Adolf Belka [Fri, 15 Nov 2024 21:36:39 +0000 (22:36 +0100)]
libnetfilter_conntrack: Update to version 1.1.0
- Update from version 1.0.9 to 1.1.0
- Update of rootfile not required
- Changelog
1.1.0
- Enhancements for filtering dump and flush commands,
see struct nfct_filter_dump and nfct_nlmsg_build_filter().
- ctnetlink event BPF fixes (endianness issue, IPv6 matching) and
enhancements (zone matching).
- fix for musl compilation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 15 Nov 2024 21:36:38 +0000 (22:36 +0100)]
iptables: Update to version 1.8.11
- Update from version 1.8.10 to 1.8.11
- Update of rootfile not required
- Changelog
1.8.11
new features:
- New arptables-translate tool
- ebtables-nft:
- Support for --change-counters command, albeit not atomic
- Specify rule counters using iptables' '-c N,M' syntax
- Support --replace and --list-rules commands
- Support zeroing individual rules
- Print negations (exclamation marks) extrapositioned (i.e., before
the match they invert) for consistency with iptables
- iptables-translate:
- Align protocol name lookups with iptables
- iptables-translate: Support socket match and TPROXY target
- iptables-translate: Slightly improved avoidance of redundant 'ip
protocol'/'meta l4proto' matches
- iptables:
- Undo numeric protocol printing of v1.8.9 for well-known protocols
for consistency with iptables-save
- Enable implicit extension lookup for dccp and ipcomp protocols (so
no extra '-m <proto>' is needed after '-p <proto>')
- iptables-save: Avoid calls to getprotobynumber() for consistency and
improved performance with huge rule sets
- libxtables: Support use of both xtables_ipaddr_to_numeric() and
xtables_ipmask_to_numeric() as parameters to the same function call
- configure: Support disabling use of libnfnetlink
- Prefix xtables-monitor rule events by a typical command (iptables,
ip6tables) instead of -4/-6 flags for consistency with ebtables and
arptables events
fixes:
- arptables-nft:
- Ineffective masks when specified in --h-type, --opcode and
--proto-type matches
- Wrong formatting of --h-type values and --proto-type masks causing
misinterpretation by arptables-restore
- iptables-nft:
- Wrong error messages in corner-case error conditions
- Zeroing single rule counters broken (again!)
- Incorrect combination of inverted payload matches
- Spurious error when zeroing a specific builtin chain which doesn't
exist - Calling -Z command with bogus rule number must fail
- libiptc: Corner-case segfault upon renaming a chain
- ebtables-restore:
- Corner-case bug with --noflush
- Spurious failures when deleting multiple rules with among matches
- ebtables-nft:
- Different line number (--Ln) formatting than ebtables-legacy
- Off-by-one rule number when using -S command with rule number
- iptables-legacy: Broken --wait without timeout
- libxtables: Leak of matches' udata buffer
- Some matches stripped full value ranges from output even if inverted
- Illegal memory access when parsing '-c ""' (i.e., empty string
argument)
- Inverted full interface wildcards (e.g. '! -i +') stripped from
iptables-save output
- xtables-monitor:
- Incorrect output when not called with -4 or -6 options
- Flush stdout after each line to prevent buffers and help with
scripting
- Align output for builtin chains with that of tables
- Capture arptables chain events, too
- Empty 'EVENT:' lines printed for ebtables rule changes
- Fix for compiling against musl libc
- xtables-translate: Fix translation of TPROXY target
documentation updates:
- Extensions: string: Starting with linux-6.7, pattern matching no
longer extends past 'to' offset - update the man page accordingly
- Extensions: recent: Clarify ip_list_hash_size default value and
obsoleted state of ip_pkt_list_tot
- ebtables-nft.8: Note that --concurrent is a NOP
- Misc. typesetting, spelling and grammar fixes in man pages
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 15 Nov 2024 21:36:37 +0000 (22:36 +0100)]
fuse: Update to version 3.16.2
- Update from version 3.15.0 to 3.16.2
- Update of rootfile not required
- Changelog
3.16.2
Various small fixes and improvements.
3.16.1
Readdir kernel cache can be enabled from high-level API.
3.15.1
Future libfuse releases will be signed with `signify`_ rather than PGP
(rationale_). This release is the last to be signed with PGP and contains the
signify public key for current (3.15.X) and upcoming (3.16.X) minor release
cycle.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 15 Nov 2024 21:36:36 +0000 (22:36 +0100)]
fribidi: Update to version 1.0.16
- Update from version 1.0.12 to 1.0.16
- Update of rootfile not required
- Changelog
1.0.16
Update Unicode character databases to v16.0.0
1.0.15
Fixed the bad tarball from 1.0.14 with stall include files. There are no other
changes
1.0.14
Updated Unicode tables to version 15.1
1.0.13
Adding missing man pages to the tar release file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 15 Nov 2024 21:36:35 +0000 (22:36 +0100)]
freetype: Update to version 2.13.3
- Update from version 2.13.2 to 2.13.3
- Update of rootfile
- Changelog is too large to include here. For details see the contents of the file
ChangeLog in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 15 Nov 2024 21:36:34 +0000 (22:36 +0100)]
elfutils: Update to version 0.192
- Update from version 0.191 to 0.192
- Update of rootfile
- Changelog
0.192
CONDUCT: A new code of conduct has been adopted. See the
CONDUCT file for more information.
debuginfod: Add per-file signature verification for integrity
checking, using RPM IMA scheme from Fedora/RHEL.
New API for metadata queries: file name -> buildid.
Server-side extraction of files from kernel debuginfo
packages is significantly faster. Now takes < 0.25 seconds,
down from ~50 seconds.
libdw: New functions dwfl_set_sysroot, dwfl_frame_unwound_source
and dwfl_unwound_source_str.
stacktrace: Experimental new tool that can process a stream of stack
samples from the Sysprof profiler and unwind them into call
chains. Enable on x86 with --enable-stacktrace. See
README.eu-stacktrace in the development branch for detailed
usage instructions:
https://sourceware.org/cgit/elfutils/tree/README.eu-stacktrace?h=users/serhei/eu-stacktrace
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 15 Nov 2024 21:36:33 +0000 (22:36 +0100)]
conntrack-tools: Update to version 1.4.8
- Update from version 1.4.7 to 1.4.8
- Update of rootfile not required
- Changelog
1.4.8
bugfixes:
- fix spurious EOPNOSUPP and ENOBUFS errors with -U/--update command.
- fix spurious ENOENT -D/--delete.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Fri, 15 Nov 2024 21:36:32 +0000 (22:36 +0100)]
cairo: Update to version 1.18.2
- Update from version 1.17.6 to 1.18.2
- Update of rootfile
- Changelog
1.18.2
The malloc-stats code has been removed from the tests directory [#640]; the
canonical location for it is: https://github.com/behdad/malloc-stats
Cairo now requires a version of pixman equal to, or newer than, 0.40. [!522]
There have been multiple build fixes for newer versions of GCC [!525, !542];
for MSVC [#808]; for Solaris [!540]; and on macOS 10.7 [#810].
PNG errors caused by loading malformed data are correctly propagated to
callers, so they can handle the case. [!524]
Both stroke and fill colors are now set when showing glyphs on a PDF
surface. [#813]
All the font options are copied when creating a fallback font object. [#819]
When drawing text on macOS, Cairo now tries harder to select the appropriate
font name. [#811]
Cairo now prefers the COLRv1 table inside a font, if one is available. [!537]
Cairo requires a C11 toolchain when building. [!479]
1.18.0
All the API added in the 1.17 development cycle is now considered stable, and
will not change.
Many thanks to all the contributors for this release.
The cairo-sphinx tool has been removed; we could not find any instruction on
how to use it, and no user answered our call for help. If you were using
cairo-sphinx, please reach out to the cairo maintainers.
Cairo now implements Type 3 color fonts for PDF. Thanks to Adrian Johnson for
his work on this feature.
Khaled Hosny contributed multiple documentation fixes, to ensure that the
cairo API reference is up to date. Khaled also fixed multiple compiler
warnings generated when building cairo.
The XML surface has been removed; it was disabled by default when building
cairo, and we could not find any downstream distributor that would enable
it.
The Tee surface is now automatically enabled. Downstream distributors of
cairo have been enabling for years it in order to build Firefox.
Fujii Hironori and Adrian Johnson fixed multiple issues with the DWrite
font backend.
John Ralls improved the Quartz surface; mainly, Quartz surfaces now use
the main display ColorSpace, speeding up rendering operations.
Cairo now hides all private symbols by default on every platform; the old
"slim" symbols hack to alias internally used symbols has been dropped, in
favor of using `-Bsymbolic-functions` with toolchains that support it.
Uli Schlachter fixed multiple memory leaks in the code base and test suite,
and helped with many reviews and general maintenance.
Marc Jeanmougin added new API to expose the Pixman dithering filter to cairo
patterns; this is currently implemented only for image surfaces.
1.17.8
In a continuing effort to reduce the amount of legacy code, and increase
the long-term maintainability of cairo, the following backends have been
removed:
- GL and GLES drawing
Additionally, cairo's Autotools build system has been removed; from now on,
cairo will only support the Meson build system. While the end result should
be identical, further testing is appreciated.
In this snapshot, cairo gained support for rendering COLRv1 fonts, and
rendering SVG and COLRv1 fonts with custom palettes.
Support for macOS and Windows has been improved, with lots of build and bug
fixes.
Lots of safety issues have been fixed, with array bounds checking and
plugging memory leaks, as well as fixes for bugs identified via fuzzying.
This is going to be the last snapshot of the 1.17 development cycle; we only
expect minor bug fixing and improvements until the 1.18.0 release.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 13 Nov 2024 17:41:47 +0000 (18:41 +0100)]
beep: Update to version 1.4.12
- Update from version 1.3 (2010) to version 1.4.12
- The originator of beep released version 1.3 in 2010 but the last commit after that was
in 2013. Since then nothing has happened.
- Most of the patches used in IPFire with beep-1.3 were created by Hans Ulrich Niedermann
and in 2019 he forked the original beep repository and has been doing updates since
then. The last release was in 2022 and the last commit in April 2024.
- This patch removes all the previous patches as they are built in to the current
tarball.
- Changelog
1.4.12
Document how to override and disable packaged udev rules.
Changed the build system to be closer to the GNU makefile conventions, i.e.
only one compiler/toolchain per build
default installation is to prefix=/usr/local instead of prefix=/usr
use GNU style docdir= instead of RPM spec file style pkgdocdir=
etc.
Still not using a configure script, though, as that is complex. The
user writing a local.mk with some definitions covers everyone wanting
to use the same settings across make invocations, though.
1.4.11
Install the contrib/morse/* scripts just like the failure-beeps.
missed to be done in release 1.4.10
1.4.10
Rename CREDITS to CREDITS.md and CHANGELOG to NEWS.md and
reformatted them to markdown.
Fix some __VA_ARGS__ problems with some C language compiler
options.
contrib/morse/: Add both perl and tr+sed script options to
have beep produce morse code by converting the output of the
morse utility from the BSD Games package to a beep command
line.
If built without any drivers, running beep will now complain and
abort instead of silently (pun intended) just not beeping.
Stop using Travis CI. Use GitHub Actions workflows for CI instead.
Skip test cases using PC speaker hardware if absent (e.g. on a VM)
Improved documentation (e.g. alsamixer requirement, loading pcspkr)
1.4.9
Mention default values in the beep(1) man page and the beep --help output.
1.4.8
At build time, avoid error messages related to maybe building without git
installed, or from a tarball instead of a git source tree.
Improve issue-6-benchmark report to help people with solving issue #6.
1.4.7
Install contrib scripts for both successfully and failing sounding beeps
as package documentation.
Install man page uncompressed, so packagers can use their favoured
compression format.
1.4.6
Use va_copy() macro in function with va_list parameter to avoid possible bug
Use BEEP_LOG_LEVEL environment variable for default log level
1.4.4
Remove udev/rules.d/ and modprobe.d/ example files to force packagers to
re-read PACKAGING.md and PERMISSIONS.md
Rewritten PERMISSIONS.md and INSTALL.md, adapting README.md and PACKAGING.md
and beep(1) (i.e. beep.1.in) for consistency
Allow beep to run as non-root, even if SUDO_* env variables are present
Fix newline escaping when generating beep-usage.c
By default, use plain -g instead of -gstabs
Ensure the gcc used actually supports the default flags in CFLAGS_gcc
1.4.3
Stop compiling with -fcf-protection in CFLAGS_gcc if the platform does not
support it (such as the Raspberry Pi ARMs).
1.4.2
Improved beep(1) man page and --help output
Cleaned signal handlers of all function calls
Use beep driver infrastructure (console and evdev drivers)
Abort on unhandled command line parameters
Use nanosleep(2) instead of usleep(3)
1.4.1
Safer signal handlers (safe_error_exit() without global variables).
Reduce accepted range of input numbers. 5 minute beeps should still be
enough.
1.4.0
The beep-1.4.0 release tries to revive the beep software. There have been
no commits to the former upstream since 2013, and with the two CVEs in
2018 that needed to change.
Packagers beware: Please read PACKAGING.md for the very different (and
much better) new way of device access.
First and foremost, beep-1.4.0 fixes CVE-2018-0492 and CVE-2018-1000532.
The beep command now by default tries
/dev/input/by-path/platform-pcspkr-event-spkr which allows arbitrary
users beep access by allowing those arbitrary users file write access.
The procedures to do that are now well documented in INSTALL.md and
PERMISSIONS.md. There is no need for setuid-root or sudo any more, and
due to the experiences with the two 2018 CVEs, beep will even refuse to
run when it detects being run setuid or via sudo.
A few smaller things have also been changed. Quoting the CHANGELOG:
Fix CVE-2018-1000532 External Control of File Name or Path
vulnerability in --device option
Fix CVE-2018-0492 race condition that allows local privilege escalation
Make /dev/input/by-path/platform-pcspkr-event-spkr the default device
to use as the system administrator can allow access to that without
needing any priviledge escalation risks via setuid or sudo.
Adapt --help output, beep.1 man page, README.md, INSTALL.md to reflect
the new device use.
Add basic suite of tests.
Constrained a few integers to avoid integer overflows.
Only issue fallback '\a' type beeps if that '\a' actually goes to a
tty device which can actually beep
Stop promoting floating point frequencies which no Kernel API can even
use
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Tested-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 13 Nov 2024 14:10:47 +0000 (15:10 +0100)]
bridge-utils: Update to version 1.7.1
- Update from version 1.5 (2011) to 1.7.1 (2021)
- bridge-utils has been marked as deprecated in June 2020 and that only critical bug
fixes will be applied in future. Since that time there have been three commits in
the git repository, none of which are critical at all but mostly cleaning up. The
last commit was in January 2022.
- Even though no new changes are planned it makes sense to update this package from
the 2011 version to the 2021 version.
- The patch that was previously used is no longer needed as it is now built into the
source tarball.
- Rootfile update not required.
- Changelog was last updated in 2006. It looks like the only source for changes is
the git commits. There are 28 commits between version 1.5 and 1.7.1
https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/log/?h=main
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 12 Nov 2024 19:58:21 +0000 (20:58 +0100)]
wget: Update to version 1.25.0
- Update from version 1.24.5 to 1.25.0
- Update of rootfile not required
- Changelog
1.25.0
[Breaking change] Drop support for shorthand FTP URLs (CVE-2024-10524)
[Breaking change] Switch to continuous reading from stdin pipes
Reimplement user-info parsing based on RFC 2396
Fix a build issue with libproxy and --disable-debug
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 12 Nov 2024 19:58:20 +0000 (20:58 +0100)]
protobuf: Update to version 28.3
- Update from version 28.1 to 28.3
- Update of rootfile
- Changelog
28.3
C++
Fix packed reflection handling bug in edition 2023. (#18405) (c4124f9)
Java
Mute the minor version warning #18096 (#18923) (fe30f9a)
Populate Kotlin Manifest Files (#18859) (d82fb47)
Re-export includingDefaultValueFields in deprecated state for important
Cloud customer. (3b62d78)
Cherrypick restoration of mutableCopy helpers (3ea568a)
Fix packed reflection handling bug in edition 2023. (#18405) (c4124f9)
Kotlin
Populate Kotlin Manifest Files (#18859) (d82fb47)
Python
Mute the minor version warning #18096 (#18923) (fe30f9a)
Fix packed reflection handling bug in edition 2023. (#18405) (c4124f9)
Other
Fix merge conflicts (664a7e1)
[ObjC] Disabling visionOS on CI. (22cd8ba)
Update staleness tests to only run over release branch (#18398) (8e94b14)
28.2
C++
Fix cord handling in DynamicMessage and oneofs. (#18373) (5b0e543)
Java
Add recursion check when parsing unknown fields in Java. (ac9fb5b)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 12 Nov 2024 19:58:19 +0000 (20:58 +0100)]
btrfs-progs: Update to version 6.11
- Update from version 6.9.2 to 6.11
- Update of rootfile
- Changelog
6.11
* check:
* check items in tree-log
* detect invalid file extent items for symlinks
* properly detect inode cache and suggest removal by 'clear-ino-cache'
* convert: fix symlink length checks
* fi show: remove stray newline at the end of the output
* fixes:
* open devices in write-exclusive mode in most commands, prevent
concurrent mount by other programs
* rescue clear-ino-cache: fix subvolume iteration that can fail in some cases
* map-logical: fix first extent searching condition
* fi resize: warn if new size is below 256M
* tree-checker:
* slightly stricter file type validation
* verify device extent items
* other:
* documentation updates
* ship btrfs-ioctl manual page (incomplete)
6.10.1
* mkfs: rework --rootdir traversal, skip hardlinks and create new inodes
instead, also warn about them, this did not work as expected and will be
fixed in the future
* receive: search in older trees for UUIDs when detecting clone sources
* libbtrfsutil: bindings available at https://pypi.org/project/btrfsutil
* libbtrfs:
* patchlevel version update 0.1.4
* cleanup in headers, removed unused definitions, no functional changes
* don't ship list.h and rbtree.h
* other:
* documentation updates
6.10
* inspect:
* list-chunks: new command to print information about chunks (i.e.
the physical chunks as stored on devices), sortable; requires root as
it's using SEARCH_TREE ioctl
* tree-stats:
* new option -t to print only the given tree
* add long options for size units
* filesystem df: with increased verbosity print per-type information from sysfs
* version: print a line with built-in features or options (+FEATURE1 -FEATURE2)
* image: document option -s and its potential problems
* fixes:
* scrub status: user selected base for Rate values
* receive: escape special characters in paths and xattrs
* dump-tree: escape special characters in paths and xattrs
* image: sanitizing filenames did not work properly in all cases
* convert: fix displayed restored image path on rollback
* tune change csum: do conversion in smaller batches
* other:
* CI workflows updates (sanitizers, code spelling, manual page preview)
* build fixes for uClibc
* build fix for python 3.13
* documentation updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Tue, 12 Nov 2024 19:58:18 +0000 (20:58 +0100)]
autoconf-archive: Update to version 2024.10.16
- Update from version 2023.02.20 to 2024.10.16
- Update of rootfile
- Changelog
2024.10.16
fix serial numbers
Typo: ziping → zipinf
(cherry picked from commit 4396d6e1f6213452d77fca3e02e7f7439204bcb0)
ax_lua.m4: add LuaJIT support
AX_LIB_READLINE: add check for minimum version
m4_define with braces around concat source, m4_if without extra arg
Fix typos found by codespell
ax_code_coverage: remove /tmp/* from remove patterns failing with lcov 2.0
The lcov >= 2.0 refactored error handling and by default it fails
when an unused remove pattern is provided:
LCOV --remove /tmp/* */tests/*.c
lcov: ERROR: 'exclude' pattern '/tmp/*' is unused.
(use "lcov --ignore-errors unused ..." to bypass this error)
Based on the macro history is is not clear why the /tmp/* would
be needed by default. Usual autotools projects don't use /tmp/.
If needed users can still add this pattern to
CODE_COVERAGE_IGNORE_PATTERN.
AX_CXX_COMPILE_STDCXX: Add C++23 support
AX_CXX_COMPILE_STDCXX: Add (C) statements for myself
AX_CXX_COMPILE_STDCXX: Check _MSVC_LANG
This fixes a bug which meant AX_CXX_COMPILE_STDCXX([20]) would only
actually test for C++17 support.
fixup! ax_check_compile_flag: add -Werror when checking for compiler flags
ax_check_compile_flag: add -Werror when checking for compiler flags
Seemingly that at some point clang started accepting _any_ flags,
whereas previously it would error out.
These days, you can give it -Whamsandwich and it will succeed, while
at the same time throwing an annoying warning.
Add -Werror so that everything gets flagged and set accordingly.
AX_BOOST_BASE: Don't set BOOST_*FLAGS if Boost is not found
Previously BOOST_CPPFLAGS was set to a nonsensical -I/include/boost-0
value if Boost headers were not found at all and BOOST_LDFLAGS was
similarly set to a wrong (although less obviously so) value in this
case because they kept the last values tested by the macro.
Just don't set these variables at all if detecting Boost failed.
fix serial numbers
Use AS_VAR_IF in ax_gcc_builtin.m4
The AS_VAR_IF check can be a simpler alternative to testing for variable
value inside AS_IF.
ax_switch_flags.m4: validate macro arguments at autoconf compile time
This is a nicer experience for detecting outright misuse of macros than
successfully creating a configure script and then having it fail.
ax_check_glx.m4: validate macro arguments at autoconf compile time
This is a nicer experience for detecting outright misuse of macros than
successfully creating a configure script and then having it fail.
ax_check_gl.m4: validate macro arguments at autoconf compile time
This is a nicer experience for detecting outright misuse of macros than
successfully creating a configure script and then having it fail.
ax_is_release.m4: validate macro arguments at autoconf compile time
This is a nicer experience for detecting outright misuse of macros than
successfully creating a configure script and then having it fail.
remove duplicated setting of CPPFLAGS/LDFLAGS
ax_python_devel: fix typo preventing correct variable evaluation
The test should check the variable, not the fixed string.
Most probably a simple typo, so fix it.
AX_CHECK_{PREPROC,COMPILE}_FLAG: improve logging message
2023.09.26
ax_lua.m4: add Lua 5.4 support
ax_lua.m4: Fix case of no Lua version match since 'xnil' != ''
2023.09.04
AX_FUNC_WHICH_GETHOSTBYADDR_R: use canonical formatting
AX_FUNC_WHICH_GETHOSTENT_R: use canonical formatting
Re-generate macros using the canonical formatting.
Merge pull request #280 from theAeon/master
ax_blas: detect flexiblas
2023.09.03
Merge pull request #282 from bogdro/gethostent_r
Create ax_func_which_gethostent_r.m4
Merge pull request #281 from bogdro/gethostbyaddr_r
Create ax_func_which_gethostbyaddr_r.m4
Merge pull request #283 from cminyard/master
ax_python_devel: Add an option to make it optional
Merge pull request #284 from SoapGentoo/Wstrict-prototypes
Make macros `-Wstrict-prototypes` compatible
2023.08.18
ax_prototype: Disable "unused variable" warning to prevent accidental failures
2023.08.13
Make macros `-Wstrict-prototypes` compatible
* With Clang having switched to modern C conventions already and GCC
following suit soon, we want to have macros that work in the presence
of `-Wstrict-prototypes` in all C language modes, not just C23.
2023.07.25
ax_python_devel: Add an option to make it optional
ax_python_devel will fail the autoconf run if it doesn't detect that a
python development environment is available. That's not always what
the user wants, they may want to go on without the functionality.
This change adds a way to pass in an option to specify if you want it to
fail or go on if the functionality is not found. The default is to
fail, as before.
2023.06.28
Create ax_func_which_gethostent_r.m4
Create ax_func_which_gethostbyaddr_r.m4
2023.06.07
ax_blas: detect flexiblas
2023.06.06
Merge remote-tracking branch 'github/master'.
Merge pull request #278 from rurban/fortify2
ax_add_fortify_source.m4: fix 2nd probe
ax_c_float_words_bigendian: use canon formatting
2023.05.19
AX_C_FLOAT_WORDS_BIGENDIAN: Fix bug "AX_C_FLOAT_WORDS_BIGENDIAN fails whenever interprocedural optimization is enabled."
Previous versions of this macro would not work when interprocedural
optimization (via link-time optimization) was enabled. This would happen
when, say, the GCC/clang "-flto" flag, or the ICC "-ipo" flag was used, for
example. The problem was that under these conditions, the compiler did not
allocate for and write the special float value in the data segment of the
test object file. Thus, the special value (in platform-dependent binary form)
could not be found, and the macro would fail.
The solution to the above problem was to:
1) Compile and link a whole test program rather than just compile an
object file.
2) Add code that requires the compiler to write the special value to
the data segment of the program executable.
For further details, refer to the documentation in the macro source file. Note
that this change already increments the serial number of the file.
This change resolves the following issues:
CPython issue #89640
https://github.com/python/cpython/issues/89640
Gentoo bug #700012
https://bugs.gentoo.org/700012
Cairo issue #459
https://gitlab.freedesktop.org/cairo/cairo/-/issues/459
Poky (Yocto Project) #12699
https://lists.yoctoproject.org/g/poky/topic/89131836
2023.05.07
ax_add_fortify_source.m4: fix 2nd probe
it didnt error anymore, just warned.
thus without -O it still enabled the 2nd variant
2023.05.01
bump serial numbers after recent changes
2023.04.19
ax_ext_have_lib.m4: fix typo
ax_python_config_var.m4: fix typo
ax_path_bdb.m4: fix typo
ax_pkg_mico.m4: fix typo
ax_cvs.m4: fix typo
ax_cc_tentdef.m4: fix typo
ax_ms_cpprest.m4: fix typo
ax_check_java_plugin.m4: fix typo
ax_cc_attrcommon.m4: Fix typo
ax_boost_base.m4: fix comment typo
2023.04.13
Re-format macros into canonical format after recent changes.
Merge pull request #263 from k4rtik/icu
ax_check_icu: bump serial and update after icu-config deprecation
Merge pull request #275 from cstes/ax_cc_tentdef
ax_cc_tentdef: test for C tentative definitions
Merge pull request #276 from theAeon/master
AX_BLAS: Fix vecLib detection on modern MacOS
2023.04.12
Fix vecLib detection on modern MacOS
For whatever reason Apple's hardened runtime scoping disallows third-party
linking to -framework vecLib. Linking -framework Accelerate solves this issue.
2023.04.10
ax_cc_tentdef: test for C tentative definitions
2023.03.08
ax_lib_netcdf4: NF_CONFIG instead of NC_CONFIG for Fortran flags.
NF_CONFIG is better and safer than NC_CONFIG, for NETCDF4_FFLAGS and
NETCDF4_FLIBS configuration.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 20230802.1 to 20240722.0
- Update of rootfile
- Changelog 20240722.0
What's New:
Added GoogleTest matchers for absl::Status. These matchers make it easier
to write unit tests for code that uses absl::Status.
Breaking Changes:
absl::AlphaNum no longer allows brace-initialization. This was never
intended to be supported, nor is it recommended that absl::AlphaNum
ever be spelled in user code.
The deprecated symbol absl::kuint128max has been removed and should be
replaced with absl::Uint128Max().
absl::aligned_storage_t, which was a polyfill consistent with
std::aligned_storage_t, has been removed. std::aligned_storage_t is
deprecated in C++23. See
https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2021/p1413r3.pdf
for a suggested replacement.
absl::StrJoin now has a absl::string_view overload. This allows for
passing a collection of string-like objects without having to convert
everything to the same type first. However, this may be a breaking
change for users passing an explicit template argument to
absl::StrJoin. In this case, simply remove the explicit template
parameter.
vlog_is_on.h is now a public header and is no longer included from log.h.
To use VLOG_IS_ON(), absl/log/vlog_is_on.h must be included. 20240116.2
What's New:
Added absl::NoDestructor<T> to simplify defining static types that do not
need to be destructed upon program exit.
Added configurable verbose logging (also known as VLOG).
Added absl::Overload(), which returns a functor that provides overloads
based on the functors passed to it. Note that this functionality
requires C++17 or newer.
Bzlmod is now officially supported (previously it was supported by the
community). Note that it may take several days after the release for
it to become available in the Bazel Central Registry.
Breaking Changes:
AbslHashValue() no longer accepts C-style arrays as a parameter.
Previously the array would decay to a pointer type, which could lead
to subtle, unintended bugs. The most common potential error is passing
a C-string literal. After this change, these call-sites require
wrapping the literal in absl::string_view.
absl::weak_equality and absl::strong_equality have been removed. The
corresponding std types were removed before C++20 was finalized
(https://wg21.link/P1959R0).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 11 Nov 2024 09:37:21 +0000 (10:37 +0100)]
services.cgi: Remove links from addon services
- As discussed in Video Conf Call on Oct 7th 2024
- This patch removes the links from the addon services, in line with the change made
to the core services.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Tested-by: Bernhard Bitsch <bbitsch@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 9 Nov 2024 17:38:11 +0000 (18:38 +0100)]
gnutls: Update to version 3.8.8
- Update from version 3.8.7 to 3.8.8
- Update of rootfile
- Changelog
3.8.8
** libgnutls: Experimental support for X25519MLKEM768 and SecP256r1MLKEM768 key exchange in TLS 1.3
The support for post-quantum key exchanges has been extended to
cover the final standard of ML-KEM, following
draft-kwiatkowski-tls-ecdhe-mlkem. The minimum supported version of
liboqs is bumped to 0.11.0.
** libgnutls: All records included in an OCSP response are now checked in TLS
Previously, when multiple records are provided in a single OCSP
response, only the first record was considered; now all those
records are examined until the server certificate matches.
** libgnutls: Handling of malformed compress_certificate extension is now more standard compliant
The server behavior of receiving a malformed compress_certificate
extension now more strictly follows RFC 8879; return
illegal_parameter alert instead of bad_certificate, as well as
overlong extension data is properly rejected.
** build: More flexible library linking options for compression libraries, TPM, and liboqs support
The configure options, --with-zstd, --with-brotli, --with-zlib,
--with-tpm2, and --with-liboqs now take 4 states:
yes/link/dlopen/no, to specify how the libraries are linked or
loaded.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 10 Nov 2024 13:06:19 +0000 (14:06 +0100)]
hwdata: Update from individual file downloads to using a tarball source version 0.389
- This patch uses https://github.com/vcrhonek/hwdata/ to obtain the pci.ids & usb.ids
files. Arch Linux uses this source and they have been providing the updates for
around 8 years.
- Updated lfs to use the new source tarball
- Updated rootfile to only install the pci.ids & usb.ids files
- This will make it easier to identify when there have been updates of the .ids files
as there will be a new source tarball created.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sun, 10 Nov 2024 10:39:49 +0000 (11:39 +0100)]
harfbuzz: Update to version 10.1.0
- This v2 version corrects the Comment section of the lfs where a b2sum was accidentally
pasted.
- Update from version 8.2.2 to 10.1.0
- Update of rootfile
- From version 9.0.0 meson is the only build system for harfbuzz
- Changelog
10.1.0
- Fix the sign of fallback vertical glyph advance (used when font has no
vertical advance data).
- Increase maximum “CFF” operands limit 20 times to support more complex fonts.
- Add “--face-loader” option to command line utilities.
- Support “COLR” v0 table in hb_font_get_glyph_extents().
- Add support for font functions that use Core Text APIs, similar to FreeType
font functions. This allows, for example, using drawing fonts that use the new
(and undocumented) “hvgl” table.
- Update IANA and OT language registries, as well ase USE data files.
- Fix build with ICU 76.
- Various compiler warnings and build fixes.
- Various subsetter fixes.
- New API:
+hb_face_create_or_fail()
+hb_face_create_from_file_or_fail()
+hb_coretext_face_create_from_file_or_fail()
+hb_coretext_font_set_funcs()
+hb_ft_face_create_from_file_or_fail()
10.0.1
- Relax sanitization checks for “morx” subtables to fix broken AAT shaping of
macOS 15.0 version of GeezaPro.
10.0.0
- Unicode 16.0.0 support.
- Various documentation fixes.
- Various build fixes.
- Add API to allow HarfBuzz client to set what glyph to use when a Unicode
Variation Selector is not supported by the font, which would allow the client
to customize what happens in this case, by using a different font for example.
- Add a callback to for “hb_face_t” for getting the list of table tags. This is
now used to make calling “hb_face_get_table_tags()” work on a faces created by
“hb_face_create_for_tables()” (e.g. faces returned by “hb_subset_or_fail()”).
- CGJ and Mongolian Variation Selectors are now ignored during glyph
positioning, previously they would block both glyph substitution and
positioning across them.
- Support cairo script as an output format for “hb-view” command line tool.
- Drop an optimization that would cause HarfBuzz not apply pair positioning
lookup subtables under certain circumstances, for compatibility with other
implementations that do apply these subtables.
- Subsetting will now fail if source font has no glyphs, so feeding the subsetter
invalid data will not silently return an empty face.
- If after partially instancing a font no variation data is left (the instance
is fully static), don’t consider this a failure.
- Workaround a Firefox bug in displaying SVGs generated be “hb-view” command
line tool under certain circumstances.
- Fix bug in macroman mapping for “cmap” table.
- Fix difference shaping output when HarfBuzz is built with with
“HB_NO_OT_RULESETS_FAST_PATH” enabled.
- Various subsetting and instancing fixes.
- Various fuzzing fixes.
- Add “with_libstdcxx” meson build option.
- New API:
+HB_SCRIPT_GARAY
+HB_SCRIPT_GURUNG_KHEMA
+HB_SCRIPT_KIRAT_RAI
+HB_SCRIPT_OL_ONAL
+HB_SCRIPT_SUNUWAR
+HB_SCRIPT_TODHRI
+HB_SCRIPT_TULU_TIGALARI
+hb_buffer_set_not_found_variation_selector_glyph()
+hb_buffer_get_not_found_variation_selector_glyph()
+hb_get_table_tags_func_t
+hb_face_set_get_table_tags_func()
9.0.0
- HarfBuzz now the supports the proposed new OpenType “VARC” table. This
replaces the previously supported “Variable Composites” experimental feature.
“VARC” support is still experimental and it is not enabled unless HarfBuzz is
built with experimental APIs enabled:
https://github.com/harfbuzz/boring-expansion-spec/blob/main/VARC.md
- Autotools build system have been dropped. Meson is the only supported build
system in HarfBuzz going forward.
- Speed up “AAT” shaping for short words by up to 4%.
- Ignore unknown “CFF” operators.
- “hb_subset_input_keep_everything()” now keeps also non-unicode “name” table
records.
- Update the IANA and OpenType language tag registries.
- Support composite glyphs with very large number of points in hb-draw API.
- Various build fixes.
8.5.0
- API for partial instancing is now stable and have been promoted out of
experimental APIs.
- Support instancing “BASE” table.
- Speedup AAT shaping by 13–30%.
- Various build fixes.
- Various subsetter and instancer fixes.
- New API:
+HB_SUBSET_FLAGS_OPTIMIZE_IUP_DELTAS
+hb_subset_input_get_axis_range()
+hb_subset_input_pin_axis_location()
8.4.0
- Add /bigobj to MSVC compiler flags in meson build, to fix building hb-subset.cc
- Specify minimum versions of various dependencies in meson and autotools build.
- When subsetting, place variation store at the end of “GDEF” table to fix
shaping issues with some versions of Adobe InDesign.
- Various build fixes.
- New API:
+hb_buffer_set_random_state()
+hb_buffer_get_random_state()
8.3.1
- hb_blob_create_from_file_or_fail() on Windows will now try to interpret the
file name as UTF-8 first, and as system code page if it is not valid UTF-8.
- Fix hb_style_get_value() in fonts with “STAT” table.
- Properly handle negative offsets in CFF table.
- Update IANA Language Subtag Registry to 2024-03-07.
- Subsetter now supports subsetting “BASE” table.
- Subsetter will update “hhea” font metrics in sync with “OS/2” ones.
- “--variations” option of “hb-subset” now supports leaving out values that
should be unchanged, e.g. “wght=:500:” will change the default and keep max
and min unchanged. It also supports “*=drop” to to pin all axes to default
location.
- Fix hb_ot_math_get_glyph_kerning() to match updated “MATH” table spec.
- Support legacy MacRoman encoding in “cmap” table.
- Various build fixes.
- Various subsetting and instancing fixes.
- New API:
hb_subset_input_pin_all_axes_to_default()
8.3.0
- Improve memory barrier to fix potential segfaults.
- Various build fixes.
- Various subsetting and instancing fixes.
- Rename “hb-subset” option “--instance” to “--variations” to match the other
tools. Old option is kept as an alias.
- New API:
HB_AAT_LAYOUT_FEATURE_TYPE_CURSIVE_CONNECTION
- Deprecated API:
HB_AAT_LAYOUT_FEATURE_TYPE_CURISVE_CONNECTION
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 9 Nov 2024 17:38:13 +0000 (18:38 +0100)]
pixman: Update to version 0.44.0
- Update from version 0.43.4 to 0.44.0
- Update of rootfile
- Disabling iwmmxt no longer required as support for it in pixman has been dropped.
- Changelog not provided. Review of changes only available by review of commits.
https://gitlab.freedesktop.org/pixman/pixman/-/commits/master?ref_type=heads
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 9 Nov 2024 17:38:12 +0000 (18:38 +0100)]
lvm2: Update to version 2.03.28
- Update from version 2.03.26 to 2.03.28
- Update of rootfile not required
- Changelog
2.03.28
Use radix_tree to lookup for UUID within committed metadata.
Use radix_tree to lookup LV list entry within VG struct.
Introduce setting config/validate_metadata = full | none.
Restore fs resize call for lvresize -r on the same size LV (2.03.17).
Correct off-by-one devicesfile backup counting.
Replace use of dm_hash with radix_tree for lv names and uuids.
Refactor vg_validate with uniq_insert and better use of CPU caches.
Add radix_tree_uniq_insert.
Update DM cache when taking next VG lock instead of dropping it.
Generate json string id only for json reporting.
For vgsummary use new API call dm_config_parse_only_section().
Use radix_tree for PV names mapping.
Split check_lv_segment into separate _in/complete_vg variant.
Use find_lv instead of find_lv_in_vg when possible.
Do a mirror fixup only when mirrors with logs are imported.
Add faster crc32 calculation from zlib code for x86_64.
Fall back to direct zeroing if BLKZEROOUT fails during new LV initialization.
2.03.27
Fix swap device size detection using blkid for lvresize/lvreduce/lvextend.
Detect GPT partition table and pass partition filter if no partitions defined.
Add global/sanlock_align_size option to configure sanlock lease size.
Disable mem locking when activation/reserved_stack or reserved_memory is 0.
Fix locking issues in lvmlockd leaving thin pool locked.
Deprecate vdo settings vdo_write_policy and vdo_write_policy.
Lots of typo fixes across lvm2 code base (codespell).
Corrected integrity parameter interleave_sectors for DM table line.
Ignore -i|--stripes, -I|--stripesize for lvextend on raid0 LV, like raid10.
Do not accept duplicate device names for pvcreate.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 9 Nov 2024 17:38:10 +0000 (18:38 +0100)]
ffmpeg: Update to version 7.1
- Update from version 7.0.2 to 7.1
- Update of rootfile
- Changelog
7.1
- Raw Captions with Time (RCWT) closed caption demuxer
- LC3/LC3plus decoding/encoding using external library liblc3
- ffmpeg CLI filtergraph chaining
- LC3/LC3plus demuxer and muxer
- pad_vaapi, drawbox_vaapi filters
- vf_scale supports secondary ref input and framesync options
- vf_scale2ref deprecated
- qsv_params option added for QSV encoders
- VVC decoder compatible with DVB test content
- xHE-AAC decoder
- removed DEC Alpha DSP and support code
- VVC encoding support via libvvenc
- perlin video source
- D3D12VA HEVC encoder
- Cropping metadata parsing and writing in Matroska and MP4/MOV de/muxers
- Intel QSV-accelerated VVC decoding
- MediaCodec AAC/AMR-NB/AMR-WB/MP3 decoding
- YUV colorspace negotiation for codecs and filters, obsoleting the
YUVJ pixel format
- Vulkan H.264 encoder
- Vulkan H.265 encoder
- stream specifiers in fftools can now match by stream disposition
- LCEVC enhancement data exporting in H.26x and MP4/ISOBMFF
- LCEVC filter
- MV-HEVC decoding
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 9 Nov 2024 17:38:09 +0000 (18:38 +0100)]
expat: Update to version 2.6.4
- Update from version 2.6.3 to 2.6.4
- Update of rootfile
- Changelog
2.6.4
Security fixes:
#915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser
from a NULL pointer dereference by disallowing function
XML_StopParser to (stop or) suspend an unstarted parser.
A new error code XML_ERROR_NOT_STARTED was introduced to
properly communicate this situation. // CWE-476 CWE-754
Other changes:
#903 CMake: Add alias target "expat::expat"
#905 docs: Document use via CMake >=3.18 with FetchContent
and SOURCE_SUBDIR and its consequences
#902 tests: Reduce use of global parser instance
#904 tests: Resolve duplicate handler
#317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903)
#914 Fix signedness of format strings
#919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
for what these numbers do
Infrastructure:
#907 CI: Upgrade Clang from 18 to 19
#913 CI: Drop macos-12 and add macos-15
#910 CI: Adapt to breaking changes in GitHub Actions
#898 Add missing entries to .gitignore
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Sat, 9 Nov 2024 17:38:08 +0000 (18:38 +0100)]
curl: Update to version 8.11.0
- Update from version 8.10.0 to 8.11.0
- Update of rootfile
- Changelog
8.11.0
Changes:
curl: --create-dirs works for --dump-header as well
gtls: Add P12 format support
ipfs: add options to disable
TLS: TLSv1.3 earlydata support for curl
WebSockets: make support official (non-experimental)
Bugfixes:
alt-svc: honor data->state.httpwant
altsvc: avoid using local buffer and memcpy
asyn-ares: remove typecast, fix expire
autotools: add support for 'unity' builds, enable in CI
bearssl: avoid strpcy() when generating TLS version log message
bearssl: improved session handling, test exceptions
bufq: unwrite fix
build: add `ldap` to `libcurl.pc` `Requires:`
build: add pytest targets
build: clarify CA embed is for curl tool, mark default, improve summary
build: detect and use `_setmode()` with Cygwin/MSYS, also use on Windows
build: disable warning `-Wunreachable-code-break`
build: fix clang-cl builds, add CI job
build: fix cross-compile check for poll with bionic
build: fix possible `-Wformat-overflow` in lib557
build: limit arc4random detection to no-SSL configs
build: show if CA bundle to embed was found
build: tidy up and improve versioned-symbols options
build: tidy up deprecation suppression, enable warnings for clang
certs: add missing `-CAcreateserial` option for LibreSSL
checksrc: add check for spaces around logical AND operators
checksrc: Added checks for colon operator in ternary expressions
checksrc: check for spaces around '?', '>' and '<'
ci: dump `curl_config.h` to log in all jobs
CI: run with standard mod_http2
cmake, Makefile.mk: use -isystem for headers, silence BearSSL issues
cmake/FindCares: fix version detection for c-ares 1.34.1
cmake/FindNGTCP2: use library path as hint for finding crypto module
cmake: add missed variable to comment
cmake: add native `pkg-config` detection for mbedTLS, MSH3, Quiche, Rustls, wolfSSL
cmake: allow building tests in unity mode
cmake: apply `WIN32_LEAN_AND_MEAN` to all feature checks
cmake: avoid setting `BUILD_TESTING`
cmake: clear package version after `pkg-config` detection
cmake: delete unused NEED_LBER_H, HAVE_LDAP_H
cmake: detect `HAVE_NETINET_IN6_H`, `HAVE_CLOSESOCKET_CAMEL`, `HAVE_PROTO_BSDSOCKET_H`
cmake: detect GNU GSS
cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled
cmake: do not propagate unused `HAVE_GSSAPI_GSSAPI_KRB5_H` to C
cmake: document `-D` and env build options
cmake: drop obsolete items from `TODO` and `INSTALL-CMAKE`
cmake: drop redundant assignments
cmake: drop redundant zlib var, rename function (internals)
cmake: expand CURL_USE_PKGCONFIG to non-cross MINGW
cmake: fix broken dependency chain for cmdline-opts, tidy-ups
cmake: fix compile warnings for clang-cl
cmake: fix missing spacing in log message
cmake: limit `CURL_STATIC_CRT` to MSVC
cmake: make `test-ci` target skip building dependencies
cmake: mark as advanced some internal Find* variables
cmake: readd `generate-curl.1` dependency for `src` just in case
cmake: rename LDAP dependency config variables to match Find modules
cmake: replace `check_include_file_concat()` for LDAP and GSS detection
cmake: replace `CURL_*_DIR` with `{PROJECT,CMAKE_CURRENT}_*_DIR`
cmake: require quictls (or fork) when using msh3 on non-Windows
cmake: separate target for examples, optimize CI, fix fallouts
cmake: set version for `project()` and add CPack support
cmake: stop adding dependency headers to global `CMAKE_REQUIRED_INCLUDES`
cmake: sync torture test parallelism with autotools
cmake: tidy up `CURL_DISABLE_FORM_API` initialization
cmake: tidy up and shorten symbol hiding initialization
cmake: tidy up line order
cmake: tidy up picky warning initialization
cmake: tidy-ups and rebase fixups
cmake: tweaks around debug mode and hidden symbols
cmake: untangle feature detection interdependencies
cmake: use `list(APPEND)` on `CURL_INCLUDES`
cmake: use OpenSSL for LDAP detection only if available
cmake: use the `BSD` variable
config: rename the OS define to CURL_OS to reduce collision risk
configure: add GSS to `libcurl.pc` `Depends:`
configure: catch Apple in more target triplets
configure: drop duplicate feature checks for `poll()`, `if_nametoindex()`
configure: drop unused bare `socket.h` detection
configure: improve help string for some options
conncache: find bundle again in case it is removed
conncache: more efficient implementation of cpool_remove_bundle
cookie: overhaul and cleanup
curl-rustls.m4: set linker flags to allow rustls build on macos
curl.h: remove the struct pointer for CURL/CURLSH/CURLM typedefs
curl: add build options for safe/no CA bundle search (Windows)
curl: detect ECH support dynamically, not at build time
curl_addrinfo: support operating systems with only getaddrinfo(3)
curl_multi_perform.md: fix typo
curl_trc: fix build with verbose messages disabled
curl_url_set.md: document HOST handling when URL is parsed
curl_ws_recv.md: the 'meta' pointer is only returned on success
curl_ws_recv: return recv 0 and point meta to NULL on all errors
CURLMOPT_PIPELINING.md: clarify that CURLPIPE_NOTHING is not default
CURLOPT_APPEND.md: goes for SFTP as well
CURLOPT_HEADERFUNCTION.md: do not modify the passed in buffer
DISABLED: disable test 1060 with hyper
DISTROS: avoid use of "very"
Dockerfile: update Docker digest to d830561
docs/cmdline-opts: GnuTLS supports PKCS#11 URI in --cert option
docs: clarify FTP over HTTP proxy functionality somewhat
docs: fix a typo in some cipher options
ech: spelling, whitespace, say `--ech` default config
ftp: fix 0-length last write on upload from stdin
ftp: move listen handling to socket filter
GHA: optimize test prereq steps
gnutls: use session cache for QUIC
hsts: avoid the local buffer and memcpy on lookup
hsts: improve subdomain handling
hsts: support "implied LWS" properly around max-age
http2: auto reset stream on server eos
http_aws_sigv4: avoid local buffer and strcpy
INSTALL-CMAKE.md: mention focus on shared libraries
INSTALL-CMAKE: fix punctuation and a typo
INSTALL.md: fix a typo that slipped in to RISC OS
json.md: cli-option `--json` is an alias of `--data-binary`
lib, src, tests: added space around ternary expressions
lib/cw-out: initialize 'flush_all' directly
lib/src: white space edits to comply better with code style
lib: avoid assigning 'result' temporarily
lib: fix disabled-verbose-strings + enable-debug build warnings
lib: fix unity builds with BearSSL, MSH3, Quiche, OmniOS
lib: move curl_path.[ch] into vssh/
lib: msnprintf tidy-ups
lib: remove Curl_ prefix from static functions
lib: remove function pointer typecasts for hmac/sha256/md5
lib: use bool/TRUE/FALSE properly
libcurl/opts: improve phrasing for connection cap related options
libssh.c: handle EGAINS during proto-connect correctly
libssh2: delete duplicate `break`
libssh2: put the readdir buffers into struct
libssh2: use the Curl_* memory functions to avoid memdebug
libssh2: use the filename buffer when getting the homedir
libtests: generate the lib1521 atomically
mbedTLS: fix handling of TLSv1.3 sessions
mbedtls: handle session as blobs
mbedtls: remove failf() use from mbedtls_random
mk-lib1521: fix the long return code check
mprintf: do not ignore length modifiers of `%o`, `%x`, `%X`
mprintf: treat `%o` as unsigned, add tests for `%o`, `%x`, `%X`
mqtt: fix mqtt.md wording and add clearer explanation
multi.c: make stronger check for paused transfer before asserting
multi.c: warn/assert on stall only without timer
multi: avoid reading whole struct pointer from pointer
multi: convert Curl_follow to static multi_follow
multi: make curl_multi_cleanup invalidate magic latter
multi: make multi_handle_timeout use the connect timeout
multi: split multi_runsingle into sub functions
negotiate: conditional check around GSS & SSL specific code
netrc: cache the netrc file in memory
ngtcp2: do not loop on recv
ngtcp2: set max window size to 10x of initial (128KB)
openssl quic: populate x509 store before handshake
openssl: convert a memcpy to dynbuf use
openssl: extend the OpenSSL error messages
openssl: improve retries on shutdown
openssl: remove two strcpy() calls
OS400: don't delete source files when building with debug
packages/OS400/curlmain: remove the strncpy calls
processhelp.pm: improve taskkill calls (Windows)
pytest: fix run against multissl curl
pytest: improve pytest_07_42a reliability
pytest: include `buildinfo.txt` in the output
pytest: include curl version string and python platform in log
pytest: show curl features and protocols
quic: use send/recvmmsg when available
quic: use the session cache with wolfSSL as well
request: on shutdown send, proceed normally on timeout
runtests.md: suggest a value for -j for torture tests
runtests: add comment for handle64 pathsep requirement
runtests: drop unused code for old/classic-mingw support
runtests: pass single backslashes with Windows Perl
runtests: use deterministic sort for `TESTINFO` lines
schannel: fix TLS cert verification by IP SAN
schannel: ignore error on recv beyond close notify
schannel: reclassify extra-verbose schannel_recv messages
select: use poll() if existing, avoid poll() with no sockets
sendf: add condition to max-filesize check
server/mqttd: fix two memory leaks
setopt: avoid superfluous length checks before strcmp()
setopt: return error for bad input to CURLOPT_RTSP_REQUEST
setopt_cptr: make overflow check only done when needed
singleuse: make `git grep` faster, add Apple `nm` support
smb: do not redefine `getpid` on Windows
smb: replace use of strcpy() with snprintf()
socks_gssapi: switch to dynbuf from buffer with strcpy
source: avoid use of 'very' in comments
src/lib: remove redundant ternary operators
src: guard for double declaration of `curl_ca_embed` in unity builds
sws: fix unused static function with `TCP_NODELAY` undefined
telnet: avoid two strcpy() by pointing to the strings instead
test1035: convert host name back to utf8 as should be
test1515: add tracing and more debug info
test1540: add debug logging
test190: replace %FTPTIME2 with a fixed value
test1915: add tracing and connect timeout
test1915: remove wrong comment
test2502: add libtest debug tracing
test504: fix handling on pending connect
testrun: explicitly set proper IP address for stunnel listen/connect
tests/http: fix ubuntu GnuTLS CI failures
tests/scorecard: allow remote server test
tests/server/util.c: remove use of strncpy
tests/valgrind.pm: fix warnings with no valgrind report to show
tests/valgrind.supp: remove a travis suppression, add a Debian
tests: add and use `%PERL` variable to refer to the Perl binary
tests: add codeset-utf8 as a feature
tests: add file: tests with existing files
tests: allow pytests to run in out-of-tree builds
tests: capture stdin to get the vsftpd version number
tests: change Python code style to pass ruff checks
tests: check http/2 and http/3 server responsiveness
tests: delete duplicate macro check
tests: enable additional ruff Python lint options
tests: fix `%POSIX_PWD` on native Windows Perl
tests: fix callback signatures to please UndefinedBehaviorSanitizer
tests: Fix FILEFORMAT <file name=""> directive
tests: fix keyword for test1411
tests: fix shell quoting on native Windows Perl
tests: fix some Python typing issues
tests: fixup `checkcmd` `PATH` on non-unixy platforms
tests: improve mqtt server handling
tests: introduce %CLIENT6IP-NB
tests: let openssl generate random cert serials
tests: libtests and unit tests need explicit #include memdebug
tests: make precheck for HTTP on 127.0.0.1 into a feature
tests: Only log warnings or worse by default in smbserver
tests: postcheck is now in verify
tests: remove all valgrind disable instructions
tests: remove debug requirement on 38 tests
tests: remove the %FTPTIME3 variable
tests: replace `%PWD` with `%FILE_PWD` for `file://`
tests: replace `%PWD` with `%SSH_PWD` in SCP/SFTP tests
tests: replace hard-coded `/dev/null` with variable
tests: simplify `pathhelp.pm`, avoid using external tools
tests: speed up builds with single-binary test bundles
tests: testrunner fairness
tests: testrunner reliability improvements
tests: use '-4' where needed
tests: use a set for several of the curl_props
tftp: avoid two memcpy/strcpy
tidy-up: rename CURL_WINDOWS_APP to CURL_WINDOWS_UWP
tls: avoid abusing CURLE_SSL_ENGINE_INITFAILED
tool: support --show-headers AND --remote-header-name
tool_doswin: simplify; remove unused options and strncpy calls
tool_getparam: drop unused time() call
tool_getparam: replace two uses of strncpy(), ban strncpy
tool_operate: make --skip-existing work for --parallel
tool_operate: reuse the schannel backend check
tool_xattr: create the user.creator xattr attribute
unit1307: tidy up Apple OS detection
unit1660: fix unreachable code warning in no-SSL builds
url: connection reuse on h3 connections
url: use same credentials on redirect
urlapi: drop unused header
urlapi: normalize the IPv6 address
version: minor cleanups
version: say quictls in MSH3 builds
vquic: fix compiler warning with gcc + MUSL
vquic: recv_mmsg, use fewer, but larger buffers
vtls: convert Curl_pin_peer_pubkey to use dynbuf
vtls: convert pubkey_pem_to_der to use dynbuf
warnless: remove curlx_sktosi and curlx_sitosk
winbuild/README: consolidate command prompt section
winbuild/README: document how to clean a build
winbuild: add initial wolfSSL support
winbuild: drop `gen_resp_file.bat`
wolfssl: convert malloc + memcpys to dynbuf for cipher string
wolfSSL: fix handling of TLSv1.3 sessions
wolfssl: no more use of the OpenSSL API
wolfssl: use old version API without openssl extra
8.10.1
Bugfixes:
autotools: fix `--with-ca-embed` build rule
cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync
cmake: fix MSH3 to appear on the feature list
connect: store connection info when really done
CURLMOPT_TIMERFUNCTION.md: emphasize that only a single timer should run
FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a
http2: when uploading data from stdin, fix eos forwarding
http: make max-filesize check not count ignored bodies
lib: fix AF_INET6 use outside of USE_IPV6
libcurl-docs: CURLINFO_LOCAL_* work for QUIC as well as TCP
multi: check that the multi handle is valid in curl_multi_assign
QUIC: on connect, keep on trying on draining server
request: correctly reset the eos_sent flag
runtests: accecpt 'quictls' as OpenSSL compatible
rustls: fixed minor logic bug in default cipher selection
rustls: rustls-ffi 0.14.0 update
rustls: support strong CSRNG data
setopt: remove superfluous use of ternary expressions
singleuse: drop `Curl_memrchr()` for no-HTTP builds
test537: cap the rlimit max this test runs
tests: tweak lock file handling and timers
tool_cb_wrt: use "curl_response" if no file name in URL
transfer: fix sendrecv() without interim poll
vtls: fix `Curl_ssl_conn_config_match` doc param
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 16 Oct 2024 16:50:20 +0000 (18:50 +0200)]
update.sh: Remove existing entries for the three FEODO_ tracker lists
- This removes any time entries in the modified file for either FEODO_RECOMMENDED,
FEODO_IP or FEODO_AGGRESSIVE.
- This also removes any blocklists for any of these sources from the /var/lib/ipblocklist
directory.
- This patch will ensure that any reference to any of these sources is removed from the
ipblocklist files.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Wed, 16 Oct 2024 16:50:19 +0000 (18:50 +0200)]
sources: Removal of Feodo Tracker lists from ipblocklist sources file
- FEODO_RECOMMENDED list is empty and has been since 2024-08-23, when it was last
updated.
- FEODO_IP list is empty and has been since 2024-08-23, when it was last updated.
- FEODO_AGGRESSIVE list still contains IP's but they were last updated on 2024-08-23.
- According to the Feodo Tracker web site these lists are updated every 5 minutes but
not for nearly 8 weeks now.
- Contacted Spamhaus who, since 2022, are the primary licensee for Abuse.ch, who created
the Feodo Tracker lists. No response at all from Spamhaus after one week, not even
any acknowledgement response.
- This patch set removes these three lists from the sources file and an associated patch
to the update.sh file removes references to these lists, if used, from the "modified"
file and removes the "list_name.conf" files.
- This is the same process as used for the removal of the ALIENVAULT list earlier this
year.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Adolf Belka [Mon, 14 Oct 2024 16:55:47 +0000 (18:55 +0200)]
netpbm: Removal of netpbm config.mk
- netpbm addon was removed from IPFire in April 2022. This configuration file was
missed at that time.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 20240910 to 20241029
- Update of rootfile not required
- Changelog 20241029
Update for functional issues. Refer to 14th/13th Generation Intel® Core™
Processor Specification Update for details at
https://cdrdv2.intel.com/v1/dl/getContent/740518
Updated Platforms
Processor Stepping F-M-S/PI Old Ver New Ver Products
RPL-E/HX/S B0 06-b7-01/32 000001290000012b Core Gen13/Gen14
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
When we import all static leases, their remark will be used as hostname
(because WTF?) and might be overwritten if the device is not sending any
or even the same hostname.
This patch avoids that static leases will be modified.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 21 Oct 2024 16:38:47 +0000 (16:38 +0000)]
unbound-dhcp-leases-bridge: Fix typo
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 21 Oct 2024 16:38:46 +0000 (16:38 +0000)]
unbound-dhcp-leases-bridge: Don't export expired leases to Unbound
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This option needs to be configurable since some (braindead) ISPs have
started running broken DHCP servers to be bug-compatible with cheap
broken plastic routers.
By default we keep this option enabled, but it can now be turned off
whenever needed.
Suggested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Thu, 17 Oct 2024 14:54:16 +0000 (14:54 +0000)]
chown: Replace . with : on all shipped scripts
I don't like this messy bootup screen that we have with all sorts of
warnings that actually don't cause any problems, but make the boot
messy and send the wrong message to users.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
projects / ipfire-2.x.git / log
