openSUSE Commits
Threads by month
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
October 2023
- 1 participants
- 2656 discussions
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ft2-clone for openSUSE:Factory checked in at 2023-10-31 20:26:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ft2-clone (Old)
and /work/SRC/openSUSE:Factory/.ft2-clone.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ft2-clone"
Tue Oct 31 20:26:09 2023 rev:6 rq:1121391 version:1.73
Changes:
--------
--- /work/SRC/openSUSE:Factory/ft2-clone/ft2-clone.changes 2023-10-05 20:06:15.337438027 +0200
+++ /work/SRC/openSUSE:Factory/.ft2-clone.new.17445/ft2-clone.changes 2023-10-31 20:26:29.263676570 +0100
@@ -1,0 +2,8 @@
+Mon Oct 30 18:53:32 UTC 2023 - Martin Hauke <mardnh(a)gmx.de>
+
+- Update to version 1.73
+ * Sample editor: Shift + mouse-wheel = scroll sample data view
+- Update to version 1.72
+ * Block Cut (ALT+F3) and Block Copy (ALT+F4) was broken in v1.70
+
+-------------------------------------------------------------------
Old:
----
ft2-clone-1.71.tar.gz
New:
----
ft2-clone-1.73.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ft2-clone.spec ++++++
--- /var/tmp/diff_new_pack.4TWRje/_old 2023-10-31 20:26:30.079706544 +0100
+++ /var/tmp/diff_new_pack.4TWRje/_new 2023-10-31 20:26:30.079706544 +0100
@@ -17,7 +17,7 @@
Name: ft2-clone
-Version: 1.71
+Version: 1.73
Release: 0
Summary: Fasttracker II clone
License: BSD-3-Clause AND CC-BY-NC-SA-4.0
++++++ ft2-clone-1.71.tar.gz -> ft2-clone-1.73.tar.gz ++++++
++++ 2842 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package urh for openSUSE:Factory checked in at 2023-10-31 20:26:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/urh (Old)
and /work/SRC/openSUSE:Factory/.urh.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "urh"
Tue Oct 31 20:26:07 2023 rev:42 rq:1121390 version:2.9.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/urh/urh.changes 2023-10-17 20:24:28.642187754 +0200
+++ /work/SRC/openSUSE:Factory/.urh.new.17445/urh.changes 2023-10-31 20:26:27.963628820 +0100
@@ -1,0 +2,8 @@
+Mon Oct 30 21:49:23 UTC 2023 - Martin Hauke <mardnh(a)gmx.de>
+
+- Update to version 2.9.5
+ * Fix error in WSPChecksum.
+ * Bias-T checkbox for RTL-SDR device settings screen.
+ * Add noexcept to fix compiling of cythonext.
+
+-------------------------------------------------------------------
Old:
----
urh-2.9.4.tar.gz
New:
----
urh-2.9.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ urh.spec ++++++
--- /var/tmp/diff_new_pack.qD8GBP/_old 2023-10-31 20:26:28.707656148 +0100
+++ /var/tmp/diff_new_pack.qD8GBP/_new 2023-10-31 20:26:28.711656295 +0100
@@ -18,7 +18,7 @@
Name: urh
-Version: 2.9.4
+Version: 2.9.5
Release: 0
Summary: Tool for investigating unknown wireless protocols
License: GPL-3.0-only
++++++ urh-2.9.4.tar.gz -> urh-2.9.5.tar.gz ++++++
/work/SRC/openSUSE:Factory/urh/urh-2.9.4.tar.gz /work/SRC/openSUSE:Factory/.urh.new.17445/urh-2.9.5.tar.gz differ: char 13, line 1
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package inspectrum for openSUSE:Factory checked in at 2023-10-31 20:26:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/inspectrum (Old)
and /work/SRC/openSUSE:Factory/.inspectrum.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "inspectrum"
Tue Oct 31 20:26:07 2023 rev:7 rq:1121389 version:0.3.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/inspectrum/inspectrum.changes 2021-06-06 22:41:06.515448092 +0200
+++ /work/SRC/openSUSE:Factory/.inspectrum.new.17445/inspectrum.changes 2023-10-31 20:26:26.843587681 +0100
@@ -1,0 +2,60 @@
+Mon Oct 30 22:03:17 UTC 2023 - Martin Hauke <mardnh(a)gmx.de>
+
+- Update to version 0.3.1
+ * Merge pull request #221 from kwesthaus/file-format-documentation
+ * Merge pull request #184 from jacobagilbert/sigmf_partial_ext
+ * Include format specifiers in help text
+ * Include all format specifiers in README
+ * Allow specifying cs32 file format in command line
+ * Fix README typo in cs32 file format description
+ * add support to read files that end in '.sigmf-'
+- Update to version 0.3.0
+ * PlotView: use QWheelEvent::position when available
+ * Merge pull request #216 from schneider42/schneier/description-fallback
+ * Merge pull request #218 from otanim/main
+ * Merge branch 'overlapping-annotations'
+ * Merge branch 'spectrogram-timing'
+ * Handle tooltip comments of overlapping annotations
+ * Improve spectrogram time alignment
+ * Merge pull request #215 from daniestevez/annotation-comments
+ * Display annotation comments as tooltips
+ * fallback to core:description for anno label
+ * Merge pull request #214 from catkira/add_ci32
+ * add support for sigmf ci32 files this is needed to import
+ sigmf files written by SDRangel
+ * Merge pull request #212 from miek/miek-patch-1
+ * actions: add Ubuntu 22.04 & remove Ubuntu 18.04
+ * Merge pull request #211 from argilo/more-cursor-symbols
+ * Merge pull request #210 from argilo/fix-cursor-overflow
+ * Allow up to 99,999 symbols
+ * Fix integer overflow in cursor segment drawing
+ * Add note about 64-bit sample truncation
+ * Add support for complex double (cf64)
+ * Added support for float64 files.
+ * sigmf: use core:label for annotations
+ * sigmf: construct Annotations in-place
+ * Adding checkbox to show / hide SigMF annotations
+ * actions: run apt update
+ * sigmf: Use QT to parse the json
+ * Run actions workflow on PR & schedule
+ * Handle global offset in SigMF annotation indices
+ * Add a progress bar for sample export
+ * IRC channel moved to libera.chat
+ * actions: update homebrew qt package name
+ * Clear SigMF annotations on new file load
+ * Add libsigmf dep
+ * Update README with SigMF support & cmake version
+ * Test build on more Ubuntu releases
+ * Update minimum CMake version
+ * make a `src` directory
+ * use make_unique instead of new
+ * inputsource: add missing virtual destructor for SampleAdapter
+ * spectrogramplot: use bind as bind1st is deprecated
+ * spectrogramplot: match types for std::max to fix mac build
+ * feat(sigmf): Only compile support if libsigmf is found
+ * fix(mainwindow): Only update the sample rate text box if needed
+ * feat(sigmf): Add support for SigMF recordings
+ * fix(spectrogramplot): Avoid infinite loop at extremely high
+ sample rates
+
+-------------------------------------------------------------------
Old:
----
inspectrum-0.2.3.tar.gz
New:
----
inspectrum-0.3.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ inspectrum.spec ++++++
--- /var/tmp/diff_new_pack.crFD03/_old 2023-10-31 20:26:27.623616332 +0100
+++ /var/tmp/diff_new_pack.crFD03/_new 2023-10-31 20:26:27.623616332 +0100
@@ -1,8 +1,8 @@
#
# spec file for package inspectrum
#
-# Copyright (c) 2021 SUSE LLC
-# Copyright (c) 2015-2020, Martin Hauke <mardnh(a)gmx.de>
+# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2015-2023, Martin Hauke <mardnh(a)gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: inspectrum
-Version: 0.2.3
+Version: 0.3.1
Release: 0
Summary: A tool for analysing captured signals from SDRs
License: GPL-3.0-or-later
@@ -37,8 +37,8 @@
BuildRequires: pkgconfig(fftw3f)
Requires(post): hicolor-icon-theme
Requires(post): update-desktop-files
-Requires(postun): hicolor-icon-theme
-Requires(postun): update-desktop-files
+Requires(postun):hicolor-icon-theme
+Requires(postun):update-desktop-files
%description
A tool for analysing captured signals, primarily from software-defined radio receivers
++++++ inspectrum-0.2.3.tar.gz -> inspectrum-0.3.1.tar.gz ++++++
++++ 8901 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package limesuite for openSUSE:Factory checked in at 2023-10-31 20:26:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/limesuite (Old)
and /work/SRC/openSUSE:Factory/.limesuite.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "limesuite"
Tue Oct 31 20:26:05 2023 rev:19 rq:1121388 version:23.10.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/limesuite/limesuite.changes 2023-04-25 16:44:37.486867403 +0200
+++ /work/SRC/openSUSE:Factory/.limesuite.new.17445/limesuite.changes 2023-10-31 20:26:24.635506578 +0100
@@ -1,0 +2,14 @@
+Sun Oct 29 00:18:39 UTC 2023 - Wojciech Kazubski <wk(a)ire.pw.edu.pl>
+
+- Update to version 23.10.0
+ * API version info in src/VersionInfo.h
+ * SoapyLMS7: added reference clock and clock source functions
+ * Fix usage of -march=native compile flag
+ * Fix hard-to-read log text on dark mode themes
+ * Fix OpenGL graph on Retina displays
+ * GCC and MSVC warning fixes
+ * Fix CMAKE_AUTOSET_INSTALL_RPATH option
+- Patch limesuite-add-missing-includes.patch removed (applied
+ upstream)
+
+-------------------------------------------------------------------
Old:
----
limesuite-22.09.1.tar.xz
limesuite-add-missing-includes.patch
New:
----
limesuite-23.10.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ limesuite.spec ++++++
--- /var/tmp/diff_new_pack.j9nebx/_old 2023-10-31 20:26:25.391534346 +0100
+++ /var/tmp/diff_new_pack.j9nebx/_new 2023-10-31 20:26:25.395534494 +0100
@@ -17,11 +17,11 @@
#
-%define sover 22_09-1
+%define sover 23_10-0
%define libname libLimeSuite%{sover}
%define soapy_modver 0.8
Name: limesuite
-Version: 22.09.1
+Version: 23.10.0
Release: 0
Summary: Collection of software supporting LMS7-based hardware
License: Apache-2.0
@@ -30,7 +30,6 @@
#Git-Clone: https://github.com/myriadrf/LimeSuite.git
Source: https://github.com/myriadrf/LimeSuite/archive/v%{version}.tar.gz#/%{name}-%…
# PATCH-FIX-UPSTREAM limesuite-add-missing-includes.patch -- Add missing include
-Patch: limesuite-add-missing-includes.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: gnuplot
@@ -84,7 +83,6 @@
%prep
%setup -q -n LimeSuite-%{version}
-%autopatch -p1
# HACK: set udev permissions to 666
sed -i 's|MODE="660"|MODE="666"|g' udev-rules/64-limesuite.rules
++++++ limesuite-22.09.1.tar.xz -> limesuite-23.10.0.tar.xz ++++++
++++ 277971 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package eclipse-jgit for openSUSE:Factory checked in at 2023-10-31 20:26:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/eclipse-jgit (Old)
and /work/SRC/openSUSE:Factory/.eclipse-jgit.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "eclipse-jgit"
Tue Oct 31 20:26:03 2023 rev:15 rq:1121387 version:5.11.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/eclipse-jgit/eclipse-jgit.changes 2023-10-10 21:03:11.264364894 +0200
+++ /work/SRC/openSUSE:Factory/.eclipse-jgit.new.17445/eclipse-jgit.changes 2023-10-31 20:26:23.087449717 +0100
@@ -1,0 +2,7 @@
+Wed Oct 11 08:47:23 UTC 2023 - Fridrich Strba <fstrba(a)suse.com>
+
+- Modified patch:
+ * jgit-apache-sshd-2.7.0.patch
+ + extend even more apache-sshd version span
+
+-------------------------------------------------------------------
jgit.changes: same change
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
jgit.spec: same change
++++++ jgit-apache-sshd-2.7.0.patch ++++++
--- /var/tmp/diff_new_pack.8dx5Bs/_old 2023-10-31 20:26:23.887479102 +0100
+++ /var/tmp/diff_new_pack.8dx5Bs/_new 2023-10-31 20:26:23.891479249 +0100
@@ -30,31 +30,31 @@
- org.apache.sshd.server.subsystem;version="[2.6.0,2.7.0)",
- org.apache.sshd.sftp;version="[2.6.0,2.7.0)",
- org.apache.sshd.sftp.server;version="[2.6.0,2.7.0)",
-+Import-Package: org.apache.sshd.common;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.config.keys;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.file.virtualfs;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.helpers;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.io;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.kex;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.keyprovider;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.session;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.signature;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.buffer;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.logging;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.security;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.threads;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.core;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.auth;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.auth.gss;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.auth.keyboard;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.auth.password;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.command;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.session;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.shell;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.subsystem;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.sftp;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.sftp.server;version="[2.7.0,2.10.0)",
++Import-Package: org.apache.sshd.common;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.config.keys;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.file.virtualfs;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.helpers;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.io;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.kex;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.keyprovider;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.session;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.signature;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.buffer;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.logging;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.security;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.threads;version="[2.7.0,2.11.0)",
++ org.apache.sshd.core;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.auth;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.auth.gss;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.auth.keyboard;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.auth.password;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.command;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.session;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.shell;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.subsystem;version="[2.7.0,2.11.0)",
++ org.apache.sshd.sftp;version="[2.7.0,2.11.0)",
++ org.apache.sshd.sftp.server;version="[2.7.0,2.11.0)",
org.eclipse.jgit.annotations;version="[5.11.0,5.12.0)",
org.eclipse.jgit.api;version="[5.11.0,5.12.0)",
org.eclipse.jgit.api.errors;version="[5.11.0,5.12.0)",
@@ -110,51 +110,51 @@
- org.apache.sshd.sftp;version="[2.6.0,2.7.0)",
- org.apache.sshd.sftp.client;version="[2.6.0,2.7.0)",
- org.apache.sshd.sftp.common;version="[2.6.0,2.7.0)",
-+ org.apache.sshd.agent;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.auth;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.auth.keyboard;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.auth.password;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.auth.pubkey;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.channel;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.config.hosts;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.config.keys;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.future;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.keyverifier;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.session;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.client.session.forward;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.auth;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.channel;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.compression;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.config.keys;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.config.keys.loader;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.config.keys.loader.openssh.kdf;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.digest;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.forward;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.future;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.helpers;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.io;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.kex;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.keyprovider;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.mac;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.random;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.session;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.session.helpers;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.signature;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.buffer;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.closeable;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.io;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.io.resource;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.logging;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.net;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.security;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.core;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.auth;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.sftp;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.sftp.client;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.sftp.common;version="[2.7.0,2.10.0)",
++ org.apache.sshd.agent;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.auth;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.auth.keyboard;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.auth.password;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.auth.pubkey;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.channel;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.config.hosts;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.config.keys;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.future;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.keyverifier;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.session;version="[2.7.0,2.11.0)",
++ org.apache.sshd.client.session.forward;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.auth;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.channel;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.compression;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.config.keys;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.config.keys.loader;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.config.keys.loader.openssh.kdf;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.digest;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.forward;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.future;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.helpers;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.io;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.kex;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.keyprovider;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.mac;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.random;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.session;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.session.helpers;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.signature;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.buffer;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.closeable;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.io;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.io.resource;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.logging;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.net;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.security;version="[2.7.0,2.11.0)",
++ org.apache.sshd.core;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.auth;version="[2.7.0,2.11.0)",
++ org.apache.sshd.sftp;version="[2.7.0,2.11.0)",
++ org.apache.sshd.sftp.client;version="[2.7.0,2.11.0)",
++ org.apache.sshd.sftp.common;version="[2.7.0,2.11.0)",
org.eclipse.jgit.annotations;version="[5.11.0,5.12.0)",
org.eclipse.jgit.errors;version="[5.11.0,5.12.0)",
org.eclipse.jgit.fnmatch;version="[5.11.0,5.12.0)",
@@ -216,18 +216,18 @@
- org.apache.sshd.core;version="[2.6.0,2.7.0)",
- org.apache.sshd.server;version="[2.6.0,2.7.0)",
- org.apache.sshd.server.forward;version="[2.6.0,2.7.0)",
-+Import-Package: org.apache.sshd.client.config.hosts;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.auth;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.config.keys;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.helpers;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.keyprovider;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.session;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.net;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.common.util.security;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.core;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server;version="[2.7.0,2.10.0)",
-+ org.apache.sshd.server.forward;version="[2.7.0,2.10.0)",
++Import-Package: org.apache.sshd.client.config.hosts;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.auth;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.config.keys;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.helpers;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.keyprovider;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.session;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.net;version="[2.7.0,2.11.0)",
++ org.apache.sshd.common.util.security;version="[2.7.0,2.11.0)",
++ org.apache.sshd.core;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server;version="[2.7.0,2.11.0)",
++ org.apache.sshd.server.forward;version="[2.7.0,2.11.0)",
org.eclipse.jgit.api;version="[5.11.0,5.12.0)",
org.eclipse.jgit.api.errors;version="[5.11.0,5.12.0)",
org.eclipse.jgit.internal.transport.sshd.proxy;version="[5.11.0,5.12.0)",
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apache-sshd for openSUSE:Factory checked in at 2023-10-31 20:26:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache-sshd (Old)
and /work/SRC/openSUSE:Factory/.apache-sshd.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache-sshd"
Tue Oct 31 20:26:01 2023 rev:6 rq:1121385 version:2.10.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache-sshd/apache-sshd.changes 2023-02-10 14:35:29.509982014 +0100
+++ /work/SRC/openSUSE:Factory/.apache-sshd.new.17445/apache-sshd.changes 2023-10-31 20:26:21.203380515 +0100
@@ -1,0 +2,19 @@
+Wed Oct 11 09:03:24 UTC 2023 - Fridrich Strba <fstrba(a)suse.com>
+
+- Upgrade to upstrem version 2.10.0
+ * Bug
+ + SSHD-1295: Connection attempt not canceled when a connection
+ timeout occurs
+ + SSHD-1316: Possible OOM in ChannelPipedInputStream
+ + SSHD-1319: SftpRemotePathChannel.transferFrom(...) ignores
+ position argument
+ + SSHD-1324: Rooted file system can leak informations
+ + SSHD-1326: Failed to establish an SSH connection because the
+ server identifier exceeds the int range
+ * Improvement
+ + SSHD-1315: Password in clear in SSHD server's logs
+- Modified patch:
+ * 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
+ + rediff to changed context
+
+-------------------------------------------------------------------
Old:
----
apache-sshd-2.9.2-src.tar.gz
New:
----
apache-sshd-2.10.0-src.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache-sshd.spec ++++++
--- /var/tmp/diff_new_pack.p04Eik/_old 2023-10-31 20:26:22.095413279 +0100
+++ /var/tmp/diff_new_pack.p04Eik/_new 2023-10-31 20:26:22.095413279 +0100
@@ -17,12 +17,13 @@
Name: apache-sshd
-Version: 2.9.2
+Version: 2.10.0
Release: 0
Summary: Apache SSHD
# One file has ISC licensing:
# sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java
License: Apache-2.0 AND ISC
+Group: Development/Libraries/Java
URL: https://mina.apache.org/sshd-project
Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}…
# Avoid optional dep on tomcat native APR library
@@ -40,8 +41,8 @@
BuildRequires: mvn(org.apache.maven:maven-archiver)
BuildRequires: mvn(org.apache:apache-jar-resource-bundle)
BuildRequires: mvn(org.apache:apache:pom:)
-BuildRequires: mvn(org.bouncycastle:bcpg-jdk15on)
-BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on)
+BuildRequires: mvn(org.bouncycastle:bcpg-jdk18on)
+BuildRequires: mvn(org.bouncycastle:bcpkix-jdk18on)
BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
BuildRequires: mvn(org.codehaus.plexus:plexus-archiver)
BuildRequires: mvn(org.slf4j:jcl-over-slf4j)
++++++ 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch ++++++
--- /var/tmp/diff_new_pack.p04Eik/_old 2023-10-31 20:26:22.115414014 +0100
+++ /var/tmp/diff_new_pack.p04Eik/_new 2023-10-31 20:26:22.119414161 +0100
@@ -14,7 +14,7 @@
index 867ca88..7c29678 100644
--- a/pom.xml
+++ b/pom.xml
-@@ -428,11 +428,6 @@
+@@ -434,11 +434,6 @@
<artifactId>mina-core</artifactId>
<version>2.0.23</version>
</dependency>
@@ -41,7 +41,7 @@
-
- <dependency>
<groupId>org.bouncycastle</groupId>
- <artifactId>bcpg-jdk15on</artifactId>
+ <artifactId>bcpg-jdk18on</artifactId>
<optional>true</optional>
diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java
index ab19539..5757e68 100644
@@ -88,7 +88,7 @@
index 5395ceb..f456263 100644
--- a/sshd-osgi/pom.xml
+++ b/sshd-osgi/pom.xml
-@@ -68,12 +68,6 @@
+@@ -81,12 +81,6 @@
<optional>true</optional>
<scope>provided</scope>
</dependency>
++++++ apache-sshd-2.9.2-src.tar.gz -> apache-sshd-2.10.0-src.tar.gz ++++++
++++ 14208 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sqlite-jdbc for openSUSE:Factory checked in at 2023-10-31 20:26:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sqlite-jdbc (Old)
and /work/SRC/openSUSE:Factory/.sqlite-jdbc.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sqlite-jdbc"
Tue Oct 31 20:26:00 2023 rev:14 rq:1121384 version:3.43.2.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/sqlite-jdbc/sqlite-jdbc.changes 2023-09-10 13:12:13.834842375 +0200
+++ /work/SRC/openSUSE:Factory/.sqlite-jdbc.new.17445/sqlite-jdbc.changes 2023-10-31 20:26:19.295310431 +0100
@@ -1,0 +2,45 @@
+Thu Oct 19 09:37:32 UTC 2023 - Anton Shvetz <shvetz.anton(a)gmail.com>
+
+- Update to v3.43.2.1
+ * Fixes
+ ~ downgrade SLF4J to 1.7 (874a926), closes #990
+ * Documentation
+ ~ update Sample in README (459fb04), closes #991
+- Update to v3.43.2.0
+ * Features
+ ~ upgrade to sqlite 3.43.2 (a434c78)
+ ~ add slf44-api to replace use of standard streams (21c77a4),
+ closes #802
+ ~ upgrade to sqlite 3.43.1 (7b40a6a)
+ * Fixes
+ ~ native-image
+ + do not initialize logging framework at build-time (d8f762c)
+ ~ unscoped
+ + add missing module requirement for slf4j (32082c0)
+ + add SONAME to Android binaries (f6a3aef), closes #960
+ * Perf
+ ~ remove use of DriverManager.println (75ce563), closes #984
+ * Changes
+ ~ spotless apply (77339ed)
+ ~ replace generic exceptions (6d563d4)
+ * Build
+ ~ deps
+ + bump org.codehaus.mojo:versions-maven-plugin (ebdda17)
+ + bump org.apache.maven.plugins:maven-javadoc-plugin
+ (5e37532)
+ + bump org.apache.maven.plugins:maven-enforcer-plugin
+ (b3188dc)
+ + bump actions/checkout from 3 to 4 (3eaabec)
+ + bump org.jreleaser:jreleaser-maven-plugin (07d420d)
+ ~ deps-dev
+ + bump org.mockito:mockito-core from 5.5.0 to 5.6.0 (54aa6ab)
+ + bump org.junit-pioneer:junit-pioneer (b363636)
+ ~ makefile
+ + add slf4j dependency (1663cfe)
+ ~ unscoped
+ + update native-image testing to GraalVM 21 (1229f00)
+ + fix native configuration for slf4j (89dbda1)
+ + MultipleClassLoaderTest fails on Windows (d4f4dc2)
+- Do not package native libraries for Windows and Android into jar
+
+-------------------------------------------------------------------
Old:
----
3.43.0.0.tar.gz
sqlite-amalgamation-3430000.zip
New:
----
sqlite-amalgamation-3430200.zip
sqlite-jdbc-3.43.2.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sqlite-jdbc.spec ++++++
--- /var/tmp/diff_new_pack.a2jVuC/_old 2023-10-31 20:26:20.399350983 +0100
+++ /var/tmp/diff_new_pack.a2jVuC/_new 2023-10-31 20:26:20.399350983 +0100
@@ -17,8 +17,8 @@
%{!?make_build:%global make_build make %{?_smp_mflags}}
-%global version 3.43.0.0
-%global amalgamation_version 3430000
+%global version 3.43.2.1
+%global amalgamation_version 3430200
%global debug_package %{nil}
Name: sqlite-jdbc
Version: %{version}
@@ -27,7 +27,7 @@
License: Apache-2.0
Group: Development/Libraries/Java
URL: https://github.com/xerial/%{name}
-Source0: %{url}/archive/refs/tags/%{version}.tar.gz
+Source0: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: https://www.sqlite.org/2023/sqlite-amalgamation-%{amalgamation_version}.zip
BuildRequires: dos2unix
BuildRequires: fdupes
@@ -62,17 +62,23 @@
%prep
%setup -q
+find src/main/resources \
+ \( -name \*.so -or -name \*.dylib -or -name \*.dll \) \
+ -delete
+
%pom_remove_plugin org.sonatype.plugins:nexus-staging-maven-plugin
%pom_remove_plugin com.diffplug.spotless:spotless-maven-plugin
-%pom_remove_dep org.graalvm.sdk:graal-sdk
+%pom_remove_dep org.graalvm.sdk:nativeimage
-sed -i -e '/org\.graalvm\.sdk/ d' src/main/java9/module-info.java
+sed -i -e '/org\.graalvm\.nativeimage/ d' src/main/java9/module-info.java
rm src/main/java9/org/sqlite/nativeimage/SqliteJdbcFeature.java
dos2unix SQLiteJDBC.wiki
-mkdir target
+mkdir -p target/classpath
cp %{SOURCE1} target/sqlite-$(sed -e 's/^version=//' VERSION)-amal.zip
+ln -s %{_javadir}/slf4j/slf4j-api.jar target/classpath/
+
%{mvn_file} : %{name}
%build
++++++ sqlite-amalgamation-3430000.zip -> sqlite-amalgamation-3430200.zip ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sqlite-amalgamation-3430000/shell.c new/sqlite-amalgamation-3430200/shell.c
--- old/sqlite-amalgamation-3430000/shell.c 2023-08-24 15:59:55.000000000 +0200
+++ new/sqlite-amalgamation-3430200/shell.c 2023-10-10 17:08:59.000000000 +0200
@@ -1260,7 +1260,7 @@
char z[400];
if( n<1 ) n = 1;
if( n>350 ) n = 350;
- sprintf(z, "%#+.*e", n, r);
+ snprintf(z, sizeof(z)-1, "%#+.*e", n, r);
sqlite3_result_text(pCtx, z, -1, SQLITE_TRANSIENT);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sqlite-amalgamation-3430000/sqlite3.c new/sqlite-amalgamation-3430200/sqlite3.c
--- old/sqlite-amalgamation-3430000/sqlite3.c 2023-08-24 15:59:55.000000000 +0200
+++ new/sqlite-amalgamation-3430200/sqlite3.c 2023-10-10 17:08:59.000000000 +0200
@@ -1,6 +1,6 @@
/******************************************************************************
** This file is an amalgamation of many separate C source files from SQLite
-** version 3.43.0. By combining all the individual C code files into this
+** version 3.43.2. By combining all the individual C code files into this
** single large file, the entire code can be compiled as a single translation
** unit. This allows many compilers to do optimizations that would not be
** possible if the files were compiled separately. Performance improvements
@@ -18,7 +18,7 @@
** separate file. This file contains only code for the core SQLite library.
**
** The content in this amalgamation comes from Fossil check-in
-** f80b798b3f4b81a7bb4233c58294edd0f11.
+** 310099cce5a487035fa535dd3002c59ac7f.
*/
#define SQLITE_CORE 1
#define SQLITE_AMALGAMATION 1
@@ -459,9 +459,9 @@
** [sqlite3_libversion_number()], [sqlite3_sourceid()],
** [sqlite_version()] and [sqlite_source_id()].
*/
-#define SQLITE_VERSION "3.43.0"
-#define SQLITE_VERSION_NUMBER 3043000
-#define SQLITE_SOURCE_ID "2023-08-24 12:36:59 0f80b798b3f4b81a7bb4233c58294edd0f1156f36b6ecf5ab8e83631d468778c"
+#define SQLITE_VERSION "3.43.2"
+#define SQLITE_VERSION_NUMBER 3043002
+#define SQLITE_SOURCE_ID "2023-10-10 12:14:04 4310099cce5a487035fa535dd3002c59ac7f1d1bec68d7cf317fd3e769484790"
/*
** CAPI3REF: Run-Time Library Version Numbers
@@ -35185,29 +35185,29 @@
double rr[2];
rr[0] = r;
rr[1] = 0.0;
- if( rr[0]>1.84e+19 ){
- while( rr[0]>1.84e+119 ){
+ if( rr[0]>9.223372036854774784e+18 ){
+ while( rr[0]>9.223372036854774784e+118 ){
exp += 100;
dekkerMul2(rr, 1.0e-100, -1.99918998026028836196e-117);
}
- while( rr[0]>1.84e+29 ){
+ while( rr[0]>9.223372036854774784e+28 ){
exp += 10;
dekkerMul2(rr, 1.0e-10, -3.6432197315497741579e-27);
}
- while( rr[0]>1.84e+19 ){
+ while( rr[0]>9.223372036854774784e+18 ){
exp += 1;
dekkerMul2(rr, 1.0e-01, -5.5511151231257827021e-18);
}
}else{
- while( rr[0]<1.84e-82 ){
+ while( rr[0]<9.223372036854774784e-83 ){
exp -= 100;
dekkerMul2(rr, 1.0e+100, -1.5902891109759918046e+83);
}
- while( rr[0]<1.84e+08 ){
+ while( rr[0]<9.223372036854774784e+07 ){
exp -= 10;
dekkerMul2(rr, 1.0e+10, 0.0);
}
- while( rr[0]<1.84e+18 ){
+ while( rr[0]<9.22337203685477478e+17 ){
exp -= 1;
dekkerMul2(rr, 1.0e+01, 0.0);
}
@@ -77024,6 +77024,7 @@
int k; /* Current slot in pCArray->apEnd[] */
u8 *pSrcEnd; /* Current pCArray->apEnd[k] value */
+ assert( nCell>0 );
assert( i<iEnd );
j = get2byte(&aData[hdr+5]);
if( NEVER(j>(u32)usableSize) ){ j = 0; }
@@ -77330,6 +77331,7 @@
return SQLITE_OK;
editpage_fail:
/* Unable to edit this page. Rebuild it from scratch instead. */
+ if( nNew<1 ) return SQLITE_CORRUPT_BKPT;
populateCellCache(pCArray, iNew, nNew);
return rebuildPage(pCArray, iNew, nNew, pPg);
}
@@ -100833,8 +100835,7 @@
/* Set the value of register r[1] in the SQL statement to integer iRow.
** This is done directly as a performance optimization
*/
- v->aMem[1].flags = MEM_Int;
- v->aMem[1].u.i = iRow;
+ sqlite3VdbeMemSetInt64(&v->aMem[1], iRow);
/* If the statement has been run before (and is paused at the OP_ResultRow)
** then back it up to the point where it does the OP_NotExists. This could
@@ -128461,8 +128462,10 @@
if( p->approx ){
if( p->ovrfl ){
sqlite3_result_error(context,"integer overflow",-1);
- }else{
+ }else if( !sqlite3IsNaN(p->rErr) ){
sqlite3_result_double(context, p->rSum+p->rErr);
+ }else{
+ sqlite3_result_double(context, p->rSum);
}
}else{
sqlite3_result_int64(context, p->iSum);
@@ -128475,7 +128478,8 @@
if( p && p->cnt>0 ){
double r;
if( p->approx ){
- r = p->rSum+p->rErr;
+ r = p->rSum;
+ if( !sqlite3IsNaN(p->rErr) ) r += p->rErr;
}else{
r = (double)(p->iSum);
}
@@ -128488,7 +128492,8 @@
p = sqlite3_aggregate_context(context, 0);
if( p ){
if( p->approx ){
- r = p->rSum+p->rErr;
+ r = p->rSum;
+ if( !sqlite3IsNaN(p->rErr) ) r += p->rErr;
}else{
r = (double)(p->iSum);
}
@@ -145691,12 +145696,12 @@
assert( pItem->pSelect!=0 );
pSub = pItem->pSelect;
assert( pSub->pEList->nExpr==pTab->nCol );
- if( (pSub->selFlags & (SF_Distinct|SF_Aggregate))!=0 ){
- testcase( pSub->selFlags & SF_Distinct );
- testcase( pSub->selFlags & SF_Aggregate );
- return 0;
- }
for(pX=pSub; pX; pX=pX->pPrior){
+ if( (pX->selFlags & (SF_Distinct|SF_Aggregate))!=0 ){
+ testcase( pX->selFlags & SF_Distinct );
+ testcase( pX->selFlags & SF_Aggregate );
+ return 0;
+ }
if( pX->pPrior && pX->op!=TK_ALL ){
/* This optimization does not work for compound subqueries that
** use UNION, INTERSECT, or EXCEPT. Only UNION ALL is allowed. */
@@ -198084,7 +198089,7 @@
int rc;
u64 cksum = 0;
- assert( *pRc==SQLITE_OK );
+ if( *pRc ) return 0;
memset(&filter, 0, sizeof(filter));
memset(&csr, 0, sizeof(csr));
@@ -203714,7 +203719,9 @@
}
if( pNode->eType==JSON_ARRAY ){
while( 1 /*exit-by-break*/ ){
- for(i=1; i<=pNode->n; n++){
+ i = 1;
+ while( i<=pNode->n ){
+ if( (pNode[i].jnFlags & JNODE_REMOVE)==0 ) n++;
i += jsonNodeSize(&pNode[i]);
}
if( (pNode->jnFlags & JNODE_APPEND)==0 ) break;
@@ -204130,6 +204137,7 @@
}
pParse = jsonParseCached(ctx, argv[0], ctx, argc>1);
if( pParse==0 ) return;
+ pParse->nJPRef++;
for(i=1; i<(u32)argc; i+=2){
zPath = (const char*)sqlite3_value_text(argv[i]);
pParse->useMod = 1;
@@ -204142,6 +204150,7 @@
jsonReturnJson(pParse, pParse->aNode, ctx, 1);
replace_err:
jsonDebugPrintParse(pParse);
+ jsonParseFree(pParse);
}
@@ -204176,6 +204185,7 @@
}
pParse = jsonParseCached(ctx, argv[0], ctx, argc>1);
if( pParse==0 ) return;
+ pParse->nJPRef++;
for(i=1; i<(u32)argc; i+=2){
zPath = (const char*)sqlite3_value_text(argv[i]);
bApnd = 0;
@@ -204192,9 +204202,8 @@
}
jsonDebugPrintParse(pParse);
jsonReturnJson(pParse, pParse->aNode, ctx, 1);
-
jsonSetDone:
- /* no cleanup required */;
+ jsonParseFree(pParse);
}
/*
@@ -222986,15 +222995,19 @@
}
}
if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
- sqlite3_int64 v = sessionGetI64(aVal);
- if( eType==SQLITE_INTEGER ){
- sqlite3VdbeMemSetInt64(apOut[i], v);
+ if( (pIn->nData-pIn->iNext)<8 ){
+ rc = SQLITE_CORRUPT_BKPT;
}else{
- double d;
- memcpy(&d, &v, 8);
- sqlite3VdbeMemSetDouble(apOut[i], d);
+ sqlite3_int64 v = sessionGetI64(aVal);
+ if( eType==SQLITE_INTEGER ){
+ sqlite3VdbeMemSetInt64(apOut[i], v);
+ }else{
+ double d;
+ memcpy(&d, &v, 8);
+ sqlite3VdbeMemSetDouble(apOut[i], d);
+ }
+ pIn->iNext += 8;
}
- pIn->iNext += 8;
}
}
}
@@ -239679,7 +239692,6 @@
int iIdx = 0;
int iStart = 0;
int iKeyOff = 0;
- int iPrevKeyOff = 0;
int iDelKeyOff = 0; /* Offset of deleted key, if any */
nIdx = nPg-iPgIdx;
@@ -239820,80 +239832,79 @@
}
}
}else if( iStart==4 ){
- int iPgno;
+ int iPgno;
- assert_nc( pSeg->iLeafPgno>pSeg->iTermLeafPgno );
- /* The entry being removed may be the only position list in
- ** its doclist. */
- for(iPgno=pSeg->iLeafPgno-1; iPgno>pSeg->iTermLeafPgno; iPgno-- ){
- Fts5Data *pPg = fts5DataRead(p, FTS5_SEGMENT_ROWID(iSegid, iPgno));
- int bEmpty = (pPg && pPg->nn==4);
- fts5DataRelease(pPg);
- if( bEmpty==0 ) break;
- }
-
- if( iPgno==pSeg->iTermLeafPgno ){
- i64 iId = FTS5_SEGMENT_ROWID(iSegid, pSeg->iTermLeafPgno);
- Fts5Data *pTerm = fts5DataRead(p, iId);
- if( pTerm && pTerm->szLeaf==pSeg->iTermLeafOffset ){
- u8 *aTermIdx = &pTerm->p[pTerm->szLeaf];
- int nTermIdx = pTerm->nn - pTerm->szLeaf;
- int iTermIdx = 0;
- int iTermOff = 0;
-
- while( 1 ){
- u32 iVal = 0;
- int nByte = fts5GetVarint32(&aTermIdx[iTermIdx], iVal);
- iTermOff += iVal;
- if( (iTermIdx+nByte)>=nTermIdx ) break;
- iTermIdx += nByte;
- }
- nTermIdx = iTermIdx;
-
- memmove(&pTerm->p[iTermOff], &pTerm->p[pTerm->szLeaf], nTermIdx);
- fts5PutU16(&pTerm->p[2], iTermOff);
-
- fts5DataWrite(p, iId, pTerm->p, iTermOff+nTermIdx);
- if( nTermIdx==0 ){
- fts5SecureDeleteIdxEntry(p, iSegid, pSeg->iTermLeafPgno);
- }
- }
- fts5DataRelease(pTerm);
- }
+ assert_nc( pSeg->iLeafPgno>pSeg->iTermLeafPgno );
+ /* The entry being removed may be the only position list in
+ ** its doclist. */
+ for(iPgno=pSeg->iLeafPgno-1; iPgno>pSeg->iTermLeafPgno; iPgno-- ){
+ Fts5Data *pPg = fts5DataRead(p, FTS5_SEGMENT_ROWID(iSegid, iPgno));
+ int bEmpty = (pPg && pPg->nn==4);
+ fts5DataRelease(pPg);
+ if( bEmpty==0 ) break;
}
- if( p->rc==SQLITE_OK ){
- const int nMove = nPg - iNextOff;
- int nShift = 0;
+ if( iPgno==pSeg->iTermLeafPgno ){
+ i64 iId = FTS5_SEGMENT_ROWID(iSegid, pSeg->iTermLeafPgno);
+ Fts5Data *pTerm = fts5DataRead(p, iId);
+ if( pTerm && pTerm->szLeaf==pSeg->iTermLeafOffset ){
+ u8 *aTermIdx = &pTerm->p[pTerm->szLeaf];
+ int nTermIdx = pTerm->nn - pTerm->szLeaf;
+ int iTermIdx = 0;
+ int iTermOff = 0;
- memmove(&aPg[iOff], &aPg[iNextOff], nMove);
- iPgIdx -= (iNextOff - iOff);
- nPg = iPgIdx;
- fts5PutU16(&aPg[2], iPgIdx);
+ while( 1 ){
+ u32 iVal = 0;
+ int nByte = fts5GetVarint32(&aTermIdx[iTermIdx], iVal);
+ iTermOff += iVal;
+ if( (iTermIdx+nByte)>=nTermIdx ) break;
+ iTermIdx += nByte;
+ }
+ nTermIdx = iTermIdx;
- nShift = iNextOff - iOff;
- for(iIdx=0, iKeyOff=0, iPrevKeyOff=0; iIdx<nIdx; /* no-op */){
- u32 iVal = 0;
- iIdx += fts5GetVarint32(&aIdx[iIdx], iVal);
- iKeyOff += iVal;
- if( iKeyOff!=iDelKeyOff ){
- if( iKeyOff>iOff ){
- iKeyOff -= nShift;
- nShift = 0;
- }
- nPg += sqlite3Fts5PutVarint(&aPg[nPg], iKeyOff - iPrevKeyOff);
- iPrevKeyOff = iKeyOff;
+ memmove(&pTerm->p[iTermOff], &pTerm->p[pTerm->szLeaf], nTermIdx);
+ fts5PutU16(&pTerm->p[2], iTermOff);
+
+ fts5DataWrite(p, iId, pTerm->p, iTermOff+nTermIdx);
+ if( nTermIdx==0 ){
+ fts5SecureDeleteIdxEntry(p, iSegid, pSeg->iTermLeafPgno);
}
}
+ fts5DataRelease(pTerm);
+ }
+ }
+
+ if( p->rc==SQLITE_OK ){
+ const int nMove = nPg - iNextOff; /* Number of bytes to move */
+ int nShift = iNextOff - iOff; /* Distance to move them */
+
+ int iPrevKeyOut = 0;
+ int iKeyIn = 0;
+
+ memmove(&aPg[iOff], &aPg[iNextOff], nMove);
+ iPgIdx -= nShift;
+ nPg = iPgIdx;
+ fts5PutU16(&aPg[2], iPgIdx);
- if( iPgIdx==nPg && nIdx>0 && pSeg->iLeafPgno!=1 ){
- fts5SecureDeleteIdxEntry(p, iSegid, pSeg->iLeafPgno);
+ for(iIdx=0; iIdx<nIdx; /* no-op */){
+ u32 iVal = 0;
+ iIdx += fts5GetVarint32(&aIdx[iIdx], iVal);
+ iKeyIn += iVal;
+ if( iKeyIn!=iDelKeyOff ){
+ int iKeyOut = (iKeyIn - (iKeyIn>iOff ? nShift : 0));
+ nPg += sqlite3Fts5PutVarint(&aPg[nPg], iKeyOut - iPrevKeyOut);
+ iPrevKeyOut = iKeyOut;
}
+ }
- assert_nc( nPg>4 || fts5GetU16(aPg)==0 );
- fts5DataWrite(p, FTS5_SEGMENT_ROWID(iSegid,pSeg->iLeafPgno), aPg,nPg);
+ if( iPgIdx==nPg && nIdx>0 && pSeg->iLeafPgno!=1 ){
+ fts5SecureDeleteIdxEntry(p, iSegid, pSeg->iLeafPgno);
}
- sqlite3_free(aIdx);
+
+ assert_nc( nPg>4 || fts5GetU16(aPg)==0 );
+ fts5DataWrite(p, FTS5_SEGMENT_ROWID(iSegid,pSeg->iLeafPgno), aPg, nPg);
+ }
+ sqlite3_free(aIdx);
}
/*
@@ -244242,6 +244253,9 @@
pCsr->iFirstRowid = fts5GetRowidLimit(pRowidGe, SMALLEST_INT64);
}
+ rc = sqlite3Fts5IndexLoadConfig(pTab->p.pIndex);
+ if( rc!=SQLITE_OK ) goto filter_out;
+
if( pTab->pSortCsr ){
/* If pSortCsr is non-NULL, then this call is being made as part of
** processing for a "... MATCH <expr> ORDER BY rank" query (ePlan is
@@ -244264,7 +244278,9 @@
pCsr->pExpr = pTab->pSortCsr->pExpr;
rc = fts5CursorFirst(pTab, pCsr, bDesc);
}else if( pCsr->pExpr ){
- rc = fts5CursorParseRank(pConfig, pCsr, pRank);
+ if( rc==SQLITE_OK ){
+ rc = fts5CursorParseRank(pConfig, pCsr, pRank);
+ }
if( rc==SQLITE_OK ){
if( bOrderByRank ){
pCsr->ePlan = FTS5_PLAN_SORTED_MATCH;
@@ -245745,7 +245761,7 @@
){
assert( nArg==0 );
UNUSED_PARAM2(nArg, apUnused);
- sqlite3_result_text(pCtx, "fts5: 2023-08-24 12:36:59 0f80b798b3f4b81a7bb4233c58294edd0f1156f36b6ecf5ab8e83631d468778c", -1, SQLITE_TRANSIENT);
+ sqlite3_result_text(pCtx, "fts5: 2023-10-10 12:14:04 4310099cce5a487035fa535dd3002c59ac7f1d1bec68d7cf317fd3e769484790", -1, SQLITE_TRANSIENT);
}
/*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sqlite-amalgamation-3430000/sqlite3.h new/sqlite-amalgamation-3430200/sqlite3.h
--- old/sqlite-amalgamation-3430000/sqlite3.h 2023-08-24 15:59:55.000000000 +0200
+++ new/sqlite-amalgamation-3430200/sqlite3.h 2023-10-10 17:08:59.000000000 +0200
@@ -146,9 +146,9 @@
** [sqlite3_libversion_number()], [sqlite3_sourceid()],
** [sqlite_version()] and [sqlite_source_id()].
*/
-#define SQLITE_VERSION "3.43.0"
-#define SQLITE_VERSION_NUMBER 3043000
-#define SQLITE_SOURCE_ID "2023-08-24 12:36:59 0f80b798b3f4b81a7bb4233c58294edd0f1156f36b6ecf5ab8e83631d468778c"
+#define SQLITE_VERSION "3.43.2"
+#define SQLITE_VERSION_NUMBER 3043002
+#define SQLITE_SOURCE_ID "2023-10-10 12:14:04 4310099cce5a487035fa535dd3002c59ac7f1d1bec68d7cf317fd3e769484790"
/*
** CAPI3REF: Run-Time Library Version Numbers
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apache-commons-beanutils for openSUSE:Factory checked in at 2023-10-31 20:25:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apache-commons-beanutils (Old)
and /work/SRC/openSUSE:Factory/.apache-commons-beanutils.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache-commons-beanutils"
Tue Oct 31 20:25:59 2023 rev:15 rq:1121382 version:1.9.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/apache-commons-beanutils/apache-commons-beanutils.changes 2019-10-14 12:44:17.130263519 +0200
+++ /work/SRC/openSUSE:Factory/.apache-commons-beanutils.new.17445/apache-commons-beanutils.changes 2023-10-31 20:26:17.655250192 +0100
@@ -1,0 +2,5 @@
+Tue Oct 31 08:36:54 UTC 2023 - Fridrich Strba <fstrba(a)suse.com>
+
+- Clean and simplify the spec file
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache-commons-beanutils.spec ++++++
--- /var/tmp/diff_new_pack.zxQ1a7/_old 2023-10-31 20:26:18.695288392 +0100
+++ /var/tmp/diff_new_pack.zxQ1a7/_new 2023-10-31 20:26:18.695288392 +0100
@@ -1,7 +1,7 @@
#
# spec file for package apache-commons-beanutils
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,11 +32,8 @@
BuildRequires: commons-collections
BuildRequires: commons-logging
BuildRequires: fdupes
-BuildRequires: javapackages-local
-BuildRequires: javapackages-tools
+BuildRequires: javapackages-local >= 6
BuildRequires: xml-commons-apis
-Requires: commons-collections >= 2.0
-Requires: commons-logging >= 1.0
Provides: %{short_name} = %{version}-%{release}
Obsoletes: %{short_name} < %{version}-%{release}
Provides: jakarta-%{short_name} = %{version}-%{release}
@@ -69,47 +66,31 @@
# bug in ant build
touch README.txt
-%{pom_remove_parent}
-
%build
export CLASSPATH=%(build-classpath commons-collections commons-logging)
-%ant -Dbuild.sysclasspath=first dist
+%{ant} -Dbuild.sysclasspath=first dist
%install
# jars
install -d -m 755 %{buildroot}%{_javadir}
-install -m 644 dist/%{short_name}-%{version}.jar %{buildroot}%{_javadir}/%{name}-%{version}.jar
-
-pushd %{buildroot}%{_javadir}
-ln -s %{name}-%{version}.jar %{name}.jar
-for jar in *.jar; do
- ln -sf ${jar} `echo $jar| sed "s|apache-||g"`
-done
-popd # come back from javadir
+install -m 644 dist/%{short_name}-%{version}.jar %{buildroot}%{_javadir}/%{short_name}.jar
+ln -sf %{short_name}.jar %{buildroot}%{_javadir}/%{name}.jar
# poms
install -d -m 755 %{buildroot}%{_mavenpomdir}
-install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/%{name}-%{version}.pom
-%add_maven_depmap %{name}-%{version}.pom %{name}-%{version}.jar -a "%{short_name}:%{short_name}-core,%{short_name}:%{short_name}-bean-collections"
+%{mvn_install_pom} pom.xml %{buildroot}%{_mavenpomdir}/%{short_name}.pom
+%add_maven_depmap %{short_name}.pom %{short_name}.jar -a "%{short_name}:%{short_name}-core,%{short_name}:%{short_name}-bean-collections"
# javadoc
install -d -m 755 %{buildroot}%{_javadocdir}/%{name}
cp -pr dist/docs/api/* %{buildroot}%{_javadocdir}/%{name}
%fdupes -s %{buildroot}%{_javadocdir}/%{name}
-%files
-%defattr(0644,root,root,0755)
-%license LICENSE.txt
-%doc NOTICE.txt RELEASE-NOTES.txt
-%{_javadir}/*
-%{_mavenpomdir}/*
-%if %{defined _maven_repository}
-%{_mavendepmapfragdir}/%{name}
-%else
-%{_datadir}/maven-metadata/%{name}.xml*
-%endif
+%files -f .mfiles
+%{_javadir}/%{name}.jar
+%license LICENSE.txt NOTICE.txt
+%doc RELEASE-NOTES.txt
%files javadoc
-%defattr(0644,root,root,0755)
%{_javadocdir}/%{name}
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-pymssql for openSUSE:Factory checked in at 2023-10-31 20:25:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pymssql (Old)
and /work/SRC/openSUSE:Factory/.python-pymssql.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pymssql"
Tue Oct 31 20:25:57 2023 rev:3 rq:1121378 version:2.2.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pymssql/python-pymssql.changes 2023-08-14 22:35:34.324344545 +0200
+++ /work/SRC/openSUSE:Factory/.python-pymssql.new.17445/python-pymssql.changes 2023-10-31 20:26:16.463206408 +0100
@@ -1,0 +2,10 @@
+Mon Oct 30 20:52:41 UTC 2023 - Martin Hauke <mardnh(a)gmx.de>
+
+- Update to version 2.2.10
+ * Add python 3.12 support.
+ * Do not try to drop temporary tables in clear_db().
+ * test_sqlalchemy: update for compatibility with SQLAlchemy >2.0.
+- Update to version 2.2.9
+ * Update changelog.
+
+-------------------------------------------------------------------
Old:
----
pymssql-2.2.8.tar.gz
New:
----
pymssql-2.2.10.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pymssql.spec ++++++
--- /var/tmp/diff_new_pack.OqN2zv/_old 2023-10-31 20:26:17.191233148 +0100
+++ /var/tmp/diff_new_pack.OqN2zv/_new 2023-10-31 20:26:17.195233295 +0100
@@ -16,9 +16,8 @@
#
-%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-pymssql
-Version: 2.2.8
+Version: 2.2.10
Release: 0
Summary: A simple database interface to MS-SQL for Python
License: LGPL-2.1-only
@@ -58,5 +57,5 @@
%files %{python_files}
%license LICENSE
%doc ChangeLog.rst README.rst
-%{python_sitearch}/*
+%{python_sitearch}/pymssql*
++++++ pymssql-2.2.8.tar.gz -> pymssql-2.2.10.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/.github/workflows/test_linux.yml new/pymssql-2.2.10/.github/workflows/test_linux.yml
--- old/pymssql-2.2.8/.github/workflows/test_linux.yml 2023-07-31 00:21:30.000000000 +0200
+++ new/pymssql-2.2.10/.github/workflows/test_linux.yml 2023-10-26 23:49:27.000000000 +0200
@@ -7,6 +7,8 @@
paths-ignore:
- docs/**
- ChangeLog*
+ - .github/workflows/test_macos.yml
+ - .github/workflows/test_windows.yml
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+rc[0-9]+'
@@ -16,6 +18,8 @@
paths-ignore:
- docs/**
- ChangeLog*
+ - .github/workflows/test_macos.yml
+ - .github/workflows/test_windows.yml
jobs:
@@ -24,8 +28,8 @@
runs-on: ${{ matrix.os }}
strategy:
matrix:
- python-version: ['3.6', '3.7', '3.8', '3.9', '3.10', '3.11']
- os: [ubuntu-18.04]
+ python-version: ['3.6', '3.7', '3.8', '3.9', '3.10', '3.11', '3.12']
+ os: [ubuntu-20.04]
services:
SQLServer:
@@ -54,7 +58,7 @@
python dev/build.py \
--ws-dir=./freetds \
--dist-dir=./dist \
- --freetds-version="1.3.13" \
+ --freetds-version="1.4.3" \
--with-openssl=yes \
--enable-krb5 \
--sdist \
@@ -81,7 +85,10 @@
strategy:
matrix:
arch: [i686, x86_64]
- manylinux: [manylinux1, manylinux2010, manylinux2014, manylinux_2_24]
+ manylinux: [manylinux1, manylinux2010, manylinux2014, manylinux_2_28]
+ exclude:
+ - arch: i686
+ manylinux: manylinux_2_28
steps:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/.github/workflows/test_macos.yml new/pymssql-2.2.10/.github/workflows/test_macos.yml
--- old/pymssql-2.2.8/.github/workflows/test_macos.yml 2023-07-31 00:21:30.000000000 +0200
+++ new/pymssql-2.2.10/.github/workflows/test_macos.yml 2023-10-26 23:49:27.000000000 +0200
@@ -7,6 +7,9 @@
paths-ignore:
- docs/**
- ChangeLog*
+ - .github/workflows/test_linux.yml
+ - .github/workflows/test_windows.yml
+ - dev/build_manylinux_wheels.sh
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+rc[0-9]+'
@@ -16,6 +19,9 @@
paths-ignore:
- docs/**
- ChangeLog*
+ - .github/workflows/test_linux.yml
+ - .github/workflows/test_windows.yml
+ - dev/build_manylinux_wheels.sh
jobs:
build:
@@ -23,7 +29,7 @@
runs-on: ${{ matrix.os }}
strategy:
matrix:
- python-version: ['3.6', '3.7', '3.8', '3.9', '3.10', '3.11']
+ python-version: ['3.6', '3.7', '3.8', '3.9', '3.10', '3.11', '3.12']
os: [macos-latest]
steps:
@@ -52,7 +58,7 @@
python dev/build.py \
--ws-dir=./freetds \
--dist-dir=./dist \
- --freetds-version="1.3.13" \
+ --freetds-version="1.4.3" \
--with-openssl=yes \
--sdist \
--static-freetds
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/.github/workflows/test_windows.yml new/pymssql-2.2.10/.github/workflows/test_windows.yml
--- old/pymssql-2.2.8/.github/workflows/test_windows.yml 2023-07-31 00:21:30.000000000 +0200
+++ new/pymssql-2.2.10/.github/workflows/test_windows.yml 2023-10-26 23:49:27.000000000 +0200
@@ -7,6 +7,9 @@
paths-ignore:
- docs/**
- ChangeLog*
+ - .github/workflows/test_macos.yml
+ - .github/workflows/test_linux.yml
+ - dev/build_manylinux_wheels.sh
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+rc[0-9]+'
@@ -16,6 +19,9 @@
paths-ignore:
- docs/**
- ChangeLog*
+ - .github/workflows/test_macos.yml
+ - .github/workflows/test_linux.yml
+ - dev/build_manylinux_wheels.sh
jobs:
build:
@@ -25,7 +31,7 @@
strategy:
fail-fast: false
matrix:
- python-version: ['3.6', '3.7', '3.8', '3.9', '3.10', '3.11']
+ python-version: ['3.6', '3.7', '3.8', '3.9', '3.10', '3.11', '3.12']
os: [windows-latest]
python-architecture: [x86, x64]
@@ -43,7 +49,7 @@
- name: Install OpenSSL x86
if: matrix.python-architecture == 'x86'
- run: choco install openssl --forcex86
+ run: choco install openssl --forcex86 --version=1.1.1.2100
- name: Install OpenSSL x64
if: matrix.python-architecture == 'x64'
@@ -54,7 +60,7 @@
choco install gperf
python -m pip install --upgrade pip
pip install -r dev/requirements-dev.txt
- python dev/build.py --ws-dir=freetds --dist-dir=dist --sdist --freetds-version="1.3.13"
+ python dev/build.py --ws-dir=freetds --dist-dir=dist --sdist --freetds-version="1.4.3"
pip install pymssql --no-index -f dist
python -c "import pymssql; print(pymssql.version_info())"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/ChangeLog.rst new/pymssql-2.2.10/ChangeLog.rst
--- old/pymssql-2.2.8/ChangeLog.rst 2023-07-31 01:07:46.000000000 +0200
+++ new/pymssql-2.2.10/ChangeLog.rst 2023-10-26 23:49:27.000000000 +0200
@@ -1,6 +1,26 @@
Recent Changes
==============
+Version 2.2.10 - 2023-10-20 - Mikhail Terekhov
+===============================================
+
+General
+-------
+
+- Publish Linux wheels for Python-3.12
+
+Version 2.2.9 - 2023-10-13 - Mikhail Terekhov
+==============================================
+
+General
+-------
+
+- Use FreeTDS-1.4.3 for official wheels on PyPi (fix #847).
+- Build wheels for Python-3.12. Thanks to Raphael Jacob (fix #851, #855).
+- Use manylinux_2_28 instead of manylinux_2_24 when building wheels in GitHub actions.
+- Fix build with OpenSSL on Windows. Thanks to PrimozGodec (fix #839).
+
+
Version 2.2.8 - 2023-07-30 - Mikhail Terekhov
==============================================
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/PKG-INFO new/pymssql-2.2.10/PKG-INFO
--- old/pymssql-2.2.8/PKG-INFO 2023-07-31 01:08:48.412727400 +0200
+++ new/pymssql-2.2.10/PKG-INFO 2023-10-26 23:53:45.686357700 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: pymssql
-Version: 2.2.8
+Version: 2.2.10
Summary: DB-API interface to Microsoft SQL Server for Python. (new Cython-based version)
Author: Damien Churchill
Author-email: damoxc(a)gmail.com
@@ -22,6 +22,7 @@
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Topic :: Database
Classifier: Topic :: Database :: Database Engines/Servers
@@ -111,18 +112,21 @@
Recent Changes
==============
-Version 2.2.8 - 2023-07-30 - Mikhail Terekhov
-==============================================
+Version 2.2.10 - 2023-10-20 - Mikhail Terekhov
+===============================================
General
-------
-- Compatibility with Cython. Thanks to matusvalo (Matus Valo) (fix #826).
+- Publish Linux wheels for Python-3.12
-Version 2.2.7 - 2022-11-15 - Mikhail Terekhov
+Version 2.2.9 - 2023-10-13 - Mikhail Terekhov
==============================================
General
-------
-- Build wheels for Python-3.6 (fix 787).
+- Use FreeTDS-1.4.3 for official wheels on PyPi (fix #847).
+- Build wheels for Python-3.12. Thanks to Raphael Jacob (fix #851, #855).
+- Use manylinux_2_28 instead of manylinux_2_24 when building wheels in GitHub actions.
+- Fix build with OpenSSL on Windows. Thanks to PrimozGodec (fix #839).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/dev/build_manylinux_wheels.sh new/pymssql-2.2.10/dev/build_manylinux_wheels.sh
--- old/pymssql-2.2.8/dev/build_manylinux_wheels.sh 2023-07-31 00:21:30.000000000 +0200
+++ new/pymssql-2.2.10/dev/build_manylinux_wheels.sh 2023-10-26 23:49:27.000000000 +0200
@@ -48,13 +48,13 @@
--ws-dir=./freetds \
--dist-dir=. \
--prefix=/usr/local \
- --freetds-version="1.3.13" \
+ --freetds-version="1.4.3" \
--with-openssl=yes \
--enable-krb5 \
--static-freetds
# Install Python dependencies and compile wheels
-PYTHONS="cp36-cp36m cp37-cp37m cp38-cp38 cp39-cp39 cp310-cp310 cp311-cp311"
+PYTHONS="cp36-cp36m cp37-cp37m cp38-cp38 cp39-cp39 cp310-cp310 cp311-cp311 cp312-cp312"
for i in $PYTHONS; do
PYBIN="/opt/python/$i/bin"
if [ -d ${PYBIN} ] ; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/setup.py new/pymssql-2.2.10/setup.py
--- old/pymssql-2.2.8/setup.py 2023-07-31 00:21:30.000000000 +0200
+++ new/pymssql-2.2.10/setup.py 2023-10-26 23:49:27.000000000 +0200
@@ -167,7 +167,7 @@
if BITNESS == 32:
e.library_dirs.append("c:/Program Files (x86)/OpenSSL-Win32/lib")
else:
- e.library_dirs.append("c:/Program Files/OpenSSL-Win64/lib")
+ e.library_dirs.append("c:/Program Files/OpenSSL/lib")
else:
if LINK_KRB5:
@@ -324,6 +324,7 @@
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.11",
+ "Programming Language :: Python :: 3.12",
"Programming Language :: Python :: Implementation :: CPython",
"Topic :: Database",
"Topic :: Database :: Database Engines/Servers",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/src/pymssql/version.h new/pymssql-2.2.10/src/pymssql/version.h
--- old/pymssql-2.2.8/src/pymssql/version.h 2023-07-31 01:08:48.000000000 +0200
+++ new/pymssql-2.2.10/src/pymssql/version.h 2023-10-26 23:53:45.000000000 +0200
@@ -1 +1 @@
-#define PYMSSQL_VERSION "2.2.8"
\ No newline at end of file
+#define PYMSSQL_VERSION "2.2.10"
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/src/pymssql.egg-info/PKG-INFO new/pymssql-2.2.10/src/pymssql.egg-info/PKG-INFO
--- old/pymssql-2.2.8/src/pymssql.egg-info/PKG-INFO 2023-07-31 01:08:48.000000000 +0200
+++ new/pymssql-2.2.10/src/pymssql.egg-info/PKG-INFO 2023-10-26 23:53:45.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: pymssql
-Version: 2.2.8
+Version: 2.2.10
Summary: DB-API interface to Microsoft SQL Server for Python. (new Cython-based version)
Author: Damien Churchill
Author-email: damoxc(a)gmail.com
@@ -22,6 +22,7 @@
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Topic :: Database
Classifier: Topic :: Database :: Database Engines/Servers
@@ -111,18 +112,21 @@
Recent Changes
==============
-Version 2.2.8 - 2023-07-30 - Mikhail Terekhov
-==============================================
+Version 2.2.10 - 2023-10-20 - Mikhail Terekhov
+===============================================
General
-------
-- Compatibility with Cython. Thanks to matusvalo (Matus Valo) (fix #826).
+- Publish Linux wheels for Python-3.12
-Version 2.2.7 - 2022-11-15 - Mikhail Terekhov
+Version 2.2.9 - 2023-10-13 - Mikhail Terekhov
==============================================
General
-------
-- Build wheels for Python-3.6 (fix 787).
+- Use FreeTDS-1.4.3 for official wheels on PyPi (fix #847).
+- Build wheels for Python-3.12. Thanks to Raphael Jacob (fix #851, #855).
+- Use manylinux_2_28 instead of manylinux_2_24 when building wheels in GitHub actions.
+- Fix build with OpenSSL on Windows. Thanks to PrimozGodec (fix #839).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/src/pymssql.egg-info/SOURCES.txt new/pymssql-2.2.10/src/pymssql.egg-info/SOURCES.txt
--- old/pymssql-2.2.8/src/pymssql.egg-info/SOURCES.txt 2023-07-31 01:08:48.000000000 +0200
+++ new/pymssql-2.2.10/src/pymssql.egg-info/SOURCES.txt 2023-10-26 23:53:45.000000000 +0200
@@ -88,7 +88,6 @@
tests/test_memory.py
tests/test_pymssql.py
tests/test_queries.py
-tests/test_query_parameters.py
tests/test_sprocs.py
tests/test_sqlalchemy.py
tests/test_threaded.py
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/tests/helpers.py new/pymssql-2.2.10/tests/helpers.py
--- old/pymssql-2.2.8/tests/helpers.py 2023-07-31 00:21:30.000000000 +0200
+++ new/pymssql-2.2.10/tests/helpers.py 2023-10-26 23:49:27.000000000 +0200
@@ -412,7 +412,8 @@
'from sys.objects where type in (\'%s\')' % '", "'.join(type)
conn.execute_query(sql)
for row in conn:
- delete_sql.append(drop_sql % dict(row))
+ if row['name'][0] not in ('#','@'):
+ delete_sql.append(drop_sql % dict(row))
for sql in delete_sql:
conn.execute_non_query(sql)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/tests/test_query_parameters.py new/pymssql-2.2.10/tests/test_query_parameters.py
--- old/pymssql-2.2.8/tests/test_query_parameters.py 2023-02-23 22:45:52.000000000 +0100
+++ new/pymssql-2.2.10/tests/test_query_parameters.py 1970-01-01 01:00:00.000000000 +0100
@@ -1,48 +0,0 @@
-# -*- coding: utf-8 -*-
-"""
-Test queries.
-"""
-
-import unittest
-
-import pytest
-
-from .helpers import pymssqlconn, drop_table
-
-
-(a)pytest.mark.mssql_server_required
-class TestQueryParameters(unittest.TestCase):
-
- table_name = 'testtab'
-
- @classmethod
- def setup_class(cls):
- cls.conn = pymssqlconn(encryption='as')
- drop_table(cls.conn, cls.table_name)
- cls.createTestTable()
-
- @classmethod
- def teardown_class(cls):
- drop_table(cls.conn, cls.table_name)
- cls.conn.close()
-
- @classmethod
- def createTestTable(cls):
- query = f"INSERT INTO {cls.table_name} (int_col, text_col) VALUES (%d, %s);"
- with cls.conn.cursor() as c:
- c.execute("""
- CREATE TABLE testtab (
- int_col int,
- text_col text
- )""")
- for x in range(10):
- c.execute(query, (x, f"Column {x}"))
-
-
- def test_609(self):
- with self.conn.cursor() as c:
- #c.execute('SELECT * FROM testtab WHERE int_col=%d', (1,))
- c.execute(f'SELECT * FROM {self.table_name} WHERE int_col=%d', (0, ))
- rows = c.fetchall()
- print(f"AAAAAAAAAAAAAAAAAAA: {rows}")
- self.assertEqual(len(rows), 1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pymssql-2.2.8/tests/test_sqlalchemy.py new/pymssql-2.2.10/tests/test_sqlalchemy.py
--- old/pymssql-2.2.8/tests/test_sqlalchemy.py 2023-07-31 00:21:30.000000000 +0200
+++ new/pymssql-2.2.10/tests/test_sqlalchemy.py 2023-10-26 23:49:27.000000000 +0200
@@ -13,8 +13,7 @@
import sqlalchemy as sa
except ImportError:
pytest.skip('SQLAlchemy is not available', allow_module_level=True)
-from sqlalchemy.orm import sessionmaker
-from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import sessionmaker, declarative_base
engine = sa.create_engine(
'mssql+pymssql://%s:%s@%s:%s/%s' % (
@@ -71,6 +70,6 @@
s = SAObj(name='foobar', data=['one'])
self.sess.add(s)
self.sess.commit()
- res = self.sess.execute(sa.select([self.saotbl.c.data]))
+ res = self.sess.execute(sa.select(self.saotbl.c.data))
row = res.fetchone()
- eq_(row['data'], ['one'])
+ eq_(row[0], ['one'])
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package lighttpd for openSUSE:Factory checked in at 2023-10-31 20:25:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/lighttpd (Old)
and /work/SRC/openSUSE:Factory/.lighttpd.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lighttpd"
Tue Oct 31 20:25:56 2023 rev:62 rq:1121373 version:1.4.73
Changes:
--------
--- /work/SRC/openSUSE:Factory/lighttpd/lighttpd.changes 2023-10-08 12:23:05.224444980 +0200
+++ /work/SRC/openSUSE:Factory/.lighttpd.new.17445/lighttpd.changes 2023-10-31 20:26:15.003152780 +0100
@@ -1,0 +2,7 @@
+Tue Oct 31 06:53:05 UTC 2023 - Andreas Stieger <andreas.stieger(a)gmx.de>
+
+- update to 1.4.73:
+ * CVE-2023-44487: HTTP/2 detect and log rapid reset attack
+ (boo#1216123)
+
+-------------------------------------------------------------------
Old:
----
lighttpd-1.4.72.tar.xz
lighttpd-1.4.72.tar.xz.asc
New:
----
lighttpd-1.4.73.tar.xz
lighttpd-1.4.73.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lighttpd.spec ++++++
--- /var/tmp/diff_new_pack.MXB2H7/_old 2023-10-31 20:26:15.819182753 +0100
+++ /var/tmp/diff_new_pack.MXB2H7/_new 2023-10-31 20:26:15.823182900 +0100
@@ -26,7 +26,7 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: lighttpd
-Version: 1.4.72
+Version: 1.4.73
Release: 0
Summary: A Secure, Fast, Compliant, and Very Flexible Web Server
License: BSD-3-Clause
++++++ lighttpd-1.4.72.tar.xz -> lighttpd-1.4.73.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/CMakeLists.txt new/lighttpd-1.4.73/CMakeLists.txt
--- old/lighttpd-1.4.72/CMakeLists.txt 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/CMakeLists.txt 2023-10-31 03:35:56.000000000 +0100
@@ -1,6 +1,6 @@
cmake_minimum_required(VERSION 3.7.0 FATAL_ERROR)
-project(lighttpd VERSION 1.4.72 LANGUAGES C)
+project(lighttpd VERSION 1.4.73 LANGUAGES C)
# use C11 with CMake >= 3.1
set(CMAKE_C_STANDARD 11)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/NEWS new/lighttpd-1.4.73/NEWS
--- old/lighttpd-1.4.72/NEWS 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/NEWS 2023-10-31 03:35:56.000000000 +0100
@@ -3,6 +3,34 @@
NEWS
====
+- 1.4.73 - 2023-10-30
+ * [core] add .mkv to mimetype.assign builtin defaults
+ * [core] warn if out-of-range value for config short
+ * [mod_openssl] set default curves for ossl < 1.1.0
+ * [mod_h2] parse HEADERS flags sooner
+ * [mod_h2] check send window before defer frame rd
+ * [mod_h2] send GOAWAY to excessive request flood
+ * [mod_h2] h2_parse_headers_frame() adjust args
+ * [mod_h2] h2_recv_headers() parse trailers earlier
+ * [mod_h2] send GOAWAY to excessive request flood
+ * [mod_h2] discard new streams after GOAWAY sent
+ * [mod_h2] h2_discard_headers() to HPACK-decode hdrs
+ * [core] parse entire server.http-parseopts list
+ * [mod_wstunnel] Sec-WebSocket-Protocol only if req hdr
+ * [mod_h2] disable h2proto if mod_h2 was not found
+ * [core] omit dlopen trace for mod_h2, mod_deflate
+ * [mod_h2] defer input parsing if large output queue
+ * [mod_h2] defer frame handling if stream pend close
+ * [mod_h2] detect and log HTTP/2 rapid reset attack
+ * [core] honor MBEDTLS_USE_PSA_CRYPTO for hash,rand
+ * [mod_mbedtls] honor MBEDTLS_USE_PSA_CRYPTO for rand
+ * [core] comment out li_rand_bytes() (unused)
+ * [mod_mbedtls] handle mbedtls 3.x partial write
+ * [mod_h2] detect and log HTTP/2 rapid reset attack
+ * [mod_h2] detect and log HTTP/2 rapid reset attack
+ * [mod_openssl] warn if openssl version < 3.0.0
+ * [mod_openssl] include openssl/hmac.h for boringssl
+
- 1.4.72 - 2023-10-06
* [core] save config read from stdin across restart
* [core] warn if daemonize w/o absolute config path
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/SConstruct new/lighttpd-1.4.73/SConstruct
--- old/lighttpd-1.4.72/SConstruct 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/SConstruct 2023-10-31 03:35:56.000000000 +0100
@@ -12,7 +12,7 @@
string_types = str
package = 'lighttpd'
-version = '1.4.72'
+version = '1.4.73'
underscorify_reg = re.compile('[^A-Z0-9]')
def underscorify(id):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/configure new/lighttpd-1.4.73/configure
--- old/lighttpd-1.4.72/configure 2023-10-07 02:10:58.000000000 +0200
+++ new/lighttpd-1.4.73/configure 2023-10-31 03:36:07.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for lighttpd 1.4.72.
+# Generated by GNU Autoconf 2.71 for lighttpd 1.4.73.
#
# Report bugs to <https://redmine.lighttpd.net/projects/lighttpd/boards/2>.
#
@@ -622,8 +622,8 @@
# Identity of this package.
PACKAGE_NAME='lighttpd'
PACKAGE_TARNAME='lighttpd'
-PACKAGE_VERSION='1.4.72'
-PACKAGE_STRING='lighttpd 1.4.72'
+PACKAGE_VERSION='1.4.73'
+PACKAGE_STRING='lighttpd 1.4.73'
PACKAGE_BUGREPORT='https://redmine.lighttpd.net/projects/lighttpd/boards/2'
PACKAGE_URL='https://www.lighttpd.net/'
@@ -1527,7 +1527,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures lighttpd 1.4.72 to adapt to many kinds of systems.
+\`configure' configures lighttpd 1.4.73 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1598,7 +1598,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of lighttpd 1.4.72:";;
+ short | recursive ) echo "Configuration of lighttpd 1.4.73:";;
esac
cat <<\_ACEOF
@@ -1807,7 +1807,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-lighttpd configure 1.4.72
+lighttpd configure 1.4.73
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2223,7 +2223,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by lighttpd $as_me 1.4.72, which was
+It was created by lighttpd $as_me 1.4.73, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -3575,7 +3575,7 @@
# Define the identity of the package.
PACKAGE='lighttpd'
- VERSION='1.4.72'
+ VERSION='1.4.73'
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -21856,7 +21856,7 @@
fi
fi
-LIGHTTPD_VERSION_ID=0x10448
+LIGHTTPD_VERSION_ID=0x10449
printf "%s\n" "#define LIGHTTPD_VERSION_ID $LIGHTTPD_VERSION_ID" >>confdefs.h
@@ -22454,7 +22454,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by lighttpd $as_me 1.4.72, which was
+This file was extended by lighttpd $as_me 1.4.73, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -22523,7 +22523,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-lighttpd config.status 1.4.72
+lighttpd config.status 1.4.73
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/configure.ac new/lighttpd-1.4.73/configure.ac
--- old/lighttpd-1.4.72/configure.ac 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/configure.ac 2023-10-31 03:35:56.000000000 +0100
@@ -14,7 +14,7 @@
dnl function call, the argument should be on different lines than the
dnl wrapping braces
AC_PREREQ([2.60])
-AC_INIT([lighttpd],[1.4.72],[https://redmine.lighttpd.net/projects/lighttpd/boards/2],[lighttpd],[https://www.lighttpd.net/])
+AC_INIT([lighttpd],[1.4.73],[https://redmine.lighttpd.net/projects/lighttpd/boards/2],[lighttpd],[https://www.lighttpd.net/])
AC_CONFIG_SRCDIR([src/server.c])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/meson.build new/lighttpd-1.4.73/meson.build
--- old/lighttpd-1.4.72/meson.build 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/meson.build 2023-10-31 03:35:56.000000000 +0100
@@ -1,7 +1,7 @@
project(
'lighttpd',
'c',
- version: '1.4.72',
+ version: '1.4.73',
license: 'BSD-3-Clause',
default_options: ['c_std=c11'],
meson_version: '>=0.47.0',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/configfile-glue.c new/lighttpd-1.4.73/src/configfile-glue.c
--- old/lighttpd-1.4.72/src/configfile-glue.c 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/configfile-glue.c 2023-10-31 03:35:56.000000000 +0100
@@ -197,10 +197,6 @@
break;
case T_CONFIG_SHORT:
switch(du->type) {
- case TYPE_INTEGER:
- cpv->v.shrt =
- (unsigned short)((const data_integer *)du)->value;
- break;
case TYPE_STRING: {
/* If the value came from an environment variable, then it is
* a data_string, although it may contain a number in ASCII
@@ -218,10 +214,17 @@
}
}
log_error(srv->errh, __FILE__, __LINE__,
- "got a string but expected a short: %s %s", cpk[i].k, v);
+ "got a string but expected a short integer: %s %s", cpk[i].k, v);
rc = 0;
continue;
}
+ case TYPE_INTEGER:
+ cpv->v.shrt =
+ (unsigned short)((const data_integer *)du)->value;
+ if (((const data_integer *)du)->value >= 0
+ && ((const data_integer *)du)->value <= 65535)
+ break;
+ __attribute_fallthrough__
default:
log_error(srv->errh, __FILE__, __LINE__,
"unexpected type for key: %s %d expected a short integer, "
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/configfile.c new/lighttpd-1.4.73/src/configfile.c
--- old/lighttpd-1.4.72/src/configfile.c 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/configfile.c 2023-10-31 03:35:56.000000000 +0100
@@ -554,7 +554,8 @@
static int config_http_parseopts (server *srv, const array *a) {
unsigned short int opts = srv->srvconf.http_url_normalize;
- unsigned short int decode_2f = 1;
+ uint8_t decode_2f = 1;
+ uint8_t url_normalize = 1;
int rc = 1;
for (size_t i = 0; i < a->used; ++i) {
const data_string * const ds = (const data_string *)a->data[i];
@@ -616,14 +617,15 @@
else {
opts &= ~opt;
if (opt == HTTP_PARSEOPT_URL_NORMALIZE) {
- opts = 0;
- break;
+ url_normalize = 0;
}
if (opt == HTTP_PARSEOPT_URL_NORMALIZE_PATH_2F_DECODE) {
decode_2f = 0;
}
}
}
+ if (!url_normalize)
+ opts = 0;
if (opts != 0) {
opts |= HTTP_PARSEOPT_URL_NORMALIZE;
if ((opts & (HTTP_PARSEOPT_URL_NORMALIZE_PATH_2F_DECODE
@@ -992,6 +994,7 @@
,".webp", "image/webp"
,".avi", "video/x-msvideo"
+ ,".mkv", "video/x-matroska"
,".m4v", "video/mp4"
,".mp4", "video/mp4"
,".mpeg", "video/mpeg"
@@ -1367,6 +1370,9 @@
config_feature_bool(srv, "server.metrics-high-precision",
srv->srvconf.high_precision_timestamps);
+ /* disable h2proto if mod_h2 was not found during plugin load */
+ p->defaults.h2proto = srv->srvconf.h2proto;
+
/* configure default server_tag if not set
* (if configured to blank, unset server_tag)*/
if (!p->defaults.server_tag)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/h2.c new/lighttpd-1.4.73/src/h2.c
--- old/lighttpd-1.4.72/src/h2.c 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/h2.c 2023-10-31 03:35:56.000000000 +0100
@@ -435,6 +435,22 @@
{
h2con * const h2c = (h2con *)con->hx;
+ /* avoid sending REFUSED_STREAM if an existing stream is ready to be
+ * cleaned up, better handling edge case where stream concurrency limit
+ * has been reached and client sends RST_STREAM followed by HEADERS to
+ * cancel an existing stream and create a new, different stream.
+ * Note: this handles HTTP/2 rapid reset attack (CVE-2023-44487)
+ * slightly better than prior behavior by avoiding the minor overhead
+ * of responding with RST_STREAM REFUSED_STREAM */
+ for (uint32_t i = 0, rused = h2c->rused; i < rused; ++i) {
+ const request_st * const r = h2c->r[i];
+ if (r->state > CON_STATE_WRITE)
+ /* (CON_STATE_RESPONSE_END or CON_STATE_ERROR)
+ * request will be cleaned up shortly, releasing a slot;
+ * defer processing frame rather than sending REFUSED_STREAM */
+ return -1;
+ }
+
if (h2c->sent_settings) { /*(see h2_recv_settings() comments)*/
/* client connected and immediately sent flurry of request streams
* (h2c->sent_settings is non-zero if sent SETTINGS frame to
@@ -443,13 +459,31 @@
* server Connection Preface, so a well-behaved client will
* adjust after it sends its initial requests.
* (e.g. h2load -n 100 -m 100 sends 100 requests upon connect)
- *
+ */
+
+ /* Send GOAWAY if too many requests (> 100) sent prior to SETTINGS ackn
+ * (and if we reach here checking to refuse excess stream).
+ * (lighttpd currently sends SETTINGS once, following server preface) */
+ if (h2id > 200) {
+ log_error(NULL, __FILE__, __LINE__,
+ "h2: %s too many refused requests before SETTINGS ackn",
+ con->request.dst_addr_buf->ptr);
+ h2_send_goaway_e(con, H2_E_ENHANCE_YOUR_CALM);
+ return 0;
+ }
+
+ /*
* Check if active streams have pending request body. If all active
* streams have pending request body, then must refuse new stream as
* progress might be blocked if active streams all wait for DATA. */
for (uint32_t i = 0, rused = h2c->rused; i < rused; ++i) {
const request_st * const r = h2c->r[i];
if (r->reqbody_length == r->reqbody_queue.bytes_in) {
+ /* check that stream response will not be blocked waiting
+ * for stream WINDOW_UPDATE or connection WINDOW_UPDATE */
+ request_st * const h2r = &con->request;
+ if (r->x.h2.swin <= 0 || h2r->x.h2.swin <= 0) continue;
+
/* no pending request body; at least this request may proceed,
* though others waiting for request body may block until new
* request streams become active if new request streams precede
@@ -472,6 +506,30 @@
/* too many active streams; refuse new stream */
h2c->h2_cid = h2id;
h2_send_rst_stream_id(h2id, con, H2_E_REFUSED_STREAM);
+
+ /* mitigate request floods pipelining streams in excess of concurrency limit
+ *
+ * excess streams opened after SETTINGS_MAX_CONCURRENT_STREAMS 8 sent may
+ * indicate an attack, or may indicate an impatient and ill-behaved client
+ * (SETTINGS_MAX_CONCURRENT_STREAMS >= 100 recommended by RFC 9113)
+ * If client sends more than 100 requests before sending SETTINGS ackn,
+ * then lighttpd treats that as excessive (above). It could be accidental,
+ * but could be malicious since an attacker might intentionally omit sending
+ * SETTINGS ackn. Note: SETTINGS_MAX_CONCURRENT_STREAMS is not currently
+ * sent by lighttpd after SETTINGS following HTTP/2 server preface, so this
+ * stream concurrency limit does not change after connection initiation.
+ * Here, either SETTINGS ackn has been received, and still too many requests
+ * (more than concurrenty limit of 8) *or* fall through from above if active
+ * requests might block/timeout waiting for later frames). Well-behaved
+ * clients should not fall afoul of server SETTINGS_MAX_CONCURRENT_STREAMS*/
+ if (++h2c->n_refused_stream > 16) {
+ log_error(NULL, __FILE__, __LINE__,
+ "h2: %s too many refused requests",
+ con->request.dst_addr_buf->ptr);
+ h2_send_goaway_e(con, H2_E_NO_ERROR);
+ /*(return 0 if sending H2_E_ENHANCE_YOUR_CALM instead)*/
+ }
+
return 1;
}
@@ -537,6 +595,27 @@
/* XXX: ? add debug trace including error code from RST_STREAM ? */
r->state = CON_STATE_ERROR;
r->x.h2.state = H2_STATE_CLOSED;
+
+ /* attempt to detect HTTP/2 rapid reset attack (CVE-2023-44487)
+ * Send GOAWAY if 17 or more requests in recent batch of up to 32
+ * requests have been cancelled by client sending RST_STREAM.
+ * Note: this can legitimately occur, but is less likely for RST_STREAM
+ * in < 2 secs in which request was sent, repeated 16 more times within
+ * the next 32 requests, w/ SETTINGS_MAX_CONCURRENT_STREAMS only 8.
+ * Still, send GOAWAY NO_ERROR instead of sending ENHANCE_YOUR_CALM. */
+ if (!h2c->sent_goaway && r->start_hp.tv_sec+2 > log_epoch_secs) {
+ if ((++h2c->n_recv_rst_stream & 0xf) == 0)
+ h2c->n_recv_rst_stream |= 0xf;
+ uint8_t n_recv_rst_stream =
+ (h2c->n_recv_rst_stream >> 4) + (h2c->n_recv_rst_stream & 0xf);
+ if (n_recv_rst_stream > 16) {
+ log_error(NULL, __FILE__, __LINE__,
+ "h2: %s sent too many RST_STREAM too quickly",
+ con->request.dst_addr_buf->ptr);
+ h2_send_goaway_e(con, H2_E_NO_ERROR);
+ }
+ }
+
return;
}
/* unknown/inactive stream id
@@ -1392,6 +1471,11 @@
* be optional, like in HTTP/1.1 */
request_st * const r = h2_get_stream_req(h2c, id);
if (NULL == r) {
+ /* Note: sending GOAWAY here might be too strict. With the introduction
+ * of h2_discard_headers(), the GOAWAY can now safely be commented out
+ * if this causes any issue with legitimate use in the field due to
+ * lighttpd responding to a stream, closing and forgetting about the
+ * stream, and then receiving trailers from the client for the stream.*/
h2_send_goaway_e(con, H2_E_PROTOCOL_ERROR);
return NULL;
}
@@ -1413,15 +1497,42 @@
}
+__attribute_cold__
+static void
+h2_discard_headers_frame (struct lshpack_dec * const restrict decoder, const unsigned char **psrc, const unsigned char * const restrict endp, const request_st * const restrict r)
+{
+ /* HPACK decode and discard; stripped down from h2_parse_headers_frame().
+ * If HEADERS frame is received, HEADERS frame must be HPACK-decoded to
+ * maintain HPACK decoder state consistency for the connection, unless
+ * GOAWAY has been sent and no new streams will be opened. Even then,
+ * if GOAWAY was sent with H2_E_NO_ERROR, there is still chance that
+ * trailers sent later on active streams will fail to be decoded unless
+ * all HEADERS frames are HPACK-decoded in the order received. */
+
+ /*(h2_init_con() resized h2r->tmp_buf to 64k; shared with r->tmp_buf)*/
+ buffer * const tb = r->tmp_buf;
+ char * const tbptr = tb->ptr;
+ const lsxpack_strlen_t tbsz = (tb->size <= LSXPACK_MAX_STRLEN)
+ ? tb->size
+ : LSXPACK_MAX_STRLEN;
+
+ lsxpack_header_t lsx;
+ while (*psrc < endp) {
+ memset(&lsx, 0, sizeof(lsxpack_header_t));
+ lsx.buf = tbptr;
+ lsx.val_len = tbsz;
+ if (lshpack_dec_decode(decoder, psrc, endp, &lsx) != LSHPACK_OK)
+ break; /* HPACK decode failed; should probably send GOAWAY? */
+ }
+}
+
+
static void h2_retire_stream (request_st *r, connection * const con);
static void
-h2_parse_headers_frame (request_st * const restrict r, const unsigned char *psrc, const uint32_t plen, const int trailers)
+h2_parse_headers_frame (struct lshpack_dec * const restrict decoder, const unsigned char **psrc, const unsigned char * const endp, request_st * const restrict r, const int trailers)
{
- h2con * const h2c = (h2con *)r->con->hx;
- struct lshpack_dec * const restrict decoder = &h2c->decoder;
- const unsigned char * const endp = psrc + plen;
http_header_parse_ctx hpctx;
hpctx.hlen = 0;
hpctx.pseudo = 1; /*(XXX: should be !trailers if handling trailers)*/
@@ -1442,11 +1553,11 @@
: LSXPACK_MAX_STRLEN;
lsxpack_header_t lsx;
- while (psrc < endp) {
+ while (*psrc < endp) {
memset(&lsx, 0, sizeof(lsxpack_header_t));
lsx.buf = tbptr;
lsx.val_len = tbsz;
- rc = lshpack_dec_decode(decoder, &psrc, endp, &lsx);
+ rc = lshpack_dec_decode(decoder, psrc, endp, &lsx);
if (0 == lsx.name_len)
rc = LSHPACK_ERR_BAD_DATA;
if (__builtin_expect( (rc == LSHPACK_OK), 1)) {
@@ -1466,6 +1577,9 @@
if (__builtin_expect( (0 != http_status), 0)) {
if (r->http_status == 0) /*might be set if processing trailers*/
r->http_status = http_status;
+ /* Note: hpctx.hlen is not adjusted for rest of headers, nor
+ * debug printing of headers if hpctx.log_request_header */
+ h2_discard_headers_frame(decoder, psrc, endp, r);
break;
}
}
@@ -1495,19 +1609,22 @@
if (rc != LSHPACK_ERR_BAD_DATA) {
/* LSHPACK_ERR_TOO_LARGE, LSHPACK_ERR_MORE_BUF */
err = H2_E_PROTOCOL_ERROR;
+ #if 0
+ /* redundant: h2_send_goaway_e() sends RST_STREAM with
+ * H2_E_PROTOCOL_ERROR if GOAWAY not already sent.
+ * (If GOAWAY were sent with higher id, we would want
+ * to send RST_STREAM here, but that is not the case) */
h2_send_rst_stream(r, r->con, err);
+ #endif
}
- if (!h2c->sent_goaway && !hpctx.trailers)
- h2c->h2_cid = r->x.h2.id;
- h2_send_goaway_e(r->con, err);
if (!hpctx.trailers) {
- h2_retire_stream(r, r->con);
+ h2con * const h2c = (h2con *)r->con->hx;
+ if (!h2c->sent_goaway)
+ h2c->h2_cid = r->x.h2.id;
+ h2_send_goaway_e(r->con, err);
return;
}
- else {
- r->state = CON_STATE_ERROR;
- r->x.h2.state = H2_STATE_CLOSED;
- }
+ h2_send_goaway_e(r->con, err);
break;
}
}
@@ -1550,6 +1667,41 @@
}
+__attribute_cold__
+static int
+h2_discard_headers (struct lshpack_dec * const restrict decoder, const unsigned char **psrc, const unsigned char * const restrict endp, const request_st * const restrict r, h2con * const h2c)
+{
+ /* If GOAWAY was sent with an error, return quickly without decoding;
+ * choose *to not keep* HPACK decoder state in sync, since
+ * h2_send_rst_stream_state() set r->state = CON_STATE_ERROR and
+ * r->x.h2.state = H2_STATE_CLOSED for previously active streams. */
+ if (h2c->sent_goaway > 0) return 0;
+
+ /* Send error if too many discarded HEADERS frames.
+ * (similar to h2_send_refused_stream())
+ * Note: this could legitimately be triggered by a client sending trailers
+ * after lighttpd has responded to and closed a stream, so no longer tracked
+ * by lighttpd, but that is not expected to be a common scenario. (Also, if
+ * this were permitted without limit, it could be abused to bypass limit.)*/
+ if (++h2c->n_discarded_headers > 32) {
+ connection * const con = r->con;
+ log_error(NULL, __FILE__, __LINE__,
+ "h2: %s too many discarded requests",
+ con->request.dst_addr_buf->ptr);
+ h2_send_goaway_e(con, H2_E_ENHANCE_YOUR_CALM);
+ }
+
+ h2_discard_headers_frame(decoder, psrc, endp, r);
+
+ /* return 1 to continue processing HTTP/2 frames
+ * Note: if returning 0 to defer processing additional frames and
+ * yield to other connections, must also joblist_append(con) unless
+ * all h2c->r slots are full and next frame is HEADERS (which could
+ * be passed in as a flag depending on the calling location) */
+ return 1;
+}
+
+
__attribute_noinline__
static int
h2_recv_headers (connection * const con, uint8_t * const s, uint32_t flen)
@@ -1561,7 +1713,6 @@
* might be made to the code in the future. */
__coverity_tainted_data_sink__(s);
#endif
- request_st *r = NULL;
h2con * const h2c = (h2con *)con->hx;
const uint32_t id = h2_u31(s+5);
#if 0 /*(included in (!(id & 1)) below)*/
@@ -1575,53 +1726,6 @@
return 0;
}
- request_st * const h2r = &con->request;
- int trailers = 0;
-
- if (id > h2c->h2_cid) {
- if (h2c->rused == sizeof(h2c->r)/sizeof(*h2c->r))
- return h2_send_refused_stream(id, con);
- /* Note: MUST process HPACK decode even if already sent GOAWAY.
- * This is necessary since there may be active streams not in
- * H2_STATE_HALF_CLOSED_REMOTE, e.g. H2_STATE_OPEN, still possibly
- * receiving DATA and, more relevantly, still might receive HEADERS
- * frame with trailers, for which the decoder state is required.
- * XXX: future might try to reduce other processing done if sent
- * GOAWAY, e.g. might avoid allocating (request_st *r) */
- r = h2_init_stream(h2r, con);
- r->x.h2.id = id;
- if (s[4] & H2_FLAG_END_STREAM) {
- r->x.h2.state = H2_STATE_HALF_CLOSED_REMOTE;
- r->state = CON_STATE_HANDLE_REQUEST;
- r->reqbody_length = 0;
- }
- else {
- r->x.h2.state = H2_STATE_OPEN;
- r->state = CON_STATE_READ_POST;
- r->reqbody_length = -1;
- }
- /* Note: timestamps here are updated only after receipt of entire header
- * (HEADERS frame might have been sent in multiple packets
- * and CONTINUATION frames may have been sent in multiple packets)
- * (affects high precision timestamp, if enabled)
- * (large sets of headers are not typical, and even when they do
- * occur, they will typically be sent within the same second)
- * (future: might keep high precision timestamp in h2con when first
- * packet of HEADERS or PUSH_PROMISE is received, and clear that
- * timestamp when frame + CONTINUATION(s) are complete (so that
- * re-read of initial frame does not overwrite the timestamp))
- */
- r->start_hp.tv_sec = log_epoch_secs;
- if (r->conf.high_precision_timestamps)
- log_clock_gettime_realtime(&r->start_hp);
- }
- else {
- r = h2_recv_trailers_r(con, h2c, id, s[4]); /* (cold code path) */
- if (NULL == r)
- return (h2c->sent_goaway > 0) ? 0 : 1;
- trailers = 1;
- }
-
const unsigned char *psrc = s + 9;
uint32_t alen = flen;
if (s[4] & H2_FLAG_PADDED) {
@@ -1631,23 +1735,26 @@
/* Padding that exceeds the size remaining for the header block
* fragment MUST be treated as a PROTOCOL_ERROR. */
h2_send_goaway_e(con, H2_E_PROTOCOL_ERROR);
- if (!trailers)
- h2_retire_stream(r, con);
- else {
- r->state = CON_STATE_ERROR;
- r->x.h2.state = H2_STATE_CLOSED;
- }
return 0;
}
alen -= (1 + pad); /*(alen is adjusted for PRIORITY below)*/
}
if (s[4] & H2_FLAG_PRIORITY) {
- /* XXX: TODO: handle PRIORITY (prio fields start at *psrc) */
- if (alen < 5 || (/*prio = */h2_u32(psrc)) == id) {
- h2_send_rst_stream(r, con, H2_E_PROTOCOL_ERROR);
- if (!trailers)
- h2_retire_stream(r, con);
- return 1;
+ if (alen < 5) {
+ h2_send_goaway_e(con, H2_E_PROTOCOL_ERROR);
+ return 0;
+ }
+ if (((/*prio = */h2_u32(psrc)) == id) & (id > h2c->h2_cid)) {
+ /*(ignore dep if HEADERS frame is trailers (id <= h2c->h2_cid)*/
+ /* https://www.rfc-editor.org/rfc/rfc7540#section-5.3.1
+ * A stream cannot depend on itself. An endpoint MUST treat this
+ * as a stream error (Section 5.4.2) of type PROTOCOL_ERROR.*/
+ h2_send_rst_stream_id(id, con, H2_E_PROTOCOL_ERROR);
+ /* PRIORITY is deprecated in RFC9113. As this mistake is now more
+ * likely an attack, follow with goaway error since HEADERS frame
+ * is not HPACK decoded here to maintain HPACK decoder state. */
+ h2_send_goaway_e(con, H2_E_PROTOCOL_ERROR);
+ return 0;
}
#if 0
uint32_t exclusive_dependency = (psrc[0] & 0x80) ? 1 : 0;
@@ -1661,29 +1768,85 @@
alen -= 5;
}
- h2_parse_headers_frame(r, psrc, alen, trailers);
-
- if (__builtin_expect( (trailers), 0))
+ if (id <= h2c->h2_cid) { /* (trailers; cold code path) */
+ request_st * const r = h2_recv_trailers_r(con, h2c, id, s[4]);
+ if (NULL == r)
+ return h2_discard_headers(&h2c->decoder, &psrc, psrc+alen,
+ &con->request, h2c);
+ h2_parse_headers_frame(&h2c->decoder,&psrc,psrc+alen,r,1);/*(trailers)*/
return 1;
+ }
+
+ /* Note: MUST process HPACK decode even if already sent GOAWAY.
+ * This is necessary since there may be active streams not in
+ * H2_STATE_HALF_CLOSED_REMOTE, e.g. H2_STATE_OPEN, still possibly
+ * receiving DATA and, more relevantly, still might receive HEADERS
+ * frame with trailers, for which the decoder state may be required. */
+
+ if (h2c->sent_goaway)
+ return h2_discard_headers(&h2c->decoder, &psrc, psrc+alen,
+ &con->request, h2c);
#if 0 /*(handled in h2_parse_frames() as a connection error)*/
- /* not handled here:
- * r is invalid if h2_parse_headers_frame() HPACK decode error */
if (s[3] == H2_FTYPE_PUSH_PROMISE) {
- /* Had to process HPACK to keep HPACK tables sync'd with peer but now
- * discard the request if PUSH_PROMISE, since not expected, as this code
- * is running as a server, not as a client.
- * XXX: future might try to reduce other processing done if
- * discarding, e.g. might avoid allocating (request_st *r) */
+ /* discard the request if PUSH_PROMISE, since not expected, as this code
+ * is running as a server, not as a client. */
+ /* note: h2_parse_headers_frame() sets h2c->h2_cid on HPACK decode error
+ * and would need to be changed for code to be shared by PUSH_PROMISE */
/* rant: PUSH_PROMISE could have been a flag on HEADERS frame
* instead of an independent frame type */
- r->http_status = 0;
- h2_retire_stream(r, con);
+ h2c->h2_sid = id;
+ return h2_discard_headers(&h2c->decoder, &psrc, psrc+alen,
+ &con->request, h2c);
}
#endif
+ /* new stream */
+
+ if (h2c->rused == sizeof(h2c->r)/sizeof(*h2c->r))
+ return h2_send_refused_stream(id, con) == -1
+ ? -1
+ : h2_discard_headers(&h2c->decoder, &psrc, psrc+alen,
+ &con->request, h2c);
+
+ request_st * const h2r = &con->request;
+ request_st * const r = h2_init_stream(h2r, con);
+ r->x.h2.id = id;
+ if (s[4] & H2_FLAG_END_STREAM) {
+ r->x.h2.state = H2_STATE_HALF_CLOSED_REMOTE;
+ r->state = CON_STATE_HANDLE_REQUEST;
+ r->reqbody_length = 0;
+ }
+ else {
+ r->x.h2.state = H2_STATE_OPEN;
+ r->state = CON_STATE_READ_POST;
+ r->reqbody_length = -1;
+ }
+ /* Note: timestamps here are updated only after receipt of entire header
+ * (HEADERS frame might have been sent in multiple packets
+ * and CONTINUATION frames may have been sent in multiple packets)
+ * (affects high precision timestamp, if enabled)
+ * (large sets of headers are not typical, and even when they do
+ * occur, they will typically be sent within the same second)
+ * (future: might keep high precision timestamp in h2con when first
+ * packet of HEADERS or PUSH_PROMISE is received, and clear that
+ * timestamp when frame + CONTINUATION(s) are complete (so that
+ * re-read of initial frame does not overwrite the timestamp))
+ */
+ r->start_hp.tv_sec = log_epoch_secs;
+ if (r->conf.high_precision_timestamps)
+ log_clock_gettime_realtime(&r->start_hp);
+
+ h2_parse_headers_frame(&h2c->decoder, &psrc, psrc+alen, r, 0); /*(headers)*/
+
if (!h2c->sent_goaway) {
h2c->h2_cid = id;
+
+ /* counter to detect HTTP/2 rapid reset attack (CVE-2023-44487)
+ * HTTP/2 client ids are odds, so use mask 0x1f
+ * in order to reset lower counter every 16 requests */
+ if ((id & 0x1f) == 0x1) h2c->n_recv_rst_stream <<= 4;
+
/*(lighttpd.conf config conditions not yet applied to request,
* but do not increase window size if BUFMIN set in global config)*/
if (r->reqbody_length /*(see h2_init_con() for session window)*/
@@ -1719,11 +1882,9 @@
if (h2c->rused-1) /*(true if more than one active stream)*/
h2_apply_priority_update(h2c, r, h2c->rused-1);
}
- else if (h2c->h2_cid < id) {
+ else {
/* Had to process HPACK to keep HPACK tables sync'd with peer
- * but now discard the request if id is after id sent in GOAWAY.
- * XXX: future might try to reduce other processing done if
- * discarding, e.g. might avoid allocating (request_st *r) */
+ * but now discard the request */
r->http_status = 0;
h2_retire_stream(r, con);
}
@@ -1745,6 +1906,11 @@
* should accept the larger frame size until SETTINGS is ACK'd) */
const uint32_t fsize = h2c->s_max_frame_size;
for (off_t cqlen; (cqlen = chunkqueue_length(cq)) >= 9; ) {
+
+ /* defer parsing additional frames if large output queue pending write*/
+ if (__builtin_expect( (chunkqueue_length(con->write_queue) > 65536), 0))
+ return 0;
+
chunk *c = cq->first;
/*assert(c->type == MEM_CHUNK);*/
/* copy data if frame header crosses chunk boundary
@@ -3308,8 +3474,19 @@
request_st * const h2r = &con->request;
if (h2r->state == CON_STATE_WRITE) {
/* write HTTP/2 frames to socket */
- if (!chunkqueue_is_empty(con->write_queue))
+ if (!chunkqueue_is_empty(con->write_queue)) {
connection_handle_write(h2r, con);
+ /* check if might need to resched to process more frames
+ * (could be more precise duplicating parts of h2_want_read(),
+ * though prefer to check here when write_queue has been emptied)
+ * need to resched if still CON_STATE_WRITE, write_queue empty,
+ * full frame pending, and frame is not HEADERS or h2c->r not full,
+ * which might happen if parsing frames was deferred if write_queue
+ * grew too large generating HTTP/2 replies to various frame types*/
+ if (chunkqueue_is_empty(con->write_queue)
+ && !chunkqueue_is_empty(con->read_queue))
+ resched |= 2;
+ }
if (chunkqueue_is_empty(con->write_queue)
&& 0 == h2c->rused && h2c->sent_goaway)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/h2.h new/lighttpd-1.4.73/src/h2.h
--- old/lighttpd-1.4.72/src/h2.h 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/h2.h 2023-10-31 03:35:56.000000000 +0100
@@ -88,6 +88,9 @@
struct lshpack_dec decoder;
struct lshpack_enc encoder;
unix_time64_t half_closed_ts;
+ uint8_t n_refused_stream;
+ uint8_t n_discarded_headers;
+ uint8_t n_recv_rst_stream;
};
typedef struct h2con h2con;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/mod_mbedtls.c new/lighttpd-1.4.73/src/mod_mbedtls.c
--- old/lighttpd-1.4.72/src/mod_mbedtls.c 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/mod_mbedtls.c 2023-10-31 03:35:56.000000000 +0100
@@ -62,11 +62,15 @@
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#endif
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include <mbedtls/psa_util.h>
+#else
#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/entropy.h>
+#endif
#include <mbedtls/debug.h>
#include <mbedtls/dhm.h>
#include <mbedtls/error.h>
-#include <mbedtls/entropy.h>
#include <mbedtls/oid.h>
#include <mbedtls/pem.h>
#include <mbedtls/ssl.h>
@@ -168,10 +172,12 @@
plugin_ssl_ctx *ssl_ctxs;
plugin_config defaults;
server *srv;
+ #if !defined(MBEDTLS_USE_PSA_CRYPTO)
/* NIST counter-mode deterministic random byte generator */
mbedtls_ctr_drbg_context ctr_drbg;
/* entropy collection and state management */
mbedtls_entropy_context entropy;
+ #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_context ticket_ctx;
const char *ssl_stek_file;
@@ -407,6 +413,14 @@
if (ssl_is_init) return 1;
ssl_is_init = 1;
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t ps = psa_crypto_init();
+ if (ps != PSA_SUCCESS) {
+ log_error(srv->errh, __FILE__, __LINE__,
+ "MTLS: %s: (-0x%04x)", "psa_crypto_init()", ps);
+ return 0;
+ }
+ #else
plugin_data * const p = plugin_data_singleton;
mbedtls_ctr_drbg_init(&p->ctr_drbg); /* init empty NSIT random num gen */
mbedtls_entropy_init(&p->entropy); /* init empty entropy collection struct
@@ -422,6 +436,7 @@
"Init of random number generator failed");
return 0;
}
+ #endif
local_send_buffer = ck_malloc(LOCAL_SEND_BUFSIZE);
return 1;
@@ -438,8 +453,12 @@
#endif
plugin_data * const p = plugin_data_singleton;
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+ #else
mbedtls_ctr_drbg_free(&p->ctr_drbg);
mbedtls_entropy_free(&p->entropy);
+ #endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_free(&p->ticket_ctx);
#endif
@@ -977,11 +996,18 @@
if (NULL == data) return rc;
#if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.00.0 */
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ rc = mbedtls_pk_parse_key(ctx, (unsigned char *)data, (size_t)dlen+1,
+ (const unsigned char *)pwd,
+ pwd ? strlen(pwd) : 0,
+ mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE);
+ #else
plugin_data * const p = plugin_data_singleton;
rc = mbedtls_pk_parse_key(ctx, (unsigned char *)data, (size_t)dlen+1,
(const unsigned char *)pwd,
pwd ? strlen(pwd) : 0,
mbedtls_ctr_drbg_random, &p->ctr_drbg);
+ #endif
#else
rc = mbedtls_pk_parse_key(ctx, (unsigned char *)data, (size_t)dlen+1,
(const unsigned char *)pwd,
@@ -1024,9 +1050,14 @@
}
#if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.00.0 */
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ rc = mbedtls_pk_check_pair(&ssl_pemfile_x509.pk, &ssl_pemfile_pkey,
+ mbedtls_psa_get_random,MBEDTLS_PSA_RANDOM_STATE);
+ #else
plugin_data * const p = plugin_data_singleton;
rc = mbedtls_pk_check_pair(&ssl_pemfile_x509.pk, &ssl_pemfile_pkey,
mbedtls_ctr_drbg_random, &p->ctr_drbg);
+ #endif
#else
rc = mbedtls_pk_check_pair(&ssl_pemfile_x509.pk, &ssl_pemfile_pkey);
#endif
@@ -1437,7 +1468,12 @@
mbedtls_ssl_config_init(s->ssl_ctx);
/* set the RNG in the ssl config context, using the default random func */
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_ssl_conf_rng(s->ssl_ctx,
+ mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE);
+ #else
mbedtls_ssl_conf_rng(s->ssl_ctx, mbedtls_ctr_drbg_random, &p->ctr_drbg);
+ #endif
/* mbedtls defaults to disable client renegotiation
* mbedtls defaults to no record compression unless mbedtls is built
@@ -1527,9 +1563,17 @@
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if (s->ssl_session_ticket /*(.ticket_lifetime is private)*/
&& !*(unsigned char *)&p->ticket_ctx) { /*init once*/
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ rc = mbedtls_ssl_ticket_setup(&p->ticket_ctx,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE,
+ MBEDTLS_CIPHER_AES_256_GCM,
+ 43200); /* ticket timeout: 12 hours */
+ #else
rc = mbedtls_ssl_ticket_setup(&p->ticket_ctx, mbedtls_ctr_drbg_random,
&p->ctr_drbg, MBEDTLS_CIPHER_AES_256_GCM,
43200); /* ticket timeout: 12 hours */
+ #endif
if (0 != rc) {
elog(srv->errh,__FILE__,__LINE__,rc,"mbedtls_ssl_ticket_setup()");
return -1;
@@ -1993,6 +2037,9 @@
break; /* try again later */
case MBEDTLS_ERR_SSL_WANT_WRITE:
con->is_writable = -1;
+ #if MBEDTLS_VERSION_NUMBER >= 0x03000000 /* mbedtls 3.00.0 */
+ hctx->pending_write = wr_len; /* partial write; save attempted wr_len */
+ #endif
break; /* try again later */
case MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS:
case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS:
@@ -2009,8 +2056,8 @@
#if MBEDTLS_VERSION_NUMBER < 0x03000000 /* mbedtls 3.00.0 */
if (0 != hctx->ssl.out_left) /* partial write; save attempted wr_len */
- #endif
hctx->pending_write = wr_len;
+ #endif
return 0; /* try again later */
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/mod_openssl.c new/lighttpd-1.4.73/src/mod_openssl.c
--- old/lighttpd-1.4.72/src/mod_openssl.c 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/mod_openssl.c 2023-10-31 03:35:56.000000000 +0100
@@ -82,6 +82,7 @@
#include <openssl/ocsp.h>
#endif
#ifdef BORINGSSL_API_VERSION
+#include <openssl/hmac.h>
/* BoringSSL purports to have some OCSP support */
#undef OPENSSL_NO_OCSP
#endif
@@ -2191,7 +2192,8 @@
#if defined(BORINGSSL_API_VERSION) \
- || defined(LIBRESSL_VERSION_NUMBER)
+ || defined(LIBRESSL_VERSION_NUMBER) \
+ || OPENSSL_VERSION_NUMBER < 0x10100000L
static int
mod_openssl_ssl_conf_curves(server *srv, plugin_config_socket *s, const buffer *ssl_ec_curve)
{
@@ -2254,6 +2256,7 @@
return 1;
}
#endif /* BORINGSSL_API_VERSION || LIBRESSL_VERSION_NUMBER */
+ /* || OPENSSL_VERSION_NUMBER < 0x10100000L */
static int
@@ -2365,6 +2368,11 @@
if (!mod_openssl_ssl_conf_dhparameters(srv, s, NULL))
return -1;
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (!mod_openssl_ssl_conf_curves(srv, s, NULL))
+ return -1;
+ #endif
+
#ifdef TLSEXT_TYPE_session_ticket
#if OPENSSL_VERSION_NUMBER < 0x30000000L
SSL_CTX_set_tlsext_ticket_key_cb(s->ssl_ctx, ssl_tlsext_ticket_key_cb);
@@ -2996,11 +3004,12 @@
mod_openssl_merge_config(&p->defaults, cpv);
}
- #if OPENSSL_VERSION_NUMBER < 0x10101000L \
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L \
+ && !defined(BORINGSSL_API_VERSION) \
&& !defined(LIBRESSL_VERSION_NUMBER)
log_error(srv->errh, __FILE__, __LINE__, "SSL:"
"openssl library version is outdated and has reached end-of-life. "
- "As of 1 Jan 2020, only openssl 1.1.1 and later continue to receive "
+ "As of 11 Sep 2023, only openssl 3.0.0 and later continue to receive "
"security patches from openssl.org");
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/mod_wstunnel.c new/lighttpd-1.4.73/src/mod_wstunnel.c
--- old/lighttpd-1.4.72/src/mod_wstunnel.c 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/mod_wstunnel.c 2023-10-31 03:35:56.000000000 +0100
@@ -822,7 +822,7 @@
buffer_append_base64_encode(value, sha_digest, SHA_DIGEST_LENGTH, BASE64_STANDARD);
}
- if (hctx->frame.type == MOD_WEBSOCKET_FRAME_TYPE_BIN)
+ if (1 == hctx->subproto)
http_header_response_set(r, HTTP_HEADER_OTHER,
CONST_STR_LEN("Sec-WebSocket-Protocol"),
CONST_STR_LEN("binary"));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/plugin.c new/lighttpd-1.4.73/src/plugin.c
--- old/lighttpd-1.4.72/src/plugin.c 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/plugin.c 2023-10-31 03:35:56.000000000 +0100
@@ -131,13 +131,15 @@
}
}
if (!load_functions[j].name) {
- log_error(srv->errh, __FILE__, __LINE__, "%s plugin not found", module);
if (srv->srvconf.compat_module_load) {
if (buffer_eq_slen(&ds->value, CONST_STR_LEN("mod_deflate")))
continue;
}
- if (buffer_eq_slen(&ds->value, CONST_STR_LEN("mod_h2")))
+ if (buffer_eq_slen(&ds->value, CONST_STR_LEN("mod_h2"))) {
+ srv->srvconf.h2proto = 0;
continue;
+ }
+ log_error(srv->errh, __FILE__, __LINE__, "%s plugin not found", module);
return -1;
}
}
@@ -180,14 +182,16 @@
#ifdef _WIN32
buffer_append_string_len(tb, CONST_STR_LEN(".dll"));
if (NULL == (lib = LoadLibrary(tb->ptr))) {
- log_perror(srv->errh, __FILE__, __LINE__,
- "LoadLibrary() %s", tb->ptr);
if (srv->srvconf.compat_module_load) {
if (buffer_eq_slen(module, CONST_STR_LEN("mod_deflate")))
continue;
}
- if (buffer_eq_slen(module, CONST_STR_LEN("mod_h2")))
+ if (buffer_eq_slen(module, CONST_STR_LEN("mod_h2"))) {
+ srv->srvconf.h2proto = 0;
continue;
+ }
+ log_perror(srv->errh, __FILE__, __LINE__,
+ "LoadLibrary() %s", tb->ptr);
return -1;
}
buffer_copy_buffer(tb, module);
@@ -206,14 +210,16 @@
buffer_append_string_len(tb, CONST_STR_LEN(".so"));
#endif
if (NULL == (lib = dlopen(tb->ptr, RTLD_NOW|RTLD_GLOBAL))) {
- log_error(srv->errh, __FILE__, __LINE__,
- "dlopen() failed for: %s %s", tb->ptr, dlerror());
if (srv->srvconf.compat_module_load) {
if (buffer_eq_slen(module, CONST_STR_LEN("mod_deflate")))
continue;
}
- if (buffer_eq_slen(module, CONST_STR_LEN("mod_h2")))
+ if (buffer_eq_slen(module, CONST_STR_LEN("mod_h2"))) {
+ srv->srvconf.h2proto = 0;
continue;
+ }
+ log_error(srv->errh, __FILE__, __LINE__,
+ "dlopen() failed for: %s %s", tb->ptr, dlerror());
return -1;
}
buffer_clear(tb);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/rand.c new/lighttpd-1.4.73/src/rand.c
--- old/lighttpd-1.4.72/src/rand.c 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/rand.c 2023-10-31 03:35:56.000000000 +0100
@@ -41,9 +41,13 @@
#undef USE_OPENSSL_CRYPTO
#undef USE_GNUTLS_CRYPTO
#undef USE_NSS_CRYPTO
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include <mbedtls/psa_util.h>
+#else
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>
#endif
+#endif
#ifdef USE_WOLFSSL_CRYPTO
#undef USE_OPENSSL_CRYPTO
#undef USE_GNUTLS_CRYPTO
@@ -219,6 +223,7 @@
static int li_rand_inited;
static unsigned short xsubi[3];
#ifdef USE_MBEDTLS_CRYPTO
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
#ifdef MBEDTLS_ENTROPY_C
static mbedtls_entropy_context entropy;
#ifdef MBEDTLS_CTR_DRBG_C
@@ -226,6 +231,7 @@
#endif
#endif
#endif
+#endif
#ifdef USE_WOLFSSL_CRYPTO
static WC_RNG wolf_globalRNG;
#endif
@@ -334,6 +340,11 @@
RAND_seed(xsubi, (int)sizeof(xsubi));
#endif
#ifdef USE_MBEDTLS_CRYPTO
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t ps = psa_crypto_init();
+ if (ps != PSA_SUCCESS)
+ ck_bt_abort(__FILE__, __LINE__, "psa_crypto_init() failed");
+ #else
#ifdef MBEDTLS_ENTROPY_C
mbedtls_entropy_init(&entropy);
#ifdef MBEDTLS_CTR_DRBG_C
@@ -346,6 +357,7 @@
#endif
#endif
#endif
+ #endif
#ifdef USE_NSS_CRYPTO
if (!NSS_IsInitialized() && NSS_NoDB_Init(NULL) < 0)
ck_bt_abort(__FILE__, __LINE__, "aborted");
@@ -382,13 +394,28 @@
#endif
#ifdef USE_MBEDTLS_CRYPTO
if (li_rand_inited) {
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+ #else
#ifdef MBEDTLS_ENTROPY_C
#ifdef MBEDTLS_CTR_DRBG_C
mbedtls_ctr_drbg_free(&ctr_drbg);
#endif
mbedtls_entropy_free(&entropy);
#endif
+ #endif
+ }
+ #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_CRYPTO_DRIVER_TEST)
+ else {
+ /*(kludge to call psa_crypto_init() for sys-crypto-md.h from server.c)*/
+ /*(However, we prefer to defer RNG initialization, and the builtin hash
+ * functions do not require psa_crypto_init(), so skip unless hash func
+ * might use an accelerated crypto driver)*/
+ psa_status_t ps = psa_crypto_init();
+ if (ps != PSA_SUCCESS)
+ ck_bt_abort(__FILE__, __LINE__, "psa_crypto_init() failed");
}
+ #endif
#endif
if (li_rand_inited) li_rand_init();
}
@@ -420,12 +447,19 @@
if (i) return i; /*(cond to avoid compiler warning for code after return)*/
#endif
#ifdef USE_MBEDTLS_CRYPTO
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ int i;
+ if (0 == mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+ (unsigned char *)&i, sizeof(i)))
+ return i;
+ #else
#ifdef MBEDTLS_CTR_DRBG_C
int i;
if (0 == mbedtls_ctr_drbg_random(&ctr_drbg, (unsigned char *)&i, sizeof(i)))
return i;
#endif
#endif
+ #endif
#ifdef USE_NSS_CRYPTO
int i;
if (SECSuccess == PK11_GenerateRandom((unsigned char *)&i, sizeof(i)))
@@ -466,10 +500,14 @@
if (SECSuccess == PK11_GenerateRandom(buf, num)) return;
#endif
#ifdef USE_MBEDTLS_CRYPTO
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (0 == psa_generate_random(buf, (size_t)num)) return;
+ #else
#ifdef MBEDTLS_CTR_DRBG_C
if (0 == mbedtls_ctr_drbg_random(&ctr_drbg, buf, (size_t)num)) return;
#endif
#endif
+ #endif
#ifdef USE_WOLFSSL_CRYPTO
/* RAND_pseudo_bytes() in WolfSSL is equivalent to RAND_bytes() */
if (0 == wc_RNG_GenerateBlock(&wolf_globalRNG, (byte *)buf, (word32)num))
@@ -479,6 +517,7 @@
buf[i] = li_rand_pseudo() & 0xFF;
}
+#if 0 /*(unused)*/
int li_rand_bytes (unsigned char *buf, int num)
{
#ifdef USE_GNUTLS_CRYPTO /* should use GNUTLS_RND_KEY for long-term keys */
@@ -516,6 +555,10 @@
#endif
#ifdef USE_MBEDTLS_CRYPTO
#ifdef MBEDTLS_ENTROPY_C
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (0 == psa_generate_random(buf, (size_t)num))
+ return 1;
+ #else
/*(each call <= MBEDTLS_ENTROPY_BLOCK_SIZE; could implement loop here)*/
if (num <= MBEDTLS_ENTROPY_BLOCK_SIZE
&& 0 == mbedtls_entropy_func(&entropy, buf, (size_t)num)) {
@@ -523,6 +566,7 @@
}
#endif
#endif
+ #endif
if (1 == li_rand_device_bytes(buf, num)) {
return 1;
}
@@ -533,6 +577,7 @@
return 0;
}
}
+#endif
void li_rand_cleanup (void)
{
@@ -549,6 +594,9 @@
#endif
#endif
#ifdef USE_MBEDTLS_CRYPTO
+ #if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+ #else
#ifdef MBEDTLS_ENTROPY_C
#ifdef MBEDTLS_CTR_DRBG_C
mbedtls_ctr_drbg_free(&ctr_drbg);
@@ -556,5 +604,7 @@
mbedtls_entropy_free(&entropy);
#endif
#endif
+ li_rand_inited = 0;
+ #endif /* USE_MBEDTLS_CRYPTO */
ck_memzero(xsubi, sizeof(xsubi));
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lighttpd-1.4.72/src/sys-crypto-md.h new/lighttpd-1.4.73/src/sys-crypto-md.h
--- old/lighttpd-1.4.72/src/sys-crypto-md.h 2023-10-07 02:10:38.000000000 +0200
+++ new/lighttpd-1.4.73/src/sys-crypto-md.h 2023-10-31 03:35:56.000000000 +0100
@@ -153,6 +153,102 @@
#include <mbedtls/version.h>
/*#include <mbedtls/compat-2.x.h>*//*(func renames ifdef'd below)*/
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+/* Note: psa_crypto_init() MUST be called once before use
+ * (see lighttpd src/rand.c for overload where this is done in lighttpd) */
+#include <string.h> /* memset() */
+
+#ifdef PSA_WANT_ALG_MD5
+#define USE_LIB_CRYPTO_MD5
+typedef psa_hash_operation_t MD5_CTX;
+static inline int
+MD5_Init(MD5_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(MD5_CTX));
+ return (PSA_SUCCESS == psa_hash_setup(ctx, PSA_ALG_MD5));
+}
+static inline int
+MD5_Final(unsigned char *digest, MD5_CTX *ctx)
+{
+ size_t n; /* PSA_HASH_LENGTH(PSA_ALG_MD5) == 16 */
+ return (PSA_SUCCESS == psa_hash_finish(ctx, digest, 16, &n));
+}
+static inline int
+MD5_Update(MD5_CTX *ctx, const void *data, size_t length)
+{
+ return (PSA_SUCCESS == psa_hash_update(ctx, data, length));
+}
+#endif
+
+#ifdef PSA_WANT_ALG_SHA_1
+#define USE_LIB_CRYPTO_SHA1
+typedef psa_hash_operation_t SHA_CTX;
+static inline int
+SHA1_Init(SHA_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(SHA_CTX));
+ return (PSA_SUCCESS == psa_hash_setup(ctx, PSA_ALG_SHA_1));
+}
+static inline int
+SHA1_Final(unsigned char *digest, SHA_CTX *ctx)
+{
+ size_t n; /* PSA_HASH_LENGTH(PSA_ALG_SHA_1) == 20 */
+ return (PSA_SUCCESS == psa_hash_finish(ctx, digest, 20, &n));
+}
+static inline int
+SHA1_Update(SHA_CTX *ctx, const void *data, size_t length)
+{
+ return (PSA_SUCCESS == psa_hash_update(ctx, data, length));
+}
+#endif
+
+#ifdef PSA_WANT_ALG_SHA_256
+#define USE_LIB_CRYPTO_SHA256
+typedef psa_hash_operation_t SHA256_CTX;
+static inline int
+SHA256_Init(SHA256_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(SHA256_CTX));
+ return (PSA_SUCCESS == psa_hash_setup(ctx, PSA_ALG_SHA_256));
+}
+static inline int
+SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
+{
+ size_t n; /* PSA_HASH_LENGTH(PSA_ALG_SHA_256) == 32 */
+ return (PSA_SUCCESS == psa_hash_finish(ctx, digest, 32, &n));
+}
+static inline int
+SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
+{
+ return (PSA_SUCCESS == psa_hash_update(ctx, data, length));
+}
+#endif
+
+#ifdef PSA_WANT_ALG_SHA_512
+#define USE_LIB_CRYPTO_SHA512
+typedef psa_hash_operation_t SHA512_CTX;
+static inline int
+SHA512_Init(SHA512_CTX *ctx)
+{
+ memset(ctx, 0, sizeof(SHA512_CTX));
+ return (PSA_SUCCESS == psa_hash_setup(ctx, PSA_ALG_SHA_512));
+}
+static inline int
+SHA512_Final(unsigned char *digest, SHA512_CTX *ctx)
+{
+ size_t n; /* PSA_HASH_LENGTH(PSA_ALG_SHA_512) == 64 */
+ return (PSA_SUCCESS == psa_hash_finish(ctx, digest, 64, &n));
+}
+static inline int
+SHA512_Update(SHA512_CTX *ctx, const void *data, size_t length)
+{
+ return (PSA_SUCCESS == psa_hash_update(ctx, data, length));
+}
+#endif
+
+#else /* !MBEDTLS_USE_PSA_CRYPTO */
+
#ifdef MBEDTLS_MD4_C
#define USE_LIB_CRYPTO_MD4
#include <mbedtls/md4.h>
@@ -321,6 +417,8 @@
}
#endif
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+
#elif defined(USE_WOLFSSL_CRYPTO)
/* WolfSSL compatibility API for OpenSSL unnecessarily bounces through an extra
@@ -912,8 +1010,34 @@
/* message digest wrappers operating on single ptr, and on const_iovec */
+#if defined(USE_MBEDTLS_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+
+#define li_md_once(algo, alg) \
+ static inline int \
+ algo##_once (unsigned char * const digest, \
+ const void * const data, const size_t n) \
+ { \
+ size_t x; \
+ return PSA_SUCCESS \
+ == psa_hash_compute(alg,data,n,digest,PSA_HASH_LENGTH(alg),&x); \
+ }
+li_md_once(MD5, PSA_ALG_MD5)
+li_md_once(SHA1, PSA_ALG_SHA_1)
+li_md_once(SHA256, PSA_ALG_SHA_256)
+li_md_once(SHA256_512, PSA_ALG_SHA_512_256)
+li_md_once(SHA512, PSA_ALG_SHA_512)
+
+#endif
+#endif
+
+
typedef void(*li_md_once_fn)(unsigned char *digest, const void *data, size_t n);
+#ifdef li_md_once
+#undef li_md_once
+#define li_md_once(algo)
+#else
#define li_md_once(algo) \
static inline void \
algo##_once (unsigned char * const digest, \
@@ -924,6 +1048,7 @@
algo##_Update(&ctx, data, n); \
algo##_Final(digest, &ctx); \
}
+#endif
#ifndef LI_CONST_IOVEC
#define LI_CONST_IOVEC
1
0