- Update from version 7.1.0 to 8.0.3
- Update of rootfile not required
- Update qemu-ga in lockstep with qemu
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.4.3 to 1.4.4
- Update of rootfile not required
- Changelog
1.4.4
* Use AC_SYS_LARGEFILE macro to control largefile support
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 11.3.0 to 11.5.0
- Update of rootfile
- Changelog
11.5.0: release
* This release consists entirely of changes made by M. Holger.
Mostly this is changes to the private API, performance
enhancements, code cleanup, and reformatting to 100 columns
instead of 80. For qpdf development, we are starting to use
JetBrains CLion, so a lot of the changes are moving us toward a
cleaner development experience in that environment.
* Bug fix: when a the same page is copied multiple times, copy
the annotations rather than having multiple pages share an
annotation object. Thanks to M. Holger for the fix. Fixes#600.
* Add "FUTURE" build option for enabling experimental APIs. Do not
package qpdf built with the FUTURE option as there are no binary
compatibility or even source compatibility guarantees. The option
is intended for developers who want to ensure that future
potentially breaking changes are compatible with their code or
provide feedback on upcoming changes. At present, the only feature
enabled by FUTURE is a move constructor for QPDFObjectHandle.
While this shouldn't break any code, it would change details about
how many copies of a specific QPDFObjectHandle were in existence,
so it could potentially break code that was relying on internal
shared pointer reference counts. Thanks to M. Holger for the idea
and contribution.
* Add new method Buffer::copy and deprecate Buffer copy
constructor and assignment operator. Buffer copy operations are
expensive as they always involve copying the buffer content. Use
"buffer2 = buffer1.copy();" or "Buffer buffer2{buffer1.copy()};"
to make it explicit that copying is intended. This change was
contributed by M. Holger.
11.4.0: release
* From M. Holger: add QPDF::newReserved as a better alternative to
QPDFObjectHandle::newReserved. The operation of creating a new
reserved object fits better in the QPDF API. The old call just
delegates to the new one.
* When an annotation dictionary's appearance dictionary (`/AP`)
has a key that is a stream, disregard `/AS` (which is supposed to
point to a subkey). This enables qpdf to not ignore annotations
that have incorrect values for `/AS` when the appearance stream is
directly in the `/AP` dictionary instead of in a subkey.
Fixes#949.
* Allow QPDFJob's workflow to be split into a reading phase and a
writing phase to allow the caller to operate on the QPDF object
before it is written. This adds methods QPDFJob::createQPDF and
QPDFJob::writeQPDF and corresponding C API functions
qpdfjob_create_qpdf and qpdfjob_write_qpdf. Thanks to M. Holger
for the contribution.
* From M. Holger: throw a logic error if an uninitialized or
foreign QPDFObjectHandle is added to an array.
* Enhance --optimize-images to support images nested inside of
form XObjects. Thanks to Connor Osborne (github user cdosborn) for
the contribution. Fixes#923.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.18 to 1.19
- Update of rootfile
- Changelog
1.19
Clarify license: we are not the X Consortium, use straight MIT license text
Fix build without glob_pattern_p()
Fix missing libiconv dependency for static linkage in popt.pc
Fix segfault regression when NLS is enabled but libintl.h cannot be found (#32)
Fix the handling of superfluous args passed with =
Fix iconv resource leak on errors
Fix POPT_CONTEXT_KEEP_FIRST handling in poptResetContext()
Fix '=' getting shown for short options
Fix memory corruption issues with poptStuffArgs()
Fix handling of large files in poptReadFile() on 32bit systems
Fix build without wchar / mbstate_t
Fix potential memory leak in poptReadConfigFile()
Fix "Usage" string calculated length
Fix memory leak regressions in popt 1.18
Add --enable-werror configure option
Add CREDITS file
Improve random number handling
Various code cleanups, const and type hygiene improvements
Adjust test-suite expectations for libtool changes
Various translation updates
Various documentation improvements
Various test-suite improvements
Appease autoconf 2.70
Update gettext to 1.98.8
Run CI on fixed Fedora version (36 for now), use stricter compiler settings
Drop unmaintained CHANGES file from tarballs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 23.03.0 to 23.08.0
- Update rootfile
- Changelog
23.08.0:
core:
* Fix GWG 19.2 - DeviceN Overprint (White)
* Splash: avoid bogus memory allocation size in doTilingPatternFill
* Fix use-of-uninitialized-value in XRef
* Fix float-cast-overflow error in Catalog
* Cleanup gpgme backend code
* Version symbols in poppler core
glib:
* Improve poppler_get_available_signing_certificates
* Add new members to PopplerCertificateInfo
utils:
* pdftotext: small improvement to man page
23.07.0:
core:
* Fix reading of utf8-with-bom files
* Fix crash if CERT_ExtractPublicKey doesn't return a public key
* Fix rendering of some malformed documents. Issue #1395
* Allow for stream compression and compress font streams in forms
* Remove method Hints::getPageRanges
qt5:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not configured
qt6:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not configured
utils:
* pdfsig: Allow showung and selecting signature backend
* pdfsig: Describe signature dump format in manual page
glib:
* Add signing API
build system:
* zlib is now mandatory
23.06.0:
core:
* CairoOutputDev: Fix crash when doing type3 rendering
* Fix crash with unknown signature hashing algorithms
* Add gpgme backend for signature handling
* Windows: Fix crash when signing existing signature
* FontInfo: Make it return proper information about font substitution
* FontInfo: Try harder to get Type 3 font name
* Store embedded fonts widths table in a more effective manner
* Skip font lookup for nonprintable characters
* Windows: Look for fonts in both windows font dir and poppler fonts dir
* Windows: symbol.ttf is not a good Symbol font
* Windows: Fix memory leak when looking for fonts
* Fix crash on malformed files
qt5:
* Add API to allow selecting signature backend (nss or gpgme)
* Convert embedded files to bytearray a bit smarter
qt6:
* Add API to allow selecting signature backend (nss or gpgme)
* Convert embedded files to bytearray a bit smarter
23.05.0:
core:
* Fix crash when filling some forms
* Set SigFlags when signing unsigned signature
* Add some infrastructure code to support multiple signing backends
* Fix potential stack overflow in PostScriptFunction::parseCode
* Fix some minor uninitialised memory reads
23.04.0:
core:
* Fix memory issue when signing fails. Issue #1372
* Internal improvements of signature related code
* CairoOutputDev: improve type3 font rendering
* Fix memory leak in GlobalParams::findSystemFontFileForFamilyAndStyle
utils:
* pdftocairo: Fix crash in some special situations
* pdfsig: allow holes in -dump signature list
* pdfsig: Support --help
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.4.1 to 5.4.4
- Update of rootfile
- Changelog
5.4.4 (2023-08-02)
* liblzma and xzdec can now build against WASI SDK when threading
support is disabled. xz and tests don't build yet.
* CMake:
- Fixed a bug preventing other projects from including liblzma
multiple times using find_package().
- Don't create broken symlinks in Cygwin and MSYS2 unless
supported by the environment. This prevented building for the
default MSYS2 environment. The problem was introduced in
xz 5.4.0.
* Documentation:
- Small improvements to man pages.
- Small improvements and typo fixes for liblzma API
documentation.
* Tests:
- Added a new section to INSTALL to describe basic test usage
and address recent questions about building the tests when
cross compiling.
- Small fixes and improvements to the tests.
* Translations:
- Fixed a mistake that caused one of the error messages to not
be translated. This only affected versions 5.4.2 and 5.4.3.
- Updated the Chinese (simplified), Croatian, Esperanto, German,
Korean, Polish, Romanian, Spanish, Swedish, Ukrainian, and
Vietnamese translations.
- Updated the German, Korean, Romanian, and Ukrainian man page
translations.
5.4.3 (2023-05-04)
* All fixes from 5.2.12
* Features in the CMake build can now be disabled as CMake cache
variables, similar to the Autotools build.
* Minor update to the Croatian translation.
5.4.2 (2023-03-18)
* All fixes from 5.2.11 that were not included in 5.4.1.
* If xz is built with support for the Capsicum sandbox but running
in an environment that doesn't support Capsicum, xz now runs
normally without sandboxing instead of exiting with an error.
* liblzma:
- Documentation was updated to improve the style, consistency,
and completeness of the liblzma API headers.
- The Doxygen-generated HTML documentation for the liblzma API
header files is now included in the source release and is
installed as part of "make install". All JavaScript is
removed to simplify license compliance and to reduce the
install size.
- Fixed a minor bug in lzma_str_from_filters() that produced
too many filters in the output string instead of reporting
an error if the input array had more than four filters. This
bug did not affect xz.
* Build systems:
- autogen.sh now invokes the doxygen tool via the new wrapper
script doxygen/update-doxygen, unless the command line option
--no-doxygen is used.
- Added microlzma_encoder.c and microlzma_decoder.c to the
VS project files for Windows and to the CMake build. These
should have been included in 5.3.2alpha.
* Tests:
- Added a test to the CMake build that was forgotten in the
previous release.
- Added and refactored a few tests.
* Translations:
- Updated the Brazilian Portuguese translation.
- Added Brazilian Portuguese man page translation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 7.3 to 7.4
- Update of rootfile not required
- Changelog
7.4
- The docker image used for CI and release builds is now based on
Debian 12 instead of Ubuntu 18.04.
- macOS: CI and release builds are now generated for the x86_64 and arm64
targets. 32 bit platforms will require to be compiled from the source.
- smartctl '-t short', '-t long' and '-X': NVMe support.
- smartctl '-l selftest': NVMe support.
- smartctl '-l farm': Prints Seagate's vendor-specific Field Access
Reliability Metrics (FARM) log for ATA and SCSI drives.
- smartctl '-l error': Now also prints an error message for each entry
of NVMe error information log.
- smartctl '-l genstats': Prints SCSI General statistics and performance
log page.
- smartctl '-i' and '--identify': ACS-4/5/6 enhancements.
- smartctl '-c': Added NVMe 2.0 capability flags.
- smartctl '-g security': Added 'ata_security.master_password_id'
to JSON output. Plaintext output shows Master Password ID if set
to a non-default value.
- smartctl '-q noserial': Now also suppresses the output of NVMe Namespace
IEEE EUI-64.
- smartctl '-j': '-l error -l selftest' JSON output for NVMe devices.
- smartctl '-j': Avoid invalid UTF-8 sequences in JSON/YAML strings.
- smartctl '-j': Fixed a bogus exception during SCSI JSON output.
- smartctl '-j': Renamed JSON element 'scsi_temperature' back to
'temperature' (regression).
- smartctl '-a': Now suggests '-x' for ATA devices because '-a' only
provides legacy SMART information.
- smartd: No longer issues LOG_CRIT warnings if new entries of NVMe error
information log do not indicate device problems.
- smartd: Now detects accidental use of smartd_warning script as
'-M exec' parameter.
- smartd: No longer writes the 'Copyright...' line to syslog.
- smartd.conf '-M always': Sends reminder emails without any delay.
- smartd.conf '-M diminishing': Limited email delay to 32 days.
- ATA: Fixed decoding of extended self-test log on big endian hosts.
- ATA: Enhanced LBA range for device types '-d jmb39x-q,...' and
'-d jms56x,...' from 33-62 to 1-255.
- ATA: Device type '-d intelliprop,N' now fails with a deprecation message.
Added '-d intelliprop,N,force' flag to use it anyway.
- ATA/USB: Device type '-d usbasm1352r,N' for ASMedia ASM1352R USB to SATA
RAID bridges
- SCSI: Fixed possible corruption issue with the Error Counter and
Non medium Error log pages.
- SCSI: Added more "Informational Exceptions" strings.
- SCSI: Added initial support for REPORT SUPPORTED OPERATION command.
- SCSI: Initial rework of SCSI debug output.
- NVMe: Added error messages for NVMe status values.
- NVMe: Fixed crash after read of error information log on big endian hosts.
- HDD, SSD and USB additions to drive database.
- update-smart-drivedb: Fixed syntax for 'sed' versions which require
';' before '}' or do not support ';' at all.
- update-smart-drivedb: Replaced a usually not executed bashism.
- configure: Default for '--with-nvme-devicescan' is now 'yes' also on
Darwin and FreeBSD. It is still 'no' on NetBSD only.
- configure: Defines '_FORTIFY_SOURCE=3' if supported and not predefined.
- configure: No longer fails if libsystemd-dev is installed and
'LDFLAGS=-static' is used.
- Compile fix for systems without legacy 'getdtablesize()'.
- Pre-releases from SVN snapshots now show "pre-VERSION" in version
information and 'smartctl.pre_release=true' in JSON output.
- Linux: Device type '-d sssraid' for 3SNIC RAID controllers.
- Linux: Device type '-d marvell' now fails with a deprecation message.
Added '-d marvell,force' flag to use it anyway.
- Linux: The generic SCSI code now defaults to SG_IO_V3 and does no
longer fall back to the deprecated SCSI_IOCTL_SEND_COMMAND
(but this ioctl is still used for '-d 3ware' and '-d marvell,force').
- Linux smartd: Now prevents systemd unit startup timeout when many
devices are registered and then initially checked.
- Linux smartd: Systemd no longer reports a service failure if no device
is present and a '-q *nodev0*' option is used.
- Solaris SPARC: Dropped legacy ATA support. Dropped configure option
'--with-solaris-sparc-ata'.
- Windows: IOCTL_STORAGE_PROTOCOL_COMMAND variant for NVMe self-tests.
- Windows: Installer now defaults to 64-bit executables.
- Windows: No longer prints bogus 'Local Time' if enhanced TZ syntax is used.
- Windows: Workaround to keep backward compatibility with old versions
of Windows if some versions of MinGW-w64 are used.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.03.21 to 2.03.22
- Update of rootfile not required
- Changelog
2.03.22 - 02nd August 2023
Fix pv_major/pv_minor report field types so they are integers, not strings.
Add lvmdevices --delnotfound to delete entries for missing devices.
Always use cachepool name for metadata backup LV for lvconvert --repair.
Make metadata backup LVs read-only after pool's lvconvert --repair.
Improve VDO and Thin support with lvmlockd.
Handle 'lvextend --usepolicies' for pools for all activation variants.
Fix memleak in vgchange autoactivation setup.
Update py-compile building script.
Support conversion from thick to fully provisioned thin LV.
Cache/Thin-pool can use error and zero volumes for testing.
Individual thin volume can be cached, but cannot take snapshot.
Better internal support for handling error and zero target (for testing).
Resize COW above trimmed maximal size is does not return error.
Support parsing of vdo geometry format version 4.
Add lvm.conf thin_restore and cache_restore settings.
Handle multiple mounts while resizing volume with a FS.
Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id.
Enhance lvm_import_vdo and use snapshot when converting VDO volume.
Fix parsing of VDO metadata.
Fix failing -S|--select for non-reporting cmds if using LV info/status fields.
Allow snapshots of raid+integrity LV.
Fix multisegment RAID1 allocator to prevent using single disk for more legs.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.0.1 to 8.1.1
- Update of rootfile
- Changelog
8.1.1
- Fix shaping of contextual rules at the end of string, introduced in 8.1.0
- Fix stack-overflow in repacker with malicious fonts.
- 30% speed up loading Noto Duployan font.
8.1.0
- Fix long-standing build issue with the AIX compiler and older Apple clang.
- Revert optimization that could cause timeout during subsetting with malicious fonts.
- More optimization work:
- 45% speed up in shaping Noto Duployan font.
- 10% speed up in subsetting Noto Duployan font.
- Another 8% speed up in shaping Gulzar.
- 5% speed up in loading Roboto.
- New API:
+hb_ot_layout_collect_features_map()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update fromn version 6.2.1 to 6.3.0
- Update of rootfile
- Changelog
Changes between GMP version 6.2.* and 6.3.*.
BUGS FIXED
* A possible overflow of type int is avoided for mpz_cmp on huge operands.
* A possible error condition when a malformed file is read with
mpz_inp_raw is now correctly handled.
FEATURES
* New public function mpz_prevprime, companion of the existing
mpz_nextprime.
* New documented pointer types mpz_ptr, mpz_srcptr, and similar for
other GMP types. Refer to the manual for full list and suggested
usage. These types have been present in gmp.h at least since
GMP-4.0, but previously not advertised to users.
* Support for 64-bit Arm under Macos.
* Support for the loongarch64 CPU family.
* Support for building with LTO, link-time optimisations.
SPEEDUPS
* New special code for base = 2 in mpz_powm reduces the average time
for the functions that test primality.
* Speedup for the function mpz_nextprime on large operands.
* Speedup for multiplications (some sizes only) thanks to new
internal functions to compute small negacyclic products.
* Special assembly code for IBM z13 and later "mainframe" CPUs, resulting in
a huge speedup.
* Improved assembly for several 64-bit x86 CPUs, Risc-V, 64-bit Arm.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- This patch goes together with the patch for the ppp update to 2.5.0
- The rp-pppoe.so option is no longer available. There is only the pppoe.so available now
Fixes: Bug#13164
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.4.9 to 2.5.0
This includes breaking changes for third-party plugins but as far as I can see IPFire
is not using any third party plugins
- Update of rootfile
- Update of patches and sed commands
- pcap-int.h and if_pppol2tp.h files have not been in source file since at least 2014
- Some of the patches required updates as additional lines needing to be patched are
now present. nThis was related to the O_CLOEXEC & SOCK_CLOEXEC related patches
- connect-errors file location is now defined by a configure command --with-logfile-dir
- install-etcppp is no longer provided. However the install command in this version still
has the same files available in /etc/ppp as previously. There is a new file,
openssl.cnf, which I have commented out. If it is required in future it can always be
uncommented in future releases.
- Build went without any problems with the updated patches.
- I cannot test this as I don't use ppp, however the original bug reporter has agreed to
test this out when it is released into Testing unless anyone else is capable of testing
it.
- Changelog
What's new in ppp-2.5.0.
The 2.5.0 release is a major release of pppd which contains breaking
changes for third-party plugins, a complete revamp of the build-system
and that allows for flexibility of configuring features as needed.
In Summary:
* Support for PEAP authentication by Eivind Næss and Rustam Kovhaev
* Support for loading PKCS12 certificate envelopes
* Adoption of GNU Autoconf / Automake build environment, by Eivind Næss
and others.
* Support for pkgconfig tool has been added by Eivind Næss.
* Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár.
* Major revision to PPPD's Plugin API by Eivind Næss.
- Defines in which describes what features was included in pppd
- Functions now prefixed with explicit ppp_* to indicate that
pppd functions being called.
- Header files were renamed to better align with their features,
and now use proper include guards
- A pppdconf.h file is supplied to allow third-party modules to use
the same feature defines pppd was compiled with.
- No extern declarations of internal variable names of pppd,
continued use of these extern variables are considered
unstable.
* Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon
* Dropped IPX support, as Linux has dropped support in version 5.15
for this protocol.
* Many more fixes and cleanups.
* Pppd is no longer installed setuid-root.
* New pppd options:
- ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
ipv6-up-script, ipv6-down-script
- -v, show-options
- usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
* On Linux, any baud rate can be set on a serial port provided the
kernel serial driver supports that.
Note that if you have built and installed previous versions of this
package and you want to continue having configuration and TDB files in
/etc/ppp, you will need to use the --sysconfdir option to ./configure.
For a list of the changes made during the 2.4 series releases of this
package, see the Changes-2.4 file.
Compression methods.
This package supports two packet compression methods: Deflate and
BSD-Compress. Other compression methods which are in common use
include Predictor, LZS, and MPPC. These methods are not supported for
two reasons - they are patent-encumbered, and they cause some packets
to expand slightly, which pppd doesn't currently allow for.
BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
ever expand packets.
Fixes: bug#13164
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Added validation code for the location group name. This is only validated when edited
and not when created.
- The code was copied from the section for creating the Services Group Name or the
Network/Host Group Name.
Fixes: Bug#13206
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Around three years ago the samba wui page was simplified and several parts were removed
including the ability to set either wide links or unix extensions to be enabled
- When the above was done wide links = yes was defined in the samba.cgi code
- unix extenstions was not defined and therefore took the default value which was/is yes
- unix extensions is now called smb1 unix extensions and has the same default value of yes
- With both wide links = yes and smb1 unix extensions = yes means that when there is a
wide symlink (one that goes outside the share directory tree) then wide links is disabled
because smb1 unix extensions is enabled. This is even though the smb1 protocol is disabled
by default.
- This patch sets smb1 unix extensions = no in the configuration.
- This has been tested in my vm testbed and confirmed that the error message is no longer
shown and that any wide links are able to be accessed from the share mounted on a client
Fixes: Bug#13193
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.34 to 1.35
- Update of rootfile not required
- Changelog
1.35 - Sergey Poznyakoff, 2023-07-18
* Fail when building GNU tar, if the platform supports 64-bit time_t
but the build uses only 32-bit time_t.
* Leave the devmajor and devminor fields empty (rather than zero) for
non-special files, as this is more compatible with traditional tar.
* Bug fixes
** Fix interaction of --update with --wildcards.
** When extracting archives into an empty directory, do not create
hard links to files outside that directory.
** Handle partial reads from regular files.
** Warn "file changed as we read it" less often.
Formerly, tar warned if the file's size or ctime changed.
However, this generated a false positive if tar read a file
while another process hard-linked to it, changing its ctime.
Now, tar warns if the file's size, mtime, user ID, group ID,
or mode changes. Although neither heuristic is perfect,
the new one should work better in practice.
** Fix --ignore-failed-read to ignore file-changed read errors
as far as exit status is concerned. You can now suppress file-changed
issues entirely with --ignore-failed-read --warning=no-file-changed.
** Fix --remove-files to not remove a file that changed while we read it.
** Fix --atime-preserve=replace to not fail if there was no need to replace,
either because we did not read the file, or the atime did not change.
** Fix race when creating a parent directory while another process is
also doing so.
** Fix handling of prefix keywords not followed by "." in pax headers.
** Fix handling of out-of-range sparse entries in pax headers.
** Fix handling of --transform='s/s/@/2'.
** Fix treatment of options ending in / in files-from list.
** Fix crash on 'tar --checkpoint-action exec=\"'.
** Fix low-memory crash when reading incremental dumps.
** Fix --exclude-vcs-ignores memory allocation misuse.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Fix excessive time spent checking DH q parameter value.
The function DH_check() performs various checks on DH parameters. After
fixing CVE-2023-3446 it was discovered that a large q parameter value can
also trigger an overly long computation during some of these checks.
A correct q value, if present, cannot be larger than the modulus p
parameter, thus it is unnecessary to perform these checks if q is larger
than p.
If DH_check() is called with such q parameter value,
DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
intensive checks are skipped.
([CVE-2023-3817])
*Tomáš Mráz*
* Fix DH_check() excessive time with over sized modulus.
The function DH_check() performs various checks on DH parameters. One of
those checks confirms that the modulus ("p" parameter) is not too large.
Trying to use a very large modulus is slow and OpenSSL will not normally use
a modulus which is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the supplied
modulus value even if it has already been found to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying a
key/parameters with a modulus over this size will simply cause DH_check() to
fail.
([CVE-2023-3446])
*Matt Caswell*
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
with NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated. ([CVE-2023-2975])
Thanks to Juerg Wullschleger (Google) for discovering the issue.
The fix changes the authentication tag value and the ciphertext for
applications that use empty associated data entries with AES-SIV.
To decrypt data encrypted with previous versions of OpenSSL the application
has to skip calls to `EVP_DecryptUpdate()` for empty associated data
entries.
*Tomáš Mráz*
* When building with the `enable-fips` option and using the resulting
FIPS provider, TLS 1.2 will, by default, mandate the use of an extended
master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will
not operate with truncated digests (FIPS 140-3 IG G.R).
*Paul Dale*
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.23.12 to 0.23.13
- Update of rootfile not required
- mpd needs version 0.23.13 to build with fmt-10.0.0
- Changelog
0.23.13 (2023/05/22)
* input
- curl: fix busy loop after connection failed
- curl: hide "404" log messages for non-existent ".mpdignore" files
* archive
- zzip: fix crash bug
* database
- simple: reveal hidden songs after deleting containing CUE
* decoder
- ffmpeg: reorder to a lower priority than "gme"
- gme: require GME 0.6 or later
* output
- pipewire: fix corruption bug due to missing lock
* Linux
- shut down if parent process dies in --no-daemon mode
- determine systemd unit directories via pkg-config
* support libfmt 10
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 9.1.0 to 10.0.0
- Update of rootfile
- sobump so ran ./make find dependencies. This highlighted mpd but that needs to be
updated anyway as the existing version does not build with fmt-10.0.0
- Changelog is too large to include here. See the file ChangeLog.rst in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Gettext earlier than 0.21 would still build when it found errors in language files etc.
With gettext-0.22 if it finds any errors it now stops.
- There were two lines in the french po file in procps that had erros in them. procps have
raised a commit to fix those. The patch included here carries out that commit.
- Update of rootfile not required.
- This patch will not be needed when the next update of procps occurs.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.21 to 0.22
- Update of rootfile
- Changelog
0.22 - June 2023
* PO file format:
- When a #: line contains references to file names that contain spaces,
these file names are surrounded by Unicode characters U+2068 and U+2069.
This makes it possible to parse such references correctly.
* Improvements for maintainers:
- The AM_GNU_GETTEXT macro now defines two variables localedir_c and
localedir_c_make, that can be used in C code or in Makefiles,
respectively, for representing the value of the --localedir configure
option.
* Programming languages support:
- C, C++:
o xgettext now supports gettext-like functions that take wide strings
(of type 'const wchar_t *', 'const char16_t *', or 'const char32_t *')
as arguments.
o xgettext now recognizes numbers with digit separators, as defined by
ISO C 23, as tokens.
o xgettext and msgfmt now recognize the format string directive %b
(for binary integer output, as defined by ISO C 23) in format strings.
o xgettext and msgfmt now recognize the argument size specifiers
w8, w16, w32, w64, wf8, wf16, wf32, wf64 (as defined by ISO C 23)
in format strings.
o xgettext and msgfmt now recognize C++ format strings, as defined by
ISO C++ 20. They are marked as 'c++-format' in POT and PO files.
A new example has been added, 'hello-c++20', that illustrates how
to use these format strings with gettext.
- Java:
o The build system and tools now also support Java versions newer than
Java 11. This is known to work up to Java 20, at least. On the other
hand, support for old versions of Java (Java 1.5 and GCJ) has been
dropped.
- Tcl: xgettext now supports the \x, \u, and \U escapes as defined in
Tcl 8.6.
* Portability:
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with an encoding other than UTF-8.
To this effect, the msgfmt program now converts the messages to UTF-8
encoding before storing them in a MO file. You can prevent this by
using the msgfmt --no-convert option.
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with ISO C 99 <inttypes.h> format
string directive macros. To this effect, the msgfmt program pre-expands
strings with such macros. You can prevent this by using the msgfmt
--no-redundancy option.
* xgettext:
- The xgettext option '--sorted-output' is now deprecated.
- xgettext input files of type PO that are not all ASCII and not UTF-8
encoded are now handled correctly.
* The base Unicode standard is now updated to 15.0.0.
* Emacs PO mode:
Fix an incompatibility with Emacs version 29 or newer.
0.21.1 - October 2022
* Runtime behaviour:
- On AIX, locale names with a script or with an uppercase language are now
supported.
For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and
EN_US.UTF-8 is treated like en_US.UTF-8.
* The base Unicode standard is now updated to 14.0.0.
* Portability:
- Building on macOS 11/arm64 is now supported.
- Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is probably a lot easier than calling all sorts of shell commands
from Perl.
The script has also changed that it will try to mount/umount all
configured mountpoints unless a specific mountpoint is being given.
An initscript will be needed to mount everything when the system is
booting up and umount everything on shutdown.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This feature does not have any benefit because the linux kernel
knows best which filesystem a device/partition has.
So there is no need for a user to specify this by-hand. This also
prevents from choosing a wrong fs type and as a direct result in a
not mountable device.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
