Summary for 4.99.1 tcpdump release:
Source code:
Squelch some compiler warnings
ICMP: Update the snapend for some nested IP packets.
MACsec: Update the snapend thus the ICV field is not payload
for the caller.
EIGRP: Fix packet header fields
SMB: Disable printer by default in CMake builds
OLSR: Print the protocol name even if the packet is invalid
MSDP: Print ": " before the protocol name
ESP: Remove padding, padding length and next header from the buffer
DHCPv6: Update the snapend for nested DHCPv6 packets
OpenFlow 1.0: Get snapend right for nested frames.
TCP: Update the snapend before decoding a MPTCP option
Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
ForCES: Refine SPARSEDATA-TLV length check.
ASCII/hex: Use nd_trunc_longjmp() in truncation cases
GeoNet: Add a ND_TCHECK_LEN() call
Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
BGP: Fix overwrites of global 'astostr' temporary buffer
ARP: fix overwrites of static buffer in q922_string().
Frame Relay: have q922_string() handle errors better.
Building and testing:
Rebuild configure script when building release
Fix "make clean" for out-of-tree autotools builds
CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
Documentation:
man: Update a reference as www.cifs.org is gone. [skip ci]
man: Update DNS sections
Solaris:
Fix a compile error with Sun C
Summary for 4.99.0 tcpdump release
Improve the contents, wording and formatting of the man page.
Print unsupported link-layer protocol packets in hex.
Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
(IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
ZigBee Encapsulation Protocol (ZEP).
Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
VXLAN-GPE.
User interface:
Make SLL2 the default for Linux "any" pseudo-device.
Add --micro and --nano shorthands.
Add --count to print a counter only instead of decoding.
Add --print, to cause packet printing even with -w.
Add support for remote capture if libpcap supports it.
Display the "wireless" flag and connection status.
Flush the output packet buffer on a SIGUSR2.
Add the snapshot length to the "reading from file ..." message.
Fix local time printing (DST offset in timestamps).
Allow -C arguments > 2^31-1 GB if they can fit into a long.
Handle very large -f files by rejecting them.
Report periodic stats only when safe to do so.
Print the number of packets captured only as often as necessary.
With no -s, or with -s 0, don't specify the snapshot length with newer
versions of libpcap.
Improve version and usage message printing.
Building and testing:
Install into bindir, not sbindir.
autoconf: replace --with-system-libpcap with --disable-local-libpcap.
Require the compiler to support C99.
Better detect and use various C compilers and their features.
Add CMake as the second build system.
Make out-of-tree builds more reliable.
Use pkg-config to detect libpcap if available.
Improve Windows support.
Add more tests and improve the scripts that run them.
Test both with "normal" and "x87" floating-point.
Eliminate dependency on libdnet.
FreeBSD:
Print a proper error message about monitor mode VAP.
Use libcasper if available.
Fix failure to capture on RDMA device.
Include the correct capsicum header.
Source code:
Start the transition to longjmp() for packet truncation handling.
Introduce new helper functions, including GET_*(), nd_print_protocol(),
nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
Put integer signedness right in many cases.
Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
alignment issues, especially on SPARC.
Fix many C compiler, Coverity, UBSan and cppcheck warnings.
Fix issues detected with AddressSanitizer.
Remove many workarounds for older compilers and OSes.
Add a sanity check on packet header length.
Add and remove plenty of bounds checks.
Clean up pcap_findalldevs() call to find the first interface.
Use a short timeout, rather than immediate mode, for text output.
Handle DLT_ENC files *not* written on the same OS and byte-order host.
Add, and use, macros to do locale-independent case mapping.
Use a table instead of getprotobynumber().
Get rid of ND_UNALIGNED and ND_TCHECK().
Make roundup2() generally available.
Resync SMI list against Wireshark.
Fix many typos.
Summary for 1.10.1 libpcap release (so far!)
Packet filtering:
Fix "type XXX subtype YYY" giving a parse error
Source code:
Add PCAP_AVAILABLE_1_11.
Building and testing:
Rename struct bpf_aux_data to avoid NetBSD compile errors
Squelch some compiler warnings
Squelch some Bison warnings
Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
Fix Bison detection for minor version 0.
Fix parallel build with FreeBSD make.
Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
Define timeradd() and timersub() if necessary.
Fix Cygwin/MSYS target directories.
Fix symlinking with DESTDIR.
Fix generation of libpcap.pc with CMake when not building a shared
library.
Check for Arm64 as well as x86-64 when looking for packet.lib on
Windows.
Documentation:
Refine Markdown in README.md.
Improve the description of portrange in filters.
README.linux.md isn't Markdown, rename it just README.linux.
pcapng:
Support reading version 1.2, which some writers produce, and which
is the same as 1.0 (some new block types were added, but
that's not sufficient reason to bump the minor version number,
as code that understands those new block types can handle them
in a 1.0 file)
Linux:
Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel (credit to Chaoyuan Peng for noting the
sscanf vulnerabilities in the text-mode code that got me to
realize that we didn't need this code any more)
Bluetooth: fix non-blocking mode.
Don't assume that all compilers used to build for Linux support
the __atomic builtins
Windows:
Add more information in "interface disappeared" error messages, in
the hopes of trying to figure out the cause.
Treat ERROR_DEVICE_REMOVED as "device was removed".
Indicate in the error message which "device was removed" error
occurred.
Report the Windows error status if PacketSendPacket() fails.
Use %lu for ULONGs in error message formats.
Don't treat the inability to find airpcap.dll as an error.
Ignore spurious error reports by Microsoft Surface mobile
telephony modem driver
rpcap:
Clean up error checking and error messages for server address
lookup.
Summary for 1.10.0 libpcap release
Add support for capturing on DPDK devices
Label most APIs by the first release in which they're available
Fix some memory leaks, including in pcap_compile()
Add pcap_datalink_val_to_description_or_dlt()
Handle the pcap private data in a fashion that makes fewer
assumptions about memory layouts (might fix GitHub issue #940
on ARM)
Fix some thread safety issues
pcap_findalldevs(): don't sort interfaces by unit number
Always return a list of supported time-stamp types, even if only
host time stamps are supported
Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
Report the DLT description in error messages
Add pcap_init() for first-time initialization and global option
setting; it's not required, but may be used
Remove (unused) SITA support
Capture file reading:
Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
Capture file writing:
Create the file in pcap_dump_open_append() if it doesn't exist
Packet filtering:
Fix "unknown ether proto 'aarp'"
Add a new filter "ifindex" for DLT_LINUX_SLL2 files on all
platforms and live Linux captures
Add a hack to the optimizer to try to catch certain optimizer
loops (should prevent GitHub issue #112)
Show special Linux BPF offsets symbolically in bpf_image() and
bpf_dump()
Added support for ICMPv6 types 1-4 as tokens with names
Remove undocumented and rather old "ether proto" protocols
Catch invalid IPv4 addresses in filters
Don't assume ARM supports unaligned accesses
Security and other issues found by analysis:
Fix various security issues reported by Charles Smith at Tangible
Security
Fix various security issues reported by Include Security
Fix some issues found by cppcheck.
Add some overflow checks in the optimizer
rpcap:
Support rpcap-over-TLS
Redo protocol version negotiation to avoid problems with old
servers (it still works with servers using the old negotiation,
as well as servers not supporting negotiation)
Error handling cleanups
Add some new authentication libpcap error codes for specific
errors
Fix some inetd issues in rpcapd
Fix rpcapd core dumps with invalid configuration file
On UN*X, don't have rpcapd tell the client why authentication
failed, so a brute-force attacker can't distinguish between
"unknown user name" and "known user name, wrong password"
Allow rpcapd to rebind more rapidly (GitHub issue #765)
Documentation:
Improve man pages, including adding backward compatibility notes
Building and testing:
Require, and assume, some level of C99 support in the C compiler
Require Visual Studio 2015 or later if using Visual Studio
Fix configure script issues, including with libnl on Linux
Fix CMake issues
Squelch complaints from Bison about "%define api.pure" being
deprecated
Fix compilation of pcap-tc.c
Linux:
Require PF_PACKET support, and kernel 2.6.27 or later
Handle systems without AF_INET or AF_UNIX socket support
Get rid of Wireless Extensions for turning monitor mode on
Proper memory sync for PACKET_MMAP (may prevent GitHub issue
#898)
Drop support for libnl 1 and 2.
Return error on interface going away, but not if it just went
down but is still present
Set socket protocol only after packet ring configured,
reducing bogus packet drop reports
Get ifdrop stats from sysfs.
When adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special metadata
offset), to preserve references to metadata; see
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
Report a warning for unknown ARPHRD types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Add support for DSA data link types
For raw USB bus capture, use the snapshot length to set the
buffer size, and set the len field to reflect the length
in the URB (GitHub issue #808)
With a timeout of zero, wait indefinitely
Clean up support for some non-GNU libc C libraries
Add DLT_LINUX_SLL2 for cooked-mode captures
Probe CONFIGURATION descriptor of connected USB devices
Treat EPERM on ethtool ioctls as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
macOS:
Cope with getting EPWROFF from SIOCGIFMEDIA
Treat EPERM on SIOCGIFMEDIA as meaning "not supported", as
permissions checks are done before checking whether the
ioctl is supported at all
Treat ENXIO when reading packets as meaning "the interface
was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
FreeBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
NetBSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
OpenBSD:
Treat EIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
DragonFly BSD:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Solaris:
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
AIX:
Fix loading of BPF kernel extension
Treat ENXIO as meaning "the interface was removed"
Report "the interface disappeared", not "the interface went
down", if the interface was removed during a capture
Windows:
Make the snapshot length work even if pcap_setfilter()
isn't called
Fix compilation on Cygwin/MSYS
Add pcap_handle(), and deprecate pcap_fileno()
Report PCAP_ERROR_NO_SUCH_DEVICE for a non-existent device
Return an appropriate error message for device removed or
device unusable due to a suspend/resume
Report a warning for unknown NdisMedium types
Have pcap_breakloop() forcibly break out of a sleeping
capture loop
Clean up building DLL
Handle CRT mismatch for pcap_dump_fopen()
Map NdisMediumWirelessWan to DLT_RAW
Add AirPcap support in a module, rather than using
WinPcap/Npcap's support for it
Report the system error for PacketSetHwFilter() failures
Add support for getting and setting packet time stamp types
with Npcap
Have pcap_init() allow selecting whether the API should use
local code page strings or UTF-8 strings (including error
messages)
Haiku:
Add capture support
pip-audit is a prototype tool for scanning Python environments for
packages with known vulnerabilities. It uses the Python Packaging
Advisory Database via the PyPI JSON API as a source of vulnerability
reports.
Since pip is a command-line-tool, it does not have an official,
supported, importable API.
However, this does not mean that people haven't tried to import
pip, usually to end up with much headache when pip's maintainers
do routine refactoring.
This project attempts to provide an importable pip API, which is
fully compliant with the recommended method of using pip from your
program.
ResolveLib at the highest level provides a ``Resolver`` class that
includes dependency resolution logic. You give it some things, and
a little information on how it should interact with them, and it
will spit out a resolution result.
TigerVNC 1.12.0 is now available. Lots of changes have been made
since the last release, but the highlights are:
* The native viewer now supports full screen over a subset of
monitors (e.g. 2 out of 3), and reacts properly to monitors
being added or removed
* Recent server history in the native viewer
* The native viewer now has an option to reconnect if the connection
is dropped
* Translations are now enabled on Windows and macOS for the native
viewer
* The native viewer now respects the system security policy¹
Better handling of accented keys in the Java viewer
* The Unix servers can now listen to both a Unix socket and a
TCP port at the same time
* The network code in both the servers and the native viewer has
been restructured to give a more responsive experience
* The vncserver service now correctly handles settings set to
"0"
* Fixed the clipboard Unicode handling in both the native viewer
and the servers
* Support for pointer "warping" in Xvnc and the native viewer,
enabling e.g. FPS games
2021-10-28 version 3.19.1 (C++/Java/Python/PHP/Objective-C/C#/Ruby/JavaScript)
Bazel
* Ensure that release archives contain everything needed for Bazel (#9131)
* Align dependency handling with Bazel best practices (#9165)
JavaScript
* Fix `ReferenceError: window is not defined` when getting the global object (#9156)
Ruby
* Fix memory leak in MessageClass.encode (#9150)
20211021 6.3 release for upload to ftp.gnu.org
+ update release notes
+ add "ncu2openbsd" script, to illustrate how to update an OpenBSD
system to use a current ncurses release.
20211018
+ check for screen size-change in scr_init() and scr_restore(), in case
a screen dump does not match the current screen dimensions (report by
Frank Tkalcevic).
20211017
+ amend change for pkg-config to account for "none" being returned in
the libdir-path result rather than "no" (report by Gabriele Balducci).
20211016
+ build-fix for pmake with libtool.
+ improve make-tar.sh scripts, adding COPYING to tar file, and clean up
shellcheck warnings.
+ add link for "reset6" manpage in test-package ncurses6-doc
+ revise configure option --with-pkg-config-libdir, using the actual
search path from pkg-config or pkgconf using the output from --debug
(report by Pascal Pignard).
+ freeze ABI in ".map" files.
20211009
+ implement "+m" option in tabs program.
+ fill in some details for infoton -TD
+ fix spelling/consistency in several descriptions -TD
+ use vt420+lrmm in vt420 -TD
+ modify save_tty_settings() to avoid opening /dev/tty for cases other
than reset/init, e.g., for clear.
+ modify output of "toe -as" to show first description found rather
than the last.
+ improve tic checks for number of parameters of smglp, smgrp, smgtp,
and smgbp (cf: 20020525).
+ correct off-by-one comparison in last_char(), which did not allow
special case of ":" in a terminfo description field (cf: 20120407).
+ remove check in tic that assumes that none or both parameterized and
non-parameterized margin-setting capabilities are present
(cf: 20101002).
20211002
+ use return-value from vsnprintf to reallocate as needed to allow for
buffers larger than the screen size (report by "_RuRo_").
+ modify tset "-q" option to refrain from modifying terminal modes, to
match the documentation.
+ add section on margins to terminfo.5, adapted from X/Open Curses.
+ make tput/tset warning messages consistently using alias names when
those are used, rather than the underlying program's name.
+ improve tput usage message for aliases such as clear, by eliminating
tput-specific portions.
+ add a check in toe to ensure that a "termcap file" is text rather
than binary.
+ further build-fixes for OpenBSD 6.9, whose header files differ from
the other BSDs.
20210925
+ add kbeg to xterm+keypad to accommodate termcap applications -TD
+ add smglp and smgrp to vt420+lrmm, to provide useful data for the
"tabs" +m option -TD
+ build-fix for gcc 3.4.3 with Solaris10, which does not allow forward
reference of anonymous struct typedef.
+ modify tput to allow multiple commands per line.
+ minor fixes for tset manpage.
20210911
+ adjust ifdef in test_opaque.c to fix build with ncurses 5.7
+ add testing note for xterm-{hp|sco|sun} -TD
+ corrected description for ansi.sys-old -TD
+ add xterm+nopcfkeys, to fill in keys for xterm-hp, xterm-sun -TD
+ use hp+arrows in a few places -TD
+ use hp+pfk-cr in a few places -TD
20210905
+ correct logic in filtering of redefinitions (report by Sven Joachim,
cf: 20210828).
20210904
+ modify linux3.0 entry to reflect default mapping of shift-tab by
kbd 1.14 (report by Jan Engelhardt) -TD
+ add historical note to tput, curses-terminfo and curses-color
manpages based on source-code for SVr2, SVr3 and SVr4.
+ minor grammatical fixes for "it's" vs "its" (report by Nick Black).
+ amend fix for --disable-root-environ (report by Arnav Singh).
+ build-fix for compiling link_test
+ drop symbols GCC_PRINTF and GCC_SCANF from curses.h.in, to simplify
use (Debian #993179).
20210828
+ correct reversed check for --disable-root-environ (report/analysis
by Arnav Singh, cf: 20210626).
+ apply gcc format attribute to prototypes which use a va_list
parameter rather than a "..." variable-length parameter list
(prompted by discussion in a tmux pull-request).
+ modify configure scripts to filter out redefinitions of _XOPEN_SOURCE,
e.g., for NetBSD which generally supports 500, but 600 is needed for
ncursesw.
+ improve documentation for tparm and static/dynamic variables.
+ improve typography in terminfo.5 (patch by Branden Robinson).
20210821
+ improve tparm implementation of %P and %g, more closely matching
SVr4 terminfo.
+ move internals of TERMINAL structure to new header term.priv.h
+ add "check" rule for ncurses/Makefile
+ corrected tsl capability for terminator -TD
+ add check in tic to report instances where tparm would detect an
error in an expression (cf: 20201010).
+ correct a few places where SP->_pair_limit was used rather than
SP->_pair_alloc (cf: 20170812).
+ fix missing "%d" for setaf/setab code 8-15 in xterm+direct16 (report
by Florian Weimer) -TD
+ fix some documentation errata from OpenBSD changes.
+ update config.sub
20210814
+ add workaround for broken pcre2 package in Debian 10, from xterm #369.
20210807
+ ignore "--dynamic-linker" option in generated pkg/config files,
adapted from "distr1" patch.
+ add CF_SHARED_OPTS case for Haiku, from patch in haikuports.
20210731
+ add extensions in xterm+tmux and ecma+strikeout to ms-terminal,
but cancel the non-working Cr and Ms capabilities -TD
+ add foot and foot-direct -TD
20210724
+ add workaround for Windows Terminal's problems with CR/LF mapping to
ms-terminal (patch by Juergen Pfeifer).
+ review/update current Windows Terminal vs ms-terminal -TD
20210718
+ correct typo in "vip" comments (report by Nick Black), reviewed this
against Glink manual -TD
+ fill in some missing pieces for pccons, to make it comparable to the
vt220 entry -TD
+ modify mk-1st.awk to account for extra-suffix configure option
(report by Juergen Pfeifer).
+ change default for --disable-wattr-macros option to help packagers
who reuse wide ncursesw header file with non-wide ncurses library.
+ build-fix for test/test_opaque.c, for configurations without opaque
curses structs.
20210710
+ improve history section for tset manpage based on the 1BSD tarball,
which preceded BSD's SCCS checkins by more than three years.
+ improve CF_XOPEN_CURSES macro used in test/configure (report by Urs
Jansen).
+ further improvement of libtool configuration, adding a dependency of
the install.tic rule, etc., on the library in the build-tree.
+ update config.sub
20210703
+ amend libtool configuration to add dependency for install.tic, etc.,
in ncurses/Makefile on the lower-level libraries.
+ modify configure script to support ".PHONY" make program feature.
20210626
+ add configure option --disable-root-access, which tells ncurses to
disallow most file-opens by setuid processes.
+ use default colors in pccon "op" -TD
+ correct rmacs/smacs in aaa+dec, aaa+rv -TD
+ add hpterm-color2 and hp98550-color (Martin Trusler)
+ regenerate man-html documentation.
20210619
+ improve configure-macro used for dependencies of --disable-leaks such
as --with-valgrind
+ trim trailing blanks from files
20210612
+ fixes for scan-build, valgrind build/testing.
+ update config.guess
20210605
+ add a summary of ncurses-specific preprocessor symbols to curses.h
(prompted by discussion with Peter Farley, Bill Gray).
20210522
+ regenerate configure scripts with autoconf 2.52.20210509 to eliminate
an unnecessary warning in config.log (report by Miroslav Lichvar).
+ add a note in manual page to explain ungetch vs unget_wch (prompted
by discussion with Peter Farley).
+ add sp-funcs for erasewchar, killwchar.
+ modify wgetnstr, wgetn_wstr to improve compatibility with SVr4 curses
in its treatment of interrupt and quit characters (prompted by
report/testcase by Bill Gray)
+ update config.guess, config.sub
20210515
+ improve manual pages for wgetnstr, newwin (prompted by
report/testcase by Bill Gray).
20210508
+ modify tputs' error check to allow it to be used without first
calling tgetent or setupterm, noting that terminfo initialization
is required for supporting the terminfo delay feature (report by
Sebastiano Vigna).
+ fix several warnings from clang --analyze
+ add null-pointer check in comp_parse.c, when a "use=" clause refers
to a nonexisting terminal description (report/patch by Miroslav
Lichvar, cf: 20210227).
20210501
+ add a special case in the configure script to work around one of the
build-time breakages reported for OpenBSD 6 here:
https://www.mail-archive.com/bugs@openbsd.org/msg13200.html
There is no workaround for the other issue, a broken linker spec.
+ modify configure check for libtool to prevent accidental use of an
OpenBSD program which uses the same name.
+ update config.guess, config.sub
20210424
+ avoid using broken system macros for snprintf which interfere with
_nc_SLIMIT's conditionally adding a parameter when the string-hacks
configure option is enabled.
+ add a "all::" rule before the new "check" rule in test/Makefile.in
20210418
+ improve CF_LINK_FUNCS by ensuring that the source-file is closed
before linking to the target.
+ add "check" rules for headers in c++, progs and test-directories.
+ build-fix for termsort module when configured with termcap (reports
by Rajeev V Pillai, Rudi Heitbaum).
20210417
+ extend --disable-pkg-ldflags option to also control whether $LDFLAGS
from the build is provided in -config and .pc files (Debian #986764).
+ fix some cppcheck warnings, mostly style, in ncurses and c++
libraries and progs directory.
+ fix off-by-one limit for tput's processing command-line arguments
(patch by Hadrien Lacour).
20210403
+ fix some cppcheck warnings, mostly style, in ncurses library and
progs directory.
+ improve description of BSD-style padding in curs_termcap.3x
+ improved CF_C11_NORETURN macro, from byacc changes.
+ fix "--enable-leak" in CF_DISABLE_LEAKS to allow turning
leak-checking off later in a set of options.
+ relax modification-time comparison in CF_LINK_FUNCS to allow it to
accept link() function with NFS filesystems which change the mtime
on the link target, e.g., several BSD systems.
+ call delay_output_sp to handle BSD-style padding when tputs_sp is
called, whether directly or internally, to ensure that the SCREEN
pointer is passed correctly (reports by Henric Jungheim, Juraj
Lutter).
20210327
+ build-fixes for Solaris10 /bin/sh
+ fix some cppcheck warnings, mostly style, in ncurses test-programs,
form and menu libraries.
20210323
+ add configure option --enable-stdnoreturn, making the _Noreturn
keyword optional to ease transition (prompted by report by
Rajeev V Pillai).
20210320
+ improve parameter-checking in tput by forcing it to analyze any
extended string capability, e.g., as used in the Cs and Ms
capabilities of the tmux description (report by Brad Town,
cf: 20200531).
+ remove an incorrect free in the fallback (non-checking) version of
_nc_free_and_exit (report by Miroslav Lichvar).
+ correct use-ordering in some xterm-direct flavors -TD
+ add hterm, hterm-256color (Mike Frysinger)
+ if the build-time compiler accepts c11's _Noreturn keyword, use that
rather than gcc's attribute.
+ change configure-check for gcc's noreturn attribute to assume it is
a prefix rather than suffix, matching c11's _Noreturn convention.
+ add "lint" rule to c++/Makefile, e.g., with cppcheck.
20210313
+ improve configure CF_LD_SEARCHPATH macro used for ncurses*-config and
".pc" files, from dialog changes.
+ reduce dependency of math-library in test programs.
+ minor fixes for test_tparm.c (cf: 20210306)
+ mention "ncurses" prefix in curses_version() manpage (report by
Michal Bielinski).
20210306
+ improved test/test_tparm.c, by limiting the tests to capabilities
that might have parameters or padding, and combined with tputs test.
+ improve discussion of padding versus tparm and tputs in
man/curs_terminfo.3x
+ update portability note for FreeBSD in man/tput.1
20210227
+ modify tic/infocmp to eliminate unnecessary "\" to escape ":" in
terminfo format.
+ add check in tic for duplicate "use=" clauses.
20210220
+ improve tic warning when oc/op do not mention SGR 39/49 for xterm
compatible XT flag.
+ revert change to lib_addch.c in waddch_literal() from 20210130, since
the followup fix in PutCharLR() actually corrects the problem while
this change causes too-early filling/wrapping (report by Johannes
Altmanninger).
+ add/use vt220+pcedit and vt220+vtedit -TD
+ add scrt/securecrt and absolute -TD
+ add nel to xterm-new, though supported since X11R5 -TD
+ add/use xterm+nofkeys -TD
+ move use of ecma+italics from xterm-basic to xterm+nofkeys -TD
20210213
+ add test/back_ground.c, to exercise the wide-character background
functions.
+ add a check in _nc_build_wch() in case the background character is a
wide-character, rather than a new part of a multibyte character.
+ improve tracemunch's coverage of form/menu/panel libraries.
+ improve tracemunch's checking/reporting the type for the first
parameter, e.g., "WINDOW*" rather than "#1".
20210206
+ provide for wide-characters as background character in wbkgrnd
(report/testcase by Anton Vidovic)
+ add name for Fedora's pcre2 to configure check for "--with-pcre2"
option, from xterm #363 -TD
+ modify adjustment in PutCharLR to restore the cursor position before
writing to the lower-right corner, rather than decrementing the
cursor column, in case it was a double-width character (cf: 20210130).
20210130
+ correct an off-by-one in comparison in waddch_literal() which caused
scrolling when a double-cell character would not fit at the lower
right corner of the screen (report by Benno Schulenberg).
+ split-out att610+cvis, vt220+cvis, vt220+cvis8 -TD
+ add vt220-base, for terminal emulators which generally have not
supported att610's blinking cursor control -TD
+ use vt220+cvis in vt220, etc -TD
+ use att610+cvis, xterm+tmux and ansi+enq in kitty -TD
+ use vt220+cvis in st, terminology, termite since they ignore
blinking-cursor detail in att610+cvis -TD
20210123
+ modify package/config scripts to provide an explicit -L option for
cases when the loader search path has other directories preceding
the one in which ncurses is installed (report by Yuri Victorovich).
+ minor build-fixes in configure script and makefiles to work around
quirks of pmake.
20210116
+ add comment for linux2.6 regarding CONFIG_CONSOLE_TRANSLATIONS
(report by Patrick McDermott) -TD
+ make opts extension for getcchar work as documented for ncurses 6.1,
adding "-g" flag to test/demo_new_pair to illustrate.
20210109
+ fix errata in man/ncurses.3x from recent updates.
+ improve quoting/escaping in configure script, uses some features of
autoconf 2.52.20210105
20210102
+ update man/curs_memleaks.3x, to include <term.h> which declares
exit_terminfo.
+ clarify man/curs_terminfo.3x, to mention why the macro setterm is
defined in <curses.h>, and remove it from the list of prototypes
(prompted by patch by Graeme McCutcheon).
+ amend man/curs_terminfo.3x, to note that <curses.h> is required
for certain functions, e.g., those using chtype or attr_t for
types, as well as mvcur (cf: 20201031).
+ use parameter-names in prototypes in curs_sp_funcs.3x, for
consistency with other manpages.
20201227
+ update terminology entry to 1.8.1 -TD
+ fix some compiler-warnings which gcc8 reports incorrectly.
20201219
+ suppress hyphenation in generated html for manpages, to address
regression in upgrade of groff 1.22.2 to 1.22.3.
+ fix inconsistent sort-order in see-also sections of manpages (report
by Chris Bennett).
20201212
+ improve manual pages for form field-types.
20201205
+ amend build-fixes for gnat 10 to work with certain systems lacking
gprbuild (cf: 20200627).
+ eliminate an additional strlen and wsclen.
+ eliminate an unnecessary strlen in waddnstr() (suggested by Benjamin
Abendroth).
+ modify inopts manpage, separating the items for nodelay and notimeout
(patch by Benno Schulenberg).
+ correct mlterm3 kf1-kf4 (Debian #975322) -TD
+ add flash to mlterm3 -TD
20201128
+ add Smulx to alacritty (Christian Duerr).
+ add rep to PuTTY -TD
+ add putty+keypad -TD
+ add another fflush(stdout) in _nc_flush() to handle time-delays in
the middle of strings such as flash when the application uses
low-level calls rather than curses (cf: 20161217).
+ modify configure check for c89/c99 aliases of clang to use its
-std option instead, because some platforms, in particular macOS,
do not provide workable c89/c99 aliases.
20201121
+ fix some compiler-warnings in experimental Windows-10 driver.
+ add the definitions needed in recent configure-check for clang
(report by Steven Pitman).
20201114
+ fix some compiler-warnings in experimental Windows-10 driver.
+ modify a check for parameters in terminfo capabilities to handle the
special case where short extended capability strings were not
converted from terminfo to termcap format.
+ modify CF_MIXEDCASE_FILENAMES macro, adding darwin as special case
when cross-compiling (report by Eli Rykoff).
20201107
+ update kitty+common -TD
+ add putty+screen and putty-screen (suggested by Alexandre Montaron).
+ explain in ncurses.3x that functions in the tinfo library do not rely
upon wide-characters (prompted by discussion with Reuben Thomas).
20201031
+ modify MKterm.h.in so that it is not necessary to include <curses.h>
before <term.h> (prompted by discussion with Reuben Thomas).
+ review/improve synopsis for curs_sp_funcs.3x (prompted by discussion
with Reuben Thomas).
+ improve format of output in tic's check_infotocap() function, to
ensure that the messages contain only printable text.
+ modify configure-check for clang to verify that -Qunused-arguments
is supported. IBM's xlclang does not support it (report by Steven
Pitman).
20201024
+ provide workaround configure-check for bool when cross-compiling.
+ fix a potential indexing error in _nc_parse_entry(), seen with
Herlim's test data using address-sanitizer.
+ change a null-pointer check in set_curterm to a valid-string check,
needed in to tic's use-resolution when pad_char is cancelled
(report/testcase by Robert Sebastian Herlim)
+ improve tic's -c option to validate the number and type of parameters
and compare against expected number/type before deciding which set of
parameter-lists to use in tparm calls (report/testcase by Robert
Sebastian Herlim).
+ fix a link for tabs.1 manpage in announce.html.in (report by Nick
Black), as well as some fixes via linklint.
20201017
+ improve manpage typography.
+ improve discussion in curs_addch.3x of the use of unctrl to display
nonprintable characters.
+ add a note in terminfo.5 explaining that no-parameter strings such
as sgr0 or cnorm should not be used with tparm.
20201010
+ correct sgr in aaa+rv (report by Florian Weimer) -TD
+ fix some sgr inconsistencies in d230c, ibm6153, ibm6154,
ncrvt100an -TD
+ improve tic's check for errors detected in tparm (prompted by
discussion with Florian Weimer).
+ set output-mode to binary in experimental Windows-10 driver (Juergen
Pfeifer).
20201003
+ remove output-related checks for nl/nonl (report by Leon Winter).
+ change tmux's kbs to ^? (report by Premysl Eric Janouch)
+ simplify mlterm initialization with DECSTR -TD
+ fix a typo in man/curs_terminfo.3 (Reuben Thomas).
+ add tmux-direct (tmux #2370, Debian #895754)
+ add user-defined capabilities from mintty to Caps-ncurses, for
checking consistency with tic.
20200926
+ correct configure-check for gnurx library.
+ regenerate llib-* files.
+ modify tracemunch and the panel library to show readable traces for
panel- and user-pointers.
20200919
+ update mlterm3 for 3.9.0 (report by Premysl Eric Janouch) -TD
20200918
+ corrected condition for appending curses.events to the generated
curses.h (report by Sven Joachim, Debian #970545).
20200912
+ add configure-check for systre/tre with mingw configuration, to get
the library-dependencies as seen in msys2 configuration for mingw64.
+ build-fixes for the win32-driver configuration.
+ use more defensive binary mode setting for Win32 (Juergen Pfeifer).
20200907
+ fix regression in setupterm validating non-empty $TERM (report by
Soren Tempel).
20200906
+ merge/adapt in-progress work by Juergen Pfeifer for new version of
win32-driver.
+ correct description of vt330/vt340 (Ross Combs).
20200831
+ build-fix for awk-scripts modified for win32-driver (report by Werner
Fink).
20200829
+ remove a redundant NCURSES_EXPORT as a build-fix for "Maarten
Anonymous".
+ merge/adapt in-progress work by Juergen Pfeifer for new version of
win32-driver.
+ modify configure script, moving gcc -Werror options to EXTRA_CFLAGS
to avoid breaking configure-checks (adapted from ongoing work on
mawk and lynx).
> errata for terminfo.src (report by Florian Weimer):
+ correct icl6404 csr
+ correct ti916 cup
+ improve ndr9500
20200822
+ improve version-number extraction in MKlib_gen.sh
+ make the test-package for manpages installable by adjusting the
man_db.renames file.
+ correct an off-by-one loop-limit in convert_strings function
(report by Yue Tai).
+ add CF_SHARED_OPTS cases for HPE NonStop systems (Randall S Becker).
+ modify CF_SHARED_OPTS case for NetBSD to use the same "-shared"
option for the non-rpath case as for the rpath case, to allow gcc to
provide suitable runtime initialization (report by Rajeev V Pillai).
20200817
+ reduce build-warnings by excluding ncurses-internals from deprecation
warnings.
+ mark wgetch-events feature as deprecated.
+ add definition for $(LIBS) to ncurses/Makefile.in, to simplify builds
using the string-hacks option.
+ prevent KEY_EVENT from appearing in curses.h unless the configure
option --enable-wgetch-events is used (report by Werner Fink).
20200816
+ amend tic/infocmp check to allow for the respective tool's absence
(report by Steve Wills, cf: 20200808).
+ improved some of the build-scripts with shellcheck
+ filter out -MT/-MD/-MTd/-MDd options in script for Visual Studio C++
(discussion with "Maarten Anonymous").
20200808
+ improve discussion of the system's tic utility when used as part
of cross-compiling (discussion with Keith Marshall).
+ modify configuration checks for build-time tic/infocmp to use
AC_CHECK_TOOL. That can still be overridden by --with-tic-path and
--with-infocmp-path when fallbacks are used, but even if not using
fallbacks, the improved check may help with cross-compiling
(discussion with Keith Marshall).
+ other build-fixes for Ada95 with MinGW.
+ modify Ada95 source-generation utility to write to a file given as
parameter rather than to the standard output, allowing builds with
MinGW.
20200801
+ remove remaining parts of checks for ISC Unix (cf: 20121006).
+ add user32.lib to LDFLAGS for Visual Studio C++ configuration
(discussion with "Maarten Anonymous").
+ modify MKkey_defs.sh to hide ncurses' definition of KEY_EVENTS to
reduce Visual Studio C++ redefinition warnings.
+ improve/update checks for external functions in test/configure
20200725
+ set LINK_TESTS in CF_SHARED_OPTS for msvc (patch by
"Maarten Anonymous")
+ improved workaround for redefinition-warnings for KEY_EVENT.
+ improve man/term.5 section on legacy storage format (report by
Florian Weimer).
20200718
+ reduce redefinition-warnings for KEY_EVENT when building with Visual
Studio C++.
+ define NCURSES_STATIC when compiling programs to link with static
libraries, to work with MinGW vs Visual Studio C++.
> additional changes for building with Visual Studio C++ and msys2
(reports/patches by "Maarten Anonymous")
+ modify c++/Makefile.in to set the current directory while compiling
the main program, so the linker can find related objects.
+ several changes to allow the c++/demo program to compile/link.
+ change an ifdef in test-directory, to use VC++ wide-character funcs.
20200711
+ fix pound-sign mapping in acsc of linux2.6 entry (report by Ingo
Bruckl).
+ additional changes for building with Visual Studio C++ and msys2
(reports/patches by "Maarten Anonymous")
+ build-improvements for Windows 10 and MinGW (patch by Juergen
Pfeifer).
+ fix a typo in curs_printw.3x (patch by William Pursell).
+ fix two errors in infotocap which allowed indexing outside the
buffer (report/testcases by Zhang Gan).
+ update length of strings in infocmp's usage function to restore a
trailing null on the longest string (report/testcase by Zhang Gen).
20200704
+ modify version-check with Ada generics to use the same pattern as in
the check for supported gnat versions (report by Pascal Pignard).
> additional changes for building with Visual Studio C++ and msys2
(patches by "Maarten Anonymous"):
+ adjust headers/declarations to provide for "dllimport" vs "dllexport"
declarations when constructing DLLs, to worko with Visual Studio C++.
20200627
+ build-fixes for gnat 10.1.1, whose gnatmake drops integration with
gprbuild.
+ correct buffer-length in test/color_name.h
20200613
+ update list of functions in ncurses.3x
+ move dlclose() call from lib_mouse.c to delscreen() to avoid a case
in the former which could be called from SIGTSTP handler (Debian
#961097).
20200606
+ add xterm+256color2, xterm+88color2, to deprecate nonstandard usage
in xterm+256color, xterm+88color -TD
+ add shifted Linux console keys in linux+sfkeys entry for
screen.linux (report by Alexandre Montaron).
+ use vt100+enq in screen (report by Alexandre Montaron).
+ add screen.linux-s alias (suggested by Alexandre Montaron).
20200531
+ correct configure version-check/warnng for g++ to allow for 10.x
+ re-enable "bel" in konsole-base (report by Nia Huang)
+ add linux-s entry (patch by Alexandre Montaron).
+ drop long-obsolete convert_configure.pl
+ add test/test_tparm.c, for checking tparm changes.
+ improve parameter-checking for tparm, adding function _nc_tiparm() to
handle the most-used case, which accepts only numeric parameters
(report/testcase by "puppet-meteor").
+ use a more conservative estimate of the buffer-size in lib_tparm.c's
save_text() and save_number(), in case the sprintf() function
passes-through unexpected characters from a format specifier
(report/testcase by "puppet-meteor").
+ add a check for end-of-string in cvtchar to handle a malformed
string in infotocap (report/testcase by "puppet-meteor").
20200523
+ update version-check for gnat to allow for gnat 10.x to 99.x
+ fix an uninitialized variable in lib_mouse.c changes (cf: 20200502)
+ add a check in EmitRange to guard against repeat_char emitting digits
which could be interpreted as BSD-style padding when --enable-bsdpad
is configured (report/patch by Hiltjo Posthuma).
+ add --disable-pkg-ldflags to suppress EXTRA_LDFLAGS from the
generated pkg-config and ncurses*-config files, to simplify
configuring in the case where rpath is used but the packager wants
to hide the feature (report by Michael Stapelberg).
> fixes for building with Visual Studio C++ and msys2 (patches by
"Maarten Anonymous"):
+ modify CF_SHARED_OPTS to generate a script which translates linker
options into Visual Studio's dialect.
+ omit parentheses around function-names in generated lib_gen.c to
work around a Visual Studio C++ limitation.
20200516
+ add notes on termcap.h header in curs_termcap.3x
+ update notes on vscode / xterm.js -TD
20200509
+ add "-r" option to the dots test-programs, to help with scripting
a performance comparison.
+ build-fix test/move_field.c for NetBSD curses, whose form headers
use different names than SVr4 or ncurses.
20200502
+ add details on the change to Linux SGR 21 in 2018 -TD
+ add xterm-direct16 and xterm-direct256 -TD
+ modify lib_mouse.c to check for out-of-range button numbers, convert
those to position reports.
20200425
+ use vt100+fnkeys in putty -TD
+ fix a typo in tput.1; "columns" should be "cols".
20200418
+ improve tracemunch logic for "RUN" compaction.
+ fix a special case in wresize() where copying the old text did not
check if the last cell on a row was the beginning of a fullwidth
character (adapted from patch by Benno Schulenberg).
+ use vt52+keypad in xterm-vt52, from xterm #354 -TD
+ improve see-also section of user_caps.5
20200411
+ fix find_pair(), overlooked when refactoring for _nc_reserve_pairs()
(report/testcase by Brad Town, cf: 20170812).
+ add a trailing null for magic-string in putwin, flagged by gcc 10
+ update check for gcc version versus gnat to work with gcc 10.x
20200404
+ modify -fvisibility check to work with g++
> fixes for building with Visual Studio C++ and msys2 (patches by
"Maarten Anonymous"):
+ add configure option and check for gcc -fvisibility=hidden feature
+ define NCURSES_NOMACROS in lib_gen.c to work around Visual Studio
C++ preprocessor limitations.
+ modify some of the configure-macros, as well as mk-1st.awk to work
with Visual Studio C++ default filenaming.
20200328
+ correct length of buffer copied in dup_field().
+ remove "$(srcdir)/" from path of library.gpr, needed for out-of-tree
builds of Ada95 (patch by Adam Van Ymeren).
20200321
+ improve configure-checks to reduce warnings about unused variables.
+ improve description of error-returns in waddch and waddnstr manual
pages (prompted by patch by Benno Schulenberg).
+ add test/move_field.c to demonstrate move_field(), and a stub for
a corresponding demo of dup_field().
20200314
+ add history note to curs_scanw.3x for <stdarg.h> and <varargs.h>
+ add history note to curs_printw.3x for <stdarg.h> and <varargs.h>
+ add portability note to ncurses.3x regarding <stdarg.h>
20200308
+ update copyright notices in test-packages.
+ modify tracemunch to guard against errors in its known_p1 table.
+ add several --with-xxx-libname options, to help with pkgsrc (prompted
by discussion with Thomas Klausner).
20200301
+ modify wbkgd() and wbkgrnd() to avoid storing a null in the
background character, because it may be used in cases where the
corresponding 0x80 is not treated as a null (report by Marc Rechte,
cf: 20181208).
20200229
+ modify CF_NCURSES_CONFIG to work around xcode's c99 "-W" option,
which conflicts with conventional use for passing linker options.
> fixes for building with Visual Studio C++ and msys2 (patches by
"Maarten Anonymous"):
+ check for pcre2posix.h instead of pcre2-posix.h
+ add case in CF_SHARED_OPTS for msys2 + msvc
+ add fallback definition for STDIN_FILENO in progs.priv.h
+ modify win_driver.c to use _alloca() rather than gcc's variable
length array feature.
+ add NCURSES_IMPEXP to ncurses wrapped-variable declarations
+ remove NCURSES_IMPEXP from class variables in c++/cursslk.h
+ remove fallback prototype for exit() from c++/etip.h.in
+ use configured check for <sys/time.h> in a couple of places
+ conditionally include winsock.h in ncurses/win32con/gettimeofday.c,
because Visual Studio needs this for the timestruct declaration.
+ adjust syntax in a couple of files using the NCURSES_API symbol.
20200222
+ expanded note in ncurses.3x regarding automatically-included headers
+ improve vt50h and vt52 based on DECScope manual -TD
+ add/use vt52+keypad and vt52-basic -TD
+ check/workaround for line-too-long in Ada95 generate utility when
building out-of-tree.
+ improve/update HEADER_DEPS in */Makefile.in
+ add "check" rule to include/Makefile, to demonstrate that the headers
include all of the required headers for the types used.
20200215
+ improve manual page for panel library, extending the portability
section as well as documenting error-returns.
+ show tic's version when installing terminal database in run_tic.sh
+ correct check for gcc vs other compilers used in ncurses 6.0, from
FreeBSD patch by Kyle Evans (cf: 20150725).
+ add notes for 6.2 to INSTALL.
GStreamer is a library that allows the construction of graphs of
media-handling components, ranging from simple mp3 playback to complex
audio (mixing) and video (non-linear editing) processing.
Applications can take advantage of advances in codec and filter technology
transparently. Developers can add new codecs and filters by writing a
simple plugin with a clean, generic interface.
This package provides the OpenH264 plugin for GStreamer, which is an
encoder and decoder for Advanced Video Coding (AVC, or H.264) video.
Sigil-1.8.0
Bug Fixes:
- Reports now generate properly quoted csv when saved
- Workaround Bug in QtWebengine when using custom scheme handler and specific audio/video codecs
- Fix CV -> Preview sync after intial load when Preview Zoom is not equal to 100%
- Fix link tags with rel set to stylesheets via Mend and Mend and Prettify that are missing type
- Fix GoToLinkOrStyle to work on css link tags in head
- Fix logic in GoToLinkOrStyle to better identify the actual target with styles
- Fix insert media file when cursor at very start of tag
- Fix Windows and macOS bugs when generating Keyboard Shortcuts
- Fix insert closing tag when cursor at very start of tag
- Fix double copy to Clipboard from OPF and NCX Tabs
- Fix GoToLinkOrStyle when class attribute present but cursor not in the class attribute
- Fix TabManager scroll to position to properly handle position of 0
- Fix crash using Split At Markers when body tag is completely empty (no whitespace or anything)
New Features:
- BookBrowser can now link javascripts similarly to how it links stylesheets
- Epub3 javascripts can now open windows if javascript is enabled
- Add Find and Replace context menu to clear its curent values and history
- Add support for 3 Automation lists that support editing and automatically running a list of
commands that can include all Sigil plugins and a limited set of Tools
- Add support for BookBrowser to insert a blank javascript file
- Do not require replacement prompt if current book is unmodified and input plugin is run
OpenH264 is a codec library which supports H.264 encoding and decoding.
It is suitable for use in real time applications such as WebRTC.
Work by tnn, ryoon, myself
## [3.3.1] - 10.11.2021
### Fixed
- Fix completion for symbols in commands with incomplete braces
- Do not produce syntax errors for macro parameters inside special command arguments
- Fix a bug that sometimes causes the `aux` file to pick up the diagnostics of the `tex` file
- Fix a bug that sometimes prevents `log` files from being reanalyzed
ver 0.23.4 (2021/11/11)
* protocol
- add optional position parameter to "searchaddpl"
* decoder
- ffmpeg: support libavcodec 59
* output
- alsa: add option "thesycon_dsd_workaround" to work around device bug
* fix crash on debug builds if startup fails
* systemd
- remove "RuntimeDirectory" directive because it caused problems
- ignore the "pid_file" setting if started as systemd service
* Windows
- enable the "openmpt" decoder plugin
Python 3.9.9 final
Core and Builtins
bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo.
Library
bpo-45235: Reverted an argparse bugfix that caused regression in the handling of default arguments for subparsers. This prevented leaf level arguments from taking precedence over root level arguments.
bpo-45765: In importlib.metadata, fix distribution discovery for an empty path.
bpo-45644: In-place JSON file formatting using python3 -m json.tool infile infile now works correctly, previously it left the file empty. Patch by Chris Wesseling.
Documentation
bpo-45772: socket.socket documentation is corrected to a class from a function.
bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor.
Windows
bpo-45732: Updates bundled Tcl/Tk to 8.6.12.
bpo-45720: Internal reference to shlwapi.dll was dropped to help improve startup time. This DLL will no longer be loaded at the start of every Python process.
PostgreSQL 14.1, 13.5, 12.9, 11.14, 10.19, and 9.6.24
Security Issues
CVE-2021-23214: Server processes unencrypted bytes from man-in-the-middle
Versions Affected: 9.6 - 14. The security team typically does not test unsupported versions, but this problem is quite old.
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
The PostgreSQL project thanks Jacob Champion for reporting this problem.
CVE-2021-23222: libpq processes unencrypted bytes from man-in-the-middle
Versions Affected: 9.6 - 14. The security team typically does not test unsupported versions, but this problem is quite old.
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.
If more preconditions hold, the attacker can exfiltrate the client's password or other confidential data that might be transmitted early in a session. The attacker must have a way to trick the client's intended server into making the confidential data accessible to the attacker. A known implementation having that property is a PostgreSQL configuration vulnerable to CVE-2021-23214.
As with any exploitation of CVE-2021-23214, the server must be using trust authentication with a clientcert requirement or using cert authentication. To disclose a password, the client must be in possession of a password, which is atypical when using an authentication configuration vulnerable to CVE-2021-23214. The attacker must have some other way to access the server to retrieve the exfiltrated data (a valid, unprivileged login account would be sufficient).
The PostgreSQL project thanks Jacob Champion for reporting this problem.
Bug Fixes and Improvements
This update fixes over 40 bugs that were reported in the last several months. The issues listed below affect PostgreSQL 14. Some of these issues may also affect other supported versions of PostgreSQL.
Some of these fixes include:
Fix physical replication for cases where the primary crashes after shipping a WAL segment that ends with a partial WAL record. When applying this update, update your standby servers before the primary so that they will be ready to handle the fix if the primary happens to crash.
Fix parallel VACUUM so that it will process indexes below the min_parallel_index_scan_size threshold if the table has at least two indexes that are above that size. This problem does not affect autovacuum. If you are affected by this issue, you should reindex any manually-vacuumed tables.
Fix causes of CREATE INDEX CONCURRENTLY and REINDEX CONCURRENTLY writing corrupt indexes. You should reindex any concurrently-built indexes.
Fix for attaching/detaching a partition that could allow certain INSERT/UPDATE queries to misbehave in active sessions.
Fix for creating a new range type with CREATE TYPE that could cause problems for later event triggers or subsequent executions of the CREATE TYPE command.
Fix updates of element fields in arrays of a domain that is a part of a composite.
Disallow the combination of FETCH FIRST WITH TIES and FOR UPDATE SKIP LOCKED.
Fix corner-case loss of precision in the numeric power() function.
Fix restoration of a Portal's snapshot inside a subtransaction, which could lead to a crash. For example, this could occur in PL/pgSQL when a COMMIT is immediately followed by a BEGIN ... EXCEPTION block that performs a query.
Clean up correctly if a transaction fails after exporting its snapshot. This could occur if a replication slot was created then rolled back, and then another replication slot was created in the same session.
Fix for "overflowed-subtransaction" wraparound tracking on standby servers that could lead to performance degradation.
Ensure that prepared transactions are properly accounted for during promotion of a standby server.
Ensure that the correct lock level is used when renaming a table.
Avoid crash when dropping a role that owns objects being dropped concurrently.
Disallow setting huge_pages to on when shared_memory_type is sysv
Fix query type checking in the PL/pgSQL RETURN QUERY.
Several fixes for pg_dump, including the ability to dump non-global default privileges correctly.
Use the CLDR project's data to map Windows time zone names to IANA time zones.
This update also contains tzdata release 2021e for DST law changes in Fiji, Jordan, Palestine, and Samoa, plus historical corrections for Barbados, Cook Islands, Guyana, Niue, Portugal, and Tonga.
Also, the Pacific/Enderbury zone has been renamed to Pacific/Kanton. Also, the following zones have been merged into nearby, more-populous zones whose clocks have agreed with them since 1970: Africa/Accra, America/Atikokan, America/Blanc-Sablon, America/Creston, America/Curacao, America/Nassau, America/Port_of_Spain, Antarctica/DumontDUrville, and Antarctica/Syowa. In all these cases, the previous zone name remains as an alias.
