mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-20 16:02:59 +02:00
e36f341ee554eec800dcaca954c0ee8f4972464e
8542 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Adolf Belka
|
7fa435b3bb |
libffi: Update to version 3.4.4
- Update from version 3.4.2 to 3.4.4 - Update of rootfile - Changelog 3.4.4 Oct-23-2022 Important aarch64 fixes, including support for linux builds with Link Time Optimization (-flto). Fix x86 stdcall stack alignment. Fix x86 Windows msvc assembler compatibility. Fix moxie and or1k small structure args. 3.4.3 Sep-19-22 All struct args are passed by value, regardless of size, as per ABIs. Enable static trampolines for Cygwin. Add support for Loongson's LoongArch64 architecture. Fix x32 static trampolines. Fix 32-bit x86 stdcall stack corruption. Fix ILP32 aarch64 support. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
cdb071978d |
libidn: Update to version 1.41
- Update from version 1.38 to 1.41
- Update of rootfile
- Changelog
* Noteworthy changes in release 1.41 (2022-06-25) [stable]
** Bump LT_REVISION for new release.
It was mistakenly left at the same value since 1.38.
** Add version number related self-checks.
* Noteworthy changes in release 1.40 (2022-06-20) [stable]
** lib: Bump STRINGPREP_VERSION to 1.40.
It was mistakenly left at 1.38 in the 1.39 release.
* Noteworthy changes in release 1.39 (2022-06-20) [stable]
** lib: Code detecting current locale broken since 1.36.
The code always returned ASCII. The precise cause is complicated to
track down but likely boils down to the new autotools/gettext
bootstrapping sequence introduced in release 1.36. Reported by Богдан
Пилипенко <bogdan.pylypenko107@gmail.com>.
** maint: Java JAR archive no longer included in source tarball.
** Minor fixes: typos, makefiles, indentation, gnulib update, etc.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
2a269f26cc |
libinih: Update to version r56
- Update from version r55 to r56
- Update of rootfile not required
- Changelog
version 56
Fix redundant cast-to-int when INI_USE_STACK!=0
Make inline comments work on subsequent lines of multiline values
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
b0025e53ff |
libjpeg: Update to version 2.1.4
- Update from version 2.0.4 to 2.1.4
- Update of rootfile
- Changelog
2.1.4
### Significant changes relative to 2.1.3
1. Fixed a regression introduced in 2.1.3 that caused build failures with
Visual Studio 2010.
2. The `tjDecompressHeader3()` function in the TurboJPEG C API and the
`TJDecompressor.setSourceImage()` method in the TurboJPEG Java API now accept
"abbreviated table specification" (AKA "tables-only") datastreams, which can be
used to prime the decompressor with quantization and Huffman tables that can be
used when decompressing subsequent "abbreviated image" datastreams.
3. libjpeg-turbo now performs run-time detection of AltiVec instructions on
OS X/PowerPC systems if AltiVec instructions are not enabled at compile time.
This allows both AltiVec-equipped (PowerPC G4 and G5) and non-AltiVec-equipped
(PowerPC G3) CPUs to be supported using the same build of libjpeg-turbo.
4. Fixed an error ("Bogus virtual array access") that occurred when attempting
to decompress a progressive JPEG image with a height less than or equal to one
iMCU (8 * the vertical sampling factor) using buffered-image mode with
interblock smoothing enabled. This was a regression introduced by
2.1 beta1[6(b)].
5. Fixed two issues that prevented partial image decompression from working
properly with buffered-image mode:
- Attempting to call `jpeg_crop_scanline()` after
`jpeg_start_decompress()` but before `jpeg_start_output()` resulted in an error
("Improper call to JPEG library in state 207".)
- Attempting to use `jpeg_skip_scanlines()` resulted in an error ("Bogus
virtual array access") under certain circumstances.
2.1.3
### Significant changes relative to 2.1.2
1. Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM
input files into full-color JPEG images unless the `-grayscale` option was
used.
2. cjpeg now automatically compresses GIF and 8-bit BMP input files into
grayscale JPEG images if the input files contain only shades of gray.
3. The build system now enables the intrinsics implementation of the AArch64
(Arm 64-bit) Neon SIMD extensions by default when using GCC 12 or later.
4. Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using
the merged (non-fancy) upsampling algorithms (that is, with
`cinfo.do_fancy_upsampling` set to `FALSE`) along with `jpeg_crop_scanline()`.
Specifically, the segfault occurred if the number of bytes remaining in the
output buffer was less than the number of bytes required to represent one
uncropped scanline of the output image. For that reason, the issue could only
be reproduced using the libjpeg API, not using djpeg.
2.1.2
### Significant changes relative to 2.1.1
1. Fixed a regression introduced by 2.1 beta1[13] that caused the remaining
GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used
by default with GCC for performance reasons) to be placed in the `.rodata`
section rather than in the `.text` section. This caused the GNU linker to
automatically place the `.rodata` section in an executable segment, which
prevented libjpeg-turbo from working properly with other linkers and also
represented a potential security risk.
2. Fixed an issue whereby the `tjTransform()` function incorrectly computed the
MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus
unduly rejected some cropping regions, even though those regions aligned with
8x8 MCU block boundaries.
3. Fixed a regression introduced by 2.1 beta1[13] that caused the build system
to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy
architectures that do not support Neon instructions.
4. libjpeg-turbo now performs run-time detection of AltiVec instructions on
FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile
time. This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be
supported using the same build of libjpeg-turbo.
5. cjpeg now accepts a `-strict` argument similar to that of djpeg and
jpegtran, which causes the compressor to abort if an LZW-compressed GIF input
image contains incomplete or corrupt image data.
2.1.1
### Significant changes relative to 2.1.0
1. Fixed a regression introduced in 2.1.0 that caused build failures with
non-GCC-compatible compilers for Un*x/Arm platforms.
2. Fixed a regression introduced by 2.1 beta1[13] that prevented the Arm 32-bit
(AArch32) Neon SIMD extensions from building unless the C compiler flags
included `-mfloat-abi=softfp` or `-mfloat-abi=hard`.
3. Fixed an issue in the AArch32 Neon SIMD Huffman encoder whereby reliance on
undefined C compiler behavior led to crashes ("SIGBUS: illegal alignment") on
Android systems when running AArch32/Thumb builds of libjpeg-turbo built with
recent versions of Clang.
4. Added a command-line argument (`-copy icc`) to jpegtran that causes it to
copy only the ICC profile markers from the source file and discard any other
metadata.
5. libjpeg-turbo should now build and run on CHERI-enabled architectures, which
use capability pointers that are larger than the size of `size_t`.
6. Fixed a regression (CVE-2021-37972) introduced by 2.1 beta1[5] that caused a
segfault in the 64-bit SSE2 Huffman encoder when attempting to losslessly
transform a specially-crafted malformed JPEG image.
2.1.0
### Significant changes relative to 2.1 beta1
1. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
decompress certain progressive JPEG images with one or more component planes of
width 8 or less caused a buffer overrun.
2. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
decompress a specially-crafted malformed progressive JPEG image caused the
block smoothing algorithm to read from uninitialized memory.
3. Fixed an issue in the Arm Neon SIMD Huffman encoders that caused the
encoders to generate incorrect results when using the Clang compiler with
Visual Studio.
4. Fixed a floating point exception (CVE-2021-20205) that occurred when
attempting to compress a specially-crafted malformed GIF image with a specified
image width of 0 using cjpeg.
5. Fixed a regression introduced by 2.0 beta1[15] whereby attempting to
generate a progressive JPEG image on an SSE2-capable CPU using a scan script
containing one or more scans with lengths divisible by 32 and non-zero
successive approximation low bit positions would, under certain circumstances,
result in an error ("Missing Huffman code table entry") and an invalid JPEG
image.
6. Introduced a new flag (`TJFLAG_LIMITSCANS` in the TurboJPEG C API and
`TJ.FLAG_LIMIT_SCANS` in the TurboJPEG Java API) and a corresponding TJBench
command-line argument (`-limitscans`) that causes the TurboJPEG decompression
and transform functions/operations to return/throw an error if a progressive
JPEG image contains an unreasonably large number of scans. This allows
applications that use the TurboJPEG API to guard against an exploit of the
progressive JPEG format described in the report
["Two Issues with the JPEG Standard"](https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf).
7. The PPM reader now throws an error, rather than segfaulting (due to a buffer
overrun) or generating incorrect pixels, if an application attempts to use the
`tjLoadImage()` function to load a 16-bit binary PPM file (a binary PPM file
with a maximum value greater than 255) into a grayscale image buffer or to load
a 16-bit binary PGM file into an RGB image buffer.
8. Fixed an issue in the PPM reader that caused incorrect pixels to be
generated when using the `tjLoadImage()` function to load a 16-bit binary PPM
file into an extended RGB image buffer.
9. Fixed an issue whereby, if a JPEG buffer was automatically re-allocated by
one of the TurboJPEG compression or transform functions and an error
subsequently occurred during compression or transformation, the JPEG buffer
pointer passed by the application was not updated when the function returned.
2.0.90 (2.1 beta1)
### Significant changes relative to 2.0.6:
1. The build system, x86-64 SIMD extensions, and accelerated Huffman codec now
support the x32 ABI on Linux, which allows for using x86-64 instructions with
32-bit pointers. The x32 ABI is generally enabled by adding `-mx32` to the
compiler flags.
Caveats:
- CMake 3.9.0 or later is required in order for the build system to
automatically detect an x32 build.
- Java does not support the x32 ABI, and thus the TurboJPEG Java API will
automatically be disabled with x32 builds.
2. Added Loongson MMI SIMD implementations of the RGB-to-grayscale, 4:2:2 fancy
chroma upsampling, 4:2:2 and 4:2:0 merged chroma upsampling/color conversion,
and fast integer DCT/IDCT algorithms. Relative to libjpeg-turbo 2.0.x, this
speeds up:
- the compression of RGB source images into grayscale JPEG images by
approximately 20%
- the decompression of 4:2:2 JPEG images by approximately 40-60% when
using fancy upsampling
- the decompression of 4:2:2 and 4:2:0 JPEG images by approximately
15-20% when using merged upsampling
- the compression of RGB source images by approximately 30-45% when using
the fast integer DCT
- the decompression of JPEG images into RGB destination images by
approximately 2x when using the fast integer IDCT
The overall decompression speedup for RGB images is now approximately
2.3-3.7x (compared to 2-3.5x with libjpeg-turbo 2.0.x.)
3. 32-bit (Armv7 or Armv7s) iOS builds of libjpeg-turbo are no longer
supported, and the libjpeg-turbo build system can no longer be used to package
such builds. 32-bit iOS apps cannot run in iOS 11 and later, and the App Store
no longer allows them.
4. 32-bit (i386) OS X/macOS builds of libjpeg-turbo are no longer supported,
and the libjpeg-turbo build system can no longer be used to package such
builds. 32-bit Mac applications cannot run in macOS 10.15 "Catalina" and
later, and the App Store no longer allows them.
5. The SSE2 (x86 SIMD) and C Huffman encoding algorithms have been
significantly optimized, resulting in a measured average overall compression
speedup of 12-28% for 64-bit code and 22-52% for 32-bit code on various Intel
and AMD CPUs, as well as a measured average overall compression speedup of
0-23% on platforms that do not have a SIMD-accelerated Huffman encoding
implementation.
6. The block smoothing algorithm that is applied by default when decompressing
progressive Huffman-encoded JPEG images has been improved in the following
ways:
- The algorithm is now more fault-tolerant. Previously, if a particular
scan was incomplete, then the smoothing parameters for the incomplete scan
would be applied to the entire output image, including the parts of the image
that were generated by the prior (complete) scan. Visually, this had the
effect of removing block smoothing from lower-frequency scans if they were
followed by an incomplete higher-frequency scan. libjpeg-turbo now applies
block smoothing parameters to each iMCU row based on which scan generated the
pixels in that row, rather than always using the block smoothing parameters for
the most recent scan.
- When applying block smoothing to DC scans, a Gaussian-like kernel with a
5x5 window is used to reduce the "blocky" appearance.
7. Added SIMD acceleration for progressive Huffman encoding on Arm platforms.
This speeds up the compression of full-color progressive JPEGs by about 30-40%
on average (relative to libjpeg-turbo 2.0.x) when using modern Arm CPUs.
8. Added configure-time and run-time auto-detection of Loongson MMI SIMD
instructions, so that the Loongson MMI SIMD extensions can be included in any
MIPS64 libjpeg-turbo build.
9. Added fault tolerance features to djpeg and jpegtran, mainly to demonstrate
methods by which applications can guard against the exploits of the JPEG format
described in the report
["Two Issues with the JPEG Standard"](https://libjpeg-turbo.org/pmwiki/uploads/About/TwoIssueswiththeJPEGStandard.pdf).
- Both programs now accept a `-maxscans` argument, which can be used to
limit the number of allowable scans in the input file.
- Both programs now accept a `-strict` argument, which can be used to
treat all warnings as fatal.
10. CMake package config files are now included for both the libjpeg and
TurboJPEG API libraries. This facilitates using libjpeg-turbo with CMake's
`find_package()` function. For example:
find_package(libjpeg-turbo CONFIG REQUIRED)
add_executable(libjpeg_program libjpeg_program.c)
target_link_libraries(libjpeg_program PUBLIC libjpeg-turbo::jpeg)
add_executable(libjpeg_program_static libjpeg_program.c)
target_link_libraries(libjpeg_program_static PUBLIC
libjpeg-turbo::jpeg-static)
add_executable(turbojpeg_program turbojpeg_program.c)
target_link_libraries(turbojpeg_program PUBLIC
libjpeg-turbo::turbojpeg)
add_executable(turbojpeg_program_static turbojpeg_program.c)
target_link_libraries(turbojpeg_program_static PUBLIC
libjpeg-turbo::turbojpeg-static)
11. Since the Unisys LZW patent has long expired, cjpeg and djpeg can now
read/write both LZW-compressed and uncompressed GIF files (feature ported from
jpeg-6a and jpeg-9d.)
12. jpegtran now includes the `-wipe` and `-drop` options from jpeg-9a and
jpeg-9d, as well as the ability to expand the image size using the `-crop`
option. Refer to jpegtran.1 or usage.txt for more details.
13. Added a complete intrinsics implementation of the Arm Neon SIMD extensions,
thus providing SIMD acceleration on Arm platforms for all of the algorithms
that are SIMD-accelerated on x86 platforms. This new implementation is
significantly faster in some cases than the old GAS implementation--
depending on the algorithms used, the type of CPU core, and the compiler. GCC,
as of this writing, does not provide a full or optimal set of Neon intrinsics,
so for performance reasons, the default when building libjpeg-turbo with GCC is
to continue using the GAS implementation of the following algorithms:
- 32-bit RGB-to-YCbCr color conversion
- 32-bit fast and accurate inverse DCT
- 64-bit RGB-to-YCbCr and YCbCr-to-RGB color conversion
- 64-bit accurate forward and inverse DCT
- 64-bit Huffman encoding
A new CMake variable (`NEON_INTRINSICS`) can be used to override this
default.
Since the new intrinsics implementation includes SIMD acceleration
for merged upsampling/color conversion, 1.5.1[5] is no longer necessary and has
been reverted.
14. The Arm Neon SIMD extensions can now be built using Visual Studio.
15. The build system can now be used to generate a universal x86-64 + Armv8
libjpeg-turbo SDK package for both iOS and macOS.
2.0.6
### Significant changes relative to 2.0.5:
1. Fixed "using JNI after critical get" errors that occurred on Android
platforms when using any of the YUV encoding/compression/decompression/decoding
methods in the TurboJPEG Java API.
2. Fixed or worked around multiple issues with `jpeg_skip_scanlines()`:
- Fixed segfaults or "Corrupt JPEG data: premature end of data segment"
errors in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or
4:2:0 JPEG images using merged (non-fancy) upsampling/color conversion (that
is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.) 2.0.0[6] was a
similar fix, but it did not cover all cases.
- `jpeg_skip_scanlines()` now throws an error if two-pass color
quantization is enabled. Two-pass color quantization never worked properly
with `jpeg_skip_scanlines()`, and the issues could not readily be fixed.
- Fixed an issue whereby `jpeg_skip_scanlines()` always returned 0 when
skipping past the end of an image.
3. The Arm 64-bit (Armv8) Neon SIMD extensions can now be built using MinGW
toolchains targetting Arm64 (AArch64) Windows binaries.
4. Fixed unexpected visual artifacts that occurred when using
`jpeg_crop_scanline()` and interblock smoothing while decompressing only the DC
scan of a progressive JPEG image.
5. Fixed an issue whereby libjpeg-turbo would not build if 12-bit-per-component
JPEG support (`WITH_12BIT`) was enabled along with libjpeg v7 or libjpeg v8
API/ABI emulation (`WITH_JPEG7` or `WITH_JPEG8`.)
2.0.5
### Significant changes relative to 2.0.4:
1. Worked around issues in the MIPS DSPr2 SIMD extensions that caused failures
in the libjpeg-turbo regression tests. Specifically, the
`jsimd_h2v1_downsample_dspr2()` and `jsimd_h2v2_downsample_dspr2()` functions
in the MIPS DSPr2 SIMD extensions are now disabled until/unless they can be
fixed, and other functions that are incompatible with big endian MIPS CPUs are
disabled when building libjpeg-turbo for such CPUs.
2. Fixed an oversight in the `TJCompressor.compress(int)` method in the
TurboJPEG Java API that caused an error ("java.lang.IllegalStateException: No
source image is associated with this instance") when attempting to use that
method to compress a YUV image.
3. Fixed an issue (CVE-2020-13790) in the PPM reader that caused a buffer
overrun in cjpeg, TJBench, or the `tjLoadImage()` function if one of the values
in a binary PPM/PGM input file exceeded the maximum value defined in the file's
header and that maximum value was less than 255. libjpeg-turbo 1.5.0 already
included a similar fix for binary PPM/PGM files with maximum values greater
than 255.
4. The TurboJPEG API library's global error handler, which is used in functions
such as `tjBufSize()` and `tjLoadImage()` that do not require a TurboJPEG
instance handle, is now thread-safe on platforms that support thread-local
storage.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
b000e8e466 |
psmisc: Update to version 23.6
- Update from version 23.4 to 23.6
- Update of rootfile
- Changelog
Changes in 23.6
* buildsys: Fix DEJAGNU work-around Debian #1015089
* killall: Use kill if pidfd_send_signal fails Debian #1015228
* fuser: Do not mention nonexistent - reset option #42
* fuser: Use modern statn where possible
* pstree: Better AppArmor support !30
Changes in 23.5
* killall: Check truncated names !28
* killall: Use openat and pidfd_send_signal #37
* killall: Don't check paths of sockets #35
* pstree: Check for process with show_parents #38
* pstree: Don't disable compaction with show pgids #34
* pstree: Fix storage leak !29
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
1d087b0bc0 |
iproute2: Update to version 6.1.0
- Update from version 6.0.0 to 6.1.0 - Update of rootfile not required - Changelog is only available from the commits in the git repositry https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
bdfe675987 |
libarchive: Update to version 3.6.2
- Update from version 3.6.1 to 3.6.2
- Update of rootfile
- patch to fix glibc 2.36 headers is now part of the source code
- Changelog
Libarchive 3.6.2 is a bugfix and security release.
Important bug fixes:
include ZSTD in Windows builds (#1688)
SSL fixes on Windows (#1714, #1723, #1724)
rar5 reader: fix possible garbled output with bsdtar -O (#1745)
mtree reader: support reading mtree files with tabs (#1783)
various small fixes for issues found by CodeQL
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
75b473e2d6 |
krb5: Update to version 1.20.1
- Update from version 1.20 to 1.20.1
- Update of rootfile not required
- Changelog
Major changes in 1.20.1 (2022-11-15)
Fix integer overflows in PAC parsing [CVE-2022-42898].
Fix null deref in KDC when decoding invalid NDR.
Fix memory leak in OTP kdcpreauth module.
Fix PKCS11 module path search.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
a39a7ffdad |
libstatgrab: Update to version 0.92.1
- Update from vesrion 0.92 to 0.92.1
- Update of rootfile
- Changelog
libstatgrab 0.92.1 (27 July 2021)
* Fix build with autoconf 2.70+.
* Fix CPU stats on older Linux kernels.
* Make sure to count processes in an unknown state.
* Check if -ltinfo is needed when linking ncurses.
* Fixes to build when cross-compiling.
* Fix build with -DNDEBUG.
* Handle vmmeter changes in FreeBSD 12.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
8e93f8a545 |
libssh: Update to version 0.10.4
- Update from version 0.9.6 to 0.10.4 - Update of rootfile - Changelog version 0.10.4 (released 2022-09-07) * Fixed issues with KDF on big endian version 0.10.3 (released 2022-09-05) * Fixed possible infinite loop in known hosts checking version 0.10.2 (released 2022-09-02) * Fixed tilde expansion when handling include directives * Fixed building the shared torture library * Made rekey test more robust (fixes running on i586 build systems e.g koji) version 0.10.1 (released 2022-08-30) * Fixed proxycommand support * Fixed musl libc support version 0.10.0 (released 2022-08-26) * Added support for OpenSSL 3.0 * Added support for mbedTLS 3 * Added support for Smart Cards (through openssl pkcs11 engine) * Added support for chacha20-poly1305@openssh.com with libgcrypt * Added support ed25519 keys in PEM files * Added support for sk-ecdsa and sk-ed25519 (server side) * Added support for limiting RSA key sizes and not accepting small one by default * Added support for ssh-agent on Windows * Added ssh_userauth_publickey_auto_get_current_identity() API * Added ssh_vlog() API * Added ssh_send_issue_banner() API * Added ssh_session_set_disconnect_message() API * Added new configuration options: + IdentityAgent + ModuliFile * Provided X11 client example * Disabled DSA support at build time by default (will be removed in the next release) * Deprecated the SCP API! * Deprecated old pubkey, privatekey API * Avoided some needless large stack buffers to minimize memory footprint * Removed support for OpenSSL < 1.0.1 * Fixed parsing username@host in login name * Free global init mutex in the destructor on Windows * Fixed PEM parsing in mbedtls to support both legacy and new PKCS8 formats Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
01e65b0902 |
libshout: Update to version 2.4.6
- Update from version 2.4.3 to 2.4.6
- Update of rootfile
- Changelog
libshout 2.4.6 (20220410)
* Fixed pkg-config file (#2329)
* Made vorbis an optional codec
* Do not pass to small headers to libspeex
(see also the same mirror-patch in Icecast)
* Updated documentation, mostly in regard of making it clearer
which functions are now obsoleted
* General code cleanup
* Added compiler warnings about obsoleted functions and
ignored return values
* Replaced old shout_set_metadata() with new shout_set_metadata_utf8()
* Added support for plain text streaming
* Fixed shout_set_metadata*() sometimes returning SHOUTERR_RETRY (#2328)
* Workaround old clients by emulating SHOUTERR_RETRY with SHOUTERR_BUSY (#2316)
* Remove our re-implementation of X509_check_host()
* Allow to disable building tools (#2331)
libshout 2.4.5 (20201219)
* Improved shout.h for reading, and understanding.
* Marked dumpfile support as obsolete (as SHOUT_PROTOCOL_XAUDIOCAST already is).
* Added Support for setting the content language.
* Avoid the use of obsolete functions (#2317).
* Several small fixes for non-blocking mode (#2321, #2315).
* Corrected detection of libogg (mostly for windows targets).
* Now accept TLS mode "auto" when build without TLS support.
* Added new tool shout(1).
libshout 2.4.4 (20201001)
* Fixed handling of blocking/non-blocking mode
* Fixed ICY port increment
* Fixed reusing of handles
* Fixed error handling of Ogg sync layer
* Fixed Passing of errors between connection and instance layer
Without this fix died connections were not correctly detected.
* Fixed and improved build scripts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
776419475f |
libpciaccess: Update to version 0.17
- Update from version 0.16 to 0.17 - Update of rootfile not required - bz2 source file no longer available - xz supplied - Changelog is available in the source file and lists each of the commits that have been added between version 0.16 and 0.17 A bit too long to include fully here. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
6d144d259f |
dbus: Update to version 1.14.4
- Update from version 1.14.0 to 1.14.4
- Update of rootfile
- Changelog
dbus 1.14.4 (2022-10-05)
This is a security update for the dbus 1.14.x stable branch, fixing
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
security hardening (dbus#416).
Behaviour changes:
• On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
Denial of service fixes:
Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote attacker.
• An invalid array of fixed-length elements where the length of the array
is not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
• A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (dbus#418, CVE-2022-42010; Simon McVittie)
• A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. This was a regression in
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
dbus 1.14.2 (2022-09-26)
Fixes:
• Fix build failure on FreeBSD (dbus!277, Alex Richardson)
• Fix build failure on macOS with launchd enabled
(dbus!287, Dawid Wróbel)
• Preserve errno on failure to open /proc/self/oom_score_adj
(dbus!285, Gentoo#834725; Mike Gilbert)
• On Linux, don't log warnings if oom_score_adj is read-only but does not
need to be changed (dbus!291, Simon McVittie)
• Slightly improve error-handling for inotify
(dbus!235, Simon McVittie)
• Don't crash if dbus-daemon is asked to watch more than 128 directories
for changes (dbus!302, Jan Tojnar)
• Autotools build system fixes:
· Don't treat --with-x or --with-x=yes as a request to disable X11,
fixing a regression in 1.13.20. Instead, require X11 libraries and
fail if they cannot be detected. (dbus!263, Lars Wendler)
· When a CMake project uses an Autotools-built libdbus in a
non-standard prefix, find dbus-arch-deps.h successfully
(dbus#314, Simon McVittie)
· Don't include generated XML catalog in source releases
(dbus!317, Jan Tojnar)
· Improve robustness of detecting gcc __sync atomic builtins
(dbus!320, Alex Richardson)
• CMake build system fixes:
· Detect endianness correctly, fixing interoperability with other D-Bus
implementations on big-endian systems (dbus#375, Ralf Habacker)
· When building for Unix, install session and system bus setup
in the intended locations
(dbus!267, dbus!297; Ralf Habacker, Alex Richardson)
· Detect setresuid() and getresuid() (dbus!319, Alex Richardson)
· Detect backtrace() on FreeBSD (dbus!281, Alex Richardson)
· Don't include headers from parent directory (dbus!282, Alex Richardson)
· Distinguish between host and target TMPDIR when cross-compiling
(dbus!279, Alex Richardson)
· Fix detection of atomic operations (dbus!306, Alex Richardson)
Tests and CI enhancements:
• On Unix, skip tests that switch uid if run in a container that is
unable to do so, instead of failing (dbus#407, Simon McVittie)
• Use the latest MSYS2 packages for CI
(Ralf Habacker, Simon McVittie)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
15214970e6 |
avahi: Fix bug #13017 - - dbus[n]: Unknown group "netdev" in message bus configuration file
- add command into avahi install.sh paks file to add netdev group if it doesn't exist - Update avahi PAK_VER to ensure that change is shipped Tested-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
e10a8583ae |
libyang: Update to version 2.1.4
- Update from version 2.0.194 to 2.1.4
- Update of rootfile
- Changelog
Version 2.1.4 Latest
Main changes of this release are:
large extensions refactoring
increased ext plugin API version
new callbacks and capabilities of plugins
changes in the parsed and compiled ext instance structures
native support for structure extension
error path logging improvements
fixed unions with leafrefs
yanglint schema mount support
huge number of other fixes and improvements
Version 2.0.231
Main changes of this release are:
XPath axes support
schema-mount fixes
many other fixes in various parts of the library
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
410dcc25ca |
libxslt: Update to version 1.1.37
- Update from version 1.1.35 to 1.1.37
- Update of rootfile
- Changelog
v1.1.37: Aug 29 2022
### Improvements
- Don't use deprecated libxml2 macros
- Don't mess with xmlDefaultSAXHandler
### Build system
- Require automake-1.16.3 or later
- Remove generated files from distribution
- Add missing compile definition for static builds to Autotools (Mike Dalessio)
v1.1.36: Aug 17 2022
### Removals and deprecations
- Remove SVN keyword anchors
- Remove CVS and SVN-related code
- Remove README.cvs-commits
- Remove ChangeLog
- Remove xsltwin32config.h
### Improvements
- Simplify xsltexports.h and exsltexports.h
- Don't overlink executables with gcrypt
- Fix quadratic behavior with variables and parameters
- Remove case labels with XPointer location types
- Add configure~ to .gitignore
- Stop calling deprecated libxml2 functions
### Portability
- Use portable python shebangs (David Seifert)
- Remove useless __CYGWIN__ checks
- Remove cruft from win32config.h
- crypto.c: Silence a compiler warning on Windows (Chun-wei Fan)
### Build system
- Add missing compile definition for static builds to CMake
- Avoid obsolescent `test -a` constructs (David Seifert)
- Only link libxml2 statically in purely static build
- Set AC_CONFIG_MACRO_DIR
- Allow AM_MAINTAINER_MODE to be disabled
- Streamline and fix documentation installation
- Don't try to recreate COPYING symlink
- Remove special configuration for certain maintainers
- configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
- Detect libm using libtool's macros (David Seifert)
- configure.ac: disable static libraries by default (David Seifert)
- python/Makefile.am: nest python docs in $(docdir) (David Seifert)
- python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
- configure.ac: remove useless AC_SUBST (David Seifert)
- Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
- Change libxml2 Python config
- Don't check for standard C89 library functions
- Don't check for standard C89 headers
- Remove --with-html-dir option
- Also check for glibtoolize in autogen.sh
- Rework documentation build system
- Remove old website
- CMake: Relax check for enabling crypto support on Windows (Chun-wei Fan)
- Remove obsolete AC_HEADER_STDC autoconf macro (Vadim Zeitlin)
- Remove special configuration for old maintainers
### Test suite, CI
- Remove test involving XPointer range-to function
- Test recursion in EXSLT dynamic functions
- Add CI job for static build
### Documentation
- Move tutorial images
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
1302f0cde8 |
libvirt: Update version to 8.10.0
- Update from version 8.9.0 to 8.10.0
- Update of rootfile
- Changelog
v8.10.0 (2022-12-01)
**New features**
* Tool for validating SEV firmware boot measurement of QEMU VMs
The ``virt-qemu-sev-validate`` program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.
* Support for SGX EPC (enclave page cache)
Users can add a ``<memory model='sgx-epc'>`` device to lauch a VM with
``Intel Software Guard Extensions``.
* Support migration of vTPM state of QEMU vms on shared storage
Pass ``--migration`` option if appropriate in order for ``swtpm`` to
properly migrate on shared storage.
**Improvements**
* Mark close callback (un-)register API as high priority
High priority APIs use a separate thread pool thus can help in eliminating
problems with stuck VMs. Marking the close callback API as high priority
allows ``virsh`` to properly connect to the daemon in case the normal
priority workers are stuck allowing other high priority API usage.
* Updated x86 CPU features
The following features for the x86 platform were added:
``v-vmsave-vmload``, ``vgif``, ``avx512-vp2intersect``, ``avx512-fp16``,
``serialize``, ``tsx-ldtrk``, ``arch-lbr``, ``xfd``, ``intel-pt-lip``,
``avic``, ``sgx``, ``sgxlc``, ``sgx-exinfo``, ``sgx1``, ``sgx2``,
``sgx-debug``, ``sgx-mode64``, ``sgx-provisionkey``, ``sgx-tokenkey``,
``sgx-kss``, ``bus-lock-detect``, ``pks``, ``amx``.
* Add support for ``hv-avic`` Hyper-V enlightenment
``qemu-6.2`` introduced support for the ``hv-avic`` enlightenment which
allows to use Hyper-V SynIC with hardware APICv/AVIC enabled.
* qemu: Run memory preallocation with numa-pinned threads
Run the thread allocating memory in the proper NUMA node to reduce overhead.
* RPM packaging changes
- add optional dependancy of ``libvirt-daemon`` on ``libvirt-client``
The ``libvirt-guests.`` tool requires the ``virsh`` client to work
properly, but we don't want to require the installation of the daemon
if the tool is not used.
- relax required ``python3-libvirt`` version for ``libvirt-client-qemu``
The ``virt-qemu-qmp-proxy`` tool requires python but doesn't strictly
need the newest version. Remove the strict versioning requirement in
order to prevent cyclic dependency when building.
**Bug fixes**
* Skip initialization of ``cache`` capabilities if host doesn't support them
Hypervisor drivers would fail to initialize on ``aarch64`` hosts with
following error ::
virStateInitialize:657 : Initialisation of cloud-hypervisor state driver failed: no error
which prevented the startup of the daemon.
* Allow incoming connections to guests on routed networks w/firewalld
A change in handling of implicit rules in ``firewalld 1.0.0`` broke
incomming connections to VMs when using ``routed`` network. This is fixed
by adding a new ``libvirt-routed`` zone configured to once again allow
incoming sessions to guests on routed networks.
* Fix infinite loop in nodedev driver
Certain udev entries might be of a size that makes libudev emit EINVAL
which caused a busy loop burning CPU. Fix it by ignoring the return code.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
349fc481b8 |
libusbredir: Update to version 0.13.0
- Update from version 0.8.0 to 0.13.0 - Update of rootfile - bz2 version no longer supplied only xz version - Build changed from autotyools to meson/ninja - Changelog # usbredir-0.13.0 - 01 Aug 2022 - !61 Fix regression on unserialize data - !59 Removes usbredirserver - !58 Improved header length checks when unserialising data - !62 Fix usage of command line argument in usbredirect - !57 Fix small memory leak on usbredirect # usbredir-0.12.0 - 12 Nov 2021 - !47 Implement dropping packets from isochronous devices when buffer is owned by usbredirparser library - !50 Use packet size limit on deserialization - !54 Fix possible bad state in deserialization logic - !48 Fix possible memory leak in serialization logic - !45 Fix (un)serialization with empty write buffers - !42 !46 !52 Improvements to usbredirparserfuzz # usbredir-0.11.0 - 10 Aug 2021 - !40 Fixes use-after-free on usbredirparser serialization - !25 Fixes memory leak in usbredirparser - !32 Fixes build in MacOS related to visibility of exported symbols - !36 Adds usbredirfilter_free function - !29 Adds Fuzzing for Filters - !34 Improvements to usbredirfilter_string_to_rules() # usbredir-0.10.0 - 27 May 2021 - !23 Fixes 0.9.0 regression in bulk transfer message size - !20 Drops autotools, only meson is supported now - !15, !16, !18, !21 Improves fuzzing code base and meson builds - !17 Fixes libusbredirhost.pc when generated by meson # usbredir-0.9.0 - 02 Apr 2021 - !2 Add usbredirect tool with feature parity with usbredirserver - !6 Add fuzzer for usbredirparser - !12 Add MSI installer for usbredirect tool - !11 Add meson build: autotool will be removed in a future release - !5 Limit packet's length to 65 kB - !4 Fix wrong up-cast when checking for package's length - Require LLVM's compiler-rt (optional: for fuzzer) - Require glib2 >= 2.44 (optional: for usbredirect) - Deprecate usbredirserver in favor of usbredirect Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
f2171fc9d6 |
libusb: Update to version 1.0.26
- Update from version 1.0.25 to 1.0.26
- Update of rootfile not required
- Changelog
2022-04-10: v1.0.26
* Fix regression with transfer free's after closing device
* Fix regression with destroyed context if API is misused
* Workaround for applications using missing default context
* Fix hotplog enumeration regression
* Fix Windows isochronous transfer regression since 1.0.24
* Fix macOS exit crash in some multi-context cases
* Build fixes for various platforms and configurations
* Fix Windows HID multi-interface product string retrieval
* Update isochronous OUT packet actual lengths on Windows
* Add interface bound checking for broken devices
* Add umockdev tests on Linux
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Adolf Belka
|
5e1db85c4f |
mpfr: Update to version 4.1.1 with patch 1
- Update from version 4.1.0 with patch set 1 to 13 to 4.1.1 with aptch set 1 to 1
- Update of rootfile
- Changelog
Changes from version 4.1.0 to version 4.1.1:
- Bug fixes (see <https://www.mpfr.org/mpfr-4.1.0/#fixed> and/or the
ChangeLog file), in particular for macros implementing functions.
- Improved manual formatting.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
|
||
Matthias Fischer
|
5d34a9171c |
libconfig: Update to 1.7.3
...it just came my way... For details see: https://github.com/hyperrealm/libconfig/releases/tag/v1.7.3 This release includes some bugfixes and enhancements. Fixed a memory access violation bug in config_clear() Various fixes to CMake and Visual Studio build files Added a Setting::isString() method Fixed a bug in config_setting_lookup() where the setting itself (instead of NULL) would be returned if the path was not found. Renamed all remaining internal methods that lacked a 'libconfig_' prefix. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Michael Tremer
|
a0918657c9 |
network: Drop any traces of ISDN
This has been removed a long time ago and we should probably spend a little bit more time on keeping the networking code tidy :) Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
1d66c3509f |
libqmi: New package
This library implements the QMI modem protocol. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
47a57621b0 |
libgudev: New package
This is required for libqmi. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Peter Müller
|
9ea8de7c39 |
Revert "lsof: Update to version 4.96.4"
This reverts commit
|
||
|
Peter Müller
|
4acb701b84 |
Tor: Update to 0.4.7.12
Full changelog:
Changes in version 0.4.7.12 - 2022-12-06
This version contains a major change that is a new key for moria1. Also, new
metrics are exported on the MetricsPort for the congestion control
subsystem.
o Directory authority changes (moria1):
- Rotate the relay identity key and v3 identity key for moria1. They
have been online for more than a decade and refreshing keys
periodically is good practice. Advertise new ports too, to avoid
confusion. Closes ticket 40722.
o Minor feature (Congestion control metrics):
- Add additional metricsport relay metrics for congestion control.
Closes ticket 40724.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on December 06, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/12/06.
o Minor bugfixes (cpuworker, relay):
- Fix an off by one overload calculation on the number of CPUs being
used by our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
|
||
|
Michael Tremer
|
7a22b050fa |
Revert "Drop powertop"
This reverts commit
|
||
|
Peter Müller
|
8d1f604b4a |
ca-certificates: Remove TrustCor Systems root CAs
On November 30, 2022, Mozilla decided to take the following actions as a response to the concerns raised about the merits of this root CA operator (excerpt taken from https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ): > 1. Set "Distrust for TLS After Date" and "Distrust for S/MIME > After Date" to November 30, 2022, for the 3 TrustCor root > certificates (TrustCor RootCert CA-1, TrustCor ECA-1, > TrustCor RootCert CA-2) that are currently included in > Mozilla's root store. > > 2. Remove those root certificates from Mozilla's root store > after the existing end-entity TLS certificates have expired. As far as the latter is concerned, the offending certificates have these expiry dates set: - TrustCor RootCert CA-1: Mon, 31 Dec 2029 17:23:16 GMT - TrustCor RootCert CA-2: Sun, 31 Dec 2034 17:26:39 GMT - TrustCor ECA-1: Mon, 31 Dec 2029 17:28:07 GMT The way IPFire 2 currently processes Mozilla's trust store does not feature a way of incorporate a "Distrust for XYZ After Date" attribute. This means that despite TrustCor Systems root CAs are no longer trusted by browsers using Mozilla's trust store, IPFire would still accept certificates directly or indirectly issued by this CA until December 2029 or December 2034. To protect IPFire users, this patch therefore suggests to patch our copy of Mozilla's trust store in order to remove TrustCor Systems' root CAs: The vast majority of HTTPS connections established from an IPFire machine take place in a non-interactive context, so there is no security benefit from a "Distrust After Date" information. Instead, if we do not want IPFire installations to trust this CA, we have no other option other than remove it unilaterally from our copy of Mozilla's trust store. See also: https://lists.ipfire.org/pipermail/development/2022-November/014681.html Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Peter Müller
|
2b99013377 |
libhtp: Update to 0.5.42
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Peter Müller
|
959fe5103b |
suricata: Update to 6.0.9
Full changelog: Security #5710: smb: crash inside of streaming buffer Grow() (6.0.x backport) Security #5694: smtp/base64: crash / memory corruption (6.0.x backport) Security #5688: decoder/tunnel: tunnel depth not limited properly (6.0.x backport) Security #5600: ips: encapsulated packet logged as dropped, but not actually dropped (6.0.x backport) Bug #5715: smb: file not tracked on smb2 async (6.0.x backport) Bug #5714: SMB2 async responses are not matched with its request (6.0.x backport) Bug #5709: HTTP/2 decompression bug (6.0.x backport) Bug #5696: Integer overflow at dcerpc.rs:846 (6.0.x backport) Bug #5695: readthedocs: not showing pdf download option for recent versions (6.0.x backport) Bug #5683: FlowSwapFileFlags function is incorrect (6.0.x backport) Bug #5635: track by_rule|by_both incorrectly rejected for global thresholds (6.0.x backport) Bug #5633: Pass rules on 6.0.8 are generating alert events when passing tunneled traffic Bug #5608: base64: skip over all invalid characters for RFC 2045 mode (6.0.x backport) Bug #5607: base64_decode does not populate base64_data buffer once hitting non-base64 chars (6.0.x backport) Bug #5602: dcerpc: rust integer underflow (6.0.x backport) Bug #5599: eve: mac address logging for packet records reverses direction (6.0.x backport) Bug #5598: detect/tag: timeout handling issues on windows (6.0.x backport) Bug #5594: ips/tap: in layer 2 ips/tap setups, warn that mixed usage of ips and tap will be removed in 8.0 (6.0.x backport) Bug #4883: Netmap configuration -- need a configuration option for non-standard library locations (6.0.x backport) Feature #5478: Support for RFC2231 (6.0.x backport) Task #5698: libhtp 0.5.42 Task #5570: transversal: update references to suricata webpage version 2 (backport 6.0.x) Task #4852: netmap: new API version (14) supports multi-ring software mode (6.0.x backport) Signed-off-by: Peter Müller <peter.mueller@ipfire.org> |
||
|
Adolf Belka
|
73955514ac |
shairport-sync: ship package due to new ffmpeg version
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
96f000490b |
mpd: ship package due to new ffmpeg version
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
fab147214f |
minidlna: ship package due to new ffmpeg version
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
08c5fc0a67 |
flac: Update to version 1.4.2
- Update from version 1.3.3 to 1.4.2
- Update of rootfile
- several libraries with so bump. Checked with find-dependencies - nothing flagged
- Changelog
This changelog is not exhaustive, review [the git commit log
(https://github.com/xiph/flac/commits) for an exhaustive list of changes.
## FLAC 1.4.2 (22-Oct-2022)
Once again, this release only has a few changes. A problem with FLAC playback in GStreamer (and possibly other libFLAC users) was the reason for the short time since the last release
* General
* Remove xmms plugin (Martijn van Beurden, TokyoBlackHole)
* Remove all pure assembler, removing build dependency on nasm
* Made console output more uniform across different platforms and CPUs
* Improve ability to tune compile for a certain system (for example with -march=native) when combining with --disable-asm-optimizations: plain C functions can now be better optimized
* Build system
* Default CFLAGS are now prepended instead of dropped when user CFLAGS are set
* -msse2 is no longer added by default (was only applicable to x86)
* Fix cross-compiling and out-of-tree building when pandoc and doxygen are not available
* Fix issue with Clang not compiling functions with intrinsics
* Fix detection of bswap intrinsics (Ozkan Sezer)
* Improve search for libssp on MinGW (Ozkan Sezer, Martijn van Beurden)
* libFLAC
* Fix issue when the libFLAC user seeks in a file instead of libFLAC itself
## FLAC 1.4.1 (22-Sep-2022)
This release only has a few changes. It was triggered by a problem in the 1.4.0 tarball: man pages were empty and api documentation missing
* CMake fixes (Tomasz Kłoczko)
* Add checks that man pages and api docs end up in tarball
* Enable installation of prebuilt man pages and api docs
* Fix compiler warnings (Johannes Kauffmann, Ozkan Sezer)
* Fix format specifier (manxorist)
* Enable building on Universal Windows Platform (Steve Lhomme)
* Fix versioning from git
## FLAC 1.4.0 (09-Sep-2022)
As there have been changes to the library interfaces, the libFLAC version number is incremented to 12, the libFLAC++ version number is incremented to 10. As some changes were breaking, the version age numbers (see [libtool versioning](https://www.gnu.org/software/libtool/manual/libtool.html#Libtool-versioning)) have been reset to 0. For more details on the changes to the API, see the [porting guide](https://xiph.org/flac/api/group__porting__1__3__4__to__1__4__0.html).
The XMMS plugin and 'common' plugin code (used only by the XMMS plugin) are deprecated, they will be removed in a future release.
* General:
* It is now possible to limit the minimum bitrate of a FLAC file generated by libFLAC and with the `flac` tool to 1 bit/sample. This function can be used to aid live streaming, for example for internet radio
* Encoding files with sample rates up to 1'048'575Hz is now possible. (Con Kolivas)
* Compression of preset -3 through -8 was slightly improved at the cost of a small decrease in encoding speed by increasing the precision with which autocorrelation was calculated (Martijn van Beurden)
* Encoding speed of preset -0, -1 and -2 was slightly improved
* Compression of presets -1 and -4 was slighly improved on certain material by changing the adaptive mid-side heuristics
* Speedups specifically targeting 64-bit ARMv8 devices using NEON were integrated (Ronen Gvili, Martijn van Beurden)
* Speedups for x86_64 CPUs having the FMA instruction set extention are added
* Encoding and decoding of 32-bit PCM is now possible
* (Ogg) FLAC format:
* The FLAC format document is being rewritten by the IETF CELLAR working group. The latest draft can be found on [https://datatracker.ietf.org/doc/draft-ietf-cellar-flac/](https://datatracker.ietf.org/doc/draft-ietf-cellar-flac/)
* The FLAC format document specifies no bounds for the residual. In other to match current decoder implementations, it is proposed to bound the residual to the range provided by a 32-bit int signed two's complement. This limit must be checked by FLAC encoders as to keep FLAC decoders free from the complexity of being to decode a residual exceeding a 32-bit int.
* There is now a set of files available to test whether a FLAC decoder implements the format correctly. This FLAC decoder testbench can be found at [https://github.com/ietf-wg-cellar/flac-test-files](https://github.com/ietf-wg-cellar/flac-test-files). Also, results of testing hard- and software can be found here at [https://wiki.hydrogenaud.io/index.php?title=FLAC_decoder_testbench](https://wiki.hydrogenaud.io/index.php?title=FLAC_decoder_testbench).
* flac:
* The option --limit-min-bitrate was added to aid streaming, see [github #264](https://github.com/xiph/flac/pull/264)
* The option --keep-foreign-metadata-if-present is added. This option works the same as --keep-foreign-metadata, but does return a warning instead of an error if no foreign metadata was found to store or restore
* The warning returned by the foreign metadata handling is now clearer in case a user tries to restore foreign metadata of the wrong type, for example decoding a FLAC file containing AIFF foreign metadata to a WAV file
* A problem when using the analyse function causing the first frame to have a wrong size and offset was fixed
* Fix bug where channel mask of a file is unintentionally reused when several files are processed with one command
* The order of compression-related commands is no longer important, i.e. -8ep gives the same result as -ep8. Previously, a compression level (like -8) would override a more specific setting (like -e or -p). This is no longer the case
* flac now checks the block-align property of WAV files to ensure non-standard WAV files (for which flac has no handling) are not mangled
* metaflac:
* (none)
* build system:
* MSVC and Makefile.lite build system files have been removed. Building with MSVC (Visual Studio) can be done by using CMake
* Various CMake improvements, especially for creating MSVC build files (Martijn van Beurden, martinRenou, CookiePLMonster, David Callu, Tyler Dunn, Cameron Cawley)
* Various fixes for MinGW (Martijn van Beurden, Cameron Cawley)
* Removed obsolete autotools macro's to silence warnings
* Fixes for FreeBSD PowerPC (pkubaj)
* Fixed some compiler warnings (Martijn van Beurden, Tyler Dunn)
* Fix building with uclibc (Fabrice Fontaine)
* testing/validation:
* Addition of new encoder fuzzer, adding fuzzing for 8, 24 and 32-bit inputs
* Addition of new decoder fuzzer, adding coverage of seeking code
* Addition of metadata fuzzer, adding coverage of metadata APIs
* Various improvements to fuzzers to improve code coverage, fuzzing speed and stability
* Many changes to test suite to improve cross-platform compatibility (Rosen Penev)
* Windows CI now also builds the whole test suite
* Clang-format file added (Rosen Penev)
* Add warning on using v141_xp platform toolset with /MT (Martijn van Beurden, Paul Sanders)
* libraries:
* Various seeking fixes (Martijn van Beurden, Robert Kausch)
* Various bugs fixed found by fuzzing
* On decoding, it is now checked whether residuals can be contained by a 32-bit int, preventing integer overflow
* Add check that samples supplied to libFLAC actually fall within the bps set
* Add checks when parsing metadata blocks to not allocate excessive amounts of memory and not overread
* Undocumented Windows-only utf8 functions are no longer exported to the DLL interface
* Removed all assembler and intrinsics code from the decoder to improve fuzzing, as they provided only a small speed benefit
* The bitwriter buffer is limited in size to 2^24 bytes, so it cannot write excessively large files. This is a backup in case another bug in this area creeps (back) in.
* The metadata iterations should now never return a vorbiscomment entry with NULL as an entry, now always at least an empty string is returned
* documentation:
* Removed html documentation and generate man pages from markdown
* Interface changes:
* libFLAC:
* Addition of FLAC__stream_encoder_set_limit_min_bitrate() and FLAC__stream_encoder_get_limit_min_bitrate(), see [github #264](https://github.com/xiph/flac/pull/264)
* get_client_data_from_decoder is renamed FLAC__get_decoder_client_data(), see [github #124](https://github.com/xiph/flac/pull/124)
* All API functions taking a filename as an argument now take UTF-8 filenames on Windows, and no longer accept filenames using the current codepage
* FLAC__Frame struct has changed: warmup samples are now stored in FLAC__int64 instead of FLAC__int32 types, and verbatim samples can now be stored in either FLAC__int32 or FLAC__int64 depending on whether samples fix the former or latter
* The FLAC__StreamMetadata struct now has a tag, so it can be forward declared
* libFLAC++:
* Addition of ::set_limit_min_bitrate() and ::get_limit_min_bitrate(), see [github #264](https://github.com/xiph/flac/pull/264)
* All API functions taking a filename as an argument now take UTF-8 filenames on Windows, and no longer accept filenames using the current codepage
* The ::FLAC__Frame struct has changed, see the libFLAC interface change.
## FLAC 1.3.4 (20-Feb-2022)
This release mostly fixes (security related) bugs. When building with MSVC, using CMake is preferred, see the README under "Building with CMake" for more information. Building with MSVC using solution files is deprecated and these files will be removed in the future. As there have been no changes to the library interfaces, the libFLAC version number remains 11, and libFLAC++ version number remains 9.
* General:
* Fix 12 decoder bugs found by oss-fuzz, including CVE-2020-0499 (erikd, Martijn van Beurden)
* Fix encoder bug CVE-2021-0561 (NeelkamalSemwal)
* Integrate oss-fuzzers (erikd, Guido Vranken)
* Seeking fixes (NeelkamalSemwal, Robert Kausch)
* Various fixes and improvements (Andrei Astafev, Rosen Penev, Håkan Kvist, oreo639, erikd, Tamás Zahola, Ulrik Mikaelsson, Tyler Dunn, tmkk)
* FLAC format:
* (none)
* Ogg FLAC format:
* (none)
* flac:
* Various fixes and improvements (Andrei Astafev, Martijn van Beurden)
* metaflac:
* (none)
* build system:
* CMake improvements (evpobr, Vitaliy Kirsanov, erikd, Ozkan Sezer, Tyler Dunn, tg-m DeadSix27, ericLemanissier, Chocobo1).
* Fixes for MinGW and MSVC (Ozkan Sezer).
* Fix for clang (Ozkan Sezer)
* Fix for PowerPC (Peter Seiderer, Thomas BERNARD)
* Fix for FreeBSD PowerPC (pkubaj).
* testing/validation:
* Add Windows target to CI, improve logging (Ralph Giles)
* CI improvements (Ralph Giles, Ewout ter Hoeven)
* documentation:
* Doxygen fixes (Tyler Dunn)
* Fix typos (Tim Gates, maxz)
* Interface changes:
* libFLAC:
* (none)
* libFLAC++:
* (none)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
8005b23bc4 |
sysstat: Update to version 12.7.1
- Update from version 12.5.4 to 12.7.1 - Update of rootfile - Changelog 2022/11/06: Version 12.7.1: Fix possible overflow in sa_common.c (GHSL-2022-074) [12.6.1]. sadf: Add support for option -t with SVG output to make it possible to display timestamps in the same locale as that of the file creator. sadf: Print timezone instead of UTC in true time mode. Timezone is also displayed in local time. sadf: PCP: Fix timestamps written to PCP archive file. sar: Add new environment variable S_REPEAT_HEADER. pidstat: Return exit code of the process that was monitored with option -e. mpstat: Add option -H to handle vCPU physical hotplug. Add local, xlocal and debug targets to iconfig script. Turn off gcc's tree-slp-vectorize option which was making sadf crash in some situations. sa_conv.c: Make size of statistics structures from older sysstat versions immutable [12.6.1]. [Bernhard M. Wiedemann]: Declare sadc dependency on libsyscom.a [12.6.1]. [Steve Kay]: Fix gcc v11.2 warnings [12.6.1]. [Steve Kay]: Various cosmetic fixes [12.6.1]. [Jan Christoph Uhde]: sar: Remove `-I int_list` from man-page and help [12.6.1]. [Frank Dana]: Consolidate systemctl commands in README file [12.6.1]. [Rong Tao]: Remove whitespace characters at the end of lines [12.6.1]. Update configure file to deal with newer autoconf version. configure.in file is renamed to configure.ac. Update DTD and XSD documents. sar and sysstat manual pages updated. NLS updated. Add new Georgian translation. Non regression tests updated. 2022/05/29: Version 12.6.0: sar: Fix maximum value for A_IRQ activity. sar/sadf: A_NET_SOFT: Add new metric softnet network backlog. sadc: A_NET_SOFT: Use CPU id from /proc/net/softnet_stat. Update DTD and XSD documents (softnet backlog). [Chris Bagwell]: sar/sadf: Convert 64-bit time value to time_t as needed. sadf: Add basic colorization to sadf's output. sadf: Add sanity checks on values read from file. sadf: PCP: Fix multiple metrics name problems. sa_common.c: Remove unneeded variable assignment. [Lukáš Zaoral]: Take into account LDFLAGS passer to configure script. Various janitorial fixes and updated. Update FAQ. Update sar manual page. Update NLS translations. Update non regression tests. 2022/02/28: Version 12.5.6: sar/sadc: Rewrite code used to collect and display interrupts statistics. Statistics are now collected from /proc/interrupts (instead of /proc/stat) and are displayed for each installed CPU. sar/sadf: Add new "--int=" option to enter a list of interrupts on the command line. sadf: Update the various output formats to deal with the new per-CPU interrupts statistics. Update DTD and XSD documents. CPU elements may be non-existent when all selected CPU are offline. Update sar and sadf manual pages. mpstat: Create its own function to read the total number of interrupts from /proc/stat file. mpstat: Remove unneeded "aligned" attribute from struct stats_irqcpu definition. sar: Fix index value used in online_cpu_bitmap array. sar/sadf: Make sure that datafiles with unknown activities can be read by sar and sadf [12.4.5]. sar/sadf: Don't reallocate buffers for activities not present in file [12.4.5]. sar: Make sure that all buffers are copied in copy_structures() function [12.4.5]. PCP: Fix flow_limit_count metric's unit (A_NET_SOFT activity). PCP: Fix instance names for getattr call (A_NET_NFS(D) activities). Use sizeof() macro instead of hard-coded values with snprintf() functions. rndr_stats.c: Use NOVAL instead of NULL as last argument for cons() function. Use strings definitions whenever possible. Add new non regression tests. Update some existing ones. Various cosmetic fixes. 2021/12/05: Version 12.5.5: iostat: Add --compact option. iostat: Always display persistent names with option -j [12.4.4]. iostat: Fix how device mapper names are taken into account when entered on the command line [12.4.4]. iostat: Update manual page. mpstat: Don't display offline CPU [12.4.4]. mpstat: Fix values displayed when an offline CPU goes back online [12.4.4]. mpstat: Fix untrusted loop bound [12.4.4]. mpstat: Update non regression tests [12.4.4]. sar: Tell the user to convert the file when needed. sadc: Reuse count results for sub-items. [Ville Skyttä]: Use `grep -E` instead of deprecated `egrep` [12.4.4]. [Ville Skyttä]: Spelling and grammar fixes [12.4.4]. Update FAQ. [Nathan Naze]: Update man pages with correct spelling of "JavaScript" [12.4.4]. Update non regression tests. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
28c939b78f |
samba: Update to version 4.17.3
- Update from version 4.17.0 to 4.17.3
- Update of rootfile (x86_64) - other architectures will need to be adjusted.
- Changelog
Release Notes for Samba 4.17.3
This is a security release in order to address the following defects:
o CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against
integer overflows when parsing a PAC on a 32-bit system, which
allowed an attacker with a forged PAC to corrupt the heap.
https://www.samba.org/samba/security/CVE-2022-42898.html
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15203: CVE-2022-42898
o Nicolas Williams <nico@twosigma.com>
* BUG 15203: CVE-2022-42898
Release Notes for Samba 4.17.2
This is a security release in order to address the following defects:
o CVE-2022-3437: There is a limited write heap buffer overflow in the GSSAPI
unwrap_des() and unwrap_des3() routines of Heimdal (included
in Samba).
https://www.samba.org/samba/security/CVE-2022-3437.html
o CVE-2022-3592: A malicious client can use a symlink to escape the exported
directory.
https://www.samba.org/samba/security/CVE-2022-3592.html
o Volker Lendecke <vl@samba.org>
* BUG 15207: CVE-2022-3592.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15134: CVE-2022-3437.
Release Notes for Samba 4.17.1
o Jeremy Allison <jra@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15174: smbXsrv_connection_shutdown_send result leaked.
* BUG 15182: Flush on a named stream never completes.
* BUG 15195: Permission denied calling SMBC_getatr when file not exists.
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
* BUG 15191: pytest: add file removal helpers for TestCaseInTempDir.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15189: Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later.
over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC.
o Ralph Boehme <slow@samba.org>
* BUG 15182: Flush on a named stream never completes.
o Volker Lendecke <vl@samba.org>
* BUG 15151: vfs_gpfs silently garbles timestamps > year 2106.
o Gary Lockyer <gary@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
o Stefan Metzmacher <metze@samba.org>
* BUG 15200: multi-channel socket passing may hit a race if one of the
involved processes already existed.
* BUG 15201: memory leak on temporary of struct imessaging_post_state and
struct tevent_immediate on struct imessaging_context (in
rpcd_spoolss and maybe others).
o Noel Power <noel.power@suse.com>
* BUG 15205: Since popt1.19 various use after free errors using result of
poptGetArg are now exposed.
o Anoop C S <anoopcs@samba.org>
* BUG 15192: Remove special case for O_CREAT in SMB_VFS_OPENAT from
vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15169: GETPWSID in memory cache grows indefinetly with each NTLM auth.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
bf81d06806 |
rsync: Update to version 3.2.7
- Update from version 3.2.6 to 3.2.7
- Update of rootfile not required
- Changelog
# NEWS for rsync 3.2.7 (20 Oct 2022)
### BUG FIXES:
- Fixed the client-side validating of the remote sender's filtering behavior.
- More fixes for the "unrequested file-list name" name, including a copy of
"/" with `--relative` enabled and a copy with a lot of related paths with
`--relative` enabled (often derived from a `--files-from` list).
- When rsync gets an unpack error on an ACL, mention the filename.
- Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
"use chroot" is false).
### ENHANCEMENTS:
- Added negotiated daemon-auth support that allows a stronger checksum digest
to be used to validate a user's login to the daemon. Added SHA512, SHA256,
and SHA1 digests to MD5 & MD4. These new digests are at the highest priority
in the new daemon-auth negotiation list.
- Added support for the SHA1 digest in file checksums. While this tends to be
overkill, it is available if someone really needs it. This overly-long
checksum is at the lowest priority in the normal checksum negotiation list.
See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST`
environment var for how to customize this.
- Improved the xattr hash table to use a 64-bit key without slowing down the
key's computation. This should make extra sure that a hash collision doesn't
happen.
- If the `--version` option is repeated (e.g. `-VV`) then the information is
output in a (still readable) JSON format. Client side only.
- The script `support/json-rsync-version` is available to get the JSON style
version output from any rsync. The script accepts either text on stdin
**or** an arg that specifies an rsync executable to run with a doubled
`--version` option. If the text we get isn't already in JSON format, it is
converted. Newer rsync versions will provide more complete json info than
older rsync versions. Various tweaks are made to keep the flag names
consistent across versions.
- The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
so that rsync can use chroot when it works and a sanitized copy when chroot
is not supported (e.g., for a non-root daemon). Explicitly setting the
parameter to true or false (on or off) behaves the same way as before.
- The `--fuzzy` option was optimized a bit to try to cut down on the amount of
computations when considering a big pool of files. The simple heuristic from
Kenneth Finnegan resuled in about a 2x speedup.
- If rsync is forced to use protocol 29 or before (perhaps due to talking to an
rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync
now interprets this value as an unsigned integer so that a current year past
2038 can continue to be represented. This does mean that years prior to 1970
cannot be represented in an older protocol, but this trade-off seems like the
right choice given that (1) 2038 is very rapidly approaching, and (2) newer
protocols support a much wider range of old and new dates.
- The rsync client now treats an empty destination arg as an error, just like
it does for an empty source arg. This doesn't affect a `host:` arg (which is
treated the same as `host:.`) since the arg is not completely empty. The use
of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the
prior behavior of treating an empty destination arg as a ".".
### PACKAGING RELATED:
- The checksum code now uses openssl's EVP methods, which gets rid of various
deprecation warnings and makes it easy to support more digest methods. On
newer systems, the MD4 digest is marked as legacy in the openssl code, which
makes openssl refuse to support it via EVP. You can choose to ignore this
and allow rsync's MD4 code to be used for older rsync connections (when
talking to an rsync prior to 3.0.0) or you can choose to configure rsync to
tell openssl to enable legacy algorithms (see below).
- A simple openssl config file is supplied that can be installed for rsync to
use. If you install packaging/openssl-rsync.cnf to a public spot (such as
`/etc/ssl/openssl-rsync.cnf`) and then run configure with the option
`--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the
configured path in the OPENSSL_CONF environment variable (when the variable
is not already set). This will enable openssl's MD4 code for rsync to use.
- The packager may wish to include an explicit "use chroot = true" in the top
section of their supplied /etc/rsyncd.conf file if the daemon is being
installed to run as the root user (though rsync should behave the same even
with the value unset, a little extra paranoia doesn't hurt).
- I've noticed that some packagers haven't installed support/nameconvert for
users to use in their chrooted rsync configs. Even if it is not installed
as an executable script (to avoid a python3 dependency) it would be good to
install it with the other rsync-related support scripts.
- It would be good to add support/json-rsync-version to the list of installed
support scripts.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
47b5dd080a |
poppler: Update to version 22.11.0
- Update from 22.04.0 to 22.11.0
- Update of rootfile
- Changelog
Release 22.11.0:
core:
* CairoOutputDev: Update font after restore
* Protect against broken files
* Small code refactoring
Release 22.10.0:
core:
* SplashOutputDev::tilingPatternFill: Properly restore CTM on failure. Issue #1292
* Protect against malformed files
* Refactor code to not use strndup
* Other small code refactoring
utils:
* pdftoppm: Avoid round-off errors when determining raster dimensions
* pdftocairo: Avoid round-off errors when determining raster dimensions
* pdftotext: Simplify memory handling
qt:
* Take into account flagNoView when getting/setting the visible status. KDE bug #456313
build system:
* Fix sed invocation
Release 22.09.0:
core:
* Splash: Do not truncate line dash patterns with more than 20 entries. Issue #1281
* Various signature related improvements
* Fix FormField::getFullyQualifiedName in some scenarios
* Splash: Small optimization on dash pattern handling
* JBIG2Stream::readHalftoneRegionSeg: Fix potential memory leak
* Fix crashes on malformed files. Including CVE-2022-38784
* Fix string formatting in error reporting
glib:
* Fix two potential memory leaks in poppler_document_create_dests_tree
utils:
* pdfsig: List signature field names when listing signature information
* pdfsig: Add support for specifying signature by field name
* pdfunite: Fix crashes on malformed files
* pdfunite: Fix potential memory leak of docs
Release 22.08.0:
core:
* Fix rendering text on some forms
* CairoOutputDev: Support Type3 charprocs having Resources
* Fix crashes on malformed files
Release 22.07.0:
core:
* Fix crash when filling in forms in some files. Issue #1258
* Fix first lines of Annotations sometimes being cut off. Issue #1246
* Signatures: Don't crash if the signature doesn't have a common name
* CairoFontEngine: increment font_face reference when retrieving from the cache
* Add ToUnicode support for lessorequalslant and greaterorequalslant
glib:
* Add support for stamp annotation
build system:
* Tweaks on how gperf is run
Release 22.06.0:
core:
* Forms: Fix crash in forms with their own DR
* Refactor CairoFontEngine caching
* CairoOutputDev: preserve text color when drawing type 3 glyphs
* Windows: font code simplification
* Minor code improvements
cpp:
* Add missing header
utils:
* pdfattach: Assume filename is utf8 encoded
* pdftohtml: Fix type 3 font size calculation
Release 22.05.0:
core:
* Annotations: Make sure we embed fonts for the FreeText annots
* Forms: Make sure we embedd fonts as needed
* Signatures: Make sure we embed the needed fonts
* CairoOutputDev: color type 3 fonts
* fix two bugs in multiline find_text()
* code improvements
utils:
* pdftotext: added TSV mode
* HtmlOutputDev: don't use png.h
cpp:
* Use time_t for time
* Add page_transition::durationReal
qt:
* Pass leftFontSize down to `FormWidgetSignature::signDocumentWithAppearence`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
d1ade1d63f |
meson: Update to version 0.64.1
- Update from version 0.62.1 to 0.64.1
- Update of rootfile
- Changelog is too long to include here. Details can be found at
0.63.0 https://mesonbuild.com/Release-notes-for-0-63-0.html
0.64.0 https://mesonbuild.com/Release-notes-for-0-64-0.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
80274cc875 |
lsof: Update to version 4.96.4
- Update from version 4.95.0 to 4.96.4
- Update of rootfile not required
- bz2 version of source tarball is no longer provided.
- Changelog
4.96.4 October 18, 2022
[FreeBSD] sys/files.h no longer needs _KERNEL defined to
include it (bsdimp #256)
docs: Describe fd number truncation in output (#261)
4.96.3 September 16, 2022
[FreeBSD] Fix kqueue compat for releases < 14
4.96.2 September 16, 2022
[FreeBSD] fix FreeBSD < 14
4.96.1 September 16, 2022
[FreeBSD] Unconditionally define HASKQUEUE (mjguzik)
4.96.0 September 16, 2022
[linux] fix hash functions used for finding local tcp/udp IPCs
There were typos in the code calculating hash values. The typos might
break the flatness of hashtables where the endpoint information about
locally used tcp/udp was stored. Theoretically, this fix may improve
the performance of lsof with [+|-]E option.
Inspired by the issue #206 reported by Tomasz Kłoczko (@kloczek).
Show copyright notice in --version output.
[linux] compile with -Wall option
[linux] Avoid some easy collissions for udp/udp6 sockets when hashing
[linux] Changing the number of ipcbuckets to 4096
[darwin] fix build with -fno-common (Cfp redefinition)
gcc-10 and llvm-11 changed the default from -fcommon to -fno-common:
https://gcc.gnu.org/PR85678
As a result build fails as:
duplicate symbol '_Cfp' in: ddev.o dfile.o
Cfp is already explicitly defined in dstore.c. The change turns
header definition into declaration.
Provided by Sergei Trofimovich (@trofi) in #221. The same fix is
applied to libproc backend by Jiajie Chen (@jiegec) in #226.
[linux] Make build reproducible by checking SOURCE_DATE_EPOCH
and considering LSOF_{HOST,LOGNAME,SYSINFO,USER} as "none" when
it is set.
Provided by Danilo Spinella in #217
[darwin] remove /usr/include prefix from include for Darwin 19+
The /usr/include path is missing since macOS Catalina.
Fixes issue #234.
Provided by Jiajie Chen in #235
[linux] obtain correct information of memory-mapped file.
Provided by Teng Hu in #239
[FreeBSD] configure: suggest variable to set if FreeBSD sys not found
submitted by @emaste
Updated 00FAQ with lookup to open files via mountpoint
Provided by Jacob Chapman in #240
[FreeBSD] modernize API usage and remove legacy FreeBSD releases
Contributor DamjanJovanovic (#184) Ed Maste (#250, #251, #252),
Warner Losh (#253)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
a8b3a69b9d |
gnu-netcat: Removal of package
- gnu-netcat was last updated in 2004 and is not used as a dependency for any IPFire addon. - IPFire has ncat which is used as a dependency for ipfire-netboot, libshout, libvirt and squid. gnu-netcat not being required for libvcirt was confirmed by Jonatan. - nmap/ncat is being actively updated. - Based on the above this patch is removing gnu-netcat from IPFire. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> |
||
|
Adolf Belka
|
47c2e4c0aa |
sdl2: Update to version 2.26.0
- Update from version 2.0.22 to 2.26.0
- Update of rootfile
- Changelog
2.26.0:
General:
* Updated OpenGL headers to the latest API from The Khronos Group Inc.
* Added SDL_GetWindowSizeInPixels() to get the window size in pixels, which may differ from the window coordinate size for windows with high-DPI support
* Added simulated vsync synchronization for the software renderer
* Added the mouse position to SDL_MouseWheelEvent
* Added SDL_ResetHints() to reset all hints to their default values
* Added SDL_GetJoystickGUIDInfo() to get device information encoded in a joystick GUID
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360 to control whether the HIDAPI driver for XBox 360 controllers should be used
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360_PLAYER_LED to control whether the player LEDs should be lit to indicate which player is associated with an Xbox 360 controller
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_360_WIRELESS to control whether the HIDAPI driver for XBox 360 wireless controllers should be used
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_ONE to control whether the HIDAPI driver for XBox One controllers should be used
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_XBOX_ONE_HOME_LED to control the brightness of the XBox One guide button LED
* Added support for PS3 controllers to the HIDAPI driver, enabled by default on macOS, controlled by the SDL_HINT_JOYSTICK_HIDAPI_PS3 hint
* Added support for Nintendo Wii controllers to the HIDAPI driver, not enabled by default, controlled by the SDL_HINT_JOYSTICK_HIDAPI_WII hint
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_WII_PLAYER_LED to control whether the player LED should be lit on the Nintendo Wii controllers
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_VERTICAL_JOY_CONS to control whether Nintendo Switch Joy-Con controllers will be in vertical mode when using the HIDAPI driver
* Added access to the individual left and right gyro sensors of the combined Joy-Cons controller
* Added a microsecond timestamp to SDL_SensorEvent and SDL_ControllerSensorEvent, when the hardware provides that information
* Added SDL_SensorGetDataWithTimestamp() and SDL_GameControllerGetSensorDataWithTimestamp() to retrieve the last sensor data with the associated microsecond timestamp
* Added the hint SDL_HINT_HIDAPI_IGNORE_DEVICES to have the SDL HID API ignore specific devices
* SDL_GetRevision() now includes more information about the SDL build, including the git commit hash if available
Windows:
* Added the hint SDL_HINT_MOUSE_RELATIVE_SYSTEM_SCALE to control whether the system mouse acceleration curve is used for relative mouse motion
macOS:
* Implemented vsync synchronization on macOS 12
Linux:
* Added SDL_SetPrimarySelectionText(), SDL_GetPrimarySelectionText(), and SDL_HasPrimarySelectionText() to interact with the X11 primary selection clipboard
* Added the hint SDL_HINT_VIDEO_WAYLAND_EMULATE_MOUSE_WARP to control whether mouse pointer warp emulation is enabled under Wayland
Android:
* Enabled IME soft keyboard input
* Added version checking to make sure the SDL Java and C code are compatible
2.24.0:
General:
* New version numbering scheme, similar to GLib and Flatpak.
* An even number in the minor version (second component) indicates a production-ready stable release such as 2.24.0, which would have been 2.0.24 under the old system.
* The patchlevel (micro version, third component) indicates a bugfix-only update: for example, 2.24.1 would be a bugfix-only release to fix bugs in 2.24.0, without adding new features.
* An odd number in the minor version indicates a prerelease such as 2.23.0. Stable distributions should not use these prereleases.
* The patchlevel indicates successive prereleases, for example 2.23.1 and 2.23.2 would be prereleases during development of the SDL 2.24.0 stable release.
* Added SDL_GetPointDisplayIndex() and SDL_GetRectDisplayIndex() to get the display associated with a point and rectangle in screen space
* Added SDL_bsearch(), SDL_crc16(), and SDL_utf8strnlen() to the stdlib routines
* Added SDL_CPUPauseInstruction() as a macro in SDL_atomic.h
* Added SDL_size_mul_overflow() and SDL_size_add_overflow() for better size overflow protection
* Added SDL_ResetHint() to reset a hint to the default value
* Added SDL_ResetKeyboard() to reset SDL's internal keyboard state, generating key up events for all currently pressed keys
* Added the hint SDL_HINT_MOUSE_RELATIVE_WARP_MOTION to control whether mouse warping generates motion events in relative mode. This hint defaults off.
* Added the hint SDL_HINT_TRACKPAD_IS_TOUCH_ONLY to control whether trackpads are treated as touch devices or mice. By default touchpads are treated as mouse input.
* The hint SDL_HINT_JOYSTICK_HIDAPI_JOY_CONS now defaults on
* Added support for mini-gamepad mode for Nintendo Joy-Con controllers using the HIDAPI driver
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_COMBINE_JOY_CONS to control whether Joy-Con controllers are automatically merged into a unified gamepad when using the HIDAPI driver. This hint defaults on.
* The hint SDL_HINT_JOYSTICK_HIDAPI_SWITCH_HOME_LED can be set to a floating point value to set the brightness of the Home LED on Nintendo Switch controllers
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_JOYCON_HOME_LED to set the Home LED brightness for the Nintendo Joy-Con controllers. By default the Home LED is not modified.
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_SWITCH_PLAYER_LED to control whether the player LED should be lit on the Nintendo Joy-Con controllers
* Added support for Nintendo Online classic controllers using the HIDAPI driver
* Added the hint SDL_HINT_JOYSTICK_HIDAPI_NINTENDO_CLASSIC to control whether the HIDAPI driver for Nintendo Online classic controllers should be used
* Added support for the NVIDIA Shield Controller to the HIDAPI driver, supporting rumble and battery status
* Added support for NVIDIA SHIELD controller to the HIDAPI driver, and a hint SDL_HINT_JOYSTICK_HIDAPI_SHIELD to control whether this is used
* Added functions to get the platform dependent name for a joystick or game controller:
* SDL_JoystickPathForIndex()
* SDL_JoystickPath()
* SDL_GameControllerPathForIndex()
* SDL_GameControllerPath()
* Added SDL_GameControllerGetFirmwareVersion() and SDL_JoystickGetFirmwareVersion(), currently implemented for DualSense(tm) Wireless Controllers using HIDAPI
* Added SDL_JoystickAttachVirtualEx() for extended virtual controller support
* Added joystick event SDL_JOYBATTERYUPDATED for when battery status changes
* Added SDL_GUIDToString() and SDL_GUIDFromString() to convert between SDL GUID and string
* Added SDL_HasLSX() and SDL_HasLASX() to detect LoongArch SIMD support
* Added SDL_GetOriginalMemoryFunctions()
* Added SDL_GetDefaultAudioInfo() to get the name and format of the default audio device, currently implemented for PipeWire, PulseAudio, WASAPI, and DirectSound
* Added HIDAPI driver for the NVIDIA SHIELD controller (2017 model) to enable support for battery status and rumble
* Added support for opening audio devices with 3 or 5 channels (2.1, 4.1). All channel counts from Mono to 7.1 are now supported.
* Rewrote audio channel converters used by SDL_AudioCVT, based on the channel matrix coefficients used as the default for FAudio voices
* SDL log messages are no longer limited to 4K and can be any length
* Fixed a long-standing calling convention issue with dynapi affecting OpenWatcom or OS/2 builds
Windows:
* Added initial support for building for Windows and Xbox with Microsoft's Game Development Kit (GDK), see docs/README-gdk.md for details
* Added a D3D12 renderer implementation and SDL_RenderGetD3D12Device() to retrieve the D3D12 device associated with it
* Added the hint SDL_HINT_WINDOWS_DPI_AWARENESS to set whether the application is DPI-aware. This hint must be set before initializing the video subsystem
* Added the hint SDL_HINT_WINDOWS_DPI_SCALING to control whether the SDL coordinates are in DPI-scaled points or pixels
* Added the hint SDL_HINT_DIRECTINPUT_ENABLED to control whether the DirectInput driver should be used
* Added support for SDL_GetAudioDeviceSpec to the DirectSound backend
Linux:
* Support for XVidMode has been removed, mode changes are only supported using the XRandR extension
* Added the hint SDL_HINT_VIDEO_WAYLAND_MODE_EMULATION to control whether to expose a set of emulated modes in addition to the native resolution modes available on Wayland
* Added the hint SDL_HINT_KMSDRM_DEVICE_INDEX to specify which KMSDRM device to use if the default is not desired
* Added the hint SDL_HINT_LINUX_DIGITAL_HATS to control whether to treat hats as digital rather than checking to see if they may be analog
* Added the hint SDL_HINT_LINUX_HAT_DEADZONES to control whether to use deadzones on analog hats
macOS:
* Bumped minimum OS deployment version to macOS 10.9
* Added SDL_GL_FLOATBUFFERS to allow Cocoa GL contexts to use EDR
* Added the hint SDL_HINT_MAC_OPENGL_ASYNC_DISPATCH to control whether dispatching OpenGL context updates should block the dispatching thread until the main thread finishes processing. This hint defaults to blocking, which is the safer option on modern macOS.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
|
||
|
Adolf Belka
|
d7cb4f6535 |
liburcu: Update to version 0.13.2
- Update from version 0.13.0 to 0.13.2
- Update of rootfile
- Changelog
2022-08-18 Userspace RCU 0.13.2
* Revert "Fix: remove type constness in URCU_FORCE_CAST's C++ version"
* Fix: futex.h: include headers outside extern C
* Fix: add missing unused attribute to _rcu_dereference
* Fix: change method used by _rcu_dereference to strip type constness
* Fix: remove type constness in URCU_FORCE_CAST's C++ version
* Move extern "C" down in include/urcu/urcu-bp.h
* fix: ifdef linux specific cpu count compat
* Set git-review branch to stable-0.13
* fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id
* Fix: revise obsolete command in README.md
* Fix: workqueue: remove unused variable "ret"
* Fix: urcu-qsbr: futex wait: handle spurious futex wakeups
* Fix: urcu: futex wait: handle spurious futex wakeups
* Fix: urcu-wait: futex wait: handle spurious futex wakeups
* Fix: defer_rcu: futex wait: handle spurious futex wakeups
* Fix: call_rcu: futex wait: handle spurious futex wakeups
* Fix: workqueue: futex wait: handle spurious futex wakeups
* Fix: Use %lu rather than %ld to print count
2022-01-05 Userspace RCU 0.13.1
* fix: properly detect 'cmpxchg' on x86-32
* fix: use urcu-tls compat with c++ compiler
* fix: remove autoconf features default value in help message
* fix: add missing pkgconfig file for memb flavour lib
* Make temporary variable in _rcu_dereference non-const
* Fix: x86 and s390: uatomic __hp() macro C++ support
* Fix: x86 and s390: uatomic __hp() macro clang support
* Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11
* Fix: changelog: v0.13.0 was released in 2021
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
194dd04102 |
libtiff: Update to version 4.4.0
- Update from version 4.3.0 to 4.4.0 - Update of rootfile - Changelog is too long to include here (~1000 lines). Details can be found in ChangeLog file in the source tarball. There are at least 31 bug closures in this release. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
4bdb98bc25 |
libtasn1: Update to version 4.19.0
- Update from version 4.18.0 to 4.19.0
- Update of rootfile
- Changelog
* Noteworthy changes in release 4.19.0 (2022-08-23) [stable]
- Clarify libtasn1.map license. Closes: #38.
- Fix ETYPE_OK out of bounds read. Closes: #32.
- Update gnulib files and various maintenance fixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
4d9cdf1e4f |
iproute2: Update to version 6.0.0
- Update from 5.19.0 to 6.0.0 - Update of rootfile - Changelog can only be obtained by reviewing the git commits from https://git.kernel.org/pub/scm/network/iproute2/iproute2.git Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
2ae0c4b7b4 |
iana-etc: Update to version 20221107
- Update from version 20220414 to 20221107 - Update of rootfile not required - Update of iana protocols and services info Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
435dcefe08 |
git: Update to version 2.38.1
- Update from version 2.37.1 to 2.38.1
- Update of rootfile
- Changelog
Git v2.38.1 Release Notes
This release merges the security fix that appears in v2.30.6; see
the release notes for that version for details.
Git v2.38 Release Notes
* "git remote show [-n] frotz" now pays attention to negative
pathspec.
* "git push" sometimes performs poorly when reachability bitmaps are
used, even in a repository where other operations are helped by
bitmaps. The push.useBitmaps configuration variable is introduced
to allow disabling use of reachability bitmaps only for "git push".
* "git grep -m<max-hits>" is a way to limit the hits shown per file.
* "git merge-tree" learned a new mode where it takes two commits and
computes a tree that would result in the merge commit, if the
histories leading to these two commits were to be merged.
* "git mv A B" in a sparsely populated working tree can be asked to
move a path between directories that are "in cone" (i.e. expected
to be materialized in the working tree) and "out of cone"
(i.e. expected to be hidden). The handling of such cases has been
improved.
* Earlier, HTTP transport clients learned to tell the server side
what locale they are in by sending Accept-Language HTTP header, but
this was done only for some requests but not others.
* Introduce a safe.barerepository configuration variable that
allows users to forbid discovery of bare repositories.
* Various messages that come from the pack-bitmap codepaths have been
tweaked.
* "git rebase -i" learns to update branches whose tip appear in the
rebased range with "--update-refs" option.
* "git ls-files" learns the "--format" option to tweak its output.
* "git cat-file" learned an option to use the mailmap when showing
commit and tag objects.
* When "git merge" finds that it cannot perform a merge, it should
restore the working tree to the state before the command was
initiated, but in some corner cases it didn't.
* Operating modes like "--batch" of "git cat-file" command learned to
take NUL-terminated input, instead of one-item-per-line.
* "git rm" has become more aware of the sparse-index feature.
* "git rev-list --disk-usage" learned to take an optional value
"human" to show the reported value in human-readable format, like
"3.40MiB".
* The "diagnose" feature to create a zip archive for diagnostic
material has been lifted from "scalar" and made into a feature of
"git bugreport".
* The namespaces used by "log --decorate" from "refs/" hierarchy by
default has been tightened.
* "git rev-list --ancestry-path=C A..B" is a natural extension of
"git rev-list A..B"; instead of choosing a subset of A..B to those
that have ancestry relationship with A, it lets a subset with
ancestry relationship with C.
* "scalar" now enables built-in fsmonitor on enlisted repositories,
when able.
* The bash prompt (in contrib/) learned to optionally indicate when
the index is unmerged.
* "git clone" command learned the "--bundle-uri" option to coordinate
with hosting sites the use of pre-prepared bundle files.
* "git range-diff" learned to honor pathspec argument if given.
* "git format-patch --from=<ident>" can be told to add an in-body
"From:" line even for commits that are authored by the given
<ident> with "--force-in-body-from" option.
* The built-in fsmonitor refuses to work on a network mounted
repositories; a configuration knob for users to override this has
been introduced.
* The "scalar" addition from Microsoft is now part of the core Git
installation.
* Collection of what is referenced by objects in promisor packs have
been optimized to inspect these objects in the in-pack order.
* Introduce a helper to see if a branch is already being worked on
(hence should not be newly checked out in a working tree), which
performs much better than the existing find_shared_symref() to
replace many uses of the latter.
* Teach "git archive" to (optionally and then by default) avoid
spawning an external "gzip" process when creating ".tar.gz" (and
".tgz") archives.
* Allow large objects read from a packstream to be streamed into a
loose object file straight, without having to keep it in-core as a
whole.
* Further preparation to turn git-submodule.sh into a builtin
continues.
* Apply Coccinelle rule to turn raw memmove() into MOVE_ARRAY() cpp
macro, which would improve maintainability and readability.
* Teach "make all" to build gitweb as well.
* Tweak tests so that they still work when the "git init" template
did not create .git/info directory.
* Add Coccinelle rules to detect the pattern of initializing and then
finalizing a structure without using it in between at all, which
happens after code restructuring and the compilers fail to
recognize as an unused variable.
* The code to convert between GPG trust level strings and internal
constants we use to represent them have been cleaned up.
* Support for libnettle as SHA256 implementation has been added.
* The way "git multi-pack" uses parse-options API has been improved.
* A Coccinelle rule (in contrib/) to encourage use of COPY_ARRAY
macro has been improved.
* API tweak to make it easier to run fuzz testing on commit-graph parser.
* Omit fsync-related trace2 entries when their values are all zero.
* The codepath to write multi-pack index has been taught to release a
large chunk of memory that holds an array of objects in the packs,
as soon as it is done with the array, to reduce memory consumption.
* Add a level of redirection to array allocation API in xdiff part,
to make it easier to share with the libgit2 project.
* "git fetch" client logs the partial clone filter used in the trace2
output.
* The "bundle URI" design gets documented.
* The common ancestor negotiation exchange during a "git fetch"
session now leaves trace log.
* Test portability improvements.
(merge 4d1d843be7 mt/rot13-in-c later to maint).
* The "subcommand" mode is introduced to parse-options API and update
the command line parser of Git commands with subcommands.
* The pack bitmap file gained a bitmap-lookup table to speed up
locating the necessary bitmap for a given commit.
* The assembly version of SHA-1 implementation for PPC has been
removed.
* The server side that responds to "git fetch" and "git clone"
request has been optimized by allowing it to send objects in its
object store without recomputing and validating the object names.
* Annotate function parameters that are not used (but cannot be
removed for structural reasons), to prepare us to later compile
with -Wunused warning turned on.
* Share the text used to explain configuration variables used by "git
<subcmd>" in "git help <subcmd>" with the text from "git help config".
* "git mv A B" in a sparsely populated working tree can be asked to
move a path from a directory that is "in cone" to another directory
that is "out of cone". Handling of such a case has been improved.
* The chainlint script for our tests has been revamped.
* Rewrite of "git add -i" in C that appeared in Git 2.25 didn't
correctly record a removed file to the index, which was fixed.
* Certain diff options are currently ignored when combined-diff is
shown; mark them as incompatible with the feature.
* Adjust technical/bitmap-format to be formatted by AsciiDoc, and
add some missing information to the documentation.
* Fixes for tests when the source directory has unusual characters in
its path, e.g. whitespaces, double-quotes, etc.
* "git mktree --missing" lazily fetched objects that are missing from
the local object store, which was totally unnecessary for the purpose
of creating the tree object(s) from its input.
* Give _() markings to fatal/warning/usage: labels that are shown in
front of these messages.
* References to commands-to-be-typed-literally in "git rebase"
documentation mark-up have been corrected.
* In a non-bare repository, the behavior of Git when the
core.worktree configuration variable points at a directory that has
a repository as its subdirectory, regressed in Git 2.27 days.
* Recent update to vimdiff layout code has been made more robust
against different end-user vim settings.
* Plug various memory leaks, both in the main code and in test-tool
commands.
* Fixes a long-standing corner case bug around directory renames in
the merge-ort strategy.
* The resolve-undo information in the index was not protected against
GC, which has been corrected.
* A corner case bug where lazily fetching objects from a promisor
remote resulted in infinite recursion has been corrected.
* "git clone" from a repository with some ref whose HEAD is unborn
did not set the HEAD in the resulting repository correctly, which
has been corrected.
* An earlier attempt to plug leaks placed a clean-up label to jump to
at a bogus place, which as been corrected.
* Variable quoting fix in the vimdiff driver of "git mergetool"
* "git shortlog -n" relied on the underlying qsort() to be stable,
which shouldn't have. Fixed.
* A fix for a regression in test framework.
* mkstemp() emulation on Windows has been improved.
* Add missing documentation for "include" and "includeIf" features in
"git config" file format, which incidentally teaches the command
line completion to include them in its offerings.
* Avoid "white/black-list" in documentation and code comments.
* Workaround for a compiler warning against use of die() in
osx-keychain (in contrib/).
* Workaround for a false positive compiler warning.
* "git p4" working on UTF-16 files on Windows did not implement
CRLF-to-LF conversion correctly, which has been corrected.
* "git p4" did not handle non-ASCII client name well, which has been
corrected.
* "rerere-train" script (in contrib/) used to honor commit.gpgSign
while recreating the throw-away merges.
* "git checkout" miscounted the paths it updated, which has been
corrected.
* Fix for a bug that makes write-tree to fail to write out a
non-existent index as a tree, introduced in 2.37.
* There was a bug in the codepath to upgrade generation information
in commit-graph from v1 to v2 format, which has been corrected.
* Gitweb had legacy URL shortener that is specific to the way
projects hosted on kernel.org used to (but no longer) work, which
has been removed.
* Fix build procedure for Windows that uses CMake so that it can pick
up the shell interpreter from local installation location.
* Conditionally allow building Python interpreter on Windows
* Fix to lstat() emulation on Windows.
* Older gcc with -Wall complains about the universal zero initializer
"struct s = { 0 };" idiom, which makes developers' lives
inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The
build procedure has been tweaked to help these compilers.
* Plug memory leaks in the failure code path in the "merge-ort" merge
strategy backend.
* "git symbolic-ref symref non..sen..se" is now diagnosed as an error.
* A follow-up fix to a fix for a regression in 2.36 around hooks.
* Avoid repeatedly running getconf to ask libc version in the test
suite, and instead just as it once per script.
* Platform-specific code that determines if a directory is OK to use
as a repository has been taught to report more details, especially
on Windows.
* "vimdiff3" regression fix.
* "git fsck" reads mode from tree objects but canonicalizes the mode
before passing it to the logic to check object sanity, which has
hid broken tree objects from the checking logic. This has been
corrected, but to help existing projects with broken tree objects
that they cannot fix retroactively, the severity of anomalies this
code detects has been demoted to "info" for now.
* Fixes to sparse index compatibility work for "reset" and "checkout"
commands.
* An earlier optimization discarded a tree-object buffer that is
still in use, which has been corrected.
* Fix deadlocks between main Git process and subprocess spawned via
the pipe_command() API, that can kill "git add -p" that was
reimplemented in C recently.
* The sequencer machinery translated messages left in the reflog by
mistake, which has been corrected.
* xcalloc(), imitating calloc(), takes "number of elements of the
array", and "size of a single element", in this order. A call that
does not follow this ordering has been corrected.
* The preload-index codepath made copies of pathspec to give to
multiple threads, which were left leaked.
* Update the version of Ubuntu used for GitHub Actions CI from 18.04
to 22.04.
* The auto-stashed local changes created by "git merge --autostash"
was mixed into a conflicted state left in the working tree, which
has been corrected.
* Multi-pack index got corrupted when preferred pack changed from one
pack to another in a certain way, which has been corrected.
(merge 99e4d084ff tb/midx-with-changing-preferred-pack-fix later to maint).
* The clean-up of temporary files created via mks_tempfile_dt() was
racy and attempted to unlink() the leading directory when signals
are involved, which has been corrected.
(merge babe2e0559 rs/tempfile-cleanup-race-fix later to maint).
* FreeBSD portability fix for "git maintenance" that spawns "crontab"
to schedule tasks.
(merge ee69e7884e bc/gc-crontab-fix later to maint).
* Those who use diff-so-fancy as the diff-filter noticed a regression
or two in the code that parses the diff output in the built-in
version of "add -p", which has been corrected.
(merge 0a101676e5 js/add-p-diff-parsing-fix later to maint).
* Segfault fix-up to an earlier fix to the topic to teach "git reset"
and "git checkout" work better in a sparse checkout.
(merge 037f8ea6d9 vd/sparse-reset-checkout-fixes later to maint).
* "git diff --no-index A B" managed its the pathnames of its two
input files rather haphazardly, sometimes leaking them. The
command line argument processing has been straightened out to clean
it up.
(merge 2b43dd0eb5 rs/diff-no-index-cleanup later to maint).
* "git rev-list --verify-objects" ought to inspect the contents of
objects and notice corrupted ones, but it didn't when the commit
graph is in use, which has been corrected.
(merge b27ccae34b jk/rev-list-verify-objects-fix later to maint).
* More fixes to "add -p"
(merge 64ec8efb83 js/builtin-add-p-portability-fix later to maint).
* The parser in the script interface to parse-options in "git
rev-parse" has been updated to diagnose a bogus input correctly.
(merge f20b9c36d0 ow/rev-parse-parseopt-fix later to maint).
* The code that manages list-object-filter structure, used in partial
clones, leaked the instances, which has been plugged.
(merge 66eede4a37 jk/plug-list-object-filter-leaks later to maint).
* Fix another UI regression in the reimplemented "add -p".
(merge f6f0ee247f rs/add-p-worktree-mode-prompt-fix later to maint).
* "git fetch" over protocol v2 sent an incorrect ref prefix request
to the server and made "git pull" with configured fetch refspec
that does not cover the remote branch to merge with fail, which has
been corrected.
(merge 49ca2fba39 jk/proto-v2-ref-prefix-fix later to maint).
* A result from opendir() was leaking in the commit-graph expiration
codepath, which has been plugged.
(merge 12f1ae5324 ml/commit-graph-expire-dir-leak-fix later to maint).
* Just like we have coding guidelines, we now have guidelines for
reviewers.
(merge e01b851923 vd/doc-reviewing-guidelines later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge 77b9e85c0f vd/fix-perf-tests later to maint).
(merge 0682bc43f5 jk/test-crontab-fixes later to maint).
(merge b46dd1726c cc/doc-trailer-whitespace-rules later to maint).
Git 2.37.4 Release Notes
This primarily is to backport various fixes accumulated on the 'master'
front since 2.37.3, and also includes the same security fixes as in v2.30.6.
* CVE-2022-39253:
When relying on the `--local` clone optimization, Git dereferences
symbolic links in the source repository before creating hardlinks
(or copies) of the dereferenced link in the destination repository.
This can lead to surprising behavior where arbitrary files are
present in a repository's `$GIT_DIR` when cloning from a malicious
repository.
Git will no longer dereference symbolic links via the `--local`
clone mechanism, and will instead refuse to clone repositories that
have symbolic links present in the `$GIT_DIR/objects` directory.
Additionally, the value of `protocol.file.allow` is changed to be
"user" by default.
Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis.
The fix was authored by Taylor Blau, with help from Johannes
Schindelin.
* CVE-2022-39260:
An overly-long command string given to `git shell` can result in
overflow in `split_cmdline()`, leading to arbitrary heap writes and
remote code execution when `git shell` is exposed and the directory
`$HOME/git-shell-commands` exists.
`git shell` is taught to refuse interactive commands that are
longer than 4MiB in size. `split_cmdline()` is hardened to reject
inputs larger than 2GiB.
Credit for finding CVE-2022-39260 goes to Kevin Backhouse of
GitHub. The fix was authored by Kevin Backhouse, Jeff King, and
Taylor Blau.
* An earlier optimization discarded a tree-object buffer that is
still in use, which has been corrected.
* Fix deadlocks between main Git process and subprocess spawned via
the pipe_command() API, that can kill "git add -p" that was
reimplemented in C recently.
* xcalloc(), imitating calloc(), takes "number of elements of the
array", and "size of a single element", in this order. A call that
does not follow this ordering has been corrected.
* The preload-index codepath made copies of pathspec to give to
multiple threads, which were left leaked.
* Update the version of Ubuntu used for GitHub Actions CI from 18.04
to 22.04.
* The auto-stashed local changes created by "git merge --autostash"
was mixed into a conflicted state left in the working tree, which
has been corrected.
Also contains other minor documentation updates and code clean-ups.
Git 2.37.3 Release Notes
This primarily is to backport various fixes accumulated on the 'master'
front since 2.37.2.
* The build procedure for Windows that uses CMake has been updated to
pick up the shell interpreter from local installation location.
* Conditionally allow building Python interpreter on Windows
* Fix to lstat() emulation on Windows.
* Older gcc with -Wall complains about the universal zero initializer
"struct s = { 0 };" idiom, which makes developers' lives
inconvenient (as -Werror is enabled by DEVELOPER=YesPlease). The
build procedure has been tweaked to help these compilers.
* Plug memory leaks in the failure code path in the "merge-ort" merge
strategy backend.
* Avoid repeatedly running getconf to ask libc version in the test
suite, and instead just as it once per script.
* Platform-specific code that determines if a directory is OK to use
as a repository has been taught to report more details, especially
on Windows.
* "vimdiff3" regression has been corrected.
* "git fsck" reads mode from tree objects but canonicalizes the mode
before passing it to the logic to check object sanity, which has
hid broken tree objects from the checking logic. This has been
corrected, but to help exiting projects with broken tree objects
that they cannot fix retroactively, the severity of anomalies this
code detects has been demoted to "info" for now.
* Fixes to sparse index compatibility work for "reset" and "checkout"
commands.
* Documentation for "git add --renormalize" has been improved.
Also contains other minor documentation updates and code clean-ups.
Git 2.37.2 Release Notes
This primarily is to backport various fixes accumulated on the 'master'
front since 2.37.1.
* "git shortlog -n" relied on the underlying qsort() to be stable,
which shouldn't have. Fixed.
* Variable quoting fix in the vimdiff driver of "git mergetool".
* An earlier attempt to plug leaks placed a clean-up label to jump to
at a bogus place, which as been corrected.
* Fixes a long-standing corner case bug around directory renames in
the merge-ort strategy.
* Recent update to vimdiff layout code has been made more robust
against different end-user vim settings.
* In a non-bare repository, the behavior of Git when the
core.worktree configuration variable points at a directory that has
a repository as its subdirectory, regressed in Git 2.27 days.
* References to commands-to-be-typed-literally in "git rebase"
documentation mark-up have been corrected.
* Give _() markings to fatal/warning/usage: labels that are shown in
front of these messages.
* "git mktree --missing" lazily fetched objects that are missing from
the local object store, which was totally unnecessary for the purpose
of creating the tree object(s) from its input.
* Fixes for tests when the source directory has unusual characters in
its path, e.g. whitespaces, double-quotes, etc.
* Adjust technical/bitmap-format to be formatted by AsciiDoc, and
add some missing information to the documentation.
* Certain diff options are currently ignored when combined-diff is
shown; mark them as incompatible with the feature.
* "git clone" from a repository with some ref whose HEAD is unborn
did not set the HEAD in the resulting repository correctly, which
has been corrected.
* mkstemp() emulation on Windows has been improved.
* Add missing documentation for "include" and "includeIf" features in
"git config" file format, which incidentally teaches the command
line completion to include them in its offerings.
* Avoid "white/black-list" in documentation and code comments.
* Workaround for a compiler warning against use of die() in
osx-keychain (in contrib/).
* Workaround for a false positive compiler warning.
* The resolve-undo information in the index was not protected against
GC, which has been corrected.
* A corner case bug where lazily fetching objects from a promisor
remote resulted in infinite recursion has been corrected.
* "git p4" working on UTF-16 files on Windows did not implement
CRLF-to-LF conversion correctly, which has been corrected.
* "git p4" did not handle non-ASCII client name well, which has been
corrected.
* "rerere-train" script (in contrib/) used to honor commit.gpgSign
while recreating the throw-away merges.
* "git checkout" miscounted the paths it updated, which has been
corrected.
* Fix for a bug that makes write-tree to fail to write out a
non-existent index as a tree, introduced in 2.37.
* There was a bug in the codepath to upgrade generation information
in commit-graph from v1 to v2 format, which has been corrected.
Also contains minor documentation updates and code clean-ups.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
90d43e54c2 |
fmt: Update to version 9.1.0
- Update from version 9.0.0 to 9.1.0
- Update of rootfile
- Changelog
9.1.0 - 2022-08-27
* ``fmt::formatted_size`` now works at compile time
`#3026 <https://github.com/fmtlib/fmt/pull/3026>`_
For example (`godbolt <https://godbolt.org/z/1MW5rMdf8>`__):
.. code:: c++
#include <fmt/compile.h>
int main() {
using namespace fmt::literals;
constexpr size_t n = fmt::formatted_size("{}"_cf, 42);
fmt::print("{}\n", n); // prints 2
}
* Fixed handling of invalid UTF-8
`#3038 <https://github.com/fmtlib/fmt/pull/3038>`_,
`#3044 <https://github.com/fmtlib/fmt/pull/3044>`_,
`#3056 <https://github.com/fmtlib/fmt/pull/3056>`_
* Improved Unicode support in ``ostream`` overloads of ``print``
`#2994 <https://github.com/fmtlib/fmt/pull/2994>`_,
`#3001 <https://github.com/fmtlib/fmt/pull/3001>`_,
`#3025 <https://github.com/fmtlib/fmt/pull/3025>`_
* Fixed handling of the sign specifier in localized formatting on systems with
32-bit ``wchar_t``
`#3041 <https://github.com/fmtlib/fmt/issues/3041>`_).
* Added support for wide streams to ``fmt::streamed``
`#2994 <https://github.com/fmtlib/fmt/pull/2994>`_
* Added the ``n`` specifier that disables the output of delimiters when
formatting ranges
`#2981 <https://github.com/fmtlib/fmt/pull/2981>`_,
`#2983 <https://github.com/fmtlib/fmt/pull/2983>`_
For example (`godbolt <https://godbolt.org/z/roKqGdj8c>`__):
.. code:: c++
#include <fmt/ranges.h>
#include <vector>
int main() {
auto v = std::vector{1, 2, 3};
fmt::print("{:n}\n", v); // prints 1, 2, 3
}
* Worked around problematic ``std::string_view`` constructors introduced in C++23
`#3030 <https://github.com/fmtlib/fmt/issues/3030>`_,
`#3050 <https://github.com/fmtlib/fmt/issues/3050>`_
* Improve handling (exclusion) of recursive ranges
`#2968 <https://github.com/fmtlib/fmt/issues/2968>`_,
`#2974 <https://github.com/fmtlib/fmt/pull/2974>`_
* Improved error reporting in format string compilation
`#3055 <https://github.com/fmtlib/fmt/issues/3055>`_
* Improved the implementation of
`Dragonbox <https://github.com/jk-jeon/dragonbox>`_, the algorithm used for
the default floating-point formatting
`#2984 <https://github.com/fmtlib/fmt/pull/2984>`_
* Fixed issues with floating-point formatting on exotic platforms.
* Improved the implementation of chrono formatting
`#3010 <https://github.com/fmtlib/fmt/pull/3010>`_
* Improved documentation
`#2966 <https://github.com/fmtlib/fmt/pull/2966>`_,
`#3009 <https://github.com/fmtlib/fmt/pull/3009>`_,
`#3020 <https://github.com/fmtlib/fmt/issues/3020>`_,
`#3037 <https://github.com/fmtlib/fmt/pull/3037>`_
* Improved build configuration
`#2991 <https://github.com/fmtlib/fmt/pull/2991>`_,
`#2995 <https://github.com/fmtlib/fmt/pull/2995>`_,
`#3004 <https://github.com/fmtlib/fmt/issues/3004>`_,
`#3007 <https://github.com/fmtlib/fmt/pull/3007>`_,
`#3040 <https://github.com/fmtlib/fmt/pull/3040>`_
* Fixed various warnings and compilation issues
`#2969 <https://github.com/fmtlib/fmt/issues/2969>`_,
`#2971 <https://github.com/fmtlib/fmt/pull/2971>`_,
`#2975 <https://github.com/fmtlib/fmt/issues/2975>`_,
`#2982 <https://github.com/fmtlib/fmt/pull/2982>`_,
`#2985 <https://github.com/fmtlib/fmt/pull/2985>`_,
`#2988 <https://github.com/fmtlib/fmt/issues/2988>`_,
`#3000 <https://github.com/fmtlib/fmt/issues/3000>`_,
`#3006 <https://github.com/fmtlib/fmt/issues/3006>`_,
`#3014 <https://github.com/fmtlib/fmt/issues/3014>`_,
`#3015 <https://github.com/fmtlib/fmt/issues/3015>`_,
`#3021 <https://github.com/fmtlib/fmt/pull/3021>`_,
`#3023 <https://github.com/fmtlib/fmt/issues/3023>`_,
`#3024 <https://github.com/fmtlib/fmt/pull/3024>`_,
`#3029 <https://github.com/fmtlib/fmt/pull/3029>`_,
`#3043 <https://github.com/fmtlib/fmt/pull/3043>`_,
`#3052 <https://github.com/fmtlib/fmt/issues/3052>`_,
`#3053 <https://github.com/fmtlib/fmt/pull/3053>`_,
`#3054 <https://github.com/fmtlib/fmt/pull/3054>`_
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
670b07b39f |
mpd: Update to version 0.23.10
- Update from version 0.23.8 to 0.23.10
- Update required to allow successful build with updated ffmpeg
- Update of rootfile not required
- Changelog
ver 0.23.10 (2022/10/14)
* storage
- curl: fix file time stamps
* decoder
- ffmpeg: fix libfmt 9 compiler warning
* encoder
- flac: fix failure when libFLAC is built without Ogg support
* output
- alsa: fix crash bug
* Windows
- log to stdout by default, don't require "log_file" setting
ver 0.23.9 (2022/08/18)
* input
- cdio_paranoia: add options "mode" and "skip"
* decoder
- ffmpeg: support FFmpeg 5.1
* filter
- replay gain: fix delayed volume display with handler=mixer
* output
- pipewire: set app icon
* fix bogus volume levels with multiple partitions
* improve iconv detection
* macOS: fix macOS 10 build problem (0.23.8 regression)
* Android
- load mpd.conf from app data directory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
|