Adolf Belka [Mon, 26 Apr 2021 12:32:55 +0000 (14:32 +0200)]
libmicrohttpd: Update to 0.9.73
- Update from 0.9.71 to 0.9.73
- Update rootfile
- Changelog
Sun 25 Apr 2021 14:00:00 MSK
Releasing GNU libmicrohttpd 0.9.73. -EG
Sat 24 Apr 2021 23:00:00 MSK
Fixed build with Clang and Visual Studio.
MSVS project files updated.
Enabled bind port autodetection with MSVS builds. -EG
Fri 23 Apr 2021 14:27:00 MSK
Fixed build without TLS lib.
Fixed build without system poll() function.
Fixed compiler warnings on 32-bit platforms.
Fixed various compiler warnings. -EG
Thu 22 Apr 2021 12:32:00 MSK
Fixed some typos.
Force disable TCP_CORK, TCP_NOPUSH, and TCP_NODELAY before switching
connection to "upgraded" mode.
Improved portability of the test-suite for upgraded connections. -EG
Tue 20 Apr 2021 17:11:00 MSK
Disabled NLS by default in configure. -EG
Mon 19 Apr 2021 18:58:00 MSK
Fixed testzzuf/test_put_chanked to correctly use MHD.
Added internal error code for TLS errors.
Added all missing messages to the .pot file.
Detect more types of errors for receiving data and report
error description in the MHD log.
Added support for ALPN on TLS connections if supported by
used TLS library. -EG
Sun 18 Apr 2021 20:47:00 MSK
Removed dead code.
Limited iov-backed responses size to SSIZE_MAX as limited by
system calls.
Report error message in MHD log for send errors. -EG
Sat 17 Apr 2021 18:50:00 MSK
Unified upgrade test behavior for all platforms.
Some code simplification and unification.
Compiler warning (false positive) fixed. -EG
Fri 16 Apr 2021 17:58:00 MSK
Used run-time value if IOV_MAX if available.
Fixed portability of error handling for sending functions.
Detect pipes/unix sockets on fly and do not use TCP/IP specific
functions with them.
Fixed support of UNIX sockets on non-Linux kernels. -EG
Fri 16 Apr 2021 10:23:39 AM CEST
Detect if a socket is a UNIX domain socket and do not try to play
with TCP corking options in this case (avoids useless failed
syscalls). -CG
Thu 15 Apr 2021 18:56:00 MSK
Fixed configure '--enable-sanitizer' parameter.
Stopped pushing of partial responses when limited by system maximum size
for sendmsg(). -EG
Web 14 Apr 2021 22:20:00 MSK
Fixed: use sendmsg() in POSIX-compatible way, do not try to send more
than IOV_MAX elements per single call. -EG
Sun 11 Apr 2021 15:44:00 MSK
Updated test TLS certificates to not expired modern versions, restored
HTTPS examples compatibility with modern browsers.
TCP_NODELAY is not pre-enabled for HTTPS connection as it actually
does not speed-up TLS handshakes on moders OSes. -EG
Thu 01 Apr 2021 21:29:46 MSK
Fixed MD5 digest authorization broken when compiled without variable
length arrays support (notably with MSVC).
Fixed and muted compiler warning.
Deeper test with zzuf if configured with --enable-heavy-tests.
Removed run-check of assert() in configure to avoid core dumps. -EG
Thu 01 Apr 2021 17:46:00 MSK
Added new function MHD_run_wait() useful for single-threaded applications
without other network activity.
Added tests for the new function. -EG
Wed 17 Mar 2021 20:53:33 MSK
Re-factored startup log parameters processing. Warn user if wrong logger
could be used potentially.
Added headers doxy with information about minimal MHD version when
particular symbols were introduced.
Added new daemon option to indicate SIGPIPE handling by application for
daemons being run in application thread. -EG
Wed 24 Feb 2021 19:23:00 MSK
SIGPIPE-related macro minor refactoring for readability.
Added new response iov function (and related framework), based on the patch
provided by Lawrence Sebald and Damon N. Earp from NASA. -EG
Thu 04 Feb 2021 06:41:34 PM CET
Fix PostProcessor to always properly stop iteration when application callback
tells it to do so. -CG
Sun 24 Jan 2021 21:30:00 MSK
Added '--enable-heavy-tests' configure parameter.
Minor configure.ac and Makefiles fixes. -EG
Tue 19 Jan 2021 17:59:00 MSK
Fixed compatibility with autoconf. 2.70
Updated M4 macros. -EG
Wed 06 Jan 2021 08:39:58 PM CET
Return timeout of zero also for connections awaiting cleanup. -CG
Tue 29 Dec 2020 15:39:00 MSK
Improved speed of TLS handshake by pre-enabling TCP_NODELAY. -EG
Mon 28 Dec 2020 21:36:00 MSK
Releasing libmicrohttpd 0.9.72. -EG
Mon 28 Dec 2020 09:37:00 MSK
Completely reworked and rewritten TCP_CORK, TCP_NOPUSH, TCP_NODELAY and
MSG_MORE handling. Reduced number of sys-calls, fixed portability for
FreeBSD, OpenBSD, NetBSD, Darwin, W32, Solaris.
Removed usage of gnutls_record_cork() as it fully blocks stream until
final block is ready.
Fixed compatibility with C90 compilers.
Really started using sendmsg() for header + body combined single-call
response sending.
Fixed sending of response body by sendmsg() when it shouldn't be sent,
like responses for HEAD requests.
Improved error handling for gnutls_record_send().
Updated W32 resources for .DLLs.
Fixed building with various disabled features (like messages, HTTPS,
http-upgrade, authorization etc.)
Fixed possible SIGPIPE generation when sendfile() is used (it was always
possible on Linux that sendfile() produce SIGPIPE, now it's fixed).
Several compiler warnings muted and/or fixed in the lib code and in
the examples. -EG
Sun 01 Nov 2020 17:17:00 MSK
Fixed conflict with system CPU_COUNT macro.
Minor improvements of error reporting in MHD daemon.
Fixed FTBFS with GnuTLS versions before 3.1.9
Fixed test_add_conn for multi-CPU machines.
Fixed analyzer warnings.
Fixed use-after-free and resources leaks for upgraded connections
in TLS mode with thread-per-connection. -EG
Sun 25 Oct 2020 19:31:00 MSK
Fixed epoll mode without listening socket.
Minor improvements of thread sync.
Fixed broken sendfile on FreeBSD.
Fixed broken MHD with thread-pool and without listening socket.
Added four tests for MHD_add_connection().
Fixed several resources leaks in error handlers.
Re-implemented scheme of handling of externally added connections,
fixed thread-safety. -EG
Wed 21 Oct 2020 10:00:58 AM CEST
Corking should be OFF when sending the footer (#6610). -AP/CG
Wed 07 Oct 2020 11:07:00 MSK
W32 default target version changed to Vista, XP is still supported.
Minor fixes and additional asserts for memorypool.
IPv6 tests are not used if IPv6 is disabled at run-time. -EG
Sun 27 Sep 2020 10:08:03 PM CEST
Fixed incorrect triggering of epoll edge polling for
"upgraded" TLS connections. Fixed a few cases where
gnutls_record_uncork() return value was still ignored,
possibly causing buffer to not be flushed correctly. -CG
Sat 26 Sep 2020 08:18:02 PM CEST
Make MHD_USE_NO_LISTEN_SOCKET work in conjunction with
MHD internal threads. -CG/DE
Thu 24 Sep 2020 16:55:00 MSK
Fixed compiler warnings on W32.
Minor optimisation of MHD_YES/MHD_NO internal usage.
Refactor and cleanup of internal debugging macros.
Updated HTTP status codes, header names and methods from
the registries.
Fixed portability of test_upgrade_large.
Minor testsuite fixes.
Restored parallel build of libmicrohttpd (except tests). -EG
Fri 11 Sep 2020 10:08:22 PM CEST
Fix crash problem in PostProcessor reported by MD. -CG
Fix GnuTLS configure test to check for gnutls_record_uncork. -CG
Wed 19 Aug 2020 09:40:39 AM CEST
Add logic to check on MHD_pool_reallocate() failure reported on the
mailinglist (will NOT yet fix the issue). -CG
Sun 26 Jul 2020 01:56:54 PM CEST
Add MHD_create_response_from_pipe() to allow creating a response based
on data read from a pipe. -CG
Fri Jul 10 15:04:51 CEST 2020
Fixed Postprocessor URL-encoded parsing if '%' fell on boundary. -CG/MD
Thu 02 Jul 2020 09:56:23 PM CEST
Fixed return type of MHD_queue_basic_auth_fail_response. -CA/CG
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:32:31 +0000 (14:32 +0200)]
libgpg-error: Update to 1.42
- Update from 1.41 to 1.42
- Update rootfile
- Changelog
2021-03-22 Werner Koch <wk@gnupg.org>
core: Add GPG_ERR_SOURCE_TPM2D.
+ commit 200bf2ed9d610219cc0b12a91dedb3bfd52d36b7
* src/err-sources.h.in (GPG_ERR_SOURCE_TPM2D): New.
2021-03-05 Werner Koch <wk@gnupg.org>
w32: Allow Unicode paths for the gettext domain.
+ commit 618ce381f9d70f3a94e87f58f667a6138411018e
* src/w32-gettext.c: Remove remaining WindowsCE support
(load_domain): Use CreateFileW.
2021-03-04 Werner Koch <wk@gnupg.org>
w32: Minor cleanup of w32-gettext.
+ commit 3bf1de7b72be8e1d9fa78eb94730772d9cf61c44
* src/w32-gettext.c: Include gpgrt.h instead gpg-error.h.
(utf8_to_wchar): Use underscored function.
(_gpg_w32_textdomain): Ditto.
2021-02-18 NIIBE Yutaka <gniibe@fsij.org>
build: Support --disable-threads by gen-lock-obj.sh.
+ commit 1fb90a7da186ee2ee098a666f6f3a35bb1720e59
* configure.ac: Supply --disable-threads to gen-lock-obj.sh.
Tighten the condition of using gen-lock-obj.sh for GNU/Linux.
* src/gen-lock-obj.sh: Support --disable-threads.
2021-02-16 NIIBE Yutaka <gniibe@fsij.org>
build: Fix gpgrt-config.
+ commit ed3cd20de8d3eab92dd8fff02bcc214c55d08398
* src/gpgrt-config.in: Remove delimiter variable.
build: More fix for determining libdir for gpgrt-config.
+ commit 28a21addc2e30b0756cdc6774c79f69070df8829
* src/gpg-error.m4: Use CC -print-search-dirs for better support of
GNU style cross prefix.
2021-02-15 NIIBE Yutaka <gniibe@fsij.org>
build: Fix the previous change.
+ commit d7fd25bbfb83cd445bc81aa695b2c6127c22fa59
* src/gpg-error.m4: Fix test condition for GPGRT_CONFIG.
Fix behaviour when there is no GPG_ERROR_CONFIG.
2021-02-12 NIIBE Yutaka <gniibe@fsij.org>
build: Improve how to determine $libdir for gpgrt-config.
+ commit 3cabbad4eec0e5bc6bdaa9f8626578934138adee
* src/gpg-error.m4: Fix $gpgrt_libdir handling.
2021-02-09 NIIBE Yutaka <gniibe@fsij.org>
Support cross-compiling on more platforms.
+ commit 99ae862a96a569724f49a604ebb7d3f6d2c2d374
* src/gen-lock-obj.sh (ECHO_C, ECHO_N): Portability fix.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:32:18 +0000 (14:32 +0200)]
libexif: Update to 0.6.22
- Update from 0.6.21 (2012) to 0.6.22 (2020)
- Update rootfile
- Changelog
* New translations: ms
* Updated translations for most languages
* Fixed C89 compatibility
* Fixed warnings on recent versions of autoconf
* Some useful EXIF 2.3 tag added:
* EXIF_TAG_GAMMA
* EXIF_TAG_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE
* EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE
* EXIF_TAG_GPS_H_POSITIONING_ERROR
* EXIF_TAG_CAMERA_OWNER_NAME
* EXIF_TAG_BODY_SERIAL_NUMBER
* EXIF_TAG_LENS_SPECIFICATION
* EXIF_TAG_LENS_MAKE
* EXIF_TAG_LENS_MODEL
* EXIF_TAG_LENS_SERIAL_NUMBER
* Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others.
* CVE-2018-20030: Fix for recursion DoS
* CVE-2020-13114: Time consumption DoS when parsing canon array markers
* CVE-2020-13113: Potential use of uninitialized memory
* CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes
* CVE-2020-0093: read overflow
* CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs
* CVE-2020-12767: fixed division by zero
* CVE-2016-6328: fixed integer overflow when parsing maker notes
* CVE-2017-7544: fixed buffer overread
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:32:06 +0000 (14:32 +0200)]
libevent2: Update to 2.1.12
- Update from 2.1.11 to 2.1.12
- Update rootfile
- Changelog
Changes in version 2.1.12-stable (05 Jul 2020)
This release contains mostly bug fixes (I decided not to port some features
that can be ported even without ABI breakage, if you cannot find feature that
you are interested in, please give us a note!)
Since 2.1.12 libevent will use github actions as main CI, since
it recommends itself better then travis/appveyor (and had been removed from
upstream).
Look carefully at "slightly touches the behaviour" section.
Below you will find some of changes (this list has been cleaned up from the
patches that touches only tests and similar):
CI:
o Backport github actions to 2.1 (be3acd7c Azat Khuzhin)
o Merge branch 'event_rpcgen.py-cleanup' (f0ded5f3, 48e04887 Enji Cooper)
o Add API/ABI checker (using LVC) (709210d4, 2af1f6cc yuangongji)
test:
o tinytest: support timeout on Windows (794e8f75 yuangongji)
o Merge branch 'osx-clock' (e85afbe3 Azat Khuzhin)
o test-ratelim: calculate timers bias (for slow CPUs) to avoid false-positive (8ad26d0b Azat Khuzhin)
fixes:
o buffer: do not pass NULL to memcpy() from evbuffer_pullup() (5b063049 Azat Khuzhin)
o http: fix undefined-shift in EVUTIL_IS*_ helpers (6b8d02a7 Azat Khuzhin)
o Check error code of evhttp_add_header_internal() in evhttp_parse_query_impl() (97e28f09 Azat Khuzhin)
o http: fix EVHTTP_CON_AUTOFREE in case of timeout (and some else) (1be25938 Azat Khuzhin)
o evdns: Add additional validation for values of dns options (c2972453 ayuseleznev)
o There is typo in GetAdaptersAddresses windows library. It should be iphlpapi.dll (891adda9 Aleksandr-Melnikov)
o Merge branch 'EV_CLOSED-and-EV_ET-fixes' (db2efdf5 Azat Khuzhin)
o Fix memory corruption in EV_CLOSURE_EVENT_FINALIZE with debug enabled (8ccd8f56 Jan Kasiak)
o increase segment refcnt only if evbuffer_add_file_segment() succeeds (30662a3c yuangongji)
o evdns: fix a crash when evdns_base with waiting requests is freed (6f8e0e97 ayuseleznev)
o event_base_once: fix potential null pointer threat (2e9ceb16 chenguolong)
o http: do not assume body for CONNECT (1b42270b Azat Khuzhin)
o evbuffer_add_file: fix freeing of segment in the error path (5f017bde Azat Khuzhin)
o Fix checking return value of the evdns_base_resolv_conf_parse() (fc51bf2c Azat Khuzhin)
o Merge branch 'fix-signal-leak' (poll/select now needs reinit) (1c9cc07b Azat Khuzhin)
improvements:
o evutil_time: improve evutil_gettimeofday on Windows (a8219143 Nick Grifka)
o Support EV_CLOSED on linux for poll(2) (2530e7c6 Azat Khuzhin)
o Parse IPv6 scope IDs. (f602211f Philip Homburg)
o evutil_time: Implements usleep() using wait funtion on Windows (d42240d1 yuangongji)
o evutil_time: detect and use _gmtime64_s()/_gmtime64() (f4a6152c yuangongji)
slightly touches the behaviour:
o bufferevent: allow setting priority on socket and openssl type (4dd3acdd Nicolas J. Bouliane)
o Fix EV_CLOSED detection/reporting (epoll only) (1df324d4 Azat Khuzhin) (XXX)
o Revert "Warn if forked from the event loop during event_reinit()" (71f5c0d3 Azat Khuzhin)
samples:
o https-client: load certificates from the system cert store on Windows (e9478640 yuangongji)
build fixes:
o Do not use sysctl.h on linux (it had been deprecated) (d2871a37 Azat Khuzhin)
o cmake: avoid problems from use of CMAKE_USE_PTHREADS_INIT (a62ec765 Paul Osborne)
o Update list of cmake files for autotools dist archive (2016f017 Azat Khuzhin)
o LibeventConfig.cmake: restore CMAKE_FIND_LIBRARY_SUFFIXES and LIBEVENT_STATIC_LINK default (640f9cf6 Mario Emmenlauer)
o cmake: fix getaddrinfo checking error (dea51c2e yuangongji)
o autoconf: fix getaddrinfo checking errors on mingw (b9bf7fa7 yuangongji)
o Do not use shared global structures on CYGWIN (8a9b5655 Azat Khuzhin)
o Added uninstall target check to cmakelists (3f1fb1f9 Dimo Markov)
o Fix compilation without OPENSSL_API_COMPAT (921bdcdd Azat Khuzhin)
o cmake: improve package config file (1c047618, baec84f2 yuangongji)
o Link with iphlpapi only on windows (976f7d34 Azat Khuzhin)
o autotools: fails build when need but can not find openssl (93174bb5 yuangongji)
o Merge branch 'http-connect' (e2424229 Azat Khuzhin)
o Fix compat with NetBSD >= 10 (5febb4e1 Kamil Rytarowski)
o cmake: fix getrandom() detection (e0e5f3bd Azat Khuzhin)
o arc4random: replace sysctl() with getrandom (on linux) (66ec78fd Azat Khuzhin)
o Upgrade autoconf (after upgrading minimum required to 2.67) (45da7d9d yuangongji)
o eliminate some C4267 warnings in Windows (9e468c77 yuangongji)
o autotools: attach doxygen target into all target (5d1e8570 yuangongji)
o cmake: attach doxygen target into all target (7a85300a yuangongji)
o Change the minimum version of automake to 1.13 and autoconf to 2.67 (fdb8fb66 ygj6)
o Add Uninstall.cmake.in into dist archive (877f2355 Azat Khuzhin)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 20190324-3.1 to 20210419-3.1
- Update rootfile
- Changelog - note source tarbal version uses date not the version-info
in the changelog file
2021-04-19 Jess Thrysoee
* version-info: 0:65:0
* all: sync with upstream source
* src/getline.c,src/sys.h: Provide getline.c implementation if not available
Patch by Claes Nästén
* src/makelist: Use Posix locale; mainly to get ASCII character classes in e.g. `tr`
Patch by Claes Nästén
* examples/test_filecompletion.c, examples/wtc1.c: err.h not supported by
Solaris
2021-02-16 Jess Thrysoee
* version-info: 0:64:0
* all: sync with upstream source
2019-12-31 Jess Thrysoee
* version-info: 0:63:0
* configure.ac: Support -ltinfo as split in newer ncurses
The newer versions of ncurses support building terminfo routines as a split -ltinfo library.
Patch by Michał Górny
2019-12-11 Jess Thrysoee
* version-info: 0:62:0
* all: sync with upstream source
2019-10-25 Jess Thrysoee
* version-info: 0:61:0
* all: sync with upstream source
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:31:35 +0000 (14:31 +0200)]
libdvbpsi: Update to 1.3.3
- Update from 1.2.0 to 1.3.3
- Update rootfile
- Ran find-dependencies - nothing found
- Changelog
Changes between 1.3.2 and 1.3.3:
* Fix regression in dvbpsi_decoder_psi_section_add() set i_last_section_number
Changes between 1.3.1 and 1.3.2:
* Fix bug in dvbpsi_decoder_psi_section_add() set i_last_section_number
* Fix bug in descriptor 0x8a that prevented it from being parsed properly
* Fix bug in descriptor 0x56 generation with multiple teletext page entries
* Fix bug in descriptor 0x41 correct maximum service count
Changes between 1.3.0 and 1.3.1:
* Fix bugs in table: EIT
* Fix test_dr
Changes between 1.2.0 and 1.3.0:
* New descriptor:
- 0x10 Smoothing Buffer
- 0x11 STD descriptor
- 0x12 IBP descriptor
- 0x1b MPEG-4 video descriptor
- 0x1c MPEG-4 audio descriptor
* Fix bugs in descriptor: 0x02, 0x0a, 0x45, 0x48, 0x50, 0x56, 0x7c
* Fix bugs in table: EIT, NIT
* Fix bugs in demux.c
* Build with mingw32
* Generate descriptors: 0x83, 0xa1
* Documentation fixes:
- tables: NIT
- descriptors: 0xa1
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:31:18 +0000 (14:31 +0200)]
libcap-ng: Update to 0.8.2
- Update from 0.7.9 to 0.8.2
- Update rootfile
- Changelog
0.8.2
- In capng_apply, if we blew up in bounding set, allow setting capabilities
- If PR_CAP_AMBIENT is not available, do not build libdrop_ambient
- Improve last_cap check
0.8.1
- If procfs is not available, leave last_cap as CAP_LAST_CAP
- If bounding and ambient not found in status, try prctl method
- In capng_apply, move ambient caps to the end of the transaction
- In capng_apply, return errors more aggressively.
- In capng_apply, if the action includes the bounding set,resync with the kernel
- Fix signed/unsigned warning in cap-ng.c
- In capng_apply, return a unique error code to diagnose any failure
- In capng_have_capability, return 0 for failure
- Add the libdrop_ambient admin tool
0.8
- Add vararg support to python bindings for capng_updatev
- Add support for ambient capabilities
- Add support for V3 filesystem capabilities
0.7.11
- Really clear bounding set if asked in capng_change_id
- Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE
- Avoid malloc/free in capng_apply (Natanael Copa)
- If procfs is not available, get bounding set via prctl
- Cleanup some compiler warnings
0.7.10
- Update capng_change_id man page
- Add capng_have_permitted_capabilities function
- Update filecap to output which set the capabilities are in
- Fix filecap to not output an error when a file has no capabilities
- Add udplite support to netcap
- Fix usage of pthread_atfork (Joe Orton)
- Mark processes in child user namespaces with * (Danila Kiver)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 26 Apr 2021 12:31:03 +0000 (14:31 +0200)]
libarchive: Update to 3.5.1
- Update from 3.4.0 to 3.5.1
- Update rootfile
- Changelog
Libarchive 3.5.1 Released: Dec 26, 2020
Important bugfixes
various compilation fixes
fixed undefined behavior in a function in warc reader
Windows binary uses xz 5.2.5
Libarchive 3.5.0 Released: Dec 1, 2020
New features
mtree digest reader support
completed support for UTF-8 encoding conversion
minor API enhancements
support for system extended attributes
support for decompression of symbolic links in zipx archives
Important bugfixes
fixed extraction of archives with hard links pointing to itself
fixed writing of cpio archives containing hardlinks without file type
fixed rdev field in cpio format for device nodes
fixed uninitialized size in rar5_read_data
fixed memory leaks in error case of archive_write_open() functions
Libarchive 3.4.3 Released: May 20, 2020
New features
support for pzstd compressed files
support for RHT.security.selinux tar extended attribute
Important bugfixes
various zstd fixes and improvements child process
handling fixes
Libarchive 3.4.2 Released: Feb 11, 2020
New features
Atomic file extraction support (bsdtar -x --safe-writes)
mbed TLS (PolarSSL) support
Important bugfixes
security fixes in RAR5 reader
compression buffer fix in XAR writer
fix for uname and gname longer than 32 characters in PAX writer
fix segfault when archiving hard links in ISO9660 and XAR writers
fix support for extracting 7z archive entries with Delta filter
Libarchive 3.4.1 Released: Dec 30, 2019
New features
Unicode filename support for reading lha/lzh archives
New pax write option "xattrhdr"
Important bugfixes
security fixes in wide string processing
security fixes in RAR5 reader
security fixes and optimizations to write filter logic
security fix related to use of readlink(2)
sparse file handling fixes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 Apr 2021 11:24:11 +0000 (13:24 +0200)]
lua: Update to 5.4.3
- v2 patch version has required libraries not commented
- v2 patch version has lua.pc file commented out in the rootfile
pkgconfig file is only required for build or development and not
for normal running of IPFire
- v2 patch version has make linux changed to make all
INSTALL_TOP is required - default is /usr/local
INSTALL_DATA is required - default results in an empty rootfile
TO_LIB is required - default results in only lua.a in rootfile
- v2 patch version includes PAK_VER updates for dnsdist and haproxy due to
sobump. These packages showed up as dependencies to the old lua library
ncat was also linked but already had a PAK_VER change due to a package
upgrade and so no longer showed up in the find-dependencies scan
- Update from 5.3.5 to 5.4.3
- Autotoolize patch not update since 5.3 series
Based on input from Michael Tremer implemented build approach
from BLFS. This approach also used by Arch Linux. Updated lfs in
line with approach. Added pkgconfig file lua.pc as used in BLFS.
- Update of shared_library patch obtained from BLFS
- Update of rootfile
- Removal of old lua-5.3.5 patches
- Changelog
Main changes
new generational mode for garbage collection
to-be-closed variables
const variables
userdata can have multiple user values
new implementation for math.random
warning system
debug information about function arguments and returns
new semantics for the integer 'for' loop
optional 'init' argument to 'string.gmatch'
new functions 'lua_resetthread' and 'coroutine.close'
string-to-number coercions moved to the string library
allocation function allowed to fail when shrinking a memory block
new format '%p' in 'string.format'
utf8 library accepts codepoints up to 2^31
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Apr 2021 20:04:39 +0000 (22:04 +0200)]
libupnp: Update to 1.14.6
- Update from 1.14.5 to 1.14.6
- Update of rootfile
- Changelog
2021-04-19 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
Fix for a DNS Rebind exploit. A special thanks for the collaboration
of the following people:
- Alaric Senat
- Fabrice Fontaine
- Gabriel Corona
- Ian Whyman
- Jean-Francois Dockes
- Marvin Scholz
- Werner Mahr
2021-04-06 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
Fix for Github #250:
When upnp uses ixml to parse SOAP messages which contains too many
node, services are unavailable.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Apr 2021 20:04:27 +0000 (22:04 +0200)]
libtiff: Update to 4.3.0
- Update from 4.1.0 to 4.3.0
- Update of rootfile
- Changelog is too large to include here
Full details can be found in ChangeLog file in source tarball
49 bug fixes implemented between 4.1.0 and 4.3.0
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 25 Apr 2021 20:04:07 +0000 (22:04 +0200)]
libjpeg: Update to 2.1.0
- Update from 2.0.4 to 2.1.0
- Update rootfile
- Changelog is too large to include here
Full details can be found in ChangeLog.md file in source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 24 Apr 2021 11:23:24 +0000 (13:23 +0200)]
libid3tag: Correction - comment out libid3tag.pc file in rootfile
- In previous patch libid3tag.pc file was left uncommented in the rootfile
The pkg-config files are only required during the build or for
development not for the normal operation of IPFire
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 Apr 2021 18:22:16 +0000 (20:22 +0200)]
sqlite: Update to 3.35.5
- Update from 3.35.4 to 3.35.5
- Update of rootfile not required
- Changelog
Fix defects in the new ALTER TABLE DROP COLUMN feature that could
corrupt the database file.
Fix an obscure query optimizer problem that might cause an incorrect
query result.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 Apr 2021 18:22:03 +0000 (20:22 +0200)]
samba: Update to 4.14.3
- Update from 4.13.7 to 4.14.3
Change to Samba 4.14 release series
4.13 is now in maintenance mode
4.14 is now the current stable release series
- Update of x86_64 rootfile
- Checked library changes with find-dependencies
No linked programs found
- Changelog
o Trever L. Adams <trever.adams@gmail.com>
* BUG 14671: s3:modules:vfs_virusfilter: Recent New_VFS changes break
vfs_virusfilter_openat.
o Andrew Bartlett <abartlet@samba.org>
* BUG 14586: build: Notice if flex is missing at configure time.
o Ralph Boehme <slow@samba.org>
* BUG 14672: Fix smbd panic when two clients open same file.
* BUG 14675: Fix memory leak in the RPC server.
* BUG 14679: s3: smbd: fix deferred renames.
o Samuel Cabrero <scabrero@samba.org>
* BUG 14675: s3-iremotewinspool: Set the per-request memory context.
o Volker Lendecke <vl@samba.org>
* BUG 14675: Fix memory leak in the RPC server.
o Stefan Metzmacher <metze@samba.org>
* BUG 11899: third_party: Update socket_wrapper to version 1.3.2.
* BUG 14640: third_party: Update socket_wrapper to version 1.3.3.
o David Mulder <dmulder@suse.com>
* BUG 14665: samba-gpupdate: Test that sysvol paths download in
case-insensitive way.
o Sachin Prabhu <sprabhu@redhat.com>
* BUG 14662: smbd: Ensure errno is preserved across fsp destructor.
o Christof Schmitt <cs@samba.org>
* BUG 14663: idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
conflict.
o Martin Schwenke <martin@meltin.net>
* BUG 14288: build: Only add -Wl,--as-needed when supported.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 Apr 2021 18:21:49 +0000 (20:21 +0200)]
mtools: Update to 4.0.27
- Update from 3.9.10 (2007) to 4.0.27 (2021)
- Update of rootfile
- Changelog is too large to put here
Full details can be found in the changelog file in the debian
subdirectory of the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 Apr 2021 18:21:37 +0000 (20:21 +0200)]
libgcrypt: Update to 1.9.3
- Update from 1.9.2 to 1.9.3
- Update of rootfile
- Changelog is too long to put here.
Full details can be found in the ChangeLog file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 22 Apr 2021 18:21:22 +0000 (20:21 +0200)]
less: Update to version 581
- Update from 563 to 581
- Update of rootfile not required
- Changelog
Change ESC-u command to toggle, not disable, highlighting per man page.
Add ESC-U command.
Add ctrl-W search modifier for wrapping search.
F command can be interrupted by ^X.
Support OSC 8 hyperlinks when -R is in effect.
g command with no number will ignore -j and put first line at top of screen.
Multiple + or -p command line options are handled better.
Add the --incsearch option.
Add the --line-num-width option.
Add the --status-col-width option.
Add the --use-color and --color options.
Display -w highlight even if highlighted line is empty.
If search result is in a long line, scroll to ensure it is visible.
Editing the same file under different names now creates only one entry in the file list.
Make visual bell more visible on some terminals.
Ring end-of-file bell no more than once per second.
Build can use either Python or Perl for Makefile.aut operations.
Fix crash when using the @ search modifier.
Fix crash in the 's' command due to duplicate free.
Fix realpath crash on Darwin.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:58:53 +0000 (22:58 +0200)]
pixman: Update to 0.40.0
- Update from 0.34.0 to 0.40.0
- Update of rootfile
- Changelog
The ChangeLog and NEWS files in the source tarball are empty
The only info on the changes is the git repository.
https://cgit.freedesktop.org/pixman/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:58:40 +0000 (22:58 +0200)]
openssh: Update to 8.6p1
- Update from 8.5p1 to 8.6p1
- Update of rootfile not needed
- Changelog
Future deprecation notice
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.
In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
OpenSSH will disable this signature scheme by default in the near
future.
Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.
This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs that is still
enabled by default.
The better alternatives include:
* The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
algorithms have the advantage of using the same key type as
"ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
supported since OpenSSH 7.2 and are already used by default if the
client and server support them.
* The RFC8709 ssh-ed25519 signature algorithm. It has been supported
in OpenSSH since release 6.5.
* The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
have been supported by OpenSSH since release 5.7.
To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.
OpenSSH recently enabled the UpdateHostKeys option by default to assist
the client by automatically migrating to better algorithms.
[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
Security
* sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
option was enabled with a set of patterns that activated logging
in code that runs in the low-privilege sandboxed sshd process, the
log messages were constructed in such a way that printf(3) format
strings could effectively be specified the low-privilege code.
An attacker who had sucessfully exploited the low-privilege
process could use this to escape OpenSSH's sandboxing and attack
the high-privilege process. Exploitation of this weakness is
highly unlikely in practice as the LogVerbose option is not
enabled by default and is typically only used for debugging. No
vulnerabilities in the low-privilege process are currently known
to exist.
Thanks to Ilja Van Sprundel for reporting this bug.
Changes since OpenSSH 8.5
This release contains mostly bug fixes.
New features
* sftp-server(8): add a new limits@openssh.com protocol extension
that allows a client to discover various server limits, including
maximum packet size and maximum read/write length.
* sftp(1): use the new limits@openssh.com extension (when available)
to select better transfer lengths in the client.
* sshd(8): Add ModuliFile keyword to sshd_config to specify the
location of the "moduli" file containing the groups for DH-GEX.
* unit tests: Add a TEST_SSH_ELAPSED_TIMES environment variable to
enable printing of the elapsed time in seconds of each test.
Bugfixes
* ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in
manual pages with the current default. GHPR174
* ssh(1): ensure that pkcs11_del_provider() is called before exit.
GHPR234
* ssh(1), sshd(8): fix problems in string->argv conversion. Multiple
backslashes were not being dequoted correctly and quoted space in
the middle of a string was being incorrectly split. GHPR223
* ssh(1): return non-zero exit status when killed by signal; bz#3281
* sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum
packet size. Also handle zero-length reads that are not explicitly
banned by the spec.
Portability
* sshd(8): don't mistakenly exit on transient read errors on the
network socket (e.g. EINTR, EAGAIN); bz3297
* Create a dedicated contrib/gnome-ssk-askpass3.c source instead of
building it from the same file as used for GNOME2. Use the GNOME3
gdk_seat_grab() to manage keyboard/mouse/server grabs for better
compatibility with Wayland.
* Fix portability build errors bz3293 bz3292 bz3291 bz3278
* sshd(8): soft-disallow the fstatat64 syscall in the Linux
seccomp-bpf sandbox. bz3276
* unit tests: enable autoopt and misc unit tests that were
previously skipped
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:58:17 +0000 (22:58 +0200)]
nmap: Update to 7.91
- Update from 7.80 to 7.91
- Update of rootfile
- Changelog is too long to include here
Full details can be found in the CHANGELOG file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:58:16 +0000 (22:58 +0200)]
ncat: Update to 7.91
- Update from 7.80 to 7.91
- Update of rootfile
- Changelog is too long to include here
Full details can be found in the CHANGELOG file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:57:59 +0000 (22:57 +0200)]
fuse: Update to 3.10.3
- Update from 3.10.1 to 3.10.3
- Update of rootfile
- Changelog
libfuse 3.10.3 (2021-04-12)
* Fix returning d_ino and d_type from readdir(3) in non-plus mode
libfuse 3.10.2 (2021-02-05)
* Allow "nonempty" as a mount option, for backwards compatibility with fusermount 2. The
option has no effect since mounting over non-empty directories is allowed by default.
* Fix returning inode numbers from readdir() in offset==0 mode.
* FUSE filesystems can now be mounted underneath EXFAT mountpoints.
* Various minor bugfixes.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:57:45 +0000 (22:57 +0200)]
Digest: Update to 1.19
- Update from 1.08 to 1.19
- Update of rootfile
- Changelog
1.19 Tue 2020-10-13
- Merge blead change: Remove . from @INC when loading optional modules.
1.18 Tue 2020-10-13
- Correct documentation for add_bits
- Explain $args,... in constructor prototypes
- Add base64_padded_digest method
- Add support for the SHA3 digests
- Update .gitignore and get make manifest working
- Github CI
- Move Digest to a more modern directory tree layout
- Enable strict/warnings for code and tests
- Drop use vars
- Provide a consistent tidy to the code base
- Get rid of the use of bareword file handles
- Modernize the changelog
- Use File::Temp for temporary test files
1.17 Sun 2011-10-02
- Less noisy 'git status' output - Gisle Aas
- Merge pull request #1 from schwern/bug/require_eval - Gisle Aas
- Don't clobber $@ in Digest->new [RT#50663] - Gisle Aas
- More meta info added to Makefile.PL - Gisle Aas
- Fix typo in RIPEMD160 [RT#50629] - Gisle Aas
- Add schwern's test files - Gisle Aas
- Turn on strict. - Michael G. Schwern
- Convert tests to use Test::More - Michael G. Schwern
- Untabify - Michael G. Schwern
- Turn Digest::Dummy into a real file which exercises the Digest->new() require logic. - Michael G. Schwern
- Close the eval "require $module" security hole in Digest->new($algorithm) - Michael G. Schwern
1.16 Tue 2009-06-09
- For SHA-1 try Digest::SHA before tryign Digest::SHA1 as suggested by Adam Trickett - Gisle Aas
- Support Digest->new("RIPEMD-160") as suggested by Zefram - Gisle Aas
- Use 3-arg open for fewer surprises - Gisle Aas
- Sync up with EBCDIC changes from core perl - Jarkko Hietaniemi
1.15 Mon 2006-03-20
- Improved documentation.
1.14 Sat 2005-11-26
- Documentation tweaks.
1.13 Tue 2005-10-18
- Fixed documentation typo.
1.12 Thu 2005-09-29
- Fix documentation typo. Patch by <steve@fisharerojo.org>.
1.11 Sun 2005-09-11
- Make Digest->new("SHA-224") work. Patch by Mark Shelor <shelor@cpan.org>.
1.10 Mon 2004-11-08
- Added Digest::file module which provide convenience functions that calculate digests of files.
1.09 Fri 2004-11-05
- Fix trivial documentation typo.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:56:42 +0000 (22:56 +0200)]
curl: Update to 7.76.1
- Update from 7.75.0 to 7.76.1
- Update of rootfile
- Changelog is too large to include here.
Full details can be found in the CHANGES file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:56:27 +0000 (22:56 +0200)]
Crypt-PasswdMD5: Update to 1.41
- Update from 1.3 to 1.41
- Update of rootfile not needed
- Changelog
1.41 2021-02-01T15:56:00
- Adopt new repo structure. See
http://savage.net.au/Ron/html/My.Workflow.for.Building.Distros.html.
- Reformat Makefile.PL.
- Add t/00.*.
- Update POD to change RT to github.
1.40 2013-09-30T15:32:00
- No code changes.
- Maintenance by Ron Savage <rsavage@cpan.org>.
- Fabricate some version #s for this file.
- Made Passwd.pm utf-8 so we can use Luis' proper name.
- Clean up code formatting.
- Clean up Makefile.PL.
- Use fake (ASCII) ñ in Makefile.PL to keep Solaris happy. See RT#68478.
- Clean up README.
- Add Build.PL.
- Add Changes and Changelog.ini.
- Add META.*.
- Adopt Test::More in t/basic.t.
- Adopt 'use strict' and 'use warnings' to PasswdMD5.pm and t/basic.t.
- Accept patch for new function random_md5_salt(), and tests, from kbrint@rufus.net.
With thanx. See RT#37036.
- Add xt/author/pod.t.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:56:07 +0000 (22:56 +0200)]
Canary-Stability: Needed for building Convert-UUlib since version 1.5
- Install Canary-Stability-2013
Required to build Convert-UUlib since version 1.5 (2015)
- Create rootfile
- Canary::Stability - canary to check perl compatibility for schmorp's
modules
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:56:06 +0000 (22:56 +0200)]
Convert-UUlib: Update to 1.8
- Update from 1.06 to 1.8
- Update of rootfiles
- Changelog
1.8 Thu Dec 17 02:23:53 CET 2020
- no bugfixes in this release due to lack of known bugs, but the major changes
in this release might have introduced new bugs, so watch out.
- update large decoder example to disable OPT_AUTOCHK and use Smerge -1.
- some micro-optimisations.
- avoid costly string comparisons by comparing hashes when isnerting items,
which speeds up insertion by a constant factor.
- improve uulist (and other) structure layout and size.
- reverse the order of file list items, which heuristically improves
match speed with large usenet file lists.
- use getc instead of fgetc, which makes no difference on gnu/linux.
- clean up _FP symbol names toi not start with an underscore.
- use feof_unlocked and ferror_unlocked.
- implement a faster ascii-only strnicmp.
- misc very minor code improvements.
- remove quite a bit of pre-posix/dos/etc. cruft.
- use flockfile, if available, for a potential but small
speed gain.
- speed up inner yenc decoder loop.
- kentnl said that this module should no longer claim to be a simple
interface to uulib, as the bunndled copy is now better maintained
than the original upstream library.
1.71 Tue Mar 17 00:54:06 CET 2020
- backport to c89 (patch by Paul Howarth).
1.7 Sat Feb 29 22:07:54 CET 2020
- new function: GetFileList.
- experimental perlmulticore support (see manpage).
- Initialize is now a NOP and CleanUp automatically initializes again.
- updated example decoder and documentation a bit.
- include ecb.h to deal with compiler builtins and endianness.
- some further µ-optimisations in hot code, especially for yEnc.
- replace crc32 function by slice-by-16 version by Stephan Brumme,
which should speed up yEnc en-/decoding.
- yEnc: do not calculate two crcs per part, instead, combine
the part crcs together to form the file crc.
- yEnc: allow pcrc= in addition to pcrc32= for yenc trailers, as
some draft mentions both and it is actually in active use.
- yEnc: ignore crc32= on multiparts, except on the last part,
which avoids spurious corruption warnings.
- be more precise in documenting code licenses in COPYING.
- convert constant creation to the method I normally use.
- use common::sense.
1.62 Mon Feb 17 23:19:42 CET 2020
- major performance improvement by simplifying code in _FP_gets
to not use fscanf. This might slow things down on platforms
with very slow fgetc.
1.61 Sun Feb 9 18:38:29 CET 2020
- lint uulib: fix some format string type mismatches
and some other minor issues.
1.6 Thu Oct 24 17:11:54 CEST 2019
- fix heap overflow (testcase by Noel Duffy, reported
by Robert Scheck). The defense-in-depth mechanism based
on mmap should make this unexploitable for other than denial
of service, on systems supporting mmap/mprotect.
1.5 Sat Jul 11 03:56:06 CEST 2015
- fix a heap overflow (testcase by Krzysztof Wojtaś).
- on systems that support it (posix + mmap + map_anonymous),
allocate all dynamic areas via mmap and put four guard
pages around them, to catch similar heap overflows
safely in the future.
- find a safer way to pass in CC/CFLAGS to uulib.
- added stability canary support.
1.4 Sun May 29 17:17:01 CEST 2011
- avoid a classical buffer overflow in case a progress
message is too long.
- this release adds dependencies for snprintf/vsnprintf.
- some uuencode encoders do not generate a final "space" line
before the "end" marker, so do not rely on the line to be there.
1.34 Tue Dec 14 22:20:00 CET 2010
- fix a one-byte-past-end-write buffer overflow in UURepairData
(reported, analysed and testcase provided by Marco Walther).
- quoted-printable decoding was completely broken, try a fix.
1.33 Wed Oct 28 09:04:38 CET 2009
- handle yEnc files with part end=0 and total= more gracefully.
I wish yEnc had been created by somebody who knows;
what he does;
but I doubt he even knows;
what he did.
1.32 Wed Sep 16 20:07:13 CEST 2009
- Due to a glitch with CVS, configure lacked executable bits.
(Quickly reported by Anton Berezin).
1.31 Wed Sep 16 09:04:30 CEST 2009
- do not use system-replacements for case-insensitive string
functions when found, as they are broken on too many systems
(mostly bsds, as usual, but at least some versions of GNU/Linux
disagree with themselves apparently). Analyzed by Anton Berezin.
1.3 Sat Aug 29 01:24:35 CEST 2009
- major changes, new bugs and changes in decoding behaviour are
expected (but not intended).
- major scanning and decoding speed-up (by a factor of 4),
by replacing ultra-slow _FP_gets and improving IsKnownHeader
(but fgets is *still* responsible for >50% if the time).
- new option OPT_AUTOCHECK to disable O(n) UUCheckGlobalList
call after every loadfile, majorly speeds up large decodes
(easily by a factor of 10..100).
- allow "Smerge -1" to call UUCheckGlobalList.
- majorly speed up part insertion (still O(n), but much faster).
- allow for 1023 octet headers instead of the standard
255 octet ones.
- support strcasestr, strcasecmp, strncasecmp for added speed.
1.12 Mon Oct 13 14:11:01 CEST 2008
- use the yencode filesize as additional matching criterium
to avoid false matches.
- made the example decoder more verbose w.r.t. error handling.
- removed potentially confusing decode_temp calls from
example decoder.
1.11 Fri Jun 13 15:32:30 CEST 2008
- don't ask.
1.10 Fri Jun 13 14:22:42 CEST 2008
- fix an infinite-looping problem when scanning in freestyle
mode (testcase provided by Pieter Geens and Reinhard Pfau).
1.09 Fri May 25 19:38:11 CEST 2007
- create something sensible, trust a windows program to fuck
it up: work around literal "(null)" filenames in yenc-encoded
files.
- some minor cleanups.
1.08 Sat Dec 16 23:27:13 CET 2006
- URGENT update, the last release did not
decode files correctly, usually not at all.
- my last patch was, of course, completely bogus.
(sorry. looked simple...).
1.07 Sun Dec 10 17:41:46 CET 2006
- fixed an uninitialised variable based on analysis
and patch by Mark Martinec.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Mon, 19 Apr 2021 20:55:35 +0000 (22:55 +0200)]
Convert-TNEF: Update to 0.18
- Update from 0.17 to 0.18
- Update of rootfile not needed
- Changelog
- Add IO::Wrap dependency to Makefile.PL (RT78412).
- Change longname() to detect names in newer versions of Outlook.
(RT78484)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 16 Apr 2021 09:53:30 +0000 (11:53 +0200)]
hostapd: Find device by MAC address
With wireless device as members in bridges, we cannot predict the name
very well. So we will use the MAC address and find the correct device
name when we launch hostapd.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 21:44:59 +0000 (23:44 +0200)]
glib: Update to 2.68.1
- Update from 2.54.3 to 2.68.1
- Update rootfile
- glib-2.54.3-compile-fixes-1.patch not required, all changes now
incorporated in the source tarball
- meson/ninja have replaced autotools
- As so's updated ran find-dependencies
No additional programs flagged up
- Changelog is too large to include here
Full details can be viewed in the NEWS file in the source tarball
Large number of bugs fixed
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 16:44:47 +0000 (18:44 +0200)]
cifs-utils: Update to 6.13
- Update from 6.12 to 6.13
- Update of rootfile not needed
- Changelog
This is a security release to address the following bug:
CVE-2021-20208 cifs.upcall kerberos auth leak in container
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 11:54:52 +0000 (13:54 +0200)]
cups: Update to 2.3.3op2
- Update from 2.3.3 to 2.3.3op2
- OpenPrinting statement from March 2021:-
CUPS has new home at OpenPrinting
Due to the fact that CUPS development at Apple has stopped since the
beginning of 2020 we had forked CUPS some months ago to incorporate
patches and fixes from the distributions. As Apple did not resume the
upstream work on CUPS, we have made OpenPrinting now the official
upstream home for CUPS.
This especially means that we can now continue developing CUPS,
independent of Apple. So we can add features and lead CUPS into the new
architecture without PPD files and with Printer Applications.
CUPS has a new home page now and what was formerly our fork is now the
official CUPS repository. Upcoming releases will be of the new 2.4.x
series, without “opX” suffix as now. Also all documentation files which
come with it are updated to point to the OpenPrinting resources.
- Update of rootfile not required.
- Changelog
Changes in CUPS v2.3.3op2
- Security: Fixed a buffer (read) overflow in the `ippReadIO` function
(CVE-2020-10001)
- Clarified the documentation for the "Listen" directive (Issue #53)
- Fixed duplicate ColorModel entries for AirPrint printers (Issue 59)
- Fixed directory/permission defaults for Debian kfreebsd-based systems
(Issue #60, Issue #61)
- Fixed crash bug in `ppdOpen` (Issue #64, Issue #78)
- Fixed regression in `snprintf` emulation function (Issue #67)
- The scheduler's systemd service file now waits for the nslcd service to start
(Issue #69)
- The libusb-based USB backend now uses a simpler read timer implementation to
avoid a regression in a previous change (Issue #72)
- The PPD caching code now only tracks the `APPrinterIconPath` value on macOS
(Issue #73)
- Fixed segfault in help.cgi when searching in man pages (Issue #81)
- Root certificates were incorrectly stored in "~/.cups/ssl".
Changes in CUPS v2.3.3op1
- The automated test suite can now be activated using `make test` for
consistency with other projects and CI environments - the old `make check`
continues to work as well, and the previous test server behavior can be
accessed by running `make testserver`.
- ippeveprinter now supports multiple icons and strings files.
- ippeveprinter now uses the system's FQDN with Avahi.
- ippeveprinter now supports Get-Printer-Attributes on "/".
- ippeveprinter now uses a deterministic "printer-uuid" value.
- ippeveprinter now uses system sounds on macOS for Identify-Printer.
- Updated ippfind to look for files in "~/Desktop" on Windows.
- Updated ippfind to honor `SKIP-XXX` directives with `PAUSE`.
- Updated IPP Everywhere support to work around printers that only advertise
color raster support but really also support grayscale (Issue #1)
- ipptool now supports DNS-SD URIs like `ipps://My%20Printer._ipps._tcp.local`
(Issue #5)
- The scheduler now allows root backends to have world read permissions but not
world execute permissions (Issue #21)
- Failures to bind IPv6 listener sockets no longer cause errors if IPv6 is
disabled on the host (Issue #25)
- The SNMP backend now supports the HP and Ricoh vendor MIBs (Issue #28)
- The scheduler no longer includes a timestamp in files it writes (Issue #29)
- The systemd service names are now "cups.service" and "cups-lpd.service"
(Issue #30, Issue #31)
- The scheduler no longer adds the local hostname to the ServerAlias list
(Issue #32)
- Added `LogFileGroup` directive in "cups-files.conf" to control the group
owner of log files (Issue #34)
- Added `--with-max-log-size` configure option (Issue #35)
- Added `--enable-sync-on-close` configure option (Issue #37)
- Added `--with-error-policy` configure option (Issue #38)
- IPP Everywhere PPDs could have an "unknown" default InputSlot (Issue #44)
- The `httpAddrListen` function now uses a listen backlog of 128.
- Added USB quirks (Apple issue #5789, #5823, #5831)
- Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter.
- Fixed DNS-SD name collision support in ippeveprinter.
- Fixed compiler and code analyzer warnings.
- Fixed TLS support on Windows.
- Fixed ippfind sub-type searches with Avahi.
- Fixed the default hostname used by ippeveprinter on macOS.
- Fixed resolution of local IPP-USB printers with Avahi.
- Fixed coverity issues (Issue #2)
- Fixed `httpAddrConnect` issues (Issue #3)
- Fixed web interface device URI issue (Issue #4)
- Fixed lp/lpr "printer/class not found" error reporting (Issue #6)
- Fixed xinetd support for LPD clients (Issue #7)
- Fixed libtool build issue (Issue #11)
- Fixed a memory leak in the scheduler (Issue #12)
- Fixed a potential integer overflow in the PPD hashing code (Issue #13)
- Fixed output-bin and print-quality handling issues (Issue #18)
- Fixed PPD options getting mapped to odd IPP values like "tray---4" (Issue #23)
- Fixed remote access to the cupsd.conf and log files (Issue #24)
- Fixed the automated test suite when running in certain build/CI environments
(Issue #25)
- Fixed a logging regression caused by a previous change for Apple issue #5604
(Issue #25)
- Fixed fax phone number handling with GNOME (Issue #40)
- Fixed potential rounding error in rastertopwg filter (Issue #41)
- Fixed the "uri-security-supported" value from the scheduler (Issue #42)
- Fixed IPP backend crash bug with "printer-alert" values (Issue #43)
- Removed old Solaris inetconv(1m) reference in cups-lpd man page (Issue #46)
- Fixed default options that incorrectly use the "custom" prefix (Issue #48)
- Fixed a memory leak when resolving DNS-SD URIs (Issue #49)
- Fixed systemd status reporting by adopting the notify interface (Issue #51)
- Fixed crash in rastertopwg (Apple issue #5773)
- Fixed cupsManualCopies values in IPP Everywhere PPDs (Apple issue #5807)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 11:55:15 +0000 (13:55 +0200)]
cups-filters: Update to 1.28.8
- Update from 1.28.7 to 1.28.8
- Update of rootfile not required
- Changelog
CHANGES IN V1.28.8
- libcupsfilters: Made check whether the driverless PPD to
generate should be a fax out PPD more reliable (Issue #343).
- foomatic-rip: Options in the 5th command line argument of
the CUPS filter command line are separated only by white
space and not by comma, also make sure that an option "none"
is not considered a custom page size (Issue #348).
- implicitclass: Raise timeout for cups-browsed's answer from
20s to 60s (Pull request #346).
- libcupsfilters: In the PPD generator really give priority to
Apple Raster against PDF (Issue #331).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 11:57:45 +0000 (13:57 +0200)]
collectd: patch for successful build with updated lm_sensors
- Patch to remove checks for SENSORS_API_VERSION upper limit
Patch based on one by Pavel Rochnyack
https://git.ipfire.org/?p=thirdparty/collectd.git;a=commitdiff;h=d5a3c020>
- Without this patch collectd fails to build with the updated lm_sensors
version (3-6-0) due to a problem with the version of libsensors used by
lm_sensors
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 11:57:44 +0000 (13:57 +0200)]
lm_sensors: Update to 3-6-0
- Update from 3-4-0 to 3-6-0
- Update of rootfilers in each architecture
Only the library version changed in each rootfile
- Installed updated lm_sensors. Confirmed updated version was installed.
sensors-detect ran successfully but could not confirm successful sensor
detection as installation was run on vm testbed and this has no sesnors
Testing on real hardware to confirm that sensors are detected and
sensor-* directories correctly created in IPFire.
- Changelog
3.6.0 (2019-10-18)
configs: Added a number of new configuration files
fancontrol: AVERAGE env variable can be used to set the number of previ>
Makefile: The MACHINE variable has been renamed to ARCH
sensord: Add an option -1/--oneline to print chip and adapter on the sa>
sensors: Fixed a stray comma bug in the JSON output
Fixed Fahrenheit conversion with raw and JSON output
Scale voltage and current values in the default output format
sensors-detect: Add detection of AMD Family 17h, models 30h, 70h
Add detection of some AMD Family 15h models
Add detection of AMD Family 16h model 30h power sensors
Add detection of Hygon Family 18h thermal sensors
Add detection of Nuvoton NCT6797D
Add detection of Nuvoton NCT6798D
Add detection of Nuvoton NCT6112D/NCT6114D/NCT6116D
Fix printing CPU info on non-x86 arches
Fix printing lm_sensors version
Mark Fintek F75387SG/RG as supported by the f75375s dri>
3.5.0 (2018-11-23)
Fixed disappearance of certain hwmon chips with 4.19+ kernels
Add the find-driver script for debugging
Various documentation and man page improvements
Fix various issues found by Coverity Scan
Fix compilation with the musl C library
Development version string now contains "+git" instead of "+SVN"
Updated links in documentation to reflect the new home of lm_sensors
sensors.1: Add reference to sensors-detect
Document -j option (json output)
sensors: Add support for json output
Add support for power min, lcrit, min_alarm, lcrit_alarm
sensors-detect: Fix systemd paths
Add detection of Fintek F81768
Only probe I/O ports on x86
Add detection of Nuvoton NCT6793D
Add detection of Microchip MCP9808
Mark F71868A as supported by the f71882fg driver
Mark F81768D as supported by the f71882fg driver
Mark F81866D as supported by the f71882fg driver
Add detection of various ITE chips
Add detection of Nuvoton NCT6795D
Add detection of DDR4 SPD
Add detection of ITE IT8987D
Add detection of AMD Family 17h temperature sensors
Add detection of AMD KERNCZ SMBus controller
Add detection of various Intel SMBus controllers
Add detection of Giantec GT30TS00
Add detection of ONS CAT34TS02C and CAT34TS04
Add detection of AMD Family 15h Model 60+ temperature s>
Add detection of Nuvoton NCT6796D
Add detection of AMD Family 15h Model 70+ temperature s>
configs: Add sample configuration files.
sensors.conf.default: Add hardwired inputs of NCT6795D
Add hardwired inputs of F71868A
Add hardwired NCT6796D inputs
vt1211_pwm: replaced deprecated sub shell syntax
run with bash instead of sh
pwmconfig: replaced deprecated sub shell syntax
fancontrol: replaced deprecated sub shell syntax
save original pwm values
fancontrol.8: replaced deprecated sub shell syntax
libsensors: Add support for SENSORS_BUS_TYPE_SCSI
Add support for power min, lcrit, min_alarm, lcrit_alarm
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 11:58:09 +0000 (13:58 +0200)]
meson: Update to 0.57.2
- Update from 0.56.0 to 0.57.2
- Update of rootfile
- Changelog is too large and complicated layout to include here
Full details can be seen at https://mesonbuild.com/Release-notes.html
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 11:57:19 +0000 (13:57 +0200)]
libxcrypt: Update to 4.4.19
- Update from 4.4.17 to 4.4.19
- Update of rootfile not needed
- Changelog
libxcrypt NEWS -- history of user-visible changes.
Version 4.4.19
* Improve fallback implementation of explicit_bzero.
* Add glibc-on-CSKY, ARC, and RISCV-32 entries to libcrypt.minver.
These were added in GNU libc 2.29, 2.32, and 2.33 respectively
(issue #122).
* Do not build xcrypt.h if we’re not going to install it.
* Do not apply --enable-obsolete-api-enosys mode to fcrypt.
* Compilation fix for NetBSD. NetBSD’s <unistd.h> declares encrypt
and setkey to return int, contrary to POSIX (which says they return
void). Rename those declarations out of the way with macros.
* Compilation fixes for building with GCC 11.
Basically fixes for explicit type-casting.
* Force update of existing symlinks during installation (issue #120).
Version 4.4.18
* Fix compilation errors on (Free)BSD (issue #110).
* Fix conversion error in lib/alg-gost3411-core.c, which is seen by
some sensitive compilers.
* Convert build scripts to Perl.
The minimum version of Perl required is 5.14.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 11:55:53 +0000 (13:55 +0200)]
file: Update to 5.40
- Update from 5.39 to 5.40
- Update of rootfile not needed
- Changelog
* release 5.40
* PR/234: Add limit to the number of bytes to scan for encoding
* PR/230: Fix /T (trim flag) for regex
* PR/77: Trim trailing separator.
* PR/211: Convert system read errors from corrupt ELF
files into human readable error messages
* fix multithreaded decompression file descriptor issue
by using close-on-exec (Denys Vlasenko)
* Exclude surrogate pairs from utf-8 detection (Michael Liu)
* Include # to the list of ignored format chars (Werner Fink)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 14 Apr 2021 11:55:35 +0000 (13:55 +0200)]
expat: Update to 2.3.0
- Update from 2.2.0 (2016) to 2.3.0 (2021)
- Update of rootfile
- Changelog is too large to include here
Full details can be viewed in the Changes file in the source tarball
Large number of bug fixes
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 12 Apr 2021 21:00:46 +0000 (23:00 +0200)]
httpd: disable sending ETag header completely
These cause caching trouble and pose a potential security risk due to
exposing inode numbers of files within the Apache site directories on an
IPFire machine.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 9 Apr 2021 19:10:21 +0000 (21:10 +0200)]
libupnp: Update to 1.14.5
- Update from 1.6.18 to 1.14.5
- Update required for successfgul build of mpd-0.22.6
- Update of rootfile
- Changelog is too large to include here
Full details can be found in the ChangeLog file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 9 Apr 2021 19:10:20 +0000 (21:10 +0200)]
mpd: Update to 0.22.6
- Update from 0.19.19 to 0.22.6
- Update rootfile
- Required update of libupnp
- Autotools no longer available
Build changed to meson
Meson build required addition of pkgconfig file for libid3tag
- Changelog is too large to include here.
Full details can be found in the NEWS file in the source tarball
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Write graph error messages to the system log, to simplify
further inspection by the user.
Add additional parameter check to prevent a possible redirect loop
if the URL format is changed in the future.
Cosmetic: Use underlining instead of background color for highlighting
Fixes #10643
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 10 Apr 2021 14:33:47 +0000 (16:33 +0200)]
ppp: update to 2.4.9
This is the first ppp release for years, and the project appears to have
a different maintainer (team?) by now. As a result, some of our patches
are no longer necessary as they made it into upstream, while others need
to be adjusted slightly.
In addition, their configure script does not handle commas in CFLAGS
properly, which is why the delimiter for the 'sed' call in it has to be
changed to something neither appearing in a path nor in our CLFAGS set.
The full changelog of this release can be retrieved from
https://ppp.samba.org/README.html and says:
* Support for new EAP (Extensible Authentication Protocol) methods:
- Support for EAP-TLS, from Jan Just Keijser and others
- Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
Van Buggenhout and others
* libpcap is now required when compiling on Linux (previously, if
libpcap was not present, pppd would be compiled without packet
filtering support).
* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
from the upstream rp-pppoe code. Its options have changed names,
but the old names are kept as aliases.
* The configure script now supports cross-compilation.
* Many bug fixes and cleanups.
Thanks to Michael for his hint on the ./configure CFLAGS issue.
The second version of this patch correctly updates the
src/patches/ppp/0013-everywhere-O_CLOEXEC-harder.patch patch for the
second hunk in pppd/main.c, where socket permissions have been changed
meanwhile.
Further, it has been successfully tested against a VDSL 100 line in
Germany, using PAP to Easybell via 1&1 L2 BSA. No connectivity issues or
other anomalies have been observed so far.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / pmueller / ipfire-2.x.git / log
