Adolf Belka [Sun, 6 Feb 2022 21:46:08 +0000 (22:46 +0100)]
make.sh: name all perl packages to start with perl
- Currently some perl packages start with perl, others don't have perl in the name
at all and one has perl at the end of the IPFire name.
- This patch series places perl at the start of all lfs and rootfile files for perl
packages in a similar way as is done for python3.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
I have a new add-on here which I use e.g. to bring partitions from mbr to gpt without data loss.
It is also well suited for rescuing broken partitions.
GPT fdisk (consisting of the gdisk, cgdisk, sgdisk, and fixparts programs) is a set of text-mode partitioning tools for Linux,
FreeBSD, Mac OS X, and Windows.
The gdisk, cgdisk, and sgdisk programs work on Globally Unique Identifier (GUID) Partition Table (GPT) disks,
rather than on the older (and once more common) Master Boot Record (MBR) partition tables.
The fixparts program repairs certain types of damage to MBR disks and enables changing partition types from
primary to logical and vice-versa.
Signed-off-by: Marcel Follert (Smooky) <smooky@v16.de> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:08:53 +0000 (20:08 +0100)]
xtables-addons: Drop package.
None of the provided modules are in use, so this package
safely can be dropped.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:03:07 +0000 (20:03 +0100)]
firewall.menu: Drop entry for P2P-Block.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:03:06 +0000 (20:03 +0100)]
p2p-block.cgi: Drop CGI.
The support for creating P2P based rules has been removed from the
firewall. So this CGI file is not longer needed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:03:05 +0000 (20:03 +0100)]
configroot: Drop config file for p2protocols.
The support for creating P2P based rules has been removed from the
firewall. So this file is not longer needed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:03:04 +0000 (20:03 +0100)]
firewall: Drop support for blocking P2P protocols.
The main P2P (peer-to-peer) aera has passed for several year now, so
this kind of feature is realy out-dated.
The feature only supports a handfull of P2P protocols (mostly unencrypted)
for applications, which have been superseeded by various other
applications and protocols.
So, this fairly is not longer required and safely can be dropped.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:56 +0000 (19:42 +0100)]
libloc: Export DB in ipset compatible format.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:54 +0000 (19:42 +0100)]
rules.pl: Check if an ipset db file exists before call to restore it.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:53 +0000 (19:42 +0100)]
rules.pl: Do not try to restore the same ipset multiple times.
When an ipset list get restored, this now will be documented in a hash
and this hash also will be checked before restoring a list if this has
not be done previously.
This will prevent from restoring the same list multiple times.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:52 +0000 (19:42 +0100)]
update-location-database: Export database to ipset compatible format now.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:51 +0000 (19:42 +0100)]
rules.pl: Move to ipset based data for location based firewall rules.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:50 +0000 (19:42 +0100)]
rules.pl: Move to ipset based data for LOCATIONBLOCK feature.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:49 +0000 (19:42 +0100)]
rules.pl: Add tiny ipset_restore function.
This helper function is used to load a previously exported list of
networks for a given country code into the ipset module, so it can be
used for any kind of firewall rules.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:47 +0000 (19:42 +0100)]
rules.pl: Move flush of LOCATIONBLOCK into main flush() function.
It is required to get rid of all ipset based rules before all of
the loaded ipset lists can be destroyed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 15 Feb 2022 09:36:18 +0000 (10:36 +0100)]
gdbm: Update to version 1.23
- Update from 1.20 to 1.23
- Update of rootfile not required
- Changelog
Version 1.23, 2022-02-04
* Bucket cache switched from balanced tree to hash table
Change suggested by Terence Kelly.
* Speed up flushing the changed buckets on disk
* New option codes for gdbm_setopt
** GDBM_GETDBFORMAT
Return the database format.
** GDBM_GETDIRDEPTH
Return the directory depth, i.e. the number of initial (most significant)
bits in hash value that are interpreted as index to the directory.
** GDBM_GETBUCKETSIZE
Return maximum number of keys per bucket.
** GDBM_GETCACHEAUTO
Return the status of the automatic cache adjustment.
** GDBM_SETCACHEAUTO
Enable or disable automatic cache adjustment.
Version 1.22, 2021-10-19
* Fix file header validation
* Fix key verification in sequential access
* Fix testing with DejaGNU 1.6.3
* Fix stack overflow in print_usage
* Fix a leak of avail entry on pushing a new avail block
The leak would occur if the original avail table had odd number of entries.
* New gdbmtool variables: errorexit, errormask, trace, timing
"Errorexit" and "errormask" control which GDBM errors would cause the
program termination and emitting a diagnostic message,
correspondingly. Both variables are comma-delimited lists of error
codes.
The "trace" variable enables tracing of the gdbmtool commands.
The "timing" variable, when set, instructs gdbmtool to print time
spent in each command it runs.
* New gdbmtool options: -t (--trace), and -T (--timing)
Version 1.21, 2021-09-02
* Crash tolerance
By default it is possible for an abrupt crash (e.g., power failure,
OS kernel panic, or application process crash) to corrupt the gdbm
database file. A new Linux-only mechanism enables applications to
recover the database state corresponding to the most recent
successful gdbm_sync() call before the crash. See the chapter 17
"Crash Tolerance" in the GDBM manual.
* New database file format: numsync
The new "numsync" database format is designed to better support
crash tolerance. To create a database in numsync format, the gdbm_open
(or gdbm_fd_open) function must be given the GDBM_NEWDB|GDBM_NUMSYNC
flags. The GDBM_NUMSYNC flag also takes effect when used together
with GDBM_WRCREAT, provided that the new file is created.
New function gdbm_convert() is provided for converting the databases
from standard GDBM format to numsync and vice versa.
The gdbmtool tool can also be used for converting databases between
these two formats.
* Changes in gdbmtool
** Fix string output in non-ASCII encodings
Printable multi-byte sequences are correctly represented on output.
This also fixes octal representation of unprintable characters.
** The filename variable
This variable supplies the name of database file for use in "open"
command, if the latter is called without arguments. If "open" is
called with the file name argument, the "filename" variable is
initialized to this value.
** The fd variable
If set, its value must be an open file descriptor referring to a
GDBM database file. The "open" command will use gdbm_fd_open
function to use this file. Upon closing the database, this
descriptor will be closed and the variable will be unset.
The file descriptor to use can also be supplied using the
-d (--db-descriptor) command line option.
** The format variable
Defines the format in which new databases will be created. Allowed
values are: "standard" (default) and "numsync".
** New commands: upgrade and downgrade
The "upgrade" command converts current database to the numsync
(extended) format. The "downgrade" command converts current database
to the standard format.
** New command: snapshot
The "snapshot" command is part of the new crash tolerance support.
Given the names of two snapshot files, it analyzes them and selects
the one to be used for database recovery. See the GDBM manual,
section 17.5 "Manual crash recovery" for a detailed discussion of its
use.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Tue, 15 Feb 2022 13:40:27 +0000 (13:40 +0000)]
ovpnclients.dat: Fix adjusting input dates
This patch changes that we no longer interpret any dates put in by the
user as UTC. They used to be converted into localtime because, although
they have already been in local time.
This went unnoticed since in Europe we are close (enough) to UTC that
there is no significant discrepancy on the report. However, being in
North America is enough to generate confusing reports.
Reported-by: Paul <kairis@gmail.com> Fixes: #12768 Tested-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 15 Feb 2022 09:36:56 +0000 (10:36 +0100)]
libarchive: Update to version 3.6.0
- Update from 3.5.2 to 3.6.0
- Update of rootfile
- Changelog
Libarchive 3.6.0 is a feature and bugfix release.
New features:
tar: new option "--no-read-sparse" (#1614)
tar: threads support for zstd (#1567)
RAR reader: filter support (#1503)
RAR5 reader: self-extracting archive support (#1585)
ZIP reader: zstd decompression support (#1518)
Other notable bugfixes and improvements:
tar: respect "--ignore-zeros" in c, r and u modes (#1620)
reduced size of application binaries (#1625)
internal code optimizations
Libarchive 3.5.3 is a security release
Security Fixes:
extended fix for following symlinks when processing the fixup list
(#1566, #1617, CVE-2021-31566)
fix invalid memory access and out of bounds read in RAR5 reader
(#1491, #1492, #1493, CVE-2021-36976)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 15 Feb 2022 09:37:13 +0000 (10:37 +0100)]
stunnel: Update to version 5.62
- Update from 5.58 to 5.62
- Update of rootfile
- Changelog
### Version 5.62, 2022.01.17, urgency: MEDIUM
* New features
- Added a bash completion script.
* Bugfixes
- Fixed a transfer() loop bug.
### Version 5.61, 2021.12.22, urgency: LOW
* New features sponsored by the University of Maryland
- Added new "protocol = capwin" and "protocol = capwinctrl"
configuration file options.
* New features for the Windows platform
- Added client mode allowing authenticated users to view
logs, reconfigure and terminate running stunnel services.
- Added support for multiple GUI and service instances
distinguised by the location of stunnel.conf.
- Improved log window scrolling.
- Added a new 'Pause auto-scroll' GUI checkbox.
- Double click on the icon tray replaced with single click.
- OpenSSL DLLs updated to version 3.0.1.
* Other new features
- Rewritten the testing framework in python (thx to
Peter Pentchev for inspiration and initial framework).
- Added support for missing SSL_set_options() values.
- Updated stunnel.spec to support RHEL8.
* Bugfixes
- Fixed OpenSSL 3.0 build.
- Fixed reloading configuration with
"systemctl reload stunnel.service".
- Fixed incorrect messages logged for OpenSSL errors.
- Fixed printing IPv6 socket option defaults on FreeBSD.
### Version 5.60, 2021.08.16, urgency: LOW
* New features
- New 'sessionResume' service-level option to allow
or disallow session resumption
- Added support for the new SSL_set_options() values.
- Download fresh ca-certs.pem for each new release.
* Bugfixes
- Fixed 'redirect' with 'protocol'. This combination is
not supported by 'smtp', 'pop3' and 'imap' protocols.
- Enforced minimum WIN32 log window size.
- Fixed support for password-protected private keys with
OpenSSL 3.0 (thx to Dmitry Belyavskiy).
### Version 5.59, 2021.04.05, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.1.1k.
* New features
- Client-side "protocol = ldap" support (thx to Bart
Dopheide and Seth Grover).
* Bugfixes
- The test suite fixed not to require external connectivity.
- Fixed paths in generated manuals (thx to Tatsuki Makino).
- Fixed configuration reload when compression is used.
- Fixed compilation with early releases of OpenSSL 1.1.1.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:01 +0000 (22:29 +0100)]
lcms2: Update to version 2.13.1
- Update from 2.12 to 2.13.1
- Update of rootfile
- Changelog
2.13.1 Hot fix
Fix for pure white going gray in grayscale transforms.
2.13 Featured release
Added support for premultiplied alpha
tifficc can now handle alpha channels, both unassociated and premultiplied
Better documentation
CGATS parser can now deal with very long strings
Added Projects for Visual Studio 2020
Travis CI discontinued, GitHub actions used instead
Added a very preliminar meson build script (thanks to xclaesse)
Added ARM64 target to visual studio 2019 (thanks to gaborkertesz-linaro)
Added thread safe code to get time
Added automatic linear space detection
Added cmsGetStageContextID function
Added cmsDetectRGBProfileGamma function
configure now accepts --without-fastfloat to turn plugin off
autogen.sh has now a --distclean toggle to get rid of all autotools generated files
Checked to work on STM32 Cortex-A, Cortex-M families
Bug & typos fixing (thanks to many reporters and contributors)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.30 (2011) to 20220207
- Update of rootfile not required
- After version 2.30 the files from iana are no longer versioned. A git repository is
available (also used by LFS) which creates the required files by an automated script.
So the lfs just needs to copy across the services and protocols files to /etc
- There is no Changelog
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 12 Feb 2022 17:16:20 +0000 (18:16 +0100)]
squid: Update from 5.2 => 5.4.1
For details see:
http://www.squid-cache.org/Versions/v5/changesets/SQUID_5_4_1.html
This is 'squid 5.4.1', containing the previous patch for Bug #5055.
Prior to this patch I reverted my previous patches 'squid: Update 5.2 => 5.4" and
'squid 5.4: Latest patch - Bug #5055 - from upstream' and marked them as
'superseded' in patchwork.
For a better overview the 'squid-gcc11'-patch has been renamed again and moved
to an own squid-patch-directory.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
firewall: Revert strict martian check on loopback interface
If the firewall is talking to itself using one of its private IP
addresses (e.g. the primary green interface IP address), it will use the
loopback interface.
This is due to the local routing table which will be looked up first:
[root@ipfire ~]# ip rule
0: from all lookup local
128: from all lookup 220
220: from all lookup 220
32765: from all lookup static
32766: from all lookup main
32767: from all lookup default
It contains:
[root@ipfire ~]# ip route show table local
local 8x.1x.1x.1x dev ppp0 proto kernel scope host src 8x.1x.1x.1x
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 192.168.x.1 dev green0 proto kernel scope host src 192.168.x.1
broadcast 192.168.x.255 dev green0 proto kernel scope link src 192.168.x.1
Any lookup for the green IP address will show this:
local 192.168.x.1 dev lo table local src 192.168.x.1 uid 0
cache <local>
A test ping shows this in tcpdump:
[root@ipfire ~]# tcpdump -i any icmp -nn
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
17:24:22.864293 lo In IP 127.0.0.1 > 127.0.0.1: ICMP echo request, id 10420, seq 1, length 64
17:24:22.864422 lo In IP 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 10420, seq 1, length 64
17:24:29.162021 lo In IP 192.168.x.1 > 192.168.x.1: ICMP echo request, id 1555, seq 1, length 64
17:24:29.162201 lo In IP 192.168.x.1 > 192.168.x.1: ICMP echo reply, id 1555, seq 1, length 64
For this reason, we will have to accept any source and destination IP
address on the loopback interface, which is what this patch does.
We can however, continue to check whether we received any packets with
the loopback address on any other interface.
This regression was introduced in commit a36cd34e.
Fixes: #12776 - New spoofed or martian filter block Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 12 Feb 2022 13:21:13 +0000 (14:21 +0100)]
nano: Update to 6.1
For details see:
https://www.nano-editor.org/news.php
"The behavior of ^K at a prompt has been enhanced: when there
is text after the cursor, just this text is erased. (In the usual
situation, however, when the cursor is at the end of the answer,
the behavior is as before: the whole answer is erased.)
At a prompt, M-6 copies the current answer into the cutbuffer.
Large external pastes into nano are handled more quickly."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:16 +0000 (22:29 +0100)]
libusb: Update to version 1.0.25
- Update from 1.0.24 to 1.0.25
- Update of rootfile not required
- Changelog
2022-01-31: v1.0.25
* Linux: Fix regression with some particular devices
* Linux: Fix regression with libusb_handle_events_timeout_completed()
* Linux: Fix regression with cpu usage in libusb_bulk_transfer
* Darwin (macOS): Add support for detaching kernel drivers with authorization.
* Darwin (macOS): Do not drop partial data on timeout.
* Darwin (macOS): Silence pipe error in set_interface_alt_setting().
* Windows: Fix HID backend missing byte
* Windows: Fix segfault with libusbk driver
* Windows: Fix regression when using libusb0 driver
* Windows: Support LIBUSB_TRANSFER_ADD_ZERO_PACKET on winusb
* New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option
* Various other bug fixes and improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Matthias Fischer [Fri, 22 May 2020 10:49:02 +0000 (12:49 +0200)]
pakfire.cgi: Cosmetic fix
The two text passages for 'pakfire install...' and 'pakfire uninstall...' under
'Available' and 'Installed Addons:' are so close together that the first line
appears as a single line.
This patch separates these two areas a bit from each other so that they are
better readable.
Robin Roevens [Mon, 31 Jan 2022 22:40:47 +0000 (23:40 +0100)]
buildprocess: Add extra metadata to pak lfs files
* Add a Summary and Services field to all pak lfs files
* Replace occurances of INSTALL_INITSCRIPT with new INSTALL_INITSCRIPTS
macro in all pak lfs files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Robin Roevens [Mon, 31 Jan 2022 22:40:46 +0000 (23:40 +0100)]
buildprocess: Add extra metadata to meta-* files
* Add a Summary and Services field to the meta-* addon files.
* Add an INSTALL_INITSCRIPTS macro that takes a space seperated
list of initscripts to install.
* I kept the original INSTALL_INITSCRIPT as a method to install
individual initscripts for backwards compatibility and possible corner
cases.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:46 +0000 (22:29 +0100)]
pango: Update to version 1.50.3
- Update from 1.50.0 to 1.50.3
- Update of rootfile
- Changelog
Overview of changes in 1.50.3, 21-12-2021
* pango-view: Add --serialize-to option for easy bug reporting
* Revert a transformation change that broke metrics for vertical text
* Handle fonts without space glyph (such as icon fonts) better
* Fix some corner cases of line width accounting
* Fix line height with emulated Small Caps
Overview of changes in 1.50.2, 16-12-2021
* Fix a problem with font fallback for Arabic
* Fix handling of fonts without a space glyph
* Various documentation improvements
* Fix build issues
Overview of changes in 1.50.1, 10-12-2021
* Fix a crash in tab handling
* Fix tab positioning without line wrapping
* Fix an assertion failure found by fuzzing
* Make underlines work again for broken fonts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:28:14 +0000 (22:28 +0100)]
harfbuzz: Update to version 3.3.2
- Update from 3.1.2 to 3.3.2
- Update of rootfile
- Changelog
Overview of changes leading to 3.3.2
- Revert splitting of pair positioning values introduced in 3.3.0 as it proved
problematic. (Behdad Esfahbod)
Overview of changes leading to 3.3.1
- Fix heap-use-after-free in harfbuzz-subset introduced in previous release.
(Garret Rieger)
Overview of changes leading to 3.3.0
- Improved documentation. (Matthias Clasen)
- Internal code cleanup, using C++ standard library more. (Behdad Esfahbod)
- The low 16-bits of face index will be used by hb_face_create() to select a
face inside a font collection file format, while the high 16-bits will be
used by hb_font_create() to load the named instance. (Behdad Esfahbod)
- Glyph positions and other font metrics now apply synthetic slant set by
hb_font_set_synthetic_slant(), for improved positioning for synthetically
slanted fonts. (Behdad Esfahbod)
- Fixed unintentional locale dependency in hb_variation_to_string() for decimal
point representation. (Matthias Clasen)
- When applying pair positioning (kerning) the positioning value is split
between the two sides of the pair for improved cursor positioning between
such pairs. (Behdad Esfahbod)
- Introduced new HB_GLYPH_FLAG_UNSAFE_TO_CONCAT, to be used in conjunction
with HB_GLYPH_FLAG_UNSAFE_TO_BREAK for optimizing re-shaping during line
breaking. Check the documentation for further details. (Behdad Esfahbod)
- Improved handling of macrolanguages when mapping BCP 47 codes to OpenType
tags. (David Corbett)
- New API:
+HB_GLYPH_FLAG_UNSAFE_TO_CONCAT
+hb_segment_properties_overlay()
+hb_buffer_create_similar()
+hb_font_set_synthetic_slant()
+hb_font_get_synthetic_slant()
+hb_font_get_var_coords_design()
Overview of changes leading to 3.2.0
“harfbuzz” library improvements:
- Fixed shaping of Apple Color Emoji flags in right-to-left context. (Behdad Esfahbod)
- Fixed positioning of CFF fonts in HB_TINY profile. (Behdad Esfahbod)
- OpenType 1.9 language tags update. (David Corbett)
- Add HB_NO_VERTICAL config option.
- Add HB_CONFIG_OVERRIDE_H for easier configuration. (Behdad Esfahbod)
“harfbuzz-subset” library improvements:
- Improved packing of cmap, loca, and Ligature tables. (Garret Rieger)
- Significantly improved overflow-resolution strategy in the repacker. (Garret Rieger)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:27:50 +0000 (22:27 +0100)]
findutils: Update to version 4.9.0
- Update from 4.8.0 to 4.9.0
- Update of rootfile not required
- Changelog
GNU findutils NEWS - User visible changes.
* Noteworthy changes in release 4.9.0 (2022-02-22) [stable]
** New features in find
find now supports the -files0-from option to be able to safely pass an
arbitrary number of starting points to the tool. The option requires a file
name as argument, or "-" to read from standard input. The entries in that
file have to be separated by NUL characters. [#60383]
** Changes in locate / updatedb
updatedb now skips (fuse-mounted) s3fs filesystems by default,
i.e., unless PRUNEFS is set.
** Bug Fixes
'find -D stat -L ...' no longer determines SELinux security information as
if the -L option was not given.
[Bug present since the SELinux implementation in 4.5.6]
'find -inum' and 'find -printf %i' now also work on platforms which allow
the inode number Zero; e.g. the GNU/Hurd uses inode number 0 for /dev/console.
Previously, find(1) would abort when visiting such a file.
[Bug present since FINDUTILS_4_5_4-1.]
findutils-4.8.0 failed to build on some MacOS versions.
Fixed by a gnulib update. [#59972, #59991]
** Documentation Changes
The find.1 man page and the Texinfo manual now show environment variables
in a consistent style. [#59963]
Furthermore, both add the description of the -printf format directive '%B',
for a file's birth time, and its limitations. [#61327]
The description of the -delete action has been improved and aligned among
the manual page and the Texinfo documentation. [#61774]
Various other documentation fixes - syntax issues and typos.
[#61303, #60823, #61341]
The output of 'find --help' now reads better.
The HTML online manual is using the official GNU stylesheet again.
** Changes to the build process
The find version without FTS, oldfind, has been completely removed. It has
not been installed since 4.5.18 (2015), and was only still used in tests.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:16 +0000 (22:29 +0100)]
libusb: Update to version 1.0.25
- Update from 1.0.24 to 1.0.25
- Update of rootfile not required
- Changelog
2022-01-31: v1.0.25
* Linux: Fix regression with some particular devices
* Linux: Fix regression with libusb_handle_events_timeout_completed()
* Linux: Fix regression with cpu usage in libusb_bulk_transfer
* Darwin (macOS): Add support for detaching kernel drivers with authorization.
* Darwin (macOS): Do not drop partial data on timeout.
* Darwin (macOS): Silence pipe error in set_interface_alt_setting().
* Windows: Fix HID backend missing byte
* Windows: Fix segfault with libusbk driver
* Windows: Fix regression when using libusb0 driver
* Windows: Support LIBUSB_TRANSFER_ADD_ZERO_PACKET on winusb
* New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option
* Various other bug fixes and improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:27 +0000 (22:29 +0100)]
libxcrypt: Update to version 4.4.28
- Update from 4.4.26.to 4.4.28
- Update of rootfile not required
- Changelog - This is from the NEWS file in the source tarball. Since version 3.1.1 there
is no Changelog provided, only the NEWS file. For more details the instruction is to
look at the Git commit history
Version 4.4.28
* Add glibc-on-or1k (OpenRISC 1000) entry to libcrypt.minver.
This was added in GNU libc 2.35.
Version 4.4.27
* Limit the maximum amount of rbytes to 64 bytes (512 bits) for
yescrypt, gost-yescrypt, and scrypt. Also reflect this limit
in the documentation (issue #145).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>