by picking:
0.4.9-dev-884-g 7b618314c2 [USETUP] Remove now-unneeded file.
0.4.9-dev-849-g 7c3cff3a68 [USETUP] Remove the WIN32 support because usetup is a native-only application
0.4.9-dev-847-g 1b323ff2f4 [USETUP] Remove unused VolumeLabel and FileSystemName from the PARTENTRY type
partially 0.4.9-dev-843-g 3bf2f30cf2 [USETUP] only the Cleanup-part in consup.c, **not** the part which improved on the keys for CORE13975
0.4.8-dev-979-g 25bca520f5 [MBEDTLS] Don't link with zlib, we don't use it. CORE-14290
0.4.8-dev-978-g dc51b419c7 [USETUP] Use the smaller zlib_solo instead of the full zlib. CORE-14290
partially 0.4.8-dev-271-g 5633423086 [USETUP] Silence some clang-cl warnings. (only the [USETUP]-part)
partially 0.4.8-dev-107-g f0e6c11bba [USETUP] NtWriteFile() calls: Remove unused 'ByteOffset = 0',
In sum:
0.4.9 usetup binary size RosBEWin2.1.6 GCC4.7.2dbg == 849.920bytes
0.4.8 usetup binary size RosBEWin2.1.6 GCC4.7.2dbg shrinks from 847.872bytes -> 846.848bytes
0.4.7 usetup binary size RosBEWin2.1.6 GCC4.7.2dbg shrinks from 853.504bytes -> 845.312bytes
can be observed with MSVC 2010SP1 (16.0.40219.1)
This fixes 30 warnings of multiple kind, e.g.:
27 of the kind:
C:\047rls\reactos\dll\3rdparty\libtirpc\src\auth_sspi.c(107) : warning C4996: '_strdup': Deprecated POSIX name, Try _strdup instead!
and also:
C:\047rls\reactos\dll\3rdparty\libtirpc\src\svc_vc.c(315) : warning C4101: 'cleanfds' : unreferenced local variable
C:\047rls\reactos\dll\3rdparty\libtirpc\src\svc_vc.c(488) : warning C4101: 'pollfd' : unreferenced local variable
C:\047rls\reactos\dll\3rdparty\libtirpc\src\xdr_rec.c(424) : warning C4133: '=' : incompatible types - from 'char *' to 'int32_t *'
Muting makes sense for this *3rd party library*. Better than creating more diff within here by addressing them.
This leaves no warnings left within this lib.
Fix picked from:
0.4.12-dev-803-g 3d3377a5c0
The chance for us to get attacked is rather low, because
LIBTIRPC is used solely for the nfs service and
I pushed aggressively years ago to have that turned from
'Automatic' to 'Manual' already.
I doubt many used this service, that does not exist on real Windows at all.
Attacks may result in Denial-Of-Service.
For details check:
https://nvd.nist.gov/vuln/detail/CVE-2018-14622https://nvd.nist.gov/vuln/detail/CVE-2018-14621
Fixes picked from:
0.4.11-dev-93-g 000bbe074e CVE-2018-14622 CORE-15005
0.4.11-dev-887-g f5f3ff86ea CVE-2018-14621 CORE-15407