mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-10 02:55:55 +02:00
fd02fb29d829fc35ea65fb2cab201bf25bcfedae
22337 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Tremer
|
fd02fb29d8 |
CSS: Decrease the size of h6 headlines
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
6a47b385b7 |
CSS: Make form input elements use the entire width again
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
7ee7452042 |
CSS: Add class to automatically style forms
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
9f3c37ab0c |
ovpnmain.cgi: Unify the error message box
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
Adolf Belka
|
1ab0b00940 |
ncdu: Update to version 1.20
- Update from version 1.18.1 to 1.20
- Update of rootfile not required
- Changelog
1.20
- Revert default color scheme back to 'off'
- Rewrite man page in mdoc, drop pod2man dependency
1.19
- Fix typo in --exclude-from argument
- Add --(enable|disable)-natsort options
- Add indicator to apparent size/disk usage selection in the footer
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
534fc35011 |
strace: Update to version 6.10
- Update from version 6.6 to 6.10
- Update of rootfile not required
- Changelog
6.10
* Improvements
* Implemented --decode-fds=eventfd option to retrieve eventfd object details
associated with eventfd file descriptors.
* Implemented decoding of NETLINK_GENERIC nlctrl protocol.
* Implemented decoding of F_DUPFD_QUERY fcntl.
* Implemented decoding of mseal syscall.
* Updated decoding of statx and prctl syscalls.
* Updated decoding of BPF_RAW_TRACEPOINT_OPEN bpf command.
* Updated lists of BPF_*, IORING_*, KEXEC_*, KEY_*, LANDLOCK_*, PR_*, STATX_*,
TCP_*, TEE_*, V4L2_*, and *_MAGIC constants.
* Updated lists of ioctl commands from Linux 6.10.
* Bug fixes
* Worked around a bug introduced in Linux 6.5 that affected system call
tampering on riscv64.
6.9
* Improvements
* Implemented --always-show-pid option.
* The --user|-u option has learned to recognize numeric UID:GID pair, allowing
e.g. statically-built strace to be used without invoking nss plugins.
* Implemented decoding of IORING_REGISTER_SYNC_CANCEL,
IORING_REGISTER_FILE_ALLOC_RANGE, IORING_REGISTER_PBUF_STATUS,
IORING_REGISTER_NAPI, and IORING_UNREGISTER_NAPI opcodes of
io_uring_register syscall.
* Implemented decoding of BPF_TOKEN_CREATE bpf syscall command.
* Updated decoding of io_uring_register and pidfd_send_signal syscalls.
* Updated lists of BPF_*, CAN_*, IORING_*, KEY_*, LSM_*, MPOL_*, NT_*, RWF_*,
PIDFD_*, PTP_*, TCP_*, and *_MAGIC constants.
* Updated lists of ioctl commands from Linux 6.9.
6.8
* Improvements
* Renamed --stack-traces to --stack-trace for consistency.
Old option is retained for backwards compatibility.
* Implemented --stack-trace-frame-limit=N option for configuring the limit
of the number of printed backtrace frames.
* Implemented decoding of statmount, listmount, lsm_get_self_attr,
lsm_set_self_attr, and lsm_list_modules syscalls.
* Implemented decoding of setsockopt(TCP_AO_ADD_KEY).
* Updated decoding of landlock_create_ruleset and landlock_add_rule syscalls.
* Updated decoding of SMC_DIAG_DMBINFO netlink attribute.
* Updated decoding of UBI_IOCATT ioctl command.
* Enhanced decoding of mount attributes of fsmount and mount_setattr syscalls.
* Updated lists of BPF_*, KEXEC_*, KVM_*, PERF_*, SOL_*, STATX_*, UFFD_*,
and V4L2_* constants.
* Updated lists of ioctl commands from Linux 6.8.
6.7
* Improvements
* Implemented -kk/--stack-traces=source option for libdw-based stack tracing.
* Implemented decoding of futex_wake, futex_wait, and sys_futex_requeue
syscalls.
* Updated lists of BPF_*, BTRFS_*, IORING_*, KVM_*, LANDLOCK_*, PR_*,
and TCP_* constants.
* Updated lists of ioctl commands from Linux 6.7.
* Bug fixes
* Fix strace -r during the first second after booting to show correct relative
timestamps.
* Fix strace -f entering deadlock on exit if there are tracee processes
spawned using vfork semantics.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
61e6011d4e |
sdl2: Update to version 2.30.6
- Update from version 2.30.1 to 2.30.6
- Update of rootfile
- Changelog
2.30.6
Improved detection of Nintendo Switch Pro controller report mode
Fixed a rare crash when a controller is disconnected
Fixed creating a framebuffer with KMSDRM on some systems
2.30.5
Respect SDL_HINT_RENDER_DRIVER when creating an accelerated window surface
Clean up any accelerated renderer in SDL_DestroyWindowSurface()
Disable low level USB controller support on Android by default (can be
enabled by setting "SDL_ENV.SDL_JOYSTICK_HIDAPI" metadata to "1" in
AndroidManifest.xml)
Fixed USB permissions dialog on Android 14
Fixed controller mapping matching when one entry has a CRC specified and
another doesn't
Enable joystick support on FreeBSD when building using CMake
Reduced input latency when using an fcitx IME on Linux
Fixed graphical corruption on Raspberry Pi
Fixed crash when using an unstable sort function in SDL_qsort (you shouldn't
do this, but at least it won't crash)
2.30.4
Android rotation will respect user rotation lock preferences
Fixed spurious Left-Ctrl key input when the Right Alt key (AltGr) is pressed
on Windows
Added support for the Saitek Cyborg V.3 Rumble Pad in PS3 mode
Added support for the Razer Kitsune in PS5 mode
Added Linux bindings for the Qanba Drone 2 Arcade Joystick
Leave Nintendo Online controllers in simple report mode so they work with
DirectInput games
Enable using libusb for GameCube controllers when available
2.30.3
Fixed Win+V handling (pasting from clipboard history) on Windows
Fixed Caps Lock and Backspace key mapping for the Colemak keyboard layout on
Windows
Fixed mouse warp on XWayland
Reduced startup time when scanning for game controllers on Linux
Fixed building with C89 compilers
Fixed building with the GDK SDK on Windows
2.30.2
Fixed performance regression initializing controllers on Linux
Added support for the 6-button SEGA Mega Drive Control Pad for Nintendo Online
Added support for the MadCatz Saitek Side Panel Control Deck
Added support for the Hori Fighting Stick EX2
Added support for the Yawman Arrow flightstick
Added a gamepad mapping for the Defender Joystick Cobra R4
Fixed the gamepad mapping for the Sanwa Supply JY-P76USV controller
Poll for the initial controller state when using DirectInput
Allow using SDL_RWFromFile() with named pipes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
6f10be4979 |
core188: Ship readline
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
16bc85bcea |
readline: Update patches to include 11 - 13
- Update patches from 1 - 10 to 1 - 13
- Update of rootfile not required
- Changelog of patches
11 Some systems (e.g., macOS) send signals early on in interactive initialization,
so readline should retry a failed open of the init file.
12 If a user happens to bind do-lowercase-version to something that isn't a
capital letter, so _rl_to_lower doesn't change anything and the result is
still bound to do-lowercase-version, readline can recurse infinitely.
13 When readline is accumulating bytes until it reads a complete multibyte
character, reading a byte that makes the multibyte character invalid can
result in discarding the bytes in the partial character.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
8127b73812 |
core188: Ship lz4
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
90dfbe816a |
lz4: Update to version 1.10.0
- Update from version 1.9.4 to 1.10.0
- Update of rootfile
- Changelog
1.10.0
cli : multithreading compression support: improves speed by X times threads allocated
cli : overlap decompression with i/o, improving speed by ~+60%
cli : support environment variables LZ4_CLEVEL and LZ4_NBWORKERS
cli : license of CLI more clearly labelled GPL-2.0-or-later
cli : fix: refuse to compress directories
cli : fix dictionary compression benchmark on multiple files
cli : change: no more implicit `stdout` (except when input is `stdin`)
lib : new level 2, offering mid-way performance (speed and compression)
lib : Improved lz4frame compression speed for small data (up to +160% at 1KB)
lib : Slightly faster (+5%) HC compression speed (levels 3-9), by @JunHe77
lib : dictionary compression support now in stable status
lib : lz4frame states can be safely reset and reused after a processing error (described by @QrczakMK)
lib : `lz4file` API improvements, by @vsolontsov-volant and @t-mat
lib : new experimental symbol `LZ4_compress_destSize_extState()`
build: cmake minimum version raised to 3.5
build: cmake improvements, by @foxeng, @Ohjurot, @LocalSpook, @teo-tsirpanis, @ur4t and @t-mat
build: meson scripts are now hosted into `build/` directory, by @eli-schwartz
build: meson improvements, by @tristan957
build: Visual Studio solutions generated by `cmake` via scripts
port : support for loongArch, risc-v, m68k, mips and sparc architectures
port : improved Visual Studio compatibility, by @t-mat
port : freestanding support improvements, by @t-mat
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
4ebb8df54e |
core188: Ship knot
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
374b2d8d57 |
knot: Update to version 3.3.8
- Update from version 3.3.5 to 3.3.8
- Update of rootfile not required
- Changelog
3.3.8
Features:
- libzscanner,libknot: added support for 'dohpath' and 'ohttp' SVCB parameters
- libzscanner,libknot: added support for WALLET rrtype
- keymgr: new commands for keystore testing (see 'keystore-test' and 'keystore-bench')
- knotd: new configuration option for setting default TTL (see 'zone.default-ttl')
Improvements:
- libknot: added error codes to better describe some failures
Bugfixes:
- knotd: DNSSEC signing doesn't remove NSEC records for non-authoritative nodes
- knotd: DNSSEC signing not scheduled on secondary if nothing to be reloaded
- libknot: TCP over XDP doesn't ignore SYN+ACK packets on the server side
3.3.7
Improvements:
- libs: upgraded embedded libngtcp2 to 1.6.0
Bugfixes:
- knotd: insufficient metadata check can cause journal corruption
- knotd: missing zone timers initialization upon purge
- knotd: missing RCU lock in zone flush and refresh
- knotd: defective assert in zone refresh
3.3.6
Features:
- knotd: configurable control socket backlog size (see 'control.backlog')
- knotd: optional configuration of congruency of generated keytags (see 'policy.keytag-modulo')
- knotc: support for exporting configuration schema in JSON (see 'conf-export') #912
- mod-dnstap: configuration of sink allows TCP address specification
Improvements:
- knotd: last-signed serial is stored to KASP even if not a secondary zone
- knotd: allowed catalog role member in a catalog template configuration
- knotd: some references in a zone configuration can be set empty to override a template
- knotd: allowed zone backup during a zone transaction
- knotd: add remote TSIG key name to outgoing event logs
- knotc: zone backup with '+keysonly' silently uses all defaults as 'off'
- kxdpgun: host name can be used for target specification
- libs: upgraded embedded libngtcp2 to 1.5.0
- doc: various fixes and updates
Bugfixes:
- knotd: reset TCP connection not removed from a connection pool
- knotd: server wrongly tries to remove removed ZONEMD
- knotd: failed to parse empty list from a textual configuration
- knotd: blocking zone signing in combination with an open transaction causes a deadlock
- knotd: missing RCU lock when sending NOTIFY
- kdig: QNAME letter case isn't preserved if IDN is enabled
- kdig: failed to parse empty QNAME (do not fill question section)
- kxdpgun: floating point exception on SIGUSR1 #927
- libknot: incorrect handling of regular QUIC tokens in incoming initials
- python: failed to set an empty configuration value
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
16f1486a94 |
core188: Ship iproute2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
aae8ab106e |
iproute2: Update to version 6.10.0
- Update from version 6.8.0 to 6.10.0 - Update of rootfile not required - Changelog is the commits list in the git repo https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/ Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
e083a19f8f |
core188: Ship hwdata
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
c3b45c6fb3 |
hwdata: Update to the latest versions of pci.ids & usb.ids
- pci.ids - update from 2023-09-22 to 2024-06-23 - usb.ids - update from 2023-11-08 to 2024-07-04 - Update of rootfile not required - Changelog is not available. It is just the latest update of the information Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
292817ad93 |
git: Update to version 2.46.0
- Update from version 2.45.2 to 2.46.0
- Update of rootfile
- Changelog
2.46.0
UI, Workflows & Features
* The "--rfc" option of "git format-patch" learned to take an
optional string value to be used in place of "RFC" to tweak the
"[PATCH]" on the subject header.
* The credential helper protocol, together with the HTTP layer, have
been enhanced to support authentication schemes different from
username & password pair, like Bearer and NTLM.
* Command line completion script (in contrib/) learned to complete
"git symbolic-ref" a bit better (you need to enable plumbing
commands to be completed with GIT_COMPLETION_SHOW_ALL_COMMANDS).
* When the user responds to a prompt given by "git add -p" with an
unsupported command, list of available commands were given, which
was too much if the user knew what they wanted to type but merely
made a typo. Now the user gets a much shorter error message.
* The color parsing code learned to handle 12-bit RGB colors, spelled
as "#RGB" (in addition to "#RRGGBB" that is already supported).
* The operation mode options (like "--get") the "git config" command
uses have been deprecated and replaced with subcommands (like "git
config get").
* "git tag" learned the "--trailer" option to futz with the trailers
in the same way as "git commit" does.
* A new global "--no-advice" option can be used to disable all advice
messages, which is meant to be used only in scripts.
* Updates to symbolic refs can now be made as a part of ref
transaction.
* The trailer API has been reshuffled a bit.
* Terminology to call various ref-like things are getting
straightened out.
* The command line completion script (in contrib/) has been adjusted
to the recent update to "git config" that adopted subcommand based
UI.
* The knobs to tweak how reftable files are written have been made
available as configuration variables.
* When "git push" notices that the commit at the tip of the ref on
the other side it is about to overwrite does not exist locally, it
used to first try fetching it if the local repository is a partial
clone. The command has been taught not to do so and immediately
fail instead.
* The promisor.quiet configuration knob can be set to true to make
lazy fetching from promisor remotes silent.
* The inter/range-diff output has been moved to the end of the patch
when format-patch adds it to a single patch, instead of writing it
before the patch text, to be consistent with what is done for a
cover letter for a multi-patch series.
* A new command has been added to migrate a repository that uses the
files backend for its ref storage to use the reftable backend, with
limitations.
* "git diff --exit-code --ext-diff" learned to take the exit status
of the external diff driver into account when deciding the exit
status of the overall "git diff" invocation when configured to do
so.
* "git update-ref --stdin" learned to handle transactional updates of
symbolic-refs.
* "git format-patch --interdiff" for multi-patch series learned to
turn on cover letters automatically (unless told never to enable
cover letter with "--no-cover-letter" and such).
* The "--heads" option of "ls-remote" and "show-ref" has been been
deprecated; "--branches" replaces "--heads".
* For over a year, setting add.interactive.useBuiltin configuration
variable did nothing but giving a "this does not do anything"
warning. The warning has been removed.
* The http transport can now be told to send request with
authentication material without first getting a 401 response.
* A handful of entries are added to the GitFAQ document.
* "git var GIT_SHELL_PATH" should report the path to the shell used
to spawn external commands, but it didn't do so on Windows, which
has been corrected.
Performance, Internal Implementation, Development Support etc.
* Advertise "git contacts", a tool for newcomers to find people to
ask review for their patches, a bit more in our developer
documentation.
* In addition to building the objects needed, try to link the objects
that are used in fuzzer tests, to make sure at least they build
without bitrot, in Linux CI runs.
* Code to write out reftable has seen some optimization and
simplification.
* Tests to ensure interoperability between reftable written by jgit
and our code have been added and enabled in CI.
* The singleton index_state instance "the_index" has been eliminated
by always instantiating "the_repository" and replacing references
to "the_index" with references to its .index member.
* Git-GUI has a new maintainer, Johannes Sixt.
* The "test-tool" has been taught to run testsuite tests in parallel,
bypassing the need to use the "prove" tool.
* The "whitespace check" task that was enabled for GitHub Actions CI
has been ported to GitLab CI.
* The refs API lost functions that implicitly assumes to work on the
primary ref_store by forcing the callers to pass a ref_store as an
argument.
* Code clean-up to reduce inter-function communication inside
builtin/config.c done via the use of global variables.
* The pack bitmap code saw some clean-up to prepare for a follow-up topic.
* Preliminary code clean-up for "git send-email".
* The default "creation-factor" used by "git format-patch" has been
raised to make it more aggressively find matching commits.
* Before discovering the repository details, We used to assume SHA-1
as the "default" hash function, which has been corrected. Hopefully
this will smoke out codepaths that rely on such an unwarranted
assumptions.
* The project decision making policy has been documented.
* The strcmp-offset tests have been rewritten using the unit test
framework.
* "git add -p" learned to complain when an answer with more than one
letter is given to a prompt that expects a single letter answer.
* The alias-expanded command lines are logged to the trace output.
* A new test was added to ensure git commands that are designed to
run outside repositories do work.
* A few tests in reftable library have been rewritten using the
unit test framework.
* A pair of test helpers that essentially are unit tests on hash
algorithms have been rewritten using the unit-tests framework.
* A test helper that essentially is unit tests on the "decorate"
logic has been rewritten using the unit-tests framework.
* Many memory leaks in the sparse-checkout code paths have been
plugged.
* "make check-docs" noticed problems and reported to its output but
failed to signal its findings with its exit status, which has been
corrected.
* Building with "-Werror -Wwrite-strings" is now supported.
* To help developers, the build procedure now allows builders to use
CFLAGS_APPEND to specify additional CFLAGS.
* "oidtree" tests were rewritten to use the unit test framework.
* The structure of the document that records longer-term project
decisions to deprecate/remove/update various behaviour has been
outlined.
* The pseudo-merge reachability bitmap to help more efficient storage
of the reachability bitmap in a repository with too many refs has
been added.
* When "git merge" sees that the index cannot be refreshed (e.g. due
to another process doing the same in the background), it died but
after writing MERGE_HEAD etc. files, which was useless for the
purpose to recover from the failure.
* The output from "git cat-file --batch-check" and "--batch-command
(info)" should not be unbuffered, for which some tests have been
added.
* A CPP macro USE_THE_REPOSITORY_VARIABLE is introduced to help
transition the codebase to rely less on the availability of the
singleton the_repository instance.
* "git version --build-options" reports the version information of
OpenSSL and other libraries (if used) in the build.
* Memory ownership rules for the in-core representation of
remote.*.url configuration values have been straightened out, which
resulted in a few leak fixes and code clarification.
* When bundleURI interface fetches multiple bundles, Git failed to
take full advantage of all bundles and ended up slurping duplicated
objects, which has been corrected.
* The code to deal with modified paths that are out-of-cone in a
sparsely checked out working tree has been optimized.
* An existing test of oidmap API has been rewritten with the
unit-test framework.
* The "ort" merge backend saw one bugfix for a crash that happens
when inner merge gets killed, and assorted code clean-ups.
* A new warning message is issued when a command has to expand a
sparse index to handle working tree cruft that are outside of the
sparse checkout.
* The test framework learned to take the test body not as a single
string but as a here-document.
* "git push '' HEAD:there" used to hit a BUG(); it has been corrected
to die with "fatal: bad repository ''".
* What happens when http.cookieFile gets the special value "" has
been clarified in the documentation.
Bug Fixes
* "git rebase --signoff" used to forget that it needs to add a
sign-off to the resulting commit when told to continue after a
conflict stops its operation.
* The procedure to build multi-pack-index got confused by the
replace-refs mechanism, which has been corrected by disabling the
latter.
* The "-k" and "--rfc" options of "format-patch" will now error out
when used together, as one tells us not to add anything to the
title of the commit, and the other one tells us to add "RFC" in
addition to "PATCH".
* "git stash -S" did not handle binary files correctly, which has
been corrected.
* A scheduled "git maintenance" job is expected to work on all
repositories it knows about, but it stopped at the first one that
errored out. Now it keeps going.
* zsh can pretend to be a normal shell pretty well except for some
glitches that we tickle in some of our scripts. Work them around
so that "vimdiff" and our test suite works well enough with it.
* Command line completion support for zsh (in contrib/) has been
updated to stop exposing internal state to end-user shell
interaction.
* Tests that try to corrupt in-repository files in chunked format did
not work well on macOS due to its broken "mv", which has been
worked around.
* The maximum size of attribute files is enforced more consistently.
* Unbreak CI jobs so that we do not attempt to use Python 2 that has
been removed from the platform.
* Git 2.43 started using the tree of HEAD as the source of attributes
in a bare repository, which has severe performance implications.
For now, revert the change, without ripping out a more explicit
support for the attr.tree configuration variable.
* The "--exit-code" option of "git diff" command learned to work with
the "--ext-diff" option.
* Windows CI running in GitHub Actions started complaining about the
order of arguments given to calloc(); the imported regex code uses
the wrong order almost consistently, which has been corrected.
* Expose "name conflict" error when a ref creation fails due to D/F
conflict in the ref namespace, to improve an error message given by
"git fetch".
(merge 9339fca23e it/refs-name-conflict later to maint).
* The SubmittingPatches document now refers folks to manpages
translation project.
* The documentation for "git diff --name-only" has been clarified
that it is about showing the names in the post-image tree.
* The credential helper that talks with osx keychain learned to avoid
storing back the authentication material it just got received from
the keychain.
(merge e1ab45b2da kn/osxkeychain-skip-idempotent-store later to maint).
* The chainlint script (invoked during "make test") did nothing when
it failed to detect the number of available CPUs. It now falls
back to 1 CPU to avoid the problem.
* Revert overly aggressive "layered defence" that went into 2.45.1
and friends, which broke "git-lfs", "git-annex", and other use
cases, so that we can rebuild necessary counterparts in the open.
* "git init" in an already created directory, when the user
configuration has includeif.onbranch, started to fail recently,
which has been corrected.
* Memory leaks in "git mv" has been plugged.
* The safe.directory configuration knob has been updated to
optionally allow leading path matches.
* An overly large ".gitignore" files are now rejected silently.
* Upon expiration event, the credential subsystem forgot to clear
in-core authentication material other than password (whose support
was added recently), which has been corrected.
* Fix for an embarrassing typo that prevented Python2 tests from running
anywhere.
* Varargs functions that are unannotated as printf-like or execl-like
have been annotated as such.
* "git am" has a safety feature to prevent it from starting a new
session when there already is a session going. It reliably
triggers when a mbox is given on the command line, but it has to
rely on the tty-ness of the standard input. Add an explicit way to
opt out of this safety with a command line option.
(merge 62c71ace44 jk/am-retry later to maint).
* A leak in "git imap-send" that somehow escapes LSan has been
plugged.
* Setting core.abbrev too early before the repository set-up
(typically in "git clone") caused segfault, which as been
corrected.
* When the user adds to "git rebase -i" instruction to "pick" a merge
commit, the error experience is not pleasant. Such an error is now
caught earlier in the process that parses the todo list.
* We forgot to normalize the result of getcwd() to NFC on macOS where
all other paths are normalized, which has been corrected. This still
does not address the case where core.precomposeUnicode configuration
is not defined globally.
* Earlier we stopped using the tree of HEAD as the default source of
attributes in a bare repository, but failed to document it. This
has been corrected.
* "git update-server-info" and "git commit-graph --write" have been
updated to use the tempfile API to avoid leaving cruft after
failing.
* An unused extern declaration for mingw has been removed to prevent
it from causing build failure.
* A helper function shared between two tests had a copy-paste bug,
which has been corrected.
* "git fetch-pack -k -k" without passing "--lock-pack" (which we
never do ourselves) did not work at all, which has been corrected.
* CI job to build minimum fuzzers learned to pass NO_CURL=NoThanks to
the build procedure, as its build environment does not offer, or
the rest of the build needs, anything cURL.
(merge 4e66b5a990 jc/fuzz-sans-curl later to maint).
* "git diff --no-ext-diff" when diff.external is configured ignored
the "--color-moved" option.
(merge 0f4b0d4cf0 rs/diff-color-moved-w-no-ext-diff-fix later to maint).
* "git archive --add-virtual-file=<path>:<contents>" never paid
attention to the --prefix=<prefix> option but the documentation
said it would. The documentation has been corrected.
(merge 72c282098d jc/archive-prefix-with-add-virtual-file later to maint).
* When GIT_PAGER failed to spawn, depending on the code path taken,
we failed immediately (correct) or just spew the payload to the
standard output (incorrect). The code now always fail immediately
when GIT_PAGER fails.
(merge 78f0a5d187 rj/pager-die-upon-exec-failure later to maint).
* date parser updates to be more careful about underflowing epoch
based timestamp.
(merge 9d69789770 db/date-underflow-fix later to maint).
* The Bloom filter used for path limited history traversal was broken
on systems whose "char" is unsigned; update the implementation and
bump the format version to 2.
(merge 9c8a9ec787 tb/path-filter-fix later to maint).
* Typofix.
(merge 231cf7370e as/pathspec-h-typofix later to maint).
* Code clean-up.
(merge 4b837f821e rs/simplify-submodule-helper-super-prefix-invocation later
to maint).
* "git describe --dirty --broken" forgot to refresh the index before
seeing if there is any chang, ("git describe --dirty" correctly did
so), which has been corrected.
(merge b8ae42e292 as/describe-broken-refresh-index-fix later to maint).
* Test suite has been taught not to unnecessarily rely on DNS failing
a bogus external name.
(merge 407cdbd271 jk/tests-without-dns later to maint).
* GitWeb update to use committer date consistently in rss/atom feeds.
(merge cf6ead095b am/gitweb-feed-use-committer-date later to maint).
* Custom control structures we invented more recently have been
taught to the clang-format file.
(merge 1457dff9be rs/clang-format-updates later to maint).
* Developer build procedure fix.
(merge df32729866 tb/dev-build-pedantic-fix later to maint).
* "git push" that pushes only deletion gave an unnecessary and
harmless error message when push negotiation is configured, which
has been corrected.
(merge 4d8ee0317f jc/disable-push-nego-for-deletion later to maint).
* Address-looking strings found on the trailer are now placed on the
Cc: list after running through sanitize_address by "git send-email".
(merge c852531f45 cb/send-email-sanitize-trailer-addresses later to maint).
* Tests that use GIT_TEST_SANITIZE_LEAK_LOG feature got their exit
status inverted, which has been corrected.
(merge 8c1d6691bc rj/test-sanitize-leak-log-fix later to maint).
* The http.cookieFile and http.saveCookies configuration variables
have a few values that need to be avoided, which are now ignored
with warning messages.
(merge 4f5822076f jc/http-cookiefile later to maint).
* Repacking a repository with multi-pack index started making stupid
pack selections in Git 2.45, which has been corrected.
(merge 8fb6d11fad ds/midx-write-repack-fix later to maint).
* Fix documentation mark-up regression in 2.45.
(merge 6474da0aa4 ja/doc-markup-updates-fix later to maint).
* Work around asciidoctor's css that renders `monospace` material
in the SYNOPSIS section of manual pages as block elements.
(merge d44ce6ddd5 js/doc-markup-updates-fix later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge 493fdae046 ew/object-convert-leakfix later to maint).
(merge 00f3661a0a ss/doc-eol-attr-fix later to maint).
(merge 428c40da61 ri/doc-show-branch-fix later to maint).
(merge 58696bfcaa jc/where-is-bash-for-ci later to maint).
(merge 616e94ca24 tb/doc-max-tree-depth-fix later to maint).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
727284bf0e |
core188: Ship exfatprogs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
cca1ef9a56 |
exfatprogs: Update to version 1.2.5
- Update from version 1.1.3 to 1.2.5
- Update of rootfile
- Changelog
1.2.5
CHANGES :
* exfatprogs: remove the limitation that the device
path length cannot exceed 254 bytes.
* exfatprogs: include the test images in the release
package.
NEW FEATURES :
* fsck.exfat: check and repair the filename which has
invalid characters.
BUG FIXES :
* tune.exfat: check whether the volume has invalid
characters correctly.
* fsck.exfat: check whether the filename and volume
has invalid characters correctly.
* fsck.exfat: fix endianess issues which happen
in the big-endian system.
1.2.4
BUG FIXES :
* tune.exfat: Fix "invalid serial number" error when
setting an serial number.
* fsck.exfat: Fix memory leak in an error path
1.2.3
CHANGES :
* dump.exfat: Report sector size in bytes and cluster size in
terms of sectors.
* fsck.exfat: Show checksum value if the SetChecksum of File
directory entry is invalid.
* mkfs.exfat: Improve FAT length calculation to reduce
the FAT size.
NEW FEATURES :
* mkfs.exfat: Add the option "--sector-size".
* fsck.exfat: Support checking and repairing VendorAllcation and
VendorExtension directory entries.
BUG FIXES :
* exfatprogs: Remove unnecessary memory allocations.
* fsck.exfat: Fix corruption that can occur if the cluster size
is 512-byte.
* fsck.exfat: Fix the SecondaryCount of File directory entry
when the count of Name directory entries is 17 or higher.
* tune.exfat: Fix an error that accepts invalid serial numbers.
1.2.2
CHANGES :
* exfat2img: Allow dumps for read-only devices.
* fsck.exfat: Revert Repairing zero size directory.
NEW FEATURES :
* fsck.exfat: Repair duplicated filename.
* mkfs.exfat: Add the option "q" to print only error messages.
* mkfs.exfat: Add the option "U" to set volume GUID.
* tune.exfat: Add the option "U" / "-u" to set or print volume GUID.
BUG FIXES:
* fsck.exfat: Fix some out-of-bounds memory accesses.
* fsck.exfat: Change not to delete volume GUID directory entry.
1.2.1
CHANGES :
* fsck.exfat: Repair zero size directory.
* fsck.exfat: Four small clean-ups.
1.2.0
CHANGES :
* fsck.exfat: Keep traveling files even if there is a corrupted
directory entry set.
* fsck.exfat: Introduce the option "b" to recover a boot sector even
if an exFAT filesystem is not found.
* fsck.exfat: Introduce the option "s" to create files in
"/LOST+FOUND", which have clusters allocated but was not belonged to
any files.
* fsck.exfat: Rename '.' and '..' entry name to the one user want.
NEW FEATURES :
* fsck.exfat: Repair corruptions of an exFAT filesystem. Please refer
to fsck.exfat manpage to see what kind of corruptions can be repaired.
* exfat2img: Dump metadata of an exFAT filesystem. Please refer to
exfat2img manpage to see how to use it.
BUG FIXES:
* fsck.exfat: Fix an infinite loop while traveling files.
* tune.exfat: Fix bitmap entry corruption when adding new volume lablel.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
d150ecb42f |
core188: Ship cURL
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
b1be6000fe |
curl: Update to version 8.9.1
- Update from version 8.8.0 to 8.9.1
- Update of rootfile
- Changelog
8.9.1
Bugfixes:
cmake: detect `libssh` via `pkg-config`
cmake: detect `nettle` when building with GnuTLS
cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()`
configure: limit `__builtin_available` test to Darwin
connect: fix connection shutdown for event based processing
contrithanks.sh: use -F with -v to match lines as strings
curl: more defensive socket code for --ip-tos
CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching
CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe
example/multi-uv: remove the use of globals
ftpserver.pl: make POP3 LIST serve content from the test file
GHA/windows: increase timeout for vcpkg build step
lib: survive some NULL input args
macos: fix Apple SDK bug workaround for non-macOS targets
misc: cleanup after removing years from copyright
os400: build cli manual.
os400: workaround an IBM ASCII run-time library bug
RELEASE-PROCEDURE.md: remove the initial build step
runtests: fold timing details with GHA, sync `-r` tflags
tests: provide FTP directory contents in the test file
tidy-up: URL updates
TODO: thread-safe sharing
transfer: speed limiting fix for 32bit systems
vtls: avoid forward declaration in MultiSSL builds
wolfSSL: allow wolfSSL's implementation of kyber to be used
wolfssl: avoid calling get_cached_x509_store if store is uncachable
wolfssl: CA store share fix
x509asn1: unittests and fixes for gtime2str
8.9.0
Changes:
curl: add --ip-tos (IP Type of Service / Traffic Class)
curl: add --mptcp
curl: add --vlan-priority
curl: add -w '%{num_retries}'
gnutls: support CA caching
mbedtls: support CURLOPT_CERTINFO
noproxy: patterns need to be comma separated
socket: support binding to interface *AND* IP
tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt
urlapi: add CURLU_NO_GUESS_SCHEME
wolfssl: support CA caching
Bugfixes:
(lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS`
asyn-thread: avoid using GetAddrInfoExW with impersonation
aws-sigv4: url encode the canonical path
BINDINGS: update java link to one that exists
build: add Debug, TrackMemory, ECH to feature list
build: add more supported attributes to the IAR compiler
build: fix llvm 16 or older + Xcode 15 or newer, and gcc
build: fix llvm 17 and older + macOS SDK 14.4 and newer
build: sync warning options between autotools, cmake & compilers
build: tidy up `__builtin_available` feature checks (Apple)
build: untangle `CURLDEBUG` and `DEBUGBUILD` macros
build: use `#error` instead of invalid syntax
cd2nroff: convert two warnings to errors
cd2nroff: use an empty "##" to signal end of .IP sequence
cf-socket: improve SO_SNDBUF update for Winsock
cf-socket: optimize curlx_nonblock() and check its return error
cf-socket: remove obsolete recvbuf
cf-socket: remove two "useless" assignments
cfilters: make Curl_conn_connect always assign 'done'
cmake: add CURL_USE_GSASL option with detection + CI test
cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON`
cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION`
cmake: alpha-sort feature list
cmake: always build unit tests with the `testdeps` target
cmake: bring `curl-config.cmake` closer to `FindCURL`
cmake: create `configurehelp.pm` like autotools does
cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros
cmake: detect `libidn2` also via `pkg-config`
cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION`
cmake: fix `-Wredundant-decls` in unity/mingw-w64 builds
cmake: fix brotli lib order
cmake: fix building `unit1600` due to missing `ssl/openssl.h`
cmake: fix building in unity mode
cmake: fix building with both md4 and md5 in unity mode
cmake: fix builds with detected libidn2 lib but undetected header
cmake: fix feature and protocol lists for SecureTransport
cmake: fix quotes when appending multiple options (SecureTransport)
cmake: fix test 1013 with websockets enabled and no TLS
cmake: improve wolfSSL detection
cmake: show protocols, then features
cmake: stop setting SOVERSION for the static lib target
cmake: sync CA bundle/path detection with autotools
cmake: sync protocol/feature list with `curl -V` output
cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string
cmake: whitespace, formatting/tidy-up in comments
cmdline-docs: "added in" cleanups
cmdline-docs: fix `--proxy-ca-native` example + tidy-ups
cmdline-opts/_PROTOCOLS.md: mention WS(S)
cmdline-opts/ech.md: shorten the help text
cmdline-opts/fail.md: expand and clarify
cmdline-opts/interface.md: expand the documentation
cmdline-opts: category cleanup
cmdline-opts: expand the parallel explanations
cmdline-opts: shorten six help texts
cmdline: expand proxy option explanations
code: language cleanup in comments
configure: CA bundle/path detection fixes
configure: fix `SystemConfiguration` detection
configure: fix pkg-config library name 'libnghttp3'
configure: fix pkg-config names (zstd, ngtcp2*)
configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds
configure: remove 'deeper' checks for `AC_CHECK_FUNCS`
configure: require a QUIC library if nghttp3 is used
configure: sort feature list, lowercase protocols, use backticks
configure: use `$EGREP` in place of `grep -E`
configure: use AC_MSG_WARN for TLS/experimental warning texts
connect-to.md: expand with examples
connection: shutdown TLS (for FTP) better
cookie-jar.md: see also --junk-session-cookies
curl-config: revert to backticks to support old target envs
curl: allow etag and content-disposition for 3xx reply
curl: bsearch the --write-out variable name
curl: check for --disable case *sensitively*
curl: list categories in --help
curl: make warnings and other messages aware of terminal width
curl: output "flying saucers" with leading carriage return
curl_easy_escape: elaborate a little on encoding a URL
curl_mprintf.md: add missing comma
curl_multi_poll.md: expand the example with an custom file descriptor
curl_str[n]equal.md: tidy up text to make them stand-alone
curl_url_set.md: libcurl only parses :// URLs
curl_url_set: elaborate on scheme guessing
curldown: make 'added-in:' a mandatory header field
CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version
CURLOPT_ECH.md: remove repeated 'if'
CURLOPT_NETRC.md: clarify what it does on Windows
CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*')
CURLOPT_SSL_VERIFYHOST.md: refresh
CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: language fixups
DISTROS: add a link to the list archive
DISTROS: add AlmaLinux package source link
DISTROS: add MSYS2 (native) links
docs/cmdline-opts: fix mail-auth example TLD typo
docs/cmdline-opts: remove two superfluous "Added in" mentions
docs/libcurl: polish the single-line descriptions
docs/Makefile.am: make curl-config.1 install
docs: reference non deprecated libcurl options
docs: start markdown headers with capital letter where applicable
doh-insecure.md: expand
doh: fix cleanup
doh: fix leak and zero-length HTTPS RR crash
dump-header.md: mention minus for stdout
examples/threaded-ssl: remove locking callback code
examples: add missing binaries to .gitignore
examples: delete unused includes
examples: fix compiling with MSVC
examples: suppress deprecation warnings locally
FEATURES.md: refresh
file: separate fake headers and body with a stand-alone CRLF
ftp: remove redundant null pointer check in loop condition
get.d: clarify the explanation
GHA/windows: add MSVC wolfSSL job with test
GHA/windows: ignore FTP test results for old-mingw-w64
GHA: add MSVC UWP job, expand jobs with more options
GHA: detect and warn for more English contractions
GHA: disable MQTT and WebSocket tests in Windows jobs
GHA: disable TFTP tests in Windows jobs
GHA: enable tests 1139, 1177, 1477 on Windows
GHA: improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs
GHA: unify http3 workflows into one
GHA: use vcpkg to install packages for MSVC jobs
GIT-INFO.md: remove version requirements
gnutls: improve TLS shutdown
gnutls: pass in SNI name, not hostname when checking cert
help: add flags to output and ssh categories
hostip: skip error check for infallible function call
http/3: add shutdown support
http/3: resume upload on ack if we have more data to send
http: remove "struct HTTP"
http: write last header line late
idn: fix ß with AppleIDN
idn: make macidn fail before trying conversion if name too long
idn: tweak buffer use when converting with macidn
lib/v*: tidy up types and casts
lib: add a few DEBUGASSERT(data) to aid code analyzers
lib: add failure reason on bind errors
lib: fix gcc warning in certain debug builds
lib: fix thread entry point to return `DWORD` on WinCE
lib: graceful connection shutdown
lib: prefer `var = time(NULL)` over `time(&var)`
lib: tidy up types and casts
lib: xfer_setup and non-blocking shutdown
libcurl-docs: make option lists alpha-sorted
libcurl-easy.md: now *more* than 300 options
libcurl.pc: add `Requires.private`, `Requires` for static linking
libcurl.pc: add more `Requires.private`/`Requires` dependencies
libssh: remove CURLOPT_SSL_VERIFYHOST check
macos: add workaround for gcc, non-c-ares, IPv6, compile error
macos: undo `availability` macro enabled by Homebrew gcc
managen: "added in" fixes
managen: cleanups to generate nicer-looking output
managen: error on trailing blank lines in input files
managen: fix removing backticks from subtitles
managen: insert final .fi for files ending with a quote
managen: introduce "Multi: per-URL"
managen: only output .RE for manpage output
managen: output tabs for each 8 leading spaces
managen: warn on excessively long help texts
MANUAL.md: wrap two example urls that overrun styling
mbedtls: check version before getting tls version
mbedtls: check version for cipher id
mbedtls: correct the error message for cert blob parsing failure
mbedtls: send close-notify on close
mbedtls: v3.6.0 workarounds
md4: fix compilation with OpenSSL 1.x with md4 disabled
misc: fix typos
mk-ca-bundle.pl: delay 'curl -V' execution until it is needed
multi: add multi->proto_hash, a key-value store for protocol data
multi: do a final progress update on connect failure
multi: fix multi_wait() timeout handling
multi: fix pollset during RESOLVING phase
multi: multi_getsock(), check correct socket
ngtcp2+quictls: fix cert-status use
noproxy: test bad ipv6 net size first
openssl/gnutls: rectify the TLS version checks for QUIC
openssl: fix %-specifier in infof() call
openssl: fix hostname handling when using ECH
openssl: stop duplicate ssl key logging for legacy OpenSSL
os400: make it compilable again
pytest: add ftp upload tests
pytest: include testenv/vsftpd.py in dist tarball
quic: enable UDP GRO
quic: openssl quic, cmake and doc version update to 3.3.0
quic: require at least OpenSSL 3.3 for QUIC
quic: update to quiche 0.22.0
quiche: fix operand of ‘?:’ changes signedness
request.md: language fix
request: change the struct field bodywrites to a bool, only for hyper
reuse: switch to REUSE 3.2 and REUSE.toml
runtests: show name and keywords for failed tests in summary
runtests: sort test IDs in summary lines
runtests: support %DATEfor YYYY-MM-DD of right now
runtests: support %VERNUM
runtests: support crlf="yes" for the <stderr> section
sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings
sectransp: fix clang compiler warnings, stop silencing them
sectransp: remove large cipher table
sectransp: use common code for cipher suite lookup
sendf: fix CRLF conversion of input
smtp: for starttls, do full upgrade
socket: change TCP keepalive from ms to seconds on DragonFly BSD
socket: use SOCK_NONBLOCK to eliminate extra system call
socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()`
src/Makefile.am: remove SUBDIRS assignment
system_win32: add missing curl.h include
tcpkeepalive: support TCP keep-alive parameters on Solaris <11.4
test1119: adapt for `.md` input
test1139: scan .md files instead of .3 ones
test1175: scan libcurl-errors.md, not the generated .3 version
test1486: verify that write-out.md and tool_writeout.c are in sync
test2600: disable on win32
test: add test1484, for HEAD with content
test: add test1546, chunked not last transfer encoding
tests/scripts: call it 'manpage' (single word)
tests: add pytest for --ciphers and --tls13-ciphers options
tests: delete `CharConv` remains
tests: delete redundant `!MSDOS` guard
tests: extend user/password parsing test1620
tests: fix sshd IdentityFile path for MinGW/Cygwin
tests: fix sshd UserKnownHostsFile path for MinGW/Cygwin
tests: include current directory when running test Perl commands
tests: log "Throwing away" messages before throwing away
tests: run with "--trace-config all" to provide even more info
tests: sync feature names with `curl -V`
tests: test_17_ssl_use.py clarify mbedTLS TLSv1.3 support
tests: use exec when spawning nghttpx
tidy-up: use consistent casing for Windows directories
TODO: remove some old, clarify, add something
tool_cb_hdr: return error for failed header writes
tool_operate: avoid explicitly setting verifypeer to 1
tool_operate: simplify return code handling from url_proto()
tool_writeout: get certinfo only when needing it
trace-ascii.md: mention "%" for stderr
transfer: avoid polling socket every transfer loop
transfer: conn close on paused upload
transfer: do not use EXPIRE_NOW while blocked
transfer: remove curl_upload_refill_watermark, no longer used
transfer: set CSELECT_IN if there is data pending
unit2604: use 'unitfail' instead of 'error' variable
url: allow DoH transfers to override max connection limit
urlapi: remove unused definition of HOST_BAD
variable.md: make example use expand
verify-synopsis.pl: work with .md files
vms: fixed language in comment
vtls: deprioritize Secure Transport
vtls: replace addsessionid with set_sessionid
winbuild: fix PE version info debug flag
winbuild: MS-DOS batch tidy-ups
winbuild: remove outdated WIN32 defines
windows: fix UWP builds, add GHA job
winsock: move SO_SNDBUF update into cf-socket
wolfssl: assume key_file equal to clientcert if no key_file
wolfssl: use larger error buffer when formatting errors
x509asn1: add some common ECDSA OIDs
x509asn1: ASN1tostr() should fail when 'constructed' is set
x509asn1: fallback to dotted OID representation
x509asn1: make Curl_extract_certinfo store error message
x509asn1: prevent NULL dereference
x509asn1: remove superfluous free()
x509asn1: remove two static variables
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
1e046ced88 |
core188: Ship bash
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
bebbb0423d |
bash: Update to include patches 27 to 32
- Update from patches 1-26 to 1-32 - Update of rootfile not required - Changelog of patches 27 The configure test for the presence of strtoimax(3) is inverted. 28 A DEBUG trap in an asynchronous process can steal the controlling terminal away from the calling shell, causing it to exit. 29 There are problems with recovery after parser errors when parsing compound assignments. For instance, the `local' builtin reports an error but never cleans up the function context. 30 `wait -n' can fail to return some jobs if they exit due to signals the shell does not report to the user. 31 There is a memory leak in the code that implements the optimized $(<file) expansion for some code paths. 32 When printing functions containing coprocesses, the displayed coproc command has the word COPROC inserted unconditionally, resulting in function bodies that cannot be re-read as input. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
ad4f573733 |
core188: Ship poppler
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
270ffda1ea |
cups-filters: Ship due to sobump in poppler-24.08.0
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
e891c3beca |
poppler: Update to version 24.08.0
- Update from version 24.03.0 to 24.08.0
- Update of rootfile
- sobump has dependency of cups-filters
- Changelog
24.08.0
core:
* Add support for modifying the appearance stream text in form field choice
* Fix buffer overflow in Windows specific font selection code
* Fix crashes in malformed files
* Internal code improvements
qt5:
* Add support for modifying the appearance stream text in form field choice
qt6:
* Add support for modifying the appearance stream text in form field choice
utils:
* pdfinfo: Fix crash in malformed documents
24.07.0
core:
* Fix crashes in broken files
* Internal code improvements
qt6:
* Add getters for document additional actions
* Implement reset forms link
qt5:
* Add getters for document additional actions
* Implement reset forms link
utils:
* pdfinfo: Fix crash in broken documents when using -dests
build system:
* Mark glib-mkenums as required
24.06.0
core:
* Performance improvements in some files
* Fix some issues with files bigger than 2^31 bytes
* Remove all cairo include guards for cairo < 1.16
* Fix MSVC build
* Internal code improvements
qt6:
* Update Qt6 doc example
* Use the non deprecated version of QString::fromUcs4
glib:
* properly document return value from poppler_font_info_scan
24.05.0
core:
* Fix signing not being totally correct in some kind of PDF files
* Assume "Adobe-Identity" for character collection. Issue #1465
* Small improvements in annotation font rendering
* Remove some GooString methods, use std::string ones instead
* Move some GooString methods to UTF.h
* Fix crash in broken files
cpp:
* cpp: Fix crash extracting text and font in some files. Issue #1477
* Change base class of ustring to char16_t
qt6:
* Add async API for certificate validation
* Fix text extraction for Landscape/Seascape pages
qt5:
* Add async API for certificate validation
* Fix text extraction for Landscape/Seascape pages
utils:
* pdfdetach: Small code improvements
* pdftops: Write compliant ps header
build system:
* Increase minimum supported base to that provided by Ubuntu 22.04
24.04.0
core:
* Optimize page text extraction speed
* Fix clipping path handling in some files. Issue #739
* Fix regression in text selection
* Fix text search across lines between paragraphs
qt6:
* Fix crash in SoundObject::data
utils:
* pdfsig: Add Catalan translation
build system:
* Build code as C++20
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
25365003f6 |
core188: Ship DHCP/Unbound Bridge socket implementation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Michael Tremer
|
b058000c23 | Merge remote-tracking branch 'ms/unbound-socket' into next | ||
|
Adolf Belka
|
8f114a01c3 |
stunnel: Update to version 5.72
- Update from version 5.71 to 5.72
- Update of rootfile not required
- Changelog
5.72
* Security bugfixes
- OpenSSL DLLs updated to version 3.2.1.
* Bugfixes
- Fixed SSL_CTX_new() errors handling.
- Fixed OPENSSL_NO_PSK builds.
- Android build updated for NDK r23c.
- stunnel.nsi updated for Debian 12.
- Fixed tests with OpenSSL older than 1.0.2.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
fdde24fc7e |
pmacct: Update to version 1.7.9
- Update from version commit 5a5e272 to 1.7.9
- Update of rootfile not required
- Changelog
The keys used are:
!: fixed/modified feature, -: deleted feature, +: new feature
1.7.9
+ pmtelemetryd: gRPC data collection functionalities were added to
the daemon. https://github.com/scuzzilla/mdt-dialout-collector is
the library linked to add the functions required to collect data
via gRPC dialout. Thanks to Salvatore Cuzzilla ( @scuzzilla ) for
this contribution, along with the ninja support of Marc Sune
( @msune ).
+ BMP daemon: HA support introduced: in order to add redundancy at
data collection, let multiple collectors to establish indentical
BMP session, while only one is sending data to the backend. Thanks
to Zhuoyao Lin ( @Zephyre777 ) and Leonardo Rodoni ( @rodonile )
for this contribution.
+ nfacctd: developed a more robust and streamlined NetFlow v9/
IPFIX template handling framework based on libcdada structures,
hence dropping the previous ad-hoc home-grown memory structures.
+ nfacctd: introduced support for sampling rate calculation based
on IANA entities IE309 (samplingSize), IE310 (samplingPopulation),
which are being exported in IPFIX sampling options for a random-n-
out-of-N sampler. Also, support for 16-bit and 32-bit selectorID
is added as well. Thanks to Leonardo Rodoni ( @rodonile ) for this
contribution.
+ nfacctd: extended the support of IE130 (exporterIPv4Address) and
IE131 (exporterIPv6Address) for when this info is contained in
data packets. Thanks to Leonardo Rodoni ( @rodonile ) for this
contribution.
+ nfacctd: added nfacctd_ignore_exporter_address config knob to
not honour IE130 (exporterIPv4Address), IE131 (exporterIPv6Address)
and use the socket address instead.
+ nfacctd: improved support for Route Distinguisher (RD): added the
case where the RD information has finer-grained scope in Option
packets; also RD in IPFIX Options can now be used for correlating
data against BGP/BMP. Finally priority of supplied RD info is
streamlined as: RD in flow_to_rd.map > RD in IPFIX/NFv9 data
packet > RD in IPFIX/NFv9 option packets. Thanks to Leonardo
Rodoni ( @rodonile ) for these contributions.
+ nfacctd: added IEs 44 (sourceIPv4Prefix), 170 (sourceIPv6Prefix),
45 (destinationIPv4Prefix), and 169 (destinationIPv6Prefix) to
flow heuristics.
+ nfacctd: as part of src_mac, dst_mac primitives, added support
for IEs 365 (staMacAddress) and 366 (staIPv4Address).
+ nfacctd: introduced support for IE497 (srhSegmentIPv6ListSection),
The SRv6 Segment List as defined in Section 2 of [RFC8754] as a
series of octets in IPFIX. Also added Path Delay measurements
PathDelay{Mean,Min,Max,Sum}DeltaUsecs.
+ nfacctd: tunnel primitives (tunnel_src_host, tunnel_dst_host,
tunnel_proto, tunnel_tos, tunnel_src_port, tunnel_dst_port and
tunnel_tcpflags) were linked to SRv6 code. Also, in this context,
support for repeating IEs has been added. Thanks to Uwe Storbeck
( @ustorbeck ) for this contribution.
+ nfacctd: extended IE89 (forwardingStatus) support to be 2 or 4
bytes long. Also introduced support for IE31 (flowLabelIPv6).
Thanks to Uwe Storbeck ( @ustorbeck ) for these contributions.
+ nfacctd: a new primitive 'nvgre' is defined representing the
Tenant Network Identifier (TNI) for NVGRE L2 tunnels, which is
encoded in IANA IE351 (layer2SegmentId) with MSB 0x02. Thanks to
Leonardo Rodoni ( @rodonile ) for this contribution.
+ sfacctd: added support for accounting for ARP packets via a new
aggregate_unknown_etype config knob.
+ nfacctd, sfacctd, pmacctd: added new 'in_cvlan' and 'out_cvlan'
primitives. It identifies the VLAN to which the frame belongs to
when it is transmitted in the customer network.
+ BGP daemon: added support for "Only to Customer" OTC attribute,
RFC9234.
+ BGP daemon: extend MP nexthop length to support 48 bytes to fit
the BGP VPNv6 nexthop length. Thanks to @FRIDM636 for this
contribution.
+ BGP daemon: as specified by RFC8950, routers cannot advertise
IPv4 or VPNV4 routes with an IPv6 next hop without an extra
capability advertisement (Extended Next Hop Encoding). This has
been added so that the daemon can reply with this capability to
the remote peer. Thanks to Leonardo Rodoni ( @rodonile ) for
this contribution.
+ BGP, BMP daemons: Two new configuration keys are introduced:
bgp_comms_encode_as_array and as_path_encode_as_array to allow
to specify that BGP communities and AS_PATH are encoded as an
array in JSON or AVRO encodings.
+ BMP daemon: a new bmp_dump_exclude_stats config knob has been
added: if enabled, BMP Stats messages are not going to be cached
and thus not being included in the regular dump.
+ All daemons: added a -T / dry_run config knob. With the 'config'
argument only configuration is validated; with the 'setup' one
the daemon and its plugins are also instantiated and validated.
+ Kafka plugin: allowing to configure sub-minute historical time
bins (ie. kafka_history, etc.).
+ pre_tag_map: introduced pre_tag_map_dont_recirculate config knob
to explicitely disable v4/v6 recirculation of entries without an
'ip' key specified. Also if 'ip' key is not defined, still define
the address family (AF) so to be memory-savvy and avoid creating
duplicate entries in case of v4/v6 recirculation.
+ nDPI support: updated API calls to compile against nDPI 4.6. Also
dropped support for previous versions of the library.
! fix, nfacctd: treat the result of (SysUptime - fstime) as signed
to avoid a underflow in the case where fstime > SysUptime in
NetFlow v9. Thanks to Jim Westfall ( @jwestfall69 ) for this
contribution.
! fix, nfacctd: addressed a memory leak in handling NetFlow/IPFIX
templates. Also performed code re-factoring to better encapsulate
the template functionality, add a template header file, separate
the module interface from local functions and reduce the scope of
local functions. Thanks to Uwe Storbeck ( @ustorbeck ) for these
contributions.
! fix, nfacctd: parsing of IPFIX/NetFlow data when a template does
contain multiple padding octet fields IE 210 (paddingOctets) with
different length. Thanks to Uwe Storbeck ( @ustorbeck ) for this
contribution.
! fix, nfacctd: 4 bytes long IE95 (applicationID) is now supported;
as part of this work the setup of nDPI and NBAR classifiers have
been harmonized.
! fix, sfacctd: mispelled daemon type in sampling_direction handler
was causing counters not to print.
! fix, pmacctd: restored packet data pointer for correct collection
of ICMPv6 data.
! fix, uacctd: the daemon was crashing upon receipt an ICMP Echo
Request packet (as a result, for example, of a ping). Thanks to
Alexei A Smekalkine ( @ikle ) for this contribution.
! fix, pmtelemetryd: when no backend dump method is configured (and
telemetry_dump_time_slots is not set) pmtelemetryd was crashing
with SIGFPE. Also fixed the dump interval calculation when time
slots are used. Thanks to Uwe Storbeck ( @ustorbeck ) for these
contributions.
! fix, pmtelemetryd: restored ability of the daemon re-loading maps
via SIGUSR2 signal. Thanks to Salvatore Cuzzilla ( @scuzzilla )
for this contribution.
! fix, BGP, BMP daemons: the hash function used to distribute per-
peer information attached to RIB entries was enriched with the
addition of Route Distinguisher (RD) data in order to minimize
collisions. It is in fact crucial to have an efficient hash-table
to perform data correlation between BGP/BMP & IPFIX. Thanks to
Salvatore Cuzzilla ( @scuzzilla ), Leonardo Rodoni ( @rodonile )
for this contribution.
! fix, BMP daemon: finer grained control on support of ADD-PATH
capability as part of the Peer Up message in order to support
the case of remote peer receive-only scenario.
! fix, SQL plugins: 'in_vlan' primitive is not muxed anymore on
'vlan' keyword at configure time. Also, 'out_vlan' primitive is
now properly handled if sql_optimize_clauses left false.
! fix, MySQL plugin: if timestamps_utc is set to true, enforce UTC
for the current session.
! fix, tee plugin: missing variable definition when BSD definition
is on was preventing the code to compile correctly.
! fix, pre_tag_map: check added to avoid daemon hanging if 'next'
label was mentioned as part of the last map entry.
! fix, Redis: avoid to create a new file descriptor for every
reconnect. Use redisReconnect instead of redisConnect. Thanks to
Uwe Storbeck ( @ustorbeck ) for this contribution.
! fix, util.c: weekly time roundoff has been made consistent by
correctly including the first day of the week.
! fix, util.c: when pidfile is specified, use mkdir_multilevel() to
build dir structure if needed.
! fix, plugins_hook.c: when processing a pcap_savefile, perform an
inter-buffer sleep of 1ms only if using home-grown buffering as
ZeroMQ (plugin_pipe_zmq) would instead do fine absorbing the data
burst.
! fix, rpki_msg.c: missing json_decref() in rpki_roas_file_load()
was leaking memory on map reload. Also, solved a SEGV observed at
times when reloading rpki_roas_file. Finally free'd the output of
aspath_make_str_count() in rpki_roas_file_load().
- pmtelemetryd: removed legacy Python decoders and associated utils,
also removed support for Kafka and ZeroMQ telemetry collection.
- pre_tag_map: obsoleted 'fwdstatus' key.
- GeoIP support: removed support for Maxmind API v1.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
ca9abd894e |
nmap: Update to version 7.95
- Update from version 7.94 to 7.95
- Update of rootfile
- Changelog
7.95
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.75 to the latest version 1.79. It
includes many performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added
336 fingerprints, bringing the new total to 6036. Additions include iOS 15 &
16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
o Integrated over 2500 service/version detection fingerprints submitted since
June 2020. The signature count went up 1.4% to 12089, including 9 new
softmatches. We now detect 1246 protocols, including new additions of grpc,
mysqlx, essnet, remotemouse, and tuya.
o [NSE] Four new scripts from the DINA community
(https://github.com/DINA-community)
for querying industrial control systems:
+ hartip-info reads device information from devices using the Highway
Addressable Remote Transducer protocol
+ iec61850-mms queries devices using Manufacturing Message Specification
requests. [Dennis Rösch, Max Helbig]
+ multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All
message and prints the responses. [Stefan Eiwanger, DINA-community]
+ profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the
PNIO-CM service.
o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1,
libssh2 1.11.0, liblinear 2.47
o [GH#2639] Upgraded OpenSSL binaries (for the Windows builds and for
RPMs) to version 3.0.13. CVEs resolved in this update include only 2
moderate-severity issues which we do not believe affect Nmap:
CVE-2023-5363 and CVE-2023-2650
o [Zenmap][Ndiff][GH#2649] Zenmap and Ndiff now use setuptools, not distutils
for packaging.
o [Ncat][GH#2685] Fixed Ncat UDP server mode to not quit after EOF on stdin.
Reported as Debian bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613
o [GH#2672] Fixed an issue where TCP Connect scan (-sT) on Windows would fail to
open any sockets, leading to scans that never finish. [Daniel Miller]
o [NSE] ssh-auth-methods will now print the pre-authentication banner text when
available. Requires libssh2 1.11.0 or later. [Daniel Miller]
o [Zenmap][GH#2739] Fix a crash in Zenmap when changing a host comment.
o [NSE][GH#2766] Fix TLS 1.2 signature algorithms for EdDSA.
[Daniel Roethlisberger]
o [Zenmap][GH#2706] RPM spec files now correctly require the python3 package,
not python>=3
o Improvements to OS detection fingerprint matching, including a syntax change
for nmap-os-db that allows ranges within the TCP Options string. This leads
to more concise and maintainable fingerprints. [Daniel Miller]
o Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
o Several profile-guided optimizations of the port scan engine. [Daniel Miller]
o [GH#2731] Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
o [GH#2609] Fixed a memory leak in Nsock: compiled pcap filters were not freed.
o [GH#2658] Fixed a crash when using service name wildcards with -p, as in -p
"http*"
o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap
7.80 and later. [David Fifield, Mike Pattrick]
o [NSE][GH#2727][GH#2728] Fixed packet size testing in KNX scripts [f0rw4rd]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
cbaff8bcb4 |
ncat: Update to version 7.95
- Update from version 7.94 to 7.95
- Update of rootfile
- Changelog
7.95
o [Windows] Upgraded Npcap (our Windows raw packet capturing and
transmission driver) from version 1.75 to the latest version 1.79. It
includes many performance improvements, bug fixes and feature
enhancements described at https://npcap.com/changelog.
o Integrated over 4000 IPv4 OS fingerprints submitted since June 2020. Added
336 fingerprints, bringing the new total to 6036. Additions include iOS 15 &
16, macOS Ventura & Monterey, Linux 6.1, OpenBSD 7.1, and lwIP 2.2
o Integrated over 2500 service/version detection fingerprints submitted since
June 2020. The signature count went up 1.4% to 12089, including 9 new
softmatches. We now detect 1246 protocols, including new additions of grpc,
mysqlx, essnet, remotemouse, and tuya.
o [NSE] Four new scripts from the DINA community
(https://github.com/DINA-community)
for querying industrial control systems:
+ hartip-info reads device information from devices using the Highway
Addressable Remote Transducer protocol
+ iec61850-mms queries devices using Manufacturing Message Specification
requests. [Dennis Rösch, Max Helbig]
+ multicast-profinet-discovery Sends a multicast PROFINET DCP Identify All
message and prints the responses. [Stefan Eiwanger, DINA-community]
+ profinet-cm-lookup queries the DCERPC endpoint mapper exposed via the
PNIO-CM service.
o Upgraded included libraries: Lua 5.4.6, libpcre2 10.43, zlib 1.3.1,
libssh2 1.11.0, liblinear 2.47
o [GH#2639] Upgraded OpenSSL binaries (for the Windows builds and for
RPMs) to version 3.0.13. CVEs resolved in this update include only 2
moderate-severity issues which we do not believe affect Nmap:
CVE-2023-5363 and CVE-2023-2650
o [Zenmap][Ndiff][GH#2649] Zenmap and Ndiff now use setuptools, not distutils
for packaging.
o [Ncat][GH#2685] Fixed Ncat UDP server mode to not quit after EOF on stdin.
Reported as Debian bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039613
o [GH#2672] Fixed an issue where TCP Connect scan (-sT) on Windows would fail to
open any sockets, leading to scans that never finish. [Daniel Miller]
o [NSE] ssh-auth-methods will now print the pre-authentication banner text when
available. Requires libssh2 1.11.0 or later. [Daniel Miller]
o [Zenmap][GH#2739] Fix a crash in Zenmap when changing a host comment.
o [NSE][GH#2766] Fix TLS 1.2 signature algorithms for EdDSA.
[Daniel Roethlisberger]
o [Zenmap][GH#2706] RPM spec files now correctly require the python3 package,
not python>=3
o Improvements to OS detection fingerprint matching, including a syntax change
for nmap-os-db that allows ranges within the TCP Options string. This leads
to more concise and maintainable fingerprints. [Daniel Miller]
o Improved the OS detection engine by using a new source port for each retry.
Scans from systems such as Windows that do not send RST for unsolicited
SYN|ACK responses were previously unable to get a response in subsequent
tries. [Daniel Miller]
o Several profile-guided optimizations of the port scan engine. [Daniel Miller]
o [GH#2731] Fix an out-of-bounds read which led to out-of-memory errors when
duplicate addresses were used with --exclude
o [GH#2609] Fixed a memory leak in Nsock: compiled pcap filters were not freed.
o [GH#2658] Fixed a crash when using service name wildcards with -p, as in -p
"http*"
o [NSE] Fixed DNS TXT record parsing which caused asn-query to fail in Nmap
7.80 and later. [David Fifield, Mike Pattrick]
o [NSE][GH#2727][GH#2728] Fixed packet size testing in KNX scripts [f0rw4rd]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
90c2db58d9 |
keepalived: Update to version 2.3.1
- Update from version 2.2.8 to 2.3.1
- Update of rootfile not required
- Changelog
2.3.1
This is minutes release to quickly fix minor regression.
Fixes
conf: fix secondary config file location when using –prefix=/usr Commit
42a746c - “configure: ${prefix} defaults to NONE which messes up
DEFAULT_CONFIG_FILE” broke the checking of whether a secondary default
config file location is required
2.3.0
This release brings improvements and fix some minor issues reported. Yearly
release.
New
vrrp: For use_vmac and use_ipvlan, copy the group from the base interface.
It is useful in many instances to set up firewall rules based on
interface groups so that sets of interfaces may be aggregated by group and
matched with a single rule rather than by listing them all. Prior to this
change, when use_vmac or use_ipvlan is used, new interfaces are created
with the default group, which breaks this ability. Further complicating the
issue is that nftables resolves interface names to ifindex at load time.
This is problematic with keepalived’s interface creation, which usually
comes after the firewall loading, forcing the use of iifname, oifname
instead (similar to iptables -i, -o). By copying the group value, such
firewall rules can continue to work regardless of the use_vmac or
use_ipvlan settings, since packets may now arrive on, or be routed out
from, the new interfaces.
vrrp: Addd name option for use_vmac and use_ipvlan. This is to allow an
interface name of “bridge” etc.
vrrp: Add interface group option for VMACs and ipvlans. Now that the
interface group of a VMAC or ipvlan is set, by default, to match its parent
interface, this option now allows the group of the VMAC or ipvlan to be
explicitly configured and set.
ipvs: Add snmp_rs_stats_update_interval. This compliments
snmp_vs_stats_update_interval, and also real server stats are now only
fetched from the kernel when there is an SNMP request for them; i.e. VS
stats and RS stats are updated separately.
conf: Add global keyword use_symlink_paths. By default keepalived resolves
all symbolic links in path names of scripts to the real path. This commit
adds the use_symlink_paths option to maintain the symlinks in paths, so
that users can update symlinks in order to update the scripts being called.
doc: Add documentation for MH and TWOS schedulers.
global: Add per process gprof profiling.
systemd: Add KEEPALIVED_OPTION for non-root service file.
systemd: Add comment in non-root service file for old systemds.
Improvements
vrrp: Remove extraneous log message for netlink interface message.
vrrp: Allow DBus to work with VRRP instances without configured interface.
keepalived uses “none” for the interface in the DBus path if a VRRP
instance has no configured interface. However, it was not checking
explicitly for “none” when a query was received. This commit now adds a
specific check.
vrrp: Allow specification of string used by DBus for no interface.
vrrp: check prefix length when checking if deleted address is a VIP. It is
possible, for example, to configure both 10.1.0.3/32 and 10.1.0.3/24 on the
same interface. When checking whether an address deleted from an interface
is one of our VIPs, we need to also check the prefix length.
vrrp: Set sysctl arp_ignore to 1 on IPv6 VMACs. Setting arp_ignore to 1
ensures that the VMAC interface does not respond to ARP requests for IPv4
addresses not configured on the VMAC.
vrrp: Go to fault state if fail to add IPv6 link-local address to VMAC. If
an IPv6 VRRP instance uses a VMAC, but adding a link-local address to the
interface fails, then the vrrp instance now transitions to fault state,
just as happens if the link-local address is removed after it has been added.
vrrp: Don’t send IPv6 advert from interface with no address. If an interface
has no IPv6 address, no advert can be sent. Rather that logging an error
when the send fails, simply don’t send the advert.
vrrp: Check interface for static routes if deleted. vrrp: Check interface
for static routes if deleted route_is_ours() checked the outgoing interface
for virtual routes but not for static routes. This commit now adds checking
of the outgoing interface for static routes, and now moves the code to
compare routes into a separate function used for both virtual and static
routes.
vrrp: remove logging on status output. A message is output to the log each
time the status is queried. This is not necessary and can therefore be
omitted.
vrrp: Use addattr32() for setting link group. Set link group for ipvlan
interfaces, just like for VMACs.
ipvs: ping check extension. use consistent ICMP id and fix sequence number
By keeping the sockets used for pings open, the ICMP id field now remains
the same for each echo request. The sequence number is now per ping check,
and is now sent in big endian order.
ipvs: Reduce logging of activating health checkers. Don’t log activating
checkers after a reload if they are already active.
ipvs: Remove checkers_queue. A configuration with 2277 virtual servers, with
a total of 37205 real servers with each real server having one checker was
taking 132 seconds to reload. This commit reduces the reload time to 0.24
seconds, a reduction of 99.8%! The problem was due to every real server
iterating through all checkers, 37205 * 37205 = 1,384,212,025 iterations,
not only once but several times. The code now maintains a list of checkers
for each real server. The disadvantage of this is that to iterate through
all checkers requires iterating through all virtual servers, and all their
real servers and then for each real server the list of checkers. If there
are relatively few checkers compared to real servers, this will take longer
than using the checkers_queue, but using a queue per real server is still
fast, and the only time the code iterates through all the checkers is at
startup/reload, other than dumping the configuration.
ipvs: don’t call protocol_to_index() unless using auto fwmarks.
protocol_to_index() must only be called when there is an index. This is
when the virtual server uses a virtual server group that is using auto
fwmarks.
ipvs: add set and alive status for sorry servers in keepalived_check.data.
ipvs: Reinstate non-failed real servers if remove sorry server. When there
is no sorry server, the quorum is not used, and real servers are only
removed if a checker fails. On the other hand if there is a sorry server,
if the number of alive real servers falls below the quorum, all non-failed
real servers are removed when the sorry server is added. If the sorry
server is remomed from the configuration, non-failed real servers need to
be reinstated.
ipvs: don’t remove sorry server if inhibit added but server is alive.
ipvs: inhibit extensions: If inhibit is changed on a failed real server,
add/remove it. If inhibit is added to inactive sorry server set weight 0.
If inhibit cleared for inactive sorry server, clear s_svr->set.
ipvs: Add snmp_vs_stats_update_interval for updating SNMP stats. The timer
for updating VS and RS stats for SNMP was hard coded to 5 seconds. This
commit still deffaults to 5 seconds but allows the timer to be configured.
ipvs: Misc SNMP updates and extensions. Don’t duplicate storage of 32 bit
SNMP stats. Use correct variable for returning 64 bit stats for SNMP. Add
counter64 options for 64 bit SNMP stats. Use SNMP variable3/4/7 instead of
variable8 where appropriate. streamline SNMP real server code when no sorry
server. Merge several SNMP functions that were doing nearly the same thing.
Streamline finding VS group entry for SNMP. Streamline finding RS for SNMP.
Streamline finding VS for SNMP. set var_len = 0 when returning an error to
SNMP. fix building with SNMP support without using netlink interface.
systemd: Change NotifyAccess to be main rather than all for non-root.
doc: Clarify documentation for “weight” in track_process. The default value
for weight should be 0, and not 1 as previously stated.
doc: update description for v3_checksum_as_v2.
Fixes
vrrp: Stop link local VMAC address responging to neighbour solicit. When an
IPv6 VRRP instance using VMAC is in backup state, the link local address
configured on the VMAC interface is the same as the link local address on
the parent interface of the VMAC. This causes a problem with switches
learning the MAC address of the VMAC is now on the backup. This causes
packets meant to be sent to the master being sent to the backup. This
commit uses nftables/iptables to stop neighbour advertisements for the link
local address of the VMAC interface and its parent interface being sent
from the VMAC interface.
vrrp: fix global skip_check_adv_addr and strict_mode parsing.
skip_check_adv_addr and strict_mode take an option parameter, but
keepalived wasn’t parsing it, and assumed it was set on/true/yes.
vrrp: work around missing promiscuous netlink notifications. If the base
interface does not implement IFF_UNICAST_FLT, for example it is a bridge
interface, no netlink notification is sent by the kernel when promiscuity
is set on the base interface. The promiscuous state of the base interface
is correct in the kernel but it is in incorrect in daemons that listen to
the interface netlink messages (eg. DPDK). The issue is still there in
kernel 6.4.6. Force a notification by re-setting IFLA_GROUP for the base
interface.
vrrp: Fix specifying netlink_notify_msg for VMAC when name set. Trying to
specify a VMAC name as well as netlink_notify_msg did not work for use_vmac.
ipvs: fix issue in reload process when using virtual server groups. issue:
when using virtual server groups, remove vs entry in configure file and
then do reload, vs entry can not be removed. And add vs entry in configure
file and the do reload, rs with 0 port will be set. fix: in reload process
do the same action with ipvs_group_cmd. set rs port with vs port and update
live state
ipvs: add/remove sorry server of group server when reload. issue: when using
virtual server groups, if all rs down and sorry server up, at this time
remove/add vs entry in configure file and then do reload, vs entry can not
be removed. fix: add/remove sorry server same as normal rs when reload
server groups
check: if lost misc check child register checker agagin. issue: misc
check_child_thread timeout and remove child_pid form rb_data, timeout
callback of check_child_thread is not be called, if at this time misc
script done and exit, and child termination will do nothing because
child_pid was remove form rb_data. in this case timeou callback will not
register checker again, the checker will lost. fix: if lost misc check
child register checker again
lib: Stop setting MAGIC_PRESERVE_ATIME flag. On RedHat systems setting
MAGIC_PRESERVE_ATIME caused SELinux errors.
core: make startup/shutdown scripts work when not using –dont-fork.
check_start_stop_script_secure() checks that the parent process has not
changed while it is doing its checks, so we need to set the pid of the
parent process (main_pid) before calling the function. There is a further
complication that called getppid() too soon after a fork() with the parent
process exiting after the fork means that we don’t get the pid of the new
parent, so we need to loop until getppid() returns a diffweent pid.
core: initialise script structure in start_validate_reload_conf_child(). Due
to the path field not being set to NULL, it was attempting to exec a random
string when reload_check_config was configured.
systemd: Fix snmp option in non-root service file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
734a201469 |
iperf: Update to version 2.2.0
- Update from version 2.1.8 to 2.2.0
- Update of rootfile not required
- Changelog
2.2.0
o new ./configure --enable-summing-debug option to help with summing debug
o select ahead of writes slow down UDP performance. support ./configure
--disable-write-select
o support fo -b 0 with UDP, unlimited load or no delay between writes
o support for --sync-transfer-id so client and server will match the ids and
give a remap message
o support --dscp command line option
o support for application level retries and minimum retry interval of the TCP
connect() syscall via --connect-retry-time and --connect-retry-timer,
repsectively
o support for --ignore-shutdown so test will end on writes vs the BDP drain and
TCP close/shutdown, recommended not to use this but in rare cases
o support for --fq-rate-step and --fq-rate-step-interval
o CCAs per --tcp-cca, --tcp-congestion, etc neeed to be case sensitive
o support for both packets and bytes inflight taken from tcp_info struct amd pkt
calc of (tcp_info_buf.tcpi_unacked - tcp_info_buf.tcpi_sacked -
tcp_info_buf.tcpi_lost + tcp_info_buf.tcpi_retrans)
o man page updates and -h to reflect new options, better descriptions
o lots of work around summing with parallel threads, new implementation based on
interval or slot counters, hopefully should work reliably
o --bounceback tests are much more reliable and robust
o Improve event handling around select timeouts, helps with larger -P values and
summing
o use the getsockopt IP_TOS for the displayed output, warn when set and get
don't match
o better tos byte output, include dscp and ecn fields individually
o better tos setting code for both v6 and v4, so they behave the same around
checks and warnings
o much better NULL events to help with reporter processing even when traffic is
not flowing
o support for a new string report
o python flows work around CDF based tests
o rate limit fflush calls to a max of one every millisecond or 1000 per sec
o remove superfulous fflush calls
o reports when P = 1 and --sum-only need sum outputs
o enable summing with --incr-dstip
o add macro TIME_GET_NOW to set a struct timeval in a portable manner
o code readability improvements with enums, bools, etc.
o fix for TCP rate limited and -l less than min burst size
o only use linux/tcp.h when absolutely needed, otherwise use netinet/tcp.h
o print bounceback OWD tx/rx in interval reports
o add flows Makefiles for tarball or make dist-all
o support interval reports for bounceback histograms
o support for TCP working loads and UDP primary flows, including UDP
isochronous, per ticket 283
o fix working-load with isoch so working-load streams are capacity seeking
o exit when CCA not supported or read of the current CCA doesn't match requested
CCA
o add more make check tests
o add support for omit string (omit code not ready for this release)
o pyflows qdisc settings and outputs
o add first send pacing with --tx-starttime so listener threads udp_accept has
time to perform udp_accept() between the client threads
o adjust the sender time per the client delay and the client first write, i.e.
subtract out this delay in the calculations
o fixes for small packets and --tx-starttime
o use more modern multicast socket options (now in src/iperf_multicast_api.c)
o warn on bind port not sent with --incr-srcport
o display fq-rate values in outputs when --fq-rate is used
o add support for --test-exchange-timeout
o fixes around wait_tick
o add support for TCP_TX_DELAY via --tcp-tx-delay <val ms> option on both client
and server
o pass the CCA from client to server
o support burst-size with different write sizes and don't require --burst-period
o output traffic thread send scheduling error stats in final ouput
o output clock unsync stats with --bounceback
o add warn message on MSG_CTRUNC
o UDP select fixes
o enable TCP_NOTSENTLOWAT and set to a default small value with --tcp-write-times
o default histogram max binning to 10 seconds
o add a max timestamp to histogram outputs so user can find packets in pcaps or
equivalent
o autoconf change for struct ip_mreqn
o print errno on writen fail
2.1.9
o fixed traffic setitimer to use uintmax_t vs int, supporting large values
o --bounceback officially supported (including Windows) for repsonsiveness test
scenarios
o deprecated --bounceback-congest introduced in 2.1.8, replaced by --working-loads
o --working-loads support generalized; works with --bounceback, --connect-only &
--burst-period
o default TCP_NOTSENT_LOWAT with the --working-loads concurrent traffic
o add support for GMT time formatting via --utc option
o --trip-times will auto set TCP_NOTSENT_LOWAT
o CSV output fixes for reverse
o CSV output regressions fixed per sum outputs using negative transfer ids
o CSV output support with --enhanced
o Fix to isoch wait_tick with Windows
o fix support for --txstart-time with --bounceback
o Add support for summing histograms in histogram sum outputs
o Multiple sum report fixes per threading & needing mutex protections
o Jitter packet IPG calcluations ignore inter frame gaps
o Isoch jitter output to use running value vs sampled value
o Add support for --jitter-histograms
o man page content updates
o output isoch scheduling errors at end of isoch run
o PRIdMAX fix for ARM systems
o better work around in isochronous with Windows per early return of
WaitForSingleObject()
o fix SO_BINDTODEVICE regression
o fix v6 source port parsing with -B and brackets
o fix malloc error with --hideips
o fixes for rate limited TCP with --trip-times
o add support for TCL_NOTSENT_LOWAT with rate limited TCP
o permit key now supports -P using listen() with a backlog, no longer single
thread limited
o fixes for zero valued permit-key
o fixes for multiple permit-key regressions
o fix token bucket delay with TCP await write
o fix isMulticast test for ipv4 - previous logic indicate true for 240.x.x.x
which is not multicast
o fix regression on jitter calc - starts on second transit time
o add cmsg for loop with UDP rx timestamp, cmsg processing best to use loop w/test
o use stdout and exit(0) for -h and -v (vs stderr and exit(1))
o add python facetime scripts
o Fix single thread compile breakage
o fix windows cross compile
o multiple spelling error fixes in comments and man page
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
c8490adecf |
hplip: Update to version 3.24.4
- Update from version 3.23.12 to 3.24.4
- Update of rootfile
- Changelog
3.24.4
Added support for the following new Printers:
HP OfficeJet 8120 All-in-One series
HP OfficeJet Pro 8120 All-in-One series
HP OfficeJet 8130 All-in-One series
HP OfficeJet Pro 8130 All-in-One series
HP OfficeJet Pro 9720 Series
HP OfficeJet Pro 9730 Series
Added support for following new Distro:
Ubuntu 23.10
Debian 12
Fedora 39
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
539334dc2e |
haproxy: Update to version 3.0.3
- Update from version 2.9.2 to 3.0.3 - Update of rootfile not required - Changelog is over 1000 lines long. Too much to include here. See CHANGELOG file in the source tarball for details. No CVE fixes listed inh the changelog. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
fdbd6bd32f |
frr: Update to version 10.1
- Update from version 9.1 to 10.1
- Update of rootfile
- CVE Fixes in 9.1.1
- Changelog
10.1
Breaking changes
Enable BGP dynamic capability by default for datacenter profile
Advertise BGP "Dynamic" capability by default if using a datacenter
profile. The dynamic capability gives more flexibility in terms of
changing some parameters (e.g. Graceful-Restart,
Long-lived Graceful-Restart timers, Addpath, Role, etc.) without
resetting the session.
Split BGP rpki cache command into separate per SSH/TCP
The old command is broken at some level. When configuring a TCP session
with the source, the command thinks it's an SSH session with a username.
Add deprecation cycle for OSPF router-info X [A.B.C.D] command
Features
BGP dampening per-neighbor support
It is now possible to configure BGP dampening parameters on a
per-neighbor basis. In previous releases, BGP dampening could only be
configured globally or per-SAFI.
BMP send-experimental stats
We added an option to send experimental BMP (RFC 7854) stats
[65531-65534].
RFC 7854 defines BMP statistics types:
Values 65531 through 65534 are Experimental, and value 65535
is Reserved.
Implement extended link-bandwidth for BGP
By default bandwidth in extended communities is encoded in IEEE
floating-point format, and is limited to a maximum of 25 Gbps. Since
not every vendor implements this correctly (due to IEEE floating-point),
another draft is implemented to encode the bandwidth into IPv6
address-specific extended community.
Paths Limit for Multiple Paths in BGP
Implemented this draft as an extension for the Addpath capability, that
tells the sender to send only an arbitrary number of paths per prefix
instead of sending all of the known paths.
New command for OSPFv2 ip ospf neighbor-filter NAME [A.B.C.D]
Configure an IP prefix list to filter packets received from OSPF
neighbors on the OSPF interface.
Implement non-broadcast support for point-to-multipoint networks
This extends non-broadcast support to point-to-multipoint networks.
The AllOSPFRouters (224.0.0.5) is still joined for non-broadcast
networks since it is joined for NBMA networks.
Other significant changes
bgpd
Fix route leaking from the default l3vrf
Fix match peer when switching between IPv4/IPv6/interface
Fix dynamic peer graceful restart race condition
Fix colored routes not installed after a switchover
Fix crash when deleting the SRv6 locator
Fix no set as-path prepend ASNUM...
Fix negative commands for Graceful-Restart operations (avoid
entering incorrect state)
Fix ipv4-mapped ipv6 on non 6pe
Fix show run of network route-distinguisher
Fix display when using missing-as-worst
Fix show bgp neighbors output
Fix error handling for MP/GR capabilities as a dynamic capability
Fix error handling when receiving BGP Prefix-SID attribute
Fix route-target display with a dotted format
Fix no bgp as-path access-list
Fix no form for neighbor X capability software-version
Check against extended community unit size for link bandwidth
Make sure we have enough data to handle extended link bandwidth
Check if FQDN capability length is in valid ranges
Allow using different ASNs per VRF instances
Send End-of-RIB not only if Graceful-Restart capability is received
Implement backpressure to avoid CPU hog
Ignore validating the attribute flags if path-attribute is configured
Prevent deletion of BGP peer groups associated with bgp listen range
Inherit some peer flags from the peer-group
Allow specification of AS 0 for RPKI commands
Allow using maximum-prefix for EVPN
Increase install/uninstall speed of EVPN VNIs
Update default-originate route-map actual map structure
Include unsuppress-map as a valid outgoing eBGP policy
Allow dynamically disable graceful-restart/long-lived graceful-restart
Unset advertised capabilities if the capability is disabled
Aggregated summary-only remove suppressed from EVPN
isisd
Fix crash when deactivating ISIS adjacency on the interface
Fix show isis database [detail] json
Fix show isis algorithm
Fix crash when configuring the circuit type for the interface
Fix IP/IPv6 reachability TLVs
When the metric-type is configured as "wide", the IS-IS generates
incorrect metric values for IPv4 directly connected routes
Add link state support for SRv6 adjacencies
The hold time of hello packets on a P2P link does not match the
sending interval
mgmtd
Implement YANG RPC/action support
ospfd
Fix crash in OSPF TE parsing
Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did
not reset the hello timer
Fix no write-multiplier command
Fix no maximum-paths command
Solved crash in RI parsing with OSPF TE
Assure OSPF AS External routes are installed after the link flap
Send LS Updates in response to LS Request as unicast
ospf6d
Handle topo change in Graceful-Restart Helper mode for max-age LSAs
Prevent heap-buffer-overflow with an unknown type
Redistribute metric for AS-external route
Fix next-hop computation for inter-area multi-ABR ECMP
Fix interface type vs. connected routes updates
pathd
Retry synchronous label-manager ZAPI connection
pimd
Fix null register before aging out reg-stop
Fix dr-priority range
Fix crash unconfiguring rp keepalive timer
lib
Fix keychain NB crash
Do not convert EVPN prefixes into IPv4/IPv6 if not needed
ripd
Fix clear ip rip command
ripngd
Fix clear ipv6 ripng command
tools
Handle seq num for BGP as-path in frr-reload.py
vtysh
Fix 'show ip[v6] prefix-list ... json' formatting by moving it to vtysh
Fix show route-map command when calling via do
Show ip ospf network ... even if it's not the same as the interface
type
zebra
Fix mpls label bind command
Fix excessive exit commands
Fix static SRv6 segment-list SID order
Fix JSON output for show route summary json
Fix malformed json output for multiple vrfs in command show ip route
vrf all json
Fix crash if MAC-VLAN link in another netns
Fix crash on MAC-VLAN link down/up
Deny the routes if ip protocol CLI refers to an undefined route-map
Bridge flap handle VLAN membership update
Add show fpm status [json] command
9.1.1
Fixed CVEs
CVE-2024-31950
CVE-2024-31951
CVE-2024-31949
Bug Fixes
bgpd
"default-originate" shouldn't withdraw non-default routes
Aggr summary-only suppressed export to evpn
Allow using optional table id for negative `no set table x` command
Arrange peer notification to after zebra announce
Check bgp evpn instance presence in soo
Convert the bgp_advertise_attr->adv to a fifo
Do not show tcp mss if the socket is broken
Ensure bgp does not stop monitoring nexthops
Ensure community data is freed in some cases.
Ensure that the correct aspath is free'd
Fix `match peer` when switching between ipv4/ipv6/interface
Fix `no set as-path prepend asnum...`
Fix bgp_best_selection heap-use-after-free
Fix crash when deleting the srv6 locator
Fix display when using `missing-as-worst`
Fix dynamic peer graceful restart race condition
Fix ecommunity_fill_pbr_action heap-buffer-overflow
Fix error handling when receiving bgp prefix sid attribute
Fix errors handling for mp/gr capabilities as dynamic capability
Fix format overflow for graceful-restart debug logs
Fix logging message when receiving a software version capability
Fix no bgp as-path access-list issue
Fix route-map match probability deconfiguration callback
Fix srv6 memory leak detection
Fix the order of null check and zapi decode
Fix vrf leaking with 'no bgp network import-check
Free memory for srv6 functions and locator chunks
Ignore validating the attribute flags if path-attribute is configured
Include unsuppress-map as a valid outgoing policy
Lttng tp add evpn route events
Make `suppress-fib-pending` clear peering
Note when receiving but not understanding a route notification
Prevent from one more cve triggering this place
Set correct ttl for the dynamic neighbor peers
Update default-originate route-map actual map structure
Revert "Fix pointer arithmetic in bgp snmp module"
doc
Add param range for graceful-restart helper supported-grace-time
Remove duplicated show route-map
isisd
Fix _isis_spftree_del heap-use-after-free
Fix dislaying lsp id
Fix heap-after-free with prefix sid
Fix ip/ipv6 reachability tlvs
lib
Check for not being a blackhole route
Fix show route map json output
Do not convert evpn prefixes into ipv4/ipv6 if not needed
Replace deprecated ares_gethostbyname
Replace deprecated ares_process()
nhrpd
Fix race condition
Fix core dump on shutdown
ospf6d
Ospfv3 route change comparision fixed for asbr-only change
Prevent heap-buffer-overflow with unknown type
ospfd
Add support for "no router-info [<area|as>] command"
Can not delete "segment-routing node-msd" when sr if off
Correct lsa parser which fulfill the ted
Correct opaque lsa extended parser
Correct sid check size
Fix ospf dead-interval minimal hello-multiplier param range
Fix the bug where ip_ospf_dead-interval_minimal_hello-multiplier did
not reset hello timer
Protect call to get_edge() in ospf_te.c
Solved crash in ospf te parsing
Solved crash in ri parsing with ospf te
Revert "Fix some dicey pointer arith in snmp module"
pbrd
Fix map seq installed flag in json
Fix pbr handling for last rule deletion
pimd
Fix crash unconfiguring rp keepalive timer
Fix crash when configuring ssmpingd
Fix dr-priority range
Fix null register before aging out reg-stop
Fix order of operations for evaluating join
Re-evaluated s,g oils upon rp changes and for empty sg upstream oils
Fix crash when mixing ssm/any-source joins
staticd
Fix changing to source auto in bfd monitor
tests
Check for 0.0.0.0/1 in bgp_default_route
Check if ibgp session can drop invalid aigp attribute
Extend tests for aspath exclude
Update ospf te topotests
tools
Apply black formatting for tools/frr-reload.py
Fix frr-reload interface desc cmd
Fix frr-reload multiple no description cmds
Fix frr-reload multiple no description cmds
Use error log level when failing to execute commands via frr-reload.py
topotests
Do not check table version
Redispatch tests in bfd_topo3
Test wrong bfd source in bfd_topo3
Vpnv4 route leaking with no import-check
vtysh
Show `ip ospf network ...` even if it's not the same as the
interface type
zebra
Add missing whitespace when printing route entry status
Deny the routes if ip protocol cli refers to an undefined rmap
Don't deref vxlan-vni array
Fix crash if macvlan link in another netns
Fix crash on macvlan link down/up
Fix evpn svd based remote nh neigh del
Fix mpls command
Fix route deletion during zebra shutdown
The dplane_fpm_nl return path leaks memory
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
733e957885 |
freeradius: Update to version 3.2.5
- Update from version 3.2.3 to 3.2.5
- Update of rootfile
- Various options removed from ./configure as they are all unrecognised and don't have
any effect. Most of them look to have been related to freeradius-1.x
- There is no command that gets recognised for disabling or not using static libs
- Changelog
3.2.5
Feature Improvements
TOTP now supports TOTP-Time-Offset for tokens with times that are out of sync.
See mods-available/totp.
radclient now supports forcing the Request Authenticator and ID for
Access-Request packets.
Update dictionary.3gpp.
Update advice on shared secrets, including suggesting a secure method for
generating useful secrets.
Bug Fixes
Allow proxying by pool / home server name to work with auth+acct servers.
Fix OpenSSL API usage which sometimes caused crash in MS-CHAP Previously it
would either always crash immediately, or never crash.
Fix packet statistics. Stop double counting some packets, and track packet
statistics even if a socket is closed.
Reverted patch in TTLS which broke compatibility with some systems.
Don't crash in debug mode when multiple intermediate certs are used Patch
from Alexander Chernikov.
3.2.4
Feature Improvements
Preliminary support for TEAP.
Update EAP module pre_proxy checks to make them less restrictive This
prevents the "middle box" effect from affecting future traffic.
Many fixes and updates for Docker images.
Add dpsk module. See mods-available/dpsk.
Print out what cause the TLS operations to be made, such as the EAP method
name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
Add auto_escape to sample SQL module config.
Add 'if not exists' to mysql create table queries. ref #5032 (#5137).
Update dictionary.aruba; add dictionary.tplink, dictionary.alphion.
Allow for 'encrypt=1' attributes to be longer than 128 characters.
Added "radsecret" program which generates strong secrets. See the top of the
"clients.conf" file for more information.
radclient now prints packets as hex when using -xxx.
Added "-t timeout" to radsniff. It will stop processing packets after
<timeout> seconds.
Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
The detail module now has a "dates_as_integer" configuration item See
mods-available/detail for more information.
Add lookback/lookforward steps and more configuration to totp. See
mods-available/totp.
Add "time_since" xlat to calculate elapsed time in seconds, milliseconds and
microseconds.
Support "Post-Auth-Type Challenge" in the inner tunnel. Patch from Alexander
Clouter. PR #5320.
Add "proxy_dedup_window". See radiusd.conf.
Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
Add "dedup_key" for misbehaving supplicants. See mods-available/eap.
Bug Fixes
Fix corner case with empty defaults in rlm_files. Fixes #5035.
When we have multiple attributes of the same name, always use the canonical
attribute.
Make FreeRADIUS-Server-EMA* attributes work again for home server exponential
moving average statistics.
Don't send the global server stats when asked for client stats. They use the
same attributes, so the result is confusing.
Fix multiple typos in MongoDB query.conf (#5130).
Add define for illumos. Fixes #5135.
Add client configuration for TLS PSK.
Permit originate CoA after proxying to an internal virtual server.
Use virtual server "default" when passed "-i" and "-p" on the command line.
Fix locking issues with rlm_python3.
The detail file reader will catch bad times in the file, and will not update
Acct-Delay-Time with extreme values.
Fix issue where Message-Authenticator was calculated incorrectly for
CoA / Disconnect ACK and NAK packets.
Update Python thread and error handling. Fixes #5208.
Fix handling of Session-State when proxying. Fixes #5288.
Run relevant post-proxy Fail-* section on CoA / Disconnect timeout.
Add "limit" section to AWS health check configurtion. Fixes 35300.
Use MAX in sqlite queries instead of GREATEST.
Fix typo in Mongo queries. Fixes #5301.
Fix occasional crash with bad home servers. Fixes #5308.
Minor bug fixes to the SQL freetds modules.
Fix blocking issue with RADIUS/TLS connection checks.
Fix run-time crash on configuration typos of %{substr ...} instead of
%{substr:...} Fixes #5321.
Fix crash with TLS Status-Server requests. Fixes #5326.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
df638b2e26 |
fping: Update to version 5.2
- Update from version 5.1 to 5.2
- Update of rootfile not required
- Changelog
5.2
## New features
- New option -X / --fast-reachable to exit immediately once N hosts have been
found (#260, thanks @chriscray and @gsnw)
- New option -k / -fwmark to set Linux fwmark mask (#289, thanks @tomangert and
@deepkv)
## Bugfixes and other changes
- Always output fatal error messages (#303, thanks @auerswal)
- Fallback to SO\_TIMESTAMP if SO\_TIMESTAMPNS is not available (#279, thanks
@gsnw)
- Fix "not enough sequence numbers available" error on BSD-like systems (#307,
thanks @cagney, @gsnw)
- Fix running in unprivileged mode (#248, thanks @sfan5)
- Fix build issue for NetBSD/alpha (#255, thanks @0-wiz-0)
- Fix build issue for OpenBSD/alpha (#275, thanks @gsnw)
- Fix build warning for long int usage (#258, thanks @gsnw)
- Fix build error with musl libc (#263, thanks @kraj)
- Fix to guard against division by zero (#293, thanks @auerswal)
- Decouple -a/-u effects from -c (#298, thanks @auerswal)
- Added contrib/Dockerfile (#224, thanks @darless)
- Remove host from Netdata chart titles (#253, thanks @ilyam8)
- Add additional tests (#292, #297, thanks @auerswal)
- Update github action os images (#282, thanks @gsnw)
- Fix Azure pipeline tests (#308, thanks @gsnw)
- Various autoconf fixes (#286, #283, thanks @gsnw)
- Extended configure script with --enable-debug and output cpu usage (#311,
thanks @gsnw)
- Documentation: Update Netdata website link (#257, thanks @ilyam8)
- Documentation: fix description of --file option (#268, thanks @MohGeek)
- Documentation: improve exit status description (#294, thanks @auerswal)
- Documentation: move description of -i MSEC (#298, thanks @auerswal)
- Documentation: improve help output for options -c and -C (#302, #auerswal)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
49c377c7eb |
fetchmail: Update to version 6.4.39
- Update from version 6.4.38 to 6.4.39
- Update of rootfile not required
- Changelog
6.4.39
# BUG FIXES:
* When a server offers STARTTLS although the connection is already wrapped
in TLS, fetchmail would issue a bogus "WARNING: server offered STARTTLS
but sslproto '' given." (or STLS for POP3). In situations where we wrap
the connection in TLS, suppress the warning. Reported by Mike Pope.
* If fetchmail was running localized, generate an error e-mail message
locally, and if the selected translation would require the Subject: line
to wrap inside an RFC-2047 encoded word (=?UTF-8?Q?...?=), the wrapped
encoded-word was not indented, thus not marked as a continuation line.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
5a9f439d24 |
cups: Update to version 2.4.10
- Update from version 2.4.6 to 2.4.10
- Update of rootfile not required
- CVE fix in 2.4.7 & 2.4.9
- Changelog
2.4.10
- Fixed error handling when reading a mixed `1setOf` attribute.
- Fixed scheduler start if there is only domain socket to listen on (Issue #985)
2.4.9
- Fixed domain socket handling (CVE-2024-35235)
- Fixed creating of `cupsUrfSupported` PPD keyword (Issue #952)
- Fixed searching for destinations in web ui (Issue #954)
- Fixed TLS negotiation using OpenSSL with servers that require the TLS SNI
extension.
- Really raised `cups_enum_dests()` timeout for listing available IPP printers
(Issue #751)...
- Fixed `Host` header regression (Issue #967)
- Fixed DNS-SD lookups of local services with Avahi (Issue #970)
- Fixed listing jobs in destinations in web ui. (Apple issue #6204)
- Fixed showing search query in web ui help page. (Issue #977)
2.4.8
- Added warning if the device has to be asked for 'all,media-col-database'
separately (Issue #829)
- Added new value for 'lpstat' option '-W' - successfull - for getting
successfully printed jobs (Issue #830)
- Added support for PAM modules password-auth and system-auth (Issue #892)
- Updated IPP Everywhere printer creation error reporting (Issue #347)
- Updated and documented the MIME typing buffering limit (Issue #925)
- Now report an error for temporary printer defaults with lpadmin (Issue #237)
- Fixed mapping of PPD InputSlot, MediaType, and OutputBin values (Issue #238)
- Fixed "document-unprintable-error" handling (Issue #391)
- Fixed the web interface not showing an error for a non-existent printer
(Issue #423)
- Fixed printing of jobs with job name longer than 255 chars on older printers
(Issue #644)
- Really backported fix for Issue #742
- Fixed `cupsCopyDestInfo` device connection detection (Issue #586)
- Fixed "Upgrade" header handling when there is no TLS support (Issue #775)
- Fixed memory leak when unloading a job (Issue #813)
- Fixed memory leak when creating color profiles (Issue #815)
- Fixed a punch finishing bug in the IPP Everywhere support (Issue #821)
- Fixed crash in `scan_ps()` if incoming argument is NULL (Issue #831)
- Fixed setting job state reasons for successful jobs (Issue #832)
- Fixed infinite loop in IPP backend if hostname is IP address with Kerberos
(Issue #838)
- Added additional check on socket if `revents` from `poll()` returns POLLHUP
together with POLLIN or POLLOUT in `httpAddrConnect2()` (Issue #839)
- Fixed crash in `ppdEmitString()` if `size` is NULL (Issue #850)
- Fixed reporting `media-source-supported` when sharing printer which has
numbers as strings instead of keywords as `InputSlot` values (Issue #859)
- Fixed IPP backend to support the "print-scaling" option with IPP printers
(Issue #862)
- Fixed potential race condition for the creation of temporary queues
(Issue #871)
- Fixed `httpGets` timeout handling (Issue #879)
- Fixed checking for required attributes during PPD generation (Issue #890)
- Fixed encoding of IPv6 addresses in HTTP requests (Issue #903)
- Fixed sending response headers to client (Issue #927)
- Fixed CGI program initialization and validation of form checkbox and text
fields.
2.4.7
- CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript
in PPD files
- Added OpenSSL support for cupsHashData (Issue #762)
- Fixed delays in lpd backend (Issue #741)
- Fixed extensive logging in scheduler (Issue #604)
- Fixed hanging of `lpstat` on IBM AIX (Issue #773)
- Fixed hanging of `lpstat` on Solaris (Issue #156)
- Fixed printing to stderr if we can't open cups-files.conf (Issue #777)
- Fixed purging job files via `cancel -x` (Issue #742)
- Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743)
- Fixed a bug in the PPD command interpretation code (Issue #768)
- Fixed Oki 407 freeze when printing larger jobs (Issue #877)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Adolf Belka
|
15818f9600 |
bwm-ng: Update to version 0.6.3
- Update from version 0.6.1-f54b3fa to 0.6.3
- Update of rootfile not required
- Changelog
0.6.3
* remove outdated copyright and email
* Merge pull request #25 from fweimer/patch-1 AC_QEF_C_NORETURN: Include
<stdlib.h> for exit
* Merge pull request #27 from ofalk/master Fix potential write to unallocated
memory.
* Merge pull request #28 from vgropp/#2-fix-csv-bits feat: #2 output bits in csv
* Merge pull request #29 from vgropp/#2-fix-csv-bits fix(doc): #2 output bits
in csv
* Merge pull request #32 from vgropp/new-netstat-#5 feat: add support for
newer (2016+) linux netstat #5
0.6.2
* Merge pull request #22 from vgropp/issue-#13 to fix windows build
* Merge pull request #20 from dreibh/master CSV file output: fix for timestamp
inaccuracy and Y-2038 problem
* Merge pull request #21 from vgropp/travisci add travisci
* Merge pull request #17 from Himura2la/master Add the started time in "sum" mode
* Merge pull request #18 from Himura2la/fix-dynamic Fix DYNAMIC and ANSIOUT in
config
* Merge pull request #10 from SoapGentoo/fixes Use `static inline` instead of
`inline`
* Merge pull request #9 from adventureloop/master Always fflush the pipe
* Merge pull request #7 from samueloph/fsf_address_clean Update FSF address
* Merge pull request #6 from samueloph/master Fix typos
* fix nan and inf values on fast refresh (fixes debian bug #532331
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
1561f65244 |
core188: Ship libxml2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
0216fe0228 |
libxml2: Update to version 2.13.3
- Update from version 2.12.3 to 2.13.3
- Update of rootfile
- CVE fixes in 2.13.3, 2.12.7, 2.12.5
- Changelog
2.13.3
### Security
- [CVE-2024-40896] Fix XXE protection in downstream code
### Regressions
- autotools: Use AC_CHECK_DECL to check for getentropy
- xinclude: Fix fallback for text includes
- io: Don't call getcwd in xmlParserGetDirectory
- io: Fix return value of xmlFileRead
- parser: Fix error return of xmlParseBalancedChunkMemory
### Improvements
- xinclude: Set error handler when parsing text
- Undeprecate xmlKeepBlanksDefault
2.13.2
### Regressions
- tree: Fix handling of empty strings in xmlNodeParseContent
- valid: Restore ID lookup
- parser: Reenable ctxt->directory
- uri: Handle filesystem paths in xmlBuildRelativeURISafe
- encoding: Make xmlFindCharEncodingHandler return UTF-8 handler
- encoding: Fix encoding lookup with xmlOpenCharEncodingHandler
- include: Define ATTRIBUTE_UNUSED for clang
- uri: Fix xmlBuildURI with NULL base
### Improvements
- uri: Enable Windows paths on Cygwin
- tests: Clarify licence of test/intsubset2.xml
2.13.1
### Regressions
- parser: Selectively reenable reading from "-"
- reader: Fix xmlTextReaderReadString
- xinclude: Set XPath context doc
- xinclude: Load included documents with XML_PARSE_DTDLOAD
- include: Don't redefine ATTRIBUTE_UNUSED
- include: Readd circular dependency between tree.h and parser.h
- xinclude: Add missing include (Jan Alexander Steffens (heftig))
- win32, msvc: fix missing linking against Bcrypt.lib (Miklos Vajna)
- xinclude: Don't raise error on empty nodeset
- parser: Make failure to load main document a warning
- tree: Fix freeing entities via xmlFreeNode
- parser: Pass global object to sax->setDocumentLocator
### Improvements
- io: Fix resetting xmlParserInputBufferCreateFilename hook
### Documentation
- Fix typo in NEWS (--with-html -> --with-http) (Ryan Carsten Schmidt)
- doc: Don't mention xmlNewInputURL
2.13.0
### Major changes
Most of the core code should now report malloc failures reliably. Some
API functions were extended with versions that report malloc failures.
New API functions for error handling were added:
- xmlCtxtSetErrorHandler
- xmlXPathSetErrorHandler
- xmlXIncludeSetErrorHandler
This makes it possible to register per-context error handlers without
resorting to global handlers.
A few error messages were improved and consolidated. Please update
downstream test suites accordingly.
A new parser option XML_PARSE_NO_XXE can be used to disable loading
of external entities or DTDs. This is most useful in connection with
XML_PARSE_NOENT.
Support for HTTP POST was removed.
Support for zlib, liblzma and HTTP is now disabled by default and has
to be enabled by passing --with-zlib, --with-lzma or --with-http to
configure. In legacy mode (--with-legacy) these options are enabled
by default as before.
Support for FTP will be removed in the next release.
Support for the range and point extensions of the xpointer() scheme
will be removed in the next release. The rest of the XPointer
implementation won't be affected. The xpointer() scheme will behave
like the xpath1() scheme.
Several more legacy symbols were deprecated. Users of the old "SAX1"
API functions are encouraged to upgrade to the new "SAX2" API,
available since version 2.6.0 from 2003.
Some deprecated global variables were made const:
- htmlDefaultSAXHandler
- oldXMLWDcompatibility
- xmlDefaultSAXHandler
- xmlDefaultSAXLocator
- xmlParserDebugEntities
### Deprecations and removals
- threads: Deprecate remaining ThrDef functions
- unicode: Deprecate most xmlUCSIs* functions
- memory: Remove memory debugging
- tree: Deprecate xmlRegisterNodeDefault
- tree: Deprecate xmlSetCompressMode
- html: Deprecate htmlHandleOmittedElem
- valid: Deprecate internal validation functions
- valid: Deprecate old DTD serialization API
- nanohttp: Deprecate public API
- Remove VMS support
- Remove Trio
### Bug fixes
- parser: Fix base URI of internal parameter entities
- tree: Handle predefined entities in xmlBufGetEntityRefContent
- schemas: Allow unlimited length decimals, integers etc. (Tomáš Ženčák)
- reader: Fix preservation of attributes
- parser: Always decode entities in namespace URIs
- relaxng: Fix tree corruption in xmlRelaxNGParseNameClass (Seiya Nakata)
- schemas: Fix ADD_ANNOTATION
- tree: Fix tree iteration in xmlDOMWrapRemoveNode
- tree: Declare namespace on clone in xmlDOMWrapCloneNode
- tree: Fix xmlAddSibling with last sibling
- tree: Fix xmlDocSetRootElement with multiple top-level elements
- catalog: Fetch XML catalog before dumping
- html: Don't close fd in htmlCtxtReadFd
### Improvements
- parser: Fix "Truncated multi-byte sequence" error
- Add missing _cplusplus processing clause (Sadaf Ebrahimi)
- parser: Rework handling of undeclared entities
- SAX2: Warn if URI resolution failed
- parser: Don't report error on invalid URI
- xmllint: Clean up option handling
- xmllint: Rework parsing
- parser: Don't create undeclared entity refs in substitution mode
- Make some globals const
- reader: Make xmlTextReaderReadString non-recursive
- reader: Rework xmlTextReaderRead{Inner,Outer}Xml
- Remove redundant size check (Niels Dossche)
- Remove redundant NULL check on cur (Niels Dossche)
- Remove always-false check old == cur (Niels Dossche)
- Remove redundant NULL check on cur (Niels Dossche)
- tree: Don't return empty localname in xmlSplitQName{2,3}
- xinclude: Don't try to fix base of non-elements
- tree: Don't coalesce text nodes in xmlAdd{Prev,Next}Sibling
- SAX2: Optimize appending children
- tree: Align xmlAddChild with other node insertion functions
- html: Use binary search in htmlEntityValueLookup
- io: Allocate output buffer with XML_BUFFER_ALLOC_IO
- encoding: Don't shrink input too early in xmlCharEncOutput
- tree: Tighten source doc check in xmlDOMWrapAdoptNode
- tree: Check destParent->doc in xmlDOMWrapCloneNode
- tree: Refactor text node updates
- tree: Refactor node insertion
- tree: Refactor element creation and parsing of attribute values
- tree: Simplify xmlNodeGetContent, xmlBufGetNodeContent
- buf: Don't use default buffer size for small strings
- string: Fix xmlStrncatNew(NULL, "")
- entities: Don't allow null name in xmlNewEntity
- html: Fix quadratic behavior in htmlNodeDump
- tree: Rewrite xmlSetTreeDoc
- valid: Rework xmlAddID
- tree: Remove unused node types
- tree: Make namespace comparison more consistent
- tree: Don't allow NULL name in xmlSetNsProp
- tree: Rework xmlNodeListGetString
- tree: Rework xmlTextMerge
- tree: Rework xmlNodeSetName
- tree: Simplify xmlAddChild with text parent
- tree: Disallow setting content of entity reference nodes
- tree: Rework xmlReconciliateNs
- schemas: fix spurious warning about truncated snprintf output
(Benjamin Gilbert)
- xmlschemastypes: Remove unreachable if statement (Maks Mishin)
- relaxng: Remove useless if statement (Maks Mishin)
- tree: Check for integer overflow in xmlStringGetNodeList
- http: Improve error message for HTTPS redirects
- catalog: Remove Windows hack
- save: Move DTD serialization code to xmlsave.c
- parser: Report fatal error if document entity couldn't be loaded
- xpath: Fix return of empty node-set in xmlXPathNodeCollectAndTest
- SAX2: Limit entity URI length to 2000 bytes
- parser: Account for full size of non-well-formed entities
- parser: Pop inputs if parsing DTD failed
- parser: Fix quadratic behavior when copying entities
- writer: Implement xmlTextWriterClose
- parser: Avoid duplicate namespace errors
- parser: Add XML_PARSE_NO_XXE parser option
- parser: Make xmlParseContent more useful
- error: Make xmlFormatError public
- encoding: Check whether encoding handlers support input/output
- SAX2: Enforce size limit in xmlSAX2Text with XML_PARSE_HUGE
- parser: Lower maximum entity nesting depth
- parser: Set depth limit to 2048 with XML_PARSE_HUGE
- parser: Implement xmlCtxtSetOptions
- parser: Always prefer option members over bitmask
- parser: Don't modify SAX2 handler if XML_PARSE_SAX1 is set
- parser: Rework parsing of attribute and entity values
- save: Output U+FFFD replacement characters
- parser: Simplify entity size accounting
- parser: Avoid unwanted expansion of parameter entities
- parser: Always copy content from entity to target
- parser: Simplify control flow in xmlParseReference
- parser: Remove xmlSetEntityReferenceFunc feature
- parser: Push general entity input streams on the stack
- parser: Move progressive flag into input struct
- parser: Fix in-parameter-entity and in-external-dtd checks
- xpath: Rewrite substring-before and substring-after
- xinclude: Only set xml:base if necessary
- xinclude: Allow empty nodesets
- parser: Rework general entity parsing
- io: Fix close error handling
- io: Fix read/write error handling
- io: More refactoring and unescaping fixes
- io: Move some code from xmlIO.c to parserInternals.c
- uri: Clean up special parsing modes
- xinclude: Rework xml:base fixup
- parser: Also set document properties when push parsing
- include: Move non-generated parts from xmlversion.h.in
- io: Remove support for HTTP POST
- dict: Move local RNG state to global state
- dict: Get random seed from system PRNG
- io: Don't use "-" to read from stdin
- io: Rework initialization
- io: Consolidate error messages
- xzlib: Fix harmless unsigned integer overflow
- io: Always use unbuffered input
- io: Fix detection of compressed streams
- io: Pass error codes from xmlFileOpenReal to xmlNewInputFromFile
- io: Rework default callbacks
- error: Stop printing some errors by default
- xpath: Don't free nodes of XSLT result value trees
- valid: Fix handling of enumerations
- parser: Allow recovery in xmlParseInNodeContext
- encoding: Support ASCII in xmlLookupCharEncodingHandler
- include: Remove useless 'const' from function arguments
- Avoid EDG -Wignored-qualifiers warnings on wrong 'const *' to '* const'
conversions (makise-homura)
- Avoid EDG deprecation warnings for LCC compiler (makise-homura)
- Avoid EDG -Woverflow warnings on truncating conversions by manually
truncating operand (makise-homura)
- Avoid EDG -Wtype-limits warnings on unsigned comparisons with zero by
conversion from unsigned int to int (makise-homura)
- Avoid using no_sanitize attribute on EDG even if compiler shows as GCC
(makise-homura)
### Build systems
- meson: convert boolean options to feature option (Rosen Penev)
- meson: Pass LIBXML_STATIC in dependency (Andrew Potter)
- meson: fix compilation with local binaries (Rosen Penev)
- meson: don't use dl dependency on old meson (Rosen Penev)
- meson: fix usage as a subproject (Rosen Penev)
- autotools: Fix pthread detection on FreeBSD
- build: Remove --with-fexceptions configuration option
- autotools: Remove --with-coverage configuration option
- build: Disable HTTP support by default
- Stop defining _REENTRANT
- doc: Don't install example code
- meson: Initial commit (Vincent Torri)
- build: Disable support for compression libraries by default
- Set LIBXML2_FOUND if it has been properly configured (Michele Bianchi)
- Makefile.am: omit $(top_builddir) from DEPS and LDADDS (Mike Dalessio)
### Test suite
- runtest: Work around broken EUC-JP support in musl iconv
- runtest: Check for IBM-1141 encoding handler
- fuzz: Add xmllint fuzzer
- fuzz: Add fuzzer for XML reader API
- fuzz: New tree API fuzzer
- tests: Remove testOOM
- Don't let gentest.py cast types to 'const somethingPtr' to avoid
-Wignored-qualifiers (makise-homura)
2.12.8
### Regressions
- parser: Fix performance regression when parsing namespaces
2.12.7
### Security
- [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
### Regressions
- xmllint: Fix --pedantic option
- save: Handle invalid parent pointers in xhtmlNodeDumpOutput
2.12.6
### Regressions
- parser: Fix detection of duplicate attributes in XML namespace
- xmlreader: Fix xmlTextReaderConstEncoding
- html: Fix htmlCreatePushParserCtxt with encoding
- xmllint: Return error code if XPath returns empty nodeset
2.12.5
### Security
- [CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
### Regressions
- parser: Fix crash in xmlParseInNodeContext with HTML documents
2.12.4
### Regressions
- parser: Fix regression parsing standalone declarations
- autotools: Readd --with-xptr-locs configuration option
- parser: Fix build --without-output
- parser: Don't grow or shrink pull parser memory buffers
- io: Fix memory lifetime issue with input buffers
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
6f16477a9c |
core188: Ship libuv
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
1e2a2ffca9 |
libuv: Update to version 1.48.0
- Update from version 1.44.2 to 1.48.0
- Update of rootfile not required
- Changelog
1.48.0
* misc: remove deprecated stalebot file (Jameson Nash)
* build: disable windows asan buildbot (Ben Noordhuis)
* test: don't run tcp_writealot under msan (Ben Noordhuis)
* build,win: remove extraneous -lshell32 (Ben Noordhuis)
* unix: ignore ifaddrs with NULL ifa_addr (Stephen Gallagher)
* unix,win: utility for setting priority for thread (Hao Hu)
* pipe: add back error handling to connect / bind (Jameson Nash)
* test: check if ipv6 link-local traffic is routable (Ben Noordhuis)
* win: remove check for UV_PIPE_NO_TRUNCATE (Jameson Nash)
* linux: disable io_uring on hppa below kernel 6.1.51 (matoro)
* unix,win: fix read past end of pipe name buffer (Ben Noordhuis)
* unix: unbreak macOS < 10.14 (Sergey Fedorov)
* aix: disable ipv6 link local (Abdirahim Musse)
* doc: move cjihrig to emeriti (cjihrig)
* unix: correct pwritev conditional (Bo Anderson)
* test_fs.c: Fix issue on 32-bit systems using btrfs (Stephen Gallagher)
* misc: ignore libuv-release-tool files (Jameson Nash)
* win: honor NoDefaultCurrentDirectoryInExePath env var (Ardi Nugraha)
* idna: fix compilation warning (Saúl Ibarra Corretgé)
* linux: remove HAVE_IFADDRS_H macro (Ben Noordhuis)
* test: skip tcp-write-in-a-row on IBM i (Abdirahim Musse)
* build,win: work around missing uuid.dll on MinGW (Anton Bachin)
* win: stop using deprecated names (Matheus Izvekov)
* unix,win: fix busy loop with zero timeout timers (Matheus Izvekov)
* aix,ibmi: use uv_interface_addresses instead of getifaddrs (Abdirahim Musse)
* linux: fix bind/connect for abstract sockets (Santiago Gimeno)
* win: replace c99 comments with c89 comments (Trevor Flynn)
* build: add .cache clangd folder to .gitignore (Juan José Arboleda)
* unix: support full TCP keep-alive on Solaris (Andy Pan)
* freebsd: fix F_KINFO file path handling (David Carlier)
* linux: retry fs op if unsupported by io_uring (Santiago Gimeno)
* freebsd: fix build on non-intel archs (David Carlier)
* unix: optimize uv__tcp_keepalive cpp directives (Andy Pan)
* linux: disable io_uring on ppc64 and ppc64le (Brad King)
* doc: add very basic Security Policy document (Santiago Gimeno)
* build: re-enable msvc-asan job on CI (Jameson Nash)
* win/spawn: optionally run executable paths with no file extension (Brad King)
* win: fix ESRCH implementation (Jameson Nash)
* unix,win: reset the timer queue on stop (Santiago Gimeno)
* fix: always zero-terminate idna output (Ben Noordhuis)
* fix: reject zero-length idna inputs (Ben Noordhuis)
* test: empty strings are not valid IDNA (Santiago Gimeno)
* Merge pull request from GHSA-f74f-cvh7-c6q6 (Ben Noordhuis)
1.47.0
* test: fix license blurb (Ben Noordhuis)
* linux: fix harmless warn_unused_result warning (Shuduo Sang)
* darwin: fix build warnings (小明)
* linux: don't use io_uring on pre-5.10.186 kernels (Ben Noordhuis)
* fs: fix WTF-8 decoding issue (Jameson Nash)
* test: enable disabled tcp_connect6_error_fault (Ben Noordhuis)
* test: enable disabled fs_link (Ben Noordhuis)
* test: enable disabled spawn_same_stdout_stderr (Ben Noordhuis)
* linux: handle UNAME26 personality (Ben Noordhuis)
* build: move cmake_minimum_required version to 3.9 (Keith Winstein)
* unix: set ipv6 scope id for link-local addresses (Ben Noordhuis)
* unix: match kqueue and epoll code (Trevor Norris)
* win,spawn: allow `%PATH%` to be unset (Kyle Edwards)
* doc: switch to Furo, a more modern Sphinx theme (Saúl Ibarra Corretgé)
* darwin: make TCP_KEEPINTVL and TCP_KEEPCNT available (小明)
* win,fs: avoid winapi macro redefinition (Brad King)
* linux: add missing riscv syscall numbers (michalbiesek)
* doc: fix broken "Shared library" Wikipedia link (Alois Klink)
* unix: get mainline kernel version in Ubuntu (Santiago Gimeno)
* unix: get mainline kernel version in Debian (Ben Noordhuis)
* build: fix qemu install in CI-unix workflow (Santiago Gimeno)
* unix: disable io_uring close on selected kernels (Santiago Gimeno)
* test: skip tests when ipv6 is not available (Santiago Gimeno)
* ibmi: implement ifaddrs, getifaddrs, freeifaddrs (Abdirahim Musse)
* unix: reset signal counters after fork (SmorkalovG)
* win,process: avoid assert after spawning Store app (Jameson Nash)
* unix: remove pread/preadv conditionals (Ben Noordhuis)
* unix: remove pwrite/pwritev conditionals (Ben Noordhuis)
* darwin: remove workaround for data corruption bug (Ben Noordhuis)
* src: default to stream=stderr in handle printer (Ben Noordhuis)
* test: switch to new-style ASSERT_EQ macros (Pleuvens)
* zos: correctly get cpu model in uv_cpu_info() (jolai)
* test: fix get_passwd2 on IBM i (Abdirahim Musse)
* unix: don't malloc on sync uv_fs_read (Ben Noordhuis)
* freebsd: get fs event path with fcntl(F_KINFO) (David Carlier)
* test: switch from ASSERT_* to ASSERT_PTR_* (Pleuvens)
* darwin: workaround apple pthread_cond_wait bug (Julien Roncaglia)
* doc: uv_close should be called after exit callback (Pleuvens)
* test: 192.0.2.0/24 is the actual -TEST-NET-1 (prubel)
* unix: add back preadv/pwritev fallback (Ben Noordhuis)
* unix: rename variable for consistency (Ben Noordhuis)
* unix: merge read/write code into single functions (Ben Noordhuis)
* doc: filename arg to uv_fs_event_cb can be NULL (Ben Noordhuis)
* build,win: we need to link against shell32.lib (Per Allansson)
* unix: no preadv/pwritev workaround if not needed (Jeffrey H. Johnson)
* build: add CI for Windows ARM64 (build only) (Per Allansson)
* linux: disable io_uring on 32 bits arm systems (Ben Noordhuis)
* build: run sanitizers on macos ci (Ben Noordhuis)
* misc: export WTF8 conversion utilities (Jameson Nash)
* build: fix libuv.a file name for cmake (Jameson Nash)
* build: add windows ubsan and clang ci (Matheus Izvekov)
* win: improve accuracy of ProductName between arch (Christian Heimlich)
1.46.0
* Add SHA to ChangeLog (Santiago Gimeno)
* misc: update readthedocs config (Jameson Nash)
* test: remove erroneous RETURN_SKIP (Ben Noordhuis)
* android: disable io_uring support (Ben Noordhuis)
* linux: add some more iouring backed fs ops (Santiago Gimeno)
* build: add autoconf option for disable-maintainer-mode (Jameson Nash)
* fs: use WTF-8 on Windows (Stefan Karpinski)
* unix,win: replace QUEUE with struct uv__queue (Ben Noordhuis)
* linux: fs_read to use io_uring if iovcnt > IOV_MAX (Santiago Gimeno)
* ios: fix uv_getrusage() ru_maxrss calculation (Ben Noordhuis)
* include: update outdated code comment (Ben Noordhuis)
* linux: support abstract unix sockets (Ben Noordhuis)
* unix,win: add UV_PIPE_NO_TRUNCATE flag (Ben Noordhuis)
* unix: add loongarch support (liuxiang88)
* doc: add DPS8M to LINKS.md (Jeffrey H. Johnson)
* include: add EUNATCH errno mapping (Abdirahim Musse)
* src: don't run timers if loop is stopped/unref'd (Trevor Norris)
* win: fix -Wpointer-to-int-cast warning (Ben Noordhuis)
* test,win: fix -Wunused-variable warning (Ben Noordhuis)
* test,win: fix -Wformat warning (Ben Noordhuis)
* linux: work around io_uring IORING_OP_CLOSE bug (Ben Noordhuis)
* win: remove unused functions (Ben Noordhuis)
* bench: add bench to check uv_loop_alive (Trevor Norris)
* test: add uv_cancel test for threadpool (Trevor Norris)
* unix: skip prohibited syscalls on tvOS and watchOS (小明)
* unix,fs: make no_pwritev access thread-safe (Santiago Gimeno)
* unix: fix build for lower versions of Android (小明)
1.45.0
* win: remove stdint-msvc2008.h (Ben Noordhuis)
* android: remove pthread-fixes.c (Ben Noordhuis)
* build: enable MSVC_RUNTIME_LIBRARY setting (自发对称破缺)
* unix: switch to c11 atomics (Ben Noordhuis)
* unix: don't accept() connections in a loop (Ben Noordhuis)
* win: fix off-by-1 buffer overrun in uv_exepath() (Ben Noordhuis)
* build: switch ci from macos-10.15 to macos-11 (Ben Noordhuis)
* win: fix thread race in uv_cwd() and uv_chdir() (Ben Noordhuis)
* unix,win: remove UV_HANDLE_SHUTTING flag (Santiago Gimeno)
* win: support Windows 11 in uv_os_uname() (Luan Devecchi)
* unix: fix uv_getrusage() ru_maxrss reporting (Ben Noordhuis)
* doc: add note about offset -1 in uv_fs_read/write (Steven Schveighoffer)
* test: fix musl libc.a dlerror() test expectation (Ben Noordhuis)
* kqueue: DRY file descriptor deletion logic (Ben Noordhuis)
* linux: teach uv_get_constrained_memory() cgroupsv2 (Ben Noordhuis)
* build: upgrade qemu-user-static package (Ben Noordhuis)
* linux: move epoll.c back into linux-core.c (Ben Noordhuis)
* unix: remove pre-macos 10.8 compatibility hack (Ben Noordhuis)
* unix,win: fix memory leak in uv_fs_scandir() (Ben Noordhuis)
* build: restore qemu download logic (Ben Noordhuis)
* win: fix uv__pipe_accept memory leak (number201724)
* doc: update LINKS.md (Daniel)
* unix: simplify atomic op in uv_tty_reset_mode() (Ben Noordhuis)
* build: add LIBUV_BUILD_SHARED cmake option (Christian Clason)
* linux: remove unused or obsolete syscall wrappers (Ben Noordhuis)
* linux: merge files back into single file (Ben Noordhuis)
* stream: process more than one write req per loop tick (ywave620)
* unix,win: give thread pool threads an 8 MB stack (Ben Noordhuis)
* build: add MemorySanitizer (MSAN) support (Ben Noordhuis)
* doc: add uv_poll_cb status==UV_EBADF note (jensbjorgensen)
* build: support AddressSanitizer on MSVC (Jameson Nash)
* win,pipe: improve method of obtaining pid for ipc (number201724)
* thread: add support for affinity (daomingq)
* include: map ENODATA error code (Ben Noordhuis)
* build: remove bashism from autogen.sh (Santiago Gimeno)
* win,tcp,udp: remove "active streams" optimization (Saúl Ibarra Corretgé)
* win: drop code checking for Windows XP / Server 2k3 (Saúl Ibarra Corretgé)
* unix,win: fix 'sprintf' is deprecated warning (twosee)
* doc: mention close_cb can be NULL (Qix)
* win: optimize udp receive performance (ywave620)
* win: fix an incompatible types warning (twosee)
* doc: document 0 return value for free/total memory (Ben Noordhuis)
* darwin: use hw.cpufrequency again for frequency info (Jameson Nash)
* win,test: change format of TEST_PIPENAME's (Santiago Gimeno)
* win,pipe: fixes in uv_pipe_connect() (Santiago Gimeno)
* misc: fix return value of memory functions (theanarkh)
* src: add new metrics APIs (Trevor Norris)
* thread: add uv_thread_getcpu() (daomingq)
* build: don't use ifaddrs.h on solaris 10 (Edward Humes)
* unix,win: add uv_get_available_memory() (Tim Besard)
* test: fix -Wunused-but-set-variable warnings (Ben Noordhuis)
* doc: bump min supported linux and freebsd versions (Ben Noordhuis)
* Add Socket Runtime to the LINKS.md (Sergey Rubanov)
* unix: drop kfreebsd support (Ben Noordhuis)
* win: fix fstat for pipes and character files (Stefan Stojanovic)
* win: fix -Wunused-variable warning (Ben Noordhuis)
* win: fix -Wunused-function warning (Ben Noordhuis)
* build: drop qemu-alpha from ci matrix (Ben Noordhuis)
* win: move child_stdio_buffer out of uv_process_t (Santiago Gimeno)
* test: fix some unreachable code warnings (Santiago Gimeno)
* linux: simplify uv_uptime() (Ben Noordhuis)
* test: unflake fs_event_watch_dir test (Ben Noordhuis)
* darwin: remove unused fsevents symbol lookups (Ben Noordhuis)
* build: add define guard around UV_EXTERN (Zvicii)
* build: add UndefinedBehaviorSanitizer support (Ben Noordhuis)
* build: enable platform_output test on qemu (Ben Noordhuis)
* linux: handle cpu hotplugging in uv_cpu_info() (Ben Noordhuis)
* build: remove unnecessary policy setting (dundargoc)
* docs: add vcpkg instruction step (Jack·Boos·Yu)
* win,fs: fix readlink errno for a non-symlink file (Darshan Sen)
* misc: extend getpw to take uid as an argument (Jameson Nash)
* unix,win: use static_assert when available (Ben Noordhuis)
* docs: delete code Makefile (Jameson Nash)
* docs: add CI for docs PRs (Jameson Nash)
* docs: update Sphinx version on RTD (Jameson Nash)
* doc: clean up license file (Ben Noordhuis)
* test: fix some warnings when compiling tests (panran)
* build,win: add mingw-w64 CI configuration (Jameson Nash)
* build: add CI for distcheck (Jameson Nash)
* unix: remove busy loop from uv_async_send (Jameson Nash)
* doc: document uv_fs_cb type (Tamás Bálint Misius)
* build: Improve build by cmake for Cygwin (erw7)
* build: add libuv:: namespace to libuvConfig.cmake (AJ Heller)
* test: fix ThreadSanitizer thread leak warning (Ben Noordhuis)
* test: fix ThreadSanitizer data race warning (Ben Noordhuis)
* test: fix ThreadSanitizer data race warning (Ben Noordhuis)
* test: fix ThreadSanitizer data race warning (Ben Noordhuis)
* test: cond-skip fork_threadpool_queue_work_simple (Ben Noordhuis)
* test: cond-skip signal_multiple_loops (Ben Noordhuis)
* test: cond-skip tcp_writealot (Ben Noordhuis)
* build: promote tsan ci to must-pass (Ben Noordhuis)
* build: add CI for OpenBSD and FreeBSD (James McCoy)
* build,test: fix distcheck errors (Jameson Nash)
* test: remove bad tty window size assumption (Ben Noordhuis)
* darwin,process: feed kevent the signal to reap children (Jameson Nash)
* unix: abort on clock_gettime() error (Ben Noordhuis)
* test: remove timing-sensitive check (Ben Noordhuis)
* unix: DRY and fix tcp bind error path (Jameson Nash)
* macos: fix fsevents thread race conditions (Ben Noordhuis)
* win: fix leak in uv_chdir (Trevor Norris)
* test: make valgrind happy (Trevor Norris)
* barrier: wait for prior out before next in (Jameson Nash)
* test: fix visual studio 2015 build error (Ben Noordhuis)
* linux: fix ceph copy error truncating readonly files (Bruno Passeri)
* test: silence more valgrind warnings (Trevor Norris)
* doc: add entries to LINKS.md (Trevor Norris)
* win,unix: change execution order of timers (Trevor Norris)
* doc: add trevnorris to maintainers (Trevor Norris)
* linux: remove epoll_pwait() emulation code path (Ben Noordhuis)
* linux: replace unsafe macro with inline function (Ben Noordhuis)
* linux: remove arm oabi support (Ben Noordhuis)
* unix,sunos: SO_REUSEPORT not valid on all sockets (Stacey Marshall)
* doc: consistent single backquote in misc.rst (Jason Zhang)
* src: switch to use C11 atomics where available (Trevor Norris)
* test: don't use static buffer for formatting (Ben Noordhuis)
* linux: introduce io_uring support (Ben Noordhuis)
* linux: fix academic valgrind warning (Ben Noordhuis)
* test: disable signal test under ASan and MSan (Ben Noordhuis)
* linux: add IORING_OP_OPENAT support (Ben Noordhuis)
* linux: add IORING_OP_CLOSE support (Ben Noordhuis)
* linux: remove bug workaround for obsolete kernels (Ben Noordhuis)
* doc: update active maintainers list (Ben Noordhuis)
* test: add ASSERT_OK (Trevor Norris)
* src: fix events/events_waiting metrics counter (Trevor Norris)
* unix,win: add uv_clock_gettime() (Ben Noordhuis)
* build: remove freebsd and openbsd buildbots (Ben Noordhuis)
* win: fix race condition in uv__init_console() (sivadeilra)
* linux: fix logic bug in sqe ring space check (Ben Noordhuis)
* linux: use io_uring to batch epoll_ctl calls (Ben Noordhuis)
* macos: update minimum supported version (Santiago Gimeno)
* docs: fix some typos (cui fliter)
* unix: use memcpy() instead of type punning (Ben Noordhuis)
* test: add additional assert (Mohammed Keyvanzadeh)
* build: export compile_commands.json (Lewis Russell)
* win,process: write minidumps when sending SIGQUIT (Elliot Saba)
* unix: constrained_memory should return UINT64_MAX (Tim Besard)
* unix: handle CQ overflow in iou ring (Santiago Gimeno)
* unix: remove clang compiler warning pragmas (Ben Noordhuis)
* win: fix mingw build (gengjiawen)
* test: fix -Wbool-compare compiler warning (Ben Noordhuis)
* win: define MiniDumpWithAvxXStateContext always (Santiago Gimeno)
* freebsd: hard-code UV_ENODATA definition (Santiago Gimeno)
* linux: work around EOWNERDEAD io_uring kernel bug (Ben Noordhuis)
* linux: fix WRITEV with lots of bufs using io_uring (Santiago Gimeno)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
1bbb3e3684 |
core188: Ship libusb
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |
||
|
Adolf Belka
|
5814de8054 |
libusb: Update to version 1.0.27
- Update from version 1.0.26 to 1.0.27
- Update of rootfile
- Changelog
1.0.27
* New libusb_init_context API to replace libusb_init
* New libusb_get_max_alt_packet_size API
* New libusb_get_platform_descriptor API (BOS)
* Allow setting log callback with libusb_set_option/libusb_init_context
* New WebAssembly + WebUSB backend using Emscripten
* Fix regression in libusb_set_interface_alt_setting
* Fix sync transfer completion race and use-after-free
* Fix hotplug exit ordering
* Linux: NO_DEVICE_DISCOVERY option set per context
* macOS: Fix missing device list cleanup locking
* macOS: Do not clear device data toggle for newer OS versions
* macOS: Fix running binaries on older OS than build host
* Windows: Allow claiming multiple associated interfaces
* Windows: Ignore non-configured devices instead of waiting
* Windows: Improved root hub detection
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
|
||
|
Michael Tremer
|
3807bb2ada |
core188: Ship libsodium
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> |