Adolf Belka [Sun, 6 Feb 2022 21:46:08 +0000 (22:46 +0100)]
make.sh: name all perl packages to start with perl
- Currently some perl packages start with perl, others don't have perl in the name
at all and one has perl at the end of the IPFire name.
- This patch series places perl at the start of all lfs and rootfile files for perl
packages in a similar way as is done for python3.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
I have a new add-on here which I use e.g. to bring partitions from mbr to gpt without data loss.
It is also well suited for rescuing broken partitions.
GPT fdisk (consisting of the gdisk, cgdisk, sgdisk, and fixparts programs) is a set of text-mode partitioning tools for Linux,
FreeBSD, Mac OS X, and Windows.
The gdisk, cgdisk, and sgdisk programs work on Globally Unique Identifier (GUID) Partition Table (GPT) disks,
rather than on the older (and once more common) Master Boot Record (MBR) partition tables.
The fixparts program repairs certain types of damage to MBR disks and enables changing partition types from
primary to logical and vice-versa.
Signed-off-by: Marcel Follert (Smooky) <smooky@v16.de> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:08:53 +0000 (20:08 +0100)]
xtables-addons: Drop package.
None of the provided modules are in use, so this package
safely can be dropped.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:03:07 +0000 (20:03 +0100)]
firewall.menu: Drop entry for P2P-Block.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:03:06 +0000 (20:03 +0100)]
p2p-block.cgi: Drop CGI.
The support for creating P2P based rules has been removed from the
firewall. So this CGI file is not longer needed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:03:05 +0000 (20:03 +0100)]
configroot: Drop config file for p2protocols.
The support for creating P2P based rules has been removed from the
firewall. So this file is not longer needed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 19:03:04 +0000 (20:03 +0100)]
firewall: Drop support for blocking P2P protocols.
The main P2P (peer-to-peer) aera has passed for several year now, so
this kind of feature is realy out-dated.
The feature only supports a handfull of P2P protocols (mostly unencrypted)
for applications, which have been superseeded by various other
applications and protocols.
So, this fairly is not longer required and safely can be dropped.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Acked-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:56 +0000 (19:42 +0100)]
libloc: Export DB in ipset compatible format.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:54 +0000 (19:42 +0100)]
rules.pl: Check if an ipset db file exists before call to restore it.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:53 +0000 (19:42 +0100)]
rules.pl: Do not try to restore the same ipset multiple times.
When an ipset list get restored, this now will be documented in a hash
and this hash also will be checked before restoring a list if this has
not be done previously.
This will prevent from restoring the same list multiple times.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:52 +0000 (19:42 +0100)]
update-location-database: Export database to ipset compatible format now.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:51 +0000 (19:42 +0100)]
rules.pl: Move to ipset based data for location based firewall rules.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:50 +0000 (19:42 +0100)]
rules.pl: Move to ipset based data for LOCATIONBLOCK feature.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:49 +0000 (19:42 +0100)]
rules.pl: Add tiny ipset_restore function.
This helper function is used to load a previously exported list of
networks for a given country code into the ipset module, so it can be
used for any kind of firewall rules.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 14 Feb 2022 18:42:47 +0000 (19:42 +0100)]
rules.pl: Move flush of LOCATIONBLOCK into main flush() function.
It is required to get rid of all ipset based rules before all of
the loaded ipset lists can be destroyed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 15 Feb 2022 09:36:18 +0000 (10:36 +0100)]
gdbm: Update to version 1.23
- Update from 1.20 to 1.23
- Update of rootfile not required
- Changelog
Version 1.23, 2022-02-04
* Bucket cache switched from balanced tree to hash table
Change suggested by Terence Kelly.
* Speed up flushing the changed buckets on disk
* New option codes for gdbm_setopt
** GDBM_GETDBFORMAT
Return the database format.
** GDBM_GETDIRDEPTH
Return the directory depth, i.e. the number of initial (most significant)
bits in hash value that are interpreted as index to the directory.
** GDBM_GETBUCKETSIZE
Return maximum number of keys per bucket.
** GDBM_GETCACHEAUTO
Return the status of the automatic cache adjustment.
** GDBM_SETCACHEAUTO
Enable or disable automatic cache adjustment.
Version 1.22, 2021-10-19
* Fix file header validation
* Fix key verification in sequential access
* Fix testing with DejaGNU 1.6.3
* Fix stack overflow in print_usage
* Fix a leak of avail entry on pushing a new avail block
The leak would occur if the original avail table had odd number of entries.
* New gdbmtool variables: errorexit, errormask, trace, timing
"Errorexit" and "errormask" control which GDBM errors would cause the
program termination and emitting a diagnostic message,
correspondingly. Both variables are comma-delimited lists of error
codes.
The "trace" variable enables tracing of the gdbmtool commands.
The "timing" variable, when set, instructs gdbmtool to print time
spent in each command it runs.
* New gdbmtool options: -t (--trace), and -T (--timing)
Version 1.21, 2021-09-02
* Crash tolerance
By default it is possible for an abrupt crash (e.g., power failure,
OS kernel panic, or application process crash) to corrupt the gdbm
database file. A new Linux-only mechanism enables applications to
recover the database state corresponding to the most recent
successful gdbm_sync() call before the crash. See the chapter 17
"Crash Tolerance" in the GDBM manual.
* New database file format: numsync
The new "numsync" database format is designed to better support
crash tolerance. To create a database in numsync format, the gdbm_open
(or gdbm_fd_open) function must be given the GDBM_NEWDB|GDBM_NUMSYNC
flags. The GDBM_NUMSYNC flag also takes effect when used together
with GDBM_WRCREAT, provided that the new file is created.
New function gdbm_convert() is provided for converting the databases
from standard GDBM format to numsync and vice versa.
The gdbmtool tool can also be used for converting databases between
these two formats.
* Changes in gdbmtool
** Fix string output in non-ASCII encodings
Printable multi-byte sequences are correctly represented on output.
This also fixes octal representation of unprintable characters.
** The filename variable
This variable supplies the name of database file for use in "open"
command, if the latter is called without arguments. If "open" is
called with the file name argument, the "filename" variable is
initialized to this value.
** The fd variable
If set, its value must be an open file descriptor referring to a
GDBM database file. The "open" command will use gdbm_fd_open
function to use this file. Upon closing the database, this
descriptor will be closed and the variable will be unset.
The file descriptor to use can also be supplied using the
-d (--db-descriptor) command line option.
** The format variable
Defines the format in which new databases will be created. Allowed
values are: "standard" (default) and "numsync".
** New commands: upgrade and downgrade
The "upgrade" command converts current database to the numsync
(extended) format. The "downgrade" command converts current database
to the standard format.
** New command: snapshot
The "snapshot" command is part of the new crash tolerance support.
Given the names of two snapshot files, it analyzes them and selects
the one to be used for database recovery. See the GDBM manual,
section 17.5 "Manual crash recovery" for a detailed discussion of its
use.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Tue, 15 Feb 2022 13:40:27 +0000 (13:40 +0000)]
ovpnclients.dat: Fix adjusting input dates
This patch changes that we no longer interpret any dates put in by the
user as UTC. They used to be converted into localtime because, although
they have already been in local time.
This went unnoticed since in Europe we are close (enough) to UTC that
there is no significant discrepancy on the report. However, being in
North America is enough to generate confusing reports.
Reported-by: Paul <kairis@gmail.com> Fixes: #12768 Tested-by: Jon Murphy <jon.murphy@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 15 Feb 2022 09:36:56 +0000 (10:36 +0100)]
libarchive: Update to version 3.6.0
- Update from 3.5.2 to 3.6.0
- Update of rootfile
- Changelog
Libarchive 3.6.0 is a feature and bugfix release.
New features:
tar: new option "--no-read-sparse" (#1614)
tar: threads support for zstd (#1567)
RAR reader: filter support (#1503)
RAR5 reader: self-extracting archive support (#1585)
ZIP reader: zstd decompression support (#1518)
Other notable bugfixes and improvements:
tar: respect "--ignore-zeros" in c, r and u modes (#1620)
reduced size of application binaries (#1625)
internal code optimizations
Libarchive 3.5.3 is a security release
Security Fixes:
extended fix for following symlinks when processing the fixup list
(#1566, #1617, CVE-2021-31566)
fix invalid memory access and out of bounds read in RAR5 reader
(#1491, #1492, #1493, CVE-2021-36976)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Tue, 15 Feb 2022 09:37:13 +0000 (10:37 +0100)]
stunnel: Update to version 5.62
- Update from 5.58 to 5.62
- Update of rootfile
- Changelog
### Version 5.62, 2022.01.17, urgency: MEDIUM
* New features
- Added a bash completion script.
* Bugfixes
- Fixed a transfer() loop bug.
### Version 5.61, 2021.12.22, urgency: LOW
* New features sponsored by the University of Maryland
- Added new "protocol = capwin" and "protocol = capwinctrl"
configuration file options.
* New features for the Windows platform
- Added client mode allowing authenticated users to view
logs, reconfigure and terminate running stunnel services.
- Added support for multiple GUI and service instances
distinguised by the location of stunnel.conf.
- Improved log window scrolling.
- Added a new 'Pause auto-scroll' GUI checkbox.
- Double click on the icon tray replaced with single click.
- OpenSSL DLLs updated to version 3.0.1.
* Other new features
- Rewritten the testing framework in python (thx to
Peter Pentchev for inspiration and initial framework).
- Added support for missing SSL_set_options() values.
- Updated stunnel.spec to support RHEL8.
* Bugfixes
- Fixed OpenSSL 3.0 build.
- Fixed reloading configuration with
"systemctl reload stunnel.service".
- Fixed incorrect messages logged for OpenSSL errors.
- Fixed printing IPv6 socket option defaults on FreeBSD.
### Version 5.60, 2021.08.16, urgency: LOW
* New features
- New 'sessionResume' service-level option to allow
or disallow session resumption
- Added support for the new SSL_set_options() values.
- Download fresh ca-certs.pem for each new release.
* Bugfixes
- Fixed 'redirect' with 'protocol'. This combination is
not supported by 'smtp', 'pop3' and 'imap' protocols.
- Enforced minimum WIN32 log window size.
- Fixed support for password-protected private keys with
OpenSSL 3.0 (thx to Dmitry Belyavskiy).
### Version 5.59, 2021.04.05, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.1.1k.
* New features
- Client-side "protocol = ldap" support (thx to Bart
Dopheide and Seth Grover).
* Bugfixes
- The test suite fixed not to require external connectivity.
- Fixed paths in generated manuals (thx to Tatsuki Makino).
- Fixed configuration reload when compression is used.
- Fixed compilation with early releases of OpenSSL 1.1.1.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:01 +0000 (22:29 +0100)]
lcms2: Update to version 2.13.1
- Update from 2.12 to 2.13.1
- Update of rootfile
- Changelog
2.13.1 Hot fix
Fix for pure white going gray in grayscale transforms.
2.13 Featured release
Added support for premultiplied alpha
tifficc can now handle alpha channels, both unassociated and premultiplied
Better documentation
CGATS parser can now deal with very long strings
Added Projects for Visual Studio 2020
Travis CI discontinued, GitHub actions used instead
Added a very preliminar meson build script (thanks to xclaesse)
Added ARM64 target to visual studio 2019 (thanks to gaborkertesz-linaro)
Added thread safe code to get time
Added automatic linear space detection
Added cmsGetStageContextID function
Added cmsDetectRGBProfileGamma function
configure now accepts --without-fastfloat to turn plugin off
autogen.sh has now a --distclean toggle to get rid of all autotools generated files
Checked to work on STM32 Cortex-A, Cortex-M families
Bug & typos fixing (thanks to many reporters and contributors)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 2.30 (2011) to 20220207
- Update of rootfile not required
- After version 2.30 the files from iana are no longer versioned. A git repository is
available (also used by LFS) which creates the required files by an automated script.
So the lfs just needs to copy across the services and protocols files to /etc
- There is no Changelog
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 12 Feb 2022 17:16:20 +0000 (18:16 +0100)]
squid: Update from 5.2 => 5.4.1
For details see:
http://www.squid-cache.org/Versions/v5/changesets/SQUID_5_4_1.html
This is 'squid 5.4.1', containing the previous patch for Bug #5055.
Prior to this patch I reverted my previous patches 'squid: Update 5.2 => 5.4" and
'squid 5.4: Latest patch - Bug #5055 - from upstream' and marked them as
'superseded' in patchwork.
For a better overview the 'squid-gcc11'-patch has been renamed again and moved
to an own squid-patch-directory.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
firewall: Revert strict martian check on loopback interface
If the firewall is talking to itself using one of its private IP
addresses (e.g. the primary green interface IP address), it will use the
loopback interface.
This is due to the local routing table which will be looked up first:
[root@ipfire ~]# ip rule
0: from all lookup local
128: from all lookup 220
220: from all lookup 220
32765: from all lookup static
32766: from all lookup main
32767: from all lookup default
It contains:
[root@ipfire ~]# ip route show table local
local 8x.1x.1x.1x dev ppp0 proto kernel scope host src 8x.1x.1x.1x
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 192.168.x.1 dev green0 proto kernel scope host src 192.168.x.1
broadcast 192.168.x.255 dev green0 proto kernel scope link src 192.168.x.1
Any lookup for the green IP address will show this:
local 192.168.x.1 dev lo table local src 192.168.x.1 uid 0
cache <local>
A test ping shows this in tcpdump:
[root@ipfire ~]# tcpdump -i any icmp -nn
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
17:24:22.864293 lo In IP 127.0.0.1 > 127.0.0.1: ICMP echo request, id 10420, seq 1, length 64
17:24:22.864422 lo In IP 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 10420, seq 1, length 64
17:24:29.162021 lo In IP 192.168.x.1 > 192.168.x.1: ICMP echo request, id 1555, seq 1, length 64
17:24:29.162201 lo In IP 192.168.x.1 > 192.168.x.1: ICMP echo reply, id 1555, seq 1, length 64
For this reason, we will have to accept any source and destination IP
address on the loopback interface, which is what this patch does.
We can however, continue to check whether we received any packets with
the loopback address on any other interface.
This regression was introduced in commit a36cd34e.
Fixes: #12776 - New spoofed or martian filter block Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 12 Feb 2022 13:21:13 +0000 (14:21 +0100)]
nano: Update to 6.1
For details see:
https://www.nano-editor.org/news.php
"The behavior of ^K at a prompt has been enhanced: when there
is text after the cursor, just this text is erased. (In the usual
situation, however, when the cursor is at the end of the answer,
the behavior is as before: the whole answer is erased.)
At a prompt, M-6 copies the current answer into the cutbuffer.
Large external pastes into nano are handled more quickly."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:16 +0000 (22:29 +0100)]
libusb: Update to version 1.0.25
- Update from 1.0.24 to 1.0.25
- Update of rootfile not required
- Changelog
2022-01-31: v1.0.25
* Linux: Fix regression with some particular devices
* Linux: Fix regression with libusb_handle_events_timeout_completed()
* Linux: Fix regression with cpu usage in libusb_bulk_transfer
* Darwin (macOS): Add support for detaching kernel drivers with authorization.
* Darwin (macOS): Do not drop partial data on timeout.
* Darwin (macOS): Silence pipe error in set_interface_alt_setting().
* Windows: Fix HID backend missing byte
* Windows: Fix segfault with libusbk driver
* Windows: Fix regression when using libusb0 driver
* Windows: Support LIBUSB_TRANSFER_ADD_ZERO_PACKET on winusb
* New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option
* Various other bug fixes and improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Matthias Fischer [Fri, 22 May 2020 10:49:02 +0000 (12:49 +0200)]
pakfire.cgi: Cosmetic fix
The two text passages for 'pakfire install...' and 'pakfire uninstall...' under
'Available' and 'Installed Addons:' are so close together that the first line
appears as a single line.
This patch separates these two areas a bit from each other so that they are
better readable.
Robin Roevens [Mon, 31 Jan 2022 22:40:47 +0000 (23:40 +0100)]
buildprocess: Add extra metadata to pak lfs files
* Add a Summary and Services field to all pak lfs files
* Replace occurances of INSTALL_INITSCRIPT with new INSTALL_INITSCRIPTS
macro in all pak lfs files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Robin Roevens [Mon, 31 Jan 2022 22:40:46 +0000 (23:40 +0100)]
buildprocess: Add extra metadata to meta-* files
* Add a Summary and Services field to the meta-* addon files.
* Add an INSTALL_INITSCRIPTS macro that takes a space seperated
list of initscripts to install.
* I kept the original INSTALL_INITSCRIPT as a method to install
individual initscripts for backwards compatibility and possible corner
cases.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:46 +0000 (22:29 +0100)]
pango: Update to version 1.50.3
- Update from 1.50.0 to 1.50.3
- Update of rootfile
- Changelog
Overview of changes in 1.50.3, 21-12-2021
* pango-view: Add --serialize-to option for easy bug reporting
* Revert a transformation change that broke metrics for vertical text
* Handle fonts without space glyph (such as icon fonts) better
* Fix some corner cases of line width accounting
* Fix line height with emulated Small Caps
Overview of changes in 1.50.2, 16-12-2021
* Fix a problem with font fallback for Arabic
* Fix handling of fonts without a space glyph
* Various documentation improvements
* Fix build issues
Overview of changes in 1.50.1, 10-12-2021
* Fix a crash in tab handling
* Fix tab positioning without line wrapping
* Fix an assertion failure found by fuzzing
* Make underlines work again for broken fonts
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:28:14 +0000 (22:28 +0100)]
harfbuzz: Update to version 3.3.2
- Update from 3.1.2 to 3.3.2
- Update of rootfile
- Changelog
Overview of changes leading to 3.3.2
- Revert splitting of pair positioning values introduced in 3.3.0 as it proved
problematic. (Behdad Esfahbod)
Overview of changes leading to 3.3.1
- Fix heap-use-after-free in harfbuzz-subset introduced in previous release.
(Garret Rieger)
Overview of changes leading to 3.3.0
- Improved documentation. (Matthias Clasen)
- Internal code cleanup, using C++ standard library more. (Behdad Esfahbod)
- The low 16-bits of face index will be used by hb_face_create() to select a
face inside a font collection file format, while the high 16-bits will be
used by hb_font_create() to load the named instance. (Behdad Esfahbod)
- Glyph positions and other font metrics now apply synthetic slant set by
hb_font_set_synthetic_slant(), for improved positioning for synthetically
slanted fonts. (Behdad Esfahbod)
- Fixed unintentional locale dependency in hb_variation_to_string() for decimal
point representation. (Matthias Clasen)
- When applying pair positioning (kerning) the positioning value is split
between the two sides of the pair for improved cursor positioning between
such pairs. (Behdad Esfahbod)
- Introduced new HB_GLYPH_FLAG_UNSAFE_TO_CONCAT, to be used in conjunction
with HB_GLYPH_FLAG_UNSAFE_TO_BREAK for optimizing re-shaping during line
breaking. Check the documentation for further details. (Behdad Esfahbod)
- Improved handling of macrolanguages when mapping BCP 47 codes to OpenType
tags. (David Corbett)
- New API:
+HB_GLYPH_FLAG_UNSAFE_TO_CONCAT
+hb_segment_properties_overlay()
+hb_buffer_create_similar()
+hb_font_set_synthetic_slant()
+hb_font_get_synthetic_slant()
+hb_font_get_var_coords_design()
Overview of changes leading to 3.2.0
“harfbuzz” library improvements:
- Fixed shaping of Apple Color Emoji flags in right-to-left context. (Behdad Esfahbod)
- Fixed positioning of CFF fonts in HB_TINY profile. (Behdad Esfahbod)
- OpenType 1.9 language tags update. (David Corbett)
- Add HB_NO_VERTICAL config option.
- Add HB_CONFIG_OVERRIDE_H for easier configuration. (Behdad Esfahbod)
“harfbuzz-subset” library improvements:
- Improved packing of cmap, loca, and Ligature tables. (Garret Rieger)
- Significantly improved overflow-resolution strategy in the repacker. (Garret Rieger)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:27:50 +0000 (22:27 +0100)]
findutils: Update to version 4.9.0
- Update from 4.8.0 to 4.9.0
- Update of rootfile not required
- Changelog
GNU findutils NEWS - User visible changes.
* Noteworthy changes in release 4.9.0 (2022-02-22) [stable]
** New features in find
find now supports the -files0-from option to be able to safely pass an
arbitrary number of starting points to the tool. The option requires a file
name as argument, or "-" to read from standard input. The entries in that
file have to be separated by NUL characters. [#60383]
** Changes in locate / updatedb
updatedb now skips (fuse-mounted) s3fs filesystems by default,
i.e., unless PRUNEFS is set.
** Bug Fixes
'find -D stat -L ...' no longer determines SELinux security information as
if the -L option was not given.
[Bug present since the SELinux implementation in 4.5.6]
'find -inum' and 'find -printf %i' now also work on platforms which allow
the inode number Zero; e.g. the GNU/Hurd uses inode number 0 for /dev/console.
Previously, find(1) would abort when visiting such a file.
[Bug present since FINDUTILS_4_5_4-1.]
findutils-4.8.0 failed to build on some MacOS versions.
Fixed by a gnulib update. [#59972, #59991]
** Documentation Changes
The find.1 man page and the Texinfo manual now show environment variables
in a consistent style. [#59963]
Furthermore, both add the description of the -printf format directive '%B',
for a file's birth time, and its limitations. [#61327]
The description of the -delete action has been improved and aligned among
the manual page and the Texinfo documentation. [#61774]
Various other documentation fixes - syntax issues and typos.
[#61303, #60823, #61341]
The output of 'find --help' now reads better.
The HTML online manual is using the official GNU stylesheet again.
** Changes to the build process
The find version without FTS, oldfind, has been completely removed. It has
not been installed since 4.5.18 (2015), and was only still used in tests.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:16 +0000 (22:29 +0100)]
libusb: Update to version 1.0.25
- Update from 1.0.24 to 1.0.25
- Update of rootfile not required
- Changelog
2022-01-31: v1.0.25
* Linux: Fix regression with some particular devices
* Linux: Fix regression with libusb_handle_events_timeout_completed()
* Linux: Fix regression with cpu usage in libusb_bulk_transfer
* Darwin (macOS): Add support for detaching kernel drivers with authorization.
* Darwin (macOS): Do not drop partial data on timeout.
* Darwin (macOS): Silence pipe error in set_interface_alt_setting().
* Windows: Fix HID backend missing byte
* Windows: Fix segfault with libusbk driver
* Windows: Fix regression when using libusb0 driver
* Windows: Support LIBUSB_TRANSFER_ADD_ZERO_PACKET on winusb
* New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option
* Various other bug fixes and improvements
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Wed, 9 Feb 2022 21:29:27 +0000 (22:29 +0100)]
libxcrypt: Update to version 4.4.28
- Update from 4.4.26.to 4.4.28
- Update of rootfile not required
- Changelog - This is from the NEWS file in the source tarball. Since version 3.1.1 there
is no Changelog provided, only the NEWS file. For more details the instruction is to
look at the Git commit history
Version 4.4.28
* Add glibc-on-or1k (OpenRISC 1000) entry to libcrypt.minver.
This was added in GNU libc 2.35.
Version 4.4.27
* Limit the maximum amount of rbytes to 64 bytes (512 bits) for
yescrypt, gost-yescrypt, and scrypt. Also reflect this limit
in the documentation (issue #145).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Mon, 24 Jan 2022 16:16:42 +0000 (17:16 +0100)]
python3-yaml: Update to version 6.0 and python-3.10
- Update from 3.13 to 6.0
- Update of rootfile
- Changelog
6.0 (2021-10-13)
* https://github.com/yaml/pyyaml/pull/327 -- Change README format to Markdown
* https://github.com/yaml/pyyaml/pull/483 -- Add a test for YAML 1.1 types
* https://github.com/yaml/pyyaml/pull/497 -- fix float resolver to ignore `.` and `._`
* https://github.com/yaml/pyyaml/pull/550 -- drop Python 2.7
* https://github.com/yaml/pyyaml/pull/553 -- Fix spelling of “hexadecimal”
* https://github.com/yaml/pyyaml/pull/556 -- fix representation of Enum subclasses
* https://github.com/yaml/pyyaml/pull/557 -- fix libyaml extension compiler warnings
* https://github.com/yaml/pyyaml/pull/560 -- fix ResourceWarning on leaked file descriptors
* https://github.com/yaml/pyyaml/pull/561 -- always require `Loader` arg to `yaml.load()`
* https://github.com/yaml/pyyaml/pull/564 -- remove remaining direct distutils usage
5.4.1 (2021-01-20)
* https://github.com/yaml/pyyaml/pull/480 -- Fix stub compat with older pyyaml versions that may unwittingly load it
5.4 (2021-01-19)
* https://github.com/yaml/pyyaml/pull/407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
* https://github.com/yaml/pyyaml/pull/472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
* https://github.com/yaml/pyyaml/pull/441 -- Fix memory leak in implicit resolver setup
* https://github.com/yaml/pyyaml/pull/392 -- Fix py2 copy support for timezone objects
* https://github.com/yaml/pyyaml/pull/378 -- Fix compatibility with Jython
5.3.1 (2020-03-18)
* https://github.com/yaml/pyyaml/pull/386 -- Prevents arbitrary code execution during python/object/new constructor
5.3 (2020-01-06)
* https://github.com/yaml/pyyaml/pull/290 -- Use `is` instead of equality for comparing with `None`
* https://github.com/yaml/pyyaml/pull/270 -- Fix typos and stylistic nit
* https://github.com/yaml/pyyaml/pull/309 -- Fix up small typo
* https://github.com/yaml/pyyaml/pull/161 -- Fix handling of __slots__
* https://github.com/yaml/pyyaml/pull/358 -- Allow calling add_multi_constructor with None
* https://github.com/yaml/pyyaml/pull/285 -- Add use of safe_load() function in README
* https://github.com/yaml/pyyaml/pull/351 -- Fix reader for Unicode code points over 0xFFFF
* https://github.com/yaml/pyyaml/pull/360 -- Enable certain unicode tests when maxunicode not > 0xffff
* https://github.com/yaml/pyyaml/pull/359 -- Use full_load in yaml-highlight example
* https://github.com/yaml/pyyaml/pull/244 -- Document that PyYAML is implemented with Cython
* https://github.com/yaml/pyyaml/pull/329 -- Fix for Python 3.10
* https://github.com/yaml/pyyaml/pull/310 -- Increase size of index, line, and column fields
* https://github.com/yaml/pyyaml/pull/260 -- Remove some unused imports
* https://github.com/yaml/pyyaml/pull/163 -- Create timezone-aware datetimes when parsed as such
* https://github.com/yaml/pyyaml/pull/363 -- Add tests for timezone
5.2 (2019-12-02)
* Repair incompatibilities introduced with 5.1. The default Loader was changed,
but several methods like add_constructor still used the old default
https://github.com/yaml/pyyaml/pull/279 -- A more flexible fix for custom tag constructors
https://github.com/yaml/pyyaml/pull/287 -- Change default loader for yaml.add_constructor
https://github.com/yaml/pyyaml/pull/305 -- Change default loader for add_implicit_resolver, add_path_resolver
* Make FullLoader safer by removing python/object/apply from the default FullLoader
https://github.com/yaml/pyyaml/pull/347 -- Move constructor for object/apply to UnsafeConstructor
* Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff
https://github.com/yaml/pyyaml/pull/276 -- Fix logic for quoting special characters
* Other PRs:
https://github.com/yaml/pyyaml/pull/280 -- Update CHANGES for 5.1
5.1.2 (2019-07-30)
* Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+
5.1.1 (2019-06-05)
* Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b1
5.1 (2019-03-13)
* https://github.com/yaml/pyyaml/pull/35 -- Some modernization of the test running
* https://github.com/yaml/pyyaml/pull/42 -- Install tox in a virtualenv
* https://github.com/yaml/pyyaml/pull/45 -- Allow colon in a plain scalar in a flow context
* https://github.com/yaml/pyyaml/pull/48 -- Fix typos
* https://github.com/yaml/pyyaml/pull/55 -- Improve RepresenterError creation
* https://github.com/yaml/pyyaml/pull/59 -- Resolves #57, update readme issues link
* https://github.com/yaml/pyyaml/pull/60 -- Document and test Python 3.6 support
* https://github.com/yaml/pyyaml/pull/61 -- Use Travis CI built in pip cache support
* https://github.com/yaml/pyyaml/pull/62 -- Remove tox workaround for Travis CI
* https://github.com/yaml/pyyaml/pull/63 -- Adding support to Unicode characters over codepoint 0xffff
* https://github.com/yaml/pyyaml/pull/75 -- add 3.12 changelog
* https://github.com/yaml/pyyaml/pull/76 -- Fallback to Pure Python if Compilation fails
* https://github.com/yaml/pyyaml/pull/84 -- Drop unsupported Python 3.3
* https://github.com/yaml/pyyaml/pull/102 -- Include license file in the generated wheel package
* https://github.com/yaml/pyyaml/pull/105 -- Removed Python 2.6 & 3.3 support
* https://github.com/yaml/pyyaml/pull/111 -- Remove commented out Psyco code
* https://github.com/yaml/pyyaml/pull/129 -- Remove call to `ord` in lib3 emitter code
* https://github.com/yaml/pyyaml/pull/149 -- Test on Python 3.7-dev
* https://github.com/yaml/pyyaml/pull/158 -- Support escaped slash in double quotes "\/"
* https://github.com/yaml/pyyaml/pull/175 -- Updated link to pypi in release announcement
* https://github.com/yaml/pyyaml/pull/181 -- Import Hashable from collections.abc
* https://github.com/yaml/pyyaml/pull/194 -- Reverting https://github.com/yaml/pyyaml/pull/74
* https://github.com/yaml/pyyaml/pull/195 -- Build libyaml on travis
* https://github.com/yaml/pyyaml/pull/196 -- Force cython when building sdist
* https://github.com/yaml/pyyaml/pull/254 -- Allow to turn off sorting keys in Dumper (2)
* https://github.com/yaml/pyyaml/pull/256 -- Make default_flow_style=False
* https://github.com/yaml/pyyaml/pull/257 -- Deprecate yaml.load and add FullLoader and UnsafeLoader classes
* https://github.com/yaml/pyyaml/pull/261 -- Skip certain unicode tests when maxunicode not > 0xffff
* https://github.com/yaml/pyyaml/pull/263 -- Windows Appveyor build
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
--git a/config/rootfiles/packages/python3-yaml b/config/rootfiles/packages/python3-yaml
x 0870a2346..bd4009a08 100644
* https://github.com/yaml/pyyaml/pull/195 -- Build libyaml on travis
* https://github.com/yaml/pyyaml/pull/196 -- Force cython when building sdist
* https://github.com/yaml/pyyaml/pull/254 -- Allow to turn off sorting keys in Dumper (2)
* https://github.com/yaml/pyyaml/pull/256 -- Make default_flow_style=False
* https://github.com/yaml/pyyaml/pull/257 -- Deprecate yaml.load and add FullLoader and Uns
oader classes
* https://github.com/yaml/pyyaml/pull/261 -- Skip certain unicode tests when maxunicode not
xffff
* https://github.com/yaml/pyyaml/pull/263 -- Windows Appveyor build
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Mon, 24 Jan 2022 16:16:41 +0000 (17:16 +0100)]
python3-urllib3: Update to version 1.26.7 and python-3.10
- Update from 1.26.2 to 1.27.7
- Update of rootfile
- Changelog
1.26.7 (2021-09-22)
* Fixed a bug with HTTPS hostname verification involving IP addresses and lack
of SNI. (Issue #2400)
* Fixed a bug where IPv6 braces weren't stripped during certificate hostname
matching. (Issue #2240)
1.26.6 (2021-06-25)
* Deprecated the ``urllib3.contrib.ntlmpool`` module. urllib3 is not able to support
it properly due to `reasons listed in this issue <https://github.com/urllib3/urllib3/issues/2282>`_.
If you are a user of this module please leave a comment.
* Changed ``HTTPConnection.request_chunked()`` to not erroneously emit multiple
``Transfer-Encoding`` headers in the case that one is already specified.
* Fixed typo in deprecation message to recommend ``Retry.DEFAULT_ALLOWED_METHODS``.
1.26.5 (2021-05-26)
* Fixed deprecation warnings emitted in Python 3.10.
* Updated vendored ``six`` library to 1.16.0.
* Improved performance of URL parser when splitting
the authority component.
1.26.4 (2021-03-15)
* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``.
1.26.3 (2021-01-26)
* Fixed bytes and string comparison issue with headers (Pull #2141)
* Changed ``ProxySchemeUnknown`` error message to be
more actionable if the user supplies a proxy URL without
a scheme. (Pull #2107)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Mon, 24 Jan 2022 16:16:40 +0000 (17:16 +0100)]
python3-setuptools: Update to version 59.5.0 and python-3.10
- Update from 56.2.0 to 59.5.0
- Update of rootfile
- Changelog
v59.5.0
* #2914: Merge with pypa/distutils@8f2df0bf6.
v59.4.0
* #2893: Restore deprecated support for newlines in the Summary field.
v59.3.0
* #2902: Merge with pypa/distutils@85db7a41242.
* #2906: In ensure_local_distutils, re-use DistutilsMetaFinder to load the module. Avoids race conditions when _distutils_system_mod is employed.
v59.2.0
* #2875: Introduce changes from pypa/distutils@514e9d0, including support for overrides from Debian and pkgsrc, unlocking the possibility of making SETUPTOOLS_USE_DISTUTILS=local the default again.
v59.1.1
* #2885: Fixed errors when encountering LegacyVersions.
v59.1.0
* #2497: Update packaging to 21.2.
* #2877: Back out deprecation of setup_requires and replace instead by a deprecation of setuptools.installer and fetch_build_egg. Now setup_requires is still supported when installed as part of a PEP 517 build, but is deprecated when an unsatisfied requirement is encountered.
* #2879: Bump packaging to 21.2.
* #2867: PNG/ICO images replaced with SVG in the docs.
* #2867: Added support to SVG "favicons" via "in-tree" Sphinx extension.
v59.0.1
* #2880: Removed URL requirement for ``pytest-virtualenv`` in ``setup.cfg``.
PyPI rejects packages with dependencies external to itself.
Instead the test dependency was overwritten via ``tox.ini``
v59.0.0
* #2856: Support for custom commands that inherit directly from ``distutils`` is
**deprecated**. Users should extend classes provided by setuptools instead.
* #2870: Started failing on invalid inline description with line breaks :class:`ValueError` -- by :user:`webknjaz`
* #2698: Exposed exception classes from ``distutils.errors`` via ``setuptools.errors``.
* #2866: Incorporate changes from pypa/distutils@f1b0a2b.
* #2227: Added sphinx theme customisations to display the new logo in the sidebar and
use its colours as "accent" in the documentation -- by :user:`abravalheri`
* #2227: Added new setuptools logo, including editable files and artwork documentation
-- by :user:`abravalheri`
* #2698: Added mentions to ``setuptools.errors`` as a way of handling custom command
errors.
* #2698: Added instructions to migrate from ``distutils.commands`` and
``distutils.errors`` in the porting guide.
* #2871: Added a note to the docs that it is possible to install
``setup.py``-less projects in editable mode with :doc:`pip v21.1+
<pip:index>`, only having ``setup.cfg`` and ``pyproject.toml`` in
project root -- by :user:`webknjaz`
v58.5.3
* #2849: Add fallback for custom ``build_py`` commands inheriting directly from
:mod:`distutils`, while still handling ``include_package_data=True`` for
``sdist``.
v58.5.2
* #2847: Suppress 'setup.py install' warning under bdist_wheel.
v58.5.1
* #2846: Move PkgResourcesDeprecationWarning above implicitly-called function so that it's in the namespace when version warnings are generated in an environment that contains them.
v58.5.0
* #1461: Fix inconsistency with ``include_package_data`` and ``packages_data`` in sdist
by replacing the loop breaking mechanism between the ``sdist`` and
``egg_info`` commands -- by :user:`abravalheri`
v58.4.0
* #2497: Officially deprecated PEP 440 non-compliant versions.
* #2832: Removed the deprecated ``data_files`` option from the example in the
declarative configuration docs -- by :user:`abravalheri`
* #2832: Change type of ``data_files`` option from ``dict`` to ``section`` in
declarative configuration docs (to match previous example) -- by
:user:`abravalheri`
v58.3.0
* #917: ``setup.py install`` and ``easy_install`` commands are now officially deprecated. Use other standards-based installers (like pip) and builders (like build). Workloads reliant on this behavior should pin to this major version of Setuptools. See `Why you shouldn't invoke setup.py directly <https://blog.ganssle.io/articles/2021/10/setup-py-deprecated.html>`_ for more background.
* #1988: Deprecated the ``bdist_rpm`` command. Binary packages should be built as wheels instead.
-- by :user:`hugovk`
* #2785: Replace ``configparser``'s ``readfp`` with ``read_file``, deprecated since Python 3.2.
-- by :user:`hugovk`
* #2823: Officially deprecated support for ``setup_requires``. Users are encouraged instead to migrate to PEP 518 ``build-system.requires`` in ``pyproject.toml``. Users reliant on ``setup_requires`` should consider pinning to this major version to avoid disruption.
* #2762: Changed codecov.yml to configure the threshold to be lower
-- by :user:`tanvimoharir`
v58.2.0
* #2757: Add windows arm64 launchers for scripts generated by easy_install.
* #2800: Added ``--owner`` and ``--group`` options to the ``sdist`` command,
for specifying file ownership within the produced tarball (similarly
to the corresponding distutils ``sdist`` options).
* #2792: Document how the legacy and non-legacy versions are compared, and reference to the `PEP 440 <https://www.python.org/dev/peps/pep-0440/>`_ scheme.
v58.1.0
* #2796: Merge with pypa/distutils@02e9f65ab0
v58.0.4
* #2773: Retain case in setup.cfg during sdist.
v58.0.3
* #2777: Build does not fail fast when ``use_2to3`` is supplied but set to a false value.
v58.0.2
* #2769: Build now fails fast when ``use_2to3`` is supplied.
v58.0.1
* #2765: In Distribution.finalize_options, suppress known removed entry points to avoid issues with older Setuptools.
v58.0.0
* #2086: Removed support for 2to3 during builds. Projects should port to a unified codebase or pin to an older version of Setuptools using PEP 518 build-requires.
* #2746: add python_requires example
v57.5.0
* #2712: Added implicit globbing support for `[options.data_files]` values.
* #2737: fix various syntax and style errors in code snippets in docs
v57.4.0
* #2722: Added support for ``SETUPTOOLS_EXT_SUFFIX`` environment variable to override the suffix normally detected from the ``sysconfig`` module.
v57.3.0
* #2465: Documentation is now published using the Furo theme.
v57.2.0
* #2724: Added detection of Windows ARM64 build environments using the ``VSCMD_ARG_TGT_ARCH`` environment variable.
v57.1.0
* #2692: Globs are now sorted in 'license_files' restoring reproducibility by eliminating variance from disk order.
* #2714: Update to distutils at pypa/distutils@e2627b7.
* #2715: Removed reliance on deprecated ssl.match_hostname by removing the ssl support. Now any index operations rely on the native SSL implementation.
* #2604: Revamped the backward/cross tool compatibility section to remove
some confusion.
Add some examples and the version since when ``entry_points`` are
supported in declarative configuration.
Tried to make the reading flow a bit leaner, gather some information
that were a bit dispersed.
v57.0.0
* #2645: License files excluded via the ``MANIFEST.in`` but matched by either
the ``license_file`` (deprecated) or ``license_files`` options,
will be nevertheless included in the source distribution. - by :user:`cdce8p`
* #2628: Write long description in message payload of PKG-INFO file. - by :user:`cdce8p`
* #2645: Added ``License-File`` (multiple) to the output package metadata.
The field will contain the path of a license file, matched by the
``license_file`` (deprecated) and ``license_files`` options,
relative to ``.dist-info``. - by :user:`cdce8p`
* #2678: Moved Setuptools' own entry points into declarative config.
* #2680: Vendored `more_itertools <https://pypi.org/project/more-itertools>`_ for Setuptools.
* #2681: Setuptools own setup.py no longer declares setup_requires, but instead expects wheel to be installed as declared by pyproject.toml.
* #2650: Updated the docs build tooling to support the latest version of
Towncrier and show the previews of not-yet-released setuptools versions
in the changelog -- :user:`webknjaz`
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Mon, 24 Jan 2022 16:16:39 +0000 (17:16 +0100)]
python3-s3transfer: Update to version 0.5.0 and python-3.10
- Update from 0.3.3 to 0.5.0
- Update of rootfile
- Changelog
0.5.0
feature:Python: Dropped support for Python 2.7
0.4.2
enhancement:s3: Add support for ExpectedBucketOwner. Fixes #181.
0.4.1
enhancement:crt: Add set_exception to CRTTransferFuture to allow setting exceptions in subscribers.
0.4.0
feature:crt: Add optional AWS Common Runtime (CRT) support. The AWS CRT provides a C-based S3 transfer client that can improve transfer throughput.
0.3.7
bugfix:ReadFileChunk: Fix seek behavior in ReadFileChunk class
0.3.6
bugfix:packaging: Fix setup.py metadata for futures on Python 2.7
0.3.5
enhancement:s3: Block TransferManager methods for S3 Object Lambda resources
0.3.4
enhancement:s3: Add server side encryption context into allowed list
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Adolf Belka [Mon, 24 Jan 2022 16:16:38 +0000 (17:16 +0100)]
python3-rsa: Update to version 4.8 and python-3.10
- Update from 4.0 to 4.8
- Update of rootfile
- Changelog
- Switch to [Poetry](https://python-poetry.org/) for dependency and release management.
- Compatibility with Python 3.10.
- Chain exceptions using `raise new_exception from old_exception`
([#157](https://github.com/sybrenstuvel/python-rsa/pull/157))
- Added marker file for PEP 561. This will allow type checking tools in dependent projects
to use type annotations from Python-RSA
([#136](https://github.com/sybrenstuvel/python-rsa/pull/136)).
- Use the Chinese Remainder Theorem when decrypting with a private key. This
makes decryption 2-4x faster
([#163](https://github.com/sybrenstuvel/python-rsa/pull/163)).
- Fix picking/unpickling issue introduced in 4.7
([#173](https://github.com/sybrenstuvel/python-rsa/issues/173))
- Fix threading issue introduced in 4.7
([#173](https://github.com/sybrenstuvel/python-rsa/issues/173))
- Fix [#165](https://github.com/sybrenstuvel/python-rsa/issues/165):
CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption
code
- Add padding length check as described by PKCS#1 v1.5 (Fixes
[#164](https://github.com/sybrenstuvel/python-rsa/issues/164))
- Reuse of blinding factors to speed up blinding operations.
Fixes [#162](https://github.com/sybrenstuvel/python-rsa/issues/162).
- Declare & test support for Python 3.9
Version 4.4 and 4.6 are almost a re-tagged release of version 4.2. It requires
Python 3.5+. To avoid older Python installations from trying to upgrade to RSA
4.4, this is now made explicit in the `python_requires` argument in `setup.py`.
There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to
retag 4.4 as 4.6 as well.
No functional changes compared to version 4.2.
Version 4.3 and 4.5 are almost a re-tagged release of version 4.0. It is the
last to support Python 2.7. This is now made explicit in the `python_requires`
argument in `setup.py`. Python 3.4 is not supported by this release. There was a
mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.3 as
4.5 as well.
Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes.
- Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
- Reject cyphertexts (when decrypting) and signatures (when verifying) that have
been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks
Carnil for pointing this out.
- Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py
for dependency management. There apparently is an issue no-binary installs of
packages build with Poetry. This fixes
[#148](https://github.com/sybrenstuvel/python-rsa/issues/148)
- Limited SHA3 support to those Python versions (3.6+) that support it natively.
The third-party library that adds support for this to Python 3.5 is a binary
package, and thus breaks the pure-Python nature of Python-RSA.
This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147).
- Added support for Python 3.8.
- Dropped support for Python 2 and 3.4.
- Added type annotations to the source code. This will make Python-RSA easier to use in
your IDE, and allows better type checking.
- Added static type checking via [MyPy](http://mypy-lang.org/).
- Fix [#129](https://github.com/sybrenstuvel/python-rsa/issues/129) Installing from source
gives UnicodeDecodeError.
- Switched to using [Poetry](https://poetry.eustace.io/) for package
management.
- Added support for SHA3 hashing: SHA3-256, SHA3-384, SHA3-512. This
is natively supported by Python 3.6+ and supported via a third-party
library on Python 3.5.
- Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
- Reject cyphertexts (when decrypting) and signatures (when verifying) that have
been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks
Adelapie for pointing this out.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>