Adolf Belka [Wed, 19 Mar 2025 12:54:32 +0000 (13:54 +0100)]
shadow: Update to version 4.17.3
- Update from version 4.16.0 to 4.17.3
- Update of rootfile
- At version 4.17.0 groups and ids were removed from shadow, so the parts of the patch
related to stopping installation of groups is no longer needed. The parts related
to not installing the man pages already installed by man are still done but using
the commands shown in Linux From Scratch with shadow-4.17.3 rather than via a patch
file which was getting very difficult to find and edit every man page that should be
excluded from the source tarball to create the diff patch.
- Corrected a typo, --without-brcypt should have been --without-bcrypt. However no
impact as the default for brcypt is to not be installed.
- This version brings in /bin/getsubids. I have commented this out as that command was
never present before, although the subids libraries were. If this command should be
available in IPFire then it can be uncommented in the rootfile.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 11 Mar 2025 20:36:35 +0000 (21:36 +0100)]
bacula: Update to version 15.0.2
- Update from version 13.0.4 to 15.0.2
- Update of rootfile
- Version 15.0.2 has now been released for a year so it is time to update the IPFire
file daemon as the direcdtor and storage daemon should by now be at this latest
version.
- Changelog is too large to fully include here. Details can be found in the ChangeLog
file in the source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:18 +0000 (22:20 +0100)]
pango: Update to version 1.56.3
- Update from version 1.56.1 to 1.56.3
- Update of rootfile
- Changelog
1.56.3
- Improve font description serialization
- fontconfig: Avoid FcFontSetSort when possible
- coverage: Extend coverage by Unicode decomposition
- win32: Speed up coverage creation
- Deprecate pango_font_descriptions_free
1.56.2
- Annotation fixes
- fontconfig: Set optical size for fonts with an opsz axis
- fontconfig: Make panog_font_map_reload_font scale linearly
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:17 +0000 (22:20 +0100)]
lvm2: Update to version 2.03.31
- Update from version 2.03.30 to 2.03.31
- Update of rootfile not required
- Changelog
2.03.31
Reduce 'mandoc -T lint' reported issues for man pages.
Restore support for LVM_SUPPRESS_FD_WARNINGS (2.03.24).
Fix uncache and split cache restoring original state of volume.
Extend use of lockopt skip to more scenarios.
Enhance error path resolving in polling code.
Disallow shared activation of LV with CoW snapshot.
Fix lvmlockd use in lvremove of CoW snapshot, VDO pool, and uncache.
Improve mirror split with opened temporary volumes.
Improve pvmove finish with opened temporary volumes.
Fix backup limit for devices file, handle over 10,000 files.
Ignore reported optimal_io_size not divisible by 4096.
Fix busy-loop in config reading when read returned 0.
Fix DM cache preserving logic (2.03.28).
Improve use of lvmlockd for usecases involving thin volumes and pools.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:16 +0000 (22:20 +0100)]
liburcu: Update to version 0.15.1
- Update from version 0.15.0 to 0.15.1
- Update of rootfile not required
- Changelog
0.15.1
* uatomic/generic: Add missing #include <stdlib.h>
* docs: Clarify that make is required to build the project
* fix: add missing SPDX headers to urcu/uatomic/api.h
* compiler.h: Remove caa_unqual_scalar_typeof
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:15 +0000 (22:20 +0100)]
libseccomp: Update to version 2.6.0
- Update from version 2.5.5 to 2.6.0
- Update of rootfile
- Changelog
2.6.0
- Update the syscall table for Linux v6.13
- Add support for new arches: SuperH little and big endian, LoongArch, and
32-bit Motorola 68000
- Add multiplexed syscall support for more arches: MIPS, SuperH, and PPC
- Consolidate and simplify handling of multiplexed syscalls
- Add support for the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag
- Add support for transactions with the seccomp_transaction_start(),
seccomp_transaction_commit(), and seccomp_transaction_reject() APIs
- Add a seccomp_precompute() API to generate the seccomp BPF filter prior to
seccomp_load() or seccomp_export_bpf_mem()
- Add support for binary tree filters without syscalls
- Add support for the kernel’s implementation change of
SECCOMP_IOCTL_NOTIF_ID_VALID
- Add Python binding support for retrieving the notification file descriptor
- Improved tooling to help track syscall table updates in the Linux kernel
- Handle EINVAL error from the kernel when the WAIT_KILLABLE_RECV flag is
erroneously provided to the kernel
- Fix a seccomp userspace notification issue where the file descriptor was
being requested more than once
- Fix a bug where the internal filter state could be corrupted when a filter
rule addition fails
- Fix potential memory leak in the internal management of filter snapshots
- Utilize Cython rather than distutils in the Python bindings, due to
distutils’ deprecation
- Many test and CI improvements and fixes
- Many documentation improvements and updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:13 +0000 (22:20 +0100)]
libcap: Update to version 2.75
- Update from version 2.73 to 2.75
- Update of rootfile
- Changelog
2.75
This release is devoted to a fix for Bug 219838 reported by Frank.
2.74
ERRATA
Bug 219838 the psx go package fails to build standalone.
You can work around this by go mod vendor in your code tree
or upgrade your package reference to psx/v1.2.75.
This release addresses Bug 219687 reported by David Runge.
Code at HEAD (tagged {cap,psx}/v1.2.74-rc5) fixes it for
{x86,arm,mips}x{32-bit,64-bit}, ppc64, s390x and riscv.
The mips32 support requires a more modern Go compiler than the
default provided by Debian. For successfully testing I used
go1.24.0.
May be fixed for loongarch, but no system to test this with
(derived from mips, so perhaps it is fixed).
Group syntax parsing bugfix for pam_cap from Tianjia Zhang.
Doc typo fix for cap_get_proc.3 from Tianjia Zhang.
Fix transitive include in capsh.c from Leo.
Go package documentation updates, including more cap examples.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:12 +0000 (22:20 +0100)]
kmod: Update to version 34.1
- Update from version 0.34 to 0.34.1
- Update of rootfile not required
- Changelog
0.34.1
It's mostly a build system fix release, the first .1 we are releasing.
My goal is to mimic what is done in the kernel and propagate the
critical fixes to a stable release, which should help distros to get the
fixes ahead of a new release, without having to patch it themselves.
Shortlog is below:
meson: Use short options for ln everywhere
meson: Fix setting an absolute customdir
NEWS: ditch mention of libxz.so
meson: Fix build with glibc 2.31
kmod 34.1
build: support missing gtkdocize in releases
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:09 +0000 (22:20 +0100)]
harfbuzz: Update to version 10.4.0
- Update from version 10.2.0 to 10.4.0
- Update of rootfile
- Changelog
10.4.0
- Drawing glyphs using hb-draw API now avoids any “malloc” calls, which
improves drawing performance by 10+%.
- Add support new “GVAR” table fonts with more than 65535 glyphs. Support is
currently behind a compilation flag and is disabled by default.
- Some hb-directwrite and hb-ft APIs got renamed with more clear names and the
old names are deprecated.
- Various build and fuzzing fixes.
- New API:
+hb_directwrite_face_get_dw_font_face()
+hb_ft_font_get_ft_face()
- Deprecated API:
+hb_directwrite_face_get_font_face()
+hb_ft_font_get_face()
10.3.0
- Vastly improved “AAT” shaping performance. LucidaGrande benchmark-shape
before: 14.6ms after: 5.9ms.
- Improved OpenType shaping performance (kerning / ligature), at the expense of
~1kb per face allocated cache memory. Roboto-Regular benchmark-shape before:
10.3ms after: 9.4ms.
- Improved “COLRv1” benchmark-font paint performance. Before: 7.85ms after
4.85ms.
- Don’t apply glyph substitutions in “morx” table of a font with known broken
“morx” table (AALMAGHRIBI.ttf font).
- Update IANA and OT language registries.
- Various documentation updates.
- Various build improvements, and test speed-ups.
- The “hb_face_reference_blob()” API now works for faces created with
“hb_face_create_for_tables()” if the face sets “get_table_tags” callback.
This constructs a new face blob from individual table blobs.
- Various fixes to how “trak” table is handled to bring it closer to Core Text
behaviour. Particularly, the tracking values for sizes not explicitly set in
the table are now properly interpolated, and the tracking is applied to glyph
advances when they are returned by ot-font functions, instead of applying
them during shaping. The “trak” pseudo OpenType feature that could be used to
disable “trak” table application have been dropped.
- Core Text font functions now support non-BMP code points.
- The drawing algorithm used by hb-draw for “glyf” table now match the
algorithm used by FreeType and Core Text.
- The “hb_coretext_font_create()” API now copy font variations from Core Text
font to the created HarfBuzz font.
- Add an API to get the feature tags enabled on a given shape-plan after
executing it, which can be used to applications to show in the UI what
features are applied by default (which can vary based on the font, the
script, the language, and the direction set on the buffer).
- Add APIs to created HarfBuzz font from DirectWrite font, and copy the font
variations.
- New API:
+hb_directwrite_font_create()
+hb_directwrite_font_get_dw_font()
+hb_ot_shape_plan_get_feature_tags()
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:08 +0000 (22:20 +0100)]
git: Update to version 2.49.0
- Update from version 2.48.1 to 2.49.0
- Update of rootfile
- Changelog
2.49.0
UI, Workflows & Features
* Completion script updates for zsh
* "git pack-objects" and its wrapper "git repack" learned an option
to use an alternative path-hash function to improve delta-base
selection to produce a packfile with deeper history than window
size.
* "git gc" learned the "--expire-to" option and passes it down to
underlying "git repack".
* "[help] autocorrect = 1" used to be a way to say "please wait for
0.1 second after suggesting a typofix of the command name before
running that command"; now it means "yes, if there is a plausible
typofix for the command name, please run it immediately".
* "git clone" learned to make a shallow clone for a single commit
that is not necessarily be at the tip of any branch.
* Lazy-loading missing files in a blobless clone on demand is costly
as it tends to be one-blob-at-a-time. "git backfill" is introduced
to help bulk-download necessary files beforehand.
* "git push --atomic --porcelain" used to ignore failures from the
other side, losing the error status from the child process, which
has been corrected.
* "git rev-list --missing=" learned to accept "print-info" that gives
known details expected of the missing objects, like path and type.
* Comes with an updated "gitk".
* The documentation of "git commit" and "git rebase" now refer to
commit titles as such, not "subject".
* The value of "uname -s" is by default sent over the wire as a part
of the "version" capability.
* "git refs migrate" can optionally be told not to migrate the reflog.
* The netrc support (via the cURL library) for the HTTP transport has
been re-enabled.
* Removal of ".git/branches" and ".git/remotes" support in the
BreakingChanges document has been further clarified.
* What happens to submodules during merge has been documented in a
bit more detail.
Performance, Internal Implementation, Development Support etc.
* More -Wsign-compare fixes.
* meson-based build now supports the unsafe-sha1 build knob.
* The meson-based build procedure covers contrib/ and other places as
well.
* The code to check LSan results has been simplified and made more
robust.
(merge 164a2516eb jk/lsan-race-ignore-false-positive later to maint).
* More code paths have a repository passed through the callchain,
instead of assuming the primary the_repository object.
* Move a few more unit tests to the clar test framework.
* Introduce a new API to visit objects in batches based on a common
path, or by type.
* Following the procedure we established to introduce breaking
changes for Git 3.0, allow an early opt-in for removing support of
$GIT_DIR/branches/ and $GIT_DIR/remotes/ directories to configure
remotes.
* The code paths to interact with zlib has been cleaned up in
preparation for building with zlib-ng.
* Foreign language interface for Rust into our code base has been added.
* All the documentation .txt files have been renamed to .adoc to help
content aware editors.
* "git difftool" code clean-up.
* Rename processing in the recursive merge backend has seen a micro
optimization.
* The path.[ch] API takes an explicit repository parameter passed
throughout the callchain, instead of relying on the_repository
singleton instance.
* Large-object promisor protocol extension has been introduced.
* The editorconfig file is updated to tell us that bash scripts are
similar to general Bourne shell scripts.
* Meson-based build procedure forgot to build some docs, which has
been corrected.
Fixes
* "git submodule" learned various ways to spell the same option,
e.g. "--branch=B" can be spelled "--branch B" or "-bB".
(merge b86f0f9071 re/submodule-parse-opt later to maint).
* Tweak the help text used for the option value placeholders by
parse-options API so that translations can customize the "<>"
placeholder signal (e.g. "--option=<value>").
(merge 5b34dd08d0 as/long-option-help-i18n later to maint).
* CI jobs gave sporadic failures, which turns out that that the
object finalization code was giving an error when it did not have
to.
(merge d7fcbe2c56 ps/object-collision-check later to maint).
* The code to compute "unique" name used git_rand() which can fail or
get stuck; the callsite does not require cryptographic security.
Introduce the "insecure" mode and use it appropriately.
(merge 0b4f8afef6 ps/reftable-get-random-fix later to maint).
* A misconfigured "fsck.skiplist" configuration variable was not
diagnosed as an error, which has been corrected.
(merge ca7158076f jt/fsck-skiplist-parse-fix later to maint).
* Extended SHA-1 expression parser did not work well when a branch
with an unusual name (e.g. "foo{bar") is involved.
(merge 191f0c8db2 en/object-name-with-funny-refname-fix later to maint).
* The meson build procedure looked for the 'version-def.h' file in a
wrong directory, which has been corrected.
(merge 4771501c0a tc/meson-use-our-version-def-h later to maint).
* The meson build procedure for Documentation/technical/ hierarchy was
missing necessary dependencies, which has been corrected.
(merge 1dca492edd sj/meson-doc-technical-dependency-fix later to maint).
* The "instaweb" bound only to local IP address without "--local" and
to all addresses with "--local", which was the other way around, when
using Python's http.server class, which has been corrected.
(merge 76baf97fa1 ak/instaweb-python-port-binding-fix later to maint).
* Document that it is insecure to use Personal Access Tokens, which
some hosting providers take as username/password, embedded in URLs.
(merge a90ff409f0 mh/doc-credential-helpers-with-pat later to maint).
* The help text from "git $cmd -h" appear on the standard output for
some $cmd and the standard error for others. The built-in commands
have been fixed to show them on the standard output consistently.
(merge f66d1423f5 jc/show-usage-help later to maint).
* The meson-driven build is now aware of "git-subtree" housed in
contrib/subtree hierarchy.
(merge 8454b42f94 ps/build-meson-subtree later to maint).
* It was possible for "git unpack-objects" and "git index-pack" to
make an unaligned access, which has been corrected.
(merge 98046591b9 jk/pack-header-parse-alignment-fix later to maint).
* The "cache" credential back-end did not handle authtype correctly,
which has been corrected.
(merge 0b43274850 mh/credential-cache-authtype-request-fix later to maint).
* "git branch --sort=..." and "git for-each-ref --format=... --sort=..."
did not work as expected with some atoms, which has been corrected.
(merge c5490ce9d1 rs/ref-fitler-used-atoms-value-fix later to maint).
* reflog entries for symbolic ref updates were broken, which has been
corrected.
(merge 3519492430 kn/reflog-symref-fix later to maint).
* The trace2 code was not prepared to show a configuration variable
that is set to true using the valueless true syntax, which has been
corrected.
(merge 2fd367cf63 am/trace2-with-valueless-true later to maint).
* The "git refs migrate" command did not migrate the reflog for
refs/stash, which is the contents of the stashes, which has been
corrected.
(merge a0bea0978f ps/reflog-migration-with-logall-fix later to maint).
* Doc and short-help text for "show-index" has been clarified to
stress that the command reads its data from the standard input.
(merge 49edce4ff9 jc/show-index-h-update later to maint).
* The API around choosing to use unsafe variant of SHA-1
implementation has been updated in an attempt to make it harder to
abuse.
(merge 04292c3796 tb/unsafe-hash-cleanup later to maint).
* Fix bugs in an earlier attempt to fix "git refs migration".
(merge f11f0a5a2d kn/reflog-migration-fix-fix later to maint).
* The code path used when "git fetch" fetches from a bundle file
closed the same file descriptor twice, which sometimes broke things
unexpectedly when the file descriptor was reused, which has been
corrected.
(merge 9a84794ad8 js/bundle-unbundle-fd-reuse-fix later to maint).
* "git init" to reinitialize a repository that already exists cannot
change the hash function and ref backends; such a request is
silently ignored now.
(merge 7e88640cd1 ps/setup-reinit-fixes later to maint).
* "git apply" internally uses unsigned long for line numbers and uses
strtoul() to parse numbers on the hunk headers. It however forgot
to check parse errors.
(merge a206058fda pw/apply-ulong-overflow-check later to maint).
* Two CI tasks, whitespace check and style check, work on the
difference from the base version and the version being checked, but
the base was computed incorrectly in GitLab CI in some cases, which
has been corrected.
(merge acc4fb302b jt/gitlab-ci-base-fix later to maint).
* "git repack --keep-unreachable" to send unreachable objects to the
main pack "git repack -ad" produces did not work when there is no
existing packs, which has been corrected.
(merge 414c82300a ps/repack-keep-unreachable-in-unpacked-repo later to maint).
* Going into a secondary worktree and asking "is the main worktree
bare?" did not work correctly when per-worktree configuration
option was in use, which has been corrected.
* Fetching into a bare repository incorrectly assumed it always used
a mirror layout when deciding to update remote-tracking HEAD, which
has been corrected.
(merge 93dc16483a bf/fetch-set-head-fix later to maint).
* A thunderbird helper script lost its bashism.
(merge 59d26bd961 bc/contrib-thunderbird-patch-inline-fix later to maint).
* The -G/-S options to the "diff" family of commands caused us to hit
a BUG() when they get no values; they have been corrected.
(merge a620046b29 bc/diff-reject-empty-arg-to-pickaxe later to maint).
* "git merge-tree --stdin" has been improved (including a workaround
for a deadlock).
(merge 6a9ae81015 pw/merge-tree-stdin-deadlock-fix later to maint).
* Correct the default target in Documentation/Makefile, and
future-proof all Makefiles from similar breakages by declaring the
default target (which happens to be "all") upfront.
(merge 5309c1e9fb ad/set-default-target-in-makefiles later to maint).
* "git check-mailmap" used to segfault when queried without human
readable name.
(merge bb60c52131 jk/check-mailmap-wo-name-fix later to maint).
* Support for renaming of symbolic links on Windows has been improved.
* "git rebase -i" failed to allow rewording an empty commit that has
been fast-forwarded.
(merge af8fc7be10 pw/rebase-i-ff-empty-commit later to maint).
* The use of "paste" command for aggregating the test results have
been corrected.
(merge ce98863204 dk/test-aggregate-results-paste-fix later to maint).
* Other code cleanup, docfix, build fix, etc.
(merge ddb5287894 jk/t7407-use-test-grep later to maint).
(merge 21e1b44865 aj/difftool-config-doc-fix later to maint).
(merge 6a63995335 mh/gitattr-doc-markup-fix later to maint).
(merge 43850dcf9c sk/unit-test-hash later to maint).
(merge 4ad47d2de3 jc/cli-doc-option-and-config later to maint).
(merge 2d0ff147e5 jp/t8002-printf-fix later to maint).
(merge 69666e6746 ja/doc-restore-markup-update later to maint).
(merge d11d003ba5 sk/strlen-returns-size_t later to maint).
(merge 77b2d29e91 ja/doc-notes-markup-updates later to maint).
(merge 6979bf6f8f jk/combine-diff-cleanup later to maint).
(merge 8705c9bd13 kn/pack-write-with-reduced-globals later to maint).
(merge 087740d65a ps/leakfixes-0129 later to maint).
(merge 6bba6f604b jp/doc-trailer-config later to maint).
(merge f1cc562b77 lo/t7603-path-is-file-update later to maint).
(merge 45761988ac en/doc-renormalize later to maint).
(merge 832f56f06a jc/doc-boolean-synonyms later to maint).
(merge 3eeed876a9 ac/doc-http-ssl-type-config later to maint).
(merge c268e3285d jc/breaking-changes-early-adopter-option later to maint).
(merge 0d03fda6a5 pb/doc-follow-remote-head later to maint).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:07 +0000 (22:20 +0100)]
gettext: Update to version 0.24
- Update from version 0.22.5 to 0.24
- Update of rootfile
- Changelog
0.24
# Programming languages support:
* JavaScript:
- xgettext now parses recursive JSX expressions correctly.
* Rust:
- xgettext now supports Rust.
- 'msgfmt -c' now verifies the syntax of translations of Rust format
strings.
- A new example 'hello-rust' has been added.
* C:
- A new example 'hello-c-http' has been added, showing the use of
GNU gettext in a multithreaded web server.
* C++:
- A new example 'hello-c++-gnome3' has been added.
* Ruby:
- A new example 'hello-ruby' has been added.
# Improvements for maintainers:
* When xgettext creates the POT file of a package under Git version control,
the 'POT-Creation-Date' in the POT file usually no longer changes
gratuitously each time the POT file is regenerated.
# Caveat maintainers:
* Building the po/ directory now requires GNU make on specific platforms:
macOS, Solaris, AIX.
0.23.1
* Bug fixes:
- Building with libxml2 >= 2.12.0 and gcc >= 14 now works.
- XML: The value of the xml:lang attribute, inserted by msgfmt, is now
more correct.
0.23
# Internationalized data formats:
* XML:
o The escaping of characters such as & < > has been changed:
- No escaping is done any more by xgettext, when creating a POT file.
- Instead, extra escaping can be requested for the msgfmt pass, when
merging into an XML file.
- The default value of 'escape' in the <gt:escapeRule> was "yes";
now it is "no".
This means that existing translations of older POT files may no longer
fully apply. As a maintainer of a package that has translatable XML files,
you need to regenerate the POT file and pass it on to your translators.
o XML schemas for .its and .loc files are now provided.
o The value of the xml:lang attribute, inserted by msgfmt, now conforms
to W3C standards.
o 'msgfmt --xml' accept an option --replace-text, that causes the output
to be a mono-lingual XML file instead of a multi-lingual XML file.
o xgettext and 'msgfmt --xml' now support DocBook XML files.
* Desktop: xgettext now produces POT files with correct line numbers.
# Programming languages support:
* Python:
o xgettext now assumes source code for Python 3 rather than Python 2.
This affects the interpretation of escape sequences in string literals.
o xgettext now recognizes the f-string syntax.
* Scheme:
o xgettext now supports the option '-L Guile' as an alternative to
'-L Scheme'. They are nearly equivalent. They differ in the
interpretation of escape sequences in string literals: While
'xgettext -L Scheme' assumes the R6RS and R7RS syntax of string literals,
'xgettext -L Guile' assumes the syntax of string literals understood by
Guile 2.x and 3.0 (without command-line option '--r6rs' or '--r7rs', and
before a '#!r6rs' directive is seen).
o xgettext now recognizes comments of the form '#; <expression>'.
* Java: xgettext now has an improved recognition of format strings when the
String.formatted method is used.
* JavaScript:
o xgettext now parses template literals inside JSX correctly.
o xgettext has a new option --tag that customizes the behaviour of tagged
template literals.
* C#:
o The build system and tools now also support 'dotnet' (.NET) as C#
implementation. In order to declare a preference for 'dotnet' over
'mono', you can use the configure option '--enable-csharp=dotnet'.
o xgettext now recognizes strings with embedded expressions (a.k.a.
interpolated strings).
* awk: xgettext now recognizes string concatenation by juxtaposition.
* Smalltalk: xgettext now recognizes the string concatenation operator ','.
* Vala: xgettext now has an improved recognition of format strings when the
string.printf method is used.
* Glade: xgettext has improved support for GtkBuilder 4.
* Tcl: With the recently released Tcl 9.0, characters outside the Unicode BMP
in Tcl message catalogs (.msg files) will work regardless of the locale's
encoding.
* Perl:
o xgettext now reports warnings instead of fatal errors.
o xgettext now recognizes strings with embedded expressions (a.k.a.
interpolated strings).
* PHP:
o xgettext now recognizes strings with embedded expressions.
o xgettext now scans Heredoc and Nowdoc strings correctly.
o xgettext now regards the format string directives %E, %F, %g, %G, %h, %H
as valid.
# Runtime behaviour:
* In the C.UTF-8 locale, like in the C locale, the *gettext() functions
now return the msgid untranslated. This is relevant for GNU systems,
Linux with musl libc, FreeBSD, NetBSD, OpenBSD, Cygwin, and Android.
# Documentation:
* The section "Preparing Strings" now gives more advice how to deal with
string concatenation and strings with embedded expressions.
# xgettext:
* Most of the diagnostics emitted by xgettext are now labelled as
"warning" or "error".
# msgmerge:
* The option '--sorted-output' is now deprecated.
# libgettextpo library:
* This library is now multithread-safe.
* The function 'po_message_set_format' now supports resetting a format string
mark.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:06 +0000 (22:20 +0100)]
dbus: Update to version 1.16.2
- Update from version 1.16.0 to 1.16.2
- Update of rootfile not required
- Changelog
1.16.2
Build system:
• The branch used for development releases has been renamed to `main`.
Please see CONTRIBUTING.md for details of how to update existing checkouts.
(dbus#530, Simon McVittie)
Bug fixes:
• On Linux, fix build regression with libselinux ≥ 3.8 and verbose mode
enabled (Debian#1096212, dbus!511; Simon McVittie)
Internal changes:
• Documentation updates
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 18 Mar 2025 21:20:05 +0000 (22:20 +0100)]
cairo: Update to version 1.18.4
- Update from version 1.18.2 to 1.18.4
- Update of rootfile
- Changelog
1.18.4
The dependency on LZO has been made optional through a build time
configuration toggle. [!580]
You can build Cairo against a Freetype installation that does not have the
FT_Color type. [#792]
Cairo tests now build on Solaris 11.4 with GCC 14. [!599]
The DirectWrite backend now builds on MINGW 11. [!600]
Thanks to Luca Bacci, the DirectWrite backend now supports font
variations and proper glyph coverage. [#877, !602]
Support for Windows 98 has been removed. The minimum requirement for
Windows is now Vista.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 Mar 2025 20:45:31 +0000 (21:45 +0100)]
perl: uncomment the json entrries in the rootfile
- Back in Sept 2024 I supplied a patch to remove certain perl modules as they were now
available in the core perl package.
- The perl-json was one of these modules but unfortunately I missed to uncomment the json
entries in the perl rootfile so they have been unavailable to samba since then.
- This patch corrects that situation.
Suggested-by: ummeegge <ummeegge@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 15 Mar 2025 12:29:26 +0000 (13:29 +0100)]
expat: Update to version 2.7.0
- Update from version 2.6.4 to 2.7.0
- Update of rootfile
- Fix for CVE-2024-8176
- Changelog
2.7.0
Security fixes:
#893 #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
Other changes:
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
Infrastructure:
#926 tests: Increase robustness
#927 #932 ..
#930 #933 tests: Increase test coverage
#617 #950 ..
#951 #952 ..
#954 #955 .. Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on
#961 Google's libprotobuf-mutator ("LPM")
#957 Fuzzing|CI: Start producing fuzzing code coverage reports
#936 CI: Pass -q -q for LCOV >=2.1 in coverage.sh
#942 CI: Small fuzzing related improvements
#139 #203 ..
#791 #946 CI: Make GitHub Actions build using MSVC on Windows and
produce 32bit and 64bit Windows binaries
#956 CI: Get off of about-to-be-removed Ubuntu 20.04
#960 #964 CI: Start uploading to Coverity Scan for static analysis
#972 CI: Stop loading DTD from the internet to address flaky CI
#971 CI: Adapt to breaking changes in Cppcheck
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Tue, 11 Mar 2025 16:36:17 +0000 (17:36 +0100)]
libloc: Update to version 0.9.18
- Update libloc from version 0.9.17 to 0.9.18
- Update of rootfile
- Update of patch to revert installing of perl files into perl vendor directory as source
file has changed enough.
- Changelog
0.9.18
* A new Lua module has been added as announced here:
https://www.ipfire.org/blog/ipfire-location-lua-bindings-for-fun-and-profit
* The algorithm to detect bogons and duplicates in the tree have massively been
improved and should be nearing their theoretical maximum in terms of
performance.
* A large number of stability and correctness fixes have been rolled out. These
mostly affect the code generating the database.
* We now have a small Jenkins pipeline which will check if the library still
builds for a couple of major Linux distributions and various architectures.
Python:
* AS and Country objects are now hashable and support rich comparison operations
Importer:
* Exporting the database is around 200x faster due to eliminating any excessive
joins. Instead a new temporary table will be created and a temporary index
will be used to apply various updates to the data from various sources inside
the database. That allows us to create the export iteratively instead of
having one large query that runs for forever. An export that formerly took
around 17-20 hrs(!) will now take only ~5 mins.
* A new source for human-friendly names for Autonomous Systems registered with
ARIN has been added
* Importing feeds from AWS and Spamhaus has been split off into separate
database tables. This will allow us to import them separately and prioritise
our own rewrites over them.
* The ARIN parser has been refactored based on csv.DictReader(), parsers for
the AWS and Spamhaus feeds have been rewritten, too
* Geofeeds are now fetched concurrently with a unified downloader
* Certain country codes will be entirely ignored. Currently this is YU for
former Yugoslavia and ZZ which is used to say “no country”
* Country codes can now be corrected on the fly. This is used to change UK to
GB as only the latter is the valid country code for the United Kingdom.
* Countries that are not on our list will not be imported any more.
* Networks larger than /4 for IPv6, and /10 for IPv4 won’t be imported any
more. This avoids that we propagate any issues in the global routing table
into the database.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 11 Mar 2025 15:28:31 +0000 (16:28 +0100)]
htop: Update to 3.4.0
For details see:
https://github.com/htop-dev/htop/blob/main/ChangeLog
"What's new in version 3.4.0
* More expressive version tag generated for development versions (htop --version, help screen)
* Improve Darwin support for ARM-based systems
* Fix static linking with libsystemd
* Various build fixes for DragonFlyBSD, Darwin, NetBSD, OpenBSD & Solaris
* Fix running task display (count)
* Fix sort order handling in tree mode
* Add warning when exiting with a signal (not saving .htoprc)
* Add Disk I/O and Network I/O meter for DragonFlyBSD
* Improve handling of invalid Unicode strings
* Disable basename checking for kernel tasks
* Updated documentation for pcp-htop
* Disable FOCUS_IN/FOCUS_OUT event handling
* Add GPU meter for Linux and PCP
* Add colum for GPU time per process on Linux and PCP
* Avoid glibc FILE API voodoo
* Ignore previously unhandled signals USR1 and USR2
* Force locating the config file to only use absolute paths
* Prefer reading htoprc from ~/.config/htop/htoprc over legacy ~/.htoprc
* Force writing the configuration to a regular file
* Use distinct config files for htop and pcp-htop
* Link libnl3 at runtime
* Gather permitted capabilities via capget(2)
* Avoid fetching certain process information for each thread on Linux (speed up)
* Improved handling for invalid data in /proc/tty/drivers on Linux
* Various changes to avoid memory allocations inside signal handlers
* Add single column header layout
* Fix DivByZero bug on startup on Darwin
* Include thread information on Darwin
* Show process state on Darwin
* Update compat check for C23 compilers
* Improved detail in help screen
* Unicode support for CGROUP, CCGROUP, CONTAINER and SECATTR columns
* Mark newline characters in the process command line display
* Resolve nested derived metrics for PCP
* Make supported modes/styles specific to each meter
* Refined checks for terminals supporting to redefine keys
* Fix handling of the NICE value on FreeBSD
* Fix display of CPU utilization on FreeBSD
* Honour update interval adjustments properly without restart
* Force rebuild of display table after item removals
* Reworked handling for various temperature sensors
* Fix high CPU load when the strace'd process exits prematurely
* Document --drop-capabilities to require a compile time support
* Always call PKG_PROG_PKG_CONFIG in configure
* Make configure warn when pkg.m4 is absent
* Rewrite curses/terminfo detection code in configure
* Keep following a process when resuming process updates (Z key)
* Normalize Disk I/O usage and allow utilization above 100%
* Plug several memory leaks and improve performance for information parsing
* Allow to show or hide cache and buffers in memory usage meter
* Visibility hint and UX improvements in status bar of display options panel
* Remove IOKit / IOMainPort / IOMMasterPort logic for Darwin builds
* Replace BCC with metrics from BPF for pcp-htop"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Mar 2025 11:32:21 +0000 (12:32 +0100)]
en.pl: Update the wording for the check on the CA Name for upload
- This changes the wording to allowing characters and spaces.
Fixes: Bug10595 part 2 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 6 Mar 2025 11:32:20 +0000 (12:32 +0100)]
vpnmain.cgi: Fix for 2nd part of bug10595
- Bug10595 had two parts in it and was closed after the first part was fixed. The second
part was still unfixed at that time. I cam across it when checking out an open bug on
a similar issue with OpenVPN.
- I found the section that checks on the CA Name and modified it to also allow spaces.
- Having modified that then the subroutines getsubjectfromcert and getCNfromcert required
modifications otherwise the openssl statement only got a filename with the first
portion of the ca name until the first space was encountered. This v2 version of this
patch set has the safe approach suggested by @Michael. This v3 version has been
re based to another patch submission that modified lines in a similar place and
prevented a merge to work.
- I am open to any suggestions for improvements to how I implemented the use of the
&General::system_output function
- Tested this change out on my vm and it worked fine. I was able to upload a ca
certificate into IPSec and use spaces in the CA Name.
- Changed the test for the CA_NAME to allow spaces. Change also made to en.pl file
Fixes: Bug10595 part 2 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 9 Mar 2025 14:12:04 +0000 (15:12 +0100)]
language files: Update to include a message about a double quotation mark
Fixes: bug12298 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 9 Mar 2025 14:12:03 +0000 (15:12 +0100)]
vpnmain.cgi: Fixes bug12298 - IPSec password cannot use semicolon
- The password for the pkcs12 certificate is passed to the open ssl command via $opt but
it is not quoted and so the ; is taken as the end of the command rather than as part
of the password. This also means that a pkcs12 file is not created and the .pem
intermediate file is what is left in the directory.
- This patch makes the -passout option quoted in the same way as the -name and -caname
options.
- Based on being the same as the name and caname parts in $opt, I believe that this should
not give rise to a vulnerability but I am open to being corrected.
- By quoting the -passout then the password must not contain double quotation marks, ",
so a test for the password containing a " has been added.
- The message about the use of the double quotation mark has been added to the english,
dutch and german language files. Feel free to correct if what I have used is not
correct. Those are in the other patch of this patch set.
- Tested out on my testbed system. I was able to create a pkcs12 certificate with a
password containing a variety of characters, including the semicolon, and getting
a message that the password contains a double quotation mark when I used that.
Fixes: bug12298 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 2 Mar 2025 19:14:31 +0000 (20:14 +0100)]
vpnmain.cgi: Change the log name from "ipsec" to "charon"
- The use of "ipsec" currently means that none of these messages are shown in the
system log with IPSec selected as that is looking for charon.
- This patch changes all "ipsec" entries in this file to "charon"
- This results in the log messages for generation and regeneration of the root/host
certificate set being shown in the system log. Without this then the messages log
has to be searched from the command line with grep.
- Tested out on a physical IPFire system.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 2 Mar 2025 19:14:30 +0000 (20:14 +0100)]
vpnmain.cgi: Fixes bug13737 - increments the serial number to allow cert regen
- When the regeneration is carried out the existing cert, with serial number 01, is
revoked but when the new cert is created the serial number is still 01 causing error
messages about the new cert being revoked.
- This patch increments the serial number from 01 to 02 after the initial root/host
certificate set is created.
- Then when the olf cert is revoked the new one uses serial number 02 but also
automatically increments it again. So all future regenerations work without problems.
- Tested out on a physical IPFire system.
Fixes: bug13737 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 1 Mar 2025 12:46:02 +0000 (13:46 +0100)]
exclude: Remove the urlfilter pl programs from a backup
- When dealing with the qos bug fix for backing up .pl programs I also then searched all
the /var/ipfire directory tree looking for any other .pl files that were being backed
up and found that there were two for the urlfilter.
- This patch adds the .pl files in the urlfilter/bin directory to the exclude list.
- In the same way as for the qos change the exclude addition also means that these files
will not be restorewd from any earlier backup.
- Also tested and confirmed on a physical IPFire system.
Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 1 Mar 2025 12:46:01 +0000 (13:46 +0100)]
exclude: Fix bug13736 - stop backup of qos perl programs
- The exclude file only had the qos.pl file from the bin directory excluded from the
backup. This meant that 5 other perl programs were being backed up and therefore
any restore would overwrite new updated versions such as the makeqosscripts.pl file.
- This addition to the backup exclude file now excludes all .pl files from the qos/bin
directory.
- This also means that any restore from earlier backups that included the other .pl files
will not restore thosde files.
- Tested out on an IPFire physical system.
Fixes: bug13736 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sat, 1 Mar 2025 12:01:08 +0000 (13:01 +0100)]
samba: Update to version 4.21.4
- Update from version 4.21.3 to 4.21.4
- Update of rootfiles for x86_64, aarch64 and riscv64
- Changelog
4.21.4
* BUG 15780: Increasing slowness of sharesec performance with high number of
registry shares.
* BUG 15782: winbindd shows memleak in kerberos_decode_pac.
* BUG 15738: Creation of GPOs applicable to more than one group is impossible
with Samba 4.20.0 and later.
* BUG 15756: Replace `crypt` module in
python/samba/netcmd/user/readpasswords/common.py.
* BUG 15151: vfs_gpfs silently garbles timestamps > year 2106.
* BUG 15796: Spotlight search results don't show file size and creation date.
* BUG 15703: General improvements for vfs_ceph_new module.
* BUG 15777: net offlinejoin not working correctly.
* BUG 15780: Increasing slowness of sharesec performance with high number of
registry shares.
* BUG 15759: net ads create/join/winbind producing unix dysfunctional
keytabs.
* BUG 14213: Windows Explorer crashes on S-1-22-* Unix-SIDs when accessing
security tab.
* BUG 15769: The values from hresult_errstr_const and hresult_errstr are
reversed in 4.20 and 4.21.
* BUG 15778: Kerberos referral tickets are generated for principals in our
domain if we have a trust to a top level domain.
* BUG 15783: NETLOGON_NTLMV2_ENABLED is missing in the SamLogon* user_flags
field.
* BUG 15703: General improvements for vfs_ceph_new module.
* BUG 15784: Regression: stack-use-after-return in crypt_as_best_we_can().
* BUG 15788: libreplace:readline: gcc 15 complains about incompatible pointer
types.
* BUG 15703: General improvements for vfs_ceph_new module.
* BUG 15703: General improvements for vfs_ceph_new module.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 28 Feb 2025 16:59:46 +0000 (17:59 +0100)]
tcl: Update to version 9.0.1
- Update from version 8.6.14 to 9.0.1
- Update of rootfile
- Changelog
9.0.1
# Completed 9.0 Features and Interfaces
- [TIP 701 - Tcl_FSTildeExpand C API]
(https://core.tcl-lang.org/tips/doc/trunk/tip/701.md)
- [TIP 707 - ptrAndSize internal rep in Tcl_Obj]
(https://core.tcl-lang.org/tips/doc/trunk/tip/707.md)
- [Size modifiers j, q, z, t not implemented]
( https://core.tcl-lang.org/tcl/info/c4f365)
# Bug fixes
- [regression in tzdata, %z instead of offset TZ-name]
(https://core.tcl-lang.org/tcl/tktview/2c237b)
- [Tcl will not start properly if there is an init.tcl file in the current
dir](https://core.tcl-lang.org/tcl/tktview/43c94f)
- [clock scan "24:00", ISO-8601 compatibility]
(https://core.tcl-lang.org/tcl/tktview/aee9f2)
- [Temporary folder with file "tcl9registry13.dll" remains after "exit"]
(https://core.tcl-lang.org/tcl/tktview/6ce3c0)
- [Wrong result by "lsearch -stride -subindices -inline -all"]
(https://core.tcl-lang.org/tcl/info/5a1aaa)
- [TIP 609 - required Tcl_ThreadAlert() skipped with nested event loop]
(https://core.tcl-lang.org/tcl/info/c7e4c4)
- [buffer overwrite for non-BMP characters in utf-16]
(https://core.tcl-lang.org/tcl/tktview/66da4d)
- [zipfs info on mountpoint of executable returns zero offset in field 4"]
(https://core.tcl-lang.org/tcl/info/aaa84f)
- [zlib-8.8, zlib-8.16 fail on Fedora 40, gcc 14.1.1]
(https://core.tcl-lang.org/tcl/tktview/73d5cb)
- [install registry and dde in $INSTALL_DIR\lib always]
(https://core.tcl-lang.org/tcl/tktview/364bd9)
- [cannot build .chm help file (Windows)]
(https://core.tcl-lang.org/tcl/tktview/bb110c)
# Incompatibilities
- No known incompatibilities with the Tcl 9.0.0 public interface.
# Updated bundled packages, libraries, standards, data
- Itcl 4.3.2
- sqlite3 3.47.2
- Thread 3.0.1
- TDBC\* 1.1.10
- tcltest 2.5.9
- tzdata 2024b, corrected
9.0.0
# Major Features
## 64-bit capacity: Data values larger than 2 GB
- Strings can be any length (that fits in your available memory)
- Lists and dictionaries can have very large numbers of elements
## Internationalization of text
- Full Unicode range of codepoints
- New encodings: `utf-16`/`utf-32`/`ucs-2`(`le`|`be`), `CESU-8`, etc.
- `encoding` options `-profile`, `-failindex` manage encoding of I/O.
- `msgcat` supports custom locale search list
- `source` defaults to `-encoding utf-8`
## Zip filesystems and attached archives
- Packaging of the Tcl script library with the Tcl binary library,
meaning that the `TCL_LIBRARY` environment variable is usually not
required.
- Packaging of an application into a virtual filesystem is now a
supported
core Tcl feature.
## Unix notifiers available using `epoll()` or `kqueue()`
- This relieves limits on file descriptors imposed by legacy
`select()` and fixes a performance bottleneck.
# Incompatibilities
## Notable incompatibilities
- Unqualified varnames resolved in current namespace, not global.
Note that in almost all cases where this causes a change, the
change is actually the removal of a latent bug.
- No `--disable-threads` build option. Always thread-enabled.
- I/O malencoding default response: raise error (`-profile strict`)
- Windows platform needs Windows 7 or Windows Server 2008 R2 or later
- Ended interpretation of `~` as home directory in pathnames.
(See `file home` and `file tildeexpand` for replacements when you
need them.)
- Removed the `identity` encoding.
(There were only ever very few valid use cases for this; almost
all uses were systematically wrong.)
- Removed the encoding alias `binary` to `iso8859-1`.
- `$::tcl_precision` no longer controls string generation of doubles.
(If you need a particular precision, use `format`.)
- Removed pre-Tcl 8 legacies: `case`, `puts` and `read` variant
syntaxes.
- Removed subcommands [`trace variable`|`vdelete`|`vinfo`]
- Removed `-eofchar` option for write channels.
- On Windows 10+ (Version 1903 or higher), system encoding is always
utf-8.
- `%b`/`%d`/`%o`/`%x` format modifiers (without size modifier) for
`format` and `scan` always truncate to 32-bits on all platforms.
- `%L` size modifier for `scan` no longer truncates to 64-bit.
- Removed command `::tcl::unsupported::inject`.
(See `coroinject` and `coroprobe` for supported commands with
significantly more comprehensible semantics.)
## Incompatibilities in C public interface
- Extensions built against Tcl 8.6 and before will not work with
Tcl 9.0;
ABI compatibility was a non-goal for 9.0. In _most_ cases,
rebuilding against Tcl 9.0 should work except when a removed API
function is used.
- Many arguments expanded type from `int` to `Tcl_Size`, a signed
integer type large enough to support 64-bit sized memory objects.
The constant `TCL_AUTO_LENGTH` is a value of that type that
indicates that the length should be obtained using an appropriate
function (typically `strlen()` for `char *` values).
- Ended support for `Tcl_ChannelTypeVersion` less than 5
- Introduced versioning of the `Tcl_ObjType` struct
- Removed macros `CONST*`: Tcl 9 support means dropping Tcl 8.3
support.
(Replaced with standard C `const` keyword going forward.)
- Removed registration of several `Tcl_ObjType`s.
- Removed API functions:
- `Tcl_Backslash()`
- `Tcl_*VA()`
- `Tcl_*MathFunc*()`
- `Tcl_MakeSafe()`
- `Tcl_(Save|Restore|Discard|Free)Result()`
- `Tcl_EvalTokens()`
- `Tcl_(Get|Set)DefaultEncodingDir()`
- `Tcl_UniCharN(case)cmp()`
- `Tcl_UniCharCaseMatch()`
- Revised many internals; beware reliance on undocumented behaviors.
# New Features
## New commands
- `array default` — Specify default values for arrays (note that
this alters the behaviour of `append`, `incr`, `lappend`).
- `array for` — Cheap iteration over an array's contents.
- `chan isbinary` — Test if a channel is configured to work with
binary data.
- `coroinject`, `coroprobe` — Interact with paused coroutines.
- `clock add weekdays` — Clock arithmetic with week days.
- `const`, `info const*` — Commands for defining constants (variables
that can't be modified).
- `dict getwithdefault` — Define a fallback value to use when
`dict get` would otherwise fail.
- `file home` — Get the user home directory.
- `file tempdir` — Create a temporary directory.
- `file tildeexpand` — Expand a file path containing a `~`.
- `info commandtype` — Introspection for the kinds of commands.
- `ledit` — Equivalent to `lreplace` but on a list in a variable.
- `lpop` — Remove an item from a list in a variable.
- `lremove` — Remove a sublist from a list in a variable.
- `lseq` — Generate a list of numbers in a sequence.
- `package files` — Describe the contents of a package.
- `string insert` — Insert a string as a substring of another string.
- `string is dict` — Test whether a string is a dictionary.
- `tcl::process` — Commands for working with subprocesses.
- `*::build-info` — Obtain information about the build of Tcl.
- `readFile`, `writeFile`, `foreachLine` — Simple procedures for
basic working with files.
- `tcl::idna::*` — Commands for working with encoded DNS names.
## New command options
- `chan configure ... -inputmode ...` — Support for raw terminal
input and reading passwords.
- `clock scan ... -validate ...`
- `info loaded ... ?prefix?`
- `lsearch ... -stride ...` — Search a list by groups of items.
- `regsub ... -command ...` — Generate the replacement for a regular
expression by calling a command.
- `socket ... -nodelay ... -keepalive ...`
- `vwait` controlled by several new options
- `expr` string comparators `lt`, `gt`, `le`, `ge`
- `expr` supports comments inside expressions
## Numbers
- <code>0<i>NNN</i></code> format is no longer octal interpretation.
Use <code>0o<i>NNN</i></code>.
- <code>0d<i>NNNN</i></code> format to compel decimal interpretation.
- <code>NN_NNN_NNN</code>, underscores in numbers for optional
readability
- Functions: `isinf()`, `isnan()`, `isnormal()`, `issubnormal()`,
`isunordered()`
- Command: `fpclassify`
- Function `int()` no longer truncates to word size
## TclOO facilities
- private variables and methods
- class variables and methods
- abstract and singleton classes
- configurable properties
- `method -export`, `method -unexport`
8.6.16
Bug fixes and corrections to erratic behavior
* Regression in [clock] timezones due to revised tzdata format
* Improper startup if [pwd] contains a file named init.tcl
* Fix crashes or hangs in...
- TclOO + coroutine, oo-1.25
- lifecycle management of the attributes of a menu entry
- [grid] and [pack] handling of half-dead argument
- Tk_DeleteErrorHandler()
- overwrite of thread data by Tk initialization in second interp
* Prevent negative zlib stream checksums, zlib-15.1
* Filesystem path efficiency from skipping unnecessary normalization
* Revised [clock scan] consistent with leap second timestamp validation
* Updated bundled packages, libraries, standards, data
- Itcl 4.3.2
- sqlite3 3.47.2
- Thread 2.8.11
- TDBC* 1.1.10
- tcltest 2.5.9
- tzdata 2024b, corrected
8.6.15
Bug fixes and corrections to erratic behavior
* [TIP 692] Deprecate Tcl_GetAlias(). Migrate to Tcl_GetAliasObj()
* Invoke binding scripts for events with detail field NotifyInferior
*** POTENTIAL INCOMPATIBILITY ***
* Tcl_NewObjectInstance() errors on namespace re-use.
*** POTENTIAL INCOMPATIBILITY -- breaks Itcl 4.2 ***
* TCL_PACKAGE_PATH change from Tcl list to platform path convention
*** POTENTIAL INCOMPATIBILITY ***
* Make [self] work inside [$obj eval]
* Fix [$obj varname] for linked varnames
* Restore access to alternate data streams (ADS) in NTFS filesystems.
* Fix crashes or hangs in...
- TclOO + coroutine, oo-22.[34]
- entangled destructor and namespace deletion, oo-35.7.*
- destruction of reflected channel, iocmd-32.3.*
- select notifier with file descriptor >= FD_SETSIZE
- [child invokehidden info frame], info-40.0
- [focus -force], focus-8.1
- [$canvas dchars], canvas-11.4
- [$menubutton destroy]
* Appearance improvements for...
- focus ring, arrows, and classic theme.
- last item in a [ttk::treeview].
- down arrow in [ttk::combobox].
* Repair [$photo read -from] flaws in GIF,PNG formats. imgPhoto-19.*
* [$photo copy] coordinate check error. See imgPhoto-12.5
* Detect corrupt GIF file and raise error. See imgPhoto-18.6.1
* Fixes to [ttk::treeview] subcommands 'see' and 'bbox'.
* Fix default font detection for high DPI
* [treeview identify] now point aware
* Fix broken undo/redo in [text] widget.
* Fix GENFUNC mode of Tcl_ParseArgsObjv(). See tests indexObj-7.*
* Fix removal of oo variable by [info exists]. See oo-19.4
* Fix byte compiled [incr] with wide int increment. See incr-1.31
* Repair encoding flaws in [info hostname] visible for non-ASCII names.
* Fix incorrect [string is control] results on some private codepoints
* Autoload of [::tcl::tm::path]
* Fix missing error message in some [interp limit] failures.
* Improved hash performance for some hash tables.
* Performance optimizations in several encoding primitives.
* Correction to rare failed startup search for system encoding
* Add encodings: koi8-ru, koi8-t
* Add keycodes ISO_Group_Shift and dead_hamza
* Updated bundled packages, libraries, standards, data
- Itcl 4.3.0 -- supports multi-thread operations
- sqlite3 3.45.3
- Thread 2.8.10
- TDBC* 1.1.9
- tcltest 2.5.8
- libtommath 1.3.0
- Unicode 16
- tzdata 2024b
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 28 Feb 2025 14:04:00 +0000 (15:04 +0100)]
dhcpcd: Update to version 10.2.2
- Update from version 10.2.1 to 10.2.2
- Update of rootfile not required
- Changelog is not provided. Details are from the commits from this linlk
https://github.com/NetworkConfiguration/dhcpcd/compare/v10.2.1...v10.2.2
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 28 Feb 2025 11:27:31 +0000 (12:27 +0100)]
firewallog.dat: Fix bug13068 - remove blocklist entries from firewall log
- The blocklist log entries are also under kernel: and so currently also show up in the
firewall logs as well as in the ip blocklist logs menus. If there are a lot of
blocklist entries it can make it very difficult to go through the firewall logs.
- This bugfix excxludes any kernel: log entries that have a chain starting with BLKLST.
- Tested out on physical and vm IPFire systems.
Fixes: bug13068 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 27 Feb 2025 15:52:48 +0000 (16:52 +0100)]
vim: Update to version 9.1.1153
- Update from version 9.1.0886 to 9.1.1153
- Update of rootfile
- Changelog is not available. Generally each patch version number update is related to
a commit entry in the git repository. The details for all the commit changes can be
found at https://github.com/vim/vim/commits/master/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Thu, 27 Feb 2025 13:27:53 +0000 (14:27 +0100)]
kmod: Update to version 34
- Update from version 33 to 34
- Update of rootfile
- build of kmod has been moved to meson. Autotools option is still available in this
version but in the next version it will only be meson so it seemed sensible to change
it now.
- Back in version 32 they decided to automatically make the symlinks for all the tools
in the install script but to place those symlinks in /bin defined by $bindir. So the
rootfile for version 32 ended up with the tool symlinks both in /bin and /sbin.
- In this version (34) they have decided to change it to being /sbin by default. Distros
that want to have them in /bin just have to set the sbindir to /bin. So the symlink
creation lines are no longer required as the install craetes them for us. The
symlinks in /bin have been removed and I don't see any reason to put them back in as
they were only introduced in version 32 and previously the symlinks were always in
/sbin.
- The sbindir location has to be specified otherwise the deafult would end up with
/usr/sbin
- Changelog
34
- Improvements
- Drop pre-built .ko modules from git - distros/packages will need the
linux-headers to be able to run the testsuite. There was limited use
of the feature, while linters complained about "source-not-included"
or "source-contains-prebuilt-binary".
- Switch build system to meson: autotools is still supported but slated
for removal on next release. This is the transition release to help
distros and integrators to move to the new build system. Default options
target distros while developers can use the build-dev.ini configuration
file.
- Allow to load decompression libraries ondemand: liblzma.so, libz.so,
libxz.so and libzstd.so can now be loaded ondemand, only when there is
such a need. For use during early boot for loading modules, if
configured well it means none of these libraries are loaded: the
module loading logic via finit_module() will just hand over to kernel
the open file descriptor and kernel will use its own decompress routine.
If kernel doesn't handle decompression or if the module is compressed
with a different algorithm than the one configured in the kernel,
libkmod can still open the module by dynamically loading the
correspondent library.
Tools inspecting the module contents, like modinfo, will load that
single decompression library instead all of them.
For distros building with meson it's possible to choose the behavior
per library. Examples: a) -Ddlopen=all uses dlopen behavior for all
the libraries; b) -Ddlopen=xz, will make only xz to be dlopen'ed
while other enabled libraries will be linked in at build time.
The use of dlopen is annotated in the ELF file by using the ELF
Package Metadata spec as documented in
https://systemd.io/ELF_PACKAGE_METADATA/. Example:
$ dlopen-notes.py libkmod.so
# build/libkmod.so
[
{
"feature": "xz",
"description": "Support for uncompressing xz-compressed modules",
"priority": "recommended",
"soname": [
"liblzma.so.5"
]
}
]
- Add -m / --moduledir to depmod to override in runtime the module
directory that was already possible to set on build time. Document
the interaction between the dir options: base, module and output.
- Better error propagation in libkmod for its internal APIs and libc
functions up to the callers.
- Improve libkmod API documentation by adding new sections, documenting
functions previously missing, rewording existing ones, adding version
information, cross-referencing, etc.
- Remove deprecated arguments for depmod: --unresolved-error, --quiet,
--root and --map.
- Remove deprecated arguments for rmmod: -w.
- Remove deprecated arguments for insmod: -p and -s.
- Add --syslog and --force for insmod to normalize it with other tools.
- Add bash, fish and zsh shell-completion for insmod, rmmod and lsmod.
- Remove depmod_module_directory_override from .pc as the kernel side
is not making use of it and will likely not need it.
- Improve builtin module listing and retrieving information from its
modinfo index which reduces the amount of needed syscalls by 90%.
- Improve zstd decompression by using streaming bufferless mode which
reduces the amount of syscalls by 65%.
- Increase use of pread while parsing ELF and indexes in order to reduce
syscalls and improve performance.
- Improve module sorting in depmod to speedup the use of the
modules.order index and support duplicate lines in it.
- Avoid misaligned memory access while reading module signature in
libkmod.
- Add more documentation for contributing to kmod. New developers are
welcome to look at the new README.md and CONTRIBUTING.md files for
information on process, coding style, build/installation, etc.
- Overhaul man pages with multiple clarifications, section rewrites and
additional documentation.
- Drop --with-rootlibdir as it's seldom used and was partially broken.
- Drop strndupa() and alloca() for increased libc compatibility.
- Better handling of LFS for increased compatibility with libc.
- Protect kmod_get_dirname() and kmod_new() against NULL argument.
- Normalize --version / --help output across all tools.
- Always include log priority in messages, even when building with debug.
- Optimize index reading by lazily reading nodes on demand, reducing
FILE overhead and reducing code duplication wrt FILE vs mmap
implementations, etc.
- Switch index to pre-order to improve performance in both read and
write, meaning faster lookup and faster depmod. Some examples:
a) traversing all indexes via configuration dump shows a 9%
improvement on Raspberry Pi 2. b) writing the indexes takes 90% less
lseek() calls, leading to a performance gain of 13%.
- Make symlink install locations more similar to what distros are
using: by default it installs the kmod binary as bin/kmod and the
symlinks are located in e.g. `sbin/depmod -> ../bin/kmod`. Changing
the sbin location is sufficient to move the symlinks to the
appropriate place, so distros using `--sbin /usr/bin` will have them
installed in that directory. This avoids distros having to remove the
symlink and add the symlinks by themselves. (meson only)
- Install configuration directories,
/{etc,usr/lib}/{depmod,modprobe}.d/ as part of installation, matching
what several distros do during packaging. (mson only)
- Bug fixes
- Fix testsuite using when using configurable module dir.
- Fix typos on documentation and source code.
- Fix out of bound access in multiple places when using long paths,
synthetic huge files, or handling memory allocation errors, or
inconsistent variable types, particularly on 32b builds.
- Fix internal array APIs, with better error checking: improve execution on
very memory-constrained scenarios or very long paths.
- Fix absolute path handling in depmod.
- Fix libkmod memory leaks on error handling when getting builtin
module list.
- Do not crash on invalid modules.builtin.modinfo file.
- Fix link with lld resulting in empty testsuite.
- Fix testsuite build/execution with musl.
- Others
- Adopt clang-format and editorconfig for coding style and setup CI
action to keep the codebase consistent.
- Adopt codespell in CI.
- Adopt CodeQL integration in CI.
- Adopt Codecov in CI.
- Adopt SPDX copyright and license identifiers throughout the project.
- Add more distros to CI, 32b builds, clang as compiler and lld as
linker.
- Add support for clang sanitizers and squelch warnings.
- Add tests for builtin modules from modinfo index file.
- Multiple testsuite refactors and fixes to make it simpler to write tests.
- Add CI coverage for docs
- Improve strbuf implementation with more error checks and generalize
it to cover the role of scratchbuf. This allows to remove the
scratchbuf implementation.
- Use common array and strbuf code in depmod to remove duplication.
- Add abstraction and use more compiler builtins for addition and
multiplication with overflow checking.
- Normalize use of C attributes throughout the project.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Feb 2025 18:12:50 +0000 (19:12 +0100)]
zstd: Update to version 1.5.7
- Update from version 1.5.6 to 1.5.7
- Update of rootfile
- Changelog
1.5.7
fix: compression bug in 32-bit mode associated with long-lasting sessions
api: new method `ZSTD_compressSequencesAndLiterals()` (#4217, #4232)
api: `ZSTD_getFrameHeader()` works on skippable frames (#4228)
perf: substantial compression speed improvements (up to +30%) on small data,
by @TocarIP (#4144) and @cyan4973 (#4165)
perf: improved compression speed (~+5%) for dictionary compression at low
levels (#4170)
perf: much faster speed for `--patch-from` at high compression levels (#4276)
perf: higher `--patch-from` compression ratios, notably at high levels (#4288)
perf: better speed for binaries on Windows (@pps83) and when compiled with
Visual Studio (@MessyHack)
perf: slight compression ratio improvement thanks to better block boundaries
(#4136, #4176, #4178)
perf: slight compression ratio improvement for `dfast`, aka levels 3 and 4 (#4171)
perf: runtime bmi2 detection enabled on x86 32-bit mode (#4251)
cli: multi-threading as default CLI setting, by @daniellerozenblit
cli: new `--max` command (#4290)
build: improve `msbuild` version autodetection, support VS2022, by @ManuelBlanc
build: fix `meson` build by @artem and @Victor-C-Zhang, and on Windows by
@bgilbert
build: compatibility with Apple Framework, by @Treata11
build: improve icc/icx compatibility, by @josepho0918 and @luau-project
build: improve compatibility with Android NDK, by Adenilson Cavalcanti
portability: linux kernel branch, with improved support for Sequence producers
(@embg, @gcabiddu, @cyan4973)
portability: improved qnx compatibility, suggested by @rainbowball
portability: improved install script for FreeBSD, by @sunpoet
portability: fixed test suite compatibility with gnu hurd, by @diegonc
doc: clarify specification, by @elasota
misc: improved tests/decodecorpus validation tool (#4102), by antmicro
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Feb 2025 18:12:49 +0000 (19:12 +0100)]
xfsprogs: Update to version 6.13.0
- Update from version 6.11.0 to 6.13.0
- Update of rootfile
- Changelog is not provided in the source tarball. Detasils can be found from the git log
https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/log/
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Feb 2025 18:12:48 +0000 (19:12 +0100)]
which: Update to version 2.23
- Update from version 2.21 to 2.23
- Update of rootfile not required
- Changelog
2.23
Bug fix; cleaning up a path like "/path/a/../b/foo" before printing was broken
in 2.22.
2.22
Improved Windows support (by Mitch Capper).
The function that decides if a found path is executable (file_status)
was updated to that of bash version 5.2.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Feb 2025 18:12:47 +0000 (19:12 +0100)]
tshark: Update to version 4.4.5
- Update from version 4.4.4 to 4.4.5
- Update of rootfile
- Changelog
4.4.5
Bug Fixes
GRPC: protobuf_json only displays the truncated string value. Issue 20392.
Wireshark crashes when clicking on a column title/header. Issue 20403.
Updated Protocol Support
GNW, IPv4, NFAPI, and ProtoBuf
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Feb 2025 18:12:46 +0000 (19:12 +0100)]
postfix: Update to version 3.10.1
- Update from version 3.9.1 to 3.10.1
- Update of rootfile not required
- Changelog
3.10.1
Bugfix (defect introduced: 20250210): a recent 'fix' for the default
smtp_tls_dane_insecure_mx_policy setting resulted in unnecessary 'dnssec_probe'
warnings, on systems that disable DNSSEC lookups (which is the default).
3.10.0
Changes that need a restart:
Internal protocol change: Postfix needs "postfix reload" (or "postfix stop"
and "postfix start") after upgrade, because of a change in the delivery
agent protocol. If this step is skipped, Postfix delivery agents will
log a warning:
unexpected attribute smtputf8 from xxx socket (expecting: sendopts)
where xxx is the delivery agent service name.
Changes in TLS support:
Forward compatibility: Support for OpenSSL 3.5 post-quantum cryptography.
To manage algorithm selection, OpenSSL introduces new TLS group syntax
that Postfix will not attempt to imitate. Instead, Postfix now allows
the tls_eecdh_auto_curves and tls_ffdhe_auto_groups parameter values to
have an empty value. When both are set empty, the algorithm selection
can be managed through OpenSSL configuration. For more, look for
"Post-quantum" in the postconf(5) manpage.
Support for the RFC 8689 "TLS-Required: no" message header to request
delivery of messages (such as TLSRPT summaries) even if the preferred
TLS security policy cannot be enforced. This limits the Postfix SMTP
client to "smtp_tls_security_level = may" which does not authenticate
server certificates and which allows falling back to plaintext.
Support for the REQUIRETLS SMTP service extension will evolve in Postfix 3.11.
Support for the TLSRPT protocol (defined in RFC 8460). With this, a domain
can publish a policy in DNS that requests daily summary reports for
successful and failed SMTP-over-TLS connections to that domain's MX
hosts. This supports both DANE (built-in) and MTA-STS (via an
smtp_tls_policy_maps plugin). The implementation uses a TLSRPT library
and reporting infrastructure that are maintained by sys4. For details,
see TLSRPT_README.
Miscellaneous changes:
Privacy: With "smtpd_hide_client_session = yes", the Postfix SMTP server
generates a Received: header without client session info. This setting
may be used with the MUA submission services (port 465 and 587).
Support for RFC 2047 encoding of non-ASCII "full name" information in
Postfix-generated From: message headers. Encoding non-ASCII full names
can avoid the need to use SMTPUTF8, and therefore can avoid
incompatibility with sites that do not support SMTPUTF8. See the
full_name_encoding_charset parameter description for details.
Database performance: When mysql: or pgsql: configuration specifies a
single host, assume that it is a load balancer and reconnect
immediately after a single failure, instead of failing all requests
for 60s.
Changes in logging:
The Postfix Milter implementation now logs the reason for a 'quarantine'
action, instead of "milter triggers HOLD action".
The SMTP server now logs the queue ID (or "NOQUEUE") when a connection
ends abnormally (timeout, lost connection, or too many errors), and
the cleanup server now logs "queueid: canceled" when a message
transaction is started but not completed. These changes simplify
logfile analysis.
Dovecot SASL client logging for "Invalid authentication mechanism" now
includes the name of that mechanism.
Postfix SMTP server 'reject' logging now shows the sasl_method,
sasl_username, and sasl_sender if available.
3.9.2
Forward compatibility: Support for OpenSSL 3.5 post-quantum cryptography.
To manage algorithm selection, OpenSSL introduces new TLS group syntax
that Postfix will not attempt to imitate. Instead, Postfix now allows
the tls_eecdh_auto_curves and tls_ffdhe_auto_groups parameter values
to have an empty value. When both are set empty, the algorithm
selection can be managed through OpenSSL configuration. Viktor Dukhovni.
Forward compatibility: ignore new queue file flag bits that may be used
with Postfix 3.10 and later. This is a safety in case a Postfix 3.10
upgrade needs to be rolled back, after the new TLS-Required feature
has been used.
Performance: when a mysql: or pgsql: configuration specifies a single
host, assume that it is a load balancer and reconnect immediately
after a single failure, instead of failing all requests for 60s.
Bugfix (defect introduced: Postfix 3.4, date 20181113): a server with
multiple TLS certificates could report, for a resumed TLS session, the
wrong server-signature and server-digest names in logging and
Received: message headers. Viktor Dukhovni.
Bugfix (defect introduced: Postfix 3.3, date 20180107) small memory leak
in the cleanup daemon when generating a "From: full-name " message
header. The impact is limited because the number of requests is
bounded by the "max_use" configuration parameter. Found during code
maintenance.
Bugfix (defect introduced: Postfix 3.0): the bounce daemon mangled a
non-ASCII address localpart in the "X-Postfix-Sender:" field of a
delivery status notification. It backslash-escaped each byte in a
multi-byte character. This behavior was implemented in Postfix 2.1 (no
support for UTF8 local-parts), but it became incorrect after SMTPUTF8
support was implemented in Postfix 3.0.
Bugfix (defect introduced: Postfix 3.6): Reverted the default
smtp_tls_dane_insecure_mx_policy setting to "dane" as of
Postfix 3.6.17, 3.7.13, 3.8.8, 3.9.2, and 3.10.0. By mistake the
default was dependent on the smtp_tls_security_level setting. Problem
reported by Ömer Güven.
Portability: added "include <sys_socket.h>" for a SUNOS5 workaround. Gary
R. Schmidt.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Feb 2025 18:12:45 +0000 (19:12 +0100)]
pcre2: Update to version 10.45
- Update from version 10.44 to 10.45
- Update of rootfile
- Changelog
10.45
This is a comparatively large release, incorporating new features, some
bugfixes, and a few changes with slight backwards compatibility implications.
Please see the ChangeLog and Git log for further details.
Only changes to behaviour, changes to the API, and major changes to the pattern
syntax are described here.
This release is the first to be available as a (signed) Git tag, or
alternatively as a (signed) tarball of the Git tag.
This is also the first release to be made by the new maintainers of PCRE2, and
we would like to thank Philip Hazel, creator and maintainer of PCRE and PCRE2.
* (Git change) The sljit project has been split out into a separate Git
repository. Git users must now run `git submodule init; git submodule update`
after a Git checkout.
* (Behaviour change) Update Unicode support to UCD 16.
* (Match behaviour change) Case-insensitive matching of Unicode properties
Ll, Lt, and Lu has been changed to match Perl. Previously, /\p{Ll}/i would
match only lower-case characters (even though case-insensitive matching was
specified). This also affects case-insensitive matching of POSIX classes such
as [:lower:].
* (Minor match behaviour change) Case-insensitive matching of backreferences now
respects the PCRE2_EXTRA_CASELESS_RESTRICT option.
* (Minor pattern syntax change) Parsing of the \x escape is stricter, and is
no longer parsed as an escape for the NUL character if not followed by '{' or
a hexadecimal digit. Use \x00 instead.
* (Major new feature) Add a new feature called scan substring. This is a new
type of assertion which matches the content of a capturing block to a
sub-pattern.
Example: to find a word that contains the rare (in English) sequence of
letters "rh" not at the start:
\b(\w++)(*scan_substring:(1).+rh)
The first group captures a word which is then scanned by the
(*scan_substring:(1) ... ) assertion, which tests whether the pattern ".+rh"
matches the capture group "(1)".
* (Major new feature) Add support for UTS#18 compatible character classes,
using the new option PCRE2_ALT_EXTENDED_CLASS. This adds '[' as a
metacharacter within character classes and the operators '&&', '--' and '~~',
allowing subtractions and intersections of character classes to be easily
expressed.
Example: to match Thai or Greek letters (but not letters or other characters
in those scripts), use [\p{L}&&[\p{Thai}||\p{Greek}]].
* (Major new feature) Add support for Perl-style extended character classes,
using the syntax (?[...]). This also allows expressing subtractions and
intersections of character classes, but using a different syntax to UTS#18.
Example: to match Thai or Greek letters (but not letters or other characters
in those scripts), use (?[\p{L} & (\p{Thai} + \p{Greek})]).
* (Minor feature) Significant improvements to the character class match engine.
Compiled character classes are now more compact, and have faster matching
for large or complex character sets, using binary search through the set.
* JIT compilation now fails with the new error code PCRE2_ERROR_JIT_UNSUPPORTED
for patterns which use features not supported by the JIT compiler.
* (Minor feature) New options PCRE2_EXTRA_NO_BS0 (disallow \0 as an escape for
the NUL character); PCRE2_EXTRA_PYTHON_OCTAL (use Python disambiguation rules
for deciding whether \12 is a backreference or an octal escape);
PCRE2_EXTRA_NEVER_CALLOUT (disable callout syntax entirely);
PCRE2_EXTRA_TURKISH_CASING (use Turkish rules for case-insensitive matching).
* (Minor feature) Add new API function pcre2_set_optimize() for controlling
which optimizations are enabled.
* (Minor new features) A variety of extensions have been made to
pcre2_substitute() and its syntax for replacement strings. These now support:
\123 octal escapes; titlecasing \u\L; \1 backreferences; \g<1> and $<NAME>
backreferences; $& $` $' and $_; new function
pcre2_set_substitute_case_callout() to allow locale-aware case transformation.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Feb 2025 18:12:44 +0000 (19:12 +0100)]
libffi: Update to version 3.4.7
- Update from version 3.4.6 to 3.4.7
- Update of rootfile not required
- Changelog
3.4.7
Add static trampoline support for Linux on s390x.
Fix BTI support for ARM64.
Support pointer authentication for ARM64.
Fix ASAN compatibility.
Fix x86-64 calls with 6 GP registers and some SSE registers.
Miscellaneous fixes for ARC and Darwin ARM64.
Fix OpenRISC or1k and Solaris 10 builds.
Remove nios2 port.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Feb 2025 18:12:43 +0000 (19:12 +0100)]
diffutils: Update to version 3.11
- Update from version 3.10 to 3.11
- Update of rootfile not required
- Changelog
3.11
Improvements
Programs now quote file names more consistently in diagnostics.
For example; "cmp 'none of' /etc/passwd" now might output
"cmp: EOF on ‘none of’ which is empty" instead of outputting
"cmp: EOF on none of which is empty". In diagnostic messages
that traditionally omit quotes and where backward compatibility
seems to be important, programs continue to omit quotes unless
a file name contains shell metacharacters, in which case programs
use shell quoting. For example, although diff continues to output
"Only in a: b" as before for most file names, it now outputs
"Only in 'a: b': 'c: d'" instead of "Only in a: b: c: d" because the
file names 'a: b' and 'c: d' contain spaces. For compatibility
with previous practice, diff -c and -u headers continue to quote for
C rather than for the shell.
diff now outputs more information when symbolic links differ, e.g.,
"Symbolic links ‘d/f’ -> ‘a’ and ‘e/f’ -> ‘b’ differ", not just
"Symbolic links d/f and e/f differ". Special files too, e.g.,
"Character special files ‘d/f’ (1, 3) and ‘e/f’ (5, 0) differ", not
"File d/f is a character special file while file e/f is a character
special file".
diff's --ignore-case (-i) and --ignore-file-name-case options now
support multi-byte characters. For example, they treat Greek
capital Δ like small δ when input uses UTF-8.
diff now supports multi-byte characters when treating white space.
In options like --expand-tabs (-t), --ignore-space-change (-b) and
--ignore-tab-expansion (-E), diff now recognizes non-ASCII space
characters and counts columns for non-ASCII characters.
Bug fixes
cmp -bl no longer omits "M-" from bytes with the high bit set in
single-byte locales like en_US.iso8859-1. This fix causes the
behavior to be locale independent, and to be the same as the
longstanding behavior in the C locale and in locales using UTF-8.
[bug introduced in 2.9]
cmp -i N and -n N no longer fail merely because N is enormous.
[bug present since "the beginning"]
cmp -s no longer mishandles /proc files, for which the Linux kernel
reports a zero size even when nonempty. For example, the following
shell command now outputs nothing, as it should:
cp /proc/cmdline t; cmp -s /proc/cmdline t || echo files differ
[bug present since "the beginning"]
diff -E no longer mishandles some input lines containing '\a', '\b',
'\f', '\r', '\v', or '\0'.
[bug present since 2.8]
diff -ly no longer mishandles non-ASCII input.
[bug#64461 introduced in 2.9]
diff - A/B now works correctly when standard input is a directory,
by reading a file named B in that directory.
[bug present since "the beginning"]
diff no longer suffers from race conditions in some cases
when comparing files in a mutating file system.
[bug present since "the beginning"]
Release
distribute gzip-compressed tarballs once again
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Wed, 26 Feb 2025 18:12:42 +0000 (19:12 +0100)]
btrfs-progs: Update to version 6.13
- Update from version 6.11 to 6.13
- Update of rootfile not required
- Changelog
6.13
mkfs:
new option to enable compression
updated summary (subvolumes, compression)
completely remove option --leafsize, deprecated long ago
btrfstune: add option to remove squota
scrub:
start: new option --limit to set the bandwidth limit for the duration of
the run
status: fix printing of Rate unit suffix (SI/IEC)
qgroup clean-stale: check if quotas are enabled before starting filesystem sync()
print builtin features and options in --version output (mkfs, convert,
image, btrfstune)
build:
Botan minimum version is now 3.x
target to build compile_commands.json (for LSP)
other:
a bit more optimized crc32c code
sync some headers from kernel code
command help updates and fixes
build warning fixes
error message updates
cleanups and refactoring
updated tests
lots of documentation updates
6.12
subvolume delete: add new option to do recursive subvolume deletion (for
regular user delete only accessible subvolumes)
mkfs:
new option --subvol to create subvolumes in given paths, read-write,
read-only and default
add hard link detection support for --rootdir option
fixes:
receive: message verbosity fixes
check: fix false positive report of missing checksum for extent holes
check: handle compressed extents when checking tree log
when asking Y/N user questions, flush the terminal so the question is
displayed (e.g. btrfstune -S)
other
code refactoring, error handling
python packaging fixes
documentation updates
new tests
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 22 Feb 2025 16:47:41 +0000 (17:47 +0100)]
dhcpcd: Update to 10.2.0
For details see:
https://github.com/NetworkConfiguration/dhcpcd/releases/tag/v10.2.0
"What's Changed
dhcp6: start request when advertise received after IRT by @sshambar in #376
dhcpcd: stdout output sometimes empty when redirected to a file by @diego-santacruz in #364
Fix help text formatting by @jvfranklin in #379
Apply lastlease behavior to DHCPv6 by @jvfranklin in #384
dhcpcd not ignoring source-based routes on linux by @sshambar in #372
DHCP6: lastlease behavior after Confim non-response by @jvfranklin in #387
Allow limited RLIMIT_FSIZE when dumping lease by @ColinMcInnes in #389
IPv6: Avoid uninitialized ifp state when adding address by @kensimon in #395
DHCPv6: Add support for sending Option 17 (VSIO) by @spoljak-ent in #383
Exit the timesyncd hook if not on systemd and not executable (#398) by @perkelix in #403
Add route lifetime from Router Advertisement by @ColinMcInnes in #429
revert e3c5de1 by @zacknewman in #425
Fix using multiple enterprise IDs with vendclass (Option 124 DHCP / Option 16 DHCPv6) (#328) by @spoljak-ent in #408
Update route if acquired time changes by @ColinMcInnes in #441
Always send req for InfoRefreshTime option on Inform-Req by @ColinMcInnes in #446
Increase max IPv4 clientid. by @gnaaman-dn in #442
Update build.yml to fix BSD builds by @perkelix in #456"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Sun, 23 Feb 2025 18:14:19 +0000 (19:14 +0100)]
libxcrypt: Update to version 4.4.38
- Update from version 4.4.36 to 4.4.38
- Update of rootfile not required
- in version 4.4.37 pkg-config was made a dependency for building libxcrypt. This caused
user(s) a problem when libxcrypt was being built before pkg-config wasw available.
- In version 4.4.38 it was allowed that if pkg-config was not available then the build
would continue and complete but any installation of .pc files was no longer carried
out.
- moved pkg-config to before libxcrypt so that the libxcrypt.pc file is installed in the
build environment and the libcrypt.pc file linked to it, the same as used to occur in
version 4.4.36
- Changelog
4.4.38
* Fix several "-Wunterminated-string-initialization", which are seen by
upcoming GCC 15.x (issue #194).
* Fix "-Wmaybe-uninitialized" in crypt.c, which is seen by GCC 13.3.0.
* Skip test/explicit-bzero if compiling with ASAN.
* Drop hard requirement for the pkg-config binary (issue #198).
4.4.37
* Several fixes to the manpages (issue #185).
* Add binary compatibility for x86_64 GNU/Hurd (issue #189).
* Only test the needed makecontext signature during configure (issue #178).
* Fix -Werror=strict-overflow in lib/crypt-bcrypt.c, which is seen
by GCC 4.8.5 (issue #197).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 Feb 2025 12:44:49 +0000 (13:44 +0100)]
pmacct: Remove autogen.sh step so it builds with autoconf-2.72
- Although the pmacct source tarball has a configure script provided, for some reason
the lfs file ran autogen.sh first and therefore re-created the configure script.
Whatever the autogen.sh script was creating it ended up with a result that the new
autoconf-2.72 didn't like. Some problem with an end of line that was not of the
expected structure.
- It seems reasonable to use the configure script that has been provided by the pmacct
developers in the source tarbal, so this patch removes the use of the autogen.sh
script and uses the configure script provided by pmacct. This then allowed a
successful build with the autoconf-2.72
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Adolf Belka [Fri, 21 Feb 2025 12:44:48 +0000 (13:44 +0100)]
autoconf: Update to version 2.72
- Update from version 2.71 to 2.72
- Update of rootfile
- The update of collectd from 4.10.9 to 5.12.0 now allows it to build with this newer
version of autoconf.
- pmacct however failed to build with it. Updated the pmacct lfs to allow it to build
with this newer version of autoconf. Fix for that is combined in this patch set.
- Changelog
2.72
Backward incompatibilities
Configure scripts no longer support pre-1989 C compilers.
Specifically, compilers that *only* implement the original “K&R”
function definition syntax, and not the newer “prototyped” syntax,
will not be able to parse the test programs now emitted by
AC_CHECK_FUNC, AC_LANG_CALL, and similar macros. AC_PROG_CC still
accepts such compilers, but this may change in the near future.
This change was necessary in order to support the upcoming 2024
edition of the C standard (often referred to as “C23”), which will
officially remove the function declaration syntax used by
AC_CHECK_FUNC in Autoconf 2.71 and earlier. We feel that support
for compilers that support only C 2024 is more useful, nowadays,
than support for compilers that don’t implement a core feature of
C 1989.
Autoconf developers now need Perl 5.10 (2007) or later.
“Autoconf developers” means specifically people hacking on Autoconf
itself. Autoconf *users*, i.e. authors of configure.ac files and
add-on M4 macros, still need only Perl 5.6 (2000) or later.
We do recommend all Autoconf users upgrade to Perl 5.10 or later if
possible, as this version significantly improves Perl’s ability to
handle files with last-modification timestamps separated by less
than a second. (Note: even in the most recent release, Perl cannot
always match the file system’s timestamp resolution.)
Generated configure scripts continue to run without Perl.
Autoconf users now need GNU M4 1.4.8 (2006) or later.
Use of GNU M4 1.4.16 or later is recommended, as all earlier versions
are known to have had serious bugs in the text-processing builtins
on some, but not all, operating systems. Autoconf’s own configure
script will attempt to find a version of M4 that is not affected by
these bugs.
Note: Autoconf 2.70 and 2.71 include code that malfunctions with
M4 1.4.6 or 1.4.7. However, the only effect of the malfunction is
that you will get a confusing error message if you run autoconf on
a configure.ac that neglects to use AC_INIT or AC_OUTPUT.
Generated 'configure' scripts continue to run without M4.
Some m4sh diversions have been renumbered.
This will only affect macros that use m4_divert with numbered rather
than named diversions, which has always been strongly discouraged
both by the documentation and with warnings.
AC_FUNC_GETGROUPS and AC_TYPE_GETGROUPS no longer run test programs.
These macros were testing for OS bugs that we believe are at least
twenty years in the past. Most operating systems are now trusted to
provide an accurate prototype for getgroups in unistd.h, and to
implement it as specified in POSIX.
AC_FUNC_GETGROUPS still includes a short block-list of OSes with
known, severe bugs in getgroups. It can be overridden using
config.site. If you encounter a mistake in this list,
please report it to bug-autoconf.
All internal uses of AC_EGREP_CPP and AC_EGREP_HEADER have been removed.
These macros look for text matching a regular expression in the
output of the C preprocessor. Their use has been discouraged for
many years, as they tend to be unreliable; it is better to find a
way to use AC_COMPILE_IFELSE or AC_PREPROC_IFELSE instead. We have
finally taken our own advice.
This change might break configure scripts that expected probes for
‘grep’ and/or the C preprocessor to happen as a side effect of an
unrelated operation. Such scripts can be fixed by adding
AC_PROG_EGREP and/or AC_PROG_CPP in an appropriate place.
The macros affected by this change are AC_C_STRINGIZE,
AC_C_VARARRAYS, AC_FUNC_GETGROUPS, AC_FUNC_GETLOADAVG,
AC_HEADER_TIOCGWINSZ, AC_PROG_GCC_TRADITIONAL, AC_TYPE_GETGROUPS,
AC_TYPE_UID_T, and AC_XENIX_DIR. Many of these macros are themselves
obsolete; if your configure script uses any of them, check whether
it is actually needed.
New features
Support for ensuring time_t is Y2038-safe
configure can now ensure that time_t can represent moments in time
after 18 January 2038, i.e. 2**31 - 1 seconds after the Unix epoch.
On most “64-bit” systems this is true by default; the new feature
is detection of systems where time_t is a 32-bit signed integer by
default, *and* there is an alternative mode in which it is larger,
in which case that mode will be enabled.
In this release, all configure scripts that use AC_SYS_LARGEFILE
gain a new command line option --enable-year2038. When this option
is used, the configure script will check for and enable support for
a large time_t.
This release also adds two new macros, AC_SYS_YEAR2038 and
AC_SYS_YEAR2038_RECOMMENDED. Both have all the effects of
AC_SYS_LARGEFILE. (This is because it is not possible to enlarge
time_t without also enlarging off_t, on any system we are aware of.)
AC_SYS_YEAR2038 additionally flips the default for --enable-year2038;
a configure script that uses this macro will check for and enable
support for a large time_t by default, but this can be turned off by
using --disable-year2038. AC_SYS_YEAR2038_RECOMMENDED goes even
further, and makes the configure script fail on systems that do not
seem to support timestamps after 18 January 2038 at all. This
failure can be suppressed by using --disable-year2038.
Changing the size of time_t can change a library’s ABI. Therefore,
application and library builders should take care that all packages
are configured with consistent use of --enable-year2038 or
--disable-year2038, to ensure binary compatibility. This is similar
to longstanding consistency requirements with --enable-largefile and
--disable-largefile.
In this release, these macros only know how to enlarge time_t on two
classes of systems: 32-bit MinGW, and any system where time_t can be
enlarged by defining the preprocessor macro _TIME_BITS with the
value 64. At the time this NEWS entry was written, only GNU libc
(version 2.34 and later) supported the latter macro. Authors of
other C libraries with a 32-bit time_t are encouraged to adopt
_TIME_BITS, rather than inventing a different way to enlarge time_t.
AC_USE_SYSTEM_EXTENSIONS now enables C23 Annex F extensions
by defining __STDC_WANT_IEC_60559_EXT__.
Obsolete features and new warnings
Autoconf now quotes 'like this' instead of `like this'.
Autoconf’s diagnostics now follow current GNU coding standards,
which say that diagnostics in the C locale should quote 'like this'
with plain apostrophes instead of the older GNU style `like this'
with grave accent and apostrophe.
AC_PROG_GCC_TRADITIONAL no longer does anything.
This macro has had no useful effect since GCC dropped support for
traditional-mode compilation in version 3.3 (released in 2003), and
the systems that needed it are also long obsolete. It is now a
compatibility synonym for AC_PROG_CC.
Notable bug fixes
autom4te now uses fine-grained file timestamps
Autoconf’s internal “autom4te” utility is now able to compare file
modification timestamps with sub-second precision, when available.
This eliminates a class of bugs where autom4te fails to regenerate
an outdated file. Automake 1.17 (forthcoming) is required for a
complete fix.
AC_HEADER_STDBOOL, AC_CHECK_HEADER_STDBOOL are obsolescent and less picky.
These macros are now obsolescent, as most programs can simply include
stdbool.h unconditionally. If you use these macros, they now accept
a stdbool.h that exists but does nothing, so long as ‘bool’, ‘true’,
and ‘false’ work anyway. This is for compatibility with C23 and
with C++.
AC_PROG_MKDIR_P now falls back on plain 'mkdir -p'.
When AC_PROG_MKDIR_P cannot find a mkdir implementation that is
known to lack race condition bugs, it now falls back on 'mkdir -p'
instead of falling back on a relative path to install-sh, as the
relative paths now seem to be a more important problem than the
problems of ancient mkdir implementations with race condition bugs.
See <https://savannah.gnu.org/support/?110740>. The only ancient
mkdir still supported is Solaris 10 /usr/bin/mkdir, and for that
platform AC_PROG_MKDIR_P falls back on /opt/sfw/bin/mkdir which
should work if it is installed; if not, you should avoid parallel
'make' on that platform.
Better diagnostics for calling m4_warn() with a bad first argument
Calling m4_warn with a first argument that doesn’t match any of the
official warning categories now produces a sensible error message,
instead of something that makes it look like there’s a bug in the
guts of autom4te. Also, the documentation has been adjusted in
several places to make it clearer what the official warning
categories are.
Note: In Autoconf 2.69 and earlier, the manual said that [] and [all]
could be used as the first argument to m4_warn. This was incorrect,
even at the time.
Improved compatibility with a wide variety of systems and tools
including CheriBSD, Darwin (macOS), GNU Guix, OS/2, z/OS, Bash 5.2,
the BusyBox shell and utilities, Clang/LLVM version 16, the upcoming
GCC version 14, etc.
Known bugs
AC_SYS_LARGEFILE and AC_SYS_YEAR2038 only work correctly in C mode.
This is only a problem for configure scripts that invoke either
macro while AC_LANG([something other than C]) is in effect, and
will only be a *visible* problem on systems where support
for large files and/or timestamps after 2038 are *available*
but not enabled by default.
This is the cause of the AC_SYS_LARGEFILE, AC_SYS_YEAR2038, and/or
AC_SYS_YEAR2038_RECOMMENDED testsuite failures on some systems.
See <https://savannah.gnu.org/support/index.php?110983> for details
and a workaround.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / ms / ipfire-2.x.git / log
