Adolf Belka [Tue, 27 Aug 2024 11:54:13 +0000 (13:54 +0200)]
python3-msgpack: Update to version 1.0.8
- Update from version 1.0.7 to 1.0.8
- Update of rootfile
- borgbackup now works with version 1.0.8 of msgpack
- Changelog
1.0.8
exclude C/Cython files from wheel by @methane in #577
Build pure Python wheel for minor architectures.
update Cython to 3.0.8 by @methane in #581
This fixes memory leak when iterating over Unpacker on Python 3.12.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 27 Aug 2024 11:54:12 +0000 (13:54 +0200)]
borgbackup: Update to version 1.4.0
- Update from version 1.2.7 to 1.4.0
- Update of rootfile
- This version now requires libxxhash and can now work with python3-msgpack at version
1.0.8 so additional patch submissions combined with this one for implementation of
libxxhash and for update og python3-msgpack.
- Tested out changes on my vm testbed system and was able to access old repo info and
fusemount the repo successfully and write a new backup. So everything I normally
test is functioning.
- Changelog
1.4.0
Compatibility notes:
By default, borg 1.4 will behave quite similar to borg 1.2 (it was forked off
from 1.2-maint branch at 1.2.7).
- the slashdot hack: be careful not to accidentally give paths containing
/./ to "borg create" if you do not want to trigger this feature (which
strips the left part of the path from archived items).
- BORG_EXIT_CODES=modern is a feature that borg script, wrapper and GUI
authors may want to use to get more specific error and warning return
codes from borg.
In that case, of course they will need to make sure to correctly deal
with these new codes, see the internals/frontends docs.
Other changes:
- vagrant: revive the buster64 box, RHEL8 has same glibc
- tests: fix pytest_report_header, #8232
- docs:
- mount: add examples using :: positional argument, #8255
- Installation: update Arch Linux repo name
- update standalone binary section
1.4.0rc1
Fixes:
- setup.py: fix import error reporting for cythonize import, #8208
- setup.py: detect noexec build fs issue, #8208
Other changes:
- changed insufficiently reserved length for log message, #8152
- use Python 3.11.9, Cython 3.0.10 and PyInstaller 6.7.0 for binary builds
- docs:
- use python 3.9 in cygwin install docs, fixes #8196
- recreate: remove experimental status
- github CI: fix PKG_CONFIG_PATH for openssl 3.0
- vagrant:
- add a ubuntu noble (24.04) VM
- drop buster VM, fixes #8171
1.4.0b2
Fixes:
- check: fix return code for index entry value discrepancies
- benchmark: inherit options --rsh --remote-path, #8099
- sdist: dynamically compute readme (long_description)
- create: deal with EBUSY, #8123
- No need to use OpenSSL 3.0 on OpenBSD, use LibreSSL.
- fix Ctrl-C / SIGINT behaviour for pyinstaller-made binaries, #8155
New features:
- create: add the slashdot hack, update docs, #4685
- upgrade --check-tam: check manifest TAM auth, exit with rc=1 if there
are issues.
- upgrade --check-archives-tam: check archives TAM auth, exit with rc=1
if there are issues.
Other changes:
- improve acl_get / acl_set error handling, improved/added tests, #8125
- remove bundled lz4/zstd/xxhash code (require the respective
libs/headers),
simplify setup.py, remove support for all BORG_USE_BUNDLED_*=YES, #8094
- require Cython 3.0.3 at least (fixes py312 memory leak), #8133
- allow msgpack 1.0.8, #8133
- init: better borg key export instructions
- init: remove compatibility warning for borg <=1.0.8
The warning refers to a compatibility issue not relevant any
more since borg 1.0.9 (released 2016-12).
- locate libacl via pkgconfig
- scripts/make.py: move clean, build_man, build_usage to there,
so we do not need to invoke setup.py directly, update docs
- docs:
- how to run the testsuite using the dist package
- add non-root deployment strategy (systemd / capabilities)
- simplify TAM-related upgrade docs using the new commands
- vagrant:
- use python 3.11.8
- use pyinstaller 6.5.0
- add xxhash for macOS, add libxxhash-dev for debianoid systems
- use openindiana/hipster box
1.4.0b1
Fixes:
- fix CommandError args, #8029
New features:
- implement "borg version" (shows client and server version), #7829
Other changes:
- better error msg for corrupted key data, #8016
- repository: give clean error msg for invalid nonce file, #7967
- check_can_create_repository: deal with PermissionErrors, #7016
- add ConnectionBrokenWithHint for BrokenPipeErrors and similar, #7016
- with-lock: catch exception, print error msg, #8022
- use cython 3.0.8
- modernize msgpack wrapper
- docs:
- add brew bundle instructions (macOS)
- improve docs for borg with-lock, #8022
1.4.0a1
New features:
- BORG_EXIT_CODES=modern: optional more specific return codes (for
errors and warnings).
The default value of this new environment variable is "legacy", which
should result in a behaviour similar to borg 1.2 and older (only using
rc 0, 1 and 2).
"modern" exit codes are much more specific (see the
internals/frontends docs).
Fixes:
- PATH: do not accept empty strings, #4221.
This affects the cli interface of misc. commands (create, extract,
diff, mount, ...) and they now will reject "" (empty string) given as
a path.
Other changes:
- Python: require Python >= 3.9, drop support for 3.8, #6383
- Cython: require Cython >= 3.0, drop support for Cython 0.29.x,
use 3str language level (default in cython3), #7978
- use pyinstaller 6.3.0 and python 3.11 for binary build, #7987
- msgpack: require >= 1.0.3, <= 1.0.7
- replace flake8 by ruff style/issue checker
- tests: remove python-dateutil dependency
- tests: move conftest.py to src/borg/testsuite, #6386
- move misc. config/metadata to pyproject.toml
- vagrant:
- use a freebsd 14 box, #6871
- use generic/openbsd7 box
- use openssl 3 on macOS, FreeBSD, OpenBSD
- remove ubuntu 20.04 "focal" box
- remove debian 9 "stretch" box (remove stretch-based binary builds)
- require recent setuptools and setuptools_scm
- crypto: get rid of deprecated HMAC_* functions to avoid warnings.
Instead, use hmac.digest from Python stdlib.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from version 20231030 to 20240811
- Update of rootfile
- Rootfile reviewed and modified as per steps outlined by @Peter Müller
- AMD have issued firmware fixes for processors affected by the SinkClose vulnerability.
I don't know if they are in this version already or not but I will check for any new
updates periodically. Worth having the fixes just in case even though the likelyhood
is that those processors more likely to be used for IPFire (Ryzen 1000, 2000 & 3000)
will not be getting the fixes generated and provided.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 29 Aug 2024 07:34:54 +0000 (07:34 +0000)]
coreutils: Drop the i18n patch
This patch caused that coreutils had to have to be reconfigured with
"autoreconf". However, we don't have autopoint available at this stage
in the build process and therefore we can't do this here.
I don't really know why we would require the patch and therefore suggest
dropping it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This breaks the build of Ruby on aarch64 (and other non-x86
architectures). A potential fix seems to be available but we cannot
include this as we cannot build Rust from source:
Michael Tremer [Wed, 28 Aug 2024 15:28:42 +0000 (15:28 +0000)]
make.sh: Bind-mount /proc as a workaround for unshare
unshare seems to want to change the mount propagation for /proc
before it has been mounted. In order to workaround that problem,
we bind-mount /proc to itself before.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Aug 2024 12:24:19 +0000 (14:24 +0200)]
openssl: Update to version 3.3.1
- Update from 3.3.0 to 3.3.1
- Update of rootfile not required
- This version has 2 CVE fixes both of which are classified as Low Severity so looks like
they can wait for CU189
- Changelog
3.3.1
* Fixed potential use after free after SSL_free_buffers() is called.
The SSL_free_buffers function is used to free the internal OpenSSL
buffer used when processing an incoming record from the network.
The call is only expected to succeed if the buffer is not currently
in use. However, two scenarios have been identified where the buffer
is freed even when still in use.
The first scenario occurs where a record header has been received
from the network and processed by OpenSSL, but the full record body
has not yet arrived. In this case calling SSL_free_buffers will succeed
even though a record has only been partially processed and the buffer
is still in use.
The second scenario occurs where a full record containing application
data has been received and processed by OpenSSL but the application has
only read part of this data. Again a call to SSL_free_buffers will
succeed even though the buffer is still in use.
([CVE-2024-4741])
* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow.
Applications that use the functions EVP_PKEY_param_check() or
EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
experience long delays. Where the key or parameters that are being checked
have been obtained from an untrusted source this may lead to a Denial of
Service.
To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
reason.
([CVE-2024-4603])
* Improved EC/DSA nonce generation routines to avoid bias and timing
side channel leaks.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Aug 2024 20:07:02 +0000 (22:07 +0200)]
ruby: Update to version 3.3.4
- Update from version 3.3.3 to 3.3.4
- Update of all rootfiles
- Changelog
3.3.4
Bug #20573: Warning.warn shouldn't be called for disabled warnings
Bug #20585: Size of memory allocated by String.new(:capacity) is different
from the specified value
Bug #20581: Ruby 3.3.3 install has missing deps for bundled net-pop gem
Bug #20595: Corruption of encoding name string
Bug #20598: Corruption of internal encoding string
Bug #20562: Categorize RUBY_FREE_AT_EXIT warning
Bug #20468: Segfault on safe navigation in for target
Bug #20592: Interrupting Addrinfo causes Segmentation fault on alpine
Bug #20239: Segmentation fault when using Regex on a large String
Bug #20570: Nokey behavior changed since 3.3.
Bug #20605: Add explicit compiler fence when pushing frames to ensure safe
profiling
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Aug 2024 19:11:09 +0000 (21:11 +0200)]
xfsprogs: Update to version 6.9.0
- Update from version 6.8.0 to 6.9.0
- Update of rootfile not required
- Changelog is not available. List of commits available either at git repo or via
https://www.spinics.net/lists/linux-xfs/msg87640.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Aug 2024 19:11:08 +0000 (21:11 +0200)]
meson: update to version 1.5.1
- Update from version 1.4.0 to 1.5.1
- Update of rootfile
- Changelog of all changes in 1.5.x can be found at
https://mesonbuild.com/Release-notes-for-1-5-0.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Aug 2024 19:11:07 +0000 (21:11 +0200)]
lua: Update to version 5.4.7
- Update from version 5.4.6 to 5.4.7
- Update of rootfile
- Rename of patch file to make it clear that it works with 5.4.7
- Changelog is not available. Details of changes have to be founbd via the list of commits
https://github.com/lua/lua/commits/master
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Aug 2024 19:11:05 +0000 (21:11 +0200)]
gdbm: Update to version 1.24
- Update from version 1.23 to 1.24
- Update of rootfile not required
- Changelog
1.24
* New gdbm_load option: --update
The --update (-U) option instructs gdbm_load to update an existing
database.
* Fix semantics of gdbm_load -r
The --replace (-r) is valid only when used together with --update.
* Use getline in gdbmtool shell.
* New function: gdbm_load_from_file_ext
In contrast to gdbm_load and gdbm_load_from_file, which derive
the value of the flag parameter for gdbm_open from the value
of their "replace" argument, this function allows the caller to
specify it explicitly. The prototype is:
int gdbm_load_from_file_ext (GDBM_FILE *pdbf, FILE *fp,
int flags, int replace,
int meta_mask,
unsigned long *line);
* Bugfixes
** Fix binary dump format for key and/or data of zero size.
(see https://puszcza.gnu.org.ua/bugs/?565)
** Fix location tracking and recover command in gdbtool.
(see https://puszcza.gnu.org.ua/bugs/?566)
** Fix possible buffer underflow in gdbmload.
** Ensure any padding bytes in avail_elem structure are filled with 0.
(fixes https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031276)
** Improve the documentation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Aug 2024 19:11:04 +0000 (21:11 +0200)]
bind: Update to version 9.20.1
- Update from version 9.16.50 to 9.20.1
- Update of rootfile
- The use of liburcu has replaced isc_qsbr in 9.19.4 and therefore the position of
liburcu in make.sh had to be changed.
- --enable-threads, --with-libtool, --without-python & --disable-linux-caps are no longer
reconised configure options (it looks like not recognised for a while.
--without-python is explicitly mentioned as being removed in version 9.15.7
The others are not mentioned in the changelog notes.
- The lib/bind9 and lib/irs directories in the source tarball have been removed. The
The comtents of lib/bind9 have been moved to lib/isc and lib/isccfg and the contents
of lib/irs have been moved to dns.
- The order of the make instructions had to be changed as lib/isccfg required the results
of lib/dns and the build failed without it. Changing the order solved the build problem.
- A large number of CVE fixes have been applied between the new and old version.
5 9.20.0
2 9.19.21
3 9.19.20
1 9.19.17
1 9.19.14
3 9.19.9
5 9.19.5
1 9.19.1
4 9.19.0
1 9.17.19
1 9.17.17
2 9.17.12
5 9.17.4
4 9.17.2
- Changelog is too long to include here - around 5000 lines. For details see the NEWS file
in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Aug 2024 19:11:03 +0000 (21:11 +0200)]
automake: Update to version 1.17
- Update from version 1.16.5 to 1.17
- Update of rootfile
- Changelog
1.17
* New features added
- AM_PATH_PYTHON will, after checking "python", prefer any Python 3
version (latest versions checked first) over any Python 2
version. If a specific version of Python 2 is still needed, the
$PYTHON variable should be set beforehand.
- AM_PATH_PYTHON will also search for Python versions 3.20 through 3.10.
It previously searched for 3.9 through 3.0. (bug#53530)
- RANLIB may be overridden on a per-target basis.
- AM_TEXI2FLAGS may be defined to pass extra flags to TEXI2DVI & TEXI2PDF.
- New option "posix" to emit the special target .POSIX for make.
(bug#55025, bug#67891)
- Systems with non-POSIX "rm -f" behavior are now supported, and the
prior intent to drop support for them has been reversed.
The ACCEPT_INFERIOR_RM_PROGRAM setting no longer exists.
(bug#10828)
- Variables using escaped \# will trigger portability warnings, but be
retained when appended. GNU Make & BSD Makes are known to support it.
(bug#7610)
- GNU Make's default pattern rules are disabled, for speed and debugging.
(.SUFFIXES was already cleared.) (bug#64743)
- For Texinfo documents, if a .texi.in file exists, but no .texi, the
.texi.in will be read. Texinfo source files need not be present at
all, and if present, need not contain @setfilename. Then the file name
as given in the Makefile.am will be used. If @setfilename is present,
it should be the basename of the Texinfo file, extended with .info.
(bug#54063)
- aclocal has a new option --aclocal-path to override $ACLOCAL_PATH.
(https://lists.gnu.org/archive/html/automake-patches/2022-01/msg00029.html)
- The missing script also supports autoreconf, autogen, and perl.
(https://lists.gnu.org/archive/html/automake-patches/2015-08/msg00000.html)
- test-suite.log now contains basic system information, and the
console message about bug reporting on failure has a bit more detail.
(bug#68746, bug#71421)
- When using the (default) "parallel" test driver, you can now omit the
output of skipped tests from test-suite.log by defining the
variable IGNORE_SKIPPED_LOGS to a non-empty value. (bug#71422)
* Bugs fixed
- Generated file timestamp checks handle filesystems with subsecond
timestamp granularity dynamically, greatly speeding up the sleep
done by AC_OUTPUT when generating config.status (all packages) and
Automake's make check.
However, this subsecond-mtime support requires an autom4te from
Autoconf 2.72 or later (or random test failures and other timing
problems may ensue), as well as a Perl, sleep program, make program,
and filesystem that all support subsecond resolution; otherwise, we
fall back to a two-second granularity, not even testing the (common)
1s case since that would induce a 2s delay for all configure scripts
in all packages on all systems that don't support subsecond mtimes.
When everything is supported, a line "Features: subsecond-mtime" is
now printed by automake --version and autom4te --version.
To override this check and delay, e.g. to use 1 second:
am_cv_filesystem_timestamp_resolution=1
export am_cv_filesystem_timestamp_resolution
(commit 720a11531,
https://lists.gnu.org/archive/html/automake-commit/2022-02/msg00009.html
then bug#60808, bug#64756, bug#67670, bug#68808, bug#71652,
history reviewed in
https://lists.gnu.org/archive/html/automake/2024-06/msg00054.html
and more info in surrounding threads.)
- The default value of $ARFLAGS is now "cr" instead of "cru", to better
support deterministic builds. (bug#20082)
- Automake's make dist now uses -9 instead of --best with gzip,
because Alpine gzip does not support --best. Also, GZIP_ENV is used
only for compression, not decompression, because of the same system.
(bug#68151)
- Dependency files are now empty, instead of "# dummy", for speed.
(https://lists.gnu.org/archive/html/automake/2022-05/msg00006.html)
- Compiling Python modules with Python 3.5+ uses multiple optimization
levels. (bug#38043)
- If the Python installation "scheme" is set to posix_local (Debian),
it is reset to either deb_system (if the prefix = /usr), or
posix_prefix (otherwise). (bug#54412, bug#64837)
- As a result of the Python scheme change, the installation directory
for Python files again defaults to "site-packages" under the usual
installation prefix, even on systems (generally Debian-based) that
would normally use the "dist-packages" subdirectory under
/usr/local.
- When compiling Emacs Lisp files, emacs is run with --no-site-file to
disable user config files that might hang or access the terminal;
and -Q is not used, since its support and behavior varies. (bug#58102)
- Emacs Lisp compilations respect silent make output.
- Automake no longer incorrectly warns that the POSIX make variables
$(*D) and the like are non-POSIX. Unfortunately, the make
implementations which do not correctly implement all the POSIX
variables are not detected, but this seems to have little impact
in practice. (bug#9587)
- Pass libtool tags OBJC and OBJCXX for the respective languages.
(bug#67539)
- distcleancheck ignores "silly rename" files (.nfs* .smb* .__afs*)
that can show up on network file systems.
(https://lists.gnu.org/archive/html/automake/2022-09/msg00002.html)
- Pass any options given to AM_PROG_LEX on to AC_PROG_LEX.
(bug#65600, bug#65730)
- aclocal: recognize ; as path separator on OS/2 and Windows. (bug#71534)
- Hash iterations with external effects now consistently sort keys.
(bug#25629, bug#46744)
- tests: avoid some declaration conflicts for lex et al. on SunOS.
(bug#34151 and others)
- tests: declare yyparse before use and use (void) parameter lists
instead of (), to placate C23. (bug#71425)
- Typos in code and other doc fixes. (bug#68003, bug#68004, et al.)
* Obsolescence:
- py-compile no longer supports Python 0.x or 1.x versions. Python 2.0,
released in 2000, is currently the minimum required version.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 16 Jun 2024 16:02:44 +0000 (18:02 +0200)]
initscripts fkt: Fix shebang
We use features only available in bash. So we should state correctly
that the script should be executed in bash. As sh is a symlink to bash
this makes not differences on a ipfire system. But my linter is less
chatty with this change.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 16 Jun 2024 16:02:37 +0000 (18:02 +0200)]
initscript functions: add readhash
To avoid the usage of eval and to store the config in an key value
array, we introduce an new function. The tests only check if we
read the correct value to the correct variable.
One comment on the implementation as this has created some headache:
Jonatan Schlag [Sun, 16 Jun 2024 16:02:32 +0000 (18:02 +0200)]
tests/lib.sh: adjust to pytest logging style
Black on white is still the best to read. So we only style FAILED or
PASSED in green or red. This is also tested with different background
colors. As we only style PASSED or FAILED it works without any problems
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 16 Jun 2024 16:02:29 +0000 (18:02 +0200)]
tests/lib.sh: Add function test_value_in_array
Test if a given array has the specified value stored under key.
! does not work here to access the array by variable name. So the solution here is:
https://unix.stackexchange.com/questions/60584/how-to-use-a-variable-as-part-of-an-array-name/60585#60585
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 21 Aug 2024 18:46:09 +0000 (20:46 +0200)]
minidlna: Add patch to add compatibility with ffmpeg-7.0
- From ffmpeg-7.0 the channel_layout variable has been changed to ch_layout. A minidlna
user has submitted a patch to minidlna in May 2024 to fix this. Without this patch
minidlna fails to build with ffmpeg-7.0 onwards.
- The patch has not yet been merged with minidlna (last commit was in May 2023) so I have
taken the patch and applied it to the minidlna source tarball.
- Update of rootfile not required
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 21 Aug 2024 18:46:08 +0000 (20:46 +0200)]
ffmpeg: Update to version 7.0.2
- Update from version 6.0 to 7.0.2
- Removal of mathpops patch as content now included in source tarball.
- Update of rootfile
- sobump means that mpd, shairport-sync and minidlna need to be shipped
- minidlna also requires an update due to a variable name change from ffmpeg-7.0 onwards
- Changelog
7.0.2
avcodec/snow: Fix off by 1 error in run_buffer
avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow
avformat/iamf_parse: Check for 0 samples
swscale: [loongarch] Fix checkasm-sw_yuv2rgb failure.
avcodec/aacps_tablegen_template: don't redefine CONFIG_HARDCODED_TABLES
avutil/hwcontext_vaapi: use the correct type for VASurfaceAttribExternalBuffers.buffers
avcodec/pcm-bluray/dvd: Use correct pointer types on BE
avcodec/pngenc: fix sBIT writing for indexed-color PNGs
avcodec/pngdec: use 8-bit sBIT cap for indexed PNGs per spec
avformat/mov: check that child boxes of trak are only present inside it
avformat/mov: check that sample and chunk count is 1 for HEIF
avcodec/videotoolboxenc: Fix bitrate doesn't work as expected
avdevice/dshow: Don't skip audio devices if no video device is present
avcodec/hdrenc: Allocate more space
avcodec/cfhdenc: Height of 16 is not supported
avcodec/cfhdenc: Allocate more space
avcodec/osq: fix integer overflow when applying factor
avcodec/osq: avoid using too large numbers for shifts and integers in update_residue_parameter()
avcodec/vaapi_encode: Check hwctx
avcodec/proresdec: Consider negative bits left
avcodec/alsdec: Clear shift_value
avcodec/hevc/hevcdec: Do not allow slices to depend on failed slices
avformat/mov: add an EOF check in IPRP
avfilter/vf_xfade: Check ff_inlink_consume_frame() for failure
avutil/slicethread: Check pthread_*_init() for failure
avutil/frame: Check log2_crop_align
avutil/buffer: Check ff_mutex_init() for failure
avformat/xmv: Check this_packet_size
avformat/webpenc: Check filesize in trailer
avformat/ty: rec_size seems to only need 32bit
avformat/tty: Check avio_size()
avformat/siff: Basic pkt_size check
avformat/sauce: Check avio_size() for failure
avformat/sapdec: Check ffurl_get_file_handle() for error
avformat/nsvdec: Check asize for PCM
avformat/mp3dec: Check header_filesize
avformat/mp3dec; Check for avio_size() failure
avformat/mov: Use 64bit for str_size
avformat/mm: Check length
avformat/hnm: Check *chunk_size
avformat/hlsenc: Check ret
avformat/bintext: Check avio_size() return
avformat/asfdec_o: Check size of index object
avfilter/vf_scale: Check ff_scale_adjust_dimensions() for failure
avfilter/scale_eval: Use 64bit, check values in ff_scale_adjust_dimensions()
avfilter/vf_lut3d: Check av_scanf()
avfilter/vf_elbg: Use unsigned for shifting into the top bit
avfilter/vf_premultiply: Use AV_PIX_MAX_PLANES
avfilter/vf_deshake_opencl: Ensure that the first iteration initializes the best variables
avformat/iamf_parse: Check for negative sample sizes
swscale/output: Fix integer overflows in yuv2rgba64_X_c_template
avformat/mxfdec: Reorder elements of expression in bisect loop
avutil/timecode: Use a 64bit framenum internally
avcodec/pnmdec: Use 64bit for input size check
avformat/mov: Check extradata in mov_read_iacb()
avcodec/mpeg12enc: Use av_rescale() in vbv_buffer_size computation
avcodec/utvideoenc: Use unsigned shift to build flags
avcodec/j2kenc: Merge dwt_norm into lambda
avcodec/vc2enc: Fix overflows with storing large values
avcodec/mpegvideo_enc: Do not duplicate pictures on shifting
avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create()
avcodec/tiff: Check value on positive signed targets
avfilter/vf_convolution_opencl: Assert that the filter name is one of the filters
avfilter/vf_bm3d: Dont round MSE2SSE to an integer
avdevice/dshow: Remove NULL check on pin
avdevice/dshow: check ff_dshow_pin_ConnectionMediaType() for failure
avdevice/dshow: Check device_filter_unique_name before use
avdevice/dshow: Cleanup also on av_log case
avdevice/dshow_filter: Use wcscpy_s()
avcodec/flac_parser: Assert that we do not overrun the link_penalty array
avcodec/osq: avoid signed overflow in downsample path
avcodec/pixlet: Simplify pfx computation
avcodec/motion_est: Fix score squaring overflow
avcodec/mlpenc: Use 64 for ml, mr
avcodec/loco: Check loco_get_rice() for failure
avcodec/loco: check get_ur_golomb_jpegls() for failure
avcodec/leaddec: Check init_get_bits8() for failure
avcodec/imm4: check cbphi for error
avcodec/iff: Use signed count
avcodec/golomb: Assert that k is in the supported range for get_ur/sr_golomb()
avcodec/golomb: Document return for get_ur_golomb_jpegls() and get_sr_golomb_flac()
avcodec/dxv: Fix type in get_opcodes()
avcodec/cri: Check length
avcodec/xsubdec: Check parse_timecode()
avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit
avfilter/vf_tiltandshift: Free dst on error
doc/examples/mux: remove nop
avcodec/proresenc_kostya: use unsigned alpha for rotation
avformat/rtpenc_rfc4175: Use 64bit in computation if copy_offset
avformat/rtmpproto: Use AV_DICT_MATCH_CASE instead of litteral number
avformat/rtmppkt: Simplify and deobfuscate amf_tag_skip() slightly
avformat/rmdec: use 64bit for audio_framesize checks
avutil/wchar_filename: Correct sizeof
avutil/hwcontext_d3d11va: correct sizeof IDirect3DSurface9
avutil/hwcontext_d3d11va: Free AVD3D11FrameDescriptor on error
avutil/hwcontext_d3d11va: correct sizeof AVD3D11FrameDescriptor
avcodec/vvc/refs: Use unsigned mask
doc/examples/vaapi_encode: Try to check fwrite() for failure
avformat/usmdec: Initialize value
avformat/tls_schannel: Initialize ret
avformat/subfile: Assert that whence is a known case
avformat/subfile: Merge if into switch()
avformat/rtsp: Check that lower transport is handled in one of the if()
avformat/rtsp: initialize reply1
avformat/rtsp: use < 0 for error check
avformat/rtpenc_vc2hq: Check sizes
avfilter/af_aderivative: Free out on error
swscale/swscale: Use ptrdiff_t for linesize computations
avfilter/af_amerge: Cleanup on av_channel_layout_copy() failure
avfilter/af_afir: Assert format
avfilter/af_afftdn: Assert format
avfilter/af_pan: check nb_output_channels before use
cbs_av1: Reject thirty-two zero bits in uvlc code
avfilter/af_mcompand: compute half frequency in double
avfilter/af_channelsplit: Assert that av_channel_layout_channel_from_index() succeeds
avfilter/af_aresample: Cleanup on av_channel_layout_copy() failure
tools/coverity: Phase 1 study of anti-halicogenic for coverity av_rescale()
avfilter/vf_avgblur: Check plane instead of AVFrame
avfilter/drawutils: Fix depthb computation
avfilter/avf_showcwt: Check av_parse_video_rate() for failure
avformat/rdt: Check pkt_len
avformat/mpeg: Check len in mpegps_probe()
avformat/mxfenc: resurrects the error print
avdevice/dshow: Check ICaptureGraphBuilder2_SetFiltergraph() for failure
avcodec/mfenc: check IMFSample_ConvertToContiguousBuffer() for failure
avcodec/vc1_loopfilter: Factor duplicate code in vc1_b_h_intfi_loop_filter()
avcodec/vvc/ctu: Remove dead ret check
avcodec/vvc/dec: Remove constant eos_at_start
avformat/img2dec: assert no pipe on ts_from_file
avcodec/cbs_jpeg: Try to move the read entity to one side in a test
fftools/ffplay: Check vulkan_params
fftools/ffmpeg_enc: Initialize Decoder
fftools/ffmpeg_enc: Initialize fd
fftools/ffmpeg_enc: simplify opaque_ref check
avformat/mov: Check edit list for overflow
fftools/ffmpeg: Check read() for failure
avcodec/vvc/dec: Check ff_init_cabac_decoder() for failure
swscale/output: Avoid undefined overflow in yuv2rgb_write_full()
swscale/output: alpha can become negative after scaling, use multiply
avcodec/targaenc: Allocate space for the palette
avcodec/r210enc: Use av_rescale for bitrate
avcodec/jfdctint_template: Fewer integer anomalies
avcodec/snowenc: MV limits due to mv_penalty table size
tools/target_dec_fuzzer: Adjust threshold for MV30
tools/target_dec_fuzzer: Adjust threshold for jpeg2000
avformat/mxfdec: Check container_ul->desc before use
avcodec/libvpxenc: Cleanup on error
doc/developer: Provide information about git send-email and gmail
avfilter/vf_rotate: Check ff_draw_init2() return value
avformat/mov: Use int64_t in intermediate for corrected_dts
avformat/mov: Use 64bit in intermediate for current_dts
avformat/matroskadec: Assert that num_levels is non negative
avformat/libzmq: Check av_strstart()
avformat/img2dec: Little JFIF / Exif cleanup
avformat/img2dec: Move DQT after unrelated if()
avformat/imfdec: Simplify get_next_track_with_minimum_timestamp()
avdevice/xcbgrab: Check sscanf() return
fftools/cmdutils: Add protective () to FLAGS
avformat/sdp: Check before appending ","
avcodec/libx264: Check init_get_bits8() return code
avcodec/ilbcdec: Remove dead code
avcodec/vp8: Check cond init
avcodec/vp8: Check mutex init
avcodec/proresenc_anatoliy: Assert that AV_PROFILE_UNKNOWN is replaced
avcodec/pcm-dvdenc: 64bit pkt-size
avcodec/notchlc: Check init_get_bits8() for failure
avcodec/tests/dct: Use 64bit in intermediate for error computation
avcodec/scpr3: Check add_dec() for failure
avcodec/rv34: assert that size is not 0 in rv34_gen_vlc_ext()
avcodec/wavpackenc: Use unsigned for potential 31bit shift
avcodec/vvc/mvs: Initialize mvf
avcodec/tests/jpeg2000dwt: Use 64bit in comparission
avcodec/tests/jpeg2000dwt: Use 64bit in err2 computation
avformat/fwse: Remove always false expression
avcodec/sga: Make it clear that the return is intentionally not checked
avformat/asfdec_f: Use 64bit for preroll computation
avformat/argo_asf: Use 64bit in offset intermediate
avformat/ape: Use 64bit for final frame size
avformat/ac4dec: Check remaining space in ac4_probe()
avdevice/pulse_audio_enc: Use av_rescale() to avoid integer overflow
avcodec/vlc: Cleanup on multi table alloc failure in ff_vlc_init_multi_from_lengths()
avcodec/tiff: Assert init_get_bits8() success in unpack_gray()
avcodec/tiff: Assert init_get_bits8() success in horizontal_fill()
tools/decode_simple: Check avcodec_send_packet() for errors on flushing
swscale/yuv2rgb: Use 64bit for brightness computation
swscale/x86/swscale: use a clearer name for INPUT_PLANER_RGB_A_FUNC_CASE
avutil/tests/opt: Check av_set_options_string() for failure
avutil/tests/dict: Check av_dict_set() before get for failure
avdevice/dshow: fix badly indented line
avformat/demux: resurrect dead stores
avcodec/tests/bitstream_template: Assert bits_init8() return
tools/enc_recon_frame_test: Assert that av_image_get_linesize() succeeds
avformat/iamf_writer: disallow Opus extradata with mapping family other than 0
avformat/iamf_parse: sanitize audio_roll_distance values
avformat/iamf: byteswap values in OpusHeader
avformat/iamf: rename Codec Config seek_preroll to audio_roll_distance
avformat/iamf_writer: fix coded audio_roll_distance values
avformat/iamf_writer: fix PCM endian-ness flag
avformat/movenc: fix channel count and samplerate fields for IAMF tracks
avformat/iamf_parse: keep substream count consistent
avformat/iamf_parse: add missing padding to AAC extradata
avformat/iamf_parse: 0 layers are not allowed
avformat/iamf_parse: consider nb_substreams when accessing substreams array
avformat/iamf_parse: Remove dead case
avcodec/png: more informative error message for invalid sBIT size
avcodec/pngdec: avoid erroring with sBIT on indexed-color images
avfilter/vf_tiltandshift: fix buffer offset for yuv422p input
avutil/timestamp: avoid possible FPE when 0 is passed to av_ts_make_time_string2()
avformat/mov: add more checks for infe atom size
avformat/mov: check for EOF inside the infe list parsing loop
avformat/mov: check extent_offset calculation for overflow
avformat/mov: check that iloc offset values fit on an int64_t
avcodec/pngenc: fix mDCv typo
avcodec/pngdec: fix mDCv typo
avcodec/nvenc: fix segfault in intra-only mode
avdevice/avfoundation: add external video devices
aarch64: Add OpenBSD runtime detection of dotprod and i8mm using sysctl
fftools/ffplay_renderer: use correct NULL value for Vulkan type
qsv: Initialize impl_value
avutil/hwcontext_qsv: fix GCC 14.1 warnings
avcodec/mediacodecenc: workaround the alignment requirement for H.265
avcodec/mediacodecenc: workaround the alignment requirement only for H.264
lavc/lpc: fix off-by-one in R-V V compute_autocorr
lavc/vp9: reset segmentation fields when segmentation isn't enabled
configure: enable ffnvcodec, nvenc, nvdec for FreeBSD
lavc/sbrdsp: fix potential overflow in noise table
7.0.1
lavc/flacdsp: do not assume maximum R-V VL
avformat/flacdec: Reorder allocations to avoid leak on error
avcodec/adts_parser: Don't presume buffer to be padded
avformat/movenc: Check av_malloc()
avcodec/vp8: Return error on error
avformat/mov: store sample_sizes as unsigned ints
avformat/vvc: fix parsing sps_subpic_id
avformat/vvc: initialize some ptl flags
avcodec/mscc & mwsc: Check loop counts before use
avcodec/mpegvideo_enc: Fix potential overflow in RD
avcodec/mpeg4videodec: assert impossible wrap points
avcodec/mpeg12dec: Use 64bit in bit computation
avcodec/vqcdec: Check init_get_bits8() for failure
avcodec/vvc/dec: Check init_get_bits8() for failure
avcodec/vble: Check av_image_get_buffer_size() for failure
avcodec/vp3: Replace check by assert
avcodec/vp8: Forward return of ff_vpx_init_range_decoder()
avcodec/jpeg2000dec: remove ST=3 case
avcodec/qsvdec: Check av_image_get_buffer_size() for failure
avcodec/exr: Fix preview overflow
avcodec/decode: decode_simple_internal() only implements audio and video
avcodec/fmvc: remove dead assignment
avcodec/h2645_sei: Remove dead checks
avcodec/h264_slice: Remove dead sps check
avcodec/lpc: copy levenson coeffs only when they have been computed
avutil/tests/base64: Check with too short output array
libavutil/base64: Try not to write over the array end
avcodec/cbs_av1: Avoid shift overflow
fftools/ffplay: Check return of swr_alloc_set_opts2()
tools/opt_common: Check for malloc failure
doc/examples/demux_decode: Simplify loop
avformat/concatdec: Check file
avcodec/mpegvideo_enc: Fix 1 line and one column images
avcodec/amrwbdec: assert mode to be valid in decode_fixed_vector()
avcodec/wavarc: fix integer overflow in decode_5elp() block type 2
swscale/output: Fix integer overflow in yuv2rgba64_full_1_c_template()
swscale/output: Fix integer overflow in yuv2rgba64_1_c_template
avcodec/av1dec: Change bit_depth to int
avcodec/av1dec: bit_depth cannot be another values than 8,10,12
avcodec/avs3_parser: assert the return value of init_get_bits()
avcodec/avs2_parser: Assert init_get_bits8() success with const size 15
avfilter/avfiltergraph: return value of ff_request_frame() is unused
avformat/mxfdec: Check body_offset
avformat/kvag: Check sample_rate
avcodec/atrac9dec: Check init_get_bits8() for failure
avcodec/ac3_parser: Check init_get_bits8() for failure
avcodec/pngdec: Check last AVFrame before deref
avcodec/hevcdec: Check ref frame
doc/examples/qsv_transcode: Initialize pointer before free
doc/examples/qsv_transcode: Simplify str_to_dict() loop
doc/examples/vaapi_transcode: Simplify loop
doc/examples/qsv_transcode: Simplify loop
avcodec/cbs_h2645: Check NAL space
avfilter/vf_thumbnail_cuda: Set ret before checking it
avfilter/signature_lookup: Dont copy uninitialized stuff around
avfilter/signature_lookup: Fix 2 differences to the refernce SW
avcodec/x86/vp3dsp_init: Set correct function pointer, fix crash
avformat/mp3dec: change bogus error message if read_header encounters EOF
avformat/mp3dec: simplify inner frame size check in mp3_read_header
avformat/mp3dec: only call ffio_ensure_seekback once
avcodec/cbs_h266: read vps_ptl_max_tid before using it
avcodec/cbs_h266: fix sh_collocated_from_l0_flag and sh_collocated_ref_idx infer
avformat/vvc: fix parsing some early VPS bitstream values
avformat/vvc: fix writing general_constraint_info bytes
avutil/ppc/cpu: Also use the machdep.altivec sysctl on NetBSD
lavd/v4l2: Use proper field type for second parameter of ioctl() with BSD's
vulkan_av1: Fix force_integer_mv value
vaapi_av1: Fix force_integer_mv value
av1dec: Add force_integer_mv derived field for decoder use
avutil/iamf: fix offsets for mix_gain options
avformat/iamfdec: check nb_streams in header read
avformat/mov: free the infe allocated item data on failure
avformat/iamf_writer: reject duplicated stream ids in a stream group
avformat/mov: don't read key_size bytes twice in the keys atom
avformat/mov: take into account the first eight bytes in the keys atom
avformat/mov: fix the check for the heif item parsing loop
avutil/iamf: fix mix_gain_class name
av1dec: Fix RefFrameSignBias calculation
avcodec/codec_par: always clear extradata_size in avcodec_parameters_to_context()
avcodec/mediacodecenc: Fix return empty packet when bsf is used
avcodec/hevcdec: Fix precedence, bogus film grain warning
avcodec/hevcdec: fix segfault on invalid film grain metadata
lavc/vvc: Skip enhancement layer NAL units
avformat/mov: ignore old infe box versions
vulkan_av1: add workaround for NVIDIA drivers tested on broken CTS
lavc/vulkan_av1: Use av1dec reference order hint information
lavc/av1: Record reference ordering information for each frame
doc/encoders: add missing libxvid option
doc/encoders: remove non-existent flag
fate/ffmpeg: Avoid dependency on samples
avcodec/wavpack: Remove always-false check
avcodec/wavpack: Fix leak and segfault on reallocation error
avcodec/lossless_videoencdsp: Don't presume alignment in diff_bytes
avcodec/ppc/h264dsp: Fix left shifts of negative numbers
7.0
- DXV DXT1 encoder
- LEAD MCMP decoder
- EVC decoding using external library libxevd
- EVC encoding using external library libxeve
- QOA decoder and demuxer
- aap filter
- demuxing, decoding, filtering, encoding, and muxing in the
ffmpeg CLI now all run in parallel
- enable gdigrab device to grab a window using the hwnd=HANDLER syntax
- IAMF raw demuxer and muxer
- D3D12VA hardware accelerated H264, HEVC, VP9, AV1, MPEG-2 and VC1 decoding
- tiltandshift filter
- qrencode filter and qrencodesrc source
- quirc filter
- lavu/eval: introduce randomi() function in expressions
- VVC decoder (experimental)
- fsync filter
- Raw Captions with Time (RCWT) closed caption muxer
- ffmpeg CLI -bsf option may now be used for input as well as output
- ffmpeg CLI options may now be used as -/opt <path>, which is equivalent
to -opt <contents of file <path>>
- showinfo bitstream filter
- a C11-compliant compiler is now required; note that this requirement
will be bumped to C17 in the near future, so consider updating your
build environment if it lacks C17 support
- Change the default bitrate control method from VBR to CQP for QSV encoders.
- removed deprecated ffmpeg CLI options -psnr and -map_channel
- DVD-Video demuxer, powered by libdvdnav and libdvdread
- ffprobe -show_stream_groups option
- ffprobe (with -export_side_data film_grain) now prints film grain metadata
- AEA muxer
- ffmpeg CLI loopback decoders
- Support PacketTypeMetadata of PacketType in enhanced flv format
- ffplay with hwaccel decoding support (depends on vulkan renderer via libplacebo)
- dnn filter libtorch backend
- Android content URIs protocol
- AOMedia Film Grain Synthesis 1 (AFGS1)
- RISC-V optimizations for AAC, FLAC, JPEG-2000, LPC, RV4.0, SVQ, VC1, VP8, and more
- Loongarch optimizations for HEVC decoding
- Important AArch64 optimizations for HEVC
- IAMF support inside MP4/ISOBMFF
- Support for HEIF/AVIF still images and tiled still images
- Dolby Vision profile 10 support in AV1
- Support for Ambient Viewing Environment metadata in MP4/ISOBMFF
- HDR10 metadata passthrough when encoding with libx264, libx265, and libsvtav1
6.1
- libaribcaption decoder
- Playdate video decoder and demuxer
- Extend VAAPI support for libva-win32 on Windows
- afireqsrc audio source filter
- arls filter
- ffmpeg CLI new option: -readrate_initial_burst
- zoneplate video source filter
- command support in the setpts and asetpts filters
- Vulkan decode hwaccel, supporting H264, HEVC and AV1
- color_vulkan filter
- bwdif_vulkan filter
- nlmeans_vulkan filter
- RivaTuner video decoder
- xfade_vulkan filter
- vMix video decoder
- Essential Video Coding parser, muxer and demuxer
- Essential Video Coding frame merge bsf
- bwdif_cuda filter
- Microsoft RLE video encoder
- Raw AC-4 muxer and demuxer
- Raw VVC bitstream parser, muxer and demuxer
- Bitstream filter for editing metadata in VVC streams
- Bitstream filter for converting VVC from MP4 to Annex B
- scale_vt filter for videotoolbox
- transpose_vt filter for videotoolbox
- support for the P_SKIP hinting to speed up libx264 encoding
- Support HEVC,VP9,AV1 codec in enhanced flv format
- apsnr and asisdr audio filters
- OSQ demuxer and decoder
- Support HEVC,VP9,AV1 codec fourcclist in enhanced rtmp protocol
- CRI USM demuxer
- ffmpeg CLI '-top' option deprecated in favor of the setfield filter
- VAAPI AV1 encoder
- ffprobe XML output schema changed to account for multiple
variable-fields elements within the same parent element
- ffprobe -output_format option added as an alias of -of
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 21 Aug 2024 18:45:16 +0000 (20:45 +0200)]
sysvinit: Update to version 3.10
- Update from version 3.08 to 3.10
- Update of rootfile not required
- Renamed build_mountpoint patch
- Changelog
3.10
When the user executes "machinectl stop", systemd sends SIGRTMIN+4 to PID 1
in the container, and expects that to initiate a graceful shutdown
(power-off). SysV init now catches this signal and initiates a shutdown
(shutdown -hP now).
Fix issue in bootlogd which could cause the service to enter an endless loop
(and use too much CPU) when it is able to open a device for writing, but not
actually able to write to it. This resulted in bootlogd closing and
re-opening the device over and over. Now bootlogd should simply fail
gracefully when it cannot write to an open file/device.
Fix formatting in shutdown.8 manual page. Cleaned up whitespace and special
characters.
3.09
On Linux distributions which use the musl C library (instead of glibc) we can now
build properly. Specifically, the hddown helper program now builds on musl C
systems.
The reboot command is now able to pass messages to the underlying firmware on
Linux systems during a reboot. This allows the admin to pass information to the
underlying firmware to, for example, ask the system to boot from another
partition. Should be helpful on Raspberry Pi systems.
The reboot command can pass a message to the firmware when using the "-m"
command line flag.
This release also improves the Makefile's clean directive.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 21 Aug 2024 18:45:15 +0000 (20:45 +0200)]
rust: Update to version 1.80.1
- Update from version 1.67.0 to 1.80.1
- Update of rootfile (x86_64 & aarch64)
- Changelog is too large to include here. There are more than 1000 lines from 1.67.0 to
1.80.1
Details can be found at https://doc.rust-lang.org/stable/releases.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 21 Aug 2024 18:45:14 +0000 (20:45 +0200)]
p11-kit: Update to version 0.25.5
- Update from version 0.25.3 to 0.25.5
- Update of rootfile
- Changelog
0.25.5
* iter: fix recursive attribute loading [PR#642]
* fix building on FreeBSD 14.0 (amd64) [PR#644]
* test fix [PR#645]
0.25.4
* rpc: add support for recursive attributes [PR#624, PR#629, PR#631, PR#633]
* p11-kit: add function to check run-time version of the library [PR#637]
* p11-kit: expose version information through macros [PR#635]
* p11-kit: add option to specify CKA_ID in generate-keypair and import-object
commands [PR#615]
* p11-kit: add --provider option to specify PKCS#11 module when using p11-kit
commands [PR#611]
* p11-kit: fix a bug where eddsa mechanism isn't recognized in generate-keypair
[PR#617]
* p11-kit: fallback to C_GetFunctionList when C_GetInterface returns
CKR_FUNCTION_NOT_SUPPORTED [PR#622]
* bug and build fixes [PR#603, PR#604, PR#605, PR#606, PR#609, PR#614, PR#616,
PR#619, PR#627, PR#628, PR#632, PR#636, PR#639]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 21 Aug 2024 18:45:13 +0000 (20:45 +0200)]
gnutls: Update to version 3.8.7
- Update from version 3.8.5 to 3.8.7
- Update of rootfile
- Changelog
3.8.7
** libgnutls: New configure option to compile out DSA support
The --disable-dsa configure option has been added to completely disable DSA
algorithm support.
** libgnutls: Experimental support for X25519Kyber768Draft00 key exchange in TLS
For testing purposes, the hybrid post-quantum key exchange defined
in draft-tls-westerbaan-xyber768d00 has been implemented using
liboqs. Since the algorithm is still not finalized, the support of
this key exchange is disabled by default and can be enabled with
the --with-liboqs configure option.
3.8.6
** libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12
To be compliant with FIPS 140-3, PKCS#12 files with MAC based on
PBKDF2 (PBMAC1) is now supported, according to the specification
proposed in draft-ietf-lamps-pkcs12-pbmac1.
** libgnutls: SHA3 extendable output functions (XOF) are now supported
SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new
public API gnutls_hash_squeeze.
** API and ABI modifications:
gnutls_pkcs12_generate_mac3: New function
gnutls_pkcs12_flags_t: New enum
gnutls_hash_squeeze: New function
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 21 Aug 2024 09:10:33 +0000 (10:10 +0100)]
unbound-dhcp-leases-bridge: Watch unbound
This patch adds a watcher thread which monitors if Unbound is still
alive. If not, it will wait until Unbound comes back, rewrite the leases
file and reload Unbound to get it back into sync.
Afterwards Unbound will receive updates as usual.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 19 Aug 2024 18:13:19 +0000 (19:13 +0100)]
AQM: Revert back to only use fq_codel by default
We have defaulted to CAKE for all devices that quality. That has however
resulted in worse network quality as some devices could not provide the
compute power necessary for CAKE. There are however only very few
benefits to run an unconfigured CAKE.
This patch changes this back to fq_codel which is computationally
cheaper and should deliver 99% of the throughput that CAKE does. This is
presumably the better trade-off.
We don't use fq_codel on wireless devices since the kernel is running
this for each client. It would have been nice to only apply this to
wireless interfaces in AP mode, but I cannot find a way to tell the
difference with asking NETLINK.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 7 Aug 2024 14:02:20 +0000 (16:02 +0200)]
backup.pl: Fixes bug13734 - tar treats colon in filename as remote location
- When a user tries to restore on the console from a backup on IPFire that has a colon in
the filename the tar treats this as meaning that everything after the colon is
information about a remote location to do the extraction to. This results in a filename
that cannot be found, and a remote location that is not correct and the tar operation
fails.
- This has been confirmed by myself.
- If the user tries a restore from a file downloaded to another computer then for most, if
not all browsers, the colon will have been replaced by an underscore or other character.
Firefox, Chromium and Vivaldi do this.
- So any backup file that is selected to be restored using the WUI will no longer have a
colon in the filename.
- This patch adds --force-local to the tar command, which means that tar will treat the
colon as a character in the filename. This will ensure that if a user has any backup
files stored on their IPFire system, with a colon in the filename then doing a restore
from this file will not cause tar to fail.
- The NOW variable is also changed to replace the colon by a dash and to separate the date
and time by an underscore. This filename will be accepted by browsers, without doing
any replacements. Tested out with Firefox, Chromium & Vivaldi.
- The above ensures that both the new and old filename versions will work for doing a
restore.
Fixes: bug13734 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Tested-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 19 Aug 2024 10:10:47 +0000 (10:10 +0000)]
linux: Tidy up the messy KVER variable
This variable never actually held the kernel version. There were always
suffixes appended and other things changed about it. This makes it a lot
simpler as this variable now holds the actual kernel version.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / ms / ipfire-2.x.git / log
