- Updated from version 1.25.12 to 1.27.89
- Update of rootfile
- No changelog found in source tarball or other location
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 1.2.2 to 1.2.3
- Update of rootfile
- Changelog
1.2.3 (2022-06-25)
- [NEW] Added Amharic, Armenian, Georgian, Laotian and Uzbek locales.
- [FIX] Updated Danish locale and associated tests.
- [INTERNAl] Small fixes to CI.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Updated from version 36.0.2 to 38.0.1
- Update of rootfile
- Changelog
38.0.1 - 2022-09-07
Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically seen in large CRLs).
38.0.0 - 2022-09-06
Final deprecation of OpenSSL 1.1.0. The next release of cryptography will drop support.
We no longer ship many linux 2010 wheels. Users should upgrade to the latest pip to ensure this doesn’t cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms.
Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required.
decrypt() and related methods now accept both str and bytes tokens.
Parsing CertificateSigningRequest restores the behavior of enforcing that the Extension critical field must be correctly encoded DER. See the issue for complete details.
Added two new OpenSSL functions to the bindings to support an upcoming pyOpenSSL release.
When parsing CertificateRevocationList and CertificateSigningRequest values, it is now enforced that the version value in the input must be valid according to the rules of RFC 2986 and RFC 5280.
Using MD5 or SHA1 in CertificateBuilder and other X.509 builders is deprecated and support will be removed in the next version.
Added additional APIs to SignedCertificateTimestamp, including signature_hash_algorithm, signature_algorithm, signature, and extension_bytes.
Added tbs_precertificate_bytes, allowing users to access the to-be-signed pre-certificate data needed for signed certificate timestamp verification.
KBKDFHMAC and KBKDFCMAC now support MiddleFixed counter location.
Fixed RFC 4514 name parsing to reverse the order of the RDNs according to the section 2.1 of the RFC, affecting method from_rfc4514_string().
It is now possible to customize some aspects of encryption when serializing private keys, using encryption_builder().
Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL versions older than 22.0 will need to upgrade.
Added AES128 and AES256 classes. These classes do not replace AES (which allows all AES key lengths), but are intended for applications where developers want to be explicit about key length.
37.0.4 - 2022-07-05
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5.
37.0.3 - 2022-06-21 (YANKED)¶
Attention
This release was subsequently yanked from PyPI due to a regression in OpenSSL.
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4.
37.0.2 - 2022-05-03
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.3.
Added a constant needed for an upcoming pyOpenSSL release.
37.0.1 - 2022-04-27
Fixed an issue where parsing an encrypted private key with the public loader functions would hang waiting for console input on OpenSSL 3.0.x rather than raising an error.
Restored some legacy symbols for older pyOpenSSL users. These will be removed again in the future, so pyOpenSSL users should still upgrade to the latest version of that package when they upgrade cryptography.
37.0.0 - 2022-04-26
Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL 2.9.x and 3.0.x. The new minimum LibreSSL version is 3.1+.
BACKWARDS INCOMPATIBLE: Removed signer and verifier methods from the public key and private key classes. These methods were originally deprecated in version 2.0, but had an extended deprecation timeline due to usage. Any remaining users should transition to sign and verify.
Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by the OpenSSL project. The next release of cryptography will be the last to support compiling with OpenSSL 1.1.0.
Deprecated Python 3.6 support. Python 3.6 is no longer supported by the Python core team. Support for Python 3.6 will be removed in a future cryptography release.
Deprecated the current minimum supported Rust version (MSRV) of 1.41.0. In the next release we will raise MSRV to 1.48.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required.
Deprecated CAST5, SEED, IDEA, and Blowfish because they are legacy algorithms with extremely low usage. These will be removed in a future version of cryptography.
Added limited support for distinguished names containing a bit string.
We now ship universal2 wheels on macOS, which contain both arm64 and x86_64 architectures. Users on macOS should upgrade to the latest pip to ensure they can use this wheel, although we will continue to ship x86_64 specific wheels for now to ease the transition.
This will be the final release for which we ship manylinux2010 wheels. Going forward the minimum supported manylinux ABI for our wheels will be manylinux2014. The vast majority of users will continue to receive manylinux wheels provided they have an up to date pip. For PyPy wheels this release already requires manylinux2014 for compatibility with binaries distributed by upstream.
Added support for multiple OCSPSingleResponse in a OCSPResponse.
Restored support for signing certificates and other structures in X.509 with SHA3 hash algorithms.
TripleDES is disabled in FIPS mode.
Added support for serialization of PKCS#12 CA friendly names/aliases in serialize_key_and_certificates()
Added support for 12-15 byte (96 to 120 bit) nonces to AESOCB3. This class previously supported only 12 byte (96 bit).
Added support for AESSIV when using OpenSSL 3.0.0+.
Added support for serializing PKCS7 structures from a list of certificates with serialize_certificates.
Added support for parsing RFC 4514 strings with from_rfc4514_string().
Added AUTO to PSS. This can be used to verify a signature where the salt length is not already known.
Added DIGEST_LENGTH to PSS. This constant will set the salt length to the same length as the PSS hash algorithm.
Added support for loading RSA-PSS key types with load_pem_private_key() and load_der_private_key(). This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a normal RSA private key, discarding the PSS constraint information.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This has been discussed briefly in the telephone conference of
September: powertop is considered to be unnecessary, as IPFire is
optimized for performance, thus interfering with possible power
consumption reducing switches. Also, the need for powertop has been
diminished, given that x86 platforms are highly likely not to run on
batteries, and we are phasing out 32-bit ARM, where this could have been
the case.
Therefore, this patch proposes to drop powertop.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- The lcd2usb portion of the hd44780 driver in in the latest release version of
lcdproc (0.5.9) are only coded for libusb-0.1, which was removed from IPFire in recent
times.
- Commits have been merged into the lcdproc repository that enable lcd2usb to work with
the libusb-1.0 series but no release has been made since 2017.
- This patch downloaded a zip archive from the status of the lcdproc repository at commit
0e2ce9b. This zip archive was then converted into a tar.gx archive. The lfs and
rootfile have been updated in line with this.
- The lcdproc-0e2ce9b-4.ipfire file created by this build has been tested by the bug
reporter, Rolf Schreiber, and confirmed to fix the issue raised with the bug.
- This patch brings lcdproc upto date with the 149 commits that have been made between
2017 and Dec 2021, the date of the last commit.
- The version number has been defined as the last commit number.
- The -enable-libusb option has to be left in place as it turned out that
-enable-libusb-1-0 only works if -enable-libusb is also set. It looks like this was
identified in the lcdproc issues list but has not yet been fixed.
Fixes: Bug#12920
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 0.186 to 0.187
- Update of rootfile
- Changelog
0.187
* NEWS *
debuginfod: Support -C option for connection thread pooling.
debuginfod-client: Negative cache file are now zero sized instead of
no-permission files.
addr2line: The -A, --absolute option, which shows file names including
the full compilation directory is now the default. To get the
old behavior use the new option --relative.
readelf, elflint: Recognize FDO Packaging Metadata ELF notes
libdw, debuginfo-client: Load libcurl lazily only when files need to
be fetched remotely. libcurl is now never
loaded when DEBUGINFOD_URLS is unset. And when
DEBUGINFOD_URLS is set, libcurl is only loaded
when the debuginfod_begin function is called.
* GIT SHORTLOG *
debuginfod: Include "IPv4 IPv6" in server startup message
PR29022: 000-permissions files cause problems for backups
debuginfod: Use the debuginfod-size response header
debuginfod: ensure X-DEBUGINFOD-SIZE contains file size
config: simplify profile.*sh.in
debuginfod/debuginfod-client.c: use long for cache time configurations
readelf: Don't consider padding DT_NULL as dynamic section entry
debuginfod: correct concurrency bug in fdcache metrics
PR28661: debuginfo connection thread pool support
man debuginfod-client-config.7: Elaborate $DEBUGINFOD_URLS
PR28708: debuginfod: use MHD_USE_EPOLL for microhttpd threads
debuginfod: use single ipv4+ipv6 microhttpd daemon configuration
AUTHORS: Use generator script & git mailmap
libebl: recognize FDO Packaging Metadata ELF note
tests: Don't set DEBUGINFOD_TIMEOUT
tests: Add -rdynamic to dwfl_proc_attach_LDFLAGS
debuginfod: Use gmtime_r instead of gmtime to avoid data race
debuginfod: sqlite3_sharedprefix_fn should not compare past end of string
debuginfod: Fix some memory leaks on debuginfod-client error paths.
debuginfod: Clear and reset debuginfod_client winning_headers on reuse
libdwfl: Don't read beyond end of file in dwfl_segment_report_module
debuginfod: Check result of calling MHD_add_response_header.
readelf: Workaround stringop-truncation error
tests: varlocs workaround format-overflow errors
debuginfod: Fix debuginfod_pool leak
configure: Add --enable-sanitize-address
debuginfod: Don't format clog using 'right' or 'setw(20)'.
libdwfl: Don't try to convert too many bytes in dwfl_link_map_report
libdwfl: Make sure we know the phdr entry size before searching phdrs.
libdwfl: Don't trust e_shentsize in dwfl_segment_report_module
libdwfl: Don't install an Elf handle in a Dwfl_Module twice
libdwfl: Don't try to convert too many dyns in dwfl_link_map_report
libdwfl: Don't allocate more than SIZE_MAX in dwfl_segment_report_module.
libelf: Use offsetof to get field of unaligned
libdwfl: Make sure phent is sane and there is at least one phdr
libdwfl: Add overflow check while iterating in dwfl_segment_report_module
tests: Use /bin/sh instead of /bin/ls as always there binary
libdwfl: Make sure there is at least one dynamic entry
libdwfl: Make sure there is at least one phdr
libdwfl: Make sure note data is properly aligned.
libdwfl: Make dwfl_segment_report_module aware of maximum Elf size
libdwfl: Make sure the note len increases each iteration
libelf: Only set shdr state when there is at least one shdr
libdwfl: Make sure that ph_buffer_size has room for at least one phdr
libdwfl: Make sure dyn_filesz has a sane size
libdwfl: Rewrite GElf_Nhdr reading in dwfl_segment_report_module
libdwfl: Handle unaligned Ehdr in dwfl_segment_report_module
libdwfl: Handle unaligned Phdr in dwfl_segment_report_module
libdwfl: Handle unaligned Nhdr in dwfl_segment_report_module
libdwfl: Always clean up build_id.memory
libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread
libdwfl: Call xlatetom on aligned buffers in dwfl_link_map_report
libdwfl: Calculate addr to read by hand in link_map.c read_addrs.
libdwfl: Fix overflow check in link_map.c read_addrs
libdwfl: Handle unaligned Dyns in dwfl_segment_report_module
libdwfl: Declare possible zero sized arrays only when non-zero
backends: Use PTRACE_GETREGSET for ppc_set_initial_registers_tid
configure: Test for _FORTIFY_SOURCE=3 support.
addr2line: Make --absolute the default, add --relative option.
configure: Use AS_HELP_STRING instead of AC_HELP_STRING.
libelf: Take map offset into account for Shdr alignment check in elf_begin
libelf: Make sure ar_size starts with a digit before calling atol.
libelf: Check alignment of Verdef, Verdaux, Verneed and Vernaux offsets
libdwfl: Close ar members when they cannot be processed.
libdwfl: Use memcpy to assign image header field values
libelf: Don't overflow offsets in elf_cvt_Verneed and elf_cvt_Verdef
libelf: Correct alignment of ELF_T_GNUHASH data for ELFCLASS64
tests: Check addsections test binary is 64bit for run-large-elf-file.sh
configure: Don't check whether -m64 works for 32bit host biarch check
libelf: Sync elf.h from glibc.
elflint: Recognize NT_FDO_PACKAGING_METADATA
Introduce error_exit as a noreturn variant of error (EXIT_FAILURE, ...)
libelf: Also copy/convert partial datastructures in xlate functions
libelf: Return already gotten Elf_Data from elf_getdata_rawchunk
config: Add versioned requires on libs/libelf for debuginfod-client
libdw: Add DWARF5 package file section identifiers, DW_SECT_*
tests: Don't try to corrupt sqlite database during test.
libdw: Remove unused atomics.h include from libdwP.h
readelf: Define dyn_mem outside the while loop.
tests: Lower parallel lookups in run-debuginfod-webapi-concurrency.sh
debuginfod: Use MHD_USE_ITC in MHD_start_daemon flags
elfclassify: Fix --no-stdin flag
libelf: Check for mremap, elf_update needs it for ELF_C_RDWR_MMAP
debuginfod, libdwfl: Initialize libcurl and dlopen debuginfod-client lazily
dwfl: fix potential overflow when reporting on kernel modules
debuginfod: fix compilation on platforms without <error.h>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3.22.4 to 3.22.6
- Update of rootfile
- Changelog
HPLIP 3.22.6 - This release has the following changes:
Added support for following new Distro's:
Mx Linux 21.1
Ubuntu 22.04
Fedora 36
Added support for the following new Printers:
HP Color LaserJet Managed MFP E785dn
HP Color LaserJet Managed MFP E78523dn
HP Color LaserJet Managed MFP E78528dn
HP Color LaserJet Managed MFP E786dn
HP Color LaserJet Managed MFP E786 Core Printer
HP Color LaserJet Managed MFP E78625dn
HP Color LaserJet Managed FlowMFP E786z
HP Color LaserJet Managed Flow MFP E78625z
HP Color LaserJet Managed MFP E78630dn
HP Color LaserJet Managed Flow MFP E78630z
HP Color LaserJet Managed MFP E78635dn
HP Color LaserJet Managed Flow MFP E78635z
HP LaserJet Managed MFP E731dn
HP LaserJet Managed MFP E731 Core Printer
HP LaserJet Managed MFP E73130dn
HP LaserJet Managed Flow MFP E731z
HP LaserJet Managed Flow MFP E73130z
HP LaserJet Managed MFP E73135dn
HP LaserJet Managed Flow MFP E73135z
HP LaserJet Managed MFP E73140dn
HP LaserJet Managed Flow MFP E73140z
HP Color LaserJet Managed MFP E877dn
HP Color LaserJet Managed MFP E877 Core Printer
HP Color LaserJet Managed MFP E87740dn
HP Color LaserJet Managed Flow MFP E877z
HP Color LaserJet Managed Flow MFP E87740z
HP Color LaserJet Managed MFP E87750dn
HP Color LaserJet Managed Flow MFP E87750z
HP Color LaserJet Managed MFP E87760dn
HP Color LaserJet Managed Flow MFP E87760z
HP Color LaserJet Managed MFP E87770dn
HP Color LaserJet Managed Flow MFP E87770z
HP LaserJet Managed MFP E826dn
HP LaserJet Managed MFP E826 Core Printer
HP LaserJet Managed MFP E82650dn
HP LaserJet Managed Flow MFP E826z
HP LaserJet Managed Flow MFP E82650z
HP LaserJet Managed MFP E82660dn
HP LaserJet Managed Flow MFP E82660z
HP LaserJet Managed MFP E82670dn
HP LaserJet Managed Flow MFP E82670z
HP LaserJet Managed MFP E730dn
HP LaserJet Managed MFP E73025dn
HP LaserJet Managed MFP E73030dn
HP LaserJet Pro MFP 3101fdwe
HP LaserJet Pro MFP 3101fdw
HP LaserJet Pro MFP 3102fdwe
HP LaserJet Pro MFP 3102fdw
HP LaserJet Pro MFP 3103fdw
HP LaserJet Pro MFP 3104fdw
HP LaserJet Pro MFP 3101fdne
HP LaserJet Pro MFP 3101fdn
HP LaserJet Pro MFP 3102fdne
HP LaserJet Pro MFP 3102fdn
HP LaserJet Pro MFP 3103fdn
HP LaserJet Pro MFP 3104fdn
HP LaserJet Pro 3001dwe
HP LaserJet Pro 3001dw
HP LaserJet Pro 3002dwe
HP LaserJet Pro 3002dw
HP LaserJet Pro 3003dw
HP LaserJet Pro 3004dw
HP LaserJet Pro 3001dne
HP LaserJet Pro 3001dn
HP LaserJet Pro 3002dne
HP LaserJet Pro 3002dn
HP LaserJet Pro 3003dn
HP LaserJet Pro 3004dn
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- libfmt required in run time by mpd
- mpd changelog specifically said fmt was a build only dependency
- Bug#12909 flagged up that fmt was also a run time dependency for mpd
Fixes: Bug#12909
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- v3 version adds specific armv6l based rootfile as xxxMACHINExxx does not get correct
substitution
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- starting tftpd currently throws "missing directory" error
- this change corrects the issue
Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
For details see:
https://blog.clamav.net/2022/07/clamav-01037-01041-and-01051-patch.html
"ClamAV 0.105.1 is a critical patch release with the following fixes:
Upgrade the vendored UnRAR library to version 6.1.7.
Fix issue building macOS universal binaries in some configurations.
Silence error message when the logical signature maximum functionality
level is lower than the current functionality level.
Fix scan error when scanning files containing malformed images that
cannot be loaded to calculate an image fuzzy hash.
Fix logical signature "Intermediates" feature.
Relax constraints on slightly malformed ZIP archives that contain
overlapping file entries."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
