- Update from version 0.16 to 0.17
- Update of rootfile
- Changelog
0.17 (up to commit 077661f, 2023-08-08)
Deprecated and removed features:
* None
New features
* json_patch: add first implementation only with patch application
* Add --disable-static and --disable-dynamic options to the cmake-configure
script.
* Add -DBUILD_APPS=NO option to disable app build
* Minimum cmake version is now 3.9
Significant changes and bug fixes
* When serializing with JSON_C_TO_STRING_PRETTY set, keep the opening and
closing curly or square braces on same line for empty objects or arrays.
* Disable locale handling when targeting a uClibc system due to problems
with its duplocale() function.
* When parsing with JSON_TOKENER_STRICT set, integer overflow/underflow
now result in a json_tokener_error_parse_number. Without that flag
values are capped at INT64_MIN/UINT64_MAX.
* Fix memory leak with emtpy strings in json_object_set_string
* json_object_from_fd_ex: fail if file is too large (>=INT_MAX bytes)
* Add back json_number_chars, but only because it's part of the public API.
* Entirely drop mode bits from open(O_RDONLY) to avoid warnings on certain
platforms.
* Specify dependent libraries, including -lbsd, in a more consistent way so
linking against a static json-c works better
* Fix a variety of build problems and add & improve tests
* Update RFC reference to https://www.rfc-editor.org/rfc/rfc8259
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 4.2.0 to 4.2.1
- Update of rootfile
- Changelog
4.2.1
patches 1 to 12 from 4.2.0 have been built in to 4.2.1
Other bugs fixed in the 4.2 branch for the MPFR 4.2.1 release:
The + and space flags were ignored on NaN and Inf. While this was loosely
documented as such (without an explicit mention of these flags), the MPFR
manual also says that the flags have the same meaning as for the standard
printf function. So this was contradictory and regarded as a bug. Behaving
like the ISO C standard should give less surprise, and this is probably
what is expected (better for alignment purpose). See discussion (only for
NaN and the + flag at that time).
Corresponding changeset in the 4.2 branch: 3761bee3c.
Huge negative exponents can trigger integer overflows in mpfr_strtofr,
meaning undefined behavior. Two bugs have been identified: 1, 2. In
practice, the consequences may be incorrect results. But for the first bug,
it has been seen that a GCC optimization makes it invisible. There are
other issues with the code for huge exponents, but it is not clear whether
the problematic cases can occur in the context of mpfr_strtofr; such
potential bugs are not fixed yet.
Corresponding changesets in the 4.2 branch: 261d3852b (tests), 06e7b6bc1
(bug fixes).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- The original poster of the bug#13164 has already tested out ppp-2.5.0 in CU179 (master)
and identified that the startup could not find the directory /usr/var/run/. This is due
to the change in use of the prefix command in 2.5.0 vs 2.4.9 so --localstatedir set to
/var. runstatedir is then set to localstatedir/run ie /var/run which is then correct
for IPFire.
- This fix needs to be implemented into CU179 so that the bug poster can test out the update
- Updated rootfile to remove additional empty line
Fixes: Bug#13164
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This update builds glibc with FORTIFY_SOURCE and disables building nscd
which has been unused in IPFire.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
i had disabled CONFIG_GCC_PLUGIN_LATENT_ENTROPY because this
fails to compile on riscv64.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.9.16 to 0.9.17
- Update of rootfile
- Changelog
0.9.17
* The importer is now parsing Geofeeds where available. This helps us to create a
database with better accuracy for large ISPs or cloud providers.
* The database writer is trying to compress the database harder: It will now look
for any duplicate networks and merge neighbouring networks which will reduce the
size of the database by about half.
* The importer has been improved so that it runs more efficient SQL queries to
create the database faster.
* Temuri Doghonadze contributed a Georgian translation.
* Hans-Christoph Steiner contributed bash-completion for the location(8) command.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 11.3.0 to 11.5.0
- Update of rootfile
- Changelog
11.5.0: release
* This release consists entirely of changes made by M. Holger.
Mostly this is changes to the private API, performance
enhancements, code cleanup, and reformatting to 100 columns
instead of 80. For qpdf development, we are starting to use
JetBrains CLion, so a lot of the changes are moving us toward a
cleaner development experience in that environment.
* Bug fix: when a the same page is copied multiple times, copy
the annotations rather than having multiple pages share an
annotation object. Thanks to M. Holger for the fix. Fixes#600.
* Add "FUTURE" build option for enabling experimental APIs. Do not
package qpdf built with the FUTURE option as there are no binary
compatibility or even source compatibility guarantees. The option
is intended for developers who want to ensure that future
potentially breaking changes are compatible with their code or
provide feedback on upcoming changes. At present, the only feature
enabled by FUTURE is a move constructor for QPDFObjectHandle.
While this shouldn't break any code, it would change details about
how many copies of a specific QPDFObjectHandle were in existence,
so it could potentially break code that was relying on internal
shared pointer reference counts. Thanks to M. Holger for the idea
and contribution.
* Add new method Buffer::copy and deprecate Buffer copy
constructor and assignment operator. Buffer copy operations are
expensive as they always involve copying the buffer content. Use
"buffer2 = buffer1.copy();" or "Buffer buffer2{buffer1.copy()};"
to make it explicit that copying is intended. This change was
contributed by M. Holger.
11.4.0: release
* From M. Holger: add QPDF::newReserved as a better alternative to
QPDFObjectHandle::newReserved. The operation of creating a new
reserved object fits better in the QPDF API. The old call just
delegates to the new one.
* When an annotation dictionary's appearance dictionary (`/AP`)
has a key that is a stream, disregard `/AS` (which is supposed to
point to a subkey). This enables qpdf to not ignore annotations
that have incorrect values for `/AS` when the appearance stream is
directly in the `/AP` dictionary instead of in a subkey.
Fixes#949.
* Allow QPDFJob's workflow to be split into a reading phase and a
writing phase to allow the caller to operate on the QPDF object
before it is written. This adds methods QPDFJob::createQPDF and
QPDFJob::writeQPDF and corresponding C API functions
qpdfjob_create_qpdf and qpdfjob_write_qpdf. Thanks to M. Holger
for the contribution.
* From M. Holger: throw a logic error if an uninitialized or
foreign QPDFObjectHandle is added to an array.
* Enhance --optimize-images to support images nested inside of
form XObjects. Thanks to Connor Osborne (github user cdosborn) for
the contribution. Fixes#923.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.18 to 1.19
- Update of rootfile
- Changelog
1.19
Clarify license: we are not the X Consortium, use straight MIT license text
Fix build without glob_pattern_p()
Fix missing libiconv dependency for static linkage in popt.pc
Fix segfault regression when NLS is enabled but libintl.h cannot be found (#32)
Fix the handling of superfluous args passed with =
Fix iconv resource leak on errors
Fix POPT_CONTEXT_KEEP_FIRST handling in poptResetContext()
Fix '=' getting shown for short options
Fix memory corruption issues with poptStuffArgs()
Fix handling of large files in poptReadFile() on 32bit systems
Fix build without wchar / mbstate_t
Fix potential memory leak in poptReadConfigFile()
Fix "Usage" string calculated length
Fix memory leak regressions in popt 1.18
Add --enable-werror configure option
Add CREDITS file
Improve random number handling
Various code cleanups, const and type hygiene improvements
Adjust test-suite expectations for libtool changes
Various translation updates
Various documentation improvements
Various test-suite improvements
Appease autoconf 2.70
Update gettext to 1.98.8
Run CI on fixed Fedora version (36 for now), use stricter compiler settings
Drop unmaintained CHANGES file from tarballs
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 23.03.0 to 23.08.0
- Update rootfile
- Changelog
23.08.0:
core:
* Fix GWG 19.2 - DeviceN Overprint (White)
* Splash: avoid bogus memory allocation size in doTilingPatternFill
* Fix use-of-uninitialized-value in XRef
* Fix float-cast-overflow error in Catalog
* Cleanup gpgme backend code
* Version symbols in poppler core
glib:
* Improve poppler_get_available_signing_certificates
* Add new members to PopplerCertificateInfo
utils:
* pdftotext: small improvement to man page
23.07.0:
core:
* Fix reading of utf8-with-bom files
* Fix crash if CERT_ExtractPublicKey doesn't return a public key
* Fix rendering of some malformed documents. Issue #1395
* Allow for stream compression and compress font streams in forms
* Remove method Hints::getPageRanges
qt5:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not configured
qt6:
* Fix crash when overprint preview is enabled
* Don't fail signature basics tests if backend is not configured
utils:
* pdfsig: Allow showung and selecting signature backend
* pdfsig: Describe signature dump format in manual page
glib:
* Add signing API
build system:
* zlib is now mandatory
23.06.0:
core:
* CairoOutputDev: Fix crash when doing type3 rendering
* Fix crash with unknown signature hashing algorithms
* Add gpgme backend for signature handling
* Windows: Fix crash when signing existing signature
* FontInfo: Make it return proper information about font substitution
* FontInfo: Try harder to get Type 3 font name
* Store embedded fonts widths table in a more effective manner
* Skip font lookup for nonprintable characters
* Windows: Look for fonts in both windows font dir and poppler fonts dir
* Windows: symbol.ttf is not a good Symbol font
* Windows: Fix memory leak when looking for fonts
* Fix crash on malformed files
qt5:
* Add API to allow selecting signature backend (nss or gpgme)
* Convert embedded files to bytearray a bit smarter
qt6:
* Add API to allow selecting signature backend (nss or gpgme)
* Convert embedded files to bytearray a bit smarter
23.05.0:
core:
* Fix crash when filling some forms
* Set SigFlags when signing unsigned signature
* Add some infrastructure code to support multiple signing backends
* Fix potential stack overflow in PostScriptFunction::parseCode
* Fix some minor uninitialised memory reads
23.04.0:
core:
* Fix memory issue when signing fails. Issue #1372
* Internal improvements of signature related code
* CairoOutputDev: improve type3 font rendering
* Fix memory leak in GlobalParams::findSystemFontFileForFamilyAndStyle
utils:
* pdftocairo: Fix crash in some special situations
* pdfsig: allow holes in -dump signature list
* pdfsig: Support --help
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 5.4.1 to 5.4.4
- Update of rootfile
- Changelog
5.4.4 (2023-08-02)
* liblzma and xzdec can now build against WASI SDK when threading
support is disabled. xz and tests don't build yet.
* CMake:
- Fixed a bug preventing other projects from including liblzma
multiple times using find_package().
- Don't create broken symlinks in Cygwin and MSYS2 unless
supported by the environment. This prevented building for the
default MSYS2 environment. The problem was introduced in
xz 5.4.0.
* Documentation:
- Small improvements to man pages.
- Small improvements and typo fixes for liblzma API
documentation.
* Tests:
- Added a new section to INSTALL to describe basic test usage
and address recent questions about building the tests when
cross compiling.
- Small fixes and improvements to the tests.
* Translations:
- Fixed a mistake that caused one of the error messages to not
be translated. This only affected versions 5.4.2 and 5.4.3.
- Updated the Chinese (simplified), Croatian, Esperanto, German,
Korean, Polish, Romanian, Spanish, Swedish, Ukrainian, and
Vietnamese translations.
- Updated the German, Korean, Romanian, and Ukrainian man page
translations.
5.4.3 (2023-05-04)
* All fixes from 5.2.12
* Features in the CMake build can now be disabled as CMake cache
variables, similar to the Autotools build.
* Minor update to the Croatian translation.
5.4.2 (2023-03-18)
* All fixes from 5.2.11 that were not included in 5.4.1.
* If xz is built with support for the Capsicum sandbox but running
in an environment that doesn't support Capsicum, xz now runs
normally without sandboxing instead of exiting with an error.
* liblzma:
- Documentation was updated to improve the style, consistency,
and completeness of the liblzma API headers.
- The Doxygen-generated HTML documentation for the liblzma API
header files is now included in the source release and is
installed as part of "make install". All JavaScript is
removed to simplify license compliance and to reduce the
install size.
- Fixed a minor bug in lzma_str_from_filters() that produced
too many filters in the output string instead of reporting
an error if the input array had more than four filters. This
bug did not affect xz.
* Build systems:
- autogen.sh now invokes the doxygen tool via the new wrapper
script doxygen/update-doxygen, unless the command line option
--no-doxygen is used.
- Added microlzma_encoder.c and microlzma_decoder.c to the
VS project files for Windows and to the CMake build. These
should have been included in 5.3.2alpha.
* Tests:
- Added a test to the CMake build that was forgotten in the
previous release.
- Added and refactored a few tests.
* Translations:
- Updated the Brazilian Portuguese translation.
- Added Brazilian Portuguese man page translation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.0.1 to 8.1.1
- Update of rootfile
- Changelog
8.1.1
- Fix shaping of contextual rules at the end of string, introduced in 8.1.0
- Fix stack-overflow in repacker with malicious fonts.
- 30% speed up loading Noto Duployan font.
8.1.0
- Fix long-standing build issue with the AIX compiler and older Apple clang.
- Revert optimization that could cause timeout during subsetting with malicious fonts.
- More optimization work:
- 45% speed up in shaping Noto Duployan font.
- 10% speed up in subsetting Noto Duployan font.
- Another 8% speed up in shaping Gulzar.
- 5% speed up in loading Roboto.
- New API:
+hb_ot_layout_collect_features_map()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update fromn version 6.2.1 to 6.3.0
- Update of rootfile
- Changelog
Changes between GMP version 6.2.* and 6.3.*.
BUGS FIXED
* A possible overflow of type int is avoided for mpz_cmp on huge operands.
* A possible error condition when a malformed file is read with
mpz_inp_raw is now correctly handled.
FEATURES
* New public function mpz_prevprime, companion of the existing
mpz_nextprime.
* New documented pointer types mpz_ptr, mpz_srcptr, and similar for
other GMP types. Refer to the manual for full list and suggested
usage. These types have been present in gmp.h at least since
GMP-4.0, but previously not advertised to users.
* Support for 64-bit Arm under Macos.
* Support for the loongarch64 CPU family.
* Support for building with LTO, link-time optimisations.
SPEEDUPS
* New special code for base = 2 in mpz_powm reduces the average time
for the functions that test primality.
* Speedup for the function mpz_nextprime on large operands.
* Speedup for multiplications (some sizes only) thanks to new
internal functions to compute small negacyclic products.
* Special assembly code for IBM z13 and later "mainframe" CPUs, resulting in
a huge speedup.
* Improved assembly for several 64-bit x86 CPUs, Risc-V, 64-bit Arm.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 2.4.9 to 2.5.0
This includes breaking changes for third-party plugins but as far as I can see IPFire
is not using any third party plugins
- Update of rootfile
- Update of patches and sed commands
- pcap-int.h and if_pppol2tp.h files have not been in source file since at least 2014
- Some of the patches required updates as additional lines needing to be patched are
now present. nThis was related to the O_CLOEXEC & SOCK_CLOEXEC related patches
- connect-errors file location is now defined by a configure command --with-logfile-dir
- install-etcppp is no longer provided. However the install command in this version still
has the same files available in /etc/ppp as previously. There is a new file,
openssl.cnf, which I have commented out. If it is required in future it can always be
uncommented in future releases.
- Build went without any problems with the updated patches.
- I cannot test this as I don't use ppp, however the original bug reporter has agreed to
test this out when it is released into Testing unless anyone else is capable of testing
it.
- Changelog
What's new in ppp-2.5.0.
The 2.5.0 release is a major release of pppd which contains breaking
changes for third-party plugins, a complete revamp of the build-system
and that allows for flexibility of configuring features as needed.
In Summary:
* Support for PEAP authentication by Eivind Næss and Rustam Kovhaev
* Support for loading PKCS12 certificate envelopes
* Adoption of GNU Autoconf / Automake build environment, by Eivind Næss
and others.
* Support for pkgconfig tool has been added by Eivind Næss.
* Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár.
* Major revision to PPPD's Plugin API by Eivind Næss.
- Defines in which describes what features was included in pppd
- Functions now prefixed with explicit ppp_* to indicate that
pppd functions being called.
- Header files were renamed to better align with their features,
and now use proper include guards
- A pppdconf.h file is supplied to allow third-party modules to use
the same feature defines pppd was compiled with.
- No extern declarations of internal variable names of pppd,
continued use of these extern variables are considered
unstable.
* Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon
* Dropped IPX support, as Linux has dropped support in version 5.15
for this protocol.
* Many more fixes and cleanups.
* Pppd is no longer installed setuid-root.
* New pppd options:
- ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
ipv6-up-script, ipv6-down-script
- -v, show-options
- usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
* On Linux, any baud rate can be set on a serial port provided the
kernel serial driver supports that.
Note that if you have built and installed previous versions of this
package and you want to continue having configuration and TDB files in
/etc/ppp, you will need to use the --sysconfdir option to ./configure.
For a list of the changes made during the 2.4 series releases of this
package, see the Changes-2.4 file.
Compression methods.
This package supports two packet compression methods: Deflate and
BSD-Compress. Other compression methods which are in common use
include Predictor, LZS, and MPPC. These methods are not supported for
two reasons - they are patent-encumbered, and they cause some packets
to expand slightly, which pppd doesn't currently allow for.
BSD-Compress and Deflate (which uses the same algorithm as gzip) don't
ever expand packets.
Fixes: bug#13164
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 0.21 to 0.22
- Update of rootfile
- Changelog
0.22 - June 2023
* PO file format:
- When a #: line contains references to file names that contain spaces,
these file names are surrounded by Unicode characters U+2068 and U+2069.
This makes it possible to parse such references correctly.
* Improvements for maintainers:
- The AM_GNU_GETTEXT macro now defines two variables localedir_c and
localedir_c_make, that can be used in C code or in Makefiles,
respectively, for representing the value of the --localedir configure
option.
* Programming languages support:
- C, C++:
o xgettext now supports gettext-like functions that take wide strings
(of type 'const wchar_t *', 'const char16_t *', or 'const char32_t *')
as arguments.
o xgettext now recognizes numbers with digit separators, as defined by
ISO C 23, as tokens.
o xgettext and msgfmt now recognize the format string directive %b
(for binary integer output, as defined by ISO C 23) in format strings.
o xgettext and msgfmt now recognize the argument size specifiers
w8, w16, w32, w64, wf8, wf16, wf32, wf64 (as defined by ISO C 23)
in format strings.
o xgettext and msgfmt now recognize C++ format strings, as defined by
ISO C++ 20. They are marked as 'c++-format' in POT and PO files.
A new example has been added, 'hello-c++20', that illustrates how
to use these format strings with gettext.
- Java:
o The build system and tools now also support Java versions newer than
Java 11. This is known to work up to Java 20, at least. On the other
hand, support for old versions of Java (Java 1.5 and GCJ) has been
dropped.
- Tcl: xgettext now supports the \x, \u, and \U escapes as defined in
Tcl 8.6.
* Portability:
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with an encoding other than UTF-8.
To this effect, the msgfmt program now converts the messages to UTF-8
encoding before storing them in a MO file. You can prevent this by
using the msgfmt --no-convert option.
- On systems with musl libc, the *gettext() functions in libc now work
with MO files generated from PO files with ISO C 99 <inttypes.h> format
string directive macros. To this effect, the msgfmt program pre-expands
strings with such macros. You can prevent this by using the msgfmt
--no-redundancy option.
* xgettext:
- The xgettext option '--sorted-output' is now deprecated.
- xgettext input files of type PO that are not all ASCII and not UTF-8
encoded are now handled correctly.
* The base Unicode standard is now updated to 15.0.0.
* Emacs PO mode:
Fix an incompatibility with Emacs version 29 or newer.
0.21.1 - October 2022
* Runtime behaviour:
- On AIX, locale names with a script or with an uppercase language are now
supported.
For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and
EN_US.UTF-8 is treated like en_US.UTF-8.
* The base Unicode standard is now updated to 14.0.0.
* Portability:
- Building on macOS 11/arm64 is now supported.
- Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is another fragment of rngd - the gift that keeps giving.
The udev rules file contains a lot of stuff for a prototype which never
went into production. So, that can be dropped.
It would have been left with one rule that starts rngd whenever a HWRNG
is being found. That is however no longer needed as rngd is being
started in the init process. We no longer need to initialize it as early
as possible to seed the kernel's PRNG.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 2.71.1 to 2.77.0
- Update of rootfile
- Changelog is too large to include here. Details can be found in the NEWS file in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 1.22.4 to 1.23.0
- Update of rootfile
- Changelog is too large to show here.
See the NEWS file in the source tarball for user visible changes. This does not
include any bug fixes.
For bug fixes and all commits see the ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.6.2 to 3.7.0
- Update of rootfile
- Changelog
3.7.0 is a feature and bugfix release.
New features:
bsdunzip: new tool ported from FreeBSD (#1873)
drop-in replacement for Info-ZIP unzip, not yet ported for Windows
7zip reader: support for Zstandard compression (#1894)
7zip reader: support for ARM64 filter (#1918)
zstd filter: support for multi-frame zstd archives (#1818)
Other notable bugfixes and improvements:
pax: fix year 2038 problem on platforms with 64-bit time_t (#1840)
Windows: Universal Windows Platform (UWP) fixes and improvements (#1879, #1883, #1885, #1840)
Windows: bcrypt usage fixes and improvements (#1881, #1887)
Windows: time function usage fixes and improvements (#1820, #1824, #1830)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.13.0 to 3.15.0
- Update of rootfile
- Changelog
3.15.0 (2023-06-09)
* Improved support for some less common systems (32 bit, alternative libcs)
* Unsupported mount options are no longer silently accepted.
* auto_unmount is now compatible with allow_other.
3.14.1 (2023-03-26)
* The extended attribute name passed to the setxattr() handler is no longer
truncated at the beginning (bug introduced in 3.13.0).
* As a result of the above, the additional setattr() flags introduced in 3.14 are no
longer available for now. They will hopefully be reintroduced in the next release.
* Further improvements of configuration header handling.
3.14.0 (2023-02-17)
* Properly fix the header installation issue. The fix in 3.13.1 resulted
in conflicts with other packages.
* Introduce additional setattr() flags (FORCE, KILL_SUID, KILL_SGID, FILE,
KILL_PRIV, OPEN, TIMES_SET)
3.13.1 (2023-02-03)
* Fixed an issue that resulted in errors when attempting to compile against
installed libfuse headers (because libc symbol versioning support was not
detected correctly in this case).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 8.1.0 to 8.2.0
- Update of rootfile
- Changelog
8.2.0
Changes:
curl: add --ca-native and --proxy-ca-native
curl: add --trace-ids
CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS
haproxy: add --haproxy-clientip flag to set client IPs
lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID
Bugfixes:
bufq: make write/pass methods more robust
build: drop unused/redundant `HAVE_WINLDAP_H`
cf-socket: don't bypass fclosesocket callback if cancelled before connect
cf-socket: move ctx declaration under HAVE_GETPEERNAME
cf-socket: skip getpeername()/getsockname for TFTP
checksrc: modernise perl file open
checksrc: quote the file name to work with "funny" letters
CI: brew fix for openssl in default path
CI: don't install impacket if tests are not run
CI: enable parallel make in more builds
circleci: install impacket & wolfssl 5.6.0
cmake: add support for "unity" builds
cmake: make use of snprintf
cmake: stop CMake from quietly ignoring missing Brotli
configure: add check for ldap_init_fd
configure: fix run-compiler for old /bin/sh
configure: the --without forms of the options are also gone
connect-timeout.d: mention that the DNS lookup is included
curl.h: include <sys/select.h> for vxworks
curl: count uploaded data to stop at the originally given size
curl: return error when asked to use an unsupported HTTP version
curl_easy_nextheader.3: add missing open parenthesis examples
curl_log: evaluate log statement only when transfer is verbose
curl_mprintf.3: minor fix of the example
curl_pushheader_byname/bynum.3: document in their own man pages
curl_url_set: enforce the max string length check for all parts
CURLOPT_AWS_SIGV4.3: remove unused variable from example
CURLOPT_INFILESIZE.3: mention -1 triggers chunked
CURLOPT_MIMEPOST.3: clarify what setting to NULL means
CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search
docs/libcurl/libcurl.3: cleanups and improvements
docs: add more .IP after .RE to fix indentation of generate paragraphs
docs: fix missing parameter names in examples
docs: update CURLOPT_UPLOAD.3
docs: update HTTP3.md for newer ngtcp2 and nghttp3
docs: use a space after RFC when spelling out RFC numbers
example/connect-to: show CURLOPT_CONNECT_TO
example/crawler: also set CURLOPT_AUTOREFERER
example/crawler: make it use a few more options
example/default-scheme: set the default scheme for schemeless URLs
example/hsts-preload: show one way to HSTS preload
example/http2-download: set CURLOPT_BUFFERSIZE
example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use
example/maxconnects: set maxconnect example
example/opensslthreadlock: remove
examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS
examples/http-options: show how to send "OPTIONS *"
examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT
examples/multi-debugcallback.c: avoid the bool typedef
examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS
examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH
examples/websocket.c: websocket example using CONNECT_ONLY
examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR
fopen: fix conversion warning on 32-bit Android
fopen: optimize
hostip.c: Move macOS-specific calls into global init call
HTTP/2: upload handling fixes
http2: better support for --limit-rate
http2: error stream resets with code CURLE_HTTP2_STREAM
http2: fix crash in handling stream weights
http2: fix variable type
http2: h2 and h2-PROXY connection alive check fixes
http2: raise header limitations above and beyond
http2: send HEADER & DATA together if possible
http2: treat initial SETTINGS as a WINDOW_UPDATE
HTTP3.md: update openssl version
http3/ngtcp2: upload EAGAIN handling
http: rectify the outgoing Cookie: header field size check
hyper: fix EOF handling on input
hyper: unslow
imap-append.c: update to make it more likely to work
imap: Provide method to disable SASL if it is advertised
krb5: add typecast to please Coverity
libcurl-url.3: also mention CURLUPART_ZONEID
libcurl-ws.3. WebSocket API overview
libssh2: provide error message when setting host key type fails
libssh2: use custom memory functions
ngtcp2: assigning timeout, but value is overwritten before used
ngtcp2: build with 0.17.0 and nghttp3 0.13.0
ngtcp2: use ever increasing timestamp in io
quiche: avoid NULL deref in debug logging
quiche: fix defects found in latest coverity report
quote.d: fix indentation of generated paragraphs
runtests: abort test run after failure without -a
runtests: better handle ^C during slow tests
runtests: consistently write the test check summary block
runtests: create multiple test runners when requested
runtests: include missing valgrind package
runtests: make test file directories in log/N
runtests: rename server command file
runtests: use more consistent failure lines
runtests: work around a perl without SIGUSR1
runtests; give each server a unique log lock file
scripts: Fix GHA matrix job detection in cijobs.pl
sectransp: fix EOF handling
system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles
test2600: fix the description
test427: verify sending more cookies than fit in a 8190 bytes line
tests/http: Add mod_h2 directive `H2ProxyRequests`
tests/servers.pm: pick unused port number with a server socket
tests/servers: generate temp names in /tmp for unix domain sockets
tests: fix error messages & handling around sockets
tests: improve reliability of TFTP tests
testutil: allow multiple %-operators on the same line
timeval: use CLOCK_MONOTONIC_RAW if available
tls13-ciphers.d: include Schannel
tool: remove exclamation marks from error/warning messages
tool: remove newlines from all helpf/notef/warnf/errorf calls
tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION`
tool_getparam: fix comment
tool_operate: allow cookie lines up to 8200 bytes
tool_parsecfg: accept line lengths up to 10M
tool_urlglob: use curl_off_t instead of longs
tool_writeout_json: fix encoding of control characters
transfer: clear credentials when redirecting to absolute URL
urlapi: have *set(PATH) prepend a slash if one is missing
urlapi: scheme must start with alpha
vtls: avoid memory leak if sha256 call fails
websocket-cb: example doing WebSocket download using callback
wolfssl: detect when TLS 1.2 support is not built into wolfssl
wolfssl: support setting CA certificates as blob
ws: make the curl_ws_meta() return pointer a const
8.1.2
Bugfixes:
configure: quote the assignments for run-compiler
configure: without pkg-config and no custom path, use -lnghttp2
curl: cache the --trace-time value for a second
http2: fix EOF handling on uploads with auth negotiation
http3: send EOF indicator early as possible
lib1560: verify more scheme guessing
lib: remove unused functions, make single-use static
libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
libssh: when keyboard-interactive auth fails, try password
misc: fix spelling mistakes
page-header: mention curl version and how to figure out current release
page-header: minor wording polish in the URL segment
scripts/singleuse.pl: add more API calls
urlapi: remove superfluous host name check
8.1.1
Bugfixes:
cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND
checksrc: disallow spaces before labels
cmake: avoid `list(PREPEND)` for compatibility
cmake: repair cross compiling
configure: fix --help alignment
configure: generate a script to run the compiler
curl_easy_getinfo: clarify on return data types
docs: document that curl_url_cleanup(NULL) is a safe no-op
hostip: move easy_lock.h include above curl_memory.h
http2: double http request parser max line length
http2: increase stream window size to 10 MB
http2: upload improvements
lib: fix conversion warnings with gcc on macOS
lib: rename struct 'http_req' to 'httpreq'
ngtcp2: fix compiler warning about possible null-deref
ngtcp2: proper handling of uint64_t when adjusting send buffer
os400: update chkstrings.c
runtests: handle interrupted reads from IPC pipes
runtests: use the correct fd after select
sectransp.c: make the code c89 compatible
select: avoid returning an error on EINTR from select() or poll()
test425: fix the log directory for the upload
url: provide better error message when URLs fail to parse
urlapi: allow numerical parts in the host name
vquic.c: make recvfrom_packets static, avoid compiler warning
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 7.3.0 to 8.0.1
- Update of rootfile
- Changelog
Overview of changes leading to 8.0.1
- Build fix on 32-bit arm.
- More speed optimizations:
- 60% speedup in retaingids subsetting SourceHanSans-VF.
- 38% speed up in subsetting (beyond-64k) mega-merged Noto.
- 16% speed up in retain-gid (used for IFT) subsetting of NotoSansCJKkr.
Overview of changes leading to 8.0.0
- New, experimental, WebAssembly (WASM) shaper, that provides greater
flexibility over OpenType/AAT/Graphite shaping, using WebAssembly embedded
inside the font file. Currently WASM shaper is disabled by default and needs
to be enabled at build time. For details, see:
https://github.com/harfbuzz/harfbuzz/blob/main/docs/wasm-shaper.md
For example fonts making use of the WASM shaper, see:
https://github.com/simoncozens/wasm-examples
- Improvements to Experimental features introduced in earlier releases:
- Support for subsetting beyond-64k and VarComposites fonts.
- Support for instancing variable fonts with cubic “glyf” table.
- Many big speed optimizations:
- Up to 89% speedup loading variable fonts for shaping.
- Up to 88% speedup in small subsets of large (eg. CJK) fonts (both TTF and
OTF), essential for Incremental Font Transfer (IFT).
- Over 50% speedup in loading Roboto font for shaping.
- Up to 40% speed up in loading (sanitizing) complex fonts.
- 30% speed up in shaping Gulzar font.
- Over 25% speedup in glyph loading Roboto font.
- 10% speed up loading glyph shapes in VarComposite Hangul font.
- hb-hashmap optimizations & hashing improvements.
- New macro HB_ALWAYS_INLINE. HarfBuzz now inlines functions more aggressively,
which results in some speedup at the expense of bigger code size. To disable
this feature define the macro to just inline.
- New API:
+HB_CODEPOINT_INVALID
+hb_ot_layout_get_baseline2()
+hb_ot_layout_get_baseline_with_fallback2()
+hb_ot_layout_get_font_extents()
+hb_ot_layout_get_font_extents2()
+hb_subset_input_set_axis_range()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 3.2.11 to 3.2.12
- Update of rootfile
- Changelog
3.2.12
-rules/50-udev-default.rules: add PTP entry for Hyper-V/Azure by @dermotbradley
in #218
-Add the BUILD instructions for Gentoo by @lu-zero in #224
-Fix warnings by @bbonev in #222
-udev: add udev_dir as synonym of udevdir by @oreo639 in #225
-build: Remove dead g-i-r configuration by @akiernan in #231
-Hwdb.7 by @bbonev in #221
-Precompiled hwdb by @bbonev in #223
-Merge suitable rules changes from systemd by @bbonev in #220
-Merge hwdb from systemd by @bbonev in #219
-Fix problems detected by fortified builds by @bbonev in #232
-Avoid warning on 32bit by @bbonev in #233
-Systemd PR 24353 by @bbonev in #239
-Do not free a static string by @bbonev in #238
-man: udev.7, mention /usr/lib with split-usr by @omnivagant in #246
-Missing tools by @bbonev in #240
-Fix compile-time issue on very old kernels by @cockroach in #247
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20230404 to 20230625
- Update of rootfile carried out based on Peter Mueller's description from last
linux-firmware update.
- It would be good to have it checked that my results are in line with what they should be.
- Changelog
For changes see the commits in the git repo
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Changelog is too long to include it here, please refer to the ChangeLog
file in the sourcecode tarball.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.15.4 to 1.20.4
- Update of x86_64 rootfile
aarch64 rootfile needs to be created on a aarch64 build system
- Changelog is very large. For details see https://go.dev/doc/devel/release
50 mentions of security fixes in the changes from 1.15.4 to 1.20.4
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This patch does not include the rootfile for riscv64 because GCC FTBFS.
Bug #13156 has been opened to address this.
But since we don't officially support IPFire riscv64, yet, this should
not delay this going into next.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 3.9.0 to 3.10.0
- Update of rootfile
- version 3.9.0 failed to output some of the symbols. This was found as a bug in Fedora but
also seen by some people in IPFire CU175 with flashrom where the version 3.3 symbol is
provided.
Fedora made a patch to resolve this issue for 3.9.0 but 3.10.0 has been released since
then and Fedora removed the patch that was used for 2.9.0 as pciutils has had that bug
fixed - see first item in changelog.
- Changelog
Released as 3.10.0.
Fixed bug in definition of versioned symbol aliases
in shared libpci, which made compiling with link-time
optimization fail.
Filters now accept "0x..." syntax for backward compatibility.
Windows: The cfgmgr32 back-end which provides the list of devices
can be combined with another back-end which provides access
to configuration space.
ECAM (Enhanced Configuration Access Mechanism), which is defined
by the PCIe standard, is now supported. It requires root privileges,
access to physical memory, and also manual configuration on some
systems.
lspci: Tree view now works on multi-domain systems. It now respects
filters properly.
Last but not least, pci.ids were updated to the current snapshot
of the database. This includes overall cleanup of entries with
non-ASCII characters in their names -- such characters are allowed,
but only if they convey interesting information (e.g., umlauts
in German company names, but not the "registered trade mark" sign).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Excerpt from changelog:
"6.0.13 -- 2023-06-15
Security #6119: datasets: absolute path in rules can overwrite arbitrary files (6.0.x backport)
Bug #6138: Decode-events of IPv6 packets are not triggered (6.0.x backport)
Bug #6136: suricata-update: dump-sample-configs: configuration files not found (6.0.x backport)
Bug #6125: http2: cpu overconsumption in rust moving/memcpy in http2_parse_headers_blocks (6.0.x backport)
Bug #6113: ips: txs still logged for dropped flow (6.0.x backport)
Bug #6056: smtp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #6055: ftp: long line discard logic should be separate for server and client (6.0.x backport)
Bug #5990: smtp: any command post a long command gets skipped (6.0.x backport)
Bug #5982: smtp: Long DATA line post boundary is capped at 4k Bytes (6.0.x backport)
Bug #5809: smb: convert transaction list to vecdeque (6.0.x backport)
Bug #5604: counters: tcp.syn, tcp.synack, tcp.rst depend on flow (6.0.x backport)
Bug #5550: dns: allow dns messages with invalid opcodes (6.0.x backport)
Task #5984: libhtp 0.5.44 (6.0.x backport)
Documentation #6134: userguide: add instructions/explanation for (not) running suricata with root (6.0.x backport)
Documentation #6121: datasets: 6.0.x work-arounds for dataset supply chain attacks"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
