For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-17-1
"Features
Expose 'statistics-inhibit-zero' as a configuration option; the default
value retains Unbound's behavior.
Expose 'max-sent-count' as a configuration option; the default value
retains Unbound's behavior.
Merge #461 from Christian Allred: Add max-query-restarts option.
Exposes an internal configuration but the default value retains
Unbound's behavior.
Merge #569 from JINMEI Tatuya: add keep-cache option to
'unbound-control reload' to keep caches.
Bug Fixes
Merge #768 from fobser: Arithmetic on a pointer to void is a GNU
extension.
In unit test, print python script name list correctly.
testcode/dohclient sets log identity to its name.
Clarify the use of MAX_SENT_COUNT in the iterator code.
Fix that cachedb does not store failures in the external cache.
Merge #767 from jonathangray: consistently use IPv4/IPv6 in
unbound.conf.5.
Fix to ignore tcp events for closed comm points.
Fix to make sure to not read again after a tcp comm point is closed.
Fix#775: libunbound: subprocess reap causes parent process reap to
hang.
iana portlist update.
Complementary fix for distutils.sysconfig deprecation in Python 3.10 to
commit 62c5039ab9da42713e006e840b7578e01d66e7f2.
Fix#779: [doc] Missing documention in ub_resolve_event() for callback
parameter was_ratelimited.
Ignore expired error responses.
Merge #720 from jonathangray: fix use after free when WSACreateEvent()
fails.
Fix for the ignore of tcp events for closed comm points, preserve the
use after free protection features.
Fix#782: Segmentation fault in stats.c:404.
Add SVCB and HTTPS to the types removed by 'unbound-control flush'.
Clear documentation for interactivity between the subnet module and the
serve-expired and prefetch configuration options.
Fix#773: When used with systemd-networkd, unbound does not start until
systemd-networkd-wait-online.service times out.
Merge #808: Wrap Makefile script's directory variables in quotes.
Fix to wrap Makefile scripts directory in quotes for uninstall.
Fix windows compile for libunbound subprocess reap comm point closes.
Update github workflows to use checkout v3.
Fix wildcard in hyperlocal zone service degradation, reported by Sergey
Kacheev."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
In a future Core Update, the following remnants of OpenSSL 1.1.1 need to
be removed:
/usr/lib/engines-1.1/afalg.so
/usr/lib/engines-1.1/capi.so
/usr/lib/engines-1.1/padlock.so
/usr/lib/libcrypto.so.1.1
/usr/lib/libssl.so.1.1
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Compiling the kernel has automatically introduced
CONFIG_INIT_STACK_ALL_ZERO=y and removed GCC's structleak plugin (not to
be confused with its stackleak counterpart). However, according to
related documentation, this neither introduces a security nor
performance disadvantage.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
- removal of EX-addonsvc.menu entry in config/menu/ as the lfs file for this could not be
found in the IPFire git repo all the way back to CU30
- removal of EX-addonsvc.menu, EX-asterisk.menu and EX-bluetooth.menu which are no longer
in IPfire for two years or longer.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.6.1 to 1.6.3
- Update of rootfile
- Changelog
1.6.3
*) Correct a packaging issue in 1.6.2. The contents of the release were
correct, but the top level directory was misnamed.
1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
*) Teach configure how to find and build against MariaDB 10.2. PR 61517
[Kris Karas <bugs-a17 moonlit-rail.com>]
*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
prevented commoncrypto being enabled. [Graham Leggett]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
apr_dbm_gdbm will now also return error codes starting with
APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always
returning APR_EGENERAL. [Stefan Fritsch]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.0.32 to 2.0.34
- Update of rootfile
- Changelog
2.0.34 2022-09-15 Ted Felix <ted@tedfelix.com>
- 2.0.34 release
(configure.ac) (Ted Felix)
- Add MSG_CMSG_CLOEXEC for systems that are missing it.
(libnetlink.h libnetlink.c kacpimon/libnetlink.h
kacpimon/libnetlink.c)
(Fabrice Fontaine <fontaine.fabrice@gmail.com>)
- Fix a bug with input layer event table not working on 32-bit builds
with 64-bit time types. (input_layer.c) (Ted Felix)
- Use binary search to find input layer events in the table.
(input_layer.c) (Ted Felix)
- Use AC_PROG_CC instead of the obsolete AC_PROG_CC_STDC.
(configure.ac) (Ted Felix)
- Add support for more input layer events. (input_layer.c)
(Ted Felix)
2.0.33 2021-09-15 Ted Felix <ted@tedfelix.com>
- 2.0.33 release
(configure.ac) (Ted Felix)
- Detect newer GNOME power manager.
(powerbtn.sh) (Andrey Utkin <andrey_utkin@gentoo.org>)
- openrc-shutdown: Set shutdown time to 'now'.
(powerbtn.sh) (Jonathan Davies <jpds@protonmail.com>)
- Attempt to open input layer devices whose permissions have changed.
(inotify_handler.c) (Torsten Hilbrich <torsten.hilbrich@secunet.com>)
- Comments added.
(TESTPLAN inotify_handler.c) (Ted Felix)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.3.2 to 2.3.3
- Update of rootfile
- Changelog
2.3.3
1. src/slposdir.c: stat_file now support open file descriptors, in
addition to filenames.
2. src/sltoken.c: Ignore the \r character in multiline strings that
appear to have CRLF line terminators. (Manfred Hanke)
3. *.tm: minor documentation updates
4. src/slang.h: SLANG_VERSION_STRING was missing the "pre" prefix.
5. src/sltermin.c: Added support for TERMINFO_DIRS (based upon a patch
forwarded by Jörg Thalheim)
6. src/slarray.c: src/slarray.c: some integer overflow checks were
resulting undefined behavior (reported by Sergey)
7. modules/csv.sl: Strip leading/trailing whitespace from column names
8. src/slsmg.c,sldisply.c: Removed static buffers with sizes dependent
upon SLTT_MAX_SCREEN_ROWS/COLS in favor of dynamically allocated
ones.
9. modules/chksum-module: added CRC-8,16,32 checksums to the chksum module
10. modules/csv.sl: An error message in the form of a dollar-string
was not marked as such.
11. modules/csv.sl: Added support for empty CSV files
12. src/sltime.c: The timegm function will ignore the tm_wday and
tm_yday fields, and instead use the tm_mon and tm_mday fields.
13. modules/mkfiles/makefile.all: Added a target for chksum_crc.o for
win32/64 platforms (see change #9)
14. modules/chksum-module.c: The memset function was used with the
wrong structure size causing a buffer overflow on 32 bit systems.
15. src/terminfo/parsecaps.sl: Tweaked an auto-generated comment
produced by parsecaps.sl to produce a more deterministic build
(Ian Rogers).
16. src/slarray.c: Changed two instances of index errors to throw an
IndexError exception instead of InvalidParmError exception.
17. src/slposdir.c; The statvfs function was returning a struct with
duplicated f_bsize fields.
18. *.c: In switch statements, changed the /* drop */ comment to /*
fall through */ to avoid gcc-8 warnings.
19. modules/csv.sl: If a comment string appears at the start of a line
forming a multiline string, then treat it as part of the string.
20. slsh/lib/timestamp.sl: Added a function timestamp_parse that parses
strings such as `Thu May 14 18:05:05 2020` and returns the number
of seconds since the Unix epoch.
21. src/slregexp.c: Added \D (non-digit), \s (whitespace), and \S
(non-whitespace).
22. src/slstrops.c: Added a compiled regexp cache
23. src/slstdio.c: Added trim qualifier to the fgetlines intrinsic:
;trim=1 ==> trim trailing whitespace
;trim=2 ==> trim leading whitespace
;trim=3 ==> trim leading and trailing whitespace
24. slsh/lib/timestamp.sl: When matching a regexp to a timestamp,
start with the RE that was used in the previous match.
25. Another timestamp RE tweak to pickup additional irregular forms
26. modules/csv.sl: If a CSV file has a byte-order mark (BOM), ignore it.
27. src/sldisply.c: Increased the buffer size for the SLtt_tgoto
function to allow for larger terminfo strings
28. modules/Makefile.in: Added STATS_OBJS to the clean target
29. src/slstrops.c: The is_substr function was not handling a NULL
argument
30. slsh/lib/timestamp.sl: Corrected a regular expression for a
timestamp with "Z" as the timezone.
31. modules/csv-module.c: Fields with an embedded \r were not being
properly handled.
32. src/slarray.c: Improved the speed of multi-dimensional array
indexing by about a factor of 2
33. slsh/lib/timestamp.sl: The computation of leap days was incorrect
for some years
34. src/slang.h: Added `typedef void (*SLFVOID_STAR)(void)', which
will replace FVOID_STAR in version 3. The library code was
updated to use this.
35. slsh/lib/fswalk.sl: Added an optional callback argument to the
fswalk that is called when leaving a directory.
36. modules/termios-module.c: Avoid a potential problem with the
tcgetpgrp intrinsic in the unlikely case that sizeof(pid_t) is
larger than sizeof(int).
37. src/slarray.c: Simplified the range checking in the
linear_get_data_addr function and removed unused code.
38. Updated the copyright year
39. slsh/lib/fswalk.sl: Change #35 regression: The get_stat function
was being called with the wrong number of arguments.
40. src/slarith.c: Additional binary arithmetic optimizations involving
arrays of char and short.
41. src/slang.c,slarray.c: Added qualifier support to the array_map
function.
42. src/slang.c: Flagged the use of an uninitialized variable as soon
as it is accessed ("pushed") rather than waiting until it is used
("popped"). Fixed a bug in slsh/lib/setfuns.sl:union that was
detected by this change.
43. src/sl-feat.h: Floating point support by the interpreter is now
required. The library has not compiled without it for a long
time. As such, this option is no longer available.
44. */test/*.sl: Surrounded regression test code that makes use of
complex numbers with `#ifexists Complex_Type' so that they run
when the interpreter is compiled without complex variable support.
45. src/slarray.c: The _pSLarray1d_push_elem needed to be exposed when
compiling the interpreter without optimization.
46. src/slarith.c,...: Rewrote the various macros used by this file to
simplify the code, permit better optimization, and easier
maintenance. Some of the loops were also unrolled.
47. src/slarray.c: Made the array bounds index checking code more
uniform for better readability.
48. src/slarray.c: The previous change introduced a bug that caused
array indexing with no (empty) indices to fail.
49. modules/chksum-module.c: When a CRC object went out of scope
without being closed, it would leave its value on the stack.
50. slsh/lib/process.sl: If the file descriptor that is used to
communicate messages from the child process back to the parent is
requested by the caller, then dup an unused one. To facilitate
testing, two additional hooks were added: exit_hook and exec_hook.
51. slsh/lib/cmdopt.sl: If a command line option is associated with a
callback function, and the value of the command line argument is
optional, pass the default value to the callback if not given on
the command line.
52. modules: Added cumulant function to the stats module; updated
regression scripts/unit tests for better code coverage; fixed a
bug in the _zlib_inflate_reset function where deflateReset was
being called instead of inflateReset.
53. slsh/lib: Updated unit/regression tests for better coverage
54. slsh/lib/print.sl: Use >= instead of > when comparing the number
of screen rows to determine if the pager should be used.
55. modules/chksum-module: Added sha224, sha256, sha384, and sha512
algorithms kindly provided by Jakob Stierhof
56. modules/chksum-module: Added HMAC message authentication code
algorithm (Jakob Stierhof)
57. modules/mkfiles/makefile.all: Added chksum_sha2 to the non-Unix
makefile.
58. src/slgetkey.c: Use memmove instead of SLMEMCPY to avoid issues
with coping to an overlapping buffer. (William Ahern)
59. modules/pcre.sl: The options qualifier was not being properly
handled by the pcre_matches function.
60. src/_slang.h,etc: replaced the dependence of the internal
_pSLang_get_run_stack* functions, which return absolute pointers,
in favor of relative offsets.
61. src/slang.c: Made the run-time stack dynamically growable up to a
maximum configured size.
62. modules/: Documentation updates
63. src/: Added _set_bos/f_compile_hook functions to specify a
function to get called when a statement or function gets compiled.
64. src/sllimits.h: Reduced the initial stack size to a value similar
to what it was before change #61.
65. src/slarrfun.c: array_swap was returning a copy of the input array
when when swapping an array element with itself (bug reported by
Jakob Stierhof)
66. modules/csv.sl: If _csv_decode_row fails, include in the error
message the line number of the file where the error was detected
67. modules/socket-module.c: Corrected an error message for the bind
function
68. Updated the copyright year
69. Added slcov script which generates lcov-compatible code coverage
data
70. autoconf/aclocal.m4: Updated to v0.3.4.1
71. slsh/Makefile.in: Changed the order of the linker flags to avoid a
linking problem on MacPorts (Ryan Schmidt)
72. slsh/lib/cmdopt.sl: Corrected a usage message
73. src/slposio.c: Added the flock function for the creation of
advisory locks
74. src/slcurses.h: Added 'extern "C"' to enable the file to be used
in C++ programs; also marked some variables as dynamically
exportable by using SL_EXTERN (Gisle Vanem)
75. src/slstrops.c: "%0*" was being flagged as invalid by the sprintf
function (Jakob Stierhof)
76. modules/csv.sl: When writing a CSV file with a single row, convert
any scalar data values to single element arrays.
77. src/Makefile.in, slsh/Makefile.in: Addressed some dependency
problems found by `make --shuffle` that were causing parallel
builds to fail (Sergei Trofimovich)
78. src/slarray.c: Flag out-of-range indexing of indefinite ranges
involving negative indexes, e.g., x = [1]; y = x[[-2:]];
Previousely this resulted in y = [1,1] instead of an error.
79. modules/csv.sl: Avoid indexing an empty array with a negative
index (detected by change #78)
80. src/slarray:c: #78 was flagging x[[:-2]] as invalid instead of
producing an empty array for x=[1]
81. src/slarray.c: Tweaked the handling of negative indices in
indefinite ranges such that x[[:-i]] will produce an empty array
wheneve i > length(x)
82. src/sltermin.c: Added support for so-called user-defined terminfo
extensions. In particular, if the terminfo file defines RGB=true,
then truecolor support will be enabled.
83. src/sldisply.c: The Has_True_Color variable was not defined for 32
bit systems
84. modules/csv.sl: Improved read speed for large CSV files
85. src/test/posixio.sl: Do not test the flock function using an NFS
mounted direcory, which requires lockd to be running on the server
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.8.0 to 3.9.0
- Update of rootfile
- Changelog
3.9.0.
* We decode Compute Express Link (CXL) capabilities.
* The tree mode of lspci is now compatible with filtering options.
* When setpci is used with a named register, it checks whether
the register is present in the particular header type.
* Linux: The intel-conf[12] back-ends prefer to use ioperm() instead
of iopl() to gain access to I/O ports.
* Windows: We have two new back-ends thanks to Pali Rohár.
One uses the NT SysDbg interface, the other uses kldbgdrv.sys
(which is a part of the Microsoft WinDbg tool).
* Windows: We support building libpci as a DLL. Also, Windows
binaries now include meta-data with version.
* Hurd: The Hurd back-end works again.
* mmio-conf1(-ext): Added a new back-end implementing the intel-conf1
interface over MMIO. This is useful on some ARM machines, but it
requires manual configuration of the MMIO addresses.
* As usually, updated pci.ids to the current snapshot of the database.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.52.21 to 0.52.23
- Update of rootfile
- Changelog
0.52.23
- fix automatic height of menu/list in whiptail (broken in 0.52.22)
- fix automatic width of whiptail --yesno box
- fix automatic width in whiptail with unicode characters
- fix automatic width with whiptail --noitem and --notags options
- fix spacing with longer tags in whiptail
- avoid overlapping backtitle in whiptail with automatic height
0.52.22
- fix crash in whiptail with new libpopt
- switch from usleep to nanosleep (Rosen Penev)
- fix libnewt.pc to enable static linking (Alexey Sheplyakov)
- fix LDFLAGS order in snack linking (Sam James)
- use CFLAGS when compiling snack
- improve configure.ac (Thomas Kuehne)
- install header and libnewt.pc with shared library (Michael Olbrich)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.66 to 2.67
- Update of rootfile
- Changelog
Release notes for 2.67
Replace use of fgrep with grep -F (POSIX grep flags preferred by GNU grep) - patch
from David Seifert.
Added SPDX identifiers to License file(s). Hopefully this will help the various
robots out there correctly identify the longstanding licenses for libcap and friends.
(Bug: 216609 reported by Günther Noack)
Started down the rabbit hole of trying to address (Bug: 216610 reported by Günther
Noack on behalf of Michael Stapelberg)
The basic issue is how to link C code with Go psx without using CGo. This is all
a low level hackery. If you are interested, browse the source.
Correct for bad whatis entries in man pages (this was throwing a Debian build test,
detail)
Also reviewed man pages and addressed cross linkage issues (Bug: 216585)
Cleaned up some README.md files (made a github mirror now just so I can
automatically render them).
Changed meaning of DYNAMIC=no builds.
This now builds everything with static linking except for libc. The reason for
this exception is explained in the commit message.
Inserted demonstration exploit code in capso.so to support article.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.39/doc/arm/html/notes.html#notes-for-bind-9-16-39
"Notes for BIND 9.16.39
Feature Changes
libuv support for receiving multiple UDP messages in a single
recvmmsg() system call has been tweaked several times between libuv
versions 1.35.0 and 1.40.0; the current recommended libuv version is
1.40.0 or higher. New rules are now in effect for running with a
different version of libuv than the one used at compilation time. These
rules may trigger a fatal error at startup:
Building against or running with libuv versions 1.35.0 and 1.36.0
is now a fatal error.
Running with libuv version higher than 1.34.2 is now a fatal error
when named is built against libuv version 1.34.2 or lower.
Running with libuv version higher than 1.39.0 is now a fatal error
when named is built against libuv version 1.37.0, 1.38.0, 1.38.1,
or 1.39.0.
This prevents the use of libuv versions that may trigger an assertion
failure when receiving multiple UDP messages in a single system call.
[GL #3840]
Bug Fixes
named could crash with an assertion failure when adding a new zone into
the configuration file for a name which was already configured as a
member zone for a catalog zone. This has been fixed. [GL #3911]"
When named starts up, it sends a query for the DNSSEC key for each
configured trust anchor to determine whether the key has changed. In
some unusual cases, the query might depend on a zone for which the
server is itself authoritative, and would have failed if it were sent
before the zone was fully loaded. This has now been fixed by delaying
the key queries until all zones have finished loading. [GL #3673]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
It only contains firmware files for some Qualcomm Bluetooth devices, for
which there is no use on IPFire, since we disabled Bluetooth support in
the kernel a long time ago due to security reasons.
To save some space (~ 1.9 MByte), do not ship these files, and delete
them on existing IPFire installations as well.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 10.4.0 to 11.3.0
- Update of rootfile
- Build changed to cmake from version 11.0 onwards
- find-dependencies run due to lib so bump. Only qpdf and cups-filters are linked to
the changed libs. cups-filters being shipped due to a change required because of
qpdf-11.3.0
- Changelog is too large to include here. Details can be found in the ChangeLog file in
the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
This reverts commit 6d3e6cfc16.
Arne informed me via the phone that this patch has to be reverted, since
his changes for riscv64 already made it redundant. Keeping it would
cause rootfile quirks to the riscv64 builds.
Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
- Update from version 1.5.2 to 1.5.4
- Update of rootfile
- Changelog
v1.5.4 (Feb 2023)
perf: +20% faster huffman decompression for targets that can't compile x64 assembly (#3449, @terrelln)
perf: up to +10% faster streaming compression at levels 1-2 (#3114, @embg)
perf: +4-13% for levels 5-12 by optimizing function generation (#3295, @terrelln)
pref: +3-11% compression speed for `arm` target (#3199, #3164, #3145, #3141, #3138, @JunHe77 and #3139, #3160, @danlark1)
perf: +5-30% faster dictionary compression at levels 1-4 (#3086, #3114, #3152, @embg)
perf: +10-20% cold dict compression speed by prefetching CDict tables (#3177, @embg)
perf: +1% faster compression by removing a branch in ZSTD_fast_noDict (#3129, @felixhandte)
perf: Small compression ratio improvements in high compression mode (#2983, #3391, @Cyan4973 and #3285, #3302, @daniellerozenblit)
perf: small speed improvement by better detecting `STATIC_BMI2` for `clang` (#3080, @TocarIP)
perf: Improved streaming performance when `ZSTD_c_stableInBuffer` is set (#2974, @Cyan4973)
cli: Asynchronous I/O for improved cli speed (#2975, #2985, #3021, #3022, @yoniko)
cli: Change `zstdless` behavior to align with `zless` (#2909, @binhdvo)
cli: Keep original file if `-c` or `--stdout` is given (#3052, @dirkmueller)
cli: Keep original files when result is concatenated into a single output with `-o` (#3450, @Cyan4973)
cli: Preserve Permissions and Ownership of regular files (#3432, @felixhandte)
cli: Print zlib/lz4/lzma library versions with `-vv` (#3030, @terrelln)
cli: Print checksum value for single frame files with `-lv` (#3332, @Cyan4973)
cli: Print `dictID` when present with `-lv` (#3184, @htnhan)
cli: when `stderr` is *not* the console, disable status updates, but preserve final summary (#3458, @Cyan4973)
cli: support `--best` and `--no-name` in `gzip` compatibility mode (#3059, @dirkmueller)
cli: support for `posix` high resolution timer `clock_gettime()`, for improved benchmark accuracy (#3423, @Cyan4973)
cli: improved help/usage (`-h`, `-H`) formatting (#3094, @dirkmueller and #3385, @jonpalmisc)
cli: Fix better handling of bogus numeric values (#3268, @ctkhanhly)
cli: Fix input consists of multiple files _and_ `stdin` (#3222, @yoniko)
cli: Fix tiny files passthrough (#3215, @cgbur)
cli: Fix for `-r` on empty directory (#3027, @brailovich)
cli: Fix empty string as argument for `--output-dir-*` (#3220, @embg)
cli: Fix decompression memory usage reported by `-vv --long` (#3042, @u1f35c, and #3232, @zengyijing)
cli: Fix infinite loop when empty input is passed to trainer (#3081, @terrelln)
cli: Fix `--adapt` doesn't work when `--no-progress` is also set (#3354, @terrelln)
api: Support for Block-Level Sequence Producer (#3333, @embg)
api: Support for in-place decompression (#3432, @terrelln)
api: New `ZSTD_CCtx_setCParams()` function, set all parameters defined in a `ZSTD_compressionParameters` structure (#3403, @Cyan4973)
api: Streaming decompression detects incorrect header ID sooner (#3175, @Cyan4973)
api: Window size resizing optimization for edge case (#3345, @daniellerozenblit)
api: More accurate error codes for busy-loop scenarios (#3413, #3455, @Cyan4973)
api: Fix limit overflow in `compressBound` and `decompressBound` (#3362, #3373, Cyan4973) reported by @nigeltao
api: Deprecate several advanced experimental functions: streaming (#3408, @embg), copy (#3196, @mileshu)
bug: Fix corruption that rarely occurs in 32-bit mode with wlog=25 (#3361, @terrelln)
bug: Fix for block-splitter (#3033, @Cyan4973)
bug: Fixes for Sequence Compression API (#3023, #3040, @Cyan4973)
bug: Fix leaking thread handles on Windows (#3147, @animalize)
bug: Fix timing issues with cmake/meson builds (#3166, #3167, #3170, @Cyan4973)
build: Allow user to select legacy level for cmake (#3050, @shadchin)
build: Enable legacy support by default in cmake (#3079, @niamster)
build: Meson build script improvements (#3039, #3120, #3122, #3327, #3357, @eli-schwartz and #3276, @neheb)
build: Add aarch64 to supported architectures for zstd_trace (#3054, @ooosssososos)
build: support AIX architecture (#3219, @qiongsiwu)
build: Fix `ZSTD_LIB_MINIFY` build macro, which now reduces static library size by half (#3366, @terrelln)
build: Fix Windows issues with Multithreading translation layer (#3364, #3380, @yoniko) and ARM64 target (#3320, @cwoffenden)
build: Fix `cmake` script (#3382, #3392, @terrelln and #3252 @Tachi107 and #3167 @Cyan4973)
doc: Updated man page, providing more details for `--train` mode (#3112, @Cyan4973)
doc: Add decompressor errata document (#3092, @terrelln)
misc: Enable Intel CET (#2992, #2994, @hjl-tools)
misc: Fix `contrib/` seekable format (#3058, @yhoogstrate and #3346, @daniellerozenblit)
misc: Improve speed of the one-file library generator (#3241, @wahern and #3005, @cwoffenden)
v1.5.3 (dev version, unpublished)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 6.8 to 7.0.2
- Update of rootfile
- Removal of patch which was needed due to inability to build texinfo-6.8 with glibc-2.34
Problem was fixed for building with glibc-2.34 and onwards with texinfo-7.0
- Changelog
7.0.2 (22 January 2023)
This is a bug-fix release with minimal changes.
* texi2any
. do not distribute architecture-dependent files
. build fixed on OpenIndiana 11
* info
. further fix of recoding of UTF-8 files to ASCII
. fix check for presence of man pages on Solaris
* install-info
. fix build by avoiding function name clash on some platforms
. compiler warning re strncat silenced
7.0.1 (30 November 2022)
This is a bug-fix release with minimal changes.
* texi2any
. avoid crashes on empty @image argument and other potential crashes
(with "Can't use an undefined value as an ARRAY reference" message)
. avoid hang on @ref command inside section command
* info
. fix recoding of UTF-8 files to ASCII when run in C locale
* js
. index search fixed for new HTML output
. some obsolete files removed from distribution
7.0 (7 November 2022)
* texi2any
. LaTeX added as an output format, selected with --latex
. EPUB 3 added as an output format, selected with --epub3
. reform throughout the code in general
. thorough review of character encoding issues
. new customization variables involved with character encoding:
INPUT_FILE_NAME_ENCODING, OUTPUT_FILE_NAME_ENCODING,
DOC_ENCODING_FOR_INPUT_FILE_NAME, DOC_ENCODING_FOR_OUTPUT_FILE_NAME,
MESSAGE_ENCODING and COMMAND_LINE_ENCODING
. warn if full-text commands (@ref, @footnote, @anchor) appear in @w
. new variable NO_TOP_NODE_OUTPUT
. IGNORE_BEFORE_SETFILENAME variable removed. former effect
is now always on.
. HTML output:
. use manual_name_html as output directory for split HTML instead of
manual_name or manual_name.html
. default DOCTYPE declaration changed to plain HTML5 style rather than
HTML4 DTD reference
. output only the CSS rules that are needed in an output file
. remove CSS_LINES variable and add SHOW_BUILTIN_CSS_RULES
(custom CSS can still be output using EXTRA_HEAD)
. use <code> tag for the output of @t and @verb instead of <tt>
. use <abbr> for @acronym instead of <acronym>
. link to table of contents from short table of contents only if a
table of contents is actually output
. prefix classes from @example arguments with `user-'
. percent encode URL in @url/@uref, @email, @image and external
manual file
. new USE_XML_SYNTAX, HTML_ROOT_ELEMENT_ATTRIBUTES and
NO_CUSTOM_HTML_ATTRIBUTE variables can be used to output
valid XHTML
. systematic addition of classes attribute in HTML elements based on the
Texinfo @-command names. renaming of class attributes to avoid
confusion with @-commands formatting and describe the role in the
document rather than the formatting style.
. COPIABLE_ANCHORS renamed to COPIABLE_LINKS
. do not add a title by default; SHOW_TITLE or NO_TOP_NODE_OUTPUT has
to be set
. USE_TITLEPAGE_FOR_TITLE is now true by default
. L2H variable removed, replaced by HTML_MATH set to `l2h'
. rename OVERVIEW_LINK_TO_TOC to SHORT_TOC_LINK_TO_TOC
. rename BEFORE_OVERVIEW to BEFORE_SHORT_TOC_LINE
. rename AFTER_OVERVIEW to AFTER_SHORT_TOC_LINES
. remove PRE_ABOUT, AFTER_ABOUT, and add PROGRAM_NAME_IN_ABOUT
. remove KEEP_TOP_EXTERNAL_REF
. new variables IGNORE_REF_TO_TOP_NODE_UP, CONVERT_TO_LATEX_IN_MATH,
HTMLXREF_MODE and HTMLXREF_FILE
. DocBook output:
. do not output Top node or text before the first @node or sectioning
@-command. NO_TOP_NODE_OUTPUT can be set to false to output Top node
for now.
. replace @definfocenlose defined @-commands by the argument as-is
to be more consistent with printed output
. HTML/DocBook output:
. USE_NUMERIC_ENTITY changed to mean to use numeric entities instead
of named entities. former effect is now always on.
. ENABLE_ENCODING_USE_ENTITY variable removed. former effect is now
always off.
. Info output
. quote problematic node names (with :, comma...) by default
. new customization variable ASCII_PUNCTUATION to use plain ASCII
characters for quotation marks and a few other symbols
* texinfo.tex
. `@microtype on' uses microtypography in formatting for pdfTeX and LuaTeX
. do not ignore @part page immediately following Top node
. do `@set txicodevaristt' to get slanted typewriter for @var in code,
`@clear txicodevaristt' to use slanted, variable-width roman font for
@var everywhere. flag is @set by default, but we may turn this off
in the future.
. new file doc/texinfo-zh.tex for Texinfo documents in Chinese.
new support file doc/txi-zh.tex for Chinese. doc/short-sample-zh.texi is
a sample document.
* info
. better support for index entries containing parentheses
. better support for getting bold text etc. when displaying manpages
. bug fixed where the first index entry in a file could be ignored
. M-C-f closes as well as opens footnotes window
. do not crash if run in Brazilian Portuguese locale
* Language
. @deftype* commands use typewriter font in argument list
. new commands @latex, @iflatex, @ifnotlatex for new LaTeX output format
. do `@set txidefnamenospace' to omit space after a definition name
* Other
. build fixed for glibc 2.34
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.9.12p2 to 1.9.13p2
- Update of rootfile
- Changelog
What's new in Sudo 1.9.13p2
* Fixed the --enable-static-sudoers option, broken in sudo 1.9.13.
GitHub issue #245.
* Fixed a potential double-free bug when matching a sudoers rule
that contains a per-command chroot directive (CHROOT=dir). This
bug was introduced in sudo 1.9.8.
What's new in Sudo 1.9.13p1
* Fixed a typo in the configure script that resulted in a line
like "]: command not found" in the output. GitHub issue #238.
* Corrected the order of the C23 [[noreturn]] attribute in function
prototypes. This fixes a build error with GCC 13. GitHub issue
#239.
* The "check" make target misbehaved when there was more than
one version of the UTF-8 C locale in the output of "locale -a".
GitHub issue #241.
* Removed a dependency on the AC_SYS_YEAR2038 macro in configure.ac.
This was added in autoconf 2.72 but sudo's configure.ac only
required autoconf 2.70.
* Relaxed the autoconf version requirement to version 2.69.
What's new in Sudo 1.9.13
* Fixed a bug running relative commands via sudo when "log_subcmds"
is enabled. GitHub issue #194.
* Fixed a signal handling bug when running sudo commands in a shell
script. Signals were not being forwarded to the command when
the sudo process was not run in its own process group.
* Fixed a bug in cvtsudoers' LDIF parsing when the file ends without
a newline and a backslash is the last character of the file.
* Fixed a potential use-after-free bug with cvtsudoers filtering.
GitHub issue #198.
* Added a reminder to the default lecture that the password will
not echo. This line is only displayed when the pwfeedback option
is disabled. GitHub issue #195.
* Fixed potential memory leaks in error paths. GitHub issues #199,
#202.
* Fixed potential NULL dereferences on memory allocation failure.
GitHub issues #204, #211.
* Sudo now uses C23-style attributes in function prototypes instead
of gcc-style attributes if supported.
* Added a new "list" pseudo-command in sudoers to allow a user to
list another user's privileges. Previously, only root or a user
with the ability to run any command as either root or the target
user on the current host could use the -U option. This also
includes a fix to the log entry when a user lacks permission to
run "sudo -U otheruser -l command". Previously, the logs would
indicate that the user tried to run the actual command, now the
log entry includes the list operation.
* JSON logging now escapes control characters if they happen to
appear in the command or environment.
* New Albanian translation from translationproject.org.
* Regular expressions in sudoers or logsrvd.conf may no longer
contain consecutive repetition operators. This is implementation-
specific behavior according to POSIX, but some implementations
will allocate excessive amounts of memory. This mainly affects
the fuzzers.
* Sudo now builds AIX-style shared libraries and dynamic shared
objects by default instead of svr4-style. This means that the
default sudo plugins are now .a (archive) files that contain a
.so shared object file instead of bare .so files. This was done
to improve compatibility with the AIX Freeware ecosystem,
specifically, the AIX Freeware build of OpenSSL. Sudo will still
load svr4-style .so plugins and if a .so file is requested,
either via sudo.conf or the sudoers file, and only the .a file
is present, sudo will convert the path from plugin.so to
plugin.a(plugin.so) when loading it. This ensures compatibility
with existing configurations. To restore the old, pre-1.9.13
behavior, run configure using the --with-aix-soname=svr4 option.
* Sudo no longer checks the ownership and mode of the plugins that
it loads. Plugins are configured via either the sudo.conf or
sudoers file which are trusted configuration files. These checks
suffered from time-of-check vs. time-of-use race conditions and
complicate loading plugins that are not simple paths. Ownership
and mode checks are still performed when loading the sudo.conf
and sudoers files, which do not suffer from race conditions.
The sudo.conf "developer_mode" setting is no longer used.
* Control characters in sudo log messages and "sudoreplay -l"
output are now escaped in octal format. Space characters in the
command path are also escaped. Command line arguments that
contain spaces are surrounded by single quotes and any literal
single quote or backslash characters are escaped with a backslash.
This makes it possible to distinguish multiple command line
arguments from a single argument that contains spaces.
* Improved support for DragonFly BSD which uses a different struct
procinfo than either FreeBSD or 4.4BSD.
* Fixed a compilation error on Linux arm systems running older
kernels that may not define EM_ARM in linux/elf-em.h.
GitHub issue #232.
* Fixed a compilation error when LDFLAGS contains -Wl,--no-undefined.
Sudo will now link using -Wl,--no-undefined by default if possible.
GitHub issue #234.
* Fixed a bug executing a command with a very long argument vector
when "log_subcmds" or "intercept" is enabled on a system where
"intercept_type" is set to "trace". GitHub issue #194.
* When sudo is configured to run a command in a pseudo-terminal
but the standard input is not connected to a terminal, the command
will now be run as a background process. This works around a
problem running sudo commands in the background from a shell
script where changing the terminal to raw mode could interfere
with the interactive shell that ran the script.
GitHub issue #237.
* A missing include file in sudoers is no longer a fatal error
unless the error_recovery plugin argument has been set to false.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.50.6 to 1.50.13
- Update of rootfile
- Changelog
Overview of changes in 1.50.13, 20-02-2023
- win32: Add back fallback for empty fontsets
- win32: Improve DirectWrite support
- Fix word segmentation for Japanese
- Don't set backspace-deletes-char for math symbols
- coretext: Fix a crash
- cairo: Apply metrics hinting to underlines too
- Treat COLRv1 fonts as color fonts
Overview of changes in 1.50.12, 18-11-2022
- Fix weight conversion on MacOS
- Update to Unicode 15
- Some introspection annotation fixes
- Improve PangoAttrList serialization
- Fix char offset calculatiosn in multi-paragraph
layouts
Overview of changes in 1.50.11, 03-10-2022
- Don't crash for lack of fonts
- Avoid a crash in shaping
Overview of changes in 1.50.10, 16-09-2022
- Avoid some unnecessary strdups
- Fix line height computations with a non-trivial CTM
Overview of changes in 1.50.9, 09-08-2022
- Apply show flags to line separators
- Fix a thread-safety problem
Overview of changes in 1.50.8, 02-07-2022
- Add some properties to fontmap and family
- Fix handling of ligature carets in mixed directions
Overview of changes in 1.50.7, 14-04-2022
- coretext: Fix the build
- editing: Fix moving across paragraph boundaries in rtl
- layout: Try harder to survive without fonts
- Windows: Register a sans-serif font
- Windows: Try harder to load a font
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.13.2 to 0.14.0
- Update of rootfile
- Changelog
2023-02-14 Userspace RCU 0.14.0
* Fix: urcu-bp: only teardown call-rcu worker in destructor
* Fix: rculfhash: urcu_die() takes positive error value
* Fix: call_rcu: teardown default call_rcu worker on application exit
* Fix: join worker thread in call_rcu_data_free
* Docs: clarify grace period polling API
* Document grace period polling in rcu-api.md
* Implement poll rcu stress test in rcutorture
* urcu-memb,mb,signal: Implement grace period polling
* Fix: auto-resize hash table destroy deadlock
* Fix building on MSYS2
* rculfhash: Include rculfhash-internal.h from local directory
* Remove "Darwin" from "should also work on list"
* Merge branch 'adah1972-improve-md'
* Add semicolons at the end of function prototypes
* Wrap a file name in backticks
* Wrap command-line options in backticks
* Fix a wrong format
* Wrap URLs in angle brackets
* Fix Markdown issues
* Fix: Always check pthread_create for failures
* Disable signals in URCU background threads
* Fix: futex.h: include headers outside extern C
* Fix: add missing unused attribute to _rcu_dereference
* Fix: change method used by _rcu_dereference to strip type constness
* Fix: remove type constness in URCU_FORCE_CAST's C++ version
* Move extern "C" down in include/urcu/urcu-bp.h
* fix: ifdef linux specific cpu count compat
* Add unit tests for possible_cpus_array_len
* fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id
* Fix: revise obsolete command in README.md
* Fix: workqueue: remove unused variable "ret"
* Fix: urcu-qsbr: futex wait: handle spurious futex wakeups
* Fix: urcu: futex wait: handle spurious futex wakeups
* Fix: urcu-wait: futex wait: handle spurious futex wakeups
* Fix: defer_rcu: futex wait: handle spurious futex wakeups
* Fix: call_rcu: futex wait: handle spurious futex wakeups
* Fix: workqueue: futex wait: handle spurious futex wakeups
* Fix: Use %lu rather than %ld to print count
* Update ABI definition files
* Bump version current and age
* alpha: allocate membarrier system call number
* Bump version to 0.14.0-pre
* Improved test framework
* rculfhash: introduce cds_lfht_node_init_deleted
* Fix: changelog: v0.13.0 was released in 2021
* cleanup: i386 arch detection
* fix: properly detect 'cmpxchg' on x86-32
* fix: use urcu-tls compat with c++ compiler
* Fix typo
* fix: remove autoconf features default value in help message
* fix: add missing pkgconfig file for memb flavour lib
* Cleanup: Tests: Remove useless pre-C99 compatibility code from tap.h
* Document C99 and C++11 requirement in README.md
* Always use '__thread' for Thread local storage except on MSVC
* Fix: powerpc32: transparent unions alter calling convention
* fix: don't use C++ thread_local on MacOs
* wfcqueue API: implement overloaded wrappers with templates
* wfcqueue: combine C++ API cds_wfcq_head_cast with overloading
* wfstack C++ API: implement overloaded wrappers with templates
* lfstack C++ API: implement overloaded wrappers with templates
* wfstack: combine C++ API cds_wfs_stack_cast with overloading
* lfstack: combine C++ API cds_lfs_stack_cast with overloading
* fix: test_build tap plan
* Test C++ build of list head init
* Fix order of initializers in CDS_LIST_HEAD_INIT
* unit tests: test wfcqueue, wfstack, lfstack empty check functions in C++
* wfcqueue: implement C++ API based on function overloading
* wfstack: implement C++ API based on function overloading
* lfstack: implement C++ API based on function overloading
* Fix tap.h: remove extra semicolon in pass/fail macros
* Add C++ build tests
* Build and run regression and unit tests as C++ programs
* Add --enable-Werror configure switch
* Add `urcu_posix_assert()` as `assert()` replacement
* Rename `urcu_assert()` to `urcu_assert_debug()`
* cleanup: spelling fixes in comments
* Make temporary variable in _rcu_dereference non-const
* (tls-ie2) Fix: x86 and s390: uatomic __hp() macro C++ support
* Fix: x86 and s390: uatomic __hp() macro clang support
* Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 6.0.0 to 7.0.1
- Update of rootfile
- Changelog
Overview of changes leading to 7.0.1
- Various build and bug fixes.
Overview of changes leading to 7.0.0
- New hb-paint API that is designed mainly to paint “COLRv1” glyphs, but can be
also used as a unified API to paint any of the glyph representations
supported by HarfBuzz (B/W outlines, color layers, or color bitmaps).
(Behdad Esfahbod, Matthias Clasen)
- New hb-cairo API for integrating with cairo graphics library. This is provided
as a separate harfbuzz-cairo library. (Behdad Esfahbod, Matthias Clasen)
- Support for instancing “CFF2” table. (Behdad Esfahbod)
- Support font emboldening. (Behdad Esfahbod)
- Support feature ranges with AAT shaping. (Behdad Esfahbod)
- Experimental support to cubic curves in “glyf” table, see
https://github.com/harfbuzz/boring-expansion-spec/blob/main/glyf1-cubicOutlines.md
for spec. (Behdad Esfahbod)
- Various subsetter improvements. (Garret Rieger, Qunxin Liu, Behdad Esfahbod)
- Various documentation improvements.
(Behdad Esfahbod, Matthias Clasen, Khaled Hosny)
- Significantly reduced memory use during shaping. (Behdad Esfahbod)
- Greatly reduced memory use during subsetting “CFF” table. (Behdad Esfahbod)
- New command line utility, hb-info, for querying various font information.
(Behdad Esfahbod, Matthias Clasen)
- New hb-shape/hb-view options: --glyphs, --color-palette, --font-bold,
--font-grade, and --named-instance. (Behdad Esfahbod)
- Miscellaneous fixes and improvements.
(Amir Masoud Abdol, Andres Salomon, Behdad Esfahbod, Chun-wei Fan,
Garret Rieger, Jens Kutilek, Khaled Hosny, Konstantin Käfer, Matthias Clasen,
Nirbheek Chauhan, Pedro J. Estébanez, Qunxin Liu, Sergei Trofimovich)
- New API:
+HB_FONT_NO_VAR_NAMED_INSTANCE
+HB_PAINT_IMAGE_FORMAT_BGRA
+HB_PAINT_IMAGE_FORMAT_PNG
+HB_PAINT_IMAGE_FORMAT_SVG
+hb_cairo_font_face_create_for_face
+hb_cairo_font_face_create_for_font
+hb_cairo_font_face_get_face
+hb_cairo_font_face_get_font
+hb_cairo_font_face_get_scale_factor
+hb_cairo_font_face_set_font_init_func
+hb_cairo_font_face_set_scale_factor
+hb_cairo_font_init_func_t
+hb_cairo_glyphs_from_buffer
+hb_cairo_scaled_font_get_font
+hb_color_line_get_color_stops
+hb_color_line_get_color_stops_func_t
+hb_color_line_get_extend
+hb_color_line_get_extend_func_t
+hb_color_line_t
+hb_color_stop_t
+hb_draw_funcs_get_empty
+hb_draw_funcs_get_user_data
+hb_draw_funcs_set_user_data
+hb_face_collect_nominal_glyph_mapping
+hb_font_draw_glyph
+hb_font_draw_glyph_func_t
+hb_font_funcs_set_draw_glyph_func
+hb_font_funcs_set_paint_glyph_func
+hb_font_get_synthetic_bold
+hb_font_get_var_named_instance
+hb_font_paint_glyph
+hb_font_paint_glyph_func_t
+hb_font_set_synthetic_bold
+hb_map_keys
+hb_map_next
+hb_map_update
+hb_map_values
+hb_ot_color_glyph_has_paint
+hb_ot_color_has_paint
+hb_ot_layout_script_select_language2
+hb_ot_name_id_predefined_t
+hb_paint_color
+hb_paint_color_func_t
+hb_paint_composite_mode_t
+hb_paint_custom_palette_color
+hb_paint_custom_palette_color_func_t
+hb_paint_extend_t
+hb_paint_funcs_create
+hb_paint_funcs_destroy
+hb_paint_funcs_get_empty
+hb_paint_funcs_get_user_data
+hb_paint_funcs_is_immutable
+hb_paint_funcs_make_immutable
+hb_paint_funcs_reference
+hb_paint_funcs_set_color_func
+hb_paint_funcs_set_custom_palette_color_func
+hb_paint_funcs_set_image_func
+hb_paint_funcs_set_linear_gradient_func
+hb_paint_funcs_set_pop_clip_func
+hb_paint_funcs_set_pop_group_func
+hb_paint_funcs_set_pop_transform_func
+hb_paint_funcs_set_push_clip_glyph_func
+hb_paint_funcs_set_push_clip_rectangle_func
+hb_paint_funcs_set_push_group_func
+hb_paint_funcs_set_push_transform_func
+hb_paint_funcs_set_radial_gradient_func
+hb_paint_funcs_set_sweep_gradient_func
+hb_paint_funcs_set_user_data
+hb_paint_funcs_t
+hb_paint_image
+hb_paint_image_func_t
+hb_paint_linear_gradient
+hb_paint_linear_gradient_func_t
+hb_paint_pop_clip
+hb_paint_pop_clip_func_t
+hb_paint_pop_group
+hb_paint_pop_group_func_t
+hb_paint_pop_transform
+hb_paint_pop_transform_func_t
+hb_paint_push_clip_glyph
+hb_paint_push_clip_glyph_func_t
+hb_paint_push_clip_rectangle
+hb_paint_push_clip_rectangle_func_t
+hb_paint_push_group
+hb_paint_push_group_func_t
+hb_paint_push_transform
+hb_paint_push_transform_func_t
+hb_paint_radial_gradient
+hb_paint_radial_gradient_func_t
+hb_paint_sweep_gradient
+hb_paint_sweep_gradient_func_t
+hb_set_is_inverted
+hb_subset_input_keep_everything
- Deprecated API:
+hb_font_funcs_set_glyph_shape_func
+hb_font_get_glyph_shape_func_t
+hb_font_get_glyph_shape
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 3.7.7 to 3.8.0
- Update of rootfile
- Changelog
Version 3.8.0 (unreleased 2023-02-09)
-- libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
[GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
-- libgnutls: C++ library is now header only. All definitions from
gnutlsxx.c have been moved into gnutlsxx.h. Users of the C++
interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
-- libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
-- libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used given
other implementations dropped support for it. To enable back
support for it, supply --enable-heartbeat-support to configure
script.
-- libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not up to
date with the latest TLS standards and its ciphersuites are based
on the CBC mode and SHA-1. To enable it back, supply
--enable-srp-authentication option to configure script.
-- libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
commit-check. You may run devel/indent-gnutls to fix any
indentation issues if you make code modifications.
-- guile: Guile-bindings removed.
They have been extracted into a separate project to reduce complexity
and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
-- minitasn1: Upgraded to libtasn1 version 4.19.
-- API and ABI modifications:
GNUTLS_NO_STATUS_REQUEST: New flag
GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member
GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member
Version 3.7.8 (released 2022-09-27)
-- libgnutls: In FIPS140 mode, RSA signature verification is an approved
operation if the key has modulus with known sizes (1024, 1280,
1536, and 1792 bits), in addition to any modulus sizes larger than
2048 bits, according to SP800-131A rev2.
-- libgnutls: gnutls_session_channel_binding performs additional checks when
GNUTLS_CB_TLS_EXPORTER is requested. According to RFC9622 4.2, the
"tls-exporter" channel binding is only usable when the handshake is
bound to a unique master secret (i.e., either TLS 1.3 or extended
master secret extension is negotiated). Otherwise the function now
returns error.
-- libgnutls: usage of the following functions, which are designed to
loosen restrictions imposed by allowlisting mode of configuration,
has been additionally restricted. Invoking them is now only allowed
if system-wide TLS priority string has not been initialized yet:
gnutls_digest_set_secure
gnutls_sign_set_secure
gnutls_sign_set_secure_for_certs
gnutls_protocol_set_enabled
-- API and ABI modifications:
No changes since last version.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 1.7.0 to 1.7.2
- Update of rootfile
- Changelog
Changes for APR 1.7.2
*) Correct a packaging issue in 1.7.1. The contents of the release were
correct, but the top level directory was misnamed.
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.38/doc/arm/html/notes.html#notes-for-bind-9-16-38
"Notes for BIND 9.16.38
Bug Fixes
A constant stream of zone additions and deletions via rndc reconfig
could cause increased memory consumption due to delayed cleaning of
view memory. This has been fixed. [GL #3801]
The speed of the message digest algorithms (MD5, SHA-1, SHA-2), and of
NSEC3 hashing, has been improved. [GL #3795]
Building BIND 9 failed when the --enable-dnsrps switch for ./configure
was used. This has been fixed. [GL #3827]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from version 0.15.1 to 0.16.0
- Update of rootfile
- According to the forked elinks developer if parallel build is required then meson
should be used for the build. With make they don't believe that it ever ran in
parallel mode.
- This patch modifies the build from autotools to meson and updates the version.
- Parallel build option added back in to meson/ninja flow.
- The build requires git to be present so git moved to just before elinks in make.sh
- Changelog
ELinks 0.16.0
* detect xterm on my computer
ELinks 0.16.0rc1
* alternative mujs engine for js
* bump mozjs to 102
* experimental XHR implementation
* macros in exmode #196
* removed infinite loop, which occurred under BSD #197
* optional terminal hyperlinks in dumps #198
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 20221108 to 20230214
- Update of rootfile
- Changelog - details can be found in the releasenote.md file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2.12.1 to 2.13.0
- Update of rootfile
- Changelog
CHANGES BETWEEN 2.12.1 and 2.13.0 (2023-Feb-09)
I. IMPORTANT CHANGES
- The demo program `ftinspect` has been completely updated and much
enhanced. It now combines the functionality of almost all other
graphical FreeType demo programs into a single application based
on the Qt framework. This was Charlie Jiang's GSoC 2022 project.
- The 'COLR' v1 API is now considered as stable.
https://learn.microsoft.com/en-us/typography/opentype/spec/colr
III. MISCELLANEOUS
- For OpenType Variable Fonts, `avar` table format 2.0 is now
supported. The code was contributed by Behdad Esfahbod.
Note that this is an extension supported on recent Apple platforms
and by HarfBuzz, but not yet in the OpenType standard! See
https://github.com/harfbuzz/boring-expansion-spec/blob/main/avar2.md
for the specification. To deactivate it, define the configuration
macro 'TT_CONFIG_OPTION_NO_BORING_EXPANSION'.
- A new API `FT_GlyphSlot_Slant` to slant a glyph by a given angle
has been added. Note that this function is part of `ftsynth.h`,
which is still considered to be in alpha stage.
- TrueType interpreter version 38 (also known as 'Infinality') that
was first introduced about 10 years ago in FreeType 2.4.11 is now
deprecated and slated to be removed in the next version. TrueType
interpreter version 40 has been FreeType's default version for six
years now and provides an excellent alternative. This is the last
FreeType version with TT_INTERPRETER_VERSION_38 and
TT_INTERPRETER_VERSION_40 treated differently.
- The only referenced but never documented configuration macro
`FT_CONFIG_OPTION_NO_GLYPH_NAMES` has been removed.
- The `ftbench` demo program got a new command line option `-e` to
set a charmap index.
- Specifying a point size is now optional for the demo programs
`ftgrid`, `ftmulti`, `ftstring`, and `ftview`. If not given, a
default size is used.
- For `ftgrid`, `ftstring`, and `ftview`, option `-e` now also
accepts a numeric value to set a charmap index.
- In `ftstring`, it is now possible to set the displayed text
interactively by pressing the 'Enter' key.
- `ftmulti` can now handle up to 16 design axes.
- To avoid reserved identifiers that are globally defined, the
auto-hinter debugging macros (which are only available if
`FT_DEBUG_AUTOFIT` is defined)
```
_af_debug_disable_horz_hints
_af_debug_disable_vert_hints
_af_debug_disable_blue_hints
_af_debug_hints
```
have been renamed to
```
af_debug_disable_horz_hints_
af_debug_disable_vert_hints_
af_debug_disable_blue_hints_
af_debug_hints_
```
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
The developers do not provide a changelog, this time I couldn't
even find a comment.
All I can say:
Running her on Core 172. No seen problems.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
- Update from version 7.0.0.11 to 7.0.4
- Update of rootfile
- Changelog
updated language flags, catch abortcompile throw in non-ragel progs
7.0.3
This version of colm includes a critical fix for big-endian system. Fixes#61.
expect colm version 0.14.6 and version bump ragel to 7.0.3
7.0.2
Latest colm includes bugfixes for refcounting, which fixes a ragel issue with includes #58.
expect colm 0.14.5 and version bump to 7.0.2
7.0.1
removed accidental commit of ragel/.exrc
7.0.0.12
implemented NfaClear in asm codegen
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 0.13.0.6 to 0.14.7
- Update of rootfile
- patch from colm commit fc61ecb required to fix bug of make looking for static and
dynamic libs even if one of them was disabled
- Changelog is not available in source tarball or on website etc. Changes have to be
reviewed by the commits https://github.com/adrian-thurston/colm/commits/0.14.7
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- Update from version 2022e to 2022g
- Update of rootfile
- Changelog is too large to include here. See the NEWS file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
- rngd removed from initscripts lfs and rootfiles due to change of rng-tools to addon
Fixes: Bug#12900
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
- This patch is to move the rng-tools package from a core package to an addon. With the
kernel changes from 5.6 rngd is no longer needed to create the required kernel entropy.
- The results from HRNG's via rngd are used with an XOR after the entropy is
collected by the kernel. So the HWRNG output is used to dilute the kernel random number
data, which is already merged from several sources.
- Based on the above and @Paul's request in the bug report to have rng-tools kept as an
addon this patch set is submitted for consideration to keep rng-tools but as an addon.
- move rng-tools rootfile from common to packages
- Modify rng-tools lfs from core package to addon package
- Create rng-tools pak to install and uninstall - creating rc.d links for start & stop.
- Move rngd initscript from system to packages directory.
- Installed into my vm testbed and confirmed that it works. No rngd daemon installed
from iso install. After addon install rngd is present and running. Added various files
to be able to test the services wui page. rngd shows up and can be turned off and on
Fixes: Bug#12900
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
