Adolf Belka [Sat, 17 Dec 2022 12:14:26 +0000 (13:14 +0100)]
samba: Update to version 4.17.4
- Update from version 4.17.3 to 4.17.4
- Update of rootfile (Only the x86_64 rootfile updated with this patch)
- Changelog
Release Notes for Samba 4.17.4
This is the latest stable release of the Samba 4.17 release series.
It also contains security changes in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
RC4-HMAC Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac
session keys for use between modern clients and servers
despite all modern Kerberos implementations supporting
the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members
'kerberos encryption types = legacy' would force
rc4-hmac as a client even if the server supports
aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
o CVE-2022-37967: This is the Samba CVE for the Windows
Kerberos Elevation of Privilege Vulnerability
disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained
delegation permission could forge a more powerful
ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
o CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the
same algorithms as rc4-hmac cryptography in Kerberos,
and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
Note that there are several important behavior changes
included in this release, which may cause compatibility problems
interacting with system still expecting the former behavior.
Please read the advisories of CVE-2022-37966,
CVE-2022-37967 and CVE-2022-38023 carefully!
samba-tool got a new 'domain trust modify' subcommand
This allows "msDS-SupportedEncryptionTypes" to be changed
on trustedDomain objects. Even against remote DCs (including Windows)
using the --local-dc-ipaddress= (and other --local-dc-* options).
See 'samba-tool domain trust modify --help' for further details.
smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
allow nt4 crypto Deprecated no
allow nt4 crypto:COMPUTERACCOUNT New
kdc default domain supported enctypes New (see manpage)
kdc supported enctypes New (see manpage)
kdc force enable rc4 weak session keys New No
reject md5 clients New Default, Deprecated Yes
reject md5 servers New Default, Deprecated Yes
server schannel Deprecated Yes
server schannel require seal New, Deprecated Yes
server schannel require seal:COMPUTERACCOUNT New
winbind sealed pipes Deprecated Yes
Changes since 4.17.3
o Jeremy Allison <jra@samba.org>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15237: CVE-2022-37966.
* BUG 15258: filter-subunit is inefficient with large numbers of knownfails.
o Ralph Boehme <slow@samba.org>
* BUG 15240: CVE-2022-38023.
* BUG 15252: smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories.
o Stefan Metzmacher <metze@samba.org>
* BUG 13135: The KDC logic arround msDs-supportedEncryptionTypes differs from
Windows.
* BUG 14611: CVE-2021-20251 [SECURITY] Bad password count not incremented
atomically.
* BUG 15203: CVE-2022-42898 [SECURITY] krb5_pac_parse() buffer parsing
vulnerability.
* BUG 15206: libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4().
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15230: Memory leak in snprintf replacement functions.
* BUG 15237: CVE-2022-37966.
* BUG 15240: CVE-2022-38023.
* BUG 15253: RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression).
o Noel Power <noel.power@suse.com>
* BUG 15224: pam_winbind uses time_t and pointers assuming they are of the
same size.
o Anoop C S <anoopcs@samba.org>
* BUG 15198: Prevent EBADF errors with vfs_glusterfs.
o Andreas Schneider <asn@samba.org>
* BUG 15237: CVE-2022-37966.
* BUG 15243: %U for include directive doesn't work for share listing
(netshareenum).
* BUG 15257: Stack smashing in net offlinejoin requestodj.
o Joseph Sutton <josephsutton@catalyst.net.nz>
* BUG 15197: Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue.
* BUG 15219: Heimdal session key selection in AS-REQ examines wrong entry.
* BUG 15231: CVE-2022-37967.
* BUG 15237: CVE-2022-37966.
o Nicolas Williams <nico@twosigma.com>
* BUG 14929: CVE-2022-44640 [SECURITY] Upstream Heimdal free of
user-controlled pointer in FAST.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 4 Jan 2023 11:50:00 +0000 (12:50 +0100)]
iperf: Update to version 2.1.8
- Update from version 2.1.7 to 2.1.8
- Update of rootfile not required
- Changelog
2.1.8 (as of August 5th, 2022)
o Add support for --bounceback to perform a repsonsiveness test (see man page for other options)
o add support for working loads with --bounceback
o Fix to wait_tick with Mac OS X
o Various python pyflows commits
o add support for client side tcp-write-time histograms and mean/min/max
o add support for human readable dscp or -T values (see man page)
o udp_accept no longer accepts packets from a previous run as a new connection, this can occur with long network delays
o multiple isoch bug fixes for both UDP and TCP
o isoch server provides mean/min/max/stdev for both frames and packets
o UDP max MTU discovery, requires configure.ac will support --enable-discover-defaultlen prior to compile
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 Jan 2023 11:50:18 +0000 (12:50 +0100)]
iperf3: Update to version 3.12
- Update from version 3.10.1 to 3.12
- Update of rootfile not required
- patch to remove pg flag no longer needed. Source code no longer has pg flag set
in CFLAGS
- Changelog
iperf-3.12 2022-09-30
* Notable user-visible changes
* cJSON has been updated to version 1.7.15 (#1383).
* The --bind <host>%<dev> option syntax now works properly (#1360 /
#1371).
* A server-side file descriptor leak with the --logfile option has
been fixed (#1369 / #1360 / #1369 / #1389 / #1393).
* A bug that caused some large values from TCP_INFO to be misprinted
as negative numbers has been fixed (#1372).
* Using the -k or -n flags with --reverse no longer leak into future
tests (#1363 / #1364).
* There are now various debug level options available with the
--debug option. These can be used to adjust the amount of
debugging output (#1327).
* A new --snd-timeout option has been added to set a termination
timeout for idle TCP connections (#1215 / #1282).
* iperf3 is slightly more robust to out-of-order packets during UDP
connection setup in --reverse mode (#914 / #1123 / #1182 / #1212 /
#1260).
* iperf3 will now use different ports for each direction when the
--cport and --bdir options are set (#1249 / #1259).
* The iperf3 server will now exit if it can't open its log file
(#1225 / #1251).
* Various help message and output fixes have been made (#1299 /
#1330 / #1345 / #1350).
* Various compiler warnings have been fixed (#1211 / #1316).
* Developer-visible changes
* Operation of bootstrap.sh has been fixed and simplified (#1335 /
#1325).
* Flow label support / compatibility under Linux has been improved
(#1310).
* Various minor memory leaks have been fixed (#1332 / #1333).
* A getter/setter has been added for the bind_port parameter
(--cport option). (#1303, #1305)
* Various internal documentation improvements (#1265 / #1285 / #1304).
iperf-3.11 2022-01-31
* Notable user-visible changes
* Update links to Discussions in documentation
* Fix DSCP so that TOS = DSCP * 4 (#1162)
* Fix --bind-dev for TCP streams (#1153)
* Fix interface specification so doesn't overlap with IPv6 link-local
addresses for -c and -B (#1157, #1180)
* Add get/set test_unit_format function declaration to iperf_api.h
* Auto adjustment of test-end condition for file transfers (-F), if no end
condition is set, it will automatically adjust it to file size in bytes
* Exit if idle time expires waiting for a connection in one-off mode (#1187,
#1197)
* Support zerocopy by reverse mode (#1204)
* Update help and manpage text for #1157, support bind device
* Consistently print target_bandwidth in JSON start section (#1177)
* Test bitrate added to JSON output (#1168)
* Remove fsync call after every write to receiving --file (#1176, #1159)
* Update documentation for -w (#1175)
* Fix for #952, different JSON object names for bidir reverse channel
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 Jan 2023 11:50:38 +0000 (12:50 +0100)]
ipset: Update to version 7.17
- Update from version 7.15 to 7.17
- Update of rootfile
- Changelog
7.17
- Tests: When verifying comments/timeouts, make sure entries don't expire
- Tests: Make sure the internal batches add the correct number of elements
- Tests: Verify that hash:net,port,net type can handle 0/0 properly
- Makefile: Create LZMA-compressed dist-files (Phil Sutter)
7.16
- Add new ipset_parse_bitmask() function to the library interface
- test: Make sure no more than 64 clashing elements can be added
to hash:net,iface sets
- netfilter: ipset: add tests for the new bitmask feature (Vishwanath Pai)
- netfilter: ipset: Update the man page to include netmask/bitmask options
(Vishwanath Pai)
- netfilter: ipset: Add bitmask support to hash:netnet (Vishwanath Pai)
- netfilter: ipset: Add bitmask support to hash:ipport (Vishwanath Pai)
- netfilter: ipset: Add bitmask support to hash:ip (Vishwanath Pai)
- netfilter: ipset: Add support for new bitmask parameter (Vishwanath Pai)
- ipset-translate: allow invoking with a path name (Quentin Armitage)
- Fix IPv6 sets nftables translation (Pablo Neira Ayuso)
- Fix typo in ipset-translate man page (Bernhard M. Wiedemann)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 Jan 2023 11:51:01 +0000 (12:51 +0100)]
iw: Update to version 5.19
- Update from version 5.9 to 5.19
- Update of rootfile not required
- Changelog is not avaqilable in the source tarball or on the iw website. Details of
changes only available by reviewing all commits between the two versions in the git
repository
https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 4 Jan 2023 11:51:15 +0000 (12:51 +0100)]
json-c: Update to version 0.16
- Update from version 0.13.1 to 0.16
- Update of rootfile
- json-c moved from building with autotools to building with cmake
This required cmake, curl and libarchive to be moved earlier in make.sh than json-c
- sobump occurs with this change. Identified 28 addons that are linked to json-c
using find-dependencies and added them as additional patches to this patch as a series
for shipping with the core update.
- Changelog
0.16 (up to commit 66dcdf5, 2022-04-13)
Deprecated and removed features:
* JSON_C_OBJECT_KEY_IS_CONSTANT is deprecated in favor of
JSON_C_OBJECT_ADD_CONSTANT_KEY
* Direct access to lh_table and lh_entry structure members is deprecated.
Use access functions instead, lh_table_head(), lh_entry_next(), etc...
* Drop REFCOUNT_DEBUG code.
New features
* The 0.16 release introduces no new features
Build changes
* Add a DISABLE_EXTRA_LIBS option to skip using libbsd
* Add a DISABLE_JSON_POINTER option to skip compiling in json_pointer support.
Significant changes and bug fixes
* Cap string length at INT_MAX to avoid various issues with very long strings.
* json_object_deep_copy: fix deep copy of strings containing '\0'
* Fix read past end of buffer in the "json_parse" command
* Avoid out of memory accesses in the locally provided vasprintf() function
(for those platforms that use it)
* Handle allocation failure in json_tokener_new_ex
* Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL
* printbuf_memset(): set gaps to zero - areas within the print buffer which
have not been initialized by using printbuf_memset
* printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX)
* sprintbuf(): propagate printbuf_memappend errors back to the caller
Optimizations
* Speed up parsing by replacing ctype functions with simplified, faster
non-locale-sensitive ones in json_tokener and json_object_to_json_string.
* Neither vertical tab nor formfeed are considered whitespace per the JSON spec
* json_object: speed up creation of objects, calloc() -> malloc() + set fields
* Avoid needless extra strlen() call in json_c_shallow_copy_default() and
json_object_equal() when the object is known to be a json_type_string.
Other changes
* Validate size arguments in arraylist functions.
* Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c
very early during boot, such as part of cryptsetup.
* Use arc4random() if it's available.
* random_seed: on error, continue to next method instead of exiting the process
* Close file when unable to read from /dev/urandom in get_dev_random_seed()
0.15 (up to commit 870965e, 2020/07/26)
Deprecated and removed features:
* Deprecate `array_list_new()` in favor of `array_list_new2()`
* Remove the THIS_FUNCTION_IS_DEPRECATED define.
* Remove config.h.win32
New features
* Add a `JSON_TOKENER_ALLOW_TRAILING_CHARS` flag to allow multiple objects
to be parsed even when `JSON_TOKENER_STRICT` is set.
* Add `json_object_new_array_ext(int)` and `array_list_new_2(int)` to allow
arrays to be allocated with the exact size needed, when known.
* Add `json_object_array_shrink()` (and `array_list_shrink()`) and use it in
json_tokener to minimize the amount of memory used.
* Add a json_parse binary, for use in testing changes (not installed, but
available in the apps directory).
Build changes
* #639/#621 - Add symbol versions to all exported symbols
* #508/#634 - Always enable -fPIC to allow use of the json-c static library in
other libraries
* Build both static and shared libraries at the same time.
* #626 - Restore compatibility with cmake 2.8
* #471 - Always create directories with mode 0755, regardless of umask.
* #606/#604 - Improve support for OSes like AIX and IBM i, as well as for
MINGW32 and old versions of MSVC
* #451/#617 - Add a DISABLE_THREAD_LOCAL_STORAGE cmake option to disable
the use of thread-local storage.
Significant changes and bug fixes
* Split the internal json_object structure into several sub-types, one for
each json_type (json_object_object, json_object_string, etc...).
This improves memory usage and speed, with the benchmark under
bench/ report 5.8% faster test time and 6%(max RSS)-12%(peak heap)
less memory usage.
Memory used just for json_object structures decreased 27%, so use cases
with fewer arrays and/or strings would benefit more.
* Minimize memory usage in array handling in json_tokener by shrinking
arrays to the exact number of elements parsed. On bench/ benchmark:
9% faster test time, 39%(max RSS)-50%(peak heap) less memory usage.
Add json_object_array_shrink() and array_list_shrink() functions.
* #616 - Parsing of surrogate pairs in unicode escapes now properly handles
incremental parsing.
* Fix incremental parsing of numbers, especially those with exponents, e.g.
so parsing "[0", "e+", "-]" now properly returns an error.
Strict mode now rejects missing exponents ("0e").
* Successfully return number objects at the top level even when they are
followed by a "-", "." or "e". This makes parsing things like "123-45"
behave consistently with things like "123xyz".
Other changes
* #589 - Detect broken RDRAND during initialization; also, fix segfault
in the CPUID check.
* #592 - Fix integer overflows to prevert out of bounds write on large input.
* Protect against division by zero in linkhash, when created with zero size.
* #602 - Fix json_parse_uint64() internal error checking, leaving the retval
untouched in more failure cases.
* #614 - Prevent truncation when custom double formatters insert extra \0's
0.14 (up to commit 9ed00a6, 2020/04/14)
Deprecated and removed features:
* bits.h has been removed
* lh_abort() has been removed
* lh_table_lookup() has been removed, use lh_table_lookup_ex() instead.
* Remove TRUE and FALSE defines, use 1 and 0 instead.
Build changes:
Deprecated and removed features:
* bits.h has been removed
* lh_abort() has been removed
* lh_table_lookup() has been removed, use lh_table_lookup_ex() instead.
* Remove TRUE and FALSE defines, use 1 and 0 instead.
* autoconf support, including autogen.sh, has been removed. See details about cmake, below.
* With the addition of json_tokener_get_parse_end(), access to internal fields of json_tokener, as well as use of many other symbols and types in json_tokener.h, is deprecated now.
* The use of Android.configure.mk to build for Android no longer works, and it is unknown how (or if) the new cmake-based build machinery can be used.
* Reports of success, or pull requests to correct issues are welcome.
Notable improvements and new features
Builds and documentation
* Build machinery has been switched to CMake. See README.md for details about how to build.
* TL;DR: `mkdir build ; cd build ; cmake -DCMAKE_INSTALL_PREFIX=/some/path ../json-c ; make all test install`
* To ease the transition, there is a `cmake-configure` wrapper that emulates the old autoconf-based configure script.
* This has enabled improvements to the build on Windows system; also all public functions have been fixed to be properly exported. For best results, use Visual Studio 2015 or newer.
* The json-c style guide has been updated to specify the use of clang-format, and all code has been reformatted.
* Since many lines of code have trivial changes now, when using git blame, be sure to specify -w
* Numerous improvements have been made to the documentation including function effects on refcounts, when passing a NULL is safe, and so on.
json_tokener changes
* Added a json_tokener_get_parse_end() function to replace direct access of tok->char_offset.
* The char_offset field, and the rest of the json_tokener structure remain exposed for now, but expect a future release to hide it like is done with json_object_private.h
* json_tokener_parse_ex() now accepts a new JSON_TOKENER_VALIDATE_UTF8 flag to validate that input is UTF8.
* If validation fails, json_tokener_get_error(tok) will return json_tokener_error_parse_utf8_string (see enum json_tokener_error).
Other changes and additions
* Add support for unsigned 64-bit integers, uint64_t, to gain one extra bit of magnitude for positive ints.
* json_tokener will now parse values up to UINT64_MAX (18446744073709551615)
* Existing methods returning int32_t or int64_t will cap out-of-range values at INT32_MAX or INT64_MAX, preserving existing behavior.
* The implementation includes the possibility of easily extending this to larger sizes in the future.
* A total of 7 new functions were added:
* json_object_get_uint64 ( struct json_object const* jso )
* json_object_new_uint64 ( uint64_t i )
* json_object_set_uint64 ( struct json_object* jso, uint64_t new_value )
* json_parse_uint64 ( char const* buf, uint64_t* retval )
* See description of uint64 support, above.
* json_tokener_get_parse_end ( struct json_tokener* tok )
* See details under "json_tokener changes", above.
* json_object_from_fd_ex ( int fd, int in_depth )
* Allows the max nesting depth to be specified.
* json_object_new_null ( )
* Simply returns NULL. Its use is not recommended.
* The size of struct json_object has decreased from 96 bytes to 88 bytes.
Testing
* Many updates were made to test cases, increasing code coverage.
* There is now a quick way (JSONC_TEST_TRACE=1) to turn on shell tracing in tests.
* To run tests, use `make test`; the old "check" target no longer exists.
Significant bug fixes
For the full list of issues and pull requests since the previous release, please see issues_closed_for_0.14.md
* [Issue #389](https://github.com/json-c/json-c/issues/389): Add an assert to explicitly crash when _ref_count is corrupted, instead of a later "double free" error.
* [Issue #407](https://github.com/json-c/json-c/issues/407): fix incorrect casts in calls to ctype functions (isdigit and isspace) so we don't crash when asserts are enabled on certain platforms and characters > 128 are parsed.
* [Issue #418](https://github.com/json-c/json-c/issues/418): Fix docs for json_util_from_fd and json_util_from_file to say that they return NULL on failures.
* [Issue #422](https://github.com/json-c/json-c/issues/422): json_object.c:set errno in json_object_get_double() when called on a json_type_string object with bad content.
* [Issue #453](https://github.com/json-c/json-c/issues/453): Fixed misalignment in JSON serialization when JSON_C_TO_STRING_SPACED and JSON_C_TO_STRING_PRETTY are used together.
* [Issue #463](https://github.com/json-c/json-c/issues/463): fix newlocale() call to use LC_NUMERIC_MASK instead of LC_NUMERIC, and remove incorrect comment.
* [Issue #486](https://github.com/json-c/json-c/issues/486): append a missing ".0" to negative double values to ensure they are serialized as floating point numbers.
* [Issue #488](https://github.com/json-c/json-c/issues/488): use JSON_EXPORT on functions so they are properly exported on Windows.
* [Issue #539](https://github.com/json-c/json-c/issues/539): use an internal-only serializer function in json_object_new_double_s() to avoid potential conflicts with user code that uses the json_object_userdata_to_json_string serializer.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Thu, 29 Dec 2022 15:48:02 +0000 (16:48 +0100)]
perl-HTML-Parser: Update to version 3.78
- Update from 3.45 (2005) to 3.78 (2022)
- Update to rootfile
- Changelog
3.78 2022-03-28
* Remove unused variable (GH#26) (Michal Josef Špaček)
3.77 2022-03-14
* Update tests to remove HTML4 specific tags (GH#25) (Jess)
3.76 2021-03-04
* Add a fix for a stack confusion error on `eof`. (GH#21) (Matthew Horsfall
and Chase Whitener)
3.75 2020-08-30
* Clean up the prereqs a bit
* Mark HTML::Filter as deprecated as the docs point out
* Move Parser.pm into the lib directory with the others. This will help
with everything from auto version bumps after releases, to scanning for
prerequisites and spelling errors.
* Fix a few spelling errors in the POD for HTML::Parser
* Clean up the spacing on many examples in HTML::Parser
3.74 2020-08-30
* Fix the order of date and version in this change log. (Thanks, haarg)
* Convert to Dist::Zilla
* Build all prereqs from our cpanfile
* Go through all test files and:
* perltidy
* Use strict/warnings
* Get rid of two-arg open
* Get rid of BAREWORD filehandles
* Fix the eval pattern used
* Only use -w where we catch $SIG{__WARN__}
* Fix encoding problems
* use utf8 where we have unicode in the source
* Fix a typo here and there
* perltidy all of the example apps in eg/
* Add comments explaining the apps in eg/ (GH#13 Thanks, Salvatore Bonaccorso)
* Print out UTF-8 encoded data where sensible in eg/
3.73 2020-08-24
* Cleaned up this changes log.
* Added a .mailmap file to organize contributions accurately.
* Ensure all versions are equal and on the current version
* Add the .mailmap to the MANIFEST
* Change the META information to point to the new GH repository
* Add a .perltidyrc to use going forward
* Add hctype.h and pfunc.h to the dist as static files and stop asking
for them to be built on the user's end.
* Remove t/pod.t from userland testing
* Remove t/pod-coverage.t from userland testing
* Clean up the MANIFEST
* Start testing via GitHub Actions/Workflows
* Protect active parser from being freed (PR 13, RT #115034)
3.72 2016-01-19
* Avoid more clang casting warnings
* Remove trailing whitespace
* Ensure entities expand to utf8 sequences under 'utf8_mode' [RT#99755]
* typo fixes (David Steinbrunner)
* Silence clang warning (Jacques Germishuys)
* const+static-ing (bulk88)
3.71 2013-05-09
* Transform ':' in headers to '-' [RT#80524]
3.70 2013-03-28
* Fix for cross-compiling with Buildroot (François Perrad)
* Comment typo fix
* Fix Issue #3 / RT #84144: HTML::Entities::decode_entities() needs
to call SV_CHECK_THINKFIRST() before checking READONLY flag (Yves Orton)
3.69 2011-10-15
* Documentation fix; encode_utf8 mixup [RT#71151]
* Make it clearer that there are 2 (actually 3) options for handing "UTF-8 garbage"
* Github is the official repo
* Can't be bothered to try to fix the failures that occur on perl-5.6
* fix to TokeParser to correctly handle option configuration (Barbie)
* Aesthetic change: remove extra ; (Jon Jensen)
* Trim surrounding whitespace from extracted URLs. (Ville Skyttä)
3.68 2010-09-01
* Declare the encoding of the POD to be utf8
3.67 2010-08-17
* bleadperl 2154eca7 breaks HTML::Parser 3.66 [RT#60368] (Nicholas Clark)
3.66 2010-07-09
* Fix entity decoding in utf8_mode for the title header
3.65 2010-04-04
* Eliminate buggy entities_decode_old
* Fixed endianness typo [RT#50811] (Salvatore Bonaccorso)
* Documentation Fixes. (Ville Skyttä)
3.64 2009-10-25
* Convert files to UTF-8
* Don't allow decode_entities() to generate illegal Unicode chars
* Copyright 2009
* Remove rendundant (repeated) test
* Make parse_file() method use 3-arg open [RT#49434]
3.63 2009-10-22
* Take more care to prepare the char range for encode_entities [RT#50170]
* decode_entities confused by trailing incomplete entity
3.62 2009-08-13
* Doc patch: Make it clearer what the return value from ->parse is
* HTTP::Header doc typo fix. (Ville Skyttä)
* Do not bother tracking style or script, they're ignored. (Ville Skyttä)
* Bring HTML 5 head elements up to date with WD-html5-20090423. (Ville Skyttä)
* Improve HeadParser performance. (Ville Skyttä)
3.61 2009-06-20
* Test that triggers the crash that Chip fixed
* Complete documented list of literal tags
* Avoid crash (referenced pend_text instead of skipped_text) (Chip Salzenberg)
* Reference HTML::LinkExttor [RT#43164] (Antonio Radici)
3.60 2009-02-09
* Spelling fixes. (Ville Skyttä)
* Test multi-value headers. (Ville Skyttä)
* Documentation improvements. (Ville Skyttä)
* Do not terminate head parsing on the <object> element (added in HTML 4.0). (Ville Skyttä)
* Add support for HTML 5 <meta charset> and new HEAD elements. (Ville Skyttä)
* Short description of the htextsub example (Damyan Ivanov)
* Suppress warning when encode_entities is called with undef [RT#27567] (Mike South)
* HTML::Parser doesn't compile with perl 5.8.0. (Zefram)
3.59 2008-11-24
* Restore perl-5.6 compatibility for HTML::HeadParser.
* Improved META.yml
3.58 2008-11-17
* Suppress "Parsing of undecoded UTF-8 will give garbage" warning
with attr_encoded [RT#29089]
* HTML::HeadParser:
- Recognize the Unicode BOM in utf8_mode as well [RT#27522]
- Avoid ending up with '/' keys attribute in Link headers.
3.57 2008-11-16
* The <iframe> element content is now parsed in literal mode.
* Parsing of <script> and <style> content ends on the first end tag
even when that tag was in a quoted string. That seems to be the
behaviour of all modern browsers.
* Implement backquote() attribute as requested by Alex Kapranoff.
* Test and documentation tweaks from Alex Kapranoff.
3.56 2007-01-12
* Cloning of parser state for compatibility with threads.
Fixed by Bo Lindbergh <blgl@hagernas.com>.
* Don't require whitespace between declaration tokens.
<http://rt.cpan.org/Ticket/Display.html?id=20864>
3.55 2006-07-10
* Treat <> at the end of document as text. Used to be
reported as a comment.
* Improved Firefox compatibility for bad HTML:
- Unclosed <script>, <style> are now treated as empty tags.
- Unclosed <textarea>, <xmp> and <plaintext> treat rest as text.
- Unclosed <title> closes at next tag.
* Make <!a'b> a comment by itself.
3.54 2006-04-28
* Yaakov Belch discovered yet another issue with <script> parsing.
Enabling of 'empty_element_tags' got the parser confused
if it found such a tag for elements that are normally parsed
in literal mode. Of these <script src="..."/> is the only
one likely to be found in documents.
<http://rt.cpan.org//Ticket/Display.html?id=18965>
3.53 2006-04-27
* When ignore_element was enabled it got confused if the
corresponding tags did not nest properly; the end tag
was treated it as if it was a start tag.
Found and fixed by Yaakov Belch <code@yaakovnet.net>.
<http://rt.cpan.org/Ticket/Display.html?id=18936>
3.52 2006-04-26
* Make sure the 'start_document' fires exactly once for
each document parsed. For earlier releases it did not
fire at all for empty documents and could fire multiple
times if parse was called with empty chunks.
* Documentation tweaks and typo fixes.
3.51 2006-03-22
* Named entities outside the Latin-1 range are now only expanded
when properly terminated with ";". This makes HTML::Parser
compatible with Firefox/Konqueror/MSIE when it comes to how these
entities are expanded in attribute values. Firefox does expand
unterminated non-Latin-1 entities in plain text, so here
HTML::Parser only stays compatible with Konqueror/MSIE.
Fixes <http://rt.cpan.org/Ticket/Display.html?id=17962>.
* Fixed some documentation typos spotted by <william@knowmad.com>.
<http://rt.cpan.org/Ticket/Display.html?id=18062>
3.50 2006-02-14
* The 3.49 release didn't compile with VC++ because it mixed code
and declarations. Fixed by Steve Hay <steve.hay@uk.radan.com>.
3.49 2006-02-08
* Events could sometimes still fire after a handler has signaled eof.
* Marked_sections with text ending in square bracket parsed wrong.
Fix provided by <paul.bijnens@xplanation.com>.
<http://rt.cpan.org/Ticket/Display.html?id=16749>
3.48 2005-12-02
* Enabling empty_element_tags by default for HTML::TokeParser
was a mistake. Reverted that change.
<http://rt.cpan.org/Ticket/Display.html?id=16164>
* When processing a document with "marked_sections => 1", the
skipped text missed the first 3 bytes "<![".
<http://rt.cpan.org/Ticket/Display.html?id=16207>
3.47 2005-11-22
* Added empty_element_tags and xml_pic configuration
options. These make it possible to enable these XML
features without enabling the full XML-mode.
* The empty_element_tags is enabled by default for
HTML::TokeParser.
3.46 2005-10-24
* Don't try to treat an literal as space.
This breaks Unicode parsing.
<http://rt.cpan.org/Ticket/Display.html?id=15068>
* The unbroken_text option is now on by default
for HTML::TokeParser.
* HTML::Entities::encode will now encode "'" by default.
* Improved report/ignore_tags documentation by
Norbert Kiesel <nkiesel@tbdnetworks.com>.
* Test suite now use Test::More, by
Norbert Kiesel <nkiesel@tbdnetworks.com>.
* Fix HTML::Entities typo spotted by
Stefan Funke <bundy@adm.arcor.net>.
* Faster load time with XSLoader (perl-5.6 or better now required).
* Fixed POD markup errors in some of the modules.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Peter Müller [Mon, 26 Dec 2022 19:29:51 +0000 (19:29 +0000)]
linux: Disable ACPI configfs support
This is disabled in IPFire 3.x, and projects such as grsecurity
recommend doing so for security reasons as well. Also, skimming through
our source code, there is no point where this ACPI configfs would have
been explicitly mounted, which leads to the assumption that we never
used it anyway.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 26 Dec 2022 19:30:54 +0000 (19:30 +0000)]
linux: Enable Landlock support
From the kernel's documentation:
> Landlock is a sandboxing mechanism that enables processes to restrict
> themselves (and their future children) by gradually enforcing
> tailored access control policies. A Landlock security policy is a
> set of access rights (e.g. open a file in read-only, make a
> directory, etc.) tied to a file hierarchy. Such policy can be
> configured and enforced by any processes for themselves using the
> dedicated system calls: landlock_create_ruleset(),
> landlock_add_rule(), and landlock_restrict_self().
There is no harm in enabling this security feature, so applications
supporting Landlock can benefit from it.
Rolled forward from https://patchwork.ipfire.org/project/ipfire/patch/d7ac0caf-5a7c-bcca-6293-16c773523942@ipfire.org/
to submit all kernel-related changes as a single patchset.
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 30 Dec 2022 12:18:35 +0000 (13:18 +0100)]
jquery: Update to version 3.6.3
- Update from version 3.6.0 to 3.6.3
- There is no rootfile for this package
- Changelog
3.6.3
Build
remove stale Insight package from custom builds (81d5bd17)
Updating the 3.x-stable version to 3.6.3-pre. (2c5b47c4)
Selector
Update Sizzle from 2.3.8 to 2.3.9 (#5177, 8989500e)
3.6.2
CSS
Return undefined for whitespace-only CSS variable values (#5120) (8bea1dec)
Don’t trim whitespace of undefined custom property (#5105, c0db6d70)
Selector
Manipulation: Fix DOM manip within template contents (#5147, 5318e311)
Update Sizzle from 2.3.7 to 2.3.8 (#5147, a1b7ae3b)
Update Sizzle from 2.3.6 to 2.3.7 (#5098, ee0fec05)
Tests
Remove a workaround for a Firefox XML parsing issue (965391ab)
Make Ajax tests pass in iOS 9 (d051e0e3)
3.6.1
CSS
Skip falsy values in `addClass( array )`, compress code (#4998, 9b34bdb1)
Justify use of rtrim on CSS property values (a1373e2e)
Remove a redundant extension from rtrimCSS inclusion in curCSS (509eeb89)
Trim whitespace surrounding CSS Custom Properties values (#4926, 219ccf5c)
Deprecated
Improve $.trim performance for strings with lots of whitespace (69940100)
Docs
Update webpack website in README (410d5cf0)
add link to preview the new CLAs (b24e83bd)
Replace `#NUMBER` Trac issue references with `trac-NUMBER` (95e34b69)
remove expired links from old jquery source (c3c4d207)
Remove links to Web Archive from source (#4981, 4b0d8900)
Update the URL to the latest jQuery build in CONTRIBUTING.md (4bb7d069)
Remove the CLA checkbox in the pull request template (93406490)
Event
Don’t break focus triggering after `.on(focus).off(focus)` (#4867, b3e4a7eb)
Manipulation
Don’t remove HTML comments from scripts (#4904, 924b515d)
Tests
Exclude tests based on compilation flags, not API presence (3.x version) (#5069, bc165128)
Workaround an XML parsing bug in Firefox (be3bd560)
lock colors version to 1.4.0 (fa70e8fd)
Skip ETag AJAX tests on TestSwarm (81fa1e2a)
Allow statusText to be “success” in AJAX tests (7439e221)
Disable CSS Custom Properties tests in old Safari/iOS (e9f77267)
Make Karma browser timeout larger than the QUnit one (a51eec74)
Don’t remove csp.log in the cspClean action of mock.php (ba81326f)
Load the TestSwarm listener via HTTPS (f6f07204)
Switch background image from online file to local 1×1.jpg (8d20cb97)
Strip untypical callback parameter characters from mock.php (b14b62c8)
Infrastructure
Update GitHub Actions (0f6c3d9e)
Add dependabot.yml config (GitHub Actions) (5a363017)
Test on Node 17, update Grunt & `karma-*` packages (9bc0df70)
Separate the install step from running tests in GitHub Actions (cb35067f)
remove travis.yml and travis mentions from core (#4984) (55669883)
Migrate CI to GitHub Actions (b39cfa15)
Test on Node.js 16 instead of 15 (f12cac60)
Take core-js from the external directory as well (752b8981)
Updating the 3.x-stable version to 3.6.1-pre. (3642471e)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 27 Dec 2022 11:59:52 +0000 (12:59 +0100)]
curl: Update to version 7.87.0
- Update from version 7.86.0 to 7.87.0
- Update of rootfile
- version 7.87.0 changed hoiw it deals with deprecated typecheck expressions. This caused
zabbix_agentd build to fail. Curl developers created a commit to fix this in next
version release. Added as patch here. Should be able to be removed with next curl
update.
- Changelog
curl and libcurl 7.87.0
This release includes the following changes:
o curl: add --url-query [52]
o CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit [75]
o lib: add CURL_WRITEFUNC_ERROR to signal write callback error [47]
o openssl: reduce CA certificate bundle reparsing by caching [11]
o version: add a feature names array to curl_version_info_data [67]
This release includes the following bugfixes:
o altsvc: fix rejection of negative port numbers [144]
o aws_sigv4: consult x-%s-content-sha256 for payload hash [102]
o aws_sigv4: fix typos in aws_sigv4.c [101]
o base64: better alloc size [124]
o base64: encode without using snprintf [123]
o base64: faster base64 decoding [120]
o build: assume assert.h is always available [111]
o build: assume errno.h is always available [110]
o c-hyper: CONNECT respones are not server responses [137]
o c-hyper: fix multi-request mechanism [115]
o CI: Change FreeBSD image from 12.3 to 12.4 [108]
o CI: LGTM.com will be shut down in December 2022 [112]
o ci: Remove zuul fuzzing job as it's superseded by CIFuzz
o cmake: check for cross-compile, not for toolchain [54]
o CMake: fix build with `CURL_USE_GSSAPI` [78]
o cmake: really enable warnings with clang [25]
o cmake: set the soname on the shared library [140]
o cmdline-opts/gen.pl: fix the linkifier [64]
o cmdline-opts/page-footer: remove long option nroff formatting
o config-mac: define HAVE_SYS_IOCTL_H [107]
o config-mac: fix typo: size_T -> size_t [125]
o config-mac: remove HAVE_SYS_SELECT_H [116]
o config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW [41]
o configure: require fork for NTLM-WB [36]
o contributors.sh: actually use $CURLWWW instead of just setting it [129]
o cookie: compare cookie prefixes case insensitively [14]
o cookie: expire cookies at once when max-age is negative [45]
o cookie: open cookie jar as a binary file [89]
o curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS [90]
o curl-rustls.m4: on macOS, rustls also needs the Security framework [44]
o curl.h: include <sys/select.h> on SerenityOS [104]
o curl.h: name all public function parameters [118]
o curl.h: reword comment to not use deprecated option [132]
o curl: override the numeric locale and set "C" by force [60]
o curl: timeout in the read callback [15]
o curl_endian: remove Curl_write64_le from header [81]
o curl_get_line: allow last line without newline char [88]
o curl_path: do not add '/' if homedir ends with one [4]
o curl_url_get.3: remove spurious backtick [127]
o curl_url_set.3: document CURLU_DISALLOW_USER [139]
o curl_url_set.3: fix typo [148]
o CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE [1]
o CURLOPT_COOKIEFILE.3: advice => advise [131]
o CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example [31]
o CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" [130]
o CURLOPT_POST.3: Explain setting to 0 changes request type [61]
o docs/curl_ws_send: Fixed typo in websocket docs [114]
o docs/EARLY-RELEASE.md: how to determine an early release [37]
o docs/examples: spell correction ('Retrieve') [119]
o docs/INSTALL.md: expand on static builds [62]
o docs/WEBSOCKET.md: explain the URL use [71]
o docs: add missing parameters for --retry flag [2]
o docs: add more "SEE ALSO" links to CA related pages [82]
o docs: explain the noproxy CIDR notation support [17]
o docs: extend the dump-header documentation [150]
o docs: remove performance note in CURLOPT_SSL_VERIFYPEER [13]
o examples/10-at-a-time: fix possible skipped final transfers [85]
o examples: update descriptions [83]
o ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH [96]
o gen.pl: do not generate CURLHELP bitmask lines > 79 characters [10]
o GHA: clarify workflows permissions, set least possible privilege [79]
o GHA: NSS use clang instead of clang-9 [103]
o gnutls: use common gnutls init and verify code for ngtcp2 [98]
o headers: add endif comments [51]
o HTTP-COOKIES.md: mention that http://localhost is a secure context [76]
o HTTP-COOKIES.md: update the 6265bis link to draft-11 [70]
o http: do not send PROXY more than once [46]
o http: fix the ::1 comparison for IPv6 localhost for cookies [155]
o http: set 'this_is_a_follow' in the Location: logic [40]
o http: use the IDN decoded name in HSTS checks [154]
o hyper: classify headers as CONNECT and 1XX [56]
o hyper: fix handling of hyper_task's when reusing the same address [33]
o idn: remove Curl_win32_ascii_to_idn [153]
o INSTALL: update operating systems and CPU archs [91]
o KNOWN_BUGS: remove eight entries [50]
o lib1560: add some basic IDN host name tests [151]
o lib: connection filters (cfilter) addition to curl: [43]
o lib: feature deprecation warnings in gcc >= 4.3 [58]
o lib: fix some type mismatches and remove unneeded typecasts [12]
o lib: parse numbers with fixed known base 10 [77]
o lib: remove bad set.opt_no_body assignments [42]
o lib: rewind BEFORE request instead of AFTER previous [65]
o lib: sync guard for Curl_getaddrinfo_ex() definition and use [6]
o lib: use size_t or int etc instead of longs [145]
o libcurl-errors.3: remove duplicate word [3]
o libssh2: return error when ssh_hostkeyfunc returns error [121]
o limit-rate.d: see also --rate
o log2changes.pl: wrap long lines at 80 columns [59]
o Makefile.mk: address minor issues [87]
o Makefile.mk: improve a GNU Make hack [122]
o Makefile.mk: portable Makefile.m32 [86]
o maketgz: set the right version in lib/libcurl.plist [53]
o mime: relax easy/mime structures binding [94]
o misc: Fix incorrect spelling [113]
o misc: remove duplicated include files [28]
o misc: typo and grammar fixes [23]
o negtelnetserver.py: have it call its close() method [68]
o netrc.d: provide mutext info [63]
o netware: remove leftover traces [80]
o noproxy: also match with adjacent comma [19]
o noproxy: guard against empty hostnames in noproxy check [136]
o noproxy: tailmatch like in 7.85.0 and earlier [35]
o nroff-scan.pl: detect double highlights
o ntlm: improve comment for encrypt_des [55]
o ntlm: silence ubsan warning about copying from null target_info pointer [69]
o openssl/mbedtls: use %d for outputing port with failf (int) [72]
o openssl: prefix errors with '[lib]/[version]: ' [105]
o os400: use platform socklen_t in Curl_getnameinfo_a [18]
o page-header: grammar improvement (display transfer rate) [126]
o proxy: refactor haproxy protocol handling as connection filter [57]
o README.md: remove badges and xmas-tree garnish [9]
o rtsp: fix RTSP auth [49]
o runtests: --no-debuginfod now disables DEBUGINFOD_URLS [100]
o runtests: do CRLF replacements per section only [97]
o scripts/checksrc.pl: detect duplicated include files [29]
o sendf: change Curl_read_plain to wrap Curl_recv_plain [48]
o sendf: remove unnecessary if condition [26]
o setup: do not require __MRC__ defined for Mac OS 9 builds [117]
o smb/telnet: do not free the protocol struct in *_done() [152]
o socks: fix username max size is 255 (0xFF) [146]
o spellcheck.words: remove 'github' as an accepted word [22]
o ssl-reqd.d: clarify that this is for upgrading connections only [138]
o strcase: use curl_str(n)equal for case insensitive matches [8]
o styled-output.d: this option does not work on Windows [93]
o system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS [133]
o system.h: support 64-bit curl_off_t for NonStop 32-bit [21]
o test1421: fix typo [109]
o test3026: reduce runtime in legacy mingw builds [73]
o tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
o tests: add authorityInfoAccess to generated certs [99]
o tests: add HTTP/3 test case, custom location for proper nghttpx [106]
o tls: backends use connection filters for IO, enabling HTTPS-proxy [92]
o tool: determine the correct fopen option for -D [95]
o tool_cfgable: free the ssl_ec_curves on exit [142]
o tool_cfgable: make socks5_gssapi_nec a boolean [128]
o tool_formparse: avoid clobbering on function params [135]
o tool_getparam: make --no-get work as the opposite of --get [39]
o tool_operate: provide better errmsg for -G with bad URL [16]
o tool_operate: when aborting, make sure there is a non-NULL error buffer [20]
o tool_paramhlp: free the proto strings on exit [141]
o url: move back the IDN conversion of proxy names [74]
o urlapi: reject more bad letters from the host name: &+() [143]
o urldata: change port num storage to int and unsigned short [66]
o vms: remove SIZEOF_SHORT [134]
o vtls: fix build without proxy support [38]
o vtls: localization of state data in filters [84]
o WEBSOCKET.md: fix broken link [30]
o Websocket: fixes for partial frames and buffer updates [7]
o websockets: fix handling of partial frames [32]
o windows: fail early with a missing windres in autotools [5]
o windows: fix linking .rc to shared curl with autotools [24]
o winidn: drop WANT_IDN_PROTOTYPES [27]
o ws: if no connection is around, return error [149]
o ws: return CURLE_NOT_BUILT_IN when websockets not built in [34]
o x509asn1: avoid freeing unallocated pointers [147]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 27 Dec 2022 11:59:53 +0000 (12:59 +0100)]
harfbuzz: Update to version 6.0.0
- Update from version 4.4.1 to 6.0.0
- Update of rootfile
- Changelog
Overview of changes leading to 6.0.0
- A new API have been added to pre-process the face and speed up future
subsetting operations on that face. Provides up to a 95% reduction in
subsetting times when the same face is subset more than once.
For more details and benchmarks, see:
https://github.com/harfbuzz/harfbuzz/blob/main/docs/subset-preprocessing.md
- Shaping have been speedup by skipping entire lookups when the buffer contents
don't intersect with the lookup. Shows up to a 10% speedup in shaping some
fonts. (Behdad Esfahbod)
- A new experimental feature, “Variable Composites” (enabled by passing
-Dexperimental_api=true to meson), is also featured in this release.
This technology enables drastic compression of fonts in the Chinese,
Japanese, Korean, and other writing systems, by reusing the OpenType Font
Variations technology for encoding “smart components” into the font.
The specification for these extensions to the font format can be found in:
https://github.com/harfbuzz/boring-expansion-spec/blob/glyf1/glyf1.md
A test variable-font with ~7160 Hangul syllables derived from the
NotoSerifKR-VF font has been built, with existing OpenType technology, as
well as with the new Variable Composites (VarComposites) technology. The
VarComposites font is over 90% smaller than the OpenType version of the font!
Both fonts can be obtained from the “smarties” repository:
https://github.com/behdad/smarties/tree/3.0/fonts/hangul/serif
When building HarfBuzz with experimental features enabled, you can test
the “smarties” font with a sample character like this:
$ hb-view butchered-hangul-serif-smarties-variable.ttf -u AE01 --variations=wght=700
- The HarfBuzz subsetter can now drop axes by pinning them to specific values
(also referred to as instancing). There are a couple of restrictions
currently:
- Only works with TrueType (“glyf”) based fonts. “CFF2” fonts are not yet
supported.
- Only supports the case where all axes in a font are pinned.
- Miscellaneous fixes and improvements.
- New API
+hb_subset_input_pin_axis_location()
+hb_subset_input_pin_axis_to_default()
+hb_subset_preprocess()
Overview of changes leading to 5.3.1
- Subsetter repacker fixes. (Garret Rieger)
- Adjust Grapheme clusters for Katakana voiced sound marks. (Behdad Esfahbod)
- New “hb-subset” option “--preprocess-face”. (Garret Rieger)
Overview of changes leading to 5.3.0
- Don’t add glyphs from dropped MATH or COLR tables to the subset glyphs.
(Khaled Hosny)
- Map “rlig” to appropriate AAT feature selectors. (Jonathan Kew)
- Update USE data files to latest version. (David Corbett)
- Check “CBDT” extents first before outline tables, to help with fonts that
also include an empty “glyf” table. (Khaled Hosny)
- More work towards variable font instancing in the subsetter. (Qunxin Liu)
- Subsetter repacker improvements. (Garret Rieger)
- New API:
+hb_ot_layout_lookup_get_optical_bound()
+hb_face_builder_sort_tables()
Overview of changes leading to 5.2.0
- Fix regressions in hb-ft font functions for FT_Face’s with transformation
matrix. (Behdad Esfahbod)
- The experimental hb-repacker API now supports splitting several GPOS subtable
types when needed. (Garret Rieger)
- The HarfBuzz extensions to OpenType font format are now opt-in behind
build-time flags. (Behdad Esfahbod)
- The experimental hb-subset variable fonts instantiation API can now
instantiate more font tables and arbitrary axis locations. (Qunxin Liu)
- Unicode 15 support. (David Corbett)
- Various documentation improvements. (Behdad Esfahbod, Matthias Clasen)
- The hb-view command line tool now detects WezTerm inline images support.
(Wez Furlong)
- Fix FreeType and ICU dependency lookup with meson. (Xavier Claessens)
- New API:
+HB_SCRIPT_KAWI
+HB_SCRIPT_NAG_MUNDARI
Overview of changes leading to 5.1.0
- More extensive buffer tracing messages. (Behdad Esfahbod)
- Fix hb-ft regression in bitmap fonts rendering. (Behdad Esfahbod)
- Support extension promotion of lookups in hb-subset-repacker. (Garret Rieger)
- A new HB_GLYPH_FLAG_SAFE_TO_INSERT_TATWEEL for scripts that use elongation
(e.g. Arabic) to signify where it is safe to insert tatweel glyph without
interrupting shaping. (Behdad Esfahbod)
- Add “--safe-to-insert-tatweel” to “hb-shape” tool. (Behdad Esfahbod)
- New API
+HB_GLYPH_FLAG_SAFE_TO_INSERT_TATWEEL
+HB_BUFFER_FLAG_PRODUCE_SAFE_TO_INSERT_TATWEEL
Overview of changes leading to 5.0.1
- Fix version 2 “avar” table with hb-ft. (Behdad Esfahbod)
Overview of changes leading to 5.0.0
- Support fonts with more than 65535 glyphs in “GDEF”, “GSUB”, and “GPOS”
tables. This is part of https://github.com/be-fonts/boring-expansion-spec to
extend OpenType in a backward-compatible way.
(Behdad Esfahbod, Garret Rieger)
- Complete support for more than 65535 glyphs in “glyf” table that started in
4.0.0 release. Part of boring-expansion-spec. (Behdad Esfahbod)
- Support version 2 of “avar” table. Part of boring-expansion-spec.
(Behdad Esfahbod)
- Fix mark attachment on multiple substitutions in some cases.
(Behdad Esfahbod)
- Fix application of “calt”, “rclt”, and “ccmp” features to better match
Uniscribe behaviour with some Arabic fonts. (Behdad Esfahbod)
- Improvement to interaction between multiple cursive attachments.
(Behdad Esfahbod)
- Improve multiple mark interactions in Hebrew. (Behdad Esfahbod)
- Implement language-specific forms in AAT shaping. (Behdad Esfahbod)
- Fix variation of “VORG” table. (Behdad Esfahbod)
- Support for specific script tags to be retained in the subsetter, and add
“--layout-scripts” option to “hb-subset” tool. (Garret Rieger)
- Accept space as delimiter for --features/--variations in command line tools.
- Improve subsetting of “COLR” table. (Qunxin Liu)
- Improved fuzzing coverage for ot-math API. (Frédéric Wang)
- Fix “kern” table version 2 (AAT) sanitization on 32-bit systems.
(Behdad Esfahbod)
- Allow negative glyph advances from “graphite2” shaper. (Stephan Bergmann)
- Implement loading (color) bitmap fonts with hb-ft. (Behdad Esfahbod)
- Fix regression in hb-ft when changing font size. (Behdad Esfahbod)
- Fix build on GCC < 7. (Kleis Auke Wolthuizen)
- Dynamically load dwrite.dll on windows if “directwrite” shaper is enabled.
(Luca Bacci)
- Provide a single-file harfbuzz-subset.cc file for easier alternate building
of hb-subset library, similar to harfbuzz.cc. (Khaled Hosny)
- New API
+HB_SUBSET_SETS_LAYOUT_SCRIPT_TAG
+hb_language_matches()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 27 Dec 2022 11:59:54 +0000 (12:59 +0100)]
libcap: Update to version 2.66
- Update from version 2.64 to 2.66
- Update of rootfile
- Changelog
Release notes for 2.66
Fix documentation typos in cap_from_text.3 (Bug: 216514 reported by Paulo
Andrade.)
Some getpcaps code clean up and a fix for PID argument parsing from Jakub Wilk.
Slightly more robust Makefiles to address an error with make -j48 test
observed by Tomasz Kłoczko.
Include a simple Go program, captrace, to trace kernel capability validation
checks
This program can be used to figure out what capabilities a program needs
to operate.
captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel
for capability checks and whether or not they succeed for the system, a
specific PID or a program's direct execution.
Trim down the default file capabilities for contrib/sucap/su to those
actually needed and set USER and HOME environment variables so bash doesn't
complain about a sourcing error.
Release notes for 2.65
Fix syntax error in DEBUG build of protected code in setcap.c. (Bug reported
by yixiangzhike.)
Prevent bash from reading the wrong startup files when the capsh --user=xxx
argument is used to invoke a shell as the user xxx. This is done by capsh
now changing the USER and HOME environment variables when --user is
specified. The argument --noenv can be used to suppress this behavior to
what used to be the problematic default. (Bug: 215926)
Improved documentation:
Man page info for cap_get_pid() and cap_reset_ambient(). (Bug reports
from nomonemo and Tinkerer One.)
Improve documentation and help for the captree program.
Updated go/Makefile comment about an unfixed Go runtime bug in go1.16 and
go1.17 (resolved in go1.18+), and the deadlock behavior of the psx-fd test.
Refresh the signatures on the two GPG keys morgan@ uses. The 4096 bit one is
preferred, but the older one is also used for continuity reasons. This set
of signatures should also be available from the various key servers out there.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 27 Dec 2022 11:59:55 +0000 (12:59 +0100)]
libcdada: Update to version 0.4.0
- Update from version 0.3.5 to 0.4.0
- Update of rootfile not required
- Update of patch in line with libcdada version
- Changelog
v0.4.0 (12th March 2022)
Add `cdada_map_insert_replace()`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 27 Dec 2022 11:59:59 +0000 (12:59 +0100)]
libgpg-error: Update to version 1.46
- Update from version 1.44 to 1.46
- Update of rootfile
- Changelog
Noteworthy changes in version 1.46 (2022-10-07) [C33/A33/R1]
* Support for bidirectional pipes under Windows. [T6112]
* REG_DWORD types are now support in the Windows Registry.
[rE745d333cf7]
* Added ES_SYSHD_SOCK support for gpgrt_sysopen under Windows.
[rE018ea46a30]
* Fixed gpgrt_log_get_fd for the file case. [T5922]
* Avoids header problem with C11 and "noreturn". [T4002]
* The gpg-error-config command is not installed by default, because
it is now replaced by use of pkg-config/gpgrt-config with
gpg-error.pc. Supply --enable-install-gpg-error-config configure
option, if it's really needed.
* Fixed support of posix-lock for FreeBSD. [rE6e17e70bb7]
* Build fixes for some Mingw tool chain versions. [T5890, T4656]
* Removed remaining support for WindowsCE. [T5912]
* Updated config.guess, config.sub, and config.rpath. [T6078]
* gpg-error-config is now only installed when enabled. [T5683]
* System paths are now stripped from --cflags --and --libs. [T6136]
Release-info: https://dev.gnupg.org/T5923
Noteworthy changes in version 1.45 (2022-04-07) [C33/A33/R0]
* Support the "sysopen" mode parameter for gpgrt_fopen so that file
names longer than MAX_PATH can be supported under Windows.
* gpgrt_access and gpgrt_mkdir now support file names longer than
MAX_PATH.
* gpgrt_fopen now maps "/dev/null" to "nul" on Windows.
* Published some internal helper functions for Windows.
* Interface changes relative to the 1.42 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgrt_free_wchar NEW.
gpgrt_fname_to_wchar NEW.
gpgrt_utf8_to_wchar NEW.
gpgrt_wchar_to_utf8 NEW.
Release-info: https://dev.gnupg.org/T5802
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
projects / ipfire-2.x.git / log
