upstream changes:
-----------------
9.2.1 (2022-10-18)
Features and enhancements
o Alerting: Improve notification policies created during migration
o AzureAD: Add option to force fetch the groups from the Graph API
o AzureAD: Add option to force fetch the groups from the Graph API
o Docs: Note end of release notes publication
o Inspect: Handle JSON tab crash when the provided object is too big to
stringify
o TablePanel: Footer now updates values on column filtering
Bug fixes
o Alerting: Fix email image embedding on Windows
o Alerting: Fix mathexp.NoData for ConditionsCmd
o Legacy Alerting: Fix duration calculation when testing a rule
o Loki: Propagate additional headers from Grafana to Loki when querying data
o Search: Sort alphabetically in the folder view, increase the limit of the
folder search from 50 to 1000
o TablePanel: Fix last table column to be centered.
Plugin development fixes & changes
o Grafana UI: Export prop types for queryfield, modal and field components
o Toolkit: Fix Cannot use import statement outside... error in tests
Alan Coopersmith (9):
Update README for gitlab migration
Add README.md to EXTRA_DIST
Update configure.ac bug URL for gitlab migration
Update m4 to xorg/util/xcb-util-m4@c617eee22ae5c285e79e81
Build xz tarballs instead of bzip2
gitlab CI: add a basic build test
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
xcb-util-image 0.4.1
David Callu (1):
test: add XCB_SHM_LIBS to all test
Emil Velikov (1):
autogen.sh: use quoted string variables
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
- This is only a small release coming out in order to establish an automated
build - and publication pipeline.
Some new bond types were added nevertheless.
Alan Coopersmith (9):
Update README for gitlab migration
Add README.md to EXTRA_DIST
Build xz tarballs instead of bzip2
Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters
Update m4 to xorg/util/xcb-util-m4@c617eee22ae5c285e79e81
gitlab CI: add a basic build test
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
xcb-util-cursor 0.1.4
Emil Velikov (1):
autogen.sh: use quoted string variables
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
Uli Schlachter (2):
documentation: Call xcb_free_cursor() when done
Fix out-of-source builds
Alan Coopersmith (6):
Update README for gitlab migration
Update configure.ac bug URL for gitlab migration
Build xz tarballs instead of bzip2
Fix spelling/wording issues
gitlab CI: add a basic build test
libxshmfence 1.3.1
Jan Beich (2):
alloc: prefer atomic close-on-exec without O_TMPFILE as well
alloc: prefer SHM_ANON on FreeBSD a la memfd_create
Released 3.4.3 2022-09-15
This is a minor release to bring back the removed OPT_X_TLS option.
Please note, it's still a deprecated option and it will be removed in 3.5.0.
The following deprecated option has been brought back:
- ``OPT_X_TLS``
Fixes:
* Sphinx documentation is now successfully built
* pypy3 tests stability was improved
* setup.py deprecation warning is now resolved
*5.9.3*:
security:
- These two CVEs can be exploited by a user with read-only credentials:
- CVE-2022-24805 A buffer overflow in the handling of the INDEX of
NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
- CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
can cause a NULL pointer dereference.
- These CVEs can be exploited by a user with read-write credentials:
- CVE-2022-24806 Improper Input Validation when SETing malformed
OIDs in master agent and subagent simultaneously
- CVE-2022-24807 A malformed OID in a SET request to
SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
out-of-bounds memory access.
- CVE-2022-24808 A malformed OID in a SET request to
NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
- CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
can cause a NULL pointer dereference.
- To avoid these flaws, use strong SNMPv3 credentials and do not share them.
If you must use SNMPv1 or SNMPv2c, use a complex community string
and enhance the protection by restricting access to a given IP address range.
- Thanks are due to Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE for
reporting the following CVEs that have been fixed in this release, and
to Arista Networks for providing fixes.
misc:
- Snmp-create-v3-user: Fix the snmpd.conf path @datadir@ is
expanded in ${datarootdir} so datarootdir must be set before
@datadir@ is used.
general: Many bug fixes
*5.9.2*:
skipped due to a last minute library versioning found bug -- use 5.9.3 instead
*5.9.1*:
General: Many bug fixes
*5.9*
snmplib:
- Add IPv6 support to DTLSUDP transport CHANGES: snmplib: use new
netsnmp_sockaddr_storage in netsnmp_addr_pair CHANGES: snmplib: add
base_transport ptr for tunneled transports
snmpd:
- Security vulnerabilty in the ping MIB reported by Christopher Ertl
from Microsoft fixed
- Changing to a different uid/gid can only be done once
- The extend mib is now read-only by default
snmptrap:
- BUG: 2899: Patch from Drew Roedersheimer to set library
engineboots/time values before sending
unspecified:
- Add pkg-config support for building applications and sub-agents Use
the netsnmp package when building Net-SNMP applications. Use the
netsnmp-agent package when building Net-SNMP subagents.
Alan Coopersmith (2):
configure: replace bugzilla URL with gitlab issues
configure.ac: allow x64 libraries on Solaris to run on non-SSSE3 machines
Alex Richardson (1):
Fix -Wincompatible-function-pointer-types warning
Benjamin Gilbert (1):
meson: Add feature to disable compiler TLS support
Dylan Baker (1):
meson: remove pixman dependency
Heiko Lewin (1):
Fix signed-unsigned semantics in reduce_32
Jocelyn Falempe (1):
Fix inverted colors on big endian system
Jonathan Kew (1):
Avoid out-of-bounds read when accessing individual bytes from mask.
Manuel Stoeckl (2):
Fix masked pixel fetching with wide format
demos: port to Gtk3
Matt Turner (1):
Post-release version bump to 0.40.1
Michael Forney (1):
Prevent empty top-level declaration
Mizuki Asakura (1):
added aarch64 bilinear implementations (ver.4.1)
Nirbheek Chauhan (3):
tests: Fix undefined symbol build error on macOS
meson: Fix warning about extract_all_objects usage
meson: Fix usage of pkgconfig.generate()
Simon Ser (2):
Constify region APIs
Pre-release version bump to 0.42.0
Tim-Philipp Müller (3):
Update README a little
meson: add cpu-features-path option for Android
meson: add option to skip building of tests and demos
Tom Stellard (1):
Add -ftrapping-math to default cflags
pkubaj (1):
Fix AltiVec detection on FreeBSD.
Érico Rolim (1):
meson: update option descriptions.
0.10.4 (2022-10-17)
-------------------
- Refactor the purl2url functions and utilities
- Split purl2url into `get_repo_url()` and `get_download_url()` returning
accordingly a "Repository URL" and a "Download URL".
- A new `get_inferred_urls` function is available to get return all
inferred URLs (repository and download) values.
- Add support in purl2url for npm, pypi, hackage, and nuget.
- Package URL qualifiers can now be provided to `purl_from_pattern()`.
- The `download_url` qualifier is returned in `get_download_url()` when available.
- Usage of `purl2url.purl2url` and `purl2url.get_url` is still available for
backward compatibility but should be migrated to `purl2url.get_repo_url`.
- Include the `version_prefix` ("v" or "V") as a qualifier in build_github_purl
This allow to infer valid URLs in the context of purl2url.
H11 0.14.0 (2022-09-25)
-----------------------
Features
- Allow additional trailing whitespace in chunk headers for additional
compatibility with existing servers.
- Improve the type hints for Sentinel types, which should make it
easier to type hint h11 usage.
Deprecations and Removals
- Python 3.6 support is removed. h11 now requires Python>=3.7
including PyPy 3. Users running `pip install h11` on Python 2 will
automatically get the last Python 2-compatible version.
v1.3.0 (2022-10-18)
Changed
- Huge refactoring: Migrated to crossterm from termion due to the
maintainability and future-support for Windows. New module term.rs
contains (almost) all of the terminal API, so that other modules will not
get effected by the future backend change.
- Alongside, some changes are added to show the file path properly in Windows.
- With crossterm, opening a file in e.g. Vim, it feels as if this app
"freezes". This behavior is not what I want, so from v1.3.0,
open_file_in_new_window can work only if [exec] is set in config file, and
the extension of the item matches the key.
- default key in the config file become Option, so that users can select
$EDITOR without explicitly setting it up. The initial process of asking users
to select the default command has also been fixed accordingly.
Fixed
- After zoxide jump, turn off the filter mode.
- Many typos fixed.
Added
- New error: OpenNewWindow
- New GitHub actions: Add windows-install
Alan Coopersmith (6):
Use strndup if available to avoid -Wstringop-overflow warning from gcc 9
Convert check for strcasecmp to normal autoconf style
Build xz tarballs instead of bzip2
Fix spelling/wording issues
gitlab CI: add a basic build test
libxkbfile 1.1.1
Benno Schulenberg (1):
fix an off-by-one error in copying the name of a virtual modifier
Peter Hutterer (2):
Escape non-printable characters correctly
unifdef NOTYET
Ran Benita (1):
Fix check for appending '|' character when applying rules
pkgsrc change: Allow building on macOS again since it's explicitly
listed in the changes below.
Alan Coopersmith (7):
Build xz tarballs instead of bzip2
Fix spelling/wording issues
meson: install man page in mandir/man1/, not mandir/1/
gitlab CI: add a basic build test for both autotools and meson
gitlab CI: stop requiring Signed-off-by in commits
configure.ac: Use pkg-config to find zlib dependency info
libpciaccess 0.17
Chester Gillon (1):
Obtain correct value of is_64 and is_prefetchable PCI device fields
Damien Zammit (7):
hurd_pci: Use __pci_conf_ variants of pci_conf_
x86: Use gnumach device instead of /dev/mem on GNU systems && factorise ifdefs
x86: Remove mapping of regions during probe - otherwise remapping later fails
x86: Remove probe during create, other backends don't do this
hurd: device_open(pci), /servers/bus/pci fallback
x86: Sort devices by B/D/F due to recursive scan
hurd: Don't necessarily look up _SERVERS_BUS_PCI
Dylan Baker (2):
Add a meson build system
autoconf: Add meson files to dist tarball
Fabrice Fontaine (1):
pciaccess.pc.in: add Libs.Private
Joan Lledó (3):
Hurd: avoid using the deprecated RPC pci_get_ndevs()
hurd: Implement device memory mapping
Hurd: Fix initialization order
Moritz Fischer (1):
Add pci_device_disable() function
Petr Ovtchenkov (1):
missed library installation in meson
Samuel Thibault (5):
hurd: Add missing round up size in map_dev_mem
hurd: Fix letting map_dev_mem map anywhere
hurd: Fix map_dev_mem from non-zero address
hurd: Restore initialization order
hurd: Fix pci_device_hurd_map_legacy
Satadru Pramanik (1):
Add support for building on macOS w/o X11, using endian code from "portable_endian.h"...
zhanghongtao (4):
Add parentheses to the macro definition
pci_sys set NULL after free
Add header protection macro in linux_devmem.h
Delete redundant symbols ';'
9.01:
- Fix library minor version (missing bump to 5.8).
9.00:
- Add support for AnyConnect "Session Token Re-use Anchor Protocol"
(STRAP) (#410).
- Add support for AnyConnect "external browser" SSO mode (!354).
- On Windows, fix crash on tunnel setup. (#370, 6a2ffbb)
- Bugfix RSA SecurID token decryption and PIN entry forms, broken in
v8.20. (#388, !344)
- Support Cisco's multiple-certificate authentication (!194).
- Append internal=no to GlobalProtect authentication/configuration
forms, for compatibility with servers which apparently require this to
function properly. (#246, !337)
- Revert GlobalProtect default route handling change from v8.20. (!367)
- Support split-exclude routes for Fortinet. (#394, !345)
- Add openconnect_set_useragent() function.
- Add webview callback and SAML/SSO support for AnyConnect,
GlobalProtect. (!126).
8.20:
- When the queue length (-Q option) is 16 or more, try using vhost-net
to accelerate tun device access.
- Use epoll() where available.
- Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. (#249)
- Make tncc-emulate.py work with Python 3.7+. (#152, !120)
- Emulated a newer version of GlobalProtect official clients, 5.1.5-8;
was 4.0.2-19 (!131)
- Support Juniper login forms containing both password and 2FA
token (!121)
- Explicitly disable 3DES and RC4, unless enabled with
--allow-insecure-crypto (!114)
- Add obsolete-server-crypto test (!114)
- Allow protocols to delay tunnel setup and shutdown (!117)
- Support for GlobalProtect IPv6 (!155 and !188; previous work in
d6db0ec)
- SIGUSR1 causes OpenConnect to log detailed connection information and
statistics (!154)
- Allow --servercert to be specified multiple times in order to accept
server certificates matching more than one possible fingerprint
(!162, #25)
- Add insecure debugging build mode for developers (!112)
- Demangle default routes sent as split routes by GlobalProtect (!118)
- Improve GlobalProtect login argument decoding (!143)
- Add detection of authentication expiration date, intended to allow
front-ends to cache and reuse authentication cookies/sessions (!156)
- Small bug fixes and clarification of many logging messages.
- Support more Juniper login forms, including some SSO forms (!171)
- Automatically build Windows installers for OpenConnect command-line
interface (!176)
- Restore compatibility with newer Cisco servers, by no longer sending
them the X-AnyConnect-Platform header (#101, !175)
- Add support for PPP-based protocols, currently over TLS only (!165).
- Add support for two PPP-based protocols, F5 with --protocol=f5 and
Fortinet with --protocol=fortinet (!169).
- Add experimental support for Wintun Layer 3 TUN driver under Windows
(#231, !178).
- Clean up and improve Windows routing/DNS configuration script
(vpnc-scripts!26, vpnc-scripts!41, vpnc-scripts!44).
- On Windows, reclaim needed IP addresses from down network interfaces
so that configuration script can succeed (!178).
- Fix output redirection under Windows (#229)
- More gracefully handle idle timeouts and other fatal errors for
Juniper and Pulse (!187)
- Ignore failures to fetch the Juniper/oNCP landing page if the
authentication was successful (3e779436).
- Add support for Array Networks SSL VPN (#102)
- Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm
and hardware TPM. (ed80bfac...ee1cd782)
- Add openconnect_get_connect_url() to simplify passing correct server
information to the connecting openconnect process.
(NetworkManager-openconnect #46, #53)
- Disable brittle "system policy" enforcement where it cannot be
gracefully overridden at user request. (RH#1960763).
- Pass "portal cookie" fields from GlobalProtect portal to gateway to
avoid repetition of password- or SAML-based login (!199)
- With --user, enter username supplied via command-line into all
authentication forms, not just the first. (#267, !220).
- Fix a subtle bug which has prevented ESP rekey and ESP-to-TLS fallback
from working reliably with the Juniper/oNCP protocol since v8.04.
(#322, !293).
- Fix a bug in csd-wrapper.sh which has prevented it from correctly
downloading compressed Trojan binaries since at least v8.00. (!305)
- Make Windows socketpair emulation more robust in the face of Windows's
ability to break its localhost routes. (#228, #361, !320)
- Perform proper disconnect and routes cleanup on Windows when receiving
Ctrl+C or Ctrl+Break. (#362, !323)
- Improve logging in routing/DNS configuration scripts. (!328,
vpnc-scripts!45)
- Support modified configuration packet from Pulse 9.1R14 servers
(#379, !331)
- Use 'ps -c -o command=' rather than 'cmd=' [chris vogan]
- Use full names of Windows 'netsh' sub-commands, not abbreviations
[Dimitri Papadopoulos]
- Don't try to condition 'validate=no' flag on Windows version
[Daniel Lenski]
- add networksetup for darwin to fix dns setup on newer versions of
MacOS [Tobias Breitwieser]
- Removed automatic adding of NS routes [Heiko Schabert]
- Add configuration for OBS workflow [Luca Boccassi]
- Add RPM packaging for OBS workflow [Luca Boccassi]
- Add Debian packaging for OBS workflow [Luca Boccassi]
- vpnc-script-sshd: use ip link peer name syntax [Luca Boccassi]
- vpnc-script: Detect systemd with resolvectl status [Jordan Justen]
- Cleanup error status in vpnc-script-win.js [Dimitri Papadopoulos]
- Update copyright/origin notices in scripts [Daniel Lenski]
- On newer versions of Windows, need `validate=no` when adding DNS
servers [Daniel Lenski]
- Better ordering, more logging, and disconnect handler fixes on Windows
[Daniel Lenski]
- Add logLevel and logTimestamps options to vpnc-script-win.js
[Daniel Lenski]
- On newer versions of Windows, need `validate=no` when adding DNS
servers [Daniel Lenski]
- Better ordering, more logging, and disconnect handler fixes on Windows
[Daniel Lenski]
- Add logLevel and logTimestamps options to vpnc-script-win.js
[Daniel Lenski]
- Remove unnecessary quotes around numeric interface identifier (TUNIDX)
in vpnc-script-win.js [Daniel Lenski]
- vpnc-script-win.js: replace incorrect exec() call with run()
[Tim De Baets]
- Always use INTERNAL_IP4_ADDRESS as "gateway" on Windows [Daniel Lenski]
- Support for OpenBSD's resolvd via route messages [Andrew Hewus Fresh]
- Another bugfix when determining the controlling PID [Daniel Lenski]
- Use `type -P` instead of `command -v` in tests/ bash scripts
[Ville Skyttä]
- Use `grep -E` instead of `egrep` [Ville Skyttä]
- Use `command -v` instead of `which` [Ville Skyttä]
- Ensure that vpnc-script-win.js works even if
INTERNAL_IP4_{NETADDR,NETMASK} are unset [Daniel Lenski]
- Add polyfill for String.prototype.trim in vpnc-script-win.js
[Daniel Lenski]
- Minor typo [Dimitri Papadopoulos]
- Fix spacing [Daniel Lenski]
- Use $VPNPID when provided by OpenConnect [Daniel Lenski]
- Also include controlling process identifier in resolv.conf backup path
[Daniel Lenski]
- Bugfix default route handling by using GRANDparent process ID to
uniquely identify connection [Daniel Lenski]
- Typos found by codespell [Dimitri Papadopoulos]
- Ensure that vpnc-script-win.js picks a legal "internal gateway"
address even for /32 netmask [Daniel Lenski]
- tests: fix error message about missing ocserv [Luca Boccassi]
- Typos caught by codespell [Dimitri Papadopoulos]
- Fix set_vpngateway_route [Daniel Lenski]
- Exclude routes may use a different address family from VPNGATEWAY
[Daniel Lenski]
- factor out list_non_loopback_routes and use for split-exclude routes
as well [Daniel Lenski]
- tests: 'route flush' doesn't work properly on Linux' [Daniel Lenski]
- Linux: fix IPv6 route flushing [Daniel Lenski]
- test timing: wait up to 10s for OpenConnect client to terminating
[Daniel Lenski]
- re-add tests for IPv6 support [Daniel Lenski]
- always exclude TUNDEV when finding/setting gateway route
[Daniel Lenski]
- preserve onlink flag in gateway/exclude routes [Daniel Lenski]
This release has man pages!
Alan Coopersmith (8):
Update README for gitlab migration
Update configure.ac bug URL for gitlab migration
Build xz tarballs instead of bzip2
Fix spelling/wording issues
gitlab CI: add a basic build test
configure: Drop AM_MAINTAINER_MODE
Add man pages for libXpresent
libXpresent 1.0.1
Daphne Pfister (1):
autogen.sh: Implement GNOME Build API
Emil Velikov (1):
autogen.sh: use quoted string variables
Julien Cristau (1):
configure, xpresent.pc: require xext, xfixes and xrandr
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
This release includes two notable changes to XmuConvertStandardSelection():
1) It no longer supports XA_IP_ADDRESS, which only supported IPv4 addresses
and simply provided the output of gethostbyname() on the local hostname.
2) XA_OWNER_OS no longer reports "BSD" for any Unix-like OS (including Linux)
that it hadn't been coded to handle, instead relying on uname() where
available to provide the OS name.
The lack of bug reports about the previously misleading output for these
suggests they're not widely used, with codesearch.debian.net only finding
matches in libXmu and the rust bindings to libXmu, and not any consumers
of these interfaces.
Alan Coopersmith (19):
Build xz tarballs instead of bzip2
Fix spelling/wording issues
gitlab CI: add a basic build test
COPYING: correct source file path names
Remove unnnecessary casts from *alloc() and free() calls
Import reallocarray() from libX11 (originally from OpenBSD)
Convert code to use Xmumallocarray() & reallocarray()
XmuGetHostname: Drop support for ancient USG systems
get_os_name: Use autoconf to detect uname() support
More typo fixes
Use memcpy instead of memmove when buffers are known not to overlap
Use _CONST_X_STRING to make libXt declare String as const char *
Clear some more -Wdiscarded-qualifiers warnings
Handle -Wsign-compare warnings
Handle -Wmissing-field-initializers warnings
_XEditResGet32: Fix casts to avoid unexpected sign extension in 64-bit
Add simple test cases for _XEditRes{Put,Get}* functions
Add .git-blame-ignore-revs to hide whitespace commits from git blame
libXmu 1.1.4
Matthieu Herrb (3):
Unifdef SYSVNET
Fix OWNER_OS in XmuConvertStandardSelection() on Linux
Remove support for XA_IP_ADDRESS
