6 entries
conntrack: Don't use ICMP attrs in decision to build repl tuple
src: add IPS_HW_OFFLOAD flag
conntrack: add flush filter command
build: missing internal/proto.h in Makefile.am
conntrack: add nfct_nlmsg_build_filter() helper
conntrack: don't cancel nest on unknown layer 4 protocols
tests: Fix for missing qa-connlabel.conf in tarball
tests: Add simple tests to TESTS variable
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Peter Müller
|
28b9df01a6 |
linux-firmware: Do not ship firmware for Realtek Bluetooth devices
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
1c609e13de |
linux-firmware: Update to 20221109
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Matthias Fischer
|
ae45b1217a |
bind: Update to 9.16.35
For details for 9.16.35 and 9.16.34 (we skipped the last) see: https://downloads.isc.org/isc/bind9/9.16.35/doc/arm/html/notes.html#notes-for-bind-9-16-35 "Notes for BIND 9.16.35 Bug Fixes A crash was fixed that happened when a dnssec-policy zone that used NSEC3 was reconfigured to enable inline-signing. [GL #3591] In certain resolution scenarios, quotas could be erroneously reached for servers, including any configured forwarders, resulting in SERVFAIL answers being sent to clients. This has been fixed. [GL #3598] rpz-ip rules in response-policy zones could be ineffective in some cases if a query had the CD (Checking Disabled) bit set to 1. This has been fixed. [GL #3247] Previously, if Internet connectivity issues were experienced during the initial startup of named, a BIND resolver with dnssec-validation set to auto could enter into a state where it would not recover without stopping named, manually deleting the managed-keys.bind and managed-keys.bind.jnl files, and starting named again. This has been fixed. [GL #2895] The statistics counter representing the current number of clients awaiting recursive resolution results (RecursClients) could overflow in certain resolution scenarios. This has been fixed. [GL #3584] Previously, BIND failed to start on Solaris-based systems with hundreds of CPUs. This has been fixed. [GL #3563] When a DNS resource record’s TTL value was equal to the resolver’s configured prefetch “eligibility” value, the record was erroneously not treated as eligible for prefetching. This has been fixed. [GL #3603] ... Notes for BIND 9.16.34 Bug Fixes Changing just the TSIG key names for primaries in catalog zones’ member zones was not effective. This has been fixed. [GL #3557]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
9d5d747799 |
dtc: Update rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
35494eac83 |
OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096
Initial patch: https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=2ccc799f8bd6a12c3edab5f1a89fab4d2cd05ea8 Minor adjustments to make it apply to the current state of "next", and removal of chown operation in OpenSSL's LFS file, which would have lead to the Diffie-Hellman group file being writable by nobody, for which there is no necessity. Fixes: #12632 From: Erik Kapfer <erik.kapfer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
Arne Fitzenreiter
|
ad73008393 |
memtest: update to memtest86+ v6.00
This is now a version 64bit version that can also boot via efi. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> |
||
|
Peter Müller
|
d41f25bd96 |
Python3: Update 32-bit ARM rootfile
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
f9ab4c432a |
Core Update 172: Ship Python 3.10.8 and related changes
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
fa613d31c8 |
rust-pyo3-build-config:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
c74a3eead3 |
rust-pyo3-macros-backend:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
fd9d183c21 |
rust-pyo3-macros:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
9ab0df2c67 |
rust-pyo3:Update to version 0.15.2 - required by python3-cryptography
- Updated from version 0.15.1 to 0.15.2
- Update of rootfile
- Changelog
## [0.15.2] - 2022-04-14
### Packaging
- Backport of PyPy 3.9 support from PyO3 0.16. [#2262](https://github.com/PyO3/pyo3/pull/2262)
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
7b43fb6b7d |
rust-pem:Update to version 1.1.0 - required by python3-cryptography
- Updated from version 1.0.2 to 1.1.0 - Update of rootfile - Changelog found in source tarball stops at version 1.0.1 No changelog found elsewhere Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
217e9db591 |
rust-ouroboros_macro:Update to version 0.15.5 - required by python3-cryptography
- Updated from version 0.13.0 to 0.15.5 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
c8e187ba8e |
rust-ouroboros:Update to version 0.15.5 - required by python3-cryptography
- Updated from version 0.13.0 to 0.15.5 - Update of rootfile - No changelog found in source tarball or other location Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |