For details see:
https://mmonit.com/monit/changes/
"Fixed: An issue where Monit with a short poll cycle could skip
sleep intervals, run checks continuously, and use CPU
excessively when using numerous "check program" tests."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 8 May 2025 12:01:51 +0000 (14:01 +0200)]
sqlite: Update to version 3.49.2
- Update from version 3.49.1 to 3.49.2
- Update of rootfile
- Changelog
3.49.2
Fix a bug in the NOT NULL optimization of version 3.40.0 (item 3c in the
version 3.40.0 change log) that can lead to a memory error if abused.
Fix the count-of-view optimization so that it does not give an incorrect answer
for a DISTINCT query.
Fix a possible incorrect answer that can result if a UNIQUE constraint of a
table contains the PRIMARY KEY column and that UNIQUE constraint is used by an
IN operator.
Fix obscure problems with the generate_series() extension function.
Incremental improvements to the configure/make.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 7 May 2025 09:58:33 +0000 (11:58 +0200)]
passwords.c: Update number of rounds for passwords from 7 to 10
- This improves the security of the root and admin passwords created and makes it the
same as used for the proxy local auth password code in proxy.cgi & chpasswd.cgi
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 6 May 2025 14:10:12 +0000 (16:10 +0200)]
perl-Apache_Htpasswd: remove module from IPFire
- This module was only used for the proxy.cgi and chpasswd.cgi files for the local
authentication option.
- As this module was last updated in Nov 2012 its use has been replaced by direct use
of htpasswd. This is dealt with by other patches in this set.
- With those changes this module is no longer required.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 6 May 2025 14:10:11 +0000 (16:10 +0200)]
chpasswd.cgi: Make swroot refs the same as for other cgi files
- This uses the swroot definition from general-functions.pl and makes the definition
the same as used in the majority of other IPFire cgi files.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 6 May 2025 14:10:10 +0000 (16:10 +0200)]
proxy.cgi: Fixes bug12755 - proxy auth problem with password longer than 8 chars
- This makes the proxy local password management the same between chpasswd.cgi and
proxy.cgi
- Tested out on my vm testbed and was able to create and modify users and their passwords
in the proxy.cgi page or modify a password for a specified user on the chpasswd.cgi
page. This all happened successfully and was confirmed by testing out the local
authentication.
Fixes: bug12755 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 6 May 2025 14:10:09 +0000 (16:10 +0200)]
chpasswd.cgi: Fixes bug12755 - proxy auth password problem longer than 8 chars
- The existing version of the perl module Apache::Htpasswd was using the crypt hash for
the password hashing, which is very insecure. The only alternative with this module
is the md5 and sha1 hashes which are also considered weak now.
- The module was last updated in Nov 2012 and there is no alternative module available.
- This patch replaces that perl module with using the apache htpasswd program. This can
be set to use the bcrypt hash which is considered secure. This is used for the
generation of the root and admin passwords during the IPFire install.
- Tested out on my vm testbed system and the password for a specific user name was
changed successfully without any restriction to the length of the password.
- Existing passwords with the existing md5 or crypt options will still work as htpasswd
can manage different encoding hashes in the one file.
Fixes: bug12755 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 4 May 2025 13:17:11 +0000 (15:17 +0200)]
xfsprogs: Update to version 6.14.0
- Update from version 6.13.0 to 6.14.0
- Update of rootfile not required
- Changelog
6.14.0
xfs_scrub_all: localize the strings in the program (Darrick J. Wong)
xfs_protofile: add messages to localization catalog (Darrick J. Wong)
Makefile: inject package name/version/bugreport into pot file (Darrick J. Wong)
xfs_scrub_all: rename source code to .py.in (Darrick J. Wong)
xfs_protofile: rename source code to .py.in (Darrick J. Wong)
xfs_repair: handling a block with bad crc, bad uuid, and bad magic number needs
fixing (Bill O'Donnell)
xfs_repair: fix stupid argument error in verify_inode_chunk (Darrick J. Wong)
xfs_repair: fix infinite loop in longform_dir2_entry_check* (Darrick J. Wong)
xfs_repair: fix crash in reset_rt_metadir_inodes (Darrick J. Wong)
xfs_repair: don't recreate /quota metadir if there are no quota inodes
(Darrick J. Wong)
xfs_repair: fix wording of error message about leftover CoW blocks on the rt
device (Darrick J. Wong)
xfs_io: Add cachestat syscall support (Ritesh Harjani (IBM))
xfs_io: Add RWF_DONTCACHE support to preadv2 (Ritesh Harjani (IBM))
xfs_io: Add RWF_DONTCACHE support to pwritev2 (Ritesh Harjani (IBM))
xfs_io: Add support for preadv2 (Ritesh Harjani (IBM))
make: remove the .extradep file in libxfs on "make clean" (Theodore Ts'o)
xfs_{admin,repair},man5: tell the user to mount with nouuid for snapshots
(Darrick J. Wong)
xfsprogs: Fix mismatched return type of filesize() (Pavel Reichl)
xfs_io: don't fail FS_IOC_FSGETXATTR on filesystems that lack support (Anthony
Iliopoulos)
configure: additionally get icu-uc from pkg-config (Alyssa Ross)
xfs_scrub: use the display mountpoint for reporting file corruptions (Darrick
J. Wong)
xfs_scrub: don't warn about zero width joiner control characters (Darrick J.
Wong)
xfs_scrub: fix buffer overflow in string_escape (Darrick J. Wong)
xfs_db: add command to copy directory trees out of filesystems (Darrick J. Wong)
xfs_db: make listdir more generally useful (Darrick J. Wong)
xfs_db: use an empty transaction to try to prevent livelocks in path_navigate
(Darrick J. Wong)
xfs_db: pass const pointers when we're not modifying them (Darrick J. Wong)
mkfs: enable reflink on the realtime device (Darrick J. Wong)
mkfs: validate CoW extent size hint when rtinherit is set (Darrick J. Wong)
xfs_logprint: report realtime CUIs (Darrick J. Wong)
xfs_repair: validate CoW extent size hint on rtinherit directories (Darrick J.
Wong)
xfs_repair: allow realtime files to have the reflink flag set (Darrick J. Wong)
xfs_repair: rebuild the realtime refcount btree (Darrick J. Wong)
xfs_repair: reject unwritten shared extents (Darrick J. Wong)
xfs_repair: check existing realtime refcountbt entries against observed
refcounts (Darrick J. Wong)
xfs_repair: compute refcount data for the realtime groups (Darrick J. Wong)
xfs_repair: find and mark the rtrefcountbt inode (Darrick J. Wong)
xfs_repair: use realtime refcount btree data to check block types (Darrick J.
Wong)
xfs_repair: allow CoW staging extents in the realtime rmap records (Darrick J.
Wong)
xfs_spaceman: report health of the realtime refcount btree (Darrick J. Wong)
xfs_db: add rtrefcount reservations to the rgresv command (Darrick J. Wong)
xfs_db: copy the realtime refcount btree (Darrick J. Wong)
xfs_db: support the realtime refcountbt (Darrick J. Wong)
xfs_db: display the realtime refcount btree contents (Darrick J. Wong)
man: document userspace API changes due to rt reflink (Darrick J. Wong)
mkfs: create the realtime rmap inode (Darrick J. Wong)
xfs_logprint: report realtime RUIs (Darrick J. Wong)
xfs_repair: reserve per-AG space while rebuilding rt metadata (Darrick J. Wong)
xfs_repair: rebuild the bmap btree for realtime files (Darrick J. Wong)
xfs_repair: check for global free space concerns with default btree slack
levels (Darrick J. Wong)
xfs_repair: rebuild the realtime rmap btree (Darrick J. Wong)
xfs_repair: always check realtime file mappings against incore info (Darrick J.
Wong)
xfs_repair: check existing realtime rmapbt entries against observed rmaps
(Darrick J. Wong)
xfs_repair: find and mark the rtrmapbt inodes (Darrick J. Wong)
xfs_repair: refactor realtime inode check (Darrick J. Wong)
xfs_repair: create a new set of incore rmap information for rt groups (Darrick
J. Wong)
xfs_repair: use realtime rmap btree data to check block types (Darrick J. Wong)
xfs_repair: flag suspect long-format btree blocks (Darrick J. Wong)
xfs_repair: tidy up rmap_diffkeys (Darrick J. Wong)
xfs_spaceman: report health status of the realtime rmap btree (Darrick J. Wong)
xfs_db: add an rgresv command (Darrick J. Wong)
xfs_db: make fsmap query the realtime reverse mapping tree (Darrick J. Wong)
xfs_db: copy the realtime rmap btree (Darrick J. Wong)
xfs_db: support the realtime rmapbt (Darrick J. Wong)
xfs_db: display the realtime rmap btree contents (Darrick J. Wong)
xfs_db: don't abort when bmapping on a non-extents/bmbt fork (Darrick J. Wong)
xfs_db: compute average btree height (Darrick J. Wong)
man: document userspace API changes due to rt rmap (Darrick J. Wong)
xfs_scrub: try harder to fill the bulkstat array with bulkstat() (Darrick J.
Wong)
xfs_scrub: ignore freed inodes when single-stepping during phase 3 (Darrick J.
Wong)
xfs_scrub: hoist the phase3 bulkstat single stepping code (Darrick J. Wong)
xfs_scrub: don't blow away new inodes in bulkstat_single_step (Darrick J. Wong)
xfs_scrub: return early from bulkstat_for_inumbers if no bulkstat data
(Darrick J. Wong)
xfs_scrub: don't complain if bulkstat fails (Darrick J. Wong)
xfs_scrub: don't (re)set the bulkstat request icount incorrectly (Darrick J.
Wong)
xfs_scrub: don't double-scan inodes during phase 3 (Darrick J. Wong)
xfs_scrub: actually iterate all the bulkstat records (Darrick J. Wong)
xfs_scrub: selectively re-run bulkstat after re-running inumbers (Darrick J.
Wong)
xfs_scrub: remove flags argument from scrub_scan_all_inodes (Darrick J. Wong)
xfs_scrub: call bulkstat directly if we're only scanning user files (Darrick
J. Wong)
xfs_scrub: don't report data loss in unlinked inodes twice (Darrick J. Wong)
man: document new XFS_BULK_IREQ_METADIR flag to bulkstat (Darrick J. Wong)
xfs_db: obfuscate rt superblock label when metadumping (Darrick J. Wong)
mkfs,xfs_repair: don't pass a daddr as the flags argument (Darrick J. Wong)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 4 May 2025 13:17:10 +0000 (15:17 +0200)]
tshark: Update to version 4.4.6
- Update from version 4.4.5 to 4.4.6
- Update of rootfile
- Changelog
4.4.6
Bug Fixes
Bug in EtherCAT dissector with ECS order. Issue 13718.
Conversation dialog columns return to default width on each new packet in
live capture. Issue 15978.
Tests fail in LTO-enabled builds in Ubuntu/Debian. Issue 18216.
Incorrect conditions in BFCP dissector. Issue 18717.
Static build fails on Ubuntu 24.04 because the c-ares library isn’t found.
Issue 20343.
Flutter’s Image Picker Generated JPEG Files Detected as Malformed Packet.
Issue 20355.
QUIC dissector breaks when src and dst change. Issue 20371.
s390x: build fail on Ubuntu PPA nighty build. Issue 20372.
Trailing octet after IPv4 packet end is not detected or displayed in raw
bytes. Issue 20423.
[packet-ax25-nol3.c] Only call APRS dissector on UI Frames. Issue 20429.
Wireshark hangs when refreshing interfaces with the debug console
preference set to "always" and a file open (Windows) Issue 20434.
BGP EVPN - Type-8 route not correctly read after addition of Max. Response
Time field. Issue 20459.
Wireshark does not correctly decode LIN "go to sleep" in TECMP and CMP.
Issue 20463.
MQTT-SN: WILLTOPIC message not decoded correctly (missing some flags) Issue
20476.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ADB, ASAM CMP, AX.25, BACapp, BFCP, BGP, CP2179, DCERPC WKSSVC, DCT2000,
DECT-NWK, DHCP, DOF, EAPOL-MKA, ECAT, ErlDP, Ethertype, F1AP, GSM BSSMAP,
GSM DTAP, HomePlug AV, ICMP, IEEE 802.11, ITS, LDP, MQTT-SN, NAS-EPS,
NR RRC, OER, PCEP, PNIO, PPP, QUAKE, QUIC, Raw, Signal PDU, TCP, TECMP,
TLS, and USB DFU
New and Updated Capture File Support
3GPP and pcapng
Updated File Format Decoding Support
There is no updated file format support in this release.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 4 May 2025 13:17:09 +0000 (15:17 +0200)]
patch: Update to version 2.8
- Update from version 2.7.6 to 2.8
- Update of rootfile not required
- Changelog
2.8
* The --follow-symlinks option now applies to output files as well as input.
* 'patch' now supports file timestamps after 2038 even on traditional
GNU/Linux platforms where time_t defaults to 32 bits.
* 'patch' no longer creates files with names containing newlines,
as encouraged by POSIX.1-2024.
* Patches can no longer contain NUL ('\0') bytes in diff directive lines.
These bytes would otherwise cause unpredictable behavior.
* Patches can now contain sequences of spaces and tabs around line numbers
and in other places where POSIX requires support for these sequences.
* --enable-gcc-warnings no longer uses expensive static checking.
Use --enable-gcc-warnings=expensive if you still want it.
* Fix undefined or ill-defined behavior in unusual cases, such as very
large sizes, possible stack overflow, I/O errors, memory exhaustion,
races with other processes, and signals arriving at inopportune moments.
* Remove old "Plan B" code, designed for machines with 16-bit pointers.
* Assume C99 or later; previously it assumed C89 or later.
* Port to current GCC, Autoconf, Gnulib, etc.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 4 May 2025 13:17:07 +0000 (15:17 +0200)]
harfbuzz: Update to version 11.2.0
- Update from version 11.0.0 to 11.2.0
- Update of rootfile
- Changelog
11.2.0
- Painting of COLRv1 fonts without clip boxes is now about 10 times faster.
- Synthetic bold/slant of a sub font is now respected, instead of using the
parent’s.
- Glyph extents for fonts synthetic bold/slant are now accurately calculated.
- Various build fixes
- New API:
+hb_font_is_synthetic()
+hb_font_draw_glyph_or_fail_func_t
+hb_font_paint_glyph_or_fail_func_t
+hb_font_funcs_set_draw_glyph_or_fail_func()
+hb_font_funcs_set_paint_glyph_or_fail_func()
+hb_font_draw_glyph_or_fail()
+hb_font_paint_glyph_or_fail()
- Deprecated API:
-hb_font_draw_glyph_func_t
-hb_font_paint_glyph_func_t
-hb_font_funcs_set_draw_glyph_func()
-hb_font_funcs_set_paint_glyph_func()
11.1.0
- Include bidi mirroring variants of the requested codepoints when subsetting.
The new HB_SUBSET_FLAGS_NO_BIDI_CLOSURE can be used to disable this
behaviour.
- Various bug fixes.
- Various build fixes and improvements.
- Various test suite improvements.
- New API:
+HB_SUBSET_FLAGS_NO_BIDI_CLOSURE
11.0.1
- The change in version 10.3.0 to apply “trak” table tracking values to glyph
advances directly has been reverted as it required every font functions
implementation to handle it, which breaks existing custom font functions.
Tracking is instead back to being applied during shaping.
- When `directwrite` integration is enabled, we now link to `dwrite.dll`
instead of dynamically loading it.
- A new experimental APIs for getting raw “CFF” and “CFF2” CharStrings.
- We now provide manpages for the various command line utilities. Building
manpages requires “help2man” and will be skipped if it is not present.
- The command line utilities now set different return value for different kinds
of failures. Details are provided in the manpages.
- Various fixes and improvements to `fontations` font functions.
- All shaping operations using the `ot` shaper have become memory
allocation-free.
- Glyph extents returned by `hb-ot` and `hb-ft` font functions are now rounded
in stead of flooring/ceiling them, which also matches what other font
libraries do.
- Fix “AAT” deleted glyph marks interfering with fallback mark positioning.
- Glyph outlines emboldening have been moved out of `hb-ot` and `hb-ft` font
functions to the HarfBuzz font layer, so that it works with any font
functions implementation.
- Fix our fallback C++11 atomics integration, which seems to not be widely
used.
- Various testing fixes and improvements.
- Various subsetting fixes and improvements.
- Various other fixes and improvements.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 4 May 2025 13:17:06 +0000 (15:17 +0200)]
grep: Update to version 3.12
- Update from version 3.11 to 3.12
- Update of rootfile not required
- Changelog
3.12
** Bug fixes
Searching a directory with at least 100,000 entries no longer fails
with "Operation not supported" and exit status 2. Now, this prints 1
and no diagnostic, as expected:
$ mkdir t && cd t && seq 100000|xargs touch && grep -r x .; echo $?
1
[bug introduced in grep 3.11]
-mN where 1 < N no longer mistakenly lseeks to end of input merely
because standard output is /dev/null.
** Changes in behavior
The --unix-byte-offsets (-u) option is gone. In grep-3.7 (2021-08-14)
it became a warning-only no-op. Before then, it was a Windows-only no-op.
On Windows platforms and on AIX in 32-bit mode, grep in some cases
now supports Unicode characters outside the Basic Multilingual Plane.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 4 May 2025 13:17:05 +0000 (15:17 +0200)]
gawk: Update to version 5.3.2
- Update from version 5.3.1 to 5.3.2
- Update of rootfile
- Changelog
5.3.2
1. The pretty printer now produces fewer spurious newlines; at the
outermost level it now adds newlines between block comments and
the block or function that follows them. The extra final newline
is no longer produced.
2. OpenVMS 9.2-2 x86_64 is now supported.
3. On Linux and macos systems, the -no-pie linker flag is no longer required.
PMA now works on macos systems with Apple silicon, and not just
Intel systems.
4. Still more subtle issues related to uninitialized array elements have
been fixed.
5. Associative arrays should now not grow quite as fast as they used to.
6. The code and documentation are now consistent with each other with
respect to path searching and adding .awk to the filename. Both
are always done, even with --posix and --traditional.
7. As usual, there have been several minor code cleanups and bug fixes.
See the ChangeLog for details.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 4 May 2025 13:17:04 +0000 (15:17 +0200)]
diffutils: Update to version 3.12
- Update from version 3.11 to 3.12
- Update of rootfile not required
- Changelog
3.12
Bug fixes
diff -r no longer merely summarizes when comparing an empty regular
file to a nonempty regular file.
[bug#76452 introduced in 3.11]
diff -y no longer crashes when given nontrivial differences.
[bug#76613 introduced in 3.11]
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 1 May 2025 07:41:03 +0000 (09:41 +0200)]
core194: Fix cert name and change other check to ! -s
- This v2 version corrects the b! -z to ! -s
- Error in hostcert extension
- -z is for use with strings and not with files. This should have been ! -s. Thanks to
@Nick for spotting this and flagging it up. Th ! -z would do the test against the
filename string and as this doesn't change then it would always come up true.
- I thought I had tested the original patch of this change but obviously not because
there was missing whitespace and filenames not quoted plus the fixes I have added
in this patch.
- I definitely tested this out this time by copying it from the update.sh and applying
it to my vm system. I have also tested this out with the hostcert.pem file present
and not and with the index.txt file empty and containing something. This now works
as it should, which is to only carry out the edit on the serial file if the
hostcert.pem file is present AND the index.txt file is empty.
- I clearly need to look more carefully at and test even more carefully at any bash
statements that I put together.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 29 Apr 2025 14:42:19 +0000 (16:42 +0200)]
backup.pl: Fix restores for ipsec backups before regen was fixed
- Prior to the ipsec host cert regen fix, the backup did not include the serial or the
index.txt files.
- After the ipsec regen patch set, if a backup from before the change is retsored then
the serial and index.attr could end up not matching. This would break the ipsec regen
again.
- All backups before the change will have hostcerts with serial numbers of 1.
- This patch extracts the serial number from the restored hostcert.pem. If the serial
number is 1 and if the existing serial number file does not contain 02, then the
serial file contents are replaced by 02 and the index.txt contents are deleted.
- If the restored hostcert.pem serial number is greater than 1 then the backup will
contain the serial anf index.txt files.
- If the restored hostcert.pem serial number is 1 and the serial file contains 02 then
the ipsec regen will work correctly.
Fixes: bug13737 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 29 Apr 2025 10:10:49 +0000 (12:10 +0200)]
update.sh: Core 194 - increment ipsec serial file if x509 set exists
- This is related to the fix patch set for bug13737. That patch set works with no problems
if the root/host x509 set is created for the first time with that patch set merged.
However if the x509 is already created previously then the contents of serial will
still be 01 instead of 02.
- This patch checks if the hostcert.pm file exists and that the index.txt file is empty,
and then increments the serial content from 01 to 02. This means that when the x509
is regenerated the system will not complain that 01 cannot be used as it has already
been revoked but will use 02 for the new host and everything works fine after that.
Fixes: bug13737 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 29 Apr 2025 14:56:48 +0000 (14:56 +0000)]
dnsdist: Update to 1.9.9
We released PowerDNS DNSdist 1.9.9 today, an emergency release fixing a security issue tracked as CVE-2025-30194 where a remote, unauthenticated attacker can cause a denial of service via a crafted DNS over HTTPS connection. The issue was reported to us via our public GitHub tracker, so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 28 Apr 2025 09:45:51 +0000 (09:45 +0000)]
vpnmain.cgi: Fix editing connections that are using a PSK
This patch takes care of properly decoding the PSK if it was already
stored base64-encoded. If the connection is edited, it always will be
stored base64-encoded upon save.
It would have been nice to not send the PSK back to the browser again
(although the security benefits would have been marginal), but that
would make the code even messier than it is.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Tested-by: Adolf Belka <adolf.belka@ipfire.org> Tested-by: Christian Hernmarck <linux@hernmarck.ch>
Michael Tremer [Sun, 27 Apr 2025 16:30:59 +0000 (18:30 +0200)]
wireguard: Add a custom routing table for peers
This is a dirty hack to make connections to VPN providers actually work.
We mark all WG packets after encryption and use a secondary routing
table to look up any routes to the peers. That way, we can replace the
default route in the main routing table without having to care about the
special routes there.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 27 Apr 2025 15:50:09 +0000 (17:50 +0200)]
wireguard-functions.pl: Don't strictly require a port in imported configurations
If importing a client configuration, there might not be a port. This is
quite likely to happen with VPN providers that don't create a connection
but are awaiting incoming connections only.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:47 +0000 (15:43 +0200)]
gzip: Update to version 1.14
- Update from version 1.13 to 1.14
- Update of rootfile not required
- Changelog
1.14
** Bug fixes
'gzip -d' no longer omits the last partial output buffer when the
input ends unexpectedly on an IBM Z platform.
[bug introduced in gzip-1.11]
'gzip -l' no longer misreports lengths of multimember inputs.
[bug introduced in gzip-1.12]
'gzip -S' now rejects suffixes containing '/'.
[bug present since the beginning]
** Changes in behavior
The GZIP environment variable is now silently ignored except for the
options -1 (--fast) through -9 (--best), --rsyncable, and --synchronous.
This brings gzip into line with more-cautious compressors like zstd
that limit environment variables' effect to relatively innocuous
performance issues. You can continue to use scripts to specify
whatever gzip options you like.
'zmore' is no longer installed on platforms lacking 'more'.
** Performance improvements
gzip now decompresses significantly faster by computing CRCs via a
slice by 8 algorithm, and faster yet on x86-64 platforms that
support pclmul instructions.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:54 +0000 (15:43 +0200)]
openssl: Update to version 3.5.0
- Update from version 3.4.1 to 3.5.0
- Update of rootfile
- The changelog mentions some potentially significant or incompatible changes. From the
description they don't seem to be ones that would not work with IPFire but I will
look at evaluating the new version in my vm testbed and reporting back.
- Changelog
3.5.0
This release incorporates the following potentially significant or incompatible
changes:
Default encryption cipher for the req, cms, and smime applications
changed from des-ede3-cbc to aes-256-cbc.
The default TLS supported groups list has been changed to include and
prefer hybrid PQC KEM groups. Some practically unused groups were removed
from the default list.
The default TLS keyshares have been changed to offer X25519MLKEM768 and
and X25519.
All BIO_meth_get_*() functions were deprecated.
This release adds the following new features:
Support for server side QUIC (RFC 9000)
Support for 3rd party QUIC stacks including 0-RTT support
Support for PQC algorithms (ML-KEM, ML-DSA and SLH-DSA)
A new configuration option no-tls-deprecated-ec to disable support for
TLS groups deprecated in RFC8422
A new configuration option enable-fips-jitter to make the FIPS provider
to use the JITTER seed source
Support for central key generation in CMP
Support added for opaque symmetric key objects (EVP_SKEY)
Support for multiple TLS keyshares and improved TLS key establishment group
configurability
API support for pipelining in provided cipher algorithms
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:53 +0000 (15:43 +0200)]
openssh: Update to version 10.0p1
- Update from version 9.9p2 to 10.0p1
- Update of rootfile
- There is a security fix in this version that openssh have described as minor.
- From this version onwards the default key agreement used is the hybrid post-quantum
algorithm - mlkem768x25519-sha256
- Changelog
10.0p1
Potentially-incompatible changes
* This release removes support for the weak DSA signature
algorithm, completing the deprecation process that began in
2015 (when DSA was disabled by default) and repeatedly warned
over the last 12 months.
* scp(1), sftp(1): pass "ControlMaster no" to ssh when invoked by
scp & sftp. This disables implicit session creation by these
tools when ControlMaster was set to yes/auto by configuration,
which some users found surprising. This change will not prevent
scp/sftp from using an existing multiplexing session if one had
already been created. GHPR557
* This release has the version number 10.0 and announces itself
as "SSH-2.0-OpenSSH_10.0". Software that naively matches
versions using patterns like "OpenSSH_1*" may be confused by
this.
* sshd(8): this release removes the code responsible for the
user authentication phase of the protocol from the per-
connection sshd-session binary to a new sshd-auth binary.
Splitting this code into a separate binary ensures that the
crucial pre-authentication attack surface has an entirely
disjoint address space from the code used for the rest of the
connection. It also yields a small runtime memory saving as the
authentication code will be unloaded after the authentication
phase completes. This change should be largely invisible to
users, though some log messages may now come from "sshd-auth"
instead of "sshd-session". Downstream distributors of OpenSSH
will need to package the sshd-auth binary.
* sshd(8): this release disables finite field (a.k.a modp)
Diffie-Hellman key exchange in sshd by default. Specifically,
this removes the "diffie-hellman-group*" and
"diffie-hellman-group-exchange-*" methods from the default
KEXAlgorithms list. The client is unchanged and continues to
support these methods by default. Finite field Diffie Hellman
is slow and computationally expensive for the same security
level as Elliptic Curve DH or PQ key agreement while offering
no redeeming advantages. ECDH has been specified for the SSH
protocol for 15 years and some form of ECDH has been the default
key exchange in OpenSSH for the last 14 years.
* sshd(8): this release removes the implicit fallback to compiled-
in groups for Diffie-Hellman Group Exchange KEX when the moduli
file exists but does not contain moduli within the client-
requested range. The fallback behaviour remains for the case
where the moduli file does not exist at all. This allows
administrators more explicit control over which DH groups will
be selected, but can lead to connection failures if the moduli
file is edited incorrectly. bz#2793
Security
* sshd(8): fix the DisableForwarding directive, which was failing
to disable X11 forwarding and agent forwarding as documented.
X11 forwarding is disabled by default in the server and agent
forwarding is off by default in the client.
New features
* ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256
is now used by default for key agreement. This algorithm is
considered to be safe against attack by quantum computers,
is guaranteed to be no less strong than the popular
curve25519-sha256 algorithm, has been standardised by NIST
and is considerably faster than the previous default.
* ssh(1): prefer AES-GCM to AES-CTR mode when selecting a cipher
for the connection. The default cipher preference list is now
Chacha20/Poly1305, AES-GCM (128/256) followed by AES-CTR
(128/192/256).
* ssh(1): add %-token and environment variable expansion to the
ssh_config SetEnv directive.
* ssh(1): allow %-token and environment variable expansion in
the ssh_config User directive, with the exception of %r and %C
which would be self-referential. bz#3477
* ssh(1), sshd(8): add "Match version" support to ssh_config and
sshd_config. Allows matching on the local version of OpenSSH,
e.g. "Match version OpenSSH_10.*".
* ssh(1): add support for "Match sessiontype" to ssh_config.
Allows matching on the type of session initially requested,
either "shell" for interactive sessions, "exec" for command
execution sessions, "subsystem" for subsystem requests, such as
sftp, or "none" for transport/forwarding-only sessions.
* ssh(1): add support for "Match command ..." support to
ssh_config, allowing matching on the remote command as specified
on the command-line.
* ssh(1): allow 'Match tagged ""' and 'Match command ""' to match
empty tag and command values respectively.
* sshd(8): allow glob(3) patterns to be used in sshd_config
AuthorizedKeysFile and AuthorizedPrincipalsFile directives.
bz2755
* sshd(1): support the VersionAddendum in the client, mirroring
the option of the same name in the server; bz2745
* ssh-agent(1): the agent will now delete all loaded keys when
signaled with SIGUSR1. This allows deletion of keys without
having access to $SSH_AUTH_SOCK.
* Portable OpenSSH, ssh-agent(1): support systemd-style socket
activation in ssh-agent using the LISTEN_PID/LISTEN_FDS
mechanism. Activated when these environment variables are set,
the agent is started with the -d or -D option and no socket path
is set. GHPR502
* ssh-keygen(1): support FIDO tokens that return no attestation
data, e.g. recent WinHello. GHPR542
* ssh-agent(1): add a "-Owebsafe-allow=..." option to allow the
default FIDO application ID allow-list to be overridden.
* Add a work-in-progress tool to verify FIDO attestation blobs
that ssh-keygen can optionally write when enrolling FIDO keys.
This tool is available under regress/misc/ssh-verify-attestation
for experimentation but is not installed by "make install".
* ssh-keygen(1): allow "-" as output file for moduli screening.
GHPR393
Bugfixes
* sshd(8): remove assumption that the sshd_config and any configs
it includes can fit in a (possibly enlarged) socket buffer.
Previously it was possible to create a sufficiently large
configuration that could cause sshd to fail to accept any
connection. sshd(8) will now actively manage sending its config
to the sshd-session sub-process.
* ssh(1): don't start the ObscureKeystrokeTiming mitigations if
there has been traffic on a X11 forwarding channel recently.
Should fix X11 forwarding performance problems when this setting
is enabled. bz3655
* ssh(1): prohibit the comma character in hostnames accepted, but
allow an underscore as the first character in a hostname.
* sftp(1): set high-water when resuming a "put". Prevents bogus
"server reordered acks" debug message.
* ssh(1), sshd(8): fix regression in openssh-9.8, which would fail
to accept "Match criteria=argument" as well as the documented
"Match criteria argument" syntax in ssh_config and sshd_config.
bz3739
* sftp(1), ssh(1): fix a number possible NULL dereference bugs,
including Coverity CIDs 405019 and 477813.
* sshd(8): fix PerSourcePenalty incorrectly using "crash" penalty
when LoginGraceTime was exceeded. bz3797
* sshd(8): fix "Match invalid-user" from incorrectly being
activated in initial configuration pass when no other predicates
were present on the match line
* sshd(8): fix debug logging of user specific delay. GHPR#552
* sshd(8): improve debug logging across sub-process boundaries.
Previously some log messages were lost early in the sshd-auth and
sshd-session processes' life.
* ssh(1): require control-escape character sequences passed via
the '-e ^x' command-line to be exactly two characters long. Avoids
one byte out-of-bounds read if ssh is invoked as "ssh -e^ ..."
GHPR368
* ssh(1), sshd(8): prevent integer overflow in x11 port handling.
These are theoretically possible if the admin misconfigured
X11DisplayOffset or the user misconfigures their own $DISPLAY,
but don't happen in normal operation. bz#3730
* ssh-keygen(1): don't mess up ssh-keygen -l output when the file
contains CR characters; GHPR236 bz3385.
* sshd(8): add rate limits to logging of connections dropped by
PerSourcePenalties. Previously these could be noisy in logs.
* ssh(1): fix argument of "Compression" directive in ssh -G config
dump, which regressed in openssh-9.8.
* sshd(8): fix a corner-case triggered by UpdateHostKeys when sshd
refuses to accept the signature returned by an agent holding host
keys during the hostkey rotation sub-protocol. This situation
could occur in situations where a PKCS#11 smartcard that lacked
support for particular signature algorithms was used to store
host keys.
* ssh-keygen(1): when using RSA keys to sign messages with
"ssh-keygen -Y", select the signature algorithm based on the
requested hash algorithm ("-Ohashalg=xxx"). This allows using
something other than the default of rsa-sha2-512, which may not
be supported on all signing backends, e.g. some smartcards only
support SHA256.
* ssh(1), sshd(8), ssh-keyscan(1): fix ML-KEM768x25519 KEX on
big-endian systems.
* Many regression and interop test improvements.
Portability
* All: add support for AWS-LC (AWS libcrypto). bz3784
* sshd(8): add wtmpdb support as a Y2038 safe wtmp replacement.
* sshd(8): add support for locking sshd into memory, enabled with
the --with-linux-memlock-onfault configure flag.
* Add support for building a standalone sk-libfido2 library,
enabled by --with-security-key-standalone
* ssh(1), sshd(8), ssh-keyscan(1): include __builtin_popcount
replacement function. for compilers that lack it.
* All: Check for and replace le32toh, le64toh, htole64 separately.
It appears that at least some versions of endian.h in glibc do
not have the latter two. bz#3794
* Remove ancient RHL 6.x config in RPM spec.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:51 +0000 (15:43 +0200)]
nano: Update to version 8.4
- Update from version 8.3 to 8.4
- Update of rootfile not required
- Changelog
8.4
• Bracketed pastes over a slow connection are more reliable.
• Tabs in an external paste at a prompt are not dropped.
• Feedback occurs when the cursor sits on a Byte Order Mark.
• The Execute prompt is more forgiving of a typo.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:52 +0000 (15:43 +0200)]
nfs: Update to version 2.8.3
- Update from version 2.8.2 to 2.8.3
- Update of rootfile not required
- Changelog is just a list of the commits and is over 500 lines long. The details can be
found in the changelog at https://sourceforge.net/projects/nfs/files/nfs-utils/2.8.3/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:50 +0000 (15:43 +0200)]
libgpg-error: Update to version 1.54
- Update from version 1.51 to 1.54
- Update of rootfile
- Changelog
1.54
* Fix a regression in 1.52 which did not allow to open UNC
specified files on Windows. [rE28ae4ee194]
* Ignore log file specification from the Registry in the gpg-error
tool.
1.53
* Fix regression in 1.52.
1.52
* The KEY_WOW64_xxKEY flags can now be passed to the Registry read
functions. [rE652328c786]
* In the spawn functions care about closefrom/close call is
interrupted. [T7478]
* New command --getreg for gpg-error on Windows. [rE652328c786]
* New simple string list API. [rE47097806f1]
* New API for name value files. [rE7ec1f27b60]
* Add a Windows Registry emulation for Unix. [rE9864dd4d66]
* Interface changes relative to the 1.51 release:
gpgrt_w32_reg_query_string NEW (Windows only).
gpgrt_strlist_t NEW type.
gpgrt_strlist_free NEW.
gpgrt_strlist_add NEW.
gpgrt_strlist_tokenize NEW.
gpgrt_strlist_copy NEW.
gpgrt_strlist_rev NEW.
gpgrt_strlist_prev NEW.
gpgrt_strlist_last NEW.
gpgrt_strlist_pop NEW.
gpgrt_strlist_find NEW.
GPGRT_STRLIST_APPEND NEW const.
GPGRT_STRLIST_WIPE NEW const.
gpgrt_nvc_t NEW type.
gpgrt_nve_t NEW type.
gpgrt_nvc_new NEW.
gpgrt_nvc_release NEW.
gpgrt_nvc_get_flag NEW.
gpgrt_nvc_add NEW.
gpgrt_nvc_set NEW.
gpgrt_nve_set NEW.
gpgrt_nvc_delete NEW.
gpgrt_nvc_lookup NEW.
gpgrt_nvc_parse NEW.
gpgrt_nvc_write NEW.
gpgrt_nve_next NEW.
gpgrt_nve_name NEW.
gpgrt_nve_value NEW.
gpgrt_nvc_get_string NEW.
gpgrt_nvc_get_bool NEW.
GPGRT_NVC_WIPE NEW const.
GPGRT_NVC_PRIVKEY NEW const.
GPGRT_NVC_SECTION NEW const.
GPGRT_NVC_MODIFIED NEW const.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:49 +0000 (15:43 +0200)]
libffi: Update to version 3.4.8
- Update from version 3.4.7 to 3.4.8
- Update of rootfile not required
- Changelog
3.4.8
aarch64: add PAC to GNU Notes by @billatarm in #882
MIPS: Dont import asm/sgidefs.h on linux by @fossdd in #885
Update the Simple Example from the Docs to fix a compile error by
@Nikitf777 in #886
Fix bugs in the x86-64 and x32 target (#887) by @mikulas-patocka in #889
Add the "ABI_ATTR" attribute to called functions (#891) by @mikulas-patocka
in #892
powerpc: Add static trampoline support (#894) by @peter-bergner in #895
testsuite: add two tests to Makefile.am by @thesamesam in #893
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:48 +0000 (15:43 +0200)]
libcap: Update to version 2.76
- Update from version 2.75 to 2.76
- Update of rootfile
- Changelog
2.76
More libpsx and psx Go package mechanism fixes (many thanks to Christial
Kastner for helping dive into the off-piste architectures. See Bug 219915.)
Address an arm64 (aarch64) libpsx issue seen with Tracee.
(Tagged psx/v1.2.76-rc1)
Note, 2.75 should have fixed the tracee issue 4678 but the above
issue emerged from their extensive testing. Thanks to Gregório G.
for reporting the observed failure details.
More architectures supported: of the many architectures Debian builds
for, we think only alpha and sparc64 have problems. Unable to
construct qemu-*-system images with which to debug these. If anyone
has a recipe for that that works for Fedora as a base platform,
please provide details...
To make the various .so files continue to be runnable as standalone
programs added another workaround for glibc. (Bug 219880 reported by
Christian Kastner.)
_IO_stdin_used needs to be weekly defined to make puts() and friends
work. Also updated the Stackoverflow answer to include that detail.
Made a new man page cap_text_formats(7). This makes it possible to
separate the tool man pages from the developer man pages. I believe this
was the second time this was requested, by Carlos Rodriguez-Fernandez
this time (can't find the former request in my email).
Some man page cross linking fixes as well.
Dropped Make.Rules definition of SYSTEM_HEADERS Thanks to Ross Burton for
reporting.
Removed a spurious debugging printf() from setcap tool.
Removed cap_ workarounds for go.dev cap package examples. The website bugs
have been resolved: go/issues/70611; go/issues/70630.
Added a Makefile to the contrib/seccomp example.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:44 +0000 (15:43 +0200)]
btrfs-progs: Update to version 6.14
- Update from version 6.13 to 6.14
- Update of rootfile not required
- Changelog
6.14
* mkfs:
* allow --sectorsize to be 2K for testing purposes of subpage mode (needs
the same block size supported by kernel)
* fix false error when no compression is requested and lzo is not
compiled in
* convert: support 2K block size in the source filesystem
* defrag: new parameter -L/--level to specify compression levels (kernel 6.15),
also supports the realtime levels
* subvol delete: show names of recursively deleted child subvolumes
* qgroup show: use sysfs to detect up to date consistency status
* zoned mode: support zone capacity tracking
* other:
* CI new and updated workflows
* documentation updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:46 +0000 (15:43 +0200)]
fontconfig: Update to version 2.16.2
- Update from version 2.16.0 to 2.16 2
- Update of rootfile
- Default build system has been moved from autotools to meson. Autotools will likely be
removed in next version.
- Changelog
2.16.2
meson: do not require libintl if nls feature is disabled
ci: Add back Android build in a common way
ci: drop Language to make sure they are applied as default style
ci: Change the default build system to meson
ci: Stop on fail anyway
ci: default to clean-build
ci: detect OS from os-release if no FC_DISTRO_NAME is set
ci: add missing dependency of pytest
ci: Set more timeout for pytest
ci: fix too many open files on test
ci: add missing dependency of requests
meson: Use Requires.private instead of Requires
Upgrade bindgen in Fontations enabled Rust builds
[Fontations] Add internal PatternBuilder abstraction
meson: don't force build of a shared library
meson.build: define a 'c' standard for the project (C99 and C11)
2.16.1
meson: create fc_cachedir at the installation time
meson: set WORDS_BIGENDIAN
ci: get back MinGW build to rawhide
meson: make sure config.h contains config-fixups.h for OSX
Reformatting with clang-format
ci: Add a workflow to check the coding style
ci: workaround conflict between systemd and systemd-standalone-sysusers
conf.d: Add Adwaita Sans as system-ui
ci: disable job tentatively
ci: Add a release workflow
[Fontations] Allow linkage to internals in tests
meson.build: explicitly check for pthread support
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:45 +0000 (15:43 +0200)]
coreutils: Update to version 9.7
- Update from version 9.5 to 9.7
- Update of rootfile not required
- Changelog
9.7
** Bug fixes
'cat' would fail with "input file is output file" if input and
output are the same terminal device and the output is append-only.
[bug introduced in coreutils-9.6]
'cksum -a crc' misbehaved on aarch64 with 32-bit uint_fast32_t.
[bug introduced in coreutils-9.6]
dd with the 'nocache' flag will now detect all failures to drop the
cache for the whole file. Previously it may have erroneously succeeded.
[bug introduced with the "nocache" feature in coreutils-8.11]
'ls -Z dir' would crash on all systems, and 'ls -l' could crash
on systems like Android with SELinux but without xattr support.
[bug introduced in coreutils-9.6]
`ls -l` could output spurious "Not supported" errors in certain cases,
like with dangling symlinks on cygwin.
[bug introduced in coreutils-9.6]
timeout would fail to timeout commands with infinitesimal timeouts.
For example `timeout 1e-5000 sleep inf` would never timeout.
[bug introduced with timeout in coreutils-7.0]
sleep, tail, and timeout would sometimes sleep for slightly less
time than requested.
[bug introduced in coreutils-5.0]
'who -m' now outputs entries for remote logins. Previously login
entries prefixed with the service (like "sshd") were not matched.
[bug introduced in coreutils-9.4]
** Improvements
'logname' correctly returns the user who logged in the session,
on more systems. Previously on musl or uclibc it would have merely
output the LOGNAME environment variable.
9.6
** Bug fixes
cp fixes support for --update=none-fail, which would have been
rejected as an invalid option.
[bug introduced in coreutils-9.5]
cp,mv --update no longer overrides --interactive or --force.
[bug introduced in coreutils-9.3]
csplit no longer creates empty files given empty input.
[This bug was present in "the beginning".]
ls and printf fix shell quoted output in the edge case of escaped
first and last characters, and single quotes in the string.
[bug introduced in coreutils-8.26]
ls -l no longer outputs "Permission denied" errors on NFS
which may happen with files without read permission, and which resulted
in inaccurate indication of ACLs (missing '+' flag after mode).
[bug introduced in coreutils-9.4]
ls -l no longer outputs "Not supported" errors on virtiofs.
[bug introduced in coreutils-9.4]
mv works again with macFUSE file systems. Previously it would
have exited with a "Function not implemented" error.
[bug introduced in coreutils-8.28]
nproc gives more consistent results on systems with more than 1024 CPUs.
Previously it would have ignored the affinity mask on such systems.
[bug introduced with nproc in coreutils-8.1]
numfmt --from=iec-i now works with numbers without a suffix.
Previously such numbers were rejected with an error.
[bug introduced with numfmt in coreutils-8.21]
printf now diagnoses attempts to treat empty strings as numbers,
as per POSIX. For example, "printf '%d' ''" now issues a diagnostic
and fails instead of silently succeeding.
[This bug was present in "the beginning".]
pwd no longer outputs an erroneous double slash on systems
where the system getcwd() was completely replaced.
[bug introduced in coreutils-9.2]
'shuf' generates more-random output when the output is small.
[bug introduced in coreutils-8.6]
`tail --follow=name` no longer waits indefinitely for watched
file names that are moved elsewhere within the same file system.
[bug introduced in coreutils-8.24]
`tail --follow` without --retry, will consistently exit with failure status
where inotify is not used, when all followed files become inaccessible.
[This bug was present in "the beginning".]
`tail --follow --pid=PID` will now exit when the PID dies,
even in the presence of blocking inputs like unopened fifos.
[This bug was present in "the beginning".]
'tail -c 4096 /dev/zero' no longer loops forever.
[This bug was present in "the beginning".]
** Changes in behavior
'factor' now buffers output more efficiently in some cases.
install -C now dereferences symlink sources when comparing,
rather than always treating as different and performing the copy.
kill -l and -t now list signal 0, as it's a valid signal to send.
ls's -f option now simply acts like -aU, instead of also ignoring
some earlier options. For example 'ls -fl' and 'ls -lf' are now
equivalent because -f no longer ignores an earlier -l. The new
behavior is more orthogonal and is compatible with FreeBSD.
stat -f -c%T now reports the "fuseblk" file system type as "fuse",
given that there is no longer a distinct "ctl" fuse variant file system.
** New Features
cksum -a now supports the "crc32b" option, which calculates the CRC
of the input as defined by ITU V.42, as used by gzip for example.
For performance pclmul instructions are used where supported.
ls now supports the --sort=name option,
to explicitly select the default operation of sorting by file name.
printf now supports indexed arguments, using the POSIX:2024 specified
%<i>$ format, where '<i>' is an integer referencing a particular argument,
thus allowing repetition or reordering of printf arguments.
test supports the POSIX:2024 specified '<' and '>' operators with strings,
to compare the string locale collating order.
timeout now supports the POSIX:2024 specified -f, and -p short options,
corresponding to --foreground, and --preserve-status respectively.
** Improvements
cksum -a crc, makes use of AVX2, AVX512, and ARMv8 SIMD extensions
for time reductions of up to 40%, 60%, and 80% respectively.
'head -c NUM', 'head -n NUM', 'nl -l NUM', 'nproc --ignore NUM',
'tail -c NUM', 'tail -n NUM', and 'tail --max-unchanged-stats NUM’
no longer fail merely because NUM stands for 2**64 or more.
sort operates more efficiently when used on pseudo files with
an apparent size of 0, like those in /proc.
stat and tail now know about the "bcachefs", and "pidfs" file system types.
stat -f -c%T now reports the file system type,
and tail -f uses inotify for these file systems.
wc now reads a minimum of 256KiB at a time.
This was previously 16KiB and increasing to 256KiB was seen to increase
wc -l performance by about 10% when reading cached files on modern systems.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:43:43 +0000 (15:43 +0200)]
alsa: Update to version 1.2.14
- Update from version 1.2.13 to 1.2.14
- alsa-lib, alsa-utils and alsa-ucm-conf all updated to that new version.
- Update of rootfile
- Changelog
1.2.14
alsa-lib
Core
Delete alsalisp code
include: prefer alsa/asoundlib.h for apps, dependency cleanups
seq: Define new events for UMP EP/FB change notifications
configure: Make sequencer dependent on rawmidi
src/Versions.in.in: Update *_tempo_base name
Config API
include: prefer alsa/asoundlib.h for apps, dependency cleanups
Control API
control: remap - improve sync feature
control: remap - add sync feature
control: remap - separate event handling from map (preparation for sync)
control: remap - add possibility to remap multiple source channels
include: prefer alsa/asoundlib.h for apps, dependency cleanups
PCM API
pcm: hw: do not reset tstamp_type in SND_PCM_APPEND mode (#2)
pcm: hw: fix default timestamp type for O_APPPEND
pcm: hw: do not reset tstamp_type in SND_PCM_APPEND mode
pcm: fix minor typos in doc
RawMidi API
rawmidi: ump - fix snd_ump_block_info_set_block_id double version #2
rawmidi: Extensions for tied device and substream inactive flag
rawmidi: ump - fix snd_ump_block_info_set_block_id double version
rawmidi: ump - fix snd_ump_block_info_get_block_id double version
Rawmidi API
rawmidi: Make rawmidi flag bits doxygen-style comments
rawmidi: Extensions for tied device and substream inactive flag
Sequencer API
seq: update_group_ports - rewrite blknames update
ALSA: seq: Use SND_* instead of SNDRV_*
ALSA: seq: Add missing UMP EP cap bit at snd_seq_create_ump_endpoint()
seq: shuffle calloc arguments in snd_seq_hw_open (gcc warning)
seq: add more checks to snd_seq_hw_set_client_info for older kernels
seq: Fix typo of the group number in snd_seq_create_ump_endpoint()
seq: Fix bogus return of snd_seq_client_info_get_ump_conversion()
seq: seq.c - fix calloc arguments
seq: seqmid - fix info->name is always true error
seq: Define new events for UMP EP/FB change notifications
seq: include UMP headers
Use Case Manager API
ucm: do not bump syntax version to 8
ucm: add '${LibCaps}' substitution
ucm: remove @@LibraryVersion and @@SyntaxVersion variables
ucm: format @@SyntaxVersion to 4 digits
ucm: enhance documentation (sys-card + ranges + more)
ucm: add @@LibraryVersion and @@SyntaxVersion variables
ucm: add sys-card substitution
/Makefile.am
Delete alsalisp code
/include/Makefile.am
Delete alsalisp code
include: prefer alsa/asoundlib.h for apps, dependency cleanups
ALSA Lisp
Delete alsalisp code
Documentation
doc: fix permissions
External PCM Filter Plugin SDK
include: pcm extplug/ioplug: fix internal include
External PCM I/O Plugin SDK
include: pcm extplug/ioplug: fix internal include
Kernel Headers
Sync UAPI asequencer.h with 6.14 kernel
Sync UAPI asound.h with 6.14 kernel
MIDI 2.0 (UMP)
include/ump_msg.h: Fix endianness detection
seq: include UMP headers
Test/Example code
test/playmidi1: fix compilation caused by conflict between midifile.h and
ump_msg.h
Utils
utils: add missing alsa-topology.pc.in to EXTRA_DIST
alsa-utils
Core
axfer, topology: use only <alsa/asoundlib.h> include instead specific
alsa-lib headers
ALSA Control (alsactl)
alsactl: info - handle situations when devices are not available in kernel
alsactl: info - print errors for next_device calls
Remove trailing spaces in man pages
alsactl: 90-alsa-restore.rules - fix AMD acp-pdm-mach link
alsactl: 90-alsa-restore.rules - fix alsa_restore_go/std
Audio Transfer utility
axfer, topology: use only <alsa/asoundlib.h> include instead specific
alsa-lib headers
alsa-info.sh
alsa-info: move man page to section 8 (administration commands)
alsa-info.sh: Add alsa-ucm package to package filter
alsatplg (topology)
Topology: NHLT: Intel: Improve error message for DMIC enable conflict
Topology: NHLT: Intel: Fix mono DMIC configure for MTL platform
axfer, topology: use only <alsa/asoundlib.h> include instead specific
alsa-lib headers
Topology: NHLT: Intel: Fix DMA slots config in SSP blob
amixer
amixer: fix unknown TVL sequence print
aplay/arecord
Remove trailing spaces in man pages
aplaymidi/arecordmidi
Remove trailing spaces in man pages
aplaymidi2/arecordmidi2 (MIDI v2.0)
arecordmidi2: fix unitialization variable error in read_ump_raw()
aseqdump
aseqdump: Fix typos in messages
alsa-ucm-conf
Core
github: use ucm-validator2, use actions/checkout@v4
Configuration
USB-Audio: Add support of HyperX SoloCast (USB ID 03f0:0b8b)
ucm2: Qualcomm: add Asus Zenbook A14
ucm2: Qualcomm: add Lenovo ThinkBook 16 support
ucm2: Qualcomm: add HP Omnibook X14 support
USB-Audio: Add focusrite scarlett 18i20 lineup
USB-Audio: Add Roland BridgeCast One
sof-soundwire: cs42l43: Switch mixer based on output volume
ucm2: sof-soundwire: Correct include file path for dsp.conf
USB-Audio: ALC4080 - add rear microphone support for 0414:a014 (Gigabyte
Aorus Pro)
sof-soundwire: Add LED support for cs35l56 amplifiers
sof-soundwire: cs42l43: Drop headset mic from mic mute LED
HDA: mics - don't create conflict link for Headphone Mic
HDA: mics - improve the Jack selection
HDA: mics - prefer 'Mic Jack' instead 'Headphone Jack'
USB-Audio: ALC4080 - add support for ASUS B850-I (USB ID 0b05:1be1)
sof-hda-dsp: Use common HDA initialization from /HDA/init.conf
HDA: move led.conf include to more appropriate place
ucm2: Qualcomm: fix typo in Lenovo T14s matching
sof-soundwire: rt1318: add playback control switch
ucm2: Qualcomm: add Lenovo Yoga Slim7x support
ucm2: Qualcomm: add Lenovo T14s support
ucm2: MediaTek: mt8390-evk: Add support for SOF
Torradex: replace spaces with tabs when appropriate
Torradex: fix wrong device names Headphone/Microphone
USB-Audio: Add support for RME Fireface UCX II
Qualcomm: Add QCS6490 RB3Gen2 HiFi config
Qualcomm: Add QCM6490 IDP HiFi config
ucm2: IO-Boards: Toradex: verdin: Add support for Toradex
ucm2: IO-Boards: Toradex: verdin: Add support for Toradex
ucm2: NXP: iMX6: Toradex: colibri-imx6: Add support for
ucm2: NXP: iMX7: Toradex: colibri-imx7: Add support for
ucm2: NXP: iMX8X: Toradex: colibri-imx8x: Add support for
ucm2: NXP: iMX6: Toradex: apalis-imx6: Add support for
ucm2: NXP: iMX8: Toradex: apalis-imx8: Add support for
ucm2: IO-Boards: Toradex: apalis: Add support for Toradex
USB-Audio: add Roland Quad-Capture support
ucm2: HDA - remove HDA-Capture-value.conf and put contents directly to
HDACaptureDevice macro
ucm2: HDA: HiFi-analog/mic: Refactor the analog mic discovery
GoXLR: Add 'Broadcast Stream Mix 2' to Capture if channels
use SetLED in rt1318 init configuration
Turn speaker LED accroding to rt1318 speaker status
ucm2: use new SetLED macro to hide the implementation details
common: add led.conf with SetLED macro to hide implementation details
USB-Audio: Add support for TASCAM Model 12
UCM2: Blobs: SOF: Cleanup blob names from .blob to .bin
USB-Audio: alc4080: Add MSI PRO B650-A WIFI USB ID 0db0:9e6d
USB-Audio: Improve support for Focusrite 4th Gen devices
USB-Audio: GoXLR - fix the channel detection for mini, cleanups
USB-Audio: set capture channels to 4 in UR22C-HiFi.conf
sof-soundwire: Fix cs42l43 dmic initialisation
sof-soundwire: Split cs42l43 dmic initialisation
ucm2: add mt8183_mt6358_ts3a227_max98357
ucm2: add mt8183_da7219_rt1015p
ucm2: add acp3x-alc5682-alc1015
DEBUG.md: add "Logs from PipeWire (wireplumber)" section
USB-Audio: Revelator-IO-44-HiFi - fix device names (validator)
Rename ucm2/AMD/acp3xalc5682m98 to ucm2/AMD/acp3x-alc5682-max98357
Rename ucm2/AMD/acpd7219m98357 to ucm2/AMD/acp-da7219-rt5682-max98357
Qualcomm: Add SM8750 MTP HiFi config
rt722: change output volume of headphone to 0dB
ucm2: USB-Audio: add Presonus Revelator IO 44 (USB194f:0424)
USB-Audio: ALC4080 - add ASUS ROG Crosshair X870E Hero (USB ID 0b05:1b7c)
sun4i-codec: add routing for headphones and internal speaker
UCM2: sof-soundwire: Add setup of IIR, DRC, beamformer
UCM2: sof-soundwire: Add setup of IIR, DRC, beamformer
UCM2: sof-soundwire: Enable DRC and equalizers for
UCM2: Intel: sof-hda-dsp: Enable Dmic0 DRC and TDFB
UCM2: Blobs/SOF/IPC4: Add Beamformer blobs, update
UCM2: Intel: sof-hda-dsp: Cleanup definitions
UCM2: Intel: sof-hda-dsp: Move variables defitions from
ucm: fix SectionDevice identifiers
ucm2: whitespace fixes
USB-Audio: ALC4080: add support for MSI MEG X670E GODLIKE (USB 0db0:e1f8)
USB-Audio: ALC4080 - add ASUS ROG STRIX X870E-E GAMING WIFI (USB 0b05:1b9b)
Configuration files for Roland Bridge Cast X V2
ucm2: sof-soundwire: Correct FixedBootSequence for dmic info
amd-soundwire: add support for AMD generic legacy machine driver
sof-hda-dsp: Add back missing .conf suffix for product/user specific configs
sof-soundwire: whitespace cleanup
sof-soundwire: cs42l43: Correct CapturePCM and routing
avs_nau8825: Fix JackControl name
sof-soundwire: cs42l43-spk: Correct PlaybackPCM and routing
sof-hda-dsp: Fix the case where sysfs dmi product_name attribute is not set
UCM2: Intel: sof-hda-dsp: Fix handling of empty sys_vendor
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 14:20:39 +0000 (16:20 +0200)]
backup.pl: Remove any 3coresec ipblocklists from old backups being restored
- This patch ensures that any restore from an old backup cointaining the 3coresec lists
will not restore the ipblocklist associated files for those lists.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 14:20:38 +0000 (16:20 +0200)]
sources: remove the 3CORESEC ipblocklist entries from the sources file
- The three 3CORESEC ipblocklists were removed and the web server urls completely
removed on 3 Feb 2025. There was no explanation or announcement.
- There was some suggestion from their twitter account that they might be ressurrected
which is why the removal was delayed. However there has been no further notification
or indication of any change.
- From their website they focus on a turnkey platform provision and the provision of
actionable threat information being provided on a subscription basis. So I believe
they have decided to stop the free IPBlocklist provision but were not willing to
make a clear announcement on that fact.
- This patch removes the three lists from the sources file.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:45:44 +0000 (15:45 +0200)]
protobuf-c: Update to version 1.5.2
- Update from version 1.5.0 to 1.5.2
- Update of rootfile not required
- The update to protobuf caused a breaking change for the build of protobuf-c. Version
1.5.2 has the fix for that issue in it.
- The changes to protobuf-c are such that the code has been significantly changed and
the previous patch file for version 1.5.0 is no longer needed.
- Changelog
1.5.2
* Chase compatibility issues with Google protobuf 30.0-rc1 by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/762
* protoc-gen-c: Explicitly construct strings where needed for protobuf 30.x by
@edmonds in https://github.com/protobuf-c/protobuf-c/pull/768
1.5.1
* CMakeList.txt: Remove double hyphens by @AlessandroBono in
https://github.com/protobuf-c/protobuf-c/pull/699
* Makefile.am: Distribute missing Config.cmake.in by @AlessandroBono in
https://github.com/protobuf-c/protobuf-c/pull/700
* protobuf_c_message_unpack(): Fix memory corruption by initializing
unknown_fields pointer by @smuellerDD in
https://github.com/protobuf-c/protobuf-c/pull/703
* Fix CI issues with CMake by @clementperon in
https://github.com/protobuf-c/protobuf-c/pull/714
* build.yml: Install libtool on OS X by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/717
* build.yml: Set "fail-fast: false" so we can tell which jobs are failing by
@edmonds in https://github.com/protobuf-c/protobuf-c/pull/718
* Update actions by @AndrewQuijano in
https://github.com/protobuf-c/protobuf-c/pull/740
* Miscellaneous CI updates by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/747
* build.yml: Build on more pull request activity types by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/751
* Chase compatibility issues with Google protobuf >= 26.0 by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/711
* Clean CMake by @clementperon in
https://github.com/protobuf-c/protobuf-c/pull/719
* build.yml: Update Windows dependencies (abseil, protobuf) by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/753
* build.yml: Ubuntu: Add 22.04, 24.04 by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/754
* Order oneof union members from largest to smallest by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/755
* More renaming of `protoc-c` to `protoc-gen-c` by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/756
* cmake: Fix build when using ninja and protobuf-c already installed by
@edmonds in https://github.com/protobuf-c/protobuf-c/pull/757
* protoc-gen-c: Log a deprecation warning when invoked as `protoc-c` by
@edmonds in https://github.com/protobuf-c/protobuf-c/pull/758
* build.yml: Try running multiarch builds on Debian bookworm by @edmonds in
https://github.com/protobuf-c/protobuf-c/pull/759
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 24 Apr 2025 13:45:43 +0000 (15:45 +0200)]
protobuf: Update to version 30.2
- Update from version 29.3 to 30.2
- Update of rootfile
- Changes in protobuf required changes in protobuf-c to prevent build crashes. An update
for protobuf-c is combined in this patch set.
- protobuf, protobuf-c and frr (which depends on those) all built successfully.
- Changelog
30.2
Compiler
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
C++
Remove dllexport attribute on variable definition. (#20833) (7831669)
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Change how we decide which empty string implementation to use. (#20708)
(221b2a0)
Java
Remove dllexport attribute on variable definition. (#20833) (7831669)
Add protobuf_maven artifacts to protobuf_maven_dev as well so they can
still be referenced correctly using the dev namespace for dev-only
targets. (#20771) (09b5078)
Add volatile to featuresResolved (#20766) (b7f06f1)
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Restore custom protobuf maven namespaces to avoid polluting main maven
namespace for non-dev dependencies as well. (#20739) (f4b0a79)
Fix Java concurrency issue in feature resolution for old <=3.25.x gencode
using lazy feature resolution. (#20751) (2dc9f35)
Fix lite classes in the protobuf-java Maven release to be JDK8 compatible.
(#20843) (7a4c63b)
Kotlin
Restore custom protobuf maven namespaces to avoid polluting main maven
namespace for non-dev dependencies as well. (#20739) (f4b0a79)
Csharp
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Objective-C
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Python
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Ruby
Restore generator headers in cmake install until the next breaking C++
release (#20749) (b69f653)
Other
Restore JDK8 compatibility in Bazel for libraries with dependencies from
Maven (e.g. //java/util) (#20832) (da9cadc)
30.1
Bazel
Loosen py_proto_library check to be on the import path instead of full
directory (i.e. excluding external/module-name prefix). (#20569) (3576a1f)
Compiler
Fix python codegen crash when C++ features are used. (#20577) (250c550)
C++
Fix python codegen crash when C++ features are used. (#20577) (250c550)
Java
Remove Java runtime classes from kotlin release. (#20607) (4747628)
Kotlin
Remove Java runtime classes from kotlin release. (#20607) (4747628)
Python
Fix python codegen crash when C++ features are used. (#20577) (250c550)
Other
Re-add system_python repo alias to MODULE.bazel (#20662) (ebb5224)
30.0
Announcements
This version includes breaking changes to: Objective-C, Python, C++.
[Objective-C] Remove legacy WKT headers. (d9caebc)
[Objective-C] Remove deprecated apis. (2a52b90)
[Objective-C] Remove support for older generated code. (cffa590)
[Objective-C] Remove GPBUnknownFieldSet. (2b93422)
[Python] Fix closed enum validation under editions (72b3eda)
[Python] Remove deprecated GetDebugString() from protobuf python cpp
extension. (721a452)
[Python] Remove deprecated reflection methods (292f964)
[Python] Remove deprecated GetPrototype MessageFactory.GetPrototype(),
(c261b49)
[Python] Python nested message class qualname now contains the outer
message name. (Previous qualname has the same result with name for
nested message that outer message name was not included) (0720536)
[Python] Remove deprecated Python RPC Service Interfaces (5ba74b1)
[Python] Python setdefault behavior change for map field. (81da6b9)
[Python] Remove deprecated py_proto_library macro.
[C++] Prohibit using Bazel+MSVC to build protobuf (117e7bb)
[C++] Remove deprecated Arena::CreateMessage. (d83a536)
[C++] Remove CMake submodule support in favor of fetched or installed
dependencies. (3f06ca4)
[C++] Flip default behavior for handling cmake dependencies. (9cc685e)
[C++] Add ASAN poisoning after clearing oneof messages on arena.
(54d068e)
[C++] Upgrade return type of type_name() and cpp_type_name() from
const char* to absl::string_view. (a9ad51f)
[C++] Remove deprecated RepeatedPtrField::ClearedCount(). (e8e3253)
[C++] Upgrade return type of several string returning functions to
absl::string_view. (d1990d9)
[C++] Strip ctype from options in C++ (aebf8b9)
[C++] Remove MutableRepeatedFieldRef::Reserve() in reflection (913f7b0)
[C++] Remove deprecated JsonOptions alias. (e2eb0a1)
[C++] Remove deprecated Arena::GetArena. (30ed452)
Bazel
Remove reference to cc_proto_aspect (fa02f76)
Remove deprecated bazel/system_python.bzl alias. (00f108c)
Compiler
Add notices.h with information about our dependencies' licenses and add
--notices flag to protoc to print the contents of that file. (a7df327)
Have the protoc CLI properly report any parser warnings. (cafeaa4)
Split protoc apart from libprotoc in our cmake configs. (b4b93b3)
Begin adding extension numbers to SourceCodeInfo and FileDescriptorSet for
tooling purposes. (9d7236b)
Fix various unsigned to signed comparison warnings. (#17212) (67de087)
C++
Fixing staleness tests (6abaf77)
Add notices.h with information about our dependencies' licenses and add
--notices flag to protoc to print the contents of that file. (a7df327)
Backport: Remove if_constexpr usage for future Abseil compatibility
(#20488) (450ee76)
Add tests for older gcc versions we still support (#20463) (0778473)
Fix a bug in handling of implicit-presence string_view fields. (#20403)
(81196ac)
Remove rules_rust dependency from MODULE.bazel for 30.x (#20310) (b8248f6)
Upgrade abseil-cpp to 20250127 and use @com_google_absl -> @abseil-cpp and
com_google_googletest -> @googletest canonical BCR names. (#20295) (df849cc)
Replace std::any with a custom solution. (#20251) (6250d09)
Make DebugString print debug output, enable debug markers for debug output
(9a03332)
Fix missing port_undef (#20052) (0644388)
Use __builtin_expect_with_probability for proto field presence checks.
(e958419)
Enable meta-tagging for redaction purposes (1f48795)
Breaking change: Prohibit using Bazel+MSVC to build protobuf (117e7bb)
Breaking change: Upgrade return type of several string returning functions
to absl::string_view. (d1990d9)
Print the presence probability when analysis is enabled. (d4ba7ff)
Split protoc apart from libprotoc in our cmake configs. (b4b93b3)
Breaking change: Strip ctype from options in C++ (aebf8b9)
Breaking change: Remove MutableRepeatedFieldRef::Reserve() in reflection
(913f7b0)
Remove stale references to C++14. (f4cc92c)
Breaking change: Upgrade return type of type_name() and cpp_type_name()
from const char* to absl::string_view. (a9ad51f)
Update cmake minimum version to >=3.16. (21f535c)
Migrate coded output stream arguments from const std::string& to
absl::string_view. (0361a59)
Breaking change: Remove deprecated Arena::GetArena. (30ed452)
Remove the time (or time-based) entropy being added to Map's seed. (a7875bb)
Don't use CLOCK_UPTIME_RAW if it won't be defined (#16951) (097dcda)
Fix DEPENDENCIES in protobuf_generate() to accept multiple values instead
of silently dropping (52887e1)
Use ABSL_PREDICT_TRUE|FALSE instead of PROTOBUF_PREDICT_TRUE|FALSE. (fd47730)
Breaking change: Flip default behavior for handling cmake dependencies.
(9cc685edf867acf5...
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / log
